|
|
|
|
Changelog for php8-fastcgi-8.4.0RC2-1.1.i586.rpm :
* Mon Oct 14 2024 Arjen de Korte - version update to 8.4.0RC2 * Testing * Sat Sep 28 2024 Thorsten Kukuk - Add /srv/www directories to filelist [bsc#1231027] * Thu Sep 26 2024 Arjen de Korte - version update to 8.4.0RC1 * Testing * Thu Sep 26 2024 Arjen de Korte - version update to 8.3.12 CGI: Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection Vulnerability). (CVE-2024-8926) Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassable due to the environment variable collision). (CVE-2024-8927) Core: Fixed bug GH-15408 (MSan false-positve on zend_max_execution_timer). Fixed bug GH-15515 (Configure error grep illegal option q). Fixed bug GH-15514 (Configure error: genif.sh: syntax error). Fixed bug GH-15565 (--disable-ipv6 during compilation produces error EAI_SYSTEM not found). Fixed bug GH-15587 (CRC32 API build error on arm 32-bit). Fixed bug GH-15330 (Do not scan generator frames more than once). Fixed uninitialized lineno in constant AST of internal enums. Curl: Fixed bug GH-15547 (curl_multi_select overflow on timeout argument). DOM: Fixed bug GH-15551 (Segmentation fault (access null pointer) in ext/dom/xml_common.h). Fixed bug GH-15654 (Signed integer overflow in ext/dom/nodelist.c). Fileinfo: Fixed bug GH-15752 (Incorrect error message for finfo_file with an empty filename argument). FPM: Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered). (CVE-2024-9026) MySQLnd: Fixed bug GH-15432 (Heap corruption when querying a vector). Opcache: Fixed bug GH-15661 (Access null pointer in Zend/Optimizer/zend_inference.c). Fixed bug GH-15658 (Segmentation fault in Zend/zend_vm_execute.h). SAPI: Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data). (CVE-2024-8925) Standard: Fixed bug GH-15552 (Signed integer overflow in ext/standard/scanf.c). Streams: Fixed bug GH-15628 (php_stream_memory_get_buffer() not zero-terminated). * Fri Aug 30 2024 pgajdosAATTsuse.com- version update to 8.3.11 Core: Fixed bug GH-15020 (Memory leak in Zend/Optimizer/escape_analysis.c). Fixed bug GH-15023 (Memory leak in Zend/zend_ini.c). Fixed bug GH-13330 (Append -Wno-implicit-fallthrough flag conditionally). Fix uninitialized memory in network.c. Fixed bug GH-15108 (Segfault when destroying generator during shutdown). Fixed bug GH-15275 (Crash during GC of suspended generator delegate). Curl: Fixed case when curl_error returns an empty string. DOM: Fix UAF when removing doctype and using foreach iteration. FFI: Fixed bug GH-14286 (ffi enum type (when enum has no name) make memory leak). Hash: Fix crash when converting array data for array in shm in xxh3. Intl: Fixed bug GH-15087 (IntlChar::foldCase()\'s $option is not optional). Opcache: Fixed bug GH-13817 (Segmentation fault for enabled observers after pass 4). Fixed bug GH-13775 (Memory leak possibly related to opcache SHM placement). Output: Fixed bug GH-15179 (Segmentation fault (null pointer dereference) in ext/standard/url_scanner_ex.re). PDO_Firebird: Fix bogus fallthrough path in firebird_handle_get_attribute(). PHPDBG: Fixed bug GH-13199 (EOF emits redundant prompt in phpdbg local console mode with libedit/readline). Fixed bug GH-15268 (heap buffer overflow in phpdbg (zend_hash_num_elements() Zend/zend_hash.h)). Fixed bug GH-15210 use-after-free on watchpoint allocations. Soap: Fixed bug #55639 (Digest autentication dont work). Fix SoapFault property destruction. Fixed bug GH-15252 (SOAP XML broken since PHP 8.3.9 when using classmap constructor option). Standard: Fix passing non-finite timeout values in stream functions. Fixed GH-14780 p(f)sockopen timeout overflow. Streams: Fixed bug GH-15028 (Memory leak in ext/phar/stream.c). Fixed bug GH-15034 (Integer overflow on stream_notification_callback byte_max parameter with files bigger than 2GB). Reverted fix for GH-14930 (Custom stream wrapper dir_readdir output truncated to 255 characters). Tidy: Fix memory leaks in ext/tidy basedir restriction code. * Fri Aug 16 2024 Arjen de Korte - version update to 8.3.10 Core: Fixed bug GH-13922 (Fixed support for systems with sysconf(_SC_GETPW_R_SIZE_MAX) == -1). Fixed bug GH-14626 (Fix is_zend_ptr() for huge blocks). Fixed bug GH-14590 (Memory leak in FPM test gh13563-conf-bool-env.phpt. Fixed OSS-Fuzz #69765. Fixed bug GH-14741 (Segmentation fault in Zend/zend_types.h). Fixed bug GH-14969 (Use-after-free in property coercion with __toString()). Dom: Fixed bug GH-14702 (DOMDocument::xinclude() crash). Fileinfo: Fixed bug GH-14888 (README.REDIST.BINS refers to non-existing LICENSE). Gd: ext/gd/tests/gh10614.phpt: skip if no PNG support. restored warning instead of fata error. LibXML: Fixed bug GH-14563 (Build failure with libxml2 v2.13.0). Opcache: Fixed bug GH-14550 (No warning message when Zend DTrace is enabled that opcache.jit is implictly disabled). Output: Fixed bug GH-14808 (Unexpected null pointer in Zend/zend_string.h with empty output buffer). PDO: Fixed bug GH-14712 (Crash with PDORow access to null property). Phar: Fixed bug GH-14603 (null string from zip entry). PHPDBG: Fixed bug GH-14596 (crashes with ASAN and ZEND_RC_DEBUG=1). Fixed bug GH-14553 (echo output trimmed at NULL byte). Shmop: Fixed bug GH-14537 (shmop Windows 11 crashes the process). SPL: Fixed bug GH-14639 (Member access within null pointer in ext/spl/spl_observer.c). Standard: Fixed bug GH-14775 (range function overflow with negative step argument). Fix 32-bit wordwrap test failures. Fixed bug GH-14774 (time_sleep_until overflow). Streams: Fixed bug GH-14930 (Custom stream wrapper dir_readdir output truncated to 255 characters in PHP 8.3). Tidy: Fix memory leak in tidy_repair_file(). Treewide: Fix compatibility with libxml2 2.13.2. XML: Move away from to-be-deprecated libxml fields. Fixed bug GH-14834 (Error installing PHP when --with-pear is used). * Sun Jul 07 2024 pgajdosAATTsuse.com- version update to 8.3.9 Core: Fixed bug GH-14315 (Incompatible pointer type warnings). Fixed bug GH-12814 (max_execution_time reached too early on MacOS 14 when running on Apple Silicon). Fixed bug GH-14387 (Crash when stack walking in destructor of yielded from values during Generator->throw()). Fixed bug GH-14456 (Attempting to initialize class with private constructor calls destructor). Fixed bug GH-14510 (memleak due to missing pthread_attr_destroy()-call). Fixed bug GH-14549 (Incompatible function pointer type for fclose). BCMatch: Fixed bug (bcpowmod() with mod = -1 returns 1 when it must be 0). Curl: Fixed bug GH-14307 (Test curl_basic_024 fails with curl 8.8.0). DOM: Fixed bug GH-14343 (Memory leak in xml and dom). FPM: Fixed bug GH-14037 (PHP-FPM ping.path and ping.response config vars are ignored in status pool). GD: Fix parameter numbers for imagecolorset(). Intl: Fix reference handling in SpoofChecker. MySQLnd: Partially fix bug GH-10599 (Apache crash on Windows when using a self-referencing anonymous function inside a class with an active mysqli connection). Opcache: Fixed bug GH-14267 (opcache.jit=off does not allow enabling JIT at runtime). Fixed TLS access in JIT on FreeBSD/amd64. Fixed bug GH-11188 (Error when building TSRM in ARM64). PDO ODBC: Fixed bug GH-14367 (incompatible SDWORD type with iODBC). PHPDBG: Fixed bug GH-13681 (segfault on watchpoint addition failure). Soap: Fixed bug #47925 (PHPClient can\'t decompress response). Fix missing error restore code. Fix memory leak if calling SoapServer::setObject() twice. Fix memory leak if calling SoapServer::setClass() twice. Fix reading zlib ini settings in ext-soap. Fix memory leaks with string function name lookups. Fixed bug #69280 (SoapClient classmap doesn\'t support fully qualified class name). Fixed bug #76232 (SoapClient Cookie Header Semicolon). Fixed memory leaks when calling SoapFault::__construct() twice. Sodium: Fix memory leaks in ext/sodium on failure of some functions. SPL: Fixed bug GH-14290 (Member access within null pointer in extension spl). Standard: Fixed bug GH-14483 (Fixed off-by-one error in checking length of abstract namespace Unix sockets). Streams: Fixed bug GH-11078 (PHP Fatal error triggers pointer being freed was not allocated and malloc: double free for ptr errors). * Thu Jun 20 2024 pgajdosAATTsuse.com- drop unmaintained apache-rex usage * Fri Jun 07 2024 pgajdosAATTsuse.com- version update to 8.3.8 [bsc#1226073] CGI: Fixed buffer limit on Windows, replacing read call usage by _read. Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection in PHP-CGI). (CVE-2024-4577) CLI: Fixed bug GH-14189 (PHP Interactive shell input state incorrectly handles quoted heredoc literals.). Core: Fixed bug GH-13970 (Incorrect validation of #[Attribute] flags type for non-compile-time expressions). DOM: Fix crashes when entity declaration is removed while still having entity references. Fix references not handled correctly in C14N. Fix crash when calling childNodes next() when iterator is exhausted. Fix crash in ParentNode::append() when dealing with a fragment containing text nodes. Filter: Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL). (CVE-2024-5458) FPM: Fix bug GH-14175 (Show decimal number instead of scientific notation in systemd status). Hash: ext/hash: Swap the checking order of `__has_builtin` and `__GNUC__` (Saki Takamachi) Intl: Fixed build regression on systems without C++17 compilers. MySQLnd: Fix bug GH-14255 (mysqli_fetch_assoc reports error from nested query). Opcache: Fixed bug GH-14109 (Fix accidental persisting of internal class constant in shm). OpenSSL: The openssl_private_decrypt function in PHP and Marvin attack. Standard: Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874). (CVE-2024-5585) XML: Fixed bug GH-14124 (Segmentation fault with XML extension under certain memory limit). XMLReader: Fixed bug GH-14183 (XMLReader::open() can\'t be overridden).- modified patches % php-build-reproducible-phar.patch (refreshed) * Thu May 09 2024 pgajdosAATTsuse.com- version update to 8.3.7 Core: Fixed zend_call_stack build with Linux/uclibc-ng without thread support. Fixed bug GH-13772 (Invalid execute_data->opline pointers in observer fcall handlers when JIT is enabled). Fixed bug GH-13931 (Applying zero offset to null pointer in Zend/zend_opcode.c). Fixed bug GH-13942 (Align the behavior of zend-max-execution-timers with other timeout implementations). Fixed bug GH-14003 (Broken cleanup of unfinished calls with callable convert parameters). Fixed bug GH-14013 (Erroneous dnl appended in configure). Fixed bug GH-10232 (If autoloading occurs during constant resolution filename and lineno are identified incorrectly). Fixed bug GH-13727 (Missing void keyword). Fibers: Fixed bug GH-13903 (ASAN false positive underflow when executing copy()). Fileinfo: Fixed bug GH-13795 (Test failing in ext/fileinfo/tests/bug78987.phpt on big-endian PPC). FPM: Fixed bug GH-13563 (Setting bool values via env in FPM config fails). Intl: Fixed build for icu 74 and onwards. MySQLnd: Fix shift out of bounds on 32-bit non-fast-path platforms. Opcache: Fixed bug GH-13433 (Segmentation Fault in zend_class_init_statics when using opcache.preload). Fixed incorrect assumptions across compilation units for static calls. OpenSSL: Fixed bug GH-10495 (feof on OpenSSL stream hangs indefinitely). PDO SQLite: Fix GH-13984 (Buffer size is now checked before memcmp). Fix GH-13998 (Manage refcount of agg_context->val correctly). Phar: Fixed bug GH-13836 (Renaming a file in a Phar to an already existing filename causes a