RPM Search

Changelog for php5-gd-5.3.3-1.28.1.i586.rpm :
Thu Sep 20 14:00:00 2012 lijewski.stefanAATTzabka.pl
- fixed CVE-2011-1398 and CVE-2011-4388 [bnc#778003]
- changes in php-suse-addons:
- use FilesMatch with \'SetHandler\' rather than \'AddHandler\'
[bnc#775852]

Mon Aug 27 14:00:00 2012 lijewski.stefanAATTzabka.pl
- security update:

* CVE-2012-2688 [bnc#772580]

* CVE-2012-3365 [bnc#772582]

* oob-read-sql-dos [bnc#769785]

Fri Jul 6 14:00:00 2012 lijewski.stefanAATTzabka.pl
- security update:

* CVE-2012-2143 [bnc#766798]

Wed Jun 6 14:00:00 2012 lijewski.stefanAATTzabka.pl
- security update:

* CVE-2012-2386 [bnc#763814]

* improved fix for CVE-2012-1823 (CVE-2012-2335, CVE-2012-2336)
[bnc#761631]

Tue May 8 14:00:00 2012 lijewski.stefanAATTzabka.pl
- security update:

* CVE-2012-1823, CVE-2012-2311 [bnc#760536]

Tue Apr 24 14:00:00 2012 lijewski.stefanAATTzabka.pl
- security update:

* CVE-2012-1172 [bnc#752030]

Mon Apr 2 14:00:00 2012 lijewski.stefanAATTzabka.pl
- fixed regressions after fix for CVE-2012-0830 [bnc#749111]
- security update:

* CVE-2012-0807 [bnc#743308]

* CVE-2012-0057 [bnc#741520]

* CVE-2011-4153 [bnc#741859]

* CVE-2012-0831 [bnc#746661]
- security update CVE-2012-0830 and other memory leaks
(fixes the fix of CVE-2011-4885) [bnc#744966]

* CVE-2012-0781 [bnc#742273]

* CVE-2012-0788 [bnc#742806]

* memory corruption in parse_ini_string() [bnc#742806]

* CVE-2012-0789 [bnc#742806]

* CVE-2011-4885 [bnc#738221] -- added max_input_vars directive
to prevent attacks based on hash collisions
- amend README.SUSE to discourage using apache module with
apache2-worker [bnc#728671]
- security update:

* CVE-2011-4566 [bnc#733590]

* CVE-2011-3182 [bnc#713652]

* CVE-2011-1466 [bnc#736169]

* CVE-2011-1072 [bnc#735613]

Mon Sep 5 14:00:00 2011 pgajdosAATTsuse.com
- security update:
CVE-2011-3268 [bnc#715646]
- allow uploading files bigger than 2GB for 64bit systems
[bnc#709549]

* 64-bit-post-large-files.patch

Thu Jun 30 14:00:00 2011 pgajdosAATTnovell.com
- security update:

* CVE-2011-2483 [bnc#701491]

* CVE-2011-2202 [bnc#699711]

Fri Apr 1 14:00:00 2011 pgajdosAATTsuse.cz
- security updates:

* CVE-2011-1470, CVE-2011-1471 [bnc#681214]

* CVE-2011-1092 [bnc#677782]

* CVE-2011-1464 [bnc#681194]

* CVE-2011-1468 [bnc#681197]

* CVE-2011-1467 [bnc#681195]

* CVE-2011-0421 [bnc#681291]

* CVE-2011-1469 [bnc#681210]

* CVE-2011-1148 [bnc#679278]

* CVE-2011-1938 [bnc#695689]

Tue Mar 8 13:00:00 2011 pgajdosAATTsuse.cz
- security fixes

* CVE-2011-0420 [bnc#672933]

* CVE-2011-0708 [bnc#671710]

Fri Feb 25 13:00:00 2011 chrisAATTcomputersalat.de
- fix for macros.php
o devel pkg must have Obsoletes/Provides: php-macros

Thu Feb 10 13:00:00 2011 chrisAATTcomputersalat.de
- extend macros.php
o __php, __phpize, __php_config, php_version
o __pear, php_peardir, php_pearxmldir
o php_pear_gen_filelist
- add README.macros

Mon Feb 7 13:00:00 2011 pgajdosAATTsuse.cz
- security fixes

* CVE-2011-0755 [bnc#669189]

* CVE-2011-0752 [bnc#669162]

* CVE-2011-0753 [bnc#669188]

Tue Feb 1 13:00:00 2011 pgajdosAATTsuse.cz
- security fixes [bnc#666512]

* CVE-2010-4697

* CVE-2010-4698

* CVE-2010-4699

* CVE-2010-4700

Thu Jan 13 13:00:00 2011 pgajdosAATTsuse.cz
- security fixes

* CVE-2010-4645 [bnc#662932]

* CVE-2010-3709 [bnc#660102]

* CVE-2010-4150 [bnc#655968]

* fopen_https_proxy_auth_fix.patch [bnc#656523]

Mon Nov 8 13:00:00 2010 pgajdosAATTsuse.cz
- security fix of oob read in mb_strcut() [bnc#651990]

* CVE-2010-4156.patch

Tue Nov 2 13:00:00 2010 pgajdosAATTnovell.com
- security fix in utf8_decode() [bnc#650700]

* CVE-2010-3870.patch

Tue Oct 26 14:00:00 2010 pgajdosAATTnovell.com
- fix \"Segfault in filter_var with FILTER_VALIDATE_EMAIL with
large amount of data\" [bnc#649210]

