tcpdf (6.3.5+dfsg1-1+deb11u1) bullseye-security; urgency=medium

  * Non-maintainer upload by the LTS Team
  * Exclude quilt managed directory .pc/ from phpab in debian/rules
  * Explicitly specify RELEASE: bullseye in d/gitlab-ci.yml
  * Fix CVE-2024-22640: ReDoS (Regular Expression Denial of Service) if
    parsing an untrusted HTML page with a crafted color
  * Fix CVE-2024-22641: ReDoS (Regular Expression Denial of Service) if
    parsing an untrusted SVG file
  * Fix CVE-2024-32489: tcpdf mishandles calls that use HTML syntax
  * Fix CVE-2024-51058: Local File Inclusion (LFI) vulnerability through <img>
    src tag
  * Fix CVE-2024-56519: setSVGStyles does not sanitize the SVG font-family
    attribute
  * Fix CVE-2024-56520: tcpdf, throught its use of tc-lib-pdf-font, mishandles
    fonts like FontBBox for Type 1 and misparses TrueType fonts
  * Fix CVE-2024-56522: unserializeTCPDFtag doesn't make use of constant-time
    function to compare TCPDF tag hashes
  * Fix CVE-2024-56527: the Error function lacks an htmlspecialchars call for
    the error message
  * Backport d/tests/test.sh from bookworm
  * Update git branch in the VCS-Git d/control field

 -- Santiago Ruano Rincón <santiagorr@riseup.net>  Mon, 02 Jun 2025 19:03:58 -0300

tcpdf (6.3.5+dfsg1-1) unstable; urgency=medium

  [ William Desportes ]
  * New upstream version 6.3.5.

  [ Felipe Sateler ]
  * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
    Repository-Browse.
  * Add pkg-php-tools-override to enable automatic dependencies.
    Because the original composer name tecnickcom/tcpdf does not match the debian
    binary package name for historical reasons (php-tcpdf), we need to hint
    the correct name to dh_phpcomposer, so that reverse dependencies find the
    correct package automatically.
  * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
    Repository-Browse.

 -- Felipe Sateler <fsateler@debian.org>  Sun, 15 Mar 2020 18:50:56 -0300

tcpdf (6.3.4+dfsg1-1) unstable; urgency=medium

  [ William Desportes ]
  * New upstream version 6.3.4.
  * Bump Standards-Version to 4.5.0
  * Update copyright year

 -- Felipe Sateler <fsateler@debian.org>  Sat, 15 Feb 2020 21:44:00 -0300

tcpdf (6.3.2+dfsg1-1) unstable; urgency=medium

  [ William Desportes ]
  * Take over package into the phpMyAdmin Team. (Closes: #889731)
    - Update Maintainer to "phpMyAdmin Team" and add Uploaders field
  * New upstream version 6.3.2 modified, fixes php errors and warnings.
    (Closes: #915286, LP: #1781000)
  * Add php autoloader. (Closes: #780039)
  * Fix VCS-urls and add GitLab CI file
  * Fix reprotest, add user_group www-data and use_sudo as required
  * Add debian/gbp.conf file and improve upstream import process
  * Upgrade standards from 4.1.3 to 4.4.1
  * Update copyright year and add Files-Excluded field

  [ Felipe Sateler ]
  * Change phpunit test to autoload test.
    There is no phpunit in tcpdf.
  * Make php-tcpdf depend on the icc profiles.
    This way, if there is ever an icc profile update we don't need to
    rebuild the package.
    As a bonus, we don't need to modify the source package during build

 -- Felipe Sateler <fsateler@debian.org>  Sun, 20 Oct 2019 11:48:54 -0300

tcpdf (6.2.26+dfsg-2) unstable; urgency=low

  [ Thiago Gomes Verissimo ]
  * QA upload.
  * Set Debian QA as maintainer.

  * Using new DH level format. Consequently:
    - debian/compat: removed.
    - debian/control: changed from 'debhelper' to 'debhelper-compat' in Build
      Depends field and bumped level to 12.
  * debian/control:
     - Bumped Standards-Version to 4.4.0.
  * debian/rules: enabled all hardening compilation flags.
  * debian/watch:
     - Fix Regex pattern to find new upstream code.
       package
  * debian/tests/*: created to provide simple CI test
  * debian/autoload.php.tpl:
    - Added a standard php autoload.php template to be used in CI tests

 -- Thiago Gomes Verissimo <verissimotgv@gmail.com>  Sun, 21 Jul 2019 22:23:26 -0300

tcpdf (6.2.26+dfsg-1) unstable; urgency=medium

  [ Emanuele Rocca ]
  * QA upload
  * New upstream release (Closes: #908866, CVE-2018-17057)

  [ Jelmer Vernooĳ ]
  * Use secure copyright file specification URI.
  * Trim trailing whitespace.

  [ Ondřej Nový ]
  * d/rules: Remove trailing whitespaces
  * d/watch: Use https protocol

 -- Emanuele Rocca <ema@debian.org>  Mon, 25 Feb 2019 22:23:26 +0100

tcpdf (6.2.13+dfsg-1) unstable; urgency=medium

  * QA upload.
  * New upstream release.
  * Orphaning package as Laurent Destailleur was only maintaining this package
    as a dependency of dolibarr and he stopped maintaining the latter.
  * Move git repository to salsa.debian.org.
  * Switch to debhelper compat level 11.
  * Bump Standards-Version to 4.1.3.
  * Updated dependencies for PHP7.0. Closes: #817271 Thanks to Michal Čihař
    for the patch.
  * Update copyright file to avoid duplicate license entry on LGPL-3+
  * Improve get-orig-source.sh to replace sRGB.icc with its free variant.
  * Set "Rules-Requires-Root: binary-targets" because we need root rights to
    set ownership of /var/cache/tcpdf/ to www-data.

 -- Raphaël Hertzog <hertzog@debian.org>  Tue, 06 Feb 2018 15:42:26 +0100

tcpdf (6.2.12+dfsg2-1) unstable; urgency=medium

  * New upstream version 6.2.12 modified with free version of sRGB.icc.
    This solve lintian error.

 -- Laurent Destailleur (eldy) <eldy@users.sourceforge.net>  Sat, 27 Feb 2016 19:35:45 +0100

tcpdf (6.2.12+dfsg-1) unstable; urgency=medium

  * New upstream version 6.2.12 (Closes: #814030, #785212)
  * Update license files for qrcodes.php file (Closes: #780051)

 -- Laurent Destailleur (eldy) <eldy@users.sourceforge.net>  Tue, 23 Feb 2016 10:35:45 +0100

tcpdf (6.0.093+dfsg-1) unstable; urgency=medium

  * New upstream release 6.0.093+dfsg
  * Removed line "Files-Excluded: include/sRGB.icc" from debian/copyright.
    No more required since original tcpdf package contains free sRGB.icc.
  * Removed dependency on icc-profiles-free.
    No more required since original tcpdf package contains free sRGB.icc.
  * Removed link to sRGB.icc
    No more required since original tcpdf package contains free sRGB.icc.

 -- Laurent Destailleur (eldy) <eldy@users.sourceforge.net>  Sun, 07 Sep 2014 11:06:38 +0200

tcpdf (6.0.091+dfsg-1) unstable; urgency=low

  [ Laurent Destailleur (eldy) ]
  * New upstream release 6.0.091+dfsg
  * Fix: Removed file include/sRGB.icc. This remove support for PDF/A-1b but
    solve any license troubles (Closes: #757447)

  [ Raphaël Hertzog ]
  * Restore sRGB.icc as a symlink to icc-profiles-free's
    /usr/share/color/icc/sRGB.icc
  * Add “Files-Excluded: include/sRGB.icc” to debian/copyright so that
    uscan automatically repacks new upstream tarballs.

 -- Raphaël Hertzog <hertzog@debian.org>  Fri, 29 Aug 2014 22:06:12 +0200

tcpdf (6.0.083+dfsg-1) unstable; urgency=low

  * New upstream release version 6.0.083+dfsg

 -- Laurent Destailleur (eldy) <eldy@users.sourceforge.net>  Sat, 26 Jul 2014 13:07:54 +0200

tcpdf (6.0.048+dfsg-2) unstable; urgency=medium

  [ Laurent Destailleur (eldy) ]
  * Removed lintian warning composer-package-without-pkg-php-tools-builddep
    by removing the Build-Depends: pkg-php-tools that is not required.
  * Update Standards-Version to 3.9.5

 -- Raphaël Hertzog <hertzog@debian.org>  Sat, 04 Jan 2014 20:41:07 +0100

tcpdf (6.0.048+dfsg-1) unstable; urgency=low

  * Imported Upstream version 6.0.048+dfsg
  * Update copyright file for fonts.

 -- Laurent Destailleur (eldy) <eldy@users.sourceforge.net>  Mon, 25 Nov 2013 20:26:02 +0100

tcpdf (6.0.021+dfsg-1) unstable; urgency=low

  [ Laurent Destailleur (eldy) ]
  * Repackage the upstream sources from 6.0.021.

  [ Raphaël Hertzog ]
  * Drop cruft in debian/rules.
  * Drop ${phpcomposer:*} substvars from debian/control until we start using
    the phpcomposer dh addon.

 -- Laurent Destailleur (eldy) <eldy@users.sourceforge.net>  Wed, 31 Jul 2013 15:12:28 +0200

tcpdf (6.0.020+dfsg-1) unstable; urgency=low

  * Repackage the upstream sources from 6.0.020.
  * Removed directory images from php-tcpdf.install (does not exists anymore)

 -- Laurent Destailleur (eldy) <eldy@users.sourceforge.net>  Wed, 17 Jul 2013 20:58:25 +0200

tcpdf (6.0.010+dfsg-1) unstable; urgency=low

  * Repackage the upstream sources to drop fonts/free* which are copies of the
    GPL-licensed fonts provided by freefont but for which upstream doesn't
    provide the corresponding sources in their release tarball.
  * Update the copyright file to drop the paragraph about those files.
  * Provide debian/rules get-orig-source to repackage the upstream sources.

 -- Raphaël Hertzog <hertzog@debian.org>  Fri, 19 Apr 2013 17:52:58 +0200

tcpdf (6.0.010-1) unstable; urgency=low

  * Initial release. (Closes: #495985)
  * Install cache directory as a symlink to /var/cache/tcpdf (a www-data owned
    directory).
  * Add a README.Debian documenting some potential permissions issues.

 -- Raphaël Hertzog <hertzog@debian.org>  Thu, 18 Apr 2013 16:45:36 +0200
