After a new installation of Mageia Cauldron, phpmyadmin does not start. We have the message in firefox : Access denied per /etc/httpd/conf/webapps.d/phpmyadmin.conf
It probably needs to be updated for the new configuration file paths in the new Apache 2.4.x in Cauldron. It should also be updated to 3.5.2.1, a security update. I'll let you decide whether to issue an update for the stable releases. The upstream security advisory hasn't been posted yet, but the release announcement has been: http://www.phpmyadmin.net/home_page/news.php#phpMyAdmin_3.5.2.1_is_released http://www.phpmyadmin.net/home_page/security/PMASA-2012-3.php
CC: (none) => luigiwalserAssignee: bugsquad => lists.jjorge
Blocks: (none) => 6954
Now another security release has been issued, 3.5.2.2. http://www.phpmyadmin.net/home_page/news.php#phpMyAdmin_3.4.11.1_and_3.5.2.2_are_released http://www.phpmyadmin.net/home_page/security/PMASA-2012-4.php
Component: RPM Packages => SecuritySummary: phpmyadmin does not work => phpmyadmin does not work and is missing an update for security issuesWhiteboard: (none) => MGA2TOO, MGA1TOO
I am back from beach, I'll provide update ASAP.
Status: NEW => ASSIGNED
I provide here updates for MGA1 and MGA2. Please tell me if I should open 2 new bug reports, I can't find what was decided about that in our policy. Advisory: ======================== Updated phpmyadmin package fixes bugs and security vulnerabilities: - [security] Fixed XSS vulnerabilities, see PMASA-2012-4 - bug #3521416 [interface] JS error when editing index - bug #3521313 [core] Call to undefined function __() - bug #3521016 [edit] NOW() function incorrectly selected - bug [GUI] Invalid HTML code on transformation_overview.php - bug #3522930 [browse] Missing validation in Ajax mode - bug Fix popup message on build SQL of import - bug #3523499 [core] Make X-WebKit-CSP work better - replace Highcharts with jqplot for query profiling, zoom search - bug #3531584 [interface] No form validation in change password dialog - bug #3531585 [interface] Broken password validation in copy user form - bug #3531586 [unterface] Add user form prints JSON when user presses enter - bug #3534121 [config] duplicate line in config.sample.inc.php - bug #3534311 [interface] Grid editing incorrectly parses ENUM/SET values - bug #3510196 [core] More clever URL rewriting with ForceSSL ======================== Updated packages in core/updates_testing: ======================== phpmyadmin-3.5.2.2-1.mga2 phpmyadmin-3.5.2.2-1.mga1 from phpmyadmin-3.5.2.2-1.mga[1-2].src.rpm
Sorry it is phpmyadmin-3.5.2.2-1.1.mga2 as a subrel was forgotten.
Assignee: lists.jjorge => qa-bugs
One bug report for both updates is ok.
CC: (none) => stormiVersion: Cauldron => 2Whiteboard: MGA2TOO, MGA1TOO => MGA1TOO
Testing on Mageia 2 x86_64, normal operations (connect, browse databases, query...): seems ok.
Whiteboard: MGA1TOO => MGA1TOO MGA2-64-OK
Hmm, newer phpmyadmin uses php-mysqli in default configuration file, but the package requires php-mysql. Isn't there a mismatch?
Whiteboard: MGA1TOO MGA2-64-OK => MGA1TOO feedback MGA2-64-OK?
testing is complete mageia 2 i586
CC: (none) => gerdroscherWhiteboard: MGA1TOO feedback MGA2-64-OK? => MGA1TOO feedback MGA2-64-OK? MGA2-32-OK
(In reply to comment #8) > Hmm, newer phpmyadmin uses php-mysqli in default configuration file, but the > package requires php-mysql. Isn't there a mismatch? I must have made a mistake somewhere. The requires is there.
Whiteboard: MGA1TOO feedback MGA2-64-OK? MGA2-32-OK => MGA1TOO MGA2-64-OK MGA2-32-OK
For Mageia I'm not mistaken: phpmyadmin complains that it doesn't find the mysqli extension, so the requires are not ok.
Whiteboard: MGA1TOO MGA2-64-OK MGA2-32-OK => MGA1TOO MGA2-64-OK MGA2-32-OK feedback
(In reply to comment #11) > For Mageia I'm not mistaken: phpmyadmin complains that it doesn't find the > mysqli extension, so the requires are not ok. Mageia 1
Adding José in CC list. The updated mga1 package seems to need a require on php-mysqli in the same way as mga2 did with the newer phpmyadmin in bug 6187. Could you have another look please José.
CC: (none) => lists.jjorge
You are right. I just submitted phpmyadmin-3.5.2.2-1.1.mga1 with the needed require.
Whiteboard: MGA1TOO MGA2-64-OK MGA2-32-OK feedback => MGA1TOO MGA2-64-OK MGA2-32-OK
Testing complete on Mageia 1 i586 and x86-64. Since php-mysqli is already in Mageia 1 Core Updates, it will not require linking. Could someone from the sysadmin team push the srpm phpmyadmin-3.5.2.2-1.1.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates and the srpm phpmyadmin-3.5.2.2-1.1.mga1.src.rpm from Mageia 1 Core Updates Testing to Core Updates. Advisory: Updated phpmyadmin package fixes bugs and security vulnerabilities: - [security] Fixed XSS vulnerabilities, see PMASA-2012-4 - bug #3521416 [interface] JS error when editing index - bug #3521313 [core] Call to undefined function __() - bug #3521016 [edit] NOW() function incorrectly selected - bug [GUI] Invalid HTML code on transformation_overview.php - bug #3522930 [browse] Missing validation in Ajax mode - bug Fix popup message on build SQL of import - bug #3523499 [core] Make X-WebKit-CSP work better - replace Highcharts with jqplot for query profiling, zoom search - bug #3531584 [interface] No form validation in change password dialog - bug #3531585 [interface] Broken password validation in copy user form - bug #3531586 [unterface] Add user form prints JSON when user presses enter - bug #3534121 [config] duplicate line in config.sample.inc.php - bug #3534311 [interface] Grid editing incorrectly parses ENUM/SET values - bug #3510196 [core] More clever URL rewriting with ForceSSL - added missing requires for php-mysqli https://bugs.mageia.org/show_bug.cgi?id=6905
Keywords: (none) => validated_updateCC: (none) => davidwhodgins, sysadmin-bugsWhiteboard: MGA1TOO MGA2-64-OK MGA2-32-OK => MGA1TOO MGA2-64-OK MGA2-32-OK MGA1-32-OK MGA1-64-OK
References: http://www.phpmyadmin.net/home_page/security/PMASA-2012-3.php http://www.phpmyadmin.net/home_page/security/PMASA-2012-4.php
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0240
Status: ASSIGNED => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED