Hello community, here is the log from the commit of package phpMyAdmin.3874 for openSUSE:13.1:Update checked in at 2015-07-04 11:17:32 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/phpMyAdmin.3874 (Old) and /work/SRC/openSUSE:13.1:Update/.phpMyAdmin.3874.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "phpMyAdmin.3874" Changes: -------- New Changes file: --- /dev/null 2015-06-25 09:04:34.320025005 +0200 +++ /work/SRC/openSUSE:13.1:Update/.phpMyAdmin.3874.new/phpMyAdmin.changes 2015-07-04 11:17:34.000000000 +0200 @@ -0,0 +1,1938 @@ +------------------------------------------------------------------- +Fri Jun 26 14:31:29 UTC 2015 - [email protected] + +- security update to 4.2.13.3: + * CVE-2015-3902: CSRF vulnerability in setup (PMASA-2015-2, boo#930992) + * CVE-2015-3903: Vulnerability allowing man-in-the-middle attack (PMASA-2015-3, boo#930993) + * CVE-2015-2206: Risk of BREACH attack (PMASA-2015-1, boo#920773) + +------------------------------------------------------------------- +Thu Dec 4 18:26:58 UTC 2014 - [email protected] + +- phpMyAdmin 4.1.14.8 + This update fixes one vulnerability. +- Security fixes: + * PMASA-2014-17 (CVE-2014-9218, CWE-661 CWE-400) [boo#908363] + http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php + - sf#4611 [security] DOS attack with long passwords + +------------------------------------------------------------------- +Thu Nov 20 22:09:13 UTC 2014 - [email protected] + +- phpMyAdmin 4.1.14.7 + This update fixes several vulnerabilities: + * PMASA-2014-16 (CVE-2014-8961, CWE-661 CWE-23) [boo#906488] + http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php + - sf#4595 [security] Path traversal can lead to leakage of + line count + * PMASA-2014-15 (CVE-2014-8960, CWE-661 CWE-79) [boo#906487] + http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php + - sf#4596 [security] XSS through exception stack + * PMASA-2014-14 (CVE-2014-8959, CWE-661 CWE-98) [boo#906486] + http://www.phpmyadmin.net/home_page/security/PMASA-2014-14.php + - sf#4594 [security] Path traversal in file inclusion of + GIS factory + * PMASA-2014-13 (CVE-2014-8958, CWE-661 CWE-79) [boo#906485] + http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php + - sf#4578 [security] XSS vulnerability in table print view + - sf#4579 [security] XSS vulnerability in zoom search page + - sf#4598 [security] XSS in multi submit + - sf#4597 [security] XSS through pma_fontsize cookie + +------------------------------------------------------------------- +Thu Nov 20 22:09:13 UTC 2014 - [email protected] + +- phpMyAdmin 4.1.14.7 + This update fixes several vulnerabilities: + * PMASA-2014-16 (CVE-2014-8961, CWE-661 CWE-23) [boo#906488] + http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php + - sf#4595 [security] Path traversal can lead to leakage of + line count + * PMASA-2014-15 (CVE-2014-8960, CWE-661 CWE-79) [boo#906487] + http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php + - sf#4596 [security] XSS through exception stack + * PMASA-2014-14 (CVE-2014-8959, CWE-661 CWE-98) [boo#906486] + http://www.phpmyadmin.net/home_page/security/PMASA-2014-14.php + - sf#4594 [security] Path traversal in file inclusion of + GIS factory + * PMASA-2014-13 (CVE-2014-8958, CWE-661 CWE-79) [boo#906485] + http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php + - sf#4578 [security] XSS vulnerability in table print view + - sf#4579 [security] XSS vulnerability in zoom search page + - sf#4598 [security] XSS in multi submit + - sf#4597 [security] XSS through pma_fontsize cookie + +------------------------------------------------------------------- +Tue Oct 21 22:59:45 UTC 2014 - [email protected] + +- phpMyAdmin 4.1.14.6 [boo#902154] [CVE-2014-8326] + This release fixes cross-site scripting vulnerabilities in the + SQL debug output and server monitor pages. This developer option + is not enabled by