Accepting request 1248914 from server:php:applications

Update changes file to mention correct boo# fixes (forwarded request 1248912 from computersalat)

OBS-URL: https://build.opensuse.org/request/show/1248914
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/phpMyAdmin?expand=0&rev=184

phpMyAdmin-5.2.1-all-languages.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:373f9599dfbd96d6fe75316d5dad189e68c305f297edf42377db9dd6b41b2557
-size 7461668

phpMyAdmin-5.2.1-all-languages.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEPQalns5zDrcbURwXznUvF4JZvZIFAmPixzwACgkQznUvF4JZ
-vZJykhAAmYcNfeAvZQsZQxsEuihZgsSgUYy/icfTWiUlD8QByMfu+dGDXyFMv9+H
-TOOoX6T/7aeY0ZbemmlthHGB34lr4EAdU4b6lyHZ4yhSqOy+b5rf7moKItXF2MRB
-LDeVitsACiIS09MX54un4WOcHm2AqesT6KzykLrOhwNt3EP0oKZoTIdQObzALKAh
-najxa+TC3iFVPvCGX2VItgJN7i1MTCpwJwo2yHOba9RgNaap+uyOlN30ZZ/u1ne8
-+I/QZMyhtq7MQPVDpSAGHHYBmE9W4kihS7g1dzkQlgM585oqUsDmtL8Ba9gqIroV
-rXVq4rReDTsx/6wyveGYci9fMDpVFPpMf7Dtay32PK6vEaKjsDR2+kuDkbJqjYlf
-/8B8GWJfvsLQly1N1MYIC3BVa/oCd81mkay7d67JtbAC7neQccjn2zkHzJ2RS1Ir
-7bImzAd/a5YbZHtLjKRqshWVIrbN/KmO2VwxmM5zjTVlVHZPWCiV9JJx+8PtpQTy
-lHcd9Is1ZJzkdeqQaW2IakhgHj+9RDJ4lUFrSeUcl99QqUFil35C9FgcVMbzNzOr
-OPBKBKTNVk3uzVYnpCXsvxdmSnyVulBE5iMV+80Cs+P70mKp6vFPGPUY2kXHGWKd
-s7tHs6JHgcs2qnLEu7bpm+5/3e34vkffREsyXM322E2GpSC2gfs=
-=985I
------END PGP SIGNATURE-----

phpMyAdmin-5.2.2-all-languages.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f881819a3b11e653b0212afaf0cc105db85c767715cb3f5852670f7fc36c9669
+size 7539088

phpMyAdmin-5.2.2-all-languages.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEPQalns5zDrcbURwXznUvF4JZvZIFAmePEe0ACgkQznUvF4JZ
+vZL1wBAAiMguK5dZbPa7X5IsuD56DEDbv4ODitpKExHgQ84ki+Y1fwAO6MDAeuGN
+qpE+wm6jcpT0nTlR7/fBjtFMkolFH202wEnTj3LfCs64KMru2k9CQvwwtfB0FCG6
+DVgklOYFWU5ISGN8ma8qLhAgMBUSM/I6CUzzHtudQ+FIvfpgyYZimH9oYbguUdaU
+Eh0sIf6SMDKL+qD0v7fraehUCN0ixMFeVtX7dKUs7bDHhcayApJLw+EtV6olDR7a
+BSzcrmG2brDAjRnpSt2mEgcgLJbZ1jN225W86B4McgNRUtSGEp4kLDisxeVL3wmf
+xYeLLg7u65n4tZaf4kYvFAgJaj0fZsRZd+mPqRkn8Oee/WkqwIyWGCgV9Ez92JH7
+L3LdZU/nQV0CLfZizXuideGVU1vD56sVHmIzTF/x2xccdSgTCluea94vE2A0nU0D
+TdFDFAsPEh5YCgVAI4gAN0myCQushmcS3k8gFasVkBfqLzoARVNaQOpU8nYIMK1I
+Qh+/Y8+LislojgtBQ0htdjt/XDqq/9UeCIT9qwYNVXMBFJ8u6Th69aGIVdc74OZY
+1BNPuzsDp4/E+Jy4bPLdZe6R3B+Zf7TWlFTqlaWFv8KNyBAQmsGGEatuYU5nHeac
+XahSTcyxii6GKO55CDVj4lhkwqOr0kg0vdhWwdWebjLFwfzg9g4=
+=PNiW
+-----END PGP SIGNATURE-----

