php5-firebird-5.5.14-115.1>t  DH`p\/=„qL.+G>%HŚU\d.JLHX"Yv:RFǡBgh4X@|P ̰Vh)CFJZAkI ^"Zӳ5NRqE/kcc?zzfLK1-3G7;6؋oM uE6CyY>Z:c|D]gApǦ^1^#v%V0L[昲+vM~|شk\܍c27^WjW;^:Uk)Ću̗\n钕T63U}8C=(@7YqJ >=Ɉ?xd  3 8KQXh p x     4Hdt < Q (89:BmFGŔHŤIŴXŸYZ [\](^dbƒc4defluvwx(y8 zhCphp5-firebird5.5.14115.1PHP5 Extension ModulePHP functions for access to firebird database servers. Authors: -------- The PHP Group See http://www.php.net/credits.php for more details\6cloud134 openSUSE Leap 42.3openSUSEPHP-3.01http://bugs.opensuse.orgDevelopment/Libraries/PHPhttp://www.php.netlinuxx86_64U[lp\\\!\#9780f8aa85a37d029debdac3cb7d214ffb4b23062c5e17e46445f7f3bcc7e63b02d6177c0793259e73a8a7df79c65d2a40162142501da85159adc68d6aaa1bb2rootrootrootrootrootrootrootrootphp5-5.5.14-115.1.src.rpmconfig(php5-firebird)interbase.so()(64bit)pdo_firebird.so()(64bit)php5-firebirdphp5-firebird(x86-64)php5-interbasephp5-pdo_firebirdphp_any_db@@@@@@   config(php5-firebird)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.4)(64bit)libfbclient.so.2()(64bit)php5php5-pdorpmlib(CompressedFileNames)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsLzma)5.5.14-115.15.5.145.5.143.0.4-14.0-14.4.6-14.11.2\M\~d\X)@[[:@[[9@[e@[2*[Z@ZS&RRR@R1@R@RSRRG@RG@RG@RG@RG@RG@RG@RG@R@RpRZ@RB@R(r@RZ@QMQ@Q@QKQ@Q@Qzl@Qzl@Qu&@QnQkQkQ^QJ@QJ@Q+R@Q@P@P}L@PvP;a@P;a@PO@Ot@OX@OLO-O*zO#@O@ObO yO@N@NxN2NN@N@Nu@NdNbNZ-NS@NENA!@N>~@N;@N98@N6@N5CN/N*N@NNN@NpN@M@MM@M@M@MM5@M5@MWMnM@M@M@M@MMx@MM@MwkMgMc@MS@M.@M*M*M)@M%M PM\@M\@M L@L@L@LLY@LXLEL@KQ@K@K@KKK@KRKKK0KVJ1@JG@J#JJ/@J@J@JJQJ@J_@J;}JB@I@pgajdos@suse.comPetr Gajdos Petr Gajdos Petr Gajdos Petr Gajdos pgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.comsflees@suse.depgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.comabergmann@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.czpgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.comschwab@linux-m68k.orgpgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.comadaugherity@tamu.edupgajdos@suse.compgajdos@suse.comhrvoje.senjan@gmail.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.comRalf Lang pgajdos@suse.compgajdos@suse.compgajdos@suse.comcrrodriguez@opensuse.orgpgajdos@suse.compgajdos@suse.compgajdos@suse.comcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgpgajdos@suse.comjengelh@inai.depgajdos@suse.compgajdos@suse.comadaugherity@tamu.eduadaugherity@tamu.edupgajdos@suse.comslavb18@gmail.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.comcoolo@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.comcoolo@suse.compgajdos@suse.comcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgpgajdos@suse.compgajdos@suse.comcrrodriguez@opensuse.orgpgajdos@suse.comcoolo@suse.compgajdos@suse.compgajdos@suse.comcoolo@suse.compgajdos@suse.compgajdos@suse.comcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.organdrea.turrini@gmail.comcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orglang@b1-systems.decrrodriguez@opensuse.orgsbutler1@illinois.educrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgchris@computersalat.depgajdos@suse.czchris@computersalat.depgajdos@suse.czcristian.rodriguez@opensuse.orgcristian.rodriguez@opensuse.orgcristian.rodriguez@opensuse.orgcristian.rodriguez@opensuse.orgcristian.rodriguez@opensuse.orgcristian.rodriguez@opensuse.orgcristian.rodriguez@opensuse.orgcristian.rodriguez@opensuse.orgro@suse.decristian.rodriguez@opensuse.orgcristian.rodriguez@opensuse.orgcrrodriguez@opensuse.orgcristian.rodriguez@opensuse.orgcristian.rodriguez@opensuse.orgcristian.rodriguez@opensuse.orgcristian.rodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgdimstar@opensuse.orgvuntz@opensuse.orgaj@suse.dejengelh@medozas.decoolo@novell.comcrrodriguez@opensuse.orgcrrodriguez@suse.decrrodriguez@suse.decrrodriguez@suse.decrrodriguez@suse.decrrodriguez@novell.comcrrodriguez@novell.comcrrodriguez@suse.decrrodriguez@suse.decrrodriguez@suse.decoolo@novell.comcrrodriguez@suse.decrrodriguez@suse.decrrodriguez@suse.de- security update * CVE-2019-9024 [bsc#1126821] + php-CVE-2019-9024.patch * CVE-2019-9020 [bsc#1126711] + php-CVE-2019-9020.patch * CVE-2018-20783 [bsc#1127122] + php-CVE-2018-20783.patch * CVE-2019-9021 [bsc#1126713] + php-CVE-2019-9021.patch * CVE-2019-9023 [bsc#1126823] + php-CVE-2019-9023.patch * CVE-2019-9641 [bsc#1128722] + php-CVE-2019-9641.patch- asan_build: build ASAN included - debug_build: build more suitable for debugging- CVE-2019-6977 [bsc#1123354] + php-CVE-2019-6977.patch- security update * imap_open script injection flaw, CVE-2018-19518 [bsc#1117107] + php-imap_open-script-injection.patch- security update * CVE-2018-17082 [bsc#1108753] + php-CVE-2018-17082.patch- fix segfault in pcre extension, CVE-2017-9118 [bsc#1105466] + php-pcre-replace-impl-CWE-680.patch- align patch names: php5-CVE-2018-14851.patch -> php-CVE-2018-14851.patch- security update * CVE-2018-14851 [bsc#1103659] + php-CVE-2018-14851.patch- security update * CVE-2018-12882 [bsc#1099098] + php-CVE-2018-12882.patch- security update * CVE-2018-10360 [bsc#1096984] + php-CVE-2018-10360.patch- security update * CVE-2018-10545 [bsc#1091367] + php-CVE-2018-10545.patch * CVE-2018-10547 [bsc#1091362] + php-CVE-2018-10547.patch * CVE-2018-10546 [bsc#1091363] + php-CVE-2018-10546.patch * CVE-2018-10548 [bsc#1091355] + php-CVE-2018-10548.patch- security update: * CVE-2018-7584 [bsc#1083639] + php-CVE-2018-7584.patch- security update: * CVE-2016-10712 [bsc#1080234] + php-CVE-2016-10712.patch- security update: * CVE-2018-5712 [bsc#1076220] + php-CVE-2018-5712.patch * CVE-2018-5711 [bsc#1076391] + php-CVE-2018-5711.patch- security update: * CVE-2017-9228 [bsc#1069606] + php-CVE-2017-9228.patch * CVE-2017-9229 [bsc#1069631] + php-CVE-2017-9229.patch- security update: * CVE-2017-16642 [bsc#1067441] + php-CVE-2017-16642.patch * CVE-2017-4025 [bsc#1067090] + php-CVE-2017-4025.patch- security update: * CVE-2017-12933 [bsc#1054430] + php-CVE-2017-12933.patch- security update: * CVE-2017-11628 [bsc#1050726] + php-CVE-2017-11628.patch * CVE-2017-7890 [bsc#1050241] + php-CVE-2017-7890.patch * complete fix for CVE-2016-5766 [bsc#986386c#23] . amended php-CVE-2016-5766.patch . refreshed php-CVE-2016-10168.patch- security update: * CVE-2017-11143 [bsc#1048097] + php-CVE-2017-11143.patch * CVE-2017-11145 [bsc#1048112] + php-CVE-2017-11145.patch * CVE-2017-11146 [bsc#1048111] + php-CVE-2017-11146.patch * CVE-2016-10397 [bsc#1047454] + php-CVE-2016-10397.patch * CVE-2017-11147 [bsc#1048094] + php-CVE-2017-11147.patch * CVE-2017-11144 [bsc#1048096] + php-CVE-2017-11144.patch- fix for CVE-2017-7272 was reverted [bsc#1044976]- security update: * CVE-2017-9227 [bsc#1040883] + php-CVE-2017-9227.patch * CVE-2017-9226 [bsc#1040889] + php-CVE-2017-9226.patch * CVE-2017-9224 [bsc#1040891] + php-CVE-2017-9224.patch- security update: * CVE-2016-6294 [bsc#1035111] + php-CVE-2016-6294.patch- security update: * CVE-2017-7272 [bsc#1031246] + php-CVE-2017-7272.patch- security update: * CVE-2015-8994 [bsc#1027210] + php-CVE-2015-8994.patch- security update: * CVE-2016-10161 [bsc#1022260] + php-CVE-2016-10161.patch * CVE-2016-10158 [bsc#1022219] + php-CVE-2016-10158.patch * CVE-2016-10167 [bsc#1022264] + php-CVE-2016-10167.patch * CVE-2016-10168 [bsc#1022265] + php-CVE-2016-10168.patch * CVE-2016-10166 [bsc#1022263] + php-CVE-2016-10166.patch * CVE-2016-10159 [bsc#1022255] + php-CVE-2016-10159.patch * CVE-2016-10160 [bsc#1022257] + php-CVE-2016-10160.patch- security update: * CVE-2016-7478 [bsc#1019550] + php-CVE-2016-7478.patch- security update: * CVE-2016-9933 [bsc#1015187] + php-CVE-2016-9933.patch * CVE-2016-9934 [bsc#1015188] + php-CVE-2016-9934.patch * CVE-2016-9935 [bsc#1015189] + php-CVE-2016-9935.patch- security update: * CVE-2016-9137 [bsc#1008029] + php-CVE-2016-9137.patch- security update: * CVE-2016-8670 [bsc#1004924] + php-CVE-2016-8670.patch * CVE-2016-6911 [bsc#1005274] + php-CVE-2016-6911.patch- security update: * CVE-2016-7568 [bsc#1001900] + php-CVE-2016-7568.patch- security update: * CVE-2016-7412 [bsc#999680] + php-CVE-2016-7412.patch * CVE-2016-7411 [bsc#999682] + php-CVE-2016-7411.patch * CVE-2016-7417 [bsc#999684] + php-CVE-2016-7417.patch * CVE-2016-7413 [bsc#999679] + php-CVE-2016-7413.patch * CVE-2016-7418 [bsc#999819] + php-CVE-2016-7418.patch * CVE-2016-7414 [bsc#999820] + php-CVE-2016-7414.patch * CVE-2016-7416 [bsc#999685] + php-CVE-2016-7416.patch- security update: * CVE-2016-7132 [bsc#997230], CVE-2016-7131 [bsc#997225] + php-CVE-2016-7131,7132.patch * CVE-2016-7129 [bsc#997220] + php-CVE-2016-7129.patch * CVE-2016-7130 [bsc#997257] + php-CVE-2016-7130.patch * CVE-2016-7134 [bsc#997248] + php-CVE-2016-7134.patch * CVE-2016-7128 [bsc#997211] + php-CVE-2016-7128.patch * CVE-2016-7127 [bsc#997210] + php-CVE-2016-7127.patch * CVE-2016-7126 [bsc#997208] + php-CVE-2016-7126.patch * CVE-2016-7125 [bsc#997207] + php-CVE-2016-7125.patch * CVE-2016-7124 [bsc#997206] + php-CVE-2016-7124.patch- security update: * CVE-2014-3587 [bsc#987530] + php-CVE-2016-3587.patch * CVE-2016-6128 [bsc#987580] + php-CVE-2016-6128.patch * CVE-2016-6161 [bsc#988032] + php-CVE-2016-6161.patch * CVE-2016-6292 [bsc#991422] + php-CVE-2016-6292.patch * CVE-2016-6295 [bsc#991424] + php-CVE-2016-6295.patch * CVE-2016-6297 [bsc#991426] + php-CVE-2016-6297.patch * CVE-2016-6291 [bsc#991427] + php-CVE-2016-6291.patch * CVE-2016-6289 [bsc#991428] + php-CVE-2016-6289.patch * CVE-2016-6290 [bsc#991429] + php-CVE-2016-6290.patch * CVE-2016-5399 [bsc#991430] + php-CVE-2016-5399.patch * CVE-2016-6288 [bsc#991433] + php-CVE-2016-6288.patch * CVE-2016-6296 [bsc#991437] + php-CVE-2016-6296.patch * CVE-2016-6207 [bsc#991434] + php-CVE-2016-6207.patch- security update: * CVE-2016-5385 [bsc#988486] + php-CVE-2016-5385.patch- security update: * CVE-2016-5768 [bsc#986246] + php-CVE-2016-5768.patch * CVE-2016-5772 [bsc#986244] + php-CVE-2016-5772.patch * CVE-2015-8935 [bsc#986004] + php-CVE-2015-8935.patch * CVE-2016-5770 [bsc#986392] + php-CVE-2016-5770.patch * CVE-2016-5771 [bsc#986391] + php-CVE-2016-5771.patch * CVE-2016-5769 [bsc#986388] + php-CVE-2016-5769.patch * CVE-2016-5766 [bsc#986386] + php-CVE-2016-5766.patch * CVE-2016-5767 [bsc#986393] + php-CVE-2016-5767.patch * CVE-2016-5773 [bsc#986247] + php-CVE-2016-5773.patch- security update: * CVE-2013-7456 [bsc#982009] + php-CVE-2013-7456.patch * CVE-2016-5093 [bsc#982010] + php-CVE-2016-5093.patch * CVE-2016-5094, CVE-2016-5095 [bsc#982011] [bsc#982012] + php-CVE-2016-5094,5095.patch * CVE-2016-5096 [bsc#982013] + php-CVE-2016-5096.patch- security update: * CVE-2015-8877 [bsc#981061] + php-CVE-2015-8877.patch * CVE-2015-8876 [bsc#981049] + php-CVE-2015-8876.patc * CVE-2015-8879 [bsc#981050] + php-CVE-2015-8879.patch- security update: * CVE-2015-4116 [bsc#980366] + php-CVE-2015-4116.patch * CVE-2015-8874 [bsc#980375] + php-CVE-2015-8874.patch * CVE-2015-8873 [bsc#980373] + php-CVE-2015-8873.patch- security update: * CVE-2016-4540, CVE-2016-4541 [bsc#978829] + php-CVE-2016-4540,4541.patch * CVE-2016-4542, CVE-2016-4543, CVE-2016-4544 [bsc#978830] + php-CVE-2016-4542,4543,4544.patch * CVE-2016-4537, CVE-2016-4538 [bsc#978827] + php-CVE-2016-4537,4538.patch * CVE-2016-4539 [bsc#978828] + php-CVE-2016-4539.patch- security update: * CVE-2016-4342 [bsc#977991] + php-CVE-2016-4342.patch * CVE-2016-4346 [bsc#977994] + php-CVE-2016-4346.patch * CVE-2016-4346 [bsc#977994] + php-CVE-2016-4346.patch- security update: * CVE-2016-4073 [bsc#977003] + php-CVE-2016-4073.patch * CVE-2015-8867 [bsc#977005] + php-CVE-2015-8867.patch * CVE-2016-4070 [bsc#976997] + php-CVE-2016-4070.patch * CVE-2015-8866 [bsc#976996] + php-CVE-2015-8866.patch * CVE-2016-4071 [bsc#977000] + php-CVE-2016-4071.patch- fix incomplete php-CVE-2015-8835.patch [bsc#973351#c14]- fixed libmagic buffer overflow [bsc#974305] + php-libmagic-boverflow-malformed-magic-file.patch- security update: * CVE-2015-8838 [bsc#973792] + php-CVE-2015-8838.patch- security update: * CVE-2015-8835 [bsc#973351] + php-CVE-2015-8835.patch- security update: * CVE-2016-3141 [bsc#969821] + php-CVE-2016-3141.patch * CVE-2016-3142 [bsc#971912] + php-CVE-2016-3142.patch * CVE-2014-9767 [bsc#971612] + php-CVE-2014-9767.patch * CVE-2016-3185 [bsc#971611] + php-CVE-2016-3185.patch- security update: * CVE-2016-2554 [bsc#968284]- security update: * CVE-2015-7803 [bsc#949961] + php-CVE-2015-7803.patch * CVE-2016-1903 [bsc#962057] + php-CVE-2016-1903.patch- revert upstream change in suhosin.ini -- suhosin extension is loaded by default [bnc#949134] + php-suhosin.ini.patch- security update: * CVE-2015-6831 [bnc#942291] [bnc#942294] [bnc#942295] + php-CVE-2015-6831.patch * CVE-2015-6832 [bnc#942293] + php-CVE-2015-6832.patch * CVE-2015-6833 [bnc#942296] + php-CVE-2015-6833.patch * CVE-2015-6834 [bnc#945403] + php-CVE-2015-6834.patch * CVE-2015-6835 [bnc#945402] + php-CVE-2015-6835.patch * CVE-2015-6836 [bnc#945428] + php-CVE-2015-6836.patch * CVE-2015-6837 CVE-2015-6838 [bnc#945412] + php-CVE-2015-6837,6838.patch - compare with SQL_NULL_DATA correctly [bnc#935074] + php-odbc-cmp-int-cast.patch- added php5-fix_net-snmp_disable_MD5.patch: If MD5 was disabled in net-snmp we have to disable the used MD5 function in ext/snmp/snmp.c as well. (bsc#944302)- updated suhosin to 0.9.38 [fate#319325] * removed php5-suhosin-php55.patch- security update: * CVE-2015-5590 [bnc#938719] + php-CVE-2015-5590.patch * CVE-2015-5589 [bnc#938721] + php-CVE-2015-5589.patch- security update: * CVE-2015-4602 [bnc#935224] + php-CVE-2015-4602.patch * CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226] + php-CVE-2015-4599,4600,4601.patch * CVE-2015-4603 [bnc#935234] + php-CVE-2015-4603.patch * CVE-2015-4644 [bnc#935274] + php-CVE-2015-4644.patch * CVE-2015-4643 [bnc#935275] + php-CVE-2015-4643.patch * CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935277], [bnc#935232], [bnc#935234] + php-CVE-2015-3411,3412,4598.patch- configure php-fpm with --localstatedir=/var [bnc#927147]- security update: * CVE-2015-4148 [bnc#933227]- fix timezone map [bnc#919080]- security update: * CVE-2015-4024 [bnc#931421] + php-CVE-2015-4024.patch * CVE-2015-4026 [bnc#931776] + php-CVE-2015-4026.patch * CVE-2015-4022 [bnc#931772] + php-CVE-2015-4022.patch * CVE-2015-4021 [bnc#931769] + php-CVE-2015-4021.patch- security update: * CVE-2015-3330 [bnc#928408] + php-CVE-2015-3330.patch * CVE-2015-3329 [bnc#928506] + php-CVE-2015-3329.patch * CVE-2015-2783 [bnc#928511] + php-CVE-2015-2783.patch- security update: * CVE-2015-2787 [bnc#924972] + php-CVE-2015-2787.patch * unserialize SoapClient type confusion [bnc#925109] + php-unserialize-soap-type-confusion.patch * CVE-2015-2348 [bnc#924970] + php-CVE-2015-2348.patch- security update: * CVE-2014-9709 [bnc#923946] + php-CVE-2014-9709.patch * CVE-2015-2301 [bnc#922022] + php-CVE-2015-2301.patch * CVE-2015-2305 [bnc#922452] + php-CVE-2015-2305.patch * CVE-2014-9705 [bnc#922451] + php-CVE-2014-9705.patch- security update: * CVE-2015-0273 [bnc#918768] + php-CVE-2015-0273.patch * CVE-2014-9652 [bnc#917150] + php-CVE-2014-9652.patch- security update: * CVE-2014-8142 [bnc#910659] + php-CVE-2014-8142.patch * CVE-2015-0231 [bnc#910659] + php-CVE-2015-0231.patch * null ptr deref [bnc#910659] + php-unserialize-null-ptr-deref.patch * CVE-2014-9427 [bnc#911664] + php-CVE-2014-9427.patch * CVE-2015-0232 [bnc#914690] + php-CVE-2015-0232.patch - added added README.default_socket_timeout [bnc#907519]- security update: * CVE-2014-3670 [bnc#902357] * CVE-2014-3669 [bnc#902360] * CVE-2014-3668 [bnc#902368] - added patches: * php-CVE-2014-3670.patch * php-CVE-2014-3669.patch * php-CVE-2014-3668.patch- security update: * CVE-2014-5459 [bnc#893849] * CVE-2014-3597 [bnc#893853] * CVE-2014-5120 [bnc#893855] - added patches: * php-CVE-2014-3597.patch * php-CVE-2014-5120.patch- fixed crash when throwing and handling an exception in one finally block [bnc#868098] - that breaks Zend ABI 20121212 - added patches: * php5-finally-exception-crash.patch- security update: * php-CVE-2014-4670.patch [bnc#886059] * php-CVE-2014-4698.patch [bnc#886060] - php-5.5.10-CVE-2014-2497.patch renamed to php-CVE-2014-2497.patch i- updated to 5.5.14: This release fixes several bugs against PHP 5.5.13. Also, this release fixes a total of 8 CVEs, half of them concerning the FileInfo extension. - removed CVE-2014-4049.patch (upstreamed)- security update * php-5.5.13-CVE-2014-4049.patch [bnc#882992]- php5-5.5.10-CVE-2014-2497.patch renamed to php-5.5.10-CVE-2014-2497.patch to be consistent with other product php patches names- do not package latest_test_results.txt; instead, run build-test.sh twice: before and after source changes- updated to 5.5.13: This release fixes several bugs in PHP 5.5.12, and addresses two CVEs in Fileinfo (CVE-2014-0238 and CVE-2014-0237).- updated to 5.5.12: Fixed several bugs against PHP 5.5.11, as well as CVE-2014-0185 regarding PHP-FPM. - improved build-test.sh- build-test.sh: use relevant api for build; propagate build parameters to osc- php5-gcc_builtins.patch: remove unused patch- add build-test.sh and latest_test_results.txt for testing regressions in tests before and after update. Run sh build-test.sh after changes. php will get built and test results will be compared with latest_test_results.txt and differences reported. mv latest_test_results.txt.new latest_test_results.txt if differences are acceptable.- updated to 5.5.11: * Several bugs were fixed in this release, some bundled libraries updated and a security issue has been fixed : CVE-2013-7345.- fixed CVE-2014-2497 [bnc#868624]- updated to 5.5.10: * Several bugs were fixed in this release, including security issues related to CVEs. CVE-2014-1943, CVE-2014-2270 and CVE-2013-7327 have been addressed in this release.- Fix build on non-systemd distros (esp. SLES 11)- updated to 5.5.9: * This release fixes several bugs against PHP 5.5.8. * see NEWS or http://www.php.net/ChangeLog-5.php#5.5.9 for details - modified patches: * php5-no-build-date.patch (refreshed using quilt)- updated to 5.5.8: * fixes CVE-2013-6712 and build against freetype2 * see http://www.php.net/ChangeLog-5.php#5.5.8 for more * removed CVE-2013-6712.patch * removed freetype2_include_dir.patch- Added php5-freetype2_include_dir.patch: Fixes check of freetype2 headers, as freetype2 2.5.1 changed the header location- updated to 5.5.7: * fixes some bugs against PHP 5.5.6 and it also includes a fix for CVE-2013-6420 in OpenSSL extension - > removed CVE-2013-6420.patch- security update [bnc#854880] * added CVE-2013-6420.patch- security update [bnc#853045] * added CVE-2013-6712.patch- updated to 5.5.6: * fixes some bugs against PHP 5.5.5, and adds some performance improvements. * see http://www.php.net/ChangeLog-5.php#5.5.6 for details- updated to 5.5.5: * This release fixes about twenty bugs against PHP 5.5.4, some of them regarding the build system. * added sys_temp_dir ini directive - removed custom-tmp-dir.patch (upstreamed)- updated to 5.5.4: * This release fixes several bugs against PHP 5.5.3. - crypt-tests.patch partially upstreamed - use zend_extension instead of extension directive in opcache.ini [bnc#840350]- updated to 5.5.3: These release fix a bug in the patch for CVE-2013-4248 in OpenSSL module and compile failure with ZTS enabled in PHP 5.4.- updated to 5.5.2: * About 20 bugs were fixed, including security issue in OpenSSL module (CVE-2013-4248) and session fixation problem (CVE-2011-4718).- updated to 5.5.1 * bugfixes incl. security fix in the XML parser- replace php5-64-bit-post-large-files.patch with php5-big-file-upload.patch patch that uses def_t instead of signed long as suggested by upstream- updated to 5.5.0: * Added generators and coroutines. * Added the finally keyword. * Added a simplified password hashing API. * Added support for constant array/string dereferencing. * Added scalar class name resolution via ::class. * Added support for using empty() on the result of function calls and other expressions. * Added support for non-scalar Iterator keys in foreach. * Added support for list() constructs in foreach statements. * Added the Zend OPcache extension for opcode caching. * A lot more improvements and fixes. * PHP logo GUIDs have been removed. * Case insensitivity is no longer locale specific. All case insensitive matching for function, class and constant names is now performed in a locale independent manner according to ASCII rules. - buildrequire cyrus-sasl-devel explicitely - suhosin-php54.patch renamed to suhosin-php55.patch- update to 5.4.22: * About 10 bugs were fixed. * see http://www.php.net/ChangeLog-5.php#5.4.22 for details- updatedto 5.4.21: * About 10 bugs were fixed. * added custom-tmp-dir.patch by Per Jessen- build with --with-fpm-systemd and install systemd unit - php5-systemd-unit.patch: tweak systemd unit for openSUSE requirements - php5-openssl.patch: only openSSL_config() is really needed. - Recommended for 13.1 and Factory- updated to 5.4.20: * About 30 bugs were fixed.- updated to 5.4.19: * These releases fix a bug in the patch for CVE-2013-4248 in OpenSSL module and compile failure with ZTS enabled in PHP 5.4.- updated to 5.4.18: * About 30 bugs were fixed, including security issues CVE-2013-4113 and CVE-2013-4248.- php5-per-mod-log.patch: It turns out that requesting per-module logging support in 2.4 will not do a thing if the expansion of APLOG_USE_MODULE is not visible to all files of the module so place it in the header instead.- php5-per-mod-log.patch Support apache 2.4 per module logging - php5-apache24-updates.patch Use proper API in apache 2.4 to determine when the module has to be loaded. I made this patches at least a year ago, but for some reason they went out of my radar and were not applied to upstream Will be submitted again soon.