Changelog for
php5-fastcgi-5.3.5-359.1.i586.rpm :
* Fri Dec 13 2013 pgajdosAATTsuse.com- security update
* CVE-2013-6420.patch [bnc#854880]
* CVE-2013-6712.patch [bnc#853045]
* CVE-2013-4248.patch [bnc#837746]
* Wed Jul 17 2013 johann.luceAATTwanadoo.fr- - fixing the following security issues:
* CVE-2013-4635.patch (bnc#828020): - Integer overflow in the SdnToJewish
* CVE-2013-1635.patch and CVE-2013-1643.patch (bnc#807707): - reading system files via untrusted SOAP input - soap.wsdl_cache_dir function did not honour PHP open_basedir
* CVE-2013-4113.patch (bnc#829207): - heap corruption due to badly formed xml
* Mon Sep 03 2012 pgajdosAATTsuse.com- fixed CVE-2011-1398 and CVE-2011-4388 [bnc#778003]
* Tue Aug 28 2012 pgajdosAATTsuse.com- use FilesMatch with \'SetHandler\' rather than \'AddHandler\' [bnc#775852]
* Thu Jul 26 2012 pgajdosAATTsuse.com- security update:
* CVE-2012-2688 [bnc#772580]
* CVE-2012-3365 [bnc#772582]
* oob-read-sql-dos [bnc#769785]
* Thu Jun 14 2012 pgajdosAATTsuse.com- security update:
* CVE-2012-2143 [bnc#766798]
* Mon May 28 2012 pgajdosAATTsuse.com- security update:
* CVE-2012-2386 [bnc#763814]
* Mon May 14 2012 pgajdosAATTsuse.com- security update:
* improved fix for CVE-2012-1823 (CVE-2012-2335, CVE-2012-2336) [bnc#761631]
* Wed May 09 2012 chrisAATTcomputersalat.de- fix for bnc#755907 (php#55019)
* https://bugzilla.novell.com/show_bug.cgi?id=755907
* fixes for
*Unicode Issues Bug #55019 https://bugs.php.net/bug.php?id=55019
* add php-5.3-php55019.patch
* Fri May 04 2012 pgajdosAATTsuse.com- security update:
* CVE-2012-1823, CVE-2012-2311 [bnc#760536]
* Thu Apr 05 2012 pgajdosAATTsuse.com- security update:
* CVE-2012-1172 [bnc#752030]
* Thu Mar 08 2012 pgajdosAATTsuse.com- fixed regressions after fix for CVE-2012-0830 [bnc#749111]
* Tue Feb 07 2012 pgajdosAATTsuse.com- security update:
* CVE-2012-0807 [bnc#743308]
* CVE-2012-0057 [bnc#741520]
* CVE-2011-4153 [bnc#741859]
* CVE-2012-0831 [bnc#746661]
* Fri Feb 03 2012 pgajdosAATTsuse.com- security update CVE-2012-0830 and other memory leaks (fixes the fix of CVE-2011-4885) [bnc#744966]
* Wed Jan 25 2012 pgajdosAATTsuse.com- security update:
* CVE-2012-0781 [bnc#742273]
* CVE-2012-0788 [bnc#742806]
* memory corruption in parse_ini_string() [bnc#742806]
* CVE-2012-0789 [bnc#742806]
* Mon Jan 02 2012 pgajdosAATTsuse.com- security update:
* CVE-2011-4885 [bnc#738221] -- added max_input_vars directive to prevent attacks based on hash collisions
* Tue Dec 20 2011 pgajdosAATTsuse.com- amend README.SUSE to discourage using apache module with apache2-worker [bnc#728671]
* Fri Dec 09 2011 pgajdosAATTsuse.com- security update:
* CVE-2011-4566 [bnc#733590]
* CVE-2011-3182 [bnc#713652]
* CVE-2011-1466 [bnc#736169]
* CVE-2011-1072 [bnc#735613]
* Mon Sep 05 2011 pgajdosAATTsuse.com- security update:
* CVE-2011-3267 [bnc#715640]
* CVE-2011-3268 [bnc#715646]- allow uploading files bigger than 2GB for 64bit systems [bnc#709549]
* 64-bit-post-large-files.patch
* Thu Jun 30 2011 pgajdosAATTnovell.com- security update:
* CVE-2011-2483 [bnc#701491]
* CVE-2011-2202 [bnc#699711]
* Fri Apr 01 2011 pgajdosAATTsuse.cz- security updates:
* CVE-2011-1470, CVE-2011-1471 [bnc#681214]
* CVE-2011-1092 [bnc#677782]
* CVE-2011-1464 [bnc#681194]
* CVE-2011-1468 [bnc#681197]
* CVE-2011-1467 [bnc#681195]
* CVE-2011-0421 [bnc#681291]
* CVE-2011-1469 [bnc#681210]
* CVE-2011-1148 [bnc#679278]
* CVE-2011-1938 [bnc#695689]
* Fri Feb 25 2011 chrisAATTcomputersalat.de- fix for macros.php o devel pkg must have Obsoletes/Provides: php-macros
* Tue Feb 22 2011 pgajdosAATTsuse.cz- security fixes
* CVE-2011-0420 [bnc#672933]
* CVE-2011-0708 [bnc#671710]
* Thu Feb 10 2011 chrisAATTcomputersalat.de- extend macros.php o __php, __phpize, __php_config, php_version o __pear, php_peardir, php_pearxmldir o php_pear_gen_filelist- add README.macros
* Thu Jan 13 2011 pgajdosAATTsuse.cz- security fix:
* fopen_https_proxy_auth_fix.patch [bnc#656523]
* Mon Jan 10 2011 cristian.rodriguezAATTopensuse.org- export PHP_MYSQLND_ENABLED=yes to solve the mysqlnd problem when extensions are built shared. [bnc#661464]
* Mon Jan 10 2011 cristian.rodriguezAATTopensuse.org- Go back to libmysql as there is currently no way to build shared mysql extensions with mysqlnd. [bnc#661464]
* Sun Jan 09 2011 cristian.rodriguezAATTopensuse.org- Use mysqlnd driver, this is a newer PHP-native mysql extension, that does not require external libraries. Now you can use mysql, mariadb or drizzle without extra libs. fixes bnc #661464 and other old feature requests.
* Thu Jan 06 2011 cristian.rodriguezAATTopensuse.org- Update to version 5.3.5, Critical Update
* Fixed bug #53632 (PHP hangs on numeric value 2.2250738585072011e-308). (CVE-2010-4645) Only 32 bit binaries affected, confirmed in factory i586.
* Fri Dec 17 2010 cristian.rodriguezAATTopensuse.org- revert unsuitable patch php-5.3.4-dlopen.patch
* Tue Dec 14 2010 cristian.rodriguezAATTopensuse.org- Add php-5.3.4-dlopen.patch from fedora,makes dlopen to use bind_now instead of lazy.- Compiler is now in C99 mode for both core and extensions.
* Tue Dec 14 2010 cristian.rodriguezAATTopensuse.org- fix format string bug in Phar extension I just found http://bugs.php.net/bug.php?id=53541 and the underlying issue, which is the lack of format attributes in several core prototypes.
* Mon Dec 13 2010 cristian.rodriguezAATTopensuse.org- Update to PHP 5.3.4 final
* Fixed crash in zip extract method (possible CWE-170).
* Paths with NULL in them (foo\\0bar.txt) are now considered as invalid (CVE-2006-7243).
* Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150).
* Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709).
* Fixed possible flaw in open_basedir (CVE-2010-3436).
* Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950).
* Fixed symbolic resolution support when the target is a DFS share.
* Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) (CVE-2010-3710).
* Key Bug Fixes in PHP 5.3.4 include:
* Added stat support for zip stream.
