[SECURITY] Fedora 15 Update: phpMyAdmin-3.4.1-1.fc15

updates at fedoraproject.org updates at fedoraproject.org
Sat Jun 4 02:58:05 UTC 2011

Fedora Update Notification
2011-05-30 21:45:43

Name        : phpMyAdmin
Product     : Fedora 15
Version     : 3.4.1
Release     : 1.fc15
URL         : http://www.phpmyadmin.net/
Summary     : Handle the administration of MySQL over the World Wide Web
Description :
phpMyAdmin is a tool written in PHP intended to handle the administration of
MySQL over the World Wide Web. Most frequently used operations are supported
by the user interface (managing databases, tables, fields, relations, indexes,
users, permissions), while you still have the ability to directly execute any
SQL statement.

Features include an intuitive web interface, support for most MySQL features
(browse and drop databases, tables, views, fields and indexes, create, copy,
drop, rename and alter databases, tables, fields and indexes, maintenance
server, databases and tables, with proposals on server configuration, execute,
edit and bookmark any SQL-statement, even batch-queries, manage MySQL users
and privileges, manage stored procedures and triggers), import data from CSV
and SQL, export data to various formats: CSV, SQL, XML, PDF, OpenDocument Text
and Spreadsheet, Word, Excel, LATEX and others, administering multiple servers,
creating PDF graphics of your database layout, creating complex queries using
Query-by-example (QBE), searching globally in a database or a subset of it,
transforming stored data into any format using a set of predefined functions,
like displaying BLOB-data as image or download-link and much more...

Update Information:

Welcome to phpMyAdmin 3.4, presenting a new default theme. This release contains new features, especially:

* User preferences
* Relation schema export to multiple formats
* ENUM/SET editor
* Simplified interface for export/import
* AJAXification of some parts
* Charts
* Visual query builder

and here is the ChangeLog:

Changes for (2011-05-20)

- [interface] Synchronize and already configured host
- [bug] Inline edit and $cfg['PropertiesIconic']
- [patch] Show a translated label
- [navi] Table filter is case sensitive
- [privileges] Revert temporary fix
- [synchronize] Synchronize and user name
- [core] Some browsers report an insecure https connection
- [security] Make redirector require valid token (see PMASA-2011-3 and PMASA-2011-4)

Changes for (2011-05-11)

