Gentoo Archives: gentoo-commits

From: "Jorge Manuel B. S. Vicetto" <jmbsvicetto@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] dev/jmbsvicetto:master commit in: net-nds/phpldapadmin/files/, net-nds/phpldapadmin/
Date: Thu, 02 Feb 2012 20:36:44
Message-Id: 726499fe34b8735aa45e8f316436343083190073.jmbsvicetto@gentoo
1 commit: 726499fe34b8735aa45e8f316436343083190073
2 Author: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto <AT> gentoo <DOT> org>
3 AuthorDate: Thu Feb 2 20:33:52 2012 +0000
4 Commit: Jorge Manuel B. S. Vicetto <jmbsvicetto <AT> gentoo <DOT> org>
5 CommitDate: Thu Feb 2 20:33:52 2012 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=dev/jmbsvicetto.git;a=commit;h=726499fe
7
8 [net-nds/phpldapadmin-1.2.2-r1] Apply security patch to fix XSS issue - fixes bug 401901.
9
10 (Portage version: 2.2.0_alpha84/git/Linux x86_64, signed Manifest commit with key BB0E6E98)
11
12 ---
13 net-nds/phpldapadmin/ChangeLog | 7 +++
14 net-nds/phpldapadmin/Manifest | 30 +++++++------
15 .../files/phpldapadmin-1.2.2-base.patch | 34 +++++++++++++++
16 net-nds/phpldapadmin/phpldapadmin-1.2.2-r1.ebuild | 45 ++++++++++++++++++++
17 4 files changed, 102 insertions(+), 14 deletions(-)
18
19 diff --git a/net-nds/phpldapadmin/ChangeLog b/net-nds/phpldapadmin/ChangeLog
20 index 43cb97a..f8597f4 100644
21 --- a/net-nds/phpldapadmin/ChangeLog
22 +++ b/net-nds/phpldapadmin/ChangeLog
23 @@ -2,6 +2,13 @@
24 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
25 # $Header: $
26
27 +*phpldapadmin-1.2.2-r1 (02 Feb 2012)
28 +
29 + 02 Feb 2012; Jorge Manuel B. S. Vicetto <jmbsvicetto@g.o>
30 + +phpldapadmin-1.2.2-r1.ebuild, +files/phpldapadmin-1.2.2-base.patch:
31 + [net-nds/phpldapadmin-1.2.2-r1] Apply security patch to fix XSS issue - fixes
32 + bug 401901.
33 +
34 *phpldapadmin-1.2.2 (04 Jan 2012)
35
36 04 Jan 2012; Jorge Manuel B. S. Vicetto <jmbsvicetto@g.o>
37
38 diff --git a/net-nds/phpldapadmin/Manifest b/net-nds/phpldapadmin/Manifest
39 index a222f60..61bfb49 100644
40 --- a/net-nds/phpldapadmin/Manifest
41 +++ b/net-nds/phpldapadmin/Manifest
42 @@ -3,29 +3,31 @@ Hash: SHA1
43
44 AUX phpldapadmin-1.2.0.5-fix-magic-quotes.patch 907 RMD160 62ae95f4c3da3e62d9ac5da09feab003a48a3747 SHA1 f19ad4b6e639acadf1dab208a8686f6f50c69c07 SHA256 10beefdc89c03fb6c13cb25fb38f4c9837b7ad4f23de97cf24273d093fddd398
45 AUX phpldapadmin-1.2.1.1-fix-magic-quotes.patch 829 RMD160 085053d13ba91c8b69d5b0e4d6ce3fd0e627780b SHA1 8f6ea7971157091febc6a7ff2f6fe97ed908df38 SHA256 7cce069d30a5c4067743de8e91d0d6bd4d9faaaf169ed342a3890bf07ced8817
46 +AUX phpldapadmin-1.2.2-base.patch 1115 RMD160 d1be4823aa4324fe64a3926a7a6d886c66cce38f SHA1 ac32c511f07314041981514ac6c55e8ba42a2e28 SHA256 33c012fc00d0a170ff57e50624ec0e1018ace3fe9350a5a02ffe2ae8e1751d33
47 AUX postinstall2-en.txt 131 RMD160 f1f681b3b5094f555e6adfca8d70d4ca1b14ae4b SHA1 deecc59339d6c83dad797c0f8cfab9ea0110153a SHA256 e2dc7bea366789a303eb9a90d1bced655cea00469202859af40bf19c00505d38
48 DIST phpldapadmin-1.2.0.5.tgz 1345901 RMD160 7b3e194420d7360001faa709b046423d8ac939bf SHA1 0720ec05bfe91520bdd15e38c79f949f18d355eb SHA256 ee75da1dbba023499fdf50d6cedea9bcdb9caad017b15ed2e31700bcc61dfcfd
49 DIST phpldapadmin-1.2.1.1.tgz 1468961 RMD160 c78bd0f056f7f5f8b150360e6ee0ef3f37d6560c SHA1 f30d76205891fbd01fab468af1f8430597983787 SHA256 1fa6373c500a193a8868cb6a753f3b5218a92374b792994129c0c1b69d4d1090
50 DIST phpldapadmin-1.2.2.tgz 1415565 RMD160 dd93d9558c9780b014f066d070b496e2804b9565 SHA1 2904923eb25173d108b556c70fb3d42cd6e0e289 SHA256 8629ea3f14630d4dd74099c997ac9795240a6417d5d124517ba5860c12d8a239
51 EBUILD phpldapadmin-1.2.0.5.ebuild 1010 RMD160 5af8725c3b2223d2caab5e3ce47bdea414640ccc SHA1 958603fd0d2a660cb423e530ebcd3c9955102609 SHA256 a1ad15899f39aa51c1b22b184ab5bef00941221ec9f6a9b15d3cb2e71f6fc4b5
52 EBUILD phpldapadmin-1.2.1.1.ebuild 1010 RMD160 5af8725c3b2223d2caab5e3ce47bdea414640ccc SHA1 958603fd0d2a660cb423e530ebcd3c9955102609 SHA256 a1ad15899f39aa51c1b22b184ab5bef00941221ec9f6a9b15d3cb2e71f6fc4b5
53 +EBUILD phpldapadmin-1.2.2-r1.ebuild 1179 RMD160 18a2c72f5ce61c7bb0ca5b9f76578df13913e11f SHA1 798f417f12f09c5502436d21da3de5c5141945c3 SHA256 c483a9938a02fe10dc72ee003d577e32aef7ac10f4bc80011b9bfb731d939ab1
54 EBUILD phpldapadmin-1.2.2.ebuild 1141 RMD160 be4cfe7972deee1d9ca15de7ce54ea54a0599fa0 SHA1 97c883097e4c1152f543cf5704269515ca15d1f4 SHA256 1cd36c4f075323c058d6ad03c77e0a46e947bf5d4cf8a15baf5a66cb8e08e93b
55 -MISC ChangeLog 1422 RMD160 285d850f245fe1b3fe59b737af00c1d1673e59a7 SHA1 eb8fb51afc95dd493f44d043f2cc10417e491eac SHA256 b220597901e46a17a2d94750378a5b71779006b127a8a25bf2236fa2e78f13c6
56 +MISC ChangeLog 1693 RMD160 f51fe08411b086eca36e28137e7a6c9a4efacd5c SHA1 afd1b46b81803435ed5d6375d9f9fadd4dbcdbe8 SHA256 aedfeb4998ff4ccd33438d48baccdaef1f7923cf561ae361e52b05d5ef1f3100
57 MISC metadata.xml 380 RMD160 c812cb4fabdae73f62c2d8cffa1ec1981d4a8d9a SHA1 9ba2c1eaa4175898656e7b78bab91bbcf67503de SHA256 47eaae7cd8741cc282bc0877ed4a848c04ea2f437de6c6065982a7369e08b574
58 -----BEGIN PGP SIGNATURE-----
59 Version: GnuPG v2.0.18 (GNU/Linux)
60
61 -iQIcBAEBAgAGBQJPBIUFAAoJEC8ZTXQF1qEPwE0QALfzRlvpxqvW19A1XeW75Z2G
62 -R9I5boqO9TQm/DLSWmEcjqfCQNGIxly/ZmTrPv6KK9fqZyqpvTZpVEE2PNEXFdSF
63 -Vzbj9IjjAs7P1GOsw76GJSwi2d8tR52eW8oT8NnugDLBW2zDV5wPXU42IG4UzD1m
64 -9UCdrf3Q2ueeP9OK3CCicV8hlDif3HmmTSrdUnYQ3mRH/Av75X/6ln2OYMrwqmgo
65 -R80fMk5Wn+xt/Ok4+6WKsIXPOczTztxyLqxfx9xYfUIOvhd3BSMJQLvuLr49OS7Y
66 -n88fBxmyNxyCKP5X481fwoEuoOv+E9+cEcU0Q59dFinjJPJUXtdW6dfqwcIjzOU4
67 -yHgdOd2BBBXyd6MJoExdhrdgk3wEa8owg4Yu9063GSAkPkRT0tQ8QOZIbwixcV20
68 -Se4+7cd4XU3XSr+2k0Q5HCD1EYFLf/2iWTFO2oocAxBe2FAOx15Kz0zzL1ME2ajJ
69 -2Wn3kitLjJOwcdaiDyovuX95RHK8LRHDvqC7A6/th8UIiOctSurEa2fAE059Y7EF
70 -YTUDrEc4mbhyRvWK5YMGB7/xjwHHxDZ8e4VRNZqBlkuJpMTxUZq7e9NXZdzud6gQ
71 -Lysnh3OBsdKkZrPLc6KzHce6mt7muMw89NpupOWYd1WlrraqcQZzQAp8CnwyUoE3
72 -nDCI7DKaB7KviDYB5Gjh
73 -=XudF
74 +iQIcBAEBAgAGBQJPKvMwAAoJEC8ZTXQF1qEP+QoP/3A+tpc2cFthdt7MB3HFjDg2
75 +EniEwY0bpWcxnSNta+mbholEpjcOamGzFDrDNPEPOC8gul8AkpAuzOu4V1bEgYMY
76 +b2yNh6fP6aiUpwJIdOuhcrS/dkB1huwAyi33VhEsRq0Ptm4l501pKPTRsvMAGO9w
77 +lGHHcrPdPFA9OABXQPtkW+bwZmyMNY/xHPelz6aUKQq+TVIJeEC90i2emQnO5RQI
78 +hwFk7u25WpN/rjbFpI0tiqMAlk5Wcw+FPNXgRWYjL+YIIuxVk1rwGxTLsZ2V4oOi
79 +x4qh0zrQ+3ciSU3iV8vNm1U54cszPAj6Ul0figkaUN38wff2dBP2IP0c//YXvPfK
80 +2YjuIvK0ItwCSsu1sIAfyY3f9itC4XoXJ2AKNdbl2W8Jvf7gobXMjRoQxwSp+Yr5
81 +wNOvIWiE0pWlPxuul1qFyTD0iPfZJTxXmjOo4LkT5Gtji9jQZmijcFerdsGLVwPm
82 +Yx0zg1JAbNyF+D1N+nNBglRSU+bn2laloQ5mXS33AXib5SfpjaTAfxBrWHpkOPJd
83 +hE2VIgDr7k5Ayyf1o23ua/ELbkIIGs7ylrtT2+pLYfxhB21lY4o05qGNHRuw22vE
84 +EHfFsNCUhWLF9oYqTL0blVidqpMlObvq4DmIAGTYG6yX4TFRD0dWtWvP7WxEIhso
85 +qPmLUVMGqUynNjlI5Gkx
86 +=SmeB
87 -----END PGP SIGNATURE-----
88
89 diff --git a/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch b/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch
90 new file mode 100644
91 index 0000000..bff3c62
92 --- /dev/null
93 +++ b/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch
94 @@ -0,0 +1,34 @@
95 +From 7dc8d57d6952fe681cb9e8818df7f103220457bd Mon Sep 17 00:00:00 2001
96 +From: Deon George <wurley@××××××××.net>
97 +Date: Tue, 24 Jan 2012 12:37:28 +1100
98 +Subject: [PATCH] SF Bug #3477910 - XSS vulnerability in query
99 +
100 +---
101 + lib/QueryRender.php | 4 ++--
102 + 1 files changed, 2 insertions(+), 2 deletions(-)
103 +
104 +diff --git a/lib/QueryRender.php b/lib/QueryRender.php
105 +index 291ec40..685f3ba 100644
106 +--- a/lib/QueryRender.php
107 ++++ b/lib/QueryRender.php
108 +@@ -497,7 +497,7 @@ class QueryRender extends PageRender {
109 + $this->getAjaxRef($base),
110 + $this->getAjaxRef($base),
111 + ($show == $this->getAjaxRef($base) ? '#F0F0F0' : '#E0E0E0'),
112 +- $base);
113 ++ htmlspecialchars($base));
114 + }
115 + echo '</tr>';
116 + echo '</table>';
117 +@@ -545,7 +545,7 @@ class QueryRender extends PageRender {
118 + echo ' ]</small>';
119 +
120 + echo '<br />';
121 +- printf('<small>%s: <b>%s</b></small>',_('Base DN'),$base);
122 ++ printf('<small>%s: <b>%s</b></small>',_('Base DN'),htmlspecialchars($base));
123 +
124 + echo '<br />';
125 + printf('<small>%s: <b>%s</b></small>',_('Filter performed'),htmlspecialchars($this->template->resultsdata[$base]['filter']));
126 +--
127 +1.7.4.1
128 +
129
130 diff --git a/net-nds/phpldapadmin/phpldapadmin-1.2.2-r1.ebuild b/net-nds/phpldapadmin/phpldapadmin-1.2.2-r1.ebuild
131 new file mode 100644
132 index 0000000..88c4fb9
133 --- /dev/null
134 +++ b/net-nds/phpldapadmin/phpldapadmin-1.2.2-r1.ebuild
135 @@ -0,0 +1,45 @@
136 +# Copyright 1999-2012 Gentoo Foundation
137 +# Distributed under the terms of the GNU General Public License v2
138 +# $Header: /var/cvsroot/gentoo-x86/net-nds/phpldapadmin/phpldapadmin-1.2.1.1-r1.ebuild,v 1.1 2011/10/25 18:18:43 jmbsvicetto Exp $
139 +
140 +EAPI="2"
141 +
142 +inherit webapp depend.php
143 +
144 +DESCRIPTION="phpLDAPadmin is a web-based tool for managing all aspects of your LDAP server."
145 +HOMEPAGE="http://phpldapadmin.sourceforge.net"
146 +SRC_URI="mirror://sourceforge/${PN}/${P}.tgz"
147 +
148 +LICENSE="GPL-2"
149 +KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~sparc ~x86"
150 +IUSE=""
151 +
152 +RDEPEND="dev-lang/php[hash,ldap,session,xml,nls]
153 + || ( <dev-lang/php-5.3[pcre] >=dev-lang/php-5.3 )"
154 +
155 +need_httpd_cgi
156 +need_php_httpd
157 +
158 +src_prepare() {
159 + mv config/config.php.example config/config.php
160 + epatch "${FILESDIR}/${PN}-1.2.1.1-fix-magic-quotes.patch"
161 + epatch "${FILESDIR}/${P}-base.patch"
162 +}
163 +
164 +src_install() {
165 + webapp_src_preinst
166 +
167 + dodoc INSTALL
168 +
169 + # Restrict config file access - bug 280836
170 + chown root:apache "config/config.php"
171 + chmod 640 "config/config.php"
172 +
173 + insinto "${MY_HTDOCSDIR}"
174 + doins -r *
175 +
176 + webapp_configfile "${MY_HTDOCSDIR}/config/config.php"
177 + webapp_postinst_txt en "${FILESDIR}"/postinstall2-en.txt
178 +
179 + webapp_src_install
180 +}