summaryrefslogtreecommitdiff
path: root/ext/hash
Commit message (Collapse)AuthorAgeFilesLines
* Removed or simplified incorrect SEPARATE_*() macros usage.Dmitry Stogov2015-09-291-3/+1
|
* Merge branch 'PHP-5.6'Stanislav Malyshev2015-09-025-8/+26
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.6: (21 commits) fix unit tests update NEWS add NEWS for fixes Improve fix for #70172 Fix bug #70312 - HAVAL gives wrong hashes in specific cases fix test add test Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage Fix bug #70172 - Use After Free Vulnerability in unserialize() Fix bug #70388 - SOAP serialize_function_call() type confusion Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories Improve fix for #70385 Fix bug #70345 (Multiple vulnerabilities related to PCRE functions) Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes) Fix bug #70219 (Use after free vulnerability in session deserializer) Fix bug ##70284 (Use after free vulnerability in unserialize() with GMP) Fix for bug #69782 Add CVE IDs asigned (post release) to PHP 5.4.43 Add CVE IDs asigned to #69085 (PHP 5.4.39) ... Conflicts: ext/exif/exif.c ext/gmp/gmp.c ext/pcre/php_pcre.c ext/session/session.c ext/session/tests/session_decode_variation3.phpt ext/soap/soap.c ext/spl/spl_observer.c ext/standard/var.c ext/standard/var_unserializer.c ext/standard/var_unserializer.re ext/xsl/xsltprocessor.c
| * Merge branch 'PHP-5.5' into PHP-5.6Stanislav Malyshev2015-09-013-3/+3
| |\ | | | | | | | | | | | | * PHP-5.5: fix unit tests
| | * Merge branch 'PHP-5.4' into PHP-5.5Stanislav Malyshev2015-09-013-3/+3
| | |\ | | | | | | | | | | | | | | | | * PHP-5.4: fix unit tests
| | | * fix unit testsStanislav Malyshev2015-09-013-3/+3
| | | |
| * | | Merge branch 'PHP-5.5' into PHP-5.6Stanislav Malyshev2015-09-012-5/+23
| |\ \ \ | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.5: update NEWS add NEWS for fixes Improve fix for #70172 Fix bug #70312 - HAVAL gives wrong hashes in specific cases fix test add test Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage Fix bug #70172 - Use After Free Vulnerability in unserialize() Fix bug #70388 - SOAP serialize_function_call() type confusion Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories Improve fix for #70385 Fix bug #70345 (Multiple vulnerabilities related to PCRE functions) Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes) Fix bug #70219 (Use after free vulnerability in session deserializer) Fix for bug #69782 Add CVE IDs asigned (post release) to PHP 5.4.43 Add CVE IDs asigned to #69085 (PHP 5.4.39) 5.4.45 next Conflicts: ext/pcre/php_pcre.c ext/standard/var_unserializer.c ext/standard/var_unserializer.re ext/zip/php_zip.c
| | * | Merge branch 'PHP-5.4' into PHP-5.5Stanislav Malyshev2015-09-012-5/+23
| | |\ \ | | | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.4: Improve fix for #70172 Fix bug #70312 - HAVAL gives wrong hashes in specific cases fix test add test Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage Fix bug #70172 - Use After Free Vulnerability in unserialize() Fix bug #70388 - SOAP serialize_function_call() type confusion Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories Improve fix for #70385 Fix bug #70345 (Multiple vulnerabilities related to PCRE functions) Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes) Fix bug #70219 (Use after free vulnerability in session deserializer) Fix for bug #69782 Add CVE IDs asigned (post release) to PHP 5.4.43 Add CVE IDs asigned to #69085 (PHP 5.4.39) 5.4.45 next Conflicts: configure.in ext/pcre/php_pcre.c ext/standard/var_unserializer.c ext/standard/var_unserializer.re main/php_version.h
| | | * Fix bug #70312 - HAVAL gives wrong hashes in specific casesStanislav Malyshev2015-09-012-5/+23
| | | |
* | | | remove TSRMLS_*Anatol Belski2015-08-021-2/+2
| | | | | | | | | | | | | | | | either remains or merged in from PHP5
* | | | Use ZSTR_ API to access zend_string elements (this is just renaming without ↵Dmitry Stogov2015-06-301-20/+20
| | | | | | | | | | | | | | | | semantick changes).
* | | | Fixed skipfXinchen Hui2015-06-141-1/+1
| | | |
* | | | Fixed Bug #69823 (PHP 7.0.0alpha1 segmentation fault when exactly 33 ↵Xinchen Hui2015-06-141-1/+14
| | | | | | | | | | | | | | | | extensions are loaded)
* | | | Merge branch 'PHP-5.6'Stanislav Malyshev2015-04-142-1/+13
|\ \ \ \ | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.6: (27 commits) fix non-standard C update NEWS 5.4.41 next fix CVE num update NEWS Fix bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode) fix test fix type in fix for #69085 fix memory leak & add test Fix tests fix CVE num Fix bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability) Fix test Additional fix for bug #69324 More fixes for bug #69152 Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions) Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar) Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER) Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4) Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault) ... Conflicts: Zend/zend_exceptions.c ext/curl/interface.c ext/dom/document.c ext/fileinfo/libmagic/softmagic.c ext/gd/gd.c ext/hash/hash.c ext/pgsql/pgsql.c ext/phar/phar.c ext/phar/phar_internal.h ext/standard/http_fopen_wrapper.c ext/standard/link.c ext/standard/streamsfuncs.c ext/xmlwriter/php_xmlwriter.c ext/zlib/zlib.c
| * | | Merge branch 'PHP-5.5' into PHP-5.6Stanislav Malyshev2015-04-142-1/+13
| |\ \ \ | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.5: (27 commits) fix non-standard C update NEWS 5.4.41 next fix CVE num update NEWS Fix bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode) fix test fix type in fix for #69085 fix memory leak & add test Fix tests fix CVE num Fix bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability) Fix test Additional fix for bug #69324 More fixes for bug #69152 Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions) Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar) Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER) Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4) Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault) ... Conflicts: ext/standard/http_fopen_wrapper.c
| | * | Merge branch 'PHP-5.4.40' into PHP-5.5.24Stanislav Malyshev2015-04-112-1/+13
| | |\ \ | | | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.4.40: Additional fix for bug #69324 More fixes for bug #69152 Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions) Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar) Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER) Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4) Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault) Fixed bug #68901 (use after free) Fixed bug #68740 (NULL Pointer Dereference) Fix bug #66550 (SQLite prepared statement use-after-free) Better fix for #68601 for perf https://bitbucket.org/libgd/gd-libgd/commits/81e9a993f2893d651d225646378e3fd1b7465467 Fix bug #68601 buffer read overflow in gd_gif_in.c Revert "Merge branch 'PHP-5.4' of https://git.php.net/repository/php-src into PHP-5.4" Fixed bug #69293 Add ZEND_ARG_CALLABLE_INFO to allow internal function to type hint against callable.
| | | * Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)Stanislav Malyshev2015-04-112-1/+13
| | | |
| | | * Bump yearXinchen Hui2014-01-0331-31/+31
| | | |
| | | * typo fixesVeres Lajos2013-07-151-3/+3
| | | |
| | | * Merge branch 'pull-request/341'Stanislav Malyshev2013-06-101-1/+1
| | | | | | | | | | | | | | | | | | | | * pull-request/341: (23 commits) typofixes
| | | * Happy New YearXinchen Hui2013-01-0131-31/+31
| | | |
| | * | Bump yearXinchen Hui2015-01-1531-31/+31
| | | |
| * | | bump yearXinchen Hui2015-01-1530-30/+30
| | | |
* | | | CleanupDmitry Stogov2015-04-071-8/+0
| | | |
* | | | cleanup the mod version macros, round 2Anatol Belski2015-03-232-7/+4
| | | |
* | | | revert yet unready stuffAnatol Belski2015-03-231-1/+1
| | | |
* | | | more fixes to the shared compilationAnatol Belski2015-03-232-3/+3
| | | |
* | | | Use specialized macro for string zval creationDmitry Stogov2015-03-121-7/+7
| | | |
* | | | Cleanup resource handling APIsXinchen Hui2015-02-021-7/+18
| | | |
* | | | int -> size_tRasmus Lerdorf2015-01-201-1/+1
| | | |
* | | | int -> size_tRasmus Lerdorf2015-01-201-1/+1
| | | |
* | | | bump yearXinchen Hui2015-01-1530-30/+30
| | | |
* | | | trailing whitespace removalStanislav Malyshev2015-01-1015-323/+323
| | | |
* | | | first shot remove TSRMLS_* thingsAnatol Belski2014-12-133-32/+32
| | | |
* | | | s/PHP 5/PHP 7/Johannes Schlüter2014-09-1930-30/+30
| | | |
* | | | more usages for ZEND_SECURE_ZERO()Anatol Belski2014-09-199-39/+39
| | | |
* | | | generalized the case with secure memory zeroingAnatol Belski2014-09-192-6/+6
| | | |
* | | | fix hash_pbkdf2()Anatol Belski2014-08-281-4/+3
| | | |
* | | | 's' works with size_t round 3Anatol Belski2014-08-272-4/+5
| | | |
* | | | first show to make 's' work with size_tAnatol Belski2014-08-273-9/+10
| | | |
* | | | master renames phase 7PRE_AST_MERGEAnatol Belski2014-08-251-1/+1
| | | |
* | | | master renames phase 3Anatol Belski2014-08-251-2/+2
| | | |
* | | | master renames phase 1Anatol Belski2014-08-252-39/+39
| | | |
* | | | fix zpp and a bit moreAnatol Belski2014-08-211-20/+20
| | | |
* | | | fix hashAnatol Belski2014-08-191-1/+1
| | | |
* | | | basic macro replacements, all at onceAnatol Belski2014-08-191-10/+10
| | | |
* | | | RETVAL_STRING takes only one variableLior Kaplan2014-07-222-4/+4
| | | | | | | | | | | | | | | | Follow up for commit f4cfaf36
* | | | RETURN_STRINGL takes only two variablesLior Kaplan2014-07-222-4/+4
| | | | | | | | | | | | | | | | Follow up for commit f4cfaf36
* | | | unused varPierre Joye2014-05-151-1/+1
| | | |
* | | | Merge mainstream 'master' branch into refactoringDmitry Stogov2014-04-268-5/+772
|\ \ \ \ | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | During merge I had to revert: Nikita's patch for php_splice() (it probably needs to be applyed again) Bob Weinand's patches related to constant expression handling (we need to review them carefully) I also reverted all our attempts to support sapi/phpdbg (we didn't test it anyway) Conflicts: Zend/zend.h Zend/zend_API.c Zend/zend_ast.c Zend/zend_compile.c Zend/zend_compile.h Zend/zend_constants.c Zend/zend_exceptions.c Zend/zend_execute.c Zend/zend_execute.h Zend/zend_execute_API.c Zend/zend_hash.c Zend/zend_highlight.c Zend/zend_language_parser.y Zend/zend_language_scanner.c Zend/zend_language_scanner_defs.h Zend/zend_variables.c Zend/zend_vm_def.h Zend/zend_vm_execute.h ext/date/php_date.c ext/dom/documenttype.c ext/hash/hash.c ext/iconv/iconv.c ext/mbstring/tests/zend_multibyte-10.phpt ext/mbstring/tests/zend_multibyte-11.phpt ext/mbstring/tests/zend_multibyte-12.phpt ext/mysql/php_mysql.c ext/mysqli/mysqli.c ext/mysqlnd/mysqlnd_reverse_api.c ext/mysqlnd/php_mysqlnd.c ext/opcache/ZendAccelerator.c ext/opcache/zend_accelerator_util_funcs.c ext/opcache/zend_persist.c ext/opcache/zend_persist_calc.c ext/pcre/php_pcre.c ext/pdo/pdo_dbh.c ext/pdo/pdo_stmt.c ext/pdo_pgsql/pgsql_driver.c ext/pgsql/pgsql.c ext/reflection/php_reflection.c ext/session/session.c ext/spl/spl_array.c ext/spl/spl_observer.c ext/standard/array.c ext/standard/basic_functions.c ext/standard/html.c ext/standard/mail.c ext/standard/php_array.h ext/standard/proc_open.c ext/standard/streamsfuncs.c ext/standard/user_filters.c ext/standard/var_unserializer.c ext/standard/var_unserializer.re main/php_variables.c sapi/phpdbg/phpdbg.c sapi/phpdbg/phpdbg_bp.c sapi/phpdbg/phpdbg_frame.c sapi/phpdbg/phpdbg_help.c sapi/phpdbg/phpdbg_list.c sapi/phpdbg/phpdbg_print.c sapi/phpdbg/phpdbg_prompt.c
| * | | Add hash_equals() to perform string comparisons that are not vulnerable to ↵Rouven Weßling2014-03-173-0/+90
| | | | | | | | | | | | | | | | timing attacks.
View Lorry Controller Status