| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: phpMyAdmin-apache | Distribution: SUSE Linux Enterprise 15 SP5 |
| Version: 5.2.1 | Vendor: openSUSE |
| Release: bp155.1.5 | Build date: Mon May 22 13:05:00 2023 |
| Group: Productivity/Networking/Web/Utilities | Build host: lamb56 |
| Size: 2882 | Source RPM: phpMyAdmin-5.2.1-bp155.1.5.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://www.phpMyAdmin.net/ | |
| Summary: Apache configuration for phpMyAdmin | |
This subpackage contains the Apache configuration files
GPL-2.0-or-later
* Wed Feb 08 2023 ecsos <ecsos@opensuse.org>
- Update to 5.2.1
This is a security and bufix release.
* Security
- Fix (PMASA-2023-01, CWE-661, boo#1208186, CVE-2023-25727)
Fix an XSS attack through the drag-and-drop upload feature.
* Bugfix
- issue #17522 Fix case where the routes cache file is invalid
- issue #17506 Fix error when configuring 2FA without XMLWriter or Imagick
- issue Fix blank page when some error occurs
- issue #17519 Fix Export pages not working in certain conditions
- issue #17496 Fix error in table operation page when partitions are broken
- issue #17386 Fix system memory and system swap values on Windows
- issue #17517 Fix Database Server panel not getting hidden by ShowServerInfo configuration directive
- issue #17271 Fix database names not showing on Processes tab
- issue #17424 Fix export limit size calculation
- issue #17366 Fix refresh rate popup on Monitor page
- issue #17577 Fix monitor charts size on RTL languages
- issue #17121 Fix password_hash function incorrectly adding single quotes to password before hashing
- issue #17586 Fix statistics not showing for empty databases
- issue #17592 Clicking on the New index link on the sidebar does not throw an error anymore
- issue #17584 It's now possible to browse a database that includes two % in its name
- issue Fix PHP 8.2 deprecated string interpolation syntax
- issue Some languages are now correctly detected from the HTTP header
- issue #17617 Sorting is correctly remembered when $cfg['RememberSorting'] is true
- issue #17593 Table filtering now works when action buttons are on the right side of the row
- issue #17388 Find and Replace using regex now makes a valid query if no matching result set found
- issue #17551 Enum/Set editor will not fail to open when creating a new column
- issue #17659 Fix error when a database group is named tables, views, functions, procedures or events
- issue #17673 Allow empty values to be inserted into columns
- issue #17620 Fix error handling at phpMyAdmin startup for the JS SQL console
- issue Fixed debug queries console broken UI for query time and group count
- issue Fixed escaping of SQL query and errors for the debug console
- issue Fix console toolbar UI when the bookmark feature is disabled and sql debug is enabled
- issue #17543 Fix JS error on saving a new designer page
- issue #17546 Fix JS error after using save as and open page operation on the designer
- issue Fix PHP warning on GIS visualization when there is only one GIS column
- issue #17728 Some select HTML tags will now have the correct UI style
- issue #17734 PHP deprecations will only be shown when in a development environment
- issue #17369 Fix server error when blowfish_secret is not exactly 32 bytes long
- issue #17736 Add utf8mb3 as an alias of utf8 on the charset description page
- issue #16418 Fix FAQ 1.44 about manually removing vendor folders
- issue #12359 Setup page now sends the Content-Security-Policy headers
- issue #17747 The Column Visibility Toggle will not be hidden by other elements
- issue #17756 Edit/Copy/Delete row now works when using GROUP BY
- issue #17248 Support the UUID data type for MariaDB >= 10.7
- issue #17656 Fix replace/change/set table prefix is not working
- issue Fix monitor page filter queries only filtering the first row
- issue Fix "Link not found!" on foreign columns for tables having no char column to show
- issue #17390 Fix "Create view" modal doesn't show on results and empty results
- issue #17772 Fix wrong styles for add button from central columns
- issue #17389 Fix HTML disappears when exporting settings to browser's storage
- issue #17166 Fix "Warning: #1287 'X' is deprecated [...] Please use ST_X instead." on search page
- issue Use jquery-migrate.min.js (14KB) instead of jquery-migrate.min.js (31KB)
- issue #17842 Use jquery.validate.min.js (24 KB) instead of jquery.validate.js (50 KB)
- issue #17281 Fix links to databases for information_schema.SCHEMATA
- issue #17553 Fix Metro theme unreadable links above navigation tree
- issue #17553 Metro theme UI fixes and improvements
- issue #17553 Fix Metro theme login form with
- issue #16042 Exported gzip file of database has first ~73 kB uncompressed and rest is gzip compressed in Firefox
- issue #17705 Fix inline SQL query edit FK checkbox preventing submit buttons from working
- issue #17777 Fix Uncaught TypeError: Cannot read properties of null (reading 'inline') on datepickers when re-opened
- issue Fix Original theme buttons style and login form width
- issue #17892 Fix closing index edit modal and reopening causes it to fire twice
- issue #17606 Fix preview SQL modal not working inside "Add Index" modal
- issue Fix PHP error on adding new column on create table form
- issue #17482 Default to "Full texts" when running explain statements
- issue Fixed Chrome scrolling performance issue on a textarea of an "export as text" page
- issue #17703 Fix datepicker appears on all fields, not just date
- issue Fix space in the tree line when a DB is expanded
- issue #17340 Fix "New Table" page -> "VIRTUAL" attribute is lost when adding a new column
- issue #17446 Fix missing option for STORED virtual column on MySQL and PERSISTENT is not supported on MySQL
- issue #17446 Lower the check for virtual columns to MySQL>=5.7.6 nothing is supported on 5.7.5
- issue Fix column names option for CSV Export
- issue #17177 Fix preview SQL when reordering columns doesn't work on move columns
- issue #15887 Fixed DROP TABLE errors ignored on multi table select for DROP
- issue #17944 Fix unable to create a view from tree view button
- issue #17927 Fix key navigation between select inputs (drop an old Firefox workaround)
- issue #17967 Fix missing icon for collapse all button
- issue #18006 Fixed UUID columns can't be moved
- issue Add `spellcheck="false"` to all password fields and some text fields to avoid spell-jacking data leaks
- issue Remove non working "Analyze Explain at MariaDB.org" button (MariaDB stopped this service)
- issue #17229 Add support for Web Authentication API because Chrome removed support for the U2F API
- issue #18019 Fix "Call to a member function fetchAssoc() on bool" with SQL mode ONLY_FULL_GROUP_BY on monitor search logs
- issue Add back UUID and UUID_SHORT to functions on MySQL and all MariaDB versions
- issue #17398 Fix clicking on JSON columns triggers update query
- issue Fix silent JSON parse error on upload progress
- issue #17833 Fix "Add Parameter" button not working for Add Routine Screen
- issue #17365 Fixed "Uncaught Error: regexp too big" on server status variables page
- Rebase phpMyAdmin-config.patch.
* Wed Jul 13 2022 chris@computersalat.de
- update changes file
* fix missing bugzilla information
* Thu May 12 2022 ecsos <ecsos@opensuse.org>
- Update to 5.2.0
* Bugfix
- issue #16521 Upgrade Bootstrap to version 5
- issue #16521 Drop support for Internet Explorer and others
- issue Upgrade to shapefile 3
- issue #16555 Bump minimum PHP version to 7.2
- issue Remove the phpseclib dependency
- issue Upgrade Symfony components to version 5.2
- issue Upgrade to Motranslator 4
- issue #16005 Improve the performance of the Export logic
- issue #16829 Add NOT LIKE %...% operator to Table search
- issue #16845 Fixed some links not passing through url.php
- issue #16382 Remove apc upload progress method (all upload progress code was removed from the PHP extension)
- issue #16974 Replace zxcvbn by zxcvbn-ts
- issue #15691 Disable the last column checkbox in the column list dropdown instead of not allowing un-check
- issue #16138 Ignore the length of integer types and show a warning on MySQL >= 8.0.18
- issue Add support for the Mroonga engine
- issue Double click column name to directly copy to clipboard
- issue #16425 Add DELETE FROM table on table operations page
- issue #16482 Add a select all link for table-specific privileges
- issue #14276 Add support for account locking
- issue #17143 Use composer/ca-bundle to manage the CA cert file
- issue #17143 Require the openssl PHP extension
- issue #17171 Remove the printview.css file from themes
- issue #17203 Redesign the export and the import pages
- issue #16197 Replace the master/slave terminology
- issue #17257 Replace libraries/vendor_config.php constants with an array
- issue Add the Bootstrap theme
- issue #17499 Remove stickyfilljs JavaScript dependency
- Rebase phpMyAdmin-config.patch.
* Fri Feb 11 2022 ecsos <ecsos@opensuse.org>
- Update to 5.1.3
This is a security and bufix release.
* Security
- Fix for boo#1197036 (CVE-2022-0813)
- Fix for path disclosure under certain server configurations
(if display_errors is on, for instance)
* Bugfix
- issue #17308 Fix broken pagination links in the navigation sidebar
- issue #17331 Fix MariaDB has no support for system variable "disabled_storage_engines"
- issue #17315 Fix unsupported operand types in Results.php when running "SHOW PROCESSLIST" SQL query
- issue #17288 Fixed importing browser settings question box after login when having no pmadb
- issue #17288 Fix "First day of calendar" user override has no effect
- issue #17239 Fixed repeating headers are not working
- issue #17298 Fixed import of email-adresses or links from ODS results in empty contents
- issue #17344 Fixed a type error on ODS import with non string values
- issue #17239 Fixed header row show/hide columns buttons on each line after hover are shown on each row
* Sat Jan 22 2022 ecsos <ecsos@opensuse.org>
- Update to 5.1.2
This is a security and bufix release.
* Security
- Fix boo#1195017 (CVE-2022-23807, PMASA-2022-1, CWE-661)
Two factor authentication bypass
- Fix boo#1195018 (CVE-2022-23808, PMASA-2022-2, CWE-661)
Multiple XSS and HTML injection attacks in setup script
* Bugfixes
- Revert a changed to $cfg['CharTextareaRows'] allow values
less than 7
- Fix encoding of enum and set values on edit value
- Fixed possible "Undefined index: clause_is_unique" error
- Fixed some situations where a user is logged out when working
with more than one server
- Fixed a problem with assigning privileges to a user using the
multiselect list when the database name has an underscore
- Enable cookie parameter "SameSite" when the PHP version
is 7.3 or newer
- Correctly handle the removal of "innodb_file_format" in
MariaDB and MySQL
* Sat Jun 05 2021 ecsos <ecsos@opensuse.org>
- Update to 5.1.1
- Fixes for several PHP errors
- Fixes for "$cfg['DefaultTabDatabase']" and other related configuration directives not working properly
- Fix Yaml export to quote strings even when they are numeric
- Fix TCPDF open_basedir issue due to internal guessing code from TCPDF
- Fix for quick search not working when using more than one configured server
Fix datetime decimals displayed (.00000) after edit
- Fix new lines in text fields are doubled
- Fixed URL generation by removing un-needed & escaping for & char
- Improvements for working with PHP 8.1
- Improved handling of adding a new user with the Percona database server
For a detail changelog see:
https://demo.phpmyadmin.net/master-config/index.php?route=/changelog
* Fri Feb 26 2021 ecsos <ecsos@opensuse.org>
- Update to 5.1.0
- issue #15350 Change Media (MIME) type references to Media type
- issue #15377 Add a request router
- issue Automatically focus input in the two-factor authentication window
- issue #15509 Replace gender-specific pronouns with gender-neutral pronouns
- issue #15491 Improve complexity of generated passwords
- issue #14909 Add a configuration option to define the 1st day of week
- issue #12726 Made user names clickable in user accounts overview
- issue #15729 Improve virtuality dropdown for MariaDB > 10.1
- issue #15312 Added an option to perform ALTER ONLINE (ALGORITHM=INPLACE)
when editing a table structure
- issue Added missing 'IF EXISTS' to 'DROP EVENT' when exporting databases
- issue #15232 Improve the padding in query result tool links
- issue #15064 Support exporting raw SQL queries
- issue #15555 Added ip2long transformation
- issue #15194 Fixed horizontal scroll on structure edit page
- issue #14820 Move table hide buttons in navigation to avoid hiding a table by mistake
- issue #14947 Use correct MySQL version if the version is 8.0 or above for documentation links
- issue #15790 Use "MariaDB Documentation" instead of "MySQL Documentation" on a MariaDB server
- issue #15880 Change "Show Query" link to a button
- issue #13371 Automatically toggle the radio button to "Create a page and save it" on Designer
- issue #12969 Tap and hold will not dismiss the error box anymore, you can now copy the error
- issue #15582 Don't disable "Empty" table button after clicking it
- issue #15662 Stay on the structure page after editing/adding/dropping indexes
- issue #15663 show structure after adding a column
- issue #16005 Remove symfony/yaml dependency
- issue #16005 Improve performance of dependency injection system by removing yaml parsing
- issue #15447 Disable phpMyAdmin storage database checkbox on databases list
- issue #16001 Add autocomplete attributes on login form
- issue #13519 Add "Preview SQL" option on Index dialog box when creating a new table
- issue #15954 Fixed export maximal length of created query input is too small
- issue Redesign the server status advisor page
- issue #13124 Use same height for SQL query textarea and Columns select in SQL page
- issue #16005 Add a new vendor constant "CACHE_DIR" that defaults
to "libraries/cache/" and store routing cache into this folder
- issue #16005 Warm-up the routing cache before building the release
- issue #16005 Use --optimize-autoloader when installing composer vendors before building the release
- issue #15992 Add back the table name to the printable version on "Structure" page
- issue #14815 Allow simplifying exported view syntax to only "CREATE VIEW"
- issue #15496 Add $cfg['CaptchaSiteVerifyURL'] for Google ReCaptcha siteVerifyUrl
- issue #14772 Add the password_hash PHP function as an option when inserting data
- issue #15136 Add a notice for Hex converter giving invalid results
- issue #16139 Use a textarea for JSON columns
- issue #16223 Make JSON input transformation editor less narrow
- issue #14340 Add a button on Export Page to show the SQL Query
- issue #16304 Add support for INET6 column type
- issue #16337 Fix example insert/update query default values
- issue #12961 Remove indexes from table relation
- issue #13557 Use a full list of functions instead of a separated one on insert/edit page "Function" selector
- issue #14795 Include routines in the export in a predictable order
- issue #16227 Fixed autocomplete is not working in case the table name is quoted by "`" symbols
- issue #15463 Force BINARY comparison when looking at privileges to avoid an SQL error on privileges tab
- issue #16430 Fixed Windows error message uses trailing / instead of \
- issue #16316 Added support for "SameSite=Strict" on cookies using configuration "$cfg['CookieSameSite']"
- issue #16451 Fixed AWS RDS IAM authentication doesn't work because pma_password is truncated
- issue #16451 Show an error message when the security limit is
reached instead of silently trimming the password to avoid confusion
- issue #15001 Add back Login Cookie Validity setting to the features form
- issue #16457 Add config parameters to support third-party ReCaptcha v2 compatible APIs like hCaptcha
- issue #13077 Moved tools section to left on large devices (Bootstrap xl)
- issue #15711 Moved some buttons to left on large devices (Bootstrap xl)
- issue #15584 Add $cfg['MysqlSslWarningSafeHosts'] to set the red text black when ssl is not used on a private network
- issue #15652 Replace deprecated FOUND_ROWS() function call on "distinct values" feature
- issue Export blobs as hex on JSON export
- issue #16095 Fix leading space not shown in a CHAR column when browsing a table
- issue Make procedures/functions SQL editor both side scrollable
- issue #16407 Bump pragmarx/google2fa conflict to >8.0
- issue #14953 Added a rename Button to use RENAME INDEX syntax of MySQL 5.7 (and MariaDB >= 10.5.2)
- issue #16477 Fixed no Option to enter TABLE specific permissions when the database name contains an "_" (underscore)
- issue #16498 Fixed empty text not appearing after deleting all Routines
- issue #16467 Fixed a PHP notice "Trying to access array offset on value of type null" on Designer PDF export
- issue #15658 Fixed saving UI displayed columns on a non database request fails
- issue #16495 Fix drop tables checkbox is above the checkbox for foreign keys
- issue #16485 Fix visual query builder missing "Build Query" button
- issue #16565 Added 'IF EXISTS' to 'DROP EVENT' when updating events to avoid replication issues
- issue Removed metro fonts that where Apache-2.0 files that are incompatible with GPL-2.0
- issue #16464 Made the relation view default to the current database when creating relations
- issue #16463 Fixed 'REFERENCES' privilege checkbox's title on new MySQL versions and on MariaDB
- issue #16405 Added jest as a Unit Testing tool for our javascript code
- issue #16252 Fixed the too small font size when editing rows (textareas)
- issue #16585 Fixed BLOB to JPG transformation PHP errors
- issue Made the console setup async to avoid blocking the page render
- issue #16429 Use PHP 8.0 fixed version (commit) for TCPDF
- issue #16005 Major performance improvements on browsing a lot of rows
- issue #16595 Fixed editing columns having a `_` in their name in specific conditions
- issue #16608 Fix "Sort by key" restore auto saved value
- issue #16611 Fixed unable to add tables to rename aliases twice on Export
- issue #16621 Fixed link HTML messed up in Advisor
- issue #16622 Fixed Advisor formatting incorrect for long_query_time notice
- issue #15389 Fixed reset current page indicator after deleting all rows to current page and not page 1
- issue #15997 Fixed auto save query
- issue #15997 Made auto saved query database or database+table independent
- issue #16641 Fixed query generation that was allowing JSON to have a length
- issue #15994 Fixed the selected value detection for "on update current_timestamp"
- issue #16614 Fixed PHP 8.0 dataseek offset call to the MySQLI extension
- issue #16662 Fixed Uncaught TypeError on "delete" button click of a database search results page
- issue Fixed Undefined index: selected_usr when the user tried to delete no selected user
- issue #16657 Fixed the QBE interface when the configuration storage is not enabled
- issue #16479 Fix our Selenium test-suite
- issue #16669 Fixed table search modal for BETWEEN
- issue #16667 Fixed LIKE and TINYINT in search not working properly
- issue #16424 Fixed numerical search in table and zoom
- issue Improve the version handling (new Version class) and add a VERSION_SUFFIX for vendors
- issue #14494 Fix uncaught TypeError when editing partitioning
- issue #16525 Fix PHP 8.0 failing tests when comparing 0 to ''
- issue #16429 Fixed PHP 8.0 errors on preg_replace and operand types
- issue #16490 Fixed PHP 8.0 function libxml_disable_entity_loader() is deprecated
- issue #16429 Fixed failing unit tests on PHP 8.0
- issue #16609 Fixed Sql.rearrangeStickyColumns is not a function
- Rebase phpMyAdmin-config.patch.
* Tue Dec 22 2020 Arjen de Korte <suse+build@de-korte.org>
- Use coreutils to generate blowfish secret to reduce dependencies
* Tue Dec 15 2020 Arjen de Korte <suse+build@de-korte.org>
- Attempt to migrate modified configuration file rather than just
replacing it by default configuration
* Tue Dec 15 2020 Arjen de Korte <suse+build@de-korte.org>
- The apache subpackage must require the main package, otherwise it
will not be uninstalled when the main package is uninstalled
* Sun Dec 13 2020 Arjen de Korte <suse+build@de-korte.org>
- Generate blowfish secret and enable Apache modules/flags only on
install
- Only empty temporary directory on upgrade/uninstall (not remove)
to prevent RPM warnings/errors
- Don't empty directories not owned by this package (these should
have been cleaned up by previous versions that owned them)
* Sun Dec 13 2020 Arjen de Korte <suse+build@de-korte.org>
- Use %apache_request_restart/%apache_restart_if_needed macros to restart
apache in order to prevent unneccessary restarts
* Fri Dec 11 2020 Arjen de Korte <suse+build@de-korte.org>
- Package language files in separately
* Fri Dec 11 2020 Arjen de Korte <suse+build@de-korte.org>
- Put Apache configuration files in separate subpackage
- Generate blowfish secret with openssl on non-openSUSE systems as
pwgen is not available
* Thu Dec 10 2020 Arjen de Korte <suse+build@de-korte.org>
- Use system apache rpm macros
* Mon Nov 09 2020 ecsos <ecsos@opensuse.org>
- Update to 5.0.4
- issue #16245 Fix failed Zoom search clears existing values
- issue Fixed a PHP error when reporting a particular JS error
- issue #16326 Fixed latitude and longitude swap for geometries in edit mode
- issue #16032 Fix CREATE TABLE not being tracked when auto tracking is enabled
- issue #16397 Fix compatibility problems with older PHP versions (also issue #16399)
- issue #16396 Fix broken two-factor authentication
- Changes from 5.0.3
- https://github.com/phpmyadmin/phpmyadmin/blob/RELEASE_5_0_3/ChangeLog
- Changes from 5.0.2
- https://github.com/phpmyadmin/phpmyadmin/blob/RELEASE_5_0_2/ChangeLog
- Changes from 5.0.1
- https://github.com/phpmyadmin/phpmyadmin/blob/RELEASE_5_0_1/ChangeLog
- Changes from 5.0.0
- https://github.com/phpmyadmin/phpmyadmin/blob/RELEASE_5_0_0/ChangeLog
- Set php >= 7.4 as recommends because:
Due to changes in the MySQL authentication method, PHP versions
prior to 7.4 are unable to authenticate to a MySQL 8.0 or newer
server (our tests show the problem actually began with MySQL 8.0.11).
This relates to a PHP bug https://bugs.php.net/bug.php?id=76243.
- Remove Suggests: php-mcrypt as described in boo#1050980
- Change tmpdir from ap_docroot/tmp to localstatedir/cache/phpMyAdmin.
* Fri Oct 16 2020 Andreas Stieger <andreas.stieger@gmx.de>
- phpMyAdmin 4.9.7:
* Fix two factor authentication that was broken in 4.9.6
* Fix incompatibilities with older PHP versions
* Mon Oct 12 2020 ecsos <ecsos@opensuse.org>
- Update to 4.9.6
This is a security release.
- Fix boo#1177561 (CVE-2020-26934, PMASA-2020-5) XSS relating to
the transformation feature
- Fix boo#1177562 (CVE-2020-26935, PMASA-2020-6) SQL injection
vulnerability in SearchController
* Sun May 03 2020 chris@computersalat.de
- fix for boo#1170743
phpMyAdmin installation wipes it's sysconfig apache_server_flag entry
* Sat May 02 2020 Arjen de Korte <suse+build@de-korte.org>
- Don't expand @FQDN@ from /etc/HOSTNAME (this used to set
$cfg['PmaAbsoluteUri'] parameter, but this variable is no longer
in the config.sample.ini file)
* Thu Apr 23 2020 Dominique Leuenberger <dimstar@opensuse.org>
- Drop python-devel BuildRequires: python2 is EOL and this seems
unused.
- Drop xz BuildRequires: OBS takes care of unpacking the tarball.
* Mon Mar 23 2020 ecsos@opensuse.org
- Update to 4.9.5
This is a security release containing several bug fixes.
* CVE-2020-10804: SQL injection vulnerability in the user
accounts page, particularly when changing a password
(boo#1167335, PMASA-2020-2)
* CVE-2020-10802: SQL injection vulnerability relating to the
search feature (boo#1167336, PMASA-2020-3)
* CVE-2020-10803: SQL injection and XSS having to do with
displaying results (boo#1167337, PMASA-2020-4)
* Removing of the "options" field for the external
transformation.
* Tue Jan 21 2020 chris@computersalat.de
- fix for boo#1092345
* change ap_docroot from /srv/www/htdocs to /usr/share
work is based on changes provided by ecsos@opensuse.org
if phpMyAdmin.conf for apache was changed by local admin, we will
create a backup and replace the original file with the new version
sorry admins, but you need to apply your changes again
* needed Alias /phpMyAdmin is an enabled APACHE_SERVER_FLAGS default
for more info have a look into /etc/apache2/conf.d/phpMyAdmin.conf
- cleanup tmp/twig on
* uninstall
* ap_docroot change
* Wed Jan 08 2020 chris@computersalat.de
- update to 4.9.4 (2020-01-07)
* https://github.com/phpmyadmin/phpmyadmin/blob/RELEASE_4_9_4/ChangeLog
- fix for boo#1160456
* PMASA-2020-1 (CVE-2020-5504, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2020-1/
- SQL injection in user accounts page
- fix changes about corresponding PMASA
* Mon Dec 30 2019 ecsos@opensuse.org
- phpMyAdmin 4.9.3
* Several PHP notices and warnings including "Undefined index
table_create_time," a notice about error_reporting() being
disabled for security reasons, and several Undefined Index
errors.
* Support CloudFront-Forwarded-Proto header for Amazon CloudFront
proxy
* Early compatibility with development versions of PHP 8
* Fix replication actions (start, stop, etc)
* Sat Nov 23 2019 Andreas Stieger <andreas.stieger@gmx.de>
- phpMyAdmin 4.9.2:
* CVE-2019-18622: SQL injection in Designer feature (PMASA-2019-5, boo#1157614)
* Fixes for "Failed to set session cookie" error
* Advisor with MySQL 8.0.3 and newer
* Fix PHP deprecation errors
* Fix a situation where exporting users after a delete query could
remove users
* Fix incorrect "You do not have privileges to manipulate with the
users!" warning
* Fix copying a database's privileges and several other problems
moving columns with MariaDB
* Fix for phpMyAdmin not selecting all the values when using
shift-click to select during Export
* Sat Sep 21 2019 Andreas Stieger <andreas.stieger@gmx.de>
- phpMyAdmin 4.9.1:
* CVE-2019-12922: hardening against CSRF (no PMASA, boo#1150914)
* Editing columns with CURRENT_TIMESTAMP for MySQL versions 8.0.13
and newer
* Compatibility issues with PHP 8
* Export of GIS visualization
* Enhanced descriptions for several collation types
* Creating a user with a single quote in the password string
* Unexpected quotes during import and export on text fields
* Improvements to adding new tables to Designer
* Fix an issue where an authenticated user could trigger heavy
traffic between the database server and web server
* Fix a weakness where an attacker, under certain conditions,
working at the same time as an administrator is using the setup
script, could delete a server from the setup script
* Sun Jun 30 2019 chris@computersalat.de
- fix changelog
* add missing boo# with relation to CVE and PMASA
- rebase phpMyAdmin-config.patch
* Wed Jun 05 2019 ecsos@opensuse.org
- phpMyAdmin 4.9.0.1:
* Several issues with SYSTEM VERSIONING tables
* Fixed json encode error in export
* Fixed JavaScript events not activating on input
(sql bookmark issue)
* Show Designer combo boxes when adding a constraint
* Fix edit view
* Fixed invalid default value for bit field
* Fix several errors relating to GIS data types
* Fixed javascript error PMA_messages is not defined
* Fixed import XML data with leading zeros
* Fixed php notice, added support for 'DELETE HISTORY' table
privilege (MariaDB >= 10.3.4)
* Fixed MySQL 8.0.0 issues with GIS display
* Fixed "Server charset" in "Database server" tab showing wrong
information
* Fixed can not copy user on Percona Server 5.7
* Updated sql-parser to version 4.3.2, which fixes several
parsing and linting problems
- fix for boo#1137497
* PMASA-2019-4 (CVE-2019-12616, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2019-4/
- CSRF vulnerability in login form
- fix for boo#1137496
* PMASA-2019-3 (CVE-2019-11768, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2019-3/
- SQL injection in Designer feature
* Fri Feb 01 2019 andreas.stieger@gmx.de
- phpMyAdmin 4.8.5:
* CVE-2019-6799: Arbitrary file read vulnerability (PMASA-2019-1,
bsc#1123272)
* CVE-2019-6798: SQL injection in the Designer interface
PMASA-2019-2, bsc#1123271)
* Fix rxport to SQL format not available
* Fix QR code not shown when adding two-factor authentication to
a user account
* Fix issue with adding a new user in MySQL 8.0.11 and newer
* Fix frozen interface relating to Text_Plain_Sql plugin
* Fix missing table level operations tab
* Wed Dec 12 2018 ecsos@opensuse.org
- update to 4.8.4 (2018-12-11)
- gh#14452 Remove hash param in edit query URL
- gh#14295 Issue in Changing theme
- gh#13267 Ensure that database names with '.' are handled
properly when DisableIS is true
- gh#14438 Invisible Icon "Show Full Queries"
- gh#14133 CSS issue in Designer
- gh#14447 Error while copying database (pma__column_info)
- gh#14571 "No database selected" - DROP a view
- gh#14636 Move operation causes SELECT * FROM `undefined`
- gh#14630 Enum '0' produces incorrect search SQL
- gh#14223 Fix TypeError in database designer
- gh#13621 QBE selenium tests broken since merge of #13342
- gh#14672 When logging with $cfg['AuthLog'] to syslog,
successful login messages were not logged even if
$cfg['AuthLogSuccess'] was true.
- gh#14339 Fix infinite loop when sorting table rows by key.
- gh#14658 Regression on multi table query functionality
(foreign keys)
- gh#14617 Fix designer errors when database is empty
- gh#13032 Fix designer errors when database contains special
chars
- gh#14352 Fix designer javascript errors
- gh#14764 Fix left/right icons hidden
- fix for boo#1119245
- PMASA-2018-6 (CVE-2018-19968, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2018-6/
- PMASA-2018-7 (CVE-2018-19969, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2018-7/
- PMASA-2018-8 (CVE-2018-19970, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2018-8/
* Thu Aug 23 2018 ecsos@opensuse.org
- update to 4.8.3 (2018-08-22)
- gh#14314 Error when naming a database '0'
- gh#14333 Fix NULL as default not shown
- gh#14229 Fixes issue with recent table list
- gh#14045 Fix slow performance on DB structure filtering
- gh#14327 Fix Editing server variable not showing save or cancel
option
- gh#14377 Populate options for view create and edit
- gh#14171 2FA configuration fails if PHP doesn't have GD support
- gh#14390 Can't unhide tables
- gh#14382 "Visualize GIS data" icon missing
- gh#14435 Event scheduler status toggle doesn't work
- gh#14365 View not working on multiple servers
- gh#14207 Partition actions in table structure do not work
- gh#14375 Fixes ERR_BLOCKED_BY_XSS_AUDITOR on export table
- gh#14552 Blank message shown instead of MySQL error when adding
trigger and other locations
- gh#14525 Fix PHP 7.3 warning: "continue" in "switch" is equal
to "break"
- gh#14554 Icon missing when creating a new trigger, routine,
and event
- gh#14422 Table comment not showing since 4.8.1
- gh#14426 Drop table doesn't work when you copy tables to
another database
- gh#14581 Escaped HTML in 'Add a new server' setup
- gh#14548 [security] HTML injection in import warning messages,
see PMASA-2018-5
- fix for boo#1105726
- PMASA-2018-5 (CVE-2018-15605, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2018-5/
* Tue Jul 31 2018 chris@computersalat.de
- fix for boo#1103305
* add missing dependency for php-ctype
* Fri Jun 22 2018 chris@computersalat.de
- update to 4.8.2 (2018-06-21)
* issue #14370 WHERE 0 causes Fatal error
* issue #14225 Fix missing index icon
- fix for boo#1098752
* PMASA-2018-3 (CVE-2018-12581, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2018-3/
- XSS in Designer feature
- fix for boo#1098751
* PMASA-2018-4 (CVE-2018-12613, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2018-4/
- File inclusion and remote code execution attack
- some minor changelog fixes about security fix entries
* Sat May 26 2018 ecsos@opensuse.org
- update to 4.8.1 (2018-05-25)
* gh#12772 Fix case where the central columns attributes don't
get filled in
* gh#14049 Fix case where the query builder doesn't work when
selected column is *
* gh#14029 Revert "Browse" table CSS overflow
* gh#14241 Dropping indexes and foreign keys fail
* gh#14227 Relational linking broken
* gh#14246 Fixed error in configuration storage zero config
* gh#14128 Show 2FA Secret next to QR code
* gh#14212 XML Export from single table throws fatal error
* gh#14239 Line and some other charts ignore result set order of
values chosen for the x-axis
* gh#14260 Fixed configuration for DefaultLang and Lang
* gh#14264 Linking for 'Distinct values' broken
* gh#13968 Fix MariaDB 10.2 current_timestamp()
* gh#14249 Fix for missing go button in view edit
* gh#14125 Fix for issues with spatial fields
* gh#14189 Remember table's sorting broken
* gh#14289 Fix multi-column sorting
* gh#14278 Fix central columns in-line edit bug
* gh#14066 Fix AUTO_INCREMENT error when only exporting table
structure in database-level exports
* gh#13893 Simulating queries produces unexpected results
* gh#14309 Setup script icons missing
* Fri Apr 20 2018 ecsos@opensuse.org
- update to 4.8.0.1 (2018-04-19)
- fix for boo#1090309
* PMASA-2018-2 (CVE-2018-10188, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2018-2/
- Multiple CSRF vulnerabilities
* Wed Apr 11 2018 ecsos@opensuse.org
- fix wrong require /usr/bin/bash to /bin/bash so phpMyAdmin could
install
- insert missing templates dir in htaccess
See https://docs.phpmyadmin.net/de/latest/setup.html#securing-your-phpmyadmin-installation
- create tmp dir and insert this in htaccess to fix the errormessage
after login
* Wed Apr 11 2018 javier@opensuse.org
- spec clean up
* Let rpm find the library dependencies by itself. Remove
unneeded explicit Requires: tags (php-zlib)
* Remove logic for obsolete openSUSE releases
* Ignore pem-certificate rpmlint warning (see
libraries/certs/README.rst)
* Remove hidden .github, .php_cs.dist, .scrutinizer.yml and
.editorconfig
* Remove php_twig.h and twig.c (devel)
* Set proper shebang for bash and php scripts
* Make phpmyadmin/sql-parser/bin/*-query and
paragonie/random_compat/*.sh executable
* Wed Apr 11 2018 javier@opensuse.org
- update to 4.8.0 (2018-04-07)
* gh#12946 Allow to export JSON with unescaped unicode chars
* gh#12983 Disable login button without solved reCaptcha
* gh#12315 Allow to remove individual segments from pie charts
* gh Change label from "Improve table structure" to
"Normalize" to match standard terminology
* gh#13087 Offer login as different user on access denied from
MySQL
* gh#13110 Indicate when HTTPS is not properly reported on the
server
* gh#13119 No database selected error when adding foreign key
* gh#12388 Improved database search to allow search for exact
phrase match
* gh#13099 Report error when trying to copy database to same
name
* gh#13167 Themes now have to contain metadata in theme.json
* gh#6363 phpMyAdmin no longer requires eval() in PHP
* gh#12386 The mbstring dependency is now optional
* gh#13269 Small refactoring in preparation to CSP
* gh#13384 Database link broken in Databases Page
* gh#13391 Configurable authentication logging using
$cfg['AuthLog']
* gh#13086 Add support for Google Invisible Captcha
* gh#13058 Improved error reporting for reCAPTCHA
* gh#12899 Improved rendering of server variables table
* gh#12948 Fixed javascript editor for TIME values
* gh#13095 Fixed alignment of foreign keys editing
* gh#12944 Improved inline editor for JSON
* gh#13145 Improved layout of operations pages
* gh#13448 Add "format" query button in edit view form
* gh#6241 Implement Responsive Design/mobile interface
* gh Use a single location for classes under PhpMyAdmin
namespace
* gh#12354 Indicate SSL status on main page
* gh#5666 Configuration directives for defaults of Transformation
options
* gh#12261 Remove inline JavaScript
* gh#13408 Show MySQL warnings when executing SQL queries
* gh#5827 Allow Designer to show tables from other databases
* gh#13268 Replace Query-By-Example with multi-table query
generator interface
* gh#13576 Add privileges export to per-database listing
* gh Consolidate functions into class files
* gh#13560 Add support for changing collation for all tables and
columns in database
* gh#13303 Add support for creating fulltext index from table
structure
* gh#13711 Lower default value for $cfg['MaxExactCount']
* gh#13722 DisableIS is not fully honored
* gh#6197 Added support for authentication using U2F and 2FA
* gh#13480 Avoid removing cookies on upgrade
* gh#13397 Remember state of navigation panel
* gh#11688 Reduced cookie usage
* gh#13466 Better utilization of user preferences
* gh#14042 Rename PMD to Designer
* gh#13940 Honor arg_separator in AJAX requests
* gh#14060 Can't edit rows in Internet Explorer
* gh#14096 Internet Explorer compatibility; fixes JavaScript error
Object doesn't support property or method 'startsWith'
* Tue Mar 06 2018 ecsos@opensuse.org
- update to 4.7.9 (2018-03-05)
* gh#13931 Fixed browsing tables with more results
* gh#13927 "Not an integer" when browsing a table
* gh#13887 "Input variables exceeded 1000" error relating
to PHP's max_input_vars directive
* Thu Feb 22 2018 astieger@suse.com
- phpMyAdmin 4.7.8:
* Fixed error handling with PHP 7.2
* Fixed resetting default setting values
* Fixed fallback value for collation connection
- fix for boo#1082188
* PMASA-2018-1 (CVE-2018-7260, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2018-1/
- Fix XSS in Central Columns Feature
* Mon Dec 25 2017 astieger@suse.com
- phpMyAdmin 4.7.7:
* Fixed displaying of formatted numeric values for some locales
* Ensure datetimepicker is always loaded for datetime fields
* Fixed PHP error when browsing certain results
* Fix XSRF/CSRF vulnerability (bsc#1074066, PMASA-2017-09)
CVE-2017-1000499
* Sat Dec 02 2017 ecsos@opensuse.org
- update to 4.7.6 (2017-11-29)
* gh#13517 Fixed check all interaction with filtering
* gh#13803 Add SJIS-win to default list of allowed charsets
* gh#13436 Improve detection that MySQL server needs SSL connection
* gh#13038 Support JSON datatype on MariaDB 10.2.7 and newer
* gh#13824 Fixed constructing ALTER query with AFTER
* gh#13821 Lock page when changes are done in the SQL editor
* gh#13842 Prefer iconv for encoding conversions
* gh#13737 Fixed changing password on MariaDB cluster
* Sun Nov 26 2017 suse+build@de-korte.org
- fix for boo#1057661
* no longer require php_mod_any (recommend it instead)
* only enable php5 / php7 if running Apache prefork MPM
- fix %post
* use sed instead of grep/awk to determine PHP version
* Tue Oct 24 2017 ecsos@opensuse.org
- update to 4.7.5 (2017-10-23)
* gh#13615 Avoid problems with browsing unknown query types
* gh#13612 Integrate tooltip into datetime pickers
* gh#13628 Fixed javascript error in server monitor
* gh#13444 Fixed server monitor on non Linux and Windows systems
* gh#13633 Reload javscript messages when changing language
* gh#13604 Fixed crash on invalid ordering data
* gh#13639 Fixed error when browsing non SELECT results
* gh#13533 Fixed saving column to display
* gh#13647 Fixed export of tables with VIRTUAL columns
* gh#13669 Fixed selecting multiple rows accidentally selects
the next row too
* gh#13513 Fixed edit index Column alignment issue
* gh#13515 Fixed rendering of add index dialog
* gh#13710 Fixed possible error in server advisor
* gh#13477 Fixed setting input transformations
* gh#13552 Fixed IPv4/IPv6 To Binary input transformation
* gh#13686 Clicking on column name to trigger sort with an active
search leads to logout
* gh#13725 Fixed copying tables with specific PARTITION
definition
* gh#13761 Fixed listing of bookmarks for a database
* Fri Sep 08 2017 chris@computersalat.de
- fix recommends
* php5-curl -> php-curl
* php5-zip -> php-zip
- fix post step
* enable correct phpX module
* Fri Aug 25 2017 ecsos@opensuse.org
- update to 4.7.4
* gh#13415 Remove shadow from the logo
* gh#13507 Fixed per server theme feature
* gh#13523 Missing newline in ALTER exports
* gh#13414 Fixed several compatibility issues with PHP 7.2
* gh#13550 Fixed copy results to clipboard
* gh#13562 Add limitation for user group length
* gh#13561 Fixed edit variable link in advisor
* gh#13579 Optimize table link should not be visible in print
page
* gh#13553 Improved error handling on corrupted tables
* gh#13512 Fixed rendering of add index dialog
* gh#13606 Fixed refreshing server variables
* Fri Jul 28 2017 chris@computersalat.de
- fix for boo#1050980
* replace mcrypt with openssl, see
https://github.com/phpseclib/phpseclib/issues/1028
- update changes (update to 4.6.6 (2017-01-23))
* add missing (CVE-Not yet available) CVE's
* Sat Jul 22 2017 ecsos@opensuse.org
- update to 4.7.3
* gh#13447 Large multi-line query removes Export operation and
blanks query box options
* gh#13445 Fixed rendering of query results
* gh#13437 Fixed version check when not connected to a database
* gh#13465 Fixed creating relation
* gh#13475 Fixed export without backquotes
* gh#13482 Improved handling of uploaded files with open_basedir
* gh#13387 Fixed inline editing of hex values
* gh#13382 Fixed size of index edit dialog
* gh#13489 Fixed rendering SQL lint errors
* gh#13468 Avoid breakage if set_time_limit is disabled
* gh#13471 Fail if ini_set/ini_get are disabled
* gh#13436 Automatically connect using SSL when server is
configured so
* gh#13478 Fixed usage of some browser transformations
* Sun Jul 02 2017 ecsos@opensuse.org
- update to 4.7.2 (2017-06-29)
* gh#13314 Make theme selection keep current server
* gh#13311 Fixed direct login for accounts without password
* gh#13316 Fixed check for mbstring.func_overload
* gh#13323 Fixed wrong encoding of table at triggers
* gh#12976 Fixed natural sorting in several places
* gh#12718 Show warning for users removed from mysql.user table
* gh#13362 Fixed loading additional javascripts
* gh#13343 Fixed editing QBE
* gh#13193 Improved documentation on user settings
