update to phpLDAPadmin 1.2.2 which rolls in 2 of the 3 security patches in

the port. there will likely be more fixes to this soon, see https://sourceforge.net/tracker/?func=detail&aid=3497660&group_id=61828&atid=498546
2012-03-06 20:35:20 +00:00 · 2012-03-06 20:35:20 +00:00 · b61f5baa81
commit b61f5baa81
parent 78137264de
5 changed files with 8 additions and 52 deletions
--- a/www/phpldapadmin/Makefile
+++ b/www/phpldapadmin/Makefile
@ -1,12 +1,11 @@
-# $OpenBSD: Makefile,v 1.34 2012/02/03 07:48:41 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.35 2012/03/06 20:35:20 sthen Exp $

 COMMENT=	web-based LDAP browser to manage LDAP servers

-VERSION=	1.2.1.1
+VERSION=	1.2.2
 DISTNAME=	phpldapadmin-${VERSION}
 CATEGORIES=	www
 HOMEPAGE=	http://phpldapadmin.sourceforge.net/
-REVISION=	5

 # GPLv2
 PERMIT_PACKAGE_CDROM=	Yes
--- a/www/phpldapadmin/distinfo
+++ b/www/phpldapadmin/distinfo
@ -1,5 +1,5 @@
-MD5 (phpldapadmin-1.2.1.1.tgz) = lFXTMYYjYFnqbCMIQctIsg==
-RMD160 (phpldapadmin-1.2.1.1.tgz) = x4vQ8Fb39fixUDYObuDvPzfWVgw=
-SHA1 (phpldapadmin-1.2.1.1.tgz) = 8w12IFiR+9Afq0aK8fhDBZeYN4c=
-SHA256 (phpldapadmin-1.2.1.1.tgz) = H6Y3PFAKGTqIaMtqdT87UhipI3S3kplBKcDBtp1NEJA=
-SIZE (phpldapadmin-1.2.1.1.tgz) = 1468961
+MD5 (phpldapadmin-1.2.2.tgz) = eMph6115E5Y/jkLrO08OlQ==
+RMD160 (phpldapadmin-1.2.2.tgz) = 3ZPZVYyXgLAU8GbQcLSW4oBLlWU=
+SHA1 (phpldapadmin-1.2.2.tgz) = KQSSPrJRc9EItVbHD7PULNbg4ok=
+SHA256 (phpldapadmin-1.2.2.tgz) = hinqPxRjDU3XQJnJl6yXlSQKZBfV0SRRe6WGDBLYojk=
+SIZE (phpldapadmin-1.2.2.tgz) = 1415565
--- a/www/phpldapadmin/patches/patch-htdocs_cmd_php
+++ b/www/phpldapadmin/patches/patch-htdocs_cmd_php
@ -1,20 +0,0 @@
-$OpenBSD: patch-htdocs_cmd_php,v 1.2 2011/10/25 19:07:56 jasper Exp $
-
-From 64668e882b8866fae0fa1b25375d1a2f3b4672e2 Mon Sep 17 00:00:00 2001
-From: Deon George <wurley@users.sf.net>
-Date: Wed, 27 Jul 2011 07:30:06 +1000
-Subject: [PATCH] Remove XSS vulnerabilty in debug code
-
--- htdocs/cmd.php.orig	Tue Oct 25 21:06:17 2011
-+++ htdocs/cmd.php	Tue Oct 25 21:06:32 2011
-@@ -19,10 +19,6 @@ $www['meth'] = get_request('meth','REQUEST');
- ob_start();
- 
- switch ($www['cmd']) {
-	case '_debug':
-		debug_dump($_REQUEST,1);
-		break;
-
- 	default:
- 		if (defined('HOOKSDIR') && file_exists(HOOKSDIR.$www['cmd'].'.php'))
- 			$app['script_cmd'] = HOOKSDIR.$www['cmd'].'.php';
--- a/www/phpldapadmin/patches/patch-lib_functions_php
+++ b/www/phpldapadmin/patches/patch-lib_functions_php
@ -1,21 +0,0 @@
-$OpenBSD: patch-lib_functions_php,v 1.1 2011/10/25 19:07:56 jasper Exp $
-
-From 76e6dad13ef77c5448b8dfed1a61e4acc7241165 Mon Sep 17 00:00:00 2001
-From: Deon George <wurley@users.sf.net>
-Date: Thu, 6 Oct 2011 09:03:20 +1100
-Subject: [PATCH] SF Bug #3417184 - PHP Code Injection Vulnerability
-
--- lib/functions.php.orig	Tue Oct 25 21:05:21 2011
-+++ lib/functions.php	Tue Oct 25 21:05:31 2011
-@@ -1003,8 +1003,9 @@ function masort(&$data,$sortby,$rev=0) {
- 	if (defined('DEBUG_ENABLED') && DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
- 		debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs);
- 
-	# if the array to sort is null or empty
-	if (! $data) return;
-+       # if the array to sort is null or empty, or if we have some nasty chars
-+       if (! preg_match('/^[a-zA-Z0-9_]+(\([a-zA-Z0-9_,]*\))?$/',$sortby) || ! $data)
-+               return;
- 
- 	static $CACHE = array();
- 
--- a/www/phpldapadmin/pkg/PLIST
+++ b/www/phpldapadmin/pkg/PLIST
@ -1,13 +1,11 @@
-@comment $OpenBSD: PLIST,v 1.14 2011/09/20 13:55:12 gsoares Exp $
+@comment $OpenBSD: PLIST,v 1.15 2012/03/06 20:35:20 sthen Exp $
@group daemon
 phpldapadmin/
-@comment phpldapadmin/.cvsignore
@comment phpldapadmin/.gitignore
 phpldapadmin/INSTALL
 phpldapadmin/LICENSE
 phpldapadmin/VERSION
 phpldapadmin/config/
-@comment phpldapadmin/config/.cvsignore
 phpldapadmin/config/config.php.example
@mode 0640
@group www