Bug#859114: marked as done (unblock: phpmyadmin/4:4.6.6-2)

Debian Bug Tracking System Thu, 30 Mar 2017 11:54:32 -0700

Your message dated Thu, 30 Mar 2017 18:49:00 +0000
with message-id <[email protected]>
and subject line Re: Bug#859114: unblock: phpmyadmin/4:4.6.6-2
has caused the Debian Bug report #859114,
regarding unblock: phpmyadmin/4:4.6.6-2
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
859114: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859114
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Please unblock package phpmyadmin

There is one additional patch fixing PMASA-2017-8 (no CVE assigned yet).

The debdiff is attached.

unblock phpmyadmin/4:4.6.6-2

- -- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=cs_CZ.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEh+Zzr4P2w6DDRMjD9KoinU1YwkUFAljc/kIACgkQ9KoinU1Y
wkWRGg//QpgI6FySKh8koFvZ6vWWoW0NXfV2lzZBDF5oqMYtXNa8MGezGXGaTzX3
MO3hi5myaCzqFUAUfkfu3FIffBSxhlt0/a6hv+440TeG/vSMgwTf2NRkvygp8BYH
lSFCa0cJPeCLLynYG+alWktDeq77cOWwJ+l/szUxAWl+IeGR1e6M8kCJbYnbJx+z
fMT6wQRH0b/KQKf9zwAYaujH+NE/9bAUWkSq/6bBQ00jXareMS9vtszVCLJdY9Yu
ReIO4WdtCT6zRe0WSsVjn/Iv7UPKHioq6KQiyaYOqVQlLLMXW6SQXvRCb3DdITtj
cL9CrfpE9fZIEhGOFwSXICkpEOYcinM9NsTeLdiBiwllRd8iOrkROKq3ARKvEWkK
GM0HF+pxA91OWKjibFGj8LKHGSAf/KqmoVcAOu4khjFUXDUxG7V2TEoJtQKtB/YS
xpsft+NHbKeZp4/ULv3zfN6z7/q5EYpNA/B7MUqC2dmEqg8CwL2c86ERuWaxDkog
PrawD+vZQUtuZTmA4KpQ9lRt60FoiH7Y9QefTZh2Z2FtkD8ygrybRoDkHjCmTH1x
WSF0uFggHEAeJ89dLiniNOXTgX4oufl6vbPpTS2x88Y5gIYJd0CZUo6vp50QGQ7e
j6s4qsVTKJp3Ey6CUYdC/hllK/8hp4FeHDnz1if1c+opErRfjRs=
=3MnM
-----END PGP SIGNATURE-----

diff -Nru phpmyadmin-4.6.6/debian/changelog phpmyadmin-4.6.6/debian/changelog
--- phpmyadmin-4.6.6/debian/changelog   2017-01-24 09:14:39.000000000 +0100
+++ phpmyadmin-4.6.6/debian/changelog   2017-03-30 14:40:46.000000000 +0200
@@ -1,3 +1,10 @@
+phpmyadmin (4:4.6.6-2) unstable; urgency=high
+
+  * Apply upstream patch to fix not working
+    $cfg['Servers'][$i]['AllowNoPassword'] (PMASA-2017-8).
+
+ -- Michal Čihař <[email protected]>  Thu, 30 Mar 2017 14:40:46 +0200
+
 phpmyadmin (4:4.6.6-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru phpmyadmin-4.6.6/debian/patches/series 
phpmyadmin-4.6.6/debian/patches/series
--- phpmyadmin-4.6.6/debian/patches/series      2017-01-24 09:14:39.000000000 
+0100
+++ phpmyadmin-4.6.6/debian/patches/series      2017-03-30 14:38:48.000000000 
+0200
@@ -1 +1,2 @@
+Truncate-only-long-passwords.patch
 debian.patch
diff -Nru phpmyadmin-4.6.6/debian/patches/Truncate-only-long-passwords.patch 
phpmyadmin-4.6.6/debian/patches/Truncate-only-long-passwords.patch
--- phpmyadmin-4.6.6/debian/patches/Truncate-only-long-passwords.patch  
1970-01-01 01:00:00.000000000 +0100
+++ phpmyadmin-4.6.6/debian/patches/Truncate-only-long-passwords.patch  
2017-03-30 14:39:02.000000000 +0200
@@ -0,0 +1,27 @@
+From 7232271a379396ca1d4b083af051262057003c41 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= <[email protected]>
+Date: Mon, 27 Mar 2017 15:55:35 +0200
+Subject: [PATCH 1/1] Truncate only long passwords
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This avoids problems with certain PHP versions returning false when
+first parameter to substr is ''.
+
+Signed-off-by: Michal Čihař <[email protected]>
+---
+ libraries/common.inc.php | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/libraries/common.inc.php
++++ b/libraries/common.inc.php
+@@ -739,7 +739,7 @@
+                 . ' ' . $cfg['Server']['auth_type']
+             );
+         }
+-        if (isset($_REQUEST['pma_password'])) {
++        if (isset($_REQUEST['pma_password']) && 
strlen($_REQUEST['pma_password']) > 256) {
+             $_REQUEST['pma_password'] = substr($_REQUEST['pma_password'], 0, 
256);
+         }
+         $fqnAuthClass = 'PMA\libraries\plugins\auth\\' . $auth_class;

--- End Message ---

--- Begin Message ---

Michal Čihař:
> Package: release.debian.org
> Severity: normal
> User: [email protected]
> Usertags: unblock
> 
> Please unblock package phpmyadmin
> 
> There is one additional patch fixing PMASA-2017-8 (no CVE assigned yet).
> 
> The debdiff is attached.
> 
> unblock phpmyadmin/4:4.6.6-2
> 
> [...]

Unblocked, thanks.

~Niels

--- End Message ---

Bug#859114: marked as done (unblock: phpmyadmin/4:4.6.6-2)

Reply via email to