mod_php4-servlet-4.3.4-43.82 >
, 0 @ A ab60b7a2ef2c414caafd337c01a8daacfa933bba ^[}1~^/V8? FN蜀
u? |
"瑊?3PU4- LpVj[zqg > 8 Z ? Y d @ ( , A c ( ,
0 8 Z
\ d n x = ( [ 8 d 9 : > X F X G X H X I X X Y Y Y \ Y ] Y ^ Y5 b Yx c Y d Y e Y f Y k Y l Y z Y C mod_php4-servlet 4.3.4 43.82 Metapackage for old PHP4 layout. This package is provided for backward compatiobility only, so that
people having mod_php4-servlet installed get all PHP4 extensions
preserved during the update. It will not be supported in the future
releases F knorr.suse.de SuSE SLES-9 (x86-64) SuSE Linux AG, Nuernberg, Germany Other uncritical OpenSource License http://www.suse.de/feedback Productivity/Networking/Web/Servers http://www.php.net linux x86_64 cat /usr/share/doc/packages/mod_php4-servlet/README.SuSE P A큤 FF 54305ff5b56f9c21847e4873a2b2cf83 root root root root php4-4.3.4-43.82.src.rpm mod_php4-servlet @ J J Jphp4-servlet mod_php4-core /bin/sh rpmlib(PayloadFilesHavePrefix) rpmlib(CompressedFileNames) rpmlib(PayloadIsBzip2) 4.3.4 4.0-1 3.0.4-1 3.0.5-1 4.1.1 F@F FFFm9@Fg@FT,F9F8}@E@E@ES@EK/@E*9E@D Dq@D@DD@DDr@D>=@DS@DC:@C+C@CCx|@CC
Cx@B@B$B_BU B @AAxAs@AR@ @@A@@@@j@^@@V@@Hk@3S@0@(@&$@@@@@?}?@??n@?f@?S4?D@?@? &@>\>@>pr>d@>T@>L@>K>J7@>H>%M@>>d@==T=H@=j=t@=f#=b/@=X=Q=Nh=C=B@=A9==E@=%@:%::@:
:R::::::P:P::e@:d7:^:^:?M:?M:$:"L:z:
:@:@999l@9e@9SQ@9N@9)!@9@88A8@8z@8b8=$- mmarek@suse.cz - anosek@suse.cz - anosek@suse.cz - anosek@suse.cz - mmarek@suse.cz - anosek@suse.cz - anosek@suse.cz - mmarek@suse.cz - anosek@suse.cz - anosek@suse.cz - anosek@suse.cz - anosek@suse.cz - mmarek@suse.cz - postadal@suse.cz - postadal@suse.cz - postadal@suse.cz - mmarek@suse.cz - postadal@suse.cz - postadal@suse.cz - postadal@suse.cz - postadal@suse.cz - postadal@suse.cz - postadal@suse.cz - postadal@suse.cz - postadal@suse.cz - postadal@suse.cz - postadal@suse.cz - postadal@suse.cz - postadal@suse.cz - mmarek@suse.cz - postadal@suse.cz - postadal@suse.cz - postadal@suse.cz - meissner@suse.de - meissner@suse.de - mcihar@suse.cz - mcihar@suse.cz - mcihar@suse.cz - mcihar@suse.cz - tcrhak@suse.cz - tcrhak@suse.cz - tcrhak@suse.cz - lnussel@suse.de - meissner@suse.de - tcrhak@suse.cz - tcrhak@suse.cz - tcrhak@suse.cz - ro@suse.de - tcrhak@suse.cz - tcrhak@suse.cz - ro@suse.de - ro@suse.de - poeml@suse.de - schwab@suse.de - ro@suse.de - kukuk@suse.de - ro@suse.de - ro@suse.de - tcrhak@suse.cz - tcrhak@suse.cz - mls@suse.de - tcrhak@suse.cz - tcrhak@suse.cz - tcrhak@suse.cz - poeml@suse.de - ro@suse.de - tcrhak@suse.cz - tcrhak@suse.cz - tcrhak@suse.cz - poeml@suse.de - tcrhak@suse.cz - tcrhak@suse.cz - ro@suse.de - poeml@suse.de - poeml@suse.de - ro@suse.de - poeml@suse.de - poeml@suse.de - ro@suse.de - tcrhak@suse.cz - tcrhak@suse.cz - ro@suse.de - tcrhak@suse.cz - tcrhak@suse.cz - tcrhak@suse.cz - kukuk@suse.de - uli@suse.de - ro@suse.de - kukuk@suse.de - adrian@suse.de - kukuk@suse.de - tcrhak@suse.cz - kukuk@suse.de - ro@suse.de - ro@suse.de - bk@suse.de - ro@suse.de - tcrhak@suse.cz - okir@suse.de - tcrhak@suse.cz - ro@suse.de - ro@suse.de - ro@suse.de - ro@suse.de - ro@suse.de - tcrhak@suse.cz - tcrhak@suse.cz - tcrhak@suse.cz - tcrhak@suse.cz - ro@suse.de - ro@suse.de - rolf@suse.de - ro@suse.de - rolf@suse.de - ro@suse.de - ro@suse.de - ro@suse.de - ro@suse.de - ro@suse.de - ro@suse.de - kukuk@suse.de - kukuk@suse.de - rolf@suse.de - rolf@suse.de - rolf@suse.de - rolf@suse.de - schwab@suse.de - mfabian@suse.de - kukuk@suse.de - ro@suse.de - poeml@suse.de - rolf@suse.de - ro@suse.de - ro@suse.de - ro@suse.de - ro@suse.de - ro@suse.de - ro@suse.de - rolf@suse.de - rolf@suse.de - rolf@suse.de - rolf@suse.de - cihlar@suse.cz - rolf@suse.de - rolf@suse.de - ro@suse.de - rolf@suse.de - ro@suse.de - ro@suse.de - ro@suse.de - ro@suse.de - bk@suse.de - rolf@suse.de - fober@suse.de - kukuk@suse.de - rolf@suse.de - ro@suse.de - rolf@suse.de - rolf@suse.de - ro@suse.de - rolf@suse.de - rolf@suse.de - rolf@suse.de - rolf@suse.de - rolf@suse.de - fixed MOPB-46-2007.patch - fixed L3: php function preg_match_all misreads arguments on 64-bit machines
[#291873] (preg_match_all.patch) - fixed VUL-0: gd: more problems in XBM and GIF [#290001]
CVE-2007-3472.patch
CVE-2007-3473.patch
CVE-2007-3475.patch
CVE-2007-3476.patch
CVE-2007-3477.patch - fixed security issues:
PMOPB-46-2007: PHP ext/session Session Cookie Parameter Injection Vulnerability
[#285519] (MOPB-46-2007.patch)
VUL-0: php: bad IV for mcryt
[#285893] (CVE-2007-2727.patch) - limit nesting level of input variables with
max_input_nesting_level (fixes MOPB-03-2007)
[#250231] (CVE-2007-1285.patch)
- fixed open_basedir/safe_mode bypass inside realpath()
[#282730] (CVE-2007-3007.patch) - fixed these security issues:
VUL-0: libgd: denial-of-service (CPU) while processing images
[#276525] (CVE-2007-2756.patch)
VUL-0: PHP chunk_split() integer overflow
[#280899] (CVE-2007-2872.patch) - fixed these security issues:
VUL-0: php: possible super-global overwrite inside import_request_variables()
[#271249] (CVE-2007-1396.patch)
VUL-0: php: remotely trigger-able buffer overflow inside bundled libxmlrpc
[#271294] (CVE-2007-1864.patch)
VUL-0: php: CRLF injection inside ftp_putcmd()
[#271296] (CVE-2007-2509.patch) - improve CVE-2007-0906-session.patch [#251185] - fixed these security issues:
VUL-0: php: MOPB-05-2007:PHP unserialize() 64 bit Array Creation Denial of Service Vulnerability
[#251724] (CVE-2007-0988.patch)
VUL-0: php-gd integer integer overflow with invalid wbmp images
[#258295] (CVE-2007-1001.patch)
VUL-0: MOPB-14-2007:PHP substr_compare() Information Leak
[#252145] (CVE-2007-1375.patch)
VUL-0: php5: MOPB-15-2007: shmop problem
[#255026] (CVE-2007-1376.patch)
VUL-0: php5: MOPB-21-2007: bzip2:// basedir/safemode evasion
[#256327] (CVE-2007-1461.patch)
VUL-0: php: MOPB-24-2007:PHP array_user_key_compare() Double DTOR Vulnerability
[#256330] (CVE-2007-1484.patch)
VUL-0: php: MOPB-22-2007: session_regenerate_id() Double Free Vulnerability
[#254867] (CVE-2007-1521.patch)
VUL-0: php5: MOPB-26-2007: mb_parse_str() register_globals Activation Vulnerability
[#255741] (CVE-2007-1583.patch)
VUL-0: php: MOPB-34-2007:PHP mail() Header Injection Through Subject and To Parameters
[#257824] (CVE-2007-1718.patch)
VUL-0: php4: MOPB-01-2007: reference counter problem
[#250125] (zval-refcount-overflow.patch)
VUL-0: php: MOPB-30-2007:PHP _SESSION unset() Vulnerability
[#257401] (CVE-2007-1700.patch)
VUL-0: php: MOPB-33-2007:PHP mail() Message ASCIIZ Byte Truncation
[#257823] (MOPB-33-2007.patch) - fixed VUL-0: php5: official release 5.2.1 fixes a lot of security
vulnerabilities [#244034]
Patches:
CVE-2007-0906-session.patch
CVE-2007-0906-imap.patch
CVE-2007-0906-str_replace.patch
CVE-2007-0907.patch
CVE-2007-0908.patch
CVE-2007-0909-print.patch
CVE-2007-0909-odbc.patch
CVE-2007-0910.patch
emalloc-overflows.patch - fixed VUL-0: php session.save_path open_basedir bypass
[#227569] (save_path-secfix.patch) - fixed security issue:
PHP mixes up open_basedir settings [#136651]
(open_basedir-secfix.patch) - fixed a buffer overflow in php_escape_html_entities()
[#217301] (CVE-2006-5465.patch) - fixed following security bugs [#210503]
* missing open_basedir check inside chdir() function (chdir.patch)
* tempnam() openbasedir bypass (tempnam.patch)
* first check stream for NULL, then dereference (network.patch) - fix ini_restore() security bypass [#204803] (ini_restore-secfix.patch) - fixed corrupted gif segfaults [#200181, php#38112] (phpbug-38112.patch)
- fixed memory corruption error with an invalid foreach() [#200181]
(foreach-fix.patch) - fixed open_basedir and safemode bypass in the imap extension
[#154317] (CVE-2006-1017-real-fix.patch) - security fixes [#191265] (security-fix-3.patch)
- added control character checks for cURL extension's
open_basedir/safe_mode checks [php#36223] (CVE-2006-2563)
- fixed for crashbugs in http_fopen_wrapper
- fixed an integer overflow in str_repeat()
- fixed bufferoverflow and high character in ext/wddx
- fixed a variable initialisation in stream factory code
- added check for detecting Integer overflow in memory_limit
- fixed vulnerability in sscanf() [#197223, php#38322] - fixed security bug in tempnam() [#184787] (CVE-2006-2660.patch)
- fixed session_destroy() call [#186180, php#36872] (CVE-2006-3018.patch) - fixed fix for zend_hash_del() [#185516] (zend_hash_del-fix.patch) - added a check for special characters in the session name [#181140]
(session3.patch) - fixed memory leak in imagecreatefromgif()
[#173451] (phpbug-37346.patch)
- fixed possibility of a wrong element being deleted by zend_hash_del()
[#175976] (zend_hash_del.patch)
- fixed integer overflow in the wordwrap()
[#169038] (CVE-2006-1990, string.patch)
- fixed _emalloc() on 64bit archs [#169038] (emalloc.patch) - fixed security problem in copy() and tempname()
[#164845] (CVE-2006-1494-1608.patch)
- fixed phpinfo() XSS [#164804] (CVE-2006-0996.patch)
- fixed memory leak in html_entity_decode [#161718] (CVE-2006-1490.patch) - added safe_mode num of parameter check for mb_send_mail [#154315]
(mbstring-secfix.patch)
- fixed a possible null injection in mbstring (mbstring-null_injection.patch) - fixed PreReq for mod_php4-core [#151024] - fixed XSS [#143696] (CVE-2006-0208.patch)
- fixed crash in Apache 2 SAPI when more then one php script is loaded
via SSI include [#136651, php#35571] (phpbug-35571.patch)
- fixed [php#33987] bug (php script as ErrorDocument causes crash
in Apache 2)
- added php4-snmp to php4-unixODBC Requires [#142224] - fixed unexpected header can be injected to mb_send_mail()
[#135673] (mbstring.patch)
- added safe_mode checks for image* functions and cURL
[#135673] (CVE-2005-3391.patch)
- fixed possible INI setting leak via virtual() in Apache 2 sapi
[#135673] (CVE-2005-3392.patch) - fixed CVE-2005-3388.patch [#131578] - fixed segfaulting with mod_rewrite [#135480] (mod_rewrite-fix.patch)
- fixed recode extension [#120087] (recode-fix.patch)
