From 14d28329f76ec7c6b806705dc250095f2e329fafbbc18b57cd80babf00a68d69 Mon Sep 17 00:00:00 2001 From: Eric Schirra Date: Wed, 5 Jun 2019 15:15:28 +0000 Subject: [PATCH 1/3] Accepting request 707875 from home:ecsos:server - phpMyAdmin 4.9.0.1: * CVE-2019-11768: PMASA-2019-3 is an SQL injection flaw in the Designer feature * CVE-2019-12616: PMASA-2019-4 is a CSRF attack that's possible through the 'cookie' login form * Several issues with SYSTEM VERSIONING tables * Fixed json encode error in export * Fixed JavaScript events not activating on input (sql bookmark issue) * Show Designer combo boxes when adding a constraint * Fix edit view * Fixed invalid default value for bit field * Fix several errors relating to GIS data types * Fixed javascript error PMA_messages is not defined * Fixed import XML data with leading zeros * Fixed php notice, added support for 'DELETE HISTORY' table privilege (MariaDB >= 10.3.4) * Fixed MySQL 8.0.0 issues with GIS display * Fixed "Server charset" in "Database server" tab showing wrong information * Fixed can not copy user on Percona Server 5.7 * Updated sql-parser to version 4.3.2, which fixes several parsing and linting problems OBS-URL: https://build.opensuse.org/request/show/707875 OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=331 --- phpMyAdmin-4.9.0.1-all-languages.tar.xz | 3 +++ phpMyAdmin-4.9.0.1-all-languages.tar.xz.asc | 16 ++++++++++++ phpMyAdmin.changes | 27 +++++++++++++++++++++ phpMyAdmin.spec | 2 +- 4 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 phpMyAdmin-4.9.0.1-all-languages.tar.xz create mode 100644 phpMyAdmin-4.9.0.1-all-languages.tar.xz.asc diff --git a/phpMyAdmin-4.9.0.1-all-languages.tar.xz b/phpMyAdmin-4.9.0.1-all-languages.tar.xz new file mode 100644 index 0000000..2c280b5 --- /dev/null +++ b/phpMyAdmin-4.9.0.1-all-languages.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e3de59f913c095433c8f6466f8826dfde09b097cfac78b665ddef9ddc03b0ed6 +size 6066680 diff --git a/phpMyAdmin-4.9.0.1-all-languages.tar.xz.asc b/phpMyAdmin-4.9.0.1-all-languages.tar.xz.asc new file mode 100644 index 0000000..623d71e --- /dev/null +++ b/phpMyAdmin-4.9.0.1-all-languages.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEPQalns5zDrcbURwXznUvF4JZvZIFAlz2l40ACgkQznUvF4JZ +vZLKBRAAtEnzcxLYrysyCdnShxpAPxBUrDQYQ2GA310ZbZu/ZzWO+BLmc8Simnv7 +hfVLSeKvS3Xy6N72++til7ujdofbx3uohwrthyL24L6s24BJAT+KOqhSRXzAJ/a2 +rWuEE0kDg6+H5PRRq41+DbQBxDfsAwjsR6eueSszApe+M50ek6udRuxFFIOBcBfi +zBPCAjIfpTIXXUygBJUrl4K/PPUYXR8wWoAC2SRBDY43B01yD4Y9hkqCBXNcSgNa +S1QsRNB6+7uTi4lSIoHHj1zLfAumAjsfFpznqaY0K+UHkSnM9qHKEUPmJUdauCwa +Y65vycPVVDj3gD9bGGsloAg24vuxSUqFQlUpDYTIkTFJaEKgRyB8fH6CpPYCn8iX +DYHYKREpTubS6hqUsikjflPr+ufDYh6nT7h3OM06TroHCf73amgS32u5N9u+ibEt +DBHR3X+h5gBP0s94OCYpjExtrxOakFH4cID4mX7VkafcpV4zwg8NeOwTYcp4lq5h +QtbhnAMVUtWKiN0DMOj+bF+DhbPYx9g2tO2J1E33qK4iqN+OwAdv9PV7cGst8Fat +GmhgQNb8x1m8qN1wiY60ZEjok9CXTrR4NR6dQEp5suQpmbV29ICkzwc8uD75NFLU +RVLgbiDctw0oC9aBym6tRsVDgfh4Pxq6M27G/Bj6PeaZ8JS4w2A= +=YN/f +-----END PGP SIGNATURE----- diff --git a/phpMyAdmin.changes b/phpMyAdmin.changes index 88f2522..ac58597 100644 --- a/phpMyAdmin.changes +++ b/phpMyAdmin.changes @@ -1,3 +1,30 @@ +------------------------------------------------------------------- +Wed Jun 5 14:43:41 UTC 2019 - ecsos@opensuse.org + +- phpMyAdmin 4.9.0.1: + * CVE-2019-11768: PMASA-2019-3 is an SQL injection flaw in the + Designer feature + * CVE-2019-12616: PMASA-2019-4 is a CSRF attack that's possible + through the 'cookie' login form + * Several issues with SYSTEM VERSIONING tables + * Fixed json encode error in export + * Fixed JavaScript events not activating on input + (sql bookmark issue) + * Show Designer combo boxes when adding a constraint + * Fix edit view + * Fixed invalid default value for bit field + * Fix several errors relating to GIS data types + * Fixed javascript error PMA_messages is not defined + * Fixed import XML data with leading zeros + * Fixed php notice, added support for 'DELETE HISTORY' table + privilege (MariaDB >= 10.3.4) + * Fixed MySQL 8.0.0 issues with GIS display + * Fixed "Server charset" in "Database server" tab showing wrong + information + * Fixed can not copy user on Percona Server 5.7 + * Updated sql-parser to version 4.3.2, which fixes several + parsing and linting problems + ------------------------------------------------------------------- Fri Feb 1 19:10:59 UTC 2019 - andreas.stieger@gmx.de diff --git a/phpMyAdmin.spec b/phpMyAdmin.spec index cfe687e..b95f4db 100644 --- a/phpMyAdmin.spec +++ b/phpMyAdmin.spec @@ -29,7 +29,7 @@ %define ap_grp nogroup %endif Name: phpMyAdmin -Version: 4.8.5 +Version: 4.9.0.1 Release: 0 Summary: Administration of MySQL over the web License: GPL-2.0-or-later From 20dbc2b47f530cd8cab70d51978e54826a7a838e9eeb2075eaa98250faeb452b Mon Sep 17 00:00:00 2001 From: Eric Schirra Date: Wed, 5 Jun 2019 15:23:11 +0000 Subject: [PATCH 2/3] OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=332 --- phpMyAdmin-4.8.5-all-languages.tar.xz | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 phpMyAdmin-4.8.5-all-languages.tar.xz diff --git a/phpMyAdmin-4.8.5-all-languages.tar.xz b/phpMyAdmin-4.8.5-all-languages.tar.xz deleted file mode 100644 index 7ee8714..0000000 --- a/phpMyAdmin-4.8.5-all-languages.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d7ab5df4e464d7ba17bf2a42da7d7f26dad45c34bf321ac8ae7d2ed748413913 -size 6026176 From 5f11dca66466cac986500ecf6cdb42b7c158f496c4713eb5a78da3ff41f2f202 Mon Sep 17 00:00:00 2001 From: Eric Schirra Date: Wed, 5 Jun 2019 15:23:18 +0000 Subject: [PATCH 3/3] OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=333 --- phpMyAdmin-4.8.5-all-languages.tar.xz.asc | 16 ---------------- 1 file changed, 16 deletions(-) delete mode 100644 phpMyAdmin-4.8.5-all-languages.tar.xz.asc diff --git a/phpMyAdmin-4.8.5-all-languages.tar.xz.asc b/phpMyAdmin-4.8.5-all-languages.tar.xz.asc deleted file mode 100644 index 0ef9a15..0000000 --- a/phpMyAdmin-4.8.5-all-languages.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEPQalns5zDrcbURwXznUvF4JZvZIFAlxLzuIACgkQznUvF4JZ -vZIwjA//f1RuFKUj1cp4A5dSqjwN2l5kaoQIkfrLyPXfTWRsdgApV7tH9yYH67pg -DT9awGrQdCygSl1A6jmDbuQ0G4SVbFZwxjSat7bj1JU72t5TAdu09c/jqdi+eB+9 -x3TcgVygz95mcX9sck1SW/O4U+Fgor/8NZCzCIONbaB92un6DnmehXgJ+mx0G3G2 -TL6BNI2wpEFypaBlnAnz+8heYKXaDelXj0T9XlRffL18EUz0Z5juvHWk47/rAdJf -n9C+5TI74mKFsoS6jtCjC/C6xKo76kSKqzjA+KGg7cOOsx9o5691r96+G3ThN35D -c51Vrgt9Bo8isGu2SPDZaFLpWhY6JCRsYhwOSmg02UXaaR8+5t2tMVcEwxgOQsvW -ZhdtuPayOJCP4Dz4Ajgxchqcfk/SzclPIz+iAq92MoWxUbItowdlWG22p61mLLqE -fot2XkPBIzjHrcPl+VdcDet1IV1MuIUYKZisZ6eK6yk8MNqoNk660of5JX781aBw -/wjp1CAvO3TrUBq6Aj80GAF551rIvocbWGy2yhxd+3SpsYT/pre4WJNcMNqKInm+ -uEnuh0RG9OoqjRyMIwTqgLbIkP+Bb0AKDn06oCXESqL2SjNlyybufDYnSyqSEKsG -E+ca8ICHSFQv073krNsci+puOxCG3XXBkfdOhQUjQl+mK6hbnfY= -=7jjD ------END PGP SIGNATURE-----