Package Release Info


Update Info: openSUSE-2023-47
Available in Package Hub : 15 SP4 Update





Change Logs

* Wed Feb 08 2023 ecsos <>
- Update to 5.2.1
  This is a security and bufix release.
  * Security
  - Fix (PMASA-2023-01, CWE-661, boo#1208186, CVE-2023-25727)
    Fix an XSS attack through the drag-and-drop upload feature.
  * Bugfix
  - issue #17522 Fix case where the routes cache file is invalid
  - issue #17506 Fix error when configuring 2FA without XMLWriter or Imagick
  - issue        Fix blank page when some error occurs
  - issue #17519 Fix Export pages not working in certain conditions
  - issue #17496 Fix error in table operation page when partitions are broken
  - issue #17386 Fix system memory and system swap values on Windows
  - issue #17517 Fix Database Server panel not getting hidden by ShowServerInfo configuration directive
  - issue #17271 Fix database names not showing on Processes tab
  - issue #17424 Fix export limit size calculation
  - issue #17366 Fix refresh rate popup on Monitor page
  - issue #17577 Fix monitor charts size on RTL languages
  - issue #17121 Fix password_hash function incorrectly adding single quotes to password before hashing
  - issue #17586 Fix statistics not showing for empty databases
  - issue #17592 Clicking on the New index link on the sidebar does not throw an error anymore
  - issue #17584 It's now possible to browse a database that includes two % in its name
  - issue        Fix PHP 8.2 deprecated string interpolation syntax
  - issue        Some languages are now correctly detected from the HTTP header
  - issue #17617 Sorting is correctly remembered when $cfg['RememberSorting'] is true
  - issue #17593 Table filtering now works when action buttons are on the right side of the row
  - issue #17388 Find and Replace using regex now makes a valid query if no matching result set found
  - issue #17551 Enum/Set editor will not fail to open when creating a new column
  - issue #17659 Fix error when a database group is named tables, views, functions, procedures or events
  - issue #17673 Allow empty values to be inserted into columns
  - issue #17620 Fix error handling at phpMyAdmin startup for the JS SQL console
  - issue        Fixed debug queries console broken UI for query time and group count
  - issue        Fixed escaping of SQL query and errors for the debug console
  - issue        Fix console toolbar UI when the bookmark feature is disabled and sql debug is enabled
  - issue #17543 Fix JS error on saving a new designer page
  - issue #17546 Fix JS error after using save as and open page operation on the designer
  - issue        Fix PHP warning on GIS visualization when there is only one GIS column
  - issue #17728 Some select HTML tags will now have the correct UI style
  - issue #17734 PHP deprecations will only be shown when in a development environment
  - issue #17369 Fix server error when blowfish_secret is not exactly 32 bytes long
  - issue #17736 Add utf8mb3 as an alias of utf8 on the charset description page
  - issue #16418 Fix FAQ 1.44 about manually removing vendor folders
  - issue #12359 Setup page now sends the Content-Security-Policy headers
  - issue #17747 The Column Visibility Toggle will not be hidden by other elements
  - issue #17756 Edit/Copy/Delete row now works when using GROUP BY
  - issue #17248 Support the UUID data type for MariaDB >= 10.7
  - issue #17656 Fix replace/change/set table prefix is not working
  - issue        Fix monitor page filter queries only filtering the first row
  - issue        Fix "Link not found!" on foreign columns for tables having no char column to show
  - issue #17390 Fix "Create view" modal doesn't show on results and empty results
  - issue #17772 Fix wrong styles for add button from central columns
  - issue #17389 Fix HTML disappears when exporting settings to browser's storage
  - issue #17166 Fix "Warning: #1287 'X' is deprecated [...] Please use ST_X instead." on search page
  - issue        Use jquery-migrate.min.js (14KB) instead of jquery-migrate.min.js (31KB)
  - issue #17842 Use jquery.validate.min.js (24 KB) instead of jquery.validate.js (50 KB)
  - issue #17281 Fix links to databases for information_schema.SCHEMATA
  - issue #17553 Fix Metro theme unreadable links above navigation tree
  - issue #17553 Metro theme UI fixes and improvements
  - issue #17553 Fix Metro theme login form with
  - issue #16042 Exported gzip file of database has first ~73 kB uncompressed and rest is gzip compressed in Firefox
  - issue #17705 Fix inline SQL query edit FK checkbox preventing submit buttons from working
  - issue #17777 Fix Uncaught TypeError: Cannot read properties of null (reading 'inline') on datepickers when re-opened
  - issue        Fix Original theme buttons style and login form width
  - issue #17892 Fix closing index edit modal and reopening causes it to fire twice
  - issue #17606 Fix preview SQL modal not working inside "Add Index" modal
  - issue        Fix PHP error on adding new column on create table form
  - issue #17482 Default to "Full texts" when running explain statements
  - issue        Fixed Chrome scrolling performance issue on a textarea of an "export as text" page
  - issue #17703 Fix datepicker appears on all fields, not just date
  - issue        Fix space in the tree line when a DB is expanded
  - issue #17340 Fix "New Table" page -> "VIRTUAL" attribute is lost when adding a new column
  - issue #17446 Fix missing option for STORED virtual column on MySQL and PERSISTENT is not supported on MySQL
  - issue #17446 Lower the check for virtual columns to MySQL>=5.7.6 nothing is supported on 5.7.5
  - issue        Fix column names option for CSV Export
  - issue #17177 Fix preview SQL when reordering columns doesn't work on move columns
  - issue #15887 Fixed DROP TABLE errors ignored on multi table select for DROP
  - issue #17944 Fix unable to create a view from tree view button
  - issue #17927 Fix key navigation between select inputs (drop an old Firefox workaround)
  - issue #17967 Fix missing icon for collapse all button
  - issue #18006 Fixed UUID columns can't be moved
  - issue        Add `spellcheck="false"` to all password fields and some text fields to avoid spell-jacking data leaks
  - issue        Remove non working "Analyze Explain at" button (MariaDB stopped this service)
  - issue #17229 Add support for Web Authentication API because Chrome removed support for the U2F API
  - issue #18019 Fix "Call to a member function fetchAssoc() on bool" with SQL mode ONLY_FULL_GROUP_BY on monitor search logs
  - issue        Add back UUID and UUID_SHORT to functions on MySQL and all MariaDB versions
  - issue #17398 Fix clicking on JSON columns triggers update query
  - issue        Fix silent JSON parse error on upload progress
  - issue #17833 Fix "Add Parameter" button not working for Add Routine Screen
  - issue #17365 Fixed "Uncaught Error: regexp too big" on server status variables page
- Rebase phpMyAdmin-config.patch.
* Thu May 12 2022 ecsos <>
- Update to 5.2.0
  * Bugfix
  - issue #16521 Upgrade Bootstrap to version 5
  - issue #16521 Drop support for Internet Explorer and others
  - issue        Upgrade to shapefile 3
  - issue #16555 Bump minimum PHP version to 7.2
  - issue        Remove the phpseclib dependency
  - issue        Upgrade Symfony components to version 5.2
  - issue        Upgrade to Motranslator 4
  - issue #16005 Improve the performance of the Export logic
  - issue #16829 Add NOT LIKE %...% operator to Table search
  - issue #16845 Fixed some links not passing through url.php
  - issue #16382 Remove apc upload progress method (all upload progress code was removed from the PHP extension)
  - issue #16974 Replace zxcvbn by zxcvbn-ts
  - issue #15691 Disable the last column checkbox in the column list dropdown instead of not allowing un-check
  - issue #16138 Ignore the length of integer types and show a warning on MySQL >= 8.0.18
  - issue        Add support for the Mroonga engine
  - issue        Double click column name to directly copy to clipboard
  - issue #16425 Add DELETE FROM table on table operations page
  - issue #16482 Add a select all link for table-specific privileges
  - issue #14276 Add support for account locking
  - issue #17143 Use composer/ca-bundle to manage the CA cert file
  - issue #17143 Require the openssl PHP extension
  - issue #17171 Remove the printview.css file from themes
  - issue #17203 Redesign the export and the import pages
  - issue #16197 Replace the master/slave terminology
  - issue #17257 Replace libraries/vendor_config.php constants with an array
  - issue        Add the Bootstrap theme
  - issue #17499 Remove stickyfilljs JavaScript dependency
- Rebase phpMyAdmin-config.patch.
* Fri Feb 11 2022 ecsos <>
- Update to 5.1.3
  This is a security and bufix release.
  * Security
  - Fix for boo#1197036 (CVE-2022-0813)
  - Fix for path disclosure under certain server configurations
    (if display_errors is on, for instance)
  * Bugfix
  - issue #17308 Fix broken pagination links in the navigation sidebar
  - issue #17331 Fix MariaDB has no support for system variable "disabled_storage_engines"
  - issue #17315 Fix unsupported operand types in Results.php when running "SHOW PROCESSLIST" SQL query
  - issue #17288 Fixed importing browser settings question box after login when having no pmadb
  - issue #17288 Fix "First day of calendar" user override has no effect
  - issue #17239 Fixed repeating headers are not working
  - issue #17298 Fixed import of email-adresses or links from ODS results in empty contents
  - issue #17344 Fixed a type error on ODS import with non string values
  - issue #17239 Fixed header row show/hide columns buttons on each line after hover are shown on each row
Version: 4.9.11-bp153.2.6.1
* Thu Dec 10 2020 Arjen de Korte <>
- Use system apache rpm macros
* Fri Oct 16 2020 Andreas Stieger <>
- phpMyAdmin 4.9.7:
  * Fix two factor authentication that was broken in 4.9.6
  * Fix incompatibilities with older PHP versions
* Sat May 02 2020 Arjen de Korte <>
- Don't expand @FQDN@ from /etc/HOSTNAME (this used to set
  $cfg['PmaAbsoluteUri'] parameter, but this variable is no longer
  in the config.sample.ini file)
* Thu Apr 23 2020 Dominique Leuenberger <>
- Drop python-devel BuildRequires: python2 is EOL and this seems
- Drop xz BuildRequires: OBS takes care of unpacking the tarball.
