From 9aa95454fbebd090f59f93f853fbd8c763666938e0f097af6d560eeace3edf8d Mon Sep 17 00:00:00 2001 From: Eric Schirra Date: Thu, 23 Jan 2025 12:59:02 +0000 Subject: [PATCH] - Update to 5.2.2 * Security - issue [security] Fix for a path disclosure leak in the Monitoring tab - issue Prevent the user from deleting system databases - issue [security] Fix an XSS vulnerability when checking tables (PMASA-2025-1) - issue [security] Fix an XSS vulnerability on the Insert tab (PMASA-2025-2) - issue [security] Fix a possible glibc/iconv vulnerability (CVE-2024-2961, assigned PMASA-2025-3 but please note that phpMyAdmin is not vulnerable by default) * Bugfix - issue Fix for sql-parser relating to quadratic complexity in certain queries, which could have caused long execution times. - issue #17851 Fix total count of rows in not accurate - issue #17766 Allow to open in a new tab copy and edit row actions - issue #17599 Fix error when handling an user that is not in privileges table - issue #17364 Fix error when trying to import a status monitor chart arrangement - issue #18106 Fix renaming database with a view - issue #18120 Fix bug with numerical tables during renaming database - issue #16851 Fix ($cfg['Order']) default column order doesn't have have any effect since phpMyAdmin 4.2.0 - issue #18138 Fix some issues with numerical table names - issue #18112 Fix open base dir warning on git version class - issue #18211 Fix the themes route missing the server ID - issue Do not show "Original length undefined" on binary hex columns - issue Fix wrong time zone when handling Git information - issue #18195 Fix warning on non-existent table for XML export - issue #18196 Fix errors of import notification - issue #18093 Fix JS errors around "new user account" in some edge cases - issue #16451 Increase password characters limit to 2000 during login - issue #18177 Fix "IS NULL" is shown for non-nullable columns on search page - issue #16199 Fix dragging of tables in designer - issue #18268 Fix UI issue the theme manager is disabled - issue #18258 Speed improvements when exporting a database - issue #17702 Fix performance issue when handling large number of tables in a single database - issue #18324 Fix UI defect on tracking versions table first column - issue #18266 Fix disabling features (like `$cfg['Servers'][$i]['tracking'] = false;`) did not work - issue #18296 Fixed query time measurement - measure time only for user queries - issue #18235 Fix columns are misaligned for the "sys" database - issue #18249 Speed improvements when browsing a database with multiple tables - issue #18060 Fix Console height "Not a non-negative number" error - issue #18188 Fix issue when editing GIS data - issue Fix width/height of create routines modal and width of routines/triggers/events modals - issue Stop pmadb database detection when all features are disabled - issue Upgrade slim/psr7 to 1.4.1 for CVE-2023-30536 - GHSA-q2qj-628g-vhfw - issue #17654 Fix unprivileged user cannot change password on MySQL >= 5.7.37 - issue #18385 Add CVE MITRE link to allowed domains and use cve.org - issue #18330 Fix TypeError when no-datetime field is modified - issue #18212 Fix Query Builder doesn't replace a table name with it's alias in the `WHERE` block - issue #18221 Keep the criteria box collapsed by the user when un-checking the criteria checkbox - issue #18363 Fix colspan for actions column on database table list - issue Fix double encoding on User Groups pages - issue Fix list of users of an user group not showing up - issue Fix duplicate query params in the SQL message card - issue #18314 Fix dragged row in index form - issue #17392 Fix the actions not being hidden in the Triggers, Routines, Events pages - issue #18441 Fix execute routine page not working when not in a modal - issue #18471 Fix SQL statement not being displayed correctly on RTL languages - issue Fix state times not getting summed in the profiling table - issue Fix a case where a fatal error message was not displayed - issue #17420 Fix profiling chart not loading when profiling is activated - issue #18159 Fix error when changing the number of chart columns in the monitor page - issue #18403 Fix Uncaught SyntaxError: JSON.parse on makegrid conditions - issue #17528 Fix double escaping of database group names in the navigation tree - issue #18473 Fix the NULL not applied after clearing nullable field - issue #18454 Fix date field calendar display when changing NULL state - issue #18481 Fix missing pagination when using SELECT DISTINCT - issue #18325 Allow hex representations for integers in the search box validation - issue #14411 Fixed double tap to edit on mobile devices - issue Update documentation to reflect that Node >= 12 is required to compile the JS and CSS files - issue #18578 Fixed PDF export NULL values gives a type error - issue #18605 Fixed issue when executing a stored procedure - issue #18650 Fixed double escaping on foreign key relation link title - issue #18533 Fixed wrong count for simulated queries - issue #18611 Fixed an error when searching a table without conditions - issue #18663 Fixed case where triggers are dropped when moving a table - issue #17404 Fixed an error message after dropping a database - issue #18714 Fixed incorrect formatting of the amount of table rows - issue #18717 Fixed issue when deleting bookmarks - issue #18713 Fixed some issues with the GIS editor - issue #18722 Fixed generic error message in the home page - issue #18693 Fixed enum/set value escaping - issue #18769 Improved collations support for MariaDB 10.10 - issue #17381 Fixed JS errors when editing indexes on create table - issue #14402 Fix the PRIMARY label still shown when using two columns for a PK on create table - issue #17347 Fixed JS errors when changing index settings on create table - issue #18762 Fixed truncating tables when a VIEW is included - issue Fix BETWEEN search does not validate input because of spaces - issue Fix JS number validation does not validate when the input is empty or emptied - issue #18561 Fix issue when adding System Monitor charts - issue #17363 Fix duplicate route parameter after logging in - issue #15670 Fix case where the data is truncated after changing a longtext column's collation - issue #18797 Fixed support for ampersand as a arg separator - issue #18834 Fixed case where column hash is empty in table relation page - issue #17538 Fixed error when renaming an index - issue #18865 Fix missing text-nowrap for timestamps columns - issue #18613 Fixed routine editor showing wrong parameter type - issue #18890 Fixed wrong row count when query has UNION - issue #18949 Fixed natural sorting for items in the navigation section - issue #18930 Fixed import of empty tables from MediaWiki - issue #18940 Fixed issue when creating an unique key - issue #19022 Fix case where tables from wrong database is loaded in navigation tree - issue #18782 Fixed issue with role based auth for MySQL 8 - issue #18593 Fix drop db line included in server export if exporting only data - issue #18049 Also check that curl_exec is enabled for the new version check - issue #19023 Fixed table size for ROCKSDB engine showing as unknown - issue #18451 Fix when editing inline central column, Null is always preselected - issue #18495 Fixed database export missing routines - issue #19117 Allow changing the virtuality of a column without any other changes - issue #18566 Fixed error when importing exported view with USE INDEX hint - issue #17920 Fixed moving column with empty default value will replace it with '' - issue #18006 Fixed moving columns causes the default uuid() value to get quotes around it - issue #18962 Fixed move columns with ENUM() & DEFAULT causes invalid SQL - issue #18276 Fix on update CURRENT_TIMESTAMP doesn't show as default in attributes - issue #18240 Fix inserting value with UNIX_TIMESTAMP() without a parameter - issue #19125 Fixed CodeMirror tooltip is below modals - issue #18674 Fix formatted sql in browse table result has a linebreak after each token - issue #18210 Fixed add replica replication user on MariaDB doesn't work (SQL syntax) - issue #19041 Fix footer.twig gets printed to Binary File Download - issue #19091 Fix to stop processing queries on error - issue #18241 Fix copy SQL query button on error messages - issue #17190 Fix an error with SELECT ... FOR UPDATE queries - issue #19145 Remove duplicate server and lang parameters from links - issue #19158 Fix an issue with backticks on the query generator - issue #19174 Fix an issue with column alias with asterisk on the query generator - issue #19146 Fix column sorting with limit subquery - issue #19152 Fix the number of lines being ignored in GIS visualization after a search - issue #19189 Fix issue with column sorting when using 'group by' - issue #19188 Fix issue with simulated queries reporting syntax errors - issue #19141 Add cookie prefix '-__Secure-' to cookies to help prevent cookie smuggling - issue #19218 Fix textarea horizontal resizing with Bootstap theme - issue #19199 Add support for fractional seconds to current_timestamp() - issue #19221 Fix query statistics for queries with count(*) - issue #19203 Fix single quotes and backslashes for the query generator - issue #19163 Fix queries with IS NULL or IS NOT NULL for the query generator - issue #19181 Fix query generator support for IN() and NOT IN() - issue #19167 Fix criteria on column '*' for the query generator - issue #19213 Fix possible issue when exporting a large data set - issue #19217 Fix issue when editing a cell of a JSON column - issue #19244 Add yarn 1.22 to the package.json's packageManager field - issue #19185 Fix visual issue when a row has only empty cells - issue #19257 Fix issue when adding an index with an invalid name - issue #19276 Fix compatibility with Twig 3.12 - issue #19283 Fix issue when the server starts with skip-innodb option - issue #19299 Fix charset in procedure's parameter type - issue #19316 Fix input size for hexadecimal values - issue #19321 Suppress deprecation message of E_STRICT constant - issue Fix PHP 8.4 `str_getcsv` `$escape` parameter deprecation - issue #19426 Fix PHP warnings when the column is a `COMPRESSED BLOB` - issue Allow opening server breadcrumb links in new tab with Ctrl/Meta key - issue #19500 Use `KILL` instead of `CALL mysql.rds_kill` for non super users - issue Fix "copy to clipboard" was adding a blank row for each repeating header row - issue Fix TCPDF translations - issue Remove underline for links on Bootstrap theme - issue Fix sql editor height on multi-table query - issue #18852 Fix notification color scheme on the Bootstrap dark theme - issue #14542 Show the query even if no results are found in the Table search - issue #16936 Fixed import (e.g. ods) doesn't respect database default collation - issue #19000 Disable autocomplete for the create table/db name inputs OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=385 --- .gitattributes | 23 + .gitignore | 1 + phpMyAdmin-5.2.1-all-languages.tar.xz | 3 + phpMyAdmin-5.2.1-all-languages.tar.xz.asc | 16 + phpMyAdmin-5.2.2-all-languages.tar.xz | 3 + phpMyAdmin-5.2.2-all-languages.tar.xz.asc | 16 + phpMyAdmin-config.patch | 298 ++ phpMyAdmin-pma.patch | 27 + phpMyAdmin-rpmlintrc | 3 + phpMyAdmin.changes | 5204 +++++++++++++++++++++ phpMyAdmin.http | 103 + phpMyAdmin.http.inc | 13 + phpMyAdmin.keyring | 530 +++ phpMyAdmin.spec | 276 ++ 14 files changed, 6516 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 phpMyAdmin-5.2.1-all-languages.tar.xz create mode 100644 phpMyAdmin-5.2.1-all-languages.tar.xz.asc create mode 100644 phpMyAdmin-5.2.2-all-languages.tar.xz create mode 100644 phpMyAdmin-5.2.2-all-languages.tar.xz.asc create mode 100644 phpMyAdmin-config.patch create mode 100644 phpMyAdmin-pma.patch create mode 100644 phpMyAdmin-rpmlintrc create mode 100644 phpMyAdmin.changes create mode 100644 phpMyAdmin.http create mode 100644 phpMyAdmin.http.inc create mode 100644 phpMyAdmin.keyring create mode 100644 phpMyAdmin.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/phpMyAdmin-5.2.1-all-languages.tar.xz b/phpMyAdmin-5.2.1-all-languages.tar.xz new file mode 100644 index 0000000..ed08531 --- /dev/null +++ b/phpMyAdmin-5.2.1-all-languages.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:373f9599dfbd96d6fe75316d5dad189e68c305f297edf42377db9dd6b41b2557 +size 7461668 diff --git a/phpMyAdmin-5.2.1-all-languages.tar.xz.asc b/phpMyAdmin-5.2.1-all-languages.tar.xz.asc new file mode 100644 index 0000000..b4152ad --- /dev/null +++ b/phpMyAdmin-5.2.1-all-languages.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEPQalns5zDrcbURwXznUvF4JZvZIFAmPixzwACgkQznUvF4JZ +vZJykhAAmYcNfeAvZQsZQxsEuihZgsSgUYy/icfTWiUlD8QByMfu+dGDXyFMv9+H +TOOoX6T/7aeY0ZbemmlthHGB34lr4EAdU4b6lyHZ4yhSqOy+b5rf7moKItXF2MRB +LDeVitsACiIS09MX54un4WOcHm2AqesT6KzykLrOhwNt3EP0oKZoTIdQObzALKAh +najxa+TC3iFVPvCGX2VItgJN7i1MTCpwJwo2yHOba9RgNaap+uyOlN30ZZ/u1ne8 ++I/QZMyhtq7MQPVDpSAGHHYBmE9W4kihS7g1dzkQlgM585oqUsDmtL8Ba9gqIroV +rXVq4rReDTsx/6wyveGYci9fMDpVFPpMf7Dtay32PK6vEaKjsDR2+kuDkbJqjYlf +/8B8GWJfvsLQly1N1MYIC3BVa/oCd81mkay7d67JtbAC7neQccjn2zkHzJ2RS1Ir +7bImzAd/a5YbZHtLjKRqshWVIrbN/KmO2VwxmM5zjTVlVHZPWCiV9JJx+8PtpQTy +lHcd9Is1ZJzkdeqQaW2IakhgHj+9RDJ4lUFrSeUcl99QqUFil35C9FgcVMbzNzOr +OPBKBKTNVk3uzVYnpCXsvxdmSnyVulBE5iMV+80Cs+P70mKp6vFPGPUY2kXHGWKd +s7tHs6JHgcs2qnLEu7bpm+5/3e34vkffREsyXM322E2GpSC2gfs= +=985I +-----END PGP SIGNATURE----- diff --git a/phpMyAdmin-5.2.2-all-languages.tar.xz b/phpMyAdmin-5.2.2-all-languages.tar.xz new file mode 100644 index 0000000..842d04d --- /dev/null +++ b/phpMyAdmin-5.2.2-all-languages.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f881819a3b11e653b0212afaf0cc105db85c767715cb3f5852670f7fc36c9669 +size 7539088 diff --git a/phpMyAdmin-5.2.2-all-languages.tar.xz.asc b/phpMyAdmin-5.2.2-all-languages.tar.xz.asc new file mode 100644 index 0000000..6908024 --- /dev/null +++ b/phpMyAdmin-5.2.2-all-languages.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEPQalns5zDrcbURwXznUvF4JZvZIFAmePEe0ACgkQznUvF4JZ +vZL1wBAAiMguK5dZbPa7X5IsuD56DEDbv4ODitpKExHgQ84ki+Y1fwAO6MDAeuGN +qpE+wm6jcpT0nTlR7/fBjtFMkolFH202wEnTj3LfCs64KMru2k9CQvwwtfB0FCG6 +DVgklOYFWU5ISGN8ma8qLhAgMBUSM/I6CUzzHtudQ+FIvfpgyYZimH9oYbguUdaU +Eh0sIf6SMDKL+qD0v7fraehUCN0ixMFeVtX7dKUs7bDHhcayApJLw+EtV6olDR7a +BSzcrmG2brDAjRnpSt2mEgcgLJbZ1jN225W86B4McgNRUtSGEp4kLDisxeVL3wmf +xYeLLg7u65n4tZaf4kYvFAgJaj0fZsRZd+mPqRkn8Oee/WkqwIyWGCgV9Ez92JH7 +L3LdZU/nQV0CLfZizXuideGVU1vD56sVHmIzTF/x2xccdSgTCluea94vE2A0nU0D +TdFDFAsPEh5YCgVAI4gAN0myCQushmcS3k8gFasVkBfqLzoARVNaQOpU8nYIMK1I +Qh+/Y8+LislojgtBQ0htdjt/XDqq/9UeCIT9qwYNVXMBFJ8u6Th69aGIVdc74OZY +1BNPuzsDp4/E+Jy4bPLdZe6R3B+Zf7TWlFTqlaWFv8KNyBAQmsGGEatuYU5nHeac +XahSTcyxii6GKO55CDVj4lhkwqOr0kg0vdhWwdWebjLFwfzg9g4= +=PNiW +-----END PGP SIGNATURE----- diff --git a/phpMyAdmin-config.patch b/phpMyAdmin-config.patch new file mode 100644 index 0000000..95b18af --- /dev/null +++ b/phpMyAdmin-config.patch @@ -0,0 +1,298 @@ +Index: config.sample.inc.php +=================================================================== +--- config.sample.inc.php.orig ++++ config.sample.inc.php +@@ -10,13 +10,56 @@ + declare(strict_types=1); + + /** ++ * Disable the default warning that is displayed on the DB Details Structure ++ * page if any of the required Tables for the relationfeatures could not be ++ * found ++ * ++ * Default: false ++ */ ++/* $cfg['PmaNoRelation_DisableWarning'] = true; ++ ++/** ++ * Zero Configuration mode. ++ * ++ * Enables Zero Configuration mode in which the user will be offered a choice ++ * to create phpMyAdmin configuration storage in the current database or use ++ * the existing one, if already present. ++ * ++ * Note: If there is no central configuration storage defined then you may end ++ * up with different set of phpMyAdmin configuration storage tables for ++ * different databases. ++ * ++ * Default: true ++ */ ++$cfg['ZeroConf'] = false; ++ ++/** ++ * Disable the default warning that is displayed if Suhosin is detected ++ * ++ * Default: false ++ */ ++/* $cfg['SuhosinDisableWarning'] = true; ++ ++/** ++ * Default language to use, if not browser-defined or user-defined ++ * ++ * Default: en ++ */ ++/* $cfg['DefaultLang'] = 'de'; ++ ++/** + * This is needed for cookie based authentication to encrypt the cookie. + * Needs to be a 32-bytes long string of random bytes. See FAQ 2.10. ++ * ++ * YOU MUST FILL IN THIS FOR COOKIE AUTH! + */ +-$cfg['blowfish_secret'] = ''; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */ ++$cfg['blowfish_secret'] = ''; + + /** + * Servers configuration ++ * ++ * for more info/explanation about these VARS have look at ++ * libraries/config.default.php + */ + $i = 0; + +@@ -24,44 +67,153 @@ $i = 0; + * First server + */ + $i++; +-/* Authentication type */ +-$cfg['Servers'][$i]['auth_type'] = 'cookie'; +-/* Server parameters */ +-$cfg['Servers'][$i]['host'] = 'localhost'; +-$cfg['Servers'][$i]['compress'] = false; +-$cfg['Servers'][$i]['AllowNoPassword'] = false; ++ ++$cfg['Servers'][$i]['host'] = 'localhost'; ++$cfg['Servers'][$i]['port'] = ''; ++$cfg['Servers'][$i]['socket'] = ''; ++$cfg['Servers'][$i]['ssl'] = false; ++$cfg['Servers'][$i]['connect_type'] = 'socket'; ++$cfg['Servers'][$i]['extension'] = 'mysqli'; ++$cfg['Servers'][$i]['compress'] = false; ++$cfg['Servers'][$i]['auth_type'] = 'cookie'; ++$cfg['Servers'][$i]['user'] = 'root'; ++$cfg['Servers'][$i]['password'] = ''; ++$cfg['Servers'][$i]['AllowNoPassword'] = false; ++$cfg['Servers'][$i]['AllowRoot'] = true; ++$cfg['Servers'][$i]['SignonSession'] = ''; ++$cfg['Servers'][$i]['SignonURL'] = ''; ++$cfg['Servers'][$i]['LogoutURL'] = ''; ++$cfg['Servers'][$i]['only_db'] = ''; ++$cfg['Servers'][$i]['verbose'] = ''; ++$cfg['Servers'][$i]['verbose_check'] = true; ++$cfg['Servers'][$i]['AllowDeny']['order'] = ''; ++$cfg['Servers'][$i]['AllowDeny']['rules'] = array(); + + /** + * phpMyAdmin configuration storage settings. ++ * ++ * for more info/explanation about these VARS have look at ++ * libraries/config.default.php + */ + + /* User used to manipulate with storage */ +-// $cfg['Servers'][$i]['controlhost'] = ''; +-// $cfg['Servers'][$i]['controlport'] = ''; +-// $cfg['Servers'][$i]['controluser'] = 'pma'; +-// $cfg['Servers'][$i]['controlpass'] = 'pmapass'; +- +-/* Storage database and tables */ +-// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin'; +-// $cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark'; +-// $cfg['Servers'][$i]['relation'] = 'pma__relation'; +-// $cfg['Servers'][$i]['table_info'] = 'pma__table_info'; +-// $cfg['Servers'][$i]['table_coords'] = 'pma__table_coords'; +-// $cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages'; +-// $cfg['Servers'][$i]['column_info'] = 'pma__column_info'; +-// $cfg['Servers'][$i]['history'] = 'pma__history'; +-// $cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs'; +-// $cfg['Servers'][$i]['tracking'] = 'pma__tracking'; +-// $cfg['Servers'][$i]['userconfig'] = 'pma__userconfig'; +-// $cfg['Servers'][$i]['recent'] = 'pma__recent'; +-// $cfg['Servers'][$i]['favorite'] = 'pma__favorite'; +-// $cfg['Servers'][$i]['users'] = 'pma__users'; +-// $cfg['Servers'][$i]['usergroups'] = 'pma__usergroups'; +-// $cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding'; +-// $cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches'; +-// $cfg['Servers'][$i]['central_columns'] = 'pma__central_columns'; +-// $cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings'; +-// $cfg['Servers'][$i]['export_templates'] = 'pma__export_templates'; ++$cfg['Servers'][$i]['controlhost'] = 'localhost'; ++$cfg['Servers'][$i]['controlport'] = ''; ++/* ++$cfg['Servers'][$i]['controluser'] = 'pma'; ++$cfg['Servers'][$i]['controlpass'] = 'pmapass'; ++ ++/** ++ * The name of the database containing the phpMyAdmin configuration storage. ++ * ++ * For a whole set of additional features (bookmarks, comments, SQL-history, ++ * tracking mechanism, PDF-generation, column contents transformation, etc.) ++ * you need to create a set of special tables. Those tables can be located in ++ * your own database, or in a central database for a multi-user installation ++ * (this database would then be accessed by the controluser, so no other user ++ * should have rights to it). ++ * ++ * Default: '' ++ * ++ */ ++/* $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin'; ++ ++/* Other Storage tables */ ++ ++$cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark'; ++$cfg['Servers'][$i]['relation'] = 'pma__relation'; ++$cfg['Servers'][$i]['table_info'] = 'pma__table_info'; ++$cfg['Servers'][$i]['table_coords'] = 'pma__table_coords'; ++$cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages'; ++$cfg['Servers'][$i]['column_info'] = 'pma__column_info'; ++$cfg['Servers'][$i]['history'] = 'pma__history'; ++$cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs'; ++$cfg['Servers'][$i]['tracking'] = 'pma__tracking'; ++$cfg['Servers'][$i]['userconfig'] = 'pma__userconfig'; ++$cfg['Servers'][$i]['recent'] = 'pma__recent'; ++$cfg['Servers'][$i]['favorite'] = 'pma__favorite'; ++$cfg['Servers'][$i]['users'] = 'pma__users'; ++$cfg['Servers'][$i]['usergroups'] = 'pma__usergroups'; ++$cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding'; ++$cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches'; ++$cfg['Servers'][$i]['central_columns'] = 'pma__central_columns'; ++$cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings'; ++$cfg['Servers'][$i]['export_templates'] = 'pma__export_templates'; ++/* $cfg['Servers'][$i]['auth_swekey_config'] = ''; ++ ++ ++ ++/** ++ * Second Server ++ */ ++ ++/* ++$i++; ++$cfg['Servers'][$i]['host'] = 'localhost'; ++$cfg['Servers'][$i]['port'] = ''; ++$cfg['Servers'][$i]['socket'] = ''; ++$cfg['Servers'][$i]['ssl'] = false; ++$cfg['Servers'][$i]['connect_type'] = 'socket'; ++$cfg['Servers'][$i]['extension'] = 'mysqli'; ++$cfg['Servers'][$i]['compress'] = false; ++$cfg['Servers'][$i]['auth_type'] = 'cookie'; ++$cfg['Servers'][$i]['user'] = 'root'; ++$cfg['Servers'][$i]['password'] = ''; ++$cfg['Servers'][$i]['AllowNoPassword'] = false; ++$cfg['Servers'][$i]['AllowRoot'] = true; ++$cfg['Servers'][$i]['SignonSession'] = ''; ++$cfg['Servers'][$i]['SignonURL'] = ''; ++$cfg['Servers'][$i]['LogoutURL'] = ''; ++$cfg['Servers'][$i]['only_db'] = ''; ++$cfg['Servers'][$i]['verbose'] = ''; ++$cfg['Servers'][$i]['verbose_check'] = true; ++$cfg['Servers'][$i]['AllowDeny']['order'] = ''; ++$cfg['Servers'][$i]['AllowDeny']['rules'] = array(); ++*/ ++ ++/* ++ * phpMyAdmin configuration storage settings. ++ */ ++ ++/* ++$cfg['Servers'][$i]['controlhost'] = 'localhost'; ++$cfg['Servers'][$i]['controlport'] = ''; ++$cfg['Servers'][$i]['controluser'] = 'pma'; ++$cfg['Servers'][$i]['controlpass'] = 'pmapass'; ++$cfg['Servers'][$i]['pmadb'] = 'phpmyadmin'; ++$cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark'; ++$cfg['Servers'][$i]['relation'] = 'pma__relation'; ++$cfg['Servers'][$i]['table_info'] = 'pma__table_info'; ++$cfg['Servers'][$i]['table_coords'] = 'pma__table_cords'; ++$cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages'; ++$cfg['Servers'][$i]['column_info'] = 'pma__column_info'; ++$cfg['Servers'][$i]['history'] = 'pma__history'; ++$cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs'; ++$cfg['Servers'][$i]['tracking'] = 'pma__tracking'; ++$cfg['Servers'][$i]['userconfig'] = 'pma__userconfig'; ++$cfg['Servers'][$i]['recent'] = 'pma__recent'; ++$cfg['Servers'][$i]['users'] = 'pma__users'; ++$cfg['Servers'][$i]['usergroups'] = 'pma__usergroups'; ++$cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding'; ++$cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches'; ++$cfg['Servers'][$i]['central_columns'] = 'pma__central_columns'; ++$cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings'; ++$cfg['Servers'][$i]['export_templates'] = 'pma__export_templates'; ++$cfg['Servers'][$i]['auth_swekey_config'] = ''; ++*/ ++ ++/** ++ * If you have more than one server configured, you can set $cfg['ServerDefault'] ++ * to any one of them to autoconnect to that server when phpMyAdmin is started, ++ * or set it to 0 to be given a list of servers without logging in ++ * If you have only one server configured, $cfg['ServerDefault'] *MUST* be ++ * set to that server. ++ * ++ * Default server (0 = no default server) ++ */ ++$cfg['ServerDefault'] = 1; ++$cfg['Server'] = '0'; ++unset($cfg['Servers'][0]); + + /** + * End of servers configuration +Index: libraries/vendor_config.php +=================================================================== +--- libraries/vendor_config.php.orig ++++ libraries/vendor_config.php +@@ -22,38 +22,38 @@ return [ + /** + * Directory where cache files are stored. + */ +- 'tempDir' => ROOT_PATH . 'tmp' . DIRECTORY_SEPARATOR, ++ 'tempDir' => '@tmpdir@' . DIRECTORY_SEPARATOR, + + /** + * Path to changelog file, can be gzip compressed. + * Useful when you want to have documentation somewhere else, e.g. /usr/share/doc. + */ +- 'changeLogFile' => ROOT_PATH . 'ChangeLog', ++ 'changeLogFile' => '@docdir@' . DIRECTORY_SEPARATOR . 'ChangeLog', + + /** + * Path to license file. Useful when you want to have documentation somewhere else, e.g. /usr/share/doc. + */ +- 'licenseFile' => ROOT_PATH . 'LICENSE', ++ 'licenseFile' => '@docdir@' . DIRECTORY_SEPARATOR . 'LICENSE', + + /** + * Directory where SQL scripts to create/upgrade configuration storage reside. + */ +- 'sqlDir' => ROOT_PATH . 'sql' . DIRECTORY_SEPARATOR, ++ 'sqlDir' => '@docdir@' . DIRECTORY_SEPARATOR . 'sql' . DIRECTORY_SEPARATOR, + + /** + * Filename of a configuration file. + */ +- 'configFile' => ROOT_PATH . 'config.inc.php', ++ 'configFile' => '@sysconfdir@' . DIRECTORY_SEPARATOR . 'config.inc.php', + + /** + * Filename of custom header file. + */ +- 'customHeaderFile' => ROOT_PATH . 'config.header.inc.php', ++ 'customHeaderFile' => '@sysconfdir@' . DIRECTORY_SEPARATOR . 'config.header.inc.php', + + /** + * Filename of custom footer file. + */ +- 'customFooterFile' => ROOT_PATH . 'config.footer.inc.php', ++ 'customFooterFile' => '@sysconfdir@' . DIRECTORY_SEPARATOR . 'config.footer.inc.php', + + /** + * Default value for check for version upgrades. diff --git a/phpMyAdmin-pma.patch b/phpMyAdmin-pma.patch new file mode 100644 index 0000000..51de6c5 --- /dev/null +++ b/phpMyAdmin-pma.patch @@ -0,0 +1,27 @@ +Index: sql/create_tables.sql +=================================================================== +--- sql/create_tables.sql.orig ++++ sql/create_tables.sql +@@ -27,8 +27,8 @@ USE phpmyadmin; + -- Privileges + -- + -- (activate this statement if necessary) +--- GRANT SELECT, INSERT, DELETE, UPDATE, ALTER ON `phpmyadmin`.* TO +--- 'pma'@localhost; ++GRANT SELECT, INSERT, DELETE, UPDATE, ALTER ON `phpmyadmin`.* TO ++ 'pma'@localhost IDENTIFIED BY 'pmapass'; + + -- -------------------------------------------------------- + +Index: config.sample.inc.php +=================================================================== +--- config.sample.inc.php.orig ++++ config.sample.inc.php +@@ -199,7 +199,6 @@ $cfg['Servers'][$i]['savedsearches'] + $cfg['Servers'][$i]['central_columns'] = 'pma__central_columns'; + $cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings'; + $cfg['Servers'][$i]['export_templates'] = 'pma__export_templates'; +-$cfg['Servers'][$i]['auth_swekey_config'] = ''; + */ + + /** diff --git a/phpMyAdmin-rpmlintrc b/phpMyAdmin-rpmlintrc new file mode 100644 index 0000000..95a7c8f --- /dev/null +++ b/phpMyAdmin-rpmlintrc @@ -0,0 +1,3 @@ +addFilter("files-duplicated-waste") +addFilter("files-duplicate") +addFilter("pem-certificate") diff --git a/phpMyAdmin.changes b/phpMyAdmin.changes new file mode 100644 index 0000000..3465415 --- /dev/null +++ b/phpMyAdmin.changes @@ -0,0 +1,5204 @@ +------------------------------------------------------------------- +Thu Jan 23 12:34:40 UTC 2025 - ecsos + +- Update to 5.2.2 + * Security + - issue [security] Fix for a path disclosure leak in the Monitoring tab + - issue Prevent the user from deleting system databases + - issue [security] Fix an XSS vulnerability when checking tables (PMASA-2025-1) + - issue [security] Fix an XSS vulnerability on the Insert tab (PMASA-2025-2) + - issue [security] Fix a possible glibc/iconv vulnerability (CVE-2024-2961, assigned PMASA-2025-3 + but please note that phpMyAdmin is not vulnerable by default) + * Bugfix + - issue Fix for sql-parser relating to quadratic complexity in certain queries, which could have caused long execution times. + - issue #17851 Fix total count of rows in not accurate + - issue #17766 Allow to open in a new tab copy and edit row actions + - issue #17599 Fix error when handling an user that is not in privileges table + - issue #17364 Fix error when trying to import a status monitor chart arrangement + - issue #18106 Fix renaming database with a view + - issue #18120 Fix bug with numerical tables during renaming database + - issue #16851 Fix ($cfg['Order']) default column order doesn't have have any effect since phpMyAdmin 4.2.0 + - issue #18138 Fix some issues with numerical table names + - issue #18112 Fix open base dir warning on git version class + - issue #18211 Fix the themes route missing the server ID + - issue Do not show "Original length undefined" on binary hex columns + - issue Fix wrong time zone when handling Git information + - issue #18195 Fix warning on non-existent table for XML export + - issue #18196 Fix errors of import notification + - issue #18093 Fix JS errors around "new user account" in some edge cases + - issue #16451 Increase password characters limit to 2000 during login + - issue #18177 Fix "IS NULL" is shown for non-nullable columns on search page + - issue #16199 Fix dragging of tables in designer + - issue #18268 Fix UI issue the theme manager is disabled + - issue #18258 Speed improvements when exporting a database + - issue #17702 Fix performance issue when handling large number of tables in a single database + - issue #18324 Fix UI defect on tracking versions table first column + - issue #18266 Fix disabling features (like `$cfg['Servers'][$i]['tracking'] = false;`) did not work + - issue #18296 Fixed query time measurement - measure time only for user queries + - issue #18235 Fix columns are misaligned for the "sys" database + - issue #18249 Speed improvements when browsing a database with multiple tables + - issue #18060 Fix Console height "Not a non-negative number" error + - issue #18188 Fix issue when editing GIS data + - issue Fix width/height of create routines modal and width of routines/triggers/events modals + - issue Stop pmadb database detection when all features are disabled + - issue Upgrade slim/psr7 to 1.4.1 for CVE-2023-30536 - GHSA-q2qj-628g-vhfw + - issue #17654 Fix unprivileged user cannot change password on MySQL >= 5.7.37 + - issue #18385 Add CVE MITRE link to allowed domains and use cve.org + - issue #18330 Fix TypeError when no-datetime field is modified + - issue #18212 Fix Query Builder doesn't replace a table name with it's alias in the `WHERE` block + - issue #18221 Keep the criteria box collapsed by the user when un-checking the criteria checkbox + - issue #18363 Fix colspan for actions column on database table list + - issue Fix double encoding on User Groups pages + - issue Fix list of users of an user group not showing up + - issue Fix duplicate query params in the SQL message card + - issue #18314 Fix dragged row in index form + - issue #17392 Fix the actions not being hidden in the Triggers, Routines, Events pages + - issue #18441 Fix execute routine page not working when not in a modal + - issue #18471 Fix SQL statement not being displayed correctly on RTL languages + - issue Fix state times not getting summed in the profiling table + - issue Fix a case where a fatal error message was not displayed + - issue #17420 Fix profiling chart not loading when profiling is activated + - issue #18159 Fix error when changing the number of chart columns in the monitor page + - issue #18403 Fix Uncaught SyntaxError: JSON.parse on makegrid conditions + - issue #17528 Fix double escaping of database group names in the navigation tree + - issue #18473 Fix the NULL not applied after clearing nullable field + - issue #18454 Fix date field calendar display when changing NULL state + - issue #18481 Fix missing pagination when using SELECT DISTINCT + - issue #18325 Allow hex representations for integers in the search box validation + - issue #14411 Fixed double tap to edit on mobile devices + - issue Update documentation to reflect that Node >= 12 is required to compile the JS and CSS files + - issue #18578 Fixed PDF export NULL values gives a type error + - issue #18605 Fixed issue when executing a stored procedure + - issue #18650 Fixed double escaping on foreign key relation link title + - issue #18533 Fixed wrong count for simulated queries + - issue #18611 Fixed an error when searching a table without conditions + - issue #18663 Fixed case where triggers are dropped when moving a table + - issue #17404 Fixed an error message after dropping a database + - issue #18714 Fixed incorrect formatting of the amount of table rows + - issue #18717 Fixed issue when deleting bookmarks + - issue #18713 Fixed some issues with the GIS editor + - issue #18722 Fixed generic error message in the home page + - issue #18693 Fixed enum/set value escaping + - issue #18769 Improved collations support for MariaDB 10.10 + - issue #17381 Fixed JS errors when editing indexes on create table + - issue #14402 Fix the PRIMARY label still shown when using two columns for a PK on create table + - issue #17347 Fixed JS errors when changing index settings on create table + - issue #18762 Fixed truncating tables when a VIEW is included + - issue Fix BETWEEN search does not validate input because of spaces + - issue Fix JS number validation does not validate when the input is empty or emptied + - issue #18561 Fix issue when adding System Monitor charts + - issue #17363 Fix duplicate route parameter after logging in + - issue #15670 Fix case where the data is truncated after changing a longtext column's collation + - issue #18797 Fixed support for ampersand as a arg separator + - issue #18834 Fixed case where column hash is empty in table relation page + - issue #17538 Fixed error when renaming an index + - issue #18865 Fix missing text-nowrap for timestamps columns + - issue #18613 Fixed routine editor showing wrong parameter type + - issue #18890 Fixed wrong row count when query has UNION + - issue #18949 Fixed natural sorting for items in the navigation section + - issue #18930 Fixed import of empty tables from MediaWiki + - issue #18940 Fixed issue when creating an unique key + - issue #19022 Fix case where tables from wrong database is loaded in navigation tree + - issue #18782 Fixed issue with role based auth for MySQL 8 + - issue #18593 Fix drop db line included in server export if exporting only data + - issue #18049 Also check that curl_exec is enabled for the new version check + - issue #19023 Fixed table size for ROCKSDB engine showing as unknown + - issue #18451 Fix when editing inline central column, Null is always preselected + - issue #18495 Fixed database export missing routines + - issue #19117 Allow changing the virtuality of a column without any other changes + - issue #18566 Fixed error when importing exported view with USE INDEX hint + - issue #17920 Fixed moving column with empty default value will replace it with '' + - issue #18006 Fixed moving columns causes the default uuid() value to get quotes around it + - issue #18962 Fixed move columns with ENUM() & DEFAULT causes invalid SQL + - issue #18276 Fix on update CURRENT_TIMESTAMP doesn't show as default in attributes + - issue #18240 Fix inserting value with UNIX_TIMESTAMP() without a parameter + - issue #19125 Fixed CodeMirror tooltip is below modals + - issue #18674 Fix formatted sql in browse table result has a linebreak after each token + - issue #18210 Fixed add replica replication user on MariaDB doesn't work (SQL syntax) + - issue #19041 Fix footer.twig gets printed to Binary File Download + - issue #19091 Fix to stop processing queries on error + - issue #18241 Fix copy SQL query button on error messages + - issue #17190 Fix an error with SELECT ... FOR UPDATE queries + - issue #19145 Remove duplicate server and lang parameters from links + - issue #19158 Fix an issue with backticks on the query generator + - issue #19174 Fix an issue with column alias with asterisk on the query generator + - issue #19146 Fix column sorting with limit subquery + - issue #19152 Fix the number of lines being ignored in GIS visualization after a search + - issue #19189 Fix issue with column sorting when using 'group by' + - issue #19188 Fix issue with simulated queries reporting syntax errors + - issue #19141 Add cookie prefix '-__Secure-' to cookies to help prevent cookie smuggling + - issue #19218 Fix textarea horizontal resizing with Bootstap theme + - issue #19199 Add support for fractional seconds to current_timestamp() + - issue #19221 Fix query statistics for queries with count(*) + - issue #19203 Fix single quotes and backslashes for the query generator + - issue #19163 Fix queries with IS NULL or IS NOT NULL for the query generator + - issue #19181 Fix query generator support for IN() and NOT IN() + - issue #19167 Fix criteria on column '*' for the query generator + - issue #19213 Fix possible issue when exporting a large data set + - issue #19217 Fix issue when editing a cell of a JSON column + - issue #19244 Add yarn 1.22 to the package.json's packageManager field + - issue #19185 Fix visual issue when a row has only empty cells + - issue #19257 Fix issue when adding an index with an invalid name + - issue #19276 Fix compatibility with Twig 3.12 + - issue #19283 Fix issue when the server starts with skip-innodb option + - issue #19299 Fix charset in procedure's parameter type + - issue #19316 Fix input size for hexadecimal values + - issue #19321 Suppress deprecation message of E_STRICT constant + - issue Fix PHP 8.4 `str_getcsv` `$escape` parameter deprecation + - issue #19426 Fix PHP warnings when the column is a `COMPRESSED BLOB` + - issue Allow opening server breadcrumb links in new tab with Ctrl/Meta key + - issue #19500 Use `KILL` instead of `CALL mysql.rds_kill` for non super users + - issue Fix "copy to clipboard" was adding a blank row for each repeating header row + - issue Fix TCPDF translations + - issue Remove underline for links on Bootstrap theme + - issue Fix sql editor height on multi-table query + - issue #18852 Fix notification color scheme on the Bootstrap dark theme + - issue #14542 Show the query even if no results are found in the Table search + - issue #16936 Fixed import (e.g. ods) doesn't respect database default collation + - issue #19000 Disable autocomplete for the create table/db name inputs + +------------------------------------------------------------------- +Mon Feb 26 09:45:34 UTC 2024 - ecsos + +- Adjustments patch macro for rpm 4.20. + +------------------------------------------------------------------- +Fri May 5 07:46:47 UTC 2023 - + +- fix deps for subpkg apache + * definitly Requires mod_php_any +- update phpMyAdmin.http + * add missing for php8 + +------------------------------------------------------------------- +Wed Feb 8 07:23:38 UTC 2023 - ecsos + +- Update to 5.2.1 + This is a security and bufix release. + * Security + - Fix (PMASA-2023-01, CWE-661, boo#1208186, CVE-2023-25727) + Fix an XSS attack through the drag-and-drop upload feature. + * Bugfix + - issue #17522 Fix case where the routes cache file is invalid + - issue #17506 Fix error when configuring 2FA without XMLWriter or Imagick + - issue Fix blank page when some error occurs + - issue #17519 Fix Export pages not working in certain conditions + - issue #17496 Fix error in table operation page when partitions are broken + - issue #17386 Fix system memory and system swap values on Windows + - issue #17517 Fix Database Server panel not getting hidden by ShowServerInfo configuration directive + - issue #17271 Fix database names not showing on Processes tab + - issue #17424 Fix export limit size calculation + - issue #17366 Fix refresh rate popup on Monitor page + - issue #17577 Fix monitor charts size on RTL languages + - issue #17121 Fix password_hash function incorrectly adding single quotes to password before hashing + - issue #17586 Fix statistics not showing for empty databases + - issue #17592 Clicking on the New index link on the sidebar does not throw an error anymore + - issue #17584 It's now possible to browse a database that includes two % in its name + - issue Fix PHP 8.2 deprecated string interpolation syntax + - issue Some languages are now correctly detected from the HTTP header + - issue #17617 Sorting is correctly remembered when $cfg['RememberSorting'] is true + - issue #17593 Table filtering now works when action buttons are on the right side of the row + - issue #17388 Find and Replace using regex now makes a valid query if no matching result set found + - issue #17551 Enum/Set editor will not fail to open when creating a new column + - issue #17659 Fix error when a database group is named tables, views, functions, procedures or events + - issue #17673 Allow empty values to be inserted into columns + - issue #17620 Fix error handling at phpMyAdmin startup for the JS SQL console + - issue Fixed debug queries console broken UI for query time and group count + - issue Fixed escaping of SQL query and errors for the debug console + - issue Fix console toolbar UI when the bookmark feature is disabled and sql debug is enabled + - issue #17543 Fix JS error on saving a new designer page + - issue #17546 Fix JS error after using save as and open page operation on the designer + - issue Fix PHP warning on GIS visualization when there is only one GIS column + - issue #17728 Some select HTML tags will now have the correct UI style + - issue #17734 PHP deprecations will only be shown when in a development environment + - issue #17369 Fix server error when blowfish_secret is not exactly 32 bytes long + - issue #17736 Add utf8mb3 as an alias of utf8 on the charset description page + - issue #16418 Fix FAQ 1.44 about manually removing vendor folders + - issue #12359 Setup page now sends the Content-Security-Policy headers + - issue #17747 The Column Visibility Toggle will not be hidden by other elements + - issue #17756 Edit/Copy/Delete row now works when using GROUP BY + - issue #17248 Support the UUID data type for MariaDB >= 10.7 + - issue #17656 Fix replace/change/set table prefix is not working + - issue Fix monitor page filter queries only filtering the first row + - issue Fix "Link not found!" on foreign columns for tables having no char column to show + - issue #17390 Fix "Create view" modal doesn't show on results and empty results + - issue #17772 Fix wrong styles for add button from central columns + - issue #17389 Fix HTML disappears when exporting settings to browser's storage + - issue #17166 Fix "Warning: #1287 'X' is deprecated [...] Please use ST_X instead." on search page + - issue Use jquery-migrate.min.js (14KB) instead of jquery-migrate.min.js (31KB) + - issue #17842 Use jquery.validate.min.js (24 KB) instead of jquery.validate.js (50 KB) + - issue #17281 Fix links to databases for information_schema.SCHEMATA + - issue #17553 Fix Metro theme unreadable links above navigation tree + - issue #17553 Metro theme UI fixes and improvements + - issue #17553 Fix Metro theme login form with + - issue #16042 Exported gzip file of database has first ~73 kB uncompressed and rest is gzip compressed in Firefox + - issue #17705 Fix inline SQL query edit FK checkbox preventing submit buttons from working + - issue #17777 Fix Uncaught TypeError: Cannot read properties of null (reading 'inline') on datepickers when re-opened + - issue Fix Original theme buttons style and login form width + - issue #17892 Fix closing index edit modal and reopening causes it to fire twice + - issue #17606 Fix preview SQL modal not working inside "Add Index" modal + - issue Fix PHP error on adding new column on create table form + - issue #17482 Default to "Full texts" when running explain statements + - issue Fixed Chrome scrolling performance issue on a textarea of an "export as text" page + - issue #17703 Fix datepicker appears on all fields, not just date + - issue Fix space in the tree line when a DB is expanded + - issue #17340 Fix "New Table" page -> "VIRTUAL" attribute is lost when adding a new column + - issue #17446 Fix missing option for STORED virtual column on MySQL and PERSISTENT is not supported on MySQL + - issue #17446 Lower the check for virtual columns to MySQL>=5.7.6 nothing is supported on 5.7.5 + - issue Fix column names option for CSV Export + - issue #17177 Fix preview SQL when reordering columns doesn't work on move columns + - issue #15887 Fixed DROP TABLE errors ignored on multi table select for DROP + - issue #17944 Fix unable to create a view from tree view button + - issue #17927 Fix key navigation between select inputs (drop an old Firefox workaround) + - issue #17967 Fix missing icon for collapse all button + - issue #18006 Fixed UUID columns can't be moved + - issue Add `spellcheck="false"` to all password fields and some text fields to avoid spell-jacking data leaks + - issue Remove non working "Analyze Explain at MariaDB.org" button (MariaDB stopped this service) + - issue #17229 Add support for Web Authentication API because Chrome removed support for the U2F API + - issue #18019 Fix "Call to a member function fetchAssoc() on bool" with SQL mode ONLY_FULL_GROUP_BY on monitor search logs + - issue Add back UUID and UUID_SHORT to functions on MySQL and all MariaDB versions + - issue #17398 Fix clicking on JSON columns triggers update query + - issue Fix silent JSON parse error on upload progress + - issue #17833 Fix "Add Parameter" button not working for Add Routine Screen + - issue #17365 Fixed "Uncaught Error: regexp too big" on server status variables page +- Rebase phpMyAdmin-config.patch. + +------------------------------------------------------------------- +Wed Jul 13 20:01:20 UTC 2022 - chris@computersalat.de + +- update changes file + * fix missing bugzilla information + +------------------------------------------------------------------- +Thu May 12 13:11:56 UTC 2022 - ecsos + +- Update to 5.2.0 + * Bugfix + - issue #16521 Upgrade Bootstrap to version 5 + - issue #16521 Drop support for Internet Explorer and others + - issue Upgrade to shapefile 3 + - issue #16555 Bump minimum PHP version to 7.2 + - issue Remove the phpseclib dependency + - issue Upgrade Symfony components to version 5.2 + - issue Upgrade to Motranslator 4 + - issue #16005 Improve the performance of the Export logic + - issue #16829 Add NOT LIKE %...% operator to Table search + - issue #16845 Fixed some links not passing through url.php + - issue #16382 Remove apc upload progress method (all upload progress code was removed from the PHP extension) + - issue #16974 Replace zxcvbn by zxcvbn-ts + - issue #15691 Disable the last column checkbox in the column list dropdown instead of not allowing un-check + - issue #16138 Ignore the length of integer types and show a warning on MySQL >= 8.0.18 + - issue Add support for the Mroonga engine + - issue Double click column name to directly copy to clipboard + - issue #16425 Add DELETE FROM table on table operations page + - issue #16482 Add a select all link for table-specific privileges + - issue #14276 Add support for account locking + - issue #17143 Use composer/ca-bundle to manage the CA cert file + - issue #17143 Require the openssl PHP extension + - issue #17171 Remove the printview.css file from themes + - issue #17203 Redesign the export and the import pages + - issue #16197 Replace the master/slave terminology + - issue #17257 Replace libraries/vendor_config.php constants with an array + - issue Add the Bootstrap theme + - issue #17499 Remove stickyfilljs JavaScript dependency +- Rebase phpMyAdmin-config.patch. + +------------------------------------------------------------------- +Fri Feb 11 13:09:01 UTC 2022 - ecsos + +- Update to 5.1.3 + This is a security and bufix release. + * Security + - Fix for boo#1197036 (CVE-2022-0813) + - Fix for path disclosure under certain server configurations + (if display_errors is on, for instance) + * Bugfix + - issue #17308 Fix broken pagination links in the navigation sidebar + - issue #17331 Fix MariaDB has no support for system variable "disabled_storage_engines" + - issue #17315 Fix unsupported operand types in Results.php when running "SHOW PROCESSLIST" SQL query + - issue #17288 Fixed importing browser settings question box after login when having no pmadb + - issue #17288 Fix "First day of calendar" user override has no effect + - issue #17239 Fixed repeating headers are not working + - issue #17298 Fixed import of email-adresses or links from ODS results in empty contents + - issue #17344 Fixed a type error on ODS import with non string values + - issue #17239 Fixed header row show/hide columns buttons on each line after hover are shown on each row + +------------------------------------------------------------------- +Sat Jan 22 09:39:12 UTC 2022 - ecsos + +- Update to 5.1.2 + This is a security and bufix release. + * Security + - Fix boo#1195017 (CVE-2022-23807, PMASA-2022-1, CWE-661) + Two factor authentication bypass + - Fix boo#1195018 (CVE-2022-23808, PMASA-2022-2, CWE-661) + Multiple XSS and HTML injection attacks in setup script + * Bugfixes + - Revert a changed to $cfg['CharTextareaRows'] allow values + less than 7 + - Fix encoding of enum and set values on edit value + - Fixed possible "Undefined index: clause_is_unique" error + - Fixed some situations where a user is logged out when working + with more than one server + - Fixed a problem with assigning privileges to a user using the + multiselect list when the database name has an underscore + - Enable cookie parameter "SameSite" when the PHP version + is 7.3 or newer + - Correctly handle the removal of "innodb_file_format" in + MariaDB and MySQL + +------------------------------------------------------------------- +Sat Jun 5 10:33:05 UTC 2021 - ecsos + +- Update to 5.1.1 + - Fixes for several PHP errors + - Fixes for "$cfg['DefaultTabDatabase']" and other related configuration directives not working properly + - Fix Yaml export to quote strings even when they are numeric + - Fix TCPDF open_basedir issue due to internal guessing code from TCPDF + - Fix for quick search not working when using more than one configured server + Fix datetime decimals displayed (.00000) after edit + - Fix new lines in text fields are doubled + - Fixed URL generation by removing un-needed & escaping for & char + - Improvements for working with PHP 8.1 + - Improved handling of adding a new user with the Percona database server + + For a detail changelog see: + https://demo.phpmyadmin.net/master-config/index.php?route=/changelog + +------------------------------------------------------------------- +Fri Feb 26 10:11:28 UTC 2021 - ecsos + +- Update to 5.1.0 + - issue #15350 Change Media (MIME) type references to Media type + - issue #15377 Add a request router + - issue Automatically focus input in the two-factor authentication window + - issue #15509 Replace gender-specific pronouns with gender-neutral pronouns + - issue #15491 Improve complexity of generated passwords + - issue #14909 Add a configuration option to define the 1st day of week + - issue #12726 Made user names clickable in user accounts overview + - issue #15729 Improve virtuality dropdown for MariaDB > 10.1 + - issue #15312 Added an option to perform ALTER ONLINE (ALGORITHM=INPLACE) + when editing a table structure + - issue Added missing 'IF EXISTS' to 'DROP EVENT' when exporting databases + - issue #15232 Improve the padding in query result tool links + - issue #15064 Support exporting raw SQL queries + - issue #15555 Added ip2long transformation + - issue #15194 Fixed horizontal scroll on structure edit page + - issue #14820 Move table hide buttons in navigation to avoid hiding a table by mistake + - issue #14947 Use correct MySQL version if the version is 8.0 or above for documentation links + - issue #15790 Use "MariaDB Documentation" instead of "MySQL Documentation" on a MariaDB server + - issue #15880 Change "Show Query" link to a button + - issue #13371 Automatically toggle the radio button to "Create a page and save it" on Designer + - issue #12969 Tap and hold will not dismiss the error box anymore, you can now copy the error + - issue #15582 Don't disable "Empty" table button after clicking it + - issue #15662 Stay on the structure page after editing/adding/dropping indexes + - issue #15663 show structure after adding a column + - issue #16005 Remove symfony/yaml dependency + - issue #16005 Improve performance of dependency injection system by removing yaml parsing + - issue #15447 Disable phpMyAdmin storage database checkbox on databases list + - issue #16001 Add autocomplete attributes on login form + - issue #13519 Add "Preview SQL" option on Index dialog box when creating a new table + - issue #15954 Fixed export maximal length of created query input is too small + - issue Redesign the server status advisor page + - issue #13124 Use same height for SQL query textarea and Columns select in SQL page + - issue #16005 Add a new vendor constant "CACHE_DIR" that defaults + to "libraries/cache/" and store routing cache into this folder + - issue #16005 Warm-up the routing cache before building the release + - issue #16005 Use --optimize-autoloader when installing composer vendors before building the release + - issue #15992 Add back the table name to the printable version on "Structure" page + - issue #14815 Allow simplifying exported view syntax to only "CREATE VIEW" + - issue #15496 Add $cfg['CaptchaSiteVerifyURL'] for Google ReCaptcha siteVerifyUrl + - issue #14772 Add the password_hash PHP function as an option when inserting data + - issue #15136 Add a notice for Hex converter giving invalid results + - issue #16139 Use a textarea for JSON columns + - issue #16223 Make JSON input transformation editor less narrow + - issue #14340 Add a button on Export Page to show the SQL Query + - issue #16304 Add support for INET6 column type + - issue #16337 Fix example insert/update query default values + - issue #12961 Remove indexes from table relation + - issue #13557 Use a full list of functions instead of a separated one on insert/edit page "Function" selector + - issue #14795 Include routines in the export in a predictable order + - issue #16227 Fixed autocomplete is not working in case the table name is quoted by "`" symbols + - issue #15463 Force BINARY comparison when looking at privileges to avoid an SQL error on privileges tab + - issue #16430 Fixed Windows error message uses trailing / instead of \ + - issue #16316 Added support for "SameSite=Strict" on cookies using configuration "$cfg['CookieSameSite']" + - issue #16451 Fixed AWS RDS IAM authentication doesn't work because pma_password is truncated + - issue #16451 Show an error message when the security limit is + reached instead of silently trimming the password to avoid confusion + - issue #15001 Add back Login Cookie Validity setting to the features form + - issue #16457 Add config parameters to support third-party ReCaptcha v2 compatible APIs like hCaptcha + - issue #13077 Moved tools section to left on large devices (Bootstrap xl) + - issue #15711 Moved some buttons to left on large devices (Bootstrap xl) + - issue #15584 Add $cfg['MysqlSslWarningSafeHosts'] to set the red text black when ssl is not used on a private network + - issue #15652 Replace deprecated FOUND_ROWS() function call on "distinct values" feature + - issue Export blobs as hex on JSON export + - issue #16095 Fix leading space not shown in a CHAR column when browsing a table + - issue Make procedures/functions SQL editor both side scrollable + - issue #16407 Bump pragmarx/google2fa conflict to >8.0 + - issue #14953 Added a rename Button to use RENAME INDEX syntax of MySQL 5.7 (and MariaDB >= 10.5.2) + - issue #16477 Fixed no Option to enter TABLE specific permissions when the database name contains an "_" (underscore) + - issue #16498 Fixed empty text not appearing after deleting all Routines + - issue #16467 Fixed a PHP notice "Trying to access array offset on value of type null" on Designer PDF export + - issue #15658 Fixed saving UI displayed columns on a non database request fails + - issue #16495 Fix drop tables checkbox is above the checkbox for foreign keys + - issue #16485 Fix visual query builder missing "Build Query" button + - issue #16565 Added 'IF EXISTS' to 'DROP EVENT' when updating events to avoid replication issues + - issue Removed metro fonts that where Apache-2.0 files that are incompatible with GPL-2.0 + - issue #16464 Made the relation view default to the current database when creating relations + - issue #16463 Fixed 'REFERENCES' privilege checkbox's title on new MySQL versions and on MariaDB + - issue #16405 Added jest as a Unit Testing tool for our javascript code + - issue #16252 Fixed the too small font size when editing rows (textareas) + - issue #16585 Fixed BLOB to JPG transformation PHP errors + - issue Made the console setup async to avoid blocking the page render + - issue #16429 Use PHP 8.0 fixed version (commit) for TCPDF + - issue #16005 Major performance improvements on browsing a lot of rows + - issue #16595 Fixed editing columns having a `_` in their name in specific conditions + - issue #16608 Fix "Sort by key" restore auto saved value + - issue #16611 Fixed unable to add tables to rename aliases twice on Export + - issue #16621 Fixed link HTML messed up in Advisor + - issue #16622 Fixed Advisor formatting incorrect for long_query_time notice + - issue #15389 Fixed reset current page indicator after deleting all rows to current page and not page 1 + - issue #15997 Fixed auto save query + - issue #15997 Made auto saved query database or database+table independent + - issue #16641 Fixed query generation that was allowing JSON to have a length + - issue #15994 Fixed the selected value detection for "on update current_timestamp" + - issue #16614 Fixed PHP 8.0 dataseek offset call to the MySQLI extension + - issue #16662 Fixed Uncaught TypeError on "delete" button click of a database search results page + - issue Fixed Undefined index: selected_usr when the user tried to delete no selected user + - issue #16657 Fixed the QBE interface when the configuration storage is not enabled + - issue #16479 Fix our Selenium test-suite + - issue #16669 Fixed table search modal for BETWEEN + - issue #16667 Fixed LIKE and TINYINT in search not working properly + - issue #16424 Fixed numerical search in table and zoom + - issue Improve the version handling (new Version class) and add a VERSION_SUFFIX for vendors + - issue #14494 Fix uncaught TypeError when editing partitioning + - issue #16525 Fix PHP 8.0 failing tests when comparing 0 to '' + - issue #16429 Fixed PHP 8.0 errors on preg_replace and operand types + - issue #16490 Fixed PHP 8.0 function libxml_disable_entity_loader() is deprecated + - issue #16429 Fixed failing unit tests on PHP 8.0 + - issue #16609 Fixed Sql.rearrangeStickyColumns is not a function +- Rebase phpMyAdmin-config.patch. + +------------------------------------------------------------------- +Tue Dec 22 09:47:19 UTC 2020 - Arjen de Korte + +- Use coreutils to generate blowfish secret to reduce dependencies + +------------------------------------------------------------------- +Tue Dec 15 17:59:14 UTC 2020 - Arjen de Korte + +- Attempt to migrate modified configuration file rather than just + replacing it by default configuration + +------------------------------------------------------------------- +Tue Dec 15 07:13:46 UTC 2020 - Arjen de Korte + +- The apache subpackage must require the main package, otherwise it + will not be uninstalled when the main package is uninstalled + +------------------------------------------------------------------- +Sun Dec 13 21:31:05 UTC 2020 - Arjen de Korte + +- Generate blowfish secret and enable Apache modules/flags only on + install +- Only empty temporary directory on upgrade/uninstall (not remove) + to prevent RPM warnings/errors +- Don't empty directories not owned by this package (these should + have been cleaned up by previous versions that owned them) + +------------------------------------------------------------------- +Sun Dec 13 13:06:16 UTC 2020 - Arjen de Korte + +- Use %apache_request_restart/%apache_restart_if_needed macros to restart + apache in order to prevent unneccessary restarts + +------------------------------------------------------------------- +Fri Dec 11 16:46:30 UTC 2020 - Arjen de Korte + +- Package language files in separately + +------------------------------------------------------------------- +Fri Dec 11 13:52:52 UTC 2020 - Arjen de Korte + +- Put Apache configuration files in separate subpackage +- Generate blowfish secret with openssl on non-openSUSE systems as + pwgen is not available + +------------------------------------------------------------------- +Thu Dec 10 21:18:42 UTC 2020 - Arjen de Korte + +- Use system apache rpm macros + +------------------------------------------------------------------- +Mon Nov 9 13:22:27 UTC 2020 - ecsos + +- Update to 5.0.4 + - issue #16245 Fix failed Zoom search clears existing values + - issue Fixed a PHP error when reporting a particular JS error + - issue #16326 Fixed latitude and longitude swap for geometries in edit mode + - issue #16032 Fix CREATE TABLE not being tracked when auto tracking is enabled + - issue #16397 Fix compatibility problems with older PHP versions (also issue #16399) + - issue #16396 Fix broken two-factor authentication + +- Changes from 5.0.3 + - https://github.com/phpmyadmin/phpmyadmin/blob/RELEASE_5_0_3/ChangeLog + +- Changes from 5.0.2 + - https://github.com/phpmyadmin/phpmyadmin/blob/RELEASE_5_0_2/ChangeLog + +- Changes from 5.0.1 + - https://github.com/phpmyadmin/phpmyadmin/blob/RELEASE_5_0_1/ChangeLog + +- Changes from 5.0.0 + - https://github.com/phpmyadmin/phpmyadmin/blob/RELEASE_5_0_0/ChangeLog + +- Set php >= 7.4 as recommends because: + Due to changes in the MySQL authentication method, PHP versions + prior to 7.4 are unable to authenticate to a MySQL 8.0 or newer + server (our tests show the problem actually began with MySQL 8.0.11). + This relates to a PHP bug https://bugs.php.net/bug.php?id=76243. +- Remove Suggests: php-mcrypt as described in boo#1050980 +- Change tmpdir from ap_docroot/tmp to localstatedir/cache/phpMyAdmin. + +------------------------------------------------------------------- +Fri Oct 16 07:56:11 UTC 2020 - Andreas Stieger + +- phpMyAdmin 4.9.7: + * Fix two factor authentication that was broken in 4.9.6 + * Fix incompatibilities with older PHP versions + +------------------------------------------------------------------- +Mon Oct 12 06:25:53 UTC 2020 - ecsos + +- Update to 4.9.6 + This is a security release. +- Fix boo#1177561 (CVE-2020-26934, PMASA-2020-5) XSS relating to + the transformation feature +- Fix boo#1177562 (CVE-2020-26935, PMASA-2020-6) SQL injection + vulnerability in SearchController + +------------------------------------------------------------------- +Sun May 3 15:22:25 UTC 2020 - chris@computersalat.de + +- fix for boo#1170743 + phpMyAdmin installation wipes it's sysconfig apache_server_flag entry + +------------------------------------------------------------------- +Sat May 2 10:54:11 UTC 2020 - Arjen de Korte + +- Don't expand @FQDN@ from /etc/HOSTNAME (this used to set + $cfg['PmaAbsoluteUri'] parameter, but this variable is no longer + in the config.sample.ini file) + +------------------------------------------------------------------- +Thu Apr 23 11:04:19 UTC 2020 - Dominique Leuenberger + +- Drop python-devel BuildRequires: python2 is EOL and this seems + unused. +- Drop xz BuildRequires: OBS takes care of unpacking the tarball. + +------------------------------------------------------------------- +Mon Mar 23 06:40:08 UTC 2020 - ecsos@opensuse.org + +- Update to 4.9.5 + This is a security release containing several bug fixes. + * CVE-2020-10804: SQL injection vulnerability in the user + accounts page, particularly when changing a password + (boo#1167335, PMASA-2020-2) + * CVE-2020-10802: SQL injection vulnerability relating to the + search feature (boo#1167336, PMASA-2020-3) + * CVE-2020-10803: SQL injection and XSS having to do with + displaying results (boo#1167337, PMASA-2020-4) + * Removing of the "options" field for the external + transformation. + +------------------------------------------------------------------- +Tue Jan 21 21:24:30 UTC 2020 - chris@computersalat.de + +- fix for boo#1092345 + * change ap_docroot from /srv/www/htdocs to /usr/share + work is based on changes provided by ecsos@opensuse.org + if phpMyAdmin.conf for apache was changed by local admin, we will + create a backup and replace the original file with the new version + sorry admins, but you need to apply your changes again + * needed Alias /phpMyAdmin is an enabled APACHE_SERVER_FLAGS default + for more info have a look into /etc/apache2/conf.d/phpMyAdmin.conf +- cleanup tmp/twig on + * uninstall + * ap_docroot change + +------------------------------------------------------------------- +Wed Jan 8 14:26:20 UTC 2020 - chris@computersalat.de + +- update to 4.9.4 (2020-01-07) + * https://github.com/phpmyadmin/phpmyadmin/blob/RELEASE_4_9_4/ChangeLog +- fix for boo#1160456 + * PMASA-2020-1 (CVE-2020-5504, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2020-1/ + - SQL injection in user accounts page +- fix changes about corresponding PMASA + +------------------------------------------------------------------- +Mon Dec 30 15:41:02 UTC 2019 - ecsos@opensuse.org + +- phpMyAdmin 4.9.3 + * Several PHP notices and warnings including "Undefined index + table_create_time," a notice about error_reporting() being + disabled for security reasons, and several Undefined Index + errors. + * Support CloudFront-Forwarded-Proto header for Amazon CloudFront + proxy + * Early compatibility with development versions of PHP 8 + * Fix replication actions (start, stop, etc) + +------------------------------------------------------------------- +Sat Nov 23 09:42:06 UTC 2019 - Andreas Stieger + +- phpMyAdmin 4.9.2: + * CVE-2019-18622: SQL injection in Designer feature (PMASA-2019-5, boo#1157614) + * Fixes for "Failed to set session cookie" error + * Advisor with MySQL 8.0.3 and newer + * Fix PHP deprecation errors + * Fix a situation where exporting users after a delete query could + remove users + * Fix incorrect "You do not have privileges to manipulate with the + users!" warning + * Fix copying a database's privileges and several other problems + moving columns with MariaDB + * Fix for phpMyAdmin not selecting all the values when using + shift-click to select during Export + +------------------------------------------------------------------- +Sat Sep 21 19:16:35 UTC 2019 - Andreas Stieger + +- phpMyAdmin 4.9.1: + * CVE-2019-12922: hardening against CSRF (no PMASA, boo#1150914) + * Editing columns with CURRENT_TIMESTAMP for MySQL versions 8.0.13 + and newer + * Compatibility issues with PHP 8 + * Export of GIS visualization + * Enhanced descriptions for several collation types + * Creating a user with a single quote in the password string + * Unexpected quotes during import and export on text fields + * Improvements to adding new tables to Designer + * Fix an issue where an authenticated user could trigger heavy + traffic between the database server and web server + * Fix a weakness where an attacker, under certain conditions, + working at the same time as an administrator is using the setup + script, could delete a server from the setup script + +------------------------------------------------------------------- +Sun Jun 30 13:05:23 UTC 2019 - chris@computersalat.de + +- fix changelog + * add missing boo# with relation to CVE and PMASA +- rebase phpMyAdmin-config.patch + +------------------------------------------------------------------- +Wed Jun 5 14:43:41 UTC 2019 - ecsos@opensuse.org + +- phpMyAdmin 4.9.0.1: + * Several issues with SYSTEM VERSIONING tables + * Fixed json encode error in export + * Fixed JavaScript events not activating on input + (sql bookmark issue) + * Show Designer combo boxes when adding a constraint + * Fix edit view + * Fixed invalid default value for bit field + * Fix several errors relating to GIS data types + * Fixed javascript error PMA_messages is not defined + * Fixed import XML data with leading zeros + * Fixed php notice, added support for 'DELETE HISTORY' table + privilege (MariaDB >= 10.3.4) + * Fixed MySQL 8.0.0 issues with GIS display + * Fixed "Server charset" in "Database server" tab showing wrong + information + * Fixed can not copy user on Percona Server 5.7 + * Updated sql-parser to version 4.3.2, which fixes several + parsing and linting problems +- fix for boo#1137497 + * PMASA-2019-4 (CVE-2019-12616, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2019-4/ + - CSRF vulnerability in login form +- fix for boo#1137496 + * PMASA-2019-3 (CVE-2019-11768, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2019-3/ + - SQL injection in Designer feature + +------------------------------------------------------------------- +Fri Feb 1 19:10:59 UTC 2019 - andreas.stieger@gmx.de + +- phpMyAdmin 4.8.5: + * CVE-2019-6799: Arbitrary file read vulnerability (PMASA-2019-1, + bsc#1123272) + * CVE-2019-6798: SQL injection in the Designer interface + PMASA-2019-2, bsc#1123271) + * Fix rxport to SQL format not available + * Fix QR code not shown when adding two-factor authentication to + a user account + * Fix issue with adding a new user in MySQL 8.0.11 and newer + * Fix frozen interface relating to Text_Plain_Sql plugin + * Fix missing table level operations tab + +------------------------------------------------------------------- +Wed Dec 12 10:47:31 UTC 2018 - ecsos@opensuse.org + +- update to 4.8.4 (2018-12-11) + - gh#14452 Remove hash param in edit query URL + - gh#14295 Issue in Changing theme + - gh#13267 Ensure that database names with '.' are handled + properly when DisableIS is true + - gh#14438 Invisible Icon "Show Full Queries" + - gh#14133 CSS issue in Designer + - gh#14447 Error while copying database (pma__column_info) + - gh#14571 "No database selected" - DROP a view + - gh#14636 Move operation causes SELECT * FROM `undefined` + - gh#14630 Enum '0' produces incorrect search SQL + - gh#14223 Fix TypeError in database designer + - gh#13621 QBE selenium tests broken since merge of #13342 + - gh#14672 When logging with $cfg['AuthLog'] to syslog, + successful login messages were not logged even if + $cfg['AuthLogSuccess'] was true. + - gh#14339 Fix infinite loop when sorting table rows by key. + - gh#14658 Regression on multi table query functionality + (foreign keys) + - gh#14617 Fix designer errors when database is empty + - gh#13032 Fix designer errors when database contains special + chars + - gh#14352 Fix designer javascript errors + - gh#14764 Fix left/right icons hidden +- fix for boo#1119245 + - PMASA-2018-6 (CVE-2018-19968, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2018-6/ + - PMASA-2018-7 (CVE-2018-19969, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2018-7/ + - PMASA-2018-8 (CVE-2018-19970, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2018-8/ + +------------------------------------------------------------------- +Thu Aug 23 09:18:37 UTC 2018 - ecsos@opensuse.org + +- update to 4.8.3 (2018-08-22) + - gh#14314 Error when naming a database '0' + - gh#14333 Fix NULL as default not shown + - gh#14229 Fixes issue with recent table list + - gh#14045 Fix slow performance on DB structure filtering + - gh#14327 Fix Editing server variable not showing save or cancel + option + - gh#14377 Populate options for view create and edit + - gh#14171 2FA configuration fails if PHP doesn't have GD support + - gh#14390 Can't unhide tables + - gh#14382 "Visualize GIS data" icon missing + - gh#14435 Event scheduler status toggle doesn't work + - gh#14365 View not working on multiple servers + - gh#14207 Partition actions in table structure do not work + - gh#14375 Fixes ERR_BLOCKED_BY_XSS_AUDITOR on export table + - gh#14552 Blank message shown instead of MySQL error when adding + trigger and other locations + - gh#14525 Fix PHP 7.3 warning: "continue" in "switch" is equal + to "break" + - gh#14554 Icon missing when creating a new trigger, routine, + and event + - gh#14422 Table comment not showing since 4.8.1 + - gh#14426 Drop table doesn't work when you copy tables to + another database + - gh#14581 Escaped HTML in 'Add a new server' setup + - gh#14548 [security] HTML injection in import warning messages, + see PMASA-2018-5 +- fix for boo#1105726 + - PMASA-2018-5 (CVE-2018-15605, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2018-5/ + +------------------------------------------------------------------- +Tue Jul 31 21:17:35 UTC 2018 - chris@computersalat.de + +- fix for boo#1103305 + * add missing dependency for php-ctype + +------------------------------------------------------------------- +Fri Jun 22 15:05:37 UTC 2018 - chris@computersalat.de + +- update to 4.8.2 (2018-06-21) + * issue #14370 WHERE 0 causes Fatal error + * issue #14225 Fix missing index icon +- fix for boo#1098752 + * PMASA-2018-3 (CVE-2018-12581, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2018-3/ + - XSS in Designer feature +- fix for boo#1098751 + * PMASA-2018-4 (CVE-2018-12613, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2018-4/ + - File inclusion and remote code execution attack +- some minor changelog fixes about security fix entries + +------------------------------------------------------------------- +Sat May 26 08:32:00 UTC 2018 - ecsos@opensuse.org + +- update to 4.8.1 (2018-05-25) + * gh#12772 Fix case where the central columns attributes don't + get filled in + * gh#14049 Fix case where the query builder doesn't work when + selected column is * + * gh#14029 Revert "Browse" table CSS overflow + * gh#14241 Dropping indexes and foreign keys fail + * gh#14227 Relational linking broken + * gh#14246 Fixed error in configuration storage zero config + * gh#14128 Show 2FA Secret next to QR code + * gh#14212 XML Export from single table throws fatal error + * gh#14239 Line and some other charts ignore result set order of + values chosen for the x-axis + * gh#14260 Fixed configuration for DefaultLang and Lang + * gh#14264 Linking for 'Distinct values' broken + * gh#13968 Fix MariaDB 10.2 current_timestamp() + * gh#14249 Fix for missing go button in view edit + * gh#14125 Fix for issues with spatial fields + * gh#14189 Remember table's sorting broken + * gh#14289 Fix multi-column sorting + * gh#14278 Fix central columns in-line edit bug + * gh#14066 Fix AUTO_INCREMENT error when only exporting table + structure in database-level exports + * gh#13893 Simulating queries produces unexpected results + * gh#14309 Setup script icons missing + +------------------------------------------------------------------- +Fri Apr 20 09:55:08 UTC 2018 - ecsos@opensuse.org + +- update to 4.8.0.1 (2018-04-19) +- fix for boo#1090309 + * PMASA-2018-2 (CVE-2018-10188, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2018-2/ + - Multiple CSRF vulnerabilities + +------------------------------------------------------------------- +Wed Apr 11 20:02:26 UTC 2018 - ecsos@opensuse.org + +- fix wrong require /usr/bin/bash to /bin/bash so phpMyAdmin could + install +- insert missing templates dir in htaccess + See https://docs.phpmyadmin.net/de/latest/setup.html#securing-your-phpmyadmin-installation +- create tmp dir and insert this in htaccess to fix the errormessage + after login + +------------------------------------------------------------------- +Wed Apr 11 17:45:44 UTC 2018 - javier@opensuse.org + +- spec clean up + * Let rpm find the library dependencies by itself. Remove + unneeded explicit Requires: tags (php-zlib) + * Remove logic for obsolete openSUSE releases + * Ignore pem-certificate rpmlint warning (see + libraries/certs/README.rst) + * Remove hidden .github, .php_cs.dist, .scrutinizer.yml and + .editorconfig + * Remove php_twig.h and twig.c (devel) + * Set proper shebang for bash and php scripts + * Make phpmyadmin/sql-parser/bin/*-query and + paragonie/random_compat/*.sh executable + +------------------------------------------------------------------- +Wed Apr 11 07:42:57 UTC 2018 - javier@opensuse.org + +- update to 4.8.0 (2018-04-07) + * gh#12946 Allow to export JSON with unescaped unicode chars + * gh#12983 Disable login button without solved reCaptcha + * gh#12315 Allow to remove individual segments from pie charts + * gh Change label from "Improve table structure" to + "Normalize" to match standard terminology + * gh#13087 Offer login as different user on access denied from + MySQL + * gh#13110 Indicate when HTTPS is not properly reported on the + server + * gh#13119 No database selected error when adding foreign key + * gh#12388 Improved database search to allow search for exact + phrase match + * gh#13099 Report error when trying to copy database to same + name + * gh#13167 Themes now have to contain metadata in theme.json + * gh#6363 phpMyAdmin no longer requires eval() in PHP + * gh#12386 The mbstring dependency is now optional + * gh#13269 Small refactoring in preparation to CSP + * gh#13384 Database link broken in Databases Page + * gh#13391 Configurable authentication logging using + $cfg['AuthLog'] + * gh#13086 Add support for Google Invisible Captcha + * gh#13058 Improved error reporting for reCAPTCHA + * gh#12899 Improved rendering of server variables table + * gh#12948 Fixed javascript editor for TIME values + * gh#13095 Fixed alignment of foreign keys editing + * gh#12944 Improved inline editor for JSON + * gh#13145 Improved layout of operations pages + * gh#13448 Add "format" query button in edit view form + * gh#6241 Implement Responsive Design/mobile interface + * gh Use a single location for classes under PhpMyAdmin + namespace + * gh#12354 Indicate SSL status on main page + * gh#5666 Configuration directives for defaults of Transformation + options + * gh#12261 Remove inline JavaScript + * gh#13408 Show MySQL warnings when executing SQL queries + * gh#5827 Allow Designer to show tables from other databases + * gh#13268 Replace Query-By-Example with multi-table query + generator interface + * gh#13576 Add privileges export to per-database listing + * gh Consolidate functions into class files + * gh#13560 Add support for changing collation for all tables and + columns in database + * gh#13303 Add support for creating fulltext index from table + structure + * gh#13711 Lower default value for $cfg['MaxExactCount'] + * gh#13722 DisableIS is not fully honored + * gh#6197 Added support for authentication using U2F and 2FA + * gh#13480 Avoid removing cookies on upgrade + * gh#13397 Remember state of navigation panel + * gh#11688 Reduced cookie usage + * gh#13466 Better utilization of user preferences + * gh#14042 Rename PMD to Designer + * gh#13940 Honor arg_separator in AJAX requests + * gh#14060 Can't edit rows in Internet Explorer + * gh#14096 Internet Explorer compatibility; fixes JavaScript error + Object doesn't support property or method 'startsWith' + +------------------------------------------------------------------- +Tue Mar 6 13:43:10 UTC 2018 - ecsos@opensuse.org + +- update to 4.7.9 (2018-03-05) + * gh#13931 Fixed browsing tables with more results + * gh#13927 "Not an integer" when browsing a table + * gh#13887 "Input variables exceeded 1000" error relating + to PHP's max_input_vars directive + +------------------------------------------------------------------- +Thu Feb 22 20:30:07 UTC 2018 - astieger@suse.com + +- phpMyAdmin 4.7.8: + * Fixed error handling with PHP 7.2 + * Fixed resetting default setting values + * Fixed fallback value for collation connection +- fix for boo#1082188 + * PMASA-2018-1 (CVE-2018-7260, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2018-1/ + - Fix XSS in Central Columns Feature + +------------------------------------------------------------------- +Mon Dec 25 19:14:32 UTC 2017 - astieger@suse.com + +- phpMyAdmin 4.7.7: + * Fixed displaying of formatted numeric values for some locales + * Ensure datetimepicker is always loaded for datetime fields + * Fixed PHP error when browsing certain results + * Fix XSRF/CSRF vulnerability (bsc#1074066, PMASA-2017-09) + CVE-2017-1000499 + +------------------------------------------------------------------- +Sat Dec 2 10:14:46 UTC 2017 - ecsos@opensuse.org + +- update to 4.7.6 (2017-11-29) + * gh#13517 Fixed check all interaction with filtering + * gh#13803 Add SJIS-win to default list of allowed charsets + * gh#13436 Improve detection that MySQL server needs SSL connection + * gh#13038 Support JSON datatype on MariaDB 10.2.7 and newer + * gh#13824 Fixed constructing ALTER query with AFTER + * gh#13821 Lock page when changes are done in the SQL editor + * gh#13842 Prefer iconv for encoding conversions + * gh#13737 Fixed changing password on MariaDB cluster + +------------------------------------------------------------------- +Sun Nov 26 18:14:24 UTC 2017 - suse+build@de-korte.org + +- fix for boo#1057661 + * no longer require php_mod_any (recommend it instead) + * only enable php5 / php7 if running Apache prefork MPM +- fix %post + * use sed instead of grep/awk to determine PHP version + +------------------------------------------------------------------- +Tue Oct 24 07:40:37 UTC 2017 - ecsos@opensuse.org + +- update to 4.7.5 (2017-10-23) + * gh#13615 Avoid problems with browsing unknown query types + * gh#13612 Integrate tooltip into datetime pickers + * gh#13628 Fixed javascript error in server monitor + * gh#13444 Fixed server monitor on non Linux and Windows systems + * gh#13633 Reload javscript messages when changing language + * gh#13604 Fixed crash on invalid ordering data + * gh#13639 Fixed error when browsing non SELECT results + * gh#13533 Fixed saving column to display + * gh#13647 Fixed export of tables with VIRTUAL columns + * gh#13669 Fixed selecting multiple rows accidentally selects + the next row too + * gh#13513 Fixed edit index Column alignment issue + * gh#13515 Fixed rendering of add index dialog + * gh#13710 Fixed possible error in server advisor + * gh#13477 Fixed setting input transformations + * gh#13552 Fixed IPv4/IPv6 To Binary input transformation + * gh#13686 Clicking on column name to trigger sort with an active + search leads to logout + * gh#13725 Fixed copying tables with specific PARTITION + definition + * gh#13761 Fixed listing of bookmarks for a database + +------------------------------------------------------------------- +Fri Sep 8 12:51:38 UTC 2017 - chris@computersalat.de + +- fix recommends + * php5-curl -> php-curl + * php5-zip -> php-zip +- fix post step + * enable correct phpX module + +------------------------------------------------------------------- +Fri Aug 25 17:05:32 UTC 2017 - ecsos@opensuse.org + +- update to 4.7.4 + * gh#13415 Remove shadow from the logo + * gh#13507 Fixed per server theme feature + * gh#13523 Missing newline in ALTER exports + * gh#13414 Fixed several compatibility issues with PHP 7.2 + * gh#13550 Fixed copy results to clipboard + * gh#13562 Add limitation for user group length + * gh#13561 Fixed edit variable link in advisor + * gh#13579 Optimize table link should not be visible in print + page + * gh#13553 Improved error handling on corrupted tables + * gh#13512 Fixed rendering of add index dialog + * gh#13606 Fixed refreshing server variables + +------------------------------------------------------------------- +Fri Jul 28 09:17:35 UTC 2017 - chris@computersalat.de + +- fix for boo#1050980 + * replace mcrypt with openssl, see + https://github.com/phpseclib/phpseclib/issues/1028 +- update changes (update to 4.6.6 (2017-01-23)) + * add missing (CVE-Not yet available) CVE's + +------------------------------------------------------------------- +Sat Jul 22 08:03:55 UTC 2017 - ecsos@opensuse.org + +- update to 4.7.3 + * gh#13447 Large multi-line query removes Export operation and + blanks query box options + * gh#13445 Fixed rendering of query results + * gh#13437 Fixed version check when not connected to a database + * gh#13465 Fixed creating relation + * gh#13475 Fixed export without backquotes + * gh#13482 Improved handling of uploaded files with open_basedir + * gh#13387 Fixed inline editing of hex values + * gh#13382 Fixed size of index edit dialog + * gh#13489 Fixed rendering SQL lint errors + * gh#13468 Avoid breakage if set_time_limit is disabled + * gh#13471 Fail if ini_set/ini_get are disabled + * gh#13436 Automatically connect using SSL when server is + configured so + * gh#13478 Fixed usage of some browser transformations + +------------------------------------------------------------------- +Sun Jul 2 09:07:05 UTC 2017 - ecsos@opensuse.org + +- update to 4.7.2 (2017-06-29) + * gh#13314 Make theme selection keep current server + * gh#13311 Fixed direct login for accounts without password + * gh#13316 Fixed check for mbstring.func_overload + * gh#13323 Fixed wrong encoding of table at triggers + * gh#12976 Fixed natural sorting in several places + * gh#12718 Show warning for users removed from mysql.user table + * gh#13362 Fixed loading additional javascripts + * gh#13343 Fixed editing QBE + * gh#13193 Improved documentation on user settings + * gh#13092 Gracefully handle early fatal errors in AJAX requests + * gh#13327 Fixed Incorrect NavigationTreeEnableExpansion default + value in the documentation + * gh#13008 Fixed export of database with a lot of tables + * gh#13318 Improved performance when importing with enabled + tracking + * gh#13386 Avoid PHP errors with non existing configuration on + OS X + * gh#13388 Show only supported charsets for conversion + * gh#13392 Fixed operation with session.auto_start enabled + * gh#13383 "Create PHP code" is broken + * gh#13189 Fixed links to resume timeouted import + +------------------------------------------------------------------- +Fri Jun 2 09:34:30 UTC 2017 - ecsos@opensuse.org + +- update to 4.7.1 (2017-05-25) + * gh#13132 Always execute tracking queries as controluser + * gh#13125 Focus on SQL editor after inserting field name + * gh#13133 Fixed broken links in setup + * gh#13135 Database list Tooltips: Show wrong value + * gh#13150 Fixed pagination while browsing resuls + * gh#13149 Fixed outbound links in changelog.php + * gh#13146 Do not include devel dependencies in the release + * gh#13144 Do not show New as a database in database dropdown + * gh#13130 Fixed handling of errors in AJAX requests + * gh#13152 Fixed PHP error in case of invalid table preferences + * gh#13154 Fixed PHP error on password change + * gh#13219 Fix Refresh of Process List + * gh#13182 Fix refresh of long queries + * gh#12301 Improved handling of logout with disabled + LoginCookieDeleteAll + * gh#13216 Add support for MySQL 8.0 collations + * gh#13218 Fixed rendering of phpMyAdmin logos + * gh#13234 Properly report not working sessions + * gh#13256 Fixed password check on server replication + * gh#13252 Fixed grid editing time column + * gh#13258 Fixed detection of Amazon RDS + * gh#13241 Redirect user to last page that has any tables to + display + * gh#13266 Fix link to User accounts overview page + * gh#13274 Fix error in query builder + * gh#13177 Grid editing repeats action after error + +------------------------------------------------------------------- +Sat Apr 22 16:41:39 UTC 2017 - chris@computersalat.de + +- restore phpMyAdmin-pma.patch + * because it is NOT upstream and needed for configuration storage +- restore previous phpMyAdmin-config.patch + * merge with upstream config VAR changes + - removed $cfg['Servers'][$i]['designer_coords'] + +------------------------------------------------------------------- +Sat Apr 1 18:58:33 UTC 2017 - ecsos@opensuse.org + +- update to 4.7.0 (2017-03-28) + * gh#12233 [Display] Improve message when renaming database to + same name + * gh#6146 Log authentication attempts to syslog + * gh#11981 Remove support for Swekey authentication + * gh#11987 Remove code for no longer supported MSIE versions + * gh#11962 Remove embedded PHP libraries, use composer to install + them + * gh#12017 Cannot easily select multiple tables when exporting + * gh#12047 Add javascript filtering for databases + * gh#12166 More compact rendering of navigation tree + * gh#12129 Improve performance with SkipLockedTables + * gh#12173 Do not hide indexes under a slider + * Improve performance of zip file import + * gh#12196 Removed $cfg['ThemePath'] + * gh#6274 Add support for export user settings as config.inc.php + snippet + * gh#5555 Better report query errors while generating SQL exports + * gh#12307 Produce valid JSON on export + * gh#12325 Setup script icons broken + * gh#12378 Support IPv6 proxies + * Removed MySQL connection retry without password + * gh#12218 Allow to specify further parameters for control + connection + * gh#12162 Show charset for each table on Database structure page + * gh#12463 Incorrect link in the href of icon at Hide/Show unhide + links + * gh#12330 Shortcut for closing console + * gh#12465 Improved handling of http requests + * gh#12474 Broken links in Setup forms Navigation + * gh#12494 Can't add a new User + * gh#12523 Add 'token' Parameter in all POST requests + (Fix 'Token mismatch' errors) + * gh#12302 Improved usage of number_format + * gh#12656 Server selection not working + * gh#12543 NULL results in dataset are colored grey + * gh#12664 Create Bookmark broken + * gh#12688 Use unsigned int for storing bookmark ID + * gh#12352 Added password strength indicator + * gh#12713 Correctly handle HTTP status when doing requests + * gh#12247 Add option to delete settings from browser storage + * gh#12783 Remove unused PMA_addJSCode function + * gh#12069 Add table filtering to database structure + * gh#12799 Allow to configure signon session parameters + * gh#12854 Drop database is broken + * gh#12863 Can't toggle Event Scheduler on + * gh#12742 Finish removing dead code references to xls/xlsx + import and export, which was removed some time ago. + * gh#12536 Rename "Relations" to "Relationships" in many places + as it's the more proper term + * gh#12834 Fixed margins in central columns feature + * gh#12903 Document more export configuration options + * gh#12897 Use consistent numeric format for table overhead + * gh#12901 Use server returned table name on renaming table + * gh#12918 Always use \r\n as newline when editing fields + * gh#12923 Fixed server side search in navigation panel + * gh#12929 Undefined index warning with ssl_ca_paths + * gh#12924 Do not show errors from OpenSSL cookie + encryption/decryption + * gh#12945 Fixed hint rendering on adding new user + * gh#12941 Fixed sorting of tables in relation view + * gh#12936 Fixed tables pagination in navigation panel + * gh#12904 Do not collapse add form for central columns if there + are none + * gh#12955 Fixed database renaming + * gh#12954 Fixed export of tracking data + * gh#12960 Enclose exports in transaction by default + * gh#12966 After adding a column ADD INDEX option won't be + displayed when enabling AI + * gh#12972 Better error message when Composer has not been run + * gh#12988 Do not show language selector without choices + * gh#12993 Fixed external links to php documentation + * gh#12990 Fixed error when loading favorite tables to console + * gh#12981 Improved rendering of new version information + * gh#12922 Fixed bookmarks ordering + * gh#12964 Fixed table search in navigation + * gh#12985 Fixed rendering of foreign key browsing + * gh#12957 Fixed manipulation with GIS data having zero + coordinates + * gh#12804 Fixed various designer javascript errors + * gh#12934 Fixed possible javascript error on server status page + * gh#12927 Fixed javascript error on 3NF normalization + * gh#12996 List all databses in navigation panel database + dropdown + * gh#12980 Better defaults when creating multi field foreign key + * gh#12976 Improved foreign key editor behavior + * gh#12958 Always show error reporting dialog on top + * gh#12693 Improved support for TokuDB + * gh#11231 Try harder to honor LoginCookieValidity setting + * gh#13016 and #13017 Slight improvements to the table layout of + Relation view + * gh#12345 Correctly show affected rows for LOAD DATA queries + * gh#13010 Copy database: SQL error for copying PMADB metadata + * gh#13002 Fixed OpenDocument exports + * gh#13000 Align NULL values according to the column alignment + * gh#13021 Show phpMyAdmin errors even with error_reporting + set to 0 + * gh#13020 Removed warning about client and server versions + mismatch + * Hide comments on table Structure tab when no comment is set + * Fixed submission of error reports + * gh#13033 Use Referrer-Policy header to specify referrer policy + * Fixed javascript confirmation of dangerous queries + * gh#13040 Compatibility with hhvm 3.18 + * gh#13031 Fixed displaying of all rows + * gh#12967 Fixed related field selection for native relations + * gh#13045 Properly escape MIME transformatoin names + * gh#13028 Always show 100% in font selector + * gh#13047 Fix query simulating for more servers + * gh#12846 Fix new version check for sites with wrongly + configured curl + * gh#12951 When exporting to Excel, the default is now to include + column names in the first row + * gh#13059 Removed debugging code + * gh#13029 Fixed table tracking for nested table groups + * gh#13053 Fixed broken links in setup + * gh#12708 Removed phpMyAdmin version from User-Agent header + * gh#13084 Do not point users to setup when it is disabled + * gh#12660 Delete only phpMyAdmin cookies on upgrade + * gh#13088 Fixed editing of rows with text primary key + * gh#13092 Do not try to sync favorite tables if configuration + storage is not enabled + * gh#13105 Fixed changing attribute for virtual field + * gh#12757 Fixed setting password on recent MariaDB with non + working plugins + * gh#12349 Fixed undefined variable on import from some formats + * gh#13103 Do not offer default names for copying/renaming + databases + * [security] Possible to bypass + $cfg['Servers'][$i]['AllowNoPassword'], see PMASA-2017-08 +- Drop patch phpMyAdmin-pma.patch because now in upstream + +------------------------------------------------------------------- +Mon Mar 20 22:13:20 UTC 2017 - chris@computersalat.de + +- add http.inc file + * include one file for php5/php7 admin flags/values + +------------------------------------------------------------------- +Wed Jan 25 22:12:33 UTC 2017 - chris@computersalat.de + +- 4.6.6 (2017-01-23) + * gh#12759 Fix Notice regarding 'Undefined index: old_usergroup' + * gh#12760 Fix Notice regarding 'Undefined index: users' + * gh#12762 Fixed parsing of SQL with BINARY function + * gh#12588 ReCaptcha now works without allow_url_fopen + * gh#12699 Show no local storage warning only on settings tab + * gh#12778 Syntax Error in Adding/Changing TIMESTAMP columns with + default value as NULL + * gh#12769 Edit/Export links are not clickable under Routines tab + * gh#12757 Fixed creating new user with older MariaDB + * gh#12784 Remove ctype installation suggestion + * gh#12780 Format button replaces all text with blank spaces + * gh#12786 Fixed database searching + * gh#12792 Fixed javascript error on new version link + * gh#12785 Add information about required and suggested extensions + to composer.json + * gh#12801 Custom header shown twice with cookie login form + * gh#12802 Custom footer not shown with auth_type http login failure + * gh#12434 Improve documentation for servers running with Suhosin + * gh#12800 Updated embedded phpSecLib to 2.0.4 + * gh#12800 Fixed various issues with PHP 7.1 + * gh#11816 Fixed operation with lower_case_table_names=2 + * gh#12813 Fixed stored procedure execution + * gh#12826 Honor user configured connection collation + * gh#12293 Correctly report OpenSSL errors from cookie encryption + * gh#12814 DateTime won't allow to input length in Routine editor + * gh#12840 Fix Notice regarding 'Undefined index: row_format' when + altering table options + * gh#12841 Fixed moving of columns with whitespace in name + * gh#12847 Fixed editing of virtual columns + * gh#12859 Changed WHERE condition to 0 instead of 1 for SQL query + window to avoid accidents + * gh#12872 Use same query for display and execution when dropping + index + * gh#12868 Fix check for user groups freatures being enabled + * gh#12876 Fix notices and warning related to dbs_to_test global + * gh#12831 Fix table formatting on Insert tab, which mostly + affected row highlighting + * gh#12495 Reintroduced phpinfo page with limited capabilities + * gh#12861 Fix renaming tables with lower_case_table_names=2 + * gh#12876 Fix possible PHP error in navigation + * gh#12881 Fix database search with newer php-gettext + * gh#12894 Fix linter error on unterminated variable name + * gh#12732 Fixed filtering for active processes +- fix for boo#1021597 + * PMASA-2016-44 (CVE-2016-6621, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2016-44/ + - Multiple vulnerabilities in setup script + * PMASA-2017-1 (CVE-2017-1000013, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2017-1/ + - Open redirect + * PMASA-2017-2 (CVE-2015-8980, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2017-2/ + - php-gettext code execution + * PMASA-2017-3 (CVE-2017-1000014, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2017-3/ + - DOS vulnerabiltiy in table editing + * PMASA-2017-4 (CVE-2017-1000015, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2017-4/ + - CSS injection in themes + * PMASA-2017-5 (CVE-2017-1000016, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2017-5/ + - Cookie attribute injection attack + * PMASA-2017-6 (CVE-2017-1000017, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2017-6/ + - SSRF in replication + * PMASA-2017-7 (CVE-2017-1000018, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2017-7/ + - DOS in replication status +- remove obsolete phpMyAdmin-12757_sql_syntax_errror.patch +- rework phpMyAdmin-config.patch + +------------------------------------------------------------------- +Thu Jan 19 17:42:49 UTC 2017 - ecsos@opensuse.org + +- Add Patch phpMyAdmin-12757_sql_syntax_errror.patch to fix + gh#12757 SQL syntax errror on MariaDB < 10.0.2 in check for mysql + password check plugin. + Will be fixed in 4.6.6 + +------------------------------------------------------------------- +Tue Dec 6 15:25:29 UTC 2016 - chris@computersalat.de + +- update to 4.6.5.2 (2016-12-05) + * gh#12765 Fixed SQL export with newlines +- update changes (update to 4.6.5 (2016-11-25)) + * add missing (Not yet available) CVE's +- fix phpMyAdmin.http + +------------------------------------------------------------------- +Sat Nov 26 15:32:19 UTC 2016 - ecsos@opensuse.org + +- update to 4.6.5.1 (2016-11-26) + - quick fix for 4.6.5 + * an issue affecting a small number of users using + $cfg['Servers'][$i]['hide_db'] or $cfg['Servers'][$i]['only_db']. + * an issue affecting the create table dialog where the partition + selection tool was overzealous and made it difficult to create + a new table. + +- update to 4.6.5 (2016-11-25) + - security fixes + * Fix for expanding in navigation pane + * Reintroduced a simplified version of PmaAbsoluteUri directive + (needed with reverse proxies) + * Fix editing of ENUM/SET/DECIMAL field structures + * Improvements to the parser + - other fixes + * Remove potentionally license problematic sRGB profile + * gh#12459 Display read only fields as read only when editing + * gh#12384 Fix expanding of navigation pane when clicking on database + * gh#12430 Impove partitioning support + * gh#12374 Reintroduced simplified PmaAbsoluteUri configuration + directive + * Always use UTC time in HTTP headers + * gh#12479 Simplified validation of external links + * gh#12483 Fix browsing tables with built in transformations + * gh#12485 Do not show warning about short blowfish_secret if none + is set + * gh#12251 Fixed random logouts due to wrong cookie path + * gh#12480 Fixed editing of ENUM/SET/DECIMAL fields structure + * gh#12497 Missing escaping of configuration used in SQL + (hide_db and only_db) + * gh#12476 Add error checking in reading advisory rules file + * gh#12477 Add checking missing elements and confirming element + types from json_decode + * gh#12251 Automatically save SQL query in browser local storage + rather than in cookie + * gh#12292 Unable to edit transformations + * gh#12502 Remove unused paramenter when connecting to MySQLi + * gh#12303 Fix number formatting with different settings of + precision in PHP + * gh#12405 Use single quotes in PHP code + * gh#12534 Option for the dropped column is not removed from + 'after_field' select, after the column is dropped + * gh#12531 Properly detect DROP DATABASE queries + * gh#12470 Fix possible race condition in setting URL hash + * gh#11924 Remove caching of server information + * gh#11628 Proper parsing of INSERT ... ON DUPLICATE KEY queries + * gh#12545 Proper parsing of CREATE TABLE ... PARTITION queries + * gh#12473 Code can throw unhandled exception + * gh#12550 Do not try to keep alive session even after expiry + * gh#12512 Fixed rendering BBCode links in setup + * gh#12518 Fixed copy of table with generated columns + * gh#12221 Fixed export of table with generated columns + * gh#12320 Copying a user does not copy usergroup + * gh#12272 Adding a new row with default enum goes to no selection + when you want to add more then 2 rows + * gh#12487 Drag and drop import prevents file dropping to blob + column file selector on the insert tab + * gh#12554 Absence of scrolling makes it impossible to read longer + text values in grid editing + * gh#12530 "Edit routine" crashes when the current user is not the + definer, even if privileges are adequate + * gh#12300 Export selective tables by-default dumps Events also + * gh#12298 Fixed export of view definitions + * gh#12242 Edit routine detail dialog does not fill "Return length" + field in mysql functions + * gh#12575 New index Confirm adds whitespace around the field name + * gh#12382 Bug in zoom search + * gh#12321 Assign LIMIT clause only to syntactically correct queries + * gh#12461 Can't Execute SQL With Sub-Query Due To "LIMIT 0,25" + Inserted At Wrong Place + * gh#12511 Clarify documentation on ArbitraryServerRegexp + * gh#12508 Remove duplicate code in SQL escaping + * gh#12475 Cleanup code for getting table information + * gh#12579 phpMyAdmin's export of a Select statment without a FROM + clause generates Wrong SQL + * gh#12316 Correct export of complex SELECT statements + * gh#12080 Fixed parsing of subselect queries + * gh#11740 Fixed handling DELETE ... USING queries + * gh#12100 Fixed handling of CASE operator + * gh#12455 Query history stores separate entry for every letter + typed + * gh#12327 Create PHP code no longer works + * gh#12179 Fixed bookmarking of query with multiple statements + * gh#12419 Wrong description on GRANT OPTION + * gh#12615 Fixed regexp for matching browser versions + * gh#12569 Avoid showing import errors twice + * gh#12362 prefs_manage.php can leave an orphaned temporary file + * gh#12619 Unable to export csv when using union select + * gh#12625 Broken Edit links in query results of JOIN query + * gh#12634 Drop DB error in import if DB doesn't exist + * gh#12338 Designer reverts to first saved ER after EACH relation + create or delete + * gh#12639 'Show trace' in Console generates JS error for functions + in query's trace called without any arguments + * gh#12366 Fix user creation with certain MariaDB setups + * gh#12616 Refuse to work with mbstring.func_overload enabled + * gh#12472 Properly report connection without password in setup + * gh#12365 Fix records count for large tables + * gh#12533 Fix records count for complex queries + * gh#12454 Query history not updated in console until page refresh + * gh#12344 Fixed parsing of labels in loop + * gh#12228 Fixed parsing of BEGIN labels + * gh#12637 Fixed editing some timestamp values + * gh#12622 Fixed javascript error in designer + * gh#12334 Missing page indicator or VIEWs + * gh#12610 Export of tables with Timestamp/Datetime/Time columns + defined with ON UPDATE clause with precision fails + * gh#12661 Error inserting into pma__history after timeout + * gh#12195 Row_format = fixed not visible + * gh#12665 Cannot add a foreign key - non-indexed fields not listed + in InnoDB tables + * gh#12674 Allow for proper MySQL-allowed strings as identifiers + * gh#12651 Allow for partial dates on table insert page + * gh#12681 Fixed designer with tables using special chars + * gh#12652 Fixed visual query builder for foreign keys with more + fields + * gh#12257 Improved search page performance + * gh#12322 Avoid selecting default function for foreign keys + * gh#12453 Fixed escaping of SQL parts in some corner cases + * gh#12542 Missing table name in account privileges editor + * gh#12691 Remove ksort call on empty array in PMA_getPlugins + function + * gh#12443 Check parameter type before processing + * gh#12299 Avoid generating too long URLs in search + * gh#12361 Fix self SQL injection in table-specific privileges + * gh#12698 Add link to release notes and download on new version + notification + * gh#12712 Error when trying to setup replication (fatal error in + call to an old PMA_DBI_connect function) +- fix for boo#1012271 + https://www.phpmyadmin.net/security/ + * Unsafe generation of $cfg['blowfish_secret'] + see PMASA-2016-58 (CVE ids: CVE-2016-9847, CWE-661) + * phpMyAdmin's phpinfo functionality is removed + see PMASA-2016-59 (CVE ids: CVE-2016-9848, CWE-661) + * AllowRoot and allow/deny rule bypass with specially-crafted + username + see PMASA-2016-60 (CVE ids: CVE-2016-9849, CWE-661) + * Username matching weaknesses with allow/deny rules + see PMASA-2016-61 (CVE ids: CVE-2016-9850, CWE-661) + * Possible to bypass logout timeout + see PMASA-2016-62 (CVE ids: CVE-2016-9851, CWE-661) + * Full path disclosure (FPD) weaknesses + see PMASA-2016-63 (CVE ids: CVE-2016-9852, CVE-2016-9853, + CVE-2016-9854, CVE-2016-9855, CWE-661) + * Multiple XSS weaknesses + see PMASA-2016-64 (CVE ids: CVE-2016-9856, CVE-2016-9857, + CWE-661, CWE-352) + * Multiple denial-of-service (DOS) vulnerabilities + see PMASA-2016-65 (CVE ids: CVE-2016-9858, CVE-2016-9859, + CVE-2016-9860, CWE-661, CW-400) + * Possible to bypass white-list protection for URL redirection + see PMASA-2016-66 (CVE ids: CVE-2016-9861, CWE-661, CWE-20, + CWE-601) + * BBCode injection to login page + see PMASA-2016-67 (CVE ids: CVE-2016-9862, CWE-661) + * Denial-of-service (DOS) vulnerability in table partitioning + see PMASA-2016-68 (CVE ids: CVE-2016-9863, CWE-661, CWE-400) + * Multiple SQL injection vulnerabilities + see PMASA-2016-69 (CVE ids: CVE-2016-9864, CWE-661, CWE-89) + * Incorrect serialized string parsing + see PMASA-2016-70 (CVE ids: CVE-2016-9865, CWE-661) + * CSRF token not stripped from the URL + see PMASA-2016-71 (CVE ids: CVE-2016-9866, CWE-661) + +------------------------------------------------------------------- +Sun Nov 6 16:27:00 UTC 2016 - chris@computersalat.de + +- fix deps + * add missing Recommends php5-curl +- fix phpMyAdmin.http + * add + +------------------------------------------------------------------- +Sat Nov 5 02:54:41 UTC 2016 - chris@computersalat.de + +- fix phpMyAdmin.http + +------------------------------------------------------------------- +Thu Aug 18 13:31:57 UTC 2016 - chris@computersalat.de + +- 4.6.4 (2016-08-16) + - securitiy fixes + * Improve session cookie code for openid.php and signon.php example + files + * Full path disclosure in openid.php and signon.php example files + * Unsafe generation of BlowfishSecret (when not supplied by the user) + * Referrer leak when phpinfo is enabled + * Use HTTPS for wiki links + * Improve SSL certificate handling + * Fix full path disclosure in debugging code + * Administrators could trigger SQL injection attack against users + - other fixes + * Remove Swekey support + * Include X-Robots-Tag header in responses + * Enforce numeric field length when creating table + * Fixed invalid Content-Length in some HTTP responses + * gh#12394 Create view should require a view name + * gh#12391 Message with 'Change password successfully' displayed, + but does not take effect + * Tighten control on PHP sessions and session cookies + * gh#12409 Re-enable overhead on server databases view + * gh#12414 Fixed rendering of Original theme + * gh#12413 Fixed deleting users in non English locales + * gh#12416 Fixed replication status output in Databases listing + * gh#12303 Avoid typecasting to float when not needed + * gh#12425 Duplicate message variable names in messages.inc.php + * gh#12399 Adding index to table shows wrong top navigation + * gh#12424 Fixed password change on MariaDB without auth plugin + * gh#12339 Do not error on unset server port + * gh#12422 Improvements to the original theme + * gh#12395 Do not try to load old transformation plugins + * gh#12423 Fixed replication status in database listing + * gh#12433 Copy table with prefix does not copy the indexes + * gh#12375 Search in database: Window content is not scrolling down + when clicking first time on Browse link + * gh#12346 SQL Editor textareas can have their size increased from + the top, distorting the page view +- fix for boo#994313 + https://www.phpmyadmin.net/security/ + * Weaknesses with cookie encryption + see PMASA-2016-29 (CVE-2016-6606, CWE-661) + * Multiple XSS vulnerabilities + see PMASA-2016-30 (CVE-2016-6607, CWE-661) + * Multiple XSS vulnerabilities + see PMASA-2016-31 (CVE-2016-6608, CWE-661) + * PHP code injection + see PMASA-2016-32 (CVE-2016-6609, CWE-661) + * Full path disclosure + see PMASA-2016-33 (CVE-2016-6610, CWE-661) + * SQL injection attack + see PMASA-2016-34 (CVE-2016-6611, CWE-661) + * Local file exposure through LOAD DATA LOCAL INFILE + see PMASA-2016-35 (CVE-2016-6612, CWE-661) + * Local file exposure through symlinks with UploadDir + see PMASA-2016-36 (CVE-2016-6613, CWE-661) + * Path traversal with SaveDir and UploadDir + see PMASA-2016-37 (CVE-2016-6614, CWE-661) + * Multiple XSS vulnerabilities + see PMASA-2016-38 (CVE-2016-6615, CWE-661) + * SQL injection vulnerability as control user + see PMASA-2016-39 (CVE-2016-6616, CWE-661) + * SQL injection vulnerability + see PMASA-2016-40 (CVE-2016-6617, CWE-661) + * Denial-of-service attack through transformation feature + see PMASA-2016-41 (CVE-2016-6618, CWE-661) + * SQL injection vulnerability as control user + see PMASA-2016-42 (CVE-2016-6619, CWE-661) + * Verify data before unserializing + see PMASA-2016-43 (CVE-2016-6620, CWE-661) + * SSRF in setup script + see PMASA-2016-44 (CVE-2016-6621, CWE-661) + * Denial-of-service attack with + $cfg['AllowArbitraryServer'] = true and persistent connections + see PMASA-2016-45 (CVE-2016-6622, CWE-661) + * Denial-of-service attack by using for loops + see PMASA-2016-46 (CVE-2016-6623, CWE-661) + * Possible circumvention of IP-based allow/deny rules with IPv6 and + proxy server + see PMASA-2016-47 (CVE-2016-6624, CWE-661) + * Detect if user is logged in + see PMASA-2016-48 (CVE-2016-6625, CWE-661) + * Bypass URL redirection protection + see PMASA-2016-49 (CVE-2016-6626, CWE-661) + * Referrer leak + see PMASA-2016-50 (CVE-2016-6627, CWE-661) + * Reflected File Download + see PMASA-2016-51 (CVE-2016-6628, CWE-661) + * ArbitraryServerRegexp bypass + see PMASA-2016-52 (CVE-2016-6629, CWE-661) + * Denial-of-service attack by entering long password + see PMASA-2016-53 (CVE-2016-6630, CWE-661) + * Remote code execution vulnerability when running as CGI + see PMASA-2016-54 (CVE-2016-6631, CWE-661) + * Denial-of-service attack when PHP uses dbase extension + see PMASA-2016-55 (CVE-2016-6632, CWE-661) + * Remove tode execution vulnerability when PHP uses dbase extension + see PMASA-2016-56 (CVE-2016-6633, CWE-661) +- fix deps + * add missing php-gettext +- rebase phpMyAdmin-config.patch + +------------------------------------------------------------------- +Thu Jun 23 12:10:01 UTC 2016 - chris@computersalat.de + +- update to 4.6.3 (2016-06-23) + * gh#12249 Fixed cookie path on Windows + * gh#12279 Fixed error reporting on connect problems + * gh#12290 Fixed export of tables without explicitly set engine + * gh#12285 Designer JavaScript error: Show/Hide tables list + * gh#12293 Fix MySQL SSL connection with some PHP versions + * gh#12279 Fix MySQL connection error on version mismatch + * gh#12281 Keep user attributes (privileges, authentication mode, etc) when copying a user + * gh#12308 Fix division by zero in case of misconfigured MySQL server + * gh#12317 Fix editing server variables + * gh#12303 Fix table size calculation in some circumstances + * gh#12310 Fix listing routines for non privileged user + * issue Escape generated query in exporting a database + * issue Setup script did not properly use input type password for some input types +- fix for boo#986154 + * PMASA-2016-17 (CVE-2016-5701, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2016-17/ + - BBCode injection vulnerability + * PMASA-2016-18 (CVE-2016-5702, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2016-18/ + - Cookie attribute injection attack + * PMASA-2016-19 (CVE-2016-5703, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2016-19/ + - SQL injection attack + * PMASA-2016-20 (CVE-2016-5704, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2016-20/ + - XSS on table structure page + * PMASA-2016-21 (CVE-2016-5705, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2016-21/ + - Multiple XSS vulnerabilities + * PMASA-2016-22 (CVE-2016-5706, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2016-22/ + - DOS attack + * PMASA-2016-23 (CVE-2016-5730, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2016-23/ + - Multiple full path disclosure vulnerabilities + * PMASA-2016-24 (CVE-2016-5731, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2016-24/ + - XSS through FPD + * PMASA-2016-25 (CVE-2016-5732, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2016-25/ + - XSS in partition range functionality + * PMASA-2016-26 (CVE-2016-5733, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2016-26/ + - Multiple XSS vulnerabilities + * PMASA-2016-27 (CVE-2016-5734, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2016-27/ + - Unsafe handling of preg_replace parameters + * PMASA-2016-28 (CVE-2016-5739, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2016-28/ + - Referrer leak in transformations + +------------------------------------------------------------------- +Sun May 29 15:07:43 UTC 2016 - chris@computersalat.de + +- rebase phpMyAdmin-config.patch + +------------------------------------------------------------------- +Sat May 28 07:33:29 UTC 2016 - ecsos@opensuse.org + +- update to 4.6.2 (2016-05-25) + - gh#12225 Use https for documentation links + - gh#12234 Fix schema export with too many tables + - gh#12240 Avoid parsing non JSON responses as JSON + - gh#12244 Avoid using too log URLs when getting javascripts + - gh#12118 Fixed setting mixed case languages + - gh#12229 Avoid storing objects in session when debugging SQL + - gh#12249 Fix cookie path on IIS + - gh#11705 Fix occassional 200 errors on Windows + - gh#12219 Fix locking issues when importing SQL + - gh#12231 Avoid confusing warning when mysql extension is missing + - fix issue Improve handling of logout + - fix issue Safer handling of sessions during authentication + - gh#12209 Fix server selection on main page + - gh#12192 Avoid storing full error data in session + - gh#12082 Fixed export of ARCHIVE tables with keys + - gh#11565 Add session reload for config authentication + - gh#12229 Do not fail on errors stored in session + - gh#12248 Fix loading of APC based upload progress bar +- remove PmaAbsoluteUri from phpMyAdmin-config.patch because since + version 4.6.0 it is remove +- Security fixes: + * PMASA-2016-14 (CVE-2016-5097, CWE-661, boo#982126) + https://www.phpmyadmin.net/security/PMASA-2016-14/ + - User SQL queries can be revealed through URL GET parameters, + see PMASA-2016-14 + * PMASA-2016-16 (CVE-2016-5099, CWE-661, boo#982128) + https://www.phpmyadmin.net/security/PMASA-2016-16/ + - Self XSS vulneratbility, see PMASA-2016-16 + +------------------------------------------------------------------- +Mon May 9 10:14:44 UTC 2016 - chris@computersalat.de + +- phpMyAdmin 4.6.1: + * Problems with SQL syntax warnings from the linter/parser + * Fixing an error about "PMA_Util" not found + * Better handling of JSON columns + * Fixed quoting with the SQL parser, which in particular adversely + affected SQL imports and exports + +------------------------------------------------------------------- +Thu Mar 24 12:03:17 UTC 2016 - astieger@suse.com + +- phpMyAdmin 4.6.0: + * Allow setting routine-wise privileges + * UI for defining partitioning in create table window + * Support JSON data type + * Editing partitions in table Structure + * Copy results to clipboard + * Reactivate cut&paste possibility in print view + * Display binary strings as text if they are valid UTF-8 + * Copy multiple tables to database + * Show MySQL error messages in user language + * Add new configuration directive 'ssl_verify' for self-signed + certificates with mysqlnd and PHP >= 5.6 + * Remove ForceSSL and PmaAbsoluteUri configuration directives + (these are better handled by proper webserver configuration) + * Fixed several bugs relating to exporting, particularly with + DEFAULT and COMMENT fields + +------------------------------------------------------------------- +Tue Mar 1 18:04:41 UTC 2016 - astieger@suse.com + +- phpMyAdmin 4.5.5.1: + The following vulnerabilities were fixed: + * CVE-2016-2559: XSS vulnerability in SQL parser (PMASA-2016-10 boo#968940) + * CVE-2016-2560: Multiple XSS vulnerabilities (PMASA-2016-11 boo#968938) + * CVE-2016-2561: Multiple XSS vulnerabilities (PMASA-2016-12 boo#968941) + * CVE-2016-2562: Vulnerability allowing man-in-the-middle attack on API call to GitHub (PMASA-2016-13 boo#968928) + The following upstream bugs were fixed: + * CREATE UNIQUE INDEX index type is not recognized by parser. + * Row count wrong when grouping joined tables. + * Column definition with default value and comment in CREATE TABLE expoerted faulty. + * New statement but no delimiter and unexpected token with REPLACE. + * Fixed incorrect usage of SQL parser context in SQL export + * Fixed inclusion of gettext library from SQL parser + +------------------------------------------------------------------- +Wed Feb 24 20:56:15 UTC 2016 - astieger@suse.com + +- phpMyAdmin 4.5.5 + * improvements to changing passwords on newer MariaDB servers + * several fixes to the SQL parser + +------------------------------------------------------------------- +Sat Jan 30 08:43:24 UTC 2016 - ecsos@opensuse.org + +- update to 4.5.4.1 (2016-01-28) + - gh#11892 Error with PMA 4.4.15.3 + - gh#11896 Remove hard dependency on phpseclib + +------------------------------------------------------------------- +Thu Jan 28 18:20:05 UTC 2016 - astieger@suse.com + +- phpMyAdmin 4.5.4 + The followinng vulnerabilities were fixed: (boo#964024) + * CVE-2016-2038: Multiple full path disclosure vulnerabilities + * CVE-2016-2039: Unsafe generation of XSRF/CSRF token + * CVE-2016-2040: Multiple XSS vulnerabilities + * CVE-2016-1927: Insecure password generation in JavaScript + * CVE-2016-2041: Unsafe comparison of XSRF/CSRF token + * CVE-2016-2042: Multiple full path disclosure vulnerabilities + * CVE-2016-2043: XSS vulnerability in normalization page + * CVE-2016-2044: Full path disclosure vulnerability in SQL parser + * CVE-2016-2045: XSS vulnerability in SQL editor +- update upstream singing keyring + +------------------------------------------------------------------- +Sun Jan 10 23:40:38 UTC 2016 - astieger@suse.com + +- 4.5.x package was missing template - fix boo#961285 + +------------------------------------------------------------------- +Wed Jan 6 17:36:34 UTC 2016 - chris@computersalat.de + +- fix for boo#960854 + * add missing dependency of php-json + +------------------------------------------------------------------- +Mon Jan 4 21:39:35 UTC 2016 - astieger@suse.com + +- phpMyAdmin 4.5.3.1: + * Minimum requirement is PHP 5.5 +- Highlights of the 4.5.x.x series: + * Improvements to the Console feature + * Include structure in PDF export + * Validate data before import + * Support CHECKSUM TABLE operation + * Improved operations regarding partitions + * Alter privileges when renaming or copying a database or table + * Several improvements related to speed and responsiveness + * Improved print view + * Use CTRL or ALT plus arrow keys to navigate in grid editor + * Use plain-English destinations for + $cfg['NavigationTreeDefaultTabTable'], $cfg['DefaultTabServer'], + $cfg['DefaultTabDatabase'], and $cfg['DefaultTabTable']. + The old style values will still work, but this makes it easier for + new users to easily understand the destination links. + * Integrate SQL debugging into Console + * Restore row editing when no unique/primary key exists + * Allow exporting one file per table and one file per database + * Improvements to using multiple servers with the auth_type cookie + * Support virtual columns (MySQL 5.7.5+) + * Add or improve support for several MariaDB features including + process list and virtual/persistent columns + * Improved handling of cached data when upgrading phpMyAdmin + * Add SHA256 security password support + +------------------------------------------------------------------- +Tue Dec 29 18:47:04 UTC 2015 - ecsos@opensuse.org + +- update to 4.4.15.2 (2015-12-25) +- Security fixes: + * PMASA-2015-5 (CVE-2015-8669, CWE-661 CWE-200) boo#960282 + https://www.phpmyadmin.net/security/PMASA-2015-6/ + - [Security] Path disclosure, see PMASA-2015-6 + +------------------------------------------------------------------- +Mon Oct 26 10:32:47 UTC 2015 - ecsos@opensuse.org + +- update to 4.4.15.1 (2015-10-23) + - gh#11464 phpMyAdmin suggests upgrading to newer version not + usable on that system +- Security fixes: [boo#951960] + * PMASA-2015-5 (CVE-2015-7873, CWE-661 CWE-20) + https://www.phpmyadmin.net/security/PMASA-2015-5/ + - fix issue [security] Content spoofing on url.php + +------------------------------------------------------------------- +Sun Sep 20 20:12:36 UTC 2015 - ecsos@opensuse.org + +- update to 4.4.15 (2015-09-20) + - gh#11411 Undefined "replace" function on numeric scalar + - gh#11421 Stored-proc / routine - broken parameter parsing + - fix issue Missing name for configuration read_as_multibytes + - gh#11431 Incorrect "No row selected" message + - gh#11447 MySQL 5.5 and the language system variable + - gh#11452 Semantics of export and import icons are mixed up + - gh#11451 Designer-Bug in move.js on multiple server + configuration + - gh#11458 Invalid UTF-8 sequence in argument + - gh#11457 Request URI too large + - fix issue Invalid argument supplied for foreach() + - gh#11461 Foreign key constraints for InnoDB tables with + upper-case letters disabled + - gh#11487 Warning when entering Query page +- change entrys in changelog from sf to gh from 4.13.0 to now + +------------------------------------------------------------------- +Thu Sep 17 09:41:30 UTC 2015 - ecsos@opensuse.org + +- boo#945999 enable required apache modules in spec at install + +------------------------------------------------------------------- +Fri Sep 11 09:55:59 UTC 2015 - ecsos@opensuse.org + +- update 4.4.14.1 (2015-09-08) +- Security fixes: [boo#945420] + * PMASA-2015-4 (CVE-2015-6830, CWE-661 CWE-307) + https://www.phpmyadmin.net/security/PMASA-2015-4/ + - fix issue [security] reCaptcha bypass + +------------------------------------------------------------------- +Tue Aug 25 10:09:07 UTC 2015 - ecsos@opensuse.org + +- update to 4.4.14 (2015-08-20) + - gh#11367 Export after search, missing WHERE clause + - gh#11380 Incomplete message after import + - fix issue Incorrect scalar type declaration + (reported under PHP 7) + - gh#11389 ReCaptcha produces deprecated messages under PHP 7 + - gh#11387 phpseclib < 2.0 produces deprecated messages on PHP 7 + - gh#11404 "Switch to copied table" doesn't work + - gh#11406 Missing quotes after calling "distinct values" + - gh#11386 Cannot import database with long data in one column + - gh#11410 SPATIAL index option is not clickable + +------------------------------------------------------------------- +Sun Aug 9 06:06:17 UTC 2015 - ecsos@opensuse.org + +- update to 4.4.13.1 (2015-08-08) + - gh#11368 SQL error when importing phpMyAdmin dump file + +------------------------------------------------------------------- +Sat Aug 8 10:35:18 UTC 2015 - ecsos@opensuse.org + +- update to 4.4.13 (2015-08-07) + - gh#1808 "Improve table structure" generates invalid SQL + - fix issue Once checked "Show only active" checkbox is always + checked + - gh#1813 Delete rows using "Check All" is broken + - fix issue Fix PHP 7 possible binding ambiguity + - gh#11326 Exported schema includes all the tables of the + database + - gh#11339 Results not displayed if query ends in delimiter and + comment + - gh#11320 Live edit of data fields is not working always + - fix issue Table list in navigation collapses when entering into + a table in another page + - gh#11364 JS error while trying to auto navigate to db structure + page when db creation has failed + +------------------------------------------------------------------- +Tue Jul 21 18:11:32 UTC 2015 - mcihar@suse.cz + +- Apache configuration compatible with both 2.2 and 2.4 + +------------------------------------------------------------------- +Mon Jul 20 14:45:32 UTC 2015 - mcihar@suse.cz + +- update to 4.4.12 (2015-07-20) + - Saved chart image does not have a proper name or an extension + - sf#4976 Timepicker CSS issues in Original theme + - sf#4975 Move/Copy/Rename operations on Table/Db fail on Drizzle server + - sf#4826 Two inline edit windows + - sf#4979 Problem when import *.ods file + - Add missing head tag + - sf#4985 Column headers move when scrolling +- use smaller xz compressed archive +- update Apache configuration to be compatible with 2.4 + +------------------------------------------------------------------- +Wed Jul 8 06:27:42 UTC 2015 - ecsos@opensuse.org + +- update to 4.4.11 (2015-07-06) + - fix bug Missing selected/entered values when editing active + options in visual query builder + - sf#4969 Autoload from prefs_storage not behaving properly + - sf#4972 Incorrect length computed for binary data + - fix bug Remove character set from create_tables_drizzle.sql + - sf#4973 Users overview needs clarification + - sf#4974 Creating a database from console doesn't update + navigation panel + - sf#4844 FAQ 1.17 needs an update +- change sourcepath in spec + +------------------------------------------------------------------- +Thu Jul 2 11:16:15 UTC 2015 - mcihar@suse.cz + +- switch upstream url to https +- include signed release together with keyring to verify signatures + +------------------------------------------------------------------- +Wed Jun 17 17:23:38 UTC 2015 - ecsos@opensuse.org + +- add missing sql-scripts to doc + +------------------------------------------------------------------- +Wed Jun 17 15:30:50 UTC 2015 - ecsos@opensuse.org + +- update to 4.4.10 (2015-06-17) + - sf#4950 Issues in database selection for replication + - sf#4951 Trying to save chart as image crashes the browser + - sf#4953 cant drag sql.gz file onto import input + - sf#4960 Table creation results in GET request with missing + server parameter that invalidates the session + - sf#4961 Javascript error when Designer is opened + - sf#4962 Insert by foreign key scrolls page to top + - sf#4955 Clicking on the navi logo does not always work + - fix bug External URL for $cfg['NavigationLogoLink'] causes + JavaScript error when clicked + +------------------------------------------------------------------- +Fri Jun 5 07:56:13 UTC 2015 - ecsos@opensuse.org + +- update to 4.4.9 (2015-06-04) + - sf#4920 relation view doesn't list fields of table in other + database + - sf#4905 Sorting by an alias + - sf#4931 False error before entering reCAPTCHA + - sf#4909 central column with multiple server + - sf#4937 Custom export with backquotes off is not working + - sf#4908 Reverse proxy: infinite internal redirect + (added warning in doc) + - sf#4942 Export to gzip saves plain text under Chrome + +------------------------------------------------------------------- +Thu May 28 16:13:56 UTC 2015 - ecsos@opensuse.org + +- update to 4.4.8 (2015-05-28) + - fix bug Allow accessing visual query builder when pmadb is not + configured + - sf#4893 Nav tree line alignment issue + - sf#4911 Lock page icon is not shown after fresh reload + - sf#4912 "Highlight pointer" and "Row marker" doesn't work + properly + - fix bug Browse foreigners window goes out of the window + - sf#4918 Date field popup dialog position bug + - fix bug In /setup, PMA_messages is not defined + - sf#4924 Recaptcha failure + - sf#4930 Database copy doesn't work for tables with more than + one FULLTEXT index + - sf#4929 Edit view structure doesn't load the algorithm + - sf#4923 Do not limit table comments to 60 characters + +------------------------------------------------------------------- +Sat May 16 12:04:23 UTC 2015 - ecsos@opensuse.org + +- update to 4.4.7 (2015-05-16) + - sf#4876 Settings issues (Favorite tables shown twice in + Settings) + - sf#4896 Non-styled error page when following results link + - sf#4894 Deleting without confirmation + - sf#4858 Issues with SQL autocomplete + - sf#4897 Column hint in SQL autocomplete is sometimes not shown + - sf#4898 JS error after selecting a field and press Enter + - fix bug Honor proxy settings when getting Git commit + information + - fix bug Missing title on link + - sf#4512 ForceSSL Redirect Check + - fix bug Undefined index collation_connection + - fix bug Error when the reporting server is down + - fix bug Escape database and table names for partition + maintenance + - fix bug Invalid value for CURLOPT_SSL_VERIFYPEER + - sf#4367 Import status infinite loop + - sf#4902 Designer: Loading does not work + - sf#4904 Setup: Overview > Display does not work + - sf#4906 Designer: pages from all databases + +------------------------------------------------------------------- +Wed May 13 17:51:57 UTC 2015 - ecsos@opensuse.org + +- update 4.4.6.1 (2015-05-13) + This update fixes several vulnerabilities +- Security fixes: + * PMASA-2015-2 (CVE-2015-3902, CWE-661 CWE-352) + http://www.phpmyadmin.net/home_page/security/PMASA-2015-2.php + - sf#4899 [security] CSRF vulnerability in setup + * PMASA-2015-3 ( CVE-2015-3903, CWE-661 CWE-295) + http://www.phpmyadmin.net/home_page/security/PMASA-2015-3.php + - sf#4900 [security] Vulnerability allowing man-in-the-middle + attack + +------------------------------------------------------------------- +Thu May 7 15:45:44 UTC 2015 - ecsos@opensuse.org + +- update to 4.4.6 (2015-05-07) + - sf#4890 webkitStorageInfo and webkitIndexedDB is deprecated + - sf#4892 Undefined variable: unique_conditions + - sf#4891 CSV Import ignores "Replace table data with file" + checkbox + +------------------------------------------------------------------- +Tue May 5 15:45:46 UTC 2015 - ecsos@opensuse.org + +- update to 4.4.5 (2015-05-05) + - fix bug Table overhead stats: missing space before the unit + - fix bug Fix resize icon in Designer + - sf#4879 Exit fullscreen in Designer does not change + the button text + - sf#4880 Designer icons missing when using original theme + - sf#4878 Column list of central columns is not cleared + - sf#4881 jQuery dialogs of the Designer are not displayed in + fullscreen + - sf#4883 Search function breaks when searching for certain + combinations of backslashes and slashes + - sf#4830 Maximum execution time exceeded in Util.class.php + (better fix) + - sf#4885 Some icons are above the overlay of jQuery dialogs + - sf#4886 Clicking on external links in advisor rules give + JS error + - sf#4888 Filter in central columns does not work in other + languages + +------------------------------------------------------------------- +Sun Apr 26 12:08:40 UTC 2015 - ecsos@opensuse.org + +- update to 4.4.4 (2015-04-26) + - sf#4863 Edit vs Change + - sf#4859 Don't scroll (to bottom) when editing multiple rows + - sf#4862 Misaligned Inline edit field + - sf#4861 Use of undefined constant PMA_DRIZZLE + - sf#4865 sprintf(): Too few arguments + - sf#4866 Limit column ordering in index edit dialog + - sf#4867 Incorrect ALTER TABLE statement generated + - sf#4870 Inconsistency in 'Ignore' checkbox in insert page + - sf#4869 Drop column action not asking to confirm + - sf#4871 Error on creating table + - fix bug Undefined index: Rows + +------------------------------------------------------------------- +Mon Apr 20 15:02:56 UTC 2015 - ecsos@opensuse.org + +- update to 4.4.3 (2015-04-20) + - sf#4851 PHP errors in login dialogue + - sf#4845 White screen (Cloudflare) + - sf#4207 json_encode error due to strftime returning non utf8 + chars in Windows 8.1 Chinese version + - sf#4794 Server error viewing table content + - fix bug Fix issues related to number of decimal places in time + - sf#4853 Relation view between 1600 and 1780 px + - fix bug PHP 7 compatibility in php-gettext + - fix bug PHP 7 compatibility in bfShapeFiles + - fix bug PHP 7 session_regenerate_id() warning + - sf#4857 Alter table after changing column name error + - sf#4830 Maximum execution time exceeded in Util.class.php + +------------------------------------------------------------------- +Mon Apr 13 18:28:37 UTC 2015 - ecsos@opensuse.org + +- update to 4.4.2 (2015-04-13) + - sf#4835 PMA_hideShowConnection not called after + submit_num_fields + - sf#4836 Server warning after moving from console to + direct clicks + - sf#4837 Duplicate new version notification when using + the "Back" button + - sf#4839 DOC link in setting is broken + - sf#4841 Status page: Mislukte pogingen per uur value is + incorrect + - fix bug MIME Transformation link fixed + - sf#4838 Prevents console window from moving out of the + screen height + - sf#4829 Create procedure via SQL Editor not more possible + - sf#4833 CSS and Javascript are not compressed + - sf#4849 Functions accessed from navigation do not load on + ajax dialog + - sf#4850 Relation view on 1920 + +------------------------------------------------------------------- +Sat Apr 11 18:02:48 UTC 2015 - ecsos@opensuse.org + +- update 4.4.1.1 (2015-04-08) + - sf#4846 Web server's error log is flooded + +- changes from 4.4.1 (2015-04-07) + - sf#4813 MySQL 5.7.6 and the Users menu tab + - sf#4818 MySQL 5.7.6 and changing the password for another user + - sf#4819 Request URI too large + - sf#4814 MySQL 5.7.6 and Databases + - fix bug Use 'server' parameter in console to work in multi + server environments + - fix bug Missing tooltip in monitor + - fix bug Missing sort icons in monitor + - sf#4805 Inline edit broken when using functions in query + - sf#4821 Timed-out import fails to restart when file represented + - sf#4754 pMA DB not detected properly + - sf#4825 Datepicker missing when changing number of rows on + Insert page + - sf#4824 INNODB STATUS page is empty + - sf#4828 JavaScript is loaded in wrong order + - sf#4827 TEXT formatting doesn't work after inline editing + - sf#4822 Compress when php.ini output_buffering is active + - sf#4832 Sorting distinct values result loses links + - sf#4834 Do not attach token to css requests to improve caching + +------------------------------------------------------------------- +Fri Apr 3 21:36:12 UTC 2015 - ecsos@opensuse.org + +- update to 4.4.0 (2015-04-01) + + rfe #1553 InnoDB presently supports one FULLTEXT index creation + at a time + + rfe #1562 Allow tracking multiple table at once from database + level tracking page + + rfe #1564 Improve action message on Tracking page + + rfe #1566 Change value of "Number of rows:" when "Show all" + is checked + + rfe Focus console by clicking on white space + + rfe #1507 Part 1: Cycle through console history with keyboard + up/down arrows + + rfe #1579 Default to primary key when adding relation + + rfe #1572 User prefs: Diff-friendly JSON for config + + rfe #1567 Sever Variables Table UI Improvements + - sf#4675 phpMyAdmin should be able to work without 'examples' + DIR - move SQL scripts to sql directory + + rfe #1578 Warn about reserved word only when a column is + created + + rfe #1590 Recaptcha API v2 + + rfe #1580 Individual Zeroconf PMA tables support + + rfe #1525 Generate keys one per line + + rfe #347 allow table with transformed column anywhere in + FROM clause + + rfe #1591 Shortcut link to search page + + rfe #1568 Fold Add Column After / Before into dropdown + - sf#4705 Table structure: adding primary key doesn't refresh + page + + rfe #1582 SQL formatter + + rfe #1597 Fast filter improvement: remove + "x other results found" + - sf#4720 No error message on Missing extension mbstring + + rfe #801 Builtin transformations and relations + + rfe #767 USING BTREE support for HEAP/MEMORY tables + + rfe #1596 Make "Options > Relational" configurable + + rfe #719 More details in PDF relation view + + rfe #1096 Cannot enter connection for federated engine table + + rfe #954 Allow SALT in ENCRYPT function + + rfe #1260 Setting LoginCookieValidity > session.gc_maxlifetime + + rfe Transformation for JSON + - bug Fix isCanvasSupported for new window + + rfe #1600 Clarify the "Inline" link + + rfe #1179 Speed up slow triggers by using EVENT_OBJECT_SCHEMA + + rfe #1192 ON DUPLICATE KEY UPDATE for loading CSV + - bug fix Cannot execute command from console + (multi-server installation) + + rfe #1208 linking from information_schema + + rfe #1235 Relation view: move to main "Structure" page + + rfe #1558 Designer menu with explicit text + + rfe #937 Relations with views like with tables + + rfe #1241 Browse Field -> Search + + rfe #723 Provide sanity check for table/column names + (table names) + + rfe #1312 SessionTimeZone configuration directive + - bug fix Add missing confirmation when deleting tracking report + entries + + rfe Ability to disable foreign key check when emptying tables + + rfe #1549 Reset auto-increment when exporting structure + + rfe #1602 Recover query in redaction after session end + + rfe #1605 After database creation, go to database structure + page + + rfe #1604 Show PHP version + - sf#4770 Multiple delete on table browse ignoring foreign key + checkbox + + rfe CodeMirror based SQL editor as an input transformation + + rfe #1275 CodeMirror based JSON editor as an input + transformation + + rfe #685 Editor for HTML content + + rfe #1595 make professional code editor suggestion + + rfe #1606 processlist filter + + rfe Change tracking activation status from db level tracking + page + + rfe #1207 Export users associated with a specific + schema/database + + rfe #1575 "Disable database expansion" : unclear directive name + and explanation + + rfe #1607 Tool tip for lock icon when making changes to a page + + rfe #1327 Hide 'Add user' link if user does not have privileges + + rfe #501 Support for SSL GRANT option + + rfe #1608 Central columns allowing setting SIGNED / UNSIGNED + attribute for integer + + rfe #1441 Add regexp match when using AllowArbitraryServer + - sf#4806 Unable to work with two different servers in two tabs + +- fix incorrect fsf-address +- change pma.patch + +------------------------------------------------------------------- +Sun Mar 29 13:42:58 UTC 2015 - ecsos@opensuse.org + +- update to 4.3.13 (2015-03-29) + - sf#4803 "Show hidden items" is sometimes hidden + - sf#4807 Breaks when sorting by multiple columns + while using UNION + - sf#4798 Missing column when exporting in sql + - sf#4810 Broken find and replace + - sf#4804 Undefined Index after export schema + - sf#4802 Changelog page is not working + - sf#4815 Infinite calls to index.php + - sf#4820 Invalid links to dev.mysql.com + - sf#4718 simulate query fails, but actual query does not + +------------------------------------------------------------------- +Sat Mar 14 22:17:52 UTC 2015 - ecsos@opensuse.org + +- update to 4.3.12 (2015-03-14) + - sf#4746 Right-aligned columns have left-aligned header + - sf#4779 PMA_Util::parseEnumSetValues fails on enums with UTF-8 + values + - fix bug Undefined index savedsearcheswork + - sf#4788 Inline edit of DATE fields with NULL, NULL checkbox is + under datepicker + - sf#4790 DROP TABLE/VIEW IF EXISTS are not tracked + - fix bug Compatibility with central columns of version 4.4 + - sf#4758 Firefox with auth_type to http with multiple server + doesn't work anymore + - sf#4789 Views aren't dropped when copying a database + - sf#4784 Incomplete bookmark saving + - sf#4786 SELECT width on relations page + +------------------------------------------------------------------- +Wed Mar 4 23:12:16 UTC 2015 - ecsos@opensuse.org + +- update to 4.3.11.1 (2015-03-04) + This update fixes several vulnerabilities +- Security fixes: + * PMASA-2015-1 (CVE-2015-2206, CWE-661 CWE-352) [boo#920773] + http://www.phpmyadmin.net/home_page/security/PMASA-2015-1.php + - fix bug [security] Risk of BREACH attack + +------------------------------------------------------------------- +Wed Mar 4 09:07:09 UTC 2015 - ecsos@opensuse.org + +- fix error displayed in Status/Advisor and not functional display + of cpu and memory under Status/Monitor/ + +------------------------------------------------------------------- +Tue Mar 3 23:54:51 UTC 2015 - ecsos@opensuse.org + +- update to 4.3.11 (2015-03-02) + - sf#4774 SQL links are completely wrong + - sf#4768 MariaDB: version mismatch + - sf#4777 Some images are missing in Designer for original theme + - sf#4767 Drizzle: undefined index in mysql_charsets.inc.php + - sf#4753 Normal field and multi-line field have different + margins + - sf#4760 Cannot re-import settings from local storage + - sf#4778 SQL error when database list is sorted by additional + columns + - sf#4780 Notice when timestamp column does not have default + value + +------------------------------------------------------------------- +Fri Feb 20 16:32:21 UTC 2015 - ecsos@opensuse.org + +- update to 4.3.10 (2015-02-20) + - fix bug Undefined index navwork + - sf#4744 Opening console scroll down the page + - fix bug Remove extra column heading in view structure page + - fix bug Add missing confirmation when deleting central columns + - fix bug Undefined index DisableIS + - sf#4763 Database export with more than 512 tables fails + - sf#4769 Previously set column aliases are destroyed if returned + to the same table + - sf#4752 Incorrect page after creating table + - sf#4771 Central Columns not working, showing error + +------------------------------------------------------------------- +Fri Feb 6 16:41:06 UTC 2015 - ecsos@opensuse.org + +- update to 4.3.9 (2015-02-05) + - sf#4728 Incorrect headings in routine editor + - sf#4730 Notice while browsing tables when phpmyadmin + pma database exists, but not all the tables + - sf#4729 Display original field when using "Relational display + column" option and display column is empty + - sf#4734 Default values for binary fields do not support + binary values + - sf#4736 Changing display options breaks query highlighting + - fix bug Undefined index submit_type + - sf#4738 Header lose align when scrolling in Firefox + - sf#4741 in ./libraries/Advisor.class.php#184 vsprintf(): + Too few arguments + - sf#4743 Unable to move cursor with keyboard in filter rows box + - fix bug Incorrect link in doc + - sf#4745 Tracking does not handle views properly + - sf#4706 Schema export doesn't handle dots in db/table name + - sf#3935 Table Header not displayed correct (Safari 5.0.5 Mac) + - sf#4750 Disable renaming referenced columns + - sf#4748 Column name center-aligned instead of left-aligned + in Relations + +------------------------------------------------------------------- +Sat Jan 24 13:34:33 UTC 2015 - ecsos@opensuse.org + +- update to 4.3.8 (2015-01-24) + - fix bug Undefined constant PMA_DRIZZLE + - sf#4712 Wrongly positioned date-picker while Grid-Editing + - sf#4714 Forced ORDER BY for own sql statements + - sf#4721 Undefined property: stdClass::$version + - sf#4719 'only_db' not working + - sf#4700 Error text: Internal Server Error + - sf#4722 Incorrect width table summary when favorite tables + is disabled + - sf#4716 Collapse all in navigation panel is sometimes broken + - sf#4724 Cannot navigate in filtered table list + - sf#4717 Database navigation menu broken when resolution/screen + is changing + - sf#4727 Collation column missing in database list + when DisableIS is true + - fix bug Undefined index central_columnswork + - fix bug Undefined index favorite_tables + +------------------------------------------------------------------- +Sat Jan 17 09:32:06 UTC 2015 - ecsos@opensuse.org + +- update to 4.3.7 (2015-01-15) + - sf#4694 js error on marking table as favorite in Safari (in private mode) + - sf#4695 Changing $cfg['DefaultTabTable'] doesn't update link and title + - fix bug Undefined index menuswork + - fix bug Undefined index navwork + - fix bug Undefined index central_columnswork + - sf#4697 Server Status refresh not behaving as expected + - fix bug Null argument in array_multisort() + - sf#4699 Navigation panel should not hide icons based on 'TableNavigationLinksMode' + - sf#4703 Unsaved schema page exported as pdf.pdf + - sf#4707 Call to undefined method PMA_Schema_PDF::dieSchema() + - sf#4702 URL is non RFC-2396 compatible in get_scripts.js.php + +------------------------------------------------------------------- +Thu Jan 8 06:07:12 UTC 2015 - ecsos@opensuse.org + +- update to 4.3.6 (2015-01-07) + - fix bug Undefined index notices while configuring recent and + favorite tables + - sf#4687 Designer breaks without configuration storage + - sf#4686 Select elements flicker and selects something else + - sf#4689 Setup tool creates "pma__favorites" incorrectly + - sf#4685 Call to a member function isUserType() on a non-object + - sf#4691 Do not include console when no server is selected + - sf#4688 File permissions in archive + - sf#4692 Dynamic javascripts gives 500 when db selected + +------------------------------------------------------------------- +Mon Jan 5 23:54:17 UTC 2015 - chris@computersalat.de + +- fix for boo#911360 + * problems with pma__config enabled by default in phpMyAdmin +- rework config patch + * fix for pma storage config (disabled by default) +- add phpMyAdmin-pma.patch + * fix create_tables.sql +- fix restart_on_update + +------------------------------------------------------------------- +Mon Jan 5 16:03:43 UTC 2015 - ecsos@opensuse.org + +- update to 4.3.5 (2015-01-05) + - fix bug Auto-configuration: tables were not created + automatically + - sf#4677 Advanced feature checker does not check for + favorite tables feature + - sf#4678 Some of the data stored in configuration storage + are not deleted upon db or table delete + - sf#4679 Setup does not allow providing a name for + favorites table + - sf#4680 Number of favorite table are not configurable in setup + - sf#4681 'Central columns table' field in setup does not have + a description + - sf#4318 Default connection collation and sorting + - sf#4683 Relational data is not properly updated on table rename + - sf#4655 Undefined index: collation_connection (second patch) + - sf#4682 4.3.3 & 4.3.4 Import sql created by mysqldump fails on + foreign keys + - sf#4676 Auto-configuration issues + - sf#4416 New lines are removed when grid editing (part two: TEXT) + +------------------------------------------------------------------- +Mon Dec 29 18:03:15 UTC 2014 - ecsos@opensuse.org + +- update to 4.3.4 (2014-12-29) + - sf#4653 Always connection error was shown, on /setup + at tab "configuration storage" + - sf#4661 Drag and drop file import always fails + - sf#4651 don't open console with esc + - sf#4664 select min() displays 1 row, but reports the table + amount of rows returned + - sf#4666 Undefined indexes in table stucture print view + of a view + - sf#4663 Export missing back ticks for order table name + - sf#4668 Remove from central columns error + - sf#4670 CSV import reads both commas and values into + first column after first row + - sf#4642 phpmyadmin often fails to load due to specific + load order + - sf#4671 Unable to move all columns + - sf#4645 Import of export created with mysqldump + - sf#4672 "Distinct values" does not page + - sf#4667 Consistency in borders + - sf#4658 Illegal string offset (Data_length, Index_length) + - sf#4655 Undefined index: collation_connection + - sf#4673 Delimiter causing page lock + +------------------------------------------------------------------- +Sun Dec 21 12:27:09 UTC 2014 - ecsos@opensuse.org + +- update to 4.3.3 (2014-12-21) + - fix bug The "Recently used tables" setting should be with + Nav panel + - sf#4647 Can't disable Favorites + - sf#4646 Version Check Broken + - sf#4630 AJAX request infinite loop + - sf#4649 Attributes field size smaller than others + - sf#4622 Cannot remove table ordering on a Mac + - fix bug Fix initial replication configuration + - fix bug Undefined index central_columnswork + - sf#4657 Don't have default blowfish_secret + - sf#4656 Some error popups fade away too quickly + - sf#4648 Consistency in borders + - fix bug $cfg['Error_Handler']['display'] no longer necessary + - sf#4659 Leading and trailing whitespace in column name + +------------------------------------------------------------------- +Fri Dec 12 15:27:17 UTC 2014 - ecsos@opensuse.org + +- update to 4.3.2 (2014-12-12) + - sf#4628 PHP error while exporting schema as PDF + - sf#4631 Server selector submits two server parameter values + - sf#4629 Problem with custom SQL queries using cookie + authentication + - fix bug Undefined index central_columnswork + - sf#4632 Notice in ./libraries/Util.class.php#1916 + Undefined index: query + - sf#4633 Wrong parameter in fetchValue + - sf#4634 Error reporting creates an infinite loop + - sf#4635 Token mismatch while creating configuration storage + - sf#4640 Incorrect reference to PHP 6 + - sf#3794 failure to handle repeating empty columns when + importing ODS + - sf#4638 Default Export Method setting broken + - sf#4639 Export SQL missing indentation first field + - sf#4637 Field Alignment + - sf#4644 Error when browsing tables + +------------------------------------------------------------------- +Mon Dec 8 18:26:50 UTC 2014 - ecsos@opensuse.org + +- update to 4.3.1 (2014-12-08) + - sf#4609 'Show all' checkbox label is not clickable + - sf#4610 JS error reporting: Hash fragment is reset + - fix bug Undefined index menuswork + - sf#4614 Separator between "Show All" and "Number of rows" + disappears + - sf#4615 SQL highlighting in process list breaks on auto refresh + - sf#4616 Warning in db structure print view page + - fix bug Undefined index navwork, savedsearcheswork, fields + - sf#4620 Undefined index while adding to the central + columns list + - sf#4618 Page scrolls while GIS visualization is zoomed in/out + with mousewheel + - sf#4613 HHVM: method 'ob_gzhandler' not found + - sf#4593 Manual "SELECT" doesn't change active table + - sf#4623 Incomplete PHP OpenSSL support + - sf#4626 Ctrl + click on a column not in sort triggers a server + call to erroneous url + - sf#4625 "Insufficient space to save the file" on export SQL to + file on server + - sf#4627 "file_get_contents(examples/create_tables.sql): failed + to open stream" after update + - sf#4617 UI issues with sortable tables + - sf#4619 SELECT LENGTH(`field`) FROM `table` does not sort + +------------------------------------------------------------------- +Sat Dec 6 10:09:35 UTC 2014 - ecsos@opensuse.org + +- update to 4.3.0 (2014-12-05) + + rfe #1502 Smart sorting for int keys + + rfe #1521 Confirmation message when dropping user(s) + + rfe #1518 Confirm dialog on accidentally leaving a page + + rfe #1445 Easy access to "SHOW CREATE ..." + + rfe #1448 Allow clicking an approximate row count to get + a correct one + + rfe #1487 "Browse foreign values" should be a modal dialog + + rfe #1523 Better visual clue for table structure + primary key column + + rfe #982 Support for editing binary fields in hexadecimal + - sf#4416 New lines are removed when grid editing + + rfe #706 Multi-db privileges adding + + rfe #1527 Charts for data in format + + rfe Allow saving query charts as images + + rfe #1145 Preview SQL instead of executing it + + rfe #759 Use aliases in SQL export for tables and columns + - sf#4450 Query is duplicated on Ctrl+Enter + + rfe #755 Export with table/column name changes + + rfe #869 Run SQL query: Allow rollback for InnoDB tables + + rfe #654 Range Search Capability + + rfe #1490 Dynamic process list + + rfe #1522 Drag and Drop SQL import + + rfe #637 Custom Field Handlers + + rfe #1488 User privilege tab not shown in all relevant cases + + rfe #781 Privileges for non superuser + + rfe #908 Improvements for the table editor (index creation) + + rfe #1426 Navigation state lost on reload + - sf#4439 Table list in left panel doesn't expand + + rfe Improved validation when inserting data + + rfe #1491 Support InnoDB for database Query by example + + rfe #345 Normalize a table + + rfe #1123 Zeroconf PMA tables support + + rfe #1492 Remove the distinct query window / Add SQL + log+history panel + + rfe #919 Multiple-column foreign key relation + - sf#3165 Redundant foreign keys not supported + - fix bug Incorrect link to documentation + + rfe #857 Regexp replace + - fix bug Incorrect path in change password when on reverse proxy + or + non-root directory + + MariaDB 10+ multi-master replication support + + rfe #1544 MySQL 5.7.5 compatibility + + rfe #1529 Avoid session timeout when user is active + - sf#4528 Can't import dump via SQL field + + rfe #1251 Show "Overhead" with same precision for all tables + + rfe #1546 Improve the js printf library + + rfe #1542 Better error reporting in Designer + - sf#4547 Micro history does not work in Users page + - sf#4551 Wrong test in source code + - sf#4537 BLOB inline-view JPG column transformation does + not work for anything except simple queries + + rfe #1535 Keyword-based autocompletion in SQL query editors + - sf#4558 Unable to Add Rows while Creating Table + + rfe #1547 Wrap No Tables Found message with message box + - sf#4559 Logging in causes 100% CPU usage + - sf#4564 Designer: spaces in table name with edit table link + generates bad links + - sf#4582 Debug SQL works only for the first page + - sf#3869 Count(*) on information_scheme.INNODB_BUFFER_PAGE + with a huge bufferpool + - sf#4495 Comment lines in multiquery + - sf#4535 Loads of Warnings/Notices in PMA_getServerSlaveStatus + on replication slave + - sf#4585 Multi query results not shown + + rfe #1556 Disabling Show all + - sf#4513 phpmyadmin run very slow (information_schema) + - sf#4243 Super slow page rendering with tens of thousands of DBs + - sf#4391 Upgraded to 4.2.0, insanely slow now + + rfe #1537 PHP OpenSSL support for cookie encryption/decryption + - sf#4227 Token mismatch when using HTTP AUTH and the SESSION + expires + +- change all my old mail address in this changelog + from ecsos@old.domain to ecsos@opensuse.org + +------------------------------------------------------------------- +Wed Dec 3 17:14:16 UTC 2014 - ecsos@opensuse.org + +- update to 4.2.13.1 (2014-12-03) + This update fixes several vulnerabilities +- Security fixes: + * PMASA-2014-18 (CVE-2014-9219, CWE-661 CWE-79) [boo#908364] + http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php + - sf#4612 [security] XSS vulnerability in redirection mechanism + * PMASA-2014-17 (CVE-2014-9218, CWE-661 CWE-400) [boo#908363] + http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php + - sf#4611 [security] DOS attack with long passwords + +------------------------------------------------------------------- +Sun Nov 30 22:47:22 UTC 2014 - ecsos@opensuse.org + +- update to 4.2.13 (2014-11-30) + - sf#4604 Query history not being deleted + - sf#4057 db/table query string parameters no longer work + - sf#4605 Unseen messages in tracking + - sf#4606 Tracking report export as SQL dump does not work + - sf#4607 Syntax error during db_copy operation + - sf#4608 SELECT permission issues with relations and restricted + access + +------------------------------------------------------------------- +Thu Nov 20 16:18:55 UTC 2014 - ecsos@opensuse.org + +- update to 4.2.12 (2014-11-20) + This update fixes several vulnerabilities, as well as a number of + other bug fixes. +- Security fixes: + * PMASA-2014-16 (CVE-2014-8961, CWE-661 CWE-23) [boo#906488] + http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php + - sf#4595 [security] Path traversal can lead to leakage of + line count + * PMASA-2014-15 (CVE-2014-8960, CWE-661 CWE-79) [boo#906487] + http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php + - sf#4596 [security] XSS through exception stack + * PMASA-2014-14 (CVE-2014-8959, CWE-661 CWE-98) [boo#906486] + http://www.phpmyadmin.net/home_page/security/PMASA-2014-14.php + - sf#4594 [security] Path traversal in file inclusion of + GIS factory + * PMASA-2014-13 (CVE-2014-8958, CWE-661 CWE-79) [boo#906485] + http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php + - sf#4578 [security] XSS vulnerability in table print view + - sf#4579 [security] XSS vulnerability in zoom search page + - sf#4598 [security] XSS in multi submit + - sf#4597 [security] XSS through pma_fontsize cookie +- Other bug fixes: + - sf#4574 Blank/white page when JavaScript disabled + - sf#4577 Multi row actions cause full page reloads + - fix ReferenceError: targeturl is not defined + - fix Incorrect text/icon display in Tracking report + - sf#4404 Recordset return from procedure display nothing + - sf#4584 Edit dialog for routines is too long for + smaller displays + - sf#4586 Javascript error after moving a column + - sf#4576 Issue with long comments on table columns + - sf#4599 Input field unnecessarily selected on focus + - sf#4602 Exporting selected rows exports all rows of the query + - sf#4444 No insert statement produced in SQL export for + queries with alias + - sf#4603 Field disabled when internal relations used + +------------------------------------------------------------------- +Fri Oct 31 17:44:05 UTC 2014 - ecsos@opensuse.org + +- update to 4.2.11 (2014-10-31) + - fix ReferenceError: Table_onover is not defined + - sf#4552 Incorrect routines display for database due to case + insensitive checks + - sf#4259 reCaptcha sound session expired problem + - sf#4557 PHP fatal error, undefined function __() + - sf#4568 Date displayed incorrectly when charting a timeline + - sf#4571 Database Privileges link does not work + - fix makegrid.js: where_clause is undefined + - sf#4572 missing trailing slash (import and open_basedir) + +------------------------------------------------------------------- +Tue Oct 21 22:59:45 UTC 2014 - andreas.stieger@gmx.de + +- phpMyAdmin 4.2.10.1 [boo#902154] [CVE-2014-8326] + This release fixes cross-site scripting vulnerabilities in the + SQL debug output and server monitor pages. This developer option + is not enabled by default. + - sf#4562 [security] XSS in debug SQL output + - sf#4563 [security] XSS in monitor query analyzer + +------------------------------------------------------------------- +Sat Oct 11 15:34:28 UTC 2014 - ecsos@opensuse.org + +- update to 4.2.10 (2014-10-11) + - sf#4361 Can't change font size + (when config.inc.php not present) + - sf#4542 Tab key in column name not shown + - fix bug PDF export: title not present in PDF + - sf#4543 Changing column name can break saved "order by" clause + - sf#4545 trying to favorite table while browser localStorage + is disabled throws JS error + - sf#4259 reCaptcha sound session expired problem + - sf#4548 Inline editing a field converts tab to spaces + - sf#4252 Database-level permission bug for db names containing + underscores + - sf#3120 Events are not exported when using xml + - sf#4554 Grid-editing timestamp column forces datepicker + - sf#4556 Fast filters for tables, views etc. should be governed + by NavigationTreeDisplayItemFilterMinimum + +------------------------------------------------------------------- +Wed Oct 1 20:26:14 UTC 2014 - andreas.stieger@gmx.de + +- phpMyAdmin 4.2.9.1 [bnc#899452] [CVE-2014-7217] + Contains a fix for a cross-site scripting vulnerability in the + table search and table structure pages which could be trigged + with a crafted ENUM value + - sf#4544 [security] XSS vulnerabilities in table search and + table structure pages + +------------------------------------------------------------------- +Sat Sep 20 12:12:53 UTC 2014 - ecsos@opensuse.org + +- update to 4.2.9 (2014-09-20) + - fix bug ajax.js responseHandler: cannot read property of null + - fix bug sql.js: str is undefined + - sf#4524 Allow for direct selection of "0" + on the "user overview" page + - sf#4529 Undefined index: pos + - sf#4523 tbl_change.js: insert as new row submit type on + multiple selected records does not set all AUTO_INCREMENTs + to 0 value + - fix bug ajax.js responseHandler: another "cannot read property" + - fix bug tbl_structure.js "cannot read property" + +------------------------------------------------------------------- +Sun Sep 14 21:10:17 UTC 2014 - chris@computersalat.de + +- fix for bnc#896635 + * update to 4.2.8.1 (2014-09-13) + * PMASA-2014-10 (CVE-2014-6300, CWE-661 CWE-352) + http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php + - sf#4530 [security] DOM based XSS that results to a CSRF + that creates a ROOT account in certain conditions + +------------------------------------------------------------------- +Fri Sep 5 18:39:29 UTC 2014 - chris@computersalat.de + +- rollback changes introduced by fix for bnc#894107 cause they + broke apache pkg. + +------------------------------------------------------------------- +Sun Aug 31 21:52:38 UTC 2014 - ecsos@opensuse.org + +- update to 4.2.8 (2014-08-31) + - sf#4516 Odd export behavior + - sf#4519 Uncaught TypeError: Cannot read property 'success' + of null + - sf#4520 sql.js: cannot read property + - sf#4521 Initially allowed chart types do not match selected + data + - sf#4518 Export to SQL: CREATE TABLE option AUTO_INCREMENT + ignored + - sf#4522 Duplicate column names while assigning index + - sf#4487 Export of partitioned table does not import + - fix bug server_privileges.js: cannot read property + - sf#4527 Importing ODS files with column names having trailing + spaces fails + - sf#4413 Navigation Error in Nav Tree for Search Results Past + the First Page + - fix bug functions.js: Cannot read property 'replace' of undefined + +------------------------------------------------------------------- +Fri Aug 29 14:58:31 UTC 2014 - chris@computersalat.de + +- fix for bnc#894107 + * fix post/postun for systemd + +------------------------------------------------------------------- +Tue Aug 19 21:46:14 UTC 2014 - chris@computersalat.de + +- fix changes file + * add missing PMASA / CVE info + +------------------------------------------------------------------- +Mon Aug 18 18:13:29 UTC 2014 - andreas.stieger@gmx.de + +- fix for bnc#892401 + * update to 4.2.7.1 + * PMASA-2014-8 (CVE-2014-5273, CWE-661 CWE-79) + http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php + - sf#4501 [security] XSS in table browse page + - sf#4502 [security] Self-XSS in enum value editor + - sf#4503 [security] Self-XSSes in monitor + - sf#4504 [security] Self-XSS in query charts + - sf#4517 [security] XSS in relation view + * PMASA-2014-9 (CVE-2014-5274, CWE-661 CWE-79) + http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php + - sf#4505 [security] XSS in view operations page + +------------------------------------------------------------------- +Thu Jul 31 21:38:39 UTC 2014 - ecsos@opensuse.org + +- update to 4.2.7 (2014-07-31) + - sf Broken links on home page + - sf#4494 Overlap in navigation panel + - sf#4427 Action icons not in horizontal order + - sf#4493 s_attention.png is missing + - sf#4499 Uncaught TypeError: Cannot call method 'substr' of undefined + - sf#4498 PMA 4.2.x and HHVM + - sf#4500 mysql_doc_template is not defined + +------------------------------------------------------------------- +Fri Jul 18 17:24:08 UTC 2014 - ecsos@opensuse.org + +- update to 4.2.6 (2014-07-17) + - sf#4471 Undefined index warning with referenced column. + - sf#4027 $cfg['MaxExactCount'] is ignored when BROWSING is + back + - sf#4482 Multi Column sorting (improved user experience) + - sf#4478 Server validation does not work while in setup/mysqli + - sf Undefined variable when grid editing a foreign key column + - sf#4481 mult_submits.inc.php Undefined variable Error + - sf#4485 Sorting breaks the copy column feature + - sf#4440 Javascript error when renaming table + - sf#4483 'New window' link (selflink) disappears, causing + Javascript error + - sf#4489 Incorrect detection of privileges for routine + creation + - sf#4459 First few characters of database name aren't + clickable when expanded + - fix for PMASA-2014-4 (CVE-2014-4954, CWE-661, CWE-79) + http://www.phpmyadmin.net/home_page/security/PMASA-2014-4.php + * sf#4486 [security] XSS injection due to unescaped table + comment + - fix for PMASA-2014-5 (CVE-2014-4955, CWE-661, CWE-79) + http://www.phpmyadmin.net/home_page/security/PMASA-2014-5.php + * sf#4488 [security] XSS injection due to unescaped table name + (triggers) + - fix for PMASA-2014-6 (CVE-2014-4986, CWE-661, CWE-79) + http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php + * sf#4492 [security] XSS in AJAX confirmation messages + - fix for PMASA-2014-7 (CVE-2014-4987, CWE-661) + http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php + * sf#4491 [security] Missing validation for accessing User + groups feature + +------------------------------------------------------------------- +Thu Jun 26 19:34:06 UTC 2014 - ecsos@opensuse.org + +- update to 4.2.5 (2014-06-26) + - sf#4467 shell_exec() has been disabled for security reasons + - sf#4470 Error while submitting empty query + - sf#4463 Fatal error: Class 'PMA_DatabaseInterface' not found + - sf#4469 Fixed cookie based login for installations without mcrypt + - sf#4473 incorrect result count when having clause is used + - mcrypt: remove the requirement (64-bit) and the related warning + +------------------------------------------------------------------- +Sat Jun 21 07:20:18 UTC 2014 - ecsos@opensuse.org + +- update to 4.2.4 (2014-06-20) + - sf#4449 Mediawiki export does not produce table header row; + also fix related PHP warnings + - sf#4442 New lines are added to query every time + - sf#4445 Fatal error on SQL Export of join query + - sf#4448 Dump binary columns in hexadecimal notation not working + - Regenerate cookie encryption IV for every session + - sf#4405 Cannot import (open_basedir): fix another case + - sf#4457 SQL tab - Insert queries not showing affected row count + - bug Missing warning about existing account, on multi-server config + - sf#4435 WHERE clause can be undefined + - bug SQL export views as tables option getting ignored + * fix for PMASA-2014-3 ( CVE-2014-4349, CWE-661, CWE-79 ) + http://www.phpmyadmin.net/home_page/security/PMASA-2014-3.php + - sf#4464 [security] XSS injection due to unescaped db/table name + in navigation hiding + * fix for PMASA-2014-2 ( CVE-2014-4348, CWE-661, CWE-79 ) + http://www.phpmyadmin.net/home_page/security/PMASA-2014-2.php + - sf#4465 [security] XSS injection due to unescaped db/table name + in recent/favorite tables + +------------------------------------------------------------------- +Mon Jun 9 19:16:43 UTC 2014 - andreas.stieger@gmx.de + +- update to 4.2.3: + - sf#4423 Moving fields not working + - sf#4424 Table indexes disappear after altering field + - sf#4432 Error while displaying chart at server level + - sf#4405 Cannot import (open_basedir) + - sf#4396 Problem copying constraints (such as Sakila) + - sf#4433 Missing privileges submenu + - sf#4394 Drop db confirmation message when dropping a user + - sf#4436 Insert form numeric field with function drop-down list + - sf#4437 Problems due to missing enforcement of the minimum + supported MySQL version + - Add enforcement of the minimum supported PHP version (5.3.0) + - bug: Query error on submitting a column change form containing + a disabled input field + - bug: Incorrect menu tab generation from usergroups + - bug: Missing space in index creation/edit generated query + - sf#4434 Unchecking 'Show SQL queries' results NaN + +------------------------------------------------------------------- +Tue May 20 16:58:13 UTC 2014 - ecsos@opensuse.org + +- update to 4.2.2 (2014-05-20) + - sf#4388 Disable database expansion when enabled throws Error 500 + when database name is clicked in navigation tree + - sf#4414 table display of performance_schema DB structure + - sf#4411 Protect Binary Columns: many problems + - sf#4395 BLOB link transformation is broken + - sf Respect ['ShowCreateDb'] in the navi panel + - sf#4392 Cannot see databases in nav panel on databases grouping + when disabled database expansion + - sf#4419 No more calendar into search tab + - sf#4398 Monitor should fit into screen width + - sf#4418 When copying databases, primary key attributes get lost + - sf#4421 empty maxInputVars on js/messages.php + +------------------------------------------------------------------- +Tue May 13 20:15:28 UTC 2014 - ecsos@opensuse.org + +- update to 4.2.1 (2014-05-13) + - sf#4380 Cannot display table structure with enums + containing special characters + - sf#4381 Cannot remove the last remembered sorted column + - sf Correctly fetch length of user and host fields in MySQL tables + - sf#4364 examples/signon.php does not support + the SessionSavePath directive + - sf#4382 Missing source for OpenLayers library + - sf Incorrect attributes for number fields + - sf#4383 Cannot update values in Zoom search + - sf#4313 GIS Visualization Extension does not work + with PointFromText() function + - sf#4384 Incorrect "Rows" total shown when truncating + or dropping a table on DB Structure page + - sf#4385 Grid edit on sorted columns fails + - sf#4389 Null checkbox covering data input when editing + - sf#4390 Data type changing by itself + (no size but attribute present) + +------------------------------------------------------------------- +Thu May 8 14:29:34 UTC 2014 - ecsos@opensuse.org + +- update to 4.2.0 (2014-05-08) + + rfe #1403 Export only triggers + + rfe #1483 Export Server/Database/Table without triggers + + rfe #1662 Add table comment tool tip in database structure page + + rfe #1447 Single table for display Character Sets and Collations + + rfe #1455 Display icons/text/both for the table row actions + + rfe #1473 Transformation to convert Boolean value to text + - sf#4157 Changing users password will delete it + + rfe #1474 Text transformation combines Append and Prepend + + Added warning about the mysql extension being deprecated + and removed the extension directive + + Added support for scatter charts + + rfe #1478 Make Column Headings Sticky + + rfe #1480 Enhance privileges initials table + + rfe #1472 [interface] Break "Edit privileges" with sub-menus + + rfe #1466 Minor refactoring required + + rfe #1004 Create indexes at the end in SQL export + + rfe #1479 Relations edit form for larger monitors + + rfe #1475 Inline query box vertical resize + + rfe #1500 [interface] Add bottom border to top menu container + + rfe #1498 Add datepicker for 'TIME' type + - sf#4237 HTTP Referer disclosure in SQL links + + rfe Show full names on navigation hover + + rfe #1505 Behaviour on click on a routine in nav panel + + rfe #1418 Support more than one separating character on CSV import + + rfe #569 Load/Save Query By Example + - sf#4281 Grid edit ENUM field, dialog disappears when trying to select + - sf#4304 DB export using zip compression generates an empty archive + + rfe #1508 confirmation message at the top + - sf#4306 breadcrubs wrong on table create + + rfe #1511 better validate database name for copying + + rfe #1510 Database tab "Drop" button should be a link + + rfe #1513 Highlight required form fields after failed submission + + rfe #1460 Redirect to login page after session has expired + - sf#4316 Grid edit: can't change month on date fields + + rfe #1501 add maxlength by field with length-spec + + rfe #1512 Import happily doesn't do anything with no file name provided + + rfe #1514 Add function to all the insert boxes automatically + + rfe #1515 Option to skip tables larger than n + + rfe #1486 Possibility of disabling database expansion + + rfe #1476 Favourite tables select box + + rfe #420 $cfg['CharEditing']='textarea' for structure edit + + rfe #1329 Avoid editing of fields which are part of relation + + rfe [interface] Highlight active left menu item in setup + + rfe Filter on-screen rows during Browse + Removed support for SQL Validator (SOAP service no longer offered) + - sf#4352 Settings > Manage: incorrect messages + - sf#4337 "More" in Actions area doesn't collapse to fit available space + - sf#4375 Group two DB, one's name is the prefix of the other one + - sf#4070 Confusing database/table grouping + - sf#4366 Creating Index doesn't update index-list + +------------------------------------------------------------------- +Sat Apr 26 20:56:34 UTC 2014 - andreas.stieger@gmx.de + +- phpMyAdmin 4.1.14 + * sf#4365 Creating bookmark with multiple queries not working + * sf#4372 Changing browser transformation results in unnecessary + table rebuild + * sf#4375 Group two DB, one's name is the prefix of the other one + * sf#4376 [interface] Login fields show in separate line + +------------------------------------------------------------------- +Sun Apr 13 14:14:42 UTC 2014 - ecsos@opensuse.org + +- update to 4.1.13 (2014-04-13) + * sf#4279 CTRL + up or down moves 2 fields + * sf#4336 List server css style wrong + * sf Missing value on the Status > Server page + * sf#4347 Fixed PHP Parse error in Advisor + * sf#4350 Deleting the DB if it is renamed by the same name + * sf#4353 makeProfilingChart is not defined + * sf#4355 Precision specifier for DOUBLE type is truncated + * sf#4346 Incorrect "Export incomplete" message + * sf#4359 Notices on create table page + * sf#4356 GROUPed selects show number of rows as if not grouped + * sf#4357 JS Form submitted on "enter" even if focus + is inside a select field + +------------------------------------------------------------------- +Thu Mar 27 16:12:55 UTC 2014 - ecsos@opensuse.org + +- update to 4.1.12 (2014-03-27) + * sf#4334 Add event : datepicker won't open + * sf#4338 Fix missing value error while executing SQL query + * TCPDF library is now optional dependency + * sf#4326 Cannot find the import plugins which start with uppercase 'I' + +------------------------------------------------------------------- +Sat Mar 22 21:44:48 UTC 2014 - andreas.stieger@gmx.de + +- phpMyAdmin 4.1.11: + * sf#4335 reCaptcha problem (4.1.10 regression) + +------------------------------------------------------------------- +Sat Mar 22 15:27:37 UTC 2014 - ecsos@opensuse.org + +- update to 4.1.10 (2014-03-22) + * sf#4301 Grid edit: "SELECT" query is replaced by "UPDATE" + query after edit + * sf#4278 reCaptcha re-login requires double effort + * sf#4324 Datepicker not showing up on insert page + * sf#3991 Problem selecting item in select boxes + with the ENTER keystroke in some browsers + * sf#4323 QueryWindow ignores CodeMirror + * sf None of the live charts shown on "Status -> Monitor" (Chrome) + +------------------------------------------------------------------- +Sat Mar 8 02:00:58 UTC 2014 - ecsos@opensuse.org + +- update to 4.1.9 (2014-03-06) + * sf#4279 CTRL + up or down moves two fields (part one) + * sf#4294 output as text radio clickable for "OpenDocument Text" export + * sf#4297 DROP DATABASE tick box in export no longer works + * sf#4291 Unable to export comments in OpenDocument text format + * sf#4299 Deletion even when the user says "No" to the confirmation message + * sf#4303 "New" link in navi panel is shown even if no privileges + * sf#4302 Some params are being omitted from microhistory + * sf#4298 Missing validation on Import CSV: "Columns enclosed with" + and "Columns escaped with" + * sf#4040 Fatal error while resetting settings + * sf#4305 JS error when editing procedure from nav panel + * sf#4308 Edit routine form submitting when pressing enter + * sf#4307 Nav: "Columns" won't expand with specific schema + +------------------------------------------------------------------- +Wed Feb 26 23:18:52 UTC 2014 - chris@computersalat.de + +- fix changes file + +------------------------------------------------------------------- +Sat Feb 22 13:35:15 UTC 2014 - ecsos@opensuse.org + +- update to 4.1.8 (2014-02-22) + * sf#4276 Login loop on session expiry + * sf#4249 Incorrect number of result rows for SQL with subqueries + * sf#4275 Broken Link to php extension manual + * sf#4053 List of procedures is not displayed after executing with Enter + * sf#4081 Setup page content shifted to the right edge of its tabs + * sf#4284 Reordering a column erases comments for other columns + * sf#4286 Open "Browse" in a new tab + * sf#4287 Printview - Always one column too much + * sf#4288 Expand database (+ icon) after timeout doesn't do anything + * sf#4285 Fixed CSS for setup + * Fixed altering table to DOUBLE/FLOAT field + * sf#4292 Success message and failure message being shown together + * sf#4293 opening new tab (using selflink) for import.php based actions + results in error and logout + +------------------------------------------------------------------- +Sun Feb 9 16:40:00 UTC 2014 - ecsos@opensuse.org + +- fix for bnc#864917 + * PMASA-2014-1 ( CVE-2014-1879, CWE-661 CWE-79) + * update to >= 4.1.7 +- update to 4.1.7 (2014-02-09) + * sf#4245 initial Browse query does not match sorting order + * sf#4250 Notice on export page + * sf#4253 "New" text in navigation frame acts like a database + * sf#4262 Cannot define a column with fractional seconds + * sf#4265 Missing datepicker icon for DATETIME(length) + * sf#4257 Hide fractional seconds when applicable + * sf#4264 Uncheck "Ignore" while inserting, upon leaving a textarea + * sf#4260 reCaptcha is ignoring language settings + * sf#4259 reCaptcha sound session expired problem + * sf#4263 Japanese character encoding not working properly when exporting + * sf#4269 Notice on table relation page + * sf#4270 Bad text-color for table comments + * sf#4278 reCaptcha re-login requires double effort + * sf#4272 Incorrect tabindex + * sf#4271 Query by example and the second criteria line + * sf#4242 Wildcard-containing only_db failure in sidebar + +------------------------------------------------------------------- +Sun Jan 26 12:56:25 UTC 2014 - ecsos@opensuse.org + +- update to 4.1.6 (2014-01-26) + * sf#4232 User not found after creating the user + * sf#4241 Confusing dialog when trying to create an already existing user + * sf#4239 Missing LIMIT clause for some queries + * rfe #1489 Do not show create icon when user has no privileges + * sf#4218 Chrome behavior with date fields + * sf#3579 NOW() function incorrectly selected (regression) + * sf#4244 Advisor complaints about MariaDB 10.x is version less than 5.1 + * sf#3889 When login fails and error display is active, login data is displayed (regression) + * sf#4247 open_basedir warnings on export page + * sf#4013 AJAX request waiting until version info is retrieved + * sf#4248 js error when changing number of columns in status monitor + +------------------------------------------------------------------- +Fri Jan 17 21:42:20 UTC 2014 - andreas.stieger@gmx.de + +- phpMyAdmin 4.1.5 + * sf#3780 Allow aborting loading pages + * sf#4223 Database list: Create database misses collation column + * sf#4224 Empty table names when a table is "inuse" + * sf#4225 Partition maintenance broken + * sf#4219 Table list (left panel) does not reload when table renamed + * sf#4230 "in use" displayed for all views in database print view + * sf#4226 Notice: Undefined index: pma_config_loading + * sf#4221 Bzip2 export cannot be directly imported (so withdraw bz2 export) + * sf#4204 Reloading user privileges hides user groups submenu + * sf#4231 DATE columns quick edit decrement by one day + +------------------------------------------------------------------- +Wed Jan 8 14:02:09 UTC 2014 - ecsos@opensuse.org + +- update to 4.1.4 (2014-01-07) + * sf#3840 (additional fix) When exporting to gzip format, the data is compressed 2 times + * sf#4209 Missing compression in one case + * sf#4208 Can't browse tables after sorting on columns with fieldnames that have a '-' + * sf#4184 Switch to wrong page after adding an index + * sf#3885 Additional fix for this bug + * sf#4212 Table "disappears" if it has the same name as its tablegroup + * sf#4213 Datetime Quick Edit decrements by one day + * sf#4217 Current value not highlighted when browsing foreign values + * sf#4220 Incorrect key values in foreign key browser + * sf#4215 MariaDB 5.5: error in Drizzle detection + +------------------------------------------------------------------- +Wed Jan 1 16:36:22 UTC 2014 - andreas.stieger@gmx.de + +- add source URL, see https://en.opensuse.org/SourceUrls + +------------------------------------------------------------------- +Wed Jan 1 12:59:03 UTC 2014 - ecsos@opensuse.org + +- update to 4.1.3 (2013-12-31) + * sf#3938 PDFDefaultPageSize doc and easy configurability + * sf#4198 Hovering over pie chart gives fatal JS error + * sf#4200 Missing syntax highlighting + * sf#4201 Exports are not compressed + * sf#4131 Import: "number of rows to skip" is ambiguous + * sf#4205 Add a user shows additional "edit user group" link + * sf#4202 Cannot read property 'token' of undefined + * sf#4203 On refreshing designer, $.FullScreen is undefined + * sf#3920 Lost space in navigation area +- Fix python-bytecode-inconsistent-mtime + +------------------------------------------------------------------- +Mon Dec 23 23:47:24 UTC 2013 - ecsos@opensuse.org + +- update to 4.1.2 (2013-12-23) + * sf#4178 Quick edit for BIT type does not work + * sf#2760 Warn about incomplete exports + * sf#4190 Fractional seconds cause row update even if the value is not changed + * sf#4170 Overflow scroll for table grid is not a good solution + * sf#2961 Relations settings not updated on config change + * sf#4187 SQL query inline edit doesn't post changes on the first run + * rfe #1465 Docs for connections to IPv6 only MySQL instances + * rfe #1468 [interface] No floating for server breadcrumb menu + +------------------------------------------------------------------- +Tue Dec 17 17:27:05 UTC 2013 - ecsos@opensuse.org + +- update to 4.1.1 (2013-12-17) + * sf#4154 Error using UNION query + * sf#4173 Transformations overview not reachable + * sf#4149 Js freezes in the management of replication + * sf#3903 Query fails when using aliases after ordering result + * sf#4181 Adding columns in table creation clears existing columns + * sf#4023 Requires wildcard EXECUTE/ALTER ROUTINE on DB to allow + Procedures to be executed by user + * sf#4186 Adding a column when creating a table does not propagate index info + * sf#4185 Unable to execute create procedure statement from query window + +------------------------------------------------------------------- +Sun Dec 15 18:51:58 UTC 2013 - ecsos@opensuse.org + +- update to 4.1.0 (2013-12-11) + * rfe #499 On user creation, warn if the user already exists + * Use indeterminate check all checkbox in server privileges + * Break server_status.php functions into smaller functions + * PMA_DBI functions in database_interface.lib.php renamed to be compliant with PEAR standards + * [interface] Make warning about existing config directory clearer + * rfe #1414 Allow specifying controlport + * PMA_DBI functions in database interface libraries renamed to be compliant with PEAR standards + * rfe #1412 Creating a view from an empty set of results + * Improved layout on db and table operations pages + * rfe #1410 Added support for AES_ENCRYPT for blob fields + * rfe #1423 Clarify option text for icon/text settings + * [interface] Upgraded CodeMirror to 3.x series + * rfe #1363 Improved query profiler + * [interface] rfe #1429 Better suggestion for database name + * rfe #1433 Support relations with ndbcluster + * sf#3962 Proper escaping of JSON export + * rfe #1382 Optional ReCAPTCHA support + * rfe #1434 Improvements to the table browsing navigation bar + * rfe #1233 and rfe #1283 Improvements to Relation View interface + * rfe #1397 Use fractional seconds in time, datetime, and timestamp + * rfe #175 Allow cross-database relations + * [core] Dropped support for PHP 5.2. + * rfe #487 and rfe #1405 Find and Replacing column wise + * rfe #1373 Use same create view dialog for editing a view + * rfe #316 Configurable menus; allow user groups with customized menus per group + * sf#4024 Editing field a record is selected by makes pma load forever + * sf#4035 Query "inline" link disappears when turning off "Explain SQL" option + * rfe #1385 Hide tables, functions, procedures, events and views in navigation tree + * rfe #1321 Export view as if it was a table + * Dropped configuration directive: SQP + * Dropped configuration directive: MySQLManual* + * rfe #1041 and bug #2954 Improved support for SSL connections between MySQL and phpMyAdmin + * sf#4056 Language: Vague error message when adding a varchar field + * [setup] rfe #1452 Use type="password" for server passwords + * rfe #1451 HTML5 input tag enhancements + * sf#1193 Text field too small when editing a row longer than $cfg['LimitChars'] + * Privileges tab for table level + * sf#4068 Headline in operations not readable in IE10 + * sf#4000 "Table does not contain unique column" message appears after adding a unique column + * rfe #1428 add 'new database' entry to nav tree + * rfe #1457 Stone Age icon found + * rfe #1463 Filter tables and databases by regular expression + * Change the proxy variable names in the config to remove the VersionCheck prefix from them + * Added an Error Reporting Component + * Javascript files are no longer uglified + * sf#4145 Config screen fails to validate MemoryLimit = -1 (new default) + * sf#4123 Double config including + * sf#4134 After deleting all rows on a page, it returns to a blank page + * Dropped configuration directive: DisableIS, ShowDatabasesCommand + * sf#4152 Not possible to enter % for search in date fields + * sf#3931 IN Clause search does not permit multiple values + * sf#4086 Clicking OK from edit popup opens new tab + * sf#2983 unknown table status: TABLE_TYPE + * sf#4030 ORDER BY SUM(`field`) does not sort DESC + * sf#4133 CSV import breaks when no blank line at end of file + * sf#4153 Unable to import if newline encoding is MAC style + * sf#4096 horizontal scrollbar should not overflow on the left column + * sf#4159 bug with navigation between database and table filter + * sf#4119 Huge session data with $cfg['Error_Handler']['gather'] + * sf#4169 Table list jumps to table on click + * sf#4168 Rename multiple columns is not working + +------------------------------------------------------------------- +Fri Dec 6 14:58:34 UTC 2013 - ecsos@opensuse.org + +- update to 4.0.10 (2013-12-04) + * sf#4150 Clicking database name in query window opens a new tab + * sf#4141 Wrong page is shown after editing; also, do not show a modal + dialog for multi-row edit + * sf#3939 PHP NavigationTree error when paging through list + * sf#4075 Support A10 Networks load balancer + * sf#4083 row deleting isn't binlogs friendly + * sf#4163 Setup script does not recognize manually-configured server + * sf#4158 Events page says no privileges with ALL PRIVILEGES + +------------------------------------------------------------------- +Sun Nov 10 12:59:02 UTC 2013 - ecsos@opensuse.org + +- update to 4.0.9 (2013-11-04) + * sf#4104 Can't edit updatable view when searching + * sf#4108 Missing refresh by deleting databases + * sf#3995 Drizzle server charset notice + * sf#3911 Filtering database names includes empty groupings + * sf#3678 Does not display or manipulate bit(64) fields appropriately + * sf#4129 Unneeded navi panel refresh + * sf#4120 SSL redirects to port 80 + * sf#4144 DROP DATABASE displays wrong database name + * sf#4059 Running delete query asks for confirmation but says it was already executed + * sf#4147 Accessibility: Images without Alt nor title attribute + +------------------------------------------------------------------- +Mon Oct 7 15:36:07 UTC 2013 - ecsos@opensuse.org + +- update to 4.0.8 (2013-10-06) + * sf#3988 Rename view is not working + * sf#4041 Interaction between linkified fields and grid editing + * sf#3975 Table grouping isn't implemented properly + * sf#4060 Browser tries to remember wrong password when creating new user + * sf#4002 Edit Index on big table doesn't show "Loading" or any message + * sf#4098 Default table tab is ignored + * sf#4099 Server/library difference warning: setting is ignored + * sf#4100 table tree group strategy + * sf#4102 ALTER TABLE ORDER BY and InnoDB + * sf#4103 Tracking report: cannot delete a statement + * sf#3996 Drizzle navigation doesn't expand + * sf#4074 GIS column editor: point not displayed + * sf#4109 Drizzle tables in navigation are shown as views + * sf#4095 NUL symbols added to the end of database dump file + * sf#4105 More disappears in table Structure + * sf#3992 Multi-row edit doesn't clear values when checking NULL + +------------------------------------------------------------------- +Sun Sep 29 11:13:39 UTC 2013 - ecsos@opensuse.org + +- update to 4.0.7 (2013-09-23) + * sf#3993 Sorting in database overview with statistics doesn't work + * bug Handle the situation where PHP_SELF is not set + * sf#4080 Overwrite existing file not obeyed + * sf#3929 Database-specific privileges are not copied when cloning user + * sf#3997 Error handling in case MySQL extension is missing + * sf#4089 Moving Columns will alter column definition + * sf#4091 Insert ignore option does not work + * sf#4090 Downloading BLOB downloads page template + * sf#4092 Clicking on table name in view of information_schema redirects to wrong page + * sf#4079 Copy Table Add AUTO_INCREMENT value checkbox not working + * sf#4088 MySQL server version at index.php incorrect w/ controlhost + * sf#4001 Import error: Class 'ImportOds' not found + * sf#3986 Missing DROP VIEW button + +------------------------------------------------------------------- +Sat Sep 7 15:42:13 UTC 2013 - ecsos@opensuse.org + +- update to 4.0.6 (2013-09-05) + * sf#4036 Call to undefined function mb_detect_encoding (clarify the doc) + * sf Missing hints when changing a column's structure + * sf#4048 Cannot select foreign value in Search + * sf#4025 gzip export is not actually compressed with mod_deflate + * sf#4054 query analysis doesn't launch in status monitor + * Add pmahomme icon credits (FamFamFam silk icon set) + * sf#4064 Table structure statistics "Space usage" caption too small for l10n + * sf#4051 Wrong tabindex when inserting rows + * sf#4066 varchar field not truncated in table browse mode + * rfe #1435 Opening database should expand it in the navigation menu + * (performance) Removed ShowTooltip directive + * sf#4046 Exporting huge Tables causes memory-Problems + +------------------------------------------------------------------- +Wed Aug 7 12:09:45 UTC 2013 - chris@computersalat.de + +- fix for bnc#833731 + * PMASA-2013-10 (CVE-2013-5029 CWE-661 CWE-693) + http://www.phpmyadmin.net/home_page/security/PMASA-2013-10.php + +------------------------------------------------------------------- +Mon Aug 5 21:51:23 UTC 2013 - obs@ladisch.de + +- update to 4.0.5 (2013-08-04) + * sf#3977 Not detected configuration storage + * sf#3970 Pressing enter in the filter field reloads page + * sf#3984 Cannot insert in this table (PHP < 5.4) + * sf#3989 Reloading privileges does not update the interface + * sf#3960 NavigationBarIconic config not honored + * sf#3985 Call to undefined function mb_detect_encoding + * sf#4007 Analyze option not shown for InnoDB tables + * sf#4015 Forcing a storage engine for configuration storage + * bug Incorrect Drizzle 7 detection + * sf#4019 Create database if not exists (export): add an option to the + interface to enable generating CREATE DATABASE and USE (false by default) + * sf#4012 Crash on CSV file import + * sf#4009 Statistic Monitor shows only last 3 digits in graph + * sf#3998 Non-permanent SQL history not working + * sf#3578 Transformations for text/plain on a BLOB column + * [security] Improved protection against cross framing, see PMASA-2013-10 + (CVE-2013-5029 CWE-661 CWE-693) + * Reinstated configuration directive: AllowThirdPartyFraming +- fix for bug sf#4038: PMASA-2013-8 not mentioned in 4.0.4.2 changes +- add CVEs to 4.0.4.2 changes + +------------------------------------------------------------------- +Mon Jul 29 20:07:45 UTC 2013 - chris@computersalat.de + +- fix for bnc#831896 + * multiple XSS issues (+ a SQL injection and full path disclosure flaw) + * fix for PMASA-2013-8 (CVE-2013-4995 CWE-661 CWE-79) + * fix for PMASA-2013-9 (CVE-2013-4996 CVE-2013-4997 CWE-661 CWE-79 CWE-80) + * fix for PMASA-2013-11 (CVE-2013-4996 CWE-300 CWE-79) + * fix for PMASA-2013-12 (CVE-2013-4998 CVE-2013-4999 CVE-2013-5000 CWE-661 CWE-200) + * fix for PMASA-2013-13 (CVE-2013-5001 CWE-661 CWE-79 CWE-80) + * fix for PMASA-2013-14 (CVE-2013-5002 CWE-661 CWE-79) + * fix for PMASA-2013-15 (CVE-2013-5003 CWE-661 CWE-89 CWE-269) +- update to 4.0.4.2 (2013-07-28) + * [security] fix unescaped parameter, see PMASA-2013-8 + * [security] Fix stored XSS in Server status monitor, see PMASA-2013-9 + * [security] Fix stored XSS in navigation panel logo link, see PMASA-2013-9 + * [security] Fix self-XSS in setup, trusted proxies validation, see PMASA-2013-9 + * [security] Fix full path disclosure, see PMASA-2013-12 + * [security] Fix control user SQL injection in pmd_pdf.php, see PMASA-2013-15 + * [security] Fix control user SQL injection in schema_export.php, see PMASA-2013-15 + * [security] Fix self-XSS in schema export, see PMASA-2013-14 + * [security] Fix unencoded json object, see PMASA-2013-11 + * [security] Fix stored XSS in link transformation plugin, see PMASA-2013-13 + +------------------------------------------------------------------- +Wed Jul 3 21:40:23 UTC 2013 - obs@ladisch.de + +- update to 4.0.4.1 (2013-06-30) + * [security] Global variables scope injection vulnerability + (PMASA-2013-7, CVE-2013-4729) + +------------------------------------------------------------------- +Tue Jun 18 22:29:34 UTC 2013 - ecsos@opensuse.org + +- update to 4.0.4 (2013-06-17) + * sf#3959 Using DefaultTabDatabase in NavigationTree for Database Click + * sf#3961 Avoid Suhosin warning when in simulation mode + * sf#3897 Row Statistics and Space usage bugs + * sf#3966 Only display "table has no unique column" message when applicable + * sf#3960 NavigationBarIconic config not honored + * sf#3965 Default language wrong with zh-TW + * sf#3921 Call to undefined function PMA_isSuperuser() if default server is not set + * sf#3971 Ctrl/shift + click opens links in same window + * sf#3964 Import using https does not work + * fix bug Missing removeCRLF option in ExportCsv and ExportExcel plugins + * sf#3631 Drop not working Visio schema export. + * sf#3645 Better handling of invalid ODS documents + * sf#3976 Number of pages + * sf#3922 User privileges, database name unescaped + +------------------------------------------------------------------- +Wed Jun 12 21:59:40 UTC 2013 - chris@computersalat.de + +- fix changelog + * add missing 'fix for bnc#xxxxxx + +------------------------------------------------------------------- +Thu Jun 6 16:27:24 UTC 2013 - ecsos@opensuse.org + +- update to 4.0.3 (2013-06-05) + * sf#3941 Recent tables list always empty + * sf#3933 Do not translate "Open Document" in export settings + * sf#3927 List of tables is missing after expanding in the navigation frame + * sf#3942 Warnings about reserved word for many non reserved words + * sf#3912 Exporting row selection, resulted by ORDER BY query + * sf#3957 Cookies must be enabled past this point + * sf#3956 "Browse foreign values" search filter / page selector not working + * sf#3579 NOW() function incorrectly selected (partial regression) + * [security] Javascript execution vulnerability in Create view, + reported by Maxim Rupp (see PMASA-2013-6) +- fix for bnc#824306 + * PMASA-2013-6 (CVE-2013-3242) + +------------------------------------------------------------------- +Sat May 25 17:33:09 UTC 2013 - ecsos@opensuse.org + +- update to 4.0.2 (2013-05-24) + * sf#3902 Cannot browse when table name contains keyword "call" + * center loading indicator for navigation refresh, related to bug #3920 + * sf#3925 Table sorting in navigation panel is case-sensitive + * sf#3915 Import of CSV file (Replace table data with file) with duplicate values + * sf#3907 undefined variables, function parameter problems + * sf#3898 Structure not refreshed after column drop + * sf#3926 View is not updatable + * sf#3919 PropertiesIconic not honored + * sf#3930 Databases to choose for specific privileges show up escaped + * sf#3910 Export database with empty table as a php array, does not produce valid PHP + * sf#3936 Query profiler chart not loading from SQL Query page + * sf#3946 Missing CSV import option "Do not abort on INSERT error" + * sf#3943 Missing Operations>Table options>AUTO_INCREMENT + * bug Missing CREATE DATABASE statement when exporting at database level + * sf#3924 Show warning when CSV file does not contain data for all columns + * sf#3947 Missing Sql Query after modify structure + * sf#3948 Server export problems + * sf#3917 CountTables directive is deprecated + +------------------------------------------------------------------- +Wed May 15 08:00:00 UTC 2013 - ecsos@opensuse.org + +- update to 4.0.1.0 (2013-05-14) + * sf#3879 Import broken for CSV using LOAD DATA + * sf#3889 When login fails and error display is active, login data is displayed + * sf#3890 [import] Web server upload directory import fails + * sf#3891 [import] Server upload folder import file name missing in success message + * rfe #1421 [auth] Add retry button on connection failure with config auth + * sf#3894 [interface] Provide feedback if no columns selected for multi-submit + * sf#3799 [interface] Incorrect select field change on ctrl key navigation in Firefox + * sf#3885 [browse] display_binary_as_hex option causes unexpected behavior + * sf#3899 Git commit links to Github missing + * sf#3900 CSP WARN in Firefox console + * sf#3901 Setup script warning for config auth (stored login data) shows link BBcode + * sf#3895 [browse] Fixed getting BLOB data + * sf#3905 [export] Custom Exporting exports all databases + * sf#3909 [import] Import of CSV FIle to selected table doesn't work + * sf#3904 Browsing an empty table should not display its Structure + * sf#3908 Calendar widget improperly redirects to home + * sf#3918 Greyed out tabs when there are no rows fixed + * sf#3916 [interface] Missing scrollbar (original theme) + * [vendor] add tcpdf path to vendor_config.php + * bug fix compat with tcpdf >= 6.0 (tested with 6.0.012) + +------------------------------------------------------------------- +Fri May 3 17:32:42 UTC 2013 - ecsos@opensuse.org + +- update to 4.0.0 (2013-05-03) + * Patch #3481047 for rfe #3480477 Insert as new row enhancement + * Patch #3480999 Activate codemirror in the query window + * Patch #3495284 XML Import - fix message and redirect + * rfe #3484063 Null checkbox behavior + * Patch #3497179 Contest-5: Add user: Allow create DB w/same name + grant u_% + * Patch #3498201 Contest-6: Export all privileges + * Patch #3502814 for rfe #3187077 Change password buttons should match + * rfe #3488640 Expand table-group in non-light navigation frame if only one + * Patch #3509360 Contest-3: Option "Truncate table" before "insert" + * Patch #3506552 Contest-2: Show index information in the data dictionary + * Patch #3510656 Contest-1: Ignoring foreign keys while dropping tables + * sf#3509686 Reverting sort on joined column does not work + * New transformation: append string + * rfe #3507804 Session upload progress (PHP 5.4) + * rfe #3488185 draggable columns vs copy column name + * Patch #3507001 Contest-4: Textarea for large character columns + * Removed the PHP version of the ENUM editor + * Patch #3507111 Display distinct results, linked to corresponding data rows + * sf#3507917 [export] JSON has unescaped values for allegedly numeric columns + * rfe #3516187 show tables creation, last update, last check timestamps in db_structure + * sf#3059806 Supporting running from CIFS/Samba shares + * sf#3516341 [export] Open Document Text, Word and Texy! Text show table structure twice + * sf [export] Texy! Text: Columns containing Pipe Character don't export properly + * [export] Show triggers in Open Document Text, Word and Texy! Text + * Patch #3415061 [auth] Login screen appears under the page + * rfe #3517354 [interface] Allow disabling CodeMirror with $cfg['CodemirrorEnable'] = false + * rfe #3475567 [interface] New directive $cfg['HideStructureActions'] + * sf#3468272 [import] Fixed import of ODS with more paragraphs in a cell + * sf#3510196 [core] Improved redirecting with ForceSSL option + * rfe #3518852 [edit] edit blob but not other binary, new option $cfg['ProtectBinary'] = 'noblob' + * Hide language select box if there are no locales installed + * Removed some directives: verbose_check, SuggestDBName, LightTabs, + VerboseMultiSubmit, ReplaceHelpImg + * Patch #3500882 Fixing checkbox behaviour while editing identical rows + * rfe #3441722 [interface] Display description of datatypes + * rfe #3517835 [structure] Move columns easily + * Ajaxified "Create View" functionality + * [import] New plugin: import mediawiki + * New navigation system + * Discontinued the use of a frame-based layout + * rfe #3528994 [interface] Allow wrapping possibly long values in replication-status table + * [interface] Autoselect username input on cookie login page + * sf#3563799 [interface] Grid editing destroying huge amount of data + * [import] Remove support for the unactive docSQL import format + * sf#3577443 [edit] "Browse foreign values" does not show on ajax edit + * rfe #3522109 [browse] Grid editing: action to trigger it (or disable) + * sf#3526598 [interface] SQL query not shown when creating table + * Dropped configuration directive: AllowThirdPartyFraming + * Dropped configuration directive: LeftFrameLight + * Dropped configuration directive: DisplayDatabasesList + * Dropped configuration directives: ShowTooltipAliasDB and ShowTooltipAliasTB + * Dropped configuration directive: NaviDatabaseNameColor + * Added configuration directive: MaxNavigationItems + * Renamed configuration directive: LeftFrameDBTree => NavigationTreeEnableGrouping + * Renamed configuration directive: LeftFrameDBSeparator => NavigationTreeDbSeparator + * Renamed configuration directive: LeftFrameTableSeparator => NavigationTreeTableSeparator + * Renamed configuration directive: LeftFrameTableLevel => NavigationTreeTableLevel + * Renamed configuration directive: LeftPointerEnable => NavigationTreePointerEnable + * Renamed configuration directive: LeftDefaultTabTable => NavigationTreeDefaultTabTable + * Renamed configuration directive: LeftDisplayTableFilterMinimum => NavigationTreeDisplayTableFilterMinimum + * Renamed configuration directive: LeftDisplayLogo => NavigationDisplayLogo + * Renamed configuration directive: LeftLogoLink => NavigationLogoLink + * Renamed configuration directive: LeftLogoLinkWindow => NavigationLogoLinkWindow + * Renamed configuration directive: LeftDisplayServers => NavigationDisplayServers + * Renamed configuration directive: LeftRecentTable => NumRecentTables + * Renamed configuration directive: LeftDisplayDatabaseFilterMinimum => NavigationTreeDisplayDbFilterMinimum + * Removed the "Mark row on click" feature; must now click the checkbox to mark + * Removed the "Synchronize" feature + * Improved layout of server variables page + * rfe #1052091 [config] Double-underscores in PMA table names + * Improved the "More" dropdown on the table structure page + * [interface] Added "scroll to top" link in menubar + * [designer] Fullscreen mode for the designer + * Upgraded jquery to v1.8.3 and jquery-ui to v1.9.2 + * Patch #3597529 [status] Add raw value as title on server status page + * Support MySQL 5.6 partitioning + * Removed the AjaxEnable directive + * rfe #3542567 Accept IPv6 ranges and IPv6 CIDR notations in $cfg['Servers'][$i]['AllowDeny']['rules'] + * sf#3576788 Grid editing shows the value before silent truncation + * Upgraded jqPlot to 1.0.4 r1121 + * Upgraded to jquery-ui-timepicker-addon 1.1.1 + * rfe #3599046 [interface] Added comments for indexes + * Replaced qtip with jQuery UI tooltip + * Upgraded CodeMirror to 2.37 + * sf#2951 [export] Correctly export decimal fields. + * sf#3762 [core] Make Advisor work on Windows withou COM extension. + * sf#3519 [export] Prevent infinite recursion in PDF export. + * sf#3827 Table specific privileges not displayed for db name containing underscore + * rfe #1386 Add IF NOT EXISTS clause when copying database + * No longer package .travis.yml configuration file when creating a release. + * sf#3830 Can't export custom query because it lowercases table names + * sf#3829 Enabling query profiling crashes javascript based navigation + * rfe #879 Reserved word warning + * Remove the database ordering sub-feature of the only_db directive + * sf#3840 When exporting to gzip format, the data is compressed 2 times + * rfe #1319 Permit to create index when creating foreign key + * sf#3703 Incorrect updating of the list of users + * sf#3853 Blowfish implementation might be broken (replace with phpseclib) + * sf#3865 Using like operator on each backslash needs 4 backslash protection + * sf#3860 Displayed git revision info is not set + * sf#3871 Check referential integrity broken across databases + * sf#3874 [export] No preselected option when exporting table + * sf#3873 Can't copy table to target database if table exists there + * sf#3683 Incorrect listing of records from to count + * sf#3876 [import] PHP 5.2 - unexpected T_PAAMAYIM_NEKUDOTAYIM + * [security] Local file inclusion vulnerability, reported by Janek Vind + (see PMASA-2013-4) + * [security] Global variables overwrite in export.php, reported by Janek Vind + (see PMASA-2013-5) + * sf#3892 [export] SQL Export files are empty +- fix for bnc#824304 + * PMASA-2013-4 (CVE-2013-3240) +- fix for bnc#824305 + * PMASA-2013-5 (CVE-2013-3241) + +------------------------------------------------------------------- +Wed Apr 24 22:41:50 UTC 2013 - ecsos@opensuse.org + +- update to 3.5.8.1 (2013-04-24) + * [security] Remote code execution (preg_replace), reported by Janek Vind + (see PMASA-2013-2) + * [security] Locally Saved SQL Dump File Multiple File Extension Remote Code + Execution, reported by Janek Vind (see PMASA-2013-3) +- fix for bnc#824301 + * PMASA-2013-2 (CVE-2013-3238) +- fix for bnc#824302 + * PMASA-2013-3 (CVE-2013-3239) + +------------------------------------------------------------------- +Mon Apr 8 18:33:29 UTC 2013 - ecsos@opensuse.org + +- update to 3.5.8 (2013-04-08) + * sf#3828 MariaDB reported as MySQL + * sf#3854 Incorrect header for Safari 6.0 + * sf#3705 Attempt to open trigger for edit gives NULL + * Use HTML5 DOCTYPE + * [security] Self-XSS on GIS visualisation page, reported by Janek Vind + see PMASA-2013-1 + * sf#3800 Incorrect keyhandler behaviour #2 +- fix for bnc#814678 + * PMASA-2013-1 (CVE-2013-1937) + +------------------------------------------------------------------- +Fri Mar 15 19:51:32 UTC 2013 - chris@computersalat.de + +- update to 3.5.7.0 (2013-02-15) + * sf#3779 [core] Problem with backslash in enum fields + * sf#3816 Missing server_processlist.php + * sf#3821 Safari: white page + * Correct detection of the Chrome browser + +------------------------------------------------------------------- +Mon Feb 4 17:34:24 CET 2013 - draht@suse.de + +- update to 3.5.6.0 (2013-01-28) + * sf#3593604 [status] Erroneous advisor rule + * sf#3596070 [status] localStorage broken in server status monitor + * sf#3598736 [routines] Editing a procedure with special characters + * sf#3600322 [core] Visualize GIS data throws Fatal Error + * sf#3599362 [core] Double-escaped error message + * sf#3776 [cookies] Login without auth on second server + +------------------------------------------------------------------- +Wed Jan 16 23:17:50 UTC 2013 - chris@computersalat.de + +- update to 3.5.5.0 (2012-12-21) + * sf#3563824 [export] Support Apache's mod_deflate + * sf#3585523 [interface] Inline query editing broken after row update + * sf#3586389 [setup] Cannot switch language in /setup + * sf#3585695 [CSS] Font size in inline query editor is way too big + * sf#3588354 [l10n] Portuguese Language not displaying correctly + * sf#3591412 [status] Live charts don't work for non-default server + * sf[core] Proxy ajax calls to pma.net to avoid browser notices + * sf#3593534 [tracking] Structure Snapshot on tracked view renders + invalid SQL + * sf#3544366 [events] Event comments not saved + +------------------------------------------------------------------- +Sat Dec 15 15:23:00 UTC 2012 - chris@computersalat.de + +- update to 3.5.4.0 (2012-11-16) + * sf#3570212 [edit] uuid_short() is a no-arguments function + * sf#3569577 [edit] Add routine parameter headers not valid for + "function" + * sf#3575799 [search] Various search operators not working as + expected + * sf#3576322 [search] Invalid select query generated for tables with + ENUM fields + * sf#3577468 [display] Incorrect imagejpeg Syntax Breaks Image + Transformation + * sf#3578776 [search] Editing SQL not possible when no records found + * sf#3571970 [interface] Display chart and number of rows to plot + * sf#3582631 [core] Wrong redirect url caused cookies error with + ForceSSL + +------------------------------------------------------------------- +Mon Nov 5 11:40:16 UTC 2012 - chris@computersalat.de + +- update to 3.5.3.0 (2012-10-08) + * sf#3539044 [interface] Browse mode "Show" button gives blank page + if no results anymore + * sf#3534979 [interface] Copy Database Ajax feedback vanishes long + before copying is done + * sf#3527531 [interface] GC-maxlifetime warning incorrectly + displayed + * sf#3526916 [interface] Search fails with JS error when tooltips + disabled + * sf#3544366 [interface] Event comments not saved + * sf#3549084 [edit] Can't enter date directly when editing inline + * sf#3548491 [interface] Inline query editor doesn't work from + search results + * sf#3547825 [edit] BLOB download no longer works + * sf#3541966 [config] Error in generated configuration arrray + * sf#3553551 [GUI] Invalid HTML code in multi submits confirmation + form + * [interface] Designer sometimes places tables on the top menu + * sf#3546277 [core] Call to undefined function __() when config file + has wrong permissions + * sf#3540922 [edit] Error searching table with many fields + * sf#3555104 [edit] Cannot copy a DB with table and views + * sf#3559925 [privileges] Incorrect updating of the list of users + * sf#3561224 [edit] cell edit date field with empty date fills in + current date + * sf#3559955 [edit] current_date from function drop down fails on + update + * sf#3562472 add support for Solaris and FreeBSD system load and + memory display in server status + * sf#3553068 [import] Table import from XML file fails + * replace Highcharts with jqplot for Display chart + * sf#3567684 [edit] Pasting value doesn't clear null checkbox + * sf#3570786 [edit] Datepicker for date and datetime fields is + broken +- fix for bnc#788103 + * PMASA-2012-6 (CVE-2012-5339) + o http://www.phpmyadmin.net/home_page/security/PMASA-2012-6.php + * PMASA-2012-7 (CVE-2012-5368) + o http://www.phpmyadmin.net/home_page/security/PMASA-2012-7.php + +------------------------------------------------------------------- +Tue Aug 21 14:30:51 UTC 2012 - chris@computersalat.de + +- update to 3.5.2.2 (2012-08-12) + - [security] Fixed XSS vulnerabilities, + see PMASA-2012-4 +- update to 3.5.2.1 (2012-08-03) + - [security] Fixed local path disclosure vulnerability, + see PMASA-2012-3 +- fix for bnc#776701 + * PMASA-2012-4 (CVE-2012-4345) +- fix for bnc#776698 + * PMASA-2012-3 (CVE-2012-4219) + +------------------------------------------------------------------- +Sun Jul 8 15:52:13 UTC 2012 - chris@computersalat.de + +- udpate to 3.5.2 (2012-07-07) + * bug sf#3521416 [interface] JS error when editing index + * bug sf#3521313 [core] Call to undefined function __() + * bug sf#3521016 [edit] NOW() function incorrectly selected + * bug [GUI] Invalid HTML code on transformation_overview.php + * bug sf#3522930 [browse] Missing validation in Ajax mode + * bug Fix popup message on build SQL of import + * bug sf#3523499 [core] Make X-WebKit-CSP work better + * replace Highcharts with jqplot for query profiling, zoom search + * bug sf#3531584 [interface] No form validation in change password + dialog + * bug sf#3531585 [interface] Broken password validation in copy user + form + * bug sf#3531586 [unterface] Add user form prints JSON when user + presses enter + * bug sf#3534121 [config] duplicate line in config.sample.inc.php + * bug sf#3534311 [interface] Grid editing incorrectly parses + ENUM/SET values + * bug sf#3510196 [core] More clever URL rewriting with ForceSSL +- rebase config patch + +------------------------------------------------------------------- +Sun Jun 3 22:00:45 UTC 2012 - chris@computersalat.de + +- update to 3.5.1.0 (2012-05-03) + * bug sf#3510784 [edit] Limit clause ignored when sort order is + remembered + * bug sf#3511471 [interface] View name not seen in navi panel + (MySQL 5.1) + * bug sf#3512916 [display] Right frame reloads after displaying SQL + result(zero rows) + * bug [interface] Fixed missing Codemirror for inline query edit + when exporting a result set + * bug sf#3514490 [auth] Multiple Navigation panels bug still present + * bug sf#3515181 [users] Error in create user + underscore + create + database + * bug sf#3515666 [display] Profiling chart shows wrong data + * bug sf#3516037 [auth] JS includes missing in auth config error page + * bug sf#3516183 [display] Missing image extension + * bug [display] Added missing icons in original theme + * bug sf#3516761 [edit] Query error after search + * bug sf#3516405 [display] Chart title is getting wrong within chart + export + * bug sf#3517021 [interface] Header links except 'More' hide after + closing dialog + * bug sf#3516817 [interface] "More" actions in table structure + * bug sf#3518484 [privileges] PMA_sqlAddSlashes() does not quote the + table names correctly + * bug sf#3518983 [designer] Error messages do not appear in the + Designer + * bug sf#3519747 [interface] Suhosin patch warning incorrectly + displayed + * bug sf#3520107 [interface] Server status page: Incorrect dialog box + titles + * bug sf#3516089 [structure] DROP does not work on defective VIEWs +- rebase config patch + * remove version from patch name + * add missing options + +------------------------------------------------------------------- +Thu Apr 26 19:49:16 UTC 2012 - chris@computersalat.de + +- update to 3.4.11.0 + * bug sf#3486970 [import] Exception on XML import + * bug sf#3488777 [navi] $cfg['ShowTooltipAliasTB'] and blank names + in navigation + * bug sf#3512565 [navi] Fixed missing word "Rows" in table list + tooltip after click + +------------------------------------------------------------------- +Mon Apr 2 10:14:55 UTC 2012 - chris@computersalat.de + +- update to 3.4.10.2 (fix for bnc#755211) + - [security] Fixed local path disclosure vulnerability, + see PMASA-2012-2 + http://www.phpmyadmin.net/home_page/security/PMASA-2012-2.php + +------------------------------------------------------------------- +Thu Feb 23 12:45:22 UTC 2012 - chris@computersalat.de + +- fix changelog + * rename bugs , patches ("{bug,patch} #....") to fit into + bug naming scheme -> "sf#...." + +------------------------------------------------------------------- +Mon Feb 20 09:50:54 UTC 2012 - chris@computersalat.de + +- update to 3.4.10.1 (fix for bnc#747841) + * [security] XSS in replication setup, see PMASA-2012-1 +- 3.4.10.0 (2012-02-14) + * sf#3460090 [interface] TextareaAutoSelect feature broken + * sf#3375984 [export] PHP Array export might generate invalid php + code + * sf#3049209 [import] Import from ODS ignores cell that is the same + as cell be fore + * sf#3463933 [display] SELECT DISTINCT displays wrong total records + found + * sf#3458944 [operations] copy table data missing + SET SQL_MODE='NO_AUTO_VALUE_ON_ZERO' + * sf#3469254 [edit] Setting data to NULL and drop-downs + * sf#3477063 [edit] Missing set fields and values in generated + INSERT query + * sf#3460867 [libraries] license issue with TCPDF + (updated to 5.9.145), (fix for bnc#736698) + +------------------------------------------------------------------- +Wed Dec 28 13:41:55 UTC 2011 - chris@computersalat.de + +- update to 3.4.9 + - sf#3442028 [edit] Inline editing enum fields with null shows no dropdown + - sf#3442004 [interface] DB suggestion not correct for user with underscore + - sf#3438420 [core] Magic quotes removed in PHP 5.4 + - sf#3398788 [session] No feedback when result is empty (signon auth_type) + - sf#3384035 [display] Problems regarding ShowTooltipAliasTB + - sf#3306875 [edit] Can't rename a database that contains views + - sf#3452506 [edit] Unable to move tables with triggers + - sf#3449659 [navi] Fast filter broken with table tree + - sf#3448485 [GUI] Firefox favicon frameset regression + - [core] Better compatibility with mysql extension + - [security] Self-XSS on export options (export server/database/table), + see PMASA-2011-20 + - [security] Self-XSS in setup (host parameter), see PMASA-2011-19 +- fix for bnc#738411 + * PMASA-2011-19 (CVE-2011-4780) + * PMASA-2011-20 (CVE-2011-4782) +- rework config patch + +------------------------------------------------------------------- +Fri Dec 16 08:34:11 UTC 2011 - chris@computersalat.de + +- fix changelog + * add missing info for bnc#736772 +- fix fdupes + * reduce fdupes to affected files only (./libraries,./themes) + +------------------------------------------------------------------- +Tue Dec 13 14:25:45 UTC 2011 - chris@computersalat.de + +- update to 3.4.8 + - sf#3425230 [interface] enum data split at space char (more space to edit) + - sf#3426840 [interface] ENUM/SET editor can't handle commas in values + - sf#3427256 [interface] no links to browse/empty views and tables + - sf#3430377 [interface] Deleted search results remain visible + - sf#3428627 [import] ODS import ignores memory limits + - sf#3426836 [interface] Visual column separation + - sf#3428065 [parser] TRUE not recognized by parser + + sf#3433770 [config] Make location of php-gettext configurable + - sf#3430291 [import] Handle conflicts in some open_basedir situations + - sf#3431427 [display] Dropdown results - setting NULL does not work + - sf#3428764 [edit] Inline edit on multi-server configuration + - sf#3437354 [core] Notice: Array to string conversion in PHP 5.4 + - [interface] When ShowTooltipAliasTB is true, VIEW is wrongly shown as the + view name in main panel db Structure page + - sf#3439292 [core] Fail to synchronize column with name of keyword + - sf#3425156 [interface] Add column after drop + - [interface] Avoid showing the password in phpinfo()'s output + - sf#3441572 [GUI] 'newer version of phpMyAdmin' message not shown in IE8 + - sf#3407235 [interface] Entering the key through a lookup window does not + reset NULL + - [security] Self-XSS on database names (Synchronize), see PMASA-2011-18 + - [security] Self-XSS on database names (Operations/rename), see PMASA-2011-18 + - [security] Self-XSS on column type (Create index), see PMASA-2011-18 + - [security] Self-XSS on column type (table Search), see PMASA-2011-18 + - [security] Self-XSS on invalid query (table overview), see PMASA-2011-18 +- fix for bnc#736772 (CVE-2011-4634, PMASA-2011-18) + +------------------------------------------------------------------- +Mon Nov 14 20:22:30 UTC 2011 - chris@computersalat.de + +- update to 3.4.7.1 (fix for bnc#728243) + - [security] Fixed possible local file inclusion in XML import + (CVE-2011-4107), see PMASA-2011-17 + http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php + +------------------------------------------------------------------- +Wed Oct 26 10:49:15 UTC 2011 - chris@computersalat.de + +- update to 3.4.7 + - sf#3418610 [interface] Links in navigation when + $cfg['MainPageIconic'] = false + - sf#3418849 [interface] Inline edit shows dropdowns even after closing + - bug [view] View renaming did not work + - bug [navi] Wrong icon for view (MySQL 5.5) + - sf#3420229 [doc] Missing documentation section + - sf#3423725 [pdf] Broken PDF file when exporting database to PDF + - [core] Allow to set language in URL + - sf#3425184 [doc] Fix links to PHP documentation + - sf#3426031 [export] Export to bzip2 is not working +- 3.4.6.0 (2011-10-16) + - sf#3404173 InnoDB comment display with tooltips/aliases + - sf#3404886 [navi] Edit SQL statement after error + - sf#3403165 [interface] Collation not displayed for long enum fields + - sf#3399951 [export] Config for export compression not used + - sf#3400690 [privileges] DB-specific privileges won't submit + - sf#3410604 [config] Configuration storage incorrect suggested table name + - sf#3383572 [interface] Cannot execute saved query + - sf#3411535 [display] Full text button unchecks results display options + - sf#3411224 [display] Broken binary column when 'Show binary contents' + is not set + - sf#3411633 [core] Call to undefined function PMA_isSuperuser() + - sf#3413743 [interface] Display options link missing after search + - sf#3324161 [core] CSP policy causing designer JS buttons to fail + - sf#3412862 [relation] Relations/constraints are dropped/created + on every change + - sf#3390832 [display] Delete records from last page breaks search + - sf#3392150 [schema] PMA_User_Schema::processUserChoice() is broken + - sf#3414744 [core] External link fails in 3.4.5 + - sf#3314626 [display] CharTextareaRows is not respected + - sf#3417089 [synchronize] Extraneous db choices + - [security] Fixed local path disclosure vulnerability, see PMASA-2011-15 + - [security] Fixed XSS in setup (host/verbose parameter), see PMASA-2011-16 + +------------------------------------------------------------------- +Tue Oct 4 21:36:48 UTC 2011 - chris@computersalat.de + +- update to 3.4.5 + - sf#3375325 [interface] Page list in navigation frame looks odd + - sf#3313235 [interface] Error div misplaced + - sf#3374802 [interface] Comment on a column breaks inline editing + - sf#3383711 [display] Order by a column in a view doesn't work + in some cases + - sf#3386434 [interface] Add missing space to server status + - [core] Remove library PHPExcel, due to license issues + - [export] Remove native Excel export modules (xls and xlsx formats) + - [import] Remove native Excel import modules (xls and xlsx formats) + - sf#3392920 [edit] BLOB emptied after editing another column + - [security] Fixed XSS in Inline Edit on save action, see PMASA-2011-14 + - [security] Fixed XSS with db/table/column names, see PMASA-2011-14 + +------------------------------------------------------------------- +Sat Aug 27 17:17:27 UTC 2011 - chris@computersalat.de + +- update to 3.4.4 + - sf#3323060 [parser] SQL parser breaks AJAX requests if query has unclosed + quotes + - sf#3323101 [parser] Invalid escape sequence in SQL parser + - sf#3348995 [config] $cfg['Export']['asfile'] set to false does not select + as Text option + - sf#3340151 [export] Working SQL query exports error page + - sf#3353649 [interface] "Create an index on X columns" form not validated + - sf#3350790 [interface] JS error in Table->Structure->Index->Edit + - sf#3353811 [interface] Info message has "error" class + - sf#3357837 [interface] TABbing through a NULL field in the inline mode + resets NULL + - remove version number in /setup + - sf#3367993 [usability] Missing "Generate Password" button + - sf#3363221 [display] Missing Server Parameter on inline sql query + - sf#3367986 [navi] Drop field -> lost active table + - remove misleading comment on the "Rename database" interface + - sf#3374374 [interface] Fix footnote for inexact count while browsing + - sf#3372807 [interface] Fix security warning link in setup + - sf#3374347 [display] Backquotes in normal text on import page + - sf#3358750 [core] With Suhosin, urls are too long in edit links + - [security] Missing sanitization on the table, column and index names leads to + XSS vulnerabilities, see PMASA-2011-13 + +------------------------------------------------------------------- +Fri Jul 29 14:57:01 UTC 2011 - chris@computersalat.de + +- update to 3.4.3.2 + o PMASA-2011-9 to PMASA-2011-12 + http://www.phpmyadmin.net/home_page/security/ + +------------------------------------------------------------------- +Mon Jul 4 13:27:10 UTC 2011 - chris@computersalat.de + +- update to 3.4.3.1 + - [security] Fixed possible session manipulation in swekey + authentication, see PMASA-2011-5 + - [security] Fixed possible code injection incase session variables + are compromised, see PMASA-2011-6 + - [security] Fixed regexp quoting issue in Synchronize code, see PMASA-2011-7 + - [security] Fixed filtering of a file path, which allowed for + directory traversal, see PMASA-2011-8 +- 3.4.3.0 (2011-06-27) + - sf#3311170 [sync] Missing helper icons in Synchronize + - sf#3304473 [setup] Redefine a lable that was wrong + - sf#3304544 [parser] master is not a reserved word + - sf#3307616 [edit] Inline edit updates multiple duplicate rows + - sf#3311539 [edit] Inline edit does not escape backslashes + - sf#3313210 [interface] Columns class sometimes changed for nothing + - sf#3313326 [interface] Some tooltips do not disappear + - sf#3315720 [search] Fix search in non unicode tables + - sf#3315741 [display] Inline query edit broken + - sf#3317206 [privileges] Generate password option missing on new accounts + - sf#3317293 [edit] Inline edit places HTML line breaks in edit area + - sf#3319466 [interface] Inline query edit does not escape special characters + - minor XSS (require a valid token) +- add restart_on_update apache to post + +------------------------------------------------------------------- +Wed Jun 22 09:01:52 UTC 2011 - chris@computersalat.de + +- fix changelog + o update to 3.4.2.0 -> update to 3.4.2 +- fix bnc#697748 (suhosin customization) + o moved from spec's %post to http_conf file + +------------------------------------------------------------------- +Thu Jun 09 14:41:00 UTC 2011 - jweberhofer@weberhofer.at + +- update to 3.4.2 + - sf#3301249 [interface] Iconic table operations does not remove inline edit label + - sf#3303869 [interface] Unnecessary scrolling on Databases page + - sf#3303813 [setup] Define a label that was missing + - sf#3305606 [interface] Show all button wraps on privileges page + - sf#3305517 [config] Config for export compression not used + - sf#3305883 [interface] Table is dropped regardless of confirmation + - [auth] Fixed error handling for signon auth method. + - sf#3276001 [core] Avoid caching of index.php. + - sf#3306958 [interface] Unnecessary Details slider + - sf#3308476 [interface] "Show all" not persistent after a sort + - sf#3308072 [auth] Version disclosure to anonymous visitors + - sf#3306981 [interface] pmahomme and table statistics + +------------------------------------------------------------------- +Tue May 24 16:06:05 UTC 2011 - chris@computersalat.de + +- update to 3.4.1 + - bug sf#3301108 [interface] Synchronize and already configured host + - bug sf#3302457 Inline edit and $cfg['PropertiesIconic'] + - Patch #3302313 Show a translated label + - bug sf#3300981 [navi] Table filter is case sensitive + - bug sf#3285929 [privileges] Revert temporary fix + - bug sf#3302872 [synchronize] Synchronize and user name + - bug sf#3302733 [core] Some browsers report an insecure https connection + - [security] Make redirector require valid token +- rework config patch + - removed 3.3.8, added 3.4.1 config patch +- added conftrib to doc +- mod post section + o modify suhosin.ini + +------------------------------------------------------------------- +Sat Mar 19 19:17:57 UTC 2011 - chris@computersalat.de + +- update to 3.3.10 + - patch sf#3147400 [structure] Aria table size printed as unknown, + thanks to erickoh75 - erickoh75 + - patch sf#3150164 [structure] Ordering by size gives incorrect results, + thanks to Madhura Jayaratne - madhuracj + - bug sf#3153409 [core] 0 row(s) affected + - bug sf#3155842 [core] Edit relational page and page number + - [security] Minor security fixes, see PMASA-2010-9 and PMASA-2010-10 + - [lang] German update, thanks to jannicars@users.sourceforge.net. + +------------------------------------------------------------------- +Wed Feb 23 12:10:46 UTC 2011 - chris@computersalat.de + +- update to 3.3.9.2 + - [security] SQL injection, see PMASA-2011-2 +- 3.3.9.1 (2011-02-08) + - [security] Path disclosure, see PMASA-2011-1 +- add macros for ap_usr, ap_grp +- fix perm on sysconfdir + o 0750,root,www + +------------------------------------------------------------------- +Thu Jan 27 20:14:40 UTC 2011 - chris@computersalat.de + +- update to 3.3.9 + - bug [doc] Fix references to MySQL doc + - sf#3101490 Default function for TIMESTAMP, thanks to jirand - jirand + - sf#3103853 [js] Double quotes were not escaped in generated js + - sf#3077463 [core] Events were not copied when copying/renaming database + - sf#1762306 [core] Copy database with view of a view + - sf#3117535 [replication] Add quotes to database in initial statement, + thanks to Craig Duncan - duncan3dc + - sf#3112614 [pdf schema] Scratchboard for PDF pages not working + - sf#3125606 [parser] Query for table "level" causes strange display + - sf#3127904 [parser] Close all opened round brackets indents +- removed Authors from spec + +------------------------------------------------------------------- +Fri Dec 3 23:04:41 UTC 2010 - chris@computersalat.de + +- update to 3.3.8.1 + - sf#3115519 (private) [security] XSS on db search, see PMASA-2010-8 +- rework config patch + o add AllowNoPassword + +------------------------------------------------------------------- +Wed Oct 27 10:23:50 UTC 2010 - javier@opensuse.org + +- update to 3.3.8 + - sf#3059311 [import] BIGINT field type added to table analysis + - [core] Update library PHPExcel to version 1.7.4 + - sf#3062455 [core] copy procedures and routines before tables + - sf#3062455 [export] with SQL, export procedures and routines before tables + - sf#3056023 [import] USE query not working + - sf#3038193 [display] Error when editing row with GEOMETRY column + - sf#3062454 [interface] Display routines/events also when no tables are defin +ed + - support ARIA storage engine as well as its previous name MARIA + +------------------------------------------------------------------- +Wed Sep 22 14:03:14 CEST 2010 - mcihar@suse.cz + +- update to 3.3.7 + +------------------------------------------------------------------- +Wed Jul 7 14:48:50 UTC 2010 - chris@computersalat.de + +- update to version 3.3.4 +- sf#2996161 [import] properly escape import value +- sf#2998889 [import] Import button does not work in Catalan +- [browse] Fix handling of sort order if only column is specified. ++ [lang] Greek update, thanks to Panagiotis Papazoglou - panos78 ++ [lang] Updated lot of translation based on work done in master branch. +- sf#3008411 [databases] Last dropped database remains active in navi +- sf#2986383 [parser] Not all data being shown / counted +- bug [synchronize] Rows were deleted in target table regardless of the + "Would you like to delete..." option +- bug [privileges] List of tables not shown when the db name has a wildcard +- sf#3011126 [display] Edit link missing after long query +- sf#3013264 [doc] FAQ 1.40 uses a comma instead of a period, + thanks to Isaac Bennetch - ibennetch +- [engines] Fix getting InnoDB status. +- sf#2986422 [import] Results for query are not displayed + +------------------------------------------------------------------- +Fri May 21 16:59:50 UTC 2010 - chris@computersalat.de + +- update to version 3.3.3 + - sf#2982480 [navi] Do not group if there would be one table in group + - sf#2983492 [sync] When asking to synchronize Structure and Data, + only Structure is done + - sf#2984893 [engines] InnoDB storage page emits a warning + - sf#2974687, sf#2974692 [compatibility] PHPExcel : IBM AIX iconv() does not work + - sf#2983066 [interface] Flush table on table operations shows the query twice + - sf#2983060, sf#2987900 [interface] Fix initial state of tables in + designer + - sf#2983062, sf#2989408 [engines] Fix warnings when changing table + engine to Maria + - sf#2974067 [display] non-binary fields shown as hex + - sf#2983065 [operations] Error when changing from Maria to MyISAM engine + - sf#2975408 [tracking] Data too long for column data_sql + - bug [tracking] Tracking report should obey MaxCharactersInDisplayedSQL + - bug [edit] Avoid selecting UNHEX function by default for a BLOB column for + which editing is protected + - sf#2994168 [structure] Show auto_increment in uppercase + - sf#2993970 [pdf schema] Page numbering in Table of Contents +- 3.3.2.0 (2010-04-13) + - sf#2969449 [core] Name for MERGE engine varies depending on the + MySQL version, thanks to Dieter Adriaenssens - ruleant + - sf#2966078 [browse] Incorrect LIMIT is saved and sticks while browsing + - sf#2967366 [Structure] Some results of Propose table structure are + shown in hex + - sf#2967565 [insert] UNHEX not selected by default when inserting BINARY + - [navi] Changed link to git repository on main page + - sf#2972232 [menu] Import menu tab not present on main page + - sf#2976790 [menu] Go to the upper level after table DROP, + thanks to Kaarel Nummert - kaarelnu + - sf#2978815 [pdf] Fix generating PDF with table dimensions, thanks to BlinK_ + - sf#2977725 [export] XML wrongly encoded, thanks to Victor Volkov - hanut + - sf#2979234 [import] Create tables with current charset and collation. + - sf#2979234, sf#2960105 [import] Properly import unicode text from ODS. + - sf#2973280 [export] Proper handling of temporary directory in XLS export. + - sf#2980582 [interface] Properly format server status parameter. + - sf#2973949 [session] SQL History broken (revert sf#2899969), + thanks to Dieter Adriaenssens - ruleant + - [doc] Be more specific about problems with Suhosin. + +------------------------------------------------------------------- +Fri Mar 26 00:41:30 UTC 2010 - chris@computersalat.de + +- update to version 3.3.1 + - sf#2941037 [core] Database structure not sorted by table correctly + - sf#2948492 [interface] Slide effect masks some fields on search page + - sf#2959746 [interface] Unknown table status: TABLE_TYPE + - sf#2953050 [export] export VIEW as SQL includes INSERT statement + - sf#2942032 [core] Cannot detect PmaAbsoluteUri correctly on Windows + - sf#2961609 [auth] Potential information disclosure at login page + - sf#2961540 [export] Do not export data of MERGE table, + thanks to Dieter Adriaenssens - ruleant + - sf#2961198 [parser] Querying a table named "data" + - sf#2931429 [structure] Editing long triggers + - sf#2970769 [structure] Incorrect reference to mootools-more.js +- cleanup spec + - fixed HEADER + - sort TAGS + - some macros (ap_...) + - updated description + - added postun + o restart_on_update apache2 +- some rpmlint stuff + - fdupes +- reworked patches + - removed blowfish_secret + - removed mysqli.patch + - added config patch + o mods to vendor_config +- replaced Source1 + phpmyadmin.conf > phpMyAdmin.http +- config.inc.php to /etc/phpMyAdmin + +------------------------------------------------------------------- +Wed Mar 10 21:41:47 UTC 2010 - javier@opensuse.org + +- Updated to 3.3.0 + + rfe #2308632 [edit] Use hex for (var)binary fields + + sf#2794819 [navi] Filter for displayed table names + - sf#2794840 [core] Cannot redeclare pma_tableheader() + - rfe #2726479 [core] configurable maximal length of URL + + sf#2724755 [display] Full/partial text links (big T) are back + - bug [display] handle NavigationBarIconic as documented for navi buttons + + rfe #2726479 [export] Export tables preselect + + sf#2805828 [export] PHP array export plugin + + sf#2798592 [import] Progress bar + - bug [gui] Generate Password not working for 'Change Login Information', only for 'Change password' + + [lang] Arabic update + + rfe #2822190 [structure] BOOLEAN is standard SQL + + [lang] German update + + rfe #2813867 [structure] Default sorting order in list of tables + + [import] Added MySQL type-detection functionality to import library + + [import] Added ODS, Excel XLS, Excel XLSX, and XML import modules + + [export] Added Excel XLSX export module + + [core] Added ability for tracking changes made through phpMyAdmin + + rfe #2839504 [engines] Support InnoDB plugin's new row formats + + [core] Added ability for synchronizing databases among servers. + + [lang] #2843101 Dutch update + + [lang] Galician update + + [export] Added MediaWiki export module + + [lang] Turkish update + + [auth] Add custom port configuration in signon + - [core] Removed context from the error handler + - sf#2883633 [export] Export of InnoDB table is incomplete + + rfe #2862575 [status] Order query statistics by % desc, skip rows with 0 + + rfe #2823686 [interface] Increase default height of query window + + rfe #2129902 [structure] Don't hide indexes + + sf#2812070 [interface] Allow selecting a range of rows by holding shift + + [lang] Russian update, thanks to Victor Volkov + + [lang] Greek update, thanks to Panagiotis Papazoglou + + [lang] Norwegian update, thanks to Sven-Erik Andersen + - sf#2929958 [import] Cannot import (French interface) + - [security] Use X-Frame-Options header to protect against ClickJacking. + + [lang] Finnish update, thanks to Jouni Kahkonen + + [lang] Lithuanian update, thanks to Rytis Slatkevicius - rytis_s + - sf#2931939 [status] Seeing "m" as unit is confusing + - sf#2926613 [edit] Copy database shows errors when DB has foreign key + + [lang] Catalan update, thanks to Xavier Navarro + +------------------------------------------------------------------- +Wed Jan 20 17:18:45 UTC 2010 - javier@opensuse.org + +- Updated to 3.2.5 + - sf#2903400 [bookmarks] Status of bookmark table, + thanks to Virsacer - virsacer + - bug [history] QueryHistoryDB is not respected + - sf#2905629 [auth] Blowfish secret is not hashed + - sf#2910000 [gui] ShowServerInfo should hide all server info from main page + - sf#2910568 [structure] Table size for ARCHIVE tables is not displayed + - sf#2899969 [core] Session lock blocks working from a second window, + thanks to Greg Roach - fisharebest + - sf#2915168 [import] Incorrect parsing of DELIMITER keyword, + thanks to Greg Roach - fisharebest + - sf#2918831 [export] Missing backquotes on reserved words, + thanks to Virsacer - virsacer + - [core] Fix broken cleanup of $_GET + - sf#2924357 [operations] Cannot rename a database that has foreign key + constraints + - sf#869006 [structure] Ignore number of records for MRG_MyISAM tables + - bug [browse] "Show BLOB contents" should display HTML code that is present + in a BLOB, thanks to Vincent van der Tuin + - [privileges] Improve escaping of hostname + +------------------------------------------------------------------- +Tue Nov 10 01:45:00 UTC 2009 - javier@opensuse.org + +- sf#2856664 [export] Date, time, and datetime column types now export correctly to OpenOffice Spreadsheet +- sf#2859788 [parser] Double-character delimiters (sf#2846239) +- sf#2832600 [export] Slow export when having lots of databases +- sf#2537766 [import] Comments are stripped when editing store procedures +- sf#2852370 [operations] Renaming database deletes triggers +- sf#2872247 [interface] Failed opening required 'mysql_charsets.lib.php' +- bug [structure] "In use" table incorrectly reported as "view" +- sf#2879909 [interface] Removed double htmlspecialchars when editing enum column +- sf#2868328 [relations] Adding foreign key when table name contains a dot +- sf#2883381 [doc] Side effects of MemoryLimit setting +- sf#2826128 [display] Inverting sort order when expression contains a function name + +------------------------------------------------------------------- +Sat Sep 19 00:50:10 CEST 2009 - javier@opensuse.org + +- sf#2825293 [structure] Default value for a BIT column +- bug [display] Red arrows were reversed in the list of tables +- sf#2813879 [export] Duplicate empty lines when exporting without comments +- sf#2825919 [export] Trigger export with database name +- sf#2823996 [data] Cannot edit row with no PK and a BIT field +- bug [export] Exporting results of a query which contains a LIMIT clause + inside a subquery +- sf#2837722 [export] Run complex SQL then export does not work +- sf#2839548 [export] Triggers order on export +- sf#2826986 [display] Order by BLOB and range display +- bug [display] After clicking on Show Function or Function, the UPDATE query + is not shown after execution +- bug [structure] Missing validation for BINARY and VARBINARY + +------------------------------------------------------------------- +Sun Aug 16 06:13:35 UTC 2009 - javier@opensuse.org + +- sf#2799009 Login with ipv6 IP address breaks redirect +- sf#2796066 [priv] Inconsistent display of databases list +- sf#2802870 [display] Incorrect overhead value for InnoDB +- bug [display] Incorrect display in replication status +- sf#1601625 [display] The Ignore checkbox is not unchecked for ENUM +- sf#2809930 [setup] Notice: Undefined variable: k in setup/index.php +- bug [features] Incorrect report of missing relational features +- [security] XSS: Insufficient output sanitizing (not exploitable without a vali +d token) + thanks to Sven Vetsch/Disenchant for informing us in a responsible manner +- sf#2634827 [import] Using DELIMITER produces infinite cycle ++ new language files: uzbek_cyrillic and urbek_latin +- sf#2814109 [search] Right frame is blank +- sf#2816840 [priv] Cannot change a user's details +- sf#2816165 [display] Executed query not always displayed +- sf#2819944 [setup] Incorrect mention of designer_coords +- sf#2821757 [insert] "Insert another new row" no longer worked ++ [lang] Norwegian update +- bug [core] PMA_pow() can support negative exponents in the pow() case ++ [lang] Brazilian Portuguese update +- sf#2822384 [docs] Missing auth_type in docs-example +- sf#2819728 [display] Slider effect jumping to top of page +- bug [display] Incorrect computation of overhead stats in server view + for tables under the InnoDB engine ++ [lang] Swedish update + +------------------------------------------------------------------- +Fri Jul 24 15:51:24 UTC 2009 - javier@opensuse.org + +- First security release for phpMyAdmin 3.2.0 + +------------------------------------------------------------------- +Sun Jun 28 04:17:23 UTC 2009 - javier@opensuse.org + +- update to 3.2.0 + +------------------------------------------------------------------- +Sun May 4 16:19:43 UTC 2008 - crrodriguez@suse.de + +- phpMyAdmin package misses files (favicon.ico, scripts/*) [BNC #381747] +- phpMyAdmin setup.php missing [BNC #335306] +- update to version 2.11.6, bug fix only release +- sf#1903724 [interface] Displaying of very large queries + in error message +- sf#1905711 [compatibility] Functions deprecated in PHP 5.3: + is_a() and get_magic_quotes_gpc() +- bug [lang] catalan wrong accented characters +- sf#1893034 [Export] SET NAMES for importing with command-line + client + + [lang] Russian update +- sf#1910485 [core] Unsetting the whitelist during the loop +- sf#1906980 [Export] Import of VIEWs fails if temp table exists +- sf#1812763 [Copy] Table copy when server is in ANSI_QUOTES + sql_mode +- sf#1918531 [compatibility] Navigation isn't w3.org valid +- sf#1926357 [data] BIT defaults displayed incorrectly +- sf#1930057 [auth] colon in password prevents HTTP login + on CGI/IIS +- sf#1929553 [lang] Don't output BOM character in Swedish + language file +- sf#1895796 [lang] Typo in Japanese lang files +- sf#1935652 [auth] Access denied (show warning about mcrypt + on login page) +- sf#1906983 [export] Reimport of FUNCTION fails +- sf#1919808 [operations] Renaming a database fails to handle + functions +- sf#1934401 [core] Cannot force a language +- sf#1944077 [core] Config file containing a BOM +- sf#1947189 [scripts] Missing head tag in scripts/signon.php +- [lang] Romanian update + +------------------------------------------------------------------- +Mon Apr 7 11:27:24 UTC 2008 - crrodriguez@suse.de + +- pmd folder is missing in phpmyadmin 2.11.5.1 [bnc #376616] + +------------------------------------------------------------------- +Sat Mar 29 15:53:44 UTC 2008 - crrodriguez@suse.de + +- update to version 2.11.5.1 + * sf#1909711 [security] Sensitive data in session files + +------------------------------------------------------------------- +Mon Mar 10 04:13:27 UTC 2008 - crrodriguez@suse.de + +- phpMyAdmin tries to access non-existing print.css [#307966] + +------------------------------------------------------------------- +Sat Mar 1 23:34:52 UTC 2008 - crrodriguez@suse.de + +- version 2.11.5 +- sf#1862661 [GUI] Warn about rename deleting database +- sf#1866041 [interface] Incorrect sorting with AS +- sf#1871038 [import] Notice: undefined variable first_sql_delimiter +- sf#1873110 [export] Problem exporting with a LIMIT clause +- sf#1871164 [GUI] Empty and navigation frame synch. +- sf#1873188 [GUI] Making db pager work when js is disabled, + thanks to Jürgen Wind - windkiel +- sf#1875010 [auth] MySQL server and client version mismatch + (mysql ext.) +- sf#1879031 [transform] dateformat transformation + and UNIX timestamps, thanks to Tim Steiner - spam38 +- bug [import] Do not verify a missing enclosing character for CSV, + because files generated by Excel don't have any enclosing character +- sf#1799691 [export] "Propose table structure" and Export +- sf#1884911 [GUI] Space usage +- sf#1863326 [GUI] Wrong error message / no edit (Suhosin) +- sf#1887204 [GUI] Order columns in result list messing up query +- sf#1893538 [GUI] Display issues on Opera 9.50, + thanks to Jürgen Wind - windkiel +- bug [GUI] Do not display the database name used by the + previous user, thanks to Ronny Görner +- bug [security] Remove cookies from Array for better coexistence with + other applications, thanks to Richard Cunningham. See PMASA-2008-1. + +------------------------------------------------------------------- +Sun Jan 13 11:02:14 UTC 2008 - crrodriguez@suse.de + +- do not BuildRequire apache2-devel libapr-util1-devel pcre-devel +- PreReq coreutils sed and grep +- update to version 2.11.4 +- sf#1843428 [GUI] Space issue with DROP/DELETE/ALTER TABLE +- sf#1807816 [search] regular expression search doesn't work with + backslashes +- sf#1843463 [GUI] DROP PROCEDURE does not show alert +- sf#1835904 [GUI] Back link after a SQL error forgets the query +- sf#1835654 [core] wrong escaping when using double quotes +- sf#1817612 [cookies] Wrong cookie path on IIS with PHP-CGI, + thanks to Carsten Wiedmann +- sf#1848889 [export] export trigger should use + DROP TRIGGER IF EXISTS +- sf#1851833 [display] Sorting forgets an explicit LIMIT + (fix for sorting on column headers) +- sf#1764182 [cookies] Suhosin cookie encryption breaks phpMyAdmin +- sf#1798786 [import] Wrong error when a string contains semicolon +- sf#1813508 [login] Missing parameter: field after re-login +- sf#1710144 [parser] Space after COUNT breaks Export but not Query +- sf#1783620 [parser] Subquery results without "as" are ignored +- sf#1821264 [display] MaxTableList and INFORMATION_SCHEMA +- sf#1859460 [display] Operations and many databases +- sf#1814679 [display] Database selection pagination when + switching servers +- sf#1861717 [export] CSV Escape character not exported right, + thanks to nicolasdigraf +- sf#1864468 [display] Theme does not switch to darkblue_orange +- sf#1847409 [security] Path disclosure on + darkblue_orange/layout.inc.php, + thanks to Jürgen Wind - windkiel + +------------------------------------------------------------------- +Wed Aug 22 12:36:22 UTC 2007 - crrodriguez@suse.de + +- 2.11.0-rc1 -> 2.11.0 final +- mod_php_any is enough to get a webserver do not explicitly require apache2 +- update phpmyadmin.conf adding the session save path to open_basedir as well + ensuring some additional and possible conflicting php settings are set the way we want + +------------------------------------------------------------------- +Mon Aug 6 21:59:16 UTC 2007 - anosek@suse.cz + +- updated to version 2.11.0-rc1 + +------------------------------------------------------------------- +Mon Jul 30 11:38:44 UTC 2007 - anosek@suse.cz + +- updated to version 2.11.0-beta1 + + [import] support handling of DELIMITER to mimic mysql CLI, thanks to fb1 + + improved PHP 6 compatibility + - sf#1674914 [structure] changing definition of a TIMESTAMP field + - sf#1615530 [upload] added more specific error message if field upload fails + - sf#1627210, #1083301, #1482401 [data] warning on duplicate indexes + - sf#1668724 JavaScript focus login Opera + - sf#1666657 [auth] Cookie password delete on timeout / inactivity + - sf#1648802 different mysql library and server version + - sf#1662976 [auth] Authentication fails when controluser/pass is set + - sf#1643758 [import] Error #1264 importing NULL values in MySQL 5.0 + - sf#1523747 [innodb] make warning about row count more visible + - sf#1676012 [auth] strip non-US-ASCII characters (RFC2616) + - sf#1679440 Added FAQ entry about header errors under IIS caused by + an end-of-line character + - [gui] avoid displaying a wide selector in server selection + - sf#1614004 [relation] foreign key spanning multiple columns are + incorrectly displayed + - sf#1681598 [interface] Edit next row + - sf#1688053 [export] Wrong export of binary character fields + - sf#1498281 [parser] Wrong primary key used for displaying results + with subquery + - sf#1699772 Visual space bug in table name (in browser) + - sf#1699532 Cause of data manipulation issues: implemented changes + as suggested by crisp_; still have to work on updating an ENUM value + + [doc] changed all documentation in config.inc.php to phpDocumentor style + + [data] support for CREATE VIEW from query results + + [gui] dropped css/ folder and moved into root of PMA + + [l10n] new: Sinhala, Macedonian + + [export] YAML export (see yaml.org), thanks to Bryce Thornton + + [server] improved display of binary logs + + [data] better error handling in tbl_create.php + + [routines] from Patch #1649881, thanks to Mike Beck + + [querywindow] store sql history in session + + [querywindow] sql history now without db too + + [querywindow] tweaks in sql history view + + [export] Native Excel (Spreadsheet_Excel_Writer) improvements, + thanks to Christian Schmidt + + [doc] requirement of mcrypt on 64-bit, thanks to Isaac Bennetch + + RFE #1435922 [gui] navigation frame shows listing of databases when none selected + + [data] support BIT datatype (under mysqli), thanks to Christian Schmidt + + [display] automatic confirmation for sort by key, thanks to Juergen Wind + + [data] can now choose the number of insert rows + + RFE #1704779 [gui] link documentation from login page + + [structure] TRIGGERS: display/edit/drop/SQL export + + [browse] store browse state in session per query + + [gui] Insert/Edit: no longer display the Go button each 15 lines + but just at the end of a row + + [gui] Query window: use verbose server name if any + + [auth] sf#1712514 specify host for single signon, thanks to Thierry + + [gui] Navigator for the db list in the navigation panel + + [gui] Navigator for the table list in the content panel + - sf#1727138 HTML not encoded (more than 1000 characters) + + [display] Support for MySQL 5.0.37 profiling + + RFE #1743983 [gui] Replace $max_characters by a configurable param: + $cfg['MaxCharactersInDisplayedSQL'] + - sf#1746186 LeftLogoLink fails if set to some external site + . [transformations]: remove "auto-detect" MIME-type that was never implemented + + [display] sf#1749705, Allow multibyte characters in number formatting, + thanks to garas + - sf#1747215 Export emits blanks at line ends + - sf#1751172 Do not export data when exporting a single VIEW + + [privileges] Support password hashing on the Edit Privileges interface + - sf#1755339 Warn about rename dataase actually being copy/delete + - sf#1746921 Left frame shrinks on db change, thanks to Juergen Wind + + [gui] Export: Select All/Unselect All over the choices, + thanks to Florian Schmitz + +------------------------------------------------------------------- +Wed Jul 25 14:31:02 UTC 2007 - anosek@suse.cz + +- updated to version 2.10.3 + - sf#1734285 Copy database with VIEWs + - sf#1722502 DROP TABLE in export VIEW + - sf#1729027 Sorting results of VIEW browsing + - sf#1733012 Unwanted table alias in delete button + - sf#1736405 Pretty printer and HTML line breaks + - sf#1745257 Invalid DB name is still displayed + - sf#1730367 Calendar "Go" has no effect + - sf#1748633 Incorrect parameter validation for VIEWs + + [lang] Russian revision, thanks to Victor Volkov and the users + of php-myadmin.ru + - Do not try to delete an internal relation if we just deleted + an InnoDB one + +------------------------------------------------------------------- +Tue Jun 19 03:39:00 UTC 2007 - anosek@suse.cz + +- updated to version 2.10.2 + + [data] display all warnings, not only last one + - typo in fix for sf#1671813 + - sf#1714908 Inserted Row Count is wrong + - sf#1712570 Deleting last record freezes + - sf#1717339 Missing header when deleting a checked column, + thanks to Michael Keck + - sf#1717477 Warning on Query page when db is empty + - sf#1721002 db rename -> undefined cfgRelation, + thanks to Jürgen Wind + - sf#1721571 CREATE database privilege not always detected, + thanks to Gordon McNaughton + - sf#1715709 export in SQL format always includes procedures + and functions + - sf#1722502 DROP TABLE in export view structure + - sf#1718787 Multi-server setup breaks Designer + - sf#1724401 Column truncation in repair table output + - sf#1726500 Wrong position of , thanks to Jürgen Wind + - sf#1728590 Detected failing session_start fails, + thanks to Jürgen Wind + - RFE #1714760 Obey ShowCreateDb on the Databases tab + - sf#1733762 Typo in message "INSERT DELAY", + thanks to Victor Volkov + - sf#1730171 Dead message strLanguageFileNotFound, + thanks to Victor Volkov + - sf#1731280 Avoid negative exponent in gmp_pow(), + thanks to anosek + +------------------------------------------------------------------- +Tue Jun 12 21:48:10 UTC 2007 - anosek@suse.cz + +- updated to version 2.10.2-rc1 + + [data] display all warnings, not only last one + - typo in fix for sf#1671813 + - sf#1714908 Inserted Row Count is wrong + - sf#1712570 Deleting last record freezes + - sf#1717339 Missing header when deleting a checked column, + thanks to Michael Keck + - sf#1717477 Warning on Query page when db is empty + - sf#1721002 db rename -> undefined cfgRelation, thanks to Jürgen Wind + - sf#1721571 CREATE database privilege not always detected, + thanks to Gordon McNaughton + - sf#1715709 export in SQL format always includes procedures and functions + - sf#1722502 DROP TABLE in export view structure + - sf#1718787 Multi-server setup breaks Designer + - sf#1724401 Column truncation in repair table output + - sf#1726500 Wrong position of , thanks to Jürgen Wind + - sf#1728590 Detected failing session_start fails, thanks to Jürgen Wind + - RFE #1714760 Obey ShowCreateDb on the Databases tab + +------------------------------------------------------------------- +Tue Jun 5 00:56:30 UTC 2007 - anosek@suse.cz + +- fixed warning: gmp_pow(): Negative exponent not supported in + common.lib.php [#271746] (gmp_pow.patch) + +------------------------------------------------------------------- +Tue Apr 24 08:46:01 UTC 2007 - anosek@suse.cz + +- updated to version 2.10.1 + * bugfix release + +------------------------------------------------------------------- +Tue Mar 6 16:34:13 UTC 2007 - anosek@suse.cz + +- updated to version 2.10.0.2 + * default value for $cfg['Servers'][$i]['ssl'] changed to false + * fixes PHP Executor Deep Recursion Stack Overflow [#251757] + +------------------------------------------------------------------- +Wed Feb 28 14:16:10 UTC 2007 - anosek@suse.cz + +- updated to version 2.10.0 + * Designer: new graphical relation manager + * Improved speed on servers with thousands of databases/tables + * Vertical field editor (optional) + * Option to avoid counting rows for views + * Calendar on search page + * DOS-style end-of-lines in setup-generated files + +------------------------------------------------------------------- +Wed Jan 17 12:14:04 UTC 2007 - anosek@suse.cz + +- updated to version 2.9.2 + * improved support for web clusters + * deleting a user under MySQL 4.1.x + * DELIMITER in export no longer commented out + * export of query results and procedure definitions + * detection of a binary column + * problem on 64-bit systems + * granting all privileges on a wildcard name + * verification on encrypted zip files + * security fixes + +------------------------------------------------------------------- +Sat Dec 2 21:16:07 UTC 2006 - mmarek@suse.cz + +- fix previous update which wrongly moved the config.inc.php + file to the libraries subdirectory [#223721] + +------------------------------------------------------------------- +Thu Nov 23 16:01:59 UTC 2006 - anosek@suse.cz + +- security update to version 2.9.1.1 [#222594] [#222622] + +------------------------------------------------------------------- +Wed Nov 8 04:04:15 UTC 2006 - anosek@suse.cz + +- added suggestions from [#216213] + * phpMyAdmin now uses mysqli extension not mysql (mysqli.patch) + * added Required: php5-mbstring + * phpMyAdmin now uses open_basedir for increased security + +------------------------------------------------------------------- +Tue Oct 17 15:25:56 UTC 2006 - postadal@suse.cz + +- updated to 2.9.0.2 + * Improved readability of setup panels + * PDF schema: automatic layout for InnoDB + * Font size selector on main page + * Export: support for procedures and functions + * Can hide "Create Database" dialog + * Customizable link under left logo + * Export: "Open Document Text", "Open Document spreadsheet" formats + * Export: new plugin architecture + * User management: can create a db with the same name as created user + * Use IEC binary units (KiB, MiB, ...) + * Import: SQL compatibility selector + * Possibility of using external authentication and use an empty MySQL password + * Display MySQL warnings + * Links to language-specific MySQL doc whenever possible + * Security fixes + +------------------------------------------------------------------- +Thu Sep 21 06:18:48 UTC 2006 - anosek@suse.cz + +- updated to 2.9.0 + * Improved readability of setup panels + * PDF schema: automatic layout for InnoDB + * Font size selector on main page + * Export: support for procedures and functions + * Can hide "Create Database" dialog + * Customizable link under left logo + * Export: "Open Document Text", "Open Document spreadsheet" + formats + * Export: new plugin architecture + * User management: can create a db with the same name as created + user + * Use IEC binary units (KiB, MiB, ...) + * Import: SQL compatibility selector + * Possibility of using external authentication and use an empty + MySQL password + * Display MySQL warnings + * Links to language-specific MySQL doc whenever possible + +------------------------------------------------------------------- +Wed Aug 23 21:06:46 UTC 2006 - anosek@suse.cz + +- updated to 2.8.2.4 + * fixed cookie login on IIS with IE6 + * fixed switching from scripts/setup.php to the main script + in case of register_globals enabled + +------------------------------------------------------------------- +Tue Aug 15 20:48:22 UTC 2006 - anosek@suse.cz + +- update to 2.8.2.2 + * fixed config not loaded on install (MySQL error code 2002 + or 2003) + +------------------------------------------------------------------- +Thu Aug 3 18:53:02 UTC 2006 - mskibbe@suse.de + +- update to 2.8.2.1 + * XSS vulnerability from requests not containing a token + * reenabled XML option in Export + * added a user with password containing a backslash + * setup script: compatibility with security tokens + * setup script: detection of writable config + * reading the database list with MySQL wildcards + +------------------------------------------------------------------- +Thu Jun 1 12:57:37 UTC 2006 - postadal@suse.cz + +- updated to 2.8.1 (bugfix-only release) [#177091] + * fixes some XSS vulnerabilities +- removed obsoleted patches (2006-1804.patch, 2006-2031.patch) + +------------------------------------------------------------------- +Tue May 2 17:32:14 UTC 2006 - mmarek@suse.cz + +- fixed XSS in error messages + [#170529] (CVE-2006-2031.patch) + +------------------------------------------------------------------- +Thu Apr 20 16:02:37 UTC 2006 - mmarek@suse.cz + +- fixed XSS in sql.php (and other scripts): add a secret token to + each link and form to prevent linking to sql.php from outside + [#165772] (CVE-2006-1804) + +------------------------------------------------------------------- +Thu Apr 13 14:52:47 UTC 2006 - mmarek@suse.cz + +- updated to 2.8.0.3 + * fixes some XSS vulnerabilities + * improves php-5.1.2 compatibility + [#165772] +- moved $cfg['blowfish_secret'] to separate file, so that config.inc.php + isn't edited during install + (blowfish_secret.patch) + +------------------------------------------------------------------- +Wed Jan 25 20:19:55 UTC 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Tue Jan 17 16:53:13 UTC 2006 - postadal@suse.cz + +- added php-session to Requires [#137368] + +------------------------------------------------------------------- +Thu Jan 5 01:41:48 UTC 2006 - postadal@suse.cz + +- update to version 2.7.0-pl2 (security fixes) + [#136015, 137368, 137797] +- removed all patches + +------------------------------------------------------------------- +Tue Nov 22 19:00:46 UTC 2005 - postadal@suse.cz + +- fixed XSS on HTTP_HOST (HTTP_HOST.patch) [#133818] + +------------------------------------------------------------------- +Mon Nov 21 21:04:25 UTC 2005 - postadal@suse.cz + +- update to version 2.6.4-pl4 + * fixes PMASA-2005-6 [#133818] (PMASA-2005-6.patch) +- removed obsoleted patches: CVE-2005-2869.patch, PMASA-2005-4_and_5.patch, + lang-utf8-fix.patch + +------------------------------------------------------------------- +Mon Nov 14 15:26:43 UTC 2005 - postadal@suse.cz + +- fixed CVE-2005-2869 (XSS on the cookie-based login panel) + [#130226] (CVE-2005-2869.patch) + +------------------------------------------------------------------- +Tue Nov 1 12:26:05 UTC 2005 - postadal@suse.cz + +- fixed PMASA-2005-4 and PMASA-2005-5 [#130226] (PMASA-2005-4_and_5.patch) + +------------------------------------------------------------------- +Tue Aug 23 19:55:32 UTC 2005 - postadal@suse.cz + +- disabled auto-switch the lang to its UTF-8 version when Lang is set + [#104600] + +------------------------------------------------------------------- +Thu Jul 28 03:26:13 UTC 2005 - postadal@suse.cz + +- update to 2.6.3-pl1 + +------------------------------------------------------------------- +Mon Jun 6 19:38:14 UTC 2005 - cthiel@suse.de + +- update to 2.6.2-pl1 + +------------------------------------------------------------------- +Tue Mar 8 01:35:42 UTC 2005 - mcihar@suse.cz + +- generate shorter key to make it work with mcrypt, see + https://sourceforge.net/tracker/index.php?func=detail&aid=1115327&group_id=23067&atid=377408 + +------------------------------------------------------------------- +Fri Mar 4 15:58:09 UTC 2005 - mcihar@suse.cz + +- update to pl3, it includes previous fix and fixes editing fields with special names (sf#70864) + +------------------------------------------------------------------- +Thu Mar 3 05:33:39 UTC 2005 - mcihar@suse.cz + +- fix bad setting of privileges (sf#67276) + +------------------------------------------------------------------- +Tue Mar 1 18:25:09 UTC 2005 - mcihar@suse.cz + +- depend on mod_php_any + +------------------------------------------------------------------- +Thu Feb 24 12:47:49 UTC 2005 - mcihar@suse.cz + +- update to 2.6.1-p2 to fix several vulnerabilities (sf#66264) + +------------------------------------------------------------------- +Wed Feb 9 12:08:38 UTC 2005 - mcihar@suse.cz + +- depend on unversioned php modules, to allow both php4 and php5 installation + +------------------------------------------------------------------- +Mon Jan 24 17:11:01 UTC 2005 - mcihar@suse.cz + +- update to 2.6.1 +- require php4-mcrypt for faster cookie encryption + +------------------------------------------------------------------- +Wed Oct 13 10:27:49 UTC 2004 - mcihar@suse.cz + +- update to 2.6.0-pl2 (sf#47160) +- require php4-iconv as it seems to be on all arches now (sf#36642) + +------------------------------------------------------------------- +Tue Oct 5 13:52:43 UTC 2004 - mcihar@suse.cz + +- drop php4-recode dependency (sf#46817) + +------------------------------------------------------------------- +Mon Sep 6 04:07:57 UTC 2004 - mcihar@suse.cz + +- update to 2.6.0-rc2 + +------------------------------------------------------------------- +Fri Sep 3 08:17:25 UTC 2004 - mcihar@suse.cz + +- update to 2.6.0-rc1 +- use pwgen for secret generating +- don't ship scripts, as they're not needed for most users + +------------------------------------------------------------------- +Tue Apr 27 19:17:52 UTC 2004 - ro@suse.de + +- build using apache2 + +------------------------------------------------------------------- +Wed Mar 31 15:33:40 UTC 2004 - mcihar@suse.cz + +- require php4-recode for charset conversion (better solution for bugs + [#36642] and #36560) + +------------------------------------------------------------------- +Mon Mar 22 09:15:44 UTC 2004 - mcihar@suse.cz + +- dropped php-4iconv dependency at all (sf#36642) + +------------------------------------------------------------------- +Fri Mar 19 15:34:42 UTC 2004 - mcihar@suse.cz + +- do not require php4-iconv on achitectures where it isn't built (sf#36560) + +------------------------------------------------------------------- +Mon Mar 8 10:37:50 UTC 2004 - mcihar@suse.cz + +- require all needed php modules + +------------------------------------------------------------------- +Mon Mar 1 09:16:37 UTC 2004 - mcihar@suse.cz + +- update to 2.5.6 + +------------------------------------------------------------------- +Mon Jan 5 16:29:39 UTC 2004 - mcihar@suse.cz + +- updated to 2.5.5-pl1 + +------------------------------------------------------------------- +Mon Oct 20 07:30:55 UTC 2003 - mcihar@suse.cz + +- updated to 2.5.4 + +------------------------------------------------------------------- +Thu Oct 16 14:52:30 UTC 2003 - mcihar@suse.cz + +- do not build as root +- little spec file cleanup + +------------------------------------------------------------------- +Tue Sep 9 00:29:29 UTC 2003 - mcihar@suse.cz + +- automatically generate blowfish_secret on rpm installation +- mark config file as %%config(noreplace) (this in conjuction with + previous means that it will be never replaced on upgrade, this is + okay as phpMyAdmin supports loading of old config files) + +------------------------------------------------------------------- +Mon Sep 8 11:19:25 UTC 2003 - mcihar@suse.cz + +- updated to 2.5.3: + - many bugs fixed + - messages about missing variables were displayed wrongly + - more export bugs + - confirmation of some dangerous SQL (TRUNCATE,DROP DATABASE) + - new nice icons for actions + +------------------------------------------------------------------- +Thu Sep 4 12:46:38 UTC 2003 - mcihar@suse.cz + +- include documentation stylesheet + +------------------------------------------------------------------- +Fri Aug 29 19:27:03 UTC 2003 - mcihar@suse.cz + +- depend on mod_php rather that http_daemon as this needs php + +------------------------------------------------------------------- +Thu Aug 28 13:56:05 UTC 2003 - mcihar@suse.cz + +- include stylesheets + +------------------------------------------------------------------- +Thu Aug 7 01:51:18 UTC 2003 - mcihar@suse.cz + +- updated to 2.5.2-pl1 + +------------------------------------------------------------------- +Mon Mar 24 21:57:02 UTC 2003 - postadal@suse.cz + +- removed mysql from Requires, becouse can access to MySQL remotely [#25797] + +------------------------------------------------------------------- +Mon Feb 24 10:17:25 UTC 2003 - postadal@suse.cz + +- updated to verison 2.4.0 + * new server/user management interface with sub-pages + * export to LaTeX format + * display UPDATE SQL statement after a row edit + * (experimental) support for compressed connections to the MySQL server + * upload of binary file into a field + * show blob size + * a lot of fixes + +------------------------------------------------------------------- +Wed Jan 29 19:43:40 UTC 2003 - postadal@suse.cz + +- updated to version 2.3.3pl1 + * upload of compressed dumps + * inform the user who does not have privileges to create a db + * new internal analyzer for db, table, column and alias + * a lot of fixes + +------------------------------------------------------------------- +Mon Aug 12 10:03:41 UTC 2002 - postadal@suse.cz + +- update to release 2.3.0 + +------------------------------------------------------------------- +Fri Aug 2 19:59:10 UTC 2002 - ro@suse.de + +- adapt server-root + +------------------------------------------------------------------- +Thu Aug 1 14:48:47 UTC 2002 - postadal@suse.cz + +- fixed required perl path + +------------------------------------------------------------------- +Wed Jul 31 22:38:40 UTC 2002 - postadal@suse.cz + +- update to version 2.3.0-rc4 + * can specify a different charset for MySQL and HTML + * utf-8 charset support + * full database search + * XML export + * faster table delete under MySQL 4 + * new language: slovenian + * fixes + +------------------------------------------------------------------- +Mon Jul 1 05:53:47 UTC 2002 - ro@suse.de + +- fixed directory permissions + +------------------------------------------------------------------- +Thu Jan 10 12:09:07 UTC 2002 - rvasice@suse.cz + +- update to version 2.2.3 + +------------------------------------------------------------------- +Tue Sep 4 10:23:05 UTC 2001 - rvasice@suse.cz + +- update to version 2.2.0 final + - dynamic multiple language support, with automatic detection + - database usage statistics + - table maintenance features (repair, check, optimize) +- made package noarch + +------------------------------------------------------------------- +Thu Aug 2 23:51:57 UTC 2001 - rvasice@suse.cz + +- update to version 2.2.0rc3 + +------------------------------------------------------------------- +Mon Jun 18 09:49:14 UTC 2001 - rvasice@suse.cz + +- initial package release (version 2.1.0) diff --git a/phpMyAdmin.http b/phpMyAdmin.http new file mode 100644 index 0000000..9a8ccca --- /dev/null +++ b/phpMyAdmin.http @@ -0,0 +1,103 @@ +# By default the /@name@ Alias is enabled for all vhosts. +# To disable the /@name@ Alias, run +# a2enflag -d @name@ && rcapache2 restart +# This will make /@name@ unavailable on any vhosts. +# +# If you want to have the /@name@ Alias only on a specific +# vhost, add the Alias to the config of that vhost. + + + + Alias /@name@ @ap_docroot@/@name@ + + + + + + Options FollowSymLinks + AllowOverride None + + + Order Allow,Deny + Allow from all + + + = 2.4> + + Require all granted + + + Order Allow,Deny + Allow from all + + + + # php7 + + Include @ap_sysconfdir@/conf.d/@name@.inc + php_admin_value open_basedir "@ap_docroot@/@name@:@ap_tmpdir@:/var/lib/php7:/tmp:@docdir@/@name@:/etc/@name@:/proc/meminfo:/proc/stat" + + # php8 + + Include @ap_sysconfdir@/conf.d/@name@.inc + php_admin_value open_basedir "@ap_docroot@/@name@:@ap_tmpdir@:/var/lib/php8:/tmp:@docdir@/@name@:/etc/@name@:/proc/meminfo:/proc/stat" + + + + + + + + Order allow,deny + Deny from all + + + = 2.4> + + Require all denied + + + Order deny,allow + Deny from all + + + + + + + + + Order allow,deny + Deny from all + + + = 2.4> + + Require all denied + + + Order deny,allow + Deny from all + + + + + + + + + Order allow,deny + Deny from all + + + = 2.4> + + Require all denied + + + Order deny,allow + Deny from all + + + + diff --git a/phpMyAdmin.http.inc b/phpMyAdmin.http.inc new file mode 100644 index 0000000..fcef0be --- /dev/null +++ b/phpMyAdmin.http.inc @@ -0,0 +1,13 @@ +php_admin_flag register_globals off +php_admin_flag magic_quotes_gpc off +php_admin_flag allow_url_include off +php_admin_flag allow_url_fopen off +php_admin_flag zend.ze1_compatibility_mode off +php_admin_flag safe_mode Off +# customize suhosin +php_admin_value suhosin.post.max_array_index_length 256 +php_admin_value suhosin.post.max_totalname_length 8192 +php_admin_value suhosin.post.max_vars 2048 +php_admin_value suhosin.request.max_array_index_length 256 +php_admin_value suhosin.request.max_totalname_length 8192 +php_admin_value suhosin.request.max_vars 2048 diff --git a/phpMyAdmin.keyring b/phpMyAdmin.keyring new file mode 100644 index 0000000..877c486 --- /dev/null +++ b/phpMyAdmin.keyring @@ -0,0 +1,530 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2 + +mQINBEo4qPwBEACyTlxl0/LY2tZPBllpzIcbYyz0/Zacf0j8wSDGJvUXMWreeKfq +wBY03maJQpPTewJABmF/l/oLiFLHWM5KN2Jd4l2fyYdIAHG4E9ErCcaaXfokV0uh +A1zH9fqL9lkygZ7vse/Rbp1zfvNRCSTRHQ0PIE00UA1XEzRw4aWxDUfrNG1vKDHN ++g8wx9oZ8h60655r8+nhNshhpbcxI/U60+HXoNHxQxo6sRdbxyfVkdDc8CPDOQLL +mRMEcTJzzrznxM8V771UgEMbh8IHrf5VWiwgN+M/sAyCTB8WjiHpqsmGqMtsMHtS +Z9IzVPRlmgW4zTJiGLmPM318fRIg5cjPNnQLwYDFx4S8+eIOZI97EKn/GsOmnb3v +aUECQHr1TXYT+Ug3oM5maJNqcxHdg96OnVjk0kHE9/IX1Ywmmedkepn/wSFSEczI +XyPzimUA6DFwlRY929v7kAudOTyHVZhJg1yO3hqiAjXN9p/ULkIIU+XN4aVnZS8/ +nIxzghi7qkXUxd5lnpr5uLR1pjX4Yhr6g4IH/vT8ckfMsXKnF8AiLDaG3wlAYKg1 +O9DoT2eqxyfhXpj9cUg7BsPTzHBINaRfMEjCNOM3WhnsxbMCNg/1dG3mOnaTVtuY +jm75Cg1vQ3sTFktWLbG98hmL0ugQ+m51H8gRyqIRA9Ri7miM0VZokYQO6wARAQAB +tCFNaWNoYWwgxIxpaGHFmSA8bWljaGFsQGNpaGFyLmNvbT6JAjoEEwEIACQCGwMF +CwkIBwMFFQoJCAsFFgIDAQACHgECF4AFAko45+gCGQEACgkQnCezE0K3UR236Q/6 +A0g1A64lc6bkfIpcW9KB6HlIID6IWLcidvgC5updbW3DU5PgOkTNT+ywPAHvn0lq +p7tNacDLI9gmHcz5hb3k5BEWaz33Yszx6zBiDLLXxj8NIHR9HJp/jtRlmfPyaP4i +sS6vnbRRRuokO8IRviIlKV0RV4V6xP0PP5fIIiTmWyatS2lO4ij5Oudao/a4SA6i +kKwOkXFX8Y7Jfx1YgSUmNNtWmGNTqHFposhMCPoaxVDny3/qYLWi0MeGlKamldCs +i8W/HZxhds27L9rNaG3Q9/JnAJIt7GzQnV6XqZ4RsoqOAH77ZfkvlKHTFKljo4QT +qWrkWukD2KhlNJ5WDLmsO1AHIJmxy/djngadNU29X+qHSgVB2gEX/pZYY59MboU3 +W2qN8G5KrS7tjrMN/A/PWALkXy9hPRy45UO/Cke9WJ7hPmZ6rW/BOYbGRdBuvqDz +Vj04pRbNvw8lCytHEPxsvPxMWgk2e3QCIIVlxNfVxqhHt0mdXt4HjXmchsol8Uix +mGRUGkmyVmzVvEapPTcC14YwM0EFAUIoMKoROgUECebbG79TFPTST+9Zfow6uypO +gQTZHfXUyni8wQ/THRGrNMywTP9yuVHe0cZQHGIZERS1dUZa1Bd9vwJv7qvQsvPK ++Lu0wisMOuklWb0Nl9K/cKp5HiFPVlLSOqSsEa+qy620LE1pY2hhbCDEjGloYcWZ +IDxuaWplbEB1c2Vycy5zb3VyY2Vmb3JnZS5uZXQ+iQI3BBMBCAAhBQJKOOdOAhsD +BQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEJwnsxNCt1EdRR0P/2OXjW/8Z59j +DjvbYe8hBneurFh033yRDBZTsaeOVOQQtHugCYGD5vik7/1L18oNnUjQjWnyvPkP +bDU+FgKPJhb9F77Hlxa+qf8MafceucK5t586a2IY0JzgY/OshA70cG8MAePm/5Zz +Lf8xfcMNBqq1vzqCSXBcjz2MtTXDndnJo1vAwTXzrwToUBKPQdsPXprbtFye110Z +E5L/b+8Z27GTShzKXK8AH8EMPUl0Vpqh+X+8qpc5W/GG6zYWG+Y/Ea2BI7WuGUhY +wbU7+4Rt9FddI+5unZStdpQ4AznVJHVHSVbnjgDDrVnAMO79gj5kmY7I9b9D4l+P +7DiE03EN9fOocm6aoAj/YuF1Ovp8ry4TYgWaBvnO5c5m5rcwnsoUdc9DR6eNo11A +fM0X4TpUznJqOwHNPUUs9lnDFjxshFVANDl9tY6cBcBb1Nn0e+11ZQO+OIW2ouzp +aFZEVys+amx7fAhLoF1CqNMftfW4fbnaxbMKJz+3reVRaI+gLnkVbtl2j/mc+lvB +CFLxF8WKaEzqqCVV4tSOu94y6w7e0NccDeMQ/JFBS8DcCIpQliRsIczXOHVadGzh +Ilst/lGIpbGzPbEEfqV3qdo+o5tkewuY6hHu5JTwICIw+nlZzlEiosccor2riiUv +XlfskvUvcP4Z4rAvYO+dWiBK3Yie+C9ztCFNaWNoYWwgxIxpaGHFmSA8bmlqZWxA +ZGViaWFuLm9yZz6JAjcEEwEIACEFAko45wkCGwMFCwkIBwMFFQoJCAsFFgIDAQAC +HgECF4AACgkQnCezE0K3UR27TRAAkyq56M3V7H9Og/hXLUziCSw1QOyZfSJs2IsB +NF9ztriZDYMO7Yx6VWAc6F+lQ7eJZlBQI0C+Q4GXbEr4GCA9UZblwwllHRfoNUgL +NXpjXl7DEzH3J8kOH7XX7ZY5Dlc62hLgZhFEQ4Wjsm+mTArEs2typweQ7VNPvZCp +ySzSfsypQQj04H9ATxfL3W+wMkjqGSdJaXQ4u7DYFtwOf2Ye956/8DOv0hNGEGrg +dPBKj5qfmVFs8oMoOClpIczSLZnTyThKEzMP1cXYi1XaTAL7bXKfLZaflKv56HJr +u2KF7F/TV9Dg9Op5GDGQjNbIrP2NzFikwviuVtKisIsj4K9g1DPBRothdbvDGBDe +zqzP5ud/slQ9X1XbQ+8xQJOHcoMF/m/FkBrBbSkH9MuQAup7PzTAa3OREGMPP8nf +G+m90SLbS5sDs5lY5sxb4uVovVBSTjnJtImtz8Pzg8ZM+s4gqyoXA6YmaLDB8hbn +uExw1DAAkA1T+F9tp+wRPxB4eIYZLk84ACr/CRevPqShS+GxzXqSOZ1Dyetcfc+g +KiOCxxJGWBcGJ66FE2Dop9VOYHTUWzL5OGTZklJLyzEowVXLVlsxOASs+p2D7ZOb +StuqLFlVaMNlS+9RhjezLR9RDORXtMvtQ1jRsJle0qUhtbHTvpaHy49hv8Zwh4qr +TfDZfoq0H01pY2hhbCDEjGloYcWZIDxtY2loYXJAc3VzZS5jej6JAjcEEwEIACEF +Ako45yYCGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQnCezE0K3UR0u9w// +dkFCjSTs1T831uVaeJqIJ4+wcc0liIvU9tHQEEq/qLVUCnDqjHelrh/u21YNDt/i +AnpynlhPpQ9QHgw/pwMj07vZkJQqe1wE6cnVm6ImSvLANSRHOPEOvl2u51hHQRbu +bvGbOQB362fAsPvkJsi2ivdz5dpo3XxMKKI1z4qgTTZfE8IboDfOR2KoqlQ3UGII +ARV8pSNT+grcvw3O302BdgK5zbioXisHu8BpJZsgi97NsW4fjaeAUwTh5f/r0oRQ +BD9vXr7AGS0F0xFYXHNAZacs5cwTLdpAwTalJqX1Ts9F0hGdILnUc+zrB98pkBmD +G1Jv0fMSuqZIlHmXjct0wPLKLRBmE+QIpsLefzzdP7ZkWqtvksH33fZjR7uN9sk+ +UTdJYwWe3lOQJu2zfpPInNGOvCOHtBBeWpq1MYn5+KBxKuN03Sux2pT3h2BWfTUT +vav+L5Pkoq8euUTp1e9MRCupmwP41/HHkcvCDwbHcT4TXIfGIRWQa8Qj+6qcil2Z +lBc27MXy/NTXslZkuIw5oVwv6x4ViQob2QduzulEAFGPsulllWgnDrLu7UT+xu+L +HllqXQQ7GuGFSPzGKON4+2W8q3RkAeGS9qCjyG4WsJe2bkZ53Ekfyc24PszumwNk +MKB7SQUiJxZqyXRgLVKvWy5TQM1x136aXgIse5/GmuW0Ik1pY2hhbCDEjGloYcWZ +IDxtY2loYXJAbm92ZWxsLmNvbT6JAjcEEwEIACEFAko45zICGwMFCwkIBwMFFQoJ +CAsFFgIDAQACHgECF4AACgkQnCezE0K3UR1pUw/+O0Mt9ElVSjZ+GGLFTLz4LPNo +7P4bNyyzfJ0zrizNnd8MKRRRnXfxjsikyPhD8LJiegxPscy9cMcTYurJ0hhFjdX9 +TWEn44TZqeJnhY8/zYpUKJ/h63FFVzkD3RZZ+cnBc9cKk7OZDm+PaGq4nXP6iAyE +4CSWV/VJKfTGtcfe1LGs3hc7iOlUfkXa9cyXg1YcGtN/7rEdhgJyGPepWZ8gWvXY +o0IJ4g2NiE80N7++3NCs4ZSOlPYuFtoEbZ/DXhwbnNh4co5JDGdvpGzjkVSZ8Z5X +1PwOH/O2FbVJy/K3a+g/5tmtprg9301yBzIuXgR+HDFowug/gR36XAgPaIObQj50 +TdP4+TCQmZQHUj0qi1iqlQpx0cflPKIMbSviplaNyk1liQWxFHy5vyzPUCyKEexM +016864VVt4m3v7V6JnVTgYDfNy82Lj0vtyKreRDnwvEvf0SVUCuhUbpZycU9KKpK +Wm1ZNa0PBvaB9jECg8eX7yISmp66wb8MEELonXr7PDGPBrvRIQRtv34fdTbiTyL9 ++GFzhCqD8RWPJKHofw6xDDSZfoDRdDHWTdLPSmKOnUPazRLz0v/HRqLnazF30OAs +LOOz4vwmP5Kj1ejEFftRZCkOLlepp2FTcRFBY94WS4ZSzGE3/zuOIfqfAjcdK/n1 +EOT5Ix4uKKZeL50dVgPR/wAAIqb/AAAioQEQAAEBAAAAAAAAAAAAAAAA/9j/4AAQ +SkZJRgABAQEASABIAAD//gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJ +SkcgSlBFRyB2NjIpLCBxdWFsaXR5ID0gODUK/9sAQwAIBgYHBgUIBwcHCQkICgwU +DQwLCwwZEhMPFB0aHx4dGhwcICQuJyAiLCMcHCg3KSwwMTQ0NB8nOT04MjwuMzQy +/9sAQwEJCQkMCwwYDQ0YMiEcITIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIy +MjIyMjIyMjIyMjIyMjIyMjIyMjIy/8AAEQgBCgDIAwEiAAIRAQMRAf/EABsAAAEF +AQEAAAAAAAAAAAAAAAQAAgMFBgEH/8QAOBABAAEDAgUCBAUCBAcBAAAAAQIAAxEE +IQUSMUFRYXEGEyKBFDKRobEH0RUjUsEzNEJDYnLw4f/EABkBAAMBAQEAAAAAAAAA +AAAAAAECAwQABf/EACIRAAICAgICAwEBAAAAAAAAAAABAhEDIRIxQVEEEyIUYf/a +AAwDAQACEQMRAD8A8oNUJhDNTRvxyOf3oOWi1EMrbl/NNlbmH1RTbxU6Oasso6i0 +mM7085J4cDt4qoGQYxvUkLsoxEUKFMDRcWbcYXY3YASOlWJrrzgYEvas1DVXDck0 +Rb4jcI7u9BpvsDTNCauey2ZI+K7O5DUhHlRHKJiqSHFZGMkj2at+F6iOtlPq8pvm +lkqVoME+QZbuWoW4RZwEMBmo9ZbLvyURByYqjvx5NZKF7IMnlmO3s+KudPalDhgk +lYZRzvQt0mwwX6YVjHpSkC7tUrxa+bynJ27g1W67X6lkTWUXsilFb0I07NYxO1N5 +HNZ3gvFb93Vlm9NnGRgXqNaYMlc006BVEfK5riKpUwb0kHKGN+ldZxAqFQ3dPYvH ++ZZty9WJmipBh2pvL6da6zk6K2fCNFLKW5QX/RJP2oefBIZWF6R4JA1ccm9c5O9d +SfgpHLKPTKCfBtQZYyhMPDhoeeg1UOtmSemGtORZKAr6b1wij0c0OCfgqvlTXezJ +yhOD9UZR9xKbj7+1a9iJ9QPuVBPRaabmVmD64xSPGvBWPzPaMvnHUSlWhnwjSy3i +Sg+R/vSofWyn9cRn4bVhjkz7NNbN6B9VlT2zVzNOXA4qt196VuG0v3xWx6PPTsBl +CyuJ2gfbFMdJpZmDJ6FG2tFqp2S7O3LEtxSunDr8hSzJx1wUE0dZW/4ZZfyzx70x +4VI/LIasJaScXeCPqJTW1dP9RjxXaOsrJ8MvxVAfZq5+HLM7UrxMRwYodbp3cnZq +y4Nz3G8plNtqTJVD43sE1TZv8xkkZT70ZohtcGuH5uUcZqmms25EcPOo+N6vNMP+ +EXM9x3pckaigQf6Zm9RdWRmJF9utC3IyuDGIyXoG7+lW16wTMYHBUWl197gmshqb +JBuRcxJAn3KVppaOVXsB4Xana4pZJxlF5uiI/vXoFnSWZ6WU5aiMZjtHGVrH6v4j +1PG+L2NTq42oyEMwiRMeuKtfx8GcyV7AIBAypR/UlbBKu0WUjDjI+tcxQMNXNEjB +Y9mcsYpzf5tpaiMf/G2Z/eiosSwqSG6h71E3oriAyfQqBuWgzyTm+ZuCoLnEmDy2 +4xz4P706gvINh0YXpvQge+WrXQ6fRXtNON+SXIuBioyKy9vW3ZzxelLlehHbFHWN +XGxKPJNwv1DR0jqZffg7WmuRnp4Msb5yZxUre08/+PYT1Y1Ww1w4xMz4anNbtuCe +jQ5JgpoKdPw29+STFe2cVyXBLUxbV4c9tmoS9Zn+aGPc/tS/yc5jNi+jiu0ztnLn +A9REzEjI9GlU0buogfRqFPXelRpHWzOy1AKCP3KFgGp1cIyHA5R70Bf1TExG3FVw +YMYpmL8ORhdJXHCgJj7jXSlaKJG8s8Ut6bTcs7MZOMC9vtUFvisCS5BTGcVj7ur1 +kMRldLj4JO36lMddfjgRV7CNTSFcX7NdO9ZuvMsVzTS1Zl9QHWsscTnBOaCfZo2z +x2FsIztuH1R/euegcWWl61BnLMTb0qbhUIwL7EBTfFVn+M6ScvqJxE67NWvC7li7 +YvzszZRw5UxSSeiuJNPZjtNcLly5lF50TPq1q9NAPh6443wmcetZbheni6m2irJV +E26tbOEA4QxwYV2+9NkbpHQ7ZnpWpERB29OtV2s0w6S5ekrI2PQrSMrcIPMxA33S +qjiur009LOEZRcoYK60Kk2zMWRbsAN8mCtJHRaqFiM5xYW8mFAzms9AITEcI5HNW +EuIXb0TnvMojjdcfpTckUcH6LSbCxP6pEpHY3pOsuJiESJ5Teg7OttAk4i9uWlPW +M9rcQHp5oqSJ8X6JpznLLOanq1BO/CJtulRPPczzKFKViADHKgZXzR5HJDHUskDY +9Kkt35xMks77VG28CpimQHBikk9FIK2Gx1tw6r+tSw4nOPdoDEsbFN+ruNTTKuC9 +FzDjEjbP70RDjAv1YSs5nfcrpP3KNuxPrTNTHidmXcH0aVZf5kh60qPJg+pBMS3z +HO7m4ZwVJJFjElEH/pg/y1Jpb+iYvzeSS9F3qW5b4dOUUIxO+FKeybBL0GAG0R3w +br96iDG4AfvR2q0OmjGLanIydpZoN0yOY3HPqVyaBo7Ex0MHl61NZuEsRs2m7c8p +kPvUNi0XVbsmQOArS6Is2tIARiY7GM1zYG6Ku1wa9q0dVKNuGckIBn9auOEWoaXQ +6uMM8seY3fA1Bc4hCGSEVx3arr3FZWNDchGQSuSVMdqnN0VxJyZVaHUmkk3UVBwZ +9adq+Oam/GMbV2Vu2OWB3aAmO6phfNN+UzxCEZJ1kndpeV9l440nY6epnclKdyck +Ohl3aj+ZO6Hy7fVwYNqsNPooIFzAG+H/AGq0s27EIkY2zfZQy1OWRLwWjj8mWvW5 +wDOclcZ/QkXEs5TFX2ttQjJIyI46nKZqolZk3BibJs4pozTQJQa6B/xErYdVDNOt +a7LiLhOlduWJJljlV6FCS00oT7/aqriybv0XFrVuBQRo2F6E44HfxWejOcZ4iqJs +NE2rs4Jsp3QzStSW7A4Rki1kCNNtWhie9MjcJnXfFT2fyGfNc52hVBxZIW9sdq78 +oe1Pi7V0d6jbsoQSsD2qNsB2ouXpTHHenTFA21jtSohRaVGwGWJIbL+td+dMwEpH +3qPeuohtWqkRoJjrLwGLsse9SHEb4YLg+5QQuxS77lCjqLO1xW9ByEX3KNhx+6xC +VoQ8NUMcA569qRnzig0DijT2uLF4QtptnrtQV6/GcmUnAdCobIW9KSQF75agY8zz +OVXAeKi1b2XjFRWiYm3ZbBGBvnvRtizJ5YmYidPP2obT25SliOc5646e1afhHDoL +Fkb4yq5X3pJtRRWCbZ3Q8NiR57or4asY6Auv0x5Tz3atLWmgBsO3SjIWohiIFYZZ +Nm2MFRn7nALc0Qw43z3oe/wCFuzKYVr42DJndrmp03PZQjs7UVlfSOcFZ53d4ZIk +AOM9fXFB6vhU4QhMHZ3MVuNXoiPy4gGZGdqfe0EZ2sMRAXHvVYZPZOWNeDzr8ESM +kQl48+pQcoTsXBBwu53MVsdfwwsryRSC5PRqru6FmElzKRgU7lVjN+SUoV0V0ZNy +0zjEcvU7PrRFq7GUQxh6I9mobcZabVMUS3NwgdGip6aJcYyOVxkR2x2a6QEtEo7V +0Mmc1FZzKTbDMjb3oyOinjM5xierU3KgcG3oGlnzUU1OrVnHSWTHNOcnwGCpY6a0 +IxsHvJz/ADXfYkOsLfZTEZycRivsUqv/AJcg2SIdgxSrvtY3869nnmIriu8keyVP +c007QE4Md+5iouQT1K3pp7Rhaa7GcnhGkw808gUuQQ84o2DQ0hnO9Ojayh1y4pEE +VzT7Ilwy9N6DDSC7gkYwj0Dau2rZkZKtQ3LrCQr3612F9dnOX9qHFUFdlvpCJI6H +d8BWn4YskIpyh181kNGM7gOSOf1racKtBEcPTxsVkzPwascfJc2zp60bZgDloW3H +MjrtR0ACsTVs1p0iY5QHrU0SM47ntv0ofC1JDJvTKKA2Bau0Su23GAchUc44lOPb +FG3o86IbjQ84/WPejxYU0VOusEtPJwZDJVNCx82xbzHLG8Y9mtRqbXNZlk7VU29O +whbkmcyDH71VSoVxTZS6jh0W/fOXOERx5Krb1idqaZWOMA9q11+1GVy84xkM+9VO +rskJmTIpTxnb2JKBSx5YyhP1w1bQhFBDqZ3qu1drkJgbZ/SitBNuaeKu5s0uRatH +Y9OmFgHQp2HHauGfNOAxu1AsOwY60qTy96VccZzjenmWrebcs58NULYd8ZO7mvSP +mabKGqvGPItLk003fVQV/wBcR/krXjy8VTME4qTPNS3Ltla7ySBcV6bDQ6CTm7a0 +d0fMQf4p0OCcHuXM3NDZYPXkmj/NP/QhPq/08w5HPR6V2MUc47V65L4U+ELthSOr +t3Q6Rlkz981nOJfDGhhpL93RSvyYxWIo5Q77U0fkRZ30SatHn05tya7YOlS6eMrl +wDKrgqKNqZJiiOXNW3CbBPXROoNWlJJWJBPlTNLwjhUIxjKZmSd61OmtwtRADfba +gNLDkgB4qwt7Y33rzpycmejGKSC4BnO+KKt4xihbTk32ouyxRcjU69D2Swir0zUu +MGDalDBuU6Qsc96dQfaBa6IJydwd6Gn+ZUqaUt3mMPaokF3K7a0zkqIr5m3IO4lQ +Qt/5cR7b0TIXbFMlHBXOhgK7bEljqtVursM4niraY5xQ92GcGKMTjK8SgjIejEKb +wkGwpnd70XxzljMA3TehuGmLT0TO9VmvwRv9h4dd8V0DPWuMohuxD1cVDLW6S0vN +qLccf+RWZRb6RXkl2wnFKq6fHeHw/wC9zJ/pFpU/1T9C/ZD2SneuWczlv2qui3wz +8+T6IVJC7qrbmF2PneI1s+iRh+yJc/LlLAC1LG2QcSd/BVba41xG1BiNhPWG9Nlx +fVSlzStWl9FM1J4JpjLJFmi09tSU3JymAO7UMPmHzJkX5Mvpkf70Tw9uajh9qTEj +K4uQ374o7UFmxpJ25pE5Uy+1Lx8UbopRhaPL+LaKOl195g5GQnu7uPSjPh3TMr8r +ibD1q14voCV1uxiMZRMPrUvBdM2dOKYV22p5ZFwogsf7subUHB2xv70QZiZxvjAV +2xa5sGO1K/Ms5XBioQjy7Kt0CX9VfhDaMk7ojQ5xz8OnMSE3R2aju8YIyQIxDvLd +fsVB/i2j1cUnOxIHlOaKbpnGf9q1QwpqyE506st7HxXZDEj7DvV3p+NWNTEISOnR +61gL+l0ly4EYNtemHI0fo7ErWCM1R6rRqnRytm1kk9zfNRirjFDaS6lsFzg3p8dQ +M3fbOGklBPZWMmTkV3aZKOWhpcTsxmxZm23WpTUwmDGQidRqMsfodTRFcjh360Pc +xhe52om5iRkRoW50ceK6MaYb9GT4rcbmr5cm3ehzQam/bGF6VuC42cZa7xJTipE3 +VzijHh1/kjOOsnb5nPKBgrbija2ZMz3oGPhiU8fNnfknlyfzRUfhzh0NnR3VDfml +nNcl+Psfl18Z+M26jlxDiscrK3I7IJV0kukZ/wBMPtcJ4fbkDpZm/aGaVU8+LcSj +NWTH1GlRtegcWSNrMc9xpfKOvVqwdMMnDjeuOn36hip8kLRX/KF6V35DkydqO/DL +IwbNONPIcZHyUHLQUtmh0QafRwTpC2B7u+a58qWpiyuAwzgF6r2pWsfhoCJGcQE7 +JtVhE+QWbMomyI42axqai3fZ6lXFUUnENGaa3GM5cy7BjoeKjsQIgGwUTxafPrWK +5IrUNjGQWszbbbY0aLXTMTZ3yU7U6KGoj02punOjtR8ETG1GLZ0ooz0eGaeM2M4E +ZdCSZ2qrv/C1m1fjcLjKwy5pQHO4Yyb4z17d62d/TRuC5x9qrb2glIQk49CtuKdK +rM+SCe2ZfiNmyXA08Zxt43h1w+Sp7M2Bb3VkdzFHXuFTJcwyd6VrQSJErjlHYoZM +iSsMIPwWuktydKydsG2aptXr2xclbhjO+TNaCJKGkcbGMFYzX2puomguZIg9CpY5 +83RSceKshvQv6mb8uceZ6C4psJ8V0LzShPHk3GotSy0Ny1KMbc7MjMliuKJ4dxaV +6AtuVrcGM3MV8D59K1PGktmVTuVB2k4zKac+SXRKtrl2M7RODkdmqq5prWqxdhEh +cHfG1c1F/wDBcNuzlnYwZ7rsVmcd6NKdKzPazW6c4xO5emxtxcDhdz2q30nEuG6g +B19mKuDnyB+pWK1DO/qyPM5Uz6LTrellGW0lw5z5zWyC4pUYp5P0z1bhXCtDxG4E +eKcOiY2Z6iJ/vmtBb+DuESuQt3eOaDKg8kyW765rxIsCA7p6FPNNBMIp71RSYn2y +Z7lrP6ecA5JcvHLcUyJgQfYc0q8UskrKNu5cinTE0/3pV3P/AAKmzaNsQ23K58oX +Y7URgdincoIjtWexED8r42rjbxvh3onlEWuRiuc7mNq6wpE2jv8ALbbMsYz3qwu3 +ZsBMJF2fFUM3DkzkaklxGdq1ghzPvWWcbdm7FkXGn2R6qbPVSkuXO9S6dzLDihIz ++bcZHdzjvRtgw/3qTRVMs7CGAo61IwY3qttZMetHWnGzRitjWEMs4PNNXHb2pGAy +uD1qG5ejFQc07xvtHNojvrN3wBQ+Mo42ztTZakuyYx7dadbkpub5qMlvY66C3bSY +OncrN3bHPqroOMtaSSOm2cVUMMahknVpsTadnTjcaAIwYwlYuxJQltuDSucOt3NM +2Y3OSC5AAw+as52SRvHJ5KZ8oi+Tw9q1vI2jP9au6K7RWLtpnGbzJtnzQPHHnu6T +SBkuTZSDwbVogDt7VX6qzZZS1M8DaMC9gP70kXbH46d+DC8QI3/iSZZtkAkRA8h1 +qeenbN1g9Qiv3BpvDbbqfiBlhcspfoLRutM6u447gfaJWyPSs8yTTk2gQhTuWnhX +Q3prJo4QNqVSRAcJmlQsY2ikTAbtIFiPXyUjb2ehilnEsD23zUBkLDgE2euKWSNw +5c48UlXYyUy/dtaawXtTdjatucSm4z7HV+1dvwccvxyskDL0OlA3xJRHYN2h7vxL +ovmMbUL90XG0QH2y0SJfGZFOY2HqVDImnbNOFW7OaP8ANnNWNuKuc4KA0uCQHs1Z +RcfzUWrZosKtIpv0ouCibZ9aD07kylFiBl6dqK0FMkuMpmDpUUi3DEZGV6tcneki +Ri4z1qFnKWVM42/eqOTOi0DQlGxqbkJYMuTPcoiN6GQ2wvUaE1em+ec0o4TbJVc2 +HS3CUJI9xcj7lFY09sbk+kae7dttsjGWQN89Cq6eGbKKJjr61WXdfdjHljbZSdsZ +wfrU+llcumWLGOMp60HFLoZPWyzjIDCdqUjLjAUyLjG9clPAq0ukMqoj1Ey3FemD +NUHxBf8Ak8PhbJZboZfTq1aXx1EvlRkmTd8FZbjmpL2tLUHMLJy58veq4lbsz/Il +xh32N+EbDqeP3OWOeWzdmntBa7qhb9x8yf4CrX+nGnbvGuJTBxDQahz4eRP96q9Q +HzZ9fzOP1r0KXFM8mMrkyAMm9d6mxXe1IDO9TbGR0PSlTwwZpULHN9Y4Pr7qEdPM +DvIwUWfDmqyEpWyTvjPWtpCAq4wUy9aC5bl3MlRSbEc9mD4rbs/DfDJa3WxjdvLy +2bOcjLHV9K8u1+v1XE9bLUaqbcuSdhNonYDsHYK2n9UeIt3i+n0g/Tbt86equ/6F +ZX4f0xquIEpmY2zmw9F7FVpQi5MpBOTSDeEcLlCDqtTDCfkinfylaOxa5LDKWcpm +ptTYCNqJjOQamIBaRxgN68yeV5HZ6MYKC0VOnQlIcuHarC3LmHcz2qtvZsahTYXO +aJtXXBLBiqJaEbpllaUTCUUqyE2DZquhMUkUVZvRnLlXJXVWw2M1utjo7eW1NiPU +M0BDjtplJwo9nZKvJ24ztsUMJ0qj1egtQnzSsiZ7FOqfZXHFMKjxSzdhhMeUahuT +hccxSR6u9CXOFWpwJ6a5KDjOFyUJPS63TiziTNnZxmqqKrRX60WU9OJzRwepUmnn +KDhHw+tU9vX3LX57c4+iZP1q00uoNTbJRhIDyYqckTkqDiZj0qC9dMIfeuRWMcK9 +dqjLV3VXOSyEpouFwbeal3o5OkCX9fZ09uRK5EvXBIxzuHdrKauMIamUYK5Bcu+9 +XfEfh+3f1bLUWr+n1EUeaOUQ9Ht7VQcW0mp0PE7TdBt3IpC5FySx6+fStmJJKkef +8uM75Po3f9KZWrd7js7n5fwF0y+oFZnUC3Zr5f5atvgFYcP47Pu6OUT7yiVUzeaT +6r/LWmTqKMUE7ZDjJjaukd/NOwDtvTgyBUmyqXg7CG+VD3KVOiblKhYx73jER22a +ZcRSSgB18VHNFyylI74cB7HikRiRydO2d6qoUZOVni39RBt/FeoC5knbi4x0MdKZ +8HWoys35oc3OB6AZ/wB6M/qZYTjtvU4wXbYD6xUf5qu+C7pG/qbS9QkfbZqXyE/r +dG7A1yVmsvRJ34B/0mafMxF22x3pQzPUTQzgA+1SzFGONsbV5UUz0Wym1dsmIg+h +QNq42p8ssvg8lW1+H1mMhjtVfq7AxzHZK0x6olJEsZKrFQTYqeyShdNwOuV6VVW9 +RLCLgOvpVjZnGcQXqB1o0JyplxprrejjudXzXdTaW3nO55oPQybYoYBxnOaM1Fz5 +lsCSYex1rlpjp+iiv3WzJBQXCxa5G7evxwSUeinSiNRHBsEsviptPAhAxgqkmktF +Y5JLsEtaWUk55dKO+mAQMYDdoa/qY2xIplOtDwuykqr6DU3bOlLk9hV24KkTYq3+ +HdOXZ3rrkYY+1Uung3r0YQGSuEO9a7hdiOk+ZazlXmXypVsGFylb6MXys6UeKZPe +tWdT/lXoExMI1RfE/wAMWbvAtRHTRxO2F2MFzhDdHtkq9tHNrEzsbtF3cXZMEEkY +c+O9bHiV2jFHPKqbPLvg658rhHGJBkbMYvpmZ/aq3A49q2Gu4DDgFviRplNPfjBj +lyjzKn2xWQxgDwBSy6SQ8VVv2NxTg3ruPSnEe9SbGQ6AYxSqW3HPUKVLYx7SKLFw +j0aRNFi9acxCXUQ6UpYcZ6netypo866Z5z/U3Sc3C7N8Mtq8i+ibfuVgPhzU/huN +2xcRuDBffp+9ev8AxdoHX8A1tsOaRDmiY7m9eGwuNrUQuRyShIT0RqWSPKLRswy6 +Z6xoz80nquaJuQybNA8Kvx1Ojt3ookwdu3p/NWMsNeVwptHpqV7K3UWtxc+jQt2C +xc4y1a3oidM0Ddth0HHWmSOKLU2eWSxxvTNPqW1MHb1asr0CQib58VX3dMYZAm9O +utiSVlnZ1B8sIpzZ6vaprWqbmw7jvWf/AMyC8skx2elSQ1M7ezEV3UaavQFrs0E7 +sflJ+u1BfiGPOd+3pVdPXm4SRNumcUHr+KS0el+dOElk8sd91ev6ea7g2xnKl/hY +Xb8DMpyA6q9qsNLo539NC5Aks36Yh28tU+l4Zf4nd0w5LckZzehnfB616TZ0trSa +WNq1ECJgeq1qx/Gb7MWX5SVqIDwrhsdHDnnhuvV7HoVYLyaqEnbmMNdjsZ71Hqek +E6jW2MFFcUefKbk7ZPajjUXFcGKn0zz3ObwYxUGQtM87yKn0P021aDjSo5S2ScW4 +fHifDrullLlZH0y8Pb+a8k1eku6LVXNNeixuW3lT27/evYyTLo+1Zj4z4F+L0zxH +TxW9ZjiYH5o+fVKyTi1s2wlao8+OhUsTpUQ9DCYqSCLUWMkTQOhSrsHb1pUox7Nn +Kj1rimE3Hx5psfzu9Pxkzk/SvQS0edLsEvQLhySMxkInketeD/E3CJ8G47qNMiQJ +c0HHWLuP6V75I/zB8VjP6icBlxLhZxCzDN/SjzAZZQ7/AHOvtmg0Vxyp0zJfBvER +tz0c5bxeaOfD1K2Aib15JotVc0Gshegowcp0yeK9N4dr7Wt0sLsJCSB2e/isObHT +tHpYZ2qYZMWK9qhQcj0qWT9KZ3ai2z3qKRYFu2t9wTNDz0+VkR3qwkCqg1HLbdo0 +GysnphM8m7Ql3SgKBnvmri5LBsUJKHOmcdelDyGkwSzpI7y3ANs9qynEbjxbjlux +BzajMt2w7qmX/wC8FaL4g4iaDQtqDi9dGMQeh3arfgjhzq+OxvzFt6aLcV/1O0T9 +VftWz42Nt2zJ8rLxVI9H01iFvW2bFuIRtxAD0MVc3FwG2KreHHPq71zw4PtVlPKF +elLtI8aPTfsbE/SmX8PKHmponTNRTMzO3alQeh2BjA7BmptNJbHupUF15bcnvjBU +9sIQtmMYDPvXSWjk9hsZELY+dqnjEnaYyBJGEe5QVybiAPVxR1o+wGKzTijVils8 +n+LdLpvh7irCenvNi8Mrc4Jjrue5VGcZ4dJeS1eMdOZN69d+KuAW/iLg1zSnLG+f +VZmmxI7Po9K8st/A3F4MjGiyZNr44fG+GsU4JOzWpNrSA3jdmdyDCwwjKWMMs49a +VFW/gbi0rluN2NiMGX1ML8VDvjLvSpbivIKl6PbI45mnS3Kbvl2p3UK9FdnnvoiT +Et3d702QSZQkZimEeieKdNB3a5JwEsZonXR4v8afDcuC8SlctRXSXllbQ2HuPtVR +wfjN3hd/EllZk/VE7Pkr27i3DtNxXRT0uqgShI2TZHsnhrxn4j+GNXwO+ylFuaZf +puhtjsPhpZQTVM1Y8vSNvpdfa1dgu2pkoyOzU+SvLtBxTU8Ouc1qSxzvFdn+1avQ +fFWlvBG6tqfcl0+zWSeBp6NkMy6ZpVPFRzxnfeg48TsXAY3Yo+GuT19gFbkT3ai4 +taoqmnuyW452KH1Wos6DTTv3pARM+q9g9+lBan4g0GkipP5tztCG/wCr2rLa7X6v +jeqjDlUZYt2oeX+X1qmPC5PYk8yinRBqL2o4xxLmIsrlyRG3A3wdAr0z4d4VHg3B +/qBuSGc07vT9DoezQnw78LQ4YQlfCeuuGZvUtR/0nr5a0Gsc2oWomC4gB2if/tet +ixqCPG+Rmc9IJ4XbY6Ykm8lVox3abp7ZbsRj0wVIm+e1Bu5CpflCxiNRJm4eitTP +TYqLoqnSjEEmR3MyYxN8y/ijJbMPAUDaee6Odon80ZNOWMnxXS7oVex8TmuwepHK +1Y28lsMYzvQGnFwvVcvt2KNFXrt4qM1ZeL0TRQw7daznHbGv016Oo0OktX7bluxZ +YlF8nkrQwxn2p45k5DGO9ZpxtGrFOmeb6jiurZxk8OYpsNu6J+9KufHHAv8ADtVH +WaZkae+vNEXEZdXHolKsUsbs1KZ6PIM10wPtXJdaXZr1PJ5XgiuOXBjPpTX8tOmd +K5LpTID6IXCZ7lCazTWtVZlauwjOEjCJkTxRj0ajl+WijjzLjvwAMpXeGSIu62Zu +32f71iNbwvW6C4w1OnuWk7yjs/fo17zqfzFDRtwuynC5CM446SMldKKLQk/J4MSn +HpJPUa6TuTcMmWdgzmvYdVwvh34j/kNL3/7Mf7UfptBo7INrSWIPmNsKVwRXnR5L +w34Y4rxOQWtNOFt63Lgxj++79q9F4H8L6TgFr588XtYmCabR9A7e/WtFbPq+xUWr +/wCIe5WjHBGP5GWXLiRQgwt5fz3Xr4KijH53EQDMLZgPb/8AaMf+ZP8A1oTh3/Gv +f/d6p4INbRZ9g9KTnBjtS712PRrOaH0LfBUF6ZCzOT2GiJdKB13/ACl/2KZE2LSD +8oXrLdouSSmROgZf7VBb7e5Utn/r/wDdpn2DwHWQI5XdqYV2xtUFvtU8aiypJF5d +8dOtS29o5erUEvylTR6fapSKxYBx7hzxbhd7Sx5S4sW3zdCQ7Z+2T70qPfzv/wB2 +pVCUVZphJ0f/2YkCNwQTAQgAIQUCSmx9HAIbAwULCQgHAwUVCgkICwUWAgMBAAIe +AQIXgAAKCRCcJ7MTQrdRHWkfD/0fmbMHKQUwVn24XftFcBzVYptZgtcHOWxncuL2 +srRH4VAhpjH1NooZsMCAW0yvbno95/UgsjCASJEFHE97XJ3EzCpq3PEdLbMdsjD8 +Ep7yPp0nW5NtbZ/bx+pO/r8s0jJVr6rYqh73cpWpNi1y/VCzyNV3icYHdE7yQqEh +GHiPtqvV/RYUlhIL+NETgLDJWB3n6TNTpQ/CjElxO5PwfElCoMRDGFEOuWORcXdD +RW9q99pwPaULcVRNf2EIQDS6tOl4JmH0AafiwG1dlCU6nuGkdL/UkHZOgjRc32WZ +XBlwth5V1C9gmclxvTRyc3K3urLgmLl2Vx3aR+Yd2yE1DxTN0eFJ4PCYrOsp0SB/ +OLBaqv5zpRwH3zKrqCseRc1HUB4AEp9RlMVnQrYXpjAxh39W3yLr1kYYkFd2yDq8 +wIOkss0YrRTlY941iAXQ2HH1b1M2f13YgcPzVeTumDlHviV1d9WYuojeE7VQ3nsC +BVamJy7At3Jn4SP6JB1E2Z50Br/VW6FhT/8logmSvEYxjITgQ1eL203R8bS6xbV4 +X1aFPTG4X75celX3jifa8hiiPwwQWZaBxbMgHxr3BV2GDJOXNBhwFVQVx9hoU9nI +830Wd/M9ibYemnIYT4JCQF1wc9rCIsWftBGQMFwd6tPDrJTEMzRbz5Atu35FAZIV +hRGaIrQgTWljaGFsIMSMaWhhxZkgPG1jaWhhckBzdXNlLmNvbT6JAjcEEwEIACEF +AlWD46kCGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQnCezE0K3UR1TZA/+ +ITdAhqZc378a8qQeECyCk7xAYovAUkT2q8pw/Wiu8rvekFWrktma3V4JUCLOcH3U +48Uu7b+6A1qijMlizuyIx66T7mngMwPCZcL4Qgo7iBnXv89eZ9uVIjQ+BEHJ+jgG +JrCUDV9EiYsVoY2VyWuvYpNsMABv2kKumPHhcDcfBpUS9NS6/5W9ZTjlWFJMPf9G +IYeet9gOiN/xrQ3YujAWxBqxb0VHmMrzf6I3w+wYrR0GzWE2tnDehRJW0um5AkRC +NfjNlChEJz3LAIkzBECSghijSQ9k+2nlR6Bj5MvP/+QVTbqO/WK/EaQfwyBh+5zr +89q1fd+XFkU/LvhChGorQO881WzngvanSIdNNp3Lx8hmFE4P+Co6PrhX9MjTnjZU +2895WSjYZo6X/Wam3mRW9zdJFSYPOfZ7FJ4Zk63U/iEvYZyAk87mnrutUYcqjFB8 +XMkncxnhFMwbtd1HWi3e9LQIKi0J7+RBOMNP8Ha3LYYNvTbi+1Q+1wwVgnYA1TTR +kvBBGMUcWk4C8P2uQPRcOwp628CJIR1mrU7vGp29hfhTNdSyr94QPx7lCnwPYb6q +m1g0aVPxnw8Ht7hseSaLfHYb7zVzD4OTDZ0Uy9Owv100xKVuF9gzjuFZkf6vfQir +rnm+BrdfWeu/OWbX99aWA5PXPfHs/a/pxM/rpGPGkJ+5Ag0ESjjlzAEQAMy20OjJ +T5B2l1BqwdankU8oh2XFmV0jVjO8tWC+eEgEFgFjQHSx3PBIwhdLjMBUGdCYFdPo +7aSm3YkMzkpJBFhgVX3+IYG/lLdaMOQC6OKIlJK/aXdN1pSgShGw0wtJPDWISdsL +JbVu+W9Dgon1pJ6zd9mVMJqFqmXR9uKjpyD59Ycv98mRRHSAjv4i6OEl4/p44bAg +eMSRzlMpG1PPkG3d0Zf+QJbmXhviJufXlOeKkG0rdDnFeNxFEUTTUMf6+PCsch3C +Up9HYjGJIfILr7OpWwdj6pz6vzyhauuI6dZ6Fbp1DKyzmvoc4AWQ1zrww3OJUvMI +dGPUB3WKtnMyEE0jkMmkXN028EvkHnBis0dQGR8vJaBUS1UUzR3991TtbT2baKwg +PQk3u7mRvR7y42BkpcpKeYYb48hig97lWMTvdTFurH4AVJ4UlGMa16Sf9xF10JQT +vAdSXY+oJLCqyxLvNUtHgUbcUm6JT0QlSUreqdNYW8RBsFscy0cbXBpvAKjlMtGc +j/02OUSCiF1ttk4f0yR8RjFwaa4WKS9PwFBHrtdxNZcxrhz0bJeeaGCmiKCl6SSV +VsYYOMBdLowfM1Ospdn5HsgcWTx1Os3O4Lbvl8lTRojSrzx3EQhBn7tlIf3B8TbA +st0joOlJXvixb5a1d6veFO401boxEfhQPxANABEBAAGJAh8EGAEIAAkFAko45cwC +GwwACgkQnCezE0K3UR1t6hAArizQ4FmzjDjR3F8KNT7hX37pMmx3WNHPUXeqqJgw +8chn7h3CT3cuuE6cSTKWo71jD549ndYdwlzLgTwSrR34YAGuaUBo+XwsuqOUjQx0 +N8Be4fGjZOlgtkp0ynn04z3crjAeztk7J31C2YrkKylJ42rvJSCbKlfRPnRO+VCR +Psg8Nu53UyPXodvSCW65GRKaKgxD84FTvIU5WL7/dLr/dtAFPiBCDbW8HbaJFCy3 +pIXIvM5tgZj6PEZJfo9NuTcQ6iYqntMnHXg1Dq4n9u2ClEicRgYOdKQRhYb7crxx +7RlSDR4lH+DXzVB4ivFzMfhtuyrUUZ/M5HYrhWUnctzcc8PBpq5EZkqJU5hfE2xm +278669YpCx0Ai6BT2tk/KXGtjK+xfOdpgrRUBeBgDaz4o9TfstqfB6hFAXIS+V7A +TaP367a2nyvShjtou37le8RYsvakjFMaqw2eGcqQTTvODDP3x8A9ZbeG8ibc9htB +1cDyXcjdTkvsUsE2EtBBfvi8z2CdWMpgX2tBEhN0Nhxl2ewm0ciErppz6XEfo/m9 +SVta0VDVgZezbohw+r+6UwNYfvr+oXHa5JhaaFU6mz9Avk0y5Jv2vV5C/kpW1nyT +tdZb8NQCmWVwVHTyMOAj+3VvkW2OTmky3m+bquFMaIsjFVED9Nvfk/yNJxozN2el +l/+5Ag0ETKMA1QEQAN6RQSpWwLpBReJlzp6fCycg743qldFzPXRCbPDLqmxQPh3U +lnziUOuB8Cf6csNHCsbhAslBY0cpDQ9X8HHFVcaRHtzFHtmxHatjVnGFG/m+mrtf +dwIgOxC2JcTxrh+ZsH/x/FGm7JeXPuqrcxVnJUqklOqQCSaR9rXjr2c0rzeCaQKm +xXqyIepWaidiW+06BC131jJZc3PAS0ayv/sk95N6Q6EouF8IG9mPpJ0oHLAKCniQ +EEIUEGN9uswPn7TkOXHBV+jeko/J9k95EZB0KkLt1j6bZuLqceoq+VSgHU+6/ELz +jMWwQRbellnYEGgMcZmZaHSb9ptfwq2b4Pog0/cFXHR8Jal9vYNcTfXGyeP3kxko +2Dz8jKBlRgWiYzjSqSsGWSdLB241aA0+XQjQfPFVhxrKOKXp0UUGzlBKAu0FwAzG +SmA0xbQLUeVBfogOSNZFeoswL9J4pbq7I4ZVgYCP1/b1K7QUmway4+sQU0EmImhn +AXgZQ4lHCJKkIuyfScDC+ufruQEvnBaANJLBw+MzuX+5QGaDJ4aIfv49jSw8bKnj +IDQYe8fFTZz04O7nMsHQ4Kiq38dE0RZiEx1w1BxznoCOVdJwzW3pWQYhOqhc0G9q +5V6A3dl91DS9/VYbI4l5Ubv3G9J7SMLe9FaYYNf+dHSXI0O/wxDOiBqiauAJABEB +AAGJBEQEGAEIAA8CGwIFAlXwAy8FCQnDqVoCKcFdIAQZAQgABgUCTKMA1QAKCRBq +N/Wx1/sXTY1mEADReuoafbhqw+kEmUJjicHuY6ChioAn/DamVE7DJeIgMjFFXQ5j +KI9ivicle6xQnHiR7htPRKbcZkAyjpfvHHRf95Rjjx3Og8TgdghTm7a1mUCUIh8G +fPCsjiqNJq+aqsSQq6cNGnDp7gcl4XoM9tTmH1QsQNKV0yRyS40zGfpSVW0M3oIp +uTw4p84V433obLPF5dSJ888hWSXb5aPvD+3Ar9HWZV/BWarTqHFSbXnMj3sbezFy +DPhcrRrZnhWnhqfMXzL6kWpWFOGE/BQvoc6izcbEI5N3UdwSgchjXlMVYViKTSOf +BimVRHRgSrZJIcE1ue2PCS2y7bXCppdHuK4UFKXlxSTm7ZZGjOufsDKOni9yu7j+ +qiEPNgURv3cvy6WfUUK0nAj9n//5UuTQjQ0Y9FgnHvUY1A83eLZRGd6ey0KXPHdW +WK3Hn8dXtlFoBxhmD4wkhH3qUiaWgjuVUKV0A+L+vrznp2vITehmghJCpls74NxI +6Ve9rNRn0OLtu+w6c4Ju78IX2GGEByrjUyQMVB4wGmCtBSXuvnyG1bYARz6ZtMVN +DLHV9gzA6cmPP9NOY0WGSBffGR3VS7yQo2dT0HP8rHj9KVsswIhiZS7F1FDGDY55 +QRXETwKvCMdnrTQbz2EPbf9VDMPi1fA2BXO4GY/U+5a35I9PKmDUCz7+9AkQnCez +E0K3UR0giQ//Yu1nomSi1V9Ly/6Eguvw9FLfjb0SyZNh5PwJVKSh6vYq6JPCxtmN +f63ANmcNAuffxg+zhx24sroAlTGiYp55SYQwRwR6jYdOTutv1a/dyr0spC1qpXa7 +/6Q5KYHlPsC2YhdeucgG47U+rVlg9fuIfA8aF6Mq34wijhxZzmmZ1OxPiYyveqbu +u+Ka7eijDOKseo7X+FF7vFEFnPf9ZuiJPKWhJGIGiChiQhl4Q6IlIO75Ll+Sw9+Q +owIrzkRLfM49J/VNGJzOfQ1yYOoZME1e9jSck5+6Q/Nd2dGg6Ux320PA1v9XUvi9 +gYeLUq2V15uIL3glexhP8ZchlnvG/ClRR9/TC2esgktsZsCN9eVRLtr3aBxn6NmD +TnMfj60JaPPZ/yDFGaHF/8/H2Gocq05c2c8eC57SdV3zLlncPlfUAtaFsmKPRzOv +st+cCs0/BbaCg9Q2n+qAzHbQEcFWQgrz/n4TSrVZqMpb9d8UAqY4iDfAx1r9GCor +Y8RBV6AvbK7XBfgj/AVLPm5b15unQL+gR1mkSavRGCajltXZmJaKKUZAyB2RpmOw +HaesZtZBgpzWbLzaPCOpUHgIEz/8F1X3xvaiDcmvok2PIbZr/SnbKxLbR3r6ecq0 +CcSjE5n5X3zlBKsL5jABaiBPqvMOlLHFPIxpsYOcuGqa3IDbnozlRya5Ag0EVfAA +AAEQALueqArph5QHQn00E1YJbMERov6B1ZY/U8MntvwNkie5aCw55TsYkKNWxZSQ +UT7HCuM0y6CFekscrk6Dd6BdEr0I5rKn+TzpcwnAyiSZ017GNXYNT/dDOcyq0TQg +7qn8vzlWZrKlSQQzBciPYeXFirx+hueLoqxaLoVCeV5KKS/YqXlcVtTUPmwxvc/i +jjByf8uxx6LiNDnlr6r8IZLF6nJUcWTPYHQmIiffo+IxZdFuB9P5nvLZMjTkcKzg +IZlly6bRI6kcCp16ql0HJj1yHE7INt2x3K0DA754XXdYLykv5KSoukk9xquJcfcJ +lh3ZQZdHMNbwpgaxOxHzfHn+QW8DMWB7yPse9y4vzdKsB6csAQwfyfFR48SCtMNt +Nv2j8CbKQsWFEGRLbmUa4Iemmi/c1SXnnpMEKP9I3OzYzDKbr0Bx+KUPZxzI+BC4 +8StoaAdC4AuBouJWM5Ge0o0Ii6S54n39mG2YOMmpdgmmPTwHeSjYMcvdZZKzHv0E +nnPWt5IRtpMONY2aiNOUSREPwrRNI9NBxx7qA1vpXdMILeptmFG5HEX4TWxSbvpS +sSfgXTUXxb4chi5GIaqb0tVZ2GqKcO0qC4juxOag9yXeyFyd1AdVvbvPLJ34t3my +2jn9qmeGACpD7yIsV6gZSQbp4zbgZPGBy8m8p8aLrbxeLub7ABEBAAGJBD4EGAEI +AAkFAlXwAAACGwICKQkQnCezE0K3UR3BXSAEGQEIAAYFAlXwAAAACgkQ9KoinU1Y +wkURhw//UeyQ/E4WSBmyWmvBOlJcsyKMmLE8FSgqQSyrvZQpT4f4jjtupw67a5Sn +Q7RgZ6147QqTxCZ9oq+IzM6F2AIDXo0/Aq3sIFvUsiP2NEX/Yk3kQrrsSC5xpPF+ +leLzcRDBVNarnREeZHWBWSwdOUGCFA5t7uBpUPzkTTYNFVMa8U6vmR9tx5+kU9TN +rd9wVn0v8Hcb3yLc28F0gLRaDTXM5fCzI3NWxPciOgz0ZfnKBekkUyslGAbJyENN +nWP9UukjdqHnDMOH65VEW61Zcu2+Z327/QkVKN6oa217dfYcMC6FzIl734t8vZNr +Vfn2uMtQR4h3FmckL8rt8UxTH0VgkjelKWfqeotQUZMmd6UYxf2MH18bAXNXOp/f +VszH0dzJp/JhZlU0sGIkIYl6234rdBfFgNJv6+2DJHJat6EgXAbonSTjLYygv4fv +/rEOgNVxQIjMtQH1SsusUDWqnGAkPu356/USQER3bmpk1NOz4ezdjKhDtnMftEiQ +DyAulf6gzatpLag2nhtdnhVVxTh2w8z4kFAMl6niQCSiFUIx7GbfO99X7l83HVcZ +YT37QS+zwD1vnMU03ShrlbjHRTo9mIPc+nILv5jXL0szoTvdgCg8PpaP1Y+4zRwI +DkNGRuQWIIYkMF/N0FPOQ127pZd6UKik5ZD+dF0ZWmh2gAjKqwvbvQ/8DFyw9HOo +SXS5fyVMqLvpUS4EG4HUsDXkFkfobna8ow/S0q2Qp2/THEH4QGwctV0O5vrncyrE +HrR+MNoZOwyVPOruzJpRZk2V5IwV7NBCrdBhsJm5oOw5s2mz4nyn0I/foCJR1/hn +NJDRzRkblHE71n5sqkN6EdyYd/rrTf+mP/FTaKJjLatNvQQLNExirB9GXktCXOTi +I9T22u+BL+gTQ0OxHyVuUnxFn9ZNzp2Ne/JpxmaKQ22oNECOIjdJ2RPAFd2hB+fD +73UWSdU88n4jKl98C1kfd7edrvOm6efKc3zDufcyNmNGQpSRJskJ0pC2Fe9dZIRk +m1KLMmfC8ZEYI0ZkGjykCNSvCykYeDn7vCv1jHpnKVf84EqBh0n5UN44dTVwfr+u ++JSsWPIZkx2xbAAeV+1xE2I9Ulqc2prdqWMEWkFy2HoRLkSzwC+ir1dZhKy+p44E +EYIl7fnhAtNkcAb/uRhgppCGsiXlMdcEQuQSa0mrbkasXC2zo4q7OI1hvttQhhQH +cPIUaqWwBO/Nx68WYZm3j7/ip46uzbVa0j4nAb/RQDhbkY98drsm62SJUicEQq+V +loYbltJsgyBbiwOJYoOiUx7S307nfwMi9/OoqphcPBfhpMR2Zzynl++TsuPec/51 +79BLUoP/ctLnurIaDVWmClgxscHzFaso6N+ZAg0ETzZJXAEQALO92FGupczN5OTD +BLJjeroxKN+llyRf4paMLtKKx4uCAZNGs/gr6SRN/98/c0ux1dWSR4kRnKjHtTcR +H4IIq3E82kITnLti4uQRTbTW5tiW6wV3gT1ZTFwEjzamk0RGcwldJEd1GtaRB/5v +UN0w3KWzEYuGYwurVP0rD0WfgDqJGCW9NS0jb47aAKmBExrrPTiPlib4tmCqYUxg +Sw+tgIQBu0QzadsoqlnTaoP505vjBqQ7qZLrTUMDFzehjpJAxldW+YmpH/qb+WR9 +HgyRDBqJKPt75jWuNPB+HaQFkYvdIq9U6gFnkgfqsWHPFgajrLE62k2ATR2ZvB7K +XJVMI/JM/PLKuUzLvwtwWYJTDfnaSN7wTNjtgFvY5vtLbmE3LtgkrHqEsMJbAhTU +ME9wVyFUD5dNLznzi8iCHsfWR54BksIqLvq8G5y+blKuKne+vfF8W8pii2y5oDHm +Q4fiwSeuhWw1w6hNwzp0wFwtd2nAGJ6xspoe2zRmRNjrUDnyC2HB52WmULbFagx7 +qXqCHyMEbkgcdczzd87aOpO+iT0s3ffLbhEK2TjZBHOaUXIyKjNHEtzCrZFxvuak +BuK5H/p/LyAuwvSHCZCo0hF32G6+TX2IzHGTsX2qvxu9Ww9rcpa+5JlNPP2m5gi4 +GTjr0bEXvBEZN5es0conxkHqVIK1ABEBAAG0IU1hcmMgRGVsaXNsZSA8bWFyY0Bp +bmZvbWFyYy5pbmZvPokCOAQTAQIAIgUCTzZJXAIbIwYLCQgHAwIGFQgCCQoLBBYC +AwECHgECF4AACgkQ/vxl0YGvZEqHGBAAlLwrmc6rb0C5Eaeg27vUyJ/bJS8Z1Qof +/HbiFmDIKYvmUKj1gskWHSH3vn6Wgig8+WfYy3zcVzb8RdcaHuIS2523qwOiV3la +QrcRnvJQOmDGFdP0m6CbqxRJmTQ/ETaFobk5zNx10cdNKg+2DRgR7ZUYZh6JCNKt +upCmKt/EttB87s5lJfYe8f3udn/wTSUaC0nYqyThMWycuqEdCCgPeeMZpdBh5pkq +akLhDOE36b22iesm/HaHQDaqWfCFO1p9W3Xed0+Rm+cfOy9hMxV0ylb3LStM8Ct5 +hwvTFSuhxFijRzPaG+quD5zC7DeYrVk5cXGg4LJAjNCZzDlL3d54xEosAGqJJZXe ++dDQygoPMpL2pQKH9ElyFcP7HPj6Xygz1bm52yeQ7hhFeZ07C8/G5EYHBLypDUab +eQQpmbqoRx9Skp+m/SgoEe+CtCbVlKsoGn3spZP4ihXAyvF5f8gKcvUlj+dxyy7t +4cYogPnWXKKI8Wf1yDwR8DIjiMYwKN5UdYh0SgLzJ/haGAak46rIFV+dMQlyUbkd +qxYCQv1XiC1EMF1G2jwXO2SyMzDa7vmYEs4ockPOrkzfYt4irsjbYXHUbQjorHhM +GE3LjnZeP/Yfn31wtSKDTRdRk66tgwWxKIfFeJImuDEV2DT3p+rP41JCUoEK7ihm ++cGkBZHh/CC5Ag0ETzZJXAEQALXWA2vc0JDU7YArioo4+l5uEcon1A/ujmHih0WJ +bST7VV3UQnQ0gdBHDF2qF1LYdpzw/HFD6CbU/P88Sw3khqC8NLkSNyYo6EEezJkV +caL7i2GNdZydJDI2Bkjtq8toxS34SrlxULQFWbaPx39CeC97L2euxI7UDcNThLtQ +VQWszPLw5CqMZ6kaKX3IZ2DGyZ02+JTpGD7qY59ectnkdaCZmHXZhQ5ruIt48bHW +YrtcF1kn0w3nAdXl3YzQXP5Ef42N+qis+u+ukWzZKcciBk2AXTOqp2ti1/J7OhWh +lW3FOt6d76pe3kYcn+0PZCFlemXqZCJX4F7htpiu0SrPt3Q+Rngqikc6bFYxaug9 +5XwUnRJ7t2cIh+9W3CySx8Xop1cSQE8UYaXJH3mY32i/0bpSQ+WKQPy4Kd+FSpXy +v/NHa4stGV3Eo7EA9Bnc/gnB0/2uwdBrS+/XD5P7zsioPN2zt+i5vo9bnp0EsXLY +zALT5piYndmA5/QHYOwuwTYh+gz6s3epvlvt3o+Z4o+u+lebLDG7kaSqpbE3e2rV +ZHr5LLlNGjy2BbiSY45dIcd2TJ6vJj5pFMJn0QwX9h6+bpQipt3Gspz77EyxEpA7 +rESe7txVHx7I2EdP1pP5uBF7AG5cLJpGR45tLtYZOi7d20a+WIMNmNk4riZzXLPP +G1N5ABEBAAGJAh8EGAECAAkFAk82SVwCGwwACgkQ/vxl0YGvZErnQg//XVjDv40N +fX767uIPGoAuUEH4UOTyLMmfnFI1ZiYznBzepm7DR997RdyAQuMkZ3tyZSD6swIB +b4a+1yOhvlnixsl8dWojT2Ba2GNekm8gJZQ7GnUPpNAA3G6lOYM5corvaV+ctjr/ +AfwRyie0aVp01hrKUQkutPnV22n6j0QieyxLMhBCReQD4hxFF842+qQb7HkJH5dk +hQMGPforsSmYufTbTKBqSHV6kquFVo/+/H/OU4WyZsaQ6YKqAG1B3SIZY2vUmtb/ +poPGJcx5UJ9mAkg4MgIzAnRS597Gn+dIVsfxsMDzlR/msq3fWUBbeenxMoR/s+5P +4cXWweOaauMnYB975ZXB7SXuAJuWvrugHgmnGS2ktp+rjg8vEymGKVp+aW57AEI4 +sSHyw7coj0icjfCSB19oH6o5YzEExTmogEWjsH+8G+CXHSzKWGVvhSiL2YDeieGp +VknBpYkdSY2i9H/PVGL/PIppOINuhtHCTcXd7dNrz52ulUDcxQLwx5COU406sd0e +ZtS1g7hizZkjLKQ7qfem8CbGb5WRSPvTvJsRmVjCxaq773+U+xvn4sN9pOrXNCTL +2aEWn6gVNdl0Y47/79kQ2qS7iRj4e8zcENbWAO3ITuneLUO0AUBXkn0byV6kBiiN +A46qbbi59JCvh0rqbenlSZFVXMNfzv8xYveZAg0EUgLvYAEQAL/byOCQQrNPFH4r +IauRzCCZaeWKEGc+nP4VaIAnlrPBw6bFzJmP1WGfRao9tyMCT3dzO+DhMzFOrZOT +1ZHa1V9TkKk16A424iAUKY2BsxtPizhMfeoidfH1gkCPtO/9jJ3irYK4brNflKa8 +QGj6hog33D7ZZzUjB0ERNzSsnjZweB75Sip87M6wQhuLFx/7x/AYv5ipt5AammUa ++7/cuY7TEJBODcFh5M3jFSMsNnVOshYNZBXSHNbY+F9Stf0lMrHqvSm687GIcooj +2JacPahHfLC7V/Kqh6GGavqrwDdQbJQqediXqmgRuvIWo+wuG1VU7qnW/9U/8c36 +Vtt/SQ4/spGtWDNqVmRIdAAE9lRtPMEEhB+YV2IXS/wpt9LCtm2plH3nTV9hGxvo +PzIddgh0hvmT7WpMSmiLT4CaIbdTYAnZfSr7dZ+7/AMUCNeI6CW82IZPfKlHlftn +0bRWHEMP/tc1k0Y8IXkxu/73hhuBsAdqHlRpkYVNJNsw9RHfORVp6lRDWR2N8kli +MQ+uVRYua9CBX95dShrlvfgfiCqCYZpT37kQGVDTL9jeeM72yxzryns0l5sasojO +ZxHt7NerFL26Mj80TticIeiInVOSwK1twK6jHyCrzcq0q6EzGKekJqqQlSGaRTWE +g+4Sr56QA4b2ce/hIW0XUbfQE6J7ABEBAAG0I0lzYWFjIEJlbm5ldGNoIDxiZW5u +ZXRjaEBnbWFpbC5jb20+iQI6BBMBCgAkAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4B +AheABQJSAvmsAhkBAAoJEM51LxeCWb2SR9EP/02qCIT4f25g5fIpIOv/8qYkzfV4 +pnpUYSaWY9cLVuCCzv54vPxr4v69eDLE6xm6a9cWzY22e4y3qWDNlzsYaTDZCkop +iksT3VMJzql1c63Wu//0gQ9xl6cK42H966pHf9X2N4DI+mSxOlyY+c4s+9QNpSUn +Y2SxVbZBrhcfHVmtuQAkVLk9sRSmDyasB801ImvyQyoxe6UfYL4NGBiUU4CJNmYt +3uOlBATwiW28mz1UvqqXtJ8QxCp/hQkeqVjb+U7ZlJ+xzrfEktaUdUVlybGpZlSG +YXZPJUJe3ZfOLGlrQIQ6EcIyS4zmp2GT94L9gVDkR4Lnnoi0vgtoRAG7XGpXEe8c +SrE4WiRRAMs8R1v3DgAbX4euj6jpe4mU+ELhAhzvcfHMjzYY+jaWdEJmVbYo6xeo +T70zMg4sekOpSfiwtecPEFJNOd36/ez9b0JT+KV11s4RhTbO3RmM19yNam20KFQ4 +yyGGiJnC6XtpBHzYtHATADRq3DLFiyzE1/+sFTvlx9TSTRQ/NpJXBx2hiQ931IXv +ENmWTCtLdVMCggUDqNmN0awb++VEgiYtNKxBHiPqQkVvR+FByRRBcByRDbeLbp2o +vn2Zm3d1x4plEgtzKXTNA0c5BujbWV/d62c4aNn3B+BzshfzgKv9XEqSOqu2WCf4 +VyL7amHdAyOR4DaKtCNJc2FhYyBCZW5uZXRjaCA8aXNhYWNAYmVubmV0Y2gub3Jn +PokCNwQTAQoAIQUCUgLvYAIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRDO +dS8Xglm9klihEACDnSzv+Co287zF62RFmLctqMRgkDFXLXeFu2IvfiBd2YxtgPA1 +2fmtyonro3syW0yYlq5fsBYsYzJZ/2TmhdDGZjC4ufu1o2ZwfWwjUYjlio85SaSV +e3GcidP6Ceyz19rPgVsxUoWQa5xCTThbORLHMIpUvoAIkUcKC83V2CCOPH/FOjfi +NxAcEbpOSNKe49Gal/rvQmAuWoXMdKT8giIA4Bkg7K0BrpcZKU9ZHk6jaWcxlDu2 +CuszBZwlmusS9wW2/b4vRTquxFptB4OqHo0Gwecoqz9+NWeYbn57WCe2VhCBkBBG +nwSeSRh9LVPNh1VLHm+eCk8UObwNQUcMP63iVdBqlu2uRenXlJ/TTqM1v0j+07Nb +sbHQ1eBA6rQHrZwm3itd5iWje2EfSnE98UPC8s0iqqlV+exPhaK6AvaYsmwrC+lh +sQ6trXY2h8mJxrHSueiEWNxCmT3vAA533Vc5FmJMftzPKndikiu9BLiQHjUHHW00 +1gdVRZWPcpHZ26S9sC/3XhYirki+byczPLyKz4vf0cVbp4y64chuYcH7I+wCzuNv +8UB+gD0JJFgy7HH3tQsxPMFkoTJrhVrXhEeFcYnQd3cW9J+MAQI52q+J511EK7CD +iDSL2jH7CQ21qzAiS8NZt5nM7yYn60sNcnT4dFX59+jwIiLWZsfDqgSzFbkCDQRS +Au9gARAAv0eeHYxQyURSWeYFvt6lU0fSL4sexfAS9uuZVigCgDNWfYeG6QAOHdWn +s0axK/Wualjcx+uh+FVcHUT85K8/FBuvIG8SjrMkn6tAGE2knBz0LmqSkZkftNHm +dpLszQk6h9rgSv+Ro5y1U9BMkPVDxFsPtLq6ebum3PDvpXGaZW55epHo1/FKIcv1 +K0YhDIpT4R8Ms5pBxJM6j6eW6hbpf1VP/Ths6siKOkUsJGHok2e6UUJAGm7sm1ys +sHgqHo4IA+/FvRsaQ81/hDC4iriS3AHBXoIWrkggqSeRWWLlMqT5+7JxMU+iBC2T +fkoFDQA/XgjvCBVnyYBYNLIU/YLfx3doAs7h2qtKrOPXR1Up9dUGb9r0mSFTnjGb +zO4WYpJILCfTf+hXHYxQ/Lm5R2ZNqMWSL/u+32b8Rm1DI65TUtb3njmmuV9OU9Gn +iOdzLVP6TM0Zf1mGvw4zKJM3BLbc/N0iu33IDqA//UW/y6TQ4uI8gh1FURBx5fwT +JlXVj2fxYUk5zVJs7P79XzH51JTgwlhqyQopAdyzQYyS15fFHQ7CYeMJn9guHkFC +DXuBfVvV6p3zEOo3N5YixU6Y/oeDxIpv9aOAnlFFBEkgP/FaXmLhKi5zaBQ3WBVK +WUNF+Q5h/t5ErtNVbAalngzowJxDK7qwS2lyd5rXBGttr/X+cqsAEQEAAYkCHwQY +AQoACQUCUgLvYAIbDAAKCRDOdS8Xglm9kmpeD/9Ed8iwq346rQQ0Q1bIM+ZvbkRO +1nAfZYFhgBsn3ez2i/fuVuKiqqwcU9ze9xJwSiBuCGRexSi4EfnL6cK0mLn/KuMj +RiMBMQhdyfALO1i5ms3urHWlRERf1X0gNf7AHzf/3Pnu718X5L9Ea2TAisDw2bHV +SeIdsLbSS6srGNZ0LY9UF4Lzdjj2WG5FO/rPlFpxkvLWrr+tLX0B7pN4HfYS5761 +rfeuCrFd1ma0AsF1IcsN9ZanhKQG0p2NKOnIPcZU44rdpQNfUHf/RTBgZaf7MI3N +k9NQkKL6Y3u7RWsqOfjEPpMDFMFajNUCeqPeb8CHieY8+Mc8S30VXtaAKWJorkPR +MT8jBpGCWAm4uAd1eKObhkXm1e9dw6IlDlcTCSlbWBypqB88NAvrg4du/yyMu4Mw +pvy4/CS81cG0yI0NjDLAIbe3Lxoycn7ci4Ce+69XU5sdUa9upoyqzkMgZt8VkBtK +nuNOb0hz/9EA42nix1i+nNM9tLJeSk6xuU5iBmILJECR9Ku12BFrn+IVdD5eElh/ +3E7gABPIVgtr+XfPKf4rkK2G0C8rap+SlSsV6yl4ERtjPuHKPfPNtPnEIOSb2Vjr +kca1ZiPiutsGnQFyjEks7cMYc09UMRa7G3wejSU4pR7HrrgvNk0egcO/zh/Sew59 +gdi0WntFEdmqB431m5kCDQRXoKIiARAAzBwbBui7mxdMbRUNKi7zQvEUo3iflJp+ +YcIDXaFr0PACA0r82Jg7XOqUOmnUu/1srsJlLJuVxHmOy3BG8fecbunzooS23EcL +2Fp/ntMuQr7pK8VmzxvlOenPASXf+RW7puOV/chRpsq6cCNTUSQ4zr0Zr+3j9m21 +3l8EbVw4c+YQlFrwpdS+RYkH9cvRoqUcFQAMlmWGOvSJtFynH0FX56m1/Ay1ASTf +Zu7sn7U1c5auwOmIkVRboQaulDahRxkuXrd7cNP1c6/ggyIgXlTtG2/fpXPOIJ08 +iA1U9nYU8t7T8Xp9WlQjkSoYatJjQyRTfm2bbJWrQ8c4jdNyPCqQhmuZdh/YRdy3 +yFAbPoZMG8C+FxEfgJ/Q5ZQLCx5cXdndpIsXKf2+cMnlxDziuUM4Nz16CIAqvo59 +Q666G0t7e+fQ8IdvPfU30HPxQHfF3kmuqWUoW5jQOb1kwOGpozT3BEY6ELVIa7Mc +A+dLf9nIPTPlZ3F0GvySR1iuQYU0aWh54hb1TE4ogH5IhRjrEtbiyQm25sqPUBCK +1KGW6NciqHNXKksTldEjYeYyUz2BCN+LpisEqAfpMRKAvHnz9rTYmfd4HAMiJKgw +++U9EjbG7nDUxjaJ2ti5BhbH2RJCcI8BQM8P+S0SSVezwaEc9Ibd+41FfUHjplgk +dhVFyopvyCUAEQEAAbQycGhwTXlBZG1pbiBTZWN1cml0eSBUZWFtIDxzZWN1cml0 +eUBwaHBteWFkbWluLm5ldD6JAjcEEwEIACEFAlegoiICGwMFCwkIBwMFFQoJCAsF +FgIDAQACHgECF4AACgkQ2mirOSGKuUcFww/+MdyJg7NhzSkW3mNQy9yrZKHc3vmJ +o4wdGgv7EMvDbSXv4dn1WMz++DoN32auA8ol/MrCzFXa8iThsbf+Bp24YqA9XdF5 +veHXnsETG5toBRxcAe2vHSTP6BW10j5CzsCzDzwnP7MD2jILESdwvL5iyQjb3sUq +dk3iHEQV3C8hUYGnaiL4cBtCCBf4dpNwN/OVFQXuEf5u8otdgGci2cSulK74m/Re +5NcL1F/+Qcksj7nOxAWoEIP3lGSclTE1cnS95pR5GpTk23+dPWxUk7mHBl62K0fu +QUTIGouZpg2nEL8VCxieE4HNw6ueSDCSlSNCOqQKGq+14OdRtnPwlrXmGL+3dSWs +w8qJA+AUVtnKOuQ+w8ohJ5KuPssb/W52e/mIQ3F5O5JJH3V0F8lAY7Go4cG2zpHh +Wjscu6RDNkMtpP3MCGpBpg9yZmtMJ7eKRtjusJh8KzSokJ+lyryX3ZOEFKMcofkj +/0Z6o8FHj5cnI/eVUcT03J3OheKFHj5l78ZO4S9NPBP6RGr1b0zSGZKrWt+gZ91u +k0s7VeNvZq1yMsmt21FG6TkVPj+LKSMX/nZ7zhWaZ76eJ2eYpSEnszW+7MTws9rN +hKxb3jeKm7VuJk5Ygd3OFM0jvN9V0Q0S3wlbr9wfXiEg8AIqVwKtCkJWhqLqIZoT +ExGeJbK27IfmEGO5Ag0EV6CiIgEQAN2LmzsfU3fpRdH/P4ZmSmmC5wzQWYPS/Dob +ZJPpE+HSiymyyOholcZzV5wDfbnXBggXlKd4Ecqy7NaNGDHMxUPRu3pK0pcNcZC2 +QoopamKX0GiGuIovTWUGrY1r06Gc8zWKuAzbxc+vSgDRiWbu+fHdPT+jhUQJ+7If +IpT6fcHr0rARKI5b2xaa0erqfV/B+Qw+/uydw2o1e+9gAthnzd7pBWzpaGnc829P +U9+u3nhep7TTwvIkZI0gBzlhPQrDdjfc/ukJCOQ8JnlFCGRHWM0tbnthJ3FDGucZ +VQVfar+L3ia/V/++NRYOfL+hNOB8Rkj4YvTR7VgXJa3PKea8qgyGkOPHbeMpJ55w +vCyexGdOqQyLNqwCtXVD41nGIyWAqTu1LBpQn33vxQ6eEcLQ/mJm8adCXaVrcwiD +e1O+bYWrebmPEWxLh6vCZ8Odpa79gZ2tjBh1W0xacsaiWH0YbnNjeBX06M8cwELm +8KJJlpRic4hw4zEnszGQSdYO1jQ0A1fat+q4zekqFqhA04w6+bu91jYgLFs6PK/W +tquKnL8EHsuNa5/43hAQzxr4TeMse3VFqBXShgQFxjyGVSbR0KTPJKBb+rN7z0jl +H0cKW6BqXtOMkHMeqqBJB8d94DdgSyj15TB8a+3oxYH7fyTw19iyNhWiuvk7/Gpo +nAqhr2qNABEBAAGJAh8EGAEIAAkFAlegoiICGwwACgkQ2mirOSGKuUceaRAAowuk +DF7Nlnasozrh6AYlRNhrT/KQ0u38iuzxdftw8ONXRTQ1RiIwzQAQcRoFvN5yq1ft +9EgK3rTbEV9KSiMH5e1HGs1RTRMdmPPSh0507hiMjAvApOpJhDO0ODodNLzye4bt +ZrIrHh+nw/wlWBYX/DDl5vo8BUWyDTyA17Bt4P0za9WQKCez6QK01upM+h7fQKzz +JJFvuWH+rGxDS83Bes+QRMhtKYWqTB7MGwPUPswCc2dzq97914pR2+8fJhfmHzB1 +6KadYM+oe1/XlO4RzSo2cpBHss5WL12/b6CGrIS5FcjosLGbco0YzQGoRn/FLU/M +dINWyVVjHx6SK2RnM/p9k5RULeK0bYZCw2kU/TCjrh7WMbGf1qXBzb77mHBpzb6r +Hprtwt0+ztKFVF8kDTqh9NOx3eCRUJ0xVgu3anYdm857q6H/nED33wO1MesU6FqL +8G/5Uo243jCgtOtzmiyucxHNG1S/qyjF/0iz+m3oBa3+aL5S8a5im7hV235S7Nng +c6qZp/l+Rm4qIR2IPYA5R8G5OvdDmgkdpkV764prh0kjIUMF5RGr1UXyVpIxBwI3 +MN3RZjWrI6uO/+GyenlH3z4xGRynBnVLqukUy0Y175jsQDO0XZQpJeN8eNeGggbC +eBSXxBqkCxwoDujCb11Pxrgn0sKI8zAmokL1oFc= +=PdQl +-----END PGP PUBLIC KEY BLOCK----- diff --git a/phpMyAdmin.spec b/phpMyAdmin.spec new file mode 100644 index 0000000..afdba4f --- /dev/null +++ b/phpMyAdmin.spec @@ -0,0 +1,276 @@ +# +# spec file for package phpMyAdmin +# +# Copyright (c) 2025 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define ap_docroot_old /srv/www/htdocs +%define ap_docroot %{_datadir} +%define ap_tmpdir %{_localstatedir}/cache/%{name} +%define pma_config %{_sysconfdir}/%{name}/config.inc.php +%if !0%{?suse_version} +%define apache_user nobody +%define apache_group nogroup +%endif +Name: phpMyAdmin +Version: 5.2.2 +Release: 0 +Summary: Administration of MySQL over the web +License: GPL-2.0-or-later +Group: Productivity/Networking/Web/Frontends +URL: https://www.phpMyAdmin.net/ +Source0: https://files.phpmyadmin.net/phpMyAdmin/%{version}/%{name}-%{version}-all-languages.tar.xz +Source1: https://files.phpmyadmin.net/phpMyAdmin/%{version}/%{name}-%{version}-all-languages.tar.xz.asc +# http://docs.phpmyadmin.net/en/latest/setup.html#verifying-phpmyadmin-releases +Source2: https://files.phpmyadmin.net/phpmyadmin.keyring#/%{name}.keyring +Source3: %{name}.http +Source4: %{name}.http.inc +Source100: %{name}-rpmlintrc +# Fix-SuSE: provide useful default config +Patch0: %{name}-config.patch +# Fix-SUSE: auto config for pma storage +Patch1: %{name}-pma.patch +BuildArch: noarch +BuildRequires: apache-rpm-macros +BuildRequires: fdupes +# +Requires: php-bz2 +Requires: php-ctype +Requires: php-gd +Requires: php-gettext +Requires: php-iconv +Requires: php-json +Requires: php-mbstring +Requires: php-mysql +Requires: php-openssl +Requires: php-session +Recommends: php-curl +Recommends: php-zip + +%description +phpMyAdmin can manage a whole MySQL server (needs a super-user) as well as a +single database. To accomplish the latter you'll need a properly set up MySQL +user who can read/write only the desired database. It's up to you to look up +the appropriate part in the MySQL manual. + +Currently phpMyAdmin can: + + * browse and drop databases, tables, views, fields and indexes + * create, copy, drop, rename and alter databases, tables, fields and indexes + * maintenance server, databases and tables, with proposals on server + configuration + * execute, edit and bookmark any SQL-statement, even batch-queries + * load text files into tables + * create^1 and read dumps of tables + * export^1 data to various formats: CSV, XML, PDF, ISO/IEC 26300 - + OpenDocument Text and Spreadsheet, Word, Excel and L^AT[E]X formats + * import data and MySQL structures from Microsoft Excel and OpenDocument + spreadsheets, as well as XML, CSV, and SQL files + * administer multiple servers + * manage MySQL users and privileges + * check referential integrity in MyISAM tables + * using Query-by-example (QBE), create complex queries automatically + connecting required tables + * create PDF graphics of your Database layout + * search globally in a database or a subset of it + * transform stored data into any format using a set of predefined functions, + like displaying BLOB-data as image or download-link + * track changes on databases, tables and views + * support InnoDB tables and foreign keys (see FAQ 3.6) + * support mysqli, the improved MySQL extension (see FAQ 1.17) + * communicate in 57 different languages + * synchronize two databases residing on the same as well as remote servers + (see FAQ 9.1) + +%package apache +Summary: Apache configuration for %{name} +Group: Productivity/Networking/Web/Utilities +BuildRequires: apache-rpm-macros-control +BuildRequires: apache2 +Requires: %{name} +Requires: apache2 +Requires(post): %{_sbindir}/a2enmod +Requires(post): %{_sbindir}/a2enflag +Requires(post): php +Requires(postun):%{_sbindir}/a2enflag +Requires: mod_php_any >= 7.4 +Supplements: packageand(apache2:%name) + +%description apache +This subpackage contains the Apache configuration files + +%lang_package + +%prep +%setup -q -n %{name}-%{version}-all-languages +## rpmlint: +# wrong-file-end-of-line-encoding +perl -p -i -e 's|\r\n|\n|' examples/config.manyhosts.inc.php +%patch -P 0 +%patch -P 1 + +# clean up +find . -name .github -type d -prune -exec rm -r {} \; +for file in *.orig .buildinfo .gitkeep .travis.yml .weblate .jshintrc .eslintrc.json \ +.php_cs.dist .scrutinizer.yml .editorconfig php_twig.h twig.c; do + find . -type f -name $file -delete +done + +# permissions +find . -type d -exec chmod 755 {} \; +find . ! -name '*.sh' ! -name '*-query' -type f -exec chmod 644 {} \; + +%build + +%install +#%%{__install} -d -m0750 $RPM_BUILD_ROOT%%{_sysconfdir}/%%{name} +install -d -m0755 %{buildroot}%{ap_docroot}/%{name} +cp -dR *.php *.ico *.txt js libraries locale themes templates vendor \ + %{buildroot}%{ap_docroot}/%{name} +# install config to config dir +install -D -m0640 %{buildroot}%{ap_docroot}/%{name}/config.sample.inc.php \ + %{buildroot}%{_sysconfdir}/%{name}/config.inc.php +# install TempDir (now in cache) +install -d -m0770 %{buildroot}%{ap_tmpdir} + +# fix libraries/vendor_config.php +sed -i -e "s,@docdir@,%{_docdir}/%{name},g" -e "s,@sysconfdir@,%{_sysconfdir}/%{name},g" -e "s,@tmpdir@,%{ap_tmpdir},g" \ + %{buildroot}%{ap_docroot}/%{name}/libraries/vendor_config.php +# fix libraries/common.inc.php +#%%{__sed} -i -e "s,@PMA_Config@,%%{_sysconfdir}/%%{name}/config.inc.php,g" \ +# $RPM_BUILD_ROOT%%{ap_docroot}/%%{name}/libraries/common.inc.php + +# generate file list +find %{buildroot}%{ap_docroot}/%{name} -mindepth 1 -maxdepth 1 -type d | sed -e "s@$RPM_BUILD_ROOT@@" > FILELIST +find %{buildroot}%{ap_docroot}/%{name} -maxdepth 1 -type f | grep -v 'config.inc.php' | sed -e "s@$RPM_BUILD_ROOT@@" >> FILELIST +install -D -m0644 %{SOURCE3} %{buildroot}%{apache_sysconfdir}/conf.d/%{name}.conf +install -D -m0644 %{SOURCE4} %{buildroot}%{apache_sysconfdir}/conf.d/%{name}.inc +# fix paths in http config +sed -i -e "s,@ap_docroot@,%{ap_docroot},g" -e "s,@name@,%{name},g" \ + -e "s,@docdir@,%{_docdir},g" -e "s,@ap_sysconfdir@,%{apache_sysconfdir},g" -e "s,@ap_tmpdir@,%{ap_tmpdir},g" %{buildroot}%{apache_sysconfdir}/conf.d/%{name}.conf + +# rpmlint stuff +%fdupes %{buildroot}%{ap_docroot}/%{name} + +# find language files +%find_lang %{name} --all-name + +%post +# generate blowfish secret only on install, not on upgrade +if [ $1 -eq 1 ]; then + sed -i -e "s|^\(\$cfg\['blowfish_secret'\] = '\)\(';\).*|\1$(head -c 32 /dev/urandom | base64)\2|" %{pma_config} +fi + +%preun +# only on uninstall, not on upgrade +if [ $1 -eq 0 ]; then + echo "info: empty %{ap_tmpdir}/* for clean uninstall" + rm -rf %{ap_tmpdir}/* || : +fi + +%postun +# only on upgrade, not on install +if [ $1 -ge 1 ]; then + echo "info: empty %{ap_tmpdir}/* for clean upgrade" + rm -rf %{ap_tmpdir}/* || : +fi + +%post apache +# only do on install, not on upgrade +if [ $1 -eq 1 ]; then + # enable required apache modules + a2enmod version >/dev/null || : + + # enable mod_php if preform MPM is used + if start_apache2 -V | grep -q prefork; then + mod_php=$(php -r "echo 'php' . PHP_MAJOR_VERSION;") + echo "info: adding ${mod_php} to APACHE_MODULES" + a2enmod ${mod_php} >/dev/null || : + fi + + # enable phpMyAdmin flag + echo "info: adding %{name} to APACHE_SERVER_FLAGS" + a2enflag %{name} >/dev/null || : +fi +# on upgrade, check if new cache directory is in config +if [ $1 -gt 1 ] && ! grep -q %{ap_tmpdir} %{apache_sysconfdir}/conf.d/%{name}.conf; then + # not found, create backup first + cp --backup=t --preserve %{apache_sysconfdir}/conf.d/%{name}.conf{,.bak} + + # add cache directory /var/cache/phpMyAdmin + echo "info: new cache directory added to %{apache_sysconfdir}/conf.d/%{name}.conf" + sed -i "s|\(php_admin_value open_basedir[^:]*\)|\1:%{ap_tmpdir}|" %{apache_sysconfdir}/conf.d/%{name}.conf + cat >> %{apache_sysconfdir}/conf.d/%{name}.conf << EOF + + + + + Order allow,deny + Deny from all + + + = 2.4> + + Require all denied + + + Order deny,allow + Deny from all + + + + +EOF + + # boo#1092345: change ap_docroot from /srv/www/htdocs to /usr/share + if grep -q %{ap_docroot_old} %{apache_sysconfdir}/conf.d/%{name}.conf; then + echo "info: changed %{ap_docroot_old} to %{ap_docroot} in %{apache_sysconfdir}/conf.d/%{name}.conf" + sed -i "s|%{ap_docroot_old}|%{ap_docroot}|g" %{apache_sysconfdir}/conf.d/%{name}.conf + fi +fi + +%postun apache +# only do on uninstall, not on upgrade +if [ $1 -eq 0 ]; then + # disable phpMyAdmin flag + echo "info: removing %{name} from APACHE_SERVER_FLAGS" + a2enflag -d %{name} >/dev/null || : +fi +%apache_request_restart + +%posttrans apache +# restart apache instances after zypper or rpm transaction, if not have restarted already +%apache_restart_if_needed + +%files -f FILELIST +%defattr(644,root,root,755) +%doc ChangeLog +%license LICENSE +%doc README RELEASE-DATE* +%doc examples doc sql +%dir %attr(0750,root,%{apache_group}) %{_sysconfdir}/%{name} +%dir %attr(0770,root,%{apache_group}) %{ap_tmpdir} +%config(noreplace) %{_sysconfdir}/%{name}/config.inc.php +%dir %{ap_docroot}/%{name} +%exclude %{ap_docroot}/%{name}/locale/*/LC_MESSAGES/phpmyadmin.mo +%exclude %{ap_docroot}/%{name}/vendor/phpmyadmin/sql-parser/locale/*/LC_MESSAGES/sqlparser.mo + +%files apache +%config(noreplace) %{apache_sysconfdir}/conf.d/%{name}.conf +%config(noreplace) %{apache_sysconfdir}/conf.d/%{name}.inc + +%files lang -f %{name}.lang + +%changelog