Search
j0ke.net Open Build Service
>
Projects
>
internetx
:
php5
>
php-5.2.6
> Changes
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
Changes of Revision 34
[-]
[+]
Changed
php5.changes
@@ -1,75 +1,151 @@ ------------------------------------------------------------------- -Mon Nov 12 04:38:22 UTC 2007 - crrodriguez@suse.de +Fri May 2 10:12:59 CEST 2008 - crrodriguez@suse.de -- update to PHP 5.2.5 - * Fixed dl() to only accept filenames. reported by Laurent Gaffie. - * Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). - * Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences. - * Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie. - * Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable in .htaccess due to the security implications reported by SecurityReason. - * Fixed bug #42869 (automatic session id insertion adds sessions id to non-local forms). - * Fixed bug #41561 (Values set with php_admin_* in httpd.conf can be overwritten with ini_set()). - * Upgraded PCRE to version 7.3 (Nuno) - * Added optional parameter $provide_object to debug_backtrace(). (Sebastian) - * Added alpha support for imagefilter() IMG_FILTER_COLORIZE. (Pierre) - * Added ability to control memory consumption between request using ZEND_MM_COMPACT environment variable. (Dmitry) - * Improved speed of array_intersect_key(), array_intersect_assoc(), array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and array_udiff_assoc(). (Dmitry) - * Fixed move_uploaded_file() to always set file permissions of resulting file according to UMASK. (Andrew Sitnikov) - * Fixed possible crash in ext/soap because of uninitialized value. (Zdash Urf) - * Fixed regression in glob() when enforcing safe_mode/open_basedir checks on paths containing '*'. (Ilia) - * Fixed PDO crash when driver returns empty LOB stream. (Stas) - * Fixed iconv_*() functions to limit argument sizes as workaround to libc bug (CVE-2007-4783, CVE-2007-4840 by Laurent Gaffie). (Christian Hoffmann, Stas) - * Fixed missing brackets leading to build warning and error in the log. Win32 code. (Andrey) - * Fixed leaks with multiple connects on one mysqli object. (Andrey) - * Fixed imagerectangle regression with 1x1 rectangle (libgd #106). (Pierre) - * Fixed bug #43196 (array_intersect_assoc() crashes with non-array input). (Jani) - * Fixed bug #43139 (PDO ignores ATTR_DEFAULT_FETCH_MODE in some cases with fetchAll()). (Ilia) - * Fixed bug #43137 (rmdir() and rename() do not clear statcache). (Jani) - * Fixed bug #43130 (Bound parameters cannot have - in their name). (Ilia) - * Fixed bug #43099 (XMLWriter::endElement() does not check # of params). (Ilia) - * Fixed bug #43020 (Warning message is missing with shuffle() and more than one argument). (Scott) - * Fixed bug #42976 (Crash when constructor for newInstance() or newInstanceArgs() fails) (Ilia) - * Fixed bug #42917 (PDO::FETCH_KEY_PAIR doesn't work with setFetchMode). (Ilia) - * Fixed bug #42890 (Constant "LIST" defined by mysqlclient and c-client). (Andrey) - * Fixed bug #42818 ($foo = clone(array()); leaks memory). (Dmitry) - * Fixed bug #42817 (clone() on a non-object does not result in a fatal error). (Ilia) - * Fixed bug #42785 (json_encode() formats doubles according to locale rather then following standard syntax). (Ilia) - * Fixed bug #42783 (pg_insert() does not accept an empty list for insertion). (Ilia) - * Fixed bug #42773 (WSDL error causes HTTP 500 Response). (Dmitry) - * Fixed bug #42772 (Storing $this in a static var fails while handling a cast to string). (Dmitry) - * Fixed bug #42767 (highlight_string() truncates trailing comment). (Ilia) - * Fixed bug #42739 (mkdir() doesn't like a trailing slash when safe_mode is enabled). (Ilia) - * Fixed bug #42703 (Exception raised in an iterator::current() causes segfault in FilterIterator) (Marcus) - * Fixed bug #42699 (PHP_SELF duplicates path). (Dmitry) - * Fixed bug #42654 (RecursiveIteratorIterator modifies only part of leaves) (Marcus) - * Fixed bug #42643 (CLI segfaults if using ATTR_PERSISTENT). (Ilia) - * Fixed bug #42637 (SoapFault : Only http and https are allowed). (Bill Moran) - * Fixed bug #42627 (bz2 extension fails to build with -fno-common). (dolecek at netbsd dot org) - * Fixed bug #42596 (session.save_path MODE option does not work). (Ilia) - * Fixed bug #42590 (Make the engine recognize \v and \f escape sequences). (Ilia) - * Fixed bug #42587 (behavior change regarding symlinked .php files). (Dmitry) - * Fixed bug #42579 (apache_reset_timeout() does not exist). (Jani) - * Fixed bug #42549 (ext/mysql failed to compile with libmysql 3.23). (Scott) - * Fixed bug #42523 (PHP_SELF duplicates path). (Dmitry) - * Fixed bug #42512 (ip2long('255.255.255.255') should return 4294967295 on 64-bit PHP). (Derick) - * Fixed bug #42506 (php_pgsql_convert() timezone parse bug) (nonunnet at gmail dot com, Ilia) - * Fixed bug #42462 (Segmentation when trying to set an attribute in a DOMElement). (Rob) - * Fixed bug #42453 (CGI SAPI does not shut down cleanly with -i/-m/-v cmdline options). (Dmitry) - * Fixed bug #42452 (PDO classes do not expose Reflection API information). (Hannes) - * Fixed bug #42468 (Write lock on file_get_contents fails when using a compression stream). (Ilia) - * Fixed bug #42488 (SoapServer reports an encoding error and the error itself breaks). (Dmitry) - * Fixed bug #42378 (mysqli_stmt_bind_result memory exhaustion). (Andrey) - * Fixed bug #42359 (xsd:list type not parsed). (Dmitry) - * Fixed bug #42326 (SoapServer crash). (Dmitry) - * Fixed bug #42214 (SoapServer sends clients internal PHP errors). (Dmitry) - * Fixed bug #42189 (xmlrpc_set_type() crashes php on invalid datetime values). (Ilia) - * Fixed bug #42139 (XMLReader option constants are broken using XML()). (Rob) - * Fixed bug #42086 (SoapServer return Procedure '' not present for WSIBasic compliant wsdl). (Dmitry) - * Fixed bug #41822 (Relative includes broken when getcwd() fails). (Ab5602, Jani) - * Fixed bug #39651 (proc_open() append mode doesn't work on windows). (Nuno) +- update to PHP 5.2.6 + * Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin. + * Fixed integer overflow in printf() identified by Maksymilian Aciemowicz. + * Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh. + * Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz. + * Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser. + * Fixed two possible crashes inside the posix extension. + * Fixed bug #44069 (Huge memory usage with concatenation using . instead of .=) + * Fixed bug #44141 (private parent constructor callable through static function). + * Fixed bug #43589 (a possible infinite loop in bz2_filter.c). + * Fixed bug #43450 (Memory leak on some functions with implicit object __toString() call). + * Fixed bug #43201 (Crash on using uninitialized vals and __get/__set). + * Fixed bug #42978 (mismatch between number of bound params and values causes a crash in pdo_pgsql). + * Fixed bug #42937 (__call() method not invoked when methods are called on parent from child class). + * Fixed bug #42736 (xmlrpc_server_call_method() crashes). + * Fixed bug #42369 (Implicit conversion to string leaks memory). + * Fixed bug #41562 (SimpleXML memory issue). + * Fixed bug #43606 (define missing depencies of the exif extension). (crrodriguez at suse dot de) + * Fixed bug #43498 (file_exists() on a proftpd server got SIZE not allowed in ASCII mode). (Ilia, crrodriguez at suse dot de) + * Over 120 bug fixes. + +------------------------------------------------------------------- +Wed Feb 6 00:37:17 CET 2008 - crrodriguez@suse.de + +- update suhosin extension to version 0.9.23 +- Fixed suhosin extension now compiles with snapshots of PHP 5.3 +- Fixed crypt() behaves like normal again when there is no salt supplied +- wrong Obsoletes causes upgrade trouble [bnc #355618] + +------------------------------------------------------------------- +Fri Feb 1 10:47:45 CET 2008 - mmarek@suse.cz + +- use %%_with_ming and %%_with_qdbm instead of %%opensuse_bs, + enables building in the bs in other projects than server:php + (bnc#357917) + +------------------------------------------------------------------- +Fri Jan 11 08:06:38 CET 2008 - crrodriguez@suse.de + +- Try patch recently published by Redhat that allows PHP to + use the system timezone database instead of the bundled one. + +------------------------------------------------------------------- +Mon Jan 7 07:07:53 CET 2008 - crrodriguez@suse.de + +- Do not hard require php5-timezonedb, instead provide a capability + php(tzdatabase) = builtin_tz_ver so it gets installed via rpm + Supplements only when needed. + +------------------------------------------------------------------- +Thu Dec 27 08:10:15 CET 2007 - crrodriguez@suse.de + +- PHP is leaking file descriptors badly on relative includes + (php-5.2.5-fdleak.patch) + + +------------------------------------------------------------------- +Thu Dec 13 05:35:08 CET 2007 - crrodriguez@suse.de + +- suhosin 0.9.22 + - Fixed function_exists() now checks the Suhosin permissions + - Fixed crypt() salt no longer uses Blowfish by default + - Fixed .htaccess/perdir support + - Fixed compilation problem on OS/X + - Added protection against some attacks through _SERVER variables + - Added suhosin.server.strip and suhosin.server.encode ------------------------------------------------------------------- +Tue Dec 11 06:37:03 CET 2007 - crrodriguez@suse.de + +- use /dev/urandom for generating session-IDs [#337005] +- L3: PHP: Venezuela Time Zone Update starting date changed to December 9 [#345548] + +------------------------------------------------------------------- +Mon Nov 12 06:40:39 CET 2007 - crrodriguez@suse.de + +- update to PHP 5.2.5 + * Fixed dl() to only accept filenames. reported by Laurent Gaffie. + * Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). + * Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences. + * Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie. + * Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable in .htaccess due to the security implications reported by SecurityReason. + * Fixed bug #42869 (automatic session id insertion adds sessions id to non-local forms). + * Fixed bug #41561 (Values set with php_admin_* in httpd.conf can be overwritten with ini_set()). + * Upgraded PCRE to version 7.3 (Nuno) + * Added optional parameter $provide_object to debug_backtrace(). (Sebastian) + * Added alpha support for imagefilter() IMG_FILTER_COLORIZE. (Pierre) + * Added ability to control memory consumption between request using ZEND_MM_COMPACT environment variable. (Dmitry) + * Improved speed of array_intersect_key(), array_intersect_assoc(), array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and array_udiff_assoc(). (Dmitry) + * Fixed move_uploaded_file() to always set file permissions of resulting file according to UMASK. (Andrew Sitnikov) + * Fixed possible crash in ext/soap because of uninitialized value. (Zdash Urf) + * Fixed regression in glob() when enforcing safe_mode/open_basedir checks on paths containing '*'. (Ilia) + * Fixed PDO crash when driver returns empty LOB stream. (Stas) + * Fixed iconv_*() functions to limit argument sizes as workaround to libc bug (CVE-2007-4783, CVE-2007-4840 by Laurent Gaffie). (Christian Hoffmann, Stas) + * Fixed missing brackets leading to build warning and error in the log. Win32 code. (Andrey) + * Fixed leaks with multiple connects on one mysqli object. (Andrey) + * Fixed imagerectangle regression with 1x1 rectangle (libgd #106). (Pierre) + * Fixed bug #43196 (array_intersect_assoc() crashes with non-array input). (Jani) + * Fixed bug #43139 (PDO ignores ATTR_DEFAULT_FETCH_MODE in some cases with fetchAll()). (Ilia) + * Fixed bug #43137 (rmdir() and rename() do not clear statcache). (Jani) + * Fixed bug #43130 (Bound parameters cannot have - in their name). (Ilia) + * Fixed bug #43099 (XMLWriter::endElement() does not check # of params). (Ilia) + * Fixed bug #43020 (Warning message is missing with shuffle() and more than one argument). (Scott) + * Fixed bug #42976 (Crash when constructor for newInstance() or newInstanceArgs() fails) (Ilia) + * Fixed bug #42917 (PDO::FETCH_KEY_PAIR doesn't work with setFetchMode). (Ilia) + * Fixed bug #42890 (Constant "LIST" defined by mysqlclient and c-client). (Andrey) + * Fixed bug #42818 ($foo = clone(array()); leaks memory). (Dmitry) + * Fixed bug #42817 (clone() on a non-object does not result in a fatal error). (Ilia) + * Fixed bug #42785 (json_encode() formats doubles according to locale rather then following standard syntax). (Ilia) + * Fixed bug #42783 (pg_insert() does not accept an empty list for insertion). (Ilia) + * Fixed bug #42773 (WSDL error causes HTTP 500 Response). (Dmitry) + * Fixed bug #42772 (Storing $this in a static var fails while handling a cast to string). (Dmitry) + * Fixed bug #42767 (highlight_string() truncates trailing comment). (Ilia) + * Fixed bug #42739 (mkdir() doesn't like a trailing slash when safe_mode is enabled). (Ilia) + * Fixed bug #42703 (Exception raised in an iterator::current() causes segfault in FilterIterator) (Marcus) + * Fixed bug #42699 (PHP_SELF duplicates path). (Dmitry) + * Fixed bug #42654 (RecursiveIteratorIterator modifies only part of leaves) (Marcus) + * Fixed bug #42643 (CLI segfaults if using ATTR_PERSISTENT). (Ilia) + * Fixed bug #42637 (SoapFault : Only http and https are allowed). (Bill Moran) + * Fixed bug #42627 (bz2 extension fails to build with -fno-common). (dolecek at netbsd dot org) + * Fixed bug #42596 (session.save_path MODE option does not work). (Ilia) + * Fixed bug #42590 (Make the engine recognize \v and \f escape sequences). (Ilia) + * Fixed bug #42587 (behavior change regarding symlinked .php files). (Dmitry) + * Fixed bug #42579 (apache_reset_timeout() does not exist). (Jani) + * Fixed bug #42549 (ext/mysql failed to compile with libmysql 3.23). (Scott) + * Fixed bug #42523 (PHP_SELF duplicates path). (Dmitry) + * Fixed bug #42512 (ip2long('255.255.255.255') should return 4294967295 on 64-bit PHP). (Derick) + * Fixed bug #42506 (php_pgsql_convert() timezone parse bug) (nonunnet at gmail dot com, Ilia)
