summaryrefslogtreecommitdiff
path: root/dev-db
diff options
context:
space:
mode:
authorAaron Walker <ka0ttic@gentoo.org>2005-03-02 14:48:45 +0000
committerAaron Walker <ka0ttic@gentoo.org>2005-03-02 14:48:45 +0000
commitd82f9618e7fa9ff92a7e608633290b85bb21fb6f (patch)
treef29d2f4809a28be890afb391744a779d24c721ff /dev-db
parentUpdated to 1.0.18 release. (diff)
downloadgentoo-2-d82f9618e7fa9ff92a7e608633290b85bb21fb6f.tar.gz
gentoo-2-d82f9618e7fa9ff92a7e608633290b85bb21fb6f.tar.bz2
gentoo-2-d82f9618e7fa9ff92a7e608633290b85bb21fb6f.zip
Revision bump for security bug 83792.
(Portage version: 2.0.51.18)
Diffstat (limited to 'dev-db')
-rw-r--r--dev-db/phpmyadmin/ChangeLog9
-rw-r--r--dev-db/phpmyadmin/Manifest27
-rw-r--r--dev-db/phpmyadmin/files/2.6.1_p2-no-wildcard-privs-for-you.patch74
-rw-r--r--dev-db/phpmyadmin/files/digest-phpmyadmin-2.6.1_p2-r11
-rw-r--r--dev-db/phpmyadmin/phpmyadmin-2.6.1_p2-r1.ebuild98
5 files changed, 191 insertions, 18 deletions
diff --git a/dev-db/phpmyadmin/ChangeLog b/dev-db/phpmyadmin/ChangeLog
index 10ee31c0646f..048b7222007f 100644
--- a/dev-db/phpmyadmin/ChangeLog
+++ b/dev-db/phpmyadmin/ChangeLog
@@ -1,6 +1,13 @@
# ChangeLog for dev-db/phpmyadmin
# Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-db/phpmyadmin/ChangeLog,v 1.87 2005/03/01 18:24:11 kloeri Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-db/phpmyadmin/ChangeLog,v 1.88 2005/03/02 14:48:45 ka0ttic Exp $
+
+*phpmyadmin-2.6.1_p2-r1 (02 Mar 2005)
+
+ 02 Mar 2005; Aaron Walker <ka0ttic@gentoo.org>
+ +files/2.6.1_p2-no-wildcard-privs-for-you.patch,
+ +phpmyadmin-2.6.1_p2-r1.ebuild:
+ Revision bump for security bug 83792.
01 Mar 2005; Bryan Østergaard <kloeri@gentoo.org>
phpmyadmin-2.6.1_p2.ebuild:
diff --git a/dev-db/phpmyadmin/Manifest b/dev-db/phpmyadmin/Manifest
index af6b933c6408..de88529b05e4 100644
--- a/dev-db/phpmyadmin/Manifest
+++ b/dev-db/phpmyadmin/Manifest
@@ -1,23 +1,16 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
+MD5 8953a4dca66a41467a427449f47ea16e phpmyadmin-2.6.1_p2.ebuild 2599
MD5 3a33dda459f41b062d86576003c1e0ec phpmyadmin-2.6.1.ebuild 2595
-MD5 bccae1a2684d75a564d84b2fc38af47c ChangeLog 12126
MD5 d0ac5e24e09567b4888c6ee2fbd88b3e phpmyadmin-2.6.1_rc1.ebuild 2593
+MD5 c3fc2aaa40ee4048c6c20654c62a9840 phpmyadmin-2.6.1_p2-r1.ebuild 2685
+MD5 08e76522b9e7aa2f5e010fed2c65d193 ChangeLog 12340
MD5 d992d28bec4a3bfd72b441145091a58e metadata.xml 244
-MD5 8953a4dca66a41467a427449f47ea16e phpmyadmin-2.6.1_p2.ebuild 2599
-MD5 c6a79ab6f3c9e6d657a5bee36b1f6565 files/phpmyadmin-config.patch 4857
-MD5 85a86432c3f64acb068a7d2cfab311a9 files/config.inc.php-2.5.6.patch 5525
-MD5 1a6c1907f5c2327b00453d7675c13178 files/mysql-setup.sql.in-2.5.6 3231
-MD5 c4e16f440d397574f36ec04130d54ba0 files/digest-phpmyadmin-2.6.1 70
