From owner-freebsd-ports-bugs@FreeBSD.ORG  Sat Mar 13 00:00:43 2004
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AE90C16A4D3
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Sat, 13 Mar 2004 00:00:43 -0800 (PST)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id BD3B443D4C
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Sat, 13 Mar 2004 00:00:41 -0800 (PST)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	i2D80fbv064118	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Sat, 13 Mar 2004 00:00:41 -0800 (PST)
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.10/8.12.10/Submit) id i2D80fvX064116;
	Sat, 13 Mar 2004 00:00:41 -0800 (PST)
	(envelope-from gnats)
Resent-Date: Sat, 13 Mar 2004 00:00:41 -0800 (PST)
Resent-Message-Id: <200403130800.i2D80fvX064116@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Xin LI <delphij@frontfree.net>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6F9B916A4CE; Fri, 12 Mar 2004 23:58:15 -0800 (PST)
Received: from ftp.bjpu.edu.cn (ftp.bjpu.edu.cn [202.112.78.5])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id EBF4643D31; Fri, 12 Mar 2004 23:58:13 -0800 (PST)
	(envelope-from delphij@frontfree.net)
Received: from localhost (localhost [127.0.0.1])
	by ftp.bjpu.edu.cn (Postfix) with ESMTP
	id 4172352BD; Sat, 13 Mar 2004 15:58:02 +0800 (CST)
Received: from ftp.bjpu.edu.cn ([127.0.0.1])
 by localhost (ftp.bjpu.edu.cn [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 95458-09; Sat, 13 Mar 2004 15:58:01 +0800 (CST)
Received: from beastie.frontfree.net (beastie.frontfree.net [218.107.145.7])
	by ftp.bjpu.edu.cn (Postfix) with ESMTP
	id BFC3E52AB; Sat, 13 Mar 2004 15:58:00 +0800 (CST)
Received: from localhost (localhost [127.0.0.1])
	by beastie.frontfree.net (Postfix) with ESMTP
	id BD16211990; Sat, 13 Mar 2004 15:57:59 +0800 (CST)
Received: from beastie.frontfree.net ([127.0.0.1])
 by localhost (beastie.frontfree.net [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 00884-03; Sat, 13 Mar 2004 15:57:55 +0800 (CST)
Received: by beastie.frontfree.net (Postfix, from userid 1001)
	id 8497E117CC; Sat, 13 Mar 2004 15:57:55 +0800 (CST)
Message-Id: <20040313075755.8497E117CC@beastie.frontfree.net>
Date: Sat, 13 Mar 2004 15:57:55 +0800 (CST)
From: Xin LI <delphij@frontfree.net>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
cc: nbm@FreeBSD.org
Subject: ports/64200: [PATCH] SECURITY UPDATE ports/databases/phpmyadmin to
	2.5.6
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Xin LI <delphij@frontfree.net>
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>,
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>,
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Mar 2004 08:00:43 -0000


>Number:         64200
>Category:       ports
>Synopsis:       [PATCH] SECURITY UPDATE ports/databases/phpmyadmin to 2.5.6
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Sat Mar 13 00:00:41 PST 2004
>Closed-Date:
>Last-Modified:
>Originator:     Xin LI
>Release:        FreeBSD 5.2-CURRENT i386
>Organization:
The FreeBSD Simplified Chinese Project
>Environment:
System: FreeBSD beastie.frontfree.net 5.2-CURRENT FreeBSD 5.2-CURRENT #55: Thu Mar 11 15:51:50 CST 2004 delphij@beastie.frontfree.net:/usr/obj/usr/src/sys/BEASTIE i386


>Description:
	phpmyadmin has released their 2.5.6 version which contains fix of file disclosure
vulnerablity.
	See http://people.freebsd.org/~eik/portaudit/cc0fb686-6550-11d8-80e3-0020ed76ef5a.html for more details.
	I request maintainer review of this patch, and consider to commit it if it is considered to be hppropriate. Thanks in advance!
>How-To-Repeat:
>Fix:

	Apply the attached patch, and remove files/*

--- patch-phpmyadmin begins here ---
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/databases/phpmyadmin/Makefile,v
retrieving revision 1.12
diff -u -r1.12 Makefile
--- Makefile	11 Mar 2004 18:48:06 -0000	1.12
+++ Makefile	13 Mar 2004 07:47:28 -0000
@@ -6,17 +6,15 @@
 #
 
 PORTNAME=	phpMyAdmin
-PORTVERSION=	2.5.4
+PORTVERSION=	2.5.6
 CATEGORIES=	databases www
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	phpmyadmin
-DISTFILES=	${DISTNAME}-${PHP_SUFX}${EXTRACT_SUFX}
+DISTFILES=	${DISTNAME}${EXTRACT_SUFX}
 
 MAINTAINER=	nbm@FreeBSD.org
 COMMENT=	A set of PHP-scripts to adminstrate MySQL over the web
 
-FORBIDDEN=	http://people.freebsd.org/~eik/portaudit/cc0fb686-6550-11d8-80e3-0020ed76ef5a.html
-
 .if defined(WITH_PHP3)
 RUN_DEPENDS+=	${LOCALBASE}/libexec/apache/libphp3.so:${PORTSDIR}/www/mod_php3
 .endif
@@ -28,18 +26,15 @@
 
 .if defined(WITH_PHP3)
 PHP_SUFX=	php3
-EXTRA_PATCHES=	files/fix-libraries::display_tbl.lib.php3 files/fix-tbl_relation.php3
 .else
 USE_PHP=	yes
 PHP_SUFX=	php
-EXTRA_PATCHES=	files/fix-libraries::display_tbl.lib.php files/fix-tbl_relation.php
 .endif
 
 PLIST_SUB+=	MYADMDIR=${MYADMDIR} PHP_SUFX=${PHP_SUFX}
 
 post-patch:
 	@${MV} ${WRKSRC}/config.inc.${PHP_SUFX} ${WRKSRC}/config.inc.${PHP_SUFX}.sample
-	@${RM} ${WRKSRC}/*.orig ${WRKSRC}/libraries/*.orig
 
 do-install:
 	@${MKDIR} ${PREFIX}/${MYADMDIR}
Index: distinfo
===================================================================
RCS file: /home/ncvs/ports/databases/phpmyadmin/distinfo,v
retrieving revision 1.9
diff -u -r1.9 distinfo
--- distinfo	21 Nov 2003 18:58:11 -0000	1.9
+++ distinfo	13 Mar 2004 07:47:28 -0000
@@ -1,2 +1,2 @@
-MD5 (phpMyAdmin-2.5.4-php3.tar.bz2) = 7b6b5dcb9071ebfcd71f5db7785db865
-MD5 (phpMyAdmin-2.5.4-php.tar.bz2) = c3a8d771c9846dd95b7283c7ce0f20dd
+MD5 (phpMyAdmin-2.5.6.tar.bz2) = b62afe98600eacc2a3300c9856b349f7
+SIZE (phpMyAdmin-2.5.6.tar.bz2) = 1111512
Index: pkg-plist
===================================================================
RCS file: /home/ncvs/ports/databases/phpmyadmin/pkg-plist,v
retrieving revision 1.7
diff -u -r1.7 pkg-plist
--- pkg-plist	21 Nov 2003 18:58:11 -0000	1.7
+++ pkg-plist	13 Mar 2004 07:47:28 -0000
@@ -1,4 +1,3 @@
-%%MYADMDIR%%/ANNOUNCE.txt
 %%MYADMDIR%%/CREDITS
 %%MYADMDIR%%/ChangeLog
 %%MYADMDIR%%/Documentation.html
@@ -6,9 +5,8 @@
 %%MYADMDIR%%/INSTALL
 %%MYADMDIR%%/LICENSE
 %%MYADMDIR%%/README
-%%MYADMDIR%%/RELEASE-DATE-2.5.4
+%%MYADMDIR%%/RELEASE-DATE-2.5.6
 %%MYADMDIR%%/TODO
-%%MYADMDIR%%/badwords.txt
 %%MYADMDIR%%/browse_foreigners.%%PHP_SUFX%%
 %%MYADMDIR%%/chk_rel.%%PHP_SUFX%%
 %%MYADMDIR%%/config.inc.%%PHP_SUFX%%.sample
@@ -34,6 +32,7 @@
 %%MYADMDIR%%/images/arrow_rtl.gif
 %%MYADMDIR%%/images/asc_order.png
 %%MYADMDIR%%/images/browse.png
+%%MYADMDIR%%/images/button_bookmark.png
 %%MYADMDIR%%/images/button_browse.png
 %%MYADMDIR%%/images/button_drop.png
 %%MYADMDIR%%/images/button_edit.png
@@ -75,6 +74,8 @@
 %%MYADMDIR%%/lang/arabic-windows-1256.inc.%%PHP_SUFX%%
 %%MYADMDIR%%/lang/azerbaijani-iso-8859-9.inc.%%PHP_SUFX%%
 %%MYADMDIR%%/lang/azerbaijani-utf-8.inc.%%PHP_SUFX%%
+%%MYADMDIR%%/lang/basque-iso-8859-1.inc.%%PHP_SUFX%%
+%%MYADMDIR%%/lang/basque-utf-8.inc.%%PHP_SUFX%%
 %%MYADMDIR%%/lang/bosnian-utf-8.inc.%%PHP_SUFX%%
 %%MYADMDIR%%/lang/bosnian-windows-1250.inc.%%PHP_SUFX%%
 %%MYADMDIR%%/lang/brazilian_portuguese-iso-8859-1.inc.%%PHP_SUFX%%
@@ -186,7 +187,7 @@
 %%MYADMDIR%%/libraries/dbg/profiling.%%PHP_SUFX%%
 %%MYADMDIR%%/libraries/dbg/setup.%%PHP_SUFX%%
 %%MYADMDIR%%/libraries/defines.lib.%%PHP_SUFX%%
-%%MYADMDIR%%/libraries/defines_php.lib.%%PHP_SUFX%%
+%%MYADMDIR%%/libraries/defines_mysql.lib.%%PHP_SUFX%%
 %%MYADMDIR%%/libraries/display_export.lib.%%PHP_SUFX%%
 %%MYADMDIR%%/libraries/display_tbl.lib.%%PHP_SUFX%%
 %%MYADMDIR%%/libraries/display_tbl_links.lib.%%PHP_SUFX%%
@@ -237,6 +238,7 @@
 %%MYADMDIR%%/libraries/transformations/README
 %%MYADMDIR%%/libraries/transformations/TEMPLATE
 %%MYADMDIR%%/libraries/transformations/TEMPLATE_MIMETYPE
+%%MYADMDIR%%/libraries/transformations/application_octetstream__download.inc.%%PHP_SUFX%%
 %%MYADMDIR%%/libraries/transformations/generator.sh
 %%MYADMDIR%%/libraries/transformations/global.inc.%%PHP_SUFX%%
 %%MYADMDIR%%/libraries/transformations/image_jpeg__inline.inc.%%PHP_SUFX%%
@@ -270,7 +272,6 @@
 %%MYADMDIR%%/scripts/extchg.sh
 %%MYADMDIR%%/scripts/inno2pma.sh
 %%MYADMDIR%%/scripts/remove_control_m.sh
-%%MYADMDIR%%/scripts/updatedocs.sh
 %%MYADMDIR%%/server_collations.%%PHP_SUFX%%
 %%MYADMDIR%%/server_common.inc.%%PHP_SUFX%%
 %%MYADMDIR%%/server_databases.%%PHP_SUFX%%
--- patch-phpmyadmin ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted: