php5-pdo-5.2.13-0.1.1<>,Kt/=„z:$I-$Is3qus⼃h(PӼdY!Lp`yP1zEn}RDkcf$.UcMSKk`E}l?J3]RH;F]U8M&Pd@$NCcX>7k'myIުu۵ĥw.SWEjb+]Ioxm~ y $c!>>6?d   ." ;Uhnt|     ( L  ($8,I9PI: OIFGH$I,X0Y<\L]T^cbcd|efklzCphp5-pdo5.2.130.1.1PHP5 Extension ModulePHP Data Objects - Data Access Abstraction - light-weight - provides common API for common database operations - keeps majority of PHP specific stuff in the PDO core (such as persistent resource management); drivers should only have to worry about getting the data and not about PHP internals. Authors: -------- The PHP Group See http://www.php.net/credits.php for more detailsKaloeweoopenSUSE 11.1openSUSE"The PHP License, version 3.1. ..."; The PHP License, version 3.1.http://bugs.opensuse.orgDevelopment/Libraries/PHPhttp://www.php.netlinuxi586IoHKLKO45260987b4ff73c2a9483d796c926afd28b5b1dce0d1949df4158444b7b55959rootrootrootrootphp5-5.2.13-0.1.1.src.rpmphp-pdopdo.sophp5-pdoJJ@@@@@Jphp5rpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)libc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1.3)libc.so.6(GLIBC_2.3)libc.so.6(GLIBC_2.4)rpmlib(PayloadIsLzma)5.2.134.0-13.0.4-14.4.2-14.4.2.3K]KrJ@IV@Il@Ik0I@I@I@I@H@HH|@H"@H@GOG GZ@G@GsGaG^{G8@@Fֱ@F@FōF @FF;@FF@F@F} @FnF` @F]g@FQFNFHO@FDZF=@Faffected_rows on no connection causes segfault). - Fixed bug php#50680 (strtotime() does not support eighth ordinal number). - Fixed bug php#50661 (DOMDocument::loadXML does not allow UTF-16). - Fixed bug php#50657 (copy() with an empty (zero-byte) HTTP source succeeds but returns false). - Fixed bug php#50636 (MySQLi_Result sets values before calling constructor). - Fixed bug php#50632 (filter_input() does not return default value if the variable does not exist). - Fixed bug php#50576 (XML_OPTION_SKIP_TAGSTART option has no effect). - Fixed bug php#50575 (PDO_PGSQL LOBs are not compatible with PostgreSQL 8.5). - Fixed bug php#50558 (Broken object model when extending tidy). - Fixed bug php#50540 (Crash while running ldap_next_reference test cases). - Fixed bug php#50508 (compile failure: Conflicting HEADER type declarations). - Fixed bug php#50394 (Reference argument converted to value in __call). - Fixed bug php#49851 (http wrapper breaks on 1024 char long headers). - Fixed bug php#49600 (imageTTFText text shifted right). - Fixed bug php#49585 (date_format buffer not long enough for >4 digit years). - Fixed bug php#49463 (setAttributeNS fails setting default namespace). - Fixed bug php#48667 (Implementing Iterator and IteratorAggregate). - Fixed bug php#48590 (SoapClient does not honor max_redirects). - Fixed bug php#48190 (Content-type parameter "boundary" is not case-insensitive in HTTP uploads). - Fixed bug php#47601 (defined() requires class to exist when testing for class constants). - Fixed bug php#47409 (extract() problem with array containing word "this"). - Fixed bug php#47002 (Field truncation when reading from dbase dbs with more then 1024 fields). - Fixed bug php#45599 (strip_tags() truncates rest of string with invalid attribute). - Fixed bug php#44827 (define() allows :: in constant names). - reworked bnc-435595.patch (change grabbed from php 5.3.2) - added php5-CVE-2010-0397.patch to fix CVE-2010-0397 [bnc#588975]- Update to 5.2.12 release - fix CVE-2009-3546 [bnc#547525] - fix CVE-2009-4142 [bnc#565924] - fix CVE-2009-2626,CVE-2009-4017 [bnc#557157] * Security Enhancements and Fixes in PHP 5.2.12: * Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus) * Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus) * Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion, identified by Bogdan Calin. (CVE-2009-4017, Ilia) * Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check, identified by Stefan Esser. (CVE-2009-4143, Stas) * Fixed bug #49785 (insufficient input string validation of htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com) * Key enhancements in PHP 5.2.12 include: * Fixed unnecessary invocation of setitimer when timeouts have been disabled. (Arvind Srinivasan) * Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre) * Fixed crash in SQLiteDatabase::ArrayQuery() and SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe) * Fixed crash when instantiating PDORow and PDOStatement through Reflection. (Felipe) * Fixed memory leak in openssl_pkcs12_export_to_file(). (Felipe) * Fixed bug #50207 (segmentation fault when concatenating very large strings on 64bit linux). (Ilia) * Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle database). (Felipe) * Fixed bug #50006 (Segfault caused by uksort()). (Felipe) * Fixed bug #50005 (Throwing through Reflection modified Exception object makes segmentation fault). (Felipe) * Fixed bug #49174 (crash when extending PDOStatement and trying to set queryString property). (Felipe) * Fixed bug #49098 (mysqli segfault on error). (Rasmus) * Over 50 other bug fixes. - dropped really-with-libedit.patch- VUL-0: php5: 5.2.11 release [bnc#540242] - Update suhosin patch and extension (older versions will crash) - Require timezone, merged from SLE/factory bugfixes- Update to version 5.2.9, security and bugfix release * VUL-0: php5: memory disclosure by imagerotate() [bnc#480850] * VUL-0: php5: mbstring.func_overload set in .htaccess becomes global [bnc#471419] * Fixed a segfault when malformed string is passed to json_decode() * Fixed explode() behavior with empty string to respect negative limit.- libxml version detection of previous fix will never work. 11.1 version is 2.7.2 not 2.7.3 and presence of XML_PARSE_OLDSAX enumeration value cannot be tested with defined()..- VUL-0: php: buffer overflow in ext/mbstring [BNC#462499] - VUL-0: php5: dir traversal vulnerability in ZipArchive [BNC#464048] - PHP5: ext/xml is broken due to libxml2 2.7.x changes [BNC#457056] * Note that this MUST be submitted AFTER libxml2 update- fix ext/imap buffer overflows, old API used [#BNC402665]- QA Results fixed * array_pad "succeeds" when padding with large negative number [BNC#435595]- QA Results: fix PPC64 regression of gd module [BNC#364518]- update system timezone support patch to r4 * added "System/Localtime" tzname which uses /etc/localtime- Using the ArrayObject class leaks and corrupt memory, causing a really nasty undefined behaviour in userspace code, whatever can happend due to corruption of the symbol table. see http://bugs.php.net/bug.php?id=46222 where martian variables get created as example.- update suhosin to version 0.9.27 * Fixed problem with suhosin.perdir Thanks to Hosteurope for tracking this down * Fixed problems with ext/uploadprogress Reported by: Christian Stocker * Added suhosin.srand.ignore and suhosin.mt_srand.ignore (default: on) * Modified rand()/srand() to use the Mersenne Twister algorithm with separate state * Added better internal seeding of rand() and mt_rand()- do not restart apache after update of mod_php5 [BNC#419508]- Don't try to replace libtool. - Fix alignment violation. - Don't define feature test macros after system headers.- update to PHP 5.2.6 * Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin. * Fixed integer overflow in printf() identified by Maksymilian Aciemowicz. * Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh. * Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz. * Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser. * Fixed two possible crashes inside the posix extension. * Fixed bug #44069 (Huge memory usage with concatenation using . instead of .=) * Fixed bug #44141 (private parent constructor callable through static function). * Fixed bug #43589 (a possible infinite loop in bz2_filter.c). * Fixed bug #43450 (Memory leak on some functions with implicit object __toString() call). * Fixed bug #43201 (Crash on using uninitialized vals and __get/__set). * Fixed bug #42978 (mismatch between number of bound params and values causes a crash in pdo_pgsql). * Fixed bug #42937 (__call() method not invoked when methods are called on parent from child class). * Fixed bug #42736 (xmlrpc_server_call_method() crashes). * Fixed bug #42369 (Implicit conversion to string leaks memory). * Fixed bug #41562 (SimpleXML memory issue). * Fixed bug #43606 (define missing depencies of the exif extension). (crrodriguez at suse dot de) * Fixed bug #43498 (file_exists() on a proftpd server got SIZE not allowed in ASCII mode). (Ilia, crrodriguez at suse dot de) * Over 120 bug fixes.- update suhosin extension to version 0.9.23 - Fixed suhosin extension now compiles with snapshots of PHP 5.3 - Fixed crypt() behaves like normal again when there is no salt supplied - wrong Obsoletes causes upgrade trouble [bnc #355618]- use %%_with_ming and %%_with_qdbm instead of %%opensuse_bs, enables building in the bs in other projects than server:php (bnc#357917)- Try patch recently published by Redhat that allows PHP to use the system timezone database instead of the bundled one.