[gentoo-commits] dev/jmbsvicetto:master commit in: net-nds/phpldapadmin/files/, net-nds/phpldapadmin/

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-commits] dev/jmbsvicetto:master commit in: net-nds/phpldapadmin/files/, net-nds/phpldapadmin/
@ 2011-10-20 16:10 Jorge Manuel B. S. Vicetto
  0 siblings, 0 replies; 3+ messages in thread
From: Jorge Manuel B. S. Vicetto @ 2011-10-20 16:10 UTC (permalink / raw
  To: gentoo-commits

commit:     f7e9216f692e55b72252c2ba73fa6d55bf1dc278
Author:     Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto <AT> gentoo <DOT> org>
AuthorDate: Thu Oct 20 16:06:30 2011 +0000
Commit:     Jorge Manuel B. S. Vicetto <jmbsvicetto <AT> gentoo <DOT> org>
CommitDate: Thu Oct 20 16:08:58 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=dev/jmbsvicetto.git;a=commit;h=f7e9216f

[net-nds/phpldapadmin] Bumped to release 1.2.1.1 - bug 367625.
Restricted config file access - bug 280836.

(Portage version: 2.2.0_alpha69/git/Linux x86_64, unsigned Manifest commit)

---
 net-nds/phpldapadmin/ChangeLog                     |   12 +++++++++-
 net-nds/phpldapadmin/Manifest                      |    9 +++++--
 ...=> phpldapadmin-1.2.0.5-fix-magic-quotes.patch} |    0
 .../phpldapadmin-1.2.1.1-fix-magic-quotes.patch    |   23 ++++++++++++++++++++
 net-nds/phpldapadmin/phpldapadmin-1.2.0.5.ebuild   |   17 +++++++-------
 ...-1.2.0.5.ebuild => phpldapadmin-1.2.1.1.ebuild} |   17 +++++++-------
 6 files changed, 56 insertions(+), 22 deletions(-)

diff --git a/net-nds/phpldapadmin/ChangeLog b/net-nds/phpldapadmin/ChangeLog
index b46dffd..a5a7bcd 100644
--- a/net-nds/phpldapadmin/ChangeLog
+++ b/net-nds/phpldapadmin/ChangeLog
@@ -1,7 +1,17 @@
 # ChangeLog for net-nds/phpldapadmin
-# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
+# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
 # $Header: $
 
+*phpldapadmin-1.2.1.1 (20 Oct 2011)
+
+  20 Oct 2011; <atlantis@gentoo.org> phpldapadmin-1.2.0.5.ebuild,
+  +files/phpldapadmin-1.2.0.5-fix-magic-quotes.patch,
+  +phpldapadmin-1.2.1.1.ebuild,
+  +files/phpldapadmin-1.2.1.1-fix-magic-quotes.patch,
+  -files/phpldapadmin-fix-magic-quotes.patch:
+  [net-nds/phpldapadmin] Bumped to release 1.2.1.1 - bug 367625.
+  Restricted config file access - bug 280836.
+
   11 Nov 2010; Jorge Manuel B. S. Vicetto <jmbsvicetto@gentoo.org>
   phpldapadmin-1.2.0.5.ebuild, +files/phpldapadmin-fix-magic-quotes.patch:
   Added patch to fix the use of *_magic_quotes_runtime that is deprecated

diff --git a/net-nds/phpldapadmin/Manifest b/net-nds/phpldapadmin/Manifest
index cc108f8..578edec 100644
--- a/net-nds/phpldapadmin/Manifest
+++ b/net-nds/phpldapadmin/Manifest
@@ -1,6 +1,9 @@
-AUX phpldapadmin-fix-magic-quotes.patch 907 RMD160 62ae95f4c3da3e62d9ac5da09feab003a48a3747 SHA1 f19ad4b6e639acadf1dab208a8686f6f50c69c07 SHA256 10beefdc89c03fb6c13cb25fb38f4c9837b7ad4f23de97cf24273d093fddd398
+AUX phpldapadmin-1.2.0.5-fix-magic-quotes.patch 907 RMD160 62ae95f4c3da3e62d9ac5da09feab003a48a3747 SHA1 f19ad4b6e639acadf1dab208a8686f6f50c69c07 SHA256 10beefdc89c03fb6c13cb25fb38f4c9837b7ad4f23de97cf24273d093fddd398
+AUX phpldapadmin-1.2.1.1-fix-magic-quotes.patch 829 RMD160 085053d13ba91c8b69d5b0e4d6ce3fd0e627780b SHA1 8f6ea7971157091febc6a7ff2f6fe97ed908df38 SHA256 7cce069d30a5c4067743de8e91d0d6bd4d9faaaf169ed342a3890bf07ced8817
 AUX postinstall2-en.txt 131 RMD160 f1f681b3b5094f555e6adfca8d70d4ca1b14ae4b SHA1 deecc59339d6c83dad797c0f8cfab9ea0110153a SHA256 e2dc7bea366789a303eb9a90d1bced655cea00469202859af40bf19c00505d38
 DIST phpldapadmin-1.2.0.5.tgz 1345901 RMD160 7b3e194420d7360001faa709b046423d8ac939bf SHA1 0720ec05bfe91520bdd15e38c79f949f18d355eb SHA256 ee75da1dbba023499fdf50d6cedea9bcdb9caad017b15ed2e31700bcc61dfcfd
-EBUILD phpldapadmin-1.2.0.5.ebuild 1053 RMD160 2df5af481c89c19a8248accf8d9bd9b12c76eaa4 SHA1 7c67cb6558a7ff121f0cc2640084e2b02f0be5cd SHA256 4e0ba7be4a40d229b1bc9749f7082121ab7464a5673ecda570557c965b857bf3
-MISC ChangeLog 589 RMD160 60bccaa3f49acd72160abbb3939e6f894d8681d4 SHA1 a4646fae5b810b084ba2806374b97637dc726eda SHA256 9b9960e9c490c4f3d103c0475c1f881d11cec59ea0fe40a08fe3eeb9d75fabad
+DIST phpldapadmin-1.2.1.1.tgz 1468961 RMD160 c78bd0f056f7f5f8b150360e6ee0ef3f37d6560c SHA1 f30d76205891fbd01fab468af1f8430597983787 SHA256 1fa6373c500a193a8868cb6a753f3b5218a92374b792994129c0c1b69d4d1090
+EBUILD phpldapadmin-1.2.0.5.ebuild 1125 RMD160 c0f0f5b5058377bfa77c7f1cb877e05413673253 SHA1 5ec79bdaa6c5e844e6de3ef38fa6366e077e4a97 SHA256 41846b319a7d220a6833203f4f8c9e62e82eea42e1dce82dc73e4aa69f87df3e
+EBUILD phpldapadmin-1.2.1.1.ebuild 1125 RMD160 c0f0f5b5058377bfa77c7f1cb877e05413673253 SHA1 5ec79bdaa6c5e844e6de3ef38fa6366e077e4a97 SHA256 41846b319a7d220a6833203f4f8c9e62e82eea42e1dce82dc73e4aa69f87df3e
+MISC ChangeLog 990 RMD160 c3b246fa2be08b245bfa12d86f020d9063021424 SHA1 1e03c5092b6bfe1868aabeaed8ba14a27a41653e SHA256 de2636e3ce762e872e3dc8b45a9b6872566c05c80e407e3fa3a673de72570a0f
 MISC metadata.xml 380 RMD160 c812cb4fabdae73f62c2d8cffa1ec1981d4a8d9a SHA1 9ba2c1eaa4175898656e7b78bab91bbcf67503de SHA256 47eaae7cd8741cc282bc0877ed4a848c04ea2f437de6c6065982a7369e08b574

diff --git a/net-nds/phpldapadmin/files/phpldapadmin-fix-magic-quotes.patch b/net-nds/phpldapadmin/files/phpldapadmin-1.2.0.5-fix-magic-quotes.patch
similarity index 100%
rename from net-nds/phpldapadmin/files/phpldapadmin-fix-magic-quotes.patch
rename to net-nds/phpldapadmin/files/phpldapadmin-1.2.0.5-fix-magic-quotes.patch

diff --git a/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-magic-quotes.patch b/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-magic-quotes.patch
new file mode 100644
index 0000000..3a2f3a4
--- /dev/null
+++ b/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-magic-quotes.patch
@@ -0,0 +1,23 @@
+diff -urN phpldapadmin-1.2.1.1/lib/emuhash_functions.php phpldapadmin-1.2.1.1-new/lib/emuhash_functions.php
+--- phpldapadmin-1.2.1.1/lib/emuhash_functions.php	2011-05-11 09:40:18.000000000 +0000
++++ phpldapadmin-1.2.1.1-new/lib/emuhash_functions.php	2011-10-20 15:55:05.597714125 +0000
+@@ -59,8 +59,8 @@
+ 			global $emuhash_emu;
+ 
+ 			if (PHP_VERSION < 6) {
+-				$current_magic_quotes = @get_magic_quotes_runtime();
+-				@set_magic_quotes_runtime(0);
++				$current_magic_quotes = ini_get('magic_quotes_runtime');
++				ini_set('magic_quotes_runtime', 0);;
+ 			}
+ 
+ 			$tmpfile = tempnam($emuhash_emu['tmpdir'],'emuhash');
+@@ -78,7 +78,7 @@
+ 			unlink($tmpfile);
+ 
+ 			if (PHP_VERSION < 6)
+-				@set_magic_quotes_runtime($current_magic_quotes);
++				ini_set('magic_quotes_runtime', $current_magic_quotes);
+ 
+ 			return $pass;
+ 		}

diff --git a/net-nds/phpldapadmin/phpldapadmin-1.2.0.5.ebuild b/net-nds/phpldapadmin/phpldapadmin-1.2.0.5.ebuild
index dbdf4c0..160dc68 100644
--- a/net-nds/phpldapadmin/phpldapadmin-1.2.0.5.ebuild
+++ b/net-nds/phpldapadmin/phpldapadmin-1.2.0.5.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2010 Gentoo Foundation
+# Copyright 1999-2011 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 # $Header: /var/cvsroot/gentoo-x86/net-nds/phpldapadmin/phpldapadmin-1.2.0.4-r1.ebuild,v 1.1 2010/07/03 15:41:09 mabi Exp $
 
@@ -20,14 +20,9 @@ RDEPEND="dev-lang/php[hash,ldap,session,xml,nls]
 need_httpd_cgi
 need_php_httpd
 
-src_unpack() {
-	unpack ${A}
-	cd "${S}"
-	mv config/config.php.example config/config.php
-}
-
 src_prepare() {
-	epatch "${FILESDIR}/${PN}-fix-magic-quotes.patch"
+	mv config/config.php.example config/config.php
+	epatch "${FILESDIR}/${P}-fix-magic-quotes.patch"
 }
 
 src_install() {
@@ -35,10 +30,14 @@ src_install() {
 
 	dodoc INSTALL
 
+	# Restrict config file access - bug 280836
+	chown root:apache "config/config.php"
+	chmod 640 "config/config.php"
+
 	insinto "${MY_HTDOCSDIR}"
 	doins -r *
 
-	webapp_configfile "${MY_HTDOCSDIR}"/config/config.php
+	webapp_configfile "${MY_HTDOCSDIR}/config/config.php"
 	webapp_postinst_txt en "${FILESDIR}"/postinstall2-en.txt
 
 	webapp_src_install

diff --git a/net-nds/phpldapadmin/phpldapadmin-1.2.0.5.ebuild b/net-nds/phpldapadmin/phpldapadmin-1.2.1.1.ebuild
similarity index 76%
copy from net-nds/phpldapadmin/phpldapadmin-1.2.0.5.ebuild
copy to net-nds/phpldapadmin/phpldapadmin-1.2.1.1.ebuild
index dbdf4c0..160dc68 100644
--- a/net-nds/phpldapadmin/phpldapadmin-1.2.0.5.ebuild
+++ b/net-nds/phpldapadmin/phpldapadmin-1.2.1.1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2010 Gentoo Foundation
+# Copyright 1999-2011 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 # $Header: /var/cvsroot/gentoo-x86/net-nds/phpldapadmin/phpldapadmin-1.2.0.4-r1.ebuild,v 1.1 2010/07/03 15:41:09 mabi Exp $
 
@@ -20,14 +20,9 @@ RDEPEND="dev-lang/php[hash,ldap,session,xml,nls]
 need_httpd_cgi
 need_php_httpd
 
-src_unpack() {
-	unpack ${A}
-	cd "${S}"
-	mv config/config.php.example config/config.php
-}
-
 src_prepare() {
-	epatch "${FILESDIR}/${PN}-fix-magic-quotes.patch"
+	mv config/config.php.example config/config.php
+	epatch "${FILESDIR}/${P}-fix-magic-quotes.patch"
 }
 
 src_install() {
@@ -35,10 +30,14 @@ src_install() {
 
 	dodoc INSTALL
 
+	# Restrict config file access - bug 280836
+	chown root:apache "config/config.php"
+	chmod 640 "config/config.php"
+
 	insinto "${MY_HTDOCSDIR}"
 	doins -r *
 
-	webapp_configfile "${MY_HTDOCSDIR}"/config/config.php
+	webapp_configfile "${MY_HTDOCSDIR}/config/config.php"
 	webapp_postinst_txt en "${FILESDIR}"/postinstall2-en.txt
 
 	webapp_src_install



^ permalink raw reply related	[flat|nested] 3+ messages in thread

* [gentoo-commits] dev/jmbsvicetto:master commit in: net-nds/phpldapadmin/files/, net-nds/phpldapadmin/
@ 2012-02-02 20:36 Jorge Manuel B. S. Vicetto
  0 siblings, 0 replies; 3+ messages in thread
From: Jorge Manuel B. S. Vicetto @ 2012-02-02 20:36 UTC (permalink / raw
  To: gentoo-commits

commit:     726499fe34b8735aa45e8f316436343083190073
Author:     Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto <AT> gentoo <DOT> org>
AuthorDate: Thu Feb  2 20:33:52 2012 +0000
Commit:     Jorge Manuel B. S. Vicetto <jmbsvicetto <AT> gentoo <DOT> org>
CommitDate: Thu Feb  2 20:33:52 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=dev/jmbsvicetto.git;a=commit;h=726499fe

[net-nds/phpldapadmin-1.2.2-r1] Apply security patch to fix XSS issue - fixes bug 401901.

(Portage version: 2.2.0_alpha84/git/Linux x86_64, signed Manifest commit with key BB0E6E98)

---
 net-nds/phpldapadmin/ChangeLog                     |    7 +++
 net-nds/phpldapadmin/Manifest                      |   30 +++++++------
 .../files/phpldapadmin-1.2.2-base.patch            |   34 +++++++++++++++
 net-nds/phpldapadmin/phpldapadmin-1.2.2-r1.ebuild  |   45 ++++++++++++++++++++
 4 files changed, 102 insertions(+), 14 deletions(-)

diff --git a/net-nds/phpldapadmin/ChangeLog b/net-nds/phpldapadmin/ChangeLog
index 43cb97a..f8597f4 100644
--- a/net-nds/phpldapadmin/ChangeLog
+++ b/net-nds/phpldapadmin/ChangeLog
@@ -2,6 +2,13 @@
 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
 # $Header: $
 
