From 6cdaeec49642c8c10bc1c1a20b713071cc7d3b9fb1eb722abfcd30e6107d86c6 Mon Sep 17 00:00:00 2001 From: Christian Wittmer Date: Wed, 25 Jan 2017 23:25:29 +0000 Subject: [PATCH] Accepting request 452521 from home:computersalat:devel:php udpate to 4.6.6, fix for boo#1021597, several security fixes OBS-URL: https://build.opensuse.org/request/show/452521 OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=276 --- phpMyAdmin-12757_sql_syntax_errror.patch | 12 ---- phpMyAdmin-4.6.5.2-all-languages.tar.xz | 3 - phpMyAdmin-4.6.5.2-all-languages.tar.xz.asc | 17 ----- phpMyAdmin-4.6.6-all-languages.tar.xz | 3 + phpMyAdmin-4.6.6-all-languages.tar.xz.asc | 17 +++++ phpMyAdmin-config.patch | 11 ++- phpMyAdmin.changes | 75 +++++++++++++++++++++ phpMyAdmin.spec | 5 +- 8 files changed, 101 insertions(+), 42 deletions(-) delete mode 100644 phpMyAdmin-12757_sql_syntax_errror.patch delete mode 100644 phpMyAdmin-4.6.5.2-all-languages.tar.xz delete mode 100644 phpMyAdmin-4.6.5.2-all-languages.tar.xz.asc create mode 100644 phpMyAdmin-4.6.6-all-languages.tar.xz create mode 100644 phpMyAdmin-4.6.6-all-languages.tar.xz.asc diff --git a/phpMyAdmin-12757_sql_syntax_errror.patch b/phpMyAdmin-12757_sql_syntax_errror.patch deleted file mode 100644 index c5ca07e..0000000 --- a/phpMyAdmin-12757_sql_syntax_errror.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -Pdpru phpMyAdmin-4.6.5.2-all-languages.orig/libraries/server_privileges.lib.php phpMyAdmin-4.6.5.2-all-languages/libraries/server_privileges.lib.php ---- phpMyAdmin-4.6.5.2-all-languages.orig/libraries/server_privileges.lib.php 2016-12-05 23:36:28.000000000 +0100 -+++ phpMyAdmin-4.6.5.2-all-languages/libraries/server_privileges.lib.php 2017-01-19 18:37:00.016646510 +0100 -@@ -5237,7 +5237,7 @@ function PMA_getHashedPassword($password - */ - function PMA_checkIfMariaDBPwdCheckPluginActive() - { -- if (Util::getServerType() !== 'MariaDB') { -+ if (!(Util::getServerType() == 'MariaDB' && PMA_MYSQL_INT_VERSION >= 100002)) { - return false; - } - diff --git a/phpMyAdmin-4.6.5.2-all-languages.tar.xz b/phpMyAdmin-4.6.5.2-all-languages.tar.xz deleted file mode 100644 index 4a405ea..0000000 --- a/phpMyAdmin-4.6.5.2-all-languages.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8cb549c0cd04ecaa3b2a8d9315e7c88528603fa6fe91057b13173f6afba80894 -size 6136880 diff --git a/phpMyAdmin-4.6.5.2-all-languages.tar.xz.asc b/phpMyAdmin-4.6.5.2-all-languages.tar.xz.asc deleted file mode 100644 index 9c71cb5..0000000 --- a/phpMyAdmin-4.6.5.2-all-languages.tar.xz.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iQIcBAABAgAGBQJYRe46AAoJEM51LxeCWb2SnE0P/A3JOx05rxBghNn6KV+xDJJa -1/RP3pvzpJSLnZTOeb5fxYkSmAkt3hfH9mU1M+gapvgcO4Fl8PL4IH2vZpQtKPUG -b6rnI0ataUzElyRhpSkKJNk2UafNNJHe6jdiHkX/A+IBJRaNSvq84DFAb0gYXV2W -G1fQ3il9a+uu5s15W+wUPKqIr5BbFo/J2Fl6Lrid6BW0lOI2Pya+enZcLEx5kow0 -EM66hRX4/nbQTQO1ldVlxSTLBjgNpvqtdDNK5OpW04e5sAGVUCfvacoqi+bna1dA -UQkEfrbuIDwlaQAD3fWmED4jUVpw+fDhLpGhTJ23ZPk3ICENshBLYl+44w/vrBR0 -o1dcQnsomMWOlBfANndoUfZOGiEdy33ThNV70J0BBhwOFTfi5H/a0ZucHtJrSUHe -zE6AtkK//FvNqB5ilk+O5F94hRy44aJXRpFaHkfu0vyg4GrnZHZFqODW7IzbIfxg -GRNyOsQaxdJB3RjolxlBzudE8DUC7HvT6ULBH5W+AMCJdvke0uWtk03Te2m823Df -sSvuLk13H8sB+1S5l/BWxTUK3aOQ5AYo1bxjAYFUQRs5JO+g0kUNWJK68fwKYSFM -EgqP+sSlA62BRqQ9tt46BVILLBbvLdzgSJaCXFQIeDkrW20qFcHMsC66qWyyrign -YercIbpv7UwKR5yz1r6m -=mXi6 ------END PGP SIGNATURE----- diff --git a/phpMyAdmin-4.6.6-all-languages.tar.xz b/phpMyAdmin-4.6.6-all-languages.tar.xz new file mode 100644 index 0000000..707703f --- /dev/null +++ b/phpMyAdmin-4.6.6-all-languages.