ZIP bug in PHP 5.1.2

19 years ago by Kip Krueger — view source

unread

We would like to install 5.1.2 to resolve a security problem however
we have discovered
that doing so breaks the php_zip.dll facilities.

Here's a link to the bug report ...

http://pecl.php.net/bugs/bug.php?id=6569

Can you help us determine ...

Is the bug in the 5.1.2 dist or in php_zip.dll?
Is there a known active plan to resolve this issue and what
timetable can we expect?
Who the appropriate party is to address with this issue?

Thank you

Kip

//

hey,

this is a problem with the win32 distribution, not the zip extension
itself. i'm not the contact person for this/not involved enough with
php dev anymore to refer you to someone who could answer your
question.

i suggest you contact internals@lists.php.net with your question.

-sterling

Sterling,

I am writing to you regarding this bug ...

http://pecl.php.net/bugs/bug.php?id=6569

We would like to install PHP 5.1.2 to resolve a security problem.

I am writing you to see if there is a plan to resolve the ZIP DLL
bug?
Additionally we'd like to know if there is a timetable so we can make
our business decision regarding the 5.1.2 install.

Thanks for your time.

Kip

19 years ago by Pierre — view source

unread

On Fri, 17 Feb 2006 11:20:42 -0800
kip@bigpikture.com (Kip Krueger) wrote:

We would like to install 5.1.2 to resolve a security problem however
we have discovered
that doing so breaks the php_zip.dll facilities.

Here's a link to the bug report ...

http://pecl.php.net/bugs/bug.php?id=6569

Can you help us determine ...

Is the bug in the 5.1.2 dist or in php_zip.dll?

The bug is in the way the snaps are built. The CVS is used instead of
the released package. I'm working in the cvs for the next major release
(see below), in HEAD, and HEAD is used for 5.1 dll builds.

Is there a known active plan to resolve this issue and what
timetable can we expect?

Within a month a complete new version will be released as alpha. This
new version introduces write support and a OO interface,. PHP 5.1+ only.

Who the appropriate party is to address with this issue?

Actually me, I maintain now this package but still not listed in the
pecl maintainers.

Can you please send me the necessary information about your security
problem? I can release the old version with it shortly.

--Pierre