SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for php5-sysvsem-5.3.29-2.65.i586.rpm :
Mon Feb 23 13:00:00 2015 jweberhoferAATTweberhofer.at

* Included several patches. Webtatic, thank you for porting back.
- php-5.3.3-CVE-2014-2497.patch CVE-2014-2497 bug#880905
[#66901] php-gd \'c_color\' NULL pointer dereference
- php-5.3.3-CVE-2014-3587.patch CVE-2014-3587
Bug #67716. Prevent wrap around
- php-5.3.29-CVE-2014-3597.patch CVE-2014-3597 bnc#8938498
Bug #67717.
Multiple buffer overflows in the php_parserr function in
ext/standard/dns.c
- php-5.3.3-CVE-2014-4698.patch CVE-2014-4698 bnc#886059
Bug #67539 ArrayIterator use-after-free due to object
- php-5.3.3-CVE-2014-4670.patch CVE-2014-4670 bnc#885961
Bug #67538 (SPL Iterators use-after-free)
- php-5.3.3-CVE-2014-3668.patch CVE-2014-3668 bnc#902368
Bug #68027 - fix date parsing in XMLRPC lib
- php-5.3.3-CVE-2014-3669.patch CVE-2014-3669 bnc#902360
Bug #68044: Integer overflow in unserialize() (32-bits only)
- php-5.3.3-CVE-2014-3670.patch CVE-2014-3670 bnc#902368
Bug #68113 (Heap corruption in exif_thumbnail())
- php-5.3.3-CVE-2014-3710.patch CVE-2014-3710 bnc#902367
Bug #68283: fileinfo: out-of-bounds read in elf note
- php-5.3.29-CVE-2014-8142.patch CVE-2014-8142 bnc#907519
Bug #68594: Use-after-free vulnerability in the process_nested_data
function
- php-5.3.29-CVE-2015-0231.patch CVE-2015-0231 bnc#911664
Bug #68710 Use after free vulnerability in unserialize()
(bypassing the CVE-2014-8142 fix)
- php-5.3.29-CVE-2015-0232.patch CVE-2015-0232 bnc#914690
Bug #68799 The exif_process_unicode function allows remote attackers to
execute arbitrary code or cause a denial of service

Mon Aug 18 14:00:00 2014 pgajdosAATTsuse.com
- updated to 5.3.29
- removed unneded no-build-date.patch

Thu Jan 2 13:00:00 2014 pgajdosAATTsuse.com
- added freetype2-include-dir.patch to build with new freetype

Wed Dec 18 13:00:00 2013 pgajdosAATTsuse.com
- updated to 5.3.28:

* fixed CVE-2013-4073

* fixed CVE-2013-6420

Mon Jul 15 14:00:00 2013 pgajdosAATTsuse.com
- updated to 5.3.27:
Core:
Fixed bug #64966 (segfault in zend_do_fcall_common_helper_SPEC).
Fixed bug #64960 (Segfault in gc_zval_possible_root).
Fixed bug #64934 (Apache2 TS crash with get_browser()).
Fixed bug #63186 (compile failure on netbsd).
DateTime:
Fixed bug #53437 (Crash when using unserialized DatePeriod
instance).
PDO_firebird:
Fixed bug #64037 (Firebird return wrong value for numeric field).
Fixed bug #62024 (Cannot insert second row with null using
parametrized query).
PDO_pgsql:
Fixed bug #64949 (Buffer overflow in _pdo_pgsql_error).
pgsql:
Fixed bug #64609 (pg_convert enum type support).
SPL:
Fixed bug #64997 (Segfault while using RecursiveIteratorIterator
on 64-bits systems).
XML:
Fixed bug #65236 (heap corruption in xml parser).
- fixes [bnc#829207]
- last regular release of the PHP 5.3 series
- buildrequire cyrus-sasl-devel

Thu Jun 13 14:00:00 2013 pgajdosAATTsuse.com
- updated to 5.3.26:
- Core:
. Fixed bug #64879 (Heap based buffer overflow in quoted_printable_encode,
CVE 2013-2110). (Stas)
- Calendar:
. Fixed bug #64895 (Integer overflow in SndToJewish). (Remi)
- FPM:
. Fixed some possible memory or resource leaks and possible null dereference
detected by code coverity scan. (Remi)
. Log a warning when a syscall fails. (Remi)
- MySQLi:
. Fixed bug #64726 (Segfault when calling fetch_object on a use_result and DB
pointer has closed). (Laruence)
- Phar
. Fixed bug #64214 (PHAR PHPTs intermittently crash when run on DFS, SMB or
with non std tmp dir). (Pierre)
- Streams:
. Fixed bug #64770 (stream_select() fails with pipes returned by proc_open()
on Windows x64). (Anatol)
- Zend Engine:
. Fixed bug #64821 (Custom Exception crash when internal properties
overridden). (Anatol)

Fri May 10 14:00:00 2013 pgajdosAATTsuse.com
- updated to 5.3.25:
Core:
Fixed bug #64578 (debug_backtrace in set_error_handler
corrupts zend heap: segfault).
Fixed bug #64458 (dns_get_record result with string of
length -1).
Fixed bug #47675 (fd leak on Solaris).
Fixed bug #64577 (fd leak on Solaris).
Streams:
Fixed Windows x64 version of stream_socket_pair() and
improved error handling.
Zip:
Fixed bug #64342 (ZipArchive::addFile() has to check for
file existence).

Mon Apr 15 14:00:00 2013 pgajdosAATTsuse.com
- updated to 5.3.24

Sun Apr 7 14:00:00 2013 slavb18AATTgmail.com
-add php5-firebird providing php5-interbase and php5-pdo_firebird

Thu Mar 21 13:00:00 2013 pgajdosAATTsuse.com
- updated to 5.3.23:
SOAP
. Improved check that soap.wsdl_cache_dir conforms to open_basedir (Dmitry)
. Disabled external entities loading. (Dmitry)
SPL:
. Fixed bug #64264 (SPLFixedArray toArray problem). (Laruence)
. Fixed bug #64228 (RecursiveDirectoryIterator always assumes SKIP_DOTS).
(patch by krissAATTkrizalys.com, Laruence)
. Fixed bug #52861 (unset fails with ArrayObject and deep arrays).
(Mike Willbanks)

Mon Feb 25 13:00:00 2013 pgajdosAATTsuse.com
- updated to 5.3.22:
. Fixed bug #64099 (Wrong TSRM usage in zend_Register_class alias). (Johannes)
. Fixed bug #63899 (Use after scope error in zend_compile). (Laruence)
. Fixed bug #63943 (Bad warning text from strpos() on empty needle).
(Laruence)
. Fixed bug #55397 (comparsion of incomplete DateTime causes SIGSEGV).
(Laruence, Derick)
. Fixed bug #63999 (php with fpm fails to build on Solaris 10 or 11). (Adam)
. Added check that soap.wsdl_cache_dir conforms to open_basedir
(CVE-2013-1635). (Dmitry)
. Disabled external entities loading (CVE-2013-1643). (Dmitry)
. Fixed bug #64106 (Segfault on SplFixedArray[][x] = y when extended). (Nikita Popov)

Thu Feb 7 13:00:00 2013 pgajdosAATTsuse.com
- updated to 5.3.21:

* Fixed bug #63762 (Sigsegv when Exception::$trace is changed by user).

* Fixed bug (segfault due to libcurl connection caching).

* Fixed bug #63795 (CURL >= 7.28.0 no longer support value 1 for CURLOPT_SSL_VERIFYHOST).
etc. see NEWS for details

Thu Oct 18 14:00:00 2012 pgajdosAATTsuse.com
- fix CVE-2011-4153 CVE-2011-4153 [bnc#741859]

Tue Oct 16 14:00:00 2012 cooloAATTsuse.com
- add explicit buildrequire on libbz2-devel
(having to patch old .changes file to avoid \"double entry\")

Thu Oct 11 14:00:00 2012 pgajdosAATTsuse.com
- updated to 5.3.17:

* Fixed bug (segfault while build with zts and GOTO vm-kind)

* Fixed bug #62844 (parse_url() does not recognize //

* etc. see NEWS for details

Mon Aug 27 14:00:00 2012 pgajdosAATTsuse.com
- use FilesMatch with \'SetHandler\' rather than \'AddHandler\'
[bnc#775852]

Mon Aug 27 14:00:00 2012 pgajdosAATTsuse.com
- updated to 5.3.16:

* fixes over 20 bugs, see NEWS for more details

Wed Jul 25 14:00:00 2012 pgajdosAATTsuse.com
- updated to 5.3.15:

* fixes over 30 bugs and includes a fix for a security related
overflow issue in the stream implementation (CVE-2012-2688)
[bnc#772582] and open_basedir bypass, CVE-2012-3365 [bnc#772580]

Mon Jun 18 14:00:00 2012 pgajdosAATTsuse.com
- updated to 5.3.14:

* bug-fix release, see NEWS for details

Fri May 25 14:00:00 2012 pgajdosAATTsuse.com
- updated to 5.3.13: various security fixes,
CVE-2012-1823, CVE-2012-2311, CVE-2012-2335, CVE-2012-2336

* removed php-5.3.10-pcre_fullinfo.patch

* refreshed php-5.3.2-aconf26x.patch

Thu Mar 8 13:00:00 2012 cooloAATTsuse.com
- fix license to spdx.org format

Tue Feb 28 13:00:00 2012 pgajdosAATTsuse.com
- fixed build with new pcre (php bug 60986)

Sat Feb 4 13:00:00 2012 crrodriguezAATTopensuse.org
- Build with -fpie

Thu Feb 2 13:00:00 2012 crrodriguezAATTopensuse.org
- PHP 5.3.10, fixes CVE-2012-0830.

Sat Jan 28 13:00:00 2012 crrodriguezAATTopensuse.org
- remove unapplied patches

Wed Jan 18 13:00:00 2012 pgajdosAATTsuse.com
- buildrequire libjpeg-devel

Tue Jan 17 13:00:00 2012 pgajdosAATTsuse.com
- remove apache module conflict with apache2-worker [bnc#728671]
- amended README.SUSE instead

Wed Jan 11 13:00:00 2012 crrodriguezAATTopensuse.org
- Update to version 5.3.9

* Drop already applied patches

* This update only contain minor bug fixes, it is a stop over
php 5.4.0 that should be out very soon.

Mon Jan 2 13:00:00 2012 pgajdosAATTsuse.com
- security update:

* CVE-2011-4885 [bnc#738221] -- added max_input_vars directive
to prevent attacks based on hash collisions

Wed Dec 21 13:00:00 2011 cooloAATTsuse.com
- add autoconf as buildrequire to avoid implicit dependency

Tue Dec 20 13:00:00 2011 pgajdosAATTsuse.com
- apache module conflicts with apache2-worker [bnc#728671]

Fri Dec 16 13:00:00 2011 pgajdosAATTsuse.com
- security update:

* CVE-2011-4566 [bnc#733590]

* CVE-2011-1466 [bnc#736169]

Tue Dec 6 13:00:00 2011 cooloAATTsuse.com
- fix license - there is no 3.1 version of php license

Tue Nov 29 13:00:00 2011 pgajdosAATTsuse.com
- build php against system\'s libcrypt, which drops
extended DES support

* crypt-tests.patch

* no-reentrant-crypt.patch

Mon Nov 7 13:00:00 2011 pgajdosAATTsuse.com
- security update:
CVE-2011-3379 [bnc#728350]

Sun Sep 18 14:00:00 2011 crrodriguezAATTopensuse.org
- Fix wrong PAGE_SIZE assumption, must use sysconf() instead
- Fix integer overflow when attempting to use more than 2 Gb
of memory.

Mon Sep 5 14:00:00 2011 crrodriguezAATTopensuse.org
- call openssl_config too in order to load user-provided
engine configuration.

Sat Sep 3 14:00:00 2011 crrodriguezAATTopensuse.org
- Cleanup patches for upcoming release.

Sun Aug 28 14:00:00 2011 andrea.turriniAATTgmail.com
- Fixed typos in php5.spec

Tue Aug 23 14:00:00 2011 crrodriguezAATTopensuse.org
- Fix very publicized critical bug in crypt() implementation

Fri Aug 12 14:00:00 2011 crrodriguezAATTopensuse.org
- Add mssql support with freetds
- Update PHP snapshot.

Tue Aug 9 14:00:00 2011 crrodriguezAATTopensuse.org
- Update snapshot, more static analyzer fixes.

Sun Aug 7 14:00:00 2011 crrodriguezAATTopensuse.org
- Update snapshot, fix converity warnings

Fri Aug 5 14:00:00 2011 crrodriguezAATTopensuse.org
- Update snapshot, several check if malloc() succeeded.

Wed Aug 3 14:00:00 2011 crrodriguezAATTopensuse.org
- Fix build in Factory
- Fix Segfault with allow_call_time_pass_reference = Off
- Using class constants in array definition fails

Mon Aug 1 14:00:00 2011 crrodriguezAATTopensuse.org
- Add sqlite3 session storage, this is no more than
a forward port of already existent sqlite2 backend

Sun Jul 31 14:00:00 2011 crrodriguezAATTopensuse.org
- Update snap, PHP 5.3.7-RC4

Wed Jul 27 14:00:00 2011 crrodriguezAATTopensuse.org
- Update snapshot again.

Sat Jul 23 14:00:00 2011 crrodriguezAATTopensuse.org
- Update snapshot.

Thu Jul 14 14:00:00 2011 crrodriguezAATTopensuse.org
- is_a() function is throwing an annoying warning
\"Unknown class passed as parameter\" which is noticeable when
you use PEAR, fix it, if your code uses it you should be
using the instanceof operator anyway.
- Update bundled pear.

Mon Jul 11 14:00:00 2011 crrodriguezAATTopensuse.org
- Crash in gc_remove_zval_from_buffer CVE-NO-NAME
- Crash in zend_mm_check_ptr // Heap corruption

Wed Jul 6 14:00:00 2011 crrodriguezAATTopensuse.org
- Fixed missing Expires and Cache-Control headers for ping and status pages
- fix crypt() issue with overlong salt
- Fixed bug #52935 (call exit in user_error_handler cause stream relate core).

Mon Jun 27 14:00:00 2011 crrodriguezAATTopensuse.org
- Fix crash in error_log (strlen with NULL)
- Fixed exit at FPM startup on fpm_resources_prepare
- Added master rlimit_files and rlimit_core
- Removed pid in debug logs written by chrildren processes
- Replaced shm_slots with a real scoreboard

Wed Jun 22 14:00:00 2011 crrodriguezAATTopensuse.org
- Enable mysqlnd compression protocol.

Thu Jun 16 14:00:00 2011 crrodriguezAATTopensuse.org
- Update snapshot to 5.3.7 RC1

Tue Jun 14 14:00:00 2011 crrodriguezAATTopensuse.org
- Allow bison 2.5
-File path injection vulnerability in RFC1867 File upload CVE-2011-2202.

Fri Jun 10 14:00:00 2011 crrodriguezAATTopensuse.org
- Update 5.3 snap
- Fix compiler failure that happended after compile error.
- Stream not closed and error not returned when SSL CN_match fails.

Mon Jun 6 14:00:00 2011 crrodriguezAATTopensuse.org
- Update 5.3 snap
- Update bundled PEAR
- Case discrepancy in timezone names cause Uncaught exception and fatal error.
- SEEK_CUR with 0 value, returns a warning
- Restore fix: do not accept paths with NULL in them

Fri Jun 3 14:00:00 2011 crrodriguezAATTopensuse.org
- Update to version 5.3.6.201106031621
- Crash when calling call_user_func with unknown function name
- Fixed double registering of browscap ini directive

Sun May 29 14:00:00 2011 crrodriguezAATTopensuse.org
- Drop Update alternatives usage, there are no alternatives
PHP4 is gone and PHP6 is not coming at any time soon.
- Remove \"mm\" support from session module, virtually nothing
uses it and it doesnt support proper locking, mount
/var/lib/php5 in tmpfs instead.

Sun May 29 14:00:00 2011 crrodriguezAATTopensuse.org
- Update to 5.3.6.201105291701

* Fixes random crash with apache2 SAPI and php_admin_value
in virtualhost configuration.

Fri May 20 14:00:00 2011 crrodriguezAATTopensuse.org
- Update 5.3 branch
- Fix a few memory leaks
- Check if tempfile can be created in phar extension
- Fix problems with __halt_compiler and imported namespaces
- Properly handle out of memory conditions in mysqlnd

Sat May 14 14:00:00 2011 crrodriguezAATTopensuse.org
- Update 5.3 branch.
- Fix user after free in xmlreader extension.

Mon May 9 14:00:00 2011 crrodriguezAATTopensuse.org
- Update to current 5.3 svn version.
- For practical reasons now the hash extension is built-in,hence
deprecates package php5-hash, it is nowdays required by the session
and phar extensions but must be statically built to work.
- Drop php5-session patch, needed only to workaround compile
failure when hash extension is built as loadable extension.
- php.ini now clearly says that by \"3\" in session.hash_function
we mean SHA256.

Fri Apr 29 14:00:00 2011 crrodriguezAATTopensuse.org
- Update to a recent 5.3.x SVN version, mostly bug fixes

* track_errors causes segfault

* classes from dl()\'ed extensions are not destroyed

* Crash when assigning value to a dimension in a non-array

* use-after-free in substr_replace()

Wed Apr 13 14:00:00 2011 crrodriguezAATTopensuse.org
- fix crash on destruction.
- allow openssl extension to be built w/o SSLv2

Tue Apr 5 14:00:00 2011 langAATTb1-systems.de
- Add a default to date.timezone because php5 warns that this is a required setting and clutters up the output in zypper installations of pear packages and other places
- Versions after 5.3.6 may make this fatal

Sat Apr 2 14:00:00 2011 crrodriguezAATTopensuse.org
- Intl extension failed to load [bnc#659868]
- Fix update-alternatives usage,will be dropped in the future.

Mon Mar 28 14:00:00 2011 sbutler1AATTillinois.edu
- Add tcpd-devel for building the SNMP extension on SLE_10 and apache_server_SLE_10.

Thu Mar 17 13:00:00 2011 crrodriguezAATTopensuse.org
- Update to php 5.3.6 final

* Enforce security in the fastcgi protocol parsing with fpm SAPI.

* Fixed bug #54247 (format-string vulnerability on Phar). (CVE-2011-1153)

* Fixed bug #54193 (Integer overflow in shmop_read()). (CVE-2011-1092)

* Fixed bug #54055 (buffer overrun with high values for precision ini setting).

* Fixed bug #54002 (crash on crafted tag in exif). (CVE-2011-0708)

* Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive). (CVE-2011-0421)

Wed Mar 16 13:00:00 2011 crrodriguezAATTopensuse.org
- Upgrade to PHP 5.3.6.RC3

* Drop obsoleted patches

* fix some rpmlint warnings

* Hundreds of changes, see NEWS for details

Wed Mar 9 13:00:00 2011 crrodriguezAATTopensuse.org
- Fix more date in binaries causing pointless republish of pkgs.

