This is a general abstraction layer for several file-based databases.
As such, functionality is limited to a common subset of features
supported by modern databases such as Sleepycat Software's DB2. (This
is not to be confused with IBM's DB2 software, which is supported
through the ODBC functions.)
Authors:
--------
The PHP Group
See http://www.php.net/credits.php for more details
Provides
Requires
Copyright
Other uncritical OpenSource License
Signatures
internal MD5: 40b51da63d9a716af8c704b6d1725a66
GPG
Changelog
* Wed Jun 25 2008 - meissner@suse.de
- fixed build.
* Tue Jun 10 2008 - crrodriguez@suse.de
- update to PHP 5.2.6 [bnc #386632]
* Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin.
* Fixed integer overflow in printf() identified by Maksymilian Aciemowicz.
* Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh.
* Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
* Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser.
* Fixed bug #43606 (define missing depencies of the exif extension). (crrodriguez at suse dot de)
* Fixed bug #43498 (file_exists() on a proftpd server got SIZE not allowed in ASCII mode). (Ilia, crrodriguez at suse dot de)
* Fixed two possible crashes inside the posix extension.
* Fixed bug #44069 (Huge memory usage with concatenation using . instead of .=)
* Fixed bug #44141 (private parent constructor callable through static function).
* Fixed bug #43589 (a possible infinite loop in bz2_filter.c).
* Fixed bug #43450 (Memory leak on some functions with implicit object __toString() call).
* Fixed bug #43201 (Crash on using uninitialized vals and __get/__set).
* Fixed bug #42978 (mismatch between number of bound params and values causes a crash in pdo_pgsql).
* Fixed bug #42937 (__call() method not invoked when methods are called on parent from child class).
* Fixed bug #42736 (xmlrpc_server_call_method() crashes).
* Fixed bug #42369 (Implicit conversion to string leaks memory).
* Fixed bug #41562 (SimpleXML memory issue).
* Over 120 bug fixes.
* Mon Jan 14 2008 - crrodriguez@suse.de
- Argentina will implement new DST time [#350489]
- Venezuela Time Zone Update [#345548]
- clean update to version 5.2.5
- htmlentities/htmlspecialchars function problems with partial multibyte sequences [#341272]
- dl() should not accept files larger than MAXPATHLEN [#309407] (CVE-2007-4825)
- glob() function multiple vulnerabilities [#308072] (CVE-2007-4782)
- Timezone information outdated in PHP [#330728] [#345548]
- multiple Iconv functions denial of service (workaround for libc bug) [#308498]
- setlocale() denial of service [#308071]
- floating point exception inside wordwrap() [#307272] CVE-2007-3998
- fnmatch() denial of service [#308070] CVE-2007-4782
- Fixed size calculation in chunk_split() CVE-2007-2872
- Fixed several integer overflows inside the GD extension (CVE-2007-3996)
- Fixed money_format() not to accept multiple %i or %n tokens (CVE-2007-4658)
* Fri Jul 27 2007 - mmarek@suse.cz
- fixed MOPB-46-2007.patch
* Tue Jul 17 2007 - anosek@suse.cz
- fixed YOU honors Recommends, breaks php update [#291551]
(moved php-suhosin from Recommends to Suggests)
* Thu Jul 12 2007 - anosek@suse.cz
- fixed VUL-0: gd: more problems in XBM and GIF [#290001]
CVE-2007-3472.patch
CVE-2007-3473.patch
CVE-2007-3475.patch
CVE-2007-3476.patch
CVE-2007-3477.patch
CVE-2007-3478.patch
* Wed Jul 04 2007 - anosek@suse.cz
- fixed security issues:
PMOPB-46-2007: PHP ext/session Session Cookie Parameter Injection Vulnerability
[#285519] (MOPB-46-2007.patch)
VUL-0: php: bad IV for mcryt
[#285893] (CVE-2007-2727.patch)
VUL-0: php: bad IV for soap
[#285896] (CVE-2007-2728)
VUL-0: php: substr_count info leak
[#285898] (CVE-2007-2748)
* Mon Jun 11 2007 - mmarek@suse.cz
- limit nesting level of input variables with
max_input_nesting_level (fixes MOPB-03-2007)
[#250231] (CVE-2007-1285.patch)
- fixed open_basedir/safe_mode bypass inside realpath()
[#282730] (CVE-2007-3007.patch)
* Thu Jun 07 2007 - anosek@suse.cz
- fixed these security issues:
VUL-0: libgd: denial-of-service (CPU) while processing images
[#276525] (CVE-2007-2756.patch)
VUL-0: PHP chunk_split() integer overflow
[#280899] (CVE-2007-2872.patch)
- fixed php.ini: session.save_path should be set to "/var/lib/php5"
[#229200] (php5-config.patch)
* Wed May 23 2007 - anosek@suse.cz
- fixed these security issues:
VUL-0: php: possible super-global overwrite inside import_request_variables()
[#271249] (CVE-2007-1396.patch)
VUL-0: php: buffer overflow inside user_filter_factory_create()
[#271285] (CVE-2007-2511.patch)
VUL-0: php: remotely trigger-able buffer overflow inside bundled libxmlrpc
[#271294] (CVE-2007-1864.patch)
VUL-0: php: CRLF injection inside ftp_putcmd()
[#271296] (CVE-2007-2509.patch)
VUL-0: php: remotely trigger-able buffer overflow inside make_http_soap_request()
[#271297] (CVE-2007-2510.patch)
VUL-0: php: MOPB-41-2007:PHP 5 sqlite_udf_decode_binary() Buffer Overflow Vulnerability
[#259749] (CVE-2007-0906-sqlite.patch)
* Thu May 03 2007 - mmarek@suse.cz
- improve CVE-2007-0906-session.patch [#251185]
* Wed May 02 2007 - anosek@suse.cz
- fixed these security issues:
VUL-0: php: MOPB-05-2007:PHP unserialize() 64 bit Array Creation Denial of Service Vulnerability
[#251724] (CVE-2007-0988.patch)
VUL-0: php-gd integer integer overflow with invalid wbmp images
[#258295] (CVE-2007-1001.patch)
VUL-0: MOPB-14-2007:PHP substr_compare() Information Leak
[#252145] (CVE-2007-1375.patch)
VUL-0: php5: MOPB-15-2007: shmop problem
[#255026] (CVE-2007-1376.patch)
VUL-0: php5: MOPB-19-2007: PHP ext/filter Space Trimming Buffer Underflow Vulnerability
[#253478] (CVE-2007-1453.patch)
VUL-0: php5: MOPB-18-2007: PHP ext/filter HTML Tag Stripping Bypass Vulnerability
[#253476] (CVE-2007-1454.patch)
VUL-0: php5: MOPB-20-2007: zip:// basedir/safemode evasion
[#256326] (CVE-2007-1460.patch)
VUL-0: php5: MOPB-21-2007: bzip2:// basedir/safemode evasion
[#256327] (CVE-2007-1461.patch)
VUL-0: php: MOPB-24-2007:PHP array_user_key_compare() Double DTOR Vulnerability
[#256330] (CVE-2007-1484.patch)
VUL-0: php: MOPB-22-2007: session_regenerate_id() Double Free Vulnerability
[#254867] (CVE-2007-1521.patch)
VUL-0: php5: MOPB-23-2007: Rejected Session Identifier Double Free Vulnerability
[#254869] (CVE-2007-1521.patch)
VUL-0: php5: MOPB-26-2007: mb_parse_str() register_globals Activation Vulnerability
[#255741] (CVE-2007-1583.patch)
VUL-0: php: MOPB-34-2007:PHP mail() Header Injection Through Subject and To Parameters
[#257824] (CVE-2007-1718.patch)
VUL-0: php: MOPB-42-2007:PHP 5 php_stream_filter_create() Off By One Vulnerablity
[#259754] (CVE-2007-1824.patch)
VUL-0: php: MOPB-44-2007:PHP 5.2.0 Memory Manager Signed Comparision Vulnerability
[#259756] (CVE-2007-1889.patch)
VUL-0: php: PMOPB-45-2007:PHP ext/filter Email Validation Vulnerability
[#263340] (CVE-2007-1900.patch)
VUL-0: php: MOPB-30-2007:PHP _SESSION unset() Vulnerability
[#257401] (CVE-2007-1700.patch)
VUL-0: php: MOPB-33-2007:PHP mail() Message ASCIIZ Byte Truncation
[#257823] (MOPB-33-2007.patch)
- fixed --enable-gd-jis-conv breaks non latin chars in php5-gd [#236680]
(removed this configure option in spec file)
* Tue Feb 27 2007 - anosek@suse.cz
- fixed VUL-0: php5: official release 5.2.1 fixes a lot of security
vulnerabilities [#244034]
Patches:
CVE-2007-0905.patch
CVE-2007-0906-session.patch
CVE-2007-0906-zip.patch
CVE-2007-0906-imap.patch
CVE-2007-0906-str_replace.patch
CVE-2007-0907.patch
CVE-2007-0908.patch
CVE-2007-0909-print.patch
CVE-2007-0909-odbc.patch
CVE-2007-0910.patch
emalloc-overflows.patch
* Tue Dec 19 2006 - anosek@suse.cz
- fixed VUL-0: php session.save_path open_basedir bypass
[#227569] (save_path-secfix.patch)
* Wed Nov 08 2006 - anosek@suse.cz
- created symlinks /usr/bin/php and /usr/bin/pear [#216166]
* Tue Nov 07 2006 - mmarek@suse.cz
- fixed implicit function decls in suhosin patch (keep the original
patch intact and put fixes into separate patch)
* Mon Nov 06 2006 - mmarek@suse.cz
- updated to 5.2.0 final
- merged changes from buildservice (by soporte@onfocus.cl):
- updated suhosin to 0.9.10
- added suhosin patch
- build with system PCRE if suse_release > 10.1 only [#215610]
- suhosin extension does not require PDO
- suhosin added to the reccommended list
- php5-pspell to require at least aspell-en otherwise is useless
[#217272]
* Thu Oct 26 2006 - anosek@suse.cz
- php5-sqlite now uses our sqlite and sqlite2 packages to build
and not bundled ones [#201440]
- updated suhosin to 0.9.9
* Fri Oct 20 2006 - nadvornik@suse.cz
- update to 5.2.0RC6
* Fri Oct 20 2006 - postadal@suse.cz
- reset right path in extension_dir (php5-php-config.patch)
* Mon Oct 09 2006 - postadal@suse.cz
- update to version 5.2.0RC5
- added suhosin extension (the hardened php replacement) [#210886]
* Sun Oct 08 2006 - postadal@suse.cz
- update to version 5.2.0RC4
* added DSA key generation support to openssl_pkey_new()
* updated PCRE to version 6.7
* increased default memory limit to 16 megabytes to accommodate for a more
accurate memory utilization measurement
* added support for httpOnly flag for session extension and cookie setting
functions
* added version specific registry keys to allow different configurations for
different php version
* added "PHPINIDir" Apache directive to apache and apache_hooks SAPIs
* added an optional boolean parameter to memory_get_usage() and
memory_get_peak_usage() to get memory size allocated by emalloc() or real
size of memory allocated from system
* moved extensions to PECL (filepro and hwapi)
* improved SNMP, OpenSSL extension
* improved the Zend memory manager, FastCGI SAPI, CURL, PCRE, PDO, SPL,
xmlReader
- merged changes from openSUSE build service
* build without --enable-sigchild [#206533, php#28294, php#38342]
* build CLI with libedit support (really-with-libedit.patch)
* tweaked the default config a bit, to make it more secure
* removed ini entries related to extensions we don't ship
* t1lib is not currently needed for build, we need t1lib5 to do
something useful
* removeed --enable-ucd-snmp-hack (needed for ucd-snmp, but we use net-snmp)
* pdo_odbc provided by php-odbc
* php-suse-addons :
o PHP5 is unlikely to parse php3 code, remove the file association
o corrected apache directive is AddHandler not AddType
* dropped extensions:
o mysql, mysqli and pdo_mysql provided by php-mysql (reduce package count)
o php-pdo_sqlite provided by php-sqlite
o php-pdo_pgsql provided by php-pgsql
o filepro dropped by upstream
* new extension:
o filter (kept static and cannot be unloaded, due security reasons)
o json (added as Recommended)
o zip (it uses a bundled library)
- fixed gcc issues (gcc.patch)
- droped obsoleted patches: include_path.patch, bug-37720.patch,
bug-37306.patch, cgi_bugs.patch, bug-37587.patch, gd-fixes.patch,
bug-37416.patch, main_bugs.patch, soap.patch, standard.patch,
mbstring_bugs.patch, ze2_bugs.patch, xsl_bugs.patch, curl.patch
* Wed Aug 16 2006 - postadal@suse.cz
- fixed build with X11R7
* Wed Jul 26 2006 - postadal@suse.cz
- updated to version 5.1.4
* FastCGI interface was completely reimplemented
* multitude of improvements to the SPL, SimpleXML, GD, CURL and
Reflection extensions
* support for many additional date formats added to the strtotime()
* a performance improvements added to the engine and core extensions
* added imap_savebody() that allows message body to be written to a file
* added lchown() and lchgrp() to change user/group ownership of symlinks
* upgraded bundled PCRE library to version 6.6
- merged changes from openSUSE build service
* removed unneeded sablot-devel,sqlite-devel,pcre-devel,fam-devel
and libmcal from BuildRequires
* added php-ctype,php-dom,php-iconv,php-pdo,php-pdo_sqlite,php-sqlite,
php-tokenizer,php-xmlreader,php-xmlwriter to Recommends
* added php-mbstring php-gd php-pear php-gettext php-mysqli to Suggests
* added support for optional readline(libedit) for CLI
(disabled by default)
* patches for zendengine (ze2_bugs.patch), xsl (xsl_bugs.patch),
curl (curl.patch) and mbstring bugs (mbstring_bugs.patch),
big soap patch (soap.patch)
* removed obsoleted patches
* fixed Safe Mode Bypass [#188243] (standard.patch)
* upstream patches
[php#37306, php#37416, php#37587, php#37720]
[php#37576, php#37496, php#37341, php#37313, php#37256] (cgi_bugs.patch)
[php#37346, php#37360] (gd-fixes.patch)
* fixed build inconsistences, added php-hash module [#173023]
* added pdo_odbc.so to php-odbc module [#190614]
* build without explicit safe_mode and magic_quotes (unneeded)
* removed useless GD --with-ttf configure option, only suitable
for freetype 1
* Fri Jun 09 2006 - poeml@suse.de
- fix BuildRequires to build on SUSE Linux 10.1, 10.0, 9.3
- use the -fstack-protector compile switch only on 10.0 and newer
* Thu May 11 2006 - postadal@suse.cz
- fixed memory leak in imagecreatefromgif()
[#173451] (phpbug-37346.patch)
- fixed possibility of a wrong element being deleted by zend_hash_del()
[#175976] (zend_hash_del.patch)
- fixed substr_compare() when offset equals string length
[#169038, php#37394] (CVE-2006-1991, phpbug-37394.patch)
- fixed _emalloc() on 64bit archs [#169038] (emalloc.patch)
* Wed May 03 2006 - postadal@suse.cz
- fixed completely broken SplTempFileObject [php#37257]
(phpbug-37257.patch)
- fixed problem with with $_POST array [php#37276]
(phpbug-37276.patch)
* Wed Apr 12 2006 - postadal@suse.cz
- fixed security problem in copy() and tempname()
[#164845] (CVE-2006-1494-1608.patch)
- fixed phpinfo() XSS [#164804] (CVE-2006-0996.patch)
- fixed memory leak in html_entity_decode [#161718] (CVE-2006-1490.patch)
- fixed multiple imap safemode and open_basedir restriction bypass
[#154317] (CVE-2006-1017.patch)
* Mon Mar 27 2006 - postadal@suse.cz
- fixed buffer overrun in ftp_fopen_wrapper (ftp_fopen_wrapper.patch)
* Tue Mar 14 2006 - postadal@suse.cz
- added updating APACHE_MODULES in /etc/sysconfig/apache2 [#155333]
- added forgotten regenerated sources for (parse_date.patch and
phpbug-36459.patch)
- fixed upstream bugs:
[php#36420] (phpbug-36420)
- segfault when access result->num_rows after calling result->close()
(mysqli-64bit.patch)
- fixed a 64-bit problem
* Fri Mar 03 2006 - postadal@suse.cz
- fixed a possible null injection in mbstring (mbstring-null_injection.patch)
- fixed upstream bugs:
[mysql#16144] (phpbug-16144)
- fix for MySQL 5.1 (mysql_stmt_attr_get)
[php#36656] (phpbug-36656)
- http_build_query generates invalid URIs due to use of square brackets
[php#36396,36510,36510,36638] (parse_date.patch)
- fixed few bugs in date/time parsing
(string.patch)
- added overflow checks to wordwrap() function
[php#36459] (phpbug-36459)
- incorrect adding PHPSESSID to links, which contains \r\n
* Fri Mar 03 2006 - postadal@suse.cz
- added php5-openssl to php5-ftp Requires [#154273]
- added safe_mode num of parameter check for mb_send_mail [#154315]
* Fri Feb 10 2006 - postadal@suse.cz
- fixed upstream bugs:
[php#36306] (phpbug-36306.patch)
- fixed crc32() for 64bit arch
[php#36351] (phpbug-36351.patch)
- parse_url() did not parse numeric paths properly
(spl_directory.patch)
[php#35998]
- getPathname() method always returns unix style filenames
[php#36134]
- DirectoryIterator constructor failed to detect empty directory names
[php#36258]
- SplFileObject::getPath() may lead to segfault
[php#36287]
[php#36295]
[php#36359]
- splFileObject::fwrite() doesn't write when no data length specified
(session2.patch)
- fixed logic, if the client already sent us the cookie, we don't
need to send it again
(soap.patch) [php#36226, php#36083, php#36283]
(math.patch, simplexml.patch, mbstring.patch, zend_operators.patch, xp_socket.patch)
- initialize variables
* Sat Feb 04 2006 - postadal@suse.cz
- removed gd-devel from BuildRequires (better used bundled modified gd lib)
- fixed upstream bugs:
[php#36268] (phpbug-36268.patch)
[php#36148] (phpbug-36148.patch)
[php#36185] (phpbug-36185.patch)
[php#36208] (phpbug-36208.patch)
[php#36158] (phpbug-36158.patch)
* Tue Jan 31 2006 - postadal@suse.cz
- reverted default value for short_open_tag to On [#145895]
* Mon Jan 30 2006 - postadal@suse.cz
- fixed upstream bugs:
[php#36176] (phpbug-36176.patch)
(pdo.patch)
- properly rewrite queries where a bound parameter appears more then once
* Mon Jan 30 2006 - poeml@suse.de
- removed libapr-util1-devel from BuildRequires (apache2-devel does
require it)
* Wed Jan 25 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
* Tue Jan 24 2006 - postadal@suse.cz
- added php5-pdo to requires for pdo_mysql, pdo_pgsql, pdo_sqlite and
sqlite and php5-dom to requires for xmlreader and xsl [#144360]
- revert name of extensions (appended suffix .so) [#143552]
- removed _FILE_OFFSET_BITS=64 and _LARGEFILE_SOURCE from CFLAGS
(doesn't work with apache2 configuration, which uses libapr with
native support for large files) [#144362]
- added -fstack-protector
* Mon Jan 23 2006 - postadal@suse.cz
- added forgoted extension xmlwrite
- gave back simple dot to include_path [#129682]
- fixed upstream bugs:
[php#36071] (phpbug-36011.patch)
[php#36016] (phpbug-36016.patch)
- realpath cache memleaks
[php#36071] (phpbug-36071.patch)
- Zend engine crash related with 'clone'
(zend-fix.patch)
- fix issues with static method invocation
- ce_child is properly initialized
[php#36046] (phpbug-36046.patch)
- parse_ini_file() miscounts lines in multi-line values
[php#36037] (phpbug-36037.patch)
- heredoc adds extra line number
[php#36006] (phpbug-36006.patch)
- problem with $this in __destruct()
(gd.patch)
- improve open_basedir checks in GD
[php#36007] (phpbug-36007.patch)
- added new mysqli constants for BIT and NEW_DECIMAL field types (for mysql 5)
(session.patch)
- check for special characters in the session name
(xmlreader.patch)
- 64bit fixes
* Thu Jan 19 2006 - postadal@suse.cz
- disable discard-path for fastcgi binary [#143564]
* Thu Jan 19 2006 - postadal@suse.cz
- updated to version 5.1.2
- removed obsoleted patches: CAN-2005-1042_1043.patch, CVE-2005-3353.patch,
openssl.patch, soap.patch, pdo.patch, simplexml.patch, curl.patch,
ze.patch
- added pdo, pdo_mysql, pdo_pgsql, pdo_sqlite extensions
* Tue Jan 17 2006 - mrueckert@suse.de
- remove apache2-mod_fastcgi from nfb it seems to be unused
* Sat Jan 14 2006 - kukuk@suse.de
- Add gmp-devel to nfb
* Tue Jan 10 2006 - ro@suse.de
- avoid rpath /usr/ssl/lib in curl ext
* Wed Jan 04 2006 - postadal@suse.cz
- updated to version 5.1.1 [#135635, #139297]
- removed obsoleted patches: php5-with_lib.patch, soap.patch, posix.patch,
gcc4.patch, save_path-segfault.patch, basedir-fix.patch,
RPC-CAN-2005-1921.patch, RPC-CAN-2005-2498.patch, pcre-overflow-bug-106209.patch,
CVE-2005-3388.patch, CVE-2005-3389.patch, CVE-2005-3390.patch,
mod_rewrite-fix.patch, mbstring.patch, CVE-2005-3391.patch, CVE-2005-3392.patch,
errordocument-fix.patch
- removed sqlite2 from build dependencies and added libtidy libtidy-devel
- removed dbx, fam, yp, dio extensions (upstream deprecated)
- added dba, tidy and xmlreader extensions
- renamed libphp5.so -> mod_php5.so (need it for yast module)
- added upstream patches:
openssl.patch [php#35381]
soap.patch [php#35399]
pdo.patch [php#35431, php#35430]
simplexml.patch [php#35028]
curl.patch [php#35908]
ze.patch [php#35393]
- updated pear sources install-pear-nozlib.phar
- package CLI instad CGI binaries [#137443]
- reverted last changes (problem caused curl-devel package)
* Thu Dec 15 2005 - mmarek@suse.cz
- provide php-pear in php5-pear
- add /usr/share/php5/PEAR to include path
* Wed Dec 07 2005 - postadal@suse.cz
- fixed [php#33987] bug (php script as ErrorDocument causes crash
in Apache 2).
* Mon Dec 05 2005 - postadal@suse.cz
- fixed unexpected header can be injected to mb_send_mail()
[#135673] (mbstring.patch)
- added safe_mode checks for image* functions and cURL
[#135673] (CVE-2005-3391.patch)
- fixed possible INI setting leak via virtual() in Apache 2 sapi
[#135673] (CVE-2005-3392.patch)
* Tue Nov 29 2005 - mmarek@suse.cz
- build with flex-old until upstream fixes build with flex-2.5.31
* Mon Nov 28 2005 - postadal@suse.cz
- fixed CVE-2005-3388.patch [#131578]
* Fri Nov 25 2005 - postadal@suse.cz
- fixed segfaulting with mod_rewrite [#135480] (mod_rewrite-fix.patch)
* Tue Nov 22 2005 - uli@suse.de
- define ARM FP(A) endianness correctly
* Tue Nov 15 2005 - mmarek@suse.cz
- fixed infinite recursion in exif code
[#132684] (CVE-2005-3353.patch)
- fixed XSS in phpinfo()
[#131578] (CVE-2005-3388.patch)
- fixed register_globals actvation in parse_str()
[#131579] (CVE-2005-3389.patch)
- fixed possible $GLOBALS overwrite
[#131580] (CVE-2005-3390.patch)
- fixed handling basedirs that end with a /
[#118976] (basedir-fix.patch)
- fixed segfaulting when save_path is set and safe_mode is On
[#130227] (save_path-segfault.patch)
* Tue Oct 25 2005 - rhafer@suse.de
- added LDAP_DEPRECATED to CFLAGS to build correctly with
OpenLDAP 2.3
* Fri Oct 14 2005 - postadal@suse.cz
- fixed recode extension [#120087] (recode-fix.patch)
- enabled _GNU_SOURCE for compiling
* Wed Oct 12 2005 - postadal@suse.cz
- fixed implicit declaration (gcc4.patch)
* Mon Oct 10 2005 - postadal@suse.cz
- fixed uninitialized variables (gcc4.patch)
* Thu Sep 01 2005 - postadal@suse.cz
- added security patch pcre-overflow-bug-106209.patch for internal
libpcre and statically linked against it [#114157]
- added include_path = "/usr/share/php" to php.ini [#114406]
* Thu Aug 25 2005 - postadal@suse.cz
- linked with system pcre libs (pcre-fix.patch) [#112645]
* Thu Aug 18 2005 - postadal@suse.cz
- fixed XML RPC command injection
(#94579, CAN-2005-192 and #104403, CAN-2005-2498)
* Tue Aug 09 2005 - mls@suse.de
- removed compat from neededforbuild
* Tue Aug 02 2005 - tcrhak@suse.cz
- dropped php4-dba and php4-readline due to license problems (bug #91489)
- compile without -DPHP_AP_DEBUG (bug #95502)
- fixed php-config to return a correct includes path (patch php5-php-config)
- fixed a sigsegv in the soap extension (bug #99268, patch php5-soap)
* Mon Apr 25 2005 - mcihar@suse.cz
- added pspell subpackages
* Tue Apr 19 2005 - mcihar@suse.de
- update tarball to rereleased one which contains missing file
* Sat Apr 09 2005 - aj@suse.de
- Compile with GCC4.
* Mon Apr 04 2005 - mcihar@suse.cz
- update to 5.0.4
- drop patches merged upstream
- add RunTests.php missing from upstream tarball
* Thu Mar 17 2005 - mcihar@suse.cz
- fix path to configuration files
* Mon Mar 14 2005 - mcihar@suse.cz
- do not build CLI with all GCI stuff
- fix build when extensions are built as *.so instead of just *
- use different php.ini for each SAPI, this is needed for giving CLI more space to live (bug #72311)
* Wed Mar 09 2005 - mcihar@suse.cz
- provide compiled in modules
* Mon Mar 07 2005 - mcihar@suse.cz
- fix path to php5 binary in pear5 script (bug #71044)
* Thu Mar 03 2005 - mcihar@suse.de
- realy enable xml module
* Tue Mar 01 2005 - mcihar@suse.cz
- provide only mod_php_any in apache module (bug #66729)
* Mon Feb 21 2005 - mcihar@suse.cz
- fix some compile time warnings
* Thu Feb 10 2005 - mcihar@suse.cz
- add zlib dependency to pear (bug #50697)
* Wed Feb 09 2005 - mcihar@suse.cz
- use correct path to apache2_MMN
- comment some patches
- update README.SUSE
- drop unused sce_install
- each extension now provides also unversioned symbol, to allow not to depend
on specific php version
- drop MIME type change as both php modules don't work together anyway
* Tue Feb 08 2005 - mcihar@suse.cz
- drop actually unused patches
- fix build on ia64 (endians patch, stolen from cvs) (still doesn't build due to missing current MySQL)
- fix build on lib64 machines
* Mon Feb 07 2005 - mcihar@suse.cz
- initial packaging of php5
- suse addons are now in tarball instead of patch
- reorganize patches
- simplified build system
* Wed Jan 26 2005 - mcihar@suse.cz
- update asp2php
- drop lynx from buildrequires
* Tue Jan 11 2005 - mcihar@suse.cz
- fix broken int unserializing on 64-bit (bug #49617)
* Fri Dec 17 2004 - poeml@suse.de
- update to 4.3.10
- for apache module, pick up CFLAGS from apxs [#49356]
- drop obsolete php-4.3.9RC3.diff
- update lib64.diff
- fix return type in php_sprintf()
- don't apply php-4.3.8-snmp.diff
- do not clean buildroot in buildsystem to facilitate debugging
- fix PreRequires (sce_install_path) [#46664]
* Thu Nov 18 2004 - ro@suse.de
- use kerberos-devel-packages
* Thu Nov 04 2004 - ro@suse.de
- added rpm-devel,popt-devel,tcpd,tcpd-devel to neededforbuild (for snmp)
* Tue Oct 05 2004 - pmladek@suse.cz
- added /usr/lib/php/sce_install to prerequires of php4-swf; it is in the
package php4-32bit on x86_64 [#46475]
* Thu Sep 23 2004 - tcrhak@suse.cz
- security fix for array parsing (bug #45710) and
some other fixes from php-4.3.9RC3 (patch 4.3.9RC3)
- removed the #%endif causing syntax error during /usr/lib/php/sce_install (bug #45589)
- /var/lib/php is now owned by wwwrun (bug #45360)
- reverted dlopen flag back to RTLD_GLOBAL (bugs #39197 and #41866),
php4-recode now conflicts with php4-imap, php4-mysql and apache2-mod_auth_mysql,
mod_php4-core does not require php4-recode any more
- dropped php4-dba and php4-readline due to license poblems (bug #45654)
* Fri Sep 17 2004 - tcrhak@suse.cz
- added tomcat5 to the Requires of php4-servlet
* Wed Sep 15 2004 - tcrhak@suse.cz
- removed the build dependency on tomcat5
- added tomcat5 directories to filelist
- enabled iconv for the other archs
* Tue Sep 14 2004 - skh@suse.de
- use new JPackage packages tomcat5 and servletapi5 to build
* Fri Sep 10 2004 - tcrhak@suse.cz
- do not source setJava
* Fri Sep 03 2004 - tcrhak@suse.cz
- update to 4.3.8
- added module dbx (bug #43972)
- use system gd library, includes "GIF Create Support" (bug #44001)
- disallow persistant connections by default (bug #34849)
- use /var/lib/php for php sessions by default (bug #36886)
- php modules need to prereq sce_install (bug #43994)
* Thu Aug 19 2004 - aj@suse.de
- Remove broken cat commands from post section:
* no requires for them
* no need to execute them
* Mon Aug 16 2004 - ro@suse.de
- fix build with updated libcurl: use current instead of
deprecated type for curl_httppost
* Tue Jun 08 2004 - ro@suse.de
- removed mod_dav from neededforbuild
- removed mod_php4 package (mod_php4-core is probably obsolete too)
* Tue May 04 2004 - tcrhak@suse.cz
- build with postfix instead of sendmail
* Fri Apr 30 2004 - ro@suse.de
- remove apache1 related parts
* Fri Apr 23 2004 - tcrhak@suse.cz
- added sendmail to neededforbuild, so that mail() is defined (bug #39153)
- dlopen php modules with RTLD_LOCAL (fixes bug #39197)
* Wed Mar 31 2004 - tcrhak@suse.cz
- added php module recode (bug #36573)
- fixed requires of mod_php4-apache2 (bug #37041)
* Tue Mar 23 2004 - ro@suse.de
- build-fix for jakarta-tomcat from skh
- removed apache-contrib from neededforbuild (dropped)
* Tue Mar 16 2004 - tcrhak@suse.cz
- removed --enable-versioning (fixes bug #35716)
- do not build servlet for ia64, ppc and ppc64
* Fri Mar 05 2004 - tcrhak@suse.cz
- modularized
- updated to version 4.3.4
- added fastcgi
- added PHP4 module sockets
- added PHP4 module mime_magic (bug #34134)
- php binary is now CLI, not CGI (bug #34152)
* Wed Feb 18 2004 - ro@suse.de
- use jakarta-tomcat4
* Mon Feb 16 2004 - ro@suse.de
- use unixODBC instead of iodbc
* Wed Feb 11 2004 - poeml@suse.de
- fix symbol exports for apache2
- add -fno-strict-aliasing to CFLAGS, due to code where
dereferencing type-punned pointers would break strict aliasing
- fix test load of apache2 module (the LoadModule statement went
into the wrong place)
* Sun Feb 08 2004 - schwab@suse.de
- Fix symbol exports.
- Also look for BEAJava2 directory.
- Fix quoting.
* Thu Jan 22 2004 - ro@suse.de
- fix build with current automake
* Fri Jan 16 2004 - kukuk@suse.de
- Add pam-devel to neededforbuild
* Tue Jan 13 2004 - ro@suse.de
- remove subpackage aolserver
- fix build with current freetype
* Mon Nov 10 2003 - ro@suse.de
- use net-snmp instead of ucdsnmp
* Thu Oct 30 2003 - tcrhak@suse.cz
- ad previous fix: create the directory
* Wed Oct 29 2003 - tcrhak@suse.cz
- added %{_libdir}/php/bin to file list of mod_php4-core
* Mon Sep 22 2003 - mls@suse.de
- remove 'Obsoletes: mod_php' from mod_php4, otherwise rpmv4
makes mod_php4 conflict with apache2-mod_php4
* Tue Sep 16 2003 - tcrhak@suse.cz
- update to version 4.3.3
* Mon Sep 01 2003 - tcrhak@suse.cz
- expand rpm macros in /etc/httpd/modules/mod_php4 [bug #29664]
* Thu Aug 21 2003 - tcrhak@suse.cz
- update to version 4.3.2
- use BuildRoot
- added activation metadata to sysconfig [bug #28827]
* Mon Aug 18 2003 - poeml@suse.de
- add README.{SuSE,UnitedLinux} [#25888]
- don't explicitely strip binary objects, because RPM does it
anyway, and it might keep the stripped debugging info somewhere.
- don't try to install a file in /etc/apache2/modules/ (it's gone)
* Mon Jun 30 2003 - ro@suse.de
- always use libtool to compile objects
- added directories to filelist
* Thu Apr 10 2003 - tcrhak@suse.cz
- use 'head -n 1' instead of 'head -1'
- added mhash support
* Wed Mar 26 2003 - tcrhak@suse.cz
- fixed path in script phpize
- fixed ext/mysql/config.m4
* Thu Mar 13 2003 - tcrhak@suse.cz
- fixed order of Type and Define in sysconfig metadata
- readded subpackage servlet (patch servlet)
- reenabled support for swf
- install swf fonts, use proper SWFFONTPATH
(bug #18057, patch swf)
* Tue Mar 04 2003 - poeml@suse.de
- the apache2 module requires the apache2-prefork MPM
* Thu Feb 20 2003 - tcrhak@suse.cz
- security update to version 4.3.1 - fixes a CGI vulnerability
- added sysconfig metadata [bug #22604]
* Fri Feb 14 2003 - tcrhak@suse.cz
- added php3, php4 to DirectoryIndex [bug #22066]
* Fri Feb 14 2003 - ro@suse.de
- really disable (empty) subpackage servlet
* Wed Feb 12 2003 - poeml@suse.de
- rename subpackage mod_php4_2 to apache2-mod_php4
* Tue Feb 11 2003 - poeml@suse.de
- call the new /usr/share/apache2/get_module_list script to
configure apache2, so the test can be passed
* Wed Jan 15 2003 - ro@suse.de
- use sasl2
* Fri Jan 10 2003 - poeml@suse.de
- don't built -servlet for now, needs work
- swf.h has vanished from ./dist/include/, and I can't find another
one --> disabling swf support
* Thu Jan 09 2003 - poeml@suse.de
- update to 4.3.0
- GD library is now bundled with the distribution and it is
recommended to always use the bundled version
- vpopmail and cybermut extensions are moved to PECL
- several deprecated extensions (aspell, ccvs, cybercash, icap)
and SAPIs (fastcgi, fhttpd) are removed
- speed improvements in a variety of string functions
- Apache2 filter is improved, but is still considered
experimental (use with PHP in prefork and not worker (thread)
model since many extensions based on external libraries are not
thread safe)
- various security fixes (imap, mysql, mcrypt, file upload, gd, etc)
- new SAPI for embedding PHP in other applications (experimental)
