Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | fix #81744: Password_verify() always return true with some hash | Remi Collet | 2023-02-15 | 5 | -10/+458 |
| | | | | | | | | CVE-2023-0567 fix #81746: 1-byte array overrun in common path resolve code CVE-2023-0568 fix DOS vulnerability when parsing multipart request body CVE-2023-0662 | ||||
* | pdo: fix #81740: PDO::quote() may return unquoted string | Remi Collet | 2022-12-20 | 2 | -3/+96 |
| | | | | | CVE-2022-31631 use oracle client library version 21.8 | ||||
* | fix NEWS | Remi Collet | 2022-09-30 | 1 | -0/+33 |
| | |||||
* | phar: fix #81726 DOS when using quine gzip file. CVE-2022-31628 | Remi Collet | 2022-09-27 | 2 | -2/+61 |
| | | | | | | core: fix #81727 Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. CVE-2022-31629 use oracle client library version 21.7 | ||||
* | phar: fix #81726 DOS when using quine gzip file. CVE-2022-31628 | Remi Collet | 2022-09-27 | 3 | -9/+189 |
| | | | | | | core: fix #81727 Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. CVE-2022-31629 use oracle client library version 21.7 | ||||
* | use oracle client library version 21.6 | Remi Collet | 2022-06-07 | 3 | -9/+155 |
| | | | | | mysqlnd: fix #81719: mysqlnd/pdo password buffer overflow. CVE-2022-31626 pgsql: fix #81720: Uninitialized array in pg_query_params(). CVE-2022-31625 | ||||
* | Fix #79971 special character is breaking the path in xml function | Remi Collet | 2021-11-15 | 2 | -1/+214 |
| | | | | CVE-2021-21707 | ||||
* | fix PHP-FPM oob R/W in root process leading to priv escalation | Remi Collet | 2021-10-20 | 2 | -5/+441 |
| | | | | | | CVE-2021-21703 use libicu version 69 use oracle client library version 21.3 | ||||
* | fix intl build on F35 | Remi Collet | 2021-09-07 | 2 | -1/+19 |
| | |||||
* | Fix #81211 Symlinks are followed when creating PHAR archive | Remi Collet | 2021-08-25 | 2 | -1/+170 |
| | |||||
* | Fix #81122 SSRF bypass in FILTER_VALIDATE_URL | Remi Collet | 2021-06-28 | 4 | -3/+314 |
| | | | | | | | | | CVE-2021-21705 Fix #76448 Stack buffer overflow in firebird_info_cb Fix #76449 SIGSEGV in firebird_handle_doer Fix #76450 SIGSEGV in firebird_stmt_execute Fix #76452 Crash while parsing blob data in firebird_fetch_blob CVE-2021-21704 | ||||
* | fix snmp extension build with net-snmp without DES | Remi Collet | 2021-05-27 | 2 | -1/+45 |
| | |||||
* | Fix #80710 imap_mail_compose() header injection | Remi Collet | 2021-04-28 | 2 | -17/+382 |
| | | | | use oracle client library version 21.1 | ||||
* | Fix #80672 Null Dereference in SoapClient | Remi Collet | 2021-02-03 | 4 | -2/+469 |
| | | | | | CVE-2021-21702 better fix for #77423 | ||||
* | Fix #77423 FILTER_VALIDATE_URL accepts URLs with invalid userinfo | Remi Collet | 2021-01-04 | 3 | -5/+219 |
| | | | | CVE-2020-7071 | ||||
* | Core: | Remi Collet | 2020-09-29 | 3 | -6/+379 |
| | | | | | | | | | Fix #79699 PHP parses encoded cookie names so malicious `__Host-` cookies can be sent CVE-2020-7070 OpenSSL: Fix #79601 Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV CVE-2020-7069 Fix bug #78079 openssl_encrypt_ccm.phpt fails with OpenSSL 1.1.1c | ||||
* | F33 build | Remi Collet | 2020-08-20 | 1 | -0/+11 |
| | |||||
* | Core: | Remi Collet | 2020-08-04 | 3 | -1/+122 |
| | | | | | | | Fix #79877 getimagesize function silently truncates after a null byte Phar: Fix #79797 use of freed hash key in the phar_parse_zipfile function CVE-2020-7068 | ||||
* | Core: | Remi Collet | 2020-05-12 | 3 | -1/+123 |
| | | | | | | | Fix #78875 Long filenames cause OOM and temp files are not cleaned CVE-2019-11048 Fix #78876 Long variables in multipart/form-data cause OOM and temp files are not cleaned | ||||
* | standard: | Remi Collet | 2020-04-14 | 3 | -1/+100 |
| | | | | | | Fix #79330 shell_exec silently truncates after a null byte Fix #79465 OOB Read in urldecode CVE-2020-7067 | ||||
* | standard: | Remi Collet | 2020-03-17 | 3 | -2/+176 |
| | | | | | | | | | Fix #79329 get_headers() silently truncates after a null byte CVE-2020-7066 exif: Fix #79282 Use-of-uninitialized-value in exif CVE-2020-7064 use oracle client library version 19.6 (18.5 on EL-6) | ||||
* | Renew openssl certs | Remi Collet | 2020-02-18 | 2 | -0/+152 |
| | |||||
* | dom: | Remi Collet | 2020-02-18 | 5 | -2/+347 |
| | | | | | | | | | | Fix #77569 Write Access Violation in DomImplementation phar: Fix #79082 Files added to tar with Phar::buildFromIterator have all-access permissions CVE-2020-7063 session: Fix #79221 Null Pointer Dereference in PHP Session Upload Progress CVE-2020-7062 | ||||
* | rebuild with 1 more fix | Remi Collet | 2020-01-23 | 2 | -2/+35 |
| | |||||
* | mbstring: | Remi Collet | 2020-01-21 | 5 | -10/+298 |
| | | | | | | | | | | Fix #79037 global buffer-overflow in mbfl_filt_conv_big5_wchar CVE-2020-7060 session: Fix #79091 heap use-after-free in session_create_id standard: Fix #79099 OOB read in php_strip_tags_ex CVE-2020-7059 | ||||
* | - bcmath: | Remi Collet | 2019-12-17 | 7 | -10/+454 |
| | | | | | | | | | | | | | | | | Fix #78878 Buffer underflow in bc_shift_addsub CVE-2019-11046 - core: Fix #78862 link() silently truncates after a null byte on Windows CVE-2019-11044 Fix #78863 DirectoryIterator class silently truncates after a null byte CVE-2019-11045 - exif Fix #78793 Use-after-free in exif parsing under memory sanitizer CVE-2019-11050 Fix #78910 Heap-buffer-overflow READ in exif CVE-2019-11047 - use oracle client library version 19.5 (18.5 on EL-6) | ||||
* | Update to 7.1.33 - http://www.php.net/releases/7_1_33.php | Remi Collet | 2019-10-23 | 2 | -7/+15 |
| | |||||
* | Update to 7.1.32 - http://www.php.net/releases/7_1_32.php | Remi Collet | 2019-08-28 | 2 | -6/+11 |
| | |||||
* | Update to 7.1.31 - http://www.php.net/releases/7_1_31.php | Remi Collet | 2019-07-31 | 2 | -7/+9 |
| | |||||
* | disable opcache.huge_code_pages in default configuration | Remi Collet | 2019-07-02 | 1 | -5/+3 |
| | |||||
* | use oracle client library version 19.3 | Remi Collet | 2019-06-17 | 1 | -2/+12 |
| | |||||
* | v7.1.30 | Remi Collet | 2019-05-28 | 2 | -3/+6 |
| | |||||
* | Update to 7.1.29 - http://www.php.net/releases/7_1_29.php | Remi Collet | 2019-05-01 | 2 | -9/+12 |
| | |||||
* | Update to 7.1.28 - http://www.php.net/releases/7_1_28.php | Remi Collet | 2019-04-02 | 3 | -34/+6 |
| | |||||
* | ensure php-devel pulls needed lilbraries from php-config output | Remi Collet | 2019-03-29 | 1 | -0/+6 |
| | |||||
* | F30 build | Remi Collet | 2019-03-08 | 1 | -2/+3 |
| | |||||
* | Update to 7.1.27 - http://www.php.net/releases/7_1_27.php | Remi Collet | 2019-03-06 | 3 | -7/+47 |
| | | | | add upstream patch for OpenSSL 1.1.1b | ||||
* | cleanup for EL-8 | Remi Collet | 2019-01-18 | 1 | -10/+18 |
| | |||||
* | Update to 7.1.26 - http://www.php.net/releases/7_1_26.php | Remi Collet | 2019-01-09 | 3 | -75/+6 |
| | |||||
* | Fix null pointer dereference in imap_mail CVE-2018-19935 | Remi Collet | 2018-12-08 | 2 | -1/+76 |
| | |||||
* | Update to 7.1.25 - http://www.php.net/releases/7_1_25.php | Remi Collet | 2018-12-05 | 2 | -2/+5 |
| | |||||
* | v7.1.25RC1 | Remi Collet | 2018-11-22 | 3 | -36/+8 |
| | |||||
* | test build for https://github.com/php/php-src/pull/3666 | Remi Collet | 2018-11-15 | 2 | -1/+35 |
| | |||||
* | Update to 7.1.24 - http://www.php.net/releases/7_1_24.php | Remi Collet | 2018-11-07 | 2 | -6/+9 |
| | |||||
* | FPM: add getallheaders, backported from 7.3 | Remi Collet | 2018-10-25 | 3 | -4/+217 |
| | |||||
* | 7.1.24RC1 | Remi Collet | 2018-10-24 | 3 | -10/+16 |
| | |||||
* | Update to 7.1.23 - http://www.php.net/releases/7_1_23.php | Remi Collet | 2018-10-10 | 2 | -2/+5 |
| | |||||
* | update to 7.1.23RC1 | Remi Collet | 2018-09-29 | 3 | -43/+8 |
| | | | | use oracle client library version 18.3 | ||||
* | refresh results with upstream patch | Remi Collet | 2018-09-11 | 1 | -3/+1 |
| | |||||
* | Update to 7.1.22 - http://www.php.net/releases/7_1_22.php | Remi Collet | 2018-09-11 | 3 | -2/+44 |
| |