default. + - sf#4562 [security] XSS in debug SQL output + - sf#4563 [security] XSS in monitor query analyzer + +------------------------------------------------------------------- +Wed Oct 1 20:26:14 UTC 2014 - [email protected] + +- phpMyAdmin 4.1.14.5 [bnc#899452] [CVE-2014-7217] + Contains a fix for a cross-site scripting vulnerability in the + table search and table structure pages which could be trigged + with a crafted ENUM value + - sf#4544 [security] XSS vulnerabilities in table search and + table structure pages + +------------------------------------------------------------------- +Sun Sep 14 21:29:39 UTC 2014 - [email protected] + +- fix for bnc#896635 + * update to 4.1.14.4 (2014-09-13) + * PMASA-2014-10 (CVE-2014-6300, CWE-661 CWE-352) + http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php + - sf#4530 [security] DOM based XSS that results to a CSRF + that creates a ROOT account in certain conditions + +------------------------------------------------------------------- +Mon Aug 18 19:09:54 UTC 2014 - [email protected] + +- phpMyAdmin 4.1.14.3 [bnc#892401] + This update addresses several vulnerabilities discovered in + phpMyAdmin as well as a number of non-security issues. + * sf#4501 [security] XSS in table browse page + * sf#4502 [security] Self-XSS in enum value editor + * sf#4503 [security] Self-XSSes in monitor + * sf#4505 [security] XSS in view operations page + * sf#4504 [security] Self-XSS in query charts + * sf#4517 [security] XSS in relation view + (From 4.1.14.2): + * sf#4488 [security] XSS injection due to unescaped table name + (triggers) + * sf#4492 [security] XSS in AJAX confirmation messages + * sf#4491 [security] Missing validation for accessing User groups + feature + (From 4.1.14.1): + * sf#4464 [security] XSS injection due to unescaped db/table + name in navigation hiding +- Numerous non-security bugfixes from 4.1.14.0 through 4.1.9.0 as + listed at + https://github.com/phpmyadmin/phpmyadmin/blob/MAINT_4_1_14/ChangeLog + +------------------------------------------------------------------- +Wed Feb 26 23:13:24 UTC 2014 - [email protected] + +- fix for bnc#864917 + * PMASA-2014-1 ( CVE-2014-1879, CWE-661 CWE-79) + * update to >= 4.1.7 +- update to 4.1.8 (2014-02-22) + * sf#4276 Login loop on session expiry + * sf#4249 Incorrect number of result rows for SQL with subqueries + * sf#4275 Broken Link to php extension manual + * sf#4053 List of procedures is not displayed after executing with Enter + * sf#4081 Setup page content shifted to the right edge of its tabs + * sf#4284 Reordering a column erases comments for other columns + * sf#4286 Open "Browse" in a new tab + * sf#4287 Printview - Always one column too much + * sf#4288 Expand database (+ icon) after timeout doesn't do anything + * sf#4285 Fixed CSS for setup + * Fixed altering table to DOUBLE/FLOAT field + * sf#4292 Success message and failure message being shown together + * sf#4293 opening new tab (using selflink) for import.php based actions + results in error and logout + +------------------------------------------------------------------- +Sun Sep 29 11:13:39 UTC 2013 - [email protected] + +- update to 4.0.7 (2013-09-23) + - sf#3993 Sorting in database overview with statistics doesn't work + - bug Handle the situation where PHP_SELF is not set + - sf#4080 Overwrite existing file not obeyed + - sf#3929 Database-specific privileges are not copied when cloning user + - sf#3997 Error handling in case MySQL extension is missing + - sf#4089 Moving Columns will alter column definition + - sf#4091 Insert ignore option does not work + - sf#4090 Downloading BLOB downloads page template + - sf#4092 Clicking on table name in view of information_schema redirects to wrong page + - sf#4079 Copy Table Add AUTO_INCREMENT value checkbox not working + - sf#4088 MySQL server version at index.php incorrect w/ controlhost + - sf#4001 