php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75728 outdated libzip
Submitted: 2017-12-24 06:59 UTC Modified: 2017-12-28 09:10 UTC
From: miha at nepovem dot com Assigned:
Status: Not a bug Package: zip (PECL)
PHP Version: 7.2.0 OS: any
Private report: No CVE-ID: None
 [2017-12-24 06:59 UTC] miha at nepovem dot com
Description:
------------
PHP ships with prehistoric libzip 1.1.2, which doesn't support the encryption and few other things. 
The documentation nicely states that this requires at least libzip 1.2

Expected result:
----------------
New release should ship with at least the version of library they recommend in the docs. But preferably it should ship with the latest available which at the time of writing this bug report is 1.3.2


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-12-28 09:10 UTC] remi@php.net
-Status: Open +Status: Not a bug
 [2017-12-28 09:10 UTC] remi@php.net
the zip extension rely (by default) on system libzip (all version >= 0.11 are supported).

The bundled version is indeed outdated and SHOULD not be used (the --without-libzip option is there only for some travis issues)

As for all libraries (openssl, libicu, libsodium, etc) using a bundled library doesn't make sense, and thus bundled library MUST be an exception (e.g. timelib)

So, not a bug.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Fri Jan 24 18:01:24 2020 UTC