------------------------------------------------------------------- Sat Aug 27 17:17:27 UTC 2011 - chris@computersalat.de - update to 3.4.4 - bug #3323060 [parser] SQL parser breaks AJAX requests if query has unclosed quotes - bug #3323101 [parser] Invalid escape sequence in SQL parser - bug #3348995 [config] $cfg['Export']['asfile'] set to false does not select as Text option - bug #3340151 [export] Working SQL query exports error page - bug #3353649 [interface] "Create an index on X columns" form not validated - bug #3350790 [interface] JS error in Table->Structure->Index->Edit - bug #3353811 [interface] Info message has "error" class - bug #3357837 [interface] TABbing through a NULL field in the inline mode resets NULL - remove version number in /setup - bug #3367993 [usability] Missing "Generate Password" button - bug #3363221 [display] Missing Server Parameter on inline sql query - bug #3367986 [navi] Drop field -> lost active table - remove misleading comment on the "Rename database" interface - bug #3374374 [interface] Fix footnote for inexact count while browsing - bug #3372807 [interface] Fix security warning link in setup - bug #3374347 [display] Backquotes in normal text on import page - bug #3358750 [core] With Suhosin, urls are too long in edit links - [security] Missing sanitization on the table, column and index names leads to XSS vulnerabilities, see PMASA-2011-13 ------------------------------------------------------------------- Fri Jul 29 14:57:01 UTC 2011 - chris@computersalat.de - update to 3.4.3.2 o PMASA-2011-9 to PMASA-2011-12 http://www.phpmyadmin.net/home_page/security/ ------------------------------------------------------------------- Mon Jul 4 13:27:10 UTC 2011 - chris@computersalat.de - update to 3.4.3.1 - [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-5 - [security] Fixed possible code injection incase session variables are compromised, see PMASA-2011-6 - [security] Fixed regexp quoting issue in Synchronize code, see PMASA-2011-7 - [security] Fixed filtering of a file path, which allowed for directory traversal, see PMASA-2011-8 - 3.4.3.0 (2011-06-27) - bug #3311170 [sync] Missing helper icons in Synchronize - patch #3304473 [setup] Redefine a lable that was wrong - bug #3304544 [parser] master is not a reserved word - bug #3307616 [edit] Inline edit updates multiple duplicate rows - patch #3311539 [edit] Inline edit does not escape backslashes - bug #3313210 [interface] Columns class sometimes changed for nothing - patch #3313326 [interface] Some tooltips do not disappear - bug #3315720 [search] Fix search in non unicode tables - bug #3315741 [display] Inline query edit broken - patch #3317206 [privileges] Generate password option missing on new accounts - bug #3317293 [edit] Inline edit places HTML line breaks in edit area - bug #3319466 [interface] Inline query edit does not escape special characters - minor XSS (require a valid token) - add restart_on_update apache to post ------------------------------------------------------------------- Wed Jun 22 09:01:52 UTC 2011 - chris@computersalat.de - fix changelog o update to 3.4.2.0 -> update to 3.4.2 - fix bnc#697748 (suhosin customization) o moved from spec's %post to http_conf file ------------------------------------------------------------------- Thu Jun 09 14:41:00 UTC 2011 - jweberhofer@weberhofer.at - update to 3.4.2 - bug #3301249 [interface] Iconic table operations does not remove inline edit label - bug #3303869 [interface] Unnecessary scrolling on Databases page - patch #3303813 [setup] Define a label that was missing - bug #3305606 [interface] Show all button wraps on privileges page - bug #3305517 [config] Config for export compression not used - bug #3305883 [interface] Table is dropped regardless of confirmation - [auth] Fixed error handling for signon auth method. - bug #3276001 [core] Avoid caching of index.php. - bug #3306958 [interface] Unnecessary Details slider - bug #3308476 [interface] "Show all" not persistent after a sort - bug #3308072 [auth] Version disclosure to anonymous visitors - bug #3306981 [interface] pmahomme and table statistics ------------------------------------------------------------------- Tue May 24 16:06:05 UTC 2011 - chris@computersalat.de - update to 3.4.1 - bug sf#3301108 [interface] Synchronize and already configured host - bug sf#3302457 Inline edit and $cfg['PropertiesIconic'] - Patch #3302313 Show a translated label - bug sf#3300981 [navi] Table filter is case sensitive - bug sf#3285929 [privileges] Revert temporary fix - bug sf#3302872 [synchronize] Synchronize and user name - bug sf#3302733 [core] Some browsers report an insecure https connection - [security] Make redirector require valid token - rework config patch - removed 3.3.8, added 3.4.1 config patch - added conftrib to doc - mod post section o modify suhosin.ini ------------------------------------------------------------------- Sat Mar 19 19:17:57 UTC 2011 - chris@computersalat.de - update to 3.3.10 - patch sf#3147400 [structure] Aria table size printed as unknown, thanks to erickoh75 - erickoh75 - patch sf#3150164 [structure] Ordering by size gives incorrect results, thanks to Madhura Jayaratne - madhuracj - bug sf#3153409 [core] 0 row(s) affected - bug sf#3155842 [core] Edit relational page and page number - [security] Minor security fixes, see PMASA-2010-9 and PMASA-2010-10 - [lang] German update, thanks to jannicars@users.sourceforge.net. ------------------------------------------------------------------- Wed Feb 23 12:10:46 UTC 2011 - chris@computersalat.de - update to 3.3.9.2 - [security] SQL injection, see PMASA-2011-2 - 3.3.9.1 (2011-02-08) - [security] Path disclosure, see PMASA-2011-1 - add macros for ap_usr, ap_grp - fix perm on sysconfdir o 0750,root,www ------------------------------------------------------------------- Thu Jan 27 20:14:40 UTC 2011 - chris@computersalat.de - update to 3.3.9 - bug [doc] Fix references to MySQL doc - patch #3101490 Default function for TIMESTAMP, thanks to jirand - jirand - bug #3103853 [js] Double quotes were not escaped in generated js - bug #3077463 [core] Events were not copied when copying/renaming database - bug #1762306 [core] Copy database with view of a view - patch #3117535 [replication] Add quotes to database in initial statement, thanks to Craig Duncan - duncan3dc - bug #3112614 [pdf schema] Scratchboard for PDF pages not working - bug #3125606 [parser] Query for table "level" causes strange display - bug #3127904 [parser] Close all opened round brackets indents - removed Authors from spec ------------------------------------------------------------------- Fri Dec 3 23:04:41 UTC 2010 - chris@computersalat.de - update to 3.3.8.1 - bug #3115519 (private) [security] XSS on db search, see PMASA-2010-8 - rework config patch o add AllowNoPassword ------------------------------------------------------------------- Wed Oct 27 10:23:50 UTC 2010 - javier@opensuse.org - update to 3.3.8 - bug #3059311 [import] BIGINT field type added to table analysis - [core] Update library PHPExcel to version 1.7.4 - bug #3062455 [core] copy procedures and routines before tables - bug #3062455 [export] with SQL, export procedures and routines before tables - bug #3056023 [import] USE query not working - bug #3038193 [display] Error when editing row with GEOMETRY column - bug #3062454 [interface] Display routines/events also when no tables are defin ed - support ARIA storage engine as well as its previous name MARIA ------------------------------------------------------------------- Wed Sep 22 14:03:14 CEST 2010 - mcihar@suse.cz - update to 3.3.7 ------------------------------------------------------------------- Wed Jul 7 14:48:50 UTC 2010 - chris@computersalat.de - update to version 3.3.4 - bug #2996161 [import] properly escape import value - bug #2998889 [import] Import button does not work in Catalan - [browse] Fix handling of sort order if only column is specified. + [lang] Greek update, thanks to Panagiotis Papazoglou - panos78 + [lang] Updated lot of translation based on work done in master branch. - bug #3008411 [databases] Last dropped database remains active in navi - bug #2986383 [parser] Not all data being shown / counted - bug [synchronize] Rows were deleted in target table regardless of the "Would you like to delete..." option - bug [privileges] List of tables not shown when the db name has a wildcard - bug #3011126 [display] Edit link missing after long query - patch #3013264 [doc] FAQ 1.40 uses a comma instead of a period, thanks to Isaac Bennetch - ibennetch - [engines] Fix getting InnoDB status. - bug #2986422 [import] Results for query are not displayed ------------------------------------------------------------------- Fri May 21 16:59:50 UTC 2010 - chris@computersalat.de - update to version 3.3.3 - patch #2982480 [navi] Do not group if there would be one table in group - patch #2983492 [sync] When asking to synchronize Structure and Data, only Structure is done - patch #2984893 [engines] InnoDB storage page emits a warning - bug #2974687, bug #2974692 [compatibility] PHPExcel : IBM AIX iconv() does not work - bug #2983066 [interface] Flush table on table operations shows the query twice - bug #2983060, patch #2987900 [interface] Fix initial state of tables in designer - bug #2983062, patch #2989408 [engines] Fix warnings when changing table engine to Maria - bug #2974067 [display] non-binary fields shown as hex - bug #2983065 [operations] Error when changing from Maria to MyISAM engine - bug #2975408 [tracking] Data too long for column data_sql - bug [tracking] Tracking report should obey MaxCharactersInDisplayedSQL - bug [edit] Avoid selecting UNHEX function by default for a BLOB column for which editing is protected - bug #2994168 [structure] Show auto_increment in uppercase - bug #2993970 [pdf schema] Page numbering in Table of Contents - 3.3.2.0 (2010-04-13) - patch #2969449 [core] Name for MERGE engine varies depending on the MySQL version, thanks to Dieter Adriaenssens - ruleant - bug #2966078 [browse] Incorrect LIMIT is saved and sticks while browsing - bug #2967366 [Structure] Some results of Propose table structure are shown in hex - bug #2967565 [insert] UNHEX not selected by default when inserting BINARY - [navi] Changed link to git repository on main page - bug #2972232 [menu] Import menu tab not present on main page - patch #2976790 [menu] Go to the upper level after table DROP, thanks to Kaarel Nummert - kaarelnu - patch #2978815 [pdf] Fix generating PDF with table dimensions, thanks to BlinK_ - patch #2977725 [export] XML wrongly encoded, thanks to Victor Volkov - hanut - patch #2979234 [import] Create tables with current charset and collation. - patch #2979234, bug #2960105 [import] Properly import unicode text from ODS. - bug #2973280 [export] Proper handling of temporary directory in XLS export. - bug #2980582 [interface] Properly format server status parameter. - bug #2973949 [session] SQL History broken (revert patch #2899969), thanks to Dieter Adriaenssens - ruleant - [doc] Be more specific about problems with Suhosin. ------------------------------------------------------------------- Fri Mar 26 00:41:30 UTC 2010 - chris@computersalat.de - update to version 3.3.1 - bug #2941037 [core] Database structure not sorted by table correctly - bug #2948492 [interface] Slide effect masks some fields on search page - bug #2959746 [interface] Unknown table status: TABLE_TYPE - bug #2953050 [export] export VIEW as SQL includes INSERT statement - bug #2942032 [core] Cannot detect PmaAbsoluteUri correctly on Windows - bug #2961609 [auth] Potential information disclosure at login page - patch #2961540 [export] Do not export data of MERGE table, thanks to Dieter Adriaenssens - ruleant - bug #2961198 [parser] Querying a table named "data" - bug #2931429 [structure] Editing long triggers - bug #2970769 [structure] Incorrect reference to mootools-more.js - cleanup spec - fixed HEADER - sort TAGS - some macros (ap_...) - updated description - added postun o restart_on_update apache2 - some rpmlint stuff - fdupes - reworked patches - removed blowfish_secret - removed mysqli.patch - added config patch o mods to vendor_config - replaced Source1 phpmyadmin.conf > phpMyAdmin.http - config.inc.php to /etc/phpMyAdmin ------------------------------------------------------------------- Wed Mar 10 21:41:47 UTC 2010 - javier@opensuse.org - Updated to 3.3.0 + rfe #2308632 [edit] Use hex for (var)binary fields + patch #2794819 [navi] Filter for displayed table names - bug #2794840 [core] Cannot redeclare pma_tableheader() - rfe #2726479 [core] configurable maximal length of URL + patch #2724755 [display] Full/partial text links (big T) are back - bug [display] handle NavigationBarIconic as documented for navi buttons + rfe #2726479 [export] Export tables preselect + patch #2805828 [export] PHP array export plugin + patch #2798592 [import] Progress bar - bug [gui] Generate Password not working for 'Change Login Information', only for 'Change password' + [lang] Arabic update + rfe #2822190 [structure] BOOLEAN is standard SQL + [lang] German update + rfe #2813867 [structure] Default sorting order in list of tables + [import] Added MySQL type-detection functionality to import library + [import] Added ODS, Excel XLS, Excel XLSX, and XML import modules + [export] Added Excel XLSX export module + [core] Added ability for tracking changes made through phpMyAdmin + rfe #2839504 [engines] Support InnoDB plugin's new row formats + [core] Added ability for synchronizing databases among servers. + [lang] #2843101 Dutch update + [lang] Galician update + [export] Added MediaWiki export module + [lang] Turkish update + [auth] Add custom port configuration in signon - [core] Removed context from the error handler - bug #2883633 [export] Export of InnoDB table is incomplete + rfe #2862575 [status] Order query statistics by % desc, skip rows with 0 + rfe #2823686 [interface] Increase default height of query window + rfe #2129902 [structure] Don't hide indexes + patch #2812070 [interface] Allow selecting a range of rows by holding shift + [lang] Russian update, thanks to Victor Volkov + [lang] Greek update, thanks to Panagiotis Papazoglou + [lang] Norwegian update, thanks to Sven-Erik Andersen - bug #2929958 [import] Cannot import (French interface) - [security] Use X-Frame-Options header to protect against ClickJacking. + [lang] Finnish update, thanks to Jouni Kahkonen + [lang] Lithuanian update, thanks to Rytis Slatkevicius - rytis_s - bug #2931939 [status] Seeing "m" as unit is confusing - bug #2926613 [edit] Copy database shows errors when DB has foreign key + [lang] Catalan update, thanks to Xavier Navarro ------------------------------------------------------------------- Wed Jan 20 17:18:45 UTC 2010 - javier@opensuse.org - Updated to 3.2.5 - patch #2903400 [bookmarks] Status of bookmark table, thanks to Virsacer - virsacer - bug [history] QueryHistoryDB is not respected - bug #2905629 [auth] Blowfish secret is not hashed - bug #2910000 [gui] ShowServerInfo should hide all server info from main page - bug #2910568 [structure] Table size for ARCHIVE tables is not displayed - patch #2899969 [core] Session lock blocks working from a second window, thanks to Greg Roach - fisharebest - patch #2915168 [import] Incorrect parsing of DELIMITER keyword, thanks to Greg Roach - fisharebest - patch #2918831 [export] Missing backquotes on reserved words, thanks to Virsacer - virsacer - [core] Fix broken cleanup of $_GET - bug #2924357 [operations] Cannot rename a database that has foreign key constraints - bug #869006 [structure] Ignore number of records for MRG_MyISAM tables - bug [browse] "Show BLOB contents" should display HTML code that is present in a BLOB, thanks to Vincent van der Tuin - [privileges] Improve escaping of hostname ------------------------------------------------------------------- Tue Nov 10 01:45:00 UTC 2009 - javier@opensuse.org - patch #2856664 [export] Date, time, and datetime column types now export correctly to OpenOffice Spreadsheet - patch #2859788 [parser] Double-character delimiters (bug #2846239) - bug #2832600 [export] Slow export when having lots of databases - bug #2537766 [import] Comments are stripped when editing store procedures - bug #2852370 [operations] Renaming database deletes triggers - bug #2872247 [interface] Failed opening required 'mysql_charsets.lib.php' - bug [structure] "In use" table incorrectly reported as "view" - bug #2879909 [interface] Removed double htmlspecialchars when editing enum column - bug #2868328 [relations] Adding foreign key when table name contains a dot - bug #2883381 [doc] Side effects of MemoryLimit setting - bug #2826128 [display] Inverting sort order when expression contains a function name ------------------------------------------------------------------- Sat Sep 19 00:50:10 CEST 2009 - javier@opensuse.org - bug #2825293 [structure] Default value for a BIT column - bug [display] Red arrows were reversed in the list of tables - bug #2813879 [export] Duplicate empty lines when exporting without comments - bug #2825919 [export] Trigger export with database name - bug #2823996 [data] Cannot edit row with no PK and a BIT field - bug [export] Exporting results of a query which contains a LIMIT clause inside a subquery - bug #2837722 [export] Run complex SQL then export does not work - bug #2839548 [export] Triggers order on export - bug #2826986 [display] Order by BLOB and range display - bug [display] After clicking on Show Function or Function, the UPDATE query is not shown after execution - bug [structure] Missing validation for BINARY and VARBINARY ------------------------------------------------------------------- Sun Aug 16 06:13:35 UTC 2009 - javier@opensuse.org - bug #2799009 Login with ipv6 IP address breaks redirect - bug #2796066 [priv] Inconsistent display of databases list - bug #2802870 [display] Incorrect overhead value for InnoDB - bug [display] Incorrect display in replication status - bug #1601625 [display] The Ignore checkbox is not unchecked for ENUM - bug #2809930 [setup] Notice: Undefined variable: k in setup/index.php - bug [features] Incorrect report of missing relational features - [security] XSS: Insufficient output sanitizing (not exploitable without a vali d token) thanks to Sven Vetsch/Disenchant for informing us in a responsible manner - bug #2634827 [import] Using DELIMITER produces infinite cycle + new language files: uzbek_cyrillic and urbek_latin - bug #2814109 [search] Right frame is blank - bug #2816840 [priv] Cannot change a user's details - bug #2816165 [display] Executed query not always displayed - bug #2819944 [setup] Incorrect mention of designer_coords - bug #2821757 [insert] "Insert another new row" no longer worked + [lang] Norwegian update - bug [core] PMA_pow() can support negative exponents in the pow() case + [lang] Brazilian Portuguese update - patch #2822384 [docs] Missing auth_type in docs-example - patch #2819728 [display] Slider effect jumping to top of page - bug [display] Incorrect computation of overhead stats in server view for tables under the InnoDB engine + [lang] Swedish update ------------------------------------------------------------------- Fri Jul 24 15:51:24 UTC 2009 - javier@opensuse.org - First security release for phpMyAdmin 3.2.0 ------------------------------------------------------------------- Sun Jun 28 04:17:23 UTC 2009 - javier@opensuse.org - update to 3.2.0 ------------------------------------------------------------------- Sun May 4 16:19:43 UTC 2008 - crrodriguez@suse.de - phpMyAdmin package misses files (favicon.ico, scripts/*) [BNC #381747] - phpMyAdmin setup.php missing [BNC #335306] - update to version 2.11.6, bug fix only release - bug #1903724 [interface] Displaying of very large queries in error message - bug #1905711 [compatibility] Functions deprecated in PHP 5.3: is_a() and get_magic_quotes_gpc() - bug [lang] catalan wrong accented characters - bug #1893034 [Export] SET NAMES for importing with command-line client + [lang] Russian update - bug #1910485 [core] Unsetting the whitelist during the loop - bug #1906980 [Export] Import of VIEWs fails if temp table exists - bug #1812763 [Copy] Table copy when server is in ANSI_QUOTES sql_mode - bug #1918531 [compatibility] Navigation isn't w3.org valid - bug #1926357 [data] BIT defaults displayed incorrectly - patch #1930057 [auth] colon in password prevents HTTP login on CGI/IIS - patch #1929553 [lang] Don't output BOM character in Swedish language file - patch #1895796 [lang] Typo in Japanese lang files - bug #1935652 [auth] Access denied (show warning about mcrypt on login page) - bug #1906983 [export] Reimport of FUNCTION fails - bug #1919808 [operations] Renaming a database fails to handle functions - bug #1934401 [core] Cannot force a language - bug #1944077 [core] Config file containing a BOM - bug #1947189 [scripts] Missing head tag in scripts/signon.php - [lang] Romanian update ------------------------------------------------------------------- Mon Apr 7 11:27:24 UTC 2008 - crrodriguez@suse.de - pmd folder is missing in phpmyadmin 2.11.5.1 [bnc #376616] ------------------------------------------------------------------- Sat Mar 29 15:53:44 UTC 2008 - crrodriguez@suse.de - update to version 2.11.5.1 * bug #1909711 [security] Sensitive data in session files ------------------------------------------------------------------- Mon Mar 10 04:13:27 UTC 2008 - crrodriguez@suse.de - phpMyAdmin tries to access non-existing print.css [#307966] ------------------------------------------------------------------- Sat Mar 1 23:34:52 UTC 2008 - crrodriguez@suse.de - version 2.11.5 - bug #1862661 [GUI] Warn about rename deleting database - bug #1866041 [interface] Incorrect sorting with AS - bug #1871038 [import] Notice: undefined variable first_sql_delimiter - bug #1873110 [export] Problem exporting with a LIMIT clause - bug #1871164 [GUI] Empty and navigation frame synch. - patch #1873188 [GUI] Making db pager work when js is disabled, thanks to Jürgen Wind - windkiel - bug #1875010 [auth] MySQL server and client version mismatch (mysql ext.) - patch #1879031 [transform] dateformat transformation and UNIX timestamps, thanks to Tim Steiner - spam38 - bug [import] Do not verify a missing enclosing character for CSV, because files generated by Excel don't have any enclosing character - bug #1799691 [export] "Propose table structure" and Export - bug #1884911 [GUI] Space usage - bug #1863326 [GUI] Wrong error message / no edit (Suhosin) - bug #1887204 [GUI] Order columns in result list messing up query - patch #1893538 [GUI] Display issues on Opera 9.50, thanks to Jürgen Wind - windkiel - bug [GUI] Do not display the database name used by the previous user, thanks to Ronny Görner - bug [security] Remove cookies from Array for better coexistence with other applications, thanks to Richard Cunningham. See PMASA-2008-1. ------------------------------------------------------------------- Sun Jan 13 11:02:14 UTC 2008 - crrodriguez@suse.de - do not BuildRequire apache2-devel libapr-util1-devel pcre-devel - PreReq coreutils sed and grep - update to version 2.11.4 - bug #1843428 [GUI] Space issue with DROP/DELETE/ALTER TABLE - bug #1807816 [search] regular expression search doesn't work with backslashes - bug #1843463 [GUI] DROP PROCEDURE does not show alert - bug #1835904 [GUI] Back link