phpmyadmin (4:5.2.1+dfsg-3) unstable; urgency=medium [ John Adrian Salitico ] * Translated using Weblate (Filipino) [ kopatych ] * Translated using Weblate (Belarusian) [ Milo Ivir ] * Translated using Weblate (Croatian) [ Athos Ribeiro ] * d/NEWS: document new behavior when running PHP < 8 [ William Desportes ] * Add a patch for PHP 8.3 * Add a patch to avoid Twig 3.9.0 * Import one more fix for sql-parser 5.8 for Triggers export * Import Ubuntu patch for PHP 8.0 (LP: #2016016) * Remove the Symfony polyfill in the PHP 8 patch * Add a patch to require PHP 8.2 * Re-write the Ubuntu Jammy d/NEWS entry for Debian * Use LP: #2016016 for the Launchpad link * Send Standards-Version 4.7.0 * Force dependencies loading to use /usr/share/php/ * Remove suggests of non existing webauthn lib in Debian -- William Desportes Thu, 18 Apr 2024 12:31:22 +0200 phpmyadmin (4:5.2.1+dfsg-2) unstable; urgency=medium * Allow symfony 6 * Add patches for phpunit 10 (Closes: #1039803) * Add an upstream patch for fatal errors * Build css files in the build dir (Closes: #1048361) * Build depend on libjs-bootstrap5 * Depend on libjs-bootstrap5 and link to it * Add patches for sql-parser 5.8 * Force depends on sql-parser 5.8 * Update phpunit 10 patch * Import node-bootstrap 5.3.1+dfsg-1 in d/missing-sources * Update d/copyright -- William Desportes Wed, 18 Oct 2023 21:55:32 +0200 phpmyadmin (4:5.2.1+dfsg-1) unstable; urgency=medium * Add a d/pkg-php-tools-overrides to force the PHP 8.0 polyfill dep * Install ChangeLog using dh_installchangelogs * New upstream version 5.2.1+dfsg * Fixes: CVE-2023-25727, PMASA-2023-1 * Update patches * Fix phpunit group name to exclude * Re build jquery-migrate.min.js * Re build jquery.validate.min.js * Update d/copyright and lintian overrides for two jquery libs * Add a patch to Skip part of RoutingTest::testGetDispatcher (rw-tree) * Add a patch for out of source test data * Improve d/u/metadata, add CPE and Webservice -- William Desportes Wed, 08 Feb 2023 13:57:42 +0100 phpmyadmin (4:5.2.0+dfsg1-2) unstable; urgency=medium [ William Desportes ] * Drop PSR-7 patches * Forward some patches upstream * Depend on php-slim-psr7 instead of php-nyholm-psr7 * Revert "Update autoload template to use Nyholm/Psr7 dependency" * Revert "Change branch to debian/experimental" * Add a missing test to a the TEST_PATH patch [ Dilshod Fayzullayev Fayzulla O'G'LI ] * Added translation using Weblate (Uzbek) * Translated using Weblate (Uzbek) -- William Desportes Sat, 28 Jan 2023 10:15:11 +0100 phpmyadmin (4:5.2.0+dfsg1-1) experimental; urgency=medium * New upstream version 5.2.0+dfsg1 * Change branch to debian/experimental * Update patch for PHP 8.2 string interpolation * Refresh 2FA patch * Refresh patches * Update bootstrap patch * Add bootstrap 5.1.3 sources * Update autoload template * Add new packages to Build-Depends * Drop old js libs * Revert "Exclude js/vendor/zxcvbn.js.map from the bundle" * Revert "Exclude js/vendor/zxcvbn.js from the vendor tarball because it can not be re-built from source" * Remove depends on libjs-bootstrap4 and d/links to it * Re-build the bootstrap.bundle.min.js file * Make build requirements force the versions in experimental * Add d/links for bootstrap theme to libjs-jquery-ui * Add a patch to enable more PSR-7 packages * Depend on php-nyholm-psr7 * Run wrap-and-sort * Update composer.json to require another PSR-7 implementation * Update autoload template to use Nyholm/Psr7 dependency * Add a missing dir_to_symlink for bootstrap theme * Add bootstrap theme to d/rules * Adjust lintian-overrides * Drop "paragonie/sodium_compat" from composer.json * Remove dropped patch from d/p/series * Remove duplicate patch in d/p/series * Fix postinst or postrm errors breaking apt procedures (Closes: LP: #1652359) -- William Desportes Mon, 23 Jan 2023 23:45:28 +0400 phpmyadmin (4:5.1.4+dfsg1-3) unstable; urgency=medium * Add PHP 8 support on apache2.conf * Update d/README.Debian * Add a patch for PHP 8.2 string interpolation * Update lintian overrides * Update Recommends * Update Standards-Version to 4.6.2 -- William Desportes Sun, 22 Jan 2023 20:48:49 +0400 phpmyadmin (4:5.1.4+dfsg1-2) unstable; urgency=medium [ Kristijan Fremen Velkovski ] * Added translation using Weblate (Macedonian) [ Ugnius Vaičeskas ] * Added translation using Weblate (Lithuanian) [ Sean Dylan Patterson ] * Added translation using Weblate (Afrikaans) [ William Desportes ] * Depend on libjs-jquery-tablesorter [ AefghThreenine ] * Added translation using Weblate (Thai) * Translated using Weblate (Thai) [ William Desportes ] * Add autoload for php-code-lts-u2f-php-server * Add a patch to update documentation for 2FA packages * Add a patch to suggest ext-sodium * Add php-code-lts-u2f-php-server and php-curl to tests * Widen a lintian override * Make build requirements force the versions in unstable -- William Desportes Fri, 16 Dec 2022 18:28:37 +0100 phpmyadmin (4:5.1.4+dfsg1-1) unstable; urgency=medium * New upstream version 5.1.4+dfsg1 * Remove js/vendor/jquery/{jquery.svg.js,jquery.mousewheel.js} copyrights * Update Standards-Version to 4.6.1 * Re order composer dependencies like phpabtpl would do * Refresh patches * Add a patch to disable testDownloadHeader and testDownloadHeader2 tests -- William Desportes Tue, 24 May 2022 00:58:39 +0200 phpmyadmin (4:5.1.3+dfsg1-1) unstable; urgency=medium * New upstream version 5.1.3+dfsg1 * Fixes: CVE-2022-23807, PMASA-2022-1 * Fixes: CVE-2022-23808, PMASA-2022-2 * Refresh Debian patches * Remove upstream released/accepted patches * Allow phpmyadmin/sql-parser 5.4 * Bump d/copyright years * Update openlayers source to 6.9.0 * Make openlayers 6.9.0 source compatible with Debian * Update bootstrap source to 4.6.1 * Update jquery source to 3.6.0 * Refresh d/patches after 5.1.3 import * Update d/copyright * Use dh-sequence-{phpcomposer,sphinxdoc} packages * Update the main autoload template by using phpabtpl * Adjust d/lintian-overrides * Mark s390x as non 32 bit compatible (for shapefile tests) * Adjust d/lintian-overrides * Improve check_file_access function from config.inc.php * Drop deprecated `$cfg['Servers'][$i]['auth_swekey_config']` from config * Drop deprecated `$cfg['Servers'][$i]['extension']` from config.inc.php -- William Desportes Sat, 12 Feb 2022 13:40:47 +0100 phpmyadmin (4:5.1.1+dfsg1-5) unstable; urgency=medium * Add a patch to fix PHP 8.1 test failure (Closes: #1000571) * Add a patch to remove PHP 8.1 deprecation issues (Closes: #1000571) * Update d/copyright -- William Desportes Wed, 12 Jan 2022 02:27:47 +0100 phpmyadmin (4:5.1.1+dfsg1-4) unstable; urgency=medium * Set back configs to debian/latest * Update Standards-Version to 4.6.0 -- William Desportes Thu, 19 Aug 2021 12:20:25 +0200 phpmyadmin (4:5.1.1+dfsg1-3) experimental; urgency=medium * Allow PHP 8 to work by allowing symfony v5 * Update d/gbp.conf and d/control to experimental branch * Set Debian Salsa GitLab CI to experimental -- William Desportes Fri, 18 Jun 2021 13:10:35 +0200 phpmyadmin (4:5.1.1+dfsg1-2) experimental; urgency=medium * Closes: #987061 (missed closes in 4:5.1.1+dfsg1-1) * Add openlayers build from source patch * Change node_modules to d/missing-sources in ol build * Add openlayers source files from 5.1.1 source tarball * Disable MapboxVector in openlayers sources * Add rBush and quickselect dependencies * Update copyright for openlayers, quickselect and rBush * Use webpack to build openlayers * Update d/clean after openlayers build * Lintian overrides for openlayers d/missing-sources/ol/* -- William Desportes Mon, 14 Jun 2021 23:18:54 +0200 phpmyadmin (4:5.1.1+dfsg1-1) experimental; urgency=medium * Update patch for php-twig to use 2.9 as a minimum * New upstream version 5.1.1 * Update copyrights * Drop dependency on php-symfony-yaml and Symfony/Component/Yaml from autoload * Remove .yml files from install - no more .yml files * Depend on php-nikic-fast-route * Drop depends on libjs-openlayers * Update bootstrap patch * Add FastRoute vendor to autoload * Only skip 32-bit tests on 32-bit platforms * Adjust rules to set the Debian version suffix * Build depends on php-cli for new Makefile php commands * Remove not useful anymore delete of metro theme fonts * Adjust phpunit ODS test for mbstring length * Add a maintscript rule to make the openlayers symlink into a folder * Update d/copyright for openlayers * Ignore source-contains-prebuilt-javascript-object for js/src * Ignore very-long-line-length-in-source-file from js/dist * Remove unused d/licenses * Fix failing ErrorTest::testSetFile, FileListingTest, OptionsTest -- William Desportes Sat, 05 Jun 2021 00:29:04 +0200 phpmyadmin (4:5.0.4+dfsg2-2) unstable; urgency=medium * Add a patch for CVE-2021-21252 * Add a patch to remove metro theme fonts * Remove metro themes from installed version * Add a d/maintscript to fix symlink migration (Closes: #980375) -- William Desportes Sat, 23 Jan 2021 17:25:13 +0100 phpmyadmin (4:5.0.4+dfsg2-1) unstable; urgency=medium [ William Desportes ] * Set all php-symfony-* dependencies to require 4.2 * Exclude js/vendor/zxcvbn.js because it can not be re-built from source * Re-build js/vendor/stickyfill.min.js from source * Build depend on minify * Include most of the excluded files and add copyright blocks * Update copyright blocks [ David Prévot ] * Add back php-gd useful for autopkgtest * Discard test failing on arm64 CI * Restore source map for css files * Update copyright blocks * d/clean: Use upstream doc target * d/s/lintian-overrides: Update comments -- William Desportes Tue, 12 Jan 2021 13:46:31 +0100 phpmyadmin (4:5.0.4+dfsg1-1) unstable; urgency=medium [ William Desportes ] * New upstream version 5.0.4 (Closes: #950531, Closes: #978382) * Remove phpunit 7 patch file * Remove packages version patch * Refresh the Debian patch for the vendor constants config * Refresh the test-autoload patch * Add some of the new dependencies for 5.0 * Adjust autload for Twig-i18n-extension * Remove fix tests sed commands * Add a upstream patch to make the test suite work fine * Add Williamdes/MariaDBMySQLKBS to vendor autoload * Add some debian php-symfony dependencies * Remove duplicated config.manyhosts * Add lintian overrides for Metro theme * Exclude built documentation from upstream dfsg * Exclude node_module from upstream dfsg * Do not delete selenium tests folder * Replace phpunit custom xml by --no-coverage argument * Add new php-symfony- autoload requires * Add .yml files to installed package version * Add robots.txt to installed package version * Disable 32bit incompatible tests * Fix 2 unnecessary greater-than versioned dependency * Run "cme fix dpkg" and "wrap-and-sort" * Rename MIT to Expat on d/copyright * Apply formatting rules from "cme fix dpkg" * Drop dependency on composer (Closes: #977983) * Drop vendor files that can be replaced * Drop copyright blocks from files not more present * Link and depend onto new packages * Bump Standards-Version to 4.5.1 * Use some Debian packages instead of source files * Set d/watch to version 4 * Depend on libjs-jquery-timepicker and libjs-jquery-mousewheel * Add a linitian override about libjs-jquery-tablesorter * Remove useless DEB_BUILD_OPTIONS for dh 13 * Drop everything about bacon-qr-code as it does not work * Update Debian patch to allow motranslator 4 or 5 * Simplify open_basedir to allow all /usr/share/php/ * Drop depends on twig-extensions * Drop depends on php-psr-container * Remove phpab scan on setup/lib * Remove useless dependency constraints * Remove php extensions that are already in composer.json * Cleanup autopkgtests * Make d/tests run on the installed package * Add a patch to remove EnvironmentTest::testMySQL test * Add a patch for tests not to fail on Debian versions with a "+" char * Set debian branch to debian/latest (DEP-14) [ David Prévot ] * Extend (Build-)Depends clean up * Drop useless require * Update copyright information (translations) * Allow /usr/share/doc/phpmyadmin/ again * Simplify a bit dh_install * Don’t order patches * Define and use TEST_PATH for Debian CI * Group noautopkgtest for test failing on Debian CI * Add allow-stderr for CI -- William Desportes Fri, 08 Jan 2021 20:31:40 +0100 phpmyadmin (4:4.9.7+dfsg2-1) UNRELEASED; urgency=medium [ William Desportes ] * Add d/clean file * Make the selenium tests silent before tests instead of rm the folder * Exclude and clean built html doc files [ ETHEVE France-line ] * Translated using Weblate (Réunion Creole) -- William Desportes Tue, 03 Nov 2020 11:14:12 +0100 phpmyadmin (4:4.9.7+dfsg1-1) unstable; urgency=medium [ Debian Janitor ] * Wrap long lines in changelog entries: 4:4.9.5+dfsg1-1. [ William Desportes ] * Bump debhelper-compat to 13 * Fix 2 typos in debian/doc-base * Change encoding of sv.po from windows-1252 to UTF-8 * New upstream version 4.9.7+dfsg1 * Fixes: CVE-2020-26934, PMASA-2020-5, Closes: #971999 * Fixes: CVE-2020-26935, PMASA-2020-6, Closes: #972000 * Adjust patches to allow sql-parser 5.4+ * Allow bacon qr code to be used * Adjust open_basedir for BaconQrCode and DASPRiD/Enum dependency -- William Desportes Thu, 15 Oct 2020 23:53:57 +0200 phpmyadmin (4:4.9.5+dfsg1-2) unstable; urgency=medium * Bump motranslator build dependency from 4.x to 5.x * Drop php-recode extension from Build-Depends (Closes: #955360) -- William Desportes Tue, 31 Mar 2020 16:59:41 -0300 phpmyadmin (4:4.9.5+dfsg1-1) unstable; urgency=medium * Set upstream metadata fields: Changelog, Documentation, FAQ, Donation, Security-Contact. * Bump Standards-Version to 4.5.0 * New upstream version 4.9.5 (Closes: #952308) * Fixes: CVE-2020-10802, PMASA-2020-3, Closes: #954665 * Fixes: CVE-2020-10803, PMASA-2020-4, Closes: #954666 * Fixes: CVE-2020-10804, PMASA-2020-2, Closes: #954667 * Force to have phpMyAdmin sql-parser >= 4.5.0 * Force to have php-twig >= 2.9 (Closes: #954766) -- William Desportes Wed, 25 Mar 2020 18:07:16 -0300 phpmyadmin (4:4.9.4+dfsg1-1) unstable; urgency=medium [ William Desportes ] * New upstream version 4.9.4 (PMASA-2020-1, CVE-2020-5504, Closes: #948718) * Exclude a test on Debian CI for 32bit systems (#854821) * Upgrade Debian standards from 4.3.0 to 4.4.1 [ Felipe Sateler ] * Don't run tests if DEB_BUILD_OPTIONS contains nocheck * copyright: fix wildcards for node_modules. Files do not match directories. An explicit /* must be added at the end * Add lintian overrides for package-contains-documentation-outside-usr-share-doc. Those READMEs document the respective directories * Bump debhelper compat level to 12. Move --fail-missing option to dh_missing * Add Rules-Requires-Root: no. We don't need (fake)root to build the package * Bump dependency on motranslator. API is the same, but support for older php versions was dropped, so a major semver break was needed. In debian we already have the newer php versions so we can just bump the dependency. * Trim trailing whitespace. * Wrap long lines in changelog entries: 4:4.9.4+dfsg1-1, 4:4.9.2+dfsg1- 1, 4:4.9.0.1+dfsg1-1, 4:4.6.5.1-1, 4:3.3.9-1ubuntu1. * Fix misspelling of Close => Closes. * Set field Upstream-Name in debian/copyright. * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository, Repository-Browse. [ Hridoy Bapery ] * Added translation using Weblate (Bengali (Bangladesh)) * Added translation using Weblate (Bengali) * Translated using Weblate (Bengali) Currently translated at 100.0% (2 of 2 strings) -- Felipe Sateler Mon, 16 Mar 2020 13:25:37 -0300 phpmyadmin (4:4.9.2+dfsg1-1) unstable; urgency=medium [ William Desportes ] * New upstream version 4.9.2. (Closes: #944711) * Fixes a security vulnerability in the Designer feature. (PMASA-2019-5, CVE-2019-18622, Closes: #945349) * Add debian gitlab pipelines config. [ Matthias Blümel ] * remove creation of the vendor dir in rules. * remove unnecessary removal of openlayers. * fix autopkg-tests * simplify patch for phpunit 8 by adding ": void" on demand * remove test/selenium to get autopkg working * Do not fail removal if there are other avahi services or desktop files rmdir fails if it can't remove the directory because there are other files left. Since we only care about removing the directory to clean up if we are the last user, we can pass --ignore-fail-on-non-empty. (Closes: #944514) -- Felipe Sateler Mon, 25 Nov 2019 07:55:27 -0300 phpmyadmin (4:4.9.1+dfsg1-2) unstable; urgency=medium * Adjust open_basedir setting for ubuntu eoan -- Matthias Blümel Fri, 01 Nov 2019 19:33:40 +0100 phpmyadmin (4:4.9.1+dfsg1-1) unstable; urgency=medium * New upstream version 4.9.1. * Remove webbased setup (Closes: #772741) * Check for weak blowfish key and regenerate if necessary during update * fix avahi service-installation (Closes: #914673, LP: #1293558) * fix bug in sql-script for non-default tablename (Closes: #884827) -- Matthias Blümel Tue, 24 Sep 2019 21:43:48 +0200 phpmyadmin (4:4.9.0.1+dfsg1-1) unstable; urgency=medium [ Matthias Blümel ] * New upstream version 4.9.0.1. * Update Package for new composer-oriented structure in upstream * Update Translations - Catalan - Ukrainian - Chinese (Traditional) * New Translations - Romanian - Indonesian * New upstream release, fixing several security issues: - Warings when running under php 7.2 (Closes: #890595) - FTBFS with phpunit 6.4.4-2 (Closes: #883417, Closes: #917755) - Bypass $cfg['Servers'][$i]['AllowNoPassword'] (PMASA-2017-8, CVE-2017-18264) - XSRF/CSRF vulnerability in phpMyAdmin (PMASA-2017-9, CVE-2017-1000499) - Self XSS in central columns feature (PMASA-2018-1, CVE-2018-7260, Closes: #893539) - CSRF vulnerability allowing arbitrary SQL execution (PMASA-2018-2, CVE-2018-10188, Closes: #896490) - XSS in Designer feature (PMASA-2018-3, CVE-2018-12581) - Bug that can be used for XSS when importing files - Local file inclusion (PMASA-2018-6, CVE-2018-19968) - XSRF/CSRF vulnerabilities allowing a to perform harmful operations (PMASA-2018-7, CVE-2018-19969) - an XSS vulnerability in the navigation tree (PMASA-2018-8, CVE-2018-19970) - Arbitrary file read vulnerability (PMASA-2019-1, CVE-2019-6799, Closes: #920823) - SQL injection in the Designer interface (PMASA-2019-2, CVE-2019-6798, Closes: #920822) - SQL injection in Designer feature (PMASA-2019-3, CVE-2019-11768, Closes: #930048)) - CSRF vulnerability in login form (PMASA-2019-4, CVE-2019-12616, Closes: #930017) * patch to allow twig in version 2 * adjust autoload path with libapache2-mod-php, load Twig-Extensions and tcpdf * adjust apache-config with open_basedir for dependencies * Set TempDir to /var/lib/phpmyadmin/tmp for twig-cache * add config-table upgrade for version 4.7.0+ * enable unittests and patch to use phpunit 7, fix build-deps * update to standards-version 4.3.0 * add Debian CI testfile * depend on python3-sphinx instead of python-sphinx which is python2 (Closes: #943209) * don't chown tmp-dir recursive and remove useless entries in 'dirs' * add sensible-utils to dependencies for .desktop-file * simplify apache-config * mbstring.func_overload = 0 is default and not set (/etc/php/7.3/apache2/php.ini) * SetHandler is now in the configuration of libapache2-mod-php (/etc/apache2/mods-available/php7.3.conf) * AddType seems not to be necessary anymore, it's in the mime-database (/etc/mime.types) * use autoload.php instead of vendor/autoload.php * use libjs-openlayers instead of bundled ones. * include copyright information from included vendor-source * cleanup lintian overrides [ Felipe Sateler ] * Exclude vendor dir from upstream tarball imports * Add new build-dependencies * Add autoload generation * Fix Config file location * Add phpcomposer substvars to control file * Fix js paths in debian/rules * Set phpMyAdmin team as Maintainer [ Juri Grabowski ] * define composer as Build-Depends, Fix Vcs- URLs * apache2.2-common -> apache2-data -- Felipe Sateler Sun, 16 Jun 2019 12:02:15 -0400 phpmyadmin (4:4.6.6-5) unstable; urgency=medium * Add alternate dependency to php-mysqli. This seems to help in case people are using the package with other than default PHP. * Debconf translations update (Ukrainian, Portuguese, Kabyle and French). * Fix open_basedir setting for PHP 7 (Closes: #867882). -- Michal Čihař Mon, 10 Jul 2017 12:43:06 +0200 phpmyadmin (4:4.6.6-4) unstable; urgency=medium * Build depend on locales-all to ensure en_US.UTF-8 is available (see #859219). -- Michal Čihař Fri, 07 Apr 2017 16:54:26 +0200 phpmyadmin (4:4.6.6-3) unstable; urgency=medium * Set locales for tests to avoid problems with transliteration in glibc for C.UTF-8 (Closes: #859219). -- Michal Čihař Tue, 04 Apr 2017 15:19:53 +0200 phpmyadmin (4:4.6.6-2) unstable; urgency=high * Apply upstream patch to fix not working $cfg['Servers'][$i]['AllowNoPassword'] (PMASA-2017-8). -- Michal Čihař Thu, 30 Mar 2017 14:40:46 +0200 phpmyadmin (4:4.6.6-1) unstable; urgency=medium * New upstream release. - Multiple vulnerabilities in setup script (PMASA-2016-44). - Open redirect (PMASA-2017-1). - php-gettext code execution (PMASA-2017-2, CVE-2015-8980). - DOS vulnerabiltiy in table editing (PMASA-2017-3). - CSS injection in themes (PMASA-2017-4). - Cookie attribute injection attack (PMASA-2017-5). - SSRF in replication (PMASA-2017-6). - DOS in replication status (PMASA-2017-7). -- Michal Čihař Tue, 24 Jan 2017 09:14:39 +0100 phpmyadmin (4:4.6.5.2-1) unstable; urgency=medium * New upstream release. * Remove allow_url_fopen setting, recommend php-curl as that's better way to support ReCaptcha or similar plugins. * Simplify dependency on php-gettext. * Properly work with both php-gettext and php-php-gettext packages as each of them installs library to different path. * Run testsuite during build, this includes dozen of upstream fixes for it. -- Michal Čihař Tue, 06 Dec 2016 10:48:29 +0100 phpmyadmin (4:4.6.5.1-1) unstable; urgency=high * New upstream release, fixing several security issues: - Unsafe generation of $cfg['blowfish_secret'] (PMASA-2016-58, CVE-2016-9847) - phpMyAdmin's phpinfo functionality is removed (PMASA-2016-59, CVE-2016-9848) - AllowRoot and allow/deny rule bypass with specially-crafted username (PMASA-2016-60, CVE-2016-9849) - Username matching weaknesses with allow/deny rules (PMASA-2016-61, CVE-2016-9850) - Possible to bypass logout timeout (PMASA-2016-62, CVE-2016-9851) - Full path disclosure (FPD) weaknesses (PMASA-2016-63, CVE-2016-9852, CVE-2016-9853, CVE-2016-9854, CVE-2016-9855) - Multiple XSS weaknesses (PMASA-2016-64, CVE-2016-9856, CVE-2016-9857) - Multiple denial-of-service (DOS) vulnerabilities (PMASA-2016-65, CVE-2016-9858, CVE-2016-9859, CVE-2016-9860) - Possible to bypass white-list protection for URL redirection (PMASA-2016-66, CVE-2016-9861) - BBCode injection to login page (PMASA-2016-67, CVE-2016-9862) - Denial-of-service (DOS) vulnerability in table partitioning (PMASA-2016-68, CVE-2016-9863) - Multiple SQL injection vulnerabilities (PMASA-2016-69, CVE-2016-9864) - Incorrect serialized string parsing (PMASA-2016-70, CVE-2016-9865) - CSRF token not stripped from the URL (PMASA-2016-71, CVE-2016-9866) -- Michal Čihař Mon, 28 Nov 2016 10:22:19 +0100 phpmyadmin (4:4.6.4+dfsg1-2) unstable; urgency=medium * Change suggests to prefer default-mysql-server. * Depend on php-php-gettext as the package has been renamed (Closes: #837507). * Deny direct access to template files. * Use HTTPS in the Vcs-* fields, and use the cgit frontend instead of gitweb * Use current email address in debian/doc-base and debian/copyright. * Remove obsolete PHP settings from Apache configuration. * Disable mbstring.func_overload in Apache configuration. * Added Korean debconf translation. * Updated Polish debconf translation. * Fix path to php-gettext library (Closes: #839923). -- Michal Čihař Fri, 18 Nov 2016 18:14:21 +0100 phpmyadmin (4:4.6.4+dfsg1-1) unstable; urgency=high * Repacked sources to exclude non free sRGB profile. * Replace FollowSymLinks with SymLinksIfOwnerMatch to apache configuration. * Updated Chinese debconf translations. * Better generate blowfish_secret. * New upstream release, fixing several security issues: - Weaknesses with cookie encryption (PMASA-2016-29, CVE-2016-6606) - Multiple XSS vulnerabilities (PMASA-2016-30, CVE-2016-6607) - Multiple XSS vulnerabilities (PMASA-2016-31, CVE-2016-6608) - PHP code injection (PMASA-2016-32, CVE-2016-6609) - Full path disclosure (PMASA-2016-33, CVE-2016-6610) - SQL injection attack (PMASA-2016-34, CVE-2016-6611) - Local file exposure through LOAD DATA LOCAL INFILE (PMASA-2016-35, CVE-2016-6612) - Local file exposure through symlinks with UploadDir (PMASA-2016-36, CVE-2016-6613) - Path traversal with SaveDir and UploadDir (PMASA-2016-37, CVE-2016-6614) - Multiple XSS vulnerabilities (PMASA-2016-38, CVE-2016-6615) - SQL injection vulnerability as control user (PMASA-2016-39, CVE-2016-6616) - SQL injection vulnerability (PMASA-2016-40, CVE-2016-6617) - Denial-of-service attack through transformation feature (PMASA-2016-41, CVE-2016-6618) - SQL injection vulnerability as control user (PMASA-2016-42, CVE-2016-6619) - Verify data before unserializing (PMASA-2016-43, CVE-2016-6620) - SSRF in setup script (PMASA-2016-44, CVE-2016-6621) - Denial-of-service attack with $cfg['AllowArbitraryServer'] = true and persistent connections (PMASA-2016-45, CVE-2016-6622) - Denial-of-service attack by using for loops (PMASA-2016-46, CVE-2016-6623) - Possible circumvention of IP-based allow/deny rules with IPv6 and proxy server (PMASA-2016-47, CVE-2016-6624) - Detect if user is logged in (PMASA-2016-48, CVE-2016-6625) - Bypass URL redirection protection (PMASA-2016-49, CVE-2016-6626) - Referrer leak (PMASA-2016-50, CVE-2016-6627) - Reflected File Download (PMASA-2016-51, CVE-2016-6628) - ArbitraryServerRegexp bypass (PMASA-2016-52, CVE-2016-6629) - Denial-of-service attack by entering long password (PMASA-2016-53, CVE-2016-6630) - Remote code execution vulnerability when running as CGI (PMASA-2016-54, CVE-2016-6631) - Denial-of-service attack when PHP uses dbase extension (PMASA-2016-55, CVE-2016-6632) - Remove tode execution vulnerability when PHP uses dbase extension (PMASA-2016-56, CVE-2016-6633) -- Michal Čihař Wed, 17 Aug 2016 10:05:21 +0200 phpmyadmin (4:4.6.3-1) unstable; urgency=high * New upstream release, fixing several security issues: - BBCode injection vulnerability (PMASA-2016-17 / CVE-2016-5701) - Cookie attribute injection attack (PMASA-2016-18 / CVE-2016-5702) - SQL injection attack (PMASA-2016-19 / CVE-2016-5703) - XSS on table structure page (PMASA-2016-20 / CVE-2016-5704) - Multiple XSS vulnerabilities (PMASA-2016-21 / CVE-2016-5705) - DOS attack (PMASA-2016-22 / CVE-2016-5706) - Multiple full path disclosure vulnerabilities (PMASA-2016-23 / CVE-2016-5730) - XSS through FPD (PMASA-2016-24 / CVE-2016-5731) - XSS in partition range functionality (PMASA-2016-25 / CVE-2016-5732) - Multiple XSS vulnerabilities (PMASA-2016-26 / CVE-2016-5733) - Unsafe handling of preg_replace parameters (PMASA-2016-27 / CVE-2016-5734) - Referrer leak in transformations (PMASA-2016-28 / CVE-2016-5739) -- Michal Čihař Thu, 23 Jun 2016 08:58:19 +0200 phpmyadmin (4:4.6.2-2) unstable; urgency=medium * Updated Bulgarian and Esperanto debconf translations. * Fix typo in upgrade script (Closes: #820881). -- Michal Čihař Mon, 30 May 2016 09:56:18 +0200 phpmyadmin (4:4.6.2-1) unstable; urgency=medium * New upstream release, fixing several security issues: - PMASA-2016-16 - Self XSS (CVE-2016-5099). - PMASA-2016-15 - File Traversal Protection Bypass on Error Reporting (CVE-2016-5098). - PMASA-2016-14 - Sensitive Data in URL GET Query Parameters (CVE-2016-5097). * Document troubleshooting when web server is not configured. * Remove recommends of virtual-mysql-client, it's not needed. -- Michal Čihař Thu, 26 May 2016 12:29:41 +0200 phpmyadmin (4:4.6.1-1) unstable; urgency=medium * New upstream release. -- Michal Čihař Thu, 12 May 2016 10:38:31 +0200 phpmyadmin (4:4.6.0-2) unstable; urgency=medium * Do not assume PHP 5 for the upgrade script (Closes: #820881). * Simplify PHP dependencies, mixed PHP 5/7 setup never really worked, so let's depend on one PHP version only (Closes: #821592, #820881, #819521). * Bump standards to 3.9.8. -- Michal Čihař Wed, 27 Apr 2016 08:55:48 +0200 phpmyadmin (4:4.6.0-1) unstable; urgency=medium * New upstream release. * Let dbconfig-common handle error states (Closes: #818314). -- Michal Čihař Tue, 12 Apr 2016 15:16:40 +0200 phpmyadmin (4:4.5.5.1-2) unstable; urgency=medium * Prefer PHP 7 over PHP 5 in dependencies to make it more straightforward for new installs (Closes: #816462, #816466). * Fix upgrade for automatically upgraded configuration storage (Closes: #802855, #813190). -- Michal Čihař Wed, 09 Mar 2016 16:41:03 +0100 phpmyadmin (4:4.5.5.1-1) unstable; urgency=high * New upstream release, fixes security issues: - XSS vulnerability in SQL parser (CVE-2016-2559, PMASA-2016-10). - Multiple XSS vulnerabilities (CVE-2016-2560, PMASA-2016-11). - Multiple XSS vulnerabilities (CVE-2016-2561, PMASA-2016-12). - Vulnerability allowing man-in-the-middle attack on API call to GitHub (CVE-2016-2562, PMASA-2016-13). -- Michal Čihař Tue, 01 Mar 2016 10:03:38 +0100 phpmyadmin (4:4.5.5-2) unstable; urgency=medium [ Michal Čihař ] * Adjust dependencies to split of extensions in PHP 7.0 packages. [ Thijs Kinkhorst ] * Fix include of gettext in sql-parser library (closes: #815917). * Checked for policy 3.9.7, no changes. -- Thijs Kinkhorst Sun, 28 Feb 2016 17:43:45 +0000 phpmyadmin (4:4.5.5-1) unstable; urgency=medium * New upstream release. -- Michal Čihař Wed, 24 Feb 2016 16:17:32 +0100 phpmyadmin (4:4.5.4.1-2) unstable; urgency=medium * Upload to unstable as all deps are there. * Added Gujarati debconf translation. * Adjust phpseclib dependency to 2.0 package named php-phpseclib. -- Michal Čihař Mon, 08 Feb 2016 15:04:17 +0100 phpmyadmin (4:4.5.4.1-1) experimental; urgency=medium * Upload to experimental due to php-seclib 2.0 being there. * New upstream release. * Use versioned dependency on phpseclib, we need at least 2.0. * Add phpseclib path to open_basedir settings (Closes: #813095). -- Michal Čihař Sat, 30 Jan 2016 15:11:01 +0100 phpmyadmin (4:4.5.4-1) unstable; urgency=high * New upstream release, fixes security issues: - Multiple full path disclosure vulnerabilities (PMASA-2016-1/CVE-2016-2038). - Unsafe generation of XSRF/CSRF token. (PMASA-2016-2/CVE-2016-2039). - Multiple XSS vulnerabilities. (PMASA-2016-3/CVE-2016-2040). - Insecure password generation in JavaScript. (PMASA-2016-4/CVE-2016-1927). - Unsafe comparison of XSRF/CSRF token. (PMASA-2016-5/CVE-2016-2041). - Multiple full path disclosure vulnerabilities. (PMASA-2016-6/CVE-2016-2042). - XSS vulnerability in normalization page. (PMASA-2016-7/CVE-2016-2043). - Full path disclosure vulnerability in SQL parser. (PMASA-2016-8/CVE-2016-2044). - XSS vulnerability in SQL editor. (PMASA-2016-9/CVE-2016-2045). * Add dependency on dbconfig-mysql (Closes: #811452). * Update upstream keyring as there is new release manager. -- Michal Čihař Thu, 28 Jan 2016 09:41:38 +0100 phpmyadmin (4:4.5.3.1-1) unstable; urgency=medium * New upstream release. - Fixes path disclosure (PMASA-2015-6, CVE-2015-8669). -- Michal Čihař Sun, 27 Dec 2015 09:32:29 +0100 phpmyadmin (4:4.5.2-2) unstable; urgency=medium * Require PHP >= 5.5 (to avoid installing on older systems which do not have it). * Symlink create_tables.sql to examples to have the file in the previous location as well. * Remove mcrypt dependency, it's not directly needed. * Add alternative dependencies on PHP 7. -- Michal Čihař Tue, 15 Dec 2015 12:58:59 +0100 phpmyadmin (4:4.5.2-1) unstable; urgency=medium * New upstream release. -- Michal Čihař Tue, 24 Nov 2015 08:45:27 +0100 phpmyadmin (4:4.5.1-3) unstable; urgency=medium * Fix installation with Apache (Closes: #804213). -- Michal Čihař Fri, 06 Nov 2015 10:30:52 +0100 phpmyadmin (4:4.5.1-2) unstable; urgency=medium * Adjust database configuration to match current upstream and configure all phpMyAdmin storage tables (Closes: #804101). * Reload webserver only if it is running to avoid spurious error messages (Closes: #785233, #802037). -- Michal Čihař Thu, 05 Nov 2015 09:54:44 +0100 phpmyadmin (4:4.5.1-1) unstable; urgency=medium * New upstream release. - Fixes CVE-2015-7873 (minor content spoofing in redirect) -- Thijs Kinkhorst Sat, 24 Oct 2015 13:35:13 +0000 phpmyadmin (4:4.5.0.2-2) unstable; urgency=medium * Install html templates (Closes: #801194). -- Michal Čihař Wed, 07 Oct 2015 14:21:25 +0200 phpmyadmin (4:4.5.0.2-1) unstable; urgency=medium * New upstream release. * Update database schema using dbconfig-common. * Use system php-seclib. -- Michal Čihař Tue, 06 Oct 2015 14:57:52 +0200 phpmyadmin (4:4.4.15-1) unstable; urgency=medium * New upstream release. -- Michal Čihař Mon, 21 Sep 2015 10:41:02 +0200 phpmyadmin (4:4.4.14.1-1) unstable; urgency=high [ Thijs Kinkhorst ] * New upstream security release. - Fixes a bypass of the optional reCaptcha (CVE-2015-6830) [ Michal Čihař ] * Add Albanian debconf translation. -- Thijs Kinkhorst Wed, 09 Sep 2015 08:34:00 +0000 phpmyadmin (4:4.4.14-1) unstable; urgency=medium * New upstream release. -- Michal Čihař Fri, 21 Aug 2015 09:08:08 +0200 phpmyadmin (4:4.4.13.1-1) unstable; urgency=medium * New upstream release. * Fix typo in suggests (Closes: #794422). * Add Armenian debconf translation. -- Michal Čihař Mon, 10 Aug 2015 10:02:56 +0200 phpmyadmin (4:4.4.12-1) unstable; urgency=medium * New upstream release. -- Michal Čihař Thu, 23 Jul 2015 07:54:31 +0200 phpmyadmin (4:4.4.11-1) unstable; urgency=medium * New upstream release. * Use https for upstream homepage links. -- Michal Čihař Tue, 07 Jul 2015 10:25:56 +0200 phpmyadmin (4:4.4.10-1) unstable; urgency=medium * New upstream release. * Update debian/watch to work with new website and to check PGP signatures. -- Michal Čihař Thu, 02 Jul 2015 09:19:22 +0200 phpmyadmin (4:4.4.9-1) unstable; urgency=medium * New upstream release. * Update Hungarian debconf translation. -- Michal Čihař Mon, 08 Jun 2015 10:00:51 +0200 phpmyadmin (4:4.4.8-1) unstable; urgency=medium * New upstream release. -- Michal Čihař Thu, 28 May 2015 15:02:54 +0200 phpmyadmin (4:4.4.7-1) unstable; urgency=medium * New upstream release. * Fix typo in debian/NEWS. * Wrap long line in last changelog entry. * Do not hardcode path to binaries in maintainer scripts. -- Michal Čihař Mon, 18 May 2015 11:40:00 +0200 phpmyadmin (4:4.4.6.1-1) unstable; urgency=high * New upstream security release. - CVE-2015-3902 / PMASA-2015-2 - XSRF/CSRF vulnerability in phpMyAdmin setup. - CVE-2015-3903 / PMASA-2015-3 - Vulnerability allowing man-in-the-middle attack on API call to GitHub. -- Michal Čihař Thu, 14 May 2015 09:02:17 +0200 phpmyadmin (4:4.4.6-1) unstable; urgency=medium * New upstream release. * Change allow_url_fopen to make reCAPTCHA work (Closes: #784628). -- Michal Čihař Mon, 11 May 2015 11:38:33 +0200 phpmyadmin (4:4.4.5-1) unstable; urgency=medium * New upstream release. * Add documentation to open_basedir allowed directories (Closes: #783905). -- Michal Čihař Tue, 05 May 2015 13:48:55 +0200 phpmyadmin (4:4.4.4-1) unstable; urgency=medium * New upstream release. - Remove patches applied upstream. * Add Estonian debconf translation. * Add Turkish debconf translation. * Simplify debian/rules. * Fix typo in documentation symlink. -- Michal Čihař Tue, 28 Apr 2015 10:31:57 +0200 phpmyadmin (4:4.2.12-2) unstable; urgency=high * Fix security issues (Closes: #774194). - CVE-2014-9219 / PMASA-2014-18 - XSS vulnerability in redirection. - CVE-2014-9218 / PMASA-2014-17 - DoS vulnerability with long passwords. -- Michal Čihař Tue, 30 Dec 2014 10:54:32 +0100 phpmyadmin (4:4.2.12-1) unstable; urgency=medium * New upstrem release. - Fixes several security issues: CVE-2014-8958, CVE-2014-8959, CVE-2014-8960, CVE-2014-8961. -- Michal Čihař Sat, 22 Nov 2014 10:34:18 +0100 phpmyadmin (4:4.2.10.1-1) unstable; urgency=medium * New upstream release. - Fixes security issue CVE-2014-8326. -- Michal Čihař Tue, 21 Oct 2014 16:58:52 +0200 phpmyadmin (4:4.2.10-1) unstable; urgency=medium * New upstream release. - Remove patches merged upstream. -- Michal Čihař Mon, 13 Oct 2014 09:07:59 +0200 phpmyadmin (4:4.2.9.1-1) unstable; urgency=medium * New upstream release. - Fixes security issue CVE-2014-7217. -- Michal Čihař Mon, 06 Oct 2014 08:57:00 +0200 phpmyadmin (4:4.2.9-1) unstable; urgency=medium * New upstream release. * Fix include of gettext library (Closes: #760394). * Add missing link to prefer local documentation (Closes: #750519). * Bump standards to 3.9.6. -- Michal Čihař Mon, 22 Sep 2014 11:48:12 +0200 phpmyadmin (4:4.2.8.1-1) unstable; urgency=high * New upstream release. - Fixes security issue CVE-2014-6300. -- Thijs Kinkhorst Mon, 15 Sep 2014 08:16:24 +0000 phpmyadmin (4:4.2.8-1) unstable; urgency=medium * New upstream release. -- Thijs Kinkhorst Wed, 03 Sep 2014 20:51:50 +0000 phpmyadmin (4:4.2.7.1-1) unstable; urgency=high * New upstrean release (closes: #758536). - Fixes security issues: CVE-2014-5273 CVE-2014-5274 -- Thijs Kinkhorst Tue, 19 Aug 2014 08:37:52 +0200 phpmyadmin (4:4.2.7-1) unstable; urgency=medium * New upstream release. -- Michal Čihař Mon, 11 Aug 2014 11:14:26 +0200 phpmyadmin (4:4.2.6-1) unstable; urgency=high * New upstream release. - Fixes security issues CVE-2014-4955, CVE-2014-4986, CVE-2014-4987. -- Thijs Kinkhorst Sat, 19 Jul 2014 10:26:04 +0200 phpmyadmin (4:4.2.5-1) unstable; urgency=medium * New upstream release. - Fixes minor security issues CVE-2014-4348, CVE-2014-4349 -- Thijs Kinkhorst Wed, 09 Jul 2014 17:59:59 +0200 phpmyadmin (4:4.2.3-1) unstable; urgency=medium * New upstream release. -- Michal Čihař Tue, 17 Jun 2014 09:34:09 +0200 phpmyadmin (4:4.2.2-2) unstable; urgency=medium * Add configuration for saved searches (Closes: #749720). -- Michal Čihař Thu, 29 May 2014 15:05:06 +0200 phpmyadmin (4:4.2.2-1) unstable; urgency=medium * New upstream release. -- Michal Čihař Tue, 27 May 2014 13:19:20 +0200 phpmyadmin (4:4.2.1-1) unstable; urgency=medium * New upstream release. - Now includes corresponding OpenLayers source. * Explicitly mention MariaDB as supported (LP: #1312268). -- Michal Čihař Wed, 14 May 2014 09:31:21 +0200 phpmyadmin (4:4.2.0-1) unstable; urgency=medium * New upstream release. * Upgrade database for current phpMyAdmin configuration storage and in the configuration (Closes: #746956). -- Michal Čihař Sat, 10 May 2014 16:31:42 +0200 phpmyadmin (4:4.1.14-1) unstable; urgency=medium * New upstream release. * Correct conditions for using modules features in Apache configuration (Closes: #719754). -- Michal Čihař Tue, 29 Apr 2014 10:34:13 +0200 phpmyadmin (4:4.1.12-2) unstable; urgency=medium * Stop depending on system jQuery, as version differences lead to different bugs inside phpMyAdmin (Closes: #742801). * Include lintian override for builtin JS libraries. -- Michal Čihař Tue, 01 Apr 2014 11:28:20 +0200 phpmyadmin (4:4.1.12-1) unstable; urgency=low * New upstream release. * Use xz compressed upstream tarball. * Lower tcpdf dependency to recommends (Closes: #739521). -- Michal Čihař Thu, 27 Mar 2014 13:28:42 +0100 phpmyadmin (4:4.1.11-2) unstable; urgency=medium * Use Apache 2.4 syntax for denying access (Closes: #742097). * Do not use packaged CodeMirror as it's too old for phpMyAdmin (Closes: #740731). -- Michal Čihař Wed, 26 Mar 2014 10:11:11 +0100 phpmyadmin (4:4.1.11-1) unstable; urgency=low * New upstream release. -- Michal Čihař Mon, 24 Mar 2014 11:56:25 +0100 phpmyadmin (4:4.1.9-1) unstable; urgency=medium * New upstream release. * Adjust message when saving configuration from setup script (Closes: #712012, LP: #1190405). * Add TCPDF path to open_basedir settings (Closes: #741341). -- Michal Čihař Wed, 12 Mar 2014 13:00:05 +0100 phpmyadmin (4:4.1.8-1) unstable; urgency=medium [ Michal Čihař ] * New upstream release. * Remove not needed dependency on fonts-dejavu-core. * Build Sphinx documentation during build and use dh_sphinxdoc. * Use phpMyAdmin overrides rather than symlinks for external PHP libraries (Closes: #739624). [ Thijs Kinkhorst ] * Move database upgrade snippet that renames tables to the correct version number (Closes: #739643). * Add snippet to apache.conf to support suphp. Thanks Thomas Hochstein for the patch (Closes: #734364). -- Michal Čihař Mon, 24 Feb 2014 10:40:44 +0100 phpmyadmin (4:4.1.7-1) unstable; urgency=medium * New upstream release. - Removed sourceless flash file (Closes: #737432). - Improved messages in setup script (Closes: #712011). - Fixes navigation fatal error (Closes: #713973). - Fixes copying databases (Closes: #719235). - Fixes security issue PMASA-2014-1 (CVE-2014-1879). - Upgrade table structure. * Move packaging to Git, adjust Vcs-* fields (Closes: #734362). * Bump standards to 3.9.5. * Depend on php-tcpdf which was previously bundled. -- Michal Čihař Wed, 19 Feb 2014 10:53:18 +0100 phpmyadmin (4:4.0.10-1) unstable; urgency=medium * New upstream release. -- Thijs Kinkhorst Wed, 11 Dec 2013 17:32:19 +0100 phpmyadmin (4:4.0.9-1) unstable; urgency=low * New upstream release. * Prefer renamed fonts-dejavu-core as alternative for ttf-dejavu-core. (closes: #726238) -- Thijs Kinkhorst Wed, 06 Nov 2013 19:46:38 +0100 phpmyadmin (4:4.0.8-1) unstable; urgency=low * New upstream release. -- Thijs Kinkhorst Mon, 07 Oct 2013 20:18:01 +0200 phpmyadmin (4:4.0.6-1) unstable; urgency=low * New upstream release. -- Thijs Kinkhorst Sat, 07 Sep 2013 09:16:38 +0200 phpmyadmin (4:4.0.5-1) unstable; urgency=high * New upstream release. - Fixes security issue PMASA-2013-10 (CVE-2013-5029). -- Thijs Kinkhorst Sun, 04 Aug 2013 13:24:37 +0200 phpmyadmin (4:4.0.4.2-1) unstable; urgency=high * New upstream release. - Fixes security issues PMASA-2013-9 (CVE-2013-4996 CVE-2013-4997), PMASA-2013-11 (CVE-2013-4996), PMASA-2013-12 (CVE-2013-4998 CVE-2013-4999 CVE-2013-5000), PMASA-2013-13 (CVE-2013-5001), PMASA-2013-14 (CVE-2013-5002), PMASA-2013-15 (CVE-2013-5003). -- Thijs Kinkhorst Sun, 28 Jul 2013 15:20:58 +0200 phpmyadmin (4:4.0.4.1-2) unstable; urgency=medium * post{inst,rm}: drop first argument to install_apache(), because that confuses apache2-maintscript-helper and it isn't used anymore anyway. (closes: #717713). * Drop xz compression for deb again, it's now the dpkg default. -- Thijs Kinkhorst Sun, 28 Jul 2013 10:56:04 +0200 phpmyadmin (4:4.0.4.1-1) unstable; urgency=medium * New upstream release. - Fixes CVE-2013-4729: setting globals through import. * Make use of xz for deb compression and upstream tarball. * Make webserver configuration compatible with Apache 2.4 (closes: #669843). We don't use dh_apache2 yet because it would tie this package to the Apache transition. -- Thijs Kinkhorst Thu, 18 Jul 2013 11:09:09 +0200 phpmyadmin (4:4.0.3-1) unstable; urgency=low [ Thijs Kinkhorst ] * Explicitly depend on php5-json (closes: #711027). [ Michal Čihař ] * Fixed wrong path in postinst script (Closes: #710087). * New upstream release. - Fixes XSS issue PMASA-2013-6 (CVE-2013-3742). -- Michal Čihař Wed, 05 Jun 2013 13:20:57 +0200 phpmyadmin (4:4.0.1-2) unstable; urgency=low * Add /usr/share/javascript to open_basedir config (closes: #708611). * Wrap check_file_access() function in config.inc.php in a function_exists block, because this file sometimes gets included twice (LP: #1175142). -- Thijs Kinkhorst Fri, 17 May 2013 12:50:57 +0200 phpmyadmin (4:4.0.1-1) unstable; urgency=low * New upstream release. * Update to debhelper 9, policy 3.9.4. -- Thijs Kinkhorst Thu, 16 May 2013 20:53:50 +0200 phpmyadmin (4:3.5.8.1-1) experimental; urgency=low * New upstream release. - Fixes security issues PMASA-2013-2, PMASA-2013-3. [CVE-2013-3238, CVE-2013-3239] -- Thijs Kinkhorst Wed, 24 Apr 2013 16:26:16 +0200 phpmyadmin (4:3.5.7-1) experimental; urgency=low * New upstream release. -- Michal Čihař Mon, 11 Mar 2013 14:11:09 +0100 phpmyadmin (4:3.5.6-1) experimental; urgency=low * New upstream release. - Fixes LaTeX export (Closes: #670734). * Create new tables on upgrade using dbconfig (LP: #1175137). -- Michal Čihař Tue, 29 Jan 2013 09:02:37 +0100 phpmyadmin (4:3.5.5-1) experimental; urgency=low * New upstream release. - Fixes message display in setup (Closes: #656667). - Improves handlign of Show all button (Closes: #658402). * Uploaded to experimental. * Depend on various javascript packages available in Debian. * Use php-gettext instead of copy. * Check config parts readability and properly report errors (Closes: #690258). * Allow configuration changes by placing snippets into /etc/phpmyadmin/conf.d (Closes: #673172). -- Michal Čihař Wed, 09 Jan 2013 11:56:19 +0100 phpmyadmin (4:3.4.11.1-1) unstable; urgency=high * New upstream security release. - Fixes cross site scripting [PMASA-2012-4, CVE-2012-4345]. -- Thijs Kinkhorst Mon, 13 Aug 2012 13:24:09 +0000 phpmyadmin (4:3.4.11-1) unstable; urgency=low * New upstream release. -- Thijs Kinkhorst Wed, 18 Apr 2012 10:27:56 +0000 phpmyadmin (4:3.4.10.2-1) unstable; urgency=low [ Michal Čihař ] * Add alternative dependency to php5-mysqlnd (closes: #665812). [ Thijs Kinkhorst ] * New upstream release. - Addresses unimportant issue CVE-2012-1902. * Checked for policy 3.9.3, no changes. -- Thijs Kinkhorst Wed, 28 Mar 2012 20:45:50 +0200 phpmyadmin (4:3.4.10.1-1) unstable; urgency=low * New upstream release. - Fixes rather hypothetical XSS (CVE-2012-1190). -- Thijs Kinkhorst Sun, 19 Feb 2012 13:20:49 +0000 phpmyadmin (4:3.4.10-1) unstable; urgency=low * New upstream release. + Fixes ODS import (closes: #593621) * Update reference to compressed README.Debian (closes: #656664) -- Thijs Kinkhorst Tue, 14 Feb 2012 19:25:33 +0000 phpmyadmin (4:3.4.9-1) unstable; urgency=high * New upstream release. + Fixes XSS: PMASA-2011-19/CVE-2011-4782, PMASA-2011-20/CVE-2011-4780. * Enable fastcgi-php when installing with lighttpd (LP #852337). -- Michal Čihař Thu, 22 Dec 2011 10:17:16 +0100 phpmyadmin (4:3.4.8-1) unstable; urgency=high * New upstream release. + Fixes XSS: CVE-2011-4634, PMASA-2011-18. -- Michal Čihař Fri, 02 Dec 2011 09:55:44 +0100 phpmyadmin (4:3.4.7.1-1) unstable; urgency=high * New upstream security release. + Fixes local file retrieval: CVE-2011-4107, PMASA-2011-17 -- Michal Čihař Fri, 11 Nov 2011 10:20:04 +0100 phpmyadmin (4:3.4.7-1) unstable; urgency=low * New upstream release. -- Michal Čihař Mon, 07 Nov 2011 13:29:30 +0100 phpmyadmin (4:3.4.6-1) unstable; urgency=low * New upstream security release. + Addresses non-issues (for Debian): CVE-2011-3646 CVE-2011-4064 * Cleanup leftover mootools symlinks (closes: #642212). -- Thijs Kinkhorst Mon, 17 Oct 2011 11:40:19 +0000 phpmyadmin (4:3.4.5-1) unstable; urgency=high * New upstream release. * Fixes XSS when in-place editing rows [PMASA-2011-14]. -- Thijs Kinkhorst Wed, 14 Sep 2011 14:59:46 +0000 phpmyadmin (4:3.4.4-1) unstable; urgency=high * New upstream release. * Fixes XSS in Tracking [PMASA-2011-13, CVE-2011-3181]. -- Thijs Kinkhorst Sat, 27 Aug 2011 09:53:11 +0000 phpmyadmin (4:3.4.3.2-1) unstable; urgency=high * New upstream security release. [PMASA-2011-9 PMASA-2011-10 PMASA-2011-11 PMASA-2011-12] [CVE-2011-2642 CVE-2011-2643] * Add alternate dependency to libapache2-mod-php5filter (LP: #774980). -- Thijs Kinkhorst Sat, 23 Jul 2011 14:24:57 +0000 phpmyadmin (4:3.4.3.1-1) unstable; urgency=high * New upstream security release: * Fixed possible session manipulation in swekey authentication, see PMASA-2011-5 (CVE-2011-2505). * Fixed possible code injection incase session variables are compromised, see PMASA-2011-6 (CVE-2011-2506). * Fixed regexp quoting issue in Synchronize code, see PMASA-2011-7 (CVE-2011-2507). * Fixed filtering of a file path, which allowed for directory traversal, see PMASA-2011-8 (CVE-2011-2508). -- Michal Čihař Thu, 07 Jul 2011 08:53:41 +0200 phpmyadmin (4:3.4.3-1) unstable; urgency=low * New upstream release. * Add missing build-arch/indep targets in debian/rules. -- Michal Čihař Tue, 28 Jun 2011 11:11:37 +0200 phpmyadmin (4:3.4.2-1) unstable; urgency=low * New upstream release. -- Michal Čihař Tue, 07 Jun 2011 14:30:15 +0200 phpmyadmin (4:3.4.1-1) unstable; urgency=low * New upstream release. - Fixes XSS in tracking (PMASA-2011-3, CVE-2011-1940). - Fixes URL redirection (PMASA-2011-4, CVE-2011-1941). * Drop debian/rules hacks no longer needed. -- Michal Čihař Mon, 23 May 2011 13:34:36 +0200 phpmyadmin (4:3.4.0-2) unstable; urgency=low * Add upgrade SQL script to add userconfig table. * Reinclude blowfish secret. -- Michal Čihař Fri, 13 May 2011 09:13:17 +0200 phpmyadmin (4:3.4.0-1) unstable; urgency=low * New upstream release. - Use upstream method for relocating config. - Drop mootools patch as it is not needed anymore. - No longer depends on mootools as they are not used (jQuery