rpms/phpMyAdmin/F-12 phpMyAdmin-3.2.4-blowfish.patch, NONE, 1.1 .cvsignore, 1.44, 1.45 phpMyAdmin-config.inc.php, 1.1, 1.2 phpMyAdmin.spec, 1.50, 1.51 sources, 1.44, 1.45

Thu Dec 3 22:10:01 UTC 2009

Author: robert

Update of /cvs/pkgs/rpms/phpMyAdmin/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv6229/F-12

Modified Files:
	.cvsignore phpMyAdmin-config.inc.php phpMyAdmin.spec sources 
Added Files:
	phpMyAdmin-3.2.4-blowfish.patch 
Log Message:
Upstream released 3.2.4 (#540871, #540891)


phpMyAdmin-3.2.4-blowfish.patch:
 Documentation.html                 |    4 ++--
 libraries/auth/cookie.auth.lib.php |    4 +++-
 2 files changed, 5 insertions(+), 3 deletions(-)

--- NEW FILE phpMyAdmin-3.2.4-blowfish.patch ---
Backport from upstream http://sourceforge.net/tracker/?func=detail&atid=377408&aid=2905629&group_id=23067,
will be included with phpMyAdmin 3.2.5.

--- phpMyAdmin-3.2.4-all-languages/Documentation.html				2009/11/23 17:45:37	13121
+++ phpMyAdmin-3.2.4-all-languages/Documentation.html.blowfish			2009/11/29 21:36:13	13139
@@ -626,8 +626,8 @@
         algorithm to encrypt the password.<br />
         If you are using the "cookie" auth_type, enter here a random
         passphrase of your choice. It will be used internally by the blowfish
-        algorithm: you won’t be prompted for this passphrase. The maximum
-        number of characters for this parameter seems to be 46.<br /><br />
+        algorithm: you won’t be prompted for this passphrase. There is
+        no maximum length for this secret.<br /><br />
         
         Since version 3.1.0 phpMyAdmin can generate this on the fly, but it
         makes a bit weaker security as this generated secret is stored in
--- phpMyAdmin-3.2.4-all-languages/libraries/auth/cookie.auth.lib.php		2009/05/18 14:20:25	12438
+++ phpMyAdmin-3.2.4-all-languages/libraries/auth/cookie.auth.lib.php.blowfish	2009/11/29 21:36:13	13139
@@ -95,11 +95,13 @@
 function PMA_get_blowfish_secret() {
     if (empty($GLOBALS['cfg']['blowfish_secret'])) {
         if (empty($_SESSION['auto_blowfish_secret'])) {
+            // this returns 23 characters 
             $_SESSION['auto_blowfish_secret'] = uniqid('', true);
         }
         return $_SESSION['auto_blowfish_secret'];
     } else {
-        return $GLOBALS['cfg']['blowfish_secret'];
+        // apply md5() to work around too long secrets (returns 32 characters)
+        return md5($GLOBALS['cfg']['blowfish_secret']);
     }
 }
 


Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/phpMyAdmin/F-12/.cvsignore,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -p -r1.44 -r1.45
--- .cvsignore	5 Nov 2009 20:04:14 -0000	1.44
+++ .cvsignore	3 Dec 2009 22:10:00 -0000	1.45
@@ -1 +1 @@
-phpMyAdmin-3.2.3-all-languages.tar.bz2
+phpMyAdmin-3.2.4-all-languages.tar.bz2


Index: phpMyAdmin-config.inc.php
===================================================================
RCS file: /cvs/pkgs/rpms/phpMyAdmin/F-12/phpMyAdmin-config.inc.php,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- phpMyAdmin-config.inc.php	10 Nov 2006 16:15:50 -0000	1.1
+++ phpMyAdmin-config.inc.php	3 Dec 2009 22:10:00 -0000	1.2
@@ -1,5 +1,11 @@
 <?php
 
+/*
+ * This is needed for cookie based authentication to encrypt password in
+ * cookie
+ */
+$cfg['blowfish_secret'] = ''; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
+
 /**
  * Server(s) configuration
  */
@@ -24,8 +30,8 @@ $cfg['Servers'][$i]['controlpass']   = '
                                                     // The controluser is also
                                                     // used for all relational
                                                     // features (pmadb)
-$cfg['Servers'][$i]['auth_type']     = 'http';    // Authentication method (config, http or cookie based)?
-$cfg['Servers'][$i]['user']          = '';      // MySQL user
+$cfg['Servers'][$i]['auth_type']     = 'http';      // Authentication method (config, http or cookie based)?
+$cfg['Servers'][$i]['user']          = '';          // MySQL user
 $cfg['Servers'][$i]['password']      = '';          // MySQL password (only needed
                                                     // with 'config' auth_type)
 $cfg['Servers'][$i]['only_db']       = '';          // If set to a db-name, only


Index: phpMyAdmin.spec
===================================================================
RCS file: /cvs/pkgs/rpms/phpMyAdmin/F-12/phpMyAdmin.spec,v
retrieving revision 1.50
retrieving revision 1.51
diff -u -p -r1.50 -r1.51
--- phpMyAdmin.spec	5 Nov 2009 20:04:14 -0000	1.50
+++ phpMyAdmin.spec	3 Dec 2009 22:10:00 -0000	1.51
@@ -1,5 +1,5 @@
 Name: phpMyAdmin
-Version: 3.2.3
+Version: 3.2.4
 Release: 1%{?dist}
 Summary: Web based MySQL browser written in php
 
@@ -9,6 +9,7 @@ URL: http://www.phpmyadmin.net/	
 Source0: http://downloads.sourceforge.net/sourceforge/%{name}/%{name}-%{version}-all-languages.tar.bz2
 Source1: phpMyAdmin-config.inc.php
 Source2: phpMyAdmin.htaccess
+Patch0: phpMyAdmin-3.2.4-blowfish.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildArch: noarch
 
@@ -28,6 +29,7 @@ is available in 50 languages
 
 %prep
 %setup -qn phpMyAdmin-%{version}-all-languages
+%patch0 -p1
 
 %install
 rm -rf %{buildroot}
@@ -55,6 +57,9 @@ rm -rf %{buildroot}
 %config(noreplace) %{_sysconfdir}/%{name}
 
 %changelog
+* Thu Dec 03 2009 Robert Scheck <robert at fedoraproject.org> 3.2.4-1
+- Upstream released 3.2.4 (#540871, #540891)
+
 * Thu Nov 05 2009 Robert Scheck <robert at fedoraproject.org> 3.2.3-1
 - Upstream released 3.2.3
 


Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/phpMyAdmin/F-12/sources,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -p -r1.44 -r1.45
--- sources	5 Nov 2009 20:04:14 -0000	1.44
+++ sources	3 Dec 2009 22:10:00 -0000	1.45
@@ -1 +1 @@
-69fc1d7118f16ccd7ea6f7b330723684  phpMyAdmin-3.2.3-all-languages.tar.bz2
+b927655abd701d8e35079f9e5ec24ee2  phpMyAdmin-3.2.4-all-languages.tar.bz2


