From cd30c3d2c877f5df411c0a6d3389385e5f028872 Mon Sep 17 00:00:00 2001
From: Remi Collet <fedora@famillecollet.com>
Date: Fri, 18 Jul 2014 07:49:24 +0200
Subject: phpMyAdmin: update to 4.2.6 (security)

---
 phpMyAdmin-phpseclib.patch | 56 ----------------------------------------------
 phpMyAdmin.spec            | 14 ++++++------
 2 files changed, 7 insertions(+), 63 deletions(-)
 delete mode 100644 phpMyAdmin-phpseclib.patch

diff --git a/phpMyAdmin-phpseclib.patch b/phpMyAdmin-phpseclib.patch
deleted file mode 100644
index 87f254a..0000000
--- a/phpMyAdmin-phpseclib.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From c6e76422c41e1c573c0c0163376a61d4556083b2 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= <michal@cihar.com>
-Date: Thu, 12 Jun 2014 10:06:20 +0200
-Subject: [PATCH] Allow to use system phpseclib
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Signed-off-by: Michal Čihař <michal@cihar.com>
----
- doc/vendors.rst                                       | 3 ++-
- libraries/plugins/auth/AuthenticationCookie.class.php | 4 ++--
- libraries/vendor_config.php                           | 5 +++++
- 3 files changed, 9 insertions(+), 3 deletions(-)
-
-diff --git a/libraries/plugins/auth/AuthenticationCookie.class.php b/libraries/plugins/auth/AuthenticationCookie.class.php
-index 9683b78..88bd852 100644
---- a/libraries/plugins/auth/AuthenticationCookie.class.php
-+++ b/libraries/plugins/auth/AuthenticationCookie.class.php
-@@ -718,7 +718,7 @@ public function blowfishEncrypt($data, $secret)
-              * if/then/else logic, however the include_once
-              * call is costly
-              */
--            include_once "./libraries/phpseclib/Crypt/AES.php";
-+            include_once PHPSECLIB_INC_DIR . '/Crypt/AES.php';
-             $cipher = new Crypt_AES(CRYPT_AES_MODE_ECB);
-             $cipher->setKey($secret);
-             return base64_encode($cipher->encrypt($data));
-@@ -750,7 +750,7 @@ public function blowfishDecrypt($encdata, $secret)
-             $this->_blowfish_iv = base64_decode($_COOKIE['pma_mcrypt_iv'], true);
-         }
-         if (! function_exists('mcrypt_encrypt')) {
--            include_once "./libraries/phpseclib/Crypt/AES.php";
-+            include_once PHPSECLIB_INC_DIR . '/Crypt/AES.php';
-             $cipher = new Crypt_AES(CRYPT_AES_MODE_ECB);
-             $cipher->setKey($secret);
-             return $cipher->decrypt(base64_decode($encdata));
-diff --git a/libraries/vendor_config.php b/libraries/vendor_config.php
-index ea72b64..0ba36b0 100644
---- a/libraries/vendor_config.php
-+++ b/libraries/vendor_config.php
-@@ -75,6 +75,11 @@
- define('TCPDF_INC', './libraries/tcpdf/tcpdf.php');
- 
- /**
-+ * Path to the phpseclib. Useful when you want to use system phpseclib.
-+ */
-+define('PHPSECLIB_INC_DIR', './libraries/phpseclib/');
-+
-+/**
-  * Avoid referring to nonexistent files (causes warnings when open_basedir
-  * is used)
-  */
--- 
-1.9.3
-
diff --git a/phpMyAdmin.spec b/phpMyAdmin.spec
index a192fee..31207c7 100644
--- a/phpMyAdmin.spec
+++ b/phpMyAdmin.spec
@@ -13,8 +13,8 @@
 %{!?_pkgdocdir: %global _pkgdocdir %{_datadir}/doc/%{name}-%{version}}
 
 Name: phpMyAdmin
-Version: 4.2.5
-Release: 2%{?dist}
+Version: 4.2.6
+Release: 1%{?dist}
 Summary: Web based MySQL browser written in php
 
 Group: Applications/Internet
@@ -23,8 +23,6 @@ URL: http://www.phpmyadmin.net/
 Source0: http://downloads.sourceforge.net/sourceforge/phpmyadmin/%{name}-%{version}%{?prever:-%prever}-all-languages.tar.bz2
 Source2: phpMyAdmin.htaccess
 
-Patch0:    %{name}-phpseclib.patch
-
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildArch: noarch
 BuildRequires: unzip
@@ -44,6 +42,7 @@ Requires:  php-iconv
 Requires:  php-json
 Requires:  php-libxml
 Requires:  php-mbstring
+Requires:  php-mcrypt
 Requires:  php-mysqli
 Requires:  php-openssl
 Requires:  php-pcre
@@ -76,8 +75,6 @@ is available in 50 languages
 %prep
 %setup -qn phpMyAdmin-%{version}%{?prever:-%prever}-all-languages
 
-%patch0 -p1
-
 # Minimal configuration file
 sed -e "/'extension'/s@'mysql'@'mysqli'@"  \
     -e "/'blowfish_secret'/s@''@'MUSTBECHANGEDONINSTALL'@"  \
@@ -170,10 +167,13 @@ sed -i -e "/'blowfish_secret'/s/MUSTBECHANGEDONINSTALL/$RANDOM$RANDOM$RANDOM$RAN
 
 
 %changelog
+* Fri Jul 18 2014 Remi Collet <rpms@famillecollet.com> 4.2.6-1
+- update to 4.2.6 (Thu, 17 Jul 2014, security)
+- fix for PMASA-2014-4 to PMASA-2014-7
+
 * Tue Jul  8 2014 Remi Collet <rpms@famillecollet.com> 4.2.5-2
 - apply upstream patch to use system phpseclib
 - add dependency on php-phpseclib-crypt-aes
-- drop dependency on php-mcrypt
 
 * Thu Jun 26 2014 Remi Collet <rpms@famillecollet.com> 4.2.5-1
 - update to 4.2.5 (Thu, 26 Jun 2014, bugfix)
-- 
cgit