| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: php8-gd | Distribution: SUSE Linux Framework One |
| Version: 8.3.8 | Vendor: SUSE LLC <https://www.suse.com/> |
| Release: slfo.1.1.1 | Build date: Fri Jun 21 10:24:32 2024 |
| Group: Development/Libraries/PHP | Build host: h01-ch3d |
| Size: 122791 | Source RPM: php8-8.3.8-slfo.1.1.1.src.rpm |
| Packager: https://www.suse.com/ | |
| Url: https://secure.php.net | |
| Summary: GD Graphics Library extension for PHP | |
PHP functions to create and manipulate image files in a variety of different image formats, including GIF, PNG, JPEG, WBMP, and XPM. Even more convenient: PHP can output image streams directly to a browser.
MIT AND PHP-3.01
* Fri Jun 07 2024 pgajdos@suse.com
- version update to 8.3.8 [bsc#1226073]
CGI:
Fixed buffer limit on Windows, replacing read call usage by _read.
Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection in PHP-CGI). (CVE-2024-4577)
CLI:
Fixed bug GH-14189 (PHP Interactive shell input state incorrectly handles quoted heredoc literals.).
Core:
Fixed bug GH-13970 (Incorrect validation of #[Attribute] flags type for non-compile-time expressions).
DOM:
Fix crashes when entity declaration is removed while still having entity references.
Fix references not handled correctly in C14N.
Fix crash when calling childNodes next() when iterator is exhausted.
Fix crash in ParentNode::append() when dealing with a fragment containing text nodes.
Filter:
Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL). (CVE-2024-5458)
FPM:
Fix bug GH-14175 (Show decimal number instead of scientific notation in systemd status).
Hash:
ext/hash: Swap the checking order of `__has_builtin` and `__GNUC__` (Saki Takamachi)
Intl:
Fixed build regression on systems without C++17 compilers.
MySQLnd:
Fix bug GH-14255 (mysqli_fetch_assoc reports error from nested query).
Opcache:
Fixed bug GH-14109 (Fix accidental persisting of internal class constant in shm).
OpenSSL:
The openssl_private_decrypt function in PHP and Marvin attack.
Standard:
Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874). (CVE-2024-5585)
XML:
Fixed bug GH-14124 (Segmentation fault with XML extension under certain memory limit).
XMLReader:
Fixed bug GH-14183 (XMLReader::open() can't be overridden).
- modified patches
% php-build-reproducible-phar.patch (refreshed)
* Thu May 09 2024 pgajdos@suse.com
- version update to 8.3.7
Core:
Fixed zend_call_stack build with Linux/uclibc-ng without thread support.
Fixed bug GH-13772 (Invalid execute_data->opline pointers in observer fcall handlers when JIT is enabled).
Fixed bug GH-13931 (Applying zero offset to null pointer in Zend/zend_opcode.c).
Fixed bug GH-13942 (Align the behavior of zend-max-execution-timers with other timeout implementations).
Fixed bug GH-14003 (Broken cleanup of unfinished calls with callable convert parameters).
Fixed bug GH-14013 (Erroneous dnl appended in configure).
Fixed bug GH-10232 (If autoloading occurs during constant resolution filename and lineno are identified incorrectly).
Fixed bug GH-13727 (Missing void keyword).
Fibers:
Fixed bug GH-13903 (ASAN false positive underflow when executing copy()).
Fileinfo:
Fixed bug GH-13795 (Test failing in ext/fileinfo/tests/bug78987.phpt on big-endian PPC).
FPM:
Fixed bug GH-13563 (Setting bool values via env in FPM config fails).
Intl:
Fixed build for icu 74 and onwards.
MySQLnd:
Fix shift out of bounds on 32-bit non-fast-path platforms.
Opcache:
Fixed bug GH-13433 (Segmentation Fault in zend_class_init_statics when using opcache.preload).
Fixed incorrect assumptions across compilation units for static calls.
OpenSSL:
Fixed bug GH-10495 (feof on OpenSSL stream hangs indefinitely).
PDO SQLite:
Fix GH-13984 (Buffer size is now checked before memcmp).
Fix GH-13998 (Manage refcount of agg_context->val correctly).
Phar:
Fixed bug GH-13836 (Renaming a file in a Phar to an already existing filename causes a NULL pointer dereference).
Fixed bug GH-13833 (Applying zero offset to null pointer in zend_hash.c).
Fix potential NULL pointer dereference before calling EVP_SignInit.
PHPDBG:
Fixed bug GH-13827 (Null pointer access of type 'zval' in phpdbg_frame).
Posix:
Fix usage of reentrant functions in ext/posix.
Session:
Fixed bug GH-13856 (Member access within null pointer of type 'ps_files' in ext/session/mod_files.c).
Fixed bug GH-13891 (memleak and segfault when using ini_set with session.trans_sid_hosts).
Fixed buffer _read/_write size limit on windows for the file mode.
Streams:
Fixed file_get_contents() on Windows fails with "errno=22 Invalid argument".
Fixed bug GH-13264 (Part 1 - Memory leak on stream filter failure).
Fixed bug GH-13860 (Incorrect PHP_STREAM_OPTION_CHECK_LIVENESS case in ext/openssl/xp_ssl.c - causing use of dead socket).
Fixed bug GH-11678 (Build fails on musl 1.2.4 - lfs64).
Treewide:
Fix gcc-14 Wcalloc-transposed-args warnings.
* Fri Apr 12 2024 pgajdos@suse.com
- version update to 8.3.6 [bsc#1222857] [bsc#1222858]
Core:
Fixed GH-13569 (GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when scanning WeakMaps).
Fixed bug GH-13612 (Corrupted memory in destructor with weak references).
Fixed bug GH-13446 (Restore exception handler after it finishes).
Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure).
Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor).
DOM:
Add some missing ZPP checks.
Fix potential memory leak in XPath evaluation results.
FPM:
Fixed GH-11086 (FPM: config test runs twice in daemonised mode).
Fix incorrect check in fpm_shm_free().
GD:
Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests).
Gettext:
Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL.
MySQLnd:
Fix GH-13452 (Fixed handshake response [mysqlnd]).
Fix incorrect charset length in check_mb_eucjpms().
Opcache:
Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null).
Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded).
Random:
Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes).
Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used).
Session:
Fixed bug GH-13680 (Segfault with session_decode and compilation error).
SPL:
Fixed bug GH-13685 (Unexpected null pointer in zend_string.h).
Standard:
Fixed bug GH-11808 (Live filesystem modified by tests).
Fixed GH-13402 (Added validation of `\n` in $additional_headers of mail()).
Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows).
Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874)
Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756)
Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096)
Fixed bug GHSA-fjp9-9hwx-59fq (mb_encode_mimeheader runs endlessly for some inputs). (CVE-2024-2757)
Fix bug GH-13932 (Attempt to fix mbstring on windows build) (msvc).
* Tue Mar 19 2024 pgajdos@suse.com
- version update to 8.3.4
* This is a bug fix release.
* Wed Mar 06 2024 pmonreal@suse.com
- Use the system default cipher list instead of hardcoded values
by using crypto-policies. [bsc#1211301]
* Use the --with-system-ciphers configure option.
* Fri Feb 16 2024 pgajdos@suse.com
- version update to 8.3.3
* A bugfix release.
- modified patches
% php-build-reproducible-phar.patch (refreshed)
* Thu Jan 18 2024 pgajdos@suse.com
- version update to 8.3.2
* This is a bug fix release.
- modified patches
% php-ar-flags.patch (refreshed)
% php-build-reproducible-phar.patch (refreshed)
* Wed Dec 27 2023 mmanu84@outlook.de
- version update to 8.3.1
* This is a bug fix release.
https://www.php.net/ChangeLog-8.php#8.3.1
* Fri Nov 24 2023 pgajdos@suse.com
- version update to 8.3.0
* https://www.php.net/releases/8.3/en.php
* Typed class constants
* Dynamic class constant fetch
* New #[\Override] attribute
* Deep-cloning of readonly properties
* New json_validate() function
* New Randomizer::getBytesFromString() method
* New Randomizer::getFloat() and Randomizer::nextFloat() methods
* New DOMElement::getAttributeNames(),
DOMElement::insertAdjacentElement(),
DOMElement::insertAdjacentText(),
DOMElement::toggleAttribute(),
DOMNode::contains(), DOMNode::getRootNode(),
DOMNode::isEqualNode(), DOMNameSpaceNode::contains(), and
DOMParentNode::replaceChildren() methods.
* New IntlCalendar::setDate(),
IntlCalendar::setDateTime(),
IntlGregorianCalendar::createFromDate(), and
IntlGregorianCalendar::createFromDateTime() methods.
* New ldap_connect_wallet(), and ldap_exop_sync() functions.
* New mb_str_pad() function.
* New posix_sysconf(), posix_pathconf(), posix_fpathconf(),
and posix_eaccess() functions.
* New ReflectionMethod::createFromMethodName() method.
* New socket_atmark() function.
* New str_increment(), str_decrement(),
and stream_context_set_options() functions.
* New ZipArchive::getArchiveFlag() method.
* Support for generation EC keys with custom EC parameters in
OpenSSL extension.
* New INI setting zend.max_allowed_stack_size to set the maximum
allowed stack size.
* php.ini now supports fallback/default value syntax.
* Anonymous classes can now be readonly.
* https://www.php.net/ChangeLog-8.php#PHP_8_3
- modified patches
% php-ar-flags.patch (refreshed)
% php-build-reproducible-phar.patch (refreshed)
% php-ini.patch (refreshed)
- modified sources
% php8.keyring
- deleted patches
- php-systzdata-v23.patch
- added patches
+ php-systzdata-v24.patch
* Fri Nov 24 2023 pgajdos@suse.com
- version update to 8.2.13
* This is a bug fix release.
https://www.php.net/ChangeLog-8.php#8.2.13
* Thu Oct 26 2023 pgajdos@suse.com
- version update to 8.2.12
* This is a bug fix release.
https://www.php.net/ChangeLog-8.php#8.2.12
* Fri Sep 29 2023 pgajdos@suse.com
- version update to 8.2.11
* This is a bug fix release.
* https://www.php.net/ChangeLog-8.php#8.2.11
* Tue Sep 26 2023 pgajdos@suse.com
- add missing references to rpm changelog
- 15sp4 only:
[bsc#1200772], [jsc#SLE-24723] add pecl, pear
[jsc#SLE-23639] version update
* Fri Sep 01 2023 bwiedemann@suse.com
- Use %make_build macro
* Fri Sep 01 2023 pgajdos@suse.com
- version update to 8.2.10
* This is a bug fix release.
* https://www.php.net/ChangeLog-8.php#8.2.10
* Tue Aug 22 2023 pgajdos@suse.com
- version update to 8.2.9
* This is a security release.
* Fixes CVE-2023-3824 [bsc#1214103] and CVE-2023-3823 [bsc#1214106]
* https://www.php.net/ChangeLog-8.php#8.2.9
- deleted patches
- php-unicode-allow-redistribution.patch (upstreamed)
- deleted sources
- repack.sh (not needed)
* Mon Jul 17 2023 pgajdos@suse.com
- version update to 8.2.8
* This is a bug fix release.
* https://www.php.net/ChangeLog-8.php#8.2.8
- modified patches
% php-sort-filelist-phar.patch (refreshed)
* Thu Jun 22 2023 pgajdos@suse.com
- version update to 8.2.7
* Readonly classes
* Disjunctive Normal Form (DNF) Types
* Allow null, false, and true as stand-alone types
* New "Random" extension
* Constants in traits
* Deprecate dynamic properties
* for details, see
https://www.php.net/releases/8.2/en.php
https://www.php.net/manual/en/migration82.php
- modified patches
% php-ar-flags.patch (refreshed)
% php-build-reproducible-phar.patch (refreshed)
% php-date-regenerate-lexers.patch (refreshed)
% php-ini.patch (refreshed)
% php-systzdata-v23.patch (refreshed)
- CVE-2023-3247 [bsc#1212349]
* Tue May 30 2023 pgajdos@suse.com
- version update to 8.1.20
* This is a security release.
* https://www.php.net/ChangeLog-8.php#8.1.20
- force to repack tarball after update
https://github.com/php/php-src/issues/11300
- session.save_path set to /var/lib/php8/sessions in mod_php8.conf
and www.conf php-fpm pool example
- modified sources
% mod_php8.conf
- added sources
+ repack.sh
+ php-unicode-allow-redistribution.patch
* Thu May 25 2023 pgajdos@suse.com
- repack the tarball temporarily [bsc#1211648]
* Tue May 23 2023 pgajdos@suse.com
- also MIT license (systzdata patch, ext/date/lib/parse_posix.c)
[https://build.suse.de/request/show/298230]
* Fri May 12 2023 pgajdos@suse.com
- version update to 8.1.19
* This is a bug fix release.
* https://www.php.net/ChangeLog-8.php#8.1.19
- modified patches
% php-ar-flags.patch (refreshed)
% php-build-reproducible-phar.patch (refreshed)
% php-ini.patch (refreshed)
% php-systzdata-v23.patch (refreshed)
* Wed May 10 2023 pgajdos@suse.com
- downgrade back to 8.1.18
https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/4ADCEV2FII7J5FZEWREFETTEVX7CDUSR/
* Thu May 04 2023 pgajdos@suse.com
- version update to 8.2.5
* Readonly classes
* Disjunctive Normal Form (DNF) Types
* Allow null, false, and true as stand-alone types
* New "Random" extension
* Constants in traits
* Deprecate dynamic properties
* for details, see
https://www.php.net/releases/8.2/en.php
https://www.php.net/manual/en/migration82.php
- modified patches
% php-ar-flags.patch (refreshed)
% php-build-reproducible-phar.patch (refreshed)
% php-ini.patch (refreshed)
- deleted patches
- php-crypt-tests.patch (not needed)
- modified sources
% php8.keyring
* Thu Apr 20 2023 suse+build@de-korte.org
- The %_restart_on_update macro was removed from systemd-rpm-macros.
Remove %posttrans for FPM as it wasn't working as intended anyway.
[boo#1210576]
* Fri Apr 14 2023 pgajdos@suse.com
- version update to 8.1.18
* This is a bug fix release.
https://www.php.net/ChangeLog-8.php#8.1.18
- modified patches
% php-ar-flags.patch (refreshed)
% php-build-reproducible-phar.patch (refreshed)
% php-ini.patch (refreshed)
* Thu Mar 16 2023 pgajdos@suse.com
- version update to 8.1.17
* This is a bug fix release.
https://www.php.net/ChangeLog-8.php#8.1.17
* Tue Mar 14 2023 pgajdos@suse.com
- update to newest systzdata patch [bsc#1208199]
- deleted patches
- php-systzdata-v21.patch (upstreamed)
- added patches
fix use of the system timezone database
+ php-systzdata-v23.patch
* Sun Mar 05 2023 aj@ajaissle.de
- add "/usr/share/php" to include_path
* Fri Mar 03 2023 pgajdos@suse.com
- allow to specify load order of extensions in %{php_sysconf}/conf.d
[bsc#1205162]
* Sat Feb 25 2023 suse+build@de-korte.org
- change to %bcond conditional build dependencies
* Thu Feb 16 2023 pgajdos@suse.com
- version update to 8.1.16
* This is a security release that addresses CVE-2023-0567,
CVE-2023-0568, and CVE-2023-0662.
([bsc#1208366], [bsc#1208367], [bsc#1208388])
* https://www.php.net/ChangeLog-8.php#8.1.16
* Fri Feb 03 2023 pgajdos@suse.com
- version update to 8.1.15
* This is a bug fix release.
* https://www.php.net/ChangeLog-8.php#8.1.15
* Fri Jan 06 2023 pgajdos@suse.com
- version update to 8.1.14
* This is a security release.
* fixed: CVE-2022-31631 [bsc#1206958]
* https://www.php.net/ChangeLog-8.php#8.1.14
* Wed Nov 30 2022 pgajdos@suse.com
- amend %preun to fix [bsc#1205782]
* Fri Nov 25 2022 pgajdos@suse.com
- version update to 8.1.13
* This is a bug fix release.
* https://www.php.net/ChangeLog-8.php#8.1.13
* Mon Oct 31 2022 pgajdos@suse.com
- version update to 8.1.12
* This is a security release.
* fixed: CVE-2022-31630 [bsc#1204979], CVE-2022-37454 [bsc#1204577]
* https://www.php.net/ChangeLog-8.php#8.1.12
* Thu Sep 29 2022 pgajdos@suse.com
- version update to 8.1.11
* This is a security release.
* CVEs fixed: CVE-2022-31628 [bsc#1203867], CVE-2022-31629 [bsc#1203870]
https://www.php.net/ChangeLog-8.php#8.1.11
* Fri Sep 02 2022 pgajdos@suse.com
- version update to 8.1.10
* This is a bug fix release.
https://www.php.net/ChangeLog-8.php#8.1.10
* Fri Aug 19 2022 pgajdos@suse.com
- version update to 8.1.9
* This is a bug fix release.
https://www.php.net/ChangeLog-8.php#8.1.9
* Mon Jul 18 2022 pgajdos@suse.com
- version update to 8.1.8
* This is a security release.
https://www.php.net/ChangeLog-8.php#8.1.8
- fixes CVE-2022-31627 [bsc#1201499]
* Fri Jun 10 2022 pgajdos@suse.com
- version update to 8.1.7
* This is a security release.
https://www.php.net/ChangeLog-8.php#8.1.7
* CVE-2022-31625 [bsc#1200645]
* CVE-2022-31626 [bsc#1200628]
* Wed May 25 2022 pgajdos@suse.com
- version update to 8.1.6:
* This is a bug fix release.
https://www.php.net/ChangeLog-8.php#8.1.6
* Wed Apr 20 2022 pgajdos@suse.com
- version update to 8.1.5:
* This is a bug fix release.
https://www.php.net/ChangeLog-8.php#8.1.5
* [bsc#1197644]
* Mon Apr 11 2022 pgajdos@suse.com
- fpm %postrans: check whether sytemctl is available
* Fri Apr 08 2022 suse+build@de-korte.org
- Disable build with '-z now' as it breaks the php-mysql extension
[boo#1197994]
* Thu Mar 31 2022 suse+build@de-korte.org
- build PHP-FPM with libacl support (boo#1196870)
* Thu Mar 17 2022 suse+build@de-korte.org
- updated to 8.1.4: This is a bug fix release. See
https://www.php.net/ChangeLog-8.php#8.1.4
* Fri Feb 25 2022 dimstar@opensuse.org
- Fix boolean dep supplements: add parantheses. Without
parantheses, this results in three separate supplements, against
'php-fpm', 'and', and 'apache2' (boo#1196492).
* Fri Feb 18 2022 suse+build@de-korte.org
- updated to 8.1.3: This is a security release (CVE-2021-21708 [bsc#1196252])
which also contains several bug fixes.
See https://www.php.net/ChangeLog-8.php#8.1.3
* Fri Feb 11 2022 suse+build@de-korte.org
- provide an Apache configuration for PHP-FPM
+ php8-fpm.conf
* Fri Jan 28 2022 suse+build@de-korte.org
- update keyring to include PHP 8.1 release managers signing keys
% php8.keyring
* Thu Jan 20 2022 suse+build@de-korte.org
- updated to 8.1.2: This is a bug fix release. See
https://www.php.net/ChangeLog-8.php#8.1.2
- updated to 8.1.1: This is a bug fix release. See
https://www.php.net/ChangeLog-8.php#8.1.1
- update to 8.1.0: This release marks the latest major release of
the PHP language. See https://www.php.net/ChangeLog-8.php#8.1.0
- cleanup php8.rpmlintrc
- build ffi extension (experimental)
- enable avif support for gd extension
- rebased patches
% php-ar-flags.patch
% php-crypt-tests.patch
% php-ini.patch
% php-build-reproducible-phar.patch
- deleted patches
- php-systzdata-v20.patch
- php8-gd-removed-unused-constants.patch
- added patch
+ php-systzdata-v21.patch
* Thu Jan 20 2022 suse+build@de-korte.org
- updated to 8.0.15: This is a bug fix release. See
https://www.php.net/ChangeLog-8.php#8.0.15
* Sun Jan 09 2022 suse+build@de-korte.org
- use /tmp to store session information (boo#1194414)
% php-ini.patch
* Fri Dec 17 2021 suse+build@de-korte.org
- updated to 8.0.14: This is a bug fix release. See
https://www.php.net/ChangeLog-8.php#8.0.14
* Wed Dec 01 2021 suse+build@de-korte.org
- provide configuration for PHP-FPM out of the box (boo#1192414)
- package missing php.ini for PHP-FPM (boo#1192672)
* Fri Nov 19 2021 suse+build@de-korte.org
- updated to 8.0.13: This is a security release (CVE-2021-21707 [bsc#1193041])
which also contains several bug fixes.
See https://www.php.net/ChangeLog-8.php#8.0.13
* Thu Oct 21 2021 suse+build@de-korte.org
- updated to 8.0.12: This is a security release (CVE-2021-21703 [bsc#1192050])
which also contains several bug fixes.
See https://www.php.net/ChangeLog-8.php#8.0.12
* Thu Sep 23 2021 suse+build@de-korte.org
- updated to 8.0.11: This is a security release fixing CVE-2021-21706.
