* Mon Oct 12 2020 pgajdos@suse.com
- fix ghost name for /run/php-fpm [bsc#1173786]
* Fri Oct 09 2020 pgajdos@suse.com
- security update
- added patches
fix CVE-2020-7069 [bsc#1177351], when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is used
+ php7-CVE-2020-7069.patch
fix CVE-2020-7070 [bsc#1177352], Percent-encoded cookies can be used to overwrite existing prefixed cookie names
+ php7-CVE-2020-7070.patch
Version: 7.2.5-4.61.1
* Thu Aug 13 2020 pgajdos@suse.com
- security update
- added patches
fix CVE-2020-7068 [bsc#1175223], Use of freed hash key in the phar_parse_zipfile function
+ php7-CVE-2020-7068.patch
* Tue Aug 04 2020 pgajdos@suse.com
- do not install outdated README.SUSE [bsc#1174010]
* Thu Jul 09 2020 pgajdos@suse.com
- do not install %{_tmpfilesdir}, %{_tmpfilesdir}/php-fpm.conf in
test favour
* Mon Jul 06 2020 daniel.molkentin@suse.com
- added tmpfiles.d for php-fpm to provide a base base for a socket
(boo#1173786)
Version: 7.2.5-4.58.2
* Mon May 25 2020 pgajdos@suse.com
- security update
- added patches
fix CVE-2019-11048 [bsc#1171999], supplying overly long filenames or field names if HTTP file uploads are allowed could lead to exhausting disk space on the server
+ php7-CVE-2019-11048.patch
* Tue Apr 07 2020 pgajdos@suse.com
- security update
- added patches
fix CVE-2020-7064 [bsc#1168326], read one byte of uninitialized memory via malicious data
+ php7-CVE-2020-7064.patch
fix CVE-2020-7066 [bsc#1168352], URL truncation if the URL contains zero (\0) character
+ php7-CVE-2020-7066.patch
* Mon Mar 02 2020 pgajdos@suse.com
- security update
- added patches
fix CVE-2020-7062 [bsc#1165280], null pointer dereference when using file upload functionality under specific circumstances
+ php7-CVE-2020-7062.patch
fix CVE-2020-7063 [bsc#1165289], creating PHAR archive using PharData:buildFromIterator() function will add files with default permissions
+ php7-CVE-2020-7063.patch
* Wed Feb 05 2020 pgajdos@suse.com
- security update
- added patches
CVE-2020-7059 [bsc#1162629]
+ php7-CVE-2020-7059.patch
CVE-2020-7060 [bsc#1162632]
+ php7-CVE-2020-7060.patch
Version: 7.2.5-4.40.1
* Thu Sep 26 2019 pgajdos@suse.com
- drop -n from php invocation from pecl [bsc#1151793]
https://github.com/pear/pear-core/commit/f94454a74785865cec50bf9d64c410efc29b587a
* Thu Sep 26 2019 pgajdos@suse.com
- turn off run of testsuite as we get Kernel panic on s390x
* Thu Aug 22 2019 pgajdos@suse.com
- security update
- added patches
CVE-2019-11041 [bsc#1146360]
+ php7-CVE-2019-11041.patch
CVE-2019-11042 [bsc#1145095]
+ php7-CVE-2019-11042.patch
Version: 7.2.5-4.32.1
* Mon May 13 2019 pgajdos@suse.com
- security update
- added patches
CVE-2019-11036 [bsc#1134322]
+ php-CVE-2019-11036.patch
* Mon Apr 29 2019 pgajdos@suse.com
- security update
- added patches
CVE-2019-11034 [bsc#1132838]
+ php-CVE-2019-11034.patch
CVE-2019-11035 [bsc#1132837]
