Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP4
php7.33467
php7.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File php7.changes of Package php7.33467
------------------------------------------------------------------- Tue Jun 11 12:54:14 UTC 2024 - pgajdos@suse.com - security update - added patches fix CVE-2024-5458 [bsc#1226073], filter bypass in filter_var FILTER_VALIDATE_URL + php7-CVE-2024-5458.patch ------------------------------------------------------------------- Fri Apr 19 08:50:46 UTC 2024 - pgajdos@suse.com - security update - added patches fix CVE-2024-2756 [bsc#1222857], host/secure cookie bypass due to partial fix + php7-CVE-2024-2756.patch fix CVE-2024-3096 [bsc#1222858], password_verify can erroneously return true, opening ATO risk + php7-CVE-2024-3096.patch ------------------------------------------------------------------- Wed Aug 23 12:53:43 UTC 2023 - pgajdos@suse.com - security update - added patches fix CVE-2023-3823 [bsc#1214106], XML loading external entity without being enabled + php7-CVE-2023-3823.patch fix CVE-2023-3824 [bsc#1214103], buffer overflows in phar_dir_read() + php7-CVE-2023-3824.patch ------------------------------------------------------------------- Thu Jun 15 07:56:47 UTC 2023 - pgajdos@suse.com - security update - added patches fix CVE-2023-3247 [bsc#1212349], Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP + php7-CVE-2023-3247.patch ------------------------------------------------------------------- Tue Mar 21 13:09:17 UTC 2023 - pgajdos@suse.com - security update - added patches fix CVE-2022-4900 [bsc#1209537], potential buffer overflow via PHP_CLI_SERVER_WORKERS environment variable + php7-CVE-2022-4900.patch ------------------------------------------------------------------- Tue Mar 14 10:04:22 UTC 2023 - pgajdos@suse.com - fix potential buffer overflow [bsc#1208199] - modified patches % php-systzdata-v19.patch (refreshed) ------------------------------------------------------------------- Fri Feb 17 11:20:55 UTC 2023 - pgajdos@suse.com - security update - added patches fix CVE-2023-0568 [bsc#1208366], NULL byte off-by-one in php_check_specific_open_basedir + php7-CVE-2023-0568.patch fix CVE-2023-0662 [bsc#1208367], DoS vulnerability when parsing multipart request body + php7-CVE-2023-0662.patch https://github.com/php/php-src/commit/a92acbad873a05470af1a47cb785a18eadd827b5, relates to CVE-2023-0567 [bsc#1208388] + php7-crypt-possible-buffer-overread.patch ------------------------------------------------------------------- Mon Jan 9 13:53:03 UTC 2023 - pgajdos@suse.com - security update - added patches fix CVE-2022-31631 [bsc#1206958], Due to an integer overflow PDO:quote() may return unquoted string + php7-CVE-2022-31631.patch ------------------------------------------------------------------- Thu Nov 3 10:36:04 UTC 2022 - pgajdos@suse.com - version update to 7.4.33 [bsc#1204577][bsc#1204979] 03 Nov 2022 GD: Fixed bug #81739: OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630) Hash: Fixed bug #81738: buffer overflow in hash_update() on long parameter. (CVE-2022-37454) ------------------------------------------------------------------- Mon Oct 3 11:00:44 UTC 2022 - pgajdos@suse.com - version update to 7.4.32 [jsc#SLE-23639] Version 7.4.32 29 Sep 2022 Core: Fixed bug #81726: phar wrapper: DOS when using quine gzip file. (CVE-2022-31628) Fixed bug #81727: Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. (CVE-2022-31629) Version 7.4.30 09 Jun 2022 mysqlnd: Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626) pgsql: Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625) Version 7.4.29 14 Apr 2022 Core: No source changes to this release. This update allows for re-building the Windows binaries against upgraded dependencies which have received security updates. Date: Updated to latest IANA timezone database (2022a). Version 7.4.28 17 Feb 2022 Filter: Fix #81708: UAF due to php_filter_float() failing for ints (CVE-2021-21708) Version 7.4.27 16 Dec 2021 Core: Fixed bug #81626 (Error on use static:: in __сallStatic() wrapped to Closure::fromCallable()). FPM: Fixed bug #81513 (Future possibility for heap overflow in FPM zlog). GD: Fixed bug #71316 (libpng warning from imagecreatefromstring). OpenSSL: Fixed bug #75725 (./configure: detecting RAND_egd). PCRE: Fixed bug #74604 (Out of bounds in php_pcre_replace_impl). Standard: Fixed bug #81618 (dns_get_record fails on FreeBSD for missing type). Fixed bug #81659 (stream_get_contents() may unnecessarily overallocate). Version 7.4.26 18 Nov 2021 Core: Fixed bug #81518 (Header injection via default_mimetype / default_charset). Date: Fixed bug #81500 (Interval serialization regression since 7.3.14 / 7.4.2). MBString: Fixed bug #76167 (mbstring may use pointer from some previous request). MySQLi: Fixed bug #81494 (Stopped unbuffered query does not throw error). PCRE: Fixed bug #81424 (PCRE2 10.35 JIT performance regression). Streams: Fixed bug #54340 (Memory corruption with user_filter). XML: Fixed bug #79971 (special character is breaking the path in xml function). (CVE-2021-21707) Version 7.4.25 21 Oct 2021 DOM: Fixed bug #81433 (DOMElement::setIdAttribute() called twice may remove ID). FFI: Fixed bug #79576 ("TYPE *" shows unhelpful message when type is not defined). Fileinfo: Fixed bug #78987 (High memory usage during encoding detection). Filter: Fixed bug #61700 (FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing). FPM: Fixed bug #81026 (PHP-FPM oob R/W in root process leading to privilege escalation) (CVE-2021-21703). SPL: Fixed bug #80663 (Recursive SplFixedArray::setSize() may cause double-free). Streams: Fixed bug #81475 (stream_isatty emits warning with attached stream wrapper). XML: Fixed bug #70962 (XML_OPTION_SKIP_WHITE strips embedded whitespace). Zip: Fixed bug #81490 (ZipArchive::extractTo() may leak memory). Fixed bug #77978 (Dirname ending in colon unzips to wrong dir). Version 7.4.24 23 Sep 2021 Core: Fixed bug #81302 (Stream position after stream filter removed). Fixed bug #81346 (Non-seekable streams don't update position after write). Fixed bug #73122 (Integer Overflow when concatenating strings). (CVE-2017-8923) GD: Fixed bug #53580 (During resize gdImageCopyResampled cause colors change). Opcache: Fixed bug #81353 (segfault with preloading and statically bound closure). Shmop: Fixed bug #81407 (shmop_open won't attach and causes php to crash). Standard: Fixed bug #71542 (disk_total_space does not work with relative paths). Fixed bug #81400 (Unterminated string in dns_get_record() results). SysVMsg: Fixed bug #78819 (Heap Overflow in msg_send). XML: Fixed bug #81351 (xml_parse may fail, but has no error code). Zip: Fixed bug #81420 (ZipArchive::extractTo extracts outside of destination). (CVE-2021-21706) Version 7.4.23 26 Aug 2021 Core: Fixed bug #72595 (php_output_handler_append illegal write access). Fixed bug #66719 (Weird behaviour when using get_called_class() with call_user_func()). Fixed bug #81305 (Built-in Webserver Drops Requests With "Upgrade" Header). BCMath: Fixed bug #78238 (BCMath returns "-0"). CGI: Fixed bug #80849 (HTTP Status header truncation). GD: Fixed bug #51498 (imagefilledellipse does not work for large circles). MySQLi: Fixed bug #74544 (Integer overflow in mysqli_real_escape_string()). OpenSSL: Fixed bug #81327 (Error build openssl extension on php 7.4.22). PDO_ODBC: Fixed bug #81252 (PDO_ODBC doesn't account for SQL_NO_TOTAL). Phar: Fixed bug #81211: Symlinks are followed when creating PHAR archive.(cmb) Shmop: Fixed bug #81283 (shmop can't read beyond 2147483647 bytes). Standard: Fixed bug #72146 (Integer overflow on substr_replace). Fixed bug #81265 (getimagesize returns 0 for 256px ICO images). Fixed bug #74960 (Heap buffer overflow via str_repeat). Streams: Fixed bug #81294 (Segfault when removing a filter). Version 7.4.22 29 Jul 2021 Core: Fixed bug #81145 (copy() and stream_copy_to_stream() fail for +4GB files). Fixed bug #81163 (incorrect handling of indirect vars in __sleep). Fixed bug #80728 (PHP built-in web server resets timeout when it can kill the process). Fixed bug #73630 (Built-in Webserver - overwrite $_SERVER['request_uri']). Fixed bug #80173 (Using return value of zend_assign_to_variable() is not safe). Fixed bug #73226 (--r[fcez] always return zero exit code). Intl: Fixed bug #72809 (Locale::lookup() wrong result with canonicalize option). Fixed bug #68471 (IntlDateFormatter fails for "GMT+00:00" timezone). Fixed bug #74264 (grapheme_strrpos() broken for negative offsets). OpenSSL: Fixed bug #52093 (openssl_csr_sign truncates $serial). PCRE: Fixed bug #81101 (PCRE2 10.37 shows unexpected result). Fixed bug #81243 (Too much memory is allocated for preg_replace()). Standard: Fixed bug #81223 (flock() only locks first byte of file). Version 7.4.21 01 Jul 2021 Core: Fixed bug #81068 (Double free in realpath_cache_clean()). Fixed bug #76359 (open_basedir bypass through adding ".."). Fixed bug #81090 (Typed property performance degradation with .= operator). Fixed bug #81070 (Integer underflow in memory limit comparison). Fixed bug #81122 (SSRF bypass in FILTER_VALIDATE_URL). (CVE-2021-21705) Bzip2: Fixed bug #81092 (fflush before stream_filter_remove corrupts stream). OpenSSL: Fixed bug #76694 (native Windows cert verification uses CN as server name). PDO_Firebird: Fixed bug #76448 (Stack buffer overflow in firebird_info_cb). (CVE-2021-21704) Fixed bug #76449 (SIGSEGV in firebird_handle_doer). (CVE-2021-21704) Fixed bug #76450 (SIGSEGV in firebird_stmt_execute). (CVE-2021-21704) Fixed bug #76452 (Crash while parsing blob data in firebird_fetch_blob). (CVE-2021-21704) Standard: Fixed bug #81048 (phpinfo(INFO_VARIABLES) "Array to string conversion"). Version 7.4.20 03 Jun 2021 Core: Fixed bug #80929 (Method name corruption related to repeated calls to call_user_func_array). Fixed bug #80960 (opendir() warning wrong info when failed on Windows). Fixed bug #67792 (HTTP Authorization schemes are treated as case-sensitive). Fixed bug #80972 (Memory exhaustion on invalid string offset). FPM: Fixed bug #65800 (Events port mechanism). FTP: Fixed bug #80901 (Info leak in ftp extension). Fixed bug #79100 (Wrong FTP error messages). GD: Fixed bug #81032 (GD install is affected by external libgd installation). MBString: Fixed bug #81011 (mb_convert_encoding removes references from arrays). ODBC: Fixed bug #80460 (ODBC doesn't account for SQL_NO_TOTAL indicator). PDO_MySQL: Fixed bug #81037 (PDO discards error message text from prepared statement). PDO_ODBC: Fixed bug #44643 (bound parameters ignore explicit type definitions). pgsql: Fixed php_pgsql_fd_cast() wrt. php_stream_can_cast(). SPL: Fixed bug #80933 (SplFileObject::DROP_NEW_LINE is broken for NUL and CR). Opcache: Fixed bug #80900 (switch statement behavior inside function). Fixed bug #81015 (Opcache optimization assumes wrong part of ternary operator in if-condition). XMLReader: Fixed bug #73246 (XMLReader: encoding length not checked). Zip: Fixed bug #80863 (ZipArchive::extractTo() ignores references). Version 7.4.19 06 May 2021 PDO_pgsql: Reverted bug fix for #80892 (PDO::PARAM_INT is treated the same as PDO::PARAM_STR). Version 7.4.18 29 Apr 2021 Core: Fixed bug #80781 (Error handler that throws ErrorException infinite loop). Fixed bug #75776 (Flushing streams with compression filter is broken). Dba: Fixed bug #80817 (dba_popen() may cause segfault during RSHUTDOWN). DOM: Fixed bug #66783 (UAF when appending DOMDocument to element). FPM: Fixed bug #80024 (Duplication of info about inherited socket after pool removing). FTP: Fixed bug #80880 (SSL_read on shutdown, ftp/proc_open). Imap: Fixed bug #80710 (imap_mail_compose() header injection). Intl: Fixed bug #80763 (msgfmt_format() does not accept DateTime references). LibXML: Fixed bug #51903 (simplexml_load_file() doesn't use HTTP headers). Fixed bug #73533 (Invalid memory access in php_libxml_xmlCheckUTF8). MySQLnd: Fixed bug #80713 (SegFault when disabling ATTR_EMULATE_PREPARES and MySQL 8.0). Fixed bug #80837 (Calling stmt_store_result after fetch doesn't throw an error). Fixed bug #78680 (mysqlnd's mysql_clear_password does not transmit null-terminated password). Opcache: Fixed bug #80805 (create simple class and get error in opcache.so). Fixed bug #80950 (Variables become null in if statements). Pcntl: Fixed bug #79812 (Potential integer overflow in pcntl_exec()). PCRE: Fixed bug #80866 (preg_split ignores limit flag when pattern with \K has 0-width fullstring match). PDO_ODBC: Fixed bug #80783 (PDO ODBC truncates BLOB records at every 256th byte). PDO_pgsql: Fixed bug #80892 (PDO::PARAM_INT is treated the same as PDO::PARAM_STR). phpdbg: Fixed bug #80757 (Exit code is 0 when could not open file). Session: Fixed bug #80774 (session_name() problem with backslash). Fixed bug #80889 (Cannot set save handler when save_handler is invalid). SOAP: Fixed bug #69668 (SOAP special XML characters in namespace URIs not encoded). Standard: Fixed bug #78719 (http wrapper silently ignores long Location headers). Fixed bug #80771 (phpinfo(INFO_CREDITS) displays nothing in CLI). Fixed bug #80838 (HTTP wrapper waits for HTTP 1 response after HTTP 101). Fixed bug #80915 (Taking a reference to $_SERVER hides its values from phpinfo()). Fixed bug #80654 (file_get_contents() maxlen fails above (2**31)-1 bytes). MySQLi: Fixed bug #74779 (x() and y() truncating floats to integers). OPcache: Fixed bug #80682 (opcache doesn't honour pcre.jit option). OpenSSL: Fixed bug #80747 (Providing RSA key size < 512 generates key that crash PHP). Phar: Fixed bug #75850 (Unclear error message wrt. __halt_compiler() w/o semicolon) (cmb) Fixed bug #70091 (Phar does not mark UTF-8 filenames in ZIP archives). Fixed bug #53467 (Phar cannot compress large archives). SPL: Fixed bug #80719 (Iterating after failed ArrayObject::setIteratorClass() causes Segmentation fault). Zip: Fixed bug #80648 (Fix for bug 79296 should be based on runtime version). Version 7.4.16 04 Mar 2021 Core: Fixed bug #80706 (mail(): Headers after Bcc headers may be ignored). MySQLnd: Fixed bug #78680 (mysqlnd's mysql_clear_password does not transmit null-terminated password). MySQLi: Fixed bug #74779 (x() and y() truncating floats to integers). OPcache: Fixed bug #80682 (opcache doesn't honour pcre.jit option). OpenSSL: Fixed bug #80747 (Providing RSA key size < 512 generates key that crash PHP). Phar: Fixed bug #75850 (Unclear error message wrt. __halt_compiler() w/o semicolon) (cmb) Fixed bug #70091 (Phar does not mark UTF-8 filenames in ZIP archives). Fixed bug #53467 (Phar cannot compress large archives). SPL: Fixed bug #80719 (Iterating after failed ArrayObject::setIteratorClass() causes Segmentation fault). Standard: Fixed bug #80654 (file_get_contents() maxlen fails above (2**31)-1 bytes). Zip: Fixed bug #80648 (Fix for bug 79296 should be based on runtime version). Version 7.4.15 04 Feb 2021 Core: Fixed bug #80523 (bogus parse error on >4GB source code). Fixed bug #80384 (filter buffers entire read until file closed). Curl: Fixed bug #80595 (Resetting POSTFIELDS to empty array breaks request). Date: Fixed bug #80376 (last day of the month causes runway cpu usage. MySQLi: Fixed bug #67983 (mysqlnd with MYSQLI_OPT_INT_AND_FLOAT_NATIVE fails to interpret bit columns). Fixed bug #64638 (Fetching resultsets from stored procedure with cursor fails). Fixed bug #72862 (segfault using prepared statements on stored procedures that use a cursor). Fixed bug #77935 (Crash in mysqlnd_fetch_stmt_row_cursor when calling an SP with a cursor). Phar: Fixed bug #77565 (Incorrect locator detection in ZIP-based phars). Fixed bug #69279 (Compressed ZIP Phar extractTo() creates garbage files). SOAP: Fixed bug #80672 (Null Dereference in SoapClient). (CVE-2021-21702) Version 7.4.14 07 Jan 2021 Core: Fixed bug #74558 (Can't rebind closure returned by Closure::fromCallable()). Fixed bug #80345 (PHPIZE configuration has outdated PHP_RELEASE_VERSION). Fixed bug #72964 (White space not unfolded for CC/Bcc headers). Fixed bug #80362 (Running dtrace scripts can cause php to crash). Fixed bug #80393 (Build of PHP extension fails due to configuration gap with libtool). Fixed bug #80402 (configure filtering out -lpthread). Fixed bug #77069 (stream filter loses final block of data). Fileinfo: Fixed bug #77961 (finfo_open crafted magic parsing SIGABRT). FPM: Fixed bug #69625 (FPM returns 200 status on request without SCRIPT_FILENAME env). Intl: Fixed bug #80425 (MessageFormatAdapter::getArgTypeList redefined). OpenSSL: Fixed bug #80368 (OpenSSL extension fails to build against LibreSSL due to lack of OCB support). Phar: Fixed bug #73809 (Phar Zip parse crash - mmap fail). Fixed bug #75102 (`PharData` says invalid checksum for valid tar). Fixed bug #77322 (PharData::addEmptyDir('/') Possible integer overflow). PDO MySQL: Fixed bug #80458 (PDOStatement::fetchAll() throws for upsert queries). Fixed bug #63185 (nextRowset() ignores MySQL errors with native prepared statements). Fixed bug #78152 (PDO::exec() - Bad error handling with multiple commands). Fixed bug #70066 (Unexpected "Cannot execute queries while other unbuffered queries"). Fixed bug #71145 (Multiple statements in init command triggers unbuffered query error). Fixed bug #76815 (PDOStatement cannot be GCed/closeCursor-ed when a PROCEDURE resultset SIGNAL). Standard: Fixed bug #77423 (FILTER_VALIDATE_URL accepts URLs with invalid userinfo). (CVE-2020-7071) Fixed bug #80366 (Return Value of zend_fstat() not Checked). Fixed bug #80411 (References to null-serialized object break serialize()). Tidy: Fixed bug #77594 (ob_tidyhandler is never reset). Zlib: Fixed bug #48725 (Support for flushing in zlib stream). Version 7.4.13 26 Nov 2020 Core: Fixed bug #80280 (ADD_EXTENSION_DEP() fails for ext/standard and ext/date). Fixed bug #80258 (Windows Deduplication Enabled, randon permission errors). COM: Fixed bug #62474 (com_event_sink crashes on certain arguments). DOM: Fixed bug #80268 (loadHTML() truncates at NUL bytes). FFI: Fixed bug #79177 (FFI doesn't handle well PHP exceptions within callback). IMAP: Fixed bug #64076 (imap_sort() does not return FALSE on failure). Fixed bug #76618 (segfault on imap_reopen). Fixed bug #80239 (imap_rfc822_write_address() leaks memory). Fixed minor regression caused by fixing bug #80220. Fixed bug #80242 (imap_mail_compose() segfaults for multipart with rfc822). MySQLi: Fixed bug #79375 (mysqli_store_result does not report error from lock wait timeout). Fixed bug #76525 (mysqli::commit does not throw if MYSQLI_REPORT_ERROR enabled and mysqlnd used). Fixed bug #72413 (mysqlnd segfault (fetch_row second parameter typemismatch)). ODBC: Fixed bug #44618 (Fetching may rely on uninitialized data). Opcache: Fixed bug #79643 (PHP with Opcache crashes when a file with specific name is included). Fixed run-time binding of preloaded dynamically declared function. OpenSSL: Fixed bug #79983 (openssl_encrypt / openssl_decrypt fail with OCB mode). PDO MySQL: Fixed bug #66528 (No PDOException or errorCode if database becomes unavailable before PDO::commit). Fixed bug #65825 (PDOStatement::fetch() does not throw exception on broken server connection). SNMP: Fixed bug #70461 (disable md5 code when it is not supported in net-snmp). Standard: Fixed bug #80266 (parse_url silently drops port number 0). Version 7.4.12 29 Oct 2020 Core: Fixed bug #80061 (Copying large files may have suboptimal performance). Fixed bug #79423 (copy command is limited to size of file it can copy). Fixed bug #80126 (Covariant return types failing compilation). Fixed bug #80186 (Segfault when iterating over FFI object). Calendar: Fixed bug #80185 (jdtounix() fails after 2037). IMAP: Fixed bug #80213 (imap_mail_compose() segfaults on certain $bodies). Fixed bug #80215 (imap_mail_compose() may modify by-val parameters). Fixed bug #80220 (imap_mail_compose() may leak memory). Fixed bug #80223 (imap_mail_compose() leaks envelope on malformed bodies). Fixed bug #80216 (imap_mail_compose() does not validate types/encodings). Fixed bug #80226 (imap_sort() leaks sortpgm memory). MySQLnd: Fixed bug #80115 (mysqlnd.debug doesn't recognize absolute paths with slashes). Fixed bug #80107 (mysqli_query() fails for ~16 MB long query when compression is enabled). ODBC: Fixed bug #78470 (odbc_specialcolumns() no longer accepts $nullable). Fixed bug #80147 (BINARY strings may not be properly zero-terminated). Fixed bug #80150 (Failure to fetch error message). Fixed bug #80152 (odbc_execute() moves internal pointer of $params). Fixed bug #46050 (odbc_next_result corrupts prepared resource). OPcache: Fixed bug #80083 (Optimizer pass 6 removes variables used for ibm_db2 data binding). Fixed bug #80194 (Assertion failure during block assembly of unreachable free with leading nop). PCRE: Updated to PCRE 10.35. Fixed bug #80118 (Erroneous whitespace match with JIT only). PDO_ODBC: Fixed bug #67465 (NULL Pointer dereference in odbc_handle_preparer). Standard: Fixed bug #80114 (parse_url does not accept URLs with port 0). Fixed bug #76943 (Inconsistent stream_wrapper_restore() errors). Fixed bug #76735 (Incorrect message in fopen on invalid mode). Tidy: Fixed bug #77040 (tidyNode::isHtml() is completely broken). Version 7.4.11 01 Oct 2020 Core: Fixed bug #79699 (PHP parses encoded cookie names so malicious `__Host-` cookies can be sent). (CVE-2020-7070) Fixed bug #79979 (passing value to by-ref param via CUFA crashes). Fixed bug #80037 (Typed property must not be accessed before initialization when __get() declared). Fixed bug #80048 (Bug #69100 has not been fixed for Windows). Fixed bug #80049 (Memleak when coercing integers to string via variadic argument). Calendar: Fixed bug #80007 (Potential type confusion in unixtojd() parameter parsing). COM: Fixed bug #64130 (COM obj parameters passed by reference are not updated). OPcache: Fixed bug #80002 (calc free space for new interned string is wrong). Fixed bug #80046 (FREE for SWITCH_STRING optimized away). Fixed bug #79825 (opcache.file_cache causes SIGSEGV when custom opcode handlers changed). OpenSSL: Fixed bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV). (CVE-2020-7069) PDO: Fixed bug #80027 (Terrible performance using $query->fetch on queries with many bind parameters). SOAP: Fixed bug #47021 (SoapClient stumbles over WSDL delivered with "Transfer-Encoding: chunked"). Standard: Fixed bug #79986 (str_ireplace bug with diacritics characters). Fixed bug #80077 (getmxrr test bug). Fixed bug #72941 (Modifying bucket->data by-ref has no effect any longer). Fixed bug #80067 (Omitting the port in bindto setting errors). Version 7.4.10 03 Sep 2020 Core: Fixed bug #79884 (PHP_CONFIG_FILE_PATH is meaningless). Fixed bug #77932 (File extensions are case-sensitive). Fixed bug #79806 (realpath() erroneously resolves link to link). Fixed bug #79895 (PHP_CHECK_GCC_ARG does not allow flags with equal sign). Fixed bug #79919 (Stack use-after-scope in define()). Fixed bug #79934 (CRLF-only line in heredoc causes parsing error). Fixed bug #79947 (Memory leak on invalid offset type in compound assignment). COM: Fixed bug #48585 (com_load_typelib holds reference, fails on second call). Exif: Fixed bug #75785 (Many errors from exif_read_data). Gettext: Fixed bug #70574 (Tests fail due to relying on Linux fallback behavior for gettext()). LDAP: Fixed memory leaks. OPcache: Fixed bug #73060 (php failed with error after temp folder cleaned up). Fixed bug #79917 (File cache segfault with a static variable in inherited method). PDO: Fixed bug #64705 (errorInfo property of PDOException is null when PDO::__construct() fails). Session: Fixed bug #79724 (Return type does not match in ext/session/mod_mm.c). Standard: Fixed bug #79930 (array_merge_recursive() crashes when called with array with single reference). Fixed bug #79944 (getmxrr always returns true on Alpine linux). Fixed bug #79951 (Memory leak in str_replace of empty string). XML: Fixed bug #79922 (Crash after multiple calls to xml_parser_free()). Version 7.4.9 06 Aug 2020 Apache: Fixed bug #79030 (Upgrade apache2handler's php_apache_sapi_get_request_time to return usec). COM: Fixed bug #63208 (BSTR to PHP string conversion not binary safe). Fixed bug #63527 (DCOM does not work with Username, Password parameter). Core: Fixed bug #79740 (serialize() and unserialize() methods can not be called statically). Fixed bug #79783 (Segfault in php_str_replace_common). Fixed bug #79778 (Assertion failure if dumping closure with unresolved static variable). Fixed bug #79779 (Assertion failure when assigning property of string offset by reference). Fixed bug #79792 (HT iterators not removed if empty array is destroyed). Fixed bug #78598 (Changing array during undef index RW error segfaults). Fixed bug #79784 (Use after free if changing array during undef var during array write fetch). Fixed bug #79793 (Use after free if string used in undefined index warning is changed). Fixed bug #79862 (Public non-static property in child should take priority over private static). Fixed bug #79877 (getimagesize function silently truncates after a null byte) (cmb) Fileinfo: Fixed bug #79756 (finfo_file crash (FILEINFO_MIME)). FTP: Fixed bug #55857 (ftp_size on large files). Mbstring: Fixed bug #79787 (mb_strimwidth does not trim string). Phar: Fixed bug #79797 (Use of freed hash key in the phar_parse_zipfile function). (CVE-2020-7068) Reflection: Fixed bug #79487 (::getStaticProperties() ignores property modifications). Fixed bug #69804 (::getStaticPropertyValue() throws on protected props). Fixed bug #79820 (Use after free when type duplicated into ReflectionProperty gets resolved). Standard: Fixed bug #70362 (Can't copy() large 'data://' with open_basedir). Fixed bug #78008 (dns_check_record() always return true on Alpine). Fixed bug #79839 (array_walk() does not respect property types). Version 7.4.8 09 Jul 2020 Core: Fixed bug #79595 (zend_init_fpu() alters FPU precision). Fixed bug #79650 (php-win.exe 100% cpu lockup). Fixed bug #79668 (get_defined_functions(true) may miss functions). Fixed bug #79683 (Fake reflection scope affects __toString()). Fixed possibly unsupported timercmp() usage. Exif: Fixed bug #79687 (Sony picture - PHP Warning - Make, Model, MakerNotes). Fileinfo: Fixed bug #79681 (mime_content_type/finfo returning incorrect mimetype). Filter: Fixed bug #73527 (Invalid memory access in php_filter_strip). GD: Fixed bug #79676 (imagescale adds black border with IMG_BICUBIC). OpenSSL: Fixed bug #62890 (default_socket_timeout=-1 causes connection to timeout). PDO SQLite: Fixed bug #79664 (PDOStatement::getColumnMeta fails on empty result set). phpdbg: Fixed bug #73926 (phpdbg will not accept input on restart execution). Fixed bug #73927 (phpdbg fails with windows error prompt at "watch array"). Fixed several mostly Windows related phpdbg bugs. SPL: Fixed bug #79710 (Reproducible segfault in error_handler during GC involved an SplFileObject). Standard: Fixed bug #74267 (segfault with streams and invalid data). Version 7.4.7 11 Jun 2020 Core: Fixed bug #79599 (coredump in set_error_handler). Fixed bug #79566 (Private SHM is not private on Windows). Fixed bug #79489 (.user.ini does not inherit). Fixed bug #79600 (Regression in 7.4.6 when yielding an array based generator). Fixed bug #79657 ("yield from" hangs when invalid value encountered). FFI: Fixed bug #79571 (FFI: var_dumping unions may segfault). GD: Fixed bug #79615 (Wrong GIF header written in GD GIFEncode). MySQLnd: Fixed bug #79596 (MySQL FLOAT truncates to int some locales). Opcache: Fixed bug #79588 (Boolean opcache settings ignore on/off values). Fixed bug #79548 (Preloading segfault with inherited method using static variable). Fixed bug #79603 (RTD collision with opcache). Standard: Fixed bug #79561 (dns_get_record() fails with DNS_ALL). - fixes [bsc#1203867] and [bsc#1203870] - modified patches % php-no-build-date.patch (refreshed) % php7-arm-build-fixes.patch (refreshed) - deleted patches - php-fix_net-snmp_disable_MD5.patch (upstreamed) - php-odbc-cmp-int-cast.patch (not needed, dropped from factory as well, see last comment of https://bugs.php.net/bug.php?id=52554) - php7-CVE-2017-8923.patch (upstreamed) - php7-CVE-2020-7068.patch (upstreamed) - php7-CVE-2020-7069.patch (upstreamed) - php7-CVE-2020-7070.patch (upstreamed) - php7-CVE-2020-7071.patch (upstreamed) - php7-CVE-2021-21702.patch (upstreamed) - php7-CVE-2021-21703.patch (upstreamed) - php7-CVE-2021-21704.patch (upstreamed) - php7-CVE-2021-21705.patch (upstreamed) - php7-CVE-2021-21707.patch (upstreamed) - php7-CVE-2021-21708.patch (upstreamed) - php7-CVE-2022-31625.patch (upstreamed) - php7-CVE-2022-31626.patch (upstreamed) ------------------------------------------------------------------- Mon Jun 20 09:26:12 UTC 2022 - pgajdos@suse.com - security update - added patches fix CVE-2022-31625 [bsc#1200645], uninitialized pointers free in Postgres extension + php7-CVE-2022-31625.patch ------------------------------------------------------------------- Mon Jun 20 06:59:25 UTC 2022 - pgajdos@suse.com - security update - added patches fix CVE-2022-31626 [bsc#1200628], buffer overflow via user-supplied password when using pdo_mysql extension with mysqlnd driver + php7-CVE-2022-31626.patch ------------------------------------------------------------------- Fri May 6 11:56:41 UTC 2022 - pgajdos@suse.com - security update [bsc#1197644] - added patches fix https://github.com/php/php-src/commit/771dbdb319fa7f90584f6b2cc2c54ccff570492d + php7-signedness-php_filter_validate_domain.patch ------------------------------------------------------------------- Tue Feb 22 10:35:01 UTC 2022 - pgajdos@suse.com - security update - added patches fix CVE-2021-21708 [bsc#1196252], Use after free due to php_filter_float() failing for ints + php7-CVE-2021-21708.patch ------------------------------------------------------------------- Mon Feb 14 20:14:41 UTC 2022 - pgajdos@suse.com - security update - added patches fix CVE-2017-8923 [bsc#1038980], denial of service (application crash) by using .= with a long string (zend_string_extend func in Zend/zend_string.h) + php7-CVE-2017-8923.patch ------------------------------------------------------------------- Fri Nov 26 10:50:27 UTC 2021 - pgajdos@suse.com - security update - added patches fix CVE-2021-21707 [bsc#1193041], special character breaks path in xml parsing + php7-CVE-2021-21707.patch ------------------------------------------------------------------- Fri Oct 29 09:07:08 UTC 2021 - pgajdos@suse.com - security update - added patches fix CVE-2021-21703 [bsc#1192050], Local privilege escalation via PHP-FPM + php7-CVE-2021-21703.patch ------------------------------------------------------------------- Mon Oct 4 10:59:24 UTC 2021 - pgajdos@suse.com - added patches [bsc#1175508] fix https://github.com/php/php-src/pull/7428 + php7-bsc1175508.patch ------------------------------------------------------------------- Mon Aug 2 13:01:48 UTC 2021 - pgajdos@suse.com - security update - added patches fix CVE-2021-21704 [bsc#1188035], security issues in pdo_firebase module + php7-CVE-2021-21704.patch ------------------------------------------------------------------- Fri Jul 9 14:40:47 UTC 2021 - pgajdos@suse.com - security update - added patches fix CVE-2021-21705 [bsc#1188037], SSRF bypass in FILTER_VALIDATE_URL + php7-CVE-2021-21705.patch ------------------------------------------------------------------- Thu Feb 11 10:52:26 UTC 2021 - pgajdos@suse.com - security update - added patches fix CVE-2021-21702 [bsc#1182049], NULL pointer dereference in SoapClient + php7-CVE-2021-21702.patch ------------------------------------------------------------------- Mon Jan 11 12:02:58 UTC 2021 - pgajdos@suse.com - security update - added patches fix CVE-2020-7071 [bsc#1180706], FILTER_VALIDATE_URL accepts URLs with invalid userinfo + php7-CVE-2020-7071.patch ------------------------------------------------------------------- Fri Oct 9 11:07:42 UTC 2020 - pgajdos@suse.com - security update - added patches fix CVE-2020-7069 [bsc#1177351], when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is used + php7-CVE-2020-7069.patch fix CVE-2020-7070 [bsc#1177352], Percent-encoded cookies can be used to overwrite existing prefixed cookie names + php7-CVE-2020-7070.patch ------------------------------------------------------------------- Thu Aug 13 14:01:39 UTC 2020 - pgajdos@suse.com - security update - added patches fix CVE-2020-7068 [bsc#1175223], Use of freed hash key in the phar_parse_zipfile function + php7-CVE-2020-7068.patch ------------------------------------------------------------------- Thu Jul 9 13:13:48 UTC 2020 - pgajdos@suse.com - Use /run/php-fpm instead of /run/php - modified sources % php-fpm.tmpfiles.d ------------------------------------------------------------------- Thu Jul 9 12:23:52 UTC 2020 - pgajdos@suse.com - do not install %{_tmpfilesdir}, %{_tmpfilesdir}/php-fpm.conf in test favour ------------------------------------------------------------------- Mon Jul 6 21:21:45 UTC 2020 - Daniel Molkentin <daniel.molkentin@suse.com> - added tmpfiles.d for php-fpm to provide a base base for a socket (boo#1173786) ------------------------------------------------------------------- Thu May 14 09:05:51 UTC 2020 - Arjen de Korte <suse+build@de-korte.org> - updated to 7.4.6: This is a security release which also contains several bug fixes. See https://www.php.net/ChangeLog-7.php#7.4.6 ------------------------------------------------------------------- Wed May 13 11:42:01 UTC 2020 - pgajdos@suse.com - added patches build fixes in SLE12 + php7-arm-build-fixes.patch ------------------------------------------------------------------- Tue May 12 13:28:05 UTC 2020 - pgajdos@suse.com - added to SLE-12 [jsc#SLE-12474] ------------------------------------------------------------------- Tue May 12 13:11:31 UTC 2020 - pgajdos@suse.com - spec file usable under SLE12 again and better prepared for phpM -> phpMN transition ------------------------------------------------------------------- Mon May 11 09:59:41 UTC 2020 - pgajdos@suse.com - added to SLE-15-SP2 [jsc#SLE-12482], including fixes for: CVE-2020-7063 [bsc#1165289] CVE-2020-7062 [bsc#1165280] CVE-2019-11046, CVE-2019-11050, CVE-2019-11047, CVE-2019-11045 ------------------------------------------------------------------- Tue Apr 14 14:40:32 UTC 2020 - Arjen de Korte <suse+build@de-korte.org> - updated to 7.4.5: This is a security release which also contains several bug fixes. See https://www.php.net/ChangeLog-7.php#7.4.5 ------------------------------------------------------------------- Thu Apr 2 11:14:13 UTC 2020 - pgajdos@suse.com - remove Berkeley DB Database support [jsc#SLE-12210] ------------------------------------------------------------------- Fri Mar 20 07:39:34 UTC 2020 - pgajdos@suse.com - build firebird extension in any case ------------------------------------------------------------------- Tue Mar 17 19:48:01 UTC 2020 - Arjen de Korte <suse+build@de-korte.org> - updated to 7.4.4: This is a security release which also contains several bug fixes. See https://www.php.net/ChangeLog-7.php#7.4.4 ------------------------------------------------------------------- Thu Mar 12 08:47:27 UTC 2020 - Martin Liška <mliska@suse.cz> - Enable LTO as it works now (boo#1133275). ------------------------------------------------------------------- Wed Feb 19 09:11:21 UTC 2020 - Arjen de Korte <suse+build@de-korte.org> - updated to 7.4.3: This is a security release which also contains several bug fixes. See https://www.php.net/ChangeLog-7.php#7.4.3 ------------------------------------------------------------------- Mon Feb 10 16:25:11 UTC 2020 - pgajdos@suse.com - add %apache_rex_deps ------------------------------------------------------------------- Thu Jan 23 11:08:54 UTC 2020 - Arjen de Korte <suse+build@de-korte.org> - updated to 7.4.2: This is a security release which also contains several bug fixes. See https://www.php.net/ChangeLog-7.php#7.4.2 ------------------------------------------------------------------- Wed Dec 18 13:35:41 UTC 2019 - Arjen de Korte <suse+build@de-korte.org> - updated to 7.4.1: This is a security release which also contains several bug fixes. See https://www.php.net/ChangeLog-7.php#7.4.1 - deleted patches - php-fix-mysqlnd-compression-library.patch - php-fpm-service-fails-to-start.patch ------------------------------------------------------------------- Tue Dec 10 13:24:53 UTC 2019 - pgajdos@suse.com - php7-devel requires glibc-devel, libxml2-devel, pcre2-devel again ------------------------------------------------------------------- Thu Dec 5 09:27:35 UTC 2019 - Arjen de Korte <suse+build@de-korte.org> - relax systemd restrictions for FPM as they were too strict in some applications - change leftover Requires php7-<extension> to php-<extension> - remove external libraries from -devel subpackage - added patches + php-fpm-service-fails-to-start.patch ------------------------------------------------------------------- Thu Nov 28 10:16:27 UTC 2019 - Arjen de Korte <suse+build@de-korte.org> - update to 7.4.0: * Typed Properties * Arrow Functions * Limited Return Type Covariance and Argument Type Contravariance * Unpacking Inside Arrays * Numeric Literal Separator * Weak References * Allow Exceptions from __toString() * Opcache Preloading * The interbase and wddx extensions are removed and now available through PECL * PEAR is now packaged separately in php7-pear source package (https://externals.io/message/103977) * See https://www.php.net/ChangeLog-7.php#7.4.0 for a complete list of changes - deleted patches - php-suse-addons.tar.bz - php-systzdata-v18.patch - added patches + php-fix-mysqlnd-compression-library.patch + php-systzdata-v19.patch + mod_php7.conf - modified files/patches % php-no-build-date.patch % php-systemd-unit.patch % php7.keyring (use keys of the PHP-7.4 release managers) % php7.rpmlintrc ------------------------------------------------------------------- Tue Nov 19 09:50:52 UTC 2019 - pgajdos@suse.com - added to SLE-15-SP2 [SLE-10860], fixes CVE-2019-11043 [bsc#1154999] CVE-2019-11041 [bsc#1146360] CVE-2019-11042 [bsc#1145095] CVE-2019-11039 [bsc#1138173] CVE-2019-11040 [bsc#1138172] CVE-2019-11036 [bsc#1134322] CVE-2019-11034 [bsc#1132838] CVE-2019-11035 [bsc#1132837] CVE-2019-9637 [bsc#1128892] CVE-2019-9675 [bsc#1128886] CVE-2019-9638 [bsc#1128889], CVE-2019-9639 [bsc#1128887] CVE-2019-9640 [bsc#1128883] CVE-2019-9024 [bsc#1126821] CVE-2019-9020 [bsc#1126711] CVE-2018-20783 [bsc#1127122] CVE-2019-9021 [bsc#1126713] CVE-2019-9022 [bsc#1126827] CVE-2019-9023 [bsc#1126823] CVE-2019-9641 [bsc#1128722] CVE-2018-19935 [bsc#1118832] CVE-2018-17082 [bsc#1108753] CVE-2018-1000222 [bsc#1105434] CVE-2018-14851 [bsc#1103659] CVE-2017-9120 [bsc#1103661] CVE-2018-12882 [bsc#1099098] [bsc#1151793] ------------------------------------------------------------------- Tue Nov 12 13:09:18 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org> - Do not add the generic provides to the php7-test package. ------------------------------------------------------------------- Fri Oct 25 06:53:03 UTC 2019 - pgajdos@suse.com - version update to 7.3.11: This is a security release which also contains several bug fixes. See https://www.php.net/ChangeLog-7.php#7.3.11 ------------------------------------------------------------------- Fri Oct 4 08:59:49 UTC 2019 - pgajdos@suse.com - provide test results via multibuild :test - added sources + _multibuild ------------------------------------------------------------------- Mon Sep 30 10:50:11 UTC 2019 - pgajdos@suse.com - remove pcre.jit=0 setting default as https://bugs.php.net/bug.php?id=77260 is solved on pcre2 side [bsc#1124446] - modified patches % php-ini.patch (amended) ------------------------------------------------------------------- Sun Sep 29 19:42:58 UTC 2019 - suse+build@de-korte.org - updated to 7.3.10: This is a security release which also contains several bug fixes. See https://www.php.net/ChangeLog-7.php#7.3.10 ------------------------------------------------------------------- Sat Aug 31 08:48:00 UTC 2019 - suse+build@de-korte.org - updated to 7.3.9: This is a security release which also contains several bug fixes. See https://www.php.net/ChangeLog-7.php#7.3.9 ------------------------------------------------------------------- Sat Aug 3 08:34:12 UTC 2019 - suse+build@de-korte.org - updated to 7.3.8: This is a security release which also contains several bug fixes. See https://www.php.net/ChangeLog-7.php#7.3.8 ------------------------------------------------------------------- Thu Jul 4 10:19:13 UTC 2019 - suse+build@de-korte.org - updated to 7.3.7: This is a bug fix release. See https://www.php.net/ChangeLog-7.php#7.3.7 ------------------------------------------------------------------- Thu May 30 11:10:18 UTC 2019 - suse+build@de-korte.org - updated to 7.3.6: This is a security release which also contains several bug fixes. See https://www.php.net/ChangeLog-7.php#7.3.6 ------------------------------------------------------------------- Wed May 29 13:40:11 UTC 2019 - pgajdos@suse.com - check via apache-rex ------------------------------------------------------------------- Fri May 24 09:41:59 UTC 2019 - pgajdos@suse.com - build for 42.3 ------------------------------------------------------------------- Thu May 2 18:21:17 UTC 2019 - suse+build@de-korte.org - updated to 7.3.5: This is a security release which also contains several bug fixes. See https://www.php.net/ChangeLog-7.php#7.3.5 ------------------------------------------------------------------- Wed Apr 24 17:31:04 UTC 2019 - Martin Liška <mliska@suse.cz> - Disable LTO (boo#1133275). ------------------------------------------------------------------- Thu Apr 4 19:41:37 UTC 2019 - suse+build@de-korte.org - updated to 7.3.4: This is a security release which also contains several bug fixes. See https://www.php.net/ChangeLog-7.php#7.3.4 ------------------------------------------------------------------- Fri Mar 15 14:49:16 UTC 2019 - pgajdos@suse.com - upstream bug #41631 is already fixed [bsc#1129032] - deleted sources - README.default_socket_timeout (not needed) ------------------------------------------------------------------- Fri Mar 8 10:13:08 UTC 2019 - pgajdos@suse.com - updated to 7.3.3: This is a security release which also contains several bug fixes. See http://www.php.net/ChangeLog-7.php#7.3.3 - deleted patches - php-systzdata-v17.patch (upstreamed) - added patches + php-systzdata-v18.patch (thanks to remirepo) ------------------------------------------------------------------- Tue Mar 5 11:36:22 UTC 2019 - pgajdos@suse.com - asan_build: build ASAN included - debug_build: build more suitable for debugging ------------------------------------------------------------------- Thu Feb 28 15:38:40 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com> - Disable tests that do deadlock now with curl update, this is fixed in next release 7.3.3 thus reenable here when released ------------------------------------------------------------------- Thu Feb 28 08:53:18 UTC 2019 - pgajdos@suse.com - rename php7-*.patch to more general php-#1.patch why: this aligns with maintenance patch names, which are in changelogs comfortably copied over php72, php7, php5, php53; moreover, php$N prefix causes issues when package is renamed, e. g. php7 to php72 - deleted patches - php7-crypt-tests.patch - php7-date-regenerate-lexers.patch - php7-embed.patch - php7-fix_net-snmp_disable_MD5.patch - php7-ini.patch - php7-no-build-date.patch - php7-odbc-cmp-int-cast.patch - php7-openssl.patch - php7-php-config.patch - php7-phpize.patch - php7-pts.patch - php7-systemd-unit.patch - php7-systzdata-v17.patch - added patches + php-crypt-tests.patch + php-date-regenerate-lexers.patch + php-embed.patch + php-fix_net-snmp_disable_MD5.patch + php-ini.patch + php-no-build-date.patch + php-odbc-cmp-int-cast.patch + php-openssl.patch + php-php-config.patch + php-phpize.patch + php-pts.patch + php-systemd-unit.patch + php-systzdata-v17.patch ------------------------------------------------------------------- Mon Feb 25 11:15:56 UTC 2019 - pgajdos@suse.com - fix wrongly ported patch, using the one from remirepo (Thanks!) [bsc#1126449] - modified patches % php7-systzdata-v17.patch ------------------------------------------------------------------- Wed Feb 13 09:33:43 UTC 2019 - Petr Gajdos <pgajdos@suse.com> - updated to version 7.3.2: This is a bugfix release, with several bug fixes included. See http://php.net/ChangeLog-7.php#7.3.2 - php7-systzdata-v16.patch modified and renamed to php7-systzdata-v17.patch ------------------------------------------------------------------- Thu Feb 7 08:29:10 UTC 2019 - Petr Gajdos <pgajdos@suse.com> - set pcre.jit=0 until https://bugs.php.net/bug.php?id=77260 is solved [bsc#1124446] ------------------------------------------------------------------- Thu Jan 31 21:40:40 UTC 2019 - Arjen de Korte <suse+build@de-korte.org> - spec file cleanup * add BuildRequires gpg2 * remove outdated README.SUSE-pear - Squirrelmail uses PDO instead of DB now by default * remove outdated php7-depdb-path.patch - Horde packages no longer build so need to be fixed anyway - update php7.rpmlintrc to suppress warnings that aren't fixable and drown out other warnings ------------------------------------------------------------------- Wed Jan 30 14:11:38 UTC 2019 - Arjen de Korte <suse+build@de-korte.org> - provide the version of PEAR, rather than the PHP version in php-pear ------------------------------------------------------------------- Wed Jan 30 11:37:06 UTC 2019 - Arjen de Korte <suse+build@de-korte.org> - configure cache_dir, metadata_dir and sig_bin through PHP_PEAR_* exports ------------------------------------------------------------------- Tue Jan 29 12:44:12 UTC 2019 - Arjen de Korte <suse+build@de-korte.org> - remove install-pear-nozlib.phar (the bundled and tested version from the PHP sources is fresh enough for our purposes) - merge back php7-pear-Archive_Tar in php7-pear - rename cache_dir to pear and create it ------------------------------------------------------------------- Tue Jan 22 22:18:39 UTC 2019 - Arjen de Korte <suse+build@de-korte.org> - fix php7.spec typos ------------------------------------------------------------------- Tue Jan 22 19:27:09 UTC 2019 - Petr Gajdos <pgajdos@suse.com> - verify install-pear-nozlib.phar ------------------------------------------------------------------- Tue Jan 22 09:35:00 UTC 2019 - Arjen de Korte <suse+build@de-korte.org> - update install-pear-nozlib.phar to version 1.10.10 * switch source to GitHub * provides Archive_Tar 1.4.4 (fixes CVE-2018-1000888) ------------------------------------------------------------------- Mon Jan 14 13:23:19 UTC 2019 - Petr Gajdos <pgajdos@suse.com> - update to 7.3.1: This is a security release which also contains several bug fixes. See http://php.net/ChangeLog-7.php - remove suhosin stuff ------------------------------------------------------------------- Sun Dec 30 15:00:24 UTC 2018 - Cristian Rodríguez <crrodriguez@opensuse.org> - Support LMDB in php7-dba, it is advisable to use it instead of bdb. ------------------------------------------------------------------- Thu Dec 20 18:31:58 UTC 2018 - Cristian Rodríguez <crodriguez@owncloud.com> - Update php7-pts.patch: open slave_pty using TIOCGPTPEER if available instead of the name returned by ptsname() so it is safe to use when interacting with namespaces. ------------------------------------------------------------------- Thu Dec 20 18:30:27 UTC 2018 - Cristian Rodríguez <crodriguez@owncloud.com> - update install-pear-nozlib.phar to its latest version, otherwise pecl stops working due to protocol switch http -> https ------------------------------------------------------------------- Wed Dec 19 11:33:08 UTC 2018 - Martin Pluskal <mpluskal@suse.com> - Mark testresults package as noarch ------------------------------------------------------------------- Thu Dec 13 13:49:59 UTC 2018 - Martin Pluskal <mpluskal@suse.com> - Enable testsuite during build time and save log to subpackage testresults (boo#1119396) ------------------------------------------------------------------- Mon Dec 10 13:03:49 UTC 2018 - Cristian Rodríguez <crrodriguez@opensuse.org> - update to pcre2 broke building third party modules, php7-devel needs pcre-devel --> pcre2-devel change. ------------------------------------------------------------------- Mon Dec 10 09:20:01 UTC 2018 - Petr Gajdos <pgajdos@suse.com> - update to 7.3.0: * Improved PHP GC * Add net_get_interfaces() * Implemented flexible heredoc and nowdoc syntax * Added support for references in list() and array destructuring * Added syslog.facility and syslog.ident INI entries for customizing syslog logging * The declaration and use of case-insensitive constants has been deprecated * Added syslog.filter INI entry for syslog filtering * Added the 'add_slashes' sanitization mode * Added support for WebP in imagecreatefromstring() * Export internal structures and accessor helpers for GMP object. * Added gmp_binomial(n, k) * Added gmp_lcm(a, b) * Added gmp_perfect_power(a) * Added gmp_kronecker(a, b) * Added JSON_THROW_ON_ERROR flag * Added ldap_exop_refresh helper for EXOP REFRESH operation with dds overlay * Added full support for sending and parsing ldap controls * Removed support for ODBCRouter * Removed support for Birdstep * Added openssl_pkey_derive function * Add min_proto_version and max_proto_version ssl stream options as well as related constants for possible TLS protocol values * Migrated to PCRE2 * Expose TDS version as \PDO::DBLIB_ATTR_TDS_VERSION attribute on \PDO instance * Treat DATETIME2 columns like DATETIME * Added is_countable() function * Added support for the SameSite cookie directive, including an alternative signature for setcookie(), setrawcookie() and session_set_cookie_params() * Many bugfixes and other changes, see http://php.net/ChangeLog-7.php#7.3.0 - patch changes % php7-ini.patch % php7-no-build-date.patch % php7-odbc-cmp-int-cast.patch - php7-honor-re2c-flags.patch (upstreamed) ------------------------------------------------------------------- Mon Dec 10 08:35:11 UTC 2018 - Petr Gajdos <pgajdos@suse.com> - update to 7.2.13: This is a security release. http://php.net/ChangeLog-7.php ------------------------------------------------------------------- Fri Nov 16 08:40:23 UTC 2018 - Petr Gajdos <pgajdos@suse.com> - core package recommends instead of requires smtp_daemon [bsc#1115213] ------------------------------------------------------------------- Fri Nov 9 15:41:53 UTC 2018 - Petr Gajdos <pgajdos@suse.com> - update to 7.2.12: This is a bugfix release. http://php.net/ChangeLog-7.php - forward ported: % php7-crypt-tests.patch % php7-honor-re2c-flags.patch % php7-odbc-cmp-int-cast.patch ------------------------------------------------------------------- Mon Oct 15 08:12:51 UTC 2018 - Petr Gajdos <pgajdos@suse.com> - update to 7.2.11: This is a bugfix release. http://php.net/ChangeLog-7.php ------------------------------------------------------------------- Mon Sep 17 13:09:37 UTC 2018 - Petr Gajdos <pgajdos@suse.com> - updated to 7.2.10: This is a security release which also contains several minor bug fixes. http://php.net/ChangeLog-7.php ------------------------------------------------------------------- Mon Sep 17 12:56:27 UTC 2018 - Petr Gajdos <pgajdos@suse.com> - reenable php7-dba support of Berkeley DB [bsc#1108554] ------------------------------------------------------------------- Tue Sep 11 13:52:52 UTC 2018 - Petr Gajdos <pgajdos@suse.com> - remove Supplements: packageand(%{apache_mmn}:%{name}) from Apache httpd module as I do not see the reason why system that have php7 and apache2 installed should get the module automatically as well. This had a drawback of selecting apache2-prefork while # zypper in apache2-worker The following 5 NEW packages are going to be installed: apache2 apache2-mod_php7 apache2-prefork apache2-utils apache2-worker # because apache2-mod_php7 Requires: apache2-prefork. ------------------------------------------------------------------- Fri Aug 17 07:40:33 UTC 2018 - pgajdos@suse.com - updated to 7.2.9: This is a bugfix release. http://php.net/ChangeLog-7.php ------------------------------------------------------------------- Fri Aug 3 14:10:48 UTC 2018 - pgajdos@suse.com - updated to 7.2.8: This is a security release which also contains several minor bug fixes. http://php.net/ChangeLog-7.php#7.2.8 ------------------------------------------------------------------- Tue Jun 26 09:56:39 UTC 2018 - pgajdos@suse.com - updated to 7.2.7: A Bugfix release which includes a segfault fix for opcache. http://php.net/ChangeLog-7.php#7.2.7 ------------------------------------------------------------------- Thu Jun 7 09:18:56 UTC 2018 - pgajdos@suse.com - actually build against system gd for 42.3, made a bold comment [bsc#1074025c#5] ------------------------------------------------------------------- Tue May 29 09:29:57 UTC 2018 - pgajdos@suse.com - fix build for SLE12, where %license does not exist ------------------------------------------------------------------- Tue May 29 07:46:46 UTC 2018 - pgajdos@suse.com - updated to 7.2.6: Bugfix release which includes a memory corruption fix for EXIF. http://php.net/ChangeLog-7.php#7.2.6 ------------------------------------------------------------------- Fri May 25 09:20:15 UTC 2018 - idonmez@suse.com - Remove php7-freetype-pkgconfig.patch as it seems to break Freetype detection on some systems bsc#1094534 ------------------------------------------------------------------- Tue May 15 09:40:24 UTC 2018 - pgajdos@suse.com - main package requires wwwrun:www user [bsc#1093025] ------------------------------------------------------------------- Thu May 10 06:12:13 UTC 2018 - pgajdos@suse.com - better workaround for [bsc#1089487]: build mod_phpN.so instead of libphpN.so ------------------------------------------------------------------- Wed May 9 10:42:18 UTC 2018 - pgajdos@suse.com - rename freetype-pkgconfig.patch to php7-freetype-pkgconfig.patch to align with the rest of patch names ------------------------------------------------------------------- Mon May 7 10:25:58 UTC 2018 - idonmez@suse.com - Add freetype-pkgconfig.patch to fix build with new Freetype: use pkg-config to find Freetype libraries ------------------------------------------------------------------- Mon Apr 30 11:08:29 UTC 2018 - pgajdos@suse.com - updated to 7.2.5: This is a security release which also contains several minor bug fixes. http://php.net/ChangeLog-7.php#7.2.5 ------------------------------------------------------------------- Thu Apr 19 06:49:03 UTC 2018 - pgajdos@suse.com - build-test.sh: generic spec file name ------------------------------------------------------------------- Mon Apr 16 09:26:55 UTC 2018 - pgajdos@suse.com - apache2-mod_php7 does not provide libphp7.so [bsc#1089487] ------------------------------------------------------------------- Wed Apr 4 11:00:14 UTC 2018 - pgajdos@suse.com - updated to 7.2.4: This is a security release with also contains several minor bug fixes. http://php.net/ChangeLog-7.php#7.2.4 - php7-no-build-date.patch refreshed ------------------------------------------------------------------- Mon Mar 26 12:37:16 UTC 2018 - pgajdos@suse.com - build firebird extension only for openSUSE (sle15 requirement) ------------------------------------------------------------------- Tue Mar 20 14:15:11 UTC 2018 - guillaume.gardet@opensuse.org - Fix build for %arm and aarch64 ------------------------------------------------------------------- Fri Mar 16 08:18:26 UTC 2018 - pgajdos@suse.com - drop imap extension [bsc#1084461] ------------------------------------------------------------------- Sat Mar 10 11:11:04 UTC 2018 - dimstar@opensuse.org - BuildRequire pkgconfig(enchant) instead of enchant-devel: enchant is moving to version 2.2, with an enchant-1 as compatibility package. By using the pkgconfig symbol, we don't have to care for the actual package name. ------------------------------------------------------------------- Fri Mar 9 16:52:13 UTC 2018 - pgajdos@suse.com - updated to 7.2.3: This is a security release with also contains several minor bug fixes. http://php.net/ChangeLog-7.php#7.2.3 - removed upstreamed php7-pgsql-memory-leak.patch - php7-systzdata-v15.patch refreshed and renamed to php7-systzdata-v16.patch ------------------------------------------------------------------- Thu Feb 22 19:46:08 UTC 2018 - crrodriguez@opensuse.org - php7-honor-re2c-flags.patch: honor RE2C_FLAGS everywhere. - remove generated lexers so they are recreated at build time ------------------------------------------------------------------- Thu Feb 22 18:46:32 UTC 2018 - crrodriguez@opensuse.org - php7-date-regenerate-lexers.patch: honor RE2C_FLAGS ------------------------------------------------------------------- Thu Feb 22 14:49:53 UTC 2018 - crrodriguez@opensuse.org - Support password_hash("...", PASSWORD_ARGON2I), buildrequire libargon2 in supported products. ------------------------------------------------------------------- Mon Feb 19 18:39:04 UTC 2018 - crrodriguez@opensuse.org - Remove buildRequires on: * libevent-devel: php7-fpm does not use it. * pam-devel: not used - Add buildrequire on zlib-devel explicitly. - libvpx is not needed but libwebp is, only when not building against system gd. xft likewise. ------------------------------------------------------------------- Mon Feb 19 09:30:33 UTC 2018 - pgajdos@suse.com - fixed memory leak in pgsql extension, php function pg_escape_bytea https://bugs.php.net/bug.php?id=75838 [bsc#1076970] (internal) + php7-pgsql-memory-leak.patch ------------------------------------------------------------------- Wed Feb 7 17:50:36 UTC 2018 - pgajdos@suse.com - updated to 7.2.2: This is a bugfix release, with several bug fixes included. http://php.net/ChangeLog-7.php#7.2.2 ------------------------------------------------------------------- Fri Jan 26 08:38:46 UTC 2018 - pgajdos@suse.com - do not build against system gd when suse_version < 1500 ------------------------------------------------------------------- Tue Jan 23 09:24:31 UTC 2018 - pgajdos@suse.com - fix build for SLE12* ------------------------------------------------------------------- Tue Jan 9 14:09:38 UTC 2018 - pgajdos@suse.com - updated to 7.2.1: Several security bugs were fixed in this release. http://php.net/ChangeLog-7.php#7.2.1 ------------------------------------------------------------------- Tue Jan 2 08:57:46 UTC 2018 - pgajdos@suse.com - build against newer webp [bsc#1074121] ------------------------------------------------------------------- Fri Dec 15 10:45:08 UTC 2017 - pgajdos@suse.com - build with SLE12* ------------------------------------------------------------------- Mon Dec 11 09:12:20 UTC 2017 - pgajdos@suse.com - updated to 7.2.0: features and improvements: * Convert numeric keys in object/array casts * Counting of non-countable objects * Object typehint * HashContext as Object * Argon2 in password hash * Improve TLS constants to sane values * Mcrypt extension removed * New sodium extension - patches: . php7-systzdata-v14.patch transformed to php7-systzdata-v15.patch . removed upstreamed php7-aarch64-mult.patch ------------------------------------------------------------------- Mon Nov 27 08:35:48 UTC 2017 - pgajdos@suse.com - updated to 7.1.12: This is a bugfix release, with several bug fixes included. ------------------------------------------------------------------- Wed Nov 1 16:06:00 UTC 2017 - bluemer.mark@gmail.com - Add php-cli as provides to php7 ------------------------------------------------------------------- Fri Oct 27 08:54:26 UTC 2017 - pgajdos@suse.com - updated to 7.1.11: This is a bugfix release, with several bug fixes included. ------------------------------------------------------------------- Wed Oct 4 09:57:14 UTC 2017 - pgajdos@suse.com - fixed installation of wrong cli [bsc#1061555] ------------------------------------------------------------------- Sat Sep 30 10:31:53 UTC 2017 - jengelh@inai.de - Update not-so-useful repeated package summaries. Update the descriptions to have a bit more explanation. Replace old tar syntax. ------------------------------------------------------------------- Wed Sep 27 11:47:22 UTC 2017 - pgajdos@suse.com - build and ship embed SAPI + php7-embed.patch ------------------------------------------------------------------- Wed Sep 27 07:35:51 UTC 2017 - pgajdos@suse.com - updated to 7.1.10: Several bugs have been fixed, see https://secure.php.net/ChangeLog-7.php for details ------------------------------------------------------------------- Tue Sep 12 08:43:11 UTC 2017 - pgajdos@suse.com - aarch64-mult.patch renamed to php7-aarch64-mult.patch ------------------------------------------------------------------- Mon Sep 4 17:22:08 UTC 2017 - pgajdos@suse.com - php7-devel requires php7-pear [bsc#1057104] ------------------------------------------------------------------- Fri Sep 1 11:20:58 UTC 2017 - jweberhofer@weberhofer.at - Changes related to boo#1056822 - New packaging macros in macros.php: %php_pearxmldir, %pear_phpdir, %pear_phpdir, %pear_testdir, %pear_datadir, %pear_cfgdir, %pear_wwwdir, %pear_metadir, %pecl_phpdir, %pecl_docdir, %pecl_testdir, %pecl_datadir - Updated packaging documentation in README.macros ------------------------------------------------------------------- Thu Aug 31 16:57:08 UTC 2017 - ilya@ilya.pp.ua - Updated to 7.1.9: Several bugs have been fixed. * ChangeLog https://secure.php.net/ChangeLog-7.php#7.1.9 ------------------------------------------------------------------- Mon Aug 14 08:47:33 UTC 2017 - pgajdos@suse.com - added /usr/bin/php7 [bsc#734176] ------------------------------------------------------------------- Mon Aug 7 08:03:06 UTC 2017 - jweberhofer@weberhofer.at - php7-pear should explicitly require php7-pear-Archive_Tar otherwise this dependency must be declared in every php7-pear-* package explicitly. [bnc#1052389] ------------------------------------------------------------------- Wed Aug 2 20:18:24 UTC 2017 - ilya@ilya.pp.ua - Updated to 7.1.8: Several bugs have been fixed. * ChangeLog https://secure.php.net/ChangeLog-7.php#7.1.8 ------------------------------------------------------------------- Wed Jul 26 23:41:38 UTC 2017 - ilya@ilya.pp.ua - Replace %__-type macro indirections. ------------------------------------------------------------------- Fri Jul 21 12:18:43 UTC 2017 - pgajdos@suse.com - date extension: regenerate lexers when needed + php7-date-regenerate-lexers.patch ------------------------------------------------------------------- Mon Jul 17 08:23:55 UTC 2017 - pgajdos@suse.com - dropped mcrypt extension [fate#323673] ------------------------------------------------------------------- Mon Jul 17 08:14:37 UTC 2017 - pgajdos@suse.com - updated to 7.1.7: This is a security release with several bug fixes included. ------------------------------------------------------------------- Mon Jul 3 18:47:39 UTC 2017 - tchvatal@suse.com - Drop sle11 support as we are not building against it anymore - Remove php7-BNC-457056.patch that was applied on sle11 only - Remove dependency on imap-devel, it is not used - Switch spell from aspell to enchant, dropping pspell subpackage - Remove unknown switch options from php cli build - Drop support for berkleydb format, by default there are more supported solutions built in php - Use %configure macro in the build phases ------------------------------------------------------------------- Fri Jun 9 09:06:38 UTC 2017 - pgajdos@suse.com - updated to 7.1.6: Several bugs have been fixed. ------------------------------------------------------------------- Fri May 12 09:29:13 UTC 2017 - 13ilya@gmail.com - Updated to 7.1.5: Several bugs have been fixed. * ChangeLog https://secure.php.net/ChangeLog-7.php#7.1.5 ------------------------------------------------------------------- Sat Apr 15 05:29:15 UTC 2017 - 13ilya@gmail.com - Updated to 7.1.4: Several bugs have been fixed. * ChangeLog https://secure.php.net/ChangeLog-7.php#7.1.4 ------------------------------------------------------------------- Fri Mar 17 19:20:14 UTC 2017 - 13ilya@gmail.com - Updated to 7.1.3: Several bugs have been fixed. * ChangeLog https://secure.php.net/ChangeLog-7.php#7.1.3 ------------------------------------------------------------------- Fri Mar 17 16:52:25 UTC 2017 - kukuk@suse.com - Don't install the init script if we use systemd ------------------------------------------------------------------- Mon Feb 20 08:08:37 UTC 2017 - pgajdos@suse.com - updated to 7.1.2: Several bugs have been fixed. - deleted php7-getrandom-test.patch, upstreamed ------------------------------------------------------------------- Tue Feb 14 12:34:36 UTC 2017 - pgajdos@suse.com - updated to 7.1.1: This release is the first point release in the 7.x series. PHP 7.1 comes with numerous improvements and new features such as * Nullable types * Void return type * Iterable pseudo-type * Class constant visiblity modifiers * Square bracket syntax for list() and the ability to specify keys in list() * Catching multiple exceptions types * Many more features and changes… - migration: http://php.net/manual/en/migration71.php - php7-systzdata-v13.patch replaced by php7-systzdata-v14.patch ------------------------------------------------------------------- Thu Feb 2 08:55:33 UTC 2017 - pgajdos@suse.com - suggest php7-* instead of php-* [bsc#1022158c#4] - do not suggest php-suhosin at all as we do not build it (not ported to php7 yet) ------------------------------------------------------------------- Tue Jan 24 12:39:44 UTC 2017 - pgajdos@suse.com - updated to 7.0.15: Several security bugs were fixed in this release. ------------------------------------------------------------------- Mon Dec 12 17:30:19 UTC 2016 - fbui@suse.com - Replace pkgconfig(libsystemd-*) with pkgconfig(libsystemd) Nowadays pkgconfig(libsystemd) replaces all libsystemd-* libs, which are obsolete. ------------------------------------------------------------------- Mon Dec 12 09:37:39 UTC 2016 - pgajdos@suse.com - updated to 7.0.14: Several security bugs were fixed in this release. ------------------------------------------------------------------- Fri Nov 11 08:57:59 UTC 2016 - pgajdos@suse.com - updated to 7.0.13: This is a security release. Several security bugs were fixed in this release. ------------------------------------------------------------------- Mon Oct 24 15:03:41 UTC 2016 - pgajdos@suse.com - adjust firebird dependency ------------------------------------------------------------------- Mon Oct 17 15:27:30 UTC 2016 - pgajdos@suse.com - updated to 7.0.12: This is a security release. Several security bugs were fixed in this release. ------------------------------------------------------------------- Thu Sep 15 14:07:37 UTC 2016 - pgajdos@suse.com - updated to 7.0.11: Several security bugs were fixed in this release. ------------------------------------------------------------------- Wed Aug 31 06:13:36 UTC 2016 - crrodriguez@opensuse.org - php7-getrandom-test.patch: Fix incorrect test for the getrandom syscall. ------------------------------------------------------------------- Mon Aug 22 08:21:18 UTC 2016 - pgajdos@suse.com - updated to 7.0.10: Several security bugs were fixed in this release. ------------------------------------------------------------------- Mon Aug 1 14:10:20 UTC 2016 - pgajdos@suse.com - updated to 7.0.9: Several security bugs were fixed in this release, including the HTTP_PROXY issue. ------------------------------------------------------------------- Thu Jun 23 13:50:13 UTC 2016 - pgajdos@suse.com - updated to 7.0.8: This is a security release. Several security bugs were fixed in this release. - removed: php7-mbstring-missing-return.patch (upstreamed) ------------------------------------------------------------------- Mon Jun 20 11:37:51 UTC 2016 - pgajdos@suse.com - systemd unit: remove syslog.target from After [bsc#983938] ------------------------------------------------------------------- Mon May 30 09:30:57 UTC 2016 - pgajdos@suse.com - updated to 7.0.7: This is a security release. Several security bugs were fixed in this release. ------------------------------------------------------------------- Thu Apr 28 11:56:53 UTC 2016 - pgajdos@suse.com - updated to 7.0.6: This is a security release. Several security bugs were fixed in this release. * removed upstreamed php7-no-reentrant-crypt.patch ------------------------------------------------------------------- Mon Apr 25 09:47:49 UTC 2016 - schwab@linux-m68k.org - aarch64-mult.patch: fix asm constraints in aarch64 multiply macro ------------------------------------------------------------------- Thu Apr 7 08:19:27 UTC 2016 - pgajdos@suse.com - build for sle12 ------------------------------------------------------------------- Wed Apr 6 11:49:19 UTC 2016 - pgajdos@suse.com - correct public key ------------------------------------------------------------------- Fri Apr 1 09:46:54 UTC 2016 - pgajdos@suse.com - updated to 7.0.5 ------------------------------------------------------------------- Tue Mar 29 06:34:17 UTC 2016 - pgajdos@suse.com - firebird builds now ------------------------------------------------------------------- Thu Mar 3 20:34:01 UTC 2016 - jimmy@boombatower.com - update to 7.0.4 ------------------------------------------------------------------- Wed Feb 10 08:19:14 UTC 2016 - pgajdos@suse.com - updated to 7.0.3 ------------------------------------------------------------------- Thu Feb 4 12:19:51 UTC 2016 - pgajdos@suse.com - require postgresql-devel < 9.4 for sle12 to fix build ------------------------------------------------------------------- Fri Jan 29 07:26:51 UTC 2016 - pgajdos@suse.com - more versioned provides ------------------------------------------------------------------- Fri Jan 8 14:07:28 UTC 2016 - pgajdos@suse.com - update to 7.0.2: 31 reported bugs has been fixed, including 6 security related issues. ------------------------------------------------------------------- Mon Dec 21 03:09:27 UTC 2015 - jimmy@boombatower.com - update to 7.0.1 ------------------------------------------------------------------- Mon Dec 14 13:04:35 UTC 2015 - pgajdos@suse.com - php5-pear-Archive_Tar provides 1.4.0 - install .depdb and .depdblock files along metadata * php5-depdb-path.patch - versioned provides in subpackages ------------------------------------------------------------------- Mon Dec 14 01:00:31 UTC 2015 - jimmy@boombatower.com - Provide obsoletes for sub-packages to improve upgrade process. ------------------------------------------------------------------- Wed Dec 9 09:26:50 UTC 2015 - jimmy@boombatower.com - Obsolete php5 since php7 conflicts and should replace. ------------------------------------------------------------------- Mon Dec 7 09:11:59 UTC 2015 - pgajdos@suse.com - marcello at ceschia.de: fix path php-fpm.conf ------------------------------------------------------------------- Mon Nov 23 09:57:50 UTC 2015 - pgajdos@suse.com - set pear's metadata dir to %{peardir} ------------------------------------------------------------------- Mon Nov 16 13:37:51 UTC 2015 - aj@ajaissle.de - Spec cleanup * Split Archive_Tar from -pear sub packge to allow updating this part via rpm * Added "Provides: php-firebird" to -firebird sub package * Added "Provides: mod_php_any" to server api module packages -fastcgi and -fpm ------------------------------------------------------------------- Mon Nov 16 09:05:15 UTC 2015 - pgajdos@suse.com - test mod_php with %apache_test_module_curl - restart apache during mod_php upgrade ------------------------------------------------------------------- Tue Sep 8 10:52:00 UTC 2015 - pgajdos@suse.com - add php5-fix_net-snmp_disable_MD5.patch [bnc#944302] ------------------------------------------------------------------- Fri Sep 4 17:22:04 UTC 2015 - pgajdos@suse.com - fixed segfault in odbc extension when result set is containing NULL (php bugs #52554, #53007) [bnc#935074] (internal) + php7-odbc-cmp-int-cast.patch ------------------------------------------------------------------- Tue Jul 14 09:13:52 UTC 2015 - pgajdos@suse.com - updated to 7.0.0 * see NEWS for changes * see UPGRADING for 5.6.x -> 7.0.x transition - removed unneded or not upstreamed patches for long time: * php5-cloexec.patch * php5-missing-extdeps.patch * php5-format-string-issues.patch * php5-per-mod-log.patch * php5-apache24-updates.patch * php5-crypto-checks.patch * php5-systzdata-r12.patch (new: php7-systzdata-v13.patch) ------------------------------------------------------------------- Mon Jul 13 17:40:28 UTC 2015 - pgajdos@suse.com - updated to 5.6.11: Five security-related issues in PHP were fixed in this release, including CVE-2015-3152. ------------------------------------------------------------------- Thu Jun 25 04:01:44 UTC 2015 - crrodriguez@opensuse.org - php5-systemd-unit.patch: set Killmode=mixed in order to ensure fpm and children forked by script can terminate cleanly. ------------------------------------------------------------------- Wed Jun 24 07:32:15 UTC 2015 - pgajdos@suse.com - mod_php5.so executable ------------------------------------------------------------------- Thu Jun 18 09:49:11 UTC 2015 - pgajdos@suse.com - use apache-rpm-macros ------------------------------------------------------------------- Thu Jun 18 09:47:53 UTC 2015 - pgajdos@suse.com - updated to 5.6.10: Several bugs have been fixed as well as several security issues into some bundled libraries (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-2325 and CVE-2015-2326). ------------------------------------------------------------------- Fri Jun 5 23:59:37 UTC 2015 - mrueckert@suse.de - enable apparmor support: new BR libapparmor-devel ------------------------------------------------------------------- Mon May 18 08:11:14 UTC 2015 - pgajdos@suse.com - update to 5.6.9: Several bugs have been fixed. - systzdata patch updated to r12 - php5-systzdata-r10.patch + php5-systzdata-r12.patch ------------------------------------------------------------------- Fri Apr 24 06:17:51 UTC 2015 - pgajdos@suse.com - update to 5.6.8: Several bugs have been fixed some of them beeing security related, like CVE-2015-1351 and CVE-2015-1352. - refreshed php5-crypto-checks.patch ------------------------------------------------------------------- Mon Apr 20 12:03:05 UTC 2015 - pgajdos@suse.com - configure php-fpm with --localstatedir=/var [bnc#927147] ------------------------------------------------------------------- Wed Apr 8 06:15:10 UTC 2015 - pgajdos@suse.com - systzdata patch updated to r10 - php5-systzdata-v7.patch + php5-systzdata-r10.patch ------------------------------------------------------------------- Thu Apr 2 12:58:40 UTC 2015 - pgajdos@suse.com - build against system gd and libzip only for 13.2 and above ------------------------------------------------------------------- Tue Mar 24 13:26:49 UTC 2015 - pgajdos@suse.com - update to 5.6.7: Several bugs have been fixed as well as CVE-2015-0231, CVE-2015-2305 and CVE-2015-2331. ------------------------------------------------------------------- Tue Mar 24 13:21:19 UTC 2015 - pgajdos@suse.com - build against system gd [bnc#923946] ------------------------------------------------------------------- Fri Mar 20 08:18:12 UTC 2015 - pgajdos@suse.com - build against system libzip [bnc#922894] ------------------------------------------------------------------- Mon Feb 23 11:36:32 UTC 2015 - pgajdos@suse.com - update to 5.6.6: fixes several bugs and addresses CVE-2015-0235 and CVE-2015-0273. ------------------------------------------------------------------- Mon Feb 9 08:19:06 UTC 2015 - pgajdos@suse.com - added README.default_socket_timeout [bnc#907519] ------------------------------------------------------------------- Tue Feb 3 08:30:28 UTC 2015 - pgajdos@suse.com - fix sle_11_sp3 build ------------------------------------------------------------------- Mon Jan 26 08:52:12 UTC 2015 - pgajdos@suse.com - update to 5.6.5: This release fixes several bugs as well as CVE-2015-0231, CVE-2014-9427 and CVE-2015-0232. - removed patches: * php-CVE-2014-9426.patch * php-CVE-2014-9427.patch * php-CVE-2015-0231.patch ------------------------------------------------------------------- Wed Jan 21 11:14:46 UTC 2015 - pgajdos@suse.com - added php-CVE-2015-0231.patch [bnc#910659] ------------------------------------------------------------------- Mon Jan 5 14:34:23 UTC 2015 - pgajdos@suse.com - added php-CVE-2014-9426.patch [bnc#911663] - added php-CVE-2014-9427.patch [bnc#911664] ------------------------------------------------------------------- Fri Dec 19 08:00:32 UTC 2014 - pgajdos@suse.com - update to 5.6.4: This release fixes several bugs and one CVE related to unserialization. ------------------------------------------------------------------- Tue Nov 18 14:28:08 UTC 2014 - pgajdos@suse.com - update to 5.6.3: This release fixes several bugs and one CVE in the fileinfo extension. ------------------------------------------------------------------- Mon Oct 27 07:30:03 UTC 2014 - pgajdos@suse.com - update to 5.6.2: Four security-related bugs were fixed in this release, including fixes for CVE-2014-3668, CVE-2014-3669 and CVE-2014-3670. ------------------------------------------------------------------- Tue Oct 14 08:07:31 UTC 2014 - pgajdos@suse.com - upgraded to 5.6.1: * Several bugs were fixed in this release (including CVE-2014-3622). ------------------------------------------------------------------- Thu Oct 2 20:27:56 UTC 2014 - crrodriguez@opensuse.org - php5-crypto-checks.patch: Fix broken libcrypto checks DSA_get_default_method is in -lcrypto not -lssl - DO not use xorg-x11-devel, just pkgconfig(xpm) and xft - Support WEBP in the gd extension by buildrequiring libvpx-devel ------------------------------------------------------------------- Fri Aug 29 09:32:42 UTC 2014 - pgajdos@suse.com - fix CVE-2014-5459 [bnc#893849] ------------------------------------------------------------------- Fri Aug 29 06:06:20 UTC 2014 - pgajdos@suse.com - actually, there's no point to install pear from other source than from php tarball * remove source install-pear-nozlib.phar ------------------------------------------------------------------- Thu Aug 28 14:57:42 UTC 2014 - pgajdos@suse.com - updated PEAR to 1.9.5, bugfix release see http://pear.php.net/package/PEAR/download for details ------------------------------------------------------------------- Thu Aug 28 12:49:25 UTC 2014 - pgajdos@suse.com - updated to 5.6.0: * Most improvements in PHP 5.6.x have no impact on existing code. There are a few incompatibilities and new features that should be considered: http://php.net/manual/en/migration56.php - removed patches: * php5-big-file-upload.patch (upstreamed) * php5-suhosin-php55.patch (upstreamed) - modified patches: * php5-openssl.patch (refreshed) ------------------------------------------------------------------- Tue Aug 26 06:50:40 UTC 2014 - pgajdos@suse.com - This release fixes several bugs against PHP 5.5.15 and resolves CVE-2014-3538, CVE-2014-3587, CVE-2014-2497, CVE-2014-5120 and CVE-2014-3597. - removed patches: * php-CVE-2014-2497.patch ------------------------------------------------------------------- Tue Jul 29 08:04:01 UTC 2014 - pgajdos@suse.com - updated to 5.5.15: This release fixes several bugs against PHP 5.5.14. The list of changes is recorded in the ChangeLog or http://php.net/ChangeLog-5.php#5.5.15. - removed patches: * php-CVE-2014-4670.patch (upstreamed) * php-CVE-2014-4698.patch (upstreamed) ------------------------------------------------------------------- Thu Jul 17 14:32:29 UTC 2014 - pgajdos@suse.com - security update: * php-CVE-2014-4670.patch [bnc#886059] * php-CVE-2014-4698.patch [bnc#886060] - php-5.5.10-CVE-2014-2497.patch renamed to php-CVE-2014-2497.patch ------------------------------------------------------------------- Tue Jul 1 06:58:06 UTC 2014 - pgajdos@suse.com - updated to 5.5.14: This release fixes several bugs against PHP 5.5.13. Also, this release fixes a total of 8 CVEs, half of them concerning the FileInfo extension. - removed php-5.5.13-CVE-2014-4049.patch (upstreamed) ------------------------------------------------------------------- Tue Jun 17 15:56:53 UTC 2014 - pgajdos@suse.com - security update * php-5.5.13-CVE-2014-4049.patch [bnc#882992] ------------------------------------------------------------------- Tue Jun 17 07:17:37 UTC 2014 - pgajdos@suse.com - php5-5.5.10-CVE-2014-2497.patch renamed to php-5.5.10-CVE-2014-2497.patch to be consistent with other product php patches names ------------------------------------------------------------------- Tue Jun 3 12:03:33 UTC 2014 - pgajdos@suse.com - do not package latest_test_results.txt; instead, run build-test.sh twice: before and after source changes ------------------------------------------------------------------- Mon Jun 2 09:37:59 UTC 2014 - pgajdos@suse.com - updated to 5.5.13: This release fixes several bugs in PHP 5.5.12, and addresses two CVEs in Fileinfo (CVE-2014-0238 and CVE-2014-0237). ------------------------------------------------------------------- Wed May 7 12:08:46 UTC 2014 - pgajdos@suse.com - updated to 5.5.12: Fixed several bugs against PHP 5.5.11, as well as CVE-2014-0185 regarding PHP-FPM. - improved build-test.sh ------------------------------------------------------------------- Wed Apr 30 12:07:22 UTC 2014 - pgajdos@suse.com - build-test.sh: use relevant api for build; propagate build parameters to osc ------------------------------------------------------------------- Wed Apr 30 08:47:24 UTC 2014 - schwab@linux-m68k.org - php5-gcc_builtins.patch: remove unused patch ------------------------------------------------------------------- Tue Apr 29 09:34:56 UTC 2014 - pgajdos@suse.com - add build-test.sh and latest_test_results.txt for testing regressions in tests before and after update. Run sh build-test.sh after changes. php will get built and test results will be compared with latest_test_results.txt and differences reported. mv latest_test_results.txt.new latest_test_results.txt if differences are acceptable. ------------------------------------------------------------------- Wed Apr 9 06:29:41 UTC 2014 - pgajdos@suse.com - updated to 5.5.11: * Several bugs were fixed in this release, some bundled libraries updated and a security issue has been fixed : CVE-2013-7345. ------------------------------------------------------------------- Fri Apr 4 12:20:16 UTC 2014 - pgajdos@suse.com - fixed CVE-2014-2497 [bnc#868624] ------------------------------------------------------------------- Mon Mar 17 12:11:34 UTC 2014 - pgajdos@suse.com - updated to 5.5.10: * Several bugs were fixed in this release, including security issues related to CVEs. CVE-2014-1943, CVE-2014-2270 and CVE-2013-7327 have been addressed in this release. ------------------------------------------------------------------- Tue Feb 11 00:21:52 UTC 2014 - adaugherity@tamu.edu - Fix build on non-systemd distros (esp. SLES 11) ------------------------------------------------------------------- Fri Feb 7 09:46:47 UTC 2014 - pgajdos@suse.com - updated to 5.5.9: * This release fixes several bugs against PHP 5.5.8. * see NEWS or http://www.php.net/ChangeLog-5.php#5.5.9 for details - modified patches: * php5-no-build-date.patch (refreshed using quilt) ------------------------------------------------------------------- Mon Jan 13 08:35:59 UTC 2014 - pgajdos@suse.com - updated to 5.5.8: * fixes CVE-2013-6712 and build against freetype2 * see http://www.php.net/ChangeLog-5.php#5.5.8 for more * removed CVE-2013-6712.patch * removed freetype2_include_dir.patch ------------------------------------------------------------------- Fri Dec 20 12:03:41 UTC 2013 - hrvoje.senjan@gmail.com - Added php5-freetype2_include_dir.patch: Fixes check of freetype2 headers, as freetype2 2.5.1 changed the header location ------------------------------------------------------------------- Wed Dec 18 11:35:27 UTC 2013 - pgajdos@suse.com - updated to 5.5.7: * fixes some bugs against PHP 5.5.6 and it also includes a fix for CVE-2013-6420 in OpenSSL extension -> removed CVE-2013-6420.patch ------------------------------------------------------------------- Wed Dec 11 12:54:11 UTC 2013 - pgajdos@suse.com - security update [bnc#854880] * added CVE-2013-6420.patch ------------------------------------------------------------------- Tue Dec 3 12:24:28 UTC 2013 - pgajdos@suse.com - security update [bnc#853045] * added CVE-2013-6712.patch ------------------------------------------------------------------- Mon Nov 22 10:10:50 UTC 2013 - pgajdos@suse.com - updated to 5.5.6: * fixes some bugs against PHP 5.5.5, and adds some performance improvements. * see http://www.php.net/ChangeLog-5.php#5.5.6 for details ------------------------------------------------------------------- Mon Nov 22 10:10:49 UTC 2013 - pgajdos@suse.com - updated to 5.5.5: * This release fixes about twenty bugs against PHP 5.5.4, some of them regarding the build system. * added sys_temp_dir ini directive - removed custom-tmp-dir.patch (upstreamed) ------------------------------------------------------------------- Mon Nov 22 10:10:48 UTC 2013 - pgajdos@suse.com - updated to 5.5.4: * This release fixes several bugs against PHP 5.5.3. - crypt-tests.patch partially upstreamed - use zend_extension instead of extension directive in opcache.ini [bnc#840350] ------------------------------------------------------------------- Mon Nov 22 10:10:47 UTC 2013 - pgajdos@suse.com - updated to 5.5.3: These release fix a bug in the patch for CVE-2013-4248 in OpenSSL module and compile failure with ZTS enabled in PHP 5.4. ------------------------------------------------------------------- Mon Nov 22 10:10:46 UTC 2013 - pgajdos@suse.com - updated to 5.5.2: * About 20 bugs were fixed, including security issue in OpenSSL module (CVE-2013-4248) and session fixation problem (CVE-2011-4718). ------------------------------------------------------------------- Mon Nov 22 10:10:45 UTC 2013 - pgajdos@suse.com - updated to 5.5.1 * bugfixes incl. security fix in the XML parser ------------------------------------------------------------------- Mon Nov 22 10:10:44 UTC 2013 - Ralf Lang <lang@b1-systems.de> - replace php5-64-bit-post-large-files.patch with php5-big-file-upload.patch patch that uses def_t instead of signed long as suggested by upstream ------------------------------------------------------------------- Mon Nov 22 10:10:43 UTC 2013 - pgajdos@suse.com - updated to 5.5.0: * Added generators and coroutines. * Added the finally keyword. * Added a simplified password hashing API. * Added support for constant array/string dereferencing. * Added scalar class name resolution via ::class. * Added support for using empty() on the result of function calls and other expressions. * Added support for non-scalar Iterator keys in foreach. * Added support for list() constructs in foreach statements. * Added the Zend OPcache extension for opcode caching. * A lot more improvements and fixes. * PHP logo GUIDs have been removed. * Case insensitivity is no longer locale specific. All case insensitive matching for function, class and constant names is now performed in a locale independent manner according to ASCII rules. - buildrequire cyrus-sasl-devel explicitely - suhosin-php54.patch renamed to suhosin-php55.patch ------------------------------------------------------------------- Mon Nov 18 10:10:43 UTC 2013 - pgajdos@suse.com - update to 5.4.22: * About 10 bugs were fixed. * see http://www.php.net/ChangeLog-5.php#5.4.22 for details ------------------------------------------------------------------- Wed Oct 30 07:56:07 UTC 2013 - pgajdos@suse.com - updatedto 5.4.21: * About 10 bugs were fixed. * added custom-tmp-dir.patch by Per Jessen ------------------------------------------------------------------- Sun Oct 13 21:24:58 UTC 2013 - crrodriguez@opensuse.org - build with --with-fpm-systemd and install systemd unit - php5-systemd-unit.patch: tweak systemd unit for openSUSE requirements - php5-openssl.patch: only openSSL_config() is really needed. - Recommended for 13.1 and Factory ------------------------------------------------------------------- Wed Sep 25 09:30:23 UTC 2013 - pgajdos@suse.com - updated to 5.4.20: * About 30 bugs were fixed. ------------------------------------------------------------------- Thu Sep 5 12:44:11 UTC 2013 - pgajdos@suse.com - updated to 5.4.19: * These releases fix a bug in the patch for CVE-2013-4248 in OpenSSL module and compile failure with ZTS enabled in PHP 5.4. ------------------------------------------------------------------- Tue Aug 20 10:44:04 UTC 2013 - pgajdos@suse.com - updated to 5.4.18: * About 30 bugs were fixed, including security issues CVE-2013-4113 and CVE-2013-4248. ------------------------------------------------------------------- Thu Aug 1 21:28:15 UTC 2013 - crrodriguez@opensuse.org - php5-per-mod-log.patch: It turns out that requesting per-module logging support in 2.4 will not do a thing if the expansion of APLOG_USE_MODULE is not visible to all files of the module so place it in the header instead. ------------------------------------------------------------------- Wed Jul 31 01:21:24 UTC 2013 - crrodriguez@opensuse.org - php5-per-mod-log.patch Support apache 2.4 per module logging - php5-apache24-updates.patch Use proper API in apache 2.4 to determine when the module has to be loaded. I made this patches at least a year ago, but for some reason they went out of my radar and were not applied to upstream Will be submitted again soon. ------------------------------------------------------------------- Mon Jul 15 14:49:21 UTC 2013 - pgajdos@suse.com - updated to 5.4.17: Core: Fixed bug #64988 (Class loading order affects E_STRICT warning). Fixed bug #64966 (segfault in zend_do_fcall_common_helper_SPEC). Fixed bug #64960 (Segfault in gc_zval_possible_root). Fixed bug #64936 (doc comments picked up from previous scanner run). Fixed bug #64934 (Apache2 TS crash with get_browser()). Fixed bug #64166 (quoted-printable-encode stream filter incorrectly discarding whitespace). DateTime: Fixed bug #53437 (Crash when using unserialized DatePeriod instance). FPM: Fixed bug #64915 (error_log ignored when daemonize=0). Implemented FR #64764 (add support for FPM init.d script). PDO: Fixed bug #63176 (Segmentation fault when instantiate 2 persistent PDO to the same db server). PDO_DBlib: Fixed bug #63638 (Cannot connect to SQL Server 2008 with PDO dblib). Fixed bug #64338 (pdo_dblib can't connect to Azure SQL). Fixed bug #64808 (FreeTDS PDO getColumnMeta on a prepared but not executed statement crashes). PDO_firebird: Fixed bug #64037 (Firebird return wrong value for numeric field). Fixed bug #62024 (Cannot insert second row with null using parametrized query). PDO_mysql: Fixed bug #48724 (getColumnMeta() doesn't return native_type for BIT, TINYINT and YEAR). PDO_pgsql: Fixed bug #64949 (Buffer overflow in _pdo_pgsql_error). pgsql: Fixed bug #64609 (pg_convert enum type support). Readline: Implement FR #55694 (Expose additional readline variable to prevent default filename completion). SPL: Fixed bug #64997 (Segfault while using RecursiveIteratorIterator on 64-bits systems). ------------------------------------------------------------------- Tue Jun 18 10:32:25 UTC 2013 - jengelh@inai.de - Explicitly specify cyrus-sasl build dependency ------------------------------------------------------------------- Thu Jun 13 09:38:54 UTC 2013 - pgajdos@suse.com - updated to 5.4.16 - Core: . Fixed bug #64879 (Heap based buffer overflow in quoted_printable_encode, CVE 2013-2110). (Stas) . Fixed bug #64853 (Use of no longer available ini directives causes crash on TS build). (Anatol) . Fixed bug #64729 (compilation failure on x32). (Gustavo) . Fixed bug #64720 (SegFault on zend_deactivate). (Dmitry) . Fixed bug #64660 (Segfault on memory exhaustion within function definition). (Stas, reported by Juha Kylmänen) - Calendar: . Fixed bug #64895 (Integer overflow in SndToJewish). (Remi) - Fileinfo: . Fixed bug #64830 (mimetype detection segfaults on mp3 file). (Anatol) - FPM: . Ignore QUERY_STRING when sent in SCRIPT_FILENAME. (Remi) . Fixed some possible memory or resource leaks and possible null dereference detected by code coverity scan. (Remi) . Log a warning when a syscall fails. (Remi) . Add --with-fpm-systemd option to report health to systemd, and systemd_interval option to configure this. The service can now use Type=notify in the systemd unit file. (Remi) - MySQLi . Fixed bug #64726 (Segfault when calling fetch_object on a use_result and DB pointer has closed). (Laruence) - Phar . Fixed bug #64214 (PHAR PHPTs intermittently crash when run on DFS, SMB or with non std tmp dir). (Pierre) - SNMP: . Fixed bug #64765 (Some IPv6 addresses get interpreted wrong). (Boris Lytochkin) . Fixed bug #64159 (Truncated snmpget). (Boris Lytochkin) - Streams: . Fixed bug #64770 (stream_select() fails with pipes returned by proc_open() on Windows x64). (Anatol) - Zend Engine: . Fixed bug #64821 (Custom Exceptions crash when internal properties overridden). (Anatol) ------------------------------------------------------------------- Fri May 10 06:58:11 UTC 2013 - pgajdos@suse.com - updated to 5.4.15: Core: Fixed bug #64578 (debug_backtrace in set_error_handler corrupts zend heap: segfault). Fixed bug #64458 (dns_get_record result with string of length -1). Fixed bug #64433 (follow_location parameter of context is ignored for most response codes). Fixed bug #47675 (fd leak on Solaris). Fixed bug #64577 (fd leak on Solaris). Fileinfo: Upgraded libmagic to 5.14. Streams: Fixed Windows x64 version of stream_socket_pair() and improved error handling. Zip: Fixed bug #64342 (ZipArchive::addFile() has to check for file existence). ------------------------------------------------------------------- Fri Apr 26 19:45:03 UTC 2013 - adaugherity@tamu.edu - Conflict with php53 packages so zypper doesn't suggest installing a mix of php53-* (from SLES 11) and php5-* (these 5.4 packages). ------------------------------------------------------------------- Fri Apr 26 19:20:28 UTC 2013 - adaugherity@tamu.edu - Fix build on SLES 11 (no firebird) and openSUSE <= 12.1 (no separate libfbclient2-devel pkg). ------------------------------------------------------------------- Mon Apr 22 13:33:25 UTC 2013 - pgajdos@suse.com - use current install-pear-nozlib.phar from http://pear.php.net/install-pear-nozlib.phar - php5-pear package provides/obsoletes php5-pear-Archive_Tar, see explanation in the spec ------------------------------------------------------------------- Wed Apr 17 17:35:33 UTC 2013 - slavb18@gmail.com - add php5-firebird providing php5-interbase and php5-pdo_firebird ------------------------------------------------------------------- Mon Apr 15 09:38:23 UTC 2013 - pgajdos@suse.com - updated to 5.4.14: Core: Fixed bug #64529 (Ran out of opcode space). Fixed bug #64515 (Memoryleak when using the same variablename two times in function declaration). Fixed bug #64432 (more empty delimiter warning in strX methods). Fixed bug #64417 (ArrayAccess::&offsetGet() in a trait causes fatal error). Fixed bug #64370 (microtime(true) less than $_SERVER['REQUEST_TIME_FLOAT']). Fixed bug #64239 (Debug backtrace changed behavior since 5.4.10 or 5.4.11). Fixed bug #63976 (Parent class incorrectly using child constant in class property). Fixed bug #63914 (zend_do_fcall_common_helper_SPEC does not handle exceptions properly). Fixed bug #62343 (Show class_alias In get_declared_classes()). PCRE: Merged PCRE 8.32. SNMP: Fixed bug #61981 (OO API, walk: $suffix_as_key is not working correctly). Zip: Fixed bug #64452 (Zip crash intermittently). (Anatol) ------------------------------------------------------------------- Mon Apr 15 09:22:26 UTC 2013 - pgajdos@suse.com - libc-client.so needs -lssl ------------------------------------------------------------------- Fri Apr 5 13:34:28 UTC 2013 - pgajdos@suse.com - fixed 'http limits uploads to 2GB' [bnc#812800], see https://bugs.php.net/bug.php?id=44522 * 64bit-post-large-files.patch ------------------------------------------------------------------- Thu Mar 21 11:58:40 UTC 2013 - pgajdos@suse.com - updated to 5.4.13: Core: Fixed bug #64235 (Insteadof not work for class method in 5.4.11). Implemented FR #64175 (Added HTTP codes as of RFC 6585). Fixed bug #64142 (dval to lval different behavior on ppc64). Fixed bug #64070 (Inheritance with Traits failed with error). CLI server: Fixed bug #64128 (buit-in web server is broken on ppc64). Mbstring: mb_split() can now handle empty matches like preg_split() does. OpenSSL: Fixed bug #61930 (openssl corrupts ssl key resource when using openssl_get_publickey()). PDO_mysql: Fixed bug #60840 (undefined symbol: mysqlnd_debug_std_no_trace_funcs). Phar: Fixed timestamp update on Phar contents modification. SOAP Added check that soap.wsdl_cache_dir conforms to open_basedir (CVE-2013-1635). Disabled external entities loading (CVE-2013-1643, CVE-2013-1824). SPL: Fixed bug #64264 (SPLFixedArray toArray problem). Fixed bug #64228 (RecursiveDirectoryIterator always assumes SKIP_DOTS). Fixed bug #64106 (Segfault on SplFixedArray[][x] = y when extended). Fixed bug #52861 (unset fails with ArrayObject and deep arrays). SNMP: Fixed bug #64124 (IPv6 malformed). ------------------------------------------------------------------- Thu Mar 21 09:27:28 UTC 2013 - pgajdos@suse.com - updated to 5.4.12: * dropped sqlite.so (no longer shipped with 5.4) * dropped t1lib support * dropped %{suse_version} 10.x support * see /usr/share/doc/packages/php5/UPGRADING or http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/UPGRADING for details * source changes: D php-5.2.9-BNC-457056.patch -- renamed to php5-BNC-457056.patch D php-5.3.0-bnc513080.patch -- there's no relevant code in exif.c D php-5.3.1-systzdata-v7.patch -- renamed to php5-systzdata-v7.patch D php-5.3.2-aconf26x.patch -- dropped, it is not needed yet D php-5.3.2-ini.patch -- renamed to php5-ini.patch D php-5.3.2-no-build-date.patch -- renamed to php5-no-build-date.patch D php-5.3.22.tar.bz2 -- old tarball D php-5.3.4-format-string-issues.patch -- renamed to php5-format-string-issues.patch D php-5.3.4-pts.patch -- renamed to php5-pts.patch D php-5.3.6-gcc_builtins.patch -- renamed to php5-gcc_builtins.patch D php-5.3.6-ini-date.timezone.patch -- part of php5-ini.patch D php-5.3.8-CVE-2011-4153.patch -- fixed in 5.4 branch D php-5.3.8-crypt-tests.patch -- renamed to php5-crypt-tests.patch D php-5.3.8-no-reentrant-crypt.patch -- renamed to php5-no-reentrant-crypt.patch A php-5.4.13.tar.bz2 -- new version tarball D php-cloexec.patch -- renamed to php5-cloexec.patch M php-suse-addons.tar.bz2 -- content of tar balls are actualy equal A php5-BNC-457056.patch -- renamed from php-5.2.9-BNC-457056.patch, not rebased A php5-cloexec.patch -- renamed from php-cloexec.patch, rebased A php5-sytzdata-v7.patch -- renamed from sytzdata-v7.pach, not rebased A php-format-string-issues.patch -- renamed from php5-5.3.4-format-string-issues.patch, not rebased A php5-crypt-tests.patch -- renamed from php-5.3.8-crypt-tests.patch, not rebased A php5-gcc_builtins.patch -- renamed from php-5.3.6-gcc_builtins.patch, not rebased A php5-ini.patch -- renamed from php-5.3.2-ini.patch, rebased A php5-mbstring-missing-return.patch -- new patch, missing return M php5-missing-extdeps.patch -- rebased A php5-no-build-date.patch -- renamed from php-5.3.2-no-build-date.patch, rebased A php5-no-reentrant-crypt.patch -- renamed from php-5.3.8-no-reentrant-crypt.patch, not rebased M php5-openssl.patch -- rebased M php5-phpize.patch -- rebased A php5-pts.patch -- renamed from php-5.3.4-pts.patch, not rebased A php5-suhosin-php54.patch -- patch on top of suhosin-0.9.33.tgz to work with php 5.4 M php5.changes -- this change log M php5.spec -- new version, etc D suhosin-patch-5.3.3-0.9.10.patch.gz -- dropped, seems not be used for some time ------------------------------------------------------------------- Mon Feb 25 10:13:28 UTC 2013 - pgajdos@suse.com - updated to 5.3.22: . Fixed bug #64099 (Wrong TSRM usage in zend_Register_class alias). (Johannes) . Fixed bug #63899 (Use after scope error in zend_compile). (Laruence) . Fixed bug #63943 (Bad warning text from strpos() on empty needle). (Laruence) . Fixed bug #55397 (comparsion of incomplete DateTime causes SIGSEGV). (Laruence, Derick) . Fixed bug #63999 (php with fpm fails to build on Solaris 10 or 11). (Adam) . Added check that soap.wsdl_cache_dir conforms to open_basedir (CVE-2013-1635). (Dmitry) . Disabled external entities loading (CVE-2013-1643). (Dmitry) . Fixed bug #64106 (Segfault on SplFixedArray[][x] = y when extended). (Nikita Popov) ------------------------------------------------------------------- Thu Feb 7 12:05:01 UTC 2013 - pgajdos@suse.com - updated to 5.3.21: * Fixed bug #63762 (Sigsegv when Exception::$trace is changed by user). * Fixed bug (segfault due to libcurl connection caching). * Fixed bug #63795 (CURL >= 7.28.0 no longer support value 1 for CURLOPT_SSL_VERIFYHOST). etc. see NEWS for details ------------------------------------------------------------------- Thu Oct 18 10:18:41 UTC 2012 - pgajdos@suse.com - fix CVE-2011-4153 CVE-2011-4153 [bnc#741859] ------------------------------------------------------------------- Tue Oct 16 12:37:36 UTC 2012 - coolo@suse.com - add explicit buildrequire on libbz2-devel (having to patch old .changes file to avoid "double entry") ------------------------------------------------------------------- Thu Oct 11 09:16:27 UTC 2012 - pgajdos@suse.com - updated to 5.3.17: * Fixed bug (segfault while build with zts and GOTO vm-kind) * Fixed bug #62844 (parse_url() does not recognize // * etc. see NEWS for details ------------------------------------------------------------------- Mon Aug 27 14:47:48 UTC 2012 - pgajdos@suse.com - use FilesMatch with 'SetHandler' rather than 'AddHandler' [bnc#775852] ------------------------------------------------------------------- Mon Aug 27 14:44:27 UTC 2012 - pgajdos@suse.com - updated to 5.3.16: * fixes over 20 bugs, see NEWS for more details ------------------------------------------------------------------- Wed Jul 25 12:48:08 UTC 2012 - pgajdos@suse.com - updated to 5.3.15: * fixes over 30 bugs and includes a fix for a security related overflow issue in the stream implementation (CVE-2012-2688) [bnc#772582] and open_basedir bypass, CVE-2012-3365 [bnc#772580] ------------------------------------------------------------------- Mon Jun 18 17:08:57 UTC 2012 - pgajdos@suse.com - updated to 5.3.14: * bug-fix release, see NEWS for details ------------------------------------------------------------------- Fri May 25 15:10:26 UTC 2012 - pgajdos@suse.com - updated to 5.3.13: various security fixes, CVE-2012-1823, CVE-2012-2311, CVE-2012-2335, CVE-2012-2336 * removed php-5.3.10-pcre_fullinfo.patch * refreshed php-5.3.2-aconf26x.patch ------------------------------------------------------------------- Thu Mar 8 19:40:22 UTC 2012 - coolo@suse.com - fix license to spdx.org format ------------------------------------------------------------------- Tue Feb 28 09:08:30 UTC 2012 - pgajdos@suse.com - fixed build with new pcre (php bug 60986) ------------------------------------------------------------------- Sat Feb 4 16:35:07 UTC 2012 - crrodriguez@opensuse.org - Build with -fpie ------------------------------------------------------------------- Thu Feb 2 21:31:00 UTC 2012 - crrodriguez@opensuse.org - PHP 5.3.10, fixes CVE-2012-0830. ------------------------------------------------------------------- Sat Jan 28 18:52:35 UTC 2012 - crrodriguez@opensuse.org - remove unapplied patches ------------------------------------------------------------------- Wed Jan 18 15:17:02 UTC 2012 - pgajdos@suse.com - buildrequire libjpeg-devel ------------------------------------------------------------------- Tue Jan 17 08:35:44 UTC 2012 - pgajdos@suse.com - remove apache module conflict with apache2-worker [bnc#728671] - amended README.SUSE instead ------------------------------------------------------------------- Wed Jan 11 01:46:14 UTC 2012 - crrodriguez@opensuse.org - Update to version 5.3.9 * Drop already applied patches * This update only contain minor bug fixes, it is a stop over php 5.4.0 that should be out very soon. ------------------------------------------------------------------- Mon Jan 2 16:52:43 UTC 2012 - pgajdos@suse.com - security update: * CVE-2011-4885 [bnc#738221] -- added max_input_vars directive to prevent attacks based on hash collisions ------------------------------------------------------------------- Wed Dec 21 10:40:03 UTC 2011 - coolo@suse.com - add autoconf as buildrequire to avoid implicit dependency ------------------------------------------------------------------- Tue Dec 20 12:06:57 UTC 2011 - pgajdos@suse.com - apache module conflicts with apache2-worker [bnc#728671] ------------------------------------------------------------------- Fri Dec 16 13:31:56 UTC 2011 - pgajdos@suse.com - security update: * CVE-2011-4566 [bnc#733590] * CVE-2011-1466 [bnc#736169] ------------------------------------------------------------------- Tue Dec 6 12:24:39 UTC 2011 - coolo@suse.com - fix license - there is no 3.1 version of php license ------------------------------------------------------------------- Tue Nov 29 15:32:57 UTC 2011 - pgajdos@suse.com - build php against system's libcrypt, which drops extended DES support * crypt-tests.patch * no-reentrant-crypt.patch ------------------------------------------------------------------- Mon Nov 7 13:36:25 UTC 2011 - pgajdos@suse.com - security update: CVE-2011-3379 [bnc#728350] ------------------------------------------------------------------- Sun Sep 18 22:08:00 UTC 2011 - crrodriguez@opensuse.org - Fix wrong PAGE_SIZE assumption, must use sysconf() instead - Fix integer overflow when attempting to use more than 2 Gb of memory. ------------------------------------------------------------------- Mon Sep 5 01:20:22 UTC 2011 - crrodriguez@opensuse.org - call openssl_config too in order to load user-provided engine configuration. ------------------------------------------------------------------- Sat Sep 3 05:18:44 UTC 2011 - crrodriguez@opensuse.org - Cleanup patches for upcoming release. ------------------------------------------------------------------- Sun Aug 28 20:59:36 UTC 2011 - andrea.turrini@gmail.com - Fixed typos in php5.spec ------------------------------------------------------------------- Tue Aug 23 03:35:25 UTC 2011 - crrodriguez@opensuse.org - Fix very publicized critical bug in crypt() implementation ------------------------------------------------------------------- Fri Aug 12 02:27:08 UTC 2011 - crrodriguez@opensuse.org - Add mssql support with freetds - Update PHP snapshot. ------------------------------------------------------------------- Tue Aug 9 22:11:30 UTC 2011 - crrodriguez@opensuse.org - Update snapshot, more static analyzer fixes. ------------------------------------------------------------------- Sun Aug 7 20:32:28 UTC 2011 - crrodriguez@opensuse.org - Update snapshot, fix converity warnings ------------------------------------------------------------------- Fri Aug 5 03:00:45 UTC 2011 - crrodriguez@opensuse.org - Update snapshot, several check if malloc() succeeded. ------------------------------------------------------------------- Wed Aug 3 17:51:56 UTC 2011 - crrodriguez@opensuse.org - Fix build in Factory - Fix Segfault with allow_call_time_pass_reference = Off - Using class constants in array definition fails ------------------------------------------------------------------- Mon Aug 1 16:38:57 UTC 2011 - crrodriguez@opensuse.org - Add sqlite3 session storage, this is no more than a forward port of already existent sqlite2 backend ------------------------------------------------------------------- Sun Jul 31 16:06:16 UTC 2011 - crrodriguez@opensuse.org - Update snap, PHP 5.3.7-RC4 ------------------------------------------------------------------- Wed Jul 27 04:36:37 UTC 2011 - crrodriguez@opensuse.org - Update snapshot again. ------------------------------------------------------------------- Sat Jul 23 18:27:26 UTC 2011 - crrodriguez@opensuse.org - Update snapshot. ------------------------------------------------------------------- Thu Jul 14 04:42:23 UTC 2011 - crrodriguez@opensuse.org - is_a() function is throwing an annoying warning "Unknown class passed as parameter" which is noticeable when you use PEAR, fix it, if your code uses it you should be using the instanceof operator anyway. - Update bundled pear. ------------------------------------------------------------------- Mon Jul 11 18:25:52 UTC 2011 - crrodriguez@opensuse.org - Crash in gc_remove_zval_from_buffer CVE-NO-NAME - Crash in zend_mm_check_ptr // Heap corruption ------------------------------------------------------------------- Wed Jul 6 18:55:15 UTC 2011 - crrodriguez@opensuse.org - Fixed missing Expires and Cache-Control headers for ping and status pages - fix crypt() issue with overlong salt - Fixed bug #52935 (call exit in user_error_handler cause stream relate core). ------------------------------------------------------------------- Mon Jun 27 04:12:25 UTC 2011 - crrodriguez@opensuse.org - Fix crash in error_log (strlen with NULL) - Fixed exit at FPM startup on fpm_resources_prepare - Added master rlimit_files and rlimit_core - Removed pid in debug logs written by chrildren processes - Replaced shm_slots with a real scoreboard ------------------------------------------------------------------- Wed Jun 22 21:05:07 UTC 2011 - crrodriguez@opensuse.org - Enable mysqlnd compression protocol. ------------------------------------------------------------------- Thu Jun 16 19:24:49 UTC 2011 - crrodriguez@opensuse.org - Update snapshot to 5.3.7 RC1 ------------------------------------------------------------------- Tue Jun 14 17:10:52 UTC 2011 - crrodriguez@opensuse.org - Allow bison 2.5 -File path injection vulnerability in RFC1867 File upload CVE-2011-2202. ------------------------------------------------------------------- Fri Jun 10 21:25:59 UTC 2011 - crrodriguez@opensuse.org - Update 5.3 snap - Fix compiler failure that happended after compile error. - Stream not closed and error not returned when SSL CN_match fails. ------------------------------------------------------------------- Mon Jun 6 23:08:38 UTC 2011 - crrodriguez@opensuse.org - Update 5.3 snap - Update bundled PEAR - Case discrepancy in timezone names cause Uncaught exception and fatal error. - SEEK_CUR with 0 value, returns a warning - Restore fix: do not accept paths with NULL in them ------------------------------------------------------------------- Fri Jun 3 16:35:22 UTC 2011 - crrodriguez@opensuse.org - Update to version 5.3.6.201106031621 - Crash when calling call_user_func with unknown function name - Fixed double registering of browscap ini directive ------------------------------------------------------------------- Sun May 29 20:12:46 UTC 2011 - crrodriguez@opensuse.org - Drop Update alternatives usage, there are no alternatives PHP4 is gone and PHP6 is not coming at any time soon. - Remove "mm" support from session module, virtually nothing uses it and it doesnt support proper locking, mount /var/lib/php5 in tmpfs instead. ------------------------------------------------------------------- Sun May 29 17:10:52 UTC 2011 - crrodriguez@opensuse.org - Update to 5.3.6.201105291701 * Fixes random crash with apache2 SAPI and php_admin_value in virtualhost configuration. ------------------------------------------------------------------- Fri May 20 02:52:34 UTC 2011 - crrodriguez@opensuse.org - Update 5.3 branch - Fix a few memory leaks - Check if tempfile can be created in phar extension - Fix problems with __halt_compiler and imported namespaces - Properly handle out of memory conditions in mysqlnd ------------------------------------------------------------------- Sat May 14 17:59:07 UTC 2011 - crrodriguez@opensuse.org - Update 5.3 branch. - Fix user after free in xmlreader extension. ------------------------------------------------------------------- Mon May 9 01:16:17 UTC 2011 - crrodriguez@opensuse.org - Update to current 5.3 svn version. - For practical reasons now the hash extension is built-in,hence deprecates package php5-hash, it is nowdays required by the session and phar extensions but must be statically built to work. - Drop php5-session patch, needed only to workaround compile failure when hash extension is built as loadable extension. - php.ini now clearly says that by "3" in session.hash_function we mean SHA256. ------------------------------------------------------------------- Fri Apr 29 03:33:41 UTC 2011 - crrodriguez@opensuse.org - Update to a recent 5.3.x SVN version, mostly bug fixes * track_errors causes segfault * classes from dl()'ed extensions are not destroyed * Crash when assigning value to a dimension in a non-array * use-after-free in substr_replace() ------------------------------------------------------------------- Wed Apr 13 23:39:33 UTC 2011 - crrodriguez@opensuse.org - fix crash on destruction. - allow openssl extension to be built w/o SSLv2 ------------------------------------------------------------------- Tue Apr 5 06:41:50 UTC 2011 - lang@b1-systems.de - Add a default to date.timezone because php5 warns that this is a required setting and clutters up the output in zypper installations of pear packages and other places - Versions after 5.3.6 may make this fatal ------------------------------------------------------------------- Sat Apr 2 00:52:57 UTC 2011 - crrodriguez@opensuse.org - Intl extension failed to load [bnc#659868] - Fix update-alternatives usage,will be dropped in the future. ------------------------------------------------------------------- Mon Mar 28 20:46:25 UTC 2011 - sbutler1@illinois.edu - Add tcpd-devel for building the SNMP extension on SLE_10 and apache_server_SLE_10. ------------------------------------------------------------------- Thu Mar 17 17:07:26 UTC 2011 - crrodriguez@opensuse.org - Update to php 5.3.6 final * Enforce security in the fastcgi protocol parsing with fpm SAPI. * Fixed bug #54247 (format-string vulnerability on Phar). (CVE-2011-1153) * Fixed bug #54193 (Integer overflow in shmop_read()). (CVE-2011-1092) * Fixed bug #54055 (buffer overrun with high values for precision ini setting). * Fixed bug #54002 (crash on crafted tag in exif). (CVE-2011-0708) * Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive). (CVE-2011-0421) ------------------------------------------------------------------- Wed Mar 16 03:49:41 UTC 2011 - crrodriguez@opensuse.org - Upgrade to PHP 5.3.6.RC3 * Drop obsoleted patches * fix some rpmlint warnings * Hundreds of changes, see NEWS for details ------------------------------------------------------------------- Wed Mar 9 23:57:21 UTC 2011 - crrodriguez@opensuse.org - Fix more date in binaries causing pointless republish of pkgs. ------------------------------------------------------------------- Fri Feb 25 09:50:17 UTC 2011 - chris@computersalat.de - fix for macros.php o devel pkg must have Obsoletes/Provides: php-macros ------------------------------------------------------------------- Tue Feb 22 11:22:52 CET 2011 - pgajdos@suse.cz - security fixes * CVE-2011-0420 [bnc#672933] * CVE-2011-0708 [bnc#671710] ------------------------------------------------------------------- Thu Feb 10 17:06:50 UTC 2011 - chris@computersalat.de - extend macros.php o __php, __phpize, __php_config, php_version o __pear, php_peardir, php_pearxmldir o php_pear_gen_filelist - add README.macros ------------------------------------------------------------------- Thu Jan 13 17:20:40 CET 2011 - pgajdos@suse.cz - security fix: * fopen_https_proxy_auth_fix.patch [bnc#656523] ------------------------------------------------------------------- Mon Jan 10 18:52:45 UTC 2011 - cristian.rodriguez@opensuse.org - export PHP_MYSQLND_ENABLED=yes to solve the mysqlnd problem when extensions are built shared. [bnc#661464] ------------------------------------------------------------------- Mon Jan 10 15:31:19 UTC 2011 - cristian.rodriguez@opensuse.org - Go back to libmysql as there is currently no way to build shared mysql extensions with mysqlnd. [bnc#661464] ------------------------------------------------------------------- Sun Jan 9 01:32:33 UTC 2011 - cristian.rodriguez@opensuse.org - Use mysqlnd driver, this is a newer PHP-native mysql extension, that does not require external libraries. Now you can use mysql, mariadb or drizzle without extra libs. fixes bnc #661464 and other old feature requests. ------------------------------------------------------------------- Thu Jan 6 22:44:12 UTC 2011 - cristian.rodriguez@opensuse.org - Update to version 5.3.5, Critical Update * Fixed bug #53632 (PHP hangs on numeric value 2.2250738585072011e-308). (CVE-2010-4645) Only 32 bit binaries affected, confirmed in factory i586. ------------------------------------------------------------------- Fri Dec 17 21:37:18 UTC 2010 - cristian.rodriguez@opensuse.org - revert unsuitable patch php-5.3.4-dlopen.patch ------------------------------------------------------------------- Tue Dec 14 23:19:26 UTC 2010 - cristian.rodriguez@opensuse.org - Add php-5.3.4-dlopen.patch from fedora,makes dlopen to use bind_now instead of lazy. - Compiler is now in C99 mode for both core and extensions. ------------------------------------------------------------------- Tue Dec 14 01:08:07 UTC 2010 - cristian.rodriguez@opensuse.org - fix format string bug in Phar extension I just found http://bugs.php.net/bug.php?id=53541 and the underlying issue, which is the lack of format attributes in several core prototypes. ------------------------------------------------------------------- Mon Dec 13 01:53:50 UTC 2010 - cristian.rodriguez@opensuse.org - Update to PHP 5.3.4 final * Fixed crash in zip extract method (possible CWE-170). * Paths with NULL in them (foo\0bar.txt) are now considered as invalid (CVE-2006-7243). * Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150). * Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709). * Fixed possible flaw in open_basedir (CVE-2010-3436). * Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950). * Fixed symbolic resolution support when the target is a DFS share. * Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) (CVE-2010-3710). * Key Bug Fixes in PHP 5.3.4 include: * Added stat support for zip stream. * Added follow_location (enabled by default) option for the http stream support. * Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al. * Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend multibyte at runtime. * Multiple improvements to the FPM SAPI. * Over 100 other bug fixes. - SUSE specific; * enable PTY support in proc_open (temporary) ------------------------------------------------------------------- Wed Nov 24 01:47:31 CET 2010 - ro@suse.de - xft-config is gone ------------------------------------------------------------------- Tue Nov 2 02:23:00 UTC 2010 - cristian.rodriguez@opensuse.org - Update to 5.3.3_svn201011020214 * Fix Performance issue, array_diff may take hours instead of seconds in some scenarios,regression appeared in version 5.2.5 ------------------------------------------------------------------- Wed Oct 27 22:09:03 UTC 2010 - cristian.rodriguez@opensuse.org - Update to 5.3.3_svn20101027xx - Fix init script again. ------------------------------------------------------------------- Thu Oct 14 03:36:44 UTC 2010 - crrodriguez@opensuse.org - update to 5.3.3_svn201010140300 - Fix php-fpm init script. ------------------------------------------------------------------- Sat Oct 9 16:20:10 UTC 2010 - cristian.rodriguez@opensuse.org - Update to an slightly newer PHP 5.3.3.x snap, fixes around 100 bugs including open_basedir problems. - add the fpm sapi to the package. ------------------------------------------------------------------- Tue Aug 3 04:36:49 UTC 2010 - cristian.rodriguez@opensuse.org - Clarify changelog this update fixed: * VUL-0: php5 new unserialize() flaw CVE-2010-2225 [bnc#616232] * VUL-0: php5: MOPS-2010-021: fnmatch() Stack Exhaustion Vulnerability [bnc#605097] * VUL-0: php5: MOPS-2010-017: preg_quote() Interruption Information Leak [bnc#605100] * VUL-0: php5: MOPS-2010-022 use after free [bnc#609763] * VUL-0: php5-phar: MOPS-2010-0{24,25,26,27,28} format string bugs [bnc#609766] * VUL-0: php5: MOPS-2010-0{32,33,34} use space interruption in iconv functions [bnc#609768] * VUL-0: php5: MOPS-2010-0{36,37,38,39,40} userspace interruptions [bnc#609769] * VUL-0: php5: MOPS-2010-0{36..46} userspace interruptions [bnc#609769] * VUL-0: php5: MOPS-2010-047/048 information leak [bnc#612555] * VUL-0: php5: MOPS-2010-049/50/51/52/53/54/55 memory corruption and/or info leak [bnc#612556] * VUL-0: PHP5: Session Data Injection Vulnerability [bnc#619483] * VUL-0: PHP5: multiple heap based buffer overflows [bnc#619486] * bugzilla numbers 619487,619489,619469,609766.. ------------------------------------------------------------------- Tue Jul 20 03:15:19 UTC 2010 - cristian.rodriguez@opensuse.org - Update to PHP 5.3.3 RC3 - Massive lot of security fixes see list here http://www.php-security.org/category/vulnerabilities/index.html ------------------------------------------------------------------- Tue Jun 1 16:32:20 UTC 2010 - cristian.rodriguez@opensuse.org - possible fix for [bnc#610633] ------------------------------------------------------------------- Fri Apr 16 15:51:49 UTC 2010 - crrodriguez@opensuse.org - use FD_CLOEXEC flag to avoid annoying races. ------------------------------------------------------------------- Sun Apr 4 12:43:07 UTC 2010 - crrodriguez@opensuse.org - remove obsolete buildRequires ------------------------------------------------------------------- Fri Apr 2 14:59:46 UTC 2010 - crrodriguez@opensuse.org - remove build date from binaries so they dont get republished every time - fix invalid path ------------------------------------------------------------------- Thu Apr 1 22:03:47 UTC 2010 - crrodriguez@opensuse.org - add missing patch, refresh patches with -p0 ------------------------------------------------------------------- Thu Apr 1 21:38:12 UTC 2010 - crrodriguez@opensuse.org - Update to PHP 5.3.2, see NEWS for details ------------------------------------------------------------------- Fri Mar 5 23:06:10 UTC 2010 - dimstar@opensuse.org - Add php5-autoconf-2.65.patch to fix build with autoconf 2.65; it's a backported combination of svn commits 291283, 291284 and 291332. - Workaround old php bug http://bugs.php.net/bug.php?id=21153 by replacing -ledit with -ledit -lncurses in the resulting configure scripts. This became apparent problem due to libedit being built with as-needed now. - Add php5-bug51224.patch to fix buffer overflows happening in strcpy. It;s a combination of upstream svn revs 284097 and 284099 ------------------------------------------------------------------- Sun Jan 17 16:47:17 CET 2010 - vuntz@opensuse.org - Remove unneeded gtk-devel BuildRequires. ------------------------------------------------------------------- Mon Jan 11 13:36:50 UTC 2010 - aj@suse.de - Remove obsolete build requires of orbit-devel. ------------------------------------------------------------------- Tue Dec 22 18:36:04 CET 2009 - jengelh@medozas.de - avoid alignment crash on alignment-sensitive CPUs (bugs.php.net#46074) ------------------------------------------------------------------- Wed Dec 2 18:27:41 UTC 2009 - coolo@novell.com - update patch to fix build ------------------------------------------------------------------- Tue Oct 6 21:56:32 UTC 2009 - crrodriguez@opensuse.org - Fixed wrong harcoded mysql socket [bnc#544516] - Fixed wrong default include_path ------------------------------------------------------------------- Tue Sep 8 13:20:55 CEST 2009 - crrodriguez@suse.de - make php5-pear noarch in Factory ------------------------------------------------------------------- Wed Aug 26 15:30:59 CEST 2009 - crrodriguez@suse.de - remove obsolete patches - apply ini patch - enable mhash compatibility in the hash extension and obsolete php5-mhash - add macros.php to the source list ------------------------------------------------------------------- Mon Aug 24 02:53:28 CEST 2009 - crrodriguez@suse.de - PHP read_exif_data() only returns the first letter of UTF-16 strings [bnc#518300] ------------------------------------------------------------------- Sun Aug 23 23:03:49 CEST 2009 - crrodriguez@suse.de - fix missing return values of suhosin extension ------------------------------------------------------------------- Thu Aug 20 00:03:39 CEST 2009 - crrodriguez@novell.com - fix build on CODE10 products ------------------------------------------------------------------- Wed Aug 19 23:45:26 CEST 2009 - crrodriguez@novell.com - fix horrible broken open_basedir functionality ------------------------------------------------------------------- Sun Aug 16 16:19:19 CEST 2009 - crrodriguez@suse.de - update suhosin extension to version 0.9.29 - mysql extensions now use mysqlnd instead of libmysqlclient. - enable sqlite3 extension, part of the php5-sqlite package - enable enchant extension - enable fileinfo extension - enable intl extension ------------------------------------------------------------------- Fri Aug 14 23:57:25 CEST 2009 - crrodriguez@suse.de - add suhosin patch and newer suhosin extension for compatibility reasons ------------------------------------------------------------------- Thu Aug 13 21:23:57 CEST 2009 - crrodriguez@suse.de - Upgrade to PHP 5.3, see http://www.php.net/ChangeLog-5.php for the huge list of changes - remove dbase and ncurses extension ------------------------------------------------------------------- Thu Jul 16 15:44:47 CEST 2009 - coolo@novell.com - disable as-needed to fix build ------------------------------------------------------------------- Fri Jun 19 14:06:27 CEST 2009 - crrodriguez@suse.de - update to PHP 5.2.10 *Fixed bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files) * Added "ignore_errors" option to http fopen wrapper. (David Zulke, Sara) * Fixed memory corruptions while reading properties of zip files. (Ilia) * Fixed memory leak in ob_get_clean/ob_get_flush. (Christian) * Fixed segfault on invalid session.save_path. (Hannes) * Fixed leaks in imap when a mail_criteria is used. (Pierre) * Changed default value of array_unique()'s optional sorting type parameter back to SORT_STRING to fix backwards compatibility breakage introduced in PHP 5.2.9. (Moriyoshi) * Fixed bug #47940 (memory leaks in imap_body). (Pierre, Jake Levitt) * Fixed bug #47903 ("@" operator does not work with string offsets). (Felipe) * Fixed bug #47644 (Valid integers are truncated with json_decode()). (Scott) * Fixed bug #47564 (unpacking unsigned long 32bit big endian returns wrong result). (Ilia) * Fixed bug #47365 (ip2long() may allow some invalid values on certain 64bit systems). * Over 100 bug fixes. ------------------------------------------------------------------- Thu May 21 22:29:41 CEST 2009 - crrodriguez@suse.de - add temporary backport of openssl prng function ------------------------------------------------------------------- Sat Mar 14 18:38:21 CET 2009 - crrodriguez@suse.de - Update to version 5.2.9, security and bugfix release * VUL-0: php5: memory disclosure by imagerotate() [bnc#480850] * VUL-0: php5: mbstring.func_overload set in .htaccess becomes global [bnc#471419] * Fixed a segfault when malformed string is passed to json_decode() * Fixed explode() behavior with empty string to respect negative limit. ------------------------------------------------------------------- Sun Dec 14 16:55:52 CET 2008 - crrodriguez@suse.de - remove ming extension, moved to server:php:extensions later ------------------------------------------------------------------- Tue Dec 9 05:50:38 CET 2008 - crrodriguez@suse.de - Update to PHP 5.2.8 ------------------------------------------------------------------- Mon Dec 8 17:30:53 CET 2008 - crrodriguez@suse.de - fix BLOCKER magic_quotes breakage, if your code relies on this feature, it is broken,time to press the panic button. ------------------------------------------------------------------- Fri Dec 5 16:26:42 CET 2008 - crrodriguez@suse.de - update to PHP 5.2.7 final, no mayor changes since RC5 ------------------------------------------------------------------- Fri Nov 28 15:26:15 CET 2008 - crrodriguez@suse.de - update to PHP 5.2.7RC5 see news for details ------------------------------------------------------------------- Fri Nov 21 02:22:25 CET 2008 - crrodriguez@suse.de - update to PHP 5.2.7RC4, see news for details ------------------------------------------------------------------- Sun Nov 16 04:43:25 CET 2008 - crrodriguez@suse.de - update to PHP 5.2.7RC3, see NEWS for details ------------------------------------------------------------------- Mon Sep 8 10:38:25 CEST 2008 - crrodriguez@suse.de - update suhosin to version 0.9.27 * Fixed problem with suhosin.perdir Thanks to Hosteurope for tracking this down * Fixed problems with ext/uploadprogress Reported by: Christian Stocker * Added suhosin.srand.ignore and suhosin.mt_srand.ignore (default: on) * Modified rand()/srand() to use the Mersenne Twister algorithm with separate state * Added better internal seeding of rand() and mt_rand() ------------------------------------------------------------------- Mon Jul 14 00:14:13 CEST 2008 - crrodriguez@suse.de - merge patches from schwab ------------------------------------------------------------------- Fri May 2 10:12:59 CEST 2008 - crrodriguez@suse.de - update to PHP 5.2.6 * Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin. * Fixed integer overflow in printf() identified by Maksymilian Aciemowicz. * Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh. * Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz. * Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser. * Fixed two possible crashes inside the posix extension. * Fixed bug #44069 (Huge memory usage with concatenation using . instead of .