#
6313e16a |
| 23-Nov-2015 |
Xinchen Hui |
Improved fix for bug (count on symbol table) |
#
e2d60900 |
| 17-Oct-2015 |
Xinchen Hui |
Fixed bug #70730 (Incorrect ArrayObject serialization if unset is called in serialize()) It's possible to fixed this in SPL side, but it will be ugly, and we should make serialize more r
Fixed bug #70730 (Incorrect ArrayObject serialization if unset is called in serialize()) It's possible to fixed this in SPL side, but it will be ugly, and we should make serialize more robust, so I prefer fix it in serialize side.
show more ...
|
#
b00a3158 |
| 09-Sep-2015 |
Xinchen Hui |
Unused var |
#
9b1a224d |
| 01-Sep-2015 |
Stanislav Malyshev |
Merge branch 'PHP-5.6' * PHP-5.6: (21 commits) fix unit tests update NEWS add NEWS for fixes Improve fix for #70172 Fix bug #70312 - HAVAL gives wrong hashes in
Merge branch 'PHP-5.6' * PHP-5.6: (21 commits) fix unit tests update NEWS add NEWS for fixes Improve fix for #70172 Fix bug #70312 - HAVAL gives wrong hashes in specific cases fix test add test Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage Fix bug #70172 - Use After Free Vulnerability in unserialize() Fix bug #70388 - SOAP serialize_function_call() type confusion Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories Improve fix for #70385 Fix bug #70345 (Multiple vulnerabilities related to PCRE functions) Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes) Fix bug #70219 (Use after free vulnerability in session deserializer) Fix bug ##70284 (Use after free vulnerability in unserialize() with GMP) Fix for bug #69782 Add CVE IDs asigned (post release) to PHP 5.4.43 Add CVE IDs asigned to #69085 (PHP 5.4.39) ... Conflicts: ext/exif/exif.c ext/gmp/gmp.c ext/pcre/php_pcre.c ext/session/session.c ext/session/tests/session_decode_variation3.phpt ext/soap/soap.c ext/spl/spl_observer.c ext/standard/var.c ext/standard/var_unserializer.c ext/standard/var_unserializer.re ext/xsl/xsltprocessor.c
show more ...
|
#
c19d59c5 |
| 01-Sep-2015 |
Stanislav Malyshev |
Merge branch 'PHP-5.5' into PHP-5.6 * PHP-5.5: update NEWS add NEWS for fixes Improve fix for #70172 Fix bug #70312 - HAVAL gives wrong hashes in specific cases
Merge branch 'PHP-5.5' into PHP-5.6 * PHP-5.5: update NEWS add NEWS for fixes Improve fix for #70172 Fix bug #70312 - HAVAL gives wrong hashes in specific cases fix test add test Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage Fix bug #70172 - Use After Free Vulnerability in unserialize() Fix bug #70388 - SOAP serialize_function_call() type confusion Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories Improve fix for #70385 Fix bug #70345 (Multiple vulnerabilities related to PCRE functions) Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes) Fix bug #70219 (Use after free vulnerability in session deserializer) Fix for bug #69782 Add CVE IDs asigned (post release) to PHP 5.4.43 Add CVE IDs asigned to #69085 (PHP 5.4.39) 5.4.45 next Conflicts: ext/pcre/php_pcre.c ext/standard/var_unserializer.c ext/standard/var_unserializer.re ext/zip/php_zip.c
show more ...
|
#
33d3acaa |
| 01-Sep-2015 |
Stanislav Malyshev |
Merge branch 'PHP-5.4' into PHP-5.5 * PHP-5.4: Improve fix for #70172 Fix bug #70312 - HAVAL gives wrong hashes in specific cases fix test add test Fix bug #703
Merge branch 'PHP-5.4' into PHP-5.5 * PHP-5.4: Improve fix for #70172 Fix bug #70312 - HAVAL gives wrong hashes in specific cases fix test add test Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage Fix bug #70172 - Use After Free Vulnerability in unserialize() Fix bug #70388 - SOAP serialize_function_call() type confusion Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories Improve fix for #70385 Fix bug #70345 (Multiple vulnerabilities related to PCRE functions) Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes) Fix bug #70219 (Use after free vulnerability in session deserializer) Fix for bug #69782 Add CVE IDs asigned (post release) to PHP 5.4.43 Add CVE IDs asigned to #69085 (PHP 5.4.39) 5.4.45 next Conflicts: configure.in ext/pcre/php_pcre.c ext/standard/var_unserializer.c ext/standard/var_unserializer.re main/php_version.h
show more ...
|
#
7c312039 |
| 01-Sep-2015 |
Stanislav Malyshev |
Improve fix for #70172 |
#
bb4b5063 |
| 01-Sep-2015 |
Dmitry Stogov |
Fixed one more problem related to bug #70187 (Notice: unserialize(): Unexpected end of serialized data) |
#
e8429400 |
| 01-Sep-2015 |
Stanislav Malyshev |
Fix bug #70172 - Use After Free Vulnerability in unserialize() |
#
25f9e255 |
| 26-Aug-2015 |
Dmitry Stogov |
Fixed bug #70187 (Notice: unserialize(): Unexpected end of serialized data) |
#
a6b47e8d |
| 30-Jul-2015 |
Xinchen Hui |
Merge branch 'zval_dump_consistent' of https://github.com/laruence/php-src
|
Revision tags: php-5.6.12RC1 |
|
#
add2b158 |
| 23-Jul-2015 |
Xinchen Hui |
cleanup |
#
c55c7ef0 |
| 23-Jul-2015 |
Xinchen Hui |
Make debug_val_dump and var_dump prints int and float the same |
Revision tags: php-7.0.0beta2 |
|
#
73773c21 |
| 15-Jul-2015 |
Rasmus Lerdorf |
unserialize() takes a 2nd optional arg and it can't be a bool |
Revision tags: php-7.0.0beta1, php-5.6.11, php-5.5.27, php-5.4.43 |
|
#
4a2e40bb |
| 30-Jun-2015 |
Dmitry Stogov |
Use ZSTR_ API to access zend_string elements (this is just renaming without semantick changes). |
Revision tags: php-5.6.11RC1, php-5.5.27RC1 |
|
#
28d7bb97 |
| 23-Jun-2015 |
Rasmus Lerdorf |
Fix more proto comments |
Revision tags: php-7.0.0alpha2, php-5.5.26, php-7.0.0alpha1, php-5.6.10, php-5.4.42, POST_PHP7_NSAPI_REMOVAL, PRE_PHP7_NSAPI_REMOVAL, php-5.6.10RC1, php-5.5.26RC1, php-5.5.25, php-5.6.9, php-5.4.41, php-5.6.9RC1, php-5.5.25RC1 |
|
#
dc764bf6 |
| 15-Apr-2015 |
Nikita Popov |
Use object apply count in var_dump / print_r Instead of using the array apply count on the debug_info array, use the object apply count for recursion detection when dumping. This han
Use object apply count in var_dump / print_r Instead of using the array apply count on the debug_info array, use the object apply count for recursion detection when dumping. This handles recursion in a more generic way and does not require each debug_info handler to deal with this. This allows returning a temporary debug_info array, instead of having to store it in the object (thus delaying destruction of the values). Switch SPL debug_info handlers to use a temporary array.
show more ...
|
Revision tags: php-5.6.8, php-5.5.24, php-5.4.40, php-5.6.8RC1, php-5.5.24RC1 |
|
#
1646e0e9 |
| 28-Mar-2015 |
Xinchen Hui |
Fixed typo |
#
193de2a6 |
| 28-Mar-2015 |
Xinchen Hui |
Fixed memleak ext/standard/tests/serialize/bug69210.phpt |
Revision tags: php-5.6.7, php-5.5.23, php-5.4.39 |
|
#
3e7f47cb |
| 10-Mar-2015 |
Juan Basso |
Renamed test case to match with reported bug |
Revision tags: php-5.6.7RC1, php-5.5.23RC1, POST_PHP7_EREG_MYSQL_REMOVALS, PRE_PHP7_EREG_MYSQL_REMOVALS, php-5.6.6, php-5.5.22, php-5.4.38, POST_PHP7_REMOVALS, PRE_PHP7_REMOVALS |
|
#
4076a4d2 |
| 06-Feb-2015 |
Juan Basso |
Fixed serialization of non string values on __sleep Returning just N; (null) on the __sleep makes the number of fields/values be incomplete and corrupting the generated value from serialize,
Fixed serialization of non string values on __sleep Returning just N; (null) on the __sleep makes the number of fields/values be incomplete and corrupting the generated value from serialize, making impossible to unserialize it. Conflicts: ext/standard/var.c
show more ...
|
#
b62eec67 |
| 23-Mar-2015 |
Stanislav Malyshev |
Merge branch 'pull-request/1057' * pull-request/1057: Renamed test case to match with reported bug Fixed serialization of non string values on __sleep
|
#
86336856 |
| 12-Mar-2015 |
Dmitry Stogov |
Use specialized macro for string zval creation |
#
cbdeccd6 |
| 06-Feb-2015 |
Juan Basso |
Fixed serialization of non string values on __sleep Returning just N; (null) on the __sleep makes the number of fields/values be incomplete and corrupting the generated value from serialize,
Fixed serialization of non string values on __sleep Returning just N; (null) on the __sleep makes the number of fields/values be incomplete and corrupting the generated value from serialize, making impossible to unserialize it.
show more ...
|
#
9dac9237 |
| 01-Mar-2015 |
Xinchen Hui |
Merge branch 'PHP-5.6' Conflicts: ext/standard/var_unserializer.c ext/standard/var_unserializer.re
|