Bug#964318: gosa login broken with PHP 7.4
Wolfgang Schweer
w.schweer at gmx.de
Thu Jul 9 20:54:34 BST 2020
On Mon, Jul 06, 2020 at 12:05:44PM +0200, Wolfgang Schweer wrote:
> In both encrypt and decrypt cases, the chosen cipher method seems to
> return 0.
This is the case because the chosen method (aes-256-ecb) doesn't use an
initialization vector ($iv) at all, causing its length ($ivlen) to be 0,
see e.g. https://usr.ed48.com/php/ssl/?xf=7
So the encrypt/decrypt implementation seems to have been sort of wrong
before (and only now with PHP 7.4 an error is thrown).
Please check and test the attached changes to
/usr/share/gosa/include/functions.inc and
/usr/sbin/gosa-encrypt-passwords; works for me, but then my skills are
low level and this is a quite sensitive issue.
Wolfgang
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gosa_crypt.diff
Type: text/x-diff
Size: 1861 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-pkg-team/attachments/20200709/85c37f5b/attachment-0001.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-pkg-team/attachments/20200709/85c37f5b/attachment-0001.sig>
More information about the Debian-edu-pkg-team
mailing list