PHP :: Bug #75728 :: outdated libzip

Bug #75728	outdated libzip
Submitted:	2017-12-24 06:59 UTC	Modified:	2017-12-28 09:10 UTC
From:	miha at nepovem dot com	Assigned:
Status:	Not a bug	Package:	zip (PECL)
PHP Version:	7.2.0	OS:	any
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2017-12-24 06:59 UTC] miha at nepovem dot com

Description:
------------
PHP ships with prehistoric libzip 1.1.2, which doesn't support the encryption and few other things. 
The documentation nicely states that this requires at least libzip 1.2

Expected result:
----------------
New release should ship with at least the version of library they recommend in the docs. But preferably it should ship with the latest available which at the time of writing this bug report is 1.3.2

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2017-12-28 09:10 UTC] remi@php.net

-Status: Open +Status: Not a bug

[2017-12-28 09:10 UTC] remi@php.net

the zip extension rely (by default) on system libzip (all version >= 0.11 are supported).

The bundled version is indeed outdated and SHOULD not be used (the --without-libzip option is there only for some travis issues)

As for all libraries (openssl, libicu, libsodium, etc) using a bundled library doesn't make sense, and thus bundled library MUST be an exception (e.g. timelib)

So, not a bug.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 26 10:01:31 2024 UTC