Accepting request 512891 from home:computersalat:devel:php

fix for boo#1050980 OBS-URL: https://build.opensuse.org/request/show/512891 OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=290
2017-07-28 09:29:50 +00:00 · 2017-07-28 09:29:50 +00:00 · ce89bab3fd
commit ce89bab3fd
parent d710228a11
2 changed files with 19 additions and 7 deletions
--- a/phpMyAdmin.changes
+++ b/phpMyAdmin.changes
@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Fri Jul 28 09:17:35 UTC 2017 - chris@computersalat.de
+
+- fix for boo#1050980
+  * replace mcrypt with openssl, see
+    https://github.com/phpseclib/phpseclib/issues/1028
+- update changes (update to 4.6.6 (2017-01-23))
+  * add missing (CVE-Not yet available) CVE's
+
 -------------------------------------------------------------------
 Sat Jul 22 08:03:55 UTC 2017 - ecsos@opensuse.org

@ -276,25 +285,25 @@ Wed Jan 25 22:12:33 UTC 2017 - chris@computersalat.de
  * PMASA-2016-44 (CVE-2016-6621, CWE-661)
    https://www.phpmyadmin.net/security/PMASA-2016-44/
    - Multiple vulnerabilities in setup script
-  * PMASA-2017-1 ( CVE-Nya, CWE-661)
+  * PMASA-2017-1 (  CVE-2017-1000013, CWE-661)
    https://www.phpmyadmin.net/security/PMASA-2017-1/
    - Open redirect
  * PMASA-2017-2 ( CVE-2015-8980, CWE-661)
    https://www.phpmyadmin.net/security/PMASA-2017-2/
    - php-gettext code execution
-  * PMASA-2017-3 ( CVE-Nya, CWE-661)
+  * PMASA-2017-3 (  CVE-2017-1000014, CWE-661)
    https://www.phpmyadmin.net/security/PMASA-2017-3/
    - DOS vulnerabiltiy in table editing
-  * PMASA-2017-4 ( CVE-Nya, CWE-661)
+  * PMASA-2017-4 (  CVE-2017-1000015, CWE-661)
    https://www.phpmyadmin.net/security/PMASA-2017-4/
    - CSS injection in themes
-  * PMASA-2017-5 ( CVE-Nya, CWE-661)
+  * PMASA-2017-5 (  CVE-2017-1000016, CWE-661)
    https://www.phpmyadmin.net/security/PMASA-2017-5/
    - Cookie attribute injection attack
-  * PMASA-2017-6 ( CVE-Nya, CWE-661)
+  * PMASA-2017-6 (  CVE-2017-1000017, CWE-661)
    https://www.phpmyadmin.net/security/PMASA-2017-6/
    - SSRF in replication
-  * PMASA-2017-7 ( CVE-Nya, CWE-661)
+  * PMASA-2017-7 (  CVE-2017-1000018, CWE-661)
    https://www.phpmyadmin.net/security/PMASA-2017-7/
    - DOS in replication status
 - remove obsolete phpMyAdmin-12757_sql_syntax_errror.patch
--- a/phpMyAdmin.spec
+++ b/phpMyAdmin.spec
@ -57,8 +57,8 @@ Requires:       php-gettext
 Requires:       php-iconv
 Requires:       php-json
 Requires:       php-mbstring
-Requires:       php-mcrypt
 Requires:       php-mysql
+Requires:       php-openssl
 Requires:       php-session
 Requires:       php-zlib
 # FIXME: use proper Requires(pre/post/preun/...)
@ -68,6 +68,9 @@ PreReq:         pwgen
 PreReq:         sed
 Recommends:     php5-curl
 Recommends:     php5-zip
+### will be removed with php >= 7.2
+## boo#1050980
+Suggests:       php-mcrypt
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildArch:      noarch
 %if 0%{?suse_version} > 1020