Hello community, here is the log from the commit of package phpMyAdmin.3874 for openSUSE:13.2:Update checked in at 2015-07-04 11:17:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.2:Update/phpMyAdmin.3874 (Old) and /work/SRC/openSUSE:13.2:Update/.phpMyAdmin.3874.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "phpMyAdmin.3874" Changes: -------- New Changes file: --- /dev/null 2015-06-25 09:04:34.320025005 +0200 +++ /work/SRC/openSUSE:13.2:Update/.phpMyAdmin.3874.new/phpMyAdmin.changes 2015-07-04 11:17:37.000000000 +0200 @@ -0,0 +1,2530 @@ +------------------------------------------------------------------- +Fri Jun 26 14:31:29 UTC 2015 - [email protected] + +- security update to 4.2.13.3: + * CVE-2015-3902: CSRF vulnerability in setup (PMASA-2015-2, boo#930992) + * CVE-2015-3903: Vulnerability allowing man-in-the-middle attack (PMASA-2015-3, boo#930993) + * CVE-2015-2206: Risk of BREACH attack (PMASA-2015-1, boo#920773) + +------------------------------------------------------------------- +Wed Dec 3 17:14:16 UTC 2014 - [email protected] + +- update to 4.2.13.1 (2014-12-03) + This update fixes several vulnerabilities +- Security fixes: + * PMASA-2014-18 (CVE-2014-9219, CWE-661 CWE-79) [boo#908364] + http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php + - sf#4612 [security] XSS vulnerability in redirection mechanism + * PMASA-2014-17 (CVE-2014-9218, CWE-661 CWE-400) [boo#908363] + http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php + - sf#4611 [security] DOS attack with long passwords + +------------------------------------------------------------------- +Sun Nov 30 22:47:22 UTC 2014 - [email protected] + +- update to 4.2.13 (2014-11-30) + - sf#4604 Query history not being deleted + - sf#4057 db/table query string parameters no longer work + - sf#4605 Unseen messages in tracking + - sf#4606 Tracking report export as SQL dump does not work + - sf#4607 Syntax error during db_copy operation + - sf#4608 SELECT permission issues with relations and restricted + access + +------------------------------------------------------------------- +Thu Nov 20 16:18:55 UTC 2014 - [email protected] + +- update to 4.2.12 (2014-11-20) + This update fixes several vulnerabilities, as well as a number of + other bug fixes. +- Security fixes: + * PMASA-2014-16 (CVE-2014-8961, CWE-661 CWE-23) [boo#906488] + http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php + - sf#4595 [security] Path traversal can lead to leakage of + line count + * PMASA-2014-15 (CVE-2014-8960, CWE-661 CWE-79) [boo#906487] + http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php + - sf#4596 [security] XSS through exception stack + * PMASA-2014-14 (CVE-2014-8959, CWE-661 CWE-98) [boo#906486] + http://www.phpmyadmin.net/home_page/security/PMASA-2014-14.php + - sf#4594 [security] Path traversal in file inclusion of + GIS factory + * PMASA-2014-13 (CVE-2014-8958, CWE-661 CWE-79) [boo#906485] + http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php + - sf#4578 [security] XSS vulnerability in table print view + - sf#4579 [security] XSS vulnerability in zoom search page + - sf#4598 [security] XSS in multi submit + - sf#4597 [security] XSS through pma_fontsize cookie +- Other bug fixes: + - sf#4574 Blank/white page when JavaScript disabled + - sf#4577 Multi row actions cause full page reloads + - fix ReferenceError: targeturl is not defined + - fix Incorrect text/icon display in Tracking report + - sf#4404 Recordset return from procedure display nothing + - sf#4584 Edit dialog for routines is too long for + smaller displays + - sf#4586 Javascript error after moving a column + - sf#4576 Issue with long comments on table columns + - sf#4599 Input field unnecessarily selected on focus + - sf#4602 Exporting selected rows exports all rows