diff options
| author |   Jorge Manuel B. S. Vicetto <jmbsvicetto@gentoo.org> | 2012-02-02 21:18:10 +0000 |
|---|---|---|
| committer | Jorge Manuel B. S. Vicetto <jmbsvicetto@gentoo.org> | 2012-02-02 21:18:10 +0000 |
| commit | e511bfecd328e63df5bb68b35f286c4b05b4b069 (patch) | |
| tree | d561630bfd98e5a9f48aa87e13c7eefc39694031 /net-nds/phpldapadmin | |
| parent | Stable for X86, wrt security bug #401987 (diff) | |
| download | historical-e511bfecd328e63df5bb68b35f286c4b05b4b069.tar.gz historical-e511bfecd328e63df5bb68b35f286c4b05b4b069.tar.bz2 historical-e511bfecd328e63df5bb68b35f286c4b05b4b069.zip | |
[net-nds/phpldapadmin-1.2.2-r1] Apply security patch to fix XSS issue - fixes bug 401901.
Package-Manager: portage-2.2.0_alpha84/cvs/Linux x86_64
Diffstat (limited to 'net-nds/phpldapadmin')
| -rw-r--r-- | net-nds/phpldapadmin/ChangeLog | 9 | ||||
| -rw-r--r-- | net-nds/phpldapadmin/Manifest | 30 | ||||
| -rw-r--r-- | net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch | 34 | ||||
| -rw-r--r-- | net-nds/phpldapadmin/phpldapadmin-1.2.2-r1.ebuild | 46 |
4 files changed, 104 insertions, 15 deletions
diff --git a/net-nds/phpldapadmin/ChangeLog b/net-nds/phpldapadmin/ChangeLog index af94d636f859..0965b61a8c03 100644 --- a/net-nds/phpldapadmin/ChangeLog +++ b/net-nds/phpldapadmin/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for net-nds/phpldapadmin # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-nds/phpldapadmin/ChangeLog,v 1.55 2012/01/05 00:36:39 jmbsvicetto Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-nds/phpldapadmin/ChangeLog,v 1.56 2012/02/02 21:18:10 jmbsvicetto Exp $ + +*phpldapadmin-1.2.2-r1 (02 Feb 2012) + + 02 Feb 2012; Jorge Manuel B. S. Vicetto <jmbsvicetto@gentoo.org> + +phpldapadmin-1.2.2-r1.ebuild, +files/phpldapadmin-1.2.2-base.patch: + [net-nds/phpldapadmin-1.2.2-r1] Apply security patch to fix XSS issue - fixes + bug 401901. *phpldapadmin-1.2.2 (05 Jan 2012) diff --git a/net-nds/phpldapadmin/Manifest b/net-nds/phpldapadmin/Manifest index fd584719ac68..7d86e94499b2 100644 --- a/net-nds/phpldapadmin/Manifest +++ b/net-nds/phpldapadmin/Manifest @@ -4,6 +4,7 @@ Hash: SHA1 AUX phpldapadmin-1.2.1.1-fix-cmd-exploit.patch 716 RMD160 53234a28cbba93e29be796c84b3f735065bef428 SHA1 bb26087375bdb8ace84254b9e9c4537ab691bbaf SHA256 b0c7822c7e36d037e15839046bdfc842540b972633e293c5d96e6d3117f782e0 AUX phpldapadmin-1.2.1.1-fix-functions-exploit.patch 939 RMD160 7c4cd4aa9290ad298afe18ef78765ba0619a365b SHA1 6c7f3b29e696b1b16ffead286962dca98970674d SHA256 94344146e0434ac7c70375f4cbfef9bcd40897c06fb3eddc0b39eaed0c5c669d AUX phpldapadmin-1.2.1.1-fix-magic-quotes.patch 829 RMD160 085053d13ba91c8b69d5b0e4d6ce3fd0e627780b SHA1 8f6ea7971157091febc6a7ff2f6fe97ed908df38 SHA256 7cce069d30a5c4067743de8e91d0d6bd4d9faaaf169ed342a3890bf07ced8817 +AUX phpldapadmin-1.2.2-base.patch 1115 RMD160 d1be4823aa4324fe64a3926a7a6d886c66cce38f SHA1 ac32c511f07314041981514ac6c55e8ba42a2e28 SHA256 33c012fc00d0a170ff57e50624ec0e1018ace3fe9350a5a02ffe2ae8e1751d33 AUX postinstall2-en.txt 131 RMD160 f1f681b3b5094f555e6adfca8d70d4ca1b14ae4b SHA1 deecc59339d6c83dad797c0f8cfab9ea0110153a SHA256 e2dc7bea366789a303eb9a90d1bced655cea00469202859af40bf19c00505d38 DIST phpldapadmin-1.2.0.4.tgz 1291545 RMD160 23b6a9afd438add7ed48ff390d5b4d4400df54b4 SHA1 7b364065e91f4dca606432c42fa2ae48e54f04ce SHA256 e4887ed0db63c926162d79d603add21a669103ad2f75a7b90686a18eed8a6330 DIST phpldapadmin-1.2.0.5.tgz 1345901 RMD160 7b3e194420d7360001faa709b046423d8ac939bf SHA1 0720ec05bfe91520bdd15e38c79f949f18d355eb SHA256 ee75da1dbba023499fdf50d6cedea9bcdb9caad017b15ed2e31700bcc61dfcfd @@ -13,23 +14,24 @@ EBUILD phpldapadmin-1.2.0.4-r1.ebuild 983 RMD160 2228477215296b381a25ece0ac9f81d EBUILD phpldapadmin-1.2.0.5.ebuild 970 RMD160 702248b5bf778558a6704f761755f82060f0d053 SHA1 aea420c3f57d9de49e731ab8b6e3b7cc806c36ee SHA256 b785da167be298f837071d8e8d5a741d2c6f1e18038badd54349ed111f0e04d5 EBUILD phpldapadmin-1.2.1.1-r1.ebuild 1359 RMD160 7459adeaca2213071d4adc19e0d8417f19a1d959 SHA1 cca736aaa69b6728ca6f03ff68135f75da60b315 SHA256 f1f21dc696d4f862bfffdf45bd8b0b5d32d62fa9731713ae3dbc3c447ea3b5e4 EBUILD phpldapadmin-1.2.1.1.ebuild 1129 RMD160 37a8f6d38c93c7eef6aa7c04e73c2e66f2df498f SHA1 ec4b1fd9da21bee274d685efda10cd81cc417005 SHA256 40f439fbda56140a71f345358aeb603b17440464497a0168b28368a157ca5591 +EBUILD phpldapadmin-1.2.2-r1.ebuild 1315 RMD160 cd2109c7d7e7016a64622179d718b400b23756c0 SHA1 98aa73058bd7e09819ae45bddd8a8ccc6a182345 SHA256 28fff8e9869aae9519cfadd4e24e8acbbb509e18b0eef5ab8f9a9d372aba933c EBUILD phpldapadmin-1.2.2.ebuild 1136 RMD160 358d9e441b5b6b489ecdabc7f58051aeedbd84b7 SHA1 5965b38e7d6c149198725380fb2549d2b55bfc2f SHA256 301a656b15c19f35f85c9bae9607fff14c4c58664849b0dd10bb97a53d0f3f65 -MISC ChangeLog 9238 RMD160 f0b6a487c87f3da265d8d1b86cfaea8b2dd1d1b1 SHA1 6f22ad3930722e8ca0cae8b0fabb0d4a67d8cee8 SHA256 5792a468cae3ed03d879cf480c00a7eeb3102575f7aae242495af8bb2cc5c801 +MISC ChangeLog 9509 RMD160 1b5006f6deb9a4737abb5726e280d938a1c2cb6f SHA1 45aff9fe9429238ee539d53c874bee3fd9dbd19b SHA256 23e379a2922428e087fbdbf15bcb8ffeb04633c648e88231013c2cc8051ccfc2 MISC metadata.xml 483 RMD160 9f29226203f0c22470a627939b84edbe57d40a7c SHA1 69affdfca1b1dd98d302336a0e47d708e96317ba SHA256 4da024bde528d8117f42de927efa5e86dd4445b018a818608e1db16969957186 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) -iQIcBAEBAgAGBQJPBPAvAAoJEC8ZTXQF1qEPyWUQALba67/U4o7FnEwKMxctIPTE -uo5pqqBPvmaXaeWwS2FZJtuZWUxCsSdNJpJ6zoRPOkC3cr2NUbEMSS3aHx9q5UP2 -EzrJ4MGOCJr63nvISvcVk4n7fwR5+eJpJwVZPrPTZNc6Q8PDTpuN464eBAN8bvho -D1TH9ktvEHPo6yx+SoKF5o3j5KY/icjFjzbgEl7IiID8GaEND0ME3aJh7sUDQbiK -2+PY3/qCvZplOBZG6Z+d3kzfgUsA5uw6CbPZB8RVN8OzOz1cJw/LnyLuA3K38XZF -eL6oKPXPUOHia4AuN7JAsJWKtZydIwLsgQldzK/eeqyNgx95bowNii5sEPTu6VRA -JGHkUa6UQm4gNuXiHnZxcdJxb7ohzCgm4H1JfQiiX89GrCP740T5rWRCIWsj/XwY -ZrpIt6hrRhPwiGIh/jD1VPY4nt4cFPPZZWewIP64ugOKdFJoHQLqK2XIU8Rm4DXf -TVRlPqq1CsGYO+1piiLE/xdoBItPBfU4eIgkrdqjgrcEORFCazBIoquhhu39qBRm -ymzJFC2h7ofssQmSj9zoiHha9I0BkA1u2+RowDjdy+iC3H6PJLPgPT0qGZvR8LKe -aNqQ3xlxrplY57DvVIP527VgulJGDi/Ar5OmVp0A56IdGGKgQFHhXZhtp77e8X7V -NL9BHFEPbln5TPDeeM9B -=1mwr +iQIcBAEBAgAGBQJPKv0KAAoJEC8ZTXQF1qEP3H0QAJt7AKEfmPBxdz3u0FzrOPbl +8y6Hs9WLDYD5LEcpbKMa5/wddKlO/2OemIlodovoMYQdac0bA6bDQKtkG3wCIcrv +DHXHiQI/hD2lzK3R4BQj6iAuCZs43MtCFzxRUCV0MqVIjWVf9CUJ7//CsHtqV79d +Ac7VUvOSmk218zvmHGTOttwrbv5sIZtQ1vXVl0LEPHp+QS82CwwU6S7d9bU2KPJA +EVf5Dw0rqq9d7dOkK+8UqnC4s+voEpS8jK7BHgON6lJpYupvog9e5Ro2Noa0cmCG +QHiZmu56ewAr4VRgxt5hy0wobCWhEz4pYElKja8LvcOk7cCAlOqId1LASD6HVWLS +uksxObxQV3QW6X76ViG2Rkon3ZKvyuBuY0sshDztK31P6gHp1jpe96zGebqBI/AG +z3IP9qd1g16VmFYjzVye1+sxKcdt9jpMMClVS5E/+yavZq1mmW9WgUNHJ12nBMvh +0oRFGxR0MGREA7pJcNjax4Vtgk1a78sUBTrcIKGRtrl7Ff0rT8LcSRH6Yf1ivU+H +kkeIuYqb3LC4SACdnWSd4ceTuBYV776tbQvbnA1yb2GxmTiiepOLc7gmXlMe2Z8v +5H8OBozF8BZgZz+/eK/tyH6ubf10TRKLtTTZrjyMLDxvKRR1clAXhUQ458OG/9HN +aILT0KZm83WPziA9nLjU +=DLUf -----END PGP SIGNATURE----- diff --git a/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch b/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch new file mode 100644 index 000000000000..bff3c6268556 --- /dev/null +++ b/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch @@ -0,0 +1,34 @@ +From 7dc8d57d6952fe681cb9e8818df7f103220457bd Mon Sep 17 00:00:00 2001 +From: Deon George <wurley@users.sf.net> +Date: Tue, 24 Jan 2012 12:37:28 +1100 +Subject: [PATCH] SF Bug #3477910 - XSS vulnerability in query + +--- + lib/QueryRender.php | 4 ++-- + 1 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/lib/QueryRender.php b/lib/QueryRender.php +index 291ec40..685f3ba 100644 +--- a/lib/QueryRender.php ++++ b/lib/QueryRender.php +@@ -497,7 +497,7 @@ class QueryRender extends PageRender { + $this->getAjaxRef($base), + $this->getAjaxRef($base), + ($show == $this->getAjaxRef($base) ? '#F0F0F0' : '#E0E0E0'), +- $base); ++ htmlspecialchars($base)); + } + echo '</tr>'; + echo '</table>'; +@@ -545,7 +545,7 @@ class QueryRender extends PageRender { + echo ' ]</small>'; + + echo '<br />'; +- printf('<small>%s: <b>%s</b></small>',_('Base DN'),$base); ++ printf('<small>%s: <b>%s</b></small>',_('Base DN'),htmlspecialchars($base)); + + echo '<br />'; + printf('<small>%s: <b>%s</b></small>',_('Filter performed'),htmlspecialchars($this->template->resultsdata[$base]['filter'])); +-- +1.7.4.1 + diff --git a/net-nds/phpldapadmin/phpldapadmin-1.2.2-r1.ebuild b/net-nds/phpldapadmin/phpldapadmin-1.2.2-r1.ebuild new file mode 100644 index 000000000000..bda401833c6a --- /dev/null +++ b/net-nds/phpldapadmin/phpldapadmin-1.2.2-r1.ebuild @@ -0,0 +1,46 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-nds/phpldapadmin/phpldapadmin-1.2.2-r1.ebuild,v 1.1 2012/02/02 21:18:10 jmbsvicetto Exp $ + +EAPI="2" + +inherit webapp depend.php + +DESCRIPTION="phpLDAPadmin is a web-based tool for managing all aspects of your LDAP server." +HOMEPAGE="http://phpldapadmin.sourceforge.net" +SRC_URI="mirror://sourceforge/${PN}/${P}.tgz" + +LICENSE="GPL-2" +KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~sparc ~x86" +IUSE="" + +RDEPEND="dev-lang/php[hash,ldap,session,xml,nls] + || ( <dev-lang/php-5.3[pcre] >=dev-lang/php-5.3 )" + +need_httpd_cgi +need_php_httpd + +src_prepare() { + mv config/config.php.example config/config.php + epatch "${FILESDIR}/${PN}-1.2.1.1-fix-magic-quotes.patch" + # http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin;a=commit;h=7dc8d57d6952fe681cb9e8818df7f103220457bd + epatch "${FILESDIR}/${P}-base.patch" +} + +src_install() { + webapp_src_preinst + + dodoc INSTALL + + # Restrict config file access - bug 280836 + chown root:apache "config/config.php" + chmod 640 "config/config.php" + + insinto "${MY_HTDOCSDIR}" + doins -r * + + webapp_configfile "${MY_HTDOCSDIR}/config/config.php" + webapp_postinst_txt en "${FILESDIR}"/postinstall2-en.txt + + webapp_src_install +} |