commit 0727f6d5af89189be9332c45e9f28e049299cdf8cf04c30a34f03c87d0362a3a Author: Sascha Peilicke Date: Fri Feb 25 14:41:08 2011 +0000 Accepting request 62629 from server:php:applications Accepted submit request 62629 from user ralflangb1 OBS-URL: https://build.opensuse.org/request/show/62629 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/phpMyAdmin?expand=0&rev=1 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/phpMyAdmin-3.3.8-config.patch b/phpMyAdmin-3.3.8-config.patch new file mode 100644 index 0000000..95aa45d --- /dev/null +++ b/phpMyAdmin-3.3.8-config.patch @@ -0,0 +1,375 @@ +diff -ruN phpMyAdmin-3.3.8-all-languages-orig/config.sample.inc.php phpMyAdmin-3.3.8-all-languages/config.sample.inc.php +--- phpMyAdmin-3.3.8-all-languages-orig/config.sample.inc.php 2010-10-25 18:21:44.000000000 +0200 ++++ phpMyAdmin-3.3.8-all-languages/config.sample.inc.php 2010-12-03 23:58:26.000000000 +0100 +@@ -2,71 +2,278 @@ + /* vim: set expandtab sw=4 ts=4 sts=4: */ + /** + * phpMyAdmin sample configuration, you can use it as base for +- * manual configuration. For easier setup you can use setup/ ++ * manual configuration. For easier setup you can use scripts/setup.php + * + * All directives are explained in Documentation.html and on phpMyAdmin + * wiki . ++ */ ++ ++/** ++ * Your phpMyAdmin url ++ * ++ * Complete the variable below with the full url ie ++ * https://www.your_web.net/path_to_your_phpMyAdmin_directory/ ++ * ++ * It must contain characters that are valid for a URL, and the path is ++ * case sensitive on some Web servers, for example Unix-based servers. + * +- * @version $Id$ +- * @package phpMyAdmin ++ * In most cases you can leave this variable empty, as the correct value ++ * will be detected automatically. However, we recommend that you do ++ * test to see that the auto-detection code works in your system. A good ++ * test is to browse a table, then edit a row and save it. There will be ++ * an error message if phpMyAdmin cannot auto-detect the correct value. ++ * ++ * If the auto-detection code does work properly, you can set to true the ++ * $cfg['PmaAbsoluteUri_DisableWarning'] variable below. + */ ++$cfg['PmaAbsoluteUri'] = 'https://@FQDN@/phpMyAdmin/'; + +-/* +- * This is needed for cookie based authentication to encrypt password in +- * cookie ++ ++/** ++ * Disable the default warning about $cfg['PmaAbsoluteUri'] not being set ++ * You should use this if and ONLY if the PmaAbsoluteUri auto-detection ++ * works perfectly. + */ +-$cfg['blowfish_secret'] = ''; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */ ++$cfg['PmaAbsoluteUri_DisableWarning'] = false; + +-/* ++/** ++ * Disable the default warning that is displayed on the DB Details Structure page if ++ * any of the required Tables for the relationfeatures could not be found ++ */ ++$cfg['PmaNoRelation_DisableWarning'] = false; ++ ++/** ++ * The 'cookie' auth_type uses blowfish algorithm to encrypt the password. If ++ * at least one server configuration uses 'cookie' auth_type, enter here a ++ * passphrase that will be used by blowfish. ++ */ ++$cfg['blowfish_secret'] = ''; ++ ++ ++ ++/******************************************************************************* + * Servers configuration + */ + $i = 0; + +-/* +- * First server ++/*************************************** ++ * First Server + */ ++ + $i++; +-/* Authentication type */ +-$cfg['Servers'][$i]['auth_type'] = 'cookie'; +-/* Server parameters */ +-$cfg['Servers'][$i]['host'] = 'localhost'; +-$cfg['Servers'][$i]['connect_type'] = 'tcp'; +-$cfg['Servers'][$i]['compress'] = false; +-/* Select mysqli if your server has it */ +-$cfg['Servers'][$i]['extension'] = 'mysql'; +-$cfg['Servers'][$i]['AllowNoPassword'] = false; +- +-/* rajk - for blobstreaming */ +-$cfg['Servers'][$i]['bs_garbage_threshold'] = 50; +-$cfg['Servers'][$i]['bs_repository_threshold'] = '32M'; +-$cfg['Servers'][$i]['bs_temp_blob_timeout'] = 600; +-$cfg['Servers'][$i]['bs_temp_log_threshold'] = '32M'; +- +-/* User for advanced features */ +-// $cfg['Servers'][$i]['controluser'] = 'pma'; +-// $cfg['Servers'][$i]['controlpass'] = 'pmapass'; +-/* Advanced phpMyAdmin features */ +-// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin'; +-// $cfg['Servers'][$i]['bookmarktable'] = 'pma_bookmark'; +-// $cfg['Servers'][$i]['relation'] = 'pma_relation'; +-// $cfg['Servers'][$i]['table_info'] = 'pma_table_info'; +-// $cfg['Servers'][$i]['table_coords'] = 'pma_table_coords'; +-// $cfg['Servers'][$i]['pdf_pages'] = 'pma_pdf_pages'; +-// $cfg['Servers'][$i]['column_info'] = 'pma_column_info'; +-// $cfg['Servers'][$i]['history'] = 'pma_history'; +-// $cfg['Servers'][$i]['tracking'] = 'pma_tracking'; +-// $cfg['Servers'][$i]['designer_coords'] = 'pma_designer_coords'; +-/* Contrib / Swekey authentication */ +-// $cfg['Servers'][$i]['auth_swekey_config'] = '/etc/swekey-pma.conf'; ++// MySQL hostname or IP address ++$cfg['Servers'][$i]['host'] = 'localhost'; ++ ++// MySQL port - leave blank for default port ++$cfg['Servers'][$i]['port'] = ''; ++ ++// Path to the socket - leave blank for default socket ++$cfg['Servers'][$i]['socket'] = ''; ++ ++// Use SSL for connecting to MySQL server? ++$cfg['Servers'][$i]['ssl'] = false; ++ ++// How to connect to MySQL server ('tcp' or 'socket') ++$cfg['Servers'][$i]['connect_type'] = 'socket'; ++ ++// The PHP MySQL extension to use ('mysql' or 'mysqli') ++$cfg['Servers'][$i]['extension'] = 'mysqli'; ++ ++// Use compressed protocol for the MySQL connection (requires PHP >= 4.3.0) ++$cfg['Servers'][$i]['compress'] = false; ++ ++// MySQL control user settings (this user must have read-only ++// access to the "mysql/user" and "mysql/db" tables). ++// The controluser is also used for all relational features (pmadb) ++$cfg['Servers'][$i]['controluser'] = ''; ++$cfg['Servers'][$i]['controlpass'] = ''; ++ ++// Authentication method (config, http or cookie based)? ++$cfg['Servers'][$i]['auth_type'] = 'http'; ++ ++// MySQL user ++$cfg['Servers'][$i]['user'] = 'root'; ++ ++// MySQL password (only needed with 'config' auth_type) ++$cfg['Servers'][$i]['password'] = ''; ++ ++// Allow access without password ++$cfg['Servers'][$i]['AllowNoPassword'] = false; ++ ++// Session to use for 'signon' authentication method ++$cfg['Servers'][$i]['SignonSession'] = ''; ++ ++// URL where to redirect user to login for 'signon' authentication method ++$cfg['Servers'][$i]['SignonURL'] = ''; ++ ++// URL where to redirect user after logout ++$cfg['Servers'][$i]['LogoutURL'] = ''; ++ ++// If set to a db-name, only this db is displayed in left frame ++// It may also be an array of db-names, where sorting order is relevant. ++$cfg['Servers'][$i]['only_db'] = ''; ++ ++// Verbose name for this host - leave blank to show the hostname ++$cfg['Servers'][$i]['verbose'] = ''; ++ ++// Database used for Relation, Bookmark and PDF Features ++// (see scripts/create_tables.sql) ++// - leave blank for no support ++// DEFAULT: 'phpmyadmin' ++$cfg['Servers'][$i]['pmadb'] = ''; ++ ++// Bookmark table ++// - leave blank for no bookmark support ++// DEFAULT: 'pma_bookmark' ++$cfg['Servers'][$i]['bookmarktable'] = ''; ++ ++// table to describe the relation between links (see doc) ++// - leave blank for no relation-links support ++// DEFAULT: 'pma_relation' ++$cfg['Servers'][$i]['relation'] = ''; ++ ++// table to describe the display fields ++// - leave blank for no display fields support ++// DEFAULT: 'pma_table_info' ++$cfg['Servers'][$i]['table_info'] = ''; ++ ++// table to describe the tables position for the PDF schema ++// - leave blank for no PDF schema support ++// DEFAULT: 'pma_table_coords' ++$cfg['Servers'][$i]['table_coords'] = ''; ++ ++// table to describe pages of relationpdf ++// - leave blank if you don't want to use this ++// DEFAULT: 'pma_pdf_pages' ++$cfg['Servers'][$i]['pdf_pages'] = ''; ++ ++// table to store column information ++// - leave blank for no column comments/mime types ++// DEFAULT: 'pma_column_info' ++$cfg['Servers'][$i]['column_info'] = ''; ++ ++// table to store SQL history ++// - leave blank for no SQL query history ++// DEFAULT: 'pma_history' ++$cfg['Servers'][$i]['history'] = ''; ++ ++// set to false if you know that your pma_* tables ++// are up to date. This prevents compatibility ++// checks and thereby increases performance. ++$cfg['Servers'][$i]['verbose_check'] = true; ++ ++// whether to allow root login ++$cfg['Servers'][$i]['AllowRoot'] = true; ++ ++// Host authentication order, leave blank to not use ++$cfg['Servers'][$i]['AllowDeny']['order'] = ''; ++ ++// Host authentication rules, leave blank for defaults ++$cfg['Servers'][$i]['AllowDeny']['rules'] = array(); ++ ++ ++/*************************************** ++ * Second Server ++ */ ++ ++/** ++$i++; ++$cfg['Servers'][$i]['host'] = ''; ++$cfg['Servers'][$i]['port'] = ''; ++$cfg['Servers'][$i]['socket'] = ''; ++$cfg['Servers'][$i]['ssl'] = false; ++$cfg['Servers'][$i]['connect_type'] = 'tcp'; ++$cfg['Servers'][$i]['extension'] = 'mysqli'; ++$cfg['Servers'][$i]['compress'] = false; ++$cfg['Servers'][$i]['controluser'] = ''; ++$cfg['Servers'][$i]['controlpass'] = ''; ++$cfg['Servers'][$i]['auth_type'] = 'http'; ++$cfg['Servers'][$i]['user'] = 'root'; ++$cfg['Servers'][$i]['password'] = ''; ++$cfg['Servers'][$i]['AllowNoPassword'] = false; ++$cfg['Servers'][$i]['SignonSession'] = ''; ++$cfg['Servers'][$i]['SignonURL'] = ''; ++$cfg['Servers'][$i]['LogoutURL'] = ''; ++$cfg['Servers'][$i]['only_db'] = ''; ++$cfg['Servers'][$i]['verbose'] = ''; ++$cfg['Servers'][$i]['pmadb'] = ''; ++$cfg['Servers'][$i]['bookmarktable'] = ''; ++$cfg['Servers'][$i]['relation'] = ''; ++$cfg['Servers'][$i]['table_info'] = ''; ++$cfg['Servers'][$i]['table_coords'] = ''; ++$cfg['Servers'][$i]['pdf_pages'] = ''; ++$cfg['Servers'][$i]['column_info'] = ''; ++$cfg['Servers'][$i]['history'] = ''; ++$cfg['Servers'][$i]['verbose_check'] = true; ++$cfg['Servers'][$i]['AllowRoot'] = true; ++$cfg['Servers'][$i]['AllowDeny']['order'] = ''; ++$cfg['Servers'][$i]['AllowDeny']['rules'] = array(); ++ */ ++ ++// If you have more than one server configured, you can set $cfg['ServerDefault'] ++// to any one of them to autoconnect to that server when phpMyAdmin is started, ++// or set it to 0 to be given a list of servers without logging in ++// If you have only one server configured, $cfg['ServerDefault'] *MUST* be ++// set to that server. ++ ++// Default server (0 = no default server) ++$cfg['ServerDefault'] = 1; ++$cfg['Server'] = '0'; ++unset($cfg['Servers'][0]); ++ + + /* + * End of servers configuration + */ + +-/* +- * Directories for saving/loading files from server ++ ++/******************************************************************************* ++ * Language and character set conversion settings + */ ++ ++// Default language to use, if not browser-defined or user-defined ++$cfg['DefaultLang'] = 'utf-8'; ++ ++// Default connection collation (used for MySQL >= 4.1) ++$cfg['DefaultConnectionCollation'] = 'utf8_unicode_ci'; ++ ++// Default character set to use for recoding of MySQL queries, does not take ++// any effect when character sets recoding is switched off by ++// $cfg['AllowAnywhereRecoding'] or in language file ++// (see $cfg['AvailableCharsets'] to possible choices, you can add your own) ++$cfg['DefaultCharset'] = 'utf-8'; ++ ++// Allow character set recoding of MySQL queries, must be also enabled in language ++// file to make harder using other language files than Unicode. ++// Default value is false to avoid problems on servers without the iconv ++// extension and where dl() is not supported ++$cfg['AllowAnywhereRecoding'] = false; ++ ++// You can select here which functions will be used for character set conversion. ++// Possible values are: ++// auto - automatically use available one (first is tested iconv, then ++// recode) ++// iconv - use iconv or libiconv functions ++// recode - use recode_string function ++$cfg['RecodingEngine'] = 'auto'; ++ ++ ++/******************************************************************************* ++ * Web server upload/save/import directories ++ */ ++ ++// Directory for uploaded files that can be executed by phpMyAdmin. ++// For example './upload'. Leave empty for no upload directory support. ++// Use %u for username inclusion. + $cfg['UploadDir'] = ''; ++ ++// Directory where phpMyAdmin can save exported data on server. ++// For example './save'. Leave empty for no save directory support. ++// Use %u for username inclusion. + $cfg['SaveDir'] = ''; + ++// Directory where phpMyAdmin can save temporary files. ++// This is needed for MS Excel export, see documentation how to enable that. ++$cfg['TempDir'] = ''; ++ + ?> +diff -ruN phpMyAdmin-3.3.8-all-languages-orig/libraries/common.inc.php phpMyAdmin-3.3.8-all-languages/libraries/common.inc.php +--- phpMyAdmin-3.3.8-all-languages-orig/libraries/common.inc.php 2010-10-25 18:21:44.000000000 +0200 ++++ phpMyAdmin-3.3.8-all-languages/libraries/common.inc.php 2010-12-03 23:56:45.000000000 +0100 +@@ -536,7 +536,7 @@ + * force reading of config file, because we removed sensitive values + * in the previous iteration + */ +-$_SESSION['PMA_Config'] = new PMA_Config('./config.inc.php'); ++$_SESSION['PMA_Config'] = new PMA_Config('@PMA_Config@'); + + if (!defined('PMA_MINIMUM_COMMON')) { + $_SESSION['PMA_Config']->checkPmaAbsoluteUri(); +diff -ruN phpMyAdmin-3.3.8-all-languages-orig/libraries/config.default.php phpMyAdmin-3.3.8-all-languages/libraries/config.default.php +--- phpMyAdmin-3.3.8-all-languages-orig/libraries/config.default.php 2010-10-25 18:21:44.000000000 +0200 ++++ phpMyAdmin-3.3.8-all-languages/libraries/config.default.php 2010-12-03 23:56:45.000000000 +0100 +@@ -136,7 +136,7 @@ + * + * @global string $cfg['Servers'][$i]['extension'] + */ +-$cfg['Servers'][$i]['extension'] = 'mysql'; ++$cfg['Servers'][$i]['extension'] = 'mysqli'; + + /* rajk - added for blobstreaming */ + $cfg['Servers'][$i]['bs_garbage_threshold'] = ''; +diff -ruN phpMyAdmin-3.3.8-all-languages-orig/libraries/vendor_config.php phpMyAdmin-3.3.8-all-languages/libraries/vendor_config.php +--- phpMyAdmin-3.3.8-all-languages-orig/libraries/vendor_config.php 2010-10-25 18:21:44.000000000 +0200 ++++ phpMyAdmin-3.3.8-all-languages/libraries/vendor_config.php 2010-12-03 23:56:45.000000000 +0100 +@@ -15,18 +15,18 @@ + * Path to changelog file, can be gzip compressed. Useful when you want to + * have documentation somewhere else, eg. /usr/share/doc. + */ +-define('CHANGELOG_FILE', './ChangeLog'); ++define('CHANGELOG_FILE', '@docdir@/ChangeLog'); + + /** + * Path to license file. Useful when you want to have documentation somewhere + * else, eg. /usr/share/doc. + */ +-define('LICENSE_FILE', './LICENSE'); ++define('LICENSE_FILE', '@docdir@/LICENSE'); + + /** + * Path to config file generated using setup script. + */ +-define('SETUP_CONFIG_FILE', './config/config.inc.php'); ++define('SETUP_CONFIG_FILE', '@sysconfdir@/config.inc.php'); + + /** + * Whether setup requires writable directory where config diff --git a/phpMyAdmin-3.3.9.2-all-languages.tar.bz2 b/phpMyAdmin-3.3.9.2-all-languages.tar.bz2 new file mode 100644 index 0000000..8f05ded --- /dev/null +++ b/phpMyAdmin-3.3.9.2-all-languages.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ef66b764daffb16417d3d7b448b358a9548b004c9af03341107f167902a27a99 +size 3676120 diff --git a/phpMyAdmin.changes b/phpMyAdmin.changes new file mode 100644 index 0000000..cad7427 --- /dev/null +++ b/phpMyAdmin.changes @@ -0,0 +1,774 @@ +------------------------------------------------------------------- +Wed Feb 23 12:18:03 UTC 2011 - chris@computersalat.de + +- + +------------------------------------------------------------------- +Wed Feb 23 12:10:46 UTC 2011 - chris@computersalat.de + +- update to 3.3.9.2 + - [security] SQL injection, see PMASA-2011-2 +- 3.3.9.1 (2011-02-08) + - [security] Path disclosure, see PMASA-2011-1 +- add macros for ap_usr, ap_grp +- fix perm on sysconfdir + o 0750,root,www + +------------------------------------------------------------------- +Thu Jan 27 20:14:40 UTC 2011 - chris@computersalat.de + +- update to 3.3.9 + - bug [doc] Fix references to MySQL doc + - patch #3101490 Default function for TIMESTAMP, thanks to jirand - jirand + - bug #3103853 [js] Double quotes were not escaped in generated js + - bug #3077463 [core] Events were not copied when copying/renaming database + - bug #1762306 [core] Copy database with view of a view + - patch #3117535 [replication] Add quotes to database in initial statement, + thanks to Craig Duncan - duncan3dc + - bug #3112614 [pdf schema] Scratchboard for PDF pages not working + - bug #3125606 [parser] Query for table "level" causes strange display + - bug #3127904 [parser] Close all opened round brackets indents +- removed Authors from spec + +------------------------------------------------------------------- +Fri Dec 3 23:04:41 UTC 2010 - chris@computersalat.de + +- update to 3.3.8.1 + - bug #3115519 (private) [security] XSS on db search, see PMASA-2010-8 +- rework config patch + o add AllowNoPassword + +------------------------------------------------------------------- +Wed Oct 27 10:23:50 UTC 2010 - javier@opensuse.org + +- update to 3.3.8 + - bug #3059311 [import] BIGINT field type added to table analysis + - [core] Update library PHPExcel to version 1.7.4 + - bug #3062455 [core] copy procedures and routines before tables + - bug #3062455 [export] with SQL, export procedures and routines before tables + - bug #3056023 [import] USE query not working + - bug #3038193 [display] Error when editing row with GEOMETRY column + - bug #3062454 [interface] Display routines/events also when no tables are defin +ed + - support ARIA storage engine as well as its previous name MARIA + + +------------------------------------------------------------------- +Wed Sep 22 14:03:14 CEST 2010 - mcihar@suse.cz + +- update to 3.3.7 + +------------------------------------------------------------------- +Wed Jul 7 14:48:50 UTC 2010 - chris@computersalat.de + +- update to version 3.3.4 +- bug #2996161 [import] properly escape import value +- bug #2998889 [import] Import button does not work in Catalan +- [browse] Fix handling of sort order if only column is specified. ++ [lang] Greek update, thanks to Panagiotis Papazoglou - panos78 ++ [lang] Updated lot of translation based on work done in master branch. +- bug #3008411 [databases] Last dropped database remains active in navi +- bug #2986383 [parser] Not all data being shown / counted +- bug [synchronize] Rows were deleted in target table regardless of the + "Would you like to delete..." option +- bug [privileges] List of tables not shown when the db name has a wildcard +- bug #3011126 [display] Edit link missing after long query +- patch #3013264 [doc] FAQ 1.40 uses a comma instead of a period, + thanks to Isaac Bennetch - ibennetch +- [engines] Fix getting InnoDB status. +- bug #2986422 [import] Results for query are not displayed + +------------------------------------------------------------------- +Fri May 21 16:59:50 UTC 2010 - chris@computersalat.de + +- update to version 3.3.3 + - patch #2982480 [navi] Do not group if there would be one table in group + - patch #2983492 [sync] When asking to synchronize Structure and Data, + only Structure is done + - patch #2984893 [engines] InnoDB storage page emits a warning + - bug #2974687, bug #2974692 [compatibility] PHPExcel : IBM AIX iconv() does not work + - bug #2983066 [interface] Flush table on table operations shows the query twice + - bug #2983060, patch #2987900 [interface] Fix initial state of tables in + designer + - bug #2983062, patch #2989408 [engines] Fix warnings when changing table + engine to Maria + - bug #2974067 [display] non-binary fields shown as hex + - bug #2983065 [operations] Error when changing from Maria to MyISAM engine + - bug #2975408 [tracking] Data too long for column data_sql + - bug [tracking] Tracking report should obey MaxCharactersInDisplayedSQL + - bug [edit] Avoid selecting UNHEX function by default for a BLOB column for + which editing is protected + - bug #2994168 [structure] Show auto_increment in uppercase + - bug #2993970 [pdf schema] Page numbering in Table of Contents +- 3.3.2.0 (2010-04-13) + - patch #2969449 [core] Name for MERGE engine varies depending on the + MySQL version, thanks to Dieter Adriaenssens - ruleant + - bug #2966078 [browse] Incorrect LIMIT is saved and sticks while browsing + - bug #2967366 [Structure] Some results of Propose table structure are + shown in hex + - bug #2967565 [insert] UNHEX not selected by default when inserting BINARY + - [navi] Changed link to git repository on main page + - bug #2972232 [menu] Import menu tab not present on main page + - patch #2976790 [menu] Go to the upper level after table DROP, + thanks to Kaarel Nummert - kaarelnu + - patch #2978815 [pdf] Fix generating PDF with table dimensions, thanks to BlinK_ + - patch #2977725 [export] XML wrongly encoded, thanks to Victor Volkov - hanut + - patch #2979234 [import] Create tables with current charset and collation. + - patch #2979234, bug #2960105 [import] Properly import unicode text from ODS. + - bug #2973280 [export] Proper handling of temporary directory in XLS export. + - bug #2980582 [interface] Properly format server status parameter. + - bug #2973949 [session] SQL History broken (revert patch #2899969), + thanks to Dieter Adriaenssens - ruleant + - [doc] Be more specific about problems with Suhosin. + +------------------------------------------------------------------- +Fri Mar 26 00:41:30 UTC 2010 - chris@computersalat.de + +- update to version 3.3.1 + - bug #2941037 [core] Database structure not sorted by table correctly + - bug #2948492 [interface] Slide effect masks some