ChangeLog:
http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.4.10/phpMyAdmin-3.4.10-notes.html/view
3.4.10.0 (2012-02-14)
- bug #3460090 [interface] TextareaAutoSelect feature broken
- patch #3375984 [export] PHP Array export might generate invalid php code
- bug #3049209 [import] Import from ODS ignores cell that is the same as cell be
fore
- bug #3463933 [display] SELECT DISTINCT displays wrong total records found
- patch #3458944 [operations] copy table data missing SET SQL_MODE='NO_AUTO_VALU
E_ON_ZERO'
- bug #3469254 [edit] Setting data to NULL and drop-downs
- bug #3477063 [edit] Missing set fields and values in generated INSERT query
- bug #3460867 [libraries] license issue with TCPDF (updated to 5.9.145)
Other Changes:
* Drop USE_MYSQL=compat and IGNORE_WITH_MYSQL=41 -- phpmyadmin has
not suddenly grown compatibility for older versions of MySQL.
However, USE_MYSQL implies an dependency on mysql-client, but
phpmyadmin can operate just fine with only the php mysqlnd
drivers.
* Add a new WITH_MYSQL Options knob (off by default) -- if you want
to use the mysql-client driver.
* PHP52 doesn't have mysqlnd drivers, so require at least one of
WITH_MYSQL or WITH_MYSQLI to be selected.
Approved by: shaun (mentor)
release with minor security corrections.
Please refer to the upcoming PMASA-2011-19 and PMASA-2011-20
announcements on http://www.phpmyadmin.net/home_page/security.
Details will appear on http://phpmyadmin.net. In a hurry? you can visit
http://sourceforge.net/projects/phpmyadmin to download.
Marc Delisle, for the team"
ChangeLog:
3.4.9.0 (not yet released)
- bug #3442028 [edit] Inline editing enum fields with null shows no dropdown
- bug #3442004 [interface] DB suggestion not correct for user with underscore
- bug #3438420 [core] Magic quotes removed in PHP 5.4
- bug #3398788 [session] No feedback when result is empty (signon auth_type)
- bug #3384035 [display] Problems regarding ShowTooltipAliasTB
- bug #3306875 [edit] Can't rename a database that contains views
- bug #3452506 [edit] Unable to move tables with triggers
- bug #3449659 [navi] Fast filter broken with table tree
- bug #3448485 [GUI] Firefox favicon frameset regression
- [core] Better compatibility with mysql extension
- [security] Self-XSS on export options (export server/database/table), see PMASA-2011-20
- [security] Self-XSS in setup (host parameter), see PMASA-2011-19
http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.4.9-rc1/phpMyAdmin-3.4.9-rc1-notes.html/download
For the port:
Switch to using lzma compressed tarballs, for a saving of about 1MB
per download.
PR: ports/163290
Submitted by: Matthew Seaman <m.seaman@infracaninophile.co.uk>
This is the formal release of the fix to CVE-2011-4634, but there are
no code differences from the preliminary fixes released in 3.4.8-rc1
except for the updated version number.
PMSA-2011-18 has now been published; vuxml entry attached.
PR: ports/163001
Submitted by: Matthew Seaman <m.seaman@infracaninophile.co.uk> (maintainer)
Feature safe: yes
Announcement:
"Welcome to the first release candidate for phpMyAdmin 3.4.8, a bugfix
release with minor security corrections.
Please refer to the upcoming PMASA-2011-18 announcement on
http://www.phpmyadmin.net/home_page/security.
Marc Delisle, for the team"
Welcome to the first release candidate for phpMyAdmin 3.4.8, a bugfix
release with minor security corrections.
3.4.8.0 (not yet released)
- bug #3425230 [interface] enum data split at space char (more space to
edit)
- bug #3426840 [interface] ENUM/SET editor can't handle commas in values
- bug #3427256 [interface] no links to browse/empty views and tables
- bug #3430377 [interface] Deleted search results remain visible
- bug #3428627 [import] ODS import ignores memory limits
- bug #3426836 [interface] Visual column separation
- bug #3428065 [parser] TRUE not recognized by parser
+ patch #3433770 [config] Make location of php-gettext configurable
- patch #3430291 [import] Handle conflicts in some open_basedir situations
- bug #3431427 [display] Dropdown results - setting NULL does not work
- patch #3428764 [edit] Inline edit on multi-server configuration
- patch #3437354 [core] Notice: Array to string conversion in PHP 5.4
- [interface] When ShowTooltipAliasTB is true, VIEW is wrongly shown as the
view name in main panel db Structure page
- bug #3439292 [core] Fail to synchronize column with name of keyword
- bug #3425156 [interface] Add column after drop
- [interface] Avoid showing the password in phpinfo()'s output
- bug #3441572 [GUI] 'newer version of phpMyAdmin' message not shown in IE8
- bug #3407235 [interface] Entering the key through a lookup window does not
reset NULL
- [security] Self-XSS on database names (Synchronize), see PMASA-2011-18
- [security] Self-XSS on database names (Operations/rename), see PMASA-2011-18
- [security] Self-XSS on column type (Create index), see PMASA-2011-18
- [security] Self-XSS on column type (table Search), see PMASA-2011-18
- [security] Self-XSS on invalid query (table overview), see PMASA-2011-18
PR: ports/162873
Submitted by: Matthew Seaman <m.seaman@infracaninophile.co.uk> (maintainer)
Feature safe: yes
ChangeLog:
http://sourceforge.net/projects/phpmyadmin/files%2FphpMyAdmin%2F3.4.7%2FphpMyAdmin-3.4.7.html/view
Welcome to phpMyAdmin 3.4.7, a bugfix release.
3.4.7.0 (2011-10-23)
- bug #3418610 [interface] Links in navigation when $cfg['MainPageIconic'] = false
- bug #3418849 [interface] Inline edit shows dropdowns even after closing
- bug [view] View renaming did not work
- bug [navi] Wrong icon for view (MySQL 5.5)
- bug #3420229 [doc] Missing documentation section
- bug #3423725 [pdf] Broken PDF file when exporting database to PDF
- [core] Allow to set language in URL
- bug #3425184 [doc] Fix links to PHP documentation
- bug #3426031 [export] Export to bzip2 is not working
PR: ports/161937
Submitted by: maintainer
of security fixes in the announcement message and changelog, all of
the fixes were already applied in the previous port update (to
3.4.6-rc1). In fact, diff'ing the distfile tarballs between 3.4.6-rc1
and 3.4.6 shows that the only change is to update the version number.
Announcement message:
"Welcome to phpMyAdmin 3.4.6, a bugfix and minor security release.
Please refer to the upcoming PMASA-2011-15 and -16 announcements on
http://www.phpmyadmin.net/home_page/security.
Details will appear on http://phpmyadmin.net.
Marc Delisle, for the team"
ChangeLog:
http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.4.6/phpMyAdmin-3.4.6.html/download
The advisories PMASA-15 and PMASA-16 still have not yet been published.
PR: ports/161709
Submitted by: Matthew Seaman <m.seaman@infracaninophile.co.uk> (maintainer)
From the announce message:
"Welcome to the first release candidate of phpMyAdmin 3.4.6, a bugfix
release containing also fixes for minor security problems.
Details will appear on http://phpmyadmin.net. In a hurry? you can visit
http://sourceforge.net/projects/phpmyadmin to download.
Marc Delisle, for the team"
Security Advisories:
PMASA-2011-15
PMASA-2011-16
(These are not published yet...)
ChangeLog:
(http://sourceforge.net/projects/phpmyadmin/files%2FphpMyAdmin%2F3.4.6-rc1%2FphpMyAdmin-3.4.6-rc1.html/view)
Welcome to the first release candidate for phpMyAdmin 3.4.6, a bugfix release containing also fixes for minor security problems.
3.4.6.0 (not yet released)
- patch #3404173 InnoDB comment display with tooltips/aliases
- bug #3404886 [navi] Edit SQL statement after error
- bug #3403165 [interface] Collation not displayed for long enum fields
- bug #3399951 [export] Config for export compression not used
- bug #3400690 [privileges] DB-specific privileges won't submit
- bug #3410604 [config] Configuration storage incorrect suggested table name
- bug #3383572 [interface] Cannot execute saved query
- bug #3411535 [display] Full text button unchecks results display options
- bug #3411224 [display] Broken binary column when 'Show binary contents' is not set
- bug #3411633 [core] Call to undefined function PMA_isSuperuser()
- bug #3413743 [interface] Display options link missing after search
- bug #3324161 [core] CSP policy causing designer JS buttons to fail
- bug #3412862 [relation] Relations/constraints are dropped/created on every change
- bug #3390832 [display] Delete records from last page breaks search
- bug #3392150 [schema] PMA_User_Schema::processUserChoice() is broken
- bug #3414744 [core] External link fails in 3.4.5
- patch #3314626 [display] CharTextareaRows is not respected
- bug #3417089 [synchronize] Extraneous db choices
- [security] Fixed local path disclosure vulnerability, see PMASA-2011-15
- [security] Fixed XSS in setup (host/verbose parameter), see PMASA-2011-16
PR: ports/161337
Submitted by: Matthew Seaman <m.seaman@infracaninophile.co.uk> [maintainer]
http://www.phpmyadmin.net/home_page/security/PMASA-2011-2.php
Announcement-ID: PMASA-2011-2
Date: 2011-02-11
Summary
SQL query could be executed under another user.
Description
It was possible to create a bookmark which would be executed
unintentionally by other users.
Severity
We consider this vulnerability to be critical.
PR: ports/154695
Submitted by: me
Approved by: maintainer
Changes:
- bug #3059311 [import] BIGINT field type added to table analysis
- [core] Update library PHPExcel to version 1.7.4
- bug #3062455 [core] copy procedures and routines before tables
- bug #3062455 [export] with SQL, export procedures and routines before tables
- bug #3056023 [import] USE query not working
- bug #3038193 [display] Error when editing row with GEOMETRY column
- bug #3062454 [interface] Display routines/events also when no tables are
defined
- support ARIA storage engine as well as its previous name MARIA
PR: ports/151738
Submitted by: Matthew Seaman <m.seaman@infracaninophile.co.uk> (maintainer)
Approved by: pgollucci (mentor, implicit)
- Use USERS and GROUPS functionality , instead of supplying pkg-install
- Drop some warnings about changes that happened a long time ago now.
PR: 141801
Submitted by: Matthew Seaman <m.seaman@infracaninophile.co.uk> (maintainer)
Security Update:
A point release to close a code execution vulnerability. This bug
allows a remote user logged in to the phpmyadmin web application to
run arbitrary shell commands with the credentials of the web
server.
PR: 127417
Submitted by: Matthew Seaman <m.seaman@infracaninophile.co.uk> (maintainer)
Approved by: portmgr (pav)
Security: http://www.vuxml.org/freebsd/74bf1594-8493-11dd-bb64-0030843d3802.html
* When installed using WITH_SUPHP use a fix username/UID from
/usr/ports/UIDs. There's no equivalent /usr/ports/GIDs entry
because it defaults to group 'www'.
* Consequently change the default username from phpmyadm to _pma
and add an entry to /usr/ports/UIDs:
_pma:*:336:80:phpMyAdmin Owner:/nonexistent:/sbin/nologin
* Use the standard $WWWDIR for PLIST_SUB and SUB_LIST, instead of
rolling my own equivalent.
* Various internal code changes and clean-up
* Bump PORTREVISION
Note: the changes here mostly affect compilation with WITH_SUPHP
defined. If you're not a suPHP user, then there's very little
ultimately that has changed.
PR: 119825
Submitted by: Matthew Seaman <m.seaman@infracaninophile.co.uk> (maintainer)
This is a bugfix only release, including fixing some security bugs. No
more details than that have yet been released.
ChangeLog is at:
https://sourceforge.net/project/shownotes.php?release_id=503361
PR: ports/112065
Submitted by: maintainer (Matthew Seaman)
change, this is a security thing.
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-3
From the announce message:
Hi,
The "Month Of PHP Bugs" reveals some PHP vulnerabilities. MOPB-02-2007
(PHP Executor Deep Recursion Stack Overflow) uses phpMyAdmin as an
example to show a recursion vulnerability in PHP, for which a
protection is provided in version 2.10.0.2.
More details will follow on phpmyadmin.net, Security section, PMASA-2007-3.
Marc Delisle, for the team.
PR: ports/109765
Submitted by: Matthew Seaman <m.seaman (at) infracaninophile.co.uk> (maintainer)
Security: PMASA-2007-3
PR: ports/108034
Submitted by: Henrik Brix Andersen <henrik at brixandersen.dk>
Approved by: Matthew Seaman <m.seaman at infracaninophile.co.uk> (maintainer)
Fixes
-----
* XSS fix
* Wrong import when ;; is at buffer boundary
* Duplicate id for checkbox on table Operations page
* Better behavior on the Add new fields page
* Export: csv/cvs typo
* Renaming a db containing a view
* Automated timestamp values
* Import: correctly fail if file is too short
* Default font family on original theme
Detailed list of changes is available under
http://www.phpmyadmin.net/ChangeLog.txt
PR: ports/105343
Submitted by: maintainer (Matthew Seaman)
