Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE
phpMyAdmin.17845
phpMyAdmin.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File phpMyAdmin.changes of Package phpMyAdmin.17845
------------------------------------------------------------------- Wed Feb 8 07:23:38 UTC 2023 - ecsos <ecsos@opensuse.org> - Update to 5.2.1 This is a security and bufix release. * Security - Fix (PMASA-2023-01, CWE-661, boo#1208186, CVE-2023-25727) Fix an XSS attack through the drag-and-drop upload feature. * Bugfix - issue #17522 Fix case where the routes cache file is invalid - issue #17506 Fix error when configuring 2FA without XMLWriter or Imagick - issue Fix blank page when some error occurs - issue #17519 Fix Export pages not working in certain conditions - issue #17496 Fix error in table operation page when partitions are broken - issue #17386 Fix system memory and system swap values on Windows - issue #17517 Fix Database Server panel not getting hidden by ShowServerInfo configuration directive - issue #17271 Fix database names not showing on Processes tab - issue #17424 Fix export limit size calculation - issue #17366 Fix refresh rate popup on Monitor page - issue #17577 Fix monitor charts size on RTL languages - issue #17121 Fix password_hash function incorrectly adding single quotes to password before hashing - issue #17586 Fix statistics not showing for empty databases - issue #17592 Clicking on the New index link on the sidebar does not throw an error anymore - issue #17584 It's now possible to browse a database that includes two % in its name - issue Fix PHP 8.2 deprecated string interpolation syntax - issue Some languages are now correctly detected from the HTTP header - issue #17617 Sorting is correctly remembered when $cfg['RememberSorting'] is true - issue #17593 Table filtering now works when action buttons are on the right side of the row - issue #17388 Find and Replace using regex now makes a valid query if no matching result set found - issue #17551 Enum/Set editor will not fail to open when creating a new column - issue #17659 Fix error when a database group is named tables, views, functions, procedures or events - issue #17673 Allow empty values to be inserted into columns - issue #17620 Fix error handling at phpMyAdmin startup for the JS SQL console - issue Fixed debug queries console broken UI for query time and group count - issue Fixed escaping of SQL query and errors for the debug console - issue Fix console toolbar UI when the bookmark feature is disabled and sql debug is enabled - issue #17543 Fix JS error on saving a new designer page - issue #17546 Fix JS error after using save as and open page operation on the designer - issue Fix PHP warning on GIS visualization when there is only one GIS column - issue #17728 Some select HTML tags will now have the correct UI style - issue #17734 PHP deprecations will only be shown when in a development environment - issue #17369 Fix server error when blowfish_secret is not exactly 32 bytes long - issue #17736 Add utf8mb3 as an alias of utf8 on the charset description page - issue #16418 Fix FAQ 1.44 about manually removing vendor folders - issue #12359 Setup page now sends the Content-Security-Policy headers - issue #17747 The Column Visibility Toggle will not be hidden by other elements - issue #17756 Edit/Copy/Delete row now works when using GROUP BY - issue #17248 Support the UUID data type for MariaDB >= 10.7 - issue #17656 Fix replace/change/set table prefix is not working - issue Fix monitor page filter queries only filtering the first row - issue Fix "Link not found!" on foreign columns for tables having no char column to show - issue #17390 Fix "Create view" modal doesn't show on results and empty results - issue #17772 Fix wrong styles for add button from central columns - issue #17389 Fix HTML disappears when exporting settings to browser's storage - issue #17166 Fix "Warning: #1287 'X' is deprecated [...] Please use ST_X instead." on search page - issue Use jquery-migrate.min.js (14KB) instead of jquery-migrate.min.js (31KB) - issue #17842 Use jquery.validate.min.js (24 KB) instead of jquery.validate.js (50 KB) - issue #17281 Fix links to databases for information_schema.SCHEMATA - issue #17553 Fix Metro theme unreadable links above navigation tree - issue #17553 Metro theme UI fixes and improvements - issue #17553 Fix Metro theme login form with - issue #16042 Exported gzip file of database has first ~73 kB uncompressed and rest is gzip compressed in Firefox - issue #17705 Fix inline SQL query edit FK checkbox preventing submit buttons from working - issue #17777 Fix Uncaught TypeError: Cannot read properties of null (reading 'inline') on datepickers when re-opened - issue Fix Original theme buttons style and login form width - issue #17892 Fix closing index edit modal and reopening causes it to fire twice - issue #17606 Fix preview SQL modal not working inside "Add Index" modal - issue Fix PHP error on adding new column on create table form - issue #17482 Default to "Full texts" when running explain statements - issue Fixed Chrome scrolling performance issue on a textarea of an "export as text" page - issue #17703 Fix datepicker appears on all fields, not just date - issue Fix space in the tree line when a DB is expanded - issue #17340 Fix "New Table" page -> "VIRTUAL" attribute is lost when adding a new column - issue #17446 Fix missing option for STORED virtual column on MySQL and PERSISTENT is not supported on MySQL - issue #17446 Lower the check for virtual columns to MySQL>=5.7.6 nothing is supported on 5.7.5 - issue Fix column names option for CSV Export - issue #17177 Fix preview SQL when reordering columns doesn't work on move columns - issue #15887 Fixed DROP TABLE errors ignored on multi table select for DROP - issue #17944 Fix unable to create a view from tree view button - issue #17927 Fix key navigation between select inputs (drop an old Firefox workaround) - issue #17967 Fix missing icon for collapse all button - issue #18006 Fixed UUID columns can't be moved - issue Add `spellcheck="false"` to all password fields and some text fields to avoid spell-jacking data leaks - issue Remove non working "Analyze Explain at MariaDB.org" button (MariaDB stopped this service) - issue #17229 Add support for Web Authentication API because Chrome removed support for the U2F API - issue #18019 Fix "Call to a member function fetchAssoc() on bool" with SQL mode ONLY_FULL_GROUP_BY on monitor search logs - issue Add back UUID and UUID_SHORT to functions on MySQL and all MariaDB versions - issue #17398 Fix clicking on JSON columns triggers update query - issue Fix silent JSON parse error on upload progress - issue #17833 Fix "Add Parameter" button not working for Add Routine Screen - issue #17365 Fixed "Uncaught Error: regexp too big" on server status variables page - Rebase phpMyAdmin-config.patch. ------------------------------------------------------------------- Wed Jul 13 20:01:20 UTC 2022 - chris@computersalat.de - update changes file * fix missing bugzilla information ------------------------------------------------------------------- Thu May 12 13:11:56 UTC 2022 - ecsos <ecsos@opensuse.org> - Update to 5.2.0 * Bugfix - issue #16521 Upgrade Bootstrap to version 5 - issue #16521 Drop support for Internet Explorer and others - issue Upgrade to shapefile 3 - issue #16555 Bump minimum PHP version to 7.2 - issue Remove the phpseclib dependency - issue Upgrade Symfony components to version 5.2 - issue Upgrade to Motranslator 4 - issue #16005 Improve the performance of the Export logic - issue #16829 Add NOT LIKE %...% operator to Table search - issue #16845 Fixed some links not passing through url.php - issue #16382 Remove apc upload progress method (all upload progress code was removed from the PHP extension) - issue #16974 Replace zxcvbn by zxcvbn-ts - issue #15691 Disable the last column checkbox in the column list dropdown instead of not allowing un-check - issue #16138 Ignore the length of integer types and show a warning on MySQL >= 8.0.18 - issue Add support for the Mroonga engine - issue Double click column name to directly copy to clipboard - issue #16425 Add DELETE FROM table on table operations page - issue #16482 Add a select all link for table-specific privileges - issue #14276 Add support for account locking - issue #17143 Use composer/ca-bundle to manage the CA cert file - issue #17143 Require the openssl PHP extension - issue #17171 Remove the printview.css file from themes - issue #17203 Redesign the export and the import pages - issue #16197 Replace the master/slave terminology - issue #17257 Replace libraries/vendor_config.php constants with an array - issue Add the Bootstrap theme - issue #17499 Remove stickyfilljs JavaScript dependency - Rebase phpMyAdmin-config.patch. ------------------------------------------------------------------- Fri Feb 11 13:09:01 UTC 2022 - ecsos <ecsos@opensuse.org> - Update to 5.1.3 This is a security and bufix release. * Security - Fix for boo#1197036 (CVE-2022-0813) - Fix for path disclosure under certain server configurations (if display_errors is on, for instance) * Bugfix - issue #17308 Fix broken pagination links in the navigation sidebar - issue #17331 Fix MariaDB has no support for system variable "disabled_storage_engines" - issue #17315 Fix unsupported operand types in Results.php when running "SHOW PROCESSLIST" SQL query - issue #17288 Fixed importing browser settings question box after login when having no pmadb - issue #17288 Fix "First day of calendar" user override has no effect - issue #17239 Fixed repeating headers are not working - issue #17298 Fixed import of email-adresses or links from ODS results in empty contents - issue #17344 Fixed a type error on ODS import with non string values - issue #17239 Fixed header row show/hide columns buttons on each line after hover are shown on each row ------------------------------------------------------------------- Sat Jan 22 09:39:12 UTC 2022 - ecsos <ecsos@opensuse.org> - Update to 5.1.2 This is a security and bufix release. * Security - Fix boo#1195017 (CVE-2022-23807, PMASA-2022-1, CWE-661) Two factor authentication bypass - Fix boo#1195018 (CVE-2022-23808, PMASA-2022-2, CWE-661) Multiple XSS and HTML injection attacks in setup script * Bugfixes - Revert a changed to $cfg['CharTextareaRows'] allow values less than 7 - Fix encoding of enum and set values on edit value - Fixed possible "Undefined index: clause_is_unique" error - Fixed some situations where a user is logged out when working with more than one server - Fixed a problem with assigning privileges to a user using the multiselect list when the database name has an underscore - Enable cookie parameter "SameSite" when the PHP version is 7.3 or newer - Correctly handle the removal of "innodb_file_format" in MariaDB and MySQL ------------------------------------------------------------------- Sat Jun 5 10:33:05 UTC 2021 - ecsos <ecsos@opensuse.org> - Update to 5.1.1 - Fixes for several PHP errors - Fixes for "$cfg['DefaultTabDatabase']" and other related configuration directives not working properly - Fix Yaml export to quote strings even when they are numeric - Fix TCPDF open_basedir issue due to internal guessing code from TCPDF - Fix for quick search not working when using more than one configured server Fix datetime decimals displayed (.00000) after edit - Fix new lines in text fields are doubled - Fixed URL generation by removing un-needed & escaping for & char - Improvements for working with PHP 8.1 - Improved handling of adding a new user with the Percona database server For a detail changelog see: https://demo.phpmyadmin.net/master-config/index.php?route=/changelog ------------------------------------------------------------------- Fri Feb 26 10:11:28 UTC 2021 - ecsos <ecsos@opensuse.org> - Update to 5.1.0 - issue #15350 Change Media (MIME) type references to Media type - issue #15377 Add a request router - issue Automatically focus input in the two-factor authentication window - issue #15509 Replace gender-specific pronouns with gender-neutral pronouns - issue #15491 Improve complexity of generated passwords - issue #14909 Add a configuration option to define the 1st day of week - issue #12726 Made user names clickable in user accounts overview - issue #15729 Improve virtuality dropdown for MariaDB > 10.1 - issue #15312 Added an option to perform ALTER ONLINE (ALGORITHM=INPLACE) when editing a table structure - issue Added missing 'IF EXISTS' to 'DROP EVENT' when exporting databases - issue #15232 Improve the padding in query result tool links - issue #15064 Support exporting raw SQL queries - issue #15555 Added ip2long transformation - issue #15194 Fixed horizontal scroll on structure edit page - issue #14820 Move table hide buttons in navigation to avoid hiding a table by mistake - issue #14947 Use correct MySQL version if the version is 8.0 or above for documentation links - issue #15790 Use "MariaDB Documentation" instead of "MySQL Documentation" on a MariaDB server - issue #15880 Change "Show Query" link to a button - issue #13371 Automatically toggle the radio button to "Create a page and save it" on Designer - issue #12969 Tap and hold will not dismiss the error box anymore, you can now copy the error - issue #15582 Don't disable "Empty" table button after clicking it - issue #15662 Stay on the structure page after editing/adding/dropping indexes - issue #15663 show structure after adding a column - issue #16005 Remove symfony/yaml dependency - issue #16005 Improve performance of dependency injection system by removing yaml parsing - issue #15447 Disable phpMyAdmin storage database checkbox on databases list - issue #16001 Add autocomplete attributes on login form - issue #13519 Add "Preview SQL" option on Index dialog box when creating a new table - issue #15954 Fixed export maximal length of created query input is too small - issue Redesign the server status advisor page - issue #13124 Use same height for SQL query textarea and Columns select in SQL page - issue #16005 Add a new vendor constant "CACHE_DIR" that defaults to "libraries/cache/" and store routing cache into this folder - issue #16005 Warm-up the routing cache before building the release - issue #16005 Use --optimize-autoloader when installing composer vendors before building the release - issue #15992 Add back the table name to the printable version on "Structure" page - issue #14815 Allow simplifying exported view syntax to only "CREATE VIEW" - issue #15496 Add $cfg['CaptchaSiteVerifyURL'] for Google ReCaptcha siteVerifyUrl - issue #14772 Add the password_hash PHP function as an option when inserting data - issue #15136 Add a notice for Hex converter giving invalid results - issue #16139 Use a textarea for JSON columns - issue #16223 Make JSON input transformation editor less narrow - issue #14340 Add a button on Export Page to show the SQL Query - issue #16304 Add support for INET6 column type - issue #16337 Fix example insert/update query default values - issue #12961 Remove indexes from table relation - issue #13557 Use a full list of functions instead of a separated one on insert/edit page "Function" selector - issue #14795 Include routines in the export in a predictable order - issue #16227 Fixed autocomplete is not working in case the table name is quoted by "`" symbols - issue #15463 Force BINARY comparison when looking at privileges to avoid an SQL error on privileges tab - issue #16430 Fixed Windows error message uses trailing / instead of \ - issue #16316 Added support for "SameSite=Strict" on cookies using configuration "$cfg['CookieSameSite']" - issue #16451 Fixed AWS RDS IAM authentication doesn't work because pma_password is truncated - issue #16451 Show an error message when the security limit is reached instead of silently trimming the password to avoid confusion - issue #15001 Add back Login Cookie Validity setting to the features form - issue #16457 Add config parameters to support third-party ReCaptcha v2 compatible APIs like hCaptcha - issue #13077 Moved tools section to left on large devices (Bootstrap xl) - issue #15711 Moved some buttons to left on large devices (Bootstrap xl) - issue #15584 Add $cfg['MysqlSslWarningSafeHosts'] to set the red text black when ssl is not used on a private network - issue #15652 Replace deprecated FOUND_ROWS() function call on "distinct values" feature - issue Export blobs as hex on JSON export - issue #16095 Fix leading space not shown in a CHAR column when browsing a table - issue Make procedures/functions SQL editor both side scrollable - issue #16407 Bump pragmarx/google2fa conflict to >8.0 - issue #14953 Added a rename Button to use RENAME INDEX syntax of MySQL 5.7 (and MariaDB >= 10.5.2) - issue #16477 Fixed no Option to enter TABLE specific permissions when the database name contains an "_" (underscore) - issue #16498 Fixed empty text not appearing after deleting all Routines - issue #16467 Fixed a PHP notice "Trying to access array offset on value of type null" on Designer PDF export - issue #15658 Fixed saving UI displayed columns on a non database request fails - issue #16495 Fix drop tables checkbox is above the checkbox for foreign keys - issue #16485 Fix visual query builder missing "Build Query" button - issue #16565 Added 'IF EXISTS' to 'DROP EVENT' when updating events to avoid replication issues - issue Removed metro fonts that where Apache-2.0 files that are incompatible with GPL-2.0 - issue #16464 Made the relation view default to the current database when creating relations - issue #16463 Fixed 'REFERENCES' privilege checkbox's title on new MySQL versions and on MariaDB - issue #16405 Added jest as a Unit Testing tool for our javascript code - issue #16252 Fixed the too small font size when editing rows (textareas) - issue #16585 Fixed BLOB to JPG transformation PHP errors - issue Made the console setup async to avoid blocking the page render - issue #16429 Use PHP 8.0 fixed version (commit) for TCPDF - issue #16005 Major performance improvements on browsing a lot of rows - issue #16595 Fixed editing columns having a `_` in their name in specific conditions - issue #16608 Fix "Sort by key" restore auto saved value - issue #16611 Fixed unable to add tables to rename aliases twice on Export - issue #16621 Fixed link HTML messed up in Advisor - issue #16622 Fixed Advisor formatting incorrect for long_query_time notice - issue #15389 Fixed reset current page indicator after deleting all rows to current page and not page 1 - issue #15997 Fixed auto save query - issue #15997 Made auto saved query database or database+table independent - issue #16641 Fixed query generation that was allowing JSON to have a length - issue #15994 Fixed the selected value detection for "on update current_timestamp" - issue #16614 Fixed PHP 8.0 dataseek offset call to the MySQLI extension - issue #16662 Fixed Uncaught TypeError on "delete" button click of a database search results page - issue Fixed Undefined index: selected_usr when the user tried to delete no selected user - issue #16657 Fixed the QBE interface when the configuration storage is not enabled - issue #16479 Fix our Selenium test-suite - issue #16669 Fixed table search modal for BETWEEN - issue #16667 Fixed LIKE and TINYINT in search not working properly - issue #16424 Fixed numerical search in table and zoom - issue Improve the version handling (new Version class) and add a VERSION_SUFFIX for vendors - issue #14494 Fix uncaught TypeError when editing partitioning - issue #16525 Fix PHP 8.0 failing tests when comparing 0 to '' - issue #16429 Fixed PHP 8.0 errors on preg_replace and operand types - issue #16490 Fixed PHP 8.0 function libxml_disable_entity_loader() is deprecated - issue #16429 Fixed failing unit tests on PHP 8.0 - issue #16609 Fixed Sql.rearrangeStickyColumns is not a function - Rebase phpMyAdmin-config.patch. ------------------------------------------------------------------- Tue Dec 22 09:47:19 UTC 2020 - Arjen de Korte <suse+build@de-korte.org> - Use coreutils to generate blowfish secret to reduce dependencies ------------------------------------------------------------------- Tue Dec 15 17:59:14 UTC 2020 - Arjen de Korte <suse+build@de-korte.org> - Attempt to migrate modified configuration file rather than just replacing it by default configuration ------------------------------------------------------------------- Tue Dec 15 07:13:46 UTC 2020 - Arjen de Korte <suse+build@de-korte.org> - The apache subpackage must require the main package, otherwise it will not be uninstalled when the main package is uninstalled ------------------------------------------------------------------- Sun Dec 13 21:31:05 UTC 2020 - Arjen de Korte <suse+build@de-korte.org> - Generate blowfish secret and enable Apache modules/flags only on install - Only empty temporary directory on upgrade/uninstall (not remove) to prevent RPM warnings/errors - Don't empty directories not owned by this package (these should have been cleaned up by previous versions that owned them) ------------------------------------------------------------------- Sun Dec 13 13:06:16 UTC 2020 - Arjen de Korte <suse+build@de-korte.org> - Use %apache_request_restart/%apache_restart_if_needed macros to restart apache in order to prevent unneccessary restarts ------------------------------------------------------------------- Fri Dec 11 16:46:30 UTC 2020 - Arjen de Korte <suse+build@de-korte.org> - Package language files in separately ------------------------------------------------------------------- Fri Dec 11 13:52:52 UTC 2020 - Arjen de Korte <suse+build@de-korte.org> - Put Apache configuration files in separate subpackage - Generate blowfish secret with openssl on non-openSUSE systems as pwgen is not available ------------------------------------------------------------------- Thu Dec 10 21:18:42 UTC 2020 - Arjen de Korte <suse+build@de-korte.org> - Use system apache rpm macros ------------------------------------------------------------------- Mon Nov 9 13:22:27 UTC 2020 - ecsos <ecsos@opensuse.org> - Update to 5.0.4 - issue #16245 Fix failed Zoom search clears existing values - issue Fixed a PHP error when reporting a particular JS error - issue #16326 Fixed latitude and longitude swap for geometries in edit mode - issue #16032 Fix CREATE TABLE not being tracked when auto tracking is enabled - issue #16397 Fix compatibility problems with older PHP versions (also issue #16399) - issue #16396 Fix broken two-factor authentication - Changes from 5.0.3 - https://github.com/phpmyadmin/phpmyadmin/blob/RELEASE_5_0_3/ChangeLog - Changes from 5.0.2 - https://github.com/phpmyadmin/phpmyadmin/blob/RELEASE_5_0_2/ChangeLog - Changes from 5.0.1 - https://github.com/phpmyadmin/phpmyadmin/blob/RELEASE_5_0_1/ChangeLog - Changes from 5.0.0 - https://github.com/phpmyadmin/phpmyadmin/blob/RELEASE_5_0_0/ChangeLog - Set php >= 7.4 as recommends because: Due to changes in the MySQL authentication method, PHP versions prior to 7.4 are unable to authenticate to a MySQL 8.0 or newer server (our tests show the problem actually began with MySQL 8.0.11). This relates to a PHP bug https://bugs.php.net/bug.php?id=76243. - Remove Suggests: php-mcrypt as described in boo#1050980 - Change tmpdir from ap_docroot/tmp to localstatedir/cache/phpMyAdmin. ------------------------------------------------------------------- Fri Oct 16 07:56:11 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de> - phpMyAdmin 4.9.7: * Fix two factor authentication that was broken in 4.9.6 * Fix incompatibilities with older PHP versions ------------------------------------------------------------------- Mon Oct 12 06:25:53 UTC 2020 - ecsos <ecsos@opensuse.org> - Update to 4.9.6 This is a security release. - Fix boo#1177561 (CVE-2020-26934, PMASA-2020-5) XSS relating to the transformation feature - Fix boo#1177562 (CVE-2020-26935, PMASA-2020-6) SQL injection vulnerability in SearchController ------------------------------------------------------------------- Sun May 3 15:22:25 UTC 2020 - chris@computersalat.de - fix for boo#1170743 phpMyAdmin installation wipes it's sysconfig apache_server_flag entry ------------------------------------------------------------------- Sat May 2 10:54:11 UTC 2020 - Arjen de Korte <suse+build@de-korte.org> - Don't expand @FQDN@ from /etc/HOSTNAME (this used to set $cfg['PmaAbsoluteUri'] parameter, but this variable is no longer in the config.sample.ini file) ------------------------------------------------------------------- Thu Apr 23 11:04:19 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org> - Drop python-devel BuildRequires: python2 is EOL and this seems unused. - Drop xz BuildRequires: OBS takes care of unpacking the tarball. ------------------------------------------------------------------- Mon Mar 23 06:40:08 UTC 2020 - ecsos@opensuse.org - Update to 4.9.5 This is a security release containing several bug fixes. * CVE-2020-10804: SQL injection vulnerability in the user accounts page, particularly when changing a password (boo#1167335, PMASA-2020-2) * CVE-2020-10802: SQL injection vulnerability relating to the search feature (boo#1167336, PMASA-2020-3) * CVE-2020-10803: SQL injection and XSS having to do with displaying results (boo#1167337, PMASA-2020-4) * Removing of the "options" field for the external transformation. ------------------------------------------------------------------- Tue Jan 21 21:24:30 UTC 2020 - chris@computersalat.de - fix for boo#1092345 * change ap_docroot from /srv/www/htdocs to /usr/share work is based on changes provided by ecsos@opensuse.org if phpMyAdmin.conf for apache was changed by local admin, we will create a backup and replace the original file with the new version sorry admins, but you need to apply your changes again * needed Alias /phpMyAdmin is an enabled APACHE_SERVER_FLAGS default for more info have a look into /etc/apache2/conf.d/phpMyAdmin.conf - cleanup tmp/twig on * uninstall * ap_docroot change ------------------------------------------------------------------- Wed Jan 8 14:26:20 UTC 2020 - chris@computersalat.de - update to 4.9.4 (2020-01-07) * https://github.com/phpmyadmin/phpmyadmin/blob/RELEASE_4_9_4/ChangeLog - fix for boo#1160456 * PMASA-2020-1 (CVE-2020-5504, CWE-661) https://www.phpmyadmin.net/security/PMASA-2020-1/ - SQL injection in user accounts page - fix changes about corresponding PMASA ------------------------------------------------------------------- Mon Dec 30 15:41:02 UTC 2019 - ecsos@opensuse.org - phpMyAdmin 4.9.3 * Several PHP notices and warnings including "Undefined index table_create_time," a notice about error_reporting() being disabled for security reasons, and several Undefined Index errors. * Support CloudFront-Forwarded-Proto header for Amazon CloudFront proxy * Early compatibility with development versions of PHP 8 * Fix replication actions (start, stop, etc) ------------------------------------------------------------------- Sat Nov 23 09:42:06 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de> - phpMyAdmin 4.9.2: * CVE-2019-18622: SQL injection in Designer feature (PMASA-2019-5, boo#1157614) * Fixes for "Failed to set session cookie" error * Advisor with MySQL 8.0.3 and newer * Fix PHP deprecation errors * Fix a situation where exporting users after a delete query could remove users * Fix incorrect "You do not have privileges to manipulate with the users!" warning * Fix copying a database's privileges and several other problems moving columns with MariaDB * Fix for phpMyAdmin not selecting all the values when using shift-click to select during Export ------------------------------------------------------------------- Sat Sep 21 19:16:35 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de> - phpMyAdmin 4.9.1: * CVE-2019-12922: hardening against CSRF (no PMASA, boo#1150914) * Editing columns with CURRENT_TIMESTAMP for MySQL versions 8.0.13 and newer * Compatibility issues with PHP 8 * Export of GIS visualization * Enhanced descriptions for several collation types * Creating a user with a single quote in the password string * Unexpected quotes during import and export on text fields * Improvements to adding new tables to Designer * Fix an issue where an authenticated user could trigger heavy traffic between the database server and web server * Fix a weakness where an attacker, under certain conditions, working at the same time as an administrator is using the setup script, could delete a server from the setup script ------------------------------------------------------------------- Sun Jun 30 13:05:23 UTC 2019 - chris@computersalat.de - fix changelog * add missing boo# with relation to CVE and PMASA - rebase phpMyAdmin-config.patch ------------------------------------------------------------------- Wed Jun 5 14:43:41 UTC 2019 - ecsos@opensuse.org - phpMyAdmin 4.9.0.1: * Several issues with SYSTEM VERSIONING tables * Fixed json encode error in export * Fixed JavaScript events not activating on input (sql bookmark issue) * Show Designer combo boxes when adding a constraint * Fix edit view * Fixed invalid default value for bit field * Fix several errors relating to GIS data types * Fixed javascript error PMA_messages is not defined * Fixed import XML data with leading zeros * Fixed php notice, added support for 'DELETE HISTORY' table privilege (MariaDB >= 10.3.4) * Fixed MySQL 8.0.0 issues with GIS display * Fixed "Server charset" in "Database server" tab showing wrong information * Fixed can not copy user on Percona Server 5.7 * Updated sql-parser to version 4.3.2, which fixes several parsing and linting problems - fix for boo#1137497 * PMASA-2019-4 (CVE-2019-12616, CWE-661) https://www.phpmyadmin.net/security/PMASA-2019-4/ - CSRF vulnerability in login form - fix for boo#1137496 * PMASA-2019-3 (CVE-2019-11768, CWE-661) https://www.phpmyadmin.net/security/PMASA-2019-3/ - SQL injection in Designer feature ------------------------------------------------------------------- Fri Feb 1 19:10:59 UTC 2019 - andreas.stieger@gmx.de - phpMyAdmin 4.8.5: * CVE-2019-6799: Arbitrary file read vulnerability (PMASA-2019-1, bsc#1123272) * CVE-2019-6798: SQL injection in the Designer interface PMASA-2019-2, bsc#1123271) * Fix rxport to SQL format not available * Fix QR code not shown when adding two-factor authentication to a user account * Fix issue with adding a new user in MySQL 8.0.11 and newer * Fix frozen interface relating to Text_Plain_Sql plugin * Fix missing table level operations tab ------------------------------------------------------------------- Wed Dec 12 10:47:31 UTC 2018 - ecsos@opensuse.org - update to 4.8.4 (2018-12-11) - gh#14452 Remove hash param in edit query URL - gh#14295 Issue in Changing theme - gh#13267 Ensure that database names with '.' are handled properly when DisableIS is true - gh#14438 Invisible Icon "Show Full Queries" - gh#14133 CSS issue in Designer - gh#14447 Error while copying database (pma__column_info) - gh#14571 "No database selected" - DROP a view - gh#14636 Move operation causes SELECT * FROM `undefined` - gh#14630 Enum '0' produces incorrect search SQL - gh#14223 Fix TypeError in database designer - gh#13621 QBE selenium tests broken since merge of #13342 - gh#14672 When logging with $cfg['AuthLog'] to syslog, successful login messages were not logged even if $cfg['AuthLogSuccess'] was true. - gh#14339 Fix infinite loop when sorting table rows by key. - gh#14658 Regression on multi table query functionality (foreign keys) - gh#14617 Fix designer errors when database is empty - gh#13032 Fix designer errors when database contains special chars - gh#14352 Fix designer javascript errors - gh#14764 Fix left/right icons hidden - fix for boo#1119245 - PMASA-2018-6 (CVE-2018-19968, CWE-661) https://www.phpmyadmin.net/security/PMASA-2018-6/ - PMASA-2018-7 (CVE-2018-19969, CWE-661) https://www.phpmyadmin.net/security/PMASA-2018-7/ - PMASA-2018-8 (CVE-2018-19970, CWE-661) https://www.phpmyadmin.net/security/PMASA-2018-8/ ------------------------------------------------------------------- Thu Aug 23 09:18:37 UTC 2018 - ecsos@opensuse.org - update to 4.8.3 (2018-08-22) - gh#14314 Error when naming a database '0' - gh#14333 Fix NULL as default not shown - gh#14229 Fixes issue with recent table list - gh#14045 Fix slow performance on DB structure filtering - gh#14327 Fix Editing server variable not showing save or cancel option - gh#14377 Populate options for view create and edit - gh#14171 2FA configuration fails if PHP doesn't have GD support - gh#14390 Can't unhide tables - gh#14382 "Visualize GIS data" icon missing - gh#14435 Event scheduler status toggle doesn't work - gh#14365 View not working on multiple servers - gh#14207 Partition actions in table structure do not work - gh#14375 Fixes ERR_BLOCKED_BY_XSS_AUDITOR on export table - gh#14552 Blank message shown instead of MySQL error when adding trigger and other locations - gh#14525 Fix PHP 7.3 warning: "continue" in "switch" is equal to "break" - gh#14554 Icon missing when creating a new trigger, routine, and event - gh#14422 Table comment not showing since 4.8.1 - gh#14426 Drop table doesn't work when you copy tables to another database - gh#14581 Escaped HTML in 'Add a new server' setup - gh#14548 [security] HTML injection in import warning messages, see PMASA-2018-5 - fix for boo#1105726 - PMASA-2018-5 (CVE-2018-15605, CWE-661) https://www.phpmyadmin.net/security/PMASA-2018-5/ ------------------------------------------------------------------- Tue Jul 31 21:17:35 UTC 2018 - chris@computersalat.de - fix for boo#1103305 * add missing dependency for php-ctype ------------------------------------------------------------------- Fri Jun 22 15:05:37 UTC 2018 - chris@computersalat.de - update to 4.8.2 (2018-06-21) * issue #14370 WHERE 0 causes Fatal error * issue #14225 Fix missing index icon - fix for boo#1098752 * PMASA-2018-3 (CVE-2018-12581, CWE-661) https://www.phpmyadmin.net/security/PMASA-2018-3/ - XSS in Designer feature - fix for boo#1098751 * PMASA-2018-4 (CVE-2018-12613, CWE-661) https://www.phpmyadmin.net/security/PMASA-2018-4/ - File inclusion and remote code execution attack - some minor changelog fixes about security fix entries ------------------------------------------------------------------- Sat May 26 08:32:00 UTC 2018 - ecsos@opensuse.org - update to 4.8.1 (2018-05-25) * gh#12772 Fix case where the central columns attributes don't get filled in * gh#14049 Fix case where the query builder doesn't work when selected column is * * gh#14029 Revert "Browse" table CSS overflow * gh#14241 Dropping indexes and foreign keys fail * gh#14227 Relational linking broken * gh#14246 Fixed error in configuration storage zero config * gh#14128 Show 2FA Secret next to QR code * gh#14212 XML Export from single table throws fatal error * gh#14239 Line and some other charts ignore result set order of values chosen for the x-axis * gh#14260 Fixed configuration for DefaultLang and Lang * gh#14264 Linking for 'Distinct values' broken * gh#13968 Fix MariaDB 10.2 current_timestamp() * gh#14249 Fix for missing go button in view edit * gh#14125 Fix for issues with spatial fields * gh#14189 Remember table's sorting broken * gh#14289 Fix multi-column sorting * gh#14278 Fix central columns in-line edit bug * gh#14066 Fix AUTO_INCREMENT error when only exporting table structure in database-level exports * gh#13893 Simulating queries produces unexpected results * gh#14309 Setup script icons missing ------------------------------------------------------------------- Fri Apr 20 09:55:08 UTC 2018 - ecsos@opensuse.org - update to 4.8.0.1 (2018-04-19) - fix for boo#1090309 * PMASA-2018-2 (CVE-2018-10188, CWE-661) https://www.phpmyadmin.net/security/PMASA-2018-2/ - Multiple CSRF vulnerabilities ------------------------------------------------------------------- Wed Apr 11 20:02:26 UTC 2018 - ecsos@opensuse.org - fix wrong require /usr/bin/bash to /bin/bash so phpMyAdmin could install - insert missing templates dir in htaccess See https://docs.phpmyadmin.net/de/latest/setup.html#securing-your-phpmyadmin-installation - create tmp dir and insert this in htaccess to fix the errormessage after login ------------------------------------------------------------------- Wed Apr 11 17:45:44 UTC 2018 - javier@opensuse.org - spec clean up * Let rpm find the library dependencies by itself. Remove unneeded explicit Requires: tags (php-zlib) * Remove logic for obsolete openSUSE releases * Ignore pem-certificate rpmlint warning (see libraries/certs/README.rst) * Remove hidden .github, .php_cs.dist, .scrutinizer.yml and .editorconfig * Remove php_twig.h and twig.c (devel) * Set proper shebang for bash and php scripts * Make phpmyadmin/sql-parser/bin/*-query and paragonie/random_compat/*.sh executable ------------------------------------------------------------------- Wed Apr 11 07:42:57 UTC 2018 - javier@opensuse.org - update to 4.8.0 (2018-04-07) * gh#12946 Allow to export JSON with unescaped unicode chars * gh#12983 Disable login button without solved reCaptcha * gh#12315 Allow to remove individual segments from pie charts * gh Change label from "Improve table structure" to "Normalize" to match standard terminology * gh#13087 Offer login as different user on access denied from MySQL * gh#13110 Indicate when HTTPS is not properly reported on the server * gh#13119 No database selected error when adding foreign key * gh#12388 Improved database search to allow search for exact phrase match * gh#13099 Report error when trying to copy database to same name * gh#13167 Themes now have to contain metadata in theme.json * gh#6363 phpMyAdmin no longer requires eval() in PHP * gh#12386 The mbstring dependency is now optional * gh#13269 Small refactoring in preparation to CSP * gh#13384 Database link broken in Databases Page * gh#13391 Configurable authentication logging using $cfg['AuthLog'] * gh#13086 Add support for Google Invisible Captcha * gh#13058 Improved error reporting for reCAPTCHA * gh#12899 Improved rendering of server variables table * gh#12948 Fixed javascript editor for TIME values * gh#13095 Fixed alignment of foreign keys editing * gh#12944 Improved inline editor for JSON * gh#13145 Improved layout of operations pages * gh#13448 Add "format" query button in edit view form * gh#6241 Implement Responsive Design/mobile interface * gh Use a single location for classes under PhpMyAdmin namespace * gh#12354 Indicate SSL status on main page * gh#5666 Configuration directives for defaults of Transformation options * gh#12261 Remove inline JavaScript * gh#13408 Show MySQL warnings when executing SQL queries * gh#5827 Allow Designer to show tables from other databases * gh#13268 Replace Query-By-Example with multi-table query generator interface * gh#13576 Add privileges export to per-database listing * gh Consolidate functions into class files * gh#13560 Add support for changing collation for all tables and columns in database * gh#13303 Add support for creating fulltext index from table structure * gh#13711 Lower default value for $cfg['MaxExactCount'] * gh#13722 DisableIS is not fully honored * gh#6197 Added support for authentication using U2F and 2FA * gh#13480 Avoid removing cookies on upgrade * gh#13397 Remember state of navigation panel * gh#11688 Reduced cookie usage * gh#13466 Better utilization of user preferences * gh#14042 Rename PMD to Designer * gh#13940 Honor arg_separator in AJAX requests * gh#14060 Can't edit rows in Internet Explorer * gh#14096 Internet Explorer compatibility; fixes JavaScript error Object doesn't support property or method 'startsWith' ------------------------------------------------------------------- Tue Mar 6 13:43:10 UTC 2018 - ecsos@opensuse.org - update to 4.7.9 (2018-03-05) * gh#13931 Fixed browsing tables with more results * gh#13927 "Not an integer" when browsing a table * gh#13887 "Input variables exceeded 1000" error relating to PHP's max_input_vars directive ------------------------------------------------------------------- Thu Feb 22 20:30:07 UTC 2018 - astieger@suse.com - phpMyAdmin 4.7.8: * Fixed error handling with PHP 7.2 * Fixed resetting default setting values * Fixed fallback value for collation connection - fix for boo#1082188 * PMASA-2018-1 (CVE-2018-7260, CWE-661) https://www.phpmyadmin.net/security/PMASA-2018-1/ - Fix XSS in Central Columns Feature ------------------------------------------------------------------- Mon Dec 25 19:14:32 UTC 2017 - astieger@suse.com - phpMyAdmin 4.7.7: * Fixed displaying of formatted numeric values for some locales * Ensure datetimepicker is always loaded for datetime fields * Fixed PHP error when browsing certain results * Fix XSRF/CSRF vulnerability (bsc#1074066, PMASA-2017-09) CVE-2017-1000499 ------------------------------------------------------------------- Sat Dec 2 10:14:46 UTC 2017 - ecsos@opensuse.org - update to 4.7.6 (2017-11-29) * gh#13517 Fixed check all interaction with filtering * gh#13803 Add SJIS-win to default list of allowed charsets * gh#13436 Improve detection that MySQL server needs SSL connection * gh#13038 Support JSON datatype on MariaDB 10.2.7 and newer * gh#13824 Fixed constructing ALTER query with AFTER * gh#13821 Lock page when changes are done in the SQL editor * gh#13842 Prefer iconv for encoding conversions * gh#13737 Fixed changing password on MariaDB cluster ------------------------------------------------------------------- Sun Nov 26 18:14:24 UTC 2017 - suse+build@de-korte.org - fix for boo#1057661 * no longer require php_mod_any (recommend it instead) * only enable php5 / php7 if running Apache prefork MPM - fix %post * use sed instead of grep/awk to determine PHP version ------------------------------------------------------------------- Tue Oct 24 07:40:37 UTC 2017 - ecsos@opensuse.org - update to 4.7.5 (2017-10-23) * gh#13615 Avoid problems with browsing unknown query types * gh#13612 Integrate tooltip into datetime pickers * gh#13628 Fixed javascript error in server monitor * gh#13444 Fixed server monitor on non Linux and Windows systems * gh#13633 Reload javscript messages when changing language * gh#13604 Fixed crash on invalid ordering data * gh#13639 Fixed error when browsing non SELECT results * gh#13533 Fixed saving column to display * gh#13647 Fixed export of tables with VIRTUAL columns * gh#13669 Fixed selecting multiple rows accidentally selects the next row too * gh#13513 Fixed edit index Column alignment issue * gh#13515 Fixed rendering of add index dialog * gh#13710 Fixed possible error in server advisor * gh#13477 Fixed setting input transformations * gh#13552 Fixed IPv4/IPv6 To Binary input transformation * gh#13686 Clicking on column name to trigger sort with an active search leads to logout * gh#13725 Fixed copying tables with specific PARTITION definition * gh#13761 Fixed listing of bookmarks for a database ------------------------------------------------------------------- Fri Sep 8 12:51:38 UTC 2017 - chris@computersalat.de - fix recommends * php5-curl -> php-curl * php5-zip -> php-zip - fix post step * enable correct phpX module ------------------------------------------------------------------- Fri Aug 25 17:05:32 UTC 2017 - ecsos@opensuse.org - update to 4.7.4 * gh#13415 Remove shadow from the logo * gh#13507 Fixed per server theme feature * gh#13523 Missing newline in ALTER exports * gh#13414 Fixed several compatibility issues with PHP 7.2 * gh#13550 Fixed copy results to clipboard * gh#13562 Add limitation for user group length * gh#13561 Fixed edit variable link in advisor * gh#13579 Optimize table link should not be visible in print page * gh#13553 Improved error handling on corrupted tables * gh#13512 Fixed rendering of add index dialog * gh#13606 Fixed refreshing server variables ------------------------------------------------------------------- Fri Jul 28 09:17:35 UTC 2017 - chris@computersalat.de - fix for boo#1050980 * replace mcrypt with openssl, see https://github.com/phpseclib/phpseclib/issues/1028 - update changes (update to 4.6.6 (2017-01-23)) * add missing (CVE-Not yet available) CVE's ------------------------------------------------------------------- Sat Jul 22 08:03:55 UTC 2017 - ecsos@opensuse.org - update to 4.7.3 * gh#13447 Large multi-line query removes Export operation and blanks query box options * gh#13445 Fixed rendering of query results * gh#13437 Fixed version check when not connected to a database * gh#13465 Fixed creating relation * gh#13475 Fixed export without backquotes * gh#13482 Improved handling of uploaded files with open_basedir * gh#13387 Fixed inline editing of hex values * gh#13382 Fixed size of index edit dialog * gh#13489 Fixed rendering SQL lint errors * gh#13468 Avoid breakage if set_time_limit is disabled * gh#13471 Fail if ini_set/ini_get are disabled * gh#13436 Automatically connect using SSL when server is configured so * gh#13478 Fixed usage of some browser transformations ------------------------------------------------------------------- Sun Jul 2 09:07:05 UTC 2017 - ecsos@opensuse.org - update to 4.7.2 (2017-06-29) * gh#13314 Make theme selection keep current server * gh#13311 Fixed direct login for accounts without password * gh#13316 Fixed check for mbstring.func_overload * gh#13323 Fixed wrong encoding of table at triggers * gh#12976 Fixed natural sorting in several places * gh#12718 Show warning for users removed from mysql.user table * gh#13362 Fixed loading additional javascripts * gh#13343 Fixed editing QBE * gh#13193 Improved documentation on user settings * gh#13092 Gracefully handle early fatal errors in AJAX requests * gh#13327 Fixed Incorrect NavigationTreeEnableExpansion default value in the documentation * gh#13008 Fixed export of database with a lot of tables * gh#13318 Improved performance when importing with enabled tracking * gh#13386 Avoid PHP errors with non existing configuration on OS X * gh#13388 Show only supported charsets for conversion * gh#13392 Fixed operation with session.auto_start enabled * gh#13383 "Create PHP code" is broken * gh#13189 Fixed links to resume timeouted import ------------------------------------------------------------------- Fri Jun 2 09:34:30 UTC 2017 - ecsos@opensuse.org - update to 4.7.1 (2017-05-25) * gh#13132 Always execute tracking queries as controluser * gh#13125 Focus on SQL editor after inserting field name * gh#13133 Fixed broken links in setup * gh#13135 Database list Tooltips: Show wrong value * gh#13150 Fixed pagination while browsing resuls * gh#13149 Fixed outbound links in changelog.php * gh#13146 Do not include devel dependencies in the release * gh#13144 Do not show New as a database in database dropdown * gh#13130 Fixed handling of errors in AJAX requests * gh#13152 Fixed PHP error in case of invalid table preferences * gh#13154 Fixed PHP error on password change * gh#13219 Fix Refresh of Process List * gh#13182 Fix refresh of long queries * gh#12301 Improved handling of logout with disabled LoginCookieDeleteAll * gh#13216 Add support for MySQL 8.0 collations * gh#13218 Fixed rendering of phpMyAdmin logos * gh#13234 Properly report not working sessions * gh#13256 Fixed password check on server replication * gh#13252 Fixed grid editing time column * gh#13258 Fixed detection of Amazon RDS * gh#13241 Redirect user to last page that has any tables to display * gh#13266 Fix link to User accounts overview page * gh#13274 Fix error in query builder * gh#13177 Grid editing repeats action after error ------------------------------------------------------------------- Sat Apr 22 16:41:39 UTC 2017 - chris@computersalat.de - restore phpMyAdmin-pma.patch * because it is NOT upstream and needed for configuration storage - restore previous phpMyAdmin-config.patch * merge with upstream config VAR changes - removed $cfg['Servers'][$i]['designer_coords'] ------------------------------------------------------------------- Sat Apr 1 18:58:33 UTC 2017 - ecsos@opensuse.org - update to 4.7.0 (2017-03-28) * gh#12233 [Display] Improve message when renaming database to same name * gh#6146 Log authentication attempts to syslog * gh#11981 Remove support for Swekey authentication * gh#11987 Remove code for no longer supported MSIE versions * gh#11962 Remove embedded PHP libraries, use composer to install them * gh#12017 Cannot easily select multiple tables when exporting * gh#12047 Add javascript filtering for databases * gh#12166 More compact rendering of navigation tree * gh#12129 Improve performance with SkipLockedTables * gh#12173 Do not hide indexes under a slider * Improve performance of zip file import * gh#12196 Removed $cfg['ThemePath'] * gh#6274 Add support for export user settings as config.inc.php snippet * gh#5555 Better report query errors while generating SQL exports * gh#12307 Produce valid JSON on export * gh#12325 Setup script icons broken * gh#12378 Support IPv6 proxies * Removed MySQL connection retry without password * gh#12218 Allow to specify further parameters for control connection * gh#12162 Show charset for each table on Database structure page * gh#12463 Incorrect link in the href of icon at Hide/Show unhide links * gh#12330 Shortcut for closing console * gh#12465 Improved handling of http requests * gh#12474 Broken links in Setup forms Navigation * gh#12494 Can't add a new User * gh#12523 Add 'token' Parameter in all POST requests (Fix 'Token mismatch' errors) * gh#12302 Improved usage of number_format * gh#12656 Server selection not working * gh#12543 NULL results in dataset are colored grey * gh#12664 Create Bookmark broken * gh#12688 Use unsigned int for storing bookmark ID * gh#12352 Added password strength indicator * gh#12713 Correctly handle HTTP status when doing requests * gh#12247 Add option to delete settings from browser storage * gh#12783 Remove unused PMA_addJSCode function * gh#12069 Add table filtering to database structure * gh#12799 Allow to configure signon session parameters * gh#12854 Drop database is broken * gh#12863 Can't toggle Event Scheduler on * gh#12742 Finish removing dead code references to xls/xlsx import and export, which was removed some time ago. * gh#12536 Rename "Relations" to "Relationships" in many places as it's the more proper term * gh#12834 Fixed margins in central columns feature * gh#12903 Document more export configuration options * gh#12897 Use consistent numeric format for table overhead * gh#12901 Use server returned table name on renaming table * gh#12918 Always use \r\n as newline when editing fields * gh#12923 Fixed server side search in navigation panel * gh#12929 Undefined index warning with ssl_ca_paths * gh#12924 Do not show errors from OpenSSL cookie encryption/decryption * gh#12945 Fixed hint rendering on adding new user * gh#12941 Fixed sorting of tables in relation view * gh#12936 Fixed tables pagination in navigation panel * gh#12904 Do not collapse add form for central columns if there are none * gh#12955 Fixed database renaming * gh#12954 Fixed export of tracking data * gh#12960 Enclose exports in transaction by default * gh#12966 After adding a column ADD INDEX option won't be displayed when enabling AI * gh#12972 Better error message when Composer has not been run * gh#12988 Do not show language selector without choices * gh#12993 Fixed external links to php documentation * gh#12990 Fixed error when loading favorite tables to console * gh#12981 Improved rendering of new version information * gh#12922 Fixed bookmarks ordering * gh#12964 Fixed table search in navigation * gh#12985 Fixed rendering of foreign key browsing * gh#12957 Fixed manipulation with GIS data having zero coordinates * gh#12804 Fixed various designer javascript errors * gh#12934 Fixed possible javascript error on server status page * gh#12927 Fixed javascript error on 3NF normalization * gh#12996 List all databses in navigation panel database dropdown * gh#12980 Better defaults when creating multi field foreign key * gh#12976 Improved foreign key editor behavior * gh#12958 Always show error reporting dialog on top * gh#12693 Improved support for TokuDB * gh#11231 Try harder to honor LoginCookieValidity setting * gh#13016 and #13017 Slight improvements to the table layout of Relation view * gh#12345 Correctly show affected rows for LOAD DATA queries * gh#13010 Copy database: SQL error for copying PMADB metadata * gh#13002 Fixed OpenDocument exports * gh#13000 Align NULL values according to the column alignment * gh#13021 Show phpMyAdmin errors even with error_reporting set to 0 * gh#13020 Removed warning about client and server versions mismatch * Hide comments on table Structure tab when no comment is set * Fixed submission of error reports * gh#13033 Use Referrer-Policy header to specify referrer policy * Fixed javascript confirmation of dangerous queries * gh#13040 Compatibility with hhvm 3.18 * gh#13031 Fixed displaying of all rows * gh#12967 Fixed related field selection for native relations * gh#13045 Properly escape MIME transformatoin names * gh#13028 Always show 100% in font selector * gh#13047 Fix query simulating for more servers * gh#12846 Fix new version check for sites with wrongly configured curl * gh#12951 When exporting to Excel, the default is now to include column names in the first row * gh#13059 Removed debugging code * gh#13029 Fixed table tracking for nested table groups * gh#13053 Fixed broken links in setup * gh#12708 Removed phpMyAdmin version from User-Agent header * gh#13084 Do not point users to setup when it is disabled * gh#12660 Delete only phpMyAdmin cookies on upgrade * gh#13088 Fixed editing of rows with text primary key * gh#13092 Do not try to sync favorite tables if configuration storage is not enabled * gh#13105 Fixed changing attribute for virtual field * gh#12757 Fixed setting password on recent MariaDB with non working plugins * gh#12349 Fixed undefined variable on import from some formats * gh#13103 Do not offer default names for copying/renaming databases * [security] Possible to bypass $cfg['Servers'][$i]['AllowNoPassword'], see PMASA-2017-08 - Drop patch phpMyAdmin-pma.patch because now in upstream ------------------------------------------------------------------- Mon Mar 20 22:13:20 UTC 2017 - chris@computersalat.de - add http.inc file * include one file for php5/php7 admin flags/values ------------------------------------------------------------------- Wed Jan 25 22:12:33 UTC 2017 - chris@computersalat.de - 4.6.6 (2017-01-23) * gh#12759 Fix Notice regarding 'Undefined index: old_usergroup' * gh#12760 Fix Notice regarding 'Undefined index: users' * gh#12762 Fixed parsing of SQL with BINARY function * gh#12588 ReCaptcha now works without allow_url_fopen * gh#12699 Show no local storage warning only on settings tab * gh#12778 Syntax Error in Adding/Changing TIMESTAMP columns with default value as NULL * gh#12769 Edit/Export links are not clickable under Routines tab * gh#12757 Fixed creating new user with older MariaDB * gh#12784 Remove ctype installation suggestion * gh#12780 Format button replaces all text with blank spaces * gh#12786 Fixed database searching * gh#12792 Fixed javascript error on new version link * gh#12785 Add information about required and suggested extensions to composer.json * gh#12801 Custom header shown twice with cookie login form * gh#12802 Custom footer not shown with auth_type http login failure * gh#12434 Improve documentation for servers running with Suhosin * gh#12800 Updated embedded phpSecLib to 2.0.4 * gh#12800 Fixed various issues with PHP 7.1 * gh#11816 Fixed operation with lower_case_table_names=2 * gh#12813 Fixed stored procedure execution * gh#12826 Honor user configured connection collation * gh#12293 Correctly report OpenSSL errors from cookie encryption * gh#12814 DateTime won't allow to input length in Routine editor * gh#12840 Fix Notice regarding 'Undefined index: row_format' when altering table options * gh#12841 Fixed moving of columns with whitespace in name * gh#12847 Fixed editing of virtual columns * gh#12859 Changed WHERE condition to 0 instead of 1 for SQL query window to avoid accidents * gh#12872 Use same query for display and execution when dropping index * gh#12868 Fix check for user groups freatures