SSZipArchive 2.5.5 fails to create zip which can be later converted to docx

[sumitmorey]

I am reintroducing SSZipArchive in my project as the path traversal related vulnerabilities are been fixed in 2.5.5. I am generating MS Word docx file. 2.2.2 and before version work smooth but with 2.5.5, I think, the directory contents are not picked up and zipped as expected.

v2.3.0 works as expected. The problem starts from v2.4.0. Alas I cannot use v2.3.0 as it is marked vulnerable by Veracode. Only 2.5.4 and 2.5.5 are valid to use.

Steps to reproduce

1. Create zip using [SSZipArchive createZipFileAtPath:zipPath withContentsOfDirectory:sampleDataPath];
2. Zip gets generated
3. Rename the zip to docx
4. Open the docx in MS Word
5. We see document recovery prompt
6. Export the file to Android device and it still fails to open

Expected behavior

1. Similar to older versions, v2.5.5 should properly compress the contents of directory so can create perfect docx.
2. Works perfect on v2.2.2

Actual behavior

Creates a zip. Rename it to docx. MS Word opens in recovery mode.

Version of ZipArchive

SSZipArchive 2.5.5

Environmental information

• Xcode 15.2
• iOS 16.6
• iPhone XR

docx.zip

[telcosolutions]

I'm having the same problem with creating an Excel file. After many hours of research, I've found that the zip must be:
compression method: deflated
compression sub-type: superfast
extended local header: no
file security status: not encrypted

See: ECMA, Office Open XML, Part 2 Open Packaging Conventions, 5th edition, December 2021

The problem is that I can't figure out what options to use to obtain that result. Hopefully, someone can help.

[telcosolutions]

I've tried a couple of older versions and so far find that a file created using version 2.3.0 works but not in 2.4.0. While there is still an extended local header Excel can read the file after changing zip to xlsx. Also, Numbers can also read the file without any error notification. I'm running the latest version of Xcode and IOS.