svn commit: r358646 - branches/2014Q2/databases/phpmyadmin
Matthew Seaman
matthew at FreeBSD.org
Fri Jun 20 22:25:15 UTC 2014
On 20/06/2014 23:22, Matthew Seaman wrote:
> Author: matthew
> Date: Fri Jun 20 22:22:35 2014
> New Revision: 358646
> URL: http://svnweb.freebsd.org/changeset/ports/358646
> QAT: https://qat.redports.org/buildarchive/r358646/
>
> Log:
> MFH: r358641
>
> Security update to 4.2.4
>
> - while here switch plist to use @sample
>
> The advisories: PMASA-2014-2 and PMASA-2014-3, have not been published
> yet, so there is very little concrete information about what the
> security problems are. About all there is comes from the change log,
> where the security issues are listed as:
>
> - bug #4464 [security] XSS injection due to unescaped db/table name in navigation hiding
> - bug #4465 [security] XSS injection due to unescaped db/table name in recent/favorite tables
>
> ChangeLog: http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.2.4/phpMyAdmin-4.2.4-notes.html/view
> Approved by: portmgr
>
> Modified:
> branches/2014Q2/databases/phpmyadmin/pkg-plist-chunk
> Directory Properties:
> branches/2014Q2/ (props changed)
>
> Modified: branches/2014Q2/databases/phpmyadmin/pkg-plist-chunk
> ==============================================================================
> --- branches/2014Q2/databases/phpmyadmin/pkg-plist-chunk Fri Jun 20 22:20:56 2014 (r358645)
> +++ branches/2014Q2/databases/phpmyadmin/pkg-plist-chunk Fri Jun 20 22:22:35 2014 (r358646)
> @@ -1,7 +1,5 @@
> @mode 640
> @group %%PMA_GRP%%
> - at unexec if cmp -s %D/%%WWWDIR%%/config.inc.php.sample %D/%%WWWDIR%%/config.inc.php ; then rm -f %D/%%WWWDIR%%/config.inc.php ; fi
> -%%WWWDIR%%/config.inc.php.sample
> - at exec [ ! -f %B/config.inc.php ] && cp -p %B/%f %B/config.inc.php || true
> + at sample %%WWWDIR%%/config.inc.php.sample
> @mode
> @group
>
Oh dear. Epic fail. Missing the important stuff like Makefile and
distinfo.
Matthew
--
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1036 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/svn-ports-branches/attachments/20140620/f5ab1cef/attachment.sig>
More information about the svn-ports-branches
mailing list