- Do not hard require php5-timezonedb, instead provide a capability php(tzdatabase) = builtin_tz_ver so it gets installed via rpm Supplements only when needed.- PHP is leaking file descriptors badly on relative includes (php-5.2.5-fdleak.patch)- suhosin 0.9.22 - Fixed function_exists() now checks the Suhosin permissions - Fixed crypt() salt no longer uses Blowfish by default - Fixed .htaccess/perdir support - Fixed compilation problem on OS/X - Added protection against some attacks through _SERVER variables - Added suhosin.server.strip and suhosin.server.encode- use /dev/urandom for generating session-IDs [#337005] - L3: PHP: Venezuela Time Zone Update starting date changed to December 9 [#345548]- update to PHP 5.2.5 * Fixed dl() to only accept filenames. reported by Laurent Gaffie. * Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). * Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences. * Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie. * Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable in .htaccess due to the security implications reported by SecurityReason. * Fixed bug #42869 (automatic session id insertion adds sessions id to non-local forms). * Fixed bug #41561 (Values set with php_admin_* in httpd.conf can be overwritten with ini_set()). * Upgraded PCRE to version 7.3 (Nuno) * Added optional parameter $provide_object to debug_backtrace(). (Sebastian) * Added alpha support for imagefilter() IMG_FILTER_COLORIZE. (Pierre) * Added ability to control memory consumption between request using ZEND_MM_COMPACT environment variable. (Dmitry) * Improved speed of array_intersect_key(), array_intersect_assoc(), array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and array_udiff_assoc(). (Dmitry) * Fixed move_uploaded_file() to always set file permissions of resulting file according to UMASK. (Andrew Sitnikov) * Fixed possible crash in ext/soap because of uninitialized value. (Zdash Urf) * Fixed regression in glob() when enforcing safe_mode/open_basedir checks on paths containing '*'. (Ilia) * Fixed PDO crash when driver returns empty LOB stream. (Stas) * Fixed iconv_*() functions to limit argument sizes as workaround to libc bug (CVE-2007-4783, CVE-2007-4840 by Laurent Gaffie). (Christian Hoffmann, Stas) * Fixed missing brackets leading to build warning and error in the log. Win32 code. (Andrey) * Fixed leaks with multiple connects on one mysqli object. (Andrey) * Fixed imagerectangle regression with 1x1 rectangle (libgd #106). (Pierre) * Fixed bug #43196 (array_intersect_assoc() crashes with non-array input). (Jani) * Fixed bug #43139 (PDO ignores ATTR_DEFAULT_FETCH_MODE in some cases with fetchAll()). (Ilia) * Fixed bug #43137 (rmdir() and rename() do not clear statcache). (Jani) * Fixed bug #43130 (Bound parameters cannot have - in their name). (Ilia) * Fixed bug #43099 (XMLWriter::endElement() does not check # of params). (Ilia) * Fixed bug #43020 (Warning message is missing with shuffle() and more than one argument). (Scott) * Fixed bug #42976 (Crash when constructor for newInstance() or newInstanceArgs() fails) (Ilia) * Fixed bug #42917 (PDO::FETCH_KEY_PAIR doesn't work with setFetchMode). (Ilia) * Fixed bug #42890 (Constant "LIST" defined by mysqlclient and c-client). (Andrey) * Fixed bug #42818 ($foo = clone(array()); leaks memory). (Dmitry) * Fixed bug #42817 (clone() on a non-object does not result in a fatal error). (Ilia) * Fixed bug #42785 (json_encode() formats doubles according to locale rather then following standard syntax). (Ilia) * Fixed bug #42783 (pg_insert() does not accept an empty list for insertion). (Ilia) * Fixed bug #42773 (WSDL error causes HTTP 500 Response). (Dmitry) * Fixed bug #42772 (Storing $this in a static var fails while handling a cast to string). (Dmitry) * Fixed bug #42767 (highlight_string() truncates trailing comment). (Ilia) * Fixed bug #42739 (mkdir() doesn't like a trailing slash when safe_mode is enabled). (Ilia) * Fixed bug #42703 (Exception raised in an iterator::current() causes segfault in FilterIterator) (Marcus) * Fixed bug #42699 (PHP_SELF duplicates path). (Dmitry) * Fixed bug #42654 (RecursiveIteratorIterator modifies only part of leaves) (Marcus) * Fixed bug #42643 (CLI segfaults if using ATTR_PERSISTENT). (Ilia) * Fixed bug #42637 (SoapFault : Only http and https are allowed). (Bill Moran) * Fixed bug #42627 (bz2 extension fails to build with -fno-common). (dolecek at netbsd dot org) * Fixed bug #42596 (session.save_path MODE option does not work). (Ilia) * Fixed bug #42590 (Make the engine recognize \v and \f escape sequences). (Ilia) * Fixed bug #42587 (behavior change regarding symlinked .php files). (Dmitry) * Fixed bug #42579 (apache_reset_timeout() does not exist). (Jani) * Fixed bug #42549 (ext/mysql failed to compile with libmysql 3.23). (Scott) * Fixed bug #42523 (PHP_SELF duplicates path). (Dmitry) * Fixed bug #42512 (ip2long('255.255.255.255') should return 4294967295 on 64-bit PHP). (Derick) * Fixed bug #42506 (php_pgsql_convert() timezone parse bug) (nonunnet at gmail dot com, Ilia) * Fixed bug #42462 (Segmentation when trying to set an attribute in a DOMElement). (Rob) * Fixed bug #42453 (CGI SAPI does not shut down cleanly with -i/-m/-v cmdline options). (Dmitry) * Fixed bug #42452 (PDO classes do not expose Reflection API information). (Hannes) * Fixed bug #42468 (Write lock on file_get_contents fails when using a compression stream). (Ilia) * Fixed bug #42488 (SoapServer reports an encoding error and the error itself breaks). (Dmitry) * Fixed bug #42378 (mysqli_stmt_bind_result memory exhaustion). (Andrey) * Fixed bug #42359 (xsd:list type not parsed). (Dmitry) * Fixed bug #42326 (SoapServer crash). (Dmitry) * Fixed bug #42214 (SoapServer sends clients internal PHP errors). (Dmitry) * Fixed bug #42189 (xmlrpc_set_type() crashes php on invalid datetime values). (Ilia) * Fixed bug #42139 (XMLReader option constants are broken using XML()). (Rob) * Fixed bug #42086 (SoapServer return Procedure '' not present for WSIBasic compliant wsdl). (Dmitry) * Fixed bug #41822 (Relative includes broken when getcwd() fails). (Ab5602, Jani) * Fixed bug #39651 (proc_open() append mode doesn't work on windows). (Nuno)- update to PHP 5.2.4, no relevant changes since RC3.- PHP 5.2.4RC3 - Fixed version_compare() to support "rc" as well as "RC" for release candidate version numbers. - Fixed bug #42368 (Incorrect error message displayed by pg_escape_string). (Ilia) - Fixed phpbug #42365 and Novell bugzilla #292998 (glob() crashes and/or accepts way too many flags). (Jani) - Fixed bug #42183 (classmap causes crash in non-wsdl mode). (Dmitry) - Fixed bug #42009 (is_a() and is_subclass_of() should NOT call autoload, in the same way as "instanceof" operator). (Dmitry) - Fixed bug #41904 (proc_open(): empty env array should cause empty environment to be passed to process). (Jani) - Fixed bug #37273 (Symlinks and mod_files session handler allow open_basedir bypass). (Ilia) - remove wrong hardcoded requirement on libedit - devel package at least does not need libtool the php build enviroment uses a private copy. - drop no longer needed patches already in upstream- updated to version 5.2.4RC2 - Fixed oci8 and PDO_OCI extensions to allow configuring with Oracle 11g client libraries. (Chris Jones) - Fixed bug #42292 ($PHP_CONFIG not set for phpized builds). (Jani) - Fixed bug #42261 (header wrong for date field). (roberto at spadim dot com dot br, Ilia) - Fixed bug #42259 (SimpleXMLIterator loses ancestry). (Rob) - Fixed bug #42247 (ldap_parse_result() not defined under win32). (Jani) - Fixed bug #42243 (copy() does not output an error when the first arg is a dir). (Ilia) - Fixed bug #42242 (sybase_connect() crashes). (Ilia) - Fixed bug #42237 (stream_copy_to_stream returns invalid values for mmaped streams). (andrew dot minerd at sellingsource dot com, Ilia) - Fixed bug #42222 (possible buffer overflow in php_openssl_make_REQ). (Pierre) - Fixed bug #42211 (property_exists() fails to find protected properties from a parent class). (Dmitry) - Fixed bug #42208 (substr_replace() crashes when the same array is passed more than once). (crrodriguez at suse dot de, Ilia) - Fixed bug #42198 (SCRIPT_NAME and PHP_SELF truncated when inside a userdir and using PATH_INFO). (Dmitry) - Fixed bug #42195 (C++ compiler required always). (Jani) - Fixed bug #42117 (bzip2.compress loses data in internal buffer). (Philip, Ilia) - Fixed bug #42082 (NodeList length zero should be empty). (Hannes) - Fixed bug #36492 (Userfilters can leak buckets). (Sara) - Fixed bug #31892 (PHP_SELF incorrect without cgi.fix_pathinfo, but turning on screws up PATH_INFO). (Dmitry)- updated to version 5.2.4RC1 - dropped obsoleted PHP_5_2-CVS-2007-07-30.patch.bz2- updated to latest state of PHP_5_2 branch; highlights from the NEWS file: - Upgraded PCRE to version 7.2 (Nuno) - Updated timezone database to version 2007.6. (Derick) - Improved openssl_x509_parse() to return extensions in readable form. (Dmitry) - Changed "display_errors" php.ini option to accept "stderr" as value which makes the error messages to be outputted to STDERR instead of STDOUT with CGI and CLI SAPIs (FR #22839). (Jani) - Changed error handler to send HTTP 500 instead of blank page on PHP errors. (Dmitry, Andrei Nigmatulin) - Added check for unknown options passed to configure. (Jani) - Added persistent connection status checker to pdo_pgsql. (Elvis Pranskevichus, Ilia) - Added support for ATTR_TIMEOUT inside pdo_pgsql driver. (Ilia) - Added php_ini_loaded_file() function which returns the path to the actual php.ini in use. (Jani) - Added GD version constants GD_MAJOR_VERSION, GD_MINOR_VERSION GD_RELEASE_VERSION, GD_EXTRA_VERSION and GD_VERSION_STRING. (Pierre) - Added missing open_basedir checks to CGI. (anight at eyelinkmedia dot com, Tony) - Added missing format validator to unpack() function. (Ilia) - Added missing error check inside bcpowmod(). (Ilia) - Added CURLOPT_PRIVATE & CURLINFO_PRIVATE constants. (Andrey A. Belashkov, Tony) - Added missing MSG_EOR and MSG_EOF constants to sockets extension. (Jani) - Added PCRE_VERSION constant. (Tony) - Added ReflectionExtension::info() function to print the phpinfo() block for an extension. (Johannes) - Implemented FR #41884 (ReflectionClass::getDefaultProperties() does not handle static attributes). (Tony) - plus lots of bugfixes - fixed the pear phar archive to run with 5.2.4 [http://bugs.php.net/bug.php?id=42146]- added /var/lib/pear to php5-pear.rpm- fix nasty deadlock in pear - update php5-ze2-fixes.patch and actually apply it.- fixed YOU honors Recommends, breaks php update [#291551] (moved php-suhosin from Recommends to Suggests)- provide /srv/www/cgi-bin/php5 compat symlink instead of patching config files- fixed a mess with update-alternatives PreReq uncovered by newer build versions. actually every subpackage that uses update-alternatives should PreReq it. - fix some ZE2 bugs.- drop php5.xpm and the Icon: line from the specfile (the icon is not used at all and it breaks rpm -q --specfile php5.spec)- PHP version 5.2.3 see http://www.php.net/releases/5_2_3.php - important: PHP-cgi now lives in /usr, package attempts to fix both lighttpd and apache2 fastcgi config files.- use system re2c in factory. - enable support for qbdm in the dba extension (build service only) - enable the ming extension (build service only)- fixed the dba extension adding -ldb-4.x to global LDFLAGS, causing unnecessary dependency in /usr/bin/php5 [http://bugs.php.net/bug.php?id=41455]- updated suhosin to version 0.9.20, security fix + bugfixes see http://www.hardened-php.net/suhosin/changelog.html for more detail.- fix devel package, in the reality PHP does not currenly require expat. headers provides a expat compatibility layer but it is no longer in use by our packages as libxml2 is always prefered, (and HAVE_LIBEXPAT is not defined)- update php5-test-fixes fixing another bug in zend_compile.c - use rpm macros in the spec file - when removing apache2-mod_php5, unload it from apache first. - when updating apache2-mod_php5 restart apache with restart on update macro.- HTTP_RAW_POST_DATA superglobal broken (php5-phpbug-41293.patch) - better fix for MOPB 41.- remove --enable-memory-limit configure flag, it disappeared in 5.2.1, nowdays memory_limit is always enabled.- changed expat to libexpat-devel in Requires of devel subpackage- add php5-test-fixes.patch fixing a test case that wont pass on i586 as well a real fix for Zend/tests/bug41117_1.phpt problem, that was commited after the release was done. there is another test case that fails in 10.2 ext/pcre/tests/bug40195.phpt but this is not a PHP problem but a bug in PCRE. - added missing fix for PMOPB-45-2007 PHP ext/filter Email Validation Vulnerability (minor)- php5-devel package now requires pcre-devel for > 10.1 as 5.2.2 installs php_pcre.h header that needs it.