ports/163290: [maintainer] databases/phpmyadmin -- security update to 3.4.9.r1
Matthew Seaman
m.seaman at infracaninophile.co.uk
Wed Dec 14 17:30:12 UTC 2011
>Number: 163290
>Category: ports
>Synopsis: [maintainer] databases/phpmyadmin -- security update to 3.4.9.r1
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Wed Dec 14 17:30:10 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Matthew Seaman
>Release: FreeBSD 8.2-STABLE amd64
>Organization:
Infracaninophile
>Environment:
System: FreeBSD lucid-nonsense.infracaninophile.co.uk 8.2-STABLE FreeBSD 8.2-STABLE #24 r227991: Sat Nov 26 13:33:22 GMT 2011 root at lucid-nonsense.infracaninophile.co.uk:/usr/obj/usr/src/sys/LUCID-NONSENSE amd64
>Description:
Yet another update incorporating security fixes. As has been the
practice recently, this update contains quick reaction patches but the
full details and security advisories (PMASA-2011-19, PMASA-2011-20)
are not yet available.
Announcement message:
"Welcome to the first release candidate for phpMyAdmin 3.4.9, a bugfix
release with minor security corrections.
Please refer to the upcoming PMASA-2011-19 and PMASA-2011-20
announcements on http://www.phpmyadmin.net/home_page/security.
Details will appear on http://phpmyadmin.net. In a hurry? you can visit
http://sourceforge.net/projects/phpmyadmin to download.
Marc Delisle, for the team"
ChangeLog:
Welcome to the first release candidate for phpMyAdmin 3.4.9, a bugfix release
with minor security corrections.
3.4.9.0 (not yet released)
- bug #3442028 [edit] Inline editing enum fields with null shows no dropdown
- bug #3442004 [interface] DB suggestion not correct for user with underscore
- bug #3438420 [core] Magic quotes removed in PHP 5.4
- bug #3398788 [session] No feedback when result is empty (signon auth_type)
- bug #3384035 [display] Problems regarding ShowTooltipAliasTB
- bug #3306875 [edit] Can't rename a database that contains views
- bug #3452506 [edit] Unable to move tables with triggers
- bug #3449659 [navi] Fast filter broken with table tree
- bug #3448485 [GUI] Firefox favicon frameset regression
- [core] Better compatibility with mysql extension
- [security] Self-XSS on export options (export server/database/table), see PMASA-2011-20
- [security] Self-XSS in setup (host parameter), see PMASA-2011-19
http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.4.9-rc1/phpMyAdmin-3.4.9-rc1-notes.html/download
While here:
Switch to using lzma compressed tarballs, for a saving of about 1MB
per download.
>How-To-Repeat:
>Fix:
--- phpmyadmin.diff begins here ---
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/databases/phpmyadmin/Makefile,v
retrieving revision 1.149
diff -u -u -r1.149 Makefile
--- Makefile 1 Dec 2011 21:03:31 -0000 1.149
+++ Makefile 14 Dec 2011 17:19:27 -0000
@@ -6,7 +6,7 @@
#
PORTNAME= phpMyAdmin
-DISTVERSION= 3.4.8
+DISTVERSION= 3.4.9-rc1
CATEGORIES= databases www
MASTER_SITES= SF/${PORTNAME:L}/${PORTNAME}/${DISTVERSION}
DISTNAME= ${PORTNAME}-${DISTVERSION}-all-languages
@@ -19,7 +19,7 @@
USE_MYSQL= compat
IGNORE_WITH_PHP= 4
IGNORE_WITH_MYSQL= 41
-USE_BZIP2= yes
+USE_XZ= yes
NO_BUILD= yes
.if !defined(WITHOUT_PHP_DEPENDS)
USE_PHP= ctype mysql session filter mbstring json spl
Index: distinfo
===================================================================
RCS file: /home/ncvs/ports/databases/phpmyadmin/distinfo,v
retrieving revision 1.125
diff -u -u -r1.125 distinfo
--- distinfo 1 Dec 2011 21:03:31 -0000 1.125
+++ distinfo 14 Dec 2011 17:19:27 -0000
@@ -1,2 +1,2 @@
-SHA256 (phpMyAdmin-3.4.8-all-languages.tar.bz2) = 792a53d1904feed2bba0a613680af86fb4ca2ee8e94ba65ef92043c5c2d90604
-SIZE (phpMyAdmin-3.4.8-all-languages.tar.bz2) = 4610153
+SHA256 (phpMyAdmin-3.4.9-rc1-all-languages.tar.xz) = c005a3880f38e9d20809b2592b5fe108d11fc56bdf4cf666db5e07447ae40096
+SIZE (phpMyAdmin-3.4.9-rc1-all-languages.tar.xz) = 3639524
--- phpmyadmin.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list