diff options
author | Patrick Williams <patrick@stwcx.xyz> | 2016-08-17 23:04:38 +0300 |
---|---|---|
committer | Patrick Williams <patrick@stwcx.xyz> | 2016-08-22 19:43:32 +0300 |
commit | b48b7b4109868a8c0ddda090992e936e821c7ea6 (patch) | |
tree | 696be8ea782f2548c0f63bb0188f4c8d3eeed681 /import-layers/meta-openembedded/meta-webserver/recipes-php | |
parent | d849ec78de728ef9a2d383b92ccfeabf40f8f1d0 (diff) | |
download | openbmc-b48b7b4109868a8c0ddda090992e936e821c7ea6.tar.xz |
Squashed 'import-layers/meta-openembedded/' content from commit 247b126
Change-Id: I40827e9ce5fba63f1cca2a0be44976ae8383b4c0
git-subtree-dir: import-layers/meta-openembedded
git-subtree-split: 247b1267bbe95719cd4877d2d3cfbaf2a2f4865a
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Diffstat (limited to 'import-layers/meta-openembedded/meta-webserver/recipes-php')
5 files changed, 180 insertions, 0 deletions
diff --git a/import-layers/meta-openembedded/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch b/import-layers/meta-openembedded/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch new file mode 100644 index 000000000..1e6bcbda5 --- /dev/null +++ b/import-layers/meta-openembedded/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch @@ -0,0 +1,48 @@ +From ae7eae1cc88cbdf2d27a6f10f097ef731823689e Mon Sep 17 00:00:00 2001 +From: Wenzong Fan <wenzong.fan@windriver.com> +Date: Sat, 14 Nov 2015 02:01:54 -0500 +Subject: [PATCH] Port content spoofing fix + +Backport upstream commit for fixing CVE-2015-7873: + https://github.com/phpmyadmin/phpmyadmin/commit/cd097656758f981f80fb9029c7d6b4294582b706 + +Upstream-Status: Backport + +Signed-off-by: Marc Delisle <marc@infomarc.info> +Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> +--- + ChangeLog | 4 ++++ + url.php | 3 ++- + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/ChangeLog b/ChangeLog +index 4cb6708..96936c8 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -107,6 +107,10 @@ phpMyAdmin - ChangeLog + - issue #11448 Clarify doc about the MemoryLimit directive + - issue #11489 Cannot copy a database under certain conditions + ++4.4.15.1 (2015-10-23) ++- issue #11464 phpMyAdmin suggests upgrading to newer version not usable on that system ++- issue [security] Content spoofing on url.php ++ + 4.4.15.0 (not yet released) + - issue #11411 Undefined "replace" function on numeric scalar + - issue #11421 Stored-proc / routine - broken parameter parsing +diff --git a/url.php b/url.php +index eec78a5..9c4c884 100644 +--- a/url.php ++++ b/url.php +@@ -32,6 +32,7 @@ if (! PMA_isValid($_REQUEST['url']) + } + </script>"; + // Display redirecting msg on screen. +- printf(__('Taking you to %s.'), htmlspecialchars($_REQUEST['url'])); ++ // Do not display the value of $_REQUEST['url'] to avoid showing injected content ++ echo __('Taking you to the target site.'); + } + die(); +-- +1.9.1 + diff --git a/import-layers/meta-openembedded/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/apache.conf b/import-layers/meta-openembedded/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/apache.conf new file mode 100644 index 000000000..94cbd865c --- /dev/null +++ b/import-layers/meta-openembedded/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/apache.conf @@ -0,0 +1,42 @@ +# phpMyAdmin default Apache configuration + +Alias /phpmyadmin /usr/share/phpmyadmin + +<Directory /usr/share/phpmyadmin> + Options FollowSymLinks + DirectoryIndex index.php + Require all granted + + <IfModule mod_php5.c> + AddType application/x-httpd-php .php + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_flag register_globals Off + php_admin_flag allow_url_fopen Off + php_value include_path . + php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp + php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/ + </IfModule> +</Directory> + +# Authorize for setup +<Directory /usr/share/phpmyadmin/setup> + <IfModule mod_authn_file.c> + AuthType Basic + AuthName "phpMyAdmin Setup" + AuthUserFile /etc/phpmyadmin/htpasswd.setup + </IfModule> + Require valid-user +</Directory> + +# Disallow web access to directories that don't need it +<Directory /usr/share/phpmyadmin/libraries> + Order Deny,Allow + Deny from All +</Directory> +<Directory /usr/share/phpmyadmin/setup/lib> + Order Deny,Allow + Deny from All +</Directory> + diff --git a/import-layers/meta-openembedded/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/phpmyadmin-CVE-2015-8669.patch b/import-layers/meta-openembedded/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/phpmyadmin-CVE-2015-8669.patch new file mode 100644 index 000000000..65fff6455 --- /dev/null +++ b/import-layers/meta-openembedded/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/phpmyadmin-CVE-2015-8669.patch @@ -0,0 +1,18 @@ +[Security] Path disclosure, see PMASA-2015-6 + +Upstream-Status: Bacport + +Signed-off-by: Marc Delisle <marc@infomarc.info> + +diff -Nur phpMyAdmin-4.5.0.2-all-languages.orig/libraries/config/messages.inc.php phpMyAdmin-4.5.0.2-all-languages/libraries/config/messages.inc.php +--- phpMyAdmin-4.5.0.2-all-languages.orig/libraries/config/messages.inc.php 2016-01-20 15:11:15.410106888 +0800 ++++ phpMyAdmin-4.5.0.2-all-languages/libraries/config/messages.inc.php 2016-01-20 15:14:05.758108076 +0800 +@@ -11,7 +11,7 @@ + */ + + if (!function_exists('__')) { +- PMA_fatalError('Bad invocation!'); ++ exit(); + } + + $strConfigAllowArbitraryServer_desc = __( diff --git a/import-layers/meta-openembedded/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb b/import-layers/meta-openembedded/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb new file mode 100644 index 000000000..ac321857b --- /dev/null +++ b/import-layers/meta-openembedded/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb @@ -0,0 +1,38 @@ +SUMMARY = "Web-based MySQL administration interface" +HOMEPAGE = "http://www.phpmyadmin.net" +# Main code is GPLv2, libraries/tcpdf is under LGPLv3, js/jquery is under MIT +LICENSE = "GPLv2 & LGPLv3 & MIT" +LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://libraries/tcpdf/LICENSE.TXT;md5=5c87b66a5358ebcc495b03e0afcd342c" + +SRC_URI = "https://files.phpmyadmin.net/phpMyAdmin/4.5.0.2/phpMyAdmin-4.5.0.2-all-languages.tar.xz \ + file://Port-content-spoofing-fix-CVE-2015-7873.patch \ + file://apache.conf \ + file://phpmyadmin-CVE-2015-8669.patch \ +" + +SRC_URI[md5sum] = "2d08d2fcc8f70f88a11a14723e3ca275" +SRC_URI[sha256sum] = "d2e90ea486d90b4ebe5eb02d7ad349ad2916c12a8981f98553395ef78d22a8ec" + +S = "${WORKDIR}/phpMyAdmin-${PV}-all-languages" + +inherit allarch + +do_install() { + install -d ${D}${datadir}/${BPN} + cp -R --no-dereference --preserve=mode,links -v * ${D}${datadir}/${BPN} + chown -R root:root ${D}${datadir}/${BPN} + # Don't install patches to target + rm -rf ${D}${datadir}/${BPN}/patches + + install -d ${D}${sysconfdir}/apache2/conf.d + install -m 0644 ${WORKDIR}/apache.conf ${D}${sysconfdir}/apache2/conf.d/phpmyadmin.conf + + # Remove a few scripts that explicitly require bash (!) + rm -f ${D}${datadir}/phpmyadmin/libraries/transformations/*.sh +} + +FILES_${PN} = "${datadir}/${BPN} \ + ${sysconfdir}/apache2/conf.d" + +RDEPENDS_${PN} += "bash" diff --git a/import-layers/meta-openembedded/meta-webserver/recipes-php/xdebug/xdebug_2.2.6.bb b/import-layers/meta-openembedded/meta-webserver/recipes-php/xdebug/xdebug_2.2.6.bb new file mode 100644 index 000000000..1ecac88f0 --- /dev/null +++ b/import-layers/meta-openembedded/meta-webserver/recipes-php/xdebug/xdebug_2.2.6.bb @@ -0,0 +1,34 @@ +SUMMARY = "Debugging and profiling extension for PHP" +LICENSE = "Xdebug" +LIC_FILES_CHKSUM = "file://LICENSE;md5=34df3a274aa12b795417c65634c07f16" + +DEPENDS = "php" + +SRC_URI = "http://xdebug.org/files/xdebug-${PV}.tgz" + +SRC_URI[md5sum] = "f216356861e27284580d0208060ea7fa" +SRC_URI[sha256sum] = "6dd1cba0605e75009331aa3625a19ef49ade5a75aa9fe2ff8a818108d2cce84e" + +inherit autotools + +EXTRA_OECONF += "--enable-xdebug -with-php-config=${STAGING_BINDIR_CROSS}/php-config" + +do_configure() { + cd ${S} + ${STAGING_BINDIR_CROSS}/phpize + cd ${B} + + # Running autoreconf as autotools_do_configure would do here + # breaks the libtool configuration resulting in a failure later + # in do_compile. It's possible this may be fixable, however the + # easiest course of action for the moment is to avoid doing that. + oe_runconf +} + +do_install() { + oe_runmake install INSTALL_ROOT=${D} +} + +FILES_${PN} += "${libdir}/php5/extensions/*/*.so" +FILES_${PN}-dbg += "${libdir}/php5/extensions/*/.debug" + |