diff options
author | Aaron Walker <ka0ttic@gentoo.org> | 2005-03-02 14:48:45 +0000 |
---|---|---|
committer | Aaron Walker <ka0ttic@gentoo.org> | 2005-03-02 14:48:45 +0000 |
commit | d82f9618e7fa9ff92a7e608633290b85bb21fb6f (patch) | |
tree | f29d2f4809a28be890afb391744a779d24c721ff /dev-db | |
parent | Updated to 1.0.18 release. (diff) | |
download | gentoo-2-d82f9618e7fa9ff92a7e608633290b85bb21fb6f.tar.gz gentoo-2-d82f9618e7fa9ff92a7e608633290b85bb21fb6f.tar.bz2 gentoo-2-d82f9618e7fa9ff92a7e608633290b85bb21fb6f.zip |
Revision bump for security bug 83792.
(Portage version: 2.0.51.18)
Diffstat (limited to 'dev-db')
-rw-r--r-- | dev-db/phpmyadmin/ChangeLog | 9 | ||||
-rw-r--r-- | dev-db/phpmyadmin/Manifest | 27 | ||||
-rw-r--r-- | dev-db/phpmyadmin/files/2.6.1_p2-no-wildcard-privs-for-you.patch | 74 | ||||
-rw-r--r-- | dev-db/phpmyadmin/files/digest-phpmyadmin-2.6.1_p2-r1 | 1 | ||||
-rw-r--r-- | dev-db/phpmyadmin/phpmyadmin-2.6.1_p2-r1.ebuild | 98 |
5 files changed, 191 insertions, 18 deletions
diff --git a/dev-db/phpmyadmin/ChangeLog b/dev-db/phpmyadmin/ChangeLog index 10ee31c0646f..048b7222007f 100644 --- a/dev-db/phpmyadmin/ChangeLog +++ b/dev-db/phpmyadmin/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for dev-db/phpmyadmin # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-db/phpmyadmin/ChangeLog,v 1.87 2005/03/01 18:24:11 kloeri Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-db/phpmyadmin/ChangeLog,v 1.88 2005/03/02 14:48:45 ka0ttic Exp $ + +*phpmyadmin-2.6.1_p2-r1 (02 Mar 2005) + + 02 Mar 2005; Aaron Walker <ka0ttic@gentoo.org> + +files/2.6.1_p2-no-wildcard-privs-for-you.patch, + +phpmyadmin-2.6.1_p2-r1.ebuild: + Revision bump for security bug 83792. 01 Mar 2005; Bryan Østergaard <kloeri@gentoo.org> phpmyadmin-2.6.1_p2.ebuild: diff --git a/dev-db/phpmyadmin/Manifest b/dev-db/phpmyadmin/Manifest index af6b933c6408..de88529b05e4 100644 --- a/dev-db/phpmyadmin/Manifest +++ b/dev-db/phpmyadmin/Manifest @@ -1,23 +1,16 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - +MD5 8953a4dca66a41467a427449f47ea16e phpmyadmin-2.6.1_p2.ebuild 2599 MD5 3a33dda459f41b062d86576003c1e0ec phpmyadmin-2.6.1.ebuild 2595 -MD5 bccae1a2684d75a564d84b2fc38af47c ChangeLog 12126 MD5 d0ac5e24e09567b4888c6ee2fbd88b3e phpmyadmin-2.6.1_rc1.ebuild 2593 +MD5 c3fc2aaa40ee4048c6c20654c62a9840 phpmyadmin-2.6.1_p2-r1.ebuild 2685 +MD5 08e76522b9e7aa2f5e010fed2c65d193 ChangeLog 12340 MD5 d992d28bec4a3bfd72b441145091a58e metadata.xml 244 -MD5 8953a4dca66a41467a427449f47ea16e phpmyadmin-2.6.1_p2.ebuild 2599 -MD5 c6a79ab6f3c9e6d657a5bee36b1f6565 files/phpmyadmin-config.patch 4857 -MD5 85a86432c3f64acb068a7d2cfab311a9 files/config.inc.php-2.5.6.patch 5525 -MD5 1a6c1907f5c2327b00453d7675c13178 files/mysql-setup.sql.in-2.5.6 3231 -MD5 c4e16f440d397574f36ec04130d54ba0 files/digest-phpmyadmin-2.6.1 70 MD5 22a63a92c01eef5a268311e15594367b files/digest-phpmyadmin-2.6.1_p2 74 -MD5 396133c1da8d8b716ad2da23aa0a5a30 files/phpmyadmin-mysql-setup.sql.in 2712 MD5 4badbcc4cd669e6f934d5c993ff9ae4e files/digest-phpmyadmin-2.6.1_rc1 74 +MD5 c4e16f440d397574f36ec04130d54ba0 files/digest-phpmyadmin-2.6.1 70 MD5 56dcb2efb84915a521c18a004f96d37c files/postinstall-en.txt 506 ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.0 (GNU/Linux) - -iD8DBQFCJLNhugEuf3OQ0akRAvO+AJsGXMNC3iC+jvBYeozL4gdSv4nJDgCeNduP -g1qpG1K1TEJV2pFOUp7brZQ= -=SQIE ------END PGP SIGNATURE----- +MD5 85a86432c3f64acb068a7d2cfab311a9 files/config.inc.php-2.5.6.patch 5525 +MD5 c6a79ab6f3c9e6d657a5bee36b1f6565 files/phpmyadmin-config.patch 4857 +MD5 74f9155acb148d4c41be263c6e1c25cb files/2.6.1_p2-no-wildcard-privs-for-you.patch 4005 +MD5 22a63a92c01eef5a268311e15594367b files/digest-phpmyadmin-2.6.1_p2-r1 74 +MD5 396133c1da8d8b716ad2da23aa0a5a30 files/phpmyadmin-mysql-setup.sql.in 2712 +MD5 1a6c1907f5c2327b00453d7675c13178 files/mysql-setup.sql.in-2.5.6 3231 diff --git a/dev-db/phpmyadmin/files/2.6.1_p2-no-wildcard-privs-for-you.patch b/dev-db/phpmyadmin/files/2.6.1_p2-no-wildcard-privs-for-you.patch new file mode 100644 index 000000000000..4828337d7447 --- /dev/null +++ b/dev-db/phpmyadmin/files/2.6.1_p2-no-wildcard-privs-for-you.patch @@ -0,0 +1,74 @@ +=================================================================== +RCS file: /cvsroot/phpmyadmin/phpMyAdmin/server_privileges.php,v +retrieving revision 2.40 +retrieving revision 2.42 +diff -u -r2.40 -r2.42 +--- phpmyadmin/phpMyAdmin/server_privileges.php 2004/11/21 13:11:26 2.40 ++++ phpmyadmin/phpMyAdmin/server_privileges.php 2005/02/18 02:57:30 2.42 +@@ -1,5 +1,5 @@ + <?php +-/* $Id: 2.6.1_p2-no-wildcard-privs-for-you.patch,v 1.1 2005/03/02 14:48:45 ka0ttic Exp $ */ ++/* $Id: 2.6.1_p2-no-wildcard-privs-for-you.patch,v 1.1 2005/03/02 14:48:45 ka0ttic Exp $ */ + // vim: expandtab sw=4 ts=4 sts=4: + + /** +@@ -490,6 +490,22 @@ + . (empty($thishost) ? '' : 'else if (this.value == \'thishost\') { hostname.value = \'' . addslashes(htmlspecialchars($thishost)) . '\'; } ') + . 'else if (this.value == \'hosttable\') { hostname.value = \'\'; } else if (this.value == \'userdefined\') { hostname.focus(); hostname.select(); }">' . "\n"; + unset($row); ++ ++ // when we start editing a user, $GLOBALS['pred_hostname'] is not defined ++ if (!isset($GLOBALS['pred_hostname']) && isset($GLOBALS['hostname'])) { ++ switch (strtolower($GLOBALS['hostname'])) { ++ case 'localhost': ++ case '127.0.0.1': ++ $GLOBALS['pred_hostname'] = 'localhost'; ++ break; ++ case '%': ++ $GLOBALS['pred_hostname'] = 'any'; ++ break; ++ default: ++ $GLOBALS['pred_hostname'] = 'userdefined'; ++ break; ++ } ++ } + echo $spaces . ' <option value="any"' . ((isset($GLOBALS['pred_hostname']) && $GLOBALS['pred_hostname'] == 'any') ? ' selected="selected"' : '') . '>' . $GLOBALS['strAnyHost'] . '</option>' . "\n" + . $spaces . ' <option value="localhost"' . ((isset($GLOBALS['pred_hostname']) && $GLOBALS['pred_hostname'] == 'localhost') ? ' selected="selected"' : '') . '>' . $GLOBALS['strLocalhost'] . '</option>' . "\n"; + if (!empty($thishost)) { +@@ -713,18 +729,33 @@ + // escaping a wildcard character in a GRANT is only accepted at the global + // or database level, not at table level; this is why I remove + // the escaping character +- // Note: in the Database-specific privileges, we will have for example ++ // Note: in the phpMyAdmin list of Database-specific privileges, ++ // we will have for example + // test\_db SELECT (this one is for privileges on a db level) + // test_db USAGE (this one is for table-specific privileges) + // +- // It looks curious but reflects IMO the way MySQL works ++ // It looks curious but reflects the way MySQL works ++ ++ if (empty($dbname)) { ++ $db_and_table = '*.*'; ++ } else { ++ if (!empty($tablename)) { ++ $db_and_table = str_replace('\\','',PMA_backquote($dbname)) ++ . '.' . PMA_backquote($tablename); ++ } else { ++ // do not remove the escaping character when working at db level ++ $db_and_table = PMA_backquote($dbname) ++ . '.*'; ++ } ++ } ++ + +- $db_and_table = empty($dbname) ? '*.*' : str_replace('\\','',PMA_backquote($dbname)) . '.' . (empty($tablename) ? '*' : PMA_backquote($tablename)); + $sql_query0 = 'REVOKE ALL PRIVILEGES ON ' . $db_and_table . ' FROM \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\';'; + if (!isset($Grant_priv) || $Grant_priv != 'Y') { + $sql_query1 = 'REVOKE GRANT OPTION ON ' . $db_and_table . ' FROM \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\';'; + } + $sql_query2 = 'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON ' . $db_and_table . ' TO \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\''; ++ + if ((isset($Grant_priv) && $Grant_priv == 'Y') || (empty($dbname) && PMA_MYSQL_INT_VERSION >= 40002 && (isset($max_questions) || isset($max_connections) || isset($max_updates)))) { + $sql_query2 .