diff --git a/composer.json b/composer.json
index 3e080f7d8..30fd2f3f7 100644
--- a/composer.json
+++ b/composer.json
@@ -33,7 +33,7 @@
"nikic/php-parser": "1.4.1",
"patchwork/jsqueeze": "^2.0",
"patchwork/utf8": "1.3.1",
- "pear/archive_tar": "1.4.3",
+ "pear/archive_tar": "1.4.5",
"pear/pear-core-minimal": "^v1.10",
"phpseclib/phpseclib": "2.0.11",
"php-opencloud/openstack": "3.0.5",
diff --git a/composer.lock b/composer.lock
index a8dfc587a..efda3dd2f 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
- "content-hash": "86347379256dbee99c4c900777b268ef",
+ "content-hash": "b526d05dca797bb55382859f43ab5e36",
"packages": [
{
"name": "aws/aws-sdk-php",
@@ -1769,16 +1769,16 @@
},
{
"name": "pear/archive_tar",
- "version": "1.4.3",
+ "version": "1.4.5",
"source": {
"type": "git",
"url": "https://github.com/pear/Archive_Tar.git",
- "reference": "43455c960da70e655c6bdf8ea2bc8cc1a6034afb"
+ "reference": "ff716ca697c5e9e8593212cb785ffd03ee11b01f"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/pear/Archive_Tar/zipball/43455c960da70e655c6bdf8ea2bc8cc1a6034afb",
- "reference": "43455c960da70e655c6bdf8ea2bc8cc1a6034afb",
+ "url": "https://api.github.com/repos/pear/Archive_Tar/zipball/ff716ca697c5e9e8593212cb785ffd03ee11b01f",
+ "reference": "ff716ca697c5e9e8593212cb785ffd03ee11b01f",
"shasum": ""
},
"require": {
@@ -1789,8 +1789,8 @@
"phpunit/phpunit": "*"
},
"suggest": {
- "ext-bz2": "bz2 compression support.",
- "ext-xz": "lzma2 compression support.",
+ "ext-bz2": "Bz2 compression support.",
+ "ext-xz": "Lzma2 compression support.",
"ext-zlib": "Gzip compression support."
},
"type": "library",
@@ -1825,13 +1825,13 @@
"email": "mrook@php.net"
}
],
- "description": "Tar file management class",
+ "description": "Tar file management class with compression support (gzip, bzip2, lzma2)",
"homepage": "https://github.com/pear/Archive_Tar",
"keywords": [
"archive",
"tar"
],
- "time": "2017-06-11T17:28:11+00:00"
+ "time": "2019-01-02T21:45:13+00:00"
},
{
"name": "pear/console_getopt",
diff --git a/composer/ClassLoader.php b/composer/ClassLoader.php
index 95f7e0978..fce8549f0 100644
--- a/composer/ClassLoader.php
+++ b/composer/ClassLoader.php
@@ -279,7 +279,7 @@ public function isClassMapAuthoritative()
*/
public function setApcuPrefix($apcuPrefix)
{
- $this->apcuPrefix = function_exists('apcu_fetch') && ini_get('apc.enabled') ? $apcuPrefix : null;
+ $this->apcuPrefix = function_exists('apcu_fetch') && filter_var(ini_get('apc.enabled'), FILTER_VALIDATE_BOOLEAN) ? $apcuPrefix : null;
}
/**
diff --git a/composer/installed.json b/composer/installed.json
index 1bc060a6a..04a0f6177 100644
--- a/composer/installed.json
+++ b/composer/installed.json
@@ -1824,17 +1824,17 @@
},
{
"name": "pear/archive_tar",
- "version": "1.4.3",
- "version_normalized": "1.4.3.0",
+ "version": "1.4.5",
+ "version_normalized": "1.4.5.0",
"source": {
"type": "git",
"url": "https://github.com/pear/Archive_Tar.git",
- "reference": "43455c960da70e655c6bdf8ea2bc8cc1a6034afb"
+ "reference": "ff716ca697c5e9e8593212cb785ffd03ee11b01f"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/pear/Archive_Tar/zipball/43455c960da70e655c6bdf8ea2bc8cc1a6034afb",
- "reference": "43455c960da70e655c6bdf8ea2bc8cc1a6034afb",
+ "url": "https://api.github.com/repos/pear/Archive_Tar/zipball/ff716ca697c5e9e8593212cb785ffd03ee11b01f",
+ "reference": "ff716ca697c5e9e8593212cb785ffd03ee11b01f",
"shasum": ""
},
"require": {
@@ -1845,11 +1845,11 @@
"phpunit/phpunit": "*"
},
"suggest": {
- "ext-bz2": "bz2 compression support.",
- "ext-xz": "lzma2 compression support.",
+ "ext-bz2": "Bz2 compression support.",
+ "ext-xz": "Lzma2 compression support.",
"ext-zlib": "Gzip compression support."
},
- "time": "2017-06-11T17:28:11+00:00",
+ "time": "2019-01-02T21:45:13+00:00",
"type": "library",
"extra": {
"branch-alias": {
@@ -1883,7 +1883,7 @@
"email": "mrook@php.net"
}
],
- "description": "Tar file management class",
+ "description": "Tar file management class with compression support (gzip, bzip2, lzma2)",
"homepage": "https://github.com/pear/Archive_Tar",
"keywords": [
"archive",
diff --git a/pear/archive_tar/.gitignore b/pear/archive_tar/.gitignore
index 12262da27..c32ccd7cc 100644
--- a/pear/archive_tar/.gitignore
+++ b/pear/archive_tar/.gitignore
@@ -4,3 +4,7 @@ composer.phar
vendor
# IDE
.idea
+# eclipse
+.buildpath
+.project
+.settings
diff --git a/pear/archive_tar/Archive/Tar.php b/pear/archive_tar/Archive/Tar.php
index 0bd1c6caa..68bdffe51 100644
--- a/pear/archive_tar/Archive/Tar.php
+++ b/pear/archive_tar/Archive/Tar.php
@@ -1337,10 +1337,22 @@ public function _writeHeader($p_filename, $p_stored_filename)
if ($p_stored_filename == '') {
$p_stored_filename = $p_filename;
}
- $v_reduce_filename = $this->_pathReduction($p_stored_filename);
- if (strlen($v_reduce_filename) > 99) {
- if (!$this->_writeLongHeader($v_reduce_filename)) {
+ $v_reduced_filename = $this->_pathReduction($p_stored_filename);
+
+ if (strlen($v_reduced_filename) > 99) {
+ if (!$this->_writeLongHeader($v_reduced_filename, false)) {
+ return false;
+ }
+ }
+
+ $v_linkname = '';
+ if (@is_link($p_filename)) {
+ $v_linkname = readlink($p_filename);
+ }
+
+ if (strlen($v_linkname) > 99) {
+ if (!$this->_writeLongHeader($v_linkname, true)) {
return false;
}
}
@@ -1349,14 +1361,10 @@ public function _writeHeader($p_filename, $p_stored_filename)
$v_uid = sprintf("%07s", DecOct($v_info[4]));
$v_gid = sprintf("%07s", DecOct($v_info[5]));
$v_perms = sprintf("%07s", DecOct($v_info['mode'] & 000777));
-
$v_mtime = sprintf("%011s", DecOct($v_info['mtime']));
- $v_linkname = '';
-
if (@is_link($p_filename)) {
$v_typeflag = '2';
- $v_linkname = readlink($p_filename);
$v_size = sprintf("%011s", DecOct(0));
} elseif (@is_dir($p_filename)) {
$v_typeflag = "5";
@@ -1368,7 +1376,6 @@ public function _writeHeader($p_filename, $p_stored_filename)
}
$v_magic = 'ustar ';
-
$v_version = ' ';
if (function_exists('posix_getpwuid')) {
@@ -1383,14 +1390,12 @@ public function _writeHeader($p_filename, $p_stored_filename)
}
$v_devmajor = '';
-
$v_devminor = '';
-
$v_prefix = '';
$v_binary_data_first = pack(
"a100a8a8a8a12a12",
- $v_reduce_filename,
+ $v_reduced_filename,
$v_perms,
$v_uid,
$v_gid,
@@ -1430,7 +1435,7 @@ public function _writeHeader($p_filename, $p_stored_filename)
$this->_writeBlock($v_binary_data_first, 148);
// ----- Write the calculated checksum
- $v_checksum = sprintf("%06s ", DecOct($v_checksum));
+ $v_checksum = sprintf("%06s\0 ", DecOct($v_checksum));
$v_binary_data = pack("a8", $v_checksum);
$this->_writeBlock($v_binary_data, 8);
@@ -1462,7 +1467,7 @@ public function _writeHeaderBlock(
$p_filename = $this->_pathReduction($p_filename);
if (strlen($p_filename) > 99) {
- if (!$this->_writeLongHeader($p_filename)) {
+ if (!$this->_writeLongHeader($p_filename, false)) {
