Merge branch 'support/2.7' into develop

# Conflicts: # README.md # composer.json # composer.lock # core/cmdbsource.class.inc.php # core/dbobject.class.php # datamodels/2.x/combodo-db-tools/db_analyzer.class.inc.php # datamodels/2.x/combodo-db-tools/dbtools.php # datamodels/2.x/combodo-db-tools/dictionaries/zh_cn.dict.combodo-db-tools.php # datamodels/2.x/itop-attachments/dictionaries/zh_cn.dict.itop-attachments.php # datamodels/2.x/itop-core-update/dictionaries/zh_cn.dict.itop-core-update.php # dictionaries/zh_cn.dictionary.itop.core.php # dictionaries/zh_cn.dictionary.itop.ui.php # lib/composer/InstalledVersions.php # lib/composer/autoload_classmap.php # lib/composer/autoload_static.php # lib/composer/installed.php # lib/composer/platform_check.php # pages/ajax.render.php # pages/csvimport.php # setup/ajax.dataloader.php # setup/index.php # setup/setuputils.class.inc.php # test/application/UtilsTest.php
2026-05-01 22:48:45 +02:00 · 2021-06-14 16:19:56 +02:00
parent 51e24a4e35 3a876d5c75
commit d8e2a1cc7c
65 changed files with 3743 additions and 3485 deletions
--- a/lib/pear/archive_tar/package.xml
+++ b/lib/pear/archive_tar/package.xml
@@ -32,10 +32,10 @@ Also Lzma2 compressed archives are supported with xz extension.</description>
  <email>stig@php.net</email>
  <active>no</active>
 </helper>
- <date>2020-09-15</date>
- <time>14:03:45</time>
+ <date>2021-01-18</date>
+ <time>19:29:56</time>
 <version>
-  <release>1.4.10</release>
+  <release>1.4.12</release>
  <api>1.4.0</api>
 </version>
 <stability>
@@ -44,8 +44,7 @@ Also Lzma2 compressed archives are supported with xz extension.</description>
 </stability>
 <license uri="http://www.opensource.org/licenses/bsd-license.php">New BSD License</license>
 <notes>
-* Fix block padding when the file buffer length is a multiple of 512 and smaller than Archive_Tar buffer length
-* Don't try to copy username/groupname in chroot jail
+* Fix Bug #27008: Symlink out-of-path write vulnerability (CVE-2020-36193) [mrook]
 </notes>
 <contents>
  <dir name="/">
@@ -75,6 +74,37 @@ Also Lzma2 compressed archives are supported with xz extension.</description>
 </dependencies>
 <phprelease />
 <changelog>
+  <release>
+   <version>
+    <release>1.4.11</release>
+    <api>1.4.0</api>
+   </version>
+   <stability>
+    <release>stable</release>
+    <api>stable</api>
+   </stability>
+   <date>2020-11-19</date>
+   <license uri="http://www.opensource.org/licenses/bsd-license.php">New BSD License</license>
+   <notes>
+* Fix Bug #27002: Filename manipulation vulnerabilities (CVE-2020-28948 / CVE-2020-28949) [mrook]
+   </notes>
+  </release>
+  <release>
+    <version>
+     <release>1.4.10</release>
+     <api>1.4.0</api>
+    </version>
+    <stability>
+     <release>stable</release>
+     <api>stable</api>
+    </stability>
+    <date>2020-09-15</date>
+    <license uri="http://www.opensource.org/licenses/bsd-license.php">New BSD License</license>
+    <notes>
+ * Fix block padding when the file buffer length is a multiple of 512 and smaller than Archive_Tar buffer length
+ * Don&apos;t try to copy username/groupname in chroot jail
+    </notes>
+  </release>
  <release>
   <version>
    <release>1.4.9</release>