Accepting request 761881 from server:php:applications

fix for boo#1160456 (PMASA-2020-1, CVE-2020-5504) (forwarded request 761879 from computersalat) OBS-URL: https://build.opensuse.org/request/show/761881 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/phpMyAdmin?expand=0&rev=162
2020-01-08 16:57:29 +00:00 · 2020-01-08 16:57:29 +00:00 · 44c9416583
commit 44c9416583
parent 93de87a6ec 930a63549c
6 changed files with 34 additions and 23 deletions
--- a/phpMyAdmin-4.9.3-all-languages.tar.xz
+++ b/phpMyAdmin-4.9.3-all-languages.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b7178fefbbb373af8c9586d0f6f70ee9994301723dd3160204078dcbe4d8fa6b
-size 6136280
--- a/phpMyAdmin-4.9.3-all-languages.tar.xz.asc
+++ b/phpMyAdmin-4.9.3-all-languages.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEPQalns5zDrcbURwXznUvF4JZvZIFAl4EzUcACgkQznUvF4JZ
-vZKK4g/9G1tY68osrSXm4R8Tk4u8AK7egceDAs/FN8AEirnAcpyijmb6Oo+Gs5Po
-v8smCpHu/niisnE8sfsA7BghVDJ9tvlXHllXVafrxlO2AeXvzWtCfwYz6lUv8LVF
-Wo7vAepbAP4ZDCluphmUaXptr6cBKq7bHIXrTgceqaoib+OiItauI5l7VvVNzfp2
-phnd5IPVS/YfhA65vBHGRlyHQI3jvULFRaeOioEBmWPn8cZ+MVAQJDvGPIORjlvf
-J8kePm+V93P0EQ7+XDL2OTGNr8A3zxd+mvgPZ3G7cRh/oREbQhwhrSqXffaHXnsk
-X42rtnEuzJcDRjQl/2TemKug8kBLV7lZx755m9BrT3jdWlXLSq3EjkxN5u6LgI8x
-rgdITl6nUyovidUJdoEXQjlEHzu8S7lkjmidXElJpdNG3rYj62N3KAzwlWLqANpJ
-3AL4/EDeWXFisKCnYbpgoCFyL0cGbnba61VP3bWMiypIpL8AmA1P0y4vJtEbk3qz
-+m14gxMHjuD1/jqCRSfpe6RHyX01H1GWQv3HS6sB01VlWYgSUiFDkR9ums8uykRC
-eEpTttzWu/5JHeZyQ1IeQI8JE2QT6iDS/schyF3yMr0yCztAu8a219fYa1xlrx26
-yjPG8sj/heTA3KXpsxpqobyXiqtZVVlR63HNBv2pcUV16LAansc=
-=RZ7Z
-----END PGP SIGNATURE-----
--- a/phpMyAdmin-4.9.4-all-languages.tar.xz
+++ b/phpMyAdmin-4.9.4-all-languages.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c3d2eb2a0a06c40f7df9ee3bfe8daaea326bdf2ebc35f83e7dfd05eb0247b6bf
+size 6134852
--- a/phpMyAdmin-4.9.4-all-languages.tar.xz.asc
+++ b/phpMyAdmin-4.9.4-all-languages.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEPQalns5zDrcbURwXznUvF4JZvZIFAl4VN/QACgkQznUvF4JZ
+vZLsihAAhJ65Cbv7d8jaCio2DlvUXBGrm1sEsOOC8utS4Kz4Ui6VWY98/Ra2Lz7n
+tY/XOaSSDBzVRvLygwO55zK6nd/LiDn6HOfogiq1yTmqcy4ctTkSqFgGuv3pgx7G
+PGadjasiQJgrczxpQHWToYgxbJPaggyhg3WsDoCasAkh06NSZobqKUSu4Gk4wTCO
+9UlECby0tBdjgphu7Ot/yD5Ck/YsPCfbM2yzUiRUt2cYqOnqv5HcAyZPzHzpHdik
+bhjhYJzH1jqWdsl/0lJJZRMt6yFJIH/KfiN/Zu+eCmNsa3s7wWSqXq8eAvi7ipW6
+/svH+/68Gj26jKdlfzocfoDpUlzdSVpeEEU2INff+7/iU6IUp0uBZXJKX7xOvMa5
+RYXsY3CMDhGqv5FsGhuDLKWQOffkxC9M++bpg8JVvr0vJceQ4caMJ82zftGA/tO0
+pJjBob4zb9QZEqKMAytcLROaCC3KrqsN1kIXEu/koQaETqxbIGxxH9rCFLpNo+yT
+rPKp8uZJ6dCoarQ5srFYpkhXCVKgrO2Fuz3lyOuoPK+mAtvDWXJznsPK/41xYDWQ
+nMGupQyt1Ytct2nnBZIeQFK4NxM8qVAFpQ7ZPkqtRP//0p0qTiY5OP87YKsC2yTv
+EEx4CDB09kV/xMf5wIkaf1xHAPTps7YZrSUyC+HnmayixjwUb3k=
+=7XQt
+-----END PGP SIGNATURE-----
--- a/phpMyAdmin.changes
+++ b/phpMyAdmin.changes
@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Wed Jan  8 14:26:20 UTC 2020 - chris@computersalat.de
+
+- update to 4.9.4 (2020-01-07)
+  * https://github.com/phpmyadmin/phpmyadmin/blob/RELEASE_4_9_4/ChangeLog
+- fix for boo#1160456
+  * PMASA-2020-1 (CVE-2020-5504, CWE-661)
+    https://www.phpmyadmin.net/security/PMASA-2020-1/
+    - SQL injection in user accounts page
+- fix changes about corresponding PMASA
+
 -------------------------------------------------------------------
 Mon Dec 30 15:41:02 UTC 2019 - ecsos@opensuse.org

@ -15,7 +26,7 @@ Mon Dec 30 15:41:02 UTC 2019 - ecsos@opensuse.org
 Sat Nov 23 09:42:06 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>

 - phpMyAdmin 4.9.2:
-  * CVE-2019-18622: SQL injection in Designer feature (boo#1157614)
+  * CVE-2019-18622: SQL injection in Designer feature (PMASA-2019-5, boo#1157614)
  * Fixes for "Failed to set session cookie" error 
  * Advisor with MySQL 8.0.3 and newer
  * Fix PHP deprecation errors
@ -32,7 +43,7 @@ Sat Nov 23 09:42:06 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>
 Sat Sep 21 19:16:35 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>

 - phpMyAdmin 4.9.1:
-  * CVE-2019-12922: hardening against CSRF (boo#1150914)
+  * CVE-2019-12922: hardening against CSRF (no PMASA, boo#1150914)
  * Editing columns with CURRENT_TIMESTAMP for MySQL versions 8.0.13
    and newer
  * Compatibility issues with PHP 8
--- a/phpMyAdmin.spec
+++ b/phpMyAdmin.spec
@ -1,7 +1,7 @@
 #
 # spec file for package phpMyAdmin
 #
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -29,7 +29,7 @@
 %define ap_grp nogroup
 %endif
 Name:           phpMyAdmin
-Version:        4.9.3
+Version:        4.9.4
 Release:        0
 Summary:        Administration of MySQL over the web
 License:        GPL-2.0-or-later