From owner-svn-ports-all@FreeBSD.ORG Fri Jun 20 22:25:15 2014 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D167AE5E; Fri, 20 Jun 2014 22:25:15 +0000 (UTC) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "ca.infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 7891D21CB; Fri, 20 Jun 2014 22:25:15 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [81.2.117.99]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.8/8.14.8) with ESMTP id s5KMPAnZ004000 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Fri, 20 Jun 2014 23:25:10 +0100 (BST) (envelope-from matthew@FreeBSD.org) Authentication-Results: lucid-nonsense.infracaninophile.co.uk; dmarc=none header.from=FreeBSD.org DKIM-Filter: OpenDKIM Filter v2.8.3 smtp.infracaninophile.co.uk s5KMPAnZ004000 Authentication-Results: smtp.infracaninophile.co.uk/s5KMPAnZ004000; dkim=none reason="no signature"; dkim-adsp=none Message-ID: <53A4B4BF.6050308@FreeBSD.org> Date: Fri, 20 Jun 2014 23:25:03 +0100 From: Matthew Seaman User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: Re: svn commit: r358646 - branches/2014Q2/databases/phpmyadmin References: <201406202222.s5KMMZXN067841@svn.freebsd.org> In-Reply-To: <201406202222.s5KMMZXN067841@svn.freebsd.org> X-Enigmail-Version: 1.6 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="IxKS3QnDP577JVFtbrCvHwHvAhgqD2JDg" X-Virus-Scanned: clamav-milter 0.98.3 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-3.0 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lucid-nonsense.infracaninophile.co.uk X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jun 2014 22:25:15 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --IxKS3QnDP577JVFtbrCvHwHvAhgqD2JDg Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 20/06/2014 23:22, Matthew Seaman wrote: > Author: matthew > Date: Fri Jun 20 22:22:35 2014 > New Revision: 358646 > URL: http://svnweb.freebsd.org/changeset/ports/358646 > QAT: https://qat.redports.org/buildarchive/r358646/ >=20 > Log: > MFH: r358641 > =20 > Security update to 4.2.4 > =20 > - while here switch plist to use @sample > =20 > The advisories: PMASA-2014-2 and PMASA-2014-3, have not been publishe= d > yet, so there is very little concrete information about what the > security problems are. About all there is comes from the change log, > where the security issues are listed as: > =20 > - bug #4464 [security] XSS injection due to unescaped db/table name i= n navigation hiding > - bug #4465 [security] XSS injection due to unescaped db/table name i= n recent/favorite tables > =20 > ChangeLog: http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmi= n/4.2.4/phpMyAdmin-4.2.4-notes.html/view > Approved by: portmgr >=20 > Modified: > branches/2014Q2/databases/phpmyadmin/pkg-plist-chunk > Directory Properties: > branches/2014Q2/ (props changed) >=20 > Modified: branches/2014Q2/databases/phpmyadmin/pkg-plist-chunk > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- branches/2014Q2/databases/phpmyadmin/pkg-plist-chunk Fri Jun 20 22:= 20:56 2014 (r358645) > +++ branches/2014Q2/databases/phpmyadmin/pkg-plist-chunk Fri Jun 20 22:= 22:35 2014 (r358646) > @@ -1,7 +1,5 @@ > @mode 640 > @group %%PMA_GRP%% > -@unexec if cmp -s %D/%%WWWDIR%%/config.inc.php.sample %D/%%WWWDIR%%/co= nfig.inc.php ; then rm -f %D/%%WWWDIR%%/config.inc.php ; fi > -%%WWWDIR%%/config.inc.php.sample > -@exec [ ! -f %B/config.inc.php ] && cp -p %B/%f %B/config.inc.php || t= rue > +@sample %%WWWDIR%%/config.inc.php.sample > @mode > @group >=20 Oh dear. Epic fail. Missing the important stuff like Makefile and distinfo. Matthew --=20 Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey --IxKS3QnDP577JVFtbrCvHwHvAhgqD2JDg Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJ8BAEBCgBmBQJTpLTFXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATiAUP/2Lu/OPinlhS9L/2rB2jbPU4 onO3h/s03WPFahtbOeZPIXECoaGEO/tAwCKrgac1MEoBAP1rP+4IWhXP1Jgh/W9S QNG/jmovLNHeVqftIrARQ4q9Sg+LPobUb+o/ERSkbdFFmqdb4NWEc268utgLOwUW wbnq7h6KDARiwz99tdX8XOON/h6bPbZtanJTwC/fjNJgXPQ/0KyE70mXJr8UCOgc Dycy67fonyaWbQ7vTi4HbVL6rRz6c7AQ5nHbetvk2+giN/VX0uzzOuWg6C5m95hQ 6xEkWShZMsk8LofWc5JcS3PoYtn7MSpILsqTQTzmc4sB4aSETRQ3QH1vMH3b2gov Ss+FeuDdl3TMnFqbcGjshRZp+bXtBVbICP4fCwaxvR5u15iCACsRH2y603lZlzUo Maph12N0NJBIptKFfYeByb7rH7TT35q+YccmkVB3/sOmrCsegQm1Vqn5LMHn+GGe aNxzAdzYr2qOfcbkuBJnEYJ2hrUC7vTRodSI+uR29sgMuhcy0W+ghW6vV3swL3l1 ykJzYjDqHNlCVQv9RhWIxv6hstV2dFunT1gBIZ3p2sV/aeEpR6gH7dL4EzOghy4a 2tjTsr76dJjSVco0SvrkYxXoXe07YolAR7/U15uFuoO5ReqCgvNgmbEB4cuVP5PG 2aIekH4vsU3FXU+STOuv =oUzS -----END PGP SIGNATURE----- --IxKS3QnDP577JVFtbrCvHwHvAhgqD2JDg--