summaryrefslogtreecommitdiff
path: root/ext/zip/php_zip.c
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'PHP-7.0' into PHP-7.1Remi Collet2017-03-011-1/+1
|\ | | | | | | | | * PHP-7.0: make type consistent with glob_t.gl_pathc
| * make type consistent with glob_t.gl_pathcRemi Collet2017-03-011-1/+1
| |
* | Merge branch 'PHP-7.0' into PHP-7.1Stanislav Malyshev2017-01-151-1/+1
|\ \ | |/ | | | | | | * PHP-7.0: Update more functions with path check
| * Merge branch 'PHP-5.6' into PHP-7.0Stanislav Malyshev2017-01-151-1/+1
| |\ | | | | | | | | | | | | * PHP-5.6: Update more functions with path check
| | * Update more functions with path checkStanislav Malyshev2017-01-151-1/+1
| | |
| | * More string length checks & fixesStanislav Malyshev2016-11-031-3/+3
| | |
* | | Merge branch 'PHP-7.0' into PHP-7.1Christoph M. Becker2017-01-061-5/+5
|\ \ \ | |/ / | | | | | | | | | * PHP-7.0: Fix #70103: Fix bug 70103 when ZTS is enabled
| * | Fix #70103: Fix bug 70103 when ZTS is enabledMitch Hagstrand2017-01-061-5/+5
| | | | | | | | | | | | Used snprintf to copy the basename string before it is freed
* | | Merge branch 'PHP-7.0' into PHP-7.1Joe Watkins2017-01-061-2/+2
|\ \ \ | |/ / | | | | | | | | | | | | * PHP-7.0: Fix #70103: ZipArchive::addGlob ignores remove_all_path option news entry for PR #1430
| * | Merge branch 'pull-request/1430' into PHP-7.0Joe Watkins2017-01-061-2/+2
| |\ \ | | | | | | | | | | | | | | | | | | | | * pull-request/1430: Fix #70103: ZipArchive::addGlob ignores remove_all_path option news entry for PR 1430
| | * | Fix #70103: ZipArchive::addGlob ignores remove_all_path optionChristoph M. Becker2015-08-131-2/+2
| | | | | | | | | | | | | | | | | | | | When the remove_all_path option is set, but no add_path option, remove_all_path is simply ignored. This patch fixes this.
| * | | Update copyright headers to 2017Sammy Kaye Powers2017-01-041-1/+1
| | | |
* | | | Update copyright headers to 2017Sammy Kaye Powers2017-01-041-1/+1
| | | |
* | | | Merge branch 'PHP-7.0' into PHP-7.1Stanislav Malyshev2016-11-031-3/+3
|\ \ \ \ | |/ / / | | | | | | | | | | | | | | | | | | | | * PHP-7.0: Add length check for bzcompress too - fix for bug #73356 More string length checks & fixes More string length checks & fixes
| * | | Merge branch 'PHP-5.6' into PHP-7.0Stanislav Malyshev2016-11-031-3/+3
| |\ \ \ | | | | | | | | | | | | | | | | | | | | * PHP-5.6: More string length checks & fixes
| | * | | More string length checks & fixesStanislav Malyshev2016-11-031-3/+3
| | | |/ | | |/|
* | | | Merge branch 'PHP-7.0' into PHP-7.1Christoph M. Becker2016-09-061-6/+6
|\ \ \ \ | |/ / /
| * | | Merge branch 'PHP-5.6' into PHP-7.0Christoph M. Becker2016-09-061-6/+6
| |\ \ \ | | |/ /
| | * | Fix #70752: Depacking with wrong password leaves 0 length filesChristoph M. Becker2016-09-061-7/+7
| | | | | | | | | | | | | | | | | | | | We should not open the output stream before we have tried to open the archive entry, as failing the latter could leave an empty file behind.
* | | | Merge branch 'PHP-7.0' into PHP-7.1Xinchen Hui2016-07-241-2/+2
|\ \ \ \ | |/ / / | | | | | | | | | | | | * PHP-7.0: Fixed bug #72660 (NULL Pointer dereference in zend_virtual_cwd)
| * | | Fixed bug #72660 (NULL Pointer dereference in zend_virtual_cwd)Xinchen Hui2016-07-241-2/+2
| | | |
* | | | Merge branch 'throw-error-in-extensions'Aaron Piotrowski2016-07-051-1/+1
|\ \ \ \
| * | | | Replace zend_ce_error with NULL and replace more E_ERROR with thrown ErrorAaron Piotrowski2016-06-131-2/+1
| | | | |
| * | | | Merge branch 'master' into throw-error-in-extensionsAaron Piotrowski2016-06-101-18/+53
| |\ \ \ \
| * | | | | Convert E_ERROR to thrown Error in extensionsAaron Piotrowski2015-07-051-1/+2
| | | | | |
* | | | | | Fixed compilation warningsDmitry Stogov2016-06-221-2/+2
| | | | | |
* | | | | | Added ZEND_ATTRIBUTE_FORMAT to some middind functions.Dmitry Stogov2016-06-211-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | "%p" replaced by ZEND_LONG_FMT to avoid compilation warnings. Fixed most incorrect use cases of format specifiers.
* | | | | | Merge branch 'PHP-7.0'Stanislav Malyshev2016-06-211-0/+9
|\ \ \ \ \ \ | |_|/ / / / |/| | / / / | | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-7.0: iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow update NEWS fix tests fix build Fix bug #72455: Heap Overflow due to integer overflows Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize Fix bug #72407: NULL Pointer Dereference at _gdScaleVert Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free Fix bug #72298 pass2_no_dither out-of-bounds access Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow Fix bug #72262 - do not overflow int Fix bug #72400 and #72403 - prevent signed int overflows for string lengths Fix bug #72275: don't allow smart_str to overflow int Fix bug #72340: Double Free Courruption in wddx_deserialize Fix bug #72321 - use efree() for emalloc allocation 5.6.23RC1 fix NEWS set versions
| * | | | Merge branch 'PHP-5.6.23' into PHP-7.0.8Stanislav Malyshev2016-06-211-0/+9
| |\ \ \ \ | | | |/ / | | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.6.23: (24 commits) iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow update NEWS fix tests fix build Fix bug #72455: Heap Overflow due to integer overflows Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize Fix bug #72407: NULL Pointer Dereference at _gdScaleVert Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free Fix bug #72298 pass2_no_dither out-of-bounds access Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow Fix bug #72262 - do not overflow int Fix bug #72400 and #72403 - prevent signed int overflows for string lengths Fix bug #72275: don't allow smart_str to overflow int Fix bug #72340: Double Free Courruption in wddx_deserialize update NEWS Fix #66387: Stack overflow with imagefilltoborder Fix bug #72321 - use efree() for emalloc allocation 5.6.23RC1 Fix bug #72140 (segfault after calling ERR_free_strings()) ... Conflicts: configure.in ext/mbstring/php_mbregex.c ext/mcrypt/mcrypt.c ext/spl/spl_array.c ext/spl/spl_directory.c ext/standard/php_smart_str.h ext/standard/string.c ext/standard/url.c ext/wddx/wddx.c ext/zip/php_zip.c main/php_version.h
| | * | | Merge branch 'PHP-5.5' into PHP-5.6.23Stanislav Malyshev2016-06-211-0/+9
| | |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.5: Fixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow update NEWS fix tests fix build Fix bug #72455: Heap Overflow due to integer overflows Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize Fix bug #72407: NULL Pointer Dereference at _gdScaleVert Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free Fix bug #72298 pass2_no_dither out-of-bounds access Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow Fix bug #72262 - do not overflow int Fix bug #72400 and #72403 - prevent signed int overflows for string lengths Fix bug #72275: don't allow smart_str to overflow int Fix bug #72340: Double Free Courruption in wddx_deserialize update NEWS Fix #66387: Stack overflow with imagefilltoborder Skip test which is 64bits only 5.5.37 now Conflicts: configure.in ext/mcrypt/mcrypt.c ext/spl/spl_directory.c main/php_version.h
| | | * | | Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC ↵Stanislav Malyshev2016-06-201-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | algorithm and unserialize
| | | * | | Merge branch 'PHP-5.4.45' into PHP-5.5.29Stanislav Malyshev2015-09-011-2/+2
| | | |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.4.45: add test Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage Fix bug #70172 - Use After Free Vulnerability in unserialize() Fix bug #70388 - SOAP serialize_function_call() type confusion Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories Improve fix for #70385 Fix bug #70345 (Multiple vulnerabilities related to PCRE functions) Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes) Conflicts: ext/pcre/php_pcre.c ext/standard/var_unserializer.c
| * | | | | | Expose missing flags from libzip at least >= 0.11.xAnatol Belski2016-05-301-0/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | These are helpful with reading/writing zips containing non UTF-8 filenames to mitigate possibly changed libzip behaviors. Partial cherry-pick of 893c2405ff34250ffefbbc1d223de4df6c154c8a
* | | | | | | Expose missing flags from libzip at least >= 0.11.xAnatol Belski2016-05-251-0/+31
|/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | These are helpful with reading/writing zips containing non UTF-8 filenames to mitigate possibly changed libzip behaviors.
