php-dompdf - Debian Package Tracker

general

source: php-dompdf (main)
version: 3.1.0+dfsg-1
maintainer: Debian PHP PEAR Maintainers (archive) (DMD)
uploaders: William Desportes [DMD] [DM]
arch: all
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.6.2+dfsg-3.1
oldstable: 2.0.3+dfsg-1
unstable: 3.1.0+dfsg-1

versioned links

0.6.2+dfsg-3.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.0.3+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.1.0+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

php-dompdf

action needed

Debci reports failed tests high

unstable: pass (log)
The tests ran in 0:01:42
Last run: 2025-08-27T13:26:42.000Z
Previous status: unknown

testing: fail (log)
The tests ran in 0:00:18
Last run: 2025-02-23T15:58:03.000Z
Previous status: unknown

stable: fail (log)
The tests ran in 0:00:21
Last run: 2025-08-11T06:47:13.000Z
Previous status: unknown

Created: 2025-02-23 Last update: 2025-09-23 22:04

A new upstream version is available: 3.1.1 high

A new upstream version 3.1.1 is available, you should consider packaging it.

Created: 2025-09-22 Last update: 2025-09-23 18:03

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 2-day delay is over. Check why.

Created: 2025-09-21 Last update: 2025-09-23 22:02

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 3.1.1+dfsg-1, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit a6afbe1b1983c7ce132cdb090787623c154d4b18
Author: William Desportes <williamdes@wdes.fr>
Date:   Mon Sep 22 21:14:10 2025 +0200

    d/ch

commit 540a84c544757a4652c697c9a1f6b3993b337819
Author: William Desportes <williamdes@wdes.fr>
Date:   Mon Sep 22 21:12:19 2025 +0200

    Refresh patches

commit 0b6fe92af175352502e9b598235f66328664fa49
Merge: 3baaa86 07e9c2e
Author: William Desportes <williamdes@wdes.fr>
Date:   Mon Sep 22 21:10:44 2025 +0200

    Update upstream source from tag 'upstream/3.1.1+dfsg'
    
    Update to upstream version '3.1.1+dfsg'
    with Debian dir ca13a610178a20c36ce373590878e9b7051a7e76

commit 07e9c2e40184d4d8333a3be578c16bb770adf5c3
Merge: 101d674 794ec85
Author: William Desportes <williamdes@wdes.fr>
Date:   Mon Sep 22 21:10:42 2025 +0200

    New upstream version 3.1.1+dfsg

commit 794ec856134a73d2a69a474c5d4faa47e1e645b1
Author: Brian Sweeney <brian@eclecticgeek.com>
Date:   Mon Sep 1 15:52:32 2025 -0400

    Improve PHP 8.5 compatibility
    
    - only use imagedestroy with PHP < 8
    - only use xml_parser_free with PHP < 8
    - only use curl_close with PHP < 8
    - only use setAccessible reflection method with PHP < 8.1
    - use http_get_last_response_headers with PHP >= 8.4
    - utilize getimagesize support for SVG images
    - use canonical types for casts
    - improve array key null safety
    
    addresses #3644

commit d38589a2b60df0d6348983e258d290b01d8d8806
Author: Brian Sweeney <brian@eclecticgeek.com>
Date:   Fri Aug 22 23:35:50 2025 -0400

    Allow custom document information in Cpdf
    
    partially addresses #2447

commit aa2609835ace662fe2fe9a4396146e5f760ace03
Author: Brian Sweeney <brian@eclecticgeek.com>
Date:   Wed Aug 13 19:03:41 2025 -0400

    Remove the cache-control header
    
    While the primary use of Dompdf is for personalized PDF generation, implementions should control the caching level.
    
    fixes #3098

commit 1ec59f0503d27711d5fc69a6baec5386e518a869
Author: Brian Sweeney <brian@eclecticgeek.com>
Date:   Mon Aug 11 22:03:57 2025 -0400

    Reset the canvas adapter when changing certain options
    
    When some options change (e.g., paper size, cache directories) the current implementation requires a reset of the Canvas adapater to apply the settings. This change resets the adapter early in order to minimize potential impact due to replacement of the Canvas.
    
    fixes #2990
    fixes #3642

commit c35992fbb6cce82723bd29cfd888ce4abf7ebfdd
Author: Brian Sweeney <brian@eclecticgeek.com>
Date:   Sun Aug 3 23:01:14 2025 -0400

    Remove unnecessary call to Cpdf::o_fontGIDtoCIDMap
    
    ... with "add" action.
    
    addresses #1964

commit 60c223593ce078931aa32bebd463b754602816c9
Author: kurniagungk <37070156+kurniagungk@users.noreply.github.com>
Date:   Sun Sep 14 02:34:58 2025 +0700

    Suppress warnings from getimagesize

commit cbe7db00c50553f7f475eb5a72da03420281b9b6
Author: Brian Sweeney <brian@eclecticgeek.com>
Date:   Mon Sep 1 09:10:16 2025 -0400

    Pre-resolve content for all children of auto-width parent
    
    Before this change Dompdf would only resolve content for in-flow children of auto-width (content-defined width) parents. Because content resolution also resolves counters this was resulting in incorrect counter resolution for out-of-flow elements (e.g. position: absolute) inside auto-width parents.
    
    fixes #3611

commit 29cf4cb40202c9a0df023e062023ec5a001ef0bd
Author: Brian Sweeney <brian@eclecticgeek.com>
Date:   Sun Aug 24 10:04:36 2025 -0400

    Include trimmed trailing whitespace when copying text nodes
    
    fixes #3565

commit d46e0292dc8e215656d040335caf635a6c83650c
Author: Brian Sweeney <brian@eclecticgeek.com>
Date:   Fri Aug 22 23:36:25 2025 -0400

    Support base26 numbering
    
    fixes #1545

commit 706a2ad37c46e2164baa44e5909d31b4f2806bfc
Author: Brian Sweeney <brian@eclecticgeek.com>
Date:   Mon Aug 18 09:23:27 2025 -0400

    Scale background images using resample copy
    
    The quality of the results from imagescale vary depending on the image type and scaling mode. imagecopyresampled appears to produce more consistent results.
    
    fixes #3496

commit 5f1526c2a3cdf062565cd56d8fe464408a575bd2
Author: Brian Sweeney <brian@eclecticgeek.com>
Date:   Wed Aug 13 09:17:08 2025 -0400

    Improve fixed table layout handling
    
    - Only use the fixed table layout algorithm if the table has a width.
    - Calculate column widths using only the first row's cells.
    
    see https://www.w3.org/TR/CSS2/tables.html#fixed-table-layout
    
    fixes #2355
    fixes #1432

commit e5078ceb0db5a38bcb5656d4183afe35e002c8bb
Author: Brian Sweeney <brian@eclecticgeek.com>
Date:   Tue Aug 5 09:51:57 2025 -0400

    Specify encoding for MBString functions
    
    partially addresses #2208

commit e63248ab26c5b8a9813224aac02b7c90b1538b79
Author: Brian Sweeney <brian@eclecticgeek.com>
Date:   Tue Aug 26 22:16:40 2025 -0400

    Improve stylesheet parsing of data URIs
    
    The previous logic was designed around base64-encoded data URIs and failed to correctly parse other types of data URIs such as SVG documents. This change modifies the logic to better support allowed escaped or unescaped bounding characters.

commit cb40ba2834f2da6c6e1f4d9506e82611ddd2b462
Author: Brian Sweeney <brian@eclecticgeek.com>
Date:   Tue Aug 26 22:13:06 2025 -0400

    Improve stylesheet media query parsing
    
    This change simplifies the regex for the at-media and unsupported at-* regex and utilizes the rescurse operator to improve nested media query parsing. The media query body content is reprocessed through the base CSS parser so that nested rules are properly parsed.
    
    fixes #3601

commit 2e9005587189aec32e9c8e21cec2d75c37d1d1cc
Author: Brian Sweeney <brian@eclecticgeek.com>
Date:   Sun Aug 24 12:07:34 2025 -0400

    Include DPI in length calculation cache key
    
    fixes #3588

commit 79261ac6b3ab4f81a518dec6f0cb6ccae8c2f548
Author: Brian Sweeney <brian@eclecticgeek.com>
Date:   Wed Aug 13 19:58:01 2025 -0400

    Add inset to dependency map for font-size
    
    fixes #3403

commit 34eb8067723bd03a012ab7a9a4a21fe2977e642e
Author: Brian Sweeney <brian@eclecticgeek.com>
Date:   Sun Aug 3 23:03:39 2025 -0400

    Prefix ctype_xdigit with root namespace

commit 26d2bb5a5cead0f16c2f7c57e5ec1014b7f0316a
Author: Brian Sweeney <brian@eclecticgeek.com>
Date:   Mon Jun 10 09:11:50 2024 -0400

    Resrict page breaks on positioned elements and their children
    
    This change prevents paging of absolute- and fixed-position elements. Children of absolute-position elements will be paged, but the current implementation pushes in-flow content to the following page as well.
    
    addresses #864

commit ddff1c846ede0f1e689b3ce123abb0c8d5a09699
Author: Brian Sweeney <brian@eclecticgeek.com>
Date:   Sun Jun 29 16:38:54 2025 -0400

    Remove fixed-position elements from the document at render time
    
    Prior to this change fixed-position elements whose in-flow location was after the first page would not render on the first page and would render twice on their in-flow page.
    
    fixes #491

commit fbdf6a7108cd054439184952e1da12801d3c39f8
Author: Brian Sweeney <brian@eclecticgeek.com>
Date:   Sun Jan 5 19:51:55 2025 -0500

    Modify fixed-position element pre-prend
    
    Before this change fixed-position elements were inserted before the first child of the body. Using the prepend method produces the same outcome and prevents failure if a page has no children.

commit 3169c316f4fdaaf3e6f3caab6dd078f27fb9a6c5
Author: MuneebStack <muneeb.creatives@gmail.com>
Date:   Tue Sep 2 00:55:43 2025 +0500

    Refactor Options class set and get methods

commit cfdb67d540dec910296f764d1d9e8f62eebbd26e
Author: Fl0Cri <florent@inetis.ch>
Date:   Wed Jul 2 15:51:13 2025 +0200

    Fix missing CapHeight for some fonts

commit fd85c7d22ce456ad8d2a5302d820e3fb75b27ed0
Author: Starfox64 <1530720+Starfox64@users.noreply.github.com>
Date:   Wed Jul 24 13:37:14 2024 +0200

    Use cURL over file_get_content when available

commit e872b9967880b68f661036382356d56271da846a
Author: Thomas Landauer <thomas@landauer.at>
Date:   Tue Jun 24 14:30:05 2025 +0200

    Update README.md: Fixing line break

commit 07adbba8b9377503677d1f73d9b3063c5a3ea878
Author: Thomas Landauer <thomas@landauer.at>
Date:   Mon Jun 23 19:22:06 2025 +0200

    Update README.md (#3624)

commit 3152400098b9a9eae6ef8ccb55455c2027537ac3
Author: Michael Altfield <github_maltfield@michaelaltfield.net>
Date:   Sun May 25 16:21:01 2025 -0500

    check if ini_set is available to prevent Fatal Errors (#3524)
    
    * check if ini_set is available to prevent Fatal Errors
    
     * https://github.com/dompdf/dompdf/issues/3523
    
    * Surround only relevant code with ini_get/ini_set check
    
    ---------
    
    Co-authored-by: Brian Sweeney <brian@eclecticgeek.com>

commit 66cd07563a0c907af4742e0bca410dda2120f9cb
Author: William Desportes <williamdes@wdes.fr>
Date:   Sat May 24 18:35:40 2025 +0200

    Add support for SetAdditionalXmpRdf (#3593)
    
    * Add support for SetAdditionalXmpRdf
    
    * Do not use nowdocs

commit 0e5c566f7c15381126a6358aab838a0b9fb47b45
Author: Brian Sweeney <brian@eclecticgeek.com>
Date:   Tue Apr 29 16:44:27 2025 -0400

    Apply suggestions from code review of pdfa-updates
    
    Co-authored-by: William Desportes <williamdes@wdes.fr>

commit 29abd23f40628d97a55731dbc32ea7481e901ef5
Author: Brian Sweeney <brian@eclecticgeek.com>
Date:   Mon Mar 24 08:21:39 2025 -0400

    Only set the `Print` flag for annotations
    
    Until Cpdf supports annotation types other than links the ony flag that needs to be set for PDF/A support is the Print flag.
    
    fixes #3586

commit bdd6f8f717a63166a35ff66d0109649718278d44
Author: Brian Sweeney <brian@eclecticgeek.com>
Date:   Mon Jan 20 16:37:25 2025 -0500

    Add initial associated file relationship support to CPDF
    
    Currently only implemented by the catalog object.
    
    fixes #3576

commit 8679f3f3f730a11675f7071ca8c8fcec8f0d3814
Author: Brian Sweeney <brian@eclecticgeek.com>
Date:   Mon Jan 20 16:31:14 2025 -0500

    Update CPDF embedded file logic
    
    - fixes support for conditional file compression
    - fixes checksum calculation for compressed file
    - adds support for additional properties required by PDF/A (MimeType, ModDate)
    
    partially addresses #3576

commit b21b1f3140b2c318ae3ecfecb903bd6c023d347a
Author: Brian Sweeney <brian@eclecticgeek.com>
Date:   Mon Jan 20 16:19:30 2025 -0500

    Add name filter to Cpdf
    
    PDF names can include characters that are interpreted as operative delimeters (e.g., a slash) so long as the characters are escaped. This change adds a helper function to esacpe delimeters and characters out side the code point range of 33-126, per section 3.2.4 of the PDF 1.7 spec.

commit 3d26768d8f745117e083a5c054b7f6c75219a522
Author: Vencel Kátai <vencel.katai@webapix.hu>
Date:   Tue Jan 28 21:55:43 2025 +0100

    Escape encrypted strings

commit 3abb53e10dddefa6270f67dae5868d5f79e8e5ae
Author: Brian Sweeney <brian@eclecticgeek.com>
Date:   Fri Jan 17 08:24:48 2025 -0500

    Allow custom adapter classes
    
    fixes #3577

commit 723529bda1cbc3cf7a819d5fd4303554979172fb
Author: Brian Sweeney <brian@eclecticgeek.com>
Date:   Thu Jan 16 08:04:16 2025 -0500

    Reset version to commit hash

Created: 2025-09-22 Last update: 2025-09-22 20:33

lintian reports 2 warnings normal

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2023-02-10 Last update: 2025-09-19 01:32

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2023-50262: (needs triaging) Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the SVG document does not reference itself. However, prior to version 2.0.4, a recursive chained using two or more SVG documents is not correctly validated. Depending on the system configuration and attack pattern this could exhaust the memory available to the executing process and/or to the server itself. php-svg-lib, when run in isolation, does not support SVG references for `image` elements. However, when used in combination with Dompdf, php-svg-lib will process SVG images referenced by an `image` element. Dompdf currently includes validation to prevent self-referential `image` references, but a chained reference is not checked. A malicious actor may thus trigger infinite recursion by chaining references between two or more SVG images. When Dompdf parses a malicious payload, it will crash due after exceeding the allowed execution time or memory usage. An attacker sending multiple request to a system can potentially cause resource exhaustion to the point that the system is unable to handle incoming request. Version 2.0.4 contains a fix for this issue.

You can find information about how to handle this issue in the security team's documentation.

Created: 2023-12-14 Last update: 2025-09-19 00:28

testing migrations

excuses:
- Migration status: Blocked. Can't migrate due to a non-migratable dependency. Check status below.
- Blocked by: php-dompdf-svg-lib
- Migration status for php-dompdf (- to 3.1.0+dfsg-1): BLOCKED: Cannot migrate due to another item, which is blocked (please check which dependencies are stuck)
- Issues preventing migration:
- ∙ ∙ Build-Depends(-Arch): php-dompdf php-dompdf-svg-lib (not considered)
- ∙ ∙ Depends: php-dompdf php-dompdf-svg-lib (not considered)
- ∙ ∙ Invalidated by build-dependency
- ∙ ∙ Invalidated by dependency
- Additional info:
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/p/php-dompdf.html
- ∙ ∙ autopkgtest for php-dompdf/3.1.0+dfsg-1: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Pass, riscv64: Pass, s390x: Pass
- ∙ ∙ Reproducible on amd64 - info ♻
- ∙ ∙ Reproducible on arm64 - info ♻
- ∙ ∙ Required age reduced by 3 days because of autopkgtest
- ∙ ∙ 5 days old (needed 2 days)
- Not considered

news

[rss feed]

[2025-09-18] Accepted php-dompdf 3.1.0+dfsg-1 (source) into unstable (William Desportes)
[2025-02-19] php-dompdf REMOVED from testing (Debian testing watch)
[2025-01-19] php-dompdf 3.0.2+dfsg-1 MIGRATED to testing (Debian testing watch)
[2024-12-31] Accepted php-dompdf 3.0.2+dfsg-1 (source) into unstable (William Desportes)
[2024-12-25] php-dompdf REMOVED from testing (Debian testing watch)
[2024-12-14] php-dompdf 3.0.1+dfsg-1 MIGRATED to testing (Debian testing watch)
[2024-12-12] Accepted php-dompdf 3.0.1+dfsg-1 (source) into unstable (William Desportes)
[2024-08-06] php-dompdf 3.0.0+dfsg-2 MIGRATED to testing (Debian testing watch)
[2024-08-03] Accepted php-dompdf 3.0.0+dfsg-2 (source) into unstable (William Desportes)
[2024-08-03] Accepted php-dompdf 3.0.0+dfsg-1 (source) into unstable (William Desportes)
[2024-04-20] php-dompdf 2.0.7+dfsg-1 MIGRATED to testing (Debian testing watch)
[2024-04-17] Accepted php-dompdf 2.0.7+dfsg-1 (source) into unstable (William Desportes)
[2024-03-11] php-dompdf 2.0.4+dfsg-2 MIGRATED to testing (Debian testing watch)
[2024-03-07] Accepted php-dompdf 2.0.4+dfsg-2 (source) into unstable (David Prévot)
[2023-12-19] php-dompdf 2.0.4+dfsg-1 MIGRATED to testing (Debian testing watch)
[2023-12-16] Accepted php-dompdf 2.0.4+dfsg-1 (source) into unstable (William Desportes)
[2023-12-09] php-dompdf 2.0.3+dfsg-4 MIGRATED to testing (Debian testing watch)
[2023-12-06] Accepted php-dompdf 2.0.3+dfsg-4 (source) into unstable (William Desportes)
[2023-10-01] php-dompdf 2.0.3+dfsg-3 MIGRATED to testing (Debian testing watch)
[2023-09-29] Accepted php-dompdf 2.0.3+dfsg-3 (source) into unstable (William Desportes)
[2023-08-10] Accepted php-dompdf 0.6.2+dfsg-3+deb10u2 (source) into oldoldstable (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
[2023-07-13] Accepted php-dompdf 0.6.2+dfsg-3+deb10u1 (source) into oldoldstable (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
[2023-07-10] php-dompdf 2.0.3+dfsg-2 MIGRATED to testing (Debian testing watch)
[2023-07-06] Accepted php-dompdf 2.0.3+dfsg-2 (source) into unstable (William Desportes)
[2023-02-11] php-dompdf 2.0.3+dfsg-1 MIGRATED to testing (Debian testing watch)
[2023-02-09] php-dompdf 2.0.2+dfsg-2 MIGRATED to testing (Debian testing watch)
[2023-02-08] Accepted php-dompdf 2.0.3+dfsg-1 (source) into unstable (William Desportes)
[2023-02-04] Accepted php-dompdf 2.0.2+dfsg-2 (source) into unstable (William Desportes)
[2023-02-03] Accepted php-dompdf 2.0.2+dfsg-1 (source) into unstable (William Desportes)
[2022-11-14] Accepted php-dompdf 0.6.2+dfsg-4 (source) into unstable (Marcos Talau)

bugs [bug history graph]

all: 0

links

homepage
lintian (0, 2)
buildd: logs
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches
debci