From m.seaman@infracaninophile.co.uk  Sat May 13 17:15:41 2006
Return-Path: <m.seaman@infracaninophile.co.uk>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 459EE16A738;
	Sat, 13 May 2006 17:15:41 +0000 (UTC)
	(envelope-from m.seaman@infracaninophile.co.uk)
Received: from smtp.infracaninophile.co.uk (ns0.infracaninophile.co.uk [81.187.76.162])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7B1AE43D46;
	Sat, 13 May 2006 17:15:40 +0000 (GMT)
	(envelope-from m.seaman@infracaninophile.co.uk)
Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1])
	by smtp.infracaninophile.co.uk (8.13.6/8.13.6) with ESMTP id k4DHFTY1047385
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Sat, 13 May 2006 18:15:29 +0100 (BST)
	(envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk)
Received: (from matthew@localhost)
	by happy-idiot-talk.infracaninophile.co.uk (8.13.6/8.13.6/Submit) id k4DHFT1m047384;
	Sat, 13 May 2006 18:15:29 +0100 (BST)
	(envelope-from matthew)
Message-Id: <200605131715.k4DHFT1m047384@happy-idiot-talk.infracaninophile.co.uk>
Date: Sat, 13 May 2006 18:15:29 +0100 (BST)
From: Matthew Seaman <m.seaman@infracaninophile.co.uk>
Reply-To: Matthew Seaman <m.seaman@infracaninophile.co.uk>
To: FreeBSD-gnats-submit@freebsd.org
Cc: security-team@freebsd.org
Subject: [maintainer] net/phpldapadmin -- security update to 1.0.1
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         97211
>Category:       ports
>Synopsis:       [maintainer] net/phpldapadmin -- security update to 1.0.1
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Sat May 13 17:20:08 GMT 2006
>Closed-Date:    Sun May 14 03:55:52 GMT 2006
>Last-Modified:  Sun May 14 03:55:52 GMT 2006
>Originator:     Matthew Seaman
>Release:        FreeBSD 4.11-STABLE i386
>Organization:
Infracaninophile
>Environment:
System: FreeBSD happy-idiot-talk.infracaninophile.co.uk 4.11-STABLE FreeBSD 4.11-STABLE #102: Sat Apr 1 16:45:01 BST 2006 root@happy-idiot-talk.infracaninophile.co.uk:/usr/obj/usr/src/sys/HAPPY-IDIOT-TALK i386


	
>Description:

i) Update to version 1.0.1 to fix some security holes:

    CVE-2006-2016
    http://secunia.com/advisories/19747/
    http://www.frsirt.com/english/advisories/2006/1450
    http://pridels.blogspot.com/2006/04/phpldapadmin-multiple-vuln.html

While I'm here:

ii) Add a little guidance on working with different PHP versions

iii) Add a little more guidance on configuring apache to work with
phpldapadmin.

iv) Trim the comment to less than regulation length

>How-To-Repeat:
	
>Fix:

	

--- phpldapadmin.diff begins here ---
diff -Nur /usr/ports/net/phpldapadmin/Makefile phpldapadmin/Makefile
--- /usr/ports/net/phpldapadmin/Makefile	Thu Mar 23 08:11:43 2006
+++ phpldapadmin/Makefile	Sat May 13 17:55:46 2006
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	phpldapadmin
-PORTVERSION=	1.0.0
+PORTVERSION=	1.0.1
 PORTEPOCH=	1
 CATEGORIES=	net www
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
@@ -14,7 +14,7 @@
 DISTNAME=	${PORTNAME}-${PORTVERSION}
 
 MAINTAINER=	m.seaman@infracaninophile.co.uk
-COMMENT=	A set of PHP-scripts to administer LDAP servers over the web
+COMMENT=	A set of PHP-scripts to administer LDAP over the web
 
 NO_BUILD=	yes
 USE_PHP=	gettext ldap openssl pcre session xml
@@ -60,6 +60,9 @@
 	${ECHO_MSG} ""
 	${ECHO_MSG} "    WITH_SUPHP=yes   Install appropriately for use with"
 	${ECHO_MSG} "                     the www/suphp port [default: no]"
+	${ECHO_MSG} ""
+	${ECHO_MSG} "This port is PHP5 specific. If you need PHP4 support,"
+	${ECHO_MSG} "please use the net/phpldapadmin098 port instead."
 	${ECHO_MSG} ""
 
 post-patch:
diff -Nur /usr/ports/net/phpldapadmin/distinfo phpldapadmin/distinfo
--- /usr/ports/net/phpldapadmin/distinfo	Thu Mar 23 08:11:43 2006
+++ phpldapadmin/distinfo	Sat May 13 17:43:01 2006
@@ -1,3 +1,3 @@
-MD5 (phpldapadmin-1.0.0.tar.gz) = 02ba55f091110dd0c55bdc8ac3e5d436
-SHA256 (phpldapadmin-1.0.0.tar.gz) = 49faf4167217a6c818f15aa7c1b0516266bd33c7c9ae97a3bc0e78626b6c5415
-SIZE (phpldapadmin-1.0.0.tar.gz) = 754595
+MD5 (phpldapadmin-1.0.1.tar.gz) = 1cfb80099229dd27090634a4781990b5
+SHA256 (phpldapadmin-1.0.1.tar.gz) = 56d32c294483e27425f1c86462449ba538b133fa842a33d726e22c80d09006ae
+SIZE (phpldapadmin-1.0.1.tar.gz) = 755815
diff -Nur /usr/ports/net/phpldapadmin/files/pkg-message.in phpldapadmin/files/pkg-message.in
--- /usr/ports/net/phpldapadmin/files/pkg-message.in	Sun Dec 11 23:51:12 2005
+++ phpldapadmin/files/pkg-message.in	Sat May 13 17:59:59 2006
@@ -5,15 +5,24 @@
 
 Please edit config.php to suit your needs.
 
-To make phpLDAPadmin available through your web site, 
-I suggest that you add the following to httpd.conf:
+To make phpLDAPadmin available through your web site, I suggest that
+you add something like following to httpd.conf:
 
     Alias /phpldapadmin/ "%%PREFIX%%/%%PLADIR%%/htdocs"
 
+    <Directory "%%PREFIX%%/%%PLADIR%%/htdocs">
+        Options none
+        AllowOverride none
+
+        Order Deny, Allow
+        Deny from all
+        Allow from 127.0.0.1 .example.com
+    </Directory>
+
 Please note: if you are upgrading from version 0.9.7 or earlier, the
-layout of the %%PKGNAME%% files has been completely reworked. You
-will need to modify your apache configuration and merge the settings
-from your original configuration file:
+layout of the %%PKGNAME%% files has been completely reworked. You will
+need to modify your apache configuration and merge the settings from
+your original configuration file:
 
     %%PREFIX%%/%%PLADIR%%/config.php
 
--- phpldapadmin.diff ends here ---


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: mnag 
State-Changed-When: Sun May 14 03:55:50 UTC 2006 
State-Changed-Why:  
Committed. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=97211 
>Unformatted:
