Bug 548260
Summary: | phpMyAdmin bundles tcpdf | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | David Nalley <david> |
Component: | phpMyAdmin | Assignee: | Robert Scheck <redhat-bugzilla> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 19 | CC: | christoph.wickert, fedora, mmcgrath, redhat-bugzilla, sergio, shawn, tcallawa |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | phpMyAdmin-4.0.10.1-1.el6 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-07-30 07:00:24 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 504493, 959946 |
Description
David Nalley
2009-12-17 01:57:43 UTC
Mike: libraries/blowfish.php also appears to be a bundled lib. David: Where does libraries/blowfish.php come from (package name)? Regarding tcpdf: I can't see that Fedora would provide that library anywhere right now as a package. Regarding tcpdf: My understanding of the packaging guidelines (which could be flawed) is that it doesn't matter whether or not Fedora already offers the bundled library as a package, but rather whether or not it's a separate package. eg. it becomes incumbent on the packager to unbundle. To illustrate some of the problems tcpdf is actually included in two packages within Fedora already (and at least a third under review now) To illustrate some of the 'standard problems' that bundled libraries bring: Moodle is using v 1.53.0.TC023_PHP4 phpMyAdmin is using v. 2.2.002 upstream is at: 4.8.19 There is also a different (albeit compatible) license in play between phpMyAdmin and tcpdf. However, inclusion of tcpdf which bundles fonts seems at least on the surface to present a licensing challenge, as the fonts are licensed under the Bitstream Vera and Aver license (at least per the license file included) which at least appears to be non-GPL compatible. WRT to blowfish - it appears the original code was stripped from horde from reading the source, and this same encryption library appears in varying versions in: phpldapadmin phpMyAdmin dokuwiki horde It does appear that phpmyadmin has committed changes to blowfish.php that haven't been upstreamed (effectively forking) This message is a reminder that Fedora 12 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 12. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '12'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 12's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 12 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping Fedora 12 changed to end-of-life (EOL) status on 2010-12-02. Fedora 12 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. Thank you for reporting this bug and we are sorry it could not be fixed. Reopening. This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component. Tom, any suggestions regarding tcpdf and blowfish stuff? tcpdf is... nasty. Bundled fonts embedded into the php files. I'm not sure there is a good way to unbundle the fonts in tcpdf. I haven't looked at blowfish, but it seems like if they've forked, it might be worth considering for a bundled exception. Personally, if this was my package, I'd just retire it and let it die a slow death. Copied comment from https://bugzilla.redhat.com/show_bug.cgi?id=629214#c8: Tom "spot" Callaway 2011-08-02 12:03:48 EDT Well, it has TCPDF (LGPLv3+) bundled inside of it, and I think I've already made my concerns about it clear (re: bundling of fonts in odd ways), but from a strict licensing perspective, here's what I found: * TCPDF (overall LGPLv3+, but bundles the following fonts): - Al-Mohanad (unknown license) - dejavu-*-fonts (Bitstream Vera and Public Domain, in Fedora) - gnu-free-fonts (GPLv2+ with font exception, in Fedora) - Zar Bold (GPLv2+) It also has: * JAMA (mix of Public Domain and PHP), closest thing to an upstream I could find was here: http://php.livejournal.com/270125.html * OLE/PPS (PHP) derived from,OLE::Storage_Lite * PclZip (GPL+ or LGPLv2+) The rest is LGPLv2+. Excluding the fonts, there are no licensing compatibility concerns, and I'm not going to give myself a headache and consider the license compatibility issues with embedded fonts in the php code to the rest of the php code. The notable exception is Al-Mohanad, which either needs to have its license identified or simply removed. So, in conclusion: Bundling galore, including particularly nasty TCPDF, but licensing is okay at: "LGPLv2+ and LGPLv3+ and PHP", assuming that the fonts are unbundled (if even possible, it may not be) and Al-Mohanad is removed. There's a lot of assumptions in there. TCPDF is going to be a holy terror to package properly. This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle. Changing version to '19'. (As we did not run this process for some time, it could affect also pre-Fedora 19 development cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.) More information and reason for this action is here: https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora19 Remi packed php-tcpdf http://koji.fedoraproject.org/koji/packageinfo?packageID=16199 Remi packed php-tcpdf http://koji.fedoraproject.org/koji/packageinfo?packageID=16199 repoquery -q php-tcpdf\* --nvr php-tcpdf-6.0.024-1.fc19 php-tcpdf-dejavu-lgc-sans-fonts-6.0.024-1.fc19 php-tcpdf-dejavu-lgc-sans-mono-fonts-6.0.024-1.fc19 php-tcpdf-dejavu-lgc-serif-fonts-6.0.024-1.fc19 php-tcpdf-dejavu-sans-fonts-6.0.024-1.fc19 php-tcpdf-dejavu-sans-mono-fonts-6.0.024-1.fc19 php-tcpdf-dejavu-serif-fonts-6.0.024-1.fc19 php-tcpdf-gnu-free-mono-fonts-6.0.024-1.fc19 php-tcpdf-gnu-free-sans-fonts-6.0.024-1.fc19 php-tcpdf-gnu-free-serif-fonts-6.0.024-1.fc19 To unbundle tcpdf and use system one, you just need to update the vendor_config.php with -e "/'TCPDF_INC'/s@./libraries/tcpdf/tcpdf.php@%{_datadir}/php/tcpdf/tcpdf.php@" \ And add: Requires: php-tcpdf Requires: php-tcpdf-dejavu-sans-fonts ppMyAdmin version 4.1.0 is the first version to support tcpdf 6.0.x (wihtout patch). phpMyAdmin-4.2.6-1.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/phpMyAdmin-4.2.6-1.fc20 phpMyAdmin-4.2.6-1.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/phpMyAdmin-4.2.6-1.fc19 phpMyAdmin-4.2.6-1.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/phpMyAdmin-4.2.6-1.el6 Package phpMyAdmin-4.2.6-1.el6: * should fix your issue, * was pushed to the Fedora EPEL 6 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=epel-testing phpMyAdmin-4.2.6-1.el6' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1940/phpMyAdmin-4.2.6-1.el6 then log in and leave karma (feedback). phpMyAdmin-4.2.6-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. phpMyAdmin-4.2.6-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. phpMyAdmin-4.0.10.1-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. |