Import error: Class 'ImportOds' not found + - sf#3986 Missing DROP VIEW button + +------------------------------------------------------------------- +Sat Sep 7 15:42:13 UTC 2013 - [email protected] + +- update to 4.0.6 (2013-09-05) + - sf#4036 Call to undefined function mb_detect_encoding (clarify the doc) + - sf Missing hints when changing a column's structure + - sf#4048 Cannot select foreign value in Search + - sf#4025 gzip export is not actually compressed with mod_deflate + - sf#4054 query analysis doesn't launch in status monitor + + Add pmahomme icon credits (FamFamFam silk icon set) + - sf#4064 Table structure statistics "Space usage" caption too small for l10n + - sf#4051 Wrong tabindex when inserting rows + - sf#4066 varchar field not truncated in table browse mode + + rfe #1435 Opening database should expand it in the navigation menu + - (performance) Removed ShowTooltip directive + - sf#4046 Exporting huge Tables causes memory-Problems + +------------------------------------------------------------------- +Wed Aug 7 12:09:45 UTC 2013 - [email protected] + +- fix for bnc#833731 + * PMASA-2013-10 (CVE-2013-5029 CWE-661 CWE-693) + http://www.phpmyadmin.net/home_page/security/PMASA-2013-10.php + +------------------------------------------------------------------- +Mon Aug 5 21:51:23 UTC 2013 - [email protected] + +- update to 4.0.5 (2013-08-04) + + sf#3977 Not detected configuration storage + + sf#3970 Pressing enter in the filter field reloads page + + sf#3984 Cannot insert in this table (PHP < 5.4) + + sf#3989 Reloading privileges does not update the interface + + sf#3960 NavigationBarIconic config not honored + + sf#3985 Call to undefined function mb_detect_encoding + + sf#4007 Analyze option not shown for InnoDB tables + + sf#4015 Forcing a storage engine for configuration storage + + bug Incorrect Drizzle 7 detection + + sf#4019 Create database if not exists (export): add an option to the ++++ 1741 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:13.1:Update/.phpMyAdmin.3874.new/phpMyAdmin.changes New: ---- phpMyAdmin-4.2.13.3-all-languages.tar.bz2 phpMyAdmin-config.patch phpMyAdmin-rpmlintrc phpMyAdmin.changes phpMyAdmin.http phpMyAdmin.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ phpMyAdmin.spec ++++++ # # spec file for package phpMyAdmin # # Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: phpMyAdmin %define apxs %{_sbindir}/apxs2 %define ap_sysconfdir %(%{apxs} -q SYSCONFDIR) %define ap_serverroot %(%{apxs} -q PREFIX) %define ap_docroot %(%{apxs} -q PREFIX)/htdocs %define pma_config %{_sysconfdir}/%{name}/config.inc.php %if 0%{?suse_version} %define ap_usr wwwrun %define ap_grp www %else %define ap_usr nobody %define ap_grp nogroup %endif Summary: Administration of MySQL over the web License: GPL-2.0+ Group: Productivity/Networking/Web/Frontends Version: 4.2.13.3 Release: 0 Url: http://www.phpMyAdmin.net Source0: http://sourceforge.net/projects/phpmyadmin/files/%{name}-%{version}-all-languages.tar.bz2 Source1: %{name}.http Source100: %{name}-rpmlintrc Patch0: %{name}-config.patch BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: pwgen coreutils sed grep BuildRequires: apache2-devel BuildRequires: python-devel %if 0%{?suse_version} > 1020 BuildRequires: fdupes %endif # Requires: mod_php_any Requires: php-bz2 Requires: php-gd Requires: php-iconv Requires: php-mbstring Requires: php-mcrypt Requires: php-mysql Requires: php-session Requires: php-zlib Recommends: php5-zip %description phpMyAdmin can manage a whole MySQL server (needs a super-user) as well as a single database. To accomplish the latter you'll need a properly set up MySQL user who can read/write only the desired database. It's up to you to look up the appropriate part in the MySQL manual. Currently phpMyAdmin can: * browse and drop databases, tables, views, fields and indexes * create, copy, drop, rename and alter