diff options
author | Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> | 2020-03-24 14:22:32 -0100 |
---|---|---|
committer | Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> | 2020-03-24 14:22:58 -0100 |
commit | a81c2975bff0bf2f8f4dce7c9a98628dd3b9c10d (patch) | |
tree | 1edb6d6c1bd8892b27f70d0094996f233d87cb36 /dev-db | |
parent | app-backup/backupninja: bump to 1.1.0 (diff) | |
download | gentoo-a81c2975bff0bf2f8f4dce7c9a98628dd3b9c10d.tar.gz gentoo-a81c2975bff0bf2f8f4dce7c9a98628dd3b9c10d.tar.bz2 gentoo-a81c2975bff0bf2f8f4dce7c9a98628dd3b9c10d.zip |
dev-db/phpmyadmin: Security bump - CVE-2020-{10802,10803,10804}.
Add 4.9.5 and 5.0.2 releases to address the following security advisories.
CVE-2020-{10802,10803,10804} - PMASA-2020-{3,4,2}
PMASA-2020-2: SQL injection vulnerability in the user accounts page,
particularly when changing a password
PMASA-2020-3: SQL injection vulnerability relating to the search feature
PMASA-2020-4: SQL injection and XSS having to do with displaying results
Bug: https://bugs.gentoo.org/714014
Package-Manager: Portage-2.3.94, Repoman-2.3.21
Signed-off-by: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>
Diffstat (limited to 'dev-db')
-rw-r--r-- | dev-db/phpmyadmin/Manifest | 2 | ||||
-rw-r--r-- | dev-db/phpmyadmin/phpmyadmin-4.9.5.ebuild | 61 | ||||
-rw-r--r-- | dev-db/phpmyadmin/phpmyadmin-5.0.2.ebuild | 61 |
3 files changed, 124 insertions, 0 deletions
diff --git a/dev-db/phpmyadmin/Manifest b/dev-db/phpmyadmin/Manifest index 24fbf25d17c0..549ecabda70c 100644 --- a/dev-db/phpmyadmin/Manifest +++ b/dev-db/phpmyadmin/Manifest @@ -1,3 +1,5 @@ DIST phpMyAdmin-4.9.2-all-languages.tar.xz 6118472 BLAKE2B 07093982aebf83017a1773a1cd1acac8b7a4cc9bf666f7c62fdef4b3b46441f5ee1da37746610b0ed6b92a67296d908dbf24ba1ea546c1b573c3593a02b90088 SHA512 426689c31f963a9cbe34b2116888aa0264801aa5ef18fb0e4b89811b032d4018c770538e823bccb684fb066ed27fcf6dc6e0fb4198d1e082e7eea15595b67727 DIST phpMyAdmin-4.9.4-all-languages.tar.xz 6134852 BLAKE2B 4ba7d4a45a3fb7d84f6b227a2d2fc0ffc530498e74c1c412bbf631ca78ba5c874f9f21220d34e2179666253bde4fa222838962e6c9d48d514cf80c5c8370cee3 SHA512 3ddab59725d59bcbe99457a1717f12b53bbd251f0bfcea1582288abfbb4507e50351e3ed0e76961026b0ad351abc806deed4a97f0fa882b34ee095ef314aaf37 +DIST phpMyAdmin-4.9.5-all-languages.tar.xz 6138948 BLAKE2B 63631e8207d1cfb71a2299752bb10ab55d13f630ee0d913a4ed6bdf0a16320fa72945bc7c8a63e0e705eb45a569c60fffd48c204eabe1b980a33ab93fac7c798 SHA512 555f07f087d8bcddd114df0b86fa21872f14f45c31e0f63eea499e76fdebdfd8abebcc88662887418e80ddebfea73d6aaac17856cf433d1855423b5145865d1a DIST phpMyAdmin-5.0.1-all-languages.tar.xz 8130464 BLAKE2B a4b859c73ece7537db1bc4a14df8c5c8f0ab39106b9e3ccbbc30c1f97fa4dc40617db3b00c432b24aa9865ed45595805fa4b43db92b5794794621d0c7df54f3a SHA512 576323a5e63438fe9e57e6165697c5e03e5291346f3786c84d5d6c4cd6851713cb10b2eed4b0c7e9ab6445dad9b06cbded6c03711fcc2942e999f2b5e7ab446b +DIST phpMyAdmin-5.0.2-all-languages.tar.xz 8018752 BLAKE2B c7ceb9257cacae61a674b986fcdfacbcf8f77e2ec9f31dd0fc679f748d9042301d8a5d37803c0b1c796095c038e8ac9701b7c5e497ee92331aa672f5044de4d4 SHA512 242770cc468ebcb3ec9c57bce16607a258621014513568b1a96cfea1df4786506c3922250c69f87e058dbf0dd69cf37efda1a810ade88c05d5ef37591cc1b225 diff --git a/dev-db/phpmyadmin/phpmyadmin-4.9.5.ebuild b/dev-db/phpmyadmin/phpmyadmin-4.9.5.ebuild new file mode 100644 index 000000000000..b44663d57514 --- /dev/null +++ b/dev-db/phpmyadmin/phpmyadmin-4.9.5.ebuild @@ -0,0 +1,61 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit eutils webapp + +MY_PV=${PV/_/-} +MY_PN="phpMyAdmin" +MY_P="${MY_PN}-${MY_PV}-all-languages" + +DESCRIPTION="Web-based administration for MySQL database in PHP" +HOMEPAGE="https://www.phpmyadmin.net/" +SRC_URI="https://files.phpmyadmin.net/${MY_PN}/${MY_PV}/${MY_P}.tar.xz" + +LICENSE="GPL-2" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~ppc-macos ~x64-macos ~x86-macos" +IUSE="setup" + +RDEPEND=" + dev-lang/php[ctype,filter,json,session,unicode] + || ( + dev-lang/php[mysqli] + dev-lang/php[mysql] + ) + virtual/httpd-php:* +" + +need_httpd_cgi + +S="${WORKDIR}"/${MY_P} + +pkg_setup() { + webapp_pkg_setup +} + +src_install() { + webapp_src_preinst + + dodoc README RELEASE-DATE-${MY_PV} ChangeLog + rm -f LICENSE README* RELEASE-DATE-${MY_PV} + + if ! use setup; then + rm -rf setup || die "Cannot remove setup utility" + elog "The phpMyAdmin setup utility has been removed." + elog "It is a regular target of various exploits. If you need it, set USE=setup." + else + elog "You should consider disabling the setup USE flag" + elog "to exclude the setup utility if you don't use it." + elog "It regularly is the target of various exploits." + fi + + insinto "${MY_HTDOCSDIR#${EPREFIX}}" + doins -r . + + webapp_configfile "${MY_HTDOCSDIR#${EPREFIX}}"/libraries/config.default.php + webapp_serverowned "${MY_HTDOCSDIR#${EPREFIX}}"/libraries/config.default.php + + webapp_postinst_txt en "${FILESDIR}"/postinstall-en-3.1.txt + webapp_src_install +} diff --git a/dev-db/phpmyadmin/phpmyadmin-5.0.2.ebuild b/dev-db/phpmyadmin/phpmyadmin-5.0.2.ebuild new file mode 100644 index 000000000000..bcfb741fefec --- /dev/null +++ b/dev-db/phpmyadmin/phpmyadmin-5.0.2.ebuild @@ -0,0 +1,61 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit eutils webapp + +MY_PV=${PV/_/-} +MY_PN="phpMyAdmin" +MY_P="${MY_PN}-${MY_PV}-all-languages" + +DESCRIPTION="Web-based administration for MySQL database in PHP" +HOMEPAGE="https://www.phpmyadmin.net/" +SRC_URI="https://files.phpmyadmin.net/${MY_PN}/${MY_PV}/${MY_P}.tar.xz" + +LICENSE="GPL-2" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~ppc-macos ~x64-macos ~x86-macos" +IUSE="setup" + +RDEPEND=" + >=dev-lang/php-7.1[ctype,filter,json,session,unicode] + || ( + dev-lang/php[mysqli] + dev-lang/php[mysql] + ) + virtual/httpd-php:* +" + +need_httpd_cgi + +S="${WORKDIR}"/${MY_P} + +pkg_setup() { + webapp_pkg_setup +} + +src_install() { + webapp_src_preinst + + dodoc README RELEASE-DATE-${MY_PV} ChangeLog + rm -f LICENSE README* RELEASE-DATE-${MY_PV} + + if ! use setup; then + rm -rf setup || die "Cannot remove setup utility" + elog "The phpMyAdmin setup utility has been removed." + elog "It is a regular target of various exploits. If you need it, set USE=setup." + else + elog "You should consider disabling the setup USE flag" + elog "to exclude the setup utility if you don't use it." + elog "It regularly is the target of various exploits." + fi + + insinto "${MY_HTDOCSDIR#${EPREFIX}}" + doins -r . + + webapp_configfile "${MY_HTDOCSDIR#${EPREFIX}}"/libraries/config.default.php + webapp_serverowned "${MY_HTDOCSDIR#${EPREFIX}}"/libraries/config.default.php + + webapp_postinst_txt en "${FILESDIR}"/postinstall-en-3.1.txt + webapp_src_install +} |