From 887946144c00566e2e5592a395312252862a1809 Mon Sep 17 00:00:00 2001 From: Molkobain Date: Tue, 14 Jan 2020 09:53:46 +0100 Subject: [PATCH] =?UTF-8?q?N=C2=B02696=20-=20Upgrade=20ArchiveTar=20to=20v?= =?UTF-8?q?1.4.9=20(PHP=207.4=20compatibility)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- composer.json | 2 +- composer.lock | 12 ++++----- lib/composer/installed.json | 12 ++++----- lib/pear/archive_tar/.travis.yml | 9 +++++++ lib/pear/archive_tar/Archive/Tar.php | 39 ++++++++++++++++++++++------ lib/pear/archive_tar/package.xml | 38 ++++++++++++++++++++++++--- 6 files changed, 87 insertions(+), 25 deletions(-) diff --git a/composer.json b/composer.json index 26c6c8686..cfbe5c3d3 100644 --- a/composer.json +++ b/composer.json @@ -12,7 +12,7 @@ "ext-soap": "*", "combodo/tcpdf": "6.3.2", "nikic/php-parser": "^3.1", - "pear/archive_tar": "1.4.7", + "pear/archive_tar": "1.4.9", "pelago/emogrifier": "2.1.0", "scssphp/scssphp": "1.0.6", "swiftmailer/swiftmailer": "5.4.12", diff --git a/composer.lock b/composer.lock index 39a9594be..75e0c9ae5 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "fa67ef7539c664354f726be04d0d044c", + "content-hash": "3e413c47265b246174add07c2c91b5e9", "packages": [ { "name": "combodo/tcpdf", @@ -163,16 +163,16 @@ }, { "name": "pear/archive_tar", - "version": "1.4.7", + "version": "1.4.9", "source": { "type": "git", "url": "https://github.com/pear/Archive_Tar.git", - "reference": "7e48add6f8edc3027dd98ad15964b1a28fd0c845" + "reference": "c5b00053770e1d72128252c62c2c1a12c26639f0" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/pear/Archive_Tar/zipball/7e48add6f8edc3027dd98ad15964b1a28fd0c845", - "reference": "7e48add6f8edc3027dd98ad15964b1a28fd0c845", + "url": "https://api.github.com/repos/pear/Archive_Tar/zipball/c5b00053770e1d72128252c62c2c1a12c26639f0", + "reference": "c5b00053770e1d72128252c62c2c1a12c26639f0", "shasum": "" }, "require": { @@ -225,7 +225,7 @@ "archive", "tar" ], - "time": "2019-04-08T13:15:55+00:00" + "time": "2019-12-04T10:17:28+00:00" }, { "name": "pear/console_getopt", diff --git a/lib/composer/installed.json b/lib/composer/installed.json index d0a6a8b68..3a90f17fe 100644 --- a/lib/composer/installed.json +++ b/lib/composer/installed.json @@ -162,17 +162,17 @@ }, { "name": "pear/archive_tar", - "version": "1.4.7", - "version_normalized": "1.4.7.0", + "version": "1.4.9", + "version_normalized": "1.4.9.0", "source": { "type": "git", "url": "https://github.com/pear/Archive_Tar.git", - "reference": "7e48add6f8edc3027dd98ad15964b1a28fd0c845" + "reference": "c5b00053770e1d72128252c62c2c1a12c26639f0" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/pear/Archive_Tar/zipball/7e48add6f8edc3027dd98ad15964b1a28fd0c845", - "reference": "7e48add6f8edc3027dd98ad15964b1a28fd0c845", + "url": "https://api.github.com/repos/pear/Archive_Tar/zipball/c5b00053770e1d72128252c62c2c1a12c26639f0", + "reference": "c5b00053770e1d72128252c62c2c1a12c26639f0", "shasum": "" }, "require": { @@ -187,7 +187,7 @@ "ext-xz": "Lzma2 compression support.", "ext-zlib": "Gzip compression support." }, - "time": "2019-04-08T13:15:55+00:00", + "time": "2019-12-04T10:17:28+00:00", "type": "library", "extra": { "branch-alias": { diff --git a/lib/pear/archive_tar/.travis.yml b/lib/pear/archive_tar/.travis.yml index a0af9f106..b841f4efc 100644 --- a/lib/pear/archive_tar/.travis.yml +++ b/lib/pear/archive_tar/.travis.yml @@ -20,9 +20,18 @@ matrix: dist: trusty - php: 7.3 dist: trusty + - php: 7.4snapshot + - php: master + +jobs: + allow_failures: + - php: 7.4snapshot + - php: master + install: # - pear upgrade --force --alldeps pear/pear - pear install -f package.xml script: + - pear version - pear run-tests -qr tests/ - for i in `find tests/ -name '*.out'`; do echo "$i"; cat "$i"; done diff --git a/lib/pear/archive_tar/Archive/Tar.php b/lib/pear/archive_tar/Archive/Tar.php index 53966c255..2f328c227 100644 --- a/lib/pear/archive_tar/Archive/Tar.php +++ b/lib/pear/archive_tar/Archive/Tar.php @@ -312,11 +312,12 @@ class Archive_Tar extends PEAR /** * @param string $p_path * @param bool $p_preserve + * @param bool $p_symlinks * @return bool */ - public function extract($p_path = '', $p_preserve = false) + public function extract($p_path = '', $p_preserve = false, $p_symlinks = true) { - return $this->extractModify($p_path, '', $p_preserve); + return $this->extractModify($p_path, '', $p_preserve, $p_symlinks); } /** @@ -557,11 +558,12 @@ class Archive_Tar extends PEAR * removed if present at the beginning of * the file/dir path. * @param boolean $p_preserve Preserve user/group ownership of files + * @param boolean $p_symlinks Allow symlinks. * * @return boolean true on success, false on error. * @see extractList() */ - public function extractModify($p_path, $p_remove_path, $p_preserve = false) + public function extractModify($p_path, $p_remove_path, $p_preserve = false, $p_symlinks = true) { $v_result = true; $v_list_detail = array(); @@ -573,7 +575,8 @@ class Archive_Tar extends PEAR "complete", 0, $p_remove_path, - $p_preserve + $p_preserve, + $p_symlinks ); $this->_close(); } @@ -617,11 +620,12 @@ class Archive_Tar extends PEAR * removed if present at the beginning of * the file/dir path. * @param boolean $p_preserve Preserve user/group ownership of files + * @param boolean $p_symlinks Allow symlinks. * * @return true on success, false on error. * @see extractModify() */ - public function extractList($p_filelist, $p_path = '', $p_remove_path = '', $p_preserve = false) + public function extractList($p_filelist, $p_path = '', $p_remove_path = '', $p_preserve = false, $p_symlinks = true) { $v_result = true; $v_list_detail = array(); @@ -642,7 +646,8 @@ class Archive_Tar extends PEAR "partial", $v_list, $p_remove_path, - $p_preserve + $p_preserve, + $p_symlinks ); $this->_close(); } @@ -1692,7 +1697,16 @@ class Archive_Tar extends PEAR } // ----- Extract the checksum - $v_header['checksum'] = OctDec(trim($v_data['checksum'])); + $v_data_checksum = trim($v_data['checksum']); + if (!preg_match('/^[0-7]*$/', $v_data_checksum)) { + $this->_error( + 'Invalid checksum for file "' . $v_data['filename'] + . '" : ' . $v_data_checksum . ' extracted' + ); + return false; + } + + $v_header['checksum'] = OctDec($v_data_checksum); if ($v_header['checksum'] != $v_checksum) { $v_header['filename'] = ''; @@ -1908,6 +1922,7 @@ class Archive_Tar extends PEAR * @param string $p_file_list * @param string $p_remove_path * @param bool $p_preserve + * @param bool $p_symlinks * @return bool */ public function _extractList( @@ -1916,7 +1931,8 @@ class Archive_Tar extends PEAR $p_mode, $p_file_list, $p_remove_path, - $p_preserve = false + $p_preserve = false, + $p_symlinks = true ) { $v_result = true; @@ -2099,6 +2115,13 @@ class Archive_Tar extends PEAR } } } elseif ($v_header['typeflag'] == "2") { + if (!$p_symlinks) { + $this->_warning('Symbolic links are not allowed. ' + . 'Unable to extract {' + . $v_header['filename'] . '}' + ); + return false; + } if (@file_exists($v_header['filename'])) { @unlink($v_header['filename']); } diff --git a/lib/pear/archive_tar/package.xml b/lib/pear/archive_tar/package.xml index 3e3448a95..683493951 100644 --- a/lib/pear/archive_tar/package.xml +++ b/lib/pear/archive_tar/package.xml @@ -32,10 +32,10 @@ Also Lzma2 compressed archives are supported with xz extension. stig@php.net no - 2019-04-08 - + 2019-12-04 + - 1.4.7 + 1.4.9 1.4.0 @@ -44,7 +44,7 @@ Also Lzma2 compressed archives are supported with xz extension. New BSD License -* Improved performance by increasing read buffer size +* Implement Feature #23861: Add option to disallow symlinks [mrook] @@ -74,6 +74,36 @@ Also Lzma2 compressed archives are supported with xz extension. + + + 1.4.8 + 1.4.0 + + + stable + stable + + 2019-10-21 + New BSD License + +* Fix Bug #23852: PHP 7.4 - Archive_Tar->_readHeader throws deprecation [mrook] + + + + + 1.4.7 + 1.4.0 + + + stable + stable + + 2019-04-08 + New BSD License + +* Improved performance by increasing read buffer size + + 1.4.6