after a SQL error forgets the query - bug #1835654 [core] wrong escaping when using double quotes - bug #1817612 [cookies] Wrong cookie path on IIS with PHP-CGI, thanks to Carsten Wiedmann - bug #1848889 [export] export trigger should use DROP TRIGGER IF EXISTS - bug #1851833 [display] Sorting forgets an explicit LIMIT (fix for sorting on column headers) - bug #1764182 [cookies] Suhosin cookie encryption breaks phpMyAdmin - bug #1798786 [import] Wrong error when a string contains semicolon - bug #1813508 [login] Missing parameter: field after re-login - bug #1710144 [parser] Space after COUNT breaks Export but not Query - bug #1783620 [parser] Subquery results without "as" are ignored - bug #1821264 [display] MaxTableList and INFORMATION_SCHEMA - bug #1859460 [display] Operations and many databases - bug #1814679 [display] Database selection pagination when switching servers - patch #1861717 [export] CSV Escape character not exported right, thanks to nicolasdigraf - bug #1864468 [display] Theme does not switch to darkblue_orange - bug #1847409 [security] Path disclosure on darkblue_orange/layout.inc.php, thanks to Jürgen Wind - windkiel ------------------------------------------------------------------- Wed Aug 22 12:36:22 UTC 2007 - crrodriguez@suse.de - 2.11.0-rc1 -> 2.11.0 final - mod_php_any is enough to get a webserver do not explicitly require apache2 - update phpmyadmin.conf adding the session save path to open_basedir as well ensuring some additional and possible conflicting php settings are set the way we want ------------------------------------------------------------------- Mon Aug 6 21:59:16 UTC 2007 - anosek@suse.cz - updated to version 2.11.0-rc1 ------------------------------------------------------------------- Mon Jul 30 11:38:44 UTC 2007 - anosek@suse.cz - updated to version 2.11.0-beta1 + [import] support handling of DELIMITER to mimic mysql CLI, thanks to fb1 + improved PHP 6 compatibility - bug #1674914 [structure] changing definition of a TIMESTAMP field - bug #1615530 [upload] added more specific error message if field upload fails - bug #1627210, #1083301, #1482401 [data] warning on duplicate indexes - bug #1668724 JavaScript focus login Opera - bug #1666657 [auth] Cookie password delete on timeout / inactivity - bug #1648802 different mysql library and server version - bug #1662976 [auth] Authentication fails when controluser/pass is set - bug #1643758 [import] Error #1264 importing NULL values in MySQL 5.0 - bug #1523747 [innodb] make warning about row count more visible - bug #1676012 [auth] strip non-US-ASCII characters (RFC2616) - bug #1679440 Added FAQ entry about header errors under IIS caused by an end-of-line character - [gui] avoid displaying a wide selector in server selection - bug #1614004 [relation] foreign key spanning multiple columns are incorrectly displayed - bug #1681598 [interface] Edit next row - bug #1688053 [export] Wrong export of binary character fields - bug #1498281 [parser] Wrong primary key used for displaying results with subquery - bug #1699772 Visual space bug in table name (in browser) - bug #1699532 Cause of data manipulation issues: implemented changes as suggested by crisp_; still have to work on updating an ENUM value + [doc] changed all documentation in config.inc.php to phpDocumentor style + [data] support for CREATE VIEW from query results + [gui] dropped css/ folder and moved into root of PMA + [l10n] new: Sinhala, Macedonian + [export] YAML export (see yaml.org), thanks to Bryce Thornton + [server] improved display of binary logs + [data] better error handling in tbl_create.php + [routines] from Patch #1649881, thanks to Mike Beck + [querywindow] store sql history in session + [querywindow] sql history now without db too + [querywindow] tweaks in sql history view + [export] Native Excel (Spreadsheet_Excel_Writer) improvements, thanks to Christian Schmidt + [doc] requirement of mcrypt on 64-bit, thanks to Isaac Bennetch + RFE #1435922 [gui] navigation frame shows listing of databases when none selected + [data] support BIT datatype (under mysqli), thanks to Christian Schmidt + [display] automatic confirmation for sort by key, thanks to Juergen Wind + [data] can now choose the number of insert rows + RFE #1704779 [gui] link documentation from login page + [structure] TRIGGERS: display/edit/drop/SQL export + [browse] store browse state in session per query + [gui] Insert/Edit: no longer display the Go button each 15 lines but just at the end of a row + [gui] Query window: use verbose server name if any + [auth] patch #1712514 specify host for single signon, thanks to Thierry + [gui] Navigator for the db list in the navigation panel + [gui] Navigator for the table list in the content panel - bug #1727138 HTML not encoded (more than 1000 characters) + [display] Support for MySQL 5.0.37 profiling + RFE #1743983 [gui] Replace $max_characters by a configurable param: $cfg['MaxCharactersInDisplayedSQL'] - bug #1746186 LeftLogoLink fails if set to some external site . [transformations]: remove "auto-detect" MIME-type that was never implemented + [display] patch #1749705, Allow multibyte characters in number formatting, thanks to garas - bug #1747215 Export emits blanks at line ends - bug #1751172 Do not export data when exporting a single VIEW + [privileges] Support password hashing on the Edit Privileges interface - bug #1755339 Warn about rename dataase actually being copy/delete - bug #1746921 Left frame shrinks on db change, thanks to Juergen Wind + [gui] Export: Select All/Unselect All over the choices, thanks to Florian Schmitz ------------------------------------------------------------------- Wed Jul 25 14:31:02 UTC 2007 - anosek@suse.cz - updated to version 2.10.3 - bug #1734285 Copy database with VIEWs - bug #1722502 DROP TABLE in export VIEW - bug #1729027 Sorting results of VIEW browsing - bug #1733012 Unwanted table alias in delete button - bug #1736405 Pretty printer and HTML line breaks - bug #1745257 Invalid DB name is still displayed - bug #1730367 Calendar "Go" has no effect - bug #1748633 Incorrect parameter validation for VIEWs + [lang] Russian revision, thanks to Victor Volkov and the users of php-myadmin.ru - Do not try to delete an internal relation if we just deleted an InnoDB one ------------------------------------------------------------------- Tue Jun 19 03:39:00 UTC 2007 - anosek@suse.cz - updated to version 2.10.2 + [data] display all warnings, not only last one - typo in fix for bug #1671813 - bug #1714908 Inserted Row Count is wrong - bug #1712570 Deleting last record freezes - bug #1717339 Missing header when deleting a checked column, thanks to Michael Keck - bug #1717477 Warning on Query page when db is empty - bug #1721002 db rename -> undefined cfgRelation, thanks to Jürgen Wind - bug #1721571 CREATE database privilege not always detected, thanks to Gordon McNaughton - bug #1715709 export in SQL format always includes procedures and functions - bug #1722502 DROP TABLE in export view structure - bug #1718787 Multi-server setup breaks Designer - bug #1724401 Column truncation in repair table output - patch #1726500 Wrong position of , thanks to Jürgen Wind - bug #1728590 Detected failing session_start fails, thanks to Jürgen Wind - RFE #1714760 Obey ShowCreateDb on the Databases tab - patch #1733762 Typo in message "INSERT DELAY", thanks to Victor Volkov - patch #1730171 Dead message strLanguageFileNotFound, thanks to Victor Volkov - patch #1731280 Avoid negative exponent in gmp_pow(), thanks to anosek ------------------------------------------------------------------- Tue Jun 12 21:48:10 UTC 2007 - anosek@suse.cz - updated to version 2.10.2-rc1 + [data] display all warnings, not only last one - typo in fix for bug #1671813 - bug #1714908 Inserted Row Count is wrong - bug #1712570 Deleting last record freezes - bug #1717339 Missing header when deleting a checked column, thanks to Michael Keck - bug #1717477 Warning on Query page when db is empty - bug #1721002 db rename -> undefined cfgRelation, thanks to Jürgen Wind - bug #1721571 CREATE database privilege not always detected, thanks to Gordon McNaughton - bug #1715709 export in SQL format always includes procedures and functions - bug #1722502 DROP TABLE in export view structure - bug #1718787 Multi-server setup breaks Designer - bug #1724401 Column truncation in repair table output - patch #1726500 Wrong position of , thanks to Jürgen Wind - bug #1728590 Detected failing session_start fails, thanks to Jürgen Wind - RFE #1714760 Obey ShowCreateDb on the Databases tab ------------------------------------------------------------------- Tue Jun 5 00:56:30 UTC 2007 - anosek@suse.cz - fixed warning: gmp_pow(): Negative exponent not supported in common.lib.php [#271746] (gmp_pow.patch) ------------------------------------------------------------------- Tue Apr 24 08:46:01 UTC 2007 - anosek@suse.cz - updated to version 2.10.1 * bugfix release ------------------------------------------------------------------- Tue Mar 6 16:34:13 UTC 2007 - anosek@suse.cz - updated to version 2.10.0.2 * default value for $cfg['Servers'][$i]['ssl'] changed to false * fixes PHP Executor Deep Recursion Stack Overflow [#251757] ------------------------------------------------------------------- Wed Feb 28 14:16:10 UTC 2007 - anosek@suse.cz - updated to version 2.10.0 * Designer: new graphical relation manager * Improved speed on servers with thousands of databases/tables * Vertical field editor (optional) * Option to avoid counting rows for views * Calendar on search page * DOS-style end-of-lines in setup-generated files ------------------------------------------------------------------- Wed Jan 17 12:14:04 UTC 2007 - anosek@suse.cz - updated to version 2.9.2 * improved support for web clusters * deleting a user under MySQL 4.1.x * DELIMITER in export no longer commented out * export of query results and procedure definitions * detection of a binary column * problem on 64-bit systems * granting all privileges on a wildcard name * verification on encrypted zip files * security fixes ------------------------------------------------------------------- Sat Dec 2 21:16:07 UTC 2006 - mmarek@suse.cz - fix previous update which wrongly moved the config.inc.php file to the libraries subdirectory [#223721] ------------------------------------------------------------------- Thu Nov 23 16:01:59 UTC 2006 - anosek@suse.cz - security update to version 2.9.1.1 [#222594] [#222622] ------------------------------------------------------------------- Wed Nov 8 04:04:15 UTC 2006 - anosek@suse.cz - added suggestions from [#216213] * phpMyAdmin now uses mysqli extension not mysql (mysqli.patch) * added Required: php5-mbstring * phpMyAdmin now uses open_basedir for increased security ------------------------------------------------------------------- Tue Oct 17 15:25:56 UTC 2006 - postadal@suse.cz - updated to 2.9.0.2 * Improved readability of setup panels * PDF schema: automatic layout for InnoDB * Font size selector on main page * Export: support for procedures and functions * Can hide "Create Database" dialog * Customizable link under left logo * Export: "Open Document Text", "Open Document spreadsheet" formats * Export: new plugin architecture * User management: can create a db with the same name as created user * Use IEC binary units (KiB, MiB, ...) * Import: SQL compatibility selector * Possibility of using external authentication and use an empty MySQL password * Display MySQL warnings * Links to language-specific MySQL doc whenever possible * Security fixes ------------------------------------------------------------------- Thu Sep 21 06:18:48 UTC 2006 - anosek@suse.cz - updated to 2.9.0 * Improved