* gh#13092 Gracefully handle early fatal errors in AJAX requests
* gh#13327 Fixed Incorrect NavigationTreeEnableExpansion default
value in the documentation
* gh#13008 Fixed export of database with a lot of tables
* gh#13318 Improved performance when importing with enabled
tracking
* gh#13386 Avoid PHP errors with non existing configuration on
OS X
* gh#13388 Show only supported charsets for conversion
* gh#13392 Fixed operation with session.auto_start enabled
* gh#13383 "Create PHP code" is broken
* gh#13189 Fixed links to resume timeouted import
* Fri Jun 02 2017 ecsos@opensuse.org
- update to 4.7.1 (2017-05-25)
* gh#13132 Always execute tracking queries as controluser
* gh#13125 Focus on SQL editor after inserting field name
* gh#13133 Fixed broken links in setup
* gh#13135 Database list Tooltips: Show wrong value
* gh#13150 Fixed pagination while browsing resuls
* gh#13149 Fixed outbound links in changelog.php
* gh#13146 Do not include devel dependencies in the release
* gh#13144 Do not show New as a database in database dropdown
* gh#13130 Fixed handling of errors in AJAX requests
* gh#13152 Fixed PHP error in case of invalid table preferences
* gh#13154 Fixed PHP error on password change
* gh#13219 Fix Refresh of Process List
* gh#13182 Fix refresh of long queries
* gh#12301 Improved handling of logout with disabled
LoginCookieDeleteAll
* gh#13216 Add support for MySQL 8.0 collations
* gh#13218 Fixed rendering of phpMyAdmin logos
* gh#13234 Properly report not working sessions
* gh#13256 Fixed password check on server replication
* gh#13252 Fixed grid editing time column
* gh#13258 Fixed detection of Amazon RDS
* gh#13241 Redirect user to last page that has any tables to
display
* gh#13266 Fix link to User accounts overview page
* gh#13274 Fix error in query builder
* gh#13177 Grid editing repeats action after error
* Sat Apr 22 2017 chris@computersalat.de
- restore phpMyAdmin-pma.patch
* because it is NOT upstream and needed for configuration storage
- restore previous phpMyAdmin-config.patch
* merge with upstream config VAR changes
- removed $cfg['Servers'][$i]['designer_coords']
* Sat Apr 01 2017 ecsos@opensuse.org
- update to 4.7.0 (2017-03-28)
* gh#12233 [Display] Improve message when renaming database to
same name
* gh#6146 Log authentication attempts to syslog
* gh#11981 Remove support for Swekey authentication
* gh#11987 Remove code for no longer supported MSIE versions
* gh#11962 Remove embedded PHP libraries, use composer to install
them
* gh#12017 Cannot easily select multiple tables when exporting
* gh#12047 Add javascript filtering for databases
* gh#12166 More compact rendering of navigation tree
* gh#12129 Improve performance with SkipLockedTables
* gh#12173 Do not hide indexes under a slider
* Improve performance of zip file import
* gh#12196 Removed $cfg['ThemePath']
* gh#6274 Add support for export user settings as config.inc.php
snippet
* gh#5555 Better report query errors while generating SQL exports
* gh#12307 Produce valid JSON on export
* gh#12325 Setup script icons broken
* gh#12378 Support IPv6 proxies
* Removed MySQL connection retry without password
* gh#12218 Allow to specify further parameters for control
connection
* gh#12162 Show charset for each table on Database structure page
* gh#12463 Incorrect link in the href of icon at Hide/Show unhide
links
* gh#12330 Shortcut for closing console
* gh#12465 Improved handling of http requests
* gh#12474 Broken links in Setup forms Navigation
* gh#12494 Can't add a new User
* gh#12523 Add 'token' Parameter in all POST requests
(Fix 'Token mismatch' errors)
* gh#12302 Improved usage of number_format
* gh#12656 Server selection not working
* gh#12543 NULL results in dataset are colored grey
* gh#12664 Create Bookmark broken
* gh#12688 Use unsigned int for storing bookmark ID
* gh#12352 Added password strength indicator
* gh#12713 Correctly handle HTTP status when doing requests
* gh#12247 Add option to delete settings from browser storage
* gh#12783 Remove unused PMA_addJSCode function
* gh#12069 Add table filtering to database structure
* gh#12799 Allow to configure signon session parameters
* gh#12854 Drop database is broken
* gh#12863 Can't toggle Event Scheduler on
* gh#12742 Finish removing dead code references to xls/xlsx
import and export, which was removed some time ago.
* gh#12536 Rename "Relations" to "Relationships" in many places
as it's the more proper term
* gh#12834 Fixed margins in central columns feature
* gh#12903 Document more export configuration options
* gh#12897 Use consistent numeric format for table overhead
* gh#12901 Use server returned table name on renaming table
* gh#12918 Always use \r\n as newline when editing fields
* gh#12923 Fixed server side search in navigation panel
* gh#12929 Undefined index warning with ssl_ca_paths
* gh#12924 Do not show errors from OpenSSL cookie
encryption/decryption
* gh#12945 Fixed hint rendering on adding new user
* gh#12941 Fixed sorting of tables in relation view
* gh#12936 Fixed tables pagination in navigation panel
* gh#12904 Do not collapse add form for central columns if there
are none
* gh#12955 Fixed database renaming
* gh#12954 Fixed export of tracking data
* gh#12960 Enclose exports in transaction by default
* gh#12966 After adding a column ADD INDEX option won't be
displayed when enabling AI
* gh#12972 Better error message when Composer has not been run
* gh#12988 Do not show language selector without choices
* gh#12993 Fixed external links to php documentation
* gh#12990 Fixed error when loading favorite tables to console
* gh#12981 Improved rendering of new version information
* gh#12922 Fixed bookmarks ordering
* gh#12964 Fixed table search in navigation
* gh#12985 Fixed rendering of foreign key browsing
* gh#12957 Fixed manipulation with GIS data having zero
coordinates
* gh#12804 Fixed various designer javascript errors
* gh#12934 Fixed possible javascript error on server status page
* gh#12927 Fixed javascript error on 3NF normalization
* gh#12996 List all databses in navigation panel database
dropdown
* gh#12980 Better defaults when creating multi field foreign key
* gh#12976 Improved foreign key editor behavior
* gh#12958 Always show error reporting dialog on top
* gh#12693 Improved support for TokuDB
* gh#11231 Try harder to honor LoginCookieValidity setting
* gh#13016 and #13017 Slight improvements to the table layout of
Relation view
* gh#12345 Correctly show affected rows for LOAD DATA queries
* gh#13010 Copy database: SQL error for copying PMADB metadata
* gh#13002 Fixed OpenDocument exports
* gh#13000 Align NULL values according to the column alignment
* gh#13021 Show phpMyAdmin errors even with error_reporting
set to 0
* gh#13020 Removed warning about client and server versions
mismatch
* Hide comments on table Structure tab when no comment is set
* Fixed submission of error reports
* gh#13033 Use Referrer-Policy header to specify referrer policy
* Fixed javascript confirmation of dangerous queries
* gh#13040 Compatibility with hhvm 3.18
* gh#13031 Fixed displaying of all rows
* gh#12967 Fixed related field selection for native relations
* gh#13045 Properly escape MIME transformatoin names
* gh#13028 Always show 100% in font selector
* gh#13047 Fix query simulating for more servers
* gh#12846 Fix new version check for sites with wrongly
configured curl
* gh#12951 When exporting to Excel, the default is now to include
column names in the first row
* gh#13059 Removed debugging code
* gh#13029 Fixed table tracking for nested table groups
* gh#13053 Fixed broken links in setup
* gh#12708 Removed phpMyAdmin version from User-Agent header
* gh#13084 Do not point users to setup when it is disabled
* gh#12660 Delete only phpMyAdmin cookies on upgrade
* gh#13088 Fixed editing of rows with text primary key
* gh#13092 Do not try to sync favorite tables if configuration
storage is not enabled
* gh#13105 Fixed changing attribute for virtual field
* gh#12757 Fixed setting password on recent MariaDB with non
working plugins
* gh#12349 Fixed undefined variable on import from some formats
* gh#13103 Do not offer default names for copying/renaming
databases
* [security] Possible to bypass
$cfg['Servers'][$i]['AllowNoPassword'], see PMASA-2017-08
- Drop patch phpMyAdmin-pma.patch because now in upstream
* Mon Mar 20 2017 chris@computersalat.de
- add http.inc file
* include one file for php5/php7 admin flags/values
* Wed Jan 25 2017 chris@computersalat.de
- 4.6.6 (2017-01-23)
* gh#12759 Fix Notice regarding 'Undefined index: old_usergroup'
* gh#12760 Fix Notice regarding 'Undefined index: users'
* gh#12762 Fixed parsing of SQL with BINARY function
* gh#12588 ReCaptcha now works without allow_url_fopen
* gh#12699 Show no local storage warning only on settings tab
* gh#12778 Syntax Error in Adding/Changing TIMESTAMP columns with
default value as NULL
* gh#12769 Edit/Export links are not clickable under Routines tab
* gh#12757 Fixed creating new user with older MariaDB
* gh#12784 Remove ctype installation suggestion
* gh#12780 Format button replaces all text with blank spaces
* gh#12786 Fixed database searching
* gh#12792 Fixed javascript error on new version link
* gh#12785 Add information about required and suggested extensions
to composer.json
* gh#12801 Custom header shown twice with cookie login form
* gh#12802 Custom footer not shown with auth_type http login failure
* gh#12434 Improve documentation for servers running with Suhosin
* gh#12800 Updated embedded phpSecLib to 2.0.4
* gh#12800 Fixed various issues with PHP 7.1
* gh#11816 Fixed operation with lower_case_table_names=2
* gh#12813 Fixed stored procedure execution
* gh#12826 Honor user configured connection collation
* gh#12293 Correctly report OpenSSL errors from cookie encryption
* gh#12814 DateTime won't allow to input length in Routine editor
* gh#12840 Fix Notice regarding 'Undefined index: row_format' when
altering table options
* gh#12841 Fixed moving of columns with whitespace in name
* gh#12847 Fixed editing of virtual columns
* gh#12859 Changed WHERE condition to 0 instead of 1 for SQL query
window to avoid accidents
* gh#12872 Use same query for display and execution when dropping
index
* gh#12868 Fix check for user groups freatures being enabled
* gh#12876 Fix notices and warning related to dbs_to_test global
* gh#12831 Fix table formatting on Insert tab, which mostly
affected row highlighting
* gh#12495 Reintroduced phpinfo page with limited capabilities
* gh#12861 Fix renaming tables with lower_case_table_names=2
* gh#12876 Fix possible PHP error in navigation
* gh#12881 Fix database search with newer php-gettext
* gh#12894 Fix linter error on unterminated variable name
* gh#12732 Fixed filtering for active processes
- fix for boo#1021597
* PMASA-2016-44 (CVE-2016-6621, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2016-44/
- Multiple vulnerabilities in setup script
* PMASA-2017-1 (CVE-2017-1000013, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2017-1/
- Open redirect
* PMASA-2017-2 (CVE-2015-8980, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2017-2/
- php-gettext code execution
* PMASA-2017-3 (CVE-2017-1000014, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2017-3/
- DOS vulnerabiltiy in table editing
* PMASA-2017-4 (CVE-2017-1000015, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2017-4/
- CSS injection in themes
* PMASA-2017-5 (CVE-2017-1000016, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2017-5/
- Cookie attribute injection attack
* PMASA-2017-6 (CVE-2017-1000017, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2017-6/
- SSRF in replication
* PMASA-2017-7 (CVE-2017-1000018, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2017-7/
- DOS in replication status
- remove obsolete phpMyAdmin-12757_sql_syntax_errror.patch
- rework phpMyAdmin-config.patch
* Thu Jan 19 2017 ecsos@opensuse.org
- Add Patch phpMyAdmin-12757_sql_syntax_errror.patch to fix
gh#12757 SQL syntax errror on MariaDB < 10.0.2 in check for mysql
password check plugin.
Will be fixed in 4.6.6
* Tue Dec 06 2016 chris@computersalat.de
- update to 4.6.5.2 (2016-12-05)
* gh#12765 Fixed SQL export with newlines
- update changes (update to 4.6.5 (2016-11-25))
* add missing (Not yet available) CVE's
- fix phpMyAdmin.http
* Sat Nov 26 2016 ecsos@opensuse.org
- update to 4.6.5.1 (2016-11-26)
- quick fix for 4.6.5
* an issue affecting a small number of users using
$cfg['Servers'][$i]['hide_db'] or $cfg['Servers'][$i]['only_db'].
* an issue affecting the create table dialog where the partition
selection tool was overzealous and made it difficult to create
a new table.
