|
|
|
|
Changelog for php-fcgi-5.2.4-1tr.i586.rpm :
Mon Sep 3 14:00:00 2007 Nived Gopalan 5.2.4-1tr - New Upstream. - SECURITY Fix. Some vulnerabilities have been reported in PHP, where some have unknown impacts and others can be exploited by malicious users to bypass certain security restrictions (SA26642). Includes fixes for CVE-2007-3996, CVE-2007-3378 and CVE-2007-3997.
Thu Jul 19 14:00:00 2007 Nived Gopalan 5.2.3-2tr - Rebuilt with new cURL.
Wed Jul 18 14:00:00 2007 Nived Gopalan 5.2.3-1tr - New Upstream. - SECURITY Fix: Multiple security fixes. - Fixes an integer overflow inside chunk_split(). - Fixes possible infinite loop in imagecreatefrompng. - Fixes ext/filter Email Validation Vulnerability. - Fixes an error in the \"realpath()\" function which allows bypassing of the \"open_basedir\" restriction and identifying the existence of files.
The Common Vulnerabilities and Exposures project has assigned the names CVE-2007-2872, CVE-2007-2756, CVE-2007-1900 and CVE-2007-3007 to these issues.
Mon May 7 14:00:00 2007 Nived Gopalan 5.2.2-1tr - New Upstream. - SECURITY Fix: Several vulnerabilities have been reported in PHP, where some have unknown impacts and others can be exploited by malicious users to manipulate certain data, disclose potentially sensitive information, bypass certain security restrictions, or to cause a DoS.(SA25123)
Mon Feb 26 13:00:00 2007 Nived Gopalan - Rebuilt
Thu Feb 15 13:00:00 2007 Nived Gopalan 5.2.1-2tr - Removed Requires libimap and added libc-client.
Fri Feb 9 13:00:00 2007 Nived Gopalan 5.2.1-1tr - New Upstream. - Multiple Security Fixes.
Wed Feb 7 13:00:00 2007 Bipin S 5.2.0-5tr - Rebuilt with postgresql 8.2.2.
Tue Jan 23 13:00:00 2007 Nived Gopalan 5.2.0-4tr - Rebuilt.
Fri Jan 19 13:00:00 2007 Nived Gopalan 5.2.0-3tr - Rebuilt with mysql 5.0.x.
Fri Nov 10 13:00:00 2006 Bipin S 5.2.0-2tr - Enabled mssql support. Bug #1918. - Added build-requires gcc-c++-devel Bug #2041.
Fri Nov 3 13:00:00 2006 Nived Gopalan 5.2.0-1tr - New Upstream. - SECURITY Fix: Some vulnerabilities have been reported in PHP, caused due to boundary errors within the \"htmlentities()\" and \"htmlspecialchars()\" functions. If a PHP application uses these functions to process user-supplied input, this can be exploited to cause buffer overflows by passing specially crafted data to the affected application.
The Common Vulnerabilities and Exposures project has assigned the name CVE-2006-5465 to this issue.
Wed Nov 1 13:00:00 2006 Nived Gopalan 5.1.6-5tr - Added support for mcrypt, Bug #1956. - Added support for pdo-sqlite, pdo-mysql and sqlite, Bug #1959. - Included openssl support, Bug #1958. - Added buildrequires expat-devel and fontconfig-devel, Bug #2011.
Wed Oct 11 14:00:00 2006 Nived Gopalan 5.1.6-4tr - SECURITY Fix: Maksymilian Arciemowicz has reported a vulnerability in PHP, caused due to an error within the \"ini_restore()\" function, which can be exploited to reset certain options to their default value specified in php.ini.
The Common Vulnerabilities and Exposures project has assigned the name CVE-2006-4625 to this issue.
Fri Oct 6 14:00:00 2006 Nived Gopalan 5.1.6-3tr - SECURITY Fix: A vulnerability has been reported in PHP, caused due to an integer overflow within the \"_ecalloc\" function. This can potentially be exploited to execute arbitrary code via specially crafted requests if a PHP script allocates memory based on attacker supplied data.
