SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for php5-soap-5.6.40-21.2.x86_64.rpm :

* Fri May 13 2022 pgajdosAATTsuse.com- security update- added patches fix CVE-2015-9253 [bsc#1081790], The php-fpm master process restarts a child process in an endless loop when using program execution functions + php5-CVE-2015-9253.patch fix CVE-2021-21702 [bsc#1182049], NULL pointer dereference in SoapClient + php5-CVE-2021-21702.patch fix CVE-2021-21703 [bsc#1192050], Local privilege escalation via PHP-FPM + php5-CVE-2021-21703.patch fix CVE-2021-21704 [bsc#1188035], security issues in pdo_firebase module + php5-CVE-2021-21704.patch fix CVE-2021-21705 [bsc#1188037], SSRF bypass in FILTER_VALIDATE_URL + php5-CVE-2021-21705.patch fix CVE-2021-21707 [bsc#1193041], special character breaks path in xml parsing + php5-CVE-2021-21707.patch
* Mon Jan 11 2021 pgajdosAATTsuse.com- security update- added patches fix CVE-2020-7071 [bsc#1180706], FILTER_VALIDATE_URL accepts URLs with invalid userinfo + php5-CVE-2020-7071.patch
* Fri Oct 09 2020 pgajdosAATTsuse.com- security update- added patches fix CVE-2020-7070 [bsc#1177352], Percent-encoded cookies can be used to overwrite existing prefixed cookie names + php5-CVE-2020-7070.patch
* Thu Aug 13 2020 pgajdosAATTsuse.com- security update- added patches fix CVE-2020-7068 [bsc#1175223], Use of freed hash key in the phar_parse_zipfile function + php5-CVE-2020-7068.patch
* Mon May 25 2020 pgajdosAATTsuse.com- security update- added patches fix CVE-2019-11048 [bsc#1171999], supplying overly long filenames or field names if HTTP file uploads are allowed could lead to exhausting disk space on the server + php5-CVE-2019-11048.patch
* Tue Apr 07 2020 pgajdosAATTsuse.com- security update- added patches fix CVE-2020-7064 [bsc#1168326], read one byte of uninitialized memory via malicious data + php5-CVE-2020-7064.patch fix CVE-2020-7066 [bsc#1168352], URL truncation if the URL contains zero (\\0) character + php5-CVE-2020-7066.patch
* Mon Mar 02 2020 pgajdosAATTsuse.com- security update- added patches fix CVE-2020-7062 [bsc#1165280], null pointer dereference when using file upload functionality under specific circumstances + php5-CVE-2020-7062.patch fix CVE-2020-7063 [bsc#1165289], creating PHAR archive using PharData:buildFromIterator() function will add files with default permissions + php5-CVE-2020-7063.patch
* Mon Feb 24 2020 pgajdosAATTsuse.com- fix the logic- modified patches % php5-pspell-do-not-allow-ucs.patch
* Mon Feb 10 2020 pgajdosAATTsuse.com- add %apache_rex_deps
* Mon Feb 10 2020 pgajdosAATTsuse.com- added patches Do not allow ucs-2 and ucs-4 encodings [bsc#1161982]. + php5-pspell-do-not-allow-ucs.patch
* Mon Feb 10 2020 pgajdosAATTsuse.com- security update- added patches CVE-2019-11045 [bsc#1159923] + php5-CVE-2019-11045.patch CVE-2019-11046 [bsc#1159924] + php5-CVE-2019-11046.patch CVE-2019-11047 [bsc#1159922] + php5-CVE-2019-11047.patch CVE-2019-11050 [bsc#1159927] + php5-CVE-2019-11050.patch
* Mon Feb 10 2020 pgajdosAATTsuse.com- test with apache-rex
* Wed Feb 05 2020 pgajdosAATTsuse.com- security update- added patches CVE-2020-7059 [bsc#1162629] + php5-CVE-2020-7059.patch CVE-2020-7060 [bsc#1162632] + php5-CVE-2020-7060.patch
* Fri Oct 25 2019 pgajdosAATTsuse.com- security update- added patches CVE-2019-11036 [bsc#1134322] + php5-CVE-2019-11036.patch CVE-2019-11041 [bsc#1146360] + php5-CVE-2019-11041.patch CVE-2019-11042 [bsc#1145095] + php5-CVE-2019-11042.patch CVE-2019-11043 [bsc#1154999] + php5-CVE-2019-11043.patch
* Tue Jul 16 2019 pgajdosAATTsuse.com- security update- added patches CVE-2019-11038 [bsc#1140118] + php-CVE-2019-11038.patch
* Tue Apr 30 2019 pgajdosAATTsuse.com- security update- added patches CVE-2019-11034 [bsc#1132838] + php-CVE-2019-11034.patch CVE-2019-11035 [bsc#1132837] + php-CVE-2019-11035.patch
* Wed Mar 20 2019 pgajdosAATTsuse.com- security update- added patches CVE-2019-9637 [bsc#1128892] + php-CVE-2019-9637.patch CVE-2019-9675 [bsc#1128886] + php-CVE-2019-9675.patch CVE-2019-9638 [bsc#1128889], CVE-2019-9639 [bsc#1128887] + php-CVE-2019-9638,9639.patch CVE-2019-9640 [bsc#1128883] + php-CVE-2019-9640.patch
* Mon Jan 14 2019 pgajdosAATTsuse.com- updated to 5.6.40
* Mon Dec 10 2018 pgajdosAATTsuse.com- updated to 5.6.39
* Mon Sep 17 2018 pgajdosAATTsuse.com- updated to 5.6.38
* Fri Aug 03 2018 pgajdosAATTsuse.com- updated to 5.6.37: Several security bugs have been fixed in this release.
* Fri Jul 20 2018 pgajdosAATTsuse.com- reenable mcrypt extension for 42.3
* Tue Jul 17 2018 pgajdosAATTsuse.com- reenable imap extension for 42.3
* Mon Jun 04 2018 pgajdosAATTsuse.com- require libopenssl-1_0_0-devel for 15.0
* Mon Apr 30 2018 pgajdosAATTsuse.com- updated to 5.6.36: This is a security release. Several security bugs have been fixed in this release.
* Wed Apr 04 2018 pgajdosAATTsuse.com- updated to 5.6.35: One security bug was fixed in this release.
* Fri Mar 09 2018 pgajdosAATTsuse.com- updated to 5.6.34: One security bug was fixed in this release.
* Tue Jan 09 2018 pgajdosAATTsuse.com- updated to 5.6.33: Several security bugs were fixed in this release.
* Fri Oct 27 2017 pgajdosAATTsuse.com- updated to 5.6.32: This is a security release. Several security bugs were fixed in this release.
* Mon Jul 17 2017 pgajdosAATTsuse.com- dropped mcrypt extension [fate#323673]
* Fri Jul 07 2017 ilyaAATTilya.pp.ua- Updated to 5.6.31: Several bugs have been fixed.
* ChangeLog https://secure.php.net/ChangeLog-5.php#5.6.31
* Thu Jun 22 2017 mpluskalAATTsuse.com- Drop imap support, it depends on obsolete imap package
* Fri Mar 17 2017 kukukAATTsuse.com- Don\'t install the init script if we use systemd
* Thu Feb 02 2017 pgajdosAATTsuse.com- suggest php5-
* instead of php-
* [bsc#1022158c#4]
* Tue Jan 24 2017 pgajdosAATTsuse.com- update to 5.6.30: Several security bugs were fixed in this release.
* Mon Dec 12 2016 fbuiAATTsuse.com- Replace pkgconfig(libsystemd-
*) with pkgconfig(libsystemd) Nowadays pkgconfig(libsystemd) replaces all libsystemd-
* libs, which are obsolete.
* Mon Dec 12 2016 pgajdosAATTsuse.com- updated to 5.6.29: Several security bugs were fixed in this release.
* Fri Nov 11 2016 pgajdosAATTsuse.com- updated to 5.6.28: This is a security release. Several security bugs were fixed in this release.
* Mon Oct 24 2016 pgajdosAATTsuse.com- adjust firebird dependency
* Mon Oct 17 2016 pgajdosAATTsuse.com- updated to 5.6.27: This is a security release. Several security bugs were fixed in this release.
* Fri Sep 16 2016 pgajdosAATTsuse.com- updated to 5.6.26: Several security bugs were fixed in this release.
* Mon Aug 22 2016 pgajdosAATTsuse.com- updated to 5.6.25: Several security bugs were fixed in this release.
* Mon Aug 01 2016 pgajdosAATTsuse.com- updated to 5.6.24: Several security bugs were fixed in this release.
* Tue Jun 28 2016 pgajdosAATTsuse.com- updated to 5.6.23: Several bugs were fixed in this release, including security-related ones.
* Mon Jun 20 2016 pgajdosAATTsuse.com- systemd unit: remove syslog.target from After [bsc#983938]
* Mon May 30 2016 pgajdosAATTsuse.com- updated to 5.6.22: This is a security release. Several security bugs were fixed in this release.
* Thu Apr 28 2016 pgajdosAATTsuse.com- updated to 5.6.21: This is a security release. Several security bugs were fixed in this release.
* removed upstreamed php5-no-reentrant-crypt.patch
* Fri Apr 01 2016 pgajdosAATTsuse.com- updated to 5.6.20: This is a security release. Several security bugs were fixed in this release.
* Mon Mar 07 2016 pgajdosAATTsuse.com- updated to 5.6.19: This is a security release in which several security bugs were fixed.
* Wed Feb 10 2016 pgajdosAATTsuse.com- updated to 5.6.18: Several security bugs were fixed in this release.
* Thu Feb 04 2016 pgajdosAATTsuse.com- require postgresql-devel < 9.4 for sle12 to fix build
* Fri Jan 29 2016 pgajdosAATTsuse.com- versioned provides
* Fri Jan 08 2016 pgajdosAATTsuse.com- updated to 5.6.17: This is a security release. Several security bugs were fixed in this release.
* Mon Dec 28 2015 pgajdosAATTsuse.com- updated to 5.6.16: Several bugs have been fixed.
* Mon Dec 14 2015 pgajdosAATTsuse.com- php5-pear-Archive_Tar provides 1.4.0
* Tue Dec 01 2015 pgajdosAATTsuse.com- install .depdb and .depdblock files along metadata
* php5-depdb-path.patch
* Mon Nov 23 2015 pgajdosAATTsuse.com- set pear\'s metadata dir to %{peardir}
* Mon Nov 16 2015 pgajdosAATTsuse.com- require postgresql-devel version at least 9.1.0 to fix build for SLE-11-SP4
* Mon Nov 16 2015 pgajdosAATTsuse.com- test mod_php with %apache_test_module_curl- restart apache during mod_php upgrade
* Fri Nov 13 2015 ajAATTajaissle.de- Spec cleanup
* Split Archive_Tar from -pear sub packge to allow updating this part via rpm
* Added \"Provides: php-firebird\" to -firebird sub package
* Added \"Provides: mod_php_any\" to server api module packages - fastcgi and -fpm
* Wed Nov 11 2015 pgajdosAATTsuse.com- updated to 5.6.15: Several bugs have been fixed.
* Mon Oct 05 2015 pgajdosAATTsuse.com- updated to 5.6.14:
* Two security bugs were fixed in this release.
