Revision tags: php-5.6.17, php-5.5.31, php-7.0.2 |
|
#
ed35de78 |
| 01-Jan-2016 |
Lior Kaplan |
Merge branch 'PHP-5.6' into PHP-7.0 * PHP-5.6: Happy new year (Update copyright to 2016)
|
#
49493a2d |
| 01-Jan-2016 |
Lior Kaplan |
Happy new year (Update copyright to 2016) |
Revision tags: php-7.0.2RC1, php-5.6.17RC1, php-7.0.1RC1, php-7.0.0, php-5.6.16, php-7.0.0RC8 |
|
#
fd545f4f |
| 24-Nov-2015 |
Xinchen Hui |
Also fixed 'r' |
#
3e0b2ba5 |
| 24-Nov-2015 |
Xinchen Hui |
Indent (not sure why it was messed) |
#
91fb1edb |
| 24-Nov-2015 |
Xinchen Hui |
Fixed bug #70963 (Unserialize shows UNKNOW in result) Thanks to ryat for reportinig |
Revision tags: php-7.0.0RC7, php-5.6.16RC1, php-5.6.15, php-7.0.0RC6, php-7.0.1, php-5.6.15RC1, php-7.0.0RC5, php-5.5.30, php-5.6.14, php-7.0.0RC4 |
|
#
e2e99f16 |
| 22-Sep-2015 |
Dmitry Stogov |
Cleanup: removed deprecated commented code |
#
8fe171a3 |
| 17-Sep-2015 |
Dmitry Stogov |
Don't allocate memory for empty HashTables. |
Revision tags: php-5.6.14RC1, php-7.0.0RC3, php-5.6.13, php-7.0.0RC2, php-5.5.29, php-5.4.45 |
|
#
9b1a224d |
| 01-Sep-2015 |
Stanislav Malyshev |
Merge branch 'PHP-5.6' * PHP-5.6: (21 commits) fix unit tests update NEWS add NEWS for fixes Improve fix for #70172 Fix bug #70312 - HAVAL gives wrong hashes in
Merge branch 'PHP-5.6' * PHP-5.6: (21 commits) fix unit tests update NEWS add NEWS for fixes Improve fix for #70172 Fix bug #70312 - HAVAL gives wrong hashes in specific cases fix test add test Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage Fix bug #70172 - Use After Free Vulnerability in unserialize() Fix bug #70388 - SOAP serialize_function_call() type confusion Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories Improve fix for #70385 Fix bug #70345 (Multiple vulnerabilities related to PCRE functions) Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes) Fix bug #70219 (Use after free vulnerability in session deserializer) Fix bug ##70284 (Use after free vulnerability in unserialize() with GMP) Fix for bug #69782 Add CVE IDs asigned (post release) to PHP 5.4.43 Add CVE IDs asigned to #69085 (PHP 5.4.39) ... Conflicts: ext/exif/exif.c ext/gmp/gmp.c ext/pcre/php_pcre.c ext/session/session.c ext/session/tests/session_decode_variation3.phpt ext/soap/soap.c ext/spl/spl_observer.c ext/standard/var.c ext/standard/var_unserializer.c ext/standard/var_unserializer.re ext/xsl/xsltprocessor.c
show more ...
|
#
c19d59c5 |
| 01-Sep-2015 |
Stanislav Malyshev |
Merge branch 'PHP-5.5' into PHP-5.6 * PHP-5.5: update NEWS add NEWS for fixes Improve fix for #70172 Fix bug #70312 - HAVAL gives wrong hashes in specific cases
Merge branch 'PHP-5.5' into PHP-5.6 * PHP-5.5: update NEWS add NEWS for fixes Improve fix for #70172 Fix bug #70312 - HAVAL gives wrong hashes in specific cases fix test add test Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage Fix bug #70172 - Use After Free Vulnerability in unserialize() Fix bug #70388 - SOAP serialize_function_call() type confusion Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories Improve fix for #70385 Fix bug #70345 (Multiple vulnerabilities related to PCRE functions) Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes) Fix bug #70219 (Use after free vulnerability in session deserializer) Fix for bug #69782 Add CVE IDs asigned (post release) to PHP 5.4.43 Add CVE IDs asigned to #69085 (PHP 5.4.39) 5.4.45 next Conflicts: ext/pcre/php_pcre.c ext/standard/var_unserializer.c ext/standard/var_unserializer.re ext/zip/php_zip.c
show more ...
|
#
33d3acaa |
| 01-Sep-2015 |
Stanislav Malyshev |
Merge branch 'PHP-5.4' into PHP-5.5 * PHP-5.4: Improve fix for #70172 Fix bug #70312 - HAVAL gives wrong hashes in specific cases fix test add test Fix bug #703
Merge branch 'PHP-5.4' into PHP-5.5 * PHP-5.4: Improve fix for #70172 Fix bug #70312 - HAVAL gives wrong hashes in specific cases fix test add test Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage Fix bug #70172 - Use After Free Vulnerability in unserialize() Fix bug #70388 - SOAP serialize_function_call() type confusion Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories Improve fix for #70385 Fix bug #70345 (Multiple vulnerabilities related to PCRE functions) Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes) Fix bug #70219 (Use after free vulnerability in session deserializer) Fix for bug #69782 Add CVE IDs asigned (post release) to PHP 5.4.43 Add CVE IDs asigned to #69085 (PHP 5.4.39) 5.4.45 next Conflicts: configure.in ext/pcre/php_pcre.c ext/standard/var_unserializer.c ext/standard/var_unserializer.re main/php_version.h
show more ...
