[ 
https://issues.apache.org/jira/browse/COMPRESS-444?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16369723#comment-16369723
 ] 

Paul Hebble edited comment on COMPRESS-444 at 2/20/18 5:10 AM:
---------------------------------------------------------------

Thanks! That would explain why I couldn't find the problem from auditing the 
current code.

Could I trouble you to elaborate slightly, which version exactly has the fix? I 
would like to check the dependencies of the packages involved to verify that an 
older version was used to generate the problem ZIPs.

EDIT: Nevermind, I see there's a field for this, which says 1.16. That should 
work for my purposes. Thanks again!


was (Author: hebarusan):
Thanks! That would explain why I couldn't find the problem from auditing the 
current code.

Could I trouble you to elaborate slightly, which version exactly has the fix? I 
would like to check the dependencies of the packages involved to verify that an 
older version was used to generate the problem ZIPs.

> Version to extract incorrect in Local File Header
> -------------------------------------------------
>
>                 Key: COMPRESS-444
>                 URL: https://issues.apache.org/jira/browse/COMPRESS-444
>             Project: Commons Compress
>          Issue Type: Bug
>          Components: Archivers
>            Reporter: Paul Hebble
>            Priority: Minor
>             Fix For: 1.16
>
>
> A friend is generating ZIP files with Maven Assembly Plugin, which uses 
> Plexus Archiver, which uses Commons Compress. One of his files tripped a 
> validation check in SharpZipLib, see 
> [https://github.com/KSP-CKAN/CKAN/issues/2285].
> Here's a link to the ZIP:
> [https://github.com/rleroy/CivilianPopulation/releases/download/2.0.12/ksp-civilian-population-mod-2.0.12.zip]
> The LFH in question starts:
> {{00000400 74 69 6c 69 74 79 2f 50 4b 03 04 *0a 00* 08 08 *08* 
> |tility/PK.......|}}
> Note the *highlighted* bytes. The *0a 00* means that the version to extract 
> is PKZip 1.0. The *08* means that the compression method is DEFLATED. These 
> values are not compatible; by Commons Compress's own code logic, DEFLATED 
> should require version 2.0, which would appear in the LFH as *14 00*. 
> Notably, the CFH for this same file _does_ have version 2.0:
> {{00e0e5f0 73 2f 55 74 69 6c 69 74 79 2f 50 4b 01 02 14 03 
> |s/Utility/PK....|}}
>  {{00e0e600 *14* *00* 08 08 08 00 ab b8 30 4c 43 fa a3 ea 50 00 
> |........0LC...P.|}}
> {{         ^^ ^^}}
> I have not yet been able to identify the cause of this issue.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to