- fixed some new compiler warnings- upgrade to PHP 5.2.2, fixed hundreds of bugs including MOPB ones if you need the complete changes see http://www.php.net/ChangeLog-5.php#5.2.2- Upgrade suhosin extension to version 0.9.19 see http://www.hardened-php.net/suhosin/changelog.html for details- added bison to BuildRequires, removed update-desktop-files- fixed unpack() on big-endian 64bit (revert-phpbug38770.patch) - blacklist more env variables when safe_mode is on (php5-config.patch)- fix Requires of -devel package to include only what is really needed for operation of the pecl tool as well the neccesary headers to compile php extensions. - Fix MOPB 24 "PHP array_user_key_compare() Double DTOR Vulnerability" - note that fix for MOPB 23 was included in the previous patchset.- add security fixes for MOPB 20, 21 and 22. - RPM_BUILD_ROOT is never defined in %post.- fix/workaround for php5-gd problem with typo3 [#236680] - add fix for MOPB-14-2007 PHP substr_compare() Information Leak Vulnerability. - add secfix for import_request_variables() ancient problem, users of suhosin extension are not affected. - Run the test suite here- Update suhosin extension to version 0.9.18 fixing a session problem.- Update suhosin extension to version 0.9.17. see http://www.hardened-php.net/suhosin/changelog.html for details.- add t1lib support in php5-gd (10.3 and up only) - an off-by-one in str_replace may cause a crash.- PHP 5.2.1. for a full list of changes see http://www.php.net/ChangeLog-5.php#5.2.1 - add Obsoletes for extensions we dont ship anymore- fix getenv() modifing $_POST, breaks suhosin badly when register_* is On and variables orde is "GPCS" (default). - change/remove obsoleted patches- synced with BuildService * file "session_mm_apache2handler0.sem" written at boot [#229200] (php5-config.patch) * for certain functionality php5-exif requires php5-mbstring * php5-ldap requires php5-openssl * remove LDAP_DEPRECATED from CFLAGS, module already takes care of this. * patch potential HTTP_SESSION_VARS et all hijack when register_globals is On users from suhosin extension are not affected.(php5-session-rgon-hijack.patch) * on 10.2 and up php5-devel should require pcre-devel sqlite-devel sqlite2-devel * php5-devel is mostly useless without autoconf automake libtool bison make gcc. * added patches: phpbug-39350.patch oldhat-phpinputdata-secfix.patch ze2-fixes.patch filter.patch ext-lib64again.patch- fixed string comparison in xmlrpc module (strcmp.patch) - allways apply %%patch9- updated the curl module from cvs to fix build with curl-7.16 (curl-cvs-fix.patch, dropped gcc.patch)- fixed VUL-0: php session.save_path open_basedir bypass [#227569] (save_path-secfix.patch)- synced with BuildService * updated Suhosin patch to 0.9.6.2 * updated Suhosin extension to 0.9.16 * fixed php5-devel should provide PECL tool [#204006] * use bundled sqlite in suse versions =< 10.1 (pdo_sqlite stopped working properly with older sqlite3 libs) * do not use zend-multibyte anymore, please refer to phpbug #36711 and associated links, no applications uses this feature in the real world since it is disabled in all other distributions/OS.seems to cause more problems than solutions. * change php.ini, back to short_open_tag =off (the default) the package that depended on this setting no longer does. Also explicitely set the upload_tmp_dir in php.ini to deal with open_basedir recent changes (please refer to phpbug #39123) for the details. * suhosin.ini uses just the default recommended settings- created symlinks /usr/bin/php and /usr/bin/pear [#216166]- fixed implicit function decls in suhosin patch (keep the original patch intact and put fixes into separate patch)- updated to 5.2.0 final - merged changes from buildservice (by soporte@onfocus.cl): - updated suhosin to 0.9.10 - added suhosin patch - build with system PCRE if suse_release > 10.1 only [#215610] - suhosin extension does not require PDO - suhosin added to the reccommended list - php5-pspell to require at least aspell-en otherwise is useless [#217272]- php5-sqlite now uses our sqlite and sqlite2 packages to build and not bundled ones [#201440] - updated suhosin to 0.9.9- update to 5.2.0RC6- reset right path in extension_dir (php5-php-config.patch)- update to version 5.2.0RC5 - added suhosin extension (the hardened php replacement) [#210886]- update to version 5.2.0RC4 * added DSA key generation support to openssl_pkey_new() * updated PCRE to version 6.7 * increased default memory limit to 16 megabytes to accommodate