Accepting request 670630 from home:AndreasStieger:branches:server:php:applications

- phpMyAdmin 4.8.5: * CVE-2019-6799: Arbitrary file read vulnerability (PMASA-2019-1, bsc#1123272) * CVE-2019-6798: SQL injection in the Designer interface PMASA-2019-2, bsc#1123271) OBS-URL: https://build.opensuse.org/request/show/670630 OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=329
2019-02-04 10:50:07 +00:00 · 2019-02-04 10:50:07 +00:00 · 8637961872
commit 8637961872
parent 10633498f7
6 changed files with 42 additions and 29 deletions
--- a/phpMyAdmin-4.8.4-all-languages.tar.xz
+++ b/phpMyAdmin-4.8.4-all-languages.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e3d07cf070983bda327b9f3029ef1941c692ebad29275028948b0e11fa55990d
-size 6012216
--- a/phpMyAdmin-4.8.4-all-languages.tar.xz.asc
+++ b/phpMyAdmin-4.8.4-all-languages.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEPQalns5zDrcbURwXznUvF4JZvZIFAlwPG8YACgkQznUvF4JZ
-vZLj/A/+L/xPrnjcIXazZCXoRzZsRZbgfpKaXVI+nATnIYAkYEYkcX38mLXBWkQb
-glWp8zAmhaVB97qIEoruqgIH7xxohJac2grR5BhkrS1QhoRVBGHgWmzHAIV9bWrl
-81sUhTNjAuOyXogagacDChKv2erFl2ABkGvz8EKQXT9qqu197URz868hwYdfpKCa
-2xmrlXL3s93P3zafNG70nppYfFFO6oVnLxAiUfNabQWgIZa7BO7Iu4FSGuBOFmV5
-Weq4Tret9ydB8u4nB55CpEnZGzHC37JXeBjVmcQod8uR6NwWZNFG/EXHpJCMdnER
-Uv5BpzyFh0zLZiCIryzAYJm7gRwfgeV04sBMgaZlwGxBAFYLFYYIltH38IM7fl6c
-MBeLduc3o2i7na7wrC6fYMfny7DLtZ7hEcP4ly+dR3JaDQt26V4rjOWkwa9iHD0A
-9LcD2Jgbsqqs75+jWNx3Ys/369kjDC9gMzoUgMeSpr0NB1ku2mK+I0osQFJ6wHDS
-KSgt8JaOv6auLE47FgZSPifkRaf2Nj/QKxtQS6eY5Ta4hblYhgUgybiZVnC0N4hZ
-kGXVgQjUnJt+ZJvswNW9oKqrZz2681hOgbQE7AwBjmhj7q9oSpYoKifmqKx0Pfji
-K1uX0Np0lSChmUr/0X205znhtByYPSBvFp3dPhoceLz7w6Z3fOc=
-=7Bp2
-----END PGP SIGNATURE-----
--- a/phpMyAdmin-4.8.5-all-languages.tar.xz
+++ b/phpMyAdmin-4.8.5-all-languages.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d7ab5df4e464d7ba17bf2a42da7d7f26dad45c34bf321ac8ae7d2ed748413913
+size 6026176
--- a/phpMyAdmin-4.8.5-all-languages.tar.xz.asc
+++ b/phpMyAdmin-4.8.5-all-languages.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEPQalns5zDrcbURwXznUvF4JZvZIFAlxLzuIACgkQznUvF4JZ
+vZIwjA//f1RuFKUj1cp4A5dSqjwN2l5kaoQIkfrLyPXfTWRsdgApV7tH9yYH67pg
+DT9awGrQdCygSl1A6jmDbuQ0G4SVbFZwxjSat7bj1JU72t5TAdu09c/jqdi+eB+9
+x3TcgVygz95mcX9sck1SW/O4U+Fgor/8NZCzCIONbaB92un6DnmehXgJ+mx0G3G2
+TL6BNI2wpEFypaBlnAnz+8heYKXaDelXj0T9XlRffL18EUz0Z5juvHWk47/rAdJf
+n9C+5TI74mKFsoS6jtCjC/C6xKo76kSKqzjA+KGg7cOOsx9o5691r96+G3ThN35D
+c51Vrgt9Bo8isGu2SPDZaFLpWhY6JCRsYhwOSmg02UXaaR8+5t2tMVcEwxgOQsvW
+ZhdtuPayOJCP4Dz4Ajgxchqcfk/SzclPIz+iAq92MoWxUbItowdlWG22p61mLLqE
+fot2XkPBIzjHrcPl+VdcDet1IV1MuIUYKZisZ6eK6yk8MNqoNk660of5JX781aBw
+/wjp1CAvO3TrUBq6Aj80GAF551rIvocbWGy2yhxd+3SpsYT/pre4WJNcMNqKInm+
+uEnuh0RG9OoqjRyMIwTqgLbIkP+Bb0AKDn06oCXESqL2SjNlyybufDYnSyqSEKsG
+E+ca8ICHSFQv073krNsci+puOxCG3XXBkfdOhQUjQl+mK6hbnfY=
+=7jjD
+-----END PGP SIGNATURE-----
--- a/phpMyAdmin.changes
+++ b/phpMyAdmin.changes
@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Fri Feb  1 19:10:59 UTC 2019 - andreas.stieger@gmx.de
+
+- phpMyAdmin 4.8.5:
+  * CVE-2019-6799: Arbitrary file read vulnerability (PMASA-2019-1,
+    bsc#1123272)
+  * CVE-2019-6798: SQL injection in the Designer interface
+    PMASA-2019-2, bsc#1123271)
+  * Fix rxport to SQL format not available
+  * Fix QR code not shown when adding two-factor authentication to
+    a user account
+  * Fix issue with adding a new user in MySQL 8.0.11 and newer
+  * Fix frozen interface relating to Text_Plain_Sql plugin
+  * Fix missing table level operations tab
+
 -------------------------------------------------------------------
 Wed Dec 12 10:47:31 UTC 2018 - ecsos@opensuse.org

