[phpMyAdmin Git] [phpmyadmin/phpmyadmin] 02f613: ChangeLog entries for security issues
Isaac Bennetch
bennetch at gmail.com
Wed Mar 2 13:06:04 CET 2016
Branch: refs/heads/STABLE
Home: https://github.com/phpmyadmin/phpmyadmin
Commit: 02f613714fc4a8efabb3ac53243e828580447a9b
https://github.com/phpmyadmin/phpmyadmin/commit/02f613714fc4a8efabb3ac53243e828580447a9b
Author: Madhura Jayaratne <madhura.cj at gmail.com>
Date: 2016-01-28 (Thu, 28 Jan 2016)
Changed paths:
M ChangeLog
Log Message:
-----------
ChangeLog entries for security issues
Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>
Commit: 2b1a68cc4eb935ef3df5c7401d0d1338df09bc72
https://github.com/phpmyadmin/phpmyadmin/commit/2b1a68cc4eb935ef3df5c7401d0d1338df09bc72
Author: Dan Ungureanu <udan1107 at gmail.com>
Date: 2016-02-24 (Wed, 24 Feb 2016)
Changed paths:
M libraries/sql-parser/src/Components/AlterOperation.php
M libraries/sql-parser/src/Components/ArrayObj.php
M libraries/sql-parser/src/Components/Condition.php
M libraries/sql-parser/src/Components/CreateDefinition.php
M libraries/sql-parser/src/Components/Expression.php
M libraries/sql-parser/src/Components/JoinKeyword.php
M libraries/sql-parser/src/Components/Key.php
M libraries/sql-parser/src/Components/Limit.php
M libraries/sql-parser/src/Components/OptionsArray.php
M libraries/sql-parser/src/Components/OrderKeyword.php
M libraries/sql-parser/src/Components/SetOperation.php
M libraries/sql-parser/src/Parser.php
M libraries/sql-parser/src/Statements/AlterStatement.php
M libraries/sql-parser/src/Statements/CreateStatement.php
M libraries/sql-parser/src/Statements/DropStatement.php
M libraries/sql-parser/src/Token.php
M libraries/sql-parser/src/Utils/Formatter.php
M libraries/sql-parser/src/Utils/Query.php
Log Message:
-----------
Updates sql-parser to phpmyadmin/sql-parser at 5c489d91f561cb0a63e0b63b29d6da71f626a137 (v3.4.0).
Fixes #11971. CREATE UNIQUE INDEX index type is not recognized by parser.
Fixes #11982. Row count wrong when grouping joined tables.
Fixes #12012. Column definition with default value and comment in CREATE TABLE expoerted faulty.
Fixes #12020. New statement but no delimiter and unexpected token with REPLACE.
Signed-off-by: Dan Ungureanu <udan1107 at gmail.com>
Commit: 67c5514e653e22b8c8c95bc3a0620407b594a299
https://github.com/phpmyadmin/phpmyadmin/commit/67c5514e653e22b8c8c95bc3a0620407b594a299
Author: Michal Čihař <michal at cihar.com>
Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths:
M ChangeLog
M README
M doc/conf.py
M libraries/Config.class.php
M libraries/plugins/auth/AuthenticationCookie.class.php
M libraries/session.inc.php
Log Message:
-----------
Merge branch 'MAINT_4_5_4' into MAINT_4_5_4-security
Commit: 9702259f81312536df5c3d6839c1465b508a84b5
https://github.com/phpmyadmin/phpmyadmin/commit/9702259f81312536df5c3d6839c1465b508a84b5
Author: Michal Čihař <michal at cihar.com>
Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths:
M ChangeLog
Log Message:
-----------
Merge remote-tracking branch 'security/MAINT_4_5_4-security' into MAINT_4_5_5
Commit: 3a6a9a807d99371ee126635e1a505fc1fe0df32c
https://github.com/phpmyadmin/phpmyadmin/commit/3a6a9a807d99371ee126635e1a505fc1fe0df32c
Author: Michal Čihař <michal at cihar.com>
Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths:
M libraries/sql-parser/src/Utils/Error.php
Log Message:
-----------
Escape query when displaying
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 7877a9c0084bf8ae15cbd8d2729b126271f682cc
https://github.com/phpmyadmin/phpmyadmin/commit/7877a9c0084bf8ae15cbd8d2729b126271f682cc
Author: Michal Čihař <michal at cihar.com>
Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths:
M js/functions.js
Log Message:
-----------
Escape SQL query for inline editing
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 16a6a02fca663264de9b034f4acad9c92295586f
https://github.com/phpmyadmin/phpmyadmin/commit/16a6a02fca663264de9b034f4acad9c92295586f
Author: Michal Čihař <michal at cihar.com>
Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths:
M libraries/tcpdf/include/tcpdf_static.php
Log Message:
-----------
Avoid skipping the SSL certificate check in TCPDF
This code is never used in phpMyAdmin, but we fix it just to avoid
potential security reports.
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: e42b7e3aedd29dd0f7a48575f20bfc5aca0ff976
https://github.com/phpmyadmin/phpmyadmin/commit/e42b7e3aedd29dd0f7a48575f20bfc5aca0ff976
Author: Michal Čihař <michal at cihar.com>
Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths:
M libraries/Config.class.php
M test/classes/PMA_Config_test.php
Log Message:
-----------
Bring back SSL certificate validation
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 983faa94f161df3623ecd371d3696a1b3f91c15f
https://github.com/phpmyadmin/phpmyadmin/commit/983faa94f161df3623ecd371d3696a1b3f91c15f
Author: Michal Čihař <michal at cihar.com>
Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths:
M templates/database/structure/sortable_header.phtml
Log Message:
-----------
Fix XSS in database structure page
Forward ported commit 90df124797175688a63be0d0a311210e92f09895
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 38fa1191049ac0c626a6684eea52068dfbbb5078
https://github.com/phpmyadmin/phpmyadmin/commit/38fa1191049ac0c626a6684eea52068dfbbb5078
Author: Michal Čihař <michal at cihar.com>
Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths:
M libraries/Config.class.php
Log Message:
-----------
Urlencode hostname
This can come from the HTTP header, so we need to be sure to sanitize
it.
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 746240bd13b62b5956fc34389cfbdc09e1e67775
https://github.com/phpmyadmin/phpmyadmin/commit/746240bd13b62b5956fc34389cfbdc09e1e67775
Author: Madhura Jayaratne <madhura.cj at gmail.com>
Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths:
M normalization.php
Log Message:
-----------
Fix XSS in normalization
Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>
Commit: 5fb33a7af41ed0526f81aebd19fce8d784606c13
https://github.com/phpmyadmin/phpmyadmin/commit/5fb33a7af41ed0526f81aebd19fce8d784606c13
Author: Michal Čihař <michal at cihar.com>
Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths:
M libraries/sql-parser/src/Components/AlterOperation.php
M libraries/sql-parser/src/Components/ArrayObj.php
M libraries/sql-parser/src/Components/Condition.php
M libraries/sql-parser/src/Components/CreateDefinition.php
M libraries/sql-parser/src/Components/Expression.php
M libraries/sql-parser/src/Components/JoinKeyword.php
M libraries/sql-parser/src/Components/Key.php
M libraries/sql-parser/src/Components/Limit.php
M libraries/sql-parser/src/Components/OptionsArray.php
M libraries/sql-parser/src/Components/OrderKeyword.php
M libraries/sql-parser/src/Components/SetOperation.php
M libraries/sql-parser/src/Parser.php
M libraries/sql-parser/src/Statements/AlterStatement.php
M libraries/sql-parser/src/Statements/CreateStatement.php
M libraries/sql-parser/src/Statements/DropStatement.php
M libraries/sql-parser/src/Token.php
M libraries/sql-parser/src/Utils/Formatter.php
M libraries/sql-parser/src/Utils/Query.php
Log Message:
-----------
Merge commit '2b1a68cc4eb935ef3df5c7401d0d1338df09bc72' into MAINT_4_5_5
Commit: 57607e062b794f0b641c0e14250876905e89a86b
https://github.com/phpmyadmin/phpmyadmin/commit/57607e062b794f0b641c0e14250876905e89a86b
Author: Michal Čihař <michal at cihar.com>
Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths:
M ChangeLog
Log Message:
-----------
Add changelog for SQL parser update
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 1297747a65c80a60ab777cd1fe905fc8d724d4d5
https://github.com/phpmyadmin/phpmyadmin/commit/1297747a65c80a60ab777cd1fe905fc8d724d4d5
Author: Michal Čihař <michal at cihar.com>
Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths:
M ChangeLog
M libraries/plugins/export/ExportSql.class.php
Log Message:
-----------
Fixed incorrect usage of SQL parser context in SQL export
Fixes #12029
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: e65f375918a1eef5b1289d890ced645d3925464a
https://github.com/phpmyadmin/phpmyadmin/commit/e65f375918a1eef5b1289d890ced645d3925464a
Author: Michal Čihař <michal at cihar.com>
Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths:
M ChangeLog
M libraries/plugins/export/ExportSql.class.php
Log Message:
-----------
Merge branch 'MAINT_4_5_5' into MAINT_4_5_5-security
Commit: c842a0de9288033d25404d1d6eb22dd83033675f
https://github.com/phpmyadmin/phpmyadmin/commit/c842a0de9288033d25404d1d6eb22dd83033675f
Author: Michal Čihař <michal at cihar.com>
Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths:
M file_echo.php
Log Message:
-----------
Use correct headers for json data
It was previously not marked as such what could potentially lead to
browsers doing some autodetection.
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: b3d36dc836df31a7d1b1c4f61f578a9b42bd1f98
https://github.com/phpmyadmin/phpmyadmin/commit/b3d36dc836df31a7d1b1c4f61f578a9b42bd1f98
Author: Michal Čihař <michal at cihar.com>
Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths:
M libraries/Config.class.php
M test/classes/PMA_Config_test.php
Log Message:
-----------
Merge pull request #23 from phpmyadmin/ssl-cert
Bring back SSL certificate validation
Commit: f33a42f1da9db943a67bda7d29f7dd91957a8e7e
https://github.com/phpmyadmin/phpmyadmin/commit/f33a42f1da9db943a67bda7d29f7dd91957a8e7e
Author: Madhura Jayaratne <madhura.cj at gmail.com>
Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths:
M js/functions.js
M js/normalization.js
Log Message:
-----------
Fix XSS in normalization.js
Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>
Commit: 37c34d089aa19f30d11203bb0c7f85b486424372
https://github.com/phpmyadmin/phpmyadmin/commit/37c34d089aa19f30d11203bb0c7f85b486424372
Author: Madhura Jayaratne <madhura.cj at gmail.com>
Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths:
M js/normalization.js
Log Message:
-----------
Escape selectors
Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>
Commit: 9bce7dafaf746559c617f674e27b9c0f75ae97a2
https://github.com/phpmyadmin/phpmyadmin/commit/9bce7dafaf746559c617f674e27b9c0f75ae97a2
Author: Michal Čihař <michal at cihar.com>
Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths:
M ChangeLog
Log Message:
-----------
Add changes for security issues
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: bcd4ce8cba1272fca52f2331c08f2e3ac19cbbef
https://github.com/phpmyadmin/phpmyadmin/commit/bcd4ce8cba1272fca52f2331c08f2e3ac19cbbef
Author: Madhura Jayaratne <madhura.cj at gmail.com>
Date: 2016-02-27 (Sat, 27 Feb 2016)
Changed paths:
M js/normalization.js
Log Message:
-----------
Fix XSS in normalization.js
Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>
Commit: ab1283e8366c97a155d4e9ae58628a248458ea32
https://github.com/phpmyadmin/phpmyadmin/commit/ab1283e8366c97a155d4e9ae58628a248458ea32
Author: Madhura Jayaratne <madhura.cj at gmail.com>
Date: 2016-02-29 (Mon, 29 Feb 2016)
Changed paths:
M libraries/server_privileges.lib.php
Log Message:
-----------
Fix XSS in User accounts page
Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>
Commit: cc55f44a4a90147a007dee1aefa1cb529e23798b
https://github.com/phpmyadmin/phpmyadmin/commit/cc55f44a4a90147a007dee1aefa1cb529e23798b
Author: Madhura Jayaratne <madhura.cj at gmail.com>
Date: 2016-02-29 (Mon, 29 Feb 2016)
Changed paths:
M db_central_columns.php
Log Message:
-----------
Fix XSS in Central columns page
Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>
Commit: 4650ad7fbde189678d180b8f294af3591f50b829
https://github.com/phpmyadmin/phpmyadmin/commit/4650ad7fbde189678d180b8f294af3591f50b829
Author: Madhura Jayaratne <madhura.cj at gmail.com>
Date: 2016-02-29 (Mon, 29 Feb 2016)
Changed paths:
M templates/table/search/input_box.phtml
M templates/table/search/rows_zoom.phtml
Log Message:
-----------
A better way of escaping
Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>
Commit: 41c4e0214c286f28830cca54423b5db57e7c0ce4
https://github.com/phpmyadmin/phpmyadmin/commit/41c4e0214c286f28830cca54423b5db57e7c0ce4
Author: Madhura Jayaratne <madhura.cj at gmail.com>
Date: 2016-02-29 (Mon, 29 Feb 2016)
Changed paths:
M libraries/controllers/TableSearchController.class.php
Log Message:
-----------
Fix XSS in zoom search
Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>
