ports/64200: [PATCH] SECURITY UPDATE ports/databases/phpmyadmin to 2.5.6
Xin LI
delphij at frontfree.net
Sat Mar 13 08:00:43 UTC 2004
>Number: 64200
>Category: ports
>Synopsis: [PATCH] SECURITY UPDATE ports/databases/phpmyadmin to 2.5.6
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Sat Mar 13 00:00:41 PST 2004
>Closed-Date:
>Last-Modified:
>Originator: Xin LI
>Release: FreeBSD 5.2-CURRENT i386
>Organization:
The FreeBSD Simplified Chinese Project
>Environment:
System: FreeBSD beastie.frontfree.net 5.2-CURRENT FreeBSD 5.2-CURRENT #55: Thu Mar 11 15:51:50 CST 2004 delphij at beastie.frontfree.net:/usr/obj/usr/src/sys/BEASTIE i386
>Description:
phpmyadmin has released their 2.5.6 version which contains fix of file disclosure
vulnerablity.
See http://people.freebsd.org/~eik/portaudit/cc0fb686-6550-11d8-80e3-0020ed76ef5a.html for more details.
I request maintainer review of this patch, and consider to commit it if it is considered to be hppropriate. Thanks in advance!
>How-To-Repeat:
>Fix:
Apply the attached patch, and remove files/*
--- patch-phpmyadmin begins here ---
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/databases/phpmyadmin/Makefile,v
retrieving revision 1.12
diff -u -r1.12 Makefile
--- Makefile 11 Mar 2004 18:48:06 -0000 1.12
+++ Makefile 13 Mar 2004 07:47:28 -0000
@@ -6,17 +6,15 @@
#
PORTNAME= phpMyAdmin
-PORTVERSION= 2.5.4
+PORTVERSION= 2.5.6
CATEGORIES= databases www
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= phpmyadmin
-DISTFILES= ${DISTNAME}-${PHP_SUFX}${EXTRACT_SUFX}
+DISTFILES= ${DISTNAME}${EXTRACT_SUFX}
MAINTAINER= nbm at FreeBSD.org
COMMENT= A set of PHP-scripts to adminstrate MySQL over the web
-FORBIDDEN= http://people.freebsd.org/~eik/portaudit/cc0fb686-6550-11d8-80e3-0020ed76ef5a.html
-
.if defined(WITH_PHP3)
RUN_DEPENDS+= ${LOCALBASE}/libexec/apache/libphp3.so:${PORTSDIR}/www/mod_php3
.endif
@@ -28,18 +26,15 @@
.if defined(WITH_PHP3)
PHP_SUFX= php3
-EXTRA_PATCHES= files/fix-libraries::display_tbl.lib.php3 files/fix-tbl_relation.php3
.else
USE_PHP= yes
PHP_SUFX= php
-EXTRA_PATCHES= files/fix-libraries::display_tbl.lib.php files/fix-tbl_relation.php
.endif
PLIST_SUB+= MYADMDIR=${MYADMDIR} PHP_SUFX=${PHP_SUFX}
post-patch:
@${MV} ${WRKSRC}/config.inc.${PHP_SUFX} ${WRKSRC}/config.inc.${PHP_SUFX}.sample
- @${RM} ${WRKSRC}/*.orig ${WRKSRC}/libraries/*.orig
do-install:
@${MKDIR} ${PREFIX}/${MYADMDIR}
Index: distinfo
===================================================================
RCS file: /home/ncvs/ports/databases/phpmyadmin/distinfo,v
retrieving revision 1.9
diff -u -r1.9 distinfo
--- distinfo 21 Nov 2003 18:58:11 -0000 1.9
+++ distinfo 13 Mar 2004 07:47:28 -0000
@@ -1,2 +1,2 @@
-MD5 (phpMyAdmin-2.5.4-php3.tar.bz2) = 7b6b5dcb9071ebfcd71f5db7785db865
-MD5 (phpMyAdmin-2.5.4-php.tar.bz2) = c3a8d771c9846dd95b7283c7ce0f20dd
+MD5 (phpMyAdmin-2.5.6.tar.bz2) = b62afe98600eacc2a3300c9856b349f7
+SIZE (phpMyAdmin-2.5.6.tar.bz2) = 1111512
Index: pkg-plist
===================================================================
RCS file: /home/ncvs/ports/databases/phpmyadmin/pkg-plist,v
retrieving revision 1.7
diff -u -r1.7 pkg-plist
--- pkg-plist 21 Nov 2003 18:58:11 -0000 1.7
+++ pkg-plist 13 Mar 2004 07:47:28 -0000
@@ -1,4 +1,3 @@
-%%MYADMDIR%%/ANNOUNCE.txt
%%MYADMDIR%%/CREDITS
%%MYADMDIR%%/ChangeLog
%%MYADMDIR%%/Documentation.html
@@ -6,9 +5,8 @@
%%MYADMDIR%%/INSTALL
%%MYADMDIR%%/LICENSE
%%MYADMDIR%%/README
-%%MYADMDIR%%/RELEASE-DATE-2.5.4
+%%MYADMDIR%%/RELEASE-DATE-2.5.6
%%MYADMDIR%%/TODO
-%%MYADMDIR%%/badwords.txt
%%MYADMDIR%%/browse_foreigners.%%PHP_SUFX%%
%%MYADMDIR%%/chk_rel.%%PHP_SUFX%%
%%MYADMDIR%%/config.inc.%%PHP_SUFX%%.sample
@@ -34,6 +32,7 @@
%%MYADMDIR%%/images/arrow_rtl.gif
%%MYADMDIR%%/images/asc_order.png
%%MYADMDIR%%/images/browse.png
+%%MYADMDIR%%/images/button_bookmark.png
%%MYADMDIR%%/images/button_browse.png
%%MYADMDIR%%/images/button_drop.png
%%MYADMDIR%%/images/button_edit.png
@@ -75,6 +74,8 @@
%%MYADMDIR%%/lang/arabic-windows-1256.inc.%%PHP_SUFX%%
%%MYADMDIR%%/lang/azerbaijani-iso-8859-9.inc.%%PHP_SUFX%%
%%MYADMDIR%%/lang/azerbaijani-utf-8.inc.%%PHP_SUFX%%
+%%MYADMDIR%%/lang/basque-iso-8859-1.inc.%%PHP_SUFX%%
+%%MYADMDIR%%/lang/basque-utf-8.inc.%%PHP_SUFX%%
%%MYADMDIR%%/lang/bosnian-utf-8.inc.%%PHP_SUFX%%
%%MYADMDIR%%/lang/bosnian-windows-1250.inc.%%PHP_SUFX%%
%%MYADMDIR%%/lang/brazilian_portuguese-iso-8859-1.inc.%%PHP_SUFX%%
@@ -186,7 +187,7 @@
%%MYADMDIR%%/libraries/dbg/profiling.%%PHP_SUFX%%
%%MYADMDIR%%/libraries/dbg/setup.%%PHP_SUFX%%
%%MYADMDIR%%/libraries/defines.lib.%%PHP_SUFX%%
-%%MYADMDIR%%/libraries/defines_php.lib.%%PHP_SUFX%%
+%%MYADMDIR%%/libraries/defines_mysql.lib.%%PHP_SUFX%%
%%MYADMDIR%%/libraries/display_export.lib.%%PHP_SUFX%%
%%MYADMDIR%%/libraries/display_tbl.lib.%%PHP_SUFX%%
%%MYADMDIR%%/libraries/display_tbl_links.lib.%%PHP_SUFX%%
@@ -237,6 +238,7 @@
%%MYADMDIR%%/libraries/transformations/README
%%MYADMDIR%%/libraries/transformations/TEMPLATE
%%MYADMDIR%%/libraries/transformations/TEMPLATE_MIMETYPE
+%%MYADMDIR%%/libraries/transformations/application_octetstream__download.inc.%%PHP_SUFX%%
%%MYADMDIR%%/libraries/transformations/generator.sh
%%MYADMDIR%%/libraries/transformations/global.inc.%%PHP_SUFX%%
%%MYADMDIR%%/libraries/transformations/image_jpeg__inline.inc.%%PHP_SUFX%%
@@ -270,7 +272,6 @@
%%MYADMDIR%%/scripts/extchg.sh
%%MYADMDIR%%/scripts/inno2pma.sh
%%MYADMDIR%%/scripts/remove_control_m.sh
-%%MYADMDIR%%/scripts/updatedocs.sh
%%MYADMDIR%%/server_collations.%%PHP_SUFX%%
%%MYADMDIR%%/server_common.inc.%%PHP_SUFX%%
%%MYADMDIR%%/server_databases.%%PHP_SUFX%%
--- patch-phpmyadmin ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list