summaryrefslogtreecommitdiffstats
path: root/php.spec
Commit message (Collapse)AuthorAgeFilesLines
* Fix Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI InterfaceRemi Collet9 days1-6/+37
| | | | | | | | | | | | GHSA-4w77-75f9-2c8w Fix OOB access in ldap_escape CVE-2024-8932 Fix Integer overflow in the dblib/firebird quoter causing OOB writes CVE-2024-11236 Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs CVE-2024-11234 Fix Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233
* rename patchesRemi Collet2024-11-131-7/+7
|
* Fix Bypass of CVE-2012-1823, Argument Injection in PHP-CGIRemi Collet2024-09-261-4/+25
| | | | | | | | | | | | | CVE-2024-4577 Fix Bypass of CVE-2024-4577, Parameter Injection Vulnerability CVE-2024-8926 Fix cgi.force_redirect configuration is bypassable due to the environment variable collision CVE-2024-8927 Fix Logs from childrens may be altered CVE-2024-9026 Fix Erroneous parsing of multipart form data CVE-2024-8925 use ICU 74.2
* add backport for https://bugs.php.net/79589Remi Collet2024-08-261-4/+8
| | | | error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading
* use oracle client library version 23.5 on x86_64Remi Collet2024-07-311-7/+15
|
* Fix filter bypass in filter_var FILTER_VALIDATE_URLRemi Collet2024-06-051-4/+10
| | | | CVE-2024-5458
* Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fixRemi Collet2024-04-101-1/+11
| | | | | | CVE-2024-2756 Fix password_verify can erroneously return true opening ATO risk CVE-2024-3096
* patch test suite for zlib-ngRemi Collet2024-03-071-1/+10
|
* add build patch for GCC 14Remi Collet2024-02-141-2/+8
| | | | use oracle client library version 21.13 on x86_64
* use ICU 73.2Remi Collet2023-12-121-5/+16
| | | | | use oracle client library version 21.12 on x86_64, 19.19 on aarch64 add fixes for libxml 2.11 and 2.12 from 8.1
* use oracle client library version 21.11 on x86_64, 19.19 on aarch64Remi Collet2023-09-221-13/+26
| | | | use official Oracle Instant Client RPM
* Fix Security issue with external entity loading in XML without enabling itRemi Collet2023-08-011-7/+18
| | | | | | | GHSA-3qrf-m4j2-pcrr CVE-2023-3823 Fix Buffer mismanagement in phar_dir_read() GHSA-jqcx-ccgc-xwhv CVE-2023-3824 move httpd/nginx wants directive to config files in /etc
* refresh patchesRemi Collet2023-06-261-3/+3
|
* Fix Missing error check and insufficient random bytes in HTTP DigestRemi Collet2023-06-061-1/+8
| | | | | authentication for SOAP GHSA-76gg-c692-v2mw
* use ICU 72.1Remi Collet2023-05-111-28/+30
| | | | | | use oracle client library version 21.10 fix possible buffer overflow in date define %php74___phpize and %php74___phpconfig
* F38: enable imap extensionRemi Collet2023-02-211-6/+4
|
* fix #81744: Password_verify() always return true with some hashRemi Collet2023-02-141-3/+29
| | | | | | | | | CVE-2023-0567 fix #81746: 1-byte array overrun in common path resolve code CVE-2023-0568 fix DOS vulnerability when parsing multipart request body CVE-2023-0662 add dependency on pcre2 minimal version
* pdo: fix #81740: PDO::quote() may return unquoted stringRemi Collet2022-12-191-2/+22
| | | | | CVE-2022-31631 use oracle client library version 21.8
* Update to 7.4.33 - http://www.php.net/releases/7_4_33.phpRemi Collet2022-11-011-7/+6
|
* add upstream fix for CVE-2022-31630 and CVE-2022-37454Remi Collet2022-10-261-1/+8
|
* Update to 7.4.32 - http://www.php.net/releases/7_4_32.phpRemi Collet2022-09-281-6/+11
| | | | use ICU 71.1
* Update to 7.4.30 - http://www.php.net/releases/7_4_30.phpRemi Collet2022-06-071-2/+6
| | | | use oracle client library version 21.6
* Update to 7.4.29 - http://www.php.net/releases/7_4_29.phpRemi Collet2022-04-121-5/+6
|
* retrieve tzdata versionRemi Collet2022-02-221-7/+7
| | | | use oracle client library version 21.5
* Update to 7.4.28 - http://www.php.net/releases/7_4_28.phpRemi Collet2022-02-151-1/+4
|
* Update to 7.4.27 - http://www.php.net/releases/7_4_27.phpRemi Collet2021-12-151-2/+5
|
* ensure we use libgd >= 2.3Remi Collet2021-12-021-7/+5
|
* update to 7.4.27RC1Remi Collet2021-12-011-3/+7
| | | | use oracle client library version 21.4
* Update to 7.4.26 - http://www.php.net/releases/7_4_26.phpRemi Collet2021-11-161-2/+5
|
* add patch for OpenSSL 3.0, backported from 8.1Remi Collet2021-11-091-4/+17
|
* update to 7.4.26RC1Remi Collet2021-11-031-4/+8
|
* bumpRemi Collet2021-10-261-1/+1
|
* dba: enable qdbm backendRemi Collet2021-10-261-0/+16
|
* Update to 7.4.25 - http://www.php.net/releases/7_4_25.phpRemi Collet2021-10-201-2/+5
|
* update to 7.4.24RC1Remi Collet2021-10-061-7/+11
| | | | use libicu version 69
* Update to 7.4.24 - http://www.php.net/releases/7_4_24.phpRemi Collet2021-09-211-1/+4
|
* update to 7.4.24RC1Remi Collet2021-09-081-3/+7
| | | | use oracle client library version 21.3
* Update to 7.4.23 - http://www.php.net/releases/7_4_23.phpRemi Collet2021-08-241-1/+4
|
* update to 7.4.23RC1Remi Collet2021-08-101-2/+5
|
* Update to 7.4.22 - http://www.php.net/releases/7_4_22.phpRemi Collet2021-07-281-1/+4
|
* update to 7.4.22RC1Remi Collet2021-07-131-2/+5
|
* Update to 7.4.21 - http://www.php.net/releases/7_4_21.phpRemi Collet2021-06-291-4/+7
|
* update to 7.4.21RC1Remi Collet2021-06-161-2/+9
| | | | ignore unsupported "threads" option on password_hash
* Update to 7.4.20 - http://www.php.net/releases/7_4_20.phpRemi Collet2021-06-021-2/+5
|
* fix snmp extension build with net-snmp without DESRemi Collet2021-05-271-1/+7
|
* update to 7.4.20RC1Remi Collet2021-05-181-2/+5
|
* Update to 7.4.19 - http://www.php.net/releases/7_4_19.phpRemi Collet2021-05-041-1/+4
|
* Update to 7.4.18 - http://www.php.net/releases/7_4_18.phpRemi Collet2021-04-271-1/+4
|
* update to 7.4.18RC1Remi Collet2021-04-131-1/+4
|
* update to 7.4.17RC1Remi Collet2021-03-161-8/+8
| | | | use oracle client library version 21.1