+*phpldapadmin-1.2.2-r1 (02 Feb 2012)
+
+  02 Feb 2012; Jorge Manuel B. S. Vicetto <jmbsvicetto@gentoo.org>
+  +phpldapadmin-1.2.2-r1.ebuild, +files/phpldapadmin-1.2.2-base.patch:
+  [net-nds/phpldapadmin-1.2.2-r1] Apply security patch to fix XSS issue - fixes
+  bug 401901.
+
 *phpldapadmin-1.2.2 (04 Jan 2012)
 
   04 Jan 2012; Jorge Manuel B. S. Vicetto <jmbsvicetto@gentoo.org>

diff --git a/net-nds/phpldapadmin/Manifest b/net-nds/phpldapadmin/Manifest
index a222f60..61bfb49 100644
--- a/net-nds/phpldapadmin/Manifest
+++ b/net-nds/phpldapadmin/Manifest
@@ -3,29 +3,31 @@ Hash: SHA1
 
 AUX phpldapadmin-1.2.0.5-fix-magic-quotes.patch 907 RMD160 62ae95f4c3da3e62d9ac5da09feab003a48a3747 SHA1 f19ad4b6e639acadf1dab208a8686f6f50c69c07 SHA256 10beefdc89c03fb6c13cb25fb38f4c9837b7ad4f23de97cf24273d093fddd398
 AUX phpldapadmin-1.2.1.1-fix-magic-quotes.patch 829 RMD160 085053d13ba91c8b69d5b0e4d6ce3fd0e627780b SHA1 8f6ea7971157091febc6a7ff2f6fe97ed908df38 SHA256 7cce069d30a5c4067743de8e91d0d6bd4d9faaaf169ed342a3890bf07ced8817
+AUX phpldapadmin-1.2.2-base.patch 1115 RMD160 d1be4823aa4324fe64a3926a7a6d886c66cce38f SHA1 ac32c511f07314041981514ac6c55e8ba42a2e28 SHA256 33c012fc00d0a170ff57e50624ec0e1018ace3fe9350a5a02ffe2ae8e1751d33
 AUX postinstall2-en.txt 131 RMD160 f1f681b3b5094f555e6adfca8d70d4ca1b14ae4b SHA1 deecc59339d6c83dad797c0f8cfab9ea0110153a SHA256 e2dc7bea366789a303eb9a90d1bced655cea00469202859af40bf19c00505d38
 DIST phpldapadmin-1.2.0.5.tgz 1345901 RMD160 7b3e194420d7360001faa709b046423d8ac939bf SHA1 0720ec05bfe91520bdd15e38c79f949f18d355eb SHA256 ee75da1dbba023499fdf50d6cedea9bcdb9caad017b15ed2e31700bcc61dfcfd
 DIST phpldapadmin-1.2.1.1.tgz 1468961 RMD160 c78bd0f056f7f5f8b150360e6ee0ef3f37d6560c SHA1 f30d76205891fbd01fab468af1f8430597983787 SHA256 1fa6373c500a193a8868cb6a753f3b5218a92374b792994129c0c1b69d4d1090
 DIST phpldapadmin-1.2.2.tgz 1415565 RMD160 dd93d9558c9780b014f066d070b496e2804b9565 SHA1 2904923eb25173d108b556c70fb3d42cd6e0e289 SHA256 8629ea3f14630d4dd74099c997ac9795240a6417d5d124517ba5860c12d8a239
 EBUILD phpldapadmin-1.2.0.5.ebuild 1010 RMD160 5af8725c3b2223d2caab5e3ce47bdea414640ccc SHA1 958603fd0d2a660cb423e530ebcd3c9955102609 SHA256 a1ad15899f39aa51c1b22b184ab5bef00941221ec9f6a9b15d3cb2e71f6fc4b5
 EBUILD phpldapadmin-1.2.1.1.ebuild 1010 RMD160 5af8725c3b2223d2caab5e3ce47bdea414640ccc SHA1 958603fd0d2a660cb423e530ebcd3c9955102609 SHA256 a1ad15899f39aa51c1b22b184ab5bef00941221ec9f6a9b15d3cb2e71f6fc4b5
+EBUILD phpldapadmin-1.2.2-r1.ebuild 1179 RMD160 18a2c72f5ce61c7bb0ca5b9f76578df13913e11f SHA1 798f417f12f09c5502436d21da3de5c5141945c3 SHA256 c483a9938a02fe10dc72ee003d577e32aef7ac10f4bc80011b9bfb731d939ab1
 EBUILD phpldapadmin-1.2.2.ebuild 1141 RMD160 be4cfe7972deee1d9ca15de7ce54ea54a0599fa0 SHA1 97c883097e4c1152f543cf5704269515ca15d1f4 SHA256 1cd36c4f075323c058d6ad03c77e0a46e947bf5d4cf8a15baf5a66cb8e08e93b
-MISC ChangeLog 1422 RMD160 285d850f245fe1b3fe59b737af00c1d1673e59a7 SHA1 eb8fb51afc95dd493f44d043f2cc10417e491eac SHA256 b220597901e46a17a2d94750378a5b71779006b127a8a25bf2236fa2e78f13c6
+MISC ChangeLog 1693 RMD160 f51fe08411b086eca36e28137e7a6c9a4efacd5c SHA1 afd1b46b81803435ed5d6375d9f9fadd4dbcdbe8 SHA256 aedfeb4998ff4ccd33438d48baccdaef1f7923cf561ae361e52b05d5ef1f3100
 MISC metadata.xml 380 RMD160 c812cb4fabdae73f62c2d8cffa1ec1981d4a8d9a SHA1 9ba2c1eaa4175898656e7b78bab91bbcf67503de SHA256 47eaae7cd8741cc282bc0877ed4a848c04ea2f437de6c6065982a7369e08b574
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.18 (GNU/Linux)
 
