tcpdf (6.6.2+dfsg1-1+deb12u1) bookworm-security; urgency=medium
* Exclude quilt managed directory .pc/ from phpab in debian/rules
* Explicitly specify RELEASE: bookworm in d/gitlab-ci.yml
* Fix CVE-2024-22640: ReDoS (Regular Expression Denial of Service) if
parsing an untrusted HTML page with a crafted color
* Fix CVE-2024-22641: ReDoS (Regular Expression Denial of Service) if
parsing an untrusted SVG file
* Fix CVE-2024-32489: tcpdf mishandles calls that use HTML syntax
* Fix CVE-2024-51058: Local File Inclusion (LFI) vulnerability through <img>
src tag
* Fix CVE-2024-56519: setSVGStyles does not sanitize the SVG font-family
attribute
* Fix CVE-2024-56520: tcpdf, through its use of tc-lib-pdf-font, mishandles
fonts like FontBBox for Type 1 and incorrectly parses TrueType fonts
* Fix CVE-2024-56522: unserializeTCPDFtag doesn't make use of constant-time
function to compare TCPDF tag hashes
* Fix CVE-2024-56527: the Error function lacks an htmlspecialchars call for
the error message
* Update git branch in the VCS-Git d/control field
-- Santiago Ruano Rincón <santiagorr@riseup.net> Thu, 29 May 2025 13:17:39 -0300
tcpdf (6.6.2+dfsg1-1) unstable; urgency=medium
* New upstream version 6.6.2+dfsg1
* Refresh the example patch
* Update Standards-Version: to 4.6.2
-- William Desportes <williamdes@wdes.fr> Sat, 24 Dec 2022 00:14:51 +0400
tcpdf (6.6.0+dfsg1-1) unstable; urgency=medium
* New upstream version 6.6.0
* Move the autoload test to a superficial DEP-8 test
* Make autopkgtests depend on php-cli and not php
-- William Desportes <williamdes@wdes.fr> Tue, 06 Dec 2022 13:28:57 +0100
tcpdf (6.5.0+dfsg1-1) unstable; urgency=medium
* New upstream version 6.5.0
* Bump Standards-Version to 4.6.1
* Run "wrap-and-sort"
-- William Desportes <williamdes@wdes.fr> Fri, 12 Aug 2022 10:18:42 +0200
tcpdf (6.4.4+dfsg1-1) unstable; urgency=medium
* New upstream version 6.4.4 (Closes: #1000619)
* Update tcpdf test.php from upstream
* Update d/copyright
* Add d/s/lintian-overrides
* Update d/copyright years
* Update test.sh to use the debian include path for tests
* Depend on dh-sequence-phpcomposer and remove dh --with phpcomposer
* Remove Felipe from Uploaders (no upload needed since 2020)
* Install /u/s/p/autoloaders file
* Use the debian autoload and not the class file directly in example 066
-- William Desportes <williamdes@wdes.fr> Wed, 05 Jan 2022 23:54:01 +0100
tcpdf (6.4.2+dfsg1-1) unstable; urgency=medium
[ Debian Janitor ]
* Wrap long lines in changelog entries: 6.3.5+dfsg1-1.
[ William Desportes ]
* New upstream version 6.4.2
* Bump debhelper-compat to 13
* Update Standards-Version to 4.6.0
* Run "cme fix dpkg" to re-format the control file
* Set debian branch to debian/latest (DEP-14)
* Copy test script from upstream and update d/copyright for debian/*
* Improve the autoload test
* Run all examples like if they where tests
* Add php-{gd,bcmath,json,xml}, poppler-utils as test dependencies
* Add a patch to update the composer example number 66 to the Debian example
-- William Desportes <williamdes@wdes.fr> Thu, 19 Aug 2021 18:12:51 +0200
tcpdf (6.3.5+dfsg1-1) unstable; urgency=medium
[ William Desportes ]
* New upstream version 6.3.5.
[ Felipe Sateler ]
* Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
Repository-Browse.
* Add pkg-php-tools-override to enable automatic dependencies. Because the
original composer name tecnickcom/tcpdf does not match the debian binary
package name for historical reasons (php-tcpdf), we need to hint the correct
name to dh_phpcomposer, so that reverse dependencies find the correct
package automatically.
* Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
Repository-Browse.
-- Felipe Sateler <fsateler@debian.org> Sun, 15 Mar 2020 18:50:56 -0300
tcpdf (6.3.4+dfsg1-1) unstable; urgency=medium
[ William Desportes ]
* New upstream version 6.3.4.
* Bump Standards-Version to 4.5.0
* Update copyright year
-- Felipe Sateler <fsateler@debian.org> Sat, 15 Feb 2020 21:44:00 -0300
tcpdf (6.3.2+dfsg1-1) unstable; urgency=medium
[ William Desportes ]
* Take over package into the phpMyAdmin Team. (Closes: #889731)
- Update Maintainer to "phpMyAdmin Team" and add Uploaders field
* New upstream version 6.3.2 modified, fixes php errors and warnings.
(Closes: #915286, LP: #1781000)
* Add php autoloader. (Closes: #780039)
* Fix VCS-urls and add GitLab CI file
* Fix reprotest, add user_group www-data and use_sudo as required
* Add debian/gbp.conf file and improve upstream import process
* Upgrade standards from 4.1.3 to 4.4.1
* Update copyright year and add Files-Excluded field
[ Felipe Sateler ]
* Change phpunit test to autoload test.
There is no phpunit in tcpdf.
* Make php-tcpdf depend on the icc profiles.
This way, if there is ever an icc profile update we don't need to
rebuild the package.
As a bonus, we don't need to modify the source package during build
-- Felipe Sateler <fsateler@debian.org> Sun, 20 Oct 2019 11:48:54 -0300
tcpdf (6.2.26+dfsg-2) unstable; urgency=low
[ Thiago Gomes Verissimo ]
* QA upload.
* Set Debian QA as maintainer.
* Using new DH level format. Consequently:
- debian/compat: removed.
- debian/control: changed from 'debhelper' to 'debhelper-compat' in Build
Depends field and bumped level to 12.
* debian/control:
- Bumped Standards-Version to 4.4.0.
* debian/rules: enabled all hardening compilation flags.
* debian/watch:
- Fix Regex pattern to find new upstream code.
package
* debian/tests/*: created to provide simple CI test
* debian/autoload.php.tpl:
- Added a standard php autoload.php template to be used in CI tests
-- Thiago Gomes Verissimo <verissimotgv@gmail.com> Sun, 21 Jul 2019 22:23:26 -0300
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog php-tcpdf`.
Generated by dwww version 1.15 on Mon Sep 1 02:56:01 CEST 2025.