Hello community,
here is the log from the commit of package phpMyAdmin
checked in at Tue Mar 6 18:07:21 CET 2007.
--------
--- phpMyAdmin/phpMyAdmin.changes 2007-02-28 17:06:43.000000000 +0100
+++ /mounts/work_src_done/NOARCH/phpMyAdmin/phpMyAdmin.changes 2007-03-06 17:33:41.000000000 +0100
@@ -1,0 +2,7 @@
+Tue Mar 6 17:23:32 CET 2007 - anosek@suse.cz
+
+- updated to version 2.10.0.2
+ * default value for $cfg['Servers'][$i]['ssl'] changed to false
+ * fixes PHP Executor Deep Recursion Stack Overflow [#251757]
+
+-------------------------------------------------------------------
Old:
----
phpMyAdmin-2.10.0-all-languages.tar.bz2
phpMyAdmin-2.10.0-blowfish_secret.patch
phpMyAdmin-2.10.0-mysqli.patch
New:
----
phpMyAdmin-2.10.0.2-all-languages.tar.bz2
phpMyAdmin-2.10.0.2-blowfish_secret.patch
phpMyAdmin-2.10.0.2-mysqli.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ phpMyAdmin.spec ++++++
--- /var/tmp/diff_new_pack.d12087/_old 2007-03-06 18:02:28.000000000 +0100
+++ /var/tmp/diff_new_pack.d12087/_new 2007-03-06 18:02:28.000000000 +0100
@@ -1,5 +1,5 @@
#
-# spec file for package phpMyAdmin (Version 2.10.0)
+# spec file for package phpMyAdmin (Version 2.10.0.2)
#
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@@ -16,7 +16,7 @@
Group: Productivity/Networking/Web/Frontends
Requires: mod_php_any php-mysql php-bz2 php-gd php-zlib php-iconv php-mcrypt php-session apache2 php5-mbstring
Autoreqprov: on
-Version: 2.10.0
+Version: 2.10.0.2
Release: 1
Source0: %{name}-%{version}-all-languages.tar.bz2
Source1: phpmyadmin.conf
@@ -114,6 +114,10 @@
%ghost %{serverroot}%{name}/config.inc.php
%changelog
+* Tue Mar 06 2007 - anosek@suse.cz
+- updated to version 2.10.0.2
+ * default value for $cfg['Servers'][$i]['ssl'] changed to false
+ * fixes PHP Executor Deep Recursion Stack Overflow [#251757]
* Wed Feb 28 2007 - anosek@suse.cz
- updated to version 2.10.0
* Designer: new graphical relation manager
++++++ phpMyAdmin-2.10.0-all-languages.tar.bz2 -> phpMyAdmin-2.10.0.2-all-languages.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/phpMyAdmin-2.10.0-all-languages/ChangeLog new/phpMyAdmin-2.10.0.2-all-languages/ChangeLog
--- old/phpMyAdmin-2.10.0-all-languages/ChangeLog 2007-02-28 01:51:14.000000000 +0100
+++ new/phpMyAdmin-2.10.0.2-all-languages/ChangeLog 2007-03-02 18:40:01.000000000 +0100
@@ -2,8 +2,20 @@
phpMyAdmin - ChangeLog
----------------------
-$Id: ChangeLog 10026 2007-02-28 00:50:11Z lem9 $
-$HeadURL: https://svn.sourceforge.net/svnroot/phpmyadmin/branches/QA_2_10/phpMyAdmin/C... $
+$Id: ChangeLog 10052 2007-03-02 17:35:25Z lem9 $
+$HeadURL: https://svn.sourceforge.net/svnroot/phpmyadmin/branches/MAINT_2_10_0/phpMyAd... $
+
+2007-03-02 Marc Delisle
+ ### 2.10.0.2 released from MAINT_2_10_0
+
+2007-03-01 Sebastian Mendel
+ * libraries/common.lib.php: bug #1671813 CVE-2006-1549 deep recursion crash
+
+2007-02-28 Marc Delisle
+ * libraries/config.default.php: set $cfg['Servers'][$i]['ssl'] default
+ value to false, we got reports from some users having problems with the
+ default value of true
+ ### 2.10.0.1 released from MAINT_2_10_0
2007-02-27 Marc Delisle
* libraries/common.lib.php: bug #1659176, memory error displaying
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/phpMyAdmin-2.10.0-all-languages/Documentation.html new/phpMyAdmin-2.10.0.2-all-languages/Documentation.html
--- old/phpMyAdmin-2.10.0-all-languages/Documentation.html 2007-02-28 01:51:14.000000000 +0100
+++ new/phpMyAdmin-2.10.0.2-all-languages/Documentation.html 2007-03-02 18:40:01.000000000 +0100
@@ -2,7 +2,7 @@
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US"
version="-//W3C//DTD XHTML 1.1//EN" dir="ltr">
-<!-- $Id: Documentation.html 10026 2007-02-28 00:50:11Z lem9 $ -->
+<!-- $Id: Documentation.html 10052 2007-03-02 17:35:25Z lem9 $ -->
<!--
vim: expandtab ts=4 sw=4 sts=4 tw=78
-->
@@ -11,7 +11,7 @@
<link rel="icon" href="./favicon.ico" type="image/x-icon" />
<link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
- <title>phpMyAdmin 2.10.0 - Documentation</title>
+ <title>phpMyAdmin 2.10.0.2 - Documentation</title>
<link rel="stylesheet" type="text/css" href="docs.css" />
</head>
@@ -33,7 +33,7 @@
<li><a href="#glossary">Glossary</a></li>
</ul>
-<h1>phpMyAdmin 2.10.0 Documentation</h1>
+<h1>phpMyAdmin 2.10.0.2 Documentation</h1>
<ul><li><a href="http://www.phpmyadmin.net/">
phpMyAdmin homepage</a></li>
@@ -48,7 +48,7 @@
</ul>
</li>
<li>Documentation version:
- <i>$Id: Documentation.html 10026 2007-02-28 00:50:11Z lem9 $</i>
+ <i>$Id: Documentation.html 10052 2007-03-02 17:35:25Z lem9 $</i>
</li>
</ul>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/phpMyAdmin-2.10.0-all-languages/Documentation.txt new/phpMyAdmin-2.10.0.2-all-languages/Documentation.txt
--- old/phpMyAdmin-2.10.0-all-languages/Documentation.txt 2007-02-28 01:51:14.000000000 +0100
+++ new/phpMyAdmin-2.10.0.2-all-languages/Documentation.txt 2007-03-02 18:40:01.000000000 +0100
@@ -11,7 +11,7 @@
* Translators
* Glossary
-phpMyAdmin 2.10.0 Documentation
+phpMyAdmin 2.10.0.2 Documentation
* phpMyAdmin homepage
* SourceForge phpMyAdmin project page
@@ -20,7 +20,7 @@
+ Version history: ChangeLog
+ General notes: README
+ License: LICENSE
- * Documentation version: $Id: Documentation.html 10026 2007-02-28 00:50:11Z
+ * Documentation version: $Id: Documentation.html 10052 2007-03-02 17:35:25Z
lem9 $
Requirements
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/phpMyAdmin-2.10.0-all-languages/libraries/common.lib.php new/phpMyAdmin-2.10.0.2-all-languages/libraries/common.lib.php
--- old/phpMyAdmin-2.10.0-all-languages/libraries/common.lib.php 2007-02-28 01:51:14.000000000 +0100
+++ new/phpMyAdmin-2.10.0.2-all-languages/libraries/common.lib.php 2007-03-02 18:40:01.000000000 +0100
@@ -1,5 +1,5 @@
http://www.php-security.org/MOPB/MOPB-02-2007.html
+ * @see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1549
*
* @param array $array array to walk
* @param string $function function to call for every array element
*/
function PMA_arrayWalkRecursive(&$array, $function, $apply_to_keys_also = false)
{
+ static $recursive_counter = 0;
+ if (++$recursive_counter > 1000) {
+ die('possible deep recursion attack');
+ }
+
foreach ($array as $key => $value) {
if (is_array($value)) {
PMA_arrayWalkRecursive($array[$key], $function, $apply_to_keys_also);
@@ -286,6 +297,7 @@
}
}
}
+ $recursive_counter++;
}
/**
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/phpMyAdmin-2.10.0-all-languages/libraries/Config.class.php new/phpMyAdmin-2.10.0.2-all-languages/libraries/Config.class.php
--- old/phpMyAdmin-2.10.0-all-languages/libraries/Config.class.php 2007-02-28 01:51:14.000000000 +0100
+++ new/phpMyAdmin-2.10.0.2-all-languages/libraries/Config.class.php 2007-03-02 18:40:01.000000000 +0100
@@ -1,5 +1,5 @@
set('PMA_VERSION', '2.10.0');
+ $this->set('PMA_VERSION', '2.10.0.2');
/**
* @deprecated
*/
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/phpMyAdmin-2.10.0-all-languages/libraries/config.default.php new/phpMyAdmin-2.10.0.2-all-languages/libraries/config.default.php
--- old/phpMyAdmin-2.10.0-all-languages/libraries/config.default.php 2007-02-28 01:51:14.000000000 +0100
+++ new/phpMyAdmin-2.10.0.2-all-languages/libraries/config.default.php 2007-03-02 18:40:01.000000000 +0100
@@ -1,7 +1,7 @@
https://svn.sourceforge.net/svnroot/phpmyadmin/branches/QA_2_10/phpMyAdmin/l... $
+* $HeadURL: https://svn.sourceforge.net/svnroot/phpmyadmin/branches/MAINT_2_10_0/phpMyAd... $
*
* This code that also used to depend on the PHP overload module, but that has been
* removed now.
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/phpMyAdmin-2.10.0-all-languages/README new/phpMyAdmin-2.10.0.2-all-languages/README
--- old/phpMyAdmin-2.10.0-all-languages/README 2007-02-28 01:51:14.000000000 +0100
+++ new/phpMyAdmin-2.10.0.2-all-languages/README 2007-03-02 18:40:01.000000000 +0100
@@ -1,12 +1,12 @@
-$Id: README 10026 2007-02-28 00:50:11Z lem9 $
+$Id: README 10052 2007-03-02 17:35:25Z lem9 $
phpMyAdmin - Readme
===================
A set of PHP-scripts to manage MySQL over the web.
- Version 2.10.0
- --------------
+ Version 2.10.0.2
+ ----------------
http://www.phpmyadmin.net/
Copyright (C) 1998-2000 Tobias Ratschiller
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/phpMyAdmin-2.10.0-all-languages/RELEASE-DATE-2.10.0 new/phpMyAdmin-2.10.0.2-all-languages/RELEASE-DATE-2.10.0
--- old/phpMyAdmin-2.10.0-all-languages/RELEASE-DATE-2.10.0 2007-02-28 01:51:14.000000000 +0100
+++ new/phpMyAdmin-2.10.0.2-all-languages/RELEASE-DATE-2.10.0 1970-01-01 01:00:00.000000000 +0100
@@ -1 +0,0 @@
-Wed Feb 28 00:51:00 UTC 2007
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/phpMyAdmin-2.10.0-all-languages/RELEASE-DATE-2.10.0.2 new/phpMyAdmin-2.10.0.2-all-languages/RELEASE-DATE-2.10.0.2
--- old/phpMyAdmin-2.10.0-all-languages/RELEASE-DATE-2.10.0.2 1970-01-01 01:00:00.000000000 +0100
+++ new/phpMyAdmin-2.10.0.2-all-languages/RELEASE-DATE-2.10.0.2 2007-03-02 18:40:01.000000000 +0100
@@ -0,0 +1 @@
+Fri Mar 2 17:39:48 UTC 2007
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/phpMyAdmin-2.10.0-all-languages/translators.html new/phpMyAdmin-2.10.0.2-all-languages/translators.html
--- old/phpMyAdmin-2.10.0-all-languages/translators.html 2007-02-28 01:51:14.000000000 +0100
+++ new/phpMyAdmin-2.10.0.2-all-languages/translators.html 2007-03-02 18:40:01.000000000 +0100
@@ -2,13 +2,13 @@
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US"
version="-//W3C//DTD XHTML 1.1//EN" dir="ltr">
-<!-- $Id: translators.html 10026 2007-02-28 00:50:11Z lem9 $ -->
+<!-- $Id: translators.html 10052 2007-03-02 17:35:25Z lem9 $ -->
<head>
<link rel="icon" href="./favicon.ico" type="image/x-icon" />
<link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
- <title>phpMyAdmin 2.10.0 - Official translators</title>
+ <title>phpMyAdmin 2.10.0.2 - Official translators</title>
<link rel="stylesheet" type="text/css" href="docs.css" />
</head>
@@ -31,7 +31,7 @@
<li><a href="Documentation.html#glossary">Glossary</a></li>
</ul>
-<h1>phpMyAdmin 2.10.0 official translators list</h1>
+<h1>phpMyAdmin 2.10.0.2 official translators list</h1>
<p> Here is the list of the "official translators" of
phpMyAdmin.</p>
++++++ phpMyAdmin-2.10.0-blowfish_secret.patch -> phpMyAdmin-2.10.0.2-blowfish_secret.patch ++++++
++++++ phpMyAdmin-2.10.0-mysqli.patch -> phpMyAdmin-2.10.0.2-mysqli.patch ++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org