SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for php4-gd-4.4.7-1tr.i586.rpm :
Mon May 7 03:00:00 2007 Nived Gopalan 4.4.7-1tr
- New Upstream.
- SECURITY Fix: Several vulnerabilities have been reported in PHP,
where some have unknown impacts and others can be exploited by
malicious users to manipulate certain data, disclose potentially
sensitive information, bypass certain security restrictions,
or to cause a DoS.(SA25123)

Fri Mar 9 02:00:00 2007 Nived Gopalan 4.4.6-1tr
- New Upstream.
- Fixes crash problem with the session extension when register_globals
is turned on.

Fri Feb 23 02:00:00 2007 Nived Gopalan 4.4.5-1tr
- New Upstream.
- SECURITY Fix: Several vulnerabilities have been reported in PHP,
which can be exploited by malicious people to disclose potentially
sensitive information, cause a DoS and potentially compromise a
vulnerable system. (SA24089)

Wed Oct 11 03:00:00 2006 Nived Gopalan 4.4.4-4tr
- SECURITY Fix: Maksymilian Arciemowicz has reported a vulnerability
in PHP, caused due to an error within the \"ini_restore()\" function,
which can be exploited to reset certain options to their default
value specified in php.ini.

The Common Vulnerabilities and Exposures project has assigned the
name CVE-2006-4625 to this issue.

Fri Oct 6 03:00:00 2006 Nived Gopalan 4.4.4-3tr
- SECURITY Fix: A vulnerability has been reported in PHP, caused due
to an integer overflow within the \"_ecalloc\" function. This can
potentially be exploited to execute arbitrary code via specially
crafted requests if a PHP script allocates memory based on attacker
supplied data.

The Common Vulnerabilities and Exposures project has assigned the
name CVE-2006-4812 to this issue.

Wed Sep 13 03:00:00 2006 Nived Gopalan 4.4.4-2tr
- Added BuildRequires ncurses-devel, byacc and bison, Bug #1749.

Mon Aug 21 03:00:00 2006 Nived Gopalan 4.4.4-1tr
- New Upstream.
- SECURITY Fix: Fixed overflows inside str_repeat() and wordwrap()
functions on 64bit systems.
- Fixed overflow in GD extension on invalid GIF images.
- Fixed possible open_basedir/safe_mode bypass in cURL extension.
- Fixed overflows inside str_repeat() and wordwrap() functions on
64bit systems.
- Fixed a buffer overflow inside sscanf() function.
- Fixed memory_limit restriction on 64 bit system.

Thu Apr 6 03:00:00 2006 Nived Gopalan 4.4.2-2tr
- SECURITY Fix: A vulnerability has been discovered in PHP, caused due
to the \"html_entity_decode()\" PHP function not being binary safe. This
can be exploited to disclose certain part of the memory via a script
calling the \"html_entity_decode()\" function with input controlled by
the attacker and where the result is sent to the attacker.

The Common Vulnerabilities and Exposures project has assigned the
name CVE-2006-1490 this issue.

Tue Mar 21 02:00:00 2006 Nived Gopalan 4.4.2-1tr
- New Upstream.

Mon Nov 14 02:00:00 2005 Ajith Thampi 4.4.1-2tr
- PHP developers released PHP 4.4.1 version on 2005-10-31. Security
fixes introduced bug, which affects three SquirrelMail functions.
If your SquirrelMail install does not use server side sorting, PHP
bug can create infinite loop in message display.

Wed Nov 2 02:00:00 2005 Bipin S 4.4.1-1tr
- New upstream and Multiple Security Fixes.
- SECURITY Fix: Updated to the latest pcrelib to fix a possible integer
overflow vulnerability announced in CVE-2005-2491.
- Fixed a Cross Site Scripting (XSS) vulnerability in phpinfo().
- Fixed multiple safe_mode/open_basedir bypass vulnerabilities in
ext/curl and ext/gd.
- Fixed a possible $GLOBALS overwrite problem in file upload handling,
extract() and import_request_variables().
- Fixed a problem when a request was terminated due to memory_limit
constraints during certain parse_str() calls.
- Fixed an issue with trailing slashes in allowed basedirs.
- Fixed an issue with calling virtual() on Apache 2.

