summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fix #77423 FILTER_VALIDATE_URL accepts URLs with invalid userinfoHEADmasterRemi Collet11 days3-8/+369
| | | | CVE-2020-7071
* F33 buildRemi Collet2020-08-201-5/+19
|
* Core:Remi Collet2020-08-043-2/+149
| | | | | | | Fix #79877 getimagesize function silently truncates after a null byte Phar: Fix #79797 use of freed hash key in the phar_parse_zipfile function CVE-2020-7068
* Core:Remi Collet2020-05-132-1/+79
| | | | | | | Fix #78875 Long filenames cause OOM and temp files are not cleaned CVE-2019-11048 Fix #78876 Long variables in multipart/form-data cause OOM and temp files are not cleaned
* standard:Remi Collet2020-04-143-1/+128
| | | | | | Fix #79330 shell_exec silently truncates after a null byte Fix #79465 OOB Read in urldecode CVE-2020-7067
* standard:Remi Collet2020-03-173-2/+187
| | | | | | | | | Fix #79329 get_headers() silently truncates after a null byte CVE-2020-7066 exif: Fix #79282 Use-of-uninitialized-value in exif CVE-2020-7064 use oracle client library version 19.6 (18.5 on EL-6)
* add the gcc10 patchRemi Collet2020-02-191-0/+30
|
* add fix for GCC 10Remi Collet2020-02-192-3/+8
|
* Renew openssl certsRemi Collet2020-02-182-0/+152
|
* phar:Remi Collet2020-02-183-1/+253
| | | | | | | | Fix #79082 Files added to tar with Phar::buildFromIterator have all-access permissions CVE-2020-7063 session: Fix #79221 Null Pointer Dereference in PHP Session Upload Progress CVE-2020-7062
* rebuild with 1 more fixRemi Collet2020-01-232-2/+35
|
* mbstring:Remi Collet2020-01-214-2/+188
| | | | | | | | Fix #79037 global buffer-overflow in mbfl_filt_conv_big5_wchar CVE-2020-7060 standard: Fix #79099 OOB read in php_strip_tags_ex CVE-2020-7059
* - bcmath:Remi Collet2019-12-177-8/+463
| | | | | | | | | | | | | | | | Fix #78878 Buffer underflow in bc_shift_addsub CVE-2019-11046 - core: Fix #78862 link() silently truncates after a null byte on Windows CVE-2019-11044 Fix #78863 DirectoryIterator class silently truncates after a null byte CVE-2019-11045 - exif Fix #78793 Use-after-free in exif parsing under memory sanitizer CVE-2019-11050 Fix #78910 Heap-buffer-overflow READ in exif CVE-2019-11047 - use oracle client library version 19.5 (18.5 on EL-6)
* Fix CVE-2019-11043 env_path_info underflow in fpm_main.cRemi Collet2019-10-223-5/+65
|
* From 7.1.32Remi Collet2019-08-284-6/+181
| | | | | | | - mbstring: Fix CVE-2019-13224 don't allow different encodings for onig_new_deluxe - pcre: Fix #75457 heap use-after-free in pcrelib
* - exif:Remi Collet2019-07-305-8/+172
| | | | | | | | | Fix #78256 heap-buffer-overflow on exif_process_user_comment CVE-2019-11042 Fix #78222 heap-buffer-overflow on exif_scan_thumbnail CVE-2019-11041 - phar: Fix #77919 Potential UAF in Phar RSHUTDOWN
* bump releaseRemi Collet2019-07-031-2/+2
|
* use oracle client library version 19.3Remi Collet2019-06-171-2/+12
|
* - iconv:Remi Collet2019-05-285-2/+170
| | | | | | | | | | Fix #78069 Out-of-bounds read in iconv.c:_php_iconv_mime_decode() CVE-2019-11039 - exif: Fix #77988 Heap-buffer-overflow on php_jpg_get16 CVE-2019-11040 - sqlite3: Fix #77967 Bypassing open_basedir restrictions via file uris
* - exif:Remi Collet2019-04-303-2/+76
| | | | | Fix #77950 Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG CVE-2019-11036
* - exif:Remi Collet2019-04-025-24/+441
| | | | | | | Fix #77753 Heap-buffer-overflow in php_ifd_get32s Fix #77831 Heap-buffer-overflow in exif_iif_add_value - sqlite3: Added sqlite3.defensive INI directive
* ensure php-devel pulls needed lilbraries from php-config outputRemi Collet2019-03-291-0/+6
|
* Fix #76846 Segfault in shutdown function after memory limit errorRemi Collet2019-03-152-3/+100
|
* add CVEsRemi Collet2019-03-151-0/+5
|
* Fix #77396 Null Pointer Dereference in phar_create_or_parse_filenameRemi Collet2019-03-129-42/+335
| | | | | | | Fix #77586 - phar_tar_writeheaders_int() buffer overflow - spl: Fix #77431 openFile() silently truncates after a null byte - security fix synced with https://github.com/Microsoft/php-src/
* f30 buildRemi Collet2019-03-082-11/+12
|
* update test resultsRemi Collet2019-03-051-3/+7
|
* Fix #77630 rename() across the device may allow unwanted access during ↵Remi Collet2019-03-052-1/+97
| | | | processing
* - exif:Remi Collet2019-03-043-1/+174
| | | | | | | Fix #77509 Uninitialized read in exif_process_IFD_in_TIFF Fix #77540 Invalid Read on exif_process_SOFn Fix #77563 Uninitialized read in exif_process_IFD_in_MAKERNOTE Fix #77659 Uninitialized read in exif_process_IFD_in_MAKERNOTE
* cleanup for EL-8Remi Collet2019-01-211-14/+22
|
* Update to 5.6.40 - http://www.php.net/releases/5_6_40.phpRemi Collet2019-01-092-2/+5
|
* Update to 5.6.39 - http://www.php.net/releases/5_6_39.phpRemi Collet2018-12-052-10/+6
|
* use oracle client library version 18.3Remi Collet2018-10-242-8/+7
|
* Update to 5.6.38 - http://www.php.net/releases/5_6_38.phpRemi Collet2018-09-122-6/+12
|
* F29: backport ICU 62.1 support from 7.1Remi Collet2018-08-243-4/+604
|
* add PostgreSQL to LicenseRemi Collet2018-07-201-0/+2
|
* Update to 5.6.37 - http://www.php.net/releases/5_6_37.phpRemi Collet2018-07-192-7/+14
|
* Update to 5.6.36 - http://www.php.net/releases/5_6_36.phpRemi Collet2018-04-252-2/+5
|
* Update to 5.6.35 - http://www.php.net/releases/5_6_35.phpRemi Collet2018-03-293-3/+13
| | | | FPM: update default pool configuration for process.dumpable
* add file trigger to restart the php-fpm service when new pool or new ↵Remi Collet2018-03-151-9/+13
| | | | extension installed (F27+)
* Update to 5.6.34 - http://www.php.net/releases/5_6_34.phpRemi Collet2018-02-282-14/+12
| | | | | FPM: revert pid file removal improve devel dependencies
* improve devel depsRemi Collet2018-02-161-2/+14
|
* ldconfig scriptletsRemi Collet2018-02-151-0/+6
|
* v5.6.33Remi Collet2018-01-032-17/+17
|
* dataRemi Collet2017-10-251-1/+1
|
* v5.6.32Remi Collet2017-10-253-20/+11
|
* F27: php now requires php-fpm and start it with httpd / nginxRemi Collet2017-09-252-4/+22
|
* disable httpd MPM checkRemi Collet2017-08-253-42/+50
|
* refresh openssl 1.1 patch for F26Remi Collet2017-07-063-10/+10
|
* v5.6.31Remi Collet2017-07-064-107/+177
|