From a5aba848d74a1962b8fbc626c4ae81aa041dde2ffad9655592f4888f518be96c Mon Sep 17 00:00:00 2001 From: Eric Schirra Date: Sat, 22 Jan 2022 10:13:19 +0000 Subject: [PATCH] Accepting request 948077 from home:ecsos:server - Update to 5.1.2 This is a security and bufix release. * Security - Fix (CVE-2022-23807, PMASA-2022-1, CWE-661) Two factor authentication bypass - Fix (CVE-2022-23808, PMASA-2022-2, CWE-661) Multiple XSS and HTML injection attacks in setup script * Bugfixes - Revert a changed to $cfg['CharTextareaRows'] allow values less than 7 - Fix encoding of enum and set values on edit value - Fixed possible "Undefined index: clause_is_unique" error - Fixed some situations where a user is logged out when working with more than one server - Fixed a problem with assigning privileges to a user using the multiselect list when the database name has an underscore - Enable cookie parameter "SameSite" when the PHP version is 7.3 or newer - Correctly handle the removal of "innodb_file_format" in MariaDB and MySQL OBS-URL: https://build.opensuse.org/request/show/948077 OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=370 --- phpMyAdmin-5.1.1-all-languages.tar.xz | 3 --- phpMyAdmin-5.1.1-all-languages.tar.xz.asc | 16 --------------- phpMyAdmin-5.1.2-all-languages.tar.xz | 3 +++ phpMyAdmin-5.1.2-all-languages.tar.xz.asc | 16 +++++++++++++++ phpMyAdmin.changes | 24 +++++++++++++++++++++++ phpMyAdmin.spec | 6 +++--- 6 files changed, 46 insertions(+), 22 deletions(-) delete mode 100644 phpMyAdmin-5.1.1-all-languages.tar.xz delete mode 100644 phpMyAdmin-5.1.1-all-languages.tar.xz.asc create mode 100644 phpMyAdmin-5.1.2-all-languages.tar.xz create mode 100644 phpMyAdmin-5.1.2-all-languages.tar.xz.asc diff --git a/phpMyAdmin-5.1.1-all-languages.tar.xz b/phpMyAdmin-5.1.1-all-languages.tar.xz deleted file mode 100644 index b163f6c..0000000 --- a/phpMyAdmin-5.1.1-all-languages.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1964d7190223c11e89fa1b7970c618e3a3bae2e859f5f60383f64c3848ef6921 -size 7751820 diff --git a/phpMyAdmin-5.1.1-all-languages.tar.xz.asc b/phpMyAdmin-5.1.1-all-languages.tar.xz.asc deleted file mode 100644 index 730f8d5..0000000 --- a/phpMyAdmin-5.1.1-all-languages.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEPQalns5zDrcbURwXznUvF4JZvZIFAmC5q30ACgkQznUvF4JZ -vZL+6RAAsXf6ALbX1uyajavyOCuji1MGXaX9F2qmRNTy1CQlSmbHw2fUsgBWHdhu -t8B03SxsUcZy1xxDtC845f+guTZIWPXJvXYKs8RpmoUbDl6mX6faESGqepG7136F -3xhl+o5wesxvESMKCdJLZe6oJugTgkFLb2zpxp32VGp+Xs5gBhmoBSvnCOdDrFSV -pZpPtS8YPnKxxSNAEDhKJfs/G0aSaXVpe7/Nht+/P20HePbcAvImRc4GYmYrgWDo -8d/hQHvfXq0XkyPoDHGtESeAYyslqTuhIjXEPF0J5g+aaoQP687N809S6v+3EUyu -BFMFuN0v45Uu0xgShPGiWA1dRpxQHBOYajZKzTo+EasQN3tlChCUitNSqXAxSrz3 -IqaL13vblNQpIB4qmfS4cFgXGZ2TWIZUULujE/4tVga3x1OTf5LA5WBSyywUYfM4 -VzbvLB+RJ3KXbFywhBihO+zdqiJqdGTf1T3KQyi2ub8s9J3QtIGtAwp9ycQSOQkb -InVqZ2DufidrrSU6UsHp97FPufnJFi2aEL2m13dTDwP88ajZDRAS6QW6dRBsYFg8 -xX65IvSIDkb5NXRV03osRdvom3HgpW134dUJxBQInA1P+Wdk15ELPl5OQy7JBX/9 -ptBkUMm995Tow3GQtytf80w3Ys7y0E28xgBfRdetiBtgmtm0SW4= -=CzRM ------END PGP SIGNATURE----- diff --git a/phpMyAdmin-5.1.2-all-languages.tar.xz b/phpMyAdmin-5.1.2-all-languages.tar.xz new file mode 100644 index 0000000..5bd24fe --- /dev/null +++ b/phpMyAdmin-5.1.2-all-languages.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3aaaa86ded6308f511f67a907c0d7d6096e1dc2a8ae05581ba55a2510abde1e4 +size 7033032 diff --git a/phpMyAdmin-5.1.2-all-languages.tar.xz.asc b/phpMyAdmin-5.1.2-all-languages.tar.xz.asc new file mode 100644 index 0000000..ac1a350 --- /dev/null +++ b/phpMyAdmin-5.1.2-all-languages.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEPQalns5zDrcbURwXznUvF4JZvZIFAmHpj8oACgkQznUvF4JZ +vZK5AA//R2lyW+cWYcJACcOoncAuzNxj9Y3Yyj4D5M0XTgR7J/D5c4ksfWvWu5oG +ocEsdBDWF0FRtosAfSHcEty/JNV7AWghhDx9AblqSSIM60Oe12zxyYhDW8RXDgcL +iH8yFpsyPfqnZlL1BFdnjh7FHKz8l/4arNyg3ZpImTm8hS6vyknFC4pf6jj/uhyQ +a1YWc3HCckgw4ZCrAVehGZvI/ZMoa1DhPHmfJfgflag9frPEXmdMOF3LxQU8L5qL +astW/jb9Ku9+L8pMJbS4MU5IzDxWNQ8x2lrjyIsZoK4MIf5KtiUlqP72oO+Vwm/Y +Mq5sdG3VXhCkEkffCP0zg69rZenHBr+gaN/2VcFc2raND8WhXpmvT2fu5txxDn9I +gDuktSWZS7eVviJj1rx9yd3a1fQWs/03VjD4+nao9EmBhmo8aTxaFkVjE6vJfO02 +GWuNAUHjpSHimbRJRjjDvXOUu+IdhonP1ctta1kPljx0iDPZrPnJw/Htcu0oNq97 +1uoFNYPXuMku0xszRnI/uAGBzOP48i5EFYHYSOaKsUG9S1pKGLCvwFWTFNirxQKj +17AO8k356r7D8EOkpZPtu/RWipXn2Wr5uq7TA5rqEgLSw/wGFsXrKZzhx+0gjG0/ +WYYLU9iduQnD/30ZEYDWuS9nnwx/x/uDkGCg+SU+SnLPEu3I89k= +=eK6E +-----END PGP SIGNATURE----- diff --git a/phpMyAdmin.changes b/phpMyAdmin.changes index 61e2da9..de09704 100644 --- a/phpMyAdmin.changes +++ b/phpMyAdmin.changes @@ -1,3 +1,27 @@ +------------------------------------------------------------------- +Sat Jan 22 09:39:12 UTC 2022 - ecsos + +- Update to 5.1.2 + This is a security and bufix release. + * Security + - Fix (CVE-2022-23807, PMASA-2022-1, CWE-661) + Two factor authentication bypass + - Fix (CVE-2022-23808, PMASA-2022-2, CWE-661) + Multiple XSS and HTML injection attacks in setup script + * Bugfixes + - Revert a changed to $cfg['CharTextareaRows'] allow values + less than 7 + - Fix encoding of enum and set values on edit value + - Fixed possible "Undefined index: clause_is_unique" error + - Fixed some situations where a user is logged out when working + with more than one server + - Fixed a problem with assigning privileges to a user using the + multiselect list when the database name has an underscore + - Enable cookie parameter "SameSite" when the PHP version + is 7.3 or newer + - Correctly handle the removal of "innodb_file_format" in + MariaDB and MySQL + ------------------------------------------------------------------- Sat Jun 5 10:33:05 UTC 2021 - ecsos diff --git a/phpMyAdmin.spec b/phpMyAdmin.spec index b15ba41..997911d 100644 --- a/phpMyAdmin.spec +++ b/phpMyAdmin.spec @@ -1,7 +1,7 @@ # # spec file for package phpMyAdmin # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -25,7 +25,7 @@ %define apache_group nogroup %endif Name: phpMyAdmin -Version: 5.1.1 +Version: 5.1.2 Release: 0 Summary: Administration of MySQL over the web License: GPL-2.0-or-later @@ -104,7 +104,7 @@ Requires: apache2 Requires(post): %{_sbindir}/a2enmod Requires(post): %{_sbindir}/a2enflag Requires(post): php -Requires(postun): %{_sbindir}/a2enflag +Requires(postun):%{_sbindir}/a2enflag Recommends: mod_php_any >= 7.4 Supplements: packageand(apache2:%name)