From c828aae0c40cd5d0dd231e098b822737ea2b2e4cc1c1e744a20522c4137a0a0d Mon Sep 17 00:00:00 2001 From: Christian Wittmer Date: Tue, 6 Dec 2016 15:33:21 +0000 Subject: [PATCH] Accepting request 444324 from home:computersalat:devel:php update to 4.6.5.2 OBS-URL: https://build.opensuse.org/request/show/444324 OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=272 --- phpMyAdmin-4.6.5.1-all-languages.tar.xz | 3 - phpMyAdmin-4.6.5.1-all-languages.tar.xz.asc | 17 --- phpMyAdmin-4.6.5.2-all-languages.tar.xz | 3 + phpMyAdmin-4.6.5.2-all-languages.tar.xz.asc | 17 +++ phpMyAdmin.changes | 113 +++++++++++++------- phpMyAdmin.http | 5 +- phpMyAdmin.spec | 2 +- 7 files changed, 97 insertions(+), 63 deletions(-) delete mode 100644 phpMyAdmin-4.6.5.1-all-languages.tar.xz delete mode 100644 phpMyAdmin-4.6.5.1-all-languages.tar.xz.asc create mode 100644 phpMyAdmin-4.6.5.2-all-languages.tar.xz create mode 100644 phpMyAdmin-4.6.5.2-all-languages.tar.xz.asc diff --git a/phpMyAdmin-4.6.5.1-all-languages.tar.xz b/phpMyAdmin-4.6.5.1-all-languages.tar.xz deleted file mode 100644 index 66449e3..0000000 --- a/phpMyAdmin-4.6.5.1-all-languages.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e163b08b6d1137fd7c48ea97e8e53be415b1937f5e5f7e070936a60c3b9a3df0 -size 6162164 diff --git a/phpMyAdmin-4.6.5.1-all-languages.tar.xz.asc b/phpMyAdmin-4.6.5.1-all-languages.tar.xz.asc deleted file mode 100644 index c8f163a..0000000 --- a/phpMyAdmin-4.6.5.1-all-languages.tar.xz.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iQIcBAABAgAGBQJYORL3AAoJEM51LxeCWb2S1rcP/2W4WneBz0wkp2WwKgx53gnP -qUwKdq57b2gAa04RSDXFrRpx4cpCCPMzob0SMNhWXJU20Dp52+9tOh1DdCsFExsi -CGA8X99anFsBfDM0NFQTSSBqwdvEFx+rfcXr535KeKwzgdzJe252pLi/HTz5RcWp -pgDh5zScU2+PuwKFFQ5bE1fWs1mbCroJNjDmMWH7M1bbglWrP48esObV6MgtvnSJ -cgL60mJrN4trAgf2cmbr46G+juhkhG+rBz5u4YhWlLHd6W++pYkTd27KU0FAPWES -8XGjN+5E7ne/QDfaamPasCGB7NuQ2phj/XtrZrmZxgMXCL3oYE68ADPBF/7a1sRv -J3K9SsazhQ3d3h6LCpZkz9p4z6pChBntbPgufVm5DqCW37kq/wYVq0AwzsxHGQid -tkLeF5WJ2IHDrOqhz3v1FSL5UJBfFJQ7Trc4LKE2KNaA3i7biA5MlGY2Y3zZBc0K -pD4ILoE2anii1OfAykYcjJoHWP4J5t3BjpC7V08FKQLHPwMxLGGIpQEddsHEQvpq -hwvt2Q3Rhk2Z4PGV+HpIg5Cr9pueILNO8ZDUzVPQn+P3XGXCrociDLBvHvtinYdm -/ZmLasEMKx2jMa+ZHRXFsdXHsmzZjtZjsAxEQPIkBe1Z8eQ5NwlAgxfmPKIO0CIw -YgMn+FDtJScXLxy4tfzh -=j8lF ------END PGP SIGNATURE----- diff --git a/phpMyAdmin-4.6.5.2-all-languages.tar.xz b/phpMyAdmin-4.6.5.2-all-languages.tar.xz new file mode 100644 index 0000000..4a405ea --- /dev/null +++ b/phpMyAdmin-4.6.5.2-all-languages.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8cb549c0cd04ecaa3b2a8d9315e7c88528603fa6fe91057b13173f6afba80894 +size 6136880 diff --git a/phpMyAdmin-4.6.5.2-all-languages.tar.xz.asc b/phpMyAdmin-4.6.5.2-all-languages.tar.xz.asc new file mode 100644 index 0000000..9c71cb5 --- /dev/null +++ b/phpMyAdmin-4.6.5.2-all-languages.tar.xz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQIcBAABAgAGBQJYRe46AAoJEM51LxeCWb2SnE0P/A3JOx05rxBghNn6KV+xDJJa +1/RP3pvzpJSLnZTOeb5fxYkSmAkt3hfH9mU1M+gapvgcO4Fl8PL4IH2vZpQtKPUG +b6rnI0ataUzElyRhpSkKJNk2UafNNJHe6jdiHkX/A+IBJRaNSvq84DFAb0gYXV2W +G1fQ3il9a+uu5s15W+wUPKqIr5BbFo/J2Fl6Lrid6BW0lOI2Pya+enZcLEx5kow0 +EM66hRX4/nbQTQO1ldVlxSTLBjgNpvqtdDNK5OpW04e5sAGVUCfvacoqi+bna1dA +UQkEfrbuIDwlaQAD3fWmED4jUVpw+fDhLpGhTJ23ZPk3ICENshBLYl+44w/vrBR0 +o1dcQnsomMWOlBfANndoUfZOGiEdy33ThNV70J0BBhwOFTfi5H/a0ZucHtJrSUHe +zE6AtkK//FvNqB5ilk+O5F94hRy44aJXRpFaHkfu0vyg4GrnZHZFqODW7IzbIfxg +GRNyOsQaxdJB3RjolxlBzudE8DUC7HvT6ULBH5W+AMCJdvke0uWtk03Te2m823Df +sSvuLk13H8sB+1S5l/BWxTUK3aOQ5AYo1bxjAYFUQRs5JO+g0kUNWJK68fwKYSFM +EgqP+sSlA62BRqQ9tt46BVILLBbvLdzgSJaCXFQIeDkrW20qFcHMsC66qWyyrign +YercIbpv7UwKR5yz1r6m +=mXi6 +-----END PGP SIGNATURE----- diff --git a/phpMyAdmin.changes b/phpMyAdmin.changes index 8882b1f..74e85e8 100644 --- a/phpMyAdmin.changes +++ b/phpMyAdmin.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Tue Dec 6 15:25:29 UTC 2016 - chris@computersalat.de + +- update to 4.6.5.2 (2016-12-05) + * gh#12765 Fixed SQL export with newlines +- update changes (update to 4.6.5 (2016-11-25)) + * add missing (Not yet available) CVE's +- fix phpMyAdmin.http + ------------------------------------------------------------------- Sat Nov 26 15:32:19 UTC 2016 - ecsos@opensuse.org @@ -21,22 +30,29 @@ Sat Nov 26 15:32:19 UTC 2016 - ecsos@opensuse.org * gh#12459 Display read only fields as read only when editing * gh#12384 Fix expanding of navigation pane when clicking on database * gh#12430 Impove partitioning support - * gh#12374 Reintroduced simplified PmaAbsoluteUri configuration directive + * gh#12374 Reintroduced simplified PmaAbsoluteUri configuration + directive * Always use UTC time in HTTP headers * gh#12479 Simplified validation of external links * gh#12483 Fix browsing tables with built in transformations - * gh#12485 Do not show warning about short blowfish_secret if none is set + * gh#12485 Do not show warning about short blowfish_secret if none + is set * gh#12251 Fixed random logouts due to wrong cookie path * gh#12480 Fixed editing of ENUM/SET/DECIMAL fields structure - * gh#12497 Missing escaping of configuration used in SQL (hide_db and only_db) + * gh#12497 Missing escaping of configuration used in SQL + (hide_db and only_db) * gh#12476 Add error checking in reading advisory rules file - * gh#12477 Add checking missing elements and confirming element types from json_decode - * gh#12251 Automatically save SQL query in browser local storage rather than in cookie + * gh#12477 Add checking missing elements and confirming element + types from json_decode + * gh#12251 Automatically save SQL query in browser local storage + rather than in cookie * gh#12292 Unable to edit transformations * gh#12502 Remove unused paramenter when connecting to MySQLi - * gh#12303 Fix number formatting with different settings of precision in PHP + * gh#12303 Fix number formatting with different settings of + precision in PHP * gh#12405 Use single quotes in PHP code - * gh#12534 Option for the dropped column is not removed from 'after_field' select, after the column is dropped + * gh#12534 Option for the dropped column is not removed from + 'after_field' select, after the column is