Hello community, here is the log from the commit of package phpMyAdmin.14521 for openSUSE:Leap:15.1:Update checked in at 2020-10-16 14:22:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.1:Update/phpMyAdmin.14521 (Old) and /work/SRC/openSUSE:Leap:15.1:Update/.phpMyAdmin.14521.new.3486 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "phpMyAdmin.14521" Fri Oct 16 14:22:54 2020 rev:1 rq:841486 version:4.9.6 Changes: -------- New Changes file: --- /dev/null 2020-10-12 00:46:48.009358834 +0200 +++ /work/SRC/openSUSE:Leap:15.1:Update/.phpMyAdmin.14521.new.3486/phpMyAdmin.changes 2020-10-16 14:22:55.678069246 +0200 @@ -0,0 +1,4600 @@ +------------------------------------------------------------------- +Mon Oct 12 09:08:02 UTC 2020 - ecsos <ec...@opensuse.org> + +- Update to 4.9.6 + This is a security release. +- Fix boo#1177561 (CVE-2020-26934, PMASA-2020-5) XSS relating to + the transformation feature +- Fix boo#1177562 (CVE-2020-26935, PMASA-2020-6) SQL injection + vulnerability in SearchController + +------------------------------------------------------------------- +Mon Mar 23 06:40:08 UTC 2020 - ec...@opensuse.org + +- Update to 4.9.5 + This is a security release containing several bug fixes. + * CVE-2020-10804: SQL injection vulnerability in the user + accounts page, particularly when changing a password + (boo#1167335, PMASA-2020-2) + * CVE-2020-10802: SQL injection vulnerability relating to the + search feature (boo#1167336, PMASA-2020-3) + * CVE-2020-10803: SQL injection and XSS having to do with + displaying results (boo#1167337, PMASA-2020-4) + * Removing of the "options" field for the external + transformation. + +------------------------------------------------------------------- +Wed Jan 8 14:26:20 UTC 2020 - ch...@computersalat.de + +- update to 4.9.4 (2020-01-07) + * https://github.com/phpmyadmin/phpmyadmin/blob/RELEASE_4_9_4/ChangeLog +- fix for boo#1160456 + * PMASA-2020-1 (CVE-2020-5504, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2020-1/ + - SQL injection in user accounts page +- fix changes about corresponding PMASA + +------------------------------------------------------------------- +Mon Dec 30 15:41:02 UTC 2019 - ec...@opensuse.org + +- phpMyAdmin 4.9.3 + * Several PHP notices and warnings including "Undefined index + table_create_time," a notice about error_reporting() being + disabled for security reasons, and several Undefined Index + errors. + * Support CloudFront-Forwarded-Proto header for Amazon CloudFront + proxy + * Early compatibility with development versions of PHP 8 + * Fix replication actions (start, stop, etc) + +------------------------------------------------------------------- +Sat Nov 23 09:42:06 UTC 2019 - Andreas Stieger <andreas.stie...@gmx.de> + +- phpMyAdmin 4.9.2: + * CVE-2019-18622: SQL injection in Designer feature (PMASA-2019-5, boo#1157614) + * Fixes for "Failed to set session cookie" error + * Advisor with MySQL 8.0.3 and newer + * Fix PHP deprecation errors + * Fix a situation where exporting users after a delete query could + remove users + * Fix incorrect "You do not have privileges to manipulate with the + users!" warning + * Fix copying a database's privileges and several other problems + moving columns with MariaDB + * Fix for phpMyAdmin not selecting all the values when using + shift-click to select during Export + +------------------------------------------------------------------- +Sat Sep 21 19:16:35 UTC 2019 - Andreas Stieger <andreas.stie...@gmx.de> + +- phpMyAdmin 4.9.1: + * CVE-2019-12922: hardening against CSRF (no PMASA, boo#1150914) + * Editing columns with CURRENT_TIMESTAMP for MySQL versions 8.0.13 + and newer + * Compatibility issues with PHP 8 + * Export of GIS visualization + * Enhanced descriptions for several collation types + * Creating a user with a single quote in the password string + * Unexpected quotes during import and export on text fields + * Improvements to adding new tables to Designer + * Fix an issue where an authenticated user could trigger heavy + traffic between the database server and web server + * Fix a weakness where an attacker, under certain conditions, + working at the same time as an administrator is using the setup + script, could delete a server from the setup script + +------------------------------------------------------------------- +Sun Jun 30 13:05:23 UTC 2019 - ch...@computersalat.de + +- fix changelog + * add missing boo# with relation to CVE and PMASA +- rebase phpMyAdmin-config.patch + +------------------------------------------------------------------- +Wed Jun 5 14:43:41 UTC 2019 - ec...@opensuse.org + +- phpMyAdmin 4.9.0.1: + * Several issues with SYSTEM VERSIONING tables + * Fixed json encode error in export + * Fixed JavaScript events not activating on input + (sql bookmark issue) + * Show Designer combo boxes when adding a constraint + * Fix edit view + * Fixed invalid default value for bit field + * Fix several errors relating to GIS data types + * Fixed javascript error PMA_messages is not defined + * Fixed import XML data with leading zeros + * Fixed php notice, added support for 'DELETE HISTORY' table + privilege (MariaDB >= 10.3.4) + * Fixed MySQL 8.0.0 issues with GIS display + * Fixed "Server charset" in "Database server" tab showing wrong + information + * Fixed can not copy user on Percona Server 5.7 + * Updated sql-parser to version 4.3.2, which fixes several + parsing and linting problems +- fix for boo#1137497 + * PMASA-2019-4 (CVE-2019-12616, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2019-4/ + - CSRF vulnerability in login form +- fix for boo#1137496 + * PMASA-2019-3 (CVE-2019-11768, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2019-3/ + - SQL injection in Designer feature + +------------------------------------------------------------------- +Fri Feb 1 19:10:59 UTC 2019 - andreas.stie...@gmx.de + +- phpMyAdmin 4.8.5: + * CVE-2019-6799: Arbitrary file read vulnerability (PMASA-2019-1, + bsc#1123272) + * CVE-2019-6798: SQL injection in the Designer interface + PMASA-2019-2, bsc#1123271) + * Fix rxport to SQL format not available + * Fix QR code not shown when adding two-factor authentication to + a user account + * Fix issue with adding a new user in MySQL 8.0.11 and newer + * Fix frozen interface relating to Text_Plain_Sql plugin + * Fix missing table level operations tab + +------------------------------------------------------------------- +Wed Dec 12 10:47:31 UTC 2018 - ec...@opensuse.org + +- update to 4.8.4 (2018-12-11) + - gh#14452 Remove hash param in edit query URL + - gh#14295 Issue in Changing theme + - gh#13267 Ensure that database names with '.' are handled + properly when DisableIS is true + - gh#14438 Invisible Icon "Show Full Queries" + - gh#14133 CSS issue in Designer + - gh#14447 Error while copying database (pma__column_info) + - gh#14571 "No database selected" - DROP a view + - gh#14636 Move operation causes SELECT * FROM `undefined` + - gh#14630 Enum '0' produces incorrect search SQL + - gh#14223 Fix TypeError in database designer + - gh#13621 QBE selenium tests broken since merge of #13342 + - gh#14672 When logging with $cfg['AuthLog'] to syslog, + successful login messages were not logged even if + $cfg['AuthLogSuccess'] was true. + - gh#14339 Fix infinite loop when sorting table rows by key. + - gh#14658 Regression on multi table query functionality + (foreign keys) + - gh#14617 Fix designer errors when database is empty + - gh#13032 Fix designer errors when database contains special + chars + - gh#14352 Fix designer javascript errors + - gh#14764 Fix left/right icons hidden +- fix for boo#1119245 + - PMASA-2018-6 (CVE-2018-19968, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2018-6/ + - PMASA-2018-7 (CVE-2018-19969, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2018-7/ + - PMASA-2018-8 (CVE-2018-19970, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2018-8/ + +------------------------------------------------------------------- +Thu Aug 23 09:18:37 UTC 2018 - ec...@opensuse.org + +- update to 4.8.3 (2018-08-22) + - gh#14314 Error when naming a database '0' + - gh#14333 Fix NULL as default not shown + - gh#14229 Fixes issue with recent table list + - gh#14045 Fix slow performance on DB structure filtering + - gh#14327 Fix Editing server variable not showing save or cancel + option + - gh#14377 Populate options for view create and edit + - gh#14171 2FA configuration fails if PHP doesn't have GD support + - gh#14390 Can't unhide tables + - gh#14382 "Visualize GIS data" icon missing + - gh#14435 Event scheduler status toggle doesn't work + - gh#14365 View not working on multiple servers + - gh#14207 Partition actions in table structure do not work + - gh#14375 Fixes ERR_BLOCKED_BY_XSS_AUDITOR on export table + - gh#14552 Blank message shown instead of MySQL error when adding + trigger and other locations + - gh#14525 Fix PHP 7.3 warning: "continue" in "switch" is equal + to "break" + - gh#14554 Icon missing when creating a new trigger, routine, + and event ++++ 4403 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Leap:15.1:Update/.phpMyAdmin.14521.new.3486/phpMyAdmin.changes New: ---- phpMyAdmin-4.9.6-all-languages.tar.xz phpMyAdmin-4.9.6-all-languages.tar.xz.asc phpMyAdmin-config.patch phpMyAdmin-pma.patch phpMyAdmin-rpmlintrc phpMyAdmin.changes phpMyAdmin.http phpMyAdmin.http.inc phpMyAdmin.keyring phpMyAdmin.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ phpMyAdmin.spec ++++++ # # spec file for package phpMyAdmin # # Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # %define apxs %{_sbindir}/apxs2 %define ap_sysconfdir %(%{apxs} -q SYSCONFDIR) %define ap_serverroot %(%{apxs} -q PREFIX) %define ap_docroot %(%{apxs} -q PREFIX)/htdocs %define pma_config %{_sysconfdir}/%{name}/config.inc.php %if 0%{?suse_version} %define ap_usr wwwrun %define ap_grp www %else %define ap_usr nobody %define ap_grp nogroup %endif Name: phpMyAdmin Version: 4.9.6 Release: 0 Summary: Administration of MySQL over the web License: GPL-2.0-or-later Group: Productivity/Networking/Web/Frontends URL: https://www.phpMyAdmin.net/ Source0: https://files.phpmyadmin.net/phpMyAdmin/%{version}/%{name}-%{version}-all-languages.tar.xz Source1: https://files.phpmyadmin.net/phpMyAdmin/%{version}/%{name}-%{version}-all-languages.tar.xz.asc # http://docs.phpmyadmin.net/en/latest/setup.html#verifying-phpmyadmin-releases Source2: https://files.phpmyadmin.net/phpmyadmin.keyring#/%{name}.keyring Source3: %{name}.http Source4: %{name}.http.inc Source100: %{name}-rpmlintrc # Fix-SuSE: provide useful default config Patch0: %{name}-config.patch # Fix-SUSE: auto config for pma storage Patch1: %{name}-pma.patch BuildRequires: apache2-devel BuildRequires: fdupes BuildRequires: python-devel BuildRequires: xz # Requires: php-bz2 Requires: php-ctype Requires: php-gd Requires: php-gettext Requires: php-iconv Requires: php-json Requires: php-mbstring Requires: php-mysql Requires: php-openssl Requires: php-session # FIXME: use proper Requires(pre/post/preun/...) PreReq: coreutils PreReq: grep PreReq: pwgen PreReq: sed Recommends: mod_php_any >= 5.5 Recommends: php-curl