Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | use oracle client library version 21.13 on x86_64, 19.19 on aarch64 | Remi Collet | 2024-04-10 | 4 | -5/+302 |
| | | | | | | | Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 Fix password_verify can erroneously return true opening ATO risk CVE-2024-3096 | ||||
* | use official Oracle Instant Client RPM | Remi Collet | 2023-09-22 | 2 | -37/+38 |
| | |||||
* | Fix Security issue with external entity loading in XML without enabling it | Remi Collet | 2023-08-01 | 3 | -1/+509 |
| | | | | | | GHSA-3qrf-m4j2-pcrr CVE-2023-3823 Fix Buffer mismanagement in phar_dir_read() GHSA-jqcx-ccgc-xwhv CVE-2023-3824 | ||||
* | fix possible buffer overflow in date | Remi Collet | 2023-06-21 | 3 | -60/+90 |
| | |||||
* | Fix Missing error check and insufficient random bytes in HTTP Digest | Remi Collet | 2023-06-07 | 3 | -3/+141 |
| | | | | | | | authentication for SOAP GHSA-76gg-c692-v2mw use oracle client library version 21.10 define __phpize and __phpconfig | ||||
* | fix #81744: Password_verify() always return true with some hash | Remi Collet | 2023-02-15 | 5 | -8/+457 |
| | | | | | | | | CVE-2023-0567 fix #81746: 1-byte array overrun in common path resolve code CVE-2023-0568 fix DOS vulnerability when parsing multipart request body CVE-2023-0662 | ||||
* | pdo: fix #81740: PDO::quote() may return unquoted string | Remi Collet | 2022-12-20 | 2 | -3/+96 |
| | | | | | CVE-2022-31631 use oracle client library version 21.8 | ||||
* | fix NEWS | Remi Collet | 2022-09-30 | 1 | -0/+33 |
| | |||||
* | phar: fix #81726 DOS when using quine gzip file. CVE-2022-31628 | Remi Collet | 2022-09-27 | 2 | -2/+61 |
| | | | | | | core: fix #81727 Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. CVE-2022-31629 use oracle client library version 21.7 | ||||
* | phar: fix #81726 DOS when using quine gzip file. CVE-2022-31628 | Remi Collet | 2022-09-27 | 3 | -5/+185 |
| | | | | | | core: fix #81727 Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. CVE-2022-31629 use oracle client library version 21.7 | ||||
* | use oracle client library version 21.6 | Remi Collet | 2022-06-07 | 3 | -10/+156 |
| | | | | | mysqlnd: fix #81719: mysqlnd/pdo password buffer overflow. CVE-2022-31626 pgsql: fix #81720: Uninitialized array in pg_query_params(). CVE-2022-31625 | ||||
* | Fix #79971 special character is breaking the path in xml function | Remi Collet | 2021-11-15 | 2 | -1/+214 |
| | | | | CVE-2021-21707 | ||||
* | fix PHP-FPM oob R/W in root process leading to priv escalation | Remi Collet | 2021-10-20 | 3 | -4/+456 |
| | | | | | | CVE-2021-21703 use libicu version 69 use oracle client library version 21.3 | ||||
* | Fix #81211 Symlinks are followed when creating PHAR archive | Remi Collet | 2021-08-25 | 2 | -1/+170 |
| | |||||
* | Fix #81122 SSRF bypass in FILTER_VALIDATE_URL | Remi Collet | 2021-06-28 | 4 | -3/+314 |
| | | | | | | | | | CVE-2021-21705 Fix #76448 Stack buffer overflow in firebird_info_cb Fix #76449 SIGSEGV in firebird_handle_doer Fix #76450 SIGSEGV in firebird_stmt_execute Fix #76452 Crash while parsing blob data in firebird_fetch_blob CVE-2021-21704 | ||||
* | Fix #80710 imap_mail_compose() header injection | Remi Collet | 2021-04-28 | 2 | -17/+382 |
| | | | | use oracle client library version 21.1 | ||||
* | Fix #80672 Null Dereference in SoapClient | Remi Collet | 2021-02-03 | 4 | -3/+471 |
| | | | | | CVE-2021-21702 better fix for #77423 | ||||
* | Fix #77423 FILTER_VALIDATE_URL accepts URLs with invalid userinfo | Remi Collet | 2021-01-04 | 3 | -9/+218 |
| | | | | CVE-2020-7071 | ||||
* | fix obsoletes | Remi Collet | 2020-10-28 | 1 | -1/+1 |
| | |||||
* | Core: | Remi Collet | 2020-09-29 | 3 | -1/+384 |
| | | | | | | | | | Fix #79699 PHP parses encoded cookie names so malicious `__Host-` cookies can be sent CVE-2020-7070 OpenSSL: Fix #79601 Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV CVE-2020-7069 Fix bug #78079 openssl_encrypt_ccm.phpt fails with OpenSSL 1.1.1c | ||||
* | Core: | Remi Collet | 2020-08-04 | 3 | -1/+122 |
| | | | | | | | Fix #79877 getimagesize function silently truncates after a null byte Phar: Fix #79797 use of freed hash key in the phar_parse_zipfile function CVE-2020-7068 | ||||
* | Core: | Remi Collet | 2020-05-12 | 3 | -1/+123 |
| | | | | | | | Fix #78875 Long filenames cause OOM and temp files are not cleaned CVE-2019-11048 Fix #78876 Long variables in multipart/form-data cause OOM and temp files are not cleaned | ||||
* | standard: | Remi Collet | 2020-04-14 | 3 | -1/+100 |
| | | | | | | Fix #79330 shell_exec silently truncates after a null byte Fix #79465 OOB Read in urldecode CVE-2020-7067 | ||||
* | standard: | Remi Collet | 2020-03-17 | 3 | -2/+176 |
| | | | | | | | | | Fix #79329 get_headers() silently truncates after a null byte CVE-2020-7066 exif: Fix #79282 Use-of-uninitialized-value in exif CVE-2020-7064 use oracle client library version 19.6 (18.5 on EL-6) | ||||
* | Renew openssl certs | Remi Collet | 2020-02-18 | 2 | -0/+152 |
| | |||||
* | dom: | Remi Collet | 2020-02-18 | 5 | -2/+347 |
| | | | | | | | | | | Fix #77569 Write Access Violation in DomImplementation phar: Fix #79082 Files added to tar with Phar::buildFromIterator have all-access permissions CVE-2020-7063 session: Fix #79221 Null Pointer Dereference in PHP Session Upload Progress CVE-2020-7062 | ||||
* | rebuild with 1 more fix | Remi Collet | 2020-01-23 | 2 | -2/+35 |
| | |||||
* | mbstring: | Remi Collet | 2020-01-21 | 5 | -3/+307 |
| | | | | | | | | | | Fix #79037 global buffer-overflow in mbfl_filt_conv_big5_wchar CVE-2020-7060 session: Fix #79091 heap use-after-free in session_create_id standard: Fix #79099 OOB read in php_strip_tags_ex CVE-2020-7059 | ||||
* | - bcmath: | Remi Collet | 2019-12-17 | 7 | -4/+439 |
| | | | | | | | | | | | | | | | | Fix #78878 Buffer underflow in bc_shift_addsub CVE-2019-11046 - core: Fix #78862 link() silently truncates after a null byte on Windows CVE-2019-11044 Fix #78863 DirectoryIterator class silently truncates after a null byte CVE-2019-11045 - exif Fix #78793 Use-after-free in exif parsing under memory sanitizer CVE-2019-11050 Fix #78910 Heap-buffer-overflow READ in exif CVE-2019-11047 - use oracle client library version 19.5 (18.5 on EL-6) | ||||
* | Update to 7.1.33 - http://www.php.net/releases/7_1_33.php | Remi Collet | 2019-10-23 | 2 | -4/+15 |
| | |||||
* | Update to 7.1.32 - http://www.php.net/releases/7_1_32.php | Remi Collet | 2019-08-28 | 2 | -2/+5 |
| | |||||
* | Update to 7.1.31 - http://www.php.net/releases/7_1_31.php | Remi Collet | 2019-07-31 | 2 | -5/+6 |
| | |||||
* | disable opcache.huge_code_pages in default configuration | Remi Collet | 2019-07-02 | 1 | -5/+3 |
| | |||||
* | use oracle client library version 19.3 | Remi Collet | 2019-06-17 | 1 | -5/+10 |
| | |||||
* | refresh test results | Remi Collet | 2019-05-28 | 1 | -3/+1 |
| | |||||
* | v7.1.30 | Remi Collet | 2019-05-28 | 2 | -2/+5 |
| | |||||
* | fix wording | Remi Collet | 2019-05-16 | 1 | -4/+4 |
| | |||||
* | add httpd and nginx configuration files for FPM in documentation | Remi Collet | 2019-05-16 | 1 | -1/+17 |
| | |||||
* | Update to 7.1.29 - http://www.php.net/releases/7_1_29.php | Remi Collet | 2019-05-01 | 2 | -3/+8 |
| | |||||
* | Update to 7.1.28 - http://www.php.net/releases/7_1_28.php | Remi Collet | 2019-04-02 | 3 | -33/+5 |
| | |||||
* | ensure php-devel pulls needed lilbraries from php-config output | Remi Collet | 2019-03-29 | 1 | -0/+6 |
| | |||||
* | Update to 7.1.27 - http://www.php.net/releases/7_1_27.php | Remi Collet | 2019-03-06 | 3 | -5/+37 |
| | | | | add upstream patch for OpenSSL 1.1.1b | ||||
* | fix upgrade path | Remi Collet | 2019-02-22 | 1 | -0/+1 |
| | |||||
* | drop config for ZTS mod_php | Remi Collet | 2019-02-18 | 1 | -1/+1 |
| | |||||
* | Update to 7.1.26 - http://www.php.net/releases/7_1_26.php | Remi Collet | 2019-01-09 | 3 | -78/+7 |
| | |||||
* | Fix null pointer dereference in imap_mail CVE-2018-19935 | Remi Collet | 2018-12-08 | 2 | -1/+76 |
| | |||||
* | Update to 7.1.25 - http://www.php.net/releases/7_1_25.php | Remi Collet | 2018-12-05 | 2 | -3/+8 |
| | |||||
* | v7.1.25RC1 | Remi Collet | 2018-11-22 | 2 | -3/+6 |
| | |||||
* | Update to 7.1.24 - http://www.php.net/releases/7_1_24.php | Remi Collet | 2018-11-07 | 2 | -6/+9 |
| | |||||
* | FPM: add getallheaders, backported from 7.3 | Remi Collet | 2018-10-25 | 3 | -8/+216 |
| |