------------------------------------------------------------------- Tue Mar 8 16:48:43 CET 2011 - pgajdos@suse.cz - security fix * CVE-2011-0708 [bnc#671710] ------------------------------------------------------------------- Wed Feb 9 14:20:56 CET 2011 - pgajdos@suse.cz - security fixes * CVE-2011-0755 [bnc#669189] * CVE-2011-0752 [bnc#669162] * CVE-2011-0753 [bnc#669188] ------------------------------------------------------------------- Tue Feb 1 10:35:17 CET 2011 - pgajdos@suse.cz - security fixes [bnc#666512] * CVE-2010-4697 * CVE-2010-4698 * CVE-2010-4699 ------------------------------------------------------------------- Thu Jan 13 17:10:38 CET 2011 - pgajdos@suse.cz - security fixes * CVE-2010-4645 [bnc#662932] * CVE-2010-3709 [bnc#660102] * CVE-2010-4150 [bnc#655968] * fopen_https_proxy_auth_fix.patch [bnc#656523] ------------------------------------------------------------------- Thu Nov 4 10:29:15 UTC 2010 - pgajdos@novell.com - security fix in utf8_decode() [bnc#650700] * CVE-2010-3870.patch ------------------------------------------------------------------- Tue Oct 26 15:43:33 CEST 2010 - pgajdos@suse.cz - fix "Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data" [bnc#649210] * CVE-2010-3710.patch ------------------------------------------------------------------- Wed Sep 29 05:47:12 CEST 2010 - crrodriguez@suse.de - L3: Regression with xmlparse in PHP5 [bnc#642291] - Refresh patches with fuzz 0 ------------------------------------------------------------------- Thu Aug 5 06:47:23 CEST 2010 - crrodriguez@suse.de - upgrade to latest php 5.2.x minor stable release [bnc#585480] * VUL-0: php5 new unserialize() flaw CVE-2010-2225 [bnc#616232] * VUL-0: php5: MOPS-2010-021: fnmatch() Stack Exhaustion Vulnerability [bnc#605097] * VUL-0: php5: MOPS-2010-017: preg_quote() Interruption Information Leak [bnc#605100] * VUL-0: php5: MOPS-2010-022 use after free [bnc#609763] * VUL-0: php5-phar: MOPS-2010-0{24,25,26,27,28} format string bugs [bnc#609766] * VUL-0: php5: MOPS-2010-0{32,33,34} use space interruption in iconv functions [bnc#609768] * VUL-0: php5: MOPS-2010-0{36,37,38,39,40} userspace interruptions [bnc#609769] * VUL-0: php5: MOPS-2010-0{36..46} userspace interruptions [bnc#609769] * VUL-0: php5: MOPS-2010-047/048 information leak [bnc#612555] * VUL-0: php5: MOPS-2010-049/50/51/52/53/54/55 memory corruption and/or info leak [bnc#612556] * VUL-0: PHP5: Session Data Injection Vulnerability [bnc#619483] * VUL-0: PHP5: multiple heap based buffer overflows [bnc#619486] * bugzilla numbers 619487,619489,619469,609766.. ------------------------------------------------------------------- Wed May 5 17:13:57 UTC 2010 - mseben@novell.com - update to 5.2.13 [bnc#585480] - Updated timezone database to version 2010.2. - Upgraded bundled PCRE to version 7.9 - Removed automatic file descriptor unlocking happening on shutdown and/or stream close (on all OSes excluding Windows). - Changed tidyNode class to disallow manual node creation. - Added missing host validation for HTTP urls inside FILTER_VALIDATE_URL. - Improved LCG entropy. - Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). - Fixed a possible open_basedir/safe_mode bypass in session extension identified by Grzegorz Stachowiak. - Fixed bug in bundled libgd causing spurious horizontal lines drawn by gdImageFilledPolygon. - Fixed build of mysqli with MySQL 5.5.0-m2. - Fixed bug php#50940 Custom content-length set incorrectly in Apache sapis. - Fixed bug php#50930 (Wrong date by php_date.c patch with ancient gcc/glibc versions). - Fixed bug php#50859 (build fails with openssl 1.0 due to md2 deprecation). - Fixed bug php#50847 (strip_tags() removes all tags greater then 1023 bytes long). - Fixed bug php#50832 (HTTP fopen wrapper does not support passwordless HTTP authentication). - Fixed bug php#50823 (ReflectionFunction::isDeprecated producing "cannot be called statically" error). - Fixed bug php#50791 (Compile failure: Bad logic in defining fopencookie emulation). - Fixed bug php#50787 (stream_set_write_buffer() has no effect on socket streams). - Fixed bug php#50772 (mysqli constructor without parameters does not return a working mysqli object). - Fixed bug php#50761 (system.multiCall crashes in xmlrpc extension). - Fixed bug php#50732 (exec() adds single byte twice to $output array). - Fixed bug php#50728 (All PDOExceptions hardcode 'code' property to 0). - Fixed bug php#50727 (Accessing mysqli->affected_rows on no connection causes segfault). - Fixed bug php#50680 (strtotime() does not support eighth ordinal number). - Fixed bug php#50661 (DOMDocument::loadXML does not allow UTF-16). - Fixed bug php#50657 (copy() with an empty (zero-byte) HTTP source succeeds but returns false). - Fixed bug php#50636 (MySQLi_Result sets values before calling constructor). - Fixed bug php#50632 (filter_input() does not return default value if the variable does not exist). - Fixed bug php#50576 (XML_OPTION_SKIP_TAGSTART option has no effect). - Fixed bug php#50575 (PDO_PGSQL LOBs are not compatible with PostgreSQL 8.5). - Fixed bug php#50558 (Broken object model when extending tidy). - Fixed bug php#50540 (Crash while running ldap_next_reference test cases). - Fixed bug php#50508 (compile failure: Conflicting HEADER type declarations). - Fixed bug php#50394 (Reference argument converted to value in __call). - Fixed bug php#49851 (http wrapper breaks on 1024 char long headers). - Fixed bug php#49600 (imageTTFText text shifted right). - Fixed bug php#49585 (date_format buffer not long enough for >4 digit years). - Fixed bug php#49463 (setAttributeNS fails setting default namespace). - Fixed bug php#48667 (Implementing Iterator and IteratorAggregate). - Fixed bug php#48590 (SoapClient does not honor max_redirects). - Fixed bug php#48190 (Content-type parameter "boundary" is not case-insensitive in HTTP uploads). - Fixed bug php#47601 (defined() requires class to exist when testing for class constants). - Fixed bug php#47409 (extract() problem with array containing word "this"). - Fixed bug php#47002 (Field truncation when reading from dbase dbs with more then 1024 fields). - Fixed bug php#45599 (strip_tags() truncates rest of string with invalid attribute). - Fixed bug php#44827 (define() allows :: in constant names). - depracated really-with-libedit.patch, bnc-518300.patch,php5-alignment.patch, arrayobject-mess.patch, BNC-457056_2.patch CVE-2008-5557.patch, CVE-2008-5498.patch, CVE-2008-2829.patch, CVE-2009-4017.patch, CVE-2009-2626.patch, CVE-2009-2687.patch, CVE-2009-0754.patch, CVE-2009-1271.patch, CVE-2009-1272.patch, CVE-2009-3291.patch, CVE-2009-3292.patch, CVE-2009-3293.patch, CVE-2008-5624.patch, CVE-2008-5625.patch, CVE-2008-5814.patch, CVE-2009-3546.patch, CVE-2009-4142.patch, - reworked bnc-435595.patch (change grabbed from php 5.3.2) - added patch php5-session.patch to fix build - fix CVE-2010-0397 [bnc#588975] ------------------------------------------------------------------- Tue Feb 9 17:20:47 UTC 2010 - mseben@novell.com - fix CVE-2008-5624, CVE-2008-5625, CVE-2008-5814 [bnc#568527] - fix CVE-2009-3546 [bnc#547525] - fix CVE-2009-4142 [bnc#565924] - fix CVE-2009-2626,,CVE-2009-4017 [bnc#557157] ------------------------------------------------------------------- Tue Sep 22 22:57:48 CEST 2009 - crrodriguez@suse.de - VUL-0: php5: 5.2.11 release [bnc#540242] - L3: Problem with xmlparse in PHP5 ------------------------------------------------------------------- Sun Aug 23 19:22:59 CEST 2009 - crrodriguez@suse.de - VUL-1: php5: exif module denial of service [bnc#513080] - PHP read_exif_data() only returns the first letter of UTF-16 strings [bnc#518300] ------------------------------------------------------------------- Thu Jul 16 23:17:08 CEST 2009 - crrodriguez@suse.de - PHP5: json_decode not working correctly after update [bnc#521033] ------------------------------------------------------------------- Wed Jun 17 16:55:44 CEST 2009 - crrodriguez@suse.de - fix CVE-2009-1271, CVE-2009-1272 [bnc#493122] ------------------------------------------------------------------- Wed May 27 05:13:30 CEST 2009 - crrodriguez@suse.de - missing timezone hard dependency [bnc#486359] ------------------------------------------------------------------- Thu Mar 12 03:50:03 CET 2009 - crrodriguez@suse.de - VUL-0: php5: memory disclosure by imagerotate() [bnc#480850] - VUL-0: php5: mbstring.func_overload set in .htaccess becomes global [bnc#471419] ------------------------------------------------------------------- Wed Jan 14 05:49:49 CET 2009 - crrodriguez@suse.de - libxml version detection of previous fix will never work. 11.1 version is 2.7.2 not 2.7.3 and presence of XML_PARSE_OLDSAX enumeration value cannot be tested with defined().. ------------------------------------------------------------------- Mon Jan 12 21:40:02 CET 2009 - crrodriguez@suse.de - VUL-0: php: buffer overflow in ext/mbstring [BNC#462499] - VUL-0: php5: dir traversal vulnerability in ZipArchive [BNC#464048] - PHP5: ext/xml is broken due to libxml2 2.7.x changes [BNC#457056] * Note that this MUST be submitted AFTER libxml2 update ------------------------------------------------------------------- Wed Nov 12 21:24:00 CET 2008 - crrodriguez@suse.de - fix ext/imap buffer overflows, old API used [#BNC402665] ------------------------------------------------------------------- Wed Nov 12 17:10:50 CET 2008 - crrodriguez@suse.de - QA Results fixed * array_pad "succeeds" when padding with large negative number [BNC#435595] ------------------------------------------------------------------- Wed Nov 12 16:10:52 CET 2008 - crrodriguez@suse.de - QA Results: fix PPC64 regression of gd module [BNC#364518] ------------------------------------------------------------------- Wed Nov 12 16:01:51 CET 2008 - crrodriguez@suse.de - update system timezone support patch to r4 * added "System/Localtime" tzname which uses /etc/localtime ------------------------------------------------------------------- Thu Oct 9 06:30:03 CEST 2008 - crrodriguez@suse.de - Using the ArrayObject class leaks and corrupt memory, causing a really nasty undefined behaviour in userspace code, whatever can happend due to corruption of the symbol table. see http://bugs.php.net/bug.php?id=46222 where martian variables get created as example. ------------------------------------------------------------------- Mon Sep 8 11:22:17 CEST 2008 - crrodriguez@suse.de - update suhosin to version 0.9.27 * Fixed problem with suhosin.perdir Thanks to Hosteurope for tracking this down * Fixed problems with ext/uploadprogress Reported by: Christian Stocker * Added suhosin.srand.ignore and suhosin.mt_srand.ignore (default: on) * Modified rand()/srand() to use the Mersenne Twister algorithm with separate state * Added better internal seeding of rand() and mt_rand() ------------------------------------------------------------------- Wed Sep 3 14:49:36 CEST 2008 - crrodriguez@suse.de - do not restart apache after update of mod_php5 [BNC#419508] ------------------------------------------------------------------- Thu May 8 17:00:13 CEST 2008 - schwab@suse.de - Don't try to replace libtool. - Fix alignment violation. - Don't define feature test macros after system headers. ------------------------------------------------------------------- Fri May 2 10:12:59 CEST 2008 - crrodriguez@suse.de - update to PHP 5.2.6 * Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin. * Fixed integer overflow in printf() identified by Maksymilian Aciemowicz. * Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh. * Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz. * Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser. * Fixed two possible crashes inside the posix extension. * Fixed bug #44069 (Huge memory usage with concatenation using . instead of .=) * Fixed bug #44141 (private parent constructor callable through static function). * Fixed bug #43589 (a possible infinite loop in bz2_filter.c). * Fixed bug #43450 (Memory leak on some functions with implicit object __toString() call). * Fixed bug #43201 (Crash on using uninitialized vals and __get/__set). * Fixed bug #42978 (mismatch between number of bound params and values causes a crash in pdo_pgsql). * Fixed bug #42937 (__call() method not invoked when methods are called on parent from child class). * Fixed bug #42736 (xmlrpc_server_call_method() crashes). * Fixed bug #42369 (Implicit conversion to string leaks memory). * Fixed bug #41562 (SimpleXML memory issue). * Fixed bug #43606 (define missing depencies of the exif extension). (crrodriguez at suse dot de) * Fixed bug #43498 (file_exists() on a proftpd server got SIZE not allowed in ASCII mode). (Ilia, crrodriguez at suse dot de) * Over 120 bug fixes. ------------------------------------------------------------------- Wed Feb 6 00:37:17 CET 2008 - crrodriguez@suse.de - update suhosin extension to version 0.9.23 - Fixed suhosin extension now compiles with snapshots of PHP 5.3 - Fixed crypt() behaves like normal again when there is no salt supplied - wrong Obsoletes causes upgrade trouble [bnc #355618] ------------------------------------------------------------------- Fri Feb 1 10:47:45 CET 2008 - mmarek@suse.cz - use %%_with_ming and %%_with_qdbm instead of %%opensuse_bs, enables building in the bs in other projects than server:php (bnc#357917) ------------------------------------------------------------------- Fri Jan 11 08:06:38 CET 2008 - crrodriguez@suse.de - Try patch recently published by Redhat that allows PHP to use the system timezone database instead of the bundled one. ------------------------------------------------------------------- Mon Jan 7 07:07:53 CET 2008 - crrodriguez@suse.de - Do not hard require php5-timezonedb, instead provide a capability php(tzdatabase) = builtin_tz_ver so it gets installed via rpm Supplements only when needed. ------------------------------------------------------------------- Thu Dec 27 08:10:15 CET 2007 - crrodriguez@suse.de - PHP is leaking file descriptors badly on relative includes (php-5.2.5-fdleak.patch) ------------------------------------------------------------------- Thu Dec 13 05:35:08 CET 2007 - crrodriguez@suse.de - suhosin 0.9.22 - Fixed function_exists() now checks the Suhosin permissions - Fixed crypt() salt no longer uses Blowfish by default - Fixed .htaccess/perdir support - Fixed compilation problem on OS/X - Added protection against some attacks through _SERVER variables - Added suhosin.server.strip and suhosin.server.encode ------------------------------------------------------------------- Tue Dec 11 06:37:03 CET 2007 - crrodriguez@suse.de - use /dev/urandom for generating session-IDs [#337005] - L3: PHP: Venezuela Time Zone Update starting date changed to December 9 [#345548] ------------------------------------------------------------------- Mon Nov 12 06:40:39 CET 2007 - crrodriguez@suse.de - update to PHP 5.2.5 * Fixed dl() to only accept filenames. reported by Laurent Gaffie. * Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). * Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences. * Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie. * Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable in .htaccess due to the security implications reported by SecurityReason. * Fixed bug #42869 (automatic session id insertion adds sessions id to non-local forms). * Fixed bug #41561 (Values set with php_admin_* in httpd.conf can be overwritten with ini_set()). * Upgraded PCRE to version 7.3 (Nuno) * Added optional parameter $provide_object to debug_backtrace(). (Sebastian) * Added alpha support for imagefilter() IMG_FILTER_COLORIZE. (Pierre) * Added ability to control memory consumption between request using ZEND_MM_COMPACT environment variable. (Dmitry) * Improved speed of array_intersect_key(), array_intersect_assoc(), array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and array_udiff_assoc(). (Dmitry) * Fixed move_uploaded_file() to always set file permissions of resulting file according to UMASK. (Andrew Sitnikov) * Fixed possible crash in ext/soap because of uninitialized value. (Zdash Urf) * Fixed regression in glob() when enforcing safe_mode/open_basedir checks on paths containing '*'. (Ilia) * Fixed PDO crash when driver returns empty LOB stream. (Stas) * Fixed iconv_*() functions to limit argument sizes as workaround to libc bug (CVE-2007-4783, CVE-2007-4840 by Laurent Gaffie). (Christian Hoffmann, Stas) * Fixed missing brackets leading to build warning and error in the log. Win32 code. (Andrey) * Fixed leaks with multiple connects on one mysqli object. (Andrey) * Fixed imagerectangle regression with 1x1 rectangle (libgd #106). (Pierre) * Fixed bug #43196 (array_intersect_assoc() crashes with non-array input). (Jani) * Fixed bug #43139 (PDO ignores ATTR_DEFAULT_FETCH_MODE in some cases with fetchAll()). (Ilia) * Fixed bug #43137 (rmdir() and rename() do not clear statcache). (Jani) * Fixed bug #43130 (Bound parameters cannot have - in their name). (Ilia) * Fixed bug #43099 (XMLWriter::endElement() does not check # of params). (Ilia) * Fixed bug #43020 (Warning message is missing with shuffle() and more than one argument). (Scott) * Fixed bug #42976 (Crash when constructor for newInstance() or newInstanceArgs() fails) (Ilia) * Fixed bug #42917 (PDO::FETCH_KEY_PAIR doesn't work with setFetchMode). (Ilia) * Fixed bug #42890 (Constant "LIST" defined by mysqlclient and c-client). (Andrey) * Fixed bug #42818 ($foo = clone(array()); leaks memory). (Dmitry) * Fixed bug #42817 (clone() on a non-object does not result in a fatal error). (Ilia) * Fixed bug #42785 (json_encode() formats doubles according to locale rather then following standard syntax). (Ilia) * Fixed bug #42783 (pg_insert() does not accept an empty list for insertion). (Ilia) * Fixed bug #42773 (WSDL error causes HTTP 500 Response). (Dmitry) * Fixed bug #42772 (Storing $this in a static var fails while handling a cast to string). (Dmitry) * Fixed bug #42767 (highlight_string() truncates trailing comment). (Ilia) * Fixed bug #42739 (mkdir() doesn't like a trailing slash when safe_mode is enabled). (Ilia) * Fixed bug #42703 (Exception raised in an iterator::current() causes segfault in FilterIterator) (Marcus) * Fixed bug #42699 (PHP_SELF duplicates path). (Dmitry) * Fixed bug #42654 (RecursiveIteratorIterator modifies only part of leaves) (Marcus) * Fixed bug #42643 (CLI segfaults if using ATTR_PERSISTENT). (Ilia) * Fixed bug #42637 (SoapFault : Only http and https are allowed). (Bill Moran) * Fixed bug #42627 (bz2 extension fails to build with -fno-common). (dolecek at netbsd dot org) * Fixed bug #42596 (session.save_path MODE option does not work). (Ilia) * Fixed bug #42590 (Make the engine recognize \v and \f escape sequences). (Ilia) * Fixed bug #42587 (behavior change regarding symlinked .php files). (Dmitry) * Fixed bug #42579 (apache_reset_timeout() does not exist). (Jani) * Fixed bug #42549 (ext/mysql failed to compile with libmysql 3.23). (Scott) * Fixed bug #42523 (PHP_SELF duplicates path). (Dmitry) * Fixed bug #42512 (ip2long('255.255.255.255') should return 4294967295 on 64-bit PHP). (Derick) * Fixed bug #42506 (php_pgsql_convert() timezone parse bug) (nonunnet at gmail dot com, Ilia) * Fixed bug #42462 (Segmentation when trying to set an attribute in a DOMElement). (Rob) * Fixed bug #42453 (CGI SAPI does not shut down cleanly with -i/-m/-v cmdline options). (Dmitry) * Fixed bug #42452 (PDO classes do not expose Reflection API information). (Hannes) * Fixed bug #42468 (Write lock on file_get_contents fails when using a compression stream). (Ilia) * Fixed bug #42488 (SoapServer reports an encoding error and the error itself breaks). (Dmitry) * Fixed bug #42378 (mysqli_stmt_bind_result memory exhaustion). (Andrey) * Fixed bug #42359 (xsd:list type not parsed). (Dmitry) * Fixed bug #42326 (SoapServer crash). (Dmitry) * Fixed bug #42214 (SoapServer sends clients internal PHP errors). (Dmitry) * Fixed bug #42189 (xmlrpc_set_type() crashes php on invalid datetime values). (Ilia) * Fixed bug #42139 (XMLReader option constants are broken using XML()). (Rob) * Fixed bug #42086 (SoapServer return Procedure '' not present for WSIBasic compliant wsdl). (Dmitry) * Fixed bug #41822 (Relative includes broken when getcwd() fails). (Ab5602, Jani) * Fixed bug #39651 (proc_open() append mode doesn't work on windows). (Nuno) ------------------------------------------------------------------- Thu Aug 30 03:52:35 CEST 2007 - crrodriguez@suse.de - update to PHP 5.2.4, no relevant changes since RC3. ------------------------------------------------------------------- Fri Aug 24 11:11:41 CEST 2007 - crrodriguez@suse.de - PHP 5.2.4RC3 - Fixed version_compare() to support "rc" as well as "RC" for release candidate version numbers. - Fixed bug #42368 (Incorrect error message displayed by pg_escape_string). (Ilia) - Fixed phpbug #42365 and Novell bugzilla #292998 (glob() crashes and/or accepts way too many flags). (Jani) - Fixed bug #42183 (classmap causes crash in non-wsdl mode). (Dmitry) - Fixed bug #42009 (is_a() and is_subclass_of() should NOT call autoload, in the same way as "instanceof" operator). (Dmitry) - Fixed bug #41904 (proc_open(): empty env array should cause empty environment to be passed to process). (Jani) - Fixed bug #37273 (Symlinks and mod_files session handler allow open_basedir bypass). (Ilia) - remove wrong hardcoded requirement on libedit - devel package at least does not need libtool the php build enviroment uses a private copy. - drop no longer needed patches already in upstream ------------------------------------------------------------------- Fri Aug 17 14:46:08 CEST 2007 - anosek@suse.cz - updated to version 5.2.4RC2 - Fixed oci8 and PDO_OCI extensions to allow configuring with Oracle 11g client libraries. (Chris Jones) - Fixed bug #42292 ($PHP_CONFIG not set for phpized builds). (Jani) - Fixed bug #42261 (header wrong for date field). (roberto at spadim dot com dot br, Ilia) - Fixed bug #42259 (SimpleXMLIterator loses ancestry). (Rob) - Fixed bug #42247 (ldap_parse_result() not defined under win32). (Jani) - Fixed bug #42243 (copy() does not output an error when the first arg is a dir). (Ilia) - Fixed bug #42242 (sybase_connect() crashes). (Ilia) - Fixed bug #42237 (stream_copy_to_stream returns invalid values for mmaped streams). (andrew dot minerd at sellingsource dot com, Ilia) - Fixed bug #42222 (possible buffer overflow in php_openssl_make_REQ). (Pierre) - Fixed bug #42211 (property_exists() fails to find protected properties from a parent class). (Dmitry) - Fixed bug #42208 (substr_replace() crashes when the same array is passed more than once). (crrodriguez at suse dot de, Ilia) - Fixed bug #42198 (SCRIPT_NAME and PHP_SELF truncated when inside a userdir and using PATH_INFO). (Dmitry) - Fixed bug #42195 (C++ compiler required always). (Jani) - Fixed bug #42117 (bzip2.compress loses data in internal buffer). (Philip, Ilia) - Fixed bug #42082 (NodeList length zero should be empty). (Hannes) - Fixed bug #36492 (Userfilters can leak buckets). (Sara) - Fixed bug #31892 (PHP_SELF incorrect without cgi.fix_pathinfo, but turning on screws up PATH_INFO). (Dmitry) ------------------------------------------------------------------- Mon Aug 6 19:28:46 CEST 2007 - anosek@suse.cz - updated to version 5.2.4RC1 - dropped obsoleted PHP_5_2-CVS-2007-07-30.patch.bz2 ------------------------------------------------------------------- Mon Jul 30 15:31:19 CEST 2007 - mmarek@suse.cz - updated to latest state of PHP_5_2 branch; highlights from the NEWS file: - Upgraded PCRE to version 7.2 (Nuno) - Updated timezone database to version 2007.6. (Derick) - Improved openssl_x509_parse() to return extensions in readable form. (Dmitry) - Changed "display_errors" php.ini option to accept "stderr" as value which makes the error messages to be outputted to STDERR instead of STDOUT with CGI and CLI SAPIs (FR #22839). (Jani) - Changed error handler to send HTTP 500 instead of blank page on PHP errors. (Dmitry, Andrei Nigmatulin) - Added check for unknown options passed to configure. (Jani) - Added persistent connection status checker to pdo_pgsql. (Elvis Pranskevichus, Ilia) - Added support for ATTR_TIMEOUT inside pdo_pgsql driver. (Ilia) - Added php_ini_loaded_file() function which returns the path to the actual php.ini in use. (Jani) - Added GD version constants GD_MAJOR_VERSION, GD_MINOR_VERSION GD_RELEASE_VERSION, GD_EXTRA_VERSION and GD_VERSION_STRING. (Pierre) - Added missing open_basedir checks to CGI. (anight at eyelinkmedia dot com, Tony) - Added missing format validator to unpack() function. (Ilia) - Added missing error check inside bcpowmod(). (Ilia) - Added CURLOPT_PRIVATE & CURLINFO_PRIVATE constants. (Andrey A. Belashkov, Tony) - Added missing MSG_EOR and MSG_EOF constants to sockets extension. (Jani) - Added PCRE_VERSION constant. (Tony) - Added ReflectionExtension::info() function to print the phpinfo() block for an extension. (Johannes) - Implemented FR #41884 (ReflectionClass::getDefaultProperties() does not handle static attributes). (Tony) - plus lots of bugfixes - fixed the pear phar archive to run with 5.2.4 [http://bugs.php.net/bug.php?id=42146] ------------------------------------------------------------------- Wed Jul 25 10:11:15 CEST 2007 - mmarek@suse.cz - added /var/lib/pear to php5-pear.rpm ------------------------------------------------------------------- Tue Jul 24 12:34:32 UTC 2007 - judas_iscariote@shorewall.net - fix nasty deadlock in pear - update php5-ze2-fixes.patch and actually apply it. ------------------------------------------------------------------- Tue Jul 17 07:52:46 CEST 2007 - anosek@suse.cz - fixed YOU honors Recommends, breaks php update [#291551] (moved php-suhosin from Recommends to Suggests) ------------------------------------------------------------------- Mon Jun 25 12:07:56 CEST 2007 - mmarek@suse.cz - provide /srv/www/cgi-bin/php5 compat symlink instead of patching config files ------------------------------------------------------------------- Sat Jun 23 11:03:50 UTC 2007 - judas_iscariote@shorewall.net - fixed a mess with update-alternatives PreReq uncovered by newer build versions. actually every subpackage that uses update-alternatives should PreReq it. - fix some ZE2 bugs. ------------------------------------------------------------------- Tue Jun 12 14:33:57 CEST 2007 - mmarek@suse.cz - drop php5.xpm and the Icon: line from the specfile (the icon is not used at all and it breaks rpm -q --specfile php5.spec) ------------------------------------------------------------------- Fri Jun 1 03:23:28 UTC 2007 - judas_iscariote@shorewall.net - PHP version 5.2.3 see http://www.php.net/releases/5_2_3.php - important: PHP-cgi now lives in /usr, package attempts to fix both lighttpd and apache2 fastcgi config files. ------------------------------------------------------------------- Wed May 30 01:36:58 UTC 2007 - judas_iscariote@shorewall.net - use system re2c in factory. - enable support for qbdm in the dba extension (build service only) - enable the ming extension (build service only) ------------------------------------------------------------------- Mon May 21 12:00:45 CEST 2007 - mmarek@suse.cz - fixed the dba extension adding -ldb-4.x to global LDFLAGS, causing unnecessary dependency in /usr/bin/php5 [http://bugs.php.net/bug.php?id=41455] ------------------------------------------------------------------- Sat May 19 22:59:37 UTC 2007 - judas_iscariote@shorewall.net - updated suhosin to version 0.9.20, security fix + bugfixes see http://www.hardened-php.net/suhosin/changelog.html for more detail. ------------------------------------------------------------------- Mon May 14 03:13:01 UTC 2007 - judas_iscariote@shorewall.net - fix devel package, in the reality PHP does not currenly require expat. headers provides a expat compatibility layer but it is no longer in use by our packages as libxml2 is always prefered, (and HAVE_LIBEXPAT is not defined) ------------------------------------------------------------------- Fri May 11 13:22:29 UTC 2007 - judas_iscariote@shorewall.net - update php5-test-fixes fixing another bug in zend_compile.c - use rpm macros in the spec file - when removing apache2-mod_php5, unload it from apache first. - when updating apache2-mod_php5 restart apache with restart on update macro. ------------------------------------------------------------------- Sun May 6 21:49:54 UTC 2007 - judas_iscariote@shorewall.net - HTTP_RAW_POST_DATA superglobal broken (php5-phpbug-41293.patch) - better fix for MOPB 41. ------------------------------------------------------------------- Sat May 5 00:59:25 UTC 2007 - judas_iscariote@shorewall.net - remove --enable-memory-limit configure flag, it disappeared in 5.2.1, nowdays memory_limit is always enabled. ------------------------------------------------------------------- Fri May 4 13:16:05 CEST 2007 - prusnak@suse.cz - changed expat to libexpat-devel in Requires of devel subpackage ------------------------------------------------------------------- Fri May 4 09:58:35 UTC 2007 - judas_iscariote@shorewall.net - add php5-test-fixes.patch fixing a test case that wont pass on i586 as well a real fix for Zend/tests/bug41117_1.phpt problem, that was commited after the release was done. there is another test case that fails in 10.2 ext/pcre/tests/bug40195.phpt but this is not a PHP problem but a bug in PCRE. - added missing fix for PMOPB-45-2007 PHP ext/filter Email Validation Vulnerability (minor) ------------------------------------------------------------------- Fri May 4 05:58:13 UTC 2007 - judas_iscariote@shorewall.net - php5-devel package now requires pcre-devel for > 10.1 as 5.2.2 installs php_pcre.h header that needs it. ------------------------------------------------------------------- Thu May 3 13:44:11 CEST 2007 - mmarek@suse.cz - fixed some new compiler warnings ------------------------------------------------------------------- Thu May 3 08:25:46 UTC 2007 - judas_iscariote@shorewall.net - upgrade to PHP 5.2.2, fixed hundreds of bugs including MOPB ones if you need the complete changes see http://www.php.net/ChangeLog-5.php#5.2.2 ------------------------------------------------------------------- Thu May 3 04:47:57 UTC 2007 - judas_iscariote@shorewall.net - Upgrade suhosin extension to version 0.9.19 see http://www.hardened-php.net/suhosin/changelog.html for details ------------------------------------------------------------------- Fri Mar 30 11:34:29 CEST 2007 - mmarek@suse.de - added bison to BuildRequires, removed update-desktop-files ------------------------------------------------------------------- Thu Mar 22 17:29:44 CET 2007 - mmarek@suse.de - fixed unpack() on big-endian 64bit (revert-phpbug38770.patch) - blacklist more env variables when safe_mode is on (php5-config.patch) ------------------------------------------------------------------- Sat Mar 17 14:00:00 CET 2007 - judas_iscariote@shorewall.net - fix Requires of -devel package to include only what is really needed for operation of the pecl tool as well the neccesary headers to compile php extensions. - Fix MOPB 24 "PHP array_user_key_compare() Double DTOR Vulnerability" - note that fix for MOPB 23 was included in the previous patchset. ------------------------------------------------------------------- Wed Mar 14 14:00:00 CET 2007 - judas_iscariote@shorewall.net - add security fixes for MOPB 20, 21 and 