PEAR: Latest releases

The latest releases in PEAR.


Archive_Tar 1.4.11

* Fix Bug #27002: Filename manipulation vulnerabilities (CVE-2020-28948 /
CVE-2020-28949) [mrook]

2020-11-19T17:11:16-05:00

PHP_CodeSniffer 3.5.8

- Reverted a change to the way include/exclude patterns are processed for STDIN content
-- This change is not backwards compatible and will be re-introduced in version 3.6.0

2020-10-23T00:36:52-05:00

PHP_CodeSniffer 3.5.7

- The PHP 8.0 T_NULLSAFE_OBJECT_OPERATOR token has been made available for older versions
-- Existing sniffs that check for T_OBJECT_OPERATOR have been modified to apply the same rules for the nullsafe object operator
-- Thanks to Juliette Reinders Folmer for the patch
- The new method of PHP 8.0 tokenizing for namespaced names has been revert to thr pre 8.0 method
-- This maintains backwards compatible for existing sniffs on PHP 8.0
-- This change will be removed in PHPCS 4.0 as the PHP 8.0 tokenizing method will be backported for pre 8.0 versions
-- Thanks to Juliette Reinders Folmer for the patch
- Added support for changes to the way PHP 8.0 tokenizes hash comments
-- The existing PHP 5-7 behaviour has been replicated for version 8, so no sniff changes are required
-- Thanks to Juliette Reinders Folmer for the patch
- The autoloader has been changed to fix sniff class name detection issues that may occur when running on PHP 7.4+
-- Thanks to Eloy Lafuente for the patch
- Running the unit tests now includes warnings in the found and fixable error code counts
-- Thanks to Juliette Reinders Folmer for the patch
- PSR12.ControlStructures.BooleanOperatorPlacement.FoundMixed error message is now more accurate when using the allowOnly setting
-- Thanks to Vincent Langlet for the patch
- PSR12.Functions.NullableTypeDeclaration now supports the PHP8 static return type
-- Thanks to Juliette Reinders Folmer for the patch
- Fixed Squiz.Formatting.OperatorBracket false positive when exiting with a negative number
- Fixed Squiz.PHP.DisallowComparisonAssignment false positive for methods called on an object
- Fixed bug #2882 : Generic.Arrays.ArrayIndent can request close brace indent to be less than the statement indent level
- Fixed bug #2883 : Generic.WhiteSpace.ScopeIndent.Incorrect issue after NOWDOC
- Fixed bug #2975 : Undefined offset in PSR12.Functions.ReturnTypeDeclaration when checking function return type inside ternary
- Fixed bug #2988 : Undefined offset in Squiz.Strings.ConcatenationSpacing during live coding
-- Thanks to Thiemo Kreuz for the patch
- Fixed bug #2989 : Incorrect auto-fixing in Generic.ControlStructures.InlineControlStructure during live coding
-- Thanks to Thiemo Kreuz for the patch
- Fixed bug #3007 : Directory exclude pattern improperly excludes directories with names that start the same
-- Thanks to Steve Talbot for the patch
- Fixed bug #3043 : Squiz.WhiteSpace.OperatorSpacing false positive for negation in arrow function
-- Thanks to Juliette Reinders Folmer for the patch
- Fixed bug #3049 : Incorrect error with arrow function and parameter passed as reference
-- Thanks to Juliette Reinders Folmer for the patch
- Fixed bug #3053 : PSR2 incorrect fix when multiple use statements on same line do not have whitespace between them
- Fixed bug #3058 : Progress gets unaligned when 100% happens at the end of the available dots
- Fixed bug #3059 : Squiz.Arrays.ArrayDeclaration false positive when using type casting
-- Thanks to Sergei Morozov for the patch
- Fixed bug #3060 : Squiz.Arrays.ArrayDeclaration false positive for static functions
-- Thanks to Sergei Morozov for the patch
- Fixed bug #3065 : Should not fix Squiz.Arrays.ArrayDeclaration.SpaceBeforeComma if comment between element and comma
-- Thanks to Sergei Morozov for the patch
- Fixed bug #3066 : No support for namespace operator used in type declarations
-- Thanks to Juliette Reinders Folmer for the patch
- Fixed bug #3075 : PSR12.ControlStructures.BooleanOperatorPlacement false positive when operator is the only content on line
- Fixed bug #3099 : Squiz.WhiteSpace.OperatorSpacing false positive when exiting with negative number
-- Thanks to Sergei Morozov for the patch
- Fixed bug #3102 : PSR12.Squiz.OperatorSpacing false positive for default values of arrow functions
-- Thanks to Juliette Reinders Folmer for the patch
- Fixed bug #3124 : PSR-12 not reporting error for empty lines with only whitespace
- Fixed bug #3135 : Ignore annotations are broken on PHP 8.0
-- Thanks to Juliette Reinders Folmer for the patch

2020-10-22T18:59:23-05:00

Net_DNS2 1.5.0

- added the AMTRELAY resource record type (RFC 8777).
- added Net_DNS2_RR::asArray(), which returns the same values as __toString(), but as an array for easier access.
- added Net_DNS2::closeSockets(), which lets you close all cached network sockets in the resolver object.
- added Net_DNS2::getSockets(), which returns the local sockets cache array.
- added date_created and date_last_used to the Net_DNS2_Socket object, to track usage stats on each socket object.
- added the SHA256, SHA384, and GOST digest defines to Lookups.php.
- dropped the Net_DNS2_Socket_Sockets, and switch to just using the streams code. There's no speed difference anymore.
- fixed a bug in Net_DNS2_Packet::compress() and Net_DNS2_Packet::expand() related to dot literals in compressed names.
- fixed a display issue in the IPSECKEY RR when displaying hostname / domain names in the gateway field.
- fixed a couple inconsistencies in the docs.
- fixed a PHP 7.4 bug in Sockets.php; accessing a null value as an array throws an exception now.
- fixed Net_DNS2_RR_DS so it will be able to support other digest definitions without any other changes.
- the Net_DNS2_RR_NIMLOC class was incorrectly named Net_DNS2_RR_NIMLOCK.
- Net_DNS2_PrivateKey was using the wrong member variable name for the key_format value.
- changed all references to array() to [].
- removed all sorts of license noise from the files.
- updated the test cases to use PHPUnit v9+.

2020-10-08T11:39:06-05:00

HTTP_Request2 2.4.2

Socket adapter could prematurely end receiving the response body due to
fread() call returning an empty string

2020-09-24T18:13:28-05:00

Net_FTP 1.4.1

* Fix regex for lsMatch on unix

2020-09-24T17:25:19-05:00

Archive_Tar 1.4.10

* Fix block padding when the file buffer length is a multiple of 512 and smaller than Archive_Tar buffer length
* Don't try to copy username/groupname in chroot jail

2020-09-15T10:16:33-05:00

HTML_QuickForm2 2.2.0

* Minimum required PHP version is now 5.4
* Removed support for magic_quotes_gpc, as get_magic_quotes_gpc()
was deprecated in PHP 7.4 and the functionality itself was disabled
since PHP 5.4 (https://github.com/pear/HTML_QuickForm2/issues/3)
* HTML_QuickForm2_Element_Date::setValue() will now accept an instance of
DateTimeInterface, not only DateTime

2020-09-15T01:52:56-05:00

pearweb 1.31.0

- Address some vulnerabilities such as sanitising input.

2020-09-14T19:27:36-05:00

pearweb 1.30.0

- Address some vulnerabilities such as sanitising input.

2020-09-11T16:51:33-05:00