Accepting request 444325 from server:php:applications

update to 4.6.5.2 (forwarded request 444324 from computersalat) OBS-URL: https://build.opensuse.org/request/show/444325 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/phpMyAdmin?expand=0&rev=131
2016-12-09 08:38:16 +00:00 · 2016-12-09 08:38:16 +00:00 · 03ac75b1d3
commit 03ac75b1d3
parent 2c26304c93 c828aae0c4
7 changed files with 97 additions and 63 deletions
--- a/phpMyAdmin-4.6.5.1-all-languages.tar.xz
+++ b/phpMyAdmin-4.6.5.1-all-languages.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:e163b08b6d1137fd7c48ea97e8e53be415b1937f5e5f7e070936a60c3b9a3df0
 size 6162164
--- a/phpMyAdmin-4.6.5.1-all-languages.tar.xz.asc
+++ b/phpMyAdmin-4.6.5.1-all-languages.tar.xz.asc
@ -1,17 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 iQIcBAABAgAGBQJYORL3AAoJEM51LxeCWb2S1rcP/2W4WneBz0wkp2WwKgx53gnP
 qUwKdq57b2gAa04RSDXFrRpx4cpCCPMzob0SMNhWXJU20Dp52+9tOh1DdCsFExsi
 CGA8X99anFsBfDM0NFQTSSBqwdvEFx+rfcXr535KeKwzgdzJe252pLi/HTz5RcWp
 pgDh5zScU2+PuwKFFQ5bE1fWs1mbCroJNjDmMWH7M1bbglWrP48esObV6MgtvnSJ
 cgL60mJrN4trAgf2cmbr46G+juhkhG+rBz5u4YhWlLHd6W++pYkTd27KU0FAPWES
 8XGjN+5E7ne/QDfaamPasCGB7NuQ2phj/XtrZrmZxgMXCL3oYE68ADPBF/7a1sRv
 J3K9SsazhQ3d3h6LCpZkz9p4z6pChBntbPgufVm5DqCW37kq/wYVq0AwzsxHGQid
 tkLeF5WJ2IHDrOqhz3v1FSL5UJBfFJQ7Trc4LKE2KNaA3i7biA5MlGY2Y3zZBc0K
 pD4ILoE2anii1OfAykYcjJoHWP4J5t3BjpC7V08FKQLHPwMxLGGIpQEddsHEQvpq
 hwvt2Q3Rhk2Z4PGV+HpIg5Cr9pueILNO8ZDUzVPQn+P3XGXCrociDLBvHvtinYdm
 /ZmLasEMKx2jMa+ZHRXFsdXHsmzZjtZjsAxEQPIkBe1Z8eQ5NwlAgxfmPKIO0CIw
 YgMn+FDtJScXLxy4tfzh
 =j8lF
 -----END PGP SIGNATURE-----
--- a/phpMyAdmin-4.6.5.2-all-languages.tar.xz
+++ b/phpMyAdmin-4.6.5.2-all-languages.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:8cb549c0cd04ecaa3b2a8d9315e7c88528603fa6fe91057b13173f6afba80894
 size 6136880
--- a/phpMyAdmin-4.6.5.2-all-languages.tar.xz.asc
+++ b/phpMyAdmin-4.6.5.2-all-languages.tar.xz.asc
@ -0,0 +1,17 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 iQIcBAABAgAGBQJYRe46AAoJEM51LxeCWb2SnE0P/A3JOx05rxBghNn6KV+xDJJa
 1/RP3pvzpJSLnZTOeb5fxYkSmAkt3hfH9mU1M+gapvgcO4Fl8PL4IH2vZpQtKPUG
 b6rnI0ataUzElyRhpSkKJNk2UafNNJHe6jdiHkX/A+IBJRaNSvq84DFAb0gYXV2W
 G1fQ3il9a+uu5s15W+wUPKqIr5BbFo/J2Fl6Lrid6BW0lOI2Pya+enZcLEx5kow0
 EM66hRX4/nbQTQO1ldVlxSTLBjgNpvqtdDNK5OpW04e5sAGVUCfvacoqi+bna1dA
 UQkEfrbuIDwlaQAD3fWmED4jUVpw+fDhLpGhTJ23ZPk3ICENshBLYl+44w/vrBR0
 o1dcQnsomMWOlBfANndoUfZOGiEdy33ThNV70J0BBhwOFTfi5H/a0ZucHtJrSUHe
 zE6AtkK//FvNqB5ilk+O5F94hRy44aJXRpFaHkfu0vyg4GrnZHZFqODW7IzbIfxg
 GRNyOsQaxdJB3RjolxlBzudE8DUC7HvT6ULBH5W+AMCJdvke0uWtk03Te2m823Df
 sSvuLk13H8sB+1S5l/BWxTUK3aOQ5AYo1bxjAYFUQRs5JO+g0kUNWJK68fwKYSFM
 EgqP+sSlA62BRqQ9tt46BVILLBbvLdzgSJaCXFQIeDkrW20qFcHMsC66qWyyrign
 YercIbpv7UwKR5yz1r6m
 =mXi6
 -----END PGP SIGNATURE-----
--- a/phpMyAdmin.changes
+++ b/phpMyAdmin.changes
@ -1,3 +1,12 @@
 -------------------------------------------------------------------
 Tue Dec  6 15:25:29 UTC 2016 - chris@computersalat.de
 - update to 4.6.5.2 (2016-12-05)
  * gh#12765 Fixed SQL export with newlines
 - update changes (update to 4.6.5 (2016-11-25))
  * add missing (Not yet available) CVE's
 - fix phpMyAdmin.http
 -------------------------------------------------------------------
 Sat Nov 26 15:32:19 UTC 2016 - ecsos@opensuse.org
@ -21,22 +30,29 @@ Sat Nov 26 15:32:19 UTC 2016 - ecsos@opensuse.org
  * gh#12459 Display read only fields as read only when editing
  * gh#12384 Fix expanding of navigation pane when clicking on database
  * gh#12430 Impove partitioning support
-  * gh#12374 Reintroduced simplified PmaAbsoluteUri configuration directive
+  * gh#12374 Reintroduced simplified PmaAbsoluteUri configuration
     directive
  * Always use UTC time in HTTP headers
  * gh#12479 Simplified validation of external links
  * gh#12483 Fix browsing tables with built in transformations
-  * gh#12485 Do not show warning about short blowfish_secret if none is set
+  * gh#12485 Do not show warning about short blowfish_secret if none
     is set
  * gh#12251 Fixed random logouts due to wrong cookie path
  * gh#12480 Fixed editing of ENUM/SET/DECIMAL fields structure
-  * gh#12497 Missing escaping of configuration used in SQL (hide_db and only_db)
+  * gh#12497 Missing escaping of configuration used in SQL
     (hide_db and only_db)
  * gh#12476 Add error checking in reading advisory rules file
-  * gh#12477 Add checking missing elements and confirming element types from json_decode
+  * gh#12477 Add checking missing elements and confirming element
-  * gh#12251 Automatically save SQL query in browser local storage rather than in cookie
+     types from json_decode
  * gh#12251 Automatically save SQL query in browser local storage
     rather than in cookie
  * gh#12292 Unable to edit transformations
  * gh#12502 Remove unused paramenter when connecting to MySQLi
-  * gh#12303 Fix number formatting with different settings of precision in PHP
+  * gh#12303 Fix number formatting with different settings of
     precision in PHP
  * gh#12405 Use single quotes in PHP code
-  * gh#12534 Option for the dropped column is not removed from 'after_field' select, after the column is dropped
+  * gh#12534 Option for the dropped column is not removed from
     'after_field' select, after the column is dropped
  * gh#12531 Properly detect DROP DATABASE queries
  * gh#12470 Fix possible race condition in setting URL hash
  * gh#11924 Remove caching of server information
@ -48,26 +64,34 @@ Sat Nov 26 15:32:19 UTC 2016 - ecsos@opensuse.org
  * gh#12518 Fixed copy of table with generated columns
  * gh#12221 Fixed export of table with generated columns
  * gh#12320 Copying a user does not copy usergroup
-  * gh#12272 Adding a new row with default enum goes to no selection when you want to add more then 2 rows
+  * gh#12272 Adding a new row with default enum goes to no selection
-  * gh#12487 Drag and drop import prevents file dropping to blob column file selector on the insert tab
+     when you want to add more then 2 rows
-  * gh#12554 Absence of scrolling makes it impossible to read longer text values in grid editing
+  * gh#12487 Drag and drop import prevents file dropping to blob
-  * gh#12530 "Edit routine" crashes when the current user is not the definer, even if privileges are adequate
+     column file selector on the insert tab
  * gh#12554 Absence of scrolling makes it impossible to read longer
     text values in grid editing
  * gh#12530 "Edit routine" crashes when the current user is not the
     definer, even if privileges are adequate
  * gh#12300 Export selective tables by-default dumps Events also
  * gh#12298 Fixed export of view definitions
-  * gh#12242 Edit routine detail dialog does not fill "Return length" field in mysql functions
+  * gh#12242 Edit routine detail dialog does not fill "Return length"
     field in mysql functions
  * gh#12575 New index Confirm adds whitespace around the field name
  * gh#12382 Bug in zoom search
  * gh#12321 Assign LIMIT clause only to syntactically correct queries
-  * gh#12461 Can't Execute SQL With Sub-Query Due To "LIMIT 0,25" Inserted At Wrong Place
+  * gh#12461 Can't Execute SQL With Sub-Query Due To "LIMIT 0,25"
     Inserted At Wrong Place
  * gh#12511 Clarify documentation on ArbitraryServerRegexp
  * gh#12508 Remove duplicate code in SQL escaping
  * gh#12475 Cleanup code for getting table information
-  * gh#12579 phpMyAdmin's export of a Select statment without a FROM clause generates Wrong SQL
+  * gh#12579 phpMyAdmin's export of a Select statment without a FROM
     clause generates Wrong SQL
  * gh#12316 Correct export of complex SELECT statements
  * gh#12080 Fixed parsing of subselect queries
  * gh#11740 Fixed handling DELETE ... USING queries
  * gh#12100 Fixed handling of CASE operator
-  * gh#12455 Query history stores separate entry for every letter typed
+  * gh#12455 Query history stores separate entry for every letter
     typed
  * gh#12327 Create PHP code no longer works
  * gh#12179 Fixed bookmarking of query with multiple statements
  * gh#12419 Wrong description on GRANT OPTION
@ -77,8 +101,10 @@ Sat Nov 26 15:32:19 UTC 2016 - ecsos@opensuse.org
  * gh#12619 Unable to export csv when using union select
  * gh#12625 Broken Edit links in query results of JOIN query
  * gh#12634 Drop DB error in import if DB doesn't exist
-  * gh#12338 Designer reverts to first saved ER after EACH relation create or delete
+  * gh#12338 Designer reverts to first saved ER after EACH relation
-  * gh#12639 'Show trace' in Console generates JS error for functions in query's trace called without any arguments
+     create or delete
  * gh#12639 'Show trace' in Console generates JS error for functions
     in query's trace called without any arguments
  * gh#12366 Fix user creation with certain MariaDB setups
  * gh#12616 Refuse to work with mbstring.func_overload enabled
  * gh#12472 Properly report connection without password in setup
@ -90,54 +116,65 @@ Sat Nov 26 15:32:19 UTC 2016 - ecsos@opensuse.org
  * gh#12637 Fixed editing some timestamp values
  * gh#12622 Fixed javascript error in designer
  * gh#12334 Missing page indicator or VIEWs
-  * gh#12610 Export of tables with Timestamp/Datetime/Time columns defined with ON UPDATE clause with precision fails
+  * gh#12610 Export of tables with Timestamp/Datetime/Time columns
     defined with ON UPDATE clause with precision fails
  * gh#12661 Error inserting into pma__history after timeout
  * gh#12195 Row_format = fixed not visible
-  * gh#12665 Cannot add a foreign key - non-indexed fields not listed in InnoDB tables
+  * gh#12665 Cannot add a foreign key - non-indexed fields not listed
     in InnoDB tables
  * gh#12674 Allow for proper MySQL-allowed strings as identifiers
  * gh#12651 Allow for partial dates on table insert page
  * gh#12681 Fixed designer with tables using special chars
-  * gh#12652 Fixed visual query builder for foreign keys with more fields
+  * gh#12652 Fixed visual query builder for foreign keys with more
     fields
  * gh#12257 Improved search page performance
  * gh#12322 Avoid selecting default function for foreign keys
  * gh#12453 Fixed escaping of SQL parts in some corner cases
  * gh#12542 Missing table name in account privileges editor
-  * gh#12691 Remove ksort call on empty array in PMA_getPlugins function
+  * gh#12691 Remove ksort call on empty array in PMA_getPlugins
     function
  * gh#12443 Check parameter type before processing
  * gh#12299 Avoid generating too long URLs in search
  * gh#12361 Fix self SQL injection in table-specific privileges
-  * gh#12698 Add link to release notes and download on new version notification
+  * gh#12698 Add link to release notes and download on new version
-  * gh#12712 Error when trying to setup replication (fatal error in call to an old PMA_DBI_connect function) 
+     notification
  * gh#12712 Error when trying to setup replication (fatal error in
     call to an old PMA_DBI_connect function) 
 - fix for boo#1012271
  https://www.phpmyadmin.net/security/
  * Unsafe generation of $cfg['blowfish_secret']
-     see PMASA-2016-58 (CVE ids: Not yet assigned , CWE-661)
+     see PMASA-2016-58 (CVE ids: CVE-2016-9847, CWE-661)
  * phpMyAdmin's phpinfo functionality is removed
-     see PMASA-2016-59 (CVE ids: Not yet assigned , CWE-661)
+     see PMASA-2016-59 (CVE ids: CVE-2016-9848, CWE-661)
-  * AllowRoot and allow/deny rule bypass with specially-crafted username
+  * AllowRoot and allow/deny rule bypass with specially-crafted
-     see PMASA-2016-60 (CVE ids: Not yet assigned , CWE-661)
+     username
     see PMASA-2016-60 (CVE ids: CVE-2016-9849, CWE-661)
  * Username matching weaknesses with allow/deny rules
-     see PMASA-2016-61 (CVE ids: Not yet assigned , CWE-661)
+     see PMASA-2016-61 (CVE ids: CVE-2016-9850, CWE-661)
  * Possible to bypass logout timeout
-     see PMASA-2016-62 (CVE ids: Not yet assigned , CWE-661)
+     see PMASA-2016-62 (CVE ids: CVE-2016-9851, CWE-661)
  * Full path disclosure (FPD) weaknesses
-     see PMASA-2016-63 (CVE ids: Not yet assigned , CWE-661)
+     see PMASA-2016-63 (CVE ids: CVE-2016-9852, CVE-2016-9853,
      CVE-2016-9854, CVE-2016-9855, CWE-661)
  * Multiple XSS weaknesses
-     see PMASA-2016-64 (CVE ids: Not yet assigned , CWE-661, CWE-352)
+     see PMASA-2016-64 (CVE ids: CVE-2016-9856, CVE-2016-9857,
      CWE-661, CWE-352)
  * Multiple denial-of-service (DOS) vulnerabilities
-     see PMASA-2016-65 (CVE ids: Not yet assigned , CWE-661, CW-400)
+     see PMASA-2016-65 (CVE ids: CVE-2016-9858, CVE-2016-9859,
      CVE-2016-9860, CWE-661, CW-400)
  * Possible to bypass white-list protection for URL redirection
-     see PMASA-2016-66 (CVE ids: Not yet assigned , CWE-661, CWE-20, CWE-601)
+     see PMASA-2016-66 (CVE ids: CVE-2016-9861, CWE-661, CWE-20,
      CWE-601)
  * BBCode injection to login page
-     see PMASA-2016-67 (CVE ids: Not yet assigned , CWE-661)
+     see PMASA-2016-67 (CVE ids: CVE-2016-9862, CWE-661)
  * Denial-of-service (DOS) vulnerability in table partitioning
-     see PMASA-2016-68 (CVE ids: Not yet assigned , CWE-661, CWE-400)
+     see PMASA-2016-68 (CVE ids: CVE-2016-9863, CWE-661, CWE-400)
  * Multiple SQL injection vulnerabilities
-     see PMASA-2016-69 (CVE ids: Not yet assigned , CWE-661, CWE-89)
+     see PMASA-2016-69 (CVE ids: CVE-2016-9864, CWE-661, CWE-89)
  * Incorrect serialized string parsing
-     see PMASA-2016-70 (CVE ids: Not yet assigned , CWE-661)
+     see PMASA-2016-70 (CVE ids: CVE-2016-9865, CWE-661)
  * CSRF token not stripped from the URL
-     see PMASA-2016-71 (CVE ids: Not yet assigned , CWE-661)
+     see PMASA-2016-71 (CVE ids: CVE-2016-9866, CWE-661)
 -------------------------------------------------------------------
 Sun Nov  6 16:27:00 UTC 2016 - chris@computersalat.de
--- a/phpMyAdmin.http
+++ b/phpMyAdmin.http
@ -26,7 +26,7 @@
        php_admin_flag allow_url_fopen off
        php_admin_flag zend.ze1_compatibility_mode off
        php_admin_flag safe_mode Off
-        php_admin_value open_basedir "@ap_docroot@/@name@:/var/lib/php5:/tmp:@docdir@/@name@:/etc/@name@:/proc/meminfo:/proc/stat"
+        php_admin_value open_basedir "@ap_docroot@/@name@:/var/lib/php7:/tmp:@docdir@/@name@:/etc/@name@:/proc/meminfo:/proc/stat"
        # customize suhosin
        php_admin_value suhosin.post.max_array_index_length 256
        php_admin_value suhosin.post.max_totalname_length 8192
@ -45,16 +45,13 @@
    </IfVersion>
    <IfVersion >= 2.4>
        <IfModule !mod_access_compat.c>
            Require all denied
        </IfModule>
        <IfModule mod_access_compat.c>
            Order deny,allow
            Deny from all
        </IfModule>
    </IfVersion>
 </Directory>
--- a/phpMyAdmin.spec
+++ b/phpMyAdmin.spec
@ -29,7 +29,7 @@
 %define ap_grp nogroup
 %endif
 Name:           phpMyAdmin
-Version:        4.6.5.1
+Version:        4.6.5.2
 Release:        0
 Summary:        Administration of MySQL over the web
 License:        GPL-2.0+