rpms/phpMyAdmin/F-12 phpMyAdmin-3.2.4-blowfish.patch, NONE, 1.1 .cvsignore, 1.44, 1.45 phpMyAdmin-config.inc.php, 1.1, 1.2 phpMyAdmin.spec, 1.50, 1.51 sources, 1.44, 1.45
Robert Scheck
robert at fedoraproject.org
Thu Dec 3 22:10:01 UTC 2009
- Previous message (by thread): rpms/phpMyAdmin/F-11 phpMyAdmin-3.2.4-blowfish.patch, NONE, 1.1 .cvsignore, 1.44, 1.45 phpMyAdmin-config.inc.php, 1.1, 1.2 phpMyAdmin.spec, 1.49, 1.50 sources, 1.44, 1.45
- Next message (by thread): rpms/phpMyAdmin/devel phpMyAdmin-3.2.4-blowfish.patch, NONE, 1.1 .cvsignore, 1.44, 1.45 phpMyAdmin-config.inc.php, 1.1, 1.2 phpMyAdmin.spec, 1.50, 1.51 sources, 1.44, 1.45
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: robert
Update of /cvs/pkgs/rpms/phpMyAdmin/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv6229/F-12
Modified Files:
.cvsignore phpMyAdmin-config.inc.php phpMyAdmin.spec sources
Added Files:
phpMyAdmin-3.2.4-blowfish.patch
Log Message:
Upstream released 3.2.4 (#540871, #540891)
phpMyAdmin-3.2.4-blowfish.patch:
Documentation.html | 4 ++--
libraries/auth/cookie.auth.lib.php | 4 +++-
2 files changed, 5 insertions(+), 3 deletions(-)
--- NEW FILE phpMyAdmin-3.2.4-blowfish.patch ---
Backport from upstream http://sourceforge.net/tracker/?func=detail&atid=377408&aid=2905629&group_id=23067,
will be included with phpMyAdmin 3.2.5.
--- phpMyAdmin-3.2.4-all-languages/Documentation.html 2009/11/23 17:45:37 13121
+++ phpMyAdmin-3.2.4-all-languages/Documentation.html.blowfish 2009/11/29 21:36:13 13139
@@ -626,8 +626,8 @@
algorithm to encrypt the password.<br />
If you are using the "cookie" auth_type, enter here a random
passphrase of your choice. It will be used internally by the blowfish
- algorithm: you won’t be prompted for this passphrase. The maximum
- number of characters for this parameter seems to be 46.<br /><br />
+ algorithm: you won’t be prompted for this passphrase. There is
+ no maximum length for this secret.<br /><br />
Since version 3.1.0 phpMyAdmin can generate this on the fly, but it
makes a bit weaker security as this generated secret is stored in
--- phpMyAdmin-3.2.4-all-languages/libraries/auth/cookie.auth.lib.php 2009/05/18 14:20:25 12438
+++ phpMyAdmin-3.2.4-all-languages/libraries/auth/cookie.auth.lib.php.blowfish 2009/11/29 21:36:13 13139
@@ -95,11 +95,13 @@
function PMA_get_blowfish_secret() {
if (empty($GLOBALS['cfg']['blowfish_secret'])) {
if (empty($_SESSION['auto_blowfish_secret'])) {
+ // this returns 23 characters
$_SESSION['auto_blowfish_secret'] = uniqid('', true);
}
return $_SESSION['auto_blowfish_secret'];
} else {
- return $GLOBALS['cfg']['blowfish_secret'];
+ // apply md5() to work around too long secrets (returns 32 characters)
+ return md5($GLOBALS['cfg']['blowfish_secret']);
}
}
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/phpMyAdmin/F-12/.cvsignore,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -p -r1.44 -r1.45
--- .cvsignore 5 Nov 2009 20:04:14 -0000 1.44
+++ .cvsignore 3 Dec 2009 22:10:00 -0000 1.45
@@ -1 +1 @@
-phpMyAdmin-3.2.3-all-languages.tar.bz2
+phpMyAdmin-3.2.4-all-languages.tar.bz2
Index: phpMyAdmin-config.inc.php
===================================================================
RCS file: /cvs/pkgs/rpms/phpMyAdmin/F-12/phpMyAdmin-config.inc.php,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- phpMyAdmin-config.inc.php 10 Nov 2006 16:15:50 -0000 1.1
+++ phpMyAdmin-config.inc.php 3 Dec 2009 22:10:00 -0000 1.2
@@ -1,5 +1,11 @@
<?php
+/*
+ * This is needed for cookie based authentication to encrypt password in
+ * cookie
+ */
+$cfg['blowfish_secret'] = ''; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
+
/**
* Server(s) configuration
*/
@@ -24,8 +30,8 @@ $cfg['Servers'][$i]['controlpass'] = '
// The controluser is also
// used for all relational
// features (pmadb)
-$cfg['Servers'][$i]['auth_type'] = 'http'; // Authentication method (config, http or cookie based)?
-$cfg['Servers'][$i]['user'] = ''; // MySQL user
+$cfg['Servers'][$i]['auth_type'] = 'http'; // Authentication method (config, http or cookie based)?
+$cfg['Servers'][$i]['user'] = ''; // MySQL user
$cfg['Servers'][$i]['password'] = ''; // MySQL password (only needed
// with 'config' auth_type)
$cfg['Servers'][$i]['only_db'] = ''; // If set to a db-name, only
Index: phpMyAdmin.spec
===================================================================
RCS file: /cvs/pkgs/rpms/phpMyAdmin/F-12/phpMyAdmin.spec,v
retrieving revision 1.50
retrieving revision 1.51
diff -u -p -r1.50 -r1.51
--- phpMyAdmin.spec 5 Nov 2009 20:04:14 -0000 1.50
+++ phpMyAdmin.spec 3 Dec 2009 22:10:00 -0000 1.51
@@ -1,5 +1,5 @@
Name: phpMyAdmin
-Version: 3.2.3
+Version: 3.2.4
Release: 1%{?dist}
Summary: Web based MySQL browser written in php
@@ -9,6 +9,7 @@ URL: http://www.phpmyadmin.net/
Source0: http://downloads.sourceforge.net/sourceforge/%{name}/%{name}-%{version}-all-languages.tar.bz2
Source1: phpMyAdmin-config.inc.php
Source2: phpMyAdmin.htaccess
+Patch0: phpMyAdmin-3.2.4-blowfish.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
@@ -28,6 +29,7 @@ is available in 50 languages
%prep
%setup -qn phpMyAdmin-%{version}-all-languages
+%patch0 -p1
%install
rm -rf %{buildroot}
@@ -55,6 +57,9 @@ rm -rf %{buildroot}
%config(noreplace) %{_sysconfdir}/%{name}
%changelog
+* Thu Dec 03 2009 Robert Scheck <robert at fedoraproject.org> 3.2.4-1
+- Upstream released 3.2.4 (#540871, #540891)
+
* Thu Nov 05 2009 Robert Scheck <robert at fedoraproject.org> 3.2.3-1
- Upstream released 3.2.3
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/phpMyAdmin/F-12/sources,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -p -r1.44 -r1.45
--- sources 5 Nov 2009 20:04:14 -0000 1.44
+++ sources 3 Dec 2009 22:10:00 -0000 1.45
@@ -1 +1 @@
-69fc1d7118f16ccd7ea6f7b330723684 phpMyAdmin-3.2.3-all-languages.tar.bz2
+b927655abd701d8e35079f9e5ec24ee2 phpMyAdmin-3.2.4-all-languages.tar.bz2
- Previous message (by thread): rpms/phpMyAdmin/F-11 phpMyAdmin-3.2.4-blowfish.patch, NONE, 1.1 .cvsignore, 1.44, 1.45 phpMyAdmin-config.inc.php, 1.1, 1.2 phpMyAdmin.spec, 1.49, 1.50 sources, 1.44, 1.45
- Next message (by thread): rpms/phpMyAdmin/devel phpMyAdmin-3.2.4-blowfish.patch, NONE, 1.1 .cvsignore, 1.44, 1.45 phpMyAdmin-config.inc.php, 1.1, 1.2 phpMyAdmin.spec, 1.50, 1.51 sources, 1.44, 1.45
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list