-iQIcBAEBAgAGBQJPBIUFAAoJEC8ZTXQF1qEPwE0QALfzRlvpxqvW19A1XeW75Z2G
-R9I5boqO9TQm/DLSWmEcjqfCQNGIxly/ZmTrPv6KK9fqZyqpvTZpVEE2PNEXFdSF
-Vzbj9IjjAs7P1GOsw76GJSwi2d8tR52eW8oT8NnugDLBW2zDV5wPXU42IG4UzD1m
-9UCdrf3Q2ueeP9OK3CCicV8hlDif3HmmTSrdUnYQ3mRH/Av75X/6ln2OYMrwqmgo
-R80fMk5Wn+xt/Ok4+6WKsIXPOczTztxyLqxfx9xYfUIOvhd3BSMJQLvuLr49OS7Y
-n88fBxmyNxyCKP5X481fwoEuoOv+E9+cEcU0Q59dFinjJPJUXtdW6dfqwcIjzOU4
-yHgdOd2BBBXyd6MJoExdhrdgk3wEa8owg4Yu9063GSAkPkRT0tQ8QOZIbwixcV20
-Se4+7cd4XU3XSr+2k0Q5HCD1EYFLf/2iWTFO2oocAxBe2FAOx15Kz0zzL1ME2ajJ
-2Wn3kitLjJOwcdaiDyovuX95RHK8LRHDvqC7A6/th8UIiOctSurEa2fAE059Y7EF
-YTUDrEc4mbhyRvWK5YMGB7/xjwHHxDZ8e4VRNZqBlkuJpMTxUZq7e9NXZdzud6gQ
-Lysnh3OBsdKkZrPLc6KzHce6mt7muMw89NpupOWYd1WlrraqcQZzQAp8CnwyUoE3
-nDCI7DKaB7KviDYB5Gjh
-=XudF
+iQIcBAEBAgAGBQJPKvMwAAoJEC8ZTXQF1qEP+QoP/3A+tpc2cFthdt7MB3HFjDg2
+EniEwY0bpWcxnSNta+mbholEpjcOamGzFDrDNPEPOC8gul8AkpAuzOu4V1bEgYMY
+b2yNh6fP6aiUpwJIdOuhcrS/dkB1huwAyi33VhEsRq0Ptm4l501pKPTRsvMAGO9w
+lGHHcrPdPFA9OABXQPtkW+bwZmyMNY/xHPelz6aUKQq+TVIJeEC90i2emQnO5RQI
+hwFk7u25WpN/rjbFpI0tiqMAlk5Wcw+FPNXgRWYjL+YIIuxVk1rwGxTLsZ2V4oOi
+x4qh0zrQ+3ciSU3iV8vNm1U54cszPAj6Ul0figkaUN38wff2dBP2IP0c//YXvPfK
+2YjuIvK0ItwCSsu1sIAfyY3f9itC4XoXJ2AKNdbl2W8Jvf7gobXMjRoQxwSp+Yr5
+wNOvIWiE0pWlPxuul1qFyTD0iPfZJTxXmjOo4LkT5Gtji9jQZmijcFerdsGLVwPm
+Yx0zg1JAbNyF+D1N+nNBglRSU+bn2laloQ5mXS33AXib5SfpjaTAfxBrWHpkOPJd
+hE2VIgDr7k5Ayyf1o23ua/ELbkIIGs7ylrtT2+pLYfxhB21lY4o05qGNHRuw22vE
+EHfFsNCUhWLF9oYqTL0blVidqpMlObvq4DmIAGTYG6yX4TFRD0dWtWvP7WxEIhso
+qPmLUVMGqUynNjlI5Gkx
+=SmeB
 -----END PGP SIGNATURE-----

diff --git a/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch b/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch
new file mode 100644
index 0000000..bff3c62
--- /dev/null
+++ b/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch
@@ -0,0 +1,34 @@
+From 7dc8d57d6952fe681cb9e8818df7f103220457bd Mon Sep 17 00:00:00 2001
+From: Deon George <wurley@users.sf.net>
+Date: Tue, 24 Jan 2012 12:37:28 +1100
+Subject: [PATCH] SF Bug #3477910 - XSS vulnerability in query
+
+---
+ lib/QueryRender.php |    4 ++--
+ 1 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/QueryRender.php b/lib/QueryRender.php
+index 291ec40..685f3ba 100644
+--- a/lib/QueryRender.php
++++ b/lib/QueryRender.php
+@@ -497,7 +497,7 @@ class QueryRender extends PageRender {
+ 				$this->getAjaxRef($base),
+ 				$this->getAjaxRef($base),
+ 				($show == $this->getAjaxRef($base) ? '#F0F0F0' : '#E0E0E0'),
+-				$base);
++				htmlspecialchars($base));
+ 		}
+ 		echo '</tr>';
+ 		echo '</table>';
+@@ -545,7 +545,7 @@ class QueryRender extends PageRender {
+ 		echo ' ]</small>';
+ 
+ 		echo '<br />';
+-		printf('<small>%s: <b>%s</b></small>',_('Base DN'),$base);
++		printf('<small>%s: <b>%s</b></small>',_('Base DN'),htmlspecialchars($base));
+ 
+ 		echo '<br />';
+ 		printf('<small>%s: <b>%s</b></small>',_('Filter performed'),htmlspecialchars($this->template->resultsdata[$base]['filter']));
+-- 
+1.7.4.1
+

