Commit Graph

7283 Commits

Author SHA1 Message Date
Martin Jansen
de31324c22 Fix bug #64938: libxml_disable_entity_loader setting is shared between threads
The availability of entity loading is stored in a module global which
previously was only initialized in the GINIT constructor. This had the
effect that disabling the entity loader in one request caused
subsequent requests hitting the same Apache child process to  also have
the loader disabled.

With this change the loader is explicitely enabled in the request init
phase.
2015-02-01 00:08:35 -08:00
Stanislav Malyshev
380741daa4 add NEWS 2015-01-31 23:19:23 -08:00
Stanislav Malyshev
882a375dba Add mitigation for CVE-2015-0235 (bug #68925) 2015-01-31 19:10:52 -08:00
Yasuo Ohgaki
abf9e2ea09 Fixed Bug #68941 mod_files.sh is a bash-script 2015-01-29 09:25:28 +09:00
Xinchen Hui
b2cf3f064b Fixed bug #68901 (use after free) 2015-01-29 00:00:09 +08:00
Xinchen Hui
8c2d91761a Also Fixed #68571 in CGI SAPI, and some cleanup 2015-01-27 22:11:23 +08:00
Bob Weinand
3f57663b57 Add NEWS entry 2015-01-26 22:50:16 +01:00
Keyur Govande
d065a2fc1b Add NEWS 2015-01-26 21:29:57 +00:00
Remi Collet
2955993947 move CVE to the right version 2015-01-22 13:06:15 +01:00
Joshua Rogers
91aa340180 Fixed bug #68827 Double free with disabled ZMM 2015-01-22 09:59:13 +01:00
Julien Pauli
88f2321a25 Updated NEWS 2015-01-21 11:10:20 +01:00
Derick Rethans
8e19705a93 Fixed bug #55407 (Impossible to prototype DateTime::createFromFormat) 2015-01-20 21:44:19 +00:00
Stanislav Malyshev
cca3c8a985 fix year 2015-01-20 13:27:38 -08:00
Stanislav Malyshev
04dcc705de update NEWS 2015-01-20 11:57:39 -08:00
Julien Pauli
a40e004553 Updated NEWS 2015-01-20 15:09:13 +01:00
Derick Rethans
b0159431e3 Fixed bug #45081 (strtotime incorrectly interprets SGT time zone). 2015-01-19 22:59:24 +00:00
Anatol Belski
0cef7d168d updated NEWS 2015-01-15 16:42:52 +01:00
Julien Pauli
dc810543cf Fix bug #68260 2015-01-09 16:24:14 +01:00
Julien Pauli
3f1d1892c9 5.5.22 now 2015-01-07 10:42:53 +01:00
Adam Harvey
448ef30f75 Handle NULL strings in sapi_cli_server_register_variable().
Fixes bug #68745 (Invalid HTTP requests make web server segfault).
2015-01-06 01:23:27 +00:00
Remi Collet
4bb580adb1 NEWS 2015-01-05 17:34:45 +01:00
Matteo Beccati
4a9ad2faff Updated NEWS for #68371 2015-01-05 11:01:54 +01:00
Stanislav Malyshev
eeae4651f7 Merge branch 'pull-request/975' into PHP-5.5
* pull-request/975:
  Fixes #66764 -  configure doesn't define EXPANDED_DATADIR / PHP_DATADIR correctly
2015-01-04 20:54:29 -08:00
Anatol Belski
d3f171117c updated NEWS 2015-01-04 14:23:33 +01:00
Anatol Belski
d92a87d7cb Fixed bug #68671 incorrect expression in libmagic 2014-12-30 19:37:27 +01:00
Adam Harvey
211f4ceeae Check the return value of lo_export.
Patch by Ondřej Surý. Fixes bug #68697 (lo_export return -1 on failure).
2014-12-30 17:47:19 +00:00
Anatol Belski
d5123415f6 Fixed bug #66679 Alignment Bug in PCRE 8.34 upstream 2014-12-30 16:50:22 +01:00
Anatol Belski
6e36ded569 remove BOM from NEWS 2014-12-30 16:47:10 +01:00
Stanislav Malyshev
71c970077d Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
  FIx bug #68618 (out of bounds read crashes php-cgi)
2014-12-30 01:26:00 -08:00
Stanislav Malyshev
f9ad308669 FIx bug #68618 (out of bounds read crashes php-cgi) 2014-12-30 01:23:05 -08:00
Kalle Sommer Nielsen
fbf3a6bc1a Fixed bug #68676 (Explicit Double Free) 2014-12-29 11:04:23 +01:00
Nikita Popov
aa394e70ff Fix bug #67111
Loop variables need to be freed for both "break" and "continue".

I'm adding the test to Zend/ because it's good to have a test for
this even without opcache.
2014-12-19 21:42:42 +01:00
Ferenc Kovacs
5a67d9a229 add missing NEWS entry 2014-12-17 02:13:59 +01:00
Ferenc Kovacs
cd387b4575 add missing NEWS entry 2014-12-17 02:10:36 +01:00
Stanislav Malyshev
8fe4cc6d28 5.4.37 2014-12-16 11:44:41 -08:00
Stanislav Malyshev
8efd73c4d2 update news 2014-12-16 10:18:07 -08:00
Stanislav Malyshev
53f129a44d add CVE 2014-12-16 10:16:31 -08:00
Stanislav Malyshev
630f9c33c2 Fix bug #68594 - Use after free vulnerability in unserialize() 2014-12-16 10:15:17 -08:00
Remi Collet
ba62b9bbf8 NEWS 2014-12-13 09:04:57 +01:00
Julien Pauli
d43d0663af Updated NEWS 2014-12-12 16:50:32 +01:00
Julien Pauli
d6eb3b49c8 Updated NEWS 2014-12-12 15:06:04 +01:00
Julien Pauli
fbe9b2c088 Updated NEWS 2014-12-12 14:18:27 +01:00
Anatol Belski
3affc0e8a2 Fixed bug #68583 Crash in timeout thread
This replaces the GUI element used for execution timeout handling
on Windows. Instead a timer queue technique is used, which is indeed
a thread pool. A timer queue timer is a lightweight object handled
but that thread pool and the timer thread spends most of the time
sleeping and waiting for an alert.

Please note also that this introduces neither binary nor source
breach. The custom timeout thread functions are deleted, however
they was not exported throug DLL, so couldn't be used by any
external code. As well they couldn't be used anywhere in the core
except in executor api, because those custom timeout thread
functions they used to operate on static variables which would
be overwritten (and that would blow).

So instead a relatively modern technique is used for the timeout
handling. It's still not perfect because the executor still has to
check EX(timed_out). This can be a topic for an improvement in
master. But brobably can be tricky as currently it seems to be not
possible to signal an individual thread. Also note another issue
that static variables aren't thread safe, but the current timer
implementation is.
2014-12-12 10:43:31 +01:00
Stanislav Malyshev
97df260b27 update NEWS 2014-12-11 10:41:17 -08:00
Anatol Belski
20d93534d5 Fixed bug #68545 NULL pointer dereference in unserialize.c 2014-12-10 11:43:33 +01:00
Julien Pauli
a67a5dc0ad Updated NEWS 2014-12-10 11:22:28 +01:00
Anatol Belski
1b4d5ad46a Fixed bug #65230 setting locale randomly broken 2014-12-06 11:59:43 +01:00
Julien Pauli
3add3491b3 Updated NEWS 2014-12-05 17:05:21 +01:00
Anatol Belski
fccd1eda5f . Fixed bug #68120 Update bundled libsqlite 2014-12-05 15:43:53 +01:00
Anatol Belski
7943f944c2 Fixed bug #65769 localeconv() broken in TS builds 2014-12-05 11:06:06 +01:00