1 |
commit: 726499fe34b8735aa45e8f316436343083190073 |
2 |
Author: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Feb 2 20:33:52 2012 +0000 |
4 |
Commit: Jorge Manuel B. S. Vicetto <jmbsvicetto <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Feb 2 20:33:52 2012 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=dev/jmbsvicetto.git;a=commit;h=726499fe |
7 |
|
8 |
[net-nds/phpldapadmin-1.2.2-r1] Apply security patch to fix XSS issue - fixes bug 401901. |
9 |
|
10 |
(Portage version: 2.2.0_alpha84/git/Linux x86_64, signed Manifest commit with key BB0E6E98) |
11 |
|
12 |
--- |
13 |
net-nds/phpldapadmin/ChangeLog | 7 +++ |
14 |
net-nds/phpldapadmin/Manifest | 30 +++++++------ |
15 |
.../files/phpldapadmin-1.2.2-base.patch | 34 +++++++++++++++ |
16 |
net-nds/phpldapadmin/phpldapadmin-1.2.2-r1.ebuild | 45 ++++++++++++++++++++ |
17 |
4 files changed, 102 insertions(+), 14 deletions(-) |
18 |
|
19 |
diff --git a/net-nds/phpldapadmin/ChangeLog b/net-nds/phpldapadmin/ChangeLog |
20 |
index 43cb97a..f8597f4 100644 |
21 |
--- a/net-nds/phpldapadmin/ChangeLog |
22 |
+++ b/net-nds/phpldapadmin/ChangeLog |
23 |
@@ -2,6 +2,13 @@ |
24 |
# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 |
25 |
# $Header: $ |
26 |
|
27 |
+*phpldapadmin-1.2.2-r1 (02 Feb 2012) |
28 |
+ |
29 |
+ 02 Feb 2012; Jorge Manuel B. S. Vicetto <jmbsvicetto@g.o> |
30 |
+ +phpldapadmin-1.2.2-r1.ebuild, +files/phpldapadmin-1.2.2-base.patch: |
31 |
+ [net-nds/phpldapadmin-1.2.2-r1] Apply security patch to fix XSS issue - fixes |
32 |
+ bug 401901. |
33 |
+ |
34 |
*phpldapadmin-1.2.2 (04 Jan 2012) |
35 |
|
36 |
04 Jan 2012; Jorge Manuel B. S. Vicetto <jmbsvicetto@g.o> |
37 |
|
38 |
diff --git a/net-nds/phpldapadmin/Manifest b/net-nds/phpldapadmin/Manifest |
39 |
index a222f60..61bfb49 100644 |
40 |
--- a/net-nds/phpldapadmin/Manifest |
41 |
+++ b/net-nds/phpldapadmin/Manifest |
42 |
@@ -3,29 +3,31 @@ Hash: SHA1 |
43 |
|
44 |
AUX phpldapadmin-1.2.0.5-fix-magic-quotes.patch 907 RMD160 62ae95f4c3da3e62d9ac5da09feab003a48a3747 SHA1 f19ad4b6e639acadf1dab208a8686f6f50c69c07 SHA256 10beefdc89c03fb6c13cb25fb38f4c9837b7ad4f23de97cf24273d093fddd398 |
45 |
AUX phpldapadmin-1.2.1.1-fix-magic-quotes.patch 829 RMD160 085053d13ba91c8b69d5b0e4d6ce3fd0e627780b SHA1 8f6ea7971157091febc6a7ff2f6fe97ed908df38 SHA256 7cce069d30a5c4067743de8e91d0d6bd4d9faaaf169ed342a3890bf07ced8817 |
46 |
+AUX phpldapadmin-1.2.2-base.patch 1115 RMD160 d1be4823aa4324fe64a3926a7a6d886c66cce38f SHA1 ac32c511f07314041981514ac6c55e8ba42a2e28 SHA256 33c012fc00d0a170ff57e50624ec0e1018ace3fe9350a5a02ffe2ae8e1751d33 |
47 |
AUX postinstall2-en.txt 131 RMD160 f1f681b3b5094f555e6adfca8d70d4ca1b14ae4b SHA1 deecc59339d6c83dad797c0f8cfab9ea0110153a SHA256 e2dc7bea366789a303eb9a90d1bced655cea00469202859af40bf19c00505d38 |
48 |
DIST phpldapadmin-1.2.0.5.tgz 1345901 RMD160 7b3e194420d7360001faa709b046423d8ac939bf SHA1 0720ec05bfe91520bdd15e38c79f949f18d355eb SHA256 ee75da1dbba023499fdf50d6cedea9bcdb9caad017b15ed2e31700bcc61dfcfd |
49 |
DIST phpldapadmin-1.2.1.1.tgz 1468961 RMD160 c78bd0f056f7f5f8b150360e6ee0ef3f37d6560c SHA1 f30d76205891fbd01fab468af1f8430597983787 SHA256 1fa6373c500a193a8868cb6a753f3b5218a92374b792994129c0c1b69d4d1090 |
50 |
DIST phpldapadmin-1.2.2.tgz 1415565 RMD160 dd93d9558c9780b014f066d070b496e2804b9565 SHA1 2904923eb25173d108b556c70fb3d42cd6e0e289 SHA256 8629ea3f14630d4dd74099c997ac9795240a6417d5d124517ba5860c12d8a239 |
51 |
EBUILD phpldapadmin-1.2.0.5.ebuild 1010 RMD160 5af8725c3b2223d2caab5e3ce47bdea414640ccc SHA1 958603fd0d2a660cb423e530ebcd3c9955102609 SHA256 a1ad15899f39aa51c1b22b184ab5bef00941221ec9f6a9b15d3cb2e71f6fc4b5 |
52 |
EBUILD phpldapadmin-1.2.1.1.ebuild 1010 RMD160 5af8725c3b2223d2caab5e3ce47bdea414640ccc SHA1 958603fd0d2a660cb423e530ebcd3c9955102609 SHA256 a1ad15899f39aa51c1b22b184ab5bef00941221ec9f6a9b15d3cb2e71f6fc4b5 |
53 |
+EBUILD phpldapadmin-1.2.2-r1.ebuild 1179 RMD160 18a2c72f5ce61c7bb0ca5b9f76578df13913e11f SHA1 798f417f12f09c5502436d21da3de5c5141945c3 SHA256 c483a9938a02fe10dc72ee003d577e32aef7ac10f4bc80011b9bfb731d939ab1 |
54 |
EBUILD phpldapadmin-1.2.2.ebuild 1141 RMD160 be4cfe7972deee1d9ca15de7ce54ea54a0599fa0 SHA1 97c883097e4c1152f543cf5704269515ca15d1f4 SHA256 1cd36c4f075323c058d6ad03c77e0a46e947bf5d4cf8a15baf5a66cb8e08e93b |
55 |
-MISC ChangeLog 1422 RMD160 285d850f245fe1b3fe59b737af00c1d1673e59a7 SHA1 eb8fb51afc95dd493f44d043f2cc10417e491eac SHA256 b220597901e46a17a2d94750378a5b71779006b127a8a25bf2236fa2e78f13c6 |
56 |
+MISC ChangeLog 1693 RMD160 f51fe08411b086eca36e28137e7a6c9a4efacd5c SHA1 afd1b46b81803435ed5d6375d9f9fadd4dbcdbe8 SHA256 aedfeb4998ff4ccd33438d48baccdaef1f7923cf561ae361e52b05d5ef1f3100 |
57 |
MISC metadata.xml 380 RMD160 c812cb4fabdae73f62c2d8cffa1ec1981d4a8d9a SHA1 9ba2c1eaa4175898656e7b78bab91bbcf67503de SHA256 47eaae7cd8741cc282bc0877ed4a848c04ea2f437de6c6065982a7369e08b574 |
58 |
-----BEGIN PGP SIGNATURE----- |
59 |
Version: GnuPG v2.0.18 (GNU/Linux) |
60 |
|
61 |
-iQIcBAEBAgAGBQJPBIUFAAoJEC8ZTXQF1qEPwE0QALfzRlvpxqvW19A1XeW75Z2G |
62 |
-R9I5boqO9TQm/DLSWmEcjqfCQNGIxly/ZmTrPv6KK9fqZyqpvTZpVEE2PNEXFdSF |
63 |
-Vzbj9IjjAs7P1GOsw76GJSwi2d8tR52eW8oT8NnugDLBW2zDV5wPXU42IG4UzD1m |
64 |
-9UCdrf3Q2ueeP9OK3CCicV8hlDif3HmmTSrdUnYQ3mRH/Av75X/6ln2OYMrwqmgo |
65 |
-R80fMk5Wn+xt/Ok4+6WKsIXPOczTztxyLqxfx9xYfUIOvhd3BSMJQLvuLr49OS7Y |
66 |
-n88fBxmyNxyCKP5X481fwoEuoOv+E9+cEcU0Q59dFinjJPJUXtdW6dfqwcIjzOU4 |
67 |
-yHgdOd2BBBXyd6MJoExdhrdgk3wEa8owg4Yu9063GSAkPkRT0tQ8QOZIbwixcV20 |
68 |
-Se4+7cd4XU3XSr+2k0Q5HCD1EYFLf/2iWTFO2oocAxBe2FAOx15Kz0zzL1ME2ajJ |
69 |
-2Wn3kitLjJOwcdaiDyovuX95RHK8LRHDvqC7A6/th8UIiOctSurEa2fAE059Y7EF |
70 |
-YTUDrEc4mbhyRvWK5YMGB7/xjwHHxDZ8e4VRNZqBlkuJpMTxUZq7e9NXZdzud6gQ |
71 |
-Lysnh3OBsdKkZrPLc6KzHce6mt7muMw89NpupOWYd1WlrraqcQZzQAp8CnwyUoE3 |
72 |
-nDCI7DKaB7KviDYB5Gjh |
73 |
-=XudF |
74 |
+iQIcBAEBAgAGBQJPKvMwAAoJEC8ZTXQF1qEP+QoP/3A+tpc2cFthdt7MB3HFjDg2 |
75 |
+EniEwY0bpWcxnSNta+mbholEpjcOamGzFDrDNPEPOC8gul8AkpAuzOu4V1bEgYMY |
76 |
+b2yNh6fP6aiUpwJIdOuhcrS/dkB1huwAyi33VhEsRq0Ptm4l501pKPTRsvMAGO9w |
77 |
+lGHHcrPdPFA9OABXQPtkW+bwZmyMNY/xHPelz6aUKQq+TVIJeEC90i2emQnO5RQI |
78 |
+hwFk7u25WpN/rjbFpI0tiqMAlk5Wcw+FPNXgRWYjL+YIIuxVk1rwGxTLsZ2V4oOi |
79 |
+x4qh0zrQ+3ciSU3iV8vNm1U54cszPAj6Ul0figkaUN38wff2dBP2IP0c//YXvPfK |
80 |
+2YjuIvK0ItwCSsu1sIAfyY3f9itC4XoXJ2AKNdbl2W8Jvf7gobXMjRoQxwSp+Yr5 |
81 |
+wNOvIWiE0pWlPxuul1qFyTD0iPfZJTxXmjOo4LkT5Gtji9jQZmijcFerdsGLVwPm |
82 |
+Yx0zg1JAbNyF+D1N+nNBglRSU+bn2laloQ5mXS33AXib5SfpjaTAfxBrWHpkOPJd |
83 |
+hE2VIgDr7k5Ayyf1o23ua/ELbkIIGs7ylrtT2+pLYfxhB21lY4o05qGNHRuw22vE |
84 |
+EHfFsNCUhWLF9oYqTL0blVidqpMlObvq4DmIAGTYG6yX4TFRD0dWtWvP7WxEIhso |
85 |
+qPmLUVMGqUynNjlI5Gkx |
86 |
+=SmeB |
87 |
-----END PGP SIGNATURE----- |
88 |
|
89 |
diff --git a/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch b/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch |
90 |
new file mode 100644 |
91 |
index 0000000..bff3c62 |
92 |
--- /dev/null |
93 |
+++ b/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch |
94 |
@@ -0,0 +1,34 @@ |
95 |
+From 7dc8d57d6952fe681cb9e8818df7f103220457bd Mon Sep 17 00:00:00 2001 |
96 |
+From: Deon George <wurley@××××××××.net> |
97 |
+Date: Tue, 24 Jan 2012 12:37:28 +1100 |
98 |
+Subject: [PATCH] SF Bug #3477910 - XSS vulnerability in query |
99 |
+ |
100 |
+--- |
101 |
+ lib/QueryRender.php | 4 ++-- |
102 |
+ 1 files changed, 2 insertions(+), 2 deletions(-) |
103 |
+ |
104 |
+diff --git a/lib/QueryRender.php b/lib/QueryRender.php |
105 |
+index 291ec40..685f3ba 100644 |
106 |
+--- a/lib/QueryRender.php |
107 |
++++ b/lib/QueryRender.php |
108 |
+@@ -497,7 +497,7 @@ class QueryRender extends PageRender { |
109 |
+ $this->getAjaxRef($base), |
110 |
+ $this->getAjaxRef($base), |
111 |
+ ($show == $this->getAjaxRef($base) ? '#F0F0F0' : '#E0E0E0'), |
112 |
+- $base); |
113 |
++ htmlspecialchars($base)); |
114 |
+ } |
115 |
+ echo '</tr>'; |
116 |
+ echo '</table>'; |
117 |
+@@ -545,7 +545,7 @@ class QueryRender extends PageRender { |
118 |
+ echo ' ]</small>'; |
119 |
+ |
120 |
+ echo '<br />'; |
121 |
+- printf('<small>%s: <b>%s</b></small>',_('Base DN'),$base); |
122 |
++ printf('<small>%s: <b>%s</b></small>',_('Base DN'),htmlspecialchars($base)); |
123 |
+ |
124 |
+ echo '<br />'; |
125 |
+ printf('<small>%s: <b>%s</b></small>',_('Filter performed'),htmlspecialchars($this->template->resultsdata[$base]['filter'])); |
126 |
+-- |
127 |
+1.7.4.1 |
128 |
+ |
129 |
|
130 |
diff --git a/net-nds/phpldapadmin/phpldapadmin-1.2.2-r1.ebuild b/net-nds/phpldapadmin/phpldapadmin-1.2.2-r1.ebuild |
131 |
new file mode 100644 |
132 |
index 0000000..88c4fb9 |
133 |
--- /dev/null |
134 |
+++ b/net-nds/phpldapadmin/phpldapadmin-1.2.2-r1.ebuild |
135 |
@@ -0,0 +1,45 @@ |
136 |
+# Copyright 1999-2012 Gentoo Foundation |
137 |
+# Distributed under the terms of the GNU General Public License v2 |
138 |
+# $Header: /var/cvsroot/gentoo-x86/net-nds/phpldapadmin/phpldapadmin-1.2.1.1-r1.ebuild,v 1.1 2011/10/25 18:18:43 jmbsvicetto Exp $ |
139 |
+ |
140 |
+EAPI="2" |
141 |
+ |
142 |
+inherit webapp depend.php |
143 |
+ |
144 |
+DESCRIPTION="phpLDAPadmin is a web-based tool for managing all aspects of your LDAP server." |
145 |
+HOMEPAGE="http://phpldapadmin.sourceforge.net" |
146 |
+SRC_URI="mirror://sourceforge/${PN}/${P}.tgz" |
147 |
+ |
148 |
+LICENSE="GPL-2" |
149 |
+KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~sparc ~x86" |
150 |
+IUSE="" |
151 |
+ |
152 |
+RDEPEND="dev-lang/php[hash,ldap,session,xml,nls] |
153 |
+ || ( <dev-lang/php-5.3[pcre] >=dev-lang/php-5.3 )" |
154 |
+ |
155 |
+need_httpd_cgi |
156 |
+need_php_httpd |
157 |
+ |
158 |
+src_prepare() { |
159 |
+ mv config/config.php.example config/config.php |
160 |
+ epatch "${FILESDIR}/${PN}-1.2.1.1-fix-magic-quotes.patch" |
161 |
+ epatch "${FILESDIR}/${P}-base.patch" |
162 |
+} |
163 |
+ |
164 |
+src_install() { |
165 |
+ webapp_src_preinst |
166 |
+ |
167 |
+ dodoc INSTALL |
168 |
+ |
169 |
+ # Restrict config file access - bug 280836 |
170 |
+ chown root:apache "config/config.php" |
171 |
+ chmod 640 "config/config.php" |
172 |
+ |
173 |
+ insinto "${MY_HTDOCSDIR}" |
174 |
+ doins -r * |
175 |
+ |
176 |
+ webapp_configfile "${MY_HTDOCSDIR}/config/config.php" |
177 |
+ webapp_postinst_txt en "${FILESDIR}"/postinstall2-en.txt |
178 |
+ |
179 |
+ webapp_src_install |
180 |
+} |