php7.3 (7.3.31-1~deb10u1) buster-security; urgency=medium * New upstream version 7.3.31 + CVE-2021-21706: ZipArchive::extractTo extracts outside of destination. * Backported from 7.4.25 + CVE-2021-21703: PHP-FPM oob R/W in root process leading to privilege escalation. -- Ondřej Surý Sun, 24 Oct 2021 17:18:08 +0200 php7.3 (7.3.29-1~deb10u1) buster-security; urgency=medium * New upstream version 7.3.29 + CVE-2021-21705: SSRF bypass in FILTER_VALIDATE_URL + CVE-2021-21704: Stack buffer overflow in firebird_info_cb + CVE-2021-21704: SIGSEGV in firebird_handle_doer + CVE-2021-21704: SIGSEGV in firebird_stmt_execute + CVE-2021-21704: Crash while parsing blob data in firebird_fetch_blob -- Ondřej Surý Fri, 02 Jul 2021 06:04:33 +0200 php7.3 (7.3.27-1~deb10u1) buster-security; urgency=medium [ Ondřej Surý ] * New upstream version 7.3.27 + Fixed bug #80672 (Null Dereference in SoapClient). (CVE-2021-21702) * New upstream version 7.3.26 + Fixed bug #77423 (FILTER_VALIDATE_URL accepts URLs with invalid userinfo). (CVE-2020-7071) * New upstream version 7.3.23 + Fixed bug #79699 (PHP parses encoded cookie names so malicious `__Host-` cookies can be sent). (CVE-2020-7070) + Fixed bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV). (CVE-2020-7069) * New upstream version 7.3.21 + Fixed bug #79797 (Use of freed hash key in the phar_parse_zipfile function). (CVE-2020-7068) * Disable the MySQL extension testing as it's too complicated and prone to breakages * In phpize, copy the foreign files from their respective packages (libtool, pkg-config, shtool, pkg.m4) instead of having a built-time copy in the package [ Pino Toscano ] * Disable AppArmor support on non-Linux archs (Closes: #951857) * Enable systemd integration only on Linux archs (Closes: #951834) -- Ondřej Surý Sat, 13 Feb 2021 17:31:40 +0100 php7.3 (7.3.19-1~deb10u1) buster-security; urgency=high * New upstream version 7.3.15 + Fixed bug #79082 (Files added to tar with Phar::buildFromIterator have all-access permissions). (CVE-2020-7063) + Fixed bug #79171 (heap-buffer-overflow in phar_extract_file). (CVE-2020-7061) + Fixed bug #79221 (Null Pointer Dereference in PHP Session Upload Progress). (CVE-2020-7062) * New upstream version 7.3.16 + Fixed bug #79371 (mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full). (CVE-2020-7065) + Fixed bug #79329 (get_headers() silently truncates after a null byte). (CVE-2020-7066) * New upstream version 7.3.17 + Fixed bug #79465 (OOB Read in urldecode()). (CVE-2020-7067) * New upstream version 7.3.18 + Fixed bug #78875 (Long filenames cause OOM and temp files are not cleaned). (CVE-2019-11048) + Fixed bug #78876 (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (CVE-2019-11048) * New upstream version 7.3.19 * php-fpm has to depend on procps due kill usage in systemd service file (Closes: #861855) -- Ondřej Surý Sun, 05 Jul 2020 08:46:45 +0200 php7.3 (7.3.14-1~deb10u1) buster-security; urgency=medium * New upstream version 7.3.14 * Disable MySQL X Plugin in the tests * Use mysqld --initialize-insecure for MySQL 8.0 (for Ubuntu 19.10) * Remove --skip-grant-tables to fix FTBFS with MySQL 8.0 * Remove --without-mysqlx from MySQL 5.7 -- Ondřej Surý Sun, 16 Feb 2020 16:07:23 +0100 php7.3 (7.3.11-1~deb10u1) buster-security; urgency=medium * New upstream version 7.3.11 -- Ondřej Surý Sat, 26 Oct 2019 16:14:18 +0200 php7.3 (7.3.9-1~deb10u1) buster-security; urgency=high * New upstream version 7.3.9 * php7.3-curl: Add Breaks against php7.0-curl for smoother upgrades from stretch. (Closes: #929689) -- Ondřej Surý Wed, 18 