Changelog for
php5-sysvmsg-5.3.5-2.1.x86_64.rpm :
Fri Dec 13 13:00:00 2013 pgajdosAATTsuse.com
- security update
* CVE-2013-6420.patch [bnc#854880]
* CVE-2013-6712.patch [bnc#853045]
* CVE-2013-4248.patch [bnc#837746]
Wed Jul 17 14:00:00 2013 johann.luceAATTwanadoo.fr
- - fixing the following security issues:
* CVE-2013-4635.patch (bnc#828020):
- Integer overflow in the SdnToJewish
* CVE-2013-1635.patch and CVE-2013-1643.patch (bnc#807707):
- reading system files via untrusted SOAP input
- soap.wsdl_cache_dir function did not honour PHP open_basedir
* CVE-2013-4113.patch (bnc#829207):
- heap corruption due to badly formed xml
Mon Sep 3 14:00:00 2012 pgajdosAATTsuse.com
- fixed CVE-2011-1398 and CVE-2011-4388 [bnc#778003]
Tue Aug 28 14:00:00 2012 pgajdosAATTsuse.com
- use FilesMatch with \'SetHandler\' rather than \'AddHandler\'
[bnc#775852]
Thu Jul 26 14:00:00 2012 pgajdosAATTsuse.com
- security update:
* CVE-2012-2688 [bnc#772580]
* CVE-2012-3365 [bnc#772582]
* oob-read-sql-dos [bnc#769785]
Thu Jun 14 14:00:00 2012 pgajdosAATTsuse.com
- security update:
* CVE-2012-2143 [bnc#766798]
Mon May 28 14:00:00 2012 pgajdosAATTsuse.com
- security update:
* CVE-2012-2386 [bnc#763814]
Mon May 14 14:00:00 2012 pgajdosAATTsuse.com
- security update:
* improved fix for CVE-2012-1823 (CVE-2012-2335, CVE-2012-2336)
[bnc#761631]
Wed May 9 14:00:00 2012 chrisAATTcomputersalat.de
- fix for bnc#755907 (php#55019)
* https://bugzilla.novell.com/show_bug.cgi?id=755907
* fixes for
*Unicode Issues Bug #55019
https://bugs.php.net/bug.php?id=55019
* add php-5.3-php55019.patch
Fri May 4 14:00:00 2012 pgajdosAATTsuse.com
- security update:
* CVE-2012-1823, CVE-2012-2311 [bnc#760536]
Thu Apr 5 14:00:00 2012 pgajdosAATTsuse.com
- security update:
* CVE-2012-1172 [bnc#752030]
Thu Mar 8 13:00:00 2012 pgajdosAATTsuse.com
- fixed regressions after fix for CVE-2012-0830 [bnc#749111]
Tue Feb 7 13:00:00 2012 pgajdosAATTsuse.com
- security update:
* CVE-2012-0807 [bnc#743308]
* CVE-2012-0057 [bnc#741520]
* CVE-2011-4153 [bnc#741859]
* CVE-2012-0831 [bnc#746661]
Fri Feb 3 13:00:00 2012 pgajdosAATTsuse.com
- security update CVE-2012-0830 and other memory leaks
(fixes the fix of CVE-2011-4885) [bnc#744966]
Wed Jan 25 13:00:00 2012 pgajdosAATTsuse.com
- security update:
* CVE-2012-0781 [bnc#742273]
* CVE-2012-0788 [bnc#742806]
* memory corruption in parse_ini_string() [bnc#742806]
* CVE-2012-0789 [bnc#742806]
Mon Jan 2 13:00:00 2012 pgajdosAATTsuse.com
- security update:
* CVE-2011-4885 [bnc#738221] -- added max_input_vars directive
to prevent attacks based on hash collisions
Tue Dec 20 13:00:00 2011 pgajdosAATTsuse.com
- amend README.SUSE to discourage using apache module with
apache2-worker [bnc#728671]
Fri Dec 9 13:00:00 2011 pgajdosAATTsuse.com
- security update:
* CVE-2011-4566 [bnc#733590]
* CVE-2011-3182 [bnc#713652]
* CVE-2011-1466 [bnc#736169]
* CVE-2011-1072 [bnc#735613]
Mon Sep 5 14:00:00 2011 pgajdosAATTsuse.com
- security update:
* CVE-2011-3267 [bnc#715640]
* CVE-2011-3268 [bnc#715646]
- allow uploading files bigger than 2GB for 64bit systems
[bnc#709549]
* 64-bit-post-large-files.patch
Thu Jun 30 14:00:00 2011 pgajdosAATTnovell.com
- security update:
* CVE-2011-2483 [bnc#701491]
* CVE-2011-2202 [bnc#699711]
Fri Apr 1 14:00:00 2011 pgajdosAATTsuse.cz
- security updates:
* CVE-2011-1470, CVE-2011-1471 [bnc#681214]
* CVE-2011-1092 [bnc#677782]
* CVE-2011-1464 [bnc#681194]
* CVE-2011-1468 [bnc#681197]
* CVE-2011-1467 [bnc#681195]
* CVE-2011-0421 [bnc#681291]
* CVE-2011-1469 [bnc#681210]
* CVE-2011-1148 [bnc#679278]
* CVE-2011-1938 [bnc#695689]
Fri Feb 25 13:00:00 2011 chrisAATTcomputersalat.de
- fix for macros.php
o devel pkg must have Obsoletes/Provides: php-macros
Tue Feb 22 13:00:00 2011 pgajdosAATTsuse.cz
- security fixes
* CVE-2011-0420 [bnc#672933]
* CVE-2011-0708 [bnc#671710]
Thu Feb 10 13:00:00 2011 chrisAATTcomputersalat.de
- extend macros.php
o __php, __phpize, __php_config, php_version
o __pear, php_peardir, php_pearxmldir
o php_pear_gen_filelist
- add README.macros
Thu Jan 13 13:00:00 2011 pgajdosAATTsuse.cz
- security fix:
* fopen_https_proxy_auth_fix.patch [bnc#656523]
Mon Jan 10 13:00:00 2011 cristian.rodriguezAATTopensuse.org
- export PHP_MYSQLND_ENABLED=yes to solve the mysqlnd problem
when extensions are built shared. [bnc#661464]
Mon Jan 10 13:00:00 2011 cristian.rodriguezAATTopensuse.org
- Go back to libmysql as there is currently no way
to build shared mysql extensions with mysqlnd. [bnc#661464]
Sun Jan 9 13:00:00 2011 cristian.rodriguezAATTopensuse.org
- Use mysqlnd driver, this is a newer PHP-native mysql
extension, that does not require external libraries.
Now you can use mysql, mariadb or drizzle without extra libs.
fixes bnc #661464 and other old feature requests.
Thu Jan 6 13:00:00 2011 cristian.rodriguezAATTopensuse.org
- Update to version 5.3.5, Critical Update
* Fixed bug #53632 (PHP hangs on numeric value 2.2250738585072011e-308). (CVE-2010-4645)
Only 32 bit binaries affected, confirmed in factory i586.
Fri Dec 17 13:00:00 2010 cristian.rodriguezAATTopensuse.org
- revert unsuitable patch php-5.3.4-dlopen.patch
Tue Dec 14 13:00:00 2010 cristian.rodriguezAATTopensuse.org
- Add php-5.3.4-dlopen.patch from fedora,makes dlopen to use
bind_now instead of lazy.
- Compiler is now in C99 mode for both core and extensions.
Tue Dec 14 13:00:00 2010 cristian.rodriguezAATTopensuse.org
- fix format string bug in Phar extension I just found
http://bugs.php.net/bug.php?id=53541 and the underlying
issue, which is the lack of format attributes in several
core prototypes.
Mon Dec 13 13:00:00 2010 cristian.rodriguezAATTopensuse.org
- Update to PHP 5.3.4 final
* Fixed crash in zip extract method (possible CWE-170).
* Paths with NULL in them (foo\\0bar.txt) are now considered as invalid (CVE-2006-7243).
* Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150).
* Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709).
* Fixed possible flaw in open_basedir (CVE-2010-3436).
* Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950).
* Fixed symbolic resolution support when the target is a DFS share.
* Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) (CVE-2010-3710).
* Key Bug Fixes in PHP 5.3.4 include:
* Added stat support for zip stream.
* Added follow_location (enabled by default) option for the http stream support.
* Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al.
* Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend multibyte at runtime.
* Multiple improvements to the FPM SAPI.
* Over 100 other bug fixes.
- SUSE specific;
* enable PTY support in proc_open (temporary)
Wed Nov 24 13:00:00 2010 roAATTsuse.de
- xft-config is gone
Tue Nov 2 13:00:00 2010 cristian.rodriguezAATTopensuse.org
- Update to 5.3.3_svn201011020214
* Fix Performance issue, array_diff may take hours instead
of seconds in some scenarios,regression appeared in version
5.2.5
Wed Oct 27 14:00:00 2010 cristian.rodriguezAATTopensuse.org
- Update to 5.3.3_svn20101027xx
- Fix init script again.
Thu Oct 14 14:00:00 2010 crrodriguezAATTopensuse.org
- update to 5.3.3_svn201010140300
- Fix php-fpm init script.
Sat Oct 9 14:00:00 2010 cristian.rodriguezAATTopensuse.org
- Update to an slightly newer PHP 5.3.3.x snap, fixes
around 100 bugs including open_basedir problems.
- add the fpm sapi to the package.
Tue Aug 3 14:00:00 2010 cristian.rodriguezAATTopensuse.org
- Clarify changelog this update fixed:
* VUL-0: php5 new unserialize() flaw CVE-2010-2225 [bnc#616232]
* VUL-0: php5: MOPS-2010-021: fnmatch() Stack Exhaustion Vulnerability [bnc#605097]
* VUL-0: php5: MOPS-2010-017: preg_quote() Interruption Information Leak [bnc#605100]
* VUL-0: php5: MOPS-2010-022 use after free [bnc#609763]
* VUL-0: php5-phar: MOPS-2010-0{24,25,26,27,28} format string bugs [bnc#609766]
* VUL-0: php5: MOPS-2010-0{32,33,34} use space interruption in iconv functions [bnc#609768]
* VUL-0: php5: MOPS-2010-0{36,37,38,39,40} userspace interruptions [bnc#609769]
* VUL-0: php5: MOPS-2010-0{36..46} userspace interruptions [bnc#609769]
* VUL-0: php5: MOPS-2010-047/048 information leak [bnc#612555]
* VUL-0: php5: MOPS-2010-049/50/51/52/53/54/55 memory corruption and/or info leak [bnc#612556]
* VUL-0: PHP5: Session Data Injection Vulnerability [bnc#619483]
* VUL-0: PHP5: multiple heap based buffer overflows [bnc#619486]
* bugzilla numbers 619487,619489,619469,609766..
Tue Jul 20 14:00:00 2010 cristian.rodriguezAATTopensuse.org
- Update to PHP 5.3.3 RC3
- Massive lot of security fixes see list
here http://www.php-security.org/category/vulnerabilities/index.html
Tue Jun 1 14:00:00 2010 cristian.rodriguezAATTopensuse.org
- possible fix for [bnc#610633]
Fri Apr 16 14:00:00 2010 crrodriguezAATTopensuse.org
- use FD_CLOEXEC flag to avoid annoying races.
Sun Apr 4 14:00:00 2010 crrodriguezAATTopensuse.org
- remove obsolete buildRequires
Fri Apr 2 14:00:00 2010 crrodriguezAATTopensuse.org
- remove build date from binaries so they dont get
republished every time
- fix invalid path
Thu Apr 1 14:00:00 2010 crrodriguezAATTopensuse.org
- add missing patch, refresh patches with -p0
Thu Apr 1 14:00:00 2010 crrodriguezAATTopensuse.org
- Update to PHP 5.3.2, see NEWS for details
Fri Mar 5 13:00:00 2010 dimstarAATTopensuse.org
- Add php5-autoconf-2.65.patch to fix build with autoconf 2.65; it\'s
a backported combination of svn commits 291283, 291284 and
291332.
- Workaround old php bug http://bugs.php.net/bug.php?id=21153 by
replacing -ledit with -ledit -lncurses in the resulting configure
scripts. This became apparent problem due to libedit being built
with as-needed now.
- Add php5-bug51224.patch to fix buffer overflows happening in
strcpy. It;s a combination of upstream svn revs 284097 and 284099
Sun Jan 17 13:00:00 2010 vuntzAATTopensuse.org
- Remove unneeded gtk-devel BuildRequires.
Mon Jan 11 13:00:00 2010 ajAATTsuse.de
- Remove obsolete build requires of orbit-devel.
Tue Dec 22 13:00:00 2009 jengelhAATTmedozas.de
- avoid alignment crash on alignment-sensitive CPUs
(bugs.php.net#46074)
Wed Dec 2 13:00:00 2009 cooloAATTnovell.com
- update patch to fix build
Tue Oct 6 14:00:00 2009 crrodriguezAATTopensuse.org
- Fixed wrong harcoded mysql socket [bnc#544516]
- Fixed wrong default include_path
Tue Sep 8 14:00:00 2009 crrodriguezAATTsuse.de
- make php5-pear noarch in Factory
Wed Aug 26 14:00:00 2009 crrodriguezAATTsuse.de
- remove obsolete patches
- apply ini patch
- enable mhash compatibility in the hash extension and obsolete php5-mhash
- add macros.php to the source list
Mon Aug 24 14:00:00 2009 crrodriguezAATTsuse.de
- PHP read_exif_data() only returns the first letter of UTF-16 strings [bnc#518300]
Sun Aug 23 14:00:00 2009 crrodriguezAATTsuse.de
- fix missing return values of suhosin extension
Wed Aug 19 14:00:00 2009 crrodriguezAATTnovell.com
- fix build on CODE10 products
Wed Aug 19 14:00:00 2009 crrodriguezAATTnovell.com
- fix horrible broken open_basedir functionality
Sun Aug 16 14:00:00 2009 crrodriguezAATTsuse.de
- update suhosin extension to version 0.9.29
- mysql extensions now use mysqlnd instead of libmysqlclient.
- enable sqlite3 extension, part of the php5-sqlite package
- enable enchant extension
- enable fileinfo extension
- enable intl extension
Fri Aug 14 14:00:00 2009 crrodriguezAATTsuse.de
- add suhosin patch and newer suhosin extension for compatibility
reasons
Thu Aug 13 14:00:00 2009 crrodriguezAATTsuse.de
- Upgrade to PHP 5.3, see http://www.php.net/ChangeLog-5.php
for the huge list of changes
- remove dbase and ncurses extension
Thu Jul 16 14:00:00 2009 cooloAATTnovell.com
- disable as-needed to fix build
Fri Jun 19 14:00:00 2009 crrodriguezAATTsuse.de
- update to PHP 5.2.10
* Fixed bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files)
* Added \"ignore_errors\" option to http fopen wrapper. (David Zulke, Sara)
* Fixed memory corruptions while reading properties of zip files. (Ilia)
* Fixed memory leak in ob_get_clean/ob_get_flush. (Christian)
* Fixed segfault on invalid session.save_path. (Hannes)
* Fixed leaks in imap when a mail_criteria is used. (Pierre)
* Changed default value of array_unique()\'s optional sorting type parameter back to SORT_STRING to fix backwards compatibility breakage introduced in PHP 5.2.9. (Moriyoshi)
* Fixed bug #47940 (memory leaks in imap_body). (Pierre, Jake Levitt)
* Fixed bug #47903 (\"AATT\" operator does not work with string offsets). (Felipe)
* Fixed bug #47644 (Valid integers are truncated with json_decode()). (Scott)
* Fixed bug #47564 (unpacking unsigned long 32bit big endian returns wrong result). (Ilia)
* Fixed bug #47365 (ip2long() may allow some invalid values on certain 64bit systems).
* Over 100 bug fixes.
Thu May 21 14:00:00 2009 crrodriguezAATTsuse.de
- add temporary backport of openssl prng function
Sat Mar 14 13:00:00 2009 crrodriguezAATTsuse.de
- Update to version 5.2.9, security and bugfix release
* VUL-0: php5: memory disclosure by imagerotate() [bnc#480850]
* VUL-0: php5: mbstring.func_overload set in .htaccess becomes global [bnc#471419]
* Fixed a segfault when malformed string is passed to json_decode()
* Fixed explode() behavior with empty string to respect negative limit.