Package Release Info


Update Info: openSUSE-2017-611
Available in Package Hub : 12 GA-SP5





Change Logs

* Sat Apr 22 2017
- restore phpMyAdmin-pma.patch
  * because it is NOT upstream and needed for configuration storage
- restore previous phpMyAdmin-config.patch
  * merge with upstream config VAR changes
  - removed $cfg['Servers'][$i]['designer_coords']
* Sat Apr 01 2017
- update to 4.7.0 (2017-03-28)
  * gh#12233 [Display] Improve message when renaming database to
    same name
  * gh#6146  Log authentication attempts to syslog
  * gh#11981 Remove support for Swekey authentication
  * gh#11987 Remove code for no longer supported MSIE versions
  * gh#11962 Remove embedded PHP libraries, use composer to install
  * gh#12017 Cannot easily select multiple tables when exporting
  * gh#12047 Add javascript filtering for databases
  * gh#12166 More compact rendering of navigation tree
  * gh#12129 Improve performance with SkipLockedTables
  * gh#12173 Do not hide indexes under a slider
  * Improve performance of zip file import
  * gh#12196 Removed $cfg['ThemePath']
  * gh#6274  Add support for export user settings as
  * gh#5555  Better report query errors while generating SQL exports
  * gh#12307 Produce valid JSON on export
  * gh#12325 Setup script icons broken
  * gh#12378 Support IPv6 proxies
  * Removed MySQL connection retry without password
  * gh#12218 Allow to specify further parameters for control
  * gh#12162 Show charset for each table on Database structure page
  * gh#12463 Incorrect link in the href of icon at Hide/Show unhide
  * gh#12330 Shortcut for closing console
  * gh#12465 Improved handling of http requests
  * gh#12474 Broken links in Setup forms Navigation
  * gh#12494 Can't add a new User
  * gh#12523 Add 'token' Parameter in all POST requests
    (Fix 'Token mismatch' errors)
  * gh#12302 Improved usage of number_format
  * gh#12656 Server selection not working
  * gh#12543 NULL results in dataset are colored grey
  * gh#12664 Create Bookmark broken
  * gh#12688 Use unsigned int for storing bookmark ID
  * gh#12352 Added password strength indicator
  * gh#12713 Correctly handle HTTP status when doing requests
  * gh#12247 Add option to delete settings from browser storage
  * gh#12783 Remove unused PMA_addJSCode function
  * gh#12069 Add table filtering to database structure
  * gh#12799 Allow to configure signon session parameters
  * gh#12854 Drop database is broken
  * gh#12863 Can't toggle Event Scheduler on
  * gh#12742 Finish removing dead code references to xls/xlsx
    import and export, which was removed some time ago.
  * gh#12536 Rename "Relations" to "Relationships" in many places
    as it's the more proper term
  * gh#12834 Fixed margins in central columns feature
  * gh#12903 Document more export configuration options
  * gh#12897 Use consistent numeric format for table overhead
  * gh#12901 Use server returned table name on renaming table
  * gh#12918 Always use \r\n as newline when editing fields
  * gh#12923 Fixed server side search in navigation panel
  * gh#12929 Undefined index warning with ssl_ca_paths
  * gh#12924 Do not show errors from OpenSSL cookie
  * gh#12945 Fixed hint rendering on adding new user
  * gh#12941 Fixed sorting of tables in relation view
  * gh#12936 Fixed tables pagination in navigation panel
  * gh#12904 Do not collapse add form for central columns if there
    are none
  * gh#12955 Fixed database renaming
  * gh#12954 Fixed export of tracking data
  * gh#12960 Enclose exports in transaction by default
