Date: Sat, 13 Mar 2004 15:57:55 +0800 (CST) From: Xin LI <delphij@frontfree.net> To: FreeBSD-gnats-submit@FreeBSD.org Cc: nbm@FreeBSD.org Subject: ports/64200: [PATCH] SECURITY UPDATE ports/databases/phpmyadmin to 2.5.6 Message-ID: <20040313075755.8497E117CC@beastie.frontfree.net> Resent-Message-ID: <200403130800.i2D80fvX064116@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 64200 >Category: ports >Synopsis: [PATCH] SECURITY UPDATE ports/databases/phpmyadmin to 2.5.6 >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Sat Mar 13 00:00:41 PST 2004 >Closed-Date: >Last-Modified: >Originator: Xin LI >Release: FreeBSD 5.2-CURRENT i386 >Organization: The FreeBSD Simplified Chinese Project >Environment: System: FreeBSD beastie.frontfree.net 5.2-CURRENT FreeBSD 5.2-CURRENT #55: Thu Mar 11 15:51:50 CST 2004 delphij@beastie.frontfree.net:/usr/obj/usr/src/sys/BEASTIE i386 >Description: phpmyadmin has released their 2.5.6 version which contains fix of file disclosure vulnerablity. See http://people.freebsd.org/~eik/portaudit/cc0fb686-6550-11d8-80e3-0020ed76ef5a.html for more details. I request maintainer review of this patch, and consider to commit it if it is considered to be hppropriate. Thanks in advance! >How-To-Repeat: >Fix: Apply the attached patch, and remove files/* --- patch-phpmyadmin begins here --- Index: Makefile =================================================================== RCS file: /home/ncvs/ports/databases/phpmyadmin/Makefile,v retrieving revision 1.12 diff -u -r1.12 Makefile --- Makefile 11 Mar 2004 18:48:06 -0000 1.12 +++ Makefile 13 Mar 2004 07:47:28 -0000 @@ -6,17 +6,15 @@ # PORTNAME= phpMyAdmin -PORTVERSION= 2.5.4 +PORTVERSION= 2.5.6 CATEGORIES= databases www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= phpmyadmin -DISTFILES= ${DISTNAME}-${PHP_SUFX}${EXTRACT_SUFX} +DISTFILES= ${DISTNAME}${EXTRACT_SUFX} MAINTAINER= nbm@FreeBSD.org COMMENT= A set of PHP-scripts to adminstrate MySQL over the web -FORBIDDEN= http://people.freebsd.org/~eik/portaudit/cc0fb686-6550-11d8-80e3-0020ed76ef5a.html - .if defined(WITH_PHP3) RUN_DEPENDS+= ${LOCALBASE}/libexec/apache/libphp3.so:${PORTSDIR}/www/mod_php3 .endif @@ -28,18 +26,15 @@ .if defined(WITH_PHP3) PHP_SUFX= php3 -EXTRA_PATCHES= files/fix-libraries::display_tbl.lib.php3 files/fix-tbl_relation.php3 .else USE_PHP= yes PHP_SUFX= php -EXTRA_PATCHES= files/fix-libraries::display_tbl.lib.php files/fix-tbl_relation.php .endif PLIST_SUB+= MYADMDIR=${MYADMDIR} PHP_SUFX=${PHP_SUFX} post-patch: @${MV} ${WRKSRC}/config.inc.${PHP_SUFX} ${WRKSRC}/config.inc.${PHP_SUFX}.sample - @${RM} ${WRKSRC}/*.orig ${WRKSRC}/libraries/*.orig do-install: @${MKDIR} ${PREFIX}/${MYADMDIR} Index: distinfo =================================================================== RCS file: /home/ncvs/ports/databases/phpmyadmin/distinfo,v retrieving revision 1.9 diff -u -r1.9 distinfo --- distinfo 21 Nov 2003 18:58:11 -0000 1.9 +++ distinfo 13 Mar 2004 07:47:28 -0000 @@ -1,2 +1,2 @@ -MD5 (phpMyAdmin-2.5.4-php3.tar.bz2) = 7b6b5dcb9071ebfcd71f5db7785db865 -MD5 (phpMyAdmin-2.5.4-php.tar.bz2) = c3a8d771c9846dd95b7283c7ce0f20dd +MD5 (phpMyAdmin-2.5.6.tar.bz2) = b62afe98600eacc2a3300c9856b349f7 +SIZE (phpMyAdmin-2.5.6.tar.bz2) = 1111512 Index: pkg-plist =================================================================== RCS file: /home/ncvs/ports/databases/phpmyadmin/pkg-plist,v retrieving revision 1.7 diff -u -r1.7 pkg-plist --- pkg-plist 21 Nov 2003 18:58:11 -0000 1.7 +++ pkg-plist 13 Mar 2004 07:47:28 -0000 @@ -1,4 +1,3 @@ -%%MYADMDIR%%/ANNOUNCE.txt %%MYADMDIR%%/CREDITS %%MYADMDIR%%/ChangeLog %%MYADMDIR%%/Documentation.html @@ -6,9 +5,8 @@ %%MYADMDIR%%/INSTALL %%MYADMDIR%%/LICENSE %%MYADMDIR%%/README -%%MYADMDIR%%/RELEASE-DATE-2.5.4 +%%MYADMDIR%%/RELEASE-DATE-2.5.6 %%MYADMDIR%%/TODO -%%MYADMDIR%%/badwords.txt %%MYADMDIR%%/browse_foreigners.%%PHP_SUFX%% %%MYADMDIR%%/chk_rel.%%PHP_SUFX%% %%MYADMDIR%%/config.inc.%%PHP_SUFX%%.sample @@ -34,6 +32,7 @@ %%MYADMDIR%%/images/arrow_rtl.gif %%MYADMDIR%%/images/asc_order.png %%MYADMDIR%%/images/browse.png +%%MYADMDIR%%/images/button_bookmark.png %%MYADMDIR%%/images/button_browse.png %%MYADMDIR%%/images/button_drop.png %%MYADMDIR%%/images/button_edit.png @@ -75,6 +74,8 @@ %%MYADMDIR%%/lang/arabic-windows-1256.inc.%%PHP_SUFX%% %%MYADMDIR%%/lang/azerbaijani-iso-8859-9.inc.%%PHP_SUFX%% %%MYADMDIR%%/lang/azerbaijani-utf-8.inc.%%PHP_SUFX%% +%%MYADMDIR%%/lang/basque-iso-8859-1.inc.%%PHP_SUFX%% +%%MYADMDIR%%/lang/basque-utf-8.inc.%%PHP_SUFX%% %%MYADMDIR%%/lang/bosnian-utf-8.inc.%%PHP_SUFX%% %%MYADMDIR%%/lang/bosnian-windows-1250.inc.%%PHP_SUFX%% %%MYADMDIR%%/lang/brazilian_portuguese-iso-8859-1.inc.%%PHP_SUFX%% @@ -186,7 +187,7 @@ %%MYADMDIR%%/libraries/dbg/profiling.%%PHP_SUFX%% %%MYADMDIR%%/libraries/dbg/setup.%%PHP_SUFX%% %%MYADMDIR%%/libraries/defines.lib.%%PHP_SUFX%% -%%MYADMDIR%%/libraries/defines_php.lib.%%PHP_SUFX%% +%%MYADMDIR%%/libraries/defines_mysql.lib.%%PHP_SUFX%% %%MYADMDIR%%/libraries/display_export.lib.%%PHP_SUFX%% %%MYADMDIR%%/libraries/display_tbl.lib.%%PHP_SUFX%% %%MYADMDIR%%/libraries/display_tbl_links.lib.%%PHP_SUFX%% @@ -237,6 +238,7 @@ %%MYADMDIR%%/libraries/transformations/README %%MYADMDIR%%/libraries/transformations/TEMPLATE %%MYADMDIR%%/libraries/transformations/TEMPLATE_MIMETYPE +%%MYADMDIR%%/libraries/transformations/application_octetstream__download.inc.%%PHP_SUFX%% %%MYADMDIR%%/libraries/transformations/generator.sh %%MYADMDIR%%/libraries/transformations/global.inc.%%PHP_SUFX%% %%MYADMDIR%%/libraries/transformations/image_jpeg__inline.inc.%%PHP_SUFX%% @@ -270,7 +272,6 @@ %%MYADMDIR%%/scripts/extchg.sh %%MYADMDIR%%/scripts/inno2pma.sh %%MYADMDIR%%/scripts/remove_control_m.sh -%%MYADMDIR%%/scripts/updatedocs.sh %%MYADMDIR%%/server_collations.%%PHP_SUFX%% %%MYADMDIR%%/server_common.inc.%%PHP_SUFX%% %%MYADMDIR%%/server_databases.%%PHP_SUFX%% --- patch-phpmyadmin ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040313075755.8497E117CC>