of security fixes in the announcement message and changelog, all of
the fixes were already applied in the previous port update (to
3.4.6-rc1). In fact, diff'ing the distfile tarballs between 3.4.6-rc1
and 3.4.6 shows that the only change is to update the version number.
Announcement message:
"Welcome to phpMyAdmin 3.4.6, a bugfix and minor security release.
Please refer to the upcoming PMASA-2011-15 and -16 announcements on
http://www.phpmyadmin.net/home_page/security.
Details will appear on http://phpmyadmin.net.
Marc Delisle, for the team"
ChangeLog:
http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.4.6/phpMyAdmin-3.4.6.html/download
The advisories PMASA-15 and PMASA-16 still have not yet been published.
PR: ports/161709
Submitted by: Matthew Seaman <m.seaman@infracaninophile.co.uk> (maintainer)
no one has stepped up to deal with:
archivers/pecl-phar Vulnerable since 2011-01-13
comms/libsyncml Depends on devel/libsoup22, which is FORBIDDEN
databases/mysql323-server Vulnerable since 2006-10-29
databases/mysql323-client Vulnerable since 2006-10-29
databases/mysql323-scripts Vulnerable since 2006-10-29
databases/mysql40-server Vulnerable since 2006-10-29
databases/mysql40-client Vulnerable since 2006-10-29
databases/mysql40-scripts Vulnerable since 2006-10-29
databases/p5-DBD-mysql40
Depends on databases/mysql40-server, which is FORBIDDEN
deskutils/buoh Depends on devel/libsoup22, which is FORBIDDEN
deskutils/libopensync-plugin-syncml
Depends on comms/libsyncml, which is DEPRECATED
devel/libsoup22 Vulnerable since 2011-07-28
dns/bind9-sdb-ldap Vulnerable since 2011-06-04
dns/bind9-sdb-postgresql Vulnerable since 2011-06-04
ftp/wgetpro Vulnerable since 2004-12-14
games/quake2forge Vulnerable since 2005-01-21
graphics/linux-tiff Vulnerable since 2004-10-13
japanese/mutt Vulnerable since 2007-07-29
japanese/asterisk14-sounds Depends on net/asterisk14, which is FORBIDDEN
net/asterisk14 Vulnerable since 2011-06-25
net/isc-dhcp31-client Vulnerable since 2011-04-10
net/isc-dhcp31-server Vulnerable since 2011-04-10
net/isc-dhcp31-relay Vulnerable since 2011-04-10
net/asterisk-app-ldap Depends on net/asterisk14, which is FORBIDDEN
net/asterisk-app-notify Depends on net/asterisk14, which is FORBIDDEN
net/asterisk-oh323
Depends on net/asterisk14, which is FORBIDDEN, does not compile on sparc64
net/asterisk14-addons Depends on net/asterisk14, which is FORBIDDEN
net/astfax Depends on net/asterisk14, which is FORBIDDEN
net-mgmt/nagios2 Vulnerable since 2009-06-30
www/gforge Vulnerable since 2005-08-09
www/linux-flashplugin7 Vulnerable since at least 2008-05-30
www/opera-devel Vulnerable since 2010-06-25, does not fetch
www/plone3 Vulnerable and unsupported upstream
www/serendipity-devel Vulnerable since 2008-04-25
www/ziproxy Vulnerable since 2010-06-15
www/asterisk-gui Depends on net/asterisk14, which is FORBIDDEN
x11-toolkits/linux-pango Vulnerable since 2009-05-13
astro/gkrellsun Abandonware
astro/xrmap No more distfiles
audio/midimountain Abandonware
audio/gkrellmss Abandonware
audio/gnapster Abandonware
databases/xbase No more public distfiles
databases/xbsql No more public distfiles
games/gtkabale No more public distfiles
games/battleball No more public distfiles, does not compile on ia64 or sparc64
games/race No more public distfiles
games/stvef-paks No more public distfiles
games/stvef-server No more public distfiles
games/tome No more public distfiles
games/qkmj No more public distfiles
games/oilwar No more public distfiles
games/xbaby No more public distfiles
games/xword Abandonware
games/kslide No more public distfiles
graphics/xmrm No more public distfiles, does not compile on amd64 or sparc64
graphics/giftrans Upstream disappeared and distfile is not available
graphics/wildmagic BROKEN for more than 6 months, does not fetch
irc/ircd-rusnet No more public distfiles
irc/tkirc No more public distfiles
korean/mizifont No more public distfiles
lang/freetxl No more public distfiles
math/nsc2ke No more public distfiles
misc/mgp-mode.el No more public distfiles
multimedia/p5-RIFF-Info No more public distfiles
net/p5-Net-OpenDHT No more public distfiles
net/mudix No more public distfiles
net-im/newsbot No more public distfiles
net-im/libicq2000 Abandonware
net-im/gossip No longer maintain by upstream, use net-im/empathy instead
net-im/ickle Abandonware
net-mgmt/nipper BROKEN for more than 6 month, does not fetch
net-p2p/mldonkey-serverspy No more public distfiles
news/p5-Gateway No more public distfiles
print/epsmerge No more public distfiles
science/at No more public distfiles
science/pyvox No more public distfiles
security/p5-Email-Obfuscate No more public distfiles
security/libparanoia No more public distfiles
security/execwrap No more public distfiles
From the announce message:
"Welcome to the first release candidate of phpMyAdmin 3.4.6, a bugfix
release containing also fixes for minor security problems.
Details will appear on http://phpmyadmin.net. In a hurry? you can visit
http://sourceforge.net/projects/phpmyadmin to download.
Marc Delisle, for the team"
Security Advisories:
PMASA-2011-15
PMASA-2011-16
(These are not published yet...)
ChangeLog:
(http://sourceforge.net/projects/phpmyadmin/files%2FphpMyAdmin%2F3.4.6-rc1%2FphpMyAdmin-3.4.6-rc1.html/view)
Welcome to the first release candidate for phpMyAdmin 3.4.6, a bugfix release containing also fixes for minor security problems.
3.4.6.0 (not yet released)
- patch #3404173 InnoDB comment display with tooltips/aliases
- bug #3404886 [navi] Edit SQL statement after error
- bug #3403165 [interface] Collation not displayed for long enum fields
- bug #3399951 [export] Config for export compression not used
- bug #3400690 [privileges] DB-specific privileges won't submit
- bug #3410604 [config] Configuration storage incorrect suggested table name
- bug #3383572 [interface] Cannot execute saved query
- bug #3411535 [display] Full text button unchecks results display options
- bug #3411224 [display] Broken binary column when 'Show binary contents' is not set
- bug #3411633 [core] Call to undefined function PMA_isSuperuser()
- bug #3413743 [interface] Display options link missing after search
- bug #3324161 [core] CSP policy causing designer JS buttons to fail
- bug #3412862 [relation] Relations/constraints are dropped/created on every change
- bug #3390832 [display] Delete records from last page breaks search
- bug #3392150 [schema] PMA_User_Schema::processUserChoice() is broken
- bug #3414744 [core] External link fails in 3.4.5
- patch #3314626 [display] CharTextareaRows is not respected
- bug #3417089 [synchronize] Extraneous db choices
- [security] Fixed local path disclosure vulnerability, see PMASA-2011-15
- [security] Fixed XSS in setup (host/verbose parameter), see PMASA-2011-16
PR: ports/161337
Submitted by: Matthew Seaman <m.seaman@infracaninophile.co.uk> [maintainer]