Hello community, here is the log from the commit of package phpMyAdmin for openSUSE:Factory checked in at 2017-01-29 10:36:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/phpMyAdmin (Old) and /work/SRC/openSUSE:Factory/.phpMyAdmin.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "phpMyAdmin" Changes: -------- --- /work/SRC/openSUSE:Factory/phpMyAdmin/phpMyAdmin.changes 2017-01-24 10:36:20.369380035 +0100 +++ /work/SRC/openSUSE:Factory/.phpMyAdmin.new/phpMyAdmin.changes 2017-02-03 18:55:43.831584092 +0100 @@ -1,0 +2,75 @@ +Wed Jan 25 22:12:33 UTC 2017 - ch...@computersalat.de + +- 4.6.6 (2017-01-23) + * gh#12759 Fix Notice regarding 'Undefined index: old_usergroup' + * gh#12760 Fix Notice regarding 'Undefined index: users' + * gh#12762 Fixed parsing of SQL with BINARY function + * gh#12588 ReCaptcha now works without allow_url_fopen + * gh#12699 Show no local storage warning only on settings tab + * gh#12778 Syntax Error in Adding/Changing TIMESTAMP columns with + default value as NULL + * gh#12769 Edit/Export links are not clickable under Routines tab + * gh#12757 Fixed creating new user with older MariaDB + * gh#12784 Remove ctype installation suggestion + * gh#12780 Format button replaces all text with blank spaces + * gh#12786 Fixed database searching + * gh#12792 Fixed javascript error on new version link + * gh#12785 Add information about required and suggested extensions + to composer.json + * gh#12801 Custom header shown twice with cookie login form + * gh#12802 Custom footer not shown with auth_type http login failure + * gh#12434 Improve documentation for servers running with Suhosin + * gh#12800 Updated embedded phpSecLib to 2.0.4 + * gh#12800 Fixed various issues with PHP 7.1 + * gh#11816 Fixed operation with lower_case_table_names=2 + * gh#12813 Fixed stored procedure execution + * gh#12826 Honor user configured connection collation + * gh#12293 Correctly report OpenSSL errors from cookie encryption + * gh#12814 DateTime won't allow to input length in Routine editor + * gh#12840 Fix Notice regarding 'Undefined index: row_format' when + altering table options + * gh#12841 Fixed moving of columns with whitespace in name + * gh#12847 Fixed editing of virtual columns + * gh#12859 Changed WHERE condition to 0 instead of 1 for SQL query + window to avoid accidents + * gh#12872 Use same query for display and execution when dropping + index + * gh#12868 Fix check for user groups freatures being enabled + * gh#12876 Fix notices and warning related to dbs_to_test global + * gh#12831 Fix table formatting on Insert tab, which mostly + affected row highlighting + * gh#12495 Reintroduced phpinfo page with limited capabilities + * gh#12861 Fix renaming tables with lower_case_table_names=2 + * gh#12876 Fix possible PHP error in navigation + * gh#12881 Fix database search with newer php-gettext + * gh#12894 Fix linter error on unterminated variable name + * gh#12732 Fixed filtering for active processes +- fix for boo#1021597 + * PMASA-2016-44 (CVE-2016-6621, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2016-44/ + - Multiple vulnerabilities in setup script + * PMASA-2017-1 ( CVE-Nya, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2017-1/ + - Open redirect + * PMASA-2017-2 ( CVE-2015-8980, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2017-2/ + - php-gettext code execution + * PMASA-2017-3 ( CVE-Nya, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2017-3/ + - DOS vulnerabiltiy in table editing + * PMASA-2017-4 ( CVE-Nya, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2017-4/ + - CSS injection in themes + * PMASA-2017-5 ( CVE-Nya, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2017-5/ + - Cookie attribute injection attack + * PMASA-2017-6 ( CVE-Nya, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2017-6/ + - SSRF in replication + * PMASA-2017-7 ( CVE-Nya, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2017-7/ + - DOS in replication status +- remove obsolete phpMyAdmin-12757_sql_syntax_errror.patch +- rework phpMyAdmin-config.patch + +------------------------------------------------------------------- Old: ---- phpMyAdmin-12757_sql_syntax_errror.patch phpMyAdmin-4.6.5.2-all-languages.tar.xz phpMyAdmin-4.6.5.2-all-languages.tar.xz.asc New: ---- phpMyAdmin-4.6.6-all-languages.tar.xz phpMyAdmin-4.6.6-all-languages.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ phpMyAdmin.spec ++++++ --- /var/tmp/diff_new_pack.55BGeS/_old 2017-02-03 18:55:44.419501534 +0100 +++ /var/tmp/diff_new_pack.55BGeS/_new 2017-02-03 18:55:44.423500972 +0100 @@ -29,7 +29,7 @@ %define ap_grp nogroup %endif Name: phpMyAdmin -Version: 4.6.5.2 +Version: 4.6.6 Release: 0 Summary: Administration of MySQL over the web License: GPL-2.0+ @@ -45,8 +45,6 @@ Patch0: %{name}-config.patch # Fix-SUSE: auto config for pma storage Patch1: %{name}-pma.patch -# Fix-SUSE: Fix #12757 SQL syntax errror on MariaDB < 10.0.2 in check for mysql password check plugin -Patch2: %{name}-12757_sql_syntax_errror.patch BuildRequires: apache2-devel BuildRequires: python-devel BuildRequires: xz @@ -117,7 +115,6 @@ perl -p -i -e 's|\r\n|\n|' examples/config.manyhosts.inc.php %patch0 %patch1 -%patch2 -p1 # rpmlint: fix incorrect-fsf-address find . -type f | xargs sed -i -e 's:59 Temple Place\, Suite 330\, Boston\, MA 02111-1307 USA:51 Franklin Street\, Fifth Floor\, Boston\, MA 02110-1301 USA:g' ++++++ phpMyAdmin-4.6.5.2-all-languages.tar.xz -> phpMyAdmin-4.6.6-all-languages.tar.xz ++++++ ++++ 16512 lines of diff (skipped) ++++++ phpMyAdmin-config.patch ++++++ --- /var/tmp/diff_new_pack.55BGeS/_old 2017-02-03 18:55:46.339231958 +0100 +++ /var/tmp/diff_new_pack.55BGeS/_new 2017-02-03 18:55:46.343231396 +0100 @@ -253,7 +253,7 @@ =================================================================== --- libraries/vendor_config.php.orig +++ libraries/vendor_config.php -@@ -17,18 +17,18 @@ if (! defined('PHPMYADMIN')) { +@@ -17,25 +17,25 @@ if (! defined('PHPMYADMIN')) { * Path to changelog file, can be gzip compressed. Useful when you want to * have documentation somewhere else, eg. /usr/share/doc. */ @@ -268,14 +268,13 @@ +define('LICENSE_FILE', '@docdir@/LICENSE'); /** - * Path to config file generated using setup script. + * Directory where SQL scripts to create/upgrade configuration storage reside. */ --define('SETUP_CONFIG_FILE', './config/config.inc.php'); -+define('SETUP_CONFIG_FILE', '@sysconfdir@/config.inc.php'); +-define('SQL_DIR', './sql/'); ++define('SQL_DIR', '@docdir@/sql/'); /** - * Whether setup requires writable directory where config -@@ -46,7 +46,7 @@ define('SQL_DIR', './sql/'); + * Directory where configuration files are stored. * It is not used directly in code, just a convenient * define used further in this file. */