Bug#1021589: php-adldap2--ROM; unused, no reverse depends
Package: php-adldap2 Severity: normal This package had been uploaded for another php tool which does not use the library any more, and it has been deprecated anyway (s.a. #1019914). Please remove the package from unstable. Thanks
Bug#1020897: Acknowledgement (ITP:php-javiereguiluz-easyslugger -- A fast and easy to use slugger with full UTF-8 support.)
Package source can be found here: https://salsa.debian.org/php-team/pear/php-javiereguiluz-easyslugger/
Bug#1020897: ITP:php-javiereguiluz-easyslugger -- A fast and easy to use slugger with full UTF-8 support.
Package: wnpp * Package name: php-javiereguiluz-easyslugger Upstream Author : Javier Eguiluz * License : MIT Description : Easyslugger is a fast and easy to use slugger with full UTF-8 support. . EasySlugger is a fast PHP library to generate slugs, which allow to safely include any string as part of an URL. Slugs are commonly used for CMS, blogs and other content-related platforms.
Bug#1018036: Processed: retitle 1018036 to ITP: php-barryvdh-laravel-dompdf -- Laravel wrapper for Dompdf HTML to PDF Converter
Repo for php-barryvdh-laravel-dompdf can be found here: https://salsa.debian.org/php-team/pear/php-barryvdh-laravel-debugbar Hint: You need a more actual version of php-dompdf and some other dependent packages, s.a. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567928#45 --
Bug#1019886: Acknowledgement (ITP:php-orchestral-testbench-core -- help write tests for your Laravel package)
Package can be found here: https://salsa.debian.org/php-team/pear/php-orchestral-testbench-core/ Attention: For building the package you need php-laravel-framework >=8 s.a. https://salsa.debian.org/php-team/pear/php-laravel-framework/-/merge_requests --
Bug#1019914: Useless in Debian
Package: adldap2 Severity: serious [ Reported by a team member to see the package removed from testing ] adldap2 will be deprecated in favor of LdapRecord (https://github.com/DirectoryTree/LdapRecord), and I don't see a use case any more at the moment. No packages depend on it, so it can be removed from testing easily. Regards Katharina --
Bug#1019886: ITP:php-orchestral-testbench-core -- help write tests for your Laravel package
Package: wnpp * Package name: php-orchestral-testbench-core Upstream Author : Mior Muhammad Zaki * License : MIT Description : Testing Helper for Laravel Development Testbench Component is a simple package that has been designed to help you write tests for your Laravel package. Regards Katharina --
Bug#567928: newer version needed
For building a package from barryvdh/laravel-dompdf I need a more actual version of php-dompdf. It can be found here: https://salsa.debian.org/php-team/pear/php-dompdf Before it works there are other packages needed for upload: * more actual version of php-font-lib (https://salsa.debian.org/php-team/pear/php-font-lib) * php-svg-lib (https://salsa.debian.org/php-team/pear/php-svg-lib) * more actual version of php-horde-css-parser (Unfortunately it is not under php-team in salsa, but horde-team, so I made the changes in https://github.com/sunflowerbofh/PHP-CSS-Parser/tree/debian/8.4.0 -> emailed to the horde list, but no idea where it can be found and if someone is active on it) --
Bug#1018169: Acknowledgement (ITP:php-svg-lib -- SVG file parsing / rendering library)
The package has been built and is here: https://salsa.debian.org/php-team/pear/php-svg-lib/ But it will only work with a more actual version of php-horde-css-parser. This package is in the horde-team section where I can't push, so version 8.4.0 is here: https://github.com/sunflowerbofh/PHP-CSS-Parser/tree/debian/8.4.0
Bug#726456: Package rebuilt
When building a dompdf package I got an error for a missing autoload.php file from the package php-font-lib. That prompted me to rebuild the php-font-lib package and take the opportunity to update the version. It can be found here: https://salsa.debian.org/php-team/pear/php-font-lib It would be nice if someone reviewed and uploaded this version.
Bug#1018169: ITP:php-svg-lib -- SVG file parsing / rendering library
Package: wnpp * Package name: php-svg-lib Upstream Author : Fabien Ménager · * License : GPL-3+ Description : SVG sanitizer in PHP. The main purpose of this lib is to rasterize SVG to a surface which can be an image or a PDF for example, through a \Svg\Surface PHP interface. Regards Katharina --
Bug#1018036: ITP:php-fruitcake-laravel-dompdf -- Laravel wrapper for Dompdf HTML to PDF Converter
Package: wnpp * Package name: php-fruitcake-laravel-dompdf Upstream Author : Barry vd. Heuvel * License : MIT Description : Laravel wrapper for Dompdf HTML to PDF Converter You can create a new DOMPDF instance and load a HTML string, file or view name. You can save it to a file, or stream (show in browser) or download. Regards Katharina
Bug#1017400: Acknowledgement (ITP.php-barrydvh-laravel-debugbar -- PHP Debugbar integration for Laravel)
The package sources can be found here: https://salsa.debian.org/php-team/pear/php-barryvdh-laravel-debugbar Before uploading, php-maximebf-debugbar should exist first.
Bug#1005283: Acknowledgement (ITP:php-maximebf-debugbar - debug bar in the browser with information from php)
Package can be built and uploaded from here: https://salsa.debian.org/php-team/pear/php-maximebf-debugbar/
Bug#1009125: Acknowledgement (ITP:php-fruitcake-php-cors -- Cross-origin resource sharing library for the Symfony HttpFoundation)
Package can be built and uploaded from here: https://salsa.debian.org/php-team/pear/php-fruitcake-php-cors/ --
Bug#1017400: ITP.php-barrydvh-laravel-debugbar -- PHP Debugbar integration for Laravel
Package: wnpp * Package name :·php-barryvdh-laravel-debugbar Upstream Author :·Barry vd. Heuvel * License :·MIT Description : PHP Debugbar integration for Laravel Regards Katharina
Bug#1005342: Acknowledgement (ITP:php-fideloper-proxy - Set trusted proxies for Laravel)
Package is built (https://salsa.debian.org/php-team/pear/php-fideloper-proxy),
but can be uploaded only when laravel-framework has a more actual version*
("Depends: php-illuminate-session (>= 6.0) but it is not going to be
installed").
*
https://salsa.debian.org/php-team/pear/php-laravel-framework/-/merge_requests
Bug#1005330: Package built
Package can be reviewed/uploaded from here: https://salsa.debian.org/php-team/pear/php-svg-sanitize/ Unfortunately, it had to be renamed from php-svg-sanitizer to php-svg-sanitize (I hope the ITP works nevertheless, or should I open new one?). --
Bug#1005322: Acknowledgement (ITP:php-laravel-mail-auto-embed - Automatically parses your messages and embeds the images found into your mail)
The package is waiting for revision (and upload): https://salsa.debian.org/php-team/pear/php-laravel-mail-auto-embed/-/blob/debian/latest Spoiler: Upload only if php-illuminate (as part of laravel-framework) is available in version >=8 (-> https://salsa.debian.org/php-team/pear/php-laravel-framework/-/tree/debian/8.83.18) (otherwise the installation will fail with php-illuminate-mail : Depends: php-league-commonmark (< 2~~) but 2.3.5-1 is to be installed )
Bug#1005119: Package has been built - waiting for upload
The package has been built and reviewed: https://salsa.debian.org/php-team/pear/php-asm89-stack-cors/ It could be uploaded by whomever wants to. --
Bug#1015300: ITP:wp-cli -- Command-line interface for WordPress
Package: wnpp * Package name: wp-cli Upstream Author : Alain Schlesser * License : MIT Description : Set of command-line tools for managing WordPress installations --
Bug#1015298: ITP:wp-cli -- Wordpress LDAP authentication plugin
Package: wnpp * Package name: wp-cli Upstream Author : Andreas Heigl * License : MIT Description : Wordpress plugin for external LDAP authentication Regards Katharina --
Bug#1014492: guzzle: CVE-2022-31090 CVE-2022-31091
Hi David, I set pkg-php-p...@lists.alioth.debian.org as maintainer and corrected the upstream version in the gbp.conf (used as template the PHPGroup Wiki: https://wiki.debian.org/Teams/DebianPHPGroup/Composer#debian.2Fgbp.conf). I pushed now again, if there are any other changes to be done, please let me know. Regards Katharina On Saturday, 2022-07-16, 09:26:10 (GMT +0200), David Prévot wrote: > Hi Katharina, > > Le Thu, Jul 07, 2022 at 10:56:06AM +0200, Katharina Drexel a écrit : > […] > > thanks for the hints. I pushed a new version in the repo > > (https://salsa.debian.org/php-team/pear/php-guzzlehttp-guzzle). > > TBD: someone should upload it in the debian repo. > > You may wish to CC: pkg-php-p...@lists.alioth.debian.org for such > request, or even better, actually set the list as Maintainers so > everyone is made aware of the bug (before receiving hundreds of > autoremoval warnings). > > The current repository is a mess, can you properly set up gbp please? > > Regards > > David signature.asc Description: PGP signature
Bug#1014492: guzzle: CVE-2022-31090 CVE-2022-31091
Hi, thanks for the hints. I pushed a new version in the repo (https://salsa.debian.org/php-team/pear/php-guzzlehttp-guzzle). TBD: someone should upload it in the debian repo. Bye Katharina On Wednesday, 2022-07-06, 23:03:18 (GMT +0200), Moritz Mühlenhoff wrote: > Source: guzzle > X-Debbugs-CC: t...@security.debian.org > Severity: grave > Tags: security > > Hi, > > The following vulnerabilities were published for guzzle. > > CVE-2022-31090[0]: > | Guzzle, an extensible PHP HTTP client. `Authorization` headers on > | requests are sensitive information. In affected versions when using > | our Curl handler, it is possible to use the `CURLOPT_HTTPAUTH` option > | to specify an `Authorization` header. On making a request which > | responds with a redirect to a URI with a different origin (change in > | host, scheme or port), if we choose to follow it, we should remove the > | `CURLOPT_HTTPAUTH` option before continuing, stopping curl from > | appending the `Authorization` header to the new request. Affected > | Guzzle 7 users should upgrade to Guzzle 7.4.5 as soon as possible. > | Affected users using any earlier series of Guzzle should upgrade to > | Guzzle 6.5.8 or 7.4.5. Note that a partial fix was implemented in > | Guzzle 7.4.2, where a change in host would trigger removal of the > | curl-added Authorization header, however this earlier fix did not > | cover change in scheme or change in port. If you do not require or > | expect redirects to be followed, one should simply disable redirects > | all together. Alternatively, one can specify to use the Guzzle steam > | handler backend, rather than curl. > > https://github.com/guzzle/guzzle/security/advisories/GHSA-25mq-v84q-4j7r > https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82 > (7.4.5) > > CVE-2022-31091[1]: > | Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` > | headers on requests are sensitive information. In affected versions on > | making a request which responds with a redirect to a URI with a > | different port, if we choose to follow it, we should remove the > | `Authorization` and `Cookie` headers from the request, before > | containing. Previously, we would only consider a change in host or > | scheme. Affected Guzzle 7 users should upgrade to Guzzle 7.4.5 as soon > | as possible. Affected users using any earlier series of Guzzle should > | upgrade to Guzzle 6.5.8 or 7.4.5. Note that a partial fix was > | implemented in Guzzle 7.4.2, where a change in host would trigger > | removal of the curl-added Authorization header, however this earlier > | fix did not cover change in scheme or change in port. An alternative > | approach would be to use your own redirect middleware, rather than > | ours, if you are unable to upgrade. If you do not require or expect > | redirects to be followed, one should simply disable redirects all > | together. > > https://github.com/guzzle/guzzle/security/advisories/GHSA-q559-8m2m-g699 > https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82 > (7.4.5) > > > If you fix the vulnerabilities please also make sure to include the > CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2022-31090 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090 > [1] https://security-tracker.debian.org/tracker/CVE-2022-31091 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091 > > Please adjust the affected versions in the BTS as needed.
Bug#1014445: ITP:wordpress-plugin-authldap -- LDAP authentication-backend for wordpress
Package: wnpp Owner: katharina.dre...@bfh.ch * Package name: wordpress-plugin-authldap Upstream Author : Katharina Drexel * License : GPL-2+ Description : Use existing LDAP as authentication-backend for wordpress . Flexible, failsafe, independent, role-aware plugin for wordpress in order to authenticate users by means of the company LDAP instead of built-in wordpress authentication. Regards Katharina
Bug#1012821: guzzle: CVE-2022-31042 CVE-2022-31043
Hello Salvatore, thanks for the hint. I had already pushed 7.4.3 and now added 7.4.4 at https://salsa.debian.org/php-team/pear/php-guzzlehttp-guzzle but I can't upload. Someone else has to do that. Regards Katharina On Tuesday, 2022-06-14, 22:11:55 (GMT +0200), Salvatore Bonaccorso wrote: > Source: guzzle > Version: 7.4.1-1 > Severity: grave > Tags: security upstream > X-Debbugs-Cc: car...@debian.org, Debian Security Team > > > Hi, > > The following vulnerabilities were published for guzzle. > > CVE-2022-31042[0]: > | Guzzle is an open source PHP HTTP client. In affected versions the > | `Cookie` headers on requests are sensitive information. On making a > | request using the `https` scheme to a server which responds with a > | redirect to a URI with the `http` scheme, or on making a request to a > | server which responds with a redirect to a a URI to a different host, > | we should not forward the `Cookie` header on. Prior to this fix, only > | cookies that were managed by our cookie middleware would be safely > | removed, and any `Cookie` header manually added to the initial request > | would not be stripped. We now always strip it, and allow the cookie > | middleware to re-add any cookies that it deems should be there. > | Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as > | possible. Affected users using any earlier series of Guzzle should > | upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider > | an alternative approach to use your own redirect middleware, rather > | than ours. If you do not require or expect redirects to be followed, > | one should simply disable redirects all together. > > > CVE-2022-31043[1]: > | Guzzle is an open source PHP HTTP client. In affected versions > | `Authorization` headers on requests are sensitive information. On > | making a request using the `https` scheme to a server which responds > | with a redirect to a URI with the `http` scheme, we should not forward > | the `Authorization` header on. This is much the same as to how we > | don't forward on the header if the host changes. Prior to this fix, > | `https` to `http` downgrades did not result in the `Authorization` > | header being removed, only changes to the host. Affected Guzzle 7 > | users should upgrade to Guzzle 7.4.4 as soon as possible. Affected > | users using any earlier series of Guzzle should upgrade to Guzzle > | 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative > | approach which would be to use their own redirect middleware. > | Alternately users may simply disable redirects all together if > | redirects are not expected or required. > > > If you fix the vulnerabilities please also make sure to include the > CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2022-31042 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042 > https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9 > [1] https://security-tracker.debian.org/tracker/CVE-2022-31043 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043 > https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q > [2] > https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8 > > Regards, > Salvatore -- Berner Fachhochschule / Bern University of Applied Sciences IT-Services / Team Linux & Infrastructure Services Katharina Drexel IT System Engineer ___ Dammweg 3, CH-3013 Bern Telefon direkt +41 31 848 48 87 Telefon Servicedesk +41 31 848 48 48 katharina.dre...@bfh.ch https://bfh.ch https://bfh.science
Bug#1006360: [pkg-php-pear] Bug#1006360: Bug#1006360: Update symfony to latest version
Hi, as my latest email did not seem gone into here: I built php-symfony with a newer version (6.0.8), but before there is an amount of packages which have to be built/updated before. Below you see a little overview I made. There a a few TODOs which have to be done resulting from that: TODO: - Upload all freshly built php packages to debian/sid (feel free to review and correct before.) (I did not have time to move repos to salsa yet; if anybody is in a hurry about that, just move it into the php/pear space) - Bring packages marked as EXPERIMENTAL to sid in the actually built version - Update deprecated debian packages with the RENEWED ones (I can send merge requests if preferred) Dependency overview php-symfony === Build dependencies: More actual versions of components: |-php-symfony-string* (RENEWED) https://github.com/sunflowerbofh/string/tree/debian |-php-symfony-http-client* (RENEWED) https://github.com/sunflowerbofh/http-client/tree/debian |-php-symfony-http-client-contracts (part of php-symfony-contracts, s.b.) |-php-symfony-service-contracts (part of php-symfony-contracts, s.b.) |-php-psr-container (EXPERIMENTAL) https://salsa.debian.org/php-team/pear/php-psr-container |-php-symfony-contracts (EXPERIMENTAL) https://salsa.debian.org/php-team/pear/php-symfony-contracts |-php-psr-cache (EXPERIMENTAL) https://salsa.debian.org/php-team/pear/php-psr-cache/ |-php-cache-integration-tests (RENEWED) https://github.com/sunflowerbofh/integration-tests/tree/debian |-php-symfony-cache* (RENEWED) https://github.com/sunflowerbofh/cache/tree/debian (*=part of symfony package) php-symfony unittests: == (All new BUILT) |-php-amphp-amp https://github.com/sunflowerbofh/php-amphp-amp/tree/debian (already uploaded) |-php-amphp-http-client |-php-amphp-byte-stream https://github.com/sunflowerbofh/php-amphp-byte-stream/tree/debian |-php-amphp-hpack https://github.com/sunflowerbofh/php-amphp-hpack/tree/debian |-php-amphp-http https://github.com/sunflowerbofh/php-amphp-http/tree/debian |-php-amphp-socket https://github.com/sunflowerbofh/php-amphp-socket/tree/debian |-php-kelunik-certificate https://github.com/sunflowerbofh/certificate/tree/debian |-php-league-uri-parser https://github.com/sunflowerbofh/uri-parser/tree/debian |-php-amphp-dns https://github.com/sunflowerbofh/php-amphp-dns/tree/debian |-php-daverandom-libdns https://github.com/sunflowerbofh/LibDNS/tree/debian |-php-amphp-cache https://github.com/sunflowerbofh/php-amphp-cache/tree/debian |-php-amphp-serialization https://github.com/sunflowerbofh/php-amphp-serialization/tree/debian |-php-amphp-sync https://github.com/sunflowerbofh/php-amphp-sync/tree/debian |-php-amphp-parser https://github.com/sunflowerbofh/php-amphp-parser/tree/debian (php-amphp-windows-registry, dependency removed by patch) |-php-league-uri https://github.com/sunflowerbofh/uri/tree/debian |-php-league-uri-interfaces https://github.com/sunflowerbofh/uri-interfaces/tree/debian Thanks+Regards Katharina signature.asc Description: PGP signature
Bug#1011636: guzzle: [CVE-2022-29248] Cross-domain cookie leakage
Hello David, Thanks for the link. I uploaded a newer version to https://salsa.debian.org/php-team/pear/php-guzzlehttp-guzzle . Problably someone with the corresponding permissions should upload the package to the Debian archive. Regards Katharina > Guzzle 7.5.0 (and 7.4.3) has just been released fixing a > cross-domain cookie leakage. > > More information: > > https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3 signature.asc Description: PGP signature
Bug#1012445: ITP:php-league-uri-parser -- userland URI parser RFC 3986 compliant
Package: wnpp * Package name: php-league-uri-parser Upstream Author : Ignace Nyamagana Butera * License : MIT Description : The UriParser offers userland URI parser RFC 3986 compliant Regards Katharina
Bug#1012443: ITP:php-league-uri-interfaces -- Contains interface to represent URI objects according to RFC 3986
Package: wnpp * Package name: php-league-uri-interfaces Upstream Author : Ignace Nyamagana Butera * License : MIT Description : The UriInterface interface models generic URIs as specified in RFC 3986. Regards Katharina
Bug#1012442: ITP:php-league-uri -- Provides simple and intuitive classes to manage URIs in PHP
Package: wnpp * Package name: php-league-uri Upstream Author : Ignace Nyamagana Butera * License : MIT Description : The Uri package provides simple and intuitive classes to manage URIs in PHP. Regards Katharina
Bug#1006265: marked as done (ITP: php-laravel-serializable-closure -- easy and secure way to serialize closures in PHP)
Nice that the package is uploaded now. But why in the old version (1.0.5.)? I actually needed it in an actual version (>=1.1 -> that's why I built it here: https://github.com/sunflowerbofh/serializable-closure/tree/debian). On Monday, 2022-06-06, 16:24:05 (GMT +), Debian Bug Tracking System wrote: > Your message dated Mon, 6 Jun 2022 18:20:11 +0200 > with message-id > > and subject line > has caused the Debian Bug report #1006265, > regarding ITP: php-laravel-serializable-closure -- easy and secure way to > serialize closures in PHP > to be marked as done. > > This means that you claim that the problem has been dealt with. > If this is not the case it is now your responsibility to reopen the > Bug report if necessary, and/or fix the problem forthwith. > > (NB: If you are a system administrator and have no idea what this > message is talking about, this may indicate a serious mail system > misconfiguration somewhere. Please contact ow...@bugs.debian.org > immediately.) > > > -- > 1006265: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006265 > Debian Bug Tracking System > Contact ow...@bugs.debian.org with problems > Date: Tue, 22 Feb 2022 10:45:47 +0100 > From: Katharina Drexel > To: sub...@bugs.debian.org > Subject: ITP:php-laravel-serializable-closure - Easy and secure way to > serialize closures in PHP > > Package: wnpp > > * Package name: php-laravel-serializable-closure > Upstream Author : Taylor Otwell > * License : MIT > Description : Easy and secure way to serialize closures in PHP > Laravel Serializable Closure provides an easy and secure way to serialize > closures in PHP. > > Regards > Katharina > Date: Mon, 6 Jun 2022 18:20:11 +0200 > From: Robin Gustafsson > To: 1006265-d...@bugs.debian.org > Subject: > > This package is now in Debian.
Bug#1005967: closed by Robin Gustafsson ()
Why has it been built with an old version (1.5.6) ? I had opened the bug because I built a version >2.0* while building a more actual laravel framework which needs an actual portable-ascii version. * s. https://github.com/sunflowerbofh/portable-ascii/tree/debian On Monday, 2022-06-06, 16:24:03 (GMT +), Debian Bug Tracking System wrote: > This is an automatic notification regarding your Bug report > which was filed against the wnpp package: > > #1005967: ITP: php-voku-portable-ascii -- portable ASCII library - > performance optimized (ascii) string functions for php > > It has been closed by Robin Gustafsson . > > Their explanation is attached below along with your original report. > If this explanation is unsatisfactory and you have not received a > better one in a separate message then please contact Robin Gustafsson > by > replying to this email. > > > -- > 1005967: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005967 > Debian Bug Tracking System > Contact ow...@bugs.debian.org with problems > Date: Mon, 6 Jun 2022 18:20:29 +0200 > From: Robin Gustafsson > To: 1005967-d...@bugs.debian.org > Subject: > > This package is now in Debian. > Date: Fri, 18 Feb 2022 11:46:56 +0100 > From: Katharina Drexel > To: sub...@bugs.debian.org > Subject: ITP:php-voku-portable-ascii - Portable ASCII library - performance > optimized (ascii) string functions for php > > Package: wnpp > > * Package name: php-voku-portable-ascii > Upstream Author : Lars Moelleken > * License : MIT > Description : Performance optimized (ascii) string functions for php > It is written in PHP (PHP 7+) and can work without "mbstring", "iconv" or any > other extra encoding php-extension on your server. > . > The benefit of Portable ASCII is that it is easy to use, easy to bundle. > > Regards > Katharina
Bug#1012300: ITP:php-kelunik-certificate -- Access certificate details and transform between different formats
Package: wnpp * Package name: php-kelunik-certificate Upstream Author : Niklas Keller * License : MIT Description : Access certificate details and transform between different formats . Library to parse certificates and get information about validity a.o. Regards Katharina
Bug#1012296: ITP:php-kelunik-certificate -- Access certificate details and transform between different formats
Package: wnpp * Package name: php-kelunik-certificate Upstream Author : Niklas Keller * License : MIT Description : Access certificate details and transform between different formats . Library to parse certificates and get information about validity a.o. Regards Katharina
Bug#1012259: ITP:amphp-sync -- Mutex, Semaphore, and other synchronization tools for Amp
Package: wnpp * Package name: php-amphp-sync Upstream Author : Aaron Piotrowski
Bug#1012253: ITP:amphp-socket -- Async socket connection / server tools for Amp.
Package: wnpp * Package name: php-amphp-socket Upstream Author : Daniel Lowrey * License : MIT Description : amphp/socket is async socket connection / server tools for Amp . Amp is a non-blocking concurrency framework for PHP. It provides an event loop, promises and streams as a base for asynchronous programming. Regards Katharina --
Bug#1012249: ITP:amphp-serialization -- Serialization tools for IPC and data storage
Package: wnpp * Package name: php-amphp-serialization Upstream Author : Aaron Piotrowski * License : MIT Description : amphp/serialization is serialization tools for IPC and data storage in PHP . Amp is a non-blocking concurrency framework for PHP. It provides an event loop, promises and streams as a base for asynchronous programming. Regards Katharina
Bug#1011524: ITP:php-amphp-parser -- streaming generator parser
Package: wnpp * Package name: php-amphp-parser Upstream Author : 2017-2020 Niklas Keller * License : MIT Description : amphp/parser is a streaming generator parser. Regards Katharina
Bug#1011337: ITP:php-amphp-http -- Basic HTTP primitives which can be shared by servers and clients
Package: wnpp * Package name: php-amphp-http Upstream Author : 2018-2022 Niklas Keller * License : MIT Description : Basic HTTP primitives which can be shared by servers and clients. . Amp is a non-blocking concurrency framework for PHP. It provides an event loop, promises and streams as a base for asynchronous programming. Regards Katharina
Bug#1011334: ITP:php-amphp-hpack -- HTTP/2 HPack implementation
Package: wnpp * Package name: php-amphp-hpack Upstream Author : 2015-2022 Niklas Keller * License : MIT Description : HTTP/2 HPack implementation HTTP/2 supports a new dedicated header compression algorithm, called HPACK. HPACK was developed with attacks like CRIME in mind, and is therefore considered safe to use. Regards Katharina
Bug#1011332: ITP:php-amphp-dns -- provides asynchronous DNS resolution for PHP based on Amp
Package: wnpp * Package name: php-amphp-dns Upstream Author : 2015-2022 Niklas Keller * License : MIT Description : amphp/dns provides asynchronous DNS resolution for PHP based on Amp. . AMPHP is a collection of high-quality, event-driven libraries for PHP designed with fibers and concurrency in mind. Regards Katharina --
Bug#1011326: ITP:php-amphp-cache -- non-blocking caching library for Amp
Package: wnpp * Package name: php-amphp-cache Upstream Author : 2015-2021 Niklas Keller * License : MIT Description : Promise-aware caching API for Amp amphp/cache is a non-blocking caching library for Amp. Regards Katharina --
Bug#1011283: ITP:php-amphp-byte-stream -- stream abstraction to make working with non-blocking I/O simple
Package: wnpp * Package name: php-amphp-byte-stream Upstream Author : Daniel Lowrey * License : MIT Description : amphp/byte-stream is a stream abstraction for Amp. . Amp is a non-blocking concurrency framework for PHP. It provides an event loop, promises and streams as a base for asynchronous programming. Regards Katharina
Bug#1011274: ITP:php-amphp-http-client -- Asynchronous concurrent HTTP/2 and HTTP/1.1 client built on the Amp concurrency framework
Package: wnpp * Package name: php-amphp-http-client Upstream Author : Daniel Lowrey * License : MIT Description : Asynchronous concurrent HTTP/2 and HTTP/1.1 client . This package provides an asynchronous HTTP client for PHP based on Amp. Its API simplifies standards-compliant HTTP resource traversal and RESTful web service consumption without obscuring the underlying protocol. The library manually implements HTTP over TCP sockets; as such it has no dependency on ext/curl. Regards Katharina
Bug#1011270: ITP:php-amphp-amp -- Non-blocking concurrency framework for PHP
Package: wnpp * Package name: php-amphp-amp Upstream Author : Daniel Lowrey * License : MIT Description : Non-blocking concurrency framework for PHP Amp is a non-blocking concurrency framework for PHP. It provides an event loop, promises and streams as a base for asynchronous programming. . Promises in combination with generators are used to build coroutines, which allow writing asynchronous code just like synchronous code, without any callbacks. Regards Katharina --
Bug#1009901: Update php-league-flysystem to newer version
Package: php-league-flysystem Version: 1.1.3-4 Severity: normal Hello, for building a newer php-laravel-framework I need a more recent php-league-flysystem (>=3 instead of 1.X). For being able to continue I built one from 3.0.17 (following salsa repo): https://github.com/sunflowerbofh/flysystem/tree/debian If that (or a corrected version) could go to unstable I would be very pleased. I can also provide a .dsc file if needed. Thanks+Regards Katharina --
Bug#1009125: ITP:php-fruitcake-php-cors -- Cross-origin resource sharing library for the Symfony HttpFoundation
Package: wnpp
* Package name: php-fruitcake-php-cors
Upstream Author : Barry vd. Heuvel
* License : MIT
Description : Cross-origin resource sharing library for the Symfony
HttpFoundation
Library and middleware enabling cross-origin resource sharing for your
http-{foundation,kernel} using application. It attempts to implement the W3C
Recommendation for cross-origin resource sharing.
