File phpMyAdmin.changes of Package phpMyAdmin

Wed Aug  7 12:09:45 UTC 2013 -

- fix for bnc#833731
  * PMASA-2013-10 (CVE-2013-5029 CWE-661 CWE-693)

Mon Aug  5 21:51:23 UTC 2013 -

- update to 4.0.5 (2013-08-04)
  + sf#3977 Not detected configuration storage
  + sf#3970 Pressing enter in the filter field reloads page
  + sf#3984 Cannot insert in this table (PHP < 5.4)
  + sf#3989 Reloading privileges does not update the interface
  + sf#3960 NavigationBarIconic config not honored
  + sf#3985 Call to undefined function mb_detect_encoding
  + sf#4007 Analyze option not shown for InnoDB tables
  + sf#4015 Forcing a storage engine for configuration storage
  + bug Incorrect Drizzle 7 detection
  + sf#4019 Create database if not exists (export): add an option to the
    interface to enable generating CREATE DATABASE and USE (false by default)
  + sf#4012 Crash on CSV file import
  + sf#4009 Statistic Monitor shows only last 3 digits in graph
  + sf#3998 Non-permanent SQL history not working
  + sf#3578 Transformations for text/plain on a BLOB column
  + [security] Improved protection against cross framing, see PMASA-2013-10
    (CVE-2013-5029 CWE-661 CWE-693) 
  + Reinstated configuration directive: AllowThirdPartyFraming
- fix for bug sf#4038: PMASA-2013-8 not mentioned in changes
- add CVEs to changes

Mon Jul 29 20:07:45 UTC 2013 -

- fix for bnc#831896
  * multiple XSS issues (+ a SQL injection and full path disclosure flaw)
  * fix for PMASA-2013-8 (CVE-2013-4995 CWE-661 CWE-79)
  * fix for PMASA-2013-9 (CVE-2013-4996 CVE-2013-4997 CWE-661 CWE-79 CWE-80)
  * fix for PMASA-2013-11 (CVE-2013-4996 CWE-300 CWE-79)
  * fix for PMASA-2013-12 (CVE-2013-4998 CVE-2013-4999 CVE-2013-5000 CWE-661 CWE-200)
  * fix for PMASA-2013-13 (CVE-2013-5001 CWE-661 CWE-79 CWE-80)
  * fix for PMASA-2013-14 (CVE-2013-5002 CWE-661 CWE-79)
  * fix for PMASA-2013-15 (CVE-2013-5003 CWE-661 CWE-89 CWE-269)
- update to (2013-07-28)
  * [security] fix unescaped parameter, see PMASA-2013-8 
  * [security] Fix stored XSS in Server status monitor, see PMASA-2013-9
  * [security] Fix stored XSS in navigation panel logo link, see PMASA-2013-9
  * [security] Fix self-XSS in setup, trusted proxies validation, see PMASA-2013-9
  * [security] Fix full path disclosure, see PMASA-2013-12
  * [security] Fix control user SQL injection in pmd_pdf.php, see PMASA-2013-15
  * [security] Fix control user SQL injection in schema_export.php, see PMASA-2013-15
  * [security] Fix self-XSS in schema export, see PMASA-2013-14
  * [security] Fix unencoded json object, see PMASA-2013-11
  * [security] Fix stored XSS in link transformation plugin, see PMASA-2013-13

Wed Jul  3 21:40:23 UTC 2013 -

- update to (2013-06-30)
  + [security] Global variables scope injection vulnerability
    (PMASA-2013-7, CVE-2013-4729)

Tue Jun 18 22:29:34 UTC 2013 -

- update to 4.0.4 (2013-06-17)
  - sf#3959 Using DefaultTabDatabase in NavigationTree for Database Click
  - sf#3961 Avoid Suhosin warning when in simulation mode
  - sf#3897 Row Statistics and Space usage bugs
  - sf#3966 Only display "table has no unique column" message when applicable
  - sf#3960 NavigationBarIconic config not honored
  - sf#3965 Default language wrong with zh-TW
  - sf#3921 Call to undefined function PMA_isSuperuser() if default server is not set
  - sf#3971 Ctrl/shift + click opens links in same window
  - sf#3964 Import using https does not work
  - fix bug Missing removeCRLF option in ExportCsv and ExportExcel plugins
  - sf#3631 Drop not working Visio schema export.
  - sf#3645 Better handling of invalid ODS documents
  - sf#3976 Number of pages
  - sf#3922 User privileges, database name unescaped

Wed Jun 12 21:59:40 UTC 2013 -

- fix changelog
  * add missing 'fix for bnc#xxxxxx

Thu Jun  6 16:27:24 UTC 2013 -

- update to 4.0.3 (2013-06-05) 
  - sf#3941 Recent tables list always empty
  - sf#3933 Do not translate "Open Document" in export settings
  - sf#3927 List of tables is missing after expanding in the navigation frame
  - sf#3942 Warnings about reserved word for many non reserved words
  - sf#3912 Exporting row selection, resulted by ORDER BY query
  - sf#3957 Cookies must be enabled past this point
  - sf#3956 "Browse foreign values" search filter / page selector not working
  - sf#3579 NOW() function incorrectly selected (partial regression)
  - [security] Javascript execution vulnerability in Create view,
    reported by Maxim Rupp (see PMASA-2013-6)
- fix for bnc#824306
  * PMASA-2013-6 (CVE-2013-3242)

Sat May 25 17:33:09 UTC 2013 -

- update to 4.0.2 (2013-05-24)
  - sf#3902 Cannot browse when table name contains keyword "call"
  + center loading indicator for navigation refresh, related to bug #3920
  - sf#3925 Table sorting in navigation panel is case-sensitive
  - sf#3915 Import of CSV file (Replace table data with file) with duplicate values
  - sf#3907 undefined variables, function parameter problems
  - sf#3898 Structure not refreshed after column drop
  - sf#3926 View is not updatable
  - sf#3919 PropertiesIconic not honored
  - sf#3930 Databases to choose for specific privileges show up escaped
  - sf#3910 Export database with empty table as a php array, does not produce valid PHP
  - sf#3936 Query profiler chart not loading from SQL Query page
  - sf#3946 Missing CSV import option "Do not abort on INSERT error"
  - sf#3943 Missing Operations>Table options>AUTO_INCREMENT
  - bug Missing CREATE DATABASE statement when exporting at database level
  - sf#3924 Show warning when CSV file does not contain data for all columns
  - sf#3947 Missing Sql Query after modify structure
  - sf#3948 Server export problems
  - sf#3917 CountTables directive is deprecated

Wed May 15 08:00:00 UTC 2013 -

- update to (2013-05-14)
  - sf#3879 Import broken for CSV using LOAD DATA
  - sf#3889 When login fails and error display is active, login data is displayed
  - sf#3890 [import] Web server upload directory import fails
  - sf#3891 [import] Server upload folder import file name missing in success message
  + rfe #1421 [auth] Add retry button on connection failure with config auth
  - sf#3894 [interface] Provide feedback if no columns selected for multi-submit
  - sf#3799 [interface] Incorrect select field change on ctrl key navigation in Firefox
  - sf#3885 [browse] display_binary_as_hex option causes unexpected behavior
  - sf#3899 Git commit links to Github missing
  - sf#3900 CSP WARN in Firefox console
  - sf#3901 Setup script warning for config auth (stored login data) shows link BBcode
  - sf#3895 [browse] Fixed getting BLOB data
  - sf#3905 [export] Custom Exporting exports all databases
  - sf#3909 [import] Import of CSV FIle to selected table doesn't work
  - sf#3904 Browsing an empty table should not display its Structure
  - sf#3908 Calendar widget improperly redirects to home
  - sf#3918 Greyed out tabs when there are no rows fixed
  - sf#3916 [interface] Missing scrollbar (original theme)
  + [vendor] add tcpdf path to vendor_config.php
  - bug fix compat with tcpdf >= 6.0 (tested with 6.0.012)

Fri May  3 17:32:42 UTC 2013 -

- update to 4.0.0 (2013-05-03)
  + Patch #3481047 for rfe #3480477 Insert as new row enhancement
  + Patch #3480999 Activate codemirror in the query window
  - Patch #3495284 XML Import - fix message and redirect
  + rfe #3484063 Null checkbox behavior
  + Patch #3497179 Contest-5: Add user: Allow create DB w/same name + grant u_%
  + Patch #3498201 Contest-6: Export all privileges
  + Patch #3502814 for rfe #3187077 Change password buttons should match
  + rfe #3488640 Expand table-group in non-light navigation frame if only one
  + Patch #3509360 Contest-3: Option "Truncate table" before "insert"
  + Patch #3506552 Contest-2: Show index information in the data dictionary
  + Patch #3510656 Contest-1: Ignoring foreign keys while dropping tables
  - sf#3509686 Reverting sort on joined column does not work
  + New transformation: append string
  + rfe #3507804 Session upload progress (PHP 5.4)
  + rfe #3488185 draggable columns vs copy column name
  + Patch #3507001 Contest-4: Textarea for large character columns
  + Removed the PHP version of the ENUM editor
  + Patch #3507111 Display distinct results, linked to corresponding data rows
  - sf#3507917 [export] JSON has unescaped values for allegedly numeric columns
  + rfe #3516187 show tables creation, last update, last check timestamps in db_structure
  - sf#3059806 Supporting running from CIFS/Samba shares
  - sf#3516341 [export] Open Document Text, Word and Texy! Text show table structure twice
  - sf [export] Texy! Text: Columns containing Pipe Character don't export properly
  + [export] Show triggers in Open Document Text, Word and Texy! Text
  - Patch #3415061 [auth] Login screen appears under the page
  + rfe #3517354 [interface] Allow disabling CodeMirror with $cfg['CodemirrorEnable'] = false
  + rfe #3475567 [interface] New directive $cfg['HideStructureActions']
  - sf#3468272 [import] Fixed import of ODS with more paragraphs in a cell
  - sf#3510196 [core] Improved redirecting with ForceSSL option
  + rfe #3518852 [edit] edit blob but not other binary, new option $cfg['ProtectBinary'] = 'noblob'
  + Hide language select box if there are no locales installed
  + Removed some directives: verbose_check, SuggestDBName, LightTabs,
  VerboseMultiSubmit, ReplaceHelpImg
  - Patch #3500882 Fixing checkbox behaviour while editing identical rows
  + rfe #3441722 [interface] Display description of datatypes
  + rfe #3517835 [structure] Move columns easily
  + Ajaxified "Create View" functionality
  + [import] New plugin: import mediawiki
  + New navigation system
  + Discontinued the use of a frame-based layout
  + rfe #3528994 [interface] Allow wrapping possibly long values in replication-status table
  + [interface] Autoselect username input on cookie login page
  - sf#3563799 [interface] Grid editing destroying huge amount of data
  + [import] Remove support for the unactive docSQL import format
  - sf#3577443 [edit] "Browse foreign values" does not show on ajax edit
  + rfe #3522109 [browse] Grid editing: action to trigger it (or disable)
  - sf#3526598 [interface] SQL query not shown when creating table
  + Dropped configuration directive: AllowThirdPartyFraming
  + Dropped configuration directive: LeftFrameLight
  + Dropped configuration directive: DisplayDatabasesList
  + Dropped configuration directives: ShowTooltipAliasDB and ShowTooltipAliasTB
  + Dropped configuration directive: NaviDatabaseNameColor
  + Added configuration directive: MaxNavigationItems
  + Renamed configuration directive: LeftFrameDBTree => NavigationTreeEnableGrouping
  + Renamed configuration directive: LeftFrameDBSeparator => NavigationTreeDbSeparator
  + Renamed configuration directive: LeftFrameTableSeparator => NavigationTreeTableSeparator
  + Renamed configuration directive: LeftFrameTableLevel => NavigationTreeTableLevel
  + Renamed configuration directive: LeftPointerEnable => NavigationTreePointerEnable
  + Renamed configuration directive: LeftDefaultTabTable => NavigationTreeDefaultTabTable
  + Renamed configuration directive: LeftDisplayTableFilterMinimum => NavigationTreeDisplayTableFilterMinimum
  + Renamed configuration directive: LeftDisplayLogo => NavigationDisplayLogo
  + Renamed configuration directive: LeftLogoLink => NavigationLogoLink
  + Renamed configuration directive: LeftLogoLinkWindow => NavigationLogoLinkWindow
  + Renamed configuration directive: LeftDisplayServers => NavigationDisplayServers
  + Renamed configuration directive: LeftRecentTable => NumRecentTables
  + Renamed configuration directive: LeftDisplayDatabaseFilterMinimum => NavigationTreeDisplayDbFilterMinimum
  + Removed the "Mark row on click" feature; must now click the checkbox to mark
  + Removed the "Synchronize" feature
  + Improved layout of server variables page
  + rfe #1052091 [config] Double-underscores in PMA table names
  + Improved the "More" dropdown on the table structure page
  + [interface] Added "scroll to top" link in menubar
  + [designer] Fullscreen mode for the designer
  + Upgraded jquery to v1.8.3 and jquery-ui to v1.9.2
  + Patch #3597529 [status] Add raw value as title on server status page
  + Support MySQL 5.6 partitioning
  + Removed the AjaxEnable directive
  + rfe #3542567 Accept IPv6 ranges and IPv6 CIDR notations in $cfg['Servers'][$i]['AllowDeny']['rules']
  - sf#3576788 Grid editing shows the value before silent truncation
  - Upgraded jqPlot to 1.0.4 r1121
  - Upgraded to jquery-ui-timepicker-addon 1.1.1
  + rfe #3599046 [interface] Added comments for indexes
  - Replaced qtip with jQuery UI tooltip
  - Upgraded CodeMirror to 2.37
  - sf#2951 [export] Correctly export decimal fields.
  - sf#3762 [core] Make Advisor work on Windows withou COM extension.
  - sf#3519 [export] Prevent infinite recursion in PDF export.
  - sf#3827 Table specific privileges not displayed for db name containing underscore
  - rfe #1386 Add IF NOT EXISTS clause when copying database
  - No longer package .travis.yml configuration file when creating a release.
  - sf#3830 Can't export custom query because it lowercases table names
  - sf#3829 Enabling query profiling crashes javascript based navigation
  + rfe #879 Reserved word warning
  + Remove the database ordering sub-feature of the only_db directive
  - sf#3840 When exporting to gzip format, the data is compressed 2 times
  + rfe #1319 Permit to create index when creating foreign key
  - sf#3703 Incorrect updating of the list of users
  - sf#3853 Blowfish implementation might be broken (replace with phpseclib)
  - sf#3865 Using like operator on each backslash needs 4 backslash protection
  - sf#3860 Displayed git revision info is not set
  - sf#3871 Check referential integrity broken across databases
  - sf#3874 [export] No preselected option when exporting table
  - sf#3873 Can't copy table to target database if table exists there
  - sf#3683 Incorrect listing of records from to count
  - sf#3876 [import] PHP 5.2 - unexpected T_PAAMAYIM_NEKUDOTAYIM
  - [security] Local file inclusion vulnerability, reported by Janek Vind
    (see PMASA-2013-4)
  - [security] Global variables overwrite in export.php, reported by Janek Vind
    (see PMASA-2013-5)
  - sf#3892 [export] SQL Export files are empty
- fix for bnc#824304
  * PMASA-2013-4 (CVE-2013-3240)
- fix for bnc#824305
  * PMASA-2013-5 (CVE-2013-3241)

Wed Apr 24 22:41:50 UTC 2013 -

- update to (2013-04-24)
  * [security] Remote code execution (preg_replace), reported by Janek Vind
    (see PMASA-2013-2)
  * [security] Locally Saved SQL Dump File Multiple File Extension Remote Code
    Execution, reported by Janek Vind (see PMASA-2013-3)
- fix for bnc#824301
  * PMASA-2013-2 (CVE-2013-3238)
- fix for bnc#824302
  * PMASA-2013-3 (CVE-2013-3239)

Mon Apr  8 18:33:29 UTC 2013 -

- update to 3.5.8 (2013-04-08)
  * sf#3828 MariaDB reported as MySQL
  * sf#3854 Incorrect header for Safari 6.0
  * sf#3705 Attempt to open trigger for edit gives NULL
  * [security] Self-XSS on GIS visualisation page, reported by Janek Vind
    see PMASA-2013-1
  * sf#3800 Incorrect keyhandler behaviour #2
- fix for bnc#814678
  * PMASA-2013-1 (CVE-2013-1937)

Fri Mar 15 19:51:32 UTC 2013 -

- update to (2013-02-15)
  * sf#3779 [core] Problem with backslash in enum fields
  * sf#3816 Missing server_processlist.php
  * sf#3821 Safari: white page
  * Correct detection of the Chrome browser

Mon Feb  4 17:34:24 CET 2013 -

- update to (2013-01-28)
  * sf#3593604 [status] Erroneous advisor rule
  * sf#3596070 [status] localStorage broken in server status monitor
  * sf#3598736 [routines] Editing a procedure with special characters
  * sf#3600322 [core] Visualize GIS data throws Fatal Error
  * sf#3599362 [core] Double-escaped error message
  * sf#3776 [cookies] Login without auth on second server

Wed Jan 16 23:17:50 UTC 2013 -

- update to (2012-12-21)
  * sf#3563824 [export] Support Apache's mod_deflate
  * sf#3585523 [interface] Inline query editing broken after row update
  * sf#3586389 [setup] Cannot switch language in /setup
  * sf#3585695 [CSS] Font size in inline query editor is way too big
  * sf#3588354 [l10n] Portuguese Language not displaying correctly
  * sf#3591412 [status] Live charts don't work for non-default server
  * sf[core] Proxy ajax calls to to avoid browser notices
  * sf#3593534 [tracking] Structure Snapshot on tracked view renders
    invalid SQL
  * sf#3544366 [events] Event comments not saved

