Eric Schirra
9aa95454fb
* Security
- issue [security] Fix for a path disclosure leak in the Monitoring tab
- issue Prevent the user from deleting system databases
- issue [security] Fix an XSS vulnerability when checking tables (PMASA-2025-1)
- issue [security] Fix an XSS vulnerability on the Insert tab (PMASA-2025-2)
- issue [security] Fix a possible glibc/iconv vulnerability (CVE-2024-2961, assigned PMASA-2025-3
but please note that phpMyAdmin is not vulnerable by default)
* Bugfix
- issue Fix for sql-parser relating to quadratic complexity in certain queries, which could have caused long execution times.
- issue #17851 Fix total count of rows in not accurate
- issue #17766 Allow to open in a new tab copy and edit row actions
- issue #17599 Fix error when handling an user that is not in privileges table
- issue #17364 Fix error when trying to import a status monitor chart arrangement
- issue #18106 Fix renaming database with a view
- issue #18120 Fix bug with numerical tables during renaming database
- issue #16851 Fix ($cfg['Order']) default column order doesn't have have any effect since phpMyAdmin 4.2.0
- issue #18138 Fix some issues with numerical table names
- issue #18112 Fix open base dir warning on git version class
- issue #18211 Fix the themes route missing the server ID
- issue Do not show "Original length undefined" on binary hex columns
- issue Fix wrong time zone when handling Git information
- issue #18195 Fix warning on non-existent table for XML export
- issue #18196 Fix errors of import notification
- issue #18093 Fix JS errors around "new user account" in some edge cases
- issue #16451 Increase password characters limit to 2000 during login
- issue #18177 Fix "IS NULL" is shown for non-nullable columns on search page
- issue #16199 Fix dragging of tables in designer
- issue #18268 Fix UI issue the theme manager is disabled
- issue #18258 Speed improvements when exporting a database
- issue #17702 Fix performance issue when handling large number of tables in a single database
- issue #18324 Fix UI defect on tracking versions table first column
- issue #18266 Fix disabling features (like `$cfg['Servers'][$i]['tracking'] = false;`) did not work
- issue #18296 Fixed query time measurement - measure time only for user queries
- issue #18235 Fix columns are misaligned for the "sys" database
- issue #18249 Speed improvements when browsing a database with multiple tables
- issue #18060 Fix Console height "Not a non-negative number" error
- issue #18188 Fix issue when editing GIS data
- issue Fix width/height of create routines modal and width of routines/triggers/events modals
- issue Stop pmadb database detection when all features are disabled
- issue Upgrade slim/psr7 to 1.4.1 for CVE-2023-30536 - GHSA-q2qj-628g-vhfw
- issue #17654 Fix unprivileged user cannot change password on MySQL >= 5.7.37
- issue #18385 Add CVE MITRE link to allowed domains and use cve.org
- issue #18330 Fix TypeError when no-datetime field is modified
- issue #18212 Fix Query Builder doesn't replace a table name with it's alias in the `WHERE` block
- issue #18221 Keep the criteria box collapsed by the user when un-checking the criteria checkbox
- issue #18363 Fix colspan for actions column on database table list
- issue Fix double encoding on User Groups pages
- issue Fix list of users of an user group not showing up
- issue Fix duplicate query params in the SQL message card
- issue #18314 Fix dragged row in index form
- issue #17392 Fix the actions not being hidden in the Triggers, Routines, Events pages
- issue #18441 Fix execute routine page not working when not in a modal
- issue #18471 Fix SQL statement not being displayed correctly on RTL languages
- issue Fix state times not getting summed in the profiling table
- issue Fix a case where a fatal error message was not displayed
- issue #17420 Fix profiling chart not loading when profiling is activated
- issue #18159 Fix error when changing the number of chart columns in the monitor page
- issue #18403 Fix Uncaught SyntaxError: JSON.parse on makegrid conditions
- issue #17528 Fix double escaping of database group names in the navigation tree
- issue #18473 Fix the NULL not applied after clearing nullable field
- issue #18454 Fix date field calendar display when changing NULL state
