From 97c0a49cac64c4523ab1bb390228d005491978ee3e51256062cc8595d0c54f45 Mon Sep 17 00:00:00 2001
From: Eric Schirra <ecsos@schirra.net>
Date: Mon, 12 Oct 2020 06:40:27 +0000
Subject: [PATCH] Accepting request 841131 from home:ecsos:server

- Update to 4.9.6
    This is a security release.
- Fix boo#1177561 (CVE-2020-26934, PMASA-2020-5) XSS relating to
  the transformation feature
- Fix boo#1177562 (CVE-2020-26935, PMASA-2020-6) SQL injection
  vulnerability in SearchController

OBS-URL: https://build.opensuse.org/request/show/841131
OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=356
---
 phpMyAdmin-4.9.5-all-languages.tar.xz     |  3 ---
 phpMyAdmin-4.9.5-all-languages.tar.xz.asc | 16 ----------------
 phpMyAdmin-4.9.6-all-languages.tar.xz     |  3 +++
 phpMyAdmin-4.9.6-all-languages.tar.xz.asc | 16 ++++++++++++++++
 phpMyAdmin.changes                        | 10 ++++++++++
 phpMyAdmin.spec                           |  4 ++--
 6 files changed, 31 insertions(+), 21 deletions(-)
 delete mode 100644 phpMyAdmin-4.9.5-all-languages.tar.xz
 delete mode 100644 phpMyAdmin-4.9.5-all-languages.tar.xz.asc
 create mode 100644 phpMyAdmin-4.9.6-all-languages.tar.xz
 create mode 100644 phpMyAdmin-4.9.6-all-languages.tar.xz.asc

diff --git a/phpMyAdmin-4.9.5-all-languages.tar.xz b/phpMyAdmin-4.9.5-all-languages.tar.xz
deleted file mode 100644
index 815ec27..0000000
--- a/phpMyAdmin-4.9.5-all-languages.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e02823e7844bc17aa6393e1acfed6970f5a3688fe8d0c693e74670d8fed9ecd4
-size 6138948
diff --git a/phpMyAdmin-4.9.5-all-languages.tar.xz.asc b/phpMyAdmin-4.9.5-all-languages.tar.xz.asc
deleted file mode 100644
index dd225dd..0000000
--- a/phpMyAdmin-4.9.5-all-languages.tar.xz.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEPQalns5zDrcbURwXznUvF4JZvZIFAl51k6cACgkQznUvF4JZ
-vZLUtQ/+NWk7yiYvoWYiIQIMG4ZpVKDdVuoEyki+HNtckScoeQwki9acchMMJfiy
-DSkYalVMYtufu17mLIaL3vDGzU9f01ucwosgcSHmsNBt/Vw3m/tsNPDq+dnFhwFw
-Jmn6e91Uq+RQLzp+omCvsiWT8UveBDudP8a6iHiiOWG1pX1i/p7kbWG+f0p53yiQ
-NF6qfTXpIiaTdURyxl1Bug2IKv/IpR2RCOs3fqGwiYonbS03pbuGCb8A/Kyjsktl
-kde9QZcTvcOzma7neTXVnmY3wobYK6q7tEIaMEzLAdAhmlV0HjTmLmHjDJHPgVI2
-NoEnDRDXNNmmDsvs3ZiXko70sDf86JAc4JSzUYCqUR2T+lpY1dej3vSZ2uzXcSXZ
-RROAWTIw5zP2bktQOPTzbbjKn8hX3z9N+GYS7NvU4r1Kd+G4psCO3pdJSijwr0Ds
-hRdUPD9B29WZ+PHZX3Zsl3lLzWQWKgwxyI2u8M8/L6dehhbvo/jnmKg8YuvVDnO+
-DJBgBxmg8bPfAhANeDZGfnnDc8WDov9/jnRnom05FDxuQEY00xB69iKXJ0mlMrC+
-7einymn6VlPJV2nLHt1uZp3ZU3oC6Lm1sdjaJcqzZlT86I97lwefZg43nsSe9Uui
-jDo/UqcB0CPicYSPRdIx3RpJfETAJ5RdDZQByieBALPENuchmto=
-=Lvjt
------END PGP SIGNATURE-----
diff --git a/phpMyAdmin-4.9.6-all-languages.tar.xz b/phpMyAdmin-4.9.6-all-languages.tar.xz
new file mode 100644
index 0000000..c9da4c1
--- /dev/null
+++ b/phpMyAdmin-4.9.6-all-languages.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:daa79d371d1cdf9a1dcc7f45ba4e3086f6d0fbaefde71f9f4ccb66d9686186a9
+size 4978288
diff --git a/phpMyAdmin-4.9.6-all-languages.tar.xz.asc b/phpMyAdmin-4.9.6-all-languages.tar.xz.asc
new file mode 100644
index 0000000..e0528c4
--- /dev/null
+++ b/phpMyAdmin-4.9.6-all-languages.tar.xz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEPQalns5zDrcbURwXznUvF4JZvZIFAl+BJOEACgkQznUvF4JZ
+vZJCQQ//YlApD/OUp0ouvYTjNcVvTxDhaqoeUjACBMpo6rX26LUc8EBBvl9pMV2P
+SlUv3Age0TFzqO+1gnGTdPmQqetmWXvevDlzXb1EX1alBWUbirvAG0OP1xLXJcF+
+8xBe/0XJX01HlMr6ojGBs24LcreYqyHG9huT1rBo5R6rjTrFHXoISAExb2NlnuDx
++/NIAvvzrXjsKCvf8sPxegTnkqt1prQd30U+siM2n78g+XhfVa4lCYCVdG9SRB1D
+bb1cxXIJCZ0ZwfjkL/Tn+4qBiL0XWmT9sNl2b6dN9hHlyIK1E54Vw94VMmVVywTs
+sDNp5hh78AjCpf6FrrN8dOCJq6Nmx/aKZx09a1KuFWo265917P7SrayKzv16AOye
+rcmsRQfe3D5qgswc8FuBvgzMWrUEyudJOEgJl6Z9SnMPrv+9C4Z8Uu61okIP85ao
+gNWXGs9b5H7EaLUNH9bxs8jH7NxkKptH2CVPbTjyM5ipn2J7bIgeiNOqXITYfXp9
+GA3WFVXFPN9Cte+By2CQnzlVAfg5M1WrdP/J+cYSClo8PH4OBVwPainZDicvy514
+q/V8lxcCSZsEtIXdLQY70+2MalFjOxxvchWVKRq3KHXjm707vE/GwPMWTcB3PQH3
++qetrsAKnkOQ4Q4J2HpP9ez4/WWTla6w45EG9x/tjXNhDjqCM+E=
+=4I4m
+-----END PGP SIGNATURE-----
diff --git a/phpMyAdmin.changes b/phpMyAdmin.changes
index 806e840..bff76ff 100644
--- a/phpMyAdmin.changes
+++ b/phpMyAdmin.changes
@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Mon Oct 12 06:25:53 UTC 2020 - ecsos <ecsos@opensuse.org>
+
+- Update to 4.9.6
+    This is a security release.
+- Fix boo#1177561 (CVE-2020-26934, PMASA-2020-5) XSS relating to
+  the transformation feature
+- Fix boo#1177562 (CVE-2020-26935, PMASA-2020-6) SQL injection 
+  vulnerability in SearchController
+
 -------------------------------------------------------------------
 Sun May  3 15:22:25 UTC 2020 - chris@computersalat.de
 
diff --git a/phpMyAdmin.spec b/phpMyAdmin.spec
index a1f3f6e..c00c579 100644
--- a/phpMyAdmin.spec
+++ b/phpMyAdmin.spec
@@ -30,7 +30,7 @@
 %define ap_grp nogroup
 %endif
 Name:           phpMyAdmin
-Version:        4.9.5
+Version:        4.9.6
 Release:        0
 Summary:        Administration of MySQL over the web
 License:        GPL-2.0-or-later
@@ -206,7 +206,7 @@ if [ -x %{_sbindir}/a2enflag ]; then
     a2enflag %{name}
   fi
 fi
-# We changed ap_docroot from %{ap_docroot_old} to %{ap_docroot} (/srv/www/htdocs to /usr/share)
+# We changed ap_docroot from %%{ap_docroot_old} to %%{ap_docroot} (/srv/www/htdocs to /usr/share)
 # If someone did 'manually' change the config file it won't be replaced by rpm
 # Hence we backup the existing and place the new one
 find=0