Version: 4.9.11-61.1
* Tue May 23 2023
- Update to 4.9.11
  This is a security and bugfix release.
  * Fix for boo#1208186 (CVE-2023-25727, PMASA-2023-1, CWE-661)
    XSS vulnerability in drag-and-drop upload
  - An XSS vulnerability has been discovered where an authenticated
    user can trigger an XSS attack by uploading a specially-crafted
    .sql file through the drag-and-drop interface.
* Wed Jul 13 2022
- update changes file
  * fix missing bugzilla information
* Thu Dec 10 2020
- Use system apache rpm macros
* Fri Oct 16 2020
- phpMyAdmin 4.9.7:
  * Fix two factor authentication that was broken in 4.9.6
  * Fix incompatibilities with older PHP versions
* Sun May 03 2020
- fix for boo#1170743
  phpMyAdmin installation wipes it's sysconfig apache_server_flag entry
* Sat May 02 2020
- Don't expand @FQDN@ from /etc/HOSTNAME (this used to set
  $cfg['PmaAbsoluteUri'] parameter, but this variable is no longer
  in the config.sample.ini file)
* Thu Apr 23 2020
- Drop python-devel BuildRequires: python2 is EOL and this seems
- Drop xz BuildRequires: OBS takes care of unpacking the tarball.
* Tue Jan 21 2020
- fix for boo#1092345
  * change ap_docroot from /srv/www/htdocs to /usr/share
    work is based on changes provided by
    if phpMyAdmin.conf for apache was changed by local admin, we will
    create a backup and replace the original file with the new version
    sorry admins, but you need to apply your changes again
  * needed Alias /phpMyAdmin is an enabled APACHE_SERVER_FLAGS default
    for more info have a look into /etc/apache2/conf.d/phpMyAdmin.conf
- cleanup tmp/twig on
  * uninstall
  * ap_docroot change
Version: 5.1.1-bp154.1.31
* Sat Jun 05 2021 ecsos <>
- Update to 5.1.1
  - Fixes for several PHP errors
  - Fixes for "$cfg['DefaultTabDatabase']" and other related configuration directives not working properly
  - Fix Yaml export to quote strings even when they are numeric
  - Fix TCPDF open_basedir issue due to internal guessing code from TCPDF
  - Fix for quick search not working when using more than one configured server
    Fix datetime decimals displayed (.00000) after edit
  - Fix new lines in text fields are doubled
  - Fixed URL generation by removing un-needed &amp; escaping for & char
  - Improvements for working with PHP 8.1
  - Improved handling of adding a new user with the Percona database server
  For a detail changelog see:
* Fri Feb 26 2021 ecsos <>
- Update to 5.1.0
  - issue #15350 Change Media (MIME) type references to Media type
  - issue #15377 Add a request router
  - issue        Automatically focus input in the two-factor authentication window
  - issue #15509 Replace gender-specific pronouns with gender-neutral pronouns
  - issue #15491 Improve complexity of generated passwords
  - issue #14909 Add a configuration option to define the 1st day of week
  - issue #12726 Made user names clickable in user accounts overview
  - issue #15729 Improve virtuality dropdown for MariaDB > 10.1
  - issue #15312 Added an option to perform ALTER ONLINE (ALGORITHM=INPLACE)
    when editing a table structure
  - issue        Added missing 'IF EXISTS' to 'DROP EVENT' when exporting databases
  - issue #15232 Improve the padding in query result tool links
  - issue #15064 Support exporting raw SQL queries
  - issue #15555 Added ip2long transformation
  - issue #15194 Fixed horizontal scroll on structure edit page
  - issue #14820 Move table hide buttons in navigation to avoid hiding a table by mistake
  - issue #14947 Use correct MySQL version if the version is 8.0 or above for documentation links
  - issue #15790 Use "MariaDB Documentation" instead of "MySQL Documentation" on a MariaDB server
  - issue #15880 Change "Show Query" link to a button
  - issue #13371 Automatically toggle the radio button to "Create a page and save it" on Designer
  - issue #12969 Tap and hold will not dismiss the error box anymore, you can now copy the error
  - issue #15582 Don't disable "Empty" table button after clicking it
  - issue #15662 Stay on the structure page after editing/adding/dropping indexes
  - issue #15663 show structure after adding a column
  - issue #16005 Remove symfony/yaml dependency
  - issue #16005 Improve performance of dependency injection system by removing yaml parsing
  - issue #15447 Disable phpMyAdmin storage database checkbox on databases list
  - issue #16001 Add autocomplete attributes on login form
  - issue #13519 Add "Preview SQL" option on Index dialog box when creating a new table
  - issue #15954 Fixed export maximal length of created query input is too small
  - issue        Redesign the server status advisor page
  - issue #13124 Use same height for SQL query textarea and Columns select in SQL page
  - issue #16005 Add a new vendor constant "CACHE_DIR" that defaults
    to "libraries/cache/" and store routing cache into this folder
  - issue #16005 Warm-up the routing cache before building the release
  - issue #16005 Use --optimize-autoloader when installing composer vendors before building the release
  - issue #15992 Add back the table name to the printable version on "Structure" page
  - issue #14815 Allow simplifying exported view syntax to only "CREATE VIEW"
  - issue #15496 Add $cfg['CaptchaSiteVerifyURL'] for Google ReCaptcha siteVerifyUrl
  - issue #14772 Add the password_hash PHP function as an option when inserting data
  - issue #15136 Add a notice for Hex converter giving invalid results
  - issue #16139 Use a textarea for JSON columns
  - issue #16223 Make JSON input transformation editor less narrow
  - issue #14340 Add a button on Export Page to show the SQL Query
  - issue #16304 Add support for INET6 column type
  - issue #16337 Fix example insert/update query default values
  - issue #12961 Remove indexes from table relation
  - issue #13557 Use a full list of functions instead of a separated one on insert/edit page "Function" selector
  - issue #14795 Include routines in the export in a predictable order
  - issue #16227 Fixed autocomplete is not working in case the table name is quoted by "`" symbols
  - issue #15463 Force BINARY comparison when looking at privileges to avoid an SQL error on privileges tab
  - issue #16430 Fixed Windows error message uses trailing / instead of \
  - issue #16316 Added support for "SameSite=Strict" on cookies using configuration "$cfg['CookieSameSite']"
  - issue #16451 Fixed AWS RDS IAM authentication doesn't work because pma_password is truncated
  - issue #16451 Show an error message when the security limit is
    reached instead of silently trimming the password to avoid confusion
  - issue #15001 Add back Login Cookie Validity setting to the features form
  - issue #16457 Add config parameters to support third-party ReCaptcha v2 compatible APIs like hCaptcha
  - issue #13077 Moved tools section to left on large devices (Bootstrap xl)
  - issue #15711 Moved some buttons to left on large devices (Bootstrap xl)
  - issue #15584 Add $cfg['MysqlSslWarningSafeHosts'] to set the red text black when ssl is not used on a private network
  - issue #15652 Replace deprecated FOUND_ROWS() function call on "distinct values" feature
  - issue        Export blobs as hex on JSON export
  - issue #16095 Fix leading space not shown in a CHAR column when browsing a table
  - issue        Make procedures/functions SQL editor both side scrollable
  - issue #16407 Bump pragmarx/google2fa conflict to >8.0
  - issue #14953 Added a rename Button to use RENAME INDEX syntax of MySQL 5.7 (and MariaDB >= 10.5.2)
  - issue #16477 Fixed no Option to enter TABLE specific permissions when the database name contains an "_" (underscore)
  - issue #16498 Fixed empty text not appearing after deleting all Routines
  - issue #16467 Fixed a PHP notice "Trying to access array offset on value of type null" on Designer PDF export
  - issue #15658 Fixed saving UI displayed columns on a non database request fails
  - issue #16495 Fix drop tables checkbox is above the checkbox for foreign keys
  - issue #16485 Fix visual query builder missing "Build Query" button
  - issue #16565 Added 'IF EXISTS' to 'DROP EVENT' when updating events to avoid replication issues
  - issue        Removed metro fonts that where Apache-2.0 files that are incompatible with GPL-2.0
  - issue #16464 Made the relation view default to the current database when creating relations
  - issue #16463 Fixed 'REFERENCES' privilege checkbox's title on new MySQL versions and on MariaDB
  - issue #16405 Added jest as a Unit Testing tool for our javascript code
  - issue #16252 Fixed the too small font size when editing rows (textareas)
  - issue #16585 Fixed BLOB to JPG transformation PHP errors
  - issue        Made the console setup async to avoid blocking the page render
  - issue #16429 Use PHP 8.0 fixed version (commit) for TCPDF
  - issue #16005 Major performance improvements on browsing a lot of rows
  - issue #16595 Fixed editing columns having a `_` in their name in specific conditions
  - issue #16608 Fix "Sort by key" restore auto saved value
  - issue #16611 Fixed unable to add tables to rename aliases twice on Export
  - issue #16621 Fixed link HTML messed up in Advisor
  - issue #16622 Fixed Advisor formatting incorrect for long_query_time notice
  - issue #15389 Fixed reset current page indicator after deleting all rows to current page and not page 1
  - issue #15997 Fixed auto save query
  - issue #15997 Made auto saved query database or database+table independent
  - issue #16641 Fixed query generation that was allowing JSON to have a length
  - issue #15994 Fixed the selected value detection for "on update current_timestamp"
  - issue #16614 Fixed PHP 8.0 dataseek offset call to the MySQLI extension
  - issue #16662 Fixed Uncaught TypeError on "delete" button click of a database search results page
  - issue        Fixed Undefined index: selected_usr when the user tried to delete no selected user
  - issue #16657 Fixed the QBE interface when the configuration storage is not enabled
  - issue #16479 Fix our Selenium test-suite
  - issue #16669 Fixed table search modal for BETWEEN
  - issue #16667 Fixed LIKE and TINYINT in search not working properly
  - issue #16424 Fixed numerical search in table and zoom
  - issue        Improve the version handling (new Version class) and add a VERSION_SUFFIX for vendors
  - issue #14494 Fix uncaught TypeError when editing partitioning
  - issue #16525 Fix PHP 8.0 failing tests when comparing 0 to ''
  - issue #16429 Fixed PHP 8.0 errors on preg_replace and operand types
  - issue #16490 Fixed PHP 8.0 function libxml_disable_entity_loader() is deprecated
  - issue #16429 Fixed failing unit tests on PHP 8.0
  - issue #16609 Fixed Sql.rearrangeStickyColumns is not a function
- Rebase phpMyAdmin-config.patch.
* Tue Dec 22 2020 Arjen de Korte <>
- Use coreutils to generate blowfish secret to reduce dependencies
* Tue Dec 15 2020 Arjen de Korte <>
- Attempt to migrate modified configuration file rather than just
  replacing it by default configuration
* Tue Dec 15 2020 Arjen de Korte <>
- The apache subpackage must require the main package, otherwise it
  will not be uninstalled when the main package is uninstalled
* Sun Dec 13 2020 Arjen de Korte <>
- Generate blowfish secret and enable Apache modules/flags only on
- Only empty temporary directory on upgrade/uninstall (not remove)
  to prevent RPM warnings/errors
- Don't empty directories not owned by this package (these should
  have been cleaned up by previous versions that owned them)
* Sun Dec 13 2020 Arjen de Korte <>
- Use %apache_request_restart/%apache_restart_if_needed macros to restart
  apache in order to prevent unneccessary restarts
* Fri Dec 11 2020 Arjen de Korte <>
- Package language files in separately
* Fri Dec 11 2020 Arjen de Korte <>
- Put Apache configuration files in separate subpackage
- Generate blowfish secret with openssl on non-openSUSE systems as
  pwgen is not available
* Mon Nov 09 2020 ecsos <>
- Update to 5.0.4
  - issue #16245 Fix failed Zoom search clears existing values
  - issue        Fixed a PHP error when reporting a particular JS error
  - issue #16326 Fixed latitude and longitude swap for geometries in edit mode
  - issue #16032 Fix CREATE TABLE not being tracked when auto tracking is enabled
  - issue #16397 Fix compatibility problems with older PHP versions (also issue #16399)
  - issue #16396 Fix broken two-factor authentication
- Changes from 5.0.3
- Changes from 5.0.2
- Changes from 5.0.1
- Changes from 5.0.0
- Set php >= 7.4 as recommends because:
  Due to changes in the MySQL authentication method, PHP versions
  prior to 7.4 are unable to authenticate to a MySQL 8.0 or newer
  server (our tests show the problem actually began with MySQL 8.0.11).
  This relates to a PHP bug
- Remove Suggests: php-mcrypt as described in boo#1050980
- Change tmpdir from ap_docroot/tmp to localstatedir/cache/phpMyAdmin.
Version: 4.9.8-bp151.3.27.1
* Sat Jan 22 2022 ecsos <>
- Update to 5.1.2
  This is a security and bufix release.
  * Security
  - Fix boo#1195017 (CVE-2022-23807, PMASA-2022-1, CWE-661)
    Two factor authentication bypass
  - Fix boo#1195018 (CVE-2022-23808, PMASA-2022-2, CWE-661)
    Multiple XSS and HTML injection attacks in setup script
  * Bugfixes
  - Revert a changed to $cfg['CharTextareaRows'] allow values
    less than 7
  - Fix encoding of enum and set values on edit value
  - Fixed possible "Undefined index: clause_is_unique" error
  - Fixed some situations where a user is logged out when working
    with more than one server
  - Fixed a problem with assigning privileges to a user using the
    multiselect list when the database name has an underscore
  - Enable cookie parameter "SameSite" when the PHP version
    is 7.3 or newer
  - Correctly handle the removal of "innodb_file_format" in
    MariaDB and MySQL
Version: 4.9.8-55.1
* Sat Jan 22 2022
- Update to 4.9.8
  This is a security and bugfix release.
  * Fix boo#1195017 (CVE-2022-23807, PMASA-2022-1, CWE-661)
    Two factor authentication bypass
  * Add a new configuration directive $cfg['URLQueryEncryption'] to
    allow encrypting sensitive information in the URL to prevent
    disclosure. Thanks to Rich Grimes  for suggesting this
  * Add a new configuration directive
    $cfg['Servers'][$i]['hide_connection_errors'] to allow hiding
    the full error message when a log on attempt fails, which can
    leak hostnames or IP addresses of the target database server.
Version: 4.9.7-bp150.43.1
* Sun Oct 18 2020 Andreas Stieger <>
- phpMyAdmin 4.9.7 (boo#1177842):
  * Fix two factor authentication that was broken in 4.9.6
  * Fix incompatibilities with older PHP versions
Version: 4.9.7-49.1
* Sun Oct 18 2020
- phpMyAdmin 4.9.7 (boo#1177842):
  * Fix two factor authentication that was broken in 4.9.6
  * Fix incompatibilities with older PHP versions
Version: 4.9.6-bp151.3.18.1
* Mon Oct 12 2020 ecsos <>
- Update to 4.9.6
    This is a security release.
- Fix boo#1177561 (CVE-2020-26934, PMASA-2020-5) XSS relating to
  the transformation feature
- Fix boo#1177562 (CVE-2020-26935, PMASA-2020-6) SQL injection
  vulnerability in SearchController
Version: 4.9.6-46.1
* Mon Oct 12 2020
- Update to 4.9.6
  This is a security release.
- Fix boo#1177561 (CVE-2020-26934, PMASA-2020-5) XSS relating to
  the transformation feature
- Fix boo#1177562 (CVE-2020-26935, PMASA-2020-6) SQL injection
  vulnerability in SearchController
Version: 4.9.5-43.1
* Mon Mar 23 2020
- Update to 4.9.5
  This is a security release containing several bug fixes.
  * CVE-2020-10804: SQL injection vulnerability in the user
    accounts page, particularly when changing a password
    (boo#1167335, PMASA-2020-2)
  * CVE-2020-10802: SQL injection vulnerability relating to the
    search feature (boo#1167336, PMASA-2020-3)
  * CVE-2020-10803: SQL injection and XSS having to do with
    displaying results (boo#1167337, PMASA-2020-4)
  * Removing of the "options" field for the external
Version: 4.9.4-40.1
* Wed Jan 08 2020
- update to 4.9.4 (2020-01-07)
- fix for boo#1160456
  * PMASA-2020-1 (CVE-2020-5504, CWE-661)
  - SQL injection in user accounts page
- fix changes about corresponding PMASA
* Mon Dec 30 2019
- phpMyAdmin 4.9.3
  * Several PHP notices and warnings including "Undefined index
    table_create_time," a notice about error_reporting() being
    disabled for security reasons, and several Undefined Index
  * Support CloudFront-Forwarded-Proto header for Amazon CloudFront
  * Early compatibility with development versions of PHP 8
  * Fix replication actions (start, stop, etc)
Version: 4.9.2-bp150.37.1
* Sat Nov 23 2019 Andreas Stieger <>
- phpMyAdmin 4.9.2:
  * CVE-2019-18622: SQL injection in Designer feature (PMASA-2019-5, boo#1157614)
  * Fixes for "Failed to set session cookie" error
  * Advisor with MySQL 8.0.3 and newer
  * Fix PHP deprecation errors
  * Fix a situation where exporting users after a delete query could
    remove users
  * Fix incorrect "You do not have privileges to manipulate with the
    users!" warning
  * Fix copying a database's privileges and several other problems
    moving columns with MariaDB
  * Fix for phpMyAdmin not selecting all the values when using
    shift-click to select during Export
Version: 4.9.2-37.1
* Sat Nov 23 2019
- phpMyAdmin 4.9.2:
  * CVE-2019-18622: SQL injection in Designer feature (PMASA-2019-5, boo#1157614)
  * Fixes for "Failed to set session cookie" error
  * Advisor with MySQL 8.0.3 and newer
  * Fix PHP deprecation errors
  * Fix a situation where exporting users after a delete query could
    remove users
  * Fix incorrect "You do not have privileges to manipulate with the
    users!" warning
  * Fix copying a database's privileges and several other problems
    moving columns with MariaDB
  * Fix for phpMyAdmin not selecting all the values when using
    shift-click to select during Export
Version: 4.9.11-58.1
* Mon Feb 13 2023
- Update to 4.9.11:
  * Fix an XSS attack through the drag-and-drop upload feature
    (PMASA-2023-01, CWE-661, boo#1208186, CVE-2023-25727)
  * Fix broken pagination links in the navigation sidebar
  * Fix syntax error for PHP 5
  * Fix hide_connection_errors being undefined when a controluser is set
* Wed Apr 11 2018
- fix wrong require /usr/bin/bash to /bin/bash so phpMyAdmin could
- insert missing templates dir in htaccess
- create tmp dir and insert this in htaccess to fix the errormessage
  after login
Version: 4.9.1-bp150.34.1
* Sat Sep 21 2019 Andreas Stieger <>
- phpMyAdmin 4.9.1:
  * CVE-2019-12922: hardening against CSRF (no PMASA, boo#1150914)
  * Editing columns with CURRENT_TIMESTAMP for MySQL versions 8.0.13
    and newer
  * Compatibility issues with PHP 8
  * Export of GIS visualization
  * Enhanced descriptions for several collation types
  * Creating a user with a single quote in the password string
  * Unexpected quotes during import and export on text fields
  * Improvements to adding new tables to Designer
  * Fix an issue where an authenticated user could trigger heavy
    traffic between the database server and web server
  * Fix a weakness where an attacker, under certain conditions,
    working at the same time as an administrator is using the setup
    script, could delete a server from the setup script
Version: 4.9.1-34.1
* Sat Sep 21 2019
- phpMyAdmin 4.9.1:
  * CVE-2019-12922: hardening against CSRF (no PMASA, boo#1150914)
  * Editing columns with CURRENT_TIMESTAMP for MySQL versions 8.0.13
    and newer
  * Compatibility issues with PHP 8
  * Export of GIS visualization
  * Enhanced descriptions for several collation types
  * Creating a user with a single quote in the password string
  * Unexpected quotes during import and export on text fields
  * Improvements to adding new tables to Designer
  * Fix an issue where an authenticated user could trigger heavy
    traffic between the database server and web server
  * Fix a weakness where an attacker, under certain conditions,
    working at the same time as an administrator is using the setup
    script, could delete a server from the setup script
* Sun Jun 30 2019
- fix changelog
  * add missing boo# with relation to CVE and PMASA
- rebase phpMyAdmin-config.patch
* Wed Jun 05 2019
- phpMyAdmin
  * Several issues with SYSTEM VERSIONING tables
  * Fixed json encode error in export
  * Fixed JavaScript events not activating on input
    (sql bookmark issue)
  * Show Designer combo boxes when adding a constraint
  * Fix edit view
  * Fixed invalid default value for bit field
  * Fix several errors relating to GIS data types
  * Fixed javascript error PMA_messages is not defined
  * Fixed import XML data with leading zeros
  * Fixed php notice, added support for 'DELETE HISTORY' table
    privilege (MariaDB >= 10.3.4)
  * Fixed MySQL 8.0.0 issues with GIS display
  * Fixed "Server charset" in "Database server" tab showing wrong
  * Fixed can not copy user on Percona Server 5.7
  * Updated sql-parser to version 4.3.2, which fixes several
    parsing and linting problems
- fix for boo#1137497
  * PMASA-2019-4 (CVE-2019-12616, CWE-661)
  - CSRF vulnerability in login form
- fix for boo#1137496
  * PMASA-2019-3 (CVE-2019-11768, CWE-661)
  - SQL injection in Designer feature
Version: 4.8.5-35.1
* Fri Feb 01 2019
- phpMyAdmin 4.8.5:
  * CVE-2019-6799: Arbitrary file read vulnerability (PMASA-2019-1,
  * CVE-2019-6798: SQL injection in the Designer interface
    PMASA-2019-2, bsc#1123271)
  * Fix rxport to SQL format not available
  * Fix QR code not shown when adding two-factor authentication to
    a user account
  * Fix issue with adding a new user in MySQL 8.0.11 and newer
  * Fix frozen interface relating to Text_Plain_Sql plugin
  * Fix missing table level operations tab
Version: 4.8.4-32.1
* Wed Dec 12 2018
- update to 4.8.4 (2018-12-11)
  - gh#14452 Remove hash param in edit query URL
  - gh#14295 Issue in Changing theme
  - gh#13267 Ensure that database names with '.' are handled
    properly when DisableIS is true
  - gh#14438 Invisible Icon "Show Full Queries"
  - gh#14133 CSS issue in Designer
  - gh#14447 Error while copying database (pma__column_info)
  - gh#14571 "No database selected" - DROP a view
  - gh#14636 Move operation causes SELECT * FROM `undefined`
  - gh#14630 Enum '0' produces incorrect search SQL
  - gh#14223 Fix TypeError in database designer
  - gh#13621 QBE selenium tests broken since merge of #13342
  - gh#14672 When logging with $cfg['AuthLog'] to syslog,
    successful login messages were not logged even if
    $cfg['AuthLogSuccess'] was true.
  - gh#14339 Fix infinite loop when sorting table rows by key.
  - gh#14658 Regression on multi table query functionality
    (foreign keys)
  - gh#14617 Fix designer errors when database is empty
  - gh#13032 Fix designer errors when database contains special
  - gh#14352 Fix designer javascript errors
  - gh#14764 Fix left/right icons hidden
- fix for boo#1119245
  - PMASA-2018-6 (CVE-2018-19968, CWE-661)
  - PMASA-2018-7 (CVE-2018-19969, CWE-661)
  - PMASA-2018-8 (CVE-2018-19970, CWE-661)
Version: 4.8.3-29.1
* Thu Aug 23 2018
- update to 4.8.3 (2018-08-22)
  - gh#14314 Error when naming a database '0'
  - gh#14333 Fix NULL as default not shown
  - gh#14229 Fixes issue with recent table list
  - gh#14045 Fix slow performance on DB structure filtering
  - gh#14327 Fix Editing server variable not showing save or cancel
  - gh#14377 Populate options for view create and edit
  - gh#14171 2FA configuration fails if PHP doesn't have GD support
  - gh#14390 Can't unhide tables
  - gh#14382 "Visualize GIS data" icon missing
  - gh#14435 Event scheduler status toggle doesn't work
  - gh#14365 View not working on multiple servers
  - gh#14207 Partition actions in table structure do not work
  - gh#14375 Fixes ERR_BLOCKED_BY_XSS_AUDITOR on export table
  - gh#14552 Blank message shown instead of MySQL error when adding
    trigger and other locations
  - gh#14525 Fix PHP 7.3 warning: "continue" in "switch" is equal
    to "break"
  - gh#14554 Icon missing when creating a new trigger, routine,
    and event
  - gh#14422 Table comment not showing since 4.8.1
  - gh#14426 Drop table doesn't work when you copy tables to
    another database
  - gh#14581 Escaped HTML in 'Add a new server' setup
  - gh#14548 [security] HTML injection in import warning messages,
    see PMASA-2018-5
- fix for boo#1105726
  - PMASA-2018-5 (CVE-2018-15605, CWE-661)
Version: 4.8.2-26.1
* Tue Jul 31 2018
- fix for boo#1103305
  * add missing dependency for php-ctype
Version: 4.8.2-23.1
* Fri Jun 22 2018
- update to 4.8.2 (2018-06-21)
  * issue #14370 WHERE 0 causes Fatal error
  * issue #14225 Fix missing index icon
- fix for boo#1098752
  * PMASA-2018-3 (CVE-2018-12581, CWE-661)
  - XSS in Designer feature
- fix for boo#1098751
  * PMASA-2018-4 (CVE-2018-12613, CWE-661)
  - File inclusion and remote code execution attack
- some minor changelog fixes about security fix entries
* Sat May 26 2018
- update to 4.8.1 (2018-05-25)
  * gh#12772 Fix case where the central columns attributes don't
    get filled in
  * gh#14049 Fix case where the query builder doesn't work when
    selected column is *
  * gh#14029 Revert "Browse" table CSS overflow
  * gh#14241 Dropping indexes and foreign keys fail
  * gh#14227 Relational linking broken
  * gh#14246 Fixed error in configuration storage zero config
  * gh#14128 Show 2FA Secret next to QR code
  * gh#14212 XML Export from single table throws fatal error
  * gh#14239 Line and some other charts ignore result set order of
    values chosen for the x-axis
  * gh#14260 Fixed configuration for DefaultLang and Lang
  * gh#14264 Linking for 'Distinct values' broken
  * gh#13968 Fix MariaDB 10.2 current_timestamp()
  * gh#14249 Fix for missing go button in view edit
  * gh#14125 Fix for issues with spatial fields
  * gh#14189 Remember table's sorting broken
  * gh#14289 Fix multi-column sorting
  * gh#14278 Fix central columns in-line edit bug
  * gh#14066 Fix AUTO_INCREMENT error when only exporting table
    structure in database-level exports
  * gh#13893 Simulating queries produces unexpected results
  * gh#14309 Setup script icons missing
* Fri Apr 20 2018
- update to (2018-04-19)
- fix for boo#1090309
  * PMASA-2018-2 (CVE-2018-10188, CWE-661)
  - Multiple CSRF vulnerabilities
* Wed Apr 11 2018
- fix wrong require /usr/bin/bash to /bin/bash so phpMyAdmin could
- insert missing templates dir in htaccess
- create tmp dir and insert this in htaccess to fix the errormessage
  after login
* Wed Apr 11 2018
- spec clean up
  * Let rpm find the library dependencies by itself. Remove
    unneeded explicit Requires: tags (php-zlib)
  * Remove logic for obsolete openSUSE releases
  * Ignore pem-certificate rpmlint warning (see
  * Remove hidden .github, .php_cs.dist, .scrutinizer.yml and
  * Remove php_twig.h and twig.c (devel)
  * Set proper shebang for bash and php scripts
  * Make phpmyadmin/sql-parser/bin/*-query and
    paragonie/random_compat/*.sh executable
* Wed Apr 11 2018
- update to 4.8.0 (2018-04-07)
  * gh#12946 Allow to export JSON with unescaped unicode chars
  * gh#12983 Disable login button without solved reCaptcha
  * gh#12315 Allow to remove individual segments from pie charts
  * gh       Change label from "Improve table structure" to
  "Normalize" to match standard terminology
  * gh#13087 Offer login as different user on access denied from
  * gh#13110 Indicate when HTTPS is not properly reported on the
  * gh#13119 No database selected error when adding foreign key
  * gh#12388 Improved database search to allow search for exact
  phrase match
  * gh#13099 Report error when trying to copy database to same
  * gh#13167 Themes now have to contain metadata in theme.json
  * gh#6363  phpMyAdmin no longer requires eval() in PHP
  * gh#12386 The mbstring dependency is now optional
  * gh#13269 Small refactoring in preparation to CSP
  * gh#13384 Database link broken in Databases Page
  * gh#13391 Configurable authentication logging using
  * gh#13086 Add support for Google Invisible Captcha
  * gh#13058 Improved error reporting for reCAPTCHA
  * gh#12899 Improved rendering of server variables table
  * gh#12948 Fixed javascript editor for TIME values
  * gh#13095 Fixed alignment of foreign keys editing
  * gh#12944 Improved inline editor for JSON
  * gh#13145 Improved layout of operations pages
  * gh#13448 Add "format" query button in edit view form
  * gh#6241  Implement Responsive Design/mobile interface
  * gh       Use a single location for classes under PhpMyAdmin
  * gh#12354 Indicate SSL status on main page
  * gh#5666  Configuration directives for defaults of Transformation
  * gh#12261 Remove inline JavaScript
  * gh#13408 Show MySQL warnings when executing SQL queries
  * gh#5827  Allow Designer to show tables from other databases
  * gh#13268 Replace Query-By-Example with multi-table query
  generator interface
  * gh#13576 Add privileges export to per-database listing
  * gh       Consolidate functions into class files
  * gh#13560 Add support for changing collation for all tables and
  columns in database
  * gh#13303 Add support for creating fulltext index from table
  * gh#13711 Lower default value for $cfg['MaxExactCount']
  * gh#13722 DisableIS is not fully honored
  * gh#6197  Added support for authentication using U2F and 2FA
  * gh#13480 Avoid removing cookies on upgrade
  * gh#13397 Remember state of navigation panel
  * gh#11688 Reduced cookie usage
  * gh#13466 Better utilization of user preferences
  * gh#14042 Rename PMD to Designer
  * gh#13940 Honor arg_separator in AJAX requests
  * gh#14060 Can't edit rows in Internet Explorer
  * gh#14096 Internet Explorer compatibility; fixes JavaScript error
  Object doesn't support property or method 'startsWith'
* Tue Mar 06 2018
- update to 4.7.9 (2018-03-05)
  * gh#13931 Fixed browsing tables with more results
  * gh#13927 "Not an integer" when browsing a table
  * gh#13887 "Input variables exceeded 1000" error relating
    to PHP's max_input_vars directive
Version: 4.7.8-17.1
* Thu Feb 22 2018
- phpMyAdmin 4.7.8:
  * Fixed error handling with PHP 7.2
  * Fixed resetting default setting values
  * Fixed fallback value for collation connection
- fix for boo#1082188
  * PMASA-2018-1 (CVE-2018-7260, CWE-661)
  - Fix XSS in Central Columns Feature
Version: 4.7.7-14.1
* Mon Dec 25 2017
- phpMyAdmin 4.7.7:
  * Fixed displaying of formatted numeric values for some locales
  * Ensure datetimepicker is always loaded for datetime fields
  * Fixed PHP error when browsing certain results
  * Fix XSRF/CSRF vulnerability (bsc#1074066, PMASA-2017-09)
* Sat Dec 02 2017
- update to 4.7.6 (2017-11-29)
  * gh#13517 Fixed check all interaction with filtering
  * gh#13803 Add SJIS-win to default list of allowed charsets
  * gh#13436 Improve detection that MySQL server needs SSL connection
  * gh#13038 Support JSON datatype on MariaDB 10.2.7 and newer
  * gh#13824 Fixed constructing ALTER query with AFTER
  * gh#13821 Lock page when changes are done in the SQL editor
  * gh#13842 Prefer iconv for encoding conversions
  * gh#13737 Fixed changing password on MariaDB cluster
Version: 4.7.5-11.1
* Sun Nov 26 2017
- fix for boo#1057661
  * no longer require php_mod_any (recommend it instead)
  * only enable php5 / php7 if running Apache prefork MPM
- fix %post
  * use sed instead of grep/awk to determine PHP version
* Tue Oct 24 2017
- update to 4.7.5 (2017-10-23)
  * gh#13615 Avoid problems with browsing unknown query types
  * gh#13612 Integrate tooltip into datetime pickers
  * gh#13628 Fixed javascript error in server monitor
  * gh#13444 Fixed server monitor on non Linux and Windows systems
  * gh#13633 Reload javscript messages when changing language
  * gh#13604 Fixed crash on invalid ordering data
  * gh#13639 Fixed error when browsing non SELECT results
  * gh#13533 Fixed saving column to display
  * gh#13647 Fixed export of tables with VIRTUAL columns
  * gh#13669 Fixed selecting multiple rows accidentally selects
    the next row too
  * gh#13513 Fixed edit index Column alignment issue
  * gh#13515 Fixed rendering of add index dialog
  * gh#13710 Fixed possible error in server advisor
  * gh#13477 Fixed setting input transformations
  * gh#13552 Fixed IPv4/IPv6 To Binary input transformation
  * gh#13686 Clicking on column name to trigger sort with an active
    search leads to logout
  * gh#13725 Fixed copying tables with specific PARTITION
  * gh#13761 Fixed listing of bookmarks for a database
* Fri Sep 08 2017
- fix recommends
  * php5-curl -> php-curl
  * php5-zip -> php-zip
- fix post step
  * enable correct phpX module
* Fri Aug 25 2017
- update to 4.7.4
  * gh#13415 Remove shadow from the logo
  * gh#13507 Fixed per server theme feature
  * gh#13523 Missing newline in ALTER exports
  * gh#13414 Fixed several compatibility issues with PHP 7.2
  * gh#13550 Fixed copy results to clipboard
  * gh#13562 Add limitation for user group length
  * gh#13561 Fixed edit variable link in advisor
  * gh#13579 Optimize table link should not be visible in print
  * gh#13553 Improved error handling on corrupted tables
  * gh#13512 Fixed rendering of add index dialog
  * gh#13606 Fixed refreshing server variables
* Fri Jul 28 2017
- fix for boo#1050980
  * replace mcrypt with openssl, see
- update changes (update to 4.6.6 (2017-01-23))
  * add missing (CVE-Not yet available) CVE's
* Sat Jul 22 2017
- update to 4.7.3
  * gh#13447 Large multi-line query removes Export operation and
    blanks query box options
  * gh#13445 Fixed rendering of query results
  * gh#13437 Fixed version check when not connected to a database
  * gh#13465 Fixed creating relation
  * gh#13475 Fixed export without backquotes
  * gh#13482 Improved handling of uploaded files with open_basedir
  * gh#13387 Fixed inline editing of hex values
  * gh#13382 Fixed size of index edit dialog
  * gh#13489 Fixed rendering SQL lint errors
  * gh#13468 Avoid breakage if set_time_limit is disabled
  * gh#13471 Fail if ini_set/ini_get are disabled
  * gh#13436 Automatically connect using SSL when server is
    configured so
  * gh#13478 Fixed usage of some browser transformations
Version: 4.7.2-8.1
* Sun Jul 02 2017
- update to 4.7.2 (2017-06-29)
  * gh#13314 Make theme selection keep current server
  * gh#13311 Fixed direct login for accounts without password
  * gh#13316 Fixed check for mbstring.func_overload
  * gh#13323 Fixed wrong encoding of table at triggers
  * gh#12976 Fixed natural sorting in several places
  * gh#12718 Show warning for users removed from mysql.user table
  * gh#13362 Fixed loading additional javascripts
  * gh#13343 Fixed editing QBE
  * gh#13193 Improved documentation on user settings
  * gh#13092 Gracefully handle early fatal errors in AJAX requests
  * gh#13327 Fixed Incorrect NavigationTreeEnableExpansion default
    value in the documentation
  * gh#13008 Fixed export of database with a lot of tables
  * gh#13318 Improved performance when importing with enabled
  * gh#13386 Avoid PHP errors with non existing configuration on
    OS X
  * gh#13388 Show only supported charsets for conversion
  * gh#13392 Fixed operation with session.auto_start enabled
  * gh#13383 "Create PHP code" is broken
  * gh#13189 Fixed links to resume timeouted import
Version: 4.7.1-5.1
* Fri Jun 02 2017
- update to 4.7.1 (2017-05-25)
  * gh#13132 Always execute tracking queries as controluser
  * gh#13125 Focus on SQL editor after inserting field name
  * gh#13133 Fixed broken links in setup
  * gh#13135 Database list Tooltips: Show wrong value
  * gh#13150 Fixed pagination while browsing resuls
  * gh#13149 Fixed outbound links in changelog.php
  * gh#13146 Do not include devel dependencies in the release
  * gh#13144 Do not show New as a database in database dropdown
  * gh#13130 Fixed handling of errors in AJAX requests
  * gh#13152 Fixed PHP error in case of invalid table preferences
  * gh#13154 Fixed PHP error on password change
  * gh#13219 Fix Refresh of Process List
  * gh#13182 Fix refresh of long queries
  * gh#12301 Improved handling of logout with disabled
  * gh#13216 Add support for MySQL 8.0 collations
  * gh#13218 Fixed rendering of phpMyAdmin logos
  * gh#13234 Properly report not working sessions
  * gh#13256 Fixed password check on server replication
  * gh#13252 Fixed grid editing time column
  * gh#13258 Fixed detection of Amazon RDS
  * gh#13241 Redirect user to last page that has any tables to
  * gh#13266 Fix link to User accounts overview page
  * gh#13274 Fix error in query builder
  * gh#13177 Grid editing repeats action after error
Version: 4.7.0-2.1
* Sat Apr 22 2017
- restore phpMyAdmin-pma.patch
  * because it is NOT upstream and needed for configuration storage
- restore previous phpMyAdmin-config.patch
  * merge with upstream config VAR changes
  - removed $cfg['Servers'][$i]['designer_coords']
* Sat Apr 01 2017
- update to 4.7.0 (2017-03-28)
  * gh#12233 [Display] Improve message when renaming database to
    same name
  * gh#6146  Log authentication attempts to syslog
  * gh#11981 Remove support for Swekey authentication
  * gh#11987 Remove code for no longer supported MSIE versions
  * gh#11962 Remove embedded PHP libraries, use composer to install
  * gh#12017 Cannot easily select multiple tables when exporting
  * gh#12047 Add javascript filtering for databases
  * gh#12166 More compact rendering of navigation tree
  * gh#12129 Improve performance with SkipLockedTables
  * gh#12173 Do not hide indexes under a slider
  * Improve performance of zip file import
  * gh#12196 Removed $cfg['ThemePath']
  * gh#6274  Add support for export user settings as
  * gh#5555  Better report query errors while generating SQL exports
  * gh#12307 Produce valid JSON on export
  * gh#12325 Setup script icons broken
  * gh#12378 Support IPv6 proxies
  * Removed MySQL connection retry without password
  * gh#12218 Allow to specify further parameters for control
  * gh#12162 Show charset for each table on Database structure page
  * gh#12463 Incorrect link in the href of icon at Hide/Show unhide
  * gh#12330 Shortcut for closing console
  * gh#12465 Improved handling of http requests
  * gh#12474 Broken links in Setup forms Navigation
  * gh#12494 Can't add a new User
  * gh#12523 Add 'token' Parameter in all POST requests
    (Fix 'Token mismatch' errors)
  * gh#12302 Improved usage of number_format
  * gh#12656 Server selection not working
  * gh#12543 NULL results in dataset are colored grey
  * gh#12664 Create Bookmark broken
  * gh#12688 Use unsigned int for storing bookmark ID
  * gh#12352 Added password strength indicator
  * gh#12713 Correctly handle HTTP status when doing requests
  * gh#12247 Add option to delete settings from browser storage
  * gh#12783 Remove unused PMA_addJSCode function
  * gh#12069 Add table filtering to database structure
  * gh#12799 Allow to configure signon session parameters
  * gh#12854 Drop database is broken
  * gh#12863 Can't toggle Event Scheduler on
  * gh#12742 Finish removing dead code references to xls/xlsx
    import and export, which was removed some time ago.
  * gh#12536 Rename "Relations" to "Relationships" in many places
    as it's the more proper term
  * gh#12834 Fixed margins in central columns feature
  * gh#12903 Document more export configuration options
  * gh#12897 Use consistent numeric format for table overhead
  * gh#12901 Use server returned table name on renaming table
  * gh#12918 Always use \r\n as newline when editing fields
  * gh#12923 Fixed server side search in navigation panel
  * gh#12929 Undefined index warning with ssl_ca_paths
  * gh#12924 Do not show errors from OpenSSL cookie
  * gh#12945 Fixed hint rendering on adding new user
  * gh#12941 Fixed sorting of tables in relation view
  * gh#12936 Fixed tables pagination in navigation panel
  * gh#12904 Do not collapse add form for central columns if there
    are none
  * gh#12955 Fixed database renaming
  * gh#12954 Fixed export of tracking data
  * gh#12960 Enclose exports in transaction by default
  * gh#12966 After adding a column ADD INDEX option won't be
    displayed when enabling AI
  * gh#12972 Better error message when Composer has not been run
  * gh#12988 Do not show language selector without choices
  * gh#12993 Fixed external links to php documentation
  * gh#12990 Fixed error when loading favorite tables to console
  * gh#12981 Improved rendering of new version information
  * gh#12922 Fixed bookmarks ordering
  * gh#12964 Fixed table search in navigation
  * gh#12985 Fixed rendering of foreign key browsing
  * gh#12957 Fixed manipulation with GIS data having zero
  * gh#12804 Fixed various designer javascript errors
  * gh#12934 Fixed possible javascript error on server status page
  * gh#12927 Fixed javascript error on 3NF normalization
  * gh#12996 List all databses in navigation panel database
  * gh#12980 Better defaults when creating multi field foreign key
  * gh#12976 Improved foreign key editor behavior
  * gh#12958 Always show error reporting dialog on top
  * gh#12693 Improved support for TokuDB
  * gh#11231 Try harder to honor LoginCookieValidity setting
  * gh#13016 and #13017 Slight improvements to the table layout of
    Relation view
  * gh#12345 Correctly show affected rows for LOAD DATA queries
  * gh#13010 Copy database: SQL error for copying PMADB metadata
  * gh#13002 Fixed OpenDocument exports
  * gh#13000 Align NULL values according to the column alignment
  * gh#13021 Show phpMyAdmin errors even with error_reporting
    set to 0
  * gh#13020 Removed warning about client and server versions
  * Hide comments on table Structure tab when no comment is set
  * Fixed submission of error reports
  * gh#13033 Use Referrer-Policy header to specify referrer policy
  * Fixed javascript confirmation of dangerous queries
  * gh#13040 Compatibility with hhvm 3.18
  * gh#13031 Fixed displaying of all rows
  * gh#12967 Fixed related field selection for native relations
  * gh#13045 Properly escape MIME transformatoin names
  * gh#13028 Always show 100% in font selector
  * gh#13047 Fix query simulating for more servers
  * gh#12846 Fix new version check for sites with wrongly
    configured curl
  * gh#12951 When exporting to Excel, the default is now to include
    column names in the first row
  * gh#13059 Removed debugging code
  * gh#13029 Fixed table tracking for nested table groups
  * gh#13053 Fixed broken links in setup
  * gh#12708 Removed phpMyAdmin version from User-Agent header
  * gh#13084 Do not point users to setup when it is disabled
  * gh#12660 Delete only phpMyAdmin cookies on upgrade
  * gh#13088 Fixed editing of rows with text primary key
  * gh#13092 Do not try to sync favorite tables if configuration
    storage is not enabled
  * gh#13105 Fixed changing attribute for virtual field
  * gh#12757 Fixed setting password on recent MariaDB with non
    working plugins
  * gh#12349 Fixed undefined variable on import from some formats
  * gh#13103 Do not offer default names for copying/renaming
  * [security] Possible to bypass
    $cfg['Servers'][$i]['AllowNoPassword'], see PMASA-2017-08
- Drop patch phpMyAdmin-pma.patch because now in upstream
* Mon Mar 20 2017
- add file
  * include one file for php5/php7 admin flags/values
* Wed Jan 25 2017
- 4.6.6 (2017-01-23)
  * gh#12759 Fix Notice regarding 'Undefined index: old_usergroup'
  * gh#12760 Fix Notice regarding 'Undefined index: users'
  * gh#12762 Fixed parsing of SQL with BINARY function
  * gh#12588 ReCaptcha now works without allow_url_fopen
  * gh#12699 Show no local storage warning only on settings tab
  * gh#12778 Syntax Error in Adding/Changing TIMESTAMP columns with
    default value as NULL
  * gh#12769 Edit/Export links are not clickable under Routines tab
  * gh#12757 Fixed creating new user with older MariaDB
  * gh#12784 Remove ctype installation suggestion
  * gh#12780 Format button replaces all text with blank spaces
  * gh#12786 Fixed database searching
  * gh#12792 Fixed javascript error on new version link
  * gh#12785 Add information about required and suggested extensions
    to composer.json
  * gh#12801 Custom header shown twice with cookie login form
  * gh#12802 Custom footer not shown with auth_type http login failure
  * gh#12434 Improve documentation for servers running with Suhosin
  * gh#12800 Updated embedded phpSecLib to 2.0.4
  * gh#12800 Fixed various issues with PHP 7.1
  * gh#11816 Fixed operation with lower_case_table_names=2
  * gh#12813 Fixed stored procedure execution
  * gh#12826 Honor user configured connection collation
  * gh#12293 Correctly report OpenSSL errors from cookie encryption
  * gh#12814 DateTime won't allow to input length in Routine editor
  * gh#12840 Fix Notice regarding 'Undefined index: row_format' when
    altering table options
  * gh#12841 Fixed moving of columns with whitespace in name
  * gh#12847 Fixed editing of virtual columns
  * gh#12859 Changed WHERE condition to 0 instead of 1 for SQL query
    window to avoid accidents
  * gh#12872 Use same query for display and execution when dropping
  * gh#12868 Fix check for user groups freatures being enabled
  * gh#12876 Fix notices and warning related to dbs_to_test global
  * gh#12831 Fix table formatting on Insert tab, which mostly
    affected row highlighting
  * gh#12495 Reintroduced phpinfo page with limited capabilities
  * gh#12861 Fix renaming tables with lower_case_table_names=2
  * gh#12876 Fix possible PHP error in navigation
  * gh#12881 Fix database search with newer php-gettext
  * gh#12894 Fix linter error on unterminated variable name
  * gh#12732 Fixed filtering for active processes
- fix for boo#1021597
  * PMASA-2016-44 (CVE-2016-6621, CWE-661)
  - Multiple vulnerabilities in setup script
  * PMASA-2017-1 (CVE-2017-1000013, CWE-661)
  - Open redirect
  * PMASA-2017-2 (CVE-2015-8980, CWE-661)
  - php-gettext code execution
  * PMASA-2017-3 (CVE-2017-1000014, CWE-661)
  - DOS vulnerabiltiy in table editing
  * PMASA-2017-4 (CVE-2017-1000015, CWE-661)
  - CSS injection in themes
  * PMASA-2017-5 (CVE-2017-1000016, CWE-661)
  - Cookie attribute injection attack
  * PMASA-2017-6 (CVE-2017-1000017, CWE-661)
  - SSRF in replication
  * PMASA-2017-7 (CVE-2017-1000018, CWE-661)
  - DOS in replication status
- remove obsolete phpMyAdmin-12757_sql_syntax_errror.patch
- rework phpMyAdmin-config.patch
* Thu Jan 19 2017
- Add Patch phpMyAdmin-12757_sql_syntax_errror.patch to fix
  gh#12757 SQL syntax errror on MariaDB < 10.0.2 in check for mysql
  password check plugin.
  Will be fixed in 4.6.6
* Tue Dec 06 2016
- update to (2016-12-05)
  * gh#12765 Fixed SQL export with newlines
- update changes (update to 4.6.5 (2016-11-25))
  * add missing (Not yet available) CVE's
- fix phpMyAdmin.http
* Sat Nov 26 2016
- update to (2016-11-26)
  - quick fix for 4.6.5
  * an issue affecting a small number of users using
    $cfg['Servers'][$i]['hide_db'] or $cfg['Servers'][$i]['only_db'].
  * an issue affecting the create table dialog where the partition
    selection tool was overzealous and made it difficult to create
    a new table.
- update to 4.6.5 (2016-11-25)
  - security fixes
  * Fix for expanding in navigation pane
  * Reintroduced a simplified version of PmaAbsoluteUri directive
    (needed with reverse proxies)
  * Fix editing of ENUM/SET/DECIMAL field structures
  * Improvements to the parser
  - other fixes
  * Remove potentionally license problematic sRGB profile
  * gh#12459 Display read only fields as read only when editing
  * gh#12384 Fix expanding of navigation pane when clicking on database
  * gh#12430 Impove partitioning support
  * gh#12374 Reintroduced simplified PmaAbsoluteUri configuration
  * Always use UTC time in HTTP headers
  * gh#12479 Simplified validation of external links
  * gh#12483 Fix browsing tables with built in transformations
  * gh#12485 Do not show warning about short blowfish_secret if none
    is set
  * gh#12251 Fixed random logouts due to wrong cookie path
  * gh#12480 Fixed editing of ENUM/SET/DECIMAL fields structure
  * gh#12497 Missing escaping of configuration used in SQL
    (hide_db and only_db)
  * gh#12476 Add error checking in reading advisory rules file
  * gh#12477 Add checking missing elements and confirming element
    types from json_decode
  * gh#12251 Automatically save SQL query in browser local storage
    rather than in cookie
  * gh#12292 Unable to edit transformations
  * gh#12502 Remove unused paramenter when connecting to MySQLi
  * gh#12303 Fix number formatting with different settings of
    precision in PHP
  * gh#12405 Use single quotes in PHP code
  * gh#12534 Option for the dropped column is not removed from
    'after_field' select, after the column is dropped
  * gh#12531 Properly detect DROP DATABASE queries
  * gh#12470 Fix possible race condition in setting URL hash
  * gh#11924 Remove caching of server information
  * gh#11628 Proper parsing of INSERT ... ON DUPLICATE KEY queries
  * gh#12545 Proper parsing of CREATE TABLE ... PARTITION queries
  * gh#12473 Code can throw unhandled exception
  * gh#12550 Do not try to keep alive session even after expiry
  * gh#12512 Fixed rendering BBCode links in setup
  * gh#12518 Fixed copy of table with generated columns
  * gh#12221 Fixed export of table with generated columns
  * gh#12320 Copying a user does not copy usergroup
  * gh#12272 Adding a new row with default enum goes to no selection
    when you want to add more then 2 rows
  * gh#12487 Drag and drop import prevents file dropping to blob
    column file selector on the insert tab
  * gh#12554 Absence of scrolling makes it impossible to read longer
    text values in grid editing
  * gh#12530 "Edit routine" crashes when the current user is not the
    definer, even if privileges are adequate
  * gh#12300 Export selective tables by-default dumps Events also
  * gh#12298 Fixed export of view definitions
  * gh#12242 Edit routine detail dialog does not fill "Return length"
    field in mysql functions
  * gh#12575 New index Confirm adds whitespace around the field name
  * gh#12382 Bug in zoom search
  * gh#12321 Assign LIMIT clause only to syntactically correct queries
  * gh#12461 Can't Execute SQL With Sub-Query Due To "LIMIT 0,25"
    Inserted At Wrong Place
  * gh#12511 Clarify documentation on ArbitraryServerRegexp
  * gh#12508 Remove duplicate code in SQL escaping
  * gh#12475 Cleanup code for getting table information
  * gh#12579 phpMyAdmin's export of a Select statment without a FROM
    clause generates Wrong SQL
  * gh#12316 Correct export of complex SELECT statements
  * gh#12080 Fixed parsing of subselect queries
  * gh#11740 Fixed handling DELETE ... USING queries
  * gh#12100 Fixed handling of CASE operator
  * gh#12455 Query history stores separate entry for every letter
  * gh#12327 Create PHP code no longer works
  * gh#12179 Fixed bookmarking of query with multiple statements
  * gh#12419 Wrong description on GRANT OPTION
  * gh#12615 Fixed regexp for matching browser versions
  * gh#12569 Avoid showing import errors twice
  * gh#12362 prefs_manage.php can leave an orphaned temporary file
  * gh#12619 Unable to export csv when using union select
  * gh#12625 Broken Edit links in query results of JOIN query
  * gh#12634 Drop DB error in import if DB doesn't exist
  * gh#12338 Designer reverts to first saved ER after EACH relation
    create or delete
  * gh#12639 'Show trace' in Console generates JS error for functions
    in query's trace called without any arguments
  * gh#12366 Fix user creation with certain MariaDB setups
  * gh#12616 Refuse to work with mbstring.func_overload enabled
  * gh#12472 Properly report connection without password in setup
  * gh#12365 Fix records count for large tables
  * gh#12533 Fix records count for complex queries
  * gh#12454 Query history not updated in console until page refresh
  * gh#12344 Fixed parsing of labels in loop
  * gh#12228 Fixed parsing of BEGIN labels
  * gh#12637 Fixed editing some timestamp values
  * gh#12622 Fixed javascript error in designer
  * gh#12334 Missing page indicator or VIEWs
  * gh#12610 Export of tables with Timestamp/Datetime/Time columns
    defined with ON UPDATE clause with precision fails
  * gh#12661 Error inserting into pma__history after timeout
  * gh#12195 Row_format = fixed not visible
  * gh#12665 Cannot add a foreign key - non-indexed fields not listed
    in InnoDB tables
  * gh#12674 Allow for proper MySQL-allowed strings as identifiers
  * gh#12651 Allow for partial dates on table insert page
  * gh#12681 Fixed designer with tables using special chars
  * gh#12652 Fixed visual query builder for foreign keys with more
  * gh#12257 Improved search page performance
  * gh#12322 Avoid selecting default function for foreign keys
  * gh#12453 Fixed escaping of SQL parts in some corner cases
  * gh#12542 Missing table name in account privileges editor
  * gh#12691 Remove ksort call on empty array in PMA_getPlugins
  * gh#12443 Check parameter type before processing
  * gh#12299 Avoid generating too long URLs in search
  * gh#12361 Fix self SQL injection in table-specific privileges
  * gh#12698 Add link to release notes and download on new version
  * gh#12712 Error when trying to setup replication (fatal error in
    call to an old PMA_DBI_connect function)
- fix for boo#1012271
  * Unsafe generation of $cfg['blowfish_secret']
    see PMASA-2016-58 (CVE ids: CVE-2016-9847, CWE-661)
  * phpMyAdmin's phpinfo functionality is removed
    see PMASA-2016-59 (CVE ids: CVE-2016-9848, CWE-661)
  * AllowRoot and allow/deny rule bypass with specially-crafted
    see PMASA-2016-60 (CVE ids: CVE-2016-9849, CWE-661)
  * Username matching weaknesses with allow/deny rules
    see PMASA-2016-61 (CVE ids: CVE-2016-9850, CWE-661)
  * Possible to bypass logout timeout
    see PMASA-2016-62 (CVE ids: CVE-2016-9851, CWE-661)
  * Full path disclosure (FPD) weaknesses
    see PMASA-2016-63 (CVE ids: CVE-2016-9852, CVE-2016-9853,
    CVE-2016-9854, CVE-2016-9855, CWE-661)
  * Multiple XSS weaknesses
    see PMASA-2016-64 (CVE ids: CVE-2016-9856, CVE-2016-9857,
    CWE-661, CWE-352)
  * Multiple denial-of-service (DOS) vulnerabilities
    see PMASA-2016-65 (CVE ids: CVE-2016-9858, CVE-2016-9859,
    CVE-2016-9860, CWE-661, CW-400)
  * Possible to bypass white-list protection for URL redirection
    see PMASA-2016-66 (CVE ids: CVE-2016-9861, CWE-661, CWE-20,
  * BBCode injection to login page
    see PMASA-2016-67 (CVE ids: CVE-2016-9862, CWE-661)
  * Denial-of-service (DOS) vulnerability in table partitioning
    see PMASA-2016-68 (CVE ids: CVE-2016-9863, CWE-661, CWE-400)
  * Multiple SQL injection vulnerabilities
    see PMASA-2016-69 (CVE ids: CVE-2016-9864, CWE-661, CWE-89)
  * Incorrect serialized string parsing
    see PMASA-2016-70 (CVE ids: CVE-2016-9865, CWE-661)
  * CSRF token not stripped from the URL
    see PMASA-2016-71 (CVE ids: CVE-2016-9866, CWE-661)
* Sun Nov 06 2016
- fix deps
  * add missing Recommends php5-curl
- fix phpMyAdmin.http
  * add <IfModule mod_php7.c>
* Sat Nov 05 2016
- fix phpMyAdmin.http
* Thu Aug 18 2016
- 4.6.4 (2016-08-16)
  - securitiy fixes
  * Improve session cookie code for openid.php and signon.php example
  * Full path disclosure in openid.php and signon.php example files
  * Unsafe generation of BlowfishSecret (when not supplied by the user)
  * Referrer leak when phpinfo is enabled
  * Use HTTPS for wiki links
  * Improve SSL certificate handling
  * Fix full path disclosure in debugging code
  * Administrators could trigger SQL injection attack against users
  - other fixes
  * Remove Swekey support
  * Include X-Robots-Tag header in responses
  * Enforce numeric field length when creating table
  * Fixed invalid Content-Length in some HTTP responses
  * gh#12394 Create view should require a view name
  * gh#12391 Message with 'Change password successfully' displayed,
    but does not take effect
  * Tighten control on PHP sessions and session cookies
  * gh#12409 Re-enable overhead on server databases view
  * gh#12414 Fixed rendering of Original theme
  * gh#12413 Fixed deleting users in non English locales
  * gh#12416 Fixed replication status output in Databases listing
  * gh#12303 Avoid typecasting to float when not needed
  * gh#12425 Duplicate message variable names in
  * gh#12399 Adding index to table shows wrong top navigation