Sat Dec 15 15:23:00 UTC 2012 -

- update to (2012-11-16)
  * sf#3570212 [edit] uuid_short() is a no-arguments function
  * sf#3569577 [edit] Add routine parameter headers not valid for
  * sf#3575799 [search] Various search operators not working as
  * sf#3576322 [search] Invalid select query generated for tables with
    ENUM fields
  * sf#3577468 [display] Incorrect imagejpeg Syntax Breaks Image
  * sf#3578776 [search] Editing SQL not possible when no records found
  * sf#3571970 [interface] Display chart and number of rows to plot
  * sf#3582631 [core] Wrong redirect url caused cookies error with

Mon Nov  5 11:40:16 UTC 2012 -

- update to (2012-10-08)
  * sf#3539044 [interface] Browse mode "Show" button gives blank page
    if no results anymore
  * sf#3534979 [interface] Copy Database Ajax feedback vanishes long
    before copying is done
  * sf#3527531 [interface] GC-maxlifetime warning incorrectly
  * sf#3526916 [interface] Search fails with JS error when tooltips
  * sf#3544366 [interface] Event comments not saved
  * sf#3549084 [edit] Can't enter date directly when editing inline
  * sf#3548491 [interface] Inline query editor doesn't work from
    search results
  * sf#3547825 [edit] BLOB download no longer works
  * sf#3541966 [config] Error in generated configuration arrray
  * sf#3553551 [GUI] Invalid HTML code in multi submits confirmation
  * [interface] Designer sometimes places tables on the top menu
  * sf#3546277 [core] Call to undefined function __() when config file
    has wrong permissions
  * sf#3540922 [edit] Error searching table with many fields
  * sf#3555104 [edit] Cannot copy a DB with table and views
  * sf#3559925 [privileges] Incorrect updating of the list of users
  * sf#3561224 [edit] cell edit date field with empty date fills in
    current date
  * sf#3559955 [edit] current_date from function drop down fails on
  * sf#3562472 add support for Solaris and FreeBSD system load and
    memory display in server status
  * sf#3553068 [import] Table import from XML file fails
  * replace Highcharts with jqplot for Display chart
  * sf#3567684 [edit] Pasting value doesn't clear null checkbox
  * sf#3570786 [edit] Datepicker for date and datetime fields is
- fix for bnc#788103
  * PMASA-2012-6 (CVE-2012-5339)
  * PMASA-2012-7 (CVE-2012-5368)

Tue Aug 21 14:30:51 UTC 2012 -

- update to (2012-08-12)
  - [security] Fixed XSS vulnerabilities,
     see PMASA-2012-4
- update to (2012-08-03)
  - [security] Fixed local path disclosure vulnerability,
     see PMASA-2012-3
- fix for bnc#776701
  * PMASA-2012-4 (CVE-2012-4345)
- fix for bnc#776698
  * PMASA-2012-3 (CVE-2012-4219)

Sun Jul  8 15:52:13 UTC 2012 -

- udpate to 3.5.2 (2012-07-07)
  * bug sf#3521416 [interface] JS error when editing index
  * bug sf#3521313 [core] Call to undefined function __()
  * bug sf#3521016 [edit] NOW() function incorrectly selected
  * bug [GUI] Invalid HTML code on transformation_overview.php
  * bug sf#3522930 [browse] Missing validation in Ajax mode
  * bug Fix popup message on build SQL of import
  * bug sf#3523499 [core] Make X-WebKit-CSP work better
  * replace Highcharts with jqplot for query profiling, zoom search
  * bug sf#3531584 [interface] No form validation in change password
  * bug sf#3531585 [interface] Broken password validation in copy user
  * bug sf#3531586 [unterface] Add user form prints JSON when user
     presses enter
  * bug sf#3534121 [config] duplicate line in
  * bug sf#3534311 [interface] Grid editing incorrectly parses
     ENUM/SET values
  * bug sf#3510196 [core] More clever URL rewriting with ForceSSL
- rebase config patch

Sun Jun  3 22:00:45 UTC 2012 -

- update to (2012-05-03)
  * bug sf#3510784 [edit] Limit clause ignored when sort order is
  * bug sf#3511471 [interface] View name not seen in navi panel
     (MySQL 5.1)
  * bug sf#3512916 [display] Right frame reloads after displaying SQL
     result(zero rows)
  * bug [interface] Fixed missing Codemirror for inline query edit
     when exporting a result set
  * bug sf#3514490 [auth] Multiple Navigation panels bug still present
  * bug sf#3515181 [users] Error in create user + underscore + create
  * bug sf#3515666 [display] Profiling chart shows wrong data
  * bug sf#3516037 [auth] JS includes missing in auth config error page
  * bug sf#3516183 [display] Missing image extension
  * bug [display] Added missing icons in original theme
  * bug sf#3516761 [edit] Query error after search
  * bug sf#3516405 [display] Chart title is getting wrong within chart
  * bug sf#3517021 [interface] Header links except 'More' hide after
     closing dialog
  * bug sf#3516817 [interface] "More" actions in table structure
  * bug sf#3518484 [privileges] PMA_sqlAddSlashes() does not quote the
    table names correctly
  * bug sf#3518983 [designer] Error messages do not appear in the
  * bug sf#3519747 [interface] Suhosin patch warning incorrectly
  * bug sf#3520107 [interface] Server status page: Incorrect dialog box
  * bug sf#3516089 [structure] DROP does not work on defective VIEWs
- rebase config patch
  * remove version from patch name
  * add missing options

Thu Apr 26 19:49:16 UTC 2012 -

- update to
  * bug sf#3486970 [import] Exception on XML import
  * bug sf#3488777 [navi] $cfg['ShowTooltipAliasTB'] and blank names
    in navigation
  * bug sf#3512565 [navi] Fixed missing word "Rows" in table list
    tooltip after click

Mon Apr  2 10:14:55 UTC 2012 -

- update to (fix for bnc#755211)
  - [security] Fixed local path disclosure vulnerability,
    see PMASA-2012-2

Thu Feb 23 12:45:22 UTC 2012 -

- fix changelog
  * rename bugs , patches ("{bug,patch} #....") to fit into
    bug naming scheme -> "sf#...."

Mon Feb 20 09:50:54 UTC 2012 -

- update to (fix for bnc#747841)
  * [security] XSS in replication setup, see PMASA-2012-1
- (2012-02-14)
  * sf#3460090 [interface] TextareaAutoSelect feature broken
  * sf#3375984 [export] PHP Array export might generate invalid php
  * sf#3049209 [import] Import from ODS ignores cell that is the same
     as cell be fore
  * sf#3463933 [display] SELECT DISTINCT displays wrong total records
  * sf#3458944 [operations] copy table data missing
  * sf#3469254 [edit] Setting data to NULL and drop-downs
  * sf#3477063 [edit] Missing set fields and values in generated
     INSERT query
  * sf#3460867 [libraries] license issue with TCPDF
    (updated to 5.9.145), (fix for bnc#736698)

Wed Dec 28 13:41:55 UTC 2011 -

- update to 3.4.9
  - sf#3442028 [edit] Inline editing enum fields with null shows no dropdown
  - sf#3442004 [interface] DB suggestion not correct for user with underscore
  - sf#3438420 [core] Magic quotes removed in PHP 5.4
  - sf#3398788 [session] No feedback when result is empty (signon auth_type)
  - sf#3384035 [display] Problems regarding ShowTooltipAliasTB
  - sf#3306875 [edit] Can't rename a database that contains views
  - sf#3452506 [edit] Unable to move tables with triggers
  - sf#3449659 [navi] Fast filter broken with table tree
  - sf#3448485 [GUI] Firefox favicon frameset regression
  - [core] Better compatibility with mysql extension
  - [security] Self-XSS on export options (export server/database/table),
    see PMASA-2011-20
  - [security] Self-XSS in setup (host parameter), see PMASA-2011-19
- fix for bnc#738411
  * PMASA-2011-19 (CVE-2011-4780)
  * PMASA-2011-20 (CVE-2011-4782)
- rework config patch

Fri Dec 16 08:34:11 UTC 2011 -

- fix changelog
  * add missing info for bnc#736772
- fix fdupes
  * reduce fdupes to affected files only (./libraries,./themes)

Tue Dec 13 14:25:45 UTC 2011 -

- update to 3.4.8
  - sf#3425230 [interface] enum data split at space char (more space to edit)
  - sf#3426840 [interface] ENUM/SET editor can't handle commas in values
  - sf#3427256 [interface] no links to browse/empty views and tables
  - sf#3430377 [interface] Deleted search results remain visible
  - sf#3428627 [import] ODS import ignores memory limits
  - sf#3426836 [interface] Visual column separation
  - sf#3428065 [parser] TRUE not recognized by parser
  + sf#3433770 [config] Make location of php-gettext configurable
  - sf#3430291 [import] Handle conflicts in some open_basedir situations
  - sf#3431427 [display] Dropdown results - setting NULL does not work
  - sf#3428764 [edit] Inline edit on multi-server configuration
  - sf#3437354 [core] Notice: Array to string conversion in PHP 5.4
  - [interface] When ShowTooltipAliasTB is true, VIEW is wrongly shown as the
    view name in main panel db Structure page
  - sf#3439292 [core] Fail to synchronize column with name of keyword
  - sf#3425156 [interface] Add column after drop
  - [interface] Avoid showing the password in phpinfo()'s output
  - sf#3441572 [GUI] 'newer version of phpMyAdmin' message not shown in IE8
  - sf#3407235 [interface] Entering the key through a lookup window does not
    reset NULL
  - [security] Self-XSS on database names (Synchronize), see PMASA-2011-18
  - [security] Self-XSS on database names (Operations/rename), see PMASA-2011-18
  - [security] Self-XSS on column type (Create index), see PMASA-2011-18
  - [security] Self-XSS on column type (table Search), see PMASA-2011-18
  - [security] Self-XSS on invalid query (table overview), see PMASA-2011-18
- fix for bnc#736772 (CVE-2011-4634, PMASA-2011-18)

Mon Nov 14 20:22:30 UTC 2011 -

- update to (fix for bnc#728243)
  - [security] Fixed possible local file inclusion in XML import
    (CVE-2011-4107), see PMASA-2011-17

Wed Oct 26 10:49:15 UTC 2011 -

- update to 3.4.7
  - sf#3418610 [interface] Links in navigation when
     $cfg['MainPageIconic'] = false
  - sf#3418849 [interface] Inline edit shows dropdowns even after closing
  - bug [view] View renaming did not work
  - bug [navi] Wrong icon for view (MySQL 5.5)
  - sf#3420229 [doc] Missing documentation section
  - sf#3423725 [pdf] Broken PDF file when exporting database to PDF
  - [core] Allow to set language in URL
  - sf#3425184 [doc] Fix links to PHP documentation
  - sf#3426031 [export] Export to bzip2 is not working
- (2011-10-16)
  - sf#3404173 InnoDB comment display with tooltips/aliases
  - sf#3404886 [navi] Edit SQL statement after error
  - sf#3403165 [interface] Collation not displayed for long enum fields
  - sf#3399951 [export] Config for export compression not used
  - sf#3400690 [privileges] DB-specific privileges won't submit
  - sf#3410604 [config] Configuration storage incorrect suggested table name
  - sf#3383572 [interface] Cannot execute saved query
  - sf#3411535 [display] Full text button unchecks results display options
  - sf#3411224 [display] Broken binary column when 'Show binary contents'
     is not set
  - sf#3411633 [core] Call to undefined function PMA_isSuperuser()
  - sf#3413743 [interface] Display options link missing after search
  - sf#3324161 [core] CSP policy causing designer JS buttons to fail
  - sf#3412862 [relation] Relations/constraints are dropped/created
     on every change
  - sf#3390832 [display] Delete records from last page breaks search
  - sf#3392150 [schema] PMA_User_Schema::processUserChoice() is broken
  - sf#3414744 [core] External link fails in 3.4.5
  - sf#3314626 [display] CharTextareaRows is not respected
  - sf#3417089 [synchronize] Extraneous db choices
  - [security] Fixed local path disclosure vulnerability, see PMASA-2011-15
  - [security] Fixed XSS in setup (host/verbose parameter), see PMASA-2011-16

Tue Oct  4 21:36:48 UTC 2011 -

- update to 3.4.5
  - sf#3375325 [interface] Page list in navigation frame looks odd
  - sf#3313235 [interface] Error div misplaced
  - sf#3374802 [interface] Comment on a column breaks inline editing
  - sf#3383711 [display] Order by a column in a view doesn't work
    in some cases
  - sf#3386434 [interface] Add missing space to server status
  - [core] Remove library PHPExcel, due to license issues
  - [export] Remove native Excel export modules (xls and xlsx formats)
  - [import] Remove native Excel import modules (xls and xlsx formats)
  - sf#3392920 [edit] BLOB emptied after editing another column
  - [security] Fixed XSS in Inline Edit on save action, see PMASA-2011-14
  - [security] Fixed XSS with db/table/column names, see PMASA-2011-14

Sat Aug 27 17:17:27 UTC 2011 -

- update to 3.4.4
  - sf#3323060 [parser] SQL parser breaks AJAX requests if query has unclosed
  - sf#3323101 [parser] Invalid escape sequence in SQL parser
  - sf#3348995 [config] $cfg['Export']['asfile'] set to false does not select
    as Text option
  - sf#3340151 [export] Working SQL query exports error page
  - sf#3353649 [interface] "Create an index on X columns" form not validated
  - sf#3350790 [interface] JS error in Table->Structure->Index->Edit
  - sf#3353811 [interface] Info message has "error" class
  - sf#3357837 [interface] TABbing through a NULL field in the inline mode
    resets NULL
  - remove version number in /setup
  - sf#3367993 [usability] Missing "Generate Password" button
  - sf#3363221 [display] Missing Server Parameter on inline sql query
  - sf#3367986 [navi] Drop field -> lost active table
  - remove misleading comment on the "Rename database" interface
  - sf#3374374 [interface] Fix footnote for inexact count while browsing
  - sf#3372807 [interface] Fix security warning link in setup
  - sf#3374347 [display] Backquotes in normal text on import page
  - sf#3358750 [core] With Suhosin, urls are too long in edit links
  - [security] Missing sanitization on the table, column and index names leads to
    XSS vulnerabilities, see PMASA-2011-13

Fri Jul 29 14:57:01 UTC 2011 -

- update to
  o PMASA-2011-9 to PMASA-2011-12

Mon Jul  4 13:27:10 UTC 2011 -

- update to
  - [security] Fixed possible session manipulation in swekey
    authentication, see PMASA-2011-5
  - [security] Fixed possible code injection incase session variables
    are compromised, see PMASA-2011-6
  - [security] Fixed regexp quoting issue in Synchronize code, see PMASA-2011-7
  - [security] Fixed filtering of a file path, which allowed for
    directory traversal, see PMASA-2011-8
- (2011-06-27)
  - sf#3311170 [sync] Missing helper icons in Synchronize
  - sf#3304473 [setup] Redefine a lable that was wrong
  - sf#3304544 [parser] master is not a reserved word
  - sf#3307616 [edit] Inline edit updates multiple duplicate rows
  - sf#3311539 [edit] Inline edit does not escape backslashes
  - sf#3313210 [interface] Columns class sometimes changed for nothing
  - sf#3313326 [interface] Some tooltips do not disappear
  - sf#3315720 [search] Fix search in non unicode tables
  - sf#3315741 [display] Inline query edit broken
  - sf#3317206 [privileges] Generate password option missing on new accounts
  - sf#3317293 [edit] Inline edit places HTML line breaks in edit area
  - sf#3319466 [interface] Inline query edit does not escape special characters
  - minor XSS (require a valid token)
- add restart_on_update apache to post

Wed Jun 22 09:01:52 UTC 2011 -

- fix changelog
  o update to -> update to 3.4.2
- fix bnc#697748 (suhosin customization)
  o moved from spec's %post to http_conf file

Thu Jun 09 14:41:00 UTC 2011 -

- update to 3.4.2
  - sf#3301249 [interface] Iconic table operations does not remove inline edit label
  - sf#3303869 [interface] Unnecessary scrolling on Databases page
  - sf#3303813 [setup] Define a label that was missing
  - sf#3305606 [interface] Show all button wraps on privileges page
  - sf#3305517 [config] Config for export compression not used
  - sf#3305883 [interface] Table is dropped regardless of confirmation
  - [auth] Fixed error handling for signon auth method.
  - sf#3276001 [core] Avoid caching of index.php.
  - sf#3306958 [interface] Unnecessary Details slider
  - sf#3308476 [interface] "Show all" not persistent after a sort
  - sf#3308072 [auth] Version disclosure to anonymous visitors
  - sf#3306981 [interface] pmahomme and table statistics

Tue May 24 16:06:05 UTC 2011 -

- update to 3.4.1
  - bug sf#3301108 [interface] Synchronize and already configured host
  - bug sf#3302457 Inline edit and $cfg['PropertiesIconic']
  - Patch #3302313 Show a translated label
  - bug sf#3300981 [navi] Table filter is case sensitive
  - bug sf#3285929 [privileges] Revert temporary fix
  - bug sf#3302872 [synchronize] Synchronize and user name
  - bug sf#3302733 [core] Some browsers report an insecure https connection
  - [security] Make redirector require valid token
- rework config patch
  - removed 3.3.8, added 3.4.1 config patch
- added conftrib to doc
- mod post section
  o modify suhosin.ini

Sat Mar 19 19:17:57 UTC 2011 -

- update to 3.3.10
  - patch sf#3147400 [structure] Aria table size printed as unknown,
    thanks to erickoh75 - erickoh75
  - patch sf#3150164 [structure] Ordering by size gives incorrect results,
    thanks to Madhura Jayaratne - madhuracj
  - bug sf#3153409 [core] 0 row(s) affected
  - bug sf#3155842 [core] Edit relational page and page number
  - [security] Minor security fixes, see PMASA-2010-9 and PMASA-2010-10
  - [lang] German update, thanks to

Wed Feb 23 12:10:46 UTC 2011 -

- update to
  - [security] SQL injection, see PMASA-2011-2
- (2011-02-08)
  - [security] Path disclosure, see PMASA-2011-1
- add macros for ap_usr, ap_grp
- fix perm on sysconfdir
  o 0750,root,www

Thu Jan 27 20:14:40 UTC 2011 -

- update to 3.3.9
  - bug [doc] Fix references to MySQL doc
  - sf#3101490 Default function for TIMESTAMP, thanks to jirand - jirand
  - sf#3103853 [js] Double quotes were not escaped in generated js
  - sf#3077463 [core] Events were not copied when copying/renaming database
  - sf#1762306 [core] Copy database with view of a view
  - sf#3117535 [replication] Add quotes to database in initial statement,
    thanks to Craig Duncan - duncan3dc
  - sf#3112614 [pdf schema] Scratchboard for PDF pages not working
  - sf#3125606 [parser] Query for table "level" causes strange display
  - sf#3127904 [parser] Close all opened round brackets indents
- removed Authors from spec

Fri Dec  3 23:04:41 UTC 2010 -

- update to
  - sf#3115519 (private) [security] XSS on db search, see PMASA-2010-8
- rework config patch
  o add AllowNoPassword

Wed Oct 27 10:23:50 UTC 2010 -

- update to 3.3.8 
  - sf#3059311 [import] BIGINT field type added to table analysis
  - [core] Update library PHPExcel to version 1.7.4
  - sf#3062455 [core] copy procedures and routines before tables
  - sf#3062455 [export] with SQL, export procedures and routines before tables
  - sf#3056023 [import] USE query not working
  - sf#3038193 [display] Error when editing row with GEOMETRY column
  - sf#3062454 [interface] Display routines/events also when no tables are defin
  - support ARIA storage engine as well as its previous name MARIA

Wed Sep 22 14:03:14 CEST 2010 -

- update to 3.3.7

Wed Jul  7 14:48:50 UTC 2010 -

- update to version 3.3.4
- sf#2996161 [import] properly escape import value
- sf#2998889 [import] Import button does not work in Catalan
- [browse] Fix handling of sort order if only column is specified.
+ [lang] Greek update, thanks to Panagiotis Papazoglou - panos78
+ [lang] Updated lot of translation based on work done in master branch.
- sf#3008411 [databases] Last dropped database remains active in navi
- sf#2986383 [parser] Not all data being shown / counted
- bug [synchronize] Rows were deleted in target table regardless of the
  "Would you like to delete..." option
- bug [privileges] List of tables not shown when the db name has a wildcard
- sf#3011126 [display] Edit link missing after long query
- sf#3013264 [doc] FAQ 1.40 uses a comma instead of a period,
  thanks to Isaac Bennetch - ibennetch
- [engines] Fix getting InnoDB status.
- sf#2986422 [import] Results for query are not displayed

Fri May 21 16:59:50 UTC 2010 -

- update to version 3.3.3
  - sf#2982480 [navi] Do not group if there would be one table in group
  - sf#2983492 [sync] When asking to synchronize Structure and Data,
    only Structure is done
  - sf#2984893 [engines] InnoDB storage page emits a warning
  - sf#2974687, sf#2974692 [compatibility] PHPExcel : IBM AIX iconv() does not work
  - sf#2983066 [interface] Flush table on table operations shows the query twice
  - sf#2983060, sf#2987900 [interface] Fix initial state of tables in
  - sf#2983062, sf#2989408 [engines] Fix warnings when changing table
    engine to Maria
  - sf#2974067 [display] non-binary fields shown as hex
  - sf#2983065 [operations] Error when changing from Maria to MyISAM engine
  - sf#2975408 [tracking] Data too long for column data_sql
  - bug [tracking] Tracking report should obey MaxCharactersInDisplayedSQL 
  - bug [edit] Avoid selecting UNHEX function by default for a BLOB column for
    which editing is protected
  - sf#2994168 [structure] Show auto_increment in uppercase 
  - sf#2993970 [pdf schema] Page numbering in Table of Contents
- (2010-04-13)
  - sf#2969449 [core] Name for MERGE engine varies depending on the
    MySQL version, thanks to Dieter Adriaenssens - ruleant
  - sf#2966078 [browse] Incorrect LIMIT is saved and sticks while browsing
  - sf#2967366 [Structure] Some results of Propose table structure are
    shown in hex
  - sf#2967565 [insert] UNHEX not selected by default when inserting BINARY
  - [navi] Changed link to git repository on main page
  - sf#2972232 [menu] Import menu tab not present on main page
  - sf#2976790 [menu] Go to the upper level after table DROP,
    thanks to Kaarel Nummert - kaarelnu
  - sf#2978815 [pdf] Fix generating PDF with table dimensions, thanks to BlinK_
  - sf#2977725 [export] XML wrongly encoded, thanks to Victor Volkov - hanut
  - sf#2979234 [import] Create tables with current charset and collation.
  - sf#2979234, sf#2960105 [import] Properly import unicode text from ODS.
  - sf#2973280 [export] Proper handling of temporary directory in XLS export.
  - sf#2980582 [interface] Properly format server status parameter.
  - sf#2973949 [session] SQL History broken (revert sf#2899969),
    thanks to Dieter Adriaenssens - ruleant
  - [doc] Be more specific about problems with Suhosin.

Fri Mar 26 00:41:30 UTC 2010 -

- update to version 3.3.1
  - sf#2941037 [core] Database structure not sorted by table correctly 
  - sf#2948492 [interface] Slide effect masks some fields on search page
  - sf#2959746 [interface] Unknown table status: TABLE_TYPE 
  - sf#2953050 [export] export VIEW as SQL includes INSERT statement 
  - sf#2942032 [core] Cannot detect PmaAbsoluteUri correctly on Windows 
  - sf#2961609 [auth] Potential information disclosure at login page
  - sf#2961540 [export] Do not export data of MERGE table,
    thanks to Dieter Adriaenssens - ruleant
  - sf#2961198 [parser] Querying a table named "data"
  - sf#2931429 [structure] Editing long triggers
  - sf#2970769 [structure] Incorrect reference to mootools-more.js 
- cleanup spec
  - fixed HEADER
  - sort TAGS
  - some macros (ap_...)
  - updated description
  - added postun
    o restart_on_update apache2
- some rpmlint stuff
  - fdupes
- reworked patches
  - removed blowfish_secret
  - removed mysqli.patch
  - added config patch
    o mods to vendor_config
- replaced Source1
  phpmyadmin.conf > phpMyAdmin.http
- to /etc/phpMyAdmin

Wed Mar 10 21:41:47 UTC 2010 -

- Updated to 3.3.0
  + rfe #2308632 [edit] Use hex for (var)binary fields
  + sf#2794819 [navi] Filter for displayed table names
  - sf#2794840 [core] Cannot redeclare pma_tableheader() 
  - rfe #2726479 [core] configurable maximal length of URL
  + sf#2724755 [display] Full/partial text links (big T) are back
  - bug [display] handle NavigationBarIconic as documented for navi buttons
  + rfe #2726479 [export] Export tables preselect
  + sf#2805828 [export] PHP array export plugin
  + sf#2798592 [import] Progress bar 
  - bug [gui] Generate Password not working for 'Change Login Information', only for 'Change password'
  + [lang] Arabic update
  + rfe #2822190 [structure] BOOLEAN is standard SQL 
  + [lang] German update
  + rfe #2813867 [structure] Default sorting order in list of tables
  + [import] Added MySQL type-detection functionality to import library
  + [import] Added ODS, Excel XLS, Excel XLSX, and XML import modules
  + [export] Added Excel XLSX export module
  + [core] Added ability for tracking changes made through phpMyAdmin
  + rfe #2839504 [engines] Support InnoDB plugin's new row formats 
  + [core] Added ability for synchronizing databases among servers.
  + [lang] #2843101 Dutch update
  + [lang] Galician update
  + [export] Added MediaWiki export module
  + [lang] Turkish update
  + [auth] Add custom port configuration in signon
  - [core] Removed context from the error handler 
  - sf#2883633 [export] Export of InnoDB table is incomplete 
  + rfe #2862575 [status] Order query statistics by % desc, skip rows with 0 
  + rfe #2823686 [interface] Increase default height of query window 
  + rfe #2129902 [structure] Don't hide indexes 
  + sf#2812070 [interface] Allow selecting a range of rows by holding shift
  + [lang] Russian update, thanks to Victor Volkov
  + [lang] Greek update, thanks to Panagiotis Papazoglou
  + [lang] Norwegian update, thanks to Sven-Erik Andersen 
  - sf#2929958 [import] Cannot import (French interface) 
  - [security] Use X-Frame-Options header to protect against ClickJacking.
  + [lang] Finnish update, thanks to Jouni Kahkonen
  + [lang] Lithuanian update, thanks to Rytis Slatkevicius - rytis_s 
  - sf#2931939 [status] Seeing "m" as unit is confusing 
  - sf#2926613 [edit] Copy database shows errors when DB has foreign key
  + [lang] Catalan update, thanks to Xavier Navarro 

Wed Jan 20 17:18:45 UTC 2010 -

- Updated to 3.2.5
  - sf#2903400 [bookmarks] Status of bookmark table, 
    thanks to Virsacer - virsacer
  - bug [history] QueryHistoryDB is not respected
  - sf#2905629 [auth] Blowfish secret is not hashed 
  - sf#2910000 [gui] ShowServerInfo should hide all server info from main page 
  - sf#2910568 [structure] Table size for ARCHIVE tables is not displayed 
  - sf#2899969 [core] Session lock blocks working from a second window,
    thanks to Greg Roach - fisharebest
  - sf#2915168 [import] Incorrect parsing of DELIMITER keyword,
    thanks to Greg Roach - fisharebest
  - sf#2918831 [export] Missing backquotes on reserved words, 
    thanks to Virsacer - virsacer
  - [core] Fix broken cleanup of $_GET
  - sf#2924357 [operations] Cannot rename a database that has foreign key
  - sf#869006 [structure] Ignore number of records for MRG_MyISAM tables
  - bug [browse] "Show BLOB contents" should display HTML code that is present
    in a BLOB, thanks to Vincent van der Tuin
  - [privileges] Improve escaping of hostname 

Tue Nov 10 01:45:00 UTC 2009 -

- sf#2856664 [export] Date, time, and datetime column types now export correctly to OpenOffice Spreadsheet
- sf#2859788 [parser] Double-character delimiters (sf#2846239) 
- sf#2832600 [export] Slow export when having lots of databases 
- sf#2537766 [import] Comments are stripped when editing store procedures 
- sf#2852370 [operations] Renaming database deletes triggers 
- sf#2872247 [interface] Failed opening required 'mysql_charsets.lib.php'
- bug [structure] "In use" table incorrectly reported as "view" 
- sf#2879909 [interface] Removed double htmlspecialchars when editing enum column
- sf#2868328 [relations] Adding foreign key when table name contains a dot 
- sf#2883381 [doc] Side effects of MemoryLimit setting 
- sf#2826128 [display] Inverting sort order when expression contains a function name 

Sat Sep 19 00:50:10 CEST 2009 -

- sf#2825293 [structure] Default value for a BIT column 
- bug [display] Red arrows were reversed in the list of tables
- sf#2813879 [export] Duplicate empty lines when exporting without comments 
- sf#2825919 [export] Trigger export with database name 
- sf#2823996 [data] Cannot edit row with no PK and a BIT field
- bug [export] Exporting results of a query which contains a LIMIT clause
  inside a subquery
- sf#2837722 [export] Run complex SQL then export does not work
- sf#2839548 [export] Triggers order on export
- sf#2826986 [display] Order by BLOB and range display
- bug [display] After clicking on Show Function or Function, the UPDATE query
  is not shown after execution
- bug [structure] Missing validation for BINARY and VARBINARY 

Sun Aug 16 06:13:35 UTC 2009 -

- sf#2799009 Login with ipv6 IP address breaks redirect
- sf#2796066 [priv] Inconsistent display of databases list
- sf#2802870 [display] Incorrect overhead value for InnoDB
- bug [display] Incorrect display in replication status
- sf#1601625 [display] The Ignore checkbox is not unchecked for ENUM
- sf#2809930 [setup] Notice: Undefined variable: k in setup/index.php
- bug [features] Incorrect report of missing relational features
- [security] XSS: Insufficient output sanitizing (not exploitable without a vali
d token)
  thanks to Sven Vetsch/Disenchant for informing us in a responsible manner
- sf#2634827 [import] Using DELIMITER produces infinite cycle
+ new language files: uzbek_cyrillic and urbek_latin
- sf#2814109 [search] Right frame is blank
- sf#2816840 [priv] Cannot change a user's details
- sf#2816165 [display] Executed query not always displayed
- sf#2819944 [setup] Incorrect mention of designer_coords
- sf#2821757 [insert] "Insert another new row" no longer worked
+ [lang] Norwegian update
- bug [core] PMA_pow() can support negative exponents in the pow() case
+ [lang] Brazilian Portuguese update
- sf#2822384 [docs] Missing auth_type in docs-example
- sf#2819728 [display] Slider effect jumping to top of page
- bug [display] Incorrect computation of overhead stats in server view
  for tables under the InnoDB engine
+ [lang] Swedish update

Fri Jul 24 15:51:24 UTC 2009 -

- First security release for phpMyAdmin 3.2.0

Sun Jun 28 04:17:23 UTC 2009 -

- update to 3.2.0

Sun May  4 16:19:43 UTC 2008 -

- phpMyAdmin package misses files (favicon.ico, scripts/*) [BNC #381747]
- phpMyAdmin setup.php missing [BNC #335306]
- update to version 2.11.6, bug fix only release
- sf#1903724 [interface] Displaying of very large queries
  in error message
- sf#1905711 [compatibility] Functions deprecated in PHP 5.3:
  is_a() and get_magic_quotes_gpc()
- bug [lang] catalan wrong accented characters
- sf#1893034 [Export] SET NAMES for importing with command-line
  + [lang] Russian update
- sf#1910485 [core] Unsetting the whitelist during the loop
- sf#1906980 [Export] Import of VIEWs fails if temp table exists
- sf#1812763 [Copy] Table copy when server is in ANSI_QUOTES
- sf#1918531 [compatibility] Navigation isn't valid
- sf#1926357 [data] BIT defaults displayed incorrectly
- sf#1930057 [auth] colon in password prevents HTTP login
  on CGI/IIS
- sf#1929553 [lang] Don't output BOM character in Swedish
  language file
- sf#1895796 [lang] Typo in Japanese lang files
- sf#1935652 [auth] Access denied (show warning about mcrypt
  on login page)
- sf#1906983 [export] Reimport of FUNCTION fails
- sf#1919808 [operations] Renaming a database fails to handle
- sf#1934401 [core] Cannot force a language
- sf#1944077 [core] Config file containing a BOM
- sf#1947189 [scripts] Missing head tag in scripts/signon.php
- [lang] Romanian update

Mon Apr  7 11:27:24 UTC 2008 -

- pmd folder is missing in phpmyadmin [bnc #376616]

Sat Mar 29 15:53:44 UTC 2008 -

- update to version
  * sf#1909711 [security] Sensitive data in session files

Mon Mar 10 04:13:27 UTC 2008 -

- phpMyAdmin tries to access non-existing print.css [#307966]

Sat Mar  1 23:34:52 UTC 2008 -

- version 2.11.5
- sf#1862661 [GUI] Warn about rename deleting database
- sf#1866041 [interface] Incorrect sorting with AS
- sf#1871038 [import] Notice: undefined variable first_sql_delimiter
- sf#1873110 [export] Problem exporting with a LIMIT clause
- sf#1871164 [GUI] Empty and navigation frame synch.
- sf#1873188 [GUI] Making db pager work when js is disabled,
  thanks to Jürgen Wind - windkiel
- sf#1875010 [auth] MySQL server and client version mismatch
  (mysql ext.)
- sf#1879031 [transform] dateformat transformation
  and UNIX timestamps, thanks to Tim Steiner - spam38
- bug [import] Do not verify a missing enclosing character for CSV,
  because files generated by Excel don't have any enclosing character
- sf#1799691 [export] "Propose table structure" and Export
- sf#1884911 [GUI] Space usage
- sf#1863326 [GUI] Wrong error message / no edit (Suhosin)
- sf#1887204 [GUI] Order columns in result list messing up query
- sf#1893538 [GUI] Display issues on Opera 9.50,
  thanks to Jürgen Wind - windkiel
- bug [GUI] Do not display the database name used by the
  previous user, thanks to Ronny Görner
- bug [security] Remove cookies from Array for better coexistence with
  other applications, thanks to Richard Cunningham. See PMASA-2008-1.

Sun Jan 13 11:02:14 UTC 2008 -

- do not BuildRequire apache2-devel libapr-util1-devel pcre-devel
- PreReq coreutils sed and grep
- update to version 2.11.4
- sf#1843428 [GUI] Space issue with DROP/DELETE/ALTER TABLE
- sf#1807816 [search] regular expression search doesn't work with
- sf#1843463 [GUI] DROP PROCEDURE does not show alert
- sf#1835904 [GUI] Back link after a SQL error forgets the query
- sf#1835654 [core] wrong escaping when using double quotes
- sf#1817612 [cookies] Wrong cookie path on IIS with PHP-CGI,
  thanks to Carsten Wiedmann
- sf#1848889 [export] export trigger should use
- sf#1851833 [display] Sorting forgets an explicit LIMIT
  (fix for sorting on column headers)
- sf#1764182 [cookies] Suhosin cookie encryption breaks phpMyAdmin
- sf#1798786 [import] Wrong error when a string contains semicolon
- sf#1813508 [login] Missing parameter: field after re-login
- sf#1710144 [parser] Space after COUNT breaks Export but not Query
- sf#1783620 [parser] Subquery results without "as" are ignored
- sf#1821264 [display] MaxTableList and INFORMATION_SCHEMA
- sf#1859460 [display] Operations and many databases
- sf#1814679 [display] Database selection pagination when
  switching servers
- sf#1861717 [export] CSV Escape character not exported right,
  thanks to nicolasdigraf
- sf#1864468 [display] Theme does not switch to darkblue_orange
- sf#1847409 [security] Path disclosure on
  thanks to Jürgen Wind - windkiel

Wed Aug 22 12:36:22 UTC 2007 -

- 2.11.0-rc1 -> 2.11.0 final
- mod_php_any is enough to get a webserver do not explicitly require apache2
- update phpmyadmin.conf adding the session save path to open_basedir as well
  ensuring some additional and possible conflicting php settings are set the way we want

Mon Aug  6 21:59:16 UTC 2007 -

- updated to version 2.11.0-rc1

Mon Jul 30 11:38:44 UTC 2007 -

- updated to version 2.11.0-beta1
  + [import] support handling of DELIMITER to mimic mysql CLI, thanks to fb1
  + improved PHP 6 compatibility
  - sf#1674914 [structure] changing definition of a TIMESTAMP field
  - sf#1615530 [upload] added more specific error message if field upload fails
  - sf#1627210, #1083301, #1482401 [data] warning on duplicate indexes
  - sf#1668724 JavaScript focus login Opera
  - sf#1666657 [auth] Cookie password delete on timeout / inactivity
  - sf#1648802 different mysql library and server version
  - sf#1662976 [auth] Authentication fails when controluser/pass is set
  - sf#1643758 [import] Error #1264 importing NULL values in MySQL 5.0
  - sf#1523747 [innodb] make warning about row count more visible
  - sf#1676012 [auth] strip non-US-ASCII characters (RFC2616)
  - sf#1679440 Added FAQ entry about header errors under IIS caused by
  an end-of-line character
  - [gui] avoid displaying a wide selector in server selection
  - sf#1614004 [relation] foreign key spanning multiple columns are
  incorrectly displayed
  - sf#1681598 [interface] Edit next row
  - sf#1688053 [export] Wrong export of binary character fields
  - sf#1498281 [parser] Wrong primary key used for displaying results
  with subquery
  - sf#1699772 Visual space bug in table name (in browser)
  - sf#1699532 Cause of data manipulation issues: implemented changes
  as suggested by crisp_; still have to work on updating an ENUM value
  + [doc] changed all documentation in to phpDocumentor style
  + [data] support for CREATE VIEW from query results
  + [gui] dropped css/ folder and moved into root of PMA
  + [l10n] new: Sinhala, Macedonian
  + [export] YAML export (see, thanks to Bryce Thornton
  + [server] improved display of binary logs
  + [data] better error handling in tbl_create.php
  + [routines] from Patch #1649881, thanks to Mike Beck
  + [querywindow] store sql history in session
  + [querywindow] sql history now without db too
  + [querywindow] tweaks in sql history view
  + [export] Native Excel (Spreadsheet_Excel_Writer) improvements,
  thanks to Christian Schmidt
  + [doc] requirement of mcrypt on 64-bit, thanks to Isaac Bennetch
  + RFE #1435922 [gui] navigation frame shows listing of databases when none selected
  + [data] support BIT datatype (under mysqli), thanks to Christian Schmidt
  + [display] automatic confirmation for sort by key, thanks to Juergen Wind
  + [data] can now choose the number of insert rows
  + RFE #1704779 [gui] link documentation from login page
  + [structure] TRIGGERS: display/edit/drop/SQL export
  + [browse] store browse state in session per query
  + [gui] Insert/Edit: no longer display the Go button each 15 lines
  but just at the end of a row
  + [gui] Query window: use verbose server name if any
  + [auth] sf#1712514 specify host for single signon, thanks to Thierry
  + [gui] Navigator for the db list in the navigation panel
  + [gui] Navigator for the table list in the content panel
  - sf#1727138 HTML not encoded (more than 1000 characters)
  + [display] Support for MySQL 5.0.37 profiling
  + RFE #1743983 [gui] Replace $max_characters by a configurable param:
  - sf#1746186 LeftLogoLink fails if set to some external site
  . [transformations]: remove "auto-detect" MIME-type that was never implemented
  + [display] sf#1749705, Allow multibyte characters in number formatting,
  thanks to garas
  - sf#1747215 Export emits blanks at line ends
  - sf#1751172 Do not export data when exporting a single VIEW
  + [privileges] Support password hashing on the Edit Privileges interface
  - sf#1755339 Warn about rename dataase actually being copy/delete
  - sf#1746921 Left frame shrinks on db change, thanks to Juergen Wind
  + [gui] Export: Select All/Unselect All over the choices,
  thanks to Florian Schmitz

Wed Jul 25 14:31:02 UTC 2007 -

- updated to version 2.10.3
  - sf#1734285 Copy database with VIEWs
  - sf#1722502 DROP TABLE in export VIEW
  - sf#1729027 Sorting results of VIEW browsing
  - sf#1733012 Unwanted table alias in delete button
  - sf#1736405 Pretty printer and HTML line breaks
  - sf#1745257 Invalid DB name is still displayed
  - sf#1730367 Calendar "Go" has no effect
  - sf#1748633 Incorrect parameter validation for VIEWs
  + [lang] Russian revision, thanks to Victor Volkov and the users
  - Do not try to delete an internal relation if we just deleted
  an InnoDB one

Tue Jun 19 03:39:00 UTC 2007 -

- updated to version 2.10.2
  + [data] display all warnings, not only last one
  - typo in fix for sf#1671813
  - sf#1714908 Inserted Row Count is wrong
  - sf#1712570 Deleting last record freezes
  - sf#1717339 Missing header when deleting a checked column,
  thanks to Michael Keck
  - sf#1717477 Warning on Query page when db is empty
  - sf#1721002 db rename -> undefined cfgRelation,
  thanks to Jürgen Wind
  - sf#1721571 CREATE database privilege not always detected,
  thanks to Gordon McNaughton
  - sf#1715709 export in SQL format always includes procedures
  and functions
  - sf#1722502 DROP TABLE in export view structure
  - sf#1718787 Multi-server setup breaks Designer
  - sf#1724401 Column truncation in repair table output
  - sf#1726500 Wrong position of , thanks to Jürgen Wind
  - sf#1728590 Detected failing session_start fails,
  thanks to Jürgen Wind
  - RFE #1714760 Obey ShowCreateDb on the Databases tab
  - sf#1733762 Typo in message "INSERT DELAY",
  thanks to Victor Volkov
  - sf#1730171 Dead message strLanguageFileNotFound,
  thanks to Victor Volkov
  - sf#1731280 Avoid negative exponent in gmp_pow(),
  thanks to anosek

Tue Jun 12 21:48:10 UTC 2007 -

- updated to version 2.10.2-rc1
  + [data] display all warnings, not only last one
  - typo in fix for sf#1671813
  - sf#1714908 Inserted Row Count is wrong
  - sf#1712570 Deleting last record freezes
  - sf#1717339 Missing header when deleting a checked column,
  thanks to Michael Keck
  - sf#1717477 Warning on Query page when db is empty
  - sf#1721002 db rename -> undefined cfgRelation, thanks to Jürgen Wind
  - sf#1721571 CREATE database privilege not always detected,
  thanks to Gordon McNaughton
  - sf#1715709 export in SQL format always includes procedures and functions
  - sf#1722502 DROP TABLE in export view structure
  - sf#1718787 Multi-server setup breaks Designer
  - sf#1724401 Column truncation in repair table output
  - sf#1726500 Wrong position of </tbody>, thanks to Jürgen Wind
  - sf#1728590 Detected failing session_start fails, thanks to Jürgen Wind
  - RFE #1714760 Obey ShowCreateDb on the Databases tab

Tue Jun  5 00:56:30 UTC 2007 -

- fixed warning: gmp_pow(): Negative exponent not supported in
  common.lib.php [#271746] (gmp_pow.patch)

Tue Apr 24 08:46:01 UTC 2007 -

- updated to version 2.10.1
  * bugfix release

Tue Mar  6 16:34:13 UTC 2007 -

- updated to version
  * default value for $cfg['Servers'][$i]['ssl'] changed to false
  * fixes PHP Executor Deep Recursion Stack Overflow [#251757]

Wed Feb 28 14:16:10 UTC 2007 -

- updated to version 2.10.0
  * Designer: new graphical relation manager
  * Improved speed on servers with thousands of databases/tables
  * Vertical field editor (optional)
  * Option to avoid counting rows for views
  * Calendar on search page
  * DOS-style end-of-lines in setup-generated files

Wed Jan 17 12:14:04 UTC 2007 -

- updated to version 2.9.2
  * improved support for web clusters
  * deleting a user under MySQL 4.1.x
  * DELIMITER in export no longer commented out
  * export of query results and procedure definitions
  * detection of a binary column
  * problem on 64-bit systems
  * granting all privileges on a wildcard name
  * verification on encrypted zip files
  * security fixes

Sat Dec  2 21:16:07 UTC 2006 -

- fix previous update which wrongly moved the
  file to the libraries subdirectory [#223721]

Thu Nov 23 16:01:59 UTC 2006 -

- security update to version [#222594] [#222622]

Wed Nov  8 04:04:15 UTC 2006 -

- added suggestions from [#216213]
  * phpMyAdmin now uses mysqli extension not mysql (mysqli.patch)
  * added Required: php5-mbstring
  * phpMyAdmin now uses open_basedir for increased security

Tue Oct 17 15:25:56 UTC 2006 -

- updated to
  * Improved readability of setup panels
  * PDF schema: automatic layout for InnoDB
  * Font size selector on main page
  * Export: support for procedures and functions
  * Can hide "Create Database" dialog
  * Customizable link under left logo
  * Export: "Open Document Text", "Open Document spreadsheet" formats
  * Export: new plugin architecture
  * User management: can create a db with the same name as created user
  * Use IEC binary units (KiB, MiB, ...)
  * Import: SQL compatibility selector
  * Possibility of using external authentication and use an empty MySQL password
  * Display MySQL warnings
  * Links to language-specific MySQL doc whenever possible
  * Security fixes

Thu Sep 21 06:18:48 UTC 2006 -

- updated to 2.9.0
  * Improved readability of setup panels
  * PDF schema: automatic layout for InnoDB
  * Font size selector on main page
  * Export: support for procedures and functions
  * Can hide "Create Database" dialog
  * Customizable link under left logo
  * Export: "Open Document Text", "Open Document spreadsheet"
  * Export: new plugin architecture
  * User management: can create a db with the same name as created
  * Use IEC binary units (KiB, MiB, ...)
  * Import: SQL compatibility selector
  * Possibility of using external authentication and use an empty
  MySQL password
  * Display MySQL warnings
  * Links to language-specific MySQL doc whenever possible

Wed Aug 23 21:06:46 UTC 2006 -

- updated to
  * fixed cookie login on IIS with IE6
  * fixed switching from scripts/setup.php to the main script
  in case of register_globals enabled

Tue Aug 15 20:48:22 UTC 2006 -

- update to
  * fixed config not loaded on install (MySQL error code 2002
  or 2003)

Thu Aug  3 18:53:02 UTC 2006 -

- update to
  * XSS vulnerability from requests not containing a token
  * reenabled XML option in Export
  * added a user with password containing a backslash
  * setup script: compatibility with security tokens
  * setup script: detection of writable config
  * reading the database list with MySQL wildcards

Thu Jun  1 12:57:37 UTC 2006 -

- updated to 2.8.1 (bugfix-only release) [#177091]
  * fixes some XSS vulnerabilities
- removed obsoleted patches (2006-1804.patch, 2006-2031.patch)

Tue May  2 17:32:14 UTC 2006 -

- fixed XSS in error messages
  [#170529] (CVE-2006-2031.patch)

Thu Apr 20 16:02:37 UTC 2006 -

- fixed XSS in sql.php (and other scripts): add a secret token to
  each link and form to prevent linking to sql.php from outside
  [#165772] (CVE-2006-1804)

Thu Apr 13 14:52:47 UTC 2006 -

- updated to
  * fixes some XSS vulnerabilities
  * improves php-5.1.2 compatibility
- moved $cfg['blowfish_secret'] to separate file, so that
  isn't edited during install

Wed Jan 25 20:19:55 UTC 2006 -

- converted neededforbuild to BuildRequires

Tue Jan 17 16:53:13 UTC 2006 -

- added php-session to Requires [#137368]

Thu Jan  5 01:41:48 UTC 2006 -

- update to version 2.7.0-pl2 (security fixes)
  [#136015, 137368, 137797]
- removed all patches

Tue Nov 22 19:00:46 UTC 2005 -

- fixed XSS on HTTP_HOST (HTTP_HOST.patch) [#133818]

Mon Nov 21 21:04:25 UTC 2005 -

- update to version 2.6.4-pl4
  * fixes PMASA-2005-6 [#133818] (PMASA-2005-6.patch)
- removed obsoleted patches: CVE-2005-2869.patch, PMASA-2005-4_and_5.patch,

Mon Nov 14 15:26:43 UTC 2005 -

- fixed CVE-2005-2869 (XSS on the cookie-based login panel)
  [#130226] (CVE-2005-2869.patch)

Tue Nov  1 12:26:05 UTC 2005 -

- fixed PMASA-2005-4 and PMASA-2005-5 [#130226] (PMASA-2005-4_and_5.patch)

Tue Aug 23 19:55:32 UTC 2005 -

- disabled auto-switch the lang to its UTF-8 version when Lang is set

Thu Jul 28 03:26:13 UTC 2005 -

- update to 2.6.3-pl1

Mon Jun  6 19:38:14 UTC 2005 -

- update to 2.6.2-pl1

Tue Mar  8 01:35:42 UTC 2005 -

- generate shorter key to make it work with mcrypt, see

Fri Mar  4 15:58:09 UTC 2005 -

- update to pl3, it includes previous fix and fixes editing fields with special names (sf#70864)

Thu Mar  3 05:33:39 UTC 2005 -

- fix bad setting of privileges (sf#67276)

Tue Mar  1 18:25:09 UTC 2005 -

- depend on mod_php_any

Thu Feb 24 12:47:49 UTC 2005 -

- update to 2.6.1-p2 to fix several vulnerabilities (sf#66264)

Wed Feb  9 12:08:38 UTC 2005 -

- depend on unversioned php modules, to allow both php4 and php5 installation

Mon Jan 24 17:11:01 UTC 2005 -

- update to 2.6.1
- require php4-mcrypt for faster cookie encryption

Wed Oct 13 10:27:49 UTC 2004 -

- update to 2.6.0-pl2 (sf#47160)
- require php4-iconv as it seems to be on all arches now (sf#36642)

Tue Oct  5 13:52:43 UTC 2004 -

- drop php4-recode dependency (sf#46817)

Mon Sep  6 04:07:57 UTC 2004 -

- update to 2.6.0-rc2

Fri Sep  3 08:17:25 UTC 2004 -

- update to 2.6.0-rc1
- use pwgen for secret generating
- don't ship scripts, as they're not needed for most users

Tue Apr 27 19:17:52 UTC 2004 -

- build using apache2

Wed Mar 31 15:33:40 UTC 2004 -

- require php4-recode for charset conversion (better solution for bugs
  [#36642] and #36560)

Mon Mar 22 09:15:44 UTC 2004 -

- dropped php-4iconv dependency at all (sf#36642)

Fri Mar 19 15:34:42 UTC 2004 -

- do not require php4-iconv on achitectures where it isn't built (sf#36560)

Mon Mar  8 10:37:50 UTC 2004 -

- require all needed php modules

Mon Mar  1 09:16:37 UTC 2004 -

- update to 2.5.6

Mon Jan  5 16:29:39 UTC 2004 -

- updated to 2.5.5-pl1

Mon Oct 20 07:30:55 UTC 2003 -

- updated to 2.5.4

Thu Oct 16 14:52:30 UTC 2003 -

- do not build as root
- little spec file cleanup

Tue Sep  9 00:29:29 UTC 2003 -

- automatically generate blowfish_secret on rpm installation
- mark config file as %%config(noreplace) (this in conjuction with
  previous means that it will be never replaced on upgrade, this is
  okay as phpMyAdmin supports loading of old config files)

Mon Sep  8 11:19:25 UTC 2003 -

- updated to 2.5.3:
    - many bugs fixed
        - messages about missing variables were displayed wrongly
        - more export bugs
        - confirmation of some dangerous SQL (TRUNCATE,DROP DATABASE)
    - new nice icons for actions

Thu Sep  4 12:46:38 UTC 2003 -

- include documentation stylesheet

Fri Aug 29 19:27:03 UTC 2003 -

- depend on mod_php rather that http_daemon as this needs php

Thu Aug 28 13:56:05 UTC 2003 -

- include stylesheets

Thu Aug  7 01:51:18 UTC 2003 -

- updated to 2.5.2-pl1

Mon Mar 24 21:57:02 UTC 2003 -

- removed mysql from Requires, becouse can access to MySQL remotely [#25797]

Mon Feb 24 10:17:25 UTC 2003 -

- updated to verison 2.4.0
  * new server/user management interface with sub-pages
  * export to LaTeX format
  * display UPDATE SQL statement after a row edit
  * (experimental) support for compressed connections to the MySQL server
  * upload of binary file into a field
  * show blob size
  * a lot of fixes

Wed Jan 29 19:43:40 UTC 2003 -

- updated to version 2.3.3pl1
  * upload of compressed dumps
  * inform the user who does not have privileges to create a db
  * new internal analyzer for db, table, column and alias
  * a lot of fixes

Mon Aug 12 10:03:41 UTC 2002 -

- update to release 2.3.0

Fri Aug  2 19:59:10 UTC 2002 -

- adapt server-root

Thu Aug  1 14:48:47 UTC 2002 -

- fixed required perl path

Wed Jul 31 22:38:40 UTC 2002 -

- update to version 2.3.0-rc4
  * can specify a different charset for MySQL and HTML
  * utf-8 charset support
  * full database search
  * XML export
  * faster table delete under MySQL 4
  * new language: slovenian
  * fixes

Mon Jul  1 05:53:47 UTC 2002 -

- fixed directory permissions

Thu Jan 10 12:09:07 UTC 2002 -

- update to version 2.2.3

Tue Sep  4 10:23:05 UTC 2001 -

- update to version 2.2.0 final
  - dynamic multiple language support, with automatic detection
  - database usage statistics
  - table maintenance features (repair, check, optimize)
- made package noarch

Thu Aug  2 23:51:57 UTC 2001 -

- update to version 2.2.0rc3

Mon Jun 18 09:49:14 UTC 2001 -

- initial package release (version 2.1.0)