  * gh#12966 After adding a column ADD INDEX option won't be
    displayed when enabling AI
  * gh#12972 Better error message when Composer has not been run
  * gh#12988 Do not show language selector without choices
  * gh#12993 Fixed external links to php documentation
  * gh#12990 Fixed error when loading favorite tables to console
  * gh#12981 Improved rendering of new version information
  * gh#12922 Fixed bookmarks ordering
  * gh#12964 Fixed table search in navigation
  * gh#12985 Fixed rendering of foreign key browsing
  * gh#12957 Fixed manipulation with GIS data having zero
  * gh#12804 Fixed various designer javascript errors
  * gh#12934 Fixed possible javascript error on server status page
  * gh#12927 Fixed javascript error on 3NF normalization
  * gh#12996 List all databses in navigation panel database
  * gh#12980 Better defaults when creating multi field foreign key
  * gh#12976 Improved foreign key editor behavior
  * gh#12958 Always show error reporting dialog on top
  * gh#12693 Improved support for TokuDB
  * gh#11231 Try harder to honor LoginCookieValidity setting
  * gh#13016 and #13017 Slight improvements to the table layout of
    Relation view
  * gh#12345 Correctly show affected rows for LOAD DATA queries
  * gh#13010 Copy database: SQL error for copying PMADB metadata
  * gh#13002 Fixed OpenDocument exports
  * gh#13000 Align NULL values according to the column alignment
  * gh#13021 Show phpMyAdmin errors even with error_reporting
    set to 0
  * gh#13020 Removed warning about client and server versions
  * Hide comments on table Structure tab when no comment is set
  * Fixed submission of error reports
  * gh#13033 Use Referrer-Policy header to specify referrer policy
  * Fixed javascript confirmation of dangerous queries
  * gh#13040 Compatibility with hhvm 3.18
  * gh#13031 Fixed displaying of all rows
  * gh#12967 Fixed related field selection for native relations
  * gh#13045 Properly escape MIME transformatoin names
  * gh#13028 Always show 100% in font selector
  * gh#13047 Fix query simulating for more servers
  * gh#12846 Fix new version check for sites with wrongly
    configured curl
  * gh#12951 When exporting to Excel, the default is now to include
    column names in the first row
  * gh#13059 Removed debugging code
  * gh#13029 Fixed table tracking for nested table groups
  * gh#13053 Fixed broken links in setup
  * gh#12708 Removed phpMyAdmin version from User-Agent header
  * gh#13084 Do not point users to setup when it is disabled
  * gh#12660 Delete only phpMyAdmin cookies on upgrade
  * gh#13088 Fixed editing of rows with text primary key
  * gh#13092 Do not try to sync favorite tables if configuration
    storage is not enabled
  * gh#13105 Fixed changing attribute for virtual field
  * gh#12757 Fixed setting password on recent MariaDB with non
    working plugins
  * gh#12349 Fixed undefined variable on import from some formats
  * gh#13103 Do not offer default names for copying/renaming
  * [security] Possible to bypass
    $cfg['Servers'][$i]['AllowNoPassword'], see PMASA-2017-08
- Drop patch phpMyAdmin-pma.patch because now in upstream
* Mon Mar 20 2017
- add file
  * include one file for php5/php7 admin flags/values
* Wed Jan 25 2017
- 4.6.6 (2017-01-23)
  * gh#12759 Fix Notice regarding 'Undefined index: old_usergroup'
  * gh#12760 Fix Notice regarding 'Undefined index: users'
  * gh#12762 Fixed parsing of SQL with BINARY function
  * gh#12588 ReCaptcha now works without allow_url_fopen
  * gh#12699 Show no local storage warning only on settings tab
  * gh#12778 Syntax Error in Adding/Changing TIMESTAMP columns with
    default value as NULL
  * gh#12769 Edit/Export links are not clickable under Routines tab
  * gh#12757 Fixed creating new user with older MariaDB
  * gh#12784 Remove ctype installation suggestion
  * gh#12780 Format button replaces all text with blank spaces
  * gh#12786 Fixed database searching
  * gh#12792 Fixed javascript error on new version link
  * gh#12785 Add information about required and suggested extensions
    to composer.json
  * gh#12801 Custom header shown twice with cookie login form
  * gh#12802 Custom footer not shown with auth_type http login failure
  * gh#12434 Improve documentation for servers running with Suhosin
  * gh#12800 Updated embedded phpSecLib to 2.0.4
  * gh#12800 Fixed various issues with PHP 7.1
  * gh#11816 Fixed operation with lower_case_table_names=2
  * gh#12813 Fixed stored procedure execution
  * gh#12826 Honor user configured connection collation
  * gh#12293 Correctly report OpenSSL errors from cookie encryption
  * gh#12814 DateTime won't allow to input length in Routine editor
  * gh#12840 Fix Notice regarding 'Undefined index: row_format' when
    altering table options
  * gh#12841 Fixed moving of columns with whitespace in name
  * gh#12847 Fixed editing of virtual columns
  * gh#12859 Changed WHERE condition to 0 instead of 1 for SQL query
    window to avoid accidents
  * gh#12872 Use same query for display and execution when dropping
  * gh#12868 Fix check for user groups freatures being enabled
  * gh#12876 Fix notices and warning related to dbs_to_test global
  * gh#12831 Fix table formatting on Insert tab, which mostly
    affected row highlighting
  * gh#12495 Reintroduced phpinfo page with limited capabilities
  * gh#12861 Fix renaming tables with lower_case_table_names=2
  * gh#12876 Fix possible PHP error in navigation
  * gh#12881 Fix database search with newer php-gettext
  * gh#12894 Fix linter error on unterminated variable name
  * gh#12732 Fixed filtering for active processes
- fix for boo#1021597
  * PMASA-2016-44 (CVE-2016-6621, CWE-661)
  - Multiple vulnerabilities in setup script
  * PMASA-2017-1 (CVE-2017-1000013, CWE-661)
  - Open redirect
  * PMASA-2017-2 (CVE-2015-8980, CWE-661)
  - php-gettext code execution
  * PMASA-2017-3 (CVE-2017-1000014, CWE-661)
  - DOS vulnerabiltiy in table editing
  * PMASA-2017-4 (CVE-2017-1000015, CWE-661)
  - CSS injection in themes
  * PMASA-2017-5 (CVE-2017-1000016, CWE-661)
  - Cookie attribute injection attack
  * PMASA-2017-6 (CVE-2017-1000017, CWE-661)
  - SSRF in replication
  * PMASA-2017-7 (CVE-2017-1000018, CWE-661)
  - DOS in replication status
- remove obsolete phpMyAdmin-12757_sql_syntax_errror.patch
- rework phpMyAdmin-config.patch
* Thu Jan 19 2017
- Add Patch phpMyAdmin-12757_sql_syntax_errror.patch to fix
  gh#12757 SQL syntax errror on MariaDB < 10.0.2 in check for mysql
  password check plugin.
  Will be fixed in 4.6.6
* Tue Dec 06 2016
- update to (2016-12-05)
  * gh#12765 Fixed SQL export with newlines
- update changes (update to 4.6.5 (2016-11-25))
  * add missing (Not yet available) CVE's
- fix phpMyAdmin.http
* Sat Nov 26 2016
- update to (2016-11-26)
  - quick fix for 4.6.5
  * an issue affecting a small number of users using
    $cfg['Servers'][$i]['hide_db'] or $cfg['Servers'][$i]['only_db'].
  * an issue affecting the create table dialog where the partition
    selection tool was overzealous and made it difficult to create
    a new table.
- update to 4.6.5 (2016-11-25)
  - security fixes
  * Fix for expanding in navigation pane
  * Reintroduced a simplified version of PmaAbsoluteUri directive
    (needed with reverse proxies)
  * Fix editing of ENUM/SET/DECIMAL field structures
  * Improvements to the parser
  - other fixes
  * Remove potentionally license problematic sRGB profile
  * gh#12459 Display read only fields as read only when editing
  * gh#12384 Fix expanding of navigation pane when clicking on database
  * gh#12430 Impove partitioning support
  * gh#12374 Reintroduced simplified PmaAbsoluteUri configuration
  * Always use UTC time in HTTP headers
  * gh#12479 Simplified validation of external links
  * gh#12483 Fix browsing tables with built in transformations
  * gh#12485 Do not show warning about short blowfish_secret if none
    is set
  * gh#12251 Fixed random logouts due to wrong cookie path
  * gh#12480 Fixed editing of ENUM/SET/DECIMAL fields structure
  * gh#12497 Missing escaping of configuration used in SQL
    (hide_db and only_db)
  * gh#12476 Add error checking in reading advisory rules file
  * gh#12477 Add checking missing elements and confirming element
    types from json_decode
  * gh#12251 Automatically save SQL query in browser local storage
    rather than in cookie
  * gh#12292 Unable to edit transformations
  * gh#12502 Remove unused paramenter when connecting to MySQLi
  * gh#12303 Fix number formatting with different settings of
    precision in PHP
  * gh#12405 Use single quotes in PHP code
  * gh#12534 Option for the dropped column is not removed from
    'after_field' select, after the column is dropped
  * gh#12531 Properly detect DROP DATABASE queries
  * gh#12470 Fix possible race condition in setting URL hash
  * gh#11924 Remove caching of server information
  * gh#11628 Proper parsing of INSERT ... ON DUPLICATE KEY queries
  * gh#12545 Proper parsing of CREATE TABLE ... PARTITION queries
  * gh#12473 Code can throw unhandled exception
  * gh#12550 Do not try to keep alive session even after expiry
  * gh#12512 Fixed rendering BBCode links in setup
  * gh#12518 Fixed copy of table with generated columns
  * gh#12221 Fixed export of table with generated columns
  * gh#12320 Copying a user does not copy usergroup
  * gh#12272 Adding a new row with default enum goes to no selection
    when you want to add more then 2 rows
  * gh#12487 Drag and drop import prevents file dropping to blob
    column file selector on the insert tab
  * gh#12554 Absence of scrolling makes it impossible to read longer
    text values in grid editing
  * gh#12530 "Edit routine" crashes when the current user is not the
    definer, even if privileges are adequate
  * gh#12300 Export selective tables by-default dumps Events also
  * gh#12298 Fixed export of view definitions
  * gh#12242 Edit routine detail dialog does not fill "Return length"
    field in mysql functions
  * gh#12575 New index Confirm adds whitespace around the field name
  * gh#12382 Bug in zoom search
  * gh#12321 Assign LIMIT clause only to syntactically correct queries
  * gh#12461 Can't Execute SQL With Sub-Query Due To "LIMIT 0,25"
    Inserted At Wrong Place
  * gh#12511 Clarify documentation on ArbitraryServerRegexp
  * gh#12508 Remove duplicate code in SQL escaping
  * gh#12475 Cleanup code for getting table information
  * gh#12579 phpMyAdmin's export of a Select statment without a FROM
    clause generates Wrong SQL
  * gh#12316 Correct export of complex SELECT statements
  * gh#12080 Fixed parsing of subselect queries
  * gh#11740 Fixed handling DELETE ... USING queries
  * gh#12100 Fixed handling of CASE operator
  * gh#12455 Query history stores separate entry for every letter
  * gh#12327 Create PHP code no longer works
  * gh#12179 Fixed bookmarking of query with multiple statements
  * gh#12419 Wrong description on GRANT OPTION
  * gh#12615 Fixed regexp for matching browser versions
  * gh#12569 Avoid showing import errors twice
  * gh#12362 prefs_manage.php can leave an orphaned temporary file
  * gh#12619 Unable to export csv when using union select
  * gh#12625 Broken Edit links in query results of JOIN query
  * gh#12634 Drop DB error in import if DB doesn't exist
  * gh#12338 Designer reverts to first saved ER after EACH relation
    create or delete
  * gh#12639 'Show trace' in Console generates JS error for functions
    in query's trace called without any arguments
  * gh#12366 Fix user creation with certain MariaDB setups
  * gh#12616 Refuse to work with mbstring.func_overload enabled
  * gh#12472 Properly report connection without password in setup
  * gh#12365 Fix records count for large tables
  * gh#12533 Fix records count for complex queries
  * gh#12454 Query history not updated in console until page refresh
  * gh#12344 Fixed parsing of labels in loop
  * gh#12228 Fixed parsing of BEGIN labels
  * gh#12637 Fixed editing some timestamp values
  * gh#12622 Fixed javascript error in designer
  * gh#12334 Missing page indicator or VIEWs
  * gh#12610 Export of tables with Timestamp/Datetime/Time columns
    defined with ON UPDATE clause with precision fails
  * gh#12661 Error inserting into pma__history after timeout
  * gh#12195 Row_format = fixed not visible
  * gh#12665 Cannot add a foreign key - non-indexed fields not listed
    in InnoDB tables
  * gh#12674 Allow for proper MySQL-allowed strings as identifiers
  * gh#12651 Allow for partial dates on table insert page
  * gh#12681 Fixed designer with tables using special chars
  * gh#12652 Fixed visual query builder for foreign keys with more
  * gh#12257 Improved search page performance
  * gh#12322 Avoid selecting default function for foreign keys
  * gh#12453 Fixed escaping of SQL parts in some corner cases
  * gh#12542 Missing table name in account privileges editor
  * gh#12691 Remove ksort call on empty array in PMA_getPlugins
  * gh#12443 Check parameter type before processing
  * gh#12299 Avoid generating too long URLs in search
  * gh#12361 Fix self SQL injection in table-specific privileges
  * gh#12698 Add link to release notes and download on new version
  * gh#12712 Error when trying to setup replication (fatal error in
    call to an old PMA_DBI_connect function)
- fix for boo#1012271
  * Unsafe generation of $cfg['blowfish_secret']
    see PMASA-2016-58 (CVE ids: CVE-2016-9847, CWE-661)
  * phpMyAdmin's phpinfo functionality is removed
    see PMASA-2016-59 (CVE ids: CVE-2016-9848, CWE-661)
  * AllowRoot and allow/deny rule bypass with specially-crafted
    see PMASA-2016-60 (CVE ids: CVE-2016-9849, CWE-661)
  * Username matching weaknesses with allow/deny rules
    see PMASA-2016-61 (CVE ids: CVE-2016-9850, CWE-661)
  * Possible to bypass logout timeout
    see PMASA-2016-62 (CVE ids: CVE-2016-9851, CWE-661)
  * Full path disclosure (FPD) weaknesses
    see PMASA-2016-63 (CVE ids: CVE-2016-9852, CVE-2016-9853,
    CVE-2016-9854, CVE-2016-9855, CWE-661)
  * Multiple XSS weaknesses
    see PMASA-2016-64 (CVE ids: CVE-2016-9856, CVE-2016-9857,
    CWE-661, CWE-352)
  * Multiple denial-of-service (DOS) vulnerabilities
    see PMASA-2016-65 (CVE ids: CVE-2016-9858, CVE-2016-9859,
    CVE-2016-9860, CWE-661, CW-400)
  * Possible to bypass white-list protection for URL redirection
    see PMASA-2016-66 (CVE ids: CVE-2016-9861, CWE-661, CWE-20,
  * BBCode injection to login page
    see PMASA-2016-67 (CVE ids: CVE-2016-9862, CWE-661)
  * Denial-of-service (DOS) vulnerability in table partitioning
    see PMASA-2016-68 (CVE ids: CVE-2016-9863, CWE-661, CWE-400)
  * Multiple SQL injection vulnerabilities
    see PMASA-2016-69 (CVE ids: CVE-2016-9864, CWE-661, CWE-89)
  * Incorrect serialized string parsing
    see PMASA-2016-70 (CVE ids: CVE-2016-9865, CWE-661)
  * CSRF token not stripped from the URL
    see PMASA-2016-71 (CVE ids: CVE-2016-9866, CWE-661)
* Sun Nov 06 2016
- fix deps
  * add missing Recommends php5-curl
- fix phpMyAdmin.http
  * add <IfModule mod_php7.c>
* Sat Nov 05 2016
- fix phpMyAdmin.http
* Thu Aug 18 2016
- 4.6.4 (2016-08-16)
  - securitiy fixes
  * Improve session cookie code for openid.php and signon.php example
  * Full path disclosure in openid.php and signon.php example files
  * Unsafe generation of BlowfishSecret (when not supplied by the user)
  * Referrer leak when phpinfo is enabled
  * Use HTTPS for wiki links
  * Improve SSL certificate handling
  * Fix full path disclosure in debugging code
  * Administrators could trigger SQL injection attack against users
  - other fixes
  * Remove Swekey support
  * Include X-Robots-Tag header in responses
  * Enforce numeric field length when creating table
  * Fixed invalid Content-Length in some HTTP responses
  * gh#12394 Create view should require a view name
  * gh#12391 Message with 'Change password successfully' displayed,
    but does not take effect
  * Tighten control on PHP sessions and session cookies
  * gh#12409 Re-enable overhead on server databases view
  * gh#12414 Fixed rendering of Original theme
  * gh#12413 Fixed deleting users in non English locales
  * gh#12416 Fixed replication status output in Databases listing
  * gh#12303 Avoid typecasting to float when not needed
  * gh#12425 Duplicate message variable names in
  * gh#12399 Adding index to table shows wrong top navigation
  * gh#12424 Fixed password change on MariaDB without auth plugin
  * gh#12339 Do not error on unset server port
  * gh#12422 Improvements to the original theme
  * gh#12395 Do not try to load old transformation plugins
  * gh#12423 Fixed replication status in database listing
  * gh#12433 Copy table with prefix does not copy the indexes
  * gh#12375 Search in database: Window content is not scrolling down
    when clicking first time on Browse link
  * gh#12346 SQL Editor textareas can have their size increased from
    the top, distorting the page view
- fix for boo#994313
  * Weaknesses with cookie encryption
    see PMASA-2016-29 (CVE-2016-6606, CWE-661)
  * Multiple XSS vulnerabilities
    see PMASA-2016-30 (CVE-2016-6607, CWE-661)
  * Multiple XSS vulnerabilities
    see PMASA-2016-31 (CVE-2016-6608, CWE-661)
  * PHP code injection
    see PMASA-2016-32 (CVE-2016-6609, CWE-661)
  * Full path disclosure
    see PMASA-2016-33 (CVE-2016-6610, CWE-661)
  * SQL injection attack
    see PMASA-2016-34 (CVE-2016-6611, CWE-661)
  * Local file exposure through LOAD DATA LOCAL INFILE
    see PMASA-2016-35 (CVE-2016-6612, CWE-661)
  * Local file exposure through symlinks with UploadDir
    see PMASA-2016-36 (CVE-2016-6613, CWE-661)
  * Path traversal with SaveDir and UploadDir
    see PMASA-2016-37 (CVE-2016-6614, CWE-661)
  * Multiple XSS vulnerabilities
    see PMASA-2016-38 (CVE-2016-6615, CWE-661)
  * SQL injection vulnerability as control user
    see PMASA-2016-39 (CVE-2016-6616, CWE-661)
  * SQL injection vulnerability
    see PMASA-2016-40 (CVE-2016-6617, CWE-661)
  * Denial-of-service attack through transformation feature
    see PMASA-2016-41 (CVE-2016-6618, CWE-661)
  * SQL injection vulnerability as control user
    see PMASA-2016-42 (CVE-2016-6619, CWE-661)
  * Verify data before unserializing
    see PMASA-2016-43 (CVE-2016-6620, CWE-661)