* CVE-2010-3710.patch

Tue Aug 3 14:00:00 2010 cristian.rodriguezAATTopensuse.org
- Clarify changelog this update fixed:

* VUL-0: php5 new unserialize() flaw CVE-2010-2225 [bnc#616232]

* VUL-0: php5: MOPS-2010-021: fnmatch() Stack Exhaustion Vulnerability [bnc#605097]

* VUL-0: php5: MOPS-2010-017: preg_quote() Interruption Information Leak [bnc#605100]

* VUL-0: php5: MOPS-2010-022 use after free [bnc#609763]

* VUL-0: php5-phar: MOPS-2010-0{24,25,26,27,28} format string bugs [bnc#609766]

* VUL-0: php5: MOPS-2010-0{32,33,34} use space interruption in iconv functions [bnc#609768]

* VUL-0: php5: MOPS-2010-0{36,37,38,39,40} userspace interruptions [bnc#609769]

* VUL-0: php5: MOPS-2010-0{36..46} userspace interruptions [bnc#609769]

* VUL-0: php5: MOPS-2010-047/048 information leak [bnc#612555]

* VUL-0: php5: MOPS-2010-049/50/51/52/53/54/55 memory corruption and/or info leak [bnc#612556]

* VUL-0: PHP5: Session Data Injection Vulnerability [bnc#619483]

* VUL-0: PHP5: multiple heap based buffer overflows [bnc#619486]

* bugzilla numbers 619487,619489,619469,609766..

Tue Jul 20 14:00:00 2010 cristian.rodriguezAATTopensuse.org
- Update to PHP 5.3.3 RC3
- Massive lot of security fixes see list
here http://www.php-security.org/category/vulnerabilities/index.html

Tue Jun 1 14:00:00 2010 cristian.rodriguezAATTopensuse.org
- possible fix for [bnc#610633]

Fri Apr 16 14:00:00 2010 crrodriguezAATTopensuse.org
- use FD_CLOEXEC flag to avoid annoying races.

Sun Apr 4 14:00:00 2010 crrodriguezAATTopensuse.org
- remove obsolete buildRequires

Fri Apr 2 14:00:00 2010 crrodriguezAATTopensuse.org
- remove build date from binaries so they dont get
republished every time
- fix invalid path

Thu Apr 1 14:00:00 2010 crrodriguezAATTopensuse.org
- add missing patch, refresh patches with -p0

Thu Apr 1 14:00:00 2010 crrodriguezAATTopensuse.org
- Update to PHP 5.3.2, see NEWS for details

Fri Mar 5 13:00:00 2010 dimstarAATTopensuse.org
- Add php5-autoconf-2.65.patch to fix build with autoconf 2.65; it\'s
a backported combination of svn commits 291283, 291284 and
291332.
- Workaround old php bug http://bugs.php.net/bug.php?id=21153 by
replacing -ledit with -ledit -lncurses in the resulting configure
scripts. This became apparent problem due to libedit being built
with as-needed now.
- Add php5-bug51224.patch to fix buffer overflows happening in
strcpy. It;s a combination of upstream svn revs 284097 and 284099

Sun Jan 17 13:00:00 2010 vuntzAATTopensuse.org
- Remove unneeded gtk-devel BuildRequires.

Mon Jan 11 13:00:00 2010 ajAATTsuse.de
- Remove obsolete build requires of orbit-devel.

Tue Dec 22 13:00:00 2009 jengelhAATTmedozas.de
- avoid alignment crash on alignment-sensitive CPUs
(bugs.php.net#46074)

Wed Dec 2 13:00:00 2009 cooloAATTnovell.com
- update patch to fix build

Tue Oct 6 14:00:00 2009 crrodriguezAATTopensuse.org
- Fixed wrong harcoded mysql socket [bnc#544516]
- Fixed wrong default include_path

Tue Sep 8 14:00:00 2009 crrodriguezAATTsuse.de
- make php5-pear noarch in Factory

Wed Aug 26 14:00:00 2009 crrodriguezAATTsuse.de
- remove obsolete patches
- apply ini patch
- enable mhash compatibility in the hash extension and obsolete php5-mhash
- add macros.php to the source list

Mon Aug 24 14:00:00 2009 crrodriguezAATTsuse.de
- PHP read_exif_data() only returns the first letter of UTF-16 strings [bnc#518300]

Sun Aug 23 14:00:00 2009 crrodriguezAATTsuse.de
- fix missing return values of suhosin extension

Wed Aug 19 14:00:00 2009 crrodriguezAATTnovell.com
- fix build on CODE10 products

Wed Aug 19 14:00:00 2009 crrodriguezAATTnovell.com
- fix horrible broken open_basedir functionality

Sun Aug 16 14:00:00 2009 crrodriguezAATTsuse.de
- update suhosin extension to version 0.9.29
- mysql extensions now use mysqlnd instead of libmysqlclient.
- enable sqlite3 extension, part of the php5-sqlite package
- enable enchant extension
- enable fileinfo extension
- enable intl extension

Fri Aug 14 14:00:00 2009 crrodriguezAATTsuse.de
- add suhosin patch and newer suhosin extension for compatibility
reasons

Thu Aug 13 14:00:00 2009 crrodriguezAATTsuse.de
- Upgrade to PHP 5.3, see http://www.php.net/ChangeLog-5.php
for the huge list of changes
- remove dbase and ncurses extension

Thu Jul 16 14:00:00 2009 cooloAATTnovell.com
- disable as-needed to fix build

Fri Jun 19 14:00:00 2009 crrodriguezAATTsuse.de
- update to PHP 5.2.10

* Fixed bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files)

* Added \"ignore_errors\" option to http fopen wrapper. (David Zulke, Sara)

* Fixed memory corruptions while reading properties of zip files. (Ilia)

* Fixed memory leak in ob_get_clean/ob_get_flush. (Christian)

* Fixed segfault on invalid session.save_path. (Hannes)

* Fixed leaks in imap when a mail_criteria is used. (Pierre)

* Changed default value of array_unique()\'s optional sorting type parameter back to SORT_STRING to fix backwards compatibility breakage introduced in PHP 5.2.9. (Moriyoshi)

* Fixed bug #47940 (memory leaks in imap_body). (Pierre, Jake Levitt)

* Fixed bug #47903 (\"AATT\" operator does not work with string offsets). (Felipe)

* Fixed bug #47644 (Valid integers are truncated with json_decode()). (Scott)

* Fixed bug #47564 (unpacking unsigned long 32bit big endian returns wrong result). (Ilia)

* Fixed bug #47365 (ip2long() may allow some invalid values on certain 64bit systems).

* Over 100 bug fixes.

Thu May 21 14:00:00 2009 crrodriguezAATTsuse.de
- add temporary backport of openssl prng function

Sat Mar 14 13:00:00 2009 crrodriguezAATTsuse.de
- Update to version 5.2.9, security and bugfix release

* VUL-0: php5: memory disclosure by imagerotate() [bnc#480850]

* VUL-0: php5: mbstring.func_overload set in .htaccess becomes global [bnc#471419]

* Fixed a segfault when malformed string is passed to json_decode()

* Fixed explode() behavior with empty string to respect negative limit.

Sun Dec 14 13:00:00 2008 crrodriguezAATTsuse.de
- remove ming extension, moved to server:php:extensions later

Tue Dec 9 13:00:00 2008 crrodriguezAATTsuse.de
- Update to PHP 5.2.8

Mon Dec 8 13:00:00 2008 crrodriguezAATTsuse.de
- fix BLOCKER magic_quotes breakage, if your code
relies on this feature, it is broken,time to press the panic button.

Fri Dec 5 13:00:00 2008 crrodriguezAATTsuse.de
- update to PHP 5.2.7 final, no mayor changes since RC5

Fri Nov 28 13:00:00 2008 crrodriguezAATTsuse.de
- update to PHP 5.2.7RC5 see news for details

Fri Nov 21 13:00:00 2008 crrodriguezAATTsuse.de
- update to PHP 5.2.7RC4, see news for details

Sun Nov 16 13:00:00 2008 crrodriguezAATTsuse.de
- update to PHP 5.2.7RC3, see NEWS for details

Mon Sep 8 14:00:00 2008 crrodriguezAATTsuse.de
- update suhosin to version 0.9.27

* Fixed problem with suhosin.perdir
Thanks to Hosteurope for tracking this down

* Fixed problems with ext/uploadprogress
Reported by: Christian Stocker

* Added suhosin.srand.ignore and suhosin.mt_srand.ignore (default: on)

* Modified rand()/srand() to use the Mersenne Twister algorithm with separate state

* Added better internal seeding of rand() and mt_rand()

Sun Jul 13 14:00:00 2008 crrodriguezAATTsuse.de
- merge patches from schwab

Fri May 2 14:00:00 2008 crrodriguezAATTsuse.de
- update to PHP 5.2.6

* Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin.

* Fixed integer overflow in printf() identified by Maksymilian Aciemowicz.

* Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh.

* Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.

* Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser.

* Fixed two possible crashes inside the posix extension.

* Fixed bug #44069 (Huge memory usage with concatenation using . instead of .=)

* Fixed bug #44141 (private parent constructor callable through static function).

* Fixed bug #43589 (a possible infinite loop in bz2_filter.c).

* Fixed bug #43450 (Memory leak on some functions with implicit object __toString() call).

* Fixed bug #43201 (Crash on using uninitialized vals and __get/__set).

* Fixed bug #42978 (mismatch between number of bound params and values causes a crash in pdo_pgsql).

* Fixed bug #42937 (__call() method not invoked when methods are called on parent from child class).

* Fixed bug #42736 (xmlrpc_server_call_method() crashes).

* Fixed bug #42369 (Implicit conversion to string leaks memory).

* Fixed bug #41562 (SimpleXML memory issue).

* Fixed bug #43606 (define missing depencies of the exif extension). (crrodriguez at suse dot de)

* Fixed bug #43498 (file_exists() on a proftpd server got SIZE not allowed in ASCII mode). (Ilia, crrodriguez at suse dot de)

* Over 120 bug fixes.

Tue Feb 5 13:00:00 2008 crrodriguezAATTsuse.de
- update suhosin extension to version 0.9.23
- Fixed suhosin extension now compiles with snapshots of PHP 5.3
- Fixed crypt() behaves like normal again when there is no salt supplied
- wrong Obsoletes causes upgrade trouble [bnc #355618]

Fri Feb 1 13:00:00 2008 mmarekAATTsuse.cz
- use %%_with_ming and %%_with_qdbm instead of %%opensuse_bs,
enables building in the bs in other projects than server:php
(bnc#357917)

Fri Jan 11 13:00:00 2008 crrodriguezAATTsuse.de
- Try patch recently published by Redhat that allows PHP to
use the system timezone database instead of the bundled one.

Mon Jan 7 13:00:00 2008 crrodriguezAATTsuse.de
- Do not hard require php5-timezonedb, instead provide a capability
php(tzdatabase) = builtin_tz_ver so it gets installed via rpm
Supplements only when needed.

Thu Dec 27 13:00:00 2007 crrodriguezAATTsuse.de
- PHP is leaking file descriptors badly on relative includes
(php-5.2.5-fdleak.patch)

Thu Dec 13 13:00:00 2007 crrodriguezAATTsuse.de
- suhosin 0.9.22
- Fixed function_exists() now checks the Suhosin permissions
- Fixed crypt() salt no longer uses Blowfish by default
- Fixed .htaccess/perdir support
- Fixed compilation problem on OS/X
- Added protection against some attacks through _SERVER variables
- Added suhosin.server.strip and suhosin.server.encode

Tue Dec 11 13:00:00 2007 crrodriguezAATTsuse.de
- use /dev/urandom for generating session-IDs [#337005]
- L3: PHP: Venezuela Time Zone Update starting date changed to December 9 [#345548]

Mon Nov 12 13:00:00 2007 crrodriguezAATTsuse.de
- update to PHP 5.2.5

* Fixed dl() to only accept filenames. reported by Laurent Gaffie.

* Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887).

* Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences.

* Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie.

* Fixed \"mail.force_extra_parameters\" php.ini directive not to be modifiable in .htaccess due to the security implications reported by SecurityReason.

* Fixed bug #42869 (automatic session id insertion adds sessions id to non-local forms).

* Fixed bug #41561 (Values set with php_admin_
* in httpd.conf can be overwritten with ini_set()).

* Upgraded PCRE to version 7.3 (Nuno)

* Added optional parameter $provide_object to debug_backtrace(). (Sebastian)

* Added alpha support for imagefilter() IMG_FILTER_COLORIZE. (Pierre)

* Added ability to control memory consumption between request using ZEND_MM_COMPACT environment variable. (Dmitry)

* Improved speed of array_intersect_key(), array_intersect_assoc(), array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and array_udiff_assoc(). (Dmitry)

* Fixed move_uploaded_file() to always set file permissions of resulting file according to UMASK. (Andrew Sitnikov)

* Fixed possible crash in ext/soap because of uninitialized value. (Zdash Urf)

* Fixed regression in glob() when enforcing safe_mode/open_basedir checks on paths containing \'
*\'. (Ilia)

* Fixed PDO crash when driver returns empty LOB stream. (Stas)

* Fixed iconv_
*() functions to limit argument sizes as workaround to libc bug (CVE-2007-4783, CVE-2007-4840 by Laurent Gaffie). (Christian Hoffmann, Stas)

* Fixed missing brackets leading to build warning and error in the log. Win32 code. (Andrey)

* Fixed leaks with multiple connects on one mysqli object. (Andrey)

* Fixed imagerectangle regression with 1x1 rectangle (libgd #106). (Pierre)

* Fixed bug #43196 (array_intersect_assoc() crashes with non-array input). (Jani)

* Fixed bug #43139 (PDO ignores ATTR_DEFAULT_FETCH_MODE in some cases with fetchAll()). (Ilia)

* Fixed bug #43137 (rmdir() and rename() do not clear statcache). (Jani)

* Fixed bug #43130 (Bound parameters cannot have - in their name). (Ilia)

* Fixed bug #43099 (XMLWriter::endElement() does not check # of params). (Ilia)

* Fixed bug #43020 (Warning message is missing with shuffle() and more than one argument). (Scott)

* Fixed bug #42976 (Crash when constructor for newInstance() or newInstanceArgs() fails) (Ilia)

* Fixed bug #42917 (PDO::FETCH_KEY_PAIR doesn\'t work with setFetchMode). (Ilia)

* Fixed bug #42890 (Constant \"LIST\" defined by mysqlclient and c-client). (Andrey)

* Fixed bug #42818 ($foo = clone(array()); leaks memory). (Dmitry)

* Fixed bug #42817 (clone() on a non-object does not result in a fatal error). (Ilia)

* Fixed bug #42785 (json_encode() formats doubles according to locale rather then following standard syntax). (Ilia)

* Fixed bug #42783 (pg_insert() does not accept an empty list for insertion). (Ilia)

* Fixed bug #42773 (WSDL error causes HTTP 500 Response). (Dmitry)

* Fixed bug #42772 (Storing $this in a static var fails while handling a cast to string). (Dmitry)

* Fixed bug #42767 (highlight_string() truncates trailing comment). (Ilia)

* Fixed bug #42739 (mkdir() doesn\'t like a trailing slash when safe_mode is enabled). (Ilia)

* Fixed bug #42703 (Exception raised in an iterator::current() causes segfault in FilterIterator) (Marcus)

* Fixed bug #42699 (PHP_SELF duplicates path). (Dmitry)

* Fixed bug #42654 (RecursiveIteratorIterator modifies only part of leaves) (Marcus)

* Fixed bug #42643 (CLI segfaults if using ATTR_PERSISTENT). (Ilia)

* Fixed bug #42637 (SoapFault : Only http and https are allowed). (Bill Moran)

* Fixed bug #42627 (bz2 extension fails to build with -fno-common). (dolecek at netbsd dot org)

* Fixed bug #42596 (session.save_path MODE option does not work). (Ilia)

* Fixed bug #42590 (Make the engine recognize \\v and \\f escape sequences). (Ilia)

* Fixed bug #42587 (behavior change regarding symlinked .php files). (Dmitry)

* Fixed bug #42579 (apache_reset_timeout() does not exist). (Jani)

* Fixed bug #42549 (ext/mysql failed to compile with libmysql 3.23). (Scott)

* Fixed bug #42523 (PHP_SELF duplicates path). (Dmitry)

* Fixed bug #42512 (ip2long(\'255.255.255.255\') should return 4294967295 on 64-bit PHP). (Derick)

* Fixed bug #42506 (php_pgsql_convert() timezone parse bug) (nonunnet at gmail dot com, Ilia)

* Fixed bug #42462 (Segmentation when trying to set an attribute in a DOMElement). (Rob)

* Fixed bug #42453 (CGI SAPI does not shut down cleanly with -i/-m/-v cmdline options). (Dmitry)

* Fixed bug #42452 (PDO classes do not expose Reflection API information). (Hannes)

* Fixed bug #42468 (Write lock on file_get_contents fails when using a compression stream). (Ilia)

* Fixed bug #42488 (SoapServer reports an encoding error and the error itself breaks). (Dmitry)

* Fixed bug #42378 (mysqli_stmt_bind_result memory exhaustion). (Andrey)

* Fixed bug #42359 (xsd:list type not parsed). (Dmitry)

* Fixed bug #42326 (SoapServer crash). (Dmitry)

* Fixed bug #42214 (SoapServer sends clients internal PHP errors). (Dmitry)

* Fixed bug #42189 (xmlrpc_set_type() crashes php on invalid datetime values). (Ilia)

* Fixed bug #42139 (XMLReader option constants are broken using XML()). (Rob)

* Fixed bug #42086 (SoapServer return Procedure \'\' not present for WSIBasic compliant wsdl). (Dmitry)

* Fixed bug #41822 (Relative includes broken when getcwd() fails). (Ab5602, Jani)

* Fixed bug #39651 (proc_open() append mode doesn\'t work on windows). (Nuno)

Thu Aug 30 14:00:00 2007 crrodriguezAATTsuse.de
- update to PHP 5.2.4, no relevant changes since RC3.

Fri Aug 24 14:00:00 2007 crrodriguezAATTsuse.de
- PHP 5.2.4RC3
- Fixed version_compare() to support \"rc\" as well as \"RC\" for release
candidate version numbers.
- Fixed bug #42368 (Incorrect error message displayed by pg_escape_string).
(Ilia)
- Fixed phpbug #42365 and Novell bugzilla #292998 (glob() crashes and/or accepts way too many flags). (Jani)
- Fixed bug #42183 (classmap causes crash in non-wsdl mode). (Dmitry)
- Fixed bug #42009 (is_a() and is_subclass_of() should NOT call autoload,
in the same way as \"instanceof\" operator). (Dmitry)
- Fixed bug #41904 (proc_open(): empty env array should cause empty
environment to be passed to process). (Jani)
- Fixed bug #37273 (Symlinks and mod_files session handler allow open_basedir
bypass). (Ilia)
- remove wrong hardcoded requirement on libedit
- devel package at least does not need libtool the php build enviroment uses a private copy.
- drop no longer needed patches already in upstream

Fri Aug 17 14:00:00 2007 anosekAATTsuse.cz
- updated to version 5.2.4RC2
- Fixed oci8 and PDO_OCI extensions to allow configuring with Oracle 11g client
libraries. (Chris Jones)
- Fixed bug #42292 ($PHP_CONFIG not set for phpized builds). (Jani)
- Fixed bug #42261 (header wrong for date field). (roberto at spadim dot com
dot br, Ilia)
- Fixed bug #42259 (SimpleXMLIterator loses ancestry). (Rob)
- Fixed bug #42247 (ldap_parse_result() not defined under win32). (Jani)
- Fixed bug #42243 (copy() does not output an error when the first arg is a
dir). (Ilia)
- Fixed bug #42242 (sybase_connect() crashes). (Ilia)
- Fixed bug #42237 (stream_copy_to_stream returns invalid values for mmaped
streams). (andrew dot minerd at sellingsource dot com, Ilia)
- Fixed bug #42222 (possible buffer overflow in php_openssl_make_REQ). (Pierre)
- Fixed bug #42211 (property_exists() fails to find protected properties from
a parent class). (Dmitry)
- Fixed bug #42208 (substr_replace() crashes when the same array is passed
more than once). (crrodriguez at suse dot de, Ilia)
- Fixed bug #42198 (SCRIPT_NAME and PHP_SELF truncated when inside a userdir
and using PATH_INFO). (Dmitry)
- Fixed bug #42195 (C++ compiler required always). (Jani)
- Fixed bug #42117 (bzip2.compress loses data in internal buffer). (Philip,
Ilia)
- Fixed bug #42082 (NodeList length zero should be empty). (Hannes)
- Fixed bug #36492 (Userfilters can leak buckets). (Sara)
- Fixed bug #31892 (PHP_SELF incorrect without cgi.fix_pathinfo, but turning
on screws up PATH_INFO). (Dmitry)

Mon Aug 6 14:00:00 2007 anosekAATTsuse.cz
- updated to version 5.2.4RC1
- dropped obsoleted PHP_5_2-CVS-2007-07-30.patch.bz2

