[gentoo-commits] repo/gentoo:master commit in: dev-db/phpmyadmin/

Jorge Manuel B. S. Vicetto Tue, 24 Mar 2020 08:23:46 -0700

commit:     a81c2975bff0bf2f8f4dce7c9a98628dd3b9c10d
Author:     Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto <AT> gentoo 
<DOT> org>
AuthorDate: Tue Mar 24 15:22:32 2020 +0000
Commit:     Jorge Manuel B. S. Vicetto <jmbsvicetto <AT> gentoo <DOT> org>
CommitDate: Tue Mar 24 15:22:58 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a81c2975


dev-db/phpmyadmin: Security bump - CVE-2020-{10802,10803,10804}.

Add 4.9.5 and 5.0.2 releases to address the following security advisories.
CVE-2020-{10802,10803,10804} - PMASA-2020-{3,4,2}
PMASA-2020-2: SQL injection vulnerability in the user accounts page,
particularly when changing a password
PMASA-2020-3: SQL injection vulnerability relating to the search feature
PMASA-2020-4: SQL injection and XSS having to do with displaying results
Bug: https://bugs.gentoo.org/714014
Package-Manager: Portage-2.3.94, Repoman-2.3.21
Signed-off-by: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto <AT> 
gentoo.org>

 dev-db/phpmyadmin/Manifest                |  2 +
 dev-db/phpmyadmin/phpmyadmin-4.9.5.ebuild | 61 +++++++++++++++++++++++++++++++
 dev-db/phpmyadmin/phpmyadmin-5.0.2.ebuild | 61 +++++++++++++++++++++++++++++++
 3 files changed, 124 insertions(+)

diff --git a/dev-db/phpmyadmin/Manifest b/dev-db/phpmyadmin/Manifest
index 24fbf25d17c..549ecabda70 100644
--- a/dev-db/phpmyadmin/Manifest
+++ b/dev-db/phpmyadmin/Manifest
@@ -1,3 +1,5 @@
 DIST phpMyAdmin-4.9.2-all-languages.tar.xz 6118472 BLAKE2B 
07093982aebf83017a1773a1cd1acac8b7a4cc9bf666f7c62fdef4b3b46441f5ee1da37746610b0ed6b92a67296d908dbf24ba1ea546c1b573c3593a02b90088
 SHA512 
426689c31f963a9cbe34b2116888aa0264801aa5ef18fb0e4b89811b032d4018c770538e823bccb684fb066ed27fcf6dc6e0fb4198d1e082e7eea15595b67727
 DIST phpMyAdmin-4.9.4-all-languages.tar.xz 6134852 BLAKE2B 
4ba7d4a45a3fb7d84f6b227a2d2fc0ffc530498e74c1c412bbf631ca78ba5c874f9f21220d34e2179666253bde4fa222838962e6c9d48d514cf80c5c8370cee3
 SHA512 
3ddab59725d59bcbe99457a1717f12b53bbd251f0bfcea1582288abfbb4507e50351e3ed0e76961026b0ad351abc806deed4a97f0fa882b34ee095ef314aaf37
+DIST phpMyAdmin-4.9.5-all-languages.tar.xz 6138948 BLAKE2B 
63631e8207d1cfb71a2299752bb10ab55d13f630ee0d913a4ed6bdf0a16320fa72945bc7c8a63e0e705eb45a569c60fffd48c204eabe1b980a33ab93fac7c798
 SHA512 
555f07f087d8bcddd114df0b86fa21872f14f45c31e0f63eea499e76fdebdfd8abebcc88662887418e80ddebfea73d6aaac17856cf433d1855423b5145865d1a
 DIST phpMyAdmin-5.0.1-all-languages.tar.xz 8130464 BLAKE2B 
a4b859c73ece7537db1bc4a14df8c5c8f0ab39106b9e3ccbbc30c1f97fa4dc40617db3b00c432b24aa9865ed45595805fa4b43db92b5794794621d0c7df54f3a
 SHA512 
576323a5e63438fe9e57e6165697c5e03e5291346f3786c84d5d6c4cd6851713cb10b2eed4b0c7e9ab6445dad9b06cbded6c03711fcc2942e999f2b5e7ab446b
+DIST phpMyAdmin-5.0.2-all-languages.tar.xz 8018752 BLAKE2B 
c7ceb9257cacae61a674b986fcdfacbcf8f77e2ec9f31dd0fc679f748d9042301d8a5d37803c0b1c796095c038e8ac9701b7c5e497ee92331aa672f5044de4d4
 SHA512 
242770cc468ebcb3ec9c57bce16607a258621014513568b1a96cfea1df4786506c3922250c69f87e058dbf0dd69cf37efda1a810ade88c05d5ef37591cc1b225

diff --git a/dev-db/phpmyadmin/phpmyadmin-4.9.5.ebuild 
b/dev-db/phpmyadmin/phpmyadmin-4.9.5.ebuild
new file mode 100644
index 00000000000..b44663d5751
--- /dev/null
+++ b/dev-db/phpmyadmin/phpmyadmin-4.9.5.ebuild
@@ -0,0 +1,61 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils webapp
+
+MY_PV=${PV/_/-}
+MY_PN="phpMyAdmin"
+MY_P="${MY_PN}-${MY_PV}-all-languages"
+
+DESCRIPTION="Web-based administration for MySQL database in PHP"
+HOMEPAGE="https://www.phpmyadmin.net/";
+SRC_URI="https://files.phpmyadmin.net/${MY_PN}/${MY_PV}/${MY_P}.tar.xz";
+
+LICENSE="GPL-2"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~ppc-macos 
~x64-macos ~x86-macos"
+IUSE="setup"
+
+RDEPEND="
+       dev-lang/php[ctype,filter,json,session,unicode]
+       || (
+               dev-lang/php[mysqli]
+               dev-lang/php[mysql]
+       )
+       virtual/httpd-php:*
+"
+
+need_httpd_cgi
+
+S="${WORKDIR}"/${MY_P}
+
+pkg_setup() {
+       webapp_pkg_setup
+}
+
+src_install() {
+       webapp_src_preinst
+
+       dodoc README RELEASE-DATE-${MY_PV} ChangeLog
+       rm -f LICENSE README* RELEASE-DATE-${MY_PV}
+
+       if ! use setup; then
+               rm -rf setup || die "Cannot remove setup utility"
+               elog "The phpMyAdmin setup utility has been removed."
+               elog "It is a regular target of various exploits. If you need 
it, set USE=setup."
+       else
+               elog "You should consider disabling the setup USE flag"
+               elog "to exclude the setup utility if you don't use it."
+               elog "It regularly is the target of various exploits."
+       fi
+
+       insinto "${MY_HTDOCSDIR#${EPREFIX}}"
+       doins -r .
+
+       webapp_configfile 
"${MY_HTDOCSDIR#${EPREFIX}}"/libraries/config.default.php
+       webapp_serverowned 
"${MY_HTDOCSDIR#${EPREFIX}}"/libraries/config.default.php
+
+       webapp_postinst_txt en "${FILESDIR}"/postinstall-en-3.1.txt
+       webapp_src_install
+}

diff --git a/dev-db/phpmyadmin/phpmyadmin-5.0.2.ebuild 
b/dev-db/phpmyadmin/phpmyadmin-5.0.2.ebuild
new file mode 100644
index 00000000000..bcfb741fefe
--- /dev/null
+++ b/dev-db/phpmyadmin/phpmyadmin-5.0.2.ebuild
@@ -0,0 +1,61 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils webapp
+
+MY_PV=${PV/_/-}
+MY_PN="phpMyAdmin"
+MY_P="${MY_PN}-${MY_PV}-all-languages"
+
+DESCRIPTION="Web-based administration for MySQL database in PHP"
+HOMEPAGE="https://www.phpmyadmin.net/";
+SRC_URI="https://files.phpmyadmin.net/${MY_PN}/${MY_PV}/${MY_P}.tar.xz";
+
+LICENSE="GPL-2"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~ppc-macos 
~x64-macos ~x86-macos"
+IUSE="setup"
+
+RDEPEND="
+       >=dev-lang/php-7.1[ctype,filter,json,session,unicode]
+       || (
+               dev-lang/php[mysqli]
+               dev-lang/php[mysql]
+       )
+       virtual/httpd-php:*
+"
+
+need_httpd_cgi
+
+S="${WORKDIR}"/${MY_P}
+
+pkg_setup() {
+       webapp_pkg_setup
+}
+
+src_install() {
+       webapp_src_preinst
+
+       dodoc README RELEASE-DATE-${MY_PV} ChangeLog
+       rm -f LICENSE README* RELEASE-DATE-${MY_PV}
+
+       if ! use setup; then
+               rm -rf setup || die "Cannot remove setup utility"
+               elog "The phpMyAdmin setup utility has been removed."
+               elog "It is a regular target of various exploits. If you need 
it, set USE=setup."
+       else
+               elog "You should consider disabling the setup USE flag"
+               elog "to exclude the setup utility if you don't use it."
+               elog "It regularly is the target of various exploits."
+       fi
+
+       insinto "${MY_HTDOCSDIR#${EPREFIX}}"
+       doins -r .
+
+       webapp_configfile 
"${MY_HTDOCSDIR#${EPREFIX}}"/libraries/config.default.php
+       webapp_serverowned 
"${MY_HTDOCSDIR#${EPREFIX}}"/libraries/config.default.php
+
+       webapp_postinst_txt en "${FILESDIR}"/postinstall-en-3.1.txt
+       webapp_src_install
+}

[gentoo-commits] repo/gentoo:master commit in: dev-db/phpmyadmin/

Reply via email to