diff options
| author |   Jorge Manuel B. S. Vicetto <jmbsvicetto@gentoo.org> | 2012-02-02 21:18:10 +0000 |
|---|---|---|
| committer | Jorge Manuel B. S. Vicetto <jmbsvicetto@gentoo.org> | 2012-02-02 21:18:10 +0000 |
| commit | 453473f8a862d280be0b6477e6b1cc534e7e4811 (patch) | |
| tree | fe2d4f62855bbcc1c7ff470001cd1dbc88963de2 /net-nds/phpldapadmin | |
| parent | Stable for X86, wrt security bug #401987 (diff) | |
| download | gentoo-2-453473f8a862d280be0b6477e6b1cc534e7e4811.tar.gz gentoo-2-453473f8a862d280be0b6477e6b1cc534e7e4811.tar.bz2 gentoo-2-453473f8a862d280be0b6477e6b1cc534e7e4811.zip | |
[net-nds/phpldapadmin-1.2.2-r1] Apply security patch to fix XSS issue - fixes bug 401901.
(Portage version: 2.2.0_alpha84/cvs/Linux x86_64)
Diffstat (limited to 'net-nds/phpldapadmin')
| -rw-r--r-- | net-nds/phpldapadmin/ChangeLog | 9 | ||||
| -rw-r--r-- | net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch | 34 | ||||
| -rw-r--r-- | net-nds/phpldapadmin/phpldapadmin-1.2.2-r1.ebuild | 46 |
3 files changed, 88 insertions, 1 deletions
diff --git a/net-nds/phpldapadmin/ChangeLog b/net-nds/phpldapadmin/ChangeLog index af94d636f859..0965b61a8c03 100644 --- a/net-nds/phpldapadmin/ChangeLog +++ b/net-nds/phpldapadmin/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for net-nds/phpldapadmin # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-nds/phpldapadmin/ChangeLog,v 1.55 2012/01/05 00:36:39 jmbsvicetto Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-nds/phpldapadmin/ChangeLog,v 1.56 2012/02/02 21:18:10 jmbsvicetto Exp $ + +*phpldapadmin-1.2.2-r1 (02 Feb 2012) + + 02 Feb 2012; Jorge Manuel B. S. Vicetto <jmbsvicetto@gentoo.org> + +phpldapadmin-1.2.2-r1.ebuild, +files/phpldapadmin-1.2.2-base.patch: + [net-nds/phpldapadmin-1.2.2-r1] Apply security patch to fix XSS issue - fixes + bug 401901. *phpldapadmin-1.2.2 (05 Jan 2012) diff --git a/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch b/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch new file mode 100644 index 000000000000..bff3c6268556 --- /dev/null +++ b/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch @@ -0,0 +1,34 @@ +From 7dc8d57d6952fe681cb9e8818df7f103220457bd Mon Sep 17 00:00:00 2001 +From: Deon George <wurley@users.sf.net> +Date: Tue, 24 Jan 2012 12:37:28 +1100 +Subject: [PATCH] SF Bug #3477910 - XSS vulnerability in query + +--- + lib/QueryRender.php | 4 ++-- + 1 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/lib/QueryRender.php b/lib/QueryRender.php +index 291ec40..685f3ba 100644 +--- a/lib/QueryRender.php ++++ b/lib/QueryRender.php +@@ -497,7 +497,7 @@ class QueryRender extends PageRender { + $this->getAjaxRef($base), + $this->getAjaxRef($base), + ($show == $this->getAjaxRef($base) ? '#F0F0F0' : '#E0E0E0'), +- $base); ++ htmlspecialchars($base)); + } + echo '</tr>'; + echo '</table>'; +@@ -545,7 +545,7 @@ class QueryRender extends PageRender { + echo ' ]</small>'; + + echo '<br />'; +- printf('<small>%s: <b>%s</b></small>',_('Base DN'),$base); ++ printf('<small>%s: <b>%s</b></small>',_('Base DN'),htmlspecialchars($base)); + + echo '<br />'; + printf('<small>%s: <b>%s</b></small>',_('Filter performed'),htmlspecialchars($this->template->resultsdata[$base]['filter'])); +-- +1.7.4.1 + diff --git a/net-nds/phpldapadmin/phpldapadmin-1.2.2-r1.ebuild b/net-nds/phpldapadmin/phpldapadmin-1.2.2-r1.ebuild new file mode 100644 index 000000000000..bda401833c6a --- /dev/null +++ b/net-nds/phpldapadmin/phpldapadmin-1.2.2-r1.ebuild @@ -0,0 +1,46 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-nds/phpldapadmin/phpldapadmin-1.2.2-r1.ebuild,v 1.1 2012/02/02 21:18:10 jmbsvicetto Exp $ + +EAPI="2" + +inherit webapp depend.php + +DESCRIPTION="phpLDAPadmin is a web-based tool for managing all aspects of your LDAP server." +HOMEPAGE="http://phpldapadmin.sourceforge.net" +SRC_URI="mirror://sourceforge/${PN}/${P}.tgz" + +LICENSE="GPL-2" +KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~sparc ~x86" +IUSE="" + +RDEPEND="dev-lang/php[hash,ldap,session,xml,nls] + || ( <dev-lang/php-5.3[pcre] >=dev-lang/php-5.3 )" + +need_httpd_cgi +need_php_httpd + +src_prepare() { + mv config/config.php.example config/config.php + epatch "${FILESDIR}/${PN}-1.2.1.1-fix-magic-quotes.patch" + # http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin;a=commit;h=7dc8d57d6952fe681cb9e8818df7f103220457bd + epatch "${FILESDIR}/${P}-base.patch" +} + +src_install() { + webapp_src_preinst + + dodoc INSTALL + + # Restrict config file access - bug 280836 + chown root:apache "config/config.php" + chmod 640 "config/config.php" + + insinto "${MY_HTDOCSDIR}" + doins -r * + + webapp_configfile "${MY_HTDOCSDIR}/config/config.php" + webapp_postinst_txt en "${FILESDIR}"/postinstall2-en.txt + + webapp_src_install +} |