[phpldapadmin/el5] fix #748539 (CVE-2011-4075)

Dmitry Butskoy buc at fedoraproject.org
Wed Oct 26 14:23:53 UTC 2011 

commit 667710084fe7028f8228da6a20595057de2edf91
Author: Dmitry Butskoy <Dmitry at Butskoy.name>
Date:   Wed Oct 26 18:23:24 2011 +0400

    fix #748539 (CVE-2011-4075)

 .gitignore                                         |    1 +
 phpldapadmin-1.0.1-masort.patch                    |   13 +++++++++++++
 ...config.patch => phpldapadmin-1.0.2-config.patch |   20 ++++++++++----------
 phpldapadmin.spec                                  |   10 ++++++++--
 sources                                            |    2 +-
 5 files changed, 33 insertions(+), 13 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 7c90c2f..b2628ac 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 phpldapadmin-1.0.1.tar.gz
+/phpldapadmin-1.0.2.tar.gz
diff --git a/phpldapadmin-1.0.1-masort.patch b/phpldapadmin-1.0.1-masort.patch
new file mode 100644
index 0000000..81c0d6b
--- /dev/null
+++ b/phpldapadmin-1.0.1-masort.patch
@@ -0,0 +1,13 @@
+diff -Nrbu phpldapadmin-1.0.1/lib/functions.php phpldapadmin-1.0.1-OK/lib/functions.php
+--- phpldapadmin-1.0.1/lib/functions.php	2006-05-13 16:52:27.000000000 +0400
++++ phpldapadmin-1.0.1-OK/lib/functions.php	2011-10-26 18:05:53.000000000 +0400
+@@ -2518,6 +2518,9 @@
+ function masort(&$data,$sortby,$rev=0) {
+ 	if (DEBUG_ENABLED)
+ 		debug_log('masort(): Entered with (%s,%s,%s)',1,$data,$sortby,$rev);
++	# if the array to sort is null or empty, or if we have some nasty chars
++	if (! preg_match('/^[a-zA-Z0-9_]+(\([a-zA-Z0-9_,]*\))?$/',$sortby) || ! $data)
++		return;
+ 
+ 	static $sort_funcs = array();
+ 
diff --git a/phpldapadmin-1.0.1-config.patch b/phpldapadmin-1.0.2-config.patch
similarity index 79%
rename from phpldapadmin-1.0.1-config.patch
rename to phpldapadmin-1.0.2-config.patch
index 775816b..7e49d3b 100644
--- a/phpldapadmin-1.0.1-config.patch
+++ b/phpldapadmin-1.0.2-config.patch
@@ -1,9 +1,9 @@
-diff -Nrbu phpldapadmin-1.0.1/config/config.php phpldapadmin-1.0.1-OK/config/config.php
---- phpldapadmin-1.0.1/config/config.php	2006-09-19 18:16:12.000000000 +0400
-+++ phpldapadmin-1.0.1-OK/config/config.php	2006-09-19 18:31:56.000000000 +0400
-@@ -55,6 +55,11 @@
- // $config->custom->jpeg['tmpdir'] = "/tmp";     // Example for Unix systems
- #  $config->custom->jpeg['tmpdir'] = "c:\\temp"; // Example for Windows systems
+diff -Nrbu phpldapadmin-1.0.2/config/config.php phpldapadmin-1.0.2-OK/config/config.php
+--- phpldapadmin-1.0.2/config/config.php	2011-10-26 18:16:01.000000000 +0400
++++ phpldapadmin-1.0.2-OK/config/config.php	2011-10-26 18:20:02.000000000 +0400
+@@ -69,6 +69,11 @@
+ /* Configure what objects are shown in left hand tree */
+ // $config->custom->appearance['tree_filter'] = '(objectclass=*)';
  
 +// $config->custom->appearance['show_clear_password'] = false;
 +
@@ -13,7 +13,7 @@ diff -Nrbu phpldapadmin-1.0.1/config/config.php phpldapadmin-1.0.1-OK/config/con
  /*********************************************/
  /* Define your LDAP servers in this section  */
  /*********************************************/
-@@ -64,7 +69,7 @@
+@@ -78,7 +83,7 @@
  
  /* A convenient name that will appear in the tree viewer and throughout
     phpLDAPadmin to identify this LDAP server to users. */
@@ -22,7 +22,7 @@ diff -Nrbu phpldapadmin-1.0.1/config/config.php phpldapadmin-1.0.1-OK/config/con
  
  /* Examples:
     'ldap.example.com',
-@@ -93,6 +98,7 @@
+@@ -107,6 +112,7 @@
     encrypted using blowfish and the secret your specify above as
     session['blowfish']. */
  // $ldapservers->SetValue($i,'server','auth_type','cookie');
@@ -30,7 +30,7 @@ diff -Nrbu phpldapadmin-1.0.1/config/config.php phpldapadmin-1.0.1-OK/config/con
  
  /* The DN of the user for phpLDAPadmin to bind with. For anonymous binds or
     'cookie' or 'session' auth_types, LEAVE THE LOGIN_DN AND LOGIN_PASS BLANK. If
-@@ -162,6 +168,7 @@
+@@ -176,6 +182,7 @@
  /* Default password hashing algorithm. One of md5, ssha, sha, md5crpyt, smd5,
     blowfish, crypt or leave blank for now default algorithm. */
  // $ldapservers->SetValue($i,'appearance','password_hash','md5');
@@ -38,7 +38,7 @@ diff -Nrbu phpldapadmin-1.0.1/config/config.php phpldapadmin-1.0.1-OK/config/con
  
  /* If you specified 'cookie' or 'session' as the auth_type above, you can
     optionally specify here an attribute to use when logging in. If you enter
-@@ -173,6 +180,7 @@
+@@ -187,6 +194,7 @@
     specify 'string', in which case you can provide a string to use for logging
     users in. See 'login_string' directly below. */
  // $ldapservers->SetValue($i,'login','attr','dn');
diff --git a/phpldapadmin.spec b/phpldapadmin.spec
index 003edbf..00e0c8a 100644
--- a/phpldapadmin.spec
+++ b/phpldapadmin.spec
@@ -1,12 +1,13 @@
 Name: phpldapadmin
 Summary: Web-based tool for managing LDAP servers
-Version: 1.0.1
+Version: 1.0.2
 Release: 1%{?dist}
 Group: Applications/Internet
 License: GPL
 URL: http://phpldapadmin.sourceforge.net
 Source: http://dl.sourceforge.net/sourceforge/phpldapadmin/phpldapadmin-%{version}.tar.gz
-Patch0: phpldapadmin-1.0.1-config.patch
+Patch0: phpldapadmin-1.0.2-config.patch
+Patch1: phpldapadmin-1.0.1-masort.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildArch: noarch
@@ -37,6 +38,7 @@ access by remote web-clients.
 cp config/config.php.example config/config.php
 
 %patch0 -p1
+%patch1 -p1
 
 
 %build
@@ -110,6 +112,10 @@ fi
 
 
 %changelog
+* Wed Oct 26 2011 Dmitry Butskoy <Dmitry at Butskoy.name> - 1.0.2-1
+- fix #748539 (CVE-2011-4075)
+- update to 1.0.2
+
 * Tue Sep 19 2006 Dmitry Butskoy <Dmitry at Butskoy.name> - 1.0.1-1
 - upgrade to 1.0.1
 - drop namingcontexts patch, no more needed for php >= 5.0.6
diff --git a/sources b/sources
index 3520238..33ea7dc 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-1cfb80099229dd27090634a4781990b5  phpldapadmin-1.0.1.tar.gz
+316b917d8abe1b37603c49b61b068bd0  phpldapadmin-1.0.2.tar.gz

More information about the scm-commits mailing list