Revisions of php5-ZendFramework
Johannes Weberhofer (weberho)
committed
(revision 60)
Johannes Weberhofer (weberho)
committed
(revision 59)
- update to 1.12.20
- ZF2016-03: The implementation of ORDER BY and GROUP BY in Zend_Db_Select
remained prone to SQL injection when a combination of SQL expressions and
comments were used. This release provides a comprehensive solution that
identifies and removes comments prior to checking validity of the statement to
ensure no SQLi vectors occur. We advise always filtering user input prior to
invoking these methods, however, to further protect your applications.
Andrej Semen (asemen)
accepted
request 408982
from
Eric Schirra (ecsos)
(revision 58)
update to 1.12.19, security and bugfix release
Dominique Leuenberger (dimstar_suse)
accepted
request 359635
from
Johannes Weberhofer (weberho)
(revision 57)
initialized devel package after accepting 359635
Johannes Weberhofer (weberho)
committed
(revision 56)
ZendFramework requires php 5.2.11+, not version 5.3
Johannes Weberhofer (weberho)
committed
(revision 54)
Fixed dependency: cache-backend-memcached requires php5-memcache instead of php5-pecl-memcache
Johannes Weberhofer (weberho)
committed
(revision 53)
- Build the APC-cache only when PHP < 5.5
- Include the extras package directly from source as it's no longer included in
the main package. Version of the extras-package is not the best, as it is
aligned to the main package
- Update to 1.12.17. Changes in this version:
- 638: Fixes null byte tests in Zend_Db_Adapter_Pdo
- 632: Updates the TLD list for Zend_Validate_Hostname to version 2015102801
SECURITY UPDATES
- ZF2015-09: Zend_Captcha_Word generates a "word" for a CAPTCHA challenge by
selecting a sequence of random letters from a character set. Prior to this
version, the selection was performed using PHP's internal array_rand()
function. This function does not generate sufficient entropy due to its
usage of rand() instead of more cryptographically secure methods such as
openssl_pseudo_random_bytes(). This could potentially lead to information
disclosure should an attacker be able to brute force the random number
generation. This release updates Zend_Crypt_Math to provide
cryptographically secure RNG, and updates Zend_Captcha_Word to use these
new facilities.
Aeneas Jaißle (aeneas_jaissle)
accepted
request 341582
from
Lars Vogdt (lrupp)
(revision 52)
- Update to 1.12.16. Changes in this version:
- #504: Cannot parse huge documents in Zend_Dom_Query
- #599: Wrong return type in DocBlock of Zend_Console_Getopt::getOption()
- #600: Undefined property $config in Zend_Http_Client_Adapter_Curl
- #604: add doccomments to Zend_Log covering its magic methods
- #606: Fix typo in Zend_Cache-Backends documentation.
- #610: Add ß (Latin small letter sharp s) to .de domain IDNA check
- #612: Zend_Validate_Hostname does not validate NTP hostnames
starting with '0' character
SECURITY UPDATES
- ZF2015-07: A number of components, including Zend_Cloud, Zend_Search_Lucene,
and Zend_Service_WindowsAzure were creating directories with a liberal
umask that could lead to local arbitrary code execution and/or local
privilege escalation. This release contains a patch that ensures the
directories are created using permissions of 0775 and files using 0664
(essentially umask 0002).
- ZF2015-08: ZF2014-06 uncovered an issue in the sqlsrv adapter provided
by the framework whereby null bytes were not filtered correctly when
generating SQL. A reporter discovered the same vulnerability is present
in our PDO implementation when used with pdo_dblib, and could potentially
be applied to other PDO adapters. This release contains a patch to properly
escape null bytes used in SQL queries across all PDO adapters shipped
with the framework.
Aeneas Jaißle (aeneas_jaissle)
accepted
request 329785
from
Aeneas Jaißle (aeneas_jaissle)
(revision 51)
Update to 1.12.15
Aeneas Jaißle (aeneas_jaissle)
accepted
request 304831
from
Johannes Weberhofer (weberho)
(revision 50)
* Version 1.12.11 * Updated PHP-version dependencies (5.2.11+) * Defined download addresses * Formatted spec with the new spec-cleaner
Tomáš Chvátal (scarabeus_factory)
accepted
request 265664
from
Aeneas Jaißle (aeneas_jaissle)
(revision 49)
New upstream release
Johannes Weberhofer (weberho)
accepted
request 233755
from
Aeneas Jaißle (aeneas_jaissle)
(revision 48)
New upstream release 1.12.6
Graham Anderson (andtecheu)
accepted
request 206899
from
Joerg Steffens (steffens)
(revision 47)
adapted for SLES11 and RedHad. SLES11 only provides PHP packages like php53-curl, so requiring php5-curl does not match. However, all packages also provide php-*, like php-curl. Adapted this spec file accordingly. Also distinguish between SUSE and non-SUSE systems, to be able to build for RHEL.
Ralf Lang (ralflangb1)
accepted
request 206295
from
Aeneas Jaißle (aeneas_jaissle)
(revision 46)
- New upstream release 1.12.3 * http://framework.zend.com/changelog/1.12.3/ * http://framework.zend.com/changelog/1.12.2/ - Removed build-tools.tar.bz2 and autoconf_manual.tar.gz (not needed) - Removed rpmlintrc from spec (no need to mention it in spec) - Enabled Db-Adapter-Firebird package - Removed (Build)Requires for php5-sqlite and php5-xmlreader
Lars Vogdt (lrupp)
accepted
request 150653
from
Aeneas Jaißle (aeneas_jaissle)
(revision 45)
Improved spec (fdupes, dos2unix, shebang)
Graham Anderson (andtecheu)
accepted
request 81108
from
Graham Anderson (andtecheu)
(revision 44)
update to latest point release and save on buil dhost resources by building manual for 11.3+ using PHD.
_service
committed
(revision 43)
generated via source service
Graham Anderson (andtecheu)
committed
(revision 42)
_service
committed
(revision 41)
generated via source service
Displaying revisions 1 - 20 of 60
