summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemi Collet <fedora@famillecollet.com>2014-07-18 07:49:24 +0200
committerRemi Collet <fedora@famillecollet.com>2014-07-18 07:49:24 +0200
commitcd30c3d2c877f5df411c0a6d3389385e5f028872 (patch)
tree80b8c2923aa595ce785871eb45d86ffe3c51267d
parent1ffa7cc9538c44781efcce1bdd777f507c40cb12 (diff)
phpMyAdmin: update to 4.2.6 (security)
-rw-r--r--phpMyAdmin-phpseclib.patch56
-rw-r--r--phpMyAdmin.spec14
2 files changed, 7 insertions, 63 deletions
diff --git a/phpMyAdmin-phpseclib.patch b/phpMyAdmin-phpseclib.patch
deleted file mode 100644
index 87f254a..0000000
--- a/phpMyAdmin-phpseclib.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From c6e76422c41e1c573c0c0163376a61d4556083b2 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= <michal@cihar.com>
-Date: Thu, 12 Jun 2014 10:06:20 +0200
-Subject: [PATCH] Allow to use system phpseclib
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Signed-off-by: Michal Čihař <michal@cihar.com>
----
- doc/vendors.rst | 3 ++-
- libraries/plugins/auth/AuthenticationCookie.class.php | 4 ++--
- libraries/vendor_config.php | 5 +++++
- 3 files changed, 9 insertions(+), 3 deletions(-)
-
-diff --git a/libraries/plugins/auth/AuthenticationCookie.class.php b/libraries/plugins/auth/AuthenticationCookie.class.php
-index 9683b78..88bd852 100644
---- a/libraries/plugins/auth/AuthenticationCookie.class.php
-+++ b/libraries/plugins/auth/AuthenticationCookie.class.php
-@@ -718,7 +718,7 @@ public function blowfishEncrypt($data, $secret)
- * if/then/else logic, however the include_once
- * call is costly
- */
-- include_once "./libraries/phpseclib/Crypt/AES.php";
-+ include_once PHPSECLIB_INC_DIR . '/Crypt/AES.php';
- $cipher = new Crypt_AES(CRYPT_AES_MODE_ECB);
- $cipher->setKey($secret);
- return base64_encode($cipher->encrypt($data));
-@@ -750,7 +750,7 @@ public function blowfishDecrypt($encdata, $secret)
- $this->_blowfish_iv = base64_decode($_COOKIE['pma_mcrypt_iv'], true);
- }
- if (! function_exists('mcrypt_encrypt')) {
-- include_once "./libraries/phpseclib/Crypt/AES.php";
-+ include_once PHPSECLIB_INC_DIR . '/Crypt/AES.php';
- $cipher = new Crypt_AES(CRYPT_AES_MODE_ECB);
- $cipher->setKey($secret);
- return $cipher->decrypt(base64_decode($encdata));
-diff --git a/libraries/vendor_config.php b/libraries/vendor_config.php
-index ea72b64..0ba36b0 100644
---- a/libraries/vendor_config.php
-+++ b/libraries/vendor_config.php
-@@ -75,6 +75,11 @@
- define('TCPDF_INC', './libraries/tcpdf/tcpdf.php');
-
- /**
-+ * Path to the phpseclib. Useful when you want to use system phpseclib.
-+ */
-+define('PHPSECLIB_INC_DIR', './libraries/phpseclib/');
-+
-+/**
- * Avoid referring to nonexistent files (causes warnings when open_basedir
- * is used)
- */
---
-1.9.3
-
diff --git a/phpMyAdmin.spec b/phpMyAdmin.spec
index a192fee..31207c7 100644
--- a/phpMyAdmin.spec
+++ b/phpMyAdmin.spec
@@ -13,8 +13,8 @@
%{!?_pkgdocdir: %global _pkgdocdir %{_datadir}/doc/%{name}-%{version}}
Name: phpMyAdmin
-Version: 4.2.5
-Release: 2%{?dist}
+Version: 4.2.6
+Release: 1%{?dist}
Summary: Web based MySQL browser written in php
Group: Applications/Internet
@@ -23,8 +23,6 @@ URL: http://www.phpmyadmin.net/
Source0: http://downloads.sourceforge.net/sourceforge/phpmyadmin/%{name}-%{version}%{?prever:-%prever}-all-languages.tar.bz2
Source2: phpMyAdmin.htaccess
-Patch0: %{name}-phpseclib.patch
-
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
BuildRequires: unzip
@@ -44,6 +42,7 @@ Requires: php-iconv
Requires: php-json
Requires: php-libxml
Requires: php-mbstring
+Requires: php-mcrypt
Requires: php-mysqli
Requires: php-openssl
Requires: php-pcre
@@ -76,8 +75,6 @@ is available in 50 languages
%prep
%setup -qn phpMyAdmin-%{version}%{?prever:-%prever}-all-languages
-%patch0 -p1
-
# Minimal configuration file
sed -e "/'extension'/s@'mysql'@'mysqli'@" \
-e "/'blowfish_secret'/s@''@'MUSTBECHANGEDONINSTALL'@" \
@@ -170,10 +167,13 @@ sed -i -e "/'blowfish_secret'/s/MUSTBECHANGEDONINSTALL/$RANDOM$RANDOM$RANDOM$RAN
%changelog
+* Fri Jul 18 2014 Remi Collet <rpms@famillecollet.com> 4.2.6-1
+- update to 4.2.6 (Thu, 17 Jul 2014, security)
+- fix for PMASA-2014-4 to PMASA-2014-7
+
* Tue Jul 8 2014 Remi Collet <rpms@famillecollet.com> 4.2.5-2
- apply upstream patch to use system phpseclib
- add dependency on php-phpseclib-crypt-aes
-- drop dependency on php-mcrypt
* Thu Jun 26 2014 Remi Collet <rpms@famillecollet.com> 4.2.5-1
- update to 4.2.5 (Thu, 26 Jun 2014, bugfix)