# # spec file for package phpPgAdmin # # Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: phpPgAdmin %define lc_prj ReimuHakurei %define lc_name phppgadmin %define ap_docroot_old %{apache_serverroot}/htdocs %define ap_docroot /srv/www/phppgadmin %define ppa_config %{_sysconfdir}/%{name}/config.inc.php Summary: Administration of PostgreSQL over the web License: GPL-2.0-or-later Group: Productivity/Databases/Tools Version: 7.14.7 Release: 1.2 %define rel_version REL_7-14-7 #URL: https://github.com/phppgadmin/phppgadmin #Source0: https://github.com/%{lc_name}/%{lc_name}/releases/download/%{rel_version}/%{name}-%{version}.tar.bz2 URL: https://github.com/ReimuHakurei/phpPgAdmin Source0: %{name}-%{version}-mod.tar.gz Source1: %{name}.http Source2: %{name}.http.inc Patch0: %{name}_config.inc.patch Patch10: %{name}_appVersion.patch Patch100: csrf-samesite-fix.patch BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: apache-rpm-macros BuildRequires: fdupes Requires: php >= 7.2 Requires: php-pgsql %description phpPgAdmin is a web-based administration tool for PostgreSQL. It is perfect for PostgreSQL DBAs, newbies and hosting services. Features * Administer multiple servers * Support for PostgreSQL 9.x.x, 10.x, 11.x, 12.x, 14.x * Manage all aspects of: o Users & groups o Databases o Schemas o Tables, indexes, constraints, triggers, rules & privileges o Views, sequences & functions o Advanced objects o Reports * Easy data manipulation: o Browse tables, views & reports o Execute arbitrary SQL o Select, insert, update and delete * Dump table data in a variety of formats: SQL, COPY, XML, XHTML, CSV, Tabbed, pg_dump * Import SQL scripts, COPY data, XML, CSV and Tabbed * Supports the Slony master-slave replication engine * Excellent language support: o Available in 27 languages o No encoding conflicts. Edit Russian data using a Japanese interface! * Easy to install and configure %package apache Summary: Apache configuration for %{name} Group: Productivity/Networking/Web/Utilities BuildRequires: apache2 Requires: %{name} Requires: apache2 Requires: mod_php_any Supplements: packageand(apache2:%name) %description apache This subpackage contains the Apache configuration files %prep %setup -q -n %{name}-%{version}-mod %patch0 %patch10 %patch100 ### remove not needed files pushd lang rm -f README langcheck synch popd %build %install %{__install} -d %{buildroot}%{ap_docroot}/%{name} %{__cp} -dR *.php *.js classes help images js lang libraries plugins themes xloadtree \ %{buildroot}%{ap_docroot}/%{name} # install config to config dir %{__install} -D -m0640 conf/config.inc.php-dist \ %{buildroot}%{ppa_config} # generate file list find %{buildroot}%{ap_docroot}/%{name} -mindepth 1 -maxdepth 1 -type d | grep -v 'conf' | sed -e "s@$RPM_BUILD_ROOT@@" > FILELIST find %{buildroot}%{ap_docroot}/%{name} -maxdepth 1 -type f | grep -v 'config.inc.php-dist' | sed -e "s@$RPM_BUILD_ROOT@@" >> FILELIST # install config for apache %{__install} -D -m0644 %{S:1} %{buildroot}%{apache_sysconfdir}/conf.d/%{name}.conf %{__install} -D -m0644 %{S:2} %{buildroot}%{apache_sysconfdir}/conf.d/%{name}.inc # fix paths in http config %{__sed} -i -e "s,@ap_docroot@,%{ap_docroot},g" -e "s,@name@,%{name},g" \ -e "s,@docdir@,%{_docdir},g" -e "s,@ap_sysconfdir@,%{apache_sysconfdir},g" %{buildroot}%{apache_sysconfdir}/conf.d/%{name}.conf # rpmlint stuff %fdupes %{buildroot}%{ap_docroot}/%{name} %post apache # enable phpPgAdmin flag if [ -x %{_sbindir}/a2enflag ]; then flag_find=$(grep -cw /etc/sysconfig/apache2 -e "^APACHE_SERVER_FLAGS=.*%{name}.*") if [ $flag_find -eq 0 ]; then echo "info: adding %{name} to APACHE_SERVER_FLAGS" a2enflag %{name} fi fi # We changed ap_docroot from {ap_docroot_old} to {ap_docroot} (/srv/www/htdocs to /usr/share) # If someone did 'manually' change the config file it won't be replaced by rpm # Hence we backup the existing and place the new one find=0 find=$(grep -cw %{apache_sysconfdir}/conf.d/%{name}.conf -e "%{ap_docroot_old}/%{name}") || : if [ $find -gt 0 ]; then ap_date="$(date '+%Y%m%d-%H%M')" echo "creating backup of %{apache_sysconfdir}/conf.d/%{name}.conf to %{apache_sysconfdir}/conf.d/%{name}.conf.backup-${ap_date}" cp -a %{apache_sysconfdir}/conf.d/%{name}.conf %{apache_sysconfdir}/conf.d/%{name}.conf.backup-${ap_date} echo "copying %{apache_sysconfdir}/conf.d/%{name}.conf.rpmnew to %{apache_sysconfdir}/conf.d/%{name}.conf" cp -a %{apache_sysconfdir}/conf.d/%{name}.conf.rpmnew %{apache_sysconfdir}/conf.d/%{name}.conf fi %restart_on_update apache2 %postun apache # only do on uninstall, not on update if [ $1 -eq 0 ]; then # disable phpPgAdmin flag if [ -x %{_sbindir}/a2enflag ]; then flag_find=$(grep -cw /etc/sysconfig/apache2 -e "^APACHE_SERVER_FLAGS=.*%{name}.*") if [ $flag_find -eq 1 ]; then echo "info: removing %{name} from APACHE_SERVER_FLAGS" a2enflag -d %{name} fi fi fi %restart_on_update apache2 %files -f FILELIST %defattr(0644,root,root,0755) %doc CREDITS DEVELOPERS FAQ HISTORY TODO TRANSLATORS %license LICENSE %dir %{ap_docroot}/%{name} %dir %attr(0750,wwwrun,root) %{_sysconfdir}/%{name} %config(noreplace) %attr(0640,root,www) %{ppa_config} %files apache %config(noreplace) %{apache_sysconfdir}/conf.d/%{name}.conf %config(noreplace) %{apache_sysconfdir}/conf.d/%{name}.inc %changelog * Fri Nov 3 2023 chris@computersalat.de - Update to 7.14.6 * fix for CVE-2023-40619 (boo#1215551) * no real ChangeLog available - Changed to fork 'ReimuHakurei' - rebased patches * csrf-samesite-fix.patch * phpPgAdmin_config.inc.patch - rename phpPgAdmin-config.inc.patch to phpPgAdmin_config.inc.patch - add phpPgAdmin_appVersion.patch (remove suffix '-mod') * Mon Feb 13 2023 ecsos - Also remove subpackage apache when uninstalling the main package. * Thu Jul 14 2022 chris@computersalat.de - Fix for boo#1162794 (CVE-2019-10784) * add csrf-samesite-fix.patch taken from here: https://github.com/phppgadmin/phppgadmin/issues/94 https://github.com/phppgadmin/phppgadmin/pull/99 * Mon Dec 14 2020 ecsos - Update to 7.13.0 - Add support for Postgres 13 - Add provisional support for Postgres 14 - Upgrade Jquery library to 3.4.1 - Allow users to see group owned databases when using "owned only" - Fix bug where sorting on selects dumped you to the table screen - This release drops support for PHP 7.1 - This will be the last release to support PHP 7.2 - Put apache configuration files in separate subpackage. * Tue Dec 1 2020 pgajdos@suse.com - use system apache rpm macros * Sat Jun 20 2020 chris@computersalat.de - change ap_docroot from /srv/www/htdocs to /usr/share if phpPgAdmin.conf for apache was changed by local admin, we will create a backup and replace the original file with the new version sorry admins, but you need to apply your changes again - needed Alias /phpPgAdmin is an enabled APACHE_SERVER_FLAGS default for more info have a look into /etc/apache2/conf.d/phpPgAdmin.conf - add phpPgAdmin.http.inc - some rpmlint fixes * Mon Mar 2 2020 chris@computersalat.de - Version 7.12.1 (December 10, 2019) Features: * Add support for granting USAGE on sequences * Update French translation Bugs: * Fix issues with OID removal in Postgres 12+ * Remove broken tree branch from table/view browse option * Properly escape identifiers when browsing tables/views/schemas * Fix truncation of long multibyte strings * Clean up a number of misspellings and typos from codespell report Incompatabilities: * Require mbstring module support in PHP - Version 7.12.0 (September 28, 2019) Features * Add Support for PHP 7.x * Add Support for Postgres 12 * Update Bootstrap to version 3.3.7 (wisekeep) Bugs * Fix several issues with CSS files (wisekeep) * Clean up file permissions (nirgal) * Fixed Reflected XSS vulnerability (om3rcitak) * Fixes with sequence visbility and permission handling. Incompatabilities: * We no longer support php5 (>= 7.1) * Change in version numbering system - rebase patch * rename phpPgAdmin-4.2.3-config.inc.patch to phpPgAdmin-config.inc.patch - fix changes file * Sat Jan 19 2019 chris@computersalat.de - update to 5.6.0 - fix for boo#1094772 Distributed phpPgAdmin 5.1 does not support distributed PostgreSQL 10.3 - Released: 12th November, 2018 - Features * Add support for PostgreSQL 9.3, 9.4, 9.5, 9.6, 10, 11 * Development support for PostgreSQL 12 * Add support for brows/select navigation tabs (firzen) * Add new theme, "bootstrap" (amenadiel) * Improved support for json/jsonb - Bugs * Fix bug in Turkish translation which caused failed ajax responses * Account for Blocked field in admin processes Selenium test * Properly handle column comments * Fix background css issue * Additional language updates - Incompatabilities * Dropped testing of pre-9.3 versions of Postgres, which are now EOL - add license tag * Fri Dec 2 2016 chris@computersalat.de - udpate phpPgAdmin.http * add support for Apache 2.2/2.4 * add suppport for php7 * Wed Jan 6 2016 chris@computersalat.de - fix for boo#951002 * make http config compatible with apache 2.4 * Fri Jan 31 2014 rsalevsky@suse.com -update to 5.1 - Released: 14th April 2013 - Features * Full support for PostgreSQL 9.1 and 9.2 * New plugin architecture, including addition of several new hooks * Support nested groups of servers * Expanded test coverage in Selenium test suite * Highlight referencing fields on hovering Foriegn Key values when browsing tables * Simplified translation system implementation * Don't show cancel/kill options in process page to non-superusers * Add download ability from the History window * User queries now paginate by default - Translations * Lithuanian - Bug Fixes * Numeruous fixes for running under PHP Strict Standards * Fix an issue with autocompletion of text based Foreign Keys * Fix a bug when browsing tables with no unique key * Fix several bugs with bytea support, including possible data corruption bugs when updating rows that have bytea fields * Thu Mar 29 2012 chris@computersalat.de - update to 5.0.4 - Released: 22th March 2012 - Bug fixes. * Fix #3468882 "UPDATE single row with varchar key: empty where clause", reported by "Dirk Kraemer" * Fix XSS in function.php, reported by Mateusz Goik * Fix bug where renaming a tablespace was leading to an error * Fix a bug where clicking to "Show all schemas" on schema privilege page leads back to the latest tab used in database level * Fix a bug when executing a query from the history * Fix bad confirmation message when droping an autovacuum table setup * Fix bug #3429633 '"Back" link from "Browse" leads to error' * Fix a PHP warning when Slony conf parameters are not set * Show cancel/kill actions in process page only if role is a superuser * Some more small code cleanup and fixes. - fix for bnc#754694 (CVE-2012-1600) * https://bugzilla.novell.com/show_bug.cgi?id=754694 * Thu Oct 20 2011 chris@computersalat.de - update to 5.0.3 - Released: 3rd October 2011 - Some bug fixes. * Fix bug with enable/disable triggers on multiple triggers (Dawid 'DeyV' Polak) * Fix bug #3353670: Error when executing a report with paging * Fix bug with OpenBSD about where setting application_name using PGOPTIONS was raising an ERROR * Two security fix about code injection, reported by Mateusz Goik, fixed by ioguix * Fix character-encoding problem with autocomplete - fixes bnc#721976 (CVE-2011-3598) * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3598 * Thu May 26 2011 chris@computersalat.de - update to 5.0.2 - Released: 3rd January 2011 - Some bug fixes. * Fix a css typo & error in cappuccino theme * Fix #3139003 "Autocomplete doesn't insert value", report and patch by Aleksander Machniak * Fix bad inheritance between pg83 -> pg instead of pg83 -> pg84 in the database access classes. This bug was breaking some functionnalities with 8.3 * Fix a lot of nonstandard escaped string in the database access classes - Version 5.0.1 - Released: 14th December 2010 - Minor bug fix and update version. * Fix #3124417 "Wrong german translation", reported by schnoesel * Fix (officialy) a bug where non-super user roles cannot check ownership on objects * Add forgotten Galician language to the target "all" of lang/Makefile * Update jQuery library to current stable 1.4.4 * remove useless date from the topbar informations. This was the only place that did PHP 5.3 complain about bad timezone configuration (a non-PPA related warning). As it was a totaly useless information, we decide to remove it. - Version 5.0 - Released: 29th November 2010 - Features * Support for PostgreSQL 8.4 and 9.0 * Support for database level collation for 8.4+ * Support for schema level export * Add ability to alter schema ownership * Clean up domain support and improve interface * Add support for commenting on functions * Allow user to rename role/users and set new passwords at the same time * Greatly enhanced Full-Text-Search capabilities (ioguix, Loomis_K) * Overhauled Selenium Test suite to support multiple database versions * Optimized application graphics (Limo Driver) * Support for Column Level Privileges * Allow users to specify a template database at database creation time * Support killing processes * Add ability to create indexes concurrently * Much better support of autovacuum configuration * Add an admin page for table level * Refactored autocompletion: * fix support for cross-schema objects * support multi-field FK * support for pagination of values in the auto-complete list * Allow user to logicaly group their server under custom named node in the browser tree * New themes (Cappuccino and Gotar) and a theme switcher on the introduction page * Auto refresh Locks page * Auto refresh Processes page * Link in the bottom of the page to go to top of page * Browsing on Foreign Keys (When browsing a table, clicking on a FK value, jump to the PK row) - Bugs * Fix problems with query tracking on overly long queries * Ensure pg_dump paths are valid * Fix multiple bugs about quoting and escaping database objects names with special chars * Fix multiple bugs in the browser tree * Fix multiple bugs on the SQL and script file import form * One security fix about code injection * Don't allow inserting on a table without fields * Some fix about commenting databases * removed deprecated functions from PHP 5.3 * Lot of code cleanup * Many other small minor bugs found on our way * Fix the operator property page - Translations * Czech (Marek Cernocky) * Greek (Adamantios Diamantidis) * Brazillian Portuguese (Fernando Wendt) * Galician (Adrián Chaves Fernández) - Incompatabilities * No longer support PHP < 5.0 * No longer support Postgres < 7.4 - some spec cleanup o fix description * Fri Feb 18 2011 chris@computersalat.de - update to 4.2.3 * Fix bug where space as first character in a bytea column was removed by html renderer * Check if the given pg_dumpall / pg_dump paths are correct before using them * Fix some transalation files that had bad UTF-8 declaration, rising a warning * Fix bug with tables that contain quote in their name * support PHP 5.3 - Version 4.2.2 * Fix bug where long SQL queries get truncated * Fix createFunction method on PostgreSQL < 7.3 * Fix bug with alter schema in PostgreSQL < 7.4 * Remove alter domain for PostgreSQL < 7.4 * Fix local file inclusion vulnerability: http://www.securityfocus.com/bid/32670/ Unset language variable before determine file includes - Version 4.2.1 * Fix table icon/link disapearing when navigating between pages during column browse (ioguix) * Fix import/export links from tree menu (Denis Golovtsov, ioguix) * Fix missing language string for shared credential logout * Add missing text search functions/operators (Loomis K, xzilla) * Update FAQ info for postgres win32 releases * Fix database list error for users without connect privileges on all databases (Thomi Dammann, xzilla) - add/remove patches * remove obsolete CVE-2008-5587 patch * add config.inc patch - add http config - add some macros - fix deps - fix descr - remove changelog from spec * Tue Feb 3 2009 max@suse.de - Added phpPgAdmin-CVE-2008-5587.patch to fix a directory traversal vulnerability (bnc#462762). * Tue Apr 8 2008 tpatzig@suse.de - update to Version 4.2 * Add Analyze to Table Level Actions (ioguix) * Add support for multiple actions on main pages (ioguix, Robert Treat) * Added favicon for Mozilla and a backwards compatible version for IE. * Allow browsers to save different usernames and passwords for different servers. * Pagination selection available for reports * You can configure reports db, schema and table names * Add support for creating a table using an exsting one (ioguix) * Auto-expand a node in the tree browser if there are no other nodes (Tomasz Pala) * Add column about fields constraints type + links in table properties page (ioguix) * Support for built-in Full Text Search (Ivan Zolotukhin) * Addd alter name, owner & comment on views (ioguix) * Add column about called procedure + links to their definition in the triggers properties page (ioguix) * Add Support for Enum type creation (ioguix,xzilla) * Add alter name, owner, comment and properties for sequences (ioguix) * Add function costing options (xzilla) * Add alter owner & schema on function (xzilla) * Add a popup window for the session requests history (karl, ioguix) * Add alter table, view, sequence schema (ioguix) * several bugfixes * Sat Aug 4 2007 tpatzig@suse.de - update to Version 4.1.3 * Send encrypted passwords over the wire wherever possible. * Alter sequence, nextval and setval (Guillaume) * Autovacuum configuration support (Robert Treat) * Basic ROLE support (Chris Kings-Lynne, Javier Carlos) * Add support for SSL connections (Eric Kinolik) * Display Prepared Transactions (Javier Carlos) * Add automatic lookup of foreign key values in insert/update fields (John Jawed) * several bugfixes * Wed Oct 18 2006 tpatzig@suse.de - initial build of phpPgAdmin Version 4.0.1