[SECURITY] Update pMA to the latest stable 4.9.x release (4.9.5)

mehrwert · Mar 23, 2020 · 2a63dda · 2a63dda
1 parent c543909
commit 2a63dda
Showing 2,152 changed files with 1,066 additions and 1,049 deletions.
diff --git a/Classes/Backend/PmaModule.php b/Classes/Backend/PmaModule.php
@@ -69,7 +69,7 @@ public function main()
         $MCONF['name'] = 'tools_txphpmyadmin';
         $MCONF['script'] = '_DISPATCH';
         $MCONF['access'] = 'admin';
-        $MCONF['PMA_subdir'] = 'Vendor/phpMyAdmin-4.9.4-all-languages/';
+        $MCONF['PMA_subdir'] = 'Vendor/phpMyAdmin-4.9.5-all-languages/';
         $MCONF['PMA_script'] = 'index.php';
 
         $this->MCONF = $MCONF;

diff --git a/Documentation/Changelog/Index.rst b/Documentation/Changelog/Index.rst
@@ -8,6 +8,14 @@ Change Log
 
 The following is an overview of the changes in this extension. For more details `read the online log <https://github.com/mehrwert/TYPO3-phpMyAdmin>`_.
 
+2020-03-23 Andreas Beutel - Version 5.6.2
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+- [FEATURE] Updated pMA to the latest stable 4.9.x release (4.9.5)
+- [SECURITY] Includes moderate vendor security fixes
+- `PMASA-2020-4 <https://www.phpmyadmin.net/security/PMASA-2020-4/>`_: SQL injection relating to data display
+- `PMASA-2020-3 <https://www.phpmyadmin.net/security/PMASA-2020-3/>`_: SQL injection relating to searching
+- `PMASA-2020-2 <https://www.phpmyadmin.net/security/PMASA-2020-2/>`_: SQL injection with processing username
+
 2020-02-12 Andreas Beutel - Version 5.6.1
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 - [BUGFIX] Use proper Uppercase Vendor name for registerModule()

diff --git a/Documentation/Index.rst b/Documentation/Index.rst
@@ -11,7 +11,7 @@ phpMyAdmin Extension for TYPO3
       2002-11-01
 
 :Changed:
-      2020-02-08
+      2020-03-23
 
 :Changed by:
       Andreas Beutel

diff --git a/Documentation/Settings.cfg b/Documentation/Settings.cfg
@@ -4,7 +4,7 @@
 
 project     = phpMyAdmin for TYPO3
 version     = 5.5
-release     = 5.6.1
+release     = 5.6.2
 t3author    = mehrwert intermediale kommunikation GmbH
 copyright   = since 2002 by the authors
 

diff --git a/Vendor/phpMyAdmin-4.9.4-all-languages/RELEASE-DATE-4.9.4 b/Vendor/phpMyAdmin-4.9.4-all-languages/RELEASE-DATE-4.9.4
diff --git a/Vendor/phpMyAdmin-4.9.4-all-languages/locale/cs/LC_MESSAGES/phpmyadmin.mo b/Vendor/phpMyAdmin-4.9.4-all-languages/locale/cs/LC_MESSAGES/phpmyadmin.mo
diff --git a/Vendor/phpMyAdmin-4.9.4-all-languages/locale/it/LC_MESSAGES/phpmyadmin.mo b/Vendor/phpMyAdmin-4.9.4-all-languages/locale/it/LC_MESSAGES/phpmyadmin.mo
diff --git a/Vendor/phpMyAdmin-4.9.4-all-languages/locale/uk/LC_MESSAGES/phpmyadmin.mo b/Vendor/phpMyAdmin-4.9.4-all-languages/locale/uk/LC_MESSAGES/phpmyadmin.mo
diff --git a/Vendor/phpMyAdmin-4.9.4-all-languages/vendor/bin/highlight-query b/Vendor/phpMyAdmin-4.9.4-all-languages/vendor/bin/highlight-query
diff --git a/Vendor/phpMyAdmin-4.9.4-all-languages/vendor/bin/lint-query b/Vendor/phpMyAdmin-4.9.4-all-languages/vendor/bin/lint-query
diff --git a/Vendor/phpMyAdmin-4.9.4-all-languages/vendor/bin/tokenize-query b/Vendor/phpMyAdmin-4.9.4-all-languages/vendor/bin/tokenize-query
diff --git a/Vendor/phpMyAdmin-4.9.4-all-languages/vendor/composer/LICENSE b/Vendor/phpMyAdmin-4.9.4-all-languages/vendor/composer/LICENSE
diff --git a/Vendor/phpMyAdmin-4.9.4-all-languages/vendor/phpmyadmin/sql-parser/.github/stale.yml b/Vendor/phpMyAdmin-4.9.4-all-languages/vendor/phpmyadmin/sql-parser/.github/stale.yml
diff --git a/Vendor/phpMyAdmin-4.9.4-all-languages/vendor/phpmyadmin/sql-parser/.weblate b/Vendor/phpMyAdmin-4.9.4-all-languages/vendor/phpmyadmin/sql-parser/.weblate
diff --git a/Vendor/phpMyAdmin-4.9.4-all-languages/vendor/phpmyadmin/sql-parser/codecov.yml b/Vendor/phpMyAdmin-4.9.4-all-languages/vendor/phpmyadmin/sql-parser/codecov.yml
diff --git a/Vendor/phpMyAdmin-4.9.4-all-languages/vendor/phpmyadmin/sql-parser/phpcs.xml.dist b/Vendor/phpMyAdmin-4.9.4-all-languages/vendor/phpmyadmin/sql-parser/phpcs.xml.dist
diff --git a/Vendor/phpMyAdmin-4.9.4-all-languages/vendor/tecnickcom/tcpdf/VERSION b/Vendor/phpMyAdmin-4.9.4-all-languages/vendor/tecnickcom/tcpdf/VERSION
diff --git a/...in-4.9.4-all-languages/CODE_OF_CONDUCT.md → ...in-4.9.5-all-languages/CODE_OF_CONDUCT.md b/...in-4.9.4-all-languages/CODE_OF_CONDUCT.md → ...in-4.9.5-all-languages/CODE_OF_CONDUCT.md
diff --git a/...Admin-4.9.4-all-languages/CONTRIBUTING.md → ...Admin-4.9.5-all-languages/CONTRIBUTING.md b/...Admin-4.9.4-all-languages/CONTRIBUTING.md → ...Admin-4.9.5-all-languages/CONTRIBUTING.md
diff --git a/.../phpMyAdmin-4.9.4-all-languages/ChangeLog → .../phpMyAdmin-4.9.5-all-languages/ChangeLog b/.../phpMyAdmin-4.9.4-all-languages/ChangeLog → .../phpMyAdmin-4.9.5-all-languages/ChangeLog
@@ -1,6 +1,12 @@
 phpMyAdmin - ChangeLog
 ======================
 
+4.9.5 (2020-03-20)
+- issue        [security] Fix SQL injection with certain usernames (PMASA-2020-2)
+- issue        [security] Fix SQL injection in particular search situations (PMASA-2020-3)
+- issue        [security] Fix SQL injection and XSS flaw (PMASA-2020-4)
+- issue        Deprecate "options" for the external transformation; options must now be hard-coded along with the program name directly in the file.
+
 4.9.4 (2020-01-07)
 - issue #15724 Fix 2FA was disabled by a bug
 - issue        [security] Fix SQL injection vulnerability on the user accounts page (PMASA-2020-1)

diff --git a/Vendor/phpMyAdmin-4.9.4-all-languages/DCO → Vendor/phpMyAdmin-4.9.5-all-languages/DCO b/Vendor/phpMyAdmin-4.9.4-all-languages/DCO → Vendor/phpMyAdmin-4.9.5-all-languages/DCO
diff --git a/...or/phpMyAdmin-4.9.4-all-languages/LICENSE → ...or/phpMyAdmin-4.9.5-all-languages/LICENSE b/...or/phpMyAdmin-4.9.4-all-languages/LICENSE → ...or/phpMyAdmin-4.9.5-all-languages/LICENSE
diff --git a/Vendor/phpMyAdmin-4.9.4-all-languages/README → Vendor/phpMyAdmin-4.9.5-all-languages/README b/Vendor/phpMyAdmin-4.9.4-all-languages/README → Vendor/phpMyAdmin-4.9.5-all-languages/README
@@ -1,7 +1,7 @@
 phpMyAdmin - Readme
 ===================
 
-Version 4.9.4
+Version 4.9.5
 
 A web interface for MySQL and MariaDB.
 

diff --git a/Vendor/phpMyAdmin-4.9.5-all-languages/RELEASE-DATE-4.9.5 b/Vendor/phpMyAdmin-4.9.5-all-languages/RELEASE-DATE-4.9.5
@@ -0,0 +1 @@
+Sat Mar 21 04:07:24 UTC 2020
diff --git a/...r/phpMyAdmin-4.9.4-all-languages/ajax.php → ...r/phpMyAdmin-4.9.5-all-languages/ajax.php b/...r/phpMyAdmin-4.9.4-all-languages/ajax.php → ...r/phpMyAdmin-4.9.5-all-languages/ajax.php
diff --git a/...4.9.4-all-languages/browse_foreigners.php → ...4.9.5-all-languages/browse_foreigners.php b/...4.9.4-all-languages/browse_foreigners.php → ...4.9.5-all-languages/browse_foreigners.php
diff --git a/...MyAdmin-4.9.4-all-languages/changelog.php → ...MyAdmin-4.9.5-all-languages/changelog.php b/...MyAdmin-4.9.4-all-languages/changelog.php → ...MyAdmin-4.9.5-all-languages/changelog.php
diff --git a/...hpMyAdmin-4.9.4-all-languages/chk_rel.php → ...hpMyAdmin-4.9.5-all-languages/chk_rel.php b/...hpMyAdmin-4.9.4-all-languages/chk_rel.php → ...hpMyAdmin-4.9.5-all-languages/chk_rel.php
diff --git a/...MyAdmin-4.9.4-all-languages/composer.json → ...MyAdmin-4.9.5-all-languages/composer.json b/...MyAdmin-4.9.4-all-languages/composer.json → ...MyAdmin-4.9.5-all-languages/composer.json