diff options
| author |   Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 13:49:04 -0700 |
|---|---|---|
| committer | Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 17:38:18 -0700 |
| commit | 56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch) | |
| tree | 3f91093cdb475e565ae857f1c5a7fd339e2d781e /net-nds/phpldapadmin | |
| download | gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2 gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip | |
proj/gentoo: Initial commit
This commit represents a new era for Gentoo:
Storing the gentoo-x86 tree in Git, as converted from CVS.
This commit is the start of the NEW history.
Any historical data is intended to be grafted onto this point.
Creation process:
1. Take final CVS checkout snapshot
2. Remove ALL ChangeLog* files
3. Transform all Manifests to thin
4. Remove empty Manifests
5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$
5.1. Do not touch files with -kb/-ko keyword flags.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests
X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project
X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration
X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn
X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts
X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration
X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging
X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
Diffstat (limited to 'net-nds/phpldapadmin')
10 files changed, 382 insertions, 0 deletions
diff --git a/net-nds/phpldapadmin/Manifest b/net-nds/phpldapadmin/Manifest new file mode 100644 index 000000000000..f64dcf6aec12 --- /dev/null +++ b/net-nds/phpldapadmin/Manifest @@ -0,0 +1 @@ +DIST phpldapadmin-1.2.3.tgz 1115707 SHA256 aecaf8c3ce77ba3899dd31ee5ee183555b2f9349eb8e196dcd33d8a3c485ed58 SHA512 58a57ca577586685ebd0d7fde7e299b8945d1693018c7803e19239b79f4b9d72a4d207d53c9f284268e32398108038efafcdb434e634619bfe87db3524d267b6 WHIRLPOOL 2d8cf7dc9e3b509ed6884efa280e554aa34703ca829f377304b99ded20ad144ff445cae3630e83dbfdcccc83799a85a3a2301903a4e298faf0884d3201ca0d21 diff --git a/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-cmd-exploit.patch b/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-cmd-exploit.patch new file mode 100644 index 000000000000..b5ae92d0425c --- /dev/null +++ b/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-cmd-exploit.patch @@ -0,0 +1,27 @@ +From 64668e882b8866fae0fa1b25375d1a2f3b4672e2 Mon Sep 17 00:00:00 2001 +From: Deon George <wurley@users.sf.net> +Date: Wed, 27 Jul 2011 07:30:06 +1000 +Subject: [PATCH] Remove XSS vulnerabilty in debug code + +--- + htdocs/cmd.php | 4 ---- + 1 files changed, 0 insertions(+), 4 deletions(-) + +diff --git a/htdocs/cmd.php b/htdocs/cmd.php +index 34f3848..0ddf004 100644 +--- a/htdocs/cmd.php ++++ b/htdocs/cmd.php +@@ -19,10 +19,6 @@ $www['meth'] = get_request('meth','REQUEST'); + ob_start(); + + switch ($www['cmd']) { +- case '_debug': +- debug_dump($_REQUEST,1); +- break; +- + default: + if (defined('HOOKSDIR') && file_exists(HOOKSDIR.$www['cmd'].'.php')) + $app['script_cmd'] = HOOKSDIR.$www['cmd'].'.php'; +-- +1.7.4.1 + diff --git a/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-functions-exploit.patch b/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-functions-exploit.patch new file mode 100644 index 000000000000..bc18b452ca02 --- /dev/null +++ b/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-functions-exploit.patch @@ -0,0 +1,28 @@ +From 76e6dad13ef77c5448b8dfed1a61e4acc7241165 Mon Sep 17 00:00:00 2001 +From: Deon George <wurley@users.sf.net> +Date: Thu, 6 Oct 2011 09:03:20 +1100 +Subject: [PATCH] SF Bug #3417184 - PHP Code Injection Vulnerability + +--- + lib/functions.php | 5 +++-- + 1 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/lib/functions.php b/lib/functions.php +index 19fde99..eb160dc 100644 +--- a/lib/functions.php ++++ b/lib/functions.php +@@ -1003,8 +1003,9 @@ function masort(&$data,$sortby,$rev=0) { + if (defined('DEBUG_ENABLED') && DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS')) + debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs); + +- # if the array to sort is null or empty +- if (! $data) return; ++ # if the array to sort is null or empty, or if we have some nasty chars ++ if (! preg_match('/^[a-zA-Z0-9_]+(\([a-zA-Z0-9_,]*\))?$/',$sortby) || ! $data) ++ return; + + static $CACHE = array(); + +-- +1.7.4.1 + diff --git a/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-magic-quotes.patch b/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-magic-quotes.patch new file mode 100644 index 000000000000..3a2f3a48223c --- /dev/null +++ b/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-magic-quotes.patch @@ -0,0 +1,23 @@ +diff -urN phpldapadmin-1.2.1.1/lib/emuhash_functions.php phpldapadmin-1.2.1.1-new/lib/emuhash_functions.php +--- phpldapadmin-1.2.1.1/lib/emuhash_functions.php 2011-05-11 09:40:18.000000000 +0000 ++++ phpldapadmin-1.2.1.1-new/lib/emuhash_functions.php 2011-10-20 15:55:05.597714125 +0000 +@@ -59,8 +59,8 @@ + global $emuhash_emu; + + if (PHP_VERSION < 6) { +- $current_magic_quotes = @get_magic_quotes_runtime(); +- @set_magic_quotes_runtime(0); ++ $current_magic_quotes = ini_get('magic_quotes_runtime'); ++ ini_set('magic_quotes_runtime', 0);; + } + + $tmpfile = tempnam($emuhash_emu['tmpdir'],'emuhash'); +@@ -78,7 +78,7 @@ + unlink($tmpfile); + + if (PHP_VERSION < 6) +- @set_magic_quotes_runtime($current_magic_quotes); ++ ini_set('magic_quotes_runtime', $current_magic_quotes); + + return $pass; + } diff --git a/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch b/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch new file mode 100644 index 000000000000..bff3c6268556 --- /dev/null +++ b/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch @@ -0,0 +1,34 @@ +From 7dc8d57d6952fe681cb9e8818df7f103220457bd Mon Sep 17 00:00:00 2001 +From: Deon George <wurley@users.sf.net> +Date: Tue, 24 Jan 2012 12:37:28 +1100 +Subject: [PATCH] SF Bug #3477910 - XSS vulnerability in query + +--- + lib/QueryRender.php | 4 ++-- + 1 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/lib/QueryRender.php b/lib/QueryRender.php +index 291ec40..685f3ba 100644 +--- a/lib/QueryRender.php ++++ b/lib/QueryRender.php +@@ -497,7 +497,7 @@ class QueryRender extends PageRender { + $this->getAjaxRef($base), + $this->getAjaxRef($base), + ($show == $this->getAjaxRef($base) ? '#F0F0F0' : '#E0E0E0'), +- $base); ++ htmlspecialchars($base)); + } + echo '</tr>'; + echo '</table>'; +@@ -545,7 +545,7 @@ class QueryRender extends PageRender { + echo ' ]</small>'; + + echo '<br />'; +- printf('<small>%s: <b>%s</b></small>',_('Base DN'),$base); ++ printf('<small>%s: <b>%s</b></small>',_('Base DN'),htmlspecialchars($base)); + + echo '<br />'; + printf('<small>%s: <b>%s</b></small>',_('Filter performed'),htmlspecialchars($this->template->resultsdata[$base]['filter'])); +-- +1.7.4.1 + diff --git a/net-nds/phpldapadmin/files/phpldapadmin-fix-php5.5-support.patch b/net-nds/phpldapadmin/files/phpldapadmin-fix-php5.5-support.patch new file mode 100644 index 000000000000..df6a7c163758 --- /dev/null +++ b/net-nds/phpldapadmin/files/phpldapadmin-fix-php5.5-support.patch @@ -0,0 +1,152 @@ +commit 7e53dab990748c546b79f0610c3a7a58431e9ebc +Author: Michael Laccetti <michael@laccetti.com> +Date: Thu Aug 29 09:13:56 2013 -0400 + + Fixed two issues to get phpLdapAdmin to work under PHP 5.5.x + 1) password_hash is an actual function, so renamed instances to password_hash_custom (HT: https://sourceforge.net/mailarchive/message.php?msg_id=31302386) + 2) Fixed the preg_replace to preg_replace_callback to use the /e/ functionality in the officially endorsed fashion + +diff --git a/lib/PageRender.php b/lib/PageRender.php +index 7d86a54..eed5d5f 100644 +--- a/lib/PageRender.php ++++ b/lib/PageRender.php +@@ -287,7 +287,7 @@ class PageRender extends Visitor { + break; + + default: +- $vals[$i] = password_hash($passwordvalue,$enc); ++ $vals[$i] = password_hash_custom($passwordvalue,$enc); + } + + $vals = array_unique($vals); +@@ -957,7 +957,7 @@ class PageRender extends Visitor { + if (trim($val)) + $enc_type = get_enc_type($val); + else +- $enc_type = $server->getValue('appearance','password_hash'); ++ $enc_type = $server->getValue('appearance','password_hash_custom'); + + $obfuscate_password = obfuscate_password_display($enc_type); + +@@ -982,7 +982,7 @@ class PageRender extends Visitor { + if (trim($val)) + $enc_type = get_enc_type($val); + else +- $enc_type = $server->getValue('appearance','password_hash'); ++ $enc_type = $server->getValue('appearance','password_hash_custom'); + + echo '<table cellspacing="0" cellpadding="0"><tr><td valign="top">'; + +diff --git a/lib/ds_ldap.php b/lib/ds_ldap.php +index c346660..7532539 100644 +--- a/lib/ds_ldap.php ++++ b/lib/ds_ldap.php +@@ -1116,13 +1116,24 @@ class ldap extends DS { + + if (is_array($dn)) { + $a = array(); +- foreach ($dn as $key => $rdn) +- $a[$key] = preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$rdn); ++ foreach ($dn as $key => $rdn) { ++ $a[$key] = preg_replace_callback('/\\\([0-9A-Fa-f]{2})/', ++ function ($m) { ++ return ''.chr(hexdec('\\1')).''; ++ }, ++ $rdn ++ ); ++ } + + return $a; + + } else +- return preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$dn); ++ return preg_replace_callback('/\\\([0-9A-Fa-f]{2})/', ++ function ($m) { ++ return ''.chr(hexdec('\\1')).''; ++ }, ++ $dn ++ ); + } + + public function getRootDSE($method=null) { +diff --git a/lib/ds_ldap_pla.php b/lib/ds_ldap_pla.php +index 7ece393..6b0990e 100644 +--- a/lib/ds_ldap_pla.php ++++ b/lib/ds_ldap_pla.php +@@ -16,7 +16,7 @@ class ldap_pla extends ldap { + function __construct($index) { + parent::__construct($index); + +- $this->default->appearance['password_hash'] = array( ++ $this->default->appearance['password_hash_custom'] = array( + 'desc'=>'Default HASH to use for passwords', + 'default'=>'md5'); + +diff --git a/lib/functions.php b/lib/functions.php +index 56d8bf3..5ac3caf 100644 +--- a/lib/functions.php ++++ b/lib/functions.php +@@ -2127,7 +2127,7 @@ function password_types() { + * crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, sha512, or clear. + * @return string The hashed password. + */ +-function password_hash($password_clear,$enc_type) { ++function password_hash_custom($password_clear,$enc_type) { + if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS')) + debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs); + +@@ -2318,7 +2318,7 @@ function password_check($cryptedpassword,$plainpassword,$attribute='userpassword + + # SHA crypted passwords + case 'sha': +- if (strcasecmp(password_hash($plainpassword,'sha'),'{SHA}'.$cryptedpassword) == 0) ++ if (strcasecmp(password_hash_custom($plainpassword,'sha'),'{SHA}'.$cryptedpassword) == 0) + return true; + else + return false; +@@ -2327,7 +2327,7 @@ function password_check($cryptedpassword,$plainpassword,$attribute='userpassword + + # MD5 crypted passwords + case 'md5': +- if( strcasecmp(password_hash($plainpassword,'md5'),'{MD5}'.$cryptedpassword) == 0) ++ if( strcasecmp(password_hash_custom($plainpassword,'md5'),'{MD5}'.$cryptedpassword) == 0) + return true; + else + return false; +@@ -2392,7 +2392,7 @@ function password_check($cryptedpassword,$plainpassword,$attribute='userpassword + + # SHA512 crypted passwords + case 'sha512': +- if (strcasecmp(password_hash($plainpassword,'sha512'),'{SHA512}'.$cryptedpassword) == 0) ++ if (strcasecmp(password_hash_custom($plainpassword,'sha512'),'{SHA512}'.$cryptedpassword) == 0) + return true; + else + return false; +@@ -2564,13 +2564,24 @@ function dn_unescape($dn) { + if (is_array($dn)) { + $a = array(); + +- foreach ($dn as $key => $rdn) +- $a[$key] = preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$rdn); ++ foreach ($dn as $key => $rdn) { ++ $a[$key] = preg_replace_callback('/\\\([0-9A-Fa-f]{2})/', ++ function ($m) { ++ return ''.chr(hexdec('\\1')).''; ++ }, ++ $rdn ++ ); ++ } + + return $a; + + } else { +- return preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$dn); ++ return preg_replace_callback('/\\\([0-9A-Fa-f]{2})/', ++ function ($m) { ++ return ''.chr(hexdec('\\1')).''; ++ }, ++ $dn ++ ); + } + } + diff --git a/net-nds/phpldapadmin/files/postinstall2-en.txt b/net-nds/phpldapadmin/files/postinstall2-en.txt new file mode 100644 index 000000000000..005ead72e8d3 --- /dev/null +++ b/net-nds/phpldapadmin/files/postinstall2-en.txt @@ -0,0 +1,4 @@ +phpLDAPadmin is installed. You will need to +configure it by creating/editing the config file: + +${MY_INSTALLDIR}/config/config.php diff --git a/net-nds/phpldapadmin/metadata.xml b/net-nds/phpldapadmin/metadata.xml new file mode 100644 index 000000000000..45abd7cf939d --- /dev/null +++ b/net-nds/phpldapadmin/metadata.xml @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>web-apps</herd> + <maintainer> + <email>vostorga@gentoo.org</email> + <name>Víctor Ostorga</name> + </maintainer> + <maintainer> + <email>jmbsvicetto@gentoo.org</email> + <name>Jorge Manuel B. S. Vicetto</name> + </maintainer> + <longdescription> + phpLDAPadmin is a web-based tool for managing all aspects of your LDAP server. +</longdescription> + <upstream> + <remote-id type="sourceforge">phpldapadmin</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-nds/phpldapadmin/phpldapadmin-1.2.3-r1.ebuild b/net-nds/phpldapadmin/phpldapadmin-1.2.3-r1.ebuild new file mode 100644 index 000000000000..6ce53f6e34f0 --- /dev/null +++ b/net-nds/phpldapadmin/phpldapadmin-1.2.3-r1.ebuild @@ -0,0 +1,49 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit webapp depend.php + +DESCRIPTION="phpLDAPadmin is a web-based tool for managing all aspects of your LDAP server" +HOMEPAGE="http://phpldapadmin.sourceforge.net" +SRC_URI="mirror://sourceforge/${PN}/${P}.tgz" + +LICENSE="GPL-2" +KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~sparc ~x86" +IUSE="" + +RDEPEND="dev-lang/php[hash,ldap,session,xml,nls] + || ( <dev-lang/php-5.3[pcre] >=dev-lang/php-5.3 )" + +need_httpd_cgi +need_php_httpd + +src_prepare() { + mv config/config.php.example config/config.php + epatch "${FILESDIR}/${PN}-1.2.1.1-fix-magic-quotes.patch" + # http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin;a=commit;h=7dc8d57d6952fe681cb9e8818df7f103220457bd + + epatch "${FILESDIR}/${PN}-fix-php5.5-support.patch" + # http://sourceforge.net/u/nihilisticz/phpldapadmin/ci/7e53dab990748c546b79f0610c3a7a58431e9ebc/ + # This patch has been requested to be merged, but there's no recent activity by upstream +} + +src_install() { + webapp_src_preinst + + dodoc INSTALL + + # Restrict config file access - bug 280836 + chown root:apache "config/config.php" + chmod 640 "config/config.php" + + insinto "${MY_HTDOCSDIR}" + doins -r * + + webapp_configfile "${MY_HTDOCSDIR}/config/config.php" + webapp_postinst_txt en "${FILESDIR}"/postinstall2-en.txt + + webapp_src_install +} diff --git a/net-nds/phpldapadmin/phpldapadmin-1.2.3.ebuild b/net-nds/phpldapadmin/phpldapadmin-1.2.3.ebuild new file mode 100644 index 000000000000..15be856e0de1 --- /dev/null +++ b/net-nds/phpldapadmin/phpldapadmin-1.2.3.ebuild @@ -0,0 +1,45 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit webapp depend.php + +DESCRIPTION="phpLDAPadmin is a web-based tool for managing all aspects of your LDAP server" +HOMEPAGE="http://phpldapadmin.sourceforge.net" +SRC_URI="mirror://sourceforge/${PN}/${P}.tgz" + +LICENSE="GPL-2" +KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~sparc ~x86" +IUSE="" + +RDEPEND="dev-lang/php[hash,ldap,session,xml,nls] + || ( <dev-lang/php-5.3[pcre] >=dev-lang/php-5.3 )" + +need_httpd_cgi +need_php_httpd + +src_prepare() { + mv config/config.php.example config/config.php + epatch "${FILESDIR}/${PN}-1.2.1.1-fix-magic-quotes.patch" + # http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin;a=commit;h=7dc8d57d6952fe681cb9e8818df7f103220457bd +} + +src_install() { + webapp_src_preinst + + dodoc INSTALL + + # Restrict config file access - bug 280836 + chown root:apache "config/config.php" + chmod 640 "config/config.php" + + insinto "${MY_HTDOCSDIR}" + doins -r * + + webapp_configfile "${MY_HTDOCSDIR}/config/config.php" + webapp_postinst_txt en "${FILESDIR}"/postinstall2-en.txt + + webapp_src_install +} |