readability of setup panels * PDF schema: automatic layout for InnoDB * Font size selector on main page * Export: support for procedures and functions * Can hide "Create Database" dialog * Customizable link under left logo * Export: "Open Document Text", "Open Document spreadsheet" formats * Export: new plugin architecture * User management: can create a db with the same name as created user * Use IEC binary units (KiB, MiB, ...) * Import: SQL compatibility selector * Possibility of using external authentication and use an empty MySQL password * Display MySQL warnings * Links to language-specific MySQL doc whenever possible ------------------------------------------------------------------- Wed Aug 23 21:06:46 UTC 2006 - anosek@suse.cz - updated to 2.8.2.4 * fixed cookie login on IIS with IE6 * fixed switching from scripts/setup.php to the main script in case of register_globals enabled ------------------------------------------------------------------- Tue Aug 15 20:48:22 UTC 2006 - anosek@suse.cz - update to 2.8.2.2 * fixed config not loaded on install (MySQL error code 2002 or 2003) ------------------------------------------------------------------- Thu Aug 3 18:53:02 UTC 2006 - mskibbe@suse.de - update to 2.8.2.1 * XSS vulnerability from requests not containing a token * reenabled XML option in Export * added a user with password containing a backslash * setup script: compatibility with security tokens * setup script: detection of writable config * reading the database list with MySQL wildcards ------------------------------------------------------------------- Thu Jun 1 12:57:37 UTC 2006 - postadal@suse.cz - updated to 2.8.1 (bugfix-only release) [#177091] * fixes some XSS vulnerabilities - removed obsoleted patches (2006-1804.patch, 2006-2031.patch) ------------------------------------------------------------------- Tue May 2 17:32:14 UTC 2006 - mmarek@suse.cz - fixed XSS in error messages [#170529] (CVE-2006-2031.patch) ------------------------------------------------------------------- Thu Apr 20 16:02:37 UTC 2006 - mmarek@suse.cz - fixed XSS in sql.php (and other scripts): add a secret token to each link and form to prevent linking to sql.php from outside [#165772] (CVE-2006-1804) ------------------------------------------------------------------- Thu Apr 13 14:52:47 UTC 2006 - mmarek@suse.cz - updated to 2.8.0.3 * fixes some XSS vulnerabilities * improves php-5.1.2 compatibility [#165772] - moved $cfg['blowfish_secret'] to separate file, so that config.inc.php isn't edited during install (blowfish_secret.patch) ------------------------------------------------------------------- Wed Jan 25 20:19:55 UTC 2006 - mls@suse.de - converted neededforbuild to BuildRequires ------------------------------------------------------------------- Tue Jan 17 16:53:13 UTC 2006 - postadal@suse.cz - added php-session to Requires [#137368] ------------------------------------------------------------------- Thu Jan 5 01:41:48 UTC 2006 - postadal@suse.cz - update to version 2.7.0-pl2 (security fixes) [#136015, 137368, 137797] - removed all patches ------------------------------------------------------------------- Tue Nov 22 19:00:46 UTC 2005 - postadal@suse.cz - fixed XSS on HTTP_HOST (HTTP_HOST.patch) [#133818] ------------------------------------------------------------------- Mon Nov 21 21:04:25 UTC 2005 - postadal@suse.cz - update to version 2.6.4-pl4 * fixes PMASA-2005-6 [#133818] (PMASA-2005-6.patch) - removed obsoleted patches: CVE-2005-2869.patch, PMASA-2005-4_and_5.patch, lang-utf8-fix.patch ------------------------------------------------------------------- Mon Nov 14 15:26:43 UTC 2005 - postadal@suse.cz - fixed CVE-2005-2869 (XSS on the cookie-based login panel) [#130226] (CVE-2005-2869.patch) ------------------------------------------------------------------- Tue Nov 1 12:26:05 UTC 2005 - postadal@suse.cz - fixed PMASA-2005-4 and PMASA-2005-5 [#130226] (PMASA-2005-4_and_5.patch) ------------------------------------------------------------------- Tue Aug 23 19:55:32 UTC 2005 - postadal@suse.cz - disabled auto-switch the lang to its UTF-8 version when Lang is set [#104600] ------------------------------------------------------------------- Thu Jul 28 03:26:13 UTC 2005 - postadal@suse.cz - update to 2.6.3-pl1 ------------------------------------------------------------------- Mon Jun 6 19:38:14 UTC 2005 - cthiel@suse.de - update to 2.6.2-pl1 ------------------------------------------------------------------- Tue Mar 8 01:35:42 UTC 2005 - mcihar@suse.cz - generate shorter key to make it work with mcrypt, see https://sourceforge.net/tracker/index.php?func=detail&aid=1115327&group_id=23067&atid=377408 ------------------------------------------------------------------- Fri Mar 4 15:58:09 UTC 2005 - mcihar@suse.cz - update to pl3, it includes previous fix and fixes editing fields with special names (bug #70864) ------------------------------------------------------------------- Thu Mar 3 05:33:39 UTC 2005 - mcihar@suse.cz - fix bad setting of privileges (bug #67276) ------------------------------------------------------------------- Tue Mar 1 18:25:09 UTC 2005 - mcihar@suse.cz - depend on mod_php_any ------------------------------------------------------------------- Thu Feb 24 12:47:49 UTC 2005 - mcihar@suse.cz - update to 2.6.1-p2 to fix several vulnerabilities (bug #66264) ------------------------------------------------------------------- Wed Feb 9 12:08:38 UTC 2005 - mcihar@suse.cz - depend on unversioned php modules, to allow both php4 and php5 installation ------------------------------------------------------------------- Mon Jan 24 17:11:01 UTC 2005 - mcihar@suse.cz - update to 2.6.1 - require php4-mcrypt for faster cookie encryption ------------------------------------------------------------------- Wed Oct 13 10:27:49 UTC 2004 - mcihar@suse.cz - update to 2.6.0-pl2 (bug #47160) - require php4-iconv as it seems to be on all arches now (bug #36642) ------------------------------------------------------------------- Tue Oct 5 13:52:43 UTC 2004 - mcihar@suse.cz - drop php4-recode dependency (bug #46817) ------------------------------------------------------------------- Mon Sep 6 04:07:57 UTC 2004 - mcihar@suse.cz - update to 2.6.0-rc2 ------------------------------------------------------------------- Fri Sep 3 08:17:25 UTC 2004 - mcihar@suse.cz - update to 2.6.0-rc1 - use pwgen for secret generating - don't ship scripts, as they're not needed for most users ------------------------------------------------------------------- Tue Apr 27 19:17:52 UTC 2004 - ro@suse.de - build using apache2 ------------------------------------------------------------------- Wed Mar 31 15:33:40 UTC 2004 - mcihar@suse.cz - require php4-recode for charset conversion (better solution for bugs [#36642] and #36560) ------------------------------------------------------------------- Mon Mar 22 09:15:44 UTC 2004 - mcihar@suse.cz - dropped php-4iconv dependency at all (bug #36642) ------------------------------------------------------------------- Fri Mar 19 15:34:42 UTC 2004 - mcihar@suse.cz - do not require php4-iconv on achitectures where it isn't built (bug #36560) ------------------------------------------------------------------- Mon Mar 8 10:37:50 UTC 2004 - mcihar@suse.cz - require all needed php modules ------------------------------------------------------------------- Mon Mar 1 09:16:37 UTC 2004 - mcihar@suse.cz - update to 2.5.6 ------------------------------------------------------------------- Mon Jan 5 16:29:39 UTC 2004 - mcihar@suse.cz - updated to 2.5.5-pl1 ------------------------------------------------------------------- Mon Oct 20 07:30:55 UTC 2003 - mcihar@suse.cz - updated to 2.5.4 ------------------------------------------------------------------- Thu Oct 16 14:52:30 UTC 2003 - mcihar@suse.cz - do not build as root - little spec file cleanup ------------------------------------------------------------------- Tue Sep 9 00:29:29 UTC 2003 - mcihar@suse.cz - automatically generate blowfish_secret on rpm installation - mark config file as %%config(noreplace) (this in conjuction with previous means that it will be never replaced on upgrade, this is okay as phpMyAdmin supports loading of old config files) ------------------------------------------------------------------- Mon Sep 8 11:19:25 UTC 2003 - mcihar@suse.cz - updated to 2.5.3: - many bugs fixed - messages about missing variables were displayed wrongly - more export bugs - confirmation of some dangerous SQL (TRUNCATE,DROP DATABASE) - new nice icons for actions ------------------------------------------------------------------- Thu Sep 4 12:46:38 UTC 2003 - mcihar@suse.cz - include documentation stylesheet ------------------------------------------------------------------- Fri Aug 29 19:27:03 UTC 2003 - mcihar@suse.cz - depend on mod_php rather that http_daemon as this needs php ------------------------------------------------------------------- Thu Aug 28 13:56:05 UTC 2003 - mcihar@suse.cz - include stylesheets ------------------------------------------------------------------- Thu Aug 7 01:51:18 UTC 2003 - mcihar@suse.cz - updated to 2.5.2-pl1 ------------------------------------------------------------------- Mon Mar 24 21:57:02 UTC 2003 - postadal@suse.cz - removed mysql from Requires, becouse can access to MySQL remotely [#25797] ------------------------------------------------------------------- Mon Feb 24 10:17:25 UTC 2003 - postadal@suse.cz - updated to verison 2.4.0 * new server/user management interface with sub-pages * export to LaTeX format * display UPDATE SQL statement after a row edit * (experimental) support for compressed connections to the MySQL server * upload of binary file into a field * show blob size * a lot of fixes ------------------------------------------------------------------- Wed Jan 29 19:43:40 UTC 2003 - postadal@suse.cz - updated to version 2.3.3pl1 * upload of compressed dumps * inform the user who does not have privileges to create a db * new internal analyzer for db, table, column and alias * a lot of fixes ------------------------------------------------------------------- Mon Aug 12 10:03:41 UTC 2002 - postadal@suse.cz - update to release 2.3.0 ------------------------------------------------------------------- Fri Aug 2 19:59:10 UTC 2002 - ro@suse.de - adapt server-root ------------------------------------------------------------------- Thu Aug 1 14:48:47 UTC 2002 - postadal@suse.cz - fixed required perl path ------------------------------------------------------------------- Wed Jul 31 22:38:40 UTC 2002 - postadal@suse.cz - update to version 2.3.0-rc4 * can specify a different charset for MySQL and HTML * utf-8 charset support * full database search * XML export * faster table delete under MySQL 4 * new language: slovenian * fixes ------------------------------------------------------------------- Mon Jul 1 05:53:47 UTC 2002 - ro@suse.de - fixed directory permissions ------------------------------------------------------------------- Thu Jan 10 12:09:07 UTC 2002 - rvasice@suse.cz - update to version 2.2.3 ------------------------------------------------------------------- Tue Sep 4 10:23:05 UTC 2001 - rvasice@suse.cz - update to version 2.2.0 final - dynamic multiple language support, with automatic detection - database usage statistics - table maintenance features (repair, check, optimize) - made package noarch ------------------------------------------------------------------- Thu Aug 2 23:51:57 UTC 2001 - rvasice@suse.cz - update to version 2.2.0rc3 ------------------------------------------------------------------- Mon Jun 18 09:49:14 UTC 2001 - rvasice@suse.cz - initial package release (version 2.1.0)