Sep 2019 12:33:23 +0200 php7.3 (7.3.4-2) unstable; urgency=medium [Andreas Beckmann] * php7.3-common: Add Breaks against php7.0-curl for smoother upgrades from stretch. (Closes: #925106) * php7.3-common: Add Breaks against gforge-common from jessie which uses a deprecated constructor syntax. * Deterministically generate debian/control by sorting the extension packages. -- Ondřej Surý Sat, 13 Apr 2019 19:05:48 +0000 php7.3 (7.3.4-1) unstable; urgency=medium * Update d/watch for new php.net pages * New upstream version 7.3.4 * Enforce C++11 for intl compilation on older distributions -- Ondřej Surý Wed, 10 Apr 2019 06:55:43 +0000 php7.3 (7.3.3-1) unstable; urgency=medium * New upstream version 7.3.3 * Update systzdata patch to v18 (Courtesy of RemiRepo) * Add patch for OpenSSL 1.1.1b (Courtesy of RemiRepo) -- Ondřej Surý Thu, 07 Mar 2019 19:43:34 +0000 php7.3 (7.3.2-3) unstable; urgency=medium * Update systzdata patch to v17 (Courtesy of remirepo) -- Ondřej Surý Fri, 08 Feb 2019 15:05:54 +0000 php7.3 (7.3.2-2) unstable; urgency=medium * Fix the icu patch condition for icu >= 60 -- Ondřej Surý Fri, 08 Feb 2019 10:49:26 +0000 php7.3 (7.3.2-1) unstable; urgency=medium * New upstream version 7.3.2 -- Ondřej Surý Thu, 07 Feb 2019 17:58:05 +0000 php7.3 (7.3.1-3) unstable; urgency=medium * Always build spoofchecker, because we are enforcing icu >= 50.1 (Closes: #921199) -- Ondřej Surý Tue, 05 Feb 2019 10:25:33 +0000 php7.3 (7.3.1-2) unstable; urgency=high * Add patch to use pkg-config instead of icu-config to detect icu libraries (Closes: #916110) -- Ondřej Surý Mon, 21 Jan 2019 09:09:55 +0000 php7.3 (7.3.1-1) unstable; urgency=medium * New upstream version 7.3.1 -- Ondřej Surý Sun, 13 Jan 2019 10:13:20 +0000 php7.3 (7.3.0-2) unstable; urgency=medium * Add upstream patch to fix OPcache optimization problem for ArrayAccess->offsetGet * Add upstream patch to fix infinite loop in preg_replace_callback * Fix check for rl_completion_matches in readline extension -- Ondřej Surý Mon, 17 Dec 2018 09:51:53 +0000 php7.3 (7.3.0-1) unstable; urgency=medium * Update d/watch for the final PHP 7.3.0 release * New upstream version 7.3.0 -- Ondřej Surý Thu, 06 Dec 2018 20:22:15 +0000 php7.3 (7.3.0~rc6-1) unstable; urgency=medium * New upstream version 7.3.0~rc6 -- Ondřej Surý Sun, 25 Nov 2018 10:01:25 +0000 php7.3 (7.3.0~rc5-2) unstable; urgency=medium * Don't use sed found by configure, use the sed command as available in the host system (Closes: #913620) -- Ondřej Surý Tue, 13 Nov 2018 09:10:56 +0000 php7.3 (7.3.0~rc5-1) unstable; urgency=medium * New upstream version 7.3.0~rc5 * Enable lmdb support in dba extension -- Ondřej Surý Mon, 12 Nov 2018 09:54:24 +0000 php7.3 (7.3.0~rc4-2) unstable; urgency=medium * Restore correct patch name for 0040-Add-patch-to-install-php7-module-directly-to-APXS_LI.patch -- Ondřej Surý Sun, 04 Nov 2018 04:54:20 +0000 php7.3 (7.3.0~rc4-1) unstable; urgency=medium * New upstream version 7.3.0~rc4 * Rebase patches for PHP 7.4.0~rc4 -- Ondřej Surý Thu, 25 Oct 2018 08:57:33 +0000 php7.3 (7.3.0~rc3-3) unstable; urgency=medium * Add patch to use pkg-config for FreeType2 library detection (Closes: #911460) * Remove libmcrypt-dev from Build-Depends -- Ondřej Surý Thu, 25 Oct 2018 06:39:32 +0000 php7.3 (7.3.0~rc3-2) unstable; urgency=medium * Disable the enabled modules in prerm, because in postrm the phpquery script is not aware of already removed sapi (Closes: #911018) -- Ondřej Surý Mon, 15 Oct 2018 09:53:04 +0000 php7.3 (7.3.0~rc3-1) unstable; urgency=medium * New upstream version 7.3.0~rc3 * Rebase patches for PHP 7.3.0~rc3 -- Ondřej Surý Sat, 13 Oct 2018 13:47:36 +0000 php7.3 (7.3.0~rc2-3) unstable; urgency=medium * Remove ancient mv_conffile (from php5) * Remove spurious L from phpize script (Closes: #909110) * Downgrade dh-php from Recommends to Suggests (Closes: #910620) -- Ondřej Surý Tue, 09 Oct 2018 13:22:52 +0000 php7.3 (7.3.0~rc2-2) unstable; urgency=medium * Fix the Vcs-* links * Apply upstream patch to allow disabling pcre jit and disable it on mips and s390x archs * Extra 'L' is gone (Closes: #909110) -- Ondřej Surý Thu, 04 Oct 2018 14:25:15 +0000 php7.3 (7.3.0~rc2-1) unstable; urgency=medium * New upstream version 7.3.0~rc2 * Rebase patches for PHP 7.3.0~rc2 -- Ondřej Surý Mon, 01 Oct 2018 11:42:35 +0000 php7.3 (7.3.0~beta2-3) unstable; urgency=medium * Disable assembly code with gcc 4.8 on i386 -- Ondřej Surý Mon, 20 Aug 2018 08:07:58 +0000 php7.3 (7.3.0~beta2-2) unstable; urgency=medium * Remove dependency on pcre3 and add libpcre2-dev to phpX.Y-dev -- Ondřej Surý Sun, 19 Aug 2018 16:12:50 +0000 php7.3 (7.3.0~beta2-1) unstable; urgency=medium * New upstream version 7.3.0~beta2 * Rebase patches for PHP 7.3.0~beta2 * Fix phpdbg.1 installation path from srcdir to builddir * Bump d/phpapi to 20180731 -- Ondřej Surý Sun, 19 Aug 2018 07:49:10 +0000 php7.3 (7.3.0~beta1-1) unstable; urgency=medium [ Lior Kaplan ] * Fix syntax typo [ Ondřej Surý ] * New upstream version 7.3.0~beta1 * Rebase patches for PHP 7.3.0beta1 -- Ondřej Surý Fri, 03 Aug 2018 13:52:09 +0000 php7.3 (7.3.0~alpha4-1) unstable; urgency=medium * Use cpuid.h instead of custom assembler * New upstream version 7.3.0~alpha4 * Rebase patches for PHP 7.3.0~alpha4 -- Ondřej Surý Wed, 25 Jul 2018 11:11:09 +0000 php7.3 (7.3.0~alpha3-2) unstable; urgency=medium * Remove traces of ext_skel modifications * Add profile to all default-mysql-server alternatives * Bump d/phpapi for PHP 7.3 * Add libargon2-dev as new alternative build-dependency to libargon2-0-dev -- Ondřej Surý Sat, 14 Jul 2018 13:57:34 +0000 php7.3 (7.3.0~alpha3-1) unstable; urgency=medium * Update upstream signing-key.asc for PHP 7.3 * New upstream version 7.3.0~alpha3 * Build-Depend on libpcre2-dev * Rebase patches for PHP 7.3.0~alpha3 -- Ondřej Surý Mon, 09 Jul 2018 13:49:59 +0000 php7.2 (7.2.7-2) unstable; urgency=medium * Update the maintainer email to team+pkg-php@tracker.debian.org * Update the Vcs-* links to salsa.d.o -- Ondřej Surý Mon, 09 Jul 2018 12:28:45 +0000 php7.2 (7.2.7-1) unstable; urgency=medium * New upstream version 7.2.7 * Refresh patches for PHP 7.2.7 -- Ondřej Surý Fri, 22 Jun 2018 07:35:11 +0000 php7.2 (7.2.6-1) unstable; urgency=medium * New upstream version 7.2.6 * Rebase patches for PHP version 7.2.6 -- Ondřej Surý Mon, 11 Jun 2018 14:54:56 +0000 php7.2 (7.2.5-1) unstable; urgency=medium * New upstream version 7.2.5 * Rebase patches for PHP 7.2.5 -- Ondřej Surý Sat, 05 May 2018 04:56:32 +0000 php7.2 (7.2.4-1) unstable; urgency=medium * New upstream version 7.2.4 * Rebase patches on top of new upstream release. -- Ondřej Surý Thu, 05 Apr 2018 08:50:27 +0000 php7.2 (7.2.3-1) unstable; urgency=medium * New upstream version 7.2.3 * Rebase patches on top of new upstream release. -- Ondřej Surý Tue, 06 Mar 2018 11:15:04 +0000 php7.2 (7.2.2-3) unstable; urgency=medium * Add explicit libpcre3 >= 2:8.35 dependency as dh_genshlibs is failing to add versioned dependency for some reason. -- Ondřej Surý Tue, 06 Feb 2018 16:07:40 +0000 php7.2 (7.2.2-2) unstable; urgency=medium * Remove explicit libpcre3 dependency and let dh_genshlibs do its magic -- Ondřej Surý Tue, 06 Feb 2018 13:00:04 +0000 php7.2 (7.2.2-1) unstable; urgency=medium * New upstream version 7.2.2 * Rebase patches on top of new upstream release * Regenerate d/control to finish php7.2-sodium removal -- Ondřej Surý Thu, 01 Feb 2018 15:19:04 +0000 php7.2 (7.2.1-1) unstable; urgency=medium * Update the Vcs-* to salsa.d.o * Slightly update debian/copyright (most changes were already in) * New upstream version 7.2.1 * Rebase patches on top of new upstream release -- Ondřej Surý Fri, 05 Jan 2018 11:21:04 +0000 php7.2 (7.2.0-2) unstable; urgency=medium * Get rid of extra php7.2-sodium module -- Ondřej Surý Wed, 06 Dec 2017 14:15:47 +0000 php7.2 (7.2.0-1) unstable; urgency=low * Update PHP 7.2 signing keys * New upstream version 7.2.0 * Rebase patches for new upstream release. -- Ondřej Surý Thu, 30 Nov 2017 13:55:57 +0000 php7.2 (7.2.0~rc6-1) unstable; urgency=medium * New upstream version 7.2.0~rc6 * Rebase patches for new upstream version. -- Ondřej Surý Sun, 12 Nov 2017 03:30:05 +0000 php7.2 (7.2.0~rc5-1) unstable; urgency=medium * New upstream version 7.2.0~rc5 * Rebase patches for new upstream release -- Ondřej Surý Fri, 27 Oct 2017 13:33:55 +0000 php7.2 (7.2.0~rc4-2) unstable; urgency=medium * Fix the usage of internal allocator in xmlrpc extension -- Ondřej Surý Tue, 24 Oct 2017 18:54:46 +0000 php7.2 (7.2.0~rc4-1) unstable; urgency=medium * New upstream version 7.2.0~rc4 * Rebase patches on top of new upstream version 7.2.0~rc4 -- Ondřej Surý Sun, 22 Oct 2017 13:07:11 +0000 php7.2 (7.2.0~rc3-1) unstable; urgency=medium * New upstream version 7.2.0~rc3 * Refresh patches for PHP 7.2.0~rc3 -- Ondřej Surý Thu, 28 Sep 2017 18:26:49 +0200 php7.2 (7.2.0~rc2-1) unstable; urgency=medium * New upstream version 7.2.0~rc2 * Rebase patches on top of PHP 7.2.0~rc2 -- Ondřej Surý Mon, 18 Sep 2017 11:24:14 +0200 php7.2 (7.2.0~rc1-1) unstable; urgency=medium * New upstream version 7.2.0~rc1 * Rebase patches on top of PHP 7.2.0~rc1 * Update d/copyright (License check courtesy of Luca Falavigna) * Rewrap the files in d/ with wrap-and-sort -a -- Ondřej Surý Thu, 31 Aug 2017 14:00:16 +0200 php7.2 (7.2.0~beta3-2) unstable; urgency=medium * Enable Argon2 support for password hashing functions * Enable shared libsodium extension -- Ondřej Surý Fri, 25 Aug 2017 11:35:23 +0200 php7.2 (7.2.0~beta3-1) unstable; urgency=medium * Allow libgcrypt11-dev when it's not a transitional package * New upstream version 7.2.0~beta3 * Refresh patches on top of PHP 7.2.0~beta3 -- Ondřej Surý Fri, 18 Aug 2017 15:00:36 +0200 php7.2 (7.2.0~beta2-2) experimental; urgency=medium * Update Vcs-* links to https://gitlab.com/deb.sury.org/... * Stop depending on obsolete automake1.11 * Switch build-depends to libgcrypt20-dev -- Ondřej Surý Fri, 04 Aug 2017 11:56:09 +0200 php7.2 (7.2.0~beta2-1) experimental; urgency=medium * Update d/watch for PHP 7.2 * New upstream version 7.2.0~beta2 * Rebase patches for PHP 7.2.0~beta2 -- Ondřej Surý Thu, 03 Aug 2017 20:42:38 +0200 php7.2 (7.2.0~beta1-1) experimental; urgency=medium * New upstream version 7.2.0~beta1 * Enable support for libsodium crypto * Rebase patches on top of PHP 7.2.0~beta1 * Update phpapi for PHP 7.2 to 20170718 -- Ondřej Surý Thu, 27 Jul 2017 13:29:34 +0200 php7.2 (7.2.0~alpha3-1) experimental; urgency=medium * New upstream version 7.2.0~alpha3 * Rebase patches on top of PHP 7.2.0~alpha3 * Update d/rules with configure.in -> configure.ac rename * Remove mcrypt extension that has been removed upstream * Update phpapi to 20160731 -- Ondřej Surý Thu, 06 Jul 2017 13:50:44 +0200