Squashed 'import-layers/meta-openembedded/' content from commit 247b126

Change-Id: I40827e9ce5fba63f1cca2a0be44976ae8383b4c0
git-subtree-dir: import-layers/meta-openembedded
git-subtree-split: 247b1267bbe95719cd4877d2d3cfbaf2a2f4865a
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

5 files changed, 180 insertions, 0 deletions

diff --git a/import-layers/meta-openembedded/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch b/import-layers/meta-openembedded/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch
new file mode 100644
index 000000000..1e6bcbda5
--- /dev/null
+++ b/import-layers/meta-openembedded/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch
@@ -0,0 +1,48 @@
+From ae7eae1cc88cbdf2d27a6f10f097ef731823689e Mon Sep 17 00:00:00 2001
+From: Wenzong Fan <wenzong.fan@windriver.com>
+Date: Sat, 14 Nov 2015 02:01:54 -0500
+Subject: [PATCH] Port content spoofing fix
+
+Backport upstream commit for fixing CVE-2015-7873:
+  https://github.com/phpmyadmin/phpmyadmin/commit/cd097656758f981f80fb9029c7d6b4294582b706
+
+Upstream-Status: Backport
+
+Signed-off-by: Marc Delisle <marc@infomarc.info>
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
+---
+ ChangeLog | 4 ++++
+ url.php   | 3 ++-
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index 4cb6708..96936c8 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -107,6 +107,10 @@ phpMyAdmin - ChangeLog
+ - issue #11448 Clarify doc about the MemoryLimit directive
+ - issue #11489 Cannot copy a database under certain conditions
+ 
++4.4.15.1 (2015-10-23)
++- issue #11464 phpMyAdmin suggests upgrading to newer version not usable on that system
++- issue [security] Content spoofing on url.php
++
+ 4.4.15.0 (not yet released)
+ - issue #11411 Undefined "replace" function on numeric scalar
+ - issue #11421 Stored-proc / routine - broken parameter parsing
+diff --git a/url.php b/url.php
+index eec78a5..9c4c884 100644
+--- a/url.php
++++ b/url.php
+@@ -32,6 +32,7 @@ if (! PMA_isValid($_REQUEST['url'])
+             }
+         </script>";
+     // Display redirecting msg on screen.
+-    printf(__('Taking you to %s.'), htmlspecialchars($_REQUEST['url']));
++    // Do not display the value of $_REQUEST['url'] to avoid showing injected content
++    echo __('Taking you to the target site.');
+ }
+ die();
+-- 
+1.9.1
+
diff --git a/import-layers/meta-openembedded/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/apache.conf b/import-layers/meta-openembedded/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/apache.conf
new file mode 100644
index 000000000..94cbd865c
--- /dev/null
+++ b/import-layers/meta-openembedded/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/apache.conf
@@ -0,0 +1,42 @@
+# phpMyAdmin default Apache configuration
+
+Alias /phpmyadmin /usr/share/phpmyadmin
+
+<Directory /usr/share/phpmyadmin>
+	Options FollowSymLinks
+	DirectoryIndex index.php
+	Require all granted
+
+	<IfModule mod_php5.c>
+		AddType application/x-httpd-php .php
+
+		php_flag magic_quotes_gpc Off
+		php_flag track_vars On
+		php_flag register_globals Off
+		php_admin_flag allow_url_fopen Off
+		php_value include_path .
+		php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
+		php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/
+	</IfModule>
+</Directory>
+
+# Authorize for setup
+<Directory /usr/share/phpmyadmin/setup>
+    <IfModule mod_authn_file.c>
+    AuthType Basic
+    AuthName "phpMyAdmin Setup"
+    AuthUserFile /etc/phpmyadmin/htpasswd.setup
+    </IfModule>
+    Require valid-user
+</Directory>
+
+# Disallow web access to directories that don't need it
+<Directory /usr/share/phpmyadmin/libraries>
+    Order Deny,Allow
+    Deny from All
+</Directory>
+<Directory /usr/share/phpmyadmin/setup/lib>
+    Order Deny,Allow
+    Deny from All
+</Directory>
+
diff --git a/import-layers/meta-openembedded/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/phpmyadmin-CVE-2015-8669.patch b/import-layers/meta-openembedded/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/phpmyadmin-CVE-2015-8669.patch
new file mode 100644
index 000000000..65fff6455
--- /dev/null
+++ b/import-layers/meta-openembedded/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/phpmyadmin-CVE-2015-8669.patch
@@ -0,0 +1,18 @@
+[Security] Path disclosure, see PMASA-2015-6
+
+Upstream-Status: Bacport
+
+Signed-off-by: Marc Delisle <marc@infomarc.info>
+
+diff -Nur phpMyAdmin-4.5.0.2-all-languages.orig/libraries/config/messages.inc.php phpMyAdmin-4.5.0.2-all-languages/libraries/config/messages.inc.php
+--- phpMyAdmin-4.5.0.2-all-languages.orig/libraries/config/messages.inc.php	2016-01-20 15:11:15.410106888 +0800
++++ phpMyAdmin-4.5.0.2-all-languages/libraries/config/messages.inc.php	2016-01-20 15:14:05.758108076 +0800
+@@ -11,7 +11,7 @@
+  */
+ 
+ if (!function_exists('__')) {
+-    PMA_fatalError('Bad invocation!');
++    exit();
+ }
+ 
+ $strConfigAllowArbitraryServer_desc = __(
diff --git a/import-layers/meta-openembedded/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb b/import-layers/meta-openembedded/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb
new file mode 100644
index 000000000..ac321857b
--- /dev/null
+++ b/import-layers/meta-openembedded/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb
@@ -0,0 +1,38 @@
+SUMMARY = "Web-based MySQL administration interface"
+HOMEPAGE = "http://www.phpmyadmin.net"
+# Main code is GPLv2, libraries/tcpdf is under LGPLv3, js/jquery is under MIT
+LICENSE = "GPLv2 & LGPLv3 & MIT"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
+                    file://libraries/tcpdf/LICENSE.TXT;md5=5c87b66a5358ebcc495b03e0afcd342c"
+
+SRC_URI = "https://files.phpmyadmin.net/phpMyAdmin/4.5.0.2/phpMyAdmin-4.5.0.2-all-languages.tar.xz \
+           file://Port-content-spoofing-fix-CVE-2015-7873.patch \
+           file://apache.conf \
+           file://phpmyadmin-CVE-2015-8669.patch \
+"
+
+SRC_URI[md5sum] = "2d08d2fcc8f70f88a11a14723e3ca275"
+SRC_URI[sha256sum] = "d2e90ea486d90b4ebe5eb02d7ad349ad2916c12a8981f98553395ef78d22a8ec"
+
+S = "${WORKDIR}/phpMyAdmin-${PV}-all-languages"
+
+inherit allarch
+
+do_install() {
+    install -d ${D}${datadir}/${BPN}
+    cp -R --no-dereference --preserve=mode,links -v * ${D}${datadir}/${BPN}
+    chown -R root:root ${D}${datadir}/${BPN}
+    # Don't install patches to target
+    rm -rf ${D}${datadir}/${BPN}/patches
+
+    install -d ${D}${sysconfdir}/apache2/conf.d
+    install -m 0644 ${WORKDIR}/apache.conf ${D}${sysconfdir}/apache2/conf.d/phpmyadmin.conf
+
+    # Remove a few scripts that explicitly require bash (!)
+    rm -f ${D}${datadir}/phpmyadmin/libraries/transformations/*.sh
+}
+
+FILES_${PN} = "${datadir}/${BPN} \
+               ${sysconfdir}/apache2/conf.d"
+
+RDEPENDS_${PN} += "bash"
diff --git a/import-layers/meta-openembedded/meta-webserver/recipes-php/xdebug/xdebug_2.2.6.bb b/import-layers/meta-openembedded/meta-webserver/recipes-php/xdebug/xdebug_2.2.6.bb
new file mode 100644
index 000000000..1ecac88f0
--- /dev/null
+++ b/import-layers/meta-openembedded/meta-webserver/recipes-php/xdebug/xdebug_2.2.6.bb
@@ -0,0 +1,34 @@
+SUMMARY = "Debugging and profiling extension for PHP"
+LICENSE = "Xdebug"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=34df3a274aa12b795417c65634c07f16"
+
+DEPENDS = "php"
+
+SRC_URI = "http://xdebug.org/files/xdebug-${PV}.tgz"
+
+SRC_URI[md5sum] = "f216356861e27284580d0208060ea7fa"
+SRC_URI[sha256sum] = "6dd1cba0605e75009331aa3625a19ef49ade5a75aa9fe2ff8a818108d2cce84e"
+
+inherit autotools
+
+EXTRA_OECONF += "--enable-xdebug -with-php-config=${STAGING_BINDIR_CROSS}/php-config"
+
+do_configure() {
+    cd ${S}
+    ${STAGING_BINDIR_CROSS}/phpize
+    cd ${B}
+
+    # Running autoreconf as autotools_do_configure would do here
+    # breaks the libtool configuration resulting in a failure later
+    # in do_compile. It's possible this may be fixable, however the
+    # easiest course of action for the moment is to avoid doing that.
+    oe_runconf
+}
+
+do_install() {
+    oe_runmake install INSTALL_ROOT=${D}
+}
+
+FILES_${PN} += "${libdir}/php5/extensions/*/*.so"
+FILES_${PN}-dbg += "${libdir}/php5/extensions/*/.debug"
+