Debian Bug report logs - #335568
phpmyadmin: Apache 2 configured without permission

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Olaf van der Spek <olaf@c.xwis.net>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: phpmyadmin: Apache 2 configured without permission

Date: Mon, 24 Oct 2005 19:37:48 +0200

Package: phpmyadmin
Version: 4:2.6.4-pl2-1
Severity: normal

Hi,

I pressed enter when it asked me which webservers should be configured to indicate I didn't want any configured, but it did Apache 2 anyway.

lrwxrwxrwx  1 root root   21 2005-10-24 19:17 phpmyadmin -> /usr/share/phpmyadmin

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-686-smp
Locale: LANG=en_US.ISO-8859-15, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15)

Versions of packages phpmyadmin depends on:
ii  apache2-mpm-prefork [ht 2.0.54-5         traditional model for Apache2
ii  debconf [debconf-2.0]   1.4.58           Debian configuration management sy
ii  php4                    4:4.3.10-16etch1 server-side, HTML-embedded scripti
ii  php4-mysql              4:4.3.10-16etch1 MySQL module for php4
ii  ucf                     2.002            Update Configuration File: preserv

Versions of packages phpmyadmin recommends:
pn  php4-mcrypt | php5-mcrypt     <none>     (no description available)

-- debconf information:
* phpmyadmin/reconfigure-webserver:
  phpmyadmin/restart-webserver: false

Message #10 received at 335568-close@bugs.debian.org (full text, mbox, reply):

From: Piotr Roszatycki <piotr.roszatycki@gmail.com>

To: 335568-close@bugs.debian.org

Subject: Re: phpmyadmin: Apache 2 configured without permission

Date: Fri, 6 Jan 2006 12:53:54 +0100

Hi.

I think it is some misunderstanding. The Apache was not configured. 
The /var/www directory does not belong to Apache package. It is common 
directory for any web applications.

-- 
 .''`.    Piotr Roszatycki
: :' :    mailto:dexter@n1.pl
`. `'     mailto:dexter@debian.org
  `-

Message #15 received at 335568@bugs.debian.org (full text, mbox, reply):

From: Olaf van der Spek <Olaf@XWIS.Net>

To: 335568@bugs.debian.org

Subject: Re: phpmyadmin: Apache 2 configured without permission

Date: Wed, 18 Jan 2006 16:09:43 +0100

Hi,

First, I'd like to say I never received your response.

> It is common directory for any web applications.

And phpmyadmin touched it. Is there a way to prevent phpmyadmin from 
touching it?
I only want phpmyadmin in my SSL vhost.

Message #20 received at 335568@bugs.debian.org (full text, mbox, reply):

From: Piotr Roszatycki <dexter@n1.pl>

To: Olaf van der Spek <Olaf@xwis.net>, 335568@bugs.debian.org

Subject: Re: Bug#335568: phpmyadmin: Apache 2 configured without permission

Date: Wed, 18 Jan 2006 17:15:50 +0100

On Wednesday 18 January 2006 16:09, Olaf van der Spek wrote: 
> Hi,
>
> First, I'd like to say I never received your response.

Sorry. I think I've forgot to use your address and Debian BTS doesn't sent to 
submiter by default...

>
>  > It is common directory for any web applications.
>
> And phpmyadmin touched it. Is there a way to prevent phpmyadmin from
> touching it?
> I only want phpmyadmin in my SSL vhost.

The /var/www is the common place for web applications. I see that over 50 
packages installs theirs files into /var/www directory. I think that 
phpmyadmin should create /var/www/phpmyadmin symlink by default. It might to 
ask if it should not create it. I could add this question to the Debconf 
template with low priority.

-- 
 .''`.    Piotr Roszatycki
: :' :    mailto:dexter@n1.pl
`. `'     mailto:dexter@debian.org
  `-

Message #25 received at 335568@bugs.debian.org (full text, mbox, reply):

From: Olaf van der Spek <Olaf@XWIS.Net>

Cc: 335568@bugs.debian.org

Subject: Re: Bug#335568: phpmyadmin: Apache 2 configured without permission

Date: Wed, 18 Jan 2006 17:19:12 +0100

Piotr Roszatycki wrote:
> On Wednesday 18 January 2006 16:09, Olaf van der Spek wrote: 
>> Hi,
>>
>> First, I'd like to say I never received your response.
> 
> Sorry. I think I've forgot to use your address and Debian BTS doesn't sent to 
> submiter by default...

Actually, I think it's my fault. The mail server on c.xwis.net isn't 
accessible to the public.

>>  > It is common directory for any web applications.
>>
>> And phpmyadmin touched it. Is there a way to prevent phpmyadmin from
>> touching it?
>> I only want phpmyadmin in my SSL vhost.
> 
> The /var/www is the common place for web applications. I see that over 50 
> packages installs theirs files into /var/www directory. I think that 
> phpmyadmin should create /var/www/phpmyadmin symlink by default. It might to 
> ask if it should not create it. I could add this question to the Debconf 
> template with low priority.

I removed the link after install but it keeps being remade after every 
update (IIRC).
It'd at least be nice to make the link on updates.

Message #30 received at 335568@bugs.debian.org (full text, mbox, reply):

From: Piotr Roszatycki <dexter@n1.pl>

To: Olaf van der Spek <Olaf@xwis.net>, 335568@bugs.debian.org

Subject: Re: Bug#335568: phpmyadmin: Apache 2 configured without permission

Date: Wed, 18 Jan 2006 17:44:36 +0100

On Wednesday 18 January 2006 17:19, Olaf van der Spek wrote: 
> > The /var/www is the common place for web applications. I see that over 50
> > packages installs theirs files into /var/www directory. I think that
> > phpmyadmin should create /var/www/phpmyadmin symlink by default. It might
> > to ask if it should not create it. I could add this question to the
> > Debconf template with low priority.
>
> I removed the link after install but it keeps being remade after every
> update (IIRC).
> It'd at least be nice to make the link on updates.

phpmyadmin should not re-create the missing symlink on upgrades. I think it 
would be the best option. 

