ports/97211: [maintainer] net/phpldapadmin -- security update to 1.0.1
Matthew Seaman
m.seaman at infracaninophile.co.uk
Sat May 13 17:20:12 UTC 2006
>Number: 97211
>Category: ports
>Synopsis: [maintainer] net/phpldapadmin -- security update to 1.0.1
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Sat May 13 17:20:08 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Matthew Seaman
>Release: FreeBSD 4.11-STABLE i386
>Organization:
Infracaninophile
>Environment:
System: FreeBSD happy-idiot-talk.infracaninophile.co.uk 4.11-STABLE FreeBSD 4.11-STABLE #102: Sat Apr 1 16:45:01 BST 2006 root at happy-idiot-talk.infracaninophile.co.uk:/usr/obj/usr/src/sys/HAPPY-IDIOT-TALK i386
>Description:
i) Update to version 1.0.1 to fix some security holes:
CVE-2006-2016
http://secunia.com/advisories/19747/
http://www.frsirt.com/english/advisories/2006/1450
http://pridels.blogspot.com/2006/04/phpldapadmin-multiple-vuln.html
While I'm here:
ii) Add a little guidance on working with different PHP versions
iii) Add a little more guidance on configuring apache to work with
phpldapadmin.
iv) Trim the comment to less than regulation length
>How-To-Repeat:
>Fix:
--- phpldapadmin.diff begins here ---
diff -Nur /usr/ports/net/phpldapadmin/Makefile phpldapadmin/Makefile
--- /usr/ports/net/phpldapadmin/Makefile Thu Mar 23 08:11:43 2006
+++ phpldapadmin/Makefile Sat May 13 17:55:46 2006
@@ -6,7 +6,7 @@
#
PORTNAME= phpldapadmin
-PORTVERSION= 1.0.0
+PORTVERSION= 1.0.1
PORTEPOCH= 1
CATEGORIES= net www
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
@@ -14,7 +14,7 @@
DISTNAME= ${PORTNAME}-${PORTVERSION}
MAINTAINER= m.seaman at infracaninophile.co.uk
-COMMENT= A set of PHP-scripts to administer LDAP servers over the web
+COMMENT= A set of PHP-scripts to administer LDAP over the web
NO_BUILD= yes
USE_PHP= gettext ldap openssl pcre session xml
@@ -60,6 +60,9 @@
${ECHO_MSG} ""
${ECHO_MSG} " WITH_SUPHP=yes Install appropriately for use with"
${ECHO_MSG} " the www/suphp port [default: no]"
+ ${ECHO_MSG} ""
+ ${ECHO_MSG} "This port is PHP5 specific. If you need PHP4 support,"
+ ${ECHO_MSG} "please use the net/phpldapadmin098 port instead."
${ECHO_MSG} ""
post-patch:
diff -Nur /usr/ports/net/phpldapadmin/distinfo phpldapadmin/distinfo
--- /usr/ports/net/phpldapadmin/distinfo Thu Mar 23 08:11:43 2006
+++ phpldapadmin/distinfo Sat May 13 17:43:01 2006
@@ -1,3 +1,3 @@
-MD5 (phpldapadmin-1.0.0.tar.gz) = 02ba55f091110dd0c55bdc8ac3e5d436
-SHA256 (phpldapadmin-1.0.0.tar.gz) = 49faf4167217a6c818f15aa7c1b0516266bd33c7c9ae97a3bc0e78626b6c5415
-SIZE (phpldapadmin-1.0.0.tar.gz) = 754595
+MD5 (phpldapadmin-1.0.1.tar.gz) = 1cfb80099229dd27090634a4781990b5
+SHA256 (phpldapadmin-1.0.1.tar.gz) = 56d32c294483e27425f1c86462449ba538b133fa842a33d726e22c80d09006ae
+SIZE (phpldapadmin-1.0.1.tar.gz) = 755815
diff -Nur /usr/ports/net/phpldapadmin/files/pkg-message.in phpldapadmin/files/pkg-message.in
--- /usr/ports/net/phpldapadmin/files/pkg-message.in Sun Dec 11 23:51:12 2005
+++ phpldapadmin/files/pkg-message.in Sat May 13 17:59:59 2006
@@ -5,15 +5,24 @@
Please edit config.php to suit your needs.
-To make phpLDAPadmin available through your web site,
-I suggest that you add the following to httpd.conf:
+To make phpLDAPadmin available through your web site, I suggest that
+you add something like following to httpd.conf:
Alias /phpldapadmin/ "%%PREFIX%%/%%PLADIR%%/htdocs"
+ <Directory "%%PREFIX%%/%%PLADIR%%/htdocs">
+ Options none
+ AllowOverride none
+
+ Order Deny, Allow
+ Deny from all
+ Allow from 127.0.0.1 .example.com
+ </Directory>
+
Please note: if you are upgrading from version 0.9.7 or earlier, the
-layout of the %%PKGNAME%% files has been completely reworked. You
-will need to modify your apache configuration and merge the settings
-from your original configuration file:
+layout of the %%PKGNAME%% files has been completely reworked. You will
+need to modify your apache configuration and merge the settings from
+your original configuration file:
%%PREFIX%%/%%PLADIR%%/config.php
--- phpldapadmin.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list