SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for php-debuginfo-4.3.2-40.ent.x86_64.rpm :
Thu Apr 5 00:00:00 2007 Joe Orton 4.3.2-40.ent
- add security fixes for CVE-2007-1285, CVE-2007-1286,
CVE-2007-1583, CVE-2007-1711, CVE-2007-1718 (#230556)
- add security fixes for CVE-2007-0455, CVE-2007-1001 (#235028)

Fri Feb 16 23:00:00 2007 Joe Orton 4.3.2-39.ent
- add security fix for CVE-2007-0988

Wed Feb 14 23:00:00 2007 Joe Orton 4.3.2-38.ent
- add security fixes for CVE-2007-0906, CVE-2007-0907,
CVE-2007-0908, CVE-2007-0909, CVE-2007-0910

Thu Nov 2 23:00:00 2006 Joe Orton 4.3.2-37.ent
- add security fix for CVE-2006-5465 from upstream

Sat Sep 16 00:00:00 2006 Joe Orton 4.3.2-36.ent
- rebuild

Sat Sep 16 00:00:00 2006 Joe Orton 4.3.2-35.ent
- add security fix from upstream: CVE-2006-4484
- add metaphone() fix (#205714)

Sat Sep 9 00:00:00 2006 Joe Orton 4.3.2-34.ent
- add security fixes from upstream:
CVE-2006-3016, CVE-2006-4020, CVE-2006-4482, CVE-2006-4486

Tue Jun 27 00:00:00 2006 Joe Orton 4.3.2-33.ent
- fix zend_hash_del regression from CVE-2006-2657

Fri Jun 23 00:00:00 2006 Joe Orton 4.3.2-32.ent
- add security fixes from upstream (CVE-2006-1494, CVE-2006-1990,
CVE-2006-2657)

Thu Apr 13 00:00:00 2006 Joe Orton 4.3.2-30.ent
- imap: add fix for overflow in imap_fetch_overview() (#174999)

Wed Apr 12 00:00:00 2006 Joe Orton 4.3.2-29.ent
- add security fix for new phpinfo() XSS (CVE-2006-0996, #187510)

Tue Apr 4 00:00:00 2006 Joe Orton 4.3.2-28.ent
- add security fixes from upstream:

* XSS issues in \"html_errors\" mode (CVE-2006-0208, #178028)

* mbstring header validation (CVE-2005-3883, #174463)

* binary safeness in html_decode (CVE-2006-1490, #187230)
- rebuild to pick up uw-imap client security fix (CVE-2005-2933, #174528)
- add PEAR DB autoExecute fix (Christian Rose, #163490)
- revert parse_str fix (#173142)

Fri Nov 25 23:00:00 2005 Joe Orton 4.3.2-27.ent
- fix parse_str regresssion (#173142)

Mon Nov 7 23:00:00 2005 Joe Orton 4.3.2-26.ent
- add security fixes from upstream:

* XSS issues in phpinfo() (CVE-2005-3388, #172212)

* GLOBALS handling (CVE-2005-3390, #172207)

* parse_str() enabling register_globals (CVE-2005-3389, #172209)

* exif: infinite recursion on corrupt JPEG (CVE-2005-3353, #172589)

Thu Aug 18 00:00:00 2005 Joe Orton 4.3.2-25.ent
- add security fix for pear XML_RPC (Stefan Esser, CAN-2005-2498, #165846)

Thu Jun 30 00:00:00 2005 Joe Orton 4.3.2-24.ent
- add security fixes:

* shtool temp file handling (CAN-2005-1751, #159000)

* XML_RPC command injection (Stefan Esser, CAN-2005-1921, #162045)

Fri Apr 15 00:00:00 2005 Joe Orton 4.3.2-23.ent
- add security fixes from upstream:

* getimagesize() seek loops (CAN-2005-0524, #153140)

* exif issues (CAN-2005-1042, CAN-2005-1043, #154021, #154025)
- add fixes for unserialize() integer handling on 64-bit platforms

Thu Mar 3 23:00:00 2005 Joe Orton 4.3.2-22.ent
- switch Oracle support to use Instant Client SDK (Kai Bolay, #149873)

Wed Mar 2 23:00:00 2005 Joe Orton 4.3.2-21.ent
- gd extension: imagecopymerge() fix (from upstream via Samuel Stringham, #149946)
- curl extension: safe mode fixes (from upstream, #147808)
- provide php-gd and php-mbstring for forward-compat with RHEL4+

Tue Jan 18 23:00:00 2005 Joe Orton 4.3.2-20.ent
- fix performance regressions in unserializer from upstream (#145436)

Tue Dec 7 23:00:00 2004 Joe Orton 4.3.2-19.ent
- add security fixes from upstream (#141132, #142056):

* various unserializer fixes; updated to 4.3.10 code (CAN-2004-1019)

* add fix for exif buffer overflow (CAN-2004-1065)
- shmop_write bounds checking and pack/unpack integer overflows
(assigned CAN-2004-1018; only impact for malicious scripts)
- fix trailing NUL from printf in some cases (#138250)
- BuildRequire libtool (#137720)

Thu Oct 21 00:00:00 2004 Joe Orton 4.3.2-18.ent
- fix segfault introduced in fix for #134971

Tue Oct 12 00:00:00 2004 Joe Orton 4.3.2-17.ent
- add security fixes for multipart form parser (#134975)
- add security fix for array variable parsing (#134971)

Sat Oct 2 00:00:00 2004 Joe Orton 4.3.2-16.ent
- enable pcntl extension in CGI (#131412)

Thu Sep 9 00:00:00 2004 Joe Orton 4.3.2-15.ent
- fix phpize for libdir=/usr/lib64 platforms (#131562)
- add workarounds for select/FD_SETSIZE issues (#132003)

Tue Jul 13 00:00:00 2004 Joe Orton 4.3.2-14.ent
- have -devel require php of same release
- fix rebuild issues without bison and flex installed (#127701)
- add lsqrt, _gd{Put,Get}Colors, ZeroDataBlock to gdnspace.h
- merge from upstream:

* add security fixes for CVE CAN-2004-0594, CAN-2004-0595 (#127642)

* add bug fixes for safe mode, fix for dba db4 \'c\' mode

* export st_dev from 2.0 SAPI (upstream #28818)

Mon May 31 00:00:00 2004 Joe Orton 4.3.2-13.ent
- create gdnspace.h header on the fly
- add workaround for SSL errors at stream EOF (#124582)

Sat May 29 00:00:00 2004 Joe Orton 4.3.2-12.ent
- avoid symbol clashes between system and bundled libgd (#124530)
- fix potential issues at httpd restart in pcre

Wed Apr 7 00:00:00 2004 Joe Orton 4.3.2-11.ent
- fix ldap_start_tls detection (#119425)
- use system pcre library (part of #115379)
- rebuild to pick up fix for c-client symbol clash (#118137)
- merge 2.0 filter SAPI fixes from 4.3.6

Fri Jan 30 23:00:00 2004 Joe Orton 4.3.2-10.ent
- add trigger to handle php.ini upgrades smoothly (#112470)
- add fix for config setting leaking from upstream (#110861)
- drop gdbm support due to licence incompatibility
- add fix for oci8 from upstream (#114624)

Sat Sep 13 00:00:00 2003 Joe Orton 4.3.2-9.ent
- fix possible rebuild issues (#104061)

Sat Aug 23 00:00:00 2003 Joe Orton 4.3.2-8.ent
- enable fixed pspell, semop tests.
- from upstream: safe mode and apache2filter fixes from 4.3.3
- forward-port #82967 workaround from 8.0/9 errata
- allow upgrade from Stronghold 4.0
- don\'t link against -lttf on x86_64 or ppc64

Wed Jul 9 00:00:00 2003 Joe Orton 4.3.2-7.ent
- enable mbstring, mbregex extensions
- use system pcre library

Thu Jun 5 00:00:00 2003 Joe Orton 4.3.2-6.ent
- workaround for test suite hang on ppc
- fix pspell tests

Thu Jun 5 00:00:00 2003 Joe Orton 4.3.2-5.ent
- fix iconv extension for LP64 platforms

Mon Jun 2 00:00:00 2003 Joe Orton 4.3.2-4.ent
- enable gmp support on s390x

Sun Jun 1 00:00:00 2003 Joe Orton 4.3.2-3.ent
- add lib64 fix for ppc

Sat May 31 00:00:00 2003 Joe Orton 4.3.2-2.ent
- rebuild for RHEL; remove -snmp, -manual, -devel subpackages
- drop aspell-devel requirement
- fix domxml for LP64 platforms

Sat May 31 00:00:00 2003 Joe Orton 4.3.2-2
- update the -tests and -lib64 patches
- fixes for db4 detection
- require aspell-devel >= 0.50.0 for pspell compatibility

Fri May 30 00:00:00 2003 Joe Orton 4.3.2-1
- update to 4.3.2

Sat May 17 00:00:00 2003 Joe Orton 4.3.1-3
- link odbc module correctly
- patch so that php -n doesn\'t scan inidir
- run tests using php -n, avoid loading system modules

Thu May 15 00:00:00 2003 Joe Orton 4.3.1-2
- workaround broken parser produced by bison-1.875

Wed May 7 00:00:00 2003 Joe Orton 4.3.1-1
- update to 4.3.1; run test suite
- open extension modules with RTLD_NOW rather than _LAZY

Wed May 7 00:00:00 2003 Joe Orton 4.2.2-19
- patch for gd 2.x API changes in gd extension

Fri May 2 00:00:00 2003 Joe Orton 4.2.2-18
- rebuild to use aspell (#89925)
- patch to work round conditional AC_PROG_CXX break in autoconf 2.57
- fix dba build against db >= 4.1

Mon Feb 24 23:00:00 2003 Joe Orton 4.2.2-17
- restrict SNMP patch to minimal changes, fixing segv on startup (#84607)

Wed Feb 12 23:00:00 2003 Joe Orton 4.2.2-16
- prevent startup if using httpd.worker to avoid thread-safety issues.
- fix parsing private keys in OpenSSL extension (#83994)
- fixes for SNMP extension (backport from 4.3) (#74761)

Wed Jan 29 23:00:00 2003 Joe Orton 4.2.2-15
- add security fixes for wordwrap() and mail()

Mon Jan 13 23:00:00 2003 Joe Orton 4.2.2-14
- drop explicit Requires in subpackages, rely on automatic deps.
- further fixes for libdir=lib64

Tue Dec 17 23:00:00 2002 Joe Orton 4.2.2-13
- drop prereq for perl, grep in subpackages
- rebuild and patch for OpenSSL 0.9.7

Tue Dec 10 23:00:00 2002 Joe Orton 4.2.2-12
- backport \"ini dir scanning\" patch from CVS HEAD; /etc/php.d/
*.ini
are now loaded at startup; each subpackage places an ini file
in that directory rather than munging /etc/php.ini in post/postun.
- default config changes: enable short_open_tag; remove settings for
php-dbg extension

Wed Dec 4 23:00:00 2002 Joe Orton 4.2.2-11
- own the /usr/lib/php4 directory (#73894)
- reinstate dropped patch to unconditionally disable ZTS

Mon Dec 2 23:00:00 2002 Joe Orton 4.2.2-10
- remove ldconfig invocation in post/postun
- fixes for #73516 (partially), #78586, #75029, #75712, #75878

Wed Nov 6 23:00:00 2002 Joe Orton 4.2.2-9
- fixes for libdir=/usr/lib64, based on SuSE\'s patches.
- add build prereqs for zlib-devel, imap-devel, curl-devel (#74819)
- remove unpackaged files from install root
- libtoolize; use configure cache to speed up build

Tue Sep 24 00:00:00 2002 Philip Copeland 4.2.2-8.0.6
- PHP cannot determine which UID is being used, so safe
mode restrictions were always applied. Fixed. (#74396)

Wed Sep 4 00:00:00 2002 Philip Copeland 4.2.2-8.0.4
- zts support seems to crash out httpd on a
*second
* sighup
ie service httpd start;
apachectl restart ; (ok)
apachectl restart ; (httpd segv\'s and collapses)
removed --enable-experimental-zts which this seems related to.
- Small patch added because some places need to know that they
aren\'t using the ZTS API\'s (dumb)

Tue Sep 3 00:00:00 2002 Philip Copeland 4.2.2-8.0.3
- fixup /etc/httpd/conf.d/php.conf to limit largest amount
of data accepted (#73254) Limited to 512K (which seems a
little excessive but anyway,..)
Note: php.conf is part of the srpm sources not part of the
php codebase.
- ditched extrenious --enable-debugger (was for php-dbg)
- When upgrading we tend not to modify /etc/php.ini if it exists,
instead we create php.ini.rpmnew. Modified the post scripts to
edit php.ini.rpmnew if it exists, so that people can copy
over the php.ini.rpmnew as php.ini knowing that it will
be an edited version, consistant with what modules they
installed #72033

Mon Sep 2 00:00:00 2002 Joe Orton 4.2.2-8.0.2
- require httpd-mmn for module ABI compatibility

Sat Aug 31 00:00:00 2002 Philip Copeland 4.2.2-8.0.1
- URLS would drop the last arguments #72752
--enable-mbstring
--enable-mbstr-enc-trans
These were supposed to help provide multibyte language
support, however, they cause problems. Removed. Maybe in
a later errata when they work.
- added small patch to php_variables.c that allows
$_GET[] to initialise properly when
--enable-mbstr-enc-trans is disabled.
- Be consistant with errata naming (8.0.x)

Wed Aug 28 00:00:00 2002 Nalin Dahyabhai 4.2.2-11
- rebuild

Fri Aug 23 00:00:00 2002 Philip Copeland 4.2.2-10
- Beat down the requirement list to something a little
more sane

Thu Aug 15 00:00:00 2002 Bill Nottingham 4.2.2-9
- trim manual language lists

Tue Aug 13 00:00:00 2002 Gary Benson 4.2.2-8
- rebuild against httpd-2.0.40

Sun Aug 11 00:00:00 2002 Elliot Lee 4.2.2-7
- rebuilt with gcc-3.2 (we hope)

Thu Aug 8 00:00:00 2002 Philip Copeland 4.2.2-6
- Where multiple cookies are set, only the last one
was actually made. Fixes #67853

Tue Aug 6 00:00:00 2002 Philip Copeland 4.2.2-5
- Shuffled the php/php-devel package file manifest
with respect to PEAR (PHP Extension and Application
Repository) #70673

Sat Aug 3 00:00:00 2002 Philip Copeland 4.2.2-4
- #67815, search path doesn\'t include the pear directory
- pear not being installed correctly. Added --with-pear=
option.

Wed Jul 24 00:00:00 2002 Tim Powers 4.2.2-2
- build using gcc-3.2-0.1

Tue Jul 23 00:00:00 2002 Philip Copeland 4.2.2-1
- Yippie 8/ another security vunerability (see
http://www.php.net/release_4_2_2.php for details)

Thu Jul 18 00:00:00 2002 Philip Copeland 4.2.1-9
- Reminder to self that mm was pushed out because it\'s
NOT thread safe.
- Updated the manuals (much to Bills horror)

Wed Jul 17 00:00:00 2002 Philip Copeland 4.2.1-8
- php.ini alteration to fit in with the install/uninstall
of various php rpm based installable modules

Tue Jul 16 00:00:00 2002 Philip Copeland 4.2.1-8
- php -v showing signs of deep unhappiness with the world
added --enable-experimental-zts to configure to make it
happy again (yes I know experimental sounds \'dangerous\'
it\'s just a name for an option we need)

Sat Jul 13 00:00:00 2002 Philip Copeland 4.2.1-7
- #68715, Wrong name for Mysql Module in php.ini. Fixed.

Sat Jun 29 00:00:00 2002 Philip Copeland 4.2.1-6
- SNMP fixup

Fri Jun 28 00:00:00 2002 Philip Copeland 4.2.1-5
- Ah,.. seems httpd2 has been renamed to just plain
ol\' httpd. Fixed spec file to suit.
- ucd-snmp changed to net-snmp overnight...
temporarily disabled snmp while I work out the
impact of this change and if it is safe

Thu Jun 27 00:00:00 2002 Philip Copeland 4.2.1-4
- openldap 2.1.x problem solved by Nalin. Sure the ldap
API didn\'t change,... . Added TSRMLS_FETCH()
to ldap_rebind_proc().
- Removed the php-dbg package as thats going to be provided
elsewhere

Sat Jun 22 00:00:00 2002 Tim Powers 4.2.1-3
- automated rebuild

Tue Jun 11 00:00:00 2002 Philip Copeland 4.2.1-2
- Actually mm is now a dead project. Removed permently.

Wed May 29 00:00:00 2002 Gary Benson 4.2.1-2
- change paths for httpd-2.0
- add the config file
- disable mm temporarily

Mon May 27 00:00:00 2002 Tim Powers 4.2.1-1
- automated rebuild

Thu May 23 00:00:00 2002 Philip Copeland 4.2.1-0
- Initial pristine build of php-4.2.1
- Minor patch to get around a 64 bitism
- Added in the dgb debugging hooks


  
ICM