diff options
author | Remi Collet <fedora@famillecollet.com> | 2014-07-18 07:49:24 +0200 |
---|---|---|
committer | Remi Collet <fedora@famillecollet.com> | 2014-07-18 07:49:24 +0200 |
commit | cd30c3d2c877f5df411c0a6d3389385e5f028872 (patch) | |
tree | 80b8c2923aa595ce785871eb45d86ffe3c51267d | |
parent | 1ffa7cc9538c44781efcce1bdd777f507c40cb12 (diff) |
phpMyAdmin: update to 4.2.6 (security)
-rw-r--r-- | phpMyAdmin-phpseclib.patch | 56 | ||||
-rw-r--r-- | phpMyAdmin.spec | 14 |
2 files changed, 7 insertions, 63 deletions
diff --git a/phpMyAdmin-phpseclib.patch b/phpMyAdmin-phpseclib.patch deleted file mode 100644 index 87f254a..0000000 --- a/phpMyAdmin-phpseclib.patch +++ /dev/null @@ -1,56 +0,0 @@ -From c6e76422c41e1c573c0c0163376a61d4556083b2 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= <michal@cihar.com> -Date: Thu, 12 Jun 2014 10:06:20 +0200 -Subject: [PATCH] Allow to use system phpseclib -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Michal Čihař <michal@cihar.com> ---- - doc/vendors.rst | 3 ++- - libraries/plugins/auth/AuthenticationCookie.class.php | 4 ++-- - libraries/vendor_config.php | 5 +++++ - 3 files changed, 9 insertions(+), 3 deletions(-) - -diff --git a/libraries/plugins/auth/AuthenticationCookie.class.php b/libraries/plugins/auth/AuthenticationCookie.class.php -index 9683b78..88bd852 100644 ---- a/libraries/plugins/auth/AuthenticationCookie.class.php -+++ b/libraries/plugins/auth/AuthenticationCookie.class.php -@@ -718,7 +718,7 @@ public function blowfishEncrypt($data, $secret) - * if/then/else logic, however the include_once - * call is costly - */ -- include_once "./libraries/phpseclib/Crypt/AES.php"; -+ include_once PHPSECLIB_INC_DIR . '/Crypt/AES.php'; - $cipher = new Crypt_AES(CRYPT_AES_MODE_ECB); - $cipher->setKey($secret); - return base64_encode($cipher->encrypt($data)); -@@ -750,7 +750,7 @@ public function blowfishDecrypt($encdata, $secret) - $this->_blowfish_iv = base64_decode($_COOKIE['pma_mcrypt_iv'], true); - } - if (! function_exists('mcrypt_encrypt')) { -- include_once "./libraries/phpseclib/Crypt/AES.php"; -+ include_once PHPSECLIB_INC_DIR . '/Crypt/AES.php'; - $cipher = new Crypt_AES(CRYPT_AES_MODE_ECB); - $cipher->setKey($secret); - return $cipher->decrypt(base64_decode($encdata)); -diff --git a/libraries/vendor_config.php b/libraries/vendor_config.php -index ea72b64..0ba36b0 100644 ---- a/libraries/vendor_config.php -+++ b/libraries/vendor_config.php -@@ -75,6 +75,11 @@ - define('TCPDF_INC', './libraries/tcpdf/tcpdf.php'); - - /** -+ * Path to the phpseclib. Useful when you want to use system phpseclib. -+ */ -+define('PHPSECLIB_INC_DIR', './libraries/phpseclib/'); -+ -+/** - * Avoid referring to nonexistent files (causes warnings when open_basedir - * is used) - */ --- -1.9.3 - diff --git a/phpMyAdmin.spec b/phpMyAdmin.spec index a192fee..31207c7 100644 --- a/phpMyAdmin.spec +++ b/phpMyAdmin.spec @@ -13,8 +13,8 @@ %{!?_pkgdocdir: %global _pkgdocdir %{_datadir}/doc/%{name}-%{version}} Name: phpMyAdmin -Version: 4.2.5 -Release: 2%{?dist} +Version: 4.2.6 +Release: 1%{?dist} Summary: Web based MySQL browser written in php Group: Applications/Internet @@ -23,8 +23,6 @@ URL: http://www.phpmyadmin.net/ Source0: http://downloads.sourceforge.net/sourceforge/phpmyadmin/%{name}-%{version}%{?prever:-%prever}-all-languages.tar.bz2 Source2: phpMyAdmin.htaccess -Patch0: %{name}-phpseclib.patch - BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildArch: noarch BuildRequires: unzip @@ -44,6 +42,7 @@ Requires: php-iconv Requires: php-json Requires: php-libxml Requires: php-mbstring +Requires: php-mcrypt Requires: php-mysqli Requires: php-openssl Requires: php-pcre @@ -76,8 +75,6 @@ is available in 50 languages %prep %setup -qn phpMyAdmin-%{version}%{?prever:-%prever}-all-languages -%patch0 -p1 - # Minimal configuration file sed -e "/'extension'/s@'mysql'@'mysqli'@" \ -e "/'blowfish_secret'/s@''@'MUSTBECHANGEDONINSTALL'@" \ @@ -170,10 +167,13 @@ sed -i -e "/'blowfish_secret'/s/MUSTBECHANGEDONINSTALL/$RANDOM$RANDOM$RANDOM$RAN %changelog +* Fri Jul 18 2014 Remi Collet <rpms@famillecollet.com> 4.2.6-1 +- update to 4.2.6 (Thu, 17 Jul 2014, security) +- fix for PMASA-2014-4 to PMASA-2014-7 + * Tue Jul 8 2014 Remi Collet <rpms@famillecollet.com> 4.2.5-2 - apply upstream patch to use system phpseclib - add dependency on php-phpseclib-crypt-aes -- drop dependency on php-mcrypt * Thu Jun 26 2014 Remi Collet <rpms@famillecollet.com> 4.2.5-1 - update to 4.2.5 (Thu, 26 Jun 2014, bugfix) |