Accepting request 1063733 from home:ecsos:server

- Update to 5.2.1
  This is a security and bufix release.
  * Security
    - Fix (PMASA-2023-01, CWE-661) 
      Fix an XSS attack through the drag-and-drop upload feature.
  * Bugfix
    - issue #17522 Fix case where the routes cache file is invalid
    - issue #17506 Fix error when configuring 2FA without XMLWriter or Imagick
    - issue        Fix blank page when some error occurs
    - issue #17519 Fix Export pages not working in certain conditions
    - issue #17496 Fix error in table operation page when partitions are broken
    - issue #17386 Fix system memory and system swap values on Windows
    - issue #17517 Fix Database Server panel not getting hidden by ShowServerInfo configuration directive
    - issue #17271 Fix database names not showing on Processes tab
    - issue #17424 Fix export limit size calculation
    - issue #17366 Fix refresh rate popup on Monitor page
    - issue #17577 Fix monitor charts size on RTL languages
    - issue #17121 Fix password_hash function incorrectly adding single quotes to password before hashing
    - issue #17586 Fix statistics not showing for empty databases
    - issue #17592 Clicking on the New index link on the sidebar does not throw an error anymore
    - issue #17584 It's now possible to browse a database that includes two % in its name
    - issue        Fix PHP 8.2 deprecated string interpolation syntax
    - issue        Some languages are now correctly detected from the HTTP header
    - issue #17617 Sorting is correctly remembered when $cfg['RememberSorting'] is true
    - issue #17593 Table filtering now works when action buttons are on the right side of the row
    - issue #17388 Find and Replace using regex now makes a valid query if no matching result set found
    - issue #17551 Enum/Set editor will not fail to open when creating a new column
    - issue #17659 Fix error when a database group is named tables, views, functions, procedures or events
    - issue #17673 Allow empty values to be inserted into columns
    - issue #17620 Fix error handling at phpMyAdmin startup for the JS SQL console
    - issue        Fixed debug queries console broken UI for query time and group count
    - issue        Fixed escaping of SQL query and errors for the debug console
    - issue        Fix console toolbar UI when the bookmark feature is disabled and sql debug is enabled
    - issue #17543 Fix JS error on saving a new designer page
    - issue #17546 Fix JS error after using save as and open page operation on the designer
    - issue        Fix PHP warning on GIS visualization when there is only one GIS column
    - issue #17728 Some select HTML tags will now have the correct UI style
    - issue #17734 PHP deprecations will only be shown when in a development environment
    - issue #17369 Fix server error when blowfish_secret is not exactly 32 bytes long
    - issue #17736 Add utf8mb3 as an alias of utf8 on the charset description page
    - issue #16418 Fix FAQ 1.44 about manually removing vendor folders
    - issue #12359 Setup page now sends the Content-Security-Policy headers
    - issue #17747 The Column Visibility Toggle will not be hidden by other elements
    - issue #17756 Edit/Copy/Delete row now works when using GROUP BY
    - issue #17248 Support the UUID data type for MariaDB >= 10.7
    - issue #17656 Fix replace/change/set table prefix is not working
    - issue        Fix monitor page filter queries only filtering the first row
    - issue        Fix "Link not found!" on foreign columns for tables having no char column to show
    - issue #17390 Fix "Create view" modal doesn't show on results and empty results
    - issue #17772 Fix wrong styles for add button from central columns
    - issue #17389 Fix HTML disappears when exporting settings to browser's storage
    - issue #17166 Fix "Warning: #1287 'X' is deprecated [...] Please use ST_X instead." on search page
    - issue        Use jquery-migrate.min.js (14KB) instead of jquery-migrate.min.js (31KB)
    - issue #17842 Use jquery.validate.min.js (24 KB) instead of jquery.validate.js (50 KB)
    - issue #17281 Fix links to databases for information_schema.SCHEMATA
    - issue #17553 Fix Metro theme unreadable links above navigation tree
    - issue #17553 Metro theme UI fixes and improvements
    - issue #17553 Fix Metro theme login form with
    - issue #16042 Exported gzip file of database has first ~73 kB uncompressed and rest is gzip compressed in Firefox
    - issue #17705 Fix inline SQL query edit FK checkbox preventing submit buttons from working
    - issue #17777 Fix Uncaught TypeError: Cannot read properties of null (reading 'inline') on datepickers when re-opened
    - issue        Fix Original theme buttons style and login form width
    - issue #17892 Fix closing index edit modal and reopening causes it to fire twice
    - issue #17606 Fix preview SQL modal not working inside "Add Index" modal
    - issue        Fix PHP error on adding new column on create table form
    - issue #17482 Default to "Full texts" when running explain statements
    - issue        Fixed Chrome scrolling performance issue on a textarea of an "export as text" page
    - issue #17703 Fix datepicker appears on all fields, not just date
    - issue        Fix space in the tree line when a DB is expanded
    - issue #17340 Fix "New Table" page -> "VIRTUAL" attribute is lost when adding a new column
    - issue #17446 Fix missing option for STORED virtual column on MySQL and PERSISTENT is not supported on MySQL
    - issue #17446 Lower the check for virtual columns to MySQL>=5.7.6 nothing is supported on 5.7.5
    - issue        Fix column names option for CSV Export
    - issue #17177 Fix preview SQL when reordering columns doesn't work on move columns
    - issue #15887 Fixed DROP TABLE errors ignored on multi table select for DROP
    - issue #17944 Fix unable to create a view from tree view button
    - issue #17927 Fix key navigation between select inputs (drop an old Firefox workaround)
    - issue #17967 Fix missing icon for collapse all button
    - issue #18006 Fixed UUID columns can't be moved
    - issue        Add `spellcheck="false"` to all password fields and some text fields to avoid spell-jacking data leaks
    - issue        Remove non working "Analyze Explain at MariaDB.org" button (MariaDB stopped this service)
    - issue #17229 Add support for Web Authentication API because Chrome removed support for the U2F API
    - issue #18019 Fix "Call to a member function fetchAssoc() on bool" with SQL mode ONLY_FULL_GROUP_BY on monitor search logs
    - issue        Add back UUID and UUID_SHORT to functions on MySQL and all MariaDB versions
    - issue #17398 Fix clicking on JSON columns triggers update query
    - issue        Fix silent JSON parse error on upload progress
    - issue #17833 Fix "Add Parameter" button not working for Add Routine Screen
    - issue #17365 Fixed "Uncaught Error: regexp too big" on server status variables page
- Rebase phpMyAdmin-config.patch.

OBS-URL: https://build.opensuse.org/request/show/1063733
OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=377

phpMyAdmin-5.2.0-all-languages.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:66da31ca295f06182ac3f2e6e96057dc824c459baedf4b29de6ed0d3be039230
-size 7078212

phpMyAdmin-5.2.0-all-languages.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIyBAABCgAdFiEEPQalns5zDrcbURwXznUvF4JZvZIFAmJ7Q3IACgkQznUvF4JZ
-vZJu9g/3d06sEHy3KHJ4DeeMgUYKMm01dfZm3MS5OacdB7Mmw0yF6fvaUDHuFJm9
-EY4A4Na3Z16fmSGjNnc8bJhZVC51a2n2cku3JnPeE3e2IWPLPggQm31PgNtKk1h5
-ct0q7aDQWHbSpappWzvanwSnGR+BRFEdmsvlx5t9XabK2v72+5ak1iyzeTCjJaZI
-SProrj3vrYcR7ha1JoISeWmkyvUWVJo1atSOFMwSocIg7l3qmkaOR6a/bsPLHbAB
-A5gLgGMzi6mTKceg3AEhfMujWlQdxK/U1SHD1bQJMOoM0Qu+DtOBWOPygcekjijC
-1APAoQFBDWIZQFX/0fVJob0EF9L5W3o5DR83UHzw+Lf6uq/THgQiHBb/zwOIXY1k
-yLnYeDc3/AX4At14VyaBHwa31Sd+yyaO065j2IrVrEyIwmapime0gJk53KcqGFOs
-g43ghRj32FhXLplAtg4hMJF/lflH5umYnFcNZdAsUD3FUE8gRGxKLzsKF3qPHxtI
-S4OS8ylYr29413UB2PZv74xFLVieBMDaUsGdxJOTQNaeaRkOjiPxt7qR3LufpC1V
-62LFieMcM7CthUZSus2K8GhKkkY+/bz/jSOs6yNdAjO7xF3gi7Cs/YWvaN5ll3Uo
-gRSpJOE0h4twgyTHDT6CENjVEfM9gvus7/PAo9SwtJTBHCgv5g==
-=+Evr
------END PGP SIGNATURE-----

phpMyAdmin-5.2.1-all-languages.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:373f9599dfbd96d6fe75316d5dad189e68c305f297edf42377db9dd6b41b2557
+size 7461668

phpMyAdmin-5.2.1-all-languages.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEPQalns5zDrcbURwXznUvF4JZvZIFAmPixzwACgkQznUvF4JZ
+vZJykhAAmYcNfeAvZQsZQxsEuihZgsSgUYy/icfTWiUlD8QByMfu+dGDXyFMv9+H
+TOOoX6T/7aeY0ZbemmlthHGB34lr4EAdU4b6lyHZ4yhSqOy+b5rf7moKItXF2MRB
+LDeVitsACiIS09MX54un4WOcHm2AqesT6KzykLrOhwNt3EP0oKZoTIdQObzALKAh
+najxa+TC3iFVPvCGX2VItgJN7i1MTCpwJwo2yHOba9RgNaap+uyOlN30ZZ/u1ne8
++I/QZMyhtq7MQPVDpSAGHHYBmE9W4kihS7g1dzkQlgM585oqUsDmtL8Ba9gqIroV
+rXVq4rReDTsx/6wyveGYci9fMDpVFPpMf7Dtay32PK6vEaKjsDR2+kuDkbJqjYlf
+/8B8GWJfvsLQly1N1MYIC3BVa/oCd81mkay7d67JtbAC7neQccjn2zkHzJ2RS1Ir
+7bImzAd/a5YbZHtLjKRqshWVIrbN/KmO2VwxmM5zjTVlVHZPWCiV9JJx+8PtpQTy
+lHcd9Is1ZJzkdeqQaW2IakhgHj+9RDJ4lUFrSeUcl99QqUFil35C9FgcVMbzNzOr
+OPBKBKTNVk3uzVYnpCXsvxdmSnyVulBE5iMV+80Cs+P70mKp6vFPGPUY2kXHGWKd
+s7tHs6JHgcs2qnLEu7bpm+5/3e34vkffREsyXM322E2GpSC2gfs=
+=985I
+-----END PGP SIGNATURE-----

phpMyAdmin-config.patch

@@ -44,8 +44,8 @@ Index: config.sample.inc.php
 +/* $cfg['DefaultLang'] = 'de';
 +
 +/**
-  * This is needed for cookie based authentication to encrypt password in
+  * This is needed for cookie based authentication to encrypt the cookie.
-  * cookie. Needs to be 32 chars long.
+  * Needs to be a 32-bytes long string of random bytes. See FAQ 2.10.
 + *
 + * YOU MUST FILL IN THIS FOR COOKIE AUTH!
   */
@@ -56,7 +56,7 @@ Index: config.sample.inc.php
   * Servers configuration
 + *
 + * for more info/explanation about these VARS have look at
-+ *  libraries/config.default.php
++ * libraries/config.default.php
   */
  $i = 0;
  

phpMyAdmin.changes

@@ -1,3 +1,96 @@
+-------------------------------------------------------------------
+Wed Feb  8 07:23:38 UTC 2023 - ecsos <ecsos@opensuse.org>
+
+- Update to 5.2.1
+  This is a security and bufix release.
+  * Security
+    - Fix (PMASA-2023-01, CWE-661) 
+      Fix an XSS attack through the drag-and-drop upload feature.
+  * Bugfix
+    - issue #17522 Fix case where the routes cache file is invalid
+    - issue #17506 Fix error when configuring 2FA without XMLWriter or Imagick
+    - issue        Fix blank page when some error occurs
+    - issue #17519 Fix Export pages not working in certain conditions
+    - issue #17496 Fix error in table operation page when partitions are broken
+    - issue #17386 Fix system memory and system swap values on Windows
+    - issue #17517 Fix Database Server panel not getting hidden by ShowServerInfo configuration directive
+    - issue #17271 Fix database names not showing on Processes tab
+    - issue #17424 Fix export limit size calculation
+    - issue #17366 Fix refresh rate popup on Monitor page
+    - issue #17577 Fix monitor charts size on RTL languages
+    - issue #17121 Fix password_hash function incorrectly adding single quotes to password before hashing
+    - issue #17586 Fix statistics not showing for empty databases
+    - issue #17592 Clicking on the New index link on the sidebar does not throw an error anymore
+    - issue #17584 It's now possible to browse a database that includes two % in its name
+    - issue        Fix PHP 8.2 deprecated string interpolation syntax
+    - issue        Some languages are now correctly detected from the HTTP header
+    - issue #17617 Sorting is correctly remembered when $cfg['RememberSorting'] is true
+    - issue #17593 Table filtering now works when action buttons are on the right side of the row
+    - issue #17388 Find and Replace using regex now makes a valid query if no matching result set found
+    - issue #17551 Enum/Set editor will not fail to open when creating a new column
+    - issue #17659 Fix error when a database group is named tables, views, functions, procedures or events
+    - issue #17673 Allow empty values to be inserted into columns
+    - issue #17620 Fix error handling at phpMyAdmin startup for the JS SQL console
+    - issue        Fixed debug queries console broken UI for query time and group count
+    - issue        Fixed escaping of SQL query and errors for the debug console
+    - issue        Fix console toolbar UI when the bookmark feature is disabled and sql debug is enabled
+    - issue #17543 Fix JS error on saving a new designer page
+    - issue #17546 Fix JS error after using save as and open page operation on the designer
+    - issue        Fix PHP warning on GIS visualization when there is only one GIS column
+    - issue #17728 Some select HTML tags will now have the correct UI style
+    - issue #17734 PHP deprecations will only be shown when in a development environment
+    - issue #17369 Fix server error when blowfish_secret is not exactly 32 bytes long
+    - issue #17736 Add utf8mb3 as an alias of utf8 on the charset description page
+    - issue #16418 Fix FAQ 1.44 about manually removing vendor folders
+    - issue #12359 Setup page now sends the Content-Security-Policy headers
+    - issue #17747 The Column Visibility Toggle will not be hidden by other elements
+    - issue #17756 Edit/Copy/Delete row now works when using GROUP BY
+    - issue #17248 Support the UUID data type for MariaDB >= 10.7
+    - issue #17656 Fix replace/change/set table prefix is not working
+    - issue        Fix monitor page filter queries only filtering the first row
+    - issue        Fix "Link not found!" on foreign columns for tables having no char column to show
+    - issue #17390 Fix "Create view" modal doesn't show on results and empty results
+    - issue #17772 Fix wrong styles for add button from central columns
+    - issue #17389 Fix HTML disappears when exporting settings to browser's storage
+    - issue #17166 Fix "Warning: #1287 'X' is deprecated [...] Please use ST_X instead." on search page
+    - issue        Use jquery-migrate.min.js (14KB) instead of jquery-migrate.min.js (31KB)
+    - issue #17842 Use jquery.validate.min.js (24 KB) instead of jquery.validate.js (50 KB)
+    - issue #17281 Fix links to databases for information_schema.SCHEMATA
+    - issue #17553 Fix Metro theme unreadable links above navigation tree
+    - issue #17553 Metro theme UI fixes and improvements
+    - issue #17553 Fix Metro theme login form with
+    - issue #16042 Exported gzip file of database has first ~73 kB uncompressed and rest is gzip compressed in Firefox
+    - issue #17705 Fix inline SQL query edit FK checkbox preventing submit buttons from working
+    - issue #17777 Fix Uncaught TypeError: Cannot read properties of null (reading 'inline') on datepickers when re-opened
+    - issue        Fix Original theme buttons style and login form width
+    - issue #17892 Fix closing index edit modal and reopening causes it to fire twice
+    - issue #17606 Fix preview SQL modal not working inside "Add Index" modal
+    - issue        Fix PHP error on adding new column on create table form
+    - issue #17482 Default to "Full texts" when running explain statements
+    - issue        Fixed Chrome scrolling performance issue on a textarea of an "export as text" page
+    - issue #17703 Fix datepicker appears on all fields, not just date
+    - issue        Fix space in the tree line when a DB is expanded
+    - issue #17340 Fix "New Table" page -> "VIRTUAL" attribute is lost when adding a new column
+    - issue #17446 Fix missing option for STORED virtual column on MySQL and PERSISTENT is not supported on MySQL
+    - issue #17446 Lower the check for virtual columns to MySQL>=5.7.6 nothing is supported on 5.7.5
+    - issue        Fix column names option for CSV Export
+    - issue #17177 Fix preview SQL when reordering columns doesn't work on move columns
+    - issue #15887 Fixed DROP TABLE errors ignored on multi table select for DROP
+    - issue #17944 Fix unable to create a view from tree view button
+    - issue #17927 Fix key navigation between select inputs (drop an old Firefox workaround)
+    - issue #17967 Fix missing icon for collapse all button
+    - issue #18006 Fixed UUID columns can't be moved
+    - issue        Add `spellcheck="false"` to all password fields and some text fields to avoid spell-jacking data leaks
+    - issue        Remove non working "Analyze Explain at MariaDB.org" button (MariaDB stopped this service)
+    - issue #17229 Add support for Web Authentication API because Chrome removed support for the U2F API
+    - issue #18019 Fix "Call to a member function fetchAssoc() on bool" with SQL mode ONLY_FULL_GROUP_BY on monitor search logs
+    - issue        Add back UUID and UUID_SHORT to functions on MySQL and all MariaDB versions
+    - issue #17398 Fix clicking on JSON columns triggers update query
+    - issue        Fix silent JSON parse error on upload progress
+    - issue #17833 Fix "Add Parameter" button not working for Add Routine Screen
+    - issue #17365 Fixed "Uncaught Error: regexp too big" on server status variables page
+- Rebase phpMyAdmin-config.patch.
+
 -------------------------------------------------------------------
 Wed Jul 13 20:01:20 UTC 2022 - chris@computersalat.de
 

phpMyAdmin.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package phpMyAdmin
 #
-# Copyright (c) 2022 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
@@ -25,7 +25,7 @@
 %define apache_group    nogroup
 %endif
 Name:           phpMyAdmin
-Version:        5.2.0
+Version:        5.2.1
 Release:        0
 Summary:        Administration of MySQL over the web
 License:        GPL-2.0-or-later