Revision bump for security bug 83792.

(Portage version: 2.0.51.18)
author: Aaron Walker <ka0ttic@gentoo.org> 2005-03-02 14:48:45 +0000
committer: Aaron Walker <ka0ttic@gentoo.org> 2005-03-02 14:48:45 +0000
commit: d82f9618e7fa9ff92a7e608633290b85bb21fb6f (patch)
tree: f29d2f4809a28be890afb391744a779d24c721ff /dev-db/phpmyadmin
parent: Updated to 1.0.18 release. (diff)
download: gentoo-2-d82f9618e7fa9ff92a7e608633290b85bb21fb6f.tar.gz
gentoo-2-d82f9618e7fa9ff92a7e608633290b85bb21fb6f.tar.bz2
gentoo-2-d82f9618e7fa9ff92a7e608633290b85bb21fb6f.zip
5 files changed, 191 insertions, 18 deletions
diff --git a/dev-db/phpmyadmin/ChangeLog b/dev-db/phpmyadmin/ChangeLog
index 10ee31c0646f..048b7222007f 100644
--- a/dev-db/phpmyadmin/ChangeLog
+++ b/dev-db/phpmyadmin/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for dev-db/phpmyadmin
 # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-db/phpmyadmin/ChangeLog,v 1.87 2005/03/01 18:24:11 kloeri Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-db/phpmyadmin/ChangeLog,v 1.88 2005/03/02 14:48:45 ka0ttic Exp $
+
+*phpmyadmin-2.6.1_p2-r1 (02 Mar 2005)
+
+  02 Mar 2005; Aaron Walker <ka0ttic@gentoo.org>
+  +files/2.6.1_p2-no-wildcard-privs-for-you.patch,
+  +phpmyadmin-2.6.1_p2-r1.ebuild:
+  Revision bump for security bug 83792.
 
   01 Mar 2005; Bryan Østergaard <kloeri@gentoo.org>
   phpmyadmin-2.6.1_p2.ebuild:
diff --git a/dev-db/phpmyadmin/Manifest b/dev-db/phpmyadmin/Manifest
index af6b933c6408..de88529b05e4 100644
--- a/dev-db/phpmyadmin/Manifest
+++ b/dev-db/phpmyadmin/Manifest
@@ -1,23 +1,16 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
+MD5 8953a4dca66a41467a427449f47ea16e phpmyadmin-2.6.1_p2.ebuild 2599
 MD5 3a33dda459f41b062d86576003c1e0ec phpmyadmin-2.6.1.ebuild 2595
-MD5 bccae1a2684d75a564d84b2fc38af47c ChangeLog 12126
 MD5 d0ac5e24e09567b4888c6ee2fbd88b3e phpmyadmin-2.6.1_rc1.ebuild 2593
+MD5 c3fc2aaa40ee4048c6c20654c62a9840 phpmyadmin-2.6.1_p2-r1.ebuild 2685
+MD5 08e76522b9e7aa2f5e010fed2c65d193 ChangeLog 12340
 MD5 d992d28bec4a3bfd72b441145091a58e metadata.xml 244
-MD5 8953a4dca66a41467a427449f47ea16e phpmyadmin-2.6.1_p2.ebuild 2599
-MD5 c6a79ab6f3c9e6d657a5bee36b1f6565 files/phpmyadmin-config.patch 4857
-MD5 85a86432c3f64acb068a7d2cfab311a9 files/config.inc.php-2.5.6.patch 5525
-MD5 1a6c1907f5c2327b00453d7675c13178 files/mysql-setup.sql.in-2.5.6 3231
-MD5 c4e16f440d397574f36ec04130d54ba0 files/digest-phpmyadmin-2.6.1 70
 MD5 22a63a92c01eef5a268311e15594367b files/digest-phpmyadmin-2.6.1_p2 74
-MD5 396133c1da8d8b716ad2da23aa0a5a30 files/phpmyadmin-mysql-setup.sql.in 2712
 MD5 4badbcc4cd669e6f934d5c993ff9ae4e files/digest-phpmyadmin-2.6.1_rc1 74
+MD5 c4e16f440d397574f36ec04130d54ba0 files/digest-phpmyadmin-2.6.1 70
 MD5 56dcb2efb84915a521c18a004f96d37c files/postinstall-en.txt 506
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.0 (GNU/Linux)
-
-iD8DBQFCJLNhugEuf3OQ0akRAvO+AJsGXMNC3iC+jvBYeozL4gdSv4nJDgCeNduP
