Accepting request 184887 from home:computersalat:devel:php
update to 4.0.4.2, fix for bnc#831896 OBS-URL: https://build.opensuse.org/request/show/184887 OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=68
This commit is contained in:
parent
3a32a5d173
commit
67da26ad23
@ -1,5 +1,7 @@
|
|||||||
--- config.sample.inc.php.orig 2013-05-03 14:16:36.000000000 +0200
|
Index: config.sample.inc.php
|
||||||
+++ config.sample.inc.php 2013-05-03 20:13:46.549034257 +0200
|
===================================================================
|
||||||
|
--- config.sample.inc.php.orig
|
||||||
|
+++ config.sample.inc.php
|
||||||
@@ -11,10 +11,51 @@
|
@@ -11,10 +11,51 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
@ -22,20 +24,20 @@
|
|||||||
+ * $cfg['PmaAbsoluteUri_DisableWarning'] variable below.
|
+ * $cfg['PmaAbsoluteUri_DisableWarning'] variable below.
|
||||||
+ */
|
+ */
|
||||||
+$cfg['PmaAbsoluteUri'] = '';
|
+$cfg['PmaAbsoluteUri'] = '';
|
||||||
+
|
+
|
||||||
+/*
|
+/*
|
||||||
* This is needed for cookie based authentication to encrypt password in
|
* This is needed for cookie based authentication to encrypt password in
|
||||||
* cookie
|
* cookie
|
||||||
+ * YOU MUST FILL IN THIS FOR COOKIE AUTH!
|
+ * YOU MUST FILL IN THIS FOR COOKIE AUTH!
|
||||||
*/
|
+ */
|
||||||
-$cfg['blowfish_secret'] = 'a8b7c6d'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
|
|
||||||
+$cfg['blowfish_secret'] = '';
|
+$cfg['blowfish_secret'] = '';
|
||||||
+
|
+
|
||||||
+/*
|
+/*
|
||||||
+ * Disable the default warning about $cfg['PmaAbsoluteUri'] not being set
|
+ * Disable the default warning about $cfg['PmaAbsoluteUri'] not being set
|
||||||
+ * You should use this if and ONLY if the PmaAbsoluteUri auto-detection
|
+ * You should use this if and ONLY if the PmaAbsoluteUri auto-detection
|
||||||
+ * works perfectly.
|
+ * works perfectly.
|
||||||
+ */
|
*/
|
||||||
|
-$cfg['blowfish_secret'] = 'a8b7c6d'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
|
||||||
+$cfg['PmaAbsoluteUri_DisableWarning'] = false;
|
+$cfg['PmaAbsoluteUri_DisableWarning'] = false;
|
||||||
+
|
+
|
||||||
+/*
|
+/*
|
||||||
@ -133,30 +135,12 @@
|
|||||||
* phpMyAdmin configuration storage settings.
|
* phpMyAdmin configuration storage settings.
|
||||||
*/
|
*/
|
||||||
+$cfg['Servers'][$i]['controlhost'] = '';
|
+$cfg['Servers'][$i]['controlhost'] = '';
|
||||||
|
+
|
||||||
-/* User used to manipulate with storage */
|
|
||||||
-// $cfg['Servers'][$i]['controlhost'] = '';
|
|
||||||
-// $cfg['Servers'][$i]['controluser'] = 'pma';
|
|
||||||
-// $cfg['Servers'][$i]['controlpass'] = 'pmapass';
|
|
||||||
+// MySQL control user settings (this user must have read-only
|
+// MySQL control user settings (this user must have read-only
|
||||||
+// access to the "mysql/user" and "mysql/db" tables).
|
+// access to the "mysql/user" and "mysql/db" tables).
