From 85986e6d73e7ca525455021ea29b0df8b725c591 Mon Sep 17 00:00:00 2001
From: Yi Zhao <yi.zhao@windriver.com>
Date: Wed, 5 Sep 2018 13:06:03 +0800
Subject: phpmyadmin: upgrade 4.8.2 -> 4.8.3

Security fixes:
CVE-2018-15605: An issue was discovered in phpMyAdmin before 4.8.3. A
Cross-Site Scripting vulnerability has been found where an attacker can
use a crafted file to manipulate an authenticated user who loads that
file through the import feature.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 .../recipes-php/phpmyadmin/phpmyadmin_4.8.2.bb     | 41 ----------------------
 .../recipes-php/phpmyadmin/phpmyadmin_4.8.3.bb     | 41 ++++++++++++++++++++++
 2 files changed, 41 insertions(+), 41 deletions(-)
 delete mode 100644 meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.8.2.bb
 create mode 100644 meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.8.3.bb

diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.8.2.bb b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.8.2.bb
deleted file mode 100644
index a626852b97..0000000000
--- a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.8.2.bb
+++ /dev/null
@@ -1,41 +0,0 @@
-SUMMARY = "Web-based MySQL administration interface"
-HOMEPAGE = "http://www.phpmyadmin.net"
-# Main code is GPLv2, vendor/tecnickcom/tcpdf is under LGPLv3, js/jquery is under MIT
-LICENSE = "GPLv2 & LGPLv3 & MIT"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
-                    file://vendor/tecnickcom/tcpdf/LICENSE.TXT;md5=5c87b66a5358ebcc495b03e0afcd342c \
-                    file://js/vendor/jquery/MIT-LICENSE.txt;md5=e43aa437a6a1ba421653bd5034333bf9 \
-"
-
-SRC_URI = "https://files.phpmyadmin.net/phpMyAdmin/${PV}/phpMyAdmin-${PV}-all-languages.tar.xz \
-           file://apache.conf \
-"
-
-SRC_URI[md5sum] = "047b340a038b89e9e34f426084101f03"
-SRC_URI[sha256sum] = "2b42e75274ab078a0c2ca3aff767f45d1d81849f9f762a2ed0674819f061ba1d"
-
-UPSTREAM_CHECK_URI = "https://www.phpmyadmin.net/downloads/"
-UPSTREAM_CHECK_REGEX = "phpMyAdmin-(?P<pver>\d+(\.\d+)+)-all-languages.tar.xz"
-
-S = "${WORKDIR}/phpMyAdmin-${PV}-all-languages"
-
-inherit allarch
-
-do_install() {
-    install -d ${D}${datadir}/${BPN}
-    cp -R --no-dereference --preserve=mode,links -v * ${D}${datadir}/${BPN}
-    chown -R root:root ${D}${datadir}/${BPN}
-    # Don't install patches to target
-    rm -rf ${D}${datadir}/${BPN}/patches
-
-    install -d ${D}${sysconfdir}/apache2/conf.d
-    install -m 0644 ${WORKDIR}/apache.conf ${D}${sysconfdir}/apache2/conf.d/phpmyadmin.conf
-
-    # Remove a few scripts that explicitly require bash (!)
-    rm -f ${D}${datadir}/phpmyadmin/libraries/transformations/*.sh
-}
-
-FILES_${PN} = "${datadir}/${BPN} \
-               ${sysconfdir}/apache2/conf.d"
-
-RDEPENDS_${PN} += "bash php-cli"
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.8.3.bb b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.8.3.bb
new file mode 100644
index 0000000000..975f631931
--- /dev/null
+++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.8.3.bb
@@ -0,0 +1,41 @@
+SUMMARY = "Web-based MySQL administration interface"
+HOMEPAGE = "http://www.phpmyadmin.net"
+# Main code is GPLv2, vendor/tecnickcom/tcpdf is under LGPLv3, js/jquery is under MIT
+LICENSE = "GPLv2 & LGPLv3 & MIT"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
+                    file://vendor/tecnickcom/tcpdf/LICENSE.TXT;md5=5c87b66a5358ebcc495b03e0afcd342c \
+                    file://js/vendor/jquery/MIT-LICENSE.txt;md5=e43aa437a6a1ba421653bd5034333bf9 \
+"
+
+SRC_URI = "https://files.phpmyadmin.net/phpMyAdmin/${PV}/phpMyAdmin-${PV}-all-languages.tar.xz \
+           file://apache.conf \
+"
+
+SRC_URI[md5sum] = "c8a603f4b78d1dbcefc191b8ae598c79"
+SRC_URI[sha256sum] = "95f2692094d31c2c323d4767023583ab112ad54fff9e3af372710fcb676151af"
+
+UPSTREAM_CHECK_URI = "https://www.phpmyadmin.net/downloads/"
+UPSTREAM_CHECK_REGEX = "phpMyAdmin-(?P<pver>\d+(\.\d+)+)-all-languages.tar.xz"
+
+S = "${WORKDIR}/phpMyAdmin-${PV}-all-languages"
+
+inherit allarch
+
+do_install() {
+    install -d ${D}${datadir}/${BPN}
+    cp -R --no-dereference --preserve=mode,links -v * ${D}${datadir}/${BPN}
+    chown -R root:root ${D}${datadir}/${BPN}
+    # Don't install patches to target
+    rm -rf ${D}${datadir}/${BPN}/patches
+
+    install -d ${D}${sysconfdir}/apache2/conf.d
+    install -m 0644 ${WORKDIR}/apache.conf ${D}${sysconfdir}/apache2/conf.d/phpmyadmin.conf
+
+    # Remove a few scripts that explicitly require bash (!)
+    rm -f ${D}${datadir}/phpmyadmin/libraries/transformations/*.sh
+}
+
+FILES_${PN} = "${datadir}/${BPN} \
+               ${sysconfdir}/apache2/conf.d"
+
+RDEPENDS_${PN} += "bash php-cli"
-- 
cgit 1.2.3-korg