- updated to 5.4.17: Core: Fixed bug #64988 (Class loading order affects E_STRICT warning). Fixed bug #64966 (segfault in zend_do_fcall_common_helper_SPEC). Fixed bug #64960 (Segfault in gc_zval_possible_root). Fixed bug #64936 (doc comments picked up from previous scanner run). Fixed bug #64934 (Apache2 TS crash with get_browser()). Fixed bug #64166 (quoted-printable-encode stream filter incorrectly discarding whitespace). DateTime: Fixed bug #53437 (Crash when using unserialized DatePeriod instance). FPM: Fixed bug #64915 (error_log ignored when daemonize=0). Implemented FR #64764 (add support for FPM init.d script). PDO: Fixed bug #63176 (Segmentation fault when instantiate 2 persistent PDO to the same db server). PDO_DBlib: Fixed bug #63638 (Cannot connect to SQL Server 2008 with PDO dblib). Fixed bug #64338 (pdo_dblib can't connect to Azure SQL). Fixed bug #64808 (FreeTDS PDO getColumnMeta on a prepared but not executed statement crashes). PDO_firebird: Fixed bug #64037 (Firebird return wrong value for numeric field). Fixed bug #62024 (Cannot insert second row with null using parametrized query). PDO_mysql: Fixed bug #48724 (getColumnMeta() doesn't return native_type for BIT, TINYINT and YEAR). PDO_pgsql: Fixed bug #64949 (Buffer overflow in _pdo_pgsql_error). pgsql: Fixed bug #64609 (pg_convert enum type support). Readline: Implement FR #55694 (Expose additional readline variable to prevent default filename completion). SPL: Fixed bug #64997 (Segfault while using RecursiveIteratorIterator on 64-bits systems).- Explicitly specify cyrus-sasl build dependency- updated to 5.4.16 - Core: . Fixed bug #64879 (Heap based buffer overflow in quoted_printable_encode, CVE 2013-2110). (Stas) . Fixed bug #64853 (Use of no longer available ini directives causes crash on TS build). (Anatol) . Fixed bug #64729 (compilation failure on x32). (Gustavo) . Fixed bug #64720 (SegFault on zend_deactivate). (Dmitry) . Fixed bug #64660 (Segfault on memory exhaustion within function definition). (Stas, reported by Juha Kylmänen) - Calendar: . Fixed bug #64895 (Integer overflow in SndToJewish). (Remi) - Fileinfo: . Fixed bug #64830 (mimetype detection segfaults on mp3 file). (Anatol) - FPM: . Ignore QUERY_STRING when sent in SCRIPT_FILENAME. (Remi) . Fixed some possible memory or resource leaks and possible null dereference detected by code coverity scan. (Remi) . Log a warning when a syscall fails. (Remi) . Add --with-fpm-systemd option to report health to systemd, and systemd_interval option to configure this. The service can now use Type=notify in the systemd unit file. (Remi) - MySQLi . Fixed bug #64726 (Segfault when calling fetch_object on a use_result and DB pointer has closed). (Laruence) - Phar . Fixed bug #64214 (PHAR PHPTs intermittently crash when run on DFS, SMB or with non std tmp dir). (Pierre) - SNMP: . Fixed bug #64765 (Some IPv6 addresses get interpreted wrong). (Boris Lytochkin) . Fixed bug #64159 (Truncated snmpget). (Boris Lytochkin) - Streams: . Fixed bug #64770 (stream_select() fails with pipes returned by proc_open() on Windows x64). (Anatol) - Zend Engine: . Fixed bug #64821 (Custom Exceptions crash when internal properties overridden). (Anatol)- updated to 5.4.15: Core: Fixed bug #64578 (debug_backtrace in set_error_handler corrupts zend heap: segfault). Fixed bug #64458 (dns_get_record result with string of length -1). Fixed bug #64433 (follow_location parameter of context is ignored for most response codes). Fixed bug #47675 (fd leak on Solaris). Fixed bug #64577 (fd leak on Solaris). Fileinfo: Upgraded libmagic to 5.14. Streams: Fixed Windows x64 version of stream_socket_pair() and improved error handling. Zip: Fixed bug #64342 (ZipArchive::addFile() has to check for file existence).- Conflict with php53 packages so zypper doesn't suggest installing a mix of php53-* (from SLES 11) and php5-* (these 5.4 packages).- Fix build on SLES 11 (no firebird) and openSUSE <= 12.1 (no separate libfbclient2-devel pkg).- use current install-pear-nozlib.phar from http://pear.php.net/install-pear-nozlib.phar - php5-pear package provides/obsoletes php5-pear-Archive_Tar, see explanation in the spec- add php5-firebird providing php5-interbase and php5-pdo_firebird- updated to 5.4.14: Core: Fixed bug #64529 (Ran out of opcode space). Fixed bug #64515 (Memoryleak when using the same variablename two times in function declaration). Fixed bug #64432 (more empty delimiter warning in strX methods). Fixed bug #64417 (ArrayAccess::&offsetGet() in a trait causes fatal error). Fixed bug #64370 (microtime(true) less than $_SERVER['REQUEST_TIME_FLOAT']). Fixed bug #64239 (Debug backtrace changed behavior since 5.4.10 or 5.4.11). Fixed bug #63976 (Parent class incorrectly using child constant in class property). Fixed bug #63914 (zend_do_fcall_common_helper_SPEC does not handle exceptions properly). Fixed bug #62343 (Show class_alias In get_declared_classes()). PCRE: Merged PCRE 8.32. SNMP: Fixed bug #61981 (OO API, walk: $suffix_as_key is not working correctly). Zip: Fixed bug #64452 (Zip crash intermittently). (Anatol)- libc-client.so needs -lssl- fixed 'http limits uploads to 2GB' [bnc#812800], see https://bugs.php.net/bug.php?id=44522 * 64bit-post-large-files.patch- updated to 5.4.13: Core: Fixed bug #64235 (Insteadof not work for class method in 5.4.11). Implemented FR #64175 (Added HTTP codes as of RFC 6585). Fixed bug #64142 (dval to lval different behavior on ppc64). Fixed bug #64070 (Inheritance with Traits failed with error). CLI server: Fixed bug #64128 (buit-in web server is broken on ppc64). Mbstring: mb_split() can now handle empty matches like preg_split() does. OpenSSL: Fixed bug #61930 (openssl corrupts ssl key resource when using openssl_get_publickey()). PDO_mysql: Fixed bug #60840 (undefined symbol: mysqlnd_debug_std_no_trace_funcs). Phar: Fixed timestamp update on Phar contents modification. SOAP Added check that soap.wsdl_cache_dir conforms to open_basedir (CVE-2013-1635). Disabled external entities loading (CVE-2013-1643, CVE-2013-1824). SPL: Fixed bug #64264 (SPLFixedArray toArray problem). Fixed bug #64228 (RecursiveDirectoryIterator always assumes SKIP_DOTS). Fixed bug #64106 (Segfault on SplFixedArray[][x] = y when extended). Fixed bug #52861 (unset fails with ArrayObject and deep arrays). SNMP: Fixed bug #64124 (IPv6 malformed).- updated to 5.4.12: * dropped sqlite.so (no longer shipped with 5.4) * dropped t1lib support * dropped %{suse_version} 10.x support * see /usr/share/doc/packages/php5/UPGRADING or http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/UPGRADING for details * source changes: D php-5.2.9-BNC-457056.patch -- renamed to php5-BNC-457056.patch D php-5.3.0-bnc513080.patch -- there's no relevant code in exif.c D php-5.3.1-systzdata-v7.patch -- renamed to php5-systzdata-v7.patch D php-5.3.2-aconf26x.patch -- dropped, it is not needed yet D php-5.3.2-ini.patch -- renamed to php5-ini.patch D php-5.3.2-no-build-date.patch -- renamed to php5-no-build-date.patch D php-5.3.22.tar.bz2 -- old tarball D php-5.3.4-format-string-issues.patch -- renamed to php5-format-string-issues.patch D php-5.3.4-pts.patch -- renamed to php5-pts.patch D php-5.3.6-gcc_builtins.patch -- renamed to php5-gcc_builtins.patch D php-5.3.6-ini-date.timezone.patch -- part of php5-ini.patch D php-5.3.8-CVE-2011-4153.patch -- fixed in 5.4 branch D php-5.3.8-crypt-tests.patch -- renamed to php5-crypt-tests.patch D php-5.3.8-no-reentrant-crypt.patch -- renamed to php5-no-reentrant-crypt.patch A php-5.4.13.tar.bz2 -- new version tarball D php-cloexec.patch -- renamed to php5-cloexec.patch M php-suse-addons.tar.bz2 -- content of tar balls are actualy equal A php5-BNC-457056.patch -- renamed from php-5.2.9-BNC-457056.patch, not rebased A php5-cloexec.patch -- renamed from php-cloexec.patch, rebased A php5-sytzdata-v7.patch -- renamed from sytzdata-v7.pach, not rebased A php-format-string-issues.patch -- renamed from php5-5.3.4-format-string-issues.patch, not rebased A php5-crypt-tests.patch -- renamed from php-5.3.8-crypt-tests.patch, not rebased A php5-gcc_builtins.patch -- renamed from php-5.3.6-gcc_builtins.patch, not rebased A php5-ini.patch -- renamed from php-5.3.2-ini.patch, rebased A php5-mbstring-missing-return.patch -- new patch, missing return M php5-missing-extdeps.patch -- rebased A php5-no-build-date.patch -- renamed from php-5.3.2-no-build-date.patch, rebased A php5-no-reentrant-crypt.patch -- renamed from php-5.3.8-no-reentrant-crypt.patch, not rebased M php5-openssl.patch -- rebased M php5-phpize.patch -- rebased A php5-pts.patch -- renamed from php-5.3.4-pts.patch, not rebased A php5-suhosin-php54.patch -- patch on top of suhosin-0.9.33.tgz to work with php 5.4 M php5.changes -- this change log M php5.spec -- new version, etc D suhosin-patch-5.3.3-0.9.10.patch.gz -- dropped, seems not be used for some time- updated to 5.3.22: . Fixed bug #64099 (Wrong TSRM usage in zend_Register_class alias). (Johannes) . Fixed bug #63899 (Use after scope error in zend_compile). (Laruence) . Fixed bug #63943 (Bad warning text from strpos() on empty needle). (Laruence) . Fixed bug #55397 (comparsion of incomplete DateTime causes SIGSEGV). (Laruence, Derick) . Fixed bug #63999 (php with fpm fails to build on Solaris 10 or 11). (Adam) . Added check that soap.wsdl_cache_dir conforms to open_basedir (CVE-2013-1635). (Dmitry) . Disabled external entities loading (CVE-2013-1643). (Dmitry) . Fixed bug #64106 (Segfault on SplFixedArray[][x] = y when extended). (Nikita Popov)- updated to 5.3.21: * Fixed bug #63762 (Sigsegv when Exception::$trace is changed by user). * Fixed bug (segfault due to libcurl connection caching). * Fixed bug #63795 (CURL >= 7.28.0 no longer support value 1 for CURLOPT_SSL_VERIFYHOST). etc. see NEWS for details- fix CVE-2011-4153 CVE-2011-4153 [bnc#741859]- add explicit buildrequire on libbz2-devel (having to patch old .changes file to avoid "double entry")- updated to 5.3.17: * Fixed bug (segfault while build with zts and GOTO vm-kind) * Fixed bug #62844 (parse_url() does not recognize // * etc. see NEWS for details- use FilesMatch with 'SetHandler' rather than 'AddHandler' [bnc#775852]- updated to 5.3.16: * fixes over 20 bugs, see NEWS for more details- updated to 5.3.15: * fixes over 30 bugs and includes a fix for a security related overflow issue in the stream implementation (CVE-2012-2688) [bnc#772582] and open_basedir bypass, CVE-2012-3365 [bnc#772580]- updated to 5.3.14: * bug-fix release, see NEWS for details- updated to 5.3.13: various security fixes, CVE-2012-1823, CVE-2012-2311, CVE-2012-2335, CVE-2012-2336 * removed php-5.3.10-pcre_fullinfo.patch * refreshed php-5.3.2-aconf26x.patch- fix license to spdx.org format- fixed build with new pcre (php bug 60986)- Build with -fpie- PHP 5.3.10, fixes CVE-2012-0830.- remove unapplied patches- buildrequire libjpeg-devel- remove apache module conflict with apache2-worker [bnc#728671] - amended README.SUSE instead- Update to version 5.3.9 * Drop already applied patches * This update only contain minor bug fixes, it is a stop over php 5.4.0 that should be out very soon.- security update: * CVE-2011-4885 [bnc#738221] -- added max_input_vars directive to prevent attacks based on hash collisions- add autoconf as buildrequire to avoid implicit dependency- apache module conflicts with apache2-worker [bnc#728671]- security update: * CVE-2011-4566 [bnc#733590] * CVE-2011-1466 [bnc#736169]- fix license - there is no 3.1 version of php license- build php against system's libcrypt, which drops extended DES support * crypt-tests.patch * no-reentrant-crypt.patch- security update: CVE-2011-3379 [bnc#728350]- Fix wrong PAGE_SIZE assumption, must use sysconf() instead - Fix integer overflow when attempting to use more than 2 Gb of memory.- call openssl_config too in order to load user-provided engine configuration.- Cleanup patches for upcoming release.- Fixed typos in php5.spec- Fix very publicized critical bug in crypt() implementation- Add mssql support with freetds - Update PHP snapshot.- Update snapshot, more static analyzer fixes.- Update snapshot, fix converity warnings- Update snapshot, several check if malloc() succeeded.- Fix build in Factory - Fix Segfault with allow_call_time_pass_reference = Off - Using class constants in array definition fails- Add sqlite3 session storage, this is no more than a forward port of already existent sqlite2 backend- Update snap, PHP 5.3.7-RC4- Update snapshot again.- Update snapshot.- is_a() function is throwing an annoying warning "Unknown class passed as parameter" which is noticeable when you use PEAR, fix it, if your code uses it you should be using the instanceof operator anyway. - Update bundled pear.- Crash in gc_remove_zval_from_buffer CVE-NO-NAME - Crash in zend_mm_check_ptr // Heap corruption- Fixed missing Expires and Cache-Control headers for ping and status pages - fix crypt() issue with overlong salt - Fixed bug #52935 (call exit in user_error_handler cause stream relate core).- Fix crash in error_log (strlen with NULL) - Fixed exit at FPM startup on fpm_resources_prepare - Added master rlimit_files and rlimit_core - Removed pid in debug logs written by chrildren processes - Replaced shm_slots with a real scoreboard- Enable mysqlnd compression protocol.- Update snapshot to 5.3.7 RC1- Allow bison 2.5 -File path injection vulnerability in RFC1867 File upload CVE-2011-2202.- Update 5.3 snap - Fix compiler failure that happended after compile error. - Stream not closed and error not returned when SSL CN_match fails.- Update 5.3 snap - Update bundled PEAR - Case discrepancy in timezone names cause Uncaught exception and fatal error. - SEEK_CUR with 0 value, returns a warning - Restore fix: do not accept paths with NULL in them- Update to version 5.3.6.201106031621 - Crash when calling call_user_func with unknown function name - Fixed double registering of browscap ini directive- Drop Update alternatives usage, there are no alternatives PHP4 is gone and PHP6 is not coming at any time soon. - Remove "mm" support from session module, virtually nothing uses it and it doesnt support proper locking, mount /var/lib/php5 in tmpfs instead.- Update to 5.3.6.201105291701 * Fixes random crash with apache2 SAPI and php_admin_value in virtualhost configuration.- Update 5.3 branch - Fix a few memory leaks - Check if tempfile can be created in phar extension - Fix problems with __halt_compiler and imported namespaces - Properly handle out of memory conditions in mysqlnd- Update 5.3 branch. - Fix user after free in xmlreader extension.- Update to current 5.3 svn version. - For practical reasons now the hash extension is built-in,hence deprecates package php5-hash, it is nowdays required by the session and phar extensions but must be statically built to work. - Drop php5-session patch, needed only to workaround compile failure when hash extension is built as loadable extension. - php.ini now clearly says that by "3" in session.hash_function we mean SHA256.