- much better test suite
- significant improvements in dba, gd, pcntl, sybase, and xslt
extensions
- debug_backtrace() should help with debugging
- error messages now contain URLs linking to pages describing the
error or function in question
- Zend Engine has some fixes and minor performance enhancements
- and TONS of other fixes, updates, new functions, etc
- build apache2 module
- QtDOM support is now in qt3, and therefore we need to link
against libqt-mt
- merge the lib64 patch, hope it's complete
- gd lib is now bundled, and preferred for building
- adjust the Provides of the -core package
* Thu Nov 21 2002 - ro@suse.de
- make it build with current automake
* Wed Oct 16 2002 - tcrhak@suse.cz
- added support for readline
- added support for iconv and mbstrings [bugs #19861 and #19862]
* Fri Sep 27 2002 - tcrhak@suse.cz
- added type .php3 to apache mod_php4.conf
* Wed Sep 18 2002 - ro@suse.de
- removed bogus self-provides
* Wed Sep 04 2002 - tcrhak@suse.cz
- fixed to build on 64 bit archs
* Fri Aug 23 2002 - tcrhak@suse.cz
- fixed to build on non-i386 archs
- added dynamic extensions to the file list of subpackage core
* Tue Aug 20 2002 - tcrhak@suse.cz
- added PreReq
* Tue Aug 13 2002 - kukuk@suse.de
- Remove unused qt2 from neededforbuild
* Wed Aug 07 2002 - uli@suse.de
- fixed to build on lib64 archs (still broken on nearly all archs
due to other problems)
* Mon Aug 05 2002 - ro@suse.de
- use "-follow" when searching for jni.h
* Sun Jul 28 2002 - kukuk@suse.de
- remove unused gdb from neededforbuild
* Sat Jul 27 2002 - adrian@suse.de
- fix neededforbuild
* Fri Jul 26 2002 - kukuk@suse.de
- Add imap-lib to neededforbuild
* Tue Jul 23 2002 - tcrhak@suse.cz
- update to version 4.2.2
- update of asp2php to version 0.76.12
- detect the module magic number if provided by apache, indicating
API changes, and add an RPM Require on it
- add compiled extensions (currently gd.so, as it is build shared
by a previous change by bk@suse.de) to php.ini and filelist
* Fri Jul 05 2002 - kukuk@suse.de
- Use %ix86 macro
* Tue May 28 2002 - ro@suse.de
- replaced /opt/jakarta with /opt/jakarta/tomcat
* Mon May 27 2002 - ro@suse.de
- first try for lib64
* Mon May 27 2002 - bk@suse.de
- use shared libgd on all archs
* Sat Mar 23 2002 - ro@suse.de
- removed unixODBC stuff, was never used (iodbc is used)
* Fri Mar 15 2002 - tcrhak@suse.cz
- added %{_datadir}/lib/php and extension dir to devel filelist
* Mon Mar 04 2002 - okir@suse.de
- security fix
* Fri Feb 22 2002 - tcrhak@suse.cz
- Killed %{release} from "Requires" tags.
* Fri Feb 01 2002 - ro@suse.de
- changed neededforbuild <libpng> to <libpng-devel-packages>
* Mon Jan 28 2002 - ro@suse.de
- added des to neededforbuild
* Mon Jan 28 2002 - ro@suse.de
- added heimdal stuff to build
* Wed Jan 23 2002 - ro@suse.de
- try to build with db-devel in neededforbuild
* Thu Jan 17 2002 - ro@suse.de
- adapted for /etc/sysconfig/apache
* Thu Dec 20 2001 - tcrhak@suse.cz
- update to 4.1.0
- no mm support for aol and servlet (mm is not ZTS in 4.1 yet)
- patched acinclude.m4 to find the very dir for mysql libraries
- added `php-config --extension-dir` to core files
* Mon Dec 10 2001 - tcrhak@suse.cz
- fixed extension section
* Thu Dec 06 2001 - tcrhak@suse.cz
- added section [extension section] to php.ini
- fixed options given to configure
* Tue Dec 04 2001 - tcrhak@suse.cz
- fixed configure.in and config.m4's for autoconf 2.52
- added libtoolize, autoconf, autoheader
- used setJava to find JAVA_HOME
- TTF - bug 9523
- gd - bug 12226
- changed the order in which subpackages (for Servers) are built,
- so that the devel package corresponds to core
- (=> experimental-zts disabled)
- moved phpize to the devel package (fixed for autoconf 2.52)
- added files needed by phpize to the devel package
* Mon Dec 03 2001 - ro@suse.de
- changed servlet dir for configure with jakarta
* Mon Dec 03 2001 - ro@suse.de
- fixed neededforbuild <jakarta> to <jakarta-tomcat>
* Tue Nov 20 2001 - rolf@suse.de
- changes to make IA64 work
- exclude subpackages AOL and Servlet from AXP
* Mon Nov 19 2001 - ro@suse.de
- fix to find java
* Wed Nov 14 2001 - rolf@suse.de
- new subpackage -devel with include files
* Mon Nov 12 2001 - ro@suse.de
- hack for libxml2 include location
* Fri Oct 26 2001 - ro@suse.de
- use qt2 for qtdom (but aparently that is not built anyway)
* Thu Oct 25 2001 - ro@suse.de
- try neededforbuild alias apache-devel-packages
* Tue Sep 11 2001 - ro@suse.de
- remove roxen subpackage
roxen is not in the distribution currently
* Wed Aug 22 2001 - ro@suse.de
- removed pdflib from neededforbuild (license problems)
* Tue Aug 14 2001 - ro@suse.de
- pear: changed header to look for php in "bindir" not "prefix/bin"
to fix requires
* Mon Aug 13 2001 - kukuk@suse.de
- Don't conflict with packages we are providing
* Thu Aug 09 2001 - kukuk@suse.de
- Fix search for installed java directory
* Tue Jul 24 2001 - rolf@suse.de
- new subpackage mod_php4-aolserver for use of PHP4 with AOL server
- disable-debug so Zend optimizer can work
* Thu Jul 05 2001 - rolf@suse.de
- update to php 4.0.6
- apply memlimit patch
- new subpackage mod_php4-servlet for use of PHP4 as JAVA servlet
with tomcat
- new options: --with-gmp, --with-dom, mbstring
* Mon Jun 25 2001 - rolf@suse.de
- fixed bug with pdflib which also fixes [BUG#8246]
* Tue Jun 19 2001 - rolf@suse.de
- new version 4.0.5
- disable pgsql for roxen, as it is broken
- mysql bug fixed in this release [BUG#6839]
- move stuff to /usr/share/php [BUG#8352]
- now Provides: mod_php as well [BUG#8911]
* Sat May 12 2001 - schwab@suse.de
- Use new readline interface.
