rpms/scl-php56/php.git - The master git repository for php RPM

	Commit message (Collapse)	Author	Age	Files	Lines
*	Fix Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface	Remi Collet	2024-11-26	6	-4/+559
\| \| \| \| \| \| \| \| \| \|	GHSA-4w77-75f9-2c8w Fix OOB access in ldap_escape CVE-2024-8932 Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs CVE-2024-11234 Fix Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233
*	Fix Bypass of CVE-2012-1823, Argument Injection in PHP-CGI	Remi Collet	2024-09-27	5	-7/+601
\| \| \| \| \| \| \| \| \| \|	CVE-2024-4577 Fix Bypass of CVE-2024-4577, Parameter Injection Vulnerability CVE-2024-8926 Fix cgi.force_redirect configuration is bypassable due to the environment variable collision CVE-2024-8927 Fix Erroneous parsing of multipart form data CVE-2024-8925
*	use oracle client library version 23.5 on x86_64	Remi Collet	2024-07-31	1	-7/+12
\|
*	Fix filter bypass in filter_var FILTER_VALIDATE_URL	Remi Collet	2024-06-05	2	-1/+275
\| \| \| \|	CVE-2024-5458
*	use oracle client library version 21.13	Remi Collet	2024-04-10	4	-5/+311
\| \| \| \| \| \| \|	Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 Fix password_verify can erroneously return true opening ATO risk CVE-2024-3096
*	use official Oracle Instant Client RPM	Remi Collet	2023-09-22	2	-28/+37
\|
*	Fix Security issue with external entity loading in XML without enabling it	Remi Collet	2023-08-02	3	-5/+560
\| \| \| \| \| \| \|	GHSA-3qrf-m4j2-pcrr CVE-2023-3823 Fix Buffer mismanagement in phar_dir_read() GHSA-jqcx-ccgc-xwhv CVE-2023-3824 move httpd/nginx wants directive to config files in /etc
*	fix possible buffer overflow in date	Remi Collet	2023-06-21	4	-82/+117
\| \| \| \|	define %php56___phpize and %php56___phpconfig
*	Fix insufficient random bytes in HTTP Digest authentication for SOAP	Remi Collet	2023-06-07	2	-2/+57
\| \| \| \| \|	GHSA-76gg-c692-v2mw use oracle client library version 21.10
*	fix #81744: Password_verify() always return true with some hash	Remi Collet	2023-02-15	6	-21/+579
\| \| \| \| \| \| \| \|	CVE-2023-0567 fix #81746: 1-byte array overrun in common path resolve code CVE-2023-0568 fix DOS vulnerability when parsing multipart request body CVE-2023-0662
*	fix NEWS	Remi Collet	2022-09-30	1	-0/+33
\|
*	phar: fix #81726 DOS when using quine gzip file. CVE-2022-31628	Remi Collet	2022-09-28	3	-4/+248
\| \| \| \| \| \|	core: fix #81727 Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. CVE-2022-31629 use oracle client library version 21.7
*	use oracle client library version 21.6	Remi Collet	2022-06-07	3	-9/+161
\| \| \| \| \|	mysqlnd: fix #81719: mysqlnd/pdo password buffer overflow. CVE-2022-31626 pgsql: fix #81720: Uninitialized array in pg_query_params(). CVE-2022-31625
*	Fix #79971 special character is breaking the path in xml function	Remi Collet	2021-11-15	2	-1/+242
\| \| \| \|	CVE-2021-21707
*	fix PHP-FPM oob R/W in root process leading to priv escalation	Remi Collet	2021-10-20	2	-5/+444
\| \| \| \| \| \|	CVE-2021-21703 use libicu version 69 use oracle client library version 21.3
*	fix intl build on F35	Remi Collet	2021-09-07	2	-2/+5
\|
*	Fix #81211 Symlinks are followed when creating PHAR archive	Remi Collet	2021-08-26	2	-1/+170
\|
*	missing changelog	Remi Collet	2021-06-29	1	-0/+2
\|
*	Fix #81122 SSRF bypass in FILTER_VALIDATE_URL	Remi Collet	2021-06-28	4	-3/+542
\| \| \| \| \| \| \| \| \|	CVE-2021-21705 Fix #76448 Stack buffer overflow in firebird_info_cb Fix #76449 SIGSEGV in firebird_handle_doer Fix #76450 SIGSEGV in firebird_stmt_execute Fix #76452 Crash while parsing blob data in firebird_fetch_blob CVE-2021-21704
*	fix snmp extension build with net-snmp without DES	Remi Collet	2021-05-27	2	-1/+45
\|
*	Fix #80710 imap_mail_compose() header injection	Remi Collet	2021-04-28	2	-17/+380
\| \| \| \|	use oracle client library version 21.1
*	Fix #80672 Null Dereference in SoapClient	Remi Collet	2021-02-03	3	-1/+470
\| \| \| \| \|	CVE-2021-21702 better fix for #77423
*	Fix #77423 FILTER_VALIDATE_URL accepts URLs with invalid userinfo	Remi Collet	2021-01-04	3	-8/+369
\| \| \| \|	CVE-2020-7071
*	F33 build	Remi Collet	2020-08-20	1	-5/+19
\|
*	Core:	Remi Collet	2020-08-04	3	-2/+149
\| \| \| \| \| \| \|	Fix #79877 getimagesize function silently truncates after a null byte Phar: Fix #79797 use of freed hash key in the phar_parse_zipfile function CVE-2020-7068
*	Core:	Remi Collet	2020-05-13	2	-1/+79
\| \| \| \| \| \| \|	Fix #78875 Long filenames cause OOM and temp files are not cleaned CVE-2019-11048 Fix #78876 Long variables in multipart/form-data cause OOM and temp files are not cleaned
*	standard:	Remi Collet	2020-04-14	3	-1/+128
\| \| \| \| \| \|	Fix #79330 shell_exec silently truncates after a null byte Fix #79465 OOB Read in urldecode CVE-2020-7067
*	standard:	Remi Collet	2020-03-17	3	-2/+187
\| \| \| \| \| \| \| \| \|	Fix #79329 get_headers() silently truncates after a null byte CVE-2020-7066 exif: Fix #79282 Use-of-uninitialized-value in exif CVE-2020-7064 use oracle client library version 19.6 (18.5 on EL-6)
*	add the gcc10 patch	Remi Collet	2020-02-19	1	-0/+30
\|
*	add fix for GCC 10	Remi Collet	2020-02-19	2	-3/+8
\|
*	Renew openssl certs	Remi Collet	2020-02-18	2	-0/+152
\|
*	phar:	Remi Collet	2020-02-18	3	-1/+253
\| \| \| \| \| \| \| \|	Fix #79082 Files added to tar with Phar::buildFromIterator have all-access permissions CVE-2020-7063 session: Fix #79221 Null Pointer Dereference in PHP Session Upload Progress CVE-2020-7062
*	rebuild with 1 more fix	Remi Collet	2020-01-23	2	-2/+35
\|
*	mbstring:	Remi Collet	2020-01-21	4	-2/+188
\| \| \| \| \| \| \| \|	Fix #79037 global buffer-overflow in mbfl_filt_conv_big5_wchar CVE-2020-7060 standard: Fix #79099 OOB read in php_strip_tags_ex CVE-2020-7059
*	- bcmath:	Remi Collet	2019-12-17	7	-8/+463
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Fix #78878 Buffer underflow in bc_shift_addsub CVE-2019-11046 - core: Fix #78862 link() silently truncates after a null byte on Windows CVE-2019-11044 Fix #78863 DirectoryIterator class silently truncates after a null byte CVE-2019-11045 - exif Fix #78793 Use-after-free in exif parsing under memory sanitizer CVE-2019-11050 Fix #78910 Heap-buffer-overflow READ in exif CVE-2019-11047 - use oracle client library version 19.5 (18.5 on EL-6)
*	Fix CVE-2019-11043 env_path_info underflow in fpm_main.c	Remi Collet	2019-10-22	3	-5/+65
\|
*	From 7.1.32	Remi Collet	2019-08-28	4	-6/+181
\| \| \| \| \| \| \|	- mbstring: Fix CVE-2019-13224 don't allow different encodings for onig_new_deluxe - pcre: Fix #75457 heap use-after-free in pcrelib
*	- exif:	Remi Collet	2019-07-30	5	-8/+172
\| \| \| \| \| \| \| \| \|	Fix #78256 heap-buffer-overflow on exif_process_user_comment CVE-2019-11042 Fix #78222 heap-buffer-overflow on exif_scan_thumbnail CVE-2019-11041 - phar: Fix #77919 Potential UAF in Phar RSHUTDOWN
*	bump release	Remi Collet	2019-07-03	1	-2/+2
\|
*	use oracle client library version 19.3	Remi Collet	2019-06-17	1	-2/+12
\|
*	- iconv:	Remi Collet	2019-05-28	5	-2/+170
\| \| \| \| \| \| \| \| \| \|	Fix #78069 Out-of-bounds read in iconv.c:_php_iconv_mime_decode() CVE-2019-11039 - exif: Fix #77988 Heap-buffer-overflow on php_jpg_get16 CVE-2019-11040 - sqlite3: Fix #77967 Bypassing open_basedir restrictions via file uris
*	- exif:	Remi Collet	2019-04-30	3	-2/+76
\| \| \| \| \|	Fix #77950 Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG CVE-2019-11036
*	- exif:	Remi Collet	2019-04-02	5	-24/+441
\| \| \| \| \| \| \|	Fix #77753 Heap-buffer-overflow in php_ifd_get32s Fix #77831 Heap-buffer-overflow in exif_iif_add_value - sqlite3: Added sqlite3.defensive INI directive
*	ensure php-devel pulls needed lilbraries from php-config output	Remi Collet	2019-03-29	1	-0/+6
\|
*	Fix #76846 Segfault in shutdown function after memory limit error	Remi Collet	2019-03-15	2	-3/+100
\|
*	add CVEs	Remi Collet	2019-03-15	1	-0/+5
\|
*	Fix #77396 Null Pointer Dereference in phar_create_or_parse_filename	Remi Collet	2019-03-12	9	-42/+335
\| \| \| \| \| \| \|	Fix #77586 - phar_tar_writeheaders_int() buffer overflow - spl: Fix #77431 openFile() silently truncates after a null byte - security fix synced with https://github.com/Microsoft/php-src/
*	f30 build	Remi Collet	2019-03-08	2	-11/+12
\|
*	update test results	Remi Collet	2019-03-05	1	-3/+7
\|
*	Fix #77630 rename() across the device may allow unwanted access during ↵	Remi Collet	2019-03-05	2	-1/+97
\| \| \| \|	processing