|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75728 outdated libzip
Submitted: 2017-12-24 06:59 UTC Modified: 2017-12-28 09:10 UTC
From: miha at nepovem dot com Assigned:
Status: Not a bug Package: zip (PECL)
PHP Version: 7.2.0 OS: any
Private report: No CVE-ID: None
 [2017-12-24 06:59 UTC] miha at nepovem dot com
PHP ships with prehistoric libzip 1.1.2, which doesn't support the encryption and few other things. 
The documentation nicely states that this requires at least libzip 1.2

Expected result:
New release should ship with at least the version of library they recommend in the docs. But preferably it should ship with the latest available which at the time of writing this bug report is 1.3.2


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2017-12-28 09:10 UTC]
-Status: Open +Status: Not a bug
 [2017-12-28 09:10 UTC]
the zip extension rely (by default) on system libzip (all version >= 0.11 are supported).

The bundled version is indeed outdated and SHOULD not be used (the --without-libzip option is there only for some travis issues)

As for all libraries (openssl, libicu, libsodium, etc) using a bundled library doesn't make sense, and thus bundled library MUST be an exception (e.g. timelib)

So, not a bug.
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Mon Jul 06 22:01:03 2020 UTC