Accepting request 96485 from server:php:applications

update to 3.4.8, fix for PMASA-2011-18 (CVE-2011-4634)

OBS-URL: https://build.opensuse.org/request/show/96485
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/phpMyAdmin?expand=0&rev=16

phpMyAdmin-3.4.7.1-all-languages.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:4e1190955fc7bf4bf7c908b917b5d9244cd269ef37d0256ba60c230ff9013b1f
-size 4605472

phpMyAdmin-3.4.8-all-languages.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:792a53d1904feed2bba0a613680af86fb4ca2ee8e94ba65ef92043c5c2d90604
+size 4610153

phpMyAdmin.changes

@@ -1,7 +1,37 @@
+-------------------------------------------------------------------
+Tue Dec 13 14:25:45 UTC 2011 - chris@computersalat.de
+
+- update to 3.4.8
+  - bug #3425230 [interface] enum data split at space char (more space to edit)
+  - bug #3426840 [interface] ENUM/SET editor can't handle commas in values
+  - bug #3427256 [interface] no links to browse/empty views and tables
+  - bug #3430377 [interface] Deleted search results remain visible
+  - bug #3428627 [import] ODS import ignores memory limits
+  - bug #3426836 [interface] Visual column separation
+  - bug #3428065 [parser] TRUE not recognized by parser
+  + patch #3433770 [config] Make location of php-gettext configurable
+  - patch #3430291 [import] Handle conflicts in some open_basedir situations
+  - bug #3431427 [display] Dropdown results - setting NULL does not work
+  - patch #3428764 [edit] Inline edit on multi-server configuration
+  - patch #3437354 [core] Notice: Array to string conversion in PHP 5.4
+  - [interface] When ShowTooltipAliasTB is true, VIEW is wrongly shown as the
+    view name in main panel db Structure page
+  - bug #3439292 [core] Fail to synchronize column with name of keyword
+  - bug #3425156 [interface] Add column after drop
+  - [interface] Avoid showing the password in phpinfo()'s output
+  - bug #3441572 [GUI] 'newer version of phpMyAdmin' message not shown in IE8
+  - bug #3407235 [interface] Entering the key through a lookup window does not
+    reset NULL
+  - [security] Self-XSS on database names (Synchronize), see PMASA-2011-18
+  - [security] Self-XSS on database names (Operations/rename), see PMASA-2011-18
+  - [security] Self-XSS on column type (Create index), see PMASA-2011-18
+  - [security] Self-XSS on column type (table Search), see PMASA-2011-18
+  - [security] Self-XSS on invalid query (table overview), see PMASA-2011-18
+
 -------------------------------------------------------------------
 Mon Nov 14 20:22:30 UTC 2011 - chris@computersalat.de
 
-- update to 3.4.7.1
+- update to 3.4.7.1 (fix for bnc#728243)
   - [security] Fixed possible local file inclusion in XML import
     (CVE-2011-4107), see PMASA-2011-17
     http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php

phpMyAdmin.spec

@@ -16,7 +16,6 @@
 #
 
 
-
 Name:           phpMyAdmin
 
 %define apxs %{_sbindir}/apxs2
@@ -33,10 +32,10 @@ Name:           phpMyAdmin
 %endif
 
 Summary:        Administration of MySQL over the web
-Version:        3.4.7.1
-Release:        1
-License:        GPLv2+
+License:        GPL-2.0+
 Group:          Productivity/Networking/Web/Frontends
+Version:        3.4.8
+Release:        0
 Url:            http://www.phpMyAdmin.net
 Source0:        %{name}-%{version}-all-languages.tar.bz2
 Source1:        %{name}.http