Hello community, here is the log from the commit of package phpMyAdmin checked in at Sat Mar 1 18:51:56 CET 2008. -------- --- phpMyAdmin/phpMyAdmin.changes 2008-01-13 09:28:00.000000000 +0100 +++ /mounts/work_src_done/NOARCH/phpMyAdmin/phpMyAdmin.changes 2008-03-01 15:27:36.000000000 +0100 @@ -1,0 +2,29 @@ +Sat Mar 1 15:26:35 CET 2008 - crrodriguez@suse.de + +- version 2.11.5 +- bug #1862661 [GUI] Warn about rename deleting database +- bug #1866041 [interface] Incorrect sorting with AS +- bug #1871038 [import] Notice: undefined variable first_sql_delimiter +- bug #1873110 [export] Problem exporting with a LIMIT clause +- bug #1871164 [GUI] Empty and navigation frame synch. +- patch #1873188 [GUI] Making db pager work when js is disabled, + thanks to Jürgen Wind - windkiel +- bug #1875010 [auth] MySQL server and client version mismatch + (mysql ext.) +- patch #1879031 [transform] dateformat transformation + and UNIX timestamps, thanks to Tim Steiner - spam38 +- bug [import] Do not verify a missing enclosing character for CSV, + because files generated by Excel don't have any enclosing character +- bug #1799691 [export] "Propose table structure" and Export +- bug #1884911 [GUI] Space usage +- bug #1863326 [GUI] Wrong error message / no edit (Suhosin) +- bug #1887204 [GUI] Order columns in result list messing up query +- patch #1893538 [GUI] Display issues on Opera 9.50, + thanks to Jürgen Wind - windkiel +- bug [GUI] Do not display the database name used by the + previous user, thanks to Ronny Görner +- bug [security] Remove cookies from Array for better coexistence with + other applications, thanks to Richard Cunningham. See PMASA-2008-1. + + +------------------------------------------------------------------- Old: ---- phpMyAdmin-2.11.4-all-languages-utf-8-only.tar.bz2 New: ---- phpMyAdmin-2.11.5-all-languages-utf-8-only.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ phpMyAdmin.spec ++++++ --- /var/tmp/diff_new_pack.Ea4278/_old 2008-03-01 18:51:42.000000000 +0100 +++ /var/tmp/diff_new_pack.Ea4278/_new 2008-03-01 18:51:42.000000000 +0100 @@ -1,5 +1,5 @@ # -# spec file for package phpMyAdmin (Version 2.11.4) +# spec file for package phpMyAdmin (Version 2.11.5) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -10,13 +10,14 @@ # norootforbuild + Name: phpMyAdmin BuildRequires: pwgen License: GPL v2 or later Group: Productivity/Networking/Web/Frontends Requires: mod_php_any php-mysql php-bz2 php-gd php-zlib php-iconv php-mcrypt php-session php5-mbstring AutoReqProv: on -Version: 2.11.4 +Version: 2.11.5 Release: 1 Source0: %{name}-%{version}-all-languages-utf-8-only.tar.bz2 Source1: phpmyadmin.conf @@ -115,7 +116,32 @@ %ghost %{serverroot}%{name}/config.inc.php %changelog -* Sun Jan 13 2008 - crrodriguez@suse.de +* Sat Mar 01 2008 crrodriguez@suse.de +- version 2.11.5 +- bug #1862661 [GUI] Warn about rename deleting database +- bug #1866041 [interface] Incorrect sorting with AS +- bug #1871038 [import] Notice: undefined variable first_sql_delimiter +- bug #1873110 [export] Problem exporting with a LIMIT clause +- bug #1871164 [GUI] Empty and navigation frame synch. +- patch #1873188 [GUI] Making db pager work when js is disabled, + thanks to Jürgen Wind - windkiel +- bug #1875010 [auth] MySQL server and client version mismatch + (mysql ext.) +- patch #1879031 [transform] dateformat transformation + and UNIX timestamps, thanks to Tim Steiner - spam38 +- bug [import] Do not verify a missing enclosing character for CSV, + because files generated by Excel don't have any enclosing character +- bug #1799691 [export] "Propose table structure" and Export +- bug #1884911 [GUI] Space usage +- bug #1863326 [GUI] Wrong error message / no edit (Suhosin) +- bug #1887204 [GUI] Order columns in result list messing up query +- patch #1893538 [GUI] Display issues on Opera 9.50, + thanks to Jürgen Wind - windkiel +- bug [GUI] Do not display the database name used by the + previous user, thanks to Ronny Görner +- bug [security] Remove cookies from Array for better coexistence with + other applications, thanks to Richard Cunningham. See PMASA-2008-1. +* Sun Jan 13 2008 crrodriguez@suse.de - do not BuildRequire apache2-devel libapr-util1-devel pcre-devel - PreReq coreutils sed and grep - update to version 2.11.4 @@ -146,14 +172,14 @@ - bug #1847409 [security] Path disclosure on darkblue_orange/layout.inc.php, thanks to Jürgen Wind - windkiel -* Wed Aug 22 2007 - crrodriguez@suse.de +* Wed Aug 22 2007 crrodriguez@suse.de - 2.11.0-rc1 -> 2.11.0 final - mod_php_any is enough to get a webserver do not explicitly require apache2 - update phpmyadmin.conf adding the session save path to open_basedir as well ensuring some additional and possible conflicting php settings are set the way we want -* Mon Aug 06 2007 - anosek@suse.cz +* Mon Aug 06 2007 anosek@suse.cz - updated to version 2.11.0-rc1 -* Mon Jul 30 2007 - anosek@suse.cz +* Mon Jul 30 2007 anosek@suse.cz - updated to version 2.11.0-beta1 + [import] support handling of DELIMITER to mimic mysql CLI, thanks to fb1 + improved PHP 6 compatibility @@ -221,7 +247,7 @@ - bug #1746921 Left frame shrinks on db change, thanks to Juergen Wind + [gui] Export: Select All/Unselect All over the choices, thanks to Florian Schmitz -* Wed Jul 25 2007 - anosek@suse.cz +* Wed Jul 25 2007 anosek@suse.cz - updated to version 2.10.3 - bug #1734285 Copy database with VIEWs - bug #1722502 DROP TABLE in export VIEW @@ -235,7 +261,7 @@ of php-myadmin.ru - Do not try to delete an internal relation if we just deleted an InnoDB one -* Tue Jun 19 2007 - anosek@suse.cz +* Tue Jun 19 2007 anosek@suse.cz - updated to version 2.10.2 + [data] display all warnings, not only last one - typo in fix for bug #1671813 @@ -263,7 +289,7 @@ thanks to Victor Volkov - patch #1731280 Avoid negative exponent in gmp_pow(), thanks to anosek -* Tue Jun 12 2007 - anosek@suse.cz +* Tue Jun 12 2007 anosek@suse.cz - updated to version 2.10.2-rc1 + [data] display all warnings, not only last one - typo in fix for bug #1671813 @@ -282,17 +308,17 @@ - patch #1726500 Wrong position of </tbody>, thanks to Jürgen Wind - bug #1728590 Detected failing session_start fails, thanks to Jürgen Wind - RFE #1714760 Obey ShowCreateDb on the Databases tab -* Tue Jun 05 2007 - anosek@suse.cz +* Tue Jun 05 2007 anosek@suse.cz - fixed warning: gmp_pow(): Negative exponent not supported in common.lib.php [#271746] (gmp_pow.patch) -* Tue Apr 24 2007 - anosek@suse.cz +* Tue Apr 24 2007 anosek@suse.cz - updated to version 2.10.1 * bugfix release -* Tue Mar 06 2007 - anosek@suse.cz +* Tue Mar 06 2007 anosek@suse.cz - updated to version 2.10.0.2 * default value for $cfg['Servers'][$i]['ssl'] changed to false * fixes PHP Executor Deep Recursion Stack Overflow [#251757] -* Wed Feb 28 2007 - anosek@suse.cz +* Wed Feb 28 2007 anosek@suse.cz - updated to version 2.10.0 * Designer: new graphical relation manager * Improved speed on servers with thousands of databases/tables @@ -300,7 +326,7 @@ * Option to avoid counting rows for views * Calendar on search page * DOS-style end-of-lines in setup-generated files -* Wed Jan 17 2007 - anosek@suse.cz +* Wed Jan 17 2007 anosek@suse.cz - updated to version 2.9.2 * improved support for web clusters * deleting a user under MySQL 4.1.x @@ -311,17 +337,17 @@ * granting all privileges on a wildcard name * verification on encrypted zip files * security fixes -* Fri Dec 01 2006 - mmarek@suse.cz +* Fri Dec 01 2006 mmarek@suse.cz - fix previous update which wrongly moved the config.inc.php file to the libraries subdirectory [#223721] -* Thu Nov 23 2006 - anosek@suse.cz +* Thu Nov 23 2006 anosek@suse.cz - security update to version 2.9.1.1 [#222594] [#222622] -* Wed Nov 08 2006 - anosek@suse.cz +* Wed Nov 08 2006 anosek@suse.cz - added suggestions from [#216213] * phpMyAdmin now uses mysqli extension not mysql (mysqli.patch) * added Required: php5-mbstring * phpMyAdmin now uses open_basedir for increased security -* Tue Oct 17 2006 - postadal@suse.cz +* Tue Oct 17 2006 postadal@suse.cz - updated to 2.9.0.2 * Improved readability of setup panels * PDF schema: automatic layout for InnoDB @@ -338,7 +364,7 @@ * Display MySQL warnings * Links to language-specific MySQL doc whenever possible * Security fixes -* Thu Sep 21 2006 - anosek@suse.cz +* Thu Sep 21 2006 anosek@suse.cz - updated to 2.9.0 * Improved readability of setup panels * PDF schema: automatic layout for InnoDB @@ -357,16 +383,16 @@ MySQL password * Display MySQL warnings * Links to language-specific MySQL doc whenever possible -* Wed Aug 23 2006 - anosek@suse.cz +* Wed Aug 23 2006 anosek@suse.cz - updated to 2.8.2.4 * fixed cookie login on IIS with IE6 * fixed switching from scripts/setup.php to the main script in case of register_globals enabled -* Tue Aug 15 2006 - anosek@suse.cz +* Tue Aug 15 2006 anosek@suse.cz - update to 2.8.2.2 * fixed config not loaded on install (MySQL error code 2002 or 2003) -* Thu Aug 03 2006 - mskibbe@suse.de +* Thu Aug 03 2006 mskibbe@suse.de - update to 2.8.2.1 * XSS vulnerability from requests not containing a token * reenabled XML option in Export @@ -374,18 +400,18 @@ * setup script: compatibility with security tokens * setup script: detection of writable config * reading the database list with MySQL wildcards -* Thu Jun 01 2006 - postadal@suse.cz +* Thu Jun 01 2006 postadal@suse.cz - updated to 2.8.1 (bugfix-only release) [#177091] * fixes some XSS vulnerabilities - removed obsoleted patches (2006-1804.patch, 2006-2031.patch) -* Tue May 02 2006 - mmarek@suse.cz +* Tue May 02 2006 mmarek@suse.cz - fixed XSS in error messages [#170529] (CVE-2006-2031.patch) -* Thu Apr 20 2006 - mmarek@suse.cz +* Thu Apr 20 2006 mmarek@suse.cz - fixed XSS in sql.php (and other scripts): add a secret token to each link and form to prevent linking to sql.php from outside [#165772] (CVE-2006-1804) -* Thu Apr 13 2006 - mmarek@suse.cz +* Thu Apr 13 2006 mmarek@suse.cz - updated to 2.8.0.3 * fixes some XSS vulnerabilities * improves php-5.1.2 compatibility @@ -393,103 +419,103 @@ - moved $cfg['blowfish_secret'] to separate file, so that config.inc.php isn't edited during install (blowfish_secret.patch) -* Wed Jan 25 2006 - mls@suse.de +* Wed Jan 25 2006 mls@suse.de - converted neededforbuild to BuildRequires -* Tue Jan 17 2006 - postadal@suse.cz +* Tue Jan 17 2006 postadal@suse.cz - added php-session to Requires [#137368] -* Thu Jan 05 2006 - postadal@suse.cz +* Thu Jan 05 2006 postadal@suse.cz - update to version 2.7.0-pl2 (security fixes) [#136015, 137368, 137797] - removed all patches -* Tue Nov 22 2005 - postadal@suse.cz +* Tue Nov 22 2005 postadal@suse.cz - fixed XSS on HTTP_HOST (HTTP_HOST.patch) [#133818] -* Mon Nov 21 2005 - postadal@suse.cz +* Mon Nov 21 2005 postadal@suse.cz - update to version 2.6.4-pl4 * fixes PMASA-2005-6 [#133818] (PMASA-2005-6.patch) - removed obsoleted patches: CVE-2005-2869.patch, PMASA-2005-4_and_5.patch, lang-utf8-fix.patch -* Mon Nov 14 2005 - postadal@suse.cz +* Mon Nov 14 2005 postadal@suse.cz - fixed CVE-2005-2869 (XSS on the cookie-based login panel) [#130226] (CVE-2005-2869.patch) -* Tue Nov 01 2005 - postadal@suse.cz +* Tue Nov 01 2005 postadal@suse.cz - fixed PMASA-2005-4 and PMASA-2005-5 [#130226] (PMASA-2005-4_and_5.patch) -* Tue Aug 23 2005 - postadal@suse.cz +* Tue Aug 23 2005 postadal@suse.cz - disabled auto-switch the lang to its UTF-8 version when Lang is set [#104600] -* Thu Jul 28 2005 - postadal@suse.cz +* Thu Jul 28 2005 postadal@suse.cz - update to 2.6.3-pl1 -* Mon Jun 06 2005 - cthiel@suse.de +* Mon Jun 06 2005 cthiel@suse.de - update to 2.6.2-pl1 -* Tue Mar 08 2005 - mcihar@suse.cz +* Tue Mar 08 2005 mcihar@suse.cz - generate shorter key to make it work with mcrypt, see https://sourceforge.net/tracker/index.php?func=detail&aid=1115327&group_id=23067&atid=377408 -* Fri Mar 04 2005 - mcihar@suse.cz +* Fri Mar 04 2005 mcihar@suse.cz - update to pl3, it includes previous fix and fixes editing fields with special names (bug #70864) -* Thu Mar 03 2005 - mcihar@suse.cz +* Thu Mar 03 2005 mcihar@suse.cz - fix bad setting of privileges (bug #67276) -* Tue Mar 01 2005 - mcihar@suse.cz +* Tue Mar 01 2005 mcihar@suse.cz - depend on mod_php_any -* Thu Feb 24 2005 - mcihar@suse.cz +* Thu Feb 24 2005 mcihar@suse.cz - update to 2.6.1-p2 to fix several vulnerabilities (bug #66264) -* Wed Feb 09 2005 - mcihar@suse.cz +* Wed Feb 09 2005 mcihar@suse.cz - depend on unversioned php modules, to allow both php4 and php5 installation -* Mon Jan 24 2005 - mcihar@suse.cz +* Mon Jan 24 2005 mcihar@suse.cz - update to 2.6.1 - require php4-mcrypt for faster cookie encryption -* Wed Oct 13 2004 - mcihar@suse.cz +* Wed Oct 13 2004 mcihar@suse.cz - update to 2.6.0-pl2 (bug #47160) - require php4-iconv as it seems to be on all arches now (bug #36642) -* Tue Oct 05 2004 - mcihar@suse.cz +* Tue Oct 05 2004 mcihar@suse.cz - drop php4-recode dependency (bug #46817) -* Mon Sep 06 2004 - mcihar@suse.cz +* Mon Sep 06 2004 mcihar@suse.cz - update to 2.6.0-rc2 -* Fri Sep 03 2004 - mcihar@suse.cz +* Fri Sep 03 2004 mcihar@suse.cz - update to 2.6.0-rc1 - use pwgen for secret generating - don't ship scripts, as they're not needed for most users -* Tue Apr 27 2004 - ro@suse.de +* Tue Apr 27 2004 ro@suse.de - build using apache2 -* Wed Mar 31 2004 - mcihar@suse.cz +* Wed Mar 31 2004 mcihar@suse.cz - require php4-recode for charset conversion (better solution for bugs [#36642] and #36560) -* Mon Mar 22 2004 - mcihar@suse.cz +* Mon Mar 22 2004 mcihar@suse.cz - dropped php-4iconv dependency at all (bug #36642) -* Fri Mar 19 2004 - mcihar@suse.cz +* Fri Mar 19 2004 mcihar@suse.cz - do not require php4-iconv on achitectures where it isn't built (bug #36560) -* Mon Mar 08 2004 - mcihar@suse.cz +* Mon Mar 08 2004 mcihar@suse.cz - require all needed php modules -* Mon Mar 01 2004 - mcihar@suse.cz +* Mon Mar 01 2004 mcihar@suse.cz - update to 2.5.6 -* Mon Jan 05 2004 - mcihar@suse.cz +* Mon Jan 05 2004 mcihar@suse.cz - updated to 2.5.5-pl1 -* Mon Oct 20 2003 - mcihar@suse.cz +* Mon Oct 20 2003 mcihar@suse.cz - updated to 2.5.4 -* Thu Oct 16 2003 - mcihar@suse.cz +* Thu Oct 16 2003 mcihar@suse.cz - do not build as root - little spec file cleanup -* Tue Sep 09 2003 - mcihar@suse.cz +* Tue Sep 09 2003 mcihar@suse.cz - automatically generate blowfish_secret on rpm installation - mark config file as %%config(noreplace) (this in conjuction with previous means that it will be never replaced on upgrade, this is okay as phpMyAdmin supports loading of old config files) -* Mon Sep 08 2003 - mcihar@suse.cz +* Mon Sep 08 2003 mcihar@suse.cz - updated to 2.5.3: - many bugs fixed - messages about missing variables were displayed wrongly - more export bugs - confirmation of some dangerous SQL (TRUNCATE,DROP DATABASE) - new nice icons for actions -* Thu Sep 04 2003 - mcihar@suse.cz +* Thu Sep 04 2003 mcihar@suse.cz - include documentation stylesheet -* Fri Aug 29 2003 - mcihar@suse.cz +* Fri Aug 29 2003 mcihar@suse.cz - depend on mod_php rather that http_daemon as this needs php -* Thu Aug 28 2003 - mcihar@suse.cz +* Thu Aug 28 2003 mcihar@suse.cz - include stylesheets -* Thu Aug 07 2003 - mcihar@suse.cz +* Thu Aug 07 2003 mcihar@suse.cz - updated to 2.5.2-pl1 -* Mon Mar 24 2003 - postadal@suse.cz +* Mon Mar 24 2003 postadal@suse.cz - removed mysql from Requires, becouse can access to MySQL remotely [#25797] -* Mon Feb 24 2003 - postadal@suse.cz +* Mon Feb 24 2003 postadal@suse.cz - updated to verison 2.4.0 * new server/user management interface with sub-pages * export to LaTeX format @@ -498,21 +524,21 @@ * upload of binary file into a field * show blob size * a lot of fixes -* Wed Jan 29 2003 - postadal@suse.cz +* Wed Jan 29 2003 postadal@suse.cz - updated to version 2.3.3pl1 * upload of compressed dumps * inform the user who does not have privileges to create a db * new internal analyzer for db, table, column and alias * a lot of fixes -* Mon Aug 12 2002 - postadal@suse.cz +* Mon Aug 12 2002 postadal@suse.cz - update to release 2.3.0 -* Fri Aug 02 2002 - ro@suse.de +* Fri Aug 02 2002 ro@suse.de - adapt server-root -* Thu Aug 01 2002 - postadal@suse.cz +* Thu Aug 01 2002 postadal@suse.cz - fixed required perl path -* Wed Jul 31 2002 - postadal@suse.cz +* Wed Jul 31 2002 postadal@suse.cz - fixed filelist -* Wed Jul 31 2002 - postadal@suse.cz +* Wed Jul 31 2002 postadal@suse.cz - update to version 2.3.0-rc4 * can specify a different charset for MySQL and HTML * utf-8 charset support @@ -521,17 +547,17 @@ * faster table delete under MySQL 4 * new language: slovenian * fixes -* Mon Jul 01 2002 - ro@suse.de +* Mon Jul 01 2002 ro@suse.de - fixed directory permissions -* Thu Jan 10 2002 - rvasice@suse.cz +* Thu Jan 10 2002 rvasice@suse.cz - update to version 2.2.3 -* Tue Sep 04 2001 - rvasice@suse.cz +* Tue Sep 04 2001 rvasice@suse.cz - update to version 2.2.0 final - dynamic multiple language support, with automatic detection - database usage statistics - table maintenance features (repair, check, optimize) - made package noarch -* Thu Aug 02 2001 - rvasice@suse.cz +* Thu Aug 02 2001 rvasice@suse.cz - update to version 2.2.0rc3 -* Mon Jun 18 2001 - rvasice@suse.cz +* Mon Jun 18 2001 rvasice@suse.cz - initial package release (version 2.1.0) ++++++ phpMyAdmin-2.11.4-all-languages-utf-8-only.tar.bz2 -> phpMyAdmin-2.11.5-all-languages-utf-8-only.tar.bz2 ++++++ ++++ 2108 lines of diff (skipped) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org