-g1qpG1K1TEJV2pFOUp7brZQ=
-=SQIE
------END PGP SIGNATURE-----
+MD5 85a86432c3f64acb068a7d2cfab311a9 files/config.inc.php-2.5.6.patch 5525
+MD5 c6a79ab6f3c9e6d657a5bee36b1f6565 files/phpmyadmin-config.patch 4857
+MD5 74f9155acb148d4c41be263c6e1c25cb files/2.6.1_p2-no-wildcard-privs-for-you.patch 4005
+MD5 22a63a92c01eef5a268311e15594367b files/digest-phpmyadmin-2.6.1_p2-r1 74
+MD5 396133c1da8d8b716ad2da23aa0a5a30 files/phpmyadmin-mysql-setup.sql.in 2712
+MD5 1a6c1907f5c2327b00453d7675c13178 files/mysql-setup.sql.in-2.5.6 3231
diff --git a/dev-db/phpmyadmin/files/2.6.1_p2-no-wildcard-privs-for-you.patch b/dev-db/phpmyadmin/files/2.6.1_p2-no-wildcard-privs-for-you.patch
new file mode 100644
index 000000000000..4828337d7447
--- /dev/null
+++ b/dev-db/phpmyadmin/files/2.6.1_p2-no-wildcard-privs-for-you.patch
@@ -0,0 +1,74 @@
+===================================================================
+RCS file: /cvsroot/phpmyadmin/phpMyAdmin/server_privileges.php,v
+retrieving revision 2.40
+retrieving revision 2.42
+diff -u -r2.40 -r2.42
+--- phpmyadmin/phpMyAdmin/server_privileges.php	2004/11/21 13:11:26	2.40
++++ phpmyadmin/phpMyAdmin/server_privileges.php	2005/02/18 02:57:30	2.42
+@@ -1,5 +1,5 @@
+ <?php
+-/* $Id: 2.6.1_p2-no-wildcard-privs-for-you.patch,v 1.1 2005/03/02 14:48:45 ka0ttic Exp $ */
++/* $Id: 2.6.1_p2-no-wildcard-privs-for-you.patch,v 1.1 2005/03/02 14:48:45 ka0ttic Exp $ */
+ // vim: expandtab sw=4 ts=4 sts=4:
+ 
+ /**
+@@ -490,6 +490,22 @@
+        . (empty($thishost) ? '' : 'else if (this.value == \'thishost\') { hostname.value = \'' . addslashes(htmlspecialchars($thishost)) . '\'; } ')
+        . 'else if (this.value == \'hosttable\') { hostname.value = \'\'; } else if (this.value == \'userdefined\') { hostname.focus(); hostname.select(); }">' . "\n";
+     unset($row);
++
++    // when we start editing a user, $GLOBALS['pred_hostname'] is not defined
++    if (!isset($GLOBALS['pred_hostname']) && isset($GLOBALS['hostname'])) {
++        switch (strtolower($GLOBALS['hostname'])) {
++            case 'localhost':
++            case '127.0.0.1':
++                $GLOBALS['pred_hostname'] = 'localhost';
++                break;
++            case '%':
++                $GLOBALS['pred_hostname'] = 'any';
++                break;
++            default:
++                $GLOBALS['pred_hostname'] = 'userdefined';
++                break;
++        }        
++    }
+     echo $spaces . '            <option value="any"' . ((isset($GLOBALS['pred_hostname']) && $GLOBALS['pred_hostname'] == 'any') ? ' selected="selected"' : '') . '>' . $GLOBALS['strAnyHost'] . '</option>' . "\n"
+        . $spaces . '            <option value="localhost"' . ((isset($GLOBALS['pred_hostname']) && $GLOBALS['pred_hostname'] == 'localhost') ? ' selected="selected"' : '') . '>' . $GLOBALS['strLocalhost'] . '</option>' . "\n";
+     if (!empty($thishost)) {
+@@ -713,18 +729,33 @@
+     // escaping a wildcard character in a GRANT is only accepted at the global
+     // or database level, not at table level; this is why I remove
+     // the escaping character
+-    // Note: in the Database-specific privileges, we will have for example
++    // Note: in the phpMyAdmin list of Database-specific privileges,
++    //  we will have for example
+     //  test\_db  SELECT (this one is for privileges on a db level)
+     //  test_db   USAGE  (this one is for table-specific privileges)
+     //
+-    // It looks curious but reflects IMO the way MySQL works
++    // It looks curious but reflects the way MySQL works
++
++    if (empty($dbname)) {
++        $db_and_table = '*.*';
++    } else {
++        if (!empty($tablename)) {
++            $db_and_table = str_replace('\\','',PMA_backquote($dbname))
++                          . '.' . PMA_backquote($tablename);
++        } else {
++            // do not remove the escaping character when working at db level 
++            $db_and_table = PMA_backquote($dbname)
++                          . '.*'; 
++        }
++    }
++
+ 
+-    $db_and_table = empty($dbname) ? '*.*' : str_replace('\\','',PMA_backquote($dbname)) . '.' . (empty($tablename) ? '*' : PMA_backquote($tablename));
+     $sql_query0 = 'REVOKE ALL PRIVILEGES ON ' . $db_and_table . ' FROM \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\';';
+     if (!isset($Grant_priv) || $Grant_priv != 'Y') {
+         $sql_query1 = 'REVOKE GRANT OPTION ON ' . $db_and_table . ' FROM \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\';';
+     }
+     $sql_query2 = 'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON ' . $db_and_table . ' TO \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\'';
++
+     if ((isset($Grant_priv) && $Grant_priv == 'Y') || (empty($dbname) && PMA_MYSQL_INT_VERSION >= 40002 && (isset($max_questions) || isset($max_connections) || isset($max_updates)))) {
+         $sql_query2 .= 'WITH';
+         if (isset($Grant_priv) && $Grant_priv == 'Y') {
diff --git a/dev-db/phpmyadmin/files/digest-phpmyadmin-2.6.1_p2-r1 b/dev-db/phpmyadmin/files/digest-phpmyadmin-2.6.1_p2-r1
new file mode 100644
index 000000000000..f8fec6e3ca1a
--- /dev/null
+++ b/dev-db/phpmyadmin/files/digest-phpmyadmin-2.6.1_p2-r1
@@ -0,0 +1 @@
+MD5 787feeebe16ef7ab43e75e4046550da2 phpMyAdmin-2.6.1-pl2.tar.bz2 1541665
diff --git a/dev-db/phpmyadmin/phpmyadmin-2.6.1_p2-r1.ebuild b/dev-db/phpmyadmin/phpmyadmin-2.6.1_p2-r1.ebuild
new file mode 100644
index 000000000000..d3805ef210d0
--- /dev/null
+++ b/dev-db/phpmyadmin/phpmyadmin-2.6.1_p2-r1.ebuild
@@ -0,0 +1,98 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-db/phpmyadmin/phpmyadmin-2.6.1_p2-r1.ebuild,v 1.1 2005/03/02 14:48:45 ka0ttic Exp $
+
+inherit eutils webapp
+
+MY_PV=${PV/_p/-pl}
+MY_PV=${MY_PV/_rc/-rc}
+MY_P=phpMyAdmin-${MY_PV}
