svn commit: r358646 - branches/2014Q2/databases/phpmyadmin

Matthew Seaman matthew at FreeBSD.org
Fri Jun 20 22:25:15 UTC 2014 

On 20/06/2014 23:22, Matthew Seaman wrote:
> Author: matthew
> Date: Fri Jun 20 22:22:35 2014
> New Revision: 358646
> URL: http://svnweb.freebsd.org/changeset/ports/358646
> QAT: https://qat.redports.org/buildarchive/r358646/
> 
> Log:
>   MFH: r358641
>   
>   Security update to 4.2.4
>   
>     - while here switch plist to use @sample
>   
>   The advisories: PMASA-2014-2 and PMASA-2014-3, have not been published
>   yet, so there is very little concrete information about what the
>   security problems are. About all there is comes from the change log,
>   where the security issues are listed as:
>   
>   - bug #4464 [security] XSS injection due to unescaped db/table name in navigation hiding
>   - bug #4465 [security] XSS injection due to unescaped db/table name in recent/favorite tables
>   
>   ChangeLog:	http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.2.4/phpMyAdmin-4.2.4-notes.html/view
>   Approved by:	portmgr
> 
> Modified:
>   branches/2014Q2/databases/phpmyadmin/pkg-plist-chunk
> Directory Properties:
>   branches/2014Q2/   (props changed)
> 
> Modified: branches/2014Q2/databases/phpmyadmin/pkg-plist-chunk
> ==============================================================================
> --- branches/2014Q2/databases/phpmyadmin/pkg-plist-chunk	Fri Jun 20 22:20:56 2014	(r358645)
> +++ branches/2014Q2/databases/phpmyadmin/pkg-plist-chunk	Fri Jun 20 22:22:35 2014	(r358646)
> @@ -1,7 +1,5 @@
>  @mode 640
>  @group %%PMA_GRP%%
> - at unexec if cmp -s %D/%%WWWDIR%%/config.inc.php.sample %D/%%WWWDIR%%/config.inc.php ; then rm -f %D/%%WWWDIR%%/config.inc.php ; fi
> -%%WWWDIR%%/config.inc.php.sample
> - at exec [ ! -f %B/config.inc.php ] && cp -p %B/%f %B/config.inc.php || true
> + at sample %%WWWDIR%%/config.inc.php.sample
>  @mode
>  @group
> 

Oh dear.  Epic fail.  Missing the important stuff like Makefile and
distinfo.

	Matthew


-- 
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1036 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/svn-ports-branches/attachments/20140620/f5ab1cef/attachment.sig>

More information about the svn-ports-branches mailing list