php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #80351 Incorrect detection of zip_*_method_supported() availability in libzip
Submitted: 2020-11-12 08:46 UTC Modified: 2020-11-12 09:46 UTC
From: nvizovitin at plesk dot com Assigned: remi (profile)
Status: Assigned Package: Zip Related
PHP Version: 8.0.0RC3 OS: Any with older libzip
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2020-11-12 08:46 UTC] nvizovitin at plesk dot com
Description:
------------
HAVE_METHOD_SUPPORTED AC_DEFINE is set incorrectly during zip extension configuration for some libzip versions < 1.7.0, such as 1.3.2.

Detection of zip_compression_method_supported() and zip_encryption_method_supported() functions availability in libzip is incorrect. They are publicly available since libzip 1.7.0, however the first one was privately available before (at least in 1.3.2), so its detection via AC_CHECK_LIB was successful where it should not have been.

This results in runtime errors which happen on attempts to use ZipArchive::isEncryptionMethodSupported() or phpinfo().

See also:
* https://libzip.org/documentation/zip_compression_method_supported.html
* https://libzip.org/documentation/zip_encryption_method_supported.html

The issue was also reproduced on PHP 8.0.0RC4 (https://downloads.php.net/~carusogabriel/php-8.0.0RC4.tar.xz). We encountered this issue on CentOS 7 with non-system libzip build.

Test script:
---------------
php -r '$zip = new ZipArchive(); print($zip->isEncryptionMethodSupported(ZipArchive::EM_AES_256));'

OR

php -r 'phpinfo();'

Expected result:
----------------
Provided PHP was built against libzip < 1.7.0:

PHP Fatal error:  Uncaught Error: Call to undefined method ZipArchive::isEncryptionMethodSupported() in Command line code:1
Stack trace:
#0 {main}
  thrown in Command line code on line 1

AND

phpinfo() doesn't result in error

Actual result:
--------------
/opt/plesk/php/8.0/bin/php: symbol lookup error: /opt/plesk/php/8.0/lib64/php/modules/zip.so: undefined symbol: zip_encryption_method_supported

(in both cases)

Patches

libzip-fix-have-method-supported-detection.diff (last revision 2020-11-12 08:47 UTC by nvizovitin at plesk dot com)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-11-12 08:47 UTC] nvizovitin at plesk dot com
The following patch has been added/updated:

Patch Name: libzip-fix-have-method-supported-detection.diff
Revision:   1605170847
URL:        https://bugs.php.net/patch-display.php?bug=80351&patch=libzip-fix-have-method-supported-detection.diff&revision=1605170847
 [2020-11-12 09:46 UTC] cmb@php.net
-Assigned To: +Assigned To: remi
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sat Jan 16 03:01:24 2021 UTC