diff options
| author | TBK <tbk@jjtc.eu> | 2019-05-31 15:58:42 +0200 |
|---|---|---|
| committer | Kevin Daudt <kdaudt@alpinelinux.org> | 2019-06-02 21:11:00 +0000 |
| commit | f711231ca669f59173800dc3cad4f84fabe7d50c (patch) | |
| tree | 96a86fc1200b079907adde313be136ff810cdee0 | |
| parent | 9f41f37ae319d064e9496729d9edfe73c6db2814 (diff) | |
| download | aports-f711231ca669f59173800dc3cad4f84fabe7d50c.tar.bz2 aports-f711231ca669f59173800dc3cad4f84fabe7d50c.tar.xz | |
community/phpldapadmin: upgrade to 1.2.4
Closes GH-8326
8 files changed, 10 insertions, 253 deletions
diff --git a/community/phpldapadmin/APKBUILD b/community/phpldapadmin/APKBUILD index a1291f6b65..3a96eaba39 100644 --- a/community/phpldapadmin/APKBUILD +++ b/community/phpldapadmin/APKBUILD @@ -1,12 +1,13 @@ # Maintainer: Leonardo Arena <rnalrd@alpinelinux.org> _php=php7 pkgname=phpldapadmin -pkgver=1.2.3 -pkgrel=5 +pkgver=1.2.4 +pkgrel=0 pkgdesc="Web front-end for managing OpenLDAP" url="http://phpldapadmin.sourceforge.net" arch="noarch" -license="GPL-2.0" +license="GPL-2.0-or-later" +options="!check" # no test suite depends="${_php} ${_php}-ldap ${_php}-gettext ${_php}-mbstring @@ -15,41 +16,23 @@ depends="${_php} ${_php}-ldap ${_php}-session ${_php}-xml " -source="https://downloads.sourceforge.net/project/$pkgname/$pkgname-php5/$pkgver/$pkgname-$pkgver.tgz +source="$pkgname-$pkgver.tar.gz::https://github.com/leenooks/phpLDAPadmin/archive/$pkgver.tar.gz $pkgname.additional-template - phpldapadmin-1.2.3-force-ssha512.patch - phpldapadmin-1.2.3_changed-password_hash-to-pla_password_hash.patch - phpldapadmin-1.2.3_fixed-call-to-renamed-function-pla_password_hash.patch - phpldapadmin-1.2.3_changed-preg_replace-to-preg_replace-callback.patch - phpldapadmin-1.2.3_use-preg_replace_callback.patch - CVE-2017-11107.patch - php72-db8a98c7a5ae6352018e2a2673e3d24df03f3e48.patch " -options="!check" # no test suite +builddir="$srcdir"/phpLDAPadmin-$pkgver # secfixes: # 1.2.3-r4: # - CVE-2017-11107 - -builddir="$srcdir"/$pkgname-$pkgver - package() { - cd "$builddir" mkdir -p "$pkgdir"/usr/share/webapps/phpldapadmin mkdir -p "$pkgdir"/etc - mv * "$pkgdir"/usr/share/webapps/phpldapadmin + mv ./* "$pkgdir"/usr/share/webapps/phpldapadmin mv "$pkgdir"/usr/share/webapps/phpldapadmin/config "$pkgdir"/etc/phpldapadmin ln -s /etc/phpldapadmin "$pkgdir"/usr/share/webapps/phpldapadmin/config install -Dm644 ../$pkgname.additional-template \ - "$pkgdir"/usr/share/webapps/phpldapadmin/templates/creation/groupOfNames.xml + "$pkgdir"/usr/share/webapps/phpldapadmin/templates/creation/groupOfNames.xml } -sha512sums="58a57ca577586685ebd0d7fde7e299b8945d1693018c7803e19239b79f4b9d72a4d207d53c9f284268e32398108038efafcdb434e634619bfe87db3524d267b6 phpldapadmin-1.2.3.tgz -913cc89bfba3a24064865f091a3bcc6ec88db0824d750e8b3b1f6497b5ac1a1e158ced895f1f85f93607402e9353798b3dd4ccdbb1454713f96937c884456eb7 phpldapadmin.additional-template -aecbf3699af4ae39426c6c81edd45a738cdd91f9cfc1e8062ade4b6fa11e7530a8d8b4c2730cd648749b87381dbcca1bbe8681b8e45ec7af50b6b74137f89331 phpldapadmin-1.2.3-force-ssha512.patch -71a0bc987e526401c72b77b36843868099040654c3435e9c2f5b266a49a27b75b007fd949e9981bcd4b9a678f0edd74e988e66647984c882c57fe8dc99a26849 phpldapadmin-1.2.3_changed-password_hash-to-pla_password_hash.patch -d238e27ed89e400f467ab8282a67920cd1e72e5f52709d086f6b31708960dc65acafc0fe683887ceff0b78b3aa9631e91e2c57f722d9f7e0f057e0f872ae73a2 phpldapadmin-1.2.3_fixed-call-to-renamed-function-pla_password_hash.patch -0524112c7a3c591eaf4b3e64de26282a786a2c0fa73f1047084f14c4f9093cf31e1b9a36b7b1736d6c6ae89f9940916d42cbbab7081249abf1a963de588aac63 phpldapadmin-1.2.3_changed-preg_replace-to-preg_replace-callback.patch -57e1d8d861f84f0934a2275d7ba37621c2c19c71bf2c04db918ccbc6df36eaca60986db2ba6b543356ad55eab8d7850267db1d30677d77c96238821c29b99ac9 phpldapadmin-1.2.3_use-preg_replace_callback.patch -647e8924a302666ebae3090bcf61f82e3a82d19c232beabaf3faae43d0c434b12fb83a3d862fe6ce6a27b2b750c67974ac22e583d4897734f39e26733bdd2580 CVE-2017-11107.patch -70662456026eabe8043b16798a6233b889a079de18ca52d541b20c672fd4af2b5893e36523afefdefce4d1e50f0ed21a7367aee98fd8ea15788a1b52b511f025 php72-db8a98c7a5ae6352018e2a2673e3d24df03f3e48.patch" +sha512sums="68e70bef054d7c270958bfb0403e3de1af16092507eb8095e63062c774002031d4569751449551df264f3bc0d6d4062ff38d6f414ccd4002279e2f5e00b25c14 phpldapadmin-1.2.4.tar.gz +913cc89bfba3a24064865f091a3bcc6ec88db0824d750e8b3b1f6497b5ac1a1e158ced895f1f85f93607402e9353798b3dd4ccdbb1454713f96937c884456eb7 phpldapadmin.additional-template" diff --git a/community/phpldapadmin/CVE-2017-11107.patch b/community/phpldapadmin/CVE-2017-11107.patch deleted file mode 100644 index f161d0e46a..0000000000 --- a/community/phpldapadmin/CVE-2017-11107.patch +++ /dev/null @@ -1,31 +0,0 @@ -Description: Fix multiple Cross-Site Scripting vulnerabilities in file htdocs/entry_chooser.php. -Author: Ismail Belkacim <xd4rker@gmail.com> -Bug-Ubuntu: https://bugs.launchpad.net/bugs/1701731 ---- -This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ -Index: phpldapadmin-1.2.2/htdocs/entry_chooser.php -=================================================================== ---- phpldapadmin-1.2.2.orig/htdocs/entry_chooser.php -+++ phpldapadmin-1.2.2/htdocs/entry_chooser.php -@@ -15,9 +15,9 @@ $www['page'] = new page(); - - $request = array(); - $request['container'] = get_request('container','GET'); --$request['form'] = get_request('form','GET'); --$request['element'] = get_request('element','GET'); --$request['rdn'] = get_request('rdn','GET'); -+$request['form'] = htmlspecialchars(addslashes(get_request('form','GET'))); -+$request['element'] = htmlspecialchars(addslashes(get_request('element','GET'))); -+$request['rdn'] = htmlspecialchars(addslashes(get_request('rdn','GET'))); - - echo '<div class="popup">'; - printf('<h3 class="subtitle">%s</h3>',_('Entry Chooser')); -@@ -33,7 +33,7 @@ echo '</script>'; - echo '<table class="forminput" width="100%" border="0">'; - if ($request['container']) { - printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Server'),$app['server']->getName()); -- printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Looking in'),$request['container']); -+ printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Looking in'),htmlspecialchars($request['container'])); - echo '<tr><td class="blank" colspan="4"> </td></tr>'; - } - diff --git a/community/phpldapadmin/php72-db8a98c7a5ae6352018e2a2673e3d24df03f3e48.patch b/community/phpldapadmin/php72-db8a98c7a5ae6352018e2a2673e3d24df03f3e48.patch deleted file mode 100644 index d1bbf2f844..0000000000 --- a/community/phpldapadmin/php72-db8a98c7a5ae6352018e2a2673e3d24df03f3e48.patch +++ /dev/null @@ -1,40 +0,0 @@ -diff --git a/lib/functions.php.orig b/lib/functions.php -index 528c7cc..2ab9999 100644 ---- a/lib/functions.php.orig -+++ b/lib/functions.php -@@ -51,7 +51,7 @@ if (file_exists(LIBDIR.'functions.custom.php')) - /** - * Loads class definition - */ --function __autoload($className) { -+spl_autoload_register(function($className) { - if (file_exists(HOOKSDIR."classes/$className.php")) - require_once(HOOKSDIR."classes/$className.php"); - elseif (file_exists(LIBDIR."$className.php")) -@@ -64,7 +64,7 @@ function __autoload($className) { - 'body'=>sprintf('%s: %s [%s]', - __METHOD__,_('Called to load a class that cant be found'),$className), - 'type'=>'error')); --} -+}); - - /** - * Strips all slashes from the specified array in place (pass by ref). -@@ -1029,7 +1029,7 @@ function masort(&$data,$sortby,$rev=0) { - $code .= " } else\n"; - $code .= " \$bb = \$b->$key;\n"; - -- $code .= " if (\$aa != \$bb)"; -+ $code .= " if (\$aa != \$bb)\n"; - if ($rev) - $code .= " return (\$aa < \$bb ? 1 : -1);\n"; - else -@@ -1080,7 +1080,7 @@ function masort(&$data,$sortby,$rev=0) { - - $code .= 'return $c;'; - -- $CACHE[$sortby] = create_function('$a, $b',$code); -+ $CACHE[$sortby] = function($a, $b) { global $code; eval($code); }; - } - - uasort($data,$CACHE[$sortby]); diff --git a/community/phpldapadmin/phpldapadmin-1.2.3-force-ssha512.patch b/community/phpldapadmin/phpldapadmin-1.2.3-force-ssha512.patch deleted file mode 100644 index c69096e7fc..0000000000 --- a/community/phpldapadmin/phpldapadmin-1.2.3-force-ssha512.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/lib/functions.php -+++ b/lib/functions.php -@@ -2147,7 +2147,7 @@ - if ($_SESSION[APPCONFIG]->getValue('password', 'no_random_crypt_salt')) - $new_value = sprintf('{CRYPT}%s',crypt($password_clear,substr($password_clear,0,2))); - else -- $new_value = sprintf('{CRYPT}%s',crypt($password_clear,random_salt(2))); -+ $new_value = sprintf('{CRYPT}%s',crypt($password_clear,'$6$'.random_salt(2))); - - break; - diff --git a/community/phpldapadmin/phpldapadmin-1.2.3_changed-password_hash-to-pla_password_hash.patch b/community/phpldapadmin/phpldapadmin-1.2.3_changed-password_hash-to-pla_password_hash.patch deleted file mode 100644 index 1408c13184..0000000000 --- a/community/phpldapadmin/phpldapadmin-1.2.3_changed-password_hash-to-pla_password_hash.patch +++ /dev/null @@ -1,49 +0,0 @@ -From e673df3ba8d690afbbba28f9ec368e475933efe8 Mon Sep 17 00:00:00 2001 -From: Mohamad Elrashidin Bin Sajeli <archayl@gmail.com> -Date: Thu, 8 May 2014 20:22:30 +0800 -Subject: [PATCH] Changed password_hash to pla_password_hash - ---- - lib/functions.php | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/lib/functions.php b/lib/functions.php -index 56d8bf3..ad9ee9f 100644 ---- a/lib/functions.php -+++ b/lib/functions.php -@@ -2127,7 +2127,7 @@ function password_types() { - * crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, sha512, or clear. - * @return string The hashed password. - */ --function password_hash($password_clear,$enc_type) { -+function pla_password_hash($password_clear,$enc_type) { - if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS')) - debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs); - -@@ -2318,7 +2318,7 @@ function password_check($cryptedpassword,$plainpassword,$attribute='userpassword - - # SHA crypted passwords - case 'sha': -- if (strcasecmp(password_hash($plainpassword,'sha'),'{SHA}'.$cryptedpassword) == 0) -+ if (strcasecmp(pla_password_hash($plainpassword,'sha'),'{SHA}'.$cryptedpassword) == 0) - return true; - else - return false; -@@ -2327,7 +2327,7 @@ function password_check($cryptedpassword,$plainpassword,$attribute='userpassword - - # MD5 crypted passwords - case 'md5': -- if( strcasecmp(password_hash($plainpassword,'md5'),'{MD5}'.$cryptedpassword) == 0) -+ if( strcasecmp(pla_password_hash($plainpassword,'md5'),'{MD5}'.$cryptedpassword) == 0) - return true; - else - return false; -@@ -2392,7 +2392,7 @@ function password_check($cryptedpassword,$plainpassword,$attribute='userpassword - - # SHA512 crypted passwords - case 'sha512': -- if (strcasecmp(password_hash($plainpassword,'sha512'),'{SHA512}'.$cryptedpassword) == 0) -+ if (strcasecmp(pla_password_hash($plainpassword,'sha512'),'{SHA512}'.$cryptedpassword) == 0) - return true; - else - return false; diff --git a/community/phpldapadmin/phpldapadmin-1.2.3_changed-preg_replace-to-preg_replace-callback.patch b/community/phpldapadmin/phpldapadmin-1.2.3_changed-preg_replace-to-preg_replace-callback.patch deleted file mode 100644 index d2fa12a477..0000000000 --- a/community/phpldapadmin/phpldapadmin-1.2.3_changed-preg_replace-to-preg_replace-callback.patch +++ /dev/null @@ -1,38 +0,0 @@ -From b082cf1742b2310d69b2f278f33f6025e2544acb Mon Sep 17 00:00:00 2001 -From: Mohamad Elrashidin Bin Sajeli <archayl@gmail.com> -Date: Thu, 8 May 2014 20:40:57 +0800 -Subject: [PATCH] Changed preg_replace to preg_replace callback - ---- - lib/functions.php | 14 ++++++++++++-- - 1 file changed, 12 insertions(+), 2 deletions(-) - -diff --git a/lib/functions.php b/lib/functions.php -index ad9ee9f..d31e0c1 100644 ---- a/lib/functions.php -+++ b/lib/functions.php -@@ -2565,12 +2565,22 @@ function dn_unescape($dn) { - $a = array(); - - foreach ($dn as $key => $rdn) -- $a[$key] = preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$rdn); -+ $a[$key] = preg_replace_callback('/\\\([0-9A-Fa-f]{2})/', -+ function ($r) { -+ return "''.chr(hexdec('$r[1]')).''"; -+ }, -+ $rdn -+ ); - - return $a; - - } else { -- return preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$dn); -+ return preg_replace_callback('/\\\([0-9A-Fa-f]{2})/', -+ function ($r) { -+ return "''.chr(hexdec('$r[1]')).''"; -+ }, -+ $dn -+ ); - } - } - diff --git a/community/phpldapadmin/phpldapadmin-1.2.3_fixed-call-to-renamed-function-pla_password_hash.patch b/community/phpldapadmin/phpldapadmin-1.2.3_fixed-call-to-renamed-function-pla_password_hash.patch deleted file mode 100644 index af9e73b481..0000000000 --- a/community/phpldapadmin/phpldapadmin-1.2.3_fixed-call-to-renamed-function-pla_password_hash.patch +++ /dev/null @@ -1,23 +0,0 @@ -From c736ecd8c26b360e4764fbd3a472e2fa4b1b3db6 Mon Sep 17 00:00:00 2001 -From: Ivo van der Meer <ivo@crewtty.ath.cx> -Date: Wed, 4 Jun 2014 10:48:06 +0200 -Subject: [PATCH] Bugfix: fixed call to renamed function pla_password_hash. - ---- - lib/PageRender.php | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/PageRender.php b/lib/PageRender.php -index 7d86a54..6cc571e 100644 ---- a/lib/PageRender.php -+++ b/lib/PageRender.php -@@ -287,7 +287,7 @@ protected function getPostAttribute($attribute,$i) { - break; - - default: -- $vals[$i] = password_hash($passwordvalue,$enc); -+ $vals[$i] = pla_password_hash($passwordvalue,$enc); - } - - $vals = array_unique($vals); - diff --git a/community/phpldapadmin/phpldapadmin-1.2.3_use-preg_replace_callback.patch b/community/phpldapadmin/phpldapadmin-1.2.3_use-preg_replace_callback.patch deleted file mode 100644 index 60c086d197..0000000000 --- a/community/phpldapadmin/phpldapadmin-1.2.3_use-preg_replace_callback.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 5a7edc892f1b3cccab74ed150f9d6843912a39ee Mon Sep 17 00:00:00 2001 -From: Ben Chavet <ben@chavet.net> -Date: Thu, 29 May 2014 18:57:44 +0000 -Subject: [PATCH] Use preg_replace_callback instead of /e in preg_replace to - fix E_DEPRECATED warnings - ---- - lib/ds_ldap.php | 11 ++++++----- - 1 file changed, 6 insertions(+), 5 deletions(-) - -diff --git a/lib/ds_ldap.php b/lib/ds_ldap.php -index c346660..8bc1ef8 100644 ---- a/lib/ds_ldap.php -+++ b/lib/ds_ldap.php -@@ -1116,13 +1116,14 @@ private function unescapeDN($dn) { - - if (is_array($dn)) { - $a = array(); -- foreach ($dn as $key => $rdn) -- $a[$key] = preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$rdn); -- -+ foreach ($dn as $key => $rdn) { -+ $a[$key] = preg_replace_callback('/\\\([0-9A-Fa-f]{2})/', function($m) { return "''.chr(hexdec('${m[1]}')).''"; }, $rdn); -+ } - return $a; - -- } else -- return preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$dn); -+ } else { -+ return preg_replace_callback('/\\\([0-9A-Fa-f]{2})/', function($m) { return "''.chr(hexdec('${m[1]}')).''"; }, $dn); -+ } - } - - public function getRootDSE($method=null) { |