being enabled * gh#12876 Fix notices and warning related to dbs_to_test global * gh#12831 Fix table formatting on Insert tab, which mostly affected row highlighting * gh#12495 Reintroduced phpinfo page with limited capabilities * gh#12861 Fix renaming tables with lower_case_table_names=2 * gh#12876 Fix possible PHP error in navigation * gh#12881 Fix database search with newer php-gettext * gh#12894 Fix linter error on unterminated variable name * gh#12732 Fixed filtering for active processes - fix for boo#1021597 * PMASA-2016-44 (CVE-2016-6621, CWE-661) https://www.phpmyadmin.net/security/PMASA-2016-44/ - Multiple vulnerabilities in setup script * PMASA-2017-1 (CVE-2017-1000013, CWE-661) https://www.phpmyadmin.net/security/PMASA-2017-1/ - Open redirect * PMASA-2017-2 (CVE-2015-8980, CWE-661) https://www.phpmyadmin.net/security/PMASA-2017-2/ - php-gettext code execution * PMASA-2017-3 (CVE-2017-1000014, CWE-661) https://www.phpmyadmin.net/security/PMASA-2017-3/ - DOS vulnerabiltiy in table editing * PMASA-2017-4 (CVE-2017-1000015, CWE-661) https://www.phpmyadmin.net/security/PMASA-2017-4/ - CSS injection in themes * PMASA-2017-5 (CVE-2017-1000016, CWE-661) https://www.phpmyadmin.net/security/PMASA-2017-5/ - Cookie attribute injection attack * PMASA-2017-6 (CVE-2017-1000017, CWE-661) https://www.phpmyadmin.net/security/PMASA-2017-6/ - SSRF in replication * PMASA-2017-7 (CVE-2017-1000018, CWE-661) https://www.phpmyadmin.net/security/PMASA-2017-7/ - DOS in replication status - remove obsolete phpMyAdmin-12757_sql_syntax_errror.patch - rework phpMyAdmin-config.patch ------------------------------------------------------------------- Thu Jan 19 17:42:49 UTC 2017 - ecsos@opensuse.org - Add Patch phpMyAdmin-12757_sql_syntax_errror.patch to fix gh#12757 SQL syntax errror on MariaDB < 10.0.2 in check for mysql password check plugin. Will be fixed in 4.6.6 ------------------------------------------------------------------- Tue Dec 6 15:25:29 UTC 2016 - chris@computersalat.de - update to 4.6.5.2 (2016-12-05) * gh#12765 Fixed SQL export with newlines - update changes (update to 4.6.5 (2016-11-25)) * add missing (Not yet available) CVE's - fix phpMyAdmin.http ------------------------------------------------------------------- Sat Nov 26 15:32:19 UTC 2016 - ecsos@opensuse.org - update to 4.6.5.1 (2016-11-26) - quick fix for 4.6.5 * an issue affecting a small number of users using $cfg['Servers'][$i]['hide_db'] or $cfg['Servers'][$i]['only_db']. * an issue affecting the create table dialog where the partition selection tool was overzealous and made it difficult to create a new table. - update to 4.6.5 (2016-11-25) - security fixes * Fix for expanding in navigation pane * Reintroduced a simplified version of PmaAbsoluteUri directive (needed with reverse proxies) * Fix editing of ENUM/SET/DECIMAL field structures * Improvements to the parser - other fixes * Remove potentionally license problematic sRGB profile * gh#12459 Display read only fields as read only when editing * gh#12384 Fix expanding of navigation pane when clicking on database * gh#12430 Impove partitioning support * gh#12374 Reintroduced simplified PmaAbsoluteUri configuration directive * Always use UTC time in HTTP headers * gh#12479 Simplified validation of external links * gh#12483 Fix browsing tables with built in transformations * gh#12485 Do not show warning about short blowfish_secret if none is set * gh#12251 Fixed random logouts due to wrong cookie path * gh#12480 Fixed editing of ENUM/SET/DECIMAL fields structure * gh#12497 Missing escaping of configuration used in SQL (hide_db and only_db) * gh#12476 Add error checking in reading advisory rules file * gh#12477 Add checking missing elements and confirming element types from json_decode * gh#12251 Automatically save SQL query in browser local storage rather than in cookie * gh#12292 Unable to edit transformations * gh#12502 Remove unused paramenter when connecting to MySQLi * gh#12303 Fix number formatting with different settings of precision in PHP * gh#12405 Use single quotes in PHP code * gh#12534 Option for the dropped column is not removed from 'after_field' select, after the column is dropped * gh#12531 Properly detect DROP DATABASE queries * gh#12470 Fix possible race condition in setting URL hash * gh#11924 Remove caching of server information * gh#11628 Proper parsing of INSERT ... ON DUPLICATE KEY queries * gh#12545 Proper parsing of CREATE TABLE ... PARTITION queries * gh#12473 Code can throw unhandled exception * gh#12550 Do not try to keep alive session even after expiry * gh#12512 Fixed rendering BBCode links in setup * gh#12518 Fixed copy of table with generated columns * gh#12221 Fixed export of table with generated columns * gh#12320 Copying a user does not copy usergroup * gh#12272 Adding a new row with default enum goes to no selection when you want to add more then 2 rows * gh#12487 Drag and drop import prevents file dropping to blob column file selector on the insert tab * gh#12554 Absence of scrolling makes it impossible to read longer text values in grid editing * gh#12530 "Edit routine" crashes when the current user is not the definer, even if privileges are adequate * gh#12300 Export selective tables by-default dumps Events also * gh#12298 Fixed export of view definitions * gh#12242 Edit routine detail dialog does not fill "Return length" field in mysql functions * gh#12575 New index Confirm adds whitespace around the field name * gh#12382 Bug in zoom search * gh#12321 Assign LIMIT clause only to syntactically correct queries * gh#12461 Can't Execute SQL With Sub-Query Due To "LIMIT 0,25" Inserted At Wrong Place * gh#12511 Clarify documentation on ArbitraryServerRegexp * gh#12508 Remove duplicate code in SQL escaping * gh#12475 Cleanup code for getting table information * gh#12579 phpMyAdmin's export of a Select statment without a FROM clause generates Wrong SQL * gh#12316 Correct export of complex SELECT statements * gh#12080 Fixed parsing of subselect queries * gh#11740 Fixed handling DELETE ... USING queries * gh#12100 Fixed handling of CASE operator * gh#12455 Query history stores separate entry for every letter typed * gh#12327 Create PHP code no longer works * gh#12179 Fixed bookmarking of query with multiple statements * gh#12419 Wrong description on GRANT OPTION * gh#12615 Fixed regexp for matching browser versions * gh#12569 Avoid showing import errors twice * gh#12362 prefs_manage.php can leave an orphaned temporary file * gh#12619 Unable to export csv when using union select * gh#12625 Broken Edit links in query results of JOIN query * gh#12634 Drop DB error in import if DB doesn't exist * gh#12338 Designer reverts to first saved ER after EACH relation create or delete * gh#12639 'Show trace' in Console generates JS error for functions in query's trace called without any arguments * gh#12366 Fix user creation with certain MariaDB setups * gh#12616 Refuse to work with mbstring.func_overload enabled * gh#12472 Properly report connection without password in setup * gh#12365 Fix records count for large tables * gh#12533 Fix records count for complex queries * gh#12454 Query history not updated in console until page refresh * gh#12344 Fixed parsing of labels in loop * gh#12228 Fixed parsing of BEGIN labels * gh#12637 Fixed editing some timestamp values * gh#12622 Fixed javascript error in designer * gh#12334 Missing page indicator or VIEWs * gh#12610 Export of tables with Timestamp/Datetime/Time columns defined with ON UPDATE clause with precision fails * gh#12661 Error inserting into pma__history after timeout * gh#12195 Row_format = fixed not visible * gh#12665 Cannot add a foreign key - non-indexed fields not listed in InnoDB tables * gh#12674 Allow for proper MySQL-allowed strings as identifiers * gh#12651 Allow for partial dates on table insert page * gh#12681 Fixed designer with tables using special chars * gh#12652 Fixed visual query builder for foreign keys with more fields * gh#12257 Improved search page performance * gh#12322 Avoid selecting default function for foreign keys * gh#12453 Fixed escaping of SQL parts in some corner cases * gh#12542 Missing table name in account privileges editor * gh#12691 Remove ksort call on empty array in PMA_getPlugins function * gh#12443 Check parameter type before processing * gh#12299 Avoid generating too long URLs in search * gh#12361 Fix self SQL injection in table-specific privileges * gh#12698 Add link to release notes and download on new version notification * gh#12712 Error when trying to setup replication (fatal error in call to an old PMA_DBI_connect function) - fix for boo#1012271 https://www.phpmyadmin.net/security/ * Unsafe generation of $cfg['blowfish_secret'] see PMASA-2016-58 (CVE ids: CVE-2016-9847, CWE-661) * phpMyAdmin's phpinfo functionality is removed see PMASA-2016-59 (CVE ids: CVE-2016-9848, CWE-661) * AllowRoot and allow/deny rule bypass with specially-crafted username see PMASA-2016-60 (CVE ids: CVE-2016-9849, CWE-661) * Username matching weaknesses with allow/deny rules see PMASA-2016-61 (CVE ids: CVE-2016-9850, CWE-661) * Possible to bypass logout timeout see PMASA-2016-62 (CVE ids: CVE-2016-9851, CWE-661) * Full path disclosure (FPD) weaknesses see PMASA-2016-63 (CVE ids: CVE-2016-9852, CVE-2016-9853, CVE-2016-9854, CVE-2016-9855, CWE-661) * Multiple XSS weaknesses see PMASA-2016-64 (CVE ids: CVE-2016-9856, CVE-2016-9857, CWE-661, CWE-352) * Multiple denial-of-service (DOS) vulnerabilities see PMASA-2016-65 (CVE ids: CVE-2016-9858, CVE-2016-9859, CVE-2016-9860, CWE-661, CW-400) * Possible to bypass white-list protection for URL redirection see PMASA-2016-66 (CVE ids: CVE-2016-9861, CWE-661, CWE-20, CWE-601) * BBCode injection to login page see PMASA-2016-67 (CVE ids: CVE-2016-9862, CWE-661) * Denial-of-service (DOS) vulnerability in table partitioning see PMASA-2016-68 (CVE ids: CVE-2016-9863, CWE-661, CWE-400) * Multiple SQL injection vulnerabilities see PMASA-2016-69 (CVE ids: CVE-2016-9864, CWE-661, CWE-89) * Incorrect serialized string parsing see PMASA-2016-70 (CVE ids: CVE-2016-9865, CWE-661) * CSRF token not stripped from the URL see PMASA-2016-71 (CVE ids: CVE-2016-9866, CWE-661) ------------------------------------------------------------------- Sun Nov 6 16:27:00 UTC 2016 - chris@computersalat.de - fix deps * add missing Recommends php5-curl - fix phpMyAdmin.http * add <IfModule mod_php7.c> ------------------------------------------------------------------- Sat Nov 5 02:54:41 UTC 2016 - chris@computersalat.de - fix phpMyAdmin.http ------------------------------------------------------------------- Thu Aug 18 13:31:57 UTC 2016 - chris@computersalat.de - 4.6.4 (2016-08-16) - securitiy fixes * Improve session cookie code for openid.php and signon.php example files * Full path disclosure in openid.php and signon.php example files * Unsafe generation of BlowfishSecret (when not supplied by the user) * Referrer leak when phpinfo is enabled * Use HTTPS for wiki links * Improve SSL certificate handling * Fix full path disclosure in debugging code * Administrators could trigger SQL injection attack against users - other fixes * Remove Swekey support * Include X-Robots-Tag header in responses * Enforce numeric field length when creating table * Fixed invalid Content-Length in some HTTP responses * gh#12394 Create view should require a view name * gh#12391 Message with 'Change password successfully' displayed, but does not take effect * Tighten control on PHP sessions and session cookies * gh#12409 Re-enable overhead on server databases view * gh#12414 Fixed rendering of Original theme * gh#12413 Fixed deleting users in non English locales * gh#12416 Fixed replication status output in Databases listing * gh#12303 Avoid typecasting to float when not needed * gh#12425 Duplicate message variable names in messages.inc.php * gh#12399 Adding index to table shows wrong top navigation * gh#12424 Fixed password change on MariaDB without auth plugin * gh#12339 Do not error on unset server port * gh#12422 Improvements to the original theme * gh#12395 Do not try to load old transformation plugins * gh#12423 Fixed replication status in database listing * gh#12433 Copy table with prefix does not copy the indexes * gh#12375 Search in database: Window content is not scrolling down when clicking first time on Browse link * gh#12346 SQL Editor textareas can have their size increased from the top, distorting the page view - fix for boo#994313 https://www.phpmyadmin.net/security/ * Weaknesses with cookie encryption see PMASA-2016-29 (CVE-2016-6606, CWE-661) * Multiple XSS vulnerabilities see PMASA-2016-30 (CVE-2016-6607, CWE-661) * Multiple XSS vulnerabilities see PMASA-2016-31 (CVE-2016-6608, CWE-661) * PHP code injection see PMASA-2016-32 (CVE-2016-6609, CWE-661) * Full path disclosure see PMASA-2016-33 (CVE-2016-6610, CWE-661) * SQL injection attack see PMASA-2016-34 (CVE-2016-6611, CWE-661) * Local file exposure through LOAD DATA LOCAL INFILE see PMASA-2016-35 (CVE-2016-6612, CWE-661) * Local file exposure through symlinks with UploadDir see PMASA-2016-36 (CVE-2016-6613, CWE-661) * Path traversal with SaveDir and UploadDir see PMASA-2016-37 (CVE-2016-6614, CWE-661) * Multiple XSS vulnerabilities see PMASA-2016-38 (CVE-2016-6615, CWE-661) * SQL injection vulnerability as control user see PMASA-2016-39 (CVE-2016-6616, CWE-661) * SQL injection vulnerability see PMASA-2016-40 (CVE-2016-6617, CWE-661) * Denial-of-service attack through transformation feature see PMASA-2016-41 (CVE-2016-6618, CWE-661) * SQL injection vulnerability as control user see PMASA-2016-42 (CVE-2016-6619, CWE-661) * Verify data before unserializing see PMASA-2016-43 (CVE-2016-6620, CWE-661) * SSRF in setup script see PMASA-2016-44 (CVE-2016-6621, CWE-661) * Denial-of-service attack with $cfg['AllowArbitraryServer'] = true and persistent connections see PMASA-2016-45 (CVE-2016-6622, CWE-661) * Denial-of-service attack by using for loops see PMASA-2016-46 (CVE-2016-6623, CWE-661) * Possible circumvention of IP-based allow/deny rules with IPv6 and proxy server see PMASA-2016-47 (CVE-2016-6624, CWE-661) * Detect if user is logged in see PMASA-2016-48 (CVE-2016-6625, CWE-661) * Bypass URL redirection protection see PMASA-2016-49 (CVE-2016-6626, CWE-661) * Referrer leak see PMASA-2016-50 (CVE-2016-6627, CWE-661) * Reflected File Download see PMASA-2016-51 (CVE-2016-6628, CWE-661) * ArbitraryServerRegexp bypass see PMASA-2016-52 (CVE-2016-6629, CWE-661) * Denial-of-service attack by entering long password see PMASA-2016-53 (CVE-2016-6630, CWE-661) * Remote code execution vulnerability when running as CGI see PMASA-2016-54 (CVE-2016-6631, CWE-661) * Denial-of-service attack when PHP uses dbase extension see PMASA-2016-55 (CVE-2016-6632, CWE-661) * Remove tode execution vulnerability when PHP uses dbase extension see PMASA-2016-56 (CVE-2016-6633, CWE-661) - fix deps * add missing php-gettext - rebase phpMyAdmin-config.patch ------------------------------------------------------------------- Thu Jun 23 12:10:01 UTC 2016 - chris@computersalat.de - update to 4.6.3 (2016-06-23) * gh#12249 Fixed cookie path on Windows * gh#12279 Fixed error reporting on connect problems * gh#12290 Fixed export of tables without explicitly set engine * gh#12285 Designer JavaScript error: Show/Hide tables list * gh#12293 Fix MySQL SSL connection with some PHP versions * gh#12279 Fix MySQL connection error on version mismatch * gh#12281 Keep user attributes (privileges, authentication mode, etc) when copying a user * gh#12308 Fix division by zero in case of misconfigured MySQL server * gh#12317 Fix editing server variables * gh#12303 Fix table size calculation in some circumstances * gh#12310 Fix listing routines for non privileged user * issue Escape generated query in exporting a database * issue Setup script did not properly use input type password for some input types - fix for boo#986154 * PMASA-2016-17 (CVE-2016-5701, CWE-661) https://www.phpmyadmin.net/security/PMASA-2016-17/ - BBCode injection vulnerability * PMASA-2016-18 (CVE-2016-5702, CWE-661) https://www.phpmyadmin.net/security/PMASA-2016-18/ - Cookie attribute injection attack * PMASA-2016-19 (CVE-2016-5703, CWE-661) https://www.phpmyadmin.net/security/PMASA-2016-19/ - SQL injection attack * PMASA-2016-20 (CVE-2016-5704, CWE-661) https://www.phpmyadmin.net/security/PMASA-2016-20/ - XSS on table structure page * PMASA-2016-21 (CVE-2016-5705, CWE-661) https://www.phpmyadmin.net/security/PMASA-2016-21/ - Multiple XSS vulnerabilities * PMASA-2016-22 (CVE-2016-5706, CWE-661) https://www.phpmyadmin.net/security/PMASA-2016-22/ - DOS attack * PMASA-2016-23 (CVE-2016-5730, CWE-661) https://www.phpmyadmin.net/security/PMASA-2016-23/ - Multiple full path disclosure vulnerabilities * PMASA-2016-24 (CVE-2016-5731, CWE-661) https://www.phpmyadmin.net/security/PMASA-2016-24/ - XSS through FPD * PMASA-2016-25 (CVE-2016-5732, CWE-661) https://www.phpmyadmin.net/security/PMASA-2016-25/ - XSS in partition range functionality * PMASA-2016-26 (CVE-2016-5733, CWE-661) https://www.phpmyadmin.net/security/PMASA-2016-26/ - Multiple XSS vulnerabilities * PMASA-2016-27 (CVE-2016-5734, CWE-661) https://www.phpmyadmin.net/security/PMASA-2016-27/ - Unsafe handling of preg_replace parameters * PMASA-2016-28 (CVE-2016-5739, CWE-661) https://www.phpmyadmin.net/security/PMASA-2016-28/ - Referrer leak in transformations ------------------------------------------------------------------- Sun May 29 15:07:43 UTC 2016 - chris@computersalat.de - rebase phpMyAdmin-config.patch ------------------------------------------------------------------- Sat May 28 07:33:29 UTC 2016 - ecsos@opensuse.org - update to 4.6.2 (2016-05-25) - gh#12225 Use https for documentation links - gh#12234 Fix schema export with too many tables - gh#12240 Avoid parsing non JSON responses as JSON - gh#12244 Avoid using too log URLs when getting javascripts - gh#12118 Fixed setting mixed case languages - gh#12229 Avoid storing objects in session when debugging SQL - gh#12249 Fix cookie path on IIS - gh#11705 Fix occassional 200 errors on Windows - gh#12219 Fix locking issues when importing SQL - gh#12231 Avoid confusing warning when mysql extension is missing - fix issue Improve handling of logout - fix issue Safer handling of sessions during authentication - gh#12209 Fix server selection on main page - gh#12192 Avoid storing full error data in session - gh#12082 Fixed export of ARCHIVE tables with keys - gh#11565 Add session reload for config authentication - gh#12229 Do not fail on errors stored in session - gh#12248 Fix loading of APC based upload progress bar - remove PmaAbsoluteUri from phpMyAdmin-config.patch because since version 4.6.0 it is remove - Security fixes: * PMASA-2016-14 (CVE-2016-5097, CWE-661, boo#982126) https://www.phpmyadmin.net/security/PMASA-2016-14/ - User SQL queries can be revealed through URL GET parameters, see PMASA-2016-14 * PMASA-2016-16 (CVE-2016-5099, CWE-661, boo#982128) https://www.phpmyadmin.net/security/PMASA-2016-16/ - Self XSS vulneratbility, see PMASA-2016-16 ------------------------------------------------------------------- Mon May 9 10:14:44 UTC 2016 - chris@computersalat.de - phpMyAdmin 4.6.1: * Problems with SQL syntax warnings from the linter/parser * Fixing an error about "PMA_Util" not found * Better handling of JSON columns * Fixed quoting with the SQL parser, which in particular adversely affected SQL imports and exports ------------------------------------------------------------------- Thu Mar 24 12:03:17 UTC 2016 - astieger@suse.com - phpMyAdmin 4.6.0: * Allow setting routine-wise privileges * UI for defining partitioning in create table window * Support JSON data type * Editing partitions in table Structure * Copy results to clipboard * Reactivate cut&paste possibility in print view * Display binary strings as text if they are valid UTF-8 * Copy multiple tables to database * Show MySQL error messages in user language * Add new configuration directive 'ssl_verify' for self-signed certificates with mysqlnd and PHP >= 5.6 * Remove ForceSSL and PmaAbsoluteUri configuration directives (these are better handled by proper webserver configuration) * Fixed several bugs relating to exporting, particularly with DEFAULT and COMMENT fields ------------------------------------------------------------------- Tue Mar 1 18:04:41 UTC 2016 - astieger@suse.com - phpMyAdmin 4.5.5.1: The following vulnerabilities were fixed: * CVE-2016-2559: XSS vulnerability in SQL parser (PMASA-2016-10 boo#968940) * CVE-2016-2560: Multiple XSS vulnerabilities (PMASA-2016-11 boo#968938) * CVE-2016-2561: Multiple XSS vulnerabilities (PMASA-2016-12 boo#968941) * CVE-2016-2562: Vulnerability allowing man-in-the-middle attack on API call to GitHub (PMASA-2016-13 boo#968928) The following upstream bugs were fixed: * CREATE UNIQUE INDEX index type is not recognized by parser. * Row count wrong when grouping joined tables. * Column definition with default value and comment in CREATE TABLE expoerted faulty. * New statement but no delimiter and unexpected token with REPLACE. * Fixed incorrect usage of SQL parser context in SQL export * Fixed inclusion of gettext library from SQL parser ------------------------------------------------------------------- Wed Feb 24 20:56:15 UTC 2016 - astieger@suse.com - phpMyAdmin 4.5.5 * improvements to changing passwords on newer MariaDB servers * several fixes to the SQL parser ------------------------------------------------------------------- Sat Jan 30 08:43:24 UTC 2016 - ecsos@opensuse.org - update to 4.5.4.1 (2016-01-28) - gh#11892 Error with PMA 4.4.15.3 - gh#11896 Remove hard dependency on phpseclib ------------------------------------------------------------------- Thu Jan 28 18:20:05 UTC 2016 - astieger@suse.com - phpMyAdmin 4.5.4 The followinng vulnerabilities were fixed: (boo#964024) * CVE-2016-2038: Multiple full path disclosure vulnerabilities * CVE-2016-2039: Unsafe generation of XSRF/CSRF token * CVE-2016-2040: Multiple XSS vulnerabilities * CVE-2016-1927: Insecure password generation in JavaScript * CVE-2016-2041: Unsafe comparison of XSRF/CSRF token * CVE-2016-2042: Multiple full path disclosure vulnerabilities * CVE-2016-2043: XSS vulnerability in normalization page * CVE-2016-2044: Full path disclosure vulnerability in SQL parser * CVE-2016-2045: XSS vulnerability in SQL editor - update upstream singing keyring ------------------------------------------------------------------- Sun Jan 10 23:40:38 UTC 2016 - astieger@suse.com - 4.5.x package was missing template - fix boo#961285 ------------------------------------------------------------------- Wed Jan 6 17:36:34 UTC 2016 - chris@computersalat.de - fix for boo#960854 * add missing dependency of php-json ------------------------------------------------------------------- Mon Jan 4 21:39:35 UTC 2016 - astieger@suse.com - phpMyAdmin 4.5.3.1: * Minimum requirement is PHP 5.5 - Highlights of the 4.5.x.x series: * Improvements to the Console feature * Include structure in PDF export * Validate data before import * Support CHECKSUM TABLE operation * Improved operations regarding partitions * Alter privileges when renaming or copying a database or table * Several improvements related to speed and responsiveness * Improved print view * Use CTRL or ALT plus arrow keys to navigate in grid editor * Use plain-English destinations for $cfg['NavigationTreeDefaultTabTable'], $cfg['DefaultTabServer'], $cfg['DefaultTabDatabase'], and $cfg['DefaultTabTable']. The old style values will still work, but this makes it easier for new users to easily understand the destination links. * Integrate SQL debugging into Console * Restore row editing when no unique/primary key exists * Allow exporting one file per table and one file per database * Improvements to using multiple servers with the auth_type cookie * Support virtual columns (MySQL 5.7.5+) * Add or improve support for several MariaDB features including process list and virtual/persistent columns * Improved handling of cached data when upgrading phpMyAdmin * Add SHA256 security password support ------------------------------------------------------------------- Tue Dec 29 18:47:04 UTC 2015 - ecsos@opensuse.org - update to 4.4.15.2 (2015-12-25) - Security fixes: * PMASA-2015-5 (CVE-2015-8669, CWE-661 CWE-200) boo#960282 https://www.phpmyadmin.net/security/PMASA-2015-6/ - [Security] Path disclosure, see PMASA-2015-6 ------------------------------------------------------------------- Mon Oct 26 10:32:47 UTC 2015 - ecsos@opensuse.org - update to 4.4.15.1 (2015-10-23) - gh#11464 phpMyAdmin suggests upgrading to newer version not usable on that system - Security fixes: [boo#951960] * PMASA-2015-5 (CVE-2015-7873, CWE-661 CWE-20) https://www.phpmyadmin.net/security/PMASA-2015-5/ - fix issue [security] Content spoofing on url.php ------------------------------------------------------------------- Sun Sep 20 20:12:36 UTC 2015 - ecsos@opensuse.org - update to 4.4.15 (2015-09-20) - gh#11411 Undefined "replace" function on numeric scalar - gh#11421 Stored-proc / routine - broken parameter parsing - fix issue Missing name for configuration read_as_multibytes - gh#11431 Incorrect "No row selected" message - gh#11447 MySQL 5.5 and the language system variable - gh#11452 Semantics of export and import icons are mixed up - gh#11451 Designer-Bug in move.js on multiple server configuration - gh#11458 Invalid UTF-8 sequence in argument - gh#11457 Request URI too large - fix issue Invalid argument supplied for foreach() - gh#11461 Foreign key constraints for InnoDB tables with upper-case letters disabled - gh#11487 Warning when entering Query page - change entrys in changelog from sf to gh from 4.13.0 to now ------------------------------------------------------------------- Thu Sep 17 09:41:30 UTC 2015 - ecsos@opensuse.org - boo#945999 enable required apache modules in spec at install ------------------------------------------------------------------- Fri Sep 11 09:55:59 UTC 2015 - ecsos@opensuse.org - update 4.4.14.1 (2015-09-08) - Security fixes: [boo#945420] * PMASA-2015-4 (CVE-2015-6830, CWE-661 CWE-307) https://www.phpmyadmin.net/security/PMASA-2015-4/ - fix issue [security] reCaptcha bypass ------------------------------------------------------------------- Tue Aug 25 10:09:07 UTC 2015 - ecsos@opensuse.org - update to 4.4.14 (2015-08-20) - gh#11367 Export after search, missing WHERE clause - gh#11380 Incomplete message after import - fix issue Incorrect scalar type declaration (reported under PHP 7) - gh#11389 ReCaptcha produces deprecated messages under PHP 7 - gh#11387 phpseclib < 2.0 produces deprecated messages on PHP 7 - gh#11404 "Switch to copied table" doesn't work - gh#11406 Missing quotes after calling "distinct values" - gh#11386 Cannot import database with long data in one column - gh#11410 SPATIAL index option is not clickable ------------------------------------------------------------------- Sun Aug 9 06:06:17 UTC 2015 - ecsos@opensuse.org - update to 4.4.13.1 (2015-08-08) - gh#11368 SQL error when importing phpMyAdmin dump file ------------------------------------------------------------------- Sat Aug 8 10:35:18 UTC 2015 - ecsos@opensuse.org - update to 4.4.13 (2015-08-07) - gh#1808 "Improve table structure" generates invalid SQL - fix issue Once checked "Show only active" checkbox is always checked - gh#1813 Delete rows using "Check All" is broken - fix issue Fix PHP 7 possible binding ambiguity - gh#11326 Exported schema includes all the tables of the database - gh#11339 Results not displayed if query ends in delimiter and comment - gh#11320 Live edit of data fields is not working always - fix issue Table list in navigation collapses when entering into a table in another page - gh#11364 JS error while trying to auto navigate to db structure page when db creation has failed ------------------------------------------------------------------- Tue Jul 21 18:11:32 UTC 2015 - mcihar@suse.cz - Apache configuration compatible with both 2.2 and 2.4 ------------------------------------------------------------------- Mon