[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#777176: pre-approval: unblock: phpldapadmin/1.2.2-5.2

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Hi,

phpldapadmin has bug #761637, which I think is RC for phpldapadmin. The short version is: phpldapadmin is a frontend to manage ldap directories. As a regression from stable, the version in testing crashes if an entry in the managed ldap directory contains a password field. As it is /very/ common to have password fields in ldap entries, this renders the package unusable for a large portion of the user base.
Fortunately, the fix for this is small, as the issue is already partly fixed by version 1.2.2-5.1 which is already in testing. It was missing:
* A single line change in the code.
* An update of the config file
* A NEWS entry to explain users how to update their config.
I have prepared a package containing the fix, which can provisionally be found at https://mentors.debian.net/package/phpldapadmin . The meat of the debdiff is:

diff -Nru phpldapadmin-1.2.2/debian/changelog phpldapadmin-1.2.2/debian/changelog
--- phpldapadmin-1.2.2/debian/changelog	2014-05-02 04:30:44.000000000 +0200
+++ phpldapadmin-1.2.2/debian/changelog	2015-02-05 01:02:16.000000000 +0100
@@ -1,3 +1,11 @@
+phpldapadmin (1.2.2-5.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Update the php 5.5 compatibility patch for the password_hash_custom
+    setting (Closes: #761637).
+
+ -- Mika Pflüger <debian@mikapflueger.de>  Thu, 05 Feb 2015 00:41:07 +0100
+
 phpldapadmin (1.2.2-5.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru phpldapadmin-1.2.2/debian/patches/php-5.5-compat.patch phpldapadmin-1.2.2/debian/patches/php-5.5-compat.patch
--- phpldapadmin-1.2.2/debian/patches/php-5.5-compat.patch	2014-05-02 04:28:13.000000000 +0200
+++ phpldapadmin-1.2.2/debian/patches/php-5.5-compat.patch	2015-02-05 01:13:38.000000000 +0100
+Index: phpldapadmin-1.2.2/config/config.php.example
+===================================================================
+--- phpldapadmin-1.2.2.orig/config/config.php.example
++++ phpldapadmin-1.2.2/config/config.php.example
+@@ -379,7 +379,7 @@ $servers->setValue('server','name','My L
+ 
+ /* Default password hashing algorithm. One of md5, ssha, sha, md5crpyt, smd5,
+    blowfish, crypt or leave blank for now default algorithm. */
+-// $servers->setValue('appearance','password_hash','md5');
++// $servers->setValue('appearance','password_hash_custom','md5');
+ 
+ /* If you specified 'cookie' or 'session' as the auth_type above, you can
+    optionally specify here an attribute to use when logging in. If you enter
+@@ -546,7 +546,7 @@ $servers->setValue('sasl','authz_id_rege
+ $servers->setValue('sasl','authz_id_replacement','$1');
+ $servers->setValue('sasl','props',null);
+ 
+-$servers->setValue('appearance','password_hash','md5');
++$servers->setValue('appearance','password_hash_custom','md5');
+ $servers->setValue('login','attr','dn');
+ $servers->setValue('login','fallback_dn',false);
+ $servers->setValue('login','class',null);
+Index: phpldapadmin-1.2.2/lib/TemplateRender.php
+===================================================================
+--- phpldapadmin-1.2.2.orig/lib/TemplateRender.php
++++ phpldapadmin-1.2.2/lib/TemplateRender.php
+@@ -2466,7 +2466,7 @@ function deleteAttribute(attrName,friend
+ 		if ($val = $attribute->getValue($i))
+ 			$default = get_enc_type($val);
+ 		else
+-			$default = $this->getServer()->getValue('appearance','password_hash');
++			$default = $this->getServer()->getValue('appearance','password_hash_custom');
+ 
+ 		if (! $attribute->getPostValue())
+ 			printf('<input type="hidden" name="post_value[%s][]" value="%s" />',$attribute->getName(),$i);

(the version currently at mentors has a slightly larger debdiff due to quilt refresh'ing of the php-5.5-compat.patch, but with no further real changes).

If you pre-approve the unblock request, I will write a NEWS entry, seek a sponsor and come back to you. I am using a fixed version at a reasonably busy site for two weeks now.

One thing to note is that the version currently in testing deviates from the upstream solution, possibly because it predates it. The setting which collides with a php-internal function name ('password_hash' in debian stable) was [incompletely, hence this bug] changed to 'password_hash_custom' in debian, but to 'pla_password_hash' in the 1.2.3 upstream version. That is clearly a suboptimal situation, as this will confuse users and will come back to bite us later. However, I guess changing 'password_hash_custom' to 'pla_password_hash' is a bit intrusive at this stage of the release cycle. If you disagree, I can also prepare a patch which aligns with upstream's choice of bike shed colour.

Cheers,

Mika

unblock phpldapadmin/1.2.2-5.2

-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (650, 'testing'), (450, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Reply to: