SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for php5-pgsql-5.2.14-0.6.1.i586.rpm :
Fri Jun 17 14:00:00 2011 wrAATTrosenauer.org
- security fixes

* CVE-2011-1470, CVE-2011-1471 [bnc#681214]

* CVE-2011-1092 [bnc#677782]

* CVE-2011-1464 [bnc#681194]

* CVE-2011-0421 [bnc#681291]

* CVE-2011-1469 [bnc#681210]

* CVE-2010-3709 [bnc#660102]

* CVE-2011-1148 [bnc#679278]

* CVE-2011-1938 [bnc#695689]

Sun Apr 3 14:00:00 2011 wrAATTrosenauer.org
- security fixes

* CVE-2010-3709 [bnc#660102]

* CVE-2010-4150 [bnc#655968]

* fopen_https_proxy_auth_fix.patch [bnc#656523]

* CVE-2010-4645 [bnc#662932]

* CVE-2010-4697

* CVE-2010-4698

* CVE-2010-4699

* CVE-2011-0752 [bnc#669162]

* CVE-2011-0753 [bnc#669188]

* CVE-2011-0755 [bnc#669189]

* CVE-2011-0708 [bnc#671710]

Thu Nov 4 13:00:00 2010 pgajdosAATTsuse.cz
- security fix in utf8_decode() [bnc#650700]

* CVE-2010-3870.patch

Tue Oct 26 14:00:00 2010 pgajdosAATTsuse.cz
- fix \"Segfault in filter_var with FILTER_VALIDATE_EMAIL with
large amount of data\" [bnc#649210]

* CVE-2010-3710.patch

Wed Sep 29 14:00:00 2010 crrodriguezAATTsuse.de
- L3: Regression with xmlparse in PHP5 [bnc#642291]
- Refresh patches with fuzz 0

Thu Aug 5 14:00:00 2010 crrodriguezAATTsuse.de
- upgrade to latest php 5.2.x minor stable release [bnc#585480]

* VUL-0: php5 new unserialize() flaw CVE-2010-2225 [bnc#616232]

* VUL-0: php5: MOPS-2010-021: fnmatch() Stack Exhaustion Vulnerability [bnc#605097]

* VUL-0: php5: MOPS-2010-017: preg_quote() Interruption Information Leak [bnc#605100]

* VUL-0: php5: MOPS-2010-022 use after free [bnc#609763]

* VUL-0: php5-phar: MOPS-2010-0{24,25,26,27,28} format string bugs [bnc#609766]

* VUL-0: php5: MOPS-2010-0{32,33,34} use space interruption in iconv functions [bnc#609768]

* VUL-0: php5: MOPS-2010-0{36,37,38,39,40} userspace interruptions [bnc#609769]

* VUL-0: php5: MOPS-2010-0{36..46} userspace interruptions [bnc#609769]

* VUL-0: php5: MOPS-2010-047/048 information leak [bnc#612555]

* VUL-0: php5: MOPS-2010-049/50/51/52/53/54/55 memory corruption and/or info leak [bnc#612556]

* VUL-0: PHP5: Session Data Injection Vulnerability [bnc#619483]

* VUL-0: PHP5: multiple heap based buffer overflows [bnc#619486]

* bugzilla numbers 619487,619489,619469,609766..

Wed May 5 14:00:00 2010 msebenAATTnovell.com
- update to 5.2.13 [bnc#585480]
- Updated timezone database to version 2010.2.
- Upgraded bundled PCRE to version 7.9
- Removed automatic file descriptor unlocking happening on shutdown and/or
stream close (on all OSes excluding Windows).
- Changed tidyNode class to disallow manual node creation.
- Added missing host validation for HTTP urls inside FILTER_VALIDATE_URL.
- Improved LCG entropy.
- Fixed safe_mode validation inside tempnam() when the directory path does
not end with a /).
- Fixed a possible open_basedir/safe_mode bypass in session extension
identified by Grzegorz Stachowiak.
- Fixed bug in bundled libgd causing spurious horizontal lines drawn by
gdImageFilledPolygon.
- Fixed build of mysqli with MySQL 5.5.0-m2.
- Fixed bug php#50940 Custom content-length set incorrectly in Apache sapis.
- Fixed bug php#50930 (Wrong date by php_date.c patch with ancient gcc/glibc versions).
- Fixed bug php#50859 (build fails with openssl 1.0 due to md2 deprecation).
- Fixed bug php#50847 (strip_tags() removes all tags greater then 1023 bytes long).
- Fixed bug php#50832 (HTTP fopen wrapper does not support passwordless HTTP
authentication).
- Fixed bug php#50823 (ReflectionFunction::isDeprecated producing \"cannot be called
statically\" error).
- Fixed bug php#50791 (Compile failure: Bad logic in defining fopencookie
emulation).
- Fixed bug php#50787 (stream_set_write_buffer() has no effect on socket
streams).
- Fixed bug php#50772 (mysqli constructor without parameters does not return a
working mysqli object).
- Fixed bug php#50761 (system.multiCall crashes in xmlrpc extension).
- Fixed bug php#50732 (exec() adds single byte twice to $output array).
- Fixed bug php#50728 (All PDOExceptions hardcode \'code\' property to 0).
- Fixed bug php#50727 (Accessing mysqli->affected_rows on no connection causes segfault).
- Fixed bug php#50680 (strtotime() does not support eighth ordinal number).
- Fixed bug php#50661 (DOMDocument::loadXML does not allow UTF-16).
- Fixed bug php#50657 (copy() with an empty (zero-byte) HTTP source succeeds but
returns false).
- Fixed bug php#50636 (MySQLi_Result sets values before calling constructor).
- Fixed bug php#50632 (filter_input() does not return default value if the
variable does not exist).
- Fixed bug php#50576 (XML_OPTION_SKIP_TAGSTART option has no effect).
- Fixed bug php#50575 (PDO_PGSQL LOBs are not compatible with PostgreSQL 8.5).
- Fixed bug php#50558 (Broken object model when extending tidy).
- Fixed bug php#50540 (Crash while running ldap_next_reference test cases).
- Fixed bug php#50508 (compile failure: Conflicting HEADER type declarations).
- Fixed bug php#50394 (Reference argument converted to value in __call).
- Fixed bug php#49851 (http wrapper breaks on 1024 char long headers).
- Fixed bug php#49600 (imageTTFText text shifted right).
- Fixed bug php#49585 (date_format buffer not long enough for >4 digit years).
- Fixed bug php#49463 (setAttributeNS fails setting default namespace).
- Fixed bug php#48667 (Implementing Iterator and IteratorAggregate).
- Fixed bug php#48590 (SoapClient does not honor max_redirects).
- Fixed bug php#48190 (Content-type parameter \"boundary\" is not case-insensitive
in HTTP uploads).
- Fixed bug php#47601 (defined() requires class to exist when testing for class
constants).
- Fixed bug php#47409 (extract() problem with array containing word \"this\").
- Fixed bug php#47002 (Field truncation when reading from dbase dbs with more
then 1024 fields).
- Fixed bug php#45599 (strip_tags() truncates rest of string with invalid
attribute).
- Fixed bug php#44827 (define() allows :: in constant names).
- depracated really-with-libedit.patch, bnc-518300.patch,php5-alignment.patch,
arrayobject-mess.patch, BNC-457056_2.patch
CVE-2008-5557.patch, CVE-2008-5498.patch, CVE-2008-2829.patch,
CVE-2009-4017.patch, CVE-2009-2626.patch, CVE-2009-2687.patch,
CVE-2009-0754.patch, CVE-2009-1271.patch, CVE-2009-1272.patch,
CVE-2009-3291.patch, CVE-2009-3292.patch, CVE-2009-3293.patch,
CVE-2008-5624.patch, CVE-2008-5625.patch, CVE-2008-5814.patch,
CVE-2009-3546.patch, CVE-2009-4142.patch,
- reworked bnc-435595.patch (change grabbed from php 5.3.2)
- added patch php5-session.patch to fix build
- fix CVE-2010-0397 [bnc#588975]

Tue Feb 9 13:00:00 2010 msebenAATTnovell.com
- fix CVE-2008-5624, CVE-2008-5625, CVE-2008-5814 [bnc#568527]
- fix CVE-2009-3546 [bnc#547525]
- fix CVE-2009-4142 [bnc#565924]
- fix CVE-2009-2626,,CVE-2009-4017 [bnc#557157]

Tue Sep 22 14:00:00 2009 crrodriguezAATTsuse.de
- VUL-0: php5: 5.2.11 release [bnc#540242]
- L3: Problem with xmlparse in PHP5

Sun Aug 23 14:00:00 2009 crrodriguezAATTsuse.de
- VUL-1: php5: exif module denial of service [bnc#513080]
- PHP read_exif_data() only returns the first letter of UTF-16 strings [bnc#518300]

Thu Jul 16 14:00:00 2009 crrodriguezAATTsuse.de
- PHP5: json_decode not working correctly after update [bnc#521033]

Wed Jun 17 14:00:00 2009 crrodriguezAATTsuse.de
- fix CVE-2009-1271, CVE-2009-1272 [bnc#493122]

Wed May 27 14:00:00 2009 crrodriguezAATTsuse.de
- missing timezone hard dependency [bnc#486359]

Thu Mar 12 13:00:00 2009 crrodriguezAATTsuse.de
- VUL-0: php5: memory disclosure by imagerotate() [bnc#480850]
- VUL-0: php5: mbstring.func_overload set in .htaccess becomes global [bnc#471419]

Wed Jan 14 13:00:00 2009 crrodriguezAATTsuse.de
- libxml version detection of previous fix will never work.
11.1 version is 2.7.2 not 2.7.3 and presence of XML_PARSE_OLDSAX
enumeration value cannot be tested with defined()..

Mon Jan 12 13:00:00 2009 crrodriguezAATTsuse.de
- VUL-0: php: buffer overflow in ext/mbstring [BNC#462499]
- VUL-0: php5: dir traversal vulnerability in ZipArchive [BNC#464048]
- PHP5: ext/xml is broken due to libxml2 2.7.x changes [BNC#457056]

* Note that this MUST be submitted AFTER libxml2 update

Wed Nov 12 13:00:00 2008 crrodriguezAATTsuse.de
- fix ext/imap buffer overflows, old API used [#BNC402665]

Wed Nov 12 13:00:00 2008 crrodriguezAATTsuse.de
- QA Results fixed

* array_pad \"succeeds\" when padding with large negative number [BNC#435595]

Wed Nov 12 13:00:00 2008 crrodriguezAATTsuse.de
- QA Results: fix PPC64 regression of gd module [BNC#364518]

Wed Nov 12 13:00:00 2008 crrodriguezAATTsuse.de
- update system timezone support patch to r4

* added \"System/Localtime\" tzname which uses /etc/localtime

Thu Oct 9 14:00:00 2008 crrodriguezAATTsuse.de
- Using the ArrayObject class leaks and corrupt memory,
causing a really nasty undefined behaviour in userspace code, whatever
can happend due to corruption of the symbol table.
see http://bugs.php.net/bug.php?id=46222 where martian variables
get created as example.

Mon Sep 8 14:00:00 2008 crrodriguezAATTsuse.de
- update suhosin to version 0.9.27

* Fixed problem with suhosin.perdir
Thanks to Hosteurope for tracking this down

* Fixed problems with ext/uploadprogress
Reported by: Christian Stocker

* Added suhosin.srand.ignore and suhosin.mt_srand.ignore (default: on)

* Modified rand()/srand() to use the Mersenne Twister algorithm with separate state

* Added better internal seeding of rand() and mt_rand()

Wed Sep 3 14:00:00 2008 crrodriguezAATTsuse.de
- do not restart apache after update of mod_php5 [BNC#419508]

Thu May 8 14:00:00 2008 schwabAATTsuse.de
- Don\'t try to replace libtool.
- Fix alignment violation.
- Don\'t define feature test macros after system headers.

Fri May 2 14:00:00 2008 crrodriguezAATTsuse.de
- update to PHP 5.2.6

* Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin.

* Fixed integer overflow in printf() identified by Maksymilian Aciemowicz.

* Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh.

* Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.

* Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser.

* Fixed two possible crashes inside the posix extension.

* Fixed bug #44069 (Huge memory usage with concatenation using . instead of .=)

* Fixed bug #44141 (private parent constructor callable through static function).

* Fixed bug #43589 (a possible infinite loop in bz2_filter.c).

* Fixed bug #43450 (Memory leak on some functions with implicit object __toString() call).

* Fixed bug #43201 (Crash on using uninitialized vals and __get/__set).

* Fixed bug #42978 (mismatch between number of bound params and values causes a crash in pdo_pgsql).

* Fixed bug #42937 (__call() method not invoked when methods are called on parent from child class).

* Fixed bug #42736 (xmlrpc_server_call_method() crashes).

* Fixed bug #42369 (Implicit conversion to string leaks memory).

* Fixed bug #41562 (SimpleXML memory issue).

* Fixed bug #43606 (define missing depencies of the exif extension). (crrodriguez at suse dot de)

* Fixed bug #43498 (file_exists() on a proftpd server got SIZE not allowed in ASCII mode). (Ilia, crrodriguez at suse dot de)

* Over 120 bug fixes.

Tue Feb 5 13:00:00 2008 crrodriguezAATTsuse.de
- update suhosin extension to version 0.9.23
- Fixed suhosin extension now compiles with snapshots of PHP 5.3
- Fixed crypt() behaves like normal again when there is no salt supplied
- wrong Obsoletes causes upgrade trouble [bnc #355618]

Fri Feb 1 13:00:00 2008 mmarekAATTsuse.cz
- use %%_with_ming and %%_with_qdbm instead of %%opensuse_bs,
enables building in the bs in other projects than server:php
(bnc#357917)

Fri Jan 11 13:00:00 2008 crrodriguezAATTsuse.de
- Try patch recently published by Redhat that allows PHP to
use the system timezone database instead of the bundled one.

Mon Jan 7 13:00:00 2008 crrodriguezAATTsuse.de
- Do not hard require php5-timezonedb, instead provide a capability
php(tzdatabase) = builtin_tz_ver so it gets installed via rpm
Supplements only when needed.

Thu Dec 27 13:00:00 2007 crrodriguezAATTsuse.de
- PHP is leaking file descriptors badly on relative includes
(php-5.2.5-fdleak.patch)

Thu Dec 13 13:00:00 2007 crrodriguezAATTsuse.de
- suhosin 0.9.22
- Fixed function_exists() now checks the Suhosin permissions
- Fixed crypt() salt no longer uses Blowfish by default
- Fixed .htaccess/perdir support
- Fixed compilation problem on OS/X
- Added protection against some attacks through _SERVER variables
- Added suhosin.server.strip and suhosin.server.encode

Tue Dec 11 13:00:00 2007 crrodriguezAATTsuse.de
- use /dev/urandom for generating session-IDs [#337005]
- L3: PHP: Venezuela Time Zone Update starting date changed to December 9 [#345548]

Mon Nov 12 13:00:00 2007 crrodriguezAATTsuse.de
- update to PHP 5.2.5

* Fixed dl() to only accept filenames. reported by Laurent Gaffie.

* Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887).

* Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences.

* Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie.

* Fixed \"mail.force_extra_parameters\" php.ini directive not to be modifiable in .htaccess due to the security implications reported by SecurityReason.

* Fixed bug #42869 (automatic session id insertion adds sessions id to non-local forms).

* Fixed bug #41561 (Values set with php_admin_
* in httpd.conf can be overwritten with ini_set()).

* Upgraded PCRE to version 7.3 (Nuno)

* Added optional parameter $provide_object to debug_backtrace(). (Sebastian)

* Added alpha support for imagefilter() IMG_FILTER_COLORIZE. (Pierre)

* Added ability to control memory consumption between request using ZEND_MM_COMPACT environment variable. (Dmitry)

* Improved speed of array_intersect_key(), array_intersect_assoc(), array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and array_udiff_assoc(). (Dmitry)

* Fixed move_uploaded_file() to always set file permissions of resulting file according to UMASK. (Andrew Sitnikov)

* Fixed possible crash in ext/soap because of uninitialized value. (Zdash Urf)

* Fixed regression in glob() when enforcing safe_mode/open_basedir checks on paths containing \'
*\'. (Ilia)

* Fixed PDO crash when driver returns empty LOB stream. (Stas)

* Fixed iconv_
*() functions to limit argument sizes as workaround to libc bug (CVE-2007-4783, CVE-2007-4840 by Laurent Gaffie). (Christian Hoffmann, Stas)

* Fixed missing brackets leading to build warning and error in the log. Win32 code. (Andrey)

* Fixed leaks with multiple connects on one mysqli object. (Andrey)

* Fixed imagerectangle regression with 1x1 rectangle (libgd #106). (Pierre)

* Fixed bug #43196 (array_intersect_assoc() crashes with non-array input). (Jani)

* Fixed bug #43139 (PDO ignores ATTR_DEFAULT_FETCH_MODE in some cases with fetchAll()). (Ilia)

* Fixed bug #43137 (rmdir() and rename() do not clear statcache). (Jani)

* Fixed bug #43130 (Bound parameters cannot have - in their name). (Ilia)

* Fixed bug #43099 (XMLWriter::endElement() does not check # of params). (Ilia)

* Fixed bug #43020 (Warning message is missing with shuffle() and more than one argument). (Scott)

* Fixed bug #42976 (Crash when constructor for newInstance() or newInstanceArgs() fails) (Ilia)

* Fixed bug #42917 (PDO::FETCH_KEY_PAIR doesn\'t work with setFetchMode). (Ilia)

* Fixed bug #42890 (Constant \"LIST\" defined by mysqlclient and c-client). (Andrey)

* Fixed bug #42818 ($foo = clone(array()); leaks memory). (Dmitry)

* Fixed bug #42817 (clone() on a non-object does not result in a fatal error). (Ilia)

* Fixed bug #42785 (json_encode() formats doubles according to locale rather then following standard syntax). (Ilia)

* Fixed bug #42783 (pg_insert() does not accept an empty list for insertion). (Ilia)

* Fixed bug #42773 (WSDL error causes HTTP 500 Response). (Dmitry)

* Fixed bug #42772 (Storing $this in a static var fails while handling a cast to string). (Dmitry)

* Fixed bug #42767 (highlight_string() truncates trailing comment). (Ilia)

* Fixed bug #42739 (mkdir() doesn\'t like a trailing slash when safe_mode is enabled). (Ilia)

* Fixed bug #42703 (Exception raised in an iterator::current() causes segfault in FilterIterator) (Marcus)

* Fixed bug #42699 (PHP_SELF duplicates path). (Dmitry)

* Fixed bug #42654 (RecursiveIteratorIterator modifies only part of leaves) (Marcus)

* Fixed bug #42643 (CLI segfaults if using ATTR_PERSISTENT). (Ilia)

* Fixed bug #42637 (SoapFault : Only http and https are allowed). (Bill Moran)

* Fixed bug #42627 (bz2 extension fails to build with -fno-common). (dolecek at netbsd dot org)

* Fixed bug #42596 (session.save_path MODE option does not work). (Ilia)

* Fixed bug #42590 (Make the engine recognize \\v and \\f escape sequences). (Ilia)

* Fixed bug #42587 (behavior change regarding symlinked .php files). (Dmitry)

* Fixed bug #42579 (apache_reset_timeout() does not exist). (Jani)

* Fixed bug #42549 (ext/mysql failed to compile with libmysql 3.23). (Scott)

* Fixed bug #42523 (PHP_SELF duplicates path). (Dmitry)

* Fixed bug #42512 (ip2long(\'255.255.255.255\') should return 4294967295 on 64-bit PHP). (Derick)

* Fixed bug #42506 (php_pgsql_convert() timezone parse bug) (nonunnet at gmail dot com, Ilia)

* Fixed bug #42462 (Segmentation when trying to set an attribute in a DOMElement). (Rob)

* Fixed bug #42453 (CGI SAPI does not shut down cleanly with -i/-m/-v cmdline options). (Dmitry)

* Fixed bug #42452 (PDO classes do not expose Reflection API information). (Hannes)

* Fixed bug #42468 (Write lock on file_get_contents fails when using a compression stream). (Ilia)

* Fixed bug #42488 (SoapServer reports an encoding error and the error itself breaks). (Dmitry)

* Fixed bug #42378 (mysqli_stmt_bind_result memory exhaustion). (Andrey)

* Fixed bug #42359 (xsd:list type not parsed). (Dmitry)

* Fixed bug #42326 (SoapServer crash). (Dmitry)

* Fixed bug #42214 (SoapServer sends clients internal PHP errors). (Dmitry)

* Fixed bug #42189 (xmlrpc_set_type() crashes php on invalid datetime values). (Ilia)

* Fixed bug #42139 (XMLReader option constants are broken using XML()). (Rob)

* Fixed bug #42086 (SoapServer return Procedure \'\' not present for WSIBasic compliant wsdl). (Dmitry)

* Fixed bug #41822 (Relative includes broken when getcwd() fails). (Ab5602, Jani)

* Fixed bug #39651 (proc_open() append mode doesn\'t work on windows). (Nuno)

Thu Aug 30 14:00:00 2007 crrodriguezAATTsuse.de
- update to PHP 5.2.4, no relevant changes since RC3.

Fri Aug 24 14:00:00 2007 crrodriguezAATTsuse.de
- PHP 5.2.4RC3
- Fixed version_compare() to support \"rc\" as well as \"RC\" for release
candidate version numbers.
- Fixed bug #42368 (Incorrect error message displayed by pg_escape_string).
(Ilia)
- Fixed phpbug #42365 and Novell bugzilla #292998 (glob() crashes and/or accepts way too many flags). (Jani)
- Fixed bug #42183 (classmap causes crash in non-wsdl mode). (Dmitry)
- Fixed bug #42009 (is_a() and is_subclass_of() should NOT call autoload,
in the same way as \"instanceof\" operator). (Dmitry)
- Fixed bug #41904 (proc_open(): empty env array should cause empty
environment to be passed to process). (Jani)
- Fixed bug #37273 (Symlinks and mod_files session handler allow open_basedir
bypass). (Ilia)
- remove wrong hardcoded requirement on libedit
- devel package at least does not need libtool the php build enviroment uses a private copy.
- drop no longer needed patches already in upstream

Fri Aug 17 14:00:00 2007 anosekAATTsuse.cz
- updated to version 5.2.4RC2
- Fixed oci8 and PDO_OCI extensions to allow configuring with Oracle 11g client
libraries. (Chris Jones)
- Fixed bug #42292 ($PHP_CONFIG not set for phpized builds). (Jani)
- Fixed bug #42261 (header wrong for date field). (roberto at spadim dot com
dot br, Ilia)
- Fixed bug #42259 (SimpleXMLIterator loses ancestry). (Rob)
- Fixed bug #42247 (ldap_parse_result() not defined under win32). (Jani)
- Fixed bug #42243 (copy() does not output an error when the first arg is a
dir). (Ilia)
- Fixed bug #42242 (sybase_connect() crashes). (Ilia)
- Fixed bug #42237 (stream_copy_to_stream returns invalid values for mmaped
streams). (andrew dot minerd at sellingsource dot com, Ilia)
- Fixed bug #42222 (possible buffer overflow in php_openssl_make_REQ). (Pierre)
- Fixed bug #42211 (property_exists() fails to find protected properties from
a parent class). (Dmitry)
- Fixed bug #42208 (substr_replace() crashes when the same array is passed
more than once). (crrodriguez at suse dot de, Ilia)
- Fixed bug #42198 (SCRIPT_NAME and PHP_SELF truncated when inside a userdir
and using PATH_INFO). (Dmitry)
- Fixed bug #42195 (C++ compiler required always). (Jani)
- Fixed bug #42117 (bzip2.compress loses data in internal buffer). (Philip,
Ilia)
- Fixed bug #42082 (NodeList length zero should be empty). (Hannes)
- Fixed bug #36492 (Userfilters can leak buckets). (Sara)
- Fixed bug #31892 (PHP_SELF incorrect without cgi.fix_pathinfo, but turning
on screws up PATH_INFO). (Dmitry)

Mon Aug 6 14:00:00 2007 anosekAATTsuse.cz
- updated to version 5.2.4RC1
- dropped obsoleted PHP_5_2-CVS-2007-07-30.patch.bz2

Mon Jul 30 14:00:00 2007 mmarekAATTsuse.cz
- updated to latest state of PHP_5_2 branch; highlights from the
NEWS file:
- Upgraded PCRE to version 7.2 (Nuno)
- Updated timezone database to version 2007.6. (Derick)
- Improved openssl_x509_parse() to return extensions in readable
form. (Dmitry)
- Changed \"display_errors\" php.ini option to accept \"stderr\" as
value which makes the error messages to be outputted to STDERR
instead of STDOUT with CGI and CLI SAPIs (FR #22839). (Jani)
- Changed error handler to send HTTP 500 instead of blank page on
PHP errors. (Dmitry, Andrei Nigmatulin)
- Added check for unknown options passed to configure. (Jani)
- Added persistent connection status checker to pdo_pgsql.
(Elvis Pranskevichus, Ilia)
- Added support for ATTR_TIMEOUT inside pdo_pgsql driver. (Ilia)
- Added php_ini_loaded_file() function which returns the path to
the actual php.ini in use. (Jani)
- Added GD version constants GD_MAJOR_VERSION, GD_MINOR_VERSION
GD_RELEASE_VERSION, GD_EXTRA_VERSION and GD_VERSION_STRING.
(Pierre)
- Added missing open_basedir checks to CGI. (anight at
eyelinkmedia dot com, Tony)
- Added missing format validator to unpack() function. (Ilia)
- Added missing error check inside bcpowmod(). (Ilia)
- Added CURLOPT_PRIVATE & CURLINFO_PRIVATE constants. (Andrey A.
Belashkov, Tony)
- Added missing MSG_EOR and MSG_EOF constants to sockets
extension. (Jani)
- Added PCRE_VERSION constant. (Tony)
- Added ReflectionExtension::info() function to print the
phpinfo() block for an extension. (Johannes)
- Implemented FR #41884 (ReflectionClass::getDefaultProperties()
does not handle static attributes). (Tony)
- plus lots of bugfixes
- fixed the pear phar archive to run with 5.2.4
[http://bugs.php.net/bug.php?id=42146]

Wed Jul 25 14:00:00 2007 mmarekAATTsuse.cz
- added /var/lib/pear to php5-pear.rpm

Tue Jul 24 14:00:00 2007 judas_iscarioteAATTshorewall.net
- fix nasty deadlock in pear
- update php5-ze2-fixes.patch and actually apply it.

Tue Jul 17 14:00:00 2007 anosekAATTsuse.cz
- fixed YOU honors Recommends, breaks php update [#291551]
(moved php-suhosin from Recommends to Suggests)

Mon Jun 25 14:00:00 2007 mmarekAATTsuse.cz
- provide /srv/www/cgi-bin/php5 compat symlink instead of patching
config files

Sat Jun 23 14:00:00 2007 judas_iscarioteAATTshorewall.net
- fixed a mess with update-alternatives PreReq uncovered by newer build versions.
actually every subpackage that uses update-alternatives should PreReq it.
- fix some ZE2 bugs.

Tue Jun 12 14:00:00 2007 mmarekAATTsuse.cz
- drop php5.xpm and the Icon: line from the specfile (the icon is
not used at all and it breaks rpm -q --specfile php5.spec)

Fri Jun 1 14:00:00 2007 judas_iscarioteAATTshorewall.net
- PHP version 5.2.3 see http://www.php.net/releases/5_2_3.php
- important: PHP-cgi now lives in /usr, package attempts to fix both
lighttpd and apache2 fastcgi config files.

Wed May 30 14:00:00 2007 judas_iscarioteAATTshorewall.net
- use system re2c in factory.
- enable support for qbdm in the dba extension (build service only)
- enable the ming extension (build service only)

Mon May 21 14:00:00 2007 mmarekAATTsuse.cz
- fixed the dba extension adding -ldb-4.x to global LDFLAGS,
causing unnecessary dependency in /usr/bin/php5
[http://bugs.php.net/bug.php?id=41455]

Sat May 19 14:00:00 2007 judas_iscarioteAATTshorewall.net
- updated suhosin to version 0.9.20, security fix + bugfixes
see http://www.hardened-php.net/suhosin/changelog.html for more detail.

Mon May 14 14:00:00 2007 judas_iscarioteAATTshorewall.net
- fix devel package, in the reality PHP does not currenly require expat.
headers provides a expat compatibility layer but it is no longer in use
by our packages as libxml2 is always prefered, (and HAVE_LIBEXPAT is not defined)

Fri May 11 14:00:00 2007 judas_iscarioteAATTshorewall.net
- update php5-test-fixes fixing another bug in zend_compile.c
- use rpm macros in the spec file
- when removing apache2-mod_php5, unload it from apache first.
- when updating apache2-mod_php5 restart apache with restart on update macro.

Sun May 6 14:00:00 2007 judas_iscarioteAATTshorewall.net
- HTTP_RAW_POST_DATA superglobal broken (php5-phpbug-41293.patch)
- better fix for MOPB 41.

Sat May 5 14:00:00 2007 judas_iscarioteAATTshorewall.net
- remove --enable-memory-limit configure flag, it disappeared in 5.2.1,
nowdays memory_limit is always enabled.

Fri May 4 14:00:00 2007 prusnakAATTsuse.cz
- changed expat to libexpat-devel in Requires of devel subpackage

Fri May 4 14:00:00 2007 judas_iscarioteAATTshorewall.net
- add php5-test-fixes.patch fixing a test case that wont pass on i586
as well a real fix for Zend/tests/bug41117_1.phpt problem, that was commited
after the release was done. there is another test case that fails in 10.2
ext/pcre/tests/bug40195.phpt but this is not a PHP problem but a bug in PCRE.
- added missing fix for PMOPB-45-2007 PHP ext/filter Email Validation Vulnerability (minor)

Fri May 4 14:00:00 2007 judas_iscarioteAATTshorewall.net
- php5-devel package now requires pcre-devel for > 10.1 as 5.2.2 installs
php_pcre.h header that needs it.

Thu May 3 14:00:00 2007 mmarekAATTsuse.cz
- fixed some new compiler warnings

Thu May 3 14:00:00 2007 judas_iscarioteAATTshorewall.net
- upgrade to PHP 5.2.2, fixed hundreds of bugs including MOPB ones
if you need the complete changes see http://www.php.net/ChangeLog-5.php#5.2.2

Thu May 3 14:00:00 2007 judas_iscarioteAATTshorewall.net
- Upgrade suhosin extension to version 0.9.19 see
http://www.hardened-php.net/suhosin/changelog.html for details

Fri Mar 30 14:00:00 2007 mmarekAATTsuse.de
- added bison to BuildRequires, removed update-desktop-files

Thu Mar 22 13:00:00 2007 mmarekAATTsuse.de
- fixed unpack() on big-endian 64bit (revert-phpbug38770.patch)
- blacklist more env variables when safe_mode is on
(php5-config.patch)

Sat Mar 17 13:00:00 2007 judas_iscarioteAATTshorewall.net
- fix Requires of -devel package to include only what is really
needed for operation of the pecl tool as well the neccesary
headers to compile php extensions.
- Fix MOPB 24 \"PHP array_user_key_compare() Double DTOR
Vulnerability\"
- note that fix for MOPB 23 was included in the previous patchset.

Wed Mar 14 13:00:00 2007 judas_iscarioteAATTshorewall.net
- add security fixes for MOPB 20, 21 and 22.
- RPM_BUILD_ROOT is never defined in %post.

Sun Mar 11 13:00:00 2007 judas_iscarioteAATTshorewall.net
- fix/workaround for php5-gd problem with typo3 [#236680]
- add fix for MOPB-14-2007 PHP substr_compare() Information Leak
Vulnerability.
- add secfix for import_request_variables() ancient problem, users
of suhosin extension are not affected.
- Run the test suite here

Tue Mar 6 13:00:00 2007 judas_iscarioteAATTshorewall.net
- Update suhosin extension to version 0.9.18 fixing a session
problem.

Mon Mar 5 13:00:00 2007 judas_iscarioteAATTshorewall.net
- Update suhosin extension to version 0.9.17. see
http://www.hardened-php.net/suhosin/changelog.html for details.

Thu Feb 15 13:00:00 2007 judas_iscarioteAATTshorewall.net
- add t1lib support in php5-gd (10.3 and up only)
- an off-by-one in str_replace may cause a crash.

Thu Feb 8 13:00:00 2007 judas_iscarioteAATTshorewall.net
- PHP 5.2.1. for a full list of changes see
http://www.php.net/ChangeLog-5.php#5.2.1
- add Obsoletes for extensions we dont ship anymore

Fri Feb 2 13:00:00 2007 judas_iscarioteAATTshorewall.net
- fix getenv() modifing $_POST, breaks suhosin badly when
register_
* is On and variables orde is \"GPCS\" (default).
- change/remove obsoleted patches

Tue Jan 30 13:00:00 2007 anosekAATTsuse.cz
- synced with BuildService

* file \"session_mm_apache2handler0.sem\" written at boot
[#229200] (php5-config.patch)

* for certain functionality php5-exif requires php5-mbstring

* php5-ldap requires php5-openssl

* remove LDAP_DEPRECATED from CFLAGS, module already
takes care of this.

* patch potential HTTP_SESSION_VARS et all hijack when
register_globals is On users from suhosin extension are
not affected.(php5-session-rgon-hijack.patch)

* on 10.2 and up php5-devel should require pcre-devel
sqlite-devel sqlite2-devel

* php5-devel is mostly useless without autoconf automake libtool
bison make gcc.

* added patches: phpbug-39350.patch
oldhat-phpinputdata-secfix.patch
ze2-fixes.patch
filter.patch
ext-lib64again.patch

Fri Jan 26 13:00:00 2007 mmarekAATTsuse.cz
- fixed string comparison in xmlrpc module (strcmp.patch)
- allways apply %%patch9

Fri Jan 26 13:00:00 2007 mmarekAATTsuse.cz
- updated the curl module from cvs to fix build with curl-7.16
(curl-cvs-fix.patch, dropped gcc.patch)

Tue Dec 19 13:00:00 2006 anosekAATTsuse.cz
- fixed VUL-0: php session.save_path open_basedir bypass
[#227569] (save_path-secfix.patch)

Wed Dec 6 13:00:00 2006 anosekAATTsuse.cz
- synced with BuildService

* updated Suhosin patch to 0.9.6.2

* updated Suhosin extension to 0.9.16

* fixed php5-devel should provide PECL tool [#204006]

* use bundled sqlite in suse versions =< 10.1
(pdo_sqlite stopped working properly with older sqlite3 libs)

* do not use zend-multibyte anymore, please refer
to phpbug #36711 and associated links, no applications uses
this feature in the real world since it is disabled
in all other distributions/OS.seems to cause more problems
than solutions.

* change php.ini, back to short_open_tag =off (the default)
the package that depended on this setting no longer does.
Also explicitely set the upload_tmp_dir in php.ini to deal
with open_basedir recent changes (please refer
to phpbug #39123) for the details.

* suhosin.ini uses just the default recommended settings

Wed Nov 8 13:00:00 2006 anosekAATTsuse.cz
- created symlinks /usr/bin/php and /usr/bin/pear [#216166]

Tue Nov 7 13:00:00 2006 mmarekAATTsuse.cz
- fixed implicit function decls in suhosin patch (keep the original
patch intact and put fixes into separate patch)

Mon Nov 6 13:00:00 2006 mmarekAATTsuse.cz
- updated to 5.2.0 final
- merged changes from buildservice (by soporteAATTonfocus.cl):
- updated suhosin to 0.9.10
- added suhosin patch
- build with system PCRE if suse_release > 10.1 only [#215610]
- suhosin extension does not require PDO
- suhosin added to the reccommended list
- php5-pspell to require at least aspell-en otherwise is useless
[#217272]

Thu Oct 26 14:00:00 2006 anosekAATTsuse.cz
- php5-sqlite now uses our sqlite and sqlite2 packages to build
and not bundled ones [#201440]
- updated suhosin to 0.9.9

Fri Oct 20 14:00:00 2006 nadvornikAATTsuse.cz
- update to 5.2.0RC6

Thu Oct 19 14:00:00 2006 postadalAATTsuse.cz
- reset right path in extension_dir (php5-php-config.patch)

Mon Oct 9 14:00:00 2006 postadalAATTsuse.cz
- update to version 5.2.0RC5
- added suhosin extension (the hardened php replacement) [#210886]

Sun Oct 8 14:00:00 2006 postadalAATTsuse.cz
- update to version 5.2.0RC4

* added DSA key generation support to openssl_pkey_new()

* updated PCRE to version 6.7

* increased default memory limit to 16 megabytes to accommodate for a more
accurate memory utilization measurement

* added support for httpOnly flag for session extension and cookie setting
functions

* added version specific registry keys to allow different configurations for
different php version

* added \"PHPINIDir\" Apache directive to apache and apache_hooks SAPIs

* added an optional boolean parameter to memory_get_usage() and
memory_get_peak_usage() to get memory size allocated by emalloc() or real
size of memory allocated from system

* moved extensions to PECL (filepro and hwapi)

* improved SNMP, OpenSSL extension

* improved the Zend memory manager, FastCGI SAPI, CURL, PCRE, PDO, SPL,
xmlReader
- merged changes from openSUSE build service

* build without --enable-sigchild [#206533, php#28294, php#38342]

* build CLI with libedit support (really-with-libedit.patch)

* tweaked the default config a bit, to make it more secure

* removed ini entries related to extensions we don\'t ship

* t1lib is not currently needed for build, we need t1lib5 to do
something useful

* removeed --enable-ucd-snmp-hack (needed for ucd-snmp, but we use net-snmp)

* pdo_odbc provided by php-odbc

* php-suse-addons :
o PHP5 is unlikely to parse php3 code, remove the file association
o corrected apache directive is AddHandler not AddType

* dropped extensions:
o mysql, mysqli and pdo_mysql provided by php-mysql (reduce package count)
o php-pdo_sqlite provided by php-sqlite
o php-pdo_pgsql provided by php-pgsql
o filepro dropped by upstream

* new extension:
o filter (kept static and cannot be unloaded, due security reasons)
o json (added as Recommended)
o zip (it uses a bundled library)
- fixed gcc issues (gcc.patch)
- droped obsoleted patches: include_path.patch, bug-37720.patch,
bug-37306.patch, cgi_bugs.patch, bug-37587.patch, gd-fixes.patch,
bug-37416.patch, main_bugs.patch, soap.patch, standard.patch,
mbstring_bugs.patch, ze2_bugs.patch, xsl_bugs.patch, curl.patch

Wed Aug 16 14:00:00 2006 postadalAATTsuse.cz
- fixed build with X11R7

Wed Jul 26 14:00:00 2006 postadalAATTsuse.cz
- updated to version 5.1.4

* FastCGI interface was completely reimplemented

* multitude of improvements to the SPL, SimpleXML, GD, CURL and
Reflection extensions

* support for many additional date formats added to the strtotime()

* a performance improvements added to the engine and core extensions

* added imap_savebody() that allows message body to be written to a file

* added lchown() and lchgrp() to change user/group ownership of symlinks

* upgraded bundled PCRE library to version 6.6
- merged changes from openSUSE build service

* removed unneeded sablot-devel,sqlite-devel,pcre-devel,fam-devel
and libmcal from BuildRequires

* added php-ctype,php-dom,php-iconv,php-pdo,php-pdo_sqlite,php-sqlite,
php-tokenizer,php-xmlreader,php-xmlwriter to Recommends

* added php-mbstring php-gd php-pear php-gettext php-mysqli to Suggests

* added support for optional readline(libedit) for CLI
(disabled by default)

* patches for zendengine (ze2_bugs.patch), xsl (xsl_bugs.patch),
curl (curl.patch) and mbstring bugs (mbstring_bugs.patch),
big soap patch (soap.patch)

* removed obsoleted patches

* fixed Safe Mode Bypass [#188243] (standard.patch)

* upstream patches
[php#37306, php#37416, php#37587, php#37720]
[php#37576, php#37496, php#37341, php#37313, php#37256] (cgi_bugs.patch)
[php#37346, php#37360] (gd-fixes.patch)

* fixed build inconsistences, added php-hash module [#173023]

* added pdo_odbc.so to php-odbc module [#190614]

* build without explicit safe_mode and magic_quotes (unneeded)

* removed useless GD --with-ttf configure option, only suitable
for freetype 1


 
ICM