Date: Fri, 20 Jun 2014 23:25:03 +0100 From: Matthew Seaman <matthew@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: Re: svn commit: r358646 - branches/2014Q2/databases/phpmyadmin Message-ID: <53A4B4BF.6050308@FreeBSD.org> In-Reply-To: <201406202222.s5KMMZXN067841@svn.freebsd.org> References: <201406202222.s5KMMZXN067841@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --IxKS3QnDP577JVFtbrCvHwHvAhgqD2JDg Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 20/06/2014 23:22, Matthew Seaman wrote: > Author: matthew > Date: Fri Jun 20 22:22:35 2014 > New Revision: 358646 > URL: http://svnweb.freebsd.org/changeset/ports/358646 > QAT: https://qat.redports.org/buildarchive/r358646/ >=20 > Log: > MFH: r358641 > =20 > Security update to 4.2.4 > =20 > - while here switch plist to use @sample > =20 > The advisories: PMASA-2014-2 and PMASA-2014-3, have not been publishe= d > yet, so there is very little concrete information about what the > security problems are. About all there is comes from the change log, > where the security issues are listed as: > =20 > - bug #4464 [security] XSS injection due to unescaped db/table name i= n navigation hiding > - bug #4465 [security] XSS injection due to unescaped db/table name i= n recent/favorite tables > =20 > ChangeLog: http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmi= n/4.2.4/phpMyAdmin-4.2.4-notes.html/view > Approved by: portmgr >=20 > Modified: > branches/2014Q2/databases/phpmyadmin/pkg-plist-chunk > Directory Properties: > branches/2014Q2/ (props changed) >=20 > Modified: branches/2014Q2/databases/phpmyadmin/pkg-plist-chunk > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- branches/2014Q2/databases/phpmyadmin/pkg-plist-chunk Fri Jun 20 22:= 20:56 2014 (r358645) > +++ branches/2014Q2/databases/phpmyadmin/pkg-plist-chunk Fri Jun 20 22:= 22:35 2014 (r358646) > @@ -1,7 +1,5 @@ > @mode 640 > @group %%PMA_GRP%% > -@unexec if cmp -s %D/%%WWWDIR%%/config.inc.php.sample %D/%%WWWDIR%%/co= nfig.inc.php ; then rm -f %D/%%WWWDIR%%/config.inc.php ; fi > -%%WWWDIR%%/config.inc.php.sample > -@exec [ ! -f %B/config.inc.php ] && cp -p %B/%f %B/config.inc.php || t= rue > +@sample %%WWWDIR%%/config.inc.php.sample > @mode > @group >=20 Oh dear. Epic fail. Missing the important stuff like Makefile and distinfo. Matthew --=20 Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey --IxKS3QnDP577JVFtbrCvHwHvAhgqD2JDg Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJ8BAEBCgBmBQJTpLTFXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATiAUP/2Lu/OPinlhS9L/2rB2jbPU4 onO3h/s03WPFahtbOeZPIXECoaGEO/tAwCKrgac1MEoBAP1rP+4IWhXP1Jgh/W9S QNG/jmovLNHeVqftIrARQ4q9Sg+LPobUb+o/ERSkbdFFmqdb4NWEc268utgLOwUW wbnq7h6KDARiwz99tdX8XOON/h6bPbZtanJTwC/fjNJgXPQ/0KyE70mXJr8UCOgc Dycy67fonyaWbQ7vTi4HbVL6rRz6c7AQ5nHbetvk2+giN/VX0uzzOuWg6C5m95hQ 6xEkWShZMsk8LofWc5JcS3PoYtn7MSpILsqTQTzmc4sB4aSETRQ3QH1vMH3b2gov Ss+FeuDdl3TMnFqbcGjshRZp+bXtBVbICP4fCwaxvR5u15iCACsRH2y603lZlzUo Maph12N0NJBIptKFfYeByb7rH7TT35q+YccmkVB3/sOmrCsegQm1Vqn5LMHn+GGe aNxzAdzYr2qOfcbkuBJnEYJ2hrUC7vTRodSI+uR29sgMuhcy0W+ghW6vV3swL3l1 ykJzYjDqHNlCVQv9RhWIxv6hstV2dFunT1gBIZ3p2sV/aeEpR6gH7dL4EzOghy4a 2tjTsr76dJjSVco0SvrkYxXoXe07YolAR7/U15uFuoO5ReqCgvNgmbEB4cuVP5PG 2aIekH4vsU3FXU+STOuv =oUzS -----END PGP SIGNATURE----- --IxKS3QnDP577JVFtbrCvHwHvAhgqD2JDg--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53A4B4BF.6050308>