=) * Fixed bug #44141 (private parent constructor callable through static function). * Fixed bug #43589 (a possible infinite loop in bz2_filter.c). * Fixed bug #43450 (Memory leak on some functions with implicit object __toString() call). * Fixed bug #43201 (Crash on using uninitialized vals and __get/__set). * Fixed bug #42978 (mismatch between number of bound params and values causes a crash in pdo_pgsql). * Fixed bug #42937 (__call() method not invoked when methods are called on parent from child class). * Fixed bug #42736 (xmlrpc_server_call_method() crashes). * Fixed bug #42369 (Implicit conversion to string leaks memory). * Fixed bug #41562 (SimpleXML memory issue). * Fixed bug #43606 (define missing depencies of the exif extension). (crrodriguez at suse dot de) * Fixed bug #43498 (file_exists() on a proftpd server got SIZE not allowed in ASCII mode). (Ilia, crrodriguez at suse dot de) * Over 120 bug fixes. ------------------------------------------------------------------- Wed Feb 6 00:37:17 CET 2008 - crrodriguez@suse.de - update suhosin extension to version 0.9.23 - Fixed suhosin extension now compiles with snapshots of PHP 5.3 - Fixed crypt() behaves like normal again when there is no salt supplied - wrong Obsoletes causes upgrade trouble [bnc #355618] ------------------------------------------------------------------- Fri Feb 1 10:47:45 CET 2008 - mmarek@suse.cz - use %%_with_ming and %%_with_qdbm instead of %%opensuse_bs, enables building in the bs in other projects than server:php (bnc#357917) ------------------------------------------------------------------- Fri Jan 11 08:06:38 CET 2008 - crrodriguez@suse.de - Try patch recently published by Redhat that allows PHP to use the system timezone database instead of the bundled one. ------------------------------------------------------------------- Mon Jan 7 07:07:53 CET 2008 - crrodriguez@suse.de - Do not hard require php5-timezonedb, instead provide a capability php(tzdatabase) = builtin_tz_ver so it gets installed via rpm Supplements only when needed. ------------------------------------------------------------------- Thu Dec 27 08:10:15 CET 2007 - crrodriguez@suse.de - PHP is leaking file descriptors badly on relative includes (php-5.2.5-fdleak.patch) ------------------------------------------------------------------- Thu Dec 13 05:35:08 CET 2007 - crrodriguez@suse.de - suhosin 0.9.22 - Fixed function_exists() now checks the Suhosin permissions - Fixed crypt() salt no longer uses Blowfish by default - Fixed .htaccess/perdir support - Fixed compilation problem on OS/X - Added protection against some attacks through _SERVER variables - Added suhosin.server.strip and suhosin.server.encode ------------------------------------------------------------------- Tue Dec 11 06:37:03 CET 2007 - crrodriguez@suse.de - use /dev/urandom for generating session-IDs [#337005] - L3: PHP: Venezuela Time Zone Update starting date changed to December 9 [#345548] ------------------------------------------------------------------- Mon Nov 12 06:40:39 CET 2007 - crrodriguez@suse.de - update to PHP 5.2.5 * Fixed dl() to only accept filenames. reported by Laurent Gaffie. * Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). * Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences. * Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie. * Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable in .htaccess due to the security implications reported by SecurityReason. * Fixed bug #42869 (automatic session id insertion adds sessions id to non-local forms). * Fixed bug #41561 (Values set with php_admin_* in httpd.conf can be overwritten with ini_set()). * Upgraded PCRE to version 7.3 (Nuno) * Added optional parameter $provide_object to debug_backtrace(). (Sebastian) * Added alpha support for imagefilter() IMG_FILTER_COLORIZE. (Pierre) * Added ability to control memory consumption between request using ZEND_MM_COMPACT environment variable. (Dmitry) * Improved speed of array_intersect_key(), array_intersect_assoc(), array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and array_udiff_assoc(). (Dmitry) * Fixed move_uploaded_file() to always set file permissions of resulting file according to UMASK. (Andrew Sitnikov) * Fixed possible crash in ext/soap because of uninitialized value. (Zdash Urf) * Fixed regression in glob() when enforcing safe_mode/open_basedir checks on paths containing '*'. (Ilia) * Fixed PDO crash when driver returns empty LOB stream. (Stas) * Fixed iconv_*() functions to limit argument sizes as workaround to libc bug (CVE-2007-4783, CVE-2007-4840 by Laurent Gaffie). (Christian Hoffmann, Stas) * Fixed missing brackets leading to build warning and error in the log. Win32 code. (Andrey) * Fixed leaks with multiple connects on one mysqli object. (Andrey) * Fixed imagerectangle regression with 1x1 rectangle (libgd #106). (Pierre) * Fixed bug #43196 (array_intersect_assoc() crashes with non-array input). (Jani) * Fixed bug #43139 (PDO ignores ATTR_DEFAULT_FETCH_MODE in some cases with fetchAll()). (Ilia) * Fixed bug #43137 (rmdir() and rename() do not clear statcache). (Jani) * Fixed bug #43130 (Bound parameters cannot have - in their name). (Ilia) * Fixed bug #43099 (XMLWriter::endElement() does not check # of params). (Ilia) * Fixed bug #43020 (Warning message is missing with shuffle() and more than one argument). (Scott) * Fixed bug #42976 (Crash when constructor for newInstance() or newInstanceArgs() fails) (Ilia) * Fixed bug #42917 (PDO::FETCH_KEY_PAIR doesn't work with setFetchMode). (Ilia) * Fixed bug #42890 (Constant "LIST" defined by mysqlclient and c-client). (Andrey) * Fixed bug #42818 ($foo = clone(array()); leaks memory). (Dmitry) * Fixed bug #42817 (clone() on a non-object does not result in a fatal error). (Ilia) * Fixed bug #42785 (json_encode() formats doubles according to locale rather then following standard syntax). (Ilia) * Fixed bug #42783 (pg_insert() does not accept an empty list for insertion). (Ilia) * Fixed bug #42773 (WSDL error causes HTTP 500 Response). (Dmitry) * Fixed bug #42772 (Storing $this in a static var fails while handling a cast to string). (Dmitry) * Fixed bug #42767 (highlight_string() truncates trailing comment). (Ilia) * Fixed bug #42739 (mkdir() doesn't like a trailing slash when safe_mode is enabled). (Ilia) * Fixed bug #42703 (Exception raised in an iterator::current() causes segfault in FilterIterator) (Marcus) * Fixed bug #42699 (PHP_SELF duplicates path). (Dmitry) * Fixed bug #42654 (RecursiveIteratorIterator modifies only part of leaves) (Marcus) * Fixed bug #42643 (CLI segfaults if using ATTR_PERSISTENT). (Ilia) * Fixed bug #42637 (SoapFault : Only http and https are allowed). (Bill Moran) * Fixed bug #42627 (bz2 extension fails to build with -fno-common). (dolecek at netbsd dot org) * Fixed bug #42596 (session.save_path MODE option does not work). (Ilia) * Fixed bug #42590 (Make the engine recognize \v and \f escape sequences). (Ilia) * Fixed bug #42587 (behavior change regarding symlinked .php files). (Dmitry) * Fixed bug #42579 (apache_reset_timeout() does not exist). (Jani) * Fixed bug #42549 (ext/mysql failed to compile with libmysql 3.23). (Scott) * Fixed bug #42523 (PHP_SELF duplicates path). (Dmitry) * Fixed bug #42512 (ip2long('255.255.255.255') should return 4294967295 on 64-bit PHP). (Derick) * Fixed bug #42506 (php_pgsql_convert() timezone parse bug) (nonunnet at gmail dot com, Ilia) * Fixed bug #42462 (Segmentation when trying to set an attribute in a DOMElement). (Rob) * Fixed bug #42453 (CGI SAPI does not shut down cleanly with -i/-m/-v cmdline options). (Dmitry) * Fixed bug #42452 (PDO classes do not expose Reflection API information). (Hannes) * Fixed bug #42468 (Write lock on file_get_contents fails when using a compression stream). (Ilia) * Fixed bug #42488 (SoapServer reports an encoding error and the error itself breaks). (Dmitry) * Fixed bug #42378 (mysqli_stmt_bind_result memory exhaustion). (Andrey) * Fixed bug #42359 (xsd:list type not parsed). (Dmitry) * Fixed bug #42326 (SoapServer crash). (Dmitry) * Fixed bug #42214 (SoapServer sends clients internal PHP errors). (Dmitry) * Fixed bug #42189 (xmlrpc_set_type() crashes php on invalid datetime values). (Ilia) * Fixed bug #42139 (XMLReader option constants are broken using XML()). (Rob) * Fixed bug #42086 (SoapServer return Procedure '' not present for WSIBasic compliant wsdl). (Dmitry) * Fixed bug #41822 (Relative includes broken when getcwd() fails). (Ab5602, Jani) * Fixed bug #39651 (proc_open() append mode doesn't work on windows). (Nuno) ------------------------------------------------------------------- Thu Aug 30 03:52:35 CEST 2007 - crrodriguez@suse.de - update to PHP 5.2.4, no relevant changes since RC3. ------------------------------------------------------------------- Fri Aug 24 11:11:41 CEST 2007 - crrodriguez@suse.de - PHP 5.2.4RC3 - Fixed version_compare() to support "rc" as well as "RC" for release candidate version numbers. - Fixed bug #42368 (Incorrect error message displayed by pg_escape_string). (Ilia) - Fixed phpbug #42365 and Novell bugzilla #292998 (glob() crashes and/or accepts way too many flags). (Jani) - Fixed bug #42183 (classmap causes crash in non-wsdl mode). (Dmitry) - Fixed bug #42009 (is_a() and is_subclass_of() should NOT call autoload, in the same way as "instanceof" operator). (Dmitry) - Fixed bug #41904 (proc_open(): empty env array should cause empty environment to be passed to process). (Jani) - Fixed bug #37273 (Symlinks and mod_files session handler allow open_basedir bypass). (Ilia) - remove wrong hardcoded requirement on libedit - devel package at least does not need libtool the php build enviroment uses a private copy. - drop no longer needed patches already in upstream ------------------------------------------------------------------- Fri Aug 17 14:46:08 CEST 2007 - anosek@suse.cz - updated to version 5.2.4RC2 - Fixed oci8 and PDO_OCI extensions to allow configuring with Oracle 11g client libraries. (Chris Jones) - Fixed bug #42292 ($PHP_CONFIG not set for phpized builds). (Jani) - Fixed bug #42261 (header wrong for date field). (roberto at spadim dot com dot br, Ilia) - Fixed bug #42259 (SimpleXMLIterator loses ancestry). (Rob) - Fixed bug #42247 (ldap_parse_result() not defined under win32). (Jani) - Fixed bug #42243 (copy() does not output an error when the first arg is a dir). (Ilia) - Fixed bug #42242 (sybase_connect() crashes). (Ilia) - Fixed bug #42237 (stream_copy_to_stream returns invalid values for mmaped streams). (andrew dot minerd at sellingsource dot com, Ilia) - Fixed bug #42222 (possible buffer overflow in php_openssl_make_REQ). (Pierre) - Fixed bug #42211 (property_exists() fails to find protected properties from a parent class). (Dmitry) - Fixed bug #42208 (substr_replace() crashes when the same array is passed more than once). (crrodriguez at suse dot de, Ilia) - Fixed bug #42198 (SCRIPT_NAME and PHP_SELF truncated when inside a userdir and using PATH_INFO). (Dmitry) - Fixed bug #42195 (C++ compiler required always). (Jani) - Fixed bug #42117 (bzip2.compress loses data in internal buffer). (Philip, Ilia) - Fixed bug #42082 (NodeList length zero should be empty). (Hannes) - Fixed bug #36492 (Userfilters can leak buckets). (Sara) - Fixed bug #31892 (PHP_SELF incorrect without cgi.fix_pathinfo, but turning on screws up PATH_INFO). (Dmitry) ------------------------------------------------------------------- Mon Aug 6 19:28:46 CEST 2007 - anosek@suse.cz - updated to version 5.2.4RC1 - dropped obsoleted PHP_5_2-CVS-2007-07-30.patch.bz2 ------------------------------------------------------------------- Mon Jul 30 15:31:19 CEST 2007 - mmarek@suse.cz - updated to latest state of PHP_5_2 branch; highlights from the NEWS file: - Upgraded PCRE to version 7.2 (Nuno) - Updated timezone database to version 2007.6. (Derick) - Improved openssl_x509_parse() to return extensions in readable form. (Dmitry) - Changed "display_errors" php.ini option to accept "stderr" as value which makes the error messages to be outputted to STDERR instead of STDOUT with CGI and CLI SAPIs (FR #22839). (Jani) - Changed error handler to send HTTP 500 instead of blank page on PHP errors. (Dmitry, Andrei Nigmatulin) - Added check for unknown options passed to configure. (Jani) - Added persistent connection status checker to pdo_pgsql. (Elvis Pranskevichus, Ilia) - Added support for ATTR_TIMEOUT inside pdo_pgsql driver. (Ilia) - Added php_ini_loaded_file() function which returns the path to the actual php.ini in use. (Jani) - Added GD version constants GD_MAJOR_VERSION, GD_MINOR_VERSION GD_RELEASE_VERSION, GD_EXTRA_VERSION and GD_VERSION_STRING. (Pierre) - Added missing open_basedir checks to CGI. (anight at eyelinkmedia dot com, Tony) - Added missing format validator to unpack() function. (Ilia) - Added missing error check inside bcpowmod(). (Ilia) - Added CURLOPT_PRIVATE & CURLINFO_PRIVATE constants. (Andrey A. Belashkov, Tony) - Added missing MSG_EOR and MSG_EOF constants to sockets extension. (Jani) - Added PCRE_VERSION constant. (Tony) - Added ReflectionExtension::info() function to print the phpinfo() block for an extension. (Johannes) - Implemented FR #41884 (ReflectionClass::getDefaultProperties() does not handle static attributes). (Tony) - plus lots of bugfixes - fixed the pear phar archive to run with 5.2.4 [http://bugs.php.net/bug.php?id=42146] ------------------------------------------------------------------- Wed Jul 25 10:11:15 CEST 2007 - mmarek@suse.cz - added /var/lib/pear to php5-pear.rpm ------------------------------------------------------------------- Tue Jul 24 12:34:32 UTC 2007 - judas_iscariote@shorewall.net - fix nasty deadlock in pear - update php5-ze2-fixes.patch and actually apply it. ------------------------------------------------------------------- Tue Jul 17 07:52:46 CEST 2007 - anosek@suse.cz - fixed YOU honors Recommends, breaks php update [#291551] (moved php-suhosin from Recommends to Suggests) ------------------------------------------------------------------- Mon Jun 25 12:07:56 CEST 2007 - mmarek@suse.cz - provide /srv/www/cgi-bin/php5 compat symlink instead of patching config files ------------------------------------------------------------------- Sat Jun 23 11:03:50 UTC 2007 - judas_iscariote@shorewall.net - fixed a mess with update-alternatives PreReq uncovered by newer build versions. actually every subpackage that uses update-alternatives should PreReq it. - fix some ZE2 bugs. ------------------------------------------------------------------- Tue Jun 12 14:33:57 CEST 2007 - mmarek@suse.cz - drop php5.xpm and the Icon: line from the specfile (the icon is not used at all and it breaks rpm -q --specfile php5.spec) ------------------------------------------------------------------- Fri Jun 1 03:23:28 UTC 2007 - judas_iscariote@shorewall.net - PHP version 5.2.3 see http://www.php.net/releases/5_2_3.php - important: PHP-cgi now lives in /usr, package attempts to fix both lighttpd and apache2 fastcgi config files. ------------------------------------------------------------------- Wed May 30 01:36:58 UTC 2007 - judas_iscariote@shorewall.net - use system re2c in factory. - enable support for qbdm in the dba extension (build service only) - enable the ming extension (build service only) ------------------------------------------------------------------- Mon May 21 12:00:45 CEST 2007 - mmarek@suse.cz - fixed the dba extension adding -ldb-4.x to global LDFLAGS, causing unnecessary dependency in /usr/bin/php5 [http://bugs.php.net/bug.php?id=41455] ------------------------------------------------------------------- Sat May 19 22:59:37 UTC 2007 - judas_iscariote@shorewall.net - updated suhosin to version 0.9.20, security fix + bugfixes see http://www.hardened-php.net/suhosin/changelog.html for more detail. ------------------------------------------------------------------- Mon May 14 03:13:01 UTC 2007 - judas_iscariote@shorewall.net - fix devel package, in the reality PHP does not currenly require expat. headers provides a expat compatibility layer but it is no longer in use by our packages as libxml2 is always prefered, (and HAVE_LIBEXPAT is not defined) ------------------------------------------------------------------- Fri May 11 13:22:29 UTC 2007 - judas_iscariote@shorewall.net - update php5-test-fixes fixing another bug in zend_compile.c - use rpm macros in the spec file - when removing apache2-mod_php5, unload it from apache first. - when updating apache2-mod_php5 restart apache with restart on update macro. ------------------------------------------------------------------- Sun May 6 21:49:54 UTC 2007 - judas_iscariote@shorewall.net - HTTP_RAW_POST_DATA superglobal broken (php5-phpbug-41293.patch) - better fix for MOPB 41. ------------------------------------------------------------------- Sat May 5 00:59:25 UTC 2007 - judas_iscariote@shorewall.net - remove --enable-memory-limit configure flag, it disappeared in 5.2.1, nowdays memory_limit is always enabled. ------------------------------------------------------------------- Fri May 4 13:16:05 CEST 2007 - prusnak@suse.cz - changed expat to libexpat-devel in Requires of devel subpackage ------------------------------------------------------------------- Fri May 4 09:58:35 UTC 2007 - judas_iscariote@shorewall.net - add php5-test-fixes.patch fixing a test case that wont pass on i586 as well a real fix for Zend/tests/bug41117_1.phpt problem, that was commited after the release was done. there is another test case that fails in 10.2 ext/pcre/tests/bug40195.phpt but this is not a PHP problem but a bug in PCRE. - added missing fix for PMOPB-45-2007 PHP ext/filter Email Validation Vulnerability (minor) ------------------------------------------------------------------- Fri May 4 05:58:13 UTC 2007 - judas_iscariote@shorewall.net - php5-devel package now requires pcre-devel for > 10.1 as 5.2.2 installs php_pcre.h header that needs it. ------------------------------------------------------------------- Thu May 3 13:44:11 CEST 2007 - mmarek@suse.cz - fixed some new compiler warnings ------------------------------------------------------------------- Thu May 3 08:25:46 UTC 2007 - judas_iscariote@shorewall.net - upgrade to PHP 5.2.2, fixed hundreds of bugs including MOPB ones if you need the complete changes see http://www.php.net/ChangeLog-5.php#5.2.2 ------------------------------------------------------------------- Thu May 3 04:47:57 UTC 2007 - judas_iscariote@shorewall.net - Upgrade suhosin extension to version 0.9.19 see http://www.hardened-php.net/suhosin/changelog.html for details ------------------------------------------------------------------- Fri Mar 30 11:34:29 CEST 2007 - mmarek@suse.de - added bison to BuildRequires, removed update-desktop-files ------------------------------------------------------------------- Thu Mar 22 17:29:44 CET 2007 - mmarek@suse.de - fixed unpack() on big-endian 64bit (revert-phpbug38770.patch) - blacklist more env variables when safe_mode is on (php5-config.patch) ------------------------------------------------------------------- Sat Mar 17 14:00:00 CET 2007 - judas_iscariote@shorewall.net - fix Requires of -devel package to include only what is really needed for operation of the pecl tool as well the neccesary headers to compile php extensions. - Fix MOPB 24 "PHP array_user_key_compare() Double DTOR Vulnerability" - note that fix for MOPB 23 was included in the previous patchset. ------------------------------------------------------------------- Wed Mar 14 14:00:00 CET 2007 - judas_iscariote@shorewall.net - add security fixes for MOPB 20, 21 and 22. - RPM_BUILD_ROOT is never defined in %post. ------------------------------------------------------------------- Fri Mar 11 14:00:00 CET 2007 - judas_iscariote@shorewall.net - fix/workaround for php5-gd problem with typo3 [#236680] - add fix for MOPB-14-2007 PHP substr_compare() Information Leak Vulnerability. - add secfix for import_request_variables() ancient problem, users of suhosin extension are not affected. - Run the test suite here ------------------------------------------------------------------- Tue Mar 06 14:00:00 CET 2007 - judas_iscariote@shorewall.net - Update suhosin extension to version 0.9.18 fixing a session problem. ------------------------------------------------------------------- Mon Mar 05 14:00:00 CET 2007 - judas_iscariote@shorewall.net - Update suhosin extension to version 0.9.17. see http://www.hardened-php.net/suhosin/changelog.html for details. ------------------------------------------------------------------- Thu Feb 15 14:00:00 CET 2007 - judas_iscariote@shorewall.net - add t1lib support in php5-gd (10.3 and up only) - an off-by-one in str_replace may cause a crash. ------------------------------------------------------------------- Wed Feb 08 14:00:00 CET 2007 - judas_iscariote@shorewall.net - PHP 5.2.1. for a full list of changes see http://www.php.net/ChangeLog-5.php#5.2.1 - add Obsoletes for extensions we dont ship anymore ------------------------------------------------------------------- Fri Feb 02 14:00:00 CET 2007 - judas_iscariote@shorewall.net - fix getenv() modifing $_POST, breaks suhosin badly when register_* is On and variables orde is "GPCS" (default). - change/remove obsoleted patches ------------------------------------------------------------------- Tue Jan 30 11:08:09 CET 2007 - anosek@suse.cz - synced with BuildService * file "session_mm_apache2handler0.sem" written at boot [#229200] (php5-config.patch) * for certain functionality php5-exif requires php5-mbstring * php5-ldap requires php5-openssl * remove LDAP_DEPRECATED from CFLAGS, module already takes care of this. * patch potential HTTP_SESSION_VARS et all hijack when register_globals is On users from suhosin extension are not affected.