Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 13 May 2006 18:15:47 +0100 (BST)
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        security-team@FreeBSD.org
Subject:   ports/97212: [maintainer] net/phpldapadmin098 -- security update to 0.9.8.3
Message-ID:  <200605131715.k4DHFll1047437@happy-idiot-talk.infracaninophile.co.uk>
Resent-Message-ID: <200605131720.k4DHK9SS099017@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         97212
>Category:       ports
>Synopsis:       [maintainer] net/phpldapadmin098 -- security update to 0.9.8.3
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Sat May 13 17:20:09 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Matthew Seaman
>Release:        FreeBSD 4.11-STABLE i386
>Organization:
Infracaninophile
>Environment:
System: FreeBSD happy-idiot-talk.infracaninophile.co.uk 4.11-STABLE FreeBSD 4.11-STABLE #102: Sat Apr 1 16:45:01 BST 2006 root@happy-idiot-talk.infracaninophile.co.uk:/usr/obj/usr/src/sys/HAPPY-IDIOT-TALK i386


	
>Description:

i) Update to version 0.9.8.3 to fix some security holes:

    CVE-2006-2016
    http://secunia.com/advisories/19747/
    http://www.frsirt.com/english/advisories/2006/1450
    http://pridels.blogspot.com/2006/04/phpldapadmin-multiple-vuln.html

While I'm here:

ii) Add a little guidance on working with different PHP versions

iii) Add a little more guidance on configuring apache to work with
phpldapadmin.

iv) Trim the comment to less than regulation length

>How-To-Repeat:
	
>Fix:

	

--- phpldapadmin098.diff begins here ---
diff -Nur /usr/ports/net/phpldapadmin098/Makefile phpldapadmin098/Makefile
--- /usr/ports/net/phpldapadmin098/Makefile	Thu Apr  6 20:45:49 2006
+++ phpldapadmin098/Makefile	Sat May 13 17:55:42 2006
@@ -6,8 +6,7 @@
 #
 
 PORTNAME=	phpldapadmin098
-PORTVERSION=	0.9.8.2
-PORTREVISION=	1
+PORTVERSION=	0.9.8.3
 PORTEPOCH=	1
 CATEGORIES=	net www
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
@@ -15,7 +14,7 @@
 DISTNAME=	${PORTNAME:S/098//}-${PORTVERSION}
 
 MAINTAINER=	m.seaman@infracaninophile.co.uk
-COMMENT=	A set of PHP-scripts to administer LDAP servers over the web
+COMMENT=	A set of PHP-scripts to administer LDAP over the web
 
 NO_BUILD=	yes
 USE_PHP=	gettext ldap openssl pcre session
@@ -61,6 +60,10 @@
 	${ECHO_MSG} ""
 	${ECHO_MSG} "    WITH_SUPHP=yes   Install appropriately for use with"
 	${ECHO_MSG} "                     the www/suphp port [default: no]"
+	${ECHO_MSG} ""
+	${ECHO_MSG} "This port will operate with either PHP4 or PHP5.  If"
+	${ECHO_MSG} "you require PHP5 support, for best results, please"
+	${ECHO_MSG} "install lang/php5 before installing this port."
 	${ECHO_MSG} ""
 
 post-patch:
diff -Nur /usr/ports/net/phpldapadmin098/distinfo phpldapadmin098/distinfo
--- /usr/ports/net/phpldapadmin098/distinfo	Thu Apr  6 20:45:49 2006
+++ phpldapadmin098/distinfo	Sat May 13 17:43:53 2006
@@ -1,3 +1,3 @@
-MD5 (phpldapadmin-0.9.8.2.tar.gz) = a83b44d90b14983b01db53ec39053a15
-SHA256 (phpldapadmin-0.9.8.2.tar.gz) = 5fb8e53f481c5c5beb3572ef240ca7c0736766a4895fb931084e12aee47ae1d1
-SIZE (phpldapadmin-0.9.8.2.tar.gz) = 754341
+MD5 (phpldapadmin-0.9.8.3.tar.gz) = 1bb495a36cee3582dc0957880118d3ec
+SHA256 (phpldapadmin-0.9.8.3.tar.gz) = ce8575b9d63dbf5b3ce9cad1ed3a64775ce669d2d41c722db1e1f9267d926048
+SIZE (phpldapadmin-0.9.8.3.tar.gz) = 754593
diff -Nur /usr/ports/net/phpldapadmin098/files/pkg-message.in phpldapadmin098/files/pkg-message.in
--- /usr/ports/net/phpldapadmin098/files/pkg-message.in	Thu Apr  6 20:45:49 2006
+++ phpldapadmin098/files/pkg-message.in	Sat May 13 17:59:56 2006
@@ -5,15 +5,24 @@
 
 Please edit config.php to suit your needs.
 
-To make phpLDAPadmin available through your web site, 
-I suggest that you add the following to httpd.conf:
+To make phpLDAPadmin available through your web site, I suggest that
+you add something like the following to httpd.conf:
 
     Alias /phpldapadmin/ "%%PREFIX%%/%%PLADIR%%/htdocs"
 
+    <Directory "%%PREFIX%%/%%PLADIR%%/htdocs">
+        Options none
+        AllowOverride none
+
+        Order Deny, Allow
+        Deny from all
+        Allow from 127.0.0.1 .example.com
+    </Directory>
+
 Please note: if you are upgrading from version 0.9.7 or earlier, the
-layout of the %%PKGNAME%% files has been completely reworked. You
-will need to modify your apache configuration and merge the settings
-from your original configuration file:
+layout of the %%PKGNAME%% files has been completely reworked. You will
+need to modify your apache configuration and merge the settings from
+your original configuration file:
 
     %%PREFIX%%/%%PLADIRX%%/config.php
 
--- phpldapadmin098.diff ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200605131715.k4DHFll1047437>