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b7b9e0f88ca740fcba249e7e3e7d51d1923b038b7742cde72de193a2b0a2654f +size 6147904 diff --git a/phpMyAdmin-4.6.6-all-languages.tar.xz.asc b/phpMyAdmin-4.6.6-all-languages.tar.xz.asc new file mode 100644 index 0000000..7d66bd9 --- /dev/null +++ b/phpMyAdmin-4.6.6-all-languages.tar.xz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQIcBAABAgAGBQJYhlgLAAoJEM51LxeCWb2Sw0MP/AyCMPjYYiwJYR0kO1K3OZAf +O23AvvpeS5a18vhzuSM3KYcZ6mFKxEUdt7gE+t26Mfzbmh2LnFt/TJeUUTxehhb6 +x4gpopWn9MacGhb2qVEq0HKNXdARlDKTHTvDaQqsNEsPsZgVA1TWoI02vBfZ2y2T +di8Vrr9BJ8X2J3/UpQnmQTpbxeNrf/fbGG8BKiUUOZYV9zjAKi4WTC6H19XBWIRM +hLVaO5y5sMLpWG42SuPDhrhGEhpzzBdTw34IBkVIG8jhora++0fxlSDobI4h5ZPt +lS1voVgd77ktIsWMuLbiTyd1sVmJkty12dLRmbZe8x9AIyz8d0UIj3tgZmObCOtg +CSbRo0VvlEs+83+C2LrypoTmhXogLnjHkJIsk020aENCzT22IJwzXhqRd4bZsscp +E0q7JwSUtwKMXFkC8fsb0AqQvJgZu5Ibc9iYJVfZrajLMJKtjMUV4FOUnQRNYyMv +9y75Ie0dW23A5zk60v0huI3wS+YifYko6GJhdU/VXIA59WWx6yu8eahHo2xAwbhr +SIgGNXIm6b1f2m6/qUaxFesGGnaqFtFKDWBqQ6Udsb2WS/OsFcQMsse7l41niVrc +oCjHESm/Y8IeK/BbVw9vzw4q5/pFkmo7vZWbvzu+kfQroOt6nLwsnBAsAGpKSS0S +HjeOlIip+yt3FTOWt/sw +=xT3I +-----END PGP SIGNATURE----- diff --git a/phpMyAdmin-config.patch b/phpMyAdmin-config.patch index bfefb96..a1816f1 100644 --- a/phpMyAdmin-config.patch +++ b/phpMyAdmin-config.patch @@ -253,7 +253,7 @@ Index: libraries/vendor_config.php =================================================================== --- libraries/vendor_config.php.orig +++ libraries/vendor_config.php -@@ -17,18 +17,18 @@ if (! defined('PHPMYADMIN')) { +@@ -17,25 +17,25 @@ if (! defined('PHPMYADMIN')) { * Path to changelog file, can be gzip compressed. Useful when you want to * have documentation somewhere else, eg. /usr/share/doc. */ @@ -268,14 +268,13 @@ Index: libraries/vendor_config.php +define('LICENSE_FILE', '@docdir@/LICENSE'); /** - * Path to config file generated using setup script. + * Directory where SQL scripts to create/upgrade configuration storage reside. */ --define('SETUP_CONFIG_FILE', './config/config.inc.php'); -+define('SETUP_CONFIG_FILE', '@sysconfdir@/config.inc.php'); +-define('SQL_DIR', './sql/'); ++define('SQL_DIR', '@docdir@/sql/'); /** - * Whether setup requires writable directory where config -@@ -46,7 +46,7 @@ define('SQL_DIR', './sql/'); + * Directory where configuration files are stored. * It is not used directly in code, just a convenient * define used further in this file. */ diff --git a/phpMyAdmin.changes b/phpMyAdmin.changes index 5b964ad..1fd2f2c 100644 --- a/phpMyAdmin.changes +++ b/phpMyAdmin.changes @@ -1,3 +1,78 @@ +------------------------------------------------------------------- +Wed Jan 25 22:12:33 UTC 2017 - chris@computersalat.de + +- 4.6.6 (2017-01-23) + * gh#12759 Fix Notice regarding 'Undefined index: old_usergroup' + * gh#12760 Fix Notice regarding 'Undefined index: users' + * gh#12762 Fixed parsing of SQL with BINARY function + * gh#12588 ReCaptcha now works without allow_url_fopen + * gh#12699 Show no local storage warning only on settings tab + * gh#12778 Syntax Error in Adding/Changing TIMESTAMP columns with + default value as NULL + * gh#12769 Edit/Export links are not clickable under Routines tab + * gh#12757 Fixed creating new user with older MariaDB + * gh#12784 Remove ctype installation suggestion + * gh#12780 Format button replaces all text with blank spaces + * gh#12786 Fixed database searching + * gh#12792 Fixed javascript error on new version link + * gh#12785 Add information about required and suggested extensions + to composer.json + * gh#12801 Custom header shown twice with cookie login form + * gh#12802 Custom footer not shown with auth_type http login failure + * gh#12434 Improve documentation for servers running with Suhosin + * gh#12800 Updated embedded phpSecLib to 2.0.4 + * gh#12800 Fixed various issues with PHP 7.1 + * gh#11816 Fixed operation with lower_case_table_names=2 + * gh#12813 Fixed stored procedure execution + * gh#12826 Honor user configured connection collation + * gh#12293 Correctly report OpenSSL errors from cookie encryption + * gh#12814 DateTime won't allow to input length in Routine editor + * gh#12840 Fix Notice regarding 'Undefined index: row_format' when + altering table options + * gh#12841 Fixed moving of columns with whitespace in name + * gh#12847 Fixed editing of virtual columns + * gh#12859 Changed WHERE condition to 0 instead of 1 for SQL query + window to avoid accidents + * gh#12872 Use same query for display and execution when dropping + index + * gh#12868 Fix check for user groups freatures being enabled + * gh#12876 Fix notices and warning related to dbs_to_test global + * gh#12831 Fix table formatting on Insert tab, which mostly + affected row highlighting + * gh#12495 Reintroduced phpinfo page with limited capabilities + * gh#12861 Fix renaming tables with lower_case_table_names=2 + * gh#12876 Fix possible PHP error in navigation + * gh#12881 Fix database search with newer php-gettext + * gh#12894 Fix linter error on unterminated variable name + * gh#12732 Fixed filtering for active processes +- fix for boo#1021597 + * PMASA-2016-44 (CVE-2016-6621, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2016-44/ + - Multiple vulnerabilities in setup script + * PMASA-2017-1 ( CVE-Nya, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2017-1/ + - Open redirect + * PMASA-2017-2 ( CVE-2015-8980, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2017-2/ + - php-gettext code execution + * PMASA-2017-3 ( CVE-Nya, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2017-3/ + - DOS vulnerabiltiy in table editing + * PMASA-2017-4 ( CVE-Nya, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2017-4/ + - CSS injection in themes + * PMASA-2017-5 ( CVE-Nya, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2017-5/ + - Cookie attribute injection attack + * PMASA-2017-6 ( CVE-Nya, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2017-6/ + - SSRF in replication + * PMASA-2017-7 ( CVE-Nya, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2017-7/ + - DOS in replication status +- remove obsolete phpMyAdmin-12757_sql_syntax_errror.patch +- rework phpMyAdmin-config.patch + ------------------------------------------------------------------- Thu Jan 19 17:42:49 UTC 2017 - ecsos@opensuse.org diff --git a/phpMyAdmin.spec b/phpMyAdmin.spec index 8a3a9bd..fe1b1eb 100644 --- a/phpMyAdmin.spec +++ b/phpMyAdmin.spec @@ -29,7 +29,7 @@ %define ap_grp nogroup %endif Name: phpMyAdmin -Version: 4.6.5.2 +Version: 4.6.6 Release: 0 Summary: Administration of MySQL over the web License: GPL-2.0+ @@ -45,8 +45,6 @@ Source100: %{name}-rpmlintrc Patch0: %{name}-config.patch # Fix-SUSE: auto config for pma storage Patch1: %{name}-pma.patch -# Fix-SUSE: Fix #12757 SQL syntax errror on MariaDB < 10.0.2 in check for mysql password check plugin -Patch2: %{name}-12757_sql_syntax_errror.patch BuildRequires: apache2-devel BuildRequires: python-devel BuildRequires: xz @@ -117,7 +115,6 @@ Currently phpMyAdmin can: perl -p -i -e 's|\r\n|\n|' examples/config.manyhosts.inc.php %patch0 %patch1 -%patch2 -p1 # rpmlint: fix incorrect-fsf-address find . -type f | xargs sed -i -e 's:59 Temple Place\, Suite 330\, Boston\, MA 02111-1307 USA:51 Franklin Street\, Fifth Floor\, Boston\, MA 02110-1301 USA:g'