Jul 20 14:45:32 UTC 2015 - mcihar@suse.cz - update to 4.4.12 (2015-07-20) - Saved chart image does not have a proper name or an extension - sf#4976 Timepicker CSS issues in Original theme - sf#4975 Move/Copy/Rename operations on Table/Db fail on Drizzle server - sf#4826 Two inline edit windows - sf#4979 Problem when import *.ods file - Add missing head tag - sf#4985 Column headers move when scrolling - use smaller xz compressed archive - update Apache configuration to be compatible with 2.4 ------------------------------------------------------------------- Wed Jul 8 06:27:42 UTC 2015 - ecsos@opensuse.org - update to 4.4.11 (2015-07-06) - fix bug Missing selected/entered values when editing active options in visual query builder - sf#4969 Autoload from prefs_storage not behaving properly - sf#4972 Incorrect length computed for binary data - fix bug Remove character set from create_tables_drizzle.sql - sf#4973 Users overview needs clarification - sf#4974 Creating a database from console doesn't update navigation panel - sf#4844 FAQ 1.17 needs an update - change sourcepath in spec ------------------------------------------------------------------- Thu Jul 2 11:16:15 UTC 2015 - mcihar@suse.cz - switch upstream url to https - include signed release together with keyring to verify signatures ------------------------------------------------------------------- Wed Jun 17 17:23:38 UTC 2015 - ecsos@opensuse.org - add missing sql-scripts to doc ------------------------------------------------------------------- Wed Jun 17 15:30:50 UTC 2015 - ecsos@opensuse.org - update to 4.4.10 (2015-06-17) - sf#4950 Issues in database selection for replication - sf#4951 Trying to save chart as image crashes the browser - sf#4953 cant drag sql.gz file onto import input - sf#4960 Table creation results in GET request with missing server parameter that invalidates the session - sf#4961 Javascript error when Designer is opened - sf#4962 Insert by foreign key scrolls page to top - sf#4955 Clicking on the navi logo does not always work - fix bug External URL for $cfg['NavigationLogoLink'] causes JavaScript error when clicked ------------------------------------------------------------------- Fri Jun 5 07:56:13 UTC 2015 - ecsos@opensuse.org - update to 4.4.9 (2015-06-04) - sf#4920 relation view doesn't list fields of table in other database - sf#4905 Sorting by an alias - sf#4931 False error before entering reCAPTCHA - sf#4909 central column with multiple server - sf#4937 Custom export with backquotes off is not working - sf#4908 Reverse proxy: infinite internal redirect (added warning in doc) - sf#4942 Export to gzip saves plain text under Chrome ------------------------------------------------------------------- Thu May 28 16:13:56 UTC 2015 - ecsos@opensuse.org - update to 4.4.8 (2015-05-28) - fix bug Allow accessing visual query builder when pmadb is not configured - sf#4893 Nav tree line alignment issue - sf#4911 Lock page icon is not shown after fresh reload - sf#4912 "Highlight pointer" and "Row marker" doesn't work properly - fix bug Browse foreigners window goes out of the window - sf#4918 Date field popup dialog position bug - fix bug In /setup, PMA_messages is not defined - sf#4924 Recaptcha failure - sf#4930 Database copy doesn't work for tables with more than one FULLTEXT index - sf#4929 Edit view structure doesn't load the algorithm - sf#4923 Do not limit table comments to 60 characters ------------------------------------------------------------------- Sat May 16 12:04:23 UTC 2015 - ecsos@opensuse.org - update to 4.4.7 (2015-05-16) - sf#4876 Settings issues (Favorite tables shown twice in Settings) - sf#4896 Non-styled error page when following results link - sf#4894 Deleting without confirmation - sf#4858 Issues with SQL autocomplete - sf#4897 Column hint in SQL autocomplete is sometimes not shown - sf#4898 JS error after selecting a field and press Enter - fix bug Honor proxy settings when getting Git commit information - fix bug Missing title on link - sf#4512 ForceSSL Redirect Check - fix bug Undefined index collation_connection - fix bug Error when the reporting server is down - fix bug Escape database and table names for partition maintenance - fix bug Invalid value for CURLOPT_SSL_VERIFYPEER - sf#4367 Import status infinite loop - sf#4902 Designer: Loading does not work - sf#4904 Setup: Overview > Display does not work - sf#4906 Designer: pages from all databases ------------------------------------------------------------------- Wed May 13 17:51:57 UTC 2015 - ecsos@opensuse.org - update 4.4.6.1 (2015-05-13) This update fixes several vulnerabilities - Security fixes: * PMASA-2015-2 (CVE-2015-3902, CWE-661 CWE-352) http://www.phpmyadmin.net/home_page/security/PMASA-2015-2.php - sf#4899 [security] CSRF vulnerability in setup * PMASA-2015-3 ( CVE-2015-3903, CWE-661 CWE-295) http://www.phpmyadmin.net/home_page/security/PMASA-2015-3.php - sf#4900 [security] Vulnerability allowing man-in-the-middle attack ------------------------------------------------------------------- Thu May 7 15:45:44 UTC 2015 - ecsos@opensuse.org - update to 4.4.6 (2015-05-07) - sf#4890 webkitStorageInfo and webkitIndexedDB is deprecated - sf#4892 Undefined variable: unique_conditions - sf#4891 CSV Import ignores "Replace table data with file" checkbox ------------------------------------------------------------------- Tue May 5 15:45:46 UTC 2015 - ecsos@opensuse.org - update to 4.4.5 (2015-05-05) - fix bug Table overhead stats: missing space before the unit - fix bug Fix resize icon in Designer - sf#4879 Exit fullscreen in Designer does not change the button text - sf#4880 Designer icons missing when using original theme - sf#4878 Column list of central columns is not cleared - sf#4881 jQuery dialogs of the Designer are not displayed in fullscreen - sf#4883 Search function breaks when searching for certain combinations of backslashes and slashes - sf#4830 Maximum execution time exceeded in Util.class.php (better fix) - sf#4885 Some icons are above the overlay of jQuery dialogs - sf#4886 Clicking on external links in advisor rules give JS error - sf#4888 Filter in central columns does not work in other languages ------------------------------------------------------------------- Sun Apr 26 12:08:40 UTC 2015 - ecsos@opensuse.org - update to 4.4.4 (2015-04-26) - sf#4863 Edit vs Change - sf#4859 Don't scroll (to bottom) when editing multiple rows - sf#4862 Misaligned Inline edit field - sf#4861 Use of undefined constant PMA_DRIZZLE - sf#4865 sprintf(): Too few arguments - sf#4866 Limit column ordering in index edit dialog - sf#4867 Incorrect ALTER TABLE statement generated - sf#4870 Inconsistency in 'Ignore' checkbox in insert page - sf#4869 Drop column action not asking to confirm - sf#4871 Error on creating table - fix bug Undefined index: Rows ------------------------------------------------------------------- Mon Apr 20 15:02:56 UTC 2015 - ecsos@opensuse.org - update to 4.4.3 (2015-04-20) - sf#4851 PHP errors in login dialogue - sf#4845 White screen (Cloudflare) - sf#4207 json_encode error due to strftime returning non utf8 chars in Windows 8.1 Chinese version - sf#4794 Server error viewing table content - fix bug Fix issues related to number of decimal places in time - sf#4853 Relation view between 1600 and 1780 px - fix bug PHP 7 compatibility in php-gettext - fix bug PHP 7 compatibility in bfShapeFiles - fix bug PHP 7 session_regenerate_id() warning - sf#4857 Alter table after changing column name error - sf#4830 Maximum execution time exceeded in Util.class.php ------------------------------------------------------------------- Mon Apr 13 18:28:37 UTC 2015 - ecsos@opensuse.org - update to 4.4.2 (2015-04-13) - sf#4835 PMA_hideShowConnection not called after submit_num_fields - sf#4836 Server warning after moving from console to direct clicks - sf#4837 Duplicate new version notification when using the "Back" button - sf#4839 DOC link in setting is broken - sf#4841 Status page: Mislukte pogingen per uur value is incorrect - fix bug MIME Transformation link fixed - sf#4838 Prevents console window from moving out of the screen height - sf#4829 Create procedure via SQL Editor not more possible - sf#4833 CSS and Javascript are not compressed - sf#4849 Functions accessed from navigation do not load on ajax dialog - sf#4850 Relation view on 1920 ------------------------------------------------------------------- Sat Apr 11 18:02:48 UTC 2015 - ecsos@opensuse.org - update 4.4.1.1 (2015-04-08) - sf#4846 Web server's error log is flooded - changes from 4.4.1 (2015-04-07) - sf#4813 MySQL 5.7.6 and the Users menu tab - sf#4818 MySQL 5.7.6 and changing the password for another user - sf#4819 Request URI too large - sf#4814 MySQL 5.7.6 and Databases - fix bug Use 'server' parameter in console to work in multi server environments - fix bug Missing tooltip in monitor - fix bug Missing sort icons in monitor - sf#4805 Inline edit broken when using functions in query - sf#4821 Timed-out import fails to restart when file represented - sf#4754 pMA DB not detected properly - sf#4825 Datepicker missing when changing number of rows on Insert page - sf#4824 INNODB STATUS page is empty - sf#4828 JavaScript is loaded in wrong order - sf#4827 TEXT formatting doesn't work after inline editing - sf#4822 Compress when php.ini output_buffering is active - sf#4832 Sorting distinct values result loses links - sf#4834 Do not attach token to css requests to improve caching ------------------------------------------------------------------- Fri Apr 3 21:36:12 UTC 2015 - ecsos@opensuse.org - update to 4.4.0 (2015-04-01) + rfe #1553 InnoDB presently supports one FULLTEXT index creation at a time + rfe #1562 Allow tracking multiple table at once from database level tracking page + rfe #1564 Improve action message on Tracking page + rfe #1566 Change value of "Number of rows:" when "Show all" is checked + rfe Focus console by clicking on white space + rfe #1507 Part 1: Cycle through console history with keyboard up/down arrows + rfe #1579 Default to primary key when adding relation + rfe #1572 User prefs: Diff-friendly JSON for config + rfe #1567 Sever Variables Table UI Improvements - sf#4675 phpMyAdmin should be able to work without 'examples' DIR - move SQL scripts to sql directory + rfe #1578 Warn about reserved word only when a column is created + rfe #1590 Recaptcha API v2 + rfe #1580 Individual Zeroconf PMA tables support + rfe #1525 Generate keys one per line + rfe #347 allow table with transformed column anywhere in FROM clause + rfe #1591 Shortcut link to search page + rfe #1568 Fold Add Column After / Before into dropdown - sf#4705 Table structure: adding primary key doesn't refresh page + rfe #1582 SQL formatter + rfe #1597 Fast filter improvement: remove "x other results found" - sf#4720 No error message on Missing extension mbstring + rfe #801 Builtin transformations and relations + rfe #767 USING BTREE support for HEAP/MEMORY tables + rfe #1596 Make "Options > Relational" configurable + rfe #719 More details in PDF relation view + rfe #1096 Cannot enter connection for federated engine table + rfe #954 Allow SALT in ENCRYPT function + rfe #1260 Setting LoginCookieValidity > session.gc_maxlifetime + rfe Transformation for JSON - bug Fix isCanvasSupported for new window + rfe #1600 Clarify the "Inline" link + rfe #1179 Speed up slow triggers by using EVENT_OBJECT_SCHEMA + rfe #1192 ON DUPLICATE KEY UPDATE for loading CSV - bug fix Cannot execute command from console (multi-server installation) + rfe #1208 linking from information_schema + rfe #1235 Relation view: move to main "Structure" page + rfe #1558 Designer menu with explicit text + rfe #937 Relations with views like with tables + rfe #1241 Browse Field -> Search + rfe #723 Provide sanity check for table/column names (table names) + rfe #1312 SessionTimeZone configuration directive - bug fix Add missing confirmation when deleting tracking report entries + rfe Ability to disable foreign key check when emptying tables + rfe #1549 Reset auto-increment when exporting structure + rfe #1602 Recover query in redaction after session end + rfe #1605 After database creation, go to database structure page + rfe #1604 Show PHP version - sf#4770 Multiple delete on table browse ignoring foreign key checkbox + rfe CodeMirror based SQL editor as an input transformation + rfe #1275 CodeMirror based JSON editor as an input transformation + rfe #685 Editor for HTML content + rfe #1595 make professional code editor suggestion + rfe #1606 processlist filter + rfe Change tracking activation status from db level tracking page + rfe #1207 Export users associated with a specific schema/database + rfe #1575 "Disable database expansion" : unclear directive name and explanation + rfe #1607 Tool tip for lock icon when making changes to a page + rfe #1327 Hide 'Add user' link if user does not have privileges + rfe #501 Support for SSL GRANT option + rfe #1608 Central columns allowing setting SIGNED / UNSIGNED attribute for integer + rfe #1441 Add regexp match when using AllowArbitraryServer - sf#4806 Unable to work with two different servers in two tabs - fix incorrect fsf-address - change pma.patch ------------------------------------------------------------------- Sun Mar 29 13:42:58 UTC 2015 - ecsos@opensuse.org - update to 4.3.13 (2015-03-29) - sf#4803 "Show hidden items" is sometimes hidden - sf#4807 Breaks when sorting by multiple columns while using UNION - sf#4798 Missing column when exporting in sql - sf#4810 Broken find and replace - sf#4804 Undefined Index after export schema - sf#4802 Changelog page is not working - sf#4815 Infinite calls to index.php - sf#4820 Invalid links to dev.mysql.com - sf#4718 simulate query fails, but actual query does not ------------------------------------------------------------------- Sat Mar 14 22:17:52 UTC 2015 - ecsos@opensuse.org - update to 4.3.12 (2015-03-14) - sf#4746 Right-aligned columns have left-aligned header - sf#4779 PMA_Util::parseEnumSetValues fails on enums with UTF-8 values - fix bug Undefined index savedsearcheswork - sf#4788 Inline edit of DATE fields with NULL, NULL checkbox is under datepicker - sf#4790 DROP TABLE/VIEW IF EXISTS are not tracked - fix bug Compatibility with central columns of version 4.4 - sf#4758 Firefox with auth_type to http with multiple server doesn't work anymore - sf#4789 Views aren't dropped when copying a database - sf#4784 Incomplete bookmark saving - sf#4786 SELECT width on relations page ------------------------------------------------------------------- Wed Mar 4 23:12:16 UTC 2015 - ecsos@opensuse.org - update to 4.3.11.1 (2015-03-04) This update fixes several vulnerabilities - Security fixes: * PMASA-2015-1 (CVE-2015-2206, CWE-661 CWE-352) [boo#920773] http://www.phpmyadmin.net/home_page/security/PMASA-2015-1.php - fix bug [security] Risk of BREACH attack ------------------------------------------------------------------- Wed Mar 4 09:07:09 UTC 2015 - ecsos@opensuse.org - fix error displayed in Status/Advisor and not functional display of cpu and memory under Status/Monitor/ ------------------------------------------------------------------- Tue Mar 3 23:54:51 UTC 2015 - ecsos@opensuse.org - update to 4.3.11 (2015-03-02) - sf#4774 SQL links are completely wrong - sf#4768 MariaDB: version mismatch - sf#4777 Some images are missing in Designer for original theme - sf#4767 Drizzle: undefined index in mysql_charsets.inc.php - sf#4753 Normal field and multi-line field have different margins - sf#4760 Cannot re-import settings from local storage - sf#4778 SQL error when database list is sorted by additional columns - sf#4780 Notice when timestamp column does not have default value ------------------------------------------------------------------- Fri Feb 20 16:32:21 UTC 2015 - ecsos@opensuse.org - update to 4.3.10 (2015-02-20) - fix bug Undefined index navwork - sf#4744 Opening console scroll down the page - fix bug Remove extra column heading in view structure page - fix bug Add missing confirmation when deleting central columns - fix bug Undefined index DisableIS - sf#4763 Database export with more than 512 tables fails - sf#4769 Previously set column aliases are destroyed if returned to the same table - sf#4752 Incorrect page after creating table - sf#4771 Central Columns not working, showing error ------------------------------------------------------------------- Fri Feb 6 16:41:06 UTC 2015 - ecsos@opensuse.org - update to 4.3.9 (2015-02-05) - sf#4728 Incorrect headings in routine editor - sf#4730 Notice while browsing tables when phpmyadmin pma database exists, but not all the tables - sf#4729 Display original field when using "Relational display column" option and display column is empty - sf#4734 Default values for binary fields do not support binary values - sf#4736 Changing display options breaks query highlighting - fix bug Undefined index submit_type - sf#4738 Header lose align when scrolling in Firefox - sf#4741 in ./libraries/Advisor.class.php#184 vsprintf(): Too few arguments - sf#4743 Unable to move cursor with keyboard in filter rows box - fix bug Incorrect link in doc - sf#4745 Tracking does not handle views properly - sf#4706 Schema export doesn't handle dots in db/table name - sf#3935 Table Header not displayed correct (Safari 5.0.5 Mac) - sf#4750 Disable renaming referenced columns - sf#4748 Column name center-aligned instead of left-aligned in Relations ------------------------------------------------------------------- Sat Jan 24 13:34:33 UTC 2015 - ecsos@opensuse.org - update to 4.3.8 (2015-01-24) - fix bug Undefined constant PMA_DRIZZLE - sf#4712 Wrongly positioned date-picker while Grid-Editing - sf#4714 Forced ORDER BY for own sql statements - sf#4721 Undefined property: stdClass::$version - sf#4719 'only_db' not working - sf#4700 Error text: Internal Server Error - sf#4722 Incorrect width table summary when favorite tables is disabled - sf#4716 Collapse all in navigation panel is sometimes broken - sf#4724 Cannot navigate in filtered table list - sf#4717 Database navigation menu broken when resolution/screen is changing - sf#4727 Collation column missing in database list when DisableIS is true - fix bug Undefined index central_columnswork - fix bug Undefined index favorite_tables ------------------------------------------------------------------- Sat Jan 17 09:32:06 UTC 2015 - ecsos@opensuse.org - update to 4.3.7 (2015-01-15) - sf#4694 js error on marking table as favorite in Safari (in private mode) - sf#4695 Changing $cfg['DefaultTabTable'] doesn't update link and title - fix bug Undefined index menuswork - fix bug Undefined index navwork - fix bug Undefined index central_columnswork - sf#4697 Server Status refresh not behaving as expected - fix bug Null argument in array_multisort() - sf#4699 Navigation panel should not hide icons based on 'TableNavigationLinksMode' - sf#4703 Unsaved schema page exported as pdf.pdf - sf#4707 Call to undefined method PMA_Schema_PDF::dieSchema() - sf#4702 URL is non RFC-2396 compatible in get_scripts.js.php ------------------------------------------------------------------- Thu Jan 8 06:07:12 UTC 2015 - ecsos@opensuse.org - update to 4.3.6 (2015-01-07) - fix bug Undefined index notices while configuring recent and favorite tables - sf#4687 Designer breaks without configuration storage - sf#4686 Select elements flicker and selects something else - sf#4689 Setup tool creates "pma__favorites" incorrectly - sf#4685 Call to a member function isUserType() on a non-object - sf#4691 Do not include console when no server is selected - sf#4688 File permissions in archive - sf#4692 Dynamic javascripts gives 500 when db selected ------------------------------------------------------------------- Mon Jan 5 23:54:17 UTC 2015 - chris@computersalat.de - fix for boo#911360 * problems with pma__config enabled by default in phpMyAdmin - rework config patch * fix for pma storage config (disabled by default) - add phpMyAdmin-pma.patch * fix create_tables.sql - fix restart_on_update ------------------------------------------------------------------- Mon Jan 5 16:03:43 UTC 2015 - ecsos@opensuse.org - update to 4.3.5 (2015-01-05) - fix bug Auto-configuration: tables were not created automatically - sf#4677 Advanced feature checker does not check for favorite tables feature - sf#4678 Some of the data stored in configuration storage are not deleted upon db or table delete - sf#4679 Setup does not allow providing a name for favorites table - sf#4680 Number of favorite table are not configurable in setup - sf#4681 'Central columns table' field in setup does not have a description - sf#4318 Default connection collation and sorting - sf#4683 Relational data is not properly updated on table rename - sf#4655 Undefined index: collation_connection (second patch) - sf#4682 4.3.3 & 4.3.4 Import sql created by mysqldump fails on foreign keys - sf#4676 Auto-configuration issues - sf#4416 New lines are removed when grid editing (part two: TEXT) ------------------------------------------------------------------- Mon Dec 29 18:03:15 UTC 2014 - ecsos@opensuse.org - update to 4.3.4 (2014-12-29) - sf#4653 Always connection error was shown, on /setup at tab "configuration storage" - sf#4661 Drag and drop file import always fails - sf#4651 don't open console with esc - sf#4664 select min() displays 1 row, but reports the table amount of rows returned - sf#4666 Undefined indexes in table stucture print view of a view - sf#4663 Export missing back ticks for order table name - sf#4668 Remove from central columns error - sf#4670 CSV import reads both commas and values into first column after first row - sf#4642 phpmyadmin often fails to load due to specific load order - sf#4671 Unable to move all columns - sf#4645 Import of export created with mysqldump - sf#4672 "Distinct values" does not page - sf#4667 Consistency in borders - sf#4658 Illegal string offset (Data_length, Index_length) - sf#4655 Undefined index: collation_connection - sf#4673 Delimiter causing page lock ------------------------------------------------------------------- Sun Dec 21 12:27:09 UTC 2014 - ecsos@opensuse.org - update to 4.3.3 (2014-12-21) - fix bug The "Recently used tables" setting should be with Nav panel - sf#4647 Can't disable Favorites - sf#4646 Version Check Broken - sf#4630 AJAX request infinite loop - sf#4649 Attributes field size smaller than others - sf#4622 Cannot remove table ordering on a Mac - fix bug Fix initial replication configuration - fix bug Undefined index central_columnswork - sf#4657 Don't have default blowfish_secret - sf#4656 Some error popups fade away too quickly - sf#4648 Consistency in borders - fix bug $cfg['Error_Handler']['display'] no longer necessary - sf#4659 Leading and trailing whitespace in column name ------------------------------------------------------------------- Fri Dec 12 15:27:17 UTC 2014 - ecsos@opensuse.org - update to 4.3.2 (2014-12-12) - sf#4628 PHP error while exporting schema as PDF - sf#4631 Server selector submits two server parameter values - sf#4629 Problem with custom SQL queries using cookie authentication - fix bug Undefined index central_columnswork - sf#4632 Notice in ./libraries/Util.class.php#1916 Undefined index: query - sf#4633 Wrong parameter in fetchValue - sf#4634 Error reporting creates an infinite loop - sf#4635 Token mismatch while creating configuration storage - sf#4640 Incorrect reference to PHP 6 - sf#3794 failure to handle repeating empty columns when importing ODS - sf#4638 Default Export Method setting broken - sf#4639 Export SQL missing indentation first field - sf#4637 Field Alignment - sf#4644 Error when browsing tables ------------------------------------------------------------------- Mon Dec 8 18:26:50 UTC 2014 - ecsos@opensuse.org - update to 4.3.1 (2014-12-08) - sf#4609 'Show all' checkbox label is not clickable - sf#4610 JS error reporting: Hash fragment is reset - fix bug Undefined index menuswork - sf#4614 Separator between "Show All" and "Number of rows" disappears - sf#4615 SQL highlighting in process list breaks on auto refresh - sf#4616 Warning in db structure print view page - fix bug Undefined index navwork, savedsearcheswork, fields - sf#4620 Undefined index while adding to the central columns list - sf#4618 Page scrolls while GIS visualization is zoomed in/out with mousewheel - sf#4613 HHVM: method 'ob_gzhandler' not found - sf#4593 Manual "SELECT" doesn't change active table - sf#4623 Incomplete PHP OpenSSL support - sf#4626 Ctrl + click on a column not in sort triggers a server call to erroneous url - sf#4625 "Insufficient space to save the file" on export SQL to file on server - sf#4627 "file_get_contents(examples/create_tables.sql): failed to open stream" after update - sf#4617 UI issues with sortable tables - sf#4619 SELECT LENGTH(`field`) FROM `table` does not sort ------------------------------------------------------------------- Sat Dec 6 10:09:35 UTC 2014 - ecsos@opensuse.org - update to 4.3.0 (2014-12-05) + rfe #1502 Smart sorting for int keys + rfe #1521 Confirmation message when dropping user(s) + rfe #1518 Confirm dialog on accidentally leaving a page + rfe #1445 Easy access to "SHOW CREATE ..." + rfe #1448 Allow clicking an approximate row count to get a correct one + rfe #1487 "Browse foreign values" should be a modal dialog + rfe #1523 Better visual clue for table structure primary key column + rfe #982 Support for editing binary fields in hexadecimal - sf#4416 New lines are removed when grid editing + rfe #706 Multi-db privileges adding + rfe #1527 Charts for data in <x-axis, series, value> format + rfe Allow saving query charts as images + rfe #1145 Preview SQL instead of executing it + rfe #759 Use aliases in SQL export for tables and columns - sf#4450 Query is duplicated on Ctrl+Enter + rfe #755 Export with table/column name changes + rfe #869 Run SQL query: Allow rollback for InnoDB tables + rfe #654 Range Search Capability + rfe #1490 Dynamic process list + rfe #1522 Drag and Drop SQL import + rfe #637 Custom Field Handlers + rfe #1488 User privilege tab not shown in all relevant cases + rfe #781 Privileges for non superuser + rfe #908 Improvements for the table editor (index creation) + rfe #1426 Navigation state lost on reload - sf#4439 Table list in left panel doesn't expand + rfe Improved validation when inserting data + rfe #1491 Support InnoDB for database Query by example + rfe #345 Normalize a table + rfe #1123 Zeroconf PMA tables support + rfe #1492 Remove the distinct query window / Add SQL log+history panel + rfe #919 Multiple-column foreign key relation - sf#3165 Redundant foreign keys not supported - fix bug Incorrect link to documentation + rfe #857 Regexp replace - fix bug Incorrect path in change password when on reverse proxy or non-root directory + MariaDB 10+ multi-master replication support + rfe #1544 MySQL 5.7.5 compatibility + rfe #1529 Avoid session timeout when user is active - sf#4528 Can't import dump via SQL field + rfe #1251 Show "Overhead" with same precision for all tables + rfe #1546 Improve the js printf library + rfe #1542 Better error reporting in Designer - sf#4547 Micro history does not work in Users page - sf#4551 Wrong test in source code - sf#4537 BLOB inline-view JPG column transformation does not work for anything except simple queries + rfe #1535 Keyword-based autocompletion in SQL query editors - sf#4558 Unable to Add Rows while Creating Table + rfe #1547 Wrap No Tables Found message with message box - sf#4559 Logging in causes 100% CPU usage - sf#4564 Designer: spaces in table name with edit table link generates bad links - sf#4582 Debug SQL works only for the first page - sf#3869 Count(*) on information_scheme.INNODB_BUFFER_PAGE with a huge bufferpool - sf#4495 Comment lines in multiquery - sf#4535 Loads of Warnings/Notices in PMA_getServerSlaveStatus on replication slave - sf#4585 Multi query results not shown + rfe #1556 Disabling Show all - sf#4513 phpmyadmin run very slow (information_schema) - sf#4243 Super slow page rendering with tens of thousands of DBs - sf#4391 Upgraded to 4.2.0, insanely slow now + rfe #1537 PHP OpenSSL support for cookie encryption/decryption - sf#4227 Token mismatch when using HTTP AUTH and the SESSION expires - change all my old mail address in this changelog from ecsos@old.domain to ecsos@opensuse.org ------------------------------------------------------------------- Wed Dec 3 17:14:16 UTC 2014 - ecsos@opensuse.org - update to 4.2.13.1 (2014-12-03) This update fixes several vulnerabilities - Security fixes: * PMASA-2014-18 (CVE-2014-9219, CWE-661 CWE-79) [boo#908364] http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php - sf#4612 [security] XSS vulnerability in redirection mechanism * PMASA-2014-17 (CVE-2014-9218, CWE-661 CWE-400) [boo#908363] http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php - sf#4611 [security] DOS attack with long passwords ------------------------------------------------------------------- Sun Nov 30 22:47:22 UTC 2014 - ecsos@opensuse.org - update to 4.2.13 (2014-11-30) - sf#4604 Query history not being deleted - sf#4057 db/table query string parameters no longer work - sf#4605 Unseen messages in tracking - sf#4606 Tracking report export as SQL dump does not work - sf#4607 Syntax error during db_copy operation - sf#4608 SELECT permission issues with relations and restricted access ------------------------------------------------------------------- Thu Nov 20 16:18:55 UTC 2014 - ecsos@opensuse.org - update to 4.2.12 (2014-11-20) This update fixes several vulnerabilities, as well as a number of other bug fixes. - Security fixes: * PMASA-2014-16 (CVE-2014-8961, CWE-661 CWE-23) [boo#906488] http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php - sf#4595 [security] Path traversal can lead to leakage of line count * PMASA-2014-15 (CVE-2014-8960, CWE-661 CWE-79) [boo#906487] http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php - sf#4596 [security] XSS through exception stack * PMASA-2014-14 (CVE-2014-8959, CWE-661 CWE-98) [boo#906486] http://www.phpmyadmin.net/home_page/security/PMASA-2014-14.php - sf#4594 [security] Path traversal in file inclusion of GIS factory * PMASA-2014-13 (CVE-2014-8958, CWE-661 CWE-79) [boo#906485] http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php - sf#4578 [security] XSS vulnerability in table print view - sf#4579 [security] XSS vulnerability in zoom search page - sf#4598 [security] XSS in multi submit - sf#4597 [security] XSS through pma_fontsize cookie - Other bug fixes: - sf#4574 Blank/white page when JavaScript disabled - sf#4577 Multi row actions cause full page reloads - fix ReferenceError: targeturl is not defined - fix Incorrect text/icon display in Tracking report - sf#4404 Recordset return from procedure display nothing - sf#4584 Edit dialog for routines is too long for smaller displays - sf#4586 Javascript error after moving a column - sf#4576 Issue with long comments on table columns - sf#4599 Input field unnecessarily selected on focus - sf#4602 Exporting selected rows exports all rows of the query - sf#4444 No insert statement produced in SQL export for queries with alias - sf#4603 Field disabled when internal relations used ------------------------------------------------------------------- Fri Oct 31 17:44:05 UTC 2014 - ecsos@opensuse.org - update to 4.2.11 (2014-10-31) - fix ReferenceError: Table_onover is not defined - sf#4552 Incorrect routines display for database due to case insensitive checks - sf#4259 reCaptcha sound session expired problem - sf#4557 PHP fatal error, undefined function __() - sf#4568 Date displayed incorrectly when charting a timeline - sf#4571 Database Privileges link does not work - fix makegrid.js: where_clause is undefined - sf#4572 missing trailing slash (import and open_basedir) ------------------------------------------------------------------- Tue Oct 21 22:59:45 UTC 2014 - andreas.stieger@gmx.de - phpMyAdmin 4.2.10.1 [boo#902154] [CVE-2014-8326] This release fixes cross-site scripting vulnerabilities in the SQL debug output and server monitor pages. This developer option is not enabled by default. - sf#4562 [security] XSS in debug SQL output - sf#4563 [security] XSS in monitor query analyzer ------------------------------------------------------------------- Sat Oct 11 15:34:28 UTC 2014 - ecsos@opensuse.org - update to 4.2.10 (2014-10-11) - sf#4361 Can't change font size (when config.inc.php not present) - sf#4542 Tab key in column name not shown - fix bug PDF export: title not present in PDF - sf#4543 Changing column name can break saved "order by" clause - sf#4545 trying to favorite table while browser localStorage is disabled throws JS error - sf#4259 reCaptcha sound session expired problem - sf#4548 Inline editing a field converts tab to spaces - sf#4252 Database-level permission bug for db names containing underscores - sf#3120 Events are not exported when using xml - sf#4554 Grid-editing timestamp column forces datepicker - sf#4556 Fast filters for tables, views etc. should be governed by NavigationTreeDisplayItemFilterMinimum ------------------------------------------------------------------- Wed Oct 1 20:26:14 UTC 2014 - andreas.stieger@gmx.de - phpMyAdmin 4.2.9.1 [bnc#899452] [CVE-2014-7217] Contains a fix for a cross-site scripting vulnerability in the table search and table structure pages which could be trigged with a crafted ENUM value - sf#4544 [security] XSS vulnerabilities in table search and table structure pages ------------------------------------------------------------------- Sat Sep 20 12:12:53 UTC 2014 - ecsos@opensuse.org - update to 4.2.9 (2014-09-20) - fix bug ajax.js responseHandler: cannot read property of null - fix bug sql.js: str is undefined - sf#4524 Allow for direct selection of "0" on the "user overview" page - sf#4529 Undefined index: pos - sf#4523 tbl_change.js: insert as new row submit type on multiple selected records does not set all AUTO_INCREMENTs to 0 value - fix bug ajax.js responseHandler: another "cannot read property" - fix bug tbl_structure.js "cannot read property" ------------------------------------------------------------------- Sun Sep 14 21:10:17 UTC 2014 - chris@computersalat.de - fix for bnc#896635 * update to 4.2.8.1 (2014-09-13) * PMASA-2014-10 (CVE-2014-6300, CWE-661 CWE-352) http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php - sf#4530 [security] DOM based XSS that results to a CSRF that creates a ROOT account in certain conditions ------------------------------------------------------------------- Fri Sep 5 18:39:29 UTC 2014 - chris@computersalat.de - rollback changes introduced by fix for bnc#894107 cause they broke apache pkg. ------------------------------------------------------------------- Sun Aug 31 21:52:38 UTC 2014 - ecsos@opensuse.org - update to 4.2.8 (2014-08-31) - sf#4516 Odd export behavior - sf#4519 Uncaught TypeError: Cannot read property 'success' of null - sf#4520 sql.js: cannot read property - sf#4521 Initially allowed chart types do not match selected data - sf#4518 Export to SQL: CREATE TABLE option AUTO_INCREMENT ignored - sf#4522 Duplicate column names while assigning index - sf#4487 Export of partitioned table does not import - fix bug server_privileges.js: cannot read property - sf#4527 Importing ODS files with column names having trailing spaces fails - sf#4413 Navigation Error in Nav Tree for Search Results Past the First Page - fix bug functions.js: Cannot read property 'replace' of undefined ------------------------------------------------------------------- Fri Aug 29 14:58:31 UTC 2014 - chris@computersalat.de - fix for bnc#894107 * fix post/postun for systemd ------------------------------------------------------------------- Tue Aug 19 21:46:14 UTC 2014 - chris@computersalat.de - fix changes file * add missing PMASA / CVE info ------------------------------------------------------------------- Mon Aug 18 18:13:29 UTC 2014 - andreas.stieger@gmx.de - fix for bnc#892401 * update to 4.2.7.1 * PMASA-2014-8 (CVE-2014-5273, CWE-661 CWE-79) http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php - sf#4501 [security] XSS in table browse page - sf#4502 [security] Self-XSS in enum value editor - sf#4503 [security] Self-XSSes in monitor - sf#4504 [security] Self-XSS in query charts - sf#4517 [security] XSS in relation view * PMASA-2014-9 (CVE-2014-5274, CWE-661 CWE-79) http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php - sf#4505 [security] XSS in view operations page ------------------------------------------------------------------- Thu Jul 31 21:38:39 UTC 2014 - ecsos@opensuse.org - update to 4.2.7 (2014-07-31) - sf Broken links on home page - sf#4494 Overlap in navigation panel - sf#4427 Action icons not in horizontal order - sf#4493 s_attention.png is missing - sf#4499 Uncaught TypeError: Cannot call method 'substr' of undefined - sf#4498 PMA 4.2.x and HHVM - sf#4500 mysql_doc_template is not defined ------------------------------------------------------------------- Fri Jul 18 17:24:08 UTC 2014 - ecsos@opensuse.org - update to 4.2.6 (2014-07-17) - sf#4471 Undefined index warning with referenced column. - sf#4027 $cfg['MaxExactCount'] is ignored when BROWSING is back - sf#4482 Multi Column sorting (improved user experience) - sf#4478 Server validation does not work while in setup/mysqli - sf Undefined variable when grid editing a foreign key column - sf#4481 mult_submits.inc.php Undefined variable Error - sf#4485 Sorting breaks the copy column feature - sf#4440 Javascript error when renaming table - sf#4483 'New window' link (selflink) disappears, causing Javascript error - sf#4489 Incorrect detection of privileges for routine creation - sf#4459 First few characters of database name aren't clickable when expanded - fix for PMASA-2014-4 (CVE-2014-4954, CWE-661, CWE-79) http://www.phpmyadmin.net/home_page/security/PMASA-2014-4.php * sf#4486 [security] XSS injection due to unescaped table comment - fix for PMASA-2014-5 (CVE-2014-4955, CWE-661, CWE-79) http://www.phpmyadmin.net/home_page/security/PMASA-2014-5.php * sf#4488 [security] XSS injection due to unescaped table name (triggers) - fix for PMASA-2014-6 (CVE-2014-4986, CWE-661, CWE-79) http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php * sf#4492 [security] XSS in AJAX confirmation messages - fix for PMASA-2014-7 (CVE-2014-4987, CWE-661) http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php * sf#4491 [security] Missing validation for accessing User groups feature ------------------------------------------------------------------- Thu Jun 26 19:34:06 UTC 2014 - ecsos@opensuse.org - update to 4.2.5 (2014-06-26) - sf#4467 shell_exec() has been disabled for security reasons - sf#4470 Error while submitting empty query - sf#4463 Fatal error: Class 'PMA_DatabaseInterface' not found - sf#4469 Fixed cookie based login for installations without mcrypt - sf#4473 incorrect result count when having clause is used - mcrypt: remove the requirement (64-bit) and the related warning ------------------------------------------------------------------- Sat Jun 21 07:20:18 UTC 2014 - ecsos@opensuse.org - update to 4.2.4 (2014-06-20) - sf#4449 Mediawiki export does not produce table header row; also fix related PHP warnings - sf#4442 New lines are added to query every time - sf#4445 Fatal error on SQL Export of join query - sf#4448 Dump binary columns in hexadecimal notation not working - Regenerate cookie encryption IV for every session - sf#4405 Cannot import (open_basedir): fix another case - sf#4457 SQL tab - Insert queries not showing affected row count - bug Missing warning about existing account, on multi-server config - sf#4435 WHERE clause can be undefined - bug SQL export views as tables option getting ignored * fix for PMASA-2014-3 ( CVE-2014-4349, CWE-661, CWE-79 ) http://www.phpmyadmin.net/home_page/security/PMASA-2014-3.php - sf#4464 [security] XSS injection due to unescaped db/table name in navigation hiding * fix for PMASA-2014-2 ( CVE-2014-4348, CWE-661, CWE-79 ) http://www.phpmyadmin.net/home_page/security/PMASA-2014-2.php - sf#4465 [security] XSS injection due to unescaped db/table name in recent/favorite tables ------------------------------------------------------------------- Mon Jun 9 19:16:43 UTC 2014 - andreas.stieger@gmx.de - update to 4.2.3: - sf#4423 Moving fields not working - sf#4424 Table indexes disappear after altering field - sf#4432 Error while displaying chart at server level - sf#4405 Cannot import (open_basedir) - sf#4396 Problem copying constraints (such as Sakila) - sf#4433 Missing privileges submenu - sf#4394 Drop db confirmation message when dropping a user - sf#4436 Insert form numeric field with function drop-down list - sf#4437 Problems due to missing enforcement of the minimum supported MySQL version - Add enforcement of the minimum supported PHP version (5.3.0) - bug: Query error on submitting a column change form containing a disabled input field - bug: Incorrect menu tab generation from usergroups - bug: Missing space in index creation/edit generated query - sf#4434 Unchecking 'Show SQL queries' results NaN ------------------------------------------------------------------- Tue May 20 16:58:13 UTC 2014 - ecsos@opensuse.org - update to 4.2.2 (2014-05-20) - sf#4388 Disable database expansion when enabled throws Error 500 when database name is clicked in navigation tree - sf#4414 table display of performance_schema DB structure - sf#4411 Protect Binary Columns: many problems - sf#4395 BLOB link transformation is broken - sf Respect ['ShowCreateDb'] in the navi panel - sf#4392 Cannot see databases in nav panel on databases grouping when disabled database expansion - sf#4419 No more calendar into search tab - sf#4398 Monitor should fit into screen width - sf#4418 When copying databases, primary key attributes get lost - sf#4421 empty maxInputVars on js/messages.php ------------------------------------------------------------------- Tue May 13 20:15:28 UTC 2014 - ecsos@opensuse.org - update to 4.2.1 (2014-05-13) - sf#4380 Cannot display table structure with enums containing special characters - sf#4381 Cannot remove the last remembered sorted column - sf Correctly fetch length of user and host fields in MySQL tables - sf#4364 examples/signon.php does not support the SessionSavePath directive - sf#4382 Missing source for OpenLayers library - sf Incorrect attributes for number fields - sf#4383 Cannot update values in Zoom search - sf#4313 GIS Visualization Extension does not work with PointFromText() function - sf#4384 Incorrect "Rows" total shown when truncating or dropping a table on DB Structure page - sf#4385 Grid edit on sorted columns fails - sf#4389 Null checkbox covering data input when editing - sf#4390 Data type changing by itself (no size but attribute present) ------------------------------------------------------------------- Thu May 8 14:29:34 UTC 2014 - ecsos@opensuse.org - update to 4.2.0 (2014-05-08) + rfe #1403 Export only triggers + rfe #1483 Export Server/Database/Table without triggers + rfe #1662 Add table comment tool tip in database structure page + rfe #1447 Single table for display Character Sets and Collations + rfe #1455 Display icons/text/both for the table row actions + rfe #1473 Transformation to convert Boolean value to text - sf#4157 Changing users password will delete it + rfe #1474 Text transformation combines Append and Prepend + Added warning about the mysql extension being deprecated and removed the extension directive + Added support for scatter charts + rfe #1478 Make Column Headings Sticky + rfe #1480 Enhance privileges initials table + rfe #1472 [interface] Break "Edit privileges" with sub-menus + rfe #1466 Minor refactoring required + rfe #1004 Create indexes at the end in SQL export + rfe #1479 Relations edit form for larger monitors + rfe #1475 Inline query box vertical resize + rfe #1500 [interface] Add bottom border to top menu container + rfe #1498 Add datepicker for 'TIME' type - sf#4237 HTTP Referer disclosure in SQL links + rfe Show full names on navigation hover + rfe #1505 Behaviour on click on a routine in nav panel + rfe #1418 Support more than one separating character on CSV import + rfe #569 Load/Save Query By Example - sf#4281 Grid edit ENUM field, dialog disappears when trying to select - sf#4304 DB export using zip compression generates an empty archive + rfe #1508 confirmation message at the top - sf#4306 breadcrubs wrong on table create + rfe #1511 better validate database name for copying + rfe #1510 Database tab "Drop" button should be a link + rfe #1513 Highlight required form fields after failed submission + rfe #1460 Redirect to login page after session has expired - sf#4316 Grid edit: can't change month on date fields + rfe #1501 add maxlength by field with length-spec + rfe #1512 Import happily doesn't do anything with no file name provided + rfe #1514 Add function to all the insert boxes automatically + rfe #1515 Option to skip tables larger than n + rfe #1486 Possibility of disabling database expansion + rfe #1476 Favourite tables select box + rfe #420 $cfg['CharEditing']='textarea' for structure edit + rfe #1329 Avoid editing of fields which are part of relation + rfe [interface] Highlight active left menu item in setup + rfe Filter on-screen rows during Browse Removed support for SQL Validator (SOAP service no longer offered) - sf#4352 Settings > Manage: incorrect messages - sf#4337 "More" in Actions area doesn't collapse to fit available space - sf#4375 Group two DB, one's name is the prefix of the other one - sf#4070 Confusing database/table grouping - sf#4366 Creating Index doesn't update index-list ------------------------------------------------------------------- Sat Apr 26 20:56:34 UTC 2014 - andreas.stieger@gmx.de - phpMyAdmin 4.1.14 * sf#4365 Creating bookmark with multiple queries not working * sf#4372 Changing browser transformation results in unnecessary table rebuild * sf#4375 Group two DB, one's name is the prefix of the other one * sf#4376 [interface] Login fields show in separate line ------------------------------------------------------------------- Sun Apr 13 14:14:42 UTC 2014 - ecsos@opensuse.org - update to 4.1.13 (2014-04-13) * sf#4279 CTRL + up or down moves 2 fields * sf#4336 List server css style wrong * sf Missing value on the Status > Server page * sf#4347 Fixed PHP Parse error in Advisor * sf#4350 Deleting the DB if it is renamed by the same name * sf#4353 makeProfilingChart is not defined * sf#4355 Precision specifier for DOUBLE type is truncated * sf#4346 Incorrect "Export incomplete" message * sf#4359 Notices on create table page * sf#4356 GROUPed selects show number of rows as if not grouped * sf#4357 JS Form submitted on "enter" even if focus is inside a select field ------------------------------------------------------------------- Thu Mar 27 16:12:55 UTC 2014 - ecsos@opensuse.org - update to 4.1.12 (2014-03-27) * sf#4334 Add event : datepicker won't open * sf#4338 Fix missing value error while executing SQL query * TCPDF library is now optional dependency * sf#4326 Cannot find the import plugins which start with uppercase 'I' ------------------------------------------------------------------- Sat Mar 22 21:44:48 UTC 2014 - andreas.stieger@gmx.de - phpMyAdmin 4.1.11: * sf#4335 reCaptcha problem (4.1.10 regression) ------------------------------------------------------------------- Sat Mar 22 15:27:37 UTC 2014 - ecsos@opensuse.org - update to 4.1.10 (2014-03-22) * sf#4301 Grid edit: "SELECT" query is replaced by "UPDATE" query after edit * sf#4278 reCaptcha re-login requires double effort * sf#4324 Datepicker not showing up on insert page * sf#3991 Problem selecting item in select boxes with the ENTER keystroke in some browsers * sf#4323 QueryWindow ignores CodeMirror * sf None of the live charts shown on "Status -> Monitor" (Chrome) ------------------------------------------------------------------- Sat Mar 8 02:00:58 UTC 2014 - ecsos@opensuse.org - update to 4.1.9 (2014-03-06) * sf#4279 CTRL + up or down moves two fields (part one) * sf#4294 output as text radio clickable for "OpenDocument Text" export * sf#4297 DROP DATABASE tick box in export no longer works * sf#4291 Unable to export comments in OpenDocument text format * sf#4299 Deletion even when the user says "No" to the confirmation message * sf#4303 "New" link in navi panel is shown even if no privileges * sf#4302 Some params are being omitted from microhistory * sf#4298 Missing validation on Import CSV: "Columns enclosed with" and "Columns escaped with" * sf#4040 Fatal error while resetting settings * sf#4305 JS error when editing procedure from nav panel * sf#4308 Edit routine form submitting when pressing enter * sf#4307 Nav: "Columns" won't expand with specific schema ------------------------------------------------------------------- Wed Feb 26 23:18:52 UTC 2014 - chris@computersalat.de - fix changes file ------------------------------------------------------------------- Sat Feb 22 13:35:15 UTC 2014 - ecsos@opensuse.org - update to 4.1.8 (2014-02-22) * sf#4276 Login loop on session expiry * sf#4249 Incorrect number of result rows for SQL with subqueries * sf#4275 Broken Link to php extension manual * sf#4053 List of procedures is not displayed after executing with Enter * sf#4081 Setup page content shifted to the right edge of its tabs * sf#4284 Reordering a column erases comments for other columns * sf#4286 Open "Browse" in a new tab * sf#4287 Printview - Always one column too much * sf#4288 Expand database (+ icon) after timeout doesn't do anything * sf#4285 Fixed CSS for setup * Fixed altering table to DOUBLE/FLOAT field * sf#4292 Success message and failure message being shown together * sf#4293 opening new tab (using selflink) for import.php based actions results in error and logout ------------------------------------------------------------------- Sun Feb 9 16:40:00 UTC 2014 - ecsos@opensuse.org - fix for bnc#864917 * PMASA-2014-1 ( CVE-2014-1879, CWE-661 CWE-79) * update to >= 4.1.7 - update to 4.1.7 (2014-02-09) * sf#4245 initial Browse query does not match sorting order * sf#4250 Notice on export page * sf#4253 "New" text in navigation frame acts like a database * sf#4262 Cannot define a column with fractional seconds * sf#4265 Missing datepicker icon for DATETIME(length) * sf#4257 Hide fractional seconds when applicable * sf#4264 Uncheck "Ignore" while inserting, upon leaving a textarea * sf#4260 reCaptcha is ignoring language settings * sf#4259 reCaptcha sound session expired problem * sf#4263 Japanese character encoding not working properly when exporting * sf#4269 Notice on table relation page * sf#4270 Bad text-color for table comments * sf#4278 reCaptcha re-login requires double effort * sf#4272 Incorrect tabindex * sf#4271 Query by example and the second criteria line * sf#4242 Wildcard-containing only_db failure in sidebar ------------------------------------------------------------------- Sun Jan 26 12:56:25 UTC 2014 - ecsos@opensuse.org - update to 4.1.6 (2014-01-26) * sf#4232 User not found after creating the user * sf#4241 Confusing dialog when trying to create an already existing user * sf#4239 Missing LIMIT clause for some queries * rfe #1489 Do not show create icon when user has no privileges * sf#4218 Chrome behavior with date fields * sf#3579 NOW() function incorrectly selected (regression) * sf#4244 Advisor complaints about MariaDB 10.x is version less than 5.1 * sf#3889 When login fails and error display is active, login data is displayed (regression) * sf#4247 open_basedir warnings on export page * sf#4013 AJAX request waiting until version info is retrieved * sf#4248 js error when changing number of columns in status monitor ------------------------------------------------------------------- Fri Jan 17 21:42:20 UTC 2014 - andreas.stieger@gmx.de - phpMyAdmin 4.1.5 * sf#3780 Allow aborting loading pages * sf#4223 Database list: Create database misses collation column * sf#4224 Empty table names when a table is "inuse" * sf#4225 Partition maintenance broken * sf#4219 Table list (left panel) does not reload when table renamed * sf#4230 "in use" displayed for all views in database print view * sf#4226 Notice: Undefined index: pma_config_loading * sf#4221 Bzip2 export cannot be directly imported (so withdraw bz2 export) * sf#4204 Reloading user privileges hides user groups submenu * sf#4231 DATE columns quick edit decrement by one day ------------------------------------------------------------------- Wed Jan 8 14:02:09 UTC 2014 - ecsos@opensuse.org - update to 4.1.4 (2014-01-07) * sf#3840 (additional fix) When exporting to gzip format, the data is compressed 2 times * sf#4209 Missing compression in one case * sf#4208 Can't browse tables after sorting on columns with fieldnames that have a '-' * sf#4184 Switch to wrong page after adding an index * sf#3885 Additional fix for this bug * sf#4212 Table "disappears" if it has the same name as its tablegroup * sf#4213 Datetime Quick Edit decrements by one day * sf#4217 Current value not highlighted when browsing foreign values * sf#4220 Incorrect key values in foreign key browser * sf#4215 MariaDB 5.5: error in Drizzle detection ------------------------------------------------------------------- Wed Jan 1 16:36:22 UTC 2014 - andreas.stieger@gmx.de - add source URL, see https://en.opensuse.org/SourceUrls ------------------------------------------------------------------- Wed Jan 1 12:59:03 UTC 2014 - ecsos@opensuse.org - update to 4.1.3 (2013-12-31) * sf#3938 PDFDefaultPageSize doc and easy configurability * sf#4198 Hovering over pie chart gives fatal JS error * sf#4200 Missing syntax highlighting * sf#4201 Exports are not compressed * sf#4131 Import: "number of rows to skip" is ambiguous * sf#4205 Add a user shows additional "edit user group" link * sf#4202 Cannot read property 'token' of undefined * sf#4203 On refreshing designer, $.FullScreen is undefined * sf#3920 Lost space in navigation area - Fix python-bytecode-inconsistent-mtime ------------------------------------------------------------------- Mon Dec 23 23:47:24 UTC 2013 - ecsos@opensuse.org - update to 4.1.2 (2013-12-23) * sf#4178 Quick edit for BIT type does not work * sf#2760 Warn about incomplete exports * sf#4190 Fractional seconds cause row update even if the value is not changed * sf#4170 Overflow scroll for table grid is not a good solution * sf#2961 Relations settings not updated on config change * sf#4187 SQL query inline edit doesn't post changes on the first run * rfe #1465 Docs for connections to IPv6 only MySQL instances * rfe #1468 [interface] No floating for server breadcrumb menu ------------------------------------------------------------------- Tue Dec 17 17:27:05 UTC 2013 - ecsos@opensuse.org - update to 4.1.1 (2013-12-17) * sf#4154 Error using UNION query * sf#4173 Transformations overview not reachable * sf#4149 Js freezes in the management of replication * sf#3903 Query fails when using aliases after ordering result * sf#4181 Adding columns in table creation clears existing columns * sf#4023 Requires wildcard EXECUTE/ALTER ROUTINE on DB to allow Procedures to be executed by user * sf#4186 Adding a column when creating a table does not propagate index info * sf#4185 Unable to execute create procedure statement from query window ------------------------------------------------------------------- Sun Dec 15 18:51:58 UTC 2013 - ecsos@opensuse.org - update to 4.1.0 (2013-12-11) * rfe #499 On user creation, warn if the user already exists * Use indeterminate check all checkbox in server privileges * Break server_status.php functions into smaller functions * PMA_DBI functions in database_interface.lib.php renamed to be compliant with PEAR standards * [interface] Make warning about existing config directory clearer * rfe #1414 Allow specifying controlport * PMA_DBI functions in database interface libraries renamed to be compliant with PEAR standards * rfe #1412 Creating a view from an empty set of results * Improved layout on db and table operations pages * rfe #1410 Added support for AES_ENCRYPT for blob fields * rfe #1423 Clarify option text for icon/text settings * [interface] Upgraded CodeMirror to 3.x series * rfe #1363 Improved query profiler * [interface] rfe #1429 Better suggestion for database name * rfe #1433 Support relations with ndbcluster * sf#3962 Proper escaping of JSON export * rfe #1382 Optional ReCAPTCHA support * rfe #1434 Improvements to the table browsing navigation bar * rfe #1233 and rfe #1283 Improvements to Relation View interface * rfe #1397 Use fractional seconds in time, datetime, and timestamp * rfe #175 Allow cross-database relations * [core] Dropped support for PHP 5.2. * rfe #487 and rfe #1405 Find and Replacing column wise * rfe #1373 Use same create view dialog for editing a view * rfe #316 Configurable menus; allow user groups with customized menus per group * sf#4024 Editing field a record is selected by makes pma load forever * sf#4035 Query "inline" link disappears when turning off "Explain SQL" option * rfe #1385 Hide tables, functions, procedures, events and views in navigation tree * rfe #1321 Export view as if it was a table * Dropped configuration directive: SQP * Dropped configuration directive: MySQLManual* * rfe #1041 and bug #2954 Improved support for SSL connections between MySQL and phpMyAdmin * sf#4056 Language: Vague error message when adding a varchar field * [setup] rfe #1452 Use type="password" for server passwords * rfe #1451 HTML5 input tag enhancements * sf#1193 Text field too small when editing a row longer than $cfg['LimitChars'] * Privileges tab for table level * sf#4068 Headline in operations not readable in IE10 * sf#4000 "Table does not contain unique column" message appears after adding a unique column * rfe #1428 add 'new database' entry to nav tree * rfe #1457 Stone Age icon found * rfe #1463 Filter tables and databases by regular expression * Change the proxy variable names in the config to remove the VersionCheck prefix from them * Added an Error Reporting Component * Javascript files are no longer uglified * sf#4145 Config screen fails to validate MemoryLimit = -1 (new default) * sf#4123 Double config including * sf#4134 After deleting all rows on a page, it returns to a blank page * Dropped configuration directive: DisableIS, ShowDatabasesCommand * sf#4152 Not possible to enter % for search in date fields * sf#3931 IN Clause search does not permit multiple values * sf#4086 Clicking OK from edit popup opens new tab * sf#2983 unknown table status: TABLE_TYPE * sf#4030 ORDER BY SUM(`field`) does not sort DESC * sf#4133 CSV import breaks when no blank line at end of file * sf#4153 Unable to import if newline encoding is MAC style * sf#4096 horizontal scrollbar should not overflow on the left column * sf#4159 bug with navigation between database and table filter * sf#4119 Huge session data with $cfg['Error_Handler']['gather'] * sf#4169 Table list jumps to table on click * sf#4168 Rename multiple columns is not working ------------------------------------------------------------------- Fri Dec 6 14:58:34 UTC 2013 - ecsos@opensuse.org - update to 4.0.10 (2013-12-04) * sf#4150 Clicking database name in query window opens a new tab * sf#4141 Wrong page is shown after editing; also, do not show a modal dialog for multi-row edit * sf#3939 PHP NavigationTree error when paging through list * sf#4075 Support A10 Networks load balancer * sf#4083 row deleting isn't binlogs friendly * sf#4163 Setup script does not recognize manually-configured server * sf#4158 Events page says no privileges with ALL PRIVILEGES ------------------------------------------------------------------- Sun Nov 10 12:59:02 UTC 2013 - ecsos@opensuse.org - update to 4.0.9 (2013-11-04) * sf#4104 Can't edit updatable view when searching * sf#4108 Missing refresh by deleting databases * sf#3995 Drizzle server charset notice * sf#3911 Filtering database names includes empty groupings * sf#3678 Does not display or manipulate bit(64) fields appropriately * sf#4129 Unneeded navi panel refresh * sf#4120 SSL redirects to port 80 * sf#4144 DROP DATABASE displays wrong database name * sf#4059 Running delete query asks for confirmation but says it was already executed * sf#4147 Accessibility: Images without Alt nor title attribute ------------------------------------------------------------------- Mon Oct 7 15:36:07 UTC 2013 - ecsos@opensuse.org - update to 4.0.8 (2013-10-06) * sf#3988 Rename view is not working * sf#4041 Interaction between linkified fields and grid editing * sf#3975 Table grouping isn't implemented properly * sf#4060 Browser tries to remember wrong password when creating new user * sf#4002 Edit Index on big table doesn't show "Loading" or any message * sf#4098 Default table tab is ignored * sf#4099 Server/library difference warning: setting is ignored * sf#4100 table tree group strategy * sf#4102 ALTER TABLE ORDER BY and InnoDB * sf#4103 Tracking report: cannot delete a statement * sf#3996 Drizzle navigation doesn't expand * sf#4074 GIS column editor: point not displayed * sf#4109 Drizzle tables in navigation are shown as views * sf#4095 NUL symbols added to the end of database dump file * sf#4105 More disappears in table Structure * sf#3992 Multi-row edit doesn't clear values when checking NULL ------------------------------------------------------------------- Sun Sep 29 11:13:39 UTC 2013 - ecsos@opensuse.org - update to 4.0.7 (2013-09-23) * sf#3993 Sorting in database overview with statistics doesn't work * bug Handle the situation where PHP_SELF is not set * sf#4080 Overwrite existing file not obeyed * sf#3929 Database-specific privileges are not copied when cloning user * sf#3997 Error handling in case MySQL extension is missing * sf#4089 Moving Columns will alter column definition * sf#4091 Insert ignore option does not work * sf#4090 Downloading BLOB downloads page template * sf#4092 Clicking on table name in view of information_schema redirects to wrong page * sf#4079 Copy Table Add AUTO_INCREMENT value checkbox not working * sf#4088 MySQL server version at index.php incorrect w/ controlhost * sf#4001 Import error: Class 'ImportOds' not found * sf#3986 Missing DROP VIEW button ------------------------------------------------------------------- Sat Sep 7 15:42:13 UTC 2013 - ecsos@opensuse.org - update to 4.0.6 (2013-09-05) * sf#4036 Call to undefined function mb_detect_encoding (clarify the doc) * sf Missing hints when changing a column's structure * sf#4048 Cannot select foreign value in Search * sf#4025 gzip export is not actually compressed with mod_deflate * sf#4054 query analysis doesn't launch in status monitor * Add pmahomme icon credits (FamFamFam silk icon set) * sf#4064 Table structure statistics "Space usage" caption too small for l10n * sf#4051 Wrong tabindex when inserting rows * sf#4066 varchar field not truncated in table browse mode * rfe #1435 Opening database should expand it in the navigation menu * (performance) Removed ShowTooltip directive * sf#4046 Exporting huge Tables causes memory-Problems ------------------------------------------------------------------- Wed Aug 7 12:09:45 UTC 2013 - chris@computersalat.de - fix for bnc#833731 * PMASA-2013-10 (CVE-2013-5029 CWE-661 CWE-693) http://www.phpmyadmin.net/home_page/security/PMASA-2013-10.php ------------------------------------------------------------------- Mon Aug 5 21:51:23 UTC 2013 - obs@ladisch.de - update to 4.0.5 (2013-08-04) * sf#3977 Not detected configuration storage * sf#3970 Pressing enter in the filter field reloads page * sf#3984 Cannot insert in this table (PHP < 5.4) * sf#3989 Reloading privileges does not update the interface * sf#3960 NavigationBarIconic config not honored * sf#3985 Call to undefined function mb_detect_encoding * sf#4007 Analyze option not shown for InnoDB tables * sf#4015 Forcing a storage engine for configuration storage * bug Incorrect Drizzle 7 detection * sf#4019 Create database if not exists (export): add an option to the interface to enable generating CREATE DATABASE and USE (false by default) * sf#4012 Crash on CSV file import * sf#4009 Statistic Monitor shows only last 3 digits in graph * sf#3998 Non-permanent SQL history not working * sf#3578 Transformations for text/plain on a BLOB column * [security] Improved protection against cross framing, see PMASA-2013-10 (CVE-2013-5029 CWE-661 CWE-693) * Reinstated configuration directive: AllowThirdPartyFraming - fix for bug sf#4038: PMASA-2013-8 not mentioned in 4.0.4.2 changes - add CVEs to 4.0.4.2 changes ------------------------------------------------------------------- Mon Jul 29 20:07:45 UTC 2013 - chris@computersalat.de - fix for bnc#831896 * multiple XSS issues (+ a SQL injection and full path disclosure flaw) * fix for PMASA-2013-8 (CVE-2013-4995 CWE-661 CWE-79) * fix for PMASA-2013-9 (CVE-2013-4996 CVE-2013-4997 CWE-661 CWE-79 CWE-80) * fix for PMASA-2013-11 (CVE-2013-4996 CWE-300 CWE-79) * fix for PMASA-2013-12 (CVE-2013-4998 CVE-2013-4999 CVE-2013-5000 CWE-661 CWE-200) * fix for PMASA-2013-13 (CVE-2013-5001 CWE-661 CWE-79 CWE-80) * fix for PMASA-2013-14 (CVE-2013-5002 CWE-661 CWE-79) * fix for PMASA-2013-15 (CVE-2013-5003 CWE-661 CWE-89 CWE-269) - update to 4.0.4.2 (2013-07-28) * [security] fix unescaped parameter, see PMASA-2013-8 * [security] Fix stored XSS in Server status monitor, see PMASA-2013-9 * [security] Fix stored XSS in navigation panel logo link, see PMASA-2013-9 * [security] Fix self-XSS in setup, trusted proxies validation, see PMASA-2013-9 * [security] Fix full path disclosure, see PMASA-2013-12 * [security] Fix control user SQL injection in pmd_pdf.php, see PMASA-2013-15 * [security] Fix control user SQL injection in schema_export.php, see PMASA-2013-15 * [security] Fix self-XSS in schema export, see PMASA-2013-14 * [security] Fix unencoded json object, see PMASA-2013-11 * [security] Fix stored XSS in link transformation plugin, see PMASA-2013-13 ------------------------------------------------------------------- Wed Jul 3 21:40:23 UTC 2013 - obs@ladisch.de - update to 4.0.4.1 (2013-06-30) * [security] Global variables scope injection vulnerability (PMASA-2013-7, CVE-2013-4729) ------------------------------------------------------------------- Tue Jun 18 22:29:34 UTC 2013 - ecsos@opensuse.org - update to 4.0.4 (2013-06-17) * sf#3959 Using DefaultTabDatabase in NavigationTree for Database Click * sf#3961 Avoid Suhosin warning when in simulation mode * sf#3897 Row Statistics and Space usage bugs * sf#3966 Only display "table has no unique column" message when applicable * sf#3960 NavigationBarIconic config not honored * sf#3965 Default language wrong with zh-TW * sf#3921 Call to undefined function PMA_isSuperuser() if default server is not set * sf#3971 Ctrl/shift + click opens links in same window * sf#3964 Import using https does not work * fix bug Missing removeCRLF option in ExportCsv and ExportExcel plugins * sf#3631 Drop not working Visio schema export. * sf#3645 Better handling of invalid ODS documents * sf#3976 Number of pages * sf#3922 User privileges, database name unescaped ------------------------------------------------------------------- Wed Jun 12 21:59:40 UTC 2013 - chris@computersalat.de - fix changelog * add missing 'fix for bnc#xxxxxx ------------------------------------------------------------------- Thu Jun 6 16:27:24 UTC 2013 - ecsos@opensuse.org - update to 4.0.3 (2013-06-05) * sf#3941 Recent tables list always empty * sf#3933 Do not translate "Open Document" in export settings * sf#3927 List of tables is missing after expanding in the navigation frame * sf#3942 Warnings about reserved word for many non reserved words * sf#3912 Exporting row selection, resulted by ORDER BY query * sf#3957 Cookies must be enabled past this point * sf#3956 "Browse foreign values" search filter / page selector not working * sf#3579 NOW() function incorrectly selected (partial regression) * [security] Javascript execution vulnerability in Create view, reported by Maxim Rupp (see PMASA-2013-6) - fix for bnc#824306 * PMASA-2013-6 (CVE-2013-3242) ------------------------------------------------------------------- Sat May 25 17:33:09 UTC 2013 - ecsos@opensuse.org - update to 4.0.2 (2013-05-24) * sf#3902 Cannot browse when table name contains keyword "call" * center loading indicator for navigation refresh, related to bug #3920 * sf#3925 Table sorting in navigation panel is case-sensitive * sf#3915 Import of CSV file (Replace table data with file) with duplicate values * sf#3907 undefined variables, function parameter problems * sf#3898 Structure not refreshed after column drop * sf#3926 View is not updatable * sf#3919 PropertiesIconic not honored * sf#3930 Databases to choose for specific privileges show up escaped * sf#3910 Export database with empty table as a php array, does not produce valid PHP * sf#3936 Query profiler chart not loading from SQL Query page * sf#3946 Missing CSV import option "Do not abort on INSERT error" * sf#3943 Missing Operations>Table options>AUTO_INCREMENT * bug Missing CREATE DATABASE statement when exporting at database level * sf#3924 Show warning when CSV file does not contain data for all columns * sf#3947 Missing Sql Query after modify structure * sf#3948 Server export problems * sf#3917 CountTables directive is deprecated ------------------------------------------------------------------- Wed May 15 08:00:00 UTC 2013 - ecsos@opensuse.org - update to 4.0.1.0 (2013-05-14) * sf#3879 Import broken for CSV using LOAD DATA * sf#3889 When login fails and error display is active, login data is displayed * sf#3890 [import] Web server upload directory import fails * sf#3891 [import] Server upload folder import file name missing in success message * rfe #1421 [auth] Add retry button on connection failure with config auth * sf#3894 [interface] Provide feedback if no columns selected for multi-submit * sf#3799 [interface] Incorrect select field change on ctrl key navigation in Firefox * sf#3885 [browse] display_binary_as_hex option causes unexpected behavior * sf#3899 Git commit links to Github missing * sf#3900 CSP WARN in Firefox console * sf#3901 Setup script warning for config auth (stored login data) shows link BBcode * sf#3895 [browse] Fixed getting BLOB data * sf#3905 [export] Custom Exporting exports all databases * sf#3909 [import] Import of CSV FIle to selected table doesn't work * sf#3904 Browsing an empty table should not display its Structure * sf#3908 Calendar widget improperly redirects to home * sf#3918 Greyed out tabs when there are no rows fixed * sf#3916 [interface] Missing scrollbar (original theme) * [vendor] add tcpdf path to vendor_config.php * bug fix compat with tcpdf >= 6.0 (tested with 6.0.012) ------------------------------------------------------------------- Fri May 3 17:32:42 UTC 2013 - ecsos@opensuse.org - update to 4.0.0 (2013-05-03) * Patch #3481047 for rfe #3480477 Insert as new row enhancement * Patch #3480999 Activate codemirror in the query window * Patch #3495284 XML Import - fix message and redirect * rfe #3484063 Null checkbox behavior * Patch #3497179 Contest-5: Add user: Allow create DB w/same name + grant u_% * Patch #3498201 Contest-6: Export all privileges * Patch #3502814 for rfe #3187077 Change password buttons should match * rfe #3488640 Expand table-group in non-light navigation frame if only one * Patch #3509360 Contest-3: Option "Truncate table" before "insert" * Patch #3506552 Contest-2: Show index information in the data dictionary * Patch #3510656 Contest-1: Ignoring foreign keys while dropping tables * sf#3509686 Reverting sort on joined column does not work * New transformation: append string * rfe #3507804 Session upload progress (PHP 5.4) * rfe #3488185 draggable columns vs copy column name * Patch #3507001 Contest-4: Textarea for large character columns * Removed the PHP version of the ENUM editor * Patch #3507111 Display distinct results, linked to corresponding data rows * sf#3507917 [export] JSON has unescaped values for allegedly numeric columns * rfe #3516187 show tables creation, last update, last check timestamps in db_structure * sf#3059806 Supporting running from CIFS/Samba shares * sf#3516341 [export] Open Document Text, Word and Texy! Text show table structure twice * sf [export] Texy! Text: Columns containing Pipe Character don't export properly * [export] Show triggers in Open Document Text, Word and Texy! Text * Patch #3415061 [auth] Login screen appears under the page * rfe #3517354 [interface] Allow disabling CodeMirror with $cfg['CodemirrorEnable'] = false * rfe #3475567 [interface] New directive $cfg['HideStructureActions'] * sf#3468272 [import] Fixed import of ODS with more paragraphs in a cell * sf#3510196 [core] Improved redirecting with ForceSSL option * rfe #3518852 [edit] edit blob but not other binary, new option $cfg['ProtectBinary'] = 'noblob' * Hide language select box if there are no locales installed * Removed some directives: verbose_check, SuggestDBName, LightTabs, VerboseMultiSubmit, ReplaceHelpImg * Patch #3500882 Fixing checkbox behaviour while editing identical rows * rfe #3441722 [interface] Display description of datatypes * rfe #3517835 [structure] Move columns easily * Ajaxified "Create View" functionality * [import] New plugin: import mediawiki * New navigation system * Discontinued the use of a frame-based layout * rfe #3528994 [interface] Allow wrapping possibly long values in replication-status table * [interface] Autoselect username input on cookie login page * sf#3563799 [interface] Grid editing destroying huge amount of data * [import] Remove support for the unactive docSQL import format * sf#3577443 [edit] "Browse foreign values" does not show on ajax edit * rfe #3522109 [browse] Grid editing: action to trigger it (or disable) * sf#3526598 [interface] SQL query not shown when creating table * Dropped configuration directive: AllowThirdPartyFraming * Dropped configuration directive: LeftFrameLight * Dropped configuration directive: DisplayDatabasesList * Dropped configuration directives: ShowTooltipAliasDB and ShowTooltipAliasTB * Dropped configuration directive: NaviDatabaseNameColor * Added configuration directive: MaxNavigationItems * Renamed configuration directive: LeftFrameDBTree => NavigationTreeEnableGrouping * Renamed configuration directive: LeftFrameDBSeparator => NavigationTreeDbSeparator * Renamed configuration directive: LeftFrameTableSeparator => NavigationTreeTableSeparator * Renamed configuration directive: LeftFrameTableLevel => NavigationTreeTableLevel * Renamed configuration directive: LeftPointerEnable => NavigationTreePointerEnable * Renamed configuration directive: LeftDefaultTabTable => NavigationTreeDefaultTabTable * Renamed configuration directive: LeftDisplayTableFilterMinimum => NavigationTreeDisplayTableFilterMinimum * Renamed configuration directive: LeftDisplayLogo => NavigationDisplayLogo * Renamed configuration directive: LeftLogoLink => NavigationLogoLink * Renamed configuration directive: LeftLogoLinkWindow => NavigationLogoLinkWindow * Renamed configuration directive: LeftDisplayServers => NavigationDisplayServers * Renamed configuration directive: LeftRecentTable => NumRecentTables * Renamed configuration directive: LeftDisplayDatabaseFilterMinimum => NavigationTreeDisplayDbFilterMinimum * Removed the "Mark row on click" feature; must now click the checkbox to mark * Removed the "Synchronize" feature * Improved layout of server variables page * rfe #1052091 [config] Double-underscores in PMA table names * Improved the "More" dropdown on the table structure page * [interface] Added "scroll to top" link in menubar * [designer] Fullscreen mode for the designer * Upgraded jquery to v1.8.3 and jquery-ui to v1.9.2 * Patch #3597529 [status] Add raw value as title on server status page * Support MySQL 5.6 partitioning * Removed the AjaxEnable directive * rfe #3542567 Accept IPv6 ranges and IPv6 CIDR notations in $cfg['Servers'][$i]['AllowDeny']['rules'] * sf#3576788 Grid editing shows the value before silent truncation * Upgraded jqPlot to 1.0.4 r1121 * Upgraded to jquery-ui-timepicker-addon 1.1.1 * rfe #3599046 [interface] Added comments for indexes * Replaced qtip with jQuery UI tooltip * Upgraded CodeMirror to 2.37 * sf#2951 [export] Correctly export decimal fields. * sf#3762 [core] Make Advisor work on Windows withou COM extension. * sf#3519 [export] Prevent infinite recursion in PDF export. * sf#3827 Table specific privileges not displayed for db name containing underscore * rfe #1386 Add IF NOT EXISTS clause when copying database * No longer package .travis.yml configuration file when creating a release. * sf#3830 Can't export custom query because it lowercases table names * sf#3829 Enabling query profiling crashes javascript based navigation * rfe #879 Reserved word warning * Remove the database ordering sub-feature of the only_db directive * sf#3840 When exporting to gzip format, the data is compressed 2 times * rfe #1319 Permit to create index when creating foreign key * sf#3703 Incorrect updating of the list of users * sf#3853 Blowfish implementation might be broken (replace with phpseclib) * sf#3865 Using like operator on each backslash needs 4 backslash protection * sf#3860 Displayed git revision info is not set * sf#3871 Check referential integrity broken across databases * sf#3874 [export] No preselected option when exporting table * sf#3873 Can't copy table to target database if table exists there * sf#3683 Incorrect listing of records from to count * sf#3876 [import] PHP 5.2 - unexpected T_PAAMAYIM_NEKUDOTAYIM * [security] Local file inclusion vulnerability, reported by Janek Vind (see PMASA-2013-4) * [security] Global variables overwrite in export.php, reported by Janek Vind (see PMASA-2013-5) * sf#3892 [export] SQL Export files are empty - fix for bnc#824304 * PMASA-2013-4 (CVE-2013-3240) - fix for bnc#824305 * PMASA-2013-5 (CVE-2013-3241) ------------------------------------------------------------------- Wed Apr 24 22:41:50 UTC 2013 - ecsos@opensuse.org - update to 3.5.8.1 (2013-04-24) * [security] Remote code execution (preg_replace), reported by Janek Vind (see PMASA-2013-2) * [security] Locally Saved SQL Dump File Multiple File Extension Remote Code Execution, reported by Janek Vind (see PMASA-2013-3) - fix for bnc#824301 * PMASA-2013-2 (CVE-2013-3238) - fix for bnc#824302 * PMASA-2013-3 (CVE-2013-3239) ------------------------------------------------------------------- Mon Apr 8 18:33:29 UTC 2013 - ecsos@opensuse.org - update to 3.5.8 (2013-04-08) * sf#3828 MariaDB reported as MySQL * sf#3854 Incorrect header for Safari 6.0 * sf#3705 Attempt to open trigger for edit gives NULL * Use HTML5 DOCTYPE * [security] Self-XSS on GIS visualisation page, reported by Janek Vind see PMASA-2013-1 * sf#3800 Incorrect keyhandler behaviour #2 - fix for bnc#814678 * PMASA-2013-1 (CVE-2013-1937) ------------------------------------------------------------------- Fri Mar 15 19:51:32 UTC 2013 - chris@computersalat.de - update to 3.5.7.0 (2013-02-15) * sf#3779 [core] Problem with backslash in enum fields * sf#3816 Missing server_processlist.php * sf#3821 Safari: white page * Correct detection of the Chrome browser ------------------------------------------------------------------- Mon Feb 4 17:34:24 CET 2013 - draht@suse.de - update to 3.5.6.0 (2013-01-28) * sf#3593604 [status] Erroneous advisor rule * sf#3596070 [status] localStorage broken in server status monitor * sf#3598736 [routines] Editing a procedure with special characters * sf#3600322 [core] Visualize GIS data throws Fatal Error * sf#3599362 [core] Double-escaped error message * sf#3776 [cookies] Login without auth on second server ------------------------------------------------------------------- Wed Jan 16 23:17:50 UTC 2013 - chris@computersalat.de - update to 3.5.5.0 (2012-12-21) * sf#3563824 [export] Support Apache's mod_deflate * sf#3585523 [interface] Inline query editing broken after row update * sf#3586389 [setup] Cannot switch language in /setup * sf#3585695 [CSS] Font size in inline query editor is way too big * sf#3588354 [l10n] Portuguese Language not displaying correctly * sf#3591412 [status] Live charts don't work for non-default server * sf[core] Proxy ajax calls to pma.net to avoid browser notices * sf#3593534 [tracking] Structure Snapshot on tracked view renders invalid SQL * sf#3544366 [events] Event comments not saved ------------------------------------------------------------------- Sat Dec 15 15:23:00 UTC 2012 - chris@computersalat.de - update to 3.5.4.0 (2012-11-16) * sf#3570212 [edit] uuid_short() is a no-arguments function * sf#3569577 [edit] Add routine parameter headers not valid for "function" * sf#3575799 [search] Various search operators not working as expected * sf#3576322 [search] Invalid select query generated for tables with ENUM fields * sf#3577468 [display] Incorrect imagejpeg Syntax Breaks Image Transformation * sf#3578776 [search] Editing SQL not possible when no records found * sf#3571970 [interface] Display chart and number of rows to plot * sf#3582631 [core] Wrong redirect url caused cookies error with ForceSSL ------------------------------------------------------------------- Mon Nov 5 11:40:16 UTC 2012 - chris@computersalat.de - update to 3.5.3.0 (2012-10-08) * sf#3539044 [interface] Browse mode "Show" button gives blank page if no results anymore * sf#3534979 [interface] Copy Database Ajax feedback vanishes long before copying is done * sf#3527531 [interface] GC-maxlifetime warning incorrectly displayed * sf#3526916 [interface] Search fails with JS error when tooltips disabled * sf#3544366 [interface] Event comments not saved * sf#3549084 [edit] Can't enter date directly when editing inline * sf#3548491 [interface] Inline query editor doesn't work from search results * sf#3547825 [edit] BLOB download no longer works * sf#3541966 [config] Error in generated configuration arrray * sf#3553551 [GUI] Invalid HTML code in multi submits confirmation form * [interface] Designer sometimes places tables on the top menu * sf#3546277 [core] Call to undefined function __() when config file has wrong permissions * sf#3540922 [edit] Error searching table with many fields * sf#3555104 [edit] Cannot copy a DB with table and views * sf#3559925 [privileges] Incorrect updating of the list of users * sf#3561224 [edit] cell edit date field with empty date fills in current date * sf#3559955 [edit] current_date from function drop down fails on update * sf#3562472 add support for Solaris and FreeBSD system load and memory display in server status * sf#3553068 [import] Table import from XML file fails * replace Highcharts with jqplot for Display chart * sf#3567684 [edit] Pasting value doesn't clear null checkbox * sf#3570786 [edit] Datepicker for date and datetime fields is broken - fix for bnc#788103 * PMASA-2012-6 (CVE-2012-5339) o http://www.phpmyadmin.net/home_page/security/PMASA-2012-6.php * PMASA-2012-7 (CVE-2012-5368) o http://www.phpmyadmin.net/home_page/security/PMASA-2012-7.php ------------------------------------------------------------------- Tue Aug 21 14:30:51 UTC 2012 - chris@computersalat.de - update to 3.5.2.2 (2012-08-12) - [security] Fixed XSS vulnerabilities, see PMASA-2012-4 - update to 3.5.2.1 (2012-08-03) - [security] Fixed local path disclosure vulnerability, see PMASA-2012-3 - fix for bnc#776701 * PMASA-2012-4 (CVE-2012-4345) - fix for bnc#776698 * PMASA-2012-3 (CVE-2012-4219) ------------------------------------------------------------------- Sun Jul 8 15:52:13 UTC 2012 - chris@computersalat.de - udpate to 3.5.2 (2012-07-07) * bug sf#3521416 [interface] JS error when editing index * bug sf#3521313 [core] Call to undefined function __() * bug sf#3521016 [edit] NOW() function incorrectly selected * bug [GUI] Invalid HTML code on transformation_overview.php * bug sf#3522930 [browse] Missing validation in Ajax mode * bug Fix popup message on build SQL of import * bug sf#3523499 [core] Make X-WebKit-CSP work better * replace Highcharts with jqplot for query profiling, zoom search * bug sf#3531584 [interface] No form validation in change password dialog * bug sf#3531585 [interface] Broken password validation in copy user form * bug sf#3531586 [unterface] Add user form prints JSON when user presses enter * bug sf#3534121 [config] duplicate line in config.sample.inc.php * bug sf#3534311 [interface] Grid editing incorrectly parses ENUM/SET values * bug sf#3510196 [core] More clever URL rewriting with ForceSSL - rebase config patch ------------------------------------------------------------------- Sun Jun 3 22:00:45 UTC 2012 - chris@computersalat.de - update to 3.5.1.0 (2012-05-03) * bug sf#3510784 [edit] Limit clause ignored when sort order is remembered * bug sf#3511471 [interface] View name not seen in navi panel (MySQL 5.1) * bug sf#3512916 [display] Right frame reloads after displaying SQL result(zero rows) * bug [interface] Fixed missing Codemirror for inline query edit when exporting a result set * bug sf#3514490 [auth] Multiple Navigation panels bug still present * bug sf#3515181 [users] Error in create user + underscore + create database * bug sf#3515666 [display] Profiling chart shows wrong data * bug sf#3516037 [auth] JS includes missing in auth config error page * bug sf#3516183 [display] Missing image extension * bug [display] Added missing icons in original theme * bug sf#3516761 [edit] Query error after search * bug sf#3516405 [display] Chart title is getting wrong within chart export * bug sf#3517021 [interface] Header links except 'More' hide after closing dialog * bug sf#3516817 [interface] "More" actions in table structure * bug sf#3518484 [privileges] PMA_sqlAddSlashes() does not quote the table names correctly * bug sf#3518983 [designer] Error messages do not appear in the Designer * bug sf#3519747 [interface] Suhosin patch warning incorrectly displayed * bug sf#3520107 [interface] Server status page: Incorrect dialog box titles * bug sf#3516089 [structure] DROP does not work on defective VIEWs - rebase config patch * remove version from patch name * add missing options ------------------------------------------------------------------- Thu Apr 26 19:49:16 UTC 2012 - chris@computersalat.de - update to 3.4.11.0 * bug sf#3486970 [import] Exception on XML import * bug sf#3488777 [navi] $cfg['ShowTooltipAliasTB'] and blank names in navigation * bug sf#3512565 [navi] Fixed missing word "Rows" in table list tooltip after click ------------------------------------------------------------------- Mon Apr 2 10:14:55 UTC 2012 - chris@computersalat.de - update to 3.4.10.2 (fix for bnc#755211) - [security] Fixed local path disclosure vulnerability, see PMASA-2012-2 http://www.phpmyadmin.net/home_page/security/PMASA-2012-2.php ------------------------------------------------------------------- Thu Feb 23 12:45:22 UTC 2012 - chris@computersalat.de - fix changelog * rename bugs , patches ("{bug,patch} #....") to fit into bug naming scheme -> "sf#...." ------------------------------------------------------------------- Mon Feb 20 09:50:54 UTC 2012 - chris@computersalat.de - update to 3.4.10.1 (fix for bnc#747841) * [security] XSS in replication setup, see PMASA-2012-1 - 3.4.10.0 (2012-02-14) * sf#3460090 [interface] TextareaAutoSelect feature broken * sf#3375984 [export] PHP Array export might generate invalid php code * sf#3049209 [import] Import from ODS ignores cell that is the same as cell be fore * sf#3463933 [display] SELECT DISTINCT displays wrong total records found * sf#3458944 [operations] copy table data missing SET SQL_MODE='NO_AUTO_VALUE_ON_ZERO' * sf#3469254 [edit] Setting data to NULL and drop-downs * sf#3477063 [edit] Missing set fields and values in generated INSERT query * sf#3460867 [libraries] license issue with TCPDF (updated to 5.9.145), (fix for bnc#736698) ------------------------------------------------------------------- Wed Dec 28 13:41:55 UTC 2011 - chris@computersalat.de - update to 3.4.9 - sf#3442028 [edit] Inline editing enum fields with null shows no dropdown - sf#3442004 [interface] DB suggestion not correct for user with underscore - sf#3438420 [core] Magic quotes removed in PHP 5.4 - sf#3398788 [session] No feedback when result is empty (signon auth_type) - sf#3384035 [display] Problems regarding ShowTooltipAliasTB - sf#3306875 [edit] Can't rename a database that contains views - sf#3452506 [edit] Unable to move tables with triggers - sf#3449659 [navi] Fast filter broken with table tree - sf#3448485 [GUI] Firefox favicon frameset regression - [core] Better compatibility with mysql extension - [security] Self-XSS on export options (export server/database/table), see PMASA-2011-20 - [security] Self-XSS in setup (host parameter), see PMASA-2011-19 - fix for bnc#738411 * PMASA-2011-19 (CVE-2011-4780) * PMASA-2011-20 (CVE-2011-4782) - rework config patch ------------------------------------------------------------------- Fri Dec 16 08:34:11 UTC 2011 - chris@computersalat.de - fix changelog * add missing info for bnc#736772 - fix fdupes * reduce fdupes to affected files only (./libraries,./themes) ------------------------------------------------------------------- Tue Dec 13 14:25:45 UTC 2011 - chris@computersalat.de - update to 3.4.8 - sf#3425230 [interface] enum data split at space char (more space to edit) - sf#3426840 [interface] ENUM/SET editor can't handle commas in values - sf#3427256 [interface] no links to browse/empty views and tables - sf#3430377 [interface] Deleted search results remain visible - sf#3428627 [import] ODS import ignores memory limits - sf#3426836 [interface] Visual column separation - sf#3428065 [parser] TRUE not recognized by parser + sf#3433770 [config] Make location of php-gettext configurable - sf#3430291 [import] Handle conflicts in some open_basedir situations - sf#3431427 [display] Dropdown results - setting NULL does not work - sf#3428764 [edit] Inline edit on multi-server configuration - sf#3437354 [core] Notice: Array to string conversion in PHP 5.4 - [interface] When ShowTooltipAliasTB is true, VIEW is wrongly shown as the view name in main panel db Structure page - sf#3439292 [core] Fail to synchronize column with name of keyword - sf#3425156 [interface] Add column after drop - [interface] Avoid showing the password in phpinfo()'s output - sf#3441572 [GUI] 'newer version of phpMyAdmin' message not shown in IE8 - sf#3407235 [interface] Entering the key through a lookup window does not reset NULL - [security] Self-XSS on database names (Synchronize), see PMASA-2011-18 - [security] Self-XSS on database names (Operations/rename), see PMASA-2011-18 - [security] Self-XSS on column type (Create index), see PMASA-2011-18 - [security] Self-XSS on column type (table Search), see PMASA-2011-18 - [security] Self-XSS on invalid query (table overview), see PMASA-2011-18 - fix for bnc#736772 (CVE-2011-4634, PMASA-2011-18) ------------------------------------------------------------------- Mon Nov 14 20:22:30 UTC 2011 - chris@computersalat.de - update to 3.4.7.1 (fix for bnc#728243) - [security] Fixed possible local file inclusion in XML import (CVE-2011-4107), see PMASA-2011-17 http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php ------------------------------------------------------------------- Wed Oct 26 10:49:15 UTC 2011 - chris@computersalat.de - update to 3.4.7 - sf#3418610 [interface] Links in navigation when $cfg['MainPageIconic'] = false - sf#3418849 [interface] Inline edit shows dropdowns even after closing - bug [view] View renaming did not work - bug [navi] Wrong icon for view (MySQL 5.5) - sf#3420229 [doc] Missing documentation section - sf#3423725 [pdf] Broken PDF file when exporting database to PDF - [core] Allow to set language in URL - sf#3425184 [doc] Fix links to PHP documentation - sf#3426031 [export] Export to bzip2 is not working - 3.4.6.0 (2011-10-16) - sf#3404173 InnoDB comment display with tooltips/aliases - sf#3404886 [navi] Edit SQL statement after error - sf#3403165 [interface] Collation not displayed for long enum fields - sf#3399951 [export] Config for export compression not used - sf#3400690 [privileges] DB-specific privileges won't submit - sf#3410604 [config] Configuration storage incorrect suggested table name - sf#3383572 [interface] Cannot execute saved query - sf#3411535 [display] Full text button unchecks results display options - sf#3411224 [display] Broken binary column when 'Show binary contents' is not set - sf#3411633 [core] Call to undefined function PMA_isSuperuser() - sf#3413743 [interface] Display options link missing after search - sf#3324161 [core] CSP policy causing designer JS buttons to fail - sf#3412862 [relation] Relations/constraints are dropped/created on every change - sf#3390832 [display] Delete records from last page breaks search - sf#3392150 [schema] PMA_User_Schema::processUserChoice() is broken - sf#3414744 [core] External link fails in 3.4.5 - sf#3314626 [display] CharTextareaRows is not respected - sf#3417089 [synchronize] Extraneous db choices - [security] Fixed local path disclosure vulnerability, see PMASA-2011-15 - [security] Fixed XSS in setup (host/verbose parameter), see PMASA-2011-16 ------------------------------------------------------------------- Tue Oct 4 21:36:48 UTC 2011 - chris@computersalat.de - update to 3.4.5 - sf#3375325 [interface] Page list in navigation frame looks odd - sf#3313235 [interface] Error div misplaced - sf#3374802 [interface] Comment on a column breaks inline editing - sf#3383711 [display] Order by a column in a view doesn't work in some cases - sf#3386434 [interface] Add missing space to server status - [core] Remove library PHPExcel, due to license issues - [export] Remove native Excel export modules (xls and xlsx formats) - [import] Remove native Excel import modules (xls and xlsx formats) - sf#3392920 [edit] BLOB emptied after editing another column - [security] Fixed XSS in Inline Edit on save action, see PMASA-2011-14 - [security] Fixed XSS with db/table/column names, see PMASA-2011-14 ------------------------------------------------------------------- Sat Aug 27 17:17:27 UTC 2011 - chris@computersalat.de - update to 3.4.4 - sf#3323060 [parser] SQL parser breaks AJAX requests if query has unclosed quotes - sf#3323101 [parser] Invalid escape sequence in SQL parser - sf#3348995 [config] $cfg['Export']['asfile'] set to false does not select as Text option - sf#3340151 [export] Working SQL query exports error page - sf#3353649 [interface] "Create an index on X columns" form not validated - sf#3350790 [interface] JS error in Table->Structure->Index->Edit - sf#3353811 [interface] Info message has "error" class - sf#3357837 [interface] TABbing through a NULL field in the inline mode resets NULL - remove version number in /setup - sf#3367993 [usability] Missing "Generate Password" button - sf#3363221 [display] Missing Server Parameter on inline sql query - sf#3367986 [navi] Drop field -> lost active table - remove misleading comment on the "Rename database" interface - sf#3374374 [interface] Fix footnote for inexact count while browsing - sf#3372807 [interface] Fix security warning link in setup - sf#3374347 [display] Backquotes in normal text on import page - sf#3358750 [core] With Suhosin, urls are too long in edit links - [security] Missing sanitization on the table, column and index names leads to XSS vulnerabilities, see PMASA-2011-13 ------------------------------------------------------------------- Fri Jul 29 14:57:01 UTC 2011 - chris@computersalat.de - update to 3.4.3.2 o PMASA-2011-9 to PMASA-2011-12 http://www.phpmyadmin.net/home_page/security/ ------------------------------------------------------------------- Mon Jul 4 13:27:10 UTC 2011 - chris@computersalat.de - update to 3.4.3.1 - [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-5 - [security] Fixed possible code injection incase session variables are compromised, see PMASA-2011-6 - [security] Fixed regexp quoting issue in Synchronize code, see PMASA-2011-7 - [security] Fixed filtering of a file path, which allowed for directory traversal, see PMASA-2011-8 - 3.4.3.0 (2011-06-27) - sf#3311170 [sync] Missing helper icons in Synchronize - sf#3304473 [setup] Redefine a lable that was wrong - sf#3304544 [parser] master is not a reserved word - sf#3307616 [edit] Inline edit updates multiple duplicate rows - sf#3311539 [edit] Inline edit does not escape backslashes - sf#3313210 [interface] Columns class sometimes changed for nothing - sf#3313326 [interface] Some tooltips do not disappear - sf#3315720 [search] Fix search in non unicode tables - sf#3315741 [display] Inline query edit broken - sf#3317206 [privileges] Generate password option missing on new accounts - sf#3317293 [edit] Inline edit places HTML line breaks in edit area - sf#3319466 [interface] Inline query edit does not escape special characters - minor XSS (require a valid token) - add restart_on_update apache to post ------------------------------------------------------------------- Wed Jun 22 09:01:52 UTC 2011 - chris@computersalat.de - fix changelog o update to 3.4.2.0 -> update to 3.4.2 - fix bnc#697748 (suhosin customization) o moved from spec's %post to http_conf file ------------------------------------------------------------------- Thu Jun 09 14:41:00 UTC 2011 - jweberhofer@weberhofer.at - update to 3.4.2 - sf#3301249 [interface] Iconic table operations does not remove inline edit label - sf#3303869 [interface] Unnecessary scrolling on Databases page - sf#3303813 [setup] Define a label that was missing - sf#3305606 [interface] Show all button wraps on privileges page - sf#3305517 [config] Config for export compression not used - sf#3305883 [interface] Table is dropped regardless of confirmation - [auth] Fixed error handling for signon auth method. - sf#3276001 [core] Avoid caching of index.php. - sf#3306958 [interface] Unnecessary Details slider - sf#3308476 [interface] "Show all" not persistent after a sort - sf#3308072 [auth] Version disclosure to anonymous visitors - sf#3306981 [interface] pmahomme and table statistics ------------------------------------------------------------------- Tue May 24 16:06:05 UTC 2011 - chris@computersalat.de - update to 3.4.1 - bug sf#3301108 [interface] Synchronize and already configured host - bug sf#3302457 Inline edit and $cfg['PropertiesIconic'] - Patch #3302313 Show a translated label - bug sf#3300981 [navi] Table filter is case sensitive - bug sf#3285929 [privileges] Revert temporary fix - bug sf#3302872 [synchronize] Synchronize and user name - bug sf#3302733 [core] Some browsers report an insecure https connection - [security] Make redirector require valid token - rework config patch - removed 3.3.8, added 3.4.1 config patch - added conftrib to doc - mod post section o modify suhosin.ini ------------------------------------------------------------------- Sat Mar 19 19:17:57 UTC 2011 - chris@computersalat.de - update to 3.3.10 - patch sf#3147400 [structure] Aria table size printed as unknown, thanks to erickoh75 - erickoh75 - patch sf#3150164 [structure] Ordering by size gives incorrect results, thanks to Madhura Jayaratne - madhuracj - bug sf#3153409 [core] 0 row(s) affected - bug sf#3155842 [core] Edit relational page and page number - [security] Minor security fixes, see PMASA-2010-9 and PMASA-2010-10 - [lang] German update, thanks to jannicars@users.sourceforge.net. ------------------------------------------------------------------- Wed Feb 23 12:10:46 UTC 2011 - chris@computersalat.de - update to 3.3.9.2 - [security] SQL injection, see PMASA-2011-2 - 3.3.9.1 (2011-02-08) - [security] Path disclosure, see PMASA-2011-1 - add macros for ap_usr, ap_grp - fix perm on sysconfdir o 0750,root,www ------------------------------------------------------------------- Thu Jan 27 20:14:40 UTC 2011 - chris@computersalat.de - update to 3.3.9 - bug [doc] Fix references to MySQL doc - sf#3101490 Default function for TIMESTAMP, thanks to jirand - jirand - sf#3103853 [js] Double quotes were not escaped in generated js - sf#3077463 [core] Events were not copied when copying/renaming database - sf#1762306 [core] Copy database with view of a view - sf#3117535 [replication] Add quotes to database in initial statement, thanks to Craig Duncan - duncan3dc - sf#3112614 [pdf schema] Scratchboard for PDF pages not working - sf#3125606 [parser] Query for table "level" causes strange display - sf#3127904 [parser] Close all opened round brackets indents - removed Authors from spec ------------------------------------------------------------------- Fri Dec 3 23:04:41 UTC 2010 - chris@computersalat.de - update to 3.3.8.1 - sf#3115519 (private) [security] XSS on db search, see PMASA-2010-8 - rework config patch o add AllowNoPassword ------------------------------------------------------------------- Wed Oct 27 10:23:50 UTC 2010 - javier@opensuse.org - update to 3.3.8 - sf#3059311 [import] BIGINT field type added to table analysis - [core] Update library PHPExcel to version 1.7.4 - sf#3062455 [core] copy procedures and routines before tables - sf#3062455 [export] with SQL, export procedures and routines before tables - sf#3056023 [import] USE query not working - sf#3038193 [display] Error when editing row with GEOMETRY column - sf#3062454 [interface] Display routines/events also when no tables are defin ed - support ARIA storage engine as well as its previous name MARIA ------------------------------------------------------------------- Wed Sep 22 14:03:14 CEST 2010 - mcihar@suse.cz - update to 3.3.7 ------------------------------------------------------------------- Wed Jul 7 14:48:50 UTC 2010 - chris@computersalat.de - update to version 3.3.4 - sf#2996161 [import] properly escape import value - sf#2998889 [import] Import button does not work in Catalan - [browse] Fix handling of sort order if only column is specified. + [lang] Greek update, thanks to Panagiotis Papazoglou - panos78 + [lang] Updated lot of translation based on work done in master branch. - sf#3008411 [databases] Last dropped database remains active in navi - sf#2986383 [parser] Not all data being shown / counted - bug [synchronize] Rows were deleted in target table regardless of the "Would you like to delete..." option - bug [privileges] List of tables not shown when the db name has a wildcard - sf#3011126 [display] Edit link missing after long query - sf#3013264 [doc] FAQ 1.40 uses a comma instead of a period, thanks to Isaac Bennetch - ibennetch - [engines] Fix getting InnoDB status. - sf#2986422 [import] Results for query are not displayed ------------------------------------------------------------------- Fri May 21 16:59:50 UTC 2010 - chris@computersalat.de - update to version 3.3.3 - sf#2982480 [navi] Do not group if there would be one table in group - sf#2983492 [sync] When asking to synchronize Structure and Data, only Structure is done - sf#2984893 [engines] InnoDB storage page emits a warning - sf#2974687, sf#2974692 [compatibility] PHPExcel : IBM AIX iconv() does not work - sf#2983066 [interface] Flush table on table operations shows the query twice - sf#2983060, sf#2987900 [interface] Fix initial state of tables in designer - sf#2983062, sf#2989408 [engines] Fix warnings when changing table engine to Maria - sf#2974067 [display] non-binary fields shown as hex - sf#2983065 [operations] Error when changing from Maria to MyISAM engine - sf#2975408 [tracking] Data too long for column data_sql - bug [tracking] Tracking report should obey MaxCharactersInDisplayedSQL - bug [edit] Avoid selecting UNHEX function by default for a BLOB column for which editing is protected - sf#2994168 [structure] Show auto_increment in uppercase - sf#2993970 [pdf schema] Page numbering in Table of Contents - 3.3.2.0 (2010-04-13) - sf#2969449 [core] Name for MERGE engine varies depending on the MySQL version, thanks to Dieter Adriaenssens - ruleant - sf#2966078 [browse] Incorrect LIMIT is saved and sticks while browsing - sf#2967366 [Structure] Some results of Propose table structure are shown in hex - sf#2967565 [insert] UNHEX not selected by default when inserting BINARY - [navi] Changed link to git repository on main page - sf#2972232 [menu] Import menu tab not present on main page - sf#2976790 [menu] Go to the upper level after table DROP, thanks to Kaarel Nummert - kaarelnu - sf#2978815 [pdf] Fix generating PDF with table dimensions, thanks to BlinK_ - sf#2977725 [export] XML wrongly encoded, thanks to Victor Volkov - hanut - sf#2979234 [import] Create tables with current charset and collation. - sf#2979234, sf#2960105 [import] Properly import unicode text from ODS. - sf#2973280 [export] Proper handling of temporary directory in XLS export. - sf#2980582 [interface] Properly format server status parameter. - sf#2973949 [session] SQL History broken (revert sf#2899969), thanks to Dieter Adriaenssens - ruleant - [doc] Be more specific about problems with Suhosin. ------------------------------------------------------------------- Fri Mar 26 00:41:30 UTC 2010 - chris@computersalat.de - update to version 3.3.1 - sf#2941037 [core] Database structure not sorted by table correctly - sf#2948492 [interface] Slide effect masks some fields on search page - sf#2959746 [interface] Unknown table status: TABLE_TYPE - sf#2953050 [export] export VIEW as SQL includes INSERT statement - sf#2942032 [core] Cannot detect PmaAbsoluteUri correctly on Windows - sf#2961609 [auth] Potential information disclosure at login page - sf#2961540 [export] Do not export data of MERGE table, thanks to Dieter Adriaenssens - ruleant - sf#2961198 [parser] Querying a table named "data" - sf#2931429 [structure] Editing long triggers - sf#2970769 [structure] Incorrect reference to mootools-more.js - cleanup spec - fixed HEADER - sort TAGS - some macros (ap_...) - updated description - added postun o restart_on_update apache2 - some rpmlint stuff - fdupes - reworked patches - removed blowfish_secret - removed mysqli.patch - added config patch o mods to vendor_config - replaced Source1 phpmyadmin.conf > phpMyAdmin.http - config.inc.php to /etc/phpMyAdmin ------------------------------------------------------------------- Wed Mar 10 21:41:47 UTC 2010 - javier@opensuse.org - Updated to 3.3.0 + rfe #2308632 [edit] Use hex for (var)binary fields + sf#2794819 [navi] Filter for displayed table names - sf#2794840 [core] Cannot redeclare pma_tableheader() - rfe #2726479 [core] configurable maximal length of URL + sf#2724755 [display] Full/partial text links (big T) are back - bug [display] handle NavigationBarIconic as documented for navi buttons + rfe #2726479 [export] Export tables preselect + sf#2805828 [export] PHP array export plugin + sf#2798592 [import] Progress bar - bug [gui] Generate Password not working for 'Change Login Information', only for 'Change password' + [lang] Arabic update + rfe #2822190 [structure] BOOLEAN is standard SQL + [lang] German update + rfe #2813867 [structure] Default sorting order in list of tables + [import] Added MySQL type-detection functionality to import library + [import] Added ODS, Excel XLS, Excel XLSX, and XML import modules + [export] Added Excel XLSX export module + [core] Added ability for tracking changes made through phpMyAdmin + rfe #2839504 [engines] Support InnoDB plugin's new row formats + [core] Added ability for synchronizing databases among servers. + [lang] #2843101 Dutch update + [lang] Galician update + [export] Added MediaWiki export module + [lang] Turkish update + [auth] Add custom port configuration in signon - [core] Removed context from the error handler - sf#2883633 [export] Export of InnoDB table is incomplete + rfe #2862575 [status] Order query statistics by % desc, skip rows with 0 + rfe #2823686 [interface] Increase default height of query window + rfe #2129902 [structure] Don't hide indexes + sf#2812070 [interface] Allow selecting a range of rows by holding shift + [lang] Russian update, thanks to Victor Volkov + [lang] Greek update, thanks to Panagiotis Papazoglou + [lang] Norwegian update, thanks to Sven-Erik Andersen - sf#2929958 [import] Cannot import (French interface) - [security] Use X-Frame-Options header to protect against ClickJacking. + [lang] Finnish update, thanks to Jouni Kahkonen + [lang] Lithuanian update, thanks to Rytis Slatkevicius - rytis_s - sf#2931939 [status] Seeing "m" as unit is confusing - sf#2926613 [edit] Copy database shows errors when DB has foreign key + [lang] Catalan update, thanks to Xavier Navarro ------------------------------------------------------------------- Wed Jan 20 17:18:45 UTC 2010 - javier@opensuse.org - Updated to 3.2.5 - sf#2903400 [bookmarks] Status of bookmark table, thanks to Virsacer - virsacer - bug [history] QueryHistoryDB is not respected - sf#2905629 [auth] Blowfish secret is not hashed - sf#2910000 [gui] ShowServerInfo should hide all server info from main page - sf#2910568 [structure] Table size for ARCHIVE tables is not displayed - sf#2899969 [core] Session lock blocks working from a second window, thanks to Greg Roach - fisharebest - sf#2915168 [import] Incorrect parsing of DELIMITER keyword, thanks to Greg Roach - fisharebest - sf#2918831 [export] Missing backquotes on reserved words, thanks to Virsacer - virsacer - [core] Fix broken cleanup of $_GET - sf#2924357 [operations] Cannot rename a database that has foreign key constraints - sf#869006 [structure] Ignore number of records for MRG_MyISAM tables - bug [browse] "Show BLOB contents" should display HTML code that is present in a BLOB, thanks to Vincent van der Tuin - [privileges] Improve escaping of hostname ------------------------------------------------------------------- Tue Nov 10 01:45:00 UTC 2009 - javier@opensuse.org - sf#2856664 [export] Date, time, and datetime column types now export correctly to OpenOffice Spreadsheet - sf#2859788 [parser] Double-character delimiters (sf#2846239) - sf#2832600 [export] Slow export when having lots of databases - sf#2537766 [import] Comments are stripped when editing store procedures - sf#2852370 [operations] Renaming database deletes triggers - sf#2872247 [interface] Failed opening required 'mysql_charsets.lib.php' - bug [structure] "In use" table incorrectly reported as "view" - sf#2879909 [interface] Removed double htmlspecialchars when editing enum column - sf#2868328 [relations] Adding foreign key when table name contains a dot - sf#2883381 [doc] Side effects of MemoryLimit setting - sf#2826128 [display] Inverting sort order when expression contains a function name ------------------------------------------------------------------- Sat Sep 19 00:50:10 CEST 2009 - javier@opensuse.org - sf#2825293 [structure] Default value for a BIT column - bug [display] Red arrows were reversed in the list of tables - sf#2813879 [export] Duplicate empty lines when exporting without comments - sf#2825919 [export] Trigger export with database name - sf#2823996 [data] Cannot edit row with no PK and a BIT field - bug [export] Exporting results of a query which contains a LIMIT clause inside a subquery - sf#2837722 [export] Run complex SQL then export does not work - sf#2839548 [export] Triggers order on export - sf#2826986 [display] Order by BLOB and range display - bug [display] After clicking on Show Function or Function, the UPDATE query is not shown after execution - bug [structure] Missing validation for BINARY and VARBINARY ------------------------------------------------------------------- Sun Aug 16 06:13:35 UTC 2009 - javier@opensuse.org - sf#2799009 Login with ipv6 IP address breaks redirect - sf#2796066 [priv] Inconsistent display of databases list - sf#2802870 [display] Incorrect overhead value for InnoDB - bug [display] Incorrect display in replication status - sf#1601625 [display] The Ignore checkbox is not unchecked for ENUM - sf#2809930 [setup] Notice: Undefined variable: k in setup/index.php - bug [features] Incorrect report of missing relational features - [security] XSS: Insufficient output sanitizing (not exploitable without a vali d token) thanks to Sven Vetsch/Disenchant for informing us in a responsible manner - sf#2634827 [import] Using DELIMITER produces infinite cycle + new language files: uzbek_cyrillic and urbek_latin - sf#2814109 [search] Right frame is blank - sf#2816840 [priv] Cannot change a user's details - sf#2816165 [display] Executed query not always displayed - sf#2819944 [setup] Incorrect mention of designer_coords - sf#2821757 [insert] "Insert another new row" no longer worked + [lang] Norwegian update - bug [core] PMA_pow() can support negative exponents in the pow() case + [lang] Brazilian Portuguese update - sf#2822384 [docs] Missing auth_type in docs-example - sf#2819728 [display] Slider effect jumping to top of page - bug [display] Incorrect computation of overhead stats in server view for tables under the InnoDB engine + [lang] Swedish update ------------------------------------------------------------------- Fri Jul 24 15:51:24 UTC 2009 - javier@opensuse.org - First security release for phpMyAdmin 3.2.0 ------------------------------------------------------------------- Sun Jun 28 04:17:23 UTC 2009 - javier@opensuse.org - update to 3.2.0 ------------------------------------------------------------------- Sun May 4 16:19:43 UTC 2008 - crrodriguez@suse.de - phpMyAdmin package misses files (favicon.ico, scripts/*) [BNC #381747] - phpMyAdmin setup.php missing [BNC #335306] - update to version 2.11.6, bug fix only release - sf#1903724 [interface] Displaying of very large queries in error message - sf#1905711 [compatibility] Functions deprecated in PHP 5.3: is_a() and get_magic_quotes_gpc() - bug [lang] catalan wrong accented characters - sf#1893034 [Export] SET NAMES for importing with command-line client + [lang] Russian update - sf#1910485 [core] Unsetting the whitelist during the loop - sf#1906980 [Export] Import of VIEWs fails if temp table exists - sf#1812763 [Copy] Table copy when server is in ANSI_QUOTES sql_mode - sf#1918531 [compatibility] Navigation isn't w3.org valid - sf#1926357 [data] BIT defaults displayed incorrectly - sf#1930057 [auth] colon in password prevents HTTP login on CGI/IIS - sf#1929553 [lang] Don't output BOM character in Swedish language file - sf#1895796 [lang] Typo in Japanese lang files - sf#1935652 [auth] Access denied (show warning about mcrypt on login page) - sf#1906983 [export] Reimport of FUNCTION fails - sf#1919808 [operations] Renaming a database fails to handle functions - sf#1934401 [core] Cannot force a language - sf#1944077 [core] Config file containing a BOM - sf#1947189 [scripts] Missing head tag in scripts/signon.php - [lang] Romanian update ------------------------------------------------------------------- Mon Apr 7 11:27:24 UTC 2008 - crrodriguez@suse.de - pmd folder is missing in phpmyadmin 2.11.5.1 [bnc #376616] ------------------------------------------------------------------- Sat Mar 29 15:53:44 UTC 2008 - crrodriguez@suse.de - update to version 2.11.5.1 * sf#1909711 [security] Sensitive data in session files ------------------------------------------------------------------- Mon Mar 10 04:13:27 UTC 2008 - crrodriguez@suse.de - phpMyAdmin tries to access non-existing print.css [#307966] ------------------------------------------------------------------- Sat Mar 1 23:34:52 UTC 2008 - crrodriguez@suse.de - version 2.11.5 - sf#1862661 [GUI] Warn about rename deleting database - sf#1866041 [interface] Incorrect sorting with AS - sf#1871038 [import] Notice: undefined variable first_sql_delimiter - sf#1873110 [export] Problem exporting with a LIMIT clause - sf#1871164 [GUI] Empty and navigation frame synch. - sf#1873188 [GUI] Making db pager work when js is disabled, thanks to Jürgen Wind - windkiel - sf#1875010 [auth] MySQL server and client version mismatch (mysql ext.) - sf#1879031 [transform] dateformat transformation and UNIX timestamps, thanks to Tim Steiner - spam38 - bug [import] Do not verify a missing enclosing character for CSV, because files generated by Excel don't have any enclosing character - sf#1799691 [export] "Propose table structure" and Export - sf#1884911 [GUI] Space usage - sf#1863326 [GUI] Wrong error message / no edit (Suhosin) - sf#1887204 [GUI] Order columns in result list messing up query - sf#1893538 [GUI] Display issues on Opera 9.50, thanks to Jürgen Wind - windkiel - bug [GUI] Do not display the database name used by the previous user, thanks to Ronny Görner - bug [security] Remove cookies from Array for better coexistence with other applications, thanks to Richard Cunningham. See PMASA-2008-1. ------------------------------------------------------------------- Sun Jan 13 11:02:14 UTC 2008 - crrodriguez@suse.de - do not BuildRequire apache2-devel libapr-util1-devel pcre-devel - PreReq coreutils sed and grep - update to version 2.11.4 - sf#1843428 [GUI] Space issue with DROP/DELETE/ALTER TABLE - sf#1807816 [search] regular expression search doesn't work with backslashes - sf#1843463 [GUI] DROP PROCEDURE does not show alert - sf#1835904 [GUI] Back link after a SQL error forgets the query - sf#1835654 [core] wrong escaping when using double quotes - sf#1817612 [cookies] Wrong cookie path on IIS with PHP-CGI, thanks to Carsten Wiedmann - sf#1848889 [export] export trigger should use DROP TRIGGER IF EXISTS - sf#1851833 [display] Sorting forgets an explicit LIMIT (fix for sorting on column headers) - sf#1764182 [cookies] Suhosin cookie encryption breaks phpMyAdmin - sf#1798786 [import] Wrong error when a string contains semicolon - sf#1813508 [login] Missing parameter: field after re-login - sf#1710144 [parser] Space after COUNT breaks Export but not Query - sf#1783620 [parser] Subquery results without "as" are ignored - sf#1821264 [display] MaxTableList and INFORMATION_SCHEMA - sf#1859460 [display] Operations and many databases - sf#1814679 [display] Database selection pagination when switching servers - sf#1861717 [export] CSV Escape character not exported right, thanks to nicolasdigraf - sf#1864468 [display] Theme does not switch to darkblue_orange - sf#1847409 [security] Path disclosure on darkblue_orange/layout.inc.php, thanks to Jürgen Wind - windkiel ------------------------------------------------------------------- Wed Aug 22 12:36:22 UTC 2007 - crrodriguez@suse.de - 2.11.0-rc1 -> 2.11.0 final - mod_php_any is enough to get a webserver do not explicitly require apache2 - update phpmyadmin.conf adding the session save path to open_basedir as well ensuring some additional and possible conflicting php settings are set the way we want ------------------------------------------------------------------- Mon Aug 6 21:59:16 UTC 2007 - anosek@suse.cz - updated to version 2.11.0-rc1 ------------------------------------------------------------------- Mon Jul 30 11:38:44 UTC 2007 - anosek@suse.cz - updated to version 2.11.0-beta1 + [import] support handling of DELIMITER to mimic mysql CLI, thanks to fb1 + improved PHP 6 compatibility - sf#1674914 [structure] changing definition of a TIMESTAMP field - sf#1615530 [upload] added more specific error message if field upload fails - sf#1627210, #1083301, #1482401 [data] warning on duplicate indexes - sf#1668724 JavaScript focus login Opera - sf#1666657 [auth] Cookie password delete on timeout / inactivity - sf#1648802 different mysql library and server version - sf#1662976 [auth] Authentication fails when controluser/pass is set - sf#1643758 [import] Error #1264 importing NULL values in MySQL 5.0 - sf#1523747 [innodb] make warning about row count more visible - sf#1676012 [auth] strip non-US-ASCII characters (RFC2616) - sf#1679440 Added FAQ entry about header errors under IIS caused by an end-of-line character - [gui] avoid displaying a wide selector in server selection - sf#1614004 [relation] foreign key spanning multiple columns are incorrectly displayed - sf#1681598 [interface] Edit next row - sf#1688053 [export] Wrong export of binary character fields - sf#1498281 [parser] Wrong primary key used for displaying results with subquery - sf#1699772 Visual space bug in table name (in browser) - sf#1699532 Cause of data manipulation issues: implemented changes as suggested by crisp_; still have to work on updating an ENUM value + [doc] changed all documentation in config.inc.php to phpDocumentor style + [data] support for CREATE VIEW from query results + [gui] dropped css/ folder and moved into root of PMA + [l10n] new: Sinhala, Macedonian + [export] YAML export (see yaml.org), thanks to Bryce Thornton + [server] improved display of binary logs + [data] better error handling in tbl_create.php + [routines] from Patch #1649881, thanks to Mike Beck + [querywindow] store sql history in session + [querywindow] sql history now without db too + [querywindow] tweaks in sql history view + [export] Native Excel (Spreadsheet_Excel_Writer) improvements, thanks to Christian Schmidt + [doc] requirement of mcrypt on 64-bit, thanks to Isaac Bennetch + RFE #1435922 [gui] navigation frame shows listing of databases when none selected + [data] support BIT datatype (under mysqli), thanks to Christian Schmidt + [display] automatic confirmation for sort by key, thanks to Juergen Wind + [data] can now choose the number of insert rows + RFE #1704779 [gui] link documentation from login page + [structure] TRIGGERS: display/edit/drop/SQL export + [browse] store browse state in session per query + [gui] Insert/Edit: no longer display the Go button each 15 lines but just at the end of a row + [gui] Query window: use verbose server name if any + [auth] sf#1712514 specify host for single signon, thanks to Thierry + [gui] Navigator for the db list in the navigation panel + [gui] Navigator for the table list in the content panel - sf#1727138 HTML not encoded (more than 1000 characters) + [display] Support for MySQL 5.0.37 profiling + RFE #1743983 [gui] Replace $max_characters by a configurable param: $cfg['MaxCharactersInDisplayedSQL'] - sf#1746186 LeftLogoLink fails if set to some external site . [transformations]: remove "auto-detect" MIME-type that was never implemented + [display] sf#1749705, Allow multibyte characters in number formatting, thanks to garas - sf#1747215 Export emits blanks at line ends - sf#1751172 Do not export data when exporting a single VIEW + [privileges] Support password hashing on the Edit Privileges interface - sf#1755339 Warn about rename dataase actually being copy/delete - sf#1746921 Left frame shrinks on db change, thanks to Juergen Wind + [gui] Export: Select All/Unselect All over the choices, thanks to Florian Schmitz ------------------------------------------------------------------- Wed Jul 25 14:31:02 UTC 2007 - anosek@suse.cz - updated to version 2.10.3 - sf#1734285 Copy database with VIEWs - sf#1722502 DROP TABLE in export VIEW - sf#1729027 Sorting results of VIEW browsing - sf#1733012 Unwanted table alias in delete button - sf#1736405 Pretty printer and HTML line breaks - sf#1745257 Invalid DB name is still displayed - sf#1730367 Calendar "Go" has no effect - sf#1748633 Incorrect parameter validation for VIEWs + [lang] Russian revision, thanks to Victor Volkov and the users of php-myadmin.ru - Do not try to delete an internal relation if we just deleted an InnoDB one ------------------------------------------------------------------- Tue Jun 19 03:39:00 UTC 2007 - anosek@suse.cz - updated to version 2.10.2 + [data] display all warnings, not only last one - typo in fix for sf#1671813 - sf#1714908 Inserted Row Count is wrong - sf#1712570 Deleting last record freezes - sf#1717339 Missing header when deleting a checked column, thanks to Michael Keck - sf#1717477 Warning on Query page when db is empty - sf#1721002 db rename -> undefined cfgRelation, thanks to Jürgen Wind - sf#1721571 CREATE database privilege not always detected, thanks to Gordon McNaughton - sf#1715709 export in SQL format always includes procedures and functions - sf#1722502 DROP TABLE in export view structure - sf#1718787 Multi-server setup breaks Designer - sf#1724401 Column truncation in repair table output - sf#1726500 Wrong position of , thanks to Jürgen Wind - sf#1728590 Detected failing session_start fails, thanks to Jürgen Wind - RFE #1714760 Obey ShowCreateDb on the Databases tab - sf#1733762 Typo in message "INSERT DELAY", thanks to Victor Volkov - sf#1730171 Dead message strLanguageFileNotFound, thanks to Victor Volkov - sf#1731280 Avoid negative exponent in gmp_pow(), thanks to anosek ------------------------------------------------------------------- Tue Jun 12 21:48:10 UTC 2007 - anosek@suse.cz - updated to version 2.10.2-rc1 + [data] display all warnings, not only last one - typo in fix for sf#1671813 - sf#1714908 Inserted Row Count is wrong - sf#1712570 Deleting last record freezes - sf#1717339 Missing header when deleting a checked column, thanks to Michael Keck - sf#1717477 Warning on Query page when db is empty - sf#1721002 db rename -> undefined cfgRelation, thanks to Jürgen Wind - sf#1721571 CREATE database privilege not always detected, thanks to Gordon McNaughton - sf#1715709 export in SQL format always includes procedures and functions - sf#1722502 DROP TABLE in export view structure - sf#1718787 Multi-server setup breaks Designer - sf#1724401 Column truncation in repair table output - sf#1726500 Wrong position of </tbody>, thanks to Jürgen Wind - sf#1728590 Detected failing session_start fails, thanks to Jürgen Wind - RFE #1714760 Obey ShowCreateDb on the Databases tab ------------------------------------------------------------------- Tue Jun 5 00:56:30 UTC 2007 - anosek@suse.cz - fixed warning: gmp_pow(): Negative exponent not supported in common.lib.php [#271746] (gmp_pow.patch) ------------------------------------------------------------------- Tue Apr 24 08:46:01 UTC 2007 - anosek@suse.cz - updated to version 2.10.1 * bugfix release ------------------------------------------------------------------- Tue Mar 6 16:34:13 UTC 2007 - anosek@suse.cz - updated to version 2.10.0.2 * default value for $cfg['Servers'][$i]['ssl'] changed to false * fixes PHP Executor Deep Recursion Stack Overflow [#251757] ------------------------------------------------------------------- Wed Feb 28 14:16:10 UTC 2007 - anosek@suse.cz - updated to version 2.10.0 * Designer: new graphical relation manager * Improved speed on servers with thousands of databases/tables * Vertical field editor (optional) * Option to avoid counting rows for views * Calendar on search page * DOS-style end-of-lines in setup-generated files ------------------------------------------------------------------- Wed Jan 17 12:14:04 UTC 2007 - anosek@suse.cz - updated to version 2.9.2 * improved support for web clusters * deleting a user under MySQL 4.1.x * DELIMITER in export no longer commented out * export of query results and procedure definitions * detection of a binary column * problem on 64-bit systems * granting all privileges on a wildcard name * verification on encrypted zip files * security fixes ------------------------------------------------------------------- Sat Dec 2 21:16:07 UTC 2006 - mmarek@suse.cz - fix previous update which wrongly moved the config.inc.php file to the libraries subdirectory [#223721] ------------------------------------------------------------------- Thu Nov 23 16:01:59 UTC 2006 - anosek@suse.cz - security update to version 2.9.1.1 [#222594] [#222622] ------------------------------------------------------------------- Wed Nov 8 04:04:15 UTC 2006 - anosek@suse.cz - added suggestions from [#216213] * phpMyAdmin now uses mysqli extension not mysql (mysqli.patch) * added Required: php5-mbstring * phpMyAdmin now uses open_basedir for increased security ------------------------------------------------------------------- Tue Oct 17 15:25:56 UTC 2006 - postadal@suse.cz - updated to 2.9.0.2 * Improved readability of setup panels * PDF schema: automatic layout for InnoDB * Font size selector on main page * Export: support for procedures and functions * Can hide "Create Database" dialog * Customizable link under left logo * Export: "Open Document Text", "Open Document spreadsheet" formats * Export: new plugin architecture * User management: can create a db with the same name as created user * Use IEC binary units (KiB, MiB, ...) * Import: SQL compatibility selector * Possibility of using external authentication and use an empty MySQL password * Display MySQL warnings * Links to language-specific MySQL doc whenever possible * Security fixes ------------------------------------------------------------------- Thu Sep 21 06:18:48 UTC 2006 - anosek@suse.cz - updated to 2.9.0 * Improved readability of setup panels * PDF schema: automatic layout for InnoDB * Font size selector on main page * Export: support for procedures and functions * Can hide "Create Database" dialog * Customizable link under left logo * Export: "Open Document Text", "Open Document spreadsheet" formats * Export: new plugin architecture * User management: can create a db with the same name as created user * Use IEC binary units (KiB, MiB, ...) * Import: SQL compatibility selector * Possibility of using external authentication and use an empty MySQL password * Display MySQL warnings * Links to language-specific MySQL doc whenever possible ------------------------------------------------------------------- Wed Aug 23 21:06:46 UTC 2006 - anosek@suse.cz - updated to 2.8.2.4 * fixed cookie login on IIS with IE6 * fixed switching from scripts/setup.php to the main script in case of register_globals enabled ------------------------------------------------------------------- Tue Aug 15 20:48:22 UTC 2006 - anosek@suse.cz - update to 2.8.2.2 * fixed config not loaded on install (MySQL error code 2002 or 2003) ------------------------------------------------------------------- Thu Aug 3 18:53:02 UTC 2006 - mskibbe@suse.de - update to 2.8.2.1 * XSS vulnerability from requests not containing a token * reenabled XML option in Export * added a user with password containing a backslash * setup script: compatibility with security tokens * setup script: detection of writable config * reading the database list with MySQL wildcards ------------------------------------------------------------------- Thu Jun 1 12:57:37 UTC 2006 - postadal@suse.cz - updated to 2.8.1 (bugfix-only release) [#177091] * fixes some XSS vulnerabilities - removed obsoleted patches (2006-1804.patch, 2006-2031.patch) ------------------------------------------------------------------- Tue May 2 17:32:14 UTC 2006 - mmarek@suse.cz - fixed XSS in error messages [#170529] (CVE-2006-2031.patch) ------------------------------------------------------------------- Thu Apr 20 16:02:37 UTC 2006 - mmarek@suse.cz - fixed XSS in sql.php (and other scripts): add a secret token to each link and form to prevent linking to sql.php from outside [#165772] (CVE-2006-1804) ------------------------------------------------------------------- Thu Apr 13 14:52:47 UTC 2006 - mmarek@suse.cz - updated to 2.8.0.3 * fixes some XSS vulnerabilities * improves php-5.1.2 compatibility [#165772] - moved $cfg['blowfish_secret'] to separate file, so that config.inc.php isn't edited during install (blowfish_secret.patch) ------------------------------------------------------------------- Wed Jan 25 20:19:55 UTC 2006 - mls@suse.de - converted neededforbuild to BuildRequires ------------------------------------------------------------------- Tue Jan 17 16:53:13 UTC 2006 - postadal@suse.cz - added php-session to Requires [#137368] ------------------------------------------------------------------- Thu Jan 5 01:41:48 UTC 2006 - postadal@suse.cz - update to version 2.7.0-pl2 (security fixes) [#136015, 137368, 137797] - removed all patches ------------------------------------------------------------------- Tue Nov 22 19:00:46 UTC 2005 - postadal@suse.cz - fixed XSS on HTTP_HOST (HTTP_HOST.patch) [#133818] ------------------------------------------------------------------- Mon Nov 21 21:04:25 UTC 2005 - postadal@suse.cz - update to version 2.6.4-pl4 * fixes PMASA-2005-6 [#133818] (PMASA-2005-6.patch) - removed obsoleted patches: CVE-2005-2869.patch, PMASA-2005-4_and_5.patch, lang-utf8-fix.patch ------------------------------------------------------------------- Mon Nov 14 15:26:43 UTC 2005 - postadal@suse.cz - fixed CVE-2005-2869 (XSS on the cookie-based login panel) [#130226] (CVE-2005-2869.patch) ------------------------------------------------------------------- Tue Nov 1 12:26:05 UTC 2005 - postadal@suse.cz - fixed PMASA-2005-4 and PMASA-2005-5 [#130226] (PMASA-2005-4_and_5.patch) ------------------------------------------------------------------- Tue Aug 23 19:55:32 UTC 2005 - postadal@suse.cz - disabled auto-switch the lang to its UTF-8 version when Lang is set [#104600] ------------------------------------------------------------------- Thu Jul 28 03:26:13 UTC 2005 - postadal@suse.cz - update to 2.6.3-pl1 ------------------------------------------------------------------- Mon Jun 6 19:38:14 UTC 2005 - cthiel@suse.de - update to 2.6.2-pl1 ------------------------------------------------------------------- Tue Mar 8 01:35:42 UTC 2005 - mcihar@suse.cz - generate shorter key to make it work with mcrypt, see https://sourceforge.net/tracker/index.php?func=detail&aid=1115327&group_id=23067&atid=377408 ------------------------------------------------------------------- Fri Mar 4 15:58:09 UTC 2005 - mcihar@suse.cz - update to pl3, it includes previous fix and fixes editing fields with special names (sf#70864) ------------------------------------------------------------------- Thu Mar 3 05:33:39 UTC 2005 - mcihar@suse.cz - fix bad setting of privileges (sf#67276) ------------------------------------------------------------------- Tue Mar 1 18:25:09 UTC 2005 - mcihar@suse.cz - depend on mod_php_any ------------------------------------------------------------------- Thu Feb 24 12:47:49 UTC 2005 - mcihar@suse.cz - update to 2.6.1-p2 to fix several vulnerabilities (sf#66264) ------------------------------------------------------------------- Wed Feb 9 12:08:38 UTC 2005 - mcihar@suse.cz - depend on unversioned php modules, to allow both php4 and php5 installation ------------------------------------------------------------------- Mon Jan 24 17:11:01 UTC 2005 - mcihar@suse.cz - update to 2.6.1 - require php4-mcrypt for faster cookie encryption ------------------------------------------------------------------- Wed Oct 13 10:27:49 UTC 2004 - mcihar@suse.cz - update to 2.6.0-pl2 (sf#47160) - require php4-iconv as it seems to be on all arches now (sf#36642) ------------------------------------------------------------------- Tue Oct 5 13:52:43 UTC 2004 - mcihar@suse.cz - drop php4-recode dependency (sf#46817) ------------------------------------------------------------------- Mon Sep 6 04:07:57 UTC 2004 - mcihar@suse.cz - update to 2.6.0-rc2 ------------------------------------------------------------------- Fri Sep 3 08:17:25 UTC 2004 - mcihar@suse.cz - update to 2.6.0-rc1 - use pwgen for secret generating - don't ship scripts, as they're not needed for most users ------------------------------------------------------------------- Tue Apr 27 19:17:52 UTC 2004 - ro@suse.de - build using apache2 ------------------------------------------------------------------- Wed Mar 31 15:33:40 UTC 2004 - mcihar@suse.cz - require php4-recode for charset conversion (better solution for bugs [#36642] and #36560) ------------------------------------------------------------------- Mon Mar 22 09:15:44 UTC 2004 - mcihar@suse.cz - dropped php-4iconv dependency at all (sf#36642) ------------------------------------------------------------------- Fri Mar 19 15:34:42 UTC 2004 - mcihar@suse.cz - do not require php4-iconv on achitectures where it isn't built (sf#36560) ------------------------------------------------------------------- Mon Mar 8 10:37:50 UTC 2004 - mcihar@suse.cz - require all needed php modules ------------------------------------------------------------------- Mon Mar 1 09:16:37 UTC 2004 - mcihar@suse.cz - update to 2.5.6 ------------------------------------------------------------------- Mon Jan 5 16:29:39 UTC 2004 - mcihar@suse.cz - updated to 2.5.5-pl1 ------------------------------------------------------------------- Mon Oct 20 07:30:55 UTC 2003 - mcihar@suse.cz - updated to 2.5.4 ------------------------------------------------------------------- Thu Oct 16 14:52:30 UTC 2003 - mcihar@suse.cz - do not build as root - little spec file cleanup ------------------------------------------------------------------- Tue Sep 9 00:29:29 UTC 2003 - mcihar@suse.cz - automatically generate blowfish_secret on rpm installation - mark config file as %%config(noreplace) (this in conjuction with previous means that it will be never replaced on upgrade, this is okay as phpMyAdmin supports loading of old config files) ------------------------------------------------------------------- Mon Sep 8 11:19:25 UTC 2003 - mcihar@suse.cz - updated to 2.5.3: - many bugs fixed - messages about missing variables were displayed wrongly - more export bugs - confirmation of some dangerous SQL (TRUNCATE,DROP DATABASE) - new nice icons for actions ------------------------------------------------------------------- Thu Sep 4 12:46:38 UTC 2003 - mcihar@suse.cz - include documentation stylesheet ------------------------------------------------------------------- Fri Aug 29 19:27:03 UTC 2003 - mcihar@suse.cz - depend on mod_php rather that http_daemon as this needs php ------------------------------------------------------------------- Thu Aug 28 13:56:05 UTC 2003 - mcihar@suse.cz - include stylesheets ------------------------------------------------------------------- Thu Aug 7 01:51:18 UTC 2003 - mcihar@suse.cz - updated to 2.5.2-pl1 ------------------------------------------------------------------- Mon Mar 24 21:57:02 UTC 2003 - postadal@suse.cz - removed mysql from Requires, becouse can access to MySQL remotely [#25797] ------------------------------------------------------------------- Mon Feb 24 10:17:25 UTC 2003 - postadal@suse.cz - updated to verison 2.4.0 * new server/user management interface with sub-pages * export to LaTeX format * display UPDATE SQL statement after a row edit * (experimental) support for compressed connections to the MySQL server * upload of binary file into a field * show blob size * a lot of fixes ------------------------------------------------------------------- Wed Jan 29 19:43:40 UTC 2003 - postadal@suse.cz - updated to version 2.3.3pl1 * upload of compressed dumps * inform the user who does not have privileges to create a db * new internal analyzer for db, table, column and alias * a lot of fixes ------------------------------------------------------------------- Mon Aug 12 10:03:41 UTC 2002 - postadal@suse.cz - update to release 2.3.0 ------------------------------------------------------------------- Fri Aug 2 19:59:10 UTC 2002 - ro@suse.de - adapt server-root ------------------------------------------------------------------- Thu Aug 1 14:48:47 UTC 2002 - postadal@suse.cz - fixed required perl path ------------------------------------------------------------------- Wed Jul 31 22:38:40 UTC 2002 - postadal@suse.cz - update to version 2.3.0-rc4 * can specify a different charset for MySQL and HTML * utf-8 charset support * full database search * XML export * faster table delete under MySQL 4 * new language: slovenian * fixes ------------------------------------------------------------------- Mon Jul 1 05:53:47 UTC 2002 - ro@suse.de - fixed directory permissions ------------------------------------------------------------------- Thu Jan 10 12:09:07 UTC 2002 - rvasice@suse.cz - update to version 2.2.3 ------------------------------------------------------------------- Tue Sep 4 10:23:05 UTC 2001 - rvasice@suse.cz - update to version 2.2.0 final - dynamic multiple language support, with automatic detection - database usage statistics - table maintenance features (repair, check, optimize) - made package noarch ------------------------------------------------------------------- Thu Aug 2 23:51:57 UTC 2001 - rvasice@suse.cz - update to version 2.2.0rc3 ------------------------------------------------------------------- Mon Jun 18 09:49:14 UTC 2001 - rvasice@suse.cz - initial package release (version 2.1.0)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor