diff options
| author | taca <taca> | 2013-04-02 16:00:10 +0000 |
|---|---|---|
| committer | taca <taca> | 2013-04-02 16:00:10 +0000 |
| commit | e064de79473c144ab721343f2c78a5c0273b623d (patch) | |
| tree | 3c82b4fe46d6c9c6b5e1fddb6bff91591d322db1 /databases/phpldapadmin | |
| parent | 53ecb9fee27f7b3e292446186976e12fe3a1290f (diff) | |
| download | pkgsrc-e064de79473c144ab721343f2c78a5c0273b623d.tar.gz | |
Update phpldapadmin to 1.2.3.
* There was a mistake in patches/patch-lib_functions.php, droping "ssha"
password type.
2012-10-01 Release 1.2.3 master RELEASE-1.2.3
2012-10-01 Update template to show multiselect values
2012-09-06 Language update from launchpad for 1.2.3 (also see #30)
2012-09-05 SF Bug #3531956 - Search / Show Attributes must be lowercase
2012-09-05 SF Bug #3518548 - Missing attributes on some custom forms
2012-09-05 SF Bug #3513210 - Export to VCARD only exports the last entry in the list
2012-09-05 SF Bug #3510648 - Cannot copy between servers
2012-09-05 SF Bug #3510114 - Unable to check passwords when samba hashes are in lowercase
2012-09-05 SF Bug #3452416 - templates <order> non-functional
2012-09-05 SF Bug #3427748 - value id is ignored in select attribute
2012-09-04 SF Bug #3448530 - Treat krbExtraData and krbPrincipalKe as binary
2012-09-02 SF Bug #3497660 - XSS flaws via 'export', 'add_value_form' and 'dn' variables
2012-09-02 SF Bug #3426575 - clicking 'logout' does not unset _SESSION['ACTIVITY']
2012-09-01 SF Feature #3555472 - User-friendly items in entry chooser window.
2012-09-01 SF Feature #3509651 - Add support for SHA512 with OpenLDAP
2012-08-29 SF Patch #3469148 - Display mass edit actions as buttons
2012-01-24 SF Bug #3477910 - XSS vulnerability in query
Diffstat (limited to 'databases/phpldapadmin')
| -rw-r--r-- | databases/phpldapadmin/Makefile | 5 | ||||
| -rw-r--r-- | databases/phpldapadmin/PLIST | 25 | ||||
| -rw-r--r-- | databases/phpldapadmin/distinfo | 14 | ||||
| -rw-r--r-- | databases/phpldapadmin/patches/patch-htdocs_add__value__form.php | 16 | ||||
| -rw-r--r-- | databases/phpldapadmin/patches/patch-htdocs_export.php | 22 | ||||
| -rw-r--r-- | databases/phpldapadmin/patches/patch-htdocs_logout.php | 27 | ||||
| -rw-r--r-- | databases/phpldapadmin/patches/patch-lib_QueryRender.php | 25 | ||||
| -rw-r--r-- | databases/phpldapadmin/patches/patch-lib_export__functions.php | 55 | ||||
| -rw-r--r-- | databases/phpldapadmin/patches/patch-lib_functions.php | 82 |
9 files changed, 11 insertions, 260 deletions
diff --git a/databases/phpldapadmin/Makefile b/databases/phpldapadmin/Makefile index b0ab3aa4398..acaf2a37533 100644 --- a/databases/phpldapadmin/Makefile +++ b/databases/phpldapadmin/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.35 2013/03/16 07:21:19 obache Exp $ +# $NetBSD: Makefile,v 1.36 2013/04/02 16:00:10 taca Exp $ DISTNAME= phpldapadmin-${VERSION} -PKGREVISION= 2 CATEGORIES= databases www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=phpldapadmin/} EXTRACT_SUFX= .tgz @@ -21,7 +20,7 @@ DEPENDS+= ${PHP_PKG_PREFIX}-gettext>=4.1.2:../../devel/php-gettext USE_TOOLS+= pax -VERSION= 1.2.2 +VERSION= 1.2.3 NO_BUILD= YES CONF_FILES+= ${PREFIX}/share/examples/phpldapadmin/config.php.example \ diff --git a/databases/phpldapadmin/PLIST b/databases/phpldapadmin/PLIST index e2fbfb83c2e..3f0c28e6818 