Commit: 2925d6468b60363669a08cfd8e689c1a05191744
https://github.com/phpmyadmin/phpmyadmin/commit/2925d6468b60363669a08cfd8e689c1a05191744
Author: Michal Čihař <michal at cihar.com>
Date: 2016-02-29 (Mon, 29 Feb 2016)
Changed paths:
M templates/table/search/input_box.phtml
M templates/table/search/rows_zoom.phtml
Log Message:
-----------
Merge pull request #29 from phpmyadmin/escape
A better way of escaping
Commit: 88e0944cfd6c74c32bd57e209eaedbb32dd8314f
https://github.com/phpmyadmin/phpmyadmin/commit/88e0944cfd6c74c32bd57e209eaedbb32dd8314f
Author: Michal Čihař <michal at cihar.com>
Date: 2016-02-29 (Mon, 29 Feb 2016)
Changed paths:
M ChangeLog
M libraries/sql-parser/autoload.php
Log Message:
-----------
Honor vendor configuration for gettext inclusion
Fixes #12048
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 3c583b86d46f72f3ac331fea64fa02c3fbf38561
https://github.com/phpmyadmin/phpmyadmin/commit/3c583b86d46f72f3ac331fea64fa02c3fbf38561
Author: Michal Čihař <michal at cihar.com>
Date: 2016-02-29 (Mon, 29 Feb 2016)
Changed paths:
M ChangeLog
M libraries/sql-parser/autoload.php
Log Message:
-----------
Merge branch 'MAINT_4_5_5' into MAINT_4_5_5-security
Commit: 51a0d2f25a71432570f59dd9053b9dbbc93733b3
https://github.com/phpmyadmin/phpmyadmin/commit/51a0d2f25a71432570f59dd9053b9dbbc93733b3
Author: Isaac Bennetch <bennetch at gmail.com>
Date: 2016-02-29 (Mon, 29 Feb 2016)
Changed paths:
M ChangeLog
M README
M doc/conf.py
M libraries/Config.class.php
Log Message:
-----------
4.5.5.1 release
Signed-off-by: Isaac Bennetch <bennetch at gmail.com>
Commit: 84a3d88fb2e4e74b10e393d90259adccf97abfe2
https://github.com/phpmyadmin/phpmyadmin/commit/84a3d88fb2e4e74b10e393d90259adccf97abfe2
Author: Isaac Bennetch <bennetch at gmail.com>
Date: 2016-02-29 (Mon, 29 Feb 2016)
Changed paths:
M ChangeLog
M README
M db_central_columns.php
M doc/conf.py
M file_echo.php
M js/functions.js
M js/normalization.js
M libraries/Config.class.php
M libraries/controllers/TableSearchController.class.php
M libraries/plugins/export/ExportSql.class.php
M libraries/server_privileges.lib.php
M libraries/sql-parser/autoload.php
M libraries/sql-parser/src/Components/AlterOperation.php
M libraries/sql-parser/src/Components/ArrayObj.php
M libraries/sql-parser/src/Components/Condition.php
M libraries/sql-parser/src/Components/CreateDefinition.php
M libraries/sql-parser/src/Components/Expression.php
M libraries/sql-parser/src/Components/JoinKeyword.php
M libraries/sql-parser/src/Components/Key.php
M libraries/sql-parser/src/Components/Limit.php
M libraries/sql-parser/src/Components/OptionsArray.php
M libraries/sql-parser/src/Components/OrderKeyword.php
M libraries/sql-parser/src/Components/SetOperation.php
M libraries/sql-parser/src/Parser.php
M libraries/sql-parser/src/Statements/AlterStatement.php
M libraries/sql-parser/src/Statements/CreateStatement.php
M libraries/sql-parser/src/Statements/DropStatement.php
M libraries/sql-parser/src/Token.php
M libraries/sql-parser/src/Utils/Error.php
M libraries/sql-parser/src/Utils/Formatter.php
M libraries/sql-parser/src/Utils/Query.php
M libraries/tcpdf/include/tcpdf_static.php
M normalization.php
M templates/database/structure/sortable_header.phtml
M templates/table/search/input_box.phtml
M templates/table/search/rows_zoom.phtml
M test/classes/PMA_Config_test.php
Log Message:
-----------
Merge branch 'MAINT_4_5_5' into STABLE
Compare: https://github.com/phpmyadmin/phpmyadmin/compare/70103ad7773b...84a3d88fb2e4
More information about the Git
mailing list