The Common Vulnerabilities and Exposures project has assigned the name CVE-2006-4812 to this issue.
Mon Sep 25 14:00:00 2006 Nived Gopalan 5.1.6-2tr - Rebuilt.
Wed Sep 13 14:00:00 2006 Nived Gopalan 5.1.6-1tr - New Upstream. - Added BuildRequires ncurses-devel, bison and byacc, Bug #1917. - Included missing devel files, Bug #1923.
Tue Aug 22 14:00:00 2006 Nived Gopalan 5.1.5-1tr - New Upstream - SECURITY Fix: Added missing safe_mode/open_basedir checks inside the error_log(), file_exists(), imap_open() and imap_reopen() functions. - Fixed overflows inside str_repeat() and wordwrap() functions on 64bit systems. - Fixed possible open_basedir/safe_mode bypass in cURL extension and with realpath cache. - Fixed overflow in GD extension on invalid GIF images. - Fixed a buffer overflow inside sscanf() function. - Fixed an out of bounds read inside stripos() function. - Fixed memory_limit restriction on 64 bit system.
Mon Aug 14 14:00:00 2006 Nived Gopalan 5.1.4-1tr - New Upstream.
Mon Mar 20 13:00:00 2006 Nived Gopalan 5.1.2-1tr - New Upstream. - SECURITY Fix: Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the session extension and the header function. - Multiple cross-site scripting (XSS) vulnerabilities in PHP, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message.
The Common Vulnerabilities and Exposures project has assigned the names CVE-2006-0207 and CVE-2006-0208 to these issues.
Tue Jan 17 13:00:00 2006 Ajith Thampi 5.0.5-3tr - Rebuilt
Mon Nov 14 13:00:00 2005 Ajith Thampi 5.0.5-2tr - Added dba support as module. Bug #1382 - Added xslt support as module.
Wed Oct 19 14:00:00 2005 Bipin S 5.0.5-1tr - New upstream. - Upgraded PCRE library to version 5.0. - Removed phpextdist from file list. - Security Fix: A vulnerability has been identified in PHP, which could be exploited by malicious users to bypass security policies. This flaw is due to an error in \"fopen_wrappers.c\" that does not properly restrict access to other directories when the \"open_basedir\" directive includes a trailing slash, which could allow certain scripts in a directory (e.g. \"/user/test2/) to access files in other directories whose names are substrings of the original directory (e.g. \"/user/test22/).
The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-3054 to this issue.
Mon Oct 3 14:00:00 2005 Bipin S 5.0.4-22tr - Added libimap in requires for imap. - Fixed Bug #1308.
Fri Sep 23 14:00:00 2005 Bipin S 5.0.4-21tr - Added calender support. Bug #1303. - Created pspell sub package.
Wed Sep 21 14:00:00 2005 Bipin S 5.0.4-20tr - Added pspell support. Bug #1299.
Mon Sep 12 14:00:00 2005 Bipin S 5.0.4-19tr - Minor cleanup. Fixed Bug# 877.
Tue Aug 30 14:00:00 2005 Ajith Thampi 5.0.4-18tr - Fix Integer overflow in pcre_compile.c which allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-2491 to this issue. - added support for mbstring, Bug #1247.
Tue Aug 16 14:00:00 2005 Syed Shabir Zakiullah 5.0.4-17tr - Now Install missing pear packages, Bug #1185 - New Upstream of XML_RPC to fix broken PEAR installation, Bug #1185
Tue Aug 9 14:00:00 2005 Syed Shabir Zakiullah 5.0.4-16tr - Rebuilt with Curl support.
Mon Aug 1 14:00:00 2005 Syed Shabir Zakiullah 5.0.4-15tr - Enabled FastCGI support in /home/httpd/cgi-bin/php-fcgi. Bug #1136
Thu Jul 7 14:00:00 2005 Syed Shabir Zakiullah 5.0.4-14tr - Enabled support for Socket functions. Ref. Bug #1042.
Thu Jun 30 14:00:00 2005 Syed Shabir Zakiullah 5.0.4-13tr - Security Fix: PHP XML RPC\'s remote code execution vulnerability. - GulfTech Security recently discovered a vulnerability in the PHP XML RPC that leads to remote code execution.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1921 to this issue.
Thu Jun 9 14:00:00 2005 Hasher J 5.0.4-12tr - Added libxml2-devel, freetype, mhash-devel in buildrequires Bug #877
Thu May 26 14:00:00 2005 Ajith Thampi 5.0.4-10tr - Added mhash support, referenced Bug #748
Wed May 4 14:00:00 2005 Ajith Thampi 5.0.4-9tr - Rebuilt to fix apache Segfaulting issue
Thu Apr 28 14:00:00 2005 Ajith Thampi 5.0.4-8tr - Re-Added support for pcntl in CLI due to persistence , Bug #384
Mon Apr 25 14:00:00 2005 Ajith Thampi 5.0.4-7tr - Rebuilt on db-4.3.27 - Removed pcntl option, deemed unstable - Added xslt support, Bug #507
Thu Apr 21 14:00:00 2005 Ajith Thampi 5.0.4-6tr - Built with snmp support, Added snmp package
Wed Apr 20 14:00:00 2005 Ajith Thampi 5.0.4-5tr - Added pcntl option, Bug #384 - Rebuilt for postgresql-8.0.2
Tue Apr 12 14:00:00 2005 Raghu 5.0.4-4tr - Rebuilt for openldap-2.2.24
Mon Apr 11 14:00:00 2005 Raghu 5.0.4-3tr - Rebuilt for openldap-2.2.9
Thu Apr 7 14:00:00 2005 Syed Shabir Zakiullah 5.0.4-2tr - Rebuilt against new readline
Mon Apr 4 14:00:00 2005 Syed Shabir Zakiullah 5.0.4-1tr - New Upstream
Thu Mar 24 13:00:00 2005 Syed Shabir Zakiullah 5.0.3-4tr - Fixed path for apache modules in filelist
Fri Mar 18 13:00:00 2005 Ajith Thampi 5.0.3-3tr - Removed uw-imap dependency to libc-client - Rebuilt with kerberos support
Wed Feb 2 13:00:00 2005 Ajith Thampi 5.0.3-2tr - Rebuild for db-4.2.52
Fri Dec 17 13:00:00 2004 Erlend Midttun 5.0.3-1tr - New upstream. Fixes more CAN\'s than I can remember
Mon Dec 13 13:00:00 2004 Erlend Midttun 5.0.2-6tr - Added freetype and ttf to gd.
Sat Dec 11 13:00:00 2004 Erlend Midttun 5.0.2-5tr - Added patch from Christian Hamar to add zlib support
Sat Nov 13 13:00:00 2004 Erlend Midttun 5.0.2-4tr - Now with soap support.
Tue Nov 9 13:00:00 2004 Oystein Viggen 5.0.2-3tr - Rebuild with shared openssl
Sat Nov 6 13:00:00 2004 Erlend Midttun 5.0.2-2tr - Now with extension-dir set to /usr/share/php
Thu Oct 28 14:00:00 2004 Erlend Midttun 5.0.2-2tr - Now with MySQLi support.
Thu Oct 28 14:00:00 2004 Erlend Midttun 5.0.2-1tr - New upstream.
Sun Sep 19 14:00:00 2004 Erlend Midttun 5.0.1-3tr - Try to get obsoletes and provides right.
Mon Sep 13 14:00:00 2004 Erlend Midttun 5.0.1-2tr - Now with v5 php.ini as well.
Mon Sep 13 14:00:00 2004 Erlend Midttun 5.0.1-1tr - New major upstream.
Thu Jul 22 14:00:00 2004 Oystein Viggen 4.3.8-2tr - New upstream.
Fri Jun 18 14:00:00 2004 Chr. Toldnes 4.3.7-1tr - New upstream version: 4.3.7
Sun Mar 14 13:00:00 2004 Chr. Toldnes 4.3.4-8tr - removed cyrus support, does not build with new cyrus.
Mon Mar 1 13:00:00 2004 Erlend Midttun 4.3.4-6tr - Added the missing extensions.
Wed Dec 3 13:00:00 2003 Erlend Midttun 4.3.4-4tr - Stricter defaults in php.ini.
Wed Nov 19 13:00:00 2003 Tor Hveem 4.3.4-3th - Readd a BuildReq - Renamed libpng12 Req to libpng - Tried removing the _noVersionedDependencies hack
Tue Nov 18 13:00:00 2003 Tor Hveem 4.3.4-2th - Rebuild for apache with LFS
Wed Nov 5 13:00:00 2003 Gerald Dachs 4.3.4-1gd - New upstream version - build requires rpm-build >= 4.0.4-22gd
Tue Sep 16 14:00:00 2003 Tor Hveem 4.3.3-1th - New upstream - Fixed docs and tests paths - Fixed some bogus BuildReq\'s
Fri Sep 12 14:00:00 2003 Gerald Dachs 4.3.2-9gd - enabled db4 support
Mon Jun 23 14:00:00 2003 Erlend Midttun 4.3.2-8tr - Added %defattr
Sat Jun 21 14:00:00 2003 Gerald Dachs 4.3.2-7gd - Added --with-gettext
Wed Jun 18 14:00:00 2003 Erlend Midttun 4.3.2-6tr - Big rebuild
Wed Jun 11 14:00:00 2003 Gerald Dachs 4.3.2-5gd - buildrequries cyrus-sasl-devel, readline-devel
Wed Jun 11 14:00:00 2003 Gerald Dachs 4.3.2-4gd - use --with-regex=php now, removed patch0
Sat Jun 7 14:00:00 2003 Erlend Midttun 4.3.2-3em - Fix file conflict on /usr/bin/php.
Sun Jun 1 14:00:00 2003 Erlend Midttun 4.3.2-2em - Removed libapr-devel
Sun Jun 1 14:00:00 2003 Gerald Dachs 4.3.2-1gd - New upstream version. - openssl linked static, because of bug in php - hack for pleasing apxs with a fake httpd.conf - made patch to allow to use --with-regex=system
Wed May 28 14:00:00 2003 Gerald Dachs 4.3.1-8gd - Added package domxml
Fri May 23 14:00:00 2003 Tor Hveem 4.3.1-7th - Missing BuildReq readline-devel, libpng-devel, libjpeg-devel, mysql-devel - Added --with-cyrus - Added package gd
Thu May 15 14:00:00 2003 Erlend Midttun 4.3.1-6em - Moved docs
Wed Apr 30 14:00:00 2003 Erlend Midttun 4.3.1-5em - Major cleanup.
Wed Apr 30 14:00:00 2003 Erlend Midttun 4.3.1-4em - mod_php4-pgsql requires postgresql-libs and not postgresql.
Mon Apr 28 14:00:00 2003 Erlend Midttun 4.3.1-3em - Rebuild against new mysql.
Mon Mar 24 13:00:00 2003 Erlend Midttun 4.3.1-2em - Rebuilt against glibc 2.3.2.
Thu Mar 20 13:00:00 2003 Erlend Midttun 4.3.1-1em - New upstream version.
Fri Feb 28 13:00:00 2003 Erlend Midttun 4.3.0-6em - Fixed entension dir.
Wed Feb 19 13:00:00 2003 Erlend Midttun 4.3.0-5em - Added conf file.
Sat Jan 18 13:00:00 2003 Gerald Dachs 4.3.0-4gd - rebuilt against openssl 0.9.7
Sat Jan 11 13:00:00 2003 Tor Hveem 4.3.0-3th - added packages: openssl, cli, exif
Fri Jan 3 13:00:00 2003 Erlend Midttun 4.3.0-2em - Changed Req: imap to BuildReq: uw-imap-devel on -imap package - New and improved php.ini file. Slightly modified php.ini-recommended.
Sat Dec 28 13:00:00 2002 Tor Hveem 4.3.0-1th - New upstream version: 4.3.0 - Removed tsrm patch - Added new build requirements bzip2-devel, libapr-devel - Readded imap module
Thu Sep 26 14:00:00 2002 Erlend Midttun 4.2.3-2em - Added buildreq flex.
Wed Sep 11 14:00:00 2002 Erlend Midttun 4.2.3-1em - New PHP. - Now required Apache 2.
Mon Mar 25 13:00:00 2002 Christian H. Toldnes - The old rfc1867.c didn\'t fix it. Applied a new patch.
Thu Feb 28 13:00:00 2002 Christian H. Toldnes - Applied securitypatch. (rfc1867.c)
Wed Sep 26 14:00:00 2001 Erlend Midttun - Seems the previous mailsec patch was broken, trying again.
Thu Jul 26 14:00:00 2001 Erlend Midttun - Fixed a few dependencies.
Thu Jul 19 14:00:00 2001 Oystein Viggen - Add a fix from cvs to stop mail() from breaking safe mode.
Mon Jul 16 14:00:00 2001 Oystein Viggen - 4.0.6 didn\'t fix memlimit. Added patch from the php team.
Mon Jul 9 14:00:00 2001 Oystein Viggen - Because of build problems, imap is no longer built as a module.
Tue Jul 3 14:00:00 2001 Oystein Viggen - define _noVersionedDependencies
Mon Jul 2 14:00:00 2001 Oystein Viggen - New upstream version: 4.0.6 - This new version fixes a bug with --enable-memory-limit
Mon Jun 11 14:00:00 2001 Oystein Viggen - New upstream version: 4.0.5
Mon Mar 19 13:00:00 2001 Alexander Reelsen - Picked up 4.0.4pl1 - Created dynamic modules (and own packages) for imap, ldap, mysql and pgsql
Wed Oct 18 14:00:00 2000 Per Ivar Paulsen - Update to 3.0.17. Removed syslog patch
Wed May 3 14:00:00 2000 Per Ivar Paulsen - Update to php 3.0.16
Sat Feb 26 13:00:00 2000 Lars Gaarden - Picked up php 3.0.15
Fri Feb 25 13:00:00 2000 Lars Gaarden - Added Provides: php
Tue Jan 25 13:00:00 2000 Per Ivar Paulsen - picked up php 3.0.14. - Initial release for the Trustix Secure Linux distribution. - Added noreplace. - Moved man and info pages to /usr/share adhering to FHS - TODO: add better default configuration
Thu Jan 6 13:00:00 2000 Per Ivar Paulsen - picked up php 3.0.13. And updated manual
Fri Apr 16 14:00:00 1999 Preston Brown - pick up php3.ini
Wed Mar 24 13:00:00 1999 Preston Brown - build against apache 1.3.6
Sun Mar 21 13:00:00 1999 Cristian Gafton - auto rebuild in the new build environment (release 2)
Mon Mar 8 13:00:00 1999 Preston Brown - upgraded to 3.0.7.
Wed Feb 24 13:00:00 1999 Preston Brown - Injected new description and group.
Sun Feb 7 13:00:00 1999 Preston Brown - upgrade to php 3.0.6, built against apache 1.3.4
Mon Oct 12 14:00:00 1998 Cristian Gafton - rebuild for apache 1.3.3
Thu Oct 8 14:00:00 1998 Preston Brown - updated to 3.0.5, fixes nasty bugs in 3.0.4.
Sun Sep 27 14:00:00 1998 Cristian Gafton - updated to 3.0.4 and recompiled for apache 1.3.2
Thu Sep 3 14:00:00 1998 Preston Brown - improvements; builds with apache-devel package installed.
Tue Sep 1 14:00:00 1998 Preston Brown - Made initial cut for PHP3.
|
|
|