summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fix #80710 imap_mail_compose() header injectionRemi Collet2021-04-282-17/+382
| | | | use oracle client library version 21.1
* Fix #80672 Null Dereference in SoapClientRemi Collet2021-02-033-1/+469
| | | | | CVE-2021-21702 better fix for #77423
* Fix #77423 FILTER_VALIDATE_URL accepts URLs with invalid userinfoRemi Collet2021-01-042-4/+219
| | | | CVE-2020-7071
* fix obsoletesRemi Collet2020-10-281-1/+1
|
* Core:Remi Collet2020-09-293-3/+159
| | | | | Fix #79699 PHP parses encoded cookie names so malicious `__Host-` cookies can be sent CVE-2020-7070
* Core:Remi Collet2020-08-044-1/+734
| | | | | | | Fix #79877 getimagesize function silently truncates after a null byte Phar: Fix #79797 use of freed hash key in the phar_parse_zipfile function CVE-2020-7068
* Core:Remi Collet2020-05-123-1/+124
| | | | | | | Fix #78875 Long filenames cause OOM and temp files are not cleaned CVE-2019-11048 Fix #78876 Long variables in multipart/form-data cause OOM and temp files are not cleaned
* standard:Remi Collet2020-04-143-1/+101
| | | | | | Fix #79330 shell_exec silently truncates after a null byte Fix #79465 OOB Read in urldecode CVE-2020-7067
* fix changelogRemi Collet2020-03-171-1/+1
|
* standard:Remi Collet2020-03-173-2/+182
| | | | | | | | | Fix #79329 get_headers() silently truncates after a null byte CVE-2020-7066 exif: Fix #79282 Use-of-uninitialized-value in exif CVE-2020-7064 use oracle client library version 19.6 (18.5 on EL-6)
* Renew openssl certsRemi Collet2020-02-182-2/+152
|
* dom:Remi Collet2020-02-184-1/+361
| | | | | | | | | | Fix #77569 Write Access Violation in DomImplementation phar: Fix #79082 Files added to tar with Phar::buildFromIterator have all-access permissions CVE-2020-7063 session: Fix #79221 Null Pointer Dereference in PHP Session Upload Progress CVE-2020-7062
* rebuild with 1 more fixRemi Collet2020-01-232-2/+35
|
* mbstring:Remi Collet2020-01-214-5/+189
| | | | | | | | Fix #79037 global buffer-overflow in mbfl_filt_conv_big5_wchar CVE-2020-7060 standard: Fix #79099 OOB read in php_strip_tags_ex CVE-2020-7059
* - bcmath:Remi Collet2019-12-177-4/+467
| | | | | | | | | | | | | | | | Fix #78878 Buffer underflow in bc_shift_addsub CVE-2019-11046 - core: Fix #78862 link() silently truncates after a null byte on Windows CVE-2019-11044 Fix #78863 DirectoryIterator class silently truncates after a null byte CVE-2019-11045 - exif Fix #78793 Use-after-free in exif parsing under memory sanitizer CVE-2019-11050 Fix #78910 Heap-buffer-overflow READ in exif CVE-2019-11047 - use oracle client library version 19.5 (18.5 on EL-6)
* Fix CVE-2019-11043 env_path_info underflow in fpm_main.cRemi Collet2019-10-223-2/+64
|
* From 7.1.32Remi Collet2019-08-284-2/+178
| | | | | | | - mbstring: Fix CVE-2019-13224 don't allow different encodings for onig_new_deluxe - pcre: Fix #75457 heap use-after-free in pcrelib
* - exif:Remi Collet2019-07-305-3/+158
| | | | | | | | | Fix #78256 heap-buffer-overflow on exif_process_user_comment CVE-2019-11042 Fix #78222 heap-buffer-overflow on exif_scan_thumbnail CVE-2019-11041 - phar: Fix #77919 Potential UAF in Phar RSHUTDOWN
* disable opcache.huge_code_pages in default configurationRemi Collet2019-07-021-5/+3
|
* use oracle client library version 19.3Remi Collet2019-06-171-5/+10
|
* - iconv:Remi Collet2019-05-285-2/+184
| | | | | | | | | | Fix #78069 Out-of-bounds read in iconv.c:_php_iconv_mime_decode() CVE-2019-11039 - exif: Fix #77988 Heap-buffer-overflow on php_jpg_get16 CVE-2019-11040 - sqlite3: Fix #77967 Bypassing open_basedir restrictions via file uris
