[php-maint] Bug#613815: php5: Using openssl_encrypt with an algorithm that doesn't need an IV produces a spurious warning

Chris Butler chrisb at debian.org
Thu Feb 17 13:01:09 UTC 2011 

Package: php5
Version: 5.3.3-7
Severity: minor
Tags: patch fixed-upstream

If using openssl_encrypt with an algorithm which doesn't require an
initialisation vector (e.g. ), PHP outputs a spurious warning about a blank
IV being insecure.

This was fixed in r304179 upstream, unfortunately after v5.3.3 was released:

http://svn.php.net/viewvc/php/php-src/trunk/ext/openssl/openssl.c?r1=303414&r2=304179

The fix is pretty trivial however, and applies cleanly to 5.3.3-7 source.
May be a bit of a long shot, but if it's at all possible to get this fixed
in squeeze (along with an update for something more important, perhaps) it
would sure make my life easier!

Feel free to close / mark as wontfix… it's obviously possible to supress the
message with @ (although you then risk supressing a more important error).

-- System Information:
Debian Release: 6.0
  APT prefers proposed-updates
  APT policy: (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-openvz-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libapache2-mod-php5 depends on:
ii  apache2-mpm-prefork     2.2.16-6         Apache HTTP Server - traditional n
ii  apache2.2-common        2.2.16-6         Apache HTTP Server common files
ii  libbz2-1.0              1.0.5-6          high-quality block-sorting file co
ii  libc6                   2.11.2-10        Embedded GNU C Library: Shared lib
ii  libcomerr2              1.41.12-2        common error description library
ii  libdb4.8                4.8.30-2         Berkeley v4.8 Database Libraries [
ii  libgssapi-krb5-2        1.8.3+dfsg-4     MIT Kerberos runtime libraries - k
ii  libk5crypto3            1.8.3+dfsg-4     MIT Kerberos runtime libraries - C
ii  libkrb5-3               1.8.3+dfsg-4     MIT Kerberos runtime libraries
ii  libmagic1               5.04-5           File type determination library us
ii  libonig2                5.9.1-1          Oniguruma regular expressions libr
ii  libpcre3                8.02-1.1         Perl 5 Compatible Regular Expressi
ii  libqdbm14               1.8.77-4         QDBM Database Libraries [runtime]
ii  libssl0.9.8             0.9.8o-4squeeze1 SSL shared libraries
ii  libxml2                 2.7.8.dfsg-2     GNOME XML library
ii  mime-support            3.48-1           MIME files 'mime.types' & 'mailcap
ii  php5-common             5.3.3-7          Common files for packages built fr
ii  tzdata                  2010o-1          time zone and daylight-saving time
ii  ucf                     3.0025+nmu1      Update Configuration File: preserv
ii  zlib1g                  1:1.2.3.4.dfsg-3 compression library - runtime

Versions of packages libapache2-mod-php5 recommends:
ii  php5-cli                      5.3.3-7    command-line interpreter for the p

Versions of packages libapache2-mod-php5 suggests:
ii  php-pear                      5.3.3-7    PEAR - PHP Extension and Applicati

-- no debconf information

-- 
Chris Butler <chrisb at debian.org>
  GnuPG Key ID: 4096R/49E3ACD3

More information about the pkg-php-maint mailing list