php7.4 (7.4.3-4ubuntu2.29) focal-security; urgency=medium

  * SECURITY UPDATE: Use after free
    - debian/patches/CVE-2024-11235.patch: fix incorrect live-range
      calculation in Zend/zend_opcode.c and add tests in
      Zend/tests/ghsa-rwp7-7vc6-8477_001.phpt,
      Zend/tests/ghsa-rwp7-7vc6-8477_002.phpt,
      Zend/tests/ghsa-rwp7-7vc6-8477_003.phpt.
    - CVE-2024-11235
  * SECURITY UPDATE: Incorrect MIME type
    - debian/patches/CVE-2025-1217-*.patch: adds HTTP header folding
      support for HTTP wrapper response headers in
      ext/standard/http_fopen_wrapper.c and add tests in
      ests/http/ghsa-v8xr-gpvj-cx9g-001.phpt,
      tests/http/ghsa-v8xr-gpvj-cx9g-002.phpt,
      tests/http/ghsa-v8xr-gpvj-cx9g-003.phpt,
      tests/http/ghsa-v8xr-gpvj-cx9g-004.phpt,
      tests/http/ghsa-v8xr-gpvj-cx9g-005.phpt,
      tests/http/http_response_header_05.phpt.
    - debian/patches/openssl-server-8.1.patch: Use empheral ports
      for OpenSSL server client tests in
      ext/openssl/tests/ServerClientTestCase-8.1.inc.
    - CVE-2025-1217
  * SECURITY UPDATE: Invalid header
    - debian/patches/CVE-2025-1734.patch: fix in ext/standard/http_fopen_wrapper.c
      and add tests in
      ext/standard/tests/http/bug47021.phpt,
      ext/standard/tests/http/bug75535.phpt,
      tests/http/ghsa-pcmh-g36c-qc44-001.phpt,
      tests/http/ghsa-pcmh-g36c-qc44-002.phpt.
    - CVE-2025-1734
  * SECURITY UPDATE: Location truncation
    - debian/patches/CVE-2025-1861.patch: converts the
      allocation of location to be on heap instead of stack
      in ext/standard/http_fopen_wrapper.c and add tests in
      tests/http/ghsa-52jp-hrpf-2jff-001.phpt,
      tests/http/ghsa-52jp-hrpf-2jff-002.phpt.
    - CVE-2025-1861

 -- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>  Tue, 25 Mar 2025 15:57:03 -0300

php7.4 (7.4.3-4ubuntu2.28) focal-security; urgency=medium

  * SECURITY REGRESSION: Previous update caused a regression
    - debian/patches/CVE-2024-8932.patch: removing RETURN_THROWS
      symbol that was causing a regression in prev update.
    - CVE-2024-8932

 -- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>  Fri, 13 Dec 2024 10:46:46 -0300

php7.4 (7.4.3-4ubuntu2.26) focal-security; urgency=medium

  * SECURITY UPDATE: Buffer over read
    - debian/patches/CVE-2024-11233.patch: re arrange
      bound check code in ext/standard/filters.c,
      ext/standard/tests/filters/ghsa-r977-prxv-hc43.phpt.
    - CVE-2024-11233
  * SECURITY UPDATE: HTTP request smuggling
    - debian/patches/CVE-2024-11234.patch: avoiding
      fulluri CRLF injection in ext/standard/http_fopen_wrapper.c.
      .../tests/http/ghsa-c5f2-jwm7-mmq2.phpt.
    - CVE-2024-11234
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2024-11236-1.patch: adding an extralen check
      to avoid integer overflow in ext/pdo_dblib/dblib_driver.c,
      ext/pdo_dblib/tests/GHSA-5hqh-c84r-qjcv.phpt.
    - debian/patches/CVE-2024-11236-2.patch: change qcount to size_t in
      order to avoid integer overflow and adding checks in
      ext/pdo_firebird/firebird_driver.c.
    - CVE-2024-11236
  * SECURITY UPDATE: Heap buffer over-reads
    - debian/patches/CVE-2024-8929.patch: fix buffer over-reads in
      ext/mysqlnd/mysqlnd_ps_codec.c,
      ext/mysqlnd/mysqlnd_wireprotocol.c, and create some phpt tests.
    - CVE-2024-8929
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2024-8932.patch: fix OOB in access in
      ldap_escape in ext/ldap/ldap.c,
      ext/ldap/tests/GHSA-g665-fm4p-vhff-1.phpt,
      ext/ldap/tests/GHSA-g665-fm4p-vhff-2.phpt.
    - CVE-2024-8932

 -- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>  Wed, 04 Dec 2024 13:05:49 -0300

php7.4 (7.4.3-4ubuntu2.24) focal-security; urgency=medium

  * SECURITY UPDATE: Erroneous parsing of multipart form data
    - debian/patches/CVE-2024-8925.patch: limit bounday size in
      main/rfc1867.c, tests/basic/*.
    - CVE-2024-8925
  * SECURITY UPDATE: cgi.force_redirect configuration can be bypassed due
    to environment variable collision
    - debian/patches/CVE-2024-8927.patch: check for REDIRECT_STATUS in
      sapi/cgi/cgi_main.c.
    - CVE-2024-8927

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 30 Sep 2024 14:16:20 -0400

php7.4 (7.4.3-4ubuntu2.23) focal-security; urgency=medium

  * SECURITY UPDATE: Invalid user information
    - debian/patches/CVE-2024-5458.patch: improves filters validation
      in ext/filter/logical_filters.c and adds test
      in ext/filter/tests/ghsa-w8qr-v226-r27w.phpt.
    - CVE-2024-5458

 -- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>  Mon, 17 Jun 2024 10:22:20 -0300

php7.4 (7.4.3-4ubuntu2.22) focal-security; urgency=medium

  * SECURITY UPDATE: Heap buffer-overflow
    - debian/patches/CVE-2022-4900.patch: prevent potential buffer
      overflow for large valye of php_cli_server_workers_max in
      sapi/cli/php_cli_server.c.
    - CVE-2022-4900
  * SECURITY UPDATE: Cookie by pass
    - debian/patches/CVE-2024-2756.patch: adds more mangling rules
      in main/php_variable.c.
    - CVE-2024-2756
  * SECURITY UPDATE: Account take over risk
    - debian/patches/CVE-2024-3096.patch: disallow null character in bcrypt
      password in ext/standard/password.c,
      ext/standard/tests/password_bcrypt_errors.phpt.
    - CVE-2024-3096