(php5-session-rgon-hijack.patch) * on 10.2 and up php5-devel should require pcre-devel sqlite-devel sqlite2-devel * php5-devel is mostly useless without autoconf automake libtool bison make gcc. * added patches: phpbug-39350.patch oldhat-phpinputdata-secfix.patch ze2-fixes.patch filter.patch ext-lib64again.patch ------------------------------------------------------------------- Fri Jan 26 11:10:44 CET 2007 - mmarek@suse.cz - fixed string comparison in xmlrpc module (strcmp.patch) - allways apply %%patch9 ------------------------------------------------------------------- Fri Jan 26 11:01:28 CET 2007 - mmarek@suse.cz - updated the curl module from cvs to fix build with curl-7.16 (curl-cvs-fix.patch, dropped gcc.patch) ------------------------------------------------------------------- Tue Dec 19 14:19:28 CET 2006 - anosek@suse.cz - fixed VUL-0: php session.save_path open_basedir bypass [#227569] (save_path-secfix.patch) ------------------------------------------------------------------- Wed Dec 6 16:42:52 CET 2006 - anosek@suse.cz - synced with BuildService * updated Suhosin patch to 0.9.6.2 * updated Suhosin extension to 0.9.16 * fixed php5-devel should provide PECL tool [#204006] * use bundled sqlite in suse versions =< 10.1 (pdo_sqlite stopped working properly with older sqlite3 libs) * do not use zend-multibyte anymore, please refer to phpbug #36711 and associated links, no applications uses this feature in the real world since it is disabled in all other distributions/OS.seems to cause more problems than solutions. * change php.ini, back to short_open_tag =off (the default) the package that depended on this setting no longer does. Also explicitely set the upload_tmp_dir in php.ini to deal with open_basedir recent changes (please refer to phpbug #39123) for the details. * suhosin.ini uses just the default recommended settings ------------------------------------------------------------------- Wed Nov 8 15:15:43 CET 2006 - anosek@suse.cz - created symlinks /usr/bin/php and /usr/bin/pear [#216166] ------------------------------------------------------------------- Tue Nov 7 11:47:40 CET 2006 - mmarek@suse.cz - fixed implicit function decls in suhosin patch (keep the original patch intact and put fixes into separate patch) ------------------------------------------------------------------- Mon Nov 6 10:15:34 CET 2006 - mmarek@suse.cz - updated to 5.2.0 final - merged changes from buildservice (by soporte@onfocus.cl): - updated suhosin to 0.9.10 - added suhosin patch - build with system PCRE if suse_release > 10.1 only [#215610] - suhosin extension does not require PDO - suhosin added to the reccommended list - php5-pspell to require at least aspell-en otherwise is useless [#217272] ------------------------------------------------------------------- Thu Oct 26 12:13:16 CEST 2006 - anosek@suse.cz - php5-sqlite now uses our sqlite and sqlite2 packages to build and not bundled ones [#201440] - updated suhosin to 0.9.9 ------------------------------------------------------------------- Fri Oct 20 17:04:34 CEST 2006 - nadvornik@suse.cz - update to 5.2.0RC6 ------------------------------------------------------------------- Fri Oct 20 00:12:12 CEST 2006 - postadal@suse.cz - reset right path in extension_dir (php5-php-config.patch) ------------------------------------------------------------------- Mon Oct 9 17:53:27 CEST 2006 - postadal@suse.cz - update to version 5.2.0RC5 - added suhosin extension (the hardened php replacement) [#210886] ------------------------------------------------------------------- Sun Oct 8 10:17:53 CEST 2006 - postadal@suse.cz - update to version 5.2.0RC4 * added DSA key generation support to openssl_pkey_new() * updated PCRE to version 6.7 * increased default memory limit to 16 megabytes to accommodate for a more accurate memory utilization measurement * added support for httpOnly flag for session extension and cookie setting functions * added version specific registry keys to allow different configurations for different php version * added "PHPINIDir" Apache directive to apache and apache_hooks SAPIs * added an optional boolean parameter to memory_get_usage() and memory_get_peak_usage() to get memory size allocated by emalloc() or real size of memory allocated from system * moved extensions to PECL (filepro and hwapi) * improved SNMP, OpenSSL extension * improved the Zend memory manager, FastCGI SAPI, CURL, PCRE, PDO, SPL, xmlReader - merged changes from openSUSE build service * build without --enable-sigchild [#206533, php#28294, php#38342] * build CLI with libedit support (really-with-libedit.patch) * tweaked the default config a bit, to make it more secure * removed ini entries related to extensions we don't ship * t1lib is not currently needed for build, we need t1lib5 to do something useful * removeed --enable-ucd-snmp-hack (needed for ucd-snmp, but we use net-snmp) * pdo_odbc provided by php-odbc * php-suse-addons : o PHP5 is unlikely to parse php3 code, remove the file association o corrected apache directive is AddHandler not AddType * dropped extensions: o mysql, mysqli and pdo_mysql provided by php-mysql (reduce package count) o php-pdo_sqlite provided by php-sqlite o php-pdo_pgsql provided by php-pgsql o filepro dropped by upstream * new extension: o filter (kept static and cannot be unloaded, due security reasons) o json (added as Recommended) o zip (it uses a bundled library) - fixed gcc issues (gcc.patch) - droped obsoleted patches: include_path.patch, bug-37720.patch, bug-37306.patch, cgi_bugs.patch, bug-37587.patch, gd-fixes.patch, bug-37416.patch, main_bugs.patch, soap.patch, standard.patch, mbstring_bugs.patch, ze2_bugs.patch, xsl_bugs.patch, curl.patch ------------------------------------------------------------------- Wed Aug 16 14:01:02 CEST 2006 - postadal@suse.cz - fixed build with X11R7 ------------------------------------------------------------------- Wed Jul 26 16:36:05 CEST 2006 - postadal@suse.cz - updated to version 5.1.4 * FastCGI interface was completely reimplemented * multitude of improvements to the SPL, SimpleXML, GD, CURL and Reflection extensions * support for many additional date formats added to the strtotime() * a performance improvements added to the engine and core extensions * added imap_savebody() that allows message body to be written to a file * added lchown() and lchgrp() to change user/group ownership of symlinks * upgraded bundled PCRE library to version 6.6 - merged changes from openSUSE build service * removed unneeded sablot-devel,sqlite-devel,pcre-devel,fam-devel and libmcal from BuildRequires * added php-ctype,php-dom,php-iconv,php-pdo,php-pdo_sqlite,php-sqlite, php-tokenizer,php-xmlreader,php-xmlwriter to Recommends * added php-mbstring php-gd php-pear php-gettext php-mysqli to Suggests * added support for optional readline(libedit) for CLI (disabled by default) * patches for zendengine (ze2_bugs.patch), xsl (xsl_bugs.patch), curl (curl.patch) and mbstring bugs (mbstring_bugs.patch), big soap patch (soap.patch) * removed obsoleted patches * fixed Safe Mode Bypass [#188243] (standard.patch) * upstream patches [php#37306, php#37416, php#37587, php#37720] [php#37576, php#37496, php#37341, php#37313, php#37256] (cgi_bugs.patch) [php#37346, php#37360] (gd-fixes.patch) * fixed build inconsistences, added php-hash module [#173023] * added pdo_odbc.so to php-odbc module [#190614] * build without explicit safe_mode and magic_quotes (unneeded) * removed useless GD --with-ttf configure option, only suitable for freetype 1 ------------------------------------------------------------------- Fri Jun 9 12:54:47 CEST 2006 - poeml@suse.de - fix BuildRequires to build on SUSE Linux 10.1, 10.0, 9.3 - use the -fstack-protector compile switch only on 10.0 and newer ------------------------------------------------------------------- Thu May 11 12:55:32 CEST 2006 - postadal@suse.cz - fixed memory leak in imagecreatefromgif() [#173451] (phpbug-37346.patch) - fixed possibility of a wrong element being deleted by zend_hash_del() [#175976] (zend_hash_del.patch) - fixed substr_compare() when offset equals string length [#169038, php#37394] (CVE-2006-1991, phpbug-37394.patch) - fixed _emalloc() on 64bit archs [#169038] (emalloc.patch) ------------------------------------------------------------------- Wed May 3 15:16:05 CEST 2006 - postadal@suse.cz - fixed completely broken SplTempFileObject [php#37257] (phpbug-37257.patch) - fixed problem with with $_POST array [php#37276] (phpbug-37276.patch) ------------------------------------------------------------------- Wed Apr 12 15:24:24 CEST 2006 - postadal@suse.cz - fixed security problem in copy() and tempname() [#164845] (CVE-2006-1494-1608.patch) - fixed phpinfo() XSS [#164804] (CVE-2006-0996.patch) - fixed memory leak in html_entity_decode [#161718] (CVE-2006-1490.patch) - fixed multiple imap safemode and open_basedir restriction bypass [#154317] (CVE-2006-1017.patch) ------------------------------------------------------------------- Mon Mar 27 17:39:43 CEST 2006 - postadal@suse.cz - fixed buffer overrun in ftp_fopen_wrapper (ftp_fopen_wrapper.patch) ------------------------------------------------------------------- Tue Mar 14 11:44:04 CET 2006 - postadal@suse.cz - added updating APACHE_MODULES in /etc/sysconfig/apache2 [#155333] - added forgotten regenerated sources for (parse_date.patch and phpbug-36459.patch) - fixed upstream bugs: [php#36420] (phpbug-36420) - segfault when access result->num_rows after calling result->close() (mysqli-64bit.patch) - fixed a 64-bit problem ------------------------------------------------------------------- Fri Mar 3 14:13:14 CET 2006 - postadal@suse.cz - fixed a possible null injection in mbstring (mbstring-null_injection.patch) - fixed upstream bugs: [mysql#16144] (phpbug-16144) - fix for MySQL 5.1 (mysql_stmt_attr_get) [php#36656] (phpbug-36656) - http_build_query generates invalid URIs due to use of square brackets [php#36396,36510,36510,36638] (parse_date.patch) - fixed few bugs in date/time parsing (string.patch) - added overflow checks to wordwrap() function [php#36459] (phpbug-36459) - incorrect adding PHPSESSID to links, which contains \r\n ------------------------------------------------------------------- Fri Mar 3 14:13:13 CET 2006 - postadal@suse.cz - added php5-openssl to php5-ftp Requires [#154273] - added safe_mode num of parameter check for mb_send_mail [#154315] ------------------------------------------------------------------- Fri Feb 10 19:32:13 CET 2006 - postadal@suse.cz - fixed upstream bugs: [php#36306] (phpbug-36306.patch) - fixed crc32() for 64bit arch [php#36351] (phpbug-36351.patch) - parse_url() did not parse numeric paths properly (spl_directory.patch) [php#35998] - getPathname() method always returns unix style filenames [php#36134] - DirectoryIterator constructor failed to detect empty directory names [php#36258] - SplFileObject::getPath() may lead to segfault [php#36287] [php#36295] [php#36359] - splFileObject::fwrite() doesn't write when no data length specified (session2.patch) - fixed logic, if the client already sent us the cookie, we don't need to send it again (soap.patch) [php#36226, php#36083, php#36283] (math.patch, simplexml.patch, mbstring.patch, zend_operators.patch, xp_socket.patch) - initialize variables ------------------------------------------------------------------- Sat Feb 4 16:51:18 CET 2006 - postadal@suse.cz - removed gd-devel from BuildRequires (better used bundled modified gd lib) - fixed upstream bugs: [php#36268] (phpbug-36268.patch) [php#36148] (phpbug-36148.patch) [php#36185] (phpbug-36185.patch) [php#36208] (phpbug-36208.patch) [php#36158] (phpbug-36158.patch) ------------------------------------------------------------------- Tue Jan 31 14:08:55 CET 2006 - postadal@suse.cz - reverted default value for short_open_tag to On [#145895] ------------------------------------------------------------------- Mon Jan 30 18:05:13 CET 2006 - postadal@suse.cz - fixed upstream bugs: [php#36176] (phpbug-36176.patch) (pdo.patch) - properly rewrite queries where a bound parameter appears more then once ------------------------------------------------------------------- Mon Jan 30 13:59:35 CET 2006 - poeml@suse.de - removed libapr-util1-devel from BuildRequires (apache2-devel does require it) ------------------------------------------------------------------- Wed Jan 25 21:40:11 CET 2006 - mls@suse.de - converted neededforbuild to BuildRequires ------------------------------------------------------------------- Tue Jan 24 16:03:31 CET 2006 - postadal@suse.cz - added php5-pdo to requires for pdo_mysql, pdo_pgsql, pdo_sqlite and sqlite and php5-dom to requires for xmlreader and xsl [#144360] - revert name of extensions (appended suffix .so) [#143552] - removed _FILE_OFFSET_BITS=64 and _LARGEFILE_SOURCE from CFLAGS (doesn't work with apache2 configuration, which uses libapr with native support for large files) [#144362] - added -fstack-protector ------------------------------------------------------------------- Mon Jan 23 17:28:34 CET 2006 - postadal@suse.cz - added forgoted extension xmlwrite - gave back simple dot to include_path [#129682] - fixed upstream bugs: [php#36071] (phpbug-36011.patch) [php#36016] (phpbug-36016.patch) - realpath cache memleaks [php#36071] (phpbug-36071.patch) - Zend engine crash related with 'clone' (zend-fix.patch) - fix issues with static method invocation - ce_child is properly initialized [php#36046] (phpbug-36046.patch) - parse_ini_file() miscounts lines in multi-line values [php#36037] (phpbug-36037.patch) - heredoc adds extra line number [php#36006] (phpbug-36006.patch) - problem with $this in __destruct() (gd.patch) - improve open_basedir checks in GD [php#36007] (phpbug-36007.patch) - added new mysqli constants for BIT and NEW_DECIMAL field types (for mysql 5) (session.patch) - check for special characters in the session name (xmlreader.patch) - 64bit fixes ------------------------------------------------------------------- Thu Jan 19 17:41:37 CET 2006 - postadal@suse.cz - disable discard-path for fastcgi binary [#143564] ------------------------------------------------------------------- Wed Jan 18 22:15:00 CET 2006 - postadal@suse.cz - updated to version 5.1.2 - removed obsoleted patches: CAN-2005-1042_1043.patch, CVE-2005-3353.patch, openssl.patch, soap.patch, pdo.patch, simplexml.patch, curl.patch, ze.patch - added pdo, pdo_mysql, pdo_pgsql, pdo_sqlite extensions ------------------------------------------------------------------- Tue Jan 17 19:30:45 CET 2006 - mrueckert@suse.de - remove apache2-mod_fastcgi from nfb it seems to be unused ------------------------------------------------------------------- Sat Jan 14 18:50:37 CET 2006 - kukuk@suse.de - Add gmp-devel to nfb ------------------------------------------------------------------- Tue Jan 10 01:59:39 CET 2006 - ro@suse.de - avoid rpath /usr/ssl/lib in curl ext ------------------------------------------------------------------- Wed Jan 4 15:16:03 CET 2006 - postadal@suse.cz - updated to version 5.1.1 [#135635, #139297] - removed obsoleted patches: php5-with_lib.patch, soap.patch, posix.patch, gcc4.patch, save_path-segfault.patch, basedir-fix.patch, RPC-CAN-2005-1921.patch, RPC-CAN-2005-2498.patch, pcre-overflow-bug-106209.patch, CVE-2005-3388.patch, CVE-2005-3389.patch, CVE-2005-3390.patch, mod_rewrite-fix.patch, mbstring.patch, CVE-2005-3391.patch, CVE-2005-3392.patch, errordocument-fix.patch - removed sqlite2 from build dependencies and added libtidy libtidy-devel - removed dbx, fam, yp, dio extensions (upstream deprecated) - added dba, tidy and xmlreader extensions - renamed libphp5.so -> mod_php5.so (need it for yast module) - added upstream patches: openssl.patch [php#35381] soap.patch [php#35399] pdo.patch [php#35431, php#35430] simplexml.patch [php#35028] curl.patch [php#35908] ze.patch [php#35393] - updated pear sources install-pear-nozlib.phar - package CLI instad CGI binaries [#137443] - reverted last changes (problem caused curl-devel package) ------------------------------------------------------------------- Thu Dec 15 11:19:59 CET 2005 - mmarek@suse.cz - provide php-pear in php5-pear - add /usr/share/php5/PEAR to include path ------------------------------------------------------------------- Tue Dec 6 23:54:12 CET 2005 - postadal@suse.cz - fixed [php#33987] bug (php script as ErrorDocument causes crash in Apache 2). ------------------------------------------------------------------- Mon Dec 5 14:54:25 CET 2005 - postadal@suse.cz - fixed unexpected header can be injected to mb_send_mail() [#135673] (mbstring.patch) - added safe_mode checks for image* functions and cURL [#135673] (CVE-2005-3391.patch) - fixed possible INI setting leak via virtual() in Apache 2 sapi [#135673] (CVE-2005-3392.patch) ------------------------------------------------------------------- Tue Nov 29 17:31:28 CET 2005 - mmarek@suse.cz - build with flex-old until upstream fixes build with flex-2.5.31 ------------------------------------------------------------------- Mon Nov 28 16:36:21 CET 2005 - postadal@suse.cz - fixed CVE-2005-3388.patch [#131578] ------------------------------------------------------------------- Fri Nov 25 15:55:34 CET 2005 - postadal@suse.cz - fixed segfaulting with mod_rewrite [#135480] (mod_rewrite-fix.patch) ------------------------------------------------------------------- Tue Nov 22 14:30:27 CET 2005 - uli@suse.de - define ARM FP(A) endianness correctly ------------------------------------------------------------------- Tue Nov 15 15:44:00 CET 2005 - mmarek@suse.cz - fixed infinite recursion in exif code [#132684] (CVE-2005-3353.patch) - fixed XSS in phpinfo() [#131578] (CVE-2005-3388.patch) - fixed register_globals actvation in parse_str() [#131579] (CVE-2005-3389.patch) - fixed possible $GLOBALS overwrite [#131580] (CVE-2005-3390.patch) - fixed handling basedirs that end with a / [#118976] (basedir-fix.patch) - fixed segfaulting when save_path is set and safe_mode is On [#130227] (save_path-segfault.patch) ------------------------------------------------------------------- Tue Oct 25 14:32:09 CEST 2005 - rhafer@suse.de - added LDAP_DEPRECATED to CFLAGS to build correctly with OpenLDAP 2.3 ------------------------------------------------------------------- Fri Oct 14 16:02:56 CEST 2005 - postadal@suse.cz - fixed recode extension [#120087] (recode-fix.patch) - enabled _GNU_SOURCE for compiling ------------------------------------------------------------------- Wed Oct 12 14:00:59 CEST 2005 - postadal@suse.cz - fixed implicit declaration (gcc4.patch) ------------------------------------------------------------------- Mon Oct 10 16:15:05 CEST 2005 - postadal@suse.cz - fixed uninitialized variables (gcc4.patch) ------------------------------------------------------------------- Thu Sep 1 15:58:30 CEST 2005 - postadal@suse.cz - added security patch pcre-overflow-bug-106209.patch for internal libpcre and statically linked against it [#114157] - added include_path = "/usr/share/php" to php.ini [#114406] ------------------------------------------------------------------- Thu Aug 25 14:15:14 CEST 2005 - postadal@suse.cz - linked with system pcre libs (pcre-fix.patch) [#112645] ------------------------------------------------------------------- Thu Aug 18 17:28:55 CEST 2005 - postadal@suse.cz - fixed XML RPC command injection (#94579, CAN-2005-192 and #104403, CAN-2005-2498) ------------------------------------------------------------------- Tue Aug 9 16:36:01 CEST 2005 - mls@suse.de - removed compat from neededforbuild ------------------------------------------------------------------- Tue Aug 2 14:20:37 CEST 2005 - tcrhak@suse.cz - dropped php4-dba and php4-readline due to license problems (bug #91489) - compile without -DPHP_AP_DEBUG (bug #95502) - fixed php-config to return a correct includes path (patch php5-php-config) - fixed a sigsegv in the soap extension (bug #99268, patch php5-soap) ------------------------------------------------------------------- Mon Apr 25 11:42:25 CEST 2005 - mcihar@suse.cz - added pspell subpackages ------------------------------------------------------------------- Tue Apr 19 12:30:40 CEST 2005 - mcihar@suse.de - update tarball to rereleased one which contains missing file ------------------------------------------------------------------- Sat Apr 9 10:54:19 CEST 2005 - aj@suse.de - Compile with GCC4. ------------------------------------------------------------------- Mon Apr 4 14:09:45 CEST 2005 - mcihar@suse.cz - update to 5.0.4 - drop patches merged upstream - add RunTests.php missing from upstream tarball ------------------------------------------------------------------- Thu Mar 17 17:45:39 CET 2005 - mcihar@suse.cz - fix path to configuration files ------------------------------------------------------------------- Mon Mar 14 16:14:42 CET 2005 - mcihar@suse.cz - do not build CLI with all GCI stuff - fix build when extensions are built as *.so instead of just * - use different php.ini for each SAPI, this is needed for giving CLI more space to live (bug #72311) ------------------------------------------------------------------- Wed Mar 9 16:39:33 CET 2005 - mcihar@suse.cz - provide compiled in modules ------------------------------------------------------------------- Mon Mar 7 13:20:02 CET 2005 - mcihar@suse.cz - fix path to php5 binary in pear5 script (bug #71044) ------------------------------------------------------------------- Thu Mar 3 18:01:29 CET 2005 - mcihar@suse.de - realy enable xml module ------------------------------------------------------------------- Tue Mar 1 11:38:31 CET 2005 - mcihar@suse.cz - provide only mod_php_any in apache module (bug #66729) ------------------------------------------------------------------- Mon Feb 21 15:02:04 CET 2005 - mcihar@suse.cz - fix some compile time warnings ------------------------------------------------------------------- Thu Feb 10 15:24:02 CET 2005 - mcihar@suse.cz - add zlib dependency to pear (bug #50697) ------------------------------------------------------------------- Wed Feb 9 15:52:45 CET 2005 - mcihar@suse.cz - use correct path to apache2_MMN - comment some patches - update README.SUSE - drop unused sce_install - each extension now provides also unversioned symbol, to allow not to depend on specific php version - drop MIME type change as both php modules don't work together anyway ------------------------------------------------------------------- Tue Feb 8 15:16:51 CET 2005 - mcihar@suse.cz - drop actually unused patches - fix build on ia64 (endians patch, stolen from cvs) (still doesn't build due to missing current MySQL) - fix build on lib64 machines ------------------------------------------------------------------- Mon Feb 7 17:48:22 CET 2005 - mcihar@suse.cz - initial packaging of php5 - suse addons are now in tarball instead of patch - reorganize patches - simplified build system ------------------------------------------------------------------- Wed Jan 26 17:24:48 CET 2005 - mcihar@suse.cz - update asp2php - drop lynx from buildrequires ------------------------------------------------------------------- Tue Jan 11 17:48:38 CET 2005 - mcihar@suse.cz - fix broken int unserializing on 64-bit (bug #49617) ------------------------------------------------------------------- Fri Dec 17 17:53:37 CET 2004 - poeml@suse.de - update to 4.3.10 - for apache module, pick up CFLAGS from apxs [#49356] - drop obsolete php-4.3.9RC3.diff - update lib64.diff - fix return type in php_sprintf() - don't apply php-4.3.8-snmp.diff - do not clean buildroot in buildsystem to facilitate debugging - fix PreRequires (sce_install_path) [#46664] ------------------------------------------------------------------- Thu Nov 18 15:40:36 CET 2004 - ro@suse.de - use kerberos-devel-packages ------------------------------------------------------------------- Thu Nov 4 16:07:12 CET 2004 - ro@suse.de - added rpm-devel,popt-devel,tcpd,tcpd-devel to neededforbuild (for snmp) ------------------------------------------------------------------- Tue Oct 05 13:09:59 CEST 2004 - pmladek@suse.cz - added /usr/lib/php/sce_install to prerequires of php4-swf; it is in the package php4-32bit on x86_64 [#46475] ------------------------------------------------------------------- Thu Sep 23 20:21:17 CEST 2004 - tcrhak@suse.cz - security fix for array parsing (bug #45710) and some other fixes from php-4.3.9RC3 (patch 4.3.9RC3) - removed the #%endif causing syntax error during /usr/lib/php/sce_install (bug #45589) - /var/lib/php is now owned by wwwrun (bug #45360) - reverted dlopen flag back to RTLD_GLOBAL (bugs #39197 and #41866), php4-recode now conflicts with php4-imap, php4-mysql and apache2-mod_auth_mysql, mod_php4-core does not require php4-recode any more - dropped php4-dba and php4-readline due to license poblems (bug #45654) ------------------------------------------------------------------- Fri Sep 17 16:02:17 CEST 2004 - tcrhak@suse.cz - added tomcat5 to the Requires of php4-servlet ------------------------------------------------------------------- Wed Sep 15 13:47:36 CEST 2004 - tcrhak@suse.cz - removed the build dependency on tomcat5 - added tomcat5 directories to filelist - enabled iconv for the other archs ------------------------------------------------------------------- Tue Sep 14 16:50:54 CEST 2004 - skh@suse.de - use new JPackage packages tomcat5 and servletapi5 to build ------------------------------------------------------------------- Fri Sep 10 15:58:26 CEST 2004 - tcrhak@suse.cz - do not source setJava ------------------------------------------------------------------- Fri Sep 03 15:16:42 CEST 2004 - tcrhak@suse.cz - update to 4.3.8 - added module dbx (bug #43972) - use system gd library, includes "GIF Create Support" (bug #44001) - disallow persistant connections by default (bug #34849) - use /var/lib/php for php sessions by default (bug #36886) - php modules need to prereq sce_install (bug #43994) ------------------------------------------------------------------- Thu Aug 19 16:52:42 CEST 2004 - aj@suse.de - Remove broken cat commands from post section: * no requires for them * no need to execute them ------------------------------------------------------------------- Mon Aug 16 14:18:01 CEST 2004 - ro@suse.de - fix build with updated libcurl: use current instead of deprecated type for curl_httppost ------------------------------------------------------------------- Tue Jun 8 15:39:32 CEST 2004 - ro@suse.de - removed mod_dav from neededforbuild - removed mod_php4 package (mod_php4-core is probably obsolete too) ------------------------------------------------------------------- Tue May 04 13:10:24 CEST 2004 - tcrhak@suse.cz - build with postfix instead of sendmail ------------------------------------------------------------------- Thu Apr 29 23:58:25 CEST 2004 - ro@suse.de - remove apache1 related parts ------------------------------------------------------------------- Fri Apr 23 13:54:49 CEST 2004 - tcrhak@suse.cz - added sendmail to neededforbuild, so that mail() is defined (bug #39153) - dlopen php modules with RTLD_LOCAL (fixes bug #39197) ------------------------------------------------------------------- Wed Mar 31 09:13:21 CEST 2004 - tcrhak@suse.cz - added php module recode (bug #36573) - fixed requires of mod_php4-apache2 (bug #37041) ------------------------------------------------------------------- Mon Mar 22 22:40:01 CET 2004 - ro@suse.de - build-fix for jakarta-tomcat from skh - removed apache-contrib from neededforbuild (dropped) ------------------------------------------------------------------- Tue Mar 16 12:03:36 CET 2004 - tcrhak@suse.cz - removed --enable-versioning (fixes bug #35716) - do not build servlet for ia64, ppc and ppc64 ------------------------------------------------------------------- Fri Mar 05 16:20:39 CET 2004 - tcrhak@suse.cz - modularized - updated to version 4.3.4 - added fastcgi - added PHP4 module sockets - added PHP4 module mime_magic (bug #34134) - php binary is now CLI, not CGI (bug #34152) ------------------------------------------------------------------- Wed Feb 18 14:57:33 CET 2004 - ro@suse.de - use jakarta-tomcat4 ------------------------------------------------------------------- Mon Feb 16 01:02:49 CET 2004 - ro@suse.de - use unixODBC instead of iodbc ------------------------------------------------------------------- Tue Feb 10 23:51:35 CET 2004 - poeml@suse.de - fix symbol exports for apache2 - add -fno-strict-aliasing to CFLAGS, due to code where dereferencing type-punned pointers would break strict aliasing - fix test load of apache2 module (the LoadModule statement went into the wrong place) ------------------------------------------------------------------- Sun Feb 8 20:43:46 CET 2004 - schwab@suse.de - Fix symbol exports. - Also look for BEAJava2 directory. - Fix quoting. ------------------------------------------------------------------- Thu Jan 22 01:33:57 CET 2004 - ro@suse.de - fix build with current automake ------------------------------------------------------------------- Fri Jan 16 12:57:14 CET 2004 - kukuk@suse.de - Add pam-devel to neededforbuild ------------------------------------------------------------------- Tue Jan 13 16:28:22 CET 2004 - ro@suse.de - remove subpackage aolserver - fix build with current freetype ------------------------------------------------------------------- Mon Nov 10 15:55:51 CET 2003 - ro@suse.de - use net-snmp instead of ucdsnmp ------------------------------------------------------------------- Thu Oct 30 09:04:02 CET 2003 - tcrhak@suse.cz - ad previous fix: create the directory ------------------------------------------------------------------- Wed Oct 29 17:12:34 CET 2003 - tcrhak@suse.cz - added %{_libdir}/php/bin to file list of mod_php4-core ------------------------------------------------------------------- Mon Sep 22 18:11:58 CEST 2003 - mls@suse.de - remove 'Obsoletes: mod_php' from mod_php4, otherwise rpmv4 makes mod_php4 conflict with apache2-mod_php4 ------------------------------------------------------------------- Tue Sep 16 15:22:13 CEST 2003 - tcrhak@suse.cz - update to version 4.3.3 ------------------------------------------------------------------- Mon Sep 01 19:52:02 CEST 2003 - tcrhak@suse.cz - expand rpm macros in /etc/httpd/modules/mod_php4 [bug #29664] ------------------------------------------------------------------- Thu Aug 21 19:48:24 CEST 2003 - tcrhak@suse.cz - update to version 4.3.2 - use BuildRoot - added activation metadata to sysconfig [bug #28827] ------------------------------------------------------------------- Mon Aug 18 14:16:11 CEST 2003 - poeml@suse.de - add README.{SuSE,UnitedLinux} [#25888] - don't explicitely strip binary objects, because RPM does it anyway, and it might keep the stripped debugging info somewhere. - don't try to install a file in /etc/apache2/modules/ (it's gone) ------------------------------------------------------------------- Mon Jun 30 12:14:50 CEST 2003 - ro@suse.de - always use libtool to compile objects - added directories to filelist ------------------------------------------------------------------- Thu Apr 10 12:58:19 CEST 2003 - tcrhak@suse.cz - use 'head -n 1' instead of 'head -1' - added mhash support ------------------------------------------------------------------- Wed Mar 26 19:28:31 CET 2003 - tcrhak@suse.cz - fixed path in script phpize - fixed ext/mysql/config.m4 ------------------------------------------------------------------- Thu Mar 13 16:46:58 CET 2003 - tcrhak@suse.cz - fixed order of Type and Define in sysconfig metadata - readded subpackage servlet (patch servlet) - reenabled support for swf - install swf fonts, use proper SWFFONTPATH (bug #18057, patch swf) ------------------------------------------------------------------- Tue Mar 4 16:42:57 CET 2003 - poeml@suse.de - the apache2 module requires the apache2-prefork MPM ------------------------------------------------------------------- Thu Feb 20 14:39:51 CET 2003 - tcrhak@suse.cz - security update to version 4.3.1 - fixes a CGI vulnerability - added sysconfig metadata [bug #22604] ------------------------------------------------------------------- Fri Feb 14 13:46:32 CET 2003 - tcrhak@suse.cz - added php3, php4 to DirectoryIndex [bug #22066] ------------------------------------------------------------------- Thu Feb 13 23:40:55 CET 2003 - ro@suse.de - really disable (empty) subpackage servlet ------------------------------------------------------------------- Wed Feb 12 15:03:09 CET 2003 - poeml@suse.de - rename subpackage mod_php4_2 to apache2-mod_php4 ------------------------------------------------------------------- Tue Feb 11 14:23:10 CET 2003 - poeml@suse.de - call the new /usr/share/apache2/get_module_list script to configure apache2, so the test can be passed ------------------------------------------------------------------- Wed Jan 15 16:28:35 CET 2003 - ro@suse.de - use sasl2 ------------------------------------------------------------------- Fri Jan 10 15:50:43 CET 2003 - poeml@suse.de - don't built -servlet for now, needs work - swf.h has vanished from ./dist/include/, and I can't find another one --> disabling swf support ------------------------------------------------------------------- Thu Jan 9 01:52:13 CET 2003 - poeml@suse.de - update to 4.3.0 - GD library is now bundled with the distribution and it is recommended to always use the bundled version - vpopmail and cybermut extensions are moved to PECL - several deprecated extensions (aspell, ccvs, cybercash, icap) and SAPIs (fastcgi, fhttpd) are removed - speed improvements in a variety of string functions - Apache2 filter is improved, but is still considered experimental (use with PHP in prefork and not worker (thread) model since many extensions based on external libraries are not thread safe) - various security fixes (imap, mysql, mcrypt, file upload, gd, etc) - new SAPI for embedding PHP in other applications (experimental) - much better test suite - significant improvements in dba, gd, pcntl, sybase, and xslt extensions - debug_backtrace() should help with debugging - error messages now contain URLs linking to pages describing the error or function in question - Zend Engine has some fixes and minor performance enhancements - and TONS of other fixes, updates, new functions, etc - build apache2 module - QtDOM support is now in qt3, and therefore we need to link against libqt-mt - merge the lib64 patch, hope it's complete - gd lib is now bundled, and preferred for building - adjust the Provides of the -core package ------------------------------------------------------------------- Thu Nov 21 18:35:27 CET 2002 - ro@suse.de - make it build with current automake ------------------------------------------------------------------- Wed Oct 16 18:54:17 CEST 2002 - tcrhak@suse.cz - added support for readline - added support for iconv and mbstrings [bugs #19861 and #19862] ------------------------------------------------------------------- Fri Sep 27 20:04:33 CEST 2002 - tcrhak@suse.cz - added type .php3 to apache mod_php4.conf ------------------------------------------------------------------- Wed Sep 18 01:50:00 CEST 2002 - ro@suse.de - removed bogus self-provides ------------------------------------------------------------------- Tue Sep 03 22:47:14 CEST 2002 - tcrhak@suse.cz - fixed to build on 64 bit archs ------------------------------------------------------------------- Fri Aug 23 17:25:57 CEST 2002 - tcrhak@suse.cz - fixed to build on non-i386 archs - added dynamic extensions to the file list of subpackage core ------------------------------------------------------------------- Tue Aug 20 11:07:14 CEST 2002 - tcrhak@suse.cz - added PreReq ------------------------------------------------------------------- Tue Aug 13 21:44:12 CEST 2002 - kukuk@suse.de - Remove unused qt2 from neededforbuild ------------------------------------------------------------------- Wed Aug 7 17:26:24 CEST 2002 - uli@suse.de - fixed to build on lib64 archs (still broken on nearly all archs due to other problems) ------------------------------------------------------------------- Mon Aug 5 11:54:12 CEST 2002 - ro@suse.de - use "-follow" when searching for jni.h ------------------------------------------------------------------- Sun Jul 28 08:49:53 CEST 2002 - kukuk@suse.de - remove unused gdb from neededforbuild ------------------------------------------------------------------- Sat Jul 27 13:52:07 CEST 2002 - adrian@suse.de - fix neededforbuild ------------------------------------------------------------------- Fri Jul 26 11:42:15 CEST 2002 - kukuk@suse.de - Add imap-lib to neededforbuild ------------------------------------------------------------------- Tue Jul 23 15:53:20 CEST 2002 - tcrhak@suse.cz - update to version 4.2.2 - update of asp2php to version 0.76.12 - detect the module magic number if provided by apache, indicating API changes, and add an RPM Require on it - add compiled extensions (currently gd.so, as it is build shared by a previous change by bk@suse.de) to php.ini and filelist ------------------------------------------------------------------- Fri Jul 5 10:43:32 CEST 2002 - kukuk@suse.de - Use %ix86 macro ------------------------------------------------------------------- Tue May 28 02:09:57 CEST 2002 - ro@suse.de - replaced /opt/jakarta with /opt/jakarta/tomcat ------------------------------------------------------------------- Mon May 27 18:19:38 CEST 2002 - ro@suse.de - first try for lib64 ------------------------------------------------------------------- Mon May 27 16:25:28 CEST 2002 - bk@suse.de - use shared libgd on all archs ------------------------------------------------------------------- Sat Mar 23 09:59:10 CET 2002 - ro@suse.de - removed unixODBC stuff, was never used (iodbc is used) ------------------------------------------------------------------- Fri Mar 15 11:51:11 CET 2002 - tcrhak@suse.cz - added %{_datadir}/lib/php and extension dir to devel filelist ------------------------------------------------------------------- Mon Mar 4 12:28:32 CET 2002 - okir@suse.de - security fix ------------------------------------------------------------------- Fri Feb 22 14:27:51 CET 2002 - tcrhak@suse.cz - Killed %{release} from "Requires" tags. ------------------------------------------------------------------- Fri Feb 1 00:26:05 CET 2002 - ro@suse.de - changed neededforbuild <libpng> to <libpng-devel-packages> ------------------------------------------------------------------- Mon Jan 28 12:40:33 CET 2002 - ro@suse.de - added des to neededforbuild ------------------------------------------------------------------- Mon Jan 28 01:35:33 CET 2002 - ro@suse.de - added heimdal stuff to build ------------------------------------------------------------------- Wed Jan 23 01:59:36 CET 2002 - ro@suse.de - try to build with db-devel in neededforbuild ------------------------------------------------------------------- Thu Jan 17 01:07:13 CET 2002 - ro@suse.de - adapted for /etc/sysconfig/apache ------------------------------------------------------------------- Thu Dec 20 14:16:12 CET 2001 - tcrhak@suse.cz - update to 4.1.0 - no mm support for aol and servlet (mm is not ZTS in 4.1 yet) - patched acinclude.m4 to find the very dir for mysql libraries - added `php-config --extension-dir` to core files ------------------------------------------------------------------- Thu Dec 10 17:56:38 CEST 2001 - tcrhak@suse.cz - fixed extension section ------------------------------------------------------------------- Thu Dec 6 17:05:27 CEST 2001 - tcrhak@suse.cz - added section [extension section] to php.ini - fixed options given to configure ------------------------------------------------------------------- Tue Dec 4 16:34:25 CEST 2001 - tcrhak@suse.cz - fixed configure.in and config.m4's for autoconf 2.52 - added libtoolize, autoconf, autoheader - used setJava to find JAVA_HOME - TTF - bug 9523 - gd - bug 12226 - changed the order in which subpackages (for Servers) are built, - so that the devel package corresponds to core - (=> experimental-zts disabled) - moved phpize to the devel package (fixed for autoconf 2.52) - added files needed by phpize to the devel package ------------------------------------------------------------------- Mon Dec 3 14:57:15 CET 2001 - ro@suse.de - changed servlet dir for configure with jakarta ------------------------------------------------------------------- Mon Dec 3 09:31:42 CET 2001 - ro@suse.de - fixed neededforbuild <jakarta> to <jakarta-tomcat> ------------------------------------------------------------------- Tue Nov 20 16:47:27 CET 2001 - rolf@suse.de - changes to make IA64 work - exclude subpackages AOL and Servlet from AXP ------------------------------------------------------------------- Mon Nov 19 00:51:02 CET 2001 - ro@suse.de - fix to find java ------------------------------------------------------------------- Wed Nov 14 17:41:40 CET 2001 - rolf@suse.de - new subpackage -devel with include files ------------------------------------------------------------------- Mon Nov 12 17:22:02 CET 2001 - ro@suse.de - hack for libxml2 include location ------------------------------------------------------------------- Fri Oct 26 01:36:56 CEST 2001 - ro@suse.de - use qt2 for qtdom (but aparently that is not built anyway) ------------------------------------------------------------------- Thu Oct 25 01:06:13 CEST 2001 - ro@suse.de - try neededforbuild alias apache-devel-packages ------------------------------------------------------------------- Tue Sep 11 00:01:57 CEST 2001 - ro@suse.de - remove roxen subpackage roxen is not in the distribution currently ------------------------------------------------------------------- Wed Aug 22 13:11:37 CEST 2001 - ro@suse.de - removed pdflib from neededforbuild (license problems) ------------------------------------------------------------------- Tue Aug 14 09:26:15 CEST 2001 - ro@suse.de - pear: changed header to look for php in "bindir" not "prefix/bin" to fix requires ------------------------------------------------------------------- Mon Aug 13 16:34:01 CEST 2001 - kukuk@suse.de - Don't conflict with packages we are providing ------------------------------------------------------------------- Thu Aug 9 15:34:21 CEST 2001 - kukuk@suse.de - Fix search for installed java directory ------------------------------------------------------------------- Tue Jul 24 12:13:56 CEST 2001 - rolf@suse.de - new subpackage mod_php4-aolserver for use of PHP4 with AOL server - disable-debug so Zend optimizer can work ------------------------------------------------------------------- Thu Jul 5 14:24:21 CEST 2001 - rolf@suse.de - update to php 4.0.6 - apply memlimit patch - new subpackage mod_php4-servlet for use of PHP4 as JAVA servlet with tomcat - new options: --with-gmp, --with-dom, mbstring ------------------------------------------------------------------- Mon Jun 25 15:44:59 CEST 2001 - rolf@suse.de - fixed bug with pdflib which also fixes [BUG#8246] ------------------------------------------------------------------- Tue Jun 19 12:21:12 CEST 2001 - rolf@suse.de - new version 4.0.5 - disable pgsql for roxen, as it is broken - mysql bug fixed in this release [BUG#6839] - move stuff to /usr/share/php [BUG#8352] - now Provides: mod_php as well [BUG#8911] ------------------------------------------------------------------- Sat May 12 18:29:28 CEST 2001 - schwab@suse.de - Use new readline interface. ------------------------------------------------------------------- Tue May 8 17:11:44 CEST 2001 - mfabian@suse.de - bzip2 sources ------------------------------------------------------------------- Tue May 1 17:29:20 CEST 2001 - kukuk@suse.de - disable adabas support ------------------------------------------------------------------- Thu Apr 26 02:26:23 CEST 2001 - ro@suse.de - neededforbuild: curl_ssl-devel -> curl-devel ------------------------------------------------------------------- Sun Apr 8 21:09:52 CEST 2001 - poeml@suse.de - fix Requires (rearrange tags to define them before using them) - fix spec file typo ------------------------------------------------------------------- Tue Mar 27 12:04:43 MEST 2001 - rolf@suse.de - spin off subpackage mod_php4-core which is required by apache and roxen modules now - moved config file to /etc/php.ini for all php4 modules - sybase support conflicts with Adabas D support - Ingres support is for Ingres II only - added t1lib support [BUG#6212] - updated asp2php 0.75.13 - make us of suse_loadmodule for testing - added /usr/bin/php to core package [BUG#6648] ------------------------------------------------------------------- Wed Mar 21 23:27:14 CET 2001 - ro@suse.de - changed neededforbuild to freetype2 ------------------------------------------------------------------- Thu Mar 15 14:16:49 CET 2001 - ro@suse.de - build with openldap2 ------------------------------------------------------------------- Thu Mar 15 01:08:35 CET 2001 - ro@suse.de - fixed neededforbuild for openldap ------------------------------------------------------------------- Mon Mar 5 23:58:57 CET 2001 - ro@suse.de - use -fPIC ------------------------------------------------------------------- Fri Feb 23 16:24:24 CET 2001 - ro@suse.de - changed neededforbuild <apache> to <apache apache-devel> ------------------------------------------------------------------- Fri Feb 23 00:10:25 CET 2001 - ro@suse.de - added readline/readline-devel to neededforbuild (split from bash) ------------------------------------------------------------------- Thu Feb 15 18:06:52 MET 2001 - rolf@suse.de - new features imap-ssl, bz2, qtdom, ctype, debug, force-cgi-redirect, discard_path, sigchild, gd-imgstrttf - added apache-mod_php4.rc.config - added /etc/httpd/modules/mod_php4 ------------------------------------------------------------------- Wed Jan 17 19:28:46 MET 2001 - rolf@suse.de - add libpdf support ------------------------------------------------------------------- Tue Jan 16 13:06:31 MET 2001 - rolf@suse.de - update to 4.0.4pl1 due to security issue [BUG#5760] - remove number4.tar.gz, no longer needed ------------------------------------------------------------------- Fri Jan 12 11:36:19 MET 2001 - rolf@suse.de - need expat to compile [BUG#5104] - subpackage for roxen module ------------------------------------------------------------------- Fri Jan 12 09:39:57 CET 2001 - cihlar@suse.cz - fixed to compile with roxe/pike [#4408] ------------------------------------------------------------------- Tue Dec 19 16:32:27 MET 2000 - rolf@suse.de - link with libssl ------------------------------------------------------------------- Tue Dec 19 15:07:57 MET 2000 - rolf@suse.de - added the asp2php package [BUG#4456] - roxen/pike still doesn´t work - require RPM group tag via apxs ------------------------------------------------------------------- Wed Nov 29 18:53:35 CET 2000 - ro@suse.de - changed neededforbuild <pg_lib> to <postgresql-lib> ------------------------------------------------------------------- Mon Nov 27 17:41:02 MET 2000 - rolf@suse.de - added Sablotron support [BUG#3891] - added curl support [BUG#3890] - added Flash support on i386 [BUG#3209] - also pack module files in /usr/lib/php/ - moved the exec dir to /usr/lib/php/bin - include pear binaries - added the following modules: sockets, shmop, exif, filepro, dbase readline, mcrypt, gettext ------------------------------------------------------------------- Wed Nov 15 18:29:49 CET 2000 - ro@suse.de - fixed neededforbuild gdlib -> gd gd-devel ------------------------------------------------------------------- Thu Nov 9 00:27:01 CET 2000 - ro@suse.de - prefer ndbm.h to db1/ndbm.h ------------------------------------------------------------------- Mon Nov 6 10:11:58 CET 2000 - ro@suse.de - added imap-devel to neededforbuild ------------------------------------------------------------------- Mon Nov 6 01:17:41 CET 2000 - ro@suse.de - fixed neededforbuild ------------------------------------------------------------------- Mon Oct 16 17:58:45 GMT 2000 - bk@suse.de - s390: --with-gd=yes -> --with-gd=shared(broken somehow with =yes) ------------------------------------------------------------------- Mon Oct 16 16:56:41 MEST 2000 - rolf@suse.de - update tp 4.0.3pl1 due to some security breaches - needed to drop db3 and dbm support, as these are incompatible - enable FTP support [BUG#3862] ------------------------------------------------------------------- Wed Sep 13 15:47:02 CEST 2000 - fober@suse.de - s390: suse_update_config, needs-not-forbuild adabas ------------------------------------------------------------------- Fri Jul 7 11:51:33 CEST 2000 - kukuk@suse.de - Fix Requires and need for build ------------------------------------------------------------------- Fri Jun 23 13:11:09 CEST 2000 - rolf@suse.de - added support for mcal and calendar functions [BUG#2925] ------------------------------------------------------------------- Mon Jun 19 00:01:12 CEST 2000 - ro@suse.de - fixed to compile with new postgres ------------------------------------------------------------------- Mon May 22 13:50:13 CEST 2000 - rolf@suse.de - update to 4.0.0 - --with-java is now broken ------------------------------------------------------------------- Fri May 12 13:49:15 CEST 2000 - rolf@suse.de - update to 4.0RC2 - a few more options are now functional ------------------------------------------------------------------- Thu Apr 13 11:12:26 CEST 2000 - ro@suse.de - added mm to neededforbuild ------------------------------------------------------------------- Thu Mar 30 14:43:10 MEST 2000 - rolf@suse.de - new version 4.0RC1 - many options now work properly ------------------------------------------------------------------- Wed Mar 1 18:14:36 MET 2000 - rolf@suse.de - zlib works again ------------------------------------------------------------------- Tue Feb 22 15:05:20 MET 2000 - rolf@suse.de - new version 4b4pl1 - now with --enable-thread-safety --with-gd=yes --with-ttf - imap support is now broken ------------------------------------------------------------------- Thu Dec 23 13:18:18 MET 1999 - rolf@suse.de - dynamic JDK path detection - some fixes in DAV, still doesn´t work - now also runs with IMAP ------------------------------------------------------------------- Thu Nov 25 12:18:31 MET 1999 - rolf@suse.de - initial package version 4.0b3
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