* Tue May 08 2001 - mfabian@suse.de
- bzip2 sources
* Tue May 01 2001 - kukuk@suse.de
- disable adabas support
* Thu Apr 26 2001 - ro@suse.de
- neededforbuild: curl_ssl-devel -> curl-devel
* Sun Apr 08 2001 - poeml@suse.de
- fix Requires (rearrange tags to define them before using them)
- fix spec file typo
* Tue Mar 27 2001 - rolf@suse.de
- spin off subpackage mod_php4-core which is required by apache and
roxen modules now
- moved config file to /etc/php.ini for all php4 modules
- sybase support conflicts with Adabas D support
- Ingres support is for Ingres II only
- added t1lib support [BUG#6212]
- updated asp2php 0.75.13
- make us of suse_loadmodule for testing
- added /usr/bin/php to core package [BUG#6648]
* Thu Mar 22 2001 - ro@suse.de
- changed neededforbuild to freetype2
* Thu Mar 15 2001 - ro@suse.de
- build with openldap2
* Thu Mar 15 2001 - ro@suse.de
- fixed neededforbuild for openldap
* Tue Mar 06 2001 - ro@suse.de
- use -fPIC
* Fri Feb 23 2001 - ro@suse.de
- changed neededforbuild <apache> to <apache apache-devel>
* Fri Feb 23 2001 - ro@suse.de
- added readline/readline-devel to neededforbuild (split from bash)
* Thu Feb 15 2001 - rolf@suse.de
- new features imap-ssl, bz2, qtdom, ctype, debug, force-cgi-redirect,
discard_path, sigchild, gd-imgstrttf
- added apache-mod_php4.rc.config
- added /etc/httpd/modules/mod_php4
* Wed Jan 17 2001 - rolf@suse.de
- add libpdf support
* Tue Jan 16 2001 - rolf@suse.de
- update to 4.0.4pl1 due to security issue [BUG#5760]
- remove number4.tar.gz, no longer needed
* Fri Jan 12 2001 - rolf@suse.de
- need expat to compile [BUG#5104]
- subpackage for roxen module
* Fri Jan 12 2001 - cihlar@suse.cz
- fixed to compile with roxe/pike [#4408]
* Tue Dec 19 2000 - rolf@suse.de
- link with libssl
* Tue Dec 19 2000 - rolf@suse.de
- added the asp2php package [BUG#4456]
- roxen/pike still doesn´t work
- require RPM group tag via apxs
* Wed Nov 29 2000 - ro@suse.de
- changed neededforbuild <pg_lib> to <postgresql-lib>
* Mon Nov 27 2000 - rolf@suse.de
- added Sablotron support [BUG#3891]
- added curl support [BUG#3890]
- added Flash support on i386 [BUG#3209]
- also pack module files in /usr/lib/php/
- moved the exec dir to /usr/lib/php/bin
- include pear binaries
- added the following modules: sockets, shmop, exif, filepro, dbase
readline, mcrypt, gettext
* Wed Nov 15 2000 - ro@suse.de
- fixed neededforbuild gdlib -> gd gd-devel
* Thu Nov 09 2000 - ro@suse.de
- prefer ndbm.h to db1/ndbm.h
* Mon Nov 06 2000 - ro@suse.de
- added imap-devel to neededforbuild
* Mon Nov 06 2000 - ro@suse.de
- fixed neededforbuild
* Mon Oct 16 2000 - bk@suse.de
- s390: --with-gd=yes -> --with-gd=shared(broken somehow with =yes)
* Mon Oct 16 2000 - rolf@suse.de
- update tp 4.0.3pl1 due to some security breaches
- needed to drop db3 and dbm support, as these are incompatible
- enable FTP support [BUG#3862]
* Wed Sep 13 2000 - fober@suse.de
- s390: suse_update_config, needs-not-forbuild adabas
* Fri Jul 07 2000 - kukuk@suse.de
- Fix Requires and need for build
* Fri Jun 23 2000 - rolf@suse.de
- added support for mcal and calendar functions [BUG#2925]
* Mon Jun 19 2000 - ro@suse.de
- fixed to compile with new postgres
* Mon May 22 2000 - rolf@suse.de
- update to 4.0.0
- --with-java is now broken
* Fri May 12 2000 - rolf@suse.de
- update to 4.0RC2
- a few more options are now functional
* Thu Apr 13 2000 - ro@suse.de
- added mm to neededforbuild
* Thu Mar 30 2000 - rolf@suse.de
- new version 4.0RC1
- many options now work properly
* Wed Mar 01 2000 - rolf@suse.de
- zlib works again
* Tue Feb 22 2000 - rolf@suse.de
- new version 4b4pl1
- now with --enable-thread-safety --with-gd=yes --with-ttf
- imap support is now broken
* Thu Dec 23 1999 - rolf@suse.de
- dynamic JDK path detection
- some fixes in DAV, still doesn´t work
- now also runs with IMAP
* Thu Nov 25 1999 - rolf@suse.de
- initial package version 4.0b3
Files
���
Generated by rpm2html 1.8.1
Daniel Veillard, Wed Oct 8 04:55:09 2008