See https://www.php.net/ChangeLog-8.php#8.0.11
* Thu Sep 23 2021 pgajdos@suse.com
- added patches
fix https://github.com/php/php-src/commit/b3646440b1808abf0874b6f89027ce53ec5da03f
+ php8-gd-removed-unused-constants.patch
* Thu Aug 26 2021 suse+build@de-korte.org
- updated to 8.0.10: This is a security release which also contains
several bug fixes. See https://www.php.net/ChangeLog-8.php#8.0.10
- deleted patch
- php-systzdata-v19.patch
- added patch
+ php-systzdata-v20.patch
* Wed Aug 04 2021 mrueckert@suse.de
- fix apparmor support: seems it requires a configure flag now.
* Thu Jul 29 2021 suse+build@de-korte.org
- updated to 8.0.9: This is a bug fix release. See
https://www.php.net/ChangeLog-8.php#8.0.9
* Thu Jul 01 2021 suse+build@de-korte.org
- updated to 8.0.8: This is a security release which also contains
several bug fixes. See https://www.php.net/ChangeLog-8.php#8.0.8
* Fri Jun 04 2021 suse+build@de-korte.org
- updated to 8.0.7: This is a bug fix release. See
https://www.php.net/ChangeLog-8.php#8.0.7
* Thu Jun 03 2021 suse+build@de-korte.org
- updated to 8.0.6: This release reverts a bug related to PDO_pgsql
that was introduced in PHP 8.0.5.
* Thu Apr 29 2021 suse+build@de-korte.org
- updated to 8.0.5: This is a bug fix release. See
https://www.php.net/ChangeLog-8.php#8.0.5
* Tue Apr 13 2021 suse+build@de-korte.org
- Do not hard-depend on systemd: use systemd_ordering instead of
systemd_requires.
* Tue Mar 09 2021 pgajdos@suse.com
- <IfModule mod_php.c> instead of <IfModule mod_php8.c> [bsc#1183180]
- modified sources
% mod_php8.conf
* Thu Mar 04 2021 suse+build@de-korte.org
- updated to 8.0.3: This is a bug fix release. See
https://www.php.net/ChangeLog-8.php#8.0.3
* Mon Feb 01 2021 suse+build@de-korte.org
- updated to 8.0.2: This is a bug fix release. See
https://www.php.net/ChangeLog-8.php#8.0.2
- suppress warning for all flavors not equal to "" in multibuild
and obsoletes for php7
% php8.rpmlintrc
* Fri Jan 29 2021 suse+build@de-korte.org
- add conflicts with earlier versions of php (boo#1181292)
* Thu Jan 28 2021 suse+build@de-korte.org
- update contents of configuration file (still referenced php7)
% mod_php8.conf
* Sat Jan 23 2021 suse+build@de-korte.org
- require this PHP version of subpackages in Recommends/Suggests
- run apache-rex tests in php8:test as packages need to be build
first (otherwise tests run with previous version)
* Mon Jan 18 2021 suse+build@de-korte.org
- add conflicts with earlier version of php-devel and php-phar
- add obsoletes for all subtargets that don't have conflicts yet
- add php_cfgdir and php_extdir macros
* Fri Jan 15 2021 suse+build@de-korte.org
- replace php8.keyring with signatures for PHP-8 release managers
* Fri Jan 15 2021 suse+build@de-korte.org
- deleted patch (redundant cast, both sides are already signed int)
- php-odbc-cmp-int-cast.patch
* Wed Jan 13 2021 suse+build@de-korte.org
- install php8-cli if no sapi is selected upon php8 installation
- add conflicts with earlier version of php-cli, php-fastcgi and
php-fpm
* Mon Jan 11 2021 suse+build@de-korte.org
- put CLI binary in -cli subpackage so that other moduldes can depend
on the php base package that remains (and provides files and maps
common for all)
- remove Obsoletes: php5-*
* Fri Jan 08 2021 suse+build@de-korte.org
- updated to 8.0.1: This is a bug fix release. See
https://www.php.net/ChangeLog-8.php#8.0.1
- use pkgconfig() to resolve BuildRequires where upstream uses it too
- since php-7.4.0 when using --with-external-gd the configure options
- -with-xpm, --with-freetype and --with-jpeg are not needed anymore
(and neither are the respective BuildRequires)
- build the MySQL Native Driver as a shared module (rather than
builtin) to prevent a hard requirement for OpenSSL in the CLI
- add Recommends: php-openssl as many modules can optionally use it
- use new %ldconfig macros in Tumbleweed
- change PEAR dir to /usr/share/php/PEAR
* Fri Jan 08 2021 pgajdos@suse.com
- install mod_php8 directly
- note it provides php_module instead of php8_module per upstream
change
* Thu Jan 07 2021 pgajdos@suse.com
- install embed's libphp8.so directly
- deleted patches
- php-embed.patch (not needed)
* Wed Jan 06 2021 pgajdos@suse.com
- deleted patches
- php-openssl.patch (undocumented and not upstreamed patch for a
long time)
- php7-arm-build-fixes.patch (do not build for SLE12 anymore)
- php-pts.patch (undocumented and not upstreamed patch for a long
time)
- imporved patch documentation
* Tue Jan 05 2021 pgajdos@suse.com
- use cli sapi php-config --libs
* Sun Jan 03 2021 suse+build@de-korte.org
- php-phar requires the php-zlib extension
- trim specfile lint
* Thu Dec 31 2020 suse+build@de-korte.org
- install macros.php in %{_rpmconfigdir}/macros.d
* Wed Dec 30 2020 suse+build@de-korte.org
- build devel subpackage in embed subpackage (where it previously was
built)
* Mon Dec 28 2020 suse+build@de-korte.org
- don't build with CPU specific instructions as it can't be guaranteed
these are available at runtime
+ php-no-check-cpu.patch
- remove obsolete patch (replaced by SOURCE_DATE_EPOCH)
- php-no-build-date.patch
* Fri Dec 18 2020 suse+build@de-korte.org
- add D(eterministic) flag to AR_FLAGS to (php-ar-flags.patch)
- modified sources
% _multibuild
* Sun Dec 13 2020 suse+build@de-korte.org
- restart php-fpm.service in %posttrans fpm (extensions may need
to be updated too, so restart must be delayed to after all RPM
transactions have completed)
* Fri Dec 04 2020 suse+build@de-korte.org
- do not add mod_php to httpd.conf during %install (better fix for
new apache2 from Apache development repo)
+ php-install-mod_php.patch
- do not build php-cgi when not needed
- only build extensions in cli
* Sun Nov 29 2020 suse+build@de-korte.org
- fix building with new apache2 from Apache development repo
* Fri Nov 27 2020 pgajdos@suse.com
- do not build firebird extension in any case
* Wed Nov 25 2020 mmanu84@outlook.de
- update to 8.0.0
See https://www.php.net/ChangeLog-8.php#8.0.0
- modified patches
% php-date-regenerate-lexers.patch
* Sun Nov 15 2020 mmanu84@outlook.de
- update to 8.0.0 RC 4
- modified patches
% php-crypt-tests.patch (refreshed)
% php-fix_net-snmp_disable_MD5.patch (refreshed)
% php-no-build-date.patch (refreshed)
% php-odbc-cmp-int-cast.patch (refreshed)
% php-openssl.patch (refreshed)
* Tue Oct 27 2020 mmanu84@outlook.de
- update to 8.0.0 RC 3
* Fri Oct 16 2020 mmanu84@outlook.de
- update to 8.0.0 RC 2
- modified patches
% php-ini.patch (refreshed)
% php-phpize.patch (refreshed)
% php-php-config.patch
* Wed Oct 07 2020 pgajdos@suse.com
- update to 8.0.0 RC 1
https://www.php.net/manual/en/migration80.php
- modified patches
% php-no-build-date.patch (refreshed)
- deleted patches
- php-pts.patch (upstreamed)
* Thu Oct 01 2020 suse+build@de-korte.org
- updated to 7.4.11: This is a security release which also contains
several bug fixes. See https://www.php.net/ChangeLog-7.php#7.4.11
* Mon Sep 07 2020 pgajdos@suse.com
- do not rely on apr-devel to pull db-devel
* Thu Sep 03 2020 suse+build@de-korte.org
- updated to 7.4.10: This is a bug fix release. See
https://www.php.net/ChangeLog-7.php#7.4.10
* Thu Aug 06 2020 suse+build@de-korte.org
- updated to 7.4.9: This is a security release which also contains
several bug fixes. See https://www.php.net/ChangeLog-7.php#7.4.9
* Thu Jul 09 2020 suse+build@de-korte.org
- updated to 7.4.8: This is a security release which also contains
several bug fixes. See https://www.php.net/ChangeLog-7.php#7.4.8
* Thu Jul 09 2020 pgajdos@suse.com
- Use /run/php-fpm instead of /run/php
- modified sources
% php-fpm.tmpfiles.d
* Thu Jul 09 2020 pgajdos@suse.com
- do not install %{_tmpfilesdir}, %{_tmpfilesdir}/php-fpm.conf in
test favour
* Mon Jul 06 2020 daniel.molkentin@suse.com
- added tmpfiles.d for php-fpm to provide a base base for a socket
(boo#1173786)
* Thu Jun 11 2020 suse+build@de-korte.org
- updated to 7.4.7: This is a security release which also contains
several bug fixes. See https://www.php.net/ChangeLog-7.php#7.4.7
* Thu May 14 2020 suse+build@de-korte.org
- updated to 7.4.6: This is a security release which also contains
several bug fixes. See https://www.php.net/ChangeLog-7.php#7.4.6
* Wed May 13 2020 pgajdos@suse.com
- added patches
build fixes in SLE12
+ php7-arm-build-fixes.patch
* Tue May 12 2020 pgajdos@suse.com
- added to SLE-12 [jsc#SLE-12474]
* Tue May 12 2020 pgajdos@suse.com
- spec file usable under SLE12 again and better prepared for
phpM -> phpMN transition
* Mon May 11 2020 pgajdos@suse.com
- added to SLE-15-SP2 [jsc#SLE-12482], including fixes for:
CVE-2020-7063 [bsc#1165289]
CVE-2020-7062 [bsc#1165280]
CVE-2019-11046, CVE-2019-11050, CVE-2019-11047, CVE-2019-11045
* Tue Apr 14 2020 suse+build@de-korte.org
- updated to 7.4.5: This is a security release which also contains
several bug fixes. See https://www.php.net/ChangeLog-7.php#7.4.5
* Thu Apr 02 2020 pgajdos@suse.com
- remove Berkeley DB Database support [jsc#SLE-12210]
* Fri Mar 20 2020 pgajdos@suse.com
- build firebird extension in any case
* Tue Mar 17 2020 suse+build@de-korte.org
- updated to 7.4.4: This is a security release which also contains
several bug fixes. See https://www.php.net/ChangeLog-7.php#7.4.4
* Thu Mar 12 2020 mliska@suse.cz
- Enable LTO as it works now (boo#1133275).
* Wed Feb 19 2020 suse+build@de-korte.org
- updated to 7.4.3: This is a security release which also contains
several bug fixes. See https://www.php.net/ChangeLog-7.php#7.4.3
* Mon Feb 10 2020 pgajdos@suse.com
- add %apache_rex_deps
* Thu Jan 23 2020 suse+build@de-korte.org
- updated to 7.4.2: This is a security release which also contains
several bug fixes. See https://www.php.net/ChangeLog-7.php#7.4.2
* Wed Dec 18 2019 suse+build@de-korte.org
- updated to 7.4.1: This is a security release which also contains
several bug fixes. See https://www.php.net/ChangeLog-7.php#7.4.1
- deleted patches
- php-fix-mysqlnd-compression-library.patch
- php-fpm-service-fails-to-start.patch
* Tue Dec 10 2019 pgajdos@suse.com
- php7-devel requires glibc-devel, libxml2-devel, pcre2-devel
again
* Thu Dec 05 2019 suse+build@de-korte.org
- relax systemd restrictions for FPM as they were too strict in
some applications
- change leftover Requires php7-<extension> to php-<extension>
- remove external libraries from -devel subpackage
- added patches
+ php-fpm-service-fails-to-start.patch
* Thu Nov 28 2019 suse+build@de-korte.org
- update to 7.4.0:
* Typed Properties
* Arrow Functions
* Limited Return Type Covariance and Argument Type Contravariance
* Unpacking Inside Arrays
* Numeric Literal Separator
* Weak References
* Allow Exceptions from __toString()
* Opcache Preloading
* The interbase and wddx extensions are removed and now
available through PECL
* PEAR is now packaged separately in php7-pear source package
(https://externals.io/message/103977)
* See https://www.php.net/ChangeLog-7.php#7.4.0 for a complete
list of changes
- deleted patches
- php-suse-addons.tar.bz
- php-systzdata-v18.patch
- added patches
+ php-fix-mysqlnd-compression-library.patch
+ php-systzdata-v19.patch
+ mod_php7.conf
- modified files/patches
% php-no-build-date.patch
% php-systemd-unit.patch
% php7.keyring (use keys of the PHP-7.4 release managers)
% php7.rpmlintrc
* Tue Nov 19 2019 pgajdos@suse.com
- added to SLE-15-SP2 [SLE-10860], fixes
CVE-2019-11043 [bsc#1154999]
CVE-2019-11041 [bsc#1146360]
CVE-2019-11042 [bsc#1145095]
CVE-2019-11039 [bsc#1138173]
CVE-2019-11040 [bsc#1138172]
CVE-2019-11036 [bsc#1134322]
CVE-2019-11034 [bsc#1132838]
CVE-2019-11035 [bsc#1132837]
CVE-2019-9637 [bsc#1128892]
CVE-2019-9675 [bsc#1128886]
CVE-2019-9638 [bsc#1128889], CVE-2019-9639 [bsc#1128887]
CVE-2019-9640 [bsc#1128883]
CVE-2019-9024 [bsc#1126821]
CVE-2019-9020 [bsc#1126711]
CVE-2018-20783 [bsc#1127122]
CVE-2019-9021 [bsc#1126713]
CVE-2019-9022 [bsc#1126827]
CVE-2019-9023 [bsc#1126823]
CVE-2019-9641 [bsc#1128722]
CVE-2018-19935 [bsc#1118832]
CVE-2018-17082 [bsc#1108753]
CVE-2018-1000222 [bsc#1105434]
CVE-2018-14851 [bsc#1103659]
CVE-2017-9120 [bsc#1103661]
CVE-2018-12882 [bsc#1099098]
[bsc#1151793]
* Tue Nov 12 2019 dimstar@opensuse.org
- Do not add the generic provides to the php7-test package.
* Fri Oct 25 2019 pgajdos@suse.com
- version update to 7.3.11: This is a security release which also
contains several bug fixes.
See https://www.php.net/ChangeLog-7.php#7.3.11
* Fri Oct 04 2019 pgajdos@suse.com
- provide test results via multibuild :test
- added sources
+ _multibuild
* Mon Sep 30 2019 pgajdos@suse.com
- remove pcre.jit=0 setting default as https://bugs.php.net/bug.php?id=77260
is solved on pcre2 side [bsc#1124446]
- modified patches
% php-ini.patch (amended)
* Sun Sep 29 2019 suse+build@de-korte.org
- updated to 7.3.10: This is a security release which also contains
several bug fixes. See https://www.php.net/ChangeLog-7.php#7.3.10
* Sat Aug 31 2019 suse+build@de-korte.org
- updated to 7.3.9: This is a security release which also contains
several bug fixes. See https://www.php.net/ChangeLog-7.php#7.3.9
* Sat Aug 03 2019 suse+build@de-korte.org
- updated to 7.3.8: This is a security release which also contains
several bug fixes. See https://www.php.net/ChangeLog-7.php#7.3.8
* Thu Jul 04 2019 suse+build@de-korte.org
- updated to 7.3.7: This is a bug fix release. See
https://www.php.net/ChangeLog-7.php#7.3.7
* Thu May 30 2019 suse+build@de-korte.org
- updated to 7.3.6: This is a security release which also contains
several bug fixes. See https://www.php.net/ChangeLog-7.php#7.3.6
* Wed May 29 2019 pgajdos@suse.com
- check via apache-rex
* Fri May 24 2019 pgajdos@suse.com
- build for 42.3
* Thu May 02 2019 suse+build@de-korte.org
- updated to 7.3.5: This is a security release which also contains
several bug fixes. See https://www.php.net/ChangeLog-7.php#7.3.5
* Wed Apr 24 2019 mliska@suse.cz
- Disable LTO (boo#1133275).
* Thu Apr 04 2019 suse+build@de-korte.org
- updated to 7.3.4: This is a security release which also contains
several bug fixes. See https://www.php.net/ChangeLog-7.php#7.3.4
* Fri Mar 15 2019 pgajdos@suse.com
- upstream bug #41631 is already fixed [bsc#1129032]
- deleted sources
- README.default_socket_timeout (not needed)
* Fri Mar 08 2019 pgajdos@suse.com
- updated to 7.3.3: This is a security release which also contains
several bug fixes. See
http://www.php.net/ChangeLog-7.php#7.3.3
- deleted patches
- php-systzdata-v17.patch (upstreamed)
- added patches
+ php-systzdata-v18.patch (thanks to remirepo)
* Tue Mar 05 2019 pgajdos@suse.com
- asan_build: build ASAN included
- debug_build: build more suitable for debugging
* Thu Feb 28 2019 tchvatal@suse.com
- Disable tests that do deadlock now with curl update, this is
fixed in next release 7.3.3 thus reenable here when released
* Thu Feb 28 2019 pgajdos@suse.com
- rename php7-*.patch to more general php-#1.patch
why: this aligns with maintenance patch names, which are in
changelogs comfortably copied over php72, php7, php5, php53;
moreover, php$N prefix causes issues when package is renamed,
e. g. php7 to php72
- deleted patches
- php7-crypt-tests.patch
- php7-date-regenerate-lexers.patch
- php7-embed.patch
- php7-fix_net-snmp_disable_MD5.patch
- php7-ini.patch
- php7-no-build-date.patch
- php7-odbc-cmp-int-cast.patch
- php7-openssl.patch
- php7-php-config.patch
- php7-phpize.patch
- php7-pts.patch
- php7-systemd-unit.patch
- php7-systzdata-v17.patch
- added patches
+ php-crypt-tests.patch
+ php-date-regenerate-lexers.patch
+ php-embed.patch
+ php-fix_net-snmp_disable_MD5.patch
+ php-ini.patch
+ php-no-build-date.patch
+ php-odbc-cmp-int-cast.patch
+ php-openssl.patch
+ php-php-config.patch
+ php-phpize.patch
+ php-pts.patch
+ php-systemd-unit.patch
+ php-systzdata-v17.patch
* Mon Feb 25 2019 pgajdos@suse.com
- fix wrongly ported patch, using the one from remirepo (Thanks!)
[bsc#1126449]
- modified patches
% php7-systzdata-v17.patch
* Wed Feb 13 2019 pgajdos@suse.com
- updated to version 7.3.2: This is a bugfix release, with several
bug fixes included. See
http://php.net/ChangeLog-7.php#7.3.2
- php7-systzdata-v16.patch modified and renamed to
php7-systzdata-v17.patch
* Thu Feb 07 2019 pgajdos@suse.com
- set pcre.jit=0 until https://bugs.php.net/bug.php?id=77260
is solved [bsc#1124446]
* Thu Jan 31 2019 suse+build@de-korte.org
- spec file cleanup
* add BuildRequires gpg2
* remove outdated README.SUSE-pear - Squirrelmail uses PDO instead
of DB now by default
* remove outdated php7-depdb-path.patch - Horde packages no longer
build so need to be fixed anyway
- update php7.rpmlintrc to suppress warnings that aren't fixable and
drown out other warnings
* Wed Jan 30 2019 suse+build@de-korte.org
- provide the version of PEAR, rather than the PHP version in php-pear
* Wed Jan 30 2019 suse+build@de-korte.org
- configure cache_dir, metadata_dir and sig_bin through PHP_PEAR_*
exports
* Tue Jan 29 2019 suse+build@de-korte.org
- remove install-pear-nozlib.phar (the bundled and tested version from
the PHP sources is fresh enough for our purposes)
- merge back php7-pear-Archive_Tar in php7-pear
- rename cache_dir to pear and create it
* Tue Jan 22 2019 suse+build@de-korte.org
- fix php7.spec typos
* Tue Jan 22 2019 pgajdos@suse.com
- verify install-pear-nozlib.phar
* Tue Jan 22 2019 suse+build@de-korte.org
- update install-pear-nozlib.phar to version 1.10.10
* switch source to GitHub
* provides Archive_Tar 1.4.4 (fixes CVE-2018-1000888)
* Mon Jan 14 2019 pgajdos@suse.com
- update to 7.3.1: This is a security release which also contains
several bug fixes. See
http://php.net/ChangeLog-7.php
- remove suhosin stuff
* Sun Dec 30 2018 crrodriguez@opensuse.org
- Support LMDB in php7-dba, it is advisable to use it instead
of bdb.
* Thu Dec 20 2018 crodriguez@owncloud.com
- Update php7-pts.patch: open slave_pty using TIOCGPTPEER if available
instead of the name returned by ptsname() so it is safe to use when
interacting with namespaces.
