Package Release Info

php7-embed-7.4.33-150400.4.28.1

Update Info: SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3541
Available in Package Hub : 15 SP5 Subpackages Updates

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

php7-embed

Change Logs

* Wed Aug 23 2023 pgajdos@suse.com
- security update
- added patches
  fix CVE-2023-3823 [bsc#1214106], XML loading external entity without being enabled
  + php7-CVE-2023-3823.patch
  fix CVE-2023-3824 [bsc#1214103], buffer overflows in phar_dir_read()
  + php7-CVE-2023-3824.patch
Version: 7.4.33-150400.4.25.1
* Thu Jun 15 2023 pgajdos@suse.com
- security update
- added patches
  fix CVE-2023-3247 [bsc#1212349], Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP
  + php7-CVE-2023-3247.patch
Version: 7.4.33-150400.4.22.1
* Tue Mar 21 2023 pgajdos@suse.com
- security update
- added patches
  fix CVE-2022-4900 [bsc#1209537], potential buffer overflow via PHP_CLI_SERVER_WORKERS environment variable
  + php7-CVE-2022-4900.patch
* Tue Mar 14 2023 pgajdos@suse.com
- fix potential buffer overflow [bsc#1208199]
- modified patches
  % php-systzdata-v19.patch (refreshed)
* Mon Mar 06 2023 pgajdos@suse.com
- ensure extension=mysqlnd will be called before extension=mysqli
  [bsc#1205162]
Version: 7.4.33-150400.4.19.1
* Fri Feb 17 2023 pgajdos@suse.com
- security update
- added patches
  fix CVE-2023-0568 [bsc#1208366], NULL byte off-by-one in php_check_specific_open_basedir
  + php7-CVE-2023-0568.patch
  fix CVE-2023-0662 [bsc#1208367], DoS vulnerability when parsing multipart request body
  + php7-CVE-2023-0662.patch
  https://github.com/php/php-src/commit/a92acbad873a05470af1a47cb785a18eadd827b5, relates to CVE-2023-0567 [bsc#1208388]
  + php7-crypt-possible-buffer-overread.patch
Version: 7.4.33-150400.4.16.1
* Mon Jan 09 2023 pgajdos@suse.com
- security update
- added patches
  fix CVE-2022-31631 [bsc#1206958], Due to an integer overflow PDO:quote() may return unquoted string
  + php7-CVE-2022-31631.patch
Version: 7.4.33-150400.4.13.1
* Thu Nov 03 2022 pgajdos@suse.com
- version update to 7.4.33 [bsc#1204577][bsc#1204979]
    03 Nov 2022
    GD:
    Fixed bug #81739: OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630)
    Hash:
    Fixed bug #81738: buffer overflow in hash_update() on long parameter. (CVE-2022-37454)
* Mon Oct 03 2022 pgajdos@suse.com
- version update to 7.4.32 [jsc#SLE-23639]
  Version 7.4.32
  29 Sep 2022
    Core:
    Fixed bug #81726: phar wrapper: DOS when using quine gzip file. (CVE-2022-31628)
    Fixed bug #81727: Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. (CVE-2022-31629)
  Version 7.4.30
  09 Jun 2022
    mysqlnd:
    Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626)
    pgsql:
    Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625)
  Version 7.4.29
  14 Apr 2022
    Core:
    No source changes to this release. This update allows for re-building the Windows binaries against upgraded dependencies which have received security updates.
    Date:
    Updated to latest IANA timezone database (2022a).
  Version 7.4.28
  17 Feb 2022
    Filter:
    Fix #81708: UAF due to php_filter_float() failing for ints (CVE-2021-21708)
  Version 7.4.27
  16 Dec 2021
    Core:
    Fixed bug #81626 (Error on use static:: in __сallStatic() wrapped to Closure::fromCallable()).
    FPM:
    Fixed bug #81513 (Future possibility for heap overflow in FPM zlog).
    GD:
    Fixed bug #71316 (libpng warning from imagecreatefromstring).
    OpenSSL:
    Fixed bug #75725 (./configure: detecting RAND_egd).
    PCRE:
    Fixed bug #74604 (Out of bounds in php_pcre_replace_impl).
    Standard:
    Fixed bug #81618 (dns_get_record fails on FreeBSD for missing type).
    Fixed bug #81659 (stream_get_contents() may unnecessarily overallocate).
  Version 7.4.26
  18 Nov 2021
    Core:
    Fixed bug #81518 (Header injection via default_mimetype / default_charset).
    Date:
    Fixed bug #81500 (Interval serialization regression since 7.3.14 / 7.4.2).
    MBString:
    Fixed bug #76167 (mbstring may use pointer from some previous request).
    MySQLi:
    Fixed bug #81494 (Stopped unbuffered query does not throw error).
    PCRE:
    Fixed bug #81424 (PCRE2 10.35 JIT performance regression).
    Streams:
    Fixed bug #54340 (Memory corruption with user_filter).
    XML:
    Fixed bug #79971 (special character is breaking the path in xml function). (CVE-2021-21707)
- fixes [bsc#1203867] and [bsc#1203870]
- deleted patches
  - php7-CVE-2021-21707.patch (upstreamed)
  - php7-CVE-2021-21708.patch (upstreamed)
  - php7-CVE-2022-31625.patch (upstreamed)
  - php7-CVE-2022-31626.patch (upstreamed)
Version: 7.4.25-150400.4.8.1
* Mon Jun 20 2022 pgajdos@suse.com
- security update
- added patches
  fix CVE-2022-31625 [bsc#1200645], uninitialized pointers free in Postgres extension
  + php7-CVE-2022-31625.patch
* Fri Jun 17 2022 pgajdos@suse.com
- security update
- added patches
  fix CVE-2022-31626 [bsc#1200628], buffer overflow via user-supplied password when using pdo_mysql extension with mysqlnd driver
  + php7-CVE-2022-31626.patch
* Fri Jun 10 2022 pgajdos@suse.com
- security update
- added patches
  fix CVE-2021-21707 [bsc#1193041], special character breaks path in xml parsing
  + php7-CVE-2021-21707.patch
Version: 7.4.25-150400.4.3.1
* Fri May 06 2022 pgajdos@suse.com
- security update [bsc#1197644]
- added patches
  fix https://github.com/php/php-src/commit/771dbdb319fa7f90584f6b2cc2c54ccff570492d
  + php7-signedness-php_filter_validate_domain.patch
* Tue Feb 22 2022 pgajdos@suse.com
- security update
- added patches
  fix CVE-2021-21708 [bsc#1196252], Use after free due to php_filter_float() failing for ints
  + php7-CVE-2021-21708.patch
* Fri Oct 22 2021 suse+build@de-korte.org
- updated to 7.4.25: This is a security release (CVE-2021-21703)
  which also contains several bug fixes.
  See https://www.php.net/ChangeLog-7.php#7.4.25
* Mon Sep 27 2021 pgajdos@suse.com
- previous version updates fixes also:
  CVE-2020-7068,CVE-2020-7069,CVE-2020-7070,CVE-2020-7071,
  CVE-2021-21702,CVE-2021-21704,CVE-2021-21705
  bsc#1175223,bsc#1177351,bsc#1177352,bsc#1180706,
  bsc#1182049,bsc#1188035,bsc#1188037
* Thu Sep 23 2021 suse+build@de-korte.org
- updated to 7.4.24: This is a security release (CVE-2021-21706)
  which also contains several bug fixes.
  See https://www.php.net/ChangeLog-7.php#7.4.24
* Wed Sep 15 2021 pgajdos@suse.com
- added patches
  https://github.com/php/php-src/commit/b3646440b1808abf0874b6f89027ce53ec5da03f
  + php7-gd-removed-unused-constants.patch
* Thu Aug 26 2021 suse+build@de-korte.org
- updated to 7.4.23: This is a security release which also contains
  several bug fixes. See https://www.php.net/ChangeLog-7.php#7.4.23
* Thu Jul 29 2021 suse+build@de-korte.org
- updated to 7.4.22: This is a security and bug fix release. See
  https://www.php.net/ChangeLog-7.php#7.4.22
* Thu Jul 01 2021 suse+build@de-korte.org
- updated to 7.4.21: This is a security release which also contains
  several bug fixes. See https://www.php.net/ChangeLog-7.php#7.4.21
* Thu Jun 03 2021 suse+build@de-korte.org
- updated to 7.4.20: This is a bug fix release. See
  https://www.php.net/ChangeLog-7.php#7.4.20
* Thu May 06 2021 suse+build@de-korte.org
- updated to 7.4.19: This release reverts a bug related to PDO_pgsql
  that was introduced in PHP 7.4.18.
* Fri Apr 30 2021 suse+build@de-korte.org
- updated to 7.4.18: This is a security bug fix release. See
  https://www.php.net/ChangeLog-7.php#7.4.18
* Tue Apr 13 2021 suse+build@de-korte.org
- Do not hard-depend on systemd: use systemd_ordering instead of
  systemd_requires.
* Thu Mar 04 2021 suse+build@de-korte.org
- updated to 7.4.16: This is a bug fix release. See
  https://www.php.net/ChangeLog-7.php#7.4.16
* Mon Feb 01 2021 suse+build@de-korte.org
- updated to 7.4.15: This is a security release which also contains
  several bug fixes. See https://www.php.net/ChangeLog-7.php#7.4.15
- suppress warning for all flavors not equal to "" in multibuild
  % php7.rpmlintrc
* Fri Jan 29 2021 suse+build@de-korte.org
- add versioning to php-sapi as well
* Sat Jan 23 2021 suse+build@de-korte.org
- require this PHP version of subpackages in Recommends/Suggests
- run apache-rex tests in php7:test as packages need to be build
  first (otherwise tests run with previous version)
* Sun Jan 17 2021 suse+build@de-korte.org
- add php_cfgdir and php_extdir macros
* Fri Jan 15 2021 suse+build@de-korte.org
- deleted patch (redundant cast, both sides are already signed int)
  - php-odbc-cmp-int-cast.patch
* Wed Jan 13 2021 suse+build@de-korte.org
- install php7-cli if no sapi is selected upon php7 installation
- add conflicts with earlier version of php-cli, php-fastcgi and
  php-fpm