|
|
|
|
Changelog for php7-fastcgi-7.4.33-13.1.x86_64.rpm :
* Thu Aug 29 2024 Arjen de Korte - Fix build with GCC14 * Thu Jun 20 2024 pgajdosAATTsuse.com- drop unmaintained apache-rex usage * Thu Jun 20 2024 pgajdosAATTsuse.com- security update- added patches fix CVE-2024-2756 [bsc#1222857], host/secure cookie bypass due to partial fix + php7-CVE-2024-2756.patch fix CVE-2024-3096 [bsc#1222858], password_verify can erroneously return true, opening ATO risk + php7-CVE-2024-3096.patch fix CVE-2024-5458 [bsc#1226073], filter bypass in filter_var FILTER_VALIDATE_URL + php7-CVE-2024-5458.patch * Thu May 30 2024 Arjen de Korte - Fix check for newer versions of ICU + php7-fix-newer-versions-icu.patch * Thu Aug 24 2023 pgajdosAATTsuse.com- security update- added patches fix CVE-2023-3823 [bsc#1214106], XML loading external entity without being enabled + php7-CVE-2023-3823.patch fix CVE-2023-3824 [bsc#1214103], buffer overflows in phar_dir_read() + php7-CVE-2023-3824.patch * Thu Jun 15 2023 pgajdosAATTsuse.com- security update- added patches fix CVE-2023-3247 [bsc#1212349], Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP + php7-CVE-2023-3247.patch * Thu Apr 20 2023 Arjen de Korte - The %_restart_on_update macro was removed from systemd-rpm-macros. Remove %posttrans for FPM as it wasn\'t working as intended anyway. [boo#1210576] * Tue Mar 14 2023 pgajdosAATTsuse.com- fix potential buffer overflow [bsc#1208199]- modified patches % php-systzdata-v19.patch (refreshed) * Thu Feb 16 2023 Arjen de Korte - security update- added patches fix CVE-2023-0567 (Password_verify() always return true with some hash) + php7-CVE-2023-0567-a.patch and php7-CVE-2023-0567-b.patch fix CVE-2023-0568 (1-byte array overrun in common path resolve code) + php7-CVE-2023-0568.patch fix CVE-2023-0662 (DOS vulnerability when parsing multipart request body) + php7-CVE-2023-0662.patch * Mon Jan 09 2023 munix9AATTgooglemail.com- Add fix-NETSNMP_DISABLE_DES.patch to solve \"error: \'usmDESPrivProtocol\' undeclared\" on Factory/TW * Mon Jan 09 2023 pgajdosAATTsuse.com- security update- added patches fix CVE-2022-31631 [bsc#1206958], Due to an integer overflow PDO:quote() may return unquoted string + php7-CVE-2022-31631.patch * Thu Nov 10 2022 pgajdosAATTsuse.com- hardcode openssl version, openssl3 will not be supported https://www.php.net/manual/en/openssl.requirements.php * Thu Nov 03 2022 pgajdosAATTsuse.com- version update to 7.4.33 * This is security release that fixes an OOB read due to insufficient input validation in imageloadfont(), and a buffer overflow in hash_update() on long parameter. * CVE-2022-37454 [bsc#1204577], CVE-2022-31630 [bsc#1204979] https://www.php.net/ChangeLog-7.php#7.4.33 * Thu Sep 29 2022 pgajdosAATTsuse.com- version update to 7.4.32 * This is security release that addresses an infinite recursion with specially constructed phar files, and prevents a clash with variable name mangling for the __Host/__Secure HTTP headers. * CVEs fixed: CVE-2022-31628, CVE-2022-31629 https://www.php.net/ChangeLog-7.php#7.4.32 https://www.php.net/ChangeLog-7.php#7.4.31 * Fri Jun 10 2022 pgajdosAATTsuse.com- version update to 7.4.30 * This is a security release. https://www.php.net/ChangeLog-7.php#7.4.30 * Fri May 06 2022 pgajdosAATTsuse.com- security update [bsc#1197644]- added patches fix https://github.com/php/php-src/commit/771dbdb319fa7f90584f6b2cc2c54ccff570492d + php7-signedness-php_filter_validate_domain.patch * Wed Apr 20 2022 pgajdosAATTsuse.com- version update to 7.4.29: Core: No source changes to this release. This update allows for re-building the Windows binaries against upgraded dependencies which have received security updates. Date: Updated to latest IANA timezone database (2022a). * Mon Apr 11 2022 pgajdosAATTsuse.com- fpm %postrans: check whether sytemctl is available * Fri Apr 08 2022 Arjen de Korte - Disable build with \'-z now\' as it breaks the php-mysql extension [boo#1197994] * Thu Mar 31 2022 Arjen de Korte - build PHP-FPM with libacl support (boo#1196870) * Fri Feb 18 2022 Arjen de Korte - updated to 7.4.28: This is a security release (CVE-2021-21708). See https://www.php.net/ChangeLog-7.php#7.4.28 * Sun Jan 09 2022 Arjen de Korte - use /tmp to store session information (boo#1194414) % php-ini.patch * Thu Dec 16 2021 Arjen de Korte - updated to 7.4.27: This is a bug fix release. See https://www.php.net/ChangeLog-7.php#7.4.27 * Wed Dec 01 2021 Arjen de Korte - provide configuration for PHP-FPM out of the box (boo#1192414)- package missing php.ini for PHP-FPM (boo#1192672) * Thu Nov 18 2021 Arjen de Korte - updated to 7.4.26: This is a security release (CVE-2021-21707) which also contains several bug fixes. See https://www.php.net/ChangeLog-7.php#7.4.26 * Fri Oct 22 2021 Arjen de Korte - updated to 7.4.25: This is a security release (CVE-2021-21703) which also contains several bug fixes. See https://www.php.net/ChangeLog-7.php#7.4.25 * Mon Sep 27 2021 pgajdosAATTsuse.com- previous version updates fixes also: CVE-2020-7068,CVE-2020-7069,CVE-2020-7070,CVE-2020-7071, CVE-2021-21702,CVE-2021-21704,CVE-2021-21705 bsc#1175223,bsc#1177351,bsc#1177352,bsc#1180706, bsc#1182049,bsc#1188035,bsc#1188037 * Thu Sep 23 2021 Arjen de Korte - updated to 7.4.24: This is a security release (CVE-2021-21706) which also contains several bug fixes. See https://www.php.net/ChangeLog-7.php#7.4.24 * Wed Sep 15 2021 pgajdosAATTsuse.com- added patches https://github.com/php/php-src/commit/b3646440b1808abf0874b6f89027ce53ec5da03f + php7-gd-removed-unused-constants.patch * Thu Aug 26 2021 Arjen de Korte - updated to 7.4.23: This is a security release which also contains several bug fixes. See https://www.php.net/ChangeLog-7.php#7.4.23 * Thu Jul 29 2021 Arjen de Korte - updated to 7.4.22: This is a security and bug fix release. See https://www.php.net/ChangeLog-7.php#7.4.22 * Thu Jul 01 2021 Arjen de Korte - updated to 7.4.21: This is a security release which also contains several bug fixes. See https://www.php.net/ChangeLog-7.php#7.4.21 * Thu Jun 03 2021 Arjen de Korte - updated to 7.4.20: This is a bug fix release. See https://www.php.net/ChangeLog-7.php#7.4.20 * Thu May 06 2021 Arjen de Korte - updated to 7.4.19: This release reverts a bug related to PDO_pgsql that was introduced in PHP 7.4.18. * Fri Apr 30 2021 Arjen de Korte - updated to 7.4.18: This is a security bug fix release. See https://www.php.net/ChangeLog-7.php#7.4.18 * Tue Apr 13 2021 Arjen de Korte - Do not hard-depend on systemd: use systemd_ordering instead of systemd_requires. * Thu Mar 04 2021 Arjen de Korte - updated to 7.4.16: This is a bug fix release. See https://www.php.net/ChangeLog-7.php#7.4.16 * Mon Feb 01 2021 Arjen de Korte - updated to 7.4.15: This is a security release which also contains several bug fixes. See https://www.php.net/ChangeLog-7.php#7.4.15- suppress warning for all flavors not equal to \"\" in multibuild % php7.rpmlintrc * Fri Jan 29 2021 Arjen de Korte - add versioning to php-sapi as well * Sat Jan 23 2021 Arjen de Korte - require this PHP version of subpackages in Recommends/Suggests- run apache-rex tests in php7:test as packages need to be build first (otherwise tests run with previous version) * Sun Jan 17 2021 Arjen de Korte - add php_cfgdir and php_extdir macros * Fri Jan 15 2021 Arjen de Korte - deleted patch (redundant cast, both sides are already signed int) - php-odbc-cmp-int-cast.patch * Wed Jan 13 2021 Arjen de Korte - install php7-cli if no sapi is selected upon php7 installation- add conflicts with earlier version of php-cli, php-fastcgi and php-fpm * Mon Jan 11 2021 Arjen de Korte - put CLI binary in -cli subpackage so that other moduldes can depend on the php base package that remains (and provides files and maps common for all) * Fri Jan 08 2021 Arjen de Korte - use pkgconfig() to resolve BuildRequires where upstream uses it too- since php-7.4.0 when using --with-external-gd the configure options - -with-xpm, --with-freetype and --with-jpeg are not needed anymore (and neither are the respective BuildRequires)- add Recommends: php-openssl as many modules can optionally use it- use new %ldconfig macros in Tumbleweed * Thu Jan 07 2021 Arjen de Korte - build the MySQL Native Driver as a shared module (rather than builtin) to prevent a hard requirement for OpenSSL in the CLI * Thu Jan 07 2021 Arjen de Korte - updated to 7.4.14: This is a security release which also contains several bug fixes. See https://www.php.net/ChangeLog-7.php#7.4.14- make phar SOURCE_DATE_EPOCH aware so the timestamps in phar.phar are reproducible and sort filelist to include + php-build-reproducible-phar.patch + php-sort-filelist-phar.patch * Wed Jan 06 2021 Arjen de Korte - fix build failure for SLE_15 * Wed Jan 06 2021 pgajdosAATTsuse.com- deleted patches - php-openssl.patch (undocumented and not upstreamed patch for a long time) - php7-arm-build-fixes.patch (do not build for SLE12 anymore) - php-pts.patch (undocumented and not upstreamed patch for a long time)- improved patch documentation * Tue Jan 05 2021 pgajdosAATTsuse.com- use cli sapi php-config --libs * Mon Jan 04 2021 Arjen de Korte - build devel subpackage in cli configuration (otherwise include files for shared modules are missing) * Sun Jan 03 2021 Arjen de Korte - php-phar requires the php-zlib extension- trim specfile lint
|
|
|