- issue #18481 Fix missing pagination when using SELECT DISTINCT
- issue #18325 Allow hex representations for integers in the search box validation
- issue #14411 Fixed double tap to edit on mobile devices
- issue Update documentation to reflect that Node >= 12 is required to compile the JS and CSS files
- issue #18578 Fixed PDF export NULL values gives a type error
- issue #18605 Fixed issue when executing a stored procedure
- issue #18650 Fixed double escaping on foreign key relation link title
- issue #18533 Fixed wrong count for simulated queries
- issue #18611 Fixed an error when searching a table without conditions
- issue #18663 Fixed case where triggers are dropped when moving a table
- issue #17404 Fixed an error message after dropping a database
- issue #18714 Fixed incorrect formatting of the amount of table rows
- issue #18717 Fixed issue when deleting bookmarks
- issue #18713 Fixed some issues with the GIS editor
- issue #18722 Fixed generic error message in the home page
- issue #18693 Fixed enum/set value escaping
- issue #18769 Improved collations support for MariaDB 10.10
- issue #17381 Fixed JS errors when editing indexes on create table
- issue #14402 Fix the PRIMARY label still shown when using two columns for a PK on create table
- issue #17347 Fixed JS errors when changing index settings on create table
- issue #18762 Fixed truncating tables when a VIEW is included
- issue Fix BETWEEN search does not validate input because of spaces
- issue Fix JS number validation does not validate when the input is empty or emptied
- issue #18561 Fix issue when adding System Monitor charts
- issue #17363 Fix duplicate route parameter after logging in
- issue #15670 Fix case where the data is truncated after changing a longtext column's collation
- issue #18797 Fixed support for ampersand as a arg separator
- issue #18834 Fixed case where column hash is empty in table relation page
- issue #17538 Fixed error when renaming an index
- issue #18865 Fix missing text-nowrap for timestamps columns
- issue #18613 Fixed routine editor showing wrong parameter type
- issue #18890 Fixed wrong row count when query has UNION
- issue #18949 Fixed natural sorting for items in the navigation section
- issue #18930 Fixed import of empty tables from MediaWiki
- issue #18940 Fixed issue when creating an unique key
- issue #19022 Fix case where tables from wrong database is loaded in navigation tree
- issue #18782 Fixed issue with role based auth for MySQL 8
- issue #18593 Fix drop db line included in server export if exporting only data
- issue #18049 Also check that curl_exec is enabled for the new version check
- issue #19023 Fixed table size for ROCKSDB engine showing as unknown
- issue #18451 Fix when editing inline central column, Null is always preselected
- issue #18495 Fixed database export missing routines
- issue #19117 Allow changing the virtuality of a column without any other changes
- issue #18566 Fixed error when importing exported view with USE INDEX hint
- issue #17920 Fixed moving column with empty default value will replace it with ''
- issue #18006 Fixed moving columns causes the default uuid() value to get quotes around it
- issue #18962 Fixed move columns with ENUM() & DEFAULT causes invalid SQL
- issue #18276 Fix on update CURRENT_TIMESTAMP doesn't show as default in attributes
- issue #18240 Fix inserting value with UNIX_TIMESTAMP() without a parameter
- issue #19125 Fixed CodeMirror tooltip is below modals
- issue #18674 Fix formatted sql in browse table result has a linebreak after each token
- issue #18210 Fixed add replica replication user on MariaDB doesn't work (SQL syntax)
- issue #19041 Fix footer.twig gets printed to Binary File Download
- issue #19091 Fix to stop processing queries on error
- issue #18241 Fix copy SQL query button on error messages
- issue #17190 Fix an error with SELECT ... FOR UPDATE queries
- issue #19145 Remove duplicate server and lang parameters from links
- issue #19158 Fix an issue with backticks on the query generator
- issue #19174 Fix an issue with column alias with asterisk on the query generator
- issue #19146 Fix column sorting with limit subquery
- issue #19152 Fix the number of lines being ignored in GIS visualization after a search
- issue #19189 Fix issue with column sorting when using 'group by'
- issue #19188 Fix issue with simulated queries reporting syntax errors
- issue #19141 Add cookie prefix '-__Secure-' to cookies to help prevent cookie smuggling
- issue #19218 Fix textarea horizontal resizing with Bootstap theme
- issue #19199 Add support for fractional seconds to current_timestamp()
- issue #19221 Fix query statistics for queries with count(*)
- issue #19203 Fix single quotes and backslashes for the query generator
- issue #19163 Fix queries with IS NULL or IS NOT NULL for the query generator
- issue #19181 Fix query generator support for IN() and NOT IN()
- issue #19167 Fix criteria on column '*' for the query generator
- issue #19213 Fix possible issue when exporting a large data set
- issue #19217 Fix issue when editing a cell of a JSON column
- issue #19244 Add yarn 1.22 to the package.json's packageManager field
- issue #19185 Fix visual issue when a row has only empty cells
- issue #19257 Fix issue when adding an index with an invalid name
- issue #19276 Fix compatibility with Twig 3.12
- issue #19283 Fix issue when the server starts with skip-innodb option
- issue #19299 Fix charset in procedure's parameter type
- issue #19316 Fix input size for hexadecimal values
- issue #19321 Suppress deprecation message of E_STRICT constant
- issue Fix PHP 8.4 `str_getcsv` `$escape` parameter deprecation
- issue #19426 Fix PHP warnings when the column is a `COMPRESSED BLOB`
- issue Allow opening server breadcrumb links in new tab with Ctrl/Meta key
- issue #19500 Use `KILL` instead of `CALL mysql.rds_kill` for non super users
- issue Fix "copy to clipboard" was adding a blank row for each repeating header row
- issue Fix TCPDF translations
- issue Remove underline for links on Bootstrap theme
- issue Fix sql editor height on multi-table query
- issue #18852 Fix notification color scheme on the Bootstrap dark theme
- issue #14542 Show the query even if no results are found in the Table search
- issue #16936 Fixed import (e.g. ods) doesn't respect database default collation
- issue #19000 Disable autocomplete for the create table/db name inputs
OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=385
277 lines
9.8 KiB
RPMSpec
277 lines
9.8 KiB
RPMSpec
#
|
|
# spec file for package phpMyAdmin
|
|
#
|
|
# Copyright (c) 2025 SUSE LLC
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
|
#
|
|
|
|
|
|
%define ap_docroot_old /srv/www/htdocs
|
|
%define ap_docroot %{_datadir}
|
|
%define ap_tmpdir %{_localstatedir}/cache/%{name}
|
|
%define pma_config %{_sysconfdir}/%{name}/config.inc.php
|
|
%if !0%{?suse_version}
|
|
%define apache_user nobody
|
|
%define apache_group nogroup
|
|
%endif
|
|
Name: phpMyAdmin
|
|
Version: 5.2.2
|
|
Release: 0
|
|
Summary: Administration of MySQL over the web
|
|
License: GPL-2.0-or-later
|
|
Group: Productivity/Networking/Web/Frontends
|
|
URL: https://www.phpMyAdmin.net/
|
|
Source0: https://files.phpmyadmin.net/phpMyAdmin/%{version}/%{name}-%{version}-all-languages.tar.xz
|
|
Source1: https://files.phpmyadmin.net/phpMyAdmin/%{version}/%{name}-%{version}-all-languages.tar.xz.asc
|
|
# http://docs.phpmyadmin.net/en/latest/setup.html#verifying-phpmyadmin-releases
|
|
Source2: https://files.phpmyadmin.net/phpmyadmin.keyring#/%{name}.keyring
|
|
Source3: %{name}.http
|
|
Source4: %{name}.http.inc
|
|
Source100: %{name}-rpmlintrc
|
|
# Fix-SuSE: provide useful default config
|
|
Patch0: %{name}-config.patch
|
|
# Fix-SUSE: auto config for pma storage
|
|
Patch1: %{name}-pma.patch
|
|
BuildArch: noarch
|
|
BuildRequires: apache-rpm-macros
|
|
BuildRequires: fdupes
|
|
#
|
|
Requires: php-bz2
|
|
Requires: php-ctype
|
|
Requires: php-gd
|
|
Requires: php-gettext
|
|
Requires: php-iconv
|
|
Requires: php-json
|
|
Requires: php-mbstring
|
|
Requires: php-mysql
|
|
Requires: php-openssl
|
|
Requires: php-session
|
|
Recommends: php-curl
|
|
Recommends: php-zip
|
|
|
|
%description
|
|
phpMyAdmin can manage a whole MySQL server (needs a super-user) as well as a
|
|
single database. To accomplish the latter you'll need a properly set up MySQL
|
|
user who can read/write only the desired database. It's up to you to look up
|
|
the appropriate part in the MySQL manual.
