Accepting request 184887 from home:computersalat:devel:php

update to 4.0.4.2, fix for bnc#831896

OBS-URL: https://build.opensuse.org/request/show/184887
OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=68
This commit is contained in:
Christian Wittmer 2013-07-29 20:55:25 +00:00 committed by Git OBS Bridge
parent 3a32a5d173
commit 67da26ad23
3 changed files with 53 additions and 42 deletions

View File

@ -1,5 +1,7 @@
--- config.sample.inc.php.orig 2013-05-03 14:16:36.000000000 +0200 Index: config.sample.inc.php
+++ config.sample.inc.php 2013-05-03 20:13:46.549034257 +0200 ===================================================================
--- config.sample.inc.php.orig
+++ config.sample.inc.php
@@ -11,10 +11,51 @@ @@ -11,10 +11,51 @@
*/ */
@ -22,20 +24,20 @@
+ * $cfg['PmaAbsoluteUri_DisableWarning'] variable below. + * $cfg['PmaAbsoluteUri_DisableWarning'] variable below.
+ */ + */
+$cfg['PmaAbsoluteUri'] = ''; +$cfg['PmaAbsoluteUri'] = '';
+ +
+/* +/*
* This is needed for cookie based authentication to encrypt password in * This is needed for cookie based authentication to encrypt password in
* cookie * cookie
+ * YOU MUST FILL IN THIS FOR COOKIE AUTH! + * YOU MUST FILL IN THIS FOR COOKIE AUTH!
*/ + */
-$cfg['blowfish_secret'] = 'a8b7c6d'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
+$cfg['blowfish_secret'] = ''; +$cfg['blowfish_secret'] = '';
+ +
+/* +/*
+ * Disable the default warning about $cfg['PmaAbsoluteUri'] not being set + * Disable the default warning about $cfg['PmaAbsoluteUri'] not being set
+ * You should use this if and ONLY if the PmaAbsoluteUri auto-detection + * You should use this if and ONLY if the PmaAbsoluteUri auto-detection
+ * works perfectly. + * works perfectly.
+ */ */
-$cfg['blowfish_secret'] = 'a8b7c6d'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
+$cfg['PmaAbsoluteUri_DisableWarning'] = false; +$cfg['PmaAbsoluteUri_DisableWarning'] = false;
+ +
+/* +/*
@ -133,30 +135,12 @@
* phpMyAdmin configuration storage settings. * phpMyAdmin configuration storage settings.
*/ */
+$cfg['Servers'][$i]['controlhost'] = ''; +$cfg['Servers'][$i]['controlhost'] = '';
+
-/* User used to manipulate with storage */
-// $cfg['Servers'][$i]['controlhost'] = '';
-// $cfg['Servers'][$i]['controluser'] = 'pma';
-// $cfg['Servers'][$i]['controlpass'] = 'pmapass';
+// MySQL control user settings (this user must have read-only +// MySQL control user settings (this user must have read-only
+// access to the "mysql/user" and "mysql/db" tables). +// access to the "mysql/user" and "mysql/db" tables).
+// The controluser is also used for all relational features (pmadb) +// The controluser is also used for all relational features (pmadb)
+$cfg['Servers'][$i]['controluser'] = ''; +$cfg['Servers'][$i]['controluser'] = '';
+
-/* Storage database and tables */
-// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
-// $cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
-// $cfg['Servers'][$i]['relation'] = 'pma__relation';
-// $cfg['Servers'][$i]['table_info'] = 'pma__table_info';
-// $cfg['Servers'][$i]['table_coords'] = 'pma__table_coords';
-// $cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
-// $cfg['Servers'][$i]['column_info'] = 'pma__column_info';
-// $cfg['Servers'][$i]['history'] = 'pma__history';
-// $cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
-// $cfg['Servers'][$i]['tracking'] = 'pma__tracking';
-// $cfg['Servers'][$i]['designer_coords'] = 'pma__designer_coords';
-// $cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
-// $cfg['Servers'][$i]['recent'] = 'pma__recent';
+// The password needed for the controluser to login +// The password needed for the controluser to login
+// (see $cfg['Servers'][$i]['controluser']) +// (see $cfg['Servers'][$i]['controluser'])
+$cfg['Servers'][$i]['controlpass'] = ''; +$cfg['Servers'][$i]['controlpass'] = '';
@ -235,7 +219,26 @@
+// used tables, but it will disappear after you logout. +// used tables, but it will disappear after you logout.
+// DEFAULT: 'pma_recent' +// DEFAULT: 'pma_recent'
+$cfg['Servers'][$i]['recent'] = 'pma_recent'; +$cfg['Servers'][$i]['recent'] = 'pma_recent';
+
-/* User used to manipulate with storage */
-// $cfg['Servers'][$i]['controlhost'] = '';
-// $cfg['Servers'][$i]['controluser'] = 'pma';
-// $cfg['Servers'][$i]['controlpass'] = 'pmapass';
-
-/* Storage database and tables */
-// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
-// $cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
-// $cfg['Servers'][$i]['relation'] = 'pma__relation';
-// $cfg['Servers'][$i]['table_info'] = 'pma__table_info';
-// $cfg['Servers'][$i]['table_coords'] = 'pma__table_coords';
-// $cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
-// $cfg['Servers'][$i]['column_info'] = 'pma__column_info';
-// $cfg['Servers'][$i]['history'] = 'pma__history';
-// $cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
-// $cfg['Servers'][$i]['tracking'] = 'pma__tracking';
-// $cfg['Servers'][$i]['designer_coords'] = 'pma__designer_coords';
-// $cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
-// $cfg['Servers'][$i]['recent'] = 'pma__recent';
/* Contrib / Swekey authentication */ /* Contrib / Swekey authentication */
-// $cfg['Servers'][$i]['auth_swekey_config'] = '/etc/swekey-pma.conf'; -// $cfg['Servers'][$i]['auth_swekey_config'] = '/etc/swekey-pma.conf';
+// The name of the file containing Swekey ids and login names for +// The name of the file containing Swekey ids and login names for
@ -276,7 +279,7 @@
/* /*
+ * phpMyAdmin configuration storage settings. + * phpMyAdmin configuration storage settings.
+ */ + */
+ +
+/* +/*
+$cfg['Servers'][$i]['controlhost'] = ''; +$cfg['Servers'][$i]['controlhost'] = '';
+$cfg['Servers'][$i]['controluser'] = ''; +$cfg['Servers'][$i]['controluser'] = '';
@ -312,8 +315,10 @@
* End of servers configuration * End of servers configuration
*/ */
--- libraries/vendor_config.php.orig 2013-05-03 14:16:36.000000000 +0200 Index: libraries/vendor_config.php
+++ libraries/vendor_config.php 2013-05-03 19:57:54.344938439 +0200 ===================================================================
--- libraries/vendor_config.php.orig
+++ libraries/vendor_config.php
@@ -17,18 +17,18 @@ if (! defined('PHPMYADMIN')) { @@ -17,18 +17,18 @@ if (! defined('PHPMYADMIN')) {
* Path to changelog file, can be gzip compressed. Useful when you want to * Path to changelog file, can be gzip compressed. Useful when you want to
* have documentation somewhere else, eg. /usr/share/doc. * have documentation somewhere else, eg. /usr/share/doc.

View File

@ -1,16 +1,24 @@
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Jul 29 20:20:03 UTC 2013 - ecsos@schirra.net Mon Jul 29 20:07:45 UTC 2013 - chris@computersalat.de
- fix for bnc#831896
* multiple XSS issues (+ a SQL injection and full path disclosure flaw)
* fix for PMASA-2013-9 (CWE-661 CWE-79 CWE-80)
* fix for PMASA-2013-11 (CWE-300 CWE-79)
* fix for PMASA-2013-12 (CWE-661 CWE-200)
* fix for PMASA-2013-13 (CWE-661 CWE-79 CWE-80)
* fix for PMASA-2013-14 (CWE-661 CWE-79)
* fix for PMASA-2013-15 (CWE-661 CWE-89 CWE-269)
- update to 4.0.4.2 (2013-07-28) - update to 4.0.4.2 (2013-07-28)
- [security] Fix stored XSS in Server status monitor, see PMASA-2013-9 * [security] Fix stored XSS in Server status monitor, see PMASA-2013-9
- [security] Fix stored XSS in navigation panel logo link, see PMASA-2013-9 * [security] Fix stored XSS in navigation panel logo link, see PMASA-2013-9
- [security] Fix self-XSS in setup, trusted proxies validation, see PMASA-2013-9 * [security] Fix self-XSS in setup, trusted proxies validation, see PMASA-2013-9
- [security] Fix full path disclosure, see PMASA-2013-12 * [security] Fix full path disclosure, see PMASA-2013-12
- [security] Fix control user SQL injection in pmd_pdf.php, see PMASA-2013-15 * [security] Fix control user SQL injection in pmd_pdf.php, see PMASA-2013-15
- [security] Fix control user SQL injection in schema_export.php, see PMASA-2013-15 * [security] Fix control user SQL injection in schema_export.php, see PMASA-2013-15
- [security] Fix self-XSS in schema export, see PMASA-2013-14 * [security] Fix self-XSS in schema export, see PMASA-2013-14
- [security] Fix unencoded json object, see PMASA-2013-11 * [security] Fix unencoded json object, see PMASA-2013-11
- [security] Fix stored XSS in link transformation plugin, see PMASA-2013-13 * [security] Fix stored XSS in link transformation plugin, see PMASA-2013-13
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jul 3 21:40:23 UTC 2013 - obs@ladisch.de Wed Jul 3 21:40:23 UTC 2013 - obs@ladisch.de

View File

@ -104,8 +104,6 @@ Currently phpMyAdmin can:
find . -type d -exec chmod 755 {} \; find . -type d -exec chmod 755 {} \;
find . -type f -exec chmod 644 {} \; find . -type f -exec chmod 644 {} \;
find . -type f -name '*.orig' -exec rm {} \; find . -type f -name '*.orig' -exec rm {} \;
#rm lang/*.sh
#%%{__rm} libraries/.htaccess
%build %build