* fix wordingRemi Collet2019-05-161-4/+4
|
* add httpd and nginx configuration files for FPM in documentationRemi Collet2019-05-161-6/+19
|
* - exif:Remi Collet2019-04-303-2/+76
| | | | | Fix #77950 Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG CVE-2019-11036
* - exif:Remi Collet2019-04-026-5/+546
| | | | | | | Fix #77753 Heap-buffer-overflow in php_ifd_get32s Fix #77831 Heap-buffer-overflow in exif_iif_add_value - sqlite3: Added sqlite3.defensive INI directive
* ensure php-devel pulls needed lilbraries from php-config outputRemi Collet2019-03-291-0/+6
|
* Fix #76846 Segfault in shutdown function after memory limit errorRemi Collet2019-03-152-3/+93
|
* add CVEsRemi Collet2019-03-151-0/+5
|
* missing entry in changelogRemi Collet2019-03-121-0/+1
|
* update test results + add CVEsRemi Collet2019-03-052-7/+20
|
* Fix #77630 rename() across the device may allow unwanted access during ↵Remi Collet2019-03-052-5/+105
| | | | processing
* - exif:Remi Collet2019-03-046-1/+330
| | | | | | | | | | | Fix #77509 Uninitialized read in exif_process_IFD_in_TIFF Fix #77540 Invalid Read on exif_process_SOFn Fix #77563 Uninitialized read in exif_process_IFD_in_MAKERNOTE Fix #77659 Uninitialized read in exif_process_IFD_in_MAKERNOTE - phar: Fix #77396 Null Pointer Dereference in phar_create_or_parse_filename - spl: Fix #77431 openFile() silently truncates after a null byte
* fix upgrade pathRemi Collet2019-02-221-0/+1
|
* - core:Remi Collet2019-01-0911-2/+801
| | | | | | | | | | | | | | | | | Fix #77369 memcpy with negative length via crafted DNS response - mbstring: Fix #77370 buffer overflow on mb regex functions - fetch_token Fix #77371 heap buffer overflow in mb regex functions compile_string_node Fix #77381 heap buffer overflow in multibyte match_at Fix #77382 heap buffer overflow in expand_case_fold_string Fix #77385 buffer overflow in fetch_token Fix #77394 buffer overflow in multibyte case folding - unicode Fix #77418 heap overflow in utf32be_mbc_to_code - phar: Fix #77247 heap buffer overflow in phar_detect_phar_fname_ext - xmlrpc: Fix #77242 heap out of bounds read in xmlrpc_decode Fix #77380 global out of bounds read in xmlrpc base64 code
* Update to 7.0.33 - http://www.php.net/releases/7_0_33.phpRemi Collet2018-12-052-6/+7
| | | | use oracle client library version 18.3
* Update to 7.0.32 - http://www.php.net/releases/7_0_32.phpRemi Collet2018-09-112-2/+5
|
* add NCSA and PostgreSQL to LicenseRemi Collet2018-07-201-1/+4
|
* Update to 7.0.31 - http://www.php.net/releases/7_0_31.phpRemi Collet2018-07-172-2/+5
|
* Update to 7.0.30 - http://www.php.net/releases/7_0_30.phpRemi Collet2018-04-243-10/+9
| | | | use systemd RuntimeDirectory instead of /etc/tmpfiles.d
* Update to 7.0.29 - http://www.php.net/releases/7_0_29.phpRemi Collet2018-03-283-2/+12
| | | | FPM: update default pool configuration for process.dumpable
* Update to 7.0.28 - http://www.php.net/releases/7_0_28.phpRemi Collet2018-02-272-4/+5
|
* v7.0.27Remi Collet2018-01-023-9/+36
|
* v7.0.27RC1Remi Collet2017-12-052-5/+13
|
* v7.0.26Remi Collet2017-11-212-2/+5
|
* v7.0.26RC1Remi Collet2017-11-072-11/+10
|
* v7.0.25Remi Collet2017-10-242-6/+11
|
* Update to 7.0.25RC1Remi Collet2017-10-112-5/+11
| | | | oci8 version is now 2.1.8
* v7.0.24Remi Collet2017-09-262-8/+9
|
* update builder from RHEL 7.3 to RHEL 7.4Remi Collet2017-09-141-1/+4
|
* v7.0.24RC1Remi Collet2017-09-123-44/+17
|