| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
- [core] Fix broken cleanup of $_GET
- bug #3054458 [core] Fixed displaying number of rows.
|
|
Changes since version 2.11.10:
- [setup] Fixed output sanitizing in setup script, see PMASA-2010-4 for
more details.
- [core] Fixed various XSS issues, see PMASA-2010-5 for more details.
|
|
converters/php-mbstring
databases/php-mysqli
net/php-soap
textproc/php-dom
textproc/php-xsl
time/php-calendar
No functional change should be done.
|
|
Changes since version 2.11.9.6:
- [core] safer handling of temporary files with open_basedir
(thanks to Thijs Kinkhorst)
- [core] do not automatically set and create TempDir, it might lead to
security issue (thanks to Thijs Kinkhorst)
- [setup] avoid usage of (un)serialize, what might be unsafe in some cases
This fixes the security vulnerabilities reported in PMASA-2010-1,
PMASA-2010-2 and PMASA-2010-3.
|
|
- [security] XSS and SQL injection, thanks to Herman van Rink
|
|
|
|
code execution vulnerability reported in PMASA-2009-3 / CVE-2009-1151.
|
|
- [security] possible XSRF on several pages
|
|
little sensitive when it comes to removing non-existent files.
|
|
- [security] XSS in MSIE using NUL byte
- [security] XSS in a Designer component
|
|
- bug #2031221 [auth] Links to version number on login screen
- bug #2032707 [core] PMA does not start if ini_set() is disabled
- bug #2004915 [bookmarks] Saved queries greater than 1000 chars
not displayed
- bug #2037381 [export] Export type "replace" does not work
- bug #2037375 [export] DROP PROCEDURE needs IF EXISTS
- bug #2045512 [export] Numbers in Excel export
+ [lang] Norwegian UTF-8 original file remerged
- bug #2074250 [parser] Undefined variable seen_from
- [security] Code execution vulnerability
This update fixes the security vulnerability reported in PMASA-2008-7.
|
|
- patch #1987593 [interface] Table list pagination in navi
- bug #1989081 [profiling] Profiling causes query to be executed again
(really causes a problem in case of INSERT/UPDATE)
- bug #1990342 [import] SQL file import very slow on Windows
- bug [XHTML] problem with tabindex and radio fields
- bug #1971221 [interface] tabindex not set correctly
- bug [views] VIEW name created via the GUI was not protected
with backquotes
- bug #1989813 [interface] Deleting multiple views (space in name)
- bug #1992628 [parser] SQL parser removes essential space
- bug #1989281 [export] CSV for MS Excel incorrect escaping of
double quotes
- bug #1959855 [interface] Font size option problem when no
config file
- bug #1982489 [relation] Relationship view should check for changes
- bug [history] Do not save too big queries in history
- [security] Do not show version info on login screen
- bug #2018595 [import] Potential data loss on import resubmit
- patch #2020630 [export] Safari and timedate
- bug #2022182 [import, export] Import/Export fails because of
Mac files
- [security] protection against cross-frame scripting and
new directive AllowThirdPartyFraming
- [security] possible XSS during setup
- [interface] revert language changing problem introduced
with 2.11.7.1
- small fix for notice about "lang"
This update fixes the security vulnerability reported in PMASA-2008-6.
|
|
- bug #1908719 [interface] New field cannot be auto-increment and
primary key
- [dbi] Incorrect interpretation for some mysqli field flags
- bug #1910621 [display] part 1: do not display a TEXT utf8_bin
as BLOB (fixed for mysqli extension only)
- [interface] sanitize the after_field parameter,
thanks to Norman Hippert
- [structure] do not remove the BINARY attribute in drop-down
- bug #1955386 [session] Overriding session.hash_bits_per_character
- [interface] sanitize the table comments in table print view,
thanks to Norman Hippert
- bug #1939031 Auto_Increment selected for TimeStamp by Default
- patch #1957998 [display] No tilde for InnoDB row counter when
we know it for sure, thanks to Vladyslav Bakayev - dandy76
- bug #1955572 [display] alt text causes duplicated strings
- bug #1762029 [interface] Cannot upload BLOB into existing row
- bug #1981043 [export] HTML in exports getting corrupted,
thanks to Jason Judge - jasonjudge
- bug #1936761 [interface] BINARY not treated as BLOB:
update/delete issues
- protection against XSS when register_globals is on and .htaccess
has no effect, thanks to Tim Starling
- bug #1996943 [export] Firefox 3 and .sql.gz (corrupted);
detect Gecko 1.9, thanks to Juergen Wind
- (2.11.7.1) [security] XSRF/CSRF by manipulating the db,
convcharset and collation_connection parameters,
thanks to YGN Ethical Hacker Group
This update fixes the security vulnerability reported in PMASA-2008-5.
|
|
- bug #1908719 [interface] New field cannot be auto-increment and
primary key
- [dbi] Incorrect interpretation for some mysqli field flags
- bug #1910621 [display] part 1: do not display a TEXT utf8_bin
as BLOB (fixed for mysqli extension only)
- [interface] sanitize the after_field parameter,
thanks to Norman Hippert
- [structure] do not remove the BINARY attribute in drop-down
- bug #1955386 [session] Overriding session.hash_bits_per_character
- [interface] sanitize the table comments in table print view,
thanks to Norman Hippert
- bug #1939031 Auto_Increment selected for TimeStamp by Default
- patch #1957998 [display] No tilde for InnoDB row counter when
we know it for sure, thanks to Vladyslav Bakayev - dandy76
- bug #1955572 [display] alt text causes duplicated strings
- bug #1762029 [interface] Cannot upload BLOB into existing row
- bug #1981043 [export] HTML in exports getting corrupted,
thanks to Jason Judge - jasonjudge
- bug #1936761 [interface] BINARY not treated as BLOB:
update/delete issues
- protection against XSS when register_globals is on and .htaccess
has no effect, thanks to Tim Starling
- bug #1996943 [export] Firefox 3 and .sql.gz (corrupted);
detect Gecko 1.9, thanks to Juergen Wind
|
|
- bug #1903724 [interface] Displaying of very large queries
in error message
- bug #1905711 [compatibility] Functions deprecated in PHP 5.3:
is_a() and get_magic_quotes_gpc()
- bug [lang] catalan wrong accented characters
- bug #1893034 [Export] SET NAMES for importing with command-line
client
+ [lang] Russian update
- bug #1910485 [core] Unsetting the whitelist during the loop
- bug #1906980 [Export] Import of VIEWs fails if temp table exists
- bug #1812763 [Copy] Table copy when server is in ANSI_QUOTES
sql_mode
- bug #1918531 [compatibility] Navigation isn't w3.org valid
- bug #1926357 [data] BIT defaults displayed incorrectly
- patch #1930057 [auth] colon in password prevents HTTP login
on CGI/IIS
- patch #1929553 [lang] Don't output BOM character in Swedish
language file
- patch #1895796 [lang] Typo in Japanese lang files
- bug #1935652 [auth] Access denied (show warning about mcrypt
on login page)
- bug #1906983 [export] Reimport of FUNCTION fails
- bug #1919808 [operations] Renaming a database fails to handle
functions
- bug #1934401 [core] Cannot force a language
- bug #1944077 [core] Config file containing a BOM
- bug #1947189 [scripts] Missing head tag in scripts/signon.php
+ [lang] Romanian update
|
|
|
|
|
|
|
|
security problem reported in PMASA-2008-3 (CVE-2008-1924).
|
|
|
|
The new version fixes a credentials disclosure on shared hosts via
session data reported in security announcement PMASA-2008-2.
|
|
The new version fixes several bugs including the cross site scripting
vulnerability reported in PMASA-2007-8 and the SQL inject vulnerability
report in PMASA-2008-1.
|
|
their files via a custom do-install target.
|
|
directory. Problems noted by Stoned Elipot and Martti Kuparinen in
private e-mail. Bump package revision because of these changes.
|
|
directory. Problems noted by Stoned Elipot and Martti Kuparinen in
private e-mail. Bump package revision because of these changes.
|
|
created anymore. Pointed out by Geert Hendrickx.
|
|
Change since version 2.10.2:
- creating VIEWs from query results
- managing triggers, procedures and functions
- supports MySQL 5.0.37 query profiling
- improved interface for servers hosting thousands of databases and tables.
- security fixes for PMASA-2007-5, PMASA-2007-6 and PMASA-2007-7
|
|
the owner of all installed files is a non-root user. This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.
(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
unprivileged.mk. These two variables are lists of other bmake
variables that define package-specific users and groups. Packages
that have user-settable variables for users and groups, e.g. apache
and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
and ${UNPRIVILEGED_GROUP}.
