Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:21905
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
To: internals@lists.php.net,kip@bigpikture.com (Kip Krueger)
Date: Fri, 17 Feb 2006 21:12:52 +0100
Message-ID: <20060217211252.632e7e88@localhost.localdomain>
In-Reply-To: <5BBB8407-31C2-4C1F-A088-E84D42E69650@bigpikture.com>
References: <5BBB8407-31C2-4C1F-A088-E84D42E69650@bigpikture.com>
Reply-To: pierre.php@gmail.com
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Re: ZIP bug in PHP 5.1.2
From: pierre.php@gmail.com (Pierre)

On Fri, 17 Feb 2006 11:20:42 -0800
kip@bigpikture.com (Kip Krueger) wrote:

> 
> 
> We would like to install 5.1.2 to resolve a security problem however  
> we have discovered
> that doing so breaks the php_zip.dll facilities.
> 
> Here's a link to the bug report ...
> 
> http://pecl.php.net/bugs/bug.php?id=6569
> 
> Can you help us determine ...
> 
> 1.  Is the bug in the 5.1.2 dist or in php_zip.dll?

The bug is in the way the snaps are built. The CVS is used instead of
the released package. I'm working in the cvs for the next major release
(see below), in HEAD, and HEAD is used for 5.1 dll builds.

> 2.  Is there a known active plan to resolve this issue and what  
> timetable can we expect?

Within a month a complete new version will be released as alpha. This
new version introduces write support and a OO interface,. PHP 5.1+ only.

> 3.  Who the appropriate party is to address with this issue?

Actually me, I maintain now this package but still not listed in the
pecl maintainers.

Can you please send me the necessary information about your security
problem? I can release the old version with it shortly.


--Pierre