File: changelog

package info (click to toggle)
php7.3 7.3.31-1~deb10u1
links: PTS, VCS
area: main
in suites: buster
size: 187,388 kB
sloc: ansic: 913,717; php: 22,387; sh: 11,230; cpp: 7,678; javascript: 3,040; pascal: 2,519; xml: 2,099; yacc: 1,950; exp: 1,514; makefile: 721; perl: 315; awk: 263; sql: 22
file content (508 lines) | stat: -rw-r--r-- 16,482 bytes
php7.3 (7.3.31-1~deb10u1) buster-security; urgency=medium

  * New upstream version 7.3.31
   + CVE-2021-21706: ZipArchive::extractTo extracts outside of
     destination.
  * Backported from 7.4.25
   + CVE-2021-21703: PHP-FPM oob R/W in root process leading to privilege
     escalation.

 -- Ondřej Surý <ondrej@debian.org>  Sun, 24 Oct 2021 17:18:08 +0200

php7.3 (7.3.29-1~deb10u1) buster-security; urgency=medium

  * New upstream version 7.3.29
   + CVE-2021-21705: SSRF bypass in FILTER_VALIDATE_URL
   + CVE-2021-21704: Stack buffer overflow in firebird_info_cb
   + CVE-2021-21704: SIGSEGV in firebird_handle_doer
   + CVE-2021-21704: SIGSEGV in firebird_stmt_execute
   + CVE-2021-21704: Crash while parsing blob data in firebird_fetch_blob

 -- Ondřej Surý <ondrej@debian.org>  Fri, 02 Jul 2021 06:04:33 +0200

php7.3 (7.3.27-1~deb10u1) buster-security; urgency=medium

  [ Ondřej Surý ]
  * New upstream version 7.3.27
   + Fixed bug #80672 (Null Dereference in SoapClient). (CVE-2021-21702)
  * New upstream version 7.3.26
   + Fixed bug #77423 (FILTER_VALIDATE_URL accepts URLs with invalid
     userinfo). (CVE-2020-7071)
  * New upstream version 7.3.23
   + Fixed bug #79699 (PHP parses encoded cookie names so malicious
     `__Host-` cookies can be sent). (CVE-2020-7070)
   + Fixed bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12
     bytes IV). (CVE-2020-7069)
  * New upstream version 7.3.21
   + Fixed bug #79797 (Use of freed hash key in the phar_parse_zipfile
     function). (CVE-2020-7068)
  * Disable the MySQL extension testing as it's too complicated and prone
    to breakages
  * In phpize, copy the foreign files from their respective packages
    (libtool, pkg-config, shtool, pkg.m4) instead of having a built-time
    copy in the package

  [ Pino Toscano ]
  * Disable AppArmor support on non-Linux archs (Closes: #951857)
  * Enable systemd integration only on Linux archs (Closes: #951834)

 -- Ondřej Surý <ondrej@debian.org>  Sat, 13 Feb 2021 17:31:40 +0100


php7.3 (7.3.19-1~deb10u1) buster-security; urgency=high

  * New upstream version 7.3.15
   + Fixed bug #79082 (Files added to tar with Phar::buildFromIterator
     have all-access permissions). (CVE-2020-7063)
   + Fixed bug #79171 (heap-buffer-overflow in phar_extract_file).
     (CVE-2020-7061)
   + Fixed bug #79221 (Null Pointer Dereference in PHP Session Upload Progress).
     (CVE-2020-7062)
  * New upstream version 7.3.16
   + Fixed bug #79371 (mb_strtolower (UTF-32LE): stack-buffer-overflow at
     php_unicode_tolower_full). (CVE-2020-7065)
   + Fixed bug #79329 (get_headers() silently truncates after a null byte).
     (CVE-2020-7066)
  * New upstream version 7.3.17
   + Fixed bug #79465 (OOB Read in urldecode()). (CVE-2020-7067)
  * New upstream version 7.3.18
   + Fixed bug #78875 (Long filenames cause OOM and temp files are not
     cleaned). (CVE-2019-11048)
   + Fixed bug #78876 (Long variables in multipart/form-data cause OOM and
     temp files are not cleaned). (CVE-2019-11048)
  * New upstream version 7.3.19
  * php-fpm has to depend on procps due kill usage in systemd service file
    (Closes: #861855)

 -- Ondřej Surý <ondrej@debian.org>  Sun, 05 Jul 2020 08:46:45 +0200

php7.3 (7.3.14-1~deb10u1) buster-security; urgency=medium

  * New upstream version 7.3.14
  * Disable MySQL X Plugin in the tests
  * Use mysqld --initialize-insecure for MySQL 8.0 (for Ubuntu 19.10)
  * Remove --skip-grant-tables to fix FTBFS with MySQL 8.0
  * Remove --without-mysqlx from MySQL 5.7

 -- Ondřej Surý <ondrej@debian.org>  Sun, 16 Feb 2020 16:07:23 +0100

php7.3 (7.3.11-1~deb10u1) buster-security; urgency=medium

  * New upstream version 7.3.11

 -- Ondřej Surý <ondrej@debian.org>  Sat, 26 Oct 2019 16:14:18 +0200

php7.3 (7.3.9-1~deb10u1) buster-security; urgency=high

  * New upstream version 7.3.9
  * php7.3-curl: Add Breaks against php7.0-curl for smoother upgrades from
    stretch.  (Closes: #929689)

 -- Ondřej Surý <ondrej@sury.org>  Wed, 18 Sep 2019 12:33:23 +0200

php7.3 (7.3.4-2) unstable; urgency=medium

  [Andreas Beckmann]
  * php7.3-common: Add Breaks against php7.0-curl for smoother upgrades from
    stretch.  (Closes: #925106)
  * php7.3-common: Add Breaks against gforge-common from jessie which uses a
    deprecated constructor syntax.
  * Deterministically generate debian/control by sorting the extension
    packages.

 -- Ondřej Surý <ondrej@debian.org>  Sat, 13 Apr 2019 19:05:48 +0000

php7.3 (7.3.4-1) unstable; urgency=medium

  * Update d/watch for new php.net pages
  * New upstream version 7.3.4
  * Enforce C++11 for intl compilation on older distributions

 -- Ondřej Surý <ondrej@debian.org>  Wed, 10 Apr 2019 06:55:43 +0000

php7.3 (7.3.3-1) unstable; urgency=medium

  * New upstream version 7.3.3
  * Update systzdata patch to v18 (Courtesy of RemiRepo)
  * Add patch for OpenSSL 1.1.1b (Courtesy of RemiRepo)

 -- Ondřej Surý <ondrej@debian.org>  Thu, 07 Mar 2019 19:43:34 +0000

php7.3 (7.3.2-3) unstable; urgency=medium

  * Update systzdata patch to v17 (Courtesy of remirepo)

 -- Ondřej Surý <ondrej@debian.org>  Fri, 08 Feb 2019 15:05:54 +0000

php7.3 (7.3.2-2) unstable; urgency=medium

  * Fix the icu patch condition for icu >= 60

 -- Ondřej Surý <ondrej@debian.org>  Fri, 08 Feb 2019 10:49:26 +0000

php7.3 (7.3.2-1) unstable; urgency=medium

  * New upstream version 7.3.2

 -- Ondřej Surý <ondrej@debian.org>  Thu, 07 Feb 2019 17:58:05 +0000

php7.3 (7.3.1-3) unstable; urgency=medium

  * Always build spoofchecker, because we are enforcing icu >= 50.1
    (Closes: #921199)

 -- Ondřej Surý <ondrej@debian.org>  Tue, 05 Feb 2019 10:25:33 +0000

php7.3 (7.3.1-2) unstable; urgency=high

  * Add patch to use pkg-config instead of icu-config to detect icu
    libraries (Closes: #916110)

 -- Ondřej Surý <ondrej@debian.org>  Mon, 21 Jan 2019 09:09:55 +0000

php7.3 (7.3.1-1) unstable; urgency=medium

  * New upstream version 7.3.1

 -- Ondřej Surý <ondrej@debian.org>  Sun, 13 Jan 2019 10:13:20 +0000

php7.3 (7.3.0-2) unstable; urgency=medium

  * Add upstream patch to fix OPcache optimization problem for
    ArrayAccess->offsetGet
  * Add upstream patch to fix infinite loop in preg_replace_callback
  * Fix check for rl_completion_matches in readline extension

 -- Ondřej Surý <ondrej@debian.org>  Mon, 17 Dec 2018 09:51:53 +0000

php7.3 (7.3.0-1) unstable; urgency=medium

  * Update d/watch for the final PHP 7.3.0 release
  * New upstream version 7.3.0

 -- Ondřej Surý <ondrej@debian.org>  Thu, 06 Dec 2018 20:22:15 +0000

php7.3 (7.3.0~rc6-1) unstable; urgency=medium

  * New upstream version 7.3.0~rc6

 -- Ondřej Surý <ondrej@debian.org>  Sun, 25 Nov 2018 10:01:25 +0000

php7.3 (7.3.0~rc5-2) unstable; urgency=medium

  * Don't use sed found by configure, use the sed command as available in
    the host system (Closes: #913620)

 -- Ondřej Surý <ondrej@debian.org>  Tue, 13 Nov 2018 09:10:56 +0000

php7.3 (7.3.0~rc5-1) unstable; urgency=medium

  * New upstream version 7.3.0~rc5
  * Enable lmdb support in dba extension

 -- Ondřej Surý <ondrej@debian.org>  Mon, 12 Nov 2018 09:54:24 +0000

php7.3 (7.3.0~rc4-2) unstable; urgency=medium

  * Restore correct patch name for
    0040-Add-patch-to-install-php7-module-directly-to-APXS_LI.patch

 -- Ondřej Surý <ondrej@debian.org>  Sun, 04 Nov 2018 04:54:20 +0000

php7.3 (7.3.0~rc4-1) unstable; urgency=medium

  * New upstream version 7.3.0~rc4
  * Rebase patches for PHP 7.4.0~rc4

 -- Ondřej Surý <ondrej@debian.org>  Thu, 25 Oct 2018 08:57:33 +0000

php7.3 (7.3.0~rc3-3) unstable; urgency=medium

  * Add patch to use pkg-config for FreeType2 library detection
    (Closes: #911460)
  * Remove libmcrypt-dev from Build-Depends

 -- Ondřej Surý <ondrej@debian.org>  Thu, 25 Oct 2018 06:39:32 +0000

php7.3 (7.3.0~rc3-2) unstable; urgency=medium

  * Disable the enabled modules in prerm, because in postrm the phpquery
    script is not aware of already removed sapi (Closes: #911018)

 -- Ondřej Surý <ondrej@debian.org>  Mon, 15 Oct 2018 09:53:04 +0000

php7.3 (7.3.0~rc3-1) unstable; urgency=medium

  * New upstream version 7.3.0~rc3
  * Rebase patches for PHP 7.3.0~rc3

 -- Ondřej Surý <ondrej@debian.org>  Sat, 13 Oct 2018 13:47:36 +0000

php7.3 (7.3.0~rc2-3) unstable; urgency=medium

  * Remove ancient mv_conffile (from php5)
  * Remove spurious L from phpize script (Closes: #909110)
  * Downgrade dh-php from Recommends to Suggests (Closes: #910620)

 -- Ondřej Surý <ondrej@debian.org>  Tue, 09 Oct 2018 13:22:52 +0000

php7.3 (7.3.0~rc2-2) unstable; urgency=medium

  * Fix the Vcs-* links
  * Apply upstream patch to allow disabling pcre jit and disable it on
    mips and s390x archs
  * Extra 'L' is gone (Closes: #909110)

 -- Ondřej Surý <ondrej@debian.org>  Thu, 04 Oct 2018 14:25:15 +0000

php7.3 (7.3.0~rc2-1) unstable; urgency=medium

  * New upstream version 7.3.0~rc2
  * Rebase patches for PHP 7.3.0~rc2

 -- Ondřej Surý <ondrej@debian.org>  Mon, 01 Oct 2018 11:42:35 +0000

php7.3 (7.3.0~beta2-3) unstable; urgency=medium

  * Disable assembly code with gcc 4.8 on i386

 -- Ondřej Surý <ondrej@debian.org>  Mon, 20 Aug 2018 08:07:58 +0000

php7.3 (7.3.0~beta2-2) unstable; urgency=medium

  * Remove dependency on pcre3 and add libpcre2-dev to phpX.Y-dev

 -- Ondřej Surý <ondrej@debian.org>  Sun, 19 Aug 2018 16:12:50 +0000

php7.3 (7.3.0~beta2-1) unstable; urgency=medium

  * New upstream version 7.3.0~beta2
  * Rebase patches for PHP 7.3.0~beta2
  * Fix phpdbg.1 installation path from srcdir to builddir
  * Bump d/phpapi to 20180731

 -- Ondřej Surý <ondrej@debian.org>  Sun, 19 Aug 2018 07:49:10 +0000

php7.3 (7.3.0~beta1-1) unstable; urgency=medium

  [ Lior Kaplan ]
  * Fix syntax typo

  [ Ondřej Surý ]
  * New upstream version 7.3.0~beta1
  * Rebase patches for PHP 7.3.0beta1

 -- Ondřej Surý <ondrej@debian.org>  Fri, 03 Aug 2018 13:52:09 +0000

php7.3 (7.3.0~alpha4-1) unstable; urgency=medium

  * Use cpuid.h instead of custom assembler
  * New upstream version 7.3.0~alpha4
  * Rebase patches for PHP 7.3.0~alpha4

 -- Ondřej Surý <ondrej@debian.org>  Wed, 25 Jul 2018 11:11:09 +0000

php7.3 (7.3.0~alpha3-2) unstable; urgency=medium

  * Remove traces of ext_skel modifications
  * Add <!nocheck> profile to all default-mysql-server alternatives
  * Bump d/phpapi for PHP 7.3
  * Add libargon2-dev as new alternative build-dependency to
    libargon2-0-dev

 -- Ondřej Surý <ondrej@debian.org>  Sat, 14 Jul 2018 13:57:34 +0000

php7.3 (7.3.0~alpha3-1) unstable; urgency=medium

  * Update upstream signing-key.asc for PHP 7.3
  * New upstream version 7.3.0~alpha3
  * Build-Depend on libpcre2-dev
  * Rebase patches for PHP 7.3.0~alpha3

 -- Ondřej Surý <ondrej@debian.org>  Mon, 09 Jul 2018 13:49:59 +0000

php7.2 (7.2.7-2) unstable; urgency=medium

  * Update the maintainer email to team+pkg-php@tracker.debian.org
  * Update the Vcs-* links to salsa.d.o

 -- Ondřej Surý <ondrej@debian.org>  Mon, 09 Jul 2018 12:28:45 +0000

php7.2 (7.2.7-1) unstable; urgency=medium

  * New upstream version 7.2.7
  * Refresh patches for PHP 7.2.7

 -- Ondřej Surý <ondrej@debian.org>  Fri, 22 Jun 2018 07:35:11 +0000

php7.2 (7.2.6-1) unstable; urgency=medium

  * New upstream version 7.2.6
  * Rebase patches for PHP version 7.2.6

 -- Ondřej Surý <ondrej@debian.org>  Mon, 11 Jun 2018 14:54:56 +0000

php7.2 (7.2.5-1) unstable; urgency=medium

  * New upstream version 7.2.5
  * Rebase patches for PHP 7.2.5

 -- Ondřej Surý <ondrej@debian.org>  Sat, 05 May 2018 04:56:32 +0000

php7.2 (7.2.4-1) unstable; urgency=medium

  * New upstream version 7.2.4
  * Rebase patches on top of new upstream release.

 -- Ondřej Surý <ondrej@debian.org>  Thu, 05 Apr 2018 08:50:27 +0000

php7.2 (7.2.3-1) unstable; urgency=medium

  * New upstream version 7.2.3
  * Rebase patches on top of new upstream release.

 -- Ondřej Surý <ondrej@debian.org>  Tue, 06 Mar 2018 11:15:04 +0000

php7.2 (7.2.2-3) unstable; urgency=medium

  * Add explicit libpcre3 >= 2:8.35 dependency as dh_genshlibs is failing
    to add versioned dependency for some reason.

 -- Ondřej Surý <ondrej@debian.org>  Tue, 06 Feb 2018 16:07:40 +0000

php7.2 (7.2.2-2) unstable; urgency=medium

  * Remove explicit libpcre3 dependency and let dh_genshlibs do its magic

 -- Ondřej Surý <ondrej@debian.org>  Tue, 06 Feb 2018 13:00:04 +0000

php7.2 (7.2.2-1) unstable; urgency=medium

  * New upstream version 7.2.2
  * Rebase patches on top of new upstream release
  * Regenerate d/control to finish php7.2-sodium removal

 -- Ondřej Surý <ondrej@debian.org>  Thu, 01 Feb 2018 15:19:04 +0000

php7.2 (7.2.1-1) unstable; urgency=medium

  * Update the Vcs-* to salsa.d.o
  * Slightly update debian/copyright (most changes were already in)
  * New upstream version 7.2.1
  * Rebase patches on top of new upstream release

 -- Ondřej Surý <ondrej@debian.org>  Fri, 05 Jan 2018 11:21:04 +0000

php7.2 (7.2.0-2) unstable; urgency=medium

  * Get rid of extra php7.2-sodium module

 -- Ondřej Surý <ondrej@debian.org>  Wed, 06 Dec 2017 14:15:47 +0000

php7.2 (7.2.0-1) unstable; urgency=low

  * Update PHP 7.2 signing keys
  * New upstream version 7.2.0
  * Rebase patches for new upstream release.

 -- Ondřej Surý <ondrej@debian.org>  Thu, 30 Nov 2017 13:55:57 +0000

php7.2 (7.2.0~rc6-1) unstable; urgency=medium

  * New upstream version 7.2.0~rc6
  * Rebase patches for new upstream version.

 -- Ondřej Surý <ondrej@debian.org>  Sun, 12 Nov 2017 03:30:05 +0000

php7.2 (7.2.0~rc5-1) unstable; urgency=medium

  * New upstream version 7.2.0~rc5
  * Rebase patches for new upstream release

 -- Ondřej Surý <ondrej@debian.org>  Fri, 27 Oct 2017 13:33:55 +0000

php7.2 (7.2.0~rc4-2) unstable; urgency=medium

  * Fix the usage of internal allocator in xmlrpc extension

 -- Ondřej Surý <ondrej@debian.org>  Tue, 24 Oct 2017 18:54:46 +0000

php7.2 (7.2.0~rc4-1) unstable; urgency=medium

  * New upstream version 7.2.0~rc4
  * Rebase patches on top of new upstream version 7.2.0~rc4

 -- Ondřej Surý <ondrej@debian.org>  Sun, 22 Oct 2017 13:07:11 +0000

php7.2 (7.2.0~rc3-1) unstable; urgency=medium

  * New upstream version 7.2.0~rc3
  * Refresh patches for PHP 7.2.0~rc3

 -- Ondřej Surý <ondrej@debian.org>  Thu, 28 Sep 2017 18:26:49 +0200

php7.2 (7.2.0~rc2-1) unstable; urgency=medium

  * New upstream version 7.2.0~rc2
  * Rebase patches on top of PHP 7.2.0~rc2

 -- Ondřej Surý <ondrej@debian.org>  Mon, 18 Sep 2017 11:24:14 +0200

php7.2 (7.2.0~rc1-1) unstable; urgency=medium

  * New upstream version 7.2.0~rc1
  * Rebase patches on top of PHP 7.2.0~rc1
  * Update d/copyright (License check courtesy of Luca Falavigna)
  * Rewrap the files in d/ with wrap-and-sort -a

 -- Ondřej Surý <ondrej@debian.org>  Thu, 31 Aug 2017 14:00:16 +0200

php7.2 (7.2.0~beta3-2) unstable; urgency=medium

  * Enable Argon2 support for password hashing functions
  * Enable shared libsodium extension

 -- Ondřej Surý <ondrej@debian.org>  Fri, 25 Aug 2017 11:35:23 +0200

php7.2 (7.2.0~beta3-1) unstable; urgency=medium

  * Allow libgcrypt11-dev when it's not a transitional package
  * New upstream version 7.2.0~beta3
  * Refresh patches on top of PHP 7.2.0~beta3

 -- Ondřej Surý <ondrej@debian.org>  Fri, 18 Aug 2017 15:00:36 +0200

php7.2 (7.2.0~beta2-2) experimental; urgency=medium

  * Update Vcs-* links to https://gitlab.com/deb.sury.org/...
  * Stop depending on obsolete automake1.11
  * Switch build-depends to libgcrypt20-dev

 -- Ondřej Surý <ondrej@debian.org>  Fri, 04 Aug 2017 11:56:09 +0200

php7.2 (7.2.0~beta2-1) experimental; urgency=medium

  * Update d/watch for PHP 7.2
  * New upstream version 7.2.0~beta2
  * Rebase patches for PHP 7.2.0~beta2

 -- Ondřej Surý <ondrej@debian.org>  Thu, 03 Aug 2017 20:42:38 +0200

php7.2 (7.2.0~beta1-1) experimental; urgency=medium

  * New upstream version 7.2.0~beta1
  * Enable support for libsodium crypto
  * Rebase patches on top of PHP 7.2.0~beta1
  * Update phpapi for PHP 7.2 to 20170718

 -- Ondřej Surý <ondrej@debian.org>  Thu, 27 Jul 2017 13:29:34 +0200

php7.2 (7.2.0~alpha3-1) experimental; urgency=medium

  * New upstream version 7.2.0~alpha3
  * Rebase patches on top of PHP 7.2.0~alpha3
  * Update d/rules with configure.in -> configure.ac rename
  * Remove mcrypt extension that has been removed upstream
  * Update phpapi to 20160731

 -- Ondřej Surý <ondrej@debian.org>  Thu, 06 Jul 2017 13:50:44 +0200