From owner-freebsd-ports-bugs@FreeBSD.ORG Thu Oct 27 16:30:10 2011 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BAE44106564A for ; Thu, 27 Oct 2011 16:30:10 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 92EC18FC1E for ; Thu, 27 Oct 2011 16:30:10 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p9RGUAl1047954 for ; Thu, 27 Oct 2011 16:30:10 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p9RGUADq047952; Thu, 27 Oct 2011 16:30:10 GMT (envelope-from gnats) Resent-Date: Thu, 27 Oct 2011 16:30:10 GMT Resent-Message-Id: <201110271630.p9RGUADq047952@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Matthew Seaman Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 53CFE1065675 for ; Thu, 27 Oct 2011 16:24:30 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3fd3:cd67:fafa:3d78]) by mx1.freebsd.org (Postfix) with ESMTP id C98B08FC19 for ; Thu, 27 Oct 2011 16:24:29 +0000 (UTC) Received: from lucid-nonsense.infracaninophile.co.uk (localhost [IPv6:::1]) by smtp.infracaninophile.co.uk (8.14.5/8.14.5) with ESMTP id p9RGOQuJ003912 for ; Thu, 27 Oct 2011 17:24:26 +0100 (BST) (envelope-from matthew@lucid-nonsense.infracaninophile.co.uk) Received: (from matthew@localhost) by lucid-nonsense.infracaninophile.co.uk (8.14.5/8.14.5/Submit) id p9RGOQ5c003911; Thu, 27 Oct 2011 17:24:26 +0100 (BST) (envelope-from matthew) Message-Id: <201110271624.p9RGOQ5c003911@lucid-nonsense.infracaninophile.co.uk> Date: Thu, 27 Oct 2011 17:24:26 +0100 (BST) From: Matthew Seaman To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/162065: [maintainer] net/phpldapadmin -- update to 1.2.2 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Matthew Seaman List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Oct 2011 16:30:10 -0000 >Number: 162065 >Category: ports >Synopsis: [maintainer] net/phpldapadmin -- update to 1.2.2 >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Thu Oct 27 16:30:10 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Matthew Seaman >Release: FreeBSD 8.2-STABLE amd64 >Organization: Infracaninophile >Environment: System: FreeBSD lucid-nonsense.infracaninophile.co.uk 8.2-STABLE FreeBSD 8.2-STABLE #19: Sun Oct 23 08:30:58 BST 2011 root@lucid-nonsense.infracaninophile.co.uk:/usr/obj/usr/src/sys/LUCID-NONSENSE amd64 >Description: Upgrade to version 1.2.2 This release incorporates the security patch already applied as portversion 1.2.1.1_1,1, so while it's technically a security update people should already be secured against this vulnerability. Files Removed: files/patch-lib__functions.php Announce Message / ChangeLog: phpLDAPadmin 1.2.2 RELEASE NOTES ------------- This is a minor release update to fix some bugs that were discovered after the release of 1.2.1.1. There are some security fixes in this release - I suggest you upgrade your version of PLA to avoid any exploits. If you find any bugs, please log them on the Sourceforge Bug Tracker. Enjoy ! CHANGES SINCE 1.2.1.1 --------------------- dece0f4 Release 1.2.2 d58f011 Language Translation merge from launchpad 696c266 Additional fix for SF Feature #3387473 2d018aa SF Feature #3387473 - Support for schema discovery using OpenLDAP's cn=config DN cddf783 Add an alert when RFC3866 tags are being used 1e1fcab SF Bug #3398344 - Import LDIF overwrites entries d8ab7fc SF Patch #3391547 - Option for minmal mode 56830f1 SF Patch #3391389 - Option to initially open the tree 6c8b623 SF Patch #3391371 - Fix for schema link deactivation 7fc4f0c SF Patch #3391039 - Remove eval commands from PHP code 059b83b SF Bug #3391046 - Loading entries with many attributes is very slow 4089ffa SF Bug #3392644 - Cannot authenticate if password starts or ends with spaces c57a927 Disable supplied modifiction templates, it confused too many people d5744b0 SF Bug #3370546 - AjaxEnabled create and delete entry fails on IE9 76e6dad SF Bug #3417184 - PHP Code Injection Vulnerability 5d4245f SF Bug #3395004 - config.php.example refers to lang/en.php 80d027d SF Bug #3373466 - Unable to define force_may attributes 64668e8 Remove XSS vulnerabilty in debug code caeba72 SF Bug #3355722 - Issue in MultiList attribute type 0782730 SF Bug #3355732 - Cosmetic issue in functions.php -> get_icon() 446faf7 FIX SASL configuration example afa4a95 Fix SASL implementation - enabled GSSAPI 5987194 SF Bug #3304785 - posixGroup creation template uses cn instead of uid ddb5ed0 Enabled hiding base DNs that users dont have access to 7649b9b SF Feature #3298820 - Only custom templates ...deon >How-To-Repeat: >Fix: --- phpldapadmin.diff begins here --- Index: Makefile =================================================================== RCS file: /home/ncvs/ports/net/phpldapadmin/Makefile,v retrieving revision 1.43 diff -u -u -r1.43 Makefile --- Makefile 24 Oct 2011 15:22:08 -0000 1.43 +++ Makefile 27 Oct 2011 16:14:40 -0000 @@ -6,8 +6,7 @@ # PORTNAME= phpldapadmin -PORTVERSION= 1.2.1.1 -PORTREVISION= 1 +PORTVERSION= 1.2.2 PORTEPOCH= 1 CATEGORIES= net www MASTER_SITES= SF/${PORTNAME}/${PORTNAME}-php5/${PORTVERSION} Index: distinfo =================================================================== RCS file: /home/ncvs/ports/net/phpldapadmin/distinfo,v retrieving revision 1.25 diff -u -u -r1.25 distinfo --- distinfo 24 Jul 2011 15:33:46 -0000 1.25 +++ distinfo 27 Oct 2011 16:14:40 -0000 @@ -1,2 +1,2 @@ -SHA256 (phpldapadmin-1.2.1.1.tgz) = 1fa6373c500a193a8868cb6a753f3b5218a92374b792994129c0c1b69d4d1090 -SIZE (phpldapadmin-1.2.1.1.tgz) = 1468961 +SHA256 (phpldapadmin-1.2.2.tgz) = 8629ea3f14630d4dd74099c997ac9795240a6417d5d124517ba5860c12d8a239 +SIZE (phpldapadmin-1.2.2.tgz) = 1415565 Index: files/patch-lib__functions.php =================================================================== RCS file: files/patch-lib__functions.php diff -N files/patch-lib__functions.php --- files/patch-lib__functions.php 24 Oct 2011 13:10:35 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,14 +0,0 @@ ---- ./lib/functions.php.orig 2011-05-11 05:40:18.000000000 -0400 -+++ ./lib/functions.php 2011-10-24 09:00:11.000000000 -0400 -@@ -1003,8 +1003,9 @@ - if (defined('DEBUG_ENABLED') && DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS')) - debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs); - -- # if the array to sort is null or empty -- if (! $data) return; -+ # if the array to sort is null or empty, or if we have some nasty chars -+ if (! preg_match('/^[a-zA-Z0-9_]+(\([a-zA-Z0-9_,]*\))?$/',$sortby) || ! $data) -+ return; - - static $CACHE = array(); - --- phpldapadmin.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted: