Bug#813095: marked as done (phpmyadmin: php-seclib dependency broken in 4.5.4-1)

Sat, 30 Jan 2016 07:58:11 -0800 

Your message dated Sat, 30 Jan 2016 15:53:58 +0000
with message-id <e1apxqy-0005sf...@franck.debian.org>
and subject line Bug#813095: fixed in phpmyadmin 4:4.5.4.1-1
has caused the Debian Bug report #813095,
regarding phpmyadmin: php-seclib dependency broken in 4.5.4-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
813095: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813095
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: phpmyadmin
Version: 4:4.5.4-1
Severity: grave
Justification: renders package unusable

Dear Maintainer,

phpMyAdmin as of version 4.5.4-1 uses php-seclib's Crypt\Random API (as per
CVE's listed in the package changelog).

Unfortunately, there are two problems with Crypt\Random working out of the
box for the package:

 * PHPSECLIB_INC_DIR is not included in the open_basedir directive in
/etc/phpymadmin/apache.conf configuration file

 * php-seclib present in sid at the moment is the 1.x version of the library
phpmyadmin uses the object-oriented version 2.x of the library, at the
moment present in experimental only (without marking in it correctly in
package dependencies)

Note that php-seclib 2.x from experimental uses /usr/share/php/phpseclib/
path and that should be set as PHPSECLIB_INC_DIR.

Fixing PHPSECLIB_INC_DIR in
/usr/share/phpmyadmin/libraries/vendor_config.php, open_basedir in
/etc/phpmyadmin/apache2.conf and installing php-seclib 2.0.1-1 from
experimental fixes the issue and makes phpmyadmin usable again.

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 4.3.0-1-686-pae (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages phpmyadmin depends on:
ii  dbconfig-common        2.0.2
ii  dbconfig-mysql         2.0.2
ii  debconf [debconf-2.0]  1.5.58
ii  libapache2-mod-php5    5.6.17+dfsg-3
ii  libjs-sphinxdoc        1.3.5-1
ii  perl                   5.22.1-4
ii  php-gettext            1.0.11-2
ii  php-seclib             2.0.1-1
ii  php5                   5.6.17+dfsg-3
ii  php5-common            5.6.17+dfsg-3
ii  php5-json              1.3.7-1
ii  php5-mysql             5.6.17+dfsg-3
ii  ucf                    3.0033

Versions of packages phpmyadmin recommends:
ii  apache2 [httpd]                          2.4.18-1
ii  mysql-client                             5.6.28-1
ii  mysql-client-5.6 [virtual-mysql-client]  5.6.28-1
ii  nginx-light [httpd]                      1.9.10-1
ii  php-tcpdf                                6.0.093+dfsg-1
ii  php5-gd                                  5.6.17+dfsg-3

Versions of packages phpmyadmin suggests:
ii  elinks [www-browser]                     0.12~pre6-11+b2
ii  mysql-server-5.6 [virtual-mysql-server]  5.6.28-1
ii  w3m [www-browser]                        0.5.3-26

-- Configuration Files:
/etc/phpmyadmin/apache.conf changed [not included]

-- debconf information excluded

--- End Message ---
--- Begin Message --- 
Source: phpmyadmin
Source-Version: 4:4.5.4.1-1

