summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* sync NEWS with entries and release datephp-7.0.10PHP-7.0.10Anatol Belski2016-08-171-2/+29
|
* apply missing patch for #72681Anatol Belski2016-08-171-7/+15
|
* set versionAnatol Belski2016-08-172-3/+3
|
* fix testsAnatol Belski2016-08-171-1/+3
|
* Fix bug #72663 - destroy broken object when unserializingStanislav Malyshev2016-08-173-14/+58
| | | | (cherry picked from commit 448c9be157f4147e121f1a2a524536c75c9c6059)
* fix testStanislav Malyshev2016-08-171-0/+17
| | | | (cherry picked from commit ed9d916c28b042d276a28998f92eb7e6cc56025a)
* Bug #72663 - part 3Nikita Popov2016-08-173-3/+31
| | | | | | | When using the php_serialize session serialization handler, do not use the result of the unserialization if it failed. (cherry picked from commit e0f9fbdfa61012101de7f4a8653ca5538c404a71)
* Bug #72663 - part 2Nikita Popov2016-08-173-7/+90
| | | | | | | | If a (nested) unserialize() call fails, we remove all the values that were inserted into var_hash during that call. This prevents their use in other unserializations in the same context. (cherry picked from commit 61f2f5a0f760157f9c9d32d7d3df2be47a73e74d)
* Bug #72663 - part 1Nikita Popov2016-08-173-9/+81
| | | | | | | | | | | | | | | | | | Don't call __destruct() on an unserialized object that has a __wakeup() method if either a) unserialization of its properties fails or b) the __wakeup() call fails (e.g. by throwing). This basically treats __wakeup() as a form of constructor and aligns us with the usual behavior that if the constructor call fails the destructor should not be called. The security aspect here is that people use __wakeup() to prevent unserialization of objects with dangerous __destruct() methods, but this is ineffective if __destruct() can still be called while __wakeup() was skipped. (cherry picked from commit 2135fdef9b588a34f8805b2bbf10704e36163d5a)
* Fix bug #72749: wddx_deserialize allows illegal memory accessStanislav Malyshev2016-08-172-4/+46
| | | | | | | | | (cherry picked from commit 659a21dc20f0b64dafd8cb16573059d3b45cce6b) Conflicts: ext/wddx/wddx.c (cherry picked from commit e3829b88694460a2e5af10ad5eee9966fa55e589)
* Fixed bug #72627: Memory Leakage In exif_process_IFD_in_TIFFStanislav Malyshev2016-08-173-0/+75
| | | | | | | | | (cherry picked from commit 620b01337cc39f856ca68c34c35e154f5f0682fc) Conflicts: ext/exif/exif.c (cherry picked from commit 24fb60ffe9d23a6af27d96b74a85f6a237bbd14a)
* fix testsAnatol Belski2016-08-172-3/+3
| | | | (cherry picked from commit d926a48fd27942d15190a6defdcb05b1e07c9701)
* Fix bug#72697 - select_colors write out-of-boundsAnatol Belski2016-08-172-3/+20
| | | | | | | | | (cherry picked from commit b6f13a5ef9d6280cf984826a5de012a32c396cd4) Conflicts: ext/gd/gd.c (cherry picked from commit 28022c9b1fd937436ab67bb3d61f652c108baf96)
* Fix bug #72708 - php_snmp_parse_oid integer overflow in memory allocationStanislav Malyshev2016-08-171-1/+1
| | | | | | | | | | (cherry picked from commit c3f6d6da100c6451a540680504de4105b8bed83c) Conflicts: ext/snmp/snmp.c main/php_version.h (cherry picked from commit b735a4419c1e796520b395a2aa0b6943d9157b73)
* Fix bug #72730 - imagegammacorrect allows arbitrary write accessStanislav Malyshev2016-08-172-0/+20
| | | | | | | | | (cherry picked from commit 047fe0ed03093a496691d376fcf51a7e2f1d04b0) Conflicts: ext/gd/gd.c (cherry picked from commit e70069a62fb7252252cad9506fac5baf4ac11d21)
* Fix bug #72750: wddx_deserialize null dereferenceStanislav Malyshev2016-08-172-1/+39
| | | | | | | | | (cherry picked from commit 6930a1d12c47aa1d2675837852910d177b0ceb11) Conflicts: ext/wddx/wddx.c (cherry picked from commit f1486f0fd63e888028e625a5ae02f10cc729c4c7)
* Fix bug #72771: ftps:// opendir wrapper is vulnerable to protocol downgrade ↵Anatol Belski2016-08-171-3/+4
| | | | | | | | | | | attack (cherry picked from commit f9c2edb4dbc01a817989b70ca7726f177bb1a103) Conflicts: ext/standard/ftp_fopen_wrapper.c (cherry picked from commit e5b0952be2d7c93bdf491d99f50a14df46c30cd2)
* Fix for bug #72790 and bug #72799Stanislav Malyshev2016-08-173-1/+64
| | | | | | | | | (cherry picked from commit a14fdb9746262549bbbb96abb87338bacd147e1b) Conflicts: ext/wddx/wddx.c (cherry picked from commit 0c8a2a2cd1056b7dc403eacb5d2c0eec6ce47c6f)
* Fix bug #72837 - integer overflow in bzdecompress caused heap corruptionAnatol Belski2016-08-171-4/+14
| | | | | | | Conflicts: ext/bz2/bz2.c (cherry picked from commit 67d0fe39ee554563476ecae13c626580ae1a6612)
* Fix for bug #72782: mcrypt accepts only ints, so don't pass anything elseStanislav Malyshev2016-08-171-8/+8
| | | | (cherry picked from commit 4f6a97f5321ef617b98a1f79aac1ad447d13b2b4)
* Fix bug #72742 - memory allocator fails to realloc small block to large oneStanislav Malyshev2016-08-171-12/+12
| | | | (cherry picked from commit c2a13ced4272f2e65d2773e2ea6ca11c1ce4a911)
* Fix bug #72674 - check both curl_escape and curl_unescapeStanislav Malyshev2016-08-171-2/+6
| | | | (cherry picked from commit 72dbb7f416160f490c4e9987040989a10ad431c7)
* sync NEWSAnatol Belski2016-08-141-2/+0
|
* Revert "Implemented FR #72633 Postgres PDO lastInsertId() should work ↵Anatol Belski2016-08-144-58/+21
| | | | | | without specifying a sequence" This reverts commit 12628e9a46b91a0aa92fd0619cdd545c409d25a6.
* Revert "cleanup the table after the test run"Anatol Belski2016-08-141-4/+1
| | | | This reverts commit 266c62070f7e8e98106cd7b28a86aafc3e537c5b.
* improve the check, avoid strlen on NULLphp-7.0.10RC1Anatol Belski2016-08-031-4/+4
| | | | (cherry picked from commit 9667ee4f72c7dafce993b71104a52beb7c3aff15)
* sync NEWSAnatol Belski2016-08-031-0/+3
|
* Changed the way MAKERNOTE is handled in case we do not have a matching ↵Kalle Sommer Nielsen2016-08-031-2/+12
| | | | | | | | | | | | signature (Remi). Before this patch, exif_process_IFD_in_MAKERNOTE() would return false, then causing the rest of the EXIF parsing to be interrupted. This is a regression from earlier which was most likely a part of a security fix for MAKERNOTE. The new behavior is to instead of stopping to parse, to continue so we can still fetch data like thumbnail and GPS, thrus allowing yet unsupported formats to parse. If EXIF's debugging mode is enabled, a notice will display in case we do not match against a valid MAKERNOTE signature. This should temporarily fix bug #72682 (exif_read_data() fails to read all data for some images) until I get around to debug it further. (cherry picked from commit aabcb5481d9e717df77192dab2894468b9fc63b4)
* update libs_versions.txtAnatol Belski2016-08-031-1/+1
|
* set versionsAnatol Belski2016-08-023-4/+4
|
* fix php_version.hAnatol Belski2016-08-021-3/+3
|
* update NEWSAnatol Belski2016-07-311-1/+0
|
* Revert "upgraded to PCRE 8.39"Anatol Belski2016-07-3161-5976/+4238
| | | | | | | | | | This reverts commit 2fba6468374a15efc82aaac8cbfc600b29c5404f. PCRE-8.39 throws weird valgrind backtraces on some systems, see http://news.php.net/php.cvs/93494 . Those could be false positives due to some changes in JIT, still i couldn't 100% ensure this. Thus, better we continue to ship 8.38 bundled for now, and apply patches, if needed.
