Date: Sat, 13 May 2006 18:15:47 +0100 (BST) From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: FreeBSD-gnats-submit@FreeBSD.org Cc: security-team@FreeBSD.org Subject: ports/97212: [maintainer] net/phpldapadmin098 -- security update to 0.9.8.3 Message-ID: <200605131715.k4DHFll1047437@happy-idiot-talk.infracaninophile.co.uk> Resent-Message-ID: <200605131720.k4DHK9SS099017@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 97212 >Category: ports >Synopsis: [maintainer] net/phpldapadmin098 -- security update to 0.9.8.3 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Sat May 13 17:20:09 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Matthew Seaman >Release: FreeBSD 4.11-STABLE i386 >Organization: Infracaninophile >Environment: System: FreeBSD happy-idiot-talk.infracaninophile.co.uk 4.11-STABLE FreeBSD 4.11-STABLE #102: Sat Apr 1 16:45:01 BST 2006 root@happy-idiot-talk.infracaninophile.co.uk:/usr/obj/usr/src/sys/HAPPY-IDIOT-TALK i386 >Description: i) Update to version 0.9.8.3 to fix some security holes: CVE-2006-2016 http://secunia.com/advisories/19747/ http://www.frsirt.com/english/advisories/2006/1450 http://pridels.blogspot.com/2006/04/phpldapadmin-multiple-vuln.html While I'm here: ii) Add a little guidance on working with different PHP versions iii) Add a little more guidance on configuring apache to work with phpldapadmin. iv) Trim the comment to less than regulation length >How-To-Repeat: >Fix: --- phpldapadmin098.diff begins here --- diff -Nur /usr/ports/net/phpldapadmin098/Makefile phpldapadmin098/Makefile --- /usr/ports/net/phpldapadmin098/Makefile Thu Apr 6 20:45:49 2006 +++ phpldapadmin098/Makefile Sat May 13 17:55:42 2006 @@ -6,8 +6,7 @@ # PORTNAME= phpldapadmin098 -PORTVERSION= 0.9.8.2 -PORTREVISION= 1 +PORTVERSION= 0.9.8.3 PORTEPOCH= 1 CATEGORIES= net www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} @@ -15,7 +14,7 @@ DISTNAME= ${PORTNAME:S/098//}-${PORTVERSION} MAINTAINER= m.seaman@infracaninophile.co.uk -COMMENT= A set of PHP-scripts to administer LDAP servers over the web +COMMENT= A set of PHP-scripts to administer LDAP over the web NO_BUILD= yes USE_PHP= gettext ldap openssl pcre session @@ -61,6 +60,10 @@ ${ECHO_MSG} "" ${ECHO_MSG} " WITH_SUPHP=yes Install appropriately for use with" ${ECHO_MSG} " the www/suphp port [default: no]" + ${ECHO_MSG} "" + ${ECHO_MSG} "This port will operate with either PHP4 or PHP5. If" + ${ECHO_MSG} "you require PHP5 support, for best results, please" + ${ECHO_MSG} "install lang/php5 before installing this port." ${ECHO_MSG} "" post-patch: diff -Nur /usr/ports/net/phpldapadmin098/distinfo phpldapadmin098/distinfo --- /usr/ports/net/phpldapadmin098/distinfo Thu Apr 6 20:45:49 2006 +++ phpldapadmin098/distinfo Sat May 13 17:43:53 2006 @@ -1,3 +1,3 @@ -MD5 (phpldapadmin-0.9.8.2.tar.gz) = a83b44d90b14983b01db53ec39053a15 -SHA256 (phpldapadmin-0.9.8.2.tar.gz) = 5fb8e53f481c5c5beb3572ef240ca7c0736766a4895fb931084e12aee47ae1d1 -SIZE (phpldapadmin-0.9.8.2.tar.gz) = 754341 +MD5 (phpldapadmin-0.9.8.3.tar.gz) = 1bb495a36cee3582dc0957880118d3ec +SHA256 (phpldapadmin-0.9.8.3.tar.gz) = ce8575b9d63dbf5b3ce9cad1ed3a64775ce669d2d41c722db1e1f9267d926048 +SIZE (phpldapadmin-0.9.8.3.tar.gz) = 754593 diff -Nur /usr/ports/net/phpldapadmin098/files/pkg-message.in phpldapadmin098/files/pkg-message.in --- /usr/ports/net/phpldapadmin098/files/pkg-message.in Thu Apr 6 20:45:49 2006 +++ phpldapadmin098/files/pkg-message.in Sat May 13 17:59:56 2006 @@ -5,15 +5,24 @@ Please edit config.php to suit your needs. -To make phpLDAPadmin available through your web site, -I suggest that you add the following to httpd.conf: +To make phpLDAPadmin available through your web site, I suggest that +you add something like the following to httpd.conf: Alias /phpldapadmin/ "%%PREFIX%%/%%PLADIR%%/htdocs" + <Directory "%%PREFIX%%/%%PLADIR%%/htdocs"> + Options none + AllowOverride none + + Order Deny, Allow + Deny from all + Allow from 127.0.0.1 .example.com + </Directory> + Please note: if you are upgrading from version 0.9.7 or earlier, the -layout of the %%PKGNAME%% files has been completely reworked. You -will need to modify your apache configuration and merge the settings -from your original configuration file: +layout of the %%PKGNAME%% files has been completely reworked. You will +need to modify your apache configuration and merge the settings from +your original configuration file: %%PREFIX%%/%%PLADIRX%%/config.php --- phpldapadmin098.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200605131715.k4DHFll1047437>