These are helpful with reading/writing zips containing non UTF-8
filenames to mitigate possibly changed libzip behaviors.
Partial cherry-pick of 893c2405ff
* PHP-5.6.18:
fix tests
fix NEWS
Update NEWS
update NEWS
Fixed bug #71488: Stack overflow when decompressing tar archives
update NEWS
add missing headers for SIZE_MAX
backport the escapeshell* functions hardening branch
add tests
Fix bug #71459 - Integer overflow in iptcembed()
prepare 5.6.18RC1
Fix test when run with openssl < 1.0.2 (reorder so no more SSLv2 message) Fix skip message to work
improve fix for bug #71201
Fixed bug #71323 - Output of stream_get_meta_data can be falsified by its input
Fix bug #71391: NULL Pointer Dereference in phar_tar_setupmetadata()
Fixed bug #71331 - Uninitialized pointer in phar_make_dirstream()
Fix bug #71335: Type Confusion in WDDX Packet Deserialization
Fix bug #71354 - remove UMR when size is 0
Conflicts:
configure.in
ext/phar/dirstream.c
ext/phar/phar_object.c
ext/phar/tar.c
ext/standard/exec.c
ext/standard/iptc.c
ext/standard/math.c
ext/standard/streamsfuncs.c
ext/wddx/wddx.c
main/php_version.h
main/streams/memory.c
PHP_VERSION_ID
PHP_API_VERSION
ZEND_MODULE_API_NO
PHP_MAJOR_VERSION, PHP_MINOR_VERSION
ZEND_ENGINE_2
I've left litespeed alone, as it seems to genuinely maintain support
for many PHP versions.
php_zip.c:1647:2: warning: suggest parentheses around assignment used as truth value [-Wparentheses]
php_zip.c:1648:3: error: format not a string literal and no format arguments [-Werror=format-security]
If an archive can't be written, ZipArchive::close() nonetheless returns TRUE.
We fix the return value to properly return success, and additionally raise a
warning on failure.
* PHP-5.6: (21 commits)
fix unit tests
update NEWS
add NEWS for fixes
Improve fix for #70172
Fix bug #70312 - HAVAL gives wrong hashes in specific cases
fix test
add test
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
Fix bug #70172 - Use After Free Vulnerability in unserialize()
Fix bug #70388 - SOAP serialize_function_call() type confusion
Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
Improve fix for #70385
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
Fix bug #70219 (Use after free vulnerability in session deserializer)
Fix bug ##70284 (Use after free vulnerability in unserialize() with GMP)
Fix for bug #69782
Add CVE IDs asigned (post release) to PHP 5.4.43
Add CVE IDs asigned to #69085 (PHP 5.4.39)
...
Conflicts:
ext/exif/exif.c
ext/gmp/gmp.c
ext/pcre/php_pcre.c
ext/session/session.c
ext/session/tests/session_decode_variation3.phpt
ext/soap/soap.c
ext/spl/spl_observer.c
ext/standard/var.c
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
ext/xsl/xsltprocessor.c
* PHP-5.5:
update NEWS
add NEWS for fixes
Improve fix for #70172
Fix bug #70312 - HAVAL gives wrong hashes in specific cases
fix test
add test
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
Fix bug #70172 - Use After Free Vulnerability in unserialize()
Fix bug #70388 - SOAP serialize_function_call() type confusion
Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
Improve fix for #70385
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
Fix bug #70219 (Use after free vulnerability in session deserializer)
Fix for bug #69782
Add CVE IDs asigned (post release) to PHP 5.4.43
Add CVE IDs asigned to #69085 (PHP 5.4.39)
5.4.45 next
Conflicts:
ext/pcre/php_pcre.c
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
ext/zip/php_zip.c
* PHP-5.4:
Improve fix for #70172
Fix bug #70312 - HAVAL gives wrong hashes in specific cases
fix test
add test
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
Fix bug #70172 - Use After Free Vulnerability in unserialize()
Fix bug #70388 - SOAP serialize_function_call() type confusion
Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
Improve fix for #70385
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
Fix bug #70219 (Use after free vulnerability in session deserializer)
Fix for bug #69782
Add CVE IDs asigned (post release) to PHP 5.4.43
Add CVE IDs asigned to #69085 (PHP 5.4.39)
5.4.45 next
Conflicts:
configure.in
ext/pcre/php_pcre.c
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
main/php_version.h
* PHP-5.4.45:
add test
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
Fix bug #70172 - Use After Free Vulnerability in unserialize()
Fix bug #70388 - SOAP serialize_function_call() type confusion
Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
Improve fix for #70385
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
Conflicts:
ext/pcre/php_pcre.c
ext/standard/var_unserializer.c
The constants have already been added long ago. This patch just adds a PHPT
which checks the recognition of the respective compression methods.
Unfortunately, I've not been able to assemble a zip with all compression
methods.
This only involves switching zval_dtor to zval_ptr_dtor for arrays
and making the convert_to_object for arrays a bit more generic.
All the other changes outside zend_operators.c just make use of
this new ability (use COPY instead of DUP).
What's still missing: Proper references handling. I've seen many
convert_to* calls that will break when a reference is used.
Also fixes bug #69788.
* master:
Fixed issue #183 (TMP_VAR is not only used once)
Fix broken Junit output with --disable-cgi
Added folder mark
Further test fixes for the fdb2709 breakage.
Fix broken test caused by fdb2709.
Added tests for ZipArchive::addGlob() and ZipArchive::addPattern()
Fix run-tests.php with Valgrind >= 3.10.0.
Add microseconds to the serialised form of DateTime objects.
Improved test for bug #62479
fix typo in ODBC code
gcov: tentative fix for broken coverage data after fix for opcache coverage slightly hackish, but works. The idea is that we want to give priority to .gcda files in .libs dirs vs the files in the upper level dir
5.5.14 now
Fix bug #67060: use default mode of 660
Conflicts:
ext/date/php_date.c
* pull-request/500:
limit virtual_cwd_activate() duplicated call to ZTS only
reverted the previous commit, both calls are needed in TS mode
virtual_cwd_activate() should be called only in one place
back to do_alloca()
removed unnecessary call
simplify the state free macros
compact the code to preserve the error info after state freeing
back to do_alloca(), reverted the wrong replacement
enabled windows to use stack in both ts/nts mode, some more fixes
moved to do_alloca() usage where appropriate
fixed invalid free
fixed virtual cwd header in phar
updated NEWS
fixed all the places where last error could be lost
preserve the error code
applied and fixed the original patch
initial move on renaming files and fixing includes
Conflicts:
ext/opcache/ZendAccelerator.c
- update libzip to version 1.11.1. We don't use any private symbol anymore
- new method ZipArchive::setPassword($password)
- add --with-libzip option to build with system libzip
* PHP-5.5:
When src->src is null this doesn't get initialized but it is still used, so the passed in *ze will point to unitialized memory. Hopefully src->src is never null, but just in case this initialization doesn't hurt.
* PHP-5.4:
When src->src is null this doesn't get initialized but it is still used, so the passed in *ze will point to unitialized memory. Hopefully src->src is never null, but just in case this initialization doesn't hurt.
but it is still used, so the passed in *ze will point
to unitialized memory. Hopefully src->src is never
null, but just in case this initialization doesn't hurt.