MD5 22a63a92c01eef5a268311e15594367b files/digest-phpmyadmin-2.6.1_p2 74
-MD5 396133c1da8d8b716ad2da23aa0a5a30 files/phpmyadmin-mysql-setup.sql.in 2712
MD5 4badbcc4cd669e6f934d5c993ff9ae4e files/digest-phpmyadmin-2.6.1_rc1 74
+MD5 c4e16f440d397574f36ec04130d54ba0 files/digest-phpmyadmin-2.6.1 70
MD5 56dcb2efb84915a521c18a004f96d37c files/postinstall-en.txt 506
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.0 (GNU/Linux)
-
-iD8DBQFCJLNhugEuf3OQ0akRAvO+AJsGXMNC3iC+jvBYeozL4gdSv4nJDgCeNduP
-g1qpG1K1TEJV2pFOUp7brZQ=
-=SQIE
------END PGP SIGNATURE-----
+MD5 85a86432c3f64acb068a7d2cfab311a9 files/config.inc.php-2.5.6.patch 5525
+MD5 c6a79ab6f3c9e6d657a5bee36b1f6565 files/phpmyadmin-config.patch 4857
+MD5 74f9155acb148d4c41be263c6e1c25cb files/2.6.1_p2-no-wildcard-privs-for-you.patch 4005
+MD5 22a63a92c01eef5a268311e15594367b files/digest-phpmyadmin-2.6.1_p2-r1 74
+MD5 396133c1da8d8b716ad2da23aa0a5a30 files/phpmyadmin-mysql-setup.sql.in 2712
+MD5 1a6c1907f5c2327b00453d7675c13178 files/mysql-setup.sql.in-2.5.6 3231
diff --git a/dev-db/phpmyadmin/files/2.6.1_p2-no-wildcard-privs-for-you.patch b/dev-db/phpmyadmin/files/2.6.1_p2-no-wildcard-privs-for-you.patch
new file mode 100644
index 000000000000..4828337d7447
--- /dev/null
+++ b/dev-db/phpmyadmin/files/2.6.1_p2-no-wildcard-privs-for-you.patch
@@ -0,0 +1,74 @@
+===================================================================
+RCS file: /cvsroot/phpmyadmin/phpMyAdmin/server_privileges.php,v
+retrieving revision 2.40
+retrieving revision 2.42
+diff -u -r2.40 -r2.42
+--- phpmyadmin/phpMyAdmin/server_privileges.php 2004/11/21 13:11:26 2.40
++++ phpmyadmin/phpMyAdmin/server_privileges.php 2005/02/18 02:57:30 2.42
+@@ -1,5 +1,5 @@
+ <?php
+-/* $Id: 2.6.1_p2-no-wildcard-privs-for-you.patch,v 1.1 2005/03/02 14:48:45 ka0ttic Exp $ */
++/* $Id: 2.6.1_p2-no-wildcard-privs-for-you.patch,v 1.1 2005/03/02 14:48:45 ka0ttic Exp $ */
+ // vim: expandtab sw=4 ts=4 sts=4:
+
+ /**
+@@ -490,6 +490,22 @@
+ . (empty($thishost) ? '' : 'else if (this.value == \'thishost\') { hostname.value = \'' . addslashes(htmlspecialchars($thishost)) . '\'; } ')
+ . 'else if (this.value == \'hosttable\') { hostname.value = \'\'; } else if (this.value == \'userdefined\') { hostname.focus(); hostname.select(); }">' . "\n";
+ unset($row);
++
++ // when we start editing a user, $GLOBALS['pred_hostname'] is not defined
++ if (!isset($GLOBALS['pred_hostname']) && isset($GLOBALS['hostname'])) {
++ switch (strtolower($GLOBALS['hostname'])) {
++ case 'localhost':
++ case '127.0.0.1':
++ $GLOBALS['pred_hostname'] = 'localhost';
++ break;
++ case '%':
++ $GLOBALS['pred_hostname'] = 'any';
++ break;
++ default:
++ $GLOBALS['pred_hostname'] = 'userdefined';
++ break;
++ }
++ }
+ echo $spaces . ' <option value="any"' . ((isset($GLOBALS['pred_hostname']) && $GLOBALS['pred_hostname'] == 'any') ? ' selected="selected"' : '') . '>' . $GLOBALS['strAnyHost'] . '</option>' . "\n"
+ . $spaces . ' <option value="localhost"' . ((isset($GLOBALS['pred_hostname']) && $GLOBALS['pred_hostname'] == 'localhost') ? ' selected="selected"' : '') . '>' . $GLOBALS['strLocalhost'] . '</option>' . "\n";
+ if (!empty($thishost)) {
+@@ -713,18 +729,33 @@
+ // escaping a wildcard character in a GRANT is only accepted at the global
+ // or database level, not at table level; this is why I remove
+ // the escaping character
+- // Note: in the Database-specific privileges, we will have for example
++ // Note: in the phpMyAdmin list of Database-specific privileges,
++ // we will have for example
+ // test\_db SELECT (this one is for privileges on a db level)
+ // test_db USAGE (this one is for table-specific privileges)
+ //
+- // It looks curious but reflects IMO the way MySQL works
++ // It looks curious but reflects the way MySQL works
++
++ if (empty($dbname)) {
++ $db_and_table = '*.*';
++ } else {
++ if (!empty($tablename)) {
++ $db_and_table = str_replace('\\','',PMA_backquote($dbname))
++ . '.' . PMA_backquote($tablename);
++ } else {
++ // do not remove the escaping character when working at db level
++ $db_and_table = PMA_backquote($dbname)
++ . '.*';
++ }
++ }
++
+
+- $db_and_table = empty($dbname) ? '*.*' : str_replace('\\','',PMA_backquote($dbname)) . '.' . (empty($tablename) ? '*' : PMA_backquote($tablename));
+ $sql_query0 = 'REVOKE ALL PRIVILEGES ON ' . $db_and_table . ' FROM \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\';';
+ if (!isset($Grant_priv) || $Grant_priv != 'Y') {
+ $sql_query1 = 'REVOKE GRANT OPTION ON ' . $db_and_table . ' FROM \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\';';
+ }
+ $sql_query2 = 'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON ' . $db_and_table . ' TO \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\'';
++
+ if ((isset($Grant_priv) && $Grant_priv == 'Y') || (empty($dbname) && PMA_MYSQL_INT_VERSION >= 40002 && (isset($max_questions) || isset($max_connections) || isset($max_updates)))) {
+ $sql_query2 .= 'WITH';
+ if (isset($Grant_priv) && $Grant_priv == 'Y') {
diff --git a/dev-db/phpmyadmin/files/digest-phpmyadmin-2.6.1_p2-r1 b/dev-db/phpmyadmin/files/digest-phpmyadmin-2.6.1_p2-r1
new file mode 100644
index 000000000000..f8fec6e3ca1a
--- /dev/null
+++ b/dev-db/phpmyadmin/files/digest-phpmyadmin-2.6.1_p2-r1
@@ -0,0 +1 @@
+MD5 787feeebe16ef7ab43e75e4046550da2 phpMyAdmin-2.6.1-pl2.tar.bz2 1541665
diff --git a/dev-db/phpmyadmin/phpmyadmin-2.6.1_p2-r1.ebuild b/dev-db/phpmyadmin/phpmyadmin-2.6.1_p2-r1.ebuild
new file mode 100644
index 000000000000..d3805ef210d0
--- /dev/null
