summaryrefslogtreecommitdiff
path: root/databases
diff options
context:
space:
mode:
authortaca <taca@pkgsrc.org>2013-04-02 16:00:10 +0000
committertaca <taca@pkgsrc.org>2013-04-02 16:00:10 +0000
commit537cf4656a95b6477331116fa8b19812f7cd3134 (patch)
tree3c82b4fe46d6c9c6b5e1fddb6bff91591d322db1 /databases
parenta44e9b58e063fcf367b728f6fa3dc668083298ce (diff)
downloadpkgsrc-537cf4656a95b6477331116fa8b19812f7cd3134.tar.gz
Update phpldapadmin to 1.2.3.
* There was a mistake in patches/patch-lib_functions.php, droping "ssha" password type. 2012-10-01 Release 1.2.3 master RELEASE-1.2.3 2012-10-01 Update template to show multiselect values 2012-09-06 Language update from launchpad for 1.2.3 (also see #30) 2012-09-05 SF Bug #3531956 - Search / Show Attributes must be lowercase 2012-09-05 SF Bug #3518548 - Missing attributes on some custom forms 2012-09-05 SF Bug #3513210 - Export to VCARD only exports the last entry in the list 2012-09-05 SF Bug #3510648 - Cannot copy between servers 2012-09-05 SF Bug #3510114 - Unable to check passwords when samba hashes are in lowercase 2012-09-05 SF Bug #3452416 - templates <order> non-functional 2012-09-05 SF Bug #3427748 - value id is ignored in select attribute 2012-09-04 SF Bug #3448530 - Treat krbExtraData and krbPrincipalKe as binary 2012-09-02 SF Bug #3497660 - XSS flaws via 'export', 'add_value_form' and 'dn' variables 2012-09-02 SF Bug #3426575 - clicking 'logout' does not unset _SESSION['ACTIVITY'] 2012-09-01 SF Feature #3555472 - User-friendly items in entry chooser window. 2012-09-01 SF Feature #3509651 - Add support for SHA512 with OpenLDAP 2012-08-29 SF Patch #3469148 - Display mass edit actions as buttons 2012-01-24 SF Bug #3477910 - XSS vulnerability in query
Diffstat (limited to 'databases')
-rw-r--r--databases/phpldapadmin/Makefile5
-rw-r--r--databases/phpldapadmin/PLIST25
-rw-r--r--databases/phpldapadmin/distinfo14
-rw-r--r--databases/phpldapadmin/patches/patch-htdocs_add__value__form.php16
-rw-r--r--databases/phpldapadmin/patches/patch-htdocs_export.php22
-rw-r--r--databases/phpldapadmin/patches/patch-htdocs_logout.php27
-rw-r--r--databases/phpldapadmin/patches/patch-lib_QueryRender.php25
-rw-r--r--databases/phpldapadmin/patches/patch-lib_export__functions.php55
-rw-r--r--databases/phpldapadmin/patches/patch-lib_functions.php82
9 files changed, 11 insertions, 260 deletions
diff --git a/databases/phpldapadmin/Makefile b/databases/phpldapadmin/Makefile
index b0ab3aa4398..acaf2a37533 100644
--- a/databases/phpldapadmin/Makefile
+++ b/databases/phpldapadmin/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.35 2013/03/16 07:21:19 obache Exp $
+# $NetBSD: Makefile,v 1.36 2013/04/02 16:00:10 taca Exp $
DISTNAME= phpldapadmin-${VERSION}
-PKGREVISION= 2
CATEGORIES= databases www
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=phpldapadmin/}
EXTRACT_SUFX= .tgz
@@ -21,7 +20,7 @@ DEPENDS+= ${PHP_PKG_PREFIX}-gettext>=4.1.2:../../devel/php-gettext
USE_TOOLS+= pax
-VERSION= 1.2.2
+VERSION= 1.2.3
NO_BUILD= YES
CONF_FILES+= ${PREFIX}/share/examples/phpldapadmin/config.php.example \
diff --git a/databases/phpldapadmin/PLIST b/databases/phpldapadmin/PLIST
index e2fbfb83c2e..3f0c28e6818 100644
--- a/databases/phpldapadmin/PLIST
+++ b/databases/phpldapadmin/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.10 2011/06/17 15:40:33 taca Exp $
+@comment $NetBSD: PLIST,v 1.11 2013/04/02 16:00:10 taca Exp $
share/doc/phpldapadmin/INSTALL
share/doc/phpldapadmin/LICENSE
share/examples/phpldapadmin/config.php.example
@@ -561,43 +561,28 @@ share/phpldapadmin/lib/template_functions.php
share/phpldapadmin/lib/xml2array.php
share/phpldapadmin/lib/xmlTemplates.php
share/phpldapadmin/locale/ca_ES/LC_MESSAGES/messages.mo
-share/phpldapadmin/locale/ca_ES/LC_MESSAGES/messages.po
share/phpldapadmin/locale/cs_CZ/LC_MESSAGES/messages.mo
-share/phpldapadmin/locale/cs_CZ/LC_MESSAGES/messages.po
share/phpldapadmin/locale/da_DK/LC_MESSAGES/messages.mo
-share/phpldapadmin/locale/da_DK/LC_MESSAGES/messages.po
share/phpldapadmin/locale/de_DE/LC_MESSAGES/messages.mo
-share/phpldapadmin/locale/de_DE/LC_MESSAGES/messages.po
share/phpldapadmin/locale/es_ES/LC_MESSAGES/messages.mo
-share/phpldapadmin/locale/es_ES/LC_MESSAGES/messages.po
share/phpldapadmin/locale/fi_FI/LC_MESSAGES/messages.mo
-share/phpldapadmin/locale/fi_FI/LC_MESSAGES/messages.po
share/phpldapadmin/locale/fr_FR/LC_MESSAGES/messages.mo
-share/phpldapadmin/locale/fr_FR/LC_MESSAGES/messages.po
+share/phpldapadmin/locale/gn_PY/LC_MESSAGES/messages.mo
share/phpldapadmin/locale/hu_HU/LC_MESSAGES/messages.mo
-share/phpldapadmin/locale/hu_HU/LC_MESSAGES/messages.po
share/phpldapadmin/locale/it_IT/LC_MESSAGES/messages.mo
-share/phpldapadmin/locale/it_IT/LC_MESSAGES/messages.po
share/phpldapadmin/locale/ja_JP/LC_MESSAGES/messages.mo
-share/phpldapadmin/locale/ja_JP/LC_MESSAGES/messages.po
+share/phpldapadmin/locale/nb_NO/LC_MESSAGES/messages.mo
share/phpldapadmin/locale/nl_BE/LC_MESSAGES/messages.mo
-share/phpldapadmin/locale/nl_BE/LC_MESSAGES/messages.po
share/phpldapadmin/locale/oc_FR/LC_MESSAGES/messages.mo
-share/phpldapadmin/locale/oc_FR/LC_MESSAGES/messages.po
share/phpldapadmin/locale/pl_PL/LC_MESSAGES/messages.mo
-share/phpldapadmin/locale/pl_PL/LC_MESSAGES/messages.po
share/phpldapadmin/locale/pt_BR/LC_MESSAGES/messages.mo
-share/phpldapadmin/locale/pt_BR/LC_MESSAGES/messages.po
share/phpldapadmin/locale/ru_RU/LC_MESSAGES/messages.mo
-share/phpldapadmin/locale/ru_RU/LC_MESSAGES/messages.po
share/phpldapadmin/locale/sk_SK/LC_MESSAGES/messages.mo
-share/phpldapadmin/locale/sk_SK/LC_MESSAGES/messages.po
share/phpldapadmin/locale/sv_FI/LC_MESSAGES/messages.mo
-share/phpldapadmin/locale/sv_FI/LC_MESSAGES/messages.po
+share/phpldapadmin/locale/tr_TR/LC_MESSAGES/messages.mo
+share/phpldapadmin/locale/uk_UA/LC_MESSAGES/messages.mo
share/phpldapadmin/locale/zh_CN/LC_MESSAGES/messages.mo
-share/phpldapadmin/locale/zh_CN/LC_MESSAGES/messages.po
share/phpldapadmin/locale/zh_TW/LC_MESSAGES/messages.mo
-share/phpldapadmin/locale/zh_TW/LC_MESSAGES/messages.po
share/phpldapadmin/queries/SambaUsers.xml
share/phpldapadmin/queries/UserList.xml
share/phpldapadmin/queries/query.dtd
diff --git a/databases/phpldapadmin/distinfo b/databases/phpldapadmin/distinfo
index 9b89c22822d..82626dcd5e2 100644
--- a/databases/phpldapadmin/distinfo
+++ b/databases/phpldapadmin/distinfo
@@ -1,11 +1,5 @@
-$NetBSD: distinfo,v 1.13 2013/01/22 11:49:33 obache Exp $
+$NetBSD: distinfo,v 1.14 2013/04/02 16:00:10 taca Exp $
-SHA1 (phpldapadmin-1.2.2.tgz) = 2904923eb25173d108b556c70fb3d42cd6e0e289
-RMD160 (phpldapadmin-1.2.2.tgz) = dd93d9558c9780b014f066d070b496e2804b9565
-Size (phpldapadmin-1.2.2.tgz) = 1415565 bytes
-SHA1 (patch-htdocs_add__value__form.php) = 74e7128a36391c7ccce1a4a25bb115290fd8af3e
-SHA1 (patch-htdocs_export.php) = 822cb73c754d83a8e080bc709db36d3d7d90deb4
-SHA1 (patch-htdocs_logout.php) = f09fdceb60faad2d2c49c37fa9ca01ac3c2e332e
-SHA1 (patch-lib_QueryRender.php) = 976eb66a7c50ed992886a3c4f79d2ae7d3c2f52e
-SHA1 (patch-lib_export__functions.php) = ace9e5b372ea34e54a24a1679cc43c5c5393d038
-SHA1 (patch-lib_functions.php) = a596507eba2a32bf674cac093b307bfe765510bb
+SHA1 (phpldapadmin-1.2.3.tgz) = 669fca66c75e24137e106fdd02e3832f81146e23
+RMD160 (phpldapadmin-1.2.3.tgz) = 0d170a1da26836b8c9af3c3a06960cfc42f29b26
+Size (phpldapadmin-1.2.3.tgz) = 1115707 bytes
diff --git a/databases/phpldapadmin/patches/patch-htdocs_add__value__form.php b/databases/phpldapadmin/patches/patch-htdocs_add__value__form.php
deleted file mode 100644
index 9878b2bbde5..00000000000
--- a/databases/phpldapadmin/patches/patch-htdocs_add__value__form.php
+++ /dev/null
@@ -1,16 +0,0 @@
-$NetBSD: patch-htdocs_add__value__form.php,v 1.1 2013/01/21 12:43:23 taca Exp $
-
-* Fix XSS for CVE-2012-1114/CVE-2012-1115 from repository,
- 74434e5ca3fb66018fad60766f833f15689fcbfc.
-
---- htdocs/add_value_form.php.orig 2011-10-27 02:07:09.000000000 +0000
-+++ htdocs/add_value_form.php
-@@ -34,7 +34,7 @@ if ($request['attribute']->isReadOnly())
- # Render the form
- if (! strcasecmp($request['attr'],'objectclass') || get_request('meth','REQUEST') != 'ajax') {
- # Render the form.
-- $request['page']->drawTitle(sprintf('%s <b>%s</b> %s <b>%s</b>',_('Add new'),$request['attr'],_('value to'),get_rdn($request['dn'])));
-+ $request['page']->drawTitle(sprintf(_('Add new <b>%s</b> value to <b>%s</b>'), htmlspecialchars($request['attr']),htmlspecialchars(get_rdn($request['dn']))));
- $request['page']->drawSubTitle();
-
- if (! strcasecmp($request['attr'],'objectclass')) {
diff --git a/databases/phpldapadmin/patches/patch-htdocs_export.php b/databases/phpldapadmin/patches/patch-htdocs_export.php
deleted file mode 100644
index 41b3a960ce6..00000000000
--- a/databases/phpldapadmin/patches/patch-htdocs_export.php
+++ /dev/null
@@ -1,22 +0,0 @@
-$NetBSD: patch-htdocs_export.php,v 1.1 2013/01/21 12:43:23 taca Exp $
-
-* Fix XSS for CVE-2012-1114/CVE-2012-1115 from repository,
- 74434e5ca3fb66018fad60766f833f15689fcbfc.
-
---- htdocs/export.php.orig 2011-10-27 02:07:09.000000000 +0000
-+++ htdocs/export.php
-@@ -29,12 +29,12 @@ if ($request['file']) {
-
- header('Content-type: application/download');
- header(sprintf('Content-Disposition: inline; filename="%s.%s"','export',$types['extension'].($request['export']->isCompressed() ? '.gz' : '')));
-- $request['export']->export();
-+ echo $request['export']->export();
- die();
-
- } else {
- print '<span style="font-size: 14px; font-family: courier;"><pre>';
-- $request['export']->export();
-+ echo htmlspecialchars($request['export']->export());
- print '</pre></span>';
- }
- ?>
diff --git a/databases/phpldapadmin/patches/patch-htdocs_logout.php b/databases/phpldapadmin/patches/patch-htdocs_logout.php
deleted file mode 100644
index 4e7698abdd4..00000000000
--- a/databases/phpldapadmin/patches/patch-htdocs_logout.php
+++ /dev/null
@@ -1,27 +0,0 @@
-$NetBSD: patch-htdocs_logout.php,v 1.1 2013/01/21 12:43:23 taca Exp $
-
-o Unset $_SESSION['ACTIVITY'] on logout from repository,
- 88d41216f957f98bb0a22b1af779df964580fd5c.
-
---- htdocs/logout.php.orig 2011-10-27 02:07:09.000000000 +0000
-+++ htdocs/logout.php
-@@ -11,13 +11,16 @@
-
- require './common.php';
-
--if ($app['server']->logout())
-+if ($app['server']->logout()) {
-+ unset($_SESSION['ACTIVITY'][$app['server']->getIndex()]);
-+
- system_message(array(
-- 'title'=>_('Authenticate to server'),
-+ 'title'=>_('Logout from Server'),
- 'body'=>_('Successfully logged out of server.'),
- 'type'=>'info'),
- sprintf('index.php?server_id=%s',$app['server']->getIndex()));
--else
-+
-+} else
- system_message(array(
- 'title'=>_('Failed to Logout of server'),
- 'body'=>_('Please report this error to the admins.'),
diff --git a/databases/phpldapadmin/patches/patch-lib_QueryRender.php b/databases/phpldapadmin/patches/patch-lib_QueryRender.php
deleted file mode 100644
index 4d0540e5efd..00000000000
--- a/databases/phpldapadmin/patches/patch-lib_QueryRender.php
+++ /dev/null
@@ -1,25 +0,0 @@
-$NetBSD: patch-lib_QueryRender.php,v 1.2 2013/01/22 11:49:33 obache Exp $
-
-o Fix XSS in query from repository, 7dc8d57d6952fe681cb9e8818df7f103220457bd.
- CVE-2012-0834
-
---- lib/QueryRender.php.orig 2011-10-27 02:07:09.000000000 +0000
-+++ lib/QueryRender.php
-@@ -497,7 +497,7 @@ class QueryRender extends PageRender {
- $this->getAjaxRef($base),
- $this->getAjaxRef($base),
- ($show == $this->getAjaxRef($base) ? '#F0F0F0' : '#E0E0E0'),
-- $base);
-+ htmlspecialchars($base));
- }
- echo '</tr>';
- echo '</table>';
-@@ -545,7 +545,7 @@ class QueryRender extends PageRender {
- echo ' ]</small>';
-
- echo '<br />';
-- printf('<small>%s: <b>%s</b></small>',_('Base DN'),$base);
-+ printf('<small>%s: <b>%s</b></small>',_('Base DN'), htmlspecialchars($base));
-
- echo '<br />';
- printf('<small>%s: <b>%s</b></small>',_('Filter performed'),htmlspecialchars($this->template->resultsdata[$base]['filter']));
diff --git a/databases/phpldapadmin/patches/patch-lib_export__functions.php b/databases/phpldapadmin/patches/patch-lib_export__functions.php
deleted file mode 100644
index bbed4bf8612..00000000000
--- a/databases/phpldapadmin/patches/patch-lib_export__functions.php
+++ /dev/null
@@ -1,55 +0,0 @@
-$NetBSD: patch-lib_export__functions.php,v 1.1 2013/01/21 12:43:23 taca Exp $
-
-* Fix XSS for CVE-2012-1114/CVE-2012-1115 from repository,
- 74434e5ca3fb66018fad60766f833f15689fcbfc.
-
---- lib/export_functions.php.orig 2011-10-27 02:07:09.000000000 +0000
-+++ lib/export_functions.php
-@@ -324,9 +324,9 @@ class ExportCSV extends Export {
- }
-
- if ($this->compress)
-- echo gzencode($output);
-+ return gzencode($output);
- else
-- echo $output;
-+ return $output;
- }
-
- /**
-@@ -428,9 +428,9 @@ class ExportDSML extends Export {
- $output .= sprintf('</dsml>%s',$this->br);
-
- if ($this->compress)
-- echo gzencode($output);
-+ return gzencode($output);
- else
-- echo $output;
-+ return $output;
- }
- }
-
-@@ -506,9 +506,9 @@ class ExportLDIF extends Export {
- }
-
- if ($this->compress)
-- echo gzencode($output);
-+ return gzencode($output);
- else
-- echo $output;
-+ return $output;
- }
-
- /**
-@@ -633,9 +633,9 @@ class ExportVCARD extends Export {
- }
-
- if ($this->compress)
-- echo gzencode($output);
-+ return gzencode($output);
- else
-- echo $output;
-+ return $output;
- }
- }
- ?>
diff --git a/databases/phpldapadmin/patches/patch-lib_functions.php b/databases/phpldapadmin/patches/patch-lib_functions.php
deleted file mode 100644
index 2ff1585f06c..00000000000
--- a/databases/phpldapadmin/patches/patch-lib_functions.php
+++ /dev/null
@@ -1,82 +0,0 @@
-$NetBSD: patch-lib_functions.php,v 1.1 2013/01/21 12:43:23 taca Exp $
-
-* Add support for SHA512 with OpenLDAP from repository,
- 21959715c3d6f204dd6c35b2e313eb2d4a01d22a.
-
---- lib/functions.php.orig 2011-10-27 02:07:09.000000000 +0000
-+++ lib/functions.php
-@@ -1471,10 +1471,10 @@ function get_next_number($base,$attr,$in
- for ($i=0;$i<count($autonum);$i++) {
- $num = $autonum[$i] < $minNumber ? $minNumber : $autonum[$i];
-
-- /* If we're at the end of the list, or we've found a gap between this number and the
-- following, use the next available number in the gap. */
-- if ($i+1 == count($autonum) || $autonum[$i+1] > $num+1)
-- return $autonum[$i] >= $num ? $num+1 : $num;
-+ /* If we're at the end of the list, or we've found a gap between this number and the
-+ following, use the next available number in the gap. */
-+ if ($i+1 == count($autonum) || $autonum[$i+1] > $num+1)
-+ return $autonum[$i] >= $num ? $num+1 : $num;
- }
-
- # If we didnt find a suitable gap and are all above the minNumber, we'll just return the $minNumber
-@@ -2114,7 +2114,7 @@ function password_types() {
- 'md5crypt'=>'md5crypt',
- 'sha'=>'sha',
- 'smd5'=>'smd5',
-- 'ssha'=>'ssha'
-+ 'ssh512'=>'ssh512'
- );
- }
-
-@@ -2123,7 +2123,7 @@ function password_types() {
- *
- * @param string The password to hash in clear text.
- * @param string Standard LDAP encryption type which must be one of
-- * crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, or clear.
-+ * crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, sha512, or clear.
- * @return string The hashed password.
- */
- function password_hash($password_clear,$enc_type) {
-@@ -2216,6 +2216,16 @@ function password_hash($password_clear,$
-
- break;
-
-+ case 'sha512':
-+ if (function_exists('openssl_digest') && function_exists('base64_encode')) {
-+ $new_value = sprintf('{SHA512}%s', base64_encode(openssl_digest($password_clear, 'sha512', true)));
-+
-+ } else {
-+ error(_('Your PHP install doest not have the openssl_digest() or base64_encode() function. Cannot do SHA512 hashes. '),'error','index.php');
-+ }
-+
-+ break;
-+
- case 'clear':
- default:
- $new_value = $password_clear;
-@@ -2379,6 +2389,15 @@ function password_check($cryptedpassword
-
- break;
-
-+ # SHA512 crypted passwords
-+ case 'sha512':
-+ if (strcasecmp(password_hash($plainpassword,'sha512'),'{SHA512}'.$cryptedpassword) == 0)
-+ return true;
-+ else
-+ return false;
-+
-+ break;
-+
- # No crypt is given assume plaintext passwords are used
- default:
- if ($plainpassword == $cryptedpassword)
-@@ -2782,7 +2801,7 @@ function draw_formatted_dn($server,$entr
-
- $formats = $_SESSION[APPCONFIG]->getValue('appearance','tree_display_format');
-
-- foreach ($formats as $format) {
-+ foreach ($formats as $format) {
- $has_none = false;
- preg_match_all('/%[a-zA-Z_0-9]+/',$format,$tokens);
- $tokens = $tokens[0];