cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

backport security fixes for CVE-2014-4348 and CVE-2014-4349

Browse Source
This commit is contained in:
giovanni 2014-07-03 13:13:59 +00:00
parent 6c64cb1ebf
commit 8badbcfe24
5 changed files with 128 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
www/phpmyadmin/Makefile
View File

@ -1,14 +1,14 @@
# $OpenBSD: Makefile,v 1.104 2014/06/13 17:01:36 giovanni Exp $
# $OpenBSD: Makefile,v 1.105 2014/07/03 13:13:59 giovanni Exp $
COMMENT= tool to handle the administration of MySQL over the web
V= 4.2.2
REVISION= 1
PKGNAME= phpMyAdmin-$V
DISTNAME= phpMyAdmin-$V-all-languages
CATEGORIES= www
HOMEPAGE= http://www.phpmyadmin.net/
REVISION= 0
MAINTAINER= Giovanni Bechis <giovanni@openbsd.org>

67
www/phpmyadmin/patches/patch-libraries_RecentFavoriteTable_class_php Normal file
View File

@ -0,0 +1,67 @@
$OpenBSD: patch-libraries_RecentFavoriteTable_class_php,v 1.1 2014/07/03 13:13:59 giovanni Exp $
fix for CVE-2014-4348
--- libraries/RecentFavoriteTable.class.php.orig Thu Jun 26 11:22:05 2014
+++ libraries/RecentFavoriteTable.class.php Thu Jun 26 11:30:44 2014
@@ -203,36 +203,46 @@ class PMA_RecentFavoriteTable
if ($this->_tableType == 'recent') {
foreach ($this->_tables as $table) {
$html .= '<li class="warp_link">';
- $html .= '<a href="sql.php?server=' . $GLOBALS['server']
- . '&db=' . $table['db']
- . '&table=' . $table['table']
- . '&token=' . $_SESSION[' PMA_token ']
- . '">`' . $table['db'] . '`.`' . $table['table'] . '`</a>';
+ $recent_params = array(
+ 'db' => $table['db'],
+ 'table' => $table['table']
+ );
+ $recent_url = 'sql.php'
+ . PMA_URL_getCommon($recent_params);
+ $html .= '<a href="' . $recent_url . '">`'
+ . htmlspecialchars($table['db']) . '`.`'
+ . htmlspecialchars($table['table']) . '`</a>';
$html .= '</li>';
}
} else {
foreach ($this->_tables as $table) {
$html .= '<li class="warp_link">';
- $html .= '<a class="ajax favorite_table_anchor"';
- $fav_params = array('db' => $table['db'],
- 'ajax_request' => true,
- 'favorite_table' => $table['table'],
- 'remove_favorite' => true);
+ $html .= '<a class="ajax favorite_table_anchor" ';
+ $fav_params = array(
+ 'db' => $table['db'],
+ 'ajax_request' => true,
+ 'favorite_table' => $table['table'],
+ 'remove_favorite' => true
+ );
$fav_rm_url = 'db_structure.php'
. PMA_URL_getCommon($fav_params);
$html .= 'href="' . $fav_rm_url
. '" title="' . __("Remove from Favorites")
- . '" data-favtargetn="' . $table['db'] . "." . $table['table']
+ . '" data-favtargetn="' . md5($table['db'] . "." . $table['table'])
. '" >'
. PMA_Util::getIcon('b_favorite.png')
. '</a>';
- $html .= '<a href="sql.php?server=' . $GLOBALS['server']
- . '&db=' . $table['db']
- . '&table=' . $table['table']
- . '&token=' . $_SESSION[' PMA_token ']
- . '">`' . $table['db'] . '`.`' . $table['table'] . '`</a>';
+ $fav_params = array(
+ 'db' => $table['db'],
+ 'table' => $table['table']
+ );
+ $table_url = 'sql.php'
+ . PMA_URL_getCommon($fav_params);
+ $html .= '<a href="' . $table_url . '">`'
+ . htmlspecialchars($table['db']) . '`.`'
+ . htmlspecialchars($table['table']) . '`</a>';
$html .= '</li>';
}
}

17
www/phpmyadmin/patches/patch-libraries_navigation_Navigation_class_php Normal file
View File

@ -0,0 +1,17 @@
$OpenBSD: patch-libraries_navigation_Navigation_class_php,v 1.1 2014/07/03 13:13:59 giovanni Exp $
Fix for CVE-2014-4349
--- libraries/navigation/Navigation.class.php.orig Wed Jul 2 12:52:09 2014
+++ libraries/navigation/Navigation.class.php Wed Jul 2 12:52:50 2014
@@ -189,9 +189,9 @@ class PMA_Navigation
$html .= '<td style="width:80px"><a href="navigation.php?'
. PMA_URL_getCommon()
. '&unhideNavItem=true'
- . '&itemType=' . $t
- . '&itemName=' . urldecode($hiddenItem)
- . '&dbName=' . urldecode($dbName) . '"'
+ . '&itemType=' . urlencode($t)
+ . '&itemName=' . urlencode($hiddenItem)
+ . '&dbName=' . urlencode($dbName) . '"'
. ' class="unhideNavItem ajax">'
. PMA_Util::getIcon('lightbulb.png', __('Show'))
. '</a></td>';

17
www/phpmyadmin/patches/patch-libraries_navigation_Nodes_Node_DatabaseChild_class_php Normal file
View File

@ -0,0 +1,17 @@
$OpenBSD: patch-libraries_navigation_Nodes_Node_DatabaseChild_class_php,v 1.1 2014/07/03 13:13:59 giovanni Exp $
Fix for CVE-2014-4349
--- libraries/navigation/Nodes/Node_DatabaseChild.class.php.orig Wed Jul 2 12:53:08 2014
+++ libraries/navigation/Nodes/Node_DatabaseChild.class.php Wed Jul 2 12:53:31 2014
@@ -32,9 +32,9 @@ abstract class Node_DatabaseChild extends Node
. '<a href="navigation.php?'
. PMA_URL_getCommon()
. '&hideNavItem=true'
- . '&itemType=' . urldecode($this->getItemType())
- . '&itemName=' . urldecode($item)
- . '&dbName=' . urldecode($db) . '"'
+ . '&itemType=' . urlencode($this->getItemType())
+ . '&itemName=' . urlencode($item)
+ . '&dbName=' . urlencode($db) . '"'
. ' class="hideNavItem ajax">'
. PMA_Util::getImage('lightbulb_off.png', __('Hide'))
. '</a></span>';

25
www/phpmyadmin/patches/patch-libraries_structure_lib_php Normal file
View File

@ -0,0 +1,25 @@
$OpenBSD: patch-libraries_structure_lib_php,v 1.1 2014/07/03 13:13:59 giovanni Exp $
Fix for CVE-2014-4348
--- libraries/structure.lib.php.orig Thu Jun 26 11:25:45 2014
+++ libraries/structure.lib.php Thu Jun 26 11:27:54 2014
@@ -2735,9 +2735,8 @@ function PMA_checkFavoriteTable($db, $current_table)
function PMA_getHtmlForFavoriteAnchor($db, $current_table, $titles)
{
$html_output = '<a ';
- $html_output .= 'id="' . preg_replace(
- '/\s+/', '', $current_table['TABLE_NAME']
- ) . '_favorite_anchor" ';
+ $html_output .= 'id="' . md5($current_table['TABLE_NAME'])
+ . '_favorite_anchor" ';
$html_output .= 'class="ajax favorite_table_anchor';
// Check if current table is already in favorite list.
@@ -2751,7 +2750,7 @@ function PMA_getHtmlForFavoriteAnchor($db, $current_ta
$html_output .= 'href="' . $fav_url
. '" title="' . ($already_favorite ? __("Remove from Favorites")
: __("Add to Favorites"))
- . '" data-favtargets="' . $db . "." . $current_table['TABLE_NAME']
+ . '" data-favtargets="' . md5($db . "." . $current_table['TABLE_NAME'])
. '" >'
. (!$already_favorite ? $titles['NoFavorite']
: $titles['Favorite']) . '</a>';