Hello community,
here is the log from the commit of package phpMyAdmin.3228 for openSUSE:12.3:Update checked in at 2014-12-05 09:27:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.3:Update/phpMyAdmin.3228 (Old)
and /work/SRC/openSUSE:12.3:Update/.phpMyAdmin.3228.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "phpMyAdmin.3228"
Changes:
--------
New Changes file:
--- /dev/null 2014-11-17 01:44:14.624034255 +0100
+++ /work/SRC/openSUSE:12.3:Update/.phpMyAdmin.3228.new/phpMyAdmin.changes 2014-12-05 09:27:48.000000000 +0100
@@ -0,0 +1,1628 @@
+-------------------------------------------------------------------
+Thu Nov 20 22:09:13 UTC 2014 - andreas.stieger@gmx.de
+
+- phpMyAdmin 4.1.14.7
+ This update fixes several vulnerabilities:
+ * PMASA-2014-16 (CVE-2014-8961, CWE-661 CWE-23) [boo#906488]
+ http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php
+ - sf#4595 [security] Path traversal can lead to leakage of
+ line count
+ * PMASA-2014-15 (CVE-2014-8960, CWE-661 CWE-79) [boo#906487]
+ http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php
+ - sf#4596 [security] XSS through exception stack
+ * PMASA-2014-14 (CVE-2014-8959, CWE-661 CWE-98) [boo#906486]
+ http://www.phpmyadmin.net/home_page/security/PMASA-2014-14.php
+ - sf#4594 [security] Path traversal in file inclusion of
+ GIS factory
+ * PMASA-2014-13 (CVE-2014-8958, CWE-661 CWE-79) [boo#906485]
+ http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php
+ - sf#4578 [security] XSS vulnerability in table print view
+ - sf#4579 [security] XSS vulnerability in zoom search page
+ - sf#4598 [security] XSS in multi submit
+ - sf#4597 [security] XSS through pma_fontsize cookie
+
+-------------------------------------------------------------------
+Tue Oct 21 22:59:45 UTC 2014 - andreas.stieger@gmx.de
+
+- phpMyAdmin 4.1.14.6 [boo#902154] [CVE-2014-8326]
+ This release fixes cross-site scripting vulnerabilities in the
+ SQL debug output and server monitor pages. This developer option
+ is not enabled by default.
+ - sf#4562 [security] XSS in debug SQL output
+ - sf#4563 [security] XSS in monitor query analyzer
+
+-------------------------------------------------------------------
+Wed Oct 1 20:26:14 UTC 2014 - andreas.stieger@gmx.de
+
+- phpMyAdmin 4.1.14.5 [bnc#899452] [CVE-2014-7217]
+ Contains a fix for a cross-site scripting vulnerability in the
+ table search and table structure pages which could be trigged
+ with a crafted ENUM value
+ - sf#4544 [security] XSS vulnerabilities in table search and
+ table structure pages
+
+-------------------------------------------------------------------
+Sun Sep 14 21:27:03 UTC 2014 - chris@computersalat.de
+
+- fix for bnc#896635
+ * update to 4.1.14.4 (2014-09-13)
+ * PMASA-2014-10 (CVE-2014-6300, CWE-661 CWE-352)
+ http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php
+ - sf#4530 [security] DOM based XSS that results to a CSRF
+ that creates a ROOT account in certain conditions
+
+-------------------------------------------------------------------
+Mon Aug 18 19:09:54 UTC 2014 - andreas.stieger@gmx.de
+
+- phpMyAdmin 4.1.14.3 [bnc#892401]
+ This update addresses several vulnerabilities discovered in
+ phpMyAdmin as well as a number of non-security issues.
+ * sf#4501 [security] XSS in table browse page
+ * sf#4502 [security] Self-XSS in enum value editor
+ * sf#4503 [security] Self-XSSes in monitor
+ * sf#4505 [security] XSS in view operations page
+ * sf#4504 [security] Self-XSS in query charts
+ * sf#4517 [security] XSS in relation view
+ (From 4.1.14.2):
+ * sf#4488 [security] XSS injection due to unescaped table name
+ (triggers)
+ * sf#4492 [security] XSS in AJAX confirmation messages
+ * sf#4491 [security] Missing validation for accessing User groups
+ feature
+ (From 4.1.14.1):
+ * sf#4464 [security] XSS injection due to unescaped db/table
+ name in navigation hiding
+- Numerous non-security bugfixes from 4.1.14.0 through 4.1.9.0 as
+ listed at
+ https://github.com/phpmyadmin/phpmyadmin/blob/MAINT_4_1_14/ChangeLog
+
+-------------------------------------------------------------------
+Wed Feb 26 23:06:27 UTC 2014 - chris@computersalat.de
+
+- fix for bnc#864917
+ * PMASA-2014-1 ( CVE-2014-1879, CWE-661 CWE-79)
+ * update to >= 4.1.7
+- update to 4.1.8 (2014-02-22)
+ * sf#4276 Login loop on session expiry
+ * sf#4249 Incorrect number of result rows for SQL with subqueries
+ * sf#4275 Broken Link to php extension manual
+ * sf#4053 List of procedures is not displayed after executing with Enter
+ * sf#4081 Setup page content shifted to the right edge of its tabs
+ * sf#4284 Reordering a column erases comments for other columns
+ * sf#4286 Open "Browse" in a new tab
+ * sf#4287 Printview - Always one column too much
+ * sf#4288 Expand database (+ icon) after timeout doesn't do anything
+ * sf#4285 Fixed CSS for setup
+ * Fixed altering table to DOUBLE/FLOAT field
+ * sf#4292 Success message and failure message being shown together
+ * sf#4293 opening new tab (using selflink) for import.php based actions
+ results in error and logout
+
+-------------------------------------------------------------------
+Wed Aug 7 12:28:30 UTC 2013 - chris@computersalat.de
+
+- fix for bnc#833731
+ * PMASA-2013-10 (CVE-2013-5029 CWE-661 CWE-693)
+ http://www.phpmyadmin.net/home_page/security/PMASA-2013-10.php
+- update to 4.0.5 (2013-08-04)
+ + sf#3977 Not detected configuration storage
+ + sf#3970 Pressing enter in the filter field reloads page
+ + sf#3984 Cannot insert in this table (PHP < 5.4)
+ + sf#3989 Reloading privileges does not update the interface
+ + sf#3960 NavigationBarIconic config not honored
+ + sf#3985 Call to undefined function mb_detect_encoding
+ + sf#4007 Analyze option not shown for InnoDB tables
+ + sf#4015 Forcing a storage engine for configuration storage
+ + bug Incorrect Drizzle 7 detection
+ + sf#4019 Create database if not exists (export): add an option to the
+ interface to enable generating CREATE DATABASE and USE (false by default)
+ + sf#4012 Crash on CSV file import
+ + sf#4009 Statistic Monitor shows only last 3 digits in graph
+ + sf#3998 Non-permanent SQL history not working
+ + sf#3578 Transformations for text/plain on a BLOB column
+ + [security] Improved protection against cross framing, see PMASA-2013-10
+ (CVE-2013-5029 CWE-661 CWE-693)
+ + Reinstated configuration directive: AllowThirdPartyFraming
+
+-------------------------------------------------------------------
+Mon Jul 29 20:23:38 UTC 2013 - chris@computersalat.de
+
+- fix for bnc#831896
+ * multiple XSS issues (+ a SQL injection and full path disclosure flaw)
+ * fix for PMASA-2013-8 (CWE-661, CWE-79)
+ * fix for PMASA-2013-9 (CWE-661 CWE-79 CWE-80)
+ * fix for PMASA-2013-11 (CWE-300 CWE-79)
+ * fix for PMASA-2013-12 (CWE-661 CWE-200)
+ * fix for PMASA-2013-14 (CWE-661 CWE-79)
+ * fix for PMASA-2013-15 (CWE-661 CWE-89 CWE-269)
+- update to 3.5.8.2 (2013-07-28)
+ * [security] Fix self-XSS in "Showing rows", see PMASA-2013-8
+ * [security] Fix self-XSS in Display chart, see PMASA-2013-9
+ * [security] Fix stored XSS in Server status monitor, see PMASA-2013-9
+ * [security] Fix stored XSS in navigation panel logo link, see PMASA-2013-9
+ * [security] Fix self-XSS in setup, trusted proxies validation, see PMASA-2013-9
+ * [security] JSON content type header for version_check.php, see PMASA-2013-9
+ * [security] Backport fix for jQuery issue #9521 from jQuery 1.6.3, see PMASA-2013-9
+ * [security] Fix full path disclosure, see PMASA-2013-12