* Merge branch 'PHP-5.6' into PHP-7.0Nikita Popov2016-07-302-5/+1
|\
| * Revert "Fixed bug #71219"Nikita Popov2016-07-302-5/+1
| | | | | | | | | | | | | | | | This reverts commit 14d674442ef86ad4e862228a1ff5ecd322ae7759. I misread the discussion on the bug -- this is not the correct fix. However the other proposed fix does not work either, so just reverting for now.
* | Merge branch 'PHP-5.6' into PHP-7.0Nikita Popov2016-07-302-1/+5
|\ \ | |/
| * Fixed bug #71219Nikita Popov2016-07-302-1/+5
| |
* | Merge branch 'PHP-5.6' into PHP-7.0Nikita Popov2016-07-300-0/+0
|\ \ | |/ | | | | | | Conflicts: ext/wddx/wddx.c
| * Add missing TSRMLS_FETCH()Nikita Popov2016-07-301-0/+1
| |
* | Fix incorrect mergeNikita Popov2016-07-302-6/+7
| | | | | | | | Forgot to amend the merge fixes...
* | Merge branch 'PHP-5.6' into PHP-7.0Nikita Popov2016-07-302-1/+21
|\ \ | |/
| * Fixed bug #72142Nikita Popov2016-07-303-1/+25
| |
* | Merge branch 'PHP-5.6' into PHP-7.0Christoph M. Becker2016-07-303-1/+15
|\ \ | |/
| * fixes bad address given to onig_error_code_to_strju1ius2016-07-303-1/+15
| | | | | | | | | | | | Closes bug #72710 (cherry picked from commit 0fb7eb6723bcc6fd98053911543e801edb5ab763)
* | Fix ref handling in array_merge/replace_recursive()Nikita Popov2016-07-292-18/+46
| | | | | | | | As usual, if the reference has rc=1 it really isn't a reference.
* | document file cache fallback ini directiveAnatol Belski2016-07-292-0/+10
| |
* | Merge branch 'PHP-5.6' into PHP-7.0Christoph M. Becker2016-07-293-7/+47
|\ \ | |/ | | | | | | # Resolved conflicts: # ext/calendar/calendar.c
| * Fix #71894: AddressSanitizer: global-buffer-overflow in zif_cal_from_jdChristoph M. Becker2016-07-293-7/+47
| | | | | | | | | | | | | | | | | | Julian days < 347998 denote invalid Jewish calendar dates, so cal_from_jd($jd, CAL_JEWISH) and jdmonthname($jd, CAL_MONTH_JEWISH) should actually fail. For BC we don't yet let them though, but we fix the OOB read that happens in this case, and we also adjust cal_from_jd()'s return value to have empty strings for "abbrevdayname" and "dayname" instead of "Sun"/ "Sunday" and NULL for "dow" instead of 0, which doesn't make any sense.
* | Merge branch 'PHP-5.6' into PHP-7.0Christoph M. Becker2016-07-282-0/+55
|\ \ | |/
| * Implement FR #65462: Please add tests for gregorian and jewish overflow fixesChristoph M. Becker2016-07-282-0/+55
| |
View Lorry Controller Status