commit php5.3524 for openSUSE:13.1:Update
Hello community, here is the log from the commit of package php5.3524 for openSUSE:13.1:Update checked in at 2015-02-19 11:11:18 Comparing /work/SRC/openSUSE:13.1:Update/php5.3524 (Old) and /work/SRC/openSUSE:13.1:Update/.php5.3524.new (New) Package is php5.3524 Changes: New Changes file: --- /dev/null 2014-12-25 22:38:16.200041506 +0100 +++ /work/SRC/openSUSE:13.1:Update/.php5.3524.new/php5.changes 2015-02-19 11:11:24.0 +0100 @@ -0,0 +1,3083 @@ +--- +Tue Dec 30 15:39:08 UTC 2014 - pgaj...@suse.com + +- security update: + * CVE-2014-8142 [bnc#910659] ++ php-CVE-2014-8142.patch + * CVE-2015-0231 [bnc#910659] ++ php-CVE-2015-0231.patch + * null ptr deref [bnc#910659] ++ php-unserialize-null-ptr-deref.patch + * CVE-2014-9427 [bnc#911664] ++ php-CVE-2014-9427.patch + * CVE-2015-0232 [bnc#914690] ++ php-CVE-2015-0232.patch +- added added README.default_socket_timeout [bnc#907519] + +--- +Mon Oct 27 11:25:38 UTC 2014 - pgaj...@suse.com + +- security update: + * CVE-2014-3670 [bnc#902357] + * CVE-2014-3669 [bnc#902360] + * CVE-2014-3668 [bnc#902368] +- added patches: + * php-CVE-2014-3670.patch + * php-CVE-2014-3669.patch + * php-CVE-2014-3668.patch + +--- +Wed Sep 10 08:51:03 UTC 2014 - pgaj...@suse.com + +- security update: + * CVE-2014-5459 [bnc#893849] + * CVE-2014-3597 [bnc#893853] + * CVE-2014-5120 [bnc#893855] +- fixed suhosin crash if used with php session_set_save_handler() + [bnc#895658] +- added patches: + * php-CVE-2014-3597.patch + * php-CVE-2014-5120.patch + * php5-suhosin-crash.patch + +--- +Thu Jul 17 14:32:29 UTC 2014 - pgaj...@suse.com + +- security update: + * php-CVE-2014-4670.patch [bnc#886059] + * php-CVE-2014-4698.patch [bnc#886060] + * php-CVE-2014-4721.patch [bnc#885961] + +--- +Mon Jun 30 15:27:29 UTC 2014 - pgaj...@suse.cz + +- security update [bnc#884986], [bnc#884987], [bnc#884989], + [bnc#884990], [bnc#884991], [bnc#884992] +- added patches: + * php-5.4.20-CVE-2014-0207.patch + * php-5.4.20-CVE-2014-3478.patch + * php-5.4.20-CVE-2014-3479.patch + * php-5.4.20-CVE-2014-3480.patch + * php-5.4.20-CVE-2014-3487.patch + * php-5.4.20-CVE-2014-3515.patch + +--- +Tue Jun 17 14:58:48 UTC 2014 - pgaj...@suse.com + +- security update: + * php-5.4.20-CVE-2014-4049.patch [bnc#882992] + +--- +Tue Jun 3 08:37:20 UTC 2014 - pgaj...@suse.com + +- security update + * CVE-2014-0237 [bnc#880905] + * CVE-2014-0238 [bnc#880904] + +--- +Fri May 9 07:28:56 UTC 2014 - pgaj...@suse.com + +- security update + * CVE-2014-2497.patch [bnc#868624] + * CVE-2014-0185.patch [bnc#875826] + +--- +Fri Dec 13 10:32:11 UTC 2013 - pgaj...@suse.com + +- security update + * CVE-2013-6420.patch [bnc#854880] + * CVE-2013-6712.patch [bnc#853045] + +--- +Wed Sep 25 09:30:23 UTC 2013 - pgaj...@suse.com + +- updated to 5.4.20: + * About 30 bugs were fixed. + +--- +Thu Sep 5 12:44:11 UTC 2013 - pgaj...@suse.com + +- updated to 5.4.19: + * These releases fix a bug in the patch for CVE-2013-4248 in +OpenSSL module and compile failure with ZTS enabled in PHP 5.4. + +--- +Tue Aug 20 10:44:04 UTC 2013 - pgaj...@suse.com + +- updated to 5.4.18: + * About 30 bugs were fixed, including security issues CVE-2013-4113 +and CVE-2013-4248. + +--- +Thu Aug 1 21:28:15 UTC 2013 - crrodrig...@opensuse.org + +- php5-per-mod-log.patch: It turns out that requesting per-module + logging support in 2.4 will not do a thing if the expansion + of APLOG_USE_MODULE is not visible to all files of the module + so place it in the header instead. + +--- +Wed Jul 31 01:21:24 UTC 2013 - crrodrig...@opensuse.org + +- php5-per-mod-log.patch Support apache 2.4 per module logging +- php5-apache24-updates.patch Use proper API in apache 2.4 + to determine when the module has to be loaded. + I made this patches at least a year ago, but for some reason + they went out of my radar and were not applied to upstream + Will be
commit php5 for openSUSE:13.1:Update
Hello community, here is the log from the commit of package php5 for openSUSE:13.1:Update checked in at 2015-02-19 11:11:21 Comparing /work/SRC/openSUSE:13.1:Update/php5 (Old) and /work/SRC/openSUSE:13.1:Update/.php5.new (New) Package is php5 Changes: New Changes file: NO CHANGES FILE!!! Other differences: -- ++ _link ++ --- /var/tmp/diff_new_pack.28zogC/_old 2015-02-19 11:11:26.0 +0100 +++ /var/tmp/diff_new_pack.28zogC/_new 2015-02-19 11:11:26.0 +0100 @@ -1 +1 @@ -link package='php5.3101' cicount='copy' / +link package='php5.3524' cicount='copy' / -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit patchinfo.3524 for openSUSE:13.1:Update
Hello community, here is the log from the commit of package patchinfo.3524 for openSUSE:13.1:Update checked in at 2015-02-19 11:11:27 Comparing /work/SRC/openSUSE:13.1:Update/patchinfo.3524 (Old) and /work/SRC/openSUSE:13.1:Update/.patchinfo.3524.new (New) Package is patchinfo.3524 Changes: New Changes file: NO CHANGES FILE!!! New: _patchinfo Other differences: -- ++ _patchinfo ++ patchinfo incident=3524 issue id=911663 tracker=bncVUL-0: CVE-2014-9426: php5: The apprentice_load function in libmagic/apprentice.c in the Fileinfo componentin PHP through 5.6.4.../issue issue id=907519 tracker=bncphp53 ignores default_socket_timeout on outgoing SSL connection/issue issue id=910659 tracker=bncVUL-0: CVE-2014-8142: php5: NULL pointer dereference in unserialize.c/issue issue id=914690 tracker=bncVUL-0: CVE-2015-0232: php5: Free called on unitialized pointer in exif.c/issue issue id=911664 tracker=bncVUL-0: CVE-2014-9427: php5: sapi/cgi/cgi_main.c in the CGI component in PHP/issue issue id=CVE-2015-0231 tracker=cve / issue id=CVE-2014-9427 tracker=cve / issue id=CVE-2014-9426 tracker=cve / issue id=CVE-2015-0232 tracker=cve / issue id=CVE-2014-8142 tracker=cve / categorysecurity/category ratingmoderate/rating packagerpgajdos/packager descriptionphp5 was updated to fix five security issues. These security issues were fixed: - CVE-2015-0231: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allowed remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142 (bnc#910659). - CVE-2015-0232: The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allowed remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image (bnc#914690). - CVE-2014-8142: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allowed remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019 (bnc#910659). - CVE-2014-9427: sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap was used to read a .php file, did not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which caused an out-of-bounds read and might (1) allowed remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping (bnc#911664). For openSUSE 13.2 this additional security issue was fixed: - CVE-2014-9426: The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempted to perform a free operation on a stack-based character array, which allowed remote attackers to cause a denial of service (memory corruption or application crash) or possibly have unspecified other impact via unknown vectors (bnc#911663). /description summarySecurity update for php5/summary /patchinfo -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit osc.3523 for openSUSE:13.1:Update
Hello community, here is the log from the commit of package osc.3523 for openSUSE:13.1:Update checked in at 2015-02-19 17:25:10 Comparing /work/SRC/openSUSE:13.1:Update/osc.3523 (Old) and /work/SRC/openSUSE:13.1:Update/.osc.3523.new (New) Package is osc.3523 Changes: New Changes file: --- /dev/null 2014-12-25 22:38:16.200041506 +0100 +++ /work/SRC/openSUSE:13.1:Update/.osc.3523.new/osc.changes2015-02-19 17:25:11.0 +0100 @@ -0,0 +1,2007 @@ +--- +Tue Jan 13 15:53:11 UTC 2015 - adr...@suse.de + +- 0.150.1 + - minor syntax fix + +--- +Fri Jan 9 14:44:45 UTC 2015 - adr...@suse.de + +- 0.150.0 + - support local builds using builenv (for same build environment as a former build) + - add osc api --edit option to be able to edit some meta files directly + - follow the request order of the api (sorting according to priorization) + - add mr --release-project option for kgraft updates + - add support for makeoriginolder in request + +--- +Fri Dec 5 13:17:15 UTC 2014 - seife+...@b1-systems.com + +- fix bash completion (complete is not propagated into subshells, + but PROFILEREAD is, so the setup script is never executed) + +--- +Fri Nov 14 12:46:34 UTC 2014 - suse-...@gmx.de + +- fixed #123 (wrong requires for Fedora 20) + +--- +Tue Oct 21 09:57:27 UTC 2014 - suse-...@gmx.de + +- 0.149 + - removed --diff option from the createrequest command + - introduced new vc-cmd config option, which is used to specify the path +to the vc script + - various bugfixes + +--- +Tue Oct 7 14:45:27 UTC 2014 - adr...@suse.de + +- 0.148.2 + - support multiple parallel maintenance projects += fixing submit request call + +--- +Fri Sep 12 07:03:37 UTC 2014 - adr...@suse.de + +- 0.148.1 + - fixes crash regression + +--- +Thu Sep 11 10:35:57 UTC 2014 - adr...@suse.de + +- 0.148.0 + - support new history including review history of OBS 2.6 + - display request priorities, if important or critical + - add osc rq priorize command to re-priorize existing requests + - allow also osc rq ls shortcut + - fish shell completion support + +--- +Tue Aug 26 07:51:58 UTC 2014 - adr...@suse.de + +- 0.147.0 + - support groups in maintainership requests + - fixing listing of review requests + - support expanded package listing (when using project links) + - fixing osc add git:// behaviour + - using xz as default compression + - support local debian live (image) build format + - handle ppc64le for debian as well + - fix buildlog --strip-time + - some more minor bugfixes + +--- +Mon May 19 13:59:53 UTC 2014 - adr...@suse.de + +- 0.146.0 + - support maintenance release request with acceptinfo data (OBS 2.6) + - setlinkrev can be used to update frozen links to current revisions again + - report errors in case request accept fails + - support epoch number handling for local builds + - support bugowner request handling for groups + - support usage of fedoras mock to build packages + - support build --prefer-pkgs for Arch linux + - support bash-completion for .kiwi files + +--- +Thu Apr 3 07:52:46 UTC 2014 - suse-...@gmx.de + +- 0.145.0 + - allow to use the set-release option when running a manual release + - added support for osc requestmaintainership PROJECT + - various bugfixes: +- print_buildlog: do not strip tabs +- fixed osc -H ... in combination with a proxy +- fixed creation of ~/.osc_cookiejar +- Package.commit: create _meta for newly added packages +- fixed behavior of set_link_rev #72 +- fixed typos in PKGBUILD file: no comma in depends tag (as + pointed out by roflik) + +--- +Fri Feb 28 14:42:30 UTC 2014 - adr...@suse.de + +- 0.144.1 + - fixed osc meta pkg -e regression for special package names + +--- +Thu Feb 27 09:42:55 UTC 2014 - adr...@suse.de + +- 0.144.0 + - allow commiting to package sources from linked projects. osc will ask to branch it first. + - group support in bugowner and maintainer command + +--- +Fri Jan 24
commit build.3523 for openSUSE:13.1:Update
Hello community, here is the log from the commit of package build.3523 for openSUSE:13.1:Update checked in at 2015-02-19 17:25:02 Comparing /work/SRC/openSUSE:13.1:Update/build.3523 (Old) and /work/SRC/openSUSE:13.1:Update/.build.3523.new (New) Package is build.3523 Changes: New Changes file: --- /dev/null 2014-12-25 22:38:16.200041506 +0100 +++ /work/SRC/openSUSE:13.1:Update/.build.3523.new/build.changes 2015-02-19 17:25:03.0 +0100 @@ -0,0 +1,1242 @@ +--- +Fri Jan 30 07:23:36 UTC 2015 - adr...@suse.de + +- add recommend to perl(Net::SSL) (bnc#880212) +- add support for debian debootstrap build engine +- Update arch config +- Add support for conflicts, addselfprovides, weakdeps to query functions +- installed package handling works also for arch and debian now +- large code cleanup +- bugfixes and documentation updates + +--- +Mon Nov 24 15:45:59 UTC 2014 - adr...@suse.de + +- Add releasesuffix hack for new PTF handling +- support parallel build jobs for debs +- Fix repocfg usage in the exact match case +- Improve exclarch handling for deb builds +- rewritten workaround for broken chroot tool + +--- +Mon Oct 27 09:01:57 UTC 2014 - adr...@suse.de + +- add support for new chroot tool + * fixes Ubuntu 14.10 builds +- man pages for unrpm and vc + +--- +Fri Sep 19 05:37:09 UTC 2014 - adr...@suse.de + +- drop not available packages from SLE 12 config + +--- +Thu Sep 18 10:46:25 UTC 2014 - adr...@suse.de + +- fix syntax error in SLE 12 config + +--- +Tue Sep 16 06:29:02 UTC 2014 - adr...@suse.de + +- add SLE 12 config (bnc#893618) +- build-vm-kvm: Always use -mem-prealloc when using -mem-path +- debian livebuild support +- various ppc handling fixes +- various smaller fixes + +--- +Thu Apr 24 19:09:19 UTC 2014 - adr...@suse.de + +- build script got refactored and split in multiple modules + +--- +Thu Feb 20 18:41:16 UTC 2014 - adr...@suse.de + +- bugfix release + - /sys mounting + - binfmtmisc setup + +--- +Thu Dec 5 13:26:34 UTC 2013 - adr...@suse.de + +- fix ppc64le vs. ppc64 emulator check (none needed) + +--- +Thu Dec 5 10:01:44 UTC 2013 - adr...@suse.de + +- fix vc tool regression from minor fixes + +--- +Wed Dec 4 08:26:56 UTC 2013 - adr...@suse.de + +- support for project side configured VM kernels +- ppc64le support +- minor fixes + +--- +Tue Oct 15 09:37:05 UTC 2013 - adr...@suse.de + +- update openSUSE 13.1 build configuration +- add openSUSE 13.2 build configuration +- add support for m86k +- add support for Tizen changelog date format +- export .packages, .verified and .ova files for kiwi +- initvm code cleanup +- Do not specify compression format for Arch packages when extracting +- export kiwi-image:$type for kiwi files with schemaversion 5.6 or newer +- mount tmpfs on $BUILD_ROOT/dev/shm +- Create devices nodes if udev is not running +- more arm architectures +- make version '0' a valid version +- fix the call to lintian, lintian gets a dsc file as input +- adding generic parameter to hand over kiwi parameters + +--- +Fri Aug 2 20:35:02 UTC 2013 - dvla...@suse.com + +- add requires for Fedora + +--- +Fri May 17 09:44:35 UTC 2013 - adr...@suse.de + +- fix build for non-SUSE rpm distros + +--- +Fri May 17 09:24:49 UTC 2013 - adr...@suse.de + +- fix a number of issues regarding statistics collection + = works with more udev versions now + +--- +Wed May 15 16:17:04 UTC 2013 - adr...@suse.de + +- fix qemu-binfmt registration in chroot builds + +--- +Tue May 14 10:52:18 UTC 2013 - adr...@suse.de + +- debian builds call linitian now if installed +- Arch Linux: support new pacman tool syntax +- support kiwi installation medias with new kiwi versions +- fixed regression using build host rpm instead of the version from chroot +- fixed repository
commit osc for openSUSE:13.1:Update
Hello community, here is the log from the commit of package osc for openSUSE:13.1:Update checked in at 2015-02-19 17:25:11 Comparing /work/SRC/openSUSE:13.1:Update/osc (Old) and /work/SRC/openSUSE:13.1:Update/.osc.new (New) Package is osc Changes: New Changes file: NO CHANGES FILE!!! Other differences: -- ++ _link ++ --- /var/tmp/diff_new_pack.KWyKo1/_old 2015-02-19 17:25:12.0 +0100 +++ /var/tmp/diff_new_pack.KWyKo1/_new 2015-02-19 17:25:12.0 +0100 @@ -1 +1 @@ -link package='osc.2830' cicount='copy' / +link package='osc.3523' cicount='copy' / -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit idzebra.3536 for openSUSE:13.1:Update
Hello community, here is the log from the commit of package idzebra.3536 for openSUSE:13.1:Update checked in at 2015-02-19 17:25:54 Comparing /work/SRC/openSUSE:13.1:Update/idzebra.3536 (Old) and /work/SRC/openSUSE:13.1:Update/.idzebra.3536.new (New) Package is idzebra.3536 Changes: New Changes file: --- /dev/null 2014-12-25 22:38:16.200041506 +0100 +++ /work/SRC/openSUSE:13.1:Update/.idzebra.3536.new/idzebra.changes 2015-02-19 17:25:55.0 +0100 @@ -0,0 +1,359 @@ +--- +Mon Feb 9 10:16:26 UTC 2015 - zai...@opensuse.org + +- Update to version 2.0.60 (boo#917030): + + Fix ICU phrase searches for terms split by ICU ZEB-664. + + Update Visual Studio nmake file for VS 2013. +- Update Url and Source to new location. + +--- +Tue Jun 3 09:23:52 UTC 2014 - k...@suse.de + +- Version 2.0.59; for details, see http://indexdata.dk/zebra/doc/NEWS; + e.g.: + * SRU 2.0 support. + * Bug fixes. + +--- +Wed Sep 4 12:18:44 UTC 2013 - i...@marguerite.su + +- fix build with tcl 8.5+ + * tcl_interp-errorline/result is depreciated and replaced with +Tcl_GetErrorline/Tcl_GetStringResult. + * online documentations claim these functions were marked in 8.6 +but actually in 8.5 errorline is marked. +- add patch: idzebra-2.0.55-tcl-8.6-abuild.patch + +--- +Thu Aug 29 14:17:40 UTC 2013 - k...@suse.de + +- Version 2.0.55; for details, see http://indexdata.dk/zebra/doc/NEWS; + e.g.: + + Add + document zebraidx command check, which checks consistency +of register. + +--- +Wed Aug 7 16:17:14 CEST 2013 - r...@suse.de + +- fix build on factory: newer rpm does not allow to mark + non-directories as dir anymore (like symlinks in this case) + +--- +Thu Jun 6 06:46:24 UTC 2013 - k...@suse.de + +- Version 2.0.54; for details and earlier changes, see + http://indexdata.dk/zebra/doc/NEWS. + +--- +Tue Sep 18 07:29:47 UTC 2012 - k...@suse.de + +- Version 2.0.52; for details and earlier changes, see + http://indexdata.dk/zebra/doc/NEWS. + +--- +Wed May 25 13:36:12 CEST 2011 - k...@suse.de + +- Version 2.0.44; for details and earlier changes, see + http://indexdata.dk/zebra/doc/NEWS: +* Zebra honors SRU sortkeys and CQL sortby. + +--- +Wed Aug 25 15:03:05 CEST 2010 - k...@suse.de + +- Version 2.0.44; for details see http://indexdata.dk/zebra/doc/NEWS. + +--- +Thu Dec 17 02:58:47 CET 2009 - crrodrig...@opensuse.org + +- fix -devel package dependencies + +--- +Wed Nov 18 09:52:09 CET 2009 - k...@suse.de + +- Version 2.0.43; for details see http://indexdata.dk/zebra/doc/NEWS. + +--- +Mon May 18 15:47:09 CEST 2009 - k...@suse.de + +- Version 2.0.37; for details see http://indexdata.dk/zebra/NEWS. + +--- +Thu Mar 26 13:51:22 CET 2009 - crrodrig...@suse.de + +- Do not include static modules and la files + +--- +Mon Mar 9 15:10:33 CET 2009 - k...@suse.de + +- Version 2.0.36; for details see http://indexdata.dk/zebra/NEWS. + +--- +Fri Jul 4 15:10:57 CEST 2008 - k...@suse.de + +- Version 2.0.32 (for details see NEWS): +* Mostly ICU related enhancements and fixes. + +--- +Wed Nov 21 15:35:56 CET 2007 - k...@suse.de + +- Version 2.0.18 (changes since .14 from NEWS): +* Add snippet support. Element set name zebra::snippet will make + Zebra return an XML record with snippets. +* Bug fixes: zebra.cfg with leading space are ignored; crash for some + searches with customized string.chr, etc. + +--- +Thu May 10 16:36:52 CEST 2007 - k...@suse.de + +- Version 2.0.14 (binary incompatible with version 1.x); major changes + since 2.0.0: + * 'isamb' is now the default ISAM system. + * Bug fixes and performance improvements. +- New -devel subpackage. + +--- +Thu May 3 18:48:45 CEST 2007 - prus...@suse.cz + +- changed expat to