+DESCRIPTION="Web-based administration for MySQL database in PHP"
+HOMEPAGE="http://www.phpmyadmin.net/"
+SRC_URI="mirror://sourceforge/${PN}/${MY_P}.tar.bz2"
+LICENSE="GPL-2"
+KEYWORDS="~alpha ~ppc ~hppa ~sparc x86 ~amd64 ~mips"
+IUSE=""
+DEPEND=">=net-www/apache-1.3
+	>=dev-db/mysql-3.23.32 <dev-db/mysql-5.1
+	virtual/php
+	sys-apps/findutils
+	!<=dev-db/phpmyadmin-2.5.6"
+S=${WORKDIR}/${MY_P}
+
+src_unpack() {
+	unpack ${A}
+	cd ${S}
+	epatch ${FILESDIR}/config.inc.php-2.5.6.patch
+
+	# security bug #83792
+	epatch ${FILESDIR}/${PV}-no-wildcard-privs-for-you.patch
+
+	# Remove .cvs* files and CVS directories
+	find ${S} -name .cvs\* -or \( -type d -name CVS -prune \) | xargs rm -rf
+}
+
+src_compile() {
+	einfo "Setting random user/password details for the controluser"
+
+	local pmapass="${RANDOM}${RANDOM}${RANDOM}${RANDOM}"
+	mv config.inc.php ${T}/config.inc.php
+	sed -e "s/@pmapass@/${pmapass}/g" \
+		${T}/config.inc.php > config.inc.php
+	sed -e "s/@pmapass@/${pmapass}/g" \
+		${FILESDIR}/mysql-setup.sql.in-2.5.6 > ${T}/mysql-setup.sql
+}
+
+src_install() {
+	webapp_src_preinst
+
+	local docs="ANNOUNCE.txt CREDITS Documentation.txt RELEASE-DATE-${PV} TODO ChangeLog LICENSE README"
+
+	# install the SQL scripts available to us
+	#
+	# unfortunately, we do not have scripts to upgrade from older versions
+	# these are things we need to add at a later date
+
+	webapp_sqlscript mysql ${T}/mysql-setup.sql
+
+	# handle documentation files
+	#
+	# NOTE that doc files go into /usr/share/doc as normal; they do NOT
+	# get installed per vhost!
+
+	dodoc ${docs}
+	for doc in ${docs} INSTALL; do
+		rm -f ${doc}
+	done
+
+	# Copy the app's main files
+
+	einfo "Installing main files"
+	cp -r . ${D}${MY_HTDOCSDIR}
+
+	# Identify the configuration files that this app uses
+
+	webapp_configfile ${MY_HTDOCSDIR}/config.inc.php
+
+	# Identify any script files that need #! headers adding to run under
+	# a CGI script (such as PHP/CGI)
+	#
+	# for phpmyadmin, we *assume* that all .php files that don't end in
+	# .inc.php need to have CGI/BIN support added
+
+	for x in `find . -name '*.php' -print | grep -v 'inc.php'` ; do
+		webapp_runbycgibin php ${MY_HTDOCSDIR}/$x
+	done
+
+	# there are no files which need to be owned by the web server
+
+	# add the post-installation instructions
+
+	webapp_postinst_txt en ${FILESDIR}/postinstall-en.txt
+
+	# all done
+	#
+	# now we let the eclass strut its stuff ;-)
+
+	webapp_src_install
+}
author	Aaron Walker <ka0ttic@gentoo.org>	2005-03-02 14:48:45 +0000
committer	Aaron Walker <ka0ttic@gentoo.org>	2005-03-02 14:48:45 +0000
commit	d82f9618e7fa9ff92a7e608633290b85bb21fb6f (patch)
tree	f29d2f4809a28be890afb391744a779d24c721ff /dev-db/phpmyadmin
parent	Updated to 1.0.18 release. (diff)
download	gentoo-2-d82f9618e7fa9ff92a7e608633290b85bb21fb6f.tar.gz gentoo-2-d82f9618e7fa9ff92a7e608633290b85bb21fb6f.tar.bz2 gentoo-2-d82f9618e7fa9ff92a7e608633290b85bb21fb6f.zip