SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for php-xmlrpc-4.3.9-3.26.i386.rpm :

* Thu Apr 02 2009 Joe Orton 4.3.9-3.26- add security fixes for CVE-2008-3658, CVE-2008-3660, CVE-2008-5498, CVE-2008-5557, CVE-2009-0754 (#487361)- split out gd overflow2() and make global with sane symbol name
* Mon Jan 26 2009 Joe Orton 4.3.9-3.25- fix quote handling if fgetcsv() (#165194)- fix RPATH in gd.so (#481562)
* Fri Jan 16 2009 Joe Orton 4.3.9-3.22.13- enable dbase extension (#236094)- require autoconf, automake for -devel (#453028)- provide mod_php (#294611)- odbc: 64-bit fixes (#211609)- curl: safe argument handling for curl_init (#176715)- fix possible crash with setlocale() (#203151, thanks to Dominik Gehl)- fix printf positional argument handling (#218044)- fixes for handling of failed read in multipart request (#250999)- fix crashes with unclosed streams using custom wrappers (#433558)- fix serialize() of incomplete class (#219235)
* Wed Jul 16 2008 Joe Orton 4.3.9-3.22.12- set higher memory_limit in /usr/bin/pear (#263501)
* Sat Jun 14 2008 Joe Orton 4.3.9-3.22.11- update to PEAR 1.4.9, matching RHEL-5 (#263501)
* bundle XML_RPC-1.5.0, Console_Getopt-1.2, Archive_Tar-1.3.1
* fix paths in default pear.conf, installed PEAR registry
* replace /usr/bin/pear et al with simpler wrapper scripts
* Wed Jun 04 2008 Joe Orton 4.3.9-3.22.10- add security fixes for CVE-2007-5898, CVE-2007-4782, CVE-2007-5899, CVE-2008-2051, CVE-2008-2107, CVE-2008-2108 (#445921)
* Thu Sep 13 2007 Joe Orton 4.3.9-3.22.9- improve fix for CVE-2007-3996 (#278391)
* Sat Sep 08 2007 Joe Orton 4.3.9-3.22.8- fix CVE-2007-3996 backport (#278391)
* Fri Sep 07 2007 Joe Orton 4.3.9-3.22.7- add security fixes for CVE-2007-2756, CVE-2007-2872, CVE-2007-3799, CVE-2007-3996, CVE-2007-3998, CVE-2007-4658, CVE-2007-4670 (#278391)
* Sat May 05 2007 Joe Orton 4.3.9-3.22.5- add security fix for CVE-2007-1864, FTP CRLF injection issue (#239017)
* Thu Apr 05 2007 Joe Orton 4.3.9-3.22.4- add security fixes for CVE-2007-1285, CVE-2007-1286, CVE-2007-1583, CVE-2007-1711, CVE-2007-1718 (#230556)- add security fixes for CVE-2007-0455, CVE-2007-1001 (#235028)
* Fri Feb 16 2007 Joe Orton 4.3.9-3.22.3- add security fix for CVE-2007-0988
* Tue Feb 13 2007 Joe Orton 4.3.9-3.22.2- add security fixes for CVE-2007-0906, CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910
* Thu Jan 11 2007 Joe Orton 4.3.9-3.22.1- update oci8 build from upstream (Bastien Nocera, #162241)- add conditionally patch for lib64 oci8 build (Xixi D\'Moon, #173964)
* Thu Nov 02 2006 Joe Orton 4.3.9-3.22- avoid default pear.conf change
* Thu Nov 02 2006 Joe Orton 4.3.9-3.21- add security fix for CVE-2006-5465 from upstream
* Tue Sep 26 2006 Joe Orton 4.3.9-3.20- add fix for php_error varargs use (#199947)
* Sat Sep 16 2006 Joe Orton 4.3.9-3.18- rebuild
* Sat Sep 16 2006 Joe Orton 4.3.9-3.17- add security fix from upstream: CVE-2006-4484- add metaphone() fix (#205714)
* Sat Sep 09 2006 Joe Orton 4.3.9-3.16- add security fixes from upstream: CVE-2006-3016, CVE-2006-4020, CVE-2006-4482, CVE-2006-4486
* Tue Jun 27 2006 Joe Orton 4.3.9-3.15- fix zend_hash_del regression from CVE-2006-2657
* Fri Jun 23 2006 Joe Orton 4.3.9-3.14- add security fixes from upstream (CVE-2006-1494, CVE-2006-1990, CVE-2006-2657)
* Wed Apr 12 2006 Joe Orton 4.3.9-3.12- add security fix for new phpinfo XSS (CVE-2006-0996, #187510)
* Thu Mar 30 2006 Joe Orton 4.3.9-3.11- add binary safeness fix for php_unescape_html_entities (CVE-2006-1490, #187230)
* Wed Mar 29 2006 Joe Orton 4.3.9-3.10- add security fixes from upstream:
* XSS issues in \"html_errors\" mode (CVE-2006-0208, #178028)
* mbstring header validation (CVE-2005-3883, #174463)- add bug fix for gd tempfile use (#182719)
* Fri Nov 04 2005 Joe Orton 4.3.9-3.9- add security fixes from upstream:
* XSS issues in phpinfo() (CVE-2005-3388, #172212)
* GLOBALS handling (CVE-2005-3390, #172207)
* parse_str() enabling register_globals (CVE-2005-3389, #172209)
* exif: infinite recursion on corrupt JPEG (CVE-2005-3353)
* Wed Aug 17 2005 Joe Orton 4.3.9-3.8- add security fixes for XML_RPC (Stefan Esser, CAN-2005-2498, #165846)- fix build if TMPDIR is set (#162749)
* Thu Jun 30 2005 Joe Orton 4.3.9-3.7- add security fixes:
* shtool temp file handling (CAN-2005-1751, #159000)
* XML_RPC command injection (Stefan Esser, CAN-2005-1921, #162045)- fix ncurses/gd package descriptions (#158904)
* Wed Apr 27 2005 Joe Orton 4.3.9-3.6- add fix for curl safe mode bypasses (#147808)
* Thu Apr 21 2005 Joe Orton 4.3.9-3.5- fix unserializer regressions- BuildRequire gcc-c++ to avoid AC_PROG_CXX{,CPP} failure (#155221)
* Thu Apr 14 2005 Joe Orton 4.3.9-3.4- don\'t configure with --enable-safe-mode (#148969)- add unserialize() fixes from 4.3.11- drop Zend double->long conversion change to regain compatibility with upstream
* Tue Apr 12 2005 Joe Orton 4.3.9-3.3- add security fixes from upstream:
* getimagesize seek() loops (CAN-2005-0524, CAN-2005-0525, #153140)
* exif issues (CAN-2005-1042, CAN-2005-1043, #154021, #154025)- adapt oci8 to use Instant Client libraries (Kai Bolay, #149873)- fix mssql build for lib64 platforms (#153108)- fixes to the apache2handler SAPI:
* fix virtual() flushing-too-early regression (upstream #31645)
* reject PATH_INFO if configured with \"AcceptPathInfo off\" (upstream #31717)
* set response status line correctly in more cases (upstream #31519)
* Wed Jan 05 2005 Joe Orton 4.3.9-3.2- add security fixes from Stefan Esser et al (#141136):
* unserializer issues (CAN-2004-1019)
* overflow in exif image parsing (CAN-2004-1065)
* integer overflows in pack, shomp_write (CAN-2004-1018)- add bug fixes:
* missing flush before virtual() in sapi/a2h (upstream #30446)
* curl POST field handling on 64-bit platforms (upstream #31413)- enable pcntl extension in /usr/bin/php
* Wed Nov 24 2004 Joe Orton 4.3.9-3.1- rebuild for new mysql-devel (#140652)- workaround (spurious?) test failure breaking rebuilds (#140676)- add patch for upstream #25570
* Thu Oct 21 2004 Joe Orton 4.3.9-3- fix segfault introduced upstream in CAN-2004-0958 patch
* Tue Sep 28 2004 Joe Orton 4.3.9-2- update to 4.3.9 (#133467, Robert Scheck)- use new RTLD_DEEPBIND to load extension modules
* Fri Sep 10 2004 Joe Orton 4.3.8-11- don\'t use --with-regex=system, it\'s ignored for apache
* SAPIs
* Sat Aug 28 2004 Joe Orton 4.3.8-10- do apply the Zend double->long conversion fix- run make test in %check and fail build on test failure
* Sat Aug 28 2004 Joe Orton 4.3.8-9- require recent \'file\' package (#131054, Robert Scheck)- fix Zend double->long conversion
* Fri Aug 27 2004 Joe Orton 4.3.8-8- fix -select patch bug which broke stream_select on s390- add an FD_SETSIZE check to php_sock_stream_wait_for_data
* Fri Aug 27 2004 Joe Orton 4.3.8-7- make openssl extension built-in again (#130953)- disable bug16069 test
* Fri Aug 20 2004 Joe Orton 4.3.8-6- fix phpize for libdir=lib64- \"fix\" round() fudging for recent gcc on x86- drop unnecessary gd-devel build dependency again- use RTLD_GLOBAL to load extensions again (#127518)
* Fri Aug 20 2004 Joe Orton 4.3.8-5- add fix for bundled libgd symbol conflicts (#124530)- enable mime_magic extension and Require: file (#130276)- disable bug22414 test again (#130317) - fix gettimeofday tests on x86_64
* Thu Aug 05 2004 Florian La Roche - rebuild
* Thu Jul 15 2004 Joe Orton 4.3.8-3- update to 4.3.8- catch some fd > FD_SETSIZE vs select() issues (#125258)
* Tue Jun 22 2004 Joe Orton 4.3.7-4- pick up test failures again- have -devel require php of same release
* Fri Jun 18 2004 Joe Orton 4.3.7-3- add gmp_powm fix (Oskari Saarenmaa, #124318)- split mbstring, ncurses, gd, openssl extns into subpackages- fix memory leak in apache2handler; use ap_r{write,flush} rather than brigade interfaces
* Wed Jun 16 2004 Elliot Lee - rebuilt
* Fri Jun 04 2004 Joe Orton 4.3.7-1- update to 4.3.7- have -pear subpackage require php of same VR
* Thu May 27 2004 Joe Orton 4.3.6-6- buildrequire smtpdaemon (#124430)- try switching to system libgd again (prevent symbol conflicts when e.g. mod_perl loads the system libgd library.)