NULL pointer dereference). Fixed bug GH-13833 (Applying zero offset to null pointer in zend_hash.c). Fix potential NULL pointer dereference before calling EVP_SignInit. PHPDBG: Fixed bug GH-13827 (Null pointer access of type \'zval\' in phpdbg_frame). Posix: Fix usage of reentrant functions in ext/posix. Session: Fixed bug GH-13856 (Member access within null pointer of type \'ps_files\' in ext/session/mod_files.c). Fixed bug GH-13891 (memleak and segfault when using ini_set with session.trans_sid_hosts). Fixed buffer _read/_write size limit on windows for the file mode. Streams: Fixed file_get_contents() on Windows fails with \"errno=22 Invalid argument\". Fixed bug GH-13264 (Part 1 - Memory leak on stream filter failure). Fixed bug GH-13860 (Incorrect PHP_STREAM_OPTION_CHECK_LIVENESS case in ext/openssl/xp_ssl.c - causing use of dead socket). Fixed bug GH-11678 (Build fails on musl 1.2.4 - lfs64). Treewide: Fix gcc-14 Wcalloc-transposed-args warnings. * Fri Apr 12 2024 pgajdosAATTsuse.com- version update to 8.3.6 [bsc#1222857] [bsc#1222858] Core: Fixed GH-13569 (GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when scanning WeakMaps). Fixed bug GH-13612 (Corrupted memory in destructor with weak references). Fixed bug GH-13446 (Restore exception handler after it finishes). Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor). DOM: Add some missing ZPP checks. Fix potential memory leak in XPath evaluation results. FPM: Fixed GH-11086 (FPM: config test runs twice in daemonised mode). Fix incorrect check in fpm_shm_free(). GD: Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). Gettext: Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL. MySQLnd: Fix GH-13452 (Fixed handshake response [mysqlnd]). Fix incorrect charset length in check_mb_eucjpms(). Opcache: Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null). Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded). Random: Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes). Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used). Session: Fixed bug GH-13680 (Segfault with session_decode and compilation error). SPL: Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). Standard: Fixed bug GH-11808 (Live filesystem modified by tests). Fixed GH-13402 (Added validation of `\ ` in $additional_headers of mail()). Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows). Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756) Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) Fixed bug GHSA-fjp9-9hwx-59fq (mb_encode_mimeheader runs endlessly for some inputs). (CVE-2024-2757) Fix bug GH-13932 (Attempt to fix mbstring on windows build) (msvc). * Tue Mar 19 2024 pgajdosAATTsuse.com- version update to 8.3.4 * This is a bug fix release. * Wed Mar 06 2024 Pedro Monreal - Use the system default cipher list instead of hardcoded values by using crypto-policies. [bsc#1211301] * Use the --with-system-ciphers configure option. * Fri Feb 16 2024 pgajdosAATTsuse.com- version update to 8.3.3 * A bugfix release.- modified patches % php-build-reproducible-phar.patch (refreshed) * Thu Jan 18 2024 pgajdosAATTsuse.com- version update to 8.3.2 * This is a bug fix release.- modified patches % php-ar-flags.patch (refreshed) % php-build-reproducible-phar.patch (refreshed) * Wed Dec 27 2023 Manu Maier - version update to 8.3.1 * This is a bug fix release. https://www.php.net/ChangeLog-8.php#8.3.1 * Fri Nov 24 2023 pgajdosAATTsuse.com- version update to 8.3.0 * https://www.php.net/releases/8.3/en.php * Typed class constants * Dynamic class constant fetch * New #[\\Override] attribute * Deep-cloning of readonly properties * New json_validate() function * New Randomizer::getBytesFromString() method * New Randomizer::getFloat() and Randomizer::nextFloat() methods * New DOMElement::getAttributeNames(), DOMElement::insertAdjacentElement(), DOMElement::insertAdjacentText(), DOMElement::toggleAttribute(), DOMNode::contains(), DOMNode::getRootNode(), DOMNode::isEqualNode(), DOMNameSpaceNode::contains(), and DOMParentNode::replaceChildren() methods. * New IntlCalendar::setDate(), IntlCalendar::setDateTime(), IntlGregorianCalendar::createFromDate(), and IntlGregorianCalendar::createFromDateTime() methods. * New ldap_connect_wallet(), and ldap_exop_sync() functions. * New mb_str_pad() function. * New posix_sysconf(), posix_pathconf(), posix_fpathconf(), and posix_eaccess() functions. * New ReflectionMethod::createFromMethodName() method. * New socket_atmark() function. * New str_increment(), str_decrement(), and stream_context_set_options() functions. * New ZipArchive::getArchiveFlag() method. * Support for generation EC keys with custom EC parameters in OpenSSL extension. * New INI setting zend.max_allowed_stack_size to set the maximum allowed stack size. * php.ini now supports fallback/default value syntax. * Anonymous classes can now be readonly. * https://www.php.net/ChangeLog-8.php#PHP_8_3- modified patches % php-ar-flags.patch (refreshed) % php-build-reproducible-phar.patch (refreshed) % php-ini.patch (refreshed)- modified sources % php8.keyring- deleted patches - php-systzdata-v23.patch- added patches + php-systzdata-v24.patch * Fri Nov 24 2023 pgajdosAATTsuse.com- version update to 8.2.13 * This is a bug fix release. https://www.php.net/ChangeLog-8.php#8.2.13 * Thu Oct 26 2023 pgajdosAATTsuse.com- version update to 8.2.12 * This is a bug fix release. https://www.php.net/ChangeLog-8.php#8.2.12 * Fri Sep 29 2023 pgajdosAATTsuse.com- version update to 8.2.11 * This is a bug fix release. * https://www.php.net/ChangeLog-8.php#8.2.11 * Tue Sep 26 2023 pgajdosAATTsuse.com- add missing references to rpm changelog- 15sp4 only: [bsc#1200772], [jsc#SLE-24723] add pecl, pear [jsc#SLE-23639] version update * Fri Sep 01 2023 Bernhard Wiedemann - Use %make_build macro * Fri Sep 01 2023 pgajdosAATTsuse.com- version update to 8.2.10 * This is a bug fix release. * https://www.php.net/ChangeLog-8.php#8.2.10 * Tue Aug 22 2023 pgajdosAATTsuse.com- version update to 8.2.9 * This is a security release. * Fixes CVE-2023-3824 [bsc#1214103] and CVE-2023-3823 [bsc#1214106] * https://www.php.net/ChangeLog-8.php#8.2.9- deleted patches - php-unicode-allow-redistribution.patch (upstreamed)- deleted sources - repack.sh (not needed) * Mon Jul 17 2023 pgajdosAATTsuse.com- version update to 8.2.8 * This is a bug fix release. * https://www.php.net/ChangeLog-8.php#8.2.8- modified patches % php-sort-filelist-phar.patch (refreshed) * Thu Jun 22 2023 pgajdosAATTsuse.com- version update to 8.2.7 * Readonly classes * Disjunctive Normal Form (DNF) Types * Allow null, false, and true as stand-alone types * New \"Random\" extension * Constants in traits * Deprecate dynamic properties * for details, see https://www.php.net/releases/8.2/en.php https://www.php.net/manual/en/migration82.php- modified patches % php-ar-flags.patch (refreshed) % php-build-reproducible-phar.patch (refreshed) % php-date-regenerate-lexers.patch (refreshed) % php-ini.patch (refreshed) % php-systzdata-v23.patch (refreshed)- CVE-2023-3247 [bsc#1212349] * Tue May 30 2023 pgajdosAATTsuse.com- version update to 8.1.20 * This is a security release. * https://www.php.net/ChangeLog-8.php#8.1.20- force to repack tarball after update https://github.com/php/php-src/issues/11300- session.save_path set to /var/lib/php8/sessions in mod_php8.conf and www.conf php-fpm pool example- modified sources % mod_php8.conf- added sources + repack.sh + php-unicode-allow-redistribution.patch * Thu May 25 2023 pgajdosAATTsuse.com- repack the tarball temporarily [bsc#1211648] * Tue May 23 2023 pgajdosAATTsuse.com- also MIT license (systzdata