phpMyAdmin.changes

@@ -1,10 +1,178 @@
+-------------------------------------------------------------------
+Thu Feb 27 10:35:47 UTC 2025 - chris@computersalat.de
+
+- fix changes file, because update to 5.2.2 also fixes
+  * boo#1236312 (CVE-2025-24530, PMASA-2025-1)
+  * boo#1236311 (CVE-2025-24529, PMASA-2025-2)
+- update phpMyAdmin.http.inc
+  * add php_admin_value upload_max_filesize 64M
+
+-------------------------------------------------------------------
+Thu Jan 23 12:34:40 UTC 2025 - ecsos <ecsos@opensuse.org>
+
+- Update to 5.2.2
+  * Security
+    - issue        [security] Fix for a path disclosure leak in the Monitoring tab
+    - issue        Prevent the user from deleting system databases
+    - issue        [security] Fix an XSS vulnerability when checking tables (PMASA-2025-1)
+    - issue        [security] Fix an XSS vulnerability on the Insert tab (PMASA-2025-2)
+    - issue        [security] Fix a possible glibc/iconv vulnerability (CVE-2024-2961, assigned PMASA-2025-3 
+                   but please note that phpMyAdmin is not vulnerable by default)
+  * Bugfix
+    - issue        Fix for sql-parser relating to quadratic complexity in certain queries, which could have caused long execution times.
+    - issue #17851 Fix total count of rows in not accurate
+    - issue #17766 Allow to open in a new tab copy and edit row actions
+    - issue #17599 Fix error when handling an user that is not in privileges table
+    - issue #17364 Fix error when trying to import a status monitor chart arrangement
+    - issue #18106 Fix renaming database with a view
+    - issue #18120 Fix bug with numerical tables during renaming database
+    - issue #16851 Fix ($cfg['Order']) default column order doesn't have have any effect since phpMyAdmin 4.2.0
+    - issue #18138 Fix some issues with numerical table names
+    - issue #18112 Fix open base dir warning on git version class
+    - issue #18211 Fix the themes route missing the server ID
+    - issue        Do not show "Original length undefined" on binary hex columns
+    - issue        Fix wrong time zone when handling Git information
+    - issue #18195 Fix warning on non-existent table for XML export
+    - issue #18196 Fix errors of import notification
+    - issue #18093 Fix JS errors around "new user account" in some edge cases
+    - issue #16451 Increase password characters limit to 2000 during login
+    - issue #18177 Fix "IS NULL" is shown for non-nullable columns on search page
+    - issue #16199 Fix dragging of tables in designer
+    - issue #18268 Fix UI issue the theme manager is disabled
+    - issue #18258 Speed improvements when exporting a database
+    - issue #17702 Fix performance issue when handling large number of tables in a single database
+    - issue #18324 Fix UI defect on tracking versions table first column
+    - issue #18266 Fix disabling features (like `$cfg['Servers'][$i]['tracking'] = false;`) did not work
+    - issue #18296 Fixed query time measurement - measure time only for user queries
+    - issue #18235 Fix columns are misaligned for the "sys" database
+    - issue #18249 Speed improvements when browsing a database with multiple tables
+    - issue #18060 Fix Console height "Not a non-negative number" error
+    - issue #18188 Fix issue when editing GIS data
+    - issue        Fix width/height of create routines modal and width of routines/triggers/events modals
+    - issue        Stop pmadb database detection when all features are disabled
+    - issue        Upgrade slim/psr7 to 1.4.1 for CVE-2023-30536 - GHSA-q2qj-628g-vhfw
+    - issue #17654 Fix unprivileged user cannot change password on MySQL >= 5.7.37
+    - issue #18385 Add CVE MITRE link to allowed domains and use cve.org
+    - issue #18330 Fix TypeError when no-datetime field is modified
+    - issue #18212 Fix Query Builder doesn't replace a table name with it's alias in the `WHERE` block
+    - issue #18221 Keep the criteria box collapsed by the user when un-checking the criteria checkbox
+    - issue #18363 Fix colspan for actions column on database table list
+    - issue        Fix double encoding on User Groups pages
+    - issue        Fix list of users of an user group not showing up
+    - issue        Fix duplicate query params in the SQL message card
+    - issue #18314 Fix dragged row in index form
+    - issue #17392 Fix the actions not being hidden in the Triggers, Routines, Events pages
+    - issue #18441 Fix execute routine page not working when not in a modal
+    - issue #18471 Fix SQL statement not being displayed correctly on RTL languages
+    - issue        Fix state times not getting summed in the profiling table
+    - issue        Fix a case where a fatal error message was not displayed
+    - issue #17420 Fix profiling chart not loading when profiling is activated
+    - issue #18159 Fix error when changing the number of chart columns in the monitor page
+    - issue #18403 Fix Uncaught SyntaxError: JSON.parse on makegrid conditions
+    - issue #17528 Fix double escaping of database group names in the navigation tree
+    - issue #18473 Fix the NULL not applied after clearing nullable field
+    - issue #18454 Fix date field calendar display when changing NULL state
+    - issue #18481 Fix missing pagination when using SELECT DISTINCT
+    - issue #18325 Allow hex representations for integers in the search box validation
+    - issue #14411 Fixed double tap to edit on mobile devices
+    - issue        Update documentation to reflect that Node >= 12 is required to compile the JS and CSS files
+    - issue #18578 Fixed PDF export NULL values gives a type error
+    - issue #18605 Fixed issue when executing a stored procedure
+    - issue #18650 Fixed double escaping on foreign key relation link title
+    - issue #18533 Fixed wrong count for simulated queries
+    - issue #18611 Fixed an error when searching a table without conditions
+    - issue #18663 Fixed case where triggers are dropped when moving a table
+    - issue #17404 Fixed an error message after dropping a database
+    - issue #18714 Fixed incorrect formatting of the amount of table rows