- update to 4.6.5 (2016-11-25)
- security fixes
* Fix for expanding in navigation pane
* Reintroduced a simplified version of PmaAbsoluteUri directive
(needed with reverse proxies)
* Fix editing of ENUM/SET/DECIMAL field structures
* Improvements to the parser
- other fixes
* Remove potentionally license problematic sRGB profile
* gh#12459 Display read only fields as read only when editing
* gh#12384 Fix expanding of navigation pane when clicking on database
* gh#12430 Impove partitioning support
* gh#12374 Reintroduced simplified PmaAbsoluteUri configuration
directive
* Always use UTC time in HTTP headers
* gh#12479 Simplified validation of external links
* gh#12483 Fix browsing tables with built in transformations
* gh#12485 Do not show warning about short blowfish_secret if none
is set
* gh#12251 Fixed random logouts due to wrong cookie path
* gh#12480 Fixed editing of ENUM/SET/DECIMAL fields structure
* gh#12497 Missing escaping of configuration used in SQL
(hide_db and only_db)
* gh#12476 Add error checking in reading advisory rules file
* gh#12477 Add checking missing elements and confirming element
types from json_decode
* gh#12251 Automatically save SQL query in browser local storage
rather than in cookie
* gh#12292 Unable to edit transformations
* gh#12502 Remove unused paramenter when connecting to MySQLi
* gh#12303 Fix number formatting with different settings of
precision in PHP
* gh#12405 Use single quotes in PHP code
* gh#12534 Option for the dropped column is not removed from
'after_field' select, after the column is dropped
* gh#12531 Properly detect DROP DATABASE queries
* gh#12470 Fix possible race condition in setting URL hash
* gh#11924 Remove caching of server information
* gh#11628 Proper parsing of INSERT ... ON DUPLICATE KEY queries
* gh#12545 Proper parsing of CREATE TABLE ... PARTITION queries
* gh#12473 Code can throw unhandled exception
* gh#12550 Do not try to keep alive session even after expiry
* gh#12512 Fixed rendering BBCode links in setup
* gh#12518 Fixed copy of table with generated columns
* gh#12221 Fixed export of table with generated columns
* gh#12320 Copying a user does not copy usergroup
* gh#12272 Adding a new row with default enum goes to no selection
when you want to add more then 2 rows
* gh#12487 Drag and drop import prevents file dropping to blob
column file selector on the insert tab
* gh#12554 Absence of scrolling makes it impossible to read longer
text values in grid editing
* gh#12530 "Edit routine" crashes when the current user is not the
definer, even if privileges are adequate
* gh#12300 Export selective tables by-default dumps Events also
* gh#12298 Fixed export of view definitions
* gh#12242 Edit routine detail dialog does not fill "Return length"
field in mysql functions
* gh#12575 New index Confirm adds whitespace around the field name
* gh#12382 Bug in zoom search
* gh#12321 Assign LIMIT clause only to syntactically correct queries
* gh#12461 Can't Execute SQL With Sub-Query Due To "LIMIT 0,25"
Inserted At Wrong Place
* gh#12511 Clarify documentation on ArbitraryServerRegexp
* gh#12508 Remove duplicate code in SQL escaping
* gh#12475 Cleanup code for getting table information
* gh#12579 phpMyAdmin's export of a Select statment without a FROM
clause generates Wrong SQL
* gh#12316 Correct export of complex SELECT statements
* gh#12080 Fixed parsing of subselect queries
* gh#11740 Fixed handling DELETE ... USING queries
* gh#12100 Fixed handling of CASE operator
* gh#12455 Query history stores separate entry for every letter
typed
* gh#12327 Create PHP code no longer works
* gh#12179 Fixed bookmarking of query with multiple statements
* gh#12419 Wrong description on GRANT OPTION
* gh#12615 Fixed regexp for matching browser versions
* gh#12569 Avoid showing import errors twice
* gh#12362 prefs_manage.php can leave an orphaned temporary file
* gh#12619 Unable to export csv when using union select
* gh#12625 Broken Edit links in query results of JOIN query
* gh#12634 Drop DB error in import if DB doesn't exist
* gh#12338 Designer reverts to first saved ER after EACH relation
create or delete
* gh#12639 'Show trace' in Console generates JS error for functions
in query's trace called without any arguments
* gh#12366 Fix user creation with certain MariaDB setups
* gh#12616 Refuse to work with mbstring.func_overload enabled
* gh#12472 Properly report connection without password in setup
* gh#12365 Fix records count for large tables
* gh#12533 Fix records count for complex queries
* gh#12454 Query history not updated in console until page refresh
* gh#12344 Fixed parsing of labels in loop
* gh#12228 Fixed parsing of BEGIN labels
* gh#12637 Fixed editing some timestamp values
* gh#12622 Fixed javascript error in designer
* gh#12334 Missing page indicator or VIEWs
* gh#12610 Export of tables with Timestamp/Datetime/Time columns
defined with ON UPDATE clause with precision fails
* gh#12661 Error inserting into pma__history after timeout
* gh#12195 Row_format = fixed not visible
* gh#12665 Cannot add a foreign key - non-indexed fields not listed
in InnoDB tables
* gh#12674 Allow for proper MySQL-allowed strings as identifiers
* gh#12651 Allow for partial dates on table insert page
* gh#12681 Fixed designer with tables using special chars
* gh#12652 Fixed visual query builder for foreign keys with more
fields
* gh#12257 Improved search page performance
* gh#12322 Avoid selecting default function for foreign keys
* gh#12453 Fixed escaping of SQL parts in some corner cases
* gh#12542 Missing table name in account privileges editor
* gh#12691 Remove ksort call on empty array in PMA_getPlugins
function
* gh#12443 Check parameter type before processing
* gh#12299 Avoid generating too long URLs in search
* gh#12361 Fix self SQL injection in table-specific privileges
* gh#12698 Add link to release notes and download on new version
notification
* gh#12712 Error when trying to setup replication (fatal error in
call to an old PMA_DBI_connect function)
- fix for boo#1012271
https://www.phpmyadmin.net/security/
* Unsafe generation of $cfg['blowfish_secret']
see PMASA-2016-58 (CVE ids: CVE-2016-9847, CWE-661)
* phpMyAdmin's phpinfo functionality is removed
see PMASA-2016-59 (CVE ids: CVE-2016-9848, CWE-661)
* AllowRoot and allow/deny rule bypass with specially-crafted
username
see PMASA-2016-60 (CVE ids: CVE-2016-9849, CWE-661)
* Username matching weaknesses with allow/deny rules
see PMASA-2016-61 (CVE ids: CVE-2016-9850, CWE-661)
* Possible to bypass logout timeout
see PMASA-2016-62 (CVE ids: CVE-2016-9851, CWE-661)
* Full path disclosure (FPD) weaknesses
see PMASA-2016-63 (CVE ids: CVE-2016-9852, CVE-2016-9853,
CVE-2016-9854, CVE-2016-9855, CWE-661)
* Multiple XSS weaknesses
see PMASA-2016-64 (CVE ids: CVE-2016-9856, CVE-2016-9857,
CWE-661, CWE-352)
* Multiple denial-of-service (DOS) vulnerabilities
see PMASA-2016-65 (CVE ids: CVE-2016-9858, CVE-2016-9859,
CVE-2016-9860, CWE-661, CW-400)
* Possible to bypass white-list protection for URL redirection
see PMASA-2016-66 (CVE ids: CVE-2016-9861, CWE-661, CWE-20,
CWE-601)
* BBCode injection to login page
see PMASA-2016-67 (CVE ids: CVE-2016-9862, CWE-661)
* Denial-of-service (DOS) vulnerability in table partitioning
see PMASA-2016-68 (CVE ids: CVE-2016-9863, CWE-661, CWE-400)
* Multiple SQL injection vulnerabilities
see PMASA-2016-69 (CVE ids: CVE-2016-9864, CWE-661, CWE-89)
* Incorrect serialized string parsing
see PMASA-2016-70 (CVE ids: CVE-2016-9865, CWE-661)
* CSRF token not stripped from the URL
see PMASA-2016-71 (CVE ids: CVE-2016-9866, CWE-661)
* Sun Nov 06 2016 chris@computersalat.de
- fix deps
* add missing Recommends php5-curl
- fix phpMyAdmin.http
* add <IfModule mod_php7.c>
* Sat Nov 05 2016 chris@computersalat.de
- fix phpMyAdmin.http
* Thu Aug 18 2016 chris@computersalat.de
- 4.6.4 (2016-08-16)
- securitiy fixes
* Improve session cookie code for openid.php and signon.php example
files
* Full path disclosure in openid.php and signon.php example files
* Unsafe generation of BlowfishSecret (when not supplied by the user)
* Referrer leak when phpinfo is enabled
* Use HTTPS for wiki links
* Improve SSL certificate handling
* Fix full path disclosure in debugging code
* Administrators could trigger SQL injection attack against users
- other fixes
* Remove Swekey support
* Include X-Robots-Tag header in responses
* Enforce numeric field length when creating table
* Fixed invalid Content-Length in some HTTP responses
* gh#12394 Create view should require a view name
* gh#12391 Message with 'Change password successfully' displayed,
but does not take effect
* Tighten control on PHP sessions and session cookies
* gh#12409 Re-enable overhead on server databases view
* gh#12414 Fixed rendering of Original theme
* gh#12413 Fixed deleting users in non English locales
* gh#12416 Fixed replication status output in Databases listing
* gh#12303 Avoid typecasting to float when not needed
* gh#12425 Duplicate message variable names in messages.inc.php
* gh#12399 Adding index to table shows wrong top navigation
* gh#12424 Fixed password change on MariaDB without auth plugin
* gh#12339 Do not error on unset server port
* gh#12422 Improvements to the original theme
* gh#12395 Do not try to load old transformation plugins
* gh#12423 Fixed replication status in database listing
* gh#12433 Copy table with prefix does not copy the indexes
* gh#12375 Search in database: Window content is not scrolling down
when clicking first time on Browse link
* gh#12346 SQL Editor textareas can have their size increased from
the top, distorting the page view
- fix for boo#994313
https://www.phpmyadmin.net/security/
* Weaknesses with cookie encryption
see PMASA-2016-29 (CVE-2016-6606, CWE-661)
* Multiple XSS vulnerabilities
see PMASA-2016-30 (CVE-2016-6607, CWE-661)
* Multiple XSS vulnerabilities
see PMASA-2016-31 (CVE-2016-6608, CWE-661)
* PHP code injection
see PMASA-2016-32 (CVE-2016-6609, CWE-661)
* Full path disclosure
see PMASA-2016-33 (CVE-2016-6610, CWE-661)
* SQL injection attack
see PMASA-2016-34 (CVE-2016-6611, CWE-661)
* Local file exposure through LOAD DATA LOCAL INFILE
see PMASA-2016-35 (CVE-2016-6612, CWE-661)
* Local file exposure through symlinks with UploadDir
see PMASA-2016-36 (CVE-2016-6613, CWE-661)
* Path traversal with SaveDir and UploadDir
see PMASA-2016-37 (CVE-2016-6614, CWE-661)
* Multiple XSS vulnerabilities
see PMASA-2016-38 (CVE-2016-6615, CWE-661)
* SQL injection vulnerability as control user
see PMASA-2016-39 (CVE-2016-6616, CWE-661)
* SQL injection vulnerability
see PMASA-2016-40 (CVE-2016-6617, CWE-661)
* Denial-of-service attack through transformation feature
see PMASA-2016-41 (CVE-2016-6618, CWE-661)
* SQL injection vulnerability as control user
see PMASA-2016-42 (CVE-2016-6619, CWE-661)
* Verify data before unserializing
see PMASA-2016-43 (CVE-2016-6620, CWE-661)
* SSRF in setup script
see PMASA-2016-44 (CVE-2016-6621, CWE-661)
* Denial-of-service attack with
$cfg['AllowArbitraryServer'] = true and persistent connections
see PMASA-2016-45 (CVE-2016-6622, CWE-661)
* Denial-of-service attack by using for loops
see PMASA-2016-46 (CVE-2016-6623, CWE-661)
* Possible circumvention of IP-based allow/deny rules with IPv6 and
proxy server
see PMASA-2016-47 (CVE-2016-6624, CWE-661)
* Detect if user is logged in
see PMASA-2016-48 (CVE-2016-6625, CWE-661)
* Bypass URL redirection protection
see PMASA-2016-49 (CVE-2016-6626, CWE-661)
* Referrer leak
see PMASA-2016-50 (CVE-2016-6627, CWE-661)
* Reflected File Download
see PMASA-2016-51 (CVE-2016-6628, CWE-661)
* ArbitraryServerRegexp bypass
see PMASA-2016-52 (CVE-2016-6629, CWE-661)
* Denial-of-service attack by entering long password
see PMASA-2016-53 (CVE-2016-6630, CWE-661)
* Remote code execution vulnerability when running as CGI
see PMASA-2016-54 (CVE-2016-6631, CWE-661)
* Denial-of-service attack when PHP uses dbase extension
see PMASA-2016-55 (CVE-2016-6632, CWE-661)
* Remove tode execution vulnerability when PHP uses dbase extension
see PMASA-2016-56 (CVE-2016-6633, CWE-661)
- fix deps
* add missing php-gettext
- rebase phpMyAdmin-config.patch
* Thu Jun 23 2016 chris@computersalat.de
- update to 4.6.3 (2016-06-23)
* gh#12249 Fixed cookie path on Windows
* gh#12279 Fixed error reporting on connect problems
* gh#12290 Fixed export of tables without explicitly set engine
* gh#12285 Designer JavaScript error: Show/Hide tables list
* gh#12293 Fix MySQL SSL connection with some PHP versions
* gh#12279 Fix MySQL connection error on version mismatch
* gh#12281 Keep user attributes (privileges, authentication mode, etc) when copying a user
* gh#12308 Fix division by zero in case of misconfigured MySQL server
* gh#12317 Fix editing server variables
* gh#12303 Fix table size calculation in some circumstances
* gh#12310 Fix listing routines for non privileged user
* issue Escape generated query in exporting a database
* issue Setup script did not properly use input type password for some input types
- fix for boo#986154
* PMASA-2016-17 (CVE-2016-5701, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2016-17/
- BBCode injection vulnerability
* PMASA-2016-18 (CVE-2016-5702, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2016-18/
- Cookie attribute injection attack
* PMASA-2016-19 (CVE-2016-5703, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2016-19/
- SQL injection attack
* PMASA-2016-20 (CVE-2016-5704, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2016-20/
- XSS on table structure page
* PMASA-2016-21 (CVE-2016-5705, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2016-21/
- Multiple XSS vulnerabilities
* PMASA-2016-22 (CVE-2016-5706, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2016-22/
- DOS attack
* PMASA-2016-23 (CVE-2016-5730, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2016-23/
- Multiple full path disclosure vulnerabilities
* PMASA-2016-24 (CVE-2016-5731, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2016-24/
- XSS through FPD
* PMASA-2016-25 (CVE-2016-5732, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2016-25/
- XSS in partition range functionality
* PMASA-2016-26 (CVE-2016-5733, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2016-26/
- Multiple XSS vulnerabilities
* PMASA-2016-27 (CVE-2016-5734, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2016-27/
- Unsafe handling of preg_replace parameters
* PMASA-2016-28 (CVE-2016-5739, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2016-28/
- Referrer leak in transformations
* Sun May 29 2016 chris@computersalat.de
- rebase phpMyAdmin-config.patch
* Sat May 28 2016 ecsos@opensuse.org
- update to 4.6.2 (2016-05-25)
- gh#12225 Use https for documentation links
- gh#12234 Fix schema export with too many tables
- gh#12240 Avoid parsing non JSON responses as JSON
- gh#12244 Avoid using too log URLs when getting javascripts
- gh#12118 Fixed setting mixed case languages
- gh#12229 Avoid storing objects in session when debugging SQL
- gh#12249 Fix cookie path on IIS
- gh#11705 Fix occassional 200 errors on Windows
- gh#12219 Fix locking issues when importing SQL
- gh#12231 Avoid confusing warning when mysql extension is missing
- fix issue Improve handling of logout
- fix issue Safer handling of sessions during authentication
- gh#12209 Fix server selection on main page
- gh#12192 Avoid storing full error data in session
- gh#12082 Fixed export of ARCHIVE tables with keys
- gh#11565 Add session reload for config authentication
- gh#12229 Do not fail on errors stored in session
- gh#12248 Fix loading of APC based upload progress bar
- remove PmaAbsoluteUri from phpMyAdmin-config.patch because since
version 4.6.0 it is remove
- Security fixes:
* PMASA-2016-14 (CVE-2016-5097, CWE-661, boo#982126)
https://www.phpmyadmin.net/security/PMASA-2016-14/
- User SQL queries can be revealed through URL GET parameters,
see PMASA-2016-14
* PMASA-2016-16 (CVE-2016-5099, CWE-661, boo#982128)
https://www.phpmyadmin.net/security/PMASA-2016-16/
- Self XSS vulneratbility, see PMASA-2016-16
* Mon May 09 2016 chris@computersalat.de
- phpMyAdmin 4.6.1:
* Problems with SQL syntax warnings from the linter/parser
* Fixing an error about "PMA_Util" not found
* Better handling of JSON columns
* Fixed quoting with the SQL parser, which in particular adversely
affected SQL imports and exports
* Thu Mar 24 2016 astieger@suse.com
- phpMyAdmin 4.6.0:
* Allow setting routine-wise privileges
* UI for defining partitioning in create table window
* Support JSON data type
* Editing partitions in table Structure
* Copy results to clipboard
* Reactivate cut&paste possibility in print view
* Display binary strings as text if they are valid UTF-8
* Copy multiple tables to database
* Show MySQL error messages in user language
* Add new configuration directive 'ssl_verify' for self-signed
certificates with mysqlnd and PHP >= 5.6
* Remove ForceSSL and PmaAbsoluteUri configuration directives
(these are better handled by proper webserver configuration)
* Fixed several bugs relating to exporting, particularly with
DEFAULT and COMMENT fields
* Tue Mar 01 2016 astieger@suse.com
- phpMyAdmin 4.5.5.1:
The following vulnerabilities were fixed:
* CVE-2016-2559: XSS vulnerability in SQL parser (PMASA-2016-10 boo#968940)
* CVE-2016-2560: Multiple XSS vulnerabilities (PMASA-2016-11 boo#968938)
* CVE-2016-2561: Multiple XSS vulnerabilities (PMASA-2016-12 boo#968941)
* CVE-2016-2562: Vulnerability allowing man-in-the-middle attack on API call to GitHub (PMASA-2016-13 boo#968928)
The following upstream bugs were fixed:
* CREATE UNIQUE INDEX index type is not recognized by parser.
