head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.6
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.4
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.2
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.1.0.6
	pkgsrc-2011Q2-base:1.1
	pkgsrc-2011Q1:1.1.0.4
	pkgsrc-2011Q1-base:1.1
	pkgsrc-2010Q4:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2011.07.29.17.21.21;	author tron;	state dead;
branches;
next	1.1;

1.1
date	2011.01.27.13.45.55;	author tron;	state Exp;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2011.01.27.13.45.55;	author sbd;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2011.01.27.21.18.33;	author sbd;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update "phpmyadmin" package to version 3.4.3.2.
This is major feature update which requires at least PHP 5.2.0 and
MySQL 5.0. It features a new user interface and uses MySQL for
authentication and access control.

The update was necessary as "phpmyadmin" 2.11 is no longer supported:
http://sourceforge.net/news/?group_id=23067&id=301992
@
text
@$NetBSD: patch-CVE-2010-4480-2,v 1.1 2011/01/27 13:45:55 tron Exp $

Fix for CVE-2010-4480 taken from the phpMyAdmin GIT repository:

http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=b01a58118f973f98ab99a4bb28d340af49fa251f

--- libraries/core.lib.php.orig	2010-11-29 17:18:35.000000000 +0000
+++ libraries/core.lib.php	2011-01-27 13:21:56.000000000 +0000
@@@@ -241,18 +241,18 @@@@
     $error_message = strtr($error_message, array('<br />' => '[br]'));
 
     // Displays the error message
-    // (do not use &amp; for parameters sent by header)
-    header('Location: ' . (defined('PMA_SETUP') ? '../' : '') . 'error.php'
-            . '?lang='  . urlencode($GLOBALS['available_languages'][$GLOBALS['lang']][2])
-            . '&dir='   . urlencode($GLOBALS['text_dir'])
-            . '&type='  . urlencode($GLOBALS['strError'])
-            . '&error=' . urlencode($error_message));
+    $lang = $GLOBALS['available_languages'][$GLOBALS['lang']][2];
+    $dir = $GLOBALS['text_dir'];
+    $type = $GLOBALS['strError'];
+    $error = $error_message;
 
     // on fatal errors it cannot hurt to always delete the current session
     if (isset($GLOBALS['session_name']) && isset($_COOKIE[$GLOBALS['session_name']])) {
         PMA_removeCookie($GLOBALS['session_name']);
     }
 
+    require('./libraries/error.inc.php');
+
     exit;
 }
 
@


1.1
log
@Add fixes for the security vulnerabilities reported in CVE-2010-4480 and
CVE-2010-4481 taken from the phpMyAdmin GIT repository.

Thanks a lot to Tim Zingelman for pointing out that the fixes had
finally been made available.
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.2.1
log
@file patch-CVE-2010-4480-2 was added on branch pkgsrc-2010Q4 on 2011-01-27 21:18:33 +0000
@
text
@d1 33
@


1.1.2.2
log
@Pullup ticket #3338 - requested by tron
Security patch for "phpmyadmin" package

Revisions pulled up:
 - pkgsrc/databases/phpmyadmin/Makefile				1.86
 - pkgsrc/databases/phpmyadmin/PLIST				1.22
 - pkgsrc/databases/phpmyadmin/distinfo				1.47
 - pkgsrc/databases/phpmyadmin/patches/patch-CVE-2010-4480-1	1.1
 - pkgsrc/databases/phpmyadmin/patches/patch-CVE-2010-4480-2	1.1
 - pkgsrc/databases/phpmyadmin/patches/patch-CVE-2010-4480-3	1.1
 - pkgsrc/databases/phpmyadmin/patches/patch-CVE-2010-4481	1.1

-------------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	tron
   Date:		Thu Jan 27 13:45:56 UTC 2011

   Modified Files:
   	pkgsrc/databases/phpmyadmin: Makefile PLIST distinfo
   Added Files:
   	pkgsrc/databases/phpmyadmin/patches: patch-CVE-2010-4480-1
   	    patch-CVE-2010-4480-2 patch-CVE-2010-4480-3 patch-CVE-2010-4481

   Log Message:
   Add fixes for the security vulnerabilities reported in CVE-2010-4480 and
   CVE-2010-4481 taken from the phpMyAdmin GIT repository.

   Thanks a lot to Tim Zingelman for pointing out that the fixes had
   finally been made available.


   To generate a diff of this commit:
   cvs rdiff -u -r1.85 -r1.86 pkgsrc/databases/phpmyadmin/Makefile
   cvs rdiff -u -r1.21 -r1.22 pkgsrc/databases/phpmyadmin/PLIST
   cvs rdiff -u -r1.46 -r1.47 pkgsrc/databases/phpmyadmin/distinfo
   cvs rdiff -u -r0 -r1.1 \
       pkgsrc/databases/phpmyadmin/patches/patch-CVE-2010-4480-1 \
       pkgsrc/databases/phpmyadmin/patches/patch-CVE-2010-4480-2 \
       pkgsrc/databases/phpmyadmin/patches/patch-CVE-2010-4480-3 \
       pkgsrc/databases/phpmyadmin/patches/patch-CVE-2010-4481
@
text
@a0 33
$NetBSD: patch-CVE-2010-4480-2,v 1.1 2011/01/27 13:45:55 tron Exp $

Fix for CVE-2010-4480 taken from the phpMyAdmin GIT repository:

http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=b01a58118f973f98ab99a4bb28d340af49fa251f

--- libraries/core.lib.php.orig	2010-11-29 17:18:35.000000000 +0000
+++ libraries/core.lib.php	2011-01-27 13:21:56.000000000 +0000
@@@@ -241,18 +241,18 @@@@
     $error_message = strtr($error_message, array('<br />' => '[br]'));
 
     // Displays the error message
-    // (do not use &amp; for parameters sent by header)
-    header('Location: ' . (defined('PMA_SETUP') ? '../' : '') . 'error.php'
-            . '?lang='  . urlencode($GLOBALS['available_languages'][$GLOBALS['lang']][2])
-            . '&dir='   . urlencode($GLOBALS['text_dir'])
-            . '&type='  . urlencode($GLOBALS['strError'])
-            . '&error=' . urlencode($error_message));
+    $lang = $GLOBALS['available_languages'][$GLOBALS['lang']][2];
+    $dir = $GLOBALS['text_dir'];
+    $type = $GLOBALS['strError'];
+    $error = $error_message;
 
     // on fatal errors it cannot hurt to always delete the current session
     if (isset($GLOBALS['session_name']) && isset($_COOKIE[$GLOBALS['session_name']])) {
         PMA_removeCookie($GLOBALS['session_name']);
     }
 
+    require('./libraries/error.inc.php');
+
     exit;
 }
 
@