--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2019-d248c5aa39
2019-03-06 15:27:20.805844
--------------------------------------------------------------------------------Name        : php-Smarty
Product     : Fedora 28
Version     : 3.1.33
Release     : 1.fc28
URL         : https://www.smarty.net/
Summary     : Smarty - the compiling PHP template engine
Description :
Smarty is a template engine for PHP, facilitating the separation of
presentation (HTML/CSS) from application logic. This implies that PHP
code is application logic, and is separated from the presentation.

Autoloader: /usr/share/php/Smarty/autoload.php

--------------------------------------------------------------------------------Update Information:

===== 3.1.33 release ===== 12.09.2018  ===== 3.1.33-dev-12 =====  03.09.2018
- bugfix {foreach} using new style property access like {$item@property} on
Smarty 2 style named foreach loop could produce errors
https://github.com/smarty-php/smarty/issues/484  31.08.2018    - bugfix some
custom left and right delimiters like '{^' '^}' did not work
https://github.com/smarty-php/smarty/issues/450 https://github.com/smarty-php/smarty/pull/482    - reformating for PSR-2 coding standards
https://github.com/smarty-php/smarty/pull/483    - bugfix on Windows absolute
filepathes did fail if the drive letter was followed by a linux
DIRECTORY_SEPARATOR     like C:/  at Smarty > 3.1.33-dev-5
https://github.com/smarty-php/smarty/issues/451    - PSR-2 code style fixes for
config and template file Lexer/Parser generated with     the Smarty Lexer/Parser
generator from https://github.com/smarty-php/smarty-lexer
https://github.com/smarty-php/smarty/pull/483  26.08.2018    -bugfix/enhancement {capture} allow variable as capture block name in Smarty
special variable     like $smarty.capture.$foo https://github.com/smarty-php/smarty/issues/478 https://github.com/smarty-php/smarty/pull/481  ====3.1.33-dev-6 =====  19.08.2018    - fix PSR-2 coding standards and PHPDoc blocks
https://github.com/smarty-php/smarty/pull/452     https://github.com/smarty-php/smarty/pull/475     https://github.com/smarty-php/smarty/pull/473   - bugfix
PHP5.2 compatibility https://github.com/smarty-php/smarty/pull/472  ====3.1.33-dev-4 =====  17.05.2018   - bugfix strip-block produces different output
in Smarty v3.1.32 https://github.com/smarty-php/smarty/issues/436  - bugfix
Smarty::compileAllTemplates ignores `$extension` parameter
https://github.com/smarty-php/smarty/issues/437    https://github.com/smarty-php/smarty/pull/438  - improvement do not compute total property in {foreach} if
not needed https://github.com/smarty-php/smarty/issues/443  - bugfix  plugins
may not be loaded when setMergeCompiledIncludes is true
https://github.com/smarty-php/smarty/issues/435  26.04.2018   - bugfix
regarding Security Vulnerability did not solve the problem under Linux.
Security issue CVE-2018-16831  ===== 3.1.32 ===== (24.04.2018)  24.04.2018   -bugfix  possible Security Vulnerability in Smarty_Security class.  26.03.2018
- bugfix plugins may not be loaded if {function} or {block} tags are executed in
nocache mode    https://github.com/smarty-php/smarty/issues/371  26.03.2018   -new feature {parent} =  {$smarty.block.parent} {child} =  {$smarty.block.child}
23.03.2018   - bugfix preg_replace could fail on large content resulting in a
blank page https://github.com/smarty-php/smarty/issues/417  21.03.2018   -bugfix {$smarty.section...} used outside {section}{/section} showed incorrect
values if {section}{/section} was called inside    another loop
https://github.com/smarty-php/smarty/issues/422  - bugfix short form of
{section} attributes did not work https://github.com/smarty-php/smarty/issues/428  17.03.2018   - improvement Smarty::compileAllTemplates()
exit with a non-zero status code if max errors is reached
https://github.com/smarty-php/smarty/pull/402  16.03.2018   - bugfix extends
resource did not work with user defined left/right delimiter
https://github.com/smarty-php/smarty/issues/419  22.11.2017   - bugfix {break}
and {continue} could fail if {foreach}{/foreach} did contain other    looping
tags like {for}, {section} and {while} https://github.com/smarty-php/smarty/issues/323  20.11.2017    - bugfix rework of newline spacing between
tag code and template text.     now again identical with Smarty2 (forum topic
26878)   - replacement of " by '  05.11.2017    - lexer/parser optimization   -code cleanup and optimizations   - bugfix {$smarty.section.name.loop} used
together with {$smarty.section.name.total} could produce     wrong results
(forum topic 27041)  26.10.2017    - bugfix Smarty version was  not filled in
header comment of compiled and cached  files   - optimization replace internal
Smarty::$ds property by DIRECTORY_SEPARATOR   - deprecate functions
Smarty::muteExpectedErrors() and Smarty::unmuteExpectedErrors()     as Smarty
does no longer use error suppression like @filemtime().     for backward
compatibility code is moved from Smarty class to an external class and still can
be     called.   - correction of PHPDoc blocks   - minor code cleanup
21.10.2017    - bugfix custom delimiters could fail since modification of
version 3.1.32-dev-23     https://github.com/smarty-php/smarty/issues/394
18.10.2017    - bugfix fix implementation of unclosed block tag in double quoted
string of 12.10.2017     https://github.com/smarty-php/smarty/issues/396
https://github.com/smarty-php/smarty/issues/397     https://github.com/smarty-php/smarty/issues/391 https://github.com/smarty-php/smarty/issues/392
12.10.2017    - bugfix $smarty.block.child and $smarty.block.parent could not be
used like any     $smarty special variable https://github.com/smarty-php/smarty/issues/393   - unclosed block tag in double quoted string must throw
compiler exception.      https://github.com/smarty-php/smarty/issues/391
https://github.com/smarty-php/smarty/issues/392  07.10.2017    - bugfix
modification of 9.8.2017 did fail on some recursive     tag nesting.