* Thu Dec 20 2018 crodriguez@owncloud.com
- update install-pear-nozlib.phar to its latest version, otherwise
pecl stops working due to protocol switch http -> https
* Wed Dec 19 2018 mpluskal@suse.com
- Mark testresults package as noarch
* Thu Dec 13 2018 mpluskal@suse.com
- Enable testsuite during build time and save log to subpackage
testresults (boo#1119396)
* Mon Dec 10 2018 crrodriguez@opensuse.org
- update to pcre2 broke building third party modules, php7-devel
needs pcre-devel --> pcre2-devel change.
* Mon Dec 10 2018 pgajdos@suse.com
- update to 7.3.0:
* Improved PHP GC
* Add net_get_interfaces()
* Implemented flexible heredoc and nowdoc syntax
* Added support for references in list() and array destructuring
* Added syslog.facility and syslog.ident INI entries for
customizing syslog logging
* The declaration and use of case-insensitive constants has been
deprecated
* Added syslog.filter INI entry for syslog filtering
* Added the 'add_slashes' sanitization mode
* Added support for WebP in imagecreatefromstring()
* Export internal structures and accessor helpers for GMP object.
* Added gmp_binomial(n, k)
* Added gmp_lcm(a, b)
* Added gmp_perfect_power(a)
* Added gmp_kronecker(a, b)
* Added JSON_THROW_ON_ERROR flag
* Added ldap_exop_refresh helper for EXOP REFRESH operation with
dds overlay
* Added full support for sending and parsing ldap controls
* Removed support for ODBCRouter
* Removed support for Birdstep
* Added openssl_pkey_derive function
* Add min_proto_version and max_proto_version ssl stream options
as well as related constants for possible TLS protocol values
* Migrated to PCRE2
* Expose TDS version as \PDO::DBLIB_ATTR_TDS_VERSION attribute
on \PDO instance
* Treat DATETIME2 columns like DATETIME
* Added is_countable() function
* Added support for the SameSite cookie directive, including an
alternative signature for setcookie(), setrawcookie() and
session_set_cookie_params()
* Many bugfixes and other changes, see
http://php.net/ChangeLog-7.php#7.3.0
- patch changes
% php7-ini.patch
% php7-no-build-date.patch
% php7-odbc-cmp-int-cast.patch
- php7-honor-re2c-flags.patch (upstreamed)
* Mon Dec 10 2018 pgajdos@suse.com
- update to 7.2.13: This is a security release.
http://php.net/ChangeLog-7.php
* Fri Nov 16 2018 pgajdos@suse.com
- core package recommends instead of requires smtp_daemon
[bsc#1115213]
* Fri Nov 09 2018 pgajdos@suse.com
- update to 7.2.12: This is a bugfix release.
http://php.net/ChangeLog-7.php
- forward ported:
% php7-crypt-tests.patch
% php7-honor-re2c-flags.patch
% php7-odbc-cmp-int-cast.patch
* Mon Oct 15 2018 pgajdos@suse.com
- update to 7.2.11: This is a bugfix release.
http://php.net/ChangeLog-7.php
* Mon Sep 17 2018 pgajdos@suse.com
- updated to 7.2.10: This is a security release which also contains
several minor bug fixes.
http://php.net/ChangeLog-7.php
* Mon Sep 17 2018 pgajdos@suse.com
- reenable php7-dba support of Berkeley DB [bsc#1108554]
* Tue Sep 11 2018 pgajdos@suse.com
- remove Supplements: packageand(%{apache_mmn}:%{name}) from
Apache httpd module as I do not see the reason why system
that have php7 and apache2 installed should get the module
automatically as well. This had a drawback of selecting
apache2-prefork while
[#] zypper in apache2-worker
The following 5 NEW packages are going to be installed:
apache2 apache2-mod_php7 apache2-prefork apache2-utils apache2-worker
[#]
because apache2-mod_php7 Requires: apache2-prefork.
* Fri Aug 17 2018 pgajdos@suse.com
- updated to 7.2.9: This is a bugfix release.
http://php.net/ChangeLog-7.php
* Fri Aug 03 2018 pgajdos@suse.com
- updated to 7.2.8: This is a security release which also contains
several minor bug fixes.
http://php.net/ChangeLog-7.php#7.2.8
* Tue Jun 26 2018 pgajdos@suse.com
- updated to 7.2.7: A Bugfix release which includes a segfault fix
for opcache.
http://php.net/ChangeLog-7.php#7.2.7
* Thu Jun 07 2018 pgajdos@suse.com
- actually build against system gd for 42.3, made a bold comment
[bsc#1074025c#5]
* Tue May 29 2018 pgajdos@suse.com
- fix build for SLE12, where %license does not exist
* Tue May 29 2018 pgajdos@suse.com
- updated to 7.2.6: Bugfix release which includes a memory
corruption fix for EXIF.
http://php.net/ChangeLog-7.php#7.2.6
* Fri May 25 2018 idonmez@suse.com
- Remove php7-freetype-pkgconfig.patch as it seems to break
Freetype detection on some systems bsc#1094534
* Tue May 15 2018 pgajdos@suse.com
- main package requires wwwrun:www user [bsc#1093025]
* Thu May 10 2018 pgajdos@suse.com
- better workaround for [bsc#1089487]: build mod_phpN.so
instead of libphpN.so
* Wed May 09 2018 pgajdos@suse.com
- rename freetype-pkgconfig.patch to php7-freetype-pkgconfig.patch
to align with the rest of patch names
* Mon May 07 2018 idonmez@suse.com
- Add freetype-pkgconfig.patch to fix build with new Freetype:
use pkg-config to find Freetype libraries
* Mon Apr 30 2018 pgajdos@suse.com
- updated to 7.2.5: This is a security release which also contains
several minor bug fixes.
http://php.net/ChangeLog-7.php#7.2.5
* Thu Apr 19 2018 pgajdos@suse.com
- build-test.sh: generic spec file name
* Mon Apr 16 2018 pgajdos@suse.com
- apache2-mod_php7 does not provide libphp7.so [bsc#1089487]
* Wed Apr 04 2018 pgajdos@suse.com
- updated to 7.2.4: This is a security release with also contains
several minor bug fixes.
http://php.net/ChangeLog-7.php#7.2.4
- php7-no-build-date.patch refreshed
* Mon Mar 26 2018 pgajdos@suse.com
- build firebird extension only for openSUSE (sle15 requirement)
* Tue Mar 20 2018 guillaume.gardet@opensuse.org
- Fix build for %arm and aarch64
* Fri Mar 16 2018 pgajdos@suse.com
- drop imap extension [bsc#1084461]
* Sat Mar 10 2018 dimstar@opensuse.org
- BuildRequire pkgconfig(enchant) instead of enchant-devel: enchant
is moving to version 2.2, with an enchant-1 as compatibility
package. By using the pkgconfig symbol, we don't have to care for
the actual package name.
* Fri Mar 09 2018 pgajdos@suse.com
- updated to 7.2.3: This is a security release with also contains
several minor bug fixes.
http://php.net/ChangeLog-7.php#7.2.3
- removed upstreamed php7-pgsql-memory-leak.patch
- php7-systzdata-v15.patch refreshed and renamed to
php7-systzdata-v16.patch
* Thu Feb 22 2018 crrodriguez@opensuse.org
- php7-honor-re2c-flags.patch: honor RE2C_FLAGS everywhere.
- remove generated lexers so they are recreated at build time
* Thu Feb 22 2018 crrodriguez@opensuse.org
- php7-date-regenerate-lexers.patch: honor RE2C_FLAGS
* Thu Feb 22 2018 crrodriguez@opensuse.org
- Support password_hash("...", PASSWORD_ARGON2I), buildrequire
libargon2 in supported products.
* Mon Feb 19 2018 crrodriguez@opensuse.org
- Remove buildRequires on:
* libevent-devel: php7-fpm does not use it.
* pam-devel: not used
- Add buildrequire on zlib-devel explicitly.
- libvpx is not needed but libwebp is, only when not building
against system gd. xft likewise.
* Mon Feb 19 2018 pgajdos@suse.com
- fixed memory leak in pgsql extension, php function pg_escape_bytea
https://bugs.php.net/bug.php?id=75838
[bsc#1076970] (internal)
+ php7-pgsql-memory-leak.patch
* Wed Feb 07 2018 pgajdos@suse.com
- updated to 7.2.2: This is a bugfix release, with several bug
fixes included.
http://php.net/ChangeLog-7.php#7.2.2
* Fri Jan 26 2018 pgajdos@suse.com
- do not build against system gd when suse_version < 1500
* Tue Jan 23 2018 pgajdos@suse.com
- fix build for SLE12*
* Tue Jan 09 2018 pgajdos@suse.com
- updated to 7.2.1: Several security bugs were fixed in this release.
http://php.net/ChangeLog-7.php#7.2.1
* Tue Jan 02 2018 pgajdos@suse.com
- build against newer webp [bsc#1074121]
* Fri Dec 15 2017 pgajdos@suse.com
- build with SLE12*
* Mon Dec 11 2017 pgajdos@suse.com
- updated to 7.2.0: features and improvements:
* Convert numeric keys in object/array casts
* Counting of non-countable objects
* Object typehint
* HashContext as Object
* Argon2 in password hash
* Improve TLS constants to sane values
* Mcrypt extension removed
* New sodium extension
- patches:
. php7-systzdata-v14.patch transformed to php7-systzdata-v15.patch
. removed upstreamed php7-aarch64-mult.patch
* Mon Nov 27 2017 pgajdos@suse.com
- updated to 7.1.12: This is a bugfix release, with several bug
fixes included.
* Wed Nov 01 2017 bluemer.mark@gmail.com
- Add php-cli as provides to php7
* Fri Oct 27 2017 pgajdos@suse.com
- updated to 7.1.11: This is a bugfix release, with several bug
fixes included.
* Wed Oct 04 2017 pgajdos@suse.com
- fixed installation of wrong cli [bsc#1061555]
* Sat Sep 30 2017 jengelh@inai.de
- Update not-so-useful repeated package summaries.
Update the descriptions to have a bit more explanation.
Replace old tar syntax.
* Wed Sep 27 2017 pgajdos@suse.com
- build and ship embed SAPI
+ php7-embed.patch
* Wed Sep 27 2017 pgajdos@suse.com
- updated to 7.1.10: Several bugs have been fixed, see
https://secure.php.net/ChangeLog-7.php
for details
* Tue Sep 12 2017 pgajdos@suse.com
- aarch64-mult.patch renamed to php7-aarch64-mult.patch
* Mon Sep 04 2017 pgajdos@suse.com
- php7-devel requires php7-pear [bsc#1057104]
* Fri Sep 01 2017 jweberhofer@weberhofer.at
- Changes related to boo#1056822
- New packaging macros in macros.php: %php_pearxmldir,
%pear_phpdir, %pear_phpdir, %pear_testdir, %pear_datadir,
%pear_cfgdir, %pear_wwwdir, %pear_metadir, %pecl_phpdir,
%pecl_docdir, %pecl_testdir, %pecl_datadir
- Updated packaging documentation in README.macros
* Thu Aug 31 2017 ilya@ilya.pp.ua
- Updated to 7.1.9: Several bugs have been fixed.
* ChangeLog https://secure.php.net/ChangeLog-7.php#7.1.9
* Mon Aug 14 2017 pgajdos@suse.com
- added /usr/bin/php7 [bsc#734176]
* Mon Aug 07 2017 jweberhofer@weberhofer.at
- php7-pear should explicitly require php7-pear-Archive_Tar
otherwise this dependency must be declared in every
php7-pear-* package explicitly. [bnc#1052389]
* Wed Aug 02 2017 ilya@ilya.pp.ua
- Updated to 7.1.8: Several bugs have been fixed.
* ChangeLog https://secure.php.net/ChangeLog-7.php#7.1.8
* Wed Jul 26 2017 ilya@ilya.pp.ua
- Replace %__-type macro indirections.
* Fri Jul 21 2017 pgajdos@suse.com
- date extension: regenerate lexers when needed
+ php7-date-regenerate-lexers.patch
* Mon Jul 17 2017 pgajdos@suse.com
- dropped mcrypt extension [fate#323673]
* Mon Jul 17 2017 pgajdos@suse.com
- updated to 7.1.7: This is a security release with several bug
fixes included.
* Mon Jul 03 2017 tchvatal@suse.com
- Drop sle11 support as we are not building against it anymore
- Remove php7-BNC-457056.patch that was applied on sle11 only
- Remove dependency on imap-devel, it is not used
- Switch spell from aspell to enchant, dropping pspell subpackage
- Remove unknown switch options from php cli build
- Drop support for berkleydb format, by default there are more
supported solutions built in php
- Use %configure macro in the build phases
* Fri Jun 09 2017 pgajdos@suse.com
- updated to 7.1.6: Several bugs have been fixed.
* Fri May 12 2017 13ilya@gmail.com
- Updated to 7.1.5: Several bugs have been fixed.
* ChangeLog https://secure.php.net/ChangeLog-7.php#7.1.5
* Sat Apr 15 2017 13ilya@gmail.com
- Updated to 7.1.4: Several bugs have been fixed.
* ChangeLog https://secure.php.net/ChangeLog-7.php#7.1.4
* Fri Mar 17 2017 13ilya@gmail.com
- Updated to 7.1.3: Several bugs have been fixed.
* ChangeLog https://secure.php.net/ChangeLog-7.php#7.1.3
* Fri Mar 17 2017 kukuk@suse.com
- Don't install the init script if we use systemd
* Mon Feb 20 2017 pgajdos@suse.com
- updated to 7.1.2: Several bugs have been fixed.
- deleted php7-getrandom-test.patch, upstreamed
* Tue Feb 14 2017 pgajdos@suse.com
- updated to 7.1.1: This release is the first point release in
the 7.x series. PHP 7.1 comes with numerous improvements and new
features such as
* Nullable types
* Void return type
* Iterable pseudo-type
* Class constant visiblity modifiers
* Square bracket syntax for list() and the ability to specify keys
in list()
* Catching multiple exceptions types
* Many more features and changes…
- migration: http://php.net/manual/en/migration71.php
- php7-systzdata-v13.patch replaced by php7-systzdata-v14.patch
* Thu Feb 02 2017 pgajdos@suse.com
- suggest php7-* instead of php-* [bsc#1022158c#4]
- do not suggest php-suhosin at all as we do not build it
(not ported to php7 yet)
* Tue Jan 24 2017 pgajdos@suse.com
- updated to 7.0.15: Several security bugs were fixed in this
release.
* Mon Dec 12 2016 fbui@suse.com
- Replace pkgconfig(libsystemd-*) with pkgconfig(libsystemd)
Nowadays pkgconfig(libsystemd) replaces all libsystemd-* libs, which
are obsolete.
* Mon Dec 12 2016 pgajdos@suse.com
- updated to 7.0.14: Several security bugs were fixed in this
release.
* Fri Nov 11 2016 pgajdos@suse.com
- updated to 7.0.13: This is a security release. Several security
bugs were fixed in this release.
* Mon Oct 24 2016 pgajdos@suse.com
- adjust firebird dependency
* Mon Oct 17 2016 pgajdos@suse.com
- updated to 7.0.12: This is a security release. Several security
bugs were fixed in this release.
* Thu Sep 15 2016 pgajdos@suse.com
- updated to 7.0.11: Several security bugs were fixed in this
release.
* Wed Aug 31 2016 crrodriguez@opensuse.org
- php7-getrandom-test.patch: Fix incorrect test for the getrandom
syscall.
* Mon Aug 22 2016 pgajdos@suse.com
- updated to 7.0.10: Several security bugs were fixed in this
release.
* Mon Aug 01 2016 pgajdos@suse.com
- updated to 7.0.9: Several security bugs were fixed in this
release, including the HTTP_PROXY issue.
* Thu Jun 23 2016 pgajdos@suse.com
- updated to 7.0.8: This is a security release. Several security
bugs were fixed in this release.
- removed: php7-mbstring-missing-return.patch (upstreamed)
* Mon Jun 20 2016 pgajdos@suse.com
- systemd unit: remove syslog.target from After [bsc#983938]
* Mon May 30 2016 pgajdos@suse.com
- updated to 7.0.7: This is a security release. Several security
bugs were fixed in this release.
* Thu Apr 28 2016 pgajdos@suse.com
- updated to 7.0.6: This is a security release. Several security
bugs were fixed in this release.
* removed upstreamed php7-no-reentrant-crypt.patch
* Mon Apr 25 2016 schwab@linux-m68k.org
- aarch64-mult.patch: fix asm constraints in aarch64 multiply macro
* Thu Apr 07 2016 pgajdos@suse.com
- build for sle12
* Wed Apr 06 2016 pgajdos@suse.com
- correct public key
* Fri Apr 01 2016 pgajdos@suse.com
- updated to 7.0.5
* Tue Mar 29 2016 pgajdos@suse.com
- firebird builds now
* Thu Mar 03 2016 jimmy@boombatower.com
- update to 7.0.4
* Wed Feb 10 2016 pgajdos@suse.com
- updated to 7.0.3
* Thu Feb 04 2016 pgajdos@suse.com
- require postgresql-devel < 9.4 for sle12 to fix build
* Fri Jan 29 2016 pgajdos@suse.com
- more versioned provides
* Fri Jan 08 2016 pgajdos@suse.com
- update to 7.0.2: 31 reported bugs has been fixed, including
6 security related issues.
* Mon Dec 21 2015 jimmy@boombatower.com
- update to 7.0.1
* Mon Dec 14 2015 pgajdos@suse.com
- php5-pear-Archive_Tar provides 1.4.0
- install .depdb and .depdblock files along metadata
* php5-depdb-path.patch
- versioned provides in subpackages
* Mon Dec 14 2015 jimmy@boombatower.com
- Provide obsoletes for sub-packages to improve upgrade process.
* Wed Dec 09 2015 jimmy@boombatower.com
- Obsolete php5 since php7 conflicts and should replace.
* Mon Dec 07 2015 pgajdos@suse.com
- marcello at ceschia.de: fix path php-fpm.conf
* Mon Nov 23 2015 pgajdos@suse.com
- set pear's metadata dir to %{peardir}
* Mon Nov 16 2015 aj@ajaissle.de
- Spec cleanup
* Split Archive_Tar from -pear sub packge to allow updating this
part via rpm
* Added "Provides: php-firebird" to -firebird sub package
* Added "Provides: mod_php_any" to server api module packages
- fastcgi and -fpm
* Mon Nov 16 2015 pgajdos@suse.com
- test mod_php with %apache_test_module_curl
- restart apache during mod_php upgrade
* Tue Sep 08 2015 pgajdos@suse.com
- add php5-fix_net-snmp_disable_MD5.patch [bnc#944302]
* Fri Sep 04 2015 pgajdos@suse.com
- fixed segfault in odbc extension when result set is containing
NULL (php bugs #52554, #53007) [bnc#935074] (internal)
+ php7-odbc-cmp-int-cast.patch
* Tue Jul 14 2015 pgajdos@suse.com
- updated to 7.0.0
* see NEWS for changes
* see UPGRADING for 5.6.x -> 7.0.x transition
- removed unneded or not upstreamed patches for long time:
* php5-cloexec.patch
* php5-missing-extdeps.patch
* php5-format-string-issues.patch
* php5-per-mod-log.patch
* php5-apache24-updates.patch
* php5-crypto-checks.patch
* php5-systzdata-r12.patch (new: php7-systzdata-v13.patch)
* Mon Jul 13 2015 pgajdos@suse.com
- updated to 5.6.11: Five security-related issues in PHP were fixed
in this release, including CVE-2015-3152.
* Thu Jun 25 2015 crrodriguez@opensuse.org
- php5-systemd-unit.patch: set Killmode=mixed in order
to ensure fpm and children forked by script can terminate
cleanly.
* Wed Jun 24 2015 pgajdos@suse.com
- mod_php5.so executable
* Thu Jun 18 2015 pgajdos@suse.com
- use apache-rpm-macros
* Thu Jun 18 2015 pgajdos@suse.com
- updated to 5.6.10: Several bugs have been fixed as well as several
security issues into some bundled libraries (CVE-2015-3414,
CVE-2015-3415, CVE-2015-3416, CVE-2015-2325 and CVE-2015-2326).
* Fri Jun 05 2015 mrueckert@suse.de
- enable apparmor support: new BR libapparmor-devel
* Mon May 18 2015 pgajdos@suse.com
- update to 5.6.9: Several bugs have been fixed.
- systzdata patch updated to r12
- php5-systzdata-r10.patch
+ php5-systzdata-r12.patch
* Fri Apr 24 2015 pgajdos@suse.com
- update to 5.6.8: Several bugs have been fixed some of them beeing
security related, like CVE-2015-1351 and CVE-2015-1352.
- refreshed php5-crypto-checks.patch
* Mon Apr 20 2015 pgajdos@suse.com
- configure php-fpm with --localstatedir=/var [bnc#927147]
* Wed Apr 08 2015 pgajdos@suse.com
- systzdata patch updated to r10
- php5-systzdata-v7.patch
+ php5-systzdata-r10.patch
* Thu Apr 02 2015 pgajdos@suse.com
- build against system gd and libzip only for 13.2 and above
* Tue Mar 24 2015 pgajdos@suse.com
- update to 5.6.7: Several bugs have been fixed as well as
CVE-2015-0231, CVE-2015-2305 and CVE-2015-2331.
* Tue Mar 24 2015 pgajdos@suse.com
- build against system gd [bnc#923946]
* Fri Mar 20 2015 pgajdos@suse.com
- build against system libzip [bnc#922894]
* Mon Feb 23 2015 pgajdos@suse.com
- update to 5.6.6: fixes several bugs and addresses CVE-2015-0235
and CVE-2015-0273.