- Update to a recent 5.3.x SVN version, mostly bug fixes * track_errors causes segfault * classes from dl()'ed extensions are not destroyed * Crash when assigning value to a dimension in a non-array * use-after-free in substr_replace()- fix crash on destruction. - allow openssl extension to be built w/o SSLv2- Add a default to date.timezone because php5 warns that this is a required setting and clutters up the output in zypper installations of pear packages and other places - Versions after 5.3.6 may make this fatal- Intl extension failed to load [bnc#659868] - Fix update-alternatives usage,will be dropped in the future.- Add tcpd-devel for building the SNMP extension on SLE_10 and apache_server_SLE_10.- Update to php 5.3.6 final * Enforce security in the fastcgi protocol parsing with fpm SAPI. * Fixed bug #54247 (format-string vulnerability on Phar). (CVE-2011-1153) * Fixed bug #54193 (Integer overflow in shmop_read()). (CVE-2011-1092) * Fixed bug #54055 (buffer overrun with high values for precision ini setting). * Fixed bug #54002 (crash on crafted tag in exif). (CVE-2011-0708) * Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive). (CVE-2011-0421)- Upgrade to PHP 5.3.6.RC3 * Drop obsoleted patches * fix some rpmlint warnings * Hundreds of changes, see NEWS for details- Fix more date in binaries causing pointless republish of pkgs.- fix for macros.php o devel pkg must have Obsoletes/Provides: php-macros- security fixes * CVE-2011-0420 [bnc#672933] * CVE-2011-0708 [bnc#671710]- extend macros.php o __php, __phpize, __php_config, php_version o __pear, php_peardir, php_pearxmldir o php_pear_gen_filelist - add README.macros- security fix: * fopen_https_proxy_auth_fix.patch [bnc#656523]- export PHP_MYSQLND_ENABLED=yes to solve the mysqlnd problem when extensions are built shared. [bnc#661464]- Go back to libmysql as there is currently no way to build shared mysql extensions with mysqlnd. [bnc#661464]- Use mysqlnd driver, this is a newer PHP-native mysql extension, that does not require external libraries. Now you can use mysql, mariadb or drizzle without extra libs. fixes bnc #661464 and other old feature requests.- Update to version 5.3.5, Critical Update * Fixed bug #53632 (PHP hangs on numeric value 2.2250738585072011e-308). (CVE-2010-4645) Only 32 bit binaries affected, confirmed in factory i586.- revert unsuitable patch php-5.3.4-dlopen.patch- Add php-5.3.4-dlopen.patch from fedora,makes dlopen to use bind_now instead of lazy. - Compiler is now in C99 mode for both core and extensions.- fix format string bug in Phar extension I just found http://bugs.php.net/bug.php?id=53541 and the underlying issue, which is the lack of format attributes in several core prototypes.- Update to PHP 5.3.4 final * Fixed crash in zip extract method (possible CWE-170). * Paths with NULL in them (foo\0bar.txt) are now considered as invalid (CVE-2006-7243). * Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150). * Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709). * Fixed possible flaw in open_basedir (CVE-2010-3436). * Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950). * Fixed symbolic resolution support when the target is a DFS share. * Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) (CVE-2010-3710). * Key Bug Fixes in PHP 5.3.4 include: * Added stat support for zip stream. * Added follow_location (enabled by default) option for the http stream support. * Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al. * Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend multibyte at runtime. * Multiple improvements to the FPM SAPI. * Over 100 other bug fixes. - SUSE specific; * enable PTY support in proc_open (temporary)- xft-config is gone- Update to 5.3.3_svn201011020214 * Fix Performance issue, array_diff may take hours instead of seconds in some scenarios,regression appeared in version 5.2.5- Update to 5.3.3_svn20101027xx - Fix init script again.- update to 5.3.3_svn201010140300 - Fix php-fpm init script.- Update to an slightly newer PHP 5.3.3.x snap, fixes around 100 bugs including open_basedir problems. - add the fpm sapi to the package.- Clarify changelog this update fixed: * VUL-0: php5 new unserialize() flaw CVE-2010-2225 [bnc#616232] * VUL-0: php5: MOPS-2010-021: fnmatch() Stack Exhaustion Vulnerability [bnc#605097] * VUL-0: php5: MOPS-2010-017: preg_quote() Interruption Information Leak [bnc#605100] * VUL-0: php5: MOPS-2010-022 use after free [bnc#609763] * VUL-0: php5-phar: MOPS-2010-0{24,25,26,27,28} format string bugs [bnc#609766] * VUL-0: php5: MOPS-2010-0{32,33,34} use space interruption in iconv functions [bnc#609768] * VUL-0: php5: MOPS-2010-0{36,37,38,39,40} userspace interruptions [bnc#609769] * VUL-0: php5: MOPS-2010-0{36..46} userspace interruptions [bnc#609769] * VUL-0: php5: MOPS-2010-047/048 information leak [bnc#612555] * VUL-0: php5: MOPS-2010-049/50/51/52/53/54/55 memory corruption and/or info leak [bnc#612556] * VUL-0: PHP5: Session Data Injection Vulnerability [bnc#619483] * VUL-0: PHP5: multiple heap based buffer overflows [bnc#619486] * bugzilla numbers 619487,619489,619469,609766..- Update to PHP 5.3.3 RC3 - Massive lot of security fixes see list here http://www.php-security.org/category/vulnerabilities/index.html- possible fix for [bnc#610633]- use FD_CLOEXEC flag to avoid annoying races.- remove obsolete buildRequires- remove build date from binaries so they dont get republished every time - fix invalid path- add missing patch, refresh patches with -p0- Update to PHP 5.3.2, see NEWS for details- Add php5-autoconf-2.65.patch to fix build with autoconf 2.65; it's a backported combination of svn commits 291283, 291284 and 291332. - Workaround old php bug http://bugs.php.net/bug.php?id=21153 by replacing -ledit with -ledit -lncurses in the resulting configure scripts. This became apparent problem due to libedit being built with as-needed now. - Add php5-bug51224.patch to fix buffer overflows happening in strcpy. It;s a combination of upstream svn revs 284097 and 284099- Remove unneeded gtk-devel BuildRequires.- Remove obsolete build requires of orbit-devel.- avoid alignment crash on alignment-sensitive CPUs (bugs.php.net#46074)- update patch to fix build- Fixed wrong harcoded mysql socket [bnc#544516] - Fixed wrong default include_path- make php5-pear noarch in Factory- remove obsolete patches - apply ini patch - enable mhash compatibility in the hash extension and obsolete php5-mhash - add macros.php to the source list- PHP read_exif_data() only returns the first letter of UTF-16 strings [bnc#518300]- fix missing return values of suhosin extension- fix build on CODE10 products- fix horrible broken open_basedir functionality- update suhosin extension to version 0.9.29 - mysql extensions now use mysqlnd instead of libmysqlclient. - enable sqlite3 extension, part of the php5-sqlite package - enable enchant extension - enable fileinfo extension - enable intl extension- add suhosin patch and newer suhosin extension for compatibility reasons- Upgrade to PHP 5.3, see http://www.php.net/ChangeLog-5.php for the huge list of changes - remove dbase and ncurses extension- disable as-needed to fix build- update to PHP 5.2.10 * Fixed bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files) * Added "ignore_errors" option to http fopen wrapper. (David Zulke, Sara) * Fixed memory corruptions while reading properties of zip files. (Ilia) * Fixed memory leak in ob_get_clean/ob_get_flush. (Christian) * Fixed segfault on invalid session.save_path. (Hannes) * Fixed leaks in imap when a mail_criteria is used. (Pierre) * Changed default value of array_unique()'s optional sorting type parameter back to SORT_STRING to fix backwards compatibility breakage introduced in PHP 5.2.9. (Moriyoshi) * Fixed bug #47940 (memory leaks in imap_body). (Pierre, Jake Levitt) * Fixed bug #47903 ("@" operator does not work with string offsets). (Felipe) * Fixed bug #47644 (Valid integers are truncated with json_decode()). (Scott) * Fixed bug #47564 (unpacking unsigned long 32bit big endian returns wrong result). (Ilia) * Fixed bug #47365 (ip2long() may allow some invalid values on certain 64bit systems). * Over 100 bug fixes.