rpms/phpMyAdmin/F-7 phpMyAdmin-2.11.3-CVE-2007-0095.patch, NONE, 1.1 .cvsignore, 1.7, 1.8 phpMyAdmin.htaccess, 1.2, 1.3 phpMyAdmin.spec, 1.15, 1.16 sources, 1.12, 1.13
Robert Scheck (robert)
fedora-extras-commits at redhat.com
Sun Dec 9 15:48:09 UTC 2007
- Previous message: rpms/phpMyAdmin/EL-5 phpMyAdmin-2.11.3-CVE-2007-0095.patch, NONE, 1.1 .cvsignore, 1.8, 1.9 phpMyAdmin.htaccess, 1.2, 1.3 phpMyAdmin.spec, 1.15, 1.16 sources, 1.12, 1.13
- Next message: rpms/phpMyAdmin/F-8 phpMyAdmin-2.11.3-CVE-2007-0095.patch, NONE, 1.1 .cvsignore, 1.9, 1.10 phpMyAdmin.htaccess, 1.2, 1.3 phpMyAdmin.spec, 1.15, 1.16 sources, 1.12, 1.13
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: robert
Update of /cvs/pkgs/rpms/phpMyAdmin/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21491/F-7
Modified Files:
.cvsignore phpMyAdmin.htaccess phpMyAdmin.spec sources
Added Files:
phpMyAdmin-2.11.3-CVE-2007-0095.patch
Log Message:
- Upstream released 2.11.3
- Removed the RPM scriptlets doing httpd restarts (#227025)
- Patched an information disclosure known as CVE-2007-0095 (#221694)
- Provide virtual phpmyadmin package and a httpd alias (#231431)
phpMyAdmin-2.11.3-CVE-2007-0095.patch:
--- NEW FILE phpMyAdmin-2.11.3-CVE-2007-0095.patch ---
Possible fix for CVE-2007-0095 in phpMyAdmin proposed by Robert Scheck <robert at fedoraproject.org>.
See the following links for further information:
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0095
- https://bugzilla.redhat.com/show_bug.cgi?id=221694
--- phpMyAdmin/themes/darkblue_orange/layout.inc.php 2007-10-16 00:08:43.000000000 +0200
+++ phpMyAdmin/themes/darkblue_orange/layout.inc.php.rsc 2007-12-09 15:02:23.000000000 +0100
@@ -72,7 +72,10 @@
// border
$GLOBALS['cfg']['Border'] = 0;
// table header and footer color
-$GLOBALS['cfg']['ThBackground'] = '#ff9900 url(' . $_SESSION['PMA_Theme']->getImgPath() . 'tbl_th.png) repeat-x top';
+if(isset($_SESSION['PMA_Theme']))
+ $GLOBALS['cfg']['ThBackground'] = '#ff9900 url(' . $_SESSION['PMA_Theme']->getImgPath() . 'tbl_th.png) repeat-x top';
+else
+ $GLOBALS['cfg']['ThBackground'] = '#ff9900';
// table header and footer background
$GLOBALS['cfg']['ThColor'] = '#000000';
// table data row background
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/phpMyAdmin/F-7/.cvsignore,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- .cvsignore 21 Nov 2007 20:32:11 -0000 1.7
+++ .cvsignore 9 Dec 2007 15:47:30 -0000 1.8
@@ -1,3 +1 @@
-phpMyAdmin-2.11.2.2-all-languages.tar.bz2
-phpMyAdmin-config.inc.php
-phpMyAdmin.htaccess
+phpMyAdmin-2.11.3-all-languages.tar.bz2
Index: phpMyAdmin.htaccess
===================================================================
RCS file: /cvs/pkgs/rpms/phpMyAdmin/F-7/phpMyAdmin.htaccess,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- phpMyAdmin.htaccess 6 Sep 2007 16:33:27 -0000 1.2
+++ phpMyAdmin.htaccess 9 Dec 2007 15:47:30 -0000 1.3
@@ -6,6 +6,7 @@
# dangerous unless properly secured by SSL
Alias /phpMyAdmin /usr/share/phpMyAdmin
+Alias /phpmyadmin /usr/share/phpMyAdmin
<Directory /usr/share/phpMyAdmin/>
order deny,allow
deny from all
Index: phpMyAdmin.spec
===================================================================
RCS file: /cvs/pkgs/rpms/phpMyAdmin/F-7/phpMyAdmin.spec,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- phpMyAdmin.spec 21 Nov 2007 20:32:11 -0000 1.15
+++ phpMyAdmin.spec 9 Dec 2007 15:47:30 -0000 1.16
@@ -1,5 +1,5 @@
Name: phpMyAdmin
-Version: 2.11.2.2
+Version: 2.11.3
Release: 1%{?dist}
Summary: Web based MySQL browser written in php
@@ -9,6 +9,7 @@
Source0: http://downloads.sourceforge.net/sourceforge/%{name}/%{name}-%{version}-all-languages.tar.bz2
Source1: phpMyAdmin-config.inc.php
Source2: phpMyAdmin.htaccess
+Patch0: phpMyAdmin-2.11.3-CVE-2007-0095.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
@@ -16,8 +17,7 @@
Requires: php >= 4.1.0
Requires: php-mysql >= 4.1.0
Requires: php-mbstring >= 4.1.0
-Requires(postun): /sbin/service
-Requires(post): /sbin/service
+Provides: phpmyadmin
%description
phpMyAdmin is a tool written in PHP intended to handle the administration of
@@ -28,6 +28,7 @@
%prep
%setup -qn phpMyAdmin-%{version}-all-languages
+%patch0 -p1
%install
rm -rf %{buildroot}
@@ -47,12 +48,6 @@
%clean
rm -rf %{buildroot}
-%post
-/sbin/service httpd condrestart > /dev/null 2>&1 || :
-
-%postun
-/sbin/service httpd condrestart > /dev/null 2>&1 || :
-
%files
%defattr(-,root,root,-)
%doc INSTALL README LICENSE CREDITS TODO Documentation.txt
@@ -61,6 +56,12 @@
%config(noreplace) %{_sysconfdir}/%{name}
%changelog
+* Sun Dec 09 2007 Robert Scheck <robert at fedoraproject.org> 2.11.2.2-1
+- Upstream released 2.11.3
+- Removed the RPM scriptlets doing httpd restarts (#227025)
+- Patched an information disclosure known as CVE-2007-0095 (#221694)
+- Provide virtual phpmyadmin package and a httpd alias (#231431)
+
* Wed Nov 21 2007 Robert Scheck <robert at fedoraproject.org> 2.11.2.2-1
- Upstream released 2.11.2.2 (#393771)
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/phpMyAdmin/F-7/sources,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- sources 21 Nov 2007 20:32:11 -0000 1.12
+++ sources 9 Dec 2007 15:47:30 -0000 1.13
@@ -1,3 +1 @@
-9d141b024845d6cc1e6dd1f0621126ac phpMyAdmin-2.11.2.2-all-languages.tar.bz2
-f6b36adb7655fe9fac6c6f6a7737dd6d phpMyAdmin-config.inc.php
-8aea0ce7582fd263c838bf619d58d5b9 phpMyAdmin.htaccess
+fb3f8e5d1023b571ba44c574578538b8 phpMyAdmin-2.11.3-all-languages.tar.bz2
- Previous message: rpms/phpMyAdmin/EL-5 phpMyAdmin-2.11.3-CVE-2007-0095.patch, NONE, 1.1 .cvsignore, 1.8, 1.9 phpMyAdmin.htaccess, 1.2, 1.3 phpMyAdmin.spec, 1.15, 1.16 sources, 1.12, 1.13
- Next message: rpms/phpMyAdmin/F-8 phpMyAdmin-2.11.3-CVE-2007-0095.patch, NONE, 1.1 .cvsignore, 1.9, 1.10 phpMyAdmin.htaccess, 1.2, 1.3 phpMyAdmin.spec, 1.15, 1.16 sources, 1.12, 1.13
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list