Ocramius
commented
2 years ago Hmmmm:
Err:1 http://ppa.launchpad.net/ondrej/php/ubuntu focal/main amd64 php8.1-ldap amd64 8.1.2-1+ubuntu20.04.1+deb.sury.org+1
404 Not Found [IP: 91.189.95.85 80]Closed weierophinney closed 2 years ago
Ocramius
commented
2 years ago Hmmmm:
Err:1 http://ppa.launchpad.net/ondrej/php/ubuntu focal/main amd64 php8.1-ldap amd64 8.1.2-1+ubuntu20.04.1+deb.sury.org+1
404 Not Found [IP: 91.189.95.85 80]
weierophinney
commented
2 years ago Hmmmm:
Yeah, this is odd... because it shows that 8.1 LDAP package on ALL of the runs (i.e., it's not varying based on the PHP version requested, which is strange). Also... it appears that the script that installs the extensions is not doing an apt update before attempting to install, which means we're requesting an outdated package (8.1.2, instead of the current 8.1.3). I'm not sure if this is a transient issue (maybe he just released a few minutes ago?) or something on our end. :-/
The tests ran fine when we issued the 2.9.0 release, and since this isn't a code change, perhaps it's safe to release?
weierophinney
commented
2 years ago I think I found the issue - somebody'd created a pre-install.sh script that was calling apt install php8.1-ldap... even though the extension is specified in .laminas-ci.json.
Description
The Digest adapter uses the legacy MD5 algorithm for hashing, per standard tooling such as the
htdigesttool provided by the Apache web server. While the specification has been updated to allow for SHA-256 and SHA-512, these would (a) require changes to how we request and validate credentials, and (b) changes to how the file is generated, and should likely have their own dedicated adapters. Additionally, moving to one or both of those and immediately deprecating the existing functionality would break existing sites that were built with htdigest. As such, this patch deprecates the Digest adapter, and notes the security concerns leading to that deprecation.