databases, tables, fields and indexes * maintenance server, databases and tables, with proposals on server configuration * execute, edit and bookmark any SQL-statement, even batch-queries * load text files into tables * create^1 and read dumps of tables * export^1 data to various formats: CSV, XML, PDF, ISO/IEC 26300 - OpenDocument Text and Spreadsheet, Word, Excel and L^AT[E]X formats * import data and MySQL structures from Microsoft Excel and OpenDocument spreadsheets, as well as XML, CSV, and SQL files * administer multiple servers * manage MySQL users and privileges * check referential integrity in MyISAM tables * using Query-by-example (QBE), create complex queries automatically connecting required tables * create PDF graphics of your Database layout * search globally in a database or a subset of it * transform stored data into any format using a set of predefined functions, like displaying BLOB-data as image or download-link * track changes on databases, tables and views * support InnoDB tables and foreign keys (see FAQ 3.6) * support mysqli, the improved MySQL extension (see FAQ 1.17) * communicate in 57 different languages * synchronize two databases residing on the same as well as remote servers (see FAQ 9.1) %prep %setup -q -n %{name}-%{version}-all-languages ## rpmlint: # wrong-file-end-of-line-encoding %{__perl} -p -i -e 's|\r\n|\n|' examples/config.manyhosts.inc.php %patch0 -p1 find . -type d -exec chmod 755 {} \; find . -type f -exec chmod 644 {} \; find . -type f -name '*.orig' -exec rm {} \; %build %install #%%{__install} -d -m0750 $RPM_BUILD_ROOT%%{_sysconfdir}/%%{name} %{__install} -d -m0755 $RPM_BUILD_ROOT%{ap_docroot}/%{name} %{__cp} -dR *.css *.php *.ico js libraries locale themes \ $RPM_BUILD_ROOT%{ap_docroot}/%{name} # install config to config dir %{__install} -D -m0640 $RPM_BUILD_ROOT%{ap_docroot}/%{name}/config.sample.inc.php \ $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/config.inc.php # fix libraries/vendor_config.php %{__sed} -i -e "s,@docdir@,%{_docdir}/%{name},g" -e "s,@sysconfdir@,%{_sysconfdir}/%{name},g" \ $RPM_BUILD_ROOT%{ap_docroot}/%{name}/libraries/vendor_config.php # fix libraries/common.inc.php #%%{__sed} -i -e "s,@PMA_Config@,%%{_sysconfdir}/%%{name}/config.inc.php,g" \ # $RPM_BUILD_ROOT%%{ap_docroot}/%%{name}/libraries/common.inc.php # generate file list find $RPM_BUILD_ROOT%{ap_docroot}/%{name} -mindepth 1 -maxdepth 1 -type d | sed -e "s@$RPM_BUILD_ROOT@@" > FILELIST find $RPM_BUILD_ROOT%{ap_docroot}/%{name} -maxdepth 1 -type f | grep -v 'config.inc.php' | sed -e "s@$RPM_BUILD_ROOT@@" >> FILELIST %{__install} -D -m0644 %{S:1} $RPM_BUILD_ROOT%{ap_sysconfdir}/conf.d/%{name}.conf # fix paths in http config %{__sed} -i -e "s,@ap_docroot@,%{ap_docroot},g" -e "s,@name@,%{name},g" \ -e "s,@docdir@,%{_docdir},g" $RPM_BUILD_ROOT%{ap_sysconfdir}/conf.d/%{name}.conf # rpmlint stuff %if 0%{?suse_version} > 1020 %fdupes ${RPM_BUILD_ROOT}%{ap_docroot}/%{name}/libraries %fdupes ${RPM_BUILD_ROOT}%{ap_docroot}/%{name}/themes %endif # Fix python-bytecode-inconsistent-mtime rm -rf doc/_ext/configext.pyc pushd doc/_ext %py_compile ./ popd %post # on `rpm -ivh` PARAM is 1 # on `rpm -Uvh` PARAM is 2 # set PmaAbsoluteUri ### generate blowfish secret %{__sed} -i -e "s,@FQDN@,$(cat /etc/HOSTNAME)," \ -e "s/\\\$cfg\['blowfish_secret'\] = ''/\$cfg['blowfish_secret'] = '`pwgen -s -1 46`'/" %{pma_config} %restart_on_update apache2 %postun %restart_on_update apache2 %clean %{__rm} -rf $RPM_BUILD_ROOT %files -f FILELIST %defattr(644,root,root,755) %doc ChangeLog %doc LICENSE README RELEASE-DATE* %doc examples doc %dir %attr(0750,root,%{ap_grp}) %{_sysconfdir}/%{name} %config(noreplace) %{_sysconfdir}/%{name}/config.inc.php %dir %{ap_docroot}/%{name} %config(noreplace) %{ap_sysconfdir}/conf.d/%{name}.conf %changelog ++++++ phpMyAdmin-config.patch ++++++ diff -Pdpru phpMyAdmin-4.2.0-all-languages.orig/config.sample.inc.php phpMyAdmin-4.2.0-all-languages/config.sample.inc.php --- phpMyAdmin-4.2.0-all-languages.orig/config.sample.inc.php 2014-05-08 13:23:36.000000000 +0200 +++ phpMyAdmin-4.2.0-all-languages/config.sample.inc.php 2014-05-08 22:20:06.671673724 +0200 @@ -10,11 +10,51 @@ * @package PhpMyAdmin */ +/* + * Your phpMyAdmin url + * + * Complete the variable below with the full url ie + * https://www.your_web.net/path_to_your_phpMyAdmin_directory/ + * + * It must contain characters that are valid for a URL, and the path is + * case sensitive on some Web servers, for example Unix-based servers. + * + * In most cases you can leave this variable empty, as the correct value + * will be detected automatically. However, we recommend that you do + * test to see that the auto-detection code works in your system. A good + * test is to browse a table, then edit a row and save it. There will be + * an error message if phpMyAdmin cannot auto-detect the correct value. + * + * If the auto-detection code does work properly, you can set to true the + * $cfg['PmaAbsoluteUri_DisableWarning'] variable below. + */ +$cfg['PmaAbsoluteUri'] = ''; + +/* + * Disable the default warning about $cfg['PmaAbsoluteUri'] not being set + * You should use this if and ONLY if the PmaAbsoluteUri auto-detection + * works perfectly. + */ +$cfg['PmaAbsoluteUri_DisableWarning'] = false; + +/* + * Disable the default warning that is displayed on the DB Details Structure page if + * any of the required Tables for the relationfeatures could not be found + */ +$cfg['PmaNoRelation_DisableWarning'] = false; + +/* + * Disable the default warning that is displayed if Suhosin is detected + * + * @global boolean $cfg['SuhosinDisableWarning'] + */ +$cfg['SuhosinDisableWarning'] = true; + /* * This is needed for cookie based authentication to encrypt password in * cookie */ -$cfg['blowfish_secret'] = 'a8b7c6d'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */ +$cfg['blowfish_secret'] = ''; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */ /* * Servers configuration @@ -25,51 +65,256 @@ $i = 0; * First server */ $i++; -/* Authentication type */ -$cfg['Servers'][$i]['auth_type'] = 'cookie'; -/* Server parameters */ -$cfg['Servers'][$i]['host'] = 'localhost'; -$cfg['Servers'][$i]['connect_type'] = 'tcp'; -$cfg['Servers'][$i]['compress'] = false; -$cfg['Servers'][$i]['AllowNoPassword'] = false; +// MySQL hostname or IP address +$cfg['Servers'][$i]['host'] = 'localhost'; + +// MySQL port - leave blank for default port +$cfg['Servers'][$i]['port'] = ''; + +// Path to the socket - leave blank for default socket +$cfg['Servers'][$i]['socket'] = ''; + +// Use SSL for connecting to MySQL server? +$cfg['Servers'][$i]['ssl'] = false; +// How to connect to MySQL server ('tcp' or 'socket') +$cfg['Servers'][$i]['connect_type'] = 'socket'; + +// The PHP MySQL extension to use ('mysql' or 'mysqli') +$cfg['Servers'][$i]['extension'] = 'mysqli'; + +// Use compressed protocol for the MySQL connection (requires PHP >= 4.3.0) +$cfg['Servers'][$i]['compress'] = false; + +// Authentication method (config, http or cookie based)? +$cfg['Servers'][$i]['auth_type'] = 'cookie'; + +// MySQL user +$cfg['Servers'][$i]['user'] = 'root'; + +// MySQL password (only needed with 'config' auth_type) +$cfg['Servers'][$i]['password'] = ''; + +// Allow access without password +$cfg['Servers'][$i]['AllowNoPassword'] = false; + +// whether to allow root login +$cfg['Servers'][$i]['AllowRoot'] = true; + +// Session to use for 'signon' authentication method +$cfg['Servers'][$i]['SignonSession'] = ''; + +// URL where to redirect user to login for 'signon' authentication method +$cfg['Servers'][$i]['SignonURL'] = ''; + +// URL where to redirect user after logout +$cfg['Servers'][$i]['LogoutURL'] = ''; + +// If set to a db-name, only this db is displayed in left frame +// It may also be an array of db-names, where sorting order is relevant. +$cfg['Servers'][$i]['only_db'] = ''; + +// Verbose name for this host - leave blank to show the hostname +$cfg['Servers'][$i]['verbose'] = ''; + +// set to false if you know that your pma_* tables +// are up to date. This prevents compatibility +// checks and thereby increases performance. +$cfg['Servers'][$i]['verbose_check'] = true; + +// Host authentication order, leave blank to not use +$cfg['Servers'][$i]['AllowDeny']['order'] = ''; + +// Host authentication rules, leave blank for defaults +$cfg['Servers'][$i]['AllowDeny']['rules'] = array(); + /* * phpMyAdmin configuration storage settings. */ +$cfg['Servers'][$i]['controlhost'] = 'localhost'; -/* User used to manipulate with storage */ -// $cfg['Servers'][$i]['controlhost'] = ''; -// $cfg['Servers'][$i]['controlport'] = ''; -// $cfg['Servers'][$i]['controluser'] = 'pma'; -// $cfg['Servers'][$i]['controlpass'] = 'pmapass'; +// MySQL control user settings (this user must have read-only +// access to the "mysql/user" and "mysql/db" tables). +// The controluser is also used for all relational features (pmadb) +$cfg['Servers'][$i]['controluser'] = ''; + +// The password needed for the controluser to login +// (see $cfg['Servers'][$i]['controluser']) +$cfg['Servers'][$i]['controlpass'] = ''; + +// Database used for Relation, Bookmark and PDF Features +// (see _docdir/examples/create_tables.sql) +// - leave blank for no support +// DEFAULT: 'phpmyadmin' +$cfg['Servers'][$i]['pmadb'] = 'phpmyadmin'; + +// Bookmark table +// - leave blank for no bookmark support +// DEFAULT: 'pma_bookmark' +$cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark'; + +// table to describe the relation between links (see doc) +// - leave blank for no relation-links support +// DEFAULT: 'pma_relation' +$cfg['Servers'][$i]['relation'] = 'pma__relation'; + +// table to describe the display fields +// - leave blank for no display fields support +// DEFAULT: 'pma_table_info' +$cfg['Servers'][$i]['table_info'] = 'pma__table_info'; + +// table to describe the tables position for the PDF schema +// - leave blank for no PDF schema support +// DEFAULT: 'pma_table_coords' +$cfg['Servers'][$i]['table_coords'] = 'pma__table_coords'; + +// table to describe pages of relationpdf +// - leave blank if you don't want to use this +// DEFAULT: 'pma_pdf_pages' +$cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages'; + +// table to store column information +// - leave blank for no column comments/mime types +// DEFAULT: 'pma_column_info' +$cfg['Servers'][$i]['column_info'] = 'pma__column_info'; + +// table to store SQL history +// - leave blank for no SQL query history +// DEFAULT: 'pma_history' +$cfg['Servers'][$i]['history'] = 'pma__history'; + +// Table to store user interface enhancement data. +// - Leave blank to disable. +// DEFAULT: 'pma_table_uiprefs' +$cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs'; + +// Table to store version/change tracking data +// - leave blank to disable +// DEFAULT: 'pma_tracking' +$cfg['Servers'][$i]['tracking'] = 'pma__tracking'; + +// Table in which to store information for the designer feature. +// DEFAULT: 'pma_designer_coords' +$cfg['Servers'][$i]['designer_coords'] = 'pma__designer_coords'; + +// Table to store user preferences -- allows users to set most +// preferences by themselves and store them in the phpMyAdmin +// configuration storage database. +// If you don't allow for storing preferences in pmadb, users can +// still personalize phpMyAdmin, but settings will be saved in +// browser's local storage, or, it is is unavailable, until the end +// of session. +// DEFAULT: 'pma_userconfig' +$cfg['Servers'][$i]['userconfig'] = 'pma__userconfig'; + +// Table to store a list of recently used tables to be shown in the +// left navigation frame. It helps you to jump across table directly, +// without the need to select the database, and then select the table. +// Using $cfg['LeftRecentTable'] you can configure the maximum number +// of recent tables shown. +// Without configuring the storage, you can still access the recently +// used tables, but it will disappear after you logout. +// DEFAULT: 'pma_recent' +$cfg['Servers'][$i]['recent'] = 'pma__recent'; + +// You can create different user groups with menu items attached to them. +// Users can be assigned to these groups and the logged in user +// would only see menu items configured to the usergroup he is assigned to. +// To do this it needs two tables “usergroups” (storing allowed menu items for each user group) +// and “users” (storing users and their assignments to user groups). +// DEFAULT: 'pma_users' +// DEFAULT: 'pma_usergroups' +$cfg['Servers'][$i]['users'] = 'pma__users'; +$cfg['Servers'][$i]['usergroups'] = 'pma__usergroups'; + +// You can hide/show items in the navigation tree. +// DEFAULT: 'pma_navigationhiding' +$cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding'; + +// +$cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches'; -/* Storage database and tables */ -// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin'; -// $cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark'; -// $cfg['Servers'][$i]['relation'] = 'pma__relation'; -// $cfg['Servers'][$i]['table_info'] = 'pma__table_info'; -// $cfg['Servers'][$i]['table_coords'] = 'pma__table_coords'; -// $cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages'; -// $cfg['Servers'][$i]['column_info'] = 'pma__column_info'; -// $cfg['Servers'][$i]['history'] = 'pma__history'; -// $cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs'; -// $cfg['Servers'][$i]['tracking'] = 'pma__tracking'; -// $cfg['Servers'][$i]['designer_coords'] = 'pma__designer_coords'; -// $cfg['Servers'][$i]['userconfig'] = 'pma__userconfig'; -// $cfg['Servers'][$i]['recent'] = 'pma__recent'; -// $cfg['Servers'][$i]['favorite'] = 'pma__favorite'; -// $cfg['Servers'][$i]['users'] = 'pma__users'; -// $cfg['Servers'][$i]['usergroups'] = 'pma__usergroups'; -// $cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding'; -// $cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches'; /* Contrib / Swekey authentication */ -// $cfg['Servers'][$i]['auth_swekey_config'] = '/etc/swekey-pma.conf'; +// The name of the file containing Swekey ids and login names for +// hardware authentication. Leave the string empty to deactivate this +// feature. +// see _docdir/examples/swekey.sample.conf +//$cfg['Servers'][$i]['auth_swekey_config'] = '/etc/phpMyAdmin/swekey-pma.conf'; + + +/*************************************** + * Second Server + */ /* - * End of servers configuration +$i++; +$cfg['Servers'][$i]['host'] = 'localhost'; +$cfg['Servers'][$i]['port'] = ''; +$cfg['Servers'][$i]['socket'] = ''; +$cfg['Servers'][$i]['ssl'] = false; +$cfg['Servers'][$i]['connect_type'] = 'socket'; +$cfg['Servers'][$i]['extension'] = 'mysqli'; +$cfg['Servers'][$i]['compress'] = false; +$cfg['Servers'][$i]['auth_type'] = 'cookie'; +$cfg['Servers'][$i]['user'] = 'root'; +$cfg['Servers'][$i]['password'] = ''; +$cfg['Servers'][$i]['AllowNoPassword'] = false; +$cfg['Servers'][$i]['AllowRoot'] = true; +$cfg['Servers'][$i]['SignonSession'] = ''; +$cfg['Servers'][$i]['SignonURL'] = ''; +$cfg['Servers'][$i]['LogoutURL'] = ''; +$cfg['Servers'][$i]['only_db'] = ''; +$cfg['Servers'][$i]['verbose'] = ''; +$cfg['Servers'][$i]['verbose_check'] = true; +$cfg['Servers'][$i]['AllowDeny']['order'] = ''; +$cfg['Servers'][$i]['AllowDeny']['rules'] = array(); +*/ + +/* + * phpMyAdmin configuration storage settings. */ /* +$cfg['Servers'][$i]['controlhost'] = 'localhost'; +$cfg['Servers'][$i]['controluser'] = ''; +$cfg['Servers'][$i]['controlpass'] = ''; +$cfg['Servers'][$i]['pmadb'] = 