diff --git a/net-nds/phpldapadmin/phpldapadmin-1.2.2-r1.ebuild b/net-nds/phpldapadmin/phpldapadmin-1.2.2-r1.ebuild
new file mode 100644
index 0000000..88c4fb9
--- /dev/null
+++ b/net-nds/phpldapadmin/phpldapadmin-1.2.2-r1.ebuild
@@ -0,0 +1,45 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-nds/phpldapadmin/phpldapadmin-1.2.1.1-r1.ebuild,v 1.1 2011/10/25 18:18:43 jmbsvicetto Exp $
+
+EAPI="2"
+
+inherit webapp depend.php
+
+DESCRIPTION="phpLDAPadmin is a web-based tool for managing all aspects of your LDAP server."
+HOMEPAGE="http://phpldapadmin.sourceforge.net"
+SRC_URI="mirror://sourceforge/${PN}/${P}.tgz"
+
+LICENSE="GPL-2"
+KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~sparc ~x86"
+IUSE=""
+
+RDEPEND="dev-lang/php[hash,ldap,session,xml,nls]
+		 || ( <dev-lang/php-5.3[pcre] >=dev-lang/php-5.3 )"
+
+need_httpd_cgi
+need_php_httpd
+
+src_prepare() {
+	mv config/config.php.example config/config.php
+	epatch "${FILESDIR}/${PN}-1.2.1.1-fix-magic-quotes.patch"
+	epatch "${FILESDIR}/${P}-base.patch"
+}
+
+src_install() {
+	webapp_src_preinst
+
+	dodoc INSTALL
+
+	# Restrict config file access - bug 280836
+	chown root:apache "config/config.php"
+	chmod 640 "config/config.php"
+
+	insinto "${MY_HTDOCSDIR}"
+	doins -r *
+
+	webapp_configfile "${MY_HTDOCSDIR}/config/config.php"
+	webapp_postinst_txt en "${FILESDIR}"/postinstall2-en.txt
+
+	webapp_src_install
+}



^ permalink raw reply related	[flat|nested] 3+ messages in thread

* [gentoo-commits] dev/jmbsvicetto:master commit in: net-nds/phpldapadmin/files/, net-nds/phpldapadmin/
@ 2014-04-10 19:53 Jorge Manuel B. S. Vicetto
  0 siblings, 0 replies; 3+ messages in thread
From: Jorge Manuel B. S. Vicetto @ 2014-04-10 19:53 UTC (permalink / raw
  To: gentoo-commits

commit:     7ee51d74a1a7d4014029d9fb3729de1e99da357c
Author:     Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto <AT> gentoo <DOT> org>
AuthorDate: Thu Apr 10 19:46:50 2014 +0000
Commit:     Jorge Manuel B. S. Vicetto <jmbsvicetto <AT> gentoo <DOT> org>
CommitDate: Thu Apr 10 19:52:52 2014 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=dev/jmbsvicetto.git;a=commit;h=7ee51d74

Add a patch to allow phpldapadmin to build against php-5.5. Fixes bug 482340 - thanks to Alexander Stein.

---
 net-nds/phpldapadmin/Manifest                      |   3 +-
 .../files/phpldapadmin-fix-php5.5-support.patch    | 152 +++++++++++++++++++++
 net-nds/phpldapadmin/phpldapadmin-1.2.3-r1.ebuild  |  49 +++++++
 3 files changed, 203 insertions(+), 1 deletion(-)

diff --git a/net-nds/phpldapadmin/Manifest b/net-nds/phpldapadmin/Manifest
index 912f16a..1d714a5 100644
--- a/net-nds/phpldapadmin/Manifest
+++ b/net-nds/phpldapadmin/Manifest
@@ -1 +1,2 @@
-DIST phpldapadmin-1.2.2.tgz 1415565 SHA256 8629ea3f14630d4dd74099c997ac9795240a6417d5d124517ba5860c12d8a239
+DIST phpldapadmin-1.2.2.tgz 1415565 SHA256 8629ea3f14630d4dd74099c997ac9795240a6417d5d124517ba5860c12d8a239 SHA512 262e177258fc0e107833eeee3df3352fa66f099baa2ebd30ff3c5aa42dbf95811c4a7c5effda423171a8ac3558f03aa100ab6f48818c9df1f3ab6bb1e1e17e99 WHIRLPOOL 9d71144996308ced445ae7c09849f5c3cc72a58123bc17d5fe1301a947bd13922e391ed198231fad5a54a2075af9fa8da9c2e7c4dbae28263a678260864e568e
+DIST phpldapadmin-1.2.3.tgz 1115707 SHA256 aecaf8c3ce77ba3899dd31ee5ee183555b2f9349eb8e196dcd33d8a3c485ed58 SHA512 58a57ca577586685ebd0d7fde7e299b8945d1693018c7803e19239b79f4b9d72a4d207d53c9f284268e32398108038efafcdb434e634619bfe87db3524d267b6 WHIRLPOOL 2d8cf7dc9e3b509ed6884efa280e554aa34703ca829f377304b99ded20ad144ff445cae3630e83dbfdcccc83799a85a3a2301903a4e298faf0884d3201ca0d21

diff --git a/net-nds/phpldapadmin/files/phpldapadmin-fix-php5.5-support.patch b/net-nds/phpldapadmin/files/phpldapadmin-fix-php5.5-support.patch
new file mode 100644
index 0000000..df6a7c1
--- /dev/null
+++ b/net-nds/phpldapadmin/files/phpldapadmin-fix-php5.5-support.patch
@@ -0,0 +1,152 @@
+commit 7e53dab990748c546b79f0610c3a7a58431e9ebc
+Author: Michael Laccetti <michael@laccetti.com>
+Date:   Thu Aug 29 09:13:56 2013 -0400
+
+    Fixed two issues to get phpLdapAdmin to work under PHP 5.5.x
+    1) password_hash is an actual function, so renamed instances to password_hash_custom (HT: https://sourceforge.net/mailarchive/message.php?msg_id=31302386)
+    2) Fixed the preg_replace to preg_replace_callback to use the /e/ functionality in the officially endorsed fashion
+
+diff --git a/lib/PageRender.php b/lib/PageRender.php
+index 7d86a54..eed5d5f 100644
+--- a/lib/PageRender.php
++++ b/lib/PageRender.php
+@@ -287,7 +287,7 @@ class PageRender extends Visitor {
+ 						break;
+ 
+ 					default:
+-						$vals[$i] = password_hash($passwordvalue,$enc);
++						$vals[$i] = password_hash_custom($passwordvalue,$enc);
+ 				}
+ 
+ 				$vals = array_unique($vals);
+@@ -957,7 +957,7 @@ class PageRender extends Visitor {
+ 		if (trim($val))
+ 			$enc_type = get_enc_type($val);
+ 		else
+-			$enc_type = $server->getValue('appearance','password_hash');
++			$enc_type = $server->getValue('appearance','password_hash_custom');
+ 
+ 		$obfuscate_password = obfuscate_password_display($enc_type);
+ 
+@@ -982,7 +982,7 @@ class PageRender extends Visitor {
+ 		if (trim($val))
+ 			$enc_type = get_enc_type($val);
+ 		else
+-			$enc_type = $server->getValue('appearance','password_hash');
++			$enc_type = $server->getValue('appearance','password_hash_custom');
+ 
+ 		echo '<table cellspacing="0" cellpadding="0"><tr><td valign="top">';
+ 
+diff --git a/lib/ds_ldap.php b/lib/ds_ldap.php
+index c346660..7532539 100644
+--- a/lib/ds_ldap.php
++++ b/lib/ds_ldap.php
+@@ -1116,13 +1116,24 @@ class ldap extends DS {
+ 
+ 		if (is_array($dn)) {
+ 			$a = array();
+-			foreach ($dn as $key => $rdn)
+-				$a[$key] = preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$rdn);
++			foreach ($dn as $key => $rdn) {
++				$a[$key] = preg_replace_callback('/\\\([0-9A-Fa-f]{2})/',
++					function ($m) {
++						return ''.chr(hexdec('\\1')).'';
++					},
++					$rdn
++					);
++			}
+ 
+ 			return $a;
+ 
+ 		} else
+-			return preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$dn);
++			 return preg_replace_callback('/\\\([0-9A-Fa-f]{2})/',
++				function ($m) {
++					return ''.chr(hexdec('\\1')).'';
++				},
++				$dn
++			);
+ 	}
+ 
+ 	public function getRootDSE($method=null) {
+diff --git a/lib/ds_ldap_pla.php b/lib/ds_ldap_pla.php
+index 7ece393..6b0990e 100644
+--- a/lib/ds_ldap_pla.php
++++ b/lib/ds_ldap_pla.php
+@@ -16,7 +16,7 @@ class ldap_pla extends ldap {
+ 	function __construct($index) {
+ 		parent::__construct($index);
+ 
+-		$this->default->appearance['password_hash'] = array(
++		$this->default->appearance['password_hash_custom'] = array(
+ 			'desc'=>'Default HASH to use for passwords',
+ 			'default'=>'md5');
+ 
+diff --git a/lib/functions.php b/lib/functions.php
+index 56d8bf3..5ac3caf 100644
+--- a/lib/functions.php
++++ b/lib/functions.php
+@@ -2127,7 +2127,7 @@ function password_types() {
+  *        crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, sha512, or clear.
+  * @return string The hashed password.
+  */
+-function password_hash($password_clear,$enc_type) {
++function password_hash_custom($password_clear,$enc_type) {
+ 	if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
+ 		debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs);
+ 
+@@ -2318,7 +2318,7 @@ function password_check($cryptedpassword,$plainpassword,$attribute='userpassword
+ 
+ 		# SHA crypted passwords
+ 		case 'sha':
+-			if (strcasecmp(password_hash($plainpassword,'sha'),'{SHA}'.$cryptedpassword) == 0)
++			if (strcasecmp(password_hash_custom($plainpassword,'sha'),'{SHA}'.$cryptedpassword) == 0)
+ 				return true;
+ 			else
+ 				return false;
+@@ -2327,7 +2327,7 @@ function password_check($cryptedpassword,$plainpassword,$attribute='userpassword
+ 
+ 		# MD5 crypted passwords
+ 		case 'md5':
+-			if( strcasecmp(password_hash($plainpassword,'md5'),'{MD5}'.$cryptedpassword) == 0)
++			if( strcasecmp(password_hash_custom($plainpassword,'md5'),'{MD5}'.$cryptedpassword) == 0)
+ 				return true;
+ 			else
+ 				return false;
+@@ -2392,7 +2392,7 @@ function password_check($cryptedpassword,$plainpassword,$attribute='userpassword
+ 
+ 		# SHA512 crypted passwords
+ 		case 'sha512':
+-			if (strcasecmp(password_hash($plainpassword,'sha512'),'{SHA512}'.$cryptedpassword) == 0)
++			if (strcasecmp(password_hash_custom($plainpassword,'sha512'),'{SHA512}'.$cryptedpassword) == 0)
+ 				return true;
+ 			else
+ 				return false;
+@@ -2564,13 +2564,24 @@ function dn_unescape($dn) {
+ 	if (is_array($dn)) {
+ 		$a = array();
+ 
+-		foreach ($dn as $key => $rdn)
+-			$a[$key] = preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$rdn);
++		foreach ($dn as $key => $rdn) {
++			$a[$key] = preg_replace_callback('/\\\([0-9A-Fa-f]{2})/',
++				function ($m) {
++					return ''.chr(hexdec('\\1')).'';
++				},
++				$rdn
++			);
++		}
+ 
+ 		return $a;
+ 
+ 	} else {
+-		return preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$dn);
++		 return  preg_replace_callback('/\\\([0-9A-Fa-f]{2})/',
++			 function ($m) {
++				return ''.chr(hexdec('\\1')).'';
++			},
++			$dn
++		);
+ 	}
+ }
+ 

diff --git a/net-nds/phpldapadmin/phpldapadmin-1.2.3-r1.ebuild b/net-nds/phpldapadmin/phpldapadmin-1.2.3-r1.ebuild
new file mode 100644
index 0000000..970af1a
--- /dev/null
+++ b/net-nds/phpldapadmin/phpldapadmin-1.2.3-r1.ebuild
@@ -0,0 +1,49 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-nds/phpldapadmin/phpldapadmin-1.2.3.ebuild,v 1.1 2012/11/12 12:04:32 jmbsvicetto Exp $
+
+EAPI="2"
+
+inherit webapp depend.php
+
+DESCRIPTION="phpLDAPadmin is a web-based tool for managing all aspects of your LDAP server."
+HOMEPAGE="http://phpldapadmin.sourceforge.net"
+SRC_URI="mirror://sourceforge/${PN}/${P}.tgz"
+
+LICENSE="GPL-2"
+KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~sparc ~x86"
+IUSE=""
+
+RDEPEND="dev-lang/php[hash,ldap,session,xml,nls]
+		 || ( <dev-lang/php-5.3[pcre] >=dev-lang/php-5.3 )"
+
+need_httpd_cgi
+need_php_httpd
+
+src_prepare() {
+	mv config/config.php.example config/config.php
+	epatch "${FILESDIR}/${PN}-1.2.1.1-fix-magic-quotes.patch"
+	# http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin;a=commit;h=7dc8d57d6952fe681cb9e8818df7f103220457bd
+
+	epatch "${FILESDIR}/${PN}-fix-php5.5-support.patch"
+	# http://sourceforge.net/u/nihilisticz/phpldapadmin/ci/7e53dab990748c546b79f0610c3a7a58431e9ebc/
+	# This patch has been requested to be merged, but there's no recent activity by upstream
+}
+
+src_install() {
+	webapp_src_preinst
+
+	dodoc INSTALL
+
+	# Restrict config file access - bug 280836
+	chown root:apache "config/config.php"
+	chmod 640 "config/config.php"
+
+	insinto "${MY_HTDOCSDIR}"
+	doins -r *
+
+	webapp_configfile "${MY_HTDOCSDIR}/config/config.php"
+	webapp_postinst_txt en "${FILESDIR}"/postinstall2-en.txt
+
+	webapp_src_install
+}


^ permalink raw reply related	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2014-04-10 19:53 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-02-02 20:36 [gentoo-commits] dev/jmbsvicetto:master commit in: net-nds/phpldapadmin/files/, net-nds/phpldapadmin/ Jorge Manuel B. S. Vicetto
  -- strict thread matches above, loose matches on Subject: below --
2014-04-10 19:53 Jorge Manuel B. S. Vicetto
2011-10-20 16:10 Jorge Manuel B. S. Vicetto

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox