Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 11 Nov 2007 13:48:45 GMT
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        secteam@FreeBSD.org
Subject:   ports/117974: [maintainer] databases/phpmyadmin -- security update to 2.11.2.1
Message-ID:  <200711111348.lABDmjtg067704@happy-idiot-talk.infracaninophile.co.uk>
Resent-Message-ID: <200711111350.lABDo1Xt023251@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         117974
>Category:       ports
>Synopsis:       [maintainer] databases/phpmyadmin -- security update to 2.11.2.1
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Sun Nov 11 13:50:00 UTC 2007
>Closed-Date:
>Last-Modified:
>Originator:     Matthew Seaman
>Release:        FreeBSD 7.0-BETA1 i386
>Organization:
Infracaninophile
>Environment:
System: FreeBSD happy-idiot-talk.infracaninophile.co.uk 7.0-BETA1 FreeBSD 7.0-BETA1 #14: Thu Nov 1 23:25:45 GMT 2007 root@happy-idiot-talk.infracaninophile.co.uk:/usr/obj/usr/src/sys/HAPPY-IDIOT-TALK i386


	
>Description:

phpmyadmin-2.11.2.1 has been released in response to a security
problem.  Details are in:

    http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-7

References:

    http://www.digitrustgroup.com/advisories/tdg-advisory071108a.html






>How-To-Repeat:
	
>Fix:

	

--- phpmyadmin.diff begins here ---
diff -Nur /usr/ports/databases/phpmyadmin/Makefile phpmyadmin/Makefile
--- /usr/ports/databases/phpmyadmin/Makefile	2007-10-31 19:02:05.000000000 +0000
+++ phpmyadmin/Makefile	2007-11-11 13:37:13.000000000 +0000
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	phpMyAdmin
-DISTVERSION=	2.11.2
+DISTVERSION=	2.11.2.1
 CATEGORIES=	databases www
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	phpmyadmin
diff -Nur /usr/ports/databases/phpmyadmin/Makefile~ phpmyadmin/Makefile~
--- /usr/ports/databases/phpmyadmin/Makefile~	1970-01-01 01:00:00.000000000 +0100
+++ phpmyadmin/Makefile~	2007-10-31 19:02:05.000000000 +0000
@@ -0,0 +1,162 @@
+# New ports collection makefile for: phpMyAdmin
+# Date created:		19 Jan 2001
+# Whom:			nbm
+#
+# $FreeBSD: ports/databases/phpmyadmin/Makefile,v 1.77 2007/10/30 09:24:24 miwi Exp $
+#
+
+PORTNAME=	phpMyAdmin
+DISTVERSION=	2.11.2
+CATEGORIES=	databases www
+MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
+MASTER_SITE_SUBDIR=	phpmyadmin
+DISTNAME=	${PORTNAME}-${PORTVERSION}-all-languages
+
+MAINTAINER=	m.seaman@infracaninophile.co.uk
+COMMENT=	A set of PHP-scripts to manage MySQL over the web
+
+USE_BZIP2=	yes
+NO_BUILD=	yes
+.if !defined(WITHOUT_PHP_DEPENDS)
+USE_PHP=	ctype mysql pcre session
+.endif
+
+SUB_LIST+=	"MYADMDIR=${MYADMDIR}" \
+		"PKGNAME=${PKGNAME}"
+SUB_FILES=	pkg-message
+
+# Unfortunately can't make WITH_SUPHP part of the OPTIONS selection,
+# since it has to be processed before just about anything else.
+
+.if defined(WITH_SUPHP) && !defined(WITHOUT_SUPHP)
+
+PKGNAMESUFFIX=	-suphp
+RUN_DEPENDS+=	${LOCALBASE}/sbin/suphp:${PORTSDIR}/www/suphp
+WANT_PHP_CGI=	yes
+
+MYADMUSR?=	phpmyadm
+
+SUB_LIST+=	"MYADMUSR=${MYADMUSR}" \
+		"MYADMGRP=${MYADMGRP}"
+SUB_FILES+=	pkg-install pkg-deinstall
+
+.else
+
+WANT_PHP_WEB=	yes
+
+.endif
+
+# Copy the way lang/php{4,5}-extensions deals with its OPTIONS -- avoids
+# problems with include of bsd.port.pre.mk
+
+OPTIONS=	BZ2	 "bzip2 library support" on \
+		GD	 "GD library support" on \
+		MYSQLI	 "Improved MySQL support" off \
+		OPENSSL	 "OpenSSL support" on \
+		PDF	 "PDFlib support (implies GD)" on \
+		ZLIB	 "ZLIB support" on \
+		MCRYPT   "MCrypt library support" on \
+		MBSTRING "Multi-byte character-set string support" on
+
+PORT_DBDIR?=	/var/db/ports
+LATEST_LINK=	${PORTNAME}${PKGNAMESUFFIX}
+OPTIONSFILE?=	${PORT_DBDIR}/${LATEST_LINK}/options
+
+.if exists(${OPTIONSFILE})
+.include "${OPTIONSFILE}"
+.endif
+
+.if !defined(WITHOUT_PHP_DEPENDS)
+# Options that default to on:
+.for opt in BZ2 GD OPENSSL PDF ZLIB MCRYPT MBSTRING
+.    if !defined(WITHOUT_${opt}) || defined(WITH_${opt})
+USE_PHP+=	${opt:L}
+.    endif
+.endfor
+
+# Options that default to off:
+.for opt in MYSQLI
+.    if defined(WITH_${opt}) && !defined(WITHOUT_${opt})
+USE_PHP+=	${opt:L}
+.    endif
+.endfor
+.endif
+
+# MYADMUSR is only used WITH_SUPHP
+MYADMDIR?=	www/phpMyAdmin
+MYADMGRP?=	${WWWGRP}
+CFGFILE=	config.inc.php
+
+PLIST=		${WRKDIR}/plist
+PLIST_SUB+=	MYADMDIR=${MYADMDIR} MYADMGRP=${MYADMGRP}
+
+.SILENT:
+
+do-build:
+	@${DO_NADA}
+
+pre-everything::
+	${ECHO_MSG} ""
+	${ECHO_MSG} "You may use the following additional build option:"
+	${ECHO_MSG} ""
+	${ECHO_MSG} "    WITH_SUPHP=yes   Install appropriately for use with"
+	${ECHO_MSG} "                     the www/suphp port [default: no]"
+	${ECHO_MSG} ""
+	${ECHO_MSG} "Note that selecting the MYSQLI option will only work"
+	${ECHO_MSG} "with PHP5 and MySQL 4.1.x"
+	${ECHO_MSG} ""
+	${ECHO_MSG} "If you want to use PHP4, for best results, please"
+	${ECHO_MSG} "install lang/php4 before attempting to install"
+	${ECHO_MSG} "databases/phpmyadmin"
+	${ECHO_MSG} ""
+
+# When creating a package, empty directories will not be generated
+# from the pkg tarball.  Therefore make sure no directories are empty.
+
+post-patch:
+	cd ${WRKSRC} ; \
+	for emptydir in $$( ${FIND} . -type d -empty -print ) ; do \
+	    ${TOUCH} $${emptydir}/.keep-me ; \
+	done
+	${CP} ${FILESDIR}/${CFGFILE}.sample ${WRKSRC}/${CFGFILE}.sample
+	cd ${WRKSRC} ; \
+	${FIND} . ! -type d ! -name ${CFGFILE}.sample | ${SORT} | \
+	    ${SED} -e "s,^\.,%%MYADMDIR%%,"           >${PLIST} ; \
+	${CAT} ${PKGDIR}/pkg-plist-chunk             >>${PLIST} ; \
+	${FIND} . -type d | ${SORT} -r | ${SED} \
+	     -e "s,^\.$$,@dirrmtry %%MYADMDIR%%," \
+	     -e "s,^\.,@dirrm %%MYADMDIR%%,"         >>${PLIST}
+
+pre-install:
+.if defined(WITH_SUPHP)
+	${SETENV} ${SCRIPTS_ENV} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
+.endif
+
+do-install: install-app install-conf
+
+install-app:
+	cd ${WRKSRC} ; \
+	for src in $$( ${FIND} . ! -name .cvsignore ) ; do \
+	    dst=${PREFIX}/${MYADMDIR}$${src#.} ; \
+	    if ${TEST} -d $$src ; then \
+	        ${MKDIR} $$dst ; \
+	    else \
+	        ${INSTALL_DATA} $$src $$dst ; \
+	    fi \
+	done
+
+install-conf: install-app
+	cd ${PREFIX}/${MYADMDIR} ; \
+	${CHMOD} 0640 ${CFGFILE}.sample ; \
+	${CHGRP} ${MYADMGRP} ${CFGFILE}.sample ; \
+	if ${TEST} ! -f ${CFGFILE} ; then \
+	    ${CP} -p ${CFGFILE}.sample ${CFGFILE} ; \
+	fi
+
+post-install:
+.if defined(WITH_SUPHP)
+	${SETENV} ${SCRIPTS_ENV} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
+.endif
+	${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.mk>
diff -Nur /usr/ports/databases/phpmyadmin/distinfo phpmyadmin/distinfo
--- /usr/ports/databases/phpmyadmin/distinfo	2007-10-31 19:02:05.000000000 +0000
+++ phpmyadmin/distinfo	2007-11-11 13:38:05.000000000 +0000
@@ -1,3 +1,3 @@
-MD5 (phpMyAdmin-2.11.2-all-languages.tar.bz2) = d7d521085c54c82e728cecb64a33b494
-SHA256 (phpMyAdmin-2.11.2-all-languages.tar.bz2) = 6fe12176e5093b1696f765675706af9c916558f52fc5de40416e90045753f635
-SIZE (phpMyAdmin-2.11.2-all-languages.tar.bz2) = 3083211
+MD5 (phpMyAdmin-2.11.2.1-all-languages.tar.bz2) = 12b3625013822c784ce373ca908decf8
+SHA256 (phpMyAdmin-2.11.2.1-all-languages.tar.bz2) = 9fb46ccf7722ab1019ea0a0747f2c5613f95835e9db36887f4f9bbeea7838690
+SIZE (phpMyAdmin-2.11.2.1-all-languages.tar.bz2) = 3083390
--- phpmyadmin.diff ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200711111348.lABDmjtg067704>