* Mon Feb 09 2015 pgajdos@suse.com
- added README.default_socket_timeout [bnc#907519]
* Tue Feb 03 2015 pgajdos@suse.com
- fix sle_11_sp3 build
* Mon Jan 26 2015 pgajdos@suse.com
- update to 5.6.5: This release fixes several bugs as well as
CVE-2015-0231, CVE-2014-9427 and CVE-2015-0232.
- removed patches:
* php-CVE-2014-9426.patch
* php-CVE-2014-9427.patch
* php-CVE-2015-0231.patch
* Wed Jan 21 2015 pgajdos@suse.com
- added php-CVE-2015-0231.patch [bnc#910659]
* Mon Jan 05 2015 pgajdos@suse.com
- added php-CVE-2014-9426.patch [bnc#911663]
- added php-CVE-2014-9427.patch [bnc#911664]
* Fri Dec 19 2014 pgajdos@suse.com
- update to 5.6.4: This release fixes several bugs and one CVE
related to unserialization.
* Tue Nov 18 2014 pgajdos@suse.com
- update to 5.6.3: This release fixes several bugs and one CVE
in the fileinfo extension.
* Mon Oct 27 2014 pgajdos@suse.com
- update to 5.6.2: Four security-related bugs were fixed in this
release, including fixes for CVE-2014-3668, CVE-2014-3669 and
CVE-2014-3670.
* Tue Oct 14 2014 pgajdos@suse.com
- upgraded to 5.6.1:
* Several bugs were fixed in this release (including CVE-2014-3622).
* Thu Oct 02 2014 crrodriguez@opensuse.org
- php5-crypto-checks.patch: Fix broken libcrypto checks
DSA_get_default_method is in -lcrypto not -lssl
- DO not use xorg-x11-devel, just pkgconfig(xpm) and xft
- Support WEBP in the gd extension by buildrequiring libvpx-devel
* Fri Aug 29 2014 pgajdos@suse.com
- fix CVE-2014-5459 [bnc#893849]
* Fri Aug 29 2014 pgajdos@suse.com
- actually, there's no point to install pear from other source
than from php tarball
* remove source install-pear-nozlib.phar
* Thu Aug 28 2014 pgajdos@suse.com
- updated PEAR to 1.9.5, bugfix release
see http://pear.php.net/package/PEAR/download
for details
* Thu Aug 28 2014 pgajdos@suse.com
- updated to 5.6.0:
* Most improvements in PHP 5.6.x have no impact on existing code.
There are a few incompatibilities and new features that should
be considered:
http://php.net/manual/en/migration56.php
- removed patches:
* php5-big-file-upload.patch (upstreamed)
* php5-suhosin-php55.patch (upstreamed)
- modified patches:
* php5-openssl.patch (refreshed)
* Tue Aug 26 2014 pgajdos@suse.com
- This release fixes several bugs against PHP 5.5.15 and resolves
CVE-2014-3538, CVE-2014-3587, CVE-2014-2497, CVE-2014-5120 and
CVE-2014-3597.
- removed patches:
* php-CVE-2014-2497.patch
* Tue Jul 29 2014 pgajdos@suse.com
- updated to 5.5.15:
This release fixes several bugs against PHP 5.5.14.
The list of changes is recorded in the ChangeLog or
http://php.net/ChangeLog-5.php#5.5.15.
- removed patches:
* php-CVE-2014-4670.patch (upstreamed)
* php-CVE-2014-4698.patch (upstreamed)
* Thu Jul 17 2014 pgajdos@suse.com
- security update:
* php-CVE-2014-4670.patch [bnc#886059]
* php-CVE-2014-4698.patch [bnc#886060]
- php-5.5.10-CVE-2014-2497.patch renamed to php-CVE-2014-2497.patch
* Tue Jul 01 2014 pgajdos@suse.com
- updated to 5.5.14: This release fixes several bugs against
PHP 5.5.13. Also, this release fixes a total of 8 CVEs,
half of them concerning the FileInfo extension.
- removed php-5.5.13-CVE-2014-4049.patch (upstreamed)
* Tue Jun 17 2014 pgajdos@suse.com
- security update
* php-5.5.13-CVE-2014-4049.patch [bnc#882992]
* Tue Jun 17 2014 pgajdos@suse.com
- php5-5.5.10-CVE-2014-2497.patch renamed to
php-5.5.10-CVE-2014-2497.patch to be consistent with other
product php patches names
* Tue Jun 03 2014 pgajdos@suse.com
- do not package latest_test_results.txt; instead, run build-test.sh
twice: before and after source changes
* Mon Jun 02 2014 pgajdos@suse.com
- updated to 5.5.13: This release fixes several bugs in PHP 5.5.12,
and addresses two CVEs in Fileinfo (CVE-2014-0238 and CVE-2014-0237).
* Wed May 07 2014 pgajdos@suse.com
- updated to 5.5.12: Fixed several bugs against PHP 5.5.11,
as well as CVE-2014-0185 regarding PHP-FPM.
- improved build-test.sh
* Wed Apr 30 2014 pgajdos@suse.com
- build-test.sh: use relevant api for build; propagate build
parameters to osc
* Wed Apr 30 2014 schwab@linux-m68k.org
- php5-gcc_builtins.patch: remove unused patch
* Tue Apr 29 2014 pgajdos@suse.com
- add build-test.sh and latest_test_results.txt for testing
regressions in tests before and after update. Run
sh build-test.sh
after changes. php will get built and test results will be
compared with latest_test_results.txt and differences reported.
mv latest_test_results.txt.new latest_test_results.txt
if differences are acceptable.
* Wed Apr 09 2014 pgajdos@suse.com
- updated to 5.5.11:
* Several bugs were fixed in this release, some bundled libraries
updated and a security issue has been fixed : CVE-2013-7345.
* Fri Apr 04 2014 pgajdos@suse.com
- fixed CVE-2014-2497 [bnc#868624]
* Mon Mar 17 2014 pgajdos@suse.com
- updated to 5.5.10:
* Several bugs were fixed in this release, including security
issues related to CVEs. CVE-2014-1943, CVE-2014-2270 and
CVE-2013-7327 have been addressed in this release.
* Tue Feb 11 2014 adaugherity@tamu.edu
- Fix build on non-systemd distros (esp. SLES 11)
* Fri Feb 07 2014 pgajdos@suse.com
- updated to 5.5.9:
* This release fixes several bugs against PHP 5.5.8.
* see NEWS or http://www.php.net/ChangeLog-5.php#5.5.9 for
details
- modified patches:
* php5-no-build-date.patch (refreshed using quilt)
* Mon Jan 13 2014 pgajdos@suse.com
- updated to 5.5.8:
* fixes CVE-2013-6712 and build against freetype2
* see http://www.php.net/ChangeLog-5.php#5.5.8
for more
* removed CVE-2013-6712.patch
* removed freetype2_include_dir.patch
* Fri Dec 20 2013 hrvoje.senjan@gmail.com
- Added php5-freetype2_include_dir.patch: Fixes check of freetype2
headers, as freetype2 2.5.1 changed the header location
* Wed Dec 18 2013 pgajdos@suse.com
- updated to 5.5.7:
* fixes some bugs against PHP 5.5.6 and it also includes a fix
for CVE-2013-6420 in OpenSSL extension
- > removed CVE-2013-6420.patch
* Wed Dec 11 2013 pgajdos@suse.com
- security update [bnc#854880]
* added CVE-2013-6420.patch
* Tue Dec 03 2013 pgajdos@suse.com
- security update [bnc#853045]
* added CVE-2013-6712.patch
* Fri Nov 22 2013 pgajdos@suse.com
- updated to 5.5.6:
* fixes some bugs against PHP 5.5.5, and adds some performance
improvements.
* see http://www.php.net/ChangeLog-5.php#5.5.6 for details
* Fri Nov 22 2013 pgajdos@suse.com
- updated to 5.5.5:
* This release fixes about twenty bugs against PHP 5.5.4, some
of them regarding the build system.
* added sys_temp_dir ini directive
- removed custom-tmp-dir.patch (upstreamed)
* Fri Nov 22 2013 pgajdos@suse.com
- updated to 5.5.4:
* This release fixes several bugs against PHP 5.5.3.
- crypt-tests.patch partially upstreamed
- use zend_extension instead of extension directive in opcache.ini
[bnc#840350]
* Fri Nov 22 2013 pgajdos@suse.com
- updated to 5.5.3: These release fix a bug in the patch for
CVE-2013-4248 in OpenSSL module and compile failure with ZTS enabled
in PHP 5.4.
* Fri Nov 22 2013 pgajdos@suse.com
- updated to 5.5.2:
* About 20 bugs were fixed, including security issue in OpenSSL
module (CVE-2013-4248) and session fixation problem (CVE-2011-4718).
* Fri Nov 22 2013 pgajdos@suse.com
- updated to 5.5.1
* bugfixes incl. security fix in the XML parser
* Fri Nov 22 2013 lang@b1-systems.de
- replace php5-64-bit-post-large-files.patch with php5-big-file-upload.patch
patch that uses def_t instead of signed long as suggested by upstream
* Fri Nov 22 2013 pgajdos@suse.com
- updated to 5.5.0:
* Added generators and coroutines.
* Added the finally keyword.
* Added a simplified password hashing API.
* Added support for constant array/string dereferencing.
* Added scalar class name resolution via ::class.
* Added support for using empty() on the result of function
calls and other expressions.
* Added support for non-scalar Iterator keys in foreach.
* Added support for list() constructs in foreach statements.
* Added the Zend OPcache extension for opcode caching.
* A lot more improvements and fixes.
* PHP logo GUIDs have been removed.
* Case insensitivity is no longer locale specific. All case
insensitive matching for function, class and constant names
is now performed in a locale independent manner according to
ASCII rules.
- buildrequire cyrus-sasl-devel explicitely
- suhosin-php54.patch renamed to suhosin-php55.patch
* Mon Nov 18 2013 pgajdos@suse.com
- update to 5.4.22:
* About 10 bugs were fixed.
* see http://www.php.net/ChangeLog-5.php#5.4.22 for details
* Wed Oct 30 2013 pgajdos@suse.com
- updatedto 5.4.21:
* About 10 bugs were fixed.
* added custom-tmp-dir.patch by Per Jessen
* Sun Oct 13 2013 crrodriguez@opensuse.org
- build with --with-fpm-systemd and install systemd unit
- php5-systemd-unit.patch: tweak systemd unit for openSUSE requirements
- php5-openssl.patch: only openSSL_config() is really needed.
- Recommended for 13.1 and Factory
* Wed Sep 25 2013 pgajdos@suse.com
- updated to 5.4.20:
* About 30 bugs were fixed.
* Thu Sep 05 2013 pgajdos@suse.com
- updated to 5.4.19:
* These releases fix a bug in the patch for CVE-2013-4248 in
OpenSSL module and compile failure with ZTS enabled in PHP 5.4.
* Tue Aug 20 2013 pgajdos@suse.com
- updated to 5.4.18:
* About 30 bugs were fixed, including security issues CVE-2013-4113
and CVE-2013-4248.
* Thu Aug 01 2013 crrodriguez@opensuse.org
- php5-per-mod-log.patch: It turns out that requesting per-module
logging support in 2.4 will not do a thing if the expansion
of APLOG_USE_MODULE is not visible to all files of the module
so place it in the header instead.
* Wed Jul 31 2013 crrodriguez@opensuse.org
- php5-per-mod-log.patch Support apache 2.4 per module logging
- php5-apache24-updates.patch Use proper API in apache 2.4
to determine when the module has to be loaded.
I made this patches at least a year ago, but for some reason
they went out of my radar and were not applied to upstream
Will be submitted again soon.
* Mon Jul 15 2013 pgajdos@suse.com
- updated to 5.4.17:
Core:
Fixed bug #64988 (Class loading order affects E_STRICT warning).
Fixed bug #64966 (segfault in zend_do_fcall_common_helper_SPEC).
Fixed bug #64960 (Segfault in gc_zval_possible_root).
Fixed bug #64936 (doc comments picked up from previous scanner run).
Fixed bug #64934 (Apache2 TS crash with get_browser()).
Fixed bug #64166 (quoted-printable-encode stream filter incorrectly
discarding whitespace).
DateTime:
Fixed bug #53437 (Crash when using unserialized DatePeriod instance).
FPM:
Fixed bug #64915 (error_log ignored when daemonize=0).
Implemented FR #64764 (add support for FPM init.d script).
PDO:
Fixed bug #63176 (Segmentation fault when instantiate 2 persistent
PDO to the same db server).
PDO_DBlib:
Fixed bug #63638 (Cannot connect to SQL Server 2008 with PDO dblib).
Fixed bug #64338 (pdo_dblib can't connect to Azure SQL).
Fixed bug #64808 (FreeTDS PDO getColumnMeta on a prepared but not
executed statement crashes).
PDO_firebird:
Fixed bug #64037 (Firebird return wrong value for numeric field).
Fixed bug #62024 (Cannot insert second row with null using
parametrized query).
PDO_mysql:
Fixed bug #48724 (getColumnMeta() doesn't return native_type for BIT,
TINYINT and YEAR).
PDO_pgsql:
Fixed bug #64949 (Buffer overflow in _pdo_pgsql_error).
pgsql:
Fixed bug #64609 (pg_convert enum type support).
Readline:
Implement FR #55694 (Expose additional readline variable to prevent
default filename completion).
SPL:
Fixed bug #64997 (Segfault while using RecursiveIteratorIterator
on 64-bits systems).
* Tue Jun 18 2013 jengelh@inai.de
- Explicitly specify cyrus-sasl build dependency
* Thu Jun 13 2013 pgajdos@suse.com
- updated to 5.4.16
- Core:
. Fixed bug #64879 (Heap based buffer overflow in quoted_printable_encode,
CVE 2013-2110). (Stas)
. Fixed bug #64853 (Use of no longer available ini directives causes crash on
TS build). (Anatol)
. Fixed bug #64729 (compilation failure on x32). (Gustavo)
. Fixed bug #64720 (SegFault on zend_deactivate). (Dmitry)
. Fixed bug #64660 (Segfault on memory exhaustion within function definition).
(Stas, reported by Juha Kylmänen)
- Calendar:
. Fixed bug #64895 (Integer overflow in SndToJewish). (Remi)
- Fileinfo:
. Fixed bug #64830 (mimetype detection segfaults on mp3 file). (Anatol)
- FPM:
. Ignore QUERY_STRING when sent in SCRIPT_FILENAME. (Remi)
. Fixed some possible memory or resource leaks and possible null dereference
detected by code coverity scan. (Remi)
. Log a warning when a syscall fails. (Remi)
. Add --with-fpm-systemd option to report health to systemd, and
systemd_interval option to configure this. The service can now use
Type=notify in the systemd unit file. (Remi)
- MySQLi
. Fixed bug #64726 (Segfault when calling fetch_object on a use_result and DB
pointer has closed). (Laruence)
- Phar
. Fixed bug #64214 (PHAR PHPTs intermittently crash when run on DFS, SMB or
with non std tmp dir). (Pierre)
- SNMP:
. Fixed bug #64765 (Some IPv6 addresses get interpreted wrong).
(Boris Lytochkin)
. Fixed bug #64159 (Truncated snmpget). (Boris Lytochkin)
- Streams:
. Fixed bug #64770 (stream_select() fails with pipes returned by proc_open()
on Windows x64). (Anatol)
- Zend Engine:
. Fixed bug #64821 (Custom Exceptions crash when internal properties
overridden). (Anatol)
* Fri May 10 2013 pgajdos@suse.com
- updated to 5.4.15:
Core:
Fixed bug #64578 (debug_backtrace in set_error_handler
corrupts zend heap: segfault).
Fixed bug #64458 (dns_get_record result with string of
length -1).
Fixed bug #64433 (follow_location parameter of context
is ignored for most response codes).
Fixed bug #47675 (fd leak on Solaris).
Fixed bug #64577 (fd leak on Solaris).
Fileinfo:
Upgraded libmagic to 5.14.
Streams:
Fixed Windows x64 version of stream_socket_pair() and
improved error handling.
Zip:
Fixed bug #64342 (ZipArchive::addFile() has to check
for file existence).
* Fri Apr 26 2013 adaugherity@tamu.edu
- Conflict with php53 packages so zypper doesn't suggest installing a
mix of php53-* (from SLES 11) and php5-* (these 5.4 packages).
* Fri Apr 26 2013 adaugherity@tamu.edu
- Fix build on SLES 11 (no firebird) and openSUSE <= 12.1 (no separate
libfbclient2-devel pkg).
* Mon Apr 22 2013 pgajdos@suse.com
- use current install-pear-nozlib.phar from
http://pear.php.net/install-pear-nozlib.phar
- php5-pear package provides/obsoletes php5-pear-Archive_Tar,
see explanation in the spec
* Wed Apr 17 2013 slavb18@gmail.com
- add php5-firebird providing php5-interbase and php5-pdo_firebird
* Mon Apr 15 2013 pgajdos@suse.com
- updated to 5.4.14:
Core:
Fixed bug #64529 (Ran out of opcode space).
Fixed bug #64515 (Memoryleak when using the same variablename
two times in function declaration).
Fixed bug #64432 (more empty delimiter warning in strX methods).
Fixed bug #64417 (ArrayAccess::&offsetGet() in a trait causes
fatal error).
Fixed bug #64370 (microtime(true) less than $_SERVER['REQUEST_TIME_FLOAT']).
Fixed bug #64239 (Debug backtrace changed behavior since 5.4.10
or 5.4.11).
Fixed bug #63976 (Parent class incorrectly using child constant
in class property).
Fixed bug #63914 (zend_do_fcall_common_helper_SPEC does not
handle exceptions properly).
Fixed bug #62343 (Show class_alias In get_declared_classes()).
PCRE:
Merged PCRE 8.32.
SNMP:
Fixed bug #61981 (OO API, walk: $suffix_as_key is not working correctly).
Zip:
Fixed bug #64452 (Zip crash intermittently). (Anatol)
* Mon Apr 15 2013 pgajdos@suse.com
- libc-client.so needs -lssl
* Fri Apr 05 2013 pgajdos@suse.com
- fixed 'http limits uploads to 2GB' [bnc#812800], see
https://bugs.php.net/bug.php?id=44522
* 64bit-post-large-files.patch
* Thu Mar 21 2013 pgajdos@suse.com
- updated to 5.4.13:
Core:
Fixed bug #64235 (Insteadof not work for class method in 5.4.11).
Implemented FR #64175 (Added HTTP codes as of RFC 6585).
Fixed bug #64142 (dval to lval different behavior on ppc64).
Fixed bug #64070 (Inheritance with Traits failed with error).
CLI server:
Fixed bug #64128 (buit-in web server is broken on ppc64).
Mbstring:
mb_split() can now handle empty matches like preg_split() does.
OpenSSL:
Fixed bug #61930 (openssl corrupts ssl key resource when using openssl_get_publickey()).
PDO_mysql:
Fixed bug #60840 (undefined symbol: mysqlnd_debug_std_no_trace_funcs).
Phar:
Fixed timestamp update on Phar contents modification.
SOAP
Added check that soap.wsdl_cache_dir conforms to open_basedir (CVE-2013-1635).
Disabled external entities loading (CVE-2013-1643, CVE-2013-1824).
SPL:
Fixed bug #64264 (SPLFixedArray toArray problem).
Fixed bug #64228 (RecursiveDirectoryIterator always assumes SKIP_DOTS).
Fixed bug #64106 (Segfault on SplFixedArray[][x] = y when extended).
Fixed bug #52861 (unset fails with ArrayObject and deep arrays).
SNMP:
Fixed bug #64124 (IPv6 malformed).
