summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>2020-03-24 15:05:09 +0000
committerJorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>2020-03-24 15:05:09 +0000
commit2f792e1787303bdb871267f8e9fbf75d7085d893 (patch)
tree2b873ff93565548e3bb14d5dbe6de2615e5576c9
parentwww-apps/drupal: Drop vulnerable releases. (diff)
downloadjmbsvicetto-2f792e1787303bdb871267f8e9fbf75d7085d893.tar.gz
jmbsvicetto-2f792e1787303bdb871267f8e9fbf75d7085d893.tar.bz2
jmbsvicetto-2f792e1787303bdb871267f8e9fbf75d7085d893.zip
dev-db/phpmyadmin: Security bump - CVE-2020-{10802,10803,10804} PMASA-2020-{3,4,2}
Add 4.9.5 and 5.0.2 releases to address the following security advisories. PMASA-2020-2: SQL injection vulnerability in the user accounts page, particularly when changing a password PMASA-2020-3: SQL injection vulnerability relating to the search feature PMASA-2020-4: SQL injection and XSS having to do with displaying results Bug: https://bugs.gentoo.org/714014 Signed-off-by: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>
-rw-r--r--dev-db/phpmyadmin/Manifest2
-rw-r--r--dev-db/phpmyadmin/phpmyadmin-4.9.5.ebuild61
-rw-r--r--dev-db/phpmyadmin/phpmyadmin-5.0.2.ebuild61
3 files changed, 124 insertions, 0 deletions
diff --git a/dev-db/phpmyadmin/Manifest b/dev-db/phpmyadmin/Manifest
index c17112e..f5ae20b 100644
--- a/dev-db/phpmyadmin/Manifest
+++ b/dev-db/phpmyadmin/Manifest
@@ -1,2 +1,4 @@
DIST phpMyAdmin-4.9.4-all-languages.tar.xz 6134852 BLAKE2B 4ba7d4a45a3fb7d84f6b227a2d2fc0ffc530498e74c1c412bbf631ca78ba5c874f9f21220d34e2179666253bde4fa222838962e6c9d48d514cf80c5c8370cee3 SHA512 3ddab59725d59bcbe99457a1717f12b53bbd251f0bfcea1582288abfbb4507e50351e3ed0e76961026b0ad351abc806deed4a97f0fa882b34ee095ef314aaf37
+DIST phpMyAdmin-4.9.5-all-languages.tar.xz 6138948 BLAKE2B 63631e8207d1cfb71a2299752bb10ab55d13f630ee0d913a4ed6bdf0a16320fa72945bc7c8a63e0e705eb45a569c60fffd48c204eabe1b980a33ab93fac7c798 SHA512 555f07f087d8bcddd114df0b86fa21872f14f45c31e0f63eea499e76fdebdfd8abebcc88662887418e80ddebfea73d6aaac17856cf433d1855423b5145865d1a
DIST phpMyAdmin-5.0.1-all-languages.tar.xz 8130464 BLAKE2B a4b859c73ece7537db1bc4a14df8c5c8f0ab39106b9e3ccbbc30c1f97fa4dc40617db3b00c432b24aa9865ed45595805fa4b43db92b5794794621d0c7df54f3a SHA512 576323a5e63438fe9e57e6165697c5e03e5291346f3786c84d5d6c4cd6851713cb10b2eed4b0c7e9ab6445dad9b06cbded6c03711fcc2942e999f2b5e7ab446b
+DIST phpMyAdmin-5.0.2-all-languages.tar.xz 8018752 BLAKE2B c7ceb9257cacae61a674b986fcdfacbcf8f77e2ec9f31dd0fc679f748d9042301d8a5d37803c0b1c796095c038e8ac9701b7c5e497ee92331aa672f5044de4d4 SHA512 242770cc468ebcb3ec9c57bce16607a258621014513568b1a96cfea1df4786506c3922250c69f87e058dbf0dd69cf37efda1a810ade88c05d5ef37591cc1b225
diff --git a/dev-db/phpmyadmin/phpmyadmin-4.9.5.ebuild b/dev-db/phpmyadmin/phpmyadmin-4.9.5.ebuild
new file mode 100644
index 0000000..b44663d
--- /dev/null
+++ b/dev-db/phpmyadmin/phpmyadmin-4.9.5.ebuild
@@ -0,0 +1,61 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils webapp
+
+MY_PV=${PV/_/-}
+MY_PN="phpMyAdmin"
+MY_P="${MY_PN}-${MY_PV}-all-languages"
+
+DESCRIPTION="Web-based administration for MySQL database in PHP"
+HOMEPAGE="https://www.phpmyadmin.net/"
+SRC_URI="https://files.phpmyadmin.net/${MY_PN}/${MY_PV}/${MY_P}.tar.xz"
+
+LICENSE="GPL-2"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~ppc-macos ~x64-macos ~x86-macos"
+IUSE="setup"
+
+RDEPEND="
+ dev-lang/php[ctype,filter,json,session,unicode]
+ || (
+ dev-lang/php[mysqli]
+ dev-lang/php[mysql]
+ )
+ virtual/httpd-php:*
+"
+
+need_httpd_cgi
+
+S="${WORKDIR}"/${MY_P}
+
+pkg_setup() {
+ webapp_pkg_setup
+}
+
+src_install() {
+ webapp_src_preinst
+
+ dodoc README RELEASE-DATE-${MY_PV} ChangeLog
+ rm -f LICENSE README* RELEASE-DATE-${MY_PV}
+
+ if ! use setup; then
+ rm -rf setup || die "Cannot remove setup utility"
+ elog "The phpMyAdmin setup utility has been removed."
+ elog "It is a regular target of various exploits. If you need it, set USE=setup."
+ else
+ elog "You should consider disabling the setup USE flag"
+ elog "to exclude the setup utility if you don't use it."
+ elog "It regularly is the target of various exploits."
+ fi
+
+ insinto "${MY_HTDOCSDIR#${EPREFIX}}"
+ doins -r .
+
+ webapp_configfile "${MY_HTDOCSDIR#${EPREFIX}}"/libraries/config.default.php
+ webapp_serverowned "${MY_HTDOCSDIR#${EPREFIX}}"/libraries/config.default.php
+
+ webapp_postinst_txt en "${FILESDIR}"/postinstall-en-3.1.txt
+ webapp_src_install
+}
diff --git a/dev-db/phpmyadmin/phpmyadmin-5.0.2.ebuild b/dev-db/phpmyadmin/phpmyadmin-5.0.2.ebuild
new file mode 100644
index 0000000..bcfb741
--- /dev/null
+++ b/dev-db/phpmyadmin/phpmyadmin-5.0.2.ebuild
@@ -0,0 +1,61 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils webapp
+
+MY_PV=${PV/_/-}
+MY_PN="phpMyAdmin"
+MY_P="${MY_PN}-${MY_PV}-all-languages"
+
+DESCRIPTION="Web-based administration for MySQL database in PHP"
+HOMEPAGE="https://www.phpmyadmin.net/"
+SRC_URI="https://files.phpmyadmin.net/${MY_PN}/${MY_PV}/${MY_P}.tar.xz"
+
+LICENSE="GPL-2"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~ppc-macos ~x64-macos ~x86-macos"
+IUSE="setup"
+
+RDEPEND="
+ >=dev-lang/php-7.1[ctype,filter,json,session,unicode]
+ || (
+ dev-lang/php[mysqli]
+ dev-lang/php[mysql]
+ )
+ virtual/httpd-php:*
+"
+
+need_httpd_cgi
+
+S="${WORKDIR}"/${MY_P}
+
+pkg_setup() {
+ webapp_pkg_setup
+}
+
+src_install() {
+ webapp_src_preinst
+
+ dodoc README RELEASE-DATE-${MY_PV} ChangeLog
+ rm -f LICENSE README* RELEASE-DATE-${MY_PV}
+
+ if ! use setup; then
+ rm -rf setup || die "Cannot remove setup utility"
+ elog "The phpMyAdmin setup utility has been removed."
+ elog "It is a regular target of various exploits. If you need it, set USE=setup."
+ else
+ elog "You should consider disabling the setup USE flag"
+ elog "to exclude the setup utility if you don't use it."
+ elog "It regularly is the target of various exploits."
+ fi
+
+ insinto "${MY_HTDOCSDIR#${EPREFIX}}"
+ doins -r .
+
+ webapp_configfile "${MY_HTDOCSDIR#${EPREFIX}}"/libraries/config.default.php
+ webapp_serverowned "${MY_HTDOCSDIR#${EPREFIX}}"/libraries/config.default.php
+
+ webapp_postinst_txt en "${FILESDIR}"/postinstall-en-3.1.txt
+ webapp_src_install
+}