--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2022-3544c7d20e
2022-02-02 01:14:21.980437
--------------------------------------------------------------------------------Name        : phpMyAdmin
Product     : Fedora 34
Version     : 5.1.2
Release     : 1.fc34
URL         : https://www.phpmyadmin.net/
Summary     : A web interface for MySQL and MariaDB
Description :
phpMyAdmin is a tool written in PHP intended to handle the administration of
MySQL over the Web. Currently it can create and drop databases,
create/drop/alter tables, delete/edit/add fields, execute any SQL statement,
manage keys on fields, manage privileges,export data into various formats and
is available in 50 languages

--------------------------------------------------------------------------------Update Information:

**Version 5.1.2**  A flaw was identified in how phpMyAdmin processes two factor
authentication; a user could potentially manipulate their account to bypass two
factor authentication in subsequent authentication sessions (**PMASA-2022-1**).
A series of weaknesses was identified allowing a malicious user to submit
malicious information to present an XSS or HTML injection attack in the
graphical setup page (**PMASA-2022-2**).  ----  Changelog:  - issue
Replaced MySQL documentation redirected links - issue #16960 Fix JS error on
Designer visual builder on some modal buttons - issue        Re-build openlayers
JS dependency from the source files and provide a smaller JS bundle - issue
Fixed imports and theme detection depending on the current working dir - issue
Update JavaScript dependencies - issue #16935 Remove hardcoded row length for
"$cfg['CharTextareaRows']" to allow back values < 7 - issue #16977 Fix encoding
of enum and set values on edit value - issue        Fix set value as selected
when it has special chars on edit value enum - issue #16896 Fix distinct URLs
broken on nullable text fields - issue        Fixed two possible PHP errors
using INT data - issue        Fixed possible warning "Undefined index:
output_format" on export - issue        Fixed warning "Undefined index:
ods_recognize_percentages" on Import ODS - issue        Fixed warning "Undefined
array key "ods_recognize_currency" on Import ODS - issue #16982 Fixed "Notice:
Undefined index: foreign_keys_data" on Designer remove relation - issue
Backquote phpMyAdmin table name on internal relation delete query for Designer -issue #16982 Do not try to delete internal relations if they are not configured
- issue #16982 Show success messages on Designer for add and remove relation
operations - issue        Fixed possible "Undefined index: clause_is_unique" on
replace value in cell - issue #16991 Fixed case where $_SERVER['REQUEST_METHOD']
is undefined - issue        Fixed configuration error handler registration -issue #16997 Fixed server variables get/set value not working on multi server
server > 1 - issue #16998 Fixed Multi table query submit on server > 1 logged
out user - issue #17000 Fixed Multi edit on central columns on server > 1 logged
out user - issue #17001 Fix PHP error on query submit without a table name on
multi table query box - issue #16999 Fixed multi table query results shows for 1
sec and then page refreshes - issue        Fixed a non translated button text on
central columns add - issue        Fixed table width on Query by example page
for large screens - issue #16975 Fixed NULL default had a value on insert with
datatime fields - issue #16994 Fixed missing privilege escaping when assigning
multiple databases with '_' to an user - issue #16864 Fixed the margin on the
last database of the tree on all themes when scrollbars are displayed - issue
#17011 Fixed the database tree line that was not continuous on database groups -issue        Build more syntax correct URLs on JS internal redirects - issue
#16976 Fix wrong link when a table is moved from a database to another - issue
#16985 Fix case-sensitive issue of innodb_file_format=barracuda vs
innodb_file_format=Barracuda - issue        Fixed duplicate quote in navigation
nodes - issue #17006 Disable the URL limit for the MariaDB analyser feature -issue        Fix calls to fetchRow using two parameters but the function has
only one parameter - issue #17020 Fixed "Notice Undefined index: sql_query" on
Insert page - issue        Fix reported "Undefined index: FirstDayOfCalendar" -issue        Fix reported "Undefined index: environment" - issue        Fix
"TypeError: strlen() expects parameter 1 to be string, null given" on databases
listing - issue #16973 Fix "Undefined array key "n0_pos2_name"" on databases
listing - issue        Use the correct min MySQL version for axis-order (8.0.1)
instead of (8.0.11) - issue        Use the queries we asked the user
confirmation for on DELETE and TRUNCATE table actions - issue #16994 Fixed
editing specific privileges for a database covered by a wildcard privilege -issue #16994 Fixed escaping of the database name for databases containing '_' on
users edit - issue #16994 Only escape once on grant/revoke privileges for
databases containing '_' or '%' - issue #16994 Only show databases without a
privilege on multi select for user grant databases - issue        Removed un-expected query success message from the Table export page - issue #17026 Handle
possible invalid boolean values injected in SaveDir or UploadDir causing
"TypeError: mb_substr()" - issue #16981 Enable cookie parameter "SameSite" on
"phpMyAdmin" cookie for PHP >= 7.3 - issue #16966 Encode "#" to have the anchor
part of the destination URL on SQL highlight terms URLs - issue #17004 Fix PHP
errors due to removed variable "innodb_file_format" on MariaDB >= 10.6.0 and
MySQL >= 8.0.0 - issue #16842 Fixed missing password modes on PerconaDB - issue
