diff options
author | Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> | 2020-03-24 15:05:09 +0000 |
---|---|---|
committer | Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> | 2020-03-24 15:05:09 +0000 |
commit | 2f792e1787303bdb871267f8e9fbf75d7085d893 (patch) | |
tree | 2b873ff93565548e3bb14d5dbe6de2615e5576c9 | |
parent | www-apps/drupal: Drop vulnerable releases. (diff) | |
download | jmbsvicetto-2f792e1787303bdb871267f8e9fbf75d7085d893.tar.gz jmbsvicetto-2f792e1787303bdb871267f8e9fbf75d7085d893.tar.bz2 jmbsvicetto-2f792e1787303bdb871267f8e9fbf75d7085d893.zip |
dev-db/phpmyadmin: Security bump - CVE-2020-{10802,10803,10804} PMASA-2020-{3,4,2}
Add 4.9.5 and 5.0.2 releases to address the following security advisories.
PMASA-2020-2: SQL injection vulnerability in the user accounts page, particularly when changing a password
PMASA-2020-3: SQL injection vulnerability relating to the search feature
PMASA-2020-4: SQL injection and XSS having to do with displaying results
Bug: https://bugs.gentoo.org/714014
Signed-off-by: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>
-rw-r--r-- | dev-db/phpmyadmin/Manifest | 2 | ||||
-rw-r--r-- | dev-db/phpmyadmin/phpmyadmin-4.9.5.ebuild | 61 | ||||
-rw-r--r-- | dev-db/phpmyadmin/phpmyadmin-5.0.2.ebuild | 61 |
3 files changed, 124 insertions, 0 deletions
diff --git a/dev-db/phpmyadmin/Manifest b/dev-db/phpmyadmin/Manifest index c17112e..f5ae20b 100644 --- a/dev-db/phpmyadmin/Manifest +++ b/dev-db/phpmyadmin/Manifest @@ -1,2 +1,4 @@ DIST phpMyAdmin-4.9.4-all-languages.tar.xz 6134852 BLAKE2B 4ba7d4a45a3fb7d84f6b227a2d2fc0ffc530498e74c1c412bbf631ca78ba5c874f9f21220d34e2179666253bde4fa222838962e6c9d48d514cf80c5c8370cee3 SHA512 3ddab59725d59bcbe99457a1717f12b53bbd251f0bfcea1582288abfbb4507e50351e3ed0e76961026b0ad351abc806deed4a97f0fa882b34ee095ef314aaf37 +DIST phpMyAdmin-4.9.5-all-languages.tar.xz 6138948 BLAKE2B 63631e8207d1cfb71a2299752bb10ab55d13f630ee0d913a4ed6bdf0a16320fa72945bc7c8a63e0e705eb45a569c60fffd48c204eabe1b980a33ab93fac7c798 SHA512 555f07f087d8bcddd114df0b86fa21872f14f45c31e0f63eea499e76fdebdfd8abebcc88662887418e80ddebfea73d6aaac17856cf433d1855423b5145865d1a DIST phpMyAdmin-5.0.1-all-languages.tar.xz 8130464 BLAKE2B a4b859c73ece7537db1bc4a14df8c5c8f0ab39106b9e3ccbbc30c1f97fa4dc40617db3b00c432b24aa9865ed45595805fa4b43db92b5794794621d0c7df54f3a SHA512 576323a5e63438fe9e57e6165697c5e03e5291346f3786c84d5d6c4cd6851713cb10b2eed4b0c7e9ab6445dad9b06cbded6c03711fcc2942e999f2b5e7ab446b +DIST phpMyAdmin-5.0.2-all-languages.tar.xz 8018752 BLAKE2B c7ceb9257cacae61a674b986fcdfacbcf8f77e2ec9f31dd0fc679f748d9042301d8a5d37803c0b1c796095c038e8ac9701b7c5e497ee92331aa672f5044de4d4 SHA512 242770cc468ebcb3ec9c57bce16607a258621014513568b1a96cfea1df4786506c3922250c69f87e058dbf0dd69cf37efda1a810ade88c05d5ef37591cc1b225 diff --git a/dev-db/phpmyadmin/phpmyadmin-4.9.5.ebuild b/dev-db/phpmyadmin/phpmyadmin-4.9.5.ebuild new file mode 100644 index 0000000..b44663d --- /dev/null +++ b/dev-db/phpmyadmin/phpmyadmin-4.9.5.ebuild @@ -0,0 +1,61 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit eutils webapp + +MY_PV=${PV/_/-} +MY_PN="phpMyAdmin" +MY_P="${MY_PN}-${MY_PV}-all-languages" + +DESCRIPTION="Web-based administration for MySQL database in PHP" +HOMEPAGE="https://www.phpmyadmin.net/" +SRC_URI="https://files.phpmyadmin.net/${MY_PN}/${MY_PV}/${MY_P}.tar.xz" + +LICENSE="GPL-2" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~ppc-macos ~x64-macos ~x86-macos" +IUSE="setup" + +RDEPEND=" + dev-lang/php[ctype,filter,json,session,unicode] + || ( + dev-lang/php[mysqli] + dev-lang/php[mysql] + ) + virtual/httpd-php:* +" + +need_httpd_cgi + +S="${WORKDIR}"/${MY_P} + +pkg_setup() { + webapp_pkg_setup +} + +src_install() { + webapp_src_preinst + + dodoc README RELEASE-DATE-${MY_PV} ChangeLog + rm -f LICENSE README* RELEASE-DATE-${MY_PV} + + if ! use setup; then + rm -rf setup || die "Cannot remove setup utility" + elog "The phpMyAdmin setup utility has been removed." + elog "It is a regular target of various exploits. If you need it, set USE=setup." + else + elog "You should consider disabling the setup USE flag" + elog "to exclude the setup utility if you don't use it." + elog "It regularly is the target of various exploits." + fi + + insinto "${MY_HTDOCSDIR#${EPREFIX}}" + doins -r . + + webapp_configfile "${MY_HTDOCSDIR#${EPREFIX}}"/libraries/config.default.php + webapp_serverowned "${MY_HTDOCSDIR#${EPREFIX}}"/libraries/config.default.php + + webapp_postinst_txt en "${FILESDIR}"/postinstall-en-3.1.txt + webapp_src_install +} diff --git a/dev-db/phpmyadmin/phpmyadmin-5.0.2.ebuild b/dev-db/phpmyadmin/phpmyadmin-5.0.2.ebuild new file mode 100644 index 0000000..bcfb741 --- /dev/null +++ b/dev-db/phpmyadmin/phpmyadmin-5.0.2.ebuild @@ -0,0 +1,61 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit eutils webapp + +MY_PV=${PV/_/-} +MY_PN="phpMyAdmin" +MY_P="${MY_PN}-${MY_PV}-all-languages" + +DESCRIPTION="Web-based administration for MySQL database in PHP" +HOMEPAGE="https://www.phpmyadmin.net/" +SRC_URI="https://files.phpmyadmin.net/${MY_PN}/${MY_PV}/${MY_P}.tar.xz" + +LICENSE="GPL-2" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~ppc-macos ~x64-macos ~x86-macos" +IUSE="setup" + +RDEPEND=" + >=dev-lang/php-7.1[ctype,filter,json,session,unicode] + || ( + dev-lang/php[mysqli] + dev-lang/php[mysql] + ) + virtual/httpd-php:* +" + +need_httpd_cgi + +S="${WORKDIR}"/${MY_P} + +pkg_setup() { + webapp_pkg_setup +} + +src_install() { + webapp_src_preinst + + dodoc README RELEASE-DATE-${MY_PV} ChangeLog + rm -f LICENSE README* RELEASE-DATE-${MY_PV} + + if ! use setup; then + rm -rf setup || die "Cannot remove setup utility" + elog "The phpMyAdmin setup utility has been removed." + elog "It is a regular target of various exploits. If you need it, set USE=setup." + else + elog "You should consider disabling the setup USE flag" + elog "to exclude the setup utility if you don't use it." + elog "It regularly is the target of various exploits." + fi + + insinto "${MY_HTDOCSDIR#${EPREFIX}}" + doins -r . + + webapp_configfile "${MY_HTDOCSDIR#${EPREFIX}}"/libraries/config.default.php + webapp_serverowned "${MY_HTDOCSDIR#${EPREFIX}}"/libraries/config.default.php + + webapp_postinst_txt en "${FILESDIR}"/postinstall-en-3.1.txt + webapp_src_install +} |