Commit Graph

343 Commits

Author SHA1 Message Date
Remi Collet
debfc866d2 Fix build
php_zip.c:1647:2: warning: suggest parentheses around assignment used as truth value [-Wparentheses]
php_zip.c:1648:3: error: format not a string literal and no format arguments [-Werror=format-security]
2015-09-07 13:52:28 +02:00
Christoph M. Becker
c77f783777 Fix #70322: ZipArchive::close() doesn't indicate errors
If an archive can't be written, ZipArchive::close() nonetheless returns TRUE.
We fix the return value to properly return success, and additionally raise a
warning on failure.
2015-09-05 00:34:10 +02:00
Stanislav Malyshev
c19d59c550 Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
  update NEWS
  add NEWS for fixes
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  5.4.45 next

Conflicts:
	ext/pcre/php_pcre.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	ext/zip/php_zip.c
2015-09-01 12:06:41 -07:00
Stanislav Malyshev
33d3acaae7 Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  5.4.45 next

Conflicts:
	configure.in
	ext/pcre/php_pcre.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	main/php_version.h
2015-09-01 11:42:19 -07:00
Stanislav Malyshev
906f19f136 fix test 2015-09-01 00:59:31 -07:00
Stanislav Malyshev
f9c2bf73ad Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories 2015-08-30 00:38:08 -07:00
Christoph M. Becker
1a7db40a1f Fix #53854: Missing constants for compression type
The constants have already been added long ago. This patch just adds a PHPT
which checks the recognition of the respective compression methods.
Unfortunately, I've not been able to assemble a zip with all compression
methods.
2015-07-23 21:36:14 +02:00
Remi Collet
60b3526bfb bump zip release to match pecl version 2015-04-15 17:37:12 +02:00
Lior Kaplan
59c2a55ec7 Fix typo: unitialized -> uninitialized 2015-04-01 18:17:53 +03:00
Stanislav Malyshev
225cb973e5 Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
  update NEWS
  Fix bug #69253 - ZIP Integer Overflow leads to writing past heap boundary

Conflicts:
	ext/zip/lib/zip_dirent.c
2015-03-17 22:03:24 -07:00
Stanislav Malyshev
53eff4a369 Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
  Fix bug #69253 - ZIP Integer Overflow leads to writing past heap boundary
2015-03-17 22:00:29 -07:00
Stanislav Malyshev
ef8fc4b53d Fix bug #69253 - ZIP Integer Overflow leads to writing past heap boundary 2015-03-17 21:59:56 -07:00
Xinchen Hui
0579e8278d bump year 2015-01-15 23:26:37 +08:00
Xinchen Hui
73c1be2653 Bump year 2015-01-15 23:26:03 +08:00
Veres Lajos
4dc994571d typo fixes - https://github.com/vlajos/misspell_fixer
Conflicts:
	ext/ftp/ftp.h
	ext/pcre/pcrelib/pcre_printint.c
	ext/pcre/pcrelib/sljit/sljitLir.c
	ext/pcre/pcrelib/sljit/sljitLir.h
	ext/pcre/pcrelib/sljit/sljitNativeARM_32.c
	ext/pcre/pcrelib/sljit/sljitNativeTILEGX_64.c
	ext/pgsql/pgsql.c
	ext/phar/func_interceptors.c
	ext/soap/soap.c
	ext/standard/image.c
2014-11-23 14:33:43 -08:00
Remi Collet
7946c5a235 add OPSYS_Z_CPM missing constant 2014-03-07 14:10:16 +01:00
Remi Collet
f06f4c9254 zip extension version 1.12.4 2014-01-29 14:00:50 +01:00
Xinchen Hui
c081ce628f Bump year 2014-01-03 11:08:10 +08:00
Xinchen Hui
47c9027772 Bump year 2014-01-03 11:06:16 +08:00
Xinchen Hui
c0d060f5c0 Bump year 2014-01-03 11:04:26 +08:00
Remi Collet
33ef788abd missing file from libzip 0.11.2 2013-12-30 10:00:02 +01:00
Remi Collet
3a492cf686 fix compat for PHP ABI changes 2013-12-30 08:47:16 +01:00
Remi Collet
0a950a0500 Sync with pecl/zip 1.12.4dev
- update bunled libzip to 0.11.2
- expose zip_file_set_external_attributes + zip_file_get_external_attributes
  with new methods:
	ZipArchive::setExternalAttributesName
	ZipArchive::setExternalAttributesIndex
	ZipArchive::getExternalAttributesName
	ZipArchive::getExternalAttributesIndex
2013-12-30 07:35:30 +01:00
Christopher Jones
794df91c35 Align 'configure --help' columns 2013-12-20 10:02:46 -08:00
Remi Collet
f6ffecbd2d save a few memory 2013-12-19 10:55:26 +01:00
Remi Collet
99b91f98b1 Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
  Fixed Bug #66321 (ZipArchive::open() ze_obj->filename_len not real)
2013-12-19 10:54:06 +01:00
Remi Collet
32d1d5fb59 Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
  Fixed Bug #66321 (ZipArchive::open() ze_obj->filename_len not real)
2013-12-19 10:53:50 +01:00
Remi Collet
20eb8e4d11 Fixed Bug #66321 (ZipArchive::open() ze_obj->filename_len not real) 2013-12-19 10:53:38 +01:00
Remi Collet
6997b8793d missing 'config.h' in 5dc37b3 2013-11-10 07:10:36 +01:00
Anatol Belski
c675980046 Merge branch 'pull-request/500'
* pull-request/500:
  limit virtual_cwd_activate() duplicated call to ZTS only
  reverted the previous commit, both calls are needed in TS mode
  virtual_cwd_activate() should be called only in one place
  back to do_alloca()
  removed unnecessary call
  simplify the state free macros
  compact the code to preserve the error info after state freeing
  back to do_alloca(), reverted the wrong replacement
  enabled windows to use stack in both ts/nts mode, some more fixes
  moved to do_alloca() usage where appropriate
  fixed invalid free
  fixed virtual cwd header in phar
  updated NEWS
  fixed all the places where last error could be lost
  preserve the error code
  applied and fixed the original patch
  initial move on renaming files and fixing includes

