From cd30c3d2c877f5df411c0a6d3389385e5f028872 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Fri, 18 Jul 2014 07:49:24 +0200 Subject: phpMyAdmin: update to 4.2.6 (security) --- phpMyAdmin-phpseclib.patch | 56 ---------------------------------------------- phpMyAdmin.spec | 14 ++++++------ 2 files changed, 7 insertions(+), 63 deletions(-) delete mode 100644 phpMyAdmin-phpseclib.patch diff --git a/phpMyAdmin-phpseclib.patch b/phpMyAdmin-phpseclib.patch deleted file mode 100644 index 87f254a..0000000 --- a/phpMyAdmin-phpseclib.patch +++ /dev/null @@ -1,56 +0,0 @@ -From c6e76422c41e1c573c0c0163376a61d4556083b2 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= -Date: Thu, 12 Jun 2014 10:06:20 +0200 -Subject: [PATCH] Allow to use system phpseclib -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Michal Čihař ---- - doc/vendors.rst | 3 ++- - libraries/plugins/auth/AuthenticationCookie.class.php | 4 ++-- - libraries/vendor_config.php | 5 +++++ - 3 files changed, 9 insertions(+), 3 deletions(-) - -diff --git a/libraries/plugins/auth/AuthenticationCookie.class.php b/libraries/plugins/auth/AuthenticationCookie.class.php -index 9683b78..88bd852 100644 ---- a/libraries/plugins/auth/AuthenticationCookie.class.php -+++ b/libraries/plugins/auth/AuthenticationCookie.class.php -@@ -718,7 +718,7 @@ public function blowfishEncrypt($data, $secret) - * if/then/else logic, however the include_once - * call is costly - */ -- include_once "./libraries/phpseclib/Crypt/AES.php"; -+ include_once PHPSECLIB_INC_DIR . '/Crypt/AES.php'; - $cipher = new Crypt_AES(CRYPT_AES_MODE_ECB); - $cipher->setKey($secret); - return base64_encode($cipher->encrypt($data)); -@@ -750,7 +750,7 @@ public function blowfishDecrypt($encdata, $secret) - $this->_blowfish_iv = base64_decode($_COOKIE['pma_mcrypt_iv'], true); - } - if (! function_exists('mcrypt_encrypt')) { -- include_once "./libraries/phpseclib/Crypt/AES.php"; -+ include_once PHPSECLIB_INC_DIR . '/Crypt/AES.php'; - $cipher = new Crypt_AES(CRYPT_AES_MODE_ECB); - $cipher->setKey($secret); - return $cipher->decrypt(base64_decode($encdata)); -diff --git a/libraries/vendor_config.php b/libraries/vendor_config.php -index ea72b64..0ba36b0 100644 ---- a/libraries/vendor_config.php -+++ b/libraries/vendor_config.php -@@ -75,6 +75,11 @@ - define('TCPDF_INC', './libraries/tcpdf/tcpdf.php'); - - /** -+ * Path to the phpseclib. Useful when you want to use system phpseclib. -+ */ -+define('PHPSECLIB_INC_DIR', './libraries/phpseclib/'); -+ -+/** - * Avoid referring to nonexistent files (causes warnings when open_basedir - * is used) - */ --- -1.9.3 - diff --git a/phpMyAdmin.spec b/phpMyAdmin.spec index a192fee..31207c7 100644 --- a/phpMyAdmin.spec +++ b/phpMyAdmin.spec @@ -13,8 +13,8 @@ %{!?_pkgdocdir: %global _pkgdocdir %{_datadir}/doc/%{name}-%{version}} Name: phpMyAdmin -Version: 4.2.5 -Release: 2%{?dist} +Version: 4.2.6 +Release: 1%{?dist} Summary: Web based MySQL browser written in php Group: Applications/Internet @@ -23,8 +23,6 @@ URL: http://www.phpmyadmin.net/ Source0: http://downloads.sourceforge.net/sourceforge/phpmyadmin/%{name}-%{version}%{?prever:-%prever}-all-languages.tar.bz2 Source2: phpMyAdmin.htaccess -Patch0: %{name}-phpseclib.patch - BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildArch: noarch BuildRequires: unzip @@ -44,6 +42,7 @@ Requires: php-iconv Requires: php-json Requires: php-libxml Requires: php-mbstring +Requires: php-mcrypt Requires: php-mysqli Requires: php-openssl Requires: php-pcre @@ -76,8 +75,6 @@ is available in 50 languages %prep %setup -qn phpMyAdmin-%{version}%{?prever:-%prever}-all-languages -%patch0 -p1 - # Minimal configuration file sed -e "/'extension'/s@'mysql'@'mysqli'@" \ -e "/'blowfish_secret'/s@''@'MUSTBECHANGEDONINSTALL'@" \ @@ -170,10 +167,13 @@ sed -i -e "/'blowfish_secret'/s/MUSTBECHANGEDONINSTALL/$RANDOM$RANDOM$RANDOM$RAN %changelog +* Fri Jul 18 2014 Remi Collet 4.2.6-1 +- update to 4.2.6 (Thu, 17 Jul 2014, security) +- fix for PMASA-2014-4 to PMASA-2014-7 + * Tue Jul 8 2014 Remi Collet 4.2.5-2 - apply upstream patch to use system phpseclib - add dependency on php-phpseclib-crypt-aes -- drop dependency on php-mcrypt * Thu Jun 26 2014 Remi Collet 4.2.5-1 - update to 4.2.5 (Thu, 26 Jun 2014, bugfix) -- cgit