* Row count wrong when grouping joined tables.
* Column definition with default value and comment in CREATE TABLE expoerted faulty.
* New statement but no delimiter and unexpected token with REPLACE.
* Fixed incorrect usage of SQL parser context in SQL export
* Fixed inclusion of gettext library from SQL parser
* Wed Feb 24 2016 astieger@suse.com
- phpMyAdmin 4.5.5
* improvements to changing passwords on newer MariaDB servers
* several fixes to the SQL parser
* Sat Jan 30 2016 ecsos@opensuse.org
- update to 4.5.4.1 (2016-01-28)
- gh#11892 Error with PMA 4.4.15.3
- gh#11896 Remove hard dependency on phpseclib
* Thu Jan 28 2016 astieger@suse.com
- phpMyAdmin 4.5.4
The followinng vulnerabilities were fixed: (boo#964024)
* CVE-2016-2038: Multiple full path disclosure vulnerabilities
* CVE-2016-2039: Unsafe generation of XSRF/CSRF token
* CVE-2016-2040: Multiple XSS vulnerabilities
* CVE-2016-1927: Insecure password generation in JavaScript
* CVE-2016-2041: Unsafe comparison of XSRF/CSRF token
* CVE-2016-2042: Multiple full path disclosure vulnerabilities
* CVE-2016-2043: XSS vulnerability in normalization page
* CVE-2016-2044: Full path disclosure vulnerability in SQL parser
* CVE-2016-2045: XSS vulnerability in SQL editor
- update upstream singing keyring
* Sun Jan 10 2016 astieger@suse.com
- 4.5.x package was missing template - fix boo#961285
* Wed Jan 06 2016 chris@computersalat.de
- fix for boo#960854
* add missing dependency of php-json
* Mon Jan 04 2016 astieger@suse.com
- phpMyAdmin 4.5.3.1:
* Minimum requirement is PHP 5.5
- Highlights of the 4.5.x.x series:
* Improvements to the Console feature
* Include structure in PDF export
* Validate data before import
* Support CHECKSUM TABLE operation
* Improved operations regarding partitions
* Alter privileges when renaming or copying a database or table
* Several improvements related to speed and responsiveness
* Improved print view
* Use CTRL or ALT plus arrow keys to navigate in grid editor
* Use plain-English destinations for
$cfg['NavigationTreeDefaultTabTable'], $cfg['DefaultTabServer'],
$cfg['DefaultTabDatabase'], and $cfg['DefaultTabTable'].
The old style values will still work, but this makes it easier for
new users to easily understand the destination links.
* Integrate SQL debugging into Console
* Restore row editing when no unique/primary key exists
* Allow exporting one file per table and one file per database
* Improvements to using multiple servers with the auth_type cookie
* Support virtual columns (MySQL 5.7.5+)
* Add or improve support for several MariaDB features including
process list and virtual/persistent columns
* Improved handling of cached data when upgrading phpMyAdmin
* Add SHA256 security password support
* Tue Dec 29 2015 ecsos@opensuse.org
- update to 4.4.15.2 (2015-12-25)
- Security fixes:
* PMASA-2015-5 (CVE-2015-8669, CWE-661 CWE-200) boo#960282
https://www.phpmyadmin.net/security/PMASA-2015-6/
- [Security] Path disclosure, see PMASA-2015-6
* Mon Oct 26 2015 ecsos@opensuse.org
- update to 4.4.15.1 (2015-10-23)
- gh#11464 phpMyAdmin suggests upgrading to newer version not
usable on that system
- Security fixes: [boo#951960]
* PMASA-2015-5 (CVE-2015-7873, CWE-661 CWE-20)
https://www.phpmyadmin.net/security/PMASA-2015-5/
- fix issue [security] Content spoofing on url.php
* Sun Sep 20 2015 ecsos@opensuse.org
- update to 4.4.15 (2015-09-20)
- gh#11411 Undefined "replace" function on numeric scalar
- gh#11421 Stored-proc / routine - broken parameter parsing
- fix issue Missing name for configuration read_as_multibytes
- gh#11431 Incorrect "No row selected" message
- gh#11447 MySQL 5.5 and the language system variable
- gh#11452 Semantics of export and import icons are mixed up
- gh#11451 Designer-Bug in move.js on multiple server
configuration
- gh#11458 Invalid UTF-8 sequence in argument
- gh#11457 Request URI too large
- fix issue Invalid argument supplied for foreach()
- gh#11461 Foreign key constraints for InnoDB tables with
upper-case letters disabled
- gh#11487 Warning when entering Query page
- change entrys in changelog from sf to gh from 4.13.0 to now
* Thu Sep 17 2015 ecsos@opensuse.org
- boo#945999 enable required apache modules in spec at install
* Fri Sep 11 2015 ecsos@opensuse.org
- update 4.4.14.1 (2015-09-08)
- Security fixes: [boo#945420]
* PMASA-2015-4 (CVE-2015-6830, CWE-661 CWE-307)
https://www.phpmyadmin.net/security/PMASA-2015-4/
- fix issue [security] reCaptcha bypass
* Tue Aug 25 2015 ecsos@opensuse.org
- update to 4.4.14 (2015-08-20)
- gh#11367 Export after search, missing WHERE clause
- gh#11380 Incomplete message after import
- fix issue Incorrect scalar type declaration
(reported under PHP 7)
- gh#11389 ReCaptcha produces deprecated messages under PHP 7
- gh#11387 phpseclib < 2.0 produces deprecated messages on PHP 7
- gh#11404 "Switch to copied table" doesn't work
- gh#11406 Missing quotes after calling "distinct values"
- gh#11386 Cannot import database with long data in one column
- gh#11410 SPATIAL index option is not clickable
* Sun Aug 09 2015 ecsos@opensuse.org
- update to 4.4.13.1 (2015-08-08)
- gh#11368 SQL error when importing phpMyAdmin dump file
* Sat Aug 08 2015 ecsos@opensuse.org
- update to 4.4.13 (2015-08-07)
- gh#1808 "Improve table structure" generates invalid SQL
- fix issue Once checked "Show only active" checkbox is always
checked
- gh#1813 Delete rows using "Check All" is broken
- fix issue Fix PHP 7 possible binding ambiguity
- gh#11326 Exported schema includes all the tables of the
database
- gh#11339 Results not displayed if query ends in delimiter and
comment
- gh#11320 Live edit of data fields is not working always
- fix issue Table list in navigation collapses when entering into
a table in another page
- gh#11364 JS error while trying to auto navigate to db structure
page when db creation has failed
* Tue Jul 21 2015 mcihar@suse.cz
- Apache configuration compatible with both 2.2 and 2.4
* Mon Jul 20 2015 mcihar@suse.cz
- update to 4.4.12 (2015-07-20)
- Saved chart image does not have a proper name or an extension
- sf#4976 Timepicker CSS issues in Original theme
- sf#4975 Move/Copy/Rename operations on Table/Db fail on Drizzle server
- sf#4826 Two inline edit windows
- sf#4979 Problem when import *.ods file
- Add missing head tag
- sf#4985 Column headers move when scrolling
- use smaller xz compressed archive
- update Apache configuration to be compatible with 2.4
* Wed Jul 08 2015 ecsos@opensuse.org
- update to 4.4.11 (2015-07-06)
- fix bug Missing selected/entered values when editing active
options in visual query builder
- sf#4969 Autoload from prefs_storage not behaving properly
- sf#4972 Incorrect length computed for binary data
- fix bug Remove character set from create_tables_drizzle.sql
- sf#4973 Users overview needs clarification
- sf#4974 Creating a database from console doesn't update
navigation panel
- sf#4844 FAQ 1.17 needs an update
- change sourcepath in spec
* Thu Jul 02 2015 mcihar@suse.cz
- switch upstream url to https
- include signed release together with keyring to verify signatures
* Wed Jun 17 2015 ecsos@opensuse.org
- add missing sql-scripts to doc
* Wed Jun 17 2015 ecsos@opensuse.org
- update to 4.4.10 (2015-06-17)
- sf#4950 Issues in database selection for replication
- sf#4951 Trying to save chart as image crashes the browser
- sf#4953 cant drag sql.gz file onto import input
- sf#4960 Table creation results in GET request with missing
server parameter that invalidates the session
- sf#4961 Javascript error when Designer is opened
- sf#4962 Insert by foreign key scrolls page to top
- sf#4955 Clicking on the navi logo does not always work
- fix bug External URL for $cfg['NavigationLogoLink'] causes
JavaScript error when clicked
* Fri Jun 05 2015 ecsos@opensuse.org
- update to 4.4.9 (2015-06-04)
- sf#4920 relation view doesn't list fields of table in other
database
- sf#4905 Sorting by an alias
- sf#4931 False error before entering reCAPTCHA
- sf#4909 central column with multiple server
- sf#4937 Custom export with backquotes off is not working
- sf#4908 Reverse proxy: infinite internal redirect
(added warning in doc)
- sf#4942 Export to gzip saves plain text under Chrome
* Thu May 28 2015 ecsos@opensuse.org
- update to 4.4.8 (2015-05-28)
- fix bug Allow accessing visual query builder when pmadb is not
configured
- sf#4893 Nav tree line alignment issue
- sf#4911 Lock page icon is not shown after fresh reload
- sf#4912 "Highlight pointer" and "Row marker" doesn't work
properly
- fix bug Browse foreigners window goes out of the window
- sf#4918 Date field popup dialog position bug
- fix bug In /setup, PMA_messages is not defined
- sf#4924 Recaptcha failure
- sf#4930 Database copy doesn't work for tables with more than
one FULLTEXT index
- sf#4929 Edit view structure doesn't load the algorithm
- sf#4923 Do not limit table comments to 60 characters
* Sat May 16 2015 ecsos@opensuse.org
- update to 4.4.7 (2015-05-16)
- sf#4876 Settings issues (Favorite tables shown twice in
Settings)
- sf#4896 Non-styled error page when following results link
- sf#4894 Deleting without confirmation
- sf#4858 Issues with SQL autocomplete
- sf#4897 Column hint in SQL autocomplete is sometimes not shown
- sf#4898 JS error after selecting a field and press Enter
- fix bug Honor proxy settings when getting Git commit
information
- fix bug Missing title on link
- sf#4512 ForceSSL Redirect Check
- fix bug Undefined index collation_connection
- fix bug Error when the reporting server is down
- fix bug Escape database and table names for partition
maintenance
- fix bug Invalid value for CURLOPT_SSL_VERIFYPEER
- sf#4367 Import status infinite loop
- sf#4902 Designer: Loading does not work
- sf#4904 Setup: Overview > Display does not work
- sf#4906 Designer: pages from all databases
* Wed May 13 2015 ecsos@opensuse.org
- update 4.4.6.1 (2015-05-13)
This update fixes several vulnerabilities
- Security fixes:
* PMASA-2015-2 (CVE-2015-3902, CWE-661 CWE-352)
http://www.phpmyadmin.net/home_page/security/PMASA-2015-2.php
- sf#4899 [security] CSRF vulnerability in setup
* PMASA-2015-3 ( CVE-2015-3903, CWE-661 CWE-295)
http://www.phpmyadmin.net/home_page/security/PMASA-2015-3.php
- sf#4900 [security] Vulnerability allowing man-in-the-middle
attack
* Thu May 07 2015 ecsos@opensuse.org
- update to 4.4.6 (2015-05-07)
- sf#4890 webkitStorageInfo and webkitIndexedDB is deprecated
- sf#4892 Undefined variable: unique_conditions
- sf#4891 CSV Import ignores "Replace table data with file"
checkbox
* Tue May 05 2015 ecsos@opensuse.org
- update to 4.4.5 (2015-05-05)
- fix bug Table overhead stats: missing space before the unit
- fix bug Fix resize icon in Designer
- sf#4879 Exit fullscreen in Designer does not change
the button text
- sf#4880 Designer icons missing when using original theme
- sf#4878 Column list of central columns is not cleared
- sf#4881 jQuery dialogs of the Designer are not displayed in
fullscreen
- sf#4883 Search function breaks when searching for certain
combinations of backslashes and slashes
- sf#4830 Maximum execution time exceeded in Util.class.php
(better fix)
- sf#4885 Some icons are above the overlay of jQuery dialogs
- sf#4886 Clicking on external links in advisor rules give
JS error
- sf#4888 Filter in central columns does not work in other
languages
* Sun Apr 26 2015 ecsos@opensuse.org
- update to 4.4.4 (2015-04-26)
- sf#4863 Edit vs Change
- sf#4859 Don't scroll (to bottom) when editing multiple rows
- sf#4862 Misaligned Inline edit field
- sf#4861 Use of undefined constant PMA_DRIZZLE
- sf#4865 sprintf(): Too few arguments
- sf#4866 Limit column ordering in index edit dialog
- sf#4867 Incorrect ALTER TABLE statement generated
- sf#4870 Inconsistency in 'Ignore' checkbox in insert page
- sf#4869 Drop column action not asking to confirm
- sf#4871 Error on creating table
- fix bug Undefined index: Rows
* Mon Apr 20 2015 ecsos@opensuse.org
- update to 4.4.3 (2015-04-20)
- sf#4851 PHP errors in login dialogue
- sf#4845 White screen (Cloudflare)
- sf#4207 json_encode error due to strftime returning non utf8
chars in Windows 8.1 Chinese version
- sf#4794 Server error viewing table content
- fix bug Fix issues related to number of decimal places in time
- sf#4853 Relation view between 1600 and 1780 px
- fix bug PHP 7 compatibility in php-gettext
- fix bug PHP 7 compatibility in bfShapeFiles
- fix bug PHP 7 session_regenerate_id() warning
- sf#4857 Alter table after changing column name error
- sf#4830 Maximum execution time exceeded in Util.class.php
* Mon Apr 13 2015 ecsos@opensuse.org
- update to 4.4.2 (2015-04-13)
- sf#4835 PMA_hideShowConnection not called after
submit_num_fields
- sf#4836 Server warning after moving from console to
direct clicks
- sf#4837 Duplicate new version notification when using
the "Back" button
- sf#4839 DOC link in setting is broken
- sf#4841 Status page: Mislukte pogingen per uur value is
incorrect
- fix bug MIME Transformation link fixed
- sf#4838 Prevents console window from moving out of the
screen height
- sf#4829 Create procedure via SQL Editor not more possible
- sf#4833 CSS and Javascript are not compressed
- sf#4849 Functions accessed from navigation do not load on
ajax dialog
- sf#4850 Relation view on 1920
* Sat Apr 11 2015 ecsos@opensuse.org
- update 4.4.1.1 (2015-04-08)
- sf#4846 Web server's error log is flooded
- changes from 4.4.1 (2015-04-07)
- sf#4813 MySQL 5.7.6 and the Users menu tab
- sf#4818 MySQL 5.7.6 and changing the password for another user
- sf#4819 Request URI too large
- sf#4814 MySQL 5.7.6 and Databases
- fix bug Use 'server' parameter in console to work in multi
server environments
- fix bug Missing tooltip in monitor
- fix bug Missing sort icons in monitor
- sf#4805 Inline edit broken when using functions in query
- sf#4821 Timed-out import fails to restart when file represented
- sf#4754 pMA DB not detected properly
- sf#4825 Datepicker missing when changing number of rows on
Insert page
- sf#4824 INNODB STATUS page is empty
- sf#4828 JavaScript is loaded in wrong order
- sf#4827 TEXT formatting doesn't work after inline editing
- sf#4822 Compress when php.ini output_buffering is active
- sf#4832 Sorting distinct values result loses links
- sf#4834 Do not attach token to css requests to improve caching
* Fri Apr 03 2015 ecsos@opensuse.org
- update to 4.4.0 (2015-04-01)
+ rfe #1553 InnoDB presently supports one FULLTEXT index creation
at a time
+ rfe #1562 Allow tracking multiple table at once from database
level tracking page
+ rfe #1564 Improve action message on Tracking page
+ rfe #1566 Change value of "Number of rows:" when "Show all"
is checked
+ rfe Focus console by clicking on white space
+ rfe #1507 Part 1: Cycle through console history with keyboard
up/down arrows
+ rfe #1579 Default to primary key when adding relation
+ rfe #1572 User prefs: Diff-friendly JSON for config
+ rfe #1567 Sever Variables Table UI Improvements
- sf#4675 phpMyAdmin should be able to work without 'examples'
DIR - move SQL scripts to sql directory
+ rfe #1578 Warn about reserved word only when a column is
created
+ rfe #1590 Recaptcha API v2
+ rfe #1580 Individual Zeroconf PMA tables support
+ rfe #1525 Generate keys one per line
+ rfe #347 allow table with transformed column anywhere in
FROM clause
+ rfe #1591 Shortcut link to search page
+ rfe #1568 Fold Add Column After / Before into dropdown
- sf#4705 Table structure: adding primary key doesn't refresh
page
+ rfe #1582 SQL formatter
+ rfe #1597 Fast filter improvement: remove
"x other results found"
- sf#4720 No error message on Missing extension mbstring
+ rfe #801 Builtin transformations and relations
+ rfe #767 USING BTREE support for HEAP/MEMORY tables
+ rfe #1596 Make "Options > Relational" configurable
+ rfe #719 More details in PDF relation view
+ rfe #1096 Cannot enter connection for federated engine table
+ rfe #954 Allow SALT in ENCRYPT function
+ rfe #1260 Setting LoginCookieValidity > session.gc_maxlifetime
+ rfe Transformation for JSON
- bug Fix isCanvasSupported for new window
+ rfe #1600 Clarify the "Inline" link
+ rfe #1179 Speed up slow triggers by using EVENT_OBJECT_SCHEMA
+ rfe #1192 ON DUPLICATE KEY UPDATE for loading CSV
- bug fix Cannot execute command from console
(multi-server installation)
+ rfe #1208 linking from information_schema
+ rfe #1235 Relation view: move to main "Structure" page
+ rfe #1558 Designer menu with explicit text
+ rfe #937 Relations with views like with tables
+ rfe #1241 Browse Field -> Search
+ rfe #723 Provide sanity check for table/column names
(table names)
+ rfe #1312 SessionTimeZone configuration directive
- bug fix Add missing confirmation when deleting tracking report
entries
+ rfe Ability to disable foreign key check when emptying tables
+ rfe #1549 Reset auto-increment when exporting structure
+ rfe #1602 Recover query in redaction after session end
+ rfe #1605 After database creation, go to database structure
page
+ rfe #1604 Show PHP version
- sf#4770 Multiple delete on table browse ignoring foreign key
checkbox
+ rfe CodeMirror based SQL editor as an input transformation
+ rfe #1275 CodeMirror based JSON editor as an input
transformation
+ rfe #685 Editor for HTML content
+ rfe #1595 make professional code editor suggestion
+ rfe #1606 processlist filter
+ rfe Change tracking activation status from db level tracking
page
+ rfe #1207 Export users associated with a specific
schema/database
+ rfe #1575 "Disable database expansion" : unclear directive name
and explanation
+ rfe #1607 Tool tip for lock icon when making changes to a page
+ rfe #1327 Hide 'Add user' link if user does not have privileges
+ rfe #501 Support for SSL GRANT option
+ rfe #1608 Central columns allowing setting SIGNED / UNSIGNED
attribute for integer
+ rfe #1441 Add regexp match when using AllowArbitraryServer
- sf#4806 Unable to work with two different servers in two tabs
- fix incorrect fsf-address
- change pma.patch
* Sun Mar 29 2015 ecsos@opensuse.org
- update to 4.3.13 (2015-03-29)
- sf#4803 "Show hidden items" is sometimes hidden
- sf#4807 Breaks when sorting by multiple columns
while using UNION
- sf#4798 Missing column when exporting in sql
- sf#4810 Broken find and replace
- sf#4804 Undefined Index after export schema
- sf#4802 Changelog page is not working
- sf#4815 Infinite calls to index.php
- sf#4820 Invalid links to dev.mysql.com
- sf#4718 simulate query fails, but actual query does not
* Sat Mar 14 2015 ecsos@opensuse.org
- update to 4.3.12 (2015-03-14)
- sf#4746 Right-aligned columns have left-aligned header
- sf#4779 PMA_Util::parseEnumSetValues fails on enums with UTF-8
values
- fix bug Undefined index savedsearcheswork
- sf#4788 Inline edit of DATE fields with NULL, NULL checkbox is
under datepicker
- sf#4790 DROP TABLE/VIEW IF EXISTS are not tracked
- fix bug Compatibility with central columns of version 4.4
- sf#4758 Firefox with auth_type to http with multiple server
doesn't work anymore
- sf#4789 Views aren't dropped when copying a database
- sf#4784 Incomplete bookmark saving
- sf#4786 SELECT width on relations page
* Wed Mar 04 2015 ecsos@opensuse.org
- update to 4.3.11.1 (2015-03-04)
This update fixes several vulnerabilities
- Security fixes:
* PMASA-2015-1 (CVE-2015-2206, CWE-661 CWE-352) [boo#920773]
http://www.phpmyadmin.net/home_page/security/PMASA-2015-1.php
- fix bug [security] Risk of BREACH attack
* Wed Mar 04 2015 ecsos@opensuse.org
- fix error displayed in Status/Advisor and not functional display
of cpu and memory under Status/Monitor/
* Tue Mar 03 2015 ecsos@opensuse.org
- update to 4.3.11 (2015-03-02)
- sf#4774 SQL links are completely wrong
- sf#4768 MariaDB: version mismatch
- sf#4777 Some images are missing in Designer for original theme
- sf#4767 Drizzle: undefined index in mysql_charsets.inc.php
- sf#4753 Normal field and multi-line field have different
margins
- sf#4760 Cannot re-import settings from local storage
- sf#4778 SQL error when database list is sorted by additional
columns
- sf#4780 Notice when timestamp column does not have default
value
* Fri Feb 20 2015 ecsos@opensuse.org
- update to 4.3.10 (2015-02-20)
- fix bug Undefined index navwork
- sf#4744 Opening console scroll down the page
- fix bug Remove extra column heading in view structure page
- fix bug Add missing confirmation when deleting central columns
- fix bug Undefined index DisableIS
- sf#4763 Database export with more than 512 tables fails
- sf#4769 Previously set column aliases are destroyed if returned
to the same table
- sf#4752 Incorrect page after creating table
- sf#4771 Central Columns not working, showing error
* Fri Feb 06 2015 ecsos@opensuse.org
- update to 4.3.9 (2015-02-05)
- sf#4728 Incorrect headings in routine editor
- sf#4730 Notice while browsing tables when phpmyadmin
pma database exists, but not all the tables
- sf#4729 Display original field when using "Relational display
column" option and display column is empty
- sf#4734 Default values for binary fields do not support
binary values
- sf#4736 Changing display options breaks query highlighting
- fix bug Undefined index submit_type
- sf#4738 Header lose align when scrolling in Firefox
- sf#4741 in ./libraries/Advisor.class.php#184 vsprintf():
Too few arguments
- sf#4743 Unable to move cursor with keyboard in filter rows box
- fix bug Incorrect link in doc
- sf#4745 Tracking does not handle views properly
- sf#4706 Schema export doesn't handle dots in db/table name
- sf#3935 Table Header not displayed correct (Safari 5.0.5 Mac)
- sf#4750 Disable renaming referenced columns
- sf#4748 Column name center-aligned instead of left-aligned
in Relations
* Sat Jan 24 2015 ecsos@opensuse.org
- update to 4.3.8 (2015-01-24)
- fix bug Undefined constant PMA_DRIZZLE
- sf#4712 Wrongly positioned date-picker while Grid-Editing
- sf#4714 Forced ORDER BY for own sql statements
- sf#4721 Undefined property: stdClass::$version
- sf#4719 'only_db' not working
- sf#4700 Error text: Internal Server Error
- sf#4722 Incorrect width table summary when favorite tables
is disabled
- sf#4716 Collapse all in navigation panel is sometimes broken
- sf#4724 Cannot navigate in filtered table list
- sf#4717 Database navigation menu broken when resolution/screen
is changing
- sf#4727 Collation column missing in database list
when DisableIS is true
- fix bug Undefined index central_columnswork
- fix bug Undefined index favorite_tables
* Sat Jan 17 2015 ecsos@opensuse.org
- update to 4.3.7 (2015-01-15)
- sf#4694 js error on marking table as favorite in Safari (in private mode)
- sf#4695 Changing $cfg['DefaultTabTable'] doesn't update link and title
- fix bug Undefined index menuswork
- fix bug Undefined index navwork
- fix bug Undefined index central_columnswork
- sf#4697 Server Status refresh not behaving as expected
- fix bug Null argument in array_multisort()
- sf#4699 Navigation panel should not hide icons based on 'TableNavigationLinksMode'
- sf#4703 Unsaved schema page exported as pdf.pdf
- sf#4707 Call to undefined method PMA_Schema_PDF::dieSchema()
- sf#4702 URL is non RFC-2396 compatible in get_scripts.js.php
* Thu Jan 08 2015 ecsos@opensuse.org
- update to 4.3.6 (2015-01-07)
- fix bug Undefined index notices while configuring recent and
favorite tables
- sf#4687 Designer breaks without configuration storage
- sf#4686 Select elements flicker and selects something else
- sf#4689 Setup tool creates "pma__favorites" incorrectly
- sf#4685 Call to a member function isUserType() on a non-object
- sf#4691 Do not include console when no server is selected
- sf#4688 File permissions in archive
