* Sat Jun 05 2021 ecsos <ecsos@opensuse.org>
- Update to 5.1.1
- Fixes for several PHP errors
- Fixes for "$cfg['DefaultTabDatabase']" and other related configuration directives not working properly
- Fix Yaml export to quote strings even when they are numeric
- Fix TCPDF open_basedir issue due to internal guessing code from TCPDF
- Fix for quick search not working when using more than one configured server
Fix datetime decimals displayed (.00000) after edit
- Fix new lines in text fields are doubled
- Fixed URL generation by removing un-needed & escaping for & char
- Improvements for working with PHP 8.1
- Improved handling of adding a new user with the Percona database server
For a detail changelog see:
https://demo.phpmyadmin.net/master-config/index.php?route=/changelog
* Fri Feb 26 2021 ecsos <ecsos@opensuse.org>
- Update to 5.1.0
- issue #15350 Change Media (MIME) type references to Media type
- issue #15377 Add a request router
- issue Automatically focus input in the two-factor authentication window
- issue #15509 Replace gender-specific pronouns with gender-neutral pronouns
- issue #15491 Improve complexity of generated passwords
- issue #14909 Add a configuration option to define the 1st day of week
- issue #12726 Made user names clickable in user accounts overview
- issue #15729 Improve virtuality dropdown for MariaDB > 10.1
- issue #15312 Added an option to perform ALTER ONLINE (ALGORITHM=INPLACE)
when editing a table structure
- issue Added missing 'IF EXISTS' to 'DROP EVENT' when exporting databases
- issue #15232 Improve the padding in query result tool links
- issue #15064 Support exporting raw SQL queries
- issue #15555 Added ip2long transformation
- issue #15194 Fixed horizontal scroll on structure edit page
- issue #14820 Move table hide buttons in navigation to avoid hiding a table by mistake
- issue #14947 Use correct MySQL version if the version is 8.0 or above for documentation links
- issue #15790 Use "MariaDB Documentation" instead of "MySQL Documentation" on a MariaDB server
- issue #15880 Change "Show Query" link to a button
- issue #13371 Automatically toggle the radio button to "Create a page and save it" on Designer
- issue #12969 Tap and hold will not dismiss the error box anymore, you can now copy the error
- issue #15582 Don't disable "Empty" table button after clicking it
- issue #15662 Stay on the structure page after editing/adding/dropping indexes
- issue #15663 show structure after adding a column
- issue #16005 Remove symfony/yaml dependency
- issue #16005 Improve performance of dependency injection system by removing yaml parsing
- issue #15447 Disable phpMyAdmin storage database checkbox on databases list
- issue #16001 Add autocomplete attributes on login form
- issue #13519 Add "Preview SQL" option on Index dialog box when creating a new table
- issue #15954 Fixed export maximal length of created query input is too small
- issue Redesign the server status advisor page
- issue #13124 Use same height for SQL query textarea and Columns select in SQL page
- issue #16005 Add a new vendor constant "CACHE_DIR" that defaults
to "libraries/cache/" and store routing cache into this folder
- issue #16005 Warm-up the routing cache before building the release
- issue #16005 Use --optimize-autoloader when installing composer vendors before building the release
- issue #15992 Add back the table name to the printable version on "Structure" page
- issue #14815 Allow simplifying exported view syntax to only "CREATE VIEW"
- issue #15496 Add $cfg['CaptchaSiteVerifyURL'] for Google ReCaptcha siteVerifyUrl
- issue #14772 Add the password_hash PHP function as an option when inserting data
- issue #15136 Add a notice for Hex converter giving invalid results
- issue #16139 Use a textarea for JSON columns
- issue #16223 Make JSON input transformation editor less narrow
- issue #14340 Add a button on Export Page to show the SQL Query
- issue #16304 Add support for INET6 column type
- issue #16337 Fix example insert/update query default values
- issue #12961 Remove indexes from table relation
- issue #13557 Use a full list of functions instead of a separated one on insert/edit page "Function" selector
- issue #14795 Include routines in the export in a predictable order
- issue #16227 Fixed autocomplete is not working in case the table name is quoted by "`" symbols
- issue #15463 Force BINARY comparison when looking at privileges to avoid an SQL error on privileges tab
- issue #16430 Fixed Windows error message uses trailing / instead of \
- issue #16316 Added support for "SameSite=Strict" on cookies using configuration "$cfg['CookieSameSite']"
- issue #16451 Fixed AWS RDS IAM authentication doesn't work because pma_password is truncated
- issue #16451 Show an error message when the security limit is
reached instead of silently trimming the password to avoid confusion
- issue #15001 Add back Login Cookie Validity setting to the features form
- issue #16457 Add config parameters to support third-party ReCaptcha v2 compatible APIs like hCaptcha
- issue #13077 Moved tools section to left on large devices (Bootstrap xl)
- issue #15711 Moved some buttons to left on large devices (Bootstrap xl)
- issue #15584 Add $cfg['MysqlSslWarningSafeHosts'] to set the red text black when ssl is not used on a private network
- issue #15652 Replace deprecated FOUND_ROWS() function call on "distinct values" feature
- issue Export blobs as hex on JSON export
- issue #16095 Fix leading space not shown in a CHAR column when browsing a table
- issue Make procedures/functions SQL editor both side scrollable
- issue #16407 Bump pragmarx/google2fa conflict to >8.0
- issue #14953 Added a rename Button to use RENAME INDEX syntax of MySQL 5.7 (and MariaDB >= 10.5.2)
- issue #16477 Fixed no Option to enter TABLE specific permissions when the database name contains an "_" (underscore)
- issue #16498 Fixed empty text not appearing after deleting all Routines
- issue #16467 Fixed a PHP notice "Trying to access array offset on value of type null" on Designer PDF export
- issue #15658 Fixed saving UI displayed columns on a non database request fails
- issue #16495 Fix drop tables checkbox is above the checkbox for foreign keys
- issue #16485 Fix visual query builder missing "Build Query" button
- issue #16565 Added 'IF EXISTS' to 'DROP EVENT' when updating events to avoid replication issues
- issue Removed metro fonts that where Apache-2.0 files that are incompatible with GPL-2.0
- issue #16464 Made the relation view default to the current database when creating relations
- issue #16463 Fixed 'REFERENCES' privilege checkbox's title on new MySQL versions and on MariaDB
- issue #16405 Added jest as a Unit Testing tool for our javascript code
- issue #16252 Fixed the too small font size when editing rows (textareas)
- issue #16585 Fixed BLOB to JPG transformation PHP errors
- issue Made the console setup async to avoid blocking the page render
- issue #16429 Use PHP 8.0 fixed version (commit) for TCPDF
- issue #16005 Major performance improvements on browsing a lot of rows
- issue #16595 Fixed editing columns having a `_` in their name in specific conditions
- issue #16608 Fix "Sort by key" restore auto saved value
- issue #16611 Fixed unable to add tables to rename aliases twice on Export
- issue #16621 Fixed link HTML messed up in Advisor
- issue #16622 Fixed Advisor formatting incorrect for long_query_time notice
- issue #15389 Fixed reset current page indicator after deleting all rows to current page and not page 1
- issue #15997 Fixed auto save query
- issue #15997 Made auto saved query database or database+table independent
- issue #16641 Fixed query generation that was allowing JSON to have a length
- issue #15994 Fixed the selected value detection for "on update current_timestamp"
- issue #16614 Fixed PHP 8.0 dataseek offset call to the MySQLI extension
- issue #16662 Fixed Uncaught TypeError on "delete" button click of a database search results page
- issue Fixed Undefined index: selected_usr when the user tried to delete no selected user
- issue #16657 Fixed the QBE interface when the configuration storage is not enabled
- issue #16479 Fix our Selenium test-suite
- issue #16669 Fixed table search modal for BETWEEN
- issue #16667 Fixed LIKE and TINYINT in search not working properly
- issue #16424 Fixed numerical search in table and zoom
- issue Improve the version handling (new Version class) and add a VERSION_SUFFIX for vendors
- issue #14494 Fix uncaught TypeError when editing partitioning
- issue #16525 Fix PHP 8.0 failing tests when comparing 0 to ''
- issue #16429 Fixed PHP 8.0 errors on preg_replace and operand types
- issue #16490 Fixed PHP 8.0 function libxml_disable_entity_loader() is deprecated
- issue #16429 Fixed failing unit tests on PHP 8.0
- issue #16609 Fixed Sql.rearrangeStickyColumns is not a function
- Rebase phpMyAdmin-config.patch.
* Tue Dec 22 2020 Arjen de Korte <suse+build@de-korte.org>
- Use coreutils to generate blowfish secret to reduce dependencies
* Tue Dec 15 2020 Arjen de Korte <suse+build@de-korte.org>
- Attempt to migrate modified configuration file rather than just
replacing it by default configuration
* Tue Dec 15 2020 Arjen de Korte <suse+build@de-korte.org>
- The apache subpackage must require the main package, otherwise it
will not be uninstalled when the main package is uninstalled
* Sun Dec 13 2020 Arjen de Korte <suse+build@de-korte.org>
- Generate blowfish secret and enable Apache modules/flags only on
install
- Only empty temporary directory on upgrade/uninstall (not remove)
to prevent RPM warnings/errors
- Don't empty directories not owned by this package (these should
have been cleaned up by previous versions that owned them)
* Sun Dec 13 2020 Arjen de Korte <suse+build@de-korte.org>
- Use %apache_request_restart/%apache_restart_if_needed macros to restart
apache in order to prevent unneccessary restarts
* Fri Dec 11 2020 Arjen de Korte <suse+build@de-korte.org>
- Package language files in separately
* Fri Dec 11 2020 Arjen de Korte <suse+build@de-korte.org>
- Put Apache configuration files in separate subpackage
- Generate blowfish secret with openssl on non-openSUSE systems as
pwgen is not available
* Mon Nov 09 2020 ecsos <ecsos@opensuse.org>
- Update to 5.0.4
- issue #16245 Fix failed Zoom search clears existing values
- issue Fixed a PHP error when reporting a particular JS error
- issue #16326 Fixed latitude and longitude swap for geometries in edit mode
- issue #16032 Fix CREATE TABLE not being tracked when auto tracking is enabled
- issue #16397 Fix compatibility problems with older PHP versions (also issue #16399)
- issue #16396 Fix broken two-factor authentication
- Changes from 5.0.3
- https://github.com/phpmyadmin/phpmyadmin/blob/RELEASE_5_0_3/ChangeLog
- Changes from 5.0.2
- https://github.com/phpmyadmin/phpmyadmin/blob/RELEASE_5_0_2/ChangeLog
- Changes from 5.0.1
- https://github.com/phpmyadmin/phpmyadmin/blob/RELEASE_5_0_1/ChangeLog
- Changes from 5.0.0
- https://github.com/phpmyadmin/phpmyadmin/blob/RELEASE_5_0_0/ChangeLog
- Set php >= 7.4 as recommends because:
Due to changes in the MySQL authentication method, PHP versions
prior to 7.4 are unable to authenticate to a MySQL 8.0 or newer
server (our tests show the problem actually began with MySQL 8.0.11).
This relates to a PHP bug https://bugs.php.net/bug.php?id=76243.
- Remove Suggests: php-mcrypt as described in boo#1050980
- Change tmpdir from ap_docroot/tmp to localstatedir/cache/phpMyAdmin.
Version: 4.9.11-61.1
* Tue May 23 2023 chris@computersalat.de
- Update to 4.9.11
This is a security and bugfix release.
* Fix for boo#1208186 (CVE-2023-25727, PMASA-2023-1, CWE-661)
XSS vulnerability in drag-and-drop upload
- An XSS vulnerability has been discovered where an authenticated
user can trigger an XSS attack by uploading a specially-crafted
.sql file through the drag-and-drop interface.
* Wed Jul 13 2022 chris@computersalat.de
- update changes file
* fix missing bugzilla information
* Thu Dec 10 2020 suse+build@de-korte.org
- Use system apache rpm macros
* Fri Oct 16 2020 andreas.stieger@gmx.de
- phpMyAdmin 4.9.7:
* Fix two factor authentication that was broken in 4.9.6
* Fix incompatibilities with older PHP versions
* Sun May 03 2020 chris@computersalat.de
- fix for boo#1170743
phpMyAdmin installation wipes it's sysconfig apache_server_flag entry
* Sat May 02 2020 suse+build@de-korte.org
- Don't expand @FQDN@ from /etc/HOSTNAME (this used to set
$cfg['PmaAbsoluteUri'] parameter, but this variable is no longer
in the config.sample.ini file)
* Thu Apr 23 2020 dimstar@opensuse.org
- Drop python-devel BuildRequires: python2 is EOL and this seems
unused.
- Drop xz BuildRequires: OBS takes care of unpacking the tarball.
* Tue Jan 21 2020 chris@computersalat.de
- fix for boo#1092345
* change ap_docroot from /srv/www/htdocs to /usr/share
work is based on changes provided by ecsos@opensuse.org
if phpMyAdmin.conf for apache was changed by local admin, we will
create a backup and replace the original file with the new version
sorry admins, but you need to apply your changes again
* needed Alias /phpMyAdmin is an enabled APACHE_SERVER_FLAGS default
for more info have a look into /etc/apache2/conf.d/phpMyAdmin.conf
- cleanup tmp/twig on
* uninstall
* ap_docroot change
Version: 4.8.0.1-20.1
* Fri Apr 20 2018 ecsos@opensuse.org
- update to 4.8.0.1 (2018-04-19)
- fix for boo#1090309
* PMASA-2018-2 (CVE-2018-10188, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2018-2/
- Multiple CSRF vulnerabilities
* Wed Apr 11 2018 ecsos@opensuse.org
- fix wrong require /usr/bin/bash to /bin/bash so phpMyAdmin could
install
- insert missing templates dir in htaccess
See https://docs.phpmyadmin.net/de/latest/setup.html#securing-your-phpmyadmin-installation
- create tmp dir and insert this in htaccess to fix the errormessage
after login
* Wed Apr 11 2018 javier@opensuse.org
- spec clean up
* Let rpm find the library dependencies by itself. Remove
unneeded explicit Requires: tags (php-zlib)
* Remove logic for obsolete openSUSE releases
* Ignore pem-certificate rpmlint warning (see
libraries/certs/README.rst)
* Remove hidden .github, .php_cs.dist, .scrutinizer.yml and
.editorconfig
* Remove php_twig.h and twig.c (devel)
* Set proper shebang for bash and php scripts
* Make phpmyadmin/sql-parser/bin/*-query and
paragonie/random_compat/*.sh executable
* Wed Apr 11 2018 javier@opensuse.org
- update to 4.8.0 (2018-04-07)
* gh#12946 Allow to export JSON with unescaped unicode chars
* gh#12983 Disable login button without solved reCaptcha
* gh#12315 Allow to remove individual segments from pie charts
* gh Change label from "Improve table structure" to
"Normalize" to match standard terminology
* gh#13087 Offer login as different user on access denied from
MySQL
* gh#13110 Indicate when HTTPS is not properly reported on the
server
* gh#13119 No database selected error when adding foreign key
* gh#12388 Improved database search to allow search for exact
phrase match
* gh#13099 Report error when trying to copy database to same
name
* gh#13167 Themes now have to contain metadata in theme.json
* gh#6363 phpMyAdmin no longer requires eval() in PHP
* gh#12386 The mbstring dependency is now optional
* gh#13269 Small refactoring in preparation to CSP
* gh#13384 Database link broken in Databases Page
* gh#13391 Configurable authentication logging using
$cfg['AuthLog']
* gh#13086 Add support for Google Invisible Captcha
* gh#13058 Improved error reporting for reCAPTCHA
* gh#12899 Improved rendering of server variables table
* gh#12948 Fixed javascript editor for TIME values
* gh#13095 Fixed alignment of foreign keys editing
* gh#12944 Improved inline editor for JSON
* gh#13145 Improved layout of operations pages
* gh#13448 Add "format" query button in edit view form
* gh#6241 Implement Responsive Design/mobile interface
* gh Use a single location for classes under PhpMyAdmin
namespace
* gh#12354 Indicate SSL status on main page
* gh#5666 Configuration directives for defaults of Transformation
options
* gh#12261 Remove inline JavaScript
* gh#13408 Show MySQL warnings when executing SQL queries
* gh#5827 Allow Designer to show tables from other databases
* gh#13268 Replace Query-By-Example with multi-table query
generator interface
* gh#13576 Add privileges export to per-database listing
* gh Consolidate functions into class files
* gh#13560 Add support for changing collation for all tables and
columns in database
* gh#13303 Add support for creating fulltext index from table
structure
* gh#13711 Lower default value for $cfg['MaxExactCount']
* gh#13722 DisableIS is not fully honored
* gh#6197 Added support for authentication using U2F and 2FA
* gh#13480 Avoid removing cookies on upgrade
* gh#13397 Remember state of navigation panel
* gh#11688 Reduced cookie usage
* gh#13466 Better utilization of user preferences
* gh#14042 Rename PMD to Designer
* gh#13940 Honor arg_separator in AJAX requests
* gh#14060 Can't edit rows in Internet Explorer
* gh#14096 Internet Explorer compatibility; fixes JavaScript error
Object doesn't support property or method 'startsWith'
* Tue Mar 06 2018 ecsos@opensuse.org
- update to 4.7.9 (2018-03-05)
* gh#13931 Fixed browsing tables with more results
* gh#13927 "Not an integer" when browsing a table
* gh#13887 "Input variables exceeded 1000" error relating
to PHP's max_input_vars directive
Version: 4.7.5-11.1
* Sun Nov 26 2017 suse+build@de-korte.org
- fix for boo#1057661
* no longer require php_mod_any (recommend it instead)
* only enable php5 / php7 if running Apache prefork MPM
- fix %post
* use sed instead of grep/awk to determine PHP version
* Tue Oct 24 2017 ecsos@opensuse.org
- update to 4.7.5 (2017-10-23)
* gh#13615 Avoid problems with browsing unknown query types
* gh#13612 Integrate tooltip into datetime pickers
* gh#13628 Fixed javascript error in server monitor
* gh#13444 Fixed server monitor on non Linux and Windows systems
* gh#13633 Reload javscript messages when changing language
* gh#13604 Fixed crash on invalid ordering data
* gh#13639 Fixed error when browsing non SELECT results
* gh#13533 Fixed saving column to display
* gh#13647 Fixed export of tables with VIRTUAL columns
* gh#13669 Fixed selecting multiple rows accidentally selects
the next row too
* gh#13513 Fixed edit index Column alignment issue
* gh#13515 Fixed rendering of add index dialog
* gh#13710 Fixed possible error in server advisor
* gh#13477 Fixed setting input transformations
* gh#13552 Fixed IPv4/IPv6 To Binary input transformation
* gh#13686 Clicking on column name to trigger sort with an active
search leads to logout
* gh#13725 Fixed copying tables with specific PARTITION
definition
* gh#13761 Fixed listing of bookmarks for a database
* Fri Sep 08 2017 chris@computersalat.de
- fix recommends
* php5-curl -> php-curl
* php5-zip -> php-zip
- fix post step
* enable correct phpX module
* Fri Aug 25 2017 ecsos@opensuse.org
- update to 4.7.4
* gh#13415 Remove shadow from the logo
* gh#13507 Fixed per server theme feature
* gh#13523 Missing newline in ALTER exports
* gh#13414 Fixed several compatibility issues with PHP 7.2
* gh#13550 Fixed copy results to clipboard
* gh#13562 Add limitation for user group length
* gh#13561 Fixed edit variable link in advisor
* gh#13579 Optimize table link should not be visible in print
page
* gh#13553 Improved error handling on corrupted tables
* gh#13512 Fixed rendering of add index dialog
* gh#13606 Fixed refreshing server variables
* Fri Jul 28 2017 chris@computersalat.de
- fix for boo#1050980
* replace mcrypt with openssl, see
https://github.com/phpseclib/phpseclib/issues/1028
- update changes (update to 4.6.6 (2017-01-23))
* add missing (CVE-Not yet available) CVE's
* Sat Jul 22 2017 ecsos@opensuse.org
- update to 4.7.3
* gh#13447 Large multi-line query removes Export operation and
blanks query box options
* gh#13445 Fixed rendering of query results
* gh#13437 Fixed version check when not connected to a database
* gh#13465 Fixed creating relation
* gh#13475 Fixed export without backquotes
* gh#13482 Improved handling of uploaded files with open_basedir
* gh#13387 Fixed inline editing of hex values
* gh#13382 Fixed size of index edit dialog
* gh#13489 Fixed rendering SQL lint errors
* gh#13468 Avoid breakage if set_time_limit is disabled
* gh#13471 Fail if ini_set/ini_get are disabled
* gh#13436 Automatically connect using SSL when server is
configured so
* gh#13478 Fixed usage of some browser transformations
Version: 4.7.0-2.1
* Sat Apr 22 2017 chris@computersalat.de
- restore phpMyAdmin-pma.patch
* because it is NOT upstream and needed for configuration storage
- restore previous phpMyAdmin-config.patch
* merge with upstream config VAR changes
- removed $cfg['Servers'][$i]['designer_coords']
* Sat Apr 01 2017 ecsos@opensuse.org
- update to 4.7.0 (2017-03-28)
* gh#12233 [Display] Improve message when renaming database to
same name
* gh#6146 Log authentication attempts to syslog
* gh#11981 Remove support for Swekey authentication
* gh#11987 Remove code for no longer supported MSIE versions
* gh#11962 Remove embedded PHP libraries, use composer to install
them
* gh#12017 Cannot easily select multiple tables when exporting
* gh#12047 Add javascript filtering for databases
* gh#12166 More compact rendering of navigation tree
* gh#12129 Improve performance with SkipLockedTables
* gh#12173 Do not hide indexes under a slider
* Improve performance of zip file import
* gh#12196 Removed $cfg['ThemePath']
* gh#6274 Add support for export user settings as config.inc.php
snippet
* gh#5555 Better report query errors while generating SQL exports
* gh#12307 Produce valid JSON on export
* gh#12325 Setup script icons broken
* gh#12378 Support IPv6 proxies
* Removed MySQL connection retry without password
* gh#12218 Allow to specify further parameters for control
connection
* gh#12162 Show charset for each table on Database structure page
* gh#12463 Incorrect link in the href of icon at Hide/Show unhide
links
* gh#12330 Shortcut for closing console
* gh#12465 Improved handling of http requests
* gh#12474 Broken links in Setup forms Navigation
* gh#12494 Can't add a new User
* gh#12523 Add 'token' Parameter in all POST requests
(Fix 'Token mismatch' errors)
* gh#12302 Improved usage of number_format
* gh#12656 Server selection not working
* gh#12543 NULL results in dataset are colored grey
* gh#12664 Create Bookmark broken
* gh#12688 Use unsigned int for storing bookmark ID
* gh#12352 Added password strength indicator
* gh#12713 Correctly handle HTTP status when doing requests
* gh#12247 Add option to delete settings from browser storage
* gh#12783 Remove unused PMA_addJSCode function
* gh#12069 Add table filtering to database structure
* gh#12799 Allow to configure signon session parameters
* gh#12854 Drop database is broken
* gh#12863 Can't toggle Event Scheduler on
* gh#12742 Finish removing dead code references to xls/xlsx
import and export, which was removed some time ago.
* gh#12536 Rename "Relations" to "Relationships" in many places
as it's the more proper term
* gh#12834 Fixed margins in central columns feature
* gh#12903 Document more export configuration options
* gh#12897 Use consistent numeric format for table overhead
* gh#12901 Use server returned table name on renaming table
* gh#12918 Always use \r\n as newline when editing fields
* gh#12923 Fixed server side search in navigation panel
* gh#12929 Undefined index warning with ssl_ca_paths
* gh#12924 Do not show errors from OpenSSL cookie
encryption/decryption
* gh#12945 Fixed hint rendering on adding new user
* gh#12941 Fixed sorting of tables in relation view
* gh#12936 Fixed tables pagination in navigation panel
* gh#12904 Do not collapse add form for central columns if there
are none
* gh#12955 Fixed database renaming
* gh#12954 Fixed export of tracking data
* gh#12960 Enclose exports in transaction by default
* gh#12966 After adding a column ADD INDEX option won't be
displayed when enabling AI
* gh#12972 Better error message when Composer has not been run
* gh#12988 Do not show language selector without choices
* gh#12993 Fixed external links to php documentation
* gh#12990 Fixed error when loading favorite tables to console
* gh#12981 Improved rendering of new version information
* gh#12922 Fixed bookmarks ordering
* gh#12964 Fixed table search in navigation
* gh#12985 Fixed rendering of foreign key browsing
* gh#12957 Fixed manipulation with GIS data having zero
coordinates
* gh#12804 Fixed various designer javascript errors
* gh#12934 Fixed possible javascript error on server status page
* gh#12927 Fixed javascript error on 3NF normalization
* gh#12996 List all databses in navigation panel database
dropdown
* gh#12980 Better defaults when creating multi field foreign key
* gh#12976 Improved foreign key editor behavior
* gh#12958 Always show error reporting dialog on top
* gh#12693 Improved support for TokuDB
* gh#11231 Try harder to honor LoginCookieValidity setting
* gh#13016 and #13017 Slight improvements to the table layout of
Relation view
* gh#12345 Correctly show affected rows for LOAD DATA queries
* gh#13010 Copy database: SQL error for copying PMADB metadata
* gh#13002 Fixed OpenDocument exports
* gh#13000 Align NULL values according to the column alignment
* gh#13021 Show phpMyAdmin errors even with error_reporting
set to 0
* gh#13020 Removed warning about client and server versions
mismatch
* Hide comments on table Structure tab when no comment is set
* Fixed submission of error reports
* gh#13033 Use Referrer-Policy header to specify referrer policy
* Fixed javascript confirmation of dangerous queries
* gh#13040 Compatibility with hhvm 3.18
* gh#13031 Fixed displaying of all rows
* gh#12967 Fixed related field selection for native relations
* gh#13045 Properly escape MIME transformatoin names
* gh#13028 Always show 100% in font selector
* gh#13047 Fix query simulating for more servers
* gh#12846 Fix new version check for sites with wrongly
configured curl
* gh#12951 When exporting to Excel, the default is now to include
column names in the first row
* gh#13059 Removed debugging code
* gh#13029 Fixed table tracking for nested table groups
* gh#13053 Fixed broken links in setup
* gh#12708 Removed phpMyAdmin version from User-Agent header
* gh#13084 Do not point users to setup when it is disabled
* gh#12660 Delete only phpMyAdmin cookies on upgrade
* gh#13088 Fixed editing of rows with text primary key
* gh#13092 Do not try to sync favorite tables if configuration
storage is not enabled
* gh#13105 Fixed changing attribute for virtual field
* gh#12757 Fixed setting password on recent MariaDB with non
working plugins
* gh#12349 Fixed undefined variable on import from some formats
* gh#13103 Do not offer default names for copying/renaming
databases
* [security] Possible to bypass
$cfg['Servers'][$i]['AllowNoPassword'], see PMASA-2017-08
- Drop patch phpMyAdmin-pma.patch because now in upstream
* Mon Mar 20 2017 chris@computersalat.de
- add http.inc file
* include one file for php5/php7 admin flags/values
* Wed Jan 25 2017 chris@computersalat.de
- 4.6.6 (2017-01-23)
* gh#12759 Fix Notice regarding 'Undefined index: old_usergroup'
* gh#12760 Fix Notice regarding 'Undefined index: users'
* gh#12762 Fixed parsing of SQL with BINARY function
* gh#12588 ReCaptcha now works without allow_url_fopen
* gh#12699 Show no local storage warning only on settings tab
* gh#12778 Syntax Error in Adding/Changing TIMESTAMP columns with
default value as NULL
* gh#12769 Edit/Export links are not clickable under Routines tab
* gh#12757 Fixed creating new user with older MariaDB
* gh#12784 Remove ctype installation suggestion
* gh#12780 Format button replaces all text with blank spaces
* gh#12786 Fixed database searching
* gh#12792 Fixed javascript error on new version link
* gh#12785 Add information about required and suggested extensions
to composer.json
* gh#12801 Custom header shown twice with cookie login form
* gh#12802 Custom footer not shown with auth_type http login failure
* gh#12434 Improve documentation for servers running with Suhosin
* gh#12800 Updated embedded phpSecLib to 2.0.4
* gh#12800 Fixed various issues with PHP 7.1
* gh#11816 Fixed operation with lower_case_table_names=2
* gh#12813 Fixed stored procedure execution
* gh#12826 Honor user configured connection collation
* gh#12293 Correctly report OpenSSL errors from cookie encryption
* gh#12814 DateTime won't allow to input length in Routine editor
* gh#12840 Fix Notice regarding 'Undefined index: row_format' when
altering table options
* gh#12841 Fixed moving of columns with whitespace in name
* gh#12847 Fixed editing of virtual columns
* gh#12859 Changed WHERE condition to 0 instead of 1 for SQL query
window to avoid accidents
* gh#12872 Use same query for display and execution when dropping
index
* gh#12868 Fix check for user groups freatures being enabled
* gh#12876 Fix notices and warning related to dbs_to_test global
* gh#12831 Fix table formatting on Insert tab, which mostly
affected row highlighting
* gh#12495 Reintroduced phpinfo page with limited capabilities
* gh#12861 Fix renaming tables with lower_case_table_names=2
* gh#12876 Fix possible PHP error in navigation
* gh#12881 Fix database search with newer php-gettext
* gh#12894 Fix linter error on unterminated variable name
* gh#12732 Fixed filtering for active processes
- fix for boo#1021597
* PMASA-2016-44 (CVE-2016-6621, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2016-44/
- Multiple vulnerabilities in setup script
* PMASA-2017-1 (CVE-2017-1000013, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2017-1/
- Open redirect
* PMASA-2017-2 (CVE-2015-8980, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2017-2/
- php-gettext code execution
* PMASA-2017-3 (CVE-2017-1000014, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2017-3/
- DOS vulnerabiltiy in table editing
* PMASA-2017-4 (CVE-2017-1000015, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2017-4/
- CSS injection in themes
* PMASA-2017-5 (CVE-2017-1000016, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2017-5/
- Cookie attribute injection attack
* PMASA-2017-6 (CVE-2017-1000017, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2017-6/
- SSRF in replication
* PMASA-2017-7 (CVE-2017-1000018, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2017-7/
- DOS in replication status
- remove obsolete phpMyAdmin-12757_sql_syntax_errror.patch
- rework phpMyAdmin-config.patch
* Thu Jan 19 2017 ecsos@opensuse.org
- Add Patch phpMyAdmin-12757_sql_syntax_errror.patch to fix
gh#12757 SQL syntax errror on MariaDB < 10.0.2 in check for mysql
password check plugin.
Will be fixed in 4.6.6
* Tue Dec 06 2016 chris@computersalat.de
- update to 4.6.5.2 (2016-12-05)
* gh#12765 Fixed SQL export with newlines
- update changes (update to 4.6.5 (2016-11-25))
* add missing (Not yet available) CVE's
- fix phpMyAdmin.http
* Sat Nov 26 2016 ecsos@opensuse.org
- update to 4.6.5.1 (2016-11-26)
- quick fix for 4.6.5
* an issue affecting a small number of users using
$cfg['Servers'][$i]['hide_db'] or $cfg['Servers'][$i]['only_db'].
* an issue affecting the create table dialog where the partition
selection tool was overzealous and made it difficult to create
a new table.
- update to 4.6.5 (2016-11-25)
- security fixes
* Fix for expanding in navigation pane
* Reintroduced a simplified version of PmaAbsoluteUri directive
(needed with reverse proxies)
* Fix editing of ENUM/SET/DECIMAL field structures
* Improvements to the parser
- other fixes
* Remove potentionally license problematic sRGB profile
* gh#12459 Display read only fields as read only when editing
* gh#12384 Fix expanding of navigation pane when clicking on database
* gh#12430 Impove partitioning support
* gh#12374 Reintroduced simplified PmaAbsoluteUri configuration
directive
* Always use UTC time in HTTP headers
* gh#12479 Simplified validation of external links
* gh#12483 Fix browsing tables with built in transformations
* gh#12485 Do not show warning about short blowfish_secret if none
is set
* gh#12251 Fixed random logouts due to wrong cookie path
* gh#12480 Fixed editing of ENUM/SET/DECIMAL fields structure
* gh#12497 Missing escaping of configuration used in SQL
(hide_db and only_db)
* gh#12476 Add error checking in reading advisory rules file
* gh#12477 Add checking missing elements and confirming element
types from json_decode
* gh#12251 Automatically save SQL query in browser local storage
rather than in cookie
* gh#12292 Unable to edit transformations
* gh#12502 Remove unused paramenter when connecting to MySQLi
* gh#12303 Fix number formatting with different settings of
precision in PHP
* gh#12405 Use single quotes in PHP code
* gh#12534 Option for the dropped column is not removed from
'after_field' select, after the column is dropped
* gh#12531 Properly detect DROP DATABASE queries
* gh#12470 Fix possible race condition in setting URL hash
* gh#11924 Remove caching of server information
* gh#11628 Proper parsing of INSERT ... ON DUPLICATE KEY queries
* gh#12545 Proper parsing of CREATE TABLE ... PARTITION queries
* gh#12473 Code can throw unhandled exception
* gh#12550 Do not try to keep alive session even after expiry
* gh#12512 Fixed rendering BBCode links in setup
* gh#12518 Fixed copy of table with generated columns
* gh#12221 Fixed export of table with generated columns
* gh#12320 Copying a user does not copy usergroup
* gh#12272 Adding a new row with default enum goes to no selection
when you want to add more then 2 rows
* gh#12487 Drag and drop import prevents file dropping to blob
column file selector on the insert tab
* gh#12554 Absence of scrolling makes it impossible to read longer
text values in grid editing
* gh#12530 "Edit routine" crashes when the current user is not the
definer, even if privileges are adequate
* gh#12300 Export selective tables by-default dumps Events also
* gh#12298 Fixed export of view definitions
* gh#12242 Edit routine detail dialog does not fill "Return length"
field in mysql functions
* gh#12575 New index Confirm adds whitespace around the field name
* gh#12382 Bug in zoom search
* gh#12321 Assign LIMIT clause only to syntactically correct queries
* gh#12461 Can't Execute SQL With Sub-Query Due To "LIMIT 0,25"
Inserted At Wrong Place
* gh#12511 Clarify documentation on ArbitraryServerRegexp
* gh#12508 Remove duplicate code in SQL escaping
* gh#12475 Cleanup code for getting table information
* gh#12579 phpMyAdmin's export of a Select statment without a FROM
clause generates Wrong SQL
* gh#12316 Correct export of complex SELECT statements
* gh#12080 Fixed parsing of subselect queries
* gh#11740 Fixed handling DELETE ... USING queries
* gh#12100 Fixed handling of CASE operator
* gh#12455 Query history stores separate entry for every letter
typed
* gh#12327 Create PHP code no longer works
* gh#12179 Fixed bookmarking of query with multiple statements
* gh#12419 Wrong description on GRANT OPTION
* gh#12615 Fixed regexp for matching browser versions
* gh#12569 Avoid showing import errors twice
* gh#12362 prefs_manage.php can leave an orphaned temporary file
* gh#12619 Unable to export csv when using union select
* gh#12625 Broken Edit links in query results of JOIN query
* gh#12634 Drop DB error in import if DB doesn't exist
* gh#12338 Designer reverts to first saved ER after EACH relation
create or delete
* gh#12639 'Show trace' in Console generates JS error for functions
in query's trace called without any arguments
* gh#12366 Fix user creation with certain MariaDB setups
* gh#12616 Refuse to work with mbstring.func_overload enabled
* gh#12472 Properly report connection without password in setup
* gh#12365 Fix records count for large tables
* gh#12533 Fix records count for complex queries
* gh#12454 Query history not updated in console until page refresh
* gh#12344 Fixed parsing of labels in loop
* gh#12228 Fixed parsing of BEGIN labels
* gh#12637 Fixed editing some timestamp values
* gh#12622 Fixed javascript error in designer
* gh#12334 Missing page indicator or VIEWs
* gh#12610 Export of tables with Timestamp/Datetime/Time columns
defined with ON UPDATE clause with precision fails
* gh#12661 Error inserting into pma__history after timeout
* gh#12195 Row_format = fixed not visible
* gh#12665 Cannot add a foreign key - non-indexed fields not listed
in InnoDB tables
* gh#12674 Allow for proper MySQL-allowed strings as identifiers
* gh#12651 Allow for partial dates on table insert page
* gh#12681 Fixed designer with tables using special chars
* gh#12652 Fixed visual query builder for foreign keys with more
fields
* gh#12257 Improved search page performance
* gh#12322 Avoid selecting default function for foreign keys
* gh#12453 Fixed escaping of SQL parts in some corner cases
* gh#12542 Missing table name in account privileges editor
* gh#12691 Remove ksort call on empty array in PMA_getPlugins
function
* gh#12443 Check parameter type before processing
* gh#12299 Avoid generating too long URLs in search
* gh#12361 Fix self SQL injection in table-specific privileges
* gh#12698 Add link to release notes and download on new version
notification
* gh#12712 Error when trying to setup replication (fatal error in
call to an old PMA_DBI_connect function)
- fix for boo#1012271
https://www.phpmyadmin.net/security/
* Unsafe generation of $cfg['blowfish_secret']
see PMASA-2016-58 (CVE ids: CVE-2016-9847, CWE-661)
* phpMyAdmin's phpinfo functionality is removed
see PMASA-2016-59 (CVE ids: CVE-2016-9848, CWE-661)
* AllowRoot and allow/deny rule bypass with specially-crafted
username
see PMASA-2016-60 (CVE ids: CVE-2016-9849, CWE-661)
* Username matching weaknesses with allow/deny rules
see PMASA-2016-61 (CVE ids: CVE-2016-9850, CWE-661)
* Possible to bypass logout timeout
see PMASA-2016-62 (CVE ids: CVE-2016-9851, CWE-661)
* Full path disclosure (FPD) weaknesses
see PMASA-2016-63 (CVE ids: CVE-2016-9852, CVE-2016-9853,
CVE-2016-9854, CVE-2016-9855, CWE-661)
* Multiple XSS weaknesses
see PMASA-2016-64 (CVE ids: CVE-2016-9856, CVE-2016-9857,
CWE-661, CWE-352)
* Multiple denial-of-service (DOS) vulnerabilities
see PMASA-2016-65 (CVE ids: CVE-2016-9858, CVE-2016-9859,
CVE-2016-9860, CWE-661, CW-400)
* Possible to bypass white-list protection for URL redirection
see PMASA-2016-66 (CVE ids: CVE-2016-9861, CWE-661, CWE-20,
CWE-601)
* BBCode injection to login page
see PMASA-2016-67 (CVE ids: CVE-2016-9862, CWE-661)
* Denial-of-service (DOS) vulnerability in table partitioning
see PMASA-2016-68 (CVE ids: CVE-2016-9863, CWE-661, CWE-400)
* Multiple SQL injection vulnerabilities
see PMASA-2016-69 (CVE ids: CVE-2016-9864, CWE-661, CWE-89)
* Incorrect serialized string parsing
see PMASA-2016-70 (CVE ids: CVE-2016-9865, CWE-661)
* CSRF token not stripped from the URL
see PMASA-2016-71 (CVE ids: CVE-2016-9866, CWE-661)
* Sun Nov 06 2016 chris@computersalat.de
- fix deps
* add missing Recommends php5-curl
- fix phpMyAdmin.http
* add <IfModule mod_php7.c>
* Sat Nov 05 2016 chris@computersalat.de
- fix phpMyAdmin.http
* Thu Aug 18 2016 chris@computersalat.de
- 4.6.4 (2016-08-16)
- securitiy fixes
* Improve session cookie code for openid.php and signon.php example
files
* Full path disclosure in openid.php and signon.php example files
* Unsafe generation of BlowfishSecret (when not supplied by the user)
* Referrer leak when phpinfo is enabled
* Use HTTPS for wiki links
* Improve SSL certificate handling
* Fix full path disclosure in debugging code
* Administrators could trigger SQL injection attack against users
- other fixes
* Remove Swekey support
* Include X-Robots-Tag header in responses
* Enforce numeric field length when creating table
* Fixed invalid Content-Length in some HTTP responses
* gh#12394 Create view should require a view name
* gh#12391 Message with 'Change password successfully' displayed,
but does not take effect
* Tighten control on PHP sessions and session cookies
* gh#12409 Re-enable overhead on server databases view
* gh#12414 Fixed rendering of Original theme
* gh#12413 Fixed deleting users in non English locales
* gh#12416 Fixed replication status output in Databases listing
* gh#12303 Avoid typecasting to float when not needed
* gh#12425 Duplicate message variable names in messages.inc.php
* gh#12399 Adding index to table shows wrong top navigation
* gh#12424 Fixed password change on MariaDB without auth plugin
* gh#12339 Do not error on unset server port
* gh#12422 Improvements to the original theme
* gh#12395 Do not try to load old transformation plugins
* gh#12423 Fixed replication status in database listing
* gh#12433 Copy table with prefix does not copy the indexes
* gh#12375 Search in database: Window content is not scrolling down
when clicking first time on Browse link
* gh#12346 SQL Editor textareas can have their size increased from
the top, distorting the page view
- fix for boo#994313
https://www.phpmyadmin.net/security/
* Weaknesses with cookie encryption
see PMASA-2016-29 (CVE-2016-6606, CWE-661)
* Multiple XSS vulnerabilities
see PMASA-2016-30 (CVE-2016-6607, CWE-661)
* Multiple XSS vulnerabilities
see PMASA-2016-31 (CVE-2016-6608, CWE-661)
* PHP code injection
see PMASA-2016-32 (CVE-2016-6609, CWE-661)
* Full path disclosure
see PMASA-2016-33 (CVE-2016-6610, CWE-661)
* SQL injection attack
see PMASA-2016-34 (CVE-2016-6611, CWE-661)
* Local file exposure through LOAD DATA LOCAL INFILE
see PMASA-2016-35 (CVE-2016-6612, CWE-661)
* Local file exposure through symlinks with UploadDir
see PMASA-2016-36 (CVE-2016-6613, CWE-661)
* Path traversal with SaveDir and UploadDir
see PMASA-2016-37 (CVE-2016-6614, CWE-661)
* Multiple XSS vulnerabilities
see PMASA-2016-38 (CVE-2016-6615, CWE-661)
* SQL injection vulnerability as control user
see PMASA-2016-39 (CVE-2016-6616, CWE-661)
* SQL injection vulnerability
see PMASA-2016-40 (CVE-2016-6617, CWE-661)
* Denial-of-service attack through transformation feature
see PMASA-2016-41 (CVE-2016-6618, CWE-661)
* SQL injection vulnerability as control user
see PMASA-2016-42 (CVE-2016-6619, CWE-661)
* Verify data before unserializing
see PMASA-2016-43 (CVE-2016-6620, CWE-661)
* SSRF in setup script
see PMASA-2016-44 (CVE-2016-6621, CWE-661)
* Denial-of-service attack with
$cfg['AllowArbitraryServer'] = true and persistent connections
see PMASA-2016-45 (CVE-2016-6622, CWE-661)
* Denial-of-service attack by using for loops
see PMASA-2016-46 (CVE-2016-6623, CWE-661)
* Possible circumvention of IP-based allow/deny rules with IPv6 and
proxy server
see PMASA-2016-47 (CVE-2016-6624, CWE-661)
* Detect if user is logged in
see PMASA-2016-48 (CVE-2016-6625, CWE-661)
* Bypass URL redirection protection
see PMASA-2016-49 (CVE-2016-6626, CWE-661)
* Referrer leak
see PMASA-2016-50 (CVE-2016-6627, CWE-661)
* Reflected File Download
see PMASA-2016-51 (CVE-2016-6628, CWE-661)
* ArbitraryServerRegexp bypass
see PMASA-2016-52 (CVE-2016-6629, CWE-661)
* Denial-of-service attack by entering long password
see PMASA-2016-53 (CVE-2016-6630, CWE-661)
* Remote code execution vulnerability when running as CGI
see PMASA-2016-54 (CVE-2016-6631, CWE-661)
* Denial-of-service attack when PHP uses dbase extension
see PMASA-2016-55 (CVE-2016-6632, CWE-661)
* Remove tode execution vulnerability when PHP uses dbase extension
see PMASA-2016-56 (CVE-2016-6633, CWE-661)
- fix deps
* add missing php-gettext
- rebase phpMyAdmin-config.patch
* Thu Jun 23 2016 chris@computersalat.de
- update to 4.6.3 (2016-06-23)
* gh#12249 Fixed cookie path on Windows
* gh#12279 Fixed error reporting on connect problems
* gh#12290 Fixed export of tables without explicitly set engine
* gh#12285 Designer JavaScript error: Show/Hide tables list
* gh#12293 Fix MySQL SSL connection with some PHP versions
* gh#12279 Fix MySQL connection error on version mismatch
* gh#12281 Keep user attributes (privileges, authentication mode, etc) when copying a user
* gh#12308 Fix division by zero in case of misconfigured MySQL server
* gh#12317 Fix editing server variables
* gh#12303 Fix table size calculation in some circumstances
* gh#12310 Fix listing routines for non privileged user
* issue Escape generated query in exporting a database
* issue Setup script did not properly use input type password for some input types
- fix for boo#986154
* PMASA-2016-17 (CVE-2016-5701, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2016-17/
- BBCode injection vulnerability
* PMASA-2016-18 (CVE-2016-5702, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2016-18/
- Cookie attribute injection attack
* PMASA-2016-19 (CVE-2016-5703, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2016-19/
- SQL injection attack
* PMASA-2016-20 (CVE-2016-5704, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2016-20/
- XSS on table structure page
* PMASA-2016-21 (CVE-2016-5705, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2016-21/
- Multiple XSS vulnerabilities
* PMASA-2016-22 (CVE-2016-5706, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2016-22/
- DOS attack
* PMASA-2016-23 (CVE-2016-5730, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2016-23/
- Multiple full path disclosure vulnerabilities
* PMASA-2016-24 (CVE-2016-5731, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2016-24/
- XSS through FPD
* PMASA-2016-25 (CVE-2016-5732, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2016-25/
- XSS in partition range functionality
* PMASA-2016-26 (CVE-2016-5733, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2016-26/
- Multiple XSS vulnerabilities
* PMASA-2016-27 (CVE-2016-5734, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2016-27/
- Unsafe handling of preg_replace parameters
* PMASA-2016-28 (CVE-2016-5739, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2016-28/
- Referrer leak in transformations
* Sun May 29 2016 chris@computersalat.de
- rebase phpMyAdmin-config.patch
* Sat May 28 2016 ecsos@opensuse.org
- update to 4.6.2 (2016-05-25)
- gh#12225 Use https for documentation links
- gh#12234 Fix schema export with too many tables
- gh#12240 Avoid parsing non JSON responses as JSON
- gh#12244 Avoid using too log URLs when getting javascripts
- gh#12118 Fixed setting mixed case languages
- gh#12229 Avoid storing objects in session when debugging SQL
- gh#12249 Fix cookie path on IIS
- gh#11705 Fix occassional 200 errors on Windows
- gh#12219 Fix locking issues when importing SQL
- gh#12231 Avoid confusing warning when mysql extension is missing
- fix issue Improve handling of logout
- fix issue Safer handling of sessions during authentication
- gh#12209 Fix server selection on main page
- gh#12192 Avoid storing full error data in session
- gh#12082 Fixed export of ARCHIVE tables with keys
- gh#11565 Add session reload for config authentication
- gh#12229 Do not fail on errors stored in session
- gh#12248 Fix loading of APC based upload progress bar
- remove PmaAbsoluteUri from phpMyAdmin-config.patch because since
version 4.6.0 it is remove
- Security fixes:
* PMASA-2016-14 (CVE-2016-5097, CWE-661, boo#982126)
https://www.phpmyadmin.net/security/PMASA-2016-14/
- User SQL queries can be revealed through URL GET parameters,
see PMASA-2016-14
* PMASA-2016-16 (CVE-2016-5099, CWE-661, boo#982128)
https://www.phpmyadmin.net/security/PMASA-2016-16/
- Self XSS vulneratbility, see PMASA-2016-16
* Mon May 09 2016 chris@computersalat.de
- phpMyAdmin 4.6.1:
* Problems with SQL syntax warnings from the linter/parser
* Fixing an error about "PMA_Util" not found
* Better handling of JSON columns
* Fixed quoting with the SQL parser, which in particular adversely
affected SQL imports and exports
* Thu Mar 24 2016 astieger@suse.com
- phpMyAdmin 4.6.0:
* Allow setting routine-wise privileges
* UI for defining partitioning in create table window
* Support JSON data type
* Editing partitions in table Structure
* Copy results to clipboard
* Reactivate cut&paste possibility in print view
* Display binary strings as text if they are valid UTF-8
* Copy multiple tables to database
* Show MySQL error messages in user language
* Add new configuration directive 'ssl_verify' for self-signed
certificates with mysqlnd and PHP >= 5.6
* Remove ForceSSL and PmaAbsoluteUri configuration directives
(these are better handled by proper webserver configuration)
* Fixed several bugs relating to exporting, particularly with
DEFAULT and COMMENT fields
* Tue Mar 01 2016 astieger@suse.com
- phpMyAdmin 4.5.5.1:
The following vulnerabilities were fixed:
* CVE-2016-2559: XSS vulnerability in SQL parser (PMASA-2016-10 boo#968940)
* CVE-2016-2560: Multiple XSS vulnerabilities (PMASA-2016-11 boo#968938)
* CVE-2016-2561: Multiple XSS vulnerabilities (PMASA-2016-12 boo#968941)
* CVE-2016-2562: Vulnerability allowing man-in-the-middle attack on API call to GitHub (PMASA-2016-13 boo#968928)
The following upstream bugs were fixed:
* CREATE UNIQUE INDEX index type is not recognized by parser.
* Row count wrong when grouping joined tables.
* Column definition with default value and comment in CREATE TABLE expoerted faulty.
* New statement but no delimiter and unexpected token with REPLACE.
* Fixed incorrect usage of SQL parser context in SQL export
* Fixed inclusion of gettext library from SQL parser
* Wed Feb 24 2016 astieger@suse.com
- phpMyAdmin 4.5.5
* improvements to changing passwords on newer MariaDB servers
* several fixes to the SQL parser
* Sat Jan 30 2016 ecsos@opensuse.org
- update to 4.5.4.1 (2016-01-28)
- gh#11892 Error with PMA 4.4.15.3
- gh#11896 Remove hard dependency on phpseclib
* Thu Jan 28 2016 astieger@suse.com
- phpMyAdmin 4.5.4
The followinng vulnerabilities were fixed: (boo#964024)
* CVE-2016-2038: Multiple full path disclosure vulnerabilities
* CVE-2016-2039: Unsafe generation of XSRF/CSRF token
* CVE-2016-2040: Multiple XSS vulnerabilities
* CVE-2016-1927: Insecure password generation in JavaScript
* CVE-2016-2041: Unsafe comparison of XSRF/CSRF token
* CVE-2016-2042: Multiple full path disclosure vulnerabilities
* CVE-2016-2043: XSS vulnerability in normalization page
* CVE-2016-2044: Full path disclosure vulnerability in SQL parser
* CVE-2016-2045: XSS vulnerability in SQL editor
- update upstream singing keyring
* Sun Jan 10 2016 astieger@suse.com
- 4.5.x package was missing template - fix boo#961285