Mon Jul 30 14:00:00 2007 mmarekAATTsuse.cz
- updated to latest state of PHP_5_2 branch; highlights from the
NEWS file:
- Upgraded PCRE to version 7.2 (Nuno)
- Updated timezone database to version 2007.6. (Derick)
- Improved openssl_x509_parse() to return extensions in readable
form. (Dmitry)
- Changed \"display_errors\" php.ini option to accept \"stderr\" as
value which makes the error messages to be outputted to STDERR
instead of STDOUT with CGI and CLI SAPIs (FR #22839). (Jani)
- Changed error handler to send HTTP 500 instead of blank page on
PHP errors. (Dmitry, Andrei Nigmatulin)
- Added check for unknown options passed to configure. (Jani)
- Added persistent connection status checker to pdo_pgsql.
(Elvis Pranskevichus, Ilia)
- Added support for ATTR_TIMEOUT inside pdo_pgsql driver. (Ilia)
- Added php_ini_loaded_file() function which returns the path to
the actual php.ini in use. (Jani)
- Added GD version constants GD_MAJOR_VERSION, GD_MINOR_VERSION
GD_RELEASE_VERSION, GD_EXTRA_VERSION and GD_VERSION_STRING.
(Pierre)
- Added missing open_basedir checks to CGI. (anight at
eyelinkmedia dot com, Tony)
- Added missing format validator to unpack() function. (Ilia)
- Added missing error check inside bcpowmod(). (Ilia)
- Added CURLOPT_PRIVATE & CURLINFO_PRIVATE constants. (Andrey A.
Belashkov, Tony)
- Added missing MSG_EOR and MSG_EOF constants to sockets
extension. (Jani)
- Added PCRE_VERSION constant. (Tony)
- Added ReflectionExtension::info() function to print the
phpinfo() block for an extension. (Johannes)
- Implemented FR #41884 (ReflectionClass::getDefaultProperties()
does not handle static attributes). (Tony)
- plus lots of bugfixes
- fixed the pear phar archive to run with 5.2.4
[http://bugs.php.net/bug.php?id=42146]

Wed Jul 25 14:00:00 2007 mmarekAATTsuse.cz
- added /var/lib/pear to php5-pear.rpm

Tue Jul 24 14:00:00 2007 judas_iscarioteAATTshorewall.net
- fix nasty deadlock in pear
- update php5-ze2-fixes.patch and actually apply it.

Tue Jul 17 14:00:00 2007 anosekAATTsuse.cz
- fixed YOU honors Recommends, breaks php update [#291551]
(moved php-suhosin from Recommends to Suggests)

Mon Jun 25 14:00:00 2007 mmarekAATTsuse.cz
- provide /srv/www/cgi-bin/php5 compat symlink instead of patching
config files

Sat Jun 23 14:00:00 2007 judas_iscarioteAATTshorewall.net
- fixed a mess with update-alternatives PreReq uncovered by newer build versions.
actually every subpackage that uses update-alternatives should PreReq it.
- fix some ZE2 bugs.

Tue Jun 12 14:00:00 2007 mmarekAATTsuse.cz
- drop php5.xpm and the Icon: line from the specfile (the icon is
not used at all and it breaks rpm -q --specfile php5.spec)

Fri Jun 1 14:00:00 2007 judas_iscarioteAATTshorewall.net
- PHP version 5.2.3 see http://www.php.net/releases/5_2_3.php
- important: PHP-cgi now lives in /usr, package attempts to fix both
lighttpd and apache2 fastcgi config files.

Wed May 30 14:00:00 2007 judas_iscarioteAATTshorewall.net
- use system re2c in factory.
- enable support for qbdm in the dba extension (build service only)
- enable the ming extension (build service only)

Mon May 21 14:00:00 2007 mmarekAATTsuse.cz
- fixed the dba extension adding -ldb-4.x to global LDFLAGS,
causing unnecessary dependency in /usr/bin/php5
[http://bugs.php.net/bug.php?id=41455]

Sat May 19 14:00:00 2007 judas_iscarioteAATTshorewall.net
- updated suhosin to version 0.9.20, security fix + bugfixes
see http://www.hardened-php.net/suhosin/changelog.html for more detail.

Mon May 14 14:00:00 2007 judas_iscarioteAATTshorewall.net
- fix devel package, in the reality PHP does not currenly require expat.
headers provides a expat compatibility layer but it is no longer in use
by our packages as libxml2 is always prefered, (and HAVE_LIBEXPAT is not defined)

Fri May 11 14:00:00 2007 judas_iscarioteAATTshorewall.net
- update php5-test-fixes fixing another bug in zend_compile.c
- use rpm macros in the spec file
- when removing apache2-mod_php5, unload it from apache first.
- when updating apache2-mod_php5 restart apache with restart on update macro.

Sun May 6 14:00:00 2007 judas_iscarioteAATTshorewall.net
- HTTP_RAW_POST_DATA superglobal broken (php5-phpbug-41293.patch)
- better fix for MOPB 41.

Sat May 5 14:00:00 2007 judas_iscarioteAATTshorewall.net
- remove --enable-memory-limit configure flag, it disappeared in 5.2.1,
nowdays memory_limit is always enabled.

Fri May 4 14:00:00 2007 prusnakAATTsuse.cz
- changed expat to libexpat-devel in Requires of devel subpackage

Fri May 4 14:00:00 2007 judas_iscarioteAATTshorewall.net
- add php5-test-fixes.patch fixing a test case that wont pass on i586
as well a real fix for Zend/tests/bug41117_1.phpt problem, that was commited
after the release was done. there is another test case that fails in 10.2
ext/pcre/tests/bug40195.phpt but this is not a PHP problem but a bug in PCRE.
- added missing fix for PMOPB-45-2007 PHP ext/filter Email Validation Vulnerability (minor)

Fri May 4 14:00:00 2007 judas_iscarioteAATTshorewall.net
- php5-devel package now requires pcre-devel for > 10.1 as 5.2.2 installs
php_pcre.h header that needs it.

Thu May 3 14:00:00 2007 mmarekAATTsuse.cz
- fixed some new compiler warnings

Thu May 3 14:00:00 2007 judas_iscarioteAATTshorewall.net
- upgrade to PHP 5.2.2, fixed hundreds of bugs including MOPB ones
if you need the complete changes see http://www.php.net/ChangeLog-5.php#5.2.2

Thu May 3 14:00:00 2007 judas_iscarioteAATTshorewall.net
- Upgrade suhosin extension to version 0.9.19 see
http://www.hardened-php.net/suhosin/changelog.html for details

Fri Mar 30 14:00:00 2007 mmarekAATTsuse.de
- added bison to BuildRequires, removed update-desktop-files

Thu Mar 22 13:00:00 2007 mmarekAATTsuse.de
- fixed unpack() on big-endian 64bit (revert-phpbug38770.patch)
- blacklist more env variables when safe_mode is on
(php5-config.patch)

Sat Mar 17 13:00:00 2007 judas_iscarioteAATTshorewall.net
- fix Requires of -devel package to include only what is really
needed for operation of the pecl tool as well the neccesary
headers to compile php extensions.
- Fix MOPB 24 \"PHP array_user_key_compare() Double DTOR
Vulnerability\"
- note that fix for MOPB 23 was included in the previous patchset.

Wed Mar 14 13:00:00 2007 judas_iscarioteAATTshorewall.net
- add security fixes for MOPB 20, 21 and 22.
- RPM_BUILD_ROOT is never defined in %post.

Sun Mar 11 13:00:00 2007 judas_iscarioteAATTshorewall.net
- fix/workaround for php5-gd problem with typo3 [#236680]
- add fix for MOPB-14-2007 PHP substr_compare() Information Leak
Vulnerability.
- add secfix for import_request_variables() ancient problem, users
of suhosin extension are not affected.
- Run the test suite here

Tue Mar 6 13:00:00 2007 judas_iscarioteAATTshorewall.net
- Update suhosin extension to version 0.9.18 fixing a session
problem.

Mon Mar 5 13:00:00 2007 judas_iscarioteAATTshorewall.net
- Update suhosin extension to version 0.9.17. see
http://www.hardened-php.net/suhosin/changelog.html for details.

Thu Feb 15 13:00:00 2007 judas_iscarioteAATTshorewall.net
- add t1lib support in php5-gd (10.3 and up only)
- an off-by-one in str_replace may cause a crash.

Thu Feb 8 13:00:00 2007 judas_iscarioteAATTshorewall.net
- PHP 5.2.1. for a full list of changes see
http://www.php.net/ChangeLog-5.php#5.2.1
- add Obsoletes for extensions we dont ship anymore

Fri Feb 2 13:00:00 2007 judas_iscarioteAATTshorewall.net
- fix getenv() modifing $_POST, breaks suhosin badly when
register_
* is On and variables orde is \"GPCS\" (default).
- change/remove obsoleted patches

Tue Jan 30 13:00:00 2007 anosekAATTsuse.cz
- synced with BuildService

* file \"session_mm_apache2handler0.sem\" written at boot
[#229200] (php5-config.patch)

* for certain functionality php5-exif requires php5-mbstring

* php5-ldap requires php5-openssl

* remove LDAP_DEPRECATED from CFLAGS, module already
takes care of this.

* patch potential HTTP_SESSION_VARS et all hijack when
register_globals is On users from suhosin extension are
not affected.(php5-session-rgon-hijack.patch)

* on 10.2 and up php5-devel should require pcre-devel
sqlite-devel sqlite2-devel

* php5-devel is mostly useless without autoconf automake libtool
bison make gcc.

* added patches: phpbug-39350.patch
oldhat-phpinputdata-secfix.patch
ze2-fixes.patch
filter.patch
ext-lib64again.patch

Fri Jan 26 13:00:00 2007 mmarekAATTsuse.cz
- fixed string comparison in xmlrpc module (strcmp.patch)
- allways apply %%patch9

Fri Jan 26 13:00:00 2007 mmarekAATTsuse.cz
- updated the curl module from cvs to fix build with curl-7.16
(curl-cvs-fix.patch, dropped gcc.patch)

Tue Dec 19 13:00:00 2006 anosekAATTsuse.cz
- fixed VUL-0: php session.save_path open_basedir bypass
[#227569] (save_path-secfix.patch)

Wed Dec 6 13:00:00 2006 anosekAATTsuse.cz
- synced with BuildService

* updated Suhosin patch to 0.9.6.2

* updated Suhosin extension to 0.9.16

* fixed php5-devel should provide PECL tool [#204006]

* use bundled sqlite in suse versions =< 10.1
(pdo_sqlite stopped working properly with older sqlite3 libs)

* do not use zend-multibyte anymore, please refer
to phpbug #36711 and associated links, no applications uses
this feature in the real world since it is disabled
in all other distributions/OS.seems to cause more problems
than solutions.

* change php.ini, back to short_open_tag =off (the default)
the package that depended on this setting no longer does.
Also explicitely set the upload_tmp_dir in php.ini to deal
with open_basedir recent changes (please refer
to phpbug #39123) for the details.