of the query + - sf#4444 No insert statement produced in SQL export for + queries with alias + - sf#4603 Field disabled when internal relations used + +------------------------------------------------------------------- +Fri Oct 31 17:44:05 UTC 2014 - [email protected] + +- update to 4.2.11 (2014-10-31) + - fix ReferenceError: Table_onover is not defined + - sf#4552 Incorrect routines display for database due to case + insensitive checks + - sf#4259 reCaptcha sound session expired problem + - sf#4557 PHP fatal error, undefined function __() + - sf#4568 Date displayed incorrectly when charting a timeline + - sf#4571 Database Privileges link does not work + - fix makegrid.js: where_clause is undefined + - sf#4572 missing trailing slash (import and open_basedir) + +------------------------------------------------------------------- +Tue Oct 21 22:59:45 UTC 2014 - [email protected] + +- phpMyAdmin 4.2.10.1 [boo#902154] [CVE-2014-8326] + This release fixes cross-site scripting vulnerabilities in the + SQL debug output and server monitor pages. This developer option + is not enabled by default. + - sf#4562 [security] XSS in debug SQL output + - sf#4563 [security] XSS in monitor query analyzer + +------------------------------------------------------------------- +Sat Oct 11 15:34:28 UTC 2014 - [email protected] + +- update to 4.2.10 (2014-10-11) + - sf#4361 Can't change font size + (when config.inc.php not present) + - sf#4542 Tab key in column name not shown + - fix bug PDF export: title not present in PDF + - sf#4543 Changing column name can break saved "order by" clause + - sf#4545 trying to favorite table while browser localStorage + is disabled throws JS error + - sf#4259 reCaptcha sound session expired problem + - sf#4548 Inline editing a field converts tab to spaces + - sf#4252 Database-level permission bug for db names containing + underscores + - sf#3120 Events are not exported when using xml + - sf#4554 Grid-editing timestamp column forces datepicker + - sf#4556 Fast filters for tables, views etc. should be governed + by NavigationTreeDisplayItemFilterMinimum + +------------------------------------------------------------------- +Wed Oct 1 20:26:14 UTC 2014 - [email protected] + +- phpMyAdmin 4.2.9.1 [bnc#899452] [CVE-2014-7217] + Contains a fix for a cross-site scripting vulnerability in the + table search and table structure pages which could be trigged + with a crafted ENUM value + - sf#4544 [security] XSS vulnerabilities in table search and + table structure pages + +------------------------------------------------------------------- +Sat Sep 20 12:12:53 UTC 2014 - [email protected] + +- update to 4.2.9 (2014-09-20) + - fix bug ajax.js responseHandler: cannot read property of null + - fix bug sql.js: str is undefined + - sf#4524 Allow for direct selection of "0" + on the "user overview" page + - sf#4529 Undefined index: pos + - sf#4523 tbl_change.js: insert as new row submit type on + multiple selected records does not set all AUTO_INCREMENTs + to 0 value + - fix bug ajax.js responseHandler: another "cannot read property" + - fix bug tbl_structure.js "cannot read property" + +------------------------------------------------------------------- +Sun Sep 14 21:10:17 UTC 2014 - [email protected] + +- fix for bnc#896635 + * update to 4.2.8.1 (2014-09-13) + * PMASA-2014-10 (CVE-2014-6300, CWE-661 CWE-352) + http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php + - sf#4530 [security] DOM based XSS that results to a CSRF + that creates a ROOT account in certain conditions + +------------------------------------------------------------------- +Fri Sep 5 18:39:29 UTC 2014 - [email protected] + +- rollback changes introduced by fix for bnc#894107 cause they + broke apache pkg. + +------------------------------------------------------------------- +Sun Aug 31 21:52:38 UTC 2014 - [email protected] + +- update to 4.2.8 (2014-08-31) + - sf#4516 Odd export behavior + - sf#4519 Uncaught TypeError: Cannot read property 'success' + of null + - sf#4520 sql.js: cannot read property + - sf#4521 Initially allowed chart types do not match selected + data + - sf#4518 Export to SQL: CREATE TABLE option AUTO_INCREMENT + ignored + - sf#4522 Duplicate column names while assigning index + - sf#4487 Export of partitioned table does not import + - fix bug server_privileges.js: cannot read property + - sf#4527 Importing ODS files with column names having trailing + spaces fails + - sf#4413 Navigation Error in Nav Tree for Search Results Past + the First Page + - fix bug functions.js: Cannot read property 'replace' of undefined + +------------------------------------------------------------------- +Fri Aug 29 14:58:31 UTC 2014 - [email protected] + +- fix for bnc#894107 + * fix post/postun for systemd + +------------------------------------------------------------------- +Tue Aug 19 21:46:14 UTC 2014 - [email protected] + +- fix changes file + * add missing PMASA / CVE info + +------------------------------------------------------------------- +Mon Aug 18 18:13:29 UTC 2014 - [email protected] + +- fix for bnc#892401 + * update to 4.2.7.1 + * PMASA-2014-8 (CVE-2014-5273, CWE-661 CWE-79) ++++ 2333 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:13.2:Update/.phpMyAdmin.3874.new/phpMyAdmin.changes New: ---- phpMyAdmin-4.2.13.3-all-languages.tar.bz2 phpMyAdmin-config.patch phpMyAdmin-rpmlintrc phpMyAdmin.changes phpMyAdmin.http phpMyAdmin.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ phpMyAdmin.spec ++++++ # # spec file for package phpMyAdmin # # Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: phpMyAdmin %define apxs %{_sbindir}/apxs2 %define ap_sysconfdir %(%{apxs} -q SYSCONFDIR) %define ap_serverroot %(%{apxs} -q PREFIX) %define ap_docroot %(%{apxs} -q PREFIX)/htdocs %define pma_config %{_sysconfdir}/%{name}/config.inc.php %if 0%{?suse_version} %define ap_usr wwwrun %define ap_grp www %else %define ap_usr nobody %define ap_grp nogroup %endif Summary: Administration of MySQL over the web License: GPL-2.0+ Group: Productivity/Networking/Web/Frontends Version: 4.2.13.3 Release: 0 Url: http://www.phpMyAdmin.net Source0: http://sourceforge.net/projects/phpmyadmin/files/%{name}-%{version}-all-languages.tar.bz2 Source1: %{name}.http Source100: %{name}-rpmlintrc Patch0: %{name}-config.patch BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: pwgen coreutils sed grep BuildRequires: apache2-devel BuildRequires: python-devel %if 0%{?suse_version} > 1020 BuildRequires: fdupes %endif # Requires: mod_php_any Requires: php-bz2 Requires: php-gd Requires: php-iconv Requires: php-mbstring Requires: php-mcrypt Requires: php-mysql Requires: php-session Requires: php-zlib Recommends: php5-zip %description phpMyAdmin can manage a whole MySQL server (needs a super-user) as well as a single database. To accomplish the latter you'll need a properly set up MySQL user who can read/write only the desired database. It's up to you to look up the appropriate part in the MySQL manual. Currently phpMyAdmin can: * browse and drop databases, tables, views, fields and indexes * create, copy, drop, rename and alter databases, tables, fields and indexes * maintenance server, databases and tables, with proposals on server configuration * execute, edit and bookmark any SQL-statement, even batch-queries * load text files into tables * create^1 and read dumps of tables * export^1 data to various formats: CSV, XML, PDF, ISO/IEC 26300 - OpenDocument Text and Spreadsheet, Word, Excel and L^AT[E]X formats * import data and MySQL structures from Microsoft Excel and OpenDocument spreadsheets, as well as XML, CSV, and SQL files * administer multiple servers * manage MySQL users and privileges * check referential integrity in MyISAM tables * using Query-by-example (QBE), create complex queries automatically connecting required tables * create PDF graphics of your Database layout * search globally in a database or a subset of it * transform stored data into any format using a set of predefined functions, like displaying BLOB-data as image or download-link * track changes on databases, tables and views * support InnoDB tables and foreign keys (see FAQ 3.6) * support mysqli, the improved MySQL extension (see FAQ 1.17) * communicate in 57 different languages * synchronize two databases residing on the same as well as remote servers (see FAQ 9.1) %prep %setup -q -n %{name}-%{version}-all-languages ## rpmlint: # wrong-file-end-of-line-encoding %{__perl} -p -i -e 's|\r\n|\n|' examples/config.manyhosts.inc.php %patch0 -p1 find . -type d -exec chmod 755 {} \; find . -type f -exec chmod 644 {} \; find . -type f -name '*.orig' -exec rm {} \; %build %install #%%{__install} -d -m0750 $RPM_BUILD_ROOT%%{_sysconfdir}/%%{name} %{__install} -d -m0755 $RPM_BUILD_ROOT%{ap_docroot}/%{name} %{__cp} -dR *.css *.php *.ico js libraries locale themes \ $RPM_BUILD_ROOT%{ap_docroot}/%{name} # install config to config dir %{__install} -D -m0640 $RPM_BUILD_ROOT%{ap_docroot}/%{name}/config.sample.inc.php \ $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/config.inc.php # fix libraries/vendor_config.php %{__sed} -i -e "s,@docdir@,%{_docdir}/%{name},g" -e "s,@sysconfdir@,%{_sysconfdir}/%{name},g" \ $RPM_BUILD_ROOT%{ap_docroot}/%{name}/libraries/vendor_config.php # fix libraries/common.inc.php #%%{__sed} -i -e "s,@PMA_Config@,%%{_sysconfdir}/%%{name}/config.inc.php,g" \ # $RPM_BUILD_ROOT%%{ap_docroot}/%%{name}/libraries/common.inc.php # generate file list find $RPM_BUILD_ROOT%{ap_docroot}/%{name} -mindepth 1 -maxdepth 1 -type d | sed -e "s@$RPM_BUILD_ROOT@@" > FILELIST find $RPM_BUILD_ROOT%{ap_docroot}/%{name} -maxdepth 1 -type f | grep -v 'config.inc.php' | sed -e "s@$RPM_BUILD_ROOT@@" >> FILELIST %{__install} -D -m0644 %{S:1} $RPM_BUILD_ROOT%{ap_sysconfdir}/conf.d/%{name}.conf # fix paths in http config %{__sed} -i -e "s,@ap_docroot@,%{ap_docroot},g" -e "s,@name@,%{name},g" \ -e "s,@docdir@,%{_docdir},g" $RPM_BUILD_ROOT%{ap_sysconfdir}/conf.d/%{name}.conf # rpmlint stuff %if 0%{?suse_version} > 1020 %fdupes ${RPM_BUILD_ROOT}%{ap_docroot}/%{name}/libraries %fdupes ${RPM_BUILD_ROOT}%{ap_docroot}/%{name}/themes %endif # Fix python-bytecode-inconsistent-mtime rm -rf doc/_ext/configext.pyc pushd doc/_ext %py_compile ./ popd %post # on `rpm -ivh` PARAM is 1 # on `rpm -Uvh` PARAM is 2 # set PmaAbsoluteUri ### generate blowfish secret %{__sed} -i -e "s,@FQDN@,$(cat /etc/HOSTNAME)," \ -e "s/\\\$cfg\['blowfish_secret'\] = ''/\$cfg['blowfish_secret'] = '`pwgen -s -1 46`'/" %{pma_config} %restart_on_update apache2 %postun %restart_on_update apache2 %clean %{__rm} -rf $RPM_BUILD_ROOT %files -f FILELIST %defattr(644,root,root,755) %doc ChangeLog %doc LICENSE README RELEASE-DATE* %doc examples doc %dir %attr(0750,root,%{ap_grp}) %{_sysconfdir}/%{name} %config(noreplace) %{_sysconfdir}/%{name}/config.inc.php %dir %{ap_docroot}/%{name} %config(noreplace) %{ap_sysconfdir}/conf.d/%{name}.conf %changelog ++++++ phpMyAdmin-config.patch ++++++ diff -Pdpru phpMyAdmin-4.2.0-all-languages.orig/config.sample.inc.php phpMyAdmin-4.2.0-all-languages/config.sample.inc.php --- phpMyAdmin-4.2.0-all-languages.orig/config.sample.inc.php 2014-05-08 13:23:36.000000000 +0200 +++ phpMyAdmin-4.2.0-all-languages/config.sample.inc.php 2014-05-08 22:20:06.671673724 +0200 @@ -10,11 +10,51 @@ * @package PhpMyAdmin */ +/* + * Your phpMyAdmin url + * + * Complete the variable below with the full url ie + * https://www.your_web.net/path_to_your_phpMyAdmin_directory/ + * + * It must contain characters that are valid for a URL, and the path is + * case sensitive on some Web servers, for example Unix-based servers. + * + * In most cases you can leave this variable empty, as the correct value + * will be detected automatically. However, we recommend that you do + * test to see that the auto-detection code works in your system. A good + * test is to browse a table, then edit a row and save it. There will be + * an error message if phpMyAdmin cannot auto-detect the correct value. + * + * If the auto-detection code does work properly, you can set to true the + * $cfg['PmaAbsoluteUri_DisableWarning'] variable below. + */ +$cfg['PmaAbsoluteUri'] = ''; + +/* + * Disable the default warning about $cfg['PmaAbsoluteUri'] not being set + * You should use this if and ONLY if the PmaAbsoluteUri auto-detection + * works perfectly. + */ +$cfg['PmaAbsoluteUri_DisableWarning'] = false; + +/* + * Disable the default warning that is displayed on the DB Details Structure page if + * any of the required Tables for the relationfeatures could not be found + */ +$cfg['PmaNoRelation_DisableWarning'] = false; + +/* + * Disable the default warning that is displayed if Suhosin is detected + * + * @global boolean $cfg['SuhosinDisableWarning'] + */ +$cfg['SuhosinDisableWarning'] = true; + /* * This is needed for cookie based authentication to encrypt password in * cookie */ -$cfg['blowfish_secret'] = 'a8b7c6d'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */ +$cfg['blowfish_secret'] = ''; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */ /* * Servers configuration @@ -25,51 +65,256 @@ $i = 0; * First server */ $i++; -/* Authentication type */ -$cfg['Servers'][$i]['auth_type'] = 'cookie'; -/* Server parameters */ -$cfg['Servers'][$i]['host'] = 'localhost'; -$cfg['Servers'][$i]['connect_type'] = 'tcp'; -$cfg['Servers'][$i]['compress'] = false; -$cfg['Servers'][$i]['AllowNoPassword'] = false; +// MySQL hostname or IP address +$cfg['Servers'][$i]['host'] = 'localhost'; + +// MySQL port - leave blank for default port +$cfg['Servers'][$i]['port'] = ''; + +// Path to the socket - leave blank for default socket +$cfg['Servers'][$i]['socket'] = ''; + +// Use SSL for connecting to MySQL server? +$cfg['Servers'][$i]['ssl'] = false; +// How to connect to MySQL server ('tcp' or 'socket') +$cfg['Servers'][$i]['connect_type'] = 'socket'; + +// The PHP MySQL extension to use ('mysql' or 'mysqli') +$cfg['Servers'][$i]['extension'] = 'mysqli'; + +// Use compressed protocol for the MySQL connection (requires PHP >= 4.3.0) +$cfg['Servers'][$i]['compress'] = false; + +// Authentication method (config, http or cookie based)? +$cfg['Servers'][$i]['auth_type'] = 'cookie'; + +// MySQL user +$cfg['Servers'][$i]['user'] = 'root'; + +// MySQL password (only needed with 'config' auth_type) +$cfg['Servers'][$i]['password'] = ''; + +// Allow access without password +$cfg['Servers'][$i]['AllowNoPassword'] = false; + +// whether to allow root login +$cfg['Servers'][$i]['AllowRoot'] = true; + +// Session to use for 'signon' authentication method +$cfg['Servers'][$i]['SignonSession'] = ''; + +// URL where to redirect user to login for 'signon' authentication method +$cfg['Servers'][$i]['SignonURL'] = ''; + +// URL where to redirect user after logout +$cfg['Servers'][$i]['LogoutURL'] = ''; + +// If set to a db-name, only this db is displayed in left frame +// It may also be an array of db-names, where sorting order is relevant. +$cfg['Servers'][$i]['only_db'] = ''; + +// Verbose name for this host - leave blank to show the hostname +$cfg['Servers'][$i]['verbose'] = ''; + +// set to false if you know that your pma_* tables +// are up to date. This prevents compatibility +// checks and thereby increases performance. +$cfg['Servers'][$i]['verbose_check'] = true; + +// Host authentication order, leave blank to not use +$cfg['Servers'][$i]['AllowDeny']['order'] = ''; + +// Host authentication rules, leave blank for defaults +$cfg['Servers'][$i]['AllowDeny']['rules'] = array(); + /* * phpMyAdmin configuration storage settings. */ +$cfg['Servers'][$i]['controlhost'] = 'localhost'; -/* User used to manipulate with storage */ -// $cfg['Servers'][$i]['controlhost'] = ''; -// $cfg['Servers'][$i]['controlport'] = ''; -// $cfg['Servers'][$i]['controluser'] = 'pma'; -// $cfg['Servers'][$i]['controlpass'] = 'pmapass'; +// MySQL control user settings (this user must have read-only +// access to the "mysql/user" and "mysql/db" tables). +// The controluser is also used for all relational features (pmadb) +$cfg['Servers'][$i]['controluser'] = ''; + +// The password needed for the controluser to login +// (see $cfg['Servers'][$i]['controluser']) +$cfg['Servers'][$i]['controlpass'] = ''; + +// Database used for Relation, Bookmark and PDF Features +// (see _docdir/examples/create_tables.sql) +// - leave blank for no support +// DEFAULT: 'phpmyadmin' +$cfg['Servers'][$i]['pmadb'] = 'phpmyadmin'; + +// Bookmark table +// - leave blank for no bookmark support +// DEFAULT: 'pma_bookmark' +$cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark'; + +// table to describe the relation between links (see doc) +// - leave blank for no relation-links support +// DEFAULT: 'pma_relation' +$cfg['Servers'][$i]['relation'] = 'pma__relation'; + +// table to describe the display fields +// - leave blank for no display fields support +// DEFAULT: 'pma_table_info' +$cfg['Servers'][$i]['table_info'] = 'pma__table_info'; + +// table to describe the tables position for the PDF schema +// - leave blank for no PDF schema support +// DEFAULT: 'pma_table_coords' +$cfg['Servers'][$i]['table_coords'] = 'pma__table_coords'; + +// table to describe pages of relationpdf +// - leave blank if you don't want to use this +// DEFAULT: 'pma_pdf_pages' +$cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages'; + +// table to store column information +// - leave blank for no column comments/mime types +// DEFAULT: 'pma_column_info' +$cfg['Servers'][$i]['column_info'] = 'pma__column_info'; + +// table to store SQL history +// - leave blank for no SQL query history +// DEFAULT: 'pma_history' +$cfg['Servers'][$i]['history'] = 'pma__history'; + +// Table to store user interface enhancement data. +// - Leave blank to disable. +// DEFAULT: 'pma_table_uiprefs' +$cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs'; + +// Table to store version/change tracking data +// - leave blank to disable +// DEFAULT: 'pma_tracking' +$cfg['Servers'][$i]['tracking'] = 'pma__tracking'; + +// Table in which to store information for the designer feature. +// DEFAULT: 'pma_designer_coords' +$cfg['Servers'][$i]['designer_coords'] = 'pma__designer_coords'; + +// Table to store user preferences -- allows users to set most +// preferences by themselves and store them in the phpMyAdmin +// configuration storage database. +// If you don't allow for storing preferences in pmadb, users can +// still personalize phpMyAdmin, but settings will be saved in +// browser's local storage, or, it is is unavailable, until the end +// of session. +// DEFAULT: 'pma_userconfig' +$cfg['Servers'][$i]['userconfig'] = 'pma__userconfig'; + +// Table to store a list of recently used tables to be shown in the +// left navigation frame. It helps you to jump across table directly, +// without the need to select the database, and then select the table. +// Using $cfg['LeftRecentTable'] you can configure the maximum number +// of recent tables shown. +// Without configuring the storage, you can still access the recently +// used tables, but it will disappear after you logout. +// DEFAULT: 'pma_recent' +$cfg['Servers'][$i]['recent'] = 'pma__recent'; + +// You can create different user groups with menu items attached to them. +// Users can be assigned to these groups and the logged in user +// would only see menu items configured to the usergroup he is assigned to. +// To do this it needs two tables “usergroups” (storing allowed menu items for each user group) +// and “users” (storing users and their assignments to user groups). +// DEFAULT: 'pma_users' +// DEFAULT: 'pma_usergroups' +$cfg['Servers'][$i]['users'] = 'pma__users'; +$cfg['Servers'][$i]['usergroups'] = 'pma__usergroups'; + +// You can hide/show items in the navigation tree. +// DEFAULT: 'pma_navigationhiding' +$cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding'; + +// +$cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches'; -/* Storage database and tables */ -// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin'; -// $cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark'; -// $cfg['Servers'][$i]['relation'] = 'pma__relation'; -// $cfg['Servers'][$i]['table_info'] = 'pma__table_info'; -// $cfg['Servers'][$i]['table_coords'] = 'pma__table_coords'; -// $cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages'; -// $cfg['Servers'][$i]['column_info'] = 'pma__column_info'; -// $cfg['Servers'][$i]['history'] = 'pma__history'; -// $cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs'; -// $cfg['Servers'][$i]['tracking'] = 'pma__tracking'; -// $cfg['Servers'][$i]['designer_coords'] = 'pma__designer_coords'; -// $cfg['Servers'][$i]['userconfig'] = 'pma__userconfig'; -// $cfg['Servers'][$i]['recent'] = 'pma__recent'; -// $cfg['Servers'][$i]['favorite'] = 'pma__favorite'; -// $cfg['Servers'][$i]['users'] = 'pma__users'; -// $cfg['Servers'][$i]['usergroups'] = 'pma__usergroups'; -// $cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding'; -// $cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches'; /* Contrib / Swekey authentication */ -// $cfg['Servers'][$i]['auth_swekey_config'] = '/etc/swekey-pma.conf'; +// The name of the file containing Swekey ids and login names for +// hardware authentication. Leave the string empty to deactivate this +// feature. +// see _docdir/examples/swekey.sample.conf +//$cfg['Servers'][$i]['auth_swekey_config'] = '/etc/phpMyAdmin/swekey-pma.conf'; + + +/*************************************** + * Second Server + */ /* - * End of servers configuration +$i++; +$cfg['Servers'][$i]['host'] = 'localhost'; +$cfg['Servers'][$i]['port'] = ''; +$cfg['Servers'][$i]['socket'] = ''; +$cfg['Servers'][$i]['ssl'] = false; +$cfg['Servers'][$i]['connect_type'] = 'socket'; +$cfg['Servers'][$i]['extension'] = 'mysqli'; +$cfg['Servers'][$i]['compress'] = false; +$cfg['Servers'][$i]['auth_type'] = 'cookie'; +$cfg['Servers'][$i]['user'] = 'root'; +$cfg['Servers'][$i]['password'] = ''; +$cfg['Servers'][$i]['AllowNoPassword'] = false; +$cfg['Servers'][$i]['AllowRoot'] = true; +$cfg['Servers'][$i]['SignonSession'] = ''; +$cfg['Servers'][$i]['SignonURL'] = ''; +$cfg['Servers'][$i]['LogoutURL'] = ''; +$cfg['Servers'][$i]['only_db'] = ''; +$cfg['Servers'][$i]['verbose'] = ''; +$cfg['Servers'][$i]['verbose_check'] = true; +$cfg['Servers'][$i]['AllowDeny']['order'] = ''; +$cfg['Servers'][$i]['AllowDeny']['rules'] = array(); +*/ + +/* + * phpMyAdmin configuration storage settings. */ /* +$cfg['Servers'][$i]['controlhost'] = 'localhost'; +$cfg['Servers'][$i]['controluser'] = ''; +$cfg['Servers'][$i]['controlpass'] = ''; +$cfg['Servers'][$i]['pmadb'] = 'phpmyadmin'; +$cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark'; +$cfg['Servers'][$i]['relation'] = 'pma__relation'; +$cfg['Servers'][$i]['table_info'] = 