- Security update of databases/phpmyadmin to 4.0.5

ChangeLog: http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.0.5/phpMyAdmin-4.0.5-notes.html/download SecurityAdvisory: http://www.phpmyadmin.net/home_page/security/PMASA-2013-10.php - Deprecate databases/phpmyadmin35 This version is vulnerable to the 'clickjacking protection bypass' problem fixed in 4.0.5, but the development team will not be publishing a fix. "We have no solution for 3.5.x, due to the proposed solution requiring JavaScript. We don't want to introduce a dependency to JavaScript in the 3.5.x family." Therefore deprecate this port and set expiry for one month. Please upgrade to 4.0.5 instead. Security: 17326fd5-fcfb-11e2-9bb9-6805ca0b3d42
svn path=/head/; revision=324220
2013-08-04 12:13:50 +00:00 · 2013-08-04 12:13:50 +00:00 · 9aacd678d3 · 2021-03-31 03:12:20 +00:00
commit 9aacd678d3
parent 2569b886ba
4 changed files with 36 additions and 3 deletions
--- a/databases/phpmyadmin/Makefile
+++ b/databases/phpmyadmin/Makefile
@ -2,7 +2,7 @@
 # $FreeBSD$

 PORTNAME=	phpMyAdmin
-DISTVERSION=	4.0.4.2
+DISTVERSION=	4.0.5
 CATEGORIES=	databases www
 MASTER_SITES=	SF/${PORTNAME:L}/${PORTNAME}/${DISTVERSION}
 DISTNAME=	${PORTNAME}-${DISTVERSION}-all-languages
--- a/databases/phpmyadmin/distinfo
+++ b/databases/phpmyadmin/distinfo
@ -1,2 +1,2 @@
-SHA256 (phpMyAdmin-4.0.4.2-all-languages.tar.xz) = 0c13b9136092e33c0e4ce07d88818b989a7aa45d5c47f089df69719b4cc97fe5
-SIZE (phpMyAdmin-4.0.4.2-all-languages.tar.xz) = 4367316
+SHA256 (phpMyAdmin-4.0.5-all-languages.tar.xz) = f4df1190441ce5e094183cfadf8aec4af3a4f131339599e6380a1c6ac0a11fe4
+SIZE (phpMyAdmin-4.0.5-all-languages.tar.xz) = 4572884
--- a/databases/phpmyadmin35/Makefile
+++ b/databases/phpmyadmin35/Makefile
@ -12,6 +12,9 @@ COMMENT=	A set of PHP-scripts to manage MySQL over the web

 LICENSE=	GPLv2

+DEPRECATED=	Has unresolved security problems: http://www.phpmyadmin.net/home_page/security/PMASA-2013-10.php
+EXPIRATION_DATE=	2013-09-04
+
 USE_XZ=	yes
 NO_BUILD=	yes
 .if !defined(WITHOUT_PHP_DEPENDS)
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@ -51,6 +51,36 @@ Note:  Please add new entries to the beginning of this file.

 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="17326fd5-fcfb-11e2-9bb9-6805ca0b3d42">
+    <topic>phpMyAdmin -- clickJacking protection can be bypassed</topic>
+    <affects>
+      <package>
+	<name>phpMyAdmin</name>
+	<range><lt>4.0.5</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>The phpMyAdmin development team reports:</p>
+	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-10.php">
+	  <p> phpMyAdmin has a number of mechanisms to avoid a
+	  clickjacking attack, however these mechanisms either work
+	  only in modern browser versions, or can be bypassed.</p>
+	  <p>"We have no solution for 3.5.x, due to the proposed
+	  solution requiring JavaScript. We don't want to introduce a
+	  dependency to JavaScript in the 3.5.x family."</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-10.php</url>
+    </references>
+    <dates>
+      <discovery>2013-08-04</discovery>
+      <entry>2013-08-04</entry>
+    </dates>
+  </vuln>
+
  <vuln vid="69098c5c-fc4b-11e2-8ad0-00262d5ed8ee">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>