phpmyadmin: fix CVE-2015-7873

The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter. Backport upstream commit to fix it: https://github.com/phpmyadmin/phpmyadmin/commit/cd097656758f981f80fb9029c7d6b4294582b706 Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Wenzong Fan <wenzong.fan@windriver.com> 2015-11-14 04:47:56 -0500
committer: Armin Kuster <akuster808@gmail.com> 2015-12-20 14:33:33 -0800
commit: 239f80a473292a2c50639d7c829dcaffdf6ac37c (patch)
tree: 231295cf212e21694c3f4e2e98c0ba506deca59a
parent: bd06eeb7a9c5b67040c6669831ed13574544045a (diff)
download: meta-openembedded-239f80a473292a2c50639d7c829dcaffdf6ac37c.tar.gz
2 files changed, 49 insertions, 0 deletions
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch
new file mode 100644
index 000000000..1e6bcbda5
--- /dev/null
+++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch
@@ -0,0 +1,48 @@
+From ae7eae1cc88cbdf2d27a6f10f097ef731823689e Mon Sep 17 00:00:00 2001
+From: Wenzong Fan <wenzong.fan@windriver.com>
+Date: Sat, 14 Nov 2015 02:01:54 -0500
+Subject: [PATCH] Port content spoofing fix
+Backport upstream commit for fixing CVE-2015-7873:
+  https://github.com/phpmyadmin/phpmyadmin/commit/cd097656758f981f80fb9029c7d6b4294582b706
+Upstream-Status: Backport
+Signed-off-by: Marc Delisle <marc@infomarc.info>
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
+---
+ ChangeLog | 4 ++++
+ url.php   | 3 ++-
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+diff --git a/ChangeLog b/ChangeLog
+index 4cb6708..96936c8 100644
+--- a/ChangeLog
+++ b/ChangeLog
+@@ -107,6 +107,10 @@ phpMyAdmin - ChangeLog
+ - issue #11448 Clarify doc about the MemoryLimit directive
+ - issue #11489 Cannot copy a database under certain conditions
+ 
+4.4.15.1 (2015-10-23)
+- issue #11464 phpMyAdmin suggests upgrading to newer version not usable on that system
+- issue [security] Content spoofing on url.php
+
+ 4.4.15.0 (not yet released)
+ - issue #11411 Undefined "replace" function on numeric scalar
+ - issue #11421 Stored-proc / routine - broken parameter parsing
+diff --git a/url.php b/url.php
+index eec78a5..9c4c884 100644
+--- a/url.php
+++ b/url.php
+@@ -32,6 +32,7 @@ if (! PMA_isValid($_REQUEST['url'])
+             }
+         </script>";
+     // Display redirecting msg on screen.
+-    printf(__('Taking you to %s.'), htmlspecialchars($_REQUEST['url']));
+    // Do not display the value of $_REQUEST['url'] to avoid showing injected content
+    echo __('Taking you to the target site.');
+ }
+ die();
+-- 
+1.9.1
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb
index e28b66a23..9297d0c23 100644
--- a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb
+++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
                    file://libraries/tcpdf/LICENSE.TXT;md5=5c87b66a5358ebcc495b03e0afcd342c"
 SRC_URI = "https://files.phpmyadmin.net/phpMyAdmin/4.5.0.2/phpMyAdmin-4.5.0.2-all-languages.tar.xz \
+           file://Port-content-spoofing-fix-CVE-2015-7873.patch \
           file://apache.conf"
 SRC_URI[md5sum] = "2d08d2fcc8f70f88a11a14723e3ca275"
author	Wenzong Fan <wenzong.fan@windriver.com>	2015-11-14 04:47:56 -0500
committer	Armin Kuster <akuster808@gmail.com>	2015-12-20 14:33:33 -0800
commit	239f80a473292a2c50639d7c829dcaffdf6ac37c (patch)
tree	231295cf212e21694c3f4e2e98c0ba506deca59a
parent	bd06eeb7a9c5b67040c6669831ed13574544045a (diff)
download	meta-openembedded-239f80a473292a2c50639d7c829dcaffdf6ac37c.tar.gz

diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch new file mode 100644 index 000000000..1e6bcbda5 --- /dev/null +++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch
@@ -0,0 +1,48 @@
		1	From ae7eae1cc88cbdf2d27a6f10f097ef731823689e Mon Sep 17 00:00:00 2001
		2	From: Wenzong Fan <wenzong.fan@windriver.com>
		3	Date: Sat, 14 Nov 2015 02:01:54 -0500
		4	Subject: [PATCH] Port content spoofing fix
		5
		6	Backport upstream commit for fixing CVE-2015-7873:
		7	https://github.com/phpmyadmin/phpmyadmin/commit/cd097656758f981f80fb9029c7d6b4294582b706
		8
		9	Upstream-Status: Backport
		10
		11	Signed-off-by: Marc Delisle <marc@infomarc.info>
		12	Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
		13	---
		14	ChangeLog \| 4 ++++
		15	url.php \| 3 ++-
		16	2 files changed, 6 insertions(+), 1 deletion(-)
		17
		18	diff --git a/ChangeLog b/ChangeLog
		19	index 4cb6708..96936c8 100644
		20	--- a/ChangeLog
		21	+++ b/ChangeLog
		22	@@ -107,6 +107,10 @@ phpMyAdmin - ChangeLog
		23	- issue #11448 Clarify doc about the MemoryLimit directive
		24	- issue #11489 Cannot copy a database under certain conditions
		25
		26	+4.4.15.1 (2015-10-23)
		27	+- issue #11464 phpMyAdmin suggests upgrading to newer version not usable on that system
		28	+- issue [security] Content spoofing on url.php
		29	+
		30	4.4.15.0 (not yet released)
		31	- issue #11411 Undefined "replace" function on numeric scalar
		32	- issue #11421 Stored-proc / routine - broken parameter parsing
		33	diff --git a/url.php b/url.php
		34	index eec78a5..9c4c884 100644
		35	--- a/url.php
		36	+++ b/url.php
		37	@@ -32,6 +32,7 @@ if (! PMA_isValid($_REQUEST['url'])
		38	}
		39	</script>";
		40	// Display redirecting msg on screen.
		41	- printf(__('Taking you to %s.'), htmlspecialchars($_REQUEST['url']));
		42	+ // Do not display the value of $_REQUEST['url'] to avoid showing injected content
		43	+ echo __('Taking you to the target site.');
		44	}
		45	die();
		46	--
		47	1.9.1
		48


diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb index e28b66a23..9297d0c23 100644 --- a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb +++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
6	file://libraries/tcpdf/LICENSE.TXT;md5=5c87b66a5358ebcc495b03e0afcd342c"	6	file://libraries/tcpdf/LICENSE.TXT;md5=5c87b66a5358ebcc495b03e0afcd342c"
7		7
8	SRC_URI = "https://files.phpmyadmin.net/phpMyAdmin/4.5.0.2/phpMyAdmin-4.5.0.2-all-languages.tar.xz \	8	SRC_URI = "https://files.phpmyadmin.net/phpMyAdmin/4.5.0.2/phpMyAdmin-4.5.0.2-all-languages.tar.xz \
		9	file://Port-content-spoofing-fix-CVE-2015-7873.patch \
9	file://apache.conf"	10	file://apache.conf"
10		11
11	SRC_URI[md5sum] = "2d08d2fcc8f70f88a11a14723e3ca275"	12	SRC_URI[md5sum] = "2d08d2fcc8f70f88a11a14723e3ca275"