From 863796187253615112b05b73bce2be7a6a13d87d2272276642c74b035022af36 Mon Sep 17 00:00:00 2001 From: Eric Schirra Date: Mon, 4 Feb 2019 10:50:07 +0000 Subject: [PATCH] Accepting request 670630 from home:AndreasStieger:branches:server:php:applications - phpMyAdmin 4.8.5: * CVE-2019-6799: Arbitrary file read vulnerability (PMASA-2019-1, bsc#1123272) * CVE-2019-6798: SQL injection in the Designer interface PMASA-2019-2, bsc#1123271) OBS-URL: https://build.opensuse.org/request/show/670630 OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=329 --- phpMyAdmin-4.8.4-all-languages.tar.xz | 3 --- phpMyAdmin-4.8.4-all-languages.tar.xz.asc | 16 ---------------- phpMyAdmin-4.8.5-all-languages.tar.xz | 3 +++ phpMyAdmin-4.8.5-all-languages.tar.xz.asc | 16 ++++++++++++++++ phpMyAdmin.changes | 15 +++++++++++++++ phpMyAdmin.spec | 18 ++++++++---------- 6 files changed, 42 insertions(+), 29 deletions(-) delete mode 100644 phpMyAdmin-4.8.4-all-languages.tar.xz delete mode 100644 phpMyAdmin-4.8.4-all-languages.tar.xz.asc create mode 100644 phpMyAdmin-4.8.5-all-languages.tar.xz create mode 100644 phpMyAdmin-4.8.5-all-languages.tar.xz.asc diff --git a/phpMyAdmin-4.8.4-all-languages.tar.xz b/phpMyAdmin-4.8.4-all-languages.tar.xz deleted file mode 100644 index 929ea6d..0000000 --- a/phpMyAdmin-4.8.4-all-languages.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e3d07cf070983bda327b9f3029ef1941c692ebad29275028948b0e11fa55990d -size 6012216 diff --git a/phpMyAdmin-4.8.4-all-languages.tar.xz.asc b/phpMyAdmin-4.8.4-all-languages.tar.xz.asc deleted file mode 100644 index 60fe581..0000000 --- a/phpMyAdmin-4.8.4-all-languages.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEPQalns5zDrcbURwXznUvF4JZvZIFAlwPG8YACgkQznUvF4JZ -vZLj/A/+L/xPrnjcIXazZCXoRzZsRZbgfpKaXVI+nATnIYAkYEYkcX38mLXBWkQb -glWp8zAmhaVB97qIEoruqgIH7xxohJac2grR5BhkrS1QhoRVBGHgWmzHAIV9bWrl -81sUhTNjAuOyXogagacDChKv2erFl2ABkGvz8EKQXT9qqu197URz868hwYdfpKCa -2xmrlXL3s93P3zafNG70nppYfFFO6oVnLxAiUfNabQWgIZa7BO7Iu4FSGuBOFmV5 -Weq4Tret9ydB8u4nB55CpEnZGzHC37JXeBjVmcQod8uR6NwWZNFG/EXHpJCMdnER -Uv5BpzyFh0zLZiCIryzAYJm7gRwfgeV04sBMgaZlwGxBAFYLFYYIltH38IM7fl6c -MBeLduc3o2i7na7wrC6fYMfny7DLtZ7hEcP4ly+dR3JaDQt26V4rjOWkwa9iHD0A -9LcD2Jgbsqqs75+jWNx3Ys/369kjDC9gMzoUgMeSpr0NB1ku2mK+I0osQFJ6wHDS -KSgt8JaOv6auLE47FgZSPifkRaf2Nj/QKxtQS6eY5Ta4hblYhgUgybiZVnC0N4hZ -kGXVgQjUnJt+ZJvswNW9oKqrZz2681hOgbQE7AwBjmhj7q9oSpYoKifmqKx0Pfji -K1uX0Np0lSChmUr/0X205znhtByYPSBvFp3dPhoceLz7w6Z3fOc= -=7Bp2 ------END PGP SIGNATURE----- diff --git a/phpMyAdmin-4.8.5-all-languages.tar.xz b/phpMyAdmin-4.8.5-all-languages.tar.xz new file mode 100644 index 0000000..7ee8714 --- /dev/null +++ b/phpMyAdmin-4.8.5-all-languages.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d7ab5df4e464d7ba17bf2a42da7d7f26dad45c34bf321ac8ae7d2ed748413913 +size 6026176 diff --git a/phpMyAdmin-4.8.5-all-languages.tar.xz.asc b/phpMyAdmin-4.8.5-all-languages.tar.xz.asc new file mode 100644 index 0000000..0ef9a15 --- /dev/null +++ b/phpMyAdmin-4.8.5-all-languages.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEPQalns5zDrcbURwXznUvF4JZvZIFAlxLzuIACgkQznUvF4JZ +vZIwjA//f1RuFKUj1cp4A5dSqjwN2l5kaoQIkfrLyPXfTWRsdgApV7tH9yYH67pg +DT9awGrQdCygSl1A6jmDbuQ0G4SVbFZwxjSat7bj1JU72t5TAdu09c/jqdi+eB+9 +x3TcgVygz95mcX9sck1SW/O4U+Fgor/8NZCzCIONbaB92un6DnmehXgJ+mx0G3G2 +TL6BNI2wpEFypaBlnAnz+8heYKXaDelXj0T9XlRffL18EUz0Z5juvHWk47/rAdJf +n9C+5TI74mKFsoS6jtCjC/C6xKo76kSKqzjA+KGg7cOOsx9o5691r96+G3ThN35D +c51Vrgt9Bo8isGu2SPDZaFLpWhY6JCRsYhwOSmg02UXaaR8+5t2tMVcEwxgOQsvW +ZhdtuPayOJCP4Dz4Ajgxchqcfk/SzclPIz+iAq92MoWxUbItowdlWG22p61mLLqE +fot2XkPBIzjHrcPl+VdcDet1IV1MuIUYKZisZ6eK6yk8MNqoNk660of5JX781aBw +/wjp1CAvO3TrUBq6Aj80GAF551rIvocbWGy2yhxd+3SpsYT/pre4WJNcMNqKInm+ +uEnuh0RG9OoqjRyMIwTqgLbIkP+Bb0AKDn06oCXESqL2SjNlyybufDYnSyqSEKsG +E+ca8ICHSFQv073krNsci+puOxCG3XXBkfdOhQUjQl+mK6hbnfY= +=7jjD +-----END PGP SIGNATURE----- diff --git a/phpMyAdmin.changes b/phpMyAdmin.changes index 637ed3e..88f2522 100644 --- a/phpMyAdmin.changes +++ b/phpMyAdmin.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Fri Feb 1 19:10:59 UTC 2019 - andreas.stieger@gmx.de + +- phpMyAdmin 4.8.5: + * CVE-2019-6799: Arbitrary file read vulnerability (PMASA-2019-1, + bsc#1123272) + * CVE-2019-6798: SQL injection in the Designer interface + PMASA-2019-2, bsc#1123271) + * Fix rxport to SQL format not available + * Fix QR code not shown when adding two-factor authentication to + a user account + * Fix issue with adding a new user in MySQL 8.0.11 and newer + * Fix frozen interface relating to Text_Plain_Sql plugin + * Fix missing table level operations tab + ------------------------------------------------------------------- Wed Dec 12 10:47:31 UTC 2018 - ecsos@opensuse.org diff --git a/phpMyAdmin.spec b/phpMyAdmin.spec index 35dc1e0..cfe687e 100644 --- a/phpMyAdmin.spec +++ b/phpMyAdmin.spec @@ -1,7 +1,7 @@ # # spec file for package phpMyAdmin # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -29,12 +29,12 @@ %define ap_grp nogroup %endif Name: phpMyAdmin -Version: 4.8.4 +Version: 4.8.5 Release: 0 Summary: Administration of MySQL over the web License: GPL-2.0-or-later Group: Productivity/Networking/Web/Frontends -Url: https://www.phpMyAdmin.net/ +URL: https://www.phpMyAdmin.net/ Source0: https://files.phpmyadmin.net/phpMyAdmin/%{version}/%{name}-%{version}-all-languages.tar.xz Source1: https://files.phpmyadmin.net/phpMyAdmin/%{version}/%{name}-%{version}-all-languages.tar.xz.asc # http://docs.phpmyadmin.net/en/latest/setup.html#verifying-phpmyadmin-releases @@ -47,6 +47,7 @@ Patch0: %{name}-config.patch # Fix-SUSE: auto config for pma storage Patch1: %{name}-pma.patch BuildRequires: apache2-devel +BuildRequires: fdupes BuildRequires: python-devel BuildRequires: xz # @@ -71,9 +72,7 @@ Recommends: php-zip ### will be removed with php >= 7.2 ## boo#1050980 Suggests: php-mcrypt -BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch -BuildRequires: fdupes %description phpMyAdmin can manage a whole MySQL server (needs a super-user) as well as a @@ -127,7 +126,6 @@ done # set proper shebang sed -i 's/env php/php/' vendor/phpmyadmin/sql-parser/bin/*-query -sed -i 's|\/usr\/bin\/env bash|\/bin\/bash|g' vendor/paragonie/random_compat/*.sh # permissions find . -type d -exec chmod 755 {} \; @@ -173,7 +171,7 @@ sed -i -e "s,@ap_docroot@,%{ap_docroot},g" -e "s,@name@,%{name},g" \ sed -i -e "s,@FQDN@,$(cat %{_sysconfdir}/HOSTNAME)," \ -e "s/\\\$cfg\['blowfish_secret'\] = ''/\$cfg['blowfish_secret'] = '`pwgen -s -1 46`'/" %{pma_config} # enable required apache modules -if [ -x /usr/sbin/a2enmod ]; then +if [ -x %{_sbindir}/a2enmod ]; then a2enmod -q version || a2enmod version # get installed php_version (5 or 7) php_version=$(php -v | sed -n 's/^PHP\ \([[:digit:]]\+\)\..*$/\1/p') @@ -189,7 +187,8 @@ fi %files -f FILELIST %defattr(644,root,root,755) %doc ChangeLog -%doc LICENSE README RELEASE-DATE* +%license LICENSE +%doc README RELEASE-DATE* %doc examples doc sql %dir %attr(0750,root,%{ap_grp}) %{_sysconfdir}/%{name} %dir %attr(0770,root,%{ap_grp}) %{ap_docroot}/%{name}/tmp @@ -198,6 +197,5 @@ fi %config(noreplace) %{ap_sysconfdir}/conf.d/%{name}.conf %config(noreplace) %{ap_sysconfdir}/conf.d/%{name}.inc %attr (755,root,root) %{ap_docroot}/%{name}/vendor/phpmyadmin/sql-parser/bin/*-query -%attr (755,root,root) %{ap_docroot}/%{name}/vendor/paragonie/random_compat/*.sh %changelog