Mailinglist Archive: opensuse-commit (857 mails)

[root@xxxxxxxxxxxxxxx (h_root)]

Hello community,

here is the log from the commit of package php5
checked in at Mon Nov 12 22:05:43 CET 2007.

--------
--- php5/php5.changes   2007-08-30 03:54:12.000000000 +0200
+++ /mounts/work_src_done/STABLE/php5/php5.changes      2007-11-12 
22:04:16.630097000 +0100
@@ -1,0 +2,70 @@
+Mon Nov 12 06:40:39 CET 2007 - crrodriguez@xxxxxxx
+
+- update to PHP 5.2.5
+  * Fixed dl() to only accept filenames. reported by Laurent Gaffie.
+  * Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887).
+  * Fixed htmlentities/htmlspecialchars not to accept partial multibyte 
sequences.
+  * Fixed possible triggering of buffer overflows inside glibc implementations 
of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie.
+  * Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable 
in .htaccess due to the security implications reported by SecurityReason.
+  * Fixed bug #42869 (automatic session id insertion adds sessions id to 
non-local forms).
+  * Fixed bug #41561 (Values set with php_admin_* in httpd.conf can be 
overwritten with ini_set()).
+  * Upgraded PCRE to version 7.3 (Nuno)
+  * Added optional parameter $provide_object to debug_backtrace(). (Sebastian)
+  * Added alpha support for imagefilter() IMG_FILTER_COLORIZE. (Pierre)
+  * Added ability to control memory consumption between request using 
ZEND_MM_COMPACT environment variable. (Dmitry)
+  * Improved speed of array_intersect_key(), array_intersect_assoc(), 
array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and 
array_udiff_assoc(). (Dmitry)
+  * Fixed move_uploaded_file() to always set file permissions of resulting 
file according to UMASK. (Andrew Sitnikov)
+  * Fixed possible crash in ext/soap because of uninitialized value. (Zdash 
Urf)
+  * Fixed regression in glob() when enforcing safe_mode/open_basedir checks on 
paths containing '*'. (Ilia)
+  * Fixed PDO crash when driver returns empty LOB stream. (Stas)
+  * Fixed iconv_*() functions to limit argument sizes as workaround to libc 
bug (CVE-2007-4783, CVE-2007-4840 by Laurent Gaffie). (Christian Hoffmann, Stas)
+  * Fixed missing brackets leading to build warning and error in the log. 
Win32 code. (Andrey)
+  * Fixed leaks with multiple connects on one mysqli object. (Andrey)
+  * Fixed imagerectangle regression with 1x1 rectangle (libgd #106). (Pierre)
+  * Fixed bug #43196 (array_intersect_assoc() crashes with non-array input). 
(Jani)
+  * Fixed bug #43139 (PDO ignores ATTR_DEFAULT_FETCH_MODE in some cases with 
fetchAll()). (Ilia)
+  * Fixed bug #43137 (rmdir() and rename() do not clear statcache). (Jani)
+  * Fixed bug #43130 (Bound parameters cannot have - in their name). (Ilia)
+  * Fixed bug #43099 (XMLWriter::endElement() does not check # of params). 
(Ilia)
+  * Fixed bug #43020 (Warning message is missing with shuffle() and more than 
one argument). (Scott)
+  * Fixed bug #42976 (Crash when constructor for newInstance() or 
newInstanceArgs() fails) (Ilia)
+  * Fixed bug #42917 (PDO::FETCH_KEY_PAIR doesn't work with setFetchMode). 
(Ilia)
+  * Fixed bug #42890 (Constant "LIST" defined by mysqlclient and c-client). 
(Andrey)
+  * Fixed bug #42818 ($foo = clone(array()); leaks memory). (Dmitry)
+  * Fixed bug #42817 (clone() on a non-object does not result in a fatal 
error). (Ilia)
+  * Fixed bug #42785 (json_encode() formats doubles according to locale rather 
then following standard syntax). (Ilia)
+  * Fixed bug #42783 (pg_insert() does not accept an empty list for 
insertion). (Ilia)
+  * Fixed bug #42773 (WSDL error causes HTTP 500 Response). (Dmitry)
+  * Fixed bug #42772 (Storing $this in a static var fails while handling a 
cast to string). (Dmitry)
+  * Fixed bug #42767 (highlight_string() truncates trailing comment). (Ilia)
+  * Fixed bug #42739 (mkdir() doesn't like a trailing slash when safe_mode is 
enabled). (Ilia)
+  * Fixed bug #42703 (Exception raised in an iterator::current() causes 
segfault in FilterIterator) (Marcus)
+  * Fixed bug #42699 (PHP_SELF duplicates path). (Dmitry)
+  * Fixed bug #42654 (RecursiveIteratorIterator modifies only part of leaves) 
(Marcus)
+  * Fixed bug #42643 (CLI segfaults if using ATTR_PERSISTENT). (Ilia)
+  * Fixed bug #42637 (SoapFault : Only http and https are allowed). (Bill 
Moran)
+  * Fixed bug #42627 (bz2 extension fails to build with -fno-common). (dolecek 
at netbsd dot org)
+  * Fixed bug #42596 (session.save_path MODE option does not work). (Ilia)
+  * Fixed bug #42590 (Make the engine recognize \v and \f escape sequences). 
(Ilia)
+  * Fixed bug #42587 (behavior change regarding symlinked .php files). (Dmitry)
+  * Fixed bug #42579 (apache_reset_timeout() does not exist). (Jani)
+  * Fixed bug #42549 (ext/mysql failed to compile with libmysql 3.23). (Scott)
+  * Fixed bug #42523 (PHP_SELF duplicates path). (Dmitry)
+  * Fixed bug #42512 (ip2long('255.255.255.255') should return 4294967295 on 
64-bit PHP). (Derick)
+  * Fixed bug #42506 (php_pgsql_convert() timezone parse bug) (nonunnet at 
gmail dot com, Ilia)
+  * Fixed bug #42462 (Segmentation when trying to set an attribute in a 
DOMElement). (Rob)
+  * Fixed bug #42453 (CGI SAPI does not shut down cleanly with -i/-m/-v 
cmdline options). (Dmitry)
+  * Fixed bug #42452 (PDO classes do not expose Reflection API information). 
(Hannes)
+  * Fixed bug #42468 (Write lock on file_get_contents fails when using a 
compression stream). (Ilia)
+  * Fixed bug #42488 (SoapServer reports an encoding error and the error 
itself breaks). (Dmitry)
+  * Fixed bug #42378 (mysqli_stmt_bind_result memory exhaustion). (Andrey)
+  * Fixed bug #42359 (xsd:list type not parsed). (Dmitry)
+  * Fixed bug #42326 (SoapServer crash). (Dmitry)
+  * Fixed bug #42214 (SoapServer sends clients internal PHP errors). (Dmitry)
+  * Fixed bug #42189 (xmlrpc_set_type() crashes php on invalid datetime 
values). (Ilia)
+  * Fixed bug #42139 (XMLReader option constants are broken using XML()). (Rob)
+  * Fixed bug #42086 (SoapServer return Procedure '' not present for WSIBasic 
compliant wsdl). (Dmitry)
+  * Fixed bug #41822 (Relative includes broken when getcwd() fails). (Ab5602, 
Jani)
+  * Fixed bug #39651 (proc_open() append mode doesn't work on windows). (Nuno) 
+
+-------------------------------------------------------------------

Old:
----
  php-5.2.4.tar.bz2
  suhosin-patch-5.2.4-0.9.6.2.patch

New:
----
  php-5.2.5.tar.bz2
  suhosin-patch-5.2.5-0.9.6.2.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ php5.spec ++++++
--- /var/tmp/diff_new_pack.ps2190/_old  2007-11-12 22:04:42.000000000 +0100
+++ /var/tmp/diff_new_pack.ps2190/_new  2007-11-12 22:04:42.000000000 +0100
@@ -1,5 +1,5 @@
 #
-# spec file for package php5 (Version 5.2.4)
+# spec file for package php5 (Version 5.2.5)
 #
 # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
@@ -68,13 +68,13 @@
 %define apache2_serverroot %(%{apxs2} -q PREFIX)
 ###
 ###
-Version:        5.2.4
+Version:        5.2.5
 Release:        1
 License:        The PHP License, version 3.01
 Group:          Development/Languages/Other
 Provides:       php zend php-xml php-spl php-simplexml php-session php-pcre 
php-date php-reflection php-filter
 Provides:       php-dbx php-dio php-fam php-filepro php-yp
-Autoreqprov:    on
+AutoReqProv:    on
 PreReq:         update-alternatives
 #extensions that are no longer here
 Obsoletes:      php-dbx php-dio php-fam php-filepro php-yp
@@ -98,7 +98,7 @@
 # compiler warnings
 Patch9:         php5-warnings.patch
 #please use patch30 and up for security fixes
-URL:            http://www.php.net
+Url:            http://www.php.net
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Summary:        PHP5 Core Files
 
@@ -1402,7 +1402,7 @@
 # fix deadlock
 %{__cp} %{S:5} %{buildroot}/%{peardir}/PEAR
 # reminder: Will be removed when upstream fixes deadlock in pear
-test %version = 5.2.4
+test %version = 5.2.5
 # for pear XML files
 %{__install} -d -m 0755 %{buildroot}/var/lib/pear
 # provide compat symlink
@@ -1792,8 +1792,74 @@
 %defattr(644,root,root,755)
 %{extension_dir}/zlib.so
 %config(noreplace) %{php_sysconf}/conf.d/zlib.ini
-
 %changelog
+* Mon Nov 12 2007 - crrodriguez@xxxxxxx
+- update to PHP 5.2.5
+  * Fixed dl() to only accept filenames. reported by Laurent Gaffie.
+  * Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887).
+  * Fixed htmlentities/htmlspecialchars not to accept partial multibyte 
sequences.
+  * Fixed possible triggering of buffer overflows inside glibc implementations 
of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie.
+  * Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable 
in .htaccess due to the security implications reported by SecurityReason.
+  * Fixed bug #42869 (automatic session id insertion adds sessions id to 
non-local forms).
+  * Fixed bug #41561 (Values set with php_admin_* in httpd.conf can be 
overwritten with ini_set()).
+  * Upgraded PCRE to version 7.3 (Nuno)
+  * Added optional parameter $provide_object to debug_backtrace(). (Sebastian)
+  * Added alpha support for imagefilter() IMG_FILTER_COLORIZE. (Pierre)
+  * Added ability to control memory consumption between request using 
ZEND_MM_COMPACT environment variable. (Dmitry)
+  * Improved speed of array_intersect_key(), array_intersect_assoc(), 
array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and 
array_udiff_assoc(). (Dmitry)
+  * Fixed move_uploaded_file() to always set file permissions of resulting 
file according to UMASK. (Andrew Sitnikov)
+  * Fixed possible crash in ext/soap because of uninitialized value. (Zdash 
Urf)
+  * Fixed regression in glob() when enforcing safe_mode/open_basedir checks on 
paths containing '*'. (Ilia)
+  * Fixed PDO crash when driver returns empty LOB stream. (Stas)
+  * Fixed iconv_*() functions to limit argument sizes as workaround to libc 
bug (CVE-2007-4783, CVE-2007-4840 by Laurent Gaffie). (Christian Hoffmann, Stas)
+  * Fixed missing brackets leading to build warning and error in the log. 
Win32 code. (Andrey)
+  * Fixed leaks with multiple connects on one mysqli object. (Andrey)
+  * Fixed imagerectangle regression with 1x1 rectangle (libgd #106). (Pierre)
+  * Fixed bug #43196 (array_intersect_assoc() crashes with non-array input). 
(Jani)
+  * Fixed bug #43139 (PDO ignores ATTR_DEFAULT_FETCH_MODE in some cases with 
fetchAll()). (Ilia)
+  * Fixed bug #43137 (rmdir() and rename() do not clear statcache). (Jani)
+  * Fixed bug #43130 (Bound parameters cannot have - in their name). (Ilia)
+  * Fixed bug #43099 (XMLWriter::endElement() does not check # of params). 
(Ilia)
+  * Fixed bug #43020 (Warning message is missing with shuffle() and more than 
one argument). (Scott)
+  * Fixed bug #42976 (Crash when constructor for newInstance() or 
newInstanceArgs() fails) (Ilia)
+  * Fixed bug #42917 (PDO::FETCH_KEY_PAIR doesn't work with setFetchMode). 
(Ilia)
+  * Fixed bug #42890 (Constant "LIST" defined by mysqlclient and c-client). 
(Andrey)
+  * Fixed bug #42818 ($foo = clone(array()); leaks memory). (Dmitry)
+  * Fixed bug #42817 (clone() on a non-object does not result in a fatal 
error). (Ilia)
+  * Fixed bug #42785 (json_encode() formats doubles according to locale rather 
then following standard syntax). (Ilia)
+  * Fixed bug #42783 (pg_insert() does not accept an empty list for 
insertion). (Ilia)
+  * Fixed bug #42773 (WSDL error causes HTTP 500 Response). (Dmitry)
+  * Fixed bug #42772 (Storing $this in a static var fails while handling a 
cast to string). (Dmitry)
+  * Fixed bug #42767 (highlight_string() truncates trailing comment). (Ilia)
+  * Fixed bug #42739 (mkdir() doesn't like a trailing slash when safe_mode is 
enabled). (Ilia)
+  * Fixed bug #42703 (Exception raised in an iterator::current() causes 
segfault in FilterIterator) (Marcus)
+  * Fixed bug #42699 (PHP_SELF duplicates path). (Dmitry)
+  * Fixed bug #42654 (RecursiveIteratorIterator modifies only part of leaves) 
(Marcus)
+  * Fixed bug #42643 (CLI segfaults if using ATTR_PERSISTENT). (Ilia)
+  * Fixed bug #42637 (SoapFault : Only http and https are allowed). (Bill 
Moran)
+  * Fixed bug #42627 (bz2 extension fails to build with -fno-common). (dolecek 
at netbsd dot org)
+  * Fixed bug #42596 (session.save_path MODE option does not work). (Ilia)
+  * Fixed bug #42590 (Make the engine recognize \v and \f escape sequences). 
(Ilia)
+  * Fixed bug #42587 (behavior change regarding symlinked .php files). (Dmitry)
+  * Fixed bug #42579 (apache_reset_timeout() does not exist). (Jani)
+  * Fixed bug #42549 (ext/mysql failed to compile with libmysql 3.23). (Scott)
+  * Fixed bug #42523 (PHP_SELF duplicates path). (Dmitry)
+  * Fixed bug #42512 (ip2long('255.255.255.255') should return 4294967295 on 
64-bit PHP). (Derick)
+  * Fixed bug #42506 (php_pgsql_convert() timezone parse bug) (nonunnet at 
gmail dot com, Ilia)
+  * Fixed bug #42462 (Segmentation when trying to set an attribute in a 
DOMElement). (Rob)
+  * Fixed bug #42453 (CGI SAPI does not shut down cleanly with -i/-m/-v 
cmdline options). (Dmitry)
+  * Fixed bug #42452 (PDO classes do not expose Reflection API information). 
(Hannes)
+  * Fixed bug #42468 (Write lock on file_get_contents fails when using a 
compression stream). (Ilia)
+  * Fixed bug #42488 (SoapServer reports an encoding error and the error 
itself breaks). (Dmitry)
+  * Fixed bug #42378 (mysqli_stmt_bind_result memory exhaustion). (Andrey)
+  * Fixed bug #42359 (xsd:list type not parsed). (Dmitry)
+  * Fixed bug #42326 (SoapServer crash). (Dmitry)
+  * Fixed bug #42214 (SoapServer sends clients internal PHP errors). (Dmitry)
+  * Fixed bug #42189 (xmlrpc_set_type() crashes php on invalid datetime 
values). (Ilia)
+  * Fixed bug #42139 (XMLReader option constants are broken using XML()). (Rob)
+  * Fixed bug #42086 (SoapServer return Procedure '' not present for WSIBasic 
compliant wsdl). (Dmitry)
+  * Fixed bug #41822 (Relative includes broken when getcwd() fails). (Ab5602, 
Jani)
+  * Fixed bug #39651 (proc_open() append mode doesn't work on windows). (Nuno)
 * Thu Aug 30 2007 - crrodriguez@xxxxxxx
 - update to PHP 5.2.4, no relevant changes since RC3.
 * Fri Aug 24 2007 - crrodriguez@xxxxxxx

++++++ php-5.2.4.tar.bz2 -> php-5.2.5.tar.bz2 ++++++
php5/php-5.2.4.tar.bz2 /mounts/work_src_done/STABLE/php5/php-5.2.5.tar.bz2 
differ: byte 11, line 1

++++++ php5-warnings.patch ++++++
--- /var/tmp/diff_new_pack.ps2190/_old  2007-11-12 22:04:42.000000000 +0100
+++ /var/tmp/diff_new_pack.ps2190/_new  2007-11-12 22:04:42.000000000 +0100
@@ -32,31 +32,3 @@
        int use_cache;
        int use_relative_path = 0;
        TSRMLS_FETCH();
---- ext/mysqli/mysqli_prop.c.orig
-+++ ext/mysqli/mysqli_prop.c
-@@ -86,8 +86,8 @@ static int __func(mysqli_object *obj, zv
-                       ZVAL_LONG(*retval, l);\
-               } else { \
-                       char *ret; \
--                      int l = spprintf(&ret, 0, MYSQLI_LLU_SPEC, 
(my_ulonglong)l); \
--                      ZVAL_STRINGL(*retval, ret, l, 0); \
-+                      int len = spprintf(&ret, 0, MYSQLI_LLU_SPEC, 
(my_ulonglong)l); \
-+                      ZVAL_STRINGL(*retval, ret, len, 0); \
-               } \
-       }\
-       return SUCCESS;\
---- main/output.c.orig
-+++ main/output.c
-@@ -430,9 +430,12 @@ static int php_ob_init_named(uint initia
-       tmp_buf.chunk_size = chunk_size;
-       tmp_buf.status = 0;
-       tmp_buf.internal_output_handler = NULL;
-+      tmp_buf.internal_output_handler_buffer = NULL;
-+      tmp_buf.internal_output_handler_buffer_size = 0;
-       tmp_buf.handler_name = 
estrdup(handler_name&&handler_name[0]?handler_name:OB_DEFAULT_HANDLER_NAME);
-       tmp_buf.erase = erase;
- 
-+
-       if (OG(ob_nesting_level)>0) {
- #if HAVE_ZLIB && !defined(COMPILE_DL_ZLIB)
-               if (!strncmp(handler_name, "ob_gzhandler", 
sizeof("ob_gzhandler")) && php_ob_gzhandler_check(TSRMLS_C)) {


++++++ Registry.php ++++++
--- php5/Registry.php   2007-07-25 09:31:03.000000000 +0200
+++ /mounts/work_src_done/STABLE/php5/Registry.php      2007-11-12 
06:39:27.000000000 +0100
@@ -17,7 +17,7 @@
  * @author     Greg Beaver <cellog@xxxxxxx>
  * @copyright  1997-2006 The PHP Group
  * @license    http://www.php.net/license/3_0.txt  PHP License 3.0
- * @version    CVS: $Id: Registry.php,v 1.166 2007/06/16 18:41:59 cellog Exp $
+ * @version    CVS: $Id: Registry.php,v 1.167.2.1 2007/09/08 15:02:49 cellog 
Exp $
  * @link       http://pear.php.net/package/PEAR
  * @since      File available since Release 0.1
  */
@@ -795,6 +795,7 @@
             }
 
             if (!is_resource($this->lock_fp)) {
+                $this->lock_fp = null;
                 return $this->raiseError("could not create lock file" .
                                          (isset($php_errormsg) ? ": " . 
$php_errormsg : ""));
             }
@@ -807,6 +808,7 @@
                 }
                 //is resource at this point, close it on error.
                 fclose($this->lock_fp);
+                $this->lock_fp = null;
                 return $this->raiseError("could not acquire $str lock 
($this->lockfile)",
                                          PEAR_REGISTRY_ERROR_LOCK);
             }
@@ -1769,13 +1771,10 @@
             return $e;
         }
         $ret = &$this->_getChannel($channel, $noaliases);
-        
         $this->_unlock();
-        
         if (!$ret) {
             return PEAR::raiseError('Unknown channel: ' . $channel);
         }
-        
         return $ret;
     }
 

++++++ suhosin-patch-5.2.4-0.9.6.2.patch -> suhosin-patch-5.2.5-0.9.6.2.patch 
++++++
++++ 1176 lines (skipped)
++++ between php5/suhosin-patch-5.2.4-0.9.6.2.patch
++++ and /mounts/work_src_done/STABLE/php5/suhosin-patch-5.2.5-0.9.6.2.patch


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Remember to have fun...

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-commit+help@xxxxxxxxxxxx