Merge pull request #1807 from nextcloud/dependabot/composer/pear/arch…

…ive_tar-1.5.0 chore(deps): Bump pear/archive_tar from 1.4.14 to 1.5.0
nextcloud · May 29, 2024 · 1b1e27b · 1b1e27b
2 parents cbcfacd + 13aa773
commit 1b1e27b
Show file tree

Hide file tree

Showing 5 changed files with 68 additions and 51 deletions.
diff --git a/composer.lock b/composer.lock
diff --git a/composer/installed.json b/composer/installed.json
@@ -2358,17 +2358,17 @@
         },
         {
             "name": "pear/archive_tar",
-            "version": "1.4.14",
-            "version_normalized": "1.4.14.0",
+            "version": "1.5.0",
+            "version_normalized": "1.5.0.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/pear/Archive_Tar.git",
-                "reference": "4d761c5334c790e45ef3245f0864b8955c562caa"
+                "reference": "b439c859564f5cbb0f64ad6002d0afe84a889602"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/pear/Archive_Tar/zipball/4d761c5334c790e45ef3245f0864b8955c562caa",
-                "reference": "4d761c5334c790e45ef3245f0864b8955c562caa",
+                "url": "https://api.github.com/repos/pear/Archive_Tar/zipball/b439c859564f5cbb0f64ad6002d0afe84a889602",
+                "reference": "b439c859564f5cbb0f64ad6002d0afe84a889602",
                 "shasum": ""
             },
             "require": {
@@ -2383,7 +2383,7 @@
                 "ext-xz": "Lzma2 compression support.",
                 "ext-zlib": "Gzip compression support."
             },
-            "time": "2021-07-20T13:53:39+00:00",
+            "time": "2024-03-16T16:21:40+00:00",
             "type": "library",
             "extra": {
                 "branch-alias": {
@@ -2401,7 +2401,7 @@
                 "./"
             ],
             "license": [
-                "BSD-3-Clause"
+                "BSD-2-Clause"
             ],
             "authors": [
                 {
@@ -2427,16 +2427,6 @@
                 "issues": "http://pear.php.net/bugs/search.php?cmd=display&package_name[]=Archive_Tar",
                 "source": "https://github.com/pear/Archive_Tar"
             },
-            "funding": [
-                {
-                    "url": "https://github.com/mrook",
-                    "type": "github"
-                },
-                {
-                    "url": "https://www.patreon.com/michielrook",
-                    "type": "patreon"
-                }
-            ],
             "install-path": "../pear/archive_tar"
         },
         {

diff --git a/composer/installed.php b/composer/installed.php
@@ -3,7 +3,7 @@
         'name' => 'nextcloud/3rdparty',
         'pretty_version' => 'dev-master',
         'version' => 'dev-master',
-        'reference' => '0ee07d2de6dd4c126c1c34ef18c9e5a4cd16a63e',
+        'reference' => '9cc1b0eca17eac65fbbe9141df52b60320f24d5d',
         'type' => 'library',
         'install_path' => __DIR__ . '/../',
         'aliases' => array(),
@@ -292,7 +292,7 @@
         'nextcloud/3rdparty' => array(
             'pretty_version' => 'dev-master',
             'version' => 'dev-master',
-            'reference' => '0ee07d2de6dd4c126c1c34ef18c9e5a4cd16a63e',
+            'reference' => '9cc1b0eca17eac65fbbe9141df52b60320f24d5d',
             'type' => 'library',
             'install_path' => __DIR__ . '/../',
             'aliases' => array(),
@@ -317,9 +317,9 @@
             'dev_requirement' => false,
         ),
         'pear/archive_tar' => array(
-            'pretty_version' => '1.4.14',
-            'version' => '1.4.14.0',
-            'reference' => '4d761c5334c790e45ef3245f0864b8955c562caa',
+            'pretty_version' => '1.5.0',
+            'version' => '1.5.0.0',
+            'reference' => 'b439c859564f5cbb0f64ad6002d0afe84a889602',
             'type' => 'library',
             'install_path' => __DIR__ . '/../pear/archive_tar',
             'aliases' => array(),

diff --git a/pear/archive_tar/Archive/Tar.php b/pear/archive_tar/Archive/Tar.php
@@ -280,7 +280,7 @@ public function __destruct()
      *              single string with names separated by a single
      *              blank space.
      *
-     * @return true on success, false on error.
+     * @return bool true on success, false on error.
      * @see    createModify()
      */
     public function create($p_filelist)
@@ -300,7 +300,7 @@ public function create($p_filelist)
      *              single string with names separated by a single
      *              blank space.
      *
-     * @return true on success, false on error.
+     * @return bool true on success, false on error.
      * @see    createModify()
      * @access public
      */
@@ -443,7 +443,7 @@ public function createModify($p_filelist, $p_add_dir, $p_remove_dir = '')
      *                             each element in the list, when
      *                             relevant.
      *
-     * @return true on success, false on error.
+     * @return bool true on success, false on error.
      */
     public function addModify($p_filelist, $p_add_dir, $p_remove_dir = '')
     {
@@ -496,7 +496,7 @@ public function addModify($p_filelist, $p_add_dir, $p_remove_dir = '')
      *                               gid => the group ID of the file
      *                                   (default = 0 = root)
      *
-     * @return true on success, false on error.
+     * @return bool true on success, false on error.
      */
     public function addString($p_filename, $p_string, $p_datetime = false, $p_params = array())
     {
@@ -622,7 +622,7 @@ public function extractInString($p_filename)
      * @param boolean $p_preserve Preserve user/group ownership of files
      * @param boolean $p_symlinks Allow symlinks.
      *
-     * @return true on success, false on error.
+     * @return bool true on success, false on error.
      * @see    extractModify()
      */
     public function extractList($p_filelist, $p_path = '', $p_remove_path = '', $p_preserve = false, $p_symlinks = true)
@@ -660,7 +660,7 @@ public function extractList($p_filelist, $p_path = '', $p_remove_path = '', $p_p
      * list of parameters, in the format attribute code + attribute values :
      * $arch->setAttribute(ARCHIVE_TAR_ATT_SEPARATOR, ',');
      *
-     * @return true on success, false on error.
+     * @return bool true on success, false on error.
      */
     public function setAttribute()
     {
@@ -2115,7 +2115,7 @@ public function _extractList(
                 if ($v_extract_file) {
                     if ($v_header['typeflag'] == "5") {
                         if (!@file_exists($v_header['filename'])) {
-                            if (!@mkdir($v_header['filename'], 0777)) {
+                            if (!@mkdir($v_header['filename'], 0775)) {
                                 $this->_error(
                                     'Unable to create directory {'
                                     . $v_header['filename'] . '}'
@@ -2448,7 +2448,7 @@ public function _dirCheck($p_dir)
             return false;
         }
 
-        if (!@mkdir($p_dir, 0777)) {
+        if (!@mkdir($p_dir, 0775)) {
             $this->_error("Unable to create directory '$p_dir'");
             return false;
         }

diff --git a/pear/archive_tar/package.xml b/pear/archive_tar/package.xml
@@ -24,6 +24,12 @@ Also Lzma2 compressed archives are supported with xz extension.</description>
   <name>Michiel Rook</name>
   <user>mrook</user>
   <email>[email protected]</email>
+  <active>no</active>
+ </lead>
+ <lead>
+  <name>Drew Webber</name>
+  <user>mcdruid</user>
+  <email>[email protected]</email>
   <active>yes</active>
  </lead>
  <helper>
@@ -32,19 +38,19 @@ Also Lzma2 compressed archives are supported with xz extension.</description>
   <email>[email protected]</email>
   <active>no</active>
  </helper>
- <date>2021-07-20</date>
- <time>18:00:00</time>
+ <date>2024-03-16</date>
  <version>
-  <release>1.4.14</release>
-  <api>1.4.0</api>
+  <release>1.5.0</release>
+  <api>1.5.0</api>
  </version>
  <stability>
   <release>stable</release>
   <api>stable</api>
  </stability>
  <license uri="http://www.opensource.org/licenses/bsd-license.php">New BSD License</license>
  <notes>
-* Properly fix symbolic link path traversal (CVE-2021-32610)
+* PR #42: fix @return true... to @return bool true... on some functions
+* PR #46: use 775 default for mkdirs, to avoid world-write
  </notes>
  <contents>
   <dir name="/">
@@ -74,6 +80,37 @@ Also Lzma2 compressed archives are supported with xz extension.</description>
  </dependencies>
  <phprelease />
  <changelog>
+  <release>
+   <version>
+    <release>1.5.0</release>
+    <api>1.5.0</api>
+   </version>
+   <stability>
+    <release>stable</release>
+    <api>stable</api>
+   </stability>
+   <date>2024-03-16</date>
+   <license uri="http://www.opensource.org/licenses/bsd-license.php">New BSD License</license>
+   <notes>
+    * PR #42: fix @return true... to @return bool true... on some functions
+    * PR #46: use 775 default for mkdirs, to avoid world-write
+   </notes>
+  </release>
+  <release>
+   <version>
+    <release>1.4.14</release>
+    <api>1.4.0</api>
+   </version>
+   <stability>
+    <release>stable</release>
+    <api>stable</api>
+   </stability>
+   <date>2021-02-16</date>
+   <license uri="http://www.opensource.org/licenses/bsd-license.php">New BSD License</license>
+   <notes>
+    * Properly fix symbolic link path traversal (CVE-2021-32610)
+   </notes>
+  </release>
   <release>
    <version>
     <release>1.4.13</release>