#16947 Fix "Change login information" form not working - issue #17004 Fix
Advisor for MariaDB >= 10.5 because of removed "innodb_log_files_in_group"
variable - issue #17037 Fix change structure does not surface errors - issue
#17016 Fixed online Transaction, errors not reported on structure edit - issue
#17042 Fix SQL escaping bug on DB name with special chars on submit query with
rollback option - issue #17027 Better handle the display of sorted binary
columns in results summary - issue #16398 Quote non numeric values on
parameterized queries - issue        Fixed duplicate HTML escaping on foreign
keys select value modal - issue #15370 Fixed edit routine UI incorrectly removes
too many escape slashes - issue #14631 Fix enum with comma produces incorrect
search dropdown on search pages - issue        Fix gis visualization position
and limit parameters have no effect - issue #16995 Fix edit binary foreign key
adds a 1 to the value on the selected value - issue #13614 Fixed escaping the
database names when granting privileges on tables - issue #11834 Fixed adding a
new user on "privileges" tab of a table with a database name using a "_"
character - issue #17033 Fixed scaling of line width and point size in GIS
visualization - issue #17054 Removed "DEL" character from generated random
strings for Blowfish secret auto-generated by setup - issue #17019 Fixed
"Browse" button visible when creating a table from the database structure view -issue #16804 Fixed numbers where left-aligned rather than right-aligned - issue
Fixed Metro theme text color for buttons in the browse table navigation bar -issue #14796 Fix export Database page, UI prevents from exporting procedures
only - issue #15225 Fix Command+click on macOS opens links in same tab - issue
#17014 Fix column names in first row when importing from CSV where the first
line contains column names - issue        Fix prevent scrolling the page when
scrolling in GIS visualization - issue        Fix GIS visualization save file
with a different label or column - issue        Fixed GIS saving image as png
with a label - issue        Fixed if label is just the number zero, it was
treated as no label in the OpenLayers map - issue #17039 Fix unable to have 2FA
working with a "pmadb" config value != phpmyadmin - issue #17079 Fixed missing
spatial functions in Insert/Edit page - issue        Fixed broken docs link
after a FK data type mismatch error - issue        Fix don't add multiple
OpenLayers maps, remove listeners on dispose on GIS visualization - issue #14502
Uncheck the "ignore" checkbox when the user chooses a value in the foreign key
list on Insert page - issue #14502 Uncheck the "ignore" checkbox when the user
saves the GIS value on Insert page - issue #17018 Fixed cannot save data from
GIS editor for spatial column on Insert page - issue #17084 Fixed ErrorHandler
not showing errors when phpMyAdmin session does not work at all - issue #17062
Fixed pagination issues when working with identically named tables in separate
databases - issue #17046 Fix "Uncaught TypeError: htmlspecialchars() expects
parameter 1 to be string, null given" - issue #16942 Fix table Import with CSV
using LOAD DATA LOCAL causes error "LOAD DATA LOCAL INFILE is forbidden" - issue
#16942 Fix auto-detection for "LOAD DATA LOCAL INFILE" LOCAL option - issue
#16067 Make select elements with multiple items resizable - issue        Fix the
display of Indexes that use Expressions and not column names - issue
Allow to create the phpMyAdmin storage database using a different name than
"phpmyadmin" using the interface - issue #17092 Document that
"$cfg['Servers'][$i]['designer_coords']" was removed in version 4.3.0 - issue
#16906 Support special table names for pmadb storage table names - issue #16906
Fix a caching effect on the feature list after creating the tables - issue
#16906 Better report errors when creating the pmadb or it's tables - issue
#16906 Create the pmadb tables using the names configured and not the default
names - issue #16906 Create the phpMyAdmin storage database using the configured
"['pmadb']" name and not always "phpmyadmin" - issue #16906 Prevent incorrect
overriding of configured values after a pmadb fix - issue #16906 Use the control
connection to create the storage database and tables and not the user connection
- issue #16693 Fix can't see SQL after adding a new column - issue #12753 Show
table structure after adding a new column - issue        Fix a PHP notice when
logging out - issue #17090 Fix bbcode not rendered for error messages on setup -issue #17198 Fix the database selection when the navigation tree is disabled -issue #17228 Fixed copy to clipboard with NULL values gives non usable text -issue #16746 Replace samyoul/u2f-php-server by code-lts/u2f-php-server - issue
#16005 Performance improvement on the Import and Export pages - issue #17247 Fix
triple HTML encoding - issue #17259 Fix broken link in the Simulate DML query
modal - issue #16746 Update tcpdf dependency to ^6.4.4 for PHP 8.1 compatibility
- issue #16746 Update twig dependency to "^2.14.9 || ^3.3.5" for PHP 8.1
compatibility - issue        [security] Add configuration directive
$cfg['Servers'][$i]['hide_connection_errors'] to allow hiding host names and
other error details when login fails - issue        [security] Add configuration
directive $cfg['URLQueryEncryption'] to allow encrypting senstive information in
the URL - issue        [security] Fix a scenario where an authenticated user can
disable two factor authentication (PMASA-2022-1) - issue        [security] Fix
XSS and HTML injection attacks in the graphical setup page (PMASA-2022-2)  ----Packaging changes:  * the package now provides all dependencies bundled.
--------------------------------------------------------------------------------ChangeLog:

* Sun Jan 23 2022 Remi Collet  - 5.1.2-1
- update to 5.1.2 (2022-01-22, security and bugfix release)
- always use bundled libraries
- fix Licence name
- add build dependency on json ext
--------------------------------------------------------------------------------References:

  [ 1 ] Bug #2045578 - CVE-2022-23807 phpMyAdmin: two-factor authentication bypass
        https://bugzilla.redhat.com/show_bug.cgi?id=2045578
  [ 2 ] Bug #2045582 - CVE-2022-23808 phpMyAdmin: multiple XSS and HTML injection attacks in setup script
        https://bugzilla.redhat.com/show_bug.cgi?id=2045582
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-3544c7d20e' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Fedora 34: phpMyAdmin 2022-3544c7d20e

February 1, 2022

**Version 5.1.2** A flaw was identified in how phpMyAdmin processes two factor authentication; a user could potentially manipulate their account to bypass two factor authentication...

Summary

phpMyAdmin is a tool written in PHP intended to handle the administration of

MySQL over the Web. Currently it can create and drop databases,

create/drop/alter tables, delete/edit/add fields, execute any SQL statement,

manage keys on fields, manage privileges,export data into various formats and

is available in 50 languages

**Version 5.1.2** A flaw was identified in how phpMyAdmin processes two factor

authentication; a user could potentially manipulate their account to bypass two

factor authentication in subsequent authentication sessions (**PMASA-2022-1**).

A series of weaknesses was identified allowing a malicious user to submit

malicious information to present an XSS or HTML injection attack in the

graphical setup page (**PMASA-2022-2**). ---- Changelog: - issue

Replaced MySQL documentation redirected links - issue #16960 Fix JS error on

Designer visual builder on some modal buttons - issue Re-build openlayers

JS dependency from the source files and provide a smaller JS bundle - issue

Fixed imports and theme detection depending on the current working dir - issue

Update JavaScript dependencies - issue #16935 Remove hardcoded row length for

"$cfg['CharTextareaRows']" to allow back values < 7 - issue #16977 Fix encoding

of enum and set values on edit value - issue Fix set value as selected

when it has special chars on edit value enum - issue #16896 Fix distinct URLs

broken on nullable text fields - issue Fixed two possible PHP errors

using INT data - issue Fixed possible warning "Undefined index:

output_format" on export - issue Fixed warning "Undefined index:

ods_recognize_percentages" on Import ODS - issue Fixed warning "Undefined

array key "ods_recognize_currency" on Import ODS - issue #16982 Fixed "Notice:

Undefined index: foreign_keys_data" on Designer remove relation - issue

Backquote phpMyAdmin table name on internal relation delete query for Designer -issue #16982 Do not try to delete internal relations if they are not configured

- issue #16982 Show success messages on Designer for add and remove relation

operations - issue Fixed possible "Undefined index: clause_is_unique" on

replace value in cell - issue #16991 Fixed case where $_SERVER['REQUEST_METHOD']

is undefined - issue Fixed configuration error handler registration -issue #16997 Fixed server variables get/set value not working on multi server

server > 1 - issue #16998 Fixed Multi table query submit on server > 1 logged

out user - issue #17000 Fixed Multi edit on central columns on server > 1 logged

out user - issue #17001 Fix PHP error on query submit without a table name on

multi table query box - issue #16999 Fixed multi table query results shows for 1

sec and then page refreshes - issue Fixed a non translated button text on

central columns add - issue Fixed table width on Query by example page

for large screens - issue #16975 Fixed NULL default had a value on insert with

datatime fields - issue #16994 Fixed missing privilege escaping when assigning

multiple databases with '_' to an user - issue #16864 Fixed the margin on the

last database of the tree on all themes when scrollbars are displayed - issue

#17011 Fixed the database tree line that was not continuous on database groups -issue Build more syntax correct URLs on JS internal redirects - issue

#16976 Fix wrong link when a table is moved from a database to another - issue

#16985 Fix case-sensitive issue of innodb_file_format=barracuda vs

innodb_file_format=Barracuda - issue Fixed duplicate quote in navigation

nodes - issue #17006 Disable the URL limit for the MariaDB analyser feature -issue Fix calls to fetchRow using two parameters but the function has

only one parameter - issue #17020 Fixed "Notice Undefined index: sql_query" on

Insert page - issue Fix reported "Undefined index: FirstDayOfCalendar" -issue Fix reported "Undefined index: environment" - issue Fix

"TypeError: strlen() expects parameter 1 to be string, null given" on databases

listing - issue #16973 Fix "Undefined array key "n0_pos2_name"" on databases

listing - issue Use the correct min MySQL version for axis-order (8.0.1)

instead of (8.0.11) - issue Use the queries we asked the user

confirmation for on DELETE and TRUNCATE table actions - issue #16994 Fixed

editing specific privileges for a database covered by a wildcard privilege -issue #16994 Fixed escaping of the database name for databases containing '_' on

users edit - issue #16994 Only escape once on grant/revoke privileges for

databases containing '_' or '%' - issue #16994 Only show databases without a

privilege on multi select for user grant databases - issue Removed un-expected query success message from the Table export page - issue #17026 Handle

possible invalid boolean values injected in SaveDir or UploadDir causing

"TypeError: mb_substr()" - issue #16981 Enable cookie parameter "SameSite" on

"phpMyAdmin" cookie for PHP >= 7.3 - issue #16966 Encode "#" to have the anchor

part of the destination URL on SQL highlight terms URLs - issue #17004 Fix PHP

errors due to removed variable "innodb_file_format" on MariaDB >= 10.6.0 and

MySQL >= 8.0.0 - issue #16842 Fixed missing password modes on PerconaDB - issue

#16947 Fix "Change login information" form not working - issue #17004 Fix

Advisor for MariaDB >= 10.5 because of removed "innodb_log_files_in_group"

variable - issue #17037 Fix change structure does not surface errors - issue

#17016 Fixed online Transaction, errors not reported on structure edit - issue

#17042 Fix SQL escaping bug on DB name with special chars on submit query with

rollback option - issue #17027 Better handle the display of sorted binary

columns in results summary - issue #16398 Quote non numeric values on

parameterized queries - issue Fixed duplicate HTML escaping on foreign

keys select value modal - issue #15370 Fixed edit routine UI incorrectly removes

too many escape slashes - issue #14631 Fix enum with comma produces incorrect

search dropdown on search pages - issue Fix gis visualization position

and limit parameters have no effect - issue #16995 Fix edit binary foreign key

adds a 1 to the value on the selected value - issue #13614 Fixed escaping the

database names when granting privileges on tables - issue #11834 Fixed adding a

new user on "privileges" tab of a table with a database name using a "_"

character - issue #17033 Fixed scaling of line width and point size in GIS

visualization - issue #17054 Removed "DEL" character from generated random

strings for Blowfish secret auto-generated by setup - issue #17019 Fixed

"Browse" button visible when creating a table from the database structure view -issue #16804 Fixed numbers where left-aligned rather than right-aligned - issue

Fixed Metro theme text color for buttons in the browse table navigation bar -issue #14796 Fix export Database page, UI prevents from exporting procedures

only - issue #15225 Fix Command+click on macOS opens links in same tab - issue

#17014 Fix column names in first row when importing from CSV where the first

line contains column names - issue Fix prevent scrolling the page when

scrolling in GIS visualization - issue Fix GIS visualization save file

with a different label or column - issue Fixed GIS saving image as png

with a label - issue Fixed if label is just the number zero, it was

treated as no label in the OpenLayers map - issue #17039 Fix unable to have 2FA

working with a "pmadb" config value != phpmyadmin - issue #17079 Fixed missing

spatial functions in Insert/Edit page - issue Fixed broken docs link

after a FK data type mismatch error - issue Fix don't add multiple

OpenLayers maps, remove listeners on dispose on GIS visualization - issue #14502

Uncheck the "ignore" checkbox when the user chooses a value in the foreign key

list on Insert page - issue #14502 Uncheck the "ignore" checkbox when the user

saves the GIS value on Insert page - issue #17018 Fixed cannot save data from

GIS editor for spatial column on Insert page - issue #17084 Fixed ErrorHandler

not showing errors when phpMyAdmin session does not work at all - issue #17062

Fixed pagination issues when working with identically named tables in separate

databases - issue #17046 Fix "Uncaught TypeError: htmlspecialchars() expects

parameter 1 to be string, null given" - issue #16942 Fix table Import with CSV

using LOAD DATA LOCAL causes error "LOAD DATA LOCAL INFILE is forbidden" - issue

#16942 Fix auto-detection for "LOAD DATA LOCAL INFILE" LOCAL option - issue

#16067 Make select elements with multiple items resizable - issue Fix the

display of Indexes that use Expressions and not column names - issue

Allow to create the phpMyAdmin storage database using a different name than

"phpmyadmin" using the interface - issue #17092 Document that

"$cfg['Servers'][$i]['designer_coords']" was removed in version 4.3.0 - issue

#16906 Support special table names for pmadb storage table names - issue #16906

Fix a caching effect on the feature list after creating the tables - issue

#16906 Better report errors when creating the pmadb or it's tables - issue

#16906 Create the pmadb tables using the names configured and not the default

names - issue #16906 Create the phpMyAdmin storage database using the configured

"['pmadb']" name and not always "phpmyadmin" - issue #16906 Prevent incorrect

overriding of configured values after a pmadb fix - issue #16906 Use the control

connection to create the storage database and tables and not the user connection

- issue #16693 Fix can't see SQL after adding a new column - issue #12753 Show

table structure after adding a new column - issue Fix a PHP notice when

logging out - issue #17090 Fix bbcode not rendered for error messages on setup -issue #17198 Fix the database selection when the navigation tree is disabled -issue #17228 Fixed copy to clipboard with NULL values gives non usable text -issue #16746 Replace samyoul/u2f-php-server by code-lts/u2f-php-server - issue

#16005 Performance improvement on the Import and Export pages - issue #17247 Fix

triple HTML encoding - issue #17259 Fix broken link in the Simulate DML query

modal - issue #16746 Update tcpdf dependency to ^6.4.4 for PHP 8.1 compatibility

- issue #16746 Update twig dependency to "^2.14.9 || ^3.3.5" for PHP 8.1

compatibility - issue [security] Add configuration directive

$cfg['Servers'][$i]['hide_connection_errors'] to allow hiding host names and

other error details when login fails - issue [security] Add configuration

directive $cfg['URLQueryEncryption'] to allow encrypting senstive information in

the URL - issue [security] Fix a scenario where an authenticated user can

disable two factor authentication (PMASA-2022-1) - issue [security] Fix

XSS and HTML injection attacks in the graphical setup page (PMASA-2022-2) ----Packaging changes: * the package now provides all dependencies bundled.

* Sun Jan 23 2022 Remi Collet - 5.1.2-1

- update to 5.1.2 (2022-01-22, security and bugfix release)

- always use bundled libraries

- fix Licence name

- add build dependency on json ext

[ 1 ] Bug #2045578 - CVE-2022-23807 phpMyAdmin: two-factor authentication bypass

https://bugzilla.redhat.com/show_bug.cgi?id=2045578

[ 2 ] Bug #2045582 - CVE-2022-23808 phpMyAdmin: multiple XSS and HTML injection attacks in setup script

https://bugzilla.redhat.com/show_bug.cgi?id=2045582

su -c 'dnf upgrade --advisory FEDORA-2022-3544c7d20e' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

FEDORA-2022-3544c7d20e 2022-02-02 01:14:21.980437 Product : Fedora 34 Version : 5.1.2 Release : 1.fc34 URL : https://www.phpmyadmin.net/ Summary : A web interface for MySQL and MariaDB Description : phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats and is available in 50 languages **Version 5.1.2** A flaw was identified in how phpMyAdmin processes two factor authentication; a user could potentially manipulate their account to bypass two factor authentication in subsequent authentication sessions (**PMASA-2022-1**). A series of weaknesses was identified allowing a malicious user to submit malicious information to present an XSS or HTML injection attack in the graphical setup page (**PMASA-2022-2**). ---- Changelog: - issue Replaced MySQL documentation redirected links - issue #16960 Fix JS error on Designer visual builder on some modal buttons - issue Re-build openlayers JS dependency from the source files and provide a smaller JS bundle - issue Fixed imports and theme detection depending on the current working dir - issue Update JavaScript dependencies - issue #16935 Remove hardcoded row length for "$cfg['CharTextareaRows']" to allow back values < 7 - issue #16977 Fix encoding of enum and set values on edit value - issue Fix set value as selected when it has special chars on edit value enum - issue #16896 Fix distinct URLs broken on nullable text fields - issue Fixed two possible PHP errors using INT data - issue Fixed possible warning "Undefined index: output_format" on export - issue Fixed warning "Undefined index: ods_recognize_percentages" on Import ODS - issue Fixed warning "Undefined array key "ods_recognize_currency" on Import ODS - issue #16982 Fixed "Notice: Undefined index: foreign_keys_data" on Designer remove relation - issue Backquote phpMyAdmin table name on internal relation delete query for Designer -issue #16982 Do not try to delete internal relations if they are not configured - issue #16982 Show success messages on Designer for add and remove relation operations - issue Fixed possible "Undefined index: clause_is_unique" on replace value in cell - issue #16991 Fixed case where $_SERVER['REQUEST_METHOD'] is undefined - issue Fixed configuration error handler registration -issue #16997 Fixed server variables get/set value not working on multi server server > 1 - issue #16998 Fixed Multi table query submit on server > 1 logged out user - issue #17000 Fixed Multi edit on central columns on server > 1 logged out user - issue #17001 Fix PHP error on query submit without a table name on multi table query box - issue #16999 Fixed multi table query results shows for 1 sec and then page refreshes - issue Fixed a non translated button text on central columns add - issue Fixed table width on Query by example page for large screens - issue #16975 Fixed NULL default had a value on insert with datatime fields - issue #16994 Fixed missing privilege escaping when assigning multiple databases with '_' to an user - issue #16864 Fixed the margin on the last database of the tree on all themes when scrollbars are displayed - issue #17011 Fixed the database tree line that was not continuous on database groups -issue Build more syntax correct URLs on JS internal redirects - issue #16976 Fix wrong link when a table is moved from a database to another - issue #16985 Fix case-sensitive issue of innodb_file_format=barracuda vs innodb_file_format=Barracuda - issue Fixed duplicate quote in navigation nodes - issue #17006 Disable the URL limit for the MariaDB analyser feature -issue Fix calls to fetchRow using two parameters but the function has only one parameter - issue #17020 Fixed "Notice Undefined index: sql_query" on Insert page - issue Fix reported "Undefined index: FirstDayOfCalendar" -issue Fix reported "Undefined index: environment" - issue Fix "TypeError: strlen() expects parameter 1 to be string, null given" on databases listing - issue #16973 Fix "Undefined array key "n0_pos2_name"" on databases listing - issue Use the correct min MySQL version for axis-order (8.0.1) instead of (8.0.11) - issue Use the queries we asked the user confirmation for on DELETE and TRUNCATE table actions - issue #16994 Fixed editing specific privileges for a database covered by a wildcard privilege -issue #16994 Fixed escaping of the database name for databases containing '_' on users edit - issue #16994 Only escape once on grant/revoke privileges for databases containing '_' or '%' - issue #16994 Only show databases without a privilege on multi select for user grant databases - issue Removed un-expected query success message from the Table export page - issue #17026 Handle possible invalid boolean values injected in SaveDir or UploadDir causing "TypeError: mb_substr()" - issue #16981 Enable cookie parameter "SameSite" on "phpMyAdmin" cookie for PHP >= 7.3 - issue #16966 Encode "#" to have the anchor part of the destination URL on SQL highlight terms URLs - issue #17004 Fix PHP errors due to removed variable "innodb_file_format" on MariaDB >= 10.6.0 and MySQL >= 8.0.0 - issue #16842 Fixed missing password modes on PerconaDB - issue #16947 Fix "Change login information" form not working - issue #17004 Fix Advisor for MariaDB >= 10.5 because of removed "innodb_log_files_in_group" variable - issue #17037 Fix change structure does not surface errors - issue #17016 Fixed online Transaction, errors not reported on structure edit - issue #17042 Fix SQL escaping bug on DB name with special chars on submit query with rollback option - issue #17027 Better handle the display of sorted binary columns in results summary - issue #16398 Quote non numeric values on parameterized queries - issue Fixed duplicate HTML escaping on foreign keys select value modal - issue #15370 Fixed edit routine UI incorrectly removes too many escape slashes - issue #14631 Fix enum with comma produces incorrect search dropdown on search pages - issue Fix gis visualization position and limit parameters have no effect - issue #16995 Fix edit binary foreign key adds a 1 to the value on the selected value - issue #13614 Fixed escaping the database names when granting privileges on tables - issue #11834 Fixed adding a new user on "privileges" tab of a table with a database name using a "_" character - issue #17033 Fixed scaling of line width and point size in GIS visualization - issue #17054 Removed "DEL" character from generated random strings for Blowfish secret auto-generated by setup - issue #17019 Fixed "Browse" button visible when creating a table from the database structure view -issue #16804 Fixed numbers where left-aligned rather than right-aligned - issue Fixed Metro theme text color for buttons in the browse table navigation bar -issue #14796 Fix export Database page, UI prevents from exporting procedures only - issue #15225 Fix Command+click on macOS opens links in same tab - issue #17014 Fix column names in first row when importing from CSV where the first line contains column names - issue Fix prevent scrolling the page when scrolling in GIS visualization - issue Fix GIS visualization save file with a different label or column - issue Fixed GIS saving image as png with a label - issue Fixed if label is just the number zero, it was treated as no label in the OpenLayers map - issue #17039 Fix unable to have 2FA working with a "pmadb" config value != phpmyadmin - issue #17079 Fixed missing spatial functions in Insert/Edit page - issue Fixed broken docs link after a FK data type mismatch error - issue Fix don't add multiple OpenLayers maps, remove listeners on dispose on GIS visualization - issue #14502 Uncheck the "ignore" checkbox when the user chooses a value in the foreign key list on Insert page - issue #14502 Uncheck the "ignore" checkbox when the user saves the GIS value on Insert page - issue #17018 Fixed cannot save data from GIS editor for spatial column on Insert page - issue #17084 Fixed ErrorHandler not showing errors when phpMyAdmin session does not work at all - issue #17062 Fixed pagination issues when working with identically named tables in separate databases - issue #17046 Fix "Uncaught TypeError: htmlspecialchars() expects parameter 1 to be string, null given" - issue #16942 Fix table Import with CSV using LOAD DATA LOCAL causes error "LOAD DATA LOCAL INFILE is forbidden" - issue #16942 Fix auto-detection for "LOAD DATA LOCAL INFILE" LOCAL option - issue #16067 Make select elements with multiple items resizable - issue Fix the display of Indexes that use Expressions and not column names - issue Allow to create the phpMyAdmin storage database using a different name than "phpmyadmin" using the interface - issue #17092 Document that "$cfg['Servers'][$i]['designer_coords']" was removed in version 4.3.0 - issue #16906 Support special table names for pmadb storage table names - issue #16906 Fix a caching effect on the feature list after creating the tables - issue #16906 Better report errors when creating the pmadb or it's tables - issue #16906 Create the pmadb tables using the names configured and not the default names - issue #16906 Create the phpMyAdmin storage database using the configured "['pmadb']" name and not always "phpmyadmin" - issue #16906 Prevent incorrect overriding of configured values after a pmadb fix - issue #16906 Use the control connection to create the storage database and tables and not the user connection - issue #16693 Fix can't see SQL after adding a new column - issue #12753 Show table structure after adding a new column - issue Fix a PHP notice when logging out - issue #17090 Fix bbcode not rendered for error messages on setup -issue #17198 Fix the database selection when the navigation tree is disabled -issue #17228 Fixed copy to clipboard with NULL values gives non usable text -issue #16746 Replace samyoul/u2f-php-server by code-lts/u2f-php-server - issue #16005 Performance improvement on the Import and Export pages - issue #17247 Fix triple HTML encoding - issue #17259 Fix broken link in the Simulate DML query modal - issue #16746 Update tcpdf dependency to ^6.4.4 for PHP 8.1 compatibility - issue #16746 Update twig dependency to "^2.14.9 || ^3.3.5" for PHP 8.1 compatibility - issue [security] Add configuration directive $cfg['Servers'][$i]['hide_connection_errors'] to allow hiding host names and other error details when login fails - issue [security] Add configuration directive $cfg['URLQueryEncryption'] to allow encrypting senstive information in the URL - issue [security] Fix a scenario where an authenticated user can disable two factor authentication (PMASA-2022-1) - issue [security] Fix XSS and HTML injection attacks in the graphical setup page (PMASA-2022-2) ----Packaging changes: * the package now provides all dependencies bundled. * Sun Jan 23 2022 Remi Collet - 5.1.2-1 - update to 5.1.2 (2022-01-22, security and bugfix release) - always use bundled libraries - fix Licence name - add build dependency on json ext [ 1 ] Bug #2045578 - CVE-2022-23807 phpMyAdmin: two-factor authentication bypass https://bugzilla.redhat.com/show_bug.cgi?id=2045578 [ 2 ] Bug #2045582 - CVE-2022-23808 phpMyAdmin: multiple XSS and HTML injection attacks in setup script https://bugzilla.redhat.com/show_bug.cgi?id=2045582 su -c 'dnf upgrade --advisory FEDORA-2022-3544c7d20e' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure