php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #80648 Fix for bug #79296 should be based on runtime libzip version
Submitted: 2021-01-19 20:41 UTC Modified: 2021-01-20 13:23 UTC
From: arnoutboks at gmail dot com Assigned: cmb (profile)
Status: Closed Package: Zip Related
PHP Version: 7.4.14 OS: Linux
Private report: No CVE-ID: None
 [2021-01-19 20:41 UTC] arnoutboks at gmail dot com
Description:
------------
In https://github.com/php/php-src/pull/5281, a fix/BC workaround for bug #79296 was added. This fix checks compile-time if an affected version of libzip (>= 1.6) is used and uses that to determine if the BC workaround is necessary.

However, if PHP is compiled with e.g. libzip 1.5.1 but dynamically linked to e.g. libzip 1.7.3 at runtime, the BC workaround is not applied and bug #79296 still occurs. This happens e.g. when using the PHP packages from deb.sury.org (see also https://github.com/oerdnj/deb.sury.org/issues/1521). 

It would probably be better to not do the libzip version check at compile-time based on the headers, but runtime based on zip_libzip_version().


Patches

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-01-20 13:23 UTC] cmb@php.net
-Assigned To: +Assigned To: cmb
 [2021-01-20 13:23 UTC] cmb@php.net
The following pull request has been associated:

Patch Name: Fix #80648: Fix for bug 79296 should be based on runtime version
On GitHub:  https://github.com/php/php-src/pull/6625
Patch:      https://github.com/php/php-src/pull/6625.patch
 [2021-01-20 15:26 UTC] cmb@php.net
Automatic comment on behalf of cmbecker69@gmx.de
Revision: http://git.php.net/?p=php-src.git;a=commit;h=6adfb8c9621578c7ebb84091695d6cdc65cc0634
Log: Fix #80648: Fix for bug 79296 should be based on runtime version
 [2021-01-20 15:26 UTC] cmb@php.net
-Status: Assigned +Status: Closed
 [2021-04-25 07:16 UTC] Rahulsainilavi95 at gmail dot com
The following pull request has been associated:

Patch Name:  Replace http:// to https://
On GitHub:  https://github.com/php/web-php/pull/287
Patch:      https://github.com/php/web-php/pull/287.patch
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 11:01:27 2024 UTC