'pma__table_info'; +$cfg['Servers'][$i]['table_coords'] = 'pma__table_cords'; +$cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages'; +$cfg['Servers'][$i]['column_info'] = 'pma__column_info'; +$cfg['Servers'][$i]['history'] = 'pma__history'; +$cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs'; +$cfg['Servers'][$i]['tracking'] = 'pma__tracking'; +$cfg['Servers'][$i]['designer_coords'] = 'pma__designer_coords'; +$cfg['Servers'][$i]['userconfig'] = 'pma__userconfig'; +$cfg['Servers'][$i]['recent'] = 'pma__recent'; +$cfg['Servers'][$i]['users'] = 'pma__users'; +$cfg['Servers'][$i]['usergroups'] = 'pma__usergroups'; +$cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding'; +$cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches'; +$cfg['Servers'][$i]['auth_swekey_config'] = '/etc/phpMyAdmin/swekey-pma_02.conf'; +*/ + +// If you have more than one server configured, you can set $cfg['ServerDefault'] +// to any one of them to autoconnect to that server when phpMyAdmin is started, +// or set it to 0 to be given a list of servers without logging in +// If you have only one server configured, $cfg['ServerDefault'] *MUST* be +// set to that server. + +// Default server (0 = no default server) +$cfg['ServerDefault'] = 1; +$cfg['Server'] = '0'; +unset($cfg['Servers'][0]); + +/* + * End of servers configuration + ****************************************/ + + +/* * Directories for saving/loading files from server */ $cfg['UploadDir'] = ''; diff -Pdpru phpMyAdmin-4.2.0-all-languages.orig/libraries/vendor_config.php phpMyAdmin-4.2.0-all-languages/libraries/vendor_config.php --- phpMyAdmin-4.2.0-all-languages.orig/libraries/vendor_config.php 2014-05-08 13:23:37.000000000 +0200 +++ phpMyAdmin-4.2.0-all-languages/libraries/vendor_config.php 2014-05-08 22:05:00.222659219 +0200 @@ -17,18 +17,18 @@ if (! defined('PHPMYADMIN')) { * Path to changelog file, can be gzip compressed. Useful when you want to * have documentation somewhere else, eg. /usr/share/doc. */ -define('CHANGELOG_FILE', './ChangeLog'); +define('CHANGELOG_FILE', '@docdir@/ChangeLog'); /** * Path to license file. Useful when you want to have documentation somewhere * else, eg. /usr/share/doc. */ -define('LICENSE_FILE', './LICENSE'); +define('LICENSE_FILE', '@docdir@/LICENSE'); /** * Path to config file generated using setup script. */ -define('SETUP_CONFIG_FILE', './config/config.inc.php'); +define('SETUP_CONFIG_FILE', '@sysconfdir@/config.inc.php'); /** * Whether setup requires writable directory where config @@ -41,7 +41,7 @@ define('SETUP_DIR_WRITABLE', true); * It is not used directly in code, just a convenient * define used further in this file. */ -define('CONFIG_DIR', './'); +define('CONFIG_DIR', '@sysconfdir@/'); /** * Filename of a configuration file. ++++++ phpMyAdmin-rpmlintrc ++++++ addFilter("files-duplicated-waste") addFilter("files-duplicate") ++++++ phpMyAdmin.http ++++++ <Directory @ap_docroot@/@name@> Options FollowSymLinks AllowOverride None <IfModule mod_php5.c> php_admin_flag register_globals off php_admin_flag magic_quotes_gpc off php_admin_flag allow_url_include off php_admin_flag allow_url_fopen off php_admin_flag zend.ze1_compatibility_mode off php_admin_flag safe_mode Off php_admin_value open_basedir "@ap_docroot@/@name@:/var/lib/php5:/tmp:@docdir@/@name@:/etc/@name@" # customize suhosin php_admin_value suhosin.post.max_array_index_length 256 php_admin_value suhosin.post.max_totalname_length 8192 php_admin_value suhosin.post.max_vars 2048 php_admin_value suhosin.request.max_array_index_length 256 php_admin_value suhosin.request.max_totalname_length 8192 php_admin_value suhosin.request.max_vars 2048 </IfModule> </Directory> <Directory @ap_docroot@/@name@/libraries> Order allow,deny Deny from all </Directory>
