diff --git a/composer.json b/composer.json
index eb24d3780..623c1ddcc 100644
--- a/composer.json
+++ b/composer.json
@@ -33,7 +33,7 @@
"nikic/php-parser": "1.4.1",
"patchwork/jsqueeze": "^2.0",
"patchwork/utf8": "1.3.1",
- "pear/archive_tar": "1.4.3",
+ "pear/archive_tar": "1.4.5",
"pear/pear-core-minimal": "^v1.10",
"phpseclib/phpseclib": "2.0.11",
"php-opencloud/openstack": "3.0.5",
diff --git a/composer.lock b/composer.lock
index a4dd64400..c87d1e24d 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
- "content-hash": "b7ec8126960ccfc571a1a2feb68bdd06",
+ "content-hash": "0e5dceb33c26ee3cbbb6f74a758c64d6",
"packages": [
{
"name": "aws/aws-sdk-php",
@@ -1817,16 +1817,16 @@
},
{
"name": "pear/archive_tar",
- "version": "1.4.3",
+ "version": "1.4.5",
"source": {
"type": "git",
"url": "https://github.com/pear/Archive_Tar.git",
- "reference": "43455c960da70e655c6bdf8ea2bc8cc1a6034afb"
+ "reference": "ff716ca697c5e9e8593212cb785ffd03ee11b01f"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/pear/Archive_Tar/zipball/43455c960da70e655c6bdf8ea2bc8cc1a6034afb",
- "reference": "43455c960da70e655c6bdf8ea2bc8cc1a6034afb",
+ "url": "https://api.github.com/repos/pear/Archive_Tar/zipball/ff716ca697c5e9e8593212cb785ffd03ee11b01f",
+ "reference": "ff716ca697c5e9e8593212cb785ffd03ee11b01f",
"shasum": ""
},
"require": {
@@ -1837,8 +1837,8 @@
"phpunit/phpunit": "*"
},
"suggest": {
- "ext-bz2": "bz2 compression support.",
- "ext-xz": "lzma2 compression support.",
+ "ext-bz2": "Bz2 compression support.",
+ "ext-xz": "Lzma2 compression support.",
"ext-zlib": "Gzip compression support."
},
"type": "library",
@@ -1873,13 +1873,13 @@
"email": "mrook@php.net"
}
],
- "description": "Tar file management class",
+ "description": "Tar file management class with compression support (gzip, bzip2, lzma2)",
"homepage": "https://github.com/pear/Archive_Tar",
"keywords": [
"archive",
"tar"
],
- "time": "2017-06-11T17:28:11+00:00"
+ "time": "2019-01-02T21:45:13+00:00"
},
{
"name": "pear/console_getopt",
diff --git a/composer/ClassLoader.php b/composer/ClassLoader.php
index dc02dfb11..fce8549f0 100644
--- a/composer/ClassLoader.php
+++ b/composer/ClassLoader.php
@@ -279,7 +279,7 @@ public function isClassMapAuthoritative()
*/
public function setApcuPrefix($apcuPrefix)
{
- $this->apcuPrefix = function_exists('apcu_fetch') && ini_get('apc.enabled') ? $apcuPrefix : null;
+ $this->apcuPrefix = function_exists('apcu_fetch') && filter_var(ini_get('apc.enabled'), FILTER_VALIDATE_BOOLEAN) ? $apcuPrefix : null;
}
/**
@@ -377,7 +377,7 @@ private function findFileWithExtension($class, $ext)
$subPath = $class;
while (false !== $lastPos = strrpos($subPath, '\\')) {
$subPath = substr($subPath, 0, $lastPos);
- $search = $subPath.'\\';
+ $search = $subPath . '\\';
if (isset($this->prefixDirsPsr4[$search])) {
$pathEnd = DIRECTORY_SEPARATOR . substr($logicalPathPsr4, $lastPos + 1);
foreach ($this->prefixDirsPsr4[$search] as $dir) {
diff --git a/composer/autoload_classmap.php b/composer/autoload_classmap.php
index 2e056f293..1edd9dac9 100644
--- a/composer/autoload_classmap.php
+++ b/composer/autoload_classmap.php
@@ -1792,10 +1792,6 @@
'SearchDAV\\Query\\Order' => $vendorDir . '/icewind/searchdav/src/Query/Order.php',
'SearchDAV\\Query\\Query' => $vendorDir . '/icewind/searchdav/src/Query/Query.php',
'SearchDAV\\Query\\Scope' => $vendorDir . '/icewind/searchdav/src/Query/Scope.php',
- 'SearchDAV\\Test\\DummyBackend' => $vendorDir . '/icewind/searchdav/tests/DummyBackend.php',
- 'SearchDAV\\Test\\PathHelperTest' => $vendorDir . '/icewind/searchdav/tests/PathHelperTest.php',
- 'SearchDAV\\Test\\QueryParserTest' => $vendorDir . '/icewind/searchdav/tests/QueryParserTest.php',
- 'SearchDAV\\Test\\SearchPluginTest' => $vendorDir . '/icewind/searchdav/tests/SearchPluginTest.php',
'SearchDAV\\XML\\BasicSearch' => $vendorDir . '/icewind/searchdav/src/XML/BasicSearch.php',
'SearchDAV\\XML\\BasicSearchSchema' => $vendorDir . '/icewind/searchdav/src/XML/BasicSearchSchema.php',
'SearchDAV\\XML\\Limit' => $vendorDir . '/icewind/searchdav/src/XML/Limit.php',
diff --git a/composer/autoload_static.php b/composer/autoload_static.php
index 6e57d7893..ac4855d7d 100644
--- a/composer/autoload_static.php
+++ b/composer/autoload_static.php
@@ -2174,10 +2174,6 @@ class ComposerStaticInit2f23f73bc0cc116b4b1eee1521aa8652
'SearchDAV\\Query\\Order' => __DIR__ . '/..' . '/icewind/searchdav/src/Query/Order.php',
'SearchDAV\\Query\\Query' => __DIR__ . '/..' . '/icewind/searchdav/src/Query/Query.php',
'SearchDAV\\Query\\Scope' => __DIR__ . '/..' . '/icewind/searchdav/src/Query/Scope.php',
- 'SearchDAV\\Test\\DummyBackend' => __DIR__ . '/..' . '/icewind/searchdav/tests/DummyBackend.php',
- 'SearchDAV\\Test\\PathHelperTest' => __DIR__ . '/..' . '/icewind/searchdav/tests/PathHelperTest.php',
- 'SearchDAV\\Test\\QueryParserTest' => __DIR__ . '/..' . '/icewind/searchdav/tests/QueryParserTest.php',
- 'SearchDAV\\Test\\SearchPluginTest' => __DIR__ . '/..' . '/icewind/searchdav/tests/SearchPluginTest.php',
'SearchDAV\\XML\\BasicSearch' => __DIR__ . '/..' . '/icewind/searchdav/src/XML/BasicSearch.php',
'SearchDAV\\XML\\BasicSearchSchema' => __DIR__ . '/..' . '/icewind/searchdav/src/XML/BasicSearchSchema.php',
'SearchDAV\\XML\\Limit' => __DIR__ . '/..' . '/icewind/searchdav/src/XML/Limit.php',
diff --git a/composer/installed.json b/composer/installed.json
index 64560ee3a..22b67a270 100644
--- a/composer/installed.json
+++ b/composer/installed.json
@@ -1874,17 +1874,17 @@
},
{
"name": "pear/archive_tar",
- "version": "1.4.3",
- "version_normalized": "1.4.3.0",
+ "version": "1.4.5",
+ "version_normalized": "1.4.5.0",
"source": {
"type": "git",
"url": "https://github.com/pear/Archive_Tar.git",
- "reference": "43455c960da70e655c6bdf8ea2bc8cc1a6034afb"
+ "reference": "ff716ca697c5e9e8593212cb785ffd03ee11b01f"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/pear/Archive_Tar/zipball/43455c960da70e655c6bdf8ea2bc8cc1a6034afb",
- "reference": "43455c960da70e655c6bdf8ea2bc8cc1a6034afb",
+ "url": "https://api.github.com/repos/pear/Archive_Tar/zipball/ff716ca697c5e9e8593212cb785ffd03ee11b01f",
+ "reference": "ff716ca697c5e9e8593212cb785ffd03ee11b01f",
"shasum": ""
},
"require": {
@@ -1895,11 +1895,11 @@
"phpunit/phpunit": "*"
},
"suggest": {
- "ext-bz2": "bz2 compression support.",
- "ext-xz": "lzma2 compression support.",
+ "ext-bz2": "Bz2 compression support.",
+ "ext-xz": "Lzma2 compression support.",
"ext-zlib": "Gzip compression support."
