SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for php5-debugsource-5.3.5-355.1.x86_64.rpm :
Wed Jul 17 14:00:00 2013 johann.luceAATTwanadoo.fr
- - fixing the following security issues:

* CVE-2013-4635.patch (bnc#828020):
- Integer overflow in the SdnToJewish

* CVE-2013-1635.patch and CVE-2013-1643.patch (bnc#807707):
- reading system files via untrusted SOAP input
- soap.wsdl_cache_dir function did not honour PHP open_basedir

* CVE-2013-4113.patch (bnc#829207):
- heap corruption due to badly formed xml

Mon Sep 3 14:00:00 2012 pgajdosAATTsuse.com
- fixed CVE-2011-1398 and CVE-2011-4388 [bnc#778003]

Tue Aug 28 14:00:00 2012 pgajdosAATTsuse.com
- use FilesMatch with \'SetHandler\' rather than \'AddHandler\'
[bnc#775852]

Thu Jul 26 14:00:00 2012 pgajdosAATTsuse.com
- security update:

* CVE-2012-2688 [bnc#772580]

* CVE-2012-3365 [bnc#772582]

* oob-read-sql-dos [bnc#769785]

Thu Jun 14 14:00:00 2012 pgajdosAATTsuse.com
- security update:

* CVE-2012-2143 [bnc#766798]

Mon May 28 14:00:00 2012 pgajdosAATTsuse.com
- security update:

* CVE-2012-2386 [bnc#763814]

Mon May 14 14:00:00 2012 pgajdosAATTsuse.com
- security update:

* improved fix for CVE-2012-1823 (CVE-2012-2335, CVE-2012-2336)
[bnc#761631]

Wed May 9 14:00:00 2012 chrisAATTcomputersalat.de
- fix for bnc#755907 (php#55019)

* https://bugzilla.novell.com/show_bug.cgi?id=755907

* fixes for
*Unicode Issues Bug #55019
https://bugs.php.net/bug.php?id=55019

* add php-5.3-php55019.patch

Fri May 4 14:00:00 2012 pgajdosAATTsuse.com
- security update:

* CVE-2012-1823, CVE-2012-2311 [bnc#760536]

Thu Apr 5 14:00:00 2012 pgajdosAATTsuse.com
- security update:

* CVE-2012-1172 [bnc#752030]

Thu Mar 8 13:00:00 2012 pgajdosAATTsuse.com
- fixed regressions after fix for CVE-2012-0830 [bnc#749111]

Tue Feb 7 13:00:00 2012 pgajdosAATTsuse.com
- security update:

* CVE-2012-0807 [bnc#743308]

* CVE-2012-0057 [bnc#741520]

* CVE-2011-4153 [bnc#741859]

* CVE-2012-0831 [bnc#746661]

Fri Feb 3 13:00:00 2012 pgajdosAATTsuse.com
- security update CVE-2012-0830 and other memory leaks
(fixes the fix of CVE-2011-4885) [bnc#744966]

Wed Jan 25 13:00:00 2012 pgajdosAATTsuse.com
- security update:

* CVE-2012-0781 [bnc#742273]

* CVE-2012-0788 [bnc#742806]

* memory corruption in parse_ini_string() [bnc#742806]

* CVE-2012-0789 [bnc#742806]

Mon Jan 2 13:00:00 2012 pgajdosAATTsuse.com
- security update:

* CVE-2011-4885 [bnc#738221] -- added max_input_vars directive
to prevent attacks based on hash collisions

Tue Dec 20 13:00:00 2011 pgajdosAATTsuse.com
- amend README.SUSE to discourage using apache module with
apache2-worker [bnc#728671]

Fri Dec 9 13:00:00 2011 pgajdosAATTsuse.com
- security update:

* CVE-2011-4566 [bnc#733590]

* CVE-2011-3182 [bnc#713652]

* CVE-2011-1466 [bnc#736169]

* CVE-2011-1072 [bnc#735613]

Mon Sep 5 14:00:00 2011 pgajdosAATTsuse.com
- security update:

* CVE-2011-3267 [bnc#715640]

* CVE-2011-3268 [bnc#715646]
- allow uploading files bigger than 2GB for 64bit systems
[bnc#709549]

* 64-bit-post-large-files.patch

Thu Jun 30 14:00:00 2011 pgajdosAATTnovell.com
- security update:

* CVE-2011-2483 [bnc#701491]

* CVE-2011-2202 [bnc#699711]

Fri Apr 1 14:00:00 2011 pgajdosAATTsuse.cz
- security updates:

* CVE-2011-1470, CVE-2011-1471 [bnc#681214]

* CVE-2011-1092 [bnc#677782]

* CVE-2011-1464 [bnc#681194]

* CVE-2011-1468 [bnc#681197]

* CVE-2011-1467 [bnc#681195]

* CVE-2011-0421 [bnc#681291]

* CVE-2011-1469 [bnc#681210]

* CVE-2011-1148 [bnc#679278]

* CVE-2011-1938 [bnc#695689]

Fri Feb 25 13:00:00 2011 chrisAATTcomputersalat.de
- fix for macros.php
o devel pkg must have Obsoletes/Provides: php-macros

Tue Feb 22 13:00:00 2011 pgajdosAATTsuse.cz
- security fixes

* CVE-2011-0420 [bnc#672933]

* CVE-2011-0708 [bnc#671710]

Thu Feb 10 13:00:00 2011 chrisAATTcomputersalat.de
- extend macros.php
o __php, __phpize, __php_config, php_version
o __pear, php_peardir, php_pearxmldir
o php_pear_gen_filelist
- add README.macros

Thu Jan 13 13:00:00 2011 pgajdosAATTsuse.cz
- security fix:

* fopen_https_proxy_auth_fix.patch [bnc#656523]

Mon Jan 10 13:00:00 2011 cristian.rodriguezAATTopensuse.org
- export PHP_MYSQLND_ENABLED=yes to solve the mysqlnd problem
when extensions are built shared. [bnc#661464]

Mon Jan 10 13:00:00 2011 cristian.rodriguezAATTopensuse.org
- Go back to libmysql as there is currently no way
to build shared mysql extensions with mysqlnd. [bnc#661464]

Sun Jan 9 13:00:00 2011 cristian.rodriguezAATTopensuse.org
- Use mysqlnd driver, this is a newer PHP-native mysql
extension, that does not require external libraries.
Now you can use mysql, mariadb or drizzle without extra libs.
fixes bnc #661464 and other old feature requests.

Thu Jan 6 13:00:00 2011 cristian.rodriguezAATTopensuse.org
- Update to version 5.3.5, Critical Update

* Fixed bug #53632 (PHP hangs on numeric value 2.2250738585072011e-308). (CVE-2010-4645)
Only 32 bit binaries affected, confirmed in factory i586.

Fri Dec 17 13:00:00 2010 cristian.rodriguezAATTopensuse.org
- revert unsuitable patch php-5.3.4-dlopen.patch

Tue Dec 14 13:00:00 2010 cristian.rodriguezAATTopensuse.org
- Add php-5.3.4-dlopen.patch from fedora,makes dlopen to use
bind_now instead of lazy.
- Compiler is now in C99 mode for both core and extensions.

Tue Dec 14 13:00:00 2010 cristian.rodriguezAATTopensuse.org
- fix format string bug in Phar extension I just found
http://bugs.php.net/bug.php?id=53541 and the underlying
issue, which is the lack of format attributes in several
core prototypes.

Mon Dec 13 13:00:00 2010 cristian.rodriguezAATTopensuse.org
- Update to PHP 5.3.4 final

* Fixed crash in zip extract method (possible CWE-170).

* Paths with NULL in them (foo\\0bar.txt) are now considered as invalid (CVE-2006-7243).

* Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150).

* Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709).

* Fixed possible flaw in open_basedir (CVE-2010-3436).

* Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950).

* Fixed symbolic resolution support when the target is a DFS share.

* Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) (CVE-2010-3710).

* Key Bug Fixes in PHP 5.3.4 include:

* Added stat support for zip stream.

* Added follow_location (enabled by default) option for the http stream support.

* Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al.

* Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend multibyte at runtime.

* Multiple improvements to the FPM SAPI.

* Over 100 other bug fixes.
- SUSE specific;

* enable PTY support in proc_open (temporary)

Wed Nov 24 13:00:00 2010 roAATTsuse.de
- xft-config is gone

Tue Nov 2 13:00:00 2010 cristian.rodriguezAATTopensuse.org
- Update to 5.3.3_svn201011020214

* Fix Performance issue, array_diff may take hours instead
of seconds in some scenarios,regression appeared in version
5.2.5

Wed Oct 27 14:00:00 2010 cristian.rodriguezAATTopensuse.org
- Update to 5.3.3_svn20101027xx
- Fix init script again.

Thu Oct 14 14:00:00 2010 crrodriguezAATTopensuse.org
- update to 5.3.3_svn201010140300
- Fix php-fpm init script.

Sat Oct 9 14:00:00 2010 cristian.rodriguezAATTopensuse.org
- Update to an slightly newer PHP 5.3.3.x snap, fixes
around 100 bugs including open_basedir problems.
- add the fpm sapi to the package.

Tue Aug 3 14:00:00 2010 cristian.rodriguezAATTopensuse.org
- Clarify changelog this update fixed:

* VUL-0: php5 new unserialize() flaw CVE-2010-2225 [bnc#616232]

* VUL-0: php5: MOPS-2010-021: fnmatch() Stack Exhaustion Vulnerability [bnc#605097]

* VUL-0: php5: MOPS-2010-017: preg_quote() Interruption Information Leak [bnc#605100]

* VUL-0: php5: MOPS-2010-022 use after free [bnc#609763]

* VUL-0: php5-phar: MOPS-2010-0{24,25,26,27,28} format string bugs [bnc#609766]

* VUL-0: php5: MOPS-2010-0{32,33,34} use space interruption in iconv functions [bnc#609768]

* VUL-0: php5: MOPS-2010-0{36,37,38,39,40} userspace interruptions [bnc#609769]

* VUL-0: php5: MOPS-2010-0{36..46} userspace interruptions [bnc#609769]

* VUL-0: php5: MOPS-2010-047/048 information leak [bnc#612555]

* VUL-0: php5: MOPS-2010-049/50/51/52/53/54/55 memory corruption and/or info leak [bnc#612556]

* VUL-0: PHP5: Session Data Injection Vulnerability [bnc#619483]

* VUL-0: PHP5: multiple heap based buffer overflows [bnc#619486]

* bugzilla numbers 619487,619489,619469,609766..

Tue Jul 20 14:00:00 2010 cristian.rodriguezAATTopensuse.org
- Update to PHP 5.3.3 RC3
- Massive lot of security fixes see list
here http://www.php-security.org/category/vulnerabilities/index.html

Tue Jun 1 14:00:00 2010 cristian.rodriguezAATTopensuse.org
- possible fix for [bnc#610633]

Fri Apr 16 14:00:00 2010 crrodriguezAATTopensuse.org
- use FD_CLOEXEC flag to avoid annoying races.

Sun Apr 4 14:00:00 2010 crrodriguezAATTopensuse.org
- remove obsolete buildRequires

Fri Apr 2 14:00:00 2010 crrodriguezAATTopensuse.org
- remove build date from binaries so they dont get
republished every time
- fix invalid path

Thu Apr 1 14:00:00 2010 crrodriguezAATTopensuse.org
- add missing patch, refresh patches with -p0

Thu Apr 1 14:00:00 2010 crrodriguezAATTopensuse.org
- Update to PHP 5.3.2, see NEWS for details

Fri Mar 5 13:00:00 2010 dimstarAATTopensuse.org
- Add php5-autoconf-2.65.patch to fix build with autoconf 2.65; it\'s
a backported combination of svn commits 291283, 291284 and
291332.
- Workaround old php bug http://bugs.php.net/bug.php?id=21153 by
replacing -ledit with -ledit -lncurses in the resulting configure
scripts. This became apparent problem due to libedit being built
with as-needed now.
- Add php5-bug51224.patch to fix buffer overflows happening in
strcpy. It;s a combination of upstream svn revs 284097 and 284099

Sun Jan 17 13:00:00 2010 vuntzAATTopensuse.org
- Remove unneeded gtk-devel BuildRequires.

Mon Jan 11 13:00:00 2010 ajAATTsuse.de
- Remove obsolete build requires of orbit-devel.

Tue Dec 22 13:00:00 2009 jengelhAATTmedozas.de
- avoid alignment crash on alignment-sensitive CPUs
(bugs.php.net#46074)

Wed Dec 2 13:00:00 2009 cooloAATTnovell.com
- update patch to fix build

Tue Oct 6 14:00:00 2009 crrodriguezAATTopensuse.org
- Fixed wrong harcoded mysql socket [bnc#544516]
- Fixed wrong default include_path

Tue Sep 8 14:00:00 2009 crrodriguezAATTsuse.de
- make php5-pear noarch in Factory

Wed Aug 26 14:00:00 2009 crrodriguezAATTsuse.de
- remove obsolete patches
- apply ini patch
- enable mhash compatibility in the hash extension and obsolete php5-mhash
- add macros.php to the source list

Mon Aug 24 14:00:00 2009 crrodriguezAATTsuse.de
- PHP read_exif_data() only returns the first letter of UTF-16 strings [bnc#518300]

Sun Aug 23 14:00:00 2009 crrodriguezAATTsuse.de
- fix missing return values of suhosin extension

Wed Aug 19 14:00:00 2009 crrodriguezAATTnovell.com
- fix build on CODE10 products

Wed Aug 19 14:00:00 2009 crrodriguezAATTnovell.com
- fix horrible broken open_basedir functionality

Sun Aug 16 14:00:00 2009 crrodriguezAATTsuse.de
- update suhosin extension to version 0.9.29
- mysql extensions now use mysqlnd instead of libmysqlclient.
- enable sqlite3 extension, part of the php5-sqlite package
- enable enchant extension
- enable fileinfo extension
- enable intl extension

Fri Aug 14 14:00:00 2009 crrodriguezAATTsuse.de
- add suhosin patch and newer suhosin extension for compatibility
reasons

Thu Aug 13 14:00:00 2009 crrodriguezAATTsuse.de
- Upgrade to PHP 5.3, see http://www.php.net/ChangeLog-5.php
for the huge list of changes
- remove dbase and ncurses extension

Thu Jul 16 14:00:00 2009 cooloAATTnovell.com
- disable as-needed to fix build

Fri Jun 19 14:00:00 2009 crrodriguezAATTsuse.de
- update to PHP 5.2.10

* Fixed bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files)

* Added \"ignore_errors\" option to http fopen wrapper. (David Zulke, Sara)

* Fixed memory corruptions while reading properties of zip files. (Ilia)

* Fixed memory leak in ob_get_clean/ob_get_flush. (Christian)

* Fixed segfault on invalid session.save_path. (Hannes)

* Fixed leaks in imap when a mail_criteria is used. (Pierre)

* Changed default value of array_unique()\'s optional sorting type parameter back to SORT_STRING to fix backwards compatibility breakage introduced in PHP 5.2.9. (Moriyoshi)

* Fixed bug #47940 (memory leaks in imap_body). (Pierre, Jake Levitt)

* Fixed bug #47903 (\"AATT\" operator does not work with string offsets). (Felipe)

* Fixed bug #47644 (Valid integers are truncated with json_decode()). (Scott)

* Fixed bug #47564 (unpacking unsigned long 32bit big endian returns wrong result). (Ilia)

* Fixed bug #47365 (ip2long() may allow some invalid values on certain 64bit systems).

* Over 100 bug fixes.

Thu May 21 14:00:00 2009 crrodriguezAATTsuse.de
- add temporary backport of openssl prng function

Sat Mar 14 13:00:00 2009 crrodriguezAATTsuse.de
- Update to version 5.2.9, security and bugfix release

* VUL-0: php5: memory disclosure by imagerotate() [bnc#480850]

* VUL-0: php5: mbstring.func_overload set in .htaccess becomes global [bnc#471419]

* Fixed a segfault when malformed string is passed to json_decode()

* Fixed explode() behavior with empty string to respect negative limit.


  
ICM