[php-maint] Bug#613815: php5: Using openssl_encrypt with an algorithm that doesn't need an IV produces a spurious warning
Chris Butler
chrisb at debian.org
Thu Feb 17 13:01:09 UTC 2011
Package: php5
Version: 5.3.3-7
Severity: minor
Tags: patch fixed-upstream
If using openssl_encrypt with an algorithm which doesn't require an
initialisation vector (e.g. ), PHP outputs a spurious warning about a blank
IV being insecure.
This was fixed in r304179 upstream, unfortunately after v5.3.3 was released:
http://svn.php.net/viewvc/php/php-src/trunk/ext/openssl/openssl.c?r1=303414&r2=304179
The fix is pretty trivial however, and applies cleanly to 5.3.3-7 source.
May be a bit of a long shot, but if it's at all possible to get this fixed
in squeeze (along with an update for something more important, perhaps) it
would sure make my life easier!
Feel free to close / mark as wontfix… it's obviously possible to supress the
message with @ (although you then risk supressing a more important error).
-- System Information:
Debian Release: 6.0
APT prefers proposed-updates
APT policy: (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-openvz-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libapache2-mod-php5 depends on:
ii apache2-mpm-prefork 2.2.16-6 Apache HTTP Server - traditional n
ii apache2.2-common 2.2.16-6 Apache HTTP Server common files
ii libbz2-1.0 1.0.5-6 high-quality block-sorting file co
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libcomerr2 1.41.12-2 common error description library
ii libdb4.8 4.8.30-2 Berkeley v4.8 Database Libraries [
ii libgssapi-krb5-2 1.8.3+dfsg-4 MIT Kerberos runtime libraries - k
ii libk5crypto3 1.8.3+dfsg-4 MIT Kerberos runtime libraries - C
ii libkrb5-3 1.8.3+dfsg-4 MIT Kerberos runtime libraries
ii libmagic1 5.04-5 File type determination library us
ii libonig2 5.9.1-1 Oniguruma regular expressions libr
ii libpcre3 8.02-1.1 Perl 5 Compatible Regular Expressi
ii libqdbm14 1.8.77-4 QDBM Database Libraries [runtime]
ii libssl0.9.8 0.9.8o-4squeeze1 SSL shared libraries
ii libxml2 2.7.8.dfsg-2 GNOME XML library
ii mime-support 3.48-1 MIME files 'mime.types' & 'mailcap
ii php5-common 5.3.3-7 Common files for packages built fr
ii tzdata 2010o-1 time zone and daylight-saving time
ii ucf 3.0025+nmu1 Update Configuration File: preserv
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
Versions of packages libapache2-mod-php5 recommends:
ii php5-cli 5.3.3-7 command-line interpreter for the p
Versions of packages libapache2-mod-php5 suggests:
ii php-pear 5.3.3-7 PEAR - PHP Extension and Applicati
-- no debconf information
--
Chris Butler <chrisb at debian.org>
GnuPG Key ID: 4096R/49E3ACD3
More information about the pkg-php-maint
mailing list