|
||||||
+// The controluser is also used for all relational features (pmadb)
|
+// The controluser is also used for all relational features (pmadb)
|
||||||
+$cfg['Servers'][$i]['controluser'] = '';
|
+$cfg['Servers'][$i]['controluser'] = '';
|
||||||
|
+
|
||||||
-/* Storage database and tables */
|
|
||||||
-// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
|
|
||||||
-// $cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
|
|
||||||
-// $cfg['Servers'][$i]['relation'] = 'pma__relation';
|
|
||||||
-// $cfg['Servers'][$i]['table_info'] = 'pma__table_info';
|
|
||||||
-// $cfg['Servers'][$i]['table_coords'] = 'pma__table_coords';
|
|
||||||
-// $cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
|
|
||||||
-// $cfg['Servers'][$i]['column_info'] = 'pma__column_info';
|
|
||||||
-// $cfg['Servers'][$i]['history'] = 'pma__history';
|
|
||||||
-// $cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
|
|
||||||
-// $cfg['Servers'][$i]['tracking'] = 'pma__tracking';
|
|
||||||
-// $cfg['Servers'][$i]['designer_coords'] = 'pma__designer_coords';
|
|
||||||
-// $cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
|
|
||||||
-// $cfg['Servers'][$i]['recent'] = 'pma__recent';
|
|
||||||
+// The password needed for the controluser to login
|
+// The password needed for the controluser to login
|
||||||
+// (see $cfg['Servers'][$i]['controluser'])
|
+// (see $cfg['Servers'][$i]['controluser'])
|
||||||
+$cfg['Servers'][$i]['controlpass'] = '';
|
+$cfg['Servers'][$i]['controlpass'] = '';
|
||||||
@ -235,7 +219,26 @@
|
|||||||
+// used tables, but it will disappear after you logout.
|
+// used tables, but it will disappear after you logout.
|
||||||
+// DEFAULT: 'pma_recent'
|
+// DEFAULT: 'pma_recent'
|
||||||
+$cfg['Servers'][$i]['recent'] = 'pma_recent';
|
+$cfg['Servers'][$i]['recent'] = 'pma_recent';
|
||||||
+
|
|
||||||
|
-/* User used to manipulate with storage */
|
||||||
|
-// $cfg['Servers'][$i]['controlhost'] = '';
|
||||||
|
-// $cfg['Servers'][$i]['controluser'] = 'pma';
|
||||||
|
-// $cfg['Servers'][$i]['controlpass'] = 'pmapass';
|
||||||
|
-
|
||||||
|
-/* Storage database and tables */
|
||||||
|
-// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
|
||||||
|
-// $cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
|
||||||
|
-// $cfg['Servers'][$i]['relation'] = 'pma__relation';
|
||||||
|
-// $cfg['Servers'][$i]['table_info'] = 'pma__table_info';
|
||||||
|
-// $cfg['Servers'][$i]['table_coords'] = 'pma__table_coords';
|
||||||
|
-// $cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
|
||||||
|
-// $cfg['Servers'][$i]['column_info'] = 'pma__column_info';
|
||||||
|
-// $cfg['Servers'][$i]['history'] = 'pma__history';
|
||||||
|
-// $cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
|
||||||
|
-// $cfg['Servers'][$i]['tracking'] = 'pma__tracking';
|
||||||
|
-// $cfg['Servers'][$i]['designer_coords'] = 'pma__designer_coords';
|
||||||
|
-// $cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
|
||||||
|
-// $cfg['Servers'][$i]['recent'] = 'pma__recent';
|
||||||
/* Contrib / Swekey authentication */
|
/* Contrib / Swekey authentication */
|
||||||
-// $cfg['Servers'][$i]['auth_swekey_config'] = '/etc/swekey-pma.conf';
|
-// $cfg['Servers'][$i]['auth_swekey_config'] = '/etc/swekey-pma.conf';
|
||||||
+// The name of the file containing Swekey ids and login names for
|
+// The name of the file containing Swekey ids and login names for
|
||||||
@ -276,7 +279,7 @@
|
|||||||
/*
|
/*
|
||||||
+ * phpMyAdmin configuration storage settings.
|
+ * phpMyAdmin configuration storage settings.
|
||||||
+ */
|
+ */
|
||||||
+
|
+
|
||||||
+/*
|
+/*
|
||||||
+$cfg['Servers'][$i]['controlhost'] = '';
|
+$cfg['Servers'][$i]['controlhost'] = '';
|
||||||
+$cfg['Servers'][$i]['controluser'] = '';
|
+$cfg['Servers'][$i]['controluser'] = '';
|
||||||
@ -312,8 +315,10 @@
|
|||||||
* End of servers configuration
|
* End of servers configuration
|
||||||
*/
|
*/
|
||||||
|
|
||||||
--- libraries/vendor_config.php.orig 2013-05-03 14:16:36.000000000 +0200
|
Index: libraries/vendor_config.php
|
||||||
+++ libraries/vendor_config.php 2013-05-03 19:57:54.344938439 +0200
|
===================================================================
|
||||||
|
--- libraries/vendor_config.php.orig
|
||||||
|
+++ libraries/vendor_config.php
|
||||||
@@ -17,18 +17,18 @@ if (! defined('PHPMYADMIN')) {
|
@@ -17,18 +17,18 @@ if (! defined('PHPMYADMIN')) {
|
||||||
* Path to changelog file, can be gzip compressed. Useful when you want to
|
* Path to changelog file, can be gzip compressed. Useful when you want to
|
||||||
* have documentation somewhere else, eg. /usr/share/doc.
|
* have documentation somewhere else, eg. /usr/share/doc.
|
||||||
|
@ -1,16 +1,24 @@
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jul 29 20:20:03 UTC 2013 - ecsos@schirra.net
|
Mon Jul 29 20:07:45 UTC 2013 - chris@computersalat.de
|
||||||
|
|
||||||
|
- fix for bnc#831896
|
||||||
|
* multiple XSS issues (+ a SQL injection and full path disclosure flaw)
|
||||||
|
* fix for PMASA-2013-9 (CWE-661 CWE-79 CWE-80)
|
||||||
|
* fix for PMASA-2013-11 (CWE-300 CWE-79)
|
||||||
|
* fix for PMASA-2013-12 (CWE-661 CWE-200)
|
||||||
|
* fix for PMASA-2013-13 (CWE-661 CWE-79 CWE-80)
|
||||||
|
* fix for PMASA-2013-14 (CWE-661 CWE-79)
|
||||||
|
* fix for PMASA-2013-15 (CWE-661 CWE-89 CWE-269)
|
||||||
- update to 4.0.4.2 (2013-07-28)
|
- update to 4.0.4.2 (2013-07-28)
|
||||||
- [security] Fix stored XSS in Server status monitor, see PMASA-2013-9
|
* [security] Fix stored XSS in Server status monitor, see PMASA-2013-9
|
||||||
- [security] Fix stored XSS in navigation panel logo link, see PMASA-2013-9
|
* [security] Fix stored XSS in navigation panel logo link, see PMASA-2013-9
|
||||||
- [security] Fix self-XSS in setup, trusted proxies validation, see PMASA-2013-9
|
* [security] Fix self-XSS in setup, trusted proxies validation, see PMASA-2013-9
|
||||||
- [security] Fix full path disclosure, see PMASA-2013-12
|
* [security] Fix full path disclosure, see PMASA-2013-12
|
||||||
- [security] Fix control user SQL injection in pmd_pdf.php, see PMASA-2013-15
|
* [security] Fix control user SQL injection in pmd_pdf.php, see PMASA-2013-15
|
||||||
- [security] Fix control user SQL injection in schema_export.php, see PMASA-2013-15
|
* [security] Fix control user SQL injection in schema_export.php, see PMASA-2013-15
|
||||||
- [security] Fix self-XSS in schema export, see PMASA-2013-14
|
* [security] Fix self-XSS in schema export, see PMASA-2013-14
|
||||||
- [security] Fix unencoded json object, see PMASA-2013-11
|
* [security] Fix unencoded json object, see PMASA-2013-11
|
||||||
- [security] Fix stored XSS in link transformation plugin, see PMASA-2013-13
|
* [security] Fix stored XSS in link transformation plugin, see PMASA-2013-13
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Jul 3 21:40:23 UTC 2013 - obs@ladisch.de
|
Wed Jul 3 21:40:23 UTC 2013 - obs@ladisch.de
|
||||||
|
@ -104,8 +104,6 @@ Currently phpMyAdmin can:
|
|||||||
find . -type d -exec chmod 755 {} \;
|
find . -type d -exec chmod 755 {} \;
|
||||||
find . -type f -exec chmod 644 {} \;
|
find . -type f -exec chmod 644 {} \;
|
||||||
find . -type f -name '*.orig' -exec rm {} \;
|
find . -type f -name '*.orig' -exec rm {} \;
|
||||||
#rm lang/*.sh
|
|
||||||
#%%{__rm} libraries/.htaccess
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user