is used instead, but 1.5 available in Debian seems to cause problems). * Use system Dejavu fonts. * Bump standards to 3.9.2. * Add lintian overrides for embedded PHP libraries which are not available. -- Michal Čihař Wed, 11 May 2011 14:55:30 +0200 phpmyadmin (4:3.3.10-1) unstable; urgency=low * New upstream release. - Remove patches integrated upstream. -- Michal Čihař Sun, 20 Mar 2011 09:29:59 +0100 phpmyadmin (4:3.3.9.2-1) unstable; urgency=high * New upstream security release. - Fixes path disclossure (PMASA-2011-1, CVE-2011-0986). - Fixes SQL injection (PMASA-2011-2, CVE-2011-0987). * Fix path to example config files (Closes: #611311). -- Michal Čihař Sat, 12 Feb 2011 08:35:43 +0100 phpmyadmin (4:3.3.9-3) unstable; urgency=low * Upload to unstable. -- Michal Čihař Sun, 06 Feb 2011 12:41:31 +0100 phpmyadmin (4:3.3.9-2) experimental; urgency=low * Add php5-fpm to list of PHP SAPIs (Closes: #609808, LP: #701997). * Incorporate Ubuntu backported patches for security issue. -- Michal Čihař Tue, 18 Jan 2011 14:44:22 +0100 phpmyadmin (4:3.3.9-1ubuntu1) natty; urgency=low * SECURITY UPDATE: Unvalidated input on error page (Closes: #608290, LP: #696857) - debian/patches/CVE-2010-4480.patch: Don't use a redirect to the error page - CVE-2010-4480, PMASA-2010-9 * SECURITY UPDATE: Possible information disclosure of phpinfo (same bug) - debian/patches/CVE-2010-4481.patch: Don't skip authentication for PMA_MINIMUM_COMMON - CVE-2010-4481, PMASA-2010-10 -- Micah Gersten Wed, 05 Jan 2011 23:42:17 -0600 phpmyadmin (4:3.3.9-1) experimental; urgency=low * New upstream release. * Fix connection settings when using dbconfig with remote MySQL server. * Log when dbconfig generated settings are not accessible. * Add Slovak debconf translation (Closes: #608705). * Update Danish debconf translation (Closes: #608941). -- Michal Čihař Wed, 05 Jan 2011 10:18:41 +0100 phpmyadmin (4:3.3.8.1-1) experimental; urgency=low * New upstream security release (PMASA-2010-8, CVE-2010-4329). * Install desktop file for phpMyAdmin if web server was configured (LP: #667172). * Remove avahi service symlink on purge. * Suggest www-browser. -- Michal Čihař Wed, 01 Dec 2010 14:56:15 +0100 phpmyadmin (4:3.3.8-1) experimental; urgency=low * New upstream release. * Upload to experimental for now due to excessive changes in packaging. * Ignore errors from dbconfig in config script (LP: #618852). * Ignore errors from dbconfig in {pre,post}rm scripts (LP: #621569). * Set allow_url_fopen to Off and limit some function execution for phpMyAdmin under Apache (Closes: #598903). * Change default upload path to /var/lib/phpmyadmin/tmp and set open_basedir to limit using anything else than phpMyAdmin code and this folder. -- Michal Čihař Tue, 26 Oct 2010 16:39:45 +0200 phpmyadmin (4:3.3.7-1) unstable; urgency=low * New upstream release (Closes: #595974). - Fixes XSS in setup script (PMASA-2010-7, CVE-2010-3263). -- Michal Čihař Thu, 09 Sep 2010 08:31:57 +0200 phpmyadmin (4:3.3.6-1) unstable; urgency=low [ Thijs Kinkhorst ] * New upstream bugfix release (Closes: #594755). [ Michal Čihař ] * Include configuration for tracking (Closes: #594188). -- Thijs Kinkhorst Sun, 29 Aug 2010 10:48:09 +0200 phpmyadmin (4:3.3.5.1-1) unstable; urgency=low * New upstream security release (CVE-2010-3056). -- Michal Čihař Fri, 20 Aug 2010 14:24:31 +0200 phpmyadmin (4:3.3.5-1) unstable; urgency=low * New upstream version. * Bump standards to 3.9.1. -- Michal Čihař Tue, 27 Jul 2010 10:05:24 +0200 phpmyadmin (4:3.3.4-1) unstable; urgency=low * New upstream version. * Do not try to restart webserver if it is not installed (LP: #573847), * Bump standards to 3.9.0. -- Michal Čihař Mon, 28 Jun 2010 21:45:43 +0200 phpmyadmin (4:3.3.3-1) unstable; urgency=low * New upstream version (Closes: #581585). -- Michal Čihař Fri, 14 May 2010 13:57:37 +0200 phpmyadmin (4:3.3.2-2) unstable; urgency=low * Add SQL to create tracking table on upgrade (LP: #565627). * Include SQL script to create table with fixed SQL comments (LP: #563256). -- Michal Čihař Mon, 26 Apr 2010 14:23:37 +0200 phpmyadmin (4:3.3.2-1) unstable; urgency=medium * New upstream release (closes: #577753). * Drop unneeded Indexes option from shipped apache.conf. * Anchor regexp to prevent truncation of schema (closes: #577395). -- Thijs Kinkhorst Wed, 14 Apr 2010 10:55:42 +0200 phpmyadmin (4:3.3.1-1) unstable; urgency=low * New upstream release. -- Thijs Kinkhorst Tue, 16 Mar 2010 21:52:33 +0100 phpmyadmin (4:3.3.0-1) unstable; urgency=low * New upstream version. * Rediff debian/patches. * Fix permissions on mediawiki export extension. -- Michal Čihař Mon, 08 Mar 2010 15:25:00 +0100 phpmyadmin (4:3.2.5-2) unstable; urgency=low * Add conflict with broken mootools versions (Closes: #566601). * Fixup permissions only if file exists (LP: #481786). * Enable fastcgi module in lighttpd on install (Closes: #567336) (LP: #283801). * Do not try to create Avahi service symlink if it already exists (LP: #512246). * Bump standards to 3.8.4. -- Michal Čihař Thu, 04 Feb 2010 13:21:28 +0100 phpmyadmin (4:3.2.5-1) unstable; urgency=low * New upstream release. -- Thijs Kinkhorst Mon, 11 Jan 2010 21:42:18 +0100 phpmyadmin (4:3.2.4-2) unstable; urgency=low * Include also mootools extra which is required (Closes: #563211). -- Michal Čihař Mon, 04 Jan 2010 16:16:22 +0100 phpmyadmin (4:3.2.4-1) unstable; urgency=low * New upstream release. -- Thijs Kinkhorst Tue, 08 Dec 2009 18:35:56 +0100 phpmyadmin (4:3.2.3-4) unstable; urgency=low * Add missing symlink to mootools (LP: #487241). * Fix inverted logic of detecting dbconfig-common failure. -- Michal Čihař Tue, 24 Nov 2009 14:33:09 +0100 phpmyadmin (4:3.2.3-3) unstable; urgency=low * Add DEP-3 patch headers. * Split documentation patch as it really should be separate. * Use dbconfig configuration only if it exists (LP: #416183). -- Michal Čihař Mon, 16 Nov 2009 15:37:13 +0100 phpmyadmin (4:3.2.3-2) unstable; urgency=low * Do not hard fail if dbconfig configuration fails (LP: #456674). * Document that migration from pre dbconfig version might need configuration merge (Closes: #535058). * Document order of processing configuration files (Closes: #532960). * Convert to 3.0 (quilt) source format. -- Michal Čihař Mon, 16 Nov 2009 15:18:59 +0100 phpmyadmin (4:3.2.3-1) unstable; urgency=low * New upstream release. * Improve description a bit (administrator does not support mysqli) (Closes: #551788). -- Michal Čihař Wed, 04 Nov 2009 08:51:57 +0100 phpmyadmin (4:3.2.2.1-1) unstable; urgency=low * New upstream version. - Fixes XSS (PMASA-2009-6, CVE-2009-3696, CVE-2009-3697). * Register documentation on doc-base. * Use mootools from Debian package rather than own copy. * Allow saving of configuration from setup script only after explicit action from administrator (Closes: #535044, #543460). -- Michal Čihař Wed, 14 Oct 2009 10:58:28 +0200 phpmyadmin (4:3.2.2-1) unstable; urgency=low * New upstream version. * Bump policy to 3.8.3. -- Michal Čihař Mon, 21 Sep 2009 10:26:22 +0200 phpmyadmin (4:3.2.1-1) unstable; urgency=high [ Thijs Kinkhorst ] * New upstream release. Fixes a (rather unimportant) security issue, bump urgency just to be sure. [ Michal Čihař ] * Fix path to setup script in README.Debian and debconf templates (Closes: #539518). -- Thijs Kinkhorst Mon, 10 Aug 2009 21:14:19 +0200 phpmyadmin (4:3.2.0.1-1) unstable; urgency=high * New upstream version fixing XSS (PMASA-2009-5, CVE-2009-2284). * Document no empty password in README.Debian and the shipped sample configuration file (LP: #388703). * Install service file for avahi (if web service enabled and if avahi is installed) (LP: #369244). * Mention protecting of setup if not using provided configuration snippets for webservers. * Call ucf with --debconf-ok in postrm (Closes: #534894). -- Michal Čihař Tue, 30 Jun 2009 14:05:13 +0200 phpmyadmin (4:3.2.0-1) unstable; urgency=low [ Thijs Kinkhorst ] * New upstream release. - Warns when gc_maxlifetime is less than cookie validity (closes: #499399). [ Michal Čihař ] * Adjust patches to make use of new upstream vendor configuration. * Switch to quilt from dpatch. * Update to policy 3.8.2 (no changes needed). -- Michal Čihař Wed, 17 Jun 2009 16:37:11 +0200 phpmyadmin (4:3.1.5-1) unstable; urgency=low * New upstream release. -- Thijs Kinkhorst Sun, 17 May 2009 12:55:15 +0200 phpmyadmin (4:3.1.4-1) unstable; urgency=low * New upstream release. -- Thijs Kinkhorst Sat, 25 Apr 2009 19:03:00 +0200 phpmyadmin (4:3.1.3.1-1) unstable; urgency=high * New upstream security fix release. [CVE-2009-1148 CVE-2009-1149 CVE-2009-1150 CVE-2009-1151] * Checked package for policy 3.8.1, no changes necessary. -- Thijs Kinkhorst Wed, 25 Mar 2009 19:10:40 +0100 phpmyadmin (4:3.1.3-1) unstable; urgency=low * New upstream release. -- Thijs Kinkhorst Sun, 01 Mar 2009 12:01:59 +0100 phpmyadmin (4:3.1.2-2) unstable; urgency=low * Upload to unstable. * [INTL:es] Spanish debconf template update (Closes: #513690). -- Thijs Kinkhorst Mon, 16 Feb 2009 17:58:28 +0100 phpmyadmin (4:3.1.2-1) experimental; urgency=low [ Thijs Kinkhorst ] * New upstream release. * Replace dh_clean -k by dh_prep. [ Michal Čihař ] * Better describe steps needed to access phpMyAdmin in README.Debian (Closes: #508703). -- Thijs Kinkhorst Mon, 19 Jan 2009 20:59:17 +0100 phpmyadmin (4:3.1.1-1) experimental; urgency=high * New upstream release. - Fixes security issue PMASA-2008-10 (SQL injection). [CVE-2008-5621, CVE-2008-5622] -- Thijs Kinkhorst Tue, 09 Dec 2008 21:08:00 +0100 phpmyadmin (4:3.1.0-1) experimental; urgency=low [ Thijs Kinkhorst ] * New upstream release. - Prevents logging in as root by default (Closes: #496442). [ Michal Čihař ] * New setup code in upstream. - Patch for setup.php is obsolete. - New patch for similar changes in new setup code. - Adjusted paths in webserver configs to new setup - Limit access to setup libraries in same way we do it for libraries. * Use upstream code for displaying changelog with links. * Use htpasswd backend for lighttpd. -- Michal Čihař Sun, 30 Nov 2008 13:44:20 +0100 phpmyadmin (4:3.0.1.1-1) experimental; urgency=high * New upstream release to fix a security issue. [PMASA-2008-9, CVE-2008-4775] -- Thijs Kinkhorst Fri, 31 Oct 2008 11:04:02 +0100 phpmyadmin (4:3.0.1-1) experimental; urgency=low * New upstream release. - Updates French translation (Closes: #502520). -- Thijs Kinkhorst Tue, 28 Oct 2008 22:54:03 +0100 phpmyadmin (4:3.0.0-1) experimental; urgency=low * New upstream release. Includes security fix [PMASA-2008-8, CVE-2008-4326] -- Thijs Kinkhorst Sun, 28 Sep 2008 11:11:04 +0200 phpmyadmin (4:3.0.0~rc2-1) experimental; urgency=high * New upstream release candidate. + Fixes code execution by authenticated users [CVE-2008-4096, PMASA-2008-7] * Make config-db.php owned by root:www-data and mode 0640. * Add recommends on mysql-cient for dbconfig-common. -- Thijs Kinkhorst Tue, 16 Sep 2008 09:00:50 +0200 phpmyadmin (4:3.0.0~rc1-2) experimental; urgency=low * Create phpmyadmin databases by dbconfig-common. * Default phpMyAdmin configuration now comes from dbconfig-common. * Update README.Debian to match above changes. -- Michal Čihař Sun, 07 Sep 2008 23:33:13 +0200 phpmyadmin (4:3.0.0~rc1-1) experimental; urgency=low [ Thijs Kinkhorst ] * New upstream release candidate. [ Michal Čihař ] * Disallow access to libraries when using lighttpd. -- Thijs Kinkhorst Sun, 07 Sep 2008 18:34:18 +0200 phpmyadmin (4:3.0.0~beta-1) experimental; urgency=low * New upstream bèta release. -- Thijs Kinkhorst Fri, 22 Aug 2008 14:03:36 +0200 phpmyadmin (4:3.0.0~alpha-1) experimental; urgency=low * New upstream alpha release: 3.0.0. * Don't install readme.php if we don't install README. * Use debhelper level 7. * Remove dependencies for PHP4 and Apache 1 (Closes: #431885), and legacy upgrading code. * Remove paths from lighty-{en,dis}able-mod. -- Thijs Kinkhorst Mon, 11 Aug 2008 17:06:26 +0200 phpmyadmin (4:2.11.8.1-1) unstable; urgency=low * New upstream release, only changes: + Updates Norwegian translation. + Fixes PHP notice on every page load. -- Thijs Kinkhorst Mon, 11 Aug 2008 12:44:44 +0200 phpmyadmin (4:2.11.8~rc1-1) unstable; urgency=high * New upstream release candidate fixing security issues. [CVE-2008-3456, CVE-2008-3457] * Update Swedish debconf translation, thanks Martin Ågren (Closes: #492057). -- Thijs Kinkhorst Thu, 24 Jul 2008 22:08:21 +0200 phpmyadmin (4:2.11.7.1-1) unstable; urgency=high * New upstream release. * Fixes security issue: XSRF/CSRF by manipulating the db, convcharset and collation_connection parameters. [CVE-2008-3197] -- Thijs Kinkhorst Tue, 15 Jul 2008 20:41:25 +0200 phpmyadmin (4:2.11.7-1) unstable; urgency=low * New upstream release. -- Thijs Kinkhorst Tue, 24 Jun 2008 21:43:28 +0200 phpmyadmin (4:2.11.7~rc2-1) unstable; urgency=medium * New upstream release candidate. - Fixes an issue that is not relevant to Debian but flagged as a security issue upstream: CVE-2008-2960. In Debian we don't support setups with register_globals on. - Fixes session hash_bits override (Closes: #474557). * Checked for policy 3.8.0, add README.source. -- Thijs Kinkhorst Sat, 14 Jun 2008 15:24:31 +0200 phpmyadmin (4:2.11.6-1) unstable; urgency=low * New upstream bugfix release. -- Thijs Kinkhorst Wed, 30 Apr 2008 20:55:57 +0200 phpmyadmin (4:2.11.5.2-1) unstable; urgency=medium * New upstream release. + Fixes security issue where user was able to access any files on webserver by using crafted HTTP POST request [PMASA-2008-3, CVE-2008-1924]. -- Michal Čihař Wed, 23 Apr 2008 10:42:47 +0200 phpmyadmin (4:2.11.5.1-1) unstable; urgency=medium * New upstream release. + Fixes a "security bug": saves sensitive data in the PHP session data, which might be unprotected on a shared host. I do not believe that this is a real issue, more a security precaution for situations which are not secure anyway. Still, upload with medium urgency. [PMASA-2008-2, CVE-2008-1567] * Update Arabic translation by Ossama Khayat (Closes: #471908). -- Thijs Kinkhorst Sat, 29 Mar 2008 16:31:06 +0100 phpmyadmin (4:2.11.5-1) unstable; urgency=medium [ Thijs Kinkhorst ] * New upstream release. + Fixes low-risk SQL injection: PMASA-2008-1. * Update Japanese translation by Hideki Yamane (Closes: #463169). [ Michal Čihař ] * Actually install README.Debian (Closes: #460991). -- Thijs Kinkhorst Sat, 01 Mar 2008 18:09:37 +0100 phpmyadmin (4:2.11.4-1) unstable; urgency=low * New upstream release. * Update to debhelper level 6. -- Thijs Kinkhorst Mon, 14 Jan 2008 12:24:38 +0100 phpmyadmin (4:2.11.3-2) unstable; urgency=low * Debconf templates and debian/control reviewed by the debian-l10n-english team as part of the Smith review project. Thanks Christian Perrier and friends. Closes: #453293 [ Translations ] * Polish * Galician. Closes: #454182 * Norwegian Bokmål. Closes: #454185 * Basque. Closes: #454240 * German. Closes: #454507 * Finnish. Closes: #454606 * Italian. Closes: #454646 * Portuguese. Closes: #456426 * Czech. Closes: #456601 * Russian. Closes: #456761 * French. Closes: #456767 * Vietnamese. Closes: #457313 * Dutch. -- Thijs Kinkhorst Sun, 23 Dec 2007 21:09:59 +0100 phpmyadmin (4:2.11.3-1) unstable; urgency=low * New upstream release. -- Thijs Kinkhorst Sun, 09 Dec 2007 11:10:28 +0100 phpmyadmin (4:2.11.2.2-1) unstable; urgency=high * New upstream release. * Fixes cross site scripting issue (PMASA-2007-8, CVE-2007-6100). -- Thijs Kinkhorst Thu, 22 Nov 2007 07:51:22 +0100 phpmyadmin (4:2.11.2.1-1) unstable; urgency=medium * New upstream release. * Fixes unimportant "security" issue: XSS/SQL injection through database names (PMASA-2007-7, CVE-2007-5976, CVE-2007-5977). -- Thijs Kinkhorst Sun, 11 Nov 2007 22:21:14 +0100 phpmyadmin (4:2.11.2-2) unstable; urgency=low * Fixed typo in postrm script which broke removal (Closes: #448653). * Added support for configuring lighttpd web server. * Drop build dependency on perl and replace it by sed. -- Michal Čihař Wed, 31 Oct 2007 10:42:54 +0900 phpmyadmin (4:2.11.2-1) unstable; urgency=low * New upstream release. -- Thijs Kinkhorst Mon, 29 Oct 2007 22:50:22 +0100 phpmyadmin (4:2.11.1.2-1) unstable; urgency=high * New upstream release. * Addresses two cross site scripting issues: PMASA-2007-5, PMASA-2007-6 (CVE-2007-5386, CVE-2007-5589, closes: #446451) -- Thijs Kinkhorst Wed, 17 Oct 2007 22:54:41 +0200 phpmyadmin (4:2.11.1-1) unstable; urgency=low * New upstream release. - Rename database now keeps character set (Closes: #438129). -- Thijs Kinkhorst Fri, 21 Sep 2007 08:26:50 +0200 phpmyadmin (4:2.11.0-1) unstable; urgency=low * New upstream release (Closes: #409286). * Also install create/update pmadb example SQL files for MySQL 4.1+. -- Thijs Kinkhorst Thu, 23 Aug 2007 13:01:53 +0200 phpmyadmin (4:2.10.3-1) unstable; urgency=low * New upstream bugfix release. [ Translations ] * German by Helge Kreutzmann (Closes: #432566). -- Thijs Kinkhorst Sat, 14 Jul 2007 18:07:05 +0200 phpmyadmin (4:2.10.2-1) unstable; urgency=low [ Thijs Kinkhorst ] * New upstream release. * Welcome Michal Čihař as new co-maintainer. [ Translations ] * Vietnamese by Clytie Siddall (Closes: #427177). -- Thijs Kinkhorst Sun, 17 Jun 2007 17:52:03 +0200 phpmyadmin (4:2.10.1-3) unstable; urgency=low [ Thijs Kinkhorst ] * php5-mcrypt is now a dependency on 64 bit platforms. Move it from Recommends to Depends because it's not possible to specify per-arch dependencies, and it's also very useful to have on 32 bit platforms because of the speed increase (Closes: #425164). [ Translations ] * French by Chrisian Perrier (Closes: #423954). * Danish by Claus Hindsgaul (Closes: #426786). -- Thijs Kinkhorst Thu, 31 May 2007 12:32:38 +0200 phpmyadmin (4:2.10.1-2) unstable; urgency=low * Make sure webserver configuration question is always asked on install and reconfigure (Closes: #421535). * Add example configuration for many identically configured hosts, thanks to Matthew Hawkins (Closes: #285727). * Tweak debconf translations for guidelines. [ Translations ] * Dutch by self. * Norwegian by Bjørn Steensrud. * Swedish by Daniel Nylander (Closes: #421083). * Galician by Jacobo Tarrio (Closes: #421086). * Portuguese by Miguel Figueiredo (Closes: #421259). * Basque by Piarres Beobide (Closes: #421223). * Italian by Luca Monducci (Closes: #421475). * Czech by Miroslav Kure (Closes: #421486). * Arabic by Ossama Khayat (Closes: #421754). * Polish by Piotr Roszatycki. * Russian by Yuriy Talakan' (Closes: #422042). * Spanish by Nacho Barrientos Arias (Closes: #422136). * Japanese by Hideki Yamane (Closes: #422268). * Brazilian Portuguese by Eder L. Marques (Closes: #422282). -- Thijs Kinkhorst Sat, 05 May 2007 17:28:20 +0200 phpmyadmin (4:2.10.1-1) unstable; urgency=high * New upstream release. - Security fix: PMASA-2007-4: Cross Site Scripting. * Warn about obsolete /var/www/phpmyadmin symlink. * Install translators.html as documentation for proper crediting. -- Thijs Kinkhorst Thu, 26 Apr 2007 11:17:13 +0200 phpmyadmin (4:2.10.0.2-1) unstable; urgency=low * Repackage using debhelper instead of yada (Closes: #417018). * Does not reconfigure Apache without permission and does not reset debconf variables (Closes: #335568, #377538). * New upstream release. - From now on we use the -utf-8-only tarballs, reducing installed size by 25%. - Fixes sessions for non-file-based handlers (Closes: #419484). - Has configurable signout link (Closes: #257975). - Addresses CVE-2007-1325 (workaround for PHP vulnerability). - Addresses CVE-2007-1395 (incomplete blacklist). -- Thijs Kinkhorst Sat, 21 Apr 2007 14:52:09 +0200 phpmyadmin (4:2.9.1.1-3) unstable; urgency=medium * Added Galician debconf translation by Jacobo Tarrio (Closes: #412195). * Actually install config.default.php example file (Closes: #412655). * Add XS-Vcs-* fields to debian/control. -- Thijs Kinkhorst Wed, 28 Feb 2007 01:07:56 +0100 phpmyadmin (4:2.9.1.1-2) unstable; urgency=high * Backport security-related changes from 2.9.2-rc1: * CVE-2007-0203: Multiple unspecified vulnerabilities; this turns out to be (1) cross site scripting and (2) the same as CVE-2006-6374. (Closes: #406332, #406486) * CVE-2006-6374: the vulnerability only applies to PHP < 5.1.2 and < 4.4.2, so strictly speaking current Debian is not vulnerable. Include it anyway, to not expose those using older PHP versions. (Closes: #404744) -- Thijs Kinkhorst Fri, 12 Jan 2007 15:29:28 +0100 phpmyadmin (4:2.9.1.1-1) unstable; urgency=high * New upstream release. - Addresses several security issues (Closes: #399329). [CVE-2006-6944, CVE-2006-6942] * In Depends, explicitly prefer the apache2/apache PHP module, to make sure the correct one is selected upon installation. * Drop 100-dutch_fixtypo.patch, integrated upstream. * Add note to default config file about adding sensitive data to that file (Closes: #321529). * Update README.Debian with information about register_globals. -- Thijs Kinkhorst Wed, 22 Nov 2006 22:24:02 +0100 phpmyadmin (4:2.9.0.3-1) unstable; urgency=medium * New upstream bugfix release. - Includes a fix for a XSS security issue. (PMASA-2006-6, CVE-2006-5718, Closes: #396638) * 100-dutch_fixtypo.patch: Add patch to fix typo in Dutch translation which also caused a layout problem in the login screen. * 021-config.inc.php_no_check_mtime.patch: Add patch to Config class to disable checking for the mtime of config.inc.php. Since we include other files from it, those will otherwise never be read (Closes: #392022). * Add depends on perl since it's used in the maintainer scripts. * Update shipped htaccess to make it compatible with Apache 2.2 (Closes: #396560). * Updated translations: - Bokmål by Bjørn Steensrud. - Basque by Piarres Beobide. - Dutch by self. - Danish by Claus Hindsgaul (Closes: #393871). - Japanese by Hideki Yamane (Closes: #396548). -- Thijs Kinkhorst Thu, 2 Nov 2006 15:45:29 +0100 phpmyadmin (4:2.9.0.2-1) unstable; urgency=low * New maintainer, thanks Piotr for your previous work! * Acknowledge NMU's, thanks Steinar! (Closes: #378681) * Fix typo in debconf templates and unfuzzy that. * Tweak package description. -- Thijs Kinkhorst Wed, 11 Oct 2006 14:46:37 +0200 phpmyadmin (4:2.9.0.2-0.1) unstable; urgency=high * Non-maintainer upload with maintainer consent. * Upgrade to latest upstream version to battle cross-site request forgery (PMASA-2006-5, CVE-2006-5116, CVE-2006-5117, closes: 391090). * New upstream also fixes broken database export functionality (closes: 374918) and database/table copy (closes: 390484). * Update translations: - Danish by Claus Hindsgaul (Closes: 357972). - Italian by Luca Monducci (Closes: 382139). - Spanish by Nacho Barrientos Arias (Closes: 385365). -- Thijs Kinkhorst Tue, 10 Oct 2006 20:56:25 +0200 phpmyadmin (4:2.8.2-0.2) unstable; urgency=medium * Non-maintainer upload. * Fix issue with /var/www pointing to /usr/share/phpmyadmin. (Closes: #385889) * Make sure we install /var/www as a directory, since we make a symlink into it and we can't rely on it being there. * Explicitly link to /var/www/phpmyadmin instead of /var/www, to make sure we don't make a new /var/www even if it should be removed for some reason. -- Steinar H. Gunderson Mon, 11 Sep 2006 00:14:54 +0200 phpmyadmin (4:2.8.2-0.1) unstable; urgency=high * Non-maintainer upload. * New upstream release. * Fixes cross-site-scripting issues. [CVE-2006-3388] (Closes: #377748) -- Steinar H. Gunderson Tue, 18 Jul 2006 12:52:19 +0200 phpmyadmin (4:2.8.1-1) unstable; urgency=medium * New upstream release. Closes: #373204. - The French translation is correct. Closes: #362154. - Generates correct dumps with UPDATE syntax. Closes: #364702. * Security fix: XSRF vulnerability. See: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-3 See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1804 [CVE-2006-1803, CVE-2006-1804] * Security fix: XSS vulnerabilities. It was not a problem for Debian with the default settings. See: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-2 See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2031 [CVE-2006-2031, CVE-2006-2417, CVE-2006-2418] Closes: #363519, #368082. * Security fix: XSS with IE 6 [CVE-2007-0341]. * Updated Portuguese debconf templates translation, thanks Miguel Figueiredo. Closes: #363597. * Updated Russian debconf templates translation, thanks Yuriy Talakan. Closes: #367146. * Convert non-ISO-8859-1 debconf templates translation to UTF-8. -- Piotr Roszatycki Sun, 25 Jun 2006 18:10:23 +0200 phpmyadmin (4:2.8.0.3-1) unstable; urgency=medium * New upstream release. * Security fix: XSS vulnerability (calling directly css files under themes) See: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-1 See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1678 Closes: #362567. -- Piotr Roszatycki Fri, 14 Apr 2006 14:47:28 +0200 phpmyadmin (4:2.8.0.2-4) unstable; urgency=low * Fixed typos in debconf template. Closes: #360059. * Updated Czech debconf templates translation, thanks Miroslav Kure. Closes: #359757. * Updated German debconf templates translation, thanks Daniel Knabl. Closes: #359752. * Updated Swedish debconf templates translation, thanks Daniel Nylander. * Updated Vietnamese debconf templates translation, thanks Clytie Siddall. -- Piotr Roszatycki Fri, 31 Mar 2006 14:54:00 +0200 phpmyadmin (4:2.8.0.2-3) unstable; urgency=low * Add missing javascript files. Closes: #357743, #357579. * Updated Brazilian Portuguese debconf templates translation, thanks Andre Luis Lopes. Closes: #357840. -- Piotr Roszatycki Mon, 20 Mar 2006 11:06:09 +0100 phpmyadmin (4:2.8.0.2-2) unstable; urgency=low * Do not use 822-date command in postinst script. Closes: #357605. -- Piotr Roszatycki Sat, 18 Mar 2006 15:02:47 +0100 phpmyadmin (4:2.8.0.2-1) unstable; urgency=low * New upstream release. Closes: #356013, #355931. - Can work if DocumentRoot is set to phpMyAdmin's directory. Closes: #352403, #349497. - pma_* features work with PersistentConnection mode. Closes: #348489. - Export of table works if __TABLE__ macro is used. Closes: #217364. - Can navigate back to user after changing privileges on database. Closes: #338758. - Fixes XSS [CVE-2006-1258] * Reedited package description. * Tweaked dependencies. Prefer php5-cgi package and does not depend on apache2, because the PHP can be started as FastCGI standalone server. Closes: #340286, #307441. * This release provides http://localhost/phpmyadmin/scripts/setup.php setup script. This script requires authorization by default. * Generate longer blowfish secret on install. * Create symlink /var/www/phpmyadmin only at first install. -- Piotr Roszatycki Fri, 17 Mar 2006 10:56:43 +0100 phpmyadmin (4:2.7.0-pl2-1) unstable; urgency=low * New upstream release. Closes: #342203. * Tweak the dependencies and prefer PHP5 with Apache2. * Support cgid.so module for threaded Apache2. * Removed all Debian specific patches. * Portuguese debconf templates translation, thanks Miguel Figueiredo. Closes: #336444. -- Piotr Roszatycki Wed, 4 Jan 2006 15:34:36 +0100 phpmyadmin (4:2.6.4-pl4-2) unstable; urgency=high * Security fix: Cross-site scripting by trusting potentially user-supplied input. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3665 New 200-CVE-2005-3665.patch. Closes: #340438. -- Piotr Roszatycki Wed, 23 Nov 2005 14:31:15 +0100 phpmyadmin (4:2.6.4-pl4-1) unstable; urgency=high * New upstream release. * Security fix: HTTP Response Splitting vulnerability. See: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6 See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3621 Closes: #339437. * New 105-bug_debian_324318.patch: - Always set the default configuration values, even if the config.inc.php file seems to be up to date. This fix allows to utilise more than three databases. Closes: #324318. -- Piotr Roszatycki Wed, 16 Nov 2005 13:10:14 +0100 phpmyadmin (4:2.6.4-pl3-1) unstable; urgency=high * New upstream release. * Security fix: (1) Local file inclusion vulnerability and (2) Cross-Site Scripting vulnerability. See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3300 See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3301 Closes: #335306, #335513. * Assigned CVE number for 4:2.6.4-pl2-1 bug fix. -- Piotr Roszatycki Mon, 24 Oct 2005 20:14:08 +0200 phpmyadmin (4:2.6.4-pl2-1) unstable; urgency=high * New upstream release. * Security fix: local file inclusion vulnerability. See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3299 Closes: #333433. -- Piotr Roszatycki Wed, 12 Oct 2005 15:07:42 +0200 phpmyadmin (4:2.6.4-pl1-2) unstable; urgency=low * Rebuilt with new YADA. Depends: debconf (>= 0.2.26) | debconf-2.0 * Swedish debconf templates translation, thanks Daniel Nylander. Closes: #330645. -- Piotr Roszatycki Tue, 4 Oct 2005 13:01:25 +0200 phpmyadmin (4:2.6.4-pl1-1) unstable; urgency=medium * New upstream release. * Security fix: Two Cross-Site Scripting vulnerabilities. See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2869 Closes: #327345. * Append the Debian package revision number to the upstream version number. Marks that this phpMyAdmin package has additional Debian modifications so the bugreports won't confuse phpMyAdmin's coders. * Create minimal /usr/share/phpmyadmin/config.inc.php file with proper comment. Closes: #321270. * Reintroduced /etc/phpmyadmin/apache.conf. Closes: #307181, #308460, #312611, #312668. * Removed all Debian patches as are obsoleted now. * Depends: apache2 | httpd * Recommends: php4-mcrypt | php5-mcrypt. Closes: #321259. * Arabic debconf templates translation. Closes: #320773. * Vietnamese debconf templates translation. Closes: #316841. * Updated Brazilian Portuguese debconf templates translation. Closes: #310875. * Updated German debconf templates translation. Closes: #326141. * New yada fixes postrm script fail when ucf is missing. Closes: #322139. -- Piotr Roszatycki Fri, 16 Sep 2005 16:21:21 +0200 phpmyadmin (4:2.6.2-3) unstable; urgency=high * Fix apache2.conf only for 4:2.6.2-1 release. Closes: #307901 (critical), #307275 (critical), #304786 (critical). * Clean up old 'Include /etc/phpmyadmin/apache.conf' from httpd.conf in safe way. * Removed old code which modified httpd.conf if 'Include /etc/apache/conf.d' was missing. * Note for release manager: cleaning up config.inc.php doesn't change the application logic. The autoloading of the PHP extensions is already implemented in the upstream's code. -- Piotr Roszatycki Sat, 7 May 2005 14:49:49 +0200 phpmyadmin (4:2.6.2-2) unstable; urgency=high * Doesn't modify apache2.conf. Try to revert the changes. Closes: #307275 (critical). * Remove obsoleted conffiles and symlinks on purge. Closes: #307415. * The default behaviour is not to autoconfigurate webservers. * Doesn't load the PHP extensions automatically in config.inc.php script. -- Piotr Roszatycki Thu, 5 May 2005 11:40:46 +0200 phpmyadmin (4:2.6.2-1) unstable; urgency=low * New upstream release * NEWS and README.Debian file are documented about problem with logging in with cookie based authentication. * Removed suPHP directive from apache.conf file. Closes: #304018. * Configuration in .htaccess doesn't override global access settings. Closes: #303535. * Updated Brazilian Portuguese debconf templates translation. Closes: #304566. * Apache configuration is installed separately, not through symlinks. * Convert httpd.conf and apache.conf. They have to contain "Include /etc/apache2/conf.d/*.conf" directive. -- Piotr Roszatycki Tue, 19 Apr 2005 11:51:21 +0200 phpmyadmin (3:2.6.2-rc1-1) unstable; urgency=high * New upstream release. * Security fix: Cross-Site Scripting vulnerability. See http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-3 Closes: #303142. * Don't enable PHP if mod_fcgid is loaded in Apache 2.x. -- Piotr Roszatycki Tue, 5 Apr 2005 15:17:25 +0200 phpmyadmin (3:2.6.1-pl3-2) unstable; urgency=high * Fixed the bug in postinst introduced in last upload. Closes: #299034. -- Piotr Roszatycki Fri, 11 Mar 2005 11:14:05 +0100 phpmyadmin (3:2.6.1-pl3-1) unstable; urgency=high * New upstream release. * Fixed annoying bug that a user called 'xx@%' could be created but not removed. Closes: #208539. * Fixed critical bug introduced by php4 compiled with ZTS option. Added 003-dl_with_zts.patch. Closes: #297725. * Renamed debian/patches/*.diff to *.patch. * Depends also on php5-fcgi. -- Piotr Roszatycki Mon, 7 Mar 2005 12:21:00 +0100 phpmyadmin (3:2.6.1-pl2-2) unstable; urgency=low * Fixed converting /etc/apache/conf.d/phpmyadmin to phpmyadmin.conf at upgrade time. -- Piotr Roszatycki Wed, 2 Mar 2005 20:30:29 +0100 phpmyadmin (3:2.6.1-pl2-1) unstable; urgency=high * New upsteam release. * Security fix: A variable injection vulnerability was found in phpMyAdmin, that may allow an attacker to conduct Cross-site scripting (XSS) attacks and / or perform remote file inclusion. See http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-1 Closes: #296845. * Switched off register_globals in .htaccess. * Does not recommend versioned apache, as far as it works wrongly with aptitude. Closes: #295786. -- Piotr Roszatycki Sat, 26 Feb 2005 17:39:31 +0100 phpmyadmin (3:2.6.1-1) unstable; urgency=low * New upstream release. * Czech debconf templates translation. Closes: #293611. * Woody backward compatibility. See bug 1117907 on Sourceforge. -- Piotr Roszatycki Mon, 7 Feb 2005 15:20:09 +0100 phpmyadmin (2:2.6.1-rc2-2) unstable; urgency=low * Configuration for suPHP can't be in .htaccess. Closes: #287897. -- Piotr Roszatycki Tue, 18 Jan 2005 19:13:12 +0100 phpmyadmin (2:2.6.1-rc2-1) unstable; urgency=low * New upstream release. * Rename the symlink /etc/$APACHE/conf.d and add .conf suffix. Closes: #286100. * Disable suPHP for security reasons. Closes: #287897. * Use /cgi-bin/php if CGI mode is used. * Depends on php4 | php4-cgi | php5 | php5-cgi. * Modified Description field to make lintian happy. * Fixed postinst script for better php5 support. -- Piotr Roszatycki Wed, 12 Jan 2005 21:37:02 +0100 phpmyadmin (2:2.6.1-rc1-1) unstable; urgency=high * New upstream release. * Security fix: Command execution and file disclosure was found. See http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-4 Closes: #285488. * Remove 003.non_standard_port_fix.diff applied to upstream. * Add commented out options 'extension' and 'AllowRoot' to default config file. * Support mysqli.so extension. Autodetect modules from 'extension' option. -- Piotr Roszatycki Mon, 13 Dec 2004 19:23:57 +0100 phpmyadmin (2:2.6.0-pl3-2) unstable; urgency=high * Security fix is broken if non-standard HTTP(S) port is used. Closes: #283044. -- Piotr Roszatycki Fri, 26 Nov 2004 09:55:29 +0100 phpmyadmin (2:2.6.0-pl3-1) unstable; urgency=high * New upstream release. * Security fix: Multiple XSS vulnerability were found. See http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-3 * Tweaks dependencies: depends php4 | php4-cgi; don't suggests non-free mysql-doc. * Supports unofficial php5 packages. -- Piotr Roszatycki Mon, 22 Nov 2004 10:22:41 +0100 phpmyadmin (2:2.6.0-pl2-2) unstable; urgency=low * Updated German translation of the debconf templates. Closes: #280998. -- Piotr Roszatycki Thu, 18 Nov 2004 14:08:27 +0100 phpmyadmin (2:2.6.0-pl2-1) unstable; urgency=high * New upstream release. * Security fix: If PHP is not running in safe mode, a problem in the MIME-based transformation system (with an "external" transformation) allows to execute any command with the privileges of the web server's user. -- Piotr Roszatycki Thu, 14 Oct 2004 11:33:56 +0200 phpmyadmin (2:2.6.0-pl1-1) unstable; urgency=low * New upstream release. * This release fixes patch 003.woody_compatibility. -- Piotr Roszatycki Wed, 29 Sep 2004 09:39:38 +0200 phpmyadmin (2:2.6.0-1) unstable; urgency=low * New upstream release. * Depends: php4-cgi (>= 4.1.0) | libapache-mod-php4. The php4-cgi package is recommended as easier for installation. Closes: #267878. * Depends: apache | apache-perl | apache-ssl | apache2 | httpd. * Added patch for woody with MySQL from backports.org compatibility. -- Piotr Roszatycki Tue, 28 Sep 2004 09:42:06 +0200 phpmyadmin (1:2.6.0-rc1-1) experimental; urgency=low * New upstream release. * Disable the default warning that is displayed on the DB Details Structure page if any of the required Tables for the relation features could not be found. -- Piotr Roszatycki Mon, 9 Aug 2004 10:21:07 +0200 phpmyadmin (1:2.5.7-pl1-2) unstable; urgency=medium * blowfish_secret.inc.php must not be world readable. Closes: #257968. -- Piotr Roszatycki Thu, 5 Aug 2004 17:37:46 +0200 phpmyadmin (1:2.5.7-pl1-1) unstable; urgency=high * New upstream release * Fixes security