for a more accurate memory utilization measurement * added support for httpOnly flag for session extension and cookie setting functions * added version specific registry keys to allow different configurations for different php version * added "PHPINIDir" Apache directive to apache and apache_hooks SAPIs * added an optional boolean parameter to memory_get_usage() and memory_get_peak_usage() to get memory size allocated by emalloc() or real size of memory allocated from system * moved extensions to PECL (filepro and hwapi) * improved SNMP, OpenSSL extension * improved the Zend memory manager, FastCGI SAPI, CURL, PCRE, PDO, SPL, xmlReader - merged changes from openSUSE build service * build without --enable-sigchild [#206533, php#28294, php#38342] * build CLI with libedit support (really-with-libedit.patch) * tweaked the default config a bit, to make it more secure * removed ini entries related to extensions we don't ship * t1lib is not currently needed for build, we need t1lib5 to do something useful * removeed --enable-ucd-snmp-hack (needed for ucd-snmp, but we use net-snmp) * pdo_odbc provided by php-odbc * php-suse-addons : o PHP5 is unlikely to parse php3 code, remove the file association o corrected apache directive is AddHandler not AddType * dropped extensions: o mysql, mysqli and pdo_mysql provided by php-mysql (reduce package count) o php-pdo_sqlite provided by php-sqlite o php-pdo_pgsql provided by php-pgsql o filepro dropped by upstream * new extension: o filter (kept static and cannot be unloaded, due security reasons) o json (added as Recommended) o zip (it uses a bundled library) - fixed gcc issues (gcc.patch) - droped obsoleted patches: include_path.patch, bug-37720.patch, bug-37306.patch, cgi_bugs.patch, bug-37587.patch, gd-fixes.patch, bug-37416.patch, main_bugs.patch, soap.patch, standard.patch, mbstring_bugs.patch, ze2_bugs.patch, xsl_bugs.patch, curl.patch- fixed build with X11R7- updated to version 5.1.4 * FastCGI interface was completely reimplemented * multitude of improvements to the SPL, SimpleXML, GD, CURL and Reflection extensions * support for many additional date formats added to the strtotime() * a performance improvements added to the engine and core extensions * added imap_savebody() that allows message body to be written to a file * added lchown() and lchgrp() to change user/group ownership of symlinks * upgraded bundled PCRE library to version 6.6 - merged changes from openSUSE build service * removed unneeded sablot-devel,sqlite-devel,pcre-devel,fam-devel and libmcal from BuildRequires * added php-ctype,php-dom,php-iconv,php-pdo,php-pdo_sqlite,php-sqlite, php-tokenizer,php-xmlreader,php-xmlwriter to Recommends * added php-mbstring php-gd php-pear php-gettext php-mysqli to Suggests * added support for optional readline(libedit) for CLI (disabled by default) * patches for zendengine (ze2_bugs.patch), xsl (xsl_bugs.patch), curl (curl.patch) and mbstring bugs (mbstring_bugs.patch), big soap patch (soap.patch) * removed obsoleted patches * fixed Safe Mode Bypass [#188243] (standard.patch) * upstream patches [php#37306, php#37416, php#37587, php#37720] [php#37576, php#37496, php#37341, php#37313, php#37256] (cgi_bugs.patch) [php#37346, php#37360] (gd-fixes.patch) * fixed build inconsistences, added php-hash module [#173023] * added pdo_odbc.so to php-odbc module [#190614] * build without explicit safe_mode and magic_quotes (unneeded) * removed useless GD --with-ttf configure option, only suitable for freetype 1loewe 1273221729  ^ U5.2.13-0.1.1pdo.inipdo.so/etc/php5/conf.d//usr/lib/php5/extensions/-march=i586 -mtune=i686 -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -gobs://build.suse.de/SUSE:openSUSE:11.1:Update:Test/standard/55c864426d8e50a1d24d9a7e12142be5-php5cpiolzma2i586i586-suse-linux ˄cD+?]"k%]:D'u1k3܂RRwݯr+ҒVKtHXLZ|N:#ϘUih2Yذnyyσ۫ͬ QD)Ч)ldC03Xe@|G8]\ORA/nq3t91 PgbVs hCv߲#R!teActRB)KE1i-'LuDj;M(YG!^IVO p;# ytYMR KN!?{kE%YeS vAD.iw) N C^pPK<'~|qÛ-WR-{ vǃk'_A`Hc78j4Y~SwMpq:QԖbCb*ioMxFG)W~0ioOgCJC2qdI@ӓ9@i5٫QIQwP ~ChG|;sKS{5,qt\3YY-]twr=p0&@lcS'$C8~W1W|m()flL#;|~A D&wխ\u 5jZTN6sR֩3J`X Ǻ@FH ,;t`}ϛ?/0$b ذ]´䧪<:ω}Nk/1TfυT Hc6;b՛:6Ɂf '6C򤶜GI0T ?B͖4xJ;=D%Yi'& #t0""ZmbģC acV" [j!P*,:6"eu)A횐۰f/$vvfj|9?@1%.Y;TN#d )κ!0=%-$CUЪg@qhMHX|a>)\I 67=OaenQa47!^9pQ"KWi،`ɢUS7򯲲Kq]9 LxP:OgN}0s)n.n@Q|p&~ ~'r@t9G*c-:އ.T?d"hopRuhiy}TRg@S5O]S3?SOB˗rIxئRfR*EY_ ,D@Rn!a~E)_HM*M Ca+D8nbl=S Z\Ub T61"Oe؟