22. - RPM_BUILD_ROOT is never defined in %post. ------------------------------------------------------------------- Fri Mar 11 14:00:00 CET 2007 - judas_iscariote@shorewall.net - fix/workaround for php5-gd problem with typo3 [#236680] - add fix for MOPB-14-2007 PHP substr_compare() Information Leak Vulnerability. - add secfix for import_request_variables() ancient problem, users of suhosin extension are not affected. - Run the test suite here ------------------------------------------------------------------- Tue Mar 06 14:00:00 CET 2007 - judas_iscariote@shorewall.net - Update suhosin extension to version 0.9.18 fixing a session problem. ------------------------------------------------------------------- Mon Mar 05 14:00:00 CET 2007 - judas_iscariote@shorewall.net - Update suhosin extension to version 0.9.17. see http://www.hardened-php.net/suhosin/changelog.html for details. ------------------------------------------------------------------- Thu Feb 15 14:00:00 CET 2007 - judas_iscariote@shorewall.net - add t1lib support in php5-gd (10.3 and up only) - an off-by-one in str_replace may cause a crash. ------------------------------------------------------------------- Wed Feb 08 14:00:00 CET 2007 - judas_iscariote@shorewall.net - PHP 5.2.1. for a full list of changes see http://www.php.net/ChangeLog-5.php#5.2.1 - add Obsoletes for extensions we dont ship anymore ------------------------------------------------------------------- Fri Feb 02 14:00:00 CET 2007 - judas_iscariote@shorewall.net - fix getenv() modifing $_POST, breaks suhosin badly when register_* is On and variables orde is "GPCS" (default). - change/remove obsoleted patches ------------------------------------------------------------------- Tue Jan 30 11:08:09 CET 2007 - anosek@suse.cz - synced with BuildService * file "session_mm_apache2handler0.sem" written at boot [#229200] (php5-config.patch) * for certain functionality php5-exif requires php5-mbstring * php5-ldap requires php5-openssl * remove LDAP_DEPRECATED from CFLAGS, module already takes care of this. * patch potential HTTP_SESSION_VARS et all hijack when register_globals is On users from suhosin extension are not affected.(php5-session-rgon-hijack.patch) * on 10.2 and up php5-devel should require pcre-devel sqlite-devel sqlite2-devel * php5-devel is mostly useless without autoconf automake libtool bison make gcc. * added patches: phpbug-39350.patch oldhat-phpinputdata-secfix.patch ze2-fixes.patch filter.patch ext-lib64again.patch ------------------------------------------------------------------- Fri Jan 26 11:10:44 CET 2007 - mmarek@suse.cz - fixed string comparison in xmlrpc module (strcmp.patch) - allways apply %%patch9 ------------------------------------------------------------------- Fri Jan 26 11:01:28 CET 2007 - mmarek@suse.cz - updated the curl module from cvs to fix build with curl-7.16 (curl-cvs-fix.patch, dropped gcc.patch) ------------------------------------------------------------------- Tue Dec 19 14:19:28 CET 2006 - anosek@suse.cz - fixed VUL-0: php session.save_path open_basedir bypass [#227569] (save_path-secfix.patch) ------------------------------------------------------------------- Wed Dec 6 16:42:52 CET 2006 - anosek@suse.cz - synced with BuildService * updated Suhosin patch to 0.9.6.2 * updated Suhosin extension to 0.9.16 * fixed php5-devel should provide PECL tool [#204006] * use bundled sqlite in suse versions =< 10.1 (pdo_sqlite stopped working properly with older sqlite3 libs) * do not use zend-multibyte anymore, please refer to phpbug #36711 and associated links, no applications uses this feature in the real world since it is disabled in all other distributions/OS.seems to cause more problems than solutions. * change php.ini, back to short_open_tag =off (the default) the package that depended on this setting no longer does. Also explicitely set the upload_tmp_dir in php.ini to deal with open_basedir recent changes (please refer to phpbug #39123) for the details. * suhosin.ini uses just the default recommended settings ------------------------------------------------------------------- Wed Nov 8 15:15:43 CET 2006 - anosek@suse.cz - created symlinks /usr/bin/php and /usr/bin/pear [#216166] ------------------------------------------------------------------- Tue Nov 7 11:47:40 CET 2006 - mmarek@suse.cz - fixed implicit function decls in suhosin patch (keep the original patch intact and put fixes into separate patch) ------------------------------------------------------------------- Mon Nov 6 10:15:34 CET 2006 - mmarek@suse.cz - updated to 5.2.0 final - merged changes from buildservice (by soporte@onfocus.cl): - updated suhosin to 0.9.10 - added suhosin patch - build with system PCRE if suse_release > 10.1 only [#215610] - suhosin extension does not require PDO - suhosin added to the reccommended list - php5-pspell to require at least aspell-en otherwise is useless [#217272] ------------------------------------------------------------------- Thu Oct 26 12:13:16 CEST 2006 - anosek@suse.cz - php5-sqlite now uses our sqlite and sqlite2 packages to build and not bundled ones [#201440] - updated suhosin to 0.9.9 ------------------------------------------------------------------- Fri Oct 20 17:04:34 CEST 2006 - nadvornik@suse.cz - update to 5.2.0RC6 ------------------------------------------------------------------- Fri Oct 20 00:12:12 CEST 2006 - postadal@suse.cz - reset right path in extension_dir (php5-php-config.patch) ------------------------------------------------------------------- Mon Oct 9 17:53:27 CEST 2006 - postadal@suse.cz - update to version 5.2.0RC5 - added suhosin extension (the hardened php replacement) [#210886] ------------------------------------------------------------------- Sun Oct 8 10:17:53 CEST 2006 - postadal@suse.cz - update to version 5.2.0RC4 * added DSA key generation support to openssl_pkey_new() * updated PCRE to version 6.7 * increased default memory limit to 16 megabytes to accommodate for a more accurate memory utilization measurement * added support for httpOnly flag for session extension and cookie setting functions * added version specific registry keys to allow different configurations for different php version * added "PHPINIDir" Apache directive to apache and apache_hooks SAPIs * added an optional boolean parameter to memory_get_usage() and memory_get_peak_usage() to get memory size allocated by emalloc() or real size of memory allocated from system * moved extensions to PECL (filepro and hwapi) * improved SNMP, OpenSSL extension * improved the Zend memory manager, FastCGI SAPI, CURL, PCRE, PDO, SPL, xmlReader - merged changes from openSUSE build service * build without --enable-sigchild [#206533, php#28294, php#38342] * build CLI with libedit support (really-with-libedit.patch) * tweaked the default config a bit, to make it more secure * removed ini entries related to extensions we don't ship * t1lib is not currently needed for build, we need t1lib5 to do something useful * removeed --enable-ucd-snmp-hack (needed for ucd-snmp, but we use net-snmp) * pdo_odbc provided by php-odbc * php-suse-addons : o PHP5 is unlikely to parse php3 code, remove the file association o corrected apache directive is AddHandler not AddType * dropped extensions: o mysql, mysqli and pdo_mysql provided by php-mysql (reduce package count) o php-pdo_sqlite provided by php-sqlite o php-pdo_pgsql provided by php-pgsql o filepro dropped by upstream * new extension: o filter (kept static and cannot be unloaded, due security reasons) o json (added as Recommended) o zip (it uses a bundled library) - fixed gcc issues (gcc.patch) - droped obsoleted patches: include_path.patch, bug-37720.patch, bug-37306.patch, cgi_bugs.patch, bug-37587.patch, gd-fixes.patch, bug-37416.patch, main_bugs.patch, soap.patch, standard.patch, mbstring_bugs.patch, ze2_bugs.patch, xsl_bugs.patch, curl.patch ------------------------------------------------------------------- Wed Aug 16 14:01:02 CEST 2006 - postadal@suse.cz - fixed build with X11R7 ------------------------------------------------------------------- Wed Jul 26 16:36:05 CEST 2006 - postadal@suse.cz - updated to version 5.1.4 * FastCGI interface was completely reimplemented * multitude of improvements to the SPL, SimpleXML, GD, CURL and Reflection extensions * support for many additional date formats added to the strtotime() * a performance improvements added to the engine and core extensions * added imap_savebody() that allows message body to be written to a file * added lchown() and lchgrp() to change user/group ownership of symlinks * upgraded bundled PCRE library to version 6.6 - merged changes from openSUSE build service * removed unneeded sablot-devel,sqlite-devel,pcre-devel,fam-devel and libmcal from BuildRequires * added php-ctype,php-dom,php-iconv,php-pdo,php-pdo_sqlite,php-sqlite, php-tokenizer,php-xmlreader,php-xmlwriter to Recommends * added php-mbstring php-gd php-pear php-gettext php-mysqli to Suggests * added support for optional readline(libedit) for CLI (disabled by default) * patches for zendengine (ze2_bugs.patch), xsl (xsl_bugs.patch), curl (curl.patch) and mbstring bugs (mbstring_bugs.patch), big soap patch (soap.patch) * removed obsoleted patches * fixed Safe Mode Bypass [#188243] (standard.patch) * upstream patches [php#37306, php#37416, php#37587, php#37720] [php#37576, php#37496, php#37341, php#37313, php#37256] (cgi_bugs.patch) [php#37346, php#37360] (gd-fixes.patch) * fixed build inconsistences, added php-hash module [#173023] * added pdo_odbc.so to php-odbc module [#190614] * build without explicit safe_mode and magic_quotes (unneeded) * removed useless GD --with-ttf configure option, only suitable for freetype 1 ------------------------------------------------------------------- Fri Jun 9 12:54:47 CEST 2006 - poeml@suse.de - fix BuildRequires to build on SUSE Linux 10.1, 10.0, 9.3 - use the -fstack-protector compile switch only on 10.0 and newer ------------------------------------------------------------------- Thu May 11 12:55:32 CEST 2006 - postadal@suse.cz - fixed memory leak in imagecreatefromgif() [#173451] (phpbug-37346.patch) - fixed possibility of a wrong element being deleted by zend_hash_del() [#175976] (zend_hash_del.patch) - fixed substr_compare() when offset equals string length [#169038, php#37394] (CVE-2006-1991, phpbug-37394.patch) - fixed _emalloc() on 64bit archs [#169038] (emalloc.patch) ------------------------------------------------------------------- Wed May 3 15:16:05 CEST 2006 - postadal@suse.cz - fixed completely broken SplTempFileObject [php#37257] (phpbug-37257.patch) - fixed problem with with $_POST array [php#37276] (phpbug-37276.patch) ------------------------------------------------------------------- Wed Apr 12 15:24:24 CEST 2006 - postadal@suse.cz - fixed security problem in copy() and tempname() [#164845] (CVE-2006-1494-1608.patch) - fixed phpinfo() XSS [#164804] (CVE-2006-0996.patch) - fixed memory leak in html_entity_decode [#161718] (CVE-2006-1490.patch) - fixed multiple imap safemode and open_basedir restriction bypass [#154317] (CVE-2006-1017.patch) ------------------------------------------------------------------- Mon Mar 27 17:39:43 CEST 2006 - postadal@suse.cz - fixed buffer overrun in ftp_fopen_wrapper (ftp_fopen_wrapper.patch) ------------------------------------------------------------------- Tue Mar 14 11:44:04 CET 2006 - postadal@suse.cz - added updating APACHE_MODULES in /etc/sysconfig/apache2 [#155333] - added forgotten regenerated sources for (parse_date.patch and phpbug-36459.patch) - fixed upstream bugs: [php#36420] (phpbug-36420) - segfault when access result->num_rows after calling result->close() (mysqli-64bit.patch) - fixed a 64-bit problem ------------------------------------------------------------------- Fri Mar 3 14:13:13 CET 2006 - postadal@suse.cz - fixed a possible null injection in mbstring (mbstring-null_injection.patch) - fixed upstream bugs: [mysql#16144] (phpbug-16144) - fix for MySQL 5.1 (mysql_stmt_attr_get) [php#36656] (phpbug-36656) - http_build_query generates invalid URIs due to use of square brackets [php#36396,36510,36510,36638] (parse_date.patch) - fixed few bugs in date/time parsing (string.patch) - added overflow checks to wordwrap() function [php#36459] (phpbug-36459) - incorrect adding PHPSESSID to links, which contains \r\n ------------------------------------------------------------------- Fri Mar 3 14:13:13 CET 2006 - postadal@suse.cz - added php5-openssl to php5-ftp Requires [#154273] - added safe_mode num of parameter check for mb_send_mail [#154315] ------------------------------------------------------------------- Fri Feb 10 19:32:13 CET 2006 - postadal@suse.cz - fixed upstream bugs: [php#36306] (phpbug-36306.patch) - fixed crc32() for 64bit arch [php#36351] (phpbug-36351.patch) - parse_url() did not parse numeric paths properly (spl_directory.patch) [php#35998] - getPathname() method always returns unix style filenames [php#36134] - DirectoryIterator constructor failed to detect empty directory names [php#36258] - SplFileObject::getPath() may lead to segfault [php#36287] [php#36295] [php#36359] - splFileObject::fwrite() doesn't write when no data length specified (session2.patch) - fixed logic, if the client already sent us the cookie, we don't need to send it again (soap.patch) [php#36226, php#36083, php#36283] (math.patch, simplexml.patch, mbstring.patch, zend_operators.patch, xp_socket.patch) - initialize variables ------------------------------------------------------------------- Sat Feb 4 16:51:18 CET 2006 - postadal@suse.cz - removed gd-devel from BuildRequires (better used bundled modified gd lib) - fixed upstream bugs: [php#36268] (phpbug-36268.patch) [php#36148] (phpbug-36148.patch) [php#36185] (phpbug-36185.patch) [php#36208] (phpbug-36208.patch) [php#36158] (phpbug-36158.patch) ------------------------------------------------------------------- Tue Jan 31 14:08:55 CET 2006 - postadal@suse.cz - reverted default value for short_open_tag to On [#145895] ------------------------------------------------------------------- Mon Jan 30 18:05:13 CET 2006 - postadal@suse.cz - fixed upstream bugs: [php#36176] (phpbug-36176.patch) (pdo.patch) - properly rewrite queries where a bound parameter appears more then once ------------------------------------------------------------------- Mon Jan 30 13:59:35 CET 2006 - poeml@suse.de - removed libapr-util1-devel from BuildRequires (apache2-devel does require it) ------------------------------------------------------------------- Wed Jan 25 21:40:11 CET 2006 - mls@suse.de - converted neededforbuild to BuildRequires ------------------------------------------------------------------- Tue Jan 24 16:03:31 CET 2006 - postadal@suse.cz - added php5-pdo to requires for pdo_mysql, pdo_pgsql, pdo_sqlite and sqlite and php5-dom to requires for xmlreader and xsl [#144360] - revert name of extensions (appended suffix .so) [#143552] - removed _FILE_OFFSET_BITS=64 and _LARGEFILE_SOURCE from CFLAGS (doesn't work with apache2 configuration, which uses libapr with native support for large files) [#144362] - added -fstack-protector ------------------------------------------------------------------- Mon Jan 23 17:28:34 CET 2006 - postadal@suse.cz - added forgoted extension xmlwrite - gave back simple dot to include_path [#129682] - fixed upstream bugs: [php#36071] (phpbug-36011.patch) [php#36016] (phpbug-36016.patch) - realpath cache memleaks [php#36071] (phpbug-36071.patch) - Zend engine crash related with 'clone' (zend-fix.patch) - fix issues with static method invocation - ce_child is properly initialized [php#36046] (phpbug-36046.patch) - parse_ini_file() miscounts lines in multi-line values [php#36037] (phpbug-36037.patch) - heredoc adds extra line number [php#36006] (phpbug-36006.patch) - problem with $this in __destruct() (gd.patch) - improve open_basedir checks in GD [php#36007] (phpbug-36007.patch) - added new mysqli constants for BIT and NEW_DECIMAL field types (for mysql 5) (session.patch) - check for special characters in the session name (xmlreader.patch) - 64bit fixes ------------------------------------------------------------------- Thu Jan 19 17:41:37 CET 2006 - postadal@suse.cz - disable discard-path for fastcgi binary [#143564] ------------------------------------------------------------------- Wed Jan 18 22:15:00 CET 2006 - postadal@suse.cz - updated to version 5.1.2 - removed obsoleted patches: CAN-2005-1042_1043.patch, CVE-2005-3353.patch, openssl.patch, soap.patch, pdo.patch, simplexml.patch, curl.patch, ze.patch - added pdo, pdo_mysql, pdo_pgsql, pdo_sqlite extensions ------------------------------------------------------------------- Tue Jan 17 19:30:45 CET 2006 - mrueckert@suse.de - remove apache2-mod_fastcgi from nfb it seems to be unused ------------------------------------------------------------------- Sat Jan 14 18:50:37 CET 2006 - kukuk@suse.de - Add gmp-devel to nfb ------------------------------------------------------------------- Tue Jan 10 01:59:39 CET 2006 - ro@suse.de - avoid rpath /usr/ssl/lib in curl ext ------------------------------------------------------------------- Wed Jan 4 15:16:03 CET 2006 - postadal@suse.cz - updated to version 5.1.1 [#135635, #139297] - removed obsoleted patches: php5-with_lib.patch, soap.patch, posix.patch, gcc4.patch, save_path-segfault.patch, basedir-fix.patch, RPC-CAN-2005-1921.patch, RPC-CAN-2005-2498.patch, pcre-overflow-bug-106209.patch, CVE-2005-3388.patch, CVE-2005-3389.patch, CVE-2005-3390.patch, mod_rewrite-fix.patch, mbstring.patch, CVE-2005-3391.patch, CVE-2005-3392.patch, errordocument-fix.patch - removed sqlite2 from build dependencies and added libtidy libtidy-devel - removed dbx, fam, yp, dio extensions (upstream deprecated) - added dba, tidy and xmlreader extensions - renamed libphp5.so -> mod_php5.so (need it for yast module) - added upstream patches: openssl.patch [php#35381] soap.patch [php#35399] pdo.patch [php#35431, php#35430] simplexml.patch [php#35028] curl.patch [php#35908] ze.patch [php#35393] - updated pear sources install-pear-nozlib.phar - package CLI instad CGI binaries [#137443] - reverted last changes (problem caused curl-devel package) ------------------------------------------------------------------- Thu Dec 15 11:19:59 CET 2005 - mmarek@suse.cz - provide php-pear in php5-pear - add /usr/share/php5/PEAR to include path ------------------------------------------------------------------- Tue Dec 6 23:54:12 CET 2005 - postadal@suse.cz - fixed [php#33987] bug (php script as ErrorDocument causes crash in Apache 2). ------------------------------------------------------------------- Mon Dec 5 14:54:25 CET 2005 - postadal@suse.cz - fixed unexpected header can be injected to mb_send_mail() [#135673] (mbstring.patch) - added safe_mode checks for image* functions and cURL [#135673] (CVE-2005-3391.patch) - fixed possible INI setting leak via virtual() in Apache 2 sapi [#135673] (CVE-2005-3392.patch) ------------------------------------------------------------------- Tue Nov 29 17:31:28 CET 2005 - mmarek@suse.cz - build with flex-old until upstream fixes build with flex-2.5.31 ------------------------------------------------------------------- Mon Nov 28 16:36:21 CET 2005 - postadal@suse.cz - fixed CVE-2005-3388.patch [#131578] ------------------------------------------------------------------- Fri Nov 25 15:55:34 CET 2005 - postadal@suse.cz - fixed segfaulting with mod_rewrite [#135480] (mod_rewrite-fix.patch) ------------------------------------------------------------------- Tue Nov 22 14:30:27 CET 2005 - uli@suse.de - define ARM FP(A) endianness correctly ------------------------------------------------------------------- Tue Nov 15 15:44:00 CET 2005 - mmarek@suse.cz - fixed infinite recursion in exif code [#132684] (CVE-2005-3353.patch) - fixed XSS in phpinfo() [#131578] (CVE-2005-3388.patch) - fixed register_globals actvation in parse_str() [#131579] (CVE-2005-3389.patch) - fixed possible $GLOBALS overwrite [#131580] (CVE-2005-3390.patch) - fixed handling basedirs that end with a / [#118976] (basedir-fix.patch) - fixed segfaulting when save_path is set and safe_mode is On [#130227] (save_path-segfault.patch) ------------------------------------------------------------------- Tue Oct 25 14:32:09 CEST 2005 - rhafer@suse.de - added LDAP_DEPRECATED to CFLAGS to build correctly with OpenLDAP 2.3 ------------------------------------------------------------------- Fri Oct 14 16:02:56 CEST 2005 - postadal@suse.cz - fixed recode extension [#120087] (recode-fix.patch) - enabled _GNU_SOURCE for compiling ------------------------------------------------------------------- Wed Oct 12 14:00:59 CEST 2005 - postadal@suse.cz - fixed implicit declaration (gcc4.patch) ------------------------------------------------------------------- Mon Oct 10 16:15:05 CEST 2005 - postadal@suse.cz - fixed uninitialized variables (gcc4.patch) ------------------------------------------------------------------- Thu Sep 1 15:58:30 CEST 2005 - postadal@suse.cz - added security patch pcre-overflow-bug-106209.patch for internal libpcre and statically linked against it [#114157] - added include_path = "/usr/share/php" to php.ini [#114406] ------------------------------------------------------------------- Thu Aug 25 14:15:14 CEST 2005 - postadal@suse.cz - linked with system pcre libs (pcre-fix.patch) [#112645] ------------------------------------------------------------------- Thu Aug 18 17:28:55 CEST 2005 - postadal@suse.cz - fixed XML RPC command injection (#94579, CAN-2005-192 and #104403, CAN-2005-2498) ------------------------------------------------------------------- Tue Aug 9 16:36:01 CEST 2005 - mls@suse.de - removed compat from neededforbuild ------------------------------------------------------------------- Tue Aug 2 14:20:37 CEST 2005 - tcrhak@suse.cz - dropped php4-dba and php4-readline due to license problems (bug #91489) - compile without -DPHP_AP_DEBUG (bug #95502) - fixed php-config to return a correct includes path (patch php5-php-config) - fixed a sigsegv in the soap extension (bug #99268, patch php5-soap) ------------------------------------------------------------------- Mon Apr 25 11:42:25 CEST 2005 - mcihar@suse.cz - added pspell subpackages ------------------------------------------------------------------- Tue Apr 19 12:30:40 CEST 2005 - mcihar@suse.de - update tarball to rereleased one which contains missing file ------------------------------------------------------------------- Sat Apr 9 10:54:19 CEST 2005 - aj@suse.de - Compile with GCC4. ------------------------------------------------------------------- Mon Apr 4 14:09:45 CEST 2005 - mcihar@suse.cz - update to 5.0.4 - drop patches merged upstream - add RunTests.php missing from upstream tarball ------------------------------------------------------------------- Thu Mar 17 17:45:39 CET 2005 - mcihar@suse.cz - fix path to configuration files ------------------------------------------------------------------- Mon Mar 14 16:14:42 CET 2005 - mcihar@suse.cz - do not build CLI with all GCI stuff - fix build when extensions are built as *.so instead of just * - use different php.ini for each SAPI, this is needed for giving CLI more space to live (bug #72311) ------------------------------------------------------------------- Wed Mar 9 16:39:33 CET 2005 - mcihar@suse.cz - provide compiled in modules ------------------------------------------------------------------- Mon Mar 7 13:20:02 CET 2005 - mcihar@suse.cz - fix path to php5 binary in pear5 script (bug #71044) ------------------------------------------------------------------- Thu Mar 3 18:01:29 CET 2005 - mcihar@suse.de - realy enable xml module ------------------------------------------------------------------- Tue Mar 1 11:38:31 CET 2005 - mcihar@suse.cz - provide only mod_php_any in apache module (bug #66729) ------------------------------------------------------------------- Mon Feb 21 15:02:04 CET 2005 - mcihar@suse.cz - fix some compile time warnings ------------------------------------------------------------------- Thu Feb 10 15:24:02 CET 2005 - mcihar@suse.cz - add zlib dependency to pear (bug #50697) ------------------------------------------------------------------- Wed Feb 9 15:52:45 CET 2005 - mcihar@suse.cz - use correct path to apache2_MMN - comment some patches - update README.SUSE - drop unused sce_install - each extension now provides also unversioned symbol, to allow not to depend on specific php version - drop MIME type change as both php modules don't work together anyway ------------------------------------------------------------------- Tue Feb 8 15:16:51 CET 2005 - mcihar@suse.cz - drop actually unused patches - fix build on ia64 (endians patch, stolen from cvs) (still doesn't build due to missing current MySQL) - fix build on lib64 machines ------------------------------------------------------------------- Mon Feb 7 17:48:22 CET 2005 - mcihar@suse.cz - initial packaging of php5 - suse addons are now in tarball instead of patch - reorganize patches - simplified build system ------------------------------------------------------------------- Wed Jan 26 17:24:48 CET 2005 - mcihar@suse.cz - update asp2php - drop lynx from buildrequires ------------------------------------------------------------------- Tue Jan 11 17:48:38 CET 2005 - mcihar@suse.cz - fix broken int unserializing on 64-bit (bug #49617) ------------------------------------------------------------------- Fri Dec 17 17:53:37 CET 2004 - poeml@suse.de - update to 4.3.10 - for apache module, pick up CFLAGS from apxs [#49356] - drop obsolete php-4.3.9RC3.diff - update lib64.diff - fix return type in php_sprintf() - don't apply php-4.3.8-snmp.diff - do not clean buildroot in buildsystem to facilitate debugging - fix PreRequires (sce_install_path) [#46664] ------------------------------------------------------------------- Thu Nov 18 15:40:36 CET 2004 - ro@suse.de - use kerberos-devel-packages ------------------------------------------------------------------- Thu Nov 4 16:07:12 CET 2004 - ro@suse.de - added rpm-devel,popt-devel,tcpd,tcpd-devel to neededforbuild (for snmp) ------------------------------------------------------------------- Tue Oct 05 13:09:59 CEST 2004 - pmladek@suse.cz - added /usr/lib/php/sce_install to prerequires of php4-swf; it is in the package php4-32bit on x86_64 [#46475] ------------------------------------------------------------------- Thu Sep 23 20:21:17 CEST 2004 - tcrhak@suse.cz - security fix for array parsing (bug #45710) and some other fixes from php-4.3.9RC3 (patch 4.3.9RC3) - removed the #%endif causing syntax error during /usr/lib/php/sce_install (bug #45589) - /var/lib/php is now owned by wwwrun (bug #45360) - reverted dlopen flag back to RTLD_GLOBAL (bugs #39197 and #41866), php4-recode now conflicts with php4-imap, php4-mysql and apache2-mod_auth_mysql, mod_php4-core does not require php4-recode any more - dropped php4-dba and php4-readline due to license poblems (bug #45654) ------------------------------------------------------------------- Fri Sep 17 16:02:17 CEST 2004 - tcrhak@suse.cz - added tomcat5 to the Requires of php4-servlet ------------------------------------------------------------------- Wed Sep 15 13:47:36 CEST 2004 - tcrhak@suse.cz - removed the build dependency on tomcat5 - added tomcat5 directories to filelist - enabled iconv for the other archs ------------------------------------------------------------------- Tue Sep 14 16:50:54 CEST 2004 - skh@suse.de - use new JPackage packages tomcat5 and servletapi5 to build ------------------------------------------------------------------- Fri Sep 10 15:58:26 CEST 2004 - tcrhak@suse.cz - do not source setJava ------------------------------------------------------------------- Fri Sep 03 15:16:42 CEST 2004 - tcrhak@suse.cz - update to 4.3.8 - added module dbx (bug #43972) - use system gd library, includes "GIF Create Support" (bug #44001) - disallow persistant connections by default (bug #34849) - use /var/lib/php for php sessions by default (bug #36886) - php modules need to prereq sce_install (bug #43994) ------------------------------------------------------------------- Thu Aug 19 16:52:42 CEST 2004 - aj@suse.de - Remove broken cat commands from post section: * no requires for them * no need to execute them ------------------------------------------------------------------- Mon Aug 16 14:18:01 CEST 2004 - ro@suse.de - fix build with updated libcurl: use current instead of deprecated type for curl_httppost ------------------------------------------------------------------- Tue Jun 8 15:39:32 CEST 2004 - ro@suse.de - removed mod_dav from neededforbuild - removed mod_php4 package (mod_php4-core is probably obsolete too) ------------------------------------------------------------------- Tue May 04 13:10:24 CEST 2004 - tcrhak@suse.cz - build with postfix instead of sendmail ------------------------------------------------------------------- Thu Apr 29 23:58:25 CEST 2004 - ro@suse.de - remove apache1 related parts ------------------------------------------------------------------- Fri Apr 23 13:54:49 CEST 2004 - tcrhak@suse.cz - added sendmail to neededforbuild, so that mail() is defined (bug #39153) - dlopen php modules with RTLD_LOCAL (fixes bug #39197) ------------------------------------------------------------------- Wed Mar 31 09:13:21 CEST 2004 - tcrhak@suse.cz - added php module recode (bug #36573) - fixed requires of mod_php4-apache2 (bug #37041) ------------------------------------------------------------------- Mon Mar 22 22:40:01 CET 2004 - ro@suse.de - build-fix for jakarta-tomcat from skh - removed apache-contrib from neededforbuild (dropped) ------------------------------------------------------------------- Tue Mar 16 12:03:36 CET 2004 - tcrhak@suse.cz - removed --enable-versioning (fixes bug #35716) - do not build servlet for ia64, ppc and ppc64 ------------------------------------------------------------------- Fri Mar 05 16:20:39 CET 2004 - tcrhak@suse.cz - modularized - updated to version 4.3.4 - added fastcgi - added PHP4 module sockets - added PHP4 module mime_magic (bug #34134) - php binary is now CLI, not CGI (bug #34152) ------------------------------------------------------------------- Wed Feb 18 14:57:33 CET 2004 - ro@suse.de - use jakarta-tomcat4 ------------------------------------------------------------------- Mon Feb 16 01:02:49 CET 2004 - ro@suse.de - use unixODBC instead of iodbc ------------------------------------------------------------------- Tue Feb 10 23:51:35 CET 2004 - poeml@suse.de - fix symbol exports for apache2 - add -fno-strict-aliasing to CFLAGS, due to code where dereferencing type-punned pointers would break strict aliasing - fix test load of apache2 module (the LoadModule statement went into the wrong place) ------------------------------------------------------------------- Sun Feb 8 20:43:46 CET 2004 - schwab@suse.de - Fix symbol exports. - Also look for BEAJava2 directory. - Fix quoting. ------------------------------------------------------------------- Thu Jan 22 01:33:57 CET 2004 - ro@suse.de - fix build with current automake ------------------------------------------------------------------- Fri Jan 16 12:57:14 CET 2004 - kukuk@suse.de - Add pam-devel to neededforbuild ------------------------------------------------------------------- Tue Jan 13 16:28:22 CET 2004 - ro@suse.de - remove subpackage aolserver - fix build with current freetype ------------------------------------------------------------------- Mon Nov 10 15:55:51 CET 2003 - ro@suse.de - use net-snmp instead of ucdsnmp ------------------------------------------------------------------- Thu Oct 30 09:04:02 CET 2003 - tcrhak@suse.cz - ad previous fix: create the directory ------------------------------------------------------------------- Wed Oct 29 17:12:34 CET 2003 - tcrhak@suse.cz - added %{_libdir}/php/bin to file list of mod_php4-core ------------------------------------------------------------------- Mon Sep 22 18:11:58 CEST 2003 - mls@suse.de - remove 'Obsoletes: mod_php' from mod_php4, otherwise rpmv4 makes mod_php4 conflict with apache2-mod_php4 ------------------------------------------------------------------- Tue Sep 16 15:22:13 CEST 2003 - tcrhak@suse.cz - update to version 4.3.3 ------------------------------------------------------------------- Mon Sep 01 19:52:02 CEST 2003 - tcrhak@suse.cz - expand rpm macros in /etc/httpd/modules/mod_php4 [bug #29664] ------------------------------------------------------------------- Thu Aug 21 19:48:24 CEST 2003 - tcrhak@suse.cz - update to version 4.3.2 - use BuildRoot - added activation metadata to sysconfig [bug #28827] ------------------------------------------------------------------- Mon Aug 18 14:16:11 CEST 2003 - poeml@suse.de - add README.{SuSE,UnitedLinux} [#25888] - don't explicitely strip binary objects, because RPM does it anyway, and it might keep the stripped debugging info somewhere. - don't try to install a file in /etc/apache2/modules/ (it's gone) ------------------------------------------------------------------- Mon Jun 30 12:14:50 CEST 2003 - ro@suse.de - always use libtool to compile objects - added directories to filelist ------------------------------------------------------------------- Thu Apr 10 12:58:19 CEST 2003 - tcrhak@suse.cz - use 'head -n 1' instead of 'head -1' - added mhash support ------------------------------------------------------------------- Wed Mar 26 19:28:31 CET 2003 - tcrhak@suse.cz - fixed path in script phpize - fixed ext/mysql/config.m4 ------------------------------------------------------------------- Thu Mar 13 16:46:58 CET 2003 - tcrhak@suse.cz - fixed order of Type and Define in sysconfig metadata - readded subpackage servlet (patch servlet) - reenabled support for swf - install swf fonts, use proper SWFFONTPATH (bug #18057, patch swf) ------------------------------------------------------------------- Tue Mar 4 16:42:57 CET 2003 - poeml@suse.de - the apache2 module requires the apache2-prefork MPM ------------------------------------------------------------------- Thu Feb 20 14:39:51 CET 2003 - tcrhak@suse.cz - security update to version 4.3.1 - fixes a CGI vulnerability - added sysconfig metadata [bug #22604] ------------------------------------------------------------------- Fri Feb 14 13:46:32 CET 2003 - tcrhak@suse.cz - added php3, php4 to DirectoryIndex [bug #22066] ------------------------------------------------------------------- Thu Feb 13 23:40:55 CET 2003 - ro@suse.de - really disable (empty) subpackage servlet ------------------------------------------------------------------- Wed Feb 12 15:03:09 CET 2003 - poeml@suse.de - rename subpackage mod_php4_2 to apache2-mod_php4 ------------------------------------------------------------------- Tue Feb 11 14:23:10 CET 2003 - poeml@suse.de - call the new /usr/share/apache2/get_module_list script to configure apache2, so the test can be passed ------------------------------------------------------------------- Wed Jan 15 16:28:35 CET 2003 - ro@suse.de - use sasl2 ------------------------------------------------------------------- Fri Jan 10 15:50:43 CET 2003 - poeml@suse.de - don't built -servlet for now, needs work - swf.h has vanished from ./dist/include/, and I can't find another one --> disabling swf support ------------------------------------------------------------------- Thu Jan 9 01:52:13 CET 2003 - poeml@suse.de - update to 4.3.0 - GD library is now bundled with the distribution and it is recommended to always use the bundled version - vpopmail and cybermut extensions are moved to PECL - several deprecated extensions (aspell, ccvs, cybercash, icap) and SAPIs (fastcgi, fhttpd) are removed - speed improvements in a variety of string functions - Apache2 filter is improved, but is still considered experimental (use with PHP in prefork and not worker (thread) model since many extensions based on external libraries are not thread safe) - various security fixes (imap, mysql, mcrypt, file upload, gd, etc) - new SAPI for embedding PHP in other applications (experimental) - much better test suite - significant improvements in dba, gd, pcntl, sybase, and xslt extensions - debug_backtrace() should help with debugging - error messages now contain URLs linking to pages describing the error or function in question - Zend Engine has some fixes and minor performance enhancements - and TONS of other fixes, updates, new functions, etc - build apache2 module - QtDOM support is now in qt3, and therefore we need to link against libqt-mt - merge the lib64 patch, hope it's complete - gd lib is now bundled, and preferred for building - adjust the Provides of the -core package ------------------------------------------------------------------- Thu Nov 21 18:35:27 CET 2002 - ro@suse.de - make it build with current automake ------------------------------------------------------------------- Wed Oct 16 18:54:17 CEST 2002 - tcrhak@suse.cz - added support for readline - added support for iconv and mbstrings [bugs #19861 and #19862] ------------------------------------------------------------------- Fri Sep 27 20:04:33 CEST 2002 - tcrhak@suse.cz - added type .php3 to apache mod_php4.conf ------------------------------------------------------------------- Wed Sep 18 01:50:00 CEST 2002 - ro@suse.de - removed bogus self-provides ------------------------------------------------------------------- Tue Sep 03 22:47:14 CEST 2002 - tcrhak@suse.cz - fixed to build on 64 bit archs ------------------------------------------------------------------- Fri Aug 23 17:25:57 CEST 2002 - tcrhak@suse.cz - fixed to build on non-i386 archs - added dynamic extensions to the file list of subpackage core ------------------------------------------------------------------- Tue Aug 20 11:07:14 CEST 2002 - tcrhak@suse.cz - added PreReq ------------------------------------------------------------------- Tue Aug 13 21:44:12 CEST 2002 - kukuk@suse.de - Remove unused qt2 from neededforbuild ------------------------------------------------------------------- Wed Aug 7 17:26:24 CEST 2002 - uli@suse.de - fixed to build on lib64 archs (still broken on nearly all archs due to other problems) ------------------------------------------------------------------- Mon Aug 5 11:54:12 CEST 2002 - ro@suse.de - use "-follow" when searching for jni.h ------------------------------------------------------------------- Sun Jul 28 08:49:53 CEST 2002 - kukuk@suse.de - remove unused gdb from neededforbuild ------------------------------------------------------------------- Sat Jul 27 13:52:07 CEST 2002 - adrian@suse.de - fix neededforbuild ------------------------------------------------------------------- Fri Jul 26 11:42:15 CEST 2002 - kukuk@suse.de - Add imap-lib to neededforbuild ------------------------------------------------------------------- Tue Jul 23 15:53:20 CEST 2002 - tcrhak@suse.cz - update to version 4.2.2 - update of asp2php to version 0.76.12 - detect the module magic number if provided by apache, indicating API changes, and add an RPM Require on it - add compiled extensions (currently gd.so, as it is build shared by a previous change by bk@suse.de) to php.ini and filelist ------------------------------------------------------------------- Fri Jul 5 10:43:32 CEST 2002 - kukuk@suse.de - Use %ix86 macro ------------------------------------------------------------------- Tue May 28 02:09:57 CEST 2002 - ro@suse.de - replaced /opt/jakarta with /opt/jakarta/tomcat ------------------------------------------------------------------- Mon May 27 18:19:38 CEST 2002 - ro@suse.de - first try for lib64 ------------------------------------------------------------------- Mon May 27 16:25:28 CEST 2002 - bk@suse.de - use shared libgd on all archs ------------------------------------------------------------------- Sat Mar 23 09:59:10 CET 2002 - ro@suse.de - removed unixODBC stuff, was never used (iodbc is used) ------------------------------------------------------------------- Fri Mar 15 11:51:11 CET 2002 - tcrhak@suse.cz - added %{_datadir}/lib/php and extension dir to devel filelist ------------------------------------------------------------------- Mon Mar 4 12:28:32 CET 2002 - okir@suse.de - security fix ------------------------------------------------------------------- Fri Feb 22 14:27:51 CET 2002 - tcrhak@suse.cz - Killed %{release} from "Requires" tags. ------------------------------------------------------------------- Fri Feb 1 00:26:05 CET 2002 - ro@suse.de - changed neededforbuild to ------------------------------------------------------------------- Mon Jan 28 12:40:33 CET 2002 - ro@suse.de - added des to neededforbuild ------------------------------------------------------------------- Mon Jan 28 01:35:33 CET 2002 - ro@suse.de - added heimdal stuff to build ------------------------------------------------------------------- Wed Jan 23 01:59:36 CET 2002 - ro@suse.de - try to build with db-devel in neededforbuild ------------------------------------------------------------------- Thu Jan 17 01:07:13 CET 2002 - ro@suse.de - adapted for /etc/sysconfig/apache ------------------------------------------------------------------- Thu Dec 20 14:16:12 CET 2001 - tcrhak@suse.cz - update to 4.1.0 - no mm support for aol and servlet (mm is not ZTS in 4.1 yet) - patched acinclude.m4 to find the very dir for mysql libraries - added `php-config --extension-dir` to core files ------------------------------------------------------------------- Thu Dec 10 17:56:38 CEST 2001 - tcrhak@suse.cz - fixed extension section ------------------------------------------------------------------- Thu Dec 6 17:05:27 CEST 2001 - tcrhak@suse.cz - added section [extension section] to php.ini - fixed options given to configure ------------------------------------------------------------------- Tue Dec 4 16:34:25 CEST 2001 - tcrhak@suse.cz - fixed configure.in and config.m4's for autoconf 2.52 - added libtoolize, autoconf, autoheader - used setJava to find JAVA_HOME - TTF - bug 9523 - gd - bug 12226 - changed the order in which subpackages (for Servers) are built, - so that the devel package corresponds to core - (=> experimental-zts disabled) - moved phpize to the devel package (fixed for autoconf 2.52) - added files needed by phpize to the devel package ------------------------------------------------------------------- Mon Dec 3 14:57:15 CET 2001 - ro@suse.de - changed servlet dir for configure with jakarta ------------------------------------------------------------------- Mon Dec 3 09:31:42 CET 2001 - ro@suse.de - fixed neededforbuild to ------------------------------------------------------------------- Tue Nov 20 16:47:27 CET 2001 - rolf@suse.de - changes to make IA64 work - exclude subpackages AOL and Servlet from AXP ------------------------------------------------------------------- Mon Nov 19 00:51:02 CET 2001 - ro@suse.de - fix to find java ------------------------------------------------------------------- Wed Nov 14 17:41:40 CET 2001 - rolf@suse.de - new subpackage -devel with include files ------------------------------------------------------------------- Mon Nov 12 17:22:02 CET 2001 - ro@suse.de - hack for libxml2 include location ------------------------------------------------------------------- Fri Oct 26 01:36:56 CEST 2001 - ro@suse.de - use qt2 for qtdom (but aparently that is not built anyway) ------------------------------------------------------------------- Thu Oct 25 01:06:13 CEST 2001 - ro@suse.de - try neededforbuild alias apache-devel-packages ------------------------------------------------------------------- Tue Sep 11 00:01:57 CEST 2001 - ro@suse.de - remove roxen subpackage roxen is not in the distribution currently ------------------------------------------------------------------- Wed Aug 22 13:11:37 CEST 2001 - ro@suse.de - removed pdflib from neededforbuild (license problems) ------------------------------------------------------------------- Tue Aug 14 09:26:15 CEST 2001 - ro@suse.de - pear: changed header to look for php in "bindir" not "prefix/bin" to fix requires ------------------------------------------------------------------- Mon Aug 13 16:34:01 CEST 2001 - kukuk@suse.de - Don't conflict with packages we are providing ------------------------------------------------------------------- Thu Aug 9 15:34:21 CEST 2001 - kukuk@suse.de - Fix search for installed java directory ------------------------------------------------------------------- Tue Jul 24 12:13:56 CEST 2001 - rolf@suse.de - new subpackage mod_php4-aolserver for use of PHP4 with AOL server - disable-debug so Zend optimizer can work ------------------------------------------------------------------- Thu Jul 5 14:24:21 CEST 2001 - rolf@suse.de - update to php 4.0.6 - apply memlimit patch - new subpackage mod_php4-servlet for use of PHP4 as JAVA servlet with tomcat - new options: --with-gmp, --with-dom, mbstring ------------------------------------------------------------------- Mon Jun 25 15:44:59 CEST 2001 - rolf@suse.de - fixed bug with pdflib which also fixes [BUG#8246] ------------------------------------------------------------------- Tue Jun 19 12:21:12 CEST 2001 - rolf@suse.de - new version 4.0.5 - disable pgsql for roxen, as it is broken - mysql bug fixed in this release [BUG#6839] - move stuff to /usr/share/php [BUG#8352] - now Provides: mod_php as well [BUG#8911] ------------------------------------------------------------------- Sat May 12 18:29:28 CEST 2001 - schwab@suse.de - Use new readline interface. ------------------------------------------------------------------- Tue May 8 17:11:44 CEST 2001 - mfabian@suse.de - bzip2 sources ------------------------------------------------------------------- Tue May 1 17:29:20 CEST 2001 - kukuk@suse.de - disable adabas support ------------------------------------------------------------------- Thu Apr 26 02:26:23 CEST 2001 - ro@suse.de - neededforbuild: curl_ssl-devel -> curl-devel ------------------------------------------------------------------- Sun Apr 8 21:09:52 CEST 2001 - poeml@suse.de - fix Requires (rearrange tags to define them before using them) - fix spec file typo ------------------------------------------------------------------- Tue Mar 27 12:04:43 MEST 2001 - rolf@suse.de - spin off subpackage mod_php4-core which is required by apache and roxen modules now - moved config file to /etc/php.ini for all php4 modules - sybase support conflicts with Adabas D support - Ingres support is for Ingres II only - added t1lib support [BUG#6212] - updated asp2php 0.75.13 - make us of suse_loadmodule for testing - added /usr/bin/php to core package [BUG#6648] ------------------------------------------------------------------- Wed Mar 21 23:27:14 CET 2001 - ro@suse.de - changed neededforbuild to freetype2 ------------------------------------------------------------------- Thu Mar 15 14:16:49 CET 2001 - ro@suse.de - build with openldap2 ------------------------------------------------------------------- Thu Mar 15 01:08:35 CET 2001 - ro@suse.de - fixed neededforbuild for openldap ------------------------------------------------------------------- Mon Mar 5 23:58:57 CET 2001 - ro@suse.de - use -fPIC ------------------------------------------------------------------- Fri Feb 23 16:24:24 CET 2001 - ro@suse.de - changed neededforbuild to ------------------------------------------------------------------- Fri Feb 23 00:10:25 CET 2001 - ro@suse.de - added readline/readline-devel to neededforbuild (split from bash) ------------------------------------------------------------------- Thu Feb 15 18:06:52 MET 2001 - rolf@suse.de - new features imap-ssl, bz2, qtdom, ctype, debug, force-cgi-redirect, discard_path, sigchild, gd-imgstrttf - added apache-mod_php4.rc.config - added /etc/httpd/modules/mod_php4 ------------------------------------------------------------------- Wed Jan 17 19:28:46 MET 2001 - rolf@suse.de - add libpdf support ------------------------------------------------------------------- Tue Jan 16 13:06:31 MET 2001 - rolf@suse.de - update to 4.0.4pl1 due to security issue [BUG#5760] - remove number4.tar.gz, no longer needed ------------------------------------------------------------------- Fri Jan 12 11:36:19 MET 2001 - rolf@suse.de - need expat to compile [BUG#5104] - subpackage for roxen module ------------------------------------------------------------------- Fri Jan 12 09:39:57 CET 2001 - cihlar@suse.cz - fixed to compile with roxe/pike [#4408] ------------------------------------------------------------------- Tue Dec 19 16:32:27 MET 2000 - rolf@suse.de - link with libssl ------------------------------------------------------------------- Tue Dec 19 15:07:57 MET 2000 - rolf@suse.de - added the asp2php package [BUG#4456] - roxen/pike still doesn´t work - require RPM group tag via apxs ------------------------------------------------------------------- Wed Nov 29 18:53:35 CET 2000 - ro@suse.de - changed neededforbuild to ------------------------------------------------------------------- Mon Nov 27 17:41:02 MET 2000 - rolf@suse.de - added Sablotron support [BUG#3891] - added curl support [BUG#3890] - added Flash support on i386 [BUG#3209] - also pack module files in /usr/lib/php/ - moved the exec dir to /usr/lib/php/bin - include pear binaries - added the following modules: sockets, shmop, exif, filepro, dbase readline, mcrypt, gettext ------------------------------------------------------------------- Wed Nov 15 18:29:49 CET 2000 - ro@suse.de - fixed neededforbuild gdlib -> gd gd-devel ------------------------------------------------------------------- Thu Nov 9 00:27:01 CET 2000 - ro@suse.de - prefer ndbm.h to db1/ndbm.h ------------------------------------------------------------------- Mon Nov 6 10:11:58 CET 2000 - ro@suse.de - added imap-devel to neededforbuild ------------------------------------------------------------------- Mon Nov 6 01:17:41 CET 2000 - ro@suse.de - fixed neededforbuild ------------------------------------------------------------------- Mon Oct 16 17:58:45 GMT 2000 - bk@suse.de - s390: --with-gd=yes -> --with-gd=shared(broken somehow with =yes) ------------------------------------------------------------------- Mon Oct 16 16:56:41 MEST 2000 - rolf@suse.de - update tp 4.0.3pl1 due to some security breaches - needed to drop db3 and dbm support, as these are incompatible - enable FTP support [BUG#3862] ------------------------------------------------------------------- Wed Sep 13 15:47:02 CEST 2000 - fober@suse.de - s390: suse_update_config, needs-not-forbuild adabas ------------------------------------------------------------------- Fri Jul 7 11:51:33 CEST 2000 - kukuk@suse.de - Fix Requires and need for build ------------------------------------------------------------------- Fri Jun 23 13:11:09 CEST 2000 - rolf@suse.de - added support for mcal and calendar functions [BUG#2925] ------------------------------------------------------------------- Mon Jun 19 00:01:12 CEST 2000 - ro@suse.de - fixed to compile with new postgres ------------------------------------------------------------------- Mon May 22 13:50:13 CEST 2000 - rolf@suse.de - update to 4.0.0 - --with-java is now broken ------------------------------------------------------------------- Fri May 12 13:49:15 CEST 2000 - rolf@suse.de - update to 4.0RC2 - a few more options are now functional ------------------------------------------------------------------- Thu Apr 13 11:12:26 CEST 2000 - ro@suse.de - added mm to neededforbuild ------------------------------------------------------------------- Thu Mar 30 14:43:10 MEST 2000 - rolf@suse.de - new version 4.0RC1 - many options now work properly ------------------------------------------------------------------- Wed Mar 1 18:14:36 MET 2000 - rolf@suse.de - zlib works again ------------------------------------------------------------------- Tue Feb 22 15:05:20 MET 2000 - rolf@suse.de - new version 4b4pl1 - now with --enable-thread-safety --with-gd=yes --with-ttf - imap support is now broken ------------------------------------------------------------------- Thu Dec 23 13:18:18 MET 1999 - rolf@suse.de - dynamic JDK path detection - some fixes in DAV, still doesn´t work - now also runs with IMAP ------------------------------------------------------------------- Thu Nov 25 12:18:31 MET 1999 - rolf@suse.de - initial package version 4.0b3