Hello community, here is the log from the commit of package php5 for openSUSE:Factory checked in at 2015-07-16 17:17:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/php5 (Old) and /work/SRC/openSUSE:Factory/.php5.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "php5" Changes: -------- --- /work/SRC/openSUSE:Factory/php5/php5.changes 2015-07-05 18:01:34.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.php5.new/php5.changes 2015-07-16 17:17:08.000000000 +0200 @@ -1,0 +2,47 @@ +Tue Jul 14 08:08:05 UTC 2015 - [email protected] + +- updated suhosin extension to 0.9.38 + - removed code compatibility for PHP <5.4 + - allow https location for suhosin.filter.action + - fixed newline detection for suhosin.mail.protect + - Added suhosin.upload.max_newlines to protect againt DOS attack + via many MIME headers in RFC1867 uploads (CVE-2015-4024) + - mail related test cases now work on linux + - Relaxed array index blacklist (removed '-') due to wordpress + incompatibility + - Added SQL injection protection for Mysqli and several test + cases + - Added SQL injection protection for Mysqli and several test cases + - Added wildcard matching for SQL username + - Added check for SQL username to only contain valid characters + (>= ASCII 32) + - Test cases for user_prefix and user_postfix + - Added experimental PDO support + - SQL checks other than mysql (Mysqli + old-style) must be + enabled with configure --enable-suhosin-experimental, e.g. MSSQL. + - disallow_ws now matches all single-byte whitespace characters + - remove_binary and disallow_binary now optionally allow UTF-8. + - Introduced suhosin.upload.allow_utf8 (experimental) + - Reimplemented suhosin_get_raw_cookies() + - Fixed potential segfault for disable_display_errors=fail + (only on ARM) + - Fixed potential NULL-pointer dereference with func.blacklist + and logging + - Logging timestamps are localtime instead of gmt now + (thanks to mkrokos) + - Added new array index filter (character whitelist/blacklist) + - Set default array index blacklist to '"+-<>;() + - Added option to suppress date/time for suhosin file logging + (suhosin.log.file.time=0) + - Added simple script to create binary Debian package + - Fixed additional recursion problems with session handler + - Suhosin now depends on php_session.h instead of version-specific + struct code + +------------------------------------------------------------------- +Mon Jul 13 17:40:28 UTC 2015 - [email protected] + +- updated to 5.6.11: Five security-related issues in PHP were fixed + in this release, including CVE-2015-3152. + +------------------------------------------------------------------- Old: ---- php-5.6.10.tar.xz php-5.6.10.tar.xz.asc suhosin-0.9.36.tgz New: ---- php-5.6.11.tar.xz php-5.6.11.tar.xz.asc suhosin-0.9.38.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ php5.spec ++++++ --- /var/tmp/diff_new_pack.PzF89I/_old 2015-07-16 17:17:09.000000000 +0200 +++ /var/tmp/diff_new_pack.PzF89I/_new 2015-07-16 17:17:09.000000000 +0200 @@ -23,7 +23,7 @@ Name: php5 %global apiver 20131106 %global zendver 20131226 -%define suhosin_version 0.9.36 +%define suhosin_version 0.9.38 %define pkg_name php5 %define with_spell 1 @@ -108,7 +108,7 @@ %define php_sysconf %{_sysconfdir}/%{pkg_name} %define _x11prefix %(pkg-config --variable=prefix xft) %define need_libxml2_hack %(if [ -e %{_includedir}/libxml/parser.h ]; then if grep -q XML_PARSE_OLDSAX %{_includedir}/libxml/parser.h;then echo 1; else echo 0; fi; else echo 0; fi) -Version: 5.6.10 +Version: 5.6.11 Release: 0 Provides: php Provides: php-api = %{apiver} @@ -142,7 +142,7 @@ Conflicts: php53 Source0: http://us2.php.net/distributions/php-%{version}.tar.xz Source1: php-suse-addons.tar.bz2 -Source2: http://download.suhosin.org/suhosin-%{suhosin_version}.tgz +Source2: https://download.suhosin.org/suhosin-%{suhosin_version}.tar.gz Source4: README.SUSE-pear Source5: README.macros Source6: macros.php ++++++ php-5.6.10.tar.xz -> php-5.6.11.tar.xz ++++++ /work/SRC/openSUSE:Factory/php5/php-5.6.10.tar.xz /work/SRC/openSUSE:Factory/.php5.new/php-5.6.11.tar.xz differ: char 27, line 1
