helium-3rd-party/meta-openembedded
1
0
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-05-18 06:47:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
meta-openembedded/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.2.7.bb
Roy Li 9167cec3d6 phpmyadmin: fix for Security Advisory CVE-2014-5274 
Cross-site scripting (XSS) vulnerability in the view operations page in
phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote
authenticated users to inject arbitrary web script or HTML via a crafted
view name, related to js/functions.js.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5274

Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2014-12-01 14:24:50 +01:00

35 lines
1.3 KiB
BlitzBasic
Raw Permalink Blame History

SUMMARY = "Web-based MySQL administration interface"
HOMEPAGE = "http://www.phpmyadmin.net"
# Main code is GPLv2, libraries/tcpdf is under LGPLv3, js/jquery is under MIT
LICENSE = "GPLv2 & LGPLv3 & MIT"
LIC_FILES_CHKSUM = "file://LICENSE;md5=eb723b61539feef013de476e68b5c50a \
file://libraries/tcpdf/LICENSE.TXT;md5=5c87b66a5358ebcc495b03e0afcd342c"
SRC_URI = "${SOURCEFORGE_MIRROR}/phpmyadmin/phpMyAdmin/${PV}/phpMyAdmin-${PV}-all-languages.tar.xz \
file://0001-bug-4504-security-Self-XSS-in-query-charts.patch \
file://0001-bug-4505-security-XSS-in-view-operations-page.patch \
file://apache.conf"
SRC_URI[md5sum] = "0dcd755450dac819f33502590c88ad29"
SRC_URI[sha256sum] = "5d101dd88a99a869bc0c684a7f687cf290abc4bf306daac73337cbde2d7743e4"
S = "${WORKDIR}/phpMyAdmin-${PV}-all-languages"
inherit allarch
do_install() {
install -d ${D}${datadir}/${BPN}
cp -a * ${D}${datadir}/${BPN}
install -d ${D}${sysconfdir}/apache2/conf.d
install -m 0644 ${WORKDIR}/apache.conf ${D}${sysconfdir}/apache2/conf.d/phpmyadmin.conf
# Remove a few scripts that explicitly require bash (!)
rm -f ${D}${datadir}/phpmyadmin/libraries/transformations/*.sh
}
FILES_${PN} = "${datadir}/${BPN} \
${sysconfdir}/apache2/conf.d"
RDEPENDS_${PN} += "bash"
Reference in New Issue View Git Blame Copy Permalink