commit php5 for openSUSE:13.2:Update
Hello community, here is the log from the commit of package php5 for openSUSE:13.2:Update checked in at 2015-09-25 10:19:32 Comparing /work/SRC/openSUSE:13.2:Update/php5 (Old) and /work/SRC/openSUSE:13.2:Update/.php5.new (New) Package is "php5" Changes: New Changes file: NO CHANGES FILE!!! Other differences: -- ++ _link ++ --- /var/tmp/diff_new_pack.gdIH8n/_old 2015-09-25 10:19:19.0 +0200 +++ /var/tmp/diff_new_pack.gdIH8n/_new 2015-09-25 10:19:19.0 +0200 @@ -1 +1 @@ - +
commit mysql-community-server for openSUSE:13.1:Update
Hello community, here is the log from the commit of package mysql-community-server for openSUSE:13.1:Update checked in at 2015-09-25 10:19:06 Comparing /work/SRC/openSUSE:13.1:Update/mysql-community-server (Old) and /work/SRC/openSUSE:13.1:Update/.mysql-community-server.new (New) Package is "mysql-community-server" Changes: New Changes file: NO CHANGES FILE!!! Other differences: -- ++ _link ++ --- /var/tmp/diff_new_pack.ai4qoX/_old 2015-09-25 10:18:53.0 +0200 +++ /var/tmp/diff_new_pack.ai4qoX/_new 2015-09-25 10:18:53.0 +0200 @@ -1 +1 @@ - +
commit mysql-community-server for openSUSE:13.2:Update
Hello community, here is the log from the commit of package mysql-community-server for openSUSE:13.2:Update checked in at 2015-09-25 10:19:09 Comparing /work/SRC/openSUSE:13.2:Update/mysql-community-server (Old) and /work/SRC/openSUSE:13.2:Update/.mysql-community-server.new (New) Package is "mysql-community-server" Changes: New Changes file: NO CHANGES FILE!!! Other differences: -- ++ _link ++ --- /var/tmp/diff_new_pack.Q0osf7/_old 2015-09-25 10:18:56.0 +0200 +++ /var/tmp/diff_new_pack.Q0osf7/_new 2015-09-25 10:18:56.0 +0200 @@ -1 +1 @@ - +
commit php5 for openSUSE:13.1:Update
Hello community, here is the log from the commit of package php5 for openSUSE:13.1:Update checked in at 2015-09-25 10:19:26 Comparing /work/SRC/openSUSE:13.1:Update/php5 (Old) and /work/SRC/openSUSE:13.1:Update/.php5.new (New) Package is "php5" Changes: New Changes file: NO CHANGES FILE!!! Other differences: -- ++ _link ++ --- /var/tmp/diff_new_pack.w7j9B2/_old 2015-09-25 10:19:15.0 +0200 +++ /var/tmp/diff_new_pack.w7j9B2/_new 2015-09-25 10:19:15.0 +0200 @@ -1 +1 @@ - +
commit patchinfo.4029 for openSUSE:13.2:Update
Hello community, here is the log from the commit of package patchinfo.4029 for openSUSE:13.2:Update checked in at 2015-09-25 10:19:33 Comparing /work/SRC/openSUSE:13.2:Update/patchinfo.4029 (Old) and /work/SRC/openSUSE:13.2:Update/.patchinfo.4029.new (New) Package is "patchinfo.4029" Changes: New Changes file: NO CHANGES FILE!!! New: _patchinfo Other differences: -- ++ _patchinfo ++ VUL-0: CVE-2015-6836: php53, php5: SOAP serialize_function_call() type confusion / RCE VUL-0: CVE-2015-6835: php5 , php53: Use after free vulnerability in session deserializer VUL-0: CVE-2015-6834: php5, php53: Use After Free Vulnerability in unserialize() VUL-0: CVE-2015-6837 CVE-2015-6838: php5, php53: NULL pointer dereference in XSLTProcessor class VUL-0: php5,php53: Dangling pointer in the unserialization of ArrayObject items VUL-0: CVE-2015-6831: php5,php53: Use After Free Vulnerability in unserialize() with SPLArrayObject VUL-1: php5,php53: phar: Files extracted from archive may be placed outside of destination directory VUL-0: php5,php53: Use After Free Vulnerability in unserialize() with SplObjectStorage VUL-0: php5,php53: Use After Free Vulnerability in unserialize() with SplDoublyLinkedList security important pgajdos The PHP5 script interpreter was updated to fix various security issues: * CVE-2015-6831: A use after free vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#942291] [bnc#942294] [bnc#942295] * CVE-2015-6832: A dangling pointer in the unserialization of ArrayObject items could be used to crash php or potentially execute code. [bnc#942293] * CVE-2015-6833: A directory traversal when extracting ZIP files could be used to overwrite files outside of intended area. [bnc#942296] * CVE-2015-6834: A Use After Free Vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#945403] * CVE-2015-6835: A Use After Free Vulnerability in session unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#945402] * CVE-2015-6836: A SOAP serialize_function_call() type confusion leading to remote code execution problem was fixed. [bnc#945428] * CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the XSLTProcessor class were fixed. [bnc#945412] Security update for php5
commit mysql-community-server.4004 for openSUSE:13.1:Update
Hello community, here is the log from the commit of package mysql-community-server.4004 for openSUSE:13.1:Update checked in at 2015-09-25 10:19:03 Comparing /work/SRC/openSUSE:13.1:Update/mysql-community-server.4004 (Old) and /work/SRC/openSUSE:13.1:Update/.mysql-community-server.4004.new (New) Package is "mysql-community-server.4004" Changes: New Changes file: --- /dev/null 2015-09-24 09:51:01.260026505 +0200 +++ /work/SRC/openSUSE:13.1:Update/.mysql-community-server.4004.new/mysql-community-server.changes 2015-09-25 10:18:51.0 +0200 @@ -0,0 +1,2044 @@ +--- +Mon Aug 31 13:07:13 UTC 2015 - kstreit...@suse.com + +- update to MySQL 5.6.26 + * changes: +* http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-26.html + * fixed CVEs: +CVE-2015-2617, CVE-2015-2648, CVE-2015-2611, CVE-2015-2582 +CVE-2015-4752, CVE-2015-4756, CVE-2015-2643, CVE-2015-4772 +CVE-2015-4761, CVE-2015-4757, CVE-2015-4737, CVE-2015-4771 +CVE-2015-4769, CVE-2015-2639, CVE-2015-2620, CVE-2015-2641 +CVE-2015-2661, CVE-2015-4767 + * fix [bnc#938412] + * remove the following patches (changes were merged upstream): +* mysql-community-server-5.6.24-regex_heap_overflow.patch +* mysql-5.6.25-logjam.patch +- disable Performance Schema by default. Since MySQL 5.6.6 upstream + enabled Performance Schema by default which results in increased + memory usage. The added option disable Performance Schema again in + order to decrease MySQL memory usage [bnc#852477]. +- fix spurious macro expansion in comment in specfile +- install INFO_BIN and INFO_SRC, noticed in MDEV-6912 +- use spec-cleaner +- tweak some cmake switches to enable more things + * WITH_ASAN=ON adress sanitization +WITH_LIBWRAP=ON tcp wrappers +ENABLED_PROFILING=OFF profiling disable +ENABLE_DEBUG_SYNC=OFF debug testing sync disable +WITH_PIC=ON by default we want pic generated binaries +- remove superfluous '--group' parameter from mysql-systemd-helper +- make -devel package installable in the presence of LibreSSL +- cleanup after the update-message if it was displayed +- add 'exec' to mysql-systemd-helper to shutdown mysql/mariadb cleanly + [bnc#943096] +- remove redundant entry from %{_tmpfilesdir}/mysql.conf. Using both + 'x' and 'X' options is redundant and causes a warning message. + Leaving only the 'x' line fixes this problem. [bnc#942908] +- mariadb: replace readline-devel for readline5-devel (MDEV-6912) + [bnc#902396] +- mariadb-101: set cmake options for MariaDB Galera Cluster + +--- +Mon Jul 13 13:30:19 UTC 2015 - mplus...@suse.com + +- Update syntax of systemd helper (boo#937767) +- Create correct symlinks for libmysqlclient_r18 (boo#937754) + +--- +Tue Jun 30 11:34:34 UTC 2015 - tchva...@suse.com + +- Version bump to 5.6.25: + http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-25.html + * Fixes bnc#934789 VUL-0: mariadb/mysql: Logjam Attack: mysql uses 512 bit dh +groups in SSL +- Sync with git state of mysql-packaging + +--- +Tue Sep 17 14:13:15 UTC 2013 - sch...@suse.de + +- mysql-community-server-5.6.12-va_list.patch: Fix invalid use of va_list + +--- +Mon Sep 9 10:35:47 CEST 2013 - mhruse...@suse.cz + +- better version detection +- drop /etc/mysql dir, use upstream /etc/my.cfn.d only + +--- +Fri Aug 30 11:22:24 CEST 2013 - mhruse...@suse.cz + +- include info file +- better README +- Build with -DOPENSSL_LOAD_CONF so mariadb respects + and load the system's openSSL configuration. + +--- +Thu Aug 15 15:55:26 CEST 2013 - mhruse...@suse.cz + +- fix build for Factory + * mysql-community-server-5.6.12-srv_buf_size.patch + +--- +Mon Aug 12 15:34:19 CEST 2013 - mhruse...@suse.cz + +- chown --no-dereference instead of chown to improve security + * similar issue as CVE-2013-1976 +- fix build for ppc64 using -mminimal-toc +- merge latest packaging fixes + * more cautious upgrades + +--- +Wed Jul 31 15:31:40 CEST 2013 - mhruse...@suse.cz + +- get rid of info which is not info (bnc#747811) +- minor polishing of spec/installation + +--- +Fri Jul 26 10:06:18 CEST 2013 - mhruse...@suse.cz + +- fix ownership of logdir (bnc#763150) + +--- +T