summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fix Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI InterfaceHEADmasterRemi Collet2024-11-267-4/+710
| | | | | | | | | | | | GHSA-4w77-75f9-2c8w Fix OOB access in ldap_escape CVE-2024-8932 Fix Integer overflow in the dblib/firebird quoter causing OOB writes CVE-2024-11236 Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs CVE-2024-11234 Fix Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233
* Fix Bypass of CVE-2012-1823, Argument Injection in PHP-CGIRemi Collet2024-09-275-9/+561
| | | | | | | | | | CVE-2024-4577 Fix Bypass of CVE-2024-4577, Parameter Injection Vulnerability CVE-2024-8926 Fix cgi.force_redirect configuration is bypassable due to the environment variable collision CVE-2024-8927 Fix Erroneous parsing of multipart form data CVE-2024-8925
* use oracle client library version 23.5 on x86_64Remi Collet2024-07-312-544/+792
|
* Fix filter bypass in filter_var FILTER_VALIDATE_URLRemi Collet2024-06-052-3/+193
| | | | CVE-2024-5458
* use oracle client library version 21.13 on x86_64, 19.19 on aarch64Remi Collet2024-04-104-6/+300
| | | | | | | Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 Fix password_verify can erroneously return true opening ATO risk CVE-2024-3096
* use oracle client library version 21.11 on x86_64, 19.19 on aarch64Remi Collet2023-10-161-5/+17
| | | | use official Oracle Instant Client RPM
* use official Oracle Instant Client RPMRemi Collet2023-09-222-47/+23
|
* Fix Security issue with external entity loading in XML without enabling itRemi Collet2023-08-013-5/+821
| | | | | | | GHSA-3qrf-m4j2-pcrr CVE-2023-3823 Fix Buffer mismanagement in phar_dir_read() GHSA-jqcx-ccgc-xwhv CVE-2023-3824 move httpd/nginx wants directive to config files in /etc
* fix possible buffer overflow in dateRemi Collet2023-06-213-40/+70
|
* Fix Missing error check and insufficient random bytes in HTTP DigestRemi Collet2023-06-073-3/+141
| | | | | | | authentication for SOAP GHSA-76gg-c692-v2mw use oracle client library version 21.10 define __phpize and __phpconfig
* fix #81744: Password_verify() always return true with some hashRemi Collet2023-02-145-8/+459
| | | | | | | | CVE-2023-0567 fix #81746: 1-byte array overrun in common path resolve code CVE-2023-0568 fix DOS vulnerability when parsing multipart request body CVE-2023-0662
* pdo: fix #81740: PDO::quote() may return unquoted stringRemi Collet2022-12-192-3/+97
| | | | | CVE-2022-31631 use oracle client library version 21.8
* hash: fix #81738: buffer overflow in hash_update() on long parameter.Remi Collet2022-10-242-1/+136
| | | | CVE-2022-37454
* fix NEWSRemi Collet2022-09-301-0/+33
|
* phar: fix #81726 DOS when using quine gzip file. CVE-2022-31628Remi Collet2022-09-272-2/+61
| | | | | | core: fix #81727 Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. CVE-2022-31629 use oracle client library version 21.7
* phar: fix #81726 DOS when using quine gzip file. CVE-2022-31628Remi Collet2022-09-274-8/+188
| | | | | | core: fix #81727 Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. CVE-2022-31629 use oracle client library version 21.7
* use oracle client library version 21.6Remi Collet2022-06-074-422/+689
| | | | | mysqlnd: fix #81719: mysqlnd/pdo password buffer overflow. CVE-2022-31626 pgsql: fix #81720: Uninitialized array in pg_query_params(). CVE-2022-31625
* Fix #79971 special character is breaking the path in xml functionRemi Collet2021-11-153-3/+176
| | | | CVE-2021-21707
* refresh patch (with NEWS)Remi Collet2021-10-201-3/+32
|
* fix PHP-FPM oob R/W in root process leading to priv escalationRemi Collet2021-10-204-5/+428
| | | | | | CVE-2021-21703 use libicu version 69 use oracle client library version 21.3
* Fix #81211 Symlinks are followed when creating PHAR archiveRemi Collet2021-08-252-1/+169
|
* Fix #81122 SSRF bypass in FILTER_VALIDATE_URLRemi Collet2021-06-285-5/+317
| | | | | | | | | CVE-2021-21705 Fix #76448 Stack buffer overflow in firebird_info_cb Fix #76449 SIGSEGV in firebird_handle_doer Fix #76450 SIGSEGV in firebird_stmt_execute Fix #76452 Crash while parsing blob data in firebird_fetch_blob CVE-2021-21704
* Fix #80710 imap_mail_compose() header injectionRemi Collet2021-04-283-334/+792
| | | | use oracle client library version 21.1
* Fix #80672 Null Dereference in SoapClientRemi Collet2021-02-034-2/+528
| | | | | CVE-2021-21702 better fix for #77423
* Fix #77423 FILTER_VALIDATE_URL accepts URLs with invalid userinfoRemi Collet2021-01-043-6/+208
| | | | CVE-2020-7071
* fix obsoletesRemi Collet2020-10-281-1/+1
|
* Update to 7.2.34 - http://www.php.net/releases/7_2_34.phpRemi Collet2020-09-302-13/+14
|
* fix dates in changelogRemi Collet2020-08-071-2/+2
|
* Update to 7.2.33 - http://www.php.net/releases/7_2_33.phpRemi Collet2020-08-042-5/+6
|
* Update to 7.2.32 (no change)Remi Collet2020-07-084-8/+20
| | | | display build system and provider in phpinfo (from 8.0)
* rebuild using oniguruma5phpRemi Collet2020-06-092-4/+12
| | | | build phpdbg only once
* Update to 7.2.31 - http://www.php.net/releases/7_2_31.phpRemi Collet2020-05-123-297/+99
|
* Update to 7.2.30 - http://www.php.net/releases/7_2_30.phpRemi Collet2020-04-152-2/+5
|
* Update to 7.2.29 - http://www.php.net/releases/7_2_29.phpRemi Collet2020-03-172-3/+7
| | | | use oracle client library version 19.6 (18.5 on EL-6)
* Update to 7.2.28 - http://www.php.net/releases/7_2_28.phpRemi Collet2020-02-182-7/+6
|
* Update to 7.2.27 - http://www.php.net/releases/7_2_27.phpRemi Collet2020-02-182-3/+7
|
* - Update to 7.2.26 - http://www.php.net/releases/7_2_26.phpRemi Collet2019-12-172-3/+11
| | | | - use oracle client library version 19.5 (18.5 on EL-6)
* update to 7.2.26RC1Remi Collet2019-12-032-3/+6
|
* Update to 7.2.25 - http://www.php.net/releases/7_2_25.phpRemi Collet2019-11-202-5/+6
|
* update to 7.2.25RC1Remi Collet2019-11-052-8/+11
|
* Update to 7.2.24 - http://www.php.net/releases/7_2_24.phpRemi Collet2019-10-222-5/+12
|
* update to 7.2.24RC1Remi Collet2019-10-082-3/+6
|
* Update to 7.2.23 - http://www.php.net/releases/7_2_23.phpRemi Collet2019-09-252-3/+9
|
* add tarball signature checkRemi Collet2019-09-112-0/+527
|
* v7.2.23RC1Remi Collet2019-09-113-42/+8
|
* - Update to 7.2.22 - http://www.php.net/releases/7_2_22.phpRemi Collet2019-08-283-4/+46
| | | | | - fix generator incorrectly reports non-releasable $this as GC child https://bugs.php.net/78412
* 7.2.22RC1Remi Collet2019-08-192-6/+7
|
* Update to 7.2.21 - http://www.php.net/releases/7_2_21.phpRemi Collet2019-07-303-54/+8
|
* - update to 7.2.21RC1Remi Collet2019-07-163-5/+58
| | | | - add upstream patch for #78297
* - Update to 7.2.20 - http://www.php.net/releases/7_2_20.phpRemi Collet2019-07-022-11/+8
| | | | - disable opcache.huge_code_pages in default configuration