diff options
Diffstat (limited to 'meta-webserver/recipes-php/phpmyadmin')
4 files changed, 148 insertions, 0 deletions
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4504-security-Self-XSS-in-query-charts.patch b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4504-security-Self-XSS-in-query-charts.patch new file mode 100644 index 000000000..27eac7762 --- /dev/null +++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4504-security-Self-XSS-in-query-charts.patch | |||
@@ -0,0 +1,29 @@ | |||
1 | From 90ddeecf60fc029608b972e490b735f3a65ed0cb Mon Sep 17 00:00:00 2001 | ||
2 | From: Madhura Jayaratne <madhura.cj@gmail.com> | ||
3 | Date: Sun, 17 Aug 2014 08:52:05 -0400 | ||
4 | Subject: [PATCH] bug #4504 [security] Self-XSS in query charts | ||
5 | |||
6 | Upstream-status: Backport | ||
7 | |||
8 | Signed-off-by: Marc Delisle <marc@infomarc.info> | ||
9 | --- | ||
10 | js/tbl_chart.js | 2 +- | ||
11 | 2 files changed, 2 insertions(+), 1 deletion(-) | ||
12 | |||
13 | 4.2.7.0 (2014-07-31) | ||
14 | diff --git a/js/tbl_chart.js b/js/tbl_chart.js | ||
15 | index 943d4ae..04c9c40 100644 | ||
16 | --- a/js/tbl_chart.js | ||
17 | +++ b/js/tbl_chart.js | ||
18 | @@ -47,7 +47,7 @@ function PMA_queryChart(data, columnNames, settings) { | ||
19 | }, | ||
20 | axes : { | ||
21 | xaxis : { | ||
22 | - label : settings.xaxisLabel | ||
23 | + label : escapeHtml(settings.xaxisLabel) | ||
24 | }, | ||
25 | yaxis : { | ||
26 | label : settings.yaxisLabel | ||
27 | -- | ||
28 | 1.7.10.4 | ||
29 | |||
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4505-security-XSS-in-view-operations-page.patch b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4505-security-XSS-in-view-operations-page.patch new file mode 100644 index 000000000..164a072ef --- /dev/null +++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4505-security-XSS-in-view-operations-page.patch | |||
@@ -0,0 +1,43 @@ | |||
1 | From 0cd293f5e13aa245e4a57b8d373597cc0e421b6f Mon Sep 17 00:00:00 2001 | ||
2 | From: Madhura Jayaratne <madhura.cj@gmail.com> | ||
3 | Date: Sun, 17 Aug 2014 08:41:57 -0400 | ||
4 | Subject: [PATCH] bug #4505 [security] XSS in view operations page | ||
5 | |||
6 | Upstream-Status: Backport | ||
7 | |||
8 | Signed-off-by: Marc Delisle <marc@infomarc.info> | ||
9 | --- | ||
10 | ChangeLog | 3 +++ | ||
11 | js/functions.js | 2 +- | ||
12 | 2 files changed, 4 insertions(+), 1 deletion(-) | ||
13 | |||
14 | diff --git a/ChangeLog b/ChangeLog | ||
15 | index 7afac1a..cec9d77 100644 | ||
16 | --- a/ChangeLog | ||
17 | +++ b/ChangeLog | ||
18 | @@ -1,6 +1,9 @@ | ||
19 | phpMyAdmin - ChangeLog | ||
20 | ====================== | ||
21 | |||
22 | +4.2.7.1 (2014-08-17) | ||
23 | +- bug #4505 [security] XSS in view operations page | ||
24 | + | ||
25 | 4.2.7.0 (2014-07-31) | ||
26 | - bug Broken links on home page | ||
27 | - bug #4494 Overlap in navigation panel | ||
28 | diff --git a/js/functions.js b/js/functions.js | ||
29 | index 09bfeda..a970a81 100644 | ||
30 | --- a/js/functions.js | ||
31 | +++ b/js/functions.js | ||
32 | @@ -3585,7 +3585,7 @@ AJAX.registerOnload('functions.js', function () { | ||
33 | var question = PMA_messages.strDropTableStrongWarning + ' '; | ||
34 | question += $.sprintf( | ||
35 | PMA_messages.strDoYouReally, | ||
36 | - 'DROP VIEW ' + PMA_commonParams.get('table') | ||
37 | + 'DROP VIEW ' + escapeHtml(PMA_commonParams.get('table')) | ||
38 | ); | ||
39 | |||
40 | $(this).PMA_confirm(question, $(this).attr('href'), function (url) { | ||
41 | -- | ||
42 | 1.7.10.4 | ||
43 | |||
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/apache.conf b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/apache.conf new file mode 100644 index 000000000..94cbd865c --- /dev/null +++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/apache.conf | |||
@@ -0,0 +1,42 @@ | |||
1 | # phpMyAdmin default Apache configuration | ||
2 | |||
3 | Alias /phpmyadmin /usr/share/phpmyadmin | ||
4 | |||
5 | <Directory /usr/share/phpmyadmin> | ||
6 | Options FollowSymLinks | ||
7 | DirectoryIndex index.php | ||
8 | Require all granted | ||
9 | |||
10 | <IfModule mod_php5.c> | ||
11 | AddType application/x-httpd-php .php | ||
12 | |||
13 | php_flag magic_quotes_gpc Off | ||
14 | php_flag track_vars On | ||
15 | php_flag register_globals Off | ||
16 | php_admin_flag allow_url_fopen Off | ||
17 | php_value include_path . | ||
18 | php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp | ||
19 | php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/ | ||
20 | </IfModule> | ||
21 | </Directory> | ||
22 | |||
23 | # Authorize for setup | ||
24 | <Directory /usr/share/phpmyadmin/setup> | ||
25 | <IfModule mod_authn_file.c> | ||
26 | AuthType Basic | ||
27 | AuthName "phpMyAdmin Setup" | ||
28 | AuthUserFile /etc/phpmyadmin/htpasswd.setup | ||
29 | </IfModule> | ||
30 | Require valid-user | ||
31 | </Directory> | ||
32 | |||
33 | # Disallow web access to directories that don't need it | ||
34 | <Directory /usr/share/phpmyadmin/libraries> | ||
35 | Order Deny,Allow | ||
36 | Deny from All | ||
37 | </Directory> | ||
38 | <Directory /usr/share/phpmyadmin/setup/lib> | ||
39 | Order Deny,Allow | ||
40 | Deny from All | ||
41 | </Directory> | ||
42 | |||
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.2.7.bb b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.2.7.bb new file mode 100644 index 000000000..447b77884 --- /dev/null +++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.2.7.bb | |||
@@ -0,0 +1,34 @@ | |||
1 | SUMMARY = "Web-based MySQL administration interface" | ||
2 | HOMEPAGE = "http://www.phpmyadmin.net" | ||
3 | # Main code is GPLv2, libraries/tcpdf is under LGPLv3, js/jquery is under MIT | ||
4 | LICENSE = "GPLv2 & LGPLv3 & MIT" | ||
5 | LIC_FILES_CHKSUM = "file://LICENSE;md5=eb723b61539feef013de476e68b5c50a \ | ||
6 | file://libraries/tcpdf/LICENSE.TXT;md5=5c87b66a5358ebcc495b03e0afcd342c" | ||
7 | |||
8 | SRC_URI = "${SOURCEFORGE_MIRROR}/phpmyadmin/phpMyAdmin/${PV}/phpMyAdmin-${PV}-all-languages.tar.xz \ | ||
9 | file://0001-bug-4504-security-Self-XSS-in-query-charts.patch \ | ||
10 | file://0001-bug-4505-security-XSS-in-view-operations-page.patch \ | ||
11 | file://apache.conf" | ||
12 | |||
13 | SRC_URI[md5sum] = "0dcd755450dac819f33502590c88ad29" | ||
14 | SRC_URI[sha256sum] = "5d101dd88a99a869bc0c684a7f687cf290abc4bf306daac73337cbde2d7743e4" | ||
15 | |||
16 | S = "${WORKDIR}/phpMyAdmin-${PV}-all-languages" | ||
17 | |||
18 | inherit allarch | ||
19 | |||
20 | do_install() { | ||
21 | install -d ${D}${datadir}/${BPN} | ||
22 | cp -a * ${D}${datadir}/${BPN} | ||
23 | |||
24 | install -d ${D}${sysconfdir}/apache2/conf.d | ||
25 | install -m 0644 ${WORKDIR}/apache.conf ${D}${sysconfdir}/apache2/conf.d/phpmyadmin.conf | ||
26 | |||
27 | # Remove a few scripts that explicitly require bash (!) | ||
28 | rm -f ${D}${datadir}/phpmyadmin/libraries/transformations/*.sh | ||
29 | } | ||
30 | |||
31 | FILES_${PN} = "${datadir}/${BPN} \ | ||
32 | ${sysconfdir}/apache2/conf.d" | ||
33 | |||
34 | RDEPENDS_${PN} += "bash" | ||