summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* missed piece for renamingphp-7.0.12PHP-7.0.12Anatol Belski2016-10-131-4/+4
| | | | (cherry picked from commit 5ba9eab4361cf9d0d9085f969acc2e96b8af3241)
* rename publicly exposed symbol to avoid name conflictsAnatol Belski2016-10-132-4/+4
| | | | (cherry picked from commit 730288ae41fe0d40d00b27174b558cf260b1a7df)
* sync NEWSAnatol Belski2016-10-131-0/+2
|
* Fix potential overflows in php_pcre_replace_implStanislav Malyshev2016-10-133-33/+30
| | | | (cherry picked from commit 9c50ba42d6503a5fcfffad6c6823a9bee0e033c0)
* Fix outlen for openssl functionStanislav Malyshev2016-10-131-5/+7
| | | | | | Even though datalen can't be over int, outlen can. (cherry picked from commit cd8c9b06149dc7dc0415524f1d74880fd6f2d25c)
* Syncronize with 5.6 - __toString should return ""Stanislav Malyshev2016-10-132-2/+2
| | | | (cherry picked from commit 2301608736c82183f8210053a45f78eeef5b0c74)
* sync NEWSAnatol Belski2016-10-131-0/+25
|
* Fix bug #73189 - Memcpy negative size parameter php_resolve_pathStanislav Malyshev2016-10-131-3/+4
| | | | | (cherry picked from commit da7e89cde880c66887caacd0a3eae7ecdacf9b2a) (cherry picked from commit c4c2cce37dd99bbcf1411ad8d6884c3c927d7bc9)
* update len in fallback casesAnatol Belski2016-10-131-0/+5
| | | | (cherry picked from commit 58b18892bf3db0adf2a01f92adb4c907700fbbdd)
* Fix bug #73190: memcpy negative parameter _bc_new_num_exStanislav Malyshev2016-10-133-8/+26
| | | | | (cherry picked from commit 40e7baab3c90001beee4c8f0ed0ef79ad18ee0d6) (cherry picked from commit 74b5662536ccdf9b7b02c495f02a27c64e27fff7)
* Fix bug #73147: Use After Free in PHP7 unserialize()Stanislav Malyshev2016-10-134-0/+40
| | | | | (cherry picked from commit 0e6fe3a4c96be2d3e88389a5776f878021b4c59f) (cherry picked from commit f42cbd749cde1f91274c1d03df9024baba141a8f)
* fix typoAnatol Belski2016-10-131-1/+1
| | | | (cherry picked from commit efc1f33b58b0936539ea6ca1de345bd83c7e8f26)
* followup with #73276 mergeAnatol Belski2016-10-131-6/+5
| | | | (cherry picked from commit b135ba3fa93fd4f085322573d2850b29cb662e21)
* fix testAnatol Belski2016-10-131-3/+1
| | | | (cherry picked from commit 7c6cb1282d539c4d5ff5adc8f7a6926c83b98e20)
* Fix bug #73276 - crash in openssl_random_pseudo_bytes functionStanislav Malyshev2016-10-131-1/+6
| | | | | (cherry picked from commit 85a22a0af0722ef3a8d49a056a0b2b18be1fb981) (cherry picked from commit 7dc8b5e7aefce963a7a222c48ee3506725c4776b)
* Fix bug #73293 - NULL pointer dereference in SimpleXMLElement::asXML()Stanislav Malyshev2016-10-131-3/+16
| | | | | (cherry picked from commit 96a8cf8e1b5dc1b0c708bb5574e0d6727cc56d9e) (cherry picked from commit 4ef79370a82d6c92f4ea0cd462274ba24e007f56)
* avoid strlenAnatol Belski2016-10-131-5/+5
| | | | (cherry picked from commit aaa5d07365b54f35ba3b5024492450f3d2fe4ee5)
* Bug #73218: add mitigation for ICU int overflowStanislav Malyshev2016-10-131-0/+12
| | | | | (cherry picked from commit d946d102936525bc7dcd01f3827d0a6e0bb971b0) (cherry picked from commit b26b02b2df95eaa647ea3f4e7b42bd11eea4ed2c)
* Add more locale length checks, due to ICU bugs.Stanislav Malyshev2016-10-131-0/+8
| | | | | (cherry picked from commit d3eb58332af433982f1e2ae9095fb087974a95f2) (cherry picked from commit 87a8240b5adc730153e6df54f33195aee1325e6f)
* Fix bug #73150: missing NULL check in dom_document_save_htmlStanislav Malyshev2016-10-131-2/+2
| | | | | (cherry picked from commit 1c0e9126fbfb7fde3173347b7464237f56c38bfa) (cherry picked from commit d1e878f2726e65502fdd992c5b57feeada57893f)
* Merge remote-tracking branch 'origin/PHP-7.0.12' into PHP-7.0.12Stanislav Malyshev2016-10-1189-3346/+5526
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * origin/PHP-7.0.12: (99 commits) set versions and release date sync NEWS Revert "Fixed bug #73067 (__debugInfo crashes when throwing an exception)" set versions update NEWS Ignore potentially misleading dberr values update NEWS Fixed bug #73172 parse error: Invalid numeric literal Fix #53745: cgi.discard_path option is missing from php.ini update libs_versions.txt update libs_versions.txt Fixed bug #73156 (segfault on undefined function) Add an include path for freetype which is relevant for cmake builds Fix test_image_equals_file() wrt. palette images Fixed bug #73163 Fix #73161: imagecreatefromgd2() may leak memory Fix #73159: imagegd2(): unrecognized formats may result in corrupted files Fix #73155: imagegd2() writes wrong chunk sizes on boundaries Fix #73157 (again): imagegd2() ignores 3rd param if 4 are given Fix #73157: imagegd2() ignores 3rd param if 4 are given ...
| * set versions and release dateAnatol Belski2016-10-113-4/+4
| |
| * sync NEWSAnatol Belski2016-10-111-2/+0
| |
| * Revert "Fixed bug #73067 (__debugInfo crashes when throwing an exception)"Anatol Belski2016-10-112-22/+0
| | | | | | | | This reverts commit 2d8ab51576695630a7471ff829cc5ea10becdc0f.
| * set versionsphp-7.0.12RC1Anatol Belski2016-09-273-4/+4
| |
| * update NEWSAdam Baratz2016-09-261-0/+1
| |
| * Ignore potentially misleading dberr valuesChris Kings-Lynne2016-09-261-2/+2
| | | | | | | | | | | | | | | | | | | | FreeTDS had a buggy behavior where it would pass invalid values: https://sourceforge.net/p/freetds/bugs/59/ The fix for this issue -- bc22b2ef817fb5d102bd758111ff3634b39a1319 on their repo -- was to always use SYBESMSG for dberr. This makes it so the existing pdo_dblib code would work as is. But by ignoring the dberr value in this function, it will behave correctly, even with older versions of FreeTDS.
| * update NEWSAnatol Belski2016-09-261-0/+1
| |
| * Merge branch 'PHP-7.0' of git.php.net:php-src into PHP-7.0Anatol Belski2016-09-262-0/+24
| |\
| | * Merge branch 'PHP-5.6' into PHP-7.0Christoph M. Becker2016-09-262-0/+24
| | |\
| | | * Fix #53745: cgi.discard_path option is missing from php.iniChristoph M. Becker2016-09-262-0/+24
| | | | | | | | | | | | | | | | Also cgi.check_shebang_line has been missing.
| * | | Fixed bug #73172 parse error: Invalid numeric literalAnatol Belski2016-09-263-2/+22
| |/ /
| * | update libs_versions.txtAnatol Belski2016-09-261-1/+1
| | |
| * | Merge branch 'PHP-5.6' into PHP-7.0Anatol Belski2016-09-260-0/+0
| |\ \ | | |/ | | | | | | | | | * PHP-5.6: update libs_versions.txt
| | * update libs_versions.txtAnatol Belski2016-09-261-1/+1
| | |
| * | Fixed bug #73156 (segfault on undefined function)Dmitry Stogov2016-09-263-3/+78
| | |
| * | Add an include path for freetype which is relevant for cmake buildsAnatol Belski2016-09-251-1/+1
| | |
| * | Merge branch 'PHP-5.6' into PHP-7.0Christoph M. Becker2016-09-252-2/+63
| |\ \ | | |/
| | * Fix test_image_equals_file() wrt. palette imagesChristoph M. Becker2016-09-252-2/+63
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The recently introduced test_image_equals_file() doesn't properly work for palette images, because in this case only the palette indexes are compared, what can lead to false positives and negatives as shown in the added test. To fix that we convert palette images to truecolor, what is supposed to be faster than calling imagecolorsforindex() for each pixel. We furthermore rely on PHP's refcounting to free unused images; after all, this is not C.
| * | Merge branch 'PHP-5.6' into PHP-7.0Christoph M. Becker2016-09-241-2/+2
| |\ \ | | |/
| | * Merge branch 'pull-request/2120' into PHP-5.6Christoph M. Becker2016-09-241-2/+2
| | |\
| | | * Fix potential memory issue with USE_ZEND_ALLOC=0Christoph M. Becker2016-09-071-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The PHP core and extensions are written with the assumption that memory allocation either succeeds, or the allocator bails out (i.e. the allocator is infallible). Therefore the result of emalloc() and friends are not checked for NULL values. However, with USE_ZEND_ALLOC=0, malloc() and friends are used as allocators, but these are fallible, i.e. they return NULL instead of bailing out if they fail. This easily leads to invalid memory accesses in the following, such as in <https://bugs.php.net/73032>. Some of these cases may constitute exploitable vulnerabilities. Therefore we make the infallible __zend_alloc() and friends the default for USE_ZEND_ALLOC=0.
| * | | Fixed bug #73163Nikita Popov2016-09-243-29/+43
| | | |
| * | | Merge branch 'PHP-5.6' into PHP-7.0Christoph M. Becker2016-09-244-5/+24
| |\ \ \ | | |/ /
| | * | Fix #73161: imagecreatefromgd2() may leak memoryChristoph M. Becker2016-09-244-5/+24
| | | |
| * | | Merge branch 'PHP-5.6' into PHP-7.0Christoph M. Becker2016-09-243-1/+24
| |\ \ \ | | |/ /
| | * | Fix #73159: imagegd2(): unrecognized formats may result in corrupted filesChristoph M. Becker2016-09-243-1/+24
| | | | | | | | | | | | | | | | We must not apply the format correction twice for truecolor images.
| * | | Merge branch 'PHP-5.6' into PHP-7.0Christoph M. Becker2016-09-243-2/+31
| |\ \ \ | | |/ /
| | * | Fix #73155: imagegd2() writes wrong chunk sizes on boundariesChristoph M. Becker2016-09-243-2/+31
| | | |
| * | | Merge branch 'PHP-5.6' into PHP-7.0Christoph M. Becker2016-09-240-0/+0
| |\ \ \ | | |/ /
View Lorry Controller Status