dropped * gh#12531 Properly detect DROP DATABASE queries * gh#12470 Fix possible race condition in setting URL hash * gh#11924 Remove caching of server information @@ -48,26 +64,34 @@ Sat Nov 26 15:32:19 UTC 2016 - ecsos@opensuse.org * gh#12518 Fixed copy of table with generated columns * gh#12221 Fixed export of table with generated columns * gh#12320 Copying a user does not copy usergroup - * gh#12272 Adding a new row with default enum goes to no selection when you want to add more then 2 rows - * gh#12487 Drag and drop import prevents file dropping to blob column file selector on the insert tab - * gh#12554 Absence of scrolling makes it impossible to read longer text values in grid editing - * gh#12530 "Edit routine" crashes when the current user is not the definer, even if privileges are adequate + * gh#12272 Adding a new row with default enum goes to no selection + when you want to add more then 2 rows + * gh#12487 Drag and drop import prevents file dropping to blob + column file selector on the insert tab + * gh#12554 Absence of scrolling makes it impossible to read longer + text values in grid editing + * gh#12530 "Edit routine" crashes when the current user is not the + definer, even if privileges are adequate * gh#12300 Export selective tables by-default dumps Events also * gh#12298 Fixed export of view definitions - * gh#12242 Edit routine detail dialog does not fill "Return length" field in mysql functions + * gh#12242 Edit routine detail dialog does not fill "Return length" + field in mysql functions * gh#12575 New index Confirm adds whitespace around the field name * gh#12382 Bug in zoom search * gh#12321 Assign LIMIT clause only to syntactically correct queries - * gh#12461 Can't Execute SQL With Sub-Query Due To "LIMIT 0,25" Inserted At Wrong Place + * gh#12461 Can't Execute SQL With Sub-Query Due To "LIMIT 0,25" + Inserted At Wrong Place * gh#12511 Clarify documentation on ArbitraryServerRegexp * gh#12508 Remove duplicate code in SQL escaping * gh#12475 Cleanup code for getting table information - * gh#12579 phpMyAdmin's export of a Select statment without a FROM clause generates Wrong SQL + * gh#12579 phpMyAdmin's export of a Select statment without a FROM + clause generates Wrong SQL * gh#12316 Correct export of complex SELECT statements * gh#12080 Fixed parsing of subselect queries * gh#11740 Fixed handling DELETE ... USING queries * gh#12100 Fixed handling of CASE operator - * gh#12455 Query history stores separate entry for every letter typed + * gh#12455 Query history stores separate entry for every letter + typed * gh#12327 Create PHP code no longer works * gh#12179 Fixed bookmarking of query with multiple statements * gh#12419 Wrong description on GRANT OPTION @@ -77,8 +101,10 @@ Sat Nov 26 15:32:19 UTC 2016 - ecsos@opensuse.org * gh#12619 Unable to export csv when using union select * gh#12625 Broken Edit links in query results of JOIN query * gh#12634 Drop DB error in import if DB doesn't exist - * gh#12338 Designer reverts to first saved ER after EACH relation create or delete - * gh#12639 'Show trace' in Console generates JS error for functions in query's trace called without any arguments + * gh#12338 Designer reverts to first saved ER after EACH relation + create or delete + * gh#12639 'Show trace' in Console generates JS error for functions + in query's trace called without any arguments * gh#12366 Fix user creation with certain MariaDB setups * gh#12616 Refuse to work with mbstring.func_overload enabled * gh#12472 Properly report connection without password in setup @@ -90,54 +116,65 @@ Sat Nov 26 15:32:19 UTC 2016 - ecsos@opensuse.org * gh#12637 Fixed editing some timestamp values * gh#12622 Fixed javascript error in designer * gh#12334 Missing page indicator or VIEWs - * gh#12610 Export of tables with Timestamp/Datetime/Time columns defined with ON UPDATE clause with precision fails + * gh#12610 Export of tables with Timestamp/Datetime/Time columns + defined with ON UPDATE clause with precision fails * gh#12661 Error inserting into pma__history after timeout * gh#12195 Row_format = fixed not visible - * gh#12665 Cannot add a foreign key - non-indexed fields not listed in InnoDB tables + * gh#12665 Cannot add a foreign key - non-indexed fields not listed + in InnoDB tables * gh#12674 Allow for proper MySQL-allowed strings as identifiers * gh#12651 Allow for partial dates on table insert page * gh#12681 Fixed designer with tables using special chars - * gh#12652 Fixed visual query builder for foreign keys with more fields + * gh#12652 Fixed visual query builder for foreign keys with more + fields * gh#12257 Improved search page performance * gh#12322 Avoid selecting default function for foreign keys * gh#12453 Fixed escaping of SQL parts in some corner cases * gh#12542 Missing table name in account privileges editor - * gh#12691 Remove ksort call on empty array in PMA_getPlugins function + * gh#12691 Remove ksort call on empty array in PMA_getPlugins + function * gh#12443 Check parameter type before processing * gh#12299 Avoid generating too long URLs in search * gh#12361 Fix self SQL injection in table-specific privileges - * gh#12698 Add link to release notes and download on new version notification - * gh#12712 Error when trying to setup replication (fatal error in call to an old PMA_DBI_connect function) + * gh#12698 Add link to release notes and download on new version + notification + * gh#12712 Error when trying to setup replication (fatal error in + call to an old PMA_DBI_connect function) - fix for boo#1012271 https://www.phpmyadmin.net/security/ * Unsafe generation of $cfg['blowfish_secret'] - see PMASA-2016-58 (CVE ids: Not yet assigned , CWE-661) + see PMASA-2016-58 (CVE ids: CVE-2016-9847, CWE-661) * phpMyAdmin's phpinfo functionality is removed - see PMASA-2016-59 (CVE ids: Not yet assigned , CWE-661) - * AllowRoot and allow/deny rule bypass with specially-crafted username - see PMASA-2016-60 (CVE ids: Not yet assigned , CWE-661) + see PMASA-2016-59 (CVE ids: CVE-2016-9848, CWE-661) + * AllowRoot and allow/deny rule bypass with specially-crafted + username + see PMASA-2016-60 (CVE ids: CVE-2016-9849, CWE-661) * Username matching weaknesses with allow/deny rules - see PMASA-2016-61 (CVE ids: Not yet assigned , CWE-661) + see PMASA-2016-61 (CVE ids: CVE-2016-9850, CWE-661) * Possible to bypass logout timeout - see PMASA-2016-62 (CVE ids: Not yet assigned , CWE-661) + see PMASA-2016-62 (CVE ids: CVE-2016-9851, CWE-661) * Full path disclosure (FPD) weaknesses - see PMASA-2016-63 (CVE ids: Not yet assigned , CWE-661) + see PMASA-2016-63 (CVE ids: CVE-2016-9852, CVE-2016-9853, + CVE-2016-9854, CVE-2016-9855, CWE-661) * Multiple XSS weaknesses - see PMASA-2016-64 (CVE ids: Not yet assigned , CWE-661, CWE-352) + see PMASA-2016-64 (CVE ids: CVE-2016-9856, CVE-2016-9857, + CWE-661, CWE-352) * Multiple denial-of-service (DOS) vulnerabilities - see PMASA-2016-65 (CVE ids: Not yet assigned , CWE-661, CW-400) + see PMASA-2016-65 (CVE ids: CVE-2016-9858, CVE-2016-9859, + CVE-2016-9860, CWE-661, CW-400) * Possible to bypass white-list protection for URL redirection - see PMASA-2016-66 (CVE ids: Not yet assigned , CWE-661, CWE-20, CWE-601) + see PMASA-2016-66 (CVE ids: CVE-2016-9861, CWE-661, CWE-20, + CWE-601) * BBCode injection to login page - see PMASA-2016-67 (CVE ids: Not yet assigned , CWE-661) + see PMASA-2016-67 (CVE ids: CVE-2016-9862, CWE-661) * Denial-of-service (DOS) vulnerability in table partitioning - see PMASA-2016-68 (CVE ids: Not yet assigned , CWE-661, CWE-400) + see PMASA-2016-68 (CVE ids: CVE-2016-9863, CWE-661, CWE-400) * Multiple SQL injection vulnerabilities - see PMASA-2016-69 (CVE ids: Not yet assigned , CWE-661, CWE-89) + see PMASA-2016-69 (CVE ids: CVE-2016-9864, CWE-661, CWE-89) * Incorrect serialized string parsing - see PMASA-2016-70 (CVE ids: Not yet assigned , CWE-661) + see PMASA-2016-70 (CVE ids: CVE-2016-9865, CWE-661) * CSRF token not stripped from the URL - see PMASA-2016-71 (CVE ids: Not yet assigned , CWE-661) + see PMASA-2016-71 (CVE ids: CVE-2016-9866, CWE-661) ------------------------------------------------------------------- Sun Nov 6 16:27:00 UTC 2016 - chris@computersalat.de diff --git a/phpMyAdmin.http b/phpMyAdmin.http index 6631649..2bba0e7 100644 --- a/phpMyAdmin.http +++ b/phpMyAdmin.http @@ -26,7 +26,7 @@ php_admin_flag allow_url_fopen off php_admin_flag zend.ze1_compatibility_mode off php_admin_flag safe_mode Off - php_admin_value open_basedir "@ap_docroot@/@name@:/var/lib/php5:/tmp:@docdir@/@name@:/etc/@name@:/proc/meminfo:/proc/stat" + php_admin_value open_basedir "@ap_docroot@/@name@:/var/lib/php7:/tmp:@docdir@/@name@:/etc/@name@:/proc/meminfo:/proc/stat" # customize suhosin php_admin_value suhosin.post.max_array_index_length 256 php_admin_value suhosin.post.max_totalname_length 8192 @@ -45,16 +45,13 @@ = 2.4> - Require all denied - Order deny,allow Deny from all - diff --git a/phpMyAdmin.spec b/phpMyAdmin.spec index c9e56a1..a3685e1 100644 --- a/phpMyAdmin.spec +++ b/phpMyAdmin.spec @@ -29,7 +29,7 @@ %define ap_grp nogroup %endif Name: phpMyAdmin -Version: 4.6.5.1 +Version: 4.6.5.2 Release: 0 Summary: Administration of MySQL over the web License: GPL-2.0+