Fri Feb 25 13:00:00 2011 chrisAATTcomputersalat.de
- fix for macros.php
o devel pkg must have Obsoletes/Provides: php-macros

Tue Feb 22 13:00:00 2011 pgajdosAATTsuse.cz
- security fixes

* CVE-2011-0420 [bnc#672933]

* CVE-2011-0708 [bnc#671710]

Thu Feb 10 13:00:00 2011 chrisAATTcomputersalat.de
- extend macros.php
o __php, __phpize, __php_config, php_version
o __pear, php_peardir, php_pearxmldir
o php_pear_gen_filelist
- add README.macros

Thu Jan 13 13:00:00 2011 pgajdosAATTsuse.cz
- security fix:

* fopen_https_proxy_auth_fix.patch [bnc#656523]

Mon Jan 10 13:00:00 2011 cristian.rodriguezAATTopensuse.org
- export PHP_MYSQLND_ENABLED=yes to solve the mysqlnd problem
when extensions are built shared. [bnc#661464]

Mon Jan 10 13:00:00 2011 cristian.rodriguezAATTopensuse.org
- Go back to libmysql as there is currently no way
to build shared mysql extensions with mysqlnd. [bnc#661464]

Sun Jan 9 13:00:00 2011 cristian.rodriguezAATTopensuse.org
- Use mysqlnd driver, this is a newer PHP-native mysql
extension, that does not require external libraries.
Now you can use mysql, mariadb or drizzle without extra libs.
fixes bnc #661464 and other old feature requests.

Thu Jan 6 13:00:00 2011 cristian.rodriguezAATTopensuse.org
- Update to version 5.3.5, Critical Update

* Fixed bug #53632 (PHP hangs on numeric value 2.2250738585072011e-308). (CVE-2010-4645)
Only 32 bit binaries affected, confirmed in factory i586.

Fri Dec 17 13:00:00 2010 cristian.rodriguezAATTopensuse.org
- revert unsuitable patch php-5.3.4-dlopen.patch

Tue Dec 14 13:00:00 2010 cristian.rodriguezAATTopensuse.org
- Add php-5.3.4-dlopen.patch from fedora,makes dlopen to use
bind_now instead of lazy.
- Compiler is now in C99 mode for both core and extensions.

Tue Dec 14 13:00:00 2010 cristian.rodriguezAATTopensuse.org
- fix format string bug in Phar extension I just found
http://bugs.php.net/bug.php?id=53541 and the underlying
issue, which is the lack of format attributes in several
core prototypes.

Mon Dec 13 13:00:00 2010 cristian.rodriguezAATTopensuse.org
- Update to PHP 5.3.4 final

* Fixed crash in zip extract method (possible CWE-170).

* Paths with NULL in them (foo\\0bar.txt) are now considered as invalid (CVE-2006-7243).

* Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150).

* Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709).

* Fixed possible flaw in open_basedir (CVE-2010-3436).

* Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950).

* Fixed symbolic resolution support when the target is a DFS share.

* Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) (CVE-2010-3710).

* Key Bug Fixes in PHP 5.3.4 include:

* Added stat support for zip stream.

* Added follow_location (enabled by default) option for the http stream support.

* Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al.

* Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend multibyte at runtime.

* Multiple improvements to the FPM SAPI.

* Over 100 other bug fixes.
- SUSE specific;

* enable PTY support in proc_open (temporary)

Wed Nov 24 13:00:00 2010 roAATTsuse.de
- xft-config is gone

Tue Nov 2 13:00:00 2010 cristian.rodriguezAATTopensuse.org
- Update to 5.3.3_svn201011020214

* Fix Performance issue, array_diff may take hours instead
of seconds in some scenarios,regression appeared in version
5.2.5

Wed Oct 27 14:00:00 2010 cristian.rodriguezAATTopensuse.org
- Update to 5.3.3_svn20101027xx
- Fix init script again.

Thu Oct 14 14:00:00 2010 crrodriguezAATTopensuse.org
- update to 5.3.3_svn201010140300
- Fix php-fpm init script.

Sat Oct 9 14:00:00 2010 cristian.rodriguezAATTopensuse.org
- Update to an slightly newer PHP 5.3.3.x snap, fixes
around 100 bugs including open_basedir problems.
- add the fpm sapi to the package.

Tue Aug 3 14:00:00 2010 cristian.rodriguezAATTopensuse.org
- Clarify changelog this update fixed:

* VUL-0: php5 new unserialize() flaw CVE-2010-2225 [bnc#616232]

* VUL-0: php5: MOPS-2010-021: fnmatch() Stack Exhaustion Vulnerability [bnc#605097]

* VUL-0: php5: MOPS-2010-017: preg_quote() Interruption Information Leak [bnc#605100]

* VUL-0: php5: MOPS-2010-022 use after free [bnc#609763]

* VUL-0: php5-phar: MOPS-2010-0{24,25,26,27,28} format string bugs [bnc#609766]

* VUL-0: php5: MOPS-2010-0{32,33,34} use space interruption in iconv functions [bnc#609768]

* VUL-0: php5: MOPS-2010-0{36,37,38,39,40} userspace interruptions [bnc#609769]

* VUL-0: php5: MOPS-2010-0{36..46} userspace interruptions [bnc#609769]

* VUL-0: php5: MOPS-2010-047/048 information leak [bnc#612555]

* VUL-0: php5: MOPS-2010-049/50/51/52/53/54/55 memory corruption and/or info leak [bnc#612556]

* VUL-0: PHP5: Session Data Injection Vulnerability [bnc#619483]

* VUL-0: PHP5: multiple heap based buffer overflows [bnc#619486]

* bugzilla numbers 619487,619489,619469,609766..

Tue Jul 20 14:00:00 2010 cristian.rodriguezAATTopensuse.org
- Update to PHP 5.3.3 RC3
- Massive lot of security fixes see list
here http://www.php-security.org/category/vulnerabilities/index.html

Tue Jun 1 14:00:00 2010 cristian.rodriguezAATTopensuse.org
- possible fix for [bnc#610633]

Fri Apr 16 14:00:00 2010 crrodriguezAATTopensuse.org
- use FD_CLOEXEC flag to avoid annoying races.

Sun Apr 4 14:00:00 2010 crrodriguezAATTopensuse.org
- remove obsolete buildRequires

Fri Apr 2 14:00:00 2010 crrodriguezAATTopensuse.org
- remove build date from binaries so they dont get
republished every time
- fix invalid path

Thu Apr 1 14:00:00 2010 crrodriguezAATTopensuse.org
- add missing patch, refresh patches with -p0

Thu Apr 1 14:00:00 2010 crrodriguezAATTopensuse.org
- Update to PHP 5.3.2, see NEWS for details

Fri Mar 5 13:00:00 2010 dimstarAATTopensuse.org
- Add php5-autoconf-2.65.patch to fix build with autoconf 2.65; it\'s
a backported combination of svn commits 291283, 291284 and
291332.
- Workaround old php bug http://bugs.php.net/bug.php?id=21153 by
replacing -ledit with -ledit -lncurses in the resulting configure
scripts. This became apparent problem due to libedit being built
with as-needed now.
- Add php5-bug51224.patch to fix buffer overflows happening in
strcpy. It;s a combination of upstream svn revs 284097 and 284099

Sun Jan 17 13:00:00 2010 vuntzAATTopensuse.org
- Remove unneeded gtk-devel BuildRequires.

Mon Jan 11 13:00:00 2010 ajAATTsuse.de
- Remove obsolete build requires of orbit-devel.

Tue Dec 22 13:00:00 2009 jengelhAATTmedozas.de
- avoid alignment crash on alignment-sensitive CPUs
(bugs.php.net#46074)

Wed Dec 2 13:00:00 2009 cooloAATTnovell.com
- update patch to fix build

Tue Oct 6 14:00:00 2009 crrodriguezAATTopensuse.org
- Fixed wrong harcoded mysql socket [bnc#544516]
- Fixed wrong default include_path

Tue Sep 8 14:00:00 2009 crrodriguezAATTsuse.de
- make php5-pear noarch in Factory

Wed Aug 26 14:00:00 2009 crrodriguezAATTsuse.de
- remove obsolete patches
- apply ini patch
- enable mhash compatibility in the hash extension and obsolete php5-mhash
- add macros.php to the source list

Mon Aug 24 14:00:00 2009 crrodriguezAATTsuse.de
- PHP read_exif_data() only returns the first letter of UTF-16 strings [bnc#518300]

Sun Aug 23 14:00:00 2009 crrodriguezAATTsuse.de
- fix missing return values of suhosin extension

Wed Aug 19 14:00:00 2009 crrodriguezAATTnovell.com
- fix build on CODE10 products

Wed Aug 19 14:00:00 2009 crrodriguezAATTnovell.com
- fix horrible broken open_basedir functionality

Sun Aug 16 14:00:00 2009 crrodriguezAATTsuse.de
- update suhosin extension to version 0.9.29
- mysql extensions now use mysqlnd instead of libmysqlclient.
- enable sqlite3 extension, part of the php5-sqlite package
- enable enchant extension
- enable fileinfo extension
- enable intl extension

Fri Aug 14 14:00:00 2009 crrodriguezAATTsuse.de
- add suhosin patch and newer suhosin extension for compatibility
reasons

Thu Aug 13 14:00:00 2009 crrodriguezAATTsuse.de
- Upgrade to PHP 5.3, see http://www.php.net/ChangeLog-5.php
for the huge list of changes
- remove dbase and ncurses extension

Thu Jul 16 14:00:00 2009 cooloAATTnovell.com
- disable as-needed to fix build

Fri Jun 19 14:00:00 2009 crrodriguezAATTsuse.de
- update to PHP 5.2.10

* Fixed bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files)

* Added \"ignore_errors\" option to http fopen wrapper. (David Zulke, Sara)

* Fixed memory corruptions while reading properties of zip files. (Ilia)

* Fixed memory leak in ob_get_clean/ob_get_flush. (Christian)

* Fixed segfault on invalid session.save_path. (Hannes)

* Fixed leaks in imap when a mail_criteria is used. (Pierre)

* Changed default value of array_unique()\'s optional sorting type parameter back to SORT_STRING to fix backwards compatibility breakage introduced in PHP 5.2.9. (Moriyoshi)

* Fixed bug #47940 (memory leaks in imap_body). (Pierre, Jake Levitt)

* Fixed bug #47903 (\"AATT\" operator does not work with string offsets). (Felipe)

* Fixed bug #47644 (Valid integers are truncated with json_decode()). (Scott)

* Fixed bug #47564 (unpacking unsigned long 32bit big endian returns wrong result). (Ilia)

* Fixed bug #47365 (ip2long() may allow some invalid values on certain 64bit systems).

* Over 100 bug fixes.

Thu May 21 14:00:00 2009 crrodriguezAATTsuse.de
- add temporary backport of openssl prng function

Sat Mar 14 13:00:00 2009 crrodriguezAATTsuse.de
- Update to version 5.2.9, security and bugfix release

* VUL-0: php5: memory disclosure by imagerotate() [bnc#480850]

* VUL-0: php5: mbstring.func_overload set in .htaccess becomes global [bnc#471419]

* Fixed a segfault when malformed string is passed to json_decode()

* Fixed explode() behavior with empty string to respect negative limit.


 
ICM