Accepting request 948077 from home:ecsos:server

- Update to 5.1.2
  This is a security and bufix release.
  * Security
    - Fix (CVE-2022-23807, PMASA-2022-1, CWE-661) 
      Two factor authentication bypass
    - Fix (CVE-2022-23808, PMASA-2022-2, CWE-661)
      Multiple XSS and HTML injection attacks in setup script
  * Bugfixes
    - Revert a changed to $cfg['CharTextareaRows'] allow values
      less than 7
    - Fix encoding of enum and set values on edit value
    - Fixed possible "Undefined index: clause_is_unique" error
    - Fixed some situations where a user is logged out when working
      with more than one server
    - Fixed a problem with assigning privileges to a user using the
      multiselect list when the database name has an underscore
    - Enable cookie parameter "SameSite" when the PHP version
      is 7.3 or newer
    - Correctly handle the removal of "innodb_file_format" in
      MariaDB and MySQL

OBS-URL: https://build.opensuse.org/request/show/948077
OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=370

phpMyAdmin-5.1.1-all-languages.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1964d7190223c11e89fa1b7970c618e3a3bae2e859f5f60383f64c3848ef6921
-size 7751820

phpMyAdmin-5.1.1-all-languages.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEPQalns5zDrcbURwXznUvF4JZvZIFAmC5q30ACgkQznUvF4JZ
-vZL+6RAAsXf6ALbX1uyajavyOCuji1MGXaX9F2qmRNTy1CQlSmbHw2fUsgBWHdhu
-t8B03SxsUcZy1xxDtC845f+guTZIWPXJvXYKs8RpmoUbDl6mX6faESGqepG7136F
-3xhl+o5wesxvESMKCdJLZe6oJugTgkFLb2zpxp32VGp+Xs5gBhmoBSvnCOdDrFSV
-pZpPtS8YPnKxxSNAEDhKJfs/G0aSaXVpe7/Nht+/P20HePbcAvImRc4GYmYrgWDo
-8d/hQHvfXq0XkyPoDHGtESeAYyslqTuhIjXEPF0J5g+aaoQP687N809S6v+3EUyu
-BFMFuN0v45Uu0xgShPGiWA1dRpxQHBOYajZKzTo+EasQN3tlChCUitNSqXAxSrz3
-IqaL13vblNQpIB4qmfS4cFgXGZ2TWIZUULujE/4tVga3x1OTf5LA5WBSyywUYfM4
-VzbvLB+RJ3KXbFywhBihO+zdqiJqdGTf1T3KQyi2ub8s9J3QtIGtAwp9ycQSOQkb
-InVqZ2DufidrrSU6UsHp97FPufnJFi2aEL2m13dTDwP88ajZDRAS6QW6dRBsYFg8
-xX65IvSIDkb5NXRV03osRdvom3HgpW134dUJxBQInA1P+Wdk15ELPl5OQy7JBX/9
-ptBkUMm995Tow3GQtytf80w3Ys7y0E28xgBfRdetiBtgmtm0SW4=
-=CzRM
------END PGP SIGNATURE-----

phpMyAdmin-5.1.2-all-languages.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3aaaa86ded6308f511f67a907c0d7d6096e1dc2a8ae05581ba55a2510abde1e4
+size 7033032

phpMyAdmin-5.1.2-all-languages.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEPQalns5zDrcbURwXznUvF4JZvZIFAmHpj8oACgkQznUvF4JZ
+vZK5AA//R2lyW+cWYcJACcOoncAuzNxj9Y3Yyj4D5M0XTgR7J/D5c4ksfWvWu5oG
+ocEsdBDWF0FRtosAfSHcEty/JNV7AWghhDx9AblqSSIM60Oe12zxyYhDW8RXDgcL
+iH8yFpsyPfqnZlL1BFdnjh7FHKz8l/4arNyg3ZpImTm8hS6vyknFC4pf6jj/uhyQ
+a1YWc3HCckgw4ZCrAVehGZvI/ZMoa1DhPHmfJfgflag9frPEXmdMOF3LxQU8L5qL
+astW/jb9Ku9+L8pMJbS4MU5IzDxWNQ8x2lrjyIsZoK4MIf5KtiUlqP72oO+Vwm/Y
+Mq5sdG3VXhCkEkffCP0zg69rZenHBr+gaN/2VcFc2raND8WhXpmvT2fu5txxDn9I
+gDuktSWZS7eVviJj1rx9yd3a1fQWs/03VjD4+nao9EmBhmo8aTxaFkVjE6vJfO02
+GWuNAUHjpSHimbRJRjjDvXOUu+IdhonP1ctta1kPljx0iDPZrPnJw/Htcu0oNq97
+1uoFNYPXuMku0xszRnI/uAGBzOP48i5EFYHYSOaKsUG9S1pKGLCvwFWTFNirxQKj
+17AO8k356r7D8EOkpZPtu/RWipXn2Wr5uq7TA5rqEgLSw/wGFsXrKZzhx+0gjG0/
+WYYLU9iduQnD/30ZEYDWuS9nnwx/x/uDkGCg+SU+SnLPEu3I89k=
+=eK6E
+-----END PGP SIGNATURE-----

phpMyAdmin.changes

@@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Sat Jan 22 09:39:12 UTC 2022 - ecsos <ecsos@opensuse.org>
+
+- Update to 5.1.2
+  This is a security and bufix release.
+  * Security
+    - Fix (CVE-2022-23807, PMASA-2022-1, CWE-661) 
+      Two factor authentication bypass
+    - Fix (CVE-2022-23808, PMASA-2022-2, CWE-661)
+      Multiple XSS and HTML injection attacks in setup script
+  * Bugfixes
+    - Revert a changed to $cfg['CharTextareaRows'] allow values
+      less than 7
+    - Fix encoding of enum and set values on edit value
+    - Fixed possible "Undefined index: clause_is_unique" error
+    - Fixed some situations where a user is logged out when working
+      with more than one server
+    - Fixed a problem with assigning privileges to a user using the
+      multiselect list when the database name has an underscore
+    - Enable cookie parameter "SameSite" when the PHP version
+      is 7.3 or newer
+    - Correctly handle the removal of "innodb_file_format" in
+      MariaDB and MySQL
+
 -------------------------------------------------------------------
 Sat Jun  5 10:33:05 UTC 2021 - ecsos <ecsos@opensuse.org>
 

phpMyAdmin.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package phpMyAdmin
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -25,7 +25,7 @@
 %define apache_group    nogroup
 %endif
 Name:           phpMyAdmin
-Version:        5.1.1
+Version:        5.1.2
 Release:        0
 Summary:        Administration of MySQL over the web
 License:        GPL-2.0-or-later
@@ -104,7 +104,7 @@ Requires:       apache2
 Requires(post): %{_sbindir}/a2enmod
 Requires(post): %{_sbindir}/a2enflag
 Requires(post): php
-Requires(postun): %{_sbindir}/a2enflag
+Requires(postun):%{_sbindir}/a2enflag
 Recommends:     mod_php_any >= 7.4
 Supplements:    packageand(apache2:%name)