Recommends: php-zip ### will be removed with php >= 7.2 ## boo#1050980 Suggests: php-mcrypt BuildArch: noarch %description phpMyAdmin can manage a whole MySQL server (needs a super-user) as well as a single database. To accomplish the latter you'll need a properly set up MySQL user who can read/write only the desired database. It's up to you to look up the appropriate part in the MySQL manual. Currently phpMyAdmin can: * browse and drop databases, tables, views, fields and indexes * create, copy, drop, rename and alter databases, tables, fields and indexes * maintenance server, databases and tables, with proposals on server configuration * execute, edit and bookmark any SQL-statement, even batch-queries * load text files into tables * create^1 and read dumps of tables * export^1 data to various formats: CSV, XML, PDF, ISO/IEC 26300 - OpenDocument Text and Spreadsheet, Word, Excel and L^AT[E]X formats * import data and MySQL structures from Microsoft Excel and OpenDocument spreadsheets, as well as XML, CSV, and SQL files * administer multiple servers * manage MySQL users and privileges * check referential integrity in MyISAM tables * using Query-by-example (QBE), create complex queries automatically connecting required tables * create PDF graphics of your Database layout * search globally in a database or a subset of it * transform stored data into any format using a set of predefined functions, like displaying BLOB-data as image or download-link * track changes on databases, tables and views * support InnoDB tables and foreign keys (see FAQ 3.6) * support mysqli, the improved MySQL extension (see FAQ 1.17) * communicate in 57 different languages * synchronize two databases residing on the same as well as remote servers (see FAQ 9.1) %prep %setup -q -n %{name}-%{version}-all-languages ## rpmlint: # wrong-file-end-of-line-encoding perl -p -i -e 's|\r\n|\n|' examples/config.manyhosts.inc.php %patch0 %patch1 # clean up find . -name .github -type d -prune -exec rm -r {} \; for file in *.orig .buildinfo .gitkeep .travis.yml .weblate .jshintrc .eslintrc.json \ .php_cs.dist .scrutinizer.yml .editorconfig php_twig.h twig.c; do find . -type f -name $file -delete done # set proper shebang sed -i 's/env php/php/' vendor/phpmyadmin/sql-parser/bin/*-query # permissions find . -type d -exec chmod 755 {} \; find . ! -name '*.sh' ! -name '*-query' -type f -exec chmod 644 {} \; %build %install #%%{__install} -d -m0750 $RPM_BUILD_ROOT%%{_sysconfdir}/%%{name} install -d -m0755 %{buildroot}%{ap_docroot}/%{name} cp -dR *.css *.php *.ico js libraries locale themes templates vendor \ %{buildroot}%{ap_docroot}/%{name} # install config to config dir install -D -m0640 %{buildroot}%{ap_docroot}/%{name}/config.sample.inc.php \ %{buildroot}%{_sysconfdir}/%{name}/config.inc.php # install TempDir install -d -m0770 %{buildroot}%{ap_docroot}/%{name}/tmp # fix libraries/vendor_config.php sed -i -e "s,@docdir@,%{_docdir}/%{name},g" -e "s,@sysconfdir@,%{_sysconfdir}/%{name},g" \ %{buildroot}%{ap_docroot}/%{name}/libraries/vendor_config.php # fix libraries/common.inc.php #%%{__sed} -i -e "s,@PMA_Config@,%%{_sysconfdir}/%%{name}/config.inc.php,g" \ # $RPM_BUILD_ROOT%%{ap_docroot}/%%{name}/libraries/common.inc.php # generate file list find %{buildroot}%{ap_docroot}/%{name} -mindepth 1 -maxdepth 1 -type d | sed -e "s@$RPM_BUILD_ROOT@@" > FILELIST find %{buildroot}%{ap_docroot}/%{name} -maxdepth 1 -type f | grep -v 'config.inc.php' | sed -e "s@$RPM_BUILD_ROOT@@" >> FILELIST install -D -m0644 %{SOURCE3} %{buildroot}%{ap_sysconfdir}/conf.d/%{name}.conf install -D -m0644 %{SOURCE4} %{buildroot}%{ap_sysconfdir}/conf.d/%{name}.inc # fix paths in http config sed -i -e "s,@ap_docroot@,%{ap_docroot},g" -e "s,@name@,%{name},g" \ -e "s,@docdir@,%{_docdir},g" -e "s,@ap_sysconfdir@,%{ap_sysconfdir},g" %{buildroot}%{ap_sysconfdir}/conf.d/%{name}.conf # rpmlint stuff %fdupes %{buildroot}%{ap_docroot}/%{name}/libraries %fdupes %{buildroot}%{ap_docroot}/%{name}/themes %post # on `rpm -ivh` PARAM is 1 # on `rpm -Uvh` PARAM is 2 # set PmaAbsoluteUri ### generate blowfish secret sed -i -e "s,@FQDN@,$(cat %{_sysconfdir}/HOSTNAME)," \ -e "s/\\\$cfg\['blowfish_secret'\] = ''/\$cfg['blowfish_secret'] = '`pwgen -s -1 46`'/" %{pma_config} # enable required apache modules if [ -x %{_sbindir}/a2enmod ]; then a2enmod -q version || a2enmod version # get installed php_version (5 or 7) php_version=$(php -v | sed -n 's/^PHP\ \([[:digit:]]\+\)\..*$/\1/p') if [[ -n ${php_version} ]] && start_apache2 -V | grep -q prefork; then a2enmod -q "php${php_version}" || a2enmod "php${php_version}" fi fi #systemctl try-restart apache2 &>/dev/null #%%postun #systemctl try-restart apache2 &>/dev/null %files -f FILELIST %defattr(644,root,root,755) %doc ChangeLog %license LICENSE %doc README RELEASE-DATE* %doc examples doc sql %dir %attr(0750,root,%{ap_grp}) %{_sysconfdir}/%{name} %dir %attr(0770,root,%{ap_grp}) %{ap_docroot}/%{name}/tmp %config(noreplace) %{_sysconfdir}/%{name}/config.inc.php %dir %{ap_docroot}/%{name} %config(noreplace) %{ap_sysconfdir}/conf.d/%{name}.conf %config(noreplace) %{ap_sysconfdir}/conf.d/%{name}.inc %attr (755,root,root) %{ap_docroot}/%{name}/vendor/phpmyadmin/sql-parser/bin/*-query %changelog ++++++ phpMyAdmin-config.patch ++++++ Index: config.sample.inc.php =================================================================== --- config.sample.inc.php.orig +++ config.sample.inc.php @@ -11,13 +11,56 @@ */ /** + * Disable the default warning that is displayed on the DB Details Structure + * page if any of the required Tables for the relationfeatures could not be + * found + * + * Default: false + */ +/* $cfg['PmaNoRelation_DisableWarning'] = true; + +/** + * Zero Configuration mode. + * + * Enables Zero Configuration mode in which the user will be offered a choice + * to create phpMyAdmin configuration storage in the current database or use + * the existing one, if already present. + * + * Note: If there is no central configuration storage defined then you may end + * up with different set of phpMyAdmin configuration storage tables for + * different databases. + * + * Default: true + */ +$cfg['ZeroConf'] = false; + +/** + * Disable the default warning that is displayed if Suhosin is detected + * + * Default: false + */ +/* $cfg['SuhosinDisableWarning'] = true; + +/** + * Default language to use, if not browser-defined or user-defined + * + * Default: en + */ +/* $cfg['DefaultLang'] = 'de'; + +/** * This is needed for cookie based authentication to encrypt password in * cookie. Needs to be 32 chars long. + * + * YOU MUST FILL IN THIS FOR COOKIE AUTH! */ -$cfg['blowfish_secret'] = ''; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */ +$cfg['blowfish_secret'] = ''; /** * Servers configuration + * + * for more info/explanation about these VARS have look at + * libraries/config.default.php */ $i = 0; @@ -25,44 +68,153 @@ $i = 0; * First server */ $i++; -/* Authentication type */ -$cfg['Servers'][$i]['auth_type'] = 'cookie'; -/* Server parameters */ -$cfg['Servers'][$i]['host'] = 'localhost'; -$cfg['Servers'][$i]['compress'] = false; -$cfg['Servers'][$i]['AllowNoPassword'] = false; + +$cfg['Servers'][$i]['host'] = 'localhost'; +$cfg['Servers'][$i]['port'] = ''; +$cfg['Servers'][$i]['socket'] = ''; +$cfg['Servers'][$i]['ssl'] = false; +$cfg['Servers'][$i]['connect_type'] = 'socket'; +$cfg['Servers'][$i]['extension'] = 'mysqli'; +$cfg['Servers'][$i]['compress'] = false; +$cfg['Servers'][$i]['auth_type'] = 'cookie'; +$cfg['Servers'][$i]['user'] = 'root'; +$cfg['Servers'][$i]['password'] = ''; +$cfg['Servers'][$i]['AllowNoPassword'] = false; +$cfg['Servers'][$i]['AllowRoot'] = true; +$cfg['Servers'][$i]['SignonSession'] = ''; +$cfg['Servers'][$i]['SignonURL'] = ''; +$cfg['Servers'][$i]['LogoutURL'] = ''; +$cfg['Servers'][$i]['only_db'] = ''; +$cfg['Servers'][$i]['verbose'] = ''; +$cfg['Servers'][$i]['verbose_check'] = true; +$cfg['Servers'][$i]['AllowDeny']['order'] = ''; +$cfg['Servers'][$i]['AllowDeny']['rules'] = array(); /** * phpMyAdmin configuration storage settings. + * + * for more info/explanation about these VARS have look at + * libraries/config.default.php */ /* User used to manipulate with storage */ -// $cfg['Servers'][$i]['controlhost'] = ''; -// $cfg['Servers'][$i]['controlport'] = ''; -// $cfg['Servers'][$i]['controluser'] = 'pma'; -// $cfg['Servers'][$i]['controlpass'] = 'pmapass'; - -/* Storage database and tables */ -// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin'; -// $cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark'; -// $cfg['Servers'][$i]['relation'] = 'pma__relation'; -// $cfg['Servers'][$i]['table_info'] = 'pma__table_info'; -// $cfg['Servers'][$i]['table_coords'] = 'pma__table_coords'; -// $cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages'; -// $cfg['Servers'][$i]['column_info'] = 'pma__column_info'; -// $cfg['Servers'][$i]['history'] = 'pma__history'; -// $cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs'; -// $cfg['Servers'][$i]['tracking'] = 'pma__tracking'; -// $cfg['Servers'][$i]['userconfig'] = 'pma__userconfig'; -// $cfg['Servers'][$i]['recent'] = 'pma__recent'; -// $cfg['Servers'][$i]['favorite'] = 'pma__favorite'; -// $cfg['Servers'][$i]['users'] = 'pma__users'; -// $cfg['Servers'][$i]['usergroups'] = 'pma__usergroups'; -// $cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding'; -// $cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches'; -// $cfg['Servers'][$i]['central_columns'] = 'pma__central_columns'; -// $cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings'; -// $cfg['Servers'][$i]['export_templates'] = 'pma__export_templates'; +$cfg['Servers'][$i]['controlhost'] = 'localhost'; +$cfg['Servers'][$i]['controlport'] = ''; +/* +$cfg['Servers'][$i]['controluser'] = 'pma'; +$cfg['Servers'][$i]['controlpass'] = 'pmapass'; + +/** + * The name of the database containing the phpMyAdmin configuration storage. + * + * For a whole set of additional features (bookmarks, comments, SQL-history, + * tracking mechanism, PDF-generation, column contents transformation, etc.) + * you need to create a set of special tables. Those tables can be located in + * your own database, or in a central database for a multi-user installation + * (this database would then be accessed by the controluser, so no other user + * should have rights to it). + * + * Default: '' + * + */ +/* $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin'; + +/* Other Storage tables */ + +$cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark'; +$cfg['Servers'][$i]['relation'] = 'pma__relation'; +$cfg['Servers'][$i]['table_info'] = 'pma__table_info'; +$cfg['Servers'][$i]['table_coords'] = 'pma__table_coords'; +$cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages'; +$cfg['Servers'][$i]['column_info'] = 'pma__column_info'; +$cfg['Servers'][$i]['history'] = 'pma__history'; +$cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs'; +$cfg['Servers'][$i]['tracking'] = 'pma__tracking'; +$cfg['Servers'][$i]['userconfig'] = 'pma__userconfig'; +$cfg['Servers'][$i]['recent'] = 'pma__recent'; +$cfg['Servers'][$i]['favorite'] = 'pma__favorite'; +$cfg['Servers'][$i]['users'] = 'pma__users'; +$cfg['Servers'][$i]['usergroups'] = 'pma__usergroups'; +$cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding'; +$cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches'; +$cfg['Servers'][$i]['central_columns'] = 'pma__central_columns'; +$cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings'; +$cfg['Servers'][$i]['export_templates'] = 'pma__export_templates'; +/* $cfg['Servers'][$i]['auth_swekey_config'] = ''; + + + +/** + * Second Server + */ + +/* +$i++; +$cfg['Servers'][$i]['host'] = 'localhost'; +$cfg['Servers'][$i]['port'] = ''; +$cfg['Servers'][$i]['socket'] = ''; +$cfg['Servers'][$i]['ssl'] = false; +$cfg['Servers'][$i]['connect_type'] = 'socket'; +$cfg['Servers'][$i]['extension'] = 'mysqli'; +$cfg['Servers'][$i]['compress'] = false; +$cfg['Servers'][$i]['auth_type'] = 'cookie'; +$cfg['Servers'][$i]['user'] = 'root'; +$cfg['Servers'][$i]['password'] = ''; +$cfg['Servers'][$i]['AllowNoPassword'] = false; +$cfg['Servers'][$i]['AllowRoot'] = true; +$cfg['Servers'][$i]['SignonSession'] = ''; +$cfg['Servers'][$i]['SignonURL'] = ''; +$cfg['Servers'][$i]['LogoutURL'] = ''; +$cfg['Servers'][$i]['only_db'] = ''; +$cfg['Servers'][$i]['verbose'] = ''; +$cfg['Servers'][$i]['verbose_check'] = true; +$cfg['Servers'][$i]['AllowDeny']['order'] = ''; +$cfg['Servers'][$i]['AllowDeny']['rules'] = array(); +*/ + +/* + * phpMyAdmin configuration storage settings. + */ + +/* +$cfg['Servers'][$i]['controlhost'] = 'localhost'; +$cfg['Servers'][$i]['controlport'] = ''; +$cfg['Servers'][$i]['controluser'] = 'pma'; +$cfg['Servers'][$i]['controlpass'] = 'pmapass'; +$cfg['Servers'][$i]['pmadb'] = 'phpmyadmin'; +$cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark'; +$cfg['Servers'][$i]['relation'] = 'pma__relation'; +$cfg['Servers'][$i]['table_info'] = 'pma__table_info'; +$cfg['Servers'][$i]['table_coords'] = 'pma__table_cords'; +$cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages'; +$cfg['Servers'][$i]['column_info'] = 'pma__column_info'; +$cfg['Servers'][$i]['history'] = 'pma__history'; +$cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs'; +$cfg['Servers'][$i]['tracking'] = 'pma__tracking'; +$cfg['Servers'][$i]['userconfig'] = 'pma__userconfig'; +$cfg['Servers'][$i]['recent'] = 'pma__recent'; +$cfg['Servers'][$i]['users'] = 'pma__users'; +$cfg['Servers'][$i]['usergroups'] = 'pma__usergroups'; +$cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding'; +$cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches'; +$cfg['Servers'][$i]['central_columns'] = 'pma__central_columns'; +$cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings'; +$cfg['Servers'][$i]['export_templates'] = 'pma__export_templates'; +$cfg['Servers'][$i]['auth_swekey_config'] = ''; +*/ + +/** + * If you have more than one server configured, you can set $cfg['ServerDefault'] + * to any one of them to autoconnect to that server when phpMyAdmin is started, + * or set it to 0 to be given a list of servers without logging in + * If you have only one server configured, $cfg['ServerDefault'] *MUST* be + * set to that server. + * + * Default server (0 = no default server) + */ +$cfg['ServerDefault'] = 1; +$cfg['Server'] = '0'; +unset($cfg['Servers'][0]); /** * End of servers configuration Index: libraries/vendor_config.php =================================================================== --- libraries/vendor_config.php.orig +++ libraries/vendor_config.php @@ -28,25 +28,25 @@ define('TEMP_DIR', './tmp/'); * Path to changelog file, can be gzip compressed. Useful when you want to * have documentation somewhere else, eg. /usr/share/doc. */ -define('CHANGELOG_FILE', './ChangeLog'); +define('CHANGELOG_FILE', '@docdir@/ChangeLog'); /** * Path to license file. Useful when you want to have documentation somewhere * else, eg. /usr/share/doc. */ -define('LICENSE_FILE', './LICENSE'); +define('LICENSE_FILE', '@docdir@/LICENSE'); /** * Directory where SQL scripts to create/upgrade configuration storage reside. */ -define('SQL_DIR', './sql/'); +define('SQL_DIR', '@docdir@/sql/'); /** * Directory where configuration files are stored. * It is not used directly in code, just a convenient * define used further in this file. */ -define('CONFIG_DIR', ''); +define('CONFIG_DIR', '@sysconfdir@/'); /** * Filename of a configuration file. ++++++ phpMyAdmin-pma.patch ++++++ Index: sql/create_tables.sql =================================================================== --- sql/create_tables.sql.orig +++ sql/create_tables.sql @@ -27,8 +27,8 @@ USE phpmyadmin; -- Privileges -- -- (activate this statement if necessary) --- GRANT SELECT, INSERT, DELETE, UPDATE, ALTER ON `phpmyadmin`.* TO --- 'pma'@localhost; +GRANT SELECT, INSERT, DELETE, UPDATE, ALTER ON `phpmyadmin`.* TO + 'pma'@localhost IDENTIFIED BY 'pmapass'; -- -------------------------------------------------------- Index: config.sample.inc.php =================================================================== --- config.sample.inc.php.orig +++ config.sample.inc.php @@ -200,7 +200,6 @@ $cfg['Servers'][$i]['savedsearches'] $cfg['Servers'][$i]['central_columns'] = 'pma__central_columns'; $cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings'; $cfg['Servers'][$i]['export_templates'] = 'pma__export_templates'; -$cfg['Servers'][$i]['auth_swekey_config'] = ''; */ /** ++++++ phpMyAdmin-rpmlintrc ++++++ addFilter("files-duplicated-waste") addFilter("files-duplicate") addFilter("pem-certificate") ++++++ phpMyAdmin.http ++++++ <Directory @ap_docroot@/@name@> Options FollowSymLinks AllowOverride None <IfModule mod_php5.c> Include @ap_sysconfdir@/conf.d/@name@.inc php_admin_value open_basedir "@ap_docroot@/@name@:/var/lib/php5:/tmp:@docdir@/@name@:/etc/@name@:/proc/meminfo:/proc/stat" </IfModule> <IfModule mod_php7.c> Include @ap_sysconfdir@/conf.d/@name@.inc php_admin_value open_basedir "@ap_docroot@/@name@:/var/lib/php7:/tmp:@docdir@/@name@:/etc/@name@:/proc/meminfo:/proc/stat" </IfModule> </Directory> <Directory @ap_docroot@/@name@/libraries> <IfVersion < 2.4> Order allow,deny Deny from all </IfVersion> <IfVersion >= 2.4> <IfModule !mod_access_compat.c> Require all denied </IfModule> <IfModule mod_access_compat.c> Order deny,allow Deny from all </IfModule> </IfVersion> </Directory> <Directory @ap_docroot@/@name@/templates> <IfVersion < 2.4> Order allow,deny Deny from all </IfVersion> <IfVersion >= 2.4> <IfModule !mod_access_compat.c> Require all denied </IfModule> <IfModule mod_access_compat.c> Order deny,allow Deny from all </IfModule> </IfVersion> </Directory> <Directory @ap_docroot@/@name@/tmp> <IfVersion < 2.4> Order allow,deny Deny from all </IfVersion> <IfVersion >= 2.4> <IfModule !mod_access_compat.c> Require all denied </IfModule> <IfModule mod_access_compat.c> Order deny,allow Deny from all </IfModule> </IfVersion> </Directory> ++++++ phpMyAdmin.http.inc ++++++ php_admin_flag register_globals off php_admin_flag magic_quotes_gpc off php_admin_flag allow_url_include off php_admin_flag allow_url_fopen off php_admin_flag zend.ze1_compatibility_mode off php_admin_flag safe_mode Off # customize suhosin php_admin_value suhosin.post.max_array_index_length 256 php_admin_value suhosin.post.max_totalname_length 8192 php_admin_value suhosin.post.max_vars 2048 php_admin_value suhosin.request.max_array_index_length 256 php_admin_value suhosin.request.max_totalname_length 8192 php_admin_value suhosin.request.max_vars 2048