+ * [security] Fix control user SQL injection in pmd_pdf.php, see PMASA-2013-15
+ * [security] Fix control user SQL injection in schema_export.php, see PMASA-2013-15
+ * [security] Fix self-XSS in schema export, see PMASA-2013-14
+ * [security] Fix unencoded json object, see PMASA-2013-11
+
+-------------------------------------------------------------------
+Wed Jun 12 22:06:24 UTC 2013 - chris@computersalat.de
+
+- update to 3.5.8.1 (2013-04-24)
+ * [security] Remote code execution (preg_replace), reported by Janek Vind
+ (see PMASA-2013-2)
+ * [security] Locally Saved SQL Dump File Multiple File Extension Remote Code
+ Execution, reported by Janek Vind (see PMASA-2013-3)
+- fix for bnc#824301
+ * PMASA-2013-2 (CVE-2013-3238)
+- fix for bnc#824302
+ * PMASA-2013-3 (CVE-2013-3239)
+- update to 3.5.8 (2013-04-08)
+ * sf#3828 MariaDB reported as MySQL
+ * sf#3854 Incorrect header for Safari 6.0
+ * sf#3705 Attempt to open trigger for edit gives NULL
+ * Use HTML5 DOCTYPE
+ * [security] Self-XSS on GIS visualisation page, reported by Janek Vind
+ see PMASA-2013-1
+ * sf#3800 Incorrect keyhandler behaviour #2
+- fix for bnc#814678
+ * PMASA-2013-1 (CVE-2013-1937)
+
+-------------------------------------------------------------------
+Mon Feb 4 17:34:24 CET 2013 - draht@suse.de
+
+- update to 3.5.6.0 (2013-01-28)
+ * sf#3593604 [status] Erroneous advisor rule
+ * sf#3596070 [status] localStorage broken in server status monitor
+ * sf#3598736 [routines] Editing a procedure with special characters
+ * sf#3600322 [core] Visualize GIS data throws Fatal Error
+ * sf#3599362 [core] Double-escaped error message
+ * sf#3776 [cookies] Login without auth on second server
+
+-------------------------------------------------------------------
+Wed Jan 16 23:17:50 UTC 2013 - chris@computersalat.de
+
+- update to 3.5.5.0 (2012-12-21)
+ * sf#3563824 [export] Support Apache's mod_deflate
+ * sf#3585523 [interface] Inline query editing broken after row update
+ * sf#3586389 [setup] Cannot switch language in /setup
+ * sf#3585695 [CSS] Font size in inline query editor is way too big
+ * sf#3588354 [l10n] Portuguese Language not displaying correctly
+ * sf#3591412 [status] Live charts don't work for non-default server
+ * sf[core] Proxy ajax calls to pma.net to avoid browser notices
+ * sf#3593534 [tracking] Structure Snapshot on tracked view renders
++++ 1431 more lines (skipped)
++++ between /dev/null
++++ and /work/SRC/openSUSE:12.3:Update/.phpMyAdmin.3228.new/phpMyAdmin.changes
New:
----
phpMyAdmin-4.1.14.7-all-languages.tar.bz2
phpMyAdmin-config.patch
phpMyAdmin-rpmlintrc
phpMyAdmin.changes
phpMyAdmin.http
phpMyAdmin.spec
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ phpMyAdmin.spec ++++++
#
# spec file for package phpMyAdmin
#
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: phpMyAdmin
%define apxs %{_sbindir}/apxs2
%define ap_sysconfdir %(%{apxs} -q SYSCONFDIR)
%define ap_serverroot %(%{apxs} -q PREFIX)
%define ap_docroot %(%{apxs} -q PREFIX)/htdocs
%define pma_config %{_sysconfdir}/%{name}/config.inc.php
%if 0%{?suse_version}
%define ap_usr wwwrun
%define ap_grp www
%else
%define ap_usr nobody
%define ap_grp nogroup
%endif
Summary: Administration of MySQL over the web
License: GPL-2.0+
Group: Productivity/Networking/Web/Frontends
Version: 4.1.14.7
Release: 0
Url: http://www.phpMyAdmin.net
Source0: http://sourceforge.net/projects/phpmyadmin/files/%{name}-%{version}-all-languages.tar.bz2
Source1: %{name}.http
Patch0: %{name}-config.patch
BuildArch: noarch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: pwgen coreutils sed grep
BuildRequires: apache2-devel
BuildRequires: python-devel
%if 0%{?suse_version} > 1020
BuildRequires: fdupes
%endif
#
Requires: mod_php_any
Requires: php-bz2
Requires: php-gd
Requires: php-iconv
Requires: php-mbstring
Requires: php-mcrypt
Requires: php-mysql
Requires: php-session
Requires: php-zlib
Recommends: php5-zip
%description
phpMyAdmin can manage a whole MySQL server (needs a super-user) as well as a
single database. To accomplish the latter you'll need a properly set up MySQL
user who can read/write only the desired database. It's up to you to look up
the appropriate part in the MySQL manual.
Currently phpMyAdmin can:
* browse and drop databases, tables, views, fields and indexes
* create, copy, drop, rename and alter databases, tables, fields and indexes
* maintenance server, databases and tables, with proposals on server
configuration
* execute, edit and bookmark any SQL-statement, even batch-queries
* load text files into tables
* create^1 and read dumps of tables
* export^1 data to various formats: CSV, XML, PDF, ISO/IEC 26300 -
OpenDocument Text and Spreadsheet, Word, Excel and L^AT[E]X formats
* import data and MySQL structures from Microsoft Excel and OpenDocument
spreadsheets, as well as XML, CSV, and SQL files
* administer multiple servers
* manage MySQL users and privileges
* check referential integrity in MyISAM tables
* using Query-by-example (QBE), create complex queries automatically
connecting required tables
* create PDF graphics of your Database layout
* search globally in a database or a subset of it
* transform stored data into any format using a set of predefined functions,
like displaying BLOB-data as image or download-link
* track changes on databases, tables and views
* support InnoDB tables and foreign keys (see FAQ 3.6)
* support mysqli, the improved MySQL extension (see FAQ 1.17)
* communicate in 57 different languages
* synchronize two databases residing on the same as well as remote servers
(see FAQ 9.1)
%prep
%setup -q -n %{name}-%{version}-all-languages
## rpmlint:
# wrong-file-end-of-line-encoding
%{__perl} -p -i -e 's|\r\n|\n|' examples/config.manyhosts.inc.php
%patch0
find . -type d -exec chmod 755 {} \;
find . -type f -exec chmod 644 {} \;
find . -type f -name '*.orig' -exec rm {} \;
%build
%install
#%%{__install} -d -m0750 $RPM_BUILD_ROOT%%{_sysconfdir}/%%{name}
%{__install} -d -m0755 $RPM_BUILD_ROOT%{ap_docroot}/%{name}
%{__cp} -dR *.css *.php *.ico js libraries locale themes \
$RPM_BUILD_ROOT%{ap_docroot}/%{name}
# install config to config dir
%{__install} -D -m0640 $RPM_BUILD_ROOT%{ap_docroot}/%{name}/config.sample.inc.php \
$RPM_BUILD_ROOT%{_sysconfdir}/%{name}/config.inc.php
# fix libraries/vendor_config.php
%{__sed} -i -e "s,@docdir@,%{_docdir}/%{name},g" -e "s,@sysconfdir@,%{_sysconfdir}/%{name},g" \
$RPM_BUILD_ROOT%{ap_docroot}/%{name}/libraries/vendor_config.php
# fix libraries/common.inc.php
#%%{__sed} -i -e "s,@PMA_Config@,%%{_sysconfdir}/%%{name}/config.inc.php,g" \
# $RPM_BUILD_ROOT%%{ap_docroot}/%%{name}/libraries/common.inc.php
# generate file list
find $RPM_BUILD_ROOT%{ap_docroot}/%{name} -mindepth 1 -maxdepth 1 -type d | sed -e "s@$RPM_BUILD_ROOT@@" > FILELIST
find $RPM_BUILD_ROOT%{ap_docroot}/%{name} -maxdepth 1 -type f | grep -v 'config.inc.php' | sed -e "s@$RPM_BUILD_ROOT@@" >> FILELIST
%{__install} -D -m0644 %{S:1} $RPM_BUILD_ROOT%{ap_sysconfdir}/conf.d/%{name}.conf
# fix paths in http config
%{__sed} -i -e "s,@ap_docroot@,%{ap_docroot},g" -e "s,@name@,%{name},g" \
-e "s,@docdir@,%{_docdir},g" $RPM_BUILD_ROOT%{ap_sysconfdir}/conf.d/%{name}.conf
# rpmlint stuff
%if 0%{?suse_version} > 1020
%fdupes ${RPM_BUILD_ROOT}%{ap_docroot}/%{name}/libraries
%fdupes ${RPM_BUILD_ROOT}%{ap_docroot}/%{name}/themes
%endif
# Fix python-bytecode-inconsistent-mtime
rm -rf doc/_ext/configext.pyc
pushd doc/_ext
%py_compile ./
popd
%post
