From owner-svn-ports-branches@FreeBSD.ORG Fri Jun 20 23:07:25 2014 Return-Path: Delivered-To: svn-ports-branches@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 55265CC3; Fri, 20 Jun 2014 23:07:25 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 27D052503; Fri, 20 Jun 2014 23:07:25 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s5KN7PZL087916; Fri, 20 Jun 2014 23:07:25 GMT (envelope-from matthew@svn.freebsd.org) Received: (from matthew@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s5KN7O2u087913; Fri, 20 Jun 2014 23:07:24 GMT (envelope-from matthew@svn.freebsd.org) Message-Id: <201406202307.s5KN7O2u087913@svn.freebsd.org> From: Matthew Seaman Date: Fri, 20 Jun 2014 23:07:24 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r358654 - branches/2014Q2/databases/phpmyadmin X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jun 2014 23:07:25 -0000 Author: matthew Date: Fri Jun 20 23:07:24 2014 New Revision: 358654 URL: http://svnweb.freebsd.org/changeset/ports/358654 QAT: https://qat.redports.org/buildarchive/r358654/ Log: MFH: r358641,r358643 Fix botched initial attempt at MFH Security update to 4.2.4 - while here switch plist to use @sample The advisories: PMASA-2014-2 and PMASA-2014-3, have not been published yet, so there is very little concrete information about what the security problems are. About all there is comes from the change log, where the security issues are listed as: - bug #4464 [security] XSS injection due to unescaped db/table name in navigation hiding - bug #4465 [security] XSS injection due to unescaped db/table name in recent/favorite tables ChaneLog: http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.2.4/phpMyAdmin-4.2.4-notes.html/view Approved by: portmgr Modified: branches/2014Q2/databases/phpmyadmin/Makefile branches/2014Q2/databases/phpmyadmin/distinfo Directory Properties: branches/2014Q2/ (props changed) Modified: branches/2014Q2/databases/phpmyadmin/Makefile ============================================================================== --- branches/2014Q2/databases/phpmyadmin/Makefile Fri Jun 20 23:04:08 2014 (r358653) +++ branches/2014Q2/databases/phpmyadmin/Makefile Fri Jun 20 23:07:24 2014 (r358654) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= phpMyAdmin -DISTVERSION= 4.1.12 +DISTVERSION= 4.2.4 CATEGORIES= databases www MASTER_SITES= SF/${PORTNAME:L}/${PORTNAME}/${DISTVERSION} DISTNAME= ${PORTNAME}-${DISTVERSION}-all-languages @@ -25,7 +25,7 @@ USE_PHP= ctype session filter mbstring j # FONTCONFIG in the graphics/gd port options. OPTIONS_DEFINE= APC BZ2 GD MCRYPT OPENSSL PDF XML ZIP ZLIB -OPTIONS_DEFAULT= APC BZ2 GD MCRYPT MYSQLI OPENSSL PDF XML ZIP ZLIB +OPTIONS_DEFAULT= BZ2 GD MCRYPT OPENSSL XML ZIP ZLIB OPTIONS_MULTI= DB_connect OPTIONS_MULTI_DB_connect= MYSQL MYSQLI Modified: branches/2014Q2/databases/phpmyadmin/distinfo ============================================================================== --- branches/2014Q2/databases/phpmyadmin/distinfo Fri Jun 20 23:04:08 2014 (r358653) +++ branches/2014Q2/databases/phpmyadmin/distinfo Fri Jun 20 23:07:24 2014 (r358654) @@ -1,2 +1,2 @@ -SHA256 (phpMyAdmin-4.1.12-all-languages.tar.xz) = c91d37d9c61fa84e741423173474e5d2fde8f7e450169328c776e5485ebb3c18 -SIZE (phpMyAdmin-4.1.12-all-languages.tar.xz) = 4872100 +SHA256 (phpMyAdmin-4.2.4-all-languages.tar.xz) = aebcd7cfabd4993405340ecb2b76ce0cb4ab345a817ae7c371a830e22b2c2513 +SIZE (phpMyAdmin-4.2.4-all-languages.tar.xz) = 5176840