Changelog for
php56-pgsql-5.6.40-lp153.47.2.x86_64.rpm :
* Fri May 13 2022 pgajdosAATTsuse.com- security update- added patches fix CVE-2015-9253 [bsc#1081790], The php-fpm master process restarts a child process in an endless loop when using program execution functions + php5-CVE-2015-9253.patch fix CVE-2021-21702 [bsc#1182049], NULL pointer dereference in SoapClient + php5-CVE-2021-21702.patch fix CVE-2021-21703 [bsc#1192050], Local privilege escalation via PHP-FPM + php5-CVE-2021-21703.patch fix CVE-2021-21704 [bsc#1188035], security issues in pdo_firebase module + php5-CVE-2021-21704.patch fix CVE-2021-21705 [bsc#1188037], SSRF bypass in FILTER_VALIDATE_URL + php5-CVE-2021-21705.patch fix CVE-2021-21707 [bsc#1193041], special character breaks path in xml parsing + php5-CVE-2021-21707.patch
* Mon Nov 08 2021 Jon Brightwell
- openssl 1.1 patch
* Mon Jan 11 2021 pgajdosAATTsuse.com- security update- added patches fix CVE-2020-7071 [bsc#1180706], FILTER_VALIDATE_URL accepts URLs with invalid userinfo + php5-CVE-2020-7071.patch
* Fri Oct 09 2020 pgajdosAATTsuse.com- security update- added patches fix CVE-2020-7070 [bsc#1177352], Percent-encoded cookies can be used to overwrite existing prefixed cookie names + php5-CVE-2020-7070.patch
* Thu Aug 13 2020 pgajdosAATTsuse.com- security update- added patches fix CVE-2020-7068 [bsc#1175223], Use of freed hash key in the phar_parse_zipfile function + php5-CVE-2020-7068.patch
* Mon May 25 2020 pgajdosAATTsuse.com- security update- added patches fix CVE-2019-11048 [bsc#1171999], supplying overly long filenames or field names if HTTP file uploads are allowed could lead to exhausting disk space on the server + php5-CVE-2019-11048.patch
* Tue Apr 07 2020 pgajdosAATTsuse.com- security update- added patches fix CVE-2020-7064 [bsc#1168326], read one byte of uninitialized memory via malicious data + php5-CVE-2020-7064.patch fix CVE-2020-7066 [bsc#1168352], URL truncation if the URL contains zero (\\0) character + php5-CVE-2020-7066.patch
* Mon Mar 02 2020 pgajdosAATTsuse.com- security update- added patches fix CVE-2020-7062 [bsc#1165280], null pointer dereference when using file upload functionality under specific circumstances + php5-CVE-2020-7062.patch fix CVE-2020-7063 [bsc#1165289], creating PHAR archive using PharData:buildFromIterator() function will add files with default permissions + php5-CVE-2020-7063.patch
* Mon Feb 24 2020 pgajdosAATTsuse.com- fix the logic- modified patches % php5-pspell-do-not-allow-ucs.patch
* Mon Feb 10 2020 pgajdosAATTsuse.com- add %apache_rex_deps
* Mon Feb 10 2020 pgajdosAATTsuse.com- added patches Do not allow ucs-2 and ucs-4 encodings [bsc#1161982]. + php5-pspell-do-not-allow-ucs.patch
* Mon Feb 10 2020 pgajdosAATTsuse.com- security update- added patches CVE-2019-11045 [bsc#1159923] + php5-CVE-2019-11045.patch CVE-2019-11046 [bsc#1159924] + php5-CVE-2019-11046.patch CVE-2019-11047 [bsc#1159922] + php5-CVE-2019-11047.patch CVE-2019-11050 [bsc#1159927] + php5-CVE-2019-11050.patch
* Mon Feb 10 2020 pgajdosAATTsuse.com- test with apache-rex
* Wed Feb 05 2020 pgajdosAATTsuse.com- security update- added patches CVE-2020-7059 [bsc#1162629] + php5-CVE-2020-7059.patch CVE-2020-7060 [bsc#1162632] + php5-CVE-2020-7060.patch
* Fri Oct 25 2019 pgajdosAATTsuse.com- security update- added patches CVE-2019-11036 [bsc#1134322] + php5-CVE-2019-11036.patch CVE-2019-11041 [bsc#1146360] + php5-CVE-2019-11041.patch CVE-2019-11042 [bsc#1145095] + php5-CVE-2019-11042.patch CVE-2019-11043 [bsc#1154999] + php5-CVE-2019-11043.patch
* Tue Jul 16 2019 pgajdosAATTsuse.com- security update- added patches CVE-2019-11038 [bsc#1140118] + php-CVE-2019-11038.patch
* Tue Apr 30 2019 pgajdosAATTsuse.com- security update- added patches CVE-2019-11034 [bsc#1132838] + php-CVE-2019-11034.patch CVE-2019-11035 [bsc#1132837] + php-CVE-2019-11035.patch
* Wed Mar 20 2019 pgajdosAATTsuse.com- security update- added patches CVE-2019-9637 [bsc#1128892] + php-CVE-2019-9637.patch CVE-2019-9675 [bsc#1128886] + php-CVE-2019-9675.patch CVE-2019-9638 [bsc#1128889], CVE-2019-9639 [bsc#1128887] + php-CVE-2019-9638,9639.patch CVE-2019-9640 [bsc#1128883] + php-CVE-2019-9640.patch
* Mon Jan 14 2019 Petr Gajdos - updated to 5.6.40
* Mon Dec 10 2018 Petr Gajdos - updated to 5.6.39
* Mon Sep 17 2018 Petr Gajdos - updated to 5.6.38
* Fri Aug 03 2018 pgajdosAATTsuse.com- updated to 5.6.37: Several security bugs have been fixed in this release.
* Fri Jul 20 2018 pgajdosAATTsuse.com- reenable mcrypt extension for 42.3
* Tue Jul 17 2018 pgajdosAATTsuse.com- reenable imap extension for 42.3
* Mon Jun 04 2018 pgajdosAATTsuse.com- require libopenssl-1_0_0-devel for 15.0
* Mon Apr 30 2018 pgajdosAATTsuse.com- updated to 5.6.36: This is a security release. Several security bugs have been fixed in this release.
* Wed Apr 04 2018 pgajdosAATTsuse.com- updated to 5.6.35: One security bug was fixed in this release.
* Fri Mar 09 2018 pgajdosAATTsuse.com- updated to 5.6.34: One security bug was fixed in this release.
* Tue Jan 09 2018 pgajdosAATTsuse.com- updated to 5.6.33: Several security bugs were fixed in this release.
* Fri Oct 27 2017 pgajdosAATTsuse.com- updated to 5.6.32: This is a security release. Several security bugs were fixed in this release.
* Mon Jul 17 2017 pgajdosAATTsuse.com- dropped mcrypt extension [fate#323673]
* Fri Jul 07 2017 ilyaAATTilya.pp.ua- Updated to 5.6.31: Several bugs have been fixed.
* ChangeLog https://secure.php.net/ChangeLog-5.php#5.6.31
* Thu Jun 22 2017 mpluskalAATTsuse.com- Drop imap support, it depends on obsolete imap package
* Fri Mar 17 2017 kukukAATTsuse.com- Don\'t install the init script if we use systemd
* Thu Feb 02 2017 pgajdosAATTsuse.com- suggest php5-
* instead of php-
* [bsc#1022158c#4]
* Tue Jan 24 2017 pgajdosAATTsuse.com- update to 5.6.30: Several security bugs were fixed in this release.
* Mon Dec 12 2016 fbuiAATTsuse.com- Replace pkgconfig(libsystemd-
*) with pkgconfig(libsystemd) Nowadays pkgconfig(libsystemd) replaces all libsystemd-
* libs, which are obsolete.
* Mon Dec 12 2016 pgajdosAATTsuse.com- updated to 5.6.29: Several security bugs were fixed in this release.
* Fri Nov 11 2016 pgajdosAATTsuse.com- updated to 5.6.28: This is a security release. Several security bugs were fixed in this release.
* Mon Oct 24 2016 pgajdosAATTsuse.com- adjust firebird dependency
* Mon Oct 17 2016 pgajdosAATTsuse.com- updated to 5.6.27: This is a security release. Several security bugs were fixed in this release.
* Fri Sep 16 2016 pgajdosAATTsuse.com- updated to 5.6.26: Several security bugs were fixed in this release.
* Mon Aug 22 2016 pgajdosAATTsuse.com- updated to 5.6.25: Several security bugs were fixed in this release.
* Mon Aug 01 2016 pgajdosAATTsuse.com- updated to 5.6.24: Several security bugs were fixed in this release.
* Tue Jun 28 2016 pgajdosAATTsuse.com- updated to 5.6.23: Several bugs were fixed in this release, including security-related ones.
* Mon Jun 20 2016 pgajdosAATTsuse.com- systemd unit: remove syslog.target from After [bsc#983938]
* Mon May 30 2016 pgajdosAATTsuse.com- updated to 5.6.22: This is a security release. Several security bugs were fixed in this release.
* Thu Apr 28 2016 pgajdosAATTsuse.com- updated to 5.6.21: This is a security release. Several security bugs were fixed in this release.
* removed upstreamed php5-no-reentrant-crypt.patch
* Fri Apr 01 2016 pgajdosAATTsuse.com- updated to 5.6.20: This is a security release. Several security bugs were fixed in this release.
* Mon Mar 07 2016 pgajdosAATTsuse.com- updated to 5.6.19: This is a security release in which several security bugs were fixed.
* Wed Feb 10 2016 pgajdosAATTsuse.com- updated to 5.6.18: Several security bugs were fixed in this release.
* Thu Feb 04 2016 pgajdosAATTsuse.com- require postgresql-devel < 9.4 for sle12 to fix build
* Fri Jan 29 2016 pgajdosAATTsuse.com- versioned provides
* Fri Jan 08 2016 pgajdosAATTsuse.com- updated to 5.6.17: This is a security release. Several security bugs were fixed in this release.
* Mon Dec 28 2015 pgajdosAATTsuse.com- updated to 5.6.16: Several bugs have been fixed.
* Mon Dec 14 2015 pgajdosAATTsuse.com- php5-pear-Archive_Tar provides 1.4.0
* Tue Dec 01 2015 pgajdosAATTsuse.com- install .depdb and .depdblock files along metadata
* php5-depdb-path.patch
* Mon Nov 23 2015 pgajdosAATTsuse.com- set pear\'s metadata dir to %{peardir}
* Mon Nov 16 2015 pgajdosAATTsuse.com- require postgresql-devel version at least 9.1.0 to fix build for SLE-11-SP4
* Mon Nov 16 2015 pgajdosAATTsuse.com- test mod_php with %apache_test_module_curl- restart apache during mod_php upgrade
* Fri Nov 13 2015 ajAATTajaissle.de- Spec cleanup
* Split Archive_Tar from -pear sub packge to allow updating this part via rpm
* Added \"Provides: php-firebird\" to -firebird sub package
* Added \"Provides: mod_php_any\" to server api module packages - fastcgi and -fpm
* Wed Nov 11 2015 pgajdosAATTsuse.com- updated to 5.6.15: Several bugs have been fixed.
* Mon Oct 05 2015 pgajdosAATTsuse.com- updated to 5.6.14:
* Two security bugs were fixed in this release.
* Tue Sep 08 2015 pgajdosAATTsuse.com- php-odbc-cmp-int-cast.patch renamed to php5-odbc-cmp-int-cast.patch to be consistent with other patch names
* Mon Sep 07 2015 abergmannAATTsuse.com- added php5-fix_net-snmp_disable_MD5.patch: If MD5 was disabled in net-snmp we have to disable the used MD5 function in ext/snmp/snmp.c as well. (bsc#944302)
* Fri Sep 04 2015 pgajdosAATTsuse.com- updated to 5.6.13:
* 11 security-related issues were fixed in this release.
* refreshed php5-systzdata-r12.patch
* Fri Sep 04 2015 pgajdosAATTsuse.com- fixed segfault in odbc extension when result set is containing NULL (php bugs #52554, #53007) [bnc#935074] (internal) + php-odbc-cmp-int-cast.patch
* Sat Aug 08 2015 michaelAATTstroeder.com- updated to 5.6.12: Twelve security-related issues in PHP were fixed in this release
* Tue Jul 14 2015 pgajdosAATTsuse.com- updated suhosin extension to 0.9.38 - removed code compatibility for PHP <5.4 - allow https location for suhosin.filter.action - fixed newline detection for suhosin.mail.protect - Added suhosin.upload.max_newlines to protect againt DOS attack via many MIME headers in RFC1867 uploads (CVE-2015-4024) - mail related test cases now work on linux - Relaxed array index blacklist (removed \'-\') due to wordpress incompatibility - Added SQL injection protection for Mysqli and several test cases - Added SQL injection protection for Mysqli and several test cases - Added wildcard matching for SQL username - Added check for SQL username to only contain valid characters (>= ASCII 32) - Test cases for user_prefix and user_postfix - Added experimental PDO support - SQL checks other than mysql (Mysqli + old-style) must be enabled with configure --enable-suhosin-experimental, e.g. MSSQL. - disallow_ws now matches all single-byte whitespace characters - remove_binary and disallow_binary now optionally allow UTF-8. - Introduced suhosin.upload.allow_utf8 (experimental) - Reimplemented suhosin_get_raw_cookies() - Fixed potential segfault for disable_display_errors=fail (only on ARM) - Fixed potential NULL-pointer dereference with func.blacklist and logging - Logging timestamps are localtime instead of gmt now (thanks to mkrokos) - Added new array index filter (character whitelist/blacklist) - Set default array index blacklist to \'\"+-<>;() - Added option to suppress date/time for suhosin file logging (suhosin.log.file.time=0) - Added simple script to create binary Debian package - Fixed additional recursion problems with session handler - Suhosin now depends on php_session.h instead of version-specific struct code
* Mon Jul 13 2015 pgajdosAATTsuse.com- updated to 5.6.11: Five security-related issues in PHP were fixed in this release, including CVE-2015-3152.
* Thu Jun 25 2015 crrodriguezAATTopensuse.org- php5-systemd-unit.patch: set Killmode=mixed in order to ensure fpm and children forked by script can terminate cleanly.
* Wed Jun 24 2015 pgajdosAATTsuse.com- mod_php5.so executable
* Thu Jun 18 2015 pgajdosAATTsuse.com- use apache-rpm-macros
* Thu Jun 18 2015 pgajdosAATTsuse.com- updated to 5.6.10: Several bugs have been fixed as well as several security issues into some bundled libraries (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-2325 and CVE-2015-2326).
* Fri Jun 05 2015 mrueckertAATTsuse.de- enable apparmor support: new BR libapparmor-devel
* Mon May 18 2015 pgajdosAATTsuse.com- update to 5.6.9: Several bugs have been fixed.- systzdata patch updated to r12 - php5-systzdata-r10.patch + php5-systzdata-r12.patch
* Fri Apr 24 2015 pgajdosAATTsuse.com- update to 5.6.8: Several bugs have been fixed some of them beeing security related, like CVE-2015-1351 and CVE-2015-1352.- refreshed php5-crypto-checks.patch
* Mon Apr 20 2015 pgajdosAATTsuse.com- configure php-fpm with --localstatedir=/var [bnc#927147]
* Wed Apr 08 2015 pgajdosAATTsuse.com- systzdata patch updated to r10 - php5-systzdata-v7.patch + php5-systzdata-r10.patch
* Thu Apr 02 2015 pgajdosAATTsuse.com- build against system gd and libzip only for 13.2 and above
* Tue Mar 24 2015 pgajdosAATTsuse.com- update to 5.6.7: Several bugs have been fixed as well as CVE-2015-0231, CVE-2015-2305 and CVE-2015-2331.
* Tue Mar 24 2015 pgajdosAATTsuse.com- build against system gd [bnc#923946]
* Fri Mar 20 2015 pgajdosAATTsuse.com- build against system libzip [bnc#922894]
* Mon Feb 23 2015 pgajdosAATTsuse.com- update to 5.6.6: fixes several bugs and addresses CVE-2015-0235 and CVE-2015-0273.
* Mon Feb 09 2015 pgajdosAATTsuse.com- added README.default_socket_timeout [bnc#907519]
* Tue Feb 03 2015 pgajdosAATTsuse.com- fix sle_11_sp3 build
* Mon Jan 26 2015 pgajdosAATTsuse.com- update to 5.6.5: This release fixes several bugs as well as CVE-2015-0231, CVE-2014-9427 and CVE-2015-0232.- removed patches:
* php-CVE-2014-9426.patch
* php-CVE-2014-9427.patch
* php-CVE-2015-0231.patch
* Wed Jan 21 2015 pgajdosAATTsuse.com- added php-CVE-2015-0231.patch [bnc#910659]
* Mon Jan 05 2015 pgajdosAATTsuse.com- added php-CVE-2014-9426.patch [bnc#911663]- added php-CVE-2014-9427.patch [bnc#911664]
* Fri Dec 19 2014 pgajdosAATTsuse.com- update to 5.6.4: This release fixes several bugs and one CVE related to unserialization.
* Tue Nov 18 2014 pgajdosAATTsuse.com- update to 5.6.3: This release fixes several bugs and one CVE in the fileinfo extension.
* Mon Oct 27 2014 pgajdosAATTsuse.com- update to 5.6.2: Four security-related bugs were fixed in this release, including fixes for CVE-2014-3668, CVE-2014-3669 and CVE-2014-3670.
* Tue Oct 14 2014 pgajdosAATTsuse.com- upgraded to 5.6.1:
* Several bugs were fixed in this release (including CVE-2014-3622).