Are the podspec compiler flags mandatory for versions before 6.1.0.?

[kptp]

I am having issues building this library on XCode 16. I noticed that in the latest version the compiler_flag GCC_PREPROCESSOR_DEFINITIONS has been removed from the Podspec. This fixes the issue I am having. However, I cannot update this library to the latest version as it requires iOS 15.5 and I have many users who are using an older iOS versions. (The vulnerability that requires iOS 15.5 update should not affect my app as I only use this library for unzipping)

I was wondering if the compiler_flags in the Podspec are actually required for version 6.0.9 of this library, or can they be removed? I can remove them with an npm patch or a pod post install script, which seem to work.

Env:

• Device: iPhone, iPad
• OS: iOS
• OS Version: < 15.5
• Package Version: 6.0.9

[plrthink]

Interesting, the compiler flag was introduced since using cocoapods to manage iOS deps, and I never thought what it could if removing that.

So, it maybe useless since the ziparchive(the underlying module) already has that.

[plrthink]

Anyway, thanks for reporting this, and I think we should release a patch on the v6 for anyone can't upgrade the deployment to iOS 15 and above.

[Pingou]

Hi @plrthink any timeline on when the patch will be out? Thank you.

[plrthink]

Yeah, in a few days, need some testing before that.

On Wed, Sep 25, 2024 at 4:36 PM Pingou @.***> wrote:

Hi @plrthink https://github.com/plrthink any timeline on when the patch will be out? Thank you.

— Reply to this email directly, view it on GitHub https://github.com/mockingbot/react-native-zip-archive/issues/317#issuecomment-2373429748, or unsubscribe https://github.com/notifications/unsubscribe-auth/AASRDOO3LYZR63DTGOBBIU3ZYJYZFAVCNFSM6AAAAABOPFIEACVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGNZTGQZDSNZUHA . You are receiving this because you were mentioned.Message ID: @.***>

-- Perry Poon

[plrthink]

@Pingou I recap the recent changes and I think you should do the update if you're dispatching your app by App Store. Otherwise, even if I make the patch for the compiler flags issue, you still release new changes to the end users.

Here is the full story:

Due to recent Apple Store privacy requirements, third-party SDKs and libraries must now declare the reasons for accessing certain APIs, including those used by underlying libraries like minizip.

To comply with these new guidelines, we’ve updated SSZipArchive to version 2.5.5, which implements the necessary changes.

However, this update represents a significant jump from 2.2.0 to 2.5.5, including version 2.5.0, which introduces a breaking change: it now requires a minimum iOS deployment target of iOS 15.5+. This has become a blocker for developers who still need to support older iOS versions.

The reason for this breaking change is that SSZipArchive 2.5.0 addresses a potential security vulnerability in the zipping process, making the update essential for maintaining security.

---

As you can see, we need the code changes in SSZipArchive 2.5.5 to make the App Store privacy happy, which forces iOS deployment to be 15.5 at least.

[Pingou]

@plrthink Thank you for the details. Personally I just removed the flag from the podspec as I need to support ios 13, I haven't released yet, not sure if that will pass when uploading to the App Store. "third-party SDKs and libraries must now declare the reasons for accessing certain APIs, including those used by underlying libraries like minizip." That seems a bit odd to me, the app should be able to declare them, right? If that is the case could there be another version that just removes the flag and mentions in the documentation those needed declarations? It is a bit unclear for me if you're saying that it is the security vulnerability changes that requires 15.5 or just the App Store privacy. Personally I am not impacted by the security issues as I control the zip.

[plrthink]

"third-party SDKs and libraries must now declare the reasons for accessing certain APIs, including those used by underlying libraries like minizip." That seems a bit odd to me, the app should be able to declare them, right?

You can't add the privacy manifest on your own, it should be done by the library itself if I understand correctly.

If that is the case could there be another version that just removes the flag and mentions in the documentation those needed declarations?

My point is, that I have to upgrade the SSZipArchive to make the app satisfy the App Store requirement, which requires the minimum deployment target of 15.5.

Removing the flag itself can't help with the App Store requirement.

[plrthink]

Oh, I think I'm wrong, the app developer could make the privacy manifest on their own. And here is content: https://github.com/ZipArchive/ZipArchive/blob/main/SSZipArchive/Supporting%20Files/PrivacyInfo.xcprivacy.

But for maintenance reasons, I would not make the patch version for this since I would only fix bugs for the latest one.

So you can stick with your forked repo until you can upgrade to the v7+.