+++ b/dev-db/phpmyadmin/phpmyadmin-2.6.1_p2-r1.ebuild
@@ -0,0 +1,98 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-db/phpmyadmin/phpmyadmin-2.6.1_p2-r1.ebuild,v 1.1 2005/03/02 14:48:45 ka0ttic Exp $
+
+inherit eutils webapp
+
+MY_PV=${PV/_p/-pl}
+MY_PV=${MY_PV/_rc/-rc}
+MY_P=phpMyAdmin-${MY_PV}
+DESCRIPTION="Web-based administration for MySQL database in PHP"
+HOMEPAGE="http://www.phpmyadmin.net/"
+SRC_URI="mirror://sourceforge/${PN}/${MY_P}.tar.bz2"
+LICENSE="GPL-2"
+KEYWORDS="~alpha ~ppc ~hppa ~sparc x86 ~amd64 ~mips"
+IUSE=""
+DEPEND=">=net-www/apache-1.3
+ >=dev-db/mysql-3.23.32 <dev-db/mysql-5.1
+ virtual/php
+ sys-apps/findutils
+ !<=dev-db/phpmyadmin-2.5.6"
+S=${WORKDIR}/${MY_P}
+
+src_unpack() {
+ unpack ${A}
+ cd ${S}
+ epatch ${FILESDIR}/config.inc.php-2.5.6.patch
+
+ # security bug #83792
+ epatch ${FILESDIR}/${PV}-no-wildcard-privs-for-you.patch
+
+ # Remove .cvs* files and CVS directories
+ find ${S} -name .cvs\* -or \( -type d -name CVS -prune \) | xargs rm -rf
+}
+
+src_compile() {
+ einfo "Setting random user/password details for the controluser"
+
+ local pmapass="${RANDOM}${RANDOM}${RANDOM}${RANDOM}"
+ mv config.inc.php ${T}/config.inc.php
+ sed -e "s/@pmapass@/${pmapass}/g" \
+ ${T}/config.inc.php > config.inc.php
+ sed -e "s/@pmapass@/${pmapass}/g" \
+ ${FILESDIR}/mysql-setup.sql.in-2.5.6 > ${T}/mysql-setup.sql
+}
+
+src_install() {
+ webapp_src_preinst
+
+ local docs="ANNOUNCE.txt CREDITS Documentation.txt RELEASE-DATE-${PV} TODO ChangeLog LICENSE README"
+
+ # install the SQL scripts available to us
+ #
+ # unfortunately, we do not have scripts to upgrade from older versions
+ # these are things we need to add at a later date
+
+ webapp_sqlscript mysql ${T}/mysql-setup.sql
+
+ # handle documentation files
+ #
+ # NOTE that doc files go into /usr/share/doc as normal; they do NOT
+ # get installed per vhost!
+
+ dodoc ${docs}
+ for doc in ${docs} INSTALL; do
+ rm -f ${doc}
+ done
+
+ # Copy the app's main files
+
+ einfo "Installing main files"
+ cp -r . ${D}${MY_HTDOCSDIR}
+
+ # Identify the configuration files that this app uses
+
+ webapp_configfile ${MY_HTDOCSDIR}/config.inc.php
+
+ # Identify any script files that need #! headers adding to run under
+ # a CGI script (such as PHP/CGI)
+ #
+ # for phpmyadmin, we *assume* that all .php files that don't end in
+ # .inc.php need to have CGI/BIN support added
+
+ for x in `find . -name '*.php' -print | grep -v 'inc.php'` ; do
+ webapp_runbycgibin php ${MY_HTDOCSDIR}/$x
+ done
+
+ # there are no files which need to be owned by the web server
+
+ # add the post-installation instructions
+
+ webapp_postinst_txt en ${FILESDIR}/postinstall-en.txt
+
+ # all done
+ #
+ # now we let the eclass strut its stuff ;-)
+
+ webapp_src_install
+}