We believe that the bug you reported is fixed in the latest version of
phpmyadmin, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 813...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michal Čihař <ni...@debian.org> (supplier of updated phpmyadmin package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 30 Jan 2016 15:11:01 +0100
Source: phpmyadmin
Binary: phpmyadmin
Architecture: source all
Version: 4:4.5.4.1-1
Distribution: experimental
Urgency: medium
Maintainer: Thijs Kinkhorst <th...@debian.org>
Changed-By: Michal Čihař <ni...@debian.org>
Description:
 phpmyadmin - MySQL web administration tool
Closes: 813095
Changes:
 phpmyadmin (4:4.5.4.1-1) experimental; urgency=medium
 .
   * Upload to experimental due to php-seclib 2.0 being there.
   * New upstream release.
   * Use versioned dependency on phpseclib, we need at least 2.0.
   * Add phpseclib path to open_basedir settings (Closes: #813095).
Checksums-Sha1:
 84d941817d2dfa6938ce07efcfae5acdad2a92ad 1933 phpmyadmin_4.5.4.1-1.dsc
 2c06ba92afc2dba8688083480787822c50ece4df 5810548 phpmyadmin_4.5.4.1.orig.tar.xz
 72e496337bc6bc66c4344f26583c965643856e2b 76944 
phpmyadmin_4.5.4.1-1.debian.tar.xz
 216bab3faea4395865388204dae4deebf122c4e9 4015874 phpmyadmin_4.5.4.1-1_all.deb
Checksums-Sha256:
 9c773895d91f4d7b15259a3668c0bc1685f5a526037cb7f8b52c8af373c89b9c 1933 
phpmyadmin_4.5.4.1-1.dsc
 4f79a1e3687ed6976903b0fab6a29f960e657e4eb4c9e8a9b92bcf4f1d57194d 5810548 
phpmyadmin_4.5.4.1.orig.tar.xz
 8853e7f56387bc94cbd11ec876899a3e0a016bd73c976e7536e0b9c81e0901dd 76944 
phpmyadmin_4.5.4.1-1.debian.tar.xz
 4424a5d48f301075b506c8d48ef9632fe951594d93b789806ca3b67319790c8d 4015874 
phpmyadmin_4.5.4.1-1_all.deb
Files:
 a35fe421fb5018b5085ae1aef86f0fb9 1933 web extra phpmyadmin_4.5.4.1-1.dsc
 79091ddaee2cfec7f4639625a3a5332c 5810548 web extra 
phpmyadmin_4.5.4.1.orig.tar.xz
 6c94b7b61c427a1c80c5acdf0c624cf8 76944 web extra 
phpmyadmin_4.5.4.1-1.debian.tar.xz
 7921f6895a2ed5159f255ac9c94f2aad 4015874 web extra phpmyadmin_4.5.4.1-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWrMXrAAoJEJwnsxNCt1EdM3gQAK1i5VIIL/p9wCZ5D5LVYCMI
uYxj7nJCzOFDrf/oEM5Kgg8BcYZQuEH2dwQRZcec7Fewiimr5FTafaFiwTyd8bga
Fowb+6GTRd3GLzeGzCsWLrgulo9qnTjVx7TNVbD8OHmkMLgrr4DMWTmRfRUwQK1D
5mBhXkt1w1SlN9r4u1YJ8IJOuLyLi9D87qSigmYLl39/9tQWw+4PhJxDcHleS6/8
dj/GlOBUJFU52xketMnLE0kFHUOAb8wAYoenQzMxUbnVaXU1bGR5MKaIc4rM0qUb
xnLsSuztMZh4YeHM+cD/bvqtZrdqbAezZEWskda+W9wo/jJntnyCb5tP6c8OnGhF
nwAYBF30s6Mvlto8DzroNumToniybWs/dgLTT+QhAaZw3+J7qE7L2VDXYSp//FK4
morlpwWV4rRj30CaulcyrleYUduQz6wczTC28QnzMH9pWlGPURwIHDW2hAoYUJ2L
/3eChW5vicbu5To/n3g0R1UOtoIQ4XT80cXsaSiPolRe4NDdciQiFVEQnsIv6mlW
dWpvTkR6weAVGS12tVF8R7TOBGG1Ed4+zzUIui60CiLVwB5J0/TkkX6ar1sfqyS4
pWfwTjhvA64M/U/GwjM+ILTAXCblQacOFGwqiQRClzhBrMEpfuDbX1Yx6GfhbLV+
PnI/kZK30u2/JfN6O6Jr
=h1oI
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to