  * gh#12424 Fixed password change on MariaDB without auth plugin
  * gh#12339 Do not error on unset server port
  * gh#12422 Improvements to the original theme
  * gh#12395 Do not try to load old transformation plugins
  * gh#12423 Fixed replication status in database listing
  * gh#12433 Copy table with prefix does not copy the indexes
  * gh#12375 Search in database: Window content is not scrolling down
    when clicking first time on Browse link
  * gh#12346 SQL Editor textareas can have their size increased from
    the top, distorting the page view
- fix for boo#994313
  * Weaknesses with cookie encryption
    see PMASA-2016-29 (CVE-2016-6606, CWE-661)
  * Multiple XSS vulnerabilities
    see PMASA-2016-30 (CVE-2016-6607, CWE-661)
  * Multiple XSS vulnerabilities
    see PMASA-2016-31 (CVE-2016-6608, CWE-661)
  * PHP code injection
    see PMASA-2016-32 (CVE-2016-6609, CWE-661)
  * Full path disclosure
    see PMASA-2016-33 (CVE-2016-6610, CWE-661)
  * SQL injection attack
    see PMASA-2016-34 (CVE-2016-6611, CWE-661)
  * Local file exposure through LOAD DATA LOCAL INFILE
    see PMASA-2016-35 (CVE-2016-6612, CWE-661)
  * Local file exposure through symlinks with UploadDir
    see PMASA-2016-36 (CVE-2016-6613, CWE-661)
  * Path traversal with SaveDir and UploadDir
    see PMASA-2016-37 (CVE-2016-6614, CWE-661)
  * Multiple XSS vulnerabilities
    see PMASA-2016-38 (CVE-2016-6615, CWE-661)
  * SQL injection vulnerability as control user
    see PMASA-2016-39 (CVE-2016-6616, CWE-661)
  * SQL injection vulnerability
    see PMASA-2016-40 (CVE-2016-6617, CWE-661)
  * Denial-of-service attack through transformation feature
    see PMASA-2016-41 (CVE-2016-6618, CWE-661)
  * SQL injection vulnerability as control user
    see PMASA-2016-42 (CVE-2016-6619, CWE-661)
  * Verify data before unserializing
    see PMASA-2016-43 (CVE-2016-6620, CWE-661)
  * SSRF in setup script
    see PMASA-2016-44 (CVE-2016-6621, CWE-661)
  * Denial-of-service attack with
    $cfg['AllowArbitraryServer'] = true and persistent connections
    see PMASA-2016-45 (CVE-2016-6622, CWE-661)
  * Denial-of-service attack by using for loops
    see PMASA-2016-46 (CVE-2016-6623, CWE-661)
  * Possible circumvention of IP-based allow/deny rules with IPv6 and
    proxy server
    see PMASA-2016-47 (CVE-2016-6624, CWE-661)
  * Detect if user is logged in
    see PMASA-2016-48 (CVE-2016-6625, CWE-661)
  * Bypass URL redirection protection
    see PMASA-2016-49 (CVE-2016-6626, CWE-661)
  * Referrer leak
    see PMASA-2016-50 (CVE-2016-6627, CWE-661)
  * Reflected File Download
    see PMASA-2016-51 (CVE-2016-6628, CWE-661)
  * ArbitraryServerRegexp bypass
    see PMASA-2016-52 (CVE-2016-6629, CWE-661)
  * Denial-of-service attack by entering long password
    see PMASA-2016-53 (CVE-2016-6630, CWE-661)
  * Remote code execution vulnerability when running as CGI
    see PMASA-2016-54 (CVE-2016-6631, CWE-661)
  * Denial-of-service attack when PHP uses dbase extension
    see PMASA-2016-55 (CVE-2016-6632, CWE-661)
  * Remove tode execution vulnerability when PHP uses dbase extension
    see PMASA-2016-56 (CVE-2016-6633, CWE-661)
- fix deps
  * add missing php-gettext
- rebase phpMyAdmin-config.patch
* Thu Jun 23 2016
- update to 4.6.3 (2016-06-23)
  * gh#12249 Fixed cookie path on Windows
  * gh#12279 Fixed error reporting on connect problems
  * gh#12290 Fixed export of tables without explicitly set engine
  * gh#12285 Designer JavaScript error: Show/Hide tables list
  * gh#12293 Fix MySQL SSL connection with some PHP versions
  * gh#12279 Fix MySQL connection error on version mismatch
  * gh#12281 Keep user attributes (privileges, authentication mode, etc) when copying a user
  * gh#12308 Fix division by zero in case of misconfigured MySQL server
  * gh#12317 Fix editing server variables
  * gh#12303 Fix table size calculation in some circumstances
  * gh#12310 Fix listing routines for non privileged user
  * issue Escape generated query in exporting a database
  * issue Setup script did not properly use input type password for some input types
- fix for boo#986154
  * PMASA-2016-17 (CVE-2016-5701, CWE-661)
  - BBCode injection vulnerability
  * PMASA-2016-18 (CVE-2016-5702, CWE-661)
  - Cookie attribute injection attack
  * PMASA-2016-19 (CVE-2016-5703, CWE-661)
  - SQL injection attack
  * PMASA-2016-20 (CVE-2016-5704, CWE-661)
  - XSS on table structure page
  * PMASA-2016-21 (CVE-2016-5705, CWE-661)
  - Multiple XSS vulnerabilities
  * PMASA-2016-22 (CVE-2016-5706, CWE-661)
  - DOS attack
  * PMASA-2016-23 (CVE-2016-5730, CWE-661)
  - Multiple full path disclosure vulnerabilities
  * PMASA-2016-24 (CVE-2016-5731, CWE-661)
  - XSS through FPD
  * PMASA-2016-25 (CVE-2016-5732, CWE-661)
  - XSS in partition range functionality
  * PMASA-2016-26 (CVE-2016-5733, CWE-661)
  - Multiple XSS vulnerabilities
  * PMASA-2016-27 (CVE-2016-5734, CWE-661)
  - Unsafe handling of preg_replace parameters
  * PMASA-2016-28 (CVE-2016-5739, CWE-661)
  - Referrer leak in transformations
* Sun May 29 2016
- rebase phpMyAdmin-config.patch
* Sat May 28 2016
- update to 4.6.2 (2016-05-25)
  - gh#12225 Use https for documentation links
  - gh#12234 Fix schema export with too many tables
  - gh#12240 Avoid parsing non JSON responses as JSON
  - gh#12244 Avoid using too log URLs when getting javascripts
  - gh#12118 Fixed setting mixed case languages
  - gh#12229 Avoid storing objects in session when debugging SQL
  - gh#12249 Fix cookie path on IIS
  - gh#11705 Fix occassional 200 errors on Windows
  - gh#12219 Fix locking issues when importing SQL
  - gh#12231 Avoid confusing warning when mysql extension is missing
  - fix issue Improve handling of logout
  - fix issue Safer handling of sessions during authentication
  - gh#12209 Fix server selection on main page
  - gh#12192 Avoid storing full error data in session
  - gh#12082 Fixed export of ARCHIVE tables with keys
  - gh#11565 Add session reload for config authentication
  - gh#12229 Do not fail on errors stored in session
  - gh#12248 Fix loading of APC based upload progress bar
- remove PmaAbsoluteUri from phpMyAdmin-config.patch because since
  version 4.6.0 it is remove
- Security fixes:
  * PMASA-2016-14 (CVE-2016-5097, CWE-661, boo#982126)
  - User SQL queries can be revealed through URL GET parameters,
    see PMASA-2016-14
  * PMASA-2016-16 (CVE-2016-5099, CWE-661, boo#982128)
  - Self XSS vulneratbility, see PMASA-2016-16
* Mon May 09 2016
- phpMyAdmin 4.6.1:
  * Problems with SQL syntax warnings from the linter/parser
  * Fixing an error about "PMA_Util" not found
  * Better handling of JSON columns
  * Fixed quoting with the SQL parser, which in particular adversely
    affected SQL imports and exports
* Thu Mar 24 2016
- phpMyAdmin 4.6.0:
  * Allow setting routine-wise privileges
  * UI for defining partitioning in create table window
  * Support JSON data type
  * Editing partitions in table Structure
  * Copy results to clipboard
  * Reactivate cut&paste possibility in print view
  * Display binary strings as text if they are valid UTF-8
  * Copy multiple tables to database
  * Show MySQL error messages in user language
  * Add new configuration directive 'ssl_verify' for self-signed
    certificates with mysqlnd and PHP >= 5.6
  * Remove ForceSSL and PmaAbsoluteUri configuration directives
    (these are better handled by proper webserver configuration)
  * Fixed several bugs relating to exporting, particularly with
    DEFAULT and COMMENT fields
* Tue Mar 01 2016
- phpMyAdmin
  The following vulnerabilities were fixed:
  * CVE-2016-2559: XSS vulnerability in SQL parser (PMASA-2016-10 boo#968940)
  * CVE-2016-2560: Multiple XSS vulnerabilities (PMASA-2016-11 boo#968938)
  * CVE-2016-2561: Multiple XSS vulnerabilities (PMASA-2016-12 boo#968941)
  * CVE-2016-2562: Vulnerability allowing man-in-the-middle attack on API call to GitHub (PMASA-2016-13 boo#968928)
  The following upstream bugs were fixed:
  * CREATE UNIQUE INDEX index type is not recognized by parser.
  * Row count wrong when grouping joined tables.
  * Column definition with default value and comment in CREATE TABLE expoerted faulty.
  * New statement but no delimiter and unexpected token with REPLACE.
  * Fixed incorrect usage of SQL parser context in SQL export
  * Fixed inclusion of gettext library from SQL parser
* Wed Feb 24 2016
- phpMyAdmin 4.5.5
  * improvements to changing passwords on newer MariaDB servers
  * several fixes to the SQL parser
* Sat Jan 30 2016
- update to (2016-01-28)
  - gh#11892 Error with PMA
  - gh#11896 Remove hard dependency on phpseclib
* Thu Jan 28 2016
- phpMyAdmin 4.5.4
  The followinng vulnerabilities were fixed: (boo#964024)
  * CVE-2016-2038: Multiple full path disclosure vulnerabilities
  * CVE-2016-2039: Unsafe generation of XSRF/CSRF token
  * CVE-2016-2040: Multiple XSS vulnerabilities
  * CVE-2016-1927: Insecure password generation in JavaScript
  * CVE-2016-2041: Unsafe comparison of XSRF/CSRF token
  * CVE-2016-2042: Multiple full path disclosure vulnerabilities
  * CVE-2016-2043: XSS vulnerability in normalization page
  * CVE-2016-2044: Full path disclosure vulnerability in SQL parser
  * CVE-2016-2045: XSS vulnerability in SQL editor
- update upstream singing keyring
* Sun Jan 10 2016
- 4.5.x package was missing template - fix boo#961285