(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
|
|
The new version fixes several bugs and addresses the security
vulerability reported in PMASA-2007-4.
|
|
|
|
- Fix for PMASA-2007-3 (PHP Executor Deep Recursion Stack Overflow)
- New graphical relation manager, called Designer, available in
database view
|
|
Changes since version 2.9.1.1 (literal quote from the home page):
Version 2.9.2-rc1 contains some security fixes (an advisory will be
published when releasing 2.9.2) and other fixes.
|
|
1.) Don't use hardcoded group "wheel". Use "APACHE_GROUP" instead which
defaults to "www".
2.) Create user and group if necessary. This fixces PR pkg/35141 by
Wouter Schoot.
3.) Fix path to Perl interpreter in helper script "convertcfg.pl" and
add missing dependence on Perl package.
Bump package revision because of these fixes.
|
|
Changes since version 2.9.0.3:
- Security fixes
- Wrong import when ;; is at buffer boundary
- Duplicate id for checkbox on table Operations page
- Better behavior on the Add new fields page
- Export: csv/cvs typo
- Renaming a db containing a view
- Automated timestamp values
- Import: correctly fail if file is too short
- Default font family on original theme
|
|
XSS vulnerability reported in PMASA-2006-6.
|
|
Changes since version 2.8.2.4:
- Fixed for security vulnerability reported in PMASA-2006-5
- New export options
- A lot of bug fixes
|
|
This release fixes some bugs found since version 2.8.2 hasn been released.
This update was provided by Martin Wilke in PR pkg/34314.
|
|
Changes since version 2.8.0.4:
- XSS vulnerability from requests not containing a token
- Reenable XML option in Export
- State in documentation that your browser must accept cookies
- CVS link was broken on main page
- Adding a user with password containing a backslash
- Removing a default value
- Setup script: compatibility with security tokens
- Setup script: detection of writable config
- Reading the database list with MySQL wildcards
|
|
all PEAR packages to php?-pear-* and all Apache packages to ap13-* or
ap2-* respectively. Add new variables to simplify the Makefile
handling. Add CONFLICTS on the old names. Reset revisions of bumped
packages. ap-php will now depend on the default Apache and PHP version.
All programs using it have an implicit option of the Apache version
as well.
OK from jlam@ and adrianp@.
|
|
security vulnerability reported in PMASA-2006-2 and CVE-2006-2031.
|
|
Changes since version 2.8.0.2:
- XSS vulnerability (set_theme)
- mysqli problems with zend.ze1_compatibility_mode enabled
- setup script did not save the mysql/mysqli extension
- XSS vulnerability (calling directly css files under themes)
|
|
don't get installed. This fixes a package list problem reported by
Lubomir Sedlacik in private e-mail. Bump package revision.
|
|
Changes since version 2.8.0.1:
- XSS vulnerability (set_theme)
- mysqli problems with zend.ze1_compatibility_mode enabled
- setup script did not save the mysql/mysqli extension
Package source related changes:
- incooperate fix for phpMyAdmin bug #1436279 to make the package usable
with Safari under Mac OS X again
|
|
|
|
- PHP 5.1.2 compatibility
- Possibility to hide databases
- Configurable memory limit for import/export
- Better support for CGI
- Web-based setup
|
|
|
|
functionality work. Bump package revision because of this fix.
This fixes PR pkg/32466 by Konrad Neuwirth.
|
|
automatically detects whether we want the pkginstall machinery to be
used by the package Makefile.
|
|
2.6.4-pl4:
- New plugin-based import module
- Some pages now use fieldsets for better look
- Better support for information_schema
- Upgrade script new options
- Better displaying of privileges when there are differences between the
various user definition tables
- Structure: count unique value for each field
- Can now limit the list of shown languages
- User-specific upload and save server directories
- Remove Drop tab for mysql database
- New transformation: SQL pretty printing
- Ability to limit maximum size of extended insert
- Support for searching in the foreign key window
- Can now replace an existing bookmark
- New shortcuts for IP rules
- Detect lack of privileges for "Create new table"
- Wrong display of localized MySQL error messages
- Need to select the primary key for MIME-based print view
- Handling of ENTER key when adding fields
- InnoDB: truncating icon and exact row count
- After dropping a db, links were missing
- Strict mode and auto-increment fields insertion
- Collation change for ENUM and SET
- Display problems on special characters in column name
- Links for MySQL documentation
- Escaping of "_"
- Could not edit privileges when different host in db and user
- Changing auto-increment value for InnoDB
- Correct sort order for foreign-key dropdowns
- Group database by rightmost separator
- Performance problem when inserting huge BLOBs
- Calendar popup and time beginning by 0
This update fixes the security vulnerabilities reported in PMASA-2005-8
and PMASA-2005-9.
|
|
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in
http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
|