  * SSRF in setup script
    see PMASA-2016-44 (CVE-2016-6621, CWE-661)
  * Denial-of-service attack with
    $cfg['AllowArbitraryServer'] = true and persistent connections
    see PMASA-2016-45 (CVE-2016-6622, CWE-661)
  * Denial-of-service attack by using for loops
    see PMASA-2016-46 (CVE-2016-6623, CWE-661)
  * Possible circumvention of IP-based allow/deny rules with IPv6 and
    proxy server
    see PMASA-2016-47 (CVE-2016-6624, CWE-661)
  * Detect if user is logged in
    see PMASA-2016-48 (CVE-2016-6625, CWE-661)
  * Bypass URL redirection protection
    see PMASA-2016-49 (CVE-2016-6626, CWE-661)
  * Referrer leak
    see PMASA-2016-50 (CVE-2016-6627, CWE-661)
  * Reflected File Download
    see PMASA-2016-51 (CVE-2016-6628, CWE-661)
  * ArbitraryServerRegexp bypass
    see PMASA-2016-52 (CVE-2016-6629, CWE-661)
  * Denial-of-service attack by entering long password
    see PMASA-2016-53 (CVE-2016-6630, CWE-661)
  * Remote code execution vulnerability when running as CGI
    see PMASA-2016-54 (CVE-2016-6631, CWE-661)
  * Denial-of-service attack when PHP uses dbase extension
    see PMASA-2016-55 (CVE-2016-6632, CWE-661)
  * Remove tode execution vulnerability when PHP uses dbase extension
    see PMASA-2016-56 (CVE-2016-6633, CWE-661)
- fix deps
  * add missing php-gettext
- rebase phpMyAdmin-config.patch
* Thu Jun 23 2016
- update to 4.6.3 (2016-06-23)
  * gh#12249 Fixed cookie path on Windows
  * gh#12279 Fixed error reporting on connect problems
  * gh#12290 Fixed export of tables without explicitly set engine
  * gh#12285 Designer JavaScript error: Show/Hide tables list
  * gh#12293 Fix MySQL SSL connection with some PHP versions
  * gh#12279 Fix MySQL connection error on version mismatch
  * gh#12281 Keep user attributes (privileges, authentication mode, etc) when copying a user
  * gh#12308 Fix division by zero in case of misconfigured MySQL server
  * gh#12317 Fix editing server variables
  * gh#12303 Fix table size calculation in some circumstances
  * gh#12310 Fix listing routines for non privileged user
  * issue Escape generated query in exporting a database
  * issue Setup script did not properly use input type password for some input types
- fix for boo#986154
  * PMASA-2016-17 (CVE-2016-5701, CWE-661)
  - BBCode injection vulnerability
  * PMASA-2016-18 (CVE-2016-5702, CWE-661)
  - Cookie attribute injection attack
  * PMASA-2016-19 (CVE-2016-5703, CWE-661)
  - SQL injection attack
  * PMASA-2016-20 (CVE-2016-5704, CWE-661)
  - XSS on table structure page
  * PMASA-2016-21 (CVE-2016-5705, CWE-661)
  - Multiple XSS vulnerabilities
  * PMASA-2016-22 (CVE-2016-5706, CWE-661)
  - DOS attack
  * PMASA-2016-23 (CVE-2016-5730, CWE-661)
  - Multiple full path disclosure vulnerabilities
  * PMASA-2016-24 (CVE-2016-5731, CWE-661)
  - XSS through FPD
  * PMASA-2016-25 (CVE-2016-5732, CWE-661)
  - XSS in partition range functionality
  * PMASA-2016-26 (CVE-2016-5733, CWE-661)
  - Multiple XSS vulnerabilities
  * PMASA-2016-27 (CVE-2016-5734, CWE-661)
  - Unsafe handling of preg_replace parameters
  * PMASA-2016-28 (CVE-2016-5739, CWE-661)
  - Referrer leak in transformations
* Sun May 29 2016
- rebase phpMyAdmin-config.patch
* Sat May 28 2016
- update to 4.6.2 (2016-05-25)
  - gh#12225 Use https for documentation links
  - gh#12234 Fix schema export with too many tables
  - gh#12240 Avoid parsing non JSON responses as JSON
  - gh#12244 Avoid using too log URLs when getting javascripts
  - gh#12118 Fixed setting mixed case languages
  - gh#12229 Avoid storing objects in session when debugging SQL
  - gh#12249 Fix cookie path on IIS
  - gh#11705 Fix occassional 200 errors on Windows
  - gh#12219 Fix locking issues when importing SQL