# on `rpm -ivh` PARAM is 1
# on `rpm -Uvh` PARAM is 2
# set PmaAbsoluteUri ### generate blowfish secret
%{__sed} -i -e "s,@FQDN@,$(cat /etc/HOSTNAME)," \
-e "s/\\\$cfg\['blowfish_secret'\] = ''/\$cfg['blowfish_secret'] = '`pwgen -s -1 46`'/" %{pma_config}
%restart_on_update apache2
%postun
%restart_on_update apache2
%clean
%{__rm} -rf $RPM_BUILD_ROOT
%files -f FILELIST
%defattr(644,root,root,755)
%doc ChangeLog
%doc LICENSE README RELEASE-DATE*
%doc examples doc
%dir %attr(0750,root,%{ap_grp}) %{_sysconfdir}/%{name}
%config(noreplace) %{_sysconfdir}/%{name}/config.inc.php
%dir %{ap_docroot}/%{name}
%config(noreplace) %{ap_sysconfdir}/conf.d/%{name}.conf
%changelog
++++++ phpMyAdmin-config.patch ++++++
Index: config.sample.inc.php
===================================================================
--- config.sample.inc.php.orig
+++ config.sample.inc.php
@@ -11,10 +11,51 @@
*/
/*
+ * Your phpMyAdmin url
+ *
+ * Complete the variable below with the full url ie
+ * https://www.your_web.net/path_to_your_phpMyAdmin_directory/
+ *
+ * It must contain characters that are valid for a URL, and the path is
+ * case sensitive on some Web servers, for example Unix-based servers.
+ *
+ * In most cases you can leave this variable empty, as the correct value
+ * will be detected automatically. However, we recommend that you do
+ * test to see that the auto-detection code works in your system. A good
+ * test is to browse a table, then edit a row and save it. There will be
+ * an error message if phpMyAdmin cannot auto-detect the correct value.
+ *
+ * If the auto-detection code does work properly, you can set to true the
+ * $cfg['PmaAbsoluteUri_DisableWarning'] variable below.
+ */
+$cfg['PmaAbsoluteUri'] = '';
+
+/*
* This is needed for cookie based authentication to encrypt password in
* cookie
+ * YOU MUST FILL IN THIS FOR COOKIE AUTH!
+ */
+$cfg['blowfish_secret'] = '';
+
+/*
+ * Disable the default warning about $cfg['PmaAbsoluteUri'] not being set
+ * You should use this if and ONLY if the PmaAbsoluteUri auto-detection
+ * works perfectly.
+ */
+$cfg['PmaAbsoluteUri_DisableWarning'] = false;
+
+/*
+ * Disable the default warning that is displayed on the DB Details Structure page if
+ * any of the required Tables for the relationfeatures could not be found
+ */
+$cfg['PmaNoRelation_DisableWarning'] = false;
+
+/*
+ * Disable the default warning that is displayed if Suhosin is detected
+ *
+ * @global boolean $cfg['SuhosinDisableWarning']
*/
-$cfg['blowfish_secret'] = 'a8b7c6d'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
+$cfg['SuhosinDisableWarning'] = true;
/*
* Servers configuration
@@ -25,47 +66,247 @@ $i = 0;
* First server
*/
$i++;
-/* Authentication type */
-$cfg['Servers'][$i]['auth_type'] = 'cookie';
-/* Server parameters */
-$cfg['Servers'][$i]['host'] = 'localhost';
-$cfg['Servers'][$i]['connect_type'] = 'tcp';
-$cfg['Servers'][$i]['compress'] = false;
-/* Select mysql if your server does not have mysqli */
-$cfg['Servers'][$i]['extension'] = 'mysqli';
-$cfg['Servers'][$i]['AllowNoPassword'] = false;
+// MySQL hostname or IP address
+$cfg['Servers'][$i]['host'] = 'localhost';
+
+// MySQL port - leave blank for default port
+$cfg['Servers'][$i]['port'] = '';
+
+// Path to the socket - leave blank for default socket
+$cfg['Servers'][$i]['socket'] = '';
+
+// Use SSL for connecting to MySQL server?
+$cfg['Servers'][$i]['ssl'] = false;
+
+// How to connect to MySQL server ('tcp' or 'socket')
+$cfg['Servers'][$i]['connect_type'] = 'socket';
+
+// The PHP MySQL extension to use ('mysql' or 'mysqli')
+$cfg['Servers'][$i]['extension'] = 'mysqli';
+
+// Use compressed protocol for the MySQL connection (requires PHP >= 4.3.0)
+$cfg['Servers'][$i]['compress'] = false;
+
+// Authentication method (config, http or cookie based)?
+$cfg['Servers'][$i]['auth_type'] = 'cookie';
+
+// MySQL user
+$cfg['Servers'][$i]['user'] = 'root';
+
+// MySQL password (only needed with 'config' auth_type)
+$cfg['Servers'][$i]['password'] = '';
+
+// Allow access without password
+$cfg['Servers'][$i]['AllowNoPassword'] = false;
+
+// whether to allow root login
+$cfg['Servers'][$i]['AllowRoot'] = true;
+
+// Session to use for 'signon' authentication method
+$cfg['Servers'][$i]['SignonSession'] = '';
+
+// URL where to redirect user to login for 'signon' authentication method
+$cfg['Servers'][$i]['SignonURL'] = '';
+
+// URL where to redirect user after logout
+$cfg['Servers'][$i]['LogoutURL'] = '';
+
+// If set to a db-name, only this db is displayed in left frame
+// It may also be an array of db-names, where sorting order is relevant.
+$cfg['Servers'][$i]['only_db'] = '';
+
+// Verbose name for this host - leave blank to show the hostname
+$cfg['Servers'][$i]['verbose'] = '';
+
+// set to false if you know that your pma_* tables
+// are up to date. This prevents compatibility
+// checks and thereby increases performance.
+$cfg['Servers'][$i]['verbose_check'] = true;
+
+// Host authentication order, leave blank to not use
+$cfg['Servers'][$i]['AllowDeny']['order'] = '';
+
+// Host authentication rules, leave blank for defaults
+$cfg['Servers'][$i]['AllowDeny']['rules'] = array();
/*
* phpMyAdmin configuration storage settings.
*/
+$cfg['Servers'][$i]['controlhost'] = 'localhost';
+
+// MySQL control user settings (this user must have read-only
+// access to the "mysql/user" and "mysql/db" tables).
+// The controluser is also used for all relational features (pmadb)
+$cfg['Servers'][$i]['controluser'] = '';
+
+// The password needed for the controluser to login
+// (see $cfg['Servers'][$i]['controluser'])
+$cfg['Servers'][$i]['controlpass'] = '';
+
+// Database used for Relation, Bookmark and PDF Features
+// (see _docdir/examples/create_tables.sql)
+// - leave blank for no support
+// DEFAULT: 'phpmyadmin'
+$cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
+
+// Bookmark table
+// - leave blank for no bookmark support
+// DEFAULT: 'pma_bookmark'
+$cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
+
+// table to describe the relation between links (see doc)
+// - leave blank for no relation-links support
+// DEFAULT: 'pma_relation'
+$cfg['Servers'][$i]['relation'] = 'pma__relation';
+
+// table to describe the display fields
+// - leave blank for no display fields support
+// DEFAULT: 'pma_table_info'
+$cfg['Servers'][$i]['table_info'] = 'pma__table_info';
+
+// table to describe the tables position for the PDF schema
+// - leave blank for no PDF schema support
+// DEFAULT: 'pma_table_coords'
+$cfg['Servers'][$i]['table_coords'] = 'pma__table_coords';
+
+// table to describe pages of relationpdf
+// - leave blank if you don't want to use this
+// DEFAULT: 'pma_pdf_pages'
+$cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
+
+// table to store column information
+// - leave blank for no column comments/mime types
+// DEFAULT: 'pma_column_info'
+$cfg['Servers'][$i]['column_info'] = 'pma__column_info';
+
+// table to store SQL history
+// - leave blank for no SQL query history
+// DEFAULT: 'pma_history'
+$cfg['Servers'][$i]['history'] = 'pma__history';
+
+// Table to store user interface enhancement data.
+// - Leave blank to disable.
+// DEFAULT: 'pma_table_uiprefs'
+$cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
+
+// Table to store version/change tracking data
+// - leave blank to disable
+// DEFAULT: 'pma_tracking'
+$cfg['Servers'][$i]['tracking'] = 'pma__tracking';
+
+// Table in which to store information for the designer feature.
+// DEFAULT: 'pma_designer_coords'
+$cfg['Servers'][$i]['designer_coords'] = 'pma__designer_coords';
+
+// Table to store user preferences -- allows users to set most
+// preferences by themselves and store them in the phpMyAdmin
+// configuration storage database.
+// If you don't allow for storing preferences in pmadb, users can
+// still personalize phpMyAdmin, but settings will be saved in
+// browser's local storage, or, it is is unavailable, until the end
+// of session.
+// DEFAULT: 'pma_userconfig'
+$cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
+
+// Table to store a list of recently used tables to be shown in the
+// left navigation frame. It helps you to jump across table directly,
+// without the need to select the database, and then select the table.
+// Using $cfg['LeftRecentTable'] you can configure the maximum number
+// of recent tables shown.
+// Without configuring the storage, you can still access the recently
+// used tables, but it will disappear after you logout.
+// DEFAULT: 'pma_recent'
+$cfg['Servers'][$i]['recent'] = 'pma__recent';
+
+// You can create different user groups with menu items attached to them.
+// Users can be assigned to these groups and the logged in user
+// would only see menu items configured to the usergroup he is assigned to.
+// To do this it needs two tables “usergroups” (storing allowed menu items for each user group)
+// and “users” (storing users and their assignments to user groups).
+// DEFAULT: 'pma_users'
+// DEFAULT: 'pma_usergroups'
+$cfg['Servers'][$i]['users'] = 'pma__users';
+$cfg['Servers'][$i]['usergroups'] = 'pma__usergroups';
+
+// You can hide/show items in the navigation tree.
+// DEFAULT: 'pma_navigationhiding'
+$cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding';
-/* User used to manipulate with storage */
-// $cfg['Servers'][$i]['controlhost'] = '';
-// $cfg['Servers'][$i]['controlport'] = '';
-// $cfg['Servers'][$i]['controluser'] = 'pma';
-// $cfg['Servers'][$i]['controlpass'] = 'pmapass';
-
-/* Storage database and tables */
-// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
-// $cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
-// $cfg['Servers'][$i]['relation'] = 'pma__relation';
-// $cfg['Servers'][$i]['table_info'] = 'pma__table_info';
-// $cfg['Servers'][$i]['table_coords'] = 'pma__table_coords';
-// $cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
-// $cfg['Servers'][$i]['column_info'] = 'pma__column_info';
-// $cfg['Servers'][$i]['history'] = 'pma__history';
-// $cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
-// $cfg['Servers'][$i]['tracking'] = 'pma__tracking';
-// $cfg['Servers'][$i]['designer_coords'] = 'pma__designer_coords';
-// $cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
-// $cfg['Servers'][$i]['recent'] = 'pma__recent';
-// $cfg['Servers'][$i]['users'] = 'pma__users';
-// $cfg['Servers'][$i]['usergroups'] = 'pma__usergroups';
-// $cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding';
/* Contrib / Swekey authentication */
-// $cfg['Servers'][$i]['auth_swekey_config'] = '/etc/swekey-pma.conf';
+// The name of the file containing Swekey ids and login names for
+// hardware authentication. Leave the string empty to deactivate this
+// feature.
+// see _docdir/examples/swekey.sample.conf
+//$cfg['Servers'][$i]['auth_swekey_config'] = '/etc/phpMyAdmin/swekey-pma.conf';
+
+
+/***************************************
+ * Second Server
+ */
+
+/*
+$i++;
+$cfg['Servers'][$i]['host'] = 'localhost';
+$cfg['Servers'][$i]['port'] = '';
+$cfg['Servers'][$i]['socket'] = '';
+$cfg['Servers'][$i]['ssl'] = false;
+$cfg['Servers'][$i]['connect_type'] = 'socket';
+$cfg['Servers'][$i]['extension'] = 'mysqli';
+$cfg['Servers'][$i]['compress'] = false;
+$cfg['Servers'][$i]['auth_type'] = 'cookie';
+$cfg['Servers'][$i]['user'] = 'root';
+$cfg['Servers'][$i]['password'] = '';
+$cfg['Servers'][$i]['AllowNoPassword'] = false;
+$cfg['Servers'][$i]['AllowRoot'] = true;
+$cfg['Servers'][$i]['SignonSession'] = '';
+$cfg['Servers'][$i]['SignonURL'] = '';
+$cfg['Servers'][$i]['LogoutURL'] = '';
+$cfg['Servers'][$i]['only_db'] = '';
+$cfg['Servers'][$i]['verbose'] = '';
+$cfg['Servers'][$i]['verbose_check'] = true;
+$cfg['Servers'][$i]['AllowDeny']['order'] = '';
+$cfg['Servers'][$i]['AllowDeny']['rules'] = array();
+*/
/*
+ * phpMyAdmin configuration storage settings.
+ */
+
+/*
+$cfg['Servers'][$i]['controlhost'] = 'localhost';
+$cfg['Servers'][$i]['controluser'] = '';
+$cfg['Servers'][$i]['controlpass'] = '';
+$cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
+$cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
+$cfg['Servers'][$i]['relation'] = 'pma__relation';
+$cfg['Servers'][$i]['table_info'] = 'pma__table_info';
+$cfg['Servers'][$i]['table_coords'] = 'pma__table_cords';
+$cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
+$cfg['Servers'][$i]['column_info'] = 'pma__column_info';
+$cfg['Servers'][$i]['history'] = 'pma__history';
+$cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
+$cfg['Servers'][$i]['tracking'] = 'pma__tracking';
+$cfg['Servers'][$i]['designer_coords'] = 'pma__designer_coords';
+$cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
+$cfg['Servers'][$i]['recent'] = 'pma__recent';
+$cfg['Servers'][$i]['users'] = 'pma__users';
+$cfg['Servers'][$i]['usergroups'] = 'pma__usergroups';
+$cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding';
+$cfg['Servers'][$i]['auth_swekey_config'] = '/etc/phpMyAdmin/swekey-pma_02.conf';
+*/
+
+// If you have more than one server configured, you can set $cfg['ServerDefault']
+// to any one of them to autoconnect to that server when phpMyAdmin is started,
+// or set it to 0 to be given a list of servers without logging in
+// If you have only one server configured, $cfg['ServerDefault'] *MUST* be
+// set to that server.
+
+// Default server (0 = no default server)
+$cfg['ServerDefault'] = 1;
+$cfg['Server'] = '0';
+unset($cfg['Servers'][0]);
+
+/***************************************
* End of servers configuration
*/
Index: libraries/vendor_config.php
===================================================================
--- libraries/vendor_config.php.orig
+++ libraries/vendor_config.php
@@ -17,18 +17,18 @@ if (! defined('PHPMYADMIN')) {
* Path to changelog file, can be gzip compressed. Useful when you want to
* have documentation somewhere else, eg. /usr/share/doc.
*/
-define('CHANGELOG_FILE', './ChangeLog');
+define('CHANGELOG_FILE', '@docdir@/ChangeLog');
/**
* Path to license file. Useful when you want to have documentation somewhere
* else, eg. /usr/share/doc.
*/
-define('LICENSE_FILE', './LICENSE');
+define('LICENSE_FILE', '@docdir@/LICENSE');
/**
* Path to config file generated using setup script.
*/
-define('SETUP_CONFIG_FILE', './config/config.inc.php');
+define('SETUP_CONFIG_FILE', '@sysconfdir@/config.inc.php');
/**
* Whether setup requires writable directory where config
@@ -46,7 +46,7 @@ define('CONFIG_DIR', './');
/**
* Filename of a configuration file.
*/
-define('CONFIG_FILE', CONFIG_DIR . 'config.inc.php');
+define('CONFIG_FILE', SETUP_CONFIG_FILE );
/**
* Filename of custom header file.
++++++ phpMyAdmin-rpmlintrc ++++++
addFilter("files-duplicated-waste")
addFilter("files-duplicate")
++++++ phpMyAdmin.http ++++++