summaryrefslogtreecommitdiff
path: root/ext/zip/php_zip.c
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'PHP-7.0' into PHP-7.1Christoph M. Becker2016-09-061-6/+6
|\
| * Merge branch 'PHP-5.6' into PHP-7.0Christoph M. Becker2016-09-061-6/+6
| |\
| | * Fix #70752: Depacking with wrong password leaves 0 length filesChristoph M. Becker2016-09-061-7/+7
| | | | | | | | | | | | | | | We should not open the output stream before we have tried to open the archive entry, as failing the latter could leave an empty file behind.
* | | Merge branch 'PHP-7.0' into PHP-7.1Xinchen Hui2016-07-241-2/+2
|\ \ \ | |/ / | | | | | | | | | * PHP-7.0: Fixed bug #72660 (NULL Pointer dereference in zend_virtual_cwd)
| * | Fixed bug #72660 (NULL Pointer dereference in zend_virtual_cwd)Xinchen Hui2016-07-241-2/+2
| | |
* | | Merge branch 'throw-error-in-extensions'Aaron Piotrowski2016-07-051-1/+1
|\ \ \
| * | | Replace zend_ce_error with NULL and replace more E_ERROR with thrown ErrorAaron Piotrowski2016-06-131-2/+1
| | | |
| * | | Merge branch 'master' into throw-error-in-extensionsAaron Piotrowski2016-06-101-18/+53
| |\ \ \
| * | | | Convert E_ERROR to thrown Error in extensionsAaron Piotrowski2015-07-051-1/+2
| | | | |
* | | | | Fixed compilation warningsDmitry Stogov2016-06-221-2/+2
| | | | |
* | | | | Added ZEND_ATTRIBUTE_FORMAT to some middind functions.Dmitry Stogov2016-06-211-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | "%p" replaced by ZEND_LONG_FMT to avoid compilation warnings. Fixed most incorrect use cases of format specifiers.
* | | | | Merge branch 'PHP-7.0'Stanislav Malyshev2016-06-211-0/+9
|\ \ \ \ \ | |_|/ / / |/| | / / | | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-7.0: iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow update NEWS fix tests fix build Fix bug #72455: Heap Overflow due to integer overflows Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize Fix bug #72407: NULL Pointer Dereference at _gdScaleVert Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free Fix bug #72298 pass2_no_dither out-of-bounds access Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow Fix bug #72262 - do not overflow int Fix bug #72400 and #72403 - prevent signed int overflows for string lengths Fix bug #72275: don't allow smart_str to overflow int Fix bug #72340: Double Free Courruption in wddx_deserialize Fix bug #72321 - use efree() for emalloc allocation 5.6.23RC1 fix NEWS set versions
| * | | Merge branch 'PHP-5.6.23' into PHP-7.0.8Stanislav Malyshev2016-06-211-0/+9
| |\ \ \ | | | |/ | | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.6.23: (24 commits) iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow update NEWS fix tests fix build Fix bug #72455: Heap Overflow due to integer overflows Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize Fix bug #72407: NULL Pointer Dereference at _gdScaleVert Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free Fix bug #72298 pass2_no_dither out-of-bounds access Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow Fix bug #72262 - do not overflow int Fix bug #72400 and #72403 - prevent signed int overflows for string lengths Fix bug #72275: don't allow smart_str to overflow int Fix bug #72340: Double Free Courruption in wddx_deserialize update NEWS Fix #66387: Stack overflow with imagefilltoborder Fix bug #72321 - use efree() for emalloc allocation 5.6.23RC1 Fix bug #72140 (segfault after calling ERR_free_strings()) ... Conflicts: configure.in ext/mbstring/php_mbregex.c ext/mcrypt/mcrypt.c ext/spl/spl_array.c ext/spl/spl_directory.c ext/standard/php_smart_str.h ext/standard/string.c ext/standard/url.c ext/wddx/wddx.c ext/zip/php_zip.c main/php_version.h
| | * | Merge branch 'PHP-5.5' into PHP-5.6.23Stanislav Malyshev2016-06-211-0/+9
| | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.5: Fixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow update NEWS fix tests fix build Fix bug #72455: Heap Overflow due to integer overflows Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize Fix bug #72407: NULL Pointer Dereference at _gdScaleVert Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free Fix bug #72298 pass2_no_dither out-of-bounds access Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow Fix bug #72262 - do not overflow int Fix bug #72400 and #72403 - prevent signed int overflows for string lengths Fix bug #72275: don't allow smart_str to overflow int Fix bug #72340: Double Free Courruption in wddx_deserialize update NEWS Fix #66387: Stack overflow with imagefilltoborder Skip test which is 64bits only 5.5.37 now Conflicts: configure.in ext/mcrypt/mcrypt.c ext/spl/spl_directory.c main/php_version.h
| | | * | Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC ↵Stanislav Malyshev2016-06-201-0/+9
| | | | | | | | | | | | | | | | | | | | algorithm and unserialize
| | | * | Merge branch 'PHP-5.4.45' into PHP-5.5.29Stanislav Malyshev2015-09-011-2/+2
| | | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.4.45: add test Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage Fix bug #70172 - Use After Free Vulnerability in unserialize() Fix bug #70388 - SOAP serialize_function_call() type confusion Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories Improve fix for #70385 Fix bug #70345 (Multiple vulnerabilities related to PCRE functions) Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes) Conflicts: ext/pcre/php_pcre.c ext/standard/var_unserializer.c
| * | | | | Expose missing flags from libzip at least >= 0.11.xAnatol Belski2016-05-301-0/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | These are helpful with reading/writing zips containing non UTF-8 filenames to mitigate possibly changed libzip behaviors. Partial cherry-pick of 893c2405ff34250ffefbbc1d223de4df6c154c8a
* | | | | | Expose missing flags from libzip at least >= 0.11.xAnatol Belski2016-05-251-0/+31
|/ / / / / | | | | | | | | | | | | | | | | | | | | These are helpful with reading/writing zips containing non UTF-8 filenames to mitigate possibly changed libzip behaviors.
* | | | | Fix bug #71923 - integer overflow in ZipArchive::getFrom*Stanislav Malyshev2016-04-261-2/+2
| | | | |
* | | | | Merge branch 'PHP-5.6' into PHP-7.0Remi Collet2016-02-221-2/+0
|\ \ \ \ \ | |/ / / / | | | | | | | | | | | | | | | * PHP-5.6: cleanup $Id
| * | | | cleanup $IdRemi Collet2016-02-221-2/+0
| | | | |
* | | | | Remove TSRMLS_* from code, they are not used anymoreStanislav Malyshev2016-02-171-1/+1
| | | | |
* | | | | Format string fixesNikita Popov2016-02-141-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: ext/pgsql/pgsql.c
* | | | | Merge branch 'PHP-5.6' into PHP-7.0Xinchen Hui2016-02-091-1/+1
|\ \ \ \ \ | |/ / / / | | | | | | | | | | | | | | | Conflicts: ext/zip/php_zip.c
| * | | | Fixed bug #71561 (NULL pointer dereference in Zip::ExtractTo)Xinchen Hui2016-02-091-1/+1
| | | | |
* | | | | Merge branch 'PHP-5.6' into PHP-7.0Lior Kaplan2016-01-011-1/+1
|\ \ \ \ \ | |/ / / / | | | | | | | | | | | | | | | * PHP-5.6: Happy new year (Update copyright to 2016)
| * | | | Happy new year (Update copyright to 2016)Lior Kaplan2016-01-011-1/+1
| | | | |
* | | | | Fixed incorrect usage of HASH_OF() macro. Replaced HASH_OF() with more ↵Dmitry Stogov2015-09-241-3/+3
| | | | | | | | | | | | | | | | | | | | appropriate Z_ARRVAL_P() or Z_OBJPROP_P().
* | | | | Merge branch 'PHP-5.6'Remi Collet2015-09-071-2/+2
|\ \ \ \ \ | |/ / / / | | | | | | | | | | | | | | | * PHP-5.6: Fix build
| * | | | Fix buildRemi Collet2015-09-071-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | php_zip.c:1647:2: warning: suggest parentheses around assignment used as truth value [-Wparentheses] php_zip.c:1648:3: error: format not a string literal and no format arguments [-Werror=format-security]
* | | | | Merge branch 'PHP-5.6'Christoph M. Becker2015-09-051-2/+8
|\ \ \ \ \ | |/ / / / | | | | | | | | | | | | | | | * PHP-5.6: Fix #70322: ZipArchive::close() doesn't indicate errors
| * | | | Fix #70322: ZipArchive::close() doesn't indicate errorsChristoph M. Becker2015-09-051-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If an archive can't be written, ZipArchive::close() nonetheless returns TRUE. We fix the return value to properly return success, and additionally raise a warning on failure.
* | | | | Merge branch 'PHP-5.6'Stanislav Malyshev2015-09-021-1/+1
|\ \ \ \ \ | |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.6: (21 commits) fix unit tests update NEWS add NEWS for fixes Improve fix for #70172 Fix bug #70312 - HAVAL gives wrong hashes in specific cases fix test add test Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage Fix bug #70172 - Use After Free Vulnerability in unserialize() Fix bug #70388 - SOAP serialize_function_call() type confusion Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories Improve fix for #70385 Fix bug #70345 (Multiple vulnerabilities related to PCRE functions) Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes) Fix bug #70219 (Use after free vulnerability in session deserializer) Fix bug ##70284 (Use after free vulnerability in unserialize() with GMP) Fix for bug #69782 Add CVE IDs asigned (post release) to PHP 5.4.43 Add CVE IDs asigned to #69085 (PHP 5.4.39) ... Conflicts: ext/exif/exif.c ext/gmp/gmp.c ext/pcre/php_pcre.c ext/session/session.c ext/session/tests/session_decode_variation3.phpt ext/soap/soap.c ext/spl/spl_observer.c ext/standard/var.c ext/standard/var_unserializer.c ext/standard/var_unserializer.re ext/xsl/xsltprocessor.c
| * | | | Merge branch 'PHP-5.5' into PHP-5.6Stanislav Malyshev2015-09-011-1/+1
| |\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.5: update NEWS add NEWS for fixes Improve fix for #70172 Fix bug #70312 - HAVAL gives wrong hashes in specific cases fix test add test Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage Fix bug #70172 - Use After Free Vulnerability in unserialize() Fix bug #70388 - SOAP serialize_function_call() type confusion Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories Improve fix for #70385 Fix bug #70345 (Multiple vulnerabilities related to PCRE functions) Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes) Fix bug #70219 (Use after free vulnerability in session deserializer) Fix for bug #69782 Add CVE IDs asigned (post release) to PHP 5.4.43 Add CVE IDs asigned to #69085 (PHP 5.4.39) 5.4.45 next Conflicts: ext/pcre/php_pcre.c ext/standard/var_unserializer.c ext/standard/var_unserializer.re ext/zip/php_zip.c
| | * \ \ \ Merge branch 'PHP-5.4' into PHP-5.5Stanislav Malyshev2015-09-011-2/+2
| | |\ \ \ \ | | | |/ / / | | |/| / / | | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.4: Improve fix for #70172 Fix bug #70312 - HAVAL gives wrong hashes in specific cases fix test add test Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage Fix bug #70172 - Use After Free Vulnerability in unserialize() Fix bug #70388 - SOAP serialize_function_call() type confusion Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories Improve fix for #70385 Fix bug #70345 (Multiple vulnerabilities related to PCRE functions) Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes) Fix bug #70219 (Use after free vulnerability in session deserializer) Fix for bug #69782 Add CVE IDs asigned (post release) to PHP 5.4.43 Add CVE IDs asigned to #69085 (PHP 5.4.39) 5.4.45 next Conflicts: configure.in ext/pcre/php_pcre.c ext/standard/var_unserializer.c ext/standard/var_unserializer.re main/php_version.h
| | | * | Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when ↵Stanislav Malyshev2015-08-301-39/+39
| | | | | | | | | | | | | | | | | | | | creating directories
| | | * | Bump yearXinchen Hui2014-01-031-1/+1
| | | | |
| | * | | Fix typo: unitialized -> uninitializedLior Kaplan2015-04-011-1/+1
| | | | |
| | * | | Bump yearXinchen Hui2015-01-151-1/+1
| | | | |
| | * | | Bump yearXinchen Hui2014-01-031-1/+1
| | | | |
| * | | | bump yearXinchen Hui2015-01-151-1/+1
| | | | |
| * | | | typo fixes - https://github.com/vlajos/misspell_fixerVeres Lajos2014-11-231-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: ext/ftp/ftp.h ext/pcre/pcrelib/pcre_printint.c ext/pcre/pcrelib/sljit/sljitLir.c ext/pcre/pcrelib/sljit/sljitLir.h ext/pcre/pcrelib/sljit/sljitNativeARM_32.c ext/pcre/pcrelib/sljit/sljitNativeTILEGX_64.c ext/pgsql/pgsql.c ext/phar/func_interceptors.c ext/soap/soap.c ext/standard/image.c
* | | | | improve error messageAnatol Belski2015-08-191-1/+1
| | | | |
* | | | | remove TSRMLS_*Anatol Belski2015-08-021-3/+3
| |_|_|/ |/| | | | | | | | | | | either remains or merged in from PHP5
* | | | Use ZSTR_ API to access zend_string elements (this is just renaming without ↵Dmitry Stogov2015-06-301-36/+36
| | | | | | | | | | | | | | | | semantick changes).
* | | | Make convert_to_* safe with rc>1Nikita Popov2015-06-111-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This only involves switching zval_dtor to zval_ptr_dtor for arrays and making the convert_to_object for arrays a bit more generic. All the other changes outside zend_operators.c just make use of this new ability (use COPY instead of DUP). What's still missing: Proper references handling. I've seen many convert_to* calls that will break when a reference is used. Also fixes bug #69788.
* | | | return FALSE instead of NULL from ZipArchive::getStream when ↵Christoph M. Becker2015-05-121-0/+2
| | | | | | | | | | | | | | | | php_stream_zip_open() fails (fixes #67161)
* | | | add ZipArchive::setCompressionName and ZipArchive::setCompressionIndex methodsRemi Collet2015-05-061-3/+84
| | | |
* | | | don't use deprecated libzip callRemi Collet2015-05-061-0/+28
| | | |
* | | | Clean up some type conversionsNikita Popov2015-04-271-10/+1
| | | | | | | | | | | | | | | | | | | | While at it also fix some type checks in iconv and drop dead and unported code in standard/filters.
View Lorry Controller Status