Bug#859114: marked as done (unblock: phpmyadmin/4:4.6.6-2)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Thu, 30 Mar 2017 18:49:00 +0000
with message-id <ad03ced6-e556-e18a-c749-9c6c5fb304b4@thykier.net>
and subject line Re: Bug#859114: unblock: phpmyadmin/4:4.6.6-2
has caused the Debian Bug report #859114,
regarding unblock: phpmyadmin/4:4.6.6-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
859114: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859114
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: phpmyadmin/4:4.6.6-2
• From: Michal Čihař <nijel@debian.org>
• Date: Thu, 30 Mar 2017 14:46:58 +0200
• Message-id: <[🔎] 149087801898.1000.5408593393735026922.reportbug@nutt.cihar.com>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Please unblock package phpmyadmin

There is one additional patch fixing PMASA-2017-8 (no CVE assigned yet).

The debdiff is attached.

unblock phpmyadmin/4:4.6.6-2

- -- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=cs_CZ.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEh+Zzr4P2w6DDRMjD9KoinU1YwkUFAljc/kIACgkQ9KoinU1Y
wkWRGg//QpgI6FySKh8koFvZ6vWWoW0NXfV2lzZBDF5oqMYtXNa8MGezGXGaTzX3
MO3hi5myaCzqFUAUfkfu3FIffBSxhlt0/a6hv+440TeG/vSMgwTf2NRkvygp8BYH
lSFCa0cJPeCLLynYG+alWktDeq77cOWwJ+l/szUxAWl+IeGR1e6M8kCJbYnbJx+z
fMT6wQRH0b/KQKf9zwAYaujH+NE/9bAUWkSq/6bBQ00jXareMS9vtszVCLJdY9Yu
ReIO4WdtCT6zRe0WSsVjn/Iv7UPKHioq6KQiyaYOqVQlLLMXW6SQXvRCb3DdITtj
cL9CrfpE9fZIEhGOFwSXICkpEOYcinM9NsTeLdiBiwllRd8iOrkROKq3ARKvEWkK
GM0HF+pxA91OWKjibFGj8LKHGSAf/KqmoVcAOu4khjFUXDUxG7V2TEoJtQKtB/YS
xpsft+NHbKeZp4/ULv3zfN6z7/q5EYpNA/B7MUqC2dmEqg8CwL2c86ERuWaxDkog
PrawD+vZQUtuZTmA4KpQ9lRt60FoiH7Y9QefTZh2Z2FtkD8ygrybRoDkHjCmTH1x
WSF0uFggHEAeJ89dLiniNOXTgX4oufl6vbPpTS2x88Y5gIYJd0CZUo6vp50QGQ7e
j6s4qsVTKJp3Ey6CUYdC/hllK/8hp4FeHDnz1if1c+opErRfjRs=
=3MnM
-----END PGP SIGNATURE-----

diff -Nru phpmyadmin-4.6.6/debian/changelog phpmyadmin-4.6.6/debian/changelog
--- phpmyadmin-4.6.6/debian/changelog	2017-01-24 09:14:39.000000000 +0100
+++ phpmyadmin-4.6.6/debian/changelog	2017-03-30 14:40:46.000000000 +0200
@@ -1,3 +1,10 @@
+phpmyadmin (4:4.6.6-2) unstable; urgency=high
+
+  * Apply upstream patch to fix not working
+    $cfg['Servers'][$i]['AllowNoPassword'] (PMASA-2017-8).
+
+ -- Michal Čihař <nijel@debian.org>  Thu, 30 Mar 2017 14:40:46 +0200
+
 phpmyadmin (4:4.6.6-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru phpmyadmin-4.6.6/debian/patches/series phpmyadmin-4.6.6/debian/patches/series
--- phpmyadmin-4.6.6/debian/patches/series	2017-01-24 09:14:39.000000000 +0100
+++ phpmyadmin-4.6.6/debian/patches/series	2017-03-30 14:38:48.000000000 +0200
@@ -1 +1,2 @@
+Truncate-only-long-passwords.patch
 debian.patch
diff -Nru phpmyadmin-4.6.6/debian/patches/Truncate-only-long-passwords.patch phpmyadmin-4.6.6/debian/patches/Truncate-only-long-passwords.patch
--- phpmyadmin-4.6.6/debian/patches/Truncate-only-long-passwords.patch	1970-01-01 01:00:00.000000000 +0100
+++ phpmyadmin-4.6.6/debian/patches/Truncate-only-long-passwords.patch	2017-03-30 14:39:02.000000000 +0200
@@ -0,0 +1,27 @@
+From 7232271a379396ca1d4b083af051262057003c41 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= <michal@cihar.com>
+Date: Mon, 27 Mar 2017 15:55:35 +0200
+Subject: [PATCH 1/1] Truncate only long passwords
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This avoids problems with certain PHP versions returning false when
+first parameter to substr is ''.
+
+Signed-off-by: Michal Čihař <michal@cihar.com>
+---
+ libraries/common.inc.php | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/libraries/common.inc.php
++++ b/libraries/common.inc.php
+@@ -739,7 +739,7 @@
+                 . ' ' . $cfg['Server']['auth_type']
+             );
+         }
+-        if (isset($_REQUEST['pma_password'])) {
++        if (isset($_REQUEST['pma_password']) && strlen($_REQUEST['pma_password']) > 256) {
+             $_REQUEST['pma_password'] = substr($_REQUEST['pma_password'], 0, 256);
+         }
+         $fqnAuthClass = 'PMA\libraries\plugins\auth\\' . $auth_class;

--- End Message ---

--- Begin Message ---

• To: Michal Čihař <nijel@debian.org>, 859114-done@bugs.debian.org
• Subject: Re: Bug#859114: unblock: phpmyadmin/4:4.6.6-2
• From: Niels Thykier <niels@thykier.net>
• Date: Thu, 30 Mar 2017 18:49:00 +0000
• Message-id: <ad03ced6-e556-e18a-c749-9c6c5fb304b4@thykier.net>
• In-reply-to: <[🔎] 149087801898.1000.5408593393735026922.reportbug@nutt.cihar.com>
• References: <[🔎] 149087801898.1000.5408593393735026922.reportbug@nutt.cihar.com>

Michal Čihař:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package phpmyadmin
> 
> There is one additional patch fixing PMASA-2017-8 (no CVE assigned yet).
> 
> The debdiff is attached.
> 
> unblock phpmyadmin/4:4.6.6-2
> 
> [...]

Unblocked, thanks.

~Niels

--- End Message ---