problems. See http://securityfocus.com/archive/1/367486/2004-06-26/2004-07-02/0 and the Documentation.html, FAQ 8.2. -- Piotr Roszatycki Thu, 1 Jul 2004 09:51:54 +0200 phpmyadmin (1:2.5.7-1) unstable; urgency=low * New upstream release * Add /var/www/phpmyadmin to the apache.conf, closes: #246367. * Suggests: php4-gd, closes: #243714. * Should work with E_ALL, closes: #244672. * Remove php3 from dependencies and DebConf templates, closes: #246002. * Fixed typo in DebConf template, closes: #250841. * Dutch debconf templates translation (unfinished...), closes: #216936. * Split configuration to the /etc/phpmyadmin/config.inc.php and /usr/share/phpmyadmin/config.inc.php, closes: #225766. * Ask for restart only if required, closes: #249940. -- Piotr Roszatycki Fri, 25 Jun 2004 10:27:26 +0200 phpmyadmin (1:2.5.6-2) unstable; urgency=low * Supports PHP for Apache2, closes: #242797. * apache.conf uses than , closes: #236978. * Remove /etc/*/conf.d/phpmyadmin on purge, closes: #239080. * Fixed DebConf scripts. Should not ask again about webservers, closes: #239480. * Install /var/www/phpmyadmin symlink than Alias, closes: #238598. * Catalan debconf templates translation, closes: #236636. * DebConf templates: * Removed phpmyadmin/changed-extension * Renamed phpmyadmin/webserver to phpmyadmin/reconfigure-webserver * Renamed phpmyadmin/restart to phpmyadmin/restart-webserver -- Piotr Roszatycki Sat, 27 Mar 2004 13:16:26 +0100 phpmyadmin (1:2.5.6-1) unstable; urgency=low * New upstream release. * Ignore missing /etc/phpmyadmin directory for postrm purge, closes: #235696. * Danish debconf templates translation, closes: #234948. -- Piotr Roszatycki Thu, 4 Mar 2004 17:16:56 +0100 phpmyadmin (2.5.6-rc2-1) unstable; urgency=low * New upstream release. * Removed conffiles /etc/phpmyadmin/{header,footer}.inc.php. They are not conffiles for a long time. Closes: #232557, #231880. * Brazilian Portuguese debconf templates translation, closes: #231713. * French debconf templates translation, closes: #220804. * Japanese po-debconf template translation, closes: #222282. -- Piotr Roszatycki Sun, 22 Feb 2004 13:14:00 +0100 phpmyadmin (2.5.6-rc1-1) unstable; urgency=high * New upstream release. * Security fix: possible attack against export.php, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0129, closes: #231050. -- Piotr Roszatycki Wed, 4 Feb 2004 12:34:11 +0100 phpmyadmin (2.5.5-pl1-2) unstable; urgency=low * Restored upstream release notes. -- Piotr Roszatycki Tue, 3 Feb 2004 15:33:54 +0100 phpmyadmin (2.5.5-pl1-1) unstable; urgency=low * New upstream release. * Depends php4 or php4-cgi (>= 4.1.0) and suggests mysql-server (>= 3.23.36). -- Piotr Roszatycki Wed, 28 Jan 2004 11:17:25 +0100 phpmyadmin (2.5.4-2) unstable; urgency=low * Call modules-config rather than writing directly to modules.conf. * Recommends: apache (>= 1.3.29.0.1-1), php4, php4-mysql * Update Russian translation, closes: #221827. -- Piotr Roszatycki Fri, 19 Dec 2003 18:58:27 +0100 phpmyadmin (2.5.4-1) unstable; urgency=low * New official unstable release. * Fixed apache.conf with IfModule directive. * Closes bugs with pending tag: o Fixed problem with password changes, closes: #216467 o Fixed print view for one table, closes: #149172 o Fixed grants for table contained backslash in its name, closes: #149416 o Can login with empty password, closes: #171784 o apache.conf includes DirectoryIndex directive, closes: #217100 o Can copy user grants/permissions to other user, closes: #152807 o Backs to browse listing after edting, closes: #168980 -- Piotr Roszatycki Fri, 7 Nov 2003 11:42:44 +0100 phpmyadmin (2.5.4-0.4) experimental; urgency=low * Fixed another ucf bug. -- Piotr Roszatycki Thu, 6 Nov 2003 19:45:31 +0100 phpmyadmin (2.5.4-0.3) experimental; urgency=low * ucf should be called on "configure" action. YADA relative problem. -- Piotr Roszatycki Tue, 4 Nov 2003 13:21:29 +0100 phpmyadmin (2.5.4-0.2) experimental; urgency=low * modules-config hangs up if postinst uses debconf. Write to modules.conf directly. -- Piotr Roszatycki Fri, 31 Oct 2003 17:21:10 +0100 phpmyadmin (2.5.4-0.1) experimental; urgency=low * New upstream release. * ucf handles configuration files. * Don't use wwwconfig-common. * Handle Apache2 webserver. * Works with new DebConfized Apache package. -- Piotr Roszatycki Tue, 28 Oct 2003 15:45:34 +0100 phpmyadmin (2.5.3-1) unstable; urgency=low * New upstream release. -- Piotr Roszatycki Mon, 8 Sep 2003 10:37:07 +0200 phpmyadmin (2.5.2-pl1-1) unstable; urgency=low * New upstrem release. * NEWS.Debian renamed to NEWS, closes: #204901. -- Piotr Roszatycki Mon, 11 Aug 2003 22:21:18 +0200 phpmyadmin (2.5.2-2) unstable; urgency=high * The upstream also fixes XSS vulnerabilities, information encoding weakness and transversal directory attack. This was mentioned in Debian.NEWS file only, not changelog.Debian file. See http://www.securityfocus.com/archive/1/325641. Closes: #203092. * CVS fix: another patch for path disclosure problem. * CVS fix: a user could not edit his own global privileges. -- Piotr Roszatycki Mon, 28 Jul 2003 09:39:11 +0200 phpmyadmin (2.5.2-1) unstable; urgency=low * New upstream release * French debconf translation, closes: #200724 * Generates /etc/phpmyadmin/blowfish_secret.inc.php in postinst script. -- Piotr Roszatycki Thu, 24 Jul 2003 10:50:01 +0200 phpmyadmin (2.5.1-1) unstable; urgency=high * New upstream release * Fixes security problem. Prevent transversal directory attacks and remote local directory listing with discovering directory content. -- Piotr Roszatycki Sat, 28 Jun 2003 21:57:23 +0200 phpmyadmin (2.4.0-2) unstable; urgency=high * Fixes bug introduced by previous fix. I don't know how I could upload this crap. Sorry. Closes: #184214, #184544 -- Piotr Roszatycki Thu, 13 Mar 2003 02:14:05 +0100 phpmyadmin (2.4.0-1) unstable; urgency=low * New upstream release -- Piotr Roszatycki Mon, 10 Mar 2003 19:29:09 +0100 phpmyadmin (2.3.3pl1-1) unstable; urgency=low * New upstream release * phpMyAdmin can login without password and shows connection errors. -- Piotr Roszatycki Thu, 5 Dec 2002 12:01:54 +0100 phpmyadmin (2.3.2-4) unstable; urgency=low * Don't insert NULL value if textarea is not empty. Fix from CVS snapshot, closes: #168979 -- Piotr Roszatycki Mon, 18 Nov 2002 19:17:14 +0100 phpmyadmin (2.3.2-3) unstable; urgency=low * Missing libraries, closes: #166698 -- Piotr Roszatycki Mon, 4 Nov 2002 15:43:58 +0100 phpmyadmin (2.3.2-2) unstable; urgency=low * Missing translators.html -- Piotr Roszatycki Thu, 17 Oct 2002 10:32:49 +0200 phpmyadmin (2.3.2-1) unstable; urgency=low * New upstream release, closes: #157915 + phpMyAdmin showed that the one field is PRIMARY key even if no field was PRIMARY, closes: #144362 + Can dump table and field names with backquotes, closes: #144513 + Fixed Russian translation, closes: #144617 + Cookie path is autodetected, closes: #155108 * Now the absolute URI is autodetected, closes: #147714 * Spanish DebConf template, closes: #153071 -- Piotr Roszatycki Fri, 11 Oct 2002 12:46:29 +0200 phpmyadmin (2.2.6-1) unstable; urgency=low * New upstream release -- Piotr Roszatycki Mon, 22 Apr 2002 17:01:39 +0200 phpmyadmin (2.2.5-2.2.6-rc2-1) unstable; urgency=low * New upstream release * Fixed wwwconfig-common stuff, closes: #139986 -- Piotr Roszatycki Thu, 18 Apr 2002 11:44:44 +0200 phpmyadmin (2.2.5-2.2.6-rc1-2) unstable; urgency=low * Fixed postrm for debconf if package is not configured yet. -- Piotr Roszatycki Fri, 12 Apr 2002 12:12:22 +0200 phpmyadmin (2.2.5-2.2.6-rc1-1) unstable; urgency=low * New upstream release * Russian debconf template, closes: #137674 -- Piotr Roszatycki Thu, 11 Apr 2002 16:48:00 +0200 phpmyadmin (2.2.3-1) unstable; urgency=low * New upstream release -- Piotr Roszatycki Tue, 8 Jan 2002 13:02:45 +0100 phpmyadmin (2.2.2-2.2.3-dev-20011218-1) unstable; urgency=low * New upstream release (CVS snapshot) * This upstream release implements cookie based authentication. Finally :) * Fixes 'Query empty' bug when ordering by a column, closes: #123459 * Fixes spelling error in description, closes: #125243 * Removed invalid command for PHP3 from apache.conf, closes: #122941 -- Piotr Roszatycki Mon, 17 Dec 2001 16:17:11 +0100 phpmyadmin (2.2.1-2.2.2-rc1-2) unstable; urgency=low * Works with error_reporting=E_ALL, closes: #121328 * Turn on register_globals in apache.conf -- Piotr Roszatycki Tue, 27 Nov 2001 11:10:59 +0100 phpmyadmin (2.2.1-2.2.2-rc1-1) unstable; urgency=medium * New upstream release, closes: #118716 * New upstream fixes several security problems. -- Piotr Roszatycki Wed, 21 Nov 2001 12:13:07 +0100 phpmyadmin (2.2.0-4) unstable; urgency=low * Missing select_box() function added, required for multiserver config. -- Piotr Roszatycki Mon, 1 Oct 2001 12:38:08 +0200 phpmyadmin (2.2.0-3) unstable; urgency=low * User can login even if (s)he doesn't have priviliges to mysql database, really closes: #112099 * New yada, package should build from source. * Remove CVS directories. -- Piotr Roszatycki Tue, 18 Sep 2001 15:57:25 +0200 phpmyadmin (2.2.0-2) unstable; urgency=low * Fixed typo in lib.inc.php, closes: #112099 * Compatibility with potato's mysql server * Frameset is now resizable, applied patch from CVS -- Piotr Roszatycki Tue, 18 Sep 2001 14:07:59 +0200 phpmyadmin (2.2.0-1) unstable; urgency=high * New upstream release, closes: #70086, #104515 * Upstream changed to SourceForge project (http://phpmyadmin.sf.net). * Security update, see SecurityFocus. * Suggests: mysql-server, closes: #67547 * DebConf and wwwconfig-common for automatic webserver reconfiguration. -- Piotr Roszatycki Fri, 31 Aug 2001 12:23:04 +0200 phpmyadmin (2.1.0.1-5) unstable; urgency=low * Fixed edit after select action, thanks Werner Ammon. * Fixed german translation. -- Piotr Roszatycki Mon, 9 Jul 2001 17:37:46 +0200 phpmyadmin (2.1.0.1-4) unstable; urgency=high * Security update, see: http://securityfocus.com/vdb/bottom.html?vid=2966 * Compiled with phpMyAdmin-SecureReality.diff patch from http://www.securereality.com.au/srpre00001.html * Added charset info to left.php -- Piotr Roszatycki Mon, 9 Jul 2001 12:51:00 +0200 phpmyadmin (2.1.0.1-3) unstable; urgency=low * German template file, closes: #99332 -- Piotr Roszatycki Thu, 31 May 2001 08:59:43 +0200 phpmyadmin (2.1.0.1-2) unstable; urgency=low * Clean up debian/packages * Renamed .php3 to .php, see Debconf note. * Purging /etc/phpmyadmin in postrm -- Piotr Roszatycki Mon, 21 May 2001 12:45:34 +0200 phpmyadmin (2.1.0.1-1) unstable; urgency=low * New upstream release from unofficial source, see copyright info, closes: #82506 * New yada * Removed dependency on libmysqlclient -- Piotr Roszatycki Mon, 29 Jan 2001 17:12:30 +0000 phpmyadmin (2.1.0-1) unstable; urgency=low * php4-cgi added to Depends * Standards-Version: 3.1.0 * New upstream release -- Piotr Roszatycki Tue, 10 Oct 2000 18:17:07 +0200 phpmyadmin (2.0.5-2) unstable; urgency=low * Suggests: mysql-doc * Load mysql.so module if not loaded * Set charset in META tag * Minor changes in debian/ directory -- Piotr Roszatycki Mon, 10 Jul 2000 12:43:41 +0200 phpmyadmin (2.0.5-1) frozen unstable; urgency=medium * This upstream source allows creating tables, closes: #53751 * New upstream release -- Piotr Roszatycki Thu, 10 Feb 2000 19:09:11 +0100 phpmyadmin (2.0.4-3) unstable; urgency=low * Polish translation in polish.inc.php3 * Slightly modified README.Debian * New feature: logout.php3; required by Netscape browser. * Suggests: mysql-doc; modified default conffile and sources. * Depends: php4, php4-mysql; a minor changes in debian/*.dpatch files. -- Piotr Roszatycki Sat, 27 Nov 1999 14:32:24 +0100 phpmyadmin (2.0.4-2) unstable; urgency=low * yada 0.8 * moved to main archive -- Piotr Roszatycki Sat, 6 Nov 1999 23:33:59 +0100 phpmyadmin (2.0.4-1) unstable; urgency=low * /usr/doc/... symlink. * Removed some debhelper's constructions * README.Debian in dpatch file. * New option in config file: verbose. * New language: Portuguese. * New upstream release. -- Piotr Roszatycki Mon, 18 Oct 1999 19:09:48 +0200 phpmyadmin (2.0.3-1) unstable; urgency=low * Initial Debian version. -- Piotr Roszatycki Wed, 25 Aug 1999 21:32:14 +0200