- sf#4692 Dynamic javascripts gives 500 when db selected
* Mon Jan 05 2015 chris@computersalat.de
- fix for boo#911360
* problems with pma__config enabled by default in phpMyAdmin
- rework config patch
* fix for pma storage config (disabled by default)
- add phpMyAdmin-pma.patch
* fix create_tables.sql
- fix restart_on_update
* Mon Jan 05 2015 ecsos@opensuse.org
- update to 4.3.5 (2015-01-05)
- fix bug Auto-configuration: tables were not created
automatically
- sf#4677 Advanced feature checker does not check for
favorite tables feature
- sf#4678 Some of the data stored in configuration storage
are not deleted upon db or table delete
- sf#4679 Setup does not allow providing a name for
favorites table
- sf#4680 Number of favorite table are not configurable in setup
- sf#4681 'Central columns table' field in setup does not have
a description
- sf#4318 Default connection collation and sorting
- sf#4683 Relational data is not properly updated on table rename
- sf#4655 Undefined index: collation_connection (second patch)
- sf#4682 4.3.3 & 4.3.4 Import sql created by mysqldump fails on
foreign keys
- sf#4676 Auto-configuration issues
- sf#4416 New lines are removed when grid editing (part two: TEXT)
* Mon Dec 29 2014 ecsos@opensuse.org
- update to 4.3.4 (2014-12-29)
- sf#4653 Always connection error was shown, on /setup
at tab "configuration storage"
- sf#4661 Drag and drop file import always fails
- sf#4651 don't open console with esc
- sf#4664 select min() displays 1 row, but reports the table
amount of rows returned
- sf#4666 Undefined indexes in table stucture print view
of a view
- sf#4663 Export missing back ticks for order table name
- sf#4668 Remove from central columns error
- sf#4670 CSV import reads both commas and values into
first column after first row
- sf#4642 phpmyadmin often fails to load due to specific
load order
- sf#4671 Unable to move all columns
- sf#4645 Import of export created with mysqldump
- sf#4672 "Distinct values" does not page
- sf#4667 Consistency in borders
- sf#4658 Illegal string offset (Data_length, Index_length)
- sf#4655 Undefined index: collation_connection
- sf#4673 Delimiter causing page lock
* Sun Dec 21 2014 ecsos@opensuse.org
- update to 4.3.3 (2014-12-21)
- fix bug The "Recently used tables" setting should be with
Nav panel
- sf#4647 Can't disable Favorites
- sf#4646 Version Check Broken
- sf#4630 AJAX request infinite loop
- sf#4649 Attributes field size smaller than others
- sf#4622 Cannot remove table ordering on a Mac
- fix bug Fix initial replication configuration
- fix bug Undefined index central_columnswork
- sf#4657 Don't have default blowfish_secret
- sf#4656 Some error popups fade away too quickly
- sf#4648 Consistency in borders
- fix bug $cfg['Error_Handler']['display'] no longer necessary
- sf#4659 Leading and trailing whitespace in column name
* Fri Dec 12 2014 ecsos@opensuse.org
- update to 4.3.2 (2014-12-12)
- sf#4628 PHP error while exporting schema as PDF
- sf#4631 Server selector submits two server parameter values
- sf#4629 Problem with custom SQL queries using cookie
authentication
- fix bug Undefined index central_columnswork
- sf#4632 Notice in ./libraries/Util.class.php#1916
Undefined index: query
- sf#4633 Wrong parameter in fetchValue
- sf#4634 Error reporting creates an infinite loop
- sf#4635 Token mismatch while creating configuration storage
- sf#4640 Incorrect reference to PHP 6
- sf#3794 failure to handle repeating empty columns when
importing ODS
- sf#4638 Default Export Method setting broken
- sf#4639 Export SQL missing indentation first field
- sf#4637 Field Alignment
- sf#4644 Error when browsing tables
* Mon Dec 08 2014 ecsos@opensuse.org
- update to 4.3.1 (2014-12-08)
- sf#4609 'Show all' checkbox label is not clickable
- sf#4610 JS error reporting: Hash fragment is reset
- fix bug Undefined index menuswork
- sf#4614 Separator between "Show All" and "Number of rows"
disappears
- sf#4615 SQL highlighting in process list breaks on auto refresh
- sf#4616 Warning in db structure print view page
- fix bug Undefined index navwork, savedsearcheswork, fields
- sf#4620 Undefined index while adding to the central
columns list
- sf#4618 Page scrolls while GIS visualization is zoomed in/out
with mousewheel
- sf#4613 HHVM: method 'ob_gzhandler' not found
- sf#4593 Manual "SELECT" doesn't change active table
- sf#4623 Incomplete PHP OpenSSL support
- sf#4626 Ctrl + click on a column not in sort triggers a server
call to erroneous url
- sf#4625 "Insufficient space to save the file" on export SQL to
file on server
- sf#4627 "file_get_contents(examples/create_tables.sql): failed
to open stream" after update
- sf#4617 UI issues with sortable tables
- sf#4619 SELECT LENGTH(`field`) FROM `table` does not sort
* Sat Dec 06 2014 ecsos@opensuse.org
- update to 4.3.0 (2014-12-05)
+ rfe #1502 Smart sorting for int keys
+ rfe #1521 Confirmation message when dropping user(s)
+ rfe #1518 Confirm dialog on accidentally leaving a page
+ rfe #1445 Easy access to "SHOW CREATE ..."
+ rfe #1448 Allow clicking an approximate row count to get
a correct one
+ rfe #1487 "Browse foreign values" should be a modal dialog
+ rfe #1523 Better visual clue for table structure
primary key column
+ rfe #982 Support for editing binary fields in hexadecimal
- sf#4416 New lines are removed when grid editing
+ rfe #706 Multi-db privileges adding
+ rfe #1527 Charts for data in <x-axis, series, value> format
+ rfe Allow saving query charts as images
+ rfe #1145 Preview SQL instead of executing it
+ rfe #759 Use aliases in SQL export for tables and columns
- sf#4450 Query is duplicated on Ctrl+Enter
+ rfe #755 Export with table/column name changes
+ rfe #869 Run SQL query: Allow rollback for InnoDB tables
+ rfe #654 Range Search Capability
+ rfe #1490 Dynamic process list
+ rfe #1522 Drag and Drop SQL import
+ rfe #637 Custom Field Handlers
+ rfe #1488 User privilege tab not shown in all relevant cases
+ rfe #781 Privileges for non superuser
+ rfe #908 Improvements for the table editor (index creation)
+ rfe #1426 Navigation state lost on reload
- sf#4439 Table list in left panel doesn't expand
+ rfe Improved validation when inserting data
+ rfe #1491 Support InnoDB for database Query by example
+ rfe #345 Normalize a table
+ rfe #1123 Zeroconf PMA tables support
+ rfe #1492 Remove the distinct query window / Add SQL
log+history panel
+ rfe #919 Multiple-column foreign key relation
- sf#3165 Redundant foreign keys not supported
- fix bug Incorrect link to documentation
+ rfe #857 Regexp replace
- fix bug Incorrect path in change password when on reverse proxy
or
non-root directory
+ MariaDB 10+ multi-master replication support
+ rfe #1544 MySQL 5.7.5 compatibility
+ rfe #1529 Avoid session timeout when user is active
- sf#4528 Can't import dump via SQL field
+ rfe #1251 Show "Overhead" with same precision for all tables
+ rfe #1546 Improve the js printf library
+ rfe #1542 Better error reporting in Designer
- sf#4547 Micro history does not work in Users page
- sf#4551 Wrong test in source code
- sf#4537 BLOB inline-view JPG column transformation does
not work for anything except simple queries
+ rfe #1535 Keyword-based autocompletion in SQL query editors
- sf#4558 Unable to Add Rows while Creating Table
+ rfe #1547 Wrap No Tables Found message with message box
- sf#4559 Logging in causes 100% CPU usage
- sf#4564 Designer: spaces in table name with edit table link
generates bad links
- sf#4582 Debug SQL works only for the first page
- sf#3869 Count(*) on information_scheme.INNODB_BUFFER_PAGE
with a huge bufferpool
- sf#4495 Comment lines in multiquery
- sf#4535 Loads of Warnings/Notices in PMA_getServerSlaveStatus
on replication slave
- sf#4585 Multi query results not shown
+ rfe #1556 Disabling Show all
- sf#4513 phpmyadmin run very slow (information_schema)
- sf#4243 Super slow page rendering with tens of thousands of DBs
- sf#4391 Upgraded to 4.2.0, insanely slow now
+ rfe #1537 PHP OpenSSL support for cookie encryption/decryption
- sf#4227 Token mismatch when using HTTP AUTH and the SESSION
expires
- change all my old mail address in this changelog
from ecsos@old.domain to ecsos@opensuse.org
* Wed Dec 03 2014 ecsos@opensuse.org
- update to 4.2.13.1 (2014-12-03)
This update fixes several vulnerabilities
- Security fixes:
* PMASA-2014-18 (CVE-2014-9219, CWE-661 CWE-79) [boo#908364]
http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php
- sf#4612 [security] XSS vulnerability in redirection mechanism
* PMASA-2014-17 (CVE-2014-9218, CWE-661 CWE-400) [boo#908363]
http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php
- sf#4611 [security] DOS attack with long passwords
* Sun Nov 30 2014 ecsos@opensuse.org
- update to 4.2.13 (2014-11-30)
- sf#4604 Query history not being deleted
- sf#4057 db/table query string parameters no longer work
- sf#4605 Unseen messages in tracking
- sf#4606 Tracking report export as SQL dump does not work
- sf#4607 Syntax error during db_copy operation
- sf#4608 SELECT permission issues with relations and restricted
access
* Thu Nov 20 2014 ecsos@opensuse.org
- update to 4.2.12 (2014-11-20)
This update fixes several vulnerabilities, as well as a number of
other bug fixes.
- Security fixes:
* PMASA-2014-16 (CVE-2014-8961, CWE-661 CWE-23) [boo#906488]
http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php
- sf#4595 [security] Path traversal can lead to leakage of
line count
* PMASA-2014-15 (CVE-2014-8960, CWE-661 CWE-79) [boo#906487]
http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php
- sf#4596 [security] XSS through exception stack
* PMASA-2014-14 (CVE-2014-8959, CWE-661 CWE-98) [boo#906486]
http://www.phpmyadmin.net/home_page/security/PMASA-2014-14.php
- sf#4594 [security] Path traversal in file inclusion of
GIS factory
* PMASA-2014-13 (CVE-2014-8958, CWE-661 CWE-79) [boo#906485]
http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php
- sf#4578 [security] XSS vulnerability in table print view
- sf#4579 [security] XSS vulnerability in zoom search page
- sf#4598 [security] XSS in multi submit
- sf#4597 [security] XSS through pma_fontsize cookie
- Other bug fixes:
- sf#4574 Blank/white page when JavaScript disabled
- sf#4577 Multi row actions cause full page reloads
- fix ReferenceError: targeturl is not defined
- fix Incorrect text/icon display in Tracking report
- sf#4404 Recordset return from procedure display nothing
- sf#4584 Edit dialog for routines is too long for
smaller displays
- sf#4586 Javascript error after moving a column
- sf#4576 Issue with long comments on table columns
- sf#4599 Input field unnecessarily selected on focus
- sf#4602 Exporting selected rows exports all rows of the query
- sf#4444 No insert statement produced in SQL export for
queries with alias
- sf#4603 Field disabled when internal relations used
* Fri Oct 31 2014 ecsos@opensuse.org
- update to 4.2.11 (2014-10-31)
- fix ReferenceError: Table_onover is not defined
- sf#4552 Incorrect routines display for database due to case
insensitive checks
- sf#4259 reCaptcha sound session expired problem
- sf#4557 PHP fatal error, undefined function __()
- sf#4568 Date displayed incorrectly when charting a timeline
- sf#4571 Database Privileges link does not work
- fix makegrid.js: where_clause is undefined
- sf#4572 missing trailing slash (import and open_basedir)
* Tue Oct 21 2014 andreas.stieger@gmx.de
- phpMyAdmin 4.2.10.1 [boo#902154] [CVE-2014-8326]
This release fixes cross-site scripting vulnerabilities in the
SQL debug output and server monitor pages. This developer option
is not enabled by default.
- sf#4562 [security] XSS in debug SQL output
- sf#4563 [security] XSS in monitor query analyzer
/etc/apache2/conf.d/phpMyAdmin.conf /etc/apache2/conf.d/phpMyAdmin.inc
Generated by rpm2html 1.8.1
Fabrice Bellet, Mon Feb 9 16:24:48 2026