diff --git a/.gitignore b/.gitignore index 4a7d915..2802ed7 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,5 @@ php-5.4.*.bz2 /php-5.5.0-strip.tar.xz /php-5.5.1-strip.tar.xz /php-5.5.2-strip.tar.xz +/php-5.5.3.tar.xz +/php-5.5.3-strip.tar.xz diff --git a/php.ini b/php.ini index 8da53bb..7210341 100644 --- a/php.ini +++ b/php.ini @@ -1352,6 +1352,14 @@ session.save_handler = files ; for php-fpm, see /etc/php-fpm.d/*conf ;session.save_path = "/tmp" +; Whether to use strict session mode. +; Strict session mode does not accept uninitialized session ID and regenerate +; session ID if browser sends uninitialized session ID. Strict mode protects +; applications from session fixation via session adoption vulnerability. It is +; disabled by default for maximum compatibility, but enabling it is encouraged. +; https://wiki.php.net/rfc/strict_sessions +session.use_strict_mode = 0 + ; Whether to use cookies. ; http://php.net/session.use-cookies session.use_cookies = 1 @@ -1431,7 +1439,7 @@ session.gc_maxlifetime = 1440 ; collection through a shell script, cron entry, or some other method. ; For example, the following script would is the equivalent of ; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): -; find /path/to/sessions -cmin +24 | xargs rm +; find /path/to/sessions -cmin +24 -type f | xargs rm ; PHP 4.2 and less have an undocumented feature/bug that allows you to ; to initialize a session variable in the global scope. @@ -1593,7 +1601,7 @@ mssql.min_error_severity = 10 mssql.min_message_severity = 10 ; Compatibility mode with old versions of PHP 3.0. -mssql.compatability_mode = Off +mssql.compatibility_mode = Off ; Connect timeout ;mssql.connect_timeout = 5 @@ -1788,6 +1796,11 @@ ldap.max_links = -1 [dba] ;dba.default_handler= +[curl] +; A default value for the CURLOPT_CAINFO option. This is required to be an +; absolute path. +;curl.cainfo = + ; Local Variables: ; tab-width: 4 ; End: diff --git a/php.spec b/php.spec index bb3e59b..761675b 100644 --- a/php.spec +++ b/php.spec @@ -50,12 +50,12 @@ %global with_libgd 1 %endif -%if 0%{?fedora} < 17 && 0%{?rhel} < 7 -%global with_zip 0 -%global with_libzip 0 -%else +%if 0%{?fedora} == 17 || 0%{?fedora} == 18 || 0%{?fedora} == 19 || 0%{?rhel} == 7 %global with_zip 1 %global with_libzip 1 +%else +%global with_zip 0 +%global with_libzip 0 %endif %if 0%{?fedora} < 18 && 0%{?rhel} < 7 @@ -68,7 +68,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: php -Version: 5.5.2 +Version: 5.5.3 Release: 1%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend @@ -951,10 +951,10 @@ build --libdir=%{_libdir}/php \ --with-sqlite3=shared,%{_prefix} \ %if %{with_zip} --enable-zip=shared \ -%endif %if %{with_libzip} --with-libzip \ %endif +%endif --without-readline \ --with-libedit \ --with-pspell=shared \ @@ -1080,10 +1080,10 @@ build --includedir=%{_includedir}/php-zts \ --with-sqlite3=shared,%{_prefix} \ %if %{with_zip} --enable-zip=shared \ -%endif %if %{with_libzip} --with-libzip \ %endif +%endif --without-readline \ --with-libedit \ --with-pspell=shared \ @@ -1537,8 +1537,13 @@ exit 0 %changelog +* Wed Aug 21 2013 Remi Collet - 5.5.3-1 +- update to 5.5.3 +- fix typo and add missing entries in php.ini +- drop zip extension + * Mon Aug 19 2013 Remi Collet - 5.5.2-1 -- update to 5.5.1, fixes for CVE-2011-4718 + CVE-2013-4248 +- update to 5.5.2, fixes for CVE-2011-4718 + CVE-2013-4248 * Thu Aug 08 2013 Remi Collet - 5.5.1-3 - improve system libzip patch diff --git a/sources b/sources index 33d1576..9f5c3b1 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -a2fbb6b185db3a80763de359c7c169a2 php-5.5.2-strip.tar.xz +e67fdc8840b0df782ede7c01f1058ca4 php-5.5.3-strip.tar.xz