commit php5 for openSUSE:13.2:Update
Hello community, here is the log from the commit of package php5 for openSUSE:13.2:Update checked in at 2015-09-25 10:19:32 Comparing /work/SRC/openSUSE:13.2:Update/php5 (Old) and /work/SRC/openSUSE:13.2:Update/.php5.new (New) Package is "php5" Changes: New Changes file: NO CHANGES FILE!!! Other differences: -- ++ _link ++ --- /var/tmp/diff_new_pack.gdIH8n/_old 2015-09-25 10:19:19.0 +0200 +++ /var/tmp/diff_new_pack.gdIH8n/_new 2015-09-25 10:19:19.0 +0200 @@ -1 +1 @@ - +
commit mysql-community-server for openSUSE:13.1:Update
Hello community, here is the log from the commit of package mysql-community-server for openSUSE:13.1:Update checked in at 2015-09-25 10:19:06 Comparing /work/SRC/openSUSE:13.1:Update/mysql-community-server (Old) and /work/SRC/openSUSE:13.1:Update/.mysql-community-server.new (New) Package is "mysql-community-server" Changes: New Changes file: NO CHANGES FILE!!! Other differences: -- ++ _link ++ --- /var/tmp/diff_new_pack.ai4qoX/_old 2015-09-25 10:18:53.0 +0200 +++ /var/tmp/diff_new_pack.ai4qoX/_new 2015-09-25 10:18:53.0 +0200 @@ -1 +1 @@ - +
commit mysql-community-server for openSUSE:13.2:Update
Hello community, here is the log from the commit of package mysql-community-server for openSUSE:13.2:Update checked in at 2015-09-25 10:19:09 Comparing /work/SRC/openSUSE:13.2:Update/mysql-community-server (Old) and /work/SRC/openSUSE:13.2:Update/.mysql-community-server.new (New) Package is "mysql-community-server" Changes: New Changes file: NO CHANGES FILE!!! Other differences: -- ++ _link ++ --- /var/tmp/diff_new_pack.Q0osf7/_old 2015-09-25 10:18:56.0 +0200 +++ /var/tmp/diff_new_pack.Q0osf7/_new 2015-09-25 10:18:56.0 +0200 @@ -1 +1 @@ - +
commit php5 for openSUSE:13.1:Update
Hello community, here is the log from the commit of package php5 for openSUSE:13.1:Update checked in at 2015-09-25 10:19:26 Comparing /work/SRC/openSUSE:13.1:Update/php5 (Old) and /work/SRC/openSUSE:13.1:Update/.php5.new (New) Package is "php5" Changes: New Changes file: NO CHANGES FILE!!! Other differences: -- ++ _link ++ --- /var/tmp/diff_new_pack.w7j9B2/_old 2015-09-25 10:19:15.0 +0200 +++ /var/tmp/diff_new_pack.w7j9B2/_new 2015-09-25 10:19:15.0 +0200 @@ -1 +1 @@ - +
commit patchinfo.4029 for openSUSE:13.2:Update
Hello community, here is the log from the commit of package patchinfo.4029 for openSUSE:13.2:Update checked in at 2015-09-25 10:19:33 Comparing /work/SRC/openSUSE:13.2:Update/patchinfo.4029 (Old) and /work/SRC/openSUSE:13.2:Update/.patchinfo.4029.new (New) Package is "patchinfo.4029" Changes: New Changes file: NO CHANGES FILE!!! New: _patchinfo Other differences: -- ++ _patchinfo ++ VUL-0: CVE-2015-6836: php53, php5: SOAP serialize_function_call() type confusion / RCE VUL-0: CVE-2015-6835: php5 , php53: Use after free vulnerability in session deserializer VUL-0: CVE-2015-6834: php5, php53: Use After Free Vulnerability in unserialize() VUL-0: CVE-2015-6837 CVE-2015-6838: php5, php53: NULL pointer dereference in XSLTProcessor class VUL-0: php5,php53: Dangling pointer in the unserialization of ArrayObject items VUL-0: CVE-2015-6831: php5,php53: Use After Free Vulnerability in unserialize() with SPLArrayObject VUL-1: php5,php53: phar: Files extracted from archive may be placed outside of destination directory VUL-0: php5,php53: Use After Free Vulnerability in unserialize() with SplObjectStorage VUL-0: php5,php53: Use After Free Vulnerability in unserialize() with SplDoublyLinkedList security important pgajdos The PHP5 script interpreter was updated to fix various security issues: * CVE-2015-6831: A use after free vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#942291] [bnc#942294] [bnc#942295] * CVE-2015-6832: A dangling pointer in the unserialization of ArrayObject items could be used to crash php or potentially execute code. [bnc#942293] * CVE-2015-6833: A directory traversal when extracting ZIP files could be used to overwrite files outside of intended area. [bnc#942296] * CVE-2015-6834: A Use After Free Vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#945403] * CVE-2015-6835: A Use After Free Vulnerability in session unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#945402] * CVE-2015-6836: A SOAP serialize_function_call() type confusion leading to remote code execution problem was fixed. [bnc#945428] * CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the XSLTProcessor class were fixed. [bnc#945412] Security update for php5
commit mysql-community-server.4004 for openSUSE:13.1:Update
Hello community,
here is the log from the commit of package mysql-community-server.4004 for
openSUSE:13.1:Update checked in at 2015-09-25 10:19:03
Comparing /work/SRC/openSUSE:13.1:Update/mysql-community-server.4004 (Old)
and /work/SRC/openSUSE:13.1:Update/.mysql-community-server.4004.new (New)
Package is "mysql-community-server.4004"
Changes:
New Changes file:
--- /dev/null 2015-09-24 09:51:01.260026505 +0200
+++
/work/SRC/openSUSE:13.1:Update/.mysql-community-server.4004.new/mysql-community-server.changes
2015-09-25 10:18:51.0 +0200
@@ -0,0 +1,2044 @@
+---
+Mon Aug 31 13:07:13 UTC 2015 - kstreit...@suse.com
+
+- update to MySQL 5.6.26
+ * changes:
+* http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-26.html
+ * fixed CVEs:
+CVE-2015-2617, CVE-2015-2648, CVE-2015-2611, CVE-2015-2582
+CVE-2015-4752, CVE-2015-4756, CVE-2015-2643, CVE-2015-4772
+CVE-2015-4761, CVE-2015-4757, CVE-2015-4737, CVE-2015-4771
+CVE-2015-4769, CVE-2015-2639, CVE-2015-2620, CVE-2015-2641
+CVE-2015-2661, CVE-2015-4767
+ * fix [bnc#938412]
+ * remove the following patches (changes were merged upstream):
+* mysql-community-server-5.6.24-regex_heap_overflow.patch
+* mysql-5.6.25-logjam.patch
+- disable Performance Schema by default. Since MySQL 5.6.6 upstream
+ enabled Performance Schema by default which results in increased
+ memory usage. The added option disable Performance Schema again in
+ order to decrease MySQL memory usage [bnc#852477].
+- fix spurious macro expansion in comment in specfile
+- install INFO_BIN and INFO_SRC, noticed in MDEV-6912
+- use spec-cleaner
+- tweak some cmake switches to enable more things
+ * WITH_ASAN=ON adress sanitization
+WITH_LIBWRAP=ON tcp wrappers
+ENABLED_PROFILING=OFF profiling disable
+ENABLE_DEBUG_SYNC=OFF debug testing sync disable
+WITH_PIC=ON by default we want pic generated binaries
+- remove superfluous '--group' parameter from mysql-systemd-helper
+- make -devel package installable in the presence of LibreSSL
+- cleanup after the update-message if it was displayed
+- add 'exec' to mysql-systemd-helper to shutdown mysql/mariadb cleanly
+ [bnc#943096]
+- remove redundant entry from %{_tmpfilesdir}/mysql.conf. Using both
+ 'x' and 'X' options is redundant and causes a warning message.
+ Leaving only the 'x' line fixes this problem. [bnc#942908]
+- mariadb: replace readline-devel for readline5-devel (MDEV-6912)
+ [bnc#902396]
+- mariadb-101: set cmake options for MariaDB Galera Cluster
+
+---
+Mon Jul 13 13:30:19 UTC 2015 - mplus...@suse.com
+
+- Update syntax of systemd helper (boo#937767)
+- Create correct symlinks for libmysqlclient_r18 (boo#937754)
+
+---
+Tue Jun 30 11:34:34 UTC 2015 - tchva...@suse.com
+
+- Version bump to 5.6.25:
+ http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-25.html
+ * Fixes bnc#934789 VUL-0: mariadb/mysql: Logjam Attack: mysql uses 512 bit dh
+groups in SSL
+- Sync with git state of mysql-packaging
+
+---
+Tue Sep 17 14:13:15 UTC 2013 - sch...@suse.de
+
+- mysql-community-server-5.6.12-va_list.patch: Fix invalid use of va_list
+
+---
+Mon Sep 9 10:35:47 CEST 2013 - mhruse...@suse.cz
+
+- better version detection
+- drop /etc/mysql dir, use upstream /etc/my.cfn.d only
+
+---
+Fri Aug 30 11:22:24 CEST 2013 - mhruse...@suse.cz
+
+- include info file
+- better README
+- Build with -DOPENSSL_LOAD_CONF so mariadb respects
+ and load the system's openSSL configuration.
+
+---
+Thu Aug 15 15:55:26 CEST 2013 - mhruse...@suse.cz
+
+- fix build for Factory
+ * mysql-community-server-5.6.12-srv_buf_size.patch
+
+---
+Mon Aug 12 15:34:19 CEST 2013 - mhruse...@suse.cz
+
+- chown --no-dereference instead of chown to improve security
+ * similar issue as CVE-2013-1976
+- fix build for ppc64 using -mminimal-toc
+- merge latest packaging fixes
+ * more cautious upgrades
+
+---
+Wed Jul 31 15:31:40 CEST 2013 - mhruse...@suse.cz
+
+- get rid of info which is not info (bnc#747811)
+- minor polishing of spec/installation
+
+---
+Fri Jul 26 10:06:18 CEST 2013 - mhruse...@suse.cz
+
+- fix ownership of logdir (bnc#763150)
+
+---
+T
