Add fixes for the security vulnerabilities reported in CVE-2010-4480 and

CVE-2010-4481 taken from the phpMyAdmin GIT repository.

Thanks a lot to Tim Zingelman for pointing out that the fixes had
finally been made available.
This commit is contained in:
tron 2011-01-27 13:45:55 +00:00
parent 01b65be373
commit dddbf0533e
7 changed files with 144 additions and 4 deletions

View file

@ -1,7 +1,8 @@
# $NetBSD: Makefile,v 1.85 2010/11/29 19:13:30 tron Exp $
# $NetBSD: Makefile,v 1.86 2011/01/27 13:45:55 tron Exp $
DISTNAME= phpMyAdmin-${DIST_VERSION}-all-languages
PKGNAME= phpmyadmin-${DIST_VERSION:S/-//}
PKGREVISION= 1
CATEGORIES= databases www
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=phpmyadmin/}
EXTRACT_SUFX= .tar.bz2
@ -55,6 +56,10 @@ INSTALL_DIRS= js lang libraries libraries/auth libraries/dbg \
themes/darkblue_orange/css themes/darkblue_orange/img \
themes/original themes/original/css themes/original/img
# Part of the fix for CVE-2010-4480.
post-extract:
${RM} -f ${WRKSRC}/error.php
do-configure:
${SED} -e "s|@PMDIR@|${PMDIR}|g" ${FILESDIR}/phpmyadmin.conf \
>${WRKDIR}/phpmyadmin.conf

View file

@ -1,4 +1,4 @@
@comment $NetBSD: PLIST,v 1.21 2009/06/14 17:43:21 joerg Exp $
@comment $NetBSD: PLIST,v 1.22 2011/01/27 13:45:55 tron Exp $
share/doc/phpmyadmin/CREDITS
share/doc/phpmyadmin/ChangeLog
share/doc/phpmyadmin/Documentation.txt
@ -26,7 +26,6 @@ share/phpmyadmin/db_search.php
share/phpmyadmin/db_sql.php
share/phpmyadmin/db_structure.php
share/phpmyadmin/docs.css
share/phpmyadmin/error.php
share/phpmyadmin/export.php
share/phpmyadmin/import.php
share/phpmyadmin/index.php
@ -197,6 +196,7 @@ share/phpmyadmin/libraries/engines/merge.lib.php
share/phpmyadmin/libraries/engines/mrg_myisam.lib.php
share/phpmyadmin/libraries/engines/myisam.lib.php
share/phpmyadmin/libraries/engines/ndbcluster.lib.php
share/phpmyadmin/libraries/error.inc.php
share/phpmyadmin/libraries/export/csv.php
share/phpmyadmin/libraries/export/excel.php
share/phpmyadmin/libraries/export/htmlexcel.php

View file

@ -1,5 +1,9 @@
$NetBSD: distinfo,v 1.46 2010/11/29 19:13:30 tron Exp $
$NetBSD: distinfo,v 1.47 2011/01/27 13:45:55 tron Exp $
SHA1 (phpMyAdmin-2.11.11.1-all-languages.tar.bz2) = da1b74626a24dd296ed0ccad04ad8d1e49b7c398
RMD160 (phpMyAdmin-2.11.11.1-all-languages.tar.bz2) = bda8a90444df683eea585769a186df42498a96cf
Size (phpMyAdmin-2.11.11.1-all-languages.tar.bz2) = 3122604 bytes
SHA1 (patch-CVE-2010-4480-1) = e2a36a254e573406bc8aeb027935b1dde5717c03
SHA1 (patch-CVE-2010-4480-2) = 650f0a8d60a1ad1e1a14c8c66c715d4304138433
SHA1 (patch-CVE-2010-4480-3) = 403dbfdd099e5928f38fa1a9beac210b26e8ab89
SHA1 (patch-CVE-2010-4481) = 3bbf3576d8c39df22613ac2560cadb6f890f534e

View file

@ -0,0 +1,16 @@
$NetBSD: patch-CVE-2010-4480-1,v 1.1 2011/01/27 13:45:55 tron Exp $
Fix for CVE-2010-4480 taken from the phpMyAdmin GIT repository:
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=b01a58118f973f98ab99a4bb28d340af49fa251f
--- libraries/common.inc.php.orig 2010-11-29 17:18:35.000000000 +0000
+++ libraries/common.inc.php 2011-01-27 13:21:56.000000000 +0000
@@ -305,7 +305,6 @@
'db_printview.php',
'db_search.php',
//'Documentation.html',
- //'error.php',
'export.php',
'import.php',
//'index.php',

