Date: Wed, 14 Dec 2011 17:28:29 GMT From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/163290: [maintainer] databases/phpmyadmin -- security update to 3.4.9.r1 Message-ID: <201112141728.pBEHSTtD000484@lucid-nonsense.infracaninophile.co.uk> Resent-Message-ID: <201112141730.pBEHUAcv028556@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 163290 >Category: ports >Synopsis: [maintainer] databases/phpmyadmin -- security update to 3.4.9.r1 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Wed Dec 14 17:30:10 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Matthew Seaman >Release: FreeBSD 8.2-STABLE amd64 >Organization: Infracaninophile >Environment: System: FreeBSD lucid-nonsense.infracaninophile.co.uk 8.2-STABLE FreeBSD 8.2-STABLE #24 r227991: Sat Nov 26 13:33:22 GMT 2011 root@lucid-nonsense.infracaninophile.co.uk:/usr/obj/usr/src/sys/LUCID-NONSENSE amd64 >Description: Yet another update incorporating security fixes. As has been the practice recently, this update contains quick reaction patches but the full details and security advisories (PMASA-2011-19, PMASA-2011-20) are not yet available. Announcement message: "Welcome to the first release candidate for phpMyAdmin 3.4.9, a bugfix release with minor security corrections. Please refer to the upcoming PMASA-2011-19 and PMASA-2011-20 announcements on http://www.phpmyadmin.net/home_page/security. Details will appear on http://phpmyadmin.net. In a hurry? you can visit http://sourceforge.net/projects/phpmyadmin to download. Marc Delisle, for the team" ChangeLog: Welcome to the first release candidate for phpMyAdmin 3.4.9, a bugfix release with minor security corrections. 3.4.9.0 (not yet released) - bug #3442028 [edit] Inline editing enum fields with null shows no dropdown - bug #3442004 [interface] DB suggestion not correct for user with underscore - bug #3438420 [core] Magic quotes removed in PHP 5.4 - bug #3398788 [session] No feedback when result is empty (signon auth_type) - bug #3384035 [display] Problems regarding ShowTooltipAliasTB - bug #3306875 [edit] Can't rename a database that contains views - bug #3452506 [edit] Unable to move tables with triggers - bug #3449659 [navi] Fast filter broken with table tree - bug #3448485 [GUI] Firefox favicon frameset regression - [core] Better compatibility with mysql extension - [security] Self-XSS on export options (export server/database/table), see PMASA-2011-20 - [security] Self-XSS in setup (host parameter), see PMASA-2011-19 http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.4.9-rc1/phpMyAdmin-3.4.9-rc1-notes.html/download While here: Switch to using lzma compressed tarballs, for a saving of about 1MB per download. >How-To-Repeat: >Fix: --- phpmyadmin.diff begins here --- Index: Makefile =================================================================== RCS file: /home/ncvs/ports/databases/phpmyadmin/Makefile,v retrieving revision 1.149 diff -u -u -r1.149 Makefile --- Makefile 1 Dec 2011 21:03:31 -0000 1.149 +++ Makefile 14 Dec 2011 17:19:27 -0000 @@ -6,7 +6,7 @@ # PORTNAME= phpMyAdmin -DISTVERSION= 3.4.8 +DISTVERSION= 3.4.9-rc1 CATEGORIES= databases www MASTER_SITES= SF/${PORTNAME:L}/${PORTNAME}/${DISTVERSION} DISTNAME= ${PORTNAME}-${DISTVERSION}-all-languages @@ -19,7 +19,7 @@ USE_MYSQL= compat IGNORE_WITH_PHP= 4 IGNORE_WITH_MYSQL= 41 -USE_BZIP2= yes +USE_XZ= yes NO_BUILD= yes .if !defined(WITHOUT_PHP_DEPENDS) USE_PHP= ctype mysql session filter mbstring json spl Index: distinfo =================================================================== RCS file: /home/ncvs/ports/databases/phpmyadmin/distinfo,v retrieving revision 1.125 diff -u -u -r1.125 distinfo --- distinfo 1 Dec 2011 21:03:31 -0000 1.125 +++ distinfo 14 Dec 2011 17:19:27 -0000 @@ -1,2 +1,2 @@ -SHA256 (phpMyAdmin-3.4.8-all-languages.tar.bz2) = 792a53d1904feed2bba0a613680af86fb4ca2ee8e94ba65ef92043c5c2d90604 -SIZE (phpMyAdmin-3.4.8-all-languages.tar.bz2) = 4610153 +SHA256 (phpMyAdmin-3.4.9-rc1-all-languages.tar.xz) = c005a3880f38e9d20809b2592b5fe108d11fc56bdf4cf666db5e07447ae40096 +SIZE (phpMyAdmin-3.4.9-rc1-all-languages.tar.xz) = 3639524 --- phpmyadmin.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201112141728.pBEHSTtD000484>