* Thu May 20 2004 Joe Orton 4.3.6-5- don\'t obsolete php-imap (#123580)- unconditionally build -imap subpackage
* Fri May 14 2004 Joe Orton 4.3.6-4- remove trigger
* Fri Apr 23 2004 Joe Orton 4.3.6-3- fix umask reset \"feature\" (#121454)- don\'t use DL_GLOBAL when dlopen\'ing extension modules
* Mon Apr 19 2004 Joe Orton 4.3.6-2- fix segfault on httpd SIGHUP (upstream #27810)
* Sat Apr 17 2004 Joe Orton 4.3.6-1- update to 4.3.6 (Robert Scheck, #121011)
* Thu Apr 08 2004 Joe Orton 4.3.4-11- add back imap subpackage, using libc-client (#115535)
* Tue Mar 02 2004 Elliot Lee - rebuilt
* Wed Feb 18 2004 Joe Orton 4.3.4-10- eliminate /usr/local/lib RPATH in odbc.so- really use system pcre library
* Fri Feb 13 2004 Elliot Lee 4.3.4-9- rebuilt
* Mon Feb 02 2004 Bill Nottingham 4.3.4-8- obsolete php-imap if we\'re not building it
* Wed Jan 28 2004 Joe Orton 4.3.4-7- gd fix for build with recent Freetype2 (from upstream)- remove easter egg (Oden Eriksson, Mandrake)
* Wed Jan 21 2004 Joe Orton 4.3.4-6- php-pear requires php- also remove extension=imap from php.ini in upgrade trigger- merge from Taroon: allow upgrade from Stronghold 4.0
* Wed Jan 21 2004 Joe Orton 4.3.4-5- add defattr for php-pear subpackage- restore defaults: output_buffering=Off, register_argc_argv=On- add trigger to handle php.ini upgrades smoothly (#112470)
* Tue Jan 13 2004 Joe Orton 4.3.4-4- conditionalize support for imap extension for the time being- switch /etc/php.ini to use php.ini-recommended (but leave variables_order as EGPCS) (#97765)- set session.path to /var/lib/php/session by default (#89975)- own /var/lib/php{,/session} and have apache own the latter- split off php-pear subpackage (#83771)
* Sat Dec 13 2003 Jeff Johnson 4.3.4-3- rebuild against db-4.2.52.
* Mon Dec 01 2003 Joe Orton 4.3.4-2- rebuild for new libxslt (#110658) - use --with-{mssql,oci8} for enabling extensions (#110482)- fix rebuild issues (Jan Visser, #110274)- remove hard-coded LIBS- conditional support for mhash (Aleksander Adamowski, #111251)
* Mon Nov 10 2003 Joe Orton 4.3.4-1.1- rebuild for FC1 updates
* Mon Nov 10 2003 Joe Orton 4.3.4-1- update to 4.3.4- include all licence files- libxmlrpc fixes
* Tue Oct 21 2003 Joe Orton 4.3.3-6- use bundled libgd (#107407)- remove manual: up-to-date manual sources are no longer DFSG-free; it\'s too big; it\'s on the web anyway; #91292, #105804, #107384
* Thu Oct 16 2003 Joe Orton 4.3.3-5- add php-xmlrpc subpackage (#107138)
* Tue Oct 14 2003 Joe Orton 4.3.3-4- drop recode support, symbols collide with MySQL
* Mon Oct 13 2003 Joe Orton 4.3.3-3- split domxml extension into php-domxml subpackage- enable xslt and xml support in domxml extension (#106042)- fix httpd-devel build requirement (#104341)- enable recode extension (#106755)- add workaround for #103982
* Fri Sep 26 2003 Jeff Johnson 4.3.3-3- rebuild against db-4.2.42.
* Mon Sep 08 2003 Joe Orton 4.3.3-2- don\'t use --enable-versioning, it depends on libtool being broken (#103690)
* Mon Sep 08 2003 Joe Orton 4.3.3-1- update to 4.3.3- add libtool build prereq (#103388)- switch to apache2handler
* Tue Jul 29 2003 Joe Orton 4.3.2-8- rebuild
* Wed Jul 23 2003 Nalin Dahyabhai 4.3.2-7- rebuild
* Wed Jul 09 2003 Joe Orton 4.3.2-6- use system pcre library
* Tue Jun 10 2003 Joe Orton 4.3.2-5- enable mbstring and mbregex (#81336)- fix use of libtool 1.5
* Thu Jun 05 2003 Elliot Lee - rebuilt
* Wed Jun 04 2003 Joe Orton 4.3.2-3- add lib64 and domxml fixes
* Wed Jun 04 2003 Frank Dauer - added conditional support for mssql module (#92149)
* Sat May 31 2003 Joe Orton 4.3.2-2- update the -tests and -lib64 patches- fixes for db4 detection- require aspell-devel >= 0.50.0 for pspell compatibility
* Fri May 30 2003 Joe Orton 4.3.2-1- update to 4.3.2
* Sat May 17 2003 Joe Orton 4.3.1-3- link odbc module correctly- patch so that php -n doesn\'t scan inidir- run tests using php -n, avoid loading system modules
* Thu May 15 2003 Joe Orton 4.3.1-2- workaround broken parser produced by bison-1.875
* Wed May 07 2003 Joe Orton 4.3.1-1- update to 4.3.1; run test suite- open extension modules with RTLD_NOW rather than _LAZY
* Wed May 07 2003 Joe Orton 4.2.2-19- patch for gd 2.x API changes in gd extension
* Fri May 02 2003 Joe Orton 4.2.2-18- rebuild to use aspell (#89925)- patch to work round conditional AC_PROG_CXX break in autoconf 2.57- fix dba build against db >= 4.1
* Mon Feb 24 2003 Joe Orton 4.2.2-17- restrict SNMP patch to minimal changes, fixing segv on startup (#84607)
* Wed Feb 12 2003 Joe Orton 4.2.2-16- prevent startup if using httpd.worker to avoid thread-safety issues.- fix parsing private keys in OpenSSL extension (#83994)- fixes for SNMP extension (backport from 4.3) (#74761)
* Wed Jan 29 2003 Joe Orton 4.2.2-15- add security fixes for wordwrap() and mail()
* Mon Jan 13 2003 Joe Orton 4.2.2-14- drop explicit Requires in subpackages, rely on automatic deps.- further fixes for libdir=lib64
* Tue Dec 17 2002 Joe Orton 4.2.2-13- drop prereq for perl, grep in subpackages- rebuild and patch for OpenSSL 0.9.7
* Tue Dec 10 2002 Joe Orton 4.2.2-12- backport \"ini dir scanning\" patch from CVS HEAD; /etc/php.d/
*.ini are now loaded at startup; each subpackage places an ini file in that directory rather than munging /etc/php.ini in post/postun.- default config changes: enable short_open_tag; remove settings for php-dbg extension
* Wed Dec 04 2002 Joe Orton 4.2.2-11- own the /usr/lib/php4 directory (#73894)- reinstate dropped patch to unconditionally disable ZTS
* Mon Dec 02 2002 Joe Orton 4.2.2-10- remove ldconfig invocation in post/postun- fixes for #73516 (partially), #78586, #75029, #75712, #75878
* Wed Nov 06 2002 Joe Orton 4.2.2-9- fixes for libdir=/usr/lib64, based on SuSE\'s patches.- add build prereqs for zlib-devel, imap-devel, curl-devel (#74819)- remove unpackaged files from install root- libtoolize; use configure cache to speed up build
* Tue Sep 24 2002 Philip Copeland 4.2.2-8.0.6- PHP cannot determine which UID is being used, so safe mode restrictions were always applied. Fixed. (#74396)
* Wed Sep 04 2002 Philip Copeland 4.2.2-8.0.4- zts support seems to crash out httpd on a
*second
* sighup ie service httpd start; apachectl restart ; (ok) apachectl restart ; (httpd segv\'s and collapses) removed --enable-experimental-zts which this seems related to.- Small patch added because some places need to know that they aren\'t using the ZTS API\'s (dumb)
* Tue Sep 03 2002 Philip Copeland 4.2.2-8.0.3- fixup /etc/httpd/conf.d/php.conf to limit largest amount of data accepted (#73254) Limited to 512K (which seems a little excessive but anyway,..) Note: php.conf is part of the srpm sources not part of the php codebase.- ditched extrenious --enable-debugger (was for php-dbg)- When upgrading we tend not to modify /etc/php.ini if it exists, instead we create php.ini.rpmnew. Modified the post scripts to edit php.ini.rpmnew if it exists, so that people can copy over the php.ini.rpmnew as php.ini knowing that it will be an edited version, consistant with what modules they installed #72033
* Mon Sep 02 2002 Joe Orton 4.2.2-8.0.2- require httpd-mmn for module ABI compatibility
* Sat Aug 31 2002 Philip Copeland 4.2.2-8.0.1- URLS would drop the last arguments #72752 --enable-mbstring --enable-mbstr-enc-trans These were supposed to help provide multibyte language support, however, they cause problems. Removed. Maybe in a later errata when they work.- added small patch to php_variables.c that allows $_GET[] to initialise properly when --enable-mbstr-enc-trans is disabled.- Be consistant with errata naming (8.0.x)
* Wed Aug 28 2002 Nalin Dahyabhai 4.2.2-11- rebuild
* Fri Aug 23 2002 Philip Copeland 4.2.2-10- Beat down the requirement list to something a little more sane
* Thu Aug 15 2002 Bill Nottingham 4.2.2-9- trim manual language lists
* Tue Aug 13 2002 Gary Benson 4.2.2-8- rebuild against httpd-2.0.40
* Sun Aug 11 2002 Elliot Lee 4.2.2-7- rebuilt with gcc-3.2 (we hope)
* Thu Aug 08 2002 Philip Copeland 4.2.2-6- Where multiple cookies are set, only the last one was actually made. Fixes #67853
* Tue Aug 06 2002 Philip Copeland 4.2.2-5- Shuffled the php/php-devel package file manifest with respect to PEAR (PHP Extension and Application Repository) #70673
* Sat Aug 03 2002 Philip Copeland 4.2.2-4- #67815, search path doesn\'t include the pear directory- pear not being installed correctly. Added --with-pear= option.
* Wed Jul 24 2002 Tim Powers 4.2.2-2- build using gcc-3.2-0.1
* Tue Jul 23 2002 Philip Copeland 4.2.2-1- Yippie 8/ another security vunerability (see http://www.php.net/release_4_2_2.php for details)
* Thu Jul 18 2002 Philip Copeland 4.2.1-9- Reminder to self that mm was pushed out because it\'s NOT thread safe.- Updated the manuals (much to Bills horror)
* Wed Jul 17 2002 Philip Copeland 4.2.1-8- php.ini alteration to fit in with the install/uninstall of various php rpm based installable modules
* Tue Jul 16 2002 Philip Copeland 4.2.1-8- php -v showing signs of deep unhappiness with the world added --enable-experimental-zts to configure to make it happy again (yes I know experimental sounds \'dangerous\' it\'s just a name for an option we need)
* Sat Jul 13 2002 Philip Copeland 4.2.1-7- #68715, Wrong name for Mysql Module in php.ini. Fixed.
* Sat Jun 29 2002 Philip Copeland 4.2.1-6- SNMP fixup
* Fri Jun 28 2002 Philip Copeland 4.2.1-5- Ah,.. seems httpd2 has been renamed to just plain ol\' httpd. Fixed spec file to suit.- ucd-snmp changed to net-snmp overnight... temporarily disabled snmp while I work out the impact of this change and if it is safe
* Thu Jun 27 2002 Philip Copeland 4.2.1-4- openldap 2.1.x problem solved by Nalin. Sure the ldap API didn\'t change,... . Added TSRMLS_FETCH() to ldap_rebind_proc().- Removed the php-dbg package as thats going to be provided elsewhere
* Sat Jun 22 2002 Tim Powers 4.2.1-3- automated rebuild
* Tue Jun 11 2002 Philip Copeland 4.2.1-2- Actually mm is now a dead project. Removed permently.
* Wed May 29 2002 Gary Benson 4.2.1-2- change paths for httpd-2.0- add the config file- disable mm temporarily
* Mon May 27 2002 Tim Powers 4.2.1-1- automated rebuild
* Thu May 23 2002 Philip Copeland 4.2.1-0- Initial pristine build of php-4.2.1- Minor patch to get around a 64 bitism- Added in the dgb debugging hooks
  
ICM