diff options
| author | schnoebe <schnoebe> | 2014-02-24 16:31:03 +0000 |
|---|---|---|
| committer | schnoebe <schnoebe> | 2014-02-24 16:31:03 +0000 |
| commit | 1340440c3d6696123b227ebab1e3849948f89c09 (patch) | |
| tree | c89ed71e9c886a4dfa658f69ee47c4d8f6e1aa5c | |
| parent | 77cde02c2f8a82741bddfe786fae78500d9c5b05 (diff) | |
| download | pkgsrc-1340440c3d6696123b227ebab1e3849948f89c09.tar.gz | |
Resolve the vunerability reported in PMASA-2014-1.
Based on GIT commit
https://github.com/phpmyadmin/phpmyadmin/commit/968d5d5f486820bfa30af046f063b9f23304e14a
RT ticket 4333.
| -rw-r--r-- | databases/phpmyadmin/Makefile | 3 | ||||
| -rw-r--r-- | databases/phpmyadmin/distinfo | 3 | ||||
| -rw-r--r-- | databases/phpmyadmin/patches/patch-import.php | 33 |
3 files changed, 37 insertions, 2 deletions
diff --git a/databases/phpmyadmin/Makefile b/databases/phpmyadmin/Makefile index 8cc00d857df..c9cbb85fb78 100644 --- a/databases/phpmyadmin/Makefile +++ b/databases/phpmyadmin/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.122 2013/12/06 18:34:54 tron Exp $ +# $NetBSD: Makefile,v 1.122.2.1 2014/02/24 16:31:03 schnoebe Exp $ DISTNAME= phpMyAdmin-${DIST_VERSION}-all-languages +PKGREVISION= 1 PKGNAME= phpmyadmin-${DIST_VERSION:S/-//} CATEGORIES= databases www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=phpmyadmin/} diff --git a/databases/phpmyadmin/distinfo b/databases/phpmyadmin/distinfo index 96a3a228c37..0637f8f07bc 100644 --- a/databases/phpmyadmin/distinfo +++ b/databases/phpmyadmin/distinfo @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.79 2013/12/06 18:34:54 tron Exp $ +$NetBSD: distinfo,v 1.79.2.1 2014/02/24 16:31:03 schnoebe Exp $ SHA1 (phpMyAdmin-4.0.10-all-languages.tar.xz) = 2002e954471b3c76eddd5ffc14c224089bc08d26 RMD160 (phpMyAdmin-4.0.10-all-languages.tar.xz) = c78ea8b17fd01472df3eb7d25a8a0ef6a94eb6d0 Size (phpMyAdmin-4.0.10-all-languages.tar.xz) = 4774280 bytes +SHA1 (patch-import.php) = 134dd0d6364c4903012b7d3b826b463706f9d71a SHA1 (patch-libraries_vendor_config.php) = af587496e999bf1e92d6c5a9ab8053fe6e92a0f2 diff --git a/databases/phpmyadmin/patches/patch-import.php b/databases/phpmyadmin/patches/patch-import.php new file mode 100644 index 00000000000..83c885dd187 --- /dev/null +++ b/databases/phpmyadmin/patches/patch-import.php @@ -0,0 +1,33 @@ +$NetBSD: patch-import.php,v 1.1.2.1 2014/02/24 16:31:03 schnoebe Exp $ + +Fix "security vulnerablity" reported in PMASA-2014-1. Patch based on +the following GIT commit: + +https://github.com/phpmyadmin/phpmyadmin/commit/968d5d5f486820bfa30af046f063b9f23304e14a + +--- import.php.orig 2013-12-04 17:44:44.000000000 +0000 ++++ import.php 2014-02-22 11:21:37.000000000 +0000 +@@ -549,9 +549,9 @@ + + $message->addString($import_notice); + if (isset($local_import_file)) { +- $message->addString('(' . $local_import_file . ')'); ++ $message->addString('(' . htmlspecialchars($local_import_file) . ')'); + } else { +- $message->addString('(' . $_FILES['import_file']['name'] . ')'); ++ $message->addString('(' . htmlspecialchars($_FILES['import_file']['name']) . ')'); + } + } else { + $message = PMA_Message::success( +@@ -559,9 +559,9 @@ + ); + $message->addParam($executed_queries); + if (isset($local_import_file)) { +- $message->addString('(' . $local_import_file . ')'); ++ $message->addString('(' . htmlspecialchars($local_import_file) . ')'); + } else { +- $message->addString('(' . $_FILES['import_file']['name'] . ')'); ++ $message->addString('(' . htmlspecialchars($_FILES['import_file']['name']) . ')'); + } + } + } |