If an archive can't be written, ZipArchive::close() nonetheless returns TRUE.
We fix the return value to properly return success, and additionally raise a
warning on failure.
* PHP-5.5:
update NEWS
add NEWS for fixes
Improve fix for #70172
Fix bug #70312 - HAVAL gives wrong hashes in specific cases
fix test
add test
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
Fix bug #70172 - Use After Free Vulnerability in unserialize()
Fix bug #70388 - SOAP serialize_function_call() type confusion
Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
Improve fix for #70385
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
Fix bug #70219 (Use after free vulnerability in session deserializer)
Fix for bug #69782
Add CVE IDs asigned (post release) to PHP 5.4.43
Add CVE IDs asigned to #69085 (PHP 5.4.39)
5.4.45 next
Conflicts:
ext/pcre/php_pcre.c
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
ext/zip/php_zip.c
* PHP-5.4:
Improve fix for #70172
Fix bug #70312 - HAVAL gives wrong hashes in specific cases
fix test
add test
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
Fix bug #70172 - Use After Free Vulnerability in unserialize()
Fix bug #70388 - SOAP serialize_function_call() type confusion
Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
Improve fix for #70385
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
Fix bug #70219 (Use after free vulnerability in session deserializer)
Fix for bug #69782
Add CVE IDs asigned (post release) to PHP 5.4.43
Add CVE IDs asigned to #69085 (PHP 5.4.39)
5.4.45 next
Conflicts:
configure.in
ext/pcre/php_pcre.c
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
main/php_version.h
* pull-request/500:
limit virtual_cwd_activate() duplicated call to ZTS only
reverted the previous commit, both calls are needed in TS mode
virtual_cwd_activate() should be called only in one place
back to do_alloca()
removed unnecessary call
simplify the state free macros
compact the code to preserve the error info after state freeing
back to do_alloca(), reverted the wrong replacement
enabled windows to use stack in both ts/nts mode, some more fixes
moved to do_alloca() usage where appropriate
fixed invalid free
fixed virtual cwd header in phar
updated NEWS
fixed all the places where last error could be lost
preserve the error code
applied and fixed the original patch
initial move on renaming files and fixing includes
Conflicts:
ext/opcache/ZendAccelerator.c
- update libzip to version 1.11.1. We don't use any private symbol anymore
- new method ZipArchive::setPassword($password)
- add --with-libzip option to build with system libzip
* PHP-5.3:
zip windows fixes
fixed bc break related to #57905
fixed a bit overlooked from the last libzip port
brought the fix for #47667 back
fixed zip entry freeing
rechecked the merged libzip, took also the indents from the original to avoid confusion next time
fixed a double freeing crash
fixed header include
initial libzip upgrade patch to 0.10.1
- BFN
Conflicts:
NEWS
