|
|
|
|
Changelog for phpMyAdmin-4.9.7-2.2.noarch.rpm :
* Fri Oct 16 2020 Andreas Stieger - phpMyAdmin 4.9.7: * Fix two factor authentication that was broken in 4.9.6 * Fix incompatibilities with older PHP versions * Mon Oct 12 2020 ecsos - Update to 4.9.6 This is a security release.- Fix boo#1177561 (CVE-2020-26934, PMASA-2020-5) XSS relating to the transformation feature- Fix boo#1177562 (CVE-2020-26935, PMASA-2020-6) SQL injection vulnerability in SearchController * Sun May 03 2020 chrisAATTcomputersalat.de- fix for boo#1170743 phpMyAdmin installation wipes it\'s sysconfig apache_server_flag entry * Sat May 02 2020 Arjen de Korte - Don\'t expand AATTFQDNAATT from /etc/HOSTNAME (this used to set $cfg[\'PmaAbsoluteUri\'] parameter, but this variable is no longer in the config.sample.ini file) * Thu Apr 23 2020 Dominique Leuenberger - Drop python-devel BuildRequires: python2 is EOL and this seems unused.- Drop xz BuildRequires: OBS takes care of unpacking the tarball. * Mon Mar 23 2020 ecsosAATTopensuse.org- Update to 4.9.5 This is a security release containing several bug fixes. * CVE-2020-10804: SQL injection vulnerability in the user accounts page, particularly when changing a password (boo#1167335, PMASA-2020-2) * CVE-2020-10802: SQL injection vulnerability relating to the search feature (boo#1167336, PMASA-2020-3) * CVE-2020-10803: SQL injection and XSS having to do with displaying results (boo#1167337, PMASA-2020-4) * Removing of the \"options\" field for the external transformation. * Tue Jan 21 2020 chrisAATTcomputersalat.de- fix for boo#1092345 * change ap_docroot from /srv/www/htdocs to /usr/share work is based on changes provided by ecsosAATTopensuse.org if phpMyAdmin.conf for apache was changed by local admin, we will create a backup and replace the original file with the new version sorry admins, but you need to apply your changes again * needed Alias /phpMyAdmin is an enabled APACHE_SERVER_FLAGS default for more info have a look into /etc/apache2/conf.d/phpMyAdmin.conf- cleanup tmp/twig on * uninstall * ap_docroot change * Wed Jan 08 2020 chrisAATTcomputersalat.de- update to 4.9.4 (2020-01-07) * https://github.com/phpmyadmin/phpmyadmin/blob/RELEASE_4_9_4/ChangeLog- fix for boo#1160456 * PMASA-2020-1 (CVE-2020-5504, CWE-661) https://www.phpmyadmin.net/security/PMASA-2020-1/ - SQL injection in user accounts page- fix changes about corresponding PMASA * Mon Dec 30 2019 ecsosAATTopensuse.org- phpMyAdmin 4.9.3 * Several PHP notices and warnings including \"Undefined index table_create_time,\" a notice about error_reporting() being disabled for security reasons, and several Undefined Index errors. * Support CloudFront-Forwarded-Proto header for Amazon CloudFront proxy * Early compatibility with development versions of PHP 8 * Fix replication actions (start, stop, etc) * Sat Nov 23 2019 Andreas Stieger - phpMyAdmin 4.9.2: * CVE-2019-18622: SQL injection in Designer feature (PMASA-2019-5, boo#1157614) * Fixes for \"Failed to set session cookie\" error * Advisor with MySQL 8.0.3 and newer * Fix PHP deprecation errors * Fix a situation where exporting users after a delete query could remove users * Fix incorrect \"You do not have privileges to manipulate with the users!\" warning * Fix copying a database\'s privileges and several other problems moving columns with MariaDB * Fix for phpMyAdmin not selecting all the values when using shift-click to select during Export * Sat Sep 21 2019 Andreas Stieger - phpMyAdmin 4.9.1: * CVE-2019-12922: hardening against CSRF (no PMASA, boo#1150914) * Editing columns with CURRENT_TIMESTAMP for MySQL versions 8.0.13 and newer * Compatibility issues with PHP 8 * Export of GIS visualization * Enhanced descriptions for several collation types * Creating a user with a single quote in the password string * Unexpected quotes during import and export on text fields * Improvements to adding new tables to Designer * Fix an issue where an authenticated user could trigger heavy traffic between the database server and web server * Fix a weakness where an attacker, under certain conditions, working at the same time as an administrator is using the setup script, could delete a server from the setup script * Sun Jun 30 2019 chrisAATTcomputersalat.de- fix changelog * add missing boo# with relation to CVE and PMASA- rebase phpMyAdmin-config.patch * Wed Jun 05 2019 ecsosAATTopensuse.org- phpMyAdmin 4.9.0.1: * Several issues with SYSTEM VERSIONING tables * Fixed json encode error in export * Fixed JavaScript events not activating on input (sql bookmark issue) * Show Designer combo boxes when adding a constraint * Fix edit view * Fixed invalid default value for bit field * Fix several errors relating to GIS data types * Fixed javascript error PMA_messages is not defined * Fixed import XML data with leading zeros * Fixed php notice, added support for \'DELETE HISTORY\' table privilege (MariaDB >= 10.3.4) * Fixed MySQL 8.0.0 issues with GIS display * Fixed \"Server charset\" in \"Database server\" tab showing wrong information * Fixed can not copy user on Percona Server 5.7 * Updated sql-parser to version 4.3.2, which fixes several parsing and linting problems- fix for boo#1137497 * PMASA-2019-4 (CVE-2019-12616, CWE-661) https://www.phpmyadmin.net/security/PMASA-2019-4/ - CSRF vulnerability in login form- fix for boo#1137496 * PMASA-2019-3 (CVE-2019-11768, CWE-661) https://www.phpmyadmin.net/security/PMASA-2019-3/ - SQL injection in Designer feature * Fri Feb 01 2019 andreas.stiegerAATTgmx.de- phpMyAdmin 4.8.5: * CVE-2019-6799: Arbitrary file read vulnerability (PMASA-2019-1, bsc#1123272) * CVE-2019-6798: SQL injection in the Designer interface PMASA-2019-2, bsc#1123271) * Fix rxport to SQL format not available * Fix QR code not shown when adding two-factor authentication to a user account * Fix issue with adding a new user in MySQL 8.0.11 and newer * Fix frozen interface relating to Text_Plain_Sql plugin * Fix missing table level operations tab * Wed Dec 12 2018 ecsosAATTopensuse.org- update to 4.8.4 (2018-12-11) - gh#14452 Remove hash param in edit query URL - gh#14295 Issue in Changing theme - gh#13267 Ensure that database names with \'.\' are handled properly when DisableIS is true - gh#14438 Invisible Icon \"Show Full Queries\" - gh#14133 CSS issue in Designer - gh#14447 Error while copying database (pma__column_info) - gh#14571 \"No database selected\" - DROP a view - gh#14636 Move operation causes SELECT * FROM `undefined` - gh#14630 Enum \'0\' produces incorrect search SQL - gh#14223 Fix TypeError in database designer - gh#13621 QBE selenium tests broken since merge of #13342 - gh#14672 When logging with $cfg[\'AuthLog\'] to syslog, successful login messages were not logged even if $cfg[\'AuthLogSuccess\'] was true. - gh#14339 Fix infinite loop when sorting table rows by key. - gh#14658 Regression on multi table query functionality (foreign keys) - gh#14617 Fix designer errors when database is empty - gh#13032 Fix designer errors when database contains special chars - gh#14352 Fix designer javascript errors - gh#14764 Fix left/right icons hidden- fix for boo#1119245 - PMASA-2018-6 (CVE-2018-19968, CWE-661) https://www.phpmyadmin.net/security/PMASA-2018-6/ - PMASA-2018-7 (CVE-2018-19969, CWE-661) https://www.phpmyadmin.net/security/PMASA-2018-7/ - PMASA-2018-8 (CVE-2018-19970, CWE-661) https://www.phpmyadmin.net/security/PMASA-2018-8/ * Thu Aug 23 2018 ecsosAATTopensuse.org- update to 4.8.3 (2018-08-22) - gh#14314 Error when naming a database \'0\' - gh#14333 Fix NULL as default not shown - gh#14229 Fixes issue with recent table list - gh#14045 Fix slow performance on DB structure filtering - gh#14327 Fix Editing server variable not showing save or cancel option - gh#14377 Populate options for view create and edit - gh#14171 2FA configuration fails if PHP doesn\'t have GD support - gh#14390 Can\'t unhide tables - gh#14382 \"Visualize GIS data\" icon missing - gh#14435 Event scheduler status toggle doesn\'t work - gh#14365 View not working on multiple servers - gh#14207 Partition actions in table structure do not work - gh#14375 Fixes ERR_BLOCKED_BY_XSS_AUDITOR on export table - gh#14552 Blank message shown instead of MySQL error when adding trigger and other locations - gh#14525 Fix PHP 7.3 warning: \"continue\" in \"switch\" is equal to \"break\" - gh#14554 Icon missing when creating a new trigger, routine, and event - gh#14422 Table comment not showing since 4.8.1 - gh#14426 Drop table doesn\'t work when you copy tables to another database - gh#14581 Escaped HTML in \'Add a new server\' setup - gh#14548 [security] HTML injection in import warning messages, see PMASA-2018-5- fix for boo#1105726 - PMASA-2018-5 (CVE-2018-15605, CWE-661) https://www.phpmyadmin.net/security/PMASA-2018-5/ * Tue Jul 31 2018 chrisAATTcomputersalat.de- fix for boo#1103305 * add missing dependency for php-ctype * Fri Jun 22 2018 chrisAATTcomputersalat.de- update to 4.8.2 (2018-06-21) * issue #14370 WHERE 0 causes Fatal error * issue #14225 Fix missing index icon- fix for boo#1098752 * PMASA-2018-3 (CVE-2018-12581, CWE-661) https://www.phpmyadmin.net/security/PMASA-2018-3/ - XSS in Designer feature- fix for boo#1098751 * PMASA-2018-4 (CVE-2018-12613, CWE-661) https://www.phpmyadmin.net/security/PMASA-2018-4/ - File inclusion and remote code execution attack- some minor changelog fixes about security fix entries * Sat May 26 2018 ecsosAATTopensuse.org- update to 4.8.1 (2018-05-25) * gh#12772 Fix case where the central columns attributes don\'t get filled in * gh#14049 Fix case where the query builder doesn\'t work when selected column is * * gh#14029 Revert \"Browse\" table CSS overflow * gh#14241 Dropping indexes and foreign keys fail * gh#14227 Relational linking broken * gh#14246 Fixed error in configuration storage zero config * gh#14128 Show 2FA Secret next to QR code * gh#14212 XML Export from single table throws fatal error * gh#14239 Line and some other charts ignore result set order of values chosen for the x-axis * gh#14260 Fixed configuration for DefaultLang and Lang * gh#14264 Linking for \'Distinct values\' broken * gh#13968 Fix MariaDB 10.2 current_timestamp() * gh#14249 Fix for missing go button in view edit * gh#14125 Fix for issues with spatial fields * gh#14189 Remember table\'s sorting broken * gh#14289 Fix multi-column sorting * gh#14278 Fix central columns in-line edit bug * gh#14066 Fix AUTO_INCREMENT error when only exporting table structure in database-level exports * gh#13893 Simulating queries produces unexpected results * gh#14309 Setup script icons missing * Fri Apr 20 2018 ecsosAATTopensuse.org- update to 4.8.0.1 (2018-04-19)- fix for boo#1090309 * PMASA-2018-2 (CVE-2018-10188, CWE-661) https://www.phpmyadmin.net/security/PMASA-2018-2/ - Multiple CSRF vulnerabilities * Wed Apr 11 2018 ecsosAATTopensuse.org- fix wrong require /usr/bin/bash to /bin/bash so phpMyAdmin could install- insert missing templates dir in htaccess See https://docs.phpmyadmin.net/de/latest/setup.html#securing-your-phpmyadmin-installation- create tmp dir and insert this in htaccess to fix the errormessage after login * Wed Apr 11 2018 javierAATTopensuse.org- spec clean up * Let rpm find the library dependencies by itself. Remove unneeded explicit Requires: tags (php-zlib) * Remove logic for obsolete openSUSE releases * Ignore pem-certificate rpmlint warning (see libraries/certs/README.rst) * Remove hidden .github, .php_cs.dist, .scrutinizer.yml and .editorconfig * Remove php_twig.h and twig.c (devel) * Set proper shebang for bash and php scripts * Make phpmyadmin/sql-parser/bin/ *-query and paragonie/random_compat/ *.sh executable * Wed Apr 11 2018 javierAATTopensuse.org- update to 4.8.0 (2018-04-07) * gh#12946 Allow to export JSON with unescaped unicode chars * gh#12983 Disable login button without solved reCaptcha * gh#12315 Allow to remove individual segments from pie charts * gh Change label from \"Improve table structure\" to \"Normalize\" to match standard terminology * gh#13087 Offer login as different user on access denied from MySQL * gh#13110 Indicate when HTTPS is not properly reported on the server * gh#13119 No database selected error when adding foreign key * gh#12388 Improved database search to allow search for exact phrase match * gh#13099 Report error when trying to copy database to same name * gh#13167 Themes now have to contain metadata in theme.json * gh#6363 phpMyAdmin no longer requires eval() in PHP * gh#12386 The mbstring dependency is now optional * gh#13269 Small refactoring in preparation to CSP * gh#13384 Database link broken in Databases Page * gh#13391 Configurable authentication logging using $cfg[\'AuthLog\'] * gh#13086 Add support for Google Invisible Captcha * gh#13058 Improved error reporting for reCAPTCHA * gh#12899 Improved rendering of server variables table * gh#12948 Fixed javascript editor for TIME values * gh#13095 Fixed alignment of foreign keys editing * gh#12944 Improved inline editor for JSON * gh#13145 Improved layout of operations pages * gh#13448 Add \"format\" query button in edit view form * gh#6241 Implement Responsive Design/mobile interface * gh Use a single location for classes under PhpMyAdmin namespace * gh#12354 Indicate SSL status on main page * gh#5666 Configuration directives for defaults of Transformation options * gh#12261 Remove inline JavaScript * gh#13408 Show MySQL warnings when executing SQL queries * gh#5827 Allow Designer to show tables from other databases * gh#13268 Replace Query-By-Example with multi-table query generator interface * gh#13576 Add privileges export to per-database listing * gh Consolidate functions into class files * gh#13560 Add support for changing collation for all tables and columns in database * gh#13303 Add support for creating fulltext index from table structure * gh#13711 Lower default value for $cfg[\'MaxExactCount\'] * gh#13722 DisableIS is not fully honored * gh#6197 Added support for authentication using U2F and 2FA * gh#13480 Avoid removing cookies on upgrade * gh#13397 Remember state of navigation panel * gh#11688 Reduced cookie usage * gh#13466 Better utilization of user preferences * gh#14042 Rename PMD to Designer * gh#13940 Honor arg_separator in AJAX requests * gh#14060 Can\'t edit rows in Internet Explorer * gh#14096 Internet Explorer compatibility; fixes JavaScript error Object doesn\'t support property or method \'startsWith\' * Tue Mar 06 2018 ecsosAATTopensuse.org- update to 4.7.9 (2018-03-05) * gh#13931 Fixed browsing tables with more results * gh#13927 \"Not an integer\" when browsing a table * gh#13887 \"Input variables exceeded 1000\" error relating to PHP\'s max_input_vars directive * Thu Feb 22 2018 astiegerAATTsuse.com- phpMyAdmin 4.7.8: * Fixed error handling with PHP 7.2 * Fixed resetting default setting values * Fixed fallback value for collation connection- fix for boo#1082188 * PMASA-2018-1 (CVE-2018-7260, CWE-661) https://www.phpmyadmin.net/security/PMASA-2018-1/ - Fix XSS in Central Columns Feature
|
|
|