#
1d32b809 |
| 30-Jul-2016 |
ju1ius |
fixes bad address given to onig_error_code_to_str Closes bug #72710 (cherry picked from commit 0fb7eb6723bcc6fd98053911543e801edb5ab763) |
#
de755310 |
| 28-Jul-2016 |
Christoph M. Becker |
Merge branch 'PHP-7.0' into PHP-7.1 # Resolved conflicts: # ext/mbstring/php_mbregex.c
|
#
805dc0ea |
| 28-Jul-2016 |
Christoph M. Becker |
Merge branch 'PHP-5.6' into PHP-7.0 # Resolved conflicts: # ext/mbstring/php_mbregex.c
|
#
ee6900c3 |
| 28-Jul-2016 |
Christoph M. Becker |
Fix #72694: mb_ereg_search_setpos does not accept a string's last position Setting the search position immediately behind the last character should be allowed, so we fix this off-by-one
Fix #72694: mb_ereg_search_setpos does not accept a string's last position Setting the search position immediately behind the last character should be allowed, so we fix this off-by-one error.
show more ...
|
#
6aaef1ed |
| 28-Jul-2016 |
Christoph M. Becker |
Merge branch 'PHP-7.0' into PHP-7.1
|
#
a6210231 |
| 28-Jul-2016 |
Christoph M. Becker |
Merge branch 'PHP-5.6' into PHP-7.0
|
#
56cdaecb |
| 28-Jul-2016 |
Christoph M. Becker |
Fix #72693: mb_ereg_search increments search position when a match zero-width That's caused by an off-by-one error, which we fix. |
#
db69ea32 |
| 28-Jul-2016 |
Christoph M. Becker |
Merge branch 'PHP-7.0' into PHP-7.1
|
#
18a37eee |
| 28-Jul-2016 |
Christoph M. Becker |
Merge branch 'PHP-5.6' into PHP-7.0 # Resolved conflicts: # ext/mbstring/php_mbregex.c
|
#
d276e6a8 |
| 28-Jul-2016 |
Christoph M. Becker |
Fix #72691: mb_ereg_search raises a warning if a match zero-width That warning doesn't make sense (PCRE doesn't throw such a warning either), so we remove it. |
Revision tags: php-7.1.0beta1, php-5.6.24, php-7.0.9, php-5.5.38, php-5.6.24RC1, php-7.1.0alpha3, php-7.0.9RC1, php-7.1.0alpha2, php-7.0.8, php-5.6.23, php-5.5.37, php-5.6.23RC1, php-7.0.8RC1, php-7.1.0alpha1, php-5.6.22, php-5.5.36, php-7.0.7, php-5.6.22RC1, php-7.0.7RC1, php-7.0.6, php-5.6.21, php-5.5.35, php-5.6.21RC1, php-7.0.6RC1, php-5.6.20, php-5.5.34, php-7.0.5, php-5.6.20RC1, php-7.0.5RC1, php-5.6.19, php-5.5.33, php-7.0.4, php-5.6.19RC1, php-7.0.4RC1, php-5.6.18, php-7.0.3, php-5.5.32, php-5.6.18RC1, php-7.0.3RC1, php-5.6.17, php-5.5.31, php-7.0.2, php-7.0.2RC1, php-5.6.17RC1, php-7.0.1RC1, php-7.0.0, php-5.6.16, php-7.0.0RC8, php-7.0.0RC7, php-5.6.16RC1, php-5.6.15, php-7.0.0RC6, php-7.0.1, php-5.6.15RC1, php-7.0.0RC5, php-5.5.30, php-5.6.14, php-7.0.0RC4, php-5.6.14RC1, php-7.0.0RC3, php-5.6.13, php-7.0.0RC2, php-5.5.29, php-5.4.45, php-5.6.13RC1, php-7.0.0RC1, php-5.6.12, php-5.5.28, php-7.0.0beta3, php-5.4.44, php-5.6.12RC1, php-7.0.0beta2, php-7.0.0beta1, php-5.6.11, php-5.5.27, php-5.4.43, php-5.6.11RC1, php-5.5.27RC1, php-7.0.0alpha2, php-5.5.26, php-7.0.0alpha1, php-5.6.10, php-5.4.42, POST_PHP7_NSAPI_REMOVAL, PRE_PHP7_NSAPI_REMOVAL, php-5.6.10RC1, php-5.5.26RC1, php-5.5.25, php-5.6.9, php-5.4.41, php-5.6.9RC1, php-5.5.25RC1, php-5.6.8, php-5.5.24, php-5.4.40, php-5.6.8RC1, php-5.5.24RC1, php-5.6.7, php-5.5.23, php-5.4.39, php-5.6.7RC1, php-5.5.23RC1, POST_PHP7_EREG_MYSQL_REMOVALS, PRE_PHP7_EREG_MYSQL_REMOVALS |
|
#
eb3e7f7c |
| 01-Mar-2015 |
Masaki Kagaya |
check the encoding of argument for mb_ereg, mb_ereg_replace, mb_ereg_search_init |
#
0c98f51c |
| 09-Jul-2016 |
Christoph M. Becker |
Implement RFC "Deprecate mb_ereg_replace eval option" <https://wiki.php.net/rfc/deprecate_mb_ereg_replace_eval_option> has been accepted, so we implement it. |
#
24237027 |
| 05-Jul-2016 |
Aaron Piotrowski |
Merge branch 'throw-error-in-extensions'
|
#
323b2733 |
| 21-Jun-2016 |
Dmitry Stogov |
Fixed compilation warnings |
#
3e0397c2 |
| 21-Jun-2016 |
Stanislav Malyshev |
Merge branch 'PHP-7.0' * PHP-7.0: iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow update NEWS fix tests fix build
Merge branch 'PHP-7.0' * PHP-7.0: iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow update NEWS fix tests fix build Fix bug #72455: Heap Overflow due to integer overflows Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize Fix bug #72407: NULL Pointer Dereference at _gdScaleVert Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free Fix bug #72298 pass2_no_dither out-of-bounds access Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow Fix bug #72262 - do not overflow int Fix bug #72400 and #72403 - prevent signed int overflows for string lengths Fix bug #72275: don't allow smart_str to overflow int Fix bug #72340: Double Free Courruption in wddx_deserialize Fix bug #72321 - use efree() for emalloc allocation 5.6.23RC1 fix NEWS set versions
show more ...
|
#
8705254f |
| 21-Jun-2016 |
Stanislav Malyshev |
Merge branch 'PHP-7.0.8' into PHP-7.0 * PHP-7.0.8: iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow update NEWS fix tests
Merge branch 'PHP-7.0.8' into PHP-7.0 * PHP-7.0.8: iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow update NEWS fix tests fix build Fix bug #72455: Heap Overflow due to integer overflows Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize Fix bug #72407: NULL Pointer Dereference at _gdScaleVert Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free Fix bug #72298 pass2_no_dither out-of-bounds access Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow Fix bug #72262 - do not overflow int Fix bug #72400 and #72403 - prevent signed int overflows for string lengths Fix bug #72275: don't allow smart_str to overflow int Fix bug #72340: Double Free Courruption in wddx_deserialize Fix bug #72321 - use efree() for emalloc allocation 5.6.23RC1 fix NEWS set versions Conflicts: configure.in main/php_version.h
show more ...
|
#
2a65544f |
| 21-Jun-2016 |
Stanislav Malyshev |
Merge branch 'PHP-5.6.23' into PHP-7.0.8 * PHP-5.6.23: (24 commits) iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow update NEWS
Merge branch 'PHP-5.6.23' into PHP-7.0.8 * PHP-5.6.23: (24 commits) iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow update NEWS fix tests fix build Fix bug #72455: Heap Overflow due to integer overflows Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize Fix bug #72407: NULL Pointer Dereference at _gdScaleVert Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free Fix bug #72298 pass2_no_dither out-of-bounds access Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow Fix bug #72262 - do not overflow int Fix bug #72400 and #72403 - prevent signed int overflows for string lengths Fix bug #72275: don't allow smart_str to overflow int Fix bug #72340: Double Free Courruption in wddx_deserialize update NEWS Fix #66387: Stack overflow with imagefilltoborder Fix bug #72321 - use efree() for emalloc allocation 5.6.23RC1 Fix bug #72140 (segfault after calling ERR_free_strings()) ... Conflicts: configure.in ext/mbstring/php_mbregex.c ext/mcrypt/mcrypt.c ext/spl/spl_array.c ext/spl/spl_directory.c ext/standard/php_smart_str.h ext/standard/string.c ext/standard/url.c ext/wddx/wddx.c ext/zip/php_zip.c main/php_version.h
show more ...
|
#
7dde353e |
| 21-Jun-2016 |
Stanislav Malyshev |
Merge branch 'PHP-5.5' into PHP-5.6.23 * PHP-5.5: Fixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow update NEWS fix tests
Merge branch 'PHP-5.5' into PHP-5.6.23 * PHP-5.5: Fixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow update NEWS fix tests fix build Fix bug #72455: Heap Overflow due to integer overflows Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize Fix bug #72407: NULL Pointer Dereference at _gdScaleVert Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free Fix bug #72298 pass2_no_dither out-of-bounds access Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow Fix bug #72262 - do not overflow int Fix bug #72400 and #72403 - prevent signed int overflows for string lengths Fix bug #72275: don't allow smart_str to overflow int Fix bug #72340: Double Free Courruption in wddx_deserialize update NEWS Fix #66387: Stack overflow with imagefilltoborder Skip test which is 64bits only 5.5.37 now Conflicts: configure.in ext/mcrypt/mcrypt.c ext/spl/spl_directory.c main/php_version.h
show more ...
|
#
5b597a2e |
| 19-Jun-2016 |
Stanislav Malyshev |
Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free |
#
85fd2609 |
| 15-Jun-2016 |
Xinchen Hui |
Merge branch 'PHP-7.0' * PHP-7.0: Fixed(attempt to) bug #72405 (mb_ereg_replace - mbc_to_code (oniguruma) - oob read access)
|
#
999a3553 |
| 15-Jun-2016 |
Xinchen Hui |
Fixed(attempt to) bug #72405 (mb_ereg_replace - mbc_to_code (oniguruma) - oob read access) according to ext/mbstring/oniguruma/enc/utf8.c, max bytes are 6 |
#
14e790a0 |
| 14-Jun-2016 |
Xinchen Hui |
Merge branch 'PHP-7.0'
|
#
3d564187 |
| 14-Jun-2016 |
Xinchen Hui |
Fixed bug #72399 (Use-After-Free in MBString (search_re)) |
#
771e5cc2 |
| 11-Jun-2016 |
Aaron Piotrowski |
Replace zend_ce_error with NULL and replace more E_ERROR with thrown Error |
#
e3c681aa |
| 11-Jun-2016 |
Aaron Piotrowski |
Merge branch 'master' into throw-error-in-extensions
|