- [view] Enable VIEW rename 
- [privileges] Export a user's privileges 
- [core] Updated mootools to fix some glitches with Safari.
- [interface] Add REGEXP ^...$ to select dialog.
- [interface] Add insert ignore option to editing row.
- [interface] Show warning when javascript is disabled.
- [edit] Call UUID function separately to show it in insert.
- [export] Allow export of timestamps in UTC.
- [core] Remove config data from session as it brings chicken-egg problem.
- [core] Cookie path now honors PmaAbsoluteUri.
- [core] phpMyAdmin honors https in PmaAbsoluteUri.
- [core] Try moving tables by RENAME and fail to CREATE/INSERT if that fails.
- [core] Force reload js on code change.
- [interface] Do not display long numbers in server status.
- [edit] Add option to just display insert query.
- [interface] Move SSL status to the end, it is usually empty.
- [interface] Show numbers of columns in table structure.
- [inrerface] Add link to reload navigation frame.
- [auth] Signon authentication forwards error message through session data.
- [interface] Move ^1 to the end of message.
- [interface] Grey out non applicable actions in structure 
- [interface] Allow to create new table from navigation frame (in light mode).
- [browse] Add direct download of binary fields.
- [browse] Properly display NULL value for BLOB.
- [edit] Allow to set BLOB to/from NULL with ProtectBinary.
- [edit] Do not default to UNHEX when using file upload.
- [core] Add option to configure session_save_path.
- [interface] Provide links to documentation in highlighted SQL.
- [interface] It is now possible to bookmark most pages in JS capable browser.
- [core] Fix SSL detection.
- [doc] Add some hints to chk_rel.php for quick setup.
- [interface] Add class to some elements for easier theming.
- [doc] Add some interesting configs to config.sample.inc.php.
- [doc] Added advice to re-login after changing pmadb settings
- [interface] Prefill "Copy table to" in tbl_operations.php, thanks to iinl
- [lang] Add English (United Kingdom) translation, thanks to Robert Readman.
- [auth] HTTP Basic auth realm name, thanks to Harald Jenny
- [interface] Do not insert doc links to not formatted SQL.
- [lang] Chinese Simplified update, thanks to Shanyan Baishui 
- [lang] Turkish update, thanks to Burak Yavuz
- [interface] Focus TEXTAREA "sql_query" on click on "SQL" link
- [lang] Uzbek update, thanks to Orzu Samarqandiy
- [import] After import, also list uploaded filename, thanks to Pavel Konnikov and Herman van Rink
- [structure] Clicking on table name in db Structure should Browse the table if possible, thanks to bhdouglass
- [search] New search operators, thanks to Martynas Mickevičius
- [designer] Colored relations based on the primary key, thanks to GreenRover
- [core] Provide way for vendors to easily change paths to config files.
- [interface] Add inline query editing, thanks to Muhammd Adnan.
- [setup] Allow to configure changes tracking in setup script.
- [edit] Optionally disable the Type column, thanks to Brian Douglass
- [edit] Buttons for quicky creating common SQL queries, thanks to sutharshan.
- [interface] Convert loading of export/import to jQuery ready event, thanks to sutharshan.
- [edit] CURRENT_TIMESTAMP is also valid for datetime fields.
- [engines] Fix parsing of PBXT status, thanks to Madhura Jayaratne.
- [interface] Convert upload progress bar to jQuery, thanks to Philip Frank.
- [interface] Add javascript validation of datetime input, thanks to Sutharshan Balachandren.
- [interface] Default sort order is now SMART.
- [interface] Fix flipping of headers in non-IE browsers.
- [interface] Allow to choose servers from configuration for synchronisation.
- [relation] Improve ON DELETE/ON UPDATE drop-downs
- [relation] Improve labels in relation view 
- [interface] Use jQuery calendar dialog, thanks to Muhammad Adnan.
- [doc] Incorporate synchronisation docs into main document.
- [core] Include Content Security Policy HTTP headers.
- [CSS] Field attributes use inline CSS
- [interface] Cleanup navigation frame.
- [core] Prevent sending of unnecessary cookies, thanks to Piotr Przybylski 
- [password] Generate password only available if JS is enabled (fixed for Privileges and Change password)
- [core] RecodingEngine now accepts none as valid option.
- [core] Dropped AllowAnywhereRecoding configuration variable.
- [interface] Define tab order in SQL form to allow easier tab navigation.
- [core] Centralized format string expansion, @VARIABLES@ are recommended way now, used by file name templates, default queries, export and title generating.
- [validator] SQL validator works also with SOAP PHP extension.
- [interface] Better formatting for SQL validator results.
- [doc] The linked-tables infrastructure is now called phpMyAdmin configuration storage.
- [interface] Move drop/empty links from being tabs to Operations tab.
- [interface] Fixed rendering of error/notice/info titles background.
- [doc] Language and grammar fixes, thanks to Isaac Bennetch
- [export] JSON export, thanks to Hauke Henningsen
- [interface] Editor for SET/ENUM fields.
- [interface] Simplified interface to backup/restore.
- [common] Users preferences
- [relations] Dropped WYSIWYG-PDF configuration variable.
- [relations] Export relations to Dia, SVG and others
- [interface] Added charts to status tab, profiling page and query results
- [interface] AJAXification on various pages 
- [core] Remove last remaining parts of profiling code which was removed in 2006.
- [parser] Add workaround for MySQL way of handling backtick.
- [interface] Removed modification options for information_schema 
- [config] Add Left frame table filter visibility config option, thanks to eesau
- [core] Force generating of new session on login
- [interface] Drop page-break-before as it is useless for smaller tables.
- [interface] Allow to wrap enum values.
- [interface] Do not automatically mark PDF schema rows to delete
- [interface] Do not apply LeftFrameDBSeparator on first character.
- [interface] Column highlighting and marking in table view
- [common] Visual query builder
- [interface] Prevent long queries from being shown in confirmation popup
- [navi] Left panel table grouping incorrect, thanks to garas - garas
- [interface] Avoid double escaping of MySQL errors.
- [interface] Use less noisy message and remove disable link on server charts and database statistics.
- [relation] When displaying results, show a link to the foreign table even when phpMyAdmin configuration storage is not active
- [relation] Foreign key input options
- [export] Better handling of export to PHP array.
- [privileges] No DROP DATABASE warning if you delete a user
- [interface] Add link to documentation for status variables.
- [security] Redirect external links to avoid Referer leakage.
- [interface] Default to not count tables in database.
- [interface] Shortcut for copying table row.
- [auth] Reset user cache on login.
- [interface] Replace hard coded limit with $cfg['LimitChars'].
- [interface] Indicate that bookmark is being used on browse.
- [interface] Indicate shared bookmarks in interface.
- [search] Ajaxify browse and delete criteria in DB Search, thanks to Thilanka Kaushalya
- [interface] New default theme pmahomme, dropped darkblue_orange theme.
- [auth] Allow to pass additional parameters using signon method.
- [auth] Add example for OpenID authentication using signon method.
- [dbi] Default to mysqli extension.
- [interface] Add clear button to SQL edit box.
- [core] Update library PHPExcel to version 1.7.6
- [core] Work without mbstring installed.
- [interface] Add links to variables documentation.
- [import] Fix import of utf-8 XML files.
- [auth] Force signon auth on signon URL change.
- [core] Synchronization does not honor AllowArbitraryServer
- [synchronization] Data containing single quotes prevents sync, thanks to jviewer
- [common] Remove the custom color picker feature
- [privileges] Don't fail silently on missing priviledge to execute REVOKE ALL PRIVILEGES

* Sun May 29 2011 Robert Scheck <robert at fedoraproject.org> 3.4.1-1
- Upgrade to 3.4.1 (#704171)

  [ 1 ] Bug #704171 - phpMyAdmin-3.4.1 is available

This update can be installed with the "yum" update program.  Use 
su -c 'yum update phpMyAdmin' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at

More information about the package-announce mailing list