You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am reintroducing SSZipArchive in my project as the path traversal related vulnerabilities are been fixed in 2.5.5. I am generating MS Word docx file. 2.2.2 and before version work smooth but with 2.5.5, I think, the directory contents are not picked up and zipped as expected.
v2.3.0 works as expected. The problem starts from v2.4.0. Alas I cannot use v2.3.0 as it is marked vulnerable by Veracode. Only 2.5.4 and 2.5.5 are valid to use.
Steps to reproduce
Create zip using [SSZipArchive createZipFileAtPath:zipPath withContentsOfDirectory:sampleDataPath];
Zip gets generated
Rename the zip to docx
Open the docx in MS Word
We see document recovery prompt
Export the file to Android device and it still fails to open
Expected behavior
Similar to older versions, v2.5.5 should properly compress the contents of directory so can create perfect docx.
Works perfect on v2.2.2
Actual behavior
Creates a zip. Rename it to docx. MS Word opens in recovery mode.
I'm having the same problem with creating an Excel file. After many hours of research, I've found that the zip must be:
compression method: deflated
compression sub-type: superfast
extended local header: no
file security status: not encrypted
See: ECMA, Office Open XML, Part 2 Open Packaging Conventions, 5th edition, December 2021
The problem is that I can't figure out what options to use to obtain that result. Hopefully, someone can help.
I've tried a couple of older versions and so far find that a file created using version 2.3.0 works but not in 2.4.0. While there is still an extended local header Excel can read the file after changing zip to xlsx. Also, Numbers can also read the file without any error notification. I'm running the latest version of Xcode and IOS.
I am reintroducing SSZipArchive in my project as the path traversal related vulnerabilities are been fixed in 2.5.5. I am generating MS Word docx file. 2.2.2 and before version work smooth but with 2.5.5, I think, the directory contents are not picked up and zipped as expected.
v2.3.0 works as expected. The problem starts from v2.4.0. Alas I cannot use v2.3.0 as it is marked vulnerable by Veracode. Only 2.5.4 and 2.5.5 are valid to use.
Steps to reproduce
Expected behavior
Actual behavior
Creates a zip. Rename it to docx. MS Word opens in recovery mode.
Version of ZipArchive
SSZipArchive 2.5.5
Environmental information
docx.zip
The text was updated successfully, but these errors were encountered: