From owner-freebsd-ports-bugs@FreeBSD.ORG Fri May 12 18:20:17 2006 Return-Path: X-Original-To: freebsd-ports-bugs@hub.freebsd.org Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BF79F16B3A8 for ; Fri, 12 May 2006 18:20:17 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id BE06243D49 for ; Fri, 12 May 2006 18:20:16 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k4CIKGj0069263 for ; Fri, 12 May 2006 18:20:16 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k4CIKGDJ069262; Fri, 12 May 2006 18:20:16 GMT (envelope-from gnats) Resent-Date: Fri, 12 May 2006 18:20:16 GMT Resent-Message-Id: <200605121820.k4CIKGDJ069262@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Matthew Seaman Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EBA1316AC08 for ; Fri, 12 May 2006 18:18:14 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (ns0.infracaninophile.co.uk [81.187.76.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id 98C5843D69 for ; Fri, 12 May 2006 18:18:03 +0000 (GMT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1]) by smtp.infracaninophile.co.uk (8.13.6/8.13.6) with ESMTP id k4CIHlfP020704 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 12 May 2006 19:17:47 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost) by happy-idiot-talk.infracaninophile.co.uk (8.13.6/8.13.6/Submit) id k4CIHlbR020703; Fri, 12 May 2006 19:17:47 +0100 (BST) (envelope-from matthew) Message-Id: <200605121817.k4CIHlbR020703@happy-idiot-talk.infracaninophile.co.uk> Date: Fri, 12 May 2006 19:17:47 +0100 (BST) From: Matthew Seaman To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/97185: [maintainer] databases/phpmyadmin -- security update to 2.8.0.4 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Matthew Seaman List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 May 2006 18:20:25 -0000 >Number: 97185 >Category: ports >Synopsis: [maintainer] databases/phpmyadmin -- security update to 2.8.0.4 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Fri May 12 18:20:16 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Matthew Seaman >Release: FreeBSD 4.11-STABLE i386 >Organization: Infracaninophile >Environment: System: FreeBSD happy-idiot-talk.infracaninophile.co.uk 4.11-STABLE FreeBSD 4.11-STABLE #102: Sat Apr 1 16:45:01 BST 2006 root@happy-idiot-talk.infracaninophile.co.uk:/usr/obj/usr/src/sys/HAPPY-IDIOT-TALK i386 >Description: Release notes are at: https://sourceforge.net/project/shownotes.php?release_id=416383&group_id=23067 i) Update to version 2.8.0.4 to patch some security holes. See CVE-2006-2031 http://secunia.com/advisories/19659 http://pridels.blogspot.com/2006/04/phpmyadmin-xss-vuln.html ii) Provide a little guidance on how to get phpMyAdmin installed with PHP5 iii) Provide a little more guidance on how to configure Apache to work with phpMyAdmin. >How-To-Repeat: >Fix: --- phpmyadmin.diff begins here --- diff -Nur /usr/ports/databases/phpmyadmin/Makefile phpmyadmin/Makefile --- /usr/ports/databases/phpmyadmin/Makefile Thu Apr 6 20:44:20 2006 +++ phpmyadmin/Makefile Fri May 12 19:07:22 2006 @@ -6,7 +6,7 @@ # PORTNAME= phpMyAdmin -DISTVERSION= 2.8.0.3 +DISTVERSION= 2.8.0.4 CATEGORIES= databases www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= phpmyadmin @@ -100,6 +100,11 @@ ${ECHO_MSG} "" ${ECHO_MSG} "Note that selecting the MYSQLI option will only work" ${ECHO_MSG} "with PHP5 and MySQL 4.1.x" + ${ECHO_MSG} "" + ${ECHO_MSG} "If you want to use PHP5, for best results, please" + ${ECHO_MSG} "install lang/php5 before attempting to install" + ${ECHO_MSG} "databases/phpmyadmin" + ${ECHO_MSG} "" post-patch: ${CP} ${FILESDIR}/${CFGFILE}.sample ${WRKSRC}/${CFGFILE}.sample diff -Nur /usr/ports/databases/phpmyadmin/distinfo phpmyadmin/distinfo --- /usr/ports/databases/phpmyadmin/distinfo Thu Apr 6 20:44:20 2006 +++ phpmyadmin/distinfo Fri May 12 18:40:28 2006 @@ -1,3 +1,3 @@ -MD5 (phpMyAdmin-2.8.0.3.tar.bz2) = 87ee2e17c9381e969c8f740242220e29 -SHA256 (phpMyAdmin-2.8.0.3.tar.bz2) = 89a15217b9b090ec01e1a4b90c90b2df2ac6b6e192c64385c816d33cc7efaff0 -SIZE (phpMyAdmin-2.8.0.3.tar.bz2) = 2011518 +MD5 (phpMyAdmin-2.8.0.4.tar.bz2) = f7bfa65e72a78a96850799fca6bb70ca +SHA256 (phpMyAdmin-2.8.0.4.tar.bz2) = 0002f8b93a9c4d2c18c0cb193065840fecf0470e7123c1a17dd73c1ad4d47273 +SIZE (phpMyAdmin-2.8.0.4.tar.bz2) = 1993879 diff -Nur /usr/ports/databases/phpmyadmin/files/pkg-message.in phpmyadmin/files/pkg-message.in --- /usr/ports/databases/phpmyadmin/files/pkg-message.in Sun Mar 6 10:48:47 2005 +++ phpmyadmin/files/pkg-message.in Fri May 12 19:08:23 2006 @@ -6,7 +6,16 @@ Please edit config.inc.php to suit your needs. To make phpMyAdmin available through your web site, I suggest -that you add the following to httpd.conf: +that you add something like the following to httpd.conf: Alias /phpmyadmin/ "%%PREFIX%%/%%MYADMDIR%%/" + + + Options none + AllowOverride Limit + + Order Deny, Allow + Deny from all + Allow from 127.0.0.1 .example.com + --- phpmyadmin.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted: