summaryrefslogtreecommitdiffstats
path: root/php.spec
Commit message (Collapse)AuthorAgeFilesLines
* use oracle client library version 21.13 on x86_64, 19.19 on aarch64HEADmasterRemi Collet2024-04-101-3/+14
| | | | | | | Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 Fix password_verify can erroneously return true opening ATO risk CVE-2024-3096
* use official Oracle Instant Client RPMRemi Collet2023-09-221-11/+19
|
* Fix Security issue with external entity loading in XML without enabling itRemi Collet2023-08-011-5/+16
| | | | | | | GHSA-3qrf-m4j2-pcrr CVE-2023-3823 Fix Buffer mismanagement in phar_dir_read() GHSA-jqcx-ccgc-xwhv CVE-2023-3824 move httpd/nginx wants directive to config files in /etc
* fix possible buffer overflow in dateRemi Collet2023-06-211-60/+64
| | | | define %php71___phpize and %php71___phpconfig
* Fix Missing error check and insufficient random bytes in HTTP DigestRemi Collet2023-06-071-2/+10
| | | | | | authentication for SOAP GHSA-76gg-c692-v2mw use oracle client library version 21.10
* fix #81744: Password_verify() always return true with some hashRemi Collet2023-02-151-1/+15
| | | | | | | | CVE-2023-0567 fix #81746: 1-byte array overrun in common path resolve code CVE-2023-0568 fix DOS vulnerability when parsing multipart request body CVE-2023-0662
* pdo: fix #81740: PDO::quote() may return unquoted stringRemi Collet2022-12-201-3/+10
| | | | | CVE-2022-31631 use oracle client library version 21.8
* phar: fix #81726 DOS when using quine gzip file. CVE-2022-31628Remi Collet2022-09-271-2/+2
| | | | | | core: fix #81727 Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. CVE-2022-31629 use oracle client library version 21.7
* phar: fix #81726 DOS when using quine gzip file. CVE-2022-31628Remi Collet2022-09-271-9/+20
| | | | | | core: fix #81727 Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. CVE-2022-31629 use oracle client library version 21.7
* use oracle client library version 21.6Remi Collet2022-06-071-9/+13
| | | | | mysqlnd: fix #81719: mysqlnd/pdo password buffer overflow. CVE-2022-31626 pgsql: fix #81720: Uninitialized array in pg_query_params(). CVE-2022-31625
* Fix #79971 special character is breaking the path in xml functionRemi Collet2021-11-151-1/+7
| | | | CVE-2021-21707
* fix PHP-FPM oob R/W in root process leading to priv escalationRemi Collet2021-10-201-5/+12
| | | | | | CVE-2021-21703 use libicu version 69 use oracle client library version 21.3
* fix intl build on F35Remi Collet2021-09-071-1/+6
|
* Fix #81211 Symlinks are followed when creating PHAR archiveRemi Collet2021-08-251-1/+6
|
* Fix #81122 SSRF bypass in FILTER_VALIDATE_URLRemi Collet2021-06-281-3/+16
| | | | | | | | | CVE-2021-21705 Fix #76448 Stack buffer overflow in firebird_info_cb Fix #76449 SIGSEGV in firebird_handle_doer Fix #76450 SIGSEGV in firebird_stmt_execute Fix #76452 Crash while parsing blob data in firebird_fetch_blob CVE-2021-21704
* fix snmp extension build with net-snmp without DESRemi Collet2021-05-271-1/+7
|
* Fix #80710 imap_mail_compose() header injectionRemi Collet2021-04-281-17/+9
| | | | use oracle client library version 21.1
* Fix #80672 Null Dereference in SoapClientRemi Collet2021-02-031-1/+8
| | | | | CVE-2021-21702 better fix for #77423
* Fix #77423 FILTER_VALIDATE_URL accepts URLs with invalid userinfoRemi Collet2021-01-041-3/+11
| | | | CVE-2020-7071
* Core:Remi Collet2020-09-291-6/+14
| | | | | | | | | Fix #79699 PHP parses encoded cookie names so malicious `__Host-` cookies can be sent CVE-2020-7070 OpenSSL: Fix #79601 Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV CVE-2020-7069 Fix bug #78079 openssl_encrypt_ccm.phpt fails with OpenSSL 1.1.1c
* F33 buildRemi Collet2020-08-201-0/+11
|
* Core:Remi Collet2020-08-041-1/+12
| | | | | | | Fix #79877 getimagesize function silently truncates after a null byte Phar: Fix #79797 use of freed hash key in the phar_parse_zipfile function CVE-2020-7068
* Core:Remi Collet2020-05-121-1/+12
| | | | | | | Fix #78875 Long filenames cause OOM and temp files are not cleaned CVE-2019-11048 Fix #78876 Long variables in multipart/form-data cause OOM and temp files are not cleaned
* standard:Remi Collet2020-04-141-1/+11
| | | | | | Fix #79330 shell_exec silently truncates after a null byte Fix #79465 OOB Read in urldecode CVE-2020-7067
* standard:Remi Collet2020-03-171-2/+15
| | | | | | | | | Fix #79329 get_headers() silently truncates after a null byte CVE-2020-7066 exif: Fix #79282 Use-of-uninitialized-value in exif CVE-2020-7064 use oracle client library version 19.6 (18.5 on EL-6)
* Renew openssl certsRemi Collet2020-02-181-0/+5
|
* dom:Remi Collet2020-02-181-1/+17
| | | | | | | | | | Fix #77569 Write Access Violation in DomImplementation phar: Fix #79082 Files added to tar with Phar::buildFromIterator have all-access permissions CVE-2020-7063 session: Fix #79221 Null Pointer Dereference in PHP Session Upload Progress CVE-2020-7062
* rebuild with 1 more fixRemi Collet2020-01-231-2/+3
|
* mbstring:Remi Collet2020-01-211-1/+17
| | | | | | | | | | Fix #79037 global buffer-overflow in mbfl_filt_conv_big5_wchar CVE-2020-7060 session: Fix #79091 heap use-after-free in session_create_id standard: Fix #79099 OOB read in php_strip_tags_ex CVE-2020-7059
* - bcmath:Remi Collet2019-12-171-2/+45
| | | | | | | | | | | | | | | | Fix #78878 Buffer underflow in bc_shift_addsub CVE-2019-11046 - core: Fix #78862 link() silently truncates after a null byte on Windows CVE-2019-11044 Fix #78863 DirectoryIterator class silently truncates after a null byte CVE-2019-11045 - exif Fix #78793 Use-after-free in exif parsing under memory sanitizer CVE-2019-11050 Fix #78910 Heap-buffer-overflow READ in exif CVE-2019-11047 - use oracle client library version 19.5 (18.5 on EL-6)
* Update to 7.1.33 - http://www.php.net/releases/7_1_33.phpRemi Collet2019-10-231-1/+4
|
* Update to 7.1.32 - http://www.php.net/releases/7_1_32.phpRemi Collet2019-08-281-1/+4
|
* Update to 7.1.31 - http://www.php.net/releases/7_1_31.phpRemi Collet2019-07-311-2/+5
|
* disable opcache.huge_code_pages in default configurationRemi Collet2019-07-021-5/+3
|
* use oracle client library version 19.3Remi Collet2019-06-171-2/+12
|
* v7.1.30Remi Collet2019-05-281-2/+5
|
* Update to 7.1.29 - http://www.php.net/releases/7_1_29.phpRemi Collet2019-05-011-1/+8
|
* Update to 7.1.28 - http://www.php.net/releases/7_1_28.phpRemi Collet2019-04-021-3/+4
|
* ensure php-devel pulls needed lilbraries from php-config outputRemi Collet2019-03-291-0/+6
|
* Update to 7.1.27 - http://www.php.net/releases/7_1_27.phpRemi Collet2019-03-061-3/+8
| | | | add upstream patch for OpenSSL 1.1.1b
* cleanup for EL-8Remi Collet2019-01-181-10/+18
|
* Update to 7.1.26 - http://www.php.net/releases/7_1_26.phpRemi Collet2019-01-091-4/+5
|
* Fix null pointer dereference in imap_mail CVE-2018-19935Remi Collet2018-12-081-1/+6
|
* Update to 7.1.25 - http://www.php.net/releases/7_1_25.phpRemi Collet2018-12-051-1/+4
|
* v7.1.25RC1Remi Collet2018-11-221-6/+7
|
* test build for https://github.com/php/php-src/pull/3666Remi Collet2018-11-151-1/+6
|
* Update to 7.1.24 - http://www.php.net/releases/7_1_24.phpRemi Collet2018-11-071-2/+7
|
* FPM: add getallheaders, backported from 7.3Remi Collet2018-10-251-1/+7
|
* 7.1.24RC1Remi Collet2018-10-241-3/+6
|
* Update to 7.1.23 - http://www.php.net/releases/7_1_23.phpRemi Collet2018-10-101-1/+4
|
generated by cgit (git 2.34.1) at 2024-04-30 13:15:52 +0000