- add temporary backport of openssl prng function- Update to version 5.2.9, security and bugfix release * VUL-0: php5: memory disclosure by imagerotate() [bnc#480850] * VUL-0: php5: mbstring.func_overload set in .htaccess becomes global [bnc#471419] * Fixed a segfault when malformed string is passed to json_decode() * Fixed explode() behavior with empty string to respect negative limit.php5-pdo_firebirdcloud134 15555973665.5.14-115.15.5.14-115.15.5.14-115.15.5.145.5.14interbase.inipdo_firebird.iniinterbase.sopdo_firebird.so/etc/php5/conf.d//usr/lib64/php5/extensions/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:10068/openSUSE_Leap_42.3_Update/bf5212f66964ff3d6bbee519cf8aa522-php5.openSUSE_Leap_42.3_Updatecpiolzma5x86_64-suse-linuxASCII textELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=9bdb269668aff52f092884cc2785dd747e18fcbe, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=4e7982c4c69f9d21e65b771f9b2d377fff18e0c2, strippedPRRRRRPRRRRRn7qj.lz?0] crv(vX0}QʠҘ Cnى}?>#״ݻak݌wم T@ھrvѺ]<2Ք\Jt9Ry0t'a.>#/<{[^H$ X?5:SGRJg!*(†Qp_.b CA˃軞krrpipo}$yX@@ "cNp=O)^Cc1-4ߠߏ]Q9 vL )Yd1$X&ۼ sп'L 66CLsC\sdJls ,pm `hla;,w^pˑwG]C#Idq3ؤ#I*]n .fvWĜ tzD-,v~iZ0mCL$Nnă-ćY}=In@0]DQeqҩ6}8O^E.[IeHo #l%XM,{ӆAIEIǙV6ϹD ޲ẗ́&ЀULϿxѶ IWAKE4 oa}~Hz 4$PSi)hKZ!1g@EP Q+ȇ}_V*J(xg(%iMS~v}STkѩ%b sH{X!g;]sr)`mjaн{EtvkU_*&skSJ 6I" NI)I>N=?kH)vn!4cF#d& G(Ul#ziG  T,9\Dcs>]dFY-McF*kiA"j^$$p#R^\%@ɩ=דFrrγz==SiH?}Zy G5;*c U e*+̡l;,qā"V,0CErdt^F `: ]3!~; C,%UqH('5 3169ySv1; 8PYL# ww MW>TY5OFGUpcIca$qz bE#?Xdk^yImh܂u!% 3Y1G沧E ~KBdL)vKqOPIBOq IQnv7_t]3jy5!=|*]զ@- KO's,mڬ/IʈVa)[&bM~޷/Biz[/$OS\J_B b:o"Y%2nn{PT6'gmxTs"pP  5 ['? H)#.;~3tE#ToЇ3.:1,9 l˪E.dNlYP䉚(\G]Š,{*藉%*&K}ϗd;;'SnD뎋W}AhwtRkLɊh3ɱCSHfoEUU1#Oj sq"C;ZΌmeJD-ZotE9.+ֻϔEcScPeF %`"Vߕbonm?Ȳʛ%5dR|ҒDVN,r< _/l돣YY}\ڀ5Mk72}h_<Se1e? ܤ"| Yd7Wd^ kP^׈<~arĊ59"2\OvZk̓vOpwLkmK'FHY~!۪}d"N)W$d^%rB %H]H!: 2gmb%:\ }mw&ev0xjHQX),y-ʞAmr6DEީ,S5Y:6J&Ճ #G3URx >}Y+K0">QKcM8^r;kڤu6<*_PW nBgn2t*qvqSYDA4tGJ^{kՔ ޵]I{lܵ_'η%IUO-\uĮ_BR% "zCSƽK \T!T^$d>rY_ ӃWIE4Iؽ̗Rg+?VR$OLtzi/gV "ыT> }yN0]`}Pk3xB/!@xm'Zy  S3nv9 -5P!M |I@}E"$;$vۮnB (cz'5tRm.X'N QESo'/7WNm@^䜈7}ELHLzO b{Vf::vc4&,wnȇl&Iy~%.Q24Nڍ4RNkߗ|ꪽs:nNXpP)"J0?=OTZbw+4!$'9uI0%z>+AC n\s2*5)F^zIyd}'L/9z>͔\ZO%qTSMϹi>tܳߚd(,ʃL~OZy%SB1ZߴӴHifWE/yMзވU OhFYo^zM( } 134% EzяS2ŝ .yz=CRoqIHE((TFx֩ 0GG=V@ZIF*!d$Q udKkBK*xByғuj _#^؄ kZF 'gLdȔE_-n83=ÆjBM NrUo<ЅwBKKyε~o\N[Ru!.Hφjt}6#6;)Xjzڥ}3|6RQe-w0?vR䷻_n:b L<94܅Rj~!;|'LOx/8 ܷPn7pLʞ4W|vk(Fd`qHZ#&edlA6@&İ`M9l0S@D구-(Xo *;^ EKjʄy%[?b]P8'3}Lzdegvl s%&H*XG'FVb9+)`Zl7fרXh`FUVb5>qb# K47=T=ft~։HDR _s;]JK \t3[xW /F_XƯ=PO#:}/H>>ٝqYs W[ [{ˌU~1g'8}@cTóEx# _?i ‰R7|n~ü1ݮ>*Vz!}᝞&η(ʹ=s&!f؍PK=F90wjDzCzfY1 S_}he(!̀\N1A_cZsABAn!% [jMR2lJMr5 1>L+=vQ~:Dh%OiBX5\`OTc"lhc00]1䶤48 G?G! ɬa:j>%H'&' I5`P!y'U]~;]!&.W?DAB R <O=Jgqݐme/TWci\3Ppj *S;_2'up?GœqwD4 :|[zW0"[2KM*xPS]^:Xk+12Eeq=wwke/2N!Yb aiF_7EG{ LfG?p%hIf(c,IsӃ&l), =K4=4HRa lNF\ )S*8r(YW荒C3QKk^|aV^',}il@ !rAH t({%~0_de DM_ɗj-R(#YG|cͬeuۘi:jpߦv2`@oTcwa`iNovfiN( u/!tA0@Z6 嗫N5 tGi/Pi2:պ>uwk4 졉{te_G/ LՂ^zڍBW^1c㨘w-!:a[Y8sE_ZO؊c&] [_B M7dJ(Y`d}T;'+-GyNR}y!>k*}CW6.}U^);c .kjo7%ȏ)xKR;kU}\ U)rld3czyyH;`2V?_SA(<,Z6L"ntQ6.UE<%l A;V5dh.eukb9f ;S^) dε˿}82jN+쮄 ]MV#ixUt!9L\7.IZ/~ӨNJ:Hd 4]lxıjcb bf,uy Y+ Rb1xv qz 3%ߖU>z<4FH `yp/Փtux d3p)lHB=u\[X{ԣF{WFN<-ϘІ# $gtt&ن Řke84D{^LfFpuB"ƒ5rL@t?)sA wOAboT&U lD(K2#- ~s㈗?תf(ЛߗEۮcY@մ5"vxnM捏{Q g.8YHgE"Xv[*Mxӕr3OH T^#I@ؔ*4pJ>e} hc\M$wkOPp鐦U|sc_Gɗp^^)ie@K'd/>z<](XCf(5%|]#CaQp%Qtμbqv/g-݈>tHVϪi 2TCZ_SR9V]+Y* HUI+$^•6m:ZD+:4&t>]FN}h&XΌc~YG2?2i36۾k&[Ca u˻=[XF: ۂ&rL ٤a)ݥ)$kMe ;c۝-Z XzmUAձ $P'I8 Nru89:4=}lP<0]S;+6% ]{j]fc օ6Q(dDY20SzDr^%MܧSns;hd f4_Nj:z|s_FpJ(t/V8X1 G;,)`g%_{F)x?/=?qzzZ18O(Jrg`{1f~+GP免@kԃ3A̢,|&N,Ajg{ŰQrK5,"V8^˜X_ 探boMQ0t·5MucRE&kݯ@&TIyaLTF{_OO%Q>V~: D@y8ޞ[CRd7ALH$ ;ڜEr/l#@y|S;o՛U+mx15LjGle-KQKS2YJ{1}'*iV #N+J"mԘY%)`;ǣVV,@FOi~ &hkS\|]tSQ9A%h(Q(Tp-JW<Y α7Yc%2WvIbș]7_Ejͩ'Vkhs!D9&:О or=㞣q~:}aq,q볠-lk,nXQR7]ޭUzW }Vh XvoRيq#;%字+mY3lލ4TTuK2M~c֪.@o %97R!~}ˣ#,l ZY01?V"`Uk:ljفejQpm!#FaNHXF6>Ek>LJ ǚe5t*k6iUTEχe{ ļ:ywO nKT6U*q4J:,ro@th _xFJ dK~qTwois!$XRP߱@cX)]^wjqGҞXr=N]qc zaJiY /w6ro~$ƿ񨑟ݓԝ`v/b&'O#yp$dnEu :h9 Q5NJ܎>CX7Wx2c-."M+d'څsI{Px8 NE'C{<4U2[-l̾(_ ) ag Dz' =Ke5|2ܲ| ]IMrd@QS?s wW?2RԢAGyYI/pSMHYݜ7gߊeM90N}'-5Ԓ+b]al$ T1APg*VR~_DZC1B[u}]y_ EMv6 SP5+ пœ͆pYM@?~EuS6my% Co\Y ըfk(cP#rQ:~*& ]RQ͛5|#`Ӭ8XeB|6mE"ceaY3ۓGf}'?m{3{U$Ϥ(ՔHe:>~  Ұ&d&L{&cEU{S?xR0J(FEٗB2T#,[*7UdE)@GDL8rSEU9bA85.Rl T,+Q h!+y{#1 Qr~uy\@C$nʉ%Gc<DRR"nnQ_Aa)wYSǼ]7G,A5Ǥk.;>ذը;n¾ 6pG}tcIi쫚 BQ!7! 4B-{7mT.c`Xw`l465b> l{w^p0+bl5SL~K O7jpzZۺzӪMǀd' aɾZ!=s7,&{ku#4sOT~q,|oEH\ tAࠀmbE4,E ߷mFC"h a!`mBn+1NcwT_ wbirUMЧPkh Og19C@:rQ19 ϐ\1w7|Q̂m W9`Q̢3/B[iL֦K M/˾o~]L NAl3]"'Nnl#h.߉_-Sjص#jy[l^,pKR3mԮN>Gu3@1KGl.s8[l!(+tkf( 2N[.?RUɷϓt(>I[Oaǥh2 m!Sl⻄ak tqs^;*L$Jkt"S yDžz"b iؼo[MyY~$S>'ȣU95C ' x׊KU [ynex,A' ^ aYoZXxtڦ6/sy90\:~b&y+$|>#dA9Kē)SYaib 'DءpX1RjGU dC(}Fc IX m0qD{LU~ "HG'vWz†%wBx9g&V"㜗>_Gb.]3 6F^)r_@̈́GE$S18sYĐFRh#36 6}٧}pFڜvXw9(&/{^v} WC&ʞU`wtCP;MޟcYd3עUy<#J Yjm9۞ @mGAv_\O17&eƃދMCҬ"xR\DW;Npmtex۾G/d:z ҞngE'OzQ}[cxCvj${Zgče͝6WE~T>UQ0-I0 +e)0&<\5 2hG}]YB:*?e)@:*&7>bBo<.emw.'E >k~<ί 4X&i"![~cG h--QI`q!PFO,_\V%(R_ 1ZmXZ3}F=ϘL4,ں5#R aC;MKѝ]oϠXU&}uApl-1.%Ľ8 rȟ\0[}]tĄܔWp_UVjs=ҺF}iM.9ie|9qHUKHJqQ3c: Ȓ\S1 eܳ L9ϓ mg oB'X/*۔ Td޾&B}'YVʘ x^ Vx`AFt'8ϻ|?ٝrbaa4%cMN^(s_N9F)MʁtF3p`1I/0I߁/!9˔ξlCUbڡ ! sxcmCt&/0 t+tL+kү0bƕE A;QVkyH\^Ϋ8z0ȎXS,vO"sOgov{T.x_Z  x?2sَs9r>9=m;ͦ3@u&6kOJޏm sǟw;E% 3R5Nkқ뒉̑B-BM+)Bg8M? !١b(' x)7eN,g gE3ԃ,rG;ٻۍF#(ű,o܋mr0 0"`u_#my<_D"; i`\cX2Rd>UGN4R3UYӲ&y}yKa"thZÔ\TBt@%1.o:or}2 O%틅ЧxP-YxY(f }u]yE[*4s,wTaZͱ !@O*T:Tj L&9 ˫{kr8ڿ_؉~ROx|6-=WwhqBr& ݜ \4\'4U4zWN{Aurn6㻞u<+m-NaqejK{gD6]iE"8|jSCU4s& T05yͰC8~3~^{SOQmJG&2.K7쯨& rP tt'A[we oZ|^co߃g}*|ռjcgUrWԩlubU@x%x*==֐@AkeIhB"o'=rF2؈pbK.ط2H1V"'eɎ-ۭ2켡@:e>? |Aac/wT^4eKal@suTͱ}19lت) T`5>vyzfK@ !l˴Ni=%@7AoS@[Msj\]:ƞ$I8 ~)8wկ,p^(ُc <\ʰOf4.Ƶ;d, sf/5P鳩y\NcLfο7Eo'C(jG``k߸MK8b^O1u{qFIF~ 'A",AiQU~rIr6DD;:IeC޻QDU}JFV:!P.Zo@d.JoFwjjI֒3f$ 2ޢ^Hs?@[h)#%,FP5Wݰk)0_ńs&!לVQP&u)A ':'ŏB9[z]p*yu%._/]g7`|zGo_qﶎz3d1F꾾HJ8~ב2ΏcȝÇJ4wxbچbm/F^"YS/^^\úzj$9&,=(Ơjvkro!<|?yyfh96&{U(%,O zXɄ")\YM 6Uq ~= bqITH8+VO5Ɨ㺯Sي wsh&F,\F1}T#Zp\BTr4ס&jYd]|pƞ|rZI}it8=M=`?x9m!;9]nOH O]՚Xmh =z*s:ȥCo9?d4(e j1C(I=!ah5[b_{fL9<:uAZҊ[b6JǑwiM6)2ƜͼMUH5؉2=gv3I̥#9BAI$W`U]w\' eمHa>{alRA~a24/ BD\s uN*Ϡ%`L9ף n}v :NNjAx 25BeP`2mKC7O̚Grx$"YzaC0? KHW|F:U$ם.~Sh%XGXZqª< */KA#/6Ǘ.—w?3(4MܴL8/zIӌr@>!=m~jvGŜ/r?:Q[ZUF`*IBiKE:c~@'pޖ`9,5T?7>/$J)bܫBKJObPHΰ%$ o <Ԣc9?M. Ώs|]C6"S"&7`4I6'ۂ"u{$ NGkmi+ROҨ;u嶔}ެjv"(1sA8}䨽} 6P~1;4ƷJWh"U6S 9˽R2ݽ_ڹ ƕ:#럙TrftBDWWd֛sN2I+DܬS^WDU7O%azȍslGs#1%8S+SUm7[IR uCPO H vV ? ' eӨZO 8.IJׇRШM$ˍpعK20?o1e!ί(sYe. (*j-צ L_6RSiRSeɕw+~'5"KGXdxbV󬱽XǫnW=10sZ2dՉߡngd5%ﷆ| ;$m_BrA3*u7BK1c$n _rkYO~ᷚdFe}gINN邠:5VSvfqB@8}ӯ ?PFmXKBh?7ch!]ʯw^z(3jBq׍y1\.7}Fl0+2U‡qԾ&0,ģarMɂvR 'K(c3E %w<%+t nϵkDV( sXx|1^?I`(LNcBeP_HP*VYml(ky9 J[P59|2x4߅;~;p$/;Ei:jzt߰sqY/,<^GX,,L@e"YW7Ӄ3<ʯCal/˭}sAL6 =-jo#g@La$!78 mB3K}G2Jl}mK5m)6wR V|<k$Lh9 JأK[aWNPML7wcҚ*`-$͛na[:sAd62LM<D 5OS]$L+T1ZUA{ )OFxbR q?Jw|@9B{,D#>ԥ=Ws{R^uupk/AUYňmiO(> gH9ɔFN@ҏdWL ܹN~˒Z'̏pzS3_|f7mBYeJڗ9JF |3}u6R/p;мV y&k~}sS `WϒMrtx=lIG]lDV-[i=ۃԩ^e,wT!J ZވqFrrn©^6;C%{=鈵D Di5rN!_WLpȏa&M2ه$l은bp8f(g&\s;_j]7Ua xBy01L*_&,Ci[u]$W3Pt"o7qfgALu Ϫ19>IDy$!C%h.e(2b 풙@&:NnmX9TX fcݢ4yqsIe<)Bah3i wWR{i2terx^wDzwgL5\ roܖvpc/ڐ^Ion+$t V&!D>"9[$^u&\<:a`z .ς^**GW,$q{~-ACmuvW0hعt m2:}1qG=( KUuKnł-6 ^CVHxPy&LJ**x X~n_ R^8oت/WC23 U9V`Aei5)jS?Nyq\gVDle orp7E@Qx~}|X=<~+s[7ReK;PzdᦆԪ[ŷ=\ jקUЃjEKbV߹{ĶEW`wgHvԦzk ~N/= ni,)6M%1 貅l1CaW:!>%QOF3VP4+ L]MQutj KJ^Q*5o2>u|g˸jcN[>#5[8P+؏]6՞C* :?pt{W LM BQTc-`єyjMĀ>JF7-]̆hPy;燻žɐ%}@ho ӕ'7q3hNdm%i{Nk\~g(fXn"Gxb_lKI}]SD&'K ! Q =b7scGB8ul,q䒝~pKL߭yTV>Όhsv z"]ܒkr ?- x UZ^,~{CWi]:}p-mޫ>ׯ aw4tIJ_B"_t]6tcf04{xs+2Wl&*|QVdHYuK1!-T1:vW"&- 1/nPS7%mѨɒVqh.3GRh)`E"/nYUzS' *Ix<YG2g3NJeNRsЩ uy4ooIR^,[R;':kzM?J03J`;Z'M n1$ \Er4zWp/\wv+QJXwGpNR%UIo8}V`aD&3t0}~FD8L*45\|׼fuo@j_-ɂڼx+%W$v{RwBc5"b@tpzҋLo2PB Ys"ey#|^3a#G~LmG-Vv}0REzDh] 27S h.q!/<* OlC lFOqjpu#_jޓ͜gx{b 1:yn2T"Ю K؈:".ji> 糓:UL^|l& ?_H|H)Mm'Rh!#BpV[JJ t0 S) -i;a >kf^R}7:@H\FFJ <7IU݆i}As36TJxM8m1̪{y/SJ_x5 2*>^'uUix 1iõ4?U"`x@%t(W@bp 8bq UH$p1xIm(XmܘLv3WFکhd]fέ@;a:_.4*Ztv,@~vjax=cna{w̴ {kYa+21KFZF m!@_B NLA)vQ$C &tI1v1h >D:dQ(kA=) ! c3ct<Ond `$~23~2::ۼmӖSaZvLP_T1JQsN7l?:Y*Y5c>dޖС Qz4z'׸<+U:')G9H 0 OWl]$&hj*޽[5CPU1֏ %N 1kyU WJr|ݺg=-Ͽ`>P EVck ](iSi.zb#\l,MWAbؠҨ!kdM30ClUnɑoM[7.'̗fm\G,D]hlgҸ_='9 i[tBĂ;5 j2JqpTN*"{県Q, XPC_8 hL=vrk9̴Hw<+;\3S,])ל{h5Tj.pS0L.͡9zJҶ,s(oy1a`Pfܪ Je4dv}U9dhRcWESR63y:TQ=ǥkr-buqSQ 捻Lh~K8x !9AYe8L.5c=Xsdr 흄QrƳTk!Qn\g)8lB~̘qPv9S:n`mSa։K Sc rG ƙ.HI/#02rƄszM96m PAY'P@S~MU.oʮ\hIvBhYS#ψ ى'-3,>G)U )P C[P!\C%nB:s􊒇 :?:ju)]RqH|k6>7O4unRVns;D dspژ`|&'wr[43 LC>,N-Wq/]'abioWf;^ +Rx$ą ғ,9r( "~T\_M,CO*@&;гj^FYBa=Z-i#p۱ 60AXU{Y~IA d{G Qp"LC45҃rahwr6mD.c[7F2ɨ O;Fd@50dJ)e@܇u.QJ׾!I5u~V;6 ~W jぶfPy<1z#:㋌|hEt91{[=10/ h]juoy9W*eJLKN`yC4cRW-DϷ0~BJ@wDԂDH Vb * st023.&~K*B->5i87!|0KOF`<9~fJZ d86!I[8yk@j0A<5DA*0w0AEgM> epId2e9)Lwim\rw!^>vtw=6xփC?Hv z@Eq,9|p*Mُg+AbB4>$=Uh}%~ntn"1+/e}g޾~(R,Cao&i箶hASmPvJx047M*asE,uAL$3SPc@,S=6U)2涓"KCh]ƒz8HmwL i5X6 3+8zquΥZrJ'.S`dO+CK=x5=lWʊ{K:DK+hQ=r+LAqam=+K9n`25 |1M{O^sq]%- 8kb3i!KXe097' X(Mx3+IFs꓋kXCO~c1}sfJA^9w%T.4"P6N[od Fc|q__Ŷkc}.ARՙkp;)f!Ҽb;q M=lA|cBR Z&o“T=uYp VYCsҚ7Dn*Y)F< OQe]Oi0pͯ=6+Jg; s%ݥ`s(Q$ -h-MפBTt6oM~:մ!)|A&<,30?)XYw* iĄ. ~W![m7%lR w3Pïrq)9`:/T{Ŋ b>@[{Ю(@6\]Rm,'M/6+K| 77$v:Uw=gKbSEc*(ɠQ:?N,_rzl=aKɶCw)Yżt'˵|;eS z$8g=_P=b!%n|QP0gPJI;Ś=$ G~.Y Hd9r,9jTfg!8i5Ra9]f oGҬձ.F(aȈ o*hf\iK('Tٟ  ~{)75t6⽇AǢ7IIŬ޽iNpd57So4;܇H-6|9EKֈFt7Ed2yw"THIITB [2ϸSQauxM7i(6C\NMM.DL2չrwW 5ul *(N/p9GY yg݀l[F1AcR>"vVB2?f*qw|y}2x5AS Ѣdzx @#a Vbjy+v` 8s8+P%'O#"%+|&=ʔO ۫e3lȖ7ت ߘ0Fa`X-;q{+cن$v \06Gmy(%cVY_??3D`2--A$2qt-`Mh`Mɝ3cxm}mʂ_\a,83Ko'|]gtJE].ZF/|mY N1aD6LgT;.Q=qp'G)Ҿ!ۨt)n1:-N&a&:Y b*1ʯUπN#\!]'کLښgNLݘukCkf⁲G(5@edBzT`LuZ47*dٵvޣ3_   $osW3|!CUI}N_fNǢS֓*iga ƱSM؆в4_<=Ly46h3R25e35:oYÝ &}]~`֑U$cH^,彈MoBu\9tL`8JIu' ^ؓ`x{T\ &$m 9y\zYF1*ۖѢs^kPK ./MXWeL׍(gx;[Rh^^ZJzݻڤ)pr%eSBc Ht5 L(&*= B%e5p4mf7kw8*Ǣ L2mL4L.-!`;NPt2HP^)D>8yjsv3Rbu"iW.JkHR,hmp->T')̬+B?~uB +sly#ZKro#7tYA^R*wNITN, kdyQD(%"ʵ~,(T^le ET -r6l%Ͻ(:Cr`Jq XD 4vÞe]_bk-#Z;u6sNm-d4#*b`޼iV$NdI. $.oڂ;Tj%e%he?#X˳vmMWT tuYyBGs`{#lAVVϬxnG')B }NSN7 vpo9؊1T :hƶ,A *M~^ZWt_g3e}xVMbpBDյLH\"۽|]M5gD3*7n>\~ߺD0O瀽kkܠcִVtOOClG+5epbMGI䎢( JRDq;"rjG'7]kJ5q6~QeRѥv:o Zp[4l-e[}& 2g p nq|ÓnGށ5DqnC"*w@̓EQd 1.xҟ2o;Ѐr86ɧ,PgGH d$"6$7@;gK؋`C֣d!N.XcYynM Ac 6Y׋RΧ'm@*Xdm>Eb7%I?dCbcIXKUh*=]`JBE^,ѹöf,^p0_k>}JHWPv ra'9-xm)gjK5a\ÂU+VA1J^A?XDv^] ؈@]xeAi?Q(lo'ru:nVO'hmȏg|_m-GGbk>Ӄ 9Z!_6܋yB zcE_c&Q&F1{`j 5FH2D h*/9/a>7ێYl47xC ۟c{4ȒoS̐Ȼdz^R~f Xv?6$j:%UŇ!my(δ\Ta1rN*3O7^Ta<[ϴ>{^~*/j߳G/aS09k` գv!P76oZkY|T"4t޸MBnDwXH5T$&b0LR=NhʓUR"Rҟ'F Zգtxi3xSaY1(g{?r⹼BQy^8FC1*#J'h)mmzA}PwT?%1se9ToJ'1-&*d߲BWNStCL TӨeWSx#:_5-;Q|. ]"fEt,>?mȞa;TLen8PxKai;1Ҋ_GTg"hDHx7`,rڹ׫$ֶw#]^B*bY)ZhRbyi◹]xUX#kD6k4̝JQ 0N^5 , M Q8"$K=z%&r ~So %a04^it}:1G N CZz,?Q8Jm  S^뇞72n-_I$s`}Zr<([{rF^j[?ʀ}0x٢/Ar~5H]q6(]Nzـ\LECEot6J?򞆴`w&|/!<{>0Wk8 A$bEe8anUˎ+u2%xo^H+aaU^aEgĚmFHh=אQ"B4W7Wo?fayO j)_, )xu8w SpI q=bPܴ8wOYǯwPzP4ډ $oKlN'4ں}pT9bU;W!{eViܿ"E%_ 4m$aB6(٭: D>ʛ$sl `3NxeoGȄm{Fk9 =-}(PaAe+/ .v:q`/9)QJa`$,hy5Vbi'еjɪH1UQ!|J`2V\"8ȵȏ{S}ۜuG x&o1`Up 7~67]ڮ'b*P~TA \' .JA oC*J? quT1ވ4XN\mt\Bc{)=\96N?O/N]G/JΏkjSE}JV-?THBA 3;0NjX7:10ȧfZ36 OɱsCwHt7~z&dyht9l0<3]Dz^Qֲz =C=_~YҦ:w+Rvp3}{$i t3m,3^)d lM` E7rZ@ &nZNׄR\Q /ϴE )c!DU:vlY@!_G3^鶩ԗ4au`S =X]ß.(u|3^%TБKH-IcUI{ ZM3G)p嵬 [eD=W5xAqٓ<5oAqäC-nv9͡МrpHYLHxw:D7NJT+EUM缍zHM$(ϹtvgX |'yu(bu"+W c\ @J\|"k+",gcJ()'H䛍ðΜ˭Bq'1֡| \׉"({ 0CXdx`;6bzX㭌G\O3:(lCM 8~!uJCH䥏ycλ>[kY5lj Fb0,3Lin? J=R=ưlFHhܛ0C'Cxx]vi #2KPʵ6QU![_8XN94eNKIbIͳ^ߙٍZУTb8."OYDp02`2 Wy"jKW?07Cc)w8ajA$aK h^C~j o2 0 DאsCtoP$A3=L)DO4?}N lT J slqG/510PEHC$ -MJ$K_{#ۭEÉ@{8#S5fŖ*czonH8MSroy T@ElvL]TiË+c ǫms$;M,v7x*x^j%H_e"^@YD`uUXOFUS,ȳvn(:a^R\r`s.Z]a'Km(GfPC!POjXetg`v `ϤRqͿ$;DӶ$6fM8c(]A^T5Nυ3p "j& 5}-RlĘ^!&c,K/@g˃Hh(՟4#V(W:SP3x xG{ur,hcsVhtflVi׏F䂿˝~޳HKAq#)v:`h˘.\"Lzh@jDeKT$M7`rXQ\MqHf/#ǰP%:3 }Omx̰dq9Dj3vС%UF*}Cn*6}[@9zXŮ7\WVbIB%/SMxI7Ҭ-?Cptp$Y95,3Jֶ1WxrJOk8>>Z8f˛bd@j.)2FhuѺ_{[T2ejp9gLfx݂({јr;**ɉHS]ۄ_} 1f Fywo^)R&nO>f6p"zխ%$Njt?l^ۧ@R̭EH6 8F6"1-N%8Cxv@B%b#?qTsyᾬia7dmL4tgAQ5?x:Own\ڒ,%'~ThWrJhd+ qSN?WfYՈ1-fՖl]ZN} X+EE Ӫ-8 BQq3uDrqCj1yl>py3tpU$H7y@o tۇ%+ S72ĺBefL$+1aֵ$L0_M~2vZ^6\' iʷ&;EϐɌnv_?JNgzn_~B$Lz Q:}EtoF=WC<.o0ajڶE sf˃i#9c H;ԫe-e--fm^yHGN8a|;ցm#(g%Rq &ٲnz2cm'tp'}#>Sn|ҌJs̲&e@#РEv-SO@XxCEӾNH.]a<.Fn%aC&c 2u c]vHgu͜ND+Lw,6`+P! i_ilӣ7tdc]ffL]qo{䥄2џ <&/IM1} Vg P>pd_&)E Cf]fﻬ5A#79 ӿ[3,Ӏ/K1<չAu5GUCD])6ZzNYN()F_q/LI.֚P_l'  ,tC>8H9%pCs&L*gB]:]cCP iOJl yzzk;])Wũ*g8@ʕ-PVB5:e,&g66Eb4ÏJZ1jPkUB}Ũ\paD&%J `wi _LDl|=N|_D3ƿ3ʚ[>y" *38_l"DWwZïؼE` )Sࡿ k$j5mNj hQYE'.0>2ZşV#TRݎD2b@uy#Ժ7QՕzf &T)D P7?AOmd3RQ3#*#e/dcʞc8OlU2Vng,ڮs&NzS<`|9fBXeο4ۨ}/D}b~f4E#:ָk fj|Ɇ) lr!99}w9i<Ene7ܢTD2Uʼfsigwv[VڡP "A(^ ZAЦN~!B ivg bBO} -Dw2ɘ{ܒB9U1t rW7;9;aпd_G9)D9_``%u:ח"8{R^y1rڋmŹȒw &4Ihv/=#Ԟjiǿ=6\!p׸ 91 zt<}@ @ ^Ԯ#3K=𵧖x {K`DY[;ubRXC]yֳk|oڇE gp K``wD/ 9~ckj(ҀeɉyG,W/ଵiUD&n?〽\^݁x(K&::a={;Bݹz4u iZImJK<rAґ{ˑo8oBE;+tHOB1$76UV_|` XP;mhў. %R1߇~-iBV /ހ$8wF1$::͡j* ,vOl=; .?Iaq@<^ȫa>C`и0@8fqFyΉ@$=(/ .a< ȌS=t"==/~S=TD9M^90i?0u'(ؠM{ZAA8Ra sHX+FLT{X@ 'p?xE\@6 gT?cv(0勮z>.Nt I2`6grקpٟ9G(+@+'Lb>eStv;oBLM}͞_c~ogpb$<{;O't͸E&BvX.mT@mF>CZsyQJ_n=oRDf%e0#ʽgaz d*kߍfۥy XvB ٮ4 '1:'ϽB0_T\8!RG[YYw%}cҔ]Y7r!) qhA^5#SV*S6[nkv9}ʿCeUZ8 6s@H..)ZQ"H|wXҸgwRrDAZ4kR(єϢ(Q"j4sڕ2ꢍr!L. &|[ {b'uJЌj%<TP'}QCkِQn5uvH#NNt 4QRthFE?6z_"Zbl\@g#Tl#!|$&P@(mnd3BYc?OBt.h;U\w B?xQB%j("vc MpE~A%qeIs=yE~')zB]0g)-uJd=GZxASʻ>{?!.cWl+WpZI#͢0y?IG!D>q d돱 v'K/bhwP76k4 yD3/}~.:&(x[W)/, " $\õyC]Ҩ%6%sK[绚{Dr9%$xz#5?O3jZ!OTyvHיQyX34 gQXwt0L4VITϗCځ8KӃ(ӊ'undI^jwDziќna6HP ?u:KlԦ;);%$\Մ!"R?E0>t:`*4w^DrB 7Y{[bڬ0hМN˜S.IkHЮ•2DM3,OZSO"]S+xs9x+^O|P(V-HZ.PQR1K >s>֒Emwgp9t"%AA-JBK/dv::3coOHO+XeZg&V (SM6uuȧ.r^qZHmv`}[HI˾7j X%D] 4^{#Ћ/|3tܴ38QbJ#(Z|ݡAeTߖC_G DOC.hM>|kRpf*8"T+D+c3p|N Պf+Rz&7BbTf6#Gi8/O FJ՞6%L4 it ?~/(|7B̈́o{3޲(lC`10Q)TFvͥ| (D>aZsi 7I)Ns-@4^(izmOa ~/y=yBl; `/ քCuRꧥ嶉N[E<Sw5Og8b#Lmr:\y6t^>T8 ƋzNC ƴz[CCB\fJI'~-ռօІOa%rԉ%2.ACN$ 8WOZ`d싍ѓ׎, D~}5B%zmi/qFJGl@"@kJ8q+pM?ɭ/ W jm(+p]7^FU_C;] A7Vt sM,=Vl}daF4L&JɌa4wO4Ȇ)/=Fm_rқA3di7ɋ.W}HID2oG~d2q0qH=A5G8]t/kX;!ӹwK4+PD\K@TԙMY:0X:fh%[0q8m'RhiAi~\d!)FQL l:3>$30%(<"{-ƵKy"뉣 j밋l-Hz+v3O|U@͎ī:VH5[3͐I#aGϛœDFMCRTWs.dA;>vϠI4m2{D{ףY䩹(M$훡uS%ވM_yF~P C"~a hLp| .^!Ѧ[#9d@shʌŧ%QS-[9pėRM̳vS"+#IUvq% {;+X_