 -- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>  Wed, 01 May 2024 07:11:33 -0300

php7.4 (7.4.3-4ubuntu2.21) focal; urgency=medium

  * d/p/fix-segfault-in-fpm_status_export_to_zval.patch: fix segmentation
    fault in fpm_status_export_to_zval. (LP: #2057576)

 -- Athos Ribeiro <athos.ribeiro@canonical.com>  Wed, 10 Apr 2024 09:36:03 -0300

php7.4 (7.4.3-4ubuntu2.20) focal-security; urgency=medium

  * SECURITY UPDATE: Disclosure sensitive information
    - debian/patches/CVE-2023-3823.patch: sanitieze libxml2 globals
      before parsing in ext/dom/document.c, ext/dom/documentfragment.c,
      xml_global_state_entity_loader_bypass.phpt, ext/libxml/php_libxml.h,
      ext/simplexml/simplexml.c, xml_global_state_entity_loader_bypass.phpt,
      ext/soap/php_xml.c, ext/xml/compat.c, ext/xmlreader/php_xmlreader.c,
      xml_global_state_entity_loader_bypass.phpt, ext/xsl/xsltprocessor.c,
      ext/zend_test/test.c.
    - CVE-2023-3823
  * SECURITY UPDATE: Stack buffer overflow
    - debian/patches/CVE-2023-3824.patch: fix buffer mismanagement in
      phar_dir_read(), and in files ext/phar/dirstream.c,
      ext/phar/tests/GHSA-jqcx-ccgx-xwhv.phpt.
    - CVE-2023-3824

 -- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>  Wed, 21 Feb 2024 10:54:34 -0300

php7.4 (7.4.3-4ubuntu2.19) focal-security; urgency=medium

  * SECURITY UPDATE: Missing error check and insufficient random
    bytes
    - debian/patches/CVE-2023-3247-1.patch: fixes missing randomness
      check and insufficient random byes for SOAP HTTP digest
      in ext/soap/php_http.c.
    - debian/patches/CVE-2023-3247-2.patch: fix wrong backporting of previous
      soap patch.
    - CVE-2023-3247

 -- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>  Tue, 27 Jun 2023 12:49:59 -0300

php7.4 (7.4.3-4ubuntu2.18) focal-security; urgency=medium

  * SECURITY UPDATE: password_verify() accepts invalid Blowfish hashes
    - debian/patches/CVE-2023-0567-1.patch: fix validation of malformed
      BCrypt hashes in ext/standard/crypt_blowfish.c,
      ext/standard/tests/crypt/bcrypt_salt_dollar.phpt.
    - debian/patches/CVE-2023-0567-2.patch: fix possible buffer overread in
      php_crypt() in ext/standard/crypt.c,
      ext/standard/tests/password/password_bcrypt_short.phpt.
    - CVE-2023-0567
  * SECURITY UPDATE: off-by-one in core path resolution function
    - debian/patches/CVE-2023-0568.patch: fix array overrun when appending
      slash to paths in ext/dom/document.c, ext/xmlreader/php_xmlreader.c,
      main/fopen_wrappers.c.
    - CVE-2023-0568
  * SECURITY UPDATE: DoS via excessive number of parts in HTTP form upload
    - debian/patches/CVE-2023-0662-1.patch: introduce
      max_multipart_body_parts INI in main/main.c, main/rfc1867.c.
    - debian/patches/CVE-2023-0662-2.patch: fix repeated warning for file
      uploads limit exceeding in main/rfc1867.c.
    - CVE-2023-0662

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 23 Feb 2023 07:43:23 -0500

php7.4 (7.4.3-4ubuntu2.17) focal-security; urgency=medium

  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2022-31631.patch: fix check
      unquotedlen size in ext/pdo_sqlite/sqlite_driver.c.
    - CVE-2022-31631

 -- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>  Tue, 10 Jan 2023 12:37:44 -0300

php7.4 (7.4.3-4ubuntu2.16) focal; urgency=medium

  [ Athos Ribeiro ]
  * d/rules: fix PHP_EXTRA_VERSION setting. (LP: #1989196)
  * Test PHP_EXTRA_VERSION setting with autopkgtest.

  [ Matthew Ruffell ]
  * No longer throw an error when serializing uninitialized typed
    properties with __sleep(), which makes serializing objects with
    __sleep() behave the same as serializing objects without
    __sleep(). (LP: #1999598)
    - d/p/lp-1999598-Fix-bug-79447.patch

 -- Athos Ribeiro <athos.ribeiro@canonical.com>  Thu, 15 Sep 2022 19:53:21 -0300

php7.4 (7.4.3-4ubuntu2.15) focal-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2022-31628-1.patch: adding a recursion limit
      in ext/phar/phar.c, ext/phar/tests/bug81726.phpt.
    - debian/source/include-binaries: add ext/phar/tests/bug81726.gz.
    - debian/patches/CVE-2022-31628-2.patch: avoid a second check in
      ext/phar/phar.c.
    - CVE-2022-31628
  * SECURITY UPDATE: Cookie injection
    - debian/patches/CVE-2022-31629.patch: don't mangle HTTP
      variable names that clash with ones that have a specific semantic
      meaning in ext/standard/test/bug81727.phpt,
      main/php_variables.c.
    - CVE-2022-31629
  * SECURITY UPDATE: Out of bounds read
    - debian/patches/CVE-2022-31630.patch: adds validation in
      imageloadfont() for OOB in ext/gd/gd.c, ext/gd/tests/bug81739.phpt.
    - CVE-2022-31630
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2022-37454.patch: fixes buffer overflow in
      hash_update() on long parameter in
      ext/hash/sha3/generic32lc/KeccakSponge.inc,
      ext/hash/sha3/generic64lc/KeccakSponge.inc.
    - CVE-2022-37454

 -- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>  Wed, 02 Nov 2022 06:53:44 -0300

php7.4 (7.4.3-4ubuntu2.13) focal; urgency=medium

  * d/p/0047-Update-gcc-func-attr-macro.patch: fix detection of unknown gcc
    function attributes. (LP: #1882279)

 -- Athos Ribeiro <athos.ribeiro@canonical.com>  Wed, 17 Aug 2022 10:29:56 -0300

php7.4 (7.4.3-4ubuntu2.12) focal-security; urgency=medium

  * SECURITY UPDATE: RCE via Uninitialized array in pg_query_params()
    - debian/patches/CVE-2022-31625.patch: don't free parameters which
      haven't initialized yet in ext/pgsql/pgsql.c,
      ext/pgsql/tests/bug81720.phpt.
    - CVE-2022-31625
  * SECURITY UPDATE: RCE via mysqlnd/pdo password buffer overflow
    - debian/patches/CVE-20022-31626.patch: properly calculate size in
      ext/mysqlnd/mysqlnd_wireprotocol.c.
    - CVE-2022-31626

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 13 Jun 2022 09:43:30 -0400

php7.4 (7.4.3-4ubuntu2.11) focal; urgency=medium

  * d/p/0048-Fix-bug-79603-by-retrying-on-RTD-key-collision.patch: retry on RTD
    key collision. (LP: #1968228)

 -- Athos Ribeiro <athos.ribeiro@canonical.com>  Thu, 05 May 2022 21:16:42 -0300

php7.4 (7.4.3-4ubuntu2.10) focal-security; urgency=medium

  * SECURITY UPDATE: DoS in zend_string_extend function
    - debian/patches/CVE-2017-8923.patch: fix integer Overflow when
      concatenating strings in Zend/zend_vm_def.h, Zend/zend_vm_execute.h.
    - CVE-2017-8923
  * SECURITY UPDATE: out of bounds access in php_pcre_replace_impl
    - debian/patches/CVE-2017-9118-pre1.patch: fix heap buffer overflow via
      str_repeat in Zend/zend_operators.c, Zend/zend_string.h.
    - debian/patches/CVE-2017-9118-pre2.patch: fix memory corruption in
      preg_replace/preg_replace_callback in ext/pcre/php_pcre.c,
      ext/pcre/tests/bug79188.phpt.
    - debian/patches/CVE-2017-9118-pre3.patch: fix too much memory is
      allocated for preg_replace() in ext/pcre/php_pcre.c,
      ext/pcre/tests/bug81243.phpt.
    - debian/patches/CVE-2017-9118.patch: fix out of bounds in
      php_pcre_replace_impl in Zend/zend_string.h, ext/pcre/php_pcre.c.
    - CVE-2017-9118
  * SECURITY UPDATE: DoS via memory consumption in i_zval_ptr_dtor
    - debian/patches/CVE-2017-9119.patch: handle memory limit error during
      string reallocation correctly in Zend/zend_string.h.
    - CVE-2017-9119
  * SECURITY UPDATE: DoS via integer overflow in mysqli_real_escape_string
    - debian/patches/CVE-2017-9120.patch: fix overflow in
      ext/mysqli/mysqli_api.c.
    - CVE-2017-9120
  * SECURITY UPDATE: filename truncation issue in XML parsing functions
    - debian/patches/CVE-2021-21707.patch: special character is breaking
      the path in xml function in ext/dom/domimplementation.c,
      ext/dom/tests/bug79971_2.phpt, ext/libxml/libxml.c,
      ext/simplexml/tests/bug79971_1.phpt,
      ext/simplexml/tests/bug79971_1.xml.
    - CVE-2021-21707

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 02 Mar 2022 10:36:52 -0500

php7.4 (7.4.3-4ubuntu2.9) focal-security; urgency=medium

  * SECURITY UPDATE: Use after free
    - debian/patches/CVE-2021-21708.patch: change the call to
      zval_ptr_dtor in ext/filter/logical_filters.c to be done
      after a validation is succeeded, and add a test for this
      case in ext/filter/tests/bug81708.phpt
    - CVE-2021-21708

 -- Rodrigo Figueiredo Zaiden <rodrigo.zaiden@canonical.com>  Thu, 24 Feb 2022 11:55:48 -0300

php7.4 (7.4.3-4ubuntu2.8) focal; urgency=medium

  * d/p/0047-fix-exception-infinite-loop.patch: Fix ErrorException infinite
    loop (LP: #1951031)

 -- Athos Ribeiro <athos.ribeiro@canonical.com>  Thu, 25 Nov 2021 20:16:22 -0300

php7.4 (7.4.3-4ubuntu2.7) focal-security; urgency=medium

  * SECURITY UPDATE: Out of bounds read/write
    - debian/patches/CVE-2021-21703.patch: The main change is to
      store scoreboard procs directly to the variable sized
      array rather than indirectly through the pointer in
      sapi/fpm/fpm/fpm_children.c, sapi/fpm/fpm/fpm_request.c,
      sapi/fpm/fpm/fpm_scoreboard.c, sapi/fpm/fpm/fpm_scoreboard.h,
      sapi/fpm/fpm/fpm_status.c, sapi/fpm/fpm/fpm_worker_pool.c.
    - CVE-2021-21703

 -- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>  Mon, 25 Oct 2021 15:20:54 -0300

php7.4 (7.4.3-4ubuntu2.6) focal; urgency=medium

  * Fix a segmentation fault and implement support for using cursors
    on prepared statements in the mysqli database driver. (LP: #1939853)
    - d/p/lp-1939853-1-Fix-Segfault-with-get_result-and-PS-cursors.patch
    - d/p/lp-1939853-2-MySQLnd-Support-cursors-in-store-get-result.patch

 -- Matthew Ruffell <matthew.ruffell@canonical.com>  Fri, 13 Aug 2021 17:39:12 +1200

php7.4 (7.4.3-4ubuntu2.5) focal-security; urgency=medium

  * SECURITY UPDATE: crash or info disclosure via PHAR zip file
    - debian/patches/CVE-2020-7068.patch: fix use after free in
      ext/phar/zip.c.
    - CVE-2020-7068
  * SECURITY UPDATE: incorrect URL validation
    - debian/patches/CVE-2020-7071-1.patch: make sure userinfo is valid
      according to RFC 3986 in ext/filter/tests/bug77423.phpt,
      ext/standard/url.c.
    - debian/patches/CVE-2020-7071-2.patch: revert previous fix and use a
      better one in ext/filter/logical_filters.c,
      ext/filter/tests/bug77423.phpt, ext/standard/url.c.
    - debian/patches/CVE-2020-7071-3.patch: remove unneeded function in
      ext/standard/url.c.
    - CVE-2020-7071
  * SECURITY UPDATE: crash via malformed XML data in SOAP extension
    - debian/patches/CVE-2021-21702-1.patch: check strings in
      ext/soap/php_sdl.c, ext/soap/php_xml.c, ext/soap/tests/bug80672.phpt,
      ext/soap/tests/bug80672.xml.
    - debian/patches/CVE-2021-21702-2.patch: fix compiler warning in
      ext/soap/php_sdl.c.
    - CVE-2021-21702
  * SECURITY UPDATE: multiple issues in the pdo_firebase module
    - debian/patches/CVE-2021-21704-1.patch: prevent overflow in
      ext/pdo_firebird/firebird_statement.c.
    - debian/patches/CVE-2021-21704-2.patch: verify result_size in
      ext/pdo_firebird/firebird_statement.c.
    - debian/patches/CVE-2021-21704-3.patch: verify result_size in
      ext/pdo_firebird/firebird_driver.c.
    - debian/patches/CVE-2021-21704-4.patch: don't overflow stack in
      ext/pdo_firebird/firebird_driver.c.
    - CVE-2021-21704
  * SECURITY UPDATE: SSRF bypass
    - debian/patches/CVE-2021-21705.patch: check password in
      ext/filter/logical_filters.c, ext/filter/tests/bug81122.phpt.
    - debian/patches/CVE-2021-21705-2.patch: fix compiler warning in
      ext/filter/logical_filters.c.
    - CVE-2021-21705

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 05 Jul 2021 11:13:35 -0400

php7.4 (7.4.3-4ubuntu2.4) focal-security; urgency=medium

  * SECURITY UPDATE: Incorrect encryption data
    - debian/patches/CVE-2020-7069.patch: fix wrong ciphertext/tag
      in AES-CCM encryption for a 12 bytes IV in ext/openssl/openssl.c,
      ext/openssl/tests/cipher_tests.inc, ext/openssl/openssl_*_ccm.phpt.
    - CVE-2020-7069
  * SECURITY UPDATE: Possibly forge cookie
    - debian/patches/CVE-2020-7070.patch: do not decode cookie names anymore
      in main/php_variables.c, tests/basic/022.phpt, tests/basic/023.phpt,
      tests/basic/bug79699.phpt.
    - CVE-2020-7070

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Tue, 06 Oct 2020 12:47:56 -0300

php7.4 (7.4.3-4ubuntu2.3) focal; urgency=medium

  * d/p/0041-Fix-79019-Copied-cURL-handles-upload-empty-file.patch,
    d/p/0042-Fix-79013-Content-Length-missing-when-posting-a-curl.patch:
    Fix issue with cURL causing chunked mode for file transfers.
    (LP: #1887826)

 -- Bryce Harrington <bryce@canonical.com>  Thu, 03 Sep 2020 13:06:34 -0700

php7.4 (7.4.3-4ubuntu2.2) focal-security; urgency=medium

  * SECURITY UPDATE: Denial of service through oversized memory allocated
    - debian/patches/CVE-2019-11048.patch: changes types int to size_t
      in main/rfc1867.c.
    - CVE-2019-11048

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Tue, 26 May 2020 09:24:22 -0300

php7.4 (7.4.3-4ubuntu2.1) focal; urgency=medium

  * libapache2-mod-php.postinst.extra: Disable other mod-php versions.
    Fixes failure when upgrading from previous versions of mod-php.
    (LP: #1865218)

 -- Bryce Harrington <bryce@canonical.com>  Tue, 21 Apr 2020 23:04:30 +0000

php7.4 (7.4.3-4ubuntu2) focal; urgency=medium

  * SECURITY UPDATE: Read one byte of uninitialized memory
    - debian/patches/CVE-2020-7064.patch: check length in
      exif_process_TIFF_in_JPEG to avoid read uninitialized memory
      ext/exif/exif.c, ext/exif/tests/bug79282.phpt.
    - CVE-2020-7064
  * SECURITY UPDATE: Memory corruption, crash and potentially code execution
    - debian/patches/CVE-2020-7065.patch: make sure that negative values are
      properly compared in ext/mbstring/php_unicode.c,
      ext/mbstring/tests/bug70371.phpt.
    - CVE-2020-7065
  * SECURITY UPDATE: Truncated url due \0
    - debian/patches/CVE-2020-7066.patch: check for get_headers
      not accepting \0 in ext/standard/url.c.
    - CVE-2020-7066

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Mon, 13 Apr 2020 09:32:06 -0300

php7.4 (7.4.3-4ubuntu1) focal; urgency=medium

  * d/control, d/control.in: Conflict with mod-php from php7.2 and
    php7.3 to ensure safe upgrade path for apache2.
    (Fixes LP: #1850933)

 -- Bryce Harrington <bryce@canonical.com>  Thu, 26 Mar 2020 20:24:23 +0000

php7.4 (7.4.3-4build2) focal; urgency=medium

  * No-change rebuild for icu soname change.

 -- Matthias Klose <doko@ubuntu.com>  Tue, 03 Mar 2020 21:34:56 +0100

php7.4 (7.4.3-4build1) focal; urgency=medium

  * No-change rebuild to enable build for i386

 -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 25 Feb 2020 14:37:54 -0800

php7.4 (7.4.3-4) unstable; urgency=medium

  * Remove /etc/init/php@PHP_VERSION@-fpm.conf, not
    /etc/init/php@PHP_VERSION@.conf (Closes: #951745)

 -- Ondřej Surý <ondrej@debian.org>  Sun, 23 Feb 2020 08:07:28 +0100

php7.4 (7.4.3-3) unstable; urgency=medium

  * Fixup upstart removal (missing prepare-files update) (Closes: #951745)

 -- Ondřej Surý <ondrej@debian.org>  Fri, 21 Feb 2020 18:01:35 +0100

php7.4 (7.4.3-2) unstable; urgency=medium

  * Remove the PIDFile= setting from systemd unit file (it should not be
    needed with Type=notify)
  * Use php-fpm-socket-helper from php-common >= 1:73 to update the
    default socket

 -- Ondřej Surý <ondrej@debian.org>  Fri, 21 Feb 2020 09:59:48 +0100

php7.4 (7.4.3-1) unstable; urgency=medium

  * Remove upstart support, use systemd-tmpfiles to create tmpfiles
    (Closes: #923032)
  * New upstream version 7.4.3

 -- Ondřej Surý <ondrej@debian.org>  Thu, 20 Feb 2020 13:12:06 +0100

php7.4 (7.4.2-7) unstable; urgency=medium

  * Add a note about PIDFile= and pid= match in php-fpm.conf
  * Silently ignore errors from update-alternatives in php-fpm.service

 -- Ondřej Surý <ondrej@debian.org>  Sat, 08 Feb 2020 13:04:50 +0100

php7.4 (7.4.2-6) unstable; urgency=medium

  * Use absolute path to update-alternatives

 -- Ondřej Surý <ondrej@debian.org>  Wed, 05 Feb 2020 17:47:54 +0100

php7.4 (7.4.2-5) unstable; urgency=medium

  * Move the update-alternatives call from postinst/prerm to systemd startup script

 -- Ondřej Surý <ondrej@debian.org>  Sat, 01 Feb 2020 18:44:05 +0100

php7.4 (7.4.2-4) unstable; urgency=medium

  * Make the creation of the default socket work on new installs

 -- Ondřej Surý <ondrej@debian.org>  Sat, 01 Feb 2020 14:11:48 +0100

php7.4 (7.4.2-3) unstable; urgency=medium

  * Use a mock socket file for setting up FPM socket alternatives

 -- Ondřej Surý <ondrej@debian.org>  Sat, 01 Feb 2020 13:09:39 +0100

php7.4 (7.4.2-2) unstable; urgency=medium

  * Create a generic /run/php/php-fpm.sock socket using update-alternatives

 -- Ondřej Surý <ondrej@debian.org>  Sat, 01 Feb 2020 10:17:27 +0100

php7.4 (7.4.2-1) unstable; urgency=medium

  * New upstream version 7.4.2
  * Disable dh_autoreconf for PHP, it breaks the build

 -- Ondřej Surý <ondrej@debian.org>  Thu, 23 Jan 2020 12:20:45 +0100

php7.4 (7.4.1-1) unstable; urgency=medium

  * Update d/watch for final release
  * New upstream version 7.4.1
  * Bump the debhelper compat to 10
  * Bump the Standards Version (no change)

 -- Ondřej Surý <ondrej@debian.org>  Tue, 21 Jan 2020 09:23:37 +0100

php7.4 (7.4.0-1) unstable; urgency=medium

  * New upstream version 7.4.0

 -- Ondřej Surý <ondrej@debian.org>  Thu, 28 Nov 2019 08:25:29 +0100

php7.4 (7.4.0~rc6-1) experimental; urgency=medium

  * Fix the FTBFS with MySQL 8.0
  * New upstream version 7.4.0~rc6

 -- Ondřej Surý <ondrej@debian.org>  Tue, 19 Nov 2019 18:49:28 +0100

php7.4 (7.4.0~rc4-1) experimental; urgency=medium

  * Bump d/phpapi to 20190902
  * New upstream version 7.4.0~rc4

 -- Ondřej Surý <ondrej@debian.org>  Sat, 26 Oct 2019 11:10:04 +0200

php7.4 (7.4.0~rc3-1) experimental; urgency=medium

  * New upstream version 7.4.0~rc3
  * GMP now uses autodetection (don't pass /usr to configure)
  * Bump d/phpapi to 20190902

 -- Ondřej Surý <ondrej@sury.org>  Tue, 08 Oct 2019 08:08:28 +0200

php7.4 (7.4.0~beta4-2) experimental; urgency=medium

  * Enable FFI experimental extension
  * Add libffi to B-D

 -- Ondřej Surý <ondrej@sury.org>  Wed, 28 Aug 2019 10:50:48 +0200

php7.4 (7.4.0~beta4-1) experimental; urgency=medium

  * Remove 0003-libtool2.2.patch, it's no longer needed [GL #1236]
  * New upstream version 7.4.0~beta4

 -- Ondřej Surý <ondrej@sury.org>  Tue, 27 Aug 2019 15:22:26 +0200

php7.4 (7.4.0~beta2-1) experimental; urgency=medium

  * New upstream version 7.4.0~beta2
  * Rebase patches for PHP 7.4.0~beta2

 -- Ondřej Surý <ondrej@sury.org>  Thu, 08 Aug 2019 13:41:59 +0200

php7.4 (7.4.0~beta1-1) experimental; urgency=medium

  * New upstream version 7.4.0~beta1
  * Rebase patches for PHP 7.4.0~beta1
  * Configure option --with-libxml-dir is now named --with-libxml
  * The recode extension has been moved to PECL.
  * The interbase extension has been moved to PECL.
  * The configure option for zip extension has changed from --enable-zip to --with-zlib
  * The WDDX extension has been deprecated and moved to PECL.
  * The configure options to enable GD extension has changed to --enable-gd and --with-external-gd
  * Regenerated d/control
  * Update the configure options according to UPGRADING file (mostly pkg-config related changes)
  * Cleanup the missing documentation
  * Update phpapi to 20190529

 -- Ondřej Surý <ondrej@sury.org>  Wed, 07 Aug 2019 17:47:41 +0200

php7.4 (7.4.0~alpha2-1) experimental; urgency=low

  * New upstream version 7.4.0~alpha2

 -- Ondřej Surý <ondrej@sury.org>  Wed, 10 Jul 2019 09:36:25 +0200

php7.3 (7.3.7-1) unstable; urgency=medium

  * New upstream version 7.3.7

 -- Ondřej Surý <ondrej@sury.org>  Wed, 10 Jul 2019 08:52:54 +0200

php7.3 (7.3.6-1) unstable; urgency=medium

  [ Ondřej Surý ]
  * New upstream version 7.3.6

  [ Andreas Beckmann ]
  * php7.3-curl: Add Breaks against php7.0-curl for smoother upgrades from stretch.  (Closes: #929689)

 -- Ondřej Surý <ondrej@sury.org>  Fri, 31 May 2019 13:36:51 +0200

php7.3 (7.3.5-1) unstable; urgency=medium

  * New upstream version 7.3.5

 -- Ondřej Surý <ondrej@sury.org>  Fri, 03 May 2019 10:16:15 +0200

php7.3 (7.3.4-2) unstable; urgency=medium

  [Andreas Beckmann]
  * php7.3-common: Add Breaks against php7.0-curl for smoother upgrades from
    stretch.  (Closes: #925106)
  * php7.3-common: Add Breaks against gforge-common from jessie which uses a
    deprecated constructor syntax.
  * Deterministically generate debian/control by sorting the extension
    packages.

 -- Ondřej Surý <ondrej@debian.org>  Sat, 13 Apr 2019 19:05:48 +0000

php7.3 (7.3.4-1) unstable; urgency=medium

  * Update d/watch for new php.net pages
  * New upstream version 7.3.4
  * Enforce C++11 for intl compilation on older distributions

 -- Ondřej Surý <ondrej@debian.org>  Wed, 10 Apr 2019 06:55:43 +0000

php7.3 (7.3.3-1) unstable; urgency=medium

  * New upstream version 7.3.3
  * Update systzdata patch to v18 (Courtesy of RemiRepo)
  * Add patch for OpenSSL 1.1.1b (Courtesy of RemiRepo)

 -- Ondřej Surý <ondrej@debian.org>  Thu, 07 Mar 2019 19:43:34 +0000

php7.3 (7.3.2-3) unstable; urgency=medium

  * Update systzdata patch to v17 (Courtesy of remirepo)

 -- Ondřej Surý <ondrej@debian.org>  Fri, 08 Feb 2019 15:05:54 +0000

php7.3 (7.3.2-2) unstable; urgency=medium

  * Fix the icu patch condition for icu >= 60

 -- Ondřej Surý <ondrej@debian.org>  Fri, 08 Feb 2019 10:49:26 +0000

php7.3 (7.3.2-1) unstable; urgency=medium

  * New upstream version 7.3.2

 -- Ondřej Surý <ondrej@debian.org>  Thu, 07 Feb 2019 17:58:05 +0000

php7.3 (7.3.1-3) unstable; urgency=medium

  * Always build spoofchecker, because we are enforcing icu >= 50.1
    (Closes: #921199)

 -- Ondřej Surý <ondrej@debian.org>  Tue, 05 Feb 2019 10:25:33 +0000

php7.3 (7.3.1-2) unstable; urgency=high

  * Add patch to use pkg-config instead of icu-config to detect icu
    libraries (Closes: #916110)

 -- Ondřej Surý <ondrej@debian.org>  Mon, 21 Jan 2019 09:09:55 +0000

php7.3 (7.3.1-1) unstable; urgency=medium

  * New upstream version 7.3.1

 -- Ondřej Surý <ondrej@debian.org>  Sun, 13 Jan 2019 10:13:20 +0000

php7.3 (7.3.0-2) unstable; urgency=medium

  * Add upstream patch to fix OPcache optimization problem for
    ArrayAccess->offsetGet
  * Add upstream patch to fix infinite loop in preg_replace_callback
  * Fix check for rl_completion_matches in readline extension

 -- Ondřej Surý <ondrej@debian.org>  Mon, 17 Dec 2018 09:51:53 +0000

php7.3 (7.3.0-1) unstable; urgency=medium

  * Update d/watch for the final PHP 7.3.0 release
  * New upstream version 7.3.0

 -- Ondřej Surý <ondrej@debian.org>  Thu, 06 Dec 2018 20:22:15 +0000

php7.3 (7.3.0~rc6-1) unstable; urgency=medium

  * New upstream version 7.3.0~rc6

 -- Ondřej Surý <ondrej@debian.org>  Sun, 25 Nov 2018 10:01:25 +0000

php7.3 (7.3.0~rc5-2) unstable; urgency=medium

  * Don't use sed found by configure, use the sed command as available in
    the host system (Closes: #913620)

 -- Ondřej Surý <ondrej@debian.org>  Tue, 13 Nov 2018 09:10:56 +0000

php7.3 (7.3.0~rc5-1) unstable; urgency=medium

  * New upstream version 7.3.0~rc5
  * Enable lmdb support in dba extension

 -- Ondřej Surý <ondrej@debian.org>  Mon, 12 Nov 2018 09:54:24 +0000

php7.3 (7.3.0~rc4-2) unstable; urgency=medium

  * Restore correct patch name for
    0040-Add-patch-to-install-php7-module-directly-to-APXS_LI.patch

 -- Ondřej Surý <ondrej@debian.org>  Sun, 04 Nov 2018 04:54:20 +0000

php7.3 (7.3.0~rc4-1) unstable; urgency=medium

  * New upstream version 7.3.0~rc4
  * Rebase patches for PHP 7.4.0~rc4

 -- Ondřej Surý <ondrej@debian.org>  Thu, 25 Oct 2018 08:57:33 +0000

php7.3 (7.3.0~rc3-3) unstable; urgency=medium

  * Add patch to use pkg-config for FreeType2 library detection
    (Closes: #911460)
  * Remove libmcrypt-dev from Build-Depends

 -- Ondřej Surý <ondrej@debian.org>  Thu, 25 Oct 2018 06:39:32 +0000

php7.3 (7.3.0~rc3-2) unstable; urgency=medium

  * Disable the enabled modules in prerm, because in postrm the phpquery
    script is not aware of already removed sapi (Closes: #911018)

 -- Ondřej Surý <ondrej@debian.org>  Mon, 15 Oct 2018 09:53:04 +0000

php7.3 (7.3.0~rc3-1) unstable; urgency=medium

  * New upstream version 7.3.0~rc3
  * Rebase patches for PHP 7.3.0~rc3

 -- Ondřej Surý <ondrej@debian.org>  Sat, 13 Oct 2018 13:47:36 +0000

php7.3 (7.3.0~rc2-3) unstable; urgency=medium

  * Remove ancient mv_conffile (from php5)
  * Remove spurious L from phpize script (Closes: #909110)
  * Downgrade dh-php from Recommends to Suggests (Closes: #910620)

 -- Ondřej Surý <ondrej@debian.org>  Tue, 09 Oct 2018 13:22:52 +0000

php7.3 (7.3.0~rc2-2) unstable; urgency=medium

  * Fix the Vcs-* links
  * Apply upstream patch to allow disabling pcre jit and disable it on
    mips and s390x archs
  * Extra 'L' is gone (Closes: #909110)

 -- Ondřej Surý <ondrej@debian.org>  Thu, 04 Oct 2018 14:25:15 +0000

php7.3 (7.3.0~rc2-1) unstable; urgency=medium

  * New upstream version 7.3.0~rc2
  * Rebase patches for PHP 7.3.0~rc2

 -- Ondřej Surý <ondrej@debian.org>  Mon, 01 Oct 2018 11:42:35 +0000

php7.3 (7.3.0~beta2-3) unstable; urgency=medium

  * Disable assembly code with gcc 4.8 on i386

 -- Ondřej Surý <ondrej@debian.org>  Mon, 20 Aug 2018 08:07:58 +0000

php7.3 (7.3.0~beta2-2) unstable; urgency=medium

  * Remove dependency on pcre3 and add libpcre2-dev to phpX.Y-dev

 -- Ondřej Surý <ondrej@debian.org>  Sun, 19 Aug 2018 16:12:50 +0000

php7.3 (7.3.0~beta2-1) unstable; urgency=medium

  * New upstream version 7.3.0~beta2
  * Rebase patches for PHP 7.3.0~beta2
  * Fix phpdbg.1 installation path from srcdir to builddir
  * Bump d/phpapi to 20180731

 -- Ondřej Surý <ondrej@debian.org>  Sun, 19 Aug 2018 07:49:10 +0000

php7.3 (7.3.0~beta1-1) unstable; urgency=medium

  [ Lior Kaplan ]
  * Fix syntax typo

  [ Ondřej Surý ]
  * New upstream version 7.3.0~beta1
  * Rebase patches for PHP 7.3.0beta1

 -- Ondřej Surý <ondrej@debian.org>  Fri, 03 Aug 2018 13:52:09 +0000

php7.3 (7.3.0~alpha4-1) unstable; urgency=medium

  * Use cpuid.h instead of custom assembler
  * New upstream version 7.3.0~alpha4
  * Rebase patches for PHP 7.3.0~alpha4

 -- Ondřej Surý <ondrej@debian.org>  Wed, 25 Jul 2018 11:11:09 +0000

php7.3 (7.3.0~alpha3-2) unstable; urgency=medium

  * Remove traces of ext_skel modifications
  * Add <!nocheck> profile to all default-mysql-server alternatives
  * Bump d/phpapi for PHP 7.3
  * Add libargon2-dev as new alternative build-dependency to
    libargon2-0-dev

 -- Ondřej Surý <ondrej@debian.org>  Sat, 14 Jul 2018 13:57:34 +0000

php7.3 (7.3.0~alpha3-1) unstable; urgency=medium

  * Update upstream signing-key.asc for PHP 7.3
  * New upstream version 7.3.0~alpha3
  * Build-Depend on libpcre2-dev
  * Rebase patches for PHP 7.3.0~alpha3

 -- Ondřej Surý <ondrej@debian.org>  Mon, 09 Jul 2018 13:49:59 +0000

php7.2 (7.2.7-2) unstable; urgency=medium

  * Update the maintainer email to team+pkg-php@tracker.debian.org
  * Update the Vcs-* links to salsa.d.o

 -- Ondřej Surý <ondrej@debian.org>  Mon, 09 Jul 2018 12:28:45 +0000

php7.2 (7.2.7-1) unstable; urgency=medium

  * New upstream version 7.2.7
  * Refresh patches for PHP 7.2.7

 -- Ondřej Surý <ondrej@debian.org>  Fri, 22 Jun 2018 07:35:11 +0000

php7.2 (7.2.6-1) unstable; urgency=medium

  * New upstream version 7.2.6
  * Rebase patches for PHP version 7.2.6

 -- Ondřej Surý <ondrej@debian.org>  Mon, 11 Jun 2018 14:54:56 +0000

php7.2 (7.2.5-1) unstable; urgency=medium

  * New upstream version 7.2.5
  * Rebase patches for PHP 7.2.5

 -- Ondřej Surý <ondrej@debian.org>  Sat, 05 May 2018 04:56:32 +0000

php7.2 (7.2.4-1) unstable; urgency=medium

  * New upstream version 7.2.4
  * Rebase patches on top of new upstream release.

 -- Ondřej Surý <ondrej@debian.org>  Thu, 05 Apr 2018 08:50:27 +0000

php7.2 (7.2.3-1) unstable; urgency=medium

  * New upstream version 7.2.3
  * Rebase patches on top of new upstream release.

 -- Ondřej Surý <ondrej@debian.org>  Tue, 06 Mar 2018 11:15:04 +0000

php7.2 (7.2.2-3) unstable; urgency=medium

  * Add explicit libpcre3 >= 2:8.35 dependency as dh_genshlibs is failing
    to add versioned dependency for some reason.

 -- Ondřej Surý <ondrej@debian.org>  Tue, 06 Feb 2018 16:07:40 +0000

php7.2 (7.2.2-2) unstable; urgency=medium

  * Remove explicit libpcre3 dependency and let dh_genshlibs do its magic

 -- Ondřej Surý <ondrej@debian.org>  Tue, 06 Feb 2018 13:00:04 +0000

php7.2 (7.2.2-1) unstable; urgency=medium

  * New upstream version 7.2.2
  * Rebase patches on top of new upstream release
  * Regenerate d/control to finish php7.2-sodium removal

 -- Ondřej Surý <ondrej@debian.org>  Thu, 01 Feb 2018 15:19:04 +0000

php7.2 (7.2.1-1) unstable; urgency=medium

  * Update the Vcs-* to salsa.d.o
  * Slightly update debian/copyright (most changes were already in)
  * New upstream version 7.2.1
  * Rebase patches on top of new upstream release

 -- Ondřej Surý <ondrej@debian.org>  Fri, 05 Jan 2018 11:21:04 +0000

php7.2 (7.2.0-2) unstable; urgency=medium

  * Get rid of extra php7.2-sodium module

 -- Ondřej Surý <ondrej@debian.org>  Wed, 06 Dec 2017 14:15:47 +0000

php7.2 (7.2.0-1) unstable; urgency=low

  * Update PHP 7.2 signing keys
  * New upstream version 7.2.0
  * Rebase patches for new upstream release.

 -- Ondřej Surý <ondrej@debian.org>  Thu, 30 Nov 2017 13:55:57 +0000

php7.2 (7.2.0~rc6-1) unstable; urgency=medium

  * New upstream version 7.2.0~rc6
  * Rebase patches for new upstream version.

 -- Ondřej Surý <ondrej@debian.org>  Sun, 12 Nov 2017 03:30:05 +0000

php7.2 (7.2.0~rc5-1) unstable; urgency=medium

  * New upstream version 7.2.0~rc5
  * Rebase patches for new upstream release

 -- Ondřej Surý <ondrej@debian.org>  Fri, 27 Oct 2017 13:33:55 +0000

php7.2 (7.2.0~rc4-2) unstable; urgency=medium

  * Fix the usage of internal allocator in xmlrpc extension

 -- Ondřej Surý <ondrej@debian.org>  Tue, 24 Oct 2017 18:54:46 +0000

php7.2 (7.2.0~rc4-1) unstable; urgency=medium

  * New upstream version 7.2.0~rc4
  * Rebase patches on top of new upstream version 7.2.0~rc4

 -- Ondřej Surý <ondrej@debian.org>  Sun, 22 Oct 2017 13:07:11 +0000

php7.2 (7.2.0~rc3-1) unstable; urgency=medium

  * New upstream version 7.2.0~rc3
  * Refresh patches for PHP 7.2.0~rc3

 -- Ondřej Surý <ondrej@debian.org>  Thu, 28 Sep 2017 18:26:49 +0200

php7.2 (7.2.0~rc2-1) unstable; urgency=medium

  * New upstream version 7.2.0~rc2
  * Rebase patches on top of PHP 7.2.0~rc2

 -- Ondřej Surý <ondrej@debian.org>  Mon, 18 Sep 2017 11:24:14 +0200

php7.2 (7.2.0~rc1-1) unstable; urgency=medium

  * New upstream version 7.2.0~rc1
  * Rebase patches on top of PHP 7.2.0~rc1
  * Update d/copyright (License check courtesy of Luca Falavigna)
  * Rewrap the files in d/ with wrap-and-sort -a

 -- Ondřej Surý <ondrej@debian.org>  Thu, 31 Aug 2017 14:00:16 +0200

php7.2 (7.2.0~beta3-2) unstable; urgency=medium

  * Enable Argon2 support for password hashing functions
  * Enable shared libsodium extension

 -- Ondřej Surý <ondrej@debian.org>  Fri, 25 Aug 2017 11:35:23 +0200

php7.2 (7.2.0~beta3-1) unstable; urgency=medium

  * Allow libgcrypt11-dev when it's not a transitional package
  * New upstream version 7.2.0~beta3
  * Refresh patches on top of PHP 7.2.0~beta3

 -- Ondřej Surý <ondrej@debian.org>  Fri, 18 Aug 2017 15:00:36 +0200

php7.2 (7.2.0~beta2-2) experimental; urgency=medium

  * Update Vcs-* links to https://gitlab.com/deb.sury.org/...
  * Stop depending on obsolete automake1.11
  * Switch build-depends to libgcrypt20-dev

 -- Ondřej Surý <ondrej@debian.org>  Fri, 04 Aug 2017 11:56:09 +0200

php7.2 (7.2.0~beta2-1) experimental; urgency=medium

  * Update d/watch for PHP 7.2
  * New upstream version 7.2.0~beta2
  * Rebase patches for PHP 7.2.0~beta2

 -- Ondřej Surý <ondrej@debian.org>  Thu, 03 Aug 2017 20:42:38 +0200

php7.2 (7.2.0~beta1-1) experimental; urgency=medium

  * New upstream version 7.2.0~beta1
  * Enable support for libsodium crypto
  * Rebase patches on top of PHP 7.2.0~beta1
  * Update phpapi for PHP 7.2 to 20170718

 -- Ondřej Surý <ondrej@debian.org>  Thu, 27 Jul 2017 13:29:34 +0200

php7.2 (7.2.0~alpha3-1) experimental; urgency=medium

  * New upstream version 7.2.0~alpha3
  * Rebase patches on top of PHP 7.2.0~alpha3
  * Update d/rules with configure.in -> configure.ac rename
  * Remove mcrypt extension that has been removed upstream
  * Update phpapi to 20160731

 -- Ondřej Surý <ondrej@debian.org>  Thu, 06 Jul 2017 13:50:44 +0200
