ports/163290: [maintainer] databases/phpmyadmin -- security update to 3.4.9.r1

Matthew Seaman m.seaman at infracaninophile.co.uk
Wed Dec 14 17:30:12 UTC 2011 

>Number:         163290
>Category:       ports
>Synopsis:       [maintainer] databases/phpmyadmin -- security update to 3.4.9.r1
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Wed Dec 14 17:30:10 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Matthew Seaman
>Release:        FreeBSD 8.2-STABLE amd64
>Organization:
Infracaninophile
>Environment:
System: FreeBSD lucid-nonsense.infracaninophile.co.uk 8.2-STABLE FreeBSD 8.2-STABLE #24 r227991: Sat Nov 26 13:33:22 GMT 2011 root at lucid-nonsense.infracaninophile.co.uk:/usr/obj/usr/src/sys/LUCID-NONSENSE amd64


	
>Description:

Yet another update incorporating security fixes.  As has been the
practice recently, this update contains quick reaction patches but the
full details and security advisories (PMASA-2011-19, PMASA-2011-20)
are not yet available.

Announcement message:

"Welcome to the first release candidate for phpMyAdmin 3.4.9, a bugfix
release with minor security corrections.

Please refer to the upcoming PMASA-2011-19 and PMASA-2011-20 
announcements on http://www.phpmyadmin.net/home_page/security.

Details will appear on http://phpmyadmin.net. In a hurry? you can visit
http://sourceforge.net/projects/phpmyadmin to download.

Marc Delisle, for the team"

ChangeLog:

Welcome to the first release candidate for phpMyAdmin 3.4.9, a bugfix release 
with minor security corrections.

3.4.9.0 (not yet released)
- bug #3442028 [edit] Inline editing enum fields with null shows no dropdown
- bug #3442004 [interface] DB suggestion not correct for user with underscore
- bug #3438420 [core] Magic quotes removed in PHP 5.4
- bug #3398788 [session] No feedback when result is empty (signon auth_type)
- bug #3384035 [display] Problems regarding ShowTooltipAliasTB
- bug #3306875 [edit] Can't rename a database that contains views
- bug #3452506 [edit] Unable to move tables with triggers
- bug #3449659 [navi] Fast filter broken with table tree
- bug #3448485 [GUI] Firefox favicon frameset regression
- [core] Better compatibility with mysql extension
- [security] Self-XSS on export options (export server/database/table), see PMASA-2011-20
- [security] Self-XSS in setup (host parameter), see PMASA-2011-19

http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.4.9-rc1/phpMyAdmin-3.4.9-rc1-notes.html/download

While here:

Switch to using lzma compressed tarballs, for a saving of about 1MB
per download.


>How-To-Repeat:
	
>Fix:

	

--- phpmyadmin.diff begins here ---
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/databases/phpmyadmin/Makefile,v
retrieving revision 1.149
diff -u -u -r1.149 Makefile
--- Makefile	1 Dec 2011 21:03:31 -0000	1.149
+++ Makefile	14 Dec 2011 17:19:27 -0000
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	phpMyAdmin
-DISTVERSION=	3.4.8
+DISTVERSION=	3.4.9-rc1
 CATEGORIES=	databases www
 MASTER_SITES=	SF/${PORTNAME:L}/${PORTNAME}/${DISTVERSION}
 DISTNAME=	${PORTNAME}-${DISTVERSION}-all-languages
@@ -19,7 +19,7 @@
 USE_MYSQL=	compat
 IGNORE_WITH_PHP=	4
 IGNORE_WITH_MYSQL=	41
-USE_BZIP2=	yes
+USE_XZ=	yes
 NO_BUILD=	yes
 .if !defined(WITHOUT_PHP_DEPENDS)
 USE_PHP=	ctype mysql session filter mbstring json spl
Index: distinfo
===================================================================
RCS file: /home/ncvs/ports/databases/phpmyadmin/distinfo,v
retrieving revision 1.125
diff -u -u -r1.125 distinfo
--- distinfo	1 Dec 2011 21:03:31 -0000	1.125
+++ distinfo	14 Dec 2011 17:19:27 -0000
@@ -1,2 +1,2 @@
-SHA256 (phpMyAdmin-3.4.8-all-languages.tar.bz2) = 792a53d1904feed2bba0a613680af86fb4ca2ee8e94ba65ef92043c5c2d90604
-SIZE (phpMyAdmin-3.4.8-all-languages.tar.bz2) = 4610153
+SHA256 (phpMyAdmin-3.4.9-rc1-all-languages.tar.xz) = c005a3880f38e9d20809b2592b5fe108d11fc56bdf4cf666db5e07447ae40096
+SIZE (phpMyAdmin-3.4.9-rc1-all-languages.tar.xz) = 3639524
--- phpmyadmin.diff ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list