},
- "time": "2017-06-11T17:28:11+00:00",
+ "time": "2019-01-02T21:45:13+00:00",
"type": "library",
"extra": {
"branch-alias": {
@@ -1933,7 +1933,7 @@
"email": "mrook@php.net"
}
],
- "description": "Tar file management class",
+ "description": "Tar file management class with compression support (gzip, bzip2, lzma2)",
"homepage": "https://github.com/pear/Archive_Tar",
"keywords": [
"archive",
diff --git a/pear/archive_tar/.gitignore b/pear/archive_tar/.gitignore
index 12262da27..c32ccd7cc 100644
--- a/pear/archive_tar/.gitignore
+++ b/pear/archive_tar/.gitignore
@@ -4,3 +4,7 @@ composer.phar
vendor
# IDE
.idea
+# eclipse
+.buildpath
+.project
+.settings
diff --git a/pear/archive_tar/Archive/Tar.php b/pear/archive_tar/Archive/Tar.php
index 0bd1c6caa..68bdffe51 100644
--- a/pear/archive_tar/Archive/Tar.php
+++ b/pear/archive_tar/Archive/Tar.php
@@ -1337,10 +1337,22 @@ public function _writeHeader($p_filename, $p_stored_filename)
if ($p_stored_filename == '') {
$p_stored_filename = $p_filename;
}
- $v_reduce_filename = $this->_pathReduction($p_stored_filename);
- if (strlen($v_reduce_filename) > 99) {
- if (!$this->_writeLongHeader($v_reduce_filename)) {
+ $v_reduced_filename = $this->_pathReduction($p_stored_filename);
+
+ if (strlen($v_reduced_filename) > 99) {
+ if (!$this->_writeLongHeader($v_reduced_filename, false)) {
+ return false;
+ }
+ }
+
+ $v_linkname = '';
+ if (@is_link($p_filename)) {
+ $v_linkname = readlink($p_filename);
+ }
+
+ if (strlen($v_linkname) > 99) {
+ if (!$this->_writeLongHeader($v_linkname, true)) {
return false;
}
}
@@ -1349,14 +1361,10 @@ public function _writeHeader($p_filename, $p_stored_filename)
$v_uid = sprintf("%07s", DecOct($v_info[4]));
$v_gid = sprintf("%07s", DecOct($v_info[5]));
$v_perms = sprintf("%07s", DecOct($v_info['mode'] & 000777));
-
$v_mtime = sprintf("%011s", DecOct($v_info['mtime']));
- $v_linkname = '';
-
if (@is_link($p_filename)) {
$v_typeflag = '2';
- $v_linkname = readlink($p_filename);
$v_size = sprintf("%011s", DecOct(0));
} elseif (@is_dir($p_filename)) {
$v_typeflag = "5";
@@ -1368,7 +1376,6 @@ public function _writeHeader($p_filename, $p_stored_filename)
}
$v_magic = 'ustar ';
-
$v_version = ' ';
if (function_exists('posix_getpwuid')) {
@@ -1383,14 +1390,12 @@ public function _writeHeader($p_filename, $p_stored_filename)
}
$v_devmajor = '';
-
$v_devminor = '';
-
$v_prefix = '';
$v_binary_data_first = pack(
"a100a8a8a8a12a12",
- $v_reduce_filename,
+ $v_reduced_filename,
$v_perms,
$v_uid,
$v_gid,
@@ -1430,7 +1435,7 @@ public function _writeHeader($p_filename, $p_stored_filename)
$this->_writeBlock($v_binary_data_first, 148);
// ----- Write the calculated checksum
- $v_checksum = sprintf("%06s ", DecOct($v_checksum));
+ $v_checksum = sprintf("%06s\0 ", DecOct($v_checksum));
$v_binary_data = pack("a8", $v_checksum);
$this->_writeBlock($v_binary_data, 8);
@@ -1462,7 +1467,7 @@ public function _writeHeaderBlock(
$p_filename = $this->_pathReduction($p_filename);
if (strlen($p_filename) > 99) {
- if (!$this->_writeLongHeader($p_filename)) {
+ if (!$this->_writeLongHeader($p_filename, false)) {
return false;
}
}
@@ -1558,36 +1563,31 @@ public function _writeHeaderBlock(
* @param string $p_filename
* @return bool
*/
- public function _writeLongHeader($p_filename)
+ public function _writeLongHeader($p_filename, $is_link = false)
{
- $v_size = sprintf("%11s ", DecOct(strlen($p_filename)));
-
- $v_typeflag = 'L';
-
+ $v_uid = sprintf("%07s", 0);
+ $v_gid = sprintf("%07s", 0);
+ $v_perms = sprintf("%07s", 0);
+ $v_size = sprintf("%'011s", DecOct(strlen($p_filename)));
+ $v_mtime = sprintf("%011s", 0);
+ $v_typeflag = ($is_link ? 'K' : 'L');
$v_linkname = '';
-
- $v_magic = '';
-
- $v_version = '';
-
+ $v_magic = 'ustar ';
+ $v_version = ' ';
$v_uname = '';
-
$v_gname = '';
-
$v_devmajor = '';
-
$v_devminor = '';
-
$v_prefix = '';
$v_binary_data_first = pack(
"a100a8a8a8a12a12",
'././@LongLink',
- 0,
- 0,
- 0,
+ $v_perms,
+ $v_uid,
+ $v_gid,
$v_size,
- 0
+ $v_mtime
);
$v_binary_data_last = pack(
"a1a100a6a2a32a32a8a8a155a12",
@@ -1622,7 +1622,7 @@ public function _writeLongHeader($p_filename)
$this->_writeBlock($v_binary_data_first, 148);
// ----- Write the calculated checksum
- $v_checksum = sprintf("%06s ", DecOct($v_checksum));
+ $v_checksum = sprintf("%06s\0 ", DecOct($v_checksum));
$v_binary_data = pack("a8", $v_checksum);
$this->_writeBlock($v_binary_data, 8);
@@ -1767,10 +1767,13 @@ private function _tarRecToSize($tar_size)
*/
private function _maliciousFilename($file)
{
- if (strpos($file, '/../') !== false) {
+ if (strpos($file, 'phar://') === 0) {
return true;
}
- if (strpos($file, '../') === 0) {
+ if (strpos($file, DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR) !== false) {
+ return true;
+ }
+ if (strpos($file, '..' . DIRECTORY_SEPARATOR) === 0) {
return true;
}
return false;
@@ -1835,11 +1838,20 @@ private function _extractInString($p_filename)
continue;
}
- // ----- Look for long filename
- if ($v_header['typeflag'] == 'L') {
- if (!$this->_readLongHeader($v_header)) {
- return null;
- }
+ switch ($v_header['typeflag']) {
+ case 'L': {
+ if (!$this->_readLongHeader($v_header)) {
+ return null;
+ }
+ } break;
+
+ case 'K': {
+ $v_link_header = $v_header;
+ if (!$this->_readLongHeader($v_link_header)) {
+ return null;
+ }
+ $v_header['link'] = $v_link_header['filename'];
+ } break;
}
if ($v_header['filename'] == $p_filename) {
@@ -1940,11 +1952,20 @@ public function _extractList(
continue;
}
- // ----- Look for long filename
- if ($v_header['typeflag'] == 'L') {
- if (!$this->_readLongHeader($v_header)) {
- return false;
- }
+ switch ($v_header['typeflag']) {
+ case 'L': {
+ if (!$this->_readLongHeader($v_header)) {
+ return null;
+ }
+ } break;
+
+ case 'K': {
+ $v_link_header = $v_header;
+ if (!$this->_readLongHeader($v_link_header)) {
+ return null;
+ }
+ $v_header['link'] = $v_link_header['filename'];
+ } break;
}
// ignore extended / pax headers
diff --git a/pear/archive_tar/README.md b/pear/archive_tar/README.md
index fcf246cdc..96e95713a 100644
--- a/pear/archive_tar/README.md
+++ b/pear/archive_tar/README.md
@@ -7,6 +7,7 @@ This package provides handling of tar files in PHP.
It supports creating, listing, extracting and adding to tar files.
Gzip support is available if PHP has the zlib extension built-in or
loaded. Bz2 compression is also supported with the bz2 extension loaded.
+Also Lzma2 compressed archives are supported with xz extension.
This package is hosted at http://pear.php.net/package/Archive_Tar
diff --git a/pear/archive_tar/composer.json b/pear/archive_tar/composer.json
index c50b0a9a9..e464d9d7b 100644
--- a/pear/archive_tar/composer.json
+++ b/pear/archive_tar/composer.json
@@ -1,6 +1,6 @@
{
"name": "pear/archive_tar",
- "description": "Tar file management class",
+ "description": "Tar file management class with compression support (gzip, bzip2, lzma2)",
"type": "library",
"keywords": [
"archive",
@@ -28,8 +28,8 @@
},
"suggest": {
"ext-zlib": "Gzip compression support.",
- "ext-bz2": "bz2 compression support.",
- "ext-xz": "lzma2 compression support."
+ "ext-bz2": "Bz2 compression support.",
+ "ext-xz": "Lzma2 compression support."
},
"autoload": {
"psr-0": {
diff --git a/pear/archive_tar/package.xml b/pear/archive_tar/package.xml
index 993618099..e9de05bf7 100644
--- a/pear/archive_tar/package.xml
+++ b/pear/archive_tar/package.xml
@@ -6,7 +6,8 @@
This class provides handling of tar files in PHP.
It supports creating, listing, extracting and adding to tar files.
Gzip support is available if PHP has the zlib extension built-in or
-loaded. Bz2 compression is also supported with the bz2 extension loaded.
+loaded. Bz2 compression is also supported with the bz2 extension loaded.
+Also Lzma2 compressed archives are supported with xz extension.
Vincent Blavet
vblavet
@@ -31,10 +32,10 @@ loaded. Bz2 compression is also supported with the bz2 extension loaded.stig@php.net
no
- 2017-06-11
-
+ 2019-01-02
+
- 1.4.3
+ 1.4.5
1.4.0
@@ -43,8 +44,7 @@ loaded. Bz2 compression is also supported with the bz2 extension loaded.
New BSD License
-* Fix Bug #21218: Cannot use result of built-in function in write context in PHP
- 7.2.0alpha1 [mrook]
+* Fix Bug #23788: Relative symlinks are broken [mrook]
@@ -74,6 +74,38 @@ loaded. Bz2 compression is also supported with the bz2 extension loaded.
+
+
+ 1.4.4
+ 1.4.0
+
+
+ stable
+ stable
+
+ 2018-12-20
+ New BSD License
+
+* Fix Bug #21058: Long symlinks are not supported [mrook]
+ * Fix Bug #23782: Prevent phar:// files from being extracted [mrook]
+
+
+
+
+ 1.4.3
+ 1.4.0
+
+
+ stable
+ stable
+
+ 2017-06-11
+ New BSD License
+
+* Fix Bug #21218: Cannot use result of built-in function in write context in PHP
+ 7.2.0alpha1 [mrook]
+
+
1.4.2