|
|
|
|
Currently phpMyAdmin can:
|
|
|
|
* browse and drop databases, tables, views, fields and indexes
|
|
* create, copy, drop, rename and alter databases, tables, fields and indexes
|
|
* maintenance server, databases and tables, with proposals on server
|
|
configuration
|
|
* execute, edit and bookmark any SQL-statement, even batch-queries
|
|
* load text files into tables
|
|
* create^1 and read dumps of tables
|
|
* export^1 data to various formats: CSV, XML, PDF, ISO/IEC 26300 -
|
|
OpenDocument Text and Spreadsheet, Word, Excel and L^AT[E]X formats
|
|
* import data and MySQL structures from Microsoft Excel and OpenDocument
|
|
spreadsheets, as well as XML, CSV, and SQL files
|
|
* administer multiple servers
|
|
* manage MySQL users and privileges
|
|
* check referential integrity in MyISAM tables
|
|
* using Query-by-example (QBE), create complex queries automatically
|
|
connecting required tables
|
|
* create PDF graphics of your Database layout
|
|
* search globally in a database or a subset of it
|
|
* transform stored data into any format using a set of predefined functions,
|
|
like displaying BLOB-data as image or download-link
|
|
* track changes on databases, tables and views
|
|
* support InnoDB tables and foreign keys (see FAQ 3.6)
|
|
* support mysqli, the improved MySQL extension (see FAQ 1.17)
|
|
* communicate in 57 different languages
|
|
* synchronize two databases residing on the same as well as remote servers
|
|
(see FAQ 9.1)
|
|
|
|
%package apache
|
|
Summary: Apache configuration for %{name}
|
|
Group: Productivity/Networking/Web/Utilities
|
|
BuildRequires: apache-rpm-macros-control
|
|
BuildRequires: apache2
|
|
Requires: %{name}
|
|
Requires: apache2
|
|
Requires(post): %{_sbindir}/a2enmod
|
|
Requires(post): %{_sbindir}/a2enflag
|
|
Requires(post): php
|
|
Requires(postun):%{_sbindir}/a2enflag
|
|
Requires: mod_php_any >= 7.4
|
|
Supplements: packageand(apache2:%name)
|
|
|
|
%description apache
|
|
This subpackage contains the Apache configuration files
|
|
|
|
%lang_package
|
|
|
|
%prep
|
|
%setup -q -n %{name}-%{version}-all-languages
|
|
## rpmlint:
|
|
# wrong-file-end-of-line-encoding
|
|
perl -p -i -e 's|\r\n|\n|' examples/config.manyhosts.inc.php
|
|
%patch -P 0
|
|
%patch -P 1
|
|
|
|
# clean up
|
|
find . -name .github -type d -prune -exec rm -r {} \;
|
|
for file in *.orig .buildinfo .gitkeep .travis.yml .weblate .jshintrc .eslintrc.json \
|
|
.php_cs.dist .scrutinizer.yml .editorconfig php_twig.h twig.c; do
|
|
find . -type f -name $file -delete
|
|
done
|
|
|
|
# permissions
|
|
find . -type d -exec chmod 755 {} \;
|
|
find . ! -name '*.sh' ! -name '*-query' -type f -exec chmod 644 {} \;
|
|
|
|
%build
|
|
|
|
%install
|
|
#%%{__install} -d -m0750 $RPM_BUILD_ROOT%%{_sysconfdir}/%%{name}
|
|
install -d -m0755 %{buildroot}%{ap_docroot}/%{name}
|
|
cp -dR *.php *.ico *.txt js libraries locale themes templates vendor \
|
|
%{buildroot}%{ap_docroot}/%{name}
|
|
# install config to config dir
|
|
install -D -m0640 %{buildroot}%{ap_docroot}/%{name}/config.sample.inc.php \
|
|
%{buildroot}%{_sysconfdir}/%{name}/config.inc.php
|
|
# install TempDir (now in cache)
|
|
install -d -m0770 %{buildroot}%{ap_tmpdir}
|
|
|
|
# fix libraries/vendor_config.php
|
|
sed -i -e "s,@docdir@,%{_docdir}/%{name},g" -e "s,@sysconfdir@,%{_sysconfdir}/%{name},g" -e "s,@tmpdir@,%{ap_tmpdir},g" \
|
|
%{buildroot}%{ap_docroot}/%{name}/libraries/vendor_config.php
|
|
# fix libraries/common.inc.php
|
|
#%%{__sed} -i -e "s,@PMA_Config@,%%{_sysconfdir}/%%{name}/config.inc.php,g" \
|
|
# $RPM_BUILD_ROOT%%{ap_docroot}/%%{name}/libraries/common.inc.php
|
|
|
|
# generate file list
|
|
find %{buildroot}%{ap_docroot}/%{name} -mindepth 1 -maxdepth 1 -type d | sed -e "s@$RPM_BUILD_ROOT@@" > FILELIST
|
|
find %{buildroot}%{ap_docroot}/%{name} -maxdepth 1 -type f | grep -v 'config.inc.php' | sed -e "s@$RPM_BUILD_ROOT@@" >> FILELIST
|
|
install -D -m0644 %{SOURCE3} %{buildroot}%{apache_sysconfdir}/conf.d/%{name}.conf
|
|
install -D -m0644 %{SOURCE4} %{buildroot}%{apache_sysconfdir}/conf.d/%{name}.inc
|
|
# fix paths in http config
|
|
sed -i -e "s,@ap_docroot@,%{ap_docroot},g" -e "s,@name@,%{name},g" \
|
|
-e "s,@docdir@,%{_docdir},g" -e "s,@ap_sysconfdir@,%{apache_sysconfdir},g" -e "s,@ap_tmpdir@,%{ap_tmpdir},g" %{buildroot}%{apache_sysconfdir}/conf.d/%{name}.conf
|
|
|
|
# rpmlint stuff
|
|
%fdupes %{buildroot}%{ap_docroot}/%{name}
|
|
|
|
# find language files
|
|
%find_lang %{name} --all-name
|
|
|
|
%post
|
|
# generate blowfish secret only on install, not on upgrade
|
|
if [ $1 -eq 1 ]; then
|
|
sed -i -e "s|^\(\$cfg\['blowfish_secret'\] = '\)\(';\).*|\1$(head -c 32 /dev/urandom | base64)\2|" %{pma_config}
|
|
fi
|
|
|
|
%preun
|
|
# only on uninstall, not on upgrade
|
|
if [ $1 -eq 0 ]; then
|
|
echo "info: empty %{ap_tmpdir}/* for clean uninstall"
|
|
rm -rf %{ap_tmpdir}/* || :
|
|
fi
|
|
|
|
%postun
|
|
# only on upgrade, not on install
|
|
if [ $1 -ge 1 ]; then
|
|
echo "info: empty %{ap_tmpdir}/* for clean upgrade"
|
|
rm -rf %{ap_tmpdir}/* || :
|
|
fi
|
|
|
|
%post apache
|
|
# only do on install, not on upgrade
|
|
if [ $1 -eq 1 ]; then
|
|
# enable required apache modules
|
|
a2enmod version >/dev/null || :
|
|
|
|
# enable mod_php if preform MPM is used
|
|
if start_apache2 -V | grep -q prefork; then
|
|
mod_php=$(php -r "echo 'php' . PHP_MAJOR_VERSION;")
|
|
echo "info: adding ${mod_php} to APACHE_MODULES"
|
|
a2enmod ${mod_php} >/dev/null || :
|
|
fi
|
|
|
|
# enable phpMyAdmin flag
|
|
echo "info: adding %{name} to APACHE_SERVER_FLAGS"
|
|
a2enflag %{name} >/dev/null || :
|
|
fi
|
|
# on upgrade, check if new cache directory is in config
|
|
if [ $1 -gt 1 ] && ! grep -q %{ap_tmpdir} %{apache_sysconfdir}/conf.d/%{name}.conf; then
|
|
# not found, create backup first
|
|
cp --backup=t --preserve %{apache_sysconfdir}/conf.d/%{name}.conf{,.bak}
|
|
|
|
# add cache directory /var/cache/phpMyAdmin
|
|
echo "info: new cache directory added to %{apache_sysconfdir}/conf.d/%{name}.conf"
|
|
sed -i "s|\(php_admin_value open_basedir[^:]*\)|\1:%{ap_tmpdir}|" %{apache_sysconfdir}/conf.d/%{name}.conf
|
|
cat >> %{apache_sysconfdir}/conf.d/%{name}.conf << EOF
|
|
|
|
<Directory %{ap_tmpdir}>
|
|
|
|
<IfVersion < 2.4>
|
|
Order allow,deny
|
|
Deny from all
|
|
</IfVersion>
|
|
|
|
<IfVersion >= 2.4>
|
|
<IfModule !mod_access_compat.c>
|
|
Require all denied
|
|
</IfModule>
|
|
<IfModule mod_access_compat.c>
|
|
Order deny,allow
|
|
Deny from all
|
|
</IfModule>
|
|
</IfVersion>
|
|
|
|
</Directory>
|
|
EOF
|
|
|
|
# boo#1092345: change ap_docroot from /srv/www/htdocs to /usr/share
|
|
if grep -q %{ap_docroot_old} %{apache_sysconfdir}/conf.d/%{name}.conf; then
|
|
echo "info: changed %{ap_docroot_old} to %{ap_docroot} in %{apache_sysconfdir}/conf.d/%{name}.conf"
|
|
sed -i "s|%{ap_docroot_old}|%{ap_docroot}|g" %{apache_sysconfdir}/conf.d/%{name}.conf
|
|
fi
|
|
fi
|
|
|
|
%postun apache
|
|
# only do on uninstall, not on upgrade
|
|
if [ $1 -eq 0 ]; then
|
|
# disable phpMyAdmin flag
|
|
echo "info: removing %{name} from APACHE_SERVER_FLAGS"
|
|
a2enflag -d %{name} >/dev/null || :
|
|
fi
|
|
%apache_request_restart
|
|
|
|
%posttrans apache
|
|
# restart apache instances after zypper or rpm transaction, if not have restarted already
|
|
%apache_restart_if_needed
|
|
|
|
%files -f FILELIST
|
|
%defattr(644,root,root,755)
|
|
%doc ChangeLog
|
|
%license LICENSE
|
|
%doc README RELEASE-DATE*
|
|
%doc examples doc sql
|
|
%dir %attr(0750,root,%{apache_group}) %{_sysconfdir}/%{name}
|
|
%dir %attr(0770,root,%{apache_group}) %{ap_tmpdir}
|
|
%config(noreplace) %{_sysconfdir}/%{name}/config.inc.php
|
|
%dir %{ap_docroot}/%{name}
|
|
%exclude %{ap_docroot}/%{name}/locale/*/LC_MESSAGES/phpmyadmin.mo
|
|
%exclude %{ap_docroot}/%{name}/vendor/phpmyadmin/sql-parser/locale/*/LC_MESSAGES/sqlparser.mo
|
|
|
|
%files apache
|
|
%config(noreplace) %{apache_sysconfdir}/conf.d/%{name}.conf
|
|
%config(noreplace) %{apache_sysconfdir}/conf.d/%{name}.inc
|
|
|
|
%files lang -f %{name}.lang
|
|
|
|
%changelog
|