= 'WITH'; + if (isset($Grant_priv) && $Grant_priv == 'Y') { diff --git a/dev-db/phpmyadmin/files/digest-phpmyadmin-2.6.1_p2-r1 b/dev-db/phpmyadmin/files/digest-phpmyadmin-2.6.1_p2-r1 new file mode 100644 index 000000000000..f8fec6e3ca1a --- /dev/null +++ b/dev-db/phpmyadmin/files/digest-phpmyadmin-2.6.1_p2-r1 @@ -0,0 +1 @@ +MD5 787feeebe16ef7ab43e75e4046550da2 phpMyAdmin-2.6.1-pl2.tar.bz2 1541665 diff --git a/dev-db/phpmyadmin/phpmyadmin-2.6.1_p2-r1.ebuild b/dev-db/phpmyadmin/phpmyadmin-2.6.1_p2-r1.ebuild new file mode 100644 index 000000000000..d3805ef210d0 --- /dev/null +++ b/dev-db/phpmyadmin/phpmyadmin-2.6.1_p2-r1.ebuild @@ -0,0 +1,98 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/dev-db/phpmyadmin/phpmyadmin-2.6.1_p2-r1.ebuild,v 1.1 2005/03/02 14:48:45 ka0ttic Exp $ + +inherit eutils webapp + +MY_PV=${PV/_p/-pl} +MY_PV=${MY_PV/_rc/-rc} +MY_P=phpMyAdmin-${MY_PV} +DESCRIPTION="Web-based administration for MySQL database in PHP" +HOMEPAGE="http://www.phpmyadmin.net/" +SRC_URI="mirror://sourceforge/${PN}/${MY_P}.tar.bz2" +LICENSE="GPL-2" +KEYWORDS="~alpha ~ppc ~hppa ~sparc x86 ~amd64 ~mips" +IUSE="" +DEPEND=">=net-www/apache-1.3 + >=dev-db/mysql-3.23.32 <dev-db/mysql-5.1 + virtual/php + sys-apps/findutils + !<=dev-db/phpmyadmin-2.5.6" +S=${WORKDIR}/${MY_P} + +src_unpack() { + unpack ${A} + cd ${S} + epatch ${FILESDIR}/config.inc.php-2.5.6.patch + + # security bug #83792 + epatch ${FILESDIR}/${PV}-no-wildcard-privs-for-you.patch + + # Remove .cvs* files and CVS directories + find ${S} -name .cvs\* -or \( -type d -name CVS -prune \) | xargs rm -rf +} + +src_compile() { + einfo "Setting random user/password details for the controluser" + + local pmapass="${RANDOM}${RANDOM}${RANDOM}${RANDOM}" + mv config.inc.php ${T}/config.inc.php + sed -e "s/@pmapass@/${pmapass}/g" \ + ${T}/config.inc.php > config.inc.php + sed -e "s/@pmapass@/${pmapass}/g" \ + ${FILESDIR}/mysql-setup.sql.in-2.5.6 > ${T}/mysql-setup.sql +} + +src_install() { + webapp_src_preinst + + local docs="ANNOUNCE.txt CREDITS Documentation.txt RELEASE-DATE-${PV} TODO ChangeLog LICENSE README" + + # install the SQL scripts available to us + # + # unfortunately, we do not have scripts to upgrade from older versions + # these are things we need to add at a later date + + webapp_sqlscript mysql ${T}/mysql-setup.sql + + # handle documentation files + # + # NOTE that doc files go into /usr/share/doc as normal; they do NOT + # get installed per vhost! + + dodoc ${docs} + for doc in ${docs} INSTALL; do + rm -f ${doc} + done + + # Copy the app's main files + + einfo "Installing main files" + cp -r . ${D}${MY_HTDOCSDIR} + + # Identify the configuration files that this app uses + + webapp_configfile ${MY_HTDOCSDIR}/config.inc.php + + # Identify any script files that need #! headers adding to run under + # a CGI script (such as PHP/CGI) + # + # for phpmyadmin, we *assume* that all .php files that don't end in + # .inc.php need to have CGI/BIN support added + + for x in `find . -name '*.php' -print | grep -v 'inc.php'` ; do + webapp_runbycgibin php ${MY_HTDOCSDIR}/$x + done + + # there are no files which need to be owned by the web server + + # add the post-installation instructions + + webapp_postinst_txt en ${FILESDIR}/postinstall-en.txt + + # all done + # + # now we let the eclass strut its stuff ;-) + + webapp_src_install +} |