From 9cc1b0eca17eac65fbbe9141df52b60320f24d5d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 21 May 2024 18:38:50 +0000 Subject: [PATCH 1/2] chore(deps): Bump pear/archive_tar from 1.4.14 to 1.5.0 Bumps [pear/archive_tar](https://github.com/pear/Archive_Tar) from 1.4.14 to 1.5.0. - [Release notes](https://github.com/pear/Archive_Tar/releases) - [Commits](https://github.com/pear/Archive_Tar/compare/1.4.14...1.5.0) --- updated-dependencies: - dependency-name: pear/archive_tar dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- composer.lock | 22 ++++++---------------- 1 file changed, 6 insertions(+), 16 deletions(-) diff --git a/composer.lock b/composer.lock index 68aabb311..5b6d1cc08 100644 --- a/composer.lock +++ b/composer.lock @@ -2265,16 +2265,16 @@ }, { "name": "pear/archive_tar", - "version": "1.4.14", + "version": "1.5.0", "source": { "type": "git", "url": "https://github.com/pear/Archive_Tar.git", - "reference": "4d761c5334c790e45ef3245f0864b8955c562caa" + "reference": "b439c859564f5cbb0f64ad6002d0afe84a889602" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/pear/Archive_Tar/zipball/4d761c5334c790e45ef3245f0864b8955c562caa", - "reference": "4d761c5334c790e45ef3245f0864b8955c562caa", + "url": "https://api.github.com/repos/pear/Archive_Tar/zipball/b439c859564f5cbb0f64ad6002d0afe84a889602", + "reference": "b439c859564f5cbb0f64ad6002d0afe84a889602", "shasum": "" }, "require": { @@ -2305,7 +2305,7 @@ "./" ], "license": [ - "BSD-3-Clause" + "BSD-2-Clause" ], "authors": [ { @@ -2331,17 +2331,7 @@ "issues": "http://pear.php.net/bugs/search.php?cmd=display&package_name[]=Archive_Tar", "source": "https://github.com/pear/Archive_Tar" }, - "funding": [ - { - "url": "https://github.com/mrook", - "type": "github" - }, - { - "url": "https://www.patreon.com/michielrook", - "type": "patreon" - } - ], - "time": "2021-07-20T13:53:39+00:00" + "time": "2024-03-16T16:21:40+00:00" }, { "name": "pear/console_getopt", From 13aa773f9186c641860b335e44d8bf7430c44df2 Mon Sep 17 00:00:00 2001 From: nextcloud-command Date: Tue, 21 May 2024 18:40:13 +0000 Subject: [PATCH 2/2] chore(autoloader): Dump autoloader Signed-off-by: nextcloud-command --- composer/installed.json | 24 +++++----------- composer/installed.php | 10 +++---- pear/archive_tar/Archive/Tar.php | 16 +++++------ pear/archive_tar/package.xml | 47 ++++++++++++++++++++++++++++---- 4 files changed, 62 insertions(+), 35 deletions(-) diff --git a/composer/installed.json b/composer/installed.json index 0de3a8b6b..2d8458a1e 100644 --- a/composer/installed.json +++ b/composer/installed.json @@ -2358,17 +2358,17 @@ }, { "name": "pear/archive_tar", - "version": "1.4.14", - "version_normalized": "1.4.14.0", + "version": "1.5.0", + "version_normalized": "1.5.0.0", "source": { "type": "git", "url": "https://github.com/pear/Archive_Tar.git", - "reference": "4d761c5334c790e45ef3245f0864b8955c562caa" + "reference": "b439c859564f5cbb0f64ad6002d0afe84a889602" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/pear/Archive_Tar/zipball/4d761c5334c790e45ef3245f0864b8955c562caa", - "reference": "4d761c5334c790e45ef3245f0864b8955c562caa", + "url": "https://api.github.com/repos/pear/Archive_Tar/zipball/b439c859564f5cbb0f64ad6002d0afe84a889602", + "reference": "b439c859564f5cbb0f64ad6002d0afe84a889602", "shasum": "" }, "require": { @@ -2383,7 +2383,7 @@ "ext-xz": "Lzma2 compression support.", "ext-zlib": "Gzip compression support." }, - "time": "2021-07-20T13:53:39+00:00", + "time": "2024-03-16T16:21:40+00:00", "type": "library", "extra": { "branch-alias": { @@ -2401,7 +2401,7 @@ "./" ], "license": [ - "BSD-3-Clause" + "BSD-2-Clause" ], "authors": [ { @@ -2427,16 +2427,6 @@ "issues": "http://pear.php.net/bugs/search.php?cmd=display&package_name[]=Archive_Tar", "source": "https://github.com/pear/Archive_Tar" }, - "funding": [ - { - "url": "https://github.com/mrook", - "type": "github" - }, - { - "url": "https://www.patreon.com/michielrook", - "type": "patreon" - } - ], "install-path": "../pear/archive_tar" }, { diff --git a/composer/installed.php b/composer/installed.php index 3d04d65ae..8c2889d9d 100644 --- a/composer/installed.php +++ b/composer/installed.php @@ -3,7 +3,7 @@ 'name' => 'nextcloud/3rdparty', 'pretty_version' => 'dev-master', 'version' => 'dev-master', - 'reference' => '0ee07d2de6dd4c126c1c34ef18c9e5a4cd16a63e', + 'reference' => '9cc1b0eca17eac65fbbe9141df52b60320f24d5d', 'type' => 'library', 'install_path' => __DIR__ . '/../', 'aliases' => array(), @@ -292,7 +292,7 @@ 'nextcloud/3rdparty' => array( 'pretty_version' => 'dev-master', 'version' => 'dev-master', - 'reference' => '0ee07d2de6dd4c126c1c34ef18c9e5a4cd16a63e', + 'reference' => '9cc1b0eca17eac65fbbe9141df52b60320f24d5d', 'type' => 'library', 'install_path' => __DIR__ . '/../', 'aliases' => array(), @@ -317,9 +317,9 @@ 'dev_requirement' => false, ), 'pear/archive_tar' => array( - 'pretty_version' => '1.4.14', - 'version' => '1.4.14.0', - 'reference' => '4d761c5334c790e45ef3245f0864b8955c562caa', + 'pretty_version' => '1.5.0', + 'version' => '1.5.0.0', + 'reference' => 'b439c859564f5cbb0f64ad6002d0afe84a889602', 'type' => 'library', 'install_path' => __DIR__ . '/../pear/archive_tar', 'aliases' => array(), diff --git a/pear/archive_tar/Archive/Tar.php b/pear/archive_tar/Archive/Tar.php index 3356ad6ac..03daa39f0 100644 --- a/pear/archive_tar/Archive/Tar.php +++ b/pear/archive_tar/Archive/Tar.php @@ -280,7 +280,7 @@ public function __destruct() * single string with names separated by a single * blank space. * - * @return true on success, false on error. + * @return bool true on success, false on error. * @see createModify() */ public function create($p_filelist) @@ -300,7 +300,7 @@ public function create($p_filelist) * single string with names separated by a single * blank space. * - * @return true on success, false on error. + * @return bool true on success, false on error. * @see createModify() * @access public */ @@ -443,7 +443,7 @@ public function createModify($p_filelist, $p_add_dir, $p_remove_dir = '') * each element in the list, when * relevant. * - * @return true on success, false on error. + * @return bool true on success, false on error. */ public function addModify($p_filelist, $p_add_dir, $p_remove_dir = '') { @@ -496,7 +496,7 @@ public function addModify($p_filelist, $p_add_dir, $p_remove_dir = '') * gid => the group ID of the file * (default = 0 = root) * - * @return true on success, false on error. + * @return bool true on success, false on error. */ public function addString($p_filename, $p_string, $p_datetime = false, $p_params = array()) { @@ -622,7 +622,7 @@ public function extractInString($p_filename) * @param boolean $p_preserve Preserve user/group ownership of files * @param boolean $p_symlinks Allow symlinks. * - * @return true on success, false on error. + * @return bool true on success, false on error. * @see extractModify() */ public function extractList($p_filelist, $p_path = '', $p_remove_path = '', $p_preserve = false, $p_symlinks = true) @@ -660,7 +660,7 @@ public function extractList($p_filelist, $p_path = '', $p_remove_path = '', $p_p * list of parameters, in the format attribute code + attribute values : * $arch->setAttribute(ARCHIVE_TAR_ATT_SEPARATOR, ','); * - * @return true on success, false on error. + * @return bool true on success, false on error. */ public function setAttribute() { @@ -2115,7 +2115,7 @@ public function _extractList( if ($v_extract_file) { if ($v_header['typeflag'] == "5") { if (!@file_exists($v_header['filename'])) { - if (!@mkdir($v_header['filename'], 0777)) { + if (!@mkdir($v_header['filename'], 0775)) { $this->_error( 'Unable to create directory {' . $v_header['filename'] . '}' @@ -2448,7 +2448,7 @@ public function _dirCheck($p_dir) return false; } - if (!@mkdir($p_dir, 0777)) { + if (!@mkdir($p_dir, 0775)) { $this->_error("Unable to create directory '$p_dir'"); return false; } diff --git a/pear/archive_tar/package.xml b/pear/archive_tar/package.xml index d4f20bd4b..a997f41d8 100644 --- a/pear/archive_tar/package.xml +++ b/pear/archive_tar/package.xml @@ -24,6 +24,12 @@ Also Lzma2 compressed archives are supported with xz extension. Michiel Rook mrook mrook@php.net + no + + + Drew Webber + mcdruid + drew@mcdruid.co.uk yes @@ -32,11 +38,10 @@ Also Lzma2 compressed archives are supported with xz extension. stig@php.net no - 2021-07-20 - + 2024-03-16 - 1.4.14 - 1.4.0 + 1.5.0 + 1.5.0 stable @@ -44,7 +49,8 @@ Also Lzma2 compressed archives are supported with xz extension. New BSD License -* Properly fix symbolic link path traversal (CVE-2021-32610) +* PR #42: fix @return true... to @return bool true... on some functions +* PR #46: use 775 default for mkdirs, to avoid world-write @@ -74,6 +80,37 @@ Also Lzma2 compressed archives are supported with xz extension. + + + 1.5.0 + 1.5.0 + + + stable + stable + + 2024-03-16 + New BSD License + + * PR #42: fix @return true... to @return bool true... on some functions + * PR #46: use 775 default for mkdirs, to avoid world-write + + + + + 1.4.14 + 1.4.0 + + + stable + stable + + 2021-02-16 + New BSD License + + * Properly fix symbolic link path traversal (CVE-2021-32610) + + 1.4.13