return false;
}
}
@@ -1558,36 +1563,31 @@ public function _writeHeaderBlock(
* @param string $p_filename
* @return bool
*/
- public function _writeLongHeader($p_filename)
+ public function _writeLongHeader($p_filename, $is_link = false)
{
- $v_size = sprintf("%11s ", DecOct(strlen($p_filename)));
-
- $v_typeflag = 'L';
-
+ $v_uid = sprintf("%07s", 0);
+ $v_gid = sprintf("%07s", 0);
+ $v_perms = sprintf("%07s", 0);
+ $v_size = sprintf("%'011s", DecOct(strlen($p_filename)));
+ $v_mtime = sprintf("%011s", 0);
+ $v_typeflag = ($is_link ? 'K' : 'L');
$v_linkname = '';
-
- $v_magic = '';
-
- $v_version = '';
-
+ $v_magic = 'ustar ';
+ $v_version = ' ';
$v_uname = '';
-
$v_gname = '';
-
$v_devmajor = '';
-
$v_devminor = '';
-
$v_prefix = '';
$v_binary_data_first = pack(
"a100a8a8a8a12a12",
'././@LongLink',
- 0,
- 0,
- 0,
+ $v_perms,
+ $v_uid,
+ $v_gid,
$v_size,
- 0
+ $v_mtime
);
$v_binary_data_last = pack(
"a1a100a6a2a32a32a8a8a155a12",
@@ -1622,7 +1622,7 @@ public function _writeLongHeader($p_filename)
$this->_writeBlock($v_binary_data_first, 148);
// ----- Write the calculated checksum
- $v_checksum = sprintf("%06s ", DecOct($v_checksum));
+ $v_checksum = sprintf("%06s\0 ", DecOct($v_checksum));
$v_binary_data = pack("a8", $v_checksum);
$this->_writeBlock($v_binary_data, 8);
@@ -1767,10 +1767,13 @@ private function _tarRecToSize($tar_size)
*/
private function _maliciousFilename($file)
{
- if (strpos($file, '/../') !== false) {
+ if (strpos($file, 'phar://') === 0) {
return true;
}
- if (strpos($file, '../') === 0) {
+ if (strpos($file, DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR) !== false) {
+ return true;
+ }
+ if (strpos($file, '..' . DIRECTORY_SEPARATOR) === 0) {
return true;
}
return false;
@@ -1835,11 +1838,20 @@ private function _extractInString($p_filename)
continue;
}
- // ----- Look for long filename
- if ($v_header['typeflag'] == 'L') {
- if (!$this->_readLongHeader($v_header)) {
- return null;
- }
+ switch ($v_header['typeflag']) {
+ case 'L': {
+ if (!$this->_readLongHeader($v_header)) {
+ return null;
+ }
+ } break;
+
+ case 'K': {
+ $v_link_header = $v_header;
+ if (!$this->_readLongHeader($v_link_header)) {
+ return null;
+ }
+ $v_header['link'] = $v_link_header['filename'];
+ } break;
}
if ($v_header['filename'] == $p_filename) {
@@ -1940,11 +1952,20 @@ public function _extractList(
continue;
}
- // ----- Look for long filename
- if ($v_header['typeflag'] == 'L') {
- if (!$this->_readLongHeader($v_header)) {
- return false;
- }
+ switch ($v_header['typeflag']) {
+ case 'L': {
+ if (!$this->_readLongHeader($v_header)) {
+ return null;
+ }
+ } break;
+
+ case 'K': {
+ $v_link_header = $v_header;
+ if (!$this->_readLongHeader($v_link_header)) {
+ return null;
+ }
+ $v_header['link'] = $v_link_header['filename'];
+ } break;
}
// ignore extended / pax headers
diff --git a/pear/archive_tar/README.md b/pear/archive_tar/README.md
index fcf246cdc..96e95713a 100644
--- a/pear/archive_tar/README.md
+++ b/pear/archive_tar/README.md
@@ -7,6 +7,7 @@ This package provides handling of tar files in PHP.
