From owner-svn-ports-branches@FreeBSD.ORG Fri Jun 20 22:22:35 2014 Return-Path: Delivered-To: svn-ports-branches@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D4CE0C27; Fri, 20 Jun 2014 22:22:35 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C14AA21BC; Fri, 20 Jun 2014 22:22:35 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s5KMMZeo067842; Fri, 20 Jun 2014 22:22:35 GMT (envelope-from matthew@svn.freebsd.org) Received: (from matthew@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s5KMMZXN067841; Fri, 20 Jun 2014 22:22:35 GMT (envelope-from matthew@svn.freebsd.org) Message-Id: <201406202222.s5KMMZXN067841@svn.freebsd.org> From: Matthew Seaman Date: Fri, 20 Jun 2014 22:22:35 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r358646 - branches/2014Q2/databases/phpmyadmin X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jun 2014 22:22:35 -0000 Author: matthew Date: Fri Jun 20 22:22:35 2014 New Revision: 358646 URL: http://svnweb.freebsd.org/changeset/ports/358646 QAT: https://qat.redports.org/buildarchive/r358646/ Log: MFH: r358641 Security update to 4.2.4 - while here switch plist to use @sample The advisories: PMASA-2014-2 and PMASA-2014-3, have not been published yet, so there is very little concrete information about what the security problems are. About all there is comes from the change log, where the security issues are listed as: - bug #4464 [security] XSS injection due to unescaped db/table name in navigation hiding - bug #4465 [security] XSS injection due to unescaped db/table name in recent/favorite tables ChangeLog: http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.2.4/phpMyAdmin-4.2.4-notes.html/view Approved by: portmgr Modified: branches/2014Q2/databases/phpmyadmin/pkg-plist-chunk Directory Properties: branches/2014Q2/ (props changed) Modified: branches/2014Q2/databases/phpmyadmin/pkg-plist-chunk ============================================================================== --- branches/2014Q2/databases/phpmyadmin/pkg-plist-chunk Fri Jun 20 22:20:56 2014 (r358645) +++ branches/2014Q2/databases/phpmyadmin/pkg-plist-chunk Fri Jun 20 22:22:35 2014 (r358646) @@ -1,7 +1,5 @@ @mode 640 @group %%PMA_GRP%% -@unexec if cmp -s %D/%%WWWDIR%%/config.inc.php.sample %D/%%WWWDIR%%/config.inc.php ; then rm -f %D/%%WWWDIR%%/config.inc.php ; fi -%%WWWDIR%%/config.inc.php.sample -@exec [ ! -f %B/config.inc.php ] && cp -p %B/%f %B/config.inc.php || true +@sample %%WWWDIR%%/config.inc.php.sample @mode @group