php-dompdf (3.1.0+dfsg-1) unstable; urgency=medium

  * New upstream version 3.1.0
  * Drop now default Priority: optional
  * Drop now default Rules-Requires-Root: no
  * Bump Standards-Version to 4.7.2
  * Remove nocheck from phpunit B-D
  * Exclude lib/res/{sRGB2014.icc,sRGB2014.icc.LICENSE} from upstream
  * Refresh patches
  * Depend on icc-profiles-free for PDF/A
  * Use phpunit --do-not-cache-result in DEP-8 tests

 -- William Desportes <williamdes@wdes.fr>  Thu, 18 Sep 2025 15:33:53 +0200

php-dompdf (3.0.2+dfsg-1) unstable; urgency=medium

  * New upstream version 3.0.2
  * Refresh patches

 -- William Desportes <williamdes@wdes.fr>  Tue, 31 Dec 2024 18:51:10 +0100

php-dompdf (3.0.1+dfsg-1) unstable; urgency=medium

  * New upstream version 3.0.1

 -- William Desportes <williamdes@wdes.fr>  Wed, 11 Dec 2024 10:50:22 +0100

php-dompdf (3.0.0+dfsg-2) unstable; urgency=medium

  * Add a patch to avoid the ghostscript error

 -- William Desportes <williamdes@wdes.fr>  Sat, 03 Aug 2024 21:11:35 +0200

php-dompdf (3.0.0+dfsg-1) unstable; urgency=medium

  * New upstream version 3.0.0 (Closes: #1077022, Closes: #1077445)
  * Remove "gitmode=full" from d/watch
  * Update d/control version restrictions
  * Add a patch for PHPUnit 11
  * Add more depends for DEP-8 tests
  * No more need to re-build afm linked files: ttf2afm
  * Refresh patches for tests and runtime

 -- William Desportes <williamdes@wdes.fr>  Sat, 03 Aug 2024 18:36:12 +0200

php-dompdf (2.0.7+dfsg-1) unstable; urgency=medium

  * New upstream version 2.0.7
  * Update Standards-Version to 4.7.0

 -- William Desportes <williamdes@wdes.fr>  Wed, 17 Apr 2024 20:22:43 +0200

php-dompdf (2.0.4+dfsg-2) unstable; urgency=medium

  * Team upload
  * Force system dependencies loading

 -- David Prévot <taffit@debian.org>  Thu, 07 Mar 2024 18:55:58 +0100

php-dompdf (2.0.4+dfsg-1) unstable; urgency=medium

  * New upstream version 2.0.4 (CVE-2023-50262) (Closes: #1058793)
  * Update gbp.conf

 -- William Desportes <williamdes@wdes.fr>  Sat, 16 Dec 2023 23:41:34 +0100

php-dompdf (2.0.3+dfsg-4) unstable; urgency=medium

  [ Robin Gustafsson ]
  * Build DejaVu .ufm files (Closes: #1056974)
  * Clean up the vendor directory

 -- William Desportes <williamdes@wdes.fr>  Wed, 06 Dec 2023 21:09:03 +0100

php-dompdf (2.0.3+dfsg-3) unstable; urgency=medium

  * Add -b to Vcs-Git
  * Add a test for the Dompdf class
  * Forward upstream the phpunit 10 patch

 -- William Desportes <williamdes@wdes.fr>  Fri, 29 Sep 2023 13:15:59 +0200

php-dompdf (2.0.3+dfsg-2) unstable; urgency=medium

  * Move to fonts-liberation (Ref: #1038940) (Closes: #1039773)
  * Add a patch for phpunit 10 (Closes: #1039773)

 -- William Desportes <williamdes@wdes.fr>  Thu, 06 Jul 2023 11:20:10 +0200

php-dompdf (2.0.3+dfsg-1) unstable; urgency=medium

  * New upstream version 2.0.3 (CVE-2023-24813)

  [ William Desportes ]
  * Remove old config file from debian/
  * Update d/upstream/changelog

 -- William Desportes <williamdes@wdes.fr>  Wed, 08 Feb 2023 13:41:16 +0100

php-dompdf (2.0.2+dfsg-2) unstable; urgency=medium

  * Add missing closes to d/changelog (Closes: #978994)
  * Fix autopkgtest require
  * Add a Cpdf test
  * Fix wrong path for Cpdf in autoload
  * Fixup ImageTest because it uses a local test file
  * Add a DEP-8 test for basic-html-pdf.php example

 -- William Desportes <williamdes@wdes.fr>  Sat, 04 Feb 2023 15:17:50 +0100

php-dompdf (2.0.2+dfsg-1) unstable; urgency=medium

  [ Katharina Drexel ]
  * Refresh the packaging

  [ William Desportes ]
  * Remove dfsg fonts lib/fonts/*.afm
  * Remove dfsg fonts lib/fonts/DejaVu*.{ufm, ttf}
  * New upstream version 2.0.0
    - Closes: #1015874
    - Fixes CVE-2022-2400
    - Fixes CVE-2021-3902
    - Fixes CVE-2022-0085
    - Fixes CVE-2021-3838
  * New upstream version 2.0.1 (CVE-2022-41343)
  * New upstream version 2.0.2 (CVE-2023-23924)
  * Document copyrights of debian/* files
  * Set Uploaders to myself (Closes: #978994)
  * Remove Suggests: php-apcu, php-cli and php-tcpdf
  * Install the VERSION file because the code needs it
  * Add var/cache/php-dompdf/tmp to d/dirs
  * Add pkg-php-tools overrides and autoloaders
  * Add a patch to change directories to Debian folders
  * Add a patch for fontDir to work on build tests
  * Depend on fonts-dejavu-{extra,core} and sdop for fonts

 -- William Desportes <williamdes@wdes.fr>  Fri, 03 Feb 2023 22:53:19 +0100

php-dompdf (0.6.2+dfsg-3+deb10u2) buster-security; urgency=medium

  * Non-maintainer upload by the LTS Security Team.
  * CVE-2021-3838 fix was incomplete in handling fonts vulnerabilty.
    Backport needed to further backport upstream chroot changes,
    conjointly with ubuntu security team.
    Thanks to Camila Camargo de Matos.

 -- Bastien Roucariès <rouca@debian.org>  Thu, 10 Aug 2023 17:46:54 +0000

php-dompdf (0.6.2+dfsg-3+deb10u1) buster-security; urgency=medium

  * Non-maintainer upload by the LTS Security Team.
  * Fix CVE-2021-3838: php-dompdf was vulnerable to Deserialization
    of Untrusted Data.
  * Fix CVE-2022-2400: php-dompdf was vulnerable to
    External Control of File Name thus loading unallowed file.

 -- Bastien Roucariès <rouca@debian.org>  Thu, 13 Jul 2023 19:57:57 +0000

php-dompdf (0.6.2+dfsg-3) unstable; urgency=medium

  * [8b6277c] Fix font loading during build (Closes: #820691)
  * [8b84346] Update dependencies for PHP 7 (Closes: #821571, #821696)

 -- Markus Frosch <lazyfrosch@debian.org>  Tue, 19 Apr 2016 21:14:52 +0200

php-dompdf (0.6.2+dfsg-2) unstable; urgency=medium

  * [a922437] Update php-font-lib dependency to ~0.2

 -- Markus Frosch <lazyfrosch@debian.org>  Mon, 29 Feb 2016 14:38:08 +0100

php-dompdf (0.6.2+dfsg-1) unstable; urgency=medium

  [ David Prévot ]
  * [dd91f93] Revert "Add ownCloud for Debian to uploaders"
  * [315a84c] Drop now useless minimal version for php-font-lib
  * [a470548] Fix watch file

  [ Markus Frosch ]
  * [9bd8627] Update watch to exclude beta releases and mark them dfsg
  * [d1a2d1a] Adopt package within the PHP team (Closes: #748604)
  * [9f53a9a] Imported Upstream version 0.6.2+dfsg, which fixes:
    * CVE-2014-5013
    * CVE-2014-5012
    * CVE-2014-5011
    * CVE-2014-2383
    (Closes: #813849)
  * [a4b6496] Update copyright to not mention DFSG removed files
  * [9fdc430] Bump standards version to 3.9.7

 -- Markus Frosch <lazyfrosch@debian.org>  Sun, 28 Feb 2016 18:09:26 +0100

php-dompdf (0.6.1+dfsg-2) unstable; urgency=medium

  * Document security issue fixed in last upstream version, and upload to
    unstable.

 -- David Prévot <taffit@debian.org>  Wed, 23 Apr 2014 15:23:50 -0400

php-dompdf (0.6.1+dfsg-1) experimental; urgency=medium

  * New upstream release, uploaded to experimental because of the php-font-lib
    dependency:
    - Fixes an arbitrary file read vulnerability, that requires
      DOMPDF_ENABLE_REMOTE (disabled by default) to be enabled.
      (Closes: #745619) [CVE-2014-2383]
  * Add ownCloud for Debian to uploaders
  * Bump standards version to 3.9.5
  * Use Files-Excluded feature of uscan
  * Use phpcomposer from pkg-php-tools
  * Ship upstream README.md
  * Update dependencies, as recommended upstream
  * Update copyright
  * Acknowledge upstream separation of cache and fonts
  * Update upstream changelog
  * Use internal CSS in example

 -- David Prévot <taffit@debian.org>  Sat, 12 Apr 2014 14:32:12 -0400

php-dompdf (0.6.0~beta3+dfsg0-1) unstable; urgency=low

  * Initial release (Closes: #567928)

 -- David Prévot <taffit@debian.org>  Sat, 23 Nov 2013 10:00:18 -0400
