[no description] https://git.osdyson.ru/mirror/pkgsrc/atom?h=pkgsrc_2013Q2 2013-08-04T18:35:06Z 2013-08-04T18:35:06Z spz spz 2013-08-04T18:35:06Z urn:sha1:c00f309feaed51434771a4af552decc16d0c82bf databases/phpmyadmin: security update Revisions pulled up: - databases/phpmyadmin/Makefile 1.117 - databases/phpmyadmin/PLIST 1.33 - databases/phpmyadmin/distinfo 1.74 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: tron Date: Mon Jul 29 20:01:02 UTC 2013 Modified Files: pkgsrc/databases/phpmyadmin: Makefile PLIST distinfo Log Message: Update "phpmyadmin" package to version 3.5.8.2. Changes since 3.5.8.1: - [security] Fix self-XSS in "Showing rows", see PMASA-2013-8 - [security] Fix self-XSS in Display chart, see PMASA-2013-9 - [security] Fix stored XSS in Server status monitor, see PMASA-2013-9 - [security] Fix stored XSS in navigation panel logo link, see PMASA-2013-9 - [security] Fix self-XSS in setup, trusted proxies validation, see PMASA-2= 013-9 + [security] JSON content type header for version_check.php, see PMASA-2013= -9 + [security] Backport fix for jQuery issue #9521 from jQuery 1.6.3, see PMA= SA-2013-9 + [security] Fix full path disclosure, see PMASA-2013-12 + [security] Fix control user SQL injection in pmd_pdf.php, see PMASA-2013-= 15 + [security] Fix control user SQL injection in schema_export.php, see PMASA= -2013-15 - [security] Fix self-XSS in schema export, see PMASA-2013-14 - [security] Fix unencoded json object, see PMASA-2013-11 To generate a diff of this commit: cvs rdiff -u -r1.116 -r1.117 pkgsrc/databases/phpmyadmin/Makefile cvs rdiff -u -r1.32 -r1.33 pkgsrc/databases/phpmyadmin/PLIST cvs rdiff -u -r1.73 -r1.74 pkgsrc/databases/phpmyadmin/distinfo 2012-12-22T10:31:31Z tron tron 2012-12-22T10:31:31Z urn:sha1:572b532ba8751084c4bfa5994fe918e463cecb3b - bug #3563824 [export] Support Apache's mod_deflate - bug #3585523 [interface] Inline query editing broken after row update - bug #3586389 [setup] Cannot switch language in /setup - bug #3585695 [CSS] Font size in inline query editor is way too big - bug #3588354 [l10n] Portuguese Language not displaying correctly - bug #3591412 [status] Live charts don't work for non-default server - bug [core] Proxy ajax calls to pma.net to avoid browser notices - bug #3593534 [tracking] Structure Snapshot on tracked view renders invalid SQL - bug #3544366 [events] Event comments not saved Approved by Thomas Klausner. 2012-10-17T18:35:06Z tron tron 2012-10-17T18:35:06Z urn:sha1:df66386c56a1bb07eb59c210de278836b2582114 - bug #3539044 [interface] Browse mode "Show" button gives blank page if no results anymore - bug #3534979 [interface] Copy Database Ajax feedback vanishes long before copying is done - bug #3527531 [interface] GC-maxlifetime warning incorrectly displayed - bug #3526916 [interface] Search fails with JS error when tooltips disabled - bug #3544366 [interface] Event comments not saved - bug #3549084 [edit] Can't enter date directly when editing inline - bug #3548491 [interface] Inline query editor doesn't work from search results - bug #3547825 [edit] BLOB download no longer works - bug #3541966 [config] Error in generated configuration arrray - bug #3553551 [GUI] Invalid HTML code in multi submits confirmation form - [interface] Designer sometimes places tables on the top menu - bug #3546277 [core] Call to undefined function __() when config file has wrong permissions - bug #3540922 [edit] Error searching table with many fields - bug #3555104 [edit] Cannot copy a DB with table & views - bug #3559925 [privileges] Incorrect updating of the list of users - bug #3561224 [edit] cell edit date field with empty date fills in current date - bug #3559955 [edit] current_date from function drop down fails on update - bug #3562472 add support for Solaris and FreeBSD system load and memory display in server status - bug #3553068 [import] Table import from XML file fails - replace Highcharts with jqplot for Display chart - bug #3567684 [edit] Pasting value doesn't clear null checkbox - bug #3570786 [edit] Datepicker for date and datetime fields is broken 2012-08-28T15:54:54Z tron tron 2012-08-28T15:54:54Z urn:sha1:b3c525d2c09c62b14717530718e0ffa8bb192682 - The setup scripts *must* not get write access to the real "config.inc.php". Allow then instead to generate a file in "/var/phpmyadmin" which the administrator copies it place manually. This is the intended procedure as documented by the developers. - Restore the normal "config.inc.php" to its original location. Not sure why I didn't encounter any problems during testing the last change because phpMyAdmin isn't working very well without this. While here change dependences to require both the "php-mysql" and the "php-mysqli" packages. Old installations will use the former, new installation will use the later. Bump the package revision again because of these changes. 2012-08-27T17:11:34Z tron tron 2012-08-27T17:11:34Z urn:sha1:afa09af50324e2385b755a0dd73ab52f16326c96 1.) Install PHP script in the "setup" directory. 2.) Use Vendor override to set the location of the configuration file. It is now possible to use phpMyAdmin's setup for configuration. Based on a suggestion by Peter Avalos in private e-mail. 2012-07-15T13:02:32Z tron tron 2012-07-15T13:02:32Z urn:sha1:1f77170efaf29aed20205bfe6283f74d7b0d1602 - bug #3521416 [interface] JS error when editing index - bug #3521313 [core] Call to undefined function __() - bug #3521016 [edit] NOW() function incorrectly selected - bug [GUI] Invalid HTML code on transformation_overview.php - bug #3522930 [browse] Missing validation in Ajax mode - bug Fix popup message on build SQL of import - bug #3523499 [core] Make X-WebKit-CSP work better - replace Highcharts with jqplot for query profiling, zoom search - bug #3531584 [interface] No form validation in change password dialog - bug #3531585 [interface] Broken password validation in copy user form - bug #3531586 [unterface] Add user form prints JSON when user presses enter - bug #3534121 [config] duplicate line in config.sample.inc.php - bug #3534311 [interface] Grid editing incorrectly parses ENUM/SET values - bug #3510196 [core] More clever URL rewriting with ForceSSL 2012-05-06T09:01:10Z tron tron 2012-05-06T09:01:10Z urn:sha1:e3c4adf6faeff679467cc9968cf9bb0efe8de26c - browse-mode improvements - grid editing - remember recent tables - remember last sort order by table - flexible column width - reorder columns - more compact navigation bar - AJAXification of many operations - reorganised server status page, with server monitoring - improved support for stored routines, events and triggers - openGIS support - zoom-search in table search - Drizzle support - improved ENUM/SET editor 2012-04-15T11:56:27Z tron tron 2012-04-15T11:56:27Z urn:sha1:b76f37f0d1d4bec42476ac156e2201a68fb1e5fd - bug #3486970 [import] Exception on XML import - bug #3488777 [navi] $cfg['ShowTooltipAliasTB'] and blank names in navigation - bug #3512565 [navi] Fixed missing word "Rows" in table list tooltip after cli - [security] Fixed local path disclosure vulnerability, see PMASA-2012-2 2012-02-16T20:19:25Z tron tron 2012-02-16T20:19:25Z urn:sha1:115d743135cc6c226d1fd1644dd3c2f625a3053d - bug #3460090 [interface] TextareaAutoSelect feature broken - patch #3375984 [export] PHP Array export might generate invalid php code - bug #3049209 [import] Import from ODS ignores cell that is the same as cell before - bug #3463933 [display] SELECT DISTINCT displays wrong total records found - patch #3458944 [operations] copy table data missing SET SQL_MODE='NO_AUTO_VALUE_ON_ZERO' - bug #3469254 [edit] Setting data to NULL and drop-downs - bug #3477063 [edit] Missing set fields and values in generated INSERT query - bug #3460867 [libraries] license issue with TCPDF (updated to 5.9.145) 2011-09-14T22:25:27Z tron tron 2011-09-14T22:25:27Z urn:sha1:c702171fcb0768d374e52582222dcc1f8f4843cf - bug #3375325 [interface] Page list in navigation frame looks odd - bug #3313235 [interface] Error div misplaced - bug #3374802 [interface] Comment on a column breaks inline editing - patch #3383711 [display] Order by a column in a view doesn't work in some cases - bug #3386434 [interface] Add missing space to server status - [core] Remove library PHPExcel, due to license issues - [export] Remove native Excel export modules (xls and xlsx formats) - [import] Remove native Excel import modules (xls and xlsx formats) - bug #3392920 [edit] BLOB emptied after editing another column - [security] Fixed XSS in Inline Edit on save action, see PMASA-2011-14 - [security] Fixed XSS with db/table/column names, see PMASA-2011-14