It supports creating, listing, extracting and adding to tar files.
Gzip support is available if PHP has the zlib extension built-in or
loaded. Bz2 compression is also supported with the bz2 extension loaded.
+Also Lzma2 compressed archives are supported with xz extension.
This package is hosted at http://pear.php.net/package/Archive_Tar
diff --git a/pear/archive_tar/composer.json b/pear/archive_tar/composer.json
index c50b0a9a9..e464d9d7b 100644
--- a/pear/archive_tar/composer.json
+++ b/pear/archive_tar/composer.json
@@ -1,6 +1,6 @@
{
"name": "pear/archive_tar",
- "description": "Tar file management class",
+ "description": "Tar file management class with compression support (gzip, bzip2, lzma2)",
"type": "library",
"keywords": [
"archive",
@@ -28,8 +28,8 @@
},
"suggest": {
"ext-zlib": "Gzip compression support.",
- "ext-bz2": "bz2 compression support.",
- "ext-xz": "lzma2 compression support."
+ "ext-bz2": "Bz2 compression support.",
+ "ext-xz": "Lzma2 compression support."
},
"autoload": {
"psr-0": {
diff --git a/pear/archive_tar/package.xml b/pear/archive_tar/package.xml
index 993618099..e9de05bf7 100644
--- a/pear/archive_tar/package.xml
+++ b/pear/archive_tar/package.xml
@@ -6,7 +6,8 @@
This class provides handling of tar files in PHP.
It supports creating, listing, extracting and adding to tar files.
Gzip support is available if PHP has the zlib extension built-in or
-loaded. Bz2 compression is also supported with the bz2 extension loaded.
+loaded. Bz2 compression is also supported with the bz2 extension loaded.
+Also Lzma2 compressed archives are supported with xz extension.
Vincent Blavet
vblavet
@@ -31,10 +32,10 @@ loaded. Bz2 compression is also supported with the bz2 extension loaded.stig@php.net
no
- 2017-06-11
-
+ 2019-01-02
+
- 1.4.3
+ 1.4.5
1.4.0
@@ -43,8 +44,7 @@ loaded. Bz2 compression is also supported with the bz2 extension loaded.
New BSD License
-* Fix Bug #21218: Cannot use result of built-in function in write context in PHP
- 7.2.0alpha1 [mrook]
+* Fix Bug #23788: Relative symlinks are broken [mrook]
@@ -74,6 +74,38 @@ loaded. Bz2 compression is also supported with the bz2 extension loaded.
+
+
+ 1.4.4
+ 1.4.0
+
+
+ stable
+ stable
+
+ 2018-12-20
+ New BSD License
+
+* Fix Bug #21058: Long symlinks are not supported [mrook]
+ * Fix Bug #23782: Prevent phar:// files from being extracted [mrook]
+
+
+
+
+ 1.4.3
+ 1.4.0
+
+
+ stable
+ stable
+
+ 2017-06-11
+ New BSD License
+
+* Fix Bug #21218: Cannot use result of built-in function in write context in PHP
+ 7.2.0alpha1 [mrook]
+
+
1.4.2