mirrors/aports
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2025-08-05 13:27:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

community/homer-api: apply LDAP security fix

Browse Source
This commit is contained in:
Kaarle Ritvanen 2017-12-14 16:23:39 +02:00
parent 776cc8c2af
commit 7e331b087f
2 changed files with 34 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
community/homer-api/0001-Update-LDAP.php.patch Normal file
View File

@ -0,0 +1,27 @@
From c2771cbb452949fb5b1e921d8c051c59b024fc28 Mon Sep 17 00:00:00 2001
From: Alexandr Dubovikov <alexandr.dubovikov@gmail.com>
Date: Thu, 14 Dec 2017 15:16:58 +0100
Subject: [PATCH] Update LDAP.php
prevent some potentially leading to privilege escalation. Thanks go to Kaarle R.
---
api/Authentication/LDAP.php | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/api/Authentication/LDAP.php b/api/Authentication/LDAP.php
index 653af2e..f3f0c9d 100644
--- a/api/Authentication/LDAP.php
+++ b/api/Authentication/LDAP.php
@@ -72,8 +72,7 @@ class LDAP extends Authentication {
return array();
}
}
-
- $r=@ldap_search( $ds, LDAP_BASEDN, LDAP_USERNAME_ATTRIBUTE_OPEN .$param['username'].LDAP_USERNAME_ATTRIBUTE_CLOSE);
+ $r=@ldap_search( $ds, LDAP_BASEDN, LDAP_USERNAME_ATTRIBUTE_OPEN.@ldap_escape($param['username']).LDAP_USERNAME_ATTRIBUTE_CLOSE);
if ($r) {
$result = @ldap_get_entries( $ds, $r);
--
2.14.3

11
community/homer-api/APKBUILD
View File

@ -2,7 +2,7 @@
# Maintainer: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> # Maintainer: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
pkgname=homer-api pkgname=homer-api
pkgver=5.0.6 pkgver=5.0.6
pkgrel=12 pkgrel=13
pkgdesc="HOMER API" pkgdesc="HOMER API"
url="https://github.com/sipcapture/homer-api" url="https://github.com/sipcapture/homer-api"
arch="noarch" arch="noarch"
@ -13,8 +13,10 @@ options="!check"
subpackages="$pkgname-doc homer-api-ldap homer-db" subpackages="$pkgname-doc homer-api-ldap homer-db"
source="$pkgname-$pkgver.tar.gz::https://github.com/sipcapture/homer-api/archive/$pkgver.tar.gz source="$pkgname-$pkgver.tar.gz::https://github.com/sipcapture/homer-api/archive/$pkgver.tar.gz
homer_db_init homer_db_init
php7.patch php7.patch
rotation-ini-path.patch" rotation-ini-path.patch
0001-Update-LDAP.php.patch
"
builddir="$srcdir"/$pkgname-$pkgver builddir="$srcdir"/$pkgname-$pkgver
build() { build() {
@ -68,4 +70,5 @@ ldap() {
sha512sums="620185c19bd348ba68bad3a1992b7d673d29dcfb8a0aeea437a2d31e90f0a21cf6f46a43f0041a583a14d9403e1d8574c6040da1dba397ec2d955b8aba9010d8 homer-api-5.0.6.tar.gz sha512sums="620185c19bd348ba68bad3a1992b7d673d29dcfb8a0aeea437a2d31e90f0a21cf6f46a43f0041a583a14d9403e1d8574c6040da1dba397ec2d955b8aba9010d8 homer-api-5.0.6.tar.gz
e305af57a8445b45cb1e894aa34ceea3aeedb60740a636229d470d872f9ebb835e03985faeb685180a3e2c1eae29b49c841f8cbdb4236dbf0323f905a30b0bbb homer_db_init e305af57a8445b45cb1e894aa34ceea3aeedb60740a636229d470d872f9ebb835e03985faeb685180a3e2c1eae29b49c841f8cbdb4236dbf0323f905a30b0bbb homer_db_init
068d7b03c51aed4c144b6f8382a367016432b5f2c22e79e19da516536bf22c9bec4fbedf81130e32d6d919be746610563295513412f14c565fc917bdc0a7b004 php7.patch 068d7b03c51aed4c144b6f8382a367016432b5f2c22e79e19da516536bf22c9bec4fbedf81130e32d6d919be746610563295513412f14c565fc917bdc0a7b004 php7.patch
0328c4f645601be150f877a31a8c245908da9d9972bed6e1af50f2c43055c9f47376da30c666b6eaa0310637414f65906b88f9a339a1dfa14e1864c70b36fa77 rotation-ini-path.patch" 0328c4f645601be150f877a31a8c245908da9d9972bed6e1af50f2c43055c9f47376da30c666b6eaa0310637414f65906b88f9a339a1dfa14e1864c70b36fa77 rotation-ini-path.patch
db83978e1c1150dadddbede0ea860b8819f1c1a804b706b65f212105df80ece0096af6f5d2eb9431271fa3a1f6d0a2fe51ac4f118dc0f371009c0ff812908612 0001-Update-LDAP.php.patch"