* | | | | | Fix bug #71923 - integer overflow in ZipArchive::getFrom*Stanislav Malyshev2016-04-261-2/+2
| | | | | |
* | | | | | Merge branch 'PHP-5.6' into PHP-7.0Remi Collet2016-02-221-2/+0
|\ \ \ \ \ \ | |/ / / / / | | | | | | | | | | | | | | | | | | * PHP-5.6: cleanup $Id
| * | | | | cleanup $IdRemi Collet2016-02-221-2/+0
| | | | | |
* | | | | | Remove TSRMLS_* from code, they are not used anymoreStanislav Malyshev2016-02-171-1/+1
| | | | | |
* | | | | | Format string fixesNikita Popov2016-02-141-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: ext/pgsql/pgsql.c
* | | | | | Merge branch 'PHP-5.6' into PHP-7.0Xinchen Hui2016-02-091-1/+1
|\ \ \ \ \ \ | |/ / / / / | | | | | | | | | | | | | | | | | | Conflicts: ext/zip/php_zip.c
| * | | | | Fixed bug #71561 (NULL pointer dereference in Zip::ExtractTo)Xinchen Hui2016-02-091-1/+1
| | | | | |
* | | | | | Merge branch 'PHP-5.6' into PHP-7.0Lior Kaplan2016-01-011-1/+1
|\ \ \ \ \ \ | |/ / / / / | | | | | | | | | | | | | | | | | | * PHP-5.6: Happy new year (Update copyright to 2016)
| * | | | | Happy new year (Update copyright to 2016)Lior Kaplan2016-01-011-1/+1
| | | | | |
* | | | | | Fixed incorrect usage of HASH_OF() macro. Replaced HASH_OF() with more ↵Dmitry Stogov2015-09-241-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | appropriate Z_ARRVAL_P() or Z_OBJPROP_P().
* | | | | | Merge branch 'PHP-5.6'Remi Collet2015-09-071-2/+2
|\ \ \ \ \ \ | |/ / / / / | | | | | | | | | | | | | | | | | | * PHP-5.6: Fix build
| * | | | | Fix buildRemi Collet2015-09-071-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | php_zip.c:1647:2: warning: suggest parentheses around assignment used as truth value [-Wparentheses] php_zip.c:1648:3: error: format not a string literal and no format arguments [-Werror=format-security]
* | | | | | Merge branch 'PHP-5.6'Christoph M. Becker2015-09-051-2/+8
|\ \ \ \ \ \ | |/ / / / / | | | | | | | | | | | | | | | | | | * PHP-5.6: Fix #70322: ZipArchive::close() doesn't indicate errors
| * | | | | Fix #70322: ZipArchive::close() doesn't indicate errorsChristoph M. Becker2015-09-051-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If an archive can't be written, ZipArchive::close() nonetheless returns TRUE. We fix the return value to properly return success, and additionally raise a warning on failure.
* | | | | | Merge branch 'PHP-5.6'Stanislav Malyshev2015-09-021-1/+1
|\ \ \ \ \ \ | |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.6: (21 commits) fix unit tests update NEWS add NEWS for fixes Improve fix for #70172 Fix bug #70312 - HAVAL gives wrong hashes in specific cases fix test add test Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage Fix bug #70172 - Use After Free Vulnerability in unserialize() Fix bug #70388 - SOAP serialize_function_call() type confusion Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories Improve fix for #70385 Fix bug #70345 (Multiple vulnerabilities related to PCRE functions) Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes) Fix bug #70219 (Use after free vulnerability in session deserializer) Fix bug ##70284 (Use after free vulnerability in unserialize() with GMP) Fix for bug #69782 Add CVE IDs asigned (post release) to PHP 5.4.43 Add CVE IDs asigned to #69085 (PHP 5.4.39) ... Conflicts: ext/exif/exif.c ext/gmp/gmp.c ext/pcre/php_pcre.c ext/session/session.c ext/session/tests/session_decode_variation3.phpt ext/soap/soap.c ext/spl/spl_observer.c ext/standard/var.c ext/standard/var_unserializer.c ext/standard/var_unserializer.re ext/xsl/xsltprocessor.c
| * | | | | Merge branch 'PHP-5.5' into PHP-5.6Stanislav Malyshev2015-09-011-1/+1
| |\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.5: update NEWS add NEWS for fixes Improve fix for #70172 Fix bug #70312 - HAVAL gives wrong hashes in specific cases fix test add test Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage Fix bug #70172 - Use After Free Vulnerability in unserialize() Fix bug #70388 - SOAP serialize_function_call() type confusion Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories Improve fix for #70385 Fix bug #70345 (Multiple vulnerabilities related to PCRE functions) Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes) Fix bug #70219 (Use after free vulnerability in session deserializer) Fix for bug #69782 Add CVE IDs asigned (post release) to PHP 5.4.43 Add CVE IDs asigned to #69085 (PHP 5.4.39) 5.4.45 next Conflicts: ext/pcre/php_pcre.c ext/standard/var_unserializer.c ext/standard/var_unserializer.re ext/zip/php_zip.c
View Lorry Controller Status