|
#
e8429400 |
| 01-Sep-2015 |
Stanislav Malyshev |
Fix bug #70172 - Use After Free Vulnerability in unserialize() |
#
df4bf28f |
| 23-Aug-2015 |
Stanislav Malyshev |
Fix bug #70219 (Use after free vulnerability in session deserializer) |
Revision tags: php-5.6.13RC1, php-7.0.0RC1 |
|
#
adf0e499 |
| 13-Aug-2015 |
Xinchen Hui |
zend_hash_resize seems useless, use zend_hash_extend |
#
73a69c9c |
| 10-Aug-2015 |
Xinchen Hui |
Fixed typo |
#
be54eb7d |
| 10-Aug-2015 |
Xinchen Hui |
Fixed bug #70211 (php 7 ZEND_HASH_IF_FULL_DO_RESIZE use after free) |
#
6fc35824 |
| 06-Aug-2015 |
Dmitry Stogov |
Use specialized efree_size() |
Revision tags: php-5.6.12, php-5.5.28 |
|
#
feeb2fba |
| 05-Aug-2015 |
Stanislav Malyshev |
fix merge |
Revision tags: php-7.0.0beta3, php-5.4.44, php-5.6.12RC1, php-7.0.0beta2, php-7.0.0beta1, php-5.6.11, php-5.5.27, php-5.4.43 |
|
#
4a2e40bb |
| 30-Jun-2015 |
Dmitry Stogov |
Use ZSTR_ API to access zend_string elements (this is just renaming without semantick changes). |
#
4bd22cf1 |
| 29-Jun-2015 |
Dmitry Stogov |
Improved zend_string API (Francois Laupretre) Squashed commit of the following: commit d96eab8d79b75ac83d49d49ae4665f948d15a804 Author: Francois Laupretre <francois@tekwire.net>
Improved zend_string API (Francois Laupretre) Squashed commit of the following: commit d96eab8d79b75ac83d49d49ae4665f948d15a804 Author: Francois Laupretre <francois@tekwire.net> Date: Fri Jun 26 01:23:31 2015 +0200 Use the new 'ZSTR' macros in the rest of the code. Does not change anything to the generated code (thanks to compat macros) but cleaner. commit b3526439104ac7a89a8e0c79dbebf33b22bd01b8 Author: Francois Laupretre <francois@tekwire.net> Date: Thu Jun 25 13:45:06 2015 +0200 Improve zend_string API Add missing methods
show more ...
|
Revision tags: php-5.6.11RC1, php-5.5.27RC1, php-7.0.0alpha2, php-5.5.26, php-7.0.0alpha1, php-5.6.10, php-5.4.42, POST_PHP7_NSAPI_REMOVAL, PRE_PHP7_NSAPI_REMOVAL, php-5.6.10RC1, php-5.5.26RC1, php-5.5.25, php-5.6.9, php-5.4.41, php-5.6.9RC1, php-5.5.25RC1, php-5.6.8, php-5.5.24, php-5.4.40, php-5.6.8RC1, php-5.5.24RC1, php-5.6.7, php-5.5.23, php-5.4.39 |
|
#
780222f9 |
| 17-Mar-2015 |
Stanislav Malyshev |
Fixed bug #68976 - Use After Free Vulnerability in unserialize() |
#
33a5532b |
| 17-Mar-2015 |
Stanislav Malyshev |
Merge branch 'PHP-5.5' into PHP-5.6 * PHP-5.5: Fixed bug #68976 - Use After Free Vulnerability in unserialize() Conflicts: ext/standard/var_unserializer.c
|
#
d5e523f5 |
| 17-Mar-2015 |
Stanislav Malyshev |
Merge branch 'PHP-5.4' into PHP-5.5 * PHP-5.4: Fixed bug #68976 - Use After Free Vulnerability in unserialize() Conflicts: ext/standard/var_unserializer.c
|
#
646572d6 |
| 17-Mar-2015 |
Stanislav Malyshev |
Fixed bug #68976 - Use After Free Vulnerability in unserialize() |
Revision tags: php-5.6.7RC1, php-5.5.23RC1, POST_PHP7_EREG_MYSQL_REMOVALS, PRE_PHP7_EREG_MYSQL_REMOVALS |
|
#
672a396d |
| 01-Mar-2015 |
Xinchen Hui |
Merge branch 'PHP-5.5' into PHP-5.6 Conflicts: ext/standard/var_unserializer.c
|
#
caebb761 |
| 01-Mar-2015 |
Xinchen Hui |
Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize) |