* Thu Mar 21 2013 pgajdos@suse.com
- updated to 5.4.12:
* dropped sqlite.so (no longer shipped with 5.4)
* dropped t1lib support
* dropped %{suse_version} 10.x support
* see /usr/share/doc/packages/php5/UPGRADING or
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/UPGRADING
for details
* source changes:
D php-5.2.9-BNC-457056.patch -- renamed to php5-BNC-457056.patch
D php-5.3.0-bnc513080.patch -- there's no relevant code in exif.c
D php-5.3.1-systzdata-v7.patch -- renamed to php5-systzdata-v7.patch
D php-5.3.2-aconf26x.patch -- dropped, it is not needed yet
D php-5.3.2-ini.patch -- renamed to php5-ini.patch
D php-5.3.2-no-build-date.patch -- renamed to php5-no-build-date.patch
D php-5.3.22.tar.bz2 -- old tarball
D php-5.3.4-format-string-issues.patch -- renamed to php5-format-string-issues.patch
D php-5.3.4-pts.patch -- renamed to php5-pts.patch
D php-5.3.6-gcc_builtins.patch -- renamed to php5-gcc_builtins.patch
D php-5.3.6-ini-date.timezone.patch -- part of php5-ini.patch
D php-5.3.8-CVE-2011-4153.patch -- fixed in 5.4 branch
D php-5.3.8-crypt-tests.patch -- renamed to php5-crypt-tests.patch
D php-5.3.8-no-reentrant-crypt.patch -- renamed to php5-no-reentrant-crypt.patch
A php-5.4.13.tar.bz2 -- new version tarball
D php-cloexec.patch -- renamed to php5-cloexec.patch
M php-suse-addons.tar.bz2 -- content of tar balls are actualy equal
A php5-BNC-457056.patch -- renamed from php-5.2.9-BNC-457056.patch, not rebased
A php5-cloexec.patch -- renamed from php-cloexec.patch, rebased
A php5-sytzdata-v7.patch -- renamed from sytzdata-v7.pach, not rebased
A php-format-string-issues.patch -- renamed from php5-5.3.4-format-string-issues.patch, not rebased
A php5-crypt-tests.patch -- renamed from php-5.3.8-crypt-tests.patch, not rebased
A php5-gcc_builtins.patch -- renamed from php-5.3.6-gcc_builtins.patch, not rebased
A php5-ini.patch -- renamed from php-5.3.2-ini.patch, rebased
A php5-mbstring-missing-return.patch -- new patch, missing return
M php5-missing-extdeps.patch -- rebased
A php5-no-build-date.patch -- renamed from php-5.3.2-no-build-date.patch, rebased
A php5-no-reentrant-crypt.patch -- renamed from php-5.3.8-no-reentrant-crypt.patch, not rebased
M php5-openssl.patch -- rebased
M php5-phpize.patch -- rebased
A php5-pts.patch -- renamed from php-5.3.4-pts.patch, not rebased
A php5-suhosin-php54.patch -- patch on top of suhosin-0.9.33.tgz to work with php 5.4
M php5.changes -- this change log
M php5.spec -- new version, etc
D suhosin-patch-5.3.3-0.9.10.patch.gz -- dropped, seems not be used for some time
* Mon Feb 25 2013 pgajdos@suse.com
- updated to 5.3.22:
. Fixed bug #64099 (Wrong TSRM usage in zend_Register_class alias). (Johannes)
. Fixed bug #63899 (Use after scope error in zend_compile). (Laruence)
. Fixed bug #63943 (Bad warning text from strpos() on empty needle).
(Laruence)
. Fixed bug #55397 (comparsion of incomplete DateTime causes SIGSEGV).
(Laruence, Derick)
. Fixed bug #63999 (php with fpm fails to build on Solaris 10 or 11). (Adam)
. Added check that soap.wsdl_cache_dir conforms to open_basedir
(CVE-2013-1635). (Dmitry)
. Disabled external entities loading (CVE-2013-1643). (Dmitry)
. Fixed bug #64106 (Segfault on SplFixedArray[][x] = y when extended). (Nikita Popov)
* Thu Feb 07 2013 pgajdos@suse.com
- updated to 5.3.21:
* Fixed bug #63762 (Sigsegv when Exception::$trace is changed by user).
* Fixed bug (segfault due to libcurl connection caching).
* Fixed bug #63795 (CURL >= 7.28.0 no longer support value 1 for CURLOPT_SSL_VERIFYHOST).
etc. see NEWS for details
* Thu Oct 18 2012 pgajdos@suse.com
- fix CVE-2011-4153 CVE-2011-4153 [bnc#741859]
* Tue Oct 16 2012 coolo@suse.com
- add explicit buildrequire on libbz2-devel
(having to patch old .changes file to avoid "double entry")
* Thu Oct 11 2012 pgajdos@suse.com
- updated to 5.3.17:
* Fixed bug (segfault while build with zts and GOTO vm-kind)
* Fixed bug #62844 (parse_url() does not recognize //
* etc. see NEWS for details
* Mon Aug 27 2012 pgajdos@suse.com
- use FilesMatch with 'SetHandler' rather than 'AddHandler'
[bnc#775852]
* Mon Aug 27 2012 pgajdos@suse.com
- updated to 5.3.16:
* fixes over 20 bugs, see NEWS for more details
* Wed Jul 25 2012 pgajdos@suse.com
- updated to 5.3.15:
* fixes over 30 bugs and includes a fix for a security related
overflow issue in the stream implementation (CVE-2012-2688)
[bnc#772582] and open_basedir bypass, CVE-2012-3365 [bnc#772580]
* Mon Jun 18 2012 pgajdos@suse.com
- updated to 5.3.14:
* bug-fix release, see NEWS for details
* Fri May 25 2012 pgajdos@suse.com
- updated to 5.3.13: various security fixes,
CVE-2012-1823, CVE-2012-2311, CVE-2012-2335, CVE-2012-2336
* removed php-5.3.10-pcre_fullinfo.patch
* refreshed php-5.3.2-aconf26x.patch
* Thu Mar 08 2012 coolo@suse.com
- fix license to spdx.org format
* Tue Feb 28 2012 pgajdos@suse.com
- fixed build with new pcre (php bug 60986)
* Sat Feb 04 2012 crrodriguez@opensuse.org
- Build with -fpie
* Thu Feb 02 2012 crrodriguez@opensuse.org
- PHP 5.3.10, fixes CVE-2012-0830.
* Sat Jan 28 2012 crrodriguez@opensuse.org
- remove unapplied patches
* Wed Jan 18 2012 pgajdos@suse.com
- buildrequire libjpeg-devel
* Tue Jan 17 2012 pgajdos@suse.com
- remove apache module conflict with apache2-worker [bnc#728671]
- amended README.SUSE instead
* Wed Jan 11 2012 crrodriguez@opensuse.org
- Update to version 5.3.9
* Drop already applied patches
* This update only contain minor bug fixes, it is a stop over
php 5.4.0 that should be out very soon.
* Mon Jan 02 2012 pgajdos@suse.com
- security update:
* CVE-2011-4885 [bnc#738221] -- added max_input_vars directive
to prevent attacks based on hash collisions
* Wed Dec 21 2011 coolo@suse.com
- add autoconf as buildrequire to avoid implicit dependency
* Tue Dec 20 2011 pgajdos@suse.com
- apache module conflicts with apache2-worker [bnc#728671]
* Fri Dec 16 2011 pgajdos@suse.com
- security update:
* CVE-2011-4566 [bnc#733590]
* CVE-2011-1466 [bnc#736169]
* Tue Dec 06 2011 coolo@suse.com
- fix license - there is no 3.1 version of php license
* Tue Nov 29 2011 pgajdos@suse.com
- build php against system's libcrypt, which drops
extended DES support
* crypt-tests.patch
* no-reentrant-crypt.patch
* Mon Nov 07 2011 pgajdos@suse.com
- security update:
CVE-2011-3379 [bnc#728350]
* Sun Sep 18 2011 crrodriguez@opensuse.org
- Fix wrong PAGE_SIZE assumption, must use sysconf() instead
- Fix integer overflow when attempting to use more than 2 Gb
of memory.
* Mon Sep 05 2011 crrodriguez@opensuse.org
- call openssl_config too in order to load user-provided
engine configuration.
* Sat Sep 03 2011 crrodriguez@opensuse.org
- Cleanup patches for upcoming release.
* Sun Aug 28 2011 andrea.turrini@gmail.com
- Fixed typos in php5.spec
* Tue Aug 23 2011 crrodriguez@opensuse.org
- Fix very publicized critical bug in crypt() implementation
* Fri Aug 12 2011 crrodriguez@opensuse.org
- Add mssql support with freetds
- Update PHP snapshot.
* Tue Aug 09 2011 crrodriguez@opensuse.org
- Update snapshot, more static analyzer fixes.
* Sun Aug 07 2011 crrodriguez@opensuse.org
- Update snapshot, fix converity warnings
* Fri Aug 05 2011 crrodriguez@opensuse.org
- Update snapshot, several check if malloc() succeeded.
* Wed Aug 03 2011 crrodriguez@opensuse.org
- Fix build in Factory
- Fix Segfault with allow_call_time_pass_reference = Off
- Using class constants in array definition fails
* Mon Aug 01 2011 crrodriguez@opensuse.org
- Add sqlite3 session storage, this is no more than
a forward port of already existent sqlite2 backend
* Sun Jul 31 2011 crrodriguez@opensuse.org
- Update snap, PHP 5.3.7-RC4
* Wed Jul 27 2011 crrodriguez@opensuse.org
- Update snapshot again.
* Sat Jul 23 2011 crrodriguez@opensuse.org
- Update snapshot.
* Thu Jul 14 2011 crrodriguez@opensuse.org
- is_a() function is throwing an annoying warning
"Unknown class passed as parameter" which is noticeable when
you use PEAR, fix it, if your code uses it you should be
using the instanceof operator anyway.
- Update bundled pear.
* Mon Jul 11 2011 crrodriguez@opensuse.org
- Crash in gc_remove_zval_from_buffer CVE-NO-NAME
- Crash in zend_mm_check_ptr // Heap corruption
* Wed Jul 06 2011 crrodriguez@opensuse.org
- Fixed missing Expires and Cache-Control headers for ping and status pages
- fix crypt() issue with overlong salt
- Fixed bug #52935 (call exit in user_error_handler cause stream relate core).
* Mon Jun 27 2011 crrodriguez@opensuse.org
- Fix crash in error_log (strlen with NULL)
- Fixed exit at FPM startup on fpm_resources_prepare
- Added master rlimit_files and rlimit_core
- Removed pid in debug logs written by chrildren processes
- Replaced shm_slots with a real scoreboard
* Wed Jun 22 2011 crrodriguez@opensuse.org
- Enable mysqlnd compression protocol.
* Thu Jun 16 2011 crrodriguez@opensuse.org
- Update snapshot to 5.3.7 RC1
* Tue Jun 14 2011 crrodriguez@opensuse.org
- Allow bison 2.5
-File path injection vulnerability in RFC1867 File upload CVE-2011-2202.
* Fri Jun 10 2011 crrodriguez@opensuse.org
- Update 5.3 snap
- Fix compiler failure that happended after compile error.
- Stream not closed and error not returned when SSL CN_match fails.
* Mon Jun 06 2011 crrodriguez@opensuse.org
- Update 5.3 snap
- Update bundled PEAR
- Case discrepancy in timezone names cause Uncaught exception and fatal error.
- SEEK_CUR with 0 value, returns a warning
- Restore fix: do not accept paths with NULL in them
* Fri Jun 03 2011 crrodriguez@opensuse.org
- Update to version 5.3.6.201106031621
- Crash when calling call_user_func with unknown function name
- Fixed double registering of browscap ini directive
* Sun May 29 2011 crrodriguez@opensuse.org
- Drop Update alternatives usage, there are no alternatives
PHP4 is gone and PHP6 is not coming at any time soon.
- Remove "mm" support from session module, virtually nothing
uses it and it doesnt support proper locking, mount
/var/lib/php5 in tmpfs instead.
* Sun May 29 2011 crrodriguez@opensuse.org
- Update to 5.3.6.201105291701
* Fixes random crash with apache2 SAPI and php_admin_value
in virtualhost configuration.
* Fri May 20 2011 crrodriguez@opensuse.org
- Update 5.3 branch
- Fix a few memory leaks
- Check if tempfile can be created in phar extension
- Fix problems with __halt_compiler and imported namespaces
- Properly handle out of memory conditions in mysqlnd
* Sat May 14 2011 crrodriguez@opensuse.org
- Update 5.3 branch.
- Fix user after free in xmlreader extension.
* Mon May 09 2011 crrodriguez@opensuse.org
- Update to current 5.3 svn version.
- For practical reasons now the hash extension is built-in,hence
deprecates package php5-hash, it is nowdays required by the session
and phar extensions but must be statically built to work.
- Drop php5-session patch, needed only to workaround compile
failure when hash extension is built as loadable extension.
- php.ini now clearly says that by "3" in session.hash_function
we mean SHA256.
* Fri Apr 29 2011 crrodriguez@opensuse.org
- Update to a recent 5.3.x SVN version, mostly bug fixes
* track_errors causes segfault
* classes from dl()'ed extensions are not destroyed
* Crash when assigning value to a dimension in a non-array
* use-after-free in substr_replace()
* Wed Apr 13 2011 crrodriguez@opensuse.org
- fix crash on destruction.
- allow openssl extension to be built w/o SSLv2
* Tue Apr 05 2011 lang@b1-systems.de
- Add a default to date.timezone because php5 warns that this is a required setting and clutters up the output in zypper installations of pear packages and other places
- Versions after 5.3.6 may make this fatal
* Sat Apr 02 2011 crrodriguez@opensuse.org
- Intl extension failed to load [bnc#659868]
- Fix update-alternatives usage,will be dropped in the future.
* Mon Mar 28 2011 sbutler1@illinois.edu
- Add tcpd-devel for building the SNMP extension on SLE_10 and apache_server_SLE_10.
* Thu Mar 17 2011 crrodriguez@opensuse.org
- Update to php 5.3.6 final
* Enforce security in the fastcgi protocol parsing with fpm SAPI.
* Fixed bug #54247 (format-string vulnerability on Phar). (CVE-2011-1153)
* Fixed bug #54193 (Integer overflow in shmop_read()). (CVE-2011-1092)
* Fixed bug #54055 (buffer overrun with high values for precision ini setting).
* Fixed bug #54002 (crash on crafted tag in exif). (CVE-2011-0708)
* Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive). (CVE-2011-0421)
* Wed Mar 16 2011 crrodriguez@opensuse.org
- Upgrade to PHP 5.3.6.RC3
* Drop obsoleted patches
* fix some rpmlint warnings
* Hundreds of changes, see NEWS for details
* Wed Mar 09 2011 crrodriguez@opensuse.org
- Fix more date in binaries causing pointless republish of pkgs.
* Fri Feb 25 2011 chris@computersalat.de
- fix for macros.php
o devel pkg must have Obsoletes/Provides: php-macros
* Tue Feb 22 2011 pgajdos@suse.cz
- security fixes
* CVE-2011-0420 [bnc#672933]
* CVE-2011-0708 [bnc#671710]
* Thu Feb 10 2011 chris@computersalat.de
- extend macros.php
o __php, __phpize, __php_config, php_version
o __pear, php_peardir, php_pearxmldir
o php_pear_gen_filelist
- add README.macros
* Thu Jan 13 2011 pgajdos@suse.cz
- security fix:
* fopen_https_proxy_auth_fix.patch [bnc#656523]
* Mon Jan 10 2011 cristian.rodriguez@opensuse.org
- export PHP_MYSQLND_ENABLED=yes to solve the mysqlnd problem
when extensions are built shared. [bnc#661464]
* Mon Jan 10 2011 cristian.rodriguez@opensuse.org
- Go back to libmysql as there is currently no way
to build shared mysql extensions with mysqlnd. [bnc#661464]
* Sun Jan 09 2011 cristian.rodriguez@opensuse.org
- Use mysqlnd driver, this is a newer PHP-native mysql
extension, that does not require external libraries.
Now you can use mysql, mariadb or drizzle without extra libs.
fixes bnc #661464 and other old feature requests.
* Thu Jan 06 2011 cristian.rodriguez@opensuse.org
- Update to version 5.3.5, Critical Update
* Fixed bug #53632 (PHP hangs on numeric value 2.2250738585072011e-308). (CVE-2010-4645)
Only 32 bit binaries affected, confirmed in factory i586.
* Fri Dec 17 2010 cristian.rodriguez@opensuse.org
- revert unsuitable patch php-5.3.4-dlopen.patch
* Tue Dec 14 2010 cristian.rodriguez@opensuse.org
- Add php-5.3.4-dlopen.patch from fedora,makes dlopen to use
bind_now instead of lazy.
- Compiler is now in C99 mode for both core and extensions.
* Tue Dec 14 2010 cristian.rodriguez@opensuse.org
- fix format string bug in Phar extension I just found
http://bugs.php.net/bug.php?id=53541 and the underlying
issue, which is the lack of format attributes in several
core prototypes.
* Mon Dec 13 2010 cristian.rodriguez@opensuse.org
- Update to PHP 5.3.4 final
* Fixed crash in zip extract method (possible CWE-170).
* Paths with NULL in them (foo\0bar.txt) are now considered as invalid (CVE-2006-7243).
* Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150).
* Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709).
* Fixed possible flaw in open_basedir (CVE-2010-3436).
* Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950).
* Fixed symbolic resolution support when the target is a DFS share.
* Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) (CVE-2010-3710).
* Key Bug Fixes in PHP 5.3.4 include:
* Added stat support for zip stream.
* Added follow_location (enabled by default) option for the http stream support.
* Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al.
* Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend multibyte at runtime.
* Multiple improvements to the FPM SAPI.
* Over 100 other bug fixes.
- SUSE specific;
* enable PTY support in proc_open (temporary)
* Wed Nov 24 2010 ro@suse.de
- xft-config is gone
* Tue Nov 02 2010 cristian.rodriguez@opensuse.org
- Update to 5.3.3_svn201011020214
* Fix Performance issue, array_diff may take hours instead
of seconds in some scenarios,regression appeared in version
5.2.5
* Wed Oct 27 2010 cristian.rodriguez@opensuse.org
- Update to 5.3.3_svn20101027xx
- Fix init script again.
* Thu Oct 14 2010 crrodriguez@opensuse.org
- update to 5.3.3_svn201010140300
- Fix php-fpm init script.
* Sat Oct 09 2010 cristian.rodriguez@opensuse.org
- Update to an slightly newer PHP 5.3.3.x snap, fixes
around 100 bugs including open_basedir problems.
- add the fpm sapi to the package.
* Tue Aug 03 2010 cristian.rodriguez@opensuse.org
- Clarify changelog this update fixed:
* VUL-0: php5 new unserialize() flaw CVE-2010-2225 [bnc#616232]
* VUL-0: php5: MOPS-2010-021: fnmatch() Stack Exhaustion Vulnerability [bnc#605097]
* VUL-0: php5: MOPS-2010-017: preg_quote() Interruption Information Leak [bnc#605100]
* VUL-0: php5: MOPS-2010-022 use after free [bnc#609763]
* VUL-0: php5-phar: MOPS-2010-0{24,25,26,27,28} format string bugs [bnc#609766]
* VUL-0: php5: MOPS-2010-0{32,33,34} use space interruption in iconv functions [bnc#609768]
* VUL-0: php5: MOPS-2010-0{36,37,38,39,40} userspace interruptions [bnc#609769]
* VUL-0: php5: MOPS-2010-0{36..46} userspace interruptions [bnc#609769]
* VUL-0: php5: MOPS-2010-047/048 information leak [bnc#612555]
* VUL-0: php5: MOPS-2010-049/50/51/52/53/54/55 memory corruption and/or info leak [bnc#612556]
* VUL-0: PHP5: Session Data Injection Vulnerability [bnc#619483]
* VUL-0: PHP5: multiple heap based buffer overflows [bnc#619486]
* bugzilla numbers 619487,619489,619469,609766..
* Tue Jul 20 2010 cristian.rodriguez@opensuse.org
- Update to PHP 5.3.3 RC3
- Massive lot of security fixes see list
here http://www.php-security.org/category/vulnerabilities/index.html
* Tue Jun 01 2010 cristian.rodriguez@opensuse.org
- possible fix for [bnc#610633]
* Fri Apr 16 2010 crrodriguez@opensuse.org
- use FD_CLOEXEC flag to avoid annoying races.
* Sun Apr 04 2010 crrodriguez@opensuse.org
- remove obsolete buildRequires
* Fri Apr 02 2010 crrodriguez@opensuse.org
- remove build date from binaries so they dont get
republished every time
- fix invalid path
* Thu Apr 01 2010 crrodriguez@opensuse.org
- add missing patch, refresh patches with -p0
* Thu Apr 01 2010 crrodriguez@opensuse.org
- Update to PHP 5.3.2, see NEWS for details
* Fri Mar 05 2010 dimstar@opensuse.org
- Add php5-autoconf-2.65.patch to fix build with autoconf 2.65; it's
a backported combination of svn commits 291283, 291284 and
291332.
- Workaround old php bug http://bugs.php.net/bug.php?id=21153 by
replacing -ledit with -ledit -lncurses in the resulting configure
scripts. This became apparent problem due to libedit being built
with as-needed now.
- Add php5-bug51224.patch to fix buffer overflows happening in
strcpy. It;s a combination of upstream svn revs 284097 and 284099
* Sun Jan 17 2010 vuntz@opensuse.org
- Remove unneeded gtk-devel BuildRequires.
* Mon Jan 11 2010 aj@suse.de
- Remove obsolete build requires of orbit-devel.
* Tue Dec 22 2009 jengelh@medozas.de
- avoid alignment crash on alignment-sensitive CPUs
(bugs.php.net#46074)
* Wed Dec 02 2009 coolo@novell.com
- update patch to fix build
* Tue Oct 06 2009 crrodriguez@opensuse.org
- Fixed wrong harcoded mysql socket [bnc#544516]
- Fixed wrong default include_path
* Tue Sep 08 2009 crrodriguez@suse.de
- make php5-pear noarch in Factory
* Wed Aug 26 2009 crrodriguez@suse.de
- remove obsolete patches
- apply ini patch
- enable mhash compatibility in the hash extension and obsolete php5-mhash
- add macros.php to the source list
* Mon Aug 24 2009 crrodriguez@suse.de
- PHP read_exif_data() only returns the first letter of UTF-16 strings [bnc#518300]
* Sun Aug 23 2009 crrodriguez@suse.de
- fix missing return values of suhosin extension
* Wed Aug 19 2009 crrodriguez@novell.com
- fix build on CODE10 products
* Wed Aug 19 2009 crrodriguez@novell.com
- fix horrible broken open_basedir functionality
* Sun Aug 16 2009 crrodriguez@suse.de
- update suhosin extension to version 0.9.29
- mysql extensions now use mysqlnd instead of libmysqlclient.
- enable sqlite3 extension, part of the php5-sqlite package
- enable enchant extension
- enable fileinfo extension
- enable intl extension
* Fri Aug 14 2009 crrodriguez@suse.de
- add suhosin patch and newer suhosin extension for compatibility
reasons
* Thu Aug 13 2009 crrodriguez@suse.de
- Upgrade to PHP 5.3, see http://www.php.net/ChangeLog-5.php
for the huge list of changes
- remove dbase and ncurses extension
* Thu Jul 16 2009 coolo@novell.com
- disable as-needed to fix build
* Fri Jun 19 2009 crrodriguez@suse.de
- update to PHP 5.2.10
* Fixed bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files)
* Added "ignore_errors" option to http fopen wrapper. (David Zulke, Sara)
* Fixed memory corruptions while reading properties of zip files. (Ilia)
* Fixed memory leak in ob_get_clean/ob_get_flush. (Christian)
* Fixed segfault on invalid session.save_path. (Hannes)
* Fixed leaks in imap when a mail_criteria is used. (Pierre)
* Changed default value of array_unique()'s optional sorting type parameter back to SORT_STRING to fix backwards compatibility breakage introduced in PHP 5.2.9. (Moriyoshi)
* Fixed bug #47940 (memory leaks in imap_body). (Pierre, Jake Levitt)
* Fixed bug #47903 ("@" operator does not work with string offsets). (Felipe)
* Fixed bug #47644 (Valid integers are truncated with json_decode()). (Scott)
* Fixed bug #47564 (unpacking unsigned long 32bit big endian returns wrong result). (Ilia)
* Fixed bug #47365 (ip2long() may allow some invalid values on certain 64bit systems).
* Over 100 bug fixes.
* Thu May 21 2009 crrodriguez@suse.de
- add temporary backport of openssl prng function
* Sat Mar 14 2009 crrodriguez@suse.de
- Update to version 5.2.9, security and bugfix release
* VUL-0: php5: memory disclosure by imagerotate() [bnc#480850]
* VUL-0: php5: mbstring.func_overload set in .htaccess becomes global [bnc#471419]
* Fixed a segfault when malformed string is passed to json_decode()
* Fixed explode() behavior with empty string to respect negative limit.
* Sun Dec 14 2008 crrodriguez@suse.de
- remove ming extension, moved to server:php:extensions later
* Tue Dec 09 2008 crrodriguez@suse.de
- Update to PHP 5.2.8
* Mon Dec 08 2008 crrodriguez@suse.de
- fix BLOCKER magic_quotes breakage, if your code
relies on this feature, it is broken,time to press the panic button.
* Fri Dec 05 2008 crrodriguez@suse.de
- update to PHP 5.2.7 final, no mayor changes since RC5
* Fri Nov 28 2008 crrodriguez@suse.de
- update to PHP 5.2.7RC5 see news for details
* Fri Nov 21 2008 crrodriguez@suse.de
- update to PHP 5.2.7RC4, see news for details
* Sun Nov 16 2008 crrodriguez@suse.de
- update to PHP 5.2.7RC3, see NEWS for details
* Mon Sep 08 2008 crrodriguez@suse.de
- update suhosin to version 0.9.27
* Fixed problem with suhosin.perdir
Thanks to Hosteurope for tracking this down
* Fixed problems with ext/uploadprogress
Reported by: Christian Stocker
* Added suhosin.srand.ignore and suhosin.mt_srand.ignore (default: on)
* Modified rand()/srand() to use the Mersenne Twister algorithm with separate state
* Added better internal seeding of rand() and mt_rand()
* Sun Jul 13 2008 crrodriguez@suse.de
- merge patches from schwab
* Fri May 02 2008 crrodriguez@suse.de
- update to PHP 5.2.6
* Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin.
* Fixed integer overflow in printf() identified by Maksymilian Aciemowicz.
* Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh.
* Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
* Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser.
* Fixed two possible crashes inside the posix extension.
* Fixed bug #44069 (Huge memory usage with concatenation using . instead of .=)
* Fixed bug #44141 (private parent constructor callable through static function).
* Fixed bug #43589 (a possible infinite loop in bz2_filter.c).
* Fixed bug #43450 (Memory leak on some functions with implicit object __toString() call).
* Fixed bug #43201 (Crash on using uninitialized vals and __get/__set).
* Fixed bug #42978 (mismatch between number of bound params and values causes a crash in pdo_pgsql).
* Fixed bug #42937 (__call() method not invoked when methods are called on parent from child class).
* Fixed bug #42736 (xmlrpc_server_call_method() crashes).
* Fixed bug #42369 (Implicit conversion to string leaks memory).
* Fixed bug #41562 (SimpleXML memory issue).
* Fixed bug #43606 (define missing depencies of the exif extension). (crrodriguez at suse dot de)
* Fixed bug #43498 (file_exists() on a proftpd server got SIZE not allowed in ASCII mode). (Ilia, crrodriguez at suse dot de)
* Over 120 bug fixes.
* Tue Feb 05 2008 crrodriguez@suse.de
- update suhosin extension to version 0.9.23
- Fixed suhosin extension now compiles with snapshots of PHP 5.3
- Fixed crypt() behaves like normal again when there is no salt supplied
- wrong Obsoletes causes upgrade trouble [bnc #355618]
* Fri Feb 01 2008 mmarek@suse.cz
- use %%_with_ming and %%_with_qdbm instead of %%opensuse_bs,
enables building in the bs in other projects than server:php
(bnc#357917)
* Fri Jan 11 2008 crrodriguez@suse.de
- Try patch recently published by Redhat that allows PHP to
use the system timezone database instead of the bundled one.
* Mon Jan 07 2008 crrodriguez@suse.de
- Do not hard require php5-timezonedb, instead provide a capability
php(tzdatabase) = builtin_tz_ver so it gets installed via rpm
Supplements only when needed.
* Thu Dec 27 2007 crrodriguez@suse.de
- PHP is leaking file descriptors badly on relative includes
(php-5.2.5-fdleak.patch)
* Thu Dec 13 2007 crrodriguez@suse.de
- suhosin 0.9.22
- Fixed function_exists() now checks the Suhosin permissions
- Fixed crypt() salt no longer uses Blowfish by default
- Fixed .htaccess/perdir support
- Fixed compilation problem on OS/X
- Added protection against some attacks through _SERVER variables
- Added suhosin.server.strip and suhosin.server.encode
* Tue Dec 11 2007 crrodriguez@suse.de
- use /dev/urandom for generating session-IDs [#337005]
- L3: PHP: Venezuela Time Zone Update starting date changed to December 9 [#345548]
* Mon Nov 12 2007 crrodriguez@suse.de
- update to PHP 5.2.5
* Fixed dl() to only accept filenames. reported by Laurent Gaffie.
* Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887).
* Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences.
* Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie.
* Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable in .htaccess due to the security implications reported by SecurityReason.
* Fixed bug #42869 (automatic session id insertion adds sessions id to non-local forms).
* Fixed bug #41561 (Values set with php_admin_* in httpd.conf can be overwritten with ini_set()).
* Upgraded PCRE to version 7.3 (Nuno)
* Added optional parameter $provide_object to debug_backtrace(). (Sebastian)
* Added alpha support for imagefilter() IMG_FILTER_COLORIZE. (Pierre)
* Added ability to control memory consumption between request using ZEND_MM_COMPACT environment variable. (Dmitry)
* Improved speed of array_intersect_key(), array_intersect_assoc(), array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and array_udiff_assoc(). (Dmitry)
* Fixed move_uploaded_file() to always set file permissions of resulting file according to UMASK. (Andrew Sitnikov)
* Fixed possible crash in ext/soap because of uninitialized value. (Zdash Urf)
* Fixed regression in glob() when enforcing safe_mode/open_basedir checks on paths containing '*'. (Ilia)
* Fixed PDO crash when driver returns empty LOB stream. (Stas)
* Fixed iconv_*() functions to limit argument sizes as workaround to libc bug (CVE-2007-4783, CVE-2007-4840 by Laurent Gaffie). (Christian Hoffmann, Stas)
* Fixed missing brackets leading to build warning and error in the log. Win32 code. (Andrey)
* Fixed leaks with multiple connects on one mysqli object. (Andrey)
* Fixed imagerectangle regression with 1x1 rectangle (libgd #106). (Pierre)
* Fixed bug #43196 (array_intersect_assoc() crashes with non-array input). (Jani)
* Fixed bug #43139 (PDO ignores ATTR_DEFAULT_FETCH_MODE in some cases with fetchAll()). (Ilia)
* Fixed bug #43137 (rmdir() and rename() do not clear statcache). (Jani)
* Fixed bug #43130 (Bound parameters cannot have - in their name). (Ilia)
* Fixed bug #43099 (XMLWriter::endElement() does not check # of params). (Ilia)
* Fixed bug #43020 (Warning message is missing with shuffle() and more than one argument). (Scott)
* Fixed bug #42976 (Crash when constructor for newInstance() or newInstanceArgs() fails) (Ilia)
* Fixed bug #42917 (PDO::FETCH_KEY_PAIR doesn't work with setFetchMode). (Ilia)
* Fixed bug #42890 (Constant "LIST" defined by mysqlclient and c-client). (Andrey)
* Fixed bug #42818 ($foo = clone(array()); leaks memory). (Dmitry)
* Fixed bug #42817 (clone() on a non-object does not result in a fatal error). (Ilia)
* Fixed bug #42785 (json_encode() formats doubles according to locale rather then following standard syntax). (Ilia)
* Fixed bug #42783 (pg_insert() does not accept an empty list for insertion). (Ilia)
* Fixed bug #42773 (WSDL error causes HTTP 500 Response). (Dmitry)
* Fixed bug #42772 (Storing $this in a static var fails while handling a cast to string). (Dmitry)
* Fixed bug #42767 (highlight_string() truncates trailing comment). (Ilia)
* Fixed bug #42739 (mkdir() doesn't like a trailing slash when safe_mode is enabled). (Ilia)
* Fixed bug #42703 (Exception raised in an iterator::current() causes segfault in FilterIterator) (Marcus)
* Fixed bug #42699 (PHP_SELF duplicates path). (Dmitry)
* Fixed bug #42654 (RecursiveIteratorIterator modifies only part of leaves) (Marcus)
* Fixed bug #42643 (CLI segfaults if using ATTR_PERSISTENT). (Ilia)
* Fixed bug #42637 (SoapFault : Only http and https are allowed). (Bill Moran)
* Fixed bug #42627 (bz2 extension fails to build with -fno-common). (dolecek at netbsd dot org)
* Fixed bug #42596 (session.save_path MODE option does not work). (Ilia)
* Fixed bug #42590 (Make the engine recognize \v and \f escape sequences). (Ilia)
* Fixed bug #42587 (behavior change regarding symlinked .php files). (Dmitry)
* Fixed bug #42579 (apache_reset_timeout() does not exist). (Jani)
* Fixed bug #42549 (ext/mysql failed to compile with libmysql 3.23). (Scott)
* Fixed bug #42523 (PHP_SELF duplicates path). (Dmitry)
* Fixed bug #42512 (ip2long('255.255.255.255') should return 4294967295 on 64-bit PHP). (Derick)
* Fixed bug #42506 (php_pgsql_convert() timezone parse bug) (nonunnet at gmail dot com, Ilia)
* Fixed bug #42462 (Segmentation when trying to set an attribute in a DOMElement). (Rob)
* Fixed bug #42453 (CGI SAPI does not shut down cleanly with -i/-m/-v cmdline options). (Dmitry)
* Fixed bug #42452 (PDO classes do not expose Reflection API information). (Hannes)
* Fixed bug #42468 (Write lock on file_get_contents fails when using a compression stream). (Ilia)
* Fixed bug #42488 (SoapServer reports an encoding error and the error itself breaks). (Dmitry)
* Fixed bug #42378 (mysqli_stmt_bind_result memory exhaustion). (Andrey)
* Fixed bug #42359 (xsd:list type not parsed). (Dmitry)
* Fixed bug #42326 (SoapServer crash). (Dmitry)
* Fixed bug #42214 (SoapServer sends clients internal PHP errors). (Dmitry)
* Fixed bug #42189 (xmlrpc_set_type() crashes php on invalid datetime values). (Ilia)
* Fixed bug #42139 (XMLReader option constants are broken using XML()). (Rob)
* Fixed bug #42086 (SoapServer return Procedure '' not present for WSIBasic compliant wsdl). (Dmitry)
* Fixed bug #41822 (Relative includes broken when getcwd() fails). (Ab5602, Jani)
* Fixed bug #39651 (proc_open() append mode doesn't work on windows). (Nuno)
* Thu Aug 30 2007 crrodriguez@suse.de
- update to PHP 5.2.4, no relevant changes since RC3.
* Fri Aug 24 2007 crrodriguez@suse.de
- PHP 5.2.4RC3
- Fixed version_compare() to support "rc" as well as "RC" for release
candidate version numbers.
- Fixed bug #42368 (Incorrect error message displayed by pg_escape_string).
(Ilia)
- Fixed phpbug #42365 and Novell bugzilla #292998 (glob() crashes and/or accepts way too many flags). (Jani)
- Fixed bug #42183 (classmap causes crash in non-wsdl mode). (Dmitry)
- Fixed bug #42009 (is_a() and is_subclass_of() should NOT call autoload,
in the same way as "instanceof" operator). (Dmitry)
- Fixed bug #41904 (proc_open(): empty env array should cause empty
environment to be passed to process). (Jani)
- Fixed bug #37273 (Symlinks and mod_files session handler allow open_basedir
bypass). (Ilia)
- remove wrong hardcoded requirement on libedit
- devel package at least does not need libtool the php build enviroment uses a private copy.
- drop no longer needed patches already in upstream
* Fri Aug 17 2007 anosek@suse.cz
- updated to version 5.2.4RC2
- Fixed oci8 and PDO_OCI extensions to allow configuring with Oracle 11g client
libraries. (Chris Jones)
- Fixed bug #42292 ($PHP_CONFIG not set for phpized builds). (Jani)
- Fixed bug #42261 (header wrong for date field). (roberto at spadim dot com
dot br, Ilia)
- Fixed bug #42259 (SimpleXMLIterator loses ancestry). (Rob)
- Fixed bug #42247 (ldap_parse_result() not defined under win32). (Jani)
- Fixed bug #42243 (copy() does not output an error when the first arg is a
dir). (Ilia)
- Fixed bug #42242 (sybase_connect() crashes). (Ilia)
- Fixed bug #42237 (stream_copy_to_stream returns invalid values for mmaped
streams). (andrew dot minerd at sellingsource dot com, Ilia)
- Fixed bug #42222 (possible buffer overflow in php_openssl_make_REQ). (Pierre)
- Fixed bug #42211 (property_exists() fails to find protected properties from
a parent class). (Dmitry)
- Fixed bug #42208 (substr_replace() crashes when the same array is passed
more than once). (crrodriguez at suse dot de, Ilia)
- Fixed bug #42198 (SCRIPT_NAME and PHP_SELF truncated when inside a userdir
and using PATH_INFO). (Dmitry)
- Fixed bug #42195 (C++ compiler required always). (Jani)
- Fixed bug #42117 (bzip2.compress loses data in internal buffer). (Philip,
Ilia)
- Fixed bug #42082 (NodeList length zero should be empty). (Hannes)
- Fixed bug #36492 (Userfilters can leak buckets). (Sara)
- Fixed bug #31892 (PHP_SELF incorrect without cgi.fix_pathinfo, but turning
on screws up PATH_INFO). (Dmitry)
* Mon Aug 06 2007 anosek@suse.cz
- updated to version 5.2.4RC1
- dropped obsoleted PHP_5_2-CVS-2007-07-30.patch.bz2
* Mon Jul 30 2007 mmarek@suse.cz
- updated to latest state of PHP_5_2 branch; highlights from the
NEWS file:
- Upgraded PCRE to version 7.2 (Nuno)
- Updated timezone database to version 2007.6. (Derick)
- Improved openssl_x509_parse() to return extensions in readable
form. (Dmitry)
- Changed "display_errors" php.ini option to accept "stderr" as
value which makes the error messages to be outputted to STDERR
instead of STDOUT with CGI and CLI SAPIs (FR #22839). (Jani)
- Changed error handler to send HTTP 500 instead of blank page on
PHP errors. (Dmitry, Andrei Nigmatulin)
- Added check for unknown options passed to configure. (Jani)
- Added persistent connection status checker to pdo_pgsql.
(Elvis Pranskevichus, Ilia)
- Added support for ATTR_TIMEOUT inside pdo_pgsql driver. (Ilia)
- Added php_ini_loaded_file() function which returns the path to
the actual php.ini in use. (Jani)
- Added GD version constants GD_MAJOR_VERSION, GD_MINOR_VERSION
GD_RELEASE_VERSION, GD_EXTRA_VERSION and GD_VERSION_STRING.
(Pierre)
- Added missing open_basedir checks to CGI. (anight at
eyelinkmedia dot com, Tony)
- Added missing format validator to unpack() function. (Ilia)
- Added missing error check inside bcpowmod(). (Ilia)
- Added CURLOPT_PRIVATE & CURLINFO_PRIVATE constants. (Andrey A.
Belashkov, Tony)
- Added missing MSG_EOR and MSG_EOF constants to sockets
extension. (Jani)
- Added PCRE_VERSION constant. (Tony)
- Added ReflectionExtension::info() function to print the
phpinfo() block for an extension. (Johannes)
- Implemented FR #41884 (ReflectionClass::getDefaultProperties()
does not handle static attributes). (Tony)
- plus lots of bugfixes
- fixed the pear phar archive to run with 5.2.4
[http://bugs.php.net/bug.php?id=42146]
* Wed Jul 25 2007 mmarek@suse.cz
- added /var/lib/pear to php5-pear.rpm
* Tue Jul 24 2007 judas_iscariote@shorewall.net
- fix nasty deadlock in pear
- update php5-ze2-fixes.patch and actually apply it.
* Tue Jul 17 2007 anosek@suse.cz
- fixed YOU honors Recommends, breaks php update [#291551]
(moved php-suhosin from Recommends to Suggests)
* Mon Jun 25 2007 mmarek@suse.cz
- provide /srv/www/cgi-bin/php5 compat symlink instead of patching
config files
* Sat Jun 23 2007 judas_iscariote@shorewall.net
- fixed a mess with update-alternatives PreReq uncovered by newer build versions.
actually every subpackage that uses update-alternatives should PreReq it.
- fix some ZE2 bugs.
* Tue Jun 12 2007 mmarek@suse.cz
- drop php5.xpm and the Icon: line from the specfile (the icon is
not used at all and it breaks rpm -q --specfile php5.spec)
* Fri Jun 01 2007 judas_iscariote@shorewall.net
- PHP version 5.2.3 see http://www.php.net/releases/5_2_3.php
- important: PHP-cgi now lives in /usr, package attempts to fix both
lighttpd and apache2 fastcgi config files.
* Wed May 30 2007 judas_iscariote@shorewall.net
- use system re2c in factory.
- enable support for qbdm in the dba extension (build service only)
- enable the ming extension (build service only)
* Mon May 21 2007 mmarek@suse.cz
- fixed the dba extension adding -ldb-4.x to global LDFLAGS,
causing unnecessary dependency in /usr/bin/php5
[http://bugs.php.net/bug.php?id=41455]
* Sat May 19 2007 judas_iscariote@shorewall.net
- updated suhosin to version 0.9.20, security fix + bugfixes
see http://www.hardened-php.net/suhosin/changelog.html for more detail.
* Mon May 14 2007 judas_iscariote@shorewall.net
- fix devel package, in the reality PHP does not currenly require expat.
headers provides a expat compatibility layer but it is no longer in use
by our packages as libxml2 is always prefered, (and HAVE_LIBEXPAT is not defined)
* Fri May 11 2007 judas_iscariote@shorewall.net
- update php5-test-fixes fixing another bug in zend_compile.c
- use rpm macros in the spec file
- when removing apache2-mod_php5, unload it from apache first.
- when updating apache2-mod_php5 restart apache with restart on update macro.
* Sun May 06 2007 judas_iscariote@shorewall.net
- HTTP_RAW_POST_DATA superglobal broken (php5-phpbug-41293.patch)
- better fix for MOPB 41.
* Sat May 05 2007 judas_iscariote@shorewall.net
- remove --enable-memory-limit configure flag, it disappeared in 5.2.1,
nowdays memory_limit is always enabled.
* Fri May 04 2007 prusnak@suse.cz
- changed expat to libexpat-devel in Requires of devel subpackage
* Fri May 04 2007 judas_iscariote@shorewall.net
- add php5-test-fixes.patch fixing a test case that wont pass on i586
as well a real fix for Zend/tests/bug41117_1.phpt problem, that was commited
after the release was done. there is another test case that fails in 10.2
ext/pcre/tests/bug40195.phpt but this is not a PHP problem but a bug in PCRE.
- added missing fix for PMOPB-45-2007 PHP ext/filter Email Validation Vulnerability (minor)
* Fri May 04 2007 judas_iscariote@shorewall.net
- php5-devel package now requires pcre-devel for > 10.1 as 5.2.2 installs
php_pcre.h header that needs it.
* Thu May 03 2007 mmarek@suse.cz
- fixed some new compiler warnings
* Thu May 03 2007 judas_iscariote@shorewall.net
- upgrade to PHP 5.2.2, fixed hundreds of bugs including MOPB ones
if you need the complete changes see http://www.php.net/ChangeLog-5.php#5.2.2
* Thu May 03 2007 judas_iscariote@shorewall.net
- Upgrade suhosin extension to version 0.9.19 see
http://www.hardened-php.net/suhosin/changelog.html for details
* Fri Mar 30 2007 mmarek@suse.de
- added bison to BuildRequires, removed update-desktop-files
* Thu Mar 22 2007 mmarek@suse.de
- fixed unpack() on big-endian 64bit (revert-phpbug38770.patch)
- blacklist more env variables when safe_mode is on
(php5-config.patch)
* Sat Mar 17 2007 judas_iscariote@shorewall.net
- fix Requires of -devel package to include only what is really
needed for operation of the pecl tool as well the neccesary
headers to compile php extensions.
- Fix MOPB 24 "PHP array_user_key_compare() Double DTOR
Vulnerability"
- note that fix for MOPB 23 was included in the previous patchset.
* Wed Mar 14 2007 judas_iscariote@shorewall.net
- add security fixes for MOPB 20, 21 and 22.
- RPM_BUILD_ROOT is never defined in %post.
* Sun Mar 11 2007 judas_iscariote@shorewall.net
- fix/workaround for php5-gd problem with typo3 [#236680]
- add fix for MOPB-14-2007 PHP substr_compare() Information Leak
Vulnerability.
- add secfix for import_request_variables() ancient problem, users
of suhosin extension are not affected.
- Run the test suite here
* Tue Mar 06 2007 judas_iscariote@shorewall.net
- Update suhosin extension to version 0.9.18 fixing a session
problem.
* Mon Mar 05 2007 judas_iscariote@shorewall.net
- Update suhosin extension to version 0.9.17. see
http://www.hardened-php.net/suhosin/changelog.html for details.
* Thu Feb 15 2007 judas_iscariote@shorewall.net
- add t1lib support in php5-gd (10.3 and up only)
- an off-by-one in str_replace may cause a crash.
* Thu Feb 08 2007 judas_iscariote@shorewall.net
- PHP 5.2.1. for a full list of changes see
http://www.php.net/ChangeLog-5.php#5.2.1
- add Obsoletes for extensions we dont ship anymore
* Fri Feb 02 2007 judas_iscariote@shorewall.net
- fix getenv() modifing $_POST, breaks suhosin badly when
register_* is On and variables orde is "GPCS" (default).
- change/remove obsoleted patches
* Tue Jan 30 2007 anosek@suse.cz
- synced with BuildService
* file "session_mm_apache2handler0.sem" written at boot
[#229200] (php5-config.patch)
* for certain functionality php5-exif requires php5-mbstring
* php5-ldap requires php5-openssl
* remove LDAP_DEPRECATED from CFLAGS, module already
takes care of this.
* patch potential HTTP_SESSION_VARS et all hijack when
register_globals is On users from suhosin extension are
not affected.(php5-session-rgon-hijack.patch)
* on 10.2 and up php5-devel should require pcre-devel
sqlite-devel sqlite2-devel
* php5-devel is mostly useless without autoconf automake libtool
bison make gcc.
* added patches: phpbug-39350.patch
oldhat-phpinputdata-secfix.patch
ze2-fixes.patch
filter.patch
ext-lib64again.patch
* Fri Jan 26 2007 mmarek@suse.cz
- fixed string comparison in xmlrpc module (strcmp.patch)
- allways apply %%patch9
* Fri Jan 26 2007 mmarek@suse.cz
- updated the curl module from cvs to fix build with curl-7.16
(curl-cvs-fix.patch, dropped gcc.patch)
* Tue Dec 19 2006 anosek@suse.cz
- fixed VUL-0: php session.save_path open_basedir bypass
[#227569] (save_path-secfix.patch)
* Wed Dec 06 2006 anosek@suse.cz
- synced with BuildService
* updated Suhosin patch to 0.9.6.2
* updated Suhosin extension to 0.9.16
* fixed php5-devel should provide PECL tool [#204006]
* use bundled sqlite in suse versions =< 10.1
(pdo_sqlite stopped working properly with older sqlite3 libs)
* do not use zend-multibyte anymore, please refer
to phpbug #36711 and associated links, no applications uses
this feature in the real world since it is disabled
in all other distributions/OS.seems to cause more problems
than solutions.
* change php.ini, back to short_open_tag =off (the default)
the package that depended on this setting no longer does.
Also explicitely set the upload_tmp_dir in php.ini to deal
with open_basedir recent changes (please refer
to phpbug #39123) for the details.
* suhosin.ini uses just the default recommended settings
* Wed Nov 08 2006 anosek@suse.cz
- created symlinks /usr/bin/php and /usr/bin/pear [#216166]
* Tue Nov 07 2006 mmarek@suse.cz
- fixed implicit function decls in suhosin patch (keep the original
patch intact and put fixes into separate patch)
* Mon Nov 06 2006 mmarek@suse.cz
- updated to 5.2.0 final
- merged changes from buildservice (by soporte@onfocus.cl):
- updated suhosin to 0.9.10
- added suhosin patch
- build with system PCRE if suse_release > 10.1 only [#215610]
- suhosin extension does not require PDO
- suhosin added to the reccommended list
- php5-pspell to require at least aspell-en otherwise is useless
[#217272]
* Thu Oct 26 2006 anosek@suse.cz
- php5-sqlite now uses our sqlite and sqlite2 packages to build
and not bundled ones [#201440]
- updated suhosin to 0.9.9
* Fri Oct 20 2006 nadvornik@suse.cz
- update to 5.2.0RC6
* Thu Oct 19 2006 postadal@suse.cz
- reset right path in extension_dir (php5-php-config.patch)
* Mon Oct 09 2006 postadal@suse.cz
- update to version 5.2.0RC5
- added suhosin extension (the hardened php replacement) [#210886]
* Sun Oct 08 2006 postadal@suse.cz
- update to version 5.2.0RC4
* added DSA key generation support to openssl_pkey_new()
* updated PCRE to version 6.7
* increased default memory limit to 16 megabytes to accommodate for a more
accurate memory utilization measurement
* added support for httpOnly flag for session extension and cookie setting
functions
* added version specific registry keys to allow different configurations for
different php version
* added "PHPINIDir" Apache directive to apache and apache_hooks SAPIs
* added an optional boolean parameter to memory_get_usage() and
memory_get_peak_usage() to get memory size allocated by emalloc() or real
size of memory allocated from system
* moved extensions to PECL (filepro and hwapi)
* improved SNMP, OpenSSL extension
* improved the Zend memory manager, FastCGI SAPI, CURL, PCRE, PDO, SPL,
xmlReader
- merged changes from openSUSE build service
* build without --enable-sigchild [#206533, php#28294, php#38342]
* build CLI with libedit support (really-with-libedit.patch)
* tweaked the default config a bit, to make it more secure
* removed ini entries related to extensions we don't ship
* t1lib is not currently needed for build, we need t1lib5 to do
something useful
* removeed --enable-ucd-snmp-hack (needed for ucd-snmp, but we use net-snmp)
* pdo_odbc provided by php-odbc
* php-suse-addons :
o PHP5 is unlikely to parse php3 code, remove the file association
o corrected apache directive is AddHandler not AddType
* dropped extensions:
o mysql, mysqli and pdo_mysql provided by php-mysql (reduce package count)
o php-pdo_sqlite provided by php-sqlite
o php-pdo_pgsql provided by php-pgsql
o filepro dropped by upstream
* new extension:
o filter (kept static and cannot be unloaded, due security reasons)
o json (added as Recommended)
o zip (it uses a bundled library)
- fixed gcc issues (gcc.patch)
- droped obsoleted patches: include_path.patch, bug-37720.patch,
bug-37306.patch, cgi_bugs.patch, bug-37587.patch, gd-fixes.patch,
bug-37416.patch, main_bugs.patch, soap.patch, standard.patch,
mbstring_bugs.patch, ze2_bugs.patch, xsl_bugs.patch, curl.patch
* Wed Aug 16 2006 postadal@suse.cz
- fixed build with X11R7
* Wed Jul 26 2006 postadal@suse.cz
- updated to version 5.1.4
* FastCGI interface was completely reimplemented
* multitude of improvements to the SPL, SimpleXML, GD, CURL and
Reflection extensions
* support for many additional date formats added to the strtotime()
* a performance improvements added to the engine and core extensions
* added imap_savebody() that allows message body to be written to a file
* added lchown() and lchgrp() to change user/group ownership of symlinks
* upgraded bundled PCRE library to version 6.6
- merged changes from openSUSE build service
* removed unneeded sablot-devel,sqlite-devel,pcre-devel,fam-devel
and libmcal from BuildRequires
* added php-ctype,php-dom,php-iconv,php-pdo,php-pdo_sqlite,php-sqlite,
php-tokenizer,php-xmlreader,php-xmlwriter to Recommends
* added php-mbstring php-gd php-pear php-gettext php-mysqli to Suggests
* added support for optional readline(libedit) for CLI
(disabled by default)
* patches for zendengine (ze2_bugs.patch), xsl (xsl_bugs.patch),
curl (curl.patch) and mbstring bugs (mbstring_bugs.patch),
big soap patch (soap.patch)
* removed obsoleted patches
* fixed Safe Mode Bypass [#188243] (standard.patch)
* upstream patches
[php#37306, php#37416, php#37587, php#37720]
[php#37576, php#37496, php#37341, php#37313, php#37256] (cgi_bugs.patch)
[php#37346, php#37360] (gd-fixes.patch)
* fixed build inconsistences, added php-hash module [#173023]
* added pdo_odbc.so to php-odbc module [#190614]
* build without explicit safe_mode and magic_quotes (unneeded)
* removed useless GD --with-ttf configure option, only suitable
for freetype 1
* Fri Jun 09 2006 poeml@suse.de
- fix BuildRequires to build on SUSE Linux 10.1, 10.0, 9.3
- use the -fstack-protector compile switch only on 10.0 and newer
* Thu May 11 2006 postadal@suse.cz
- fixed memory leak in imagecreatefromgif()
[#173451] (phpbug-37346.patch)
- fixed possibility of a wrong element being deleted by zend_hash_del()
[#175976] (zend_hash_del.patch)
- fixed substr_compare() when offset equals string length
[#169038, php#37394] (CVE-2006-1991, phpbug-37394.patch)
- fixed _emalloc() on 64bit archs [#169038] (emalloc.patch)
* Wed May 03 2006 postadal@suse.cz
- fixed completely broken SplTempFileObject [php#37257]
(phpbug-37257.patch)
- fixed problem with with $_POST array [php#37276]
(phpbug-37276.patch)
* Wed Apr 12 2006 postadal@suse.cz
- fixed security problem in copy() and tempname()
[#164845] (CVE-2006-1494-1608.patch)
- fixed phpinfo() XSS [#164804] (CVE-2006-0996.patch)
- fixed memory leak in html_entity_decode [#161718] (CVE-2006-1490.patch)
- fixed multiple imap safemode and open_basedir restriction bypass
[#154317] (CVE-2006-1017.patch)
* Mon Mar 27 2006 postadal@suse.cz
- fixed buffer overrun in ftp_fopen_wrapper (ftp_fopen_wrapper.patch)
* Tue Mar 14 2006 postadal@suse.cz
- added updating APACHE_MODULES in /etc/sysconfig/apache2 [#155333]
- added forgotten regenerated sources for (parse_date.patch and
phpbug-36459.patch)
- fixed upstream bugs:
[php#36420] (phpbug-36420)
- segfault when access result->num_rows after calling result->close()
(mysqli-64bit.patch)
- fixed a 64-bit problem
* Fri Mar 03 2006 postadal@suse.cz
- fixed a possible null injection in mbstring (mbstring-null_injection.patch)
- fixed upstream bugs:
[mysql#16144] (phpbug-16144)
- fix for MySQL 5.1 (mysql_stmt_attr_get)
[php#36656] (phpbug-36656)
- http_build_query generates invalid URIs due to use of square brackets
[php#36396,36510,36510,36638] (parse_date.patch)
- fixed few bugs in date/time parsing
(string.patch)
- added overflow checks to wordwrap() function
[php#36459] (phpbug-36459)
- incorrect adding PHPSESSID to links, which contains \r\n
* Fri Mar 03 2006 postadal@suse.cz
- added php5-openssl to php5-ftp Requires [#154273]
- added safe_mode num of parameter check for mb_send_mail [#154315]
* Fri Feb 10 2006 postadal@suse.cz
- fixed upstream bugs:
[php#36306] (phpbug-36306.patch)
- fixed crc32() for 64bit arch
[php#36351] (phpbug-36351.patch)
- parse_url() did not parse numeric paths properly
(spl_directory.patch)
[php#35998]
- getPathname() method always returns unix style filenames
[php#36134]
- DirectoryIterator constructor failed to detect empty directory names
[php#36258]
- SplFileObject::getPath() may lead to segfault
[php#36287]
[php#36295]
[php#36359]
- splFileObject::fwrite() doesn't write when no data length specified
(session2.patch)
- fixed logic, if the client already sent us the cookie, we don't
need to send it again
(soap.patch) [php#36226, php#36083, php#36283]
(math.patch, simplexml.patch, mbstring.patch, zend_operators.patch, xp_socket.patch)
- initialize variables
* Sat Feb 04 2006 postadal@suse.cz
- removed gd-devel from BuildRequires (better used bundled modified gd lib)
- fixed upstream bugs:
[php#36268] (phpbug-36268.patch)
[php#36148] (phpbug-36148.patch)
[php#36185] (phpbug-36185.patch)
[php#36208] (phpbug-36208.patch)
[php#36158] (phpbug-36158.patch)
* Tue Jan 31 2006 postadal@suse.cz
- reverted default value for short_open_tag to On [#145895]
* Mon Jan 30 2006 postadal@suse.cz
- fixed upstream bugs:
[php#36176] (phpbug-36176.patch)
(pdo.patch)
- properly rewrite queries where a bound parameter appears more then once
* Mon Jan 30 2006 poeml@suse.de
- removed libapr-util1-devel from BuildRequires (apache2-devel does
require it)
* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
* Tue Jan 24 2006 postadal@suse.cz
- added php5-pdo to requires for pdo_mysql, pdo_pgsql, pdo_sqlite and
sqlite and php5-dom to requires for xmlreader and xsl [#144360]
- revert name of extensions (appended suffix .so) [#143552]
- removed _FILE_OFFSET_BITS=64 and _LARGEFILE_SOURCE from CFLAGS
(doesn't work with apache2 configuration, which uses libapr with
native support for large files) [#144362]
- added -fstack-protector
* Mon Jan 23 2006 postadal@suse.cz
- added forgoted extension xmlwrite
- gave back simple dot to include_path [#129682]
- fixed upstream bugs:
[php#36071] (phpbug-36011.patch)
[php#36016] (phpbug-36016.patch)
- realpath cache memleaks
[php#36071] (phpbug-36071.patch)
- Zend engine crash related with 'clone'
(zend-fix.patch)
- fix issues with static method invocation
- ce_child is properly initialized
[php#36046] (phpbug-36046.patch)
- parse_ini_file() miscounts lines in multi-line values
[php#36037] (phpbug-36037.patch)
- heredoc adds extra line number
[php#36006] (phpbug-36006.patch)
- problem with $this in __destruct()
(gd.patch)
- improve open_basedir checks in GD
[php#36007] (phpbug-36007.patch)
- added new mysqli constants for BIT and NEW_DECIMAL field types (for mysql 5)
(session.patch)
- check for special characters in the session name
(xmlreader.patch)
- 64bit fixes
* Thu Jan 19 2006 postadal@suse.cz
- disable discard-path for fastcgi binary [#143564]
* Wed Jan 18 2006 postadal@suse.cz
- updated to version 5.1.2
- removed obsoleted patches: CAN-2005-1042_1043.patch, CVE-2005-3353.patch,
openssl.patch, soap.patch, pdo.patch, simplexml.patch, curl.patch,
ze.patch
- added pdo, pdo_mysql, pdo_pgsql, pdo_sqlite extensions
* Tue Jan 17 2006 mrueckert@suse.de
- remove apache2-mod_fastcgi from nfb it seems to be unused
* Sat Jan 14 2006 kukuk@suse.de
- Add gmp-devel to nfb
* Tue Jan 10 2006 ro@suse.de
- avoid rpath /usr/ssl/lib in curl ext
* Wed Jan 04 2006 postadal@suse.cz
- updated to version 5.1.1 [#135635, #139297]
- removed obsoleted patches: php5-with_lib.patch, soap.patch, posix.patch,
gcc4.patch, save_path-segfault.patch, basedir-fix.patch,
RPC-CAN-2005-1921.patch, RPC-CAN-2005-2498.patch, pcre-overflow-bug-106209.patch,
CVE-2005-3388.patch, CVE-2005-3389.patch, CVE-2005-3390.patch,
mod_rewrite-fix.patch, mbstring.patch, CVE-2005-3391.patch, CVE-2005-3392.patch,
errordocument-fix.patch
- removed sqlite2 from build dependencies and added libtidy libtidy-devel
- removed dbx, fam, yp, dio extensions (upstream deprecated)
- added dba, tidy and xmlreader extensions
- renamed libphp5.so -> mod_php5.so (need it for yast module)
- added upstream patches:
openssl.patch [php#35381]
soap.patch [php#35399]
pdo.patch [php#35431, php#35430]
simplexml.patch [php#35028]
curl.patch [php#35908]
ze.patch [php#35393]
- updated pear sources install-pear-nozlib.phar
- package CLI instad CGI binaries [#137443]
- reverted last changes (problem caused curl-devel package)
* Thu Dec 15 2005 mmarek@suse.cz
- provide php-pear in php5-pear
- add /usr/share/php5/PEAR to include path
* Tue Dec 06 2005 postadal@suse.cz
- fixed [php#33987] bug (php script as ErrorDocument causes crash
in Apache 2).
* Mon Dec 05 2005 postadal@suse.cz
- fixed unexpected header can be injected to mb_send_mail()
[#135673] (mbstring.patch)
- added safe_mode checks for image* functions and cURL
[#135673] (CVE-2005-3391.patch)
- fixed possible INI setting leak via virtual() in Apache 2 sapi
[#135673] (CVE-2005-3392.patch)
* Tue Nov 29 2005 mmarek@suse.cz
- build with flex-old until upstream fixes build with flex-2.5.31
* Mon Nov 28 2005 postadal@suse.cz
- fixed CVE-2005-3388.patch [#131578]
* Fri Nov 25 2005 postadal@suse.cz
- fixed segfaulting with mod_rewrite [#135480] (mod_rewrite-fix.patch)
* Tue Nov 22 2005 uli@suse.de
- define ARM FP(A) endianness correctly
* Tue Nov 15 2005 mmarek@suse.cz
- fixed infinite recursion in exif code
[#132684] (CVE-2005-3353.patch)
- fixed XSS in phpinfo()
[#131578] (CVE-2005-3388.patch)
- fixed register_globals actvation in parse_str()
[#131579] (CVE-2005-3389.patch)
- fixed possible $GLOBALS overwrite
[#131580] (CVE-2005-3390.patch)
- fixed handling basedirs that end with a /
[#118976] (basedir-fix.patch)
- fixed segfaulting when save_path is set and safe_mode is On
[#130227] (save_path-segfault.patch)
* Tue Oct 25 2005 rhafer@suse.de
- added LDAP_DEPRECATED to CFLAGS to build correctly with
OpenLDAP 2.3
* Fri Oct 14 2005 postadal@suse.cz
- fixed recode extension [#120087] (recode-fix.patch)
- enabled _GNU_SOURCE for compiling
* Wed Oct 12 2005 postadal@suse.cz
- fixed implicit declaration (gcc4.patch)
* Mon Oct 10 2005 postadal@suse.cz
- fixed uninitialized variables (gcc4.patch)
* Thu Sep 01 2005 postadal@suse.cz
- added security patch pcre-overflow-bug-106209.patch for internal
libpcre and statically linked against it [#114157]
- added include_path = "/usr/share/php" to php.ini [#114406]
* Thu Aug 25 2005 postadal@suse.cz
- linked with system pcre libs (pcre-fix.patch) [#112645]
* Thu Aug 18 2005 postadal@suse.cz
- fixed XML RPC command injection
(#94579, CAN-2005-192 and #104403, CAN-2005-2498)
* Tue Aug 09 2005 mls@suse.de
- removed compat from neededforbuild
* Tue Aug 02 2005 tcrhak@suse.cz
- dropped php4-dba and php4-readline due to license problems (bug #91489)
- compile without -DPHP_AP_DEBUG (bug #95502)
- fixed php-config to return a correct includes path (patch php5-php-config)
- fixed a sigsegv in the soap extension (bug #99268, patch php5-soap)
* Mon Apr 25 2005 mcihar@suse.cz
- added pspell subpackages
* Tue Apr 19 2005 mcihar@suse.de
- update tarball to rereleased one which contains missing file
* Sat Apr 09 2005 aj@suse.de
- Compile with GCC4.
* Mon Apr 04 2005 mcihar@suse.cz
- update to 5.0.4
- drop patches merged upstream
- add RunTests.php missing from upstream tarball
* Thu Mar 17 2005 mcihar@suse.cz
- fix path to configuration files
* Mon Mar 14 2005 mcihar@suse.cz
- do not build CLI with all GCI stuff
- fix build when extensions are built as *.so instead of just *
- use different php.ini for each SAPI, this is needed for giving CLI more space to live (bug #72311)
* Wed Mar 09 2005 mcihar@suse.cz
- provide compiled in modules
* Mon Mar 07 2005 mcihar@suse.cz
- fix path to php5 binary in pear5 script (bug #71044)
* Thu Mar 03 2005 mcihar@suse.de
- realy enable xml module
* Tue Mar 01 2005 mcihar@suse.cz
- provide only mod_php_any in apache module (bug #66729)
* Mon Feb 21 2005 mcihar@suse.cz
- fix some compile time warnings
* Thu Feb 10 2005 mcihar@suse.cz
- add zlib dependency to pear (bug #50697)
* Wed Feb 09 2005 mcihar@suse.cz
- use correct path to apache2_MMN
- comment some patches
- update README.SUSE
- drop unused sce_install
- each extension now provides also unversioned symbol, to allow not to depend
on specific php version
- drop MIME type change as both php modules don't work together anyway
* Tue Feb 08 2005 mcihar@suse.cz
- drop actually unused patches
- fix build on ia64 (endians patch, stolen from cvs) (still doesn't build due to missing current MySQL)
- fix build on lib64 machines
* Mon Feb 07 2005 mcihar@suse.cz
- initial packaging of php5
- suse addons are now in tarball instead of patch
- reorganize patches
- simplified build system
* Wed Jan 26 2005 mcihar@suse.cz
- update asp2php
- drop lynx from buildrequires
* Tue Jan 11 2005 mcihar@suse.cz
- fix broken int unserializing on 64-bit (bug #49617)
* Fri Dec 17 2004 poeml@suse.de
- update to 4.3.10
- for apache module, pick up CFLAGS from apxs [#49356]
- drop obsolete php-4.3.9RC3.diff
- update lib64.diff
- fix return type in php_sprintf()
- don't apply php-4.3.8-snmp.diff
- do not clean buildroot in buildsystem to facilitate debugging
- fix PreRequires (sce_install_path) [#46664]
* Thu Nov 18 2004 ro@suse.de
- use kerberos-devel-packages
* Thu Nov 04 2004 ro@suse.de
- added rpm-devel,popt-devel,tcpd,tcpd-devel to neededforbuild (for snmp)
* Tue Oct 05 2004 pmladek@suse.cz
- added /usr/lib/php/sce_install to prerequires of php4-swf; it is in the
package php4-32bit on x86_64 [#46475]
* Thu Sep 23 2004 tcrhak@suse.cz
- security fix for array parsing (bug #45710) and
some other fixes from php-4.3.9RC3 (patch 4.3.9RC3)
- removed the #%endif causing syntax error during /usr/lib/php/sce_install (bug #45589)
- /var/lib/php is now owned by wwwrun (bug #45360)
- reverted dlopen flag back to RTLD_GLOBAL (bugs #39197 and #41866),
php4-recode now conflicts with php4-imap, php4-mysql and apache2-mod_auth_mysql,
mod_php4-core does not require php4-recode any more
- dropped php4-dba and php4-readline due to license poblems (bug #45654)
* Fri Sep 17 2004 tcrhak@suse.cz
- added tomcat5 to the Requires of php4-servlet
* Wed Sep 15 2004 tcrhak@suse.cz
- removed the build dependency on tomcat5
- added tomcat5 directories to filelist
- enabled iconv for the other archs
* Tue Sep 14 2004 skh@suse.de
- use new JPackage packages tomcat5 and servletapi5 to build
* Fri Sep 10 2004 tcrhak@suse.cz
- do not source setJava
* Fri Sep 03 2004 tcrhak@suse.cz
- update to 4.3.8
- added module dbx (bug #43972)
- use system gd library, includes "GIF Create Support" (bug #44001)
- disallow persistant connections by default (bug #34849)
- use /var/lib/php for php sessions by default (bug #36886)
- php modules need to prereq sce_install (bug #43994)
* Thu Aug 19 2004 aj@suse.de
- Remove broken cat commands from post section:
* no requires for them
* no need to execute them
* Mon Aug 16 2004 ro@suse.de
- fix build with updated libcurl: use current instead of
deprecated type for curl_httppost
* Tue Jun 08 2004 ro@suse.de
- removed mod_dav from neededforbuild
- removed mod_php4 package (mod_php4-core is probably obsolete too)
* Tue May 04 2004 tcrhak@suse.cz
- build with postfix instead of sendmail
* Thu Apr 29 2004 ro@suse.de
- remove apache1 related parts
* Fri Apr 23 2004 tcrhak@suse.cz
- added sendmail to neededforbuild, so that mail() is defined (bug #39153)
- dlopen php modules with RTLD_LOCAL (fixes bug #39197)
* Wed Mar 31 2004 tcrhak@suse.cz
- added php module recode (bug #36573)
- fixed requires of mod_php4-apache2 (bug #37041)
* Mon Mar 22 2004 ro@suse.de
- build-fix for jakarta-tomcat from skh
- removed apache-contrib from neededforbuild (dropped)
* Tue Mar 16 2004 tcrhak@suse.cz
- removed --enable-versioning (fixes bug #35716)
- do not build servlet for ia64, ppc and ppc64
* Fri Mar 05 2004 tcrhak@suse.cz
- modularized
- updated to version 4.3.4
- added fastcgi
- added PHP4 module sockets
- added PHP4 module mime_magic (bug #34134)
- php binary is now CLI, not CGI (bug #34152)
* Wed Feb 18 2004 ro@suse.de
- use jakarta-tomcat4
* Mon Feb 16 2004 ro@suse.de
- use unixODBC instead of iodbc
* Tue Feb 10 2004 poeml@suse.de
- fix symbol exports for apache2
- add -fno-strict-aliasing to CFLAGS, due to code where
dereferencing type-punned pointers would break strict aliasing
- fix test load of apache2 module (the LoadModule statement went
into the wrong place)
* Sun Feb 08 2004 schwab@suse.de
- Fix symbol exports.
- Also look for BEAJava2 directory.
- Fix quoting.
* Thu Jan 22 2004 ro@suse.de
- fix build with current automake
* Fri Jan 16 2004 kukuk@suse.de
- Add pam-devel to neededforbuild
* Tue Jan 13 2004 ro@suse.de
- remove subpackage aolserver
- fix build with current freetype
* Mon Nov 10 2003 ro@suse.de
- use net-snmp instead of ucdsnmp
* Thu Oct 30 2003 tcrhak@suse.cz
- ad previous fix: create the directory
* Wed Oct 29 2003 tcrhak@suse.cz
- added %{_libdir}/php/bin to file list of mod_php4-core
* Mon Sep 22 2003 mls@suse.de
- remove 'Obsoletes: mod_php' from mod_php4, otherwise rpmv4
makes mod_php4 conflict with apache2-mod_php4
* Tue Sep 16 2003 tcrhak@suse.cz
- update to version 4.3.3
* Mon Sep 01 2003 tcrhak@suse.cz
- expand rpm macros in /etc/httpd/modules/mod_php4 [bug #29664]
* Thu Aug 21 2003 tcrhak@suse.cz
- update to version 4.3.2
- use BuildRoot
- added activation metadata to sysconfig [bug #28827]
* Mon Aug 18 2003 poeml@suse.de
- add README.{SuSE,UnitedLinux} [#25888]
- don't explicitely strip binary objects, because RPM does it
anyway, and it might keep the stripped debugging info somewhere.
- don't try to install a file in /etc/apache2/modules/ (it's gone)
* Mon Jun 30 2003 ro@suse.de
- always use libtool to compile objects
- added directories to filelist
* Thu Apr 10 2003 tcrhak@suse.cz
- use 'head -n 1' instead of 'head -1'
- added mhash support
* Wed Mar 26 2003 tcrhak@suse.cz
- fixed path in script phpize
- fixed ext/mysql/config.m4
* Thu Mar 13 2003 tcrhak@suse.cz
- fixed order of Type and Define in sysconfig metadata
- readded subpackage servlet (patch servlet)
- reenabled support for swf
- install swf fonts, use proper SWFFONTPATH
(bug #18057, patch swf)
* Tue Mar 04 2003 poeml@suse.de
- the apache2 module requires the apache2-prefork MPM
* Thu Feb 20 2003 tcrhak@suse.cz
- security update to version 4.3.1 - fixes a CGI vulnerability
- added sysconfig metadata [bug #22604]
* Fri Feb 14 2003 tcrhak@suse.cz
- added php3, php4 to DirectoryIndex [bug #22066]
* Thu Feb 13 2003 ro@suse.de
- really disable (empty) subpackage servlet
* Wed Feb 12 2003 poeml@suse.de
- rename subpackage mod_php4_2 to apache2-mod_php4
* Tue Feb 11 2003 poeml@suse.de
- call the new /usr/share/apache2/get_module_list script to
configure apache2, so the test can be passed
* Wed Jan 15 2003 ro@suse.de
- use sasl2
* Fri Jan 10 2003 poeml@suse.de
- don't built -servlet for now, needs work
- swf.h has vanished from ./dist/include/, and I can't find another
one --> disabling swf support
* Thu Jan 09 2003 poeml@suse.de
- update to 4.3.0
- GD library is now bundled with the distribution and it is
recommended to always use the bundled version
- vpopmail and cybermut extensions are moved to PECL
- several deprecated extensions (aspell, ccvs, cybercash, icap)
and SAPIs (fastcgi, fhttpd) are removed
- speed improvements in a variety of string functions
- Apache2 filter is improved, but is still considered
experimental (use with PHP in prefork and not worker (thread)
model since many extensions based on external libraries are not
thread safe)
- various security fixes (imap, mysql, mcrypt, file upload, gd, etc)
- new SAPI for embedding PHP in other applications (experimental)
- much better test suite
- significant improvements in dba, gd, pcntl, sybase, and xslt
extensions
- debug_backtrace() should help with debugging
- error messages now contain URLs linking to pages describing the
error or function in question
- Zend Engine has some fixes and minor performance enhancements
- and TONS of other fixes, updates, new functions, etc
- build apache2 module
- QtDOM support is now in qt3, and therefore we need to link
against libqt-mt
- merge the lib64 patch, hope it's complete
- gd lib is now bundled, and preferred for building
- adjust the Provides of the -core package
* Thu Nov 21 2002 ro@suse.de
- make it build with current automake
* Wed Oct 16 2002 tcrhak@suse.cz
- added support for readline
- added support for iconv and mbstrings [bugs #19861 and #19862]
* Fri Sep 27 2002 tcrhak@suse.cz
- added type .php3 to apache mod_php4.conf
* Tue Sep 17 2002 ro@suse.de
- removed bogus self-provides
* Tue Sep 03 2002 tcrhak@suse.cz
- fixed to build on 64 bit archs
* Fri Aug 23 2002 tcrhak@suse.cz
- fixed to build on non-i386 archs
- added dynamic extensions to the file list of subpackage core
* Tue Aug 20 2002 tcrhak@suse.cz
- added PreReq
* Tue Aug 13 2002 kukuk@suse.de
- Remove unused qt2 from neededforbuild
* Wed Aug 07 2002 uli@suse.de
- fixed to build on lib64 archs (still broken on nearly all archs
due to other problems)
* Mon Aug 05 2002 ro@suse.de
- use "-follow" when searching for jni.h
* Sun Jul 28 2002 kukuk@suse.de
- remove unused gdb from neededforbuild
* Sat Jul 27 2002 adrian@suse.de
- fix neededforbuild
* Fri Jul 26 2002 kukuk@suse.de
- Add imap-lib to neededforbuild
* Tue Jul 23 2002 tcrhak@suse.cz
- update to version 4.2.2
- update of asp2php to version 0.76.12
- detect the module magic number if provided by apache, indicating
API changes, and add an RPM Require on it
- add compiled extensions (currently gd.so, as it is build shared
by a previous change by bk@suse.de) to php.ini and filelist
* Fri Jul 05 2002 kukuk@suse.de
- Use %ix86 macro
* Tue May 28 2002 ro@suse.de
- replaced /opt/jakarta with /opt/jakarta/tomcat
* Mon May 27 2002 ro@suse.de
- first try for lib64
* Mon May 27 2002 bk@suse.de
- use shared libgd on all archs
* Sat Mar 23 2002 ro@suse.de
- removed unixODBC stuff, was never used (iodbc is used)
* Fri Mar 15 2002 tcrhak@suse.cz
- added %{_datadir}/lib/php and extension dir to devel filelist
* Mon Mar 04 2002 okir@suse.de
- security fix
* Fri Feb 22 2002 tcrhak@suse.cz
- Killed %{release} from "Requires" tags.
* Thu Jan 31 2002 ro@suse.de
- changed neededforbuild <libpng> to <libpng-devel-packages>
* Mon Jan 28 2002 ro@suse.de
- added des to neededforbuild
* Mon Jan 28 2002 ro@suse.de
- added heimdal stuff to build
* Wed Jan 23 2002 ro@suse.de
- try to build with db-devel in neededforbuild
* Thu Jan 17 2002 ro@suse.de
- adapted for /etc/sysconfig/apache
* Thu Dec 20 2001 tcrhak@suse.cz
- update to 4.1.0
- no mm support for aol and servlet (mm is not ZTS in 4.1 yet)
- patched acinclude.m4 to find the very dir for mysql libraries
- added `php-config --extension-dir` to core files
* Mon Dec 10 2001 tcrhak@suse.cz
- fixed extension section
* Thu Dec 06 2001 tcrhak@suse.cz
- added section [extension section] to php.ini
- fixed options given to configure
* Tue Dec 04 2001 tcrhak@suse.cz
- fixed configure.in and config.m4's for autoconf 2.52
- added libtoolize, autoconf, autoheader
- used setJava to find JAVA_HOME
- TTF - bug 9523
- gd - bug 12226
- changed the order in which subpackages (for Servers) are built,
- so that the devel package corresponds to core
- (=> experimental-zts disabled)
- moved phpize to the devel package (fixed for autoconf 2.52)
- added files needed by phpize to the devel package
* Mon Dec 03 2001 ro@suse.de
- changed servlet dir for configure with jakarta
* Mon Dec 03 2001 ro@suse.de
- fixed neededforbuild <jakarta> to <jakarta-tomcat>
* Tue Nov 20 2001 rolf@suse.de
- changes to make IA64 work
- exclude subpackages AOL and Servlet from AXP
* Sun Nov 18 2001 ro@suse.de
- fix to find java
* Wed Nov 14 2001 rolf@suse.de
- new subpackage -devel with include files
* Mon Nov 12 2001 ro@suse.de
- hack for libxml2 include location
* Thu Oct 25 2001 ro@suse.de
- use qt2 for qtdom (but aparently that is not built anyway)
* Wed Oct 24 2001 ro@suse.de
- try neededforbuild alias apache-devel-packages
* Mon Sep 10 2001 ro@suse.de
- remove roxen subpackage
roxen is not in the distribution currently
* Wed Aug 22 2001 ro@suse.de
- removed pdflib from neededforbuild (license problems)
* Tue Aug 14 2001 ro@suse.de
- pear: changed header to look for php in "bindir" not "prefix/bin"
to fix requires
* Mon Aug 13 2001 kukuk@suse.de
- Don't conflict with packages we are providing
* Thu Aug 09 2001 kukuk@suse.de
- Fix search for installed java directory
* Tue Jul 24 2001 rolf@suse.de
- new subpackage mod_php4-aolserver for use of PHP4 with AOL server
- disable-debug so Zend optimizer can work
* Thu Jul 05 2001 rolf@suse.de
- update to php 4.0.6
- apply memlimit patch
- new subpackage mod_php4-servlet for use of PHP4 as JAVA servlet
with tomcat
- new options: --with-gmp, --with-dom, mbstring
* Mon Jun 25 2001 rolf@suse.de
- fixed bug with pdflib which also fixes [BUG#8246]
* Tue Jun 19 2001 rolf@suse.de
- new version 4.0.5
- disable pgsql for roxen, as it is broken
- mysql bug fixed in this release [BUG#6839]
- move stuff to /usr/share/php [BUG#8352]
- now Provides: mod_php as well [BUG#8911]
* Sat May 12 2001 schwab@suse.de
- Use new readline interface.
* Tue May 08 2001 mfabian@suse.de
- bzip2 sources
* Tue May 01 2001 kukuk@suse.de
- disable adabas support
* Thu Apr 26 2001 ro@suse.de
- neededforbuild: curl_ssl-devel -> curl-devel
* Sun Apr 08 2001 poeml@suse.de
- fix Requires (rearrange tags to define them before using them)
- fix spec file typo
* Tue Mar 27 2001 rolf@suse.de
- spin off subpackage mod_php4-core which is required by apache and
roxen modules now
- moved config file to /etc/php.ini for all php4 modules
- sybase support conflicts with Adabas D support
- Ingres support is for Ingres II only
- added t1lib support [BUG#6212]
- updated asp2php 0.75.13
- make us of suse_loadmodule for testing
- added /usr/bin/php to core package [BUG#6648]
* Wed Mar 21 2001 ro@suse.de
- changed neededforbuild to freetype2
* Thu Mar 15 2001 ro@suse.de
- build with openldap2
* Thu Mar 15 2001 ro@suse.de
- fixed neededforbuild for openldap
* Mon Mar 05 2001 ro@suse.de
- use -fPIC
* Fri Feb 23 2001 ro@suse.de
- changed neededforbuild <apache> to <apache apache-devel>
* Thu Feb 22 2001 ro@suse.de
- added readline/readline-devel to neededforbuild (split from bash)
* Thu Feb 15 2001 rolf@suse.de
- new features imap-ssl, bz2, qtdom, ctype, debug, force-cgi-redirect,
discard_path, sigchild, gd-imgstrttf
- added apache-mod_php4.rc.config
- added /etc/httpd/modules/mod_php4
* Wed Jan 17 2001 rolf@suse.de
- add libpdf support
* Tue Jan 16 2001 rolf@suse.de
- update to 4.0.4pl1 due to security issue [BUG#5760]
- remove number4.tar.gz, no longer needed
* Fri Jan 12 2001 rolf@suse.de
- need expat to compile [BUG#5104]
- subpackage for roxen module
* Fri Jan 12 2001 cihlar@suse.cz
- fixed to compile with roxe/pike [#4408]
* Tue Dec 19 2000 rolf@suse.de
- link with libssl
* Tue Dec 19 2000 rolf@suse.de
- added the asp2php package [BUG#4456]
- roxen/pike still doesn´t work
- require RPM group tag via apxs
* Wed Nov 29 2000 ro@suse.de
- changed neededforbuild <pg_lib> to <postgresql-lib>
* Mon Nov 27 2000 rolf@suse.de
- added Sablotron support [BUG#3891]
- added curl support [BUG#3890]
- added Flash support on i386 [BUG#3209]
- also pack module files in /usr/lib/php/
- moved the exec dir to /usr/lib/php/bin
- include pear binaries
- added the following modules: sockets, shmop, exif, filepro, dbase
readline, mcrypt, gettext
* Wed Nov 15 2000 ro@suse.de
- fixed neededforbuild gdlib -> gd gd-devel
* Wed Nov 08 2000 ro@suse.de
- prefer ndbm.h to db1/ndbm.h
* Mon Nov 06 2000 ro@suse.de
- added imap-devel to neededforbuild
* Mon Nov 06 2000 ro@suse.de
- fixed neededforbuild
* Mon Oct 16 2000 bk@suse.de
- s390: --with-gd=yes -> --with-gd=shared(broken somehow with =yes)
* Mon Oct 16 2000 rolf@suse.de
- update tp 4.0.3pl1 due to some security breaches
- needed to drop db3 and dbm support, as these are incompatible
- enable FTP support [BUG#3862]
* Wed Sep 13 2000 fober@suse.de
- s390: suse_update_config, needs-not-forbuild adabas
* Fri Jul 07 2000 kukuk@suse.de
- Fix Requires and need for build
* Fri Jun 23 2000 rolf@suse.de
- added support for mcal and calendar functions [BUG#2925]
* Sun Jun 18 2000 ro@suse.de
- fixed to compile with new postgres
* Mon May 22 2000 rolf@suse.de
- update to 4.0.0
- --with-java is now broken
* Fri May 12 2000 rolf@suse.de
- update to 4.0RC2
- a few more options are now functional
* Thu Apr 13 2000 ro@suse.de
- added mm to neededforbuild
* Thu Mar 30 2000 rolf@suse.de
- new version 4.0RC1
- many options now work properly
* Wed Mar 01 2000 rolf@suse.de
- zlib works again
* Tue Feb 22 2000 rolf@suse.de
- new version 4b4pl1
- now with --enable-thread-safety --with-gd=yes --with-ttf
- imap support is now broken
* Thu Dec 23 1999 rolf@suse.de
- dynamic JDK path detection
- some fixes in DAV, still doesn´t work
- now also runs with IMAP
* Thu Nov 25 1999 rolf@suse.de
- initial package version 4.0b3
/etc/php8/conf.d/10-gd.ini /usr/lib64/php8/extensions/gd.so
Generated by rpm2html 1.8.1
Fabrice Bellet, Thu Jul 18 00:05:10 2024