git: 1cb6e93322e9 - main - databases/adminer: Fix CVE-2023-45197, CVE-2023-45196, CVE-2023-45195
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 20 Sep 2025 00:17:00 UTC
The branch main has been updated by vvd:
URL: https://cgit.FreeBSD.org/ports/commit/?id=1cb6e93322e9c45676ea266e8beb179506015e32
commit 1cb6e93322e9c45676ea266e8beb179506015e32
Author: Paavo-Einari Kaipila <pkaipila@gmail.com>
AuthorDate: 2025-09-20 00:12:59 +0000
Commit: Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2025-09-20 00:12:59 +0000
databases/adminer: Fix CVE-2023-45197, CVE-2023-45196, CVE-2023-45195
Remove affected plugin.
PR: 289262
Security: CVE-2023-45197
Security: CVE-2023-45196
Security: CVE-2023-45195
MFH: 2025Q3
---
databases/adminer/Makefile | 5 +++--
.../adminer/files/adminer-plugins-example.php | 20 +++++++++++++++++++
databases/adminer/files/makephar.php | 23 ++++++++++++++++++----
databases/adminer/pkg-plist | 1 +
4 files changed, 43 insertions(+), 6 deletions(-)
diff --git a/databases/adminer/Makefile b/databases/adminer/Makefile
index b8372b3a5209..8b637dc367a2 100644
--- a/databases/adminer/Makefile
+++ b/databases/adminer/Makefile
@@ -1,6 +1,6 @@
PORTNAME= adminer
DISTVERSION= 5.3.0
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= databases www
MASTER_SITES= https://github.com/vrana/${PORTNAME}/releases/download/v${DISTVERSION}/
PKGNAMEPREFIX= ${PHP_PKGNAMEPREFIX}
@@ -8,7 +8,7 @@ DISTFILES= ${PORTNAME}-${DISTVERSION}.php ${PORTNAME}-${DISTVERSION}.zip
EXTRACT_ONLY= ${PORTNAME}-${DISTVERSION}.zip
MAINTAINER= pkaipila@gmail.com
-COMMENT= Full-featured database management tool written in PHP
+COMMENT= Full-featured database management tool in a single PHP file
WWW= https://www.adminer.org
LICENSE= APACHE20
@@ -40,5 +40,6 @@ do-build:
do-install:
${MKDIR} ${STAGEDIR}${WWWDIR}
${INSTALL_DATA} ${WRKSRC}/index.php ${STAGEDIR}${WWWDIR}
+ ${INSTALL_DATA} ${FILESDIR}/adminer-plugins-example.php ${STAGEDIR}${WWWDIR}
.include <bsd.port.mk>
diff --git a/databases/adminer/files/adminer-plugins-example.php b/databases/adminer/files/adminer-plugins-example.php
new file mode 100644
index 000000000000..61400c6dc82b
--- /dev/null
+++ b/databases/adminer/files/adminer-plugins-example.php
@@ -0,0 +1,20 @@
+<?php
+/**
+ * List of all included plugins can be found at the
+ * beginning of index.php
+ */
+return [
+ new AdminerDarkSwitcher,
+
+ new AdminerPrettyJsonColumn,
+
+ new AdminerDumpJson,
+
+ new AdminerDumpXml,
+
+ // install zip extension to use this
+ new AdminerDumpZip,
+
+ // install bz2 extension to use this
+ new AdminerDumpBz2,
+];
diff --git a/databases/adminer/files/makephar.php b/databases/adminer/files/makephar.php
index 4e463e7fdc4e..ad54a3cfe4cb 100644
--- a/databases/adminer/files/makephar.php
+++ b/databases/adminer/files/makephar.php
@@ -54,15 +54,30 @@ foreach(new DirectoryIterator(__DIR__ . '/plugins') as $file)
if ($file->isFile())
{
$contents = php_strip_whitespace($file->getRealPath());
- $pharFile = 'adminer-plugins/' . $file->getFileName();
- $plugins[$pharFile] = $contents;
- if (preg_match('/class\s(A[a-zA-Z]+)\sextends\sAdminer/', $contents, $m))
- {
+ $fileName = $file->getFileName();
+ $pharFile = 'adminer-plugins/' . $fileName;
+
+ if (
+ /**
+ * Skip affected plugin
+ * https://nvd.nist.gov/vuln/detail/CVE-2023-45197
+ */
+ $fileName !== 'file-upload.php'
+ /**
+ * Adminer editor's plugins are only relevant
+ * in Adminer editor.
+ */
+ && !str_starts_with($fileName, 'editor')
+ && preg_match('/class\s(A[a-zA-Z0-9]+)\sextends\sAdminer/', $contents, $m)
+ ) {
+ $plugins[$pharFile] = $contents;
$classMap[$m[1]] = $file->getFileName();
}
}
}
+ksort($classMap);
+
$phar->setStub(
sprintf(
$stub,
diff --git a/databases/adminer/pkg-plist b/databases/adminer/pkg-plist
index 25f47247234c..49cd2d84519e 100644
--- a/databases/adminer/pkg-plist
+++ b/databases/adminer/pkg-plist
@@ -2,3 +2,4 @@
@group %%WWWGRP%%
@mode 0644
%%WWWDIR%%/index.php
+%%WWWDIR%%/adminer-plugins-example.php