CVS commit: [pkgsrc-2016Q4] pkgsrc/databases/phpmyadmin

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2016Q4] pkgsrc/databases/phpmyadmin
From: "Benny Siegert" <bsiegert%netbsd.org@localhost>
Date: Sun, 8 Jan 2017 19:28:33 +0000

Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Sun Jan  8 19:28:33 UTC 2017

Modified Files:
        pkgsrc/databases/phpmyadmin [pkgsrc-2016Q4]: Makefile PLIST distinfo

Log Message:
Pullup ticket #5179 - requested by taca
databases/phpmyadmin: security fix

Revisions pulled up:
- databases/phpmyadmin/Makefile                                 1.151
- databases/phpmyadmin/PLIST                                    1.45
- databases/phpmyadmin/distinfo                                 1.106

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Fri Dec 30 04:44:43 UTC 2016

   Modified Files:
        pkgsrc/databases/phpmyadmin: Makefile PLIST distinfo

   Log Message:
   Update phpmyadmin to 4.6.5.2, including security fixes.

   4.6.5.2 (2016-12-05)
   - issue #12765 Fixed SQL export with newlines

   4.6.5.1 (2016-11-25)
   - issue #12735 Incorrect parameters to escapeString in Node.php
   - issue #12734 Fix PHP error when mbstring is not installed
   - issue #12736 Don't force partition count to be specified when creating a new table

   4.6.5 (2016-11-24)
   - issue        Remove potentionally license problematic sRGB profile
   - issue #12459 Display read only fields as read only when editing
   - issue #12384 Fix expanding of navigation pane when clicking on database
   - issue #12430 Impove partitioning support
   - issue #12374 Reintroduced simplified PmaAbsoluteUri configuration directive
   - issue        Always use UTC time in HTTP headers
   - issue #12479 Simplified validation of external links
   - issue #12483 Fix browsing tables with built in transformations
   - issue #12485 Do not show warning about short blowfish_secret if none is set
   - issue #12251 Fixed random logouts due to wrong cookie path
   - issue #12480 Fixed editing of ENUM/SET/DECIMAL fields structure
   - issue #12497 Missing escaping of configuration used in SQL (hide_db and only_db)
   - issue #12476 Add error checking in reading advisory rules file
   - issue #12477 Add checking missing elements and confirming element types from json_decode
   - issue #12251 Automatically save SQL query in browser local storage rather than in cookie
   - issue #12292 Unable to edit transformations
   - issue #12502 Remove unused paramenter when connecting to MySQLi
   - issue #12303 Fix number formatting with different settings of precision in PHP
   - issue #12405 Use single quotes in PHP code
   - issue #12534 Option for the dropped column is not removed from 'after_field' select, after the column is dropped
   - issue #12531 Properly detect DROP DATABASE queries
   - issue #12470 Fix possible race condition in setting URL hash
   - issue #11924 Remove caching of server information
   - issue #11628 Proper parsing of INSERT ... ON DUPLICATE KEY queries
   - issue #12545 Proper parsing of CREATE TABLE ... PARTITION queries
   - issue #12473 Code can throw unhandled exception
   - issue #12550 Do not try to keep alive session even after expiry
   - issue #12512 Fixed rendering BBCode links in setup
   - issue #12518 Fixed copy of table with generated columns
   - issue #12221 Fixed export of table with generated columns
   - issue #12320 Copying a user does not copy usergroup
   - issue #12272 Adding a new row with default enum goes to no selection when you want to add more then 2 rows
   - issue #12487 Drag and drop import prevents file dropping to blob column file selector on the insert tab
   - issue #12554 Absence of scrolling makes it impossible to read longer text values in grid editing
   - issue #12530 "Edit routine" crashes when the current user is not the definer, even if privileges are adequate
   - issue #12300 Export selective tables by-default dumps Events also
   - issue #12298 Fixed export of view definitions
   - issue #12242 Edit routine detail dialog does not fill "Return length" field in mysql functions
   - issue #12575 New index Confirm adds whitespace around the field name
   - issue #12382 Bug in zoom search
   - issue #12321 Assign LIMIT clause only to syntactically correct queries
   - issue #12461 Can't Execute SQL With Sub-Query Due To "LIMIT 0,25" Inserted At Wrong Place
   - issue #12511 Clarify documentation on ArbitraryServerRegexp
   - issue #12508 Remove duplicate code in SQL escaping
   - issue #12475 Cleanup code for getting table information
   - issue #12579 phpMyAdmin's export of a Select statment without a FROM clause generates Wrong SQL
   - issue #12316 Correct export of complex SELECT statements
   - issue #12080 Fixed parsing of subselect queries
   - issue #11740 Fixed handling DELETE ... USING queries
   - issue #12100 Fixed handling of CASE operator
   - issue #12455 Query history stores separate entry for every letter typed
   - issue #12327 Create PHP code no longer works
   - issue #12179 Fixed bookmarking of query with multiple statements
   - issue #12419 Wrong description on GRANT OPTION
   - issue #12615 Fixed regexp for matching browser versions
   - issue #12569 Avoid showing import errors twice
   - issue #12362 prefs_manage.php can leave an orphaned temporary file
   - issue #12619 Unable to export csv when using union select
   - issue #12625 Broken Edit links in query results of JOIN query
   - issue #12634 Drop DB error in import if DB doesn't exist
   - issue #12338 Designer reverts to first saved ER after EACH relation create or delete
   - issue #12639 'Show trace' in Console generates JS error for functions in query's trace called without any arguments
   - issue #12366 Fix user creation with certain MariaDB setups
   - issue #12616 Refuse to work with mbstring.func_overload enabled
   - issue #12472 Properly report connection without password in setup
   - issue #12365 Fix records count for large tables
   - issue #12533 Fix records count for complex queries
   - issue #12454 Query history not updated in console until page refresh
   - issue #12344 Fixed parsing of labels in loop
   - issue #12228 Fixed parsing of BEGIN labels
   - issue #12637 Fixed editing some timestamp values
   - issue #12622 Fixed javascript error in designer
   - issue #12334 Missing page indicator or VIEWs
   - issue #12610 Export of tables with Timestamp/Datetime/Time columns defined with ON UPDATE clause with precision fails
   - issue #12661 Error inserting into pma__history after timeout
   - issue #12195 Row_format = fixed not visible
   - issue #12665 Cannot add a foreign key - non-indexed fields not listed in InnoDB tables
   - issue #12674 Allow for proper MySQL-allowed strings as identifiers
   - issue #12651 Allow for partial dates on table insert page
   - issue #12681 Fixed designer with tables using special chars
   - issue #12652 Fixed visual query builder for foreign keys with more fields
   - issue #12257 Improved search page performance
   - issue #12322 Avoid selecting default function for foreign keys
   - issue #12453 Fixed escaping of SQL parts in some corner cases
   - issue #12542 Missing table name in account privileges editor
   - issue #12691 Remove ksort call on empty array in PMA_getPlugins function
   - issue #12443 Check parameter type before processing
   - issue #12299 Avoid generating too long URLs in search
   - issue #12361 Fix self SQL injection in table-specific privileges
   - issue #12698 Add link to release notes and download on new version notification
   - issue #12712 Error when trying to setup replication (fatal error in call to an old PMA_DBI_connect function)
   - issue        [security] Unsafe generation of $cfg['blowfish_secret'], see PMASA-2016-58
   - issue        [security] phpMyAdmin's phpinfo functionality is removed, see PMASA-2016-59
   - issue        [security] AllowRoot and allow/deny rule bypass with specially-crafted username, see PMASA-2016-60
   - issue        [security] Username matching weaknesses with allow/deny rules, see PMASA-2016-61
   - issue        [security] Possible to bypass logout timeout, see PMASA-2016-62
   - issue        [security] Full path disclosure (FPD) weaknesses, see PMASA-2016-63
   - issue        [security] Multiple XSS weaknesses, see PMASA-2016-64
   - issue        [security] Multiple denial-of-service (DOS) vulnerabilities, see PMASA-2016-65
   - issue        [security] Possible to bypass white-list protection for URL redirection, see PMASA-2016-66
   - issue        [security] BBCode injection to login page, see PMASA-2016-67
   - issue        [security] Denial-of-service (DOS) vulnerability in table partitioning, see PMASA-2016-68
   - issue        [security] Multiple SQL injection vulnerabilities, see PMASA-2016-69
   - issue        [security] Incorrect serialized string parsing, see PMASA-2016-70
   - issue        [security] CSRF token not stripped from the URL, see PMASA-2016-71


To generate a diff of this commit:
cvs rdiff -u -r1.150 -r1.150.4.1 pkgsrc/databases/phpmyadmin/Makefile
cvs rdiff -u -r1.44 -r1.44.4.1 pkgsrc/databases/phpmyadmin/PLIST
cvs rdiff -u -r1.105 -r1.105.4.1 pkgsrc/databases/phpmyadmin/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/databases/phpmyadmin/Makefile
diff -u pkgsrc/databases/phpmyadmin/Makefile:1.150 pkgsrc/databases/phpmyadmin/Makefile:1.150.4.1
--- pkgsrc/databases/phpmyadmin/Makefile:1.150  Tue Aug 23 15:53:14 2016
+++ pkgsrc/databases/phpmyadmin/Makefile        Sun Jan  8 19:28:33 2017
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.150 2016/08/23 15:53:14 taca Exp $
+# $NetBSD: Makefile,v 1.150.4.1 2017/01/08 19:28:33 bsiegert Exp $
 
-DISTNAME=      phpMyAdmin-4.6.4-all-languages
+DISTNAME=      phpMyAdmin-4.6.5.2-all-languages
 PKGNAME=       ${DISTNAME:S/-all-languages//:tl}
 CATEGORIES=    databases www
 MASTER_SITES=  https://files.phpmyadmin.net/phpMyAdmin/${PKGVERSION_NOREV}/

Index: pkgsrc/databases/phpmyadmin/PLIST
diff -u pkgsrc/databases/phpmyadmin/PLIST:1.44 pkgsrc/databases/phpmyadmin/PLIST:1.44.4.1
--- pkgsrc/databases/phpmyadmin/PLIST:1.44      Tue Aug 23 15:53:14 2016
+++ pkgsrc/databases/phpmyadmin/PLIST   Sun Jan  8 19:28:33 2017
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.44 2016/08/23 15:53:14 taca Exp $
+@comment $NetBSD: PLIST,v 1.44.4.1 2017/01/08 19:28:33 bsiegert Exp $
 share/doc/phpmyadmin/CONTRIBUTING.md
 share/doc/phpmyadmin/ChangeLog
 share/doc/phpmyadmin/DCO
@@ -50,6 +50,7 @@ share/phpmyadmin/doc/html/_sources/user.
 share/phpmyadmin/doc/html/_sources/vendors.txt
 share/phpmyadmin/doc/html/_static/ajax-loader.gif
 share/phpmyadmin/doc/html/_static/basic.css
+share/phpmyadmin/doc/html/_static/classic.css
 share/phpmyadmin/doc/html/_static/comment-bright.png
 share/phpmyadmin/doc/html/_static/comment-close.png
 share/phpmyadmin/doc/html/_static/comment.png
@@ -1108,6 +1109,7 @@ share/phpmyadmin/libraries/sql-parser/sr
 share/phpmyadmin/libraries/sql-parser/src/Components/AlterOperation.php
 share/phpmyadmin/libraries/sql-parser/src/Components/Array2d.php
 share/phpmyadmin/libraries/sql-parser/src/Components/ArrayObj.php
+share/phpmyadmin/libraries/sql-parser/src/Components/CaseExpression.php
 share/phpmyadmin/libraries/sql-parser/src/Components/Condition.php
 share/phpmyadmin/libraries/sql-parser/src/Components/CreateDefinition.php
 share/phpmyadmin/libraries/sql-parser/src/Components/DataType.php
@@ -1195,7 +1197,6 @@ share/phpmyadmin/libraries/tcpdf/fonts/d
 share/phpmyadmin/libraries/tcpdf/fonts/dejavusansb.php
 share/phpmyadmin/libraries/tcpdf/fonts/dejavusansb.z
 share/phpmyadmin/libraries/tcpdf/fonts/helvetica.php
-share/phpmyadmin/libraries/tcpdf/include/sRGB.icc
 share/phpmyadmin/libraries/tcpdf/include/tcpdf_colors.php
 share/phpmyadmin/libraries/tcpdf/include/tcpdf_font_data.php
 share/phpmyadmin/libraries/tcpdf/include/tcpdf_fonts.php

Index: pkgsrc/databases/phpmyadmin/distinfo
diff -u pkgsrc/databases/phpmyadmin/distinfo:1.105 pkgsrc/databases/phpmyadmin/distinfo:1.105.4.1
--- pkgsrc/databases/phpmyadmin/distinfo:1.105  Tue Aug 23 15:53:14 2016
+++ pkgsrc/databases/phpmyadmin/distinfo        Sun Jan  8 19:28:33 2017
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.105 2016/08/23 15:53:14 taca Exp $
+$NetBSD: distinfo,v 1.105.4.1 2017/01/08 19:28:33 bsiegert Exp $
 
-SHA1 (phpMyAdmin-4.6.4-all-languages.tar.xz) = 9ae9e5a8d917960106f8359ea555e31097e12a77
-RMD160 (phpMyAdmin-4.6.4-all-languages.tar.xz) = 445f08b898ad4255e94abfbc4035db3500114f12
-SHA512 (phpMyAdmin-4.6.4-all-languages.tar.xz) = 80ee0180c283c6ea139410289f9aa6535077f68812014dd8c7e334bdae0f49171a47b50274172a153d81e5f3145f906fdcda52751ba703fed8158482a924c6b2
-Size (phpMyAdmin-4.6.4-all-languages.tar.xz) = 6137016 bytes
+SHA1 (phpMyAdmin-4.6.5.2-all-languages.tar.xz) = 0870868690c2f97468cb764a13d5e6b3ffda35c7
+RMD160 (phpMyAdmin-4.6.5.2-all-languages.tar.xz) = be40587f74dd1763226764891de38b12c8c30ec6
+SHA512 (phpMyAdmin-4.6.5.2-all-languages.tar.xz) = 10fecd5f313b3685b3d4d7c86b20e9466abc54298267f2ed41cf81096fae5bf8472860ac3ebd5ecba8644b43f69eaf944625a8a12beaba637bcefba0940f3a11
+Size (phpMyAdmin-4.6.5.2-all-languages.tar.xz) = 6136880 bytes
 SHA1 (patch-libraries_vendor_config.php) = af587496e999bf1e92d6c5a9ab8053fe6e92a0f2

Prev by Date: Re: CVS commit: pkgsrc/textproc/docbook-xsl
Next by Date: CVS commit: [pkgsrc-2016Q4] pkgsrc/www/contao35
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: [pkgsrc-2016Q4] pkgsrc/www/contao35
Indexes:

Home | Main Index | Thread Index | Old Index