--- a/phpMyAdmin.spec
+++ b/phpMyAdmin.spec
@ -1,7 +1,7 @@
 #
 # spec file for package phpMyAdmin
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.

-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #


@ -29,12 +29,12 @@
 %define ap_grp nogroup
 %endif
 Name:           phpMyAdmin
-Version:        4.8.4
+Version:        4.8.5
 Release:        0
 Summary:        Administration of MySQL over the web
 License:        GPL-2.0-or-later
 Group:          Productivity/Networking/Web/Frontends
-Url:            https://www.phpMyAdmin.net/
+URL:            https://www.phpMyAdmin.net/
 Source0:        https://files.phpmyadmin.net/phpMyAdmin/%{version}/%{name}-%{version}-all-languages.tar.xz
 Source1:        https://files.phpmyadmin.net/phpMyAdmin/%{version}/%{name}-%{version}-all-languages.tar.xz.asc
 # http://docs.phpmyadmin.net/en/latest/setup.html#verifying-phpmyadmin-releases
@ -47,6 +47,7 @@ Patch0:         %{name}-config.patch
 # Fix-SUSE: auto config for pma storage
 Patch1:         %{name}-pma.patch
 BuildRequires:  apache2-devel
+BuildRequires:  fdupes
 BuildRequires:  python-devel
 BuildRequires:  xz
 #
@ -71,9 +72,7 @@ Recommends:     php-zip
 ### will be removed with php >= 7.2
 ## boo#1050980
 Suggests:       php-mcrypt
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildArch:      noarch
-BuildRequires:  fdupes

 %description
 phpMyAdmin can manage a whole MySQL server (needs a super-user) as well as a
@ -127,7 +126,6 @@ done

 # set proper shebang
 sed -i 's/env php/php/' vendor/phpmyadmin/sql-parser/bin/*-query
-sed -i 's|\/usr\/bin\/env bash|\/bin\/bash|g' vendor/paragonie/random_compat/*.sh

 # permissions
 find . -type d -exec chmod 755 {} \;
@ -173,7 +171,7 @@ sed -i -e "s,@ap_docroot@,%{ap_docroot},g" -e "s,@name@,%{name},g" \
 sed -i -e "s,@FQDN@,$(cat %{_sysconfdir}/HOSTNAME)," \
 -e "s/\\\$cfg\['blowfish_secret'\] = ''/\$cfg['blowfish_secret'] = '`pwgen -s -1 46`'/" %{pma_config}
 # enable required apache modules
-if [ -x /usr/sbin/a2enmod ]; then
+if [ -x %{_sbindir}/a2enmod ]; then
  a2enmod -q version || a2enmod version
  # get installed php_version (5 or 7)
  php_version=$(php -v | sed -n 's/^PHP\ \([[:digit:]]\+\)\..*$/\1/p')
@ -189,7 +187,8 @@ fi
 %files -f FILELIST
 %defattr(644,root,root,755)
 %doc ChangeLog
-%doc LICENSE README RELEASE-DATE*
+%license LICENSE
+%doc README RELEASE-DATE*
 %doc examples doc sql
 %dir %attr(0750,root,%{ap_grp}) %{_sysconfdir}/%{name}
 %dir %attr(0770,root,%{ap_grp}) %{ap_docroot}/%{name}/tmp
@ -198,6 +197,5 @@ fi
 %config(noreplace) %{ap_sysconfdir}/conf.d/%{name}.conf
 %config(noreplace) %{ap_sysconfdir}/conf.d/%{name}.inc
 %attr (755,root,root) %{ap_docroot}/%{name}/vendor/phpmyadmin/sql-parser/bin/*-query
-%attr (755,root,root) %{ap_docroot}/%{name}/vendor/paragonie/random_compat/*.sh

 %changelog