phpmyadmin: upgrade to 4.6.3

* Compatible with PHP 5.5 to 7.0 and MySQL 5.5 and newer. * Release notes: http://www.phpmyadmin.net/files/4.6.3/ * Drop two CVE patches which have been fixed: CVE-2015-7873 and CVE-2015-8669 * Use PV in SRC_URI instead of hardcoded version number. Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
author: Jackie Huang <jackie.huang@windriver.com> 2016-07-20 04:45:46 -0400
committer: Martin Jansa <Martin.Jansa@gmail.com> 2016-07-29 11:00:57 +0200
commit: 1a6e6a9d9670431e3c5e8485df78afc9530e8769 (patch)
tree: eddf8a6ee710b30f9465b0c464746797b96db5fc /meta-webserver
parent: aa01ab95a374fd00a8cbde841ce0efffdada63c4 (diff)
download: meta-openembedded-1a6e6a9d9670431e3c5e8485df78afc9530e8769.tar.gz
3 files changed, 3 insertions, 71 deletions
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch
deleted file mode 100644
index 1e6bcbda52..0000000000
--- a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From ae7eae1cc88cbdf2d27a6f10f097ef731823689e Mon Sep 17 00:00:00 2001
-From: Wenzong Fan <wenzong.fan@windriver.com>
-Date: Sat, 14 Nov 2015 02:01:54 -0500
-Subject: [PATCH] Port content spoofing fix
-Backport upstream commit for fixing CVE-2015-7873:
-  https://github.com/phpmyadmin/phpmyadmin/commit/cd097656758f981f80fb9029c7d6b4294582b706
-Upstream-Status: Backport
-Signed-off-by: Marc Delisle <marc@infomarc.info>
-Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
- ChangeLog | 4 ++++
- url.php   | 3 ++-
- 2 files changed, 6 insertions(+), 1 deletion(-)
-diff --git a/ChangeLog b/ChangeLog
-index 4cb6708..96936c8 100644
--- a/ChangeLog
-+++ b/ChangeLog
-@@ -107,6 +107,10 @@ phpMyAdmin - ChangeLog
- - issue #11448 Clarify doc about the MemoryLimit directive
- - issue #11489 Cannot copy a database under certain conditions
- 
-+4.4.15.1 (2015-10-23)
-+- issue #11464 phpMyAdmin suggests upgrading to newer version not usable on that system
-+- issue [security] Content spoofing on url.php
-+
- 4.4.15.0 (not yet released)
- - issue #11411 Undefined "replace" function on numeric scalar
- - issue #11421 Stored-proc / routine - broken parameter parsing
-diff --git a/url.php b/url.php
-index eec78a5..9c4c884 100644
--- a/url.php
-+++ b/url.php
-@@ -32,6 +32,7 @@ if (! PMA_isValid($_REQUEST['url'])
-             }
-         </script>";
-     // Display redirecting msg on screen.
-    printf(__('Taking you to %s.'), htmlspecialchars($_REQUEST['url']));
-+    // Do not display the value of $_REQUEST['url'] to avoid showing injected content
-+    echo __('Taking you to the target site.');
- }
- die();
-- 
-1.9.1
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/phpmyadmin-CVE-2015-8669.patch b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/phpmyadmin-CVE-2015-8669.patch
deleted file mode 100644
index 65fff6455e..0000000000
--- a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/phpmyadmin-CVE-2015-8669.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-[Security] Path disclosure, see PMASA-2015-6
-Upstream-Status: Bacport
-Signed-off-by: Marc Delisle <marc@infomarc.info>
-diff -Nur phpMyAdmin-4.5.0.2-all-languages.orig/libraries/config/messages.inc.php phpMyAdmin-4.5.0.2-all-languages/libraries/config/messages.inc.php
--- phpMyAdmin-4.5.0.2-all-languages.orig/libraries/config/messages.inc.php     2016-01-20 15:11:15.410106888 +0800
-+++ phpMyAdmin-4.5.0.2-all-languages/libraries/config/messages.inc.php  2016-01-20 15:14:05.758108076 +0800
-@@ -11,7 +11,7 @@
-  */
- 
- if (!function_exists('__')) {
-    PMA_fatalError('Bad invocation!');
-+    exit();
- }
- 
- $strConfigAllowArbitraryServer_desc = __(
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.6.3.bb
index ac321857b5..61872ae095 100644
--- a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb
+++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.6.3.bb
@@ -5,14 +5,12 @@ LICENSE = "GPLv2 & LGPLv3 & MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
                    file://libraries/tcpdf/LICENSE.TXT;md5=5c87b66a5358ebcc495b03e0afcd342c"
-SRC_URI = "https://files.phpmyadmin.net/phpMyAdmin/4.5.0.2/phpMyAdmin-4.5.0.2-all-languages.tar.xz \
+SRC_URI = "https://files.phpmyadmin.net/phpMyAdmin/${PV}/phpMyAdmin-${PV}-all-languages.tar.xz \
-           file://Port-content-spoofing-fix-CVE-2015-7873.patch \
           file://apache.conf \
-           file://phpmyadmin-CVE-2015-8669.patch \
 "
-SRC_URI[md5sum] = "2d08d2fcc8f70f88a11a14723e3ca275"
+SRC_URI[md5sum] = "53c7a6a577d10de04a5dd21a05018542"
-SRC_URI[sha256sum] = "d2e90ea486d90b4ebe5eb02d7ad349ad2916c12a8981f98553395ef78d22a8ec"
+SRC_URI[sha256sum] = "943bad38a95f21bb015bdb78c9c067e0ea7510c1b35d4b8e757cb89c413e3bac"
 S = "${WORKDIR}/phpMyAdmin-${PV}-all-languages"
author	Jackie Huang <jackie.huang@windriver.com>	2016-07-20 04:45:46 -0400
committer	Martin Jansa <Martin.Jansa@gmail.com>	2016-07-29 11:00:57 +0200
commit	1a6e6a9d9670431e3c5e8485df78afc9530e8769 (patch)
tree	eddf8a6ee710b30f9465b0c464746797b96db5fc /meta-webserver
parent	aa01ab95a374fd00a8cbde841ce0efffdada63c4 (diff)
download	meta-openembedded-1a6e6a9d9670431e3c5e8485df78afc9530e8769.tar.gz

diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch deleted file mode 100644 index 1e6bcbda52..0000000000 --- a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch +++ /dev/null
@@ -1,48 +0,0 @@
1	From ae7eae1cc88cbdf2d27a6f10f097ef731823689e Mon Sep 17 00:00:00 2001
2	From: Wenzong Fan <wenzong.fan@windriver.com>
3	Date: Sat, 14 Nov 2015 02:01:54 -0500
4	Subject: [PATCH] Port content spoofing fix
5
6	Backport upstream commit for fixing CVE-2015-7873:
7	https://github.com/phpmyadmin/phpmyadmin/commit/cd097656758f981f80fb9029c7d6b4294582b706
8
9	Upstream-Status: Backport
10
11	Signed-off-by: Marc Delisle <marc@infomarc.info>
12	Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
13	---
14	ChangeLog \| 4 ++++
15	url.php \| 3 ++-
16	2 files changed, 6 insertions(+), 1 deletion(-)
17
18	diff --git a/ChangeLog b/ChangeLog
19	index 4cb6708..96936c8 100644
20	--- a/ChangeLog
21	+++ b/ChangeLog
22	@@ -107,6 +107,10 @@ phpMyAdmin - ChangeLog
23	- issue #11448 Clarify doc about the MemoryLimit directive
24	- issue #11489 Cannot copy a database under certain conditions
25
26	+4.4.15.1 (2015-10-23)
27	+- issue #11464 phpMyAdmin suggests upgrading to newer version not usable on that system
28	+- issue [security] Content spoofing on url.php
29	+
30	4.4.15.0 (not yet released)
31	- issue #11411 Undefined "replace" function on numeric scalar
32	- issue #11421 Stored-proc / routine - broken parameter parsing
33	diff --git a/url.php b/url.php
34	index eec78a5..9c4c884 100644
35	--- a/url.php
36	+++ b/url.php
37	@@ -32,6 +32,7 @@ if (! PMA_isValid($_REQUEST['url'])
38	}
39	</script>";
40	// Display redirecting msg on screen.
41	- printf(__('Taking you to %s.'), htmlspecialchars($_REQUEST['url']));
42	+ // Do not display the value of $_REQUEST['url'] to avoid showing injected content
43	+ echo __('Taking you to the target site.');
44	}
45	die();
46	--
47	1.9.1
48


diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/phpmyadmin-CVE-2015-8669.patch b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/phpmyadmin-CVE-2015-8669.patch deleted file mode 100644 index 65fff6455e..0000000000 --- a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/phpmyadmin-CVE-2015-8669.patch +++ /dev/null
@@ -1,18 +0,0 @@
1	[Security] Path disclosure, see PMASA-2015-6
2
3	Upstream-Status: Bacport
4
5	Signed-off-by: Marc Delisle <marc@infomarc.info>
6
7	diff -Nur phpMyAdmin-4.5.0.2-all-languages.orig/libraries/config/messages.inc.php phpMyAdmin-4.5.0.2-all-languages/libraries/config/messages.inc.php
8	--- phpMyAdmin-4.5.0.2-all-languages.orig/libraries/config/messages.inc.php 2016-01-20 15:11:15.410106888 +0800
9	+++ phpMyAdmin-4.5.0.2-all-languages/libraries/config/messages.inc.php 2016-01-20 15:14:05.758108076 +0800
10	@@ -11,7 +11,7 @@
11	*/
12
13	if (!function_exists('__')) {
14	- PMA_fatalError('Bad invocation!');
15	+ exit();
16	}
17
18	$strConfigAllowArbitraryServer_desc = __(


diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.6.3.bb index ac321857b5..61872ae095 100644 --- a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb +++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.6.3.bb
@@ -5,14 +5,12 @@ LICENSE = "GPLv2 & LGPLv3 & MIT"
5	LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263 \	5	LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
6	file://libraries/tcpdf/LICENSE.TXT;md5=5c87b66a5358ebcc495b03e0afcd342c"	6	file://libraries/tcpdf/LICENSE.TXT;md5=5c87b66a5358ebcc495b03e0afcd342c"
7		7
8	SRC_URI = "https://files.phpmyadmin.net/phpMyAdmin/4.5.0.2/phpMyAdmin-4.5.0.2-all-languages.tar.xz \	8	SRC_URI = "https://files.phpmyadmin.net/phpMyAdmin/${PV}/phpMyAdmin-${PV}-all-languages.tar.xz \
9	file://Port-content-spoofing-fix-CVE-2015-7873.patch \
10	file://apache.conf \	9	file://apache.conf \
11	file://phpmyadmin-CVE-2015-8669.patch \
12	"	10	"
13		11
14	SRC_URI[md5sum] = "2d08d2fcc8f70f88a11a14723e3ca275"	12	SRC_URI[md5sum] = "53c7a6a577d10de04a5dd21a05018542"
15	SRC_URI[sha256sum] = "d2e90ea486d90b4ebe5eb02d7ad349ad2916c12a8981f98553395ef78d22a8ec"	13	SRC_URI[sha256sum] = "943bad38a95f21bb015bdb78c9c067e0ea7510c1b35d4b8e757cb89c413e3bac"
16		14
17	S = "${WORKDIR}/phpMyAdmin-${PV}-all-languages"	15	S = "${WORKDIR}/phpMyAdmin-${PV}-all-languages"
18		16