kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/databases/phpmyadmin/MESSAGE
taca af23a8cabb Update phpmyadmin to 4.6.4. 
pkgsrc changes:

* Overhaul Makefile.
  - Remove use of INSTALL_DIRS and simplify install process.
  - Utilize pkgsrc SUBST_*.
  - Stop other pkglint warninggs.
* Drop some dot files from installation.

Quote from Changes:

4.6.4 (2016-08-16)
- issue        [security] Weaknesses with cookie encryption, see PMASA-2016-29
- issue        [security] Improve session cookie code for openid.php and signon.php example files
- issue        [security] Full path disclosure in openid.php and signon.php example files
- issue        [security] Multiple XSS vulnerabilities, see PMASA-2016-30
- issue        [security] Multiple XSS vulnerabilities, see PMASA-2016-31
- issue        [security] Unsafe generation of BlowfishSecret (when not supplied by the user)
- issue        [security] Referrer leak when phpinfo is enabled
- issue        [security] PHP code injection, see PMASA-2016-32
- issue        [security] Full path disclosure, see PMASA-2016-33
- issue        [security] SQL injection attack, see PMASA-2016-34
- issue        [security] Local file exposure through LOAD DATA LOCAL INFILE, see PMASA-2016-35
- issue        [security] Local file exposure through symlinks with UploadDir, see PMASA-2016-36
- issue        [security] Path traversal with SaveDir and UploadDir, see PMASA-2016-37
- issue        [security] Multiple XSS vulnerabilities, see PMASA-2016-38
- issue        [security] SQL injection vulnerability as control user, see PMASA-2016-39
- issue        [security] SQL injection vulnerability, see PMASA-2016-40
- issue        [security] Denial-of-service attack through transformation feature, see PMASA-2016-41
- issue        [security] SQL injection vulnerability as control user, see PMASA-2016-42
- issue        [security] Verify data before unserializing, see PMASA-2016-43
- issue        [security] Use HTTPS for wiki links
- issue        Remove Swekey support
- issue        [security] SSRF in setup script, see PMASA-2016-44
- issue        [security] Denial-of-service attack with $cfg['AllowArbitraryServer'] = true and persistent connections, see PMASA-2016-45
- issue        [security] Improve SSL certificate handling
- issue        [security] Fix full path disclosure in debugging code
- issue        [security] Possible circumvention of IP-based allow/deny rules with IPv6 and proxy server, see PMASA-2016-47
- issue        [security] Detect if user is logged in, see PMASA-2016-48
- issue        [security] Bypass URL redirection protection, see PMASA-2016-49
- issue        [security] Referrer leak, see PMASA-2016-50
- issue        [security] Reflected File Download, see PMASA-2016-51
- issue        [security] ArbitraryServerRegexp bypass, see PMASA-2016-52
- issue        [security] Denial-of-service attack by entering long password, see PMASA-2016-53
- issue        [security] Remote code execution vulnerability when running as CGI, see PMASA-2016-054
- issue        [security] Administrators could trigger SQL injection attack against users
- issue        [security] Denial-of-service attack when PHP uses dbase extension, see PMASA-2016-55
- issue        [security] Remove tode execution vulnerability when PHP uses dbase extension, see PMASA-2016-56
- issue        [security] Denial-of-service attack by using for loops, see PMASA-2016-46
- issue        Include X-Robots-Tag header in responses
- issue        Enforce numeric field length when creating table
- issue        Fixed invalid Content-Length in some HTTP responses
- issue #12394 Create view should require a view name
- issue #12391 Message with 'Change password successfully' displayed, but does not take effect
- issue        Tighten control on PHP sessions and session cookies
- issue #12409 Re-enable overhead on server databases view
- issue #12414 Fixed rendering of Original theme
- issue #12413 Fixed deleting users in non English locales
- issue #12416 Fixed replication status output in Databases listing
- issue #12303 Avoid typecasting to float when not needed
- issue #12425 Duplicate message variable names in messages.inc.php
- issue #12399 Adding index to table shows wrong top navigation
- issue #12424 Fixed password change on MariaDB without auth plugin
- issue #12339 Do not error on unset server port
- issue #12422 Improvements to the original theme
- issue #12395 Do not try to load old transformation plugins
- issue #12423 Fixed replication status in database listing
- issue #12433 Copy table with prefix does not copy the indexes
- issue #12375 Search in database: Window content is not scrolling down when clicking first time on Browse link
- issue #12346 SQL Editor textareas can have their size increased from the top, distorting the page view
2016-08-23 15:53:14 +00:00

22 lines
905 B
Text
Raw Blame History

===========================================================================
$NetBSD: MESSAGE,v 1.14 2016/08/23 15:53:14 taca Exp $
Do *not* edit "${CONF_INC_PHP}" to customize
this package because it is a link which will removed during upgrades.
The actual configuration file is "${PMCONFFILE}".
You will need to make phpMyAdmin accessible through your HTTP server.
If you are running Apache and ap-php, then you can add the following line
to httpd.conf:
Include ${PKG_SYSCONFDIR}/apache.conf
to make phpMyAdmin accessible through:
http://www.example.com/phpmyadmin/
If you are setting up phpmyadmin for the first time you will need to
comment out the configuration block in your apache.conf which denies
access to the scripts directory. This only need to be done the first
time you access your phpmyadmin installation.
===========================================================================
Reference in a new issue View git blame Copy permalink