/Zz 8NaX447#OE40g 3LJVKCr]:f] nI5 >9Y7m9}`%w$_FY2ƗD!6P!E;}g5mMPUev>:hg)d_{άM]TslDqV-RQV^_S+`5[0{P˦D>FaB 7ik?S t>ŦC B^īg)?2;PcJ&qT$K4[vi ץ8`K`~'uT V1Нs@ځ% .mjdԣ %9 %7 s8hptnB9e*,*V^+gy͍:.8'hvܩp||2kDxq}\-3_JJ*j#j8_daӠaԜ,_2mE-ip22^|j.[4#Q/E%3!adXRy;4Oy'EȅFs}Okm!UT 둍K<`^Xal{98oz4gRfA Pq)wtև"K<?f9-uIpc3^61OMyMƂGM##JiI8YگkO&VfEyVlzj2V\Myn2e{<65۩D8u25AbYZx':R~jN9*HiJ`U-f˜@,1N7bDf[< >NUx'ˬ3@V8qL'X՝P6jAH͓7${tIP3:C@8#n!%⟡OrEi z!ƨta40H  }#rrm{p~Ee<.KJop=,AoKf siKG$X7DFfW]P@̧;8]LQt cK!aIp]Џqd#O,Dg+A]Fc*v8gE&;zU=7n Fj>Q%=3 &:֝0 Ϫu/iҮ NEGʚ磗I]~eE}@do_la˞h;̨cu :|lw=8!gmw~Gw*h/- ,~ ,,$ a= ' gq-q ! 樯2G[CFZ?ⰟF<HEH}1J%*l-!KENܞ]ҵ>TtU/LF~RI@R2R=F_Hf1Ja+3ؗ K& #;'Z؛s%zxFb$ˏ\=X8kiG4`mOU wqU1}*-KʏjY~m Z=@&*"hcgNx緧8-rrA]B(hR)3hGawxFQ^-3D;v?yDmϥaY,s^oV=f:vׇ8HxטCH`a5TKr7_GlRh#C_g$kXm#9n|6Y~RSՓ{ ;$~'.4`oK" Ш*m^́|3Rb6(#bҤvHgr{Az[0GEK+@BWL&^5 c̵ 74^u.6zM}Dy^K~<''nyCƽDS;=?3K\R/zh(3V\ p ?:lU ݚoF-`gSckW sZ{3}+?13%Sf+vɁ Q9nef!]} IHdaT05zw:奩@0ӵBNP.R]-@k)ۋ3`ٙ \Ƀk) -Iz"ƔqZzwiw6TɅ'Qe.\QD@)%g<x\,UhцLI.9ٳMZ,r=hx lܦݧ$S$1Fe$wΝ.#l?@ruu 7 ֚|"oG˟LX)=(0A a[#J&>SE lY"hؙ'*>c3 U+W&ļRGS.TљZRI ٵe+"@bIR@OC135x;/Ԑ3)QP&cC] qFuY@hĂp F'l%0<طJ}Є`7w0W.Uio}mwbDl"G@bA_2`10x/=:=fԒ@p_F&*|=/< lN\?&_%u6ئROH V6* 28/2gf 5&j$ErC %܄Sra&8M؇rDe9,1[R@3NZ'fi-CnںuW1 D}pe2cM<]VShP6u?]/v2Ϥj X!a=)If//?]S G#}]M* hi1M'jxS|m+'%0))Qf+J+h oK&wM@>KCJ@öеBTu~tх4O1`Vzݻ,PꌄzE!RN *.qbdK**pyq90/YZww1>ADӛFgc3 n# 0 @ä6}2> 9HjTFV\X J<,;@ieݴ L+D5fW 6ڛ`黑|1XQheq͛'rd7rH=Ė4V JxAy'QqqvЋڣj=DX.·]yPZpg6ݿPZLo,Hi!`aGJ>渋;>. !j_9p Xܵ/$=\uIU߂sq,7(ϫe3tJ$9b*!ޢ$avQ+#ř XQN.?NW7#:t+<;ÕC52 I;X` gQsʞp5_"md3F ة YwM^ڵr*B*)1 HwK 4GLan Hy#!1J%ԚE%uh\AMRHcCtjY& M -qfז  iX"#@}a/wS^"jgIxšI2^Pj<@~5pJE?6ƲdmоV|!ܔw !YHYC{ 8 cO=½HZifOc/6|k]FX;l7xɾho-IӟP옇)<5\ z12bD{¬W1+ݙH=ԼSRd[p0O1鞉bԸ㑚"c;swLa>rJZSW >LBU˞?nɪ3)߫ߝMcZ:ѫd;(%.cw=D}p{ ./q`Ysq*ةOOȎ#L*N~Lv&2e) {J4@ԍ8#6X" uLDZ%VuZz\56W ]%6q8zDɺ8i\^lmdS>LR)h5{@toq[=X]Il*#g64Ł(#PSx‰KgufŮ&*Z?' cqJa,2H ˃s}.:+]`拃Um5Z[ ms|ji v3Z¢XR9*є03% vV:2ՕI2?Jh[Ty+jo$%)nSll>$bh4khc82Js"zp(% N|=ѫUƧuI6k Ǎǵ{3n#O7(|(.D3N_fZ`*`2vs2yO~p6b瓞ӌmC t#Dh$:Ji2.*qS`Q_䏭bM3;E'I"=+5#LĎVb)ͰryZ뷣ýJ)<'Gx. J%۱SKg*.~0/fha)yɂo+RmfH]I:=N1ۥtq/"mO,DE DaN:(l_Mv2A[h |=}Rng-:*}jEϋEn,VMt1(wkƟ S7 O_2TYL`ٞ[ڛ~x`+J\r2rϳL+AMCFD!r_+gKBsœ6=cQ9HĠM_j7vD95(wyRFBE-,>5n< sWu]DV@BJ~8?.ׁЎ˗9zʵ<"b|ii:n'[Xh >k2`w*?r nV&Q :5:ސ§*fb& j߶2%VBT-FgNr 8qn 2D ) 7P[R$SbAs~^UlO0~9?"K+'CB 3%V u>DK+W݄H2C]`-xmcz ̼Mo_GػvA[Sb-8kD\4>#%+T"e7$| ʭg_cI9N=W݂ NXPW6%i"RE՗:#^u6x-[9ٗ)](f:1i l6M3q; Ov[n ,#BbnE+|;*# "{[/lRmA7VK*A@-C= SE^/>> 9.FgCKW9Ƭ,~ȴfiz&rq+[;PS }tPЯR~ђWk@ GE -)bbu4.r/@@J(,Eq3TM=aFI[n}ji}{lʊn6o'a.*ƛ8}[V4).b,Y=m zx8Sl7y viM' uaAxzcrB-'K>Sqn7zk{zs!<2GGdAIty-27cQ2xW א!9jw>}0nk#Y@hB WTġfk;QCe&7ï<f7_7QoEzG[۔f_H)y{H 8 1ցG]ҟ@%AQg@ɲ9LeIfGg:Ap}t3%hCaGy.x#>'mp"> _>jӒu mI]f=]*ې9#%\-lQ4YCg]_t3>0CET9,"#(e#8grοE)Pҟ֐rU 'R^zv@Kxy ome YZpᗰmt-1('Pݘ⤝Qx2"+~*_+63ЀXz3_IupuUly"$gBB)IÖ(tp_Ld m:ZYf_l;q$#DQFc݃#T̷t v>'-$)J@F؊7O1o 21>ë xlʦEyTteXlRV*rFX>{%P'^ϸ7,0_V-0jX݁NJESmQ' TkPp9[>eF$kFlڀ&IM56!3ٺa&@X/C{PШu &-Y'51Dr;;_fSE0~a_2ÝrLXEBqDڑֻ3-;kR5,dUΓ\Nd)gl'_Er~\8/T(NAvTY71qB2% Y󳋕F~bjUzC}8Om2.7ts؛cv&OR#m l 9ɠIc0Ǔw9l៛2Ýsē TmkMk~'ֲWAbpW{}2yxO}bKG£ <'O' #,Ap5 m&~> )ݒ5ȝ&v^x.ORR,',@g@ݙ`t?-Cs= \%"L'FW+P[PC\XACĜ;'2jh܅C柦z0H~HRG|IL+H%rYiv-]G5$)A1d[:$II,O”]su'J8u,Ciy4P`K#.Oa$:Z} ,U=> GgF. ڏW+ iw=r`V e ' X~jFj- h'/8rCG(أ܏<E ߚ+`hsS[-TՃw,{7ZjC#Ň L ;s_e\X3A;nVzWktA>ɈgAH+Gr(  P9̔2&1 G(~dtnŕ5&`ʮ6mc ҼAOwm:c^l)#6y.t88AsƻmKAW8e+@!hexH.n+"E}S: .8\Ody={Ž\ t0 {Wytqk D0,=~G*~ɚ:EIj^X/M_b6yb/D>T.Y,\q}V!\r~cS T#4{Gacږґ^(^WV@h4B c\jm05E'枰-U6Nob "2'PӲ< +Qo.6WD[昈&f7~Zv>/y>#(.rXcb8-F+D8T3 k ݗH&)]Y@R#*ҮIr30bǕ: Al_y*u 4#]-3wrm6_lFjoP;GB0G2,\cI;JR* T޿{mY6>n4%ƅV5Zb OIfo@zbՕ!1UAH>܍ZȮCN.۳:jhԸC%ԏ pdJEu~_m\݆zCS<|1g%5Bְ^RP|c6ݨ9FC``>.vC 'H9bYmr+pG:{; "IO/*8eX)DŽpbO.R(Qu18_j%5  |2а0KmX1دMkJߠ: ^ Gtl#nkS,ã #  =*E`q}0^`Q*-*D8&]nd5E]sޗ|~f Z'-zZqDaI OOa@1RDo6sDѤVIX#&(yyeW*Z֧kh^; "^ԜzW6qȀOkicC`H5Aڙ;} ̀[mv Eg,xd#TO e pj:f|+=)^uDmk/ʘxWgSڨp^:bνCBTbl|6 dt#L03u\7s֨X3gF)kއ,n7Hm$) * '?d'kve iisV:' 9:Yho)"|v~f9W\)jùJ˹y@swŵlQ+#?WڀV7d"*d$>J ֌&Ǎ)zJ/&tgߍ oJɨ3~4{O6j^伣K6c__4"§VbUz@ CXZGbvͧSEOǯN"q_?>Kch)p(q{3Y0ΜK9n[XXUIk\)I!j em[RGZN!]M9.G,_ZvIILw+J'Q%A?2cayhוwX#7R ĸ¦~jbp,4.s`O.Yl # 5=Xpw*vgmxr\:p>J GnqUc!oRR7#;58ȹu@ _sU{,{) +i+KޮxܺZu6.rwNz[a9TT1lN0H6dgq4]d||5 -^/40}i`H'91+7P%?ՅcYC3x|C7:݌ 5y%KXSx~V-Cqץ5$B N&e}7Za餩>iQktUEy9:=g`P=(FvOVTmc˱4W*XaT<֬CUPJcHD#">]dk*x専B ZCLŪ 7t(ᾐ/})Z|ͅ,"zCKdZgpl@e _L\ YtƈQ dEus3N?;J26!2?ydfƣ [ ]8JWMb ,INCbHg $2Hɳc!Ԕ(Zr˂lۥ{FU*vTւԇpmeF /ޟԝS#ѫ9!cBI}Et %(; GXM.O1N rO[@}LjkX\=,OFÇ`t`iw6a[2d28~ 0J"q2Bچd2=y