patch, ext/date/lib/parse_posix.c) [https://build.suse.de/request/show/298230] * Fri May 12 2023 pgajdosAATTsuse.com- version update to 8.1.19 * This is a bug fix release. * https://www.php.net/ChangeLog-8.php#8.1.19- modified patches % php-ar-flags.patch (refreshed) % php-build-reproducible-phar.patch (refreshed) % php-ini.patch (refreshed) % php-systzdata-v23.patch (refreshed) * Wed May 10 2023 pgajdosAATTsuse.com- downgrade back to 8.1.18 https://lists.opensuse.org/archives/list/factoryAATTlists.opensuse.org/thread/4ADCEV2FII7J5FZEWREFETTEVX7CDUSR/ * Thu May 04 2023 pgajdosAATTsuse.com- version update to 8.2.5 * Readonly classes * Disjunctive Normal Form (DNF) Types * Allow null, false, and true as stand-alone types * New \"Random\" extension * Constants in traits * Deprecate dynamic properties * for details, see https://www.php.net/releases/8.2/en.php https://www.php.net/manual/en/migration82.php- modified patches % php-ar-flags.patch (refreshed) % php-build-reproducible-phar.patch (refreshed) % php-ini.patch (refreshed)- deleted patches - php-crypt-tests.patch (not needed)- modified sources % php8.keyring * Thu Apr 20 2023 Arjen de Korte - The %_restart_on_update macro was removed from systemd-rpm-macros. Remove %posttrans for FPM as it wasn\'t working as intended anyway. [boo#1210576] * Fri Apr 14 2023 pgajdosAATTsuse.com- version update to 8.1.18 * This is a bug fix release. https://www.php.net/ChangeLog-8.php#8.1.18- modified patches % php-ar-flags.patch (refreshed) % php-build-reproducible-phar.patch (refreshed) % php-ini.patch (refreshed) * Thu Mar 16 2023 pgajdosAATTsuse.com- version update to 8.1.17 * This is a bug fix release. https://www.php.net/ChangeLog-8.php#8.1.17 * Tue Mar 14 2023 pgajdosAATTsuse.com- update to newest systzdata patch [bsc#1208199]- deleted patches - php-systzdata-v21.patch (upstreamed)- added patches fix use of the system timezone database + php-systzdata-v23.patch * Sun Mar 05 2023 Aeneas Jaißle - add \"/usr/share/php\" to include_path * Fri Mar 03 2023 pgajdosAATTsuse.com- allow to specify load order of extensions in %{php_sysconf}/conf.d [bsc#1205162] * Sat Feb 25 2023 Arjen de Korte - change to %bcond conditional build dependencies * Thu Feb 16 2023 pgajdosAATTsuse.com- version update to 8.1.16 * This is a security release that addresses CVE-2023-0567, CVE-2023-0568, and CVE-2023-0662. ([bsc#1208366], [bsc#1208367], [bsc#1208388]) * https://www.php.net/ChangeLog-8.php#8.1.16 * Fri Feb 03 2023 pgajdosAATTsuse.com- version update to 8.1.15 * This is a bug fix release. * https://www.php.net/ChangeLog-8.php#8.1.15 * Fri Jan 06 2023 pgajdosAATTsuse.com- version update to 8.1.14 * This is a security release. * fixed: CVE-2022-31631 [bsc#1206958] * https://www.php.net/ChangeLog-8.php#8.1.14 * Wed Nov 30 2022 pgajdosAATTsuse.com- amend %preun to fix [bsc#1205782] * Fri Nov 25 2022 pgajdosAATTsuse.com- version update to 8.1.13 * This is a bug fix release. * https://www.php.net/ChangeLog-8.php#8.1.13 * Mon Oct 31 2022 pgajdosAATTsuse.com- version update to 8.1.12 * This is a security release. * fixed: CVE-2022-31630 [bsc#1204979], CVE-2022-37454 [bsc#1204577] * https://www.php.net/ChangeLog-8.php#8.1.12 * Thu Sep 29 2022 pgajdosAATTsuse.com- version update to 8.1.11 * This is a security release. * CVEs fixed: CVE-2022-31628 [bsc#1203867], CVE-2022-31629 [bsc#1203870] https://www.php.net/ChangeLog-8.php#8.1.11 * Fri Sep 02 2022 pgajdosAATTsuse.com- version update to 8.1.10 * This is a bug fix release. https://www.php.net/ChangeLog-8.php#8.1.10 * Fri Aug 19 2022 pgajdosAATTsuse.com- version update to 8.1.9 * This is a bug fix release. https://www.php.net/ChangeLog-8.php#8.1.9 * Mon Jul 18 2022 pgajdosAATTsuse.com- version update to 8.1.8 * This is a security release. https://www.php.net/ChangeLog-8.php#8.1.8- fixes CVE-2022-31627 [bsc#1201499] * Fri Jun 10 2022 pgajdosAATTsuse.com- version update to 8.1.7 * This is a security release. https://www.php.net/ChangeLog-8.php#8.1.7 * CVE-2022-31625 [bsc#1200645] * CVE-2022-31626 [bsc#1200628] * Wed May 25 2022 pgajdosAATTsuse.com- version update to 8.1.6: * This is a bug fix release. https://www.php.net/ChangeLog-8.php#8.1.6 * Wed Apr 20 2022 pgajdosAATTsuse.com- version update to 8.1.5: * This is a bug fix release. https://www.php.net/ChangeLog-8.php#8.1.5 * [bsc#1197644] * Mon Apr 11 2022 pgajdosAATTsuse.com- fpm %postrans: check whether sytemctl is available * Fri Apr 08 2022 Arjen de Korte - Disable build with \'-z now\' as it breaks the php-mysql extension [boo#1197994] * Thu Mar 31 2022 Arjen de Korte - build PHP-FPM with libacl support (boo#1196870) * Thu Mar 17 2022 Arjen de Korte - updated to 8.1.4: This is a bug fix release. See https://www.php.net/ChangeLog-8.php#8.1.4 * Fri Feb 25 2022 Dominique Leuenberger - Fix boolean dep supplements: add parantheses. Without parantheses, this results in three separate supplements, against \'php-fpm\', \'and\', and \'apache2\' (boo#1196492). * Fri Feb 18 2022 Arjen de Korte - updated to 8.1.3: This is a security release (CVE-2021-21708 [bsc#1196252]) which also contains several bug fixes. See https://www.php.net/ChangeLog-8.php#8.1.3 * Fri Feb 11 2022 Arjen de Korte - provide an Apache configuration for PHP-FPM + php8-fpm.conf * Fri Jan 28 2022 Arjen de Korte - update keyring to include PHP 8.1 release managers signing keys % php8.keyring * Thu Jan 20 2022 Arjen de Korte - updated to 8.1.2: This is a bug fix release. See https://www.php.net/ChangeLog-8.php#8.1.2- updated to 8.1.1: This is a bug fix release. See https://www.php.net/ChangeLog-8.php#8.1.1- update to 8.1.0: This release marks the latest major release of the PHP language. See https://www.php.net/ChangeLog-8.php#8.1.0- cleanup php8.rpmlintrc- build ffi extension (experimental)- enable avif support for gd extension- rebased patches % php-ar-flags.patch % php-crypt-tests.patch % php-ini.patch % php-build-reproducible-phar.patch- deleted patches - php-systzdata-v20.patch - php8-gd-removed-unused-constants.patch- added patch + php-systzdata-v21.patch * Thu Jan 20 2022 Arjen de Korte - updated to 8.0.15: This is a bug fix release. See https://www.php.net/ChangeLog-8.php#8.0.15 * Sun Jan 09 2022 Arjen de Korte - use /tmp to store session information (boo#1194414) % php-ini.patch * Fri Dec 17 2021 Arjen de Korte - updated to 8.0.14: This is a bug fix release. See https://www.php.net/ChangeLog-8.php#8.0.14 * Wed Dec 01 2021 Arjen de Korte - provide configuration for PHP-FPM out of the box (boo#1192414)- package missing php.ini for PHP-FPM (boo#1192672) * Fri Nov 19 2021 Arjen de Korte - updated to 8.0.13: This is a security release (CVE-2021-21707 [bsc#1193041]) which also contains several bug fixes. See https://www.php.net/ChangeLog-8.php#8.0.13 * Thu Oct 21 2021 Arjen de Korte - updated to 8.0.12: This is a security release (CVE-2021-21703 [bsc#1192050]) which also contains several bug fixes. See https://www.php.net/ChangeLog-8.php#8.0.12 * Thu Sep 23 2021 Arjen de Korte - updated to 8.0.11: This is a security release fixing CVE-2021-21706. See https://www.php.net/ChangeLog-8.php#8.0.11 * Thu Sep 23 2021 pgajdosAATTsuse.com- added patches fix https://github.com/php/php-src/commit/b3646440b1808abf0874b6f89027ce53ec5da03f + php8-gd-removed-unused-constants.patch * Thu Aug 26 2021 Arjen de Korte - updated to 8.0.10: This is a security release which also contains several bug fixes. See https://www.php.net/ChangeLog-8.php#8.0.10- deleted patch - php-systzdata-v19.patch- added patch + php-systzdata-v20.patch * Wed Aug 04 2021 Marcus Rueckert - fix apparmor support: seems it requires a configure flag now. * Thu Jul 29 2021 Arjen de Korte - updated to 8.0.9: This is a bug fix release. See https://www.php.net/ChangeLog-8.php#8.0.9 * Thu Jul 01 2021 Arjen de Korte - updated to 8.0.8: This is a security release which also contains several bug fixes. See https://www.php.net/ChangeLog-8.php#8.0.8 * Fri Jun 04 2021 Arjen de Korte - updated to 8.0.7: This is a bug fix release. See https://www.php.net/ChangeLog-8.php#8.0.7 * Thu Jun 03 2021 Arjen de Korte - updated to 8.0.6: This release reverts a bug related to PDO_pgsql that was introduced in PHP 8.0.5. * Thu Apr 29 2021 Arjen de Korte - updated to 8.0.5: This is a bug fix release. See https://www.php.net/ChangeLog-8.php#8.0.5 * Tue Apr 13 2021 Arjen de Korte - Do not hard-depend on systemd: use systemd_ordering instead of systemd_requires. * Tue Mar 09 2021 pgajdosAATTsuse.com- instead of [bsc#1183180]- modified sources % mod_php8.conf * Thu Mar 04 2021 Arjen de Korte - updated to 8.0.3: This is a bug fix release. See https://www.php.net/ChangeLog-8.php#8.0.3 * Mon Feb 01 2021 Arjen de Korte - updated to 8.0.2: This is a bug fix release. See https://www.php.net/ChangeLog-8.php#8.0.2- suppress warning for all flavors not equal to \"\" in multibuild and obsoletes for php7 % php8.rpmlintrc * Fri Jan 29 2021 Arjen de Korte - add conflicts with earlier versions of php (boo#1181292) * Thu Jan 28 2021 Arjen de Korte - update contents of configuration file (still referenced php7) % mod_php8.conf * Sat Jan 23 2021 Arjen de Korte - require this PHP version of subpackages in Recommends/Suggests- run apache-rex tests in php8:test as packages need to be build first (otherwise tests run with previous version) * Mon Jan 18 2021 Arjen de Korte - add conflicts with earlier version of php-devel and php-phar- add obsoletes for all subtargets that don\'t have conflicts yet- add php_cfgdir and php_extdir macros * Fri Jan 15 2021 Arjen de Korte - replace php8.keyring with signatures for PHP-8 release managers * Fri Jan 15 2021 Arjen de Korte - deleted patch (redundant cast, both sides are already signed int) - php-odbc-cmp-int-cast.patch * Wed Jan 13 2021 Arjen de Korte - install php8-cli if no sapi is selected upon php8 installation- add conflicts with earlier version of php-cli, php-fastcgi and php-fpm * Mon Jan 11 2021 Arjen de Korte - put CLI binary in -cli subpackage so that other moduldes can depend on the php base package that remains (and provides files and maps common for all)- remove Obsoletes: php5- * * Fri Jan 08 2021 Arjen de Korte - updated to 8.0.1: This is a bug fix release. See https://www.php.net/ChangeLog-8.php#8.0.1- use pkgconfig() to resolve BuildRequires where upstream uses it too- since php-7.4.0 when using --with-external-gd the configure options - -with-xpm, --with-freetype and --with-jpeg are not needed anymore (and neither are the respective BuildRequires)- build the MySQL Native Driver as a shared module (rather than builtin) to prevent a hard requirement for OpenSSL in the CLI- add Recommends: php-openssl as many modules can optionally use it- use new %ldconfig macros in Tumbleweed- change PEAR dir to /usr/share/php/PEAR * Fri Jan 08 2021 pgajdosAATTsuse.com- install mod_php8 directly- note it provides php_module instead of php8_module per upstream change * Thu Jan 07 2021 pgajdosAATTsuse.com- install embed\'s libphp8.so directly- deleted patches - php-embed.patch (not needed) * Wed Jan 06 2021 pgajdosAATTsuse.com- deleted patches - php-openssl.patch (undocumented and not upstreamed patch for a long time) - php7-arm-build-fixes.patch (do not build for SLE12 anymore) - php-pts.patch (undocumented and not upstreamed patch for a long time)- imporved patch documentation * Tue Jan 05 2021 pgajdosAATTsuse.com- use cli sapi php-config --libs * Sun Jan 03 2021 Arjen de Korte - php-phar requires the php-zlib extension- trim specfile lint
|
|
|