debian/0000775000000000000000000000000013256271402007172 5ustar debian/watch0000664000000000000000000000010713254345604010225 0ustar version=3 http://sf.net/adminer/adminer-(.+)\.zip debian debian/repack debian/copyright0000664000000000000000000000154113254345604011132 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: adminer Source: http://www.adminer.org/ Files: * Copyright: Copyright Jakub Vrana License: Apache-2.0 Files: debian/* Copyright: Copyright 2012 Medhamsh V License: Apache-2.0 License: Apache-2.0 Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. . On Debian systems, the full text of Apache-2.0 License can be found in the file `/usr/share/common-licenses/Apache-2.0'. debian/patches/0000775000000000000000000000000013254345604010625 5ustar debian/patches/CVE-2018-7667.patch0000664000000000000000000000072013254345604013261 0ustar --- pkg-adminer.orig/adminer/include/auth.inc.php +++ pkg-adminer/adminer/include/auth.inc.php @@ -90,6 +90,10 @@ if (isset($_GET["username"])) { page_footer("auth"); exit; } + list($host, $port) = explode(":", SERVER, 2); + if (is_numeric($port) && $port < 1024) { + auth_error('Connecting to privileged ports is not allowed.'); + } $connection = connect(); } if (is_string($connection) || !$adminer->login($_GET["username"], get_session("pwds"))) { debian/patches/series0000664000000000000000000000002413254345604012036 0ustar CVE-2018-7667.patch debian/postinst0000664000000000000000000000073513254345604011011 0ustar #!/bin/sh set -e apache_install() { webserver=$1 if [ -d /etc/$webserver/conf.d ] && [ ! -e /etc/$webserver/conf.d/adminer.conf ]; then ln -s ../../adminer/apache.conf /etc/$webserver/conf.d/adminer.conf fi } apache_install apache2 if [ -f /etc/init.d/apache2 ] ; then if [ -x /usr/sbin/invoke-rc.d ]; then invoke-rc.d apache2 force-reload >/dev/null 2>&1 || true else /etc/init.d/apache2 force-reload >/dev/null 2>&1 || true fi fi #DEBHELPER# exit 0 debian/dirs0000664000000000000000000000003613254345604010061 0ustar etc/adminer usr/share/adminer debian/changelog0000664000000000000000000000130113256271402011037 0ustar adminer (3.3.3-1+deb7u1build0.14.04.1) trusty-security; urgency=medium * fake sync from Debian -- Emily Ratliff Mon, 26 Mar 2018 17:24:02 -0500 adminer (3.3.3-1+deb7u1) wheezy-security; urgency=high * CVE-2018-7667: Adminer allowed unauthenticated connections to be initiated to arbitrary systems and ports which coul bypass external firewalls to identify internal hosts and/or perform port scanning of other servers. (Closes: #893668) -- Chris Lamb Tue, 20 Mar 2018 22:40:06 -0400 adminer (3.3.3-1) unstable; urgency=low * Initial release (Closes: #658861) -- Medhamsh V Mon, 06 Feb 2012 01:29:00 +0530 debian/source/0000775000000000000000000000000013254345604010476 5ustar debian/source/format0000664000000000000000000000001413254345604011704 0ustar 3.0 (quilt) debian/rules0000775000000000000000000000130413254345604010254 0ustar #!/usr/bin/make -f # Uncomment this to turn on verbose mode. export DH_VERBOSE=1 build: build-stamp build-stamp: dh_testdir touch build-stamp clean: dh_testdir dh_testroot rm -f build-stamp dh_clean install: build dh_testdir dh_testroot dh_prep dh_installdirs dh_install binary-indep: build install dh_testdir dh_testroot dh_installchangelogs changes.txt dh_installdocs dh_installexamples dh_installdebconf dh_installman dh_link dh_compress dh_fixperms dh_installdeb dh_gencontrol dh_md5sums dh_builddeb binary-arch: get-orig-source: uscan --force-download binary: binary-indep binary-arch .PHONY: build clean build-arch build-indep binary-indep binary-arch binary install debian/README.source0000664000000000000000000000133513254345604011357 0ustar Adminer for Debian ------------------ This documentation is aimed for current and future package maintainers of adminer. The upstream source has to be repacked for two reasons: 1. The upstream is a zip archive. 2. The upstream has a file which is unused by Debian package. The file in the src externals/jsmin-php/jsmin.php is under a non-free license. Since this is not required for the package the upstream is repacked using the script, debian/repack. This script is called by uscan command per debian/watch file. debian/rules get-orig-source downloads the zip file. And then 1. Unpacks the archive. 2. Removes externals/jsmin-php/jsmin.php 3. Re-packs the archive as tar.gz This solves the problem of licensing of jsmin.php debian/compat0000664000000000000000000000000213254345604010374 0ustar 7 debian/repack0000775000000000000000000000056313254345604010375 0ustar #! /bin/sh set -e package="adminer" excludes="externals/jsmin-php" version="$2" source="$3" dest="$(dirname "$source")/${package}_${version}.orig.tar.gz" dir="$(mktemp -d)" trap "rm -rf -- '$dir'" EXIT unzip -q "$source" -d "$dir" tar -C "$dir" \ $(for exclude in $excludes; do echo " --exclude $exclude"; done) \ -caf "$dest" . rm -rf - "$dir" trap - EXIT debian/docs0000664000000000000000000000002413254345604010045 0ustar readme.txt todo.txt debian/install0000664000000000000000000000032613254345604010570 0ustar *.php usr/share/adminer adminer usr/share/adminer designs usr/share/adminer editor usr/share/adminer externals usr/share/adminer plugins usr/share/adminer tests usr/share/adminer debian/conf/* etc/adminer debian/postrm0000664000000000000000000000077613254345604010457 0ustar #!/bin/sh # postrm script for adminer set -e apache_remove() { if [ -d /etc/apache2/conf.d ] && [ -L /etc/apache2/conf.d/adminer.conf ]; then rm -f /etc/apache2/conf.d/adminer.conf fi } if [ "$1" = "remove" ] || [ "$1" = "purge" ]; then apache_remove apache2 if [ -f /etc/init.d/apache2 ] ; then if [ -x /usr/sbin/invoke-rc.d ]; then invoke-rc.d apache2 force-reload >/dev/null 2>&1 || true else /etc/init.d/apache2 force-reload >/dev/null 2>&1 || true fi fi fi #DEBHELPER# exit 0 debian/control0000664000000000000000000000153213254345604010602 0ustar Source: adminer Section: web Priority: extra Maintainer: Medhamsh V Build-Depends: debhelper (>= 7.0.50~) Standards-Version: 3.9.2 Homepage: http://www.adminer.org/ Vcs-Git: git://gitorious.org/adminer-packaging/adminer-packaging.git Vcs-Browser: https://gitorious.org/adminer-packaging/adminer-packaging Package: adminer Architecture: all Depends: ${misc:Depends}, libapache2-mod-php5 | php5-cgi | php5, php5-mysql | php5-sqlite | php5-pgsql Recommends: php5-sqlite, php5-mysql, php5-pgsql Suggests: mysql-server | postgresql | sqlite3 Description: Web-based database administration tool Adminer (formerly phpMinAdmin) is a full-featured database management tool written in PHP. Conversely to phpMyAdmin, it is a light weight application with these priorities in order: security, user experience, performance, feature set and size. debian/conf/0000775000000000000000000000000013254345604010123 5ustar debian/conf/apache.conf0000664000000000000000000000130113254345604012206 0ustar #Apache configuration Alias /adminer /usr/share/adminer/adminer Options FollowSymLinks DirectoryIndex index.php AddType application/x-httpd-php .php php_flag magic_quotes_gpc Off php_flag track_vars On php_flag register_globals Off php_value include_path . Alias /adminer-editor /usr/share/adminer/editor Options FollowSymLinks DirectoryIndex index.php AddType application/x-httpd-php .php php_flag magic_quotes_gpc Off php_flag track_vars On php_flag register_globals Off php_value include_path .