Hello community,
here is the log from the commit of package adminer for openSUSE:Factory checked
in at 2019-10-23 15:51:09
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/adminer (Old)
and /work/SRC/openSUSE:Factory/.adminer.new.2352 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "adminer"
Wed Oct 23 15:51:09 2019 rev:21 rq:741894 version:4.7.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/adminer/adminer.changes 2019-08-29
17:29:20.467250877 +0200
+++ /work/SRC/openSUSE:Factory/.adminer.new.2352/adminer.changes
2019-10-23 15:51:14.382719859 +0200
@@ -1,0 +2,13 @@
+Tue Oct 22 13:32:40 UTC 2019 - ji...@boombatower.com
+
+- Update to version 4.7.4:
+ * Release 4.7.4
+ * Fix XSS if Adminer is accessible at URL /data:
+ * Do not put unused doc links to single driver compiled version
+ * Fix PostgreSQL doc root
+ * Save bytes
+ * add links to oracle docs
+ * add links to postgres docs
+ * Bump version
+
+-------------------------------------------------------------------
Old:
----
adminer-4.7.3.tar.xz
New:
----
adminer-4.7.4.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ adminer.spec ++++++
--- /var/tmp/diff_new_pack.iZIkpT/_old 2019-10-23 15:51:15.842721437 +0200
+++ /var/tmp/diff_new_pack.iZIkpT/_new 2019-10-23 15:51:15.846721441 +0200
@@ -22,7 +22,7 @@
%bcond_with mongodb
%bcond_with mssql
Name: adminer
-Version: 4.7.3
+Version: 4.7.4
Release: 0
Summary: Database management in a single PHP file
License: GPL-2.0-only OR Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.iZIkpT/_old 2019-10-23 15:51:15.886721485 +0200
+++ /var/tmp/diff_new_pack.iZIkpT/_new 2019-10-23 15:51:15.886721485 +0200
@@ -2,7 +2,7 @@
<service name="tar_scm" mode="disabled">
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param>
- <param name="revision">refs/tags/v4.7.3</param>
+ <param name="revision">refs/tags/v4.7.4</param>
<param name="url">https://github.com/vrana/adminer.git</param>
<param name="scm">git</param>
<param name="changesgenerate">enable</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.iZIkpT/_old 2019-10-23 15:51:15.902721502 +0200
+++ /var/tmp/diff_new_pack.iZIkpT/_new 2019-10-23 15:51:15.902721502 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/vrana/adminer.git</param>
- <param
name="changesrevision">32955f780271467572024b1dc91728d959efc1b6</param>
+ <param
name="changesrevision">b9594d13d6af838760936634a9a234e3d7c70e18</param>
</service>
</servicedata>
++++++ adminer-4.7.3.tar.xz -> adminer-4.7.4.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/adminer-4.7.3/adminer/db.inc.php
new/adminer-4.7.4/adminer/db.inc.php
--- old/adminer-4.7.3/adminer/db.inc.php 2019-08-27 17:58:21.000000000
+0200
+++ new/adminer-4.7.4/adminer/db.inc.php 2019-10-22 08:33:20.000000000
+0200
@@ -65,7 +65,6 @@
search_tables();
}
}
- $doc_link = doc_link(array('sql' =>
'show-table-status.html'));
echo "<div class='scrollable'>\n";
echo "<table cellspacing='0' class='nowrap
checkable'>\n";
echo script("mixin(qsl('table'), {onclick: tableClick,
ondblclick: partialArg(tableClick, true)});");
@@ -74,12 +73,12 @@
echo '<th>' . lang('Table');
echo '<td>' . lang('Engine') . doc_link(array('sql' =>
'storage-engines.html'));
echo '<td>' . lang('Collation') . doc_link(array('sql'
=> 'charset-charsets.html', 'mariadb' =>
'supported-character-sets-and-collations/'));
- echo '<td>' . lang('Data Length') . $doc_link;
- echo '<td>' . lang('Index Length') . $doc_link;
- echo '<td>' . lang('Data Free') . $doc_link;
+ echo '<td>' . lang('Data Length') .
doc_link(array('sql' => 'show-table-status.html', 'pgsql' =>
'functions-admin.html#FUNCTIONS-ADMIN-DBOBJECT', 'oracle' => 'REFRN20286'));
+ echo '<td>' . lang('Index Length') .
doc_link(array('sql' => 'show-table-status.html', 'pgsql' =>
'functions-admin.html#FUNCTIONS-ADMIN-DBOBJECT'));
+ echo '<td>' . lang('Data Free') . doc_link(array('sql'
=> 'show-table-status.html'));
echo '<td>' . lang('Auto Increment') .
doc_link(array('sql' => 'example-auto-increment.html', 'mariadb' =>
'auto_increment/'));
- echo '<td>' . lang('Rows') . $doc_link;
- echo (support("comment") ? '<td>' . lang('Comment') .
$doc_link : '');
+ echo '<td>' . lang('Rows') . doc_link(array('sql' =>
'show-table-status.html', 'pgsql' => 'catalog-pg-class.html#CATALOG-PG-CLASS',
'oracle' => 'REFRN20286'));
+ echo (support("comment") ? '<td>' . lang('Comment') .
doc_link(array('sql' => 'show-table-status.html', 'pgsql' =>
'functions-info.html#FUNCTIONS-INFO-COMMENT-TABLE')) : '');
echo "</thead>\n";
$tables = 0;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/adminer-4.7.3/adminer/foreign.inc.php
new/adminer-4.7.4/adminer/foreign.inc.php
--- old/adminer-4.7.3/adminer/foreign.inc.php 2019-08-27 17:58:21.000000000
+0200
+++ new/adminer-4.7.4/adminer/foreign.inc.php 2019-10-22 08:33:20.000000000
+0200
@@ -97,7 +97,7 @@
'mariadb' => "foreign-keys/",
'pgsql' => "sql-createtable.html#SQL-CREATETABLE-REFERENCES",
'mssql' => "ms174979.aspx",
- 'oracle' => "clauses002.htm#sthref2903",
+ 'oracle' =>
"https://docs.oracle.com/cd/B19306_01/server.102/b14200/clauses002.htm#sthref2903";,
)); ?>
<p>
<input type="submit" value="<?php echo lang('Save'); ?>">
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/adminer-4.7.3/adminer/include/bootstrap.inc.php
new/adminer-4.7.4/adminer/include/bootstrap.inc.php
--- old/adminer-4.7.3/adminer/include/bootstrap.inc.php 2019-08-27
17:58:21.000000000 +0200
+++ new/adminer-4.7.4/adminer/include/bootstrap.inc.php 2019-10-22
08:33:20.000000000 +0200
@@ -84,7 +84,7 @@
define("SERVER", $_GET[DRIVER]); // read from pgsql=localhost
define("DB", $_GET["db"]); // for the sake of speed and size
-define("ME", preg_replace('~^[^?]*/([^?]*).*~', '\1', $_SERVER["REQUEST_URI"])
. '?'
+define("ME", str_replace(":", "%3a", preg_replace('~^[^?]*/([^?]*).*~', '\1',
$_SERVER["REQUEST_URI"])) . '?'
. (sid() ? SID . '&' : '')
. (SERVER !== null ? DRIVER . "=" . urlencode(SERVER) . '&' : '')
. (isset($_GET["username"]) ? "username=" .
urlencode($_GET["username"]) . '&' : '')
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/adminer-4.7.3/adminer/include/editing.inc.php
new/adminer-4.7.4/adminer/include/editing.inc.php
--- old/adminer-4.7.3/adminer/include/editing.inc.php 2019-08-27
17:58:21.000000000 +0200
+++ new/adminer-4.7.4/adminer/include/editing.inc.php 2019-10-22
08:33:20.000000000 +0200
@@ -531,9 +531,9 @@
$urls = array(
'sql' => "https://dev.mysql.com/doc/refman/$version/en/";,
'sqlite' => "https://www.sqlite.org/";,
- 'pgsql' => "https://www.postgresql.org/docs/$version/static/";,
+ 'pgsql' => "https://www.postgresql.org/docs/$version/";,
'mssql' => "https://msdn.microsoft.com/library/";,
- 'oracle' =>
"https://download.oracle.com/docs/cd/B19306_01/server.102/b14200/";,
+ 'oracle' => "https://www.oracle.com/pls/topic/lookup?ctx=db"; .
preg_replace('~^.* (\d+)\.(\d+)\.\d+\.\d+\.\d+.*~s', '\1\2', $server_info) .
"&id=",
);
if (preg_match('~MariaDB~', $server_info)) {
$urls['sql'] = "https://mariadb.com/kb/en/library/";;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/adminer-4.7.3/adminer/include/version.inc.php
new/adminer-4.7.4/adminer/include/version.inc.php
--- old/adminer-4.7.3/adminer/include/version.inc.php 2019-08-27
17:58:21.000000000 +0200
+++ new/adminer-4.7.4/adminer/include/version.inc.php 2019-10-22
08:33:20.000000000 +0200
@@ -1,2 +1,2 @@
<?php
-$VERSION = "4.7.3";
+$VERSION = "4.7.4";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/adminer-4.7.3/adminer/processlist.inc.php
new/adminer-4.7.4/adminer/processlist.inc.php
--- old/adminer-4.7.3/adminer/processlist.inc.php 2019-08-27
17:58:21.000000000 +0200
+++ new/adminer-4.7.4/adminer/processlist.inc.php 2019-10-22
08:33:20.000000000 +0200
@@ -27,7 +27,7 @@
echo "<th>$key" . doc_link(array(
'sql' => "show-processlist.html#processlist_" .
strtolower($key),
'pgsql' =>
"monitoring-stats.html#PG-STAT-ACTIVITY-VIEW",
- 'oracle' => "../b14237/dynviews_2088.htm",
+ 'oracle' => "REFRN30223",
));
}
echo "</thead>\n";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/adminer-4.7.3/changes.txt
new/adminer-4.7.4/changes.txt
--- old/adminer-4.7.3/changes.txt 2019-08-27 17:58:21.000000000 +0200
+++ new/adminer-4.7.4/changes.txt 2019-10-22 08:33:20.000000000 +0200
@@ -1,3 +1,6 @@
+Adminer 4.7.4 (released 2019-10-22):
+Fix XSS if Adminer is accessible at URL /data:
+
Adminer 4.7.3 (released 2019-08-27):
Allow editing foreign keys pointing to tables in other database/schema (bug
#694)
Fix blocking of concurrent instances in PHP >7.2 (bug #703)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/adminer-4.7.3/compile.php
new/adminer-4.7.4/compile.php
--- old/adminer-4.7.3/compile.php 2019-08-27 17:58:21.000000000 +0200
+++ new/adminer-4.7.4/compile.php 2019-10-22 08:33:20.000000000 +0200
@@ -403,6 +403,12 @@
$file = str_replace('<?php echo html_select("auth[driver]",
$drivers, DRIVER) . "\n"; ?>', "<input type='hidden' name='auth[driver]'
value='" . ($driver == "mysql" ? "server" : $driver) . "'>" . reset($drivers),
$file);
}
$file =
preg_replace('(;../externals/jush/modules/jush-(?!textarea\.|txt\.|js\.|' .
preg_quote($driver == "mysql" ? "sql" : $driver) . '\.)[^.]+.js)', '', $file);
+ $file = preg_replace_callback('~doc_link\(array\((.*)\)\)~sU', function
($match) use ($driver) {
+ list(, $links) = $match;
+ $links = preg_replace("~'(?!(" . ($driver == "mysql" ?
"sql|mariadb" : $driver) . ")')[^']*' => [^,]*,?~", '', $links);
+ return (trim($links) ? "doc_link(array($links))" : "''");
+ }, $file);
+ //! strip doc_link() definition
}
if ($project == "editor") {
$file = preg_replace('~;.\.\/externals/jush/jush\.css~', '', $file);