* suhosin.ini uses just the default recommended settings

Wed Nov 8 13:00:00 2006 anosekAATTsuse.cz
- created symlinks /usr/bin/php and /usr/bin/pear [#216166]

Tue Nov 7 13:00:00 2006 mmarekAATTsuse.cz
- fixed implicit function decls in suhosin patch (keep the original
patch intact and put fixes into separate patch)

Mon Nov 6 13:00:00 2006 mmarekAATTsuse.cz
- updated to 5.2.0 final
- merged changes from buildservice (by soporteAATTonfocus.cl):
- updated suhosin to 0.9.10
- added suhosin patch
- build with system PCRE if suse_release > 10.1 only [#215610]
- suhosin extension does not require PDO
- suhosin added to the reccommended list
- php5-pspell to require at least aspell-en otherwise is useless
[#217272]

Thu Oct 26 14:00:00 2006 anosekAATTsuse.cz
- php5-sqlite now uses our sqlite and sqlite2 packages to build
and not bundled ones [#201440]
- updated suhosin to 0.9.9

Fri Oct 20 14:00:00 2006 nadvornikAATTsuse.cz
- update to 5.2.0RC6

Thu Oct 19 14:00:00 2006 postadalAATTsuse.cz
- reset right path in extension_dir (php5-php-config.patch)

Mon Oct 9 14:00:00 2006 postadalAATTsuse.cz
- update to version 5.2.0RC5
- added suhosin extension (the hardened php replacement) [#210886]

Sun Oct 8 14:00:00 2006 postadalAATTsuse.cz
- update to version 5.2.0RC4

* added DSA key generation support to openssl_pkey_new()

* updated PCRE to version 6.7

* increased default memory limit to 16 megabytes to accommodate for a more
accurate memory utilization measurement

* added support for httpOnly flag for session extension and cookie setting
functions

* added version specific registry keys to allow different configurations for
different php version

* added \"PHPINIDir\" Apache directive to apache and apache_hooks SAPIs

* added an optional boolean parameter to memory_get_usage() and
memory_get_peak_usage() to get memory size allocated by emalloc() or real
size of memory allocated from system

* moved extensions to PECL (filepro and hwapi)

* improved SNMP, OpenSSL extension

* improved the Zend memory manager, FastCGI SAPI, CURL, PCRE, PDO, SPL,
xmlReader
- merged changes from openSUSE build service

* build without --enable-sigchild [#206533, php#28294, php#38342]

* build CLI with libedit support (really-with-libedit.patch)

* tweaked the default config a bit, to make it more secure

* removed ini entries related to extensions we don\'t ship

* t1lib is not currently needed for build, we need t1lib5 to do
something useful

* removeed --enable-ucd-snmp-hack (needed for ucd-snmp, but we use net-snmp)

* pdo_odbc provided by php-odbc

* php-suse-addons :
o PHP5 is unlikely to parse php3 code, remove the file association
o corrected apache directive is AddHandler not AddType

* dropped extensions:
o mysql, mysqli and pdo_mysql provided by php-mysql (reduce package count)
o php-pdo_sqlite provided by php-sqlite
o php-pdo_pgsql provided by php-pgsql
o filepro dropped by upstream

* new extension:
o filter (kept static and cannot be unloaded, due security reasons)
o json (added as Recommended)
o zip (it uses a bundled library)
- fixed gcc issues (gcc.patch)
- droped obsoleted patches: include_path.patch, bug-37720.patch,
bug-37306.patch, cgi_bugs.patch, bug-37587.patch, gd-fixes.patch,
bug-37416.patch, main_bugs.patch, soap.patch, standard.patch,
mbstring_bugs.patch, ze2_bugs.patch, xsl_bugs.patch, curl.patch

Wed Aug 16 14:00:00 2006 postadalAATTsuse.cz
- fixed build with X11R7

Wed Jul 26 14:00:00 2006 postadalAATTsuse.cz
- updated to version 5.1.4

* FastCGI interface was completely reimplemented

* multitude of improvements to the SPL, SimpleXML, GD, CURL and
Reflection extensions

* support for many additional date formats added to the strtotime()

* a performance improvements added to the engine and core extensions

* added imap_savebody() that allows message body to be written to a file

* added lchown() and lchgrp() to change user/group ownership of symlinks

* upgraded bundled PCRE library to version 6.6
- merged changes from openSUSE build service

* removed unneeded sablot-devel,sqlite-devel,pcre-devel,fam-devel
and libmcal from BuildRequires

* added php-ctype,php-dom,php-iconv,php-pdo,php-pdo_sqlite,php-sqlite,
php-tokenizer,php-xmlreader,php-xmlwriter to Recommends

* added php-mbstring php-gd php-pear php-gettext php-mysqli to Suggests

* added support for optional readline(libedit) for CLI
(disabled by default)

* patches for zendengine (ze2_bugs.patch), xsl (xsl_bugs.patch),
curl (curl.patch) and mbstring bugs (mbstring_bugs.patch),
big soap patch (soap.patch)

* removed obsoleted patches

* fixed Safe Mode Bypass [#188243] (standard.patch)

* upstream patches
[php#37306, php#37416, php#37587, php#37720]
[php#37576, php#37496, php#37341, php#37313, php#37256] (cgi_bugs.patch)
[php#37346, php#37360] (gd-fixes.patch)

* fixed build inconsistences, added php-hash module [#173023]

* added pdo_odbc.so to php-odbc module [#190614]

* build without explicit safe_mode and magic_quotes (unneeded)

* removed useless GD --with-ttf configure option, only suitable
for freetype 1