[gentoo-commits] repo/gentoo:master commit in: net-nds/phpldapadmin/files/ - gentoo-commits

From:	Michael Palimaka <kensington@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: net-nds/phpldapadmin/files/
Date:	Sun, 29 Jan 2017 17:41:50
Message-Id:	`1485711695.09a069f6ee2dd1e495a5cbf236d0607c66f997a3.kensington@gentoo`

1

commit:     09a069f6ee2dd1e495a5cbf236d0607c66f997a3

2

Author:     Michael Mair-Keimberger (asterix) <m.mairkeimberger <AT> gmail <DOT> com>

3

AuthorDate: Fri Jan 27 15:29:20 2017 +0000

4

Commit:     Michael Palimaka <kensington <AT> gentoo <DOT> org>

5

CommitDate: Sun Jan 29 17:41:35 2017 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=09a069f6

7

8

net-nds/phpldapadmin: remove unused patches

9

10

 .../phpldapadmin-1.2.1.1-fix-cmd-exploit.patch     | 27 -----------------

11

 ...hpldapadmin-1.2.1.1-fix-functions-exploit.patch | 28 ------------------

12

 .../files/phpldapadmin-1.2.2-base.patch            | 34 ----------------------

13

 3 files changed, 89 deletions(-)

14

15

diff --git a/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-cmd-exploit.patch b/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-cmd-exploit.patch

16

deleted file mode 100644

17

index b5ae92d..00000000

18

--- a/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-cmd-exploit.patch

19

+++ /dev/null

20

@@ -1,27 +0,0 @@

21

-From 64668e882b8866fae0fa1b25375d1a2f3b4672e2 Mon Sep 17 00:00:00 2001

22

-From: Deon George <wurley@××××××××.net>

23

-Date: Wed, 27 Jul 2011 07:30:06 +1000

24

-Subject: [PATCH] Remove XSS vulnerabilty in debug code

25

-

26

----

27

- htdocs/cmd.php |    4 ----

28

- 1 files changed, 0 insertions(+), 4 deletions(-)

29

-

30

-diff --git a/htdocs/cmd.php b/htdocs/cmd.php

31

-index 34f3848..0ddf004 100644

32

---- a/htdocs/cmd.php

33

-+++ b/htdocs/cmd.php

34

-@@ -19,10 +19,6 @@ $www['meth'] = get_request('meth','REQUEST');

35

- ob_start();

36

-

37

- switch ($www['cmd']) {

38

--	case '_debug':

39

--		debug_dump($_REQUEST,1);

40

--		break;

41

--

42

- 	default:

43

- 		if (defined('HOOKSDIR') && file_exists(HOOKSDIR.$www['cmd'].'.php'))

44

- 			$app['script_cmd'] = HOOKSDIR.$www['cmd'].'.php';

45

---

46

-1.7.4.1

47

-

48

49

diff --git a/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-functions-exploit.patch b/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-functions-exploit.patch

50

deleted file mode 100644

51

index bc18b45..00000000

52

--- a/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-functions-exploit.patch

53

+++ /dev/null

54

@@ -1,28 +0,0 @@

55

-From 76e6dad13ef77c5448b8dfed1a61e4acc7241165 Mon Sep 17 00:00:00 2001

56

-From: Deon George <wurley@××××××××.net>

57

-Date: Thu, 6 Oct 2011 09:03:20 +1100

58

-Subject: [PATCH] SF Bug #3417184 - PHP Code Injection Vulnerability

59

-

60

----

61

- lib/functions.php |    5 +++--

62

- 1 files changed, 3 insertions(+), 2 deletions(-)

63

-

64

-diff --git a/lib/functions.php b/lib/functions.php

65

-index 19fde99..eb160dc 100644

66

---- a/lib/functions.php

67

-+++ b/lib/functions.php

68

-@@ -1003,8 +1003,9 @@ function masort(&$data,$sortby,$rev=0) {

69

- 	if (defined('DEBUG_ENABLED') && DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))

70

- 		debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs);

71

-

72

--	# if the array to sort is null or empty

73

--	if (! $data) return;

74

-+	# if the array to sort is null or empty, or if we have some nasty chars

75

-+	if (! preg_match('/^[a-zA-Z0-9_]+(\([a-zA-Z0-9_,]*\))?$/',$sortby) || ! $data)

76

-+		return;

77

-

78

- 	static $CACHE = array();

79

-

80

---

81

-1.7.4.1

82

-

83

84

diff --git a/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch b/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch

85

deleted file mode 100644

86

index bff3c62..00000000

87

--- a/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch

88

+++ /dev/null

89

@@ -1,34 +0,0 @@

90

-From 7dc8d57d6952fe681cb9e8818df7f103220457bd Mon Sep 17 00:00:00 2001

91

-From: Deon George <wurley@××××××××.net>

92

-Date: Tue, 24 Jan 2012 12:37:28 +1100

93

-Subject: [PATCH] SF Bug #3477910 - XSS vulnerability in query

94

-

95

----

96

- lib/QueryRender.php |    4 ++--

97

- 1 files changed, 2 insertions(+), 2 deletions(-)

98

-

99

-diff --git a/lib/QueryRender.php b/lib/QueryRender.php

100

-index 291ec40..685f3ba 100644

101

---- a/lib/QueryRender.php

102

-+++ b/lib/QueryRender.php

103

-@@ -497,7 +497,7 @@ class QueryRender extends PageRender {

104

- 				$this->getAjaxRef($base),

105

- 				$this->getAjaxRef($base),

106

- 				($show == $this->getAjaxRef($base) ? '#F0F0F0' : '#E0E0E0'),

107

--				$base);

108

-+				htmlspecialchars($base));

109

- 		}

110

- 		echo '</tr>';

111

- 		echo '</table>';

112

-@@ -545,7 +545,7 @@ class QueryRender extends PageRender {

113

- 		echo ' ]</small>';

114

-

115

- 		echo '<br />';

116

--		printf('<small>%s: <b>%s</b></small>',_('Base DN'),$base);

117

-+		printf('<small>%s: <b>%s</b></small>',_('Base DN'),htmlspecialchars($base));

118

-

119

- 		echo '<br />';

120

- 		printf('<small>%s: <b>%s</b></small>',_('Filter performed'),htmlspecialchars($this->template->resultsdata[$base]['filter']));

121

---

122

-1.7.4.1

123

-

1	commit: 09a069f6ee2dd1e495a5cbf236d0607c66f997a3
2	Author: Michael Mair-Keimberger (asterix) <m.mairkeimberger <AT> gmail <DOT> com>
3	AuthorDate: Fri Jan 27 15:29:20 2017 +0000
4	Commit: Michael Palimaka <kensington <AT> gentoo <DOT> org>
5	CommitDate: Sun Jan 29 17:41:35 2017 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=09a069f6
7
8	net-nds/phpldapadmin: remove unused patches
9
10	.../phpldapadmin-1.2.1.1-fix-cmd-exploit.patch \| 27 -----------------
11	...hpldapadmin-1.2.1.1-fix-functions-exploit.patch \| 28 ------------------
12	.../files/phpldapadmin-1.2.2-base.patch \| 34 ----------------------
13	3 files changed, 89 deletions(-)
14
15	diff --git a/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-cmd-exploit.patch b/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-cmd-exploit.patch
16	deleted file mode 100644
17	index b5ae92d..00000000
18	--- a/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-cmd-exploit.patch
19	+++ /dev/null
20	@@ -1,27 +0,0 @@
21	-From 64668e882b8866fae0fa1b25375d1a2f3b4672e2 Mon Sep 17 00:00:00 2001
22	-From: Deon George <wurley@××××××××.net>
23	-Date: Wed, 27 Jul 2011 07:30:06 +1000
24	-Subject: [PATCH] Remove XSS vulnerabilty in debug code
25	-
26	----
27	- htdocs/cmd.php \| 4 ----
28	- 1 files changed, 0 insertions(+), 4 deletions(-)
29	-
30	-diff --git a/htdocs/cmd.php b/htdocs/cmd.php
31	-index 34f3848..0ddf004 100644
32	---- a/htdocs/cmd.php
33	-+++ b/htdocs/cmd.php
34	-@@ -19,10 +19,6 @@ $www['meth'] = get_request('meth','REQUEST');
35	- ob_start();
36	-
37	- switch ($www['cmd']) {
38	-- case '_debug':
39	-- debug_dump($_REQUEST,1);
40	-- break;
41	--
42	- default:
43	- if (defined('HOOKSDIR') && file_exists(HOOKSDIR.$www['cmd'].'.php'))
44	- $app['script_cmd'] = HOOKSDIR.$www['cmd'].'.php';
45	---
46	-1.7.4.1
47	-
48
49	diff --git a/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-functions-exploit.patch b/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-functions-exploit.patch
50	deleted file mode 100644
51	index bc18b45..00000000
52	--- a/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-functions-exploit.patch
53	+++ /dev/null
54	@@ -1,28 +0,0 @@
55	-From 76e6dad13ef77c5448b8dfed1a61e4acc7241165 Mon Sep 17 00:00:00 2001
56	-From: Deon George <wurley@××××××××.net>
57	-Date: Thu, 6 Oct 2011 09:03:20 +1100
58	-Subject: [PATCH] SF Bug #3417184 - PHP Code Injection Vulnerability
59	-
60	----
61	- lib/functions.php \| 5 +++--
62	- 1 files changed, 3 insertions(+), 2 deletions(-)
63	-
64	-diff --git a/lib/functions.php b/lib/functions.php
65	-index 19fde99..eb160dc 100644
66	---- a/lib/functions.php
67	-+++ b/lib/functions.php
68	-@@ -1003,8 +1003,9 @@ function masort(&$data,$sortby,$rev=0) {
69	- if (defined('DEBUG_ENABLED') && DEBUG_ENABLED && (($fargs=func_get_args())\|\|$fargs='NOARGS'))
70	- debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs);
71	-
72	-- # if the array to sort is null or empty
73	-- if (! $data) return;
74	-+ # if the array to sort is null or empty, or if we have some nasty chars
75	-+ if (! preg_match('/^[a-zA-Z0-9_]+(\([a-zA-Z0-9_,]*\))?$/',$sortby) \|\| ! $data)
76	-+ return;
77	-
78	- static $CACHE = array();
79	-
80	---
81	-1.7.4.1
82	-
83
84	diff --git a/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch b/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch
85	deleted file mode 100644
86	index bff3c62..00000000
87	--- a/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch
88	+++ /dev/null
89	@@ -1,34 +0,0 @@
90	-From 7dc8d57d6952fe681cb9e8818df7f103220457bd Mon Sep 17 00:00:00 2001
91	-From: Deon George <wurley@××××××××.net>
92	-Date: Tue, 24 Jan 2012 12:37:28 +1100
93	-Subject: [PATCH] SF Bug #3477910 - XSS vulnerability in query
94	-
95	----
96	- lib/QueryRender.php \| 4 ++--
97	- 1 files changed, 2 insertions(+), 2 deletions(-)
98	-
99	-diff --git a/lib/QueryRender.php b/lib/QueryRender.php
100	-index 291ec40..685f3ba 100644
101	---- a/lib/QueryRender.php
102	-+++ b/lib/QueryRender.php
103	-@@ -497,7 +497,7 @@ class QueryRender extends PageRender {
104	- $this->getAjaxRef($base),
105	- $this->getAjaxRef($base),
106	- ($show == $this->getAjaxRef($base) ? '#F0F0F0' : '#E0E0E0'),
107	-- $base);
108	-+ htmlspecialchars($base));
109	- }
110	- echo '</tr>';
111	- echo '</table>';
112	-@@ -545,7 +545,7 @@ class QueryRender extends PageRender {
113	- echo ' ]</small>';
114	-
115	- echo '<br />';
116	-- printf('<small>%s: <b>%s</b></small>',_('Base DN'),$base);
117	-+ printf('<small>%s: <b>%s</b></small>',_('Base DN'),htmlspecialchars($base));
118	-
119	- echo '<br />';
120	- printf('<small>%s: <b>%s</b></small>',_('Filter performed'),htmlspecialchars($this->template->resultsdata[$base]['filter']));
121	---
122	-1.7.4.1
123	-

Gentoo Archives: gentoo-commits