General cleanup:
pkg-install and pkg-deinstall are redundant: it's all handled by
@exec and @unexec actions in pkg-plist.
PR: ports/184923
Submitted by: rene
NO_ARCH=yes
While here, fix a few other niggles:
net/phpldapadmin -- remove indefinite article from COMMENT
www/p5-RT* -- fix comments referencing the different versions of RT
x11-fonts/gentium-{basic,plus} -- mention ${STAGEDIR} explicitly in the
install targets; rework the handling of ${FONTPATH}
ChangeLog: http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.0.5/phpMyAdmin-4.0.5-notes.html/download
SecurityAdvisory: http://www.phpmyadmin.net/home_page/security/PMASA-2013-10.php
- Deprecate databases/phpmyadmin35
This version is vulnerable to the 'clickjacking protection bypass'
problem fixed in 4.0.5, but the development team will not be
publishing a fix. "We have no solution for 3.5.x, due to the proposed
solution requiring JavaScript. We don't want to introduce a dependency
to JavaScript in the 3.5.x family."
Therefore deprecate this port and set expiry for one month. Please
upgrade to 4.0.5 instead.
Security: 17326fd5-fcfb-11e2-9bb9-6805ca0b3d42
- Update databases/phpmyadmin to 4.0.0
Version 4.0.0 is the first release of a new major version, and
involves some significant changes in functionality. In particular it
now requires Javascript in order to operate.
Provide a new phpmyadmin35 port to track the 3.5.x branch for those
not wishing to upgrade yet. Note that you will have to adjust your
httpd.conf if you switch to this port, as it installs the application to
${LOCALBASE}/www/phpMyAdmin35
Four new serious security alerts were issued today by the phpMyAdmin
them: PMASA-2013-2 and PMASA-2013-3 are documented in this commit to
vuln.xml.
- Remote code execution via preg_replace().
- Locally Saved SQL Dump File Multiple File Extension Remote Code
Execution.
The other two: PMASA-2013-4 and PMASA-2013-5 only affect PMA 4.0.0
pre-releases earlier than 4.0.0-rc3, which are not available through
the ports.
- This is a fast-reaction patch: no details about the vulnerability
are available yet, other than it involves XSS.
- VuXML to follow, once the advisories are published
Welcome to phpMyAdmin 3.5.0; here are the major new features:
* browse-mode improvements
** grid editing
** remember recent tables
** remember last sort order by table
** flexible column width
** reorder columns
** more compact navigation bar
* AJAXification of many operations
* reorganised server status page, with server monitoring
* improved support for stored routines, events and triggers
* openGIS support
* zoom-search in table search
* Drizzle support
* improved ENUM/SET editor
Or see: http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.5.0/phpMyAdmin-3.5.0-notes.html/view
Approved by: shaun (mentor)
Feature safe: yes
XSS in replication setup
ChangeLog:
Welcome to phpMyAdmin 3.4.10.1, a minor security release.
3.4.10.1 (2012-02-18)
- [security] XSS in replication setup, see PMASA-2012-1
Security Advisory:
http://www.phpmyadmin.net/home_page/security/PMASA-2012-1.php
Approved by: shaun (mentor)
ChangeLog:
http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.4.10/phpMyAdmin-3.4.10-notes.html/view
3.4.10.0 (2012-02-14)
- bug #3460090 [interface] TextareaAutoSelect feature broken
- patch #3375984 [export] PHP Array export might generate invalid php code
- bug #3049209 [import] Import from ODS ignores cell that is the same as cell be
fore
- bug #3463933 [display] SELECT DISTINCT displays wrong total records found
- patch #3458944 [operations] copy table data missing SET SQL_MODE='NO_AUTO_VALU
E_ON_ZERO'
- bug #3469254 [edit] Setting data to NULL and drop-downs
- bug #3477063 [edit] Missing set fields and values in generated INSERT query
- bug #3460867 [libraries] license issue with TCPDF (updated to 5.9.145)
Other Changes:
* Drop USE_MYSQL=compat and IGNORE_WITH_MYSQL=41 -- phpmyadmin has
not suddenly grown compatibility for older versions of MySQL.
However, USE_MYSQL implies an dependency on mysql-client, but
phpmyadmin can operate just fine with only the php mysqlnd
drivers.
* Add a new WITH_MYSQL Options knob (off by default) -- if you want
to use the mysql-client driver.
* PHP52 doesn't have mysqlnd drivers, so require at least one of
WITH_MYSQL or WITH_MYSQLI to be selected.
Approved by: shaun (mentor)
release with minor security corrections.
Please refer to the upcoming PMASA-2011-19 and PMASA-2011-20
announcements on http://www.phpmyadmin.net/home_page/security.
Details will appear on http://phpmyadmin.net. In a hurry? you can visit
http://sourceforge.net/projects/phpmyadmin to download.
Marc Delisle, for the team"
ChangeLog:
3.4.9.0 (not yet released)
- bug #3442028 [edit] Inline editing enum fields with null shows no dropdown
- bug #3442004 [interface] DB suggestion not correct for user with underscore
- bug #3438420 [core] Magic quotes removed in PHP 5.4
- bug #3398788 [session] No feedback when result is empty (signon auth_type)
- bug #3384035 [display] Problems regarding ShowTooltipAliasTB
- bug #3306875 [edit] Can't rename a database that contains views
- bug #3452506 [edit] Unable to move tables with triggers
- bug #3449659 [navi] Fast filter broken with table tree
- bug #3448485 [GUI] Firefox favicon frameset regression
- [core] Better compatibility with mysql extension
- [security] Self-XSS on export options (export server/database/table), see PMASA-2011-20
- [security] Self-XSS in setup (host parameter), see PMASA-2011-19
http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.4.9-rc1/phpMyAdmin-3.4.9-rc1-notes.html/download
For the port:
Switch to using lzma compressed tarballs, for a saving of about 1MB
per download.
PR: ports/163290
Submitted by: Matthew Seaman <m.seaman@infracaninophile.co.uk>
