| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
php_zip.c:1647:2: warning: suggest parentheses around assignment used as truth value [-Wparentheses]
php_zip.c:1648:3: error: format not a string literal and no format arguments [-Werror=format-security]
|
| |
|
|
|
|
| |
If an archive can't be written, ZipArchive::close() nonetheless returns TRUE.
We fix the return value to properly return success, and additionally raise a
warning on failure.
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* PHP-5.5:
update NEWS
add NEWS for fixes
Improve fix for #70172
Fix bug #70312 - HAVAL gives wrong hashes in specific cases
fix test
add test
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
Fix bug #70172 - Use After Free Vulnerability in unserialize()
Fix bug #70388 - SOAP serialize_function_call() type confusion
Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
Improve fix for #70385
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
Fix bug #70219 (Use after free vulnerability in session deserializer)
Fix for bug #69782
Add CVE IDs asigned (post release) to PHP 5.4.43
Add CVE IDs asigned to #69085 (PHP 5.4.39)
5.4.45 next
Conflicts:
ext/pcre/php_pcre.c
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
ext/zip/php_zip.c
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* PHP-5.4:
Improve fix for #70172
Fix bug #70312 - HAVAL gives wrong hashes in specific cases
fix test
add test
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
Fix bug #70172 - Use After Free Vulnerability in unserialize()
Fix bug #70388 - SOAP serialize_function_call() type confusion
Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
Improve fix for #70385
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
Fix bug #70219 (Use after free vulnerability in session deserializer)
Fix for bug #69782
Add CVE IDs asigned (post release) to PHP 5.4.43
Add CVE IDs asigned to #69085 (PHP 5.4.39)
5.4.45 next
Conflicts:
configure.in
ext/pcre/php_pcre.c
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
main/php_version.h
|
| | | |
| | |
| | |
| | | |
creating directories
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
ext/ftp/ftp.h
ext/pcre/pcrelib/pcre_printint.c
ext/pcre/pcrelib/sljit/sljitLir.c
ext/pcre/pcrelib/sljit/sljitLir.h
ext/pcre/pcrelib/sljit/sljitNativeARM_32.c
ext/pcre/pcrelib/sljit/sljitNativeTILEGX_64.c
ext/pgsql/pgsql.c
ext/phar/func_interceptors.c
ext/soap/soap.c
ext/standard/image.c
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- update bunled libzip to 0.11.2
- expose zip_file_set_external_attributes + zip_file_get_external_attributes
with new methods:
ZipArchive::setExternalAttributesName
ZipArchive::setExternalAttributesIndex
ZipArchive::getExternalAttributesName
ZipArchive::getExternalAttributesIndex
|
| | | | |
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-5.5:
Fixed Bug #66321 (ZipArchive::open() ze_obj->filename_len not real)
|
| | |\ \
| | |/
| | |
| | |
| | | |
* PHP-5.4:
Fixed Bug #66321 (ZipArchive::open() ze_obj->filename_len not real)
|
| | | | |
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* pull-request/500:
limit virtual_cwd_activate() duplicated call to ZTS only
reverted the previous commit, both calls are needed in TS mode
virtual_cwd_activate() should be called only in one place
back to do_alloca()
removed unnecessary call
simplify the state free macros
compact the code to preserve the error info after state freeing
back to do_alloca(), reverted the wrong replacement
enabled windows to use stack in both ts/nts mode, some more fixes
moved to do_alloca() usage where appropriate
fixed invalid free
fixed virtual cwd header in phar
updated NEWS
fixed all the places where last error could be lost
preserve the error code
applied and fixed the original patch
initial move on renaming files and fixing includes
Conflicts:
ext/opcache/ZendAccelerator.c
|
| | | | |
| | | |
| | | |
| | | | |
initial work on the patch import done
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- update libzip to version 1.11.1. We don't use any private symbol anymore
- new method ZipArchive::setPassword($password)
- add --with-libzip option to build with system libzip
|
| |\ \ \ \
| | |/ /
| |/| |
| | | |
| | | | |
* PHP-5.5:
- Moved NULL check before dereferencing
|
| | |\ \ \
| | | |/
| | |/|
| | | |
| | | | |
* PHP-5.4:
- Moved NULL check before dereferencing
|
| | | | | |
|
| |\ \ \ \
| |/ / /
| | | /
| |_|/
|/| | |
* PHP-5.5:
- Fix possible memory leak
|
| | |\ \
| | |/
| | |
| | |
| | | |
* PHP-5.4:
- Fix possible memory leak
|
| | | | |
|
| |\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
* PHP-5.5:
Reduce (some) compile noise of 'unused variable' and 'may be used uninitialized' warnings.
Conflicts:
ext/gmp/gmp.c
|
| | |\ \
| | |/
| | |
| | |
| | |
| | |
| | |
| | | |
* PHP-5.4:
Reduce (some) compile noise of 'unused variable' and 'may be used uninitialized' warnings.
Conflicts:
ext/dba/libinifile/inifile.c
|
| | | |
| | |
| | |
| | | |
uninitialized' warnings.
|
| |\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | | |
* PHP-5.5:
update NEWS
updated NEWS
Fixed bug #64342 ZipArchive::addFile() has to check for file existence
|
| | |\ \
| | |/
| | |
| | |
| | |
| | | |
* PHP-5.4:
updated NEWS
Fixed bug #64342 ZipArchive::addFile() has to check for file existence
|
| | | |\
| | | |
| | | |
| | | |
| | | | |
* PHP-5.3:
Fixed bug #64342 ZipArchive::addFile() has to check for file existence
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
This fixes the same issue in multiple extensions. This isn't needed
in later branches as 5.4 introduced object_properties_init()
|
| | | | | |
|
| |\ \ \ \
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | | |
* PHP-5.5:
news for bug #49348
fix tests
fix bug #49348 - issue notice on get_property_ptr_ptr when used for read
|
| | | | | |
|
| |/ / / |
|
| |/ / |
|
| |\ \
| |/
| |
| |
| | |
* PHP-5.3:
set current versions for libzip and zip ext
|
| | | |
|
| |\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* PHP-5.3:
zip windows fixes
fixed bc break related to #57905
fixed a bit overlooked from the last libzip port
brought the fix for #47667 back
fixed zip entry freeing
rechecked the merged libzip, took also the indents from the original to avoid confusion next time
fixed a double freeing crash
fixed header include
initial libzip upgrade patch to 0.10.1
- BFN
Conflicts:
NEWS
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