100644 --- a/databases/phpldapadmin/PLIST +++ b/databases/phpldapadmin/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.10 2011/06/17 15:40:33 taca Exp $ +@comment $NetBSD: PLIST,v 1.11 2013/04/02 16:00:10 taca Exp $ share/doc/phpldapadmin/INSTALL share/doc/phpldapadmin/LICENSE share/examples/phpldapadmin/config.php.example @@ -561,43 +561,28 @@ share/phpldapadmin/lib/template_functions.php share/phpldapadmin/lib/xml2array.php share/phpldapadmin/lib/xmlTemplates.php share/phpldapadmin/locale/ca_ES/LC_MESSAGES/messages.mo -share/phpldapadmin/locale/ca_ES/LC_MESSAGES/messages.po share/phpldapadmin/locale/cs_CZ/LC_MESSAGES/messages.mo -share/phpldapadmin/locale/cs_CZ/LC_MESSAGES/messages.po share/phpldapadmin/locale/da_DK/LC_MESSAGES/messages.mo -share/phpldapadmin/locale/da_DK/LC_MESSAGES/messages.po share/phpldapadmin/locale/de_DE/LC_MESSAGES/messages.mo -share/phpldapadmin/locale/de_DE/LC_MESSAGES/messages.po share/phpldapadmin/locale/es_ES/LC_MESSAGES/messages.mo -share/phpldapadmin/locale/es_ES/LC_MESSAGES/messages.po share/phpldapadmin/locale/fi_FI/LC_MESSAGES/messages.mo -share/phpldapadmin/locale/fi_FI/LC_MESSAGES/messages.po share/phpldapadmin/locale/fr_FR/LC_MESSAGES/messages.mo -share/phpldapadmin/locale/fr_FR/LC_MESSAGES/messages.po +share/phpldapadmin/locale/gn_PY/LC_MESSAGES/messages.mo share/phpldapadmin/locale/hu_HU/LC_MESSAGES/messages.mo -share/phpldapadmin/locale/hu_HU/LC_MESSAGES/messages.po share/phpldapadmin/locale/it_IT/LC_MESSAGES/messages.mo -share/phpldapadmin/locale/it_IT/LC_MESSAGES/messages.po share/phpldapadmin/locale/ja_JP/LC_MESSAGES/messages.mo -share/phpldapadmin/locale/ja_JP/LC_MESSAGES/messages.po +share/phpldapadmin/locale/nb_NO/LC_MESSAGES/messages.mo share/phpldapadmin/locale/nl_BE/LC_MESSAGES/messages.mo -share/phpldapadmin/locale/nl_BE/LC_MESSAGES/messages.po share/phpldapadmin/locale/oc_FR/LC_MESSAGES/messages.mo -share/phpldapadmin/locale/oc_FR/LC_MESSAGES/messages.po share/phpldapadmin/locale/pl_PL/LC_MESSAGES/messages.mo -share/phpldapadmin/locale/pl_PL/LC_MESSAGES/messages.po share/phpldapadmin/locale/pt_BR/LC_MESSAGES/messages.mo -share/phpldapadmin/locale/pt_BR/LC_MESSAGES/messages.po share/phpldapadmin/locale/ru_RU/LC_MESSAGES/messages.mo -share/phpldapadmin/locale/ru_RU/LC_MESSAGES/messages.po share/phpldapadmin/locale/sk_SK/LC_MESSAGES/messages.mo -share/phpldapadmin/locale/sk_SK/LC_MESSAGES/messages.po share/phpldapadmin/locale/sv_FI/LC_MESSAGES/messages.mo -share/phpldapadmin/locale/sv_FI/LC_MESSAGES/messages.po +share/phpldapadmin/locale/tr_TR/LC_MESSAGES/messages.mo +share/phpldapadmin/locale/uk_UA/LC_MESSAGES/messages.mo share/phpldapadmin/locale/zh_CN/LC_MESSAGES/messages.mo -share/phpldapadmin/locale/zh_CN/LC_MESSAGES/messages.po share/phpldapadmin/locale/zh_TW/LC_MESSAGES/messages.mo -share/phpldapadmin/locale/zh_TW/LC_MESSAGES/messages.po share/phpldapadmin/queries/SambaUsers.xml share/phpldapadmin/queries/UserList.xml share/phpldapadmin/queries/query.dtd diff --git a/databases/phpldapadmin/distinfo b/databases/phpldapadmin/distinfo index 9b89c22822d..82626dcd5e2 100644 --- a/databases/phpldapadmin/distinfo +++ b/databases/phpldapadmin/distinfo @@ -1,11 +1,5 @@ -$NetBSD: distinfo,v 1.13 2013/01/22 11:49:33 obache Exp $ +$NetBSD: distinfo,v 1.14 2013/04/02 16:00:10 taca Exp $ -SHA1 (phpldapadmin-1.2.2.tgz) = 2904923eb25173d108b556c70fb3d42cd6e0e289 -RMD160 (phpldapadmin-1.2.2.tgz) = dd93d9558c9780b014f066d070b496e2804b9565 -Size (phpldapadmin-1.2.2.tgz) = 1415565 bytes -SHA1 (patch-htdocs_add__value__form.php) = 74e7128a36391c7ccce1a4a25bb115290fd8af3e -SHA1 (patch-htdocs_export.php) = 822cb73c754d83a8e080bc709db36d3d7d90deb4 -SHA1 (patch-htdocs_logout.php) = f09fdceb60faad2d2c49c37fa9ca01ac3c2e332e -SHA1 (patch-lib_QueryRender.php) = 976eb66a7c50ed992886a3c4f79d2ae7d3c2f52e -SHA1 (patch-lib_export__functions.php) = ace9e5b372ea34e54a24a1679cc43c5c5393d038 -SHA1 (patch-lib_functions.php) = a596507eba2a32bf674cac093b307bfe765510bb +SHA1 (phpldapadmin-1.2.3.tgz) = 669fca66c75e24137e106fdd02e3832f81146e23 +RMD160 (phpldapadmin-1.2.3.tgz) = 0d170a1da26836b8c9af3c3a06960cfc42f29b26 +Size (phpldapadmin-1.2.3.tgz) = 1115707 bytes diff --git a/databases/phpldapadmin/patches/patch-htdocs_add__value__form.php b/databases/phpldapadmin/patches/patch-htdocs_add__value__form.php deleted file mode 100644 index 9878b2bbde5..00000000000 --- a/databases/phpldapadmin/patches/patch-htdocs_add__value__form.php +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-htdocs_add__value__form.php,v 1.1 2013/01/21 12:43:23 taca Exp $ - -* Fix XSS for CVE-2012-1114/CVE-2012-1115 from repository, - 74434e5ca3fb66018fad60766f833f15689fcbfc. - ---- htdocs/add_value_form.php.orig 2011-10-27 02:07:09.000000000 +0000 -+++ htdocs/add_value_form.php -@@ -34,7 +34,7 @@ if ($request['attribute']->isReadOnly()) - # Render the form - if (! strcasecmp($request['attr'],'objectclass') || get_request('meth','REQUEST') != 'ajax') { - # Render the form. -- $request['page']->drawTitle(sprintf('%s <b>%s</b> %s <b>%s</b>',_('Add new'),$request['attr'],_('value to'),get_rdn($request['dn']))); -+ $request['page']->drawTitle(sprintf(_('Add new <b>%s</b> value to <b>%s</b>'), htmlspecialchars($request['attr']),htmlspecialchars(get_rdn($request['dn'])))); - $request['page']->drawSubTitle(); - - if (! strcasecmp($request['attr'],'objectclass')) { diff --git a/databases/phpldapadmin/patches/patch-htdocs_export.php b/databases/phpldapadmin/patches/patch-htdocs_export.php deleted file mode 100644 index 41b3a960ce6..00000000000 --- a/databases/phpldapadmin/patches/patch-htdocs_export.php +++ /dev/null @@ -1,22 +0,0 @@ -$NetBSD: patch-htdocs_export.php,v 1.1 2013/01/21 12:43:23 taca Exp $ - -* Fix XSS for CVE-2012-1114/CVE-2012-1115 from repository, - 74434e5ca3fb66018fad60766f833f15689fcbfc. - ---- htdocs/export.php.orig 2011-10-27 02:07:09.000000000 +0000 -+++ htdocs/export.php -@@ -29,12 +29,12 @@ if ($request['file']) { - - header('Content-type: application/download'); - header(sprintf('Content-Disposition: inline; filename="%s.%s"','export',$types['extension'].($request['export']->isCompressed() ? '.gz' : ''))); -- $request['export']->export(); -+ echo $request['export']->export(); - die(); - - } else { - print '<span style="font-size: 14px; font-family: courier;"><pre>'; -- $request['export']->export(); -+ echo htmlspecialchars($request['export']->export()); - print '</pre></span>'; - } - ?> diff --git a/databases/phpldapadmin/patches/patch-htdocs_logout.php b/databases/phpldapadmin/patches/patch-htdocs_logout.php deleted file mode 100644 index 4e7698abdd4..00000000000 --- a/databases/phpldapadmin/patches/patch-htdocs_logout.php +++ /dev/null @@ -1,27 +0,0 @@ -$NetBSD: patch-htdocs_logout.php,v 1.1 2013/01/21 12:43:23 taca Exp $ - -o Unset $_SESSION['ACTIVITY'] on logout from repository, - 88d41216f957f98bb0a22b1af779df964580fd5c. - ---- htdocs/logout.php.orig 2011-10-27 02:07:09.000000000 +0000 -+++ htdocs/logout.php -@@ -11,13 +11,16 @@ - - require './common.php'; - --if ($app['server']->logout()) -+if ($app['server']->logout()) { -+ unset($_SESSION['ACTIVITY'][$app['server']->getIndex()]); -+ - system_message(array( -- 'title'=>_('Authenticate to server'), -+ 'title'=>_('Logout from Server'), - 'body'=>_('Successfully logged out of server.'), - 'type'=>'info'), - sprintf('index.php?server_id=%s',$app['server']->getIndex())); --else -+ -+} else - system_message(array( - 'title'=>_('Failed to Logout of server'), - 'body'=>_('Please report this error to the admins.'), diff --git a/databases/phpldapadmin/patches/patch-lib_QueryRender.php b/databases/phpldapadmin/patches/patch-lib_QueryRender.php deleted file mode 100644 index 4d0540e5efd..00000000000 --- a/databases/phpldapadmin/patches/patch-lib_QueryRender.php +++ /dev/null @@ -1,25 +0,0 @@ -$NetBSD: patch-lib_QueryRender.php,v 1.2 2013/01/22 11:49:33 obache Exp $ - -o Fix XSS in query from repository, 7dc8d57d6952fe681cb9e8818df7f103220457bd. - CVE-2012-0834 - ---- lib/QueryRender.php.orig 2011-10-27 02:07:09.000000000 +0000 -+++ lib/QueryRender.php -@@ -497,7 +497,7 @@ class QueryRender extends PageRender { - $this->getAjaxRef($base), - $this->getAjaxRef($base), - ($show == $this->getAjaxRef($base) ? '#F0F0F0' : '#E0E0E0'), -- $base); -+ htmlspecialchars($base)); - } - echo '</tr>'; - echo '</table>'; -@@ -545,7 +545,7 @@ class QueryRender extends PageRender { - echo ' ]</small>'; - - echo '<br />'; -- printf('<small>%s: <b>%s</b></small>',_('Base DN'),$base); -+ printf('<small>%s: <b>%s</b></small>',_('Base DN'), htmlspecialchars($base)); - - echo '<br />'; - printf('<small>%s: <b>%s</b></small>',_('Filter performed'),htmlspecialchars($this->template->resultsdata[$base]['filter'])); diff --git a/databases/phpldapadmin/patches/patch-lib_export__functions.php b/databases/phpldapadmin/patches/patch-lib_export__functions.php deleted file mode 100644 index bbed4bf8612..00000000000 --- a/databases/phpldapadmin/patches/patch-lib_export__functions.php +++ /dev/null @@ -1,55 +0,0 @@ -$NetBSD: patch-lib_export__functions.php,v 1.1 2013/01/21 12:43:23 taca Exp $ - -* Fix XSS for CVE-2012-1114/CVE-2012-1115 from repository, - 74434e5ca3fb66018fad60766f833f15689fcbfc. - ---- lib/export_functions.php.orig 2011-10-27 02:07:09.000000000 +0000 -+++ lib/export_functions.php -@@ -324,9 +324,9 @@ class ExportCSV extends Export { - } - - if ($this->compress) -- echo gzencode($output); -+ return gzencode($output); - else -- echo $output; -+ return $output; - } - - /** -@@ -428,9 +428,9 @@ class ExportDSML extends Export { - $output .= sprintf('</dsml>%s',$this->br); - - if ($this->compress) -- echo gzencode($output); -+ return gzencode($output); - else -- echo $output; -+ return $output; - } - } - -@@ -506,9 +506,9 @@ class ExportLDIF extends Export { - } - - if ($this->compress) -- echo gzencode($output); -+ return gzencode($output); - else -- echo $output; -+ return $output; - } - - /** -@@ -633,9 +633,9 @@ class ExportVCARD extends Export { - } - - if ($this->compress) -- echo gzencode($output); -+ return gzencode($output); - else -- echo $output; -+ return $output; - } - } - ?> diff --git a/databases/phpldapadmin/patches/patch-lib_functions.php b/databases/phpldapadmin/patches/patch-lib_functions.php deleted file mode 100644 index 2ff1585f06c..00000000000 --- a/databases/phpldapadmin/patches/patch-lib_functions.php +++ /dev/null @@ -1,82 +0,0 @@ -$NetBSD: patch-lib_functions.php,v 1.1 2013/01/21 12:43:23 taca Exp $ - -* Add support for SHA512 with OpenLDAP from repository, - 21959715c3d6f204dd6c35b2e313eb2d4a01d22a. - ---- lib/functions.php.orig 2011-10-27 02:07:09.000000000 +0000 -+++ lib/functions.php -@@ -1471,10 +1471,10 @@ function get_next_number($base,$attr,$in - for ($i=0;$i<count($autonum);$i++) { - $num = $autonum[$i] < $minNumber ? $minNumber : $autonum[$i]; - -- /* If we're at the end of the list, or we've found a gap between this number and the -- following, use the next available number in the gap. */ -- if ($i+1 == count($autonum) || $autonum[$i+1] > $num+1) -- return $autonum[$i] >= $num ? $num+1 : $num; -+ /* If we're at the end of the list, or we've found a gap between this number and the -+ following, use the next available number in the gap. */ -+ if ($i+1 == count($autonum) || $autonum[$i+1] > $num+1) -+ return $autonum[$i] >= $num ? $num+1 : $num; - } - - # If we didnt find a suitable gap and are all above the minNumber, we'll just return the $minNumber -@@ -2114,7 +2114,7 @@ function password_types() { - 'md5crypt'=>'md5crypt', - 'sha'=>'sha', - 'smd5'=>'smd5', -- 'ssha'=>'ssha' -+ 'ssh512'=>'ssh512' - ); - } - -@@ -2123,7 +2123,7 @@ function password_types() { - * - * @param string The password to hash in clear text. - * @param string Standard LDAP encryption type which must be one of -- * crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, or clear. -+ * crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, sha512, or clear. - * @return string The hashed password. - */ - function password_hash($password_clear,$enc_type) { -@@ -2216,6 +2216,16 @@ function password_hash($password_clear,$ - - break; - -+ case 'sha512': -+ if (function_exists('openssl_digest') && function_exists('base64_encode')) { -+ $new_value = sprintf('{SHA512}%s', base64_encode(openssl_digest($password_clear, 'sha512', true))); -+ -+ } else { -+ error(_('Your PHP install doest not have the openssl_digest() or base64_encode() function. Cannot do SHA512 hashes. '),'error','index.php'); -+ } -+ -+ break; -+ - case 'clear': - default: - $new_value = $password_clear; -@@ -2379,6 +2389,15 @@ function password_check($cryptedpassword - - break; - -+ # SHA512 crypted passwords -+ case 'sha512': -+ if (strcasecmp(password_hash($plainpassword,'sha512'),'{SHA512}'.$cryptedpassword) == 0) -+ return true; -+ else -+ return false; -+ -+ break; -+ - # No crypt is given assume plaintext passwords are used - default: - if ($plainpassword == $cryptedpassword) -@@ -2782,7 +2801,7 @@ function draw_formatted_dn($server,$entr - - $formats = $_SESSION[APPCONFIG]->getValue('appearance','tree_display_format'); - -- foreach ($formats as $format) { -+ foreach ($formats as $format) { - $has_none = false; - preg_match_all('/%[a-zA-Z_0-9]+/',$format,$tokens); - $tokens = $tokens[0]; |