Bug#495542: RFS: libcas-php

To: 495542@bugs.debian.org, debian-mentors@lists.debian.org
Subject: Bug#495542: RFS: libcas-php
From: Raphael Geissert <atomo64+debian@gmail.com>
Date: Mon, 17 Nov 2008 15:20:55 -0600
Message-id: <[🔎] gfsn4b$a69$2@ger.gmane.org>
Reply-to: Raphael Geissert <atomo64+debian@gmail.com>, 495542@bugs.debian.org
References: <[🔎] 1226926953.17191.65.camel@hortense>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Olivier Berger wrote:
[...]
> 
> The corresponding ITP is found at
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542
> 
> Note that this package would allow the dependency of a number of
> packages such as moodle and glpi on that package instead of shipping a
> copy of phpCAS (http://packages.debian.org/sid/all/moodle/filelist and
> http://packages.debian.org/sid/all/glpi/filelist).

While you are at it, as your package also uses domxml-php4-php5.php why don't
you also package it? (it would be better if the code was finally ported instead
of using a wrapper, though).

debian/control:
> Depends: ${misc:Depends}, php5, php5-curl, php-db

Does it really need a web SAPI? or can it be used with php5-cli? in the latter
case add an ORed dependency on php5-cli in addition to php5.

debian/rules:
What about cleaning it up?

debian/copyright:
> Upstream Author:
> 
>          Pascal Aubry

What about also displaying his email address?

> License: (stated at : http://www.ja-sig.org/wiki/display/CASC/phpCAS)
what about docs/README?

>         - In case of jurisdiction dispute, the French law is authoritative.
let's see what ftpmasters say about this.

debian/dirs:
empty? delete it

debian/docs:
ditto

debian/README.Debian:
> This packaging needs testing as I'm not fully sure there ain't
> regressions introduced by this upgrade of the DOM parsing library.

Have you at lest tested the basic functionality of the library with the newer
version of domxml-php4-php5.php or are you blindly packaging stuff?

CAS.php:
> define("CAS_PGT_STORAGE_FILE_DEFAULT_PATH",'/tmp');
..
> define("CAS_PGT_STORAGE_FILE_FORMAT_PLAIN",'plain');

Doesn't look good at all.

CAS/client.php:
>                 if ( $this->isProxy() ) {
>                         // pass the callback url for CAS proxies
>                         $validate_url .= '&pgtUrl='.$this->getCallbackURL();
>                 }

Improper sanitation of getCallbackURL which uses data like REQUEST_URI; and
there's more about this, but I'm better going to test it and send the info to
bugtraq.

What about also shipping the api docs?

> 
> I would be glad if someone uploaded this package for me.
> 
> Kind regards
>  Olivier Berger

Cheers,
- -- 
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkh4DgACgkQYy49rUbZzlpidACdHdyy2K2FNo2334O5aYeJBE3N
UuMAnitV2FwS6aXckmPYlucnoaLBivPm
=bYUb
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Bug#495542: RFS: libcas-php
  - From: Olivier Berger <olivier.berger@it-sudparis.eu>

References:
- Bug#495542: RFS: libcas-php
  - From: Olivier Berger <olivier.berger@it-sudparis.eu>

Prev by Date: Processed: apparmor
Next by Date: Processed: WNPP bugs maintenance
Previous by thread: Bug#495542: RFS: libcas-php
Next by thread: Bug#495542: RFS: libcas-php
Index(es):
- Date
- Thread