#
004cb827 |
| 31-Oct-2022 |
Derick Rethans |
Bumb versions
|
#
2669ed7d |
| 24-Oct-2022 |
Stanislav Malyshev |
Update NEWS
|
#
248f6477 |
| 21-Oct-2022 |
Stanislav Malyshev |
Fix bug #81738 (buffer overflow in hash_update() on long parameter)
|
#
ad8d00b4 |
| 28-Sep-2022 |
Derick Rethans |
Prepare for next release
|
#
0b4e1533 |
| 28-Sep-2022 |
Derick Rethans |
Prepare for 7.4.32
|
#
6f586ef9 |
| 27-Sep-2022 |
Derick Rethans |
Add CVEs
|
#
404e8bdb |
| 25-Jul-2022 |
Christoph M. Becker |
Fix #81726: phar wrapper: DOS when using quine gzip file The phar wrapper needs to uncompress the file; the uncompressed file might be compressed, so the wrapper implementation loops. Th
Fix #81726: phar wrapper: DOS when using quine gzip file The phar wrapper needs to uncompress the file; the uncompressed file might be compressed, so the wrapper implementation loops. This raises potential DOS issues regarding too deep or even infinite recursion (the latter are called compressed file quines[1]). We avoid that by introducing a recursion limit; we choose the somewhat arbitrary limit `3`. This issue has been reported by real_as3617 and gPayl0ad. [1] <https://honno.dev/gzip-quine/>
show more ...
|
#
0611be4e |
| 09-Sep-2022 |
Derick Rethans |
Fix #81727: Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning.
|
#
198f3f50 |
| 10-Jun-2022 |
Remi Collet |
[ci skip] missing CVE
|
#
d1be9369 |
| 06-Jun-2022 |
Stanislav Malyshev |
Update NEWS
|
#
fbee73df |
| 12-Apr-2022 |
Derick Rethans |
Prepare for 7.4.30
|
#
c14e2e4f |
| 12-Apr-2022 |
Derick Rethans |
Add tz update into NEWS
|
#
1a051499 |
| 12-Apr-2022 |
Derick Rethans |
Prep NEWS for 7.4.29 release
|
#
325bcf9f |
| 15-Feb-2022 |
Derick Rethans |
Prepare for 7.4.29
|
#
d13ceb74 |
| 14-Feb-2022 |
Derick Rethans |
Add fix to NEWS
|
#
f533744c |
| 30-Nov-2021 |
Derick Rethans |
Prepare for 7.4.28
|
#
712fc54e |
| 29-Nov-2021 |
Christoph M. Becker |
Fix #74604: Out of bounds in php_pcre_replace_impl Trying to allocate a `zend_string` with a length only slighty smaller than `SIZE_MAX` causes an integer overflow; we make sure that thi
Fix #74604: Out of bounds in php_pcre_replace_impl Trying to allocate a `zend_string` with a length only slighty smaller than `SIZE_MAX` causes an integer overflow; we make sure that this doesn't happen by catering to the maximal overhead of a `zend_string`. Closes GH-7597.
show more ...
|
#
31749aac |
| 26-Nov-2021 |
Christoph M. Becker |
Fix #81659: stream_get_contents() may unnecessarily overallocate Since we're going to read from the current stream position anyway, the `max_len` should be the size of the file minus the
Fix #81659: stream_get_contents() may unnecessarily overallocate Since we're going to read from the current stream position anyway, the `max_len` should be the size of the file minus the current position (still catering to potentially filtered streams). We must, however, make sure to cater to the file position being beyond the actual file size. While we're at, we also fix the step size in the comment, which is 8K. A further optimization could be done for unfiltered streams, thus saving that step size, but 8K might not be worth it. Closes GH-7693.
show more ...
|
#
60fe575c |
| 19-Nov-2021 |
Дилян Палаузов |
Fix #75725: ./configure: detecting RAND_egd Closes GH-7668.
|
#
d14a9139 |
| 16-Nov-2021 |
Christoph M. Becker |
[ci skip] Fix news entry for bug #79971
|
#
7967875d |
| 15-Nov-2021 |
Stanislav Malyshev |
[ci skip] Update NEWS
|
#
d26965b2 |
| 16-Nov-2021 |
Nikita Popov |
Fixed bug #81626 Backport of a8926474cb2c68cde2a7c0d19bcd95cdbda55ad2 to 7.4.
|
#
45f52285 |
| 14-Nov-2021 |
Matt |
Fix bug #81618: Correct dns_get_record on FreeBSD Modify dns_get_record to test for records result based on dns_errno to accommodate modern FreeBSD, for which res_nsearch() does not upda
Fix bug #81618: Correct dns_get_record on FreeBSD Modify dns_get_record to test for records result based on dns_errno to accommodate modern FreeBSD, for which res_nsearch() does not update h_errno directly. Add new php_dns_errno macro, and have it consult statp->res_h_errno when OS has res_nsearch(). Closes GH-7655.
show more ...
|
#
b2cf9b7e |
| 07-Nov-2021 |
Jakub Zelenka |
Fix bug #81513 (Future possibility for heap overflow in FPM zlog) This fixes currently unused code path in zlog that could lead to the heap overflow in the future.
|
#
1919c4b4 |
| 26-Oct-2021 |
Christoph M. Becker |
Fix #71316: libpng warning from imagecreatefromstring We backport the respective upstream fix[1] to our bundled libgd. [1] <https://github.com/libgd/libgd/commit/636100b9280a86e70d8
Fix #71316: libpng warning from imagecreatefromstring We backport the respective upstream fix[1] to our bundled libgd. [1] <https://github.com/libgd/libgd/commit/636100b9280a86e70d852d89251fc5492fce33f4> Closes GH-7615.
show more ...
|