+    - issue #18717 Fixed issue when deleting bookmarks
+    - issue #18713 Fixed some issues with the GIS editor
+    - issue #18722 Fixed generic error message in the home page
+    - issue #18693 Fixed enum/set value escaping
+    - issue #18769 Improved collations support for MariaDB 10.10
+    - issue #17381 Fixed JS errors when editing indexes on create table
+    - issue #14402 Fix the PRIMARY label still shown when using two columns for a PK on create table
+    - issue #17347 Fixed JS errors when changing index settings on create table
+    - issue #18762 Fixed truncating tables when a VIEW is included
+    - issue        Fix BETWEEN search does not validate input because of spaces
+    - issue        Fix JS number validation does not validate when the input is empty or emptied
+    - issue #18561 Fix issue when adding System Monitor charts
+    - issue #17363 Fix duplicate route parameter after logging in
+    - issue #15670 Fix case where the data is truncated after changing a longtext column's collation
+    - issue #18797 Fixed support for ampersand as a arg separator
+    - issue #18834 Fixed case where column hash is empty in table relation page
+    - issue #17538 Fixed error when renaming an index
+    - issue #18865 Fix missing text-nowrap for timestamps columns
+    - issue #18613 Fixed routine editor showing wrong parameter type
+    - issue #18890 Fixed wrong row count when query has UNION
+    - issue #18949 Fixed natural sorting for items in the navigation section
+    - issue #18930 Fixed import of empty tables from MediaWiki
+    - issue #18940 Fixed issue when creating an unique key
+    - issue #19022 Fix case where tables from wrong database is loaded in navigation tree
+    - issue #18782 Fixed issue with role based auth for MySQL 8
+    - issue #18593 Fix drop db line included in server export if exporting only data
+    - issue #18049 Also check that curl_exec is enabled for the new version check
+    - issue #19023 Fixed table size for ROCKSDB engine showing as unknown
+    - issue #18451 Fix when editing inline central column, Null is always preselected
+    - issue #18495 Fixed database export missing routines
+    - issue #19117 Allow changing the virtuality of a column without any other changes
+    - issue #18566 Fixed error when importing exported view with USE INDEX hint
+    - issue #17920 Fixed moving column with empty default value will replace it with ''
+    - issue #18006 Fixed moving columns causes the default uuid() value to get quotes around it
+    - issue #18962 Fixed move columns with ENUM() & DEFAULT causes invalid SQL
+    - issue #18276 Fix on update CURRENT_TIMESTAMP doesn't show as default in attributes
+    - issue #18240 Fix inserting value with UNIX_TIMESTAMP() without a parameter
+    - issue #19125 Fixed CodeMirror tooltip is below modals
+    - issue #18674 Fix formatted sql in browse table result has a linebreak after each token
+    - issue #18210 Fixed add replica replication user on MariaDB doesn't work (SQL syntax)
+    - issue #19041 Fix footer.twig gets printed to Binary File Download
+    - issue #19091 Fix to stop processing queries on error
+    - issue #18241 Fix copy SQL query button on error messages
+    - issue #17190 Fix an error with SELECT ... FOR UPDATE queries
+    - issue #19145 Remove duplicate server and lang parameters from links
+    - issue #19158 Fix an issue with backticks on the query generator
+    - issue #19174 Fix an issue with column alias with asterisk on the query generator
+    - issue #19146 Fix column sorting with limit subquery
+    - issue #19152 Fix the number of lines being ignored in GIS visualization after a search
+    - issue #19189 Fix issue with column sorting when using 'group by'
+    - issue #19188 Fix issue with simulated queries reporting syntax errors
+    - issue #19141 Add cookie prefix '-__Secure-' to cookies to help prevent cookie smuggling
+    - issue #19218 Fix textarea horizontal resizing with Bootstap theme
+    - issue #19199 Add support for fractional seconds to current_timestamp()
+    - issue #19221 Fix query statistics for queries with count(*)
+    - issue #19203 Fix single quotes and backslashes for the query generator
+    - issue #19163 Fix queries with IS NULL or IS NOT NULL for the query generator
+    - issue #19181 Fix query generator support for IN() and NOT IN()
+    - issue #19167 Fix criteria on column '*' for the query generator
+    - issue #19213 Fix possible issue when exporting a large data set
+    - issue #19217 Fix issue when editing a cell of a JSON column
+    - issue #19244 Add yarn 1.22 to the package.json's packageManager field
+    - issue #19185 Fix visual issue when a row has only empty cells
+    - issue #19257 Fix issue when adding an index with an invalid name
+    - issue #19276 Fix compatibility with Twig 3.12
+    - issue #19283 Fix issue when the server starts with skip-innodb option
+    - issue #19299 Fix charset in procedure's parameter type
+    - issue #19316 Fix input size for hexadecimal values
+    - issue #19321 Suppress deprecation message of E_STRICT constant
+    - issue        Fix PHP 8.4 `str_getcsv` `$escape` parameter deprecation
+    - issue #19426 Fix PHP warnings when the column is a `COMPRESSED BLOB`
+    - issue        Allow opening server breadcrumb links in new tab with Ctrl/Meta key
+    - issue #19500 Use `KILL` instead of `CALL mysql.rds_kill` for non super users
+    - issue        Fix "copy to clipboard" was adding a blank row for each repeating header row
+    - issue        Fix TCPDF translations
+    - issue        Remove underline for links on Bootstrap theme
+    - issue        Fix sql editor height on multi-table query
+    - issue #18852 Fix notification color scheme on the Bootstrap dark theme
+    - issue #14542 Show the query even if no results are found in the Table search
+    - issue #16936 Fixed import (e.g. ods) doesn't respect database default collation
+    - issue #19000 Disable autocomplete for the create table/db name inputs
+
 -------------------------------------------------------------------
 Mon Feb 26 09:45:34 UTC 2024 - ecsos <ecsos@opensuse.org>
 
 - Adjustments patch macro for rpm 4.20.
 
 -------------------------------------------------------------------
-Fri May  5 07:46:47 UTC 2023 - <chris@computersalat.de>
+Fri May  5 07:46:47 UTC 2023 - chris@computersalat.de
 
 - fix deps for subpkg apache
   * definitly Requires mod_php_any

phpMyAdmin.http.inc

@@ -4,6 +4,7 @@ php_admin_flag allow_url_include off
 php_admin_flag allow_url_fopen off
 php_admin_flag zend.ze1_compatibility_mode off
 php_admin_flag safe_mode Off
+php_admin_value upload_max_filesize 64M
 # customize suhosin
 php_admin_value suhosin.post.max_array_index_length 256
 php_admin_value suhosin.post.max_totalname_length 8192

phpMyAdmin.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package phpMyAdmin
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -25,7 +25,7 @@
 %define apache_group    nogroup
 %endif
 Name:           phpMyAdmin
-Version:        5.2.1
+Version:        5.2.2
 Release:        0
 Summary:        Administration of MySQL over the web
 License:        GPL-2.0-or-later
@@ -104,7 +104,7 @@ Requires:       apache2
 Requires(post): %{_sbindir}/a2enmod
 Requires(post): %{_sbindir}/a2enflag
 Requires(post): php
-Requires(postun):%{_sbindir}/a2enflag
+Requires(postun): %{_sbindir}/a2enflag
 Requires:       mod_php_any >= 7.4
 Supplements:    packageand(apache2:%name)