Thanks for you comment.
-- 
 .''`.    Piotr Roszatycki
: :' :    mailto:dexter@n1.pl
`. `'     mailto:dexter@debian.org
  `-

Message #35 received at 335568@bugs.debian.org (full text, mbox, reply):

From: Olaf van der Spek <Olaf@XWIS.Net>

To: Piotr Roszatycki <dexter@n1.pl>

Cc: 335568@bugs.debian.org

Subject: Re: Bug#335568: phpmyadmin: Apache 2 configured without permission

Date: Wed, 18 Jan 2006 17:48:51 +0100

Piotr Roszatycki wrote:
> On Wednesday 18 January 2006 17:19, Olaf van der Spek wrote: 
>>> The /var/www is the common place for web applications. I see that over 50
>>> packages installs theirs files into /var/www directory. I think that
>>> phpmyadmin should create /var/www/phpmyadmin symlink by default. It might
>>> to ask if it should not create it. I could add this question to the
>>> Debconf template with low priority.
>> I removed the link after install but it keeps being remade after every
>> update (IIRC).
>> It'd at least be nice to make the link on updates.
> 
> phpmyadmin should not re-create the missing symlink on upgrades. I think it 
> would be the best option. 
> 
> Thanks for you comment.

This is also related to Re: phpmyadmin: Unsecure default installation
But it's more a bug in MySQL as it comes without password by default.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=326759

Message #42 received at 335568@bugs.debian.org (full text, mbox, reply):

From: Thijs Kinkhorst <thijs@debian.org>

To: 335568@bugs.debian.org

Cc: Olaf van der Spek <Olaf@XWIS.Net>

Subject: Re: Bug#335568: phpmyadmin: Apache 2 configured without permission

Date: Thu, 12 Oct 2006 12:45:31 +0200

[Message part 1 (text/plain, inline)]

Hoi Olaf,

> This is also related to Re: phpmyadmin: Unsecure default installation
> But it's more a bug in MySQL as it comes without password by default.

I think that placing a symlink in /var/www is indeed a bad solution
because it provides no flexibility and enables phpMyAdmin without
asking. We'll just stick to Apache Alias-style configuration in the
future, but I'm not going to make non-trivial changes to the package
anymore given the schedule for Etch (I've only just adopted this
package).


Thijs

[signature.asc (application/pgp-signature, inline)]

Message #49 received at 335568-close@bugs.debian.org (full text, mbox, reply):

From: Thijs Kinkhorst <thijs@debian.org>

To: 335568-close@bugs.debian.org

Subject: Bug#335568: fixed in phpmyadmin 4:2.10.0.2-1

Date: Sat, 21 Apr 2007 15:47:03 +0000

Source: phpmyadmin
Source-Version: 4:2.10.0.2-1

We believe that the bug you reported is fixed in the latest version of
phpmyadmin, which is due to be installed in the Debian FTP archive:

phpmyadmin_2.10.0.2-1.diff.gz
  to pool/main/p/phpmyadmin/phpmyadmin_2.10.0.2-1.diff.gz
phpmyadmin_2.10.0.2-1.dsc
  to pool/main/p/phpmyadmin/phpmyadmin_2.10.0.2-1.dsc
phpmyadmin_2.10.0.2-1_all.deb
  to pool/main/p/phpmyadmin/phpmyadmin_2.10.0.2-1_all.deb
phpmyadmin_2.10.0.2.orig.tar.gz
  to pool/main/p/phpmyadmin/phpmyadmin_2.10.0.2.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 335568@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thijs Kinkhorst <thijs@debian.org> (supplier of updated phpmyadmin package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 21 Apr 2007 14:52:09 +0200
Source: phpmyadmin
Binary: phpmyadmin
Architecture: source all
Version: 4:2.10.0.2-1
Distribution: unstable
Urgency: low
Maintainer: Thijs Kinkhorst <thijs@debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description: 
 phpmyadmin - Administrate MySQL over the WWW
Closes: 257975 335568 377538 417018 419484
Changes: 
 phpmyadmin (4:2.10.0.2-1) unstable; urgency=low
 .
   * Repackage using debhelper instead of yada (Closes: #417018).
   * Does not reconfigure Apache without permission and does not
     reset debconf variables (Closes: #335568, #377538).
   * New upstream release.
     - From now on we use the -utf-8-only tarballs, reducing installed
       size by 25%.
     - Fixes sessions for non-file-based handlers (Closes: #419484).
     - Has configurable signout link (Closes: #257975).
     - Addresses CVE-2007-1325 (workaround for PHP vulnerability).
Files: 
 6144afbd686148b876b9442962a8b35b 738 web extra phpmyadmin_2.10.0.2-1.dsc
 83aae81e14ffaf26291c937abf0b3806 2794111 web extra phpmyadmin_2.10.0.2.orig.tar.gz
 1cd051babdfe05792c99074d4d5b8065 30375 web extra phpmyadmin_2.10.0.2-1.diff.gz
 1dffd93f9a5ebf83b9d594694ffbe9fd 2789650 web extra phpmyadmin_2.10.0.2-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGKi6yJdKMxZV9WM8RAv4GAJ4jTQfpRNkyRR/6GmXzkIOeSScGWwCg4G2d
I8rcOQ6FJS1Ne839/CdtsQU=
=/vnL
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.