* Added follow_location (enabled by default) option for the http stream support.
* Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al.
* Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend multibyte at runtime.
* Multiple improvements to the FPM SAPI.
* Over 100 other bug fixes.- SUSE specific;
* enable PTY support in proc_open (temporary)
* Wed Nov 24 2010 roAATTsuse.de- xft-config is gone
* Tue Nov 02 2010 cristian.rodriguezAATTopensuse.org- Update to 5.3.3_svn201011020214
* Fix Performance issue, array_diff may take hours instead of seconds in some scenarios,regression appeared in version 5.2.5
* Wed Oct 27 2010 cristian.rodriguezAATTopensuse.org- Update to 5.3.3_svn20101027xx- Fix init script again.
* Thu Oct 14 2010 crrodriguezAATTopensuse.org- update to 5.3.3_svn201010140300- Fix php-fpm init script.
* Sat Oct 09 2010 cristian.rodriguezAATTopensuse.org- Update to an slightly newer PHP 5.3.3.x snap, fixes around 100 bugs including open_basedir problems.- add the fpm sapi to the package.
* Tue Aug 03 2010 cristian.rodriguezAATTopensuse.org- Clarify changelog this update fixed:
* VUL-0: php5 new unserialize() flaw CVE-2010-2225 [bnc#616232]
* VUL-0: php5: MOPS-2010-021: fnmatch() Stack Exhaustion Vulnerability [bnc#605097]
* VUL-0: php5: MOPS-2010-017: preg_quote() Interruption Information Leak [bnc#605100]
* VUL-0: php5: MOPS-2010-022 use after free [bnc#609763]
* VUL-0: php5-phar: MOPS-2010-0{24,25,26,27,28} format string bugs [bnc#609766]
* VUL-0: php5: MOPS-2010-0{32,33,34} use space interruption in iconv functions [bnc#609768]
* VUL-0: php5: MOPS-2010-0{36,37,38,39,40} userspace interruptions [bnc#609769]
* VUL-0: php5: MOPS-2010-0{36..46} userspace interruptions [bnc#609769]
* VUL-0: php5: MOPS-2010-047/048 information leak [bnc#612555]
* VUL-0: php5: MOPS-2010-049/50/51/52/53/54/55 memory corruption and/or info leak [bnc#612556]
* VUL-0: PHP5: Session Data Injection Vulnerability [bnc#619483]
* VUL-0: PHP5: multiple heap based buffer overflows [bnc#619486]
* bugzilla numbers 619487,619489,619469,609766..
* Tue Jul 20 2010 cristian.rodriguezAATTopensuse.org- Update to PHP 5.3.3 RC3- Massive lot of security fixes see list here http://www.php-security.org/category/vulnerabilities/index.html
* Tue Jun 01 2010 cristian.rodriguezAATTopensuse.org- possible fix for [bnc#610633]
* Fri Apr 16 2010 crrodriguezAATTopensuse.org- use FD_CLOEXEC flag to avoid annoying races.
* Sun Apr 04 2010 crrodriguezAATTopensuse.org- remove obsolete buildRequires
* Fri Apr 02 2010 crrodriguezAATTopensuse.org- remove build date from binaries so they dont get republished every time- fix invalid path
* Thu Apr 01 2010 crrodriguezAATTopensuse.org- add missing patch, refresh patches with -p0
* Thu Apr 01 2010 crrodriguezAATTopensuse.org- Update to PHP 5.3.2, see NEWS for details
* Fri Mar 05 2010 dimstarAATTopensuse.org- Add php5-autoconf-2.65.patch to fix build with autoconf 2.65; it\'s a backported combination of svn commits 291283, 291284 and 291332.- Workaround old php bug http://bugs.php.net/bug.php?id=21153 by replacing -ledit with -ledit -lncurses in the resulting configure scripts. This became apparent problem due to libedit being built with as-needed now.- Add php5-bug51224.patch to fix buffer overflows happening in strcpy. It;s a combination of upstream svn revs 284097 and 284099
* Sun Jan 17 2010 vuntzAATTopensuse.org- Remove unneeded gtk-devel BuildRequires.
* Mon Jan 11 2010 ajAATTsuse.de- Remove obsolete build requires of orbit-devel.
* Tue Dec 22 2009 jengelhAATTmedozas.de- avoid alignment crash on alignment-sensitive CPUs (bugs.php.net#46074)
* Wed Dec 02 2009 cooloAATTnovell.com- update patch to fix build
* Tue Oct 06 2009 crrodriguezAATTopensuse.org- Fixed wrong harcoded mysql socket [bnc#544516]- Fixed wrong default include_path
* Tue Sep 08 2009 crrodriguezAATTsuse.de- make php5-pear noarch in Factory
* Wed Aug 26 2009 crrodriguezAATTsuse.de- remove obsolete patches- apply ini patch- enable mhash compatibility in the hash extension and obsolete php5-mhash- add macros.php to the source list
* Mon Aug 24 2009 crrodriguezAATTsuse.de- PHP read_exif_data() only returns the first letter of UTF-16 strings [bnc#518300]
* Sun Aug 23 2009 crrodriguezAATTsuse.de- fix missing return values of suhosin extension
* Wed Aug 19 2009 crrodriguezAATTnovell.com- fix build on CODE10 products
* Wed Aug 19 2009 crrodriguezAATTnovell.com- fix horrible broken open_basedir functionality
* Sun Aug 16 2009 crrodriguezAATTsuse.de- update suhosin extension to version 0.9.29- mysql extensions now use mysqlnd instead of libmysqlclient.- enable sqlite3 extension, part of the php5-sqlite package- enable enchant extension- enable fileinfo extension- enable intl extension
* Fri Aug 14 2009 crrodriguezAATTsuse.de- add suhosin patch and newer suhosin extension for compatibility reasons
* Thu Aug 13 2009 crrodriguezAATTsuse.de- Upgrade to PHP 5.3, see http://www.php.net/ChangeLog-5.php for the huge list of changes- remove dbase and ncurses extension
* Thu Jul 16 2009 cooloAATTnovell.com- disable as-needed to fix build
* Fri Jun 19 2009 crrodriguezAATTsuse.de- update to PHP 5.2.10
* Fixed bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files)
* Added \"ignore_errors\" option to http fopen wrapper. (David Zulke, Sara)
* Fixed memory corruptions while reading properties of zip files. (Ilia)
* Fixed memory leak in ob_get_clean/ob_get_flush. (Christian)
* Fixed segfault on invalid session.save_path. (Hannes)
* Fixed leaks in imap when a mail_criteria is used. (Pierre)
* Changed default value of array_unique()\'s optional sorting type parameter back to SORT_STRING to fix backwards compatibility breakage introduced in PHP 5.2.9. (Moriyoshi)
* Fixed bug #47940 (memory leaks in imap_body). (Pierre, Jake Levitt)
* Fixed bug #47903 (\"AATT\" operator does not work with string offsets). (Felipe)
* Fixed bug #47644 (Valid integers are truncated with json_decode()). (Scott)
* Fixed bug #47564 (unpacking unsigned long 32bit big endian returns wrong result). (Ilia)
* Fixed bug #47365 (ip2long() may allow some invalid values on certain 64bit systems).
* Over 100 bug fixes.
* Thu May 21 2009 crrodriguezAATTsuse.de- add temporary backport of openssl prng function
* Sat Mar 14 2009 crrodriguezAATTsuse.de- Update to version 5.2.9, security and bugfix release
* VUL-0: php5: memory disclosure by imagerotate() [bnc#480850]
* VUL-0: php5: mbstring.func_overload set in .htaccess becomes global [bnc#471419]
* Fixed a segfault when malformed string is passed to json_decode()
* Fixed explode() behavior with empty string to respect negative limit.