'phpmyadmin'; +$cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark'; +$cfg['Servers'][$i]['relation'] = 'pma__relation'; +$cfg['Servers'][$i]['table_info'] = 'pma__table_info'; +$cfg['Servers'][$i]['table_coords'] = 'pma__table_cords'; +$cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages'; +$cfg['Servers'][$i]['column_info'] = 'pma__column_info'; +$cfg['Servers'][$i]['history'] = 'pma__history'; +$cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs'; +$cfg['Servers'][$i]['tracking'] = 'pma__tracking'; +$cfg['Servers'][$i]['designer_coords'] = 'pma__designer_coords'; +$cfg['Servers'][$i]['userconfig'] = 'pma__userconfig'; +$cfg['Servers'][$i]['recent'] = 'pma__recent'; +$cfg['Servers'][$i]['users'] = 'pma__users'; +$cfg['Servers'][$i]['usergroups'] = 'pma__usergroups'; +$cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding'; +$cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches'; +$cfg['Servers'][$i]['auth_swekey_config'] = '/etc/phpMyAdmin/swekey-pma_02.conf'; +*/ + +// If you have more than one server configured, you can set $cfg['ServerDefault'] +// to any one of them to autoconnect to that server when phpMyAdmin is started, +// or set it to 0 to be given a list of servers without logging in +// If you have only one server configured, $cfg['ServerDefault'] *MUST* be +// set to that server. + +// Default server (0 = no default server) +$cfg['ServerDefault'] = 1; +$cfg['Server'] = '0'; +unset($cfg['Servers'][0]); + +/* + * End of servers configuration + ****************************************/ + + +/* * Directories for saving/loading files from server */ $cfg['UploadDir'] = ''; diff -Pdpru phpMyAdmin-4.2.0-all-languages.orig/libraries/vendor_config.php phpMyAdmin-4.2.0-all-languages/libraries/vendor_config.php --- phpMyAdmin-4.2.0-all-languages.orig/libraries/vendor_config.php 2014-05-08 13:23:37.000000000 +0200 +++ phpMyAdmin-4.2.0-all-languages/libraries/vendor_config.php 2014-05-08 22:05:00.222659219 +0200 @@ -17,18 +17,18 @@ if (! defined('PHPMYADMIN')) { * Path to changelog file, can be gzip compressed. Useful when you want to * have documentation somewhere else, eg. /usr/share/doc. */ -define('CHANGELOG_FILE', './ChangeLog'); +define('CHANGELOG_FILE', '@docdir@/ChangeLog'); /** * Path to license file. Useful when you want to have documentation somewhere * else, eg. /usr/share/doc. */ -define('LICENSE_FILE', './LICENSE'); +define('LICENSE_FILE', '@docdir@/LICENSE'); /** * Path to config file generated using setup script. */ -define('SETUP_CONFIG_FILE', './config/config.inc.php'); +define('SETUP_CONFIG_FILE', '@sysconfdir@/config.inc.php'); /** * Whether setup requires writable directory where config @@ -41,7 +41,7 @@ define('SETUP_DIR_WRITABLE', true); * It is not used directly in code, just a convenient * define used further in this file. */ -define('CONFIG_DIR', './'); +define('CONFIG_DIR', '@sysconfdir@/'); /** * Filename of a configuration file. ++++++ phpMyAdmin-rpmlintrc ++++++ addFilter("files-duplicated-waste") addFilter("files-duplicate") ++++++ phpMyAdmin.http ++++++ <Directory @ap_docroot@/@name@> Options FollowSymLinks AllowOverride None <IfModule mod_php5.c> php_admin_flag register_globals off php_admin_flag magic_quotes_gpc off php_admin_flag allow_url_include off php_admin_flag allow_url_fopen off php_admin_flag zend.ze1_compatibility_mode off php_admin_flag safe_mode Off php_admin_value open_basedir "@ap_docroot@/@name@:/var/lib/php5:/tmp:@docdir@/@name@:/etc/@name@" # customize suhosin php_admin_value suhosin.post.max_array_index_length 256 php_admin_value suhosin.post.max_totalname_length 8192 php_admin_value suhosin.post.max_vars 2048 php_admin_value suhosin.request.max_array_index_length 256 php_admin_value suhosin.request.max_totalname_length 8192 php_admin_value suhosin.request.max_vars 2048 </IfModule> </Directory> <Directory @ap_docroot@/@name@/libraries> Order allow,deny Deny from all </Directory>
