| #
44e0b79a |
| 19-Sep-2017 |
Dmitry Stogov |
Refactored array creation API. array_init() and array_init_size() are converted into macros calling zend_new_array(). They are not functions anymore and don't return any values. |
|
Revision tags: php-7.2.0RC2, php-7.1.10RC1, php-7.0.24RC1, php-7.1.9, php-7.2.0RC1, php-7.0.23, php-7.1.9RC1, php-7.2.0beta3, php-7.0.23RC1, php-7.1.8, php-7.2.0beta2, php-7.0.22, php-7.1.8RC1, php-7.2.0beta1, php-7.0.22RC1, php-5.6.31, php-7.0.21, php-7.1.7, php-7.2.0alpha3, php-7.1.7RC1, php-7.0.21RC1, php-7.2.0alpha2, php-7.1.6, php-7.2.0alpha1, php-7.0.20, php-7.1.6RC1, php-7.0.20RC1, php-7.1.5, php-7.0.19, php-7.0.19RC1, php-7.1.5RC1, php-7.1.4, php-7.0.18, php-7.1.4RC1, php-7.0.18RC1, php-7.1.3, php-7.0.17, php-7.1.3RC1, php-7.0.17RC1, php-7.1.2, php-7.0.16, php-7.0.16RC1, php-7.1.2RC1, php-5.6.30, php-7.0.15, php-5.6.30RC1, php-7.1.1RC1, php-7.0.15RC1 |
|
| #
dac6c639 |
| 04-Jan-2017 |
Sammy Kaye Powers |
Update copyright headers to 2017 |
| #
478f119a |
| 04-Jan-2017 |
Sammy Kaye Powers |
Update copyright headers to 2017 |
| #
9e29f841 |
| 02-Jan-2017 |
Sammy Kaye Powers |
Update copyright headers to 2017 |
|
Revision tags: php-7.1.1, php-5.6.29, php-7.0.14, php-7.1.0, php-5.6.29RC1, php-7.0.14RC1, php-7.1.0RC6, php-5.6.28, php-7.0.13, php-5.6.28RC1, php-7.1.0RC5, php-7.0.13RC1, php-7.1.0RC4, php-5.6.27, php-7.0.12, php-7.1.0RC3, php-5.6.27RC1, php-7.0.12RC1, php-5.6.26, php-7.1.0RC2, php-7.0.11, php-5.6.26RC1, php-7.1.0RC1, php-7.0.11RC1, php-7.1.0beta3, php-5.6.25, php-7.0.10, php-7.1.0beta2, php-5.6.25RC1, php-7.0.10RC1, php-7.1.0beta1, php-5.6.24, php-7.0.9, php-5.5.38, php-5.6.24RC1, php-7.1.0alpha3, php-7.0.9RC1, php-7.1.0alpha2 |
|
| #
323b2733 |
| 21-Jun-2016 |
Dmitry Stogov |
Fixed compilation warnings |
|
Revision tags: php-7.0.8, php-5.6.23 |
|
| #
16160386 |
| 21-Jun-2016 |
Dmitry Stogov |
Added ZEND_ATTRIBUTE_FORMAT to some middind functions.
"%p" replaced by ZEND_LONG_FMT to avoid compilation warnings.
Fixed most incorrect use cases of format specifiers. |
|
Revision tags: php-5.5.37, php-5.6.23RC1, php-7.0.8RC1, php-7.1.0alpha1, php-5.6.22, php-5.5.36, php-7.0.7, php-5.6.22RC1, php-7.0.7RC1, php-7.0.6, php-5.6.21, php-5.5.35, php-5.6.21RC1, php-7.0.6RC1, php-5.6.20, php-5.5.34, php-7.0.5 |
|
| #
28a6ed9f |
| 21-Mar-2016 |
Stanislav Malyshev |
Fix bug #71735: Double-free in SplDoublyLinkedList::offsetSet |
|
Revision tags: php-5.6.20RC1, php-7.0.5RC1 |
|
| #
753bbad5 |
| 10-Mar-2016 |
Xinchen Hui |
Useless check (part of #71753) |
|
Revision tags: php-5.6.19, php-5.5.33, php-7.0.4, php-5.6.19RC1, php-7.0.4RC1, php-5.6.18, php-7.0.3, php-5.5.32, php-5.6.18RC1, php-7.0.3RC1, php-5.6.17, php-5.5.31, php-7.0.2 |
|
| #
ed35de78 |
| 01-Jan-2016 |
Lior Kaplan |
Merge branch 'PHP-5.6' into PHP-7.0
* PHP-5.6:
Happy new year (Update copyright to 2016)
|
| #
49493a2d |
| 01-Jan-2016 |
Lior Kaplan |
Happy new year (Update copyright to 2016) |
|
Revision tags: php-7.0.2RC1, php-5.6.17RC1, php-7.0.1RC1, php-7.0.0, php-5.6.16, php-7.0.0RC8, php-7.0.0RC7, php-5.6.16RC1, php-5.6.15, php-7.0.0RC6, php-7.0.1, php-5.6.15RC1, php-7.0.0RC5, php-5.5.30, php-5.6.14, php-7.0.0RC4, php-5.6.14RC1, php-7.0.0RC3, php-5.6.13, php-7.0.0RC2, php-5.5.29, php-5.4.45 |
|
| #
9b1a224d |
| 01-Sep-2015 |
Stanislav Malyshev |
Merge branch 'PHP-5.6'
* PHP-5.6: (21 commits)
fix unit tests
update NEWS
add NEWS for fixes
Improve fix for #70172
Fix bug #70312 - HAVAL gives wrong hashes in
Merge branch 'PHP-5.6'
* PHP-5.6: (21 commits)
fix unit tests
update NEWS
add NEWS for fixes
Improve fix for #70172
Fix bug #70312 - HAVAL gives wrong hashes in specific cases
fix test
add test
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
Fix bug #70172 - Use After Free Vulnerability in unserialize()
Fix bug #70388 - SOAP serialize_function_call() type confusion
Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
Improve fix for #70385
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
Fix bug #70219 (Use after free vulnerability in session deserializer)
Fix bug ##70284 (Use after free vulnerability in unserialize() with GMP)
Fix for bug #69782
Add CVE IDs asigned (post release) to PHP 5.4.43
Add CVE IDs asigned to #69085 (PHP 5.4.39)
...
Conflicts:
ext/exif/exif.c
ext/gmp/gmp.c
ext/pcre/php_pcre.c
ext/session/session.c
ext/session/tests/session_decode_variation3.phpt
ext/soap/soap.c
ext/spl/spl_observer.c
ext/standard/var.c
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
ext/xsl/xsltprocessor.c
show more ...
|
| #
c19d59c5 |
| 01-Sep-2015 |
Stanislav Malyshev |
Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
update NEWS
add NEWS for fixes
Improve fix for #70172
Fix bug #70312 - HAVAL gives wrong hashes in specific cases
Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
update NEWS
add NEWS for fixes
Improve fix for #70172
Fix bug #70312 - HAVAL gives wrong hashes in specific cases
fix test
add test
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
Fix bug #70172 - Use After Free Vulnerability in unserialize()
Fix bug #70388 - SOAP serialize_function_call() type confusion
Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
Improve fix for #70385
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
Fix bug #70219 (Use after free vulnerability in session deserializer)
Fix for bug #69782
Add CVE IDs asigned (post release) to PHP 5.4.43
Add CVE IDs asigned to #69085 (PHP 5.4.39)
5.4.45 next
Conflicts:
ext/pcre/php_pcre.c
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
ext/zip/php_zip.c
show more ...
|
| #
33d3acaa |
| 01-Sep-2015 |
Stanislav Malyshev |
Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
Improve fix for #70172
Fix bug #70312 - HAVAL gives wrong hashes in specific cases
fix test
add test
Fix bug #703
Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
Improve fix for #70172
Fix bug #70312 - HAVAL gives wrong hashes in specific cases
fix test
add test
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
Fix bug #70172 - Use After Free Vulnerability in unserialize()
Fix bug #70388 - SOAP serialize_function_call() type confusion
Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
Improve fix for #70385
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
Fix bug #70219 (Use after free vulnerability in session deserializer)
Fix for bug #69782
Add CVE IDs asigned (post release) to PHP 5.4.43
Add CVE IDs asigned to #69085 (PHP 5.4.39)
5.4.45 next
Conflicts:
configure.in
ext/pcre/php_pcre.c
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
main/php_version.h
show more ...
|
| #
259057b2 |
| 01-Sep-2015 |
Stanislav Malyshev |
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList |
|
Revision tags: php-5.6.13RC1, php-7.0.0RC1, php-5.6.12, php-5.5.28, php-7.0.0beta3, php-5.4.44 |
|
| #
ed709d5a |
| 04-Aug-2015 |
Stanislav Malyshev |
Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
update NEWS
fix test
update NEWS
Fix bug #70019 - limit extracted files to given directory
Do not do convert_to_*
Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
update NEWS
fix test
update NEWS
Fix bug #70019 - limit extracted files to given directory
Do not do convert_to_* on unserialize, it messes up references
Fix #69793 - limit what we accept when unserializing exception
Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
ignore signatures for packages too
Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
Fixed bug #69892
Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
Improved fix for Bug #69441
Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
Fix bug #70081: check types for SOAP variables
Conflicts:
ext/soap/php_http.c
ext/spl/spl_observer.c
show more ...
