6f586ef9 | 27-Sep-2022 |
Derick Rethans |
Add CVEs |
404e8bdb | 25-Jul-2022 |
Christoph M. Becker |
Fix #81726: phar wrapper: DOS when using quine gzip file The phar wrapper needs to uncompress the file; the uncompressed file might be compressed, so the wrapper implementation loops. Th
Fix #81726: phar wrapper: DOS when using quine gzip file The phar wrapper needs to uncompress the file; the uncompressed file might be compressed, so the wrapper implementation loops. This raises potential DOS issues regarding too deep or even infinite recursion (the latter are called compressed file quines[1]). We avoid that by introducing a recursion limit; we choose the somewhat arbitrary limit `3`. This issue has been reported by real_as3617 and gPayl0ad. [1] <https://honno.dev/gzip-quine/>
show more ...
|
0611be4e | 09-Sep-2022 |
Derick Rethans |
Fix #81727: Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. |
12afd0cb | 26-Sep-2022 |
Ilija Tovilo |
Switch to sanitize CFLAGS for community build PHP-8.0 doesn't support those flags, we can switch once we drop that build. |
c083efb7 | 26-Sep-2022 |
Dmitry Stogov |
Fix memory leak Fixes oss-fuzz #51622 |
b6554514 | 25-Sep-2022 |
Ilija Tovilo |
Backport community build to PHP-8.0 branch It doesn't make sense to keep it on azure because it will be run for the PHP-8.0 branch on nightly anyway, as the workflow is triggered on the
Backport community build to PHP-8.0 branch It doesn't make sense to keep it on azure because it will be run for the PHP-8.0 branch on nightly anyway, as the workflow is triggered on the master branch which will then invoke it for each branch.
show more ...
|
a9c66f00 | 25-Sep-2022 |
Ilija Tovilo |
Remove unused azure pipelines templates |
afcaf3bd | 25-Sep-2022 |
Ilija Tovilo |
Remove symfony and laravel from PHP-8.0 community job These branches no longer support PHP-8.0. |
9377c305 | 23-Sep-2022 |
Ilija Tovilo |
Migrate MSAN build to GitHub actions |
1bef2e51 | 23-Sep-2022 |
Ilija Tovilo |
Move Opcache variation job to GitHub actions Closes GH-9606 |
e488f7b0 | 19-Sep-2022 |
Dmitry Stogov |
Reorder conditions to avoid valgrind "Conditional jump or move depends on uninitialised value" warning. |
0451eded | 15-Sep-2022 |
Ilija Tovilo |
Skip nightly coverage job in forks |
559da529 | 13-Sep-2022 |
Sara Golemon |
Bump for 8.0.25 |
9a73ec03 | 12-Sep-2022 |
Michael Voříšek |
Always skip randomly failing OCI8 extauth tests This might be caused by an issue with the Oracle Instant Client libraries[1]; we skip the tests for the time being. [1] <https://
Always skip randomly failing OCI8 extauth tests This might be caused by an issue with the Oracle Instant Client libraries[1]; we skip the tests for the time being. [1] <https://github.com/php/php-src/pull/9524#issuecomment-1244409815> Closes GH-9524.
show more ...
|
47500f33 | 30-Aug-2022 |
George Peter Banyard |
Fix GH-9421 Incorrect argument number for ValueError in NumberFormatter Closes GH-9489 |
293e6917 | 06-Sep-2022 |
George Peter Banyard |
Fix GH-9308 GMP throws the wrong error when a GMP object is passed to gmp_init() Closes GH-9490 |
d0b3096f | 12-Sep-2022 |
Dmitry Stogov |
Reset FG(user_stream_current_filename) at the end of request Attempt to fix oss-fuzz #51047 |
4a8cca24 | 07-Sep-2022 |
Ilija Tovilo |
Skip oci tests that leak under asan |
aa7f4497 | 07-Sep-2022 |
Ilija Tovilo |
Fix undefined left shift in oci The bit is shifted into the signed bit which is undefined. Make the integer explicitly unsigned before shifting. |
d5373eac | 02-Sep-2022 |
Ilija Tovilo |
Fix lsp error in eval'd code referring to incorrect class for static type Fixes GH-9407 Closes GH-9471 |
1435fc62 | 02-Sep-2022 |
Ilija Tovilo |
Private method incorrectly marked as "overwrites" in reflection Fix GH-9409 Closes GH-9469 |
6ac3f7c8 | 05-Sep-2022 |
Yurun |
Fix GH-9411: PgSQL large object resource is incorrectly closed Co-authored-by: Christoph M. Becker <cmbecker69@gmx.de> Closes GH-9411. |
81cb005e | 05-Sep-2022 |
Dmitry Stogov |
Fix type inference Fixes oss-fuzz #50792 |
6aedc5ea | 02-Sep-2022 |
Arnaud Le Blanc |
[ci skip] NEWS |
db1ef972 | 02-Sep-2022 |
Arnaud Le Blanc |
Add tests |