diff options
| -rw-r--r-- | phpMyAdmin.htaccess | 40 | ||||
| -rw-r--r-- | phpMyAdmin.htaccess22 | 103 | ||||
| -rw-r--r-- | phpMyAdmin.spec | 15 |
3 files changed, 126 insertions, 32 deletions
diff --git a/phpMyAdmin.htaccess b/phpMyAdmin.htaccess index 4ac6cb4..5854f10 100644 --- a/phpMyAdmin.htaccess +++ b/phpMyAdmin.htaccess @@ -11,52 +11,30 @@ Alias /phpmyadmin /usr/share/phpMyAdmin <Directory /usr/share/phpMyAdmin/> AddDefaultCharset UTF-8 - <IfModule mod_authz_core.c> - # Apache 2.4 - Require local - </IfModule> - <IfModule !mod_authz_core.c> - # Apache 2.2 - Order Deny,Allow - Deny from All - Allow from 127.0.0.1 - Allow from ::1 - </IfModule> + Require local </Directory> <Directory /usr/share/phpMyAdmin/setup/> - <IfModule mod_authz_core.c> - # Apache 2.4 - Require local - </IfModule> - <IfModule !mod_authz_core.c> - # Apache 2.2 - Order Deny,Allow - Deny from All - Allow from 127.0.0.1 - Allow from ::1 - </IfModule> + Require local </Directory> # These directories do not require access over HTTP - taken from the original # phpMyAdmin upstream tarball # <Directory /usr/share/phpMyAdmin/libraries/> - Order Deny,Allow - Deny from All - Allow from None + Require all denied +</Directory> + +<Directory /usr/share/phpMyAdmin/templates/> + Require all denied </Directory> <Directory /usr/share/phpMyAdmin/setup/lib/> - Order Deny,Allow - Deny from All - Allow from None + Require all denied </Directory> <Directory /usr/share/phpMyAdmin/setup/frames/> - Order Deny,Allow - Deny from All - Allow from None + Require all denied </Directory> # This configuration prevents mod_security at phpMyAdmin directories from diff --git a/phpMyAdmin.htaccess22 b/phpMyAdmin.htaccess22 new file mode 100644 index 0000000..64d7e9a --- /dev/null +++ b/phpMyAdmin.htaccess22 @@ -0,0 +1,103 @@ +# phpMyAdmin - Web based MySQL browser written in php +# +# Allows only localhost by default +# +# But allowing phpMyAdmin to anyone other than localhost should be considered +# dangerous unless properly secured by SSL + +Alias /phpMyAdmin /usr/share/phpMyAdmin +Alias /phpmyadmin /usr/share/phpMyAdmin + +<Directory /usr/share/phpMyAdmin/> + AddDefaultCharset UTF-8 + + <IfModule mod_authz_core.c> + # Apache 2.4 + Require local + </IfModule> + <IfModule !mod_authz_core.c> + # Apache 2.2 + Order Deny,Allow + Deny from All + Allow from 127.0.0.1 + Allow from ::1 + </IfModule> +</Directory> + +<Directory /usr/share/phpMyAdmin/setup/> + <IfModule mod_authz_core.c> + # Apache 2.4 + Require local + </IfModule> + <IfModule !mod_authz_core.c> + # Apache 2.2 + Order Deny,Allow + Deny from All + Allow from 127.0.0.1 + Allow from ::1 + </IfModule> +</Directory> + +# These directories do not require access over HTTP - taken from the original +# phpMyAdmin upstream tarball +# +<Directory /usr/share/phpMyAdmin/libraries/> + <IfModule mod_authz_core.c> + # Apache 2.4 + Require all denied + </IfModule> + <IfModule !mod_authz_core.c> + # Apache 2.2 + Order Deny,Allow + Deny from All + Allow from None + </IfModule> +</Directory> + +<Directory /usr/share/phpMyAdmin/templates/> + <IfModule mod_authz_core.c> + # Apache 2.4 + Require all denied + </IfModule> + <IfModule !mod_authz_core.c> + # Apache 2.2 + Order Deny,Allow + Deny from All + Allow from None + </IfModule> +</Directory> + +<Directory /usr/share/phpMyAdmin/setup/lib/> + <IfModule mod_authz_core.c> + # Apache 2.4 + Require all denied + </IfModule> + <IfModule !mod_authz_core.c> + # Apache 2.2 + Order Deny,Allow + Deny from All + Allow from None + </IfModule> +</Directory> + +<Directory /usr/share/phpMyAdmin/setup/frames/> + <IfModule mod_authz_core.c> + # Apache 2.4 + Require all denied + </IfModule> + <IfModule !mod_authz_core.c> + # Apache 2.2 + Order Deny,Allow + Deny from All + Allow from None + </IfModule> +</Directory> + +# This configuration prevents mod_security at phpMyAdmin directories from +# filtering SQL etc. This may break your mod_security implementation. +# +#<IfModule mod_security.c> +# <Directory /usr/share/phpMyAdmin/> +# SecRuleInheritance Off +# </Directory> +#</IfModule> diff --git a/phpMyAdmin.spec b/phpMyAdmin.spec index 3b1c9d0..62df4c2 100644 --- a/phpMyAdmin.spec +++ b/phpMyAdmin.spec @@ -1,4 +1,5 @@ # remirepo spec file for phpMyAdmin +# remirepo:3 # # Copyright (c) 2008-2020 Remi Collet # @@ -27,7 +28,7 @@ Name: phpMyAdmin Version: %{upstream_version}%{?upstream_prever:~%{upstream_prever}} -Release: 1%{?dist} +Release: 2%{?dist} Summary: A web interface for MySQL and MariaDB # MIT (js/jquery/, js/jqplot, js/codemirror/, js/tracekit/) @@ -40,6 +41,8 @@ Source1: https://files.phpmyadmin.net/%{name}/%{upstream_version}%{?upstream_pre Source2: phpMyAdmin.htaccess Source3: phpMyAdmin.nginx Source4: https://files.phpmyadmin.net/phpmyadmin.keyring +# remirepo:1 +Source10: phpMyAdmin.htaccess22 # Redirect to system certificates Patch0: phpMyAdmin-certs.patch @@ -261,7 +264,14 @@ mkdir -p %{buildroot}/%{_datadir}/%{name} cp -ad ./* %{buildroot}/%{_datadir}/%{name} install -Dpm 0640 CONFIG %{buildroot}/%{_sysconfdir}/%{name}/config.inc.php # Apache +# remirepo:4 +%if 0%{?rhel} == 6 +# old config file with Apache 2.2/2.4 compatibility +install -Dpm 0644 %{SOURCE10} %{buildroot}/%{_sysconfdir}/httpd/conf.d/phpMyAdmin.conf +%else install -Dpm 0644 %{SOURCE2} %{buildroot}/%{_sysconfdir}/httpd/conf.d/phpMyAdmin.conf +# remirepo:1 +%endif # Nginx %if %{with_nginx} install -Dpm 0644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/nginx/default.d/phpMyAdmin.conf @@ -330,6 +340,9 @@ sed -e "/'blowfish_secret'/s/MUSTBECHANGEDONINSTALL/$SECRET/" \ %changelog +* Tue Mar 24 2020 Remi Collet <remi@remirepo.net> 5.0.2-2 +- cleanup httpd configuration + * Sat Mar 21 2020 Remi Collet <remi@remirepo.net> 5.0.2-1 - update to 5.0.2 (2020-03-21, security release) - use phpmyadmin/twig-i18n-extension instead of twig/extensions |