Regards
Katharina
--
Bug#1008976: Wordpress editor shows empty screen
Package: wordpress Version: 5.9.2+dfsg1-1 Severity: normal Hello, when editing a post with the actual wordpress version only a blank screen is shown. For fixing that you have to copy the files wp-includes/js/dist/blocks.js wp-includes/js/dist/blocks.min.js from the actual upstream version (tested under bullseye). Kind Regards Katharina --
Bug#1006936: Update symfony-finder to newer version
Package: php-symfony-finder Version: 5.4.6+dfsg-1 Severity: normal Hello, for a project I need some actual php-symfony* packages which partly depend on php-symfony-finder. The actual debian package uses upstream version 5.4.6. For going ahead I built a package from version 6.0.3 ( https://github.com/sunflowerbofh/finder/tree/debian). It would be nice if this or a newer version could get into the debian package. Thanks+Regards Katharina
Bug#1006360: Update symfony to latest version
Package: symfony Version: 5.4.4+dfsg-1 Severity: normal Hello, the php-symfony debian package uses upstream version 5.4.4. For a project I need actual php-illuminate-session (and other) packages which presume a symfony version >=6.0. Would be nice if the package could use the actual upstream, as of now version 6.0.4. (https://github.com/symfony/symfony/releases). Kind regards Katharina --
Bug#1006265: ITP:php-laravel-serializable-closure - Easy and secure way to serialize closures in PHP
Package: wnpp * Package name: php-laravel-serializable-closure Upstream Author : Taylor Otwell * License : MIT Description : Easy and secure way to serialize closures in PHP Laravel Serializable Closure provides an easy and secure way to serialize closures in PHP. Regards Katharina
Bug#1005967: ITP:php-voku-portable-ascii - Portable ASCII library - performance optimized (ascii) string functions for php
Package: wnpp * Package name: php-voku-portable-ascii Upstream Author : Lars Moelleken * License : MIT Description : Performance optimized (ascii) string functions for php It is written in PHP (PHP 7+) and can work without "mbstring", "iconv" or any other extra encoding php-extension on your server. . The benefit of Portable ASCII is that it is easy to use, easy to bundle. Regards Katharina
Bug#1005342: ITP:php-fideloper-proxy - Set trusted proxies for Laravel
Package: wnpp * Package name: php-fideloper-proxy Upstream Author : Chris Fidao * License : MIT Description : Set trusted proxies for Laravel Setting a trusted proxy allows for correct URL generation, redirecting, session handling and logging in Laravel when behind a reverse proxy such as a load balancer or cache. Regards Katharina
Bug#1005330: ITP:php-svg-sanitizer - SVG sanitizer for PHP
Package: wnpp * Package name: php-svg-sanitizer Upstream Author : Daryll Doyle * License : GPL-2+ Description : SVG sanitizer in PHP. Attempt at building a decent SVG sanitizer in PHP. The work is laregely borrowed from DOMPurify. Regards Katharina
Bug#1005322: ITP:php-laravel-mail-auto-embed - Automatically parses your messages and embeds the images found into your mail
Package: wnpp * Package name: php-laravel-mail-auto-embed Upstream Author : Eduardo Gusmão * License : MIT Description : Parses messages and embeds images from emails Automatically parses your messages and embeds the images found into your mail, replacing the original online-version of the image. Regards Katharina
Bug#1005283: ITP:php-maximebf-debugbar - debug bar in the browser with information from php
Package: php-maximebf-debugbar * Package name: php-maximebf-debugbar Upstream Author : Maxime Bouroumeau-Fuseau * License : MIT Description : PHP Debug Bar Displays a debug bar in the browser with information from php. No more var_dump() in your code! Regards Katharina
Bug#1005172: ITP:snipe-it - Open Source Asset Management System
Package: snipe-it * Package name: snipe-it Upstream Author : snipe * License : GNU AFFERO GENERAL PUBLIC LICENSE Description : Open Source Asset Management System This is a FOSS project for asset management in IT Operations. Knowing who has which laptop, when it was purchased in order to depreciate it correctly, handling software licenses, etc. . It is built on Laravel 6. Regards Katharina
Bug#1005130: ITP:php-laravel-cors - Implements https://github.com/asm89/stack-cors for Laravel
Package: php-laravel-cors * Package name: php-laravel-cors Upstream Author : Barry vd. Heuvel * License : MIT Description : Implements https://github.com/asm89/stack-cors for Laravel The laravel-cors package allows you to send Cross-Origin Resource Sharing headers with Laravel middleware configuration. Regards Katharina
Bug#1005119: ITP:php-asm89-stack-cors - Cross-origin resource sharing for http applications
Package: php-asm89-stack-cors
* Package name: php-asm89-stack-cors
Upstream Author : Alexander
* License : MIT
Description : Cross-origin resource sharing for http applications
Library and middleware enabling cross-origin resource sharing for your
http-{foundation,kernel} using application. It attempts to implement
the W3C Recommendation for cross-origin resource sharing.
Regards
Katharina
--
Berner Fachhochschule / Bern University of Applied Sciences
IT-Services / Team Linux & Infrastructure Services
Katharina Drexel
IT System Engineer
___
Dammweg 3, CH-3013 Bern
Telefon direkt +41 31 848 48 87
Telefon Servicedesk +41 31 848 48 48
katharina.dre...@bfh.ch
https://bfh.ch
https://bfh.science
Bug#1004959: ITP:php-dasprid-enum - PHP 7.1 enums
Package: php-dasprid-enum * Package name: php-dasprid-enum Upstream Author : Ben Scholzen * License : BSD-2-clause Description : PHP 7.1 enums It is a well known fact that PHP is missing a basic enum type, ignoring the rather incomplete SplEnum implementation which is only available as a PECL extension. There are also quite a few other userland enum implementations around, but all of them have one or another compromise. This library tries to close that gap as far as PHP allows it to. Regards Katharina
Bug#1004954: ITP:php-bacon-qr-code - QR Code generator
Package: php-bacon-qr-code * Package name: php-bacon-qr-code Upstream Author : Ben Scholzen * License : BSD-2-clause Description : QR Code generator BaconQrCode is a port of QR code portion of the ZXing library. It currently only features the encoder part, but could later receive the decoder part as well. Regards Katharina
Bug#1004918: ITP:php-slack - PHP package for Slack
Package: php-slack * Package name: php-slack Upstream Author : Alexander Chibrikin * License : BSD-2-clause Description : PHP package for Slack A simple PHP package for sending messages to Slack with incoming webhooks, focused on ease-of-use and elegant syntax. Regards Katharina
Bug#1004898: ITP:php-guzzlehttp-guzzle - PHP HTTP client that makes it easy to send HTTP requests and trivial to integrate with web services
Package: php-guzzlehttp-guzzle * Package name: php-guzzlehttp-guzzle Upstream Author : Tobias Nyholm , Graham Campbell * License : MIT Description : Guzzle is a PHP HTTP client that makes it easy to send HTTP requests and trivial to integrate with web services. . * Simple interface for building query strings, POST requests, streaming large uploads, streaming large downloads, using HTTP cookies, uploading JSON data, etc... * Can send both synchronous and asynchronous requests using the same interface. * Uses PSR-7 interfaces for requests, responses, and streams. This allows you to utilize other PSR-7 compatible libraries with Guzzle. * Supports PSR-18 allowing interoperability between other PSR-18 HTTP Clients. * Abstracts away the underlying HTTP transport, allowing you to write environment and transport agnostic code; i.e., no hard dependency on cURL, PHP streams, sockets, or non-blocking event loops. * Middleware system allows you to augment and compose client behavior.
Bug#1004661: ITP:php-adldap2 - provides LDAP authentication and directory management tools using the Active Record pattern
Package: php-adldap2· * Package name: php-adldap2· Upstream Author : Steve Baumann * License : MIT Description : Adldap2 is a PHP package that provides LDAP authentication and directory· management tools using the Active Record pattern.· . * Up and running in minutes. Effortlessly connect to your LDAP servers and· start running queries & operations in a matter of minutes. * Fluent query builder. Building LDAP queries has never been so easy. Find the· records you're looking for in a couple lines or less with a fluent interface. * Supercharged Active Record. Create and modify LDAP records with ease. All· LDAP records are individual models. Simply modify the attributes on the model· and save it to persist the changes to your LDAP server. Regards Katharina
Bug#1003507: weblog manager (HTTP Authentication Plugin) - From short description on control
Package: wordpress-plugin-http-authentication Owner: katharina.dre...@bfh.ch * Package name: wordpress-plugin-http-authentication Upstream Author : Katharina Drexel * License : GPL-2+ Description : weblog manager (HTTP Authentication Plugin) . This package contains the plugin for HTTP Authentication, allowing to use existing means of authenticating people to WordPress. This includes Apache's basic HTTP authentication module, Shibboleth, and many others. Additionally you can configure an LDAP section where LDAP groups can be mapped to WordPress roles. --
Bug#1001804: Image preview not available in wordpress
Package: wordpress Version: 5.8.1+dfsg1-2 Severity: normal Hello, with the actual debian installation, wordpress shows no preview of uploaded images, neither in the media nor in the post. The fix for that would be --- a/debian/wordpress.postinst +++ b/debian/wordpress.postinst @@ -16,6 +16,9 @@ case "$1" in if [ -f "$APP_PROFILE" ] && aa-status --enabled 2>/dev/null; then apparmor_parser -rTW "$APP_PROFILE" || true fi + + # Symlink needded, otherwise no image preview + ln -s /var/lib/wordpress/wp-content/uploads /usr/share/wordpress/wp-content/uploads ;; esac (MR coming soon) Greetings Katharina -- Berner Fachhochschule / Bern University of Applied Sciences IT-Services / Team Linux & Infrastructure Services Katharina Drexel IT System Engineer
Bug#1001623: Acknowledgement (Switch off wordpress automatic updates)
Meanwhile I pushed an updated patch to the repository: https://salsa.debian.org/debian/wordpress/-/commit/1a4a466b8c1ad36d71e3a8d860821b514fe2c16d
Bug#1001623: Switch off wordpress automatic updates
Package: wordpress
Version: 5.8.1+dfsg1-2
Severity: normal
Hello,
we always get update warnings from wordpress which does not make any sense as
updates should (and must) be done from the debian package. You can switch off
the
automatic updates in the config file but it would be a nicer user experience if
it
happened within the default config.
The patch for that would be
---
debian/wp-config.php | 4
1 file changed, 4 insertions(+)
diff --git a/debian/wp-config.php b/debian/wp-config.php
index d4981731..5435d30f 100644
--- a/debian/wp-config.php
+++ b/debian/wp-config.php
@@ -30,6 +30,10 @@ if (file_exists($debian_file)) {
exit(1);
}
+/* Switch off automatic updates (should be done by package update) */
+if (!defined('wp_auto_update_core'))
+define( 'wp_auto_update_core', false );
+
/* Default value for some constants if they have not yet been set
by the host-specific config files */
if (!defined('ABSPATH'))
--
Kind regards
Katharina
--
Berner Fachhochschule / Bern University of Applied Sciences
IT-Services / Team Linux & Infrastructure Services
Katharina Drexel
IT System Engineer
___
Dammweg 3, CH-3013 Bern
Telefon direkt +41 31 848 48 87
Telefon Servicedesk +41 31 848 48 48
katharina.dre...@bfh.ch
https://bfh.ch
https://bfh.science
Bug#1001462: Update wordpress to latest version
Package: wordpress Version: 5.8.1+dfsg1-2 Severity: normal Hello, the wordpress debian package uses version upstream version 5.8.1. Meanwhile the actual version is 5.8.2. Would be nice if we could use it within the debian package. Kind Regards Katharina -- Berner Fachhochschule / Bern University of Applied Sciences IT-Services / Team Linux & Infrastructure Services Katharina Drexel IT System Engineer ___ Dammweg 3, CH-3013 Bern Telefon direkt +41 31 848 48 87 Telefon Servicedesk +41 31 848 48 48 katharina.dre...@bfh.ch https://bfh.ch https://bfh.science
Bug#974977: HA-Proxy 2.3.0 doesn't log into haproxy.log
Meanwhile, the logging problem is solved upstream (tested with 2.4-dev4-4d71176). With the default config and the rsyslog snippet (49-haproxy.conf) the logs go into haproxy.log again and look like: Jan 4 11:40:53 haproxy-test haproxy[411079]: 81.XXX.XXX.142:36800 [04/Jan/2021:11:40:53.782] test- http-/web1.backup.example.com 1/0/32 4081 -- 1/1/0/0/0 0/0 -- Berner Fachhochschule / Bern University of Applied Sciences IT-Services / Team Linux & Infrastructure Services Katharina Drexel IT System Engineer ___ Dammweg 3, CH-3013 Bern Telefon direkt +41 31 848 48 87 Telefon Servicedesk +41 31 848 48 48 katharina.dre...@bfh.ch https://bfh.ch https://bfh.science
Bug#974977: HA-Proxy 2.3.0 doesn't log into haproxy.log
bug report in upstream is open: https://github.com/haproxy/haproxy/issues/963
On Wednesday, 2020-11-18, 09:31:59 (GMT +0100), Vincent Bernat wrote:
> ❦ 18 novembre 2020 09:11 +01, Katharina Drexel:
>
> >> > local0.*/var/log/haproxy.log
> >> >
> >> Logging all local0 to /var/log/haproxy.log is too wide. The match below
> >> should still work as the program name is still HAProxy. I don't see
> >> anything that would explain why it would not work. Can you copy/paste
> >> one log line to check if program name is haproxy.
> >> --
> >
> > Here some log output from the syslog (when above patch not applied):
> >
> > Nov 18 08:21:48 node1 node1.proxy.nextcloud-test.example.com
> > haproxy[63848]: 194.193.242.80:46764 [18/Nov/2020:08:21:47.102] http-lb4~
> > http-nodes4/node1.nextcloud-test.example.com 0/0/4/1846/1850 200 1785 - -
> > --NN 1/1/2/2/0 0/0 {Mozilla/5.0 (X11; Linux x86_64; rv:82.0) Gecko/20100101
> > Firefox/82.0} "GET
> > https://nextcloud-test.example.com/index.php/svg/core/actions/public?color=fff=1
> > HTTP/2.0"
>
> The hostname seems to be repeated. There have been many changes in the
> log infrastructure in 2.3. Looking a bit at the history, maybe this is
> "MEDIUM: log/sink: re-work and merge of build message API." As there are
> many subsequent changes, it's not easy to revert to test.
>
> Could you report this upstream? Maybe they'll have a clue.
>
> Thanks.
> --
> 10.0 times 0.1 is hardly ever 1.0.
> - The Elements of Programming Style (Kernighan & Plauger)
--
Berner Fachhochschule / Bern University of Applied Sciences
IT-Services / Team Linux & Infrastructure Services
Katharina Drexel
IT System Engineer
___
Dammweg 3, CH-3013 Bern
Telefon direkt +41 31 848 48 87
Telefon Servicedesk +41 31 848 48 48
katharina.dre...@bfh.ch
https://bfh.ch
https://bfh.science
Bug#974977: HA-Proxy 2.3.0 doesn't log into haproxy.log
Package: haproxy
Version: 2.3.0-1
Severity: normal
Hello,
When updating from haproxy 2.2.5 to 2.3.0, the logs only go into syslog, not to
haproxy.log any more.
For fixing that, you need an additional line in the 49-haproxy.conf of rsyslog:
local0.*/var/log/haproxy.log
The diff would be:
--- 49-haproxy.conf 2020-11-16 18:27:04.628696482 +0100
+++ /tmp/49-haproxy.conf2020-11-16 18:26:30.896699927 +0100
@@ -3,7 +3,8 @@
$AddUnixListenSocket /var/lib/haproxy/dev/log
# Send HAProxy messages to a dedicated logfile
+local0.*/var/log/haproxy.log
+
:programname, startswith, "haproxy" {
/var/log/haproxy.log
stop
Im am using bullseye/sid and kernel 5.7.0-2progress5+u1-amd64.
--
Berner Fachhochschule / Bern University of Applied Sciences
IT-Services / Team Linux & Infrastructure Services
Katharina Drexel
IT System Engineer
___
Dammweg 3, CH-3013 Bern
Telefon direkt +41 31 848 48 87
Telefon Servicedesk +41 31 848 48 48
katharina.dre...@bfh.ch
https://bfh.ch
https://bfh.science
Bug#931843: please document csp header requirements
Complementation: I found a way to configure the apache csp headers for netdata. Please add the configuration snippet to your documentation: Header always set Content-Security-Policy "default-src 'unsafe-inline' http://localhost:1 https: 'self' 'unsafe-eval'; script-src 'unsafe-inline' https: 'self' 'unsafe-eval'; style-src https: 'self' 'unsafe-inline'" Thanks Katharina
Bug#931843: netdata does not show graphs with csp on
Package: netdata Version: 1.16.0-1 When the netdata GUI is proxied through an apache web server with csp on, the browser delivers the following errors: Cannot load required JS library: https://netdata.bfh.science/netdata/lib/bootstrap-3.3.7.min.js Cannot load required JS library: https://netdata.bfh.science/netdata/lib/perfect-scrollbar-0.6.15.min.js Cannot load required JS library: https://netdata.bfh.science/netdata/lib/bootstrap-toggle-2.2.2.min.js Cannot load required JS library: https://netdata.bfh.science/netdata/dashboard_info.js?v20181019-1 Cannot load required JS library: https://netdata.bfh.science/netdata/dashboard_info.js?v20181019-1 ERROR 100: Cannot load chart library: https://netdata.bfh.science/netdata/lib/dygraph-c91c859.min.js ERROR 100: Cannot load chart library: https://netdata.bfh.science/netdata/lib/jquery.easypiechart-97b5824.min.js ERROR 100: Cannot load chart library: https://netdata.bfh.science/netdata/lib/gauge-1.3.2.min.js After the web site is loaded, the graphs are all empty resp. replaced by message: "system.(swap|cpu|load|disk|...): chart library "easypiechart" is not enabled." When the content security policy is switched off, the site loads OK. Our apache settings for csp are: Header always set Content-Security-Policy "default-src 'https:' 'self'; style-src 'https:' 'self' 'unsafe-inline'" Regards Katharina