Conflicts:
	ext/opcache/ZendAccelerator.c
2013-11-05 19:23:23 +01:00
Remi Collet
5dc37b3510 Sync ext/zip with pecl/zip version 1.3.2
- update libzip to version 1.11.1. We don't use any private symbol anymore
- new method ZipArchive::setPassword($password)
- add --with-libzip option to build with system libzip
2013-11-04 13:23:36 +01:00
Remi Collet
141b77d97d Merge branch 'PHP-5.5'
* PHP-5.5:
  add bundled libzip LICENSE, as required by BSD License terms
2013-10-29 09:02:58 +01:00
Remi Collet
a7fc8eecb0 Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
  add bundled libzip LICENSE, as required by BSD License terms
2013-10-29 09:02:44 +01:00
Remi Collet
e2c9f3983a add bundled libzip LICENSE, as required by BSD License terms 2013-10-29 09:02:24 +01:00
Rasmus Lerdorf
ec2e6951b8 Merge branch 'PHP-5.5'
* PHP-5.5:
  When src->src is null this doesn't get initialized but it is still used, so the passed in *ze will point to unitialized memory. Hopefully src->src is never null, but just in case this initialization doesn't hurt.
2013-10-20 22:18:33 -07:00
Rasmus Lerdorf
910d4751e3 Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
  When src->src is null this doesn't get initialized but it is still used, so the passed in *ze will point to unitialized memory. Hopefully src->src is never null, but just in case this initialization doesn't hurt.
2013-10-20 22:18:15 -07:00
Rasmus Lerdorf
2186e1583d When src->src is null this doesn't get initialized
but it is still used, so the passed in *ze will point
to unitialized memory. Hopefully src->src is never
null, but just in case this initialization doesn't hurt.
2013-10-20 22:15:35 -07:00
Felipe Pena
048923b3c6 Merge branch 'PHP-5.5'
* PHP-5.5:
  - Moved NULL check before dereferencing
2013-10-20 09:50:17 -02:00
Felipe Pena
8aa19c9fd8 Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
  - Moved NULL check before dereferencing
2013-10-20 09:50:13 -02:00
Felipe Pena
9976b5cd7f - Moved NULL check before dereferencing 2013-10-20 09:50:11 -02:00
Felipe Pena
84011f7c32 Merge branch 'PHP-5.5'
* PHP-5.5:
  - Fix possible memory leak
2013-10-20 01:05:06 -02:00
Felipe Pena
8d22c23161 Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
  - Fix possible memory leak
2013-10-20 01:05:00 -02:00
Felipe Pena
420068c6e1 - Fix possible memory leak 2013-10-20 01:04:55 -02:00
Anatol Belski
cf6ab0e915 applied and fixed the original patch
initial work on the patch import done
2013-10-17 10:40:43 +02:00
Christopher Jones
3c166c4758 Merge branch 'PHP-5.5'
* PHP-5.5:
  Reduce (some) compile noise of 'unused variable' and 'may be used uninitialized' warnings.

Conflicts:
	ext/gmp/gmp.c
2013-08-14 20:47:00 -07:00
Christopher Jones
39612afc72 Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
  Reduce (some) compile noise of 'unused variable' and 'may be used uninitialized' warnings.

Conflicts:
	ext/dba/libinifile/inifile.c
2013-08-14 20:43:25 -07:00
Christopher Jones
9ad97cd489 Reduce (some) compile noise of 'unused variable' and 'may be used uninitialized' warnings. 2013-08-14 20:36:50 -07:00
Michael Wallner
611122c22e Merge branch '2Guploads'
* 2Guploads:
  add NEWS entry; add simple test
  more precise condition
  make this work in vc11 too
  Use int64_t and atoll() after discussion with johannes
  ws
  Patch for https://bugs.php.net/bug.php?id=44522 to allow uploading files above 2G.
  unify stdint type usage
2013-08-09 11:47:25 +02:00
Michael Wallner
14caf174ff unify stdint type usage
if you need C99 stdint types, just include "php_stdint.h"
2013-08-06 22:49:56 +02:00
Christopher Jones
4c3c9d1fe5 Merge branch 'PHP-5.5'
* PHP-5.5:
  Fix long-standing visual pain point: the misalignment of './configure help' text. Whitespace changes and a couple of grammar fixes.
2013-08-06 11:09:12 -07:00