Accepting request 356586 from home:AndreasStieger:branches:server:php:applications

phpMyAdmin 4.5.4 OBS-URL: https://build.opensuse.org/request/show/356586 OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=247
2016-01-28 18:21:31 +00:00 · 2016-01-28 18:21:31 +00:00 · b2d6edc01b
commit b2d6edc01b
parent 4c293924d9
7 changed files with 496 additions and 7733 deletions
--- a/phpMyAdmin-4.5.3.1-all-languages.tar.xz
+++ b/phpMyAdmin-4.5.3.1-all-languages.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:75be3589b5e4800afb21581761478ddc5b888d6a09d5235a0ba997401d04fc00
-size 5757736
--- a/phpMyAdmin-4.5.3.1-all-languages.tar.xz.asc
+++ b/phpMyAdmin-4.5.3.1-all-languages.tar.xz.asc
@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iQIcBAABAgAGBQJWfaJRAAoJEP78ZdGBr2RKy1QP/jjSHIKkyTX+RG6BFySayK02
-0kN2G4WS9BtcGCtwEVVo5HmnQ3+KRw8U03wIiDhK7aODKsZqfShSl/VHRFo1X2n3
-AGkcjtQ/bM8ClxF5RfvP5z22L9ChEGaN7To9xV3Xrq9v7KFA0GAQGtC6JojHqZn2
-diOxB6M7x2Uxa7faF4u+p5DQMzB7oyjDBwFcKTs26K3YNRXpOFVnQlt0jjGAQF3w
-LZByoXrx40CmIDgw88vPuQifHQKz/thA7PAPIrDGq8jyNXTAIncFChahqBbYUsFg
-RmSBe/2K0UYRd5HGUCA984r9TNbp4DAoA88SJf6rgzy2ZozXhXjW/M7k0OlBt4np
-W5SZ1RmrMdYStzAvSZ98zglXJr7uxEJxthGRZ8+QiUVt8IS5DGHHQmyg4Wc+xWWG
-BtLl2hPsm3QCy1dDIj5QUOcdCEESTFhZ0x/43vt8jGIlp6rCxA6j+Mi8cAcA8VSU
-qnN9BRs3PE3kU862EgTeTmQIMZL5Od2il3OHamXaaLD62DmbitjjnrbHXpP2AfML
-gUDr61AlmVBKhrlqVDwREsKwJgI3xXA3iWFdl+B8ixEyMvVLUbpALGk/CvzYJ5qp
-FIgsk6mfw/78JfBWd0eIgKMP6ICq9Og0ehVMsD1yIqnmQkaSdSENHb2Z4cGmeywa
-f2HteGhZ0/6wVFODnJF6
-=PNwT
-----END PGP SIGNATURE-----
--- a/phpMyAdmin-4.5.4-all-languages.tar.xz
+++ b/phpMyAdmin-4.5.4-all-languages.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:544670aea61d40c1a6e569f0955de2725c354f61c959870749b525d6b3d503dd
+size 5810856
--- a/phpMyAdmin-4.5.4-all-languages.tar.xz.asc
+++ b/phpMyAdmin-4.5.4-all-languages.tar.xz.asc
@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQIcBAABAgAGBQJWqZK5AAoJEM51LxeCWb2SGvoQAJDS20CJ56uJRr8ro0LYpfF+
+/GwuOC4I/PdJ24JwYM1jqpJUPL86Z5vxDaYVRzvpRDsmURGkzw7zi6nKEnCa/sVQ
+91yHApN8CIEBWjZPEZG9IBeFnnAtv66kyB+ClrrJFTsISdkeDMGmjEclEGNUwuhN
+GJWvYZ03BUIUoMi3WLZmnhu+J2yd+43+zqo9rj8IyTJCOoz4SNklhWhMBng+jXud
+fwgMA3BZkq+rqAZTiw0uQrp+0UnEa+66d5NUQCrcSV2FDx0hU0C9fKdkW6jl5CZJ
+zJZSzpuGDlJopBdFU7aFTwackb7UpsjIXcXX3vQLrEk+W3IWPGbKfWYBZuSg1FNx
+qOZxTkigRXFxqwln8unKYHCB+ppggxqQEdXONl7kMp4NSVG+Pwq7MlXxxFDawf1m
+PjY5chNEgdbA4G0MeKHFMYCyOsNQ4jzGoy4vBD4hPIWVTTqytcbVkeSV80e8PCj5
+cUElf3RvCYNqNLyZ7OEnkJiV0cfC24lE0WM7VuscUqPlGnefCHjSbAq5Qk/1KatV
+UcnRf7ImuVeY/3J4wurnPessRp9uU8yvLcgPol65UoHK8Urm9DTpq9UrYORkUbHm
+TSBTprA7wAT7ypK6h6ktAIEw0433ndMP3hYOjA32zoj83jC/vAe9N57ub9pczvl
+RwzFU+0iUpA2/ikMsr5i
+=HGmk
+-----END PGP SIGNATURE-----
--- a/phpMyAdmin.changes
+++ b/phpMyAdmin.changes
@ -1,3 +1,19 @@
+-------------------------------------------------------------------
+Thu Jan 28 18:20:05 UTC 2016 - astieger@suse.com
+
+- phpMyAdmin 4.5.4
+  The followinng vulnerabilities were fixed: (boo#964024)
+  * CVE-2016-2038: Multiple full path disclosure vulnerabilities
+  * CVE-2016-2039: Unsafe generation of XSRF/CSRF token
+  * CVE-2016-2040: Multiple XSS vulnerabilities
+  * CVE-2016-1927: Insecure password generation in JavaScript
+  * CVE-2016-2041: Unsafe comparison of XSRF/CSRF token
+  * CVE-2016-2042: Multiple full path disclosure vulnerabilities
+  * CVE-2016-2043: XSS vulnerability in normalization page
+  * CVE-2016-2044: Full path disclosure vulnerability in SQL parser
+  * CVE-2016-2045: XSS vulnerability in SQL editor
+- update upstream singing keyring
+
 -------------------------------------------------------------------
 Sun Jan 10 23:40:38 UTC 2016 - astieger@suse.com

--- a/phpMyAdmin.keyring
+++ b/phpMyAdmin.keyring
--- a/phpMyAdmin.spec
+++ b/phpMyAdmin.spec
@ -29,7 +29,7 @@
 %define ap_grp nogroup
 %endif
 Name:           phpMyAdmin
-Version:        4.5.3.1
+Version:        4.5.4
 Release:        0
 Summary:        Administration of MySQL over the web
 License:        GPL-2.0+
@ -37,7 +37,8 @@ Group:          Productivity/Networking/Web/Frontends
 Url:            https://www.phpMyAdmin.net/
 Source0:        https://files.phpmyadmin.net/phpMyAdmin/%{version}/%{name}-%{version}-all-languages.tar.xz
 Source1:        https://files.phpmyadmin.net/phpMyAdmin/%{version}/%{name}-%{version}-all-languages.tar.xz.asc
-Source2:        %{name}.keyring
+# http://docs.phpmyadmin.net/en/latest/setup.html#verifying-phpmyadmin-releases
+Source2:        https://files.phpmyadmin.net/phpmyadmin.keyring#/%{name}.keyring
 Source3:        %{name}.http
 Source100:      %{name}-rpmlintrc
 # Fix-SuSE: provide useful default config