Security update to 4.2.7.1, I double checked Mysql version requirements, it seems that in certain cases phpmyadmin is not able to correctly restore data with MySQL < 5.5 (http://sourceforge.net/p/phpmyadmin/bugs/4437/); anyway I think that it would be better to update phpmyadmin to latest version that to backport php code to 4.2.2. Opinions ? Cheers Giovanni
Index: Makefile =================================================================== RCS file: /var/cvs/ports/www/phpmyadmin/Makefile,v retrieving revision 1.105 diff -u -p -r1.105 Makefile --- Makefile 3 Jul 2014 13:13:59 -0000 1.105 +++ Makefile 25 Aug 2014 16:23:26 -0000 @@ -2,8 +2,7 @@ COMMENT= tool to handle the administration of MySQL over the web -V= 4.2.2 -REVISION= 1 +V= 4.2.7.1 PKGNAME= phpMyAdmin-$V DISTNAME= phpMyAdmin-$V-all-languages Index: distinfo =================================================================== RCS file: /var/cvs/ports/www/phpmyadmin/distinfo,v retrieving revision 1.89 diff -u -p -r1.89 distinfo --- distinfo 13 Jun 2014 17:01:36 -0000 1.89 +++ distinfo 25 Aug 2014 16:24:09 -0000 @@ -1,2 +1,2 @@ -SHA256 (phpMyAdmin-4.2.2-all-languages.tar.gz) = sn5nEptYo3HLIrCX/aYzT9JaWS0QKfxbPkD92FNaSEU= -SIZE (phpMyAdmin-4.2.2-all-languages.tar.gz) = 8589833 +SHA256 (phpMyAdmin-4.2.7.1-all-languages.tar.gz) = lYA5HeA9vruqMxYihiY/tjo0ooE1dEKvB+6TBOaaoqU= +SIZE (phpMyAdmin-4.2.7.1-all-languages.tar.gz) = 8517774 Index: patches/patch-js_error_report_js =================================================================== RCS file: patches/patch-js_error_report_js diff -N patches/patch-js_error_report_js --- patches/patch-js_error_report_js 13 Jun 2014 17:01:36 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,15 +0,0 @@ -$OpenBSD: patch-js_error_report_js,v 1.1 2014/06/13 17:01:36 giovanni Exp $ -Error "token mismatch" when a new user is created on a remote -database. -http://sourceforge.net/p/phpmyadmin/bugs/3893/ - ---- js/error_report.js.orig Fri Jun 13 17:45:51 2014 -+++ js/error_report.js Fri Jun 13 17:47:18 2014 -@@ -21,6 +21,7 @@ var ErrorReport = { - ErrorReport._last_exception = exception; - $.get("error_report.php", { - ajax_request: true, -+ server: PMA_commonParams.get('server'), - token: PMA_commonParams.get('token'), - get_settings: true - }, function (data) { Index: patches/patch-js_server_privileges_js =================================================================== RCS file: patches/patch-js_server_privileges_js diff -N patches/patch-js_server_privileges_js --- patches/patch-js_server_privileges_js 13 Jun 2014 17:01:36 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,15 +0,0 @@ -$OpenBSD: patch-js_server_privileges_js,v 1.1 2014/06/13 17:01:36 giovanni Exp $ -Error "token mismatch" when a new user is created on a remote -database. -http://sourceforge.net/p/phpmyadmin/bugs/3893/ - ---- js/server_privileges.js.orig Fri Jun 13 17:45:36 2014 -+++ js/server_privileges.js Fri Jun 13 17:46:48 2014 -@@ -192,6 +192,7 @@ AJAX.registerOnload('server_privileges.js', function ( - var href = $("form[name='usersForm']").attr('action'); - var params = { - 'ajax_request' : true, -+ 'server' : PMA_commonParams.get('server'), - 'token' : PMA_commonParams.get('token'), - 'validate_username' : true, - 'username' : username Index: patches/patch-libraries_RecentFavoriteTable_class_php =================================================================== RCS file: patches/patch-libraries_RecentFavoriteTable_class_php diff -N patches/patch-libraries_RecentFavoriteTable_class_php --- patches/patch-libraries_RecentFavoriteTable_class_php 3 Jul 2014 13:13:59 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,67 +0,0 @@ -$OpenBSD: patch-libraries_RecentFavoriteTable_class_php,v 1.1 2014/07/03 13:13:59 giovanni Exp $ -fix for CVE-2014-4348 ---- libraries/RecentFavoriteTable.class.php.orig Thu Jun 26 11:22:05 2014 -+++ libraries/RecentFavoriteTable.class.php Thu Jun 26 11:30:44 2014 -@@ -203,36 +203,46 @@ class PMA_RecentFavoriteTable - if ($this->_tableType == 'recent') { - foreach ($this->_tables as $table) { - $html .= '<li class="warp_link">'; -- $html .