https://github.com/smarty-php/smarty/issues/389  26.8.2017    - bugfix chained
modifier failed when last modifier parameter is a signed value
https://github.com/smarty-php/smarty/issues/327   - bugfix templates filepath
with multibyte characters did not work     https://github.com/smarty-php/smarty/issues/385   - bugfix {make_nocache} did display code if the template
did not contain other nocache code     https://github.com/smarty-php/smarty/issues/369  09.8.2017    - improvement repeated delimiter like {{ and
}} will be treated as literal
https://groups.google.com/forum/#!topic/smarty-developers/h9r82Bx4KZw  05.8.2017
- bugfix wordwrap modifier could fail if used in nocache code.     converted
plugin file shared.mb_wordwrap.php into modifier.mb_wordwrap.php   - cleanup of
_getSmartyObj()  31.7.2017    - Call clearstatcache() after mkdir() failure
https://github.com/smarty-php/smarty/pull/379  30.7.2017    - rewrite mkdir()
bugfix to retry automatically see https://github.com/smarty-php/smarty/pull/377
https://github.com/smarty-php/smarty/pull/379  21.7.2017    - security possible
PHP code injection on custom resources at display() or fetch()     calls if the
resource does not sanitize the template name   - bugfix fix 'mkdir(): File
exists' error on create directory from parallel     processes
https://github.com/smarty-php/smarty/pull/377   - bugfix solve preg_match() hhvm
parameter problem https://github.com/smarty-php/smarty/pull/372  27.5.2017    -bugfix change compiled code for registered function and modifiers to called as
callable to allow closures     https://github.com/smarty-php/smarty/pull/368,
https://github.com/smarty-php/smarty/issues/273   - bugfix
https://github.com/smarty-php/smarty/pull/368 did break the default plugin
handler   - improvement replace phpversion() by PHP_VERSION constant.
https://github.com/smarty-php/smarty/pull/363  21.5.2017    - performance store
flag for already required shared plugin functions in static variable or
Smarty's $_cache to improve performance when plugins are often called
https://github.com/smarty-php/smarty/commit/51e0d5cd405d764a4ea257d1bac1fb1205f7
4528#commitcomment-22280086   - bugfix remove special treatment of classes
implementing ArrayAccess in {foreach}     https://github.com/smarty-php/smarty/issues/332   - bugfix remove deleted files by clear_cache() and
clear_compiled_template() from     ACP cache if present, add some is_file()
checks to avoid possible warnings on filemtime()     caused by above functions.
https://github.com/smarty-php/smarty/issues/341   - bugfix version 3.1.31 did
fail under PHP 5.2     https://github.com/smarty-php/smarty/issues/365
19.5.2017    - change properties $accessMap and $obsoleteProperties from private
to protected     https://github.com/smarty-php/smarty/issues/351   - new feature
The named capture buffers can now be accessed also as array     See
NEWS_FEATURES.txt https://github.com/smarty-php/smarty/issues/366   -improvement check if ini_get() and ini_set() not disabled
https://github.com/smarty-php/smarty/pull/362  24.4.2017    - fix spelling
https://github.com/smarty-php/smarty/commit/e3eda8a5f5653d8abb960eb1bc47e3eca679
b1b4#commitcomment-21803095  17.4.2017    - correct generated code on empty()
and isset() call, observe change PHP behaviour since PHP 5.5
https://github.com/smarty-php/smarty/issues/347  14.4.2017    - merge pull
requests https://github.com/smarty-php/smarty/pull/349,
https://github.com/smarty-php/smarty/pull/322 and    https://github.com/smarty-php/smarty/pull/337 to fix spelling and annotation  13.4.2017    - bugfix
array_merge() parameter should be checked https://github.com/smarty-php/smarty/issues/350  ===== 3.1.31 ===== (14.12.2016)    23.11.2016     - move
template object cache into static variables    19.11.2016    - bugfix
inheritance root child templates containing nested {block}{/block} could call
sub-bock content from parent     template https://github.com/smarty-php/smarty/issues/317   - change version checking   11.11.2016    - bugfix when
Smarty is using a cached template object on Smarty::fetch() or
Smarty::isCached() the inheritance data     must be removed
https://github.com/smarty-php/smarty/issues/312   - smaller speed optimization
08.11.2016    - add bootstrap file to load and register Smarty_Autoloader.
Change composer.json to make it known to composer   07.11.2016    - optimization
of lexer speed https://github.com/smarty-php/smarty/issues/311   27.10.2016    -bugfix template function definitions array has not been cached between
Smarty::fetch() and Smarty::display() calls     https://github.com/smarty-php/smarty/issues/301   23.10.2016    - improvement/bugfix when Smarty::fetch()
is called on a template object the inheritance and tplFunctions property
should be copied to the called template object   21.10.2016    - bugfix for
compile locking touched timestamp of old compiled file was not restored on
compilation error https://github.com/smarty-php/smarty/issues/308   20.10.2016
- bugfix nocache code was not removed in cache file when subtemplate did contain
PHP short tags in text but no other     nocache code https://github.com/smarty-php/smarty/issues/300   19.10.2016    - bugfix {make_nocache $var} did fail when
variable value did contain '\' https://github.com/smarty-php/smarty/issues/305
- bugfix {make_nocache $var} remove spaces from variable value
https://github.com/smarty-php/smarty/issues/304   12.10.2016    - bugfix
{include} with template names including variable or constants could fail after
bugfix from      28.09.2016 https://github.com/smarty-php/smarty/issues/302
08.10.2016    - optimization move runtime extension for template functions into
Smarty objects   29.09.2016    - improvement new Smarty::$extends_recursion
property to disable execution of {extends} in templates called by extends
resource      https://github.com/smarty-php/smarty/issues/296   28.09.2016    -bugfix the generated code for calling a subtemplate must pass the template
resource name in single quotes https://github.com/smarty-php/smarty/issues/299
- bugfix nocache hash was not removed for  tags in subtemplates
https://github.com/smarty-php/smarty/issues/300   27.09.2016    - bugfix when
Smarty does use an internally cached template object on Smarty::fetch() calls
the template and config variables must be cleared https://github.com/smarty-php/smarty/issues/297   20.09.2016    - bugfix some $smarty special template
variables are no longer accessed as real variable.     using them on calls like
{if isset($smarty.foo)} or {if empty($smarty.foo)} will fail
https://www.smarty.net//forums/viewtopic.php?t=26222   - temporary fix for
https://github.com/smarty-php/smarty/issues/293 main reason still under
investigation   - improvement new tags {block_parent} {block_child} in template
inheritance   19.09.2016    - optimization clear compiled and cached folder
completely on detected version change   - cleanup convert cache resource file
method clear into runtime extension   15.09.2016    - bugfix assigning a
variable in if condition by function like {if $value = array_shift($array)} the
function got called twice https://github.com/smarty-php/smarty/issues/291   -bugfix function plugins called with assign attribute like {foo assign='bar'} did
not output returned content because            because assumption was made that
it was assigned to a variable https://github.com/smarty-php/smarty/issues/292
- bugfix calling $smarty->isCached() on a not existing cache file with
$smarty->cache_locking = true; could cause a 10 second delay
https://www.smarty.net/forums/viewtopic.php   - improvement make
Smarty::clearCompiledTemplate() on custom resource independent from changes of
templateId computation   11.09.2016    - improvement {math} misleading
E_USER_WARNING messages when parameter value = null https://github.com/smarty-php/smarty/issues/288   - improvement move often used code snippets into methods
- performance Smarty::configLoad() did load unneeded template source object
09.09.2016    - bugfix/optimization {foreach} did not execute the {foreachelse}
when iterating empty objects https://github.com/smarty-php/smarty/pull/287   -bugfix {foreach} must keep the @properties when restoring a saved $item variable
as the properties might be used outside {foreach} https://github.com/smarty-php/smarty/issues/267   - improvement {foreach} observe {break n} and {continue
n} nesting levels when restoring saved $item and $key variables   08.09.2016
- bugfix implement wrapper for removed method getConfigVariable()
https://github.com/smarty-php/smarty/issues/286   07.09.2016    - bugfix using
nocache like attribute with value true like {plugin nocache=true} did not work
https://github.com/smarty-php/smarty/issues/285   - bugfix uppercase TRUE, FALSE
and NULL did not work when security was enabled https://github.com/smarty-php/smarty/issues/282   - bugfix when {foreach} was looping over an object the
total property like {$item@total} did always return 1 https://github.com/smarty-php/smarty/issues/281   - bugfix {capture}{/capture} did add in 3.1.30
unintended additional blank lines https://github.com/smarty-php/smarty/issues/268   01.09.2016    - performance require_once should be
called only once for shared plugins https://github.com/smarty-php/smarty/issues/280   26.08.2016    - bugfix change of 23.08.2016 failed on
linux when use_include_path = true   23.08.2016    - bugfix remove constant DS
as shortcut for DIRECTORY_SEPARATOR as the user may have defined it to something
else https://github.com/smarty-php/smarty/issues/277   20.08-2016    - bugfix
{config_load ... scope="global"} shall not throw an arror but fallback to
scope="smarty" https://github.com/smarty-php/smarty/issues/274   - bugfix
{make_nocache} failed when using composer autoloader https://github.com/smarty-php/smarty/issues/275   14.08.2016    - bugfix $smarty_>debugging = true; did
E_NOTICE messages when {eval} tag was used https://github.com/smarty-php/smarty/issues/266   - bugfix Class
'Smarty_Internal_Runtime_ValidateCompiled' not found when upgrading from some
older Smarty versions with existing            compiled or cached template files
https://github.com/smarty-php/smarty/issues/269   - optimization remove unneeded
call to update acopes when {assign} scope and template scope was local (default)
===== 3.1.30 ===== (07.08.2016)   07.08.2016    - bugfix update of 04.08.2016
was incomplete   05.08.2016    - bugfix compiling of templates failed when the
Smarty delimiter did contain '/' https://github.com/smarty-php/smarty/issues/264
- updated error checking at template and config default handler   04.08.2016
- improvement move template function source parameter into extension
26.07.2016    - optimization unneeded loading of compiled resource   24.07.2016
- regression this->addPluginsDir('/abs/path/to/dir') adding absolute path
without trailing '/' did fail https://github.com/smarty-php/smarty/issues/260
23.07.2016    - bugfix setTemplateDir('/') and setTemplateDir('') did create
wrong absolute filepath https://github.com/smarty-php/smarty/issues/245   -optimization of filepath normalization   - improvement remove double function
declaration in plugin shared.escape_special_cars.php https://github.com/smarty-php/smarty/issues/229   19.07.2016    - bugfix multiple {include} with relative
filepath within {block}{/block} could fail https://github.com/smarty-php/smarty/issues/246   - bugfix {math} shell injection vulnerability patch
provided by Tim Weber   18.07.2016    - bugfix {foreach} if key variable and
item@key attribute have been used both the key variable was not updated
https://github.com/smarty-php/smarty/issues/254   - bugfix modifier on plugins
like {plugin|modifier ... } did fail when the plugin does return an array
https://github.com/smarty-php/smarty/issues/228   - bugfix avoid
opcache_invalidate to result in ErrorException when opcache.restrict_api is not
empty https://github.com/smarty-php/smarty/pull/244   - bugfix multiple
{include} with relative filepath within {block}{/block} could fail
https://github.com/smarty-php/smarty/issues/246   14.07.2016    - bugfix wrong
parameter on compileAllTemplates() and compileAllConfig()
https://github.com/smarty-php/smarty/issues/231   13.07.2016    - bugfix PHP 7
compatibility on registered compiler plugins https://github.com/smarty-php/smarty/issues/241   - update testInstall()    - bugfix
enable debugging could fail when template objects did already exists
https://github.com/smarty-php/smarty/issues/237   - bugfix template function
data should be merged when loading subtemplate https://github.com/smarty-php/smarty/issues/240   - bugfix wrong parameter on compileAllTemplates()
https://github.com/smarty-php/smarty/issues/231   12.07.2016    - bugfix
{foreach} item variable must be created also on empty from array
https://github.com/smarty-php/smarty/issues/238 and https://github.com/smarty-php/smarty/issues/239   - bugfix enableSecurity() must init cache flags
https://github.com/smarty-php/smarty/issues/247   27.05.2016    -bugfix/improvement of compileAlltemplates() follow symlinks in template folder
(PHP >= 5.3.1) https://github.com/smarty-php/smarty/issues/224       clear
internal cache and expension handler for each template to avoid possible
conflicts https://github.com/smarty-php/smarty/issues/231   16.05.2016    -optimization {foreach} compiler and processing   - broken PHP 5.3 and 5.4
compatibility   15.05.2016    - optimization and cleanup of resource code
10.05.2016    - optimization of inheritance processing   07.05.2016    -bugfix
Only variables should be assigned by reference https://github.com/smarty-php/smarty/issues/227   02.05.2016    - enhancement {block} tag names can now be
variable https://github.com/smarty-php/smarty/issues/221   01.05.2016    -bugfix same relative filepath at {include} called from template in different
folders could display wrong sub-template   29.04.2016    - bugfix {strip} remove
space on linebreak between html tags https://github.com/smarty-php/smarty/issues/213   24.04.2016    - bugfix nested {include} with relative
file path could fail when called in {block} ... {/block}
https://github.com/smarty-php/smarty/issues/218   14.04.2016    - bugfix special
variable {$smarty.capture.name} was not case sensitive on name
https://github.com/smarty-php/smarty/issues/210   - bugfix the default template
handler must calculate the source uid https://github.com/smarty-php/smarty/issues/205   13.04.2016    - bugfix template inheritance status must
be saved when calling sub-templates https://github.com/smarty-php/smarty/issues/215   27.03.2016    - bugfix change of 11.03.2016 cause again
{capture} data could not been seen in other templates with
{$smarty.capture.name} https://github.com/smarty-php/smarty/issues/153
11.03.2016    - optimization of capture and security handling   - improvement
$smarty->clearCompiledTemplate() should return on recompiled or uncompiled
resources   10.03.2016    - optimization of resource processing   09.03.2016
- improvement rework of 'scope' attribute handling see see NEW_FEATURES.txt
https://github.com/smarty-php/smarty/issues/194     https://github.com/smarty-php/smarty/issues/186 https://github.com/smarty-php/smarty/issues/179   - bugfix
correct Autoloader update of 2.3.2014 https://github.com/smarty-php/smarty/issues/199   04.03.2016    - bugfix change from 01.03.2016 will cause
$smarty->isCached(..) failure if called multiple time for same template
(forum topic 25935)   02.03.2016    - revert autoloader optimizations because of
unexplainable warning when using plugins https://github.com/smarty-php/smarty/issues/199   01.03.2016    - bugfix template objects must be cached
on $smarty->fetch('foo.tpl) calls incase the template is fetched     multiple
times (forum topic 25909)   25.02.2016    - bugfix wrong _realpath with 4 or
more parent-directories https://github.com/smarty-php/smarty/issues/190   -optimization of _realpath   - bugfix instanceof expression in template code must
be treated as value https://github.com/smarty-php/smarty/issues/191   20.02.2016
- bugfix {strip} must keep space between hmtl tags. Broken by changes of
10.2.2016 https://github.com/smarty-php/smarty/issues/184   - new feature/bugfix
{foreach}{section} add 'properties' attribute to force compilation of loop
properties     see NEW_FEATURES.txt https://github.com/smarty-php/smarty/issues/189   19.02.2016    - revert output buffer flushing on
display, echo content again because possible problems when PHP files had
characters (newline} after ?> at file end https://github.com/smarty-php/smarty/issues/187   14.02.2016    - new tag {make_nocache} read
NEW_FEATURES.txt https://github.com/smarty-php/smarty/issues/110   -optimization of sub-template processing   - bugfix using extendsall as default
resource and {include} inside {block} tags could produce unexpected results
https://github.com/smarty-php/smarty/issues/183   - optimization of tag
attribute compiling   - optimization make compiler tag object cache static for
higher compilation speed   11.02.2016    - improvement added KnockoutJS comments
to trimwhitespace outputfilter https://github.com/smarty-php/smarty/issues/82
https://github.com/smarty-php/smarty/pull/181   10.02.2016    - bugfix {strip}
must keep space on output creating smarty tags within html tags
https://github.com/smarty-php/smarty/issues/177   - bugfix wrong precedence on
special if conditions like '$foo is ... by $bar' could cause wrong code
https://github.com/smarty-php/smarty/issues/178   - improvement because of
ambiguities the inline constant support has been removed from the $foo.bar
syntax https://github.com/smarty-php/smarty/issues/149   - bugfix other {strip}
error with output tags between hmtl https://github.com/smarty-php/smarty/issues/180   09.02.2016    - move some code from parser into compiler
- reformat all code for unique style   - update/bugfix scope attribute handling
reworked. Read the newfeatures.txt file   05.02.2016    - improvement internal
compiler changes   01.02.2016    - bugfix {foreach} compilation failed when
$smarty->merge_compiled_includes = true and pre-filters are used.   29.01.2016
- bugfix implement replacement code for _tag_stack property
https://github.com/smarty-php/smarty/issues/151   28.01.2016    - bugfix allow
windows network filepath or wrapper (forum topic 25876)
https://github.com/smarty-php/smarty/issues/170   - bugfix if fetch('foo.tpl')
is called on a template object the $parent parameter should default to the
calling template object https://github.com/smarty-php/smarty/issues/152
27.01.2016    - revert bugfix compiling {section} did create warning   - bugfix
{$smarty.section.customer.loop} did throw compiler error
https://github.com/smarty-php/smarty/issues/161     update of yesterdays fix   -bugfix string resource could inject code at {block} or inline subtemplates
through PHP comments https://github.com/smarty-php/smarty/issues/157
- bugfix output filters did not observe nocache code
flhttps://github.com/smarty-php/smarty/issues/154g https://github.com/smarty-php/smarty/issues/160   - bugfix {extends} with relative file path did not work
https://github.com/smarty-php/smarty/issues/154     https://github.com/smarty-php/smarty/issues/158   - bugfix {capture} data could not been seen in other
templates with {$smarty.capture.name} https://github.com/smarty-php/smarty/issues/153   26.01.2016    - improvement observe Smarty::$_CHARSET in
debugging console https://github.com/smarty-php/smarty/issues/169   - bugfix
compiling {section} did create warning   - bugfix
{$smarty.section.customer.loop} did throw compiler error
https://github.com/smarty-php/smarty/issues/161   02.01.2016    - update scope
handling   - optimize block plugin compiler   - improvement runtime checks if
registered block plugins are callable   01.01.2016    - remove
Smarty::$resource_cache_mode property   31.12.2015    - optimization of
{assign}, {if} and {while} compiled code   30.12.2015    - bugfix plugin names
starting with "php" did not compile https://github.com/smarty-php/smarty/issues/147   29.12.2015    - bugfix Smarty::error_reporting was not
observed when display() or fetch() was called on template objects
https://github.com/smarty-php/smarty/issues/145   28.12.2015    - optimization
of {foreach} code size and processing   27.12.2015    - improve inheritance code
- update external methods   - code fixes   - PHPdoc updates   25.12.2015    -compile {block} tag code and its processing into classes   - optimization
replace hhvm extension by inline code   - new feature If ACP is enabled force an
apc_compile_file() when compiled or cached template was updated   24.12.2015
- new feature Compiler does now observe the template_dir setting and will create
separate compiled files if required   - bugfix post filter did fail on template
inheritance https://github.com/smarty-php/smarty/issues/144   23.12.2015    -optimization move internal method decodeProperties back into template object   -optimization move subtemplate processing back into template object   - new
feature Caching does now observe the template_dir setting and will create
separate cache files if required   22.12.2015    - change $xxx_dir properties
from private to protected in case Smarty class gets extended   - code
optimizations   21.12.2015    - bugfix a filepath starting with '/' or '\' on
windows should normalize to the root dir     of current working drive
https://github.com/smarty-php/smarty/issues/134   - optimization of filepath
normalization   - bugfix {strip} must remove all blanks between html tags
https://github.com/smarty-php/smarty/issues/136   ===== 3.1.29 ====(21.12.2015)   21.12.2015    - optimization improve speed of filetime checks on
extends and extendsall resource   20.12.2015    - bugfix failure when the
default resource type was set to 'extendsall' https://github.com/smarty-php/smarty/issues/123   - update compilation of Smarty special variables   -bugfix add addition check for OS type on normalization of file path
https://github.com/smarty-php/smarty/issues/134   - bugfix the source uid of the
extendsall resource must contain $template_dir settings
https://github.com/smarty-php/smarty/issues/123   19.12.2015    - bugfix using
$smarty.capture.foo in expressions could fail https://github.com/smarty-php/smarty/pull/138   - bugfix broken PHP 5.2 compatibility
https://github.com/smarty-php/smarty/issues/139   - remove no longer used code
- improvement make sure that compiled and cache templates never can contain a
trailing '?>?   18.12.2015    - bugfix regression when modifier parameter was
followed by math https://github.com/smarty-php/smarty/issues/132   17.12.2015
- bugfix {$smarty.capture.nameFail} did lowercase capture name
https://github.com/smarty-php/smarty/issues/135   - bugfix using {block
append/prepend} on same block in multiple levels of inheritance templates could
fail (forum topic 25827)   - bugfix text content consisting of just a single '0'
like in {if true}0{/if} was suppressed (forum topic 25834)   16.12.2015    -bugfix {foreach} did fail if from atrribute is a Generator class
https://github.com/smarty-php/smarty/issues/128   - bugfix direct access
$smarty->template_dir = 'foo'; should call Smarty::setTemplateDir()
https://github.com/smarty-php/smarty/issues/121   15.12.2015    - bugfix
{$smarty.cookies.foo} did return the $_COOKIE array not the 'foo' value
https://github.com/smarty-php/smarty/issues/122   - bugfix  a call to
clearAllCache() and other should clear all internal template object caches
(forum topic 25828)   14.12.2015    - bugfix  {$smarty.config.foo} broken in
3.1.28 https://github.com/smarty-php/smarty/issues/120   - bugfix  multiple
calls of {section} with same name droped E_NOTICE error
https://github.com/smarty-php/smarty/issues/118   ===== 3.1.28 ====(13.12.2015)   13.12.2015    - bugfix {foreach} and {section} with uppercase
characters in name attribute did not work (forum topic 25819)   - bugfix
$smarty->debugging_ctrl = 'URL' did not work (forum topic 25811)   - bugfix
Debug Console could display incorrect data when using subtemplates   09.12.2015
- bugfix Smarty did fail under PHP 7.0.0 with use_include_path = true;
09.12.2015    - bugfix {strip} should exclude some html tags from stripping,
related to fix for https://github.com/smarty-php/smarty/issues/111   08.12.2015
- bugfix internal template function data got stored in wrong compiled file
https://github.com/smarty-php/smarty/issues/114   05.12.2015    -bugfix {strip}
should insert a single space https://github.com/smarty-php/smarty/issues/111
25.11.2015    -bugfix a left delimter like '[%' did fail on
[%$var_[%$variable%]%] (forum topic 25798)   02.11.2015    - bugfix {include}
with variable file name like {include file="foo_`$bar`.tpl"} did fail in
3.1.28-dev https://github.com/smarty-php/smarty/issues/102   01.11.2015    -update config file processing   31.10.2015    - bugfix add missing $trusted_dir
property to SmartyBC class (forum topic 25751)   29.10.2015    - improve
template scope handling   24.10.2015    - more optimizations of template
processing   - bugfix Error when using {include} within {capture}
https://github.com/smarty-php/smarty/issues/100   21.10.2015    - move some code
into runtime extensions   18.10.2015    - optimize filepath normalization   -rework of template inheritance   - speed and size optimizations   - bugfix under
HHVM temporary cache file must only be created when caches template was updated
- fix compiled code for new {block} assign attribute   - update code generated
by template function call handler   18.09.2015    - bugfix {if $foo instanceof
$bar} failed to compile if 2nd value is a variable https://github.com/smarty-php/smarty/issues/92   17.09.2015    - bugfix {foreach} first attribute was not
correctly reset since commit 05a8fa2 of 02.08.2015 https://github.com/smarty-php/smarty/issues/90   16.09.2015    - update compiler by moving no longer
needed properties, code optimizations and other   14.09.2015    - optimize
autoloader   - optimize subtemplate handling   - update template inheritance
processing   - move code of {call} processing back into Smarty_Internal_Template
class   - improvement invalidate OPCACHE for cleared compiled and cached
template files (forum topic 25557)   - bugfix unintended multiple debug windows
(forum topic 25699)   30.08.2015    - size optimization move some runtime
functions into extension   - optimize inline template processing   -optimization merge inheritance child and parent templates into one compiled
template file   29.08.2015    - improvement convert template inheritance into
runtime processing   - bugfix {$smarty.block.parent} did always reference the
root parent block https://github.com/smarty-php/smarty/issues/68   23.08.2015
- introduce Smarty::$resource_cache_mode and cache template object of {include}
inside loop   - load seldom used Smarty API methods dynamically to reduce memory
footprint   - cache template object of {include} if same template is included
several times   - convert debug console processing to object   - use output
buffers for better performance and less memory usage   - optimize nocache hash
processing   - remove not really needed properties   - optimize rendering   -move caching to Smarty::_cache   - remove properties with redundant content   -optimize Smarty::templateExists()   - optimize use_include_path processing   -relocate properties for size optimization   - remove redundant code   - bugfix
compiling super globals like {$smarty.get.foo} did fail in the master branch
https://github.com/smarty-php/smarty/issues/77   06.08.2015    - avoid possible
circular object references caused by parser/lexer objects   - rewrite
compileAll... utility methods   - commit several  internal improvements   -bugfix Smarty failed when compile_id did contain "|"   03.08.2015    - rework
clear cache methods   - bugfix compileAllConfig() was broken since 3.1.22
because of the changes in config file processing   - improve getIncludePath() to
return directory if no file was given   02.08.2015    - optimization and code
cleanup of {foreach} and {section} compiler   - rework {capture} compiler
01.08.2015    - update DateTime object can be instance of DateTimeImmutable
since PHP5.5 https://github.com/smarty-php/smarty/pull/75   - improvement show
resource type and start of template source instead of uid on eval: and string:
resource (forum topic 25630)   31.07.2015    - optimize {foreach} and {section}
compiler   29.07.2015    - optimize {section} compiler for speed and size of
compiled code   28.07.2015    - update for PHP 7 compatibility   26.07.2015    -improvement impement workaround for HHVM PHP incompatibillity
https://github.com/facebook/hhvm/issues/4797   25.07.2015    - bugfix parser did
hang on text starting fetch('foo.tpl')
https://github.com/smarty-php/smarty/issues/70   - improvement Added $limit
parameter to regex_replace modifier #71   - new feature multiple indices on
file: resource   06.07.2015    - optimize {block} compilation   - optimization
get rid of __get and __set in source object   01.07.2015    - optimize compile
check handling   - update {foreach} compiler   - bugfix debugging console did
not display string values containing \n, \r or \t correctly
https://github.com/smarty-php/smarty/issues/66   - optimize source resources
28.06.2015    - move $smarty->enableSecurity() into Smarty_Security class   -optimize security isTrustedResourceDir()   - move auto load filter methods into
extension   - move $smarty->getTemplateVars() into extension   - move
getStreamVariable() into extension   - move $smarty->append() and
$smarty->appendByRef() into extension   - optimize autoloader   - optimize file
path normalization   - bugfix PATH_SEPARATOR was replaced by mistake in
autoloader   - remove redundant code   27.06.2015    - bugfix resolve naming
conflict between custom Smarty delimiter '<%' and PHP ASP tags
https://github.com/smarty-php/smarty/issues/64   - update $smarty->_realpath for
relative path not starting with './'   - update Smarty security with new
realpath handling   - update {include_php} with new realpath handling   - move
$smarty->loadPlugin() into extension   - minor compiler optimizations   - bugfix
allow function plugins with name ending with 'close' https://github.com/smarty-php/smarty/issues/52   - rework of $smarty->clearCompiledTemplate() and move it
to its own extension   19.06.2015    - improvement allow closures as callback at
$smarty->registerFilter() https://github.com/smarty-php/smarty/issues/59   ====3.1.27===== (18.06.2015)   18.06.2015    - bugfix another update on file path
normalization failed on path containing something like "/.foo/"
https://github.com/smarty-php/smarty/issues/56   ===== 3.1.26===== (18.06.2015)
18.06.2015    - bugfix file path normalization failed on path containing
something like "/.foo/" https://github.com/smarty-php/smarty/issues/56
17.06.2015    - bugfix calling a plugin with nocache option but no other
attributes like {foo nocache} caused call to undefined function
https://github.com/smarty-php/smarty/issues/55   ===== 3.1.25===== (15.06.2015)
15.06.2015    - optimization of smarty_cachereource_keyvaluestore.php code
14.06.2015    - bugfix a relative sub template path could fail if template_dir
path did contain /../ https://github.com/smarty-php/smarty/issues/50   -optimization rework of path normalization   - bugfix an output tag with
variable, modifier followed by an operator like {$foo|modifier+1} did fail
https://github.com/smarty-php/smarty/issues/53   13.06.2015    - bugfix a custom
cache resource using smarty_cachereource_keyvaluestore.php did fail if php.ini
mbstring.func_overload = 2 (forum topic 25568)   11.06.2015    - bugfix the
lexer could hang on very large quoted strings (forum topic 25570)   08.06.2015
- bugfix using {$foo} as array index like $bar.{$foo} or in double quoted string
like "some {$foo} thing" failed https://github.com/smarty-php/smarty/issues/49
04.06.2015    - bugfix possible error message on unset() while compiling {block}
tags https://github.com/smarty-php/smarty/issues/46   01.06.2015    - bugfix
 including template variables broken  since 3.1.22
https://github.com/smarty-php/smarty/issues/47   27.05.2015    - bugfix
{include} with variable file name must not create by default individual cache
file (since 3.1.22) https://github.com/smarty-php/smarty/issues/43   24.05.2015
- bugfix if condition string 'neq' broken due to a typo
https://github.com/smarty-php/smarty/issues/42   ===== 3.1.24===== (23.05.2015)
23.05.2015    - improvement on php_handling to allow very large PHP sections,
better error handling   - improvement allow extreme large comment sections
(forum 25538)   21.05.2015    - bugfix broken PHP 5.2 compatibility when
compiling  1 did compile
into wrong code https://github.com/smarty-php/smarty/issues/41   19.05.2015    -bugfix compiler did overwrite existing variable value when setting the nocache
attribute https://github.com/smarty-php/smarty/issues/39   - bugfix output
filter trimwhitespace could run into the pcre.backtrack_limit on large output
(code.google issue 220)   - bugfix compiler could run into the
pcre.backtrack_limit on larger comment or {php} tag sections (forum 25538)
18.05.2015    - improvement introduce shortcuts in lexer/parser rules for most
frequent terms for higher     compilation speed   16.05.2015    - bugfix
{php}{/php} did work just for single lines https://github.com/smarty-php/smarty/issues/33   - improvement remove not needed ?> handling from parser to new compiler module
05.05.2015    - bugfix code could be messed up when {tags} are used in multiple
attributes https://github.com/smarty-php/smarty/issues/23   04.05.2015    -bugfix Smarty_Resource::parseResourceName incompatible with Google AppEngine
(https://github.com/smarty-php/smarty/issues/22)   - improvement use is_file()
checks to avoid errors suppressed by @ which could still cause problems
(https://github.com/smarty-php/smarty/issues/24)   28.04.2015    - bugfix
plugins of merged subtemplates not loaded in 3.1.22-dev (forum topic 25508) 2nd
fix   28.04.2015    - bugfix plugins of merged subtemplates not loaded in
3.1.22-dev (forum topic 25508)   23.04.2015    - bugfix a nocache template
variable used as parameter at {insert} was by mistake cached   20.04.2015    -bugfix at a template function containing nocache code a parmeter could overwrite
a template variable of same name   27.03.2015    - bugfix
Smarty_Security->allow_constants=false; did also disable true, false and null
(change of 16.03.2015)   - improvement added a whitelist for trusted constants
to security Smarty_Security::$trusted_constants (forum topic 25471)   20.03.2015
- bugfix make sure that function properties get saved only in compiled files
containing the fuction definition {forum topic 25452}   - bugfix correct update
of global variable values on exit of template functions. (reported under Smarty
Developers)   16.03.2015   - bugfix  problems with {function}{/function} and
{call} tags in different subtemplate cache files {forum topic 25452}  - bugfix
Smarty_Security->allow_constants=false; did not disallow direct usage of defined
constants like {SMARTY_DIR} {forum topic 25457}  - bugfix  {block}{/block} tags
did not work inside double quoted strings https://github.com/smarty-php/smarty/issues/18    15.03.2015   - bugfix  $smarty->compile_check must be
restored before rendering of a just updated cache file {forum 25452}
14.03.2015   - bugfix  {nocache}  {/nocache} tags corrupted code when used
within a nocache section caused by a nocache template variable.   - bugfix
template functions defined with {function} in an included subtemplate could not
be called in nocache            mode with {call... nocache} if the subtemplate
had it's own cache file {forum 25452}   10.03.2015   - bugfix {include ...
nocache} whith variable file or compile_id attribute was not executed in nocache
mode.   12.02.2015   - bugfix multiple Smarty::fetch() of same template when
$smarty->merge_compiled_includes = true; could cause function already defined
error   11.02.2015   - bugfix recursive {includes} did create E_NOTICE message
when $smarty->merge_compiled_includes = true; (github issue #16)   22.01.2015
- new feature security can now control access to static methods and properties
see also NEW_FEATURES.txt   21.01.2015   - bugfix clearCompiledTemplates(),
clearAll() and clear() could try to delete whole drive at wrong path permissions
because realpath() fail (forum 25397)  - bugfix 'self::' and 'parent::' was
interpreted in template syntax as static class   04.01.2015   - push last weeks
changes to github  - different optimizations  - improvement automatically create
different versions of compiled templates and config files depending    on
property settings.  - optimization restructure template processing by moving
code into classes it better belongs to  - optimization restructure config file
processing   31.12.2014  - bugfix use function_exists('mb_get_info') for setting
Smarty::$_MBSTRING.    Function mb_split could be overloaded depending on
php.ini mbstring.func_overload    29.12.2014   - new feature security can now
limit the template nesting level by property $max_template_nesting
see also NEW_FEATURES.txt (forum 25370)   29.12.2014   - new feature security
can now disable special $smarty variables listed in property
$disabled_special_smarty_vars                 see also NEW_FEATURES.txt (forum
25370)   27.12.2014    - bugfix clear internal _is_file_cache when plugins_dir
was modified   13.12.2014    - improvement optimization of lexer and parser
resulting in a up to 30% higher compiling speed   11.12.2014    - bugfix resolve
parser ambiguity between constant print tag {CONST} and other smarty tags after
change of 09.12.2014   09.12.2014    - bugfix variables $null, $true and $false
did not work after the change of 12.11.2014 (forum 25342)   - bugfix call of
template function by a variable name did not work after latest changes (forum
25342)   23.11.2014    - bugfix a plugin with attached modifier could fail if
the tag was immediately followed by another Smarty tag (since 3.1.21) (forum
25326)   13.11.2014    - improvement move autoload code into Autoloader.php. Use
Composer autoloader when possible   12.11.2014   - new feature added support of
namespaces to template code   08.11.2014 - 10.11.2014   - bugfix subtemplate
called in nocache mode could be called with wrong compile_id when it did change
on one of the calling templates  - improvement add code of template functions
called in nocache mode dynamically to cache file (related to bugfix of
01.11.2014)  - bugfix Debug Console did not include all data from merged
compiled subtemplates   04.11.2014   - new feature $smarty->debugging = true; =>
overwrite existing Debug Console window (old behaviour)
$smarty->debugging = 2; => individual Debug Console window by template name
03.11.2014   - bugfix Debug Console did not show included subtemplates since
3.1.17 (forum 25301)  - bugfix Modifier debug_print_var did not limit recursion
or prevent recursive object display at Debug Console     (ATTENTION: parameter
order has changed to be able to specify maximum recursion)  - bugfix Debug
consol did not include subtemplate information with
$smarty->merge_compiled_includes = true  - improvement The template variables
are no longer displayed as objects on the Debug Console  - improvement
$smarty->createData($parent = null, $name = null) new optional name parameter
for display at Debug Console  - addition of some hooks for future extension of
Debug Console   01.11.2014   - bugfix and enhancement on subtemplate {include}
and template {function} tags.    * Calling a template which has a nocache
section could fail if it was called from a cached and a not cached subtemplate.
* Calling the same subtemplate cached and not cached with the
$smarty->merge_compiled_includes enabled could cause problems    * Many smaller
related changes   30.10.2014   - bugfix access to class constant by object like
{$object::CONST} or variable class name {$class::CONST} did not work (forum
25301)   26.10.2014   - bugfix E_NOTICE message was created during compilation
when ASP tags '<%' or '%>' are in template source text  - bugfix
merge_compiled_includes option failed when caching  enables and same subtemplate
was included cached and not cached
--------------------------------------------------------------------------------ChangeLog:

* Fri Feb 22 2019 Shawn Iwinski  - 3.1.33-1
- Update to 3.1.33
- RHBZ #s: 1532492, 1532493, 1532494, 1628739, 1628740, 1628741, 1631095, 1631096, 1631098
- CVEs: CVE-2017-1000480, CVE-2018-13982, CVE-2018-16831
- License LGPLv2+ => LGPLv3
* Sat Feb  2 2019 Fedora Release Engineering  - 3.1.21-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering  - 3.1.21-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------References:

  [ 1 ] Bug #1631098 - CVE-2018-13982 php-Smarty: Path traversal vulnerability in Smarty_Security::isTrustedResourceDir() [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1631098
  [ 2 ] Bug #1628740 - CVE-2018-16831 php-Smarty: trusted_dir protection mechanism bypass [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1628740
  [ 3 ] Bug #1532493 - CVE-2017-1000480 php-Smarty: Code injection when calling fetch() or display() on unsanitized template names [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1532493
  [ 4 ] Bug #1631096 - CVE-2018-13982 php-Smarty: Path traversal vulnerability in Smarty_Security::isTrustedResourceDir() [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1631096
  [ 5 ] Bug #1628741 - CVE-2018-16831 php-Smarty: trusted_dir protection mechanism bypass [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1628741
  [ 6 ] Bug #1532494 - CVE-2017-1000480 php-Smarty: Code injection when calling fetch() or display() on unsanitized template names [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1532494
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-d248c5aa39' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
--------------------------------------------------------------------------------_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/