Your message dated Sat, 14 Feb 2015 10:49:58 +0100
with message-id <[email protected]>
and subject line Re: Bug#777176: pre-approval: unblock: phpldapadmin/1.2.2-5.2
has caused the Debian Bug report #777176,
regarding pre-approval: unblock: phpldapadmin/1.2.2-5.2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
777176: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777176
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
Hi,
phpldapadmin has bug #761637, which I think is RC for phpldapadmin. The short
version is: phpldapadmin is a frontend to manage ldap directories. As a
regression from stable, the version in testing crashes if an entry in the
managed ldap directory contains a password field. As it is /very/ common to
have password fields in ldap entries, this renders the package unusable for a
large portion of the user base.
Fortunately, the fix for this is small, as the issue is already partly fixed by
version 1.2.2-5.1 which is already in testing. It was missing:
* A single line change in the code.
* An update of the config file
* A NEWS entry to explain users how to update their config.
I have prepared a package containing the fix, which can provisionally be found
at https://mentors.debian.net/package/phpldapadmin . The meat of the debdiff is:
diff -Nru phpldapadmin-1.2.2/debian/changelog
phpldapadmin-1.2.2/debian/changelog
--- phpldapadmin-1.2.2/debian/changelog 2014-05-02 04:30:44.000000000 +0200
+++ phpldapadmin-1.2.2/debian/changelog 2015-02-05 01:02:16.000000000 +0100
@@ -1,3 +1,11 @@
+phpldapadmin (1.2.2-5.2) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Update the php 5.5 compatibility patch for the password_hash_custom
+ setting (Closes: #761637).
+
+ -- Mika Pflüger <[email protected]> Thu, 05 Feb 2015 00:41:07 +0100
+
phpldapadmin (1.2.2-5.1) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru phpldapadmin-1.2.2/debian/patches/php-5.5-compat.patch
phpldapadmin-1.2.2/debian/patches/php-5.5-compat.patch
--- phpldapadmin-1.2.2/debian/patches/php-5.5-compat.patch 2014-05-02
04:28:13.000000000 +0200
+++ phpldapadmin-1.2.2/debian/patches/php-5.5-compat.patch 2015-02-05
01:13:38.000000000 +0100
+Index: phpldapadmin-1.2.2/config/config.php.example
+===================================================================
+--- phpldapadmin-1.2.2.orig/config/config.php.example
++++ phpldapadmin-1.2.2/config/config.php.example
+@@ -379,7 +379,7 @@ $servers->setValue('server','name','My L
+
+ /* Default password hashing algorithm. One of md5, ssha, sha, md5crpyt, smd5,
+ blowfish, crypt or leave blank for now default algorithm. */
+-// $servers->setValue('appearance','password_hash','md5');
++// $servers->setValue('appearance','password_hash_custom','md5');
+
+ /* If you specified 'cookie' or 'session' as the auth_type above, you can
+ optionally specify here an attribute to use when logging in. If you enter
+@@ -546,7 +546,7 @@ $servers->setValue('sasl','authz_id_rege
+ $servers->setValue('sasl','authz_id_replacement','$1');
+ $servers->setValue('sasl','props',null);
+
+-$servers->setValue('appearance','password_hash','md5');
++$servers->setValue('appearance','password_hash_custom','md5');
+ $servers->setValue('login','attr','dn');
+ $servers->setValue('login','fallback_dn',false);
+ $servers->setValue('login','class',null);
+Index: phpldapadmin-1.2.2/lib/TemplateRender.php
+===================================================================
+--- phpldapadmin-1.2.2.orig/lib/TemplateRender.php
++++ phpldapadmin-1.2.2/lib/TemplateRender.php
+@@ -2466,7 +2466,7 @@ function deleteAttribute(attrName,friend
+ if ($val = $attribute->getValue($i))
+ $default = get_enc_type($val);
+ else
+- $default =
$this->getServer()->getValue('appearance','password_hash');
++ $default =
$this->getServer()->getValue('appearance','password_hash_custom');
+
+ if (! $attribute->getPostValue())
+ printf('<input type="hidden" name="post_value[%s][]"
value="%s" />',$attribute->getName(),$i);
(the version currently at mentors has a slightly larger debdiff due to quilt
refresh'ing of the php-5.5-compat.patch, but with no further real changes).
If you pre-approve the unblock request, I will write a NEWS entry, seek a
sponsor and come back to you. I am using a fixed version at a reasonably busy
site for two weeks now.
One thing to note is that the version currently in testing deviates from the
upstream solution, possibly because it predates it. The setting which collides
with a php-internal function name ('password_hash' in debian stable) was
[incompletely, hence this bug] changed to 'password_hash_custom' in debian, but
to 'pla_password_hash' in the 1.2.3 upstream version. That is clearly a
suboptimal situation, as this will confuse users and will come back to bite us
later. However, I guess changing 'password_hash_custom' to 'pla_password_hash'
is a bit intrusive at this stage of the release cycle. If you disagree, I can
also prepare a patch which aligns with upstream's choice of bike shed colour.
Cheers,
Mika
unblock phpldapadmin/1.2.2-5.2
-- System Information:
Debian Release: 8.0
APT prefers testing
APT policy: (650, 'testing'), (450, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
Hi,
On Fri, Feb 06, 2015 at 10:16:54PM +0100, Niels Thykier wrote:
> I am inclined to agree that this is regression compared to Wheezy should
> be an RC bug. Please go ahead with the proposed patch for Jessie. It
> would make sense for Stretch to have the upstream version of the fix.
The fix was uploaded. Unblocked.
Cheers,
Ivo
--- End Message ---