= '<a href="sql.php?server=' . $GLOBALS['server'] -- . '&db=' . $table['db'] -- . '&table=' . $table['table'] -- . '&token=' . $_SESSION[' PMA_token '] -- . '">`' . $table['db'] . '`.`' . $table['table'] . '`</a>'; -+ $recent_params = array( -+ 'db' => $table['db'], -+ 'table' => $table['table'] -+ ); -+ $recent_url = 'sql.php' -+ . PMA_URL_getCommon($recent_params); -+ $html .= '<a href="' . $recent_url . '">`' -+ . htmlspecialchars($table['db']) . '`.`' -+ . htmlspecialchars($table['table']) . '`</a>'; - $html .= '</li>'; - } - } else { - foreach ($this->_tables as $table) { - $html .= '<li class="warp_link">'; - -- $html .= '<a class="ajax favorite_table_anchor"'; -- $fav_params = array('db' => $table['db'], -- 'ajax_request' => true, -- 'favorite_table' => $table['table'], -- 'remove_favorite' => true); -+ $html .= '<a class="ajax favorite_table_anchor" '; -+ $fav_params = array( -+ 'db' => $table['db'], -+ 'ajax_request' => true, -+ 'favorite_table' => $table['table'], -+ 'remove_favorite' => true -+ ); - $fav_rm_url = 'db_structure.php' - . PMA_URL_getCommon($fav_params); - $html .= 'href="' . $fav_rm_url - . '" title="' . __("Remove from Favorites") -- . '" data-favtargetn="' . $table['db'] . "." . $table['table'] -+ . '" data-favtargetn="' . md5($table['db'] . "." . $table['table']) - . '" >' - . PMA_Util::getIcon('b_favorite.png') - . '</a>'; - -- $html .= '<a href="sql.php?server=' . $GLOBALS['server'] -- . '&db=' . $table['db'] -- . '&table=' . $table['table'] -- . '&token=' . $_SESSION[' PMA_token '] -- . '">`' . $table['db'] . '`.`' . $table['table'] . '`</a>'; -+ $fav_params = array( -+ 'db' => $table['db'], -+ 'table' => $table['table'] -+ ); -+ $table_url = 'sql.php' -+ . PMA_URL_getCommon($fav_params); -+ $html .= '<a href="' . $table_url . '">`' -+ . htmlspecialchars($table['db']) . '`.`' -+ . htmlspecialchars($table['table']) . '`</a>'; - $html .= '</li>'; - } - } Index: patches/patch-libraries_common_inc_php =================================================================== RCS file: patches/patch-libraries_common_inc_php diff -N patches/patch-libraries_common_inc_php --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-libraries_common_inc_php 25 Aug 2014 16:30:03 -0000 @@ -0,0 +1,16 @@ +$OpenBSD$ +--- libraries/common.inc.php.orig Mon Aug 25 18:29:12 2014 ++++ libraries/common.inc.php Mon Aug 25 18:29:45 2014 +@@ -991,10 +991,10 @@ if (! defined('PMA_MINIMUM_COMMON')) { + /* Log success */ + PMA_logUser($cfg['Server']['user']); + +- if (PMA_MYSQL_INT_VERSION < 50500) { ++ if (PMA_MYSQL_INT_VERSION < 50015) { + PMA_fatalError( + __('You should upgrade to %s %s or later.'), +- array('MySQL', '5.5.0') ++ array('MySQL', '5.0.15') + ); + } + Index: patches/patch-libraries_navigation_Navigation_class_php =================================================================== RCS file: patches/patch-libraries_navigation_Navigation_class_php diff -N patches/patch-libraries_navigation_Navigation_class_php --- patches/patch-libraries_navigation_Navigation_class_php 3 Jul 2014 13:13:59 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,17 +0,0 @@ -$OpenBSD: patch-libraries_navigation_Navigation_class_php,v 1.1 2014/07/03 13:13:59 giovanni Exp $ -Fix for CVE-2014-4349 ---- libraries/navigation/Navigation.class.php.orig Wed Jul 2 12:52:09 2014 -+++ libraries/navigation/Navigation.class.php Wed Jul 2 12:52:50 2014 -@@ -189,9 +189,9 @@ class PMA_Navigation - $html .= '<td style="width:80px"><a href="navigation.php?' - . PMA_URL_getCommon() - . '&unhideNavItem=true' -- . '&itemType=' . $t -- . '&itemName=' . urldecode($hiddenItem) -- . '&dbName=' . urldecode($dbName) . '"' -+ . '&itemType=' . urlencode($t) -+ . '&itemName=' . urlencode($hiddenItem) -+ . '&dbName=' . urlencode($dbName) . '"' - . ' class="unhideNavItem ajax">' - . PMA_Util::getIcon('lightbulb.png', __('Show')) - . '</a></td>'; Index: patches/patch-libraries_navigation_Nodes_Node_DatabaseChild_class_php =================================================================== RCS file: patches/patch-libraries_navigation_Nodes_Node_DatabaseChild_class_php diff -N patches/patch-libraries_navigation_Nodes_Node_DatabaseChild_class_php --- patches/patch-libraries_navigation_Nodes_Node_DatabaseChild_class_php 3 Jul 2014 13:13:59 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,17 +0,0 @@ -$OpenBSD: patch-libraries_navigation_Nodes_Node_DatabaseChild_class_php,v 1.1 2014/07/03 13:13:59 giovanni Exp $ -Fix for CVE-2014-4349 ---- libraries/navigation/Nodes/Node_DatabaseChild.class.php.orig Wed Jul 2 12:53:08 2014 -+++ libraries/navigation/Nodes/Node_DatabaseChild.class.php Wed Jul 2 12:53:31 2014 -@@ -32,9 +32,9 @@ abstract class Node_DatabaseChild extends Node - . '<a href="navigation.php?' - . PMA_URL_getCommon() - . '&hideNavItem=true' -- . '&itemType=' . urldecode($this->getItemType()) -- . '&itemName=' . urldecode($item) -- . '&dbName=' . urldecode($db) . '"' -+ . '&itemType=' . urlencode($this->getItemType()) -+ . '&itemName=' . urlencode($item) -+ . '&dbName=' . urlencode($db) . '"' - . ' class="hideNavItem ajax">' - . PMA_Util::getImage('lightbulb_off.png', __('Hide')) - . '</a></span>'; Index: patches/patch-libraries_structure_lib_php =================================================================== RCS file: patches/patch-libraries_structure_lib_php diff -N patches/patch-libraries_structure_lib_php --- patches/patch-libraries_structure_lib_php 3 Jul 2014 13:13:59 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,25 +0,0 @@ -$OpenBSD: patch-libraries_structure_lib_php,v 1.1 2014/07/03 13:13:59 giovanni Exp $ -Fix for CVE-2014-4348 ---- libraries/structure.lib.php.orig Thu Jun 26 11:25:45 2014 -+++ libraries/structure.lib.php Thu Jun 26 11:27:54 2014 -@@ -2735,9 +2735,8 @@ function PMA_checkFavoriteTable($db, $current_table) - function PMA_getHtmlForFavoriteAnchor($db, $current_table, $titles) - { - $html_output = '<a '; -- $html_output .= 'id="' . preg_replace( -- '/\s+/', '', $current_table['TABLE_NAME'] -- ) . '_favorite_anchor" '; -+ $html_output .= 'id="' . md5($current_table['TABLE_NAME']) -+ . '_favorite_anchor" '; - $html_output .= 'class="ajax favorite_table_anchor'; - - // Check if current table is already in favorite list. -@@ -2751,7 +2750,7 @@ function PMA_getHtmlForFavoriteAnchor($db, $current_ta - $html_output .= 'href="' . $fav_url - . '" title="' . ($already_favorite ? __("Remove from Favorites") - : __("Add to Favorites")) -- . '" data-favtargets="' . $db . "." . $current_table['TABLE_NAME'] -+ . '" data-favtargets="' . md5($db . "." . $current_table['TABLE_NAME']) - . '" >' - . (!$already_favorite ? $titles['NoFavorite'] - : $titles['Favorite']) . '</a>'; Index: pkg/PLIST =================================================================== RCS file: /var/cvs/ports/www/phpmyadmin/pkg/PLIST,v retrieving revision 1.53 diff -u -p -r1.53 PLIST --- pkg/PLIST 16 May 2014 15:32:30 -0000 1.53 +++ pkg/PLIST 25 Aug 2014 16:33:37 -0000 @@ -162,7 +162,6 @@ phpMyAdmin/js/codemirror/lib/codemirror. phpMyAdmin/js/codemirror/mode/ phpMyAdmin/js/codemirror/mode/sql/ phpMyAdmin/js/codemirror/mode/sql/sql.js -phpMyAdmin/js/columndelete.js phpMyAdmin/js/common.js phpMyAdmin/js/config.js phpMyAdmin/js/cross_framing_protection.js @@ -279,6 +278,7 @@ phpMyAdmin/js/keyhandler.js phpMyAdmin/js/line_counts.php phpMyAdmin/js/makegrid.js phpMyAdmin/js/messages.php +phpMyAdmin/js/multi_column_sort.js phpMyAdmin/js/navigation.js phpMyAdmin/js/openlayers/ phpMyAdmin/js/openlayers/OpenLayers.js @@ -1100,6 +1100,9 @@ phpMyAdmin/locale/ phpMyAdmin/locale/ar/ phpMyAdmin/locale/ar/LC_MESSAGES/ phpMyAdmin/locale/ar/LC_MESSAGES/phpmyadmin.mo +phpMyAdmin/locale/az/ +phpMyAdmin/locale/az/LC_MESSAGES/ +phpMyAdmin/locale/az/LC_MESSAGES/phpmyadmin.mo phpMyAdmin/locale/bg/ phpMyAdmin/locale/bg/LC_MESSAGES/ phpMyAdmin/locale/bg/LC_MESSAGES/phpmyadmin.mo @@ -1418,6 +1421,7 @@ phpMyAdmin/themes/original/img/pause.png phpMyAdmin/themes/original/img/play.png phpMyAdmin/themes/original/img/s_asc.png phpMyAdmin/themes/original/img/s_asci.png +phpMyAdmin/themes/original/img/s_attention.png phpMyAdmin/themes/original/img/s_cancel.png phpMyAdmin/themes/original/img/s_cog.png phpMyAdmin/themes/original/img/s_db.png