View file

@ -0,0 +1,33 @@
$NetBSD: patch-CVE-2010-4480-2,v 1.1 2011/01/27 13:45:55 tron Exp $
Fix for CVE-2010-4480 taken from the phpMyAdmin GIT repository:
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=b01a58118f973f98ab99a4bb28d340af49fa251f
--- libraries/core.lib.php.orig 2010-11-29 17:18:35.000000000 +0000
+++ libraries/core.lib.php 2011-01-27 13:21:56.000000000 +0000
@@ -241,18 +241,18 @@
$error_message = strtr($error_message, array('<br />' => '[br]'));
// Displays the error message
- // (do not use &amp; for parameters sent by header)
- header('Location: ' . (defined('PMA_SETUP') ? '../' : '') . 'error.php'
- . '?lang=' . urlencode($GLOBALS['available_languages'][$GLOBALS['lang']][2])
- . '&dir=' . urlencode($GLOBALS['text_dir'])
- . '&type=' . urlencode($GLOBALS['strError'])
- . '&error=' . urlencode($error_message));
+ $lang = $GLOBALS['available_languages'][$GLOBALS['lang']][2];
+ $dir = $GLOBALS['text_dir'];
+ $type = $GLOBALS['strError'];
+ $error = $error_message;
// on fatal errors it cannot hurt to always delete the current session
if (isset($GLOBALS['session_name']) && isset($_COOKIE[$GLOBALS['session_name']])) {
PMA_removeCookie($GLOBALS['session_name']);
}
+ require('./libraries/error.inc.php');
+
exit;
}

View file

@ -0,0 +1,66 @@
$NetBSD: patch-CVE-2010-4480-3,v 1.1 2011/01/27 13:45:55 tron Exp $
Fix for CVE-2010-4480 taken from the phpMyAdmin GIT repository:
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=b01a58118f973f98ab99a4bb28d340af49fa251f
--- /dev/null 2011-01-27 13:21:56.000000000 +0000
+++ libraries/error.inc.php 2011-01-27 13:21:56.000000000 +0000
@@ -0,0 +1,57 @@
+<?php
+/* vim: set expandtab sw=4 ts=4 sts=4: */
+/**
+ * phpMyAdmin fatal error display page
+ *
+ * @package phpMyAdmin
+ */
+
+if (! defined('PHPMYADMIN')) {
+ exit;
+}
+
+header('Content-Type: text/html; charset=utf-8');
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php echo $lang; ?>" dir="<?php echo $dir; ?>">
+<head>
+ <link rel="icon" href="./favicon.ico" type="image/x-icon" />
+ <link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
+ <title>phpMyAdmin</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+ <style type="text/css">
+ <!--
+ html {
+ padding: 0;
+ margin: 0;
+ }
+ body {
+ font-family: sans-serif;
+ font-size: small;
+ color: #000000;
+ background-color: #F5F5F5;
+ margin: 1em;
+ }
+ h1 {
+ margin: 0;
+ padding: 0.3em;
+ font-size: 1.4em;
+ font-weight: bold;
+ color: #ffffff;
+ background-color: #ff0000;
+ }
+ p {
+ margin: 0;
+ padding: 0.5em;
+ border: 0.1em solid red;
+ background-color: #ffeeee;
+ }
+ //-->
+ </style>
+</head>
+<body>
+<h1>phpMyAdmin - <?php echo $error_header; ?></h1>
+<p><?php echo PMA_sanitize($error_message); ?></p>
+</body>
+</html>
+

View file

@ -0,0 +1,16 @@
$NetBSD: patch-CVE-2010-4481,v 1.1 2011/01/27 13:45:55 tron Exp $
Fix for CVE-2010-4481 taken from the phpMyAdmin GIT repository:
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=373a6626ade37c0fee1dfc7c757ca55c7652874b
--- phpinfo.php.orig 2010-11-29 17:18:35.000000000 +0000
+++ phpinfo.php 2011-01-27 13:33:04.000000000 +0000
@@ -8,7 +8,6 @@
/**
* Gets core libraries and defines some variables
*/
-define('PMA_MINIMUM_COMMON', true);
require_once './libraries/common.inc.php';