Mon Oct 17 03:00:00 2005 Bipin S 4.4.0-6tr
- Man pages for php-config and phpize is now known as php-config4 and
phpize4 respectively.
- Security Fix: A vulnerability has been identified in PHP, which could be
exploited by malicious users to bypass security policies. This flaw is
due to an error in \"fopen_wrappers.c\" that does not properly restrict access
to other directories when the \"open_basedir\" directive includes a trailing
slash, which could allow certain scripts in a directory (e.g. \"/user/test2/)
to access files in other directories whose names are substrings of the original
directory (e.g. \"/user/test22/).

The Common Vulnerabilities and Exposures project has assigned the
name CAN-2005-3054 to this issue.

Tue Aug 30 03:00:00 2005 Ajith Thampi 4.4.0-5tr
- Fix Integer overflow in pcre_compile.c which allows attackers to
execute arbitrary code via quantifier values in regular expressions,
which leads to a heap-based buffer overflow.

The Common Vulnerabilities and Exposures project has assigned the
name CAN-2005-2491 to this issue.

Tue Aug 16 03:00:00 2005 Syed Shabir Zakiullah 4.4.0-4tr
- Added FastCGI support, Bug #1190.

Mon Aug 15 03:00:00 2005 Erlend Midttun 4.4.0-3tr
- Now BuildRequire curl. Bug #1184.
- Now own /usr/share/php4. Bug #1188
- Now also ship with -devel files. Bug #1189

Tue Jul 12 03:00:00 2005 Syed Shabir Zakiullah 4.4.0-1tr
- New Upstream
- Security Bug Fix release to 4.3.11, Fix Bug #1064
Vendor update for XML_RPC to fix remote code execution vulnerability.

Mon Jul 11 03:00:00 2005 Thushara Gopalakrishnan 4.3.11.-7tr
- Added missing Buildrequires, Bug #1056.

Fri Jul 8 03:00:00 2005 Thushara Gopalakrishnan 4.3.11-6tr
- Changed directory Permissions, Bug #1037

Thu Jul 7 03:00:00 2005 Syed Shabir Zakiullah 4.3.11-5tr
- Added Support for Freetype2 Font library. Fix Bug #1043.
- Enabled support for Socket functions. Fix Bug #1042.

Thu Jun 30 03:00:00 2005 Syed Shabir Zakiullah 4.3.11-4tr
- Security Fix: PHP XML RPC\'s remote code execution vulnerability.
- GulfTech Security recently discovered a vulnerability in the PHP XML RPC
that leads to remote code execution.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2005-1921 to this issue.

Thu May 26 03:00:00 2005 Raghu 4.3.11-3tr
- Added mhash support, Bug #748

Fri Apr 22 03:00:00 2005 Ajith Thampi 4.3.11-2tr
- Rebuilt with postgresql-8.0.2

Fri Apr 1 03:00:00 2005 Erlend Midttun 4.3.11-1tr
- New upstream.
- Make it co-exist with PHP 5

Fri Dec 17 02:00:00 2004 Erlend Midttun 4.3.10-2tr
- New upstream. Fixes more CANs than I can remember.

Thu Sep 30 03:00:00 2004 Erlend Midttun 4.3.9-2tr
- New upstream.

Thu Jul 22 03:00:00 2004 Oystein Viggen 2.3.8-2tr
- New upstream.

Fri Jun 18 03:00:00 2004 Chr. Toldnes 4.3.7-1tr
- New upstream version: 4.3.7

Sun Mar 14 02:00:00 2004 Chr. Toldnes 4.3.4-8tr
- removed cyrus support, does not build with new cyrus.

Mon Mar 1 02:00:00 2004 Erlend Midttun 4.3.4-6tr
- Added the missing extensions.

Wed Dec 3 02:00:00 2003 Erlend Midttun 4.3.4-4tr
- Stricter defaults in php.ini.

Wed Nov 19 02:00:00 2003 Tor Hveem 4.3.4-3th
- Readd a BuildReq
- Renamed libpng12 Req to libpng
- Tried removing the _noVersionedDependencies hack

Tue Nov 18 02:00:00 2003 Tor Hveem 4.3.4-2th
- Rebuild for apache with LFS

Wed Nov 5 02:00:00 2003 Gerald Dachs 4.3.4-1gd
- New upstream version
- build requires rpm-build >= 4.0.4-22gd

Tue Sep 16 03:00:00 2003 Tor Hveem 4.3.3-1th
- New upstream
- Fixed docs and tests paths
- Fixed some bogus BuildReq\'s

Fri Sep 12 03:00:00 2003 Gerald Dachs 4.3.2-9gd
- enabled db4 support

Mon Jun 23 03:00:00 2003 Erlend Midttun 4.3.2-8tr
- Added %defattr

Sat Jun 21 03:00:00 2003 Gerald Dachs 4.3.2-7gd
- Added --with-gettext

Wed Jun 18 03:00:00 2003 Erlend Midttun 4.3.2-6tr
- Big rebuild

Wed Jun 11 03:00:00 2003 Gerald Dachs 4.3.2-5gd
- buildrequries cyrus-sasl-devel, readline-devel

Wed Jun 11 03:00:00 2003 Gerald Dachs 4.3.2-4gd
- use --with-regex=php now, removed patch0

Sat Jun 7 03:00:00 2003 Erlend Midttun 4.3.2-3em
- Fix file conflict on /usr/bin/php.

Sun Jun 1 03:00:00 2003 Erlend Midttun 4.3.2-2em
- Removed libapr-devel

Sun Jun 1 03:00:00 2003 Gerald Dachs 4.3.2-1gd
- New upstream version.
- openssl linked static, because of bug in php
- hack for pleasing apxs with a fake httpd.conf
- made patch to allow to use --with-regex=system

Wed May 28 03:00:00 2003 Gerald Dachs 4.3.1-8gd
- Added package domxml

Fri May 23 03:00:00 2003 Tor Hveem 4.3.1-7th
- Missing BuildReq readline-devel, libpng-devel, libjpeg-devel, mysql-devel
- Added --with-cyrus
- Added package gd

Thu May 15 03:00:00 2003 Erlend Midttun 4.3.1-6em
- Moved docs

Wed Apr 30 03:00:00 2003 Erlend Midttun 4.3.1-5em
- Major cleanup.

Wed Apr 30 03:00:00 2003 Erlend Midttun 4.3.1-4em
- mod_php4-pgsql requires postgresql-libs and not postgresql.

Mon Apr 28 03:00:00 2003 Erlend Midttun 4.3.1-3em
- Rebuild against new mysql.

Mon Mar 24 02:00:00 2003 Erlend Midttun 4.3.1-2em
- Rebuilt against glibc 2.3.2.

Thu Mar 20 02:00:00 2003 Erlend Midttun 4.3.1-1em
- New upstream version.

Fri Feb 28 02:00:00 2003 Erlend Midttun 4.3.0-6em
- Fixed entension dir.

Wed Feb 19 02:00:00 2003 Erlend Midttun 4.3.0-5em
- Added conf file.

Sat Jan 18 02:00:00 2003 Gerald Dachs 4.3.0-4gd
- rebuilt against openssl 0.9.7

Sat Jan 11 02:00:00 2003 Tor Hveem 4.3.0-3th
- added packages: openssl, cli, exif

Fri Jan 3 02:00:00 2003 Erlend Midttun 4.3.0-2em
- Changed Req: imap to BuildReq: uw-imap-devel on -imap package
- New and improved php.ini file. Slightly modified php.ini-recommended.

Sat Dec 28 02:00:00 2002 Tor Hveem 4.3.0-1th
- New upstream version: 4.3.0
- Removed tsrm patch
- Added new build requirements bzip2-devel, libapr-devel
- Readded imap module

Thu Sep 26 03:00:00 2002 Erlend Midttun 4.2.3-2em
- Added buildreq flex.

Wed Sep 11 03:00:00 2002 Erlend Midttun 4.2.3-1em
- New PHP.
- Now required Apache 2.

Mon Mar 25 02:00:00 2002 Christian H. Toldnes
- The old rfc1867.c didn\'t fix it. Applied a new patch.

Thu Feb 28 02:00:00 2002 Christian H. Toldnes
- Applied securitypatch. (rfc1867.c)

Wed Sep 26 03:00:00 2001 Erlend Midttun
- Seems the previous mailsec patch was broken, trying again.

Thu Jul 26 03:00:00 2001 Erlend Midttun
- Fixed a few dependencies.

Thu Jul 19 03:00:00 2001 Oystein Viggen
- Add a fix from cvs to stop mail() from breaking safe mode.

Mon Jul 16 03:00:00 2001 Oystein Viggen
- 4.0.6 didn\'t fix memlimit. Added patch from the php team.

Mon Jul 9 03:00:00 2001 Oystein Viggen
- Because of build problems, imap is no longer built as a module.

Tue Jul 3 03:00:00 2001 Oystein Viggen
- define _noVersionedDependencies

Mon Jul 2 03:00:00 2001 Oystein Viggen
- New upstream version: 4.0.6
- This new version fixes a bug with --enable-memory-limit

Mon Jun 11 03:00:00 2001 Oystein Viggen
- New upstream version: 4.0.5

Mon Mar 19 02:00:00 2001 Alexander Reelsen
- Picked up 4.0.4pl1
- Created dynamic modules (and own packages) for imap, ldap, mysql and pgsql

Wed Oct 18 03:00:00 2000 Per Ivar Paulsen
- Update to 3.0.17. Removed syslog patch

Wed May 3 03:00:00 2000 Per Ivar Paulsen
- Update to php 3.0.16

Sat Feb 26 02:00:00 2000 Lars Gaarden
- Picked up php 3.0.15

Fri Feb 25 02:00:00 2000 Lars Gaarden
- Added Provides: php

Tue Jan 25 02:00:00 2000 Per Ivar Paulsen
- picked up php 3.0.14.
- Initial release for the Trustix Secure Linux distribution.
- Added noreplace.
- Moved man and info pages to /usr/share adhering to FHS
- TODO: add better default configuration

Thu Jan 6 02:00:00 2000 Per Ivar Paulsen
- picked up php 3.0.13. And updated manual

Fri Apr 16 03:00:00 1999 Preston Brown
- pick up php3.ini

Wed Mar 24 02:00:00 1999 Preston Brown
- build against apache 1.3.6

Sun Mar 21 02:00:00 1999 Cristian Gafton
- auto rebuild in the new build environment (release 2)

Mon Mar 8 02:00:00 1999 Preston Brown
- upgraded to 3.0.7.

Wed Feb 24 02:00:00 1999 Preston Brown
- Injected new description and group.

Sun Feb 7 02:00:00 1999 Preston Brown
- upgrade to php 3.0.6, built against apache 1.3.4

Mon Oct 12 03:00:00 1998 Cristian Gafton
- rebuild for apache 1.3.3

Thu Oct 8 03:00:00 1998 Preston Brown
- updated to 3.0.5, fixes nasty bugs in 3.0.4.

Sun Sep 27 03:00:00 1998 Cristian Gafton
- updated to 3.0.4 and recompiled for apache 1.3.2

Thu Sep 3 03:00:00 1998 Preston Brown
- improvements; builds with apache-devel package installed.

Tue Sep 1 03:00:00 1998 Preston Brown
- Made initial cut for PHP3.


  
ICM