  - gh#12231 Avoid confusing warning when mysql extension is missing
  - fix issue Improve handling of logout
  - fix issue Safer handling of sessions during authentication
  - gh#12209 Fix server selection on main page
  - gh#12192 Avoid storing full error data in session
  - gh#12082 Fixed export of ARCHIVE tables with keys
  - gh#11565 Add session reload for config authentication
  - gh#12229 Do not fail on errors stored in session
  - gh#12248 Fix loading of APC based upload progress bar
- remove PmaAbsoluteUri from phpMyAdmin-config.patch because since
  version 4.6.0 it is remove
- Security fixes:
  * PMASA-2016-14 (CVE-2016-5097, CWE-661, boo#982126)
  - User SQL queries can be revealed through URL GET parameters,
    see PMASA-2016-14
  * PMASA-2016-16 (CVE-2016-5099, CWE-661, boo#982128)
  - Self XSS vulneratbility, see PMASA-2016-16
* Mon May 09 2016
- phpMyAdmin 4.6.1:
  * Problems with SQL syntax warnings from the linter/parser
  * Fixing an error about "PMA_Util" not found
  * Better handling of JSON columns
  * Fixed quoting with the SQL parser, which in particular adversely
    affected SQL imports and exports
* Thu Mar 24 2016
- phpMyAdmin 4.6.0:
  * Allow setting routine-wise privileges
  * UI for defining partitioning in create table window
  * Support JSON data type
  * Editing partitions in table Structure
  * Copy results to clipboard
  * Reactivate cut&paste possibility in print view
  * Display binary strings as text if they are valid UTF-8
  * Copy multiple tables to database
  * Show MySQL error messages in user language
  * Add new configuration directive 'ssl_verify' for self-signed
    certificates with mysqlnd and PHP >= 5.6
  * Remove ForceSSL and PmaAbsoluteUri configuration directives
    (these are better handled by proper webserver configuration)
  * Fixed several bugs relating to exporting, particularly with
    DEFAULT and COMMENT fields
* Tue Mar 01 2016
- phpMyAdmin
  The following vulnerabilities were fixed:
  * CVE-2016-2559: XSS vulnerability in SQL parser (PMASA-2016-10 boo#968940)
  * CVE-2016-2560: Multiple XSS vulnerabilities (PMASA-2016-11 boo#968938)
  * CVE-2016-2561: Multiple XSS vulnerabilities (PMASA-2016-12 boo#968941)
  * CVE-2016-2562: Vulnerability allowing man-in-the-middle attack on API call to GitHub (PMASA-2016-13 boo#968928)
  The following upstream bugs were fixed:
  * CREATE UNIQUE INDEX index type is not recognized by parser.
  * Row count wrong when grouping joined tables.
  * Column definition with default value and comment in CREATE TABLE expoerted faulty.
  * New statement but no delimiter and unexpected token with REPLACE.
  * Fixed incorrect usage of SQL parser context in SQL export
  * Fixed inclusion of gettext library from SQL parser
* Wed Feb 24 2016
- phpMyAdmin 4.5.5
  * improvements to changing passwords on newer MariaDB servers
  * several fixes to the SQL parser
* Sat Jan 30 2016
- update to (2016-01-28)
  - gh#11892 Error with PMA
  - gh#11896 Remove hard dependency on phpseclib
* Thu Jan 28 2016
- phpMyAdmin 4.5.4
  The followinng vulnerabilities were fixed: (boo#964024)
  * CVE-2016-2038: Multiple full path disclosure vulnerabilities
  * CVE-2016-2039: Unsafe generation of XSRF/CSRF token
  * CVE-2016-2040: Multiple XSS vulnerabilities
  * CVE-2016-1927: Insecure password generation in JavaScript
  * CVE-2016-2041: Unsafe comparison of XSRF/CSRF token
  * CVE-2016-2042: Multiple full path disclosure vulnerabilities
  * CVE-2016-2043: XSS vulnerability in normalization page
  * CVE-2016-2044: Full path disclosure vulnerability in SQL parser
  * CVE-2016-2045: XSS vulnerability in SQL editor
- update upstream singing keyring
* Sun Jan 10 2016
- 4.5.x package was missing template - fix boo#961285