weixin_39869197
2021-01-12 17:28 阅读 0

Broken with phpseclib 2.0.8

Apparently phpseclib 2.0.8 broke API and phpMyAdmin no longer works. Affects both QA_4_7 and master.

Test failures:


There were 7 errors:

1) PhpMyAdmin\Tests\Plugins\Auth\AuthenticationCookieTest::testAuthSetUser

Error: Class 'phpseclib\Crypt\Base' not found

/home/travis/build/phpmyadmin/phpmyadmin/libraries/classes/Plugins/Auth/AuthenticationCookie.php:794

/home/travis/build/phpmyadmin/phpmyadmin/libraries/classes/Plugins/Auth/AuthenticationCookie.php:818

/home/travis/build/phpmyadmin/phpmyadmin/libraries/classes/Plugins/Auth/AuthenticationCookie.php:713

/home/travis/build/phpmyadmin/phpmyadmin/libraries/classes/Plugins/Auth/AuthenticationCookie.php:527

/home/travis/build/phpmyadmin/phpmyadmin/libraries/classes/Plugins/Auth/AuthenticationCookie.php:460

/home/travis/build/phpmyadmin/phpmyadmin/test/classes/Plugins/Auth/AuthenticationCookieTest.php:684

2) PhpMyAdmin\Tests\Plugins\Auth\AuthenticationCookieTest::testAuthSetUserWithHeaders

Error: Class 'phpseclib\Crypt\Base' not found

/home/travis/build/phpmyadmin/phpmyadmin/libraries/classes/Plugins/Auth/AuthenticationCookie.php:794

/home/travis/build/phpmyadmin/phpmyadmin/libraries/classes/Plugins/Auth/AuthenticationCookie.php:818

/home/travis/build/phpmyadmin/phpmyadmin/libraries/classes/Plugins/Auth/AuthenticationCookie.php:713

/home/travis/build/phpmyadmin/phpmyadmin/libraries/classes/Plugins/Auth/AuthenticationCookie.php:527

/home/travis/build/phpmyadmin/phpmyadmin/libraries/classes/Plugins/Auth/AuthenticationCookie.php:460

/home/travis/build/phpmyadmin/phpmyadmin/test/classes/Plugins/Auth/AuthenticationCookieTest.php:737

3) PhpMyAdmin\Tests\Plugins\Auth\AuthenticationCookieTest::testCookieEncrypt

Error: Class 'phpseclib\Crypt\Base' not found

/home/travis/build/phpmyadmin/phpmyadmin/libraries/classes/Plugins/Auth/AuthenticationCookie.php:723

/home/travis/build/phpmyadmin/phpmyadmin/test/classes/Plugins/Auth/AuthenticationCookieTest.php:945

4) PhpMyAdmin\Tests\Plugins\Auth\AuthenticationCookieTest::testCookieEncryptPHPSecLib

Error: Class 'phpseclib\Crypt\Base' not found

/home/travis/build/phpmyadmin/phpmyadmin/libraries/classes/Plugins/Auth/AuthenticationCookie.php:723

/home/travis/build/phpmyadmin/phpmyadmin/test/classes/Plugins/Auth/AuthenticationCookieTest.php:945

/home/travis/build/phpmyadmin/phpmyadmin/test/classes/Plugins/Auth/AuthenticationCookieTest.php:957

5) PhpMyAdmin\Tests\Plugins\Auth\AuthenticationCookieTest::testCookieDecrypt

Error: Class 'phpseclib\Crypt\Base' not found

/home/travis/build/phpmyadmin/phpmyadmin/libraries/classes/Plugins/Auth/AuthenticationCookie.php:775

/home/travis/build/phpmyadmin/phpmyadmin/test/classes/Plugins/Auth/AuthenticationCookieTest.php:986

6) PhpMyAdmin\Tests\Plugins\Auth\AuthenticationCookieTest::testCookieDecryptPHPSecLib

Error: Class 'phpseclib\Crypt\Base' not found

/home/travis/build/phpmyadmin/phpmyadmin/libraries/classes/Plugins/Auth/AuthenticationCookie.php:775

/home/travis/build/phpmyadmin/phpmyadmin/test/classes/Plugins/Auth/AuthenticationCookieTest.php:986

/home/travis/build/phpmyadmin/phpmyadmin/test/classes/Plugins/Auth/AuthenticationCookieTest.php:999

7) PhpMyAdmin\Tests\Plugins\Auth\AuthenticationCookieTest::testPasswordChange

Error: Class 'phpseclib\Crypt\Base' not found

/home/travis/build/phpmyadmin/phpmyadmin/libraries/classes/Plugins/Auth/AuthenticationCookie.php:723

/home/travis/build/phpmyadmin/phpmyadmin/libraries/classes/Plugins/Auth/AuthenticationCookie.php:550

/home/travis/build/phpmyadmin/phpmyadmin/libraries/classes/Plugins/Auth/AuthenticationCookie.php:846

/home/travis/build/phpmyadmin/phpmyadmin/test/classes/Plugins/Auth/AuthenticationCookieTest.php:1071

This is blocker for 4.7.6 release.

该提问来源于开源项目:phpmyadmin/phpmyadmin

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享

10条回答 默认 最新

  • weixin_39869197 weixin_39869197 2021-01-12 17:28

    Following seem to be the changes:

    • https://github.com/phpseclib/phpseclib/commit/c509909004345d8434a2c21983aa5c61f825fa4a
    • https://github.com/phpseclib/phpseclib/commit/4171262b9ee6f905eb2bfc4a942c5f44483efdf8
    • https://github.com/phpseclib/phpseclib/commit/2a1177b256361220c5666faa17d7afef34f39998
    点赞 评论 复制链接分享
  • weixin_39869197 weixin_39869197 2021-01-12 17:28

    Reported upstream: https://github.com/phpseclib/phpseclib/issues/1218

    点赞 评论 复制链接分享
  • weixin_39869197 weixin_39869197 2021-01-12 17:28

    There is another change - phpseclib 2.0.8 started to require PHP >= 5.6.1, so we now have two options:

    • stick with 2.0.7 (which will apparently not get security fixes)
    • upgrade to 2.0.8 and drop PHP 5.5 support, see https://github.com/phpmyadmin/phpmyadmin/issues/13228
    点赞 评论 复制链接分享
  • weixin_39851307 weixin_39851307 2021-01-12 17:28

    Is https://github.com/phpseclib/phpseclib not up-to-date?

    点赞 评论 复制链接分享
  • weixin_39869197 weixin_39869197 2021-01-12 17:28

    The readme there is not in sync with composer.json, see https://github.com/phpseclib/phpseclib/issues/1219

    点赞 评论 复制链接分享
  • weixin_39869197 weixin_39869197 2021-01-12 17:28

    As dropping PHP 5.5 support is something we certainly can not do in the 4.7 releases, I've reverted the API fixes and pinned phpseclib < 2.0.8.

    Let's see if the phpseclib changes were intentional or it's mistake of releasing 2.0.8 from master branch instead of 2.0 maintenance branch and we should address it then.

    点赞 评论 复制链接分享
  • weixin_39869197 weixin_39869197 2021-01-12 17:28

    STABLE branch contains released versions, it will be there once 4.7.6 is out (what should be quite soon).

    点赞 评论 复制链接分享
  • weixin_39628247 weixin_39628247 2021-01-12 17:28

    Sorry my fault, I saw phpseclib has released version 2.0.9 and now stable is running fine. Before they released 2.0.9 the stable branch was broken for new installations as 2.0.8 was installed.

    点赞 评论 复制链接分享
  • weixin_39851307 weixin_39851307 2021-01-12 17:28

    Only when installed from git right?

    点赞 评论 复制链接分享
  • weixin_39628247 weixin_39628247 2021-01-12 17:28

    Yes, pulled the stable branch and ran "composer update". Now everything is fine again

    点赞 评论 复制链接分享

相关推荐