+ php-CVE-2019-11035.patch
* Wed Mar 20 2019 pgajdos@suse.com
- security update
- added patches
CVE-2019-9637 [bsc#1128892]
+ php-CVE-2019-9637.patch
CVE-2019-9675 [bsc#1128886]
+ php-CVE-2019-9675.patch
CVE-2019-9638 [bsc#1128889], CVE-2019-9639 [bsc#1128887]
+ php-CVE-2019-9638,9639.patch
CVE-2019-9640 [bsc#1128883]
+ php-CVE-2019-9640.patch
* Fri Mar 15 2019 pgajdos@suse.com
- upstream bug #41631 is already fixed [bsc#1129032]
- deleted sources
- README.default_socket_timeout (not needed)
* Mon Mar 11 2019 pgajdos@suse.com
- security update
* CVE-2019-9024 [bsc#1126821]
+ php-CVE-2019-9024.patch
* CVE-2019-9020 [bsc#1126711]
+ php-CVE-2019-9020.patch
* CVE-2018-20783 [bsc#1127122]
+ php-CVE-2018-20783.patch
* CVE-2019-9021 [bsc#1126713]
+ php-CVE-2019-9021.patch
* CVE-2019-9022 [bsc#1126827]
+ php-CVE-2019-9022.patch
* CVE-2019-9023 [bsc#1126823]
+ php-CVE-2019-9023.patch
* CVE-2019-9641 [bsc#1128722]
+ php-CVE-2019-9641.patch
* Tue Mar 05 2019 pgajdos@suse.com
- asan_build: build ASAN included
- debug_build: build more suitable for debugging
* Wed Dec 19 2018 mpluskal@suse.com
- Enable testsuite during build time and save log to subpackage
testresults (boo#1119396)
* Mon Dec 10 2018 pgajdos@suse.com
- add security patch of imap extension, which is currently disabled
* CVE-2018-19935 [bsc#1118832]
+ php-CVE-2018-19935.patch
* Wed Sep 19 2018 pgajdos@suse.com
- security update
* CVE-2018-17082 [bsc#1108753]
+ php-CVE-2018-17082.patch
* Mon Sep 17 2018 pgajdos@suse.com
- reenable php7-dba support of Berkeley DB [bsc#1108554]
* Tue Aug 28 2018 pgajdos@suse.com
- align patch names:
php7-CVE-2018-14851.patch -> php-CVE-2018-14851.patch
php7-CVE-2017-9120.patch -> php-CVE-2017-9120.patch
php7-CVE-2018-1000222.patch -> php-CVE-2018-1000222.patch
* Mon Aug 27 2018 pgajdos@suse.com
- security update:
* CVE-2018-1000222 [bsc#1105434]
+ php-CVE-2018-1000222.patch
* Sat Aug 04 2018 pgajdos@suse.com
- security update
* CVE-2018-14851 [bsc#1103659]
+ php-CVE-2018-14851.patch
* CVE-2017-9120 [bsc#1103661]
+ php-CVE-2017-9120.patch
* Tue Jun 26 2018 pgajdos@suse.com
- security update
* CVE-2018-12882 [bsc#1099098]
+ php-CVE-2018-12882.patch
* Tue May 15 2018 pgajdos@suse.com
- main package requires wwwrun:www user [bsc#1093025]
* Thu May 10 2018 pgajdos@suse.com
- better workaround for [bsc#1089487]: build mod_phpN.so
instead of libphpN.so
* Wed May 09 2018 pgajdos@suse.com
- rename freetype-pkgconfig.patch to php7-freetype-pkgconfig.patch
to align with the rest of patch names
* Mon May 07 2018 idonmez@suse.com
- Add freetype-pkgconfig.patch to fix build with new Freetype:
use pkg-config to find Freetype libraries
* Mon Apr 30 2018 pgajdos@suse.com
- updated to 7.2.5: This is a security release which also contains
several minor bug fixes.
http://php.net/ChangeLog-7.php#7.2.5
* Thu Apr 19 2018 pgajdos@suse.com
- build-test.sh: generic spec file name