Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fix Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface | Remi Collet | 6 days | 1 | -2/+24 |
| | | | | | | | | | | | | GHSA-4w77-75f9-2c8w Fix OOB access in ldap_escape CVE-2024-8932 Fix Integer overflow in the dblib/firebird quoter causing OOB writes CVE-2024-11236 Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs CVE-2024-11234 Fix Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233 | ||||
* | Fix Bypass of CVE-2012-1823, Argument Injection in PHP-CGI | Remi Collet | 2024-09-26 | 1 | -3/+19 |
| | | | | | | | | | | CVE-2024-4577 Fix Bypass of CVE-2024-4577, Parameter Injection Vulnerability CVE-2024-8926 Fix cgi.force_redirect configuration is bypassable due to the environment variable collision CVE-2024-8927 Fix Erroneous parsing of multipart form data CVE-2024-8925 | ||||
* | use oracle client library version 23.5 on x86_64 | Remi Collet | 2024-07-31 | 1 | -8/+15 |
| | |||||
* | Fix filter bypass in filter_var FILTER_VALIDATE_URL | Remi Collet | 2024-06-05 | 1 | -5/+11 |
| | | | | CVE-2024-5458 | ||||
* | use oracle client library version 21.11 on x86_64, 19.19 on aarch64 | Remi Collet | 2024-04-10 | 1 | -2/+13 |
| | | | | | | | Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 Fix password_verify can erroneously return true opening ATO risk CVE-2024-3096 | ||||
* | use oracle client library version 21.11 on x86_64, 19.19 on aarch64 | Remi Collet | 2023-10-16 | 1 | -5/+17 |
| | | | | use official Oracle Instant Client RPM | ||||
* | use official Oracle Instant Client RPM | Remi Collet | 2023-09-22 | 1 | -24/+22 |
| | |||||
* | Fix Security issue with external entity loading in XML without enabling it | Remi Collet | 2023-08-01 | 1 | -6/+16 |
| | | | | | | | GHSA-3qrf-m4j2-pcrr CVE-2023-3823 Fix Buffer mismanagement in phar_dir_read() GHSA-jqcx-ccgc-xwhv CVE-2023-3824 move httpd/nginx wants directive to config files in /etc | ||||
* | fix possible buffer overflow in date | Remi Collet | 2023-06-20 | 1 | -32/+36 |
| | | | | define %php73___phpize and %php73___phpconfig | ||||
* | Fix Missing error check and insufficient random bytes in HTTP Digest | Remi Collet | 2023-06-07 | 1 | -3/+12 |
| | | | | | | | authentication for SOAP GHSA-76gg-c692-v2mw use oracle client library version 21.10 define __phpize and __phpconfig | ||||
* | fix #81744: Password_verify() always return true with some hash | Remi Collet | 2023-02-14 | 1 | -1/+22 |
| | | | | | | | | | CVE-2023-0567 fix #81746: 1-byte array overrun in common path resolve code CVE-2023-0568 fix DOS vulnerability when parsing multipart request body CVE-2023-0662 add dependency on pcre2 minimal version | ||||
* | pdo: fix #81740: PDO::quote() may return unquoted string | Remi Collet | 2022-12-19 | 1 | -3/+10 |
| | | | | | CVE-2022-31631 use oracle client library version 21.8 | ||||
* | hash: fix #81738: buffer overflow in hash_update() on long parameter. | Remi Collet | 2022-10-24 | 1 | -1/+7 |
| | | | | CVE-2022-37454 | ||||
* | rebuild with refreshed patch | Remi Collet | 2022-09-27 | 1 | -2/+2 |
| | |||||
* | phar: fix #81726 DOS when using quine gzip file. CVE-2022-31628 | Remi Collet | 2022-09-27 | 1 | -5/+29 |
| | | | | | | core: fix #81727 Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. CVE-2022-31629 use oracle client library version 21.7 | ||||
* | use oracle client library version 21.6 | Remi Collet | 2022-06-07 | 1 | -3/+16 |
| | | | | | | mysqlnd: fix #81719: mysqlnd/pdo password buffer overflow. CVE-2022-31626 pgsql: fix #81720: Uninitialized array in pg_query_params(). CVE-2022-31625 pcre: fix default options for pcre >= 10.38 | ||||
* | retrieve tzdata version | Remi Collet | 2022-02-23 | 1 | -15/+9 |
| | | | | use oracle client library version 21.5 | ||||
* | Update to 7.3.33 - http://www.php.net/releases/7_3_33.php | Remi Collet | 2021-11-16 | 1 | -1/+4 |
| | |||||
* | Update to 7.3.32 - http://www.php.net/releases/7_3_32.php | Remi Collet | 2021-10-26 | 1 | -4/+5 |
| | |||||
* | fix PHP-FPM oob R/W in root process leading to priv escalation | Remi Collet | 2021-10-20 | 1 | -3/+10 |
| | | | | | CVE-2021-21703 use libicu version 69 | ||||
* | Update to 7.3.31 - http://www.php.net/releases/7_3_31.php | Remi Collet | 2021-09-21 | 1 | -2/+6 |
| | | | | use oracle client library version 21.3 | ||||
* | Update to 7.3.30 - http://www.php.net/releases/7_3_30.php | Remi Collet | 2021-08-24 | 1 | -1/+4 |
| | |||||
* | Update to 7.3.29 - http://www.php.net/releases/7_3_29.php | Remi Collet | 2021-06-29 | 1 | -4/+6 |
| | |||||
* | Update to 7.3.28 - http://www.php.net/releases/7_3_28.php | Remi Collet | 2021-04-27 | 1 | -2/+5 |
| | |||||
* | add upstream patch for https://bugs.php.net/80783 | Remi Collet | 2021-04-08 | 1 | -18/+12 |
| | | | | | PDO ODBC truncates BLOB records at every 256th byte use oracle client library version 21.1 | ||||
* | Update to 7.3.27 - http://www.php.net/releases/7_3_27.php | Remi Collet | 2021-02-02 | 1 | -2/+5 |
| | |||||
* | add upstream patch for https://bugs.php.net/80682 | Remi Collet | 2021-01-28 | 1 | -1/+8 |
| | | | | fix opcache doesn't honour pcre.jit option | ||||
* | Update to 7.3.26 - http://www.php.net/releases/7_3_26.php | Remi Collet | 2021-01-05 | 1 | -1/+4 |
| | |||||
* | update to 7.3.26RC1 | Remi Collet | 2020-12-15 | 1 | -2/+7 |
| | |||||
* | Update to 7.3.25 - http://www.php.net/releases/7_3_25.php | Remi Collet | 2020-11-24 | 1 | -2/+6 |
| | | | | use oracle client library version 19.9 (x86_64) | ||||
* | update to 7.3.25RC1 | Remi Collet | 2020-11-10 | 1 | -2/+5 |
| | |||||
* | fix obsoletes | Remi Collet | 2020-10-28 | 1 | -1/+1 |
| | |||||
* | Update to 7.3.24 - http://www.php.net/releases/7_3_24.php | Remi Collet | 2020-10-27 | 1 | -2/+5 |
| | |||||
* | backport fix for https://bugs.php.net/74083 from 7.4 | Remi Collet | 2020-10-23 | 1 | -1/+9 |
| | | | | master PHP-fpm is stopped on multiple reloads | ||||
* | update to 7.3.24RC1 | Remi Collet | 2020-10-13 | 1 | -2/+5 |
| | |||||
* | Update to 7.3.23 - http://www.php.net/releases/7_3_23.php | Remi Collet | 2020-09-29 | 1 | -7/+5 |
| | |||||
* | update to 7.3.23RC1 | Remi Collet | 2020-09-15 | 1 | -2/+5 |
| | |||||
* | Update to 7.3.22 - http://www.php.net/releases/7_3_22.php | Remi Collet | 2020-09-01 | 1 | -1/+4 |
| | |||||
* | update to 7.3.22RC1 | Remi Collet | 2020-08-18 | 1 | -2/+11 |
| | | | | use oracle client library version 19.8 (x86_64) | ||||
* | Update to 7.3.21 - http://www.php.net/releases/7_3_21.php | Remi Collet | 2020-08-04 | 1 | -1/+4 |
| | |||||
* | update to 7.3.21RC1 | Remi Collet | 2020-07-21 | 1 | -3/+7 |
| | | | | build using ICU 65 (excepted on EL-6) | ||||
* | Update to 7.3.20 - http://www.php.net/releases/7_3_20.php | Remi Collet | 2020-07-07 | 1 | -2/+5 |
| | |||||
* | display build system and provider in phpinfo (from 8.0) | Remi Collet | 2020-07-06 | 1 | -4/+13 |
| | |||||
* | update to 7.3.20RC1 | Remi Collet | 2020-06-23 | 1 | -2/+5 |
| | |||||
* | Update to 7.3.19 - http://www.php.net/releases/7_3_19.php | Remi Collet | 2020-06-09 | 1 | -3/+12 |
| | | | | | rebuild using oniguruma5php build phpdbg only once | ||||
* | update to 7.3.19RC1 | Remi Collet | 2020-05-26 | 1 | -2/+5 |
| | |||||
* | Update to 7.3.18 - http://www.php.net/releases/7_3_18.php | Remi Collet | 2020-05-12 | 1 | -1/+4 |
| | |||||
* | update to 7.3.18RC1 | Remi Collet | 2020-04-28 | 1 | -2/+5 |
| | |||||
* | Update to 7.3.17 - http://www.php.net/releases/7_3_17.php | Remi Collet | 2020-04-14 | 1 | -1/+4 |
| | |||||
* | update to 7.3.17RC1 | Remi Collet | 2020-03-31 | 1 | -2/+5 |
| |