* Tue Sep 08 2015 pgajdosAATTsuse.com- php-odbc-cmp-int-cast.patch renamed to php5-odbc-cmp-int-cast.patch to be consistent with other patch names
* Mon Sep 07 2015 abergmannAATTsuse.com- added php5-fix_net-snmp_disable_MD5.patch: If MD5 was disabled in net-snmp we have to disable the used MD5 function in ext/snmp/snmp.c as well. (bsc#944302)
* Fri Sep 04 2015 pgajdosAATTsuse.com- updated to 5.6.13:
* 11 security-related issues were fixed in this release.
* refreshed php5-systzdata-r12.patch
* Fri Sep 04 2015 pgajdosAATTsuse.com- fixed segfault in odbc extension when result set is containing NULL (php bugs #52554, #53007) [bnc#935074] (internal) + php-odbc-cmp-int-cast.patch
* Sat Aug 08 2015 michaelAATTstroeder.com- updated to 5.6.12: Twelve security-related issues in PHP were fixed in this release
* Tue Jul 14 2015 pgajdosAATTsuse.com- updated suhosin extension to 0.9.38 - removed code compatibility for PHP <5.4 - allow https location for suhosin.filter.action - fixed newline detection for suhosin.mail.protect - Added suhosin.upload.max_newlines to protect againt DOS attack via many MIME headers in RFC1867 uploads (CVE-2015-4024) - mail related test cases now work on linux - Relaxed array index blacklist (removed \'-\') due to wordpress incompatibility - Added SQL injection protection for Mysqli and several test cases - Added SQL injection protection for Mysqli and several test cases - Added wildcard matching for SQL username - Added check for SQL username to only contain valid characters (>= ASCII 32) - Test cases for user_prefix and user_postfix - Added experimental PDO support - SQL checks other than mysql (Mysqli + old-style) must be enabled with configure --enable-suhosin-experimental, e.g. MSSQL. - disallow_ws now matches all single-byte whitespace characters - remove_binary and disallow_binary now optionally allow UTF-8. - Introduced suhosin.upload.allow_utf8 (experimental) - Reimplemented suhosin_get_raw_cookies() - Fixed potential segfault for disable_display_errors=fail (only on ARM) - Fixed potential NULL-pointer dereference with func.blacklist and logging - Logging timestamps are localtime instead of gmt now (thanks to mkrokos) - Added new array index filter (character whitelist/blacklist) - Set default array index blacklist to \'\"+-<>;() - Added option to suppress date/time for suhosin file logging (suhosin.log.file.time=0) - Added simple script to create binary Debian package - Fixed additional recursion problems with session handler - Suhosin now depends on php_session.h instead of version-specific struct code
* Mon Jul 13 2015 pgajdosAATTsuse.com- updated to 5.6.11: Five security-related issues in PHP were fixed in this release, including CVE-2015-3152.
* Thu Jun 25 2015 crrodriguezAATTopensuse.org- php5-systemd-unit.patch: set Killmode=mixed in order to ensure fpm and children forked by script can terminate cleanly.
* Wed Jun 24 2015 pgajdosAATTsuse.com- mod_php5.so executable
* Thu Jun 18 2015 pgajdosAATTsuse.com- use apache-rpm-macros
* Thu Jun 18 2015 pgajdosAATTsuse.com- updated to 5.6.10: Several bugs have been fixed as well as several security issues into some bundled libraries (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-2325 and CVE-2015-2326).
* Fri Jun 05 2015 mrueckertAATTsuse.de- enable apparmor support: new BR libapparmor-devel
* Mon May 18 2015 pgajdosAATTsuse.com- update to 5.6.9: Several bugs have been fixed.- systzdata patch updated to r12 - php5-systzdata-r10.patch + php5-systzdata-r12.patch
* Fri Apr 24 2015 pgajdosAATTsuse.com- update to 5.6.8: Several bugs have been fixed some of them beeing security related, like CVE-2015-1351 and CVE-2015-1352.- refreshed php5-crypto-checks.patch
* Mon Apr 20 2015 pgajdosAATTsuse.com- configure php-fpm with --localstatedir=/var [bnc#927147]
* Wed Apr 08 2015 pgajdosAATTsuse.com- systzdata patch updated to r10 - php5-systzdata-v7.patch + php5-systzdata-r10.patch
* Thu Apr 02 2015 pgajdosAATTsuse.com- build against system gd and libzip only for 13.2 and above
* Tue Mar 24 2015 pgajdosAATTsuse.com- update to 5.6.7: Several bugs have been fixed as well as CVE-2015-0231, CVE-2015-2305 and CVE-2015-2331.
* Tue Mar 24 2015 pgajdosAATTsuse.com- build against system gd [bnc#923946]
* Fri Mar 20 2015 pgajdosAATTsuse.com- build against system libzip [bnc#922894]
* Mon Feb 23 2015 pgajdosAATTsuse.com- update to 5.6.6: fixes several bugs and addresses CVE-2015-0235 and CVE-2015-0273.
* Mon Feb 09 2015 pgajdosAATTsuse.com- added README.default_socket_timeout [bnc#907519]
* Tue Feb 03 2015 pgajdosAATTsuse.com- fix sle_11_sp3 build
* Mon Jan 26 2015 pgajdosAATTsuse.com- update to 5.6.5: This release fixes several bugs as well as CVE-2015-0231, CVE-2014-9427 and CVE-2015-0232.- removed patches:
* php-CVE-2014-9426.patch
* php-CVE-2014-9427.patch
* php-CVE-2015-0231.patch
* Wed Jan 21 2015 pgajdosAATTsuse.com- added php-CVE-2015-0231.patch [bnc#910659]
* Mon Jan 05 2015 pgajdosAATTsuse.com- added php-CVE-2014-9426.patch [bnc#911663]- added php-CVE-2014-9427.patch [bnc#911664]
* Fri Dec 19 2014 pgajdosAATTsuse.com- update to 5.6.4: This release fixes several bugs and one CVE related to unserialization.
* Tue Nov 18 2014 pgajdosAATTsuse.com- update to 5.6.3: This release fixes several bugs and one CVE in the fileinfo extension.
* Mon Oct 27 2014 pgajdosAATTsuse.com- update to 5.6.2: Four security-related bugs were fixed in this release, including fixes for CVE-2014-3668, CVE-2014-3669 and CVE-2014-3670.
* Tue Oct 14 2014 pgajdosAATTsuse.com- upgraded to 5.6.1:
* Several bugs were fixed in this release (including CVE-2014-3622).
* Thu Oct 02 2014 crrodriguezAATTopensuse.org- php5-crypto-checks.patch: Fix broken libcrypto checks DSA_get_default_method is in -lcrypto not -lssl- DO not use xorg-x11-devel, just pkgconfig(xpm) and xft- Support WEBP in the gd extension by buildrequiring libvpx-devel
* Fri Aug 29 2014 pgajdosAATTsuse.com- fix CVE-2014-5459 [bnc#893849]
* Fri Aug 29 2014 pgajdosAATTsuse.com- actually, there\'s no point to install pear from other source than from php tarball
* remove source install-pear-nozlib.phar
* Thu Aug 28 2014 pgajdosAATTsuse.com- updated PEAR to 1.9.5, bugfix release see http://pear.php.net/package/PEAR/download for details
* Thu Aug 28 2014 pgajdosAATTsuse.com- updated to 5.6.0:
* Most improvements in PHP 5.6.x have no impact on existing code. There are a few incompatibilities and new features that should be considered: http://php.net/manual/en/migration56.php- removed patches:
* php5-big-file-upload.patch (upstreamed)
* php5-suhosin-php55.patch (upstreamed)- modified patches:
* php5-openssl.patch (refreshed)
* Tue Aug 26 2014 pgajdosAATTsuse.com- This release fixes several bugs against PHP 5.5.15 and resolves CVE-2014-3538, CVE-2014-3587, CVE-2014-2497, CVE-2014-5120 and CVE-2014-3597.- removed patches:
* php-CVE-2014-2497.patch
* Tue Jul 29 2014 pgajdosAATTsuse.com- updated to 5.5.15: This release fixes several bugs against PHP 5.5.14. The list of changes is recorded in the ChangeLog or http://php.net/ChangeLog-5.php#5.5.15.- removed patches:
* php-CVE-2014-4670.patch (upstreamed)
* php-CVE-2014-4698.patch (upstreamed)
* Thu Jul 17 2014 pgajdosAATTsuse.com- security update:
* php-CVE-2014-4670.patch [bnc#886059]
* php-CVE-2014-4698.patch [bnc#886060]- php-5.5.10-CVE-2014-2497.patch renamed to php-CVE-2014-2497.patch
* Tue Jul 01 2014 pgajdosAATTsuse.com- updated to 5.5.14: This release fixes several bugs against PHP 5.5.13. Also, this release fixes a total of 8 CVEs, half of them concerning the FileInfo extension.- removed php-5.5.13-CVE-2014-4049.patch (upstreamed)
* Tue Jun 17 2014 pgajdosAATTsuse.com- security update
* php-5.5.13-CVE-2014-4049.patch [bnc#882992]
* Tue Jun 17 2014 pgajdosAATTsuse.com- php5-5.5.10-CVE-2014-2497.patch renamed to php-5.5.10-CVE-2014-2497.patch to be consistent with other product php patches names
* Tue Jun 03 2014 pgajdosAATTsuse.com- do not package latest_test_results.txt; instead, run build-test.sh twice: before and after source changes
* Mon Jun 02 2014 pgajdosAATTsuse.com- updated to 5.5.13: This release fixes several bugs in PHP 5.5.12, and addresses two CVEs in Fileinfo (CVE-2014-0238 and CVE-2014-0237).
* Wed May 07 2014 pgajdosAATTsuse.com- updated to 5.5.12: Fixed several bugs against PHP 5.5.11, as well as CVE-2014-0185 regarding PHP-FPM.- improved build-test.sh
* Wed Apr 30 2014 pgajdosAATTsuse.com- build-test.sh: use relevant api for build; propagate build parameters to osc
* Wed Apr 30 2014 schwabAATTlinux-m68k.org- php5-gcc_builtins.patch: remove unused patch
* Tue Apr 29 2014 pgajdosAATTsuse.com- add build-test.sh and latest_test_results.txt for testing regressions in tests before and after update. Run sh build-test.sh after changes. php will get built and test results will be compared with latest_test_results.txt and differences reported. mv latest_test_results.txt.new latest_test_results.txt if differences are acceptable.
* Wed Apr 09 2014 pgajdosAATTsuse.com- updated to 5.5.11:
* Several bugs were fixed in this release, some bundled libraries updated and a security issue has been fixed : CVE-2013-7345.
* Fri Apr 04 2014 pgajdosAATTsuse.com- fixed CVE-2014-2497 [bnc#868624]
* Mon Mar 17 2014 pgajdosAATTsuse.com- updated to 5.5.10:
* Several bugs were fixed in this release, including security issues related to CVEs. CVE-2014-1943, CVE-2014-2270 and CVE-2013-7327 have been addressed in this release.
* Tue Feb 11 2014 adaugherityAATTtamu.edu- Fix build on non-systemd distros (esp. SLES 11)
* Fri Feb 07 2014 pgajdosAATTsuse.com- updated to 5.5.9:
* This release fixes several bugs against PHP 5.5.8.
* see NEWS or http://www.php.net/ChangeLog-5.php#5.5.9 for details- modified patches:
* php5-no-build-date.patch (refreshed using quilt)
* Mon Jan 13 2014 pgajdosAATTsuse.com- updated to 5.5.8:
* fixes CVE-2013-6712 and build against freetype2
* see http://www.php.net/ChangeLog-5.php#5.5.8 for more
* removed CVE-2013-6712.patch
* removed freetype2_include_dir.patch
* Fri Dec 20 2013 hrvoje.senjanAATTgmail.com- Added php5-freetype2_include_dir.patch: Fixes check of freetype2 headers, as freetype2 2.5.1 changed the header location
* Wed Dec 18 2013 pgajdosAATTsuse.com- updated to 5.5.7:
* fixes some bugs against PHP 5.5.6 and it also includes a fix for CVE-2013-6420 in OpenSSL extension - > removed CVE-2013-6420.patch
* Wed Dec 11 2013 pgajdosAATTsuse.com- security update [bnc#854880]
* added CVE-2013-6420.patch
* Tue Dec 03 2013 pgajdosAATTsuse.com- security update [bnc#853045]
* added CVE-2013-6712.patch
* Fri Nov 22 2013 pgajdosAATTsuse.com- updated to 5.5.6:
* fixes some bugs against PHP 5.5.5, and adds some performance improvements.
* see http://www.php.net/ChangeLog-5.php#5.5.6 for details
* Fri Nov 22 2013 pgajdosAATTsuse.com- updated to 5.5.5:
* This release fixes about twenty bugs against PHP 5.5.4, some of them regarding the build system.
* added sys_temp_dir ini directive- removed custom-tmp-dir.patch (upstreamed)
* Fri Nov 22 2013 pgajdosAATTsuse.com- updated to 5.5.4:
* This release fixes several bugs against PHP 5.5.3.- crypt-tests.patch partially upstreamed- use zend_extension instead of extension directive in opcache.ini [bnc#840350]
* Fri Nov 22 2013 pgajdosAATTsuse.com- updated to 5.5.3: These release fix a bug in the patch for CVE-2013-4248 in OpenSSL module and compile failure with ZTS enabled in PHP 5.4.
* Fri Nov 22 2013 pgajdosAATTsuse.com- updated to 5.5.2:
* About 20 bugs were fixed, including security issue in OpenSSL module (CVE-2013-4248) and session fixation problem (CVE-2011-4718).
* Fri Nov 22 2013 pgajdosAATTsuse.com- updated to 5.5.1
* bugfixes incl. security fix in the XML parser
* Fri Nov 22 2013 langAATTb1-systems.de- replace php5-64-bit-post-large-files.patch with php5-big-file-upload.patch patch that uses def_t instead of signed long as suggested by upstream
* Fri Nov 22 2013 pgajdosAATTsuse.com- updated to 5.5.0:
* Added generators and coroutines.
* Added the finally keyword.
* Added a simplified password hashing API.
* Added support for constant array/string dereferencing.
* Added scalar class name resolution via ::class.
* Added support for using empty() on the result of function calls and other expressions.
* Added support for non-scalar Iterator keys in foreach.
* Added support for list() constructs in foreach statements.
* Added the Zend OPcache extension for opcode caching.
* A lot more improvements and fixes.
* PHP logo GUIDs have been removed.
* Case insensitivity is no longer locale specific. All case insensitive matching for function, class and constant names is now performed in a locale independent manner according to ASCII rules.- buildrequire cyrus-sasl-devel explicitely- suhosin-php54.patch renamed to suhosin-php55.patch
* Mon Nov 18 2013 pgajdosAATTsuse.com- update to 5.4.22:
* About 10 bugs were fixed.
* see http://www.php.net/ChangeLog-5.php#5.4.22 for details
* Wed Oct 30 2013 pgajdosAATTsuse.com- updatedto 5.4.21:
* About 10 bugs were fixed.
* added custom-tmp-dir.patch by Per Jessen
* Sun Oct 13 2013 crrodriguezAATTopensuse.org- build with --with-fpm-systemd and install systemd unit- php5-systemd-unit.patch: tweak systemd unit for openSUSE requirements- php5-openssl.patch: only openSSL_config() is really needed.- Recommended for 13.1 and Factory
* Wed Sep 25 2013 pgajdosAATTsuse.com- updated to 5.4.20:
* About 30 bugs were fixed.
* Thu Sep 05 2013 pgajdosAATTsuse.com- updated to 5.4.19:
* These releases fix a bug in the patch for CVE-2013-4248 in OpenSSL module and compile failure with ZTS enabled in PHP 5.4.
* Tue Aug 20 2013 pgajdosAATTsuse.com- updated to 5.4.18:
* About 30 bugs were fixed, including security issues CVE-2013-4113 and CVE-2013-4248.
* Thu Aug 01 2013 crrodriguezAATTopensuse.org- php5-per-mod-log.patch: It turns out that requesting per-module logging support in 2.4 will not do a thing if the expansion of APLOG_USE_MODULE is not visible to all files of the module so place it in the header instead.
* Wed Jul 31 2013 crrodriguezAATTopensuse.org- php5-per-mod-log.patch Support apache 2.4 per module logging- php5-apache24-updates.patch Use proper API in apache 2.4 to determine when the module has to be loaded. I made this patches at least a year ago, but for some reason they went out of my radar and were not applied to upstream Will be submitted again soon.
* Mon Jul 15 2013 pgajdosAATTsuse.com- updated to 5.4.17: Core: Fixed bug #64988 (Class loading order affects E_STRICT warning). Fixed bug #64966 (segfault in zend_do_fcall_common_helper_SPEC). Fixed bug #64960 (Segfault in gc_zval_possible_root). Fixed bug #64936 (doc comments picked up from previous scanner run). Fixed bug #64934 (Apache2 TS crash with get_browser()). Fixed bug #64166 (quoted-printable-encode stream filter incorrectly discarding whitespace). DateTime: Fixed bug #53437 (Crash when using unserialized DatePeriod instance). FPM: Fixed bug #64915 (error_log ignored when daemonize=0). Implemented FR #64764 (add support for FPM init.d script). PDO: Fixed bug #63176 (Segmentation fault when instantiate 2 persistent PDO to the same db server). PDO_DBlib: Fixed bug #63638 (Cannot connect to SQL Server 2008 with PDO dblib). Fixed bug #64338 (pdo_dblib can\'t connect to Azure SQL). Fixed bug #64808 (FreeTDS PDO getColumnMeta on a prepared but not executed statement crashes). PDO_firebird: Fixed bug #64037 (Firebird return wrong value for numeric field). Fixed bug #62024 (Cannot insert second row with null using parametrized query). PDO_mysql: Fixed bug #48724 (getColumnMeta() doesn\'t return native_type for BIT, TINYINT and YEAR). PDO_pgsql: Fixed bug #64949 (Buffer overflow in _pdo_pgsql_error). pgsql: Fixed bug #64609 (pg_convert enum type support). Readline: Implement FR #55694 (Expose additional readline variable to prevent default filename completion). SPL: Fixed bug #64997 (Segfault while using RecursiveIteratorIterator on 64-bits systems).
* Tue Jun 18 2013 jengelhAATTinai.de- Explicitly specify cyrus-sasl build dependency
* Thu Jun 13 2013 pgajdosAATTsuse.com- updated to 5.4.16- Core: . Fixed bug #64879 (Heap based buffer overflow in quoted_printable_encode, CVE 2013-2110). (Stas) . Fixed bug #64853 (Use of no longer available ini directives causes crash on TS build). (Anatol) . Fixed bug #64729 (compilation failure on x32). (Gustavo) . Fixed bug #64720 (SegFault on zend_deactivate). (Dmitry) . Fixed bug #64660 (Segfault on memory exhaustion within function definition). (Stas, reported by Juha Kylmänen)- Calendar: . Fixed bug #64895 (Integer overflow in SndToJewish). (Remi)- Fileinfo: . Fixed bug #64830 (mimetype detection segfaults on mp3 file). (Anatol)- FPM: . Ignore QUERY_STRING when sent in SCRIPT_FILENAME. (Remi) . Fixed some possible memory or resource leaks and possible null dereference detected by code coverity scan. (Remi) . Log a warning when a syscall fails. (Remi) . Add --with-fpm-systemd option to report health to systemd, and systemd_interval option to configure this. The service can now use Type=notify in the systemd unit file. (Remi)- MySQLi . Fixed bug #64726 (Segfault when calling fetch_object on a use_result and DB pointer has closed). (Laruence)- Phar . Fixed bug #64214 (PHAR PHPTs intermittently crash when run on DFS, SMB or with non std tmp dir). (Pierre)- SNMP: . Fixed bug #64765 (Some IPv6 addresses get interpreted wrong). (Boris Lytochkin) . Fixed bug #64159 (Truncated snmpget). (Boris Lytochkin)- Streams: . Fixed bug #64770 (stream_select() fails with pipes returned by proc_open() on Windows x64). (Anatol)- Zend Engine: . Fixed bug #64821 (Custom Exceptions crash when internal properties overridden). (Anatol)
* Fri May 10 2013 pgajdosAATTsuse.com- updated to 5.4.15: Core: Fixed bug #64578 (debug_backtrace in set_error_handler corrupts zend heap: segfault). Fixed bug #64458 (dns_get_record result with string of length -1). Fixed bug #64433 (follow_location parameter of context is ignored for most response codes). Fixed bug #47675 (fd leak on Solaris). Fixed bug #64577 (fd leak on Solaris). Fileinfo: Upgraded libmagic to 5.14. Streams: Fixed Windows x64 version of stream_socket_pair() and improved error handling. Zip: Fixed bug #64342 (ZipArchive::addFile() has to check for file existence).
* Fri Apr 26 2013 adaugherityAATTtamu.edu- Conflict with php53 packages so zypper doesn\'t suggest installing a mix of php53-
* (from SLES 11) and php5-
* (these 5.4 packages).
* Fri Apr 26 2013 adaugherityAATTtamu.edu- Fix build on SLES 11 (no firebird) and openSUSE <= 12.1 (no separate libfbclient2-devel pkg).
* Mon Apr 22 2013 pgajdosAATTsuse.com- use current install-pear-nozlib.phar from http://pear.php.net/install-pear-nozlib.phar- php5-pear package provides/obsoletes php5-pear-Archive_Tar, see explanation in the spec
* Wed Apr 17 2013 slavb18AATTgmail.com- add php5-firebird providing php5-interbase and php5-pdo_firebird
* Mon Apr 15 2013 pgajdosAATTsuse.com- updated to 5.4.14: Core: Fixed bug #64529 (Ran out of opcode space). Fixed bug #64515 (Memoryleak when using the same variablename two times in function declaration). Fixed bug #64432 (more empty delimiter warning in strX methods). Fixed bug #64417 (ArrayAccess::&offsetGet() in a trait causes fatal error). Fixed bug #64370 (microtime(true) less than $_SERVER[\'REQUEST_TIME_FLOAT\']). Fixed bug #64239 (Debug backtrace changed behavior since 5.4.10 or 5.4.11). Fixed bug #63976 (Parent class incorrectly using child constant in class property). Fixed bug #63914 (zend_do_fcall_common_helper_SPEC does not handle exceptions properly). Fixed bug #62343 (Show class_alias In get_declared_classes()). PCRE: Merged PCRE 8.32. SNMP: Fixed bug #61981 (OO API, walk: $suffix_as_key is not working correctly). Zip: Fixed bug #64452 (Zip crash intermittently). (Anatol)
* Mon Apr 15 2013 pgajdosAATTsuse.com- libc-client.so needs -lssl
* Fri Apr 05 2013 pgajdosAATTsuse.com- fixed \'http limits uploads to 2GB\' [bnc#812800], see https://bugs.php.net/bug.php?id=44522
* 64bit-post-large-files.patch
* Thu Mar 21 2013 pgajdosAATTsuse.com- updated to 5.4.13: Core: Fixed bug #64235 (Insteadof not work for class method in 5.4.11). Implemented FR #64175 (Added HTTP codes as of RFC 6585). Fixed bug #64142 (dval to lval different behavior on ppc64). Fixed bug #64070 (Inheritance with Traits failed with error). CLI server: Fixed bug #64128 (buit-in web server is broken on ppc64). Mbstring: mb_split() can now handle empty matches like preg_split() does. OpenSSL: Fixed bug #61930 (openssl corrupts ssl key resource when using openssl_get_publickey()). PDO_mysql: Fixed bug #60840 (undefined symbol: mysqlnd_debug_std_no_trace_funcs). Phar: Fixed timestamp update on Phar contents modification. SOAP Added check that soap.wsdl_cache_dir conforms to open_basedir (CVE-2013-1635). Disabled external entities loading (CVE-2013-1643, CVE-2013-1824). SPL: Fixed bug #64264 (SPLFixedArray toArray problem). Fixed bug #64228 (RecursiveDirectoryIterator always assumes SKIP_DOTS). Fixed bug #64106 (Segfault on SplFixedArray[][x] = y when extended). Fixed bug #52861 (unset fails with ArrayObject and deep arrays). SNMP: Fixed bug #64124 (IPv6 malformed).
* Thu Mar 21 2013 pgajdosAATTsuse.com- updated to 5.4.12:
* dropped sqlite.so (no longer shipped with 5.4)
* dropped t1lib support
* dropped %{suse_version} 10.x support
* see /usr/share/doc/packages/php5/UPGRADING or http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/UPGRADING for details
* source changes: D php-5.2.9-BNC-457056.patch -- renamed to php5-BNC-457056.patch D php-5.3.0-bnc513080.patch -- there\'s no relevant code in exif.c D php-5.3.1-systzdata-v7.patch -- renamed to php5-systzdata-v7.patch D php-5.3.2-aconf26x.patch -- dropped, it is not needed yet D php-5.3.2-ini.patch -- renamed to php5-ini.patch D php-5.3.2-no-build-date.patch -- renamed to php5-no-build-date.patch D php-5.3.22.tar.bz2 -- old tarball D php-5.3.4-format-string-issues.patch -- renamed to php5-format-string-issues.patch D php-5.3.4-pts.patch -- renamed to php5-pts.patch D php-5.3.6-gcc_builtins.patch -- renamed to php5-gcc_builtins.patch D php-5.3.6-ini-date.timezone.patch -- part of php5-ini.patch D php-5.3.8-CVE-2011-4153.patch -- fixed in 5.4 branch D php-5.3.8-crypt-tests.patch -- renamed to php5-crypt-tests.patch D php-5.3.8-no-reentrant-crypt.patch -- renamed to php5-no-reentrant-crypt.patch A php-5.4.13.tar.bz2 -- new version tarball D php-cloexec.patch -- renamed to php5-cloexec.patch M php-suse-addons.tar.bz2 -- content of tar balls are actualy equal A php5-BNC-457056.patch -- renamed from php-5.2.9-BNC-457056.patch, not rebased A php5-cloexec.patch -- renamed from php-cloexec.patch, rebased A php5-sytzdata-v7.patch -- renamed from sytzdata-v7.pach, not rebased A php-format-string-issues.patch -- renamed from php5-5.3.4-format-string-issues.patch, not rebased A php5-crypt-tests.patch -- renamed from php-5.3.8-crypt-tests.patch, not rebased A php5-gcc_builtins.patch -- renamed from php-5.3.6-gcc_builtins.patch, not rebased A php5-ini.patch -- renamed from php-5.3.2-ini.patch, rebased A php5-mbstring-missing-return.patch -- new patch, missing return M php5-missing-extdeps.patch -- rebased A php5-no-build-date.patch -- renamed from php-5.3.2-no-build-date.patch, rebased A php5-no-reentrant-crypt.patch -- renamed from php-5.3.8-no-reentrant-crypt.patch, not rebased M php5-openssl.patch -- rebased M php5-phpize.patch -- rebased A php5-pts.patch -- renamed from php-5.3.4-pts.patch, not rebased A php5-suhosin-php54.patch -- patch on top of suhosin-0.9.33.tgz to work with php 5.4 M php5.changes -- this change log M php5.spec -- new version, etc D suhosin-patch-5.3.3-0.9.10.patch.gz -- dropped, seems not be used for some time
* Mon Feb 25 2013 pgajdosAATTsuse.com- updated to 5.3.22: . Fixed bug #64099 (Wrong TSRM usage in zend_Register_class alias). (Johannes) . Fixed bug #63899 (Use after scope error in zend_compile). (Laruence) . Fixed bug #63943 (Bad warning text from strpos() on empty needle). (Laruence) . Fixed bug #55397 (comparsion of incomplete DateTime causes SIGSEGV). (Laruence, Derick) . Fixed bug #63999 (php with fpm fails to build on Solaris 10 or 11). (Adam) . Added check that soap.wsdl_cache_dir conforms to open_basedir (CVE-2013-1635). (Dmitry) . Disabled external entities loading (CVE-2013-1643). (Dmitry) . Fixed bug #64106 (Segfault on SplFixedArray[][x] = y when extended). (Nikita Popov)
* Thu Feb 07 2013 pgajdosAATTsuse.com- updated to 5.3.21:
* Fixed bug #63762 (Sigsegv when Exception::$trace is changed by user).
* Fixed bug (segfault due to libcurl connection caching).
* Fixed bug #63795 (CURL >= 7.28.0 no longer support value 1 for CURLOPT_SSL_VERIFYHOST). etc. see NEWS for details
* Thu Oct 18 2012 pgajdosAATTsuse.com- fix CVE-2011-4153 CVE-2011-4153 [bnc#741859]
* Tue Oct 16 2012 cooloAATTsuse.com- add explicit buildrequire on libbz2-devel (having to patch old .changes file to avoid \"double entry\")
* Thu Oct 11 2012 pgajdosAATTsuse.com- updated to 5.3.17:
* Fixed bug (segfault while build with zts and GOTO vm-kind)
* Fixed bug #62844 (parse_url() does not recognize //
* etc. see NEWS for details
* Mon Aug 27 2012 pgajdosAATTsuse.com- use FilesMatch with \'SetHandler\' rather than \'AddHandler\' [bnc#775852]
* Mon Aug 27 2012 pgajdosAATTsuse.com- updated to 5.3.16:
* fixes over 20 bugs, see NEWS for more details
* Wed Jul 25 2012 pgajdosAATTsuse.com- updated to 5.3.15:
* fixes over 30 bugs and includes a fix for a security related overflow issue in the stream implementation (CVE-2012-2688) [bnc#772582] and open_basedir bypass, CVE-2012-3365 [bnc#772580]
* Mon Jun 18 2012 pgajdosAATTsuse.com- updated to 5.3.14:
* bug-fix release, see NEWS for details
* Fri May 25 2012 pgajdosAATTsuse.com- updated to 5.3.13: various security fixes, CVE-2012-1823, CVE-2012-2311, CVE-2012-2335, CVE-2012-2336
* removed php-5.3.10-pcre_fullinfo.patch
* refreshed php-5.3.2-aconf26x.patch
* Thu Mar 08 2012 cooloAATTsuse.com- fix license to spdx.org format
* Tue Feb 28 2012 pgajdosAATTsuse.com- fixed build with new pcre (php bug 60986)
* Sat Feb 04 2012 crrodriguezAATTopensuse.org- Build with -fpie
* Thu Feb 02 2012 crrodriguezAATTopensuse.org- PHP 5.3.10, fixes CVE-2012-0830.
* Sat Jan 28 2012 crrodriguezAATTopensuse.org- remove unapplied patches
* Wed Jan 18 2012 pgajdosAATTsuse.com- buildrequire libjpeg-devel
* Tue Jan 17 2012 pgajdosAATTsuse.com- remove apache module conflict with apache2-worker [bnc#728671]- amended README.SUSE instead
* Wed Jan 11 2012 crrodriguezAATTopensuse.org- Update to version 5.3.9
* Drop already applied patches
* This update only contain minor bug fixes, it is a stop over php 5.4.0 that should be out very soon.
* Mon Jan 02 2012 pgajdosAATTsuse.com- security update:
* CVE-2011-4885 [bnc#738221] -- added max_input_vars directive to prevent attacks based on hash collisions
* Wed Dec 21 2011 cooloAATTsuse.com- add autoconf as buildrequire to avoid implicit dependency
* Tue Dec 20 2011 pgajdosAATTsuse.com- apache module conflicts with apache2-worker [bnc#728671]
* Fri Dec 16 2011 pgajdosAATTsuse.com- security update:
* CVE-2011-4566 [bnc#733590]
* CVE-2011-1466 [bnc#736169]
* Tue Dec 06 2011 cooloAATTsuse.com- fix license - there is no 3.1 version of php license
* Tue Nov 29 2011 pgajdosAATTsuse.com- build php against system\'s libcrypt, which drops extended DES support
* crypt-tests.patch
* no-reentrant-crypt.patch
* Mon Nov 07 2011 pgajdosAATTsuse.com- security update: CVE-2011-3379 [bnc#728350]
* Sun Sep 18 2011 crrodriguezAATTopensuse.org- Fix wrong PAGE_SIZE assumption, must use sysconf() instead- Fix integer overflow when attempting to use more than 2 Gb of memory.
* Mon Sep 05 2011 crrodriguezAATTopensuse.org- call openssl_config too in order to load user-provided engine configuration.
* Sat Sep 03 2011 crrodriguezAATTopensuse.org- Cleanup patches for upcoming release.
* Sun Aug 28 2011 andrea.turriniAATTgmail.com- Fixed typos in php5.spec
* Tue Aug 23 2011 crrodriguezAATTopensuse.org- Fix very publicized critical bug in crypt() implementation
* Fri Aug 12 2011 crrodriguezAATTopensuse.org- Add mssql support with freetds- Update PHP snapshot.
* Tue Aug 09 2011 crrodriguezAATTopensuse.org- Update snapshot, more static analyzer fixes.
* Sun Aug 07 2011 crrodriguezAATTopensuse.org- Update snapshot, fix converity warnings
* Fri Aug 05 2011 crrodriguezAATTopensuse.org- Update snapshot, several check if malloc() succeeded.
* Wed Aug 03 2011 crrodriguezAATTopensuse.org- Fix build in Factory- Fix Segfault with allow_call_time_pass_reference = Off- Using class constants in array definition fails
* Mon Aug 01 2011 crrodriguezAATTopensuse.org- Add sqlite3 session storage, this is no more than a forward port of already existent sqlite2 backend
* Sun Jul 31 2011 crrodriguezAATTopensuse.org- Update snap, PHP 5.3.7-RC4
* Wed Jul 27 2011 crrodriguezAATTopensuse.org- Update snapshot again.
* Sat Jul 23 2011 crrodriguezAATTopensuse.org- Update snapshot.
* Thu Jul 14 2011 crrodriguezAATTopensuse.org- is_a() function is throwing an annoying warning \"Unknown class passed as parameter\" which is noticeable when you use PEAR, fix it, if your code uses it you should be using the instanceof operator anyway.- Update bundled pear.
* Mon Jul 11 2011 crrodriguezAATTopensuse.org- Crash in gc_remove_zval_from_buffer CVE-NO-NAME- Crash in zend_mm_check_ptr // Heap corruption
* Wed Jul 06 2011 crrodriguezAATTopensuse.org- Fixed missing Expires and Cache-Control headers for ping and status pages- fix crypt() issue with overlong salt- Fixed bug #52935 (call exit in user_error_handler cause stream relate core).
* Mon Jun 27 2011 crrodriguezAATTopensuse.org- Fix crash in error_log (strlen with NULL)- Fixed exit at FPM startup on fpm_resources_prepare- Added master rlimit_files and rlimit_core- Removed pid in debug logs written by chrildren processes- Replaced shm_slots with a real scoreboard
* Wed Jun 22 2011 crrodriguezAATTopensuse.org- Enable mysqlnd compression protocol.
* Thu Jun 16 2011 crrodriguezAATTopensuse.org- Update snapshot to 5.3.7 RC1
* Tue Jun 14 2011 crrodriguezAATTopensuse.org- Allow bison 2.5-File path injection vulnerability in RFC1867 File upload CVE-2011-2202.
* Fri Jun 10 2011 crrodriguezAATTopensuse.org- Update 5.3 snap- Fix compiler failure that happended after compile error.- Stream not closed and error not returned when SSL CN_match fails.
* Mon Jun 06 2011 crrodriguezAATTopensuse.org- Update 5.3 snap- Update bundled PEAR- Case discrepancy in timezone names cause Uncaught exception and fatal error.- SEEK_CUR with 0 value, returns a warning- Restore fix: do not accept paths with NULL in them
* Fri Jun 03 2011 crrodriguezAATTopensuse.org- Update to version 5.3.6.201106031621- Crash when calling call_user_func with unknown function name- Fixed double registering of browscap ini directive
* Sun May 29 2011 crrodriguezAATTopensuse.org- Drop Update alternatives usage, there are no alternatives PHP4 is gone and PHP6 is not coming at any time soon.- Remove \"mm\" support from session module, virtually nothing uses it and it doesnt support proper locking, mount /var/lib/php5 in tmpfs instead.
* Sun May 29 2011 crrodriguezAATTopensuse.org- Update to 5.3.6.201105291701
* Fixes random crash with apache2 SAPI and php_admin_value in virtualhost configuration.
* Fri May 20 2011 crrodriguezAATTopensuse.org- Update 5.3 branch- Fix a few memory leaks- Check if tempfile can be created in phar extension- Fix problems with __halt_compiler and imported namespaces- Properly handle out of memory conditions in mysqlnd
* Sat May 14 2011 crrodriguezAATTopensuse.org- Update 5.3 branch.- Fix user after free in xmlreader extension.
* Mon May 09 2011 crrodriguezAATTopensuse.org- Update to current 5.3 svn version.- For practical reasons now the hash extension is built-in,hence deprecates package php5-hash, it is nowdays required by the session and phar extensions but must be statically built to work.- Drop php5-session patch, needed only to workaround compile failure when hash extension is built as loadable extension.- php.ini now clearly says that by \"3\" in session.hash_function we mean SHA256.
* Fri Apr 29 2011 crrodriguezAATTopensuse.org- Update to a recent 5.3.x SVN version, mostly bug fixes
* track_errors causes segfault
* classes from dl()\'ed extensions are not destroyed
* Crash when assigning value to a dimension in a non-array
* use-after-free in substr_replace()
* Wed Apr 13 2011 crrodriguezAATTopensuse.org- fix crash on destruction.- allow openssl extension to be built w/o SSLv2
* Tue Apr 05 2011 langAATTb1-systems.de- Add a default to date.timezone because php5 warns that this is a required setting and clutters up the output in zypper installations of pear packages and other places- Versions after 5.3.6 may make this fatal
* Sat Apr 02 2011 crrodriguezAATTopensuse.org- Intl extension failed to load [bnc#659868]- Fix update-alternatives usage,will be dropped in the future.
* Mon Mar 28 2011 sbutler1AATTillinois.edu- Add tcpd-devel for building the SNMP extension on SLE_10 and apache_server_SLE_10.
* Thu Mar 17 2011 crrodriguezAATTopensuse.org- Update to php 5.3.6 final
* Enforce security in the fastcgi protocol parsing with fpm SAPI.
* Fixed bug #54247 (format-string vulnerability on Phar). (CVE-2011-1153)
* Fixed bug #54193 (Integer overflow in shmop_read()). (CVE-2011-1092)
* Fixed bug #54055 (buffer overrun with high values for precision ini setting).
* Fixed bug #54002 (crash on crafted tag in exif). (CVE-2011-0708)
* Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive). (CVE-2011-0421)
* Wed Mar 16 2011 crrodriguezAATTopensuse.org- Upgrade to PHP 5.3.6.RC3
* Drop obsoleted patches
* fix some rpmlint warnings
* Hundreds of changes, see NEWS for details
* Wed Mar 09 2011 crrodriguezAATTopensuse.org- Fix more date in binaries causing pointless republish of pkgs.
* Fri Feb 25 2011 chrisAATTcomputersalat.de- fix for macros.php o devel pkg must have Obsoletes/Provides: php-macros
* Tue Feb 22 2011 pgajdosAATTsuse.cz- security fixes
* CVE-2011-0420 [bnc#672933]
* CVE-2011-0708 [bnc#671710]
* Thu Feb 10 2011 chrisAATTcomputersalat.de- extend macros.php o __php, __phpize, __php_config, php_version o __pear, php_peardir, php_pearxmldir o php_pear_gen_filelist- add README.macros
* Thu Jan 13 2011 pgajdosAATTsuse.cz- security fix:
* fopen_https_proxy_auth_fix.patch [bnc#656523]
* Mon Jan 10 2011 cristian.rodriguezAATTopensuse.org- export PHP_MYSQLND_ENABLED=yes to solve the mysqlnd problem when extensions are built shared. [bnc#661464]
* Mon Jan 10 2011 cristian.rodriguezAATTopensuse.org- Go back to libmysql as there is currently no way to build shared mysql extensions with mysqlnd. [bnc#661464]
* Sun Jan 09 2011 cristian.rodriguezAATTopensuse.org- Use mysqlnd driver, this is a newer PHP-native mysql extension, that does not require external libraries. Now you can use mysql, mariadb or drizzle without extra libs. fixes bnc #661464 and other old feature requests.
* Thu Jan 06 2011 cristian.rodriguezAATTopensuse.org- Update to version 5.3.5, Critical Update
* Fixed bug #53632 (PHP hangs on numeric value 2.2250738585072011e-308). (CVE-2010-4645) Only 32 bit binaries affected, confirmed in factory i586.
* Fri Dec 17 2010 cristian.rodriguezAATTopensuse.org- revert unsuitable patch php-5.3.4-dlopen.patch
* Tue Dec 14 2010 cristian.rodriguezAATTopensuse.org- Add php-5.3.4-dlopen.patch from fedora,makes dlopen to use bind_now instead of lazy.- Compiler is now in C99 mode for both core and extensions.
* Tue Dec 14 2010 cristian.rodriguezAATTopensuse.org- fix format string bug in Phar extension I just found http://bugs.php.net/bug.php?id=53541 and the underlying issue, which is the lack of format attributes in several core prototypes.
* Mon Dec 13 2010 cristian.rodriguezAATTopensuse.org- Update to PHP 5.3.4 final
* Fixed crash in zip extract method (possible CWE-170).
* Paths with NULL in them (foo\\0bar.txt) are now considered as invalid (CVE-2006-7243).
* Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150).
* Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709).
* Fixed possible flaw in open_basedir (CVE-2010-3436).
* Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950).
* Fixed symbolic resolution support when the target is a DFS share.
* Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) (CVE-2010-3710).
* Key Bug Fixes in PHP 5.3.4 include:
* Added stat support for zip stream.
* Added follow_location (enabled by default) option for the http stream support.
* Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al.
* Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend multibyte at runtime.
* Multiple improvements to the FPM SAPI.
* Over 100 other bug fixes.- SUSE specific;
* enable PTY support in proc_open (temporary)
* Wed Nov 24 2010 roAATTsuse.de- xft-config is gone
* Tue Nov 02 2010 cristian.rodriguezAATTopensuse.org- Update to 5.3.3_svn201011020214
* Fix Performance issue, array_diff may take hours instead of seconds in some scenarios,regression appeared in version 5.2.5
* Wed Oct 27 2010 cristian.rodriguezAATTopensuse.org- Update to 5.3.3_svn20101027xx- Fix init script again.
* Thu Oct 14 2010 crrodriguezAATTopensuse.org- update to 5.3.3_svn201010140300- Fix php-fpm init script.
* Sat Oct 09 2010 cristian.rodriguezAATTopensuse.org- Update to an slightly newer PHP 5.3.3.x snap, fixes around 100 bugs including open_basedir problems.- add the fpm sapi to the package.
* Tue Aug 03 2010 cristian.rodriguezAATTopensuse.org- Clarify changelog this update fixed:
* VUL-0: php5 new unserialize() flaw CVE-2010-2225 [bnc#616232]
* VUL-0: php5: MOPS-2010-021: fnmatch() Stack Exhaustion Vulnerability [bnc#605097]
* VUL-0: php5: MOPS-2010-017: preg_quote() Interruption Information Leak [bnc#605100]
* VUL-0: php5: MOPS-2010-022 use after free [bnc#609763]
* VUL-0: php5-phar: MOPS-2010-0{24,25,26,27,28} format string bugs [bnc#609766]
* VUL-0: php5: MOPS-2010-0{32,33,34} use space interruption in iconv functions [bnc#609768]
* VUL-0: php5: MOPS-2010-0{36,37,38,39,40} userspace interruptions [bnc#609769]
* VUL-0: php5: MOPS-2010-0{36..46} userspace interruptions [bnc#609769]
* VUL-0: php5: MOPS-2010-047/048 information leak [bnc#612555]
* VUL-0: php5: MOPS-2010-049/50/51/52/53/54/55 memory corruption and/or info leak [bnc#612556]
* VUL-0: PHP5: Session Data Injection Vulnerability [bnc#619483]
* VUL-0: PHP5: multiple heap based buffer overflows [bnc#619486]
* bugzilla numbers 619487,619489,619469,609766..
* Tue Jul 20 2010 cristian.rodriguezAATTopensuse.org- Update to PHP 5.3.3 RC3- Massive lot of security fixes see list here http://www.php-security.org/category/vulnerabilities/index.html
* Tue Jun 01 2010 cristian.rodriguezAATTopensuse.org- possible fix for [bnc#610633]
* Fri Apr 16 2010 crrodriguezAATTopensuse.org- use FD_CLOEXEC flag to avoid annoying races.
* Sun Apr 04 2010 crrodriguezAATTopensuse.org- remove obsolete buildRequires
* Fri Apr 02 2010 crrodriguezAATTopensuse.org- remove build date from binaries so they dont get republished every time- fix invalid path
* Thu Apr 01 2010 crrodriguezAATTopensuse.org- add missing patch, refresh patches with -p0
* Thu Apr 01 2010 crrodriguezAATTopensuse.org- Update to PHP 5.3.2, see NEWS for details
* Fri Mar 05 2010 dimstarAATTopensuse.org- Add php5-autoconf-2.65.patch to fix build with autoconf 2.65; it\'s a backported combination of svn commits 291283, 291284 and 291332.- Workaround old php bug http://bugs.php.net/bug.php?id=21153 by replacing -ledit with -ledit -lncurses in the resulting configure scripts. This became apparent problem due to libedit being built with as-needed now.- Add php5-bug51224.patch to fix buffer overflows happening in strcpy. It;s a combination of upstream svn revs 284097 and 284099
* Sun Jan 17 2010 vuntzAATTopensuse.org- Remove unneeded gtk-devel BuildRequires.
* Mon Jan 11 2010 ajAATTsuse.de- Remove obsolete build requires of orbit-devel.
* Tue Dec 22 2009 jengelhAATTmedozas.de- avoid alignment crash on alignment-sensitive CPUs (bugs.php.net#46074)
* Wed Dec 02 2009 cooloAATTnovell.com- update patch to fix build
* Tue Oct 06 2009 crrodriguezAATTopensuse.org- Fixed wrong harcoded mysql socket [bnc#544516]- Fixed wrong default include_path
* Tue Sep 08 2009 crrodriguezAATTsuse.de- make php5-pear noarch in Factory
* Wed Aug 26 2009 crrodriguezAATTsuse.de- remove obsolete patches- apply ini patch- enable mhash compatibility in the hash extension and obsolete php5-mhash- add macros.php to the source list
* Mon Aug 24 2009 crrodriguezAATTsuse.de- PHP read_exif_data() only returns the first letter of UTF-16 strings [bnc#518300]
* Sun Aug 23 2009 crrodriguezAATTsuse.de- fix missing return values of suhosin extension
* Wed Aug 19 2009 crrodriguezAATTnovell.com- fix build on CODE10 products
* Wed Aug 19 2009 crrodriguezAATTnovell.com- fix horrible broken open_basedir functionality
* Sun Aug 16 2009 crrodriguezAATTsuse.de- update suhosin extension to version 0.9.29- mysql extensions now use mysqlnd instead of libmysqlclient.- enable sqlite3 extension, part of the php5-sqlite package- enable enchant extension- enable fileinfo extension- enable intl extension
* Fri Aug 14 2009 crrodriguezAATTsuse.de- add suhosin patch and newer suhosin extension for compatibility reasons
* Thu Aug 13 2009 crrodriguezAATTsuse.de- Upgrade to PHP 5.3, see http://www.php.net/ChangeLog-5.php for the huge list of changes- remove dbase and ncurses extension
* Thu Jul 16 2009 cooloAATTnovell.com- disable as-needed to fix build
* Fri Jun 19 2009 crrodriguezAATTsuse.de- update to PHP 5.2.10
* Fixed bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files)
* Added \"ignore_errors\" option to http fopen wrapper. (David Zulke, Sara)
* Fixed memory corruptions while reading properties of zip files. (Ilia)
* Fixed memory leak in ob_get_clean/ob_get_flush. (Christian)
* Fixed segfault on invalid session.save_path. (Hannes)
* Fixed leaks in imap when a mail_criteria is used. (Pierre)
* Changed default value of array_unique()\'s optional sorting type parameter back to SORT_STRING to fix backwards compatibility breakage introduced in PHP 5.2.9. (Moriyoshi)
* Fixed bug #47940 (memory leaks in imap_body). (Pierre, Jake Levitt)
* Fixed bug #47903 (\"AATT\" operator does not work with string offsets). (Felipe)
* Fixed bug #47644 (Valid integers are truncated with json_decode()). (Scott)
* Fixed bug #47564 (unpacking unsigned long 32bit big endian returns wrong result). (Ilia)
* Fixed bug #47365 (ip2long() may allow some invalid values on certain 64bit systems).
* Over 100 bug fixes.
* Thu May 21 2009 crrodriguezAATTsuse.de- add temporary backport of openssl prng function
* Sat Mar 14 2009 crrodriguezAATTsuse.de- Update to version 5.2.9, security and bugfix release
* VUL-0: php5: memory disclosure by imagerotate() [bnc#480850]
* VUL-0: php5: mbstring.func_overload set in .htaccess becomes global [bnc#471419]
* Fixed a segfault when malformed string is passed to json_decode()
* Fixed explode() behavior with empty string to respect negative limit.
* Sun Dec 14 2008 crrodriguezAATTsuse.de- remove ming extension, moved to server:php:extensions later
* Tue Dec 09 2008 crrodriguezAATTsuse.de- Update to PHP 5.2.8
* Mon Dec 08 2008 crrodriguezAATTsuse.de- fix BLOCKER magic_quotes breakage, if your code relies on this feature, it is broken,time to press the panic button.
* Fri Dec 05 2008 crrodriguezAATTsuse.de- update to PHP 5.2.7 final, no mayor changes since RC5
* Fri Nov 28 2008 crrodriguezAATTsuse.de- update to PHP 5.2.7RC5 see news for details
* Fri Nov 21 2008 crrodriguezAATTsuse.de- update to PHP 5.2.7RC4, see news for details
* Sun Nov 16 2008 crrodriguezAATTsuse.de- update to PHP 5.2.7RC3, see NEWS for details
* Mon Sep 08 2008 crrodriguezAATTsuse.de- update suhosin to version 0.9.27
* Fixed problem with suhosin.perdir Thanks to Hosteurope for tracking this down
* Fixed problems with ext/uploadprogress Reported by: Christian Stocker
* Added suhosin.srand.ignore and suhosin.mt_srand.ignore (default: on)
* Modified rand()/srand() to use the Mersenne Twister algorithm with separate state
* Added better internal seeding of rand() and mt_rand()
* Sun Jul 13 2008 crrodriguezAATTsuse.de- merge patches from schwab
* Fri May 02 2008 crrodriguezAATTsuse.de- update to PHP 5.2.6
* Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin.
* Fixed integer overflow in printf() identified by Maksymilian Aciemowicz.
* Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh.
* Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
* Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser.
* Fixed two possible crashes inside the posix extension.
* Fixed bug #44069 (Huge memory usage with concatenation using . instead of .=)
* Fixed bug #44141 (private parent constructor callable through static function).
* Fixed bug #43589 (a possible infinite loop in bz2_filter.c).
* Fixed bug #43450 (Memory leak on some functions with implicit object __toString() call).
* Fixed bug #43201 (Crash on using uninitialized vals and __get/__set).
* Fixed bug #42978 (mismatch between number of bound params and values causes a crash in pdo_pgsql).
* Fixed bug #42937 (__call() method not invoked when methods are called on parent from child class).
* Fixed bug #42736 (xmlrpc_server_call_method() crashes).
* Fixed bug #42369 (Implicit conversion to string leaks memory).
* Fixed bug #41562 (SimpleXML memory issue).
* Fixed bug #43606 (define missing depencies of the exif extension). (crrodriguez at suse dot de)
* Fixed bug #43498 (file_exists() on a proftpd server got SIZE not allowed in ASCII mode). (Ilia, crrodriguez at suse dot de)
* Over 120 bug fixes.
* Tue Feb 05 2008 crrodriguezAATTsuse.de- update suhosin extension to version 0.9.23- Fixed suhosin extension now compiles with snapshots of PHP 5.3- Fixed crypt() behaves like normal again when there is no salt supplied- wrong Obsoletes causes upgrade trouble [bnc #355618]
* Fri Feb 01 2008 mmarekAATTsuse.cz- use %%_with_ming and %%_with_qdbm instead of %%opensuse_bs, enables building in the bs in other projects than server:php (bnc#357917)
* Fri Jan 11 2008 crrodriguezAATTsuse.de- Try patch recently published by Redhat that allows PHP to use the system timezone database instead of the bundled one.
* Mon Jan 07 2008 crrodriguezAATTsuse.de- Do not hard require php5-timezonedb, instead provide a capability php(tzdatabase) = builtin_tz_ver so it gets installed via rpm Supplements only when needed.
* Thu Dec 27 2007 crrodriguezAATTsuse.de- PHP is leaking file descriptors badly on relative includes (php-5.2.5-fdleak.patch)
* Thu Dec 13 2007 crrodriguezAATTsuse.de- suhosin 0.9.22 - Fixed function_exists() now checks the Suhosin permissions - Fixed crypt() salt no longer uses Blowfish by default - Fixed .htaccess/perdir support - Fixed compilation problem on OS/X - Added protection against some attacks through _SERVER variables - Added suhosin.server.strip and suhosin.server.encode
* Tue Dec 11 2007 crrodriguezAATTsuse.de- use /dev/urandom for generating session-IDs [#337005]- L3: PHP: Venezuela Time Zone Update starting date changed to December 9 [#345548]
* Mon Nov 12 2007 crrodriguezAATTsuse.de- update to PHP 5.2.5
* Fixed dl() to only accept filenames. reported by Laurent Gaffie.
* Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887).
* Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences.
* Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie.
* Fixed \"mail.force_extra_parameters\" php.ini directive not to be modifiable in .htaccess due to the security implications reported by SecurityReason.
* Fixed bug #42869 (automatic session id insertion adds sessions id to non-local forms).
* Fixed bug #41561 (Values set with php_admin_
* in httpd.conf can be overwritten with ini_set()).
* Upgraded PCRE to version 7.3 (Nuno)
* Added optional parameter $provide_object to debug_backtrace(). (Sebastian)
* Added alpha support for imagefilter() IMG_FILTER_COLORIZE. (Pierre)
* Added ability to control memory consumption between request using ZEND_MM_COMPACT environment variable. (Dmitry)
* Improved speed of array_intersect_key(), array_intersect_assoc(), array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and array_udiff_assoc(). (Dmitry)
* Fixed move_uploaded_file() to always set file permissions of resulting file according to UMASK. (Andrew Sitnikov)
* Fixed possible crash in ext/soap because of uninitialized value. (Zdash Urf)
* Fixed regression in glob() when enforcing safe_mode/open_basedir checks on paths containing \'
*\'. (Ilia)
* Fixed PDO crash when driver returns empty LOB stream. (Stas)
* Fixed iconv_
*() functions to limit argument sizes as workaround to libc bug (CVE-2007-4783, CVE-2007-4840 by Laurent Gaffie). (Christian Hoffmann, Stas)
* Fixed missing brackets leading to build warning and error in the log. Win32 code. (Andrey)
* Fixed leaks with multiple connects on one mysqli object. (Andrey)
* Fixed imagerectangle regression with 1x1 rectangle (libgd #106). (Pierre)
* Fixed bug #43196 (array_intersect_assoc() crashes with non-array input). (Jani)
* Fixed bug #43139 (PDO ignores ATTR_DEFAULT_FETCH_MODE in some cases with fetchAll()). (Ilia)
* Fixed bug #43137 (rmdir() and rename() do not clear statcache). (Jani)
* Fixed bug #43130 (Bound parameters cannot have - in their name). (Ilia)
* Fixed bug #43099 (XMLWriter::endElement() does not check # of params). (Ilia)
* Fixed bug #43020 (Warning message is missing with shuffle() and more than one argument). (Scott)
* Fixed bug #42976 (Crash when constructor for newInstance() or newInstanceArgs() fails) (Ilia)
* Fixed bug #42917 (PDO::FETCH_KEY_PAIR doesn\'t work with setFetchMode). (Ilia)
* Fixed bug #42890 (Constant \"LIST\" defined by mysqlclient and c-client). (Andrey)
* Fixed bug #42818 ($foo = clone(array()); leaks memory). (Dmitry)
* Fixed bug #42817 (clone() on a non-object does not result in a fatal error). (Ilia)
* Fixed bug #42785 (json_encode() formats doubles according to locale rather then following standard syntax). (Ilia)
* Fixed bug #42783 (pg_insert() does not accept an empty list for insertion). (Ilia)
* Fixed bug #42773 (WSDL error causes HTTP 500 Response). (Dmitry)
* Fixed bug #42772 (Storing $this in a static var fails while handling a cast to string). (Dmitry)
* Fixed bug #42767 (highlight_string() truncates trailing comment). (Ilia)
* Fixed bug #42739 (mkdir() doesn\'t like a trailing slash when safe_mode is enabled). (Ilia)
* Fixed bug #42703 (Exception raised in an iterator::current() causes segfault in FilterIterator) (Marcus)
* Fixed bug #42699 (PHP_SELF duplicates path). (Dmitry)
* Fixed bug #42654 (RecursiveIteratorIterator modifies only part of leaves) (Marcus)
* Fixed bug #42643 (CLI segfaults if using ATTR_PERSISTENT). (Ilia)
* Fixed bug #42637 (SoapFault : Only http and https are allowed). (Bill Moran)
* Fixed bug #42627 (bz2 extension fails to build with -fno-common). (dolecek at netbsd dot org)
* Fixed bug #42596 (session.save_path MODE option does not work). (Ilia)
* Fixed bug #42590 (Make the engine recognize \\v and \\f escape sequences). (Ilia)
* Fixed bug #42587 (behavior change regarding symlinked .php files). (Dmitry)
* Fixed bug #42579 (apache_reset_timeout() does not exist). (Jani)
* Fixed bug #42549 (ext/mysql failed to compile with libmysql 3.23). (Scott)
* Fixed bug #42523 (PHP_SELF duplicates path). (Dmitry)
* Fixed bug #42512 (ip2long(\'255.255.255.255\') should return 4294967295 on 64-bit PHP). (Derick)
* Fixed bug #42506 (php_pgsql_convert() timezone parse bug) (nonunnet at gmail dot com, Ilia)
* Fixed bug #42462 (Segmentation when trying to set an attribute in a DOMElement). (Rob)
* Fixed bug #42453 (CGI SAPI does not shut down cleanly with -i/-m/-v cmdline options). (Dmitry)
* Fixed bug #42452 (PDO classes do not expose Reflection API information). (Hannes)
* Fixed bug #42468 (Write lock on file_get_contents fails when using a compression stream). (Ilia)
* Fixed bug #42488 (SoapServer reports an encoding error and the error itself breaks). (Dmitry)
* Fixed bug #42378 (mysqli_stmt_bind_result memory exhaustion). (Andrey)
* Fixed bug #42359 (xsd:list type not parsed). (Dmitry)
* Fixed bug #42326 (SoapServer crash). (Dmitry)
* Fixed bug #42214 (SoapServer sends clients internal PHP errors). (Dmitry)
* Fixed bug #42189 (xmlrpc_set_type() crashes php on invalid datetime values). (Ilia)
* Fixed bug #42139 (XMLReader option constants are broken using XML()). (Rob)
* Fixed bug #42086 (SoapServer return Procedure \'\' not present for WSIBasic compliant wsdl). (Dmitry)
* Fixed bug #41822 (Relative includes broken when getcwd() fails). (Ab5602, Jani)
* Fixed bug #39651 (proc_open() append mode doesn\'t work on windows). (Nuno)
* Thu Aug 30 2007 crrodriguezAATTsuse.de- update to PHP 5.2.4, no relevant changes since RC3.
* Fri Aug 24 2007 crrodriguezAATTsuse.de- PHP 5.2.4RC3- Fixed version_compare() to support \"rc\" as well as \"RC\" for release candidate version numbers.- Fixed bug #42368 (Incorrect error message displayed by pg_escape_string). (Ilia)- Fixed phpbug #42365 and Novell bugzilla #292998 (glob() crashes and/or accepts way too many flags). (Jani)- Fixed bug #42183 (classmap causes crash in non-wsdl mode). (Dmitry)- Fixed bug #42009 (is_a() and is_subclass_of() should NOT call autoload, in the same way as \"instanceof\" operator). (Dmitry)- Fixed bug #41904 (proc_open(): empty env array should cause empty environment to be passed to process). (Jani)- Fixed bug #37273 (Symlinks and mod_files session handler allow open_basedir bypass). (Ilia)- remove wrong hardcoded requirement on libedit- devel package at least does not need libtool the php build enviroment uses a private copy.- drop no longer needed patches already in upstream
* Fri Aug 17 2007 anosekAATTsuse.cz- updated to version 5.2.4RC2 - Fixed oci8 and PDO_OCI extensions to allow configuring with Oracle 11g client libraries. (Chris Jones) - Fixed bug #42292 ($PHP_CONFIG not set for phpized builds). (Jani) - Fixed bug #42261 (header wrong for date field). (roberto at spadim dot com dot br, Ilia) - Fixed bug #42259 (SimpleXMLIterator loses ancestry). (Rob) - Fixed bug #42247 (ldap_parse_result() not defined under win32). (Jani) - Fixed bug #42243 (copy() does not output an error when the first arg is a dir). (Ilia) - Fixed bug #42242 (sybase_connect() crashes). (Ilia) - Fixed bug #42237 (stream_copy_to_stream returns invalid values for mmaped streams). (andrew dot minerd at sellingsource dot com, Ilia) - Fixed bug #42222 (possible buffer overflow in php_openssl_make_REQ). (Pierre) - Fixed bug #42211 (property_exists() fails to find protected properties from a parent class). (Dmitry) - Fixed bug #42208 (substr_replace() crashes when the same array is passed more than once). (crrodriguez at suse dot de, Ilia) - Fixed bug #42198 (SCRIPT_NAME and PHP_SELF truncated when inside a userdir and using PATH_INFO). (Dmitry) - Fixed bug #42195 (C++ compiler required always). (Jani) - Fixed bug #42117 (bzip2.compress loses data in internal buffer). (Philip, Ilia) - Fixed bug #42082 (NodeList length zero should be empty). (Hannes) - Fixed bug #36492 (Userfilters can leak buckets). (Sara) - Fixed bug #31892 (PHP_SELF incorrect without cgi.fix_pathinfo, but turning on screws up PATH_INFO). (Dmitry)
* Mon Aug 06 2007 anosekAATTsuse.cz- updated to version 5.2.4RC1- dropped obsoleted PHP_5_2-CVS-2007-07-30.patch.bz2
* Mon Jul 30 2007 mmarekAATTsuse.cz- updated to latest state of PHP_5_2 branch; highlights from the NEWS file: - Upgraded PCRE to version 7.2 (Nuno) - Updated timezone database to version 2007.6. (Derick) - Improved openssl_x509_parse() to return extensions in readable form. (Dmitry) - Changed \"display_errors\" php.ini option to accept \"stderr\" as value which makes the error messages to be outputted to STDERR instead of STDOUT with CGI and CLI SAPIs (FR #22839). (Jani) - Changed error handler to send HTTP 500 instead of blank page on PHP errors. (Dmitry, Andrei Nigmatulin) - Added check for unknown options passed to configure. (Jani) - Added persistent connection status checker to pdo_pgsql. (Elvis Pranskevichus, Ilia) - Added support for ATTR_TIMEOUT inside pdo_pgsql driver. (Ilia) - Added php_ini_loaded_file() function which returns the path to the actual php.ini in use. (Jani) - Added GD version constants GD_MAJOR_VERSION, GD_MINOR_VERSION GD_RELEASE_VERSION, GD_EXTRA_VERSION and GD_VERSION_STRING. (Pierre) - Added missing open_basedir checks to CGI. (anight at eyelinkmedia dot com, Tony) - Added missing format validator to unpack() function. (Ilia) - Added missing error check inside bcpowmod(). (Ilia) - Added CURLOPT_PRIVATE & CURLINFO_PRIVATE constants. (Andrey A. Belashkov, Tony) - Added missing MSG_EOR and MSG_EOF constants to sockets extension. (Jani) - Added PCRE_VERSION constant. (Tony) - Added ReflectionExtension::info() function to print the phpinfo() block for an extension. (Johannes) - Implemented FR #41884 (ReflectionClass::getDefaultProperties() does not handle static attributes). (Tony) - plus lots of bugfixes- fixed the pear phar archive to run with 5.2.4 [http://bugs.php.net/bug.php?id=42146]
* Wed Jul 25 2007 mmarekAATTsuse.cz- added /var/lib/pear to php5-pear.rpm
* Tue Jul 24 2007 judas_iscarioteAATTshorewall.net- fix nasty deadlock in pear- update php5-ze2-fixes.patch and actually apply it.
* Tue Jul 17 2007 anosekAATTsuse.cz- fixed YOU honors Recommends, breaks php update [#291551] (moved php-suhosin from Recommends to Suggests)
* Mon Jun 25 2007 mmarekAATTsuse.cz- provide /srv/www/cgi-bin/php5 compat symlink instead of patching config files
* Sat Jun 23 2007 judas_iscarioteAATTshorewall.net- fixed a mess with update-alternatives PreReq uncovered by newer build versions. actually every subpackage that uses update-alternatives should PreReq it.- fix some ZE2 bugs.
* Tue Jun 12 2007 mmarekAATTsuse.cz- drop php5.xpm and the Icon: line from the specfile (the icon is not used at all and it breaks rpm -q --specfile php5.spec)
* Fri Jun 01 2007 judas_iscarioteAATTshorewall.net- PHP version 5.2.3 see http://www.php.net/releases/5_2_3.php- important: PHP-cgi now lives in /usr, package attempts to fix both lighttpd and apache2 fastcgi config files.
* Wed May 30 2007 judas_iscarioteAATTshorewall.net- use system re2c in factory.- enable support for qbdm in the dba extension (build service only)- enable the ming extension (build service only)
* Mon May 21 2007 mmarekAATTsuse.cz- fixed the dba extension adding -ldb-4.x to global LDFLAGS, causing unnecessary dependency in /usr/bin/php5 [http://bugs.php.net/bug.php?id=41455]
* Sat May 19 2007 judas_iscarioteAATTshorewall.net- updated suhosin to version 0.9.20, security fix + bugfixes see http://www.hardened-php.net/suhosin/changelog.html for more detail.
* Mon May 14 2007 judas_iscarioteAATTshorewall.net- fix devel package, in the reality PHP does not currenly require expat. headers provides a expat compatibility layer but it is no longer in use by our packages as libxml2 is always prefered, (and HAVE_LIBEXPAT is not defined)
* Fri May 11 2007 judas_iscarioteAATTshorewall.net- update php5-test-fixes fixing another bug in zend_compile.c- use rpm macros in the spec file- when removing apache2-mod_php5, unload it from apache first.- when updating apache2-mod_php5 restart apache with restart on update macro.
* Sun May 06 2007 judas_iscarioteAATTshorewall.net- HTTP_RAW_POST_DATA superglobal broken (php5-phpbug-41293.patch)- better fix for MOPB 41.
* Sat May 05 2007 judas_iscarioteAATTshorewall.net- remove --enable-memory-limit configure flag, it disappeared in 5.2.1, nowdays memory_limit is always enabled.
* Fri May 04 2007 prusnakAATTsuse.cz- changed expat to libexpat-devel in Requires of devel subpackage
* Fri May 04 2007 judas_iscarioteAATTshorewall.net- add php5-test-fixes.patch fixing a test case that wont pass on i586 as well a real fix for Zend/tests/bug41117_1.phpt problem, that was commited after the release was done. there is another test case that fails in 10.2 ext/pcre/tests/bug40195.phpt but this is not a PHP problem but a bug in PCRE.- added missing fix for PMOPB-45-2007 PHP ext/filter Email Validation Vulnerability (minor)
* Fri May 04 2007 judas_iscarioteAATTshorewall.net- php5-devel package now requires pcre-devel for > 10.1 as 5.2.2 installs php_pcre.h header that needs it.
* Thu May 03 2007 mmarekAATTsuse.cz- fixed some new compiler warnings
* Thu May 03 2007 judas_iscarioteAATTshorewall.net- upgrade to PHP 5.2.2, fixed hundreds of bugs including MOPB ones if you need the complete changes see http://www.php.net/ChangeLog-5.php#5.2.2
* Thu May 03 2007 judas_iscarioteAATTshorewall.net- Upgrade suhosin extension to version 0.9.19 see http://www.hardened-php.net/suhosin/changelog.html for details
* Fri Mar 30 2007 mmarekAATTsuse.de- added bison to BuildRequires, removed update-desktop-files
* Thu Mar 22 2007 mmarekAATTsuse.de- fixed unpack() on big-endian 64bit (revert-phpbug38770.patch)- blacklist more env variables when safe_mode is on (php5-config.patch)
* Sat Mar 17 2007 judas_iscarioteAATTshorewall.net- fix Requires of -devel package to include only what is really needed for operation of the pecl tool as well the neccesary headers to compile php extensions.- Fix MOPB 24 \"PHP array_user_key_compare() Double DTOR Vulnerability\"- note that fix for MOPB 23 was included in the previous patchset.
* Wed Mar 14 2007 judas_iscarioteAATTshorewall.net- add security fixes for MOPB 20, 21 and 22.- RPM_BUILD_ROOT is never defined in %post.
* Sun Mar 11 2007 judas_iscarioteAATTshorewall.net- fix/workaround for php5-gd problem with typo3 [#236680]- add fix for MOPB-14-2007 PHP substr_compare() Information Leak Vulnerability.- add secfix for import_request_variables() ancient problem, users of suhosin extension are not affected.- Run the test suite here
* Tue Mar 06 2007 judas_iscarioteAATTshorewall.net- Update suhosin extension to version 0.9.18 fixing a session problem.
* Mon Mar 05 2007 judas_iscarioteAATTshorewall.net- Update suhosin extension to version 0.9.17. see http://www.hardened-php.net/suhosin/changelog.html for details.
* Thu Feb 15 2007 judas_iscarioteAATTshorewall.net- add t1lib support in php5-gd (10.3 and up only)- an off-by-one in str_replace may cause a crash.
* Thu Feb 08 2007 judas_iscarioteAATTshorewall.net- PHP 5.2.1. for a full list of changes see http://www.php.net/ChangeLog-5.php#5.2.1- add Obsoletes for extensions we dont ship anymore
* Fri Feb 02 2007 judas_iscarioteAATTshorewall.net- fix getenv() modifing $_POST, breaks suhosin badly when register_
* is On and variables orde is \"GPCS\" (default).- change/remove obsoleted patches
* Tue Jan 30 2007 anosekAATTsuse.cz- synced with BuildService
* file \"session_mm_apache2handler0.sem\" written at boot [#229200] (php5-config.patch)
* for certain functionality php5-exif requires php5-mbstring
* php5-ldap requires php5-openssl
* remove LDAP_DEPRECATED from CFLAGS, module already takes care of this.
* patch potential HTTP_SESSION_VARS et all hijack when register_globals is On users from suhosin extension are not affected.(php5-session-rgon-hijack.patch)
* on 10.2 and up php5-devel should require pcre-devel sqlite-devel sqlite2-devel
* php5-devel is mostly useless without autoconf automake libtool bison make gcc.
* added patches: phpbug-39350.patch oldhat-phpinputdata-secfix.patch ze2-fixes.patch filter.patch ext-lib64again.patch
* Fri Jan 26 2007 mmarekAATTsuse.cz- fixed string comparison in xmlrpc module (strcmp.patch)- allways apply %%patch9
* Fri Jan 26 2007 mmarekAATTsuse.cz- updated the curl module from cvs to fix build with curl-7.16 (curl-cvs-fix.patch, dropped gcc.patch)
* Tue Dec 19 2006 anosekAATTsuse.cz- fixed VUL-0: php session.save_path open_basedir bypass [#227569] (save_path-secfix.patch)
* Wed Dec 06 2006 anosekAATTsuse.cz- synced with BuildService
* updated Suhosin patch to 0.9.6.2
* updated Suhosin extension to 0.9.16
* fixed php5-devel should provide PECL tool [#204006]
* use bundled sqlite in suse versions =< 10.1 (pdo_sqlite stopped working properly with older sqlite3 libs)
* do not use zend-multibyte anymore, please refer to phpbug #36711 and associated links, no applications uses this feature in the real world since it is disabled in all other distributions/OS.seems to cause more problems than solutions.
* change php.ini, back to short_open_tag =off (the default) the package that depended on this setting no longer does. Also explicitely set the upload_tmp_dir in php.ini to deal with open_basedir recent changes (please refer to phpbug #39123) for the details.
* suhosin.ini uses just the default recommended settings
* Wed Nov 08 2006 anosekAATTsuse.cz- created symlinks /usr/bin/php and /usr/bin/pear [#216166]
* Tue Nov 07 2006 mmarekAATTsuse.cz- fixed implicit function decls in suhosin patch (keep the original patch intact and put fixes into separate patch)
* Mon Nov 06 2006 mmarekAATTsuse.cz- updated to 5.2.0 final- merged changes from buildservice (by soporteAATTonfocus.cl): - updated suhosin to 0.9.10 - added suhosin patch - build with system PCRE if suse_release > 10.1 only [#215610] - suhosin extension does not require PDO - suhosin added to the reccommended list - php5-pspell to require at least aspell-en otherwise is useless [#217272]
* Thu Oct 26 2006 anosekAATTsuse.cz- php5-sqlite now uses our sqlite and sqlite2 packages to build and not bundled ones [#201440]- updated suhosin to 0.9.9
* Fri Oct 20 2006 nadvornikAATTsuse.cz- update to 5.2.0RC6
* Thu Oct 19 2006 postadalAATTsuse.cz- reset right path in extension_dir (php5-php-config.patch)
* Mon Oct 09 2006 postadalAATTsuse.cz- update to version 5.2.0RC5- added suhosin extension (the hardened php replacement) [#210886]
* Sun Oct 08 2006 postadalAATTsuse.cz- update to version 5.2.0RC4
* added DSA key generation support to openssl_pkey_new()
* updated PCRE to version 6.7
* increased default memory limit to 16 megabytes to accommodate for a more accurate memory utilization measurement
* added support for httpOnly flag for session extension and cookie setting functions
* added version specific registry keys to allow different configurations for different php version
* added \"PHPINIDir\" Apache directive to apache and apache_hooks SAPIs
* added an optional boolean parameter to memory_get_usage() and memory_get_peak_usage() to get memory size allocated by emalloc() or real size of memory allocated from system
* moved extensions to PECL (filepro and hwapi)
* improved SNMP, OpenSSL extension
* improved the Zend memory manager, FastCGI SAPI, CURL, PCRE, PDO, SPL, xmlReader- merged changes from openSUSE build service
* build without --enable-sigchild [#206533, php#28294, php#38342]
* build CLI with libedit support (really-with-libedit.patch)
* tweaked the default config a bit, to make it more secure
* removed ini entries related to extensions we don\'t ship
* t1lib is not currently needed for build, we need t1lib5 to do something useful
* removeed --enable-ucd-snmp-hack (needed for ucd-snmp, but we use net-snmp)
* pdo_odbc provided by php-odbc
* php-suse-addons : o PHP5 is unlikely to parse php3 code, remove the file association o corrected apache directive is AddHandler not AddType
* dropped extensions: o mysql, mysqli and pdo_mysql provided by php-mysql (reduce package count) o php-pdo_sqlite provided by php-sqlite o php-pdo_pgsql provided by php-pgsql o filepro dropped by upstream
* new extension: o filter (kept static and cannot be unloaded, due security reasons) o json (added as Recommended) o zip (it uses a bundled library)- fixed gcc issues (gcc.patch)- droped obsoleted patches: include_path.patch, bug-37720.patch, bug-37306.patch, cgi_bugs.patch, bug-37587.patch, gd-fixes.patch, bug-37416.patch, main_bugs.patch, soap.patch, standard.patch, mbstring_bugs.patch, ze2_bugs.patch, xsl_bugs.patch, curl.patch
* Wed Aug 16 2006 postadalAATTsuse.cz- fixed build with X11R7
* Wed Jul 26 2006 postadalAATTsuse.cz- updated to version 5.1.4
* FastCGI interface was completely reimplemented
* multitude of improvements to the SPL, SimpleXML, GD, CURL and Reflection extensions
* support for many additional date formats added to the strtotime()
* a performance improvements added to the engine and core extensions
* added imap_savebody() that allows message body to be written to a file
* added lchown() and lchgrp() to change user/group ownership of symlinks
* upgraded bundled PCRE library to version 6.6- merged changes from openSUSE build service
* removed unneeded sablot-devel,sqlite-devel,pcre-devel,fam-devel and libmcal from BuildRequires
* added php-ctype,php-dom,php-iconv,php-pdo,php-pdo_sqlite,php-sqlite, php-tokenizer,php-xmlreader,php-xmlwriter to Recommends
* added php-mbstring php-gd php-pear php-gettext php-mysqli to Suggests
* added support for optional readline(libedit) for CLI (disabled by default)
* patches for zendengine (ze2_bugs.patch), xsl (xsl_bugs.patch), curl (curl.patch) and mbstring bugs (mbstring_bugs.patch), big soap patch (soap.patch)
* removed obsoleted patches
* fixed Safe Mode Bypass [#188243] (standard.patch)
* upstream patches [php#37306, php#37416, php#37587, php#37720] [php#37576, php#37496, php#37341, php#37313, php#37256] (cgi_bugs.patch) [php#37346, php#37360] (gd-fixes.patch)
* fixed build inconsistences, added php-hash module [#173023]
* added pdo_odbc.so to php-odbc module [#190614]
* build without explicit safe_mode and magic_quotes (unneeded)
* removed useless GD --with-ttf configure option, only suitable for freetype 1
  
ICM