Hello community, here is the log from the commit of package phpMyAdmin for openSUSE:Factory checked in at 2016-05-30 09:59:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/phpMyAdmin (Old) and /work/SRC/openSUSE:Factory/.phpMyAdmin.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "phpMyAdmin" Changes: -------- --- /work/SRC/openSUSE:Factory/phpMyAdmin/phpMyAdmin.changes 2016-05-10 09:28:01.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.phpMyAdmin.new/phpMyAdmin.changes 2016-05-30 09:59:14.000000000 +0200 @@ -1,0 +2,38 @@ +Sun May 29 15:07:43 UTC 2016 - [email protected] + +- rebase phpMyAdmin-config.patch + +------------------------------------------------------------------- +Sat May 28 07:33:29 UTC 2016 - [email protected] + +- update to 4.6.2 (2016-05-25) + - gh#12225 Use https for documentation links + - gh#12234 Fix schema export with too many tables + - gh#12240 Avoid parsing non JSON responses as JSON + - gh#12244 Avoid using too log URLs when getting javascripts + - gh#12118 Fixed setting mixed case languages + - gh#12229 Avoid storing objects in session when debugging SQL + - gh#12249 Fix cookie path on IIS + - gh#11705 Fix occassional 200 errors on Windows + - gh#12219 Fix locking issues when importing SQL + - gh#12231 Avoid confusing warning when mysql extension is missing + - fix issue Improve handling of logout + - fix issue Safer handling of sessions during authentication + - gh#12209 Fix server selection on main page + - gh#12192 Avoid storing full error data in session + - gh#12082 Fixed export of ARCHIVE tables with keys + - gh#11565 Add session reload for config authentication + - gh#12229 Do not fail on errors stored in session + - gh#12248 Fix loading of APC based upload progress bar +- remove PmaAbsoluteUri from phpMyAdmin-config.patch because since + version 4.6.0 it is remove +- Security fixes: + * PMASA-2016-14 (CVE-2016-5097, CWE-661, boo#982126) + https://www.phpmyadmin.net/security/PMASA-2016-14/ + - User SQL queries can be revealed through URL GET parameters, + see PMASA-2016-14 + * PMASA-2016-16 (CVE-2016-5099, CWE-661, boo#982128) + https://www.phpmyadmin.net/security/PMASA-2016-16/ + - Self XSS vulneratbility, see PMASA-2016-16 + +------------------------------------------------------------------- Old: ---- phpMyAdmin-4.6.1-all-languages.tar.xz phpMyAdmin-4.6.1-all-languages.tar.xz.asc New: ---- phpMyAdmin-4.6.2-all-languages.tar.xz phpMyAdmin-4.6.2-all-languages.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ phpMyAdmin.spec ++++++ --- /var/tmp/diff_new_pack.3vMyR7/_old 2016-05-30 09:59:15.000000000 +0200 +++ /var/tmp/diff_new_pack.3vMyR7/_new 2016-05-30 09:59:15.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package phpMyAdmin # -# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -29,7 +29,7 @@ %define ap_grp nogroup %endif Name: phpMyAdmin -Version: 4.6.1 +Version: 4.6.2 Release: 0 Summary: Administration of MySQL over the web License: GPL-2.0+ ++++++ phpMyAdmin-4.6.1-all-languages.tar.xz -> phpMyAdmin-4.6.2-all-languages.tar.xz ++++++ ++++ 4530 lines of diff (skipped) ++++++ phpMyAdmin-config.patch ++++++ --- /var/tmp/diff_new_pack.3vMyR7/_old 2016-05-30 09:59:17.000000000 +0200 +++ /var/tmp/diff_new_pack.3vMyR7/_new 2016-05-30 09:59:17.000000000 +0200 @@ -2,29 +2,10 @@ =================================================================== --- config.sample.inc.php.orig +++ config.sample.inc.php -@@ -11,13 +11,76 @@ +@@ -11,13 +11,56 @@ */ /** -+ * Your phpMyAdmin url -+ * -+ * Complete the variable below with the full url ie -+ * https://www.your_web.net/path_to_your_phpMyAdmin_directory/ -+ * -+ * It must contain characters that are valid for a URL, and the path is -+ * case sensitive on some Web servers, for example Unix-based servers. -+ * -+ * In most cases you can leave this variable empty, as the correct value -+ * will be detected automatically. However, we recommend that you do -+ * test to see that the auto-detection code works in your system. A good -+ * test is to browse a table, then edit a row and save it. There will be -+ * an error message if phpMyAdmin cannot auto-detect the correct value. -+ * -+ * Default: '' -+ */ -+/* $cfg['PmaAbsoluteUri'] = ''; -+ -+/** + * Disable the default warning that is displayed on the DB Details Structure + * page if any of the required Tables for the relationfeatures could not be + * found @@ -70,7 +51,6 @@ */ -$cfg['blowfish_secret'] = ''; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */ +$cfg['blowfish_secret'] = ''; -+ /** * Servers configuration @@ -80,7 +60,7 @@ */ $i = 0; -@@ -25,47 +88,158 @@ $i = 0; +@@ -25,47 +68,155 @@ $i = 0; * First server */ $i++; @@ -112,7 +92,6 @@ +$cfg['Servers'][$i]['verbose_check'] = true; +$cfg['Servers'][$i]['AllowDeny']['order'] = ''; +$cfg['Servers'][$i]['AllowDeny']['rules'] = array(); -+ /** * phpMyAdmin configuration storage settings. @@ -121,19 +100,13 @@ + * libraries/config.default.php */ --/* User used to manipulate with storage */ + /* User used to manipulate with storage */ -// $cfg['Servers'][$i]['controlhost'] = ''; -// $cfg['Servers'][$i]['controlport'] = ''; -// $cfg['Servers'][$i]['controluser'] = 'pma'; -// $cfg['Servers'][$i]['controlpass'] = 'pmapass'; -+$cfg['Servers'][$i]['controlhost'] = 'localhost'; -+$cfg['Servers'][$i]['controlport'] = ''; -+/* -+$cfg['Servers'][$i]['controluser'] = 'pma'; -+$cfg['Servers'][$i]['controlpass'] = 'pmapass'; -+ - - /* Storage database and tables */ +- +-/* Storage database and tables */ -// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin'; -// $cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark'; -// $cfg['Servers'][$i]['relation'] = 'pma__relation'; @@ -156,6 +129,11 @@ -// $cfg['Servers'][$i]['export_templates'] = 'pma__export_templates'; -/* Contrib / Swekey authentication */ -// $cfg['Servers'][$i]['auth_swekey_config'] = '/etc/swekey-pma.conf'; ++$cfg['Servers'][$i]['controlhost'] = 'localhost'; ++$cfg['Servers'][$i]['controlport'] = ''; ++/* ++$cfg['Servers'][$i]['controluser'] = 'pma'; ++$cfg['Servers'][$i]['controlpass'] = 'pmapass'; + +/** + * The name of the database containing the phpMyAdmin configuration storage. @@ -273,11 +251,6 @@ /** * End of servers configuration -@@ -155,3 +329,4 @@ $cfg['SaveDir'] = ''; - * You can find more configuration options in the documentation - * in the doc/ folder or at <http://docs.phpmyadmin.net/>. - */ -+ Index: libraries/vendor_config.php =================================================================== --- libraries/vendor_config.php.orig
