summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fix Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI InterfaceHEADmasterRemi Collet3 days7-11/+599
| | | | | | | | | | | | GHSA-4w77-75f9-2c8w Fix OOB access in ldap_escape CVE-2024-8932 Fix Integer overflow in the dblib/firebird quoter causing OOB writes CVE-2024-11236 Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs CVE-2024-11234 Fix Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233
* rename patchesRemi Collet12 days4-7/+7
|
* Fix Bypass of CVE-2012-1823, Argument Injection in PHP-CGIRemi Collet2024-09-266-7/+767
| | | | | | | | | | | | | CVE-2024-4577 Fix Bypass of CVE-2024-4577, Parameter Injection Vulnerability CVE-2024-8926 Fix cgi.force_redirect configuration is bypassable due to the environment variable collision CVE-2024-8927 Fix Logs from childrens may be altered CVE-2024-9026 Fix Erroneous parsing of multipart form data CVE-2024-8925 use ICU 74.2
* add backport for https://bugs.php.net/79589Remi Collet2024-08-263-7/+47
| | | | error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading
* use oracle client library version 23.5 on x86_64Remi Collet2024-07-312-405/+401
|
* Fix filter bypass in filter_var FILTER_VALIDATE_URLRemi Collet2024-06-053-8/+197
| | | | CVE-2024-5458
* Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fixRemi Collet2024-04-104-2/+286
| | | | | | CVE-2024-2756 Fix password_verify can erroneously return true opening ATO risk CVE-2024-3096
* patch test suite for zlib-ngRemi Collet2024-03-074-3/+646
|
* add build patch for GCC 14Remi Collet2024-02-142-2/+40
| | | | use oracle client library version 21.13 on x86_64
* use ICU 73.2Remi Collet2023-12-123-8/+48
| | | | | use oracle client library version 21.12 on x86_64, 19.19 on aarch64 add fixes for libxml 2.11 and 2.12 from 8.1
* refreshRemi Collet2023-12-077-42/+681
|
* use oracle client library version 21.11 on x86_64, 19.19 on aarch64Remi Collet2023-09-222-27/+34
| | | | use official Oracle Instant Client RPM
* Fix Security issue with external entity loading in XML without enabling itRemi Collet2023-08-014-7/+751
| | | | | | | GHSA-3qrf-m4j2-pcrr CVE-2023-3823 Fix Buffer mismanagement in phar_dir_read() GHSA-jqcx-ccgc-xwhv CVE-2023-3824 move httpd/nginx wants directive to config files in /etc
* refresh patchesRemi Collet2023-06-263-89/+136
|
* Fix Missing error check and insufficient random bytes in HTTP DigestRemi Collet2023-06-064-596/+924
| | | | | authentication for SOAP GHSA-76gg-c692-v2mw
* use ICU 72.1Remi Collet2023-05-113-30/+38
| | | | | | use oracle client library version 21.10 fix possible buffer overflow in date define %__phpize and %__phpconfig
* F38: enable imap extensionRemi Collet2023-02-211-6/+4
|
* minor fix for NEWSRemi Collet2023-02-141-0/+25
|
* fix #81744: Password_verify() always return true with some hashRemi Collet2023-02-145-7/+426
| | | | | | | | CVE-2023-0567 fix #81746: 1-byte array overrun in common path resolve code CVE-2023-0568 fix DOS vulnerability when parsing multipart request body CVE-2023-0662
* F38: disable imap extensionRemi Collet2023-02-101-5/+32
|
* pdo: fix #81740: PDO::quote() may return unquoted stringRemi Collet2022-12-193-2/+107
| | | | | CVE-2022-31631 use oracle client library version 21.8
* Update to 7.4.33 - http://www.php.net/releases/7_4_33.phpRemi Collet2022-11-013-190/+6
|
* add upstream fix for CVE-2022-31630 and CVE-2022-37454Remi Collet2022-10-263-43/+229
|
* Update to 7.4.32 - http://www.php.net/releases/7_4_32.phpRemi Collet2022-09-283-539/+601
| | | | use ICU 71.1
* use bcond for zts and debugRemi Collet2022-08-161-31/+35
|
* Update to 7.4.30 - http://www.php.net/releases/7_4_30.phpRemi Collet2022-06-073-416/+546
| | | | use oracle client library version 21.6
* Update to 7.4.29 - http://www.php.net/releases/7_4_29.phpRemi Collet2022-04-122-6/+7
|
* handle tzdata up to .26Remi Collet2022-02-231-8/+18
|
* retrieve tzdata versionRemi Collet2022-02-222-21/+69
| | | | use oracle client library version 21.5
* Update to 7.4.28 - http://www.php.net/releases/7_4_28.phpRemi Collet2022-02-152-10/+12
|
* Update to 7.4.27 - http://www.php.net/releases/7_4_27.phpRemi Collet2021-12-152-8/+13
|
* ensure we use libgd >= 2.3Remi Collet2021-12-021-7/+5
|
* update to 7.4.27RC1Remi Collet2021-12-012-5/+9
| | | | use oracle client library version 21.4
* improve openssl 3 patchRemi Collet2021-11-181-24/+127
|
* Update to 7.4.26 - http://www.php.net/releases/7_4_26.phpRemi Collet2021-11-162-3/+6
|
* add patch for OpenSSL 3.0, backported from 8.1Remi Collet2021-11-094-1/+2536
|
* update to 7.4.26RC1Remi Collet2021-11-032-8/+9
|
* Update to 7.4.25 - http://www.php.net/releases/7_4_25.phpRemi Collet2021-10-202-2/+5
|
* update to 7.4.24RC1Remi Collet2021-10-062-11/+16
| | | | use libicu version 69
* Update to 7.4.24 - http://www.php.net/releases/7_4_24.phpRemi Collet2021-09-212-2/+5
|
* update to 7.4.24RC1Remi Collet2021-09-082-4/+8
| | | | use oracle client library version 21.3
* Update to 7.4.23 - http://www.php.net/releases/7_4_23.phpRemi Collet2021-08-242-2/+5
|
* update to 7.4.23RC1Remi Collet2021-08-102-3/+6
|
* Update to 7.4.22 - http://www.php.net/releases/7_4_22.phpRemi Collet2021-07-282-2/+5
|
* update to 7.4.22RC1Remi Collet2021-07-132-3/+6
|
* Update to 7.4.21 - http://www.php.net/releases/7_4_21.phpRemi Collet2021-06-292-5/+8
|
* update to 7.4.21RC1Remi Collet2021-06-163-3/+25
| | | | ignore unsupported "threads" option on password_hash
* Update to 7.4.20 - http://www.php.net/releases/7_4_20.phpRemi Collet2021-06-022-2/+5
|
* update to 7.4.20RC1Remi Collet2021-05-182-3/+6
|
* Update to 7.4.19 - http://www.php.net/releases/7_4_19.phpRemi Collet2021-05-043-366/+417
|