|
| #
69ed3969 |
| 04-Aug-2015 |
Stanislav Malyshev |
Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
Fix bug #70019 - limit extracted files to given directory
Do not do convert_to_* on unserialize, it messes up references
Fix
Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
Fix bug #70019 - limit extracted files to given directory
Do not do convert_to_* on unserialize, it messes up references
Fix #69793 - limit what we accept when unserializing exception
Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
ignore signatures for packages too
Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
Fixed bug #69892
Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
Improved fix for Bug #69441
Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
Fix bug #70081: check types for SOAP variables
Conflicts:
.gitignore
ext/date/php_date.c
ext/spl/spl_array.c
ext/spl/spl_observer.c
show more ...
|
| #
863bf294 |
| 02-Aug-2015 |
Stanislav Malyshev |
Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList) |
| #
feeb2fba |
| 05-Aug-2015 |
Stanislav Malyshev |
fix merge |
|
Revision tags: php-5.6.12RC1, php-7.0.0beta2, php-7.0.0beta1, php-5.6.11, php-5.5.27, php-5.4.43 |
|
| #
53403fe5 |
| 30-Jun-2015 |
Dmitry Stogov |
Get rid of ZVAL_ZVAL() macro usages. Replace them with more clear and optimal equialent sequences. |
|
Revision tags: php-5.6.11RC1, php-5.5.27RC1 |
|
| #
28d7bb97 |
| 23-Jun-2015 |
Rasmus Lerdorf |
Fix more proto comments |
|
Revision tags: php-7.0.0alpha2, php-5.5.26, php-7.0.0alpha1, php-5.6.10, php-5.4.42, POST_PHP7_NSAPI_REMOVAL, PRE_PHP7_NSAPI_REMOVAL, php-5.6.10RC1, php-5.5.26RC1, php-5.5.25, php-5.6.9, php-5.4.41, php-5.6.9RC1, php-5.5.25RC1 |
|
| #
c77d97f3 |
| 16-Apr-2015 |
Nikita Popov |
Implement GC for spl dll
As far as I can discern this should be safe, because the rc on the
linked list elements is only > 1 if an iterator points to it and
the iterator will also ho
Implement GC for spl dll
As far as I can discern this should be safe, because the rc on the
linked list elements is only > 1 if an iterator points to it and
the iterator will also hold a reference to the list object.
The implementation for mangagement of the GC array is the same as
with the spl object storage.
show more ...
|
| #
dc764bf6 |
| 15-Apr-2015 |
Nikita Popov |
Use object apply count in var_dump / print_r
Instead of using the array apply count on the debug_info array, use
the object apply count for recursion detection when dumping. This
han
Use object apply count in var_dump / print_r
Instead of using the array apply count on the debug_info array, use
the object apply count for recursion detection when dumping. This
handles recursion in a more generic way and does not require each
debug_info handler to deal with this.
This allows returning a temporary debug_info array, instead of
having to store it in the object (thus delaying destruction of the
values).
Switch SPL debug_info handlers to use a temporary array.
show more ...
|
|
Revision tags: php-5.6.8, php-5.5.24, php-5.4.40, php-5.6.8RC1, php-5.5.24RC1, php-5.6.7, php-5.5.23, php-5.4.39 |
|
| #
86336856 |
| 12-Mar-2015 |
Dmitry Stogov |
Use specialized macro for string zval creation |
|
Revision tags: php-5.6.7RC1, php-5.5.23RC1, POST_PHP7_EREG_MYSQL_REMOVALS, PRE_PHP7_EREG_MYSQL_REMOVALS, php-5.6.6, php-5.5.22, php-5.4.38, POST_PHP7_REMOVALS, PRE_PHP7_REMOVALS, php-5.6.6RC1, php-5.5.22RC1 |
|
| #
9e70d767 |
| 04-Feb-2015 |
Dmitry Stogov |
Move zend_object->guards into additional slot of zend_object->properties_table[]. As result size of objects without __get/__set/__unset/__isset magic methods is reduced. |
|
Revision tags: php-5.5.21, php-5.6.5, php-5.4.37 |
|
| #
fc33f52d |
| 15-Jan-2015 |
Xinchen Hui |
bump year |