- added tcpd-devel to neededforbuild (it needs the new net-snmp) - fixed infinite recursion in exif code
[#132684] (CVE-2005-3353.patch)
- fixed XSS in phpinfo()
[#131578] (CVE-2005-3388.patch)
- fixed register_globals actvation in parse_str()
[#131579] (CVE-2005-3389.patch)
- fixed possible $GLOBALS overwrite
[#131580] (CVE-2005-3390.patch)
- fixed handling basedirs that end with a /
[#118976] (basedir-fix.patch)
- fixed segfaulting when save_path is set and safe_mode is On
[#130227] (save_path-segfault.patch) - added security patch pcre-overflow-bug-106209.patch for internal
libpcre and statically linked against it [#114157] - linked with system pcre libs [#112645]
- fixed MD5SUMS of XML RPC sources (RPC.php, Server.php) [#104403] - fixed XML RPC command injection (#104403, CAN-2005-2498) - Adjusted checksum in XML_RPC tarball to match new RPC.php,
so it gets installed. - fixed XML RPC command injection, #94579, CAN-2005-1921 - fix buffer overflow in exif_process_IFD_TAG (bug #78094, CAN-2005-1042, CAN-2005-1043) - fix DoS in image functions (bug #75704, CAN-2005-0524, CAN-2005-0525)
- fix regression in unserializez after last security update (bug #72441) - fix crash while passing large data blobs (bug #50565) - fix vulnerabilities in unserializer and safe_mode (bug #48635)
- fix broken int unserializing on 64-bit (bug #49617) - fixed several vulnerabilities (bug #48635, patch secfix1)
- fixed php.ini settings "leak" from vhosts/.htaccess files
(bug #48431, patch secfix2)
- added PreReq tag to the php modules (bug #46664) - fix for module recode:
- conflicts with php4-mysql, php4-imap and apache2-mod_auth_mysql removed
- recode will be commented out in php.ini during %post
- installing php4-recode does not register recode in php.ini,
a warning is issued
- added note to README.SuSE concerning module recode - security fix for array parsing (bug #45710, patch array)
- reverted dlopen flag back to RTLD_GLOBAL (bugs #39197 and #41866),
php4-recode now conflicts with php4-imap, php4-mysql and apache2-mod_auth_mysql,
mod_php4-core does not require php4-recode any more - fix memory limit problem, a problem with strip_tags and several stability
issues (#42949) - build servlet for ppc again (we have a working JVM). [bug #41673/LTC#9138] - link unixODBC.so with libodbc.so [bug #41185]
- build servlet for s390 and s390x [bug #40742] - added postfix to neededforbuild, so that mail() is defined (bug #39153)
- dlopen php modules with RTLD_LOCAL (fixes bug #39197) - added php module recode (bug #36573)
- fixed requires of mod_php4-apache2 (bug #37041) - build-fix for jakarta-tomcat from skh
- removed apache-contrib from neededforbuild (dropped) - removed --enable-versioning (fixes bug #35716)
- do not build servlet for ia64, ppc and ppc64 - modularized
- updated to version 4.3.4
- added fastcgi
- added PHP4 module sockets
- added PHP4 module mime_magic (bug #34134)
- php binary is now CLI, not CGI (bug #34152) - use jakarta-tomcat4 - use unixODBC instead of iodbc - fix symbol exports for apache2
- add -fno-strict-aliasing to CFLAGS, due to code where
dereferencing type-punned pointers would break strict aliasing
- fix test load of apache2 module (the LoadModule statement went
into the wrong place) - Fix symbol exports.
- Also look for BEAJava2 directory.
- Fix quoting. - fix build with current automake - Add pam-devel to neededforbuild - remove subpackage aolserver
- fix build with current freetype - use net-snmp instead of ucdsnmp - ad previous fix: create the directory - added %{_libdir}/php/bin to file list of mod_php4-core - remove 'Obsoletes: mod_php' from mod_php4, otherwise rpmv4
makes mod_php4 conflict with apache2-mod_php4 - update to version 4.3.3 - expand rpm macros in /etc/httpd/modules/mod_php4 [bug #29664] - update to version 4.3.2
- use BuildRoot
- added activation metadata to sysconfig [bug #28827] - add README.{SuSE,UnitedLinux} [#25888]
- don't explicitely strip binary objects, because RPM does it
anyway, and it might keep the stripped debugging info somewhere.
- don't try to install a file in /etc/apache2/modules/ (it's gone) - always use libtool to compile objects
- added directories to filelist - use 'head -n 1' instead of 'head -1'
- added mhash support - fixed path in script phpize
- fixed ext/mysql/config.m4 - fixed order of Type and Define in sysconfig metadata
- readded subpackage servlet (patch servlet)
- reenabled support for swf
- install swf fonts, use proper SWFFONTPATH
(bug #18057, patch swf) - the apache2 module requires the apache2-prefork MPM - security update to version 4.3.1 - fixes a CGI vulnerability
- added sysconfig metadata [bug #22604] - added php3, php4 to DirectoryIndex [bug #22066] - really disable (empty) subpackage servlet - rename subpackage mod_php4_2 to apache2-mod_php4 - call the new /usr/share/apache2/get_module_list script to
configure apache2, so the test can be passed - use sasl2 - don't built -servlet for now, needs work
- swf.h has vanished from ./dist/include/, and I can't find another
one --> disabling swf support - update to 4.3.0
- GD library is now bundled with the distribution and it is
recommended to always use the bundled version
- vpopmail and cybermut extensions are moved to PECL
- several deprecated extensions (aspell, ccvs, cybercash, icap)
and SAPIs (fastcgi, fhttpd) are removed
- speed improvements in a variety of string functions
- Apache2 filter is improved, but is still considered
experimental (use with PHP in prefork and not worker (thread)
model since many extensions based on external libraries are not
thread safe)
- various security fixes (imap, mysql, mcrypt, file upload, gd, etc)
- new SAPI for embedding PHP in other applications (experimental)
- much better test suite
- significant improvements in dba, gd, pcntl, sybase, and xslt
extensions
- debug_backtrace() should help with debugging
- error messages now contain URLs linking to pages describing the
error or function in question
- Zend Engine has some fixes and minor performance enhancements
- and TONS of other fixes, updates, new functions, etc
- build apache2 module
- QtDOM support is now in qt3, and therefore we need to link
against libqt-mt
- merge the lib64 patch, hope it's complete
- gd lib is now bundled, and preferred for building
- adjust the Provides of the -core package - make it build with current automake - added support for readline
- added support for iconv and mbstrings [bugs #19861 and #19862] - added type .php3 to apache mod_php4.conf - removed bogus self-provides - fixed to build on 64 bit archs - fixed to build on non-i386 archs
- added dynamic extensions to the file list of subpackage core - added PreReq - Remove unused qt2 from neededforbuild - fixed to build on lib64 archs (still broken on nearly all archs
due to other problems) - use "-follow" when searching for jni.h - remove unused gdb from neededforbuild - fix neededforbuild - Add imap-lib to neededforbuild - update to version 4.2.2
- update of asp2php to version 0.76.12
- detect the module magic number if provided by apache, indicating
API changes, and add an RPM Require on it
- add compiled extensions (currently gd.so, as it is build shared
by a previous change by bk@suse.de) to php.ini and filelist - Use %ix86 macro - replaced /opt/jakarta with /opt/jakarta/tomcat - first try for lib64 - use shared libgd on all archs - removed unixODBC stuff, was never used (iodbc is used) - added %{_datadir}/lib/php and extension dir to devel filelist - security fix - Killed %{release} from "Requires" tags. - changed neededforbuild to