fields on search page + - bug #2959746 [interface] Unknown table status: TABLE_TYPE + - bug #2953050 [export] export VIEW as SQL includes INSERT statement + - bug #2942032 [core] Cannot detect PmaAbsoluteUri correctly on Windows + - bug #2961609 [auth] Potential information disclosure at login page + - patch #2961540 [export] Do not export data of MERGE table, + thanks to Dieter Adriaenssens - ruleant + - bug #2961198 [parser] Querying a table named "data" + - bug #2931429 [structure] Editing long triggers + - bug #2970769 [structure] Incorrect reference to mootools-more.js +- cleanup spec + - fixed HEADER + - sort TAGS + - some macros (ap_...) + - updated description + - added postun + o restart_on_update apache2 +- some rpmlint stuff + - fdupes +- reworked patches + - removed blowfish_secret + - removed mysqli.patch + - added config patch + o mods to vendor_config +- replaced Source1 + phpmyadmin.conf > phpMyAdmin.http +- config.inc.php to /etc/phpMyAdmin + +------------------------------------------------------------------- +Wed Mar 10 21:41:47 UTC 2010 - javier@opensuse.org + +- Updated to 3.3.0 + + rfe #2308632 [edit] Use hex for (var)binary fields + + patch #2794819 [navi] Filter for displayed table names + - bug #2794840 [core] Cannot redeclare pma_tableheader() + - rfe #2726479 [core] configurable maximal length of URL + + patch #2724755 [display] Full/partial text links (big T) are back + - bug [display] handle NavigationBarIconic as documented for navi buttons + + rfe #2726479 [export] Export tables preselect + + patch #2805828 [export] PHP array export plugin + + patch #2798592 [import] Progress bar + - bug [gui] Generate Password not working for 'Change Login Information', only for 'Change password' + + [lang] Arabic update + + rfe #2822190 [structure] BOOLEAN is standard SQL + + [lang] German update + + rfe #2813867 [structure] Default sorting order in list of tables + + [import] Added MySQL type-detection functionality to import library + + [import] Added ODS, Excel XLS, Excel XLSX, and XML import modules + + [export] Added Excel XLSX export module + + [core] Added ability for tracking changes made through phpMyAdmin + + rfe #2839504 [engines] Support InnoDB plugin's new row formats + + [core] Added ability for synchronizing databases among servers. + + [lang] #2843101 Dutch update + + [lang] Galician update + + [export] Added MediaWiki export module + + [lang] Turkish update + + [auth] Add custom port configuration in signon + - [core] Removed context from the error handler + - bug #2883633 [export] Export of InnoDB table is incomplete + + rfe #2862575 [status] Order query statistics by % desc, skip rows with 0 + + rfe #2823686 [interface] Increase default height of query window + + rfe #2129902 [structure] Don't hide indexes + + patch #2812070 [interface] Allow selecting a range of rows by holding shift + + [lang] Russian update, thanks to Victor Volkov + + [lang] Greek update, thanks to Panagiotis Papazoglou + + [lang] Norwegian update, thanks to Sven-Erik Andersen + - bug #2929958 [import] Cannot import (French interface) + - [security] Use X-Frame-Options header to protect against ClickJacking. + + [lang] Finnish update, thanks to Jouni Kahkonen + + [lang] Lithuanian update, thanks to Rytis Slatkevicius - rytis_s + - bug #2931939 [status] Seeing "m" as unit is confusing + - bug #2926613 [edit] Copy database shows errors when DB has foreign key + + [lang] Catalan update, thanks to Xavier Navarro + +------------------------------------------------------------------- +Wed Jan 20 17:18:45 UTC 2010 - javier@opensuse.org + +- Updated to 3.2.5 + - patch #2903400 [bookmarks] Status of bookmark table, + thanks to Virsacer - virsacer + - bug [history] QueryHistoryDB is not respected + - bug #2905629 [auth] Blowfish secret is not hashed + - bug #2910000 [gui] ShowServerInfo should hide all server info from main page + - bug #2910568 [structure] Table size for ARCHIVE tables is not displayed + - patch #2899969 [core] Session lock blocks working from a second window, + thanks to Greg Roach - fisharebest + - patch #2915168 [import] Incorrect parsing of DELIMITER keyword, + thanks to Greg Roach - fisharebest + - patch #2918831 [export] Missing backquotes on reserved words, + thanks to Virsacer - virsacer + - [core] Fix broken cleanup of $_GET + - bug #2924357 [operations] Cannot rename a database that has foreign key + constraints + - bug #869006 [structure] Ignore number of records for MRG_MyISAM tables + - bug [browse] "Show BLOB contents" should display HTML code that is present + in a BLOB, thanks to Vincent van der Tuin + - [privileges] Improve escaping of hostname + +------------------------------------------------------------------- +Tue Nov 10 01:45:00 UTC 2009 - javier@opensuse.org + +- patch #2856664 [export] Date, time, and datetime column types now export correctly to OpenOffice Spreadsheet +- patch #2859788 [parser] Double-character delimiters (bug #2846239) +- bug #2832600 [export] Slow export when having lots of databases +- bug #2537766 [import] Comments are stripped when editing store procedures +- bug #2852370 [operations] Renaming database deletes triggers +- bug #2872247 [interface] Failed opening required 'mysql_charsets.lib.php' +- bug [structure] "In use" table incorrectly reported as "view" +- bug #2879909 [interface] Removed double htmlspecialchars when editing enum column +- bug #2868328 [relations] Adding foreign key when table name contains a dot +- bug #2883381 [doc] Side effects of MemoryLimit setting +- bug #2826128 [display] Inverting sort order when expression contains a function name + +------------------------------------------------------------------- +Sat Sep 19 00:50:10 CEST 2009 - javier@opensuse.org + +- bug #2825293 [structure] Default value for a BIT column +- bug [display] Red arrows were reversed in the list of tables +- bug #2813879 [export] Duplicate empty lines when exporting without comments +- bug #2825919 [export] Trigger export with database name +- bug #2823996 [data] Cannot edit row with no PK and a BIT field +- bug [export] Exporting results of a query which contains a LIMIT clause + inside a subquery +- bug #2837722 [export] Run complex SQL then export does not work +- bug #2839548 [export] Triggers order on export +- bug #2826986 [display] Order by BLOB and range display +- bug [display] After clicking on Show Function or Function, the UPDATE query + is not shown after execution +- bug [structure] Missing validation for BINARY and VARBINARY + + +* Sun Aug 16 2009 javier@opensuse.org +- bug #2799009 Login with ipv6 IP address breaks redirect +- bug #2796066 [priv] Inconsistent display of databases list +- bug #2802870 [display] Incorrect overhead value for InnoDB +- bug [display] Incorrect display in replication status +- bug #1601625 [display] The Ignore checkbox is not unchecked for ENUM +- bug #2809930 [setup] Notice: Undefined variable: k in setup/index.php +- bug [features] Incorrect report of missing relational features +- [security] XSS: Insufficient output sanitizing (not exploitable without a vali +d token) + thanks to Sven Vetsch/Disenchant for informing us in a responsible manner +- bug #2634827 [import] Using DELIMITER produces infinite cycle ++ new language files: uzbek_cyrillic and urbek_latin +- bug #2814109 [search] Right frame is blank +- bug #2816840 [priv] Cannot change a user's details +- bug #2816165 [display] Executed query not always displayed +- bug #2819944 [setup] Incorrect mention of designer_coords +- bug #2821757 [insert] "Insert another new row" no longer worked ++ [lang] Norwegian update +- bug [core] PMA_pow() can support negative exponents in the pow() case ++ [lang] Brazilian Portuguese update +- patch #2822384 [docs] Missing auth_type in docs-example +- patch #2819728 [display] Slider effect jumping to top of page +- bug [display] Incorrect computation of overhead stats in server view + for tables under the InnoDB engine ++ [lang] Swedish update +* Fri Jul 24 2009 javier@opensuse.org +- First security release for phpMyAdmin 3.2.0 +* Sun Jun 28 2009 javier@opensuse.org +- update to 3.2.0 +* Sun May 04 2008 crrodriguez@suse.de +- phpMyAdmin package misses files (favicon.ico, scripts/*) [BNC #381747] +- phpMyAdmin setup.php missing [BNC #335306] +- update to version 2.11.6, bug fix only release +- bug #1903724 [interface] Displaying of very large queries + in error message +- bug #1905711 [compatibility] Functions deprecated in PHP 5.3: + is_a() and get_magic_quotes_gpc() +- bug [lang] catalan wrong accented characters +- bug #1893034 [Export] SET NAMES for importing with command-line + client + + [lang] Russian update +- bug #1910485 [core] Unsetting the whitelist during the loop +- bug #1906980 [Export] Import of VIEWs fails if temp table exists +- bug #1812763 [Copy] Table copy when server is in ANSI_QUOTES + sql_mode +- bug #1918531 [compatibility] Navigation isn't w3.org valid +- bug #1926357 [data] BIT defaults displayed incorrectly +- patch #1930057 [auth] colon in password prevents HTTP login + on CGI/IIS +- patch #1929553 [lang] Don't output BOM character in Swedish + language file +- patch #1895796 [lang] Typo in Japanese lang files +- bug #1935652 [auth] Access denied (show warning about mcrypt + on login page) +- bug #1906983 [export] Reimport of FUNCTION fails +- bug #1919808 [operations] Renaming a database fails to handle + functions +- bug #1934401 [core] Cannot force a language +- bug #1944077 [core] Config file containing a BOM +- bug #1947189 [scripts] Missing head tag in scripts/signon.php +- [lang] Romanian update +* Mon Apr 07 2008 crrodriguez@suse.de +- pmd folder is missing in phpmyadmin 2.11.5.1 [bnc #376616] +* Sat Mar 29 2008 crrodriguez@suse.de +- update to version 2.11.5.1 + * bug #1909711 [security] Sensitive data in session files +* Mon Mar 10 2008 crrodriguez@suse.de +- phpMyAdmin tries to access non-existing print.css [#307966] +* Sat Mar 01 2008 crrodriguez@suse.de +- version 2.11.5 +- bug #1862661 [GUI] Warn about rename deleting database +- bug #1866041 [interface] Incorrect sorting with AS +- bug #1871038 [import] Notice: undefined variable first_sql_delimiter +- bug #1873110 [export] Problem exporting with a LIMIT clause +- bug #1871164 [GUI] Empty and navigation frame synch. +- patch #1873188 [GUI] Making db pager work when js is disabled, + thanks to Jürgen Wind - windkiel +- bug #1875010 [auth] MySQL server and client version mismatch + (mysql ext.) +- patch #1879031 [transform] dateformat transformation + and UNIX timestamps, thanks to Tim Steiner - spam38 +- bug [import] Do not verify a missing enclosing character for CSV, + because files generated by Excel don't have any enclosing character +- bug #1799691 [export] "Propose table structure" and Export +- bug #1884911 [GUI] Space usage +- bug #1863326 [GUI] Wrong error message / no edit (Suhosin) +- bug #1887204 [GUI] Order columns in result list messing up query +- patch #1893538 [GUI] Display issues on Opera 9.50, + thanks to Jürgen Wind - windkiel +- bug [GUI] Do not display the database name used by the + previous user, thanks to Ronny Görner +- bug [security] Remove cookies from Array for better coexistence with + other applications, thanks to Richard Cunningham. See PMASA-2008-1. +* Sun Jan 13 2008 crrodriguez@suse.de +- do not BuildRequire apache2-devel libapr-util1-devel pcre-devel +- PreReq coreutils sed and grep +- update to version 2.11.4 +- bug #1843428 [GUI] Space issue with DROP/DELETE/ALTER TABLE +- bug #1807816 [search] regular expression search doesn't work with + backslashes +- bug #1843463 [GUI] DROP PROCEDURE does not show alert +- bug #1835904 [GUI] Back link after a SQL error forgets the query +- bug #1835654 [core] wrong escaping when using double quotes +- bug #1817612 [cookies] Wrong cookie path on IIS with PHP-CGI, + thanks to Carsten Wiedmann +- bug #1848889 [export] export trigger should use + DROP TRIGGER IF EXISTS +- bug #1851833 [display] Sorting forgets an explicit LIMIT + (fix for sorting on column headers) +- bug #1764182 [cookies] Suhosin cookie encryption breaks phpMyAdmin +- bug #1798786 [import] Wrong error when a string contains semicolon +- bug #1813508 [login] Missing parameter: field after re-login +- bug #1710144 [parser] Space after COUNT breaks Export but not Query +- bug #1783620 [parser] Subquery results without "as" are ignored +- bug #1821264 [display] MaxTableList and INFORMATION_SCHEMA +- bug #1859460 [display] Operations and many databases +- bug #1814679 [display] Database selection pagination when + switching servers +- patch #1861717 [export] CSV Escape character not exported right, + thanks to nicolasdigraf +- bug #1864468 [display] Theme does not switch to darkblue_orange +- bug #1847409 [security] Path disclosure on + darkblue_orange/layout.inc.php, + thanks to Jürgen Wind - windkiel +* Wed Aug 22 2007 crrodriguez@suse.de +- 2.11.0-rc1 -> 2.11.0 final +- mod_php_any is enough to get a webserver do not explicitly require apache2 +- update phpmyadmin.conf adding the session save path to open_basedir as well + ensuring some additional and possible conflicting php settings are set the way we want +* Mon Aug 06 2007 anosek@suse.cz +- updated to version 2.11.0-rc1 +* Mon Jul 30 2007 anosek@suse.cz +- updated to version 2.11.0-beta1 + + [import] support handling of DELIMITER to mimic mysql CLI, thanks to fb1 + + improved PHP 6 compatibility + - bug #1674914 [structure] changing definition of a TIMESTAMP field + - bug #1615530 [upload] added more specific error message if field upload fails + - bug #1627210, #1083301, #1482401 [data] warning on duplicate indexes + - bug #1668724 JavaScript focus login Opera + - bug #1666657 [auth] Cookie password delete on timeout / inactivity + - bug #1648802 different mysql library and server version + - bug #1662976 [auth] Authentication fails when controluser/pass is set + - bug #1643758 [import] Error #1264 importing NULL values in MySQL 5.0 + - bug #1523747 [innodb] make warning about row count more visible + - bug #1676012 [auth] strip non-US-ASCII characters (RFC2616) + - bug #1679440 Added FAQ entry about header errors under IIS caused by + an end-of-line character + - [gui] avoid displaying a wide selector in server selection + - bug #1614004 [relation] foreign key spanning multiple columns are + incorrectly displayed + - bug #1681598 [interface] Edit next row + - bug #1688053 [export] Wrong export of binary character fields + - bug #1498281 [parser] Wrong primary key used for displaying results + with subquery + - bug #1699772 Visual space bug in table name (in browser) + - bug #1699532 Cause of data manipulation issues: implemented changes + as suggested by crisp_; still have to work on updating an ENUM value + + [doc] changed all documentation in config.inc.php to phpDocumentor style + + [data] support for CREATE VIEW from query results + + [gui] dropped css/ folder and moved into root of PMA + + [l10n] new: Sinhala, Macedonian + + [export] YAML export (see yaml.org), thanks to Bryce Thornton + + [server] improved display of binary logs + + [data] better error handling in tbl_create.php + + [routines] from Patch #1649881, thanks to Mike Beck + + [querywindow] store sql history in session + + [querywindow] sql history now without db too + + [querywindow] tweaks in sql history view + + [export] Native Excel (Spreadsheet_Excel_Writer) improvements, + thanks to Christian Schmidt + + [doc] requirement of mcrypt on 64-bit, thanks to Isaac Bennetch + + RFE #1435922 [gui] navigation frame shows listing of databases when none selected + + [data] support BIT datatype (under mysqli), thanks to Christian Schmidt + + [display] automatic confirmation for sort by key, thanks to Juergen Wind + + [data] can now choose the number of insert rows + + RFE #1704779 [gui] link documentation from login page + + [structure] TRIGGERS: display/edit/drop/SQL export + + [browse] store browse state in session per query + + [gui] Insert/Edit: no longer display the Go button each 15 lines + but just at the end of a row + + [gui] Query window: use verbose server name if any + + [auth] patch #1712514 specify host for single signon, thanks to Thierry + + [gui] Navigator for the db list in the navigation panel + + [gui] Navigator for the table list in the content panel + - bug #1727138 HTML not encoded (more than 1000 characters) + + [display] Support for MySQL 5.0.37 profiling + + RFE #1743983 [gui] Replace $max_characters by a configurable param: + $cfg['MaxCharactersInDisplayedSQL'] + - bug #1746186 LeftLogoLink fails if set to some external site + . [transformations]: remove "auto-detect" MIME-type that was never implemented + + [display] patch #1749705, Allow multibyte characters in number formatting, + thanks to garas + - bug #1747215 Export emits blanks at line ends + - bug #1751172 Do not export data when exporting a single VIEW + + [privileges] Support password hashing on the Edit Privileges interface + - bug #1755339 Warn about rename dataase actually being copy/delete + - bug #1746921 Left frame shrinks on db change, thanks to Juergen Wind + + [gui] Export: Select All/Unselect All over the choices, + thanks to Florian Schmitz +* Wed Jul 25 2007 anosek@suse.cz +- updated to version 2.10.3 + - bug #1734285 Copy database with VIEWs + - bug #1722502 DROP TABLE in export VIEW + - bug #1729027 Sorting results of VIEW browsing + - bug #1733012 Unwanted table alias in delete button + - bug #1736405 Pretty printer and HTML line breaks + - bug #1745257 Invalid DB name is still displayed + - bug #1730367 Calendar "Go" has no effect + - bug #1748633 Incorrect parameter validation for VIEWs + + [lang] Russian revision, thanks to Victor Volkov and the users + of php-myadmin.ru + - Do not try to delete an internal relation if we just deleted + an InnoDB one +* Tue Jun 19 2007 anosek@suse.cz +- updated to version 2.10.2 + + [data] display all warnings, not only last one + - typo in fix for bug #1671813 + - bug #1714908 Inserted Row Count is wrong + - bug #1712570 Deleting last record freezes + - bug #1717339 Missing header when deleting a checked column, + thanks to Michael Keck + - bug #1717477 Warning on Query page when db is empty + - bug #1721002 db rename -> undefined cfgRelation, + thanks to Jürgen Wind + - bug #1721571 CREATE database privilege not always detected, + thanks to Gordon McNaughton + - bug #1715709 export in SQL format always includes procedures + and functions + - bug #1722502 DROP TABLE in export view structure + - bug #1718787 Multi-server setup breaks Designer + - bug #1724401 Column truncation in repair table output + - patch #1726500 Wrong position of , thanks to Jürgen Wind + - bug #1728590 Detected failing session_start fails, + thanks to Jürgen Wind + - RFE #1714760 Obey ShowCreateDb on the Databases tab + - patch #1733762 Typo in message "INSERT DELAY", + thanks to Victor Volkov + - patch #1730171 Dead message strLanguageFileNotFound, + thanks to Victor Volkov + - patch #1731280 Avoid negative exponent in gmp_pow(), + thanks to anosek +* Tue Jun 12 2007 anosek@suse.cz +- updated to version 2.10.2-rc1 + + [data] display all warnings, not only last one + - typo in fix for bug #1671813 + - bug #1714908 Inserted Row Count is wrong + - bug #1712570 Deleting last record freezes + - bug #1717339 Missing header when deleting a checked column, + thanks to Michael Keck + - bug #1717477 Warning on Query page when db is empty + - bug #1721002 db rename -> undefined cfgRelation, thanks to Jürgen Wind + - bug #1721571 CREATE database privilege not always detected, + thanks to Gordon McNaughton + - bug #1715709 export in SQL format always includes procedures and functions + - bug #1722502 DROP TABLE in export view structure + - bug #1718787 Multi-server setup breaks Designer + - bug #1724401 Column truncation in repair table output + - patch #1726500 Wrong position of , thanks to Jürgen Wind + - bug #1728590 Detected failing session_start fails, thanks to Jürgen Wind + - RFE #1714760 Obey ShowCreateDb on the Databases tab +* Tue Jun 05 2007 anosek@suse.cz +- fixed warning: gmp_pow(): Negative exponent not supported in + common.lib.php [#271746] (gmp_pow.patch) +* Tue Apr 24 2007 anosek@suse.cz +- updated to version 2.10.1 + * bugfix release +* Tue Mar 06 2007 anosek@suse.cz +- updated to version 2.10.0.2 + * default value for $cfg['Servers'][$i]['ssl'] changed to false + * fixes PHP Executor Deep Recursion Stack Overflow [#251757] +* Wed Feb 28 2007 anosek@suse.cz +- updated to version 2.10.0 + * Designer: new graphical relation manager + * Improved speed on servers with thousands of databases/tables + * Vertical field editor (optional) + * Option to avoid counting rows for views + * Calendar on search page + * DOS-style end-of-lines in setup-generated files +* Wed Jan 17 2007 anosek@suse.cz +- updated to version 2.9.2 + * improved support for web clusters + * deleting a user under MySQL 4.1.x + * DELIMITER in export no longer commented out + * export of query results and procedure definitions + * detection of a binary column + * problem on 64-bit systems + * granting all privileges on a wildcard name + * verification on encrypted zip files + * security fixes +* Sat Dec 02 2006 mmarek@suse.cz +- fix previous update which wrongly moved the config.inc.php + file to the libraries subdirectory [#223721] +* Thu Nov 23 2006 anosek@suse.cz +- security update to version 2.9.1.1 [#222594] [#222622] +* Wed Nov 08 2006 anosek@suse.cz +- added suggestions from [#216213] + * phpMyAdmin now uses mysqli extension not mysql (mysqli.patch) + * added Required: php5-mbstring + * phpMyAdmin now uses open_basedir for increased security +* Tue Oct 17 2006 postadal@suse.cz +- updated to 2.9.0.2 + * Improved readability of setup panels + * PDF schema: automatic layout for InnoDB + * Font size selector on main page + * Export: support for procedures and functions + * Can hide "Create Database" dialog + * Customizable link under left logo + * Export: "Open Document Text", "Open Document spreadsheet" formats + * Export: new plugin architecture + * User management: can create a db with the same name as created user + * Use IEC binary units (KiB, MiB, ...) + * Import: SQL compatibility selector + * Possibility of using external authentication and use an empty MySQL password + * Display MySQL warnings + * Links to language-specific MySQL doc whenever possible + * Security fixes +* Thu Sep 21 2006 anosek@suse.cz +- updated to 2.9.0 + * Improved readability of setup panels + * PDF schema: automatic layout for InnoDB + * Font size selector on main page + * Export: support for procedures and functions + * Can hide "Create Database" dialog + * Customizable link under left logo + * Export: "Open Document Text", "Open Document spreadsheet" + formats + * Export: new plugin architecture + * User management: can create a db with the same name as created + user + * Use IEC binary units (KiB, MiB, ...) + * Import: SQL compatibility selector + * Possibility of using external authentication and use an empty + MySQL password + * Display MySQL warnings + * Links to language-specific MySQL doc whenever possible +* Wed Aug 23 2006 anosek@suse.cz +- updated to 2.8.2.4 + * fixed cookie login on IIS with IE6 + * fixed switching from scripts/setup.php to the main script + in case of register_globals enabled +* Tue Aug 15 2006 anosek@suse.cz +- update to 2.8.2.2 + * fixed config not loaded on install (MySQL error code 2002 + or 2003) +* Thu Aug 03 2006 mskibbe@suse.de +- update to 2.8.2.1 + * XSS vulnerability from requests not containing a token + * reenabled XML option in Export + * added a user with password containing a backslash + * setup script: compatibility with security tokens + * setup script: detection of writable config + * reading the database list with MySQL wildcards +* Thu Jun 01 2006 postadal@suse.cz +- updated to 2.8.1 (bugfix-only release) [#177091] + * fixes some XSS vulnerabilities +- removed obsoleted patches (2006-1804.patch, 2006-2031.patch) +* Tue May 02 2006 mmarek@suse.cz +- fixed XSS in error messages + [#170529] (CVE-2006-2031.patch) +* Thu Apr 20 2006 mmarek@suse.cz +- fixed XSS in sql.php (and other scripts): add a secret token to + each link and form to prevent linking to sql.php from outside + [#165772] (CVE-2006-1804) +* Thu Apr 13 2006 mmarek@suse.cz +- updated to 2.8.0.3 + * fixes some XSS vulnerabilities + * improves php-5.1.2 compatibility + [#165772] +- moved $cfg['blowfish_secret'] to separate file, so that config.inc.php + isn't edited during install + (blowfish_secret.patch) +* Wed Jan 25 2006 mls@suse.de +- converted neededforbuild to BuildRequires +* Tue Jan 17 2006 postadal@suse.cz +- added php-session to Requires [#137368] +* Thu Jan 05 2006 postadal@suse.cz +- update to version 2.7.0-pl2 (security fixes) + [#136015, 137368, 137797] +- removed all patches +* Tue Nov 22 2005 postadal@suse.cz +- fixed XSS on HTTP_HOST (HTTP_HOST.patch) [#133818] +* Mon Nov 21 2005 postadal@suse.cz +- update to version 2.6.4-pl4 + * fixes PMASA-2005-6 [#133818] (PMASA-2005-6.patch) +- removed obsoleted patches: CVE-2005-2869.patch, PMASA-2005-4_and_5.patch, + lang-utf8-fix.patch +* Mon Nov 14 2005 postadal@suse.cz +- fixed CVE-2005-2869 (XSS on the cookie-based login panel) + [#130226] (CVE-2005-2869.patch) +* Tue Nov 01 2005 postadal@suse.cz +- fixed PMASA-2005-4 and PMASA-2005-5 [#130226] (PMASA-2005-4_and_5.patch) +* Tue Aug 23 2005 postadal@suse.cz +- disabled auto-switch the lang to its UTF-8 version when Lang is set + [#104600] +* Thu Jul 28 2005 postadal@suse.cz +- update to 2.6.3-pl1 +* Mon Jun 06 2005 cthiel@suse.de +- update to 2.6.2-pl1 +* Tue Mar 08 2005 mcihar@suse.cz +- generate shorter key to make it work with mcrypt, see + https://sourceforge.net/tracker/index.php?func=detail&aid=1115327&group_id=23067&atid=377408 +* Fri Mar 04 2005 mcihar@suse.cz +- update to pl3, it includes previous fix and fixes editing fields with special names (bug #70864) +* Thu Mar 03 2005 mcihar@suse.cz +- fix bad setting of privileges (bug #67276) +* Tue Mar 01 2005 mcihar@suse.cz +- depend on mod_php_any +* Thu Feb 24 2005 mcihar@suse.cz +- update to 2.6.1-p2 to fix several vulnerabilities (bug #66264) +* Wed Feb 09 2005 mcihar@suse.cz +- depend on unversioned php modules, to allow both php4 and php5 installation +* Mon Jan 24 2005 mcihar@suse.cz +- update to 2.6.1 +- require php4-mcrypt for faster cookie encryption +* Wed Oct 13 2004 mcihar@suse.cz +- update to 2.6.0-pl2 (bug #47160) +- require php4-iconv as it seems to be on all arches now (bug #36642) +* Tue Oct 05 2004 mcihar@suse.cz +- drop php4-recode dependency (bug #46817) +* Mon Sep 06 2004 mcihar@suse.cz +- update to 2.6.0-rc2 +* Fri Sep 03 2004 mcihar@suse.cz +- update to 2.6.0-rc1 +- use pwgen for secret generating +- don't ship scripts, as they're not needed for most users +* Tue Apr 27 2004 ro@suse.de +- build using apache2 +* Wed Mar 31 2004 mcihar@suse.cz +- require php4-recode for charset conversion (better solution for bugs + [#36642] and #36560) +* Mon Mar 22 2004 mcihar@suse.cz +- dropped php-4iconv dependency at all (bug #36642) +* Fri Mar 19 2004 mcihar@suse.cz +- do not require php4-iconv on achitectures where it isn't built (bug #36560) +* Mon Mar 08 2004 mcihar@suse.cz +- require all needed php modules +* Mon Mar 01 2004 mcihar@suse.cz +- update to 2.5.6 +* Mon Jan 05 2004 mcihar@suse.cz +- updated to 2.5.5-pl1 +* Mon Oct 20 2003 mcihar@suse.cz +- updated to 2.5.4 +* Thu Oct 16 2003 mcihar@suse.cz +- do not build as root +- little spec file cleanup +* Tue Sep 09 2003 mcihar@suse.cz +- automatically generate blowfish_secret on rpm installation +- mark config file as %%config(noreplace) (this in conjuction with + previous means that it will be never replaced on upgrade, this is + okay as phpMyAdmin supports loading of old config files) +* Mon Sep 08 2003 mcihar@suse.cz +- updated to 2.5.3: + - many bugs fixed + - messages about missing variables were displayed wrongly + - more export bugs + - confirmation of some dangerous SQL (TRUNCATE,DROP DATABASE) + - new nice icons for actions +* Thu Sep 04 2003 mcihar@suse.cz +- include documentation stylesheet +* Fri Aug 29 2003 mcihar@suse.cz +- depend on mod_php rather that http_daemon as this needs php +* Thu Aug 28 2003 mcihar@suse.cz +- include stylesheets +* Thu Aug 07 2003 mcihar@suse.cz +- updated to 2.5.2-pl1 +* Mon Mar 24 2003 postadal@suse.cz +- removed mysql from Requires, becouse can access to MySQL remotely [#25797] +* Mon Feb 24 2003 postadal@suse.cz +- updated to verison 2.4.0 + * new server/user management interface with sub-pages + * export to LaTeX format + * display UPDATE SQL statement after a row edit + * (experimental) support for compressed connections to the MySQL server + * upload of binary file into a field + * show blob size + * a lot of fixes +* Wed Jan 29 2003 postadal@suse.cz +- updated to version 2.3.3pl1 + * upload of compressed dumps + * inform the user who does not have privileges to create a db + * new internal analyzer for db, table, column and alias + * a lot of fixes +* Mon Aug 12 2002 postadal@suse.cz +- update to release 2.3.0 +* Fri Aug 02 2002 ro@suse.de +- adapt server-root +* Thu Aug 01 2002 postadal@suse.cz +- fixed required perl path +* Wed Jul 31 2002 postadal@suse.cz +- fixed filelist +* Wed Jul 31 2002 postadal@suse.cz +- update to version 2.3.0-rc4 + * can specify a different charset for MySQL and HTML + * utf-8 charset support + * full database search + * XML export + * faster table delete under MySQL 4 + * new language: slovenian + * fixes +* Mon Jul 01 2002 ro@suse.de +- fixed directory permissions +* Thu Jan 10 2002 rvasice@suse.cz +- update to version 2.2.3 +* Tue Sep 04 2001 rvasice@suse.cz +- update to version 2.2.0 final + - dynamic multiple language support, with automatic detection + - database usage statistics + - table maintenance features (repair, check, optimize) +- made package noarch +* Thu Aug 02 2001 rvasice@suse.cz +- update to version 2.2.0rc3 +* Mon Jun 18 2001 rvasice@suse.cz +- initial package release (version 2.1.0) + diff --git a/phpMyAdmin.http b/phpMyAdmin.http new file mode 100644 index 0000000..862709b --- /dev/null +++ b/phpMyAdmin.http @@ -0,0 +1,18 @@ + + Options FollowSymLinks + AllowOverride None + + php_admin_flag register_globals off + php_admin_flag magic_quotes_gpc off + php_admin_flag allow_url_include off + php_admin_flag allow_url_fopen off + php_admin_flag zend.ze1_compatibility_mode off + php_admin_flag safe_mode Off + php_admin_value open_basedir "@ap_docroot@/@name@:/var/lib/php5:/tmp:@docdir@/@name@:/etc/@name@" + + + + Order allow,deny + Deny from all + + diff --git a/phpMyAdmin.spec b/phpMyAdmin.spec new file mode 100644 index 0000000..d3997fd --- /dev/null +++ b/phpMyAdmin.spec @@ -0,0 +1,157 @@ +# +# spec file for package phpMyAdmin (Version 3.3.9.2) +# +# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + +# norootforbuild + +Name: phpMyAdmin + +%define apxs %{_sbindir}/apxs2 +%define ap_sysconfdir %(%{apxs} -q SYSCONFDIR) +%define ap_serverroot %(%{apxs} -q PREFIX) +%define ap_docroot %(%{apxs} -q PREFIX)/htdocs +%define pma_config %{_sysconfdir}/%{name}/config.inc.php +%if 0%{?suse_version} +%define ap_usr wwwrun +%define ap_grp www +%else +%define ap_usr nobody +%define ap_grp nogroup +%endif + +Summary: Administration of MySQL over the web +Version: 3.3.9.2 +Release: 1 +License: GPL v2 or later +Group: Productivity/Networking/Web/Frontends +Url: http://www.phpMyAdmin.net +Source0: %{name}-%{version}-all-languages.tar.bz2 +Source1: %{name}.http +Patch0: %{name}-3.3.8-config.patch +#Patch1: %{name}-2.11.0rc1-blowfish_secret.patch +#Patch2: %{name}-3.1.0-mysqli.patch +BuildArch: noarch +BuildRoot: %{_tmppath}/%{name}-%{version}-build +PreReq: pwgen coreutils sed grep +BuildRequires: apache2-devel +%if 0%{?suse_version} > 1020 +BuildRequires: fdupes +%endif +# +Requires: mod_php_any php-bz2 php-gd php-iconv +Requires: php-mbstring php-mcrypt php-mysql php-session php-zlib +Recommends: php5-zip + +%description +phpMyAdmin can manage a whole MySQL server (needs a super-user) as well as a +single database. To accomplish the latter you'll need a properly set up MySQL +user who can read/write only the desired database. It's up to you to look up +the appropriate part in the MySQL manual. + +Currently phpMyAdmin can: + + * browse and drop databases, tables, views, fields and indexes + * create, copy, drop, rename and alter databases, tables, fields and indexes + * maintenance server, databases and tables, with proposals on server + configuration + * execute, edit and bookmark any SQL-statement, even batch-queries + * load text files into tables + * create^1 and read dumps of tables + * export^1 data to various formats: CSV, XML, PDF, ISO/IEC 26300 - + OpenDocument Text and Spreadsheet, Word, Excel and L^AT[E]X formats + * import data and MySQL structures from Microsoft Excel and OpenDocument + spreadsheets, as well as XML, CSV, and SQL files + * administer multiple servers + * manage MySQL users and privileges + * check referential integrity in MyISAM tables + * using Query-by-example (QBE), create complex queries automatically + connecting required tables + * create PDF graphics of your Database layout + * search globally in a database or a subset of it + * transform stored data into any format using a set of predefined functions, + like displaying BLOB-data as image or download-link + * track changes on databases, tables and views + * support InnoDB tables and foreign keys (see FAQ 3.6) + * support mysqli, the improved MySQL extension (see FAQ 1.17) + * communicate in 57 different languages + * synchronize two databases residing on the same as well as remote servers + (see FAQ 9.1) + +%prep +%setup -q -n %{name}-%{version}-all-languages +%patch0 -p1 + +find . -type d -exec chmod 755 {} \; +find . -type f -exec chmod 644 {} \; +find . -type f -name '*.orig' -exec rm {} \; +rm lang/*.sh +%{__rm} libraries/.htaccess + +%build + +%install +#%{__install} -d -m0750 $RPM_BUILD_ROOT%{_sysconfdir}/%{name} +%{__install} -d -m0755 $RPM_BUILD_ROOT%{ap_docroot}/%{name} +%{__cp} -dR *.css *.php *.html *.ico js lang libraries pmd themes \ + $RPM_BUILD_ROOT%{ap_docroot}/%{name} +# install config to config dir +%{__install} -D -m0640 $RPM_BUILD_ROOT%{ap_docroot}/%{name}/config.sample.inc.php \ + $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/config.inc.php + +# fix libraries/vendor_config.php +%{__sed} -i -e "s,@docdir@,%{_docdir}/%{name},g" -e "s,@sysconfdir@,%{_sysconfdir}/%{name},g" \ + $RPM_BUILD_ROOT%{ap_docroot}/%{name}/libraries/vendor_config.php +# fix libraries/common.inc.php +%{__sed} -i -e "s,@PMA_Config@,%{_sysconfdir}/%{name}/config.inc.php,g" \ + $RPM_BUILD_ROOT%{ap_docroot}/%{name}/libraries/common.inc.php + +# generate file list +find $RPM_BUILD_ROOT%{ap_docroot}/%{name} -mindepth 1 -maxdepth 1 -type d | sed -e "s@$RPM_BUILD_ROOT@@" > FILELIST +find $RPM_BUILD_ROOT%{ap_docroot}/%{name} -maxdepth 1 -type f | grep -v 'config.inc.php' | sed -e "s@$RPM_BUILD_ROOT@@" >> FILELIST +%{__install} -D -m0644 %{S:1} $RPM_BUILD_ROOT%{ap_sysconfdir}/conf.d/%{name}.conf +# fix paths in http config +%{__sed} -i -e "s,@ap_docroot@,%{ap_docroot},g" -e "s,@name@,%{name},g" \ + -e "s,@docdir@,%{_docdir},g" $RPM_BUILD_ROOT%{ap_sysconfdir}/conf.d/%{name}.conf + +# rpmlint stuff +%if 0%{?suse_version} > 1020 +%fdupes -s ${RPM_BUILD_ROOT} +%endif + +%post +# on `rpm -ivh` PARAM is 1 +# on `rpm -Uvh` PARAM is 2 +# set PmaAbsoluteUri ### generate blowfish secret +%{__sed} -i -e "s,@FQDN@,$(cat /etc/HOSTNAME)," \ + -e "s/\\\$cfg\['blowfish_secret'\] = ''/\$cfg['blowfish_secret'] = '`pwgen -s -1 46`'/" %{pma_config} + +%postun +%restart_on_update apache2 + +%clean +%{__rm} -rf $RPM_BUILD_ROOT + +%files -f FILELIST +%defattr(644,root,root,755) +%doc CREDITS ChangeLog Documentation.* docs.css +%doc LICENSE README RELEASE-DATE* TODO translators.html +%doc scripts/*.sql +%dir %attr(0750,root,%{ap_grp}) %{_sysconfdir}/%{name} +%config(noreplace) %{_sysconfdir}/%{name}/config.inc.php +%dir %{ap_docroot}/%{name} +%config(noreplace) %{ap_sysconfdir}/conf.d/%{name}.conf + +%changelog