community/phpmyadmin: upgrade to 4.8.1 and update maintainer

author: Natanael Copa <ncopa@alpinelinux.org> 2018-06-11 18:57:29 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2018-06-12 07:46:12 +0000
commit: ca4b594fdc6a3d5353c3016d553687cdd644158c (patch)
tree: 528b5e2cf8cd2c87fd91b4346296ed6b363d20c6 /community/phpmyadmin
parent: a601b97581fea8663be49798c1b5214feed4a548 (diff)
download: aports-ca4b594fdc6a3d5353c3016d553687cdd644158c.tar.bz2
aports-ca4b594fdc6a3d5353c3016d553687cdd644158c.tar.xz
2 files changed, 7 insertions, 120 deletions
diff --git a/community/phpmyadmin/APKBUILD b/community/phpmyadmin/APKBUILD
index f5576b1ecb..a3f7fde426 100644
--- a/community/phpmyadmin/APKBUILD
+++ b/community/phpmyadmin/APKBUILD
@@ -1,15 +1,15 @@
 # Contributor: Sergei Lukin <sergej.lukin@gmail.com>
 # Contributor: Matt Smith <mcs@darkregion.net>
-# Maintainer: Matt Smith <mcs@darkregion.net>
-_php=php5
+# Maintainer: Andy Postnikov <apostnikov@gmail.com>
+_php=php7
 pkgname=phpmyadmin
-pkgver=4.8.0
-pkgrel=2
+pkgver=4.8.1
+pkgrel=0
 pkgdesc="A Web-based PHP tool for administering MySQL"
 url="https://www.phpmyadmin.net/"
 arch="noarch"
 license="GPL-2.0 MIT BSD"
-depends="${_php} ${_php}-mysqli ${_php}-zip ${_php}-zlib ${_php}-bz2
+depends="${_php} ${_php}-mysqli ${_php}-zip ${_php}-bz2
 	${_php}-ctype ${_php}-gd ${_php}-mcrypt ${_php}-json"
 depends_dev=
 makedepends="$depends_dev"
@@ -18,7 +18,6 @@ subpackages="$pkgname-doc"
 _fullpkgname=phpMyAdmin-$pkgver-all-languages
 source="https://files.phpmyadmin.net/phpMyAdmin/$pkgver/$_fullpkgname.tar.xz
 	$pkgname.apache2.conf
-	CVE-2018-10188.patch
 	"
 options="!check"  # tests require running MySQL
 
@@ -103,6 +102,5 @@ doc() {
 	done
 }
 
-sha512sums="50d69ebc1e0a814d1a348a59e6cb42931dbd1d8a9b16e542293b8e30e2ed0ec45ccd993c4388733ce3b099536db39accbc86941554710a4b4b4de8368f9dac02  phpMyAdmin-4.8.0-all-languages.tar.xz
-c6af2960b95924c31cc05d90e7282ba9be6cb6eabb134b8bb627230a4253c017eca75132420a356acd6aecdce146e29666ed90fc90749820060a64478d3e2105  phpmyadmin.apache2.conf
-04abc7767b4fd435f405110fea9ba072ccee1e16e77a82671b2c6a23636286d29f188a0abc29b6ff39918d9ea9cd3be79464d1b49be2f18f7a487d33f9713e8e  CVE-2018-10188.patch"
+sha512sums="93f04c76b8a0a73ff61dbe3edb9df8b1536eb18f5b5944c2f5eb0e8f5eddb183497c4c2e4a3d290f70422a49027c1de220630bdce731a6b7315b1d3295641d0c  phpMyAdmin-4.8.1-all-languages.tar.xz
+c6af2960b95924c31cc05d90e7282ba9be6cb6eabb134b8bb627230a4253c017eca75132420a356acd6aecdce146e29666ed90fc90749820060a64478d3e2105  phpmyadmin.apache2.conf"
diff --git a/community/phpmyadmin/CVE-2018-10188.patch b/community/phpmyadmin/CVE-2018-10188.patch
deleted file mode 100644
index e607e19d84..0000000000
--- a/community/phpmyadmin/CVE-2018-10188.patch
+++ /dev/null
@@ -1,111 +0,0 @@
-From c6dd6b56e236a3aff953cee4135ecaa67130e641 Mon Sep 17 00:00:00 2001
-From: Madhura Jayaratne <madhura.cj@gmail.com>
-Date: Wed, 18 Apr 2018 00:07:48 +1000
-Subject: [PATCH] Fix phpmyadmin-security#240 Multiple CSRF vulnerabilities
-
-Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>
----
- js/db_operations.js              | 7 +++----
- js/tbl_operations.js             | 6 ++++--
- libraries/classes/Operations.php | 9 +++++----
- sql.php                          | 4 ++--
- 5 files changed, 16 insertions(+), 13 deletions(-)
-
-diff --git a/js/db_operations.js b/js/db_operations.js
-index 5a8e95d5799..b65733d896f 100644
---- a/js/db_operations.js
-+++ b/js/db_operations.js
-@@ -134,6 +134,7 @@ AJAX.registerOnload('db_operations.js', function () {
-      */
-     $(document).on('click', '#drop_db_anchor.ajax', function (event) {
-         event.preventDefault();
-+        var $link = $(this);
-         /**
-          * @var question    String containing the question to be asked for confirmation
-          */
-@@ -142,10 +143,8 @@ AJAX.registerOnload('db_operations.js', function () {
-             PMA_messages.strDoYouReally,
-             'DROP DATABASE `' + escapeHtml(PMA_commonParams.get('db') + '`')
-         );
--        var params = {
--            'is_js_confirmed': '1',
--            'ajax_request': true
--        };
-+        var params = getJSConfirmCommonParam(this, $link.getPostData());
-+
-         $(this).PMA_confirm(question, $(this).attr('href'), function (url) {
-             PMA_ajaxShowMessage(PMA_messages.strProcessingRequest);
-             $.post(url, params, function (data) {
-diff --git a/js/tbl_operations.js b/js/tbl_operations.js
-index 2763e0263c2..59b8c534e7c 100644
---- a/js/tbl_operations.js
-+++ b/js/tbl_operations.js
-@@ -218,6 +218,7 @@ AJAX.registerOnload('tbl_operations.js', function () {
- 
-     $(document).on('click', '#drop_tbl_anchor.ajax', function (event) {
-         event.preventDefault();
-+        var $link = $(this);
-         /**
-          * @var question    String containing the question to be asked for confirmation
-          */
-@@ -230,7 +231,7 @@ AJAX.registerOnload('tbl_operations.js', function () {
-         $(this).PMA_confirm(question, $(this).attr('href'), function (url) {
-             var $msgbox = PMA_ajaxShowMessage(PMA_messages.strProcessingRequest);
- 
--            var params = getJSConfirmCommonParam(this);
-+            var params = getJSConfirmCommonParam(this, $link.getPostData());
- 
-             $.post(url, params, function (data) {
-                 if (typeof data !== 'undefined' && data.success === true) {
-@@ -289,6 +290,7 @@ AJAX.registerOnload('tbl_operations.js', function () {
- 
-     $(document).on('click', '#truncate_tbl_anchor.ajax', function (event) {
-         event.preventDefault();
-+        var $link = $(this);
-         /**
-          * @var question    String containing the question to be asked for confirmation
-          */
-@@ -300,7 +302,7 @@ AJAX.registerOnload('tbl_operations.js', function () {
-         $(this).PMA_confirm(question, $(this).attr('href'), function (url) {
-             PMA_ajaxShowMessage(PMA_messages.strProcessingRequest);
- 
--            var params = getJSConfirmCommonParam(this);
-+            var params = getJSConfirmCommonParam(this, $link.getPostData());
- 
-             $.post(url, params, function (data) {
-                 if ($('.sqlqueryresults').length !== 0) {
-diff --git a/libraries/classes/Operations.php b/libraries/classes/Operations.php
-index e62038a5727..d7277edb8bc 100644
---- a/libraries/classes/Operations.php
-+++ b/libraries/classes/Operations.php
-@@ -1559,10 +1559,11 @@ public function getHtmlForDeleteDataOrTable(
-      */
-     public function getDeleteDataOrTablelink(array $url_params, $syntax, $link, $htmlId)
-     {
--        return  '<li><a '
--            . 'href="sql.php' . Url::getCommon($url_params) . '"'
--            . ' id="' . $htmlId . '" class="ajax">'
--            . $link . '</a>'
-+        return '<li>' . Util::linkOrButton(
-+                'sql.php' . Url::getCommon($url_params),
-+                $link,
-+                array('id' => $htmlId, 'class' => 'ajax')
-+            )
-             . Util::showMySQLDocu($syntax)
-             . '</li>';
-     }
-diff --git a/sql.php b/sql.php
-index 13eb168e03f..056497fd3bc 100644
---- a/sql.php
-+++ b/sql.php
-@@ -69,8 +69,8 @@
- // Coming from a bookmark dialog
- if (isset($_POST['bkm_fields']['bkm_sql_query'])) {
-     $sql_query = $_POST['bkm_fields']['bkm_sql_query'];
--} elseif (isset($_GET['sql_query'])) {
--    $sql_query = $_GET['sql_query'];
-+} elseif (isset($_POST['sql_query'])) {
-+    $sql_query = $_POST['sql_query'];
- }
- 
- // This one is just to fill $db
author	Natanael Copa <ncopa@alpinelinux.org>	2018-06-11 18:57:29 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2018-06-12 07:46:12 +0000
commit	ca4b594fdc6a3d5353c3016d553687cdd644158c (patch)
tree	528b5e2cf8cd2c87fd91b4346296ed6b363d20c6 /community/phpmyadmin
parent	a601b97581fea8663be49798c1b5214feed4a548 (diff)
download	aports-ca4b594fdc6a3d5353c3016d553687cdd644158c.tar.bz2 aports-ca4b594fdc6a3d5353c3016d553687cdd644158c.tar.xz