From: Raspbian automatic forward porter <root@raspbian.org>
Date: Thu, 12 Dec 2024 15:04:36 +0000 (+0000)
Subject: Merge version 8.2.24-1+rpi1 and 8.2.26-4 to produce 8.2.26-4+rpi1
X-Git-Tag: archive/raspbian/8.2.26-4+rpi1
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=91da6878539cc7ee3ec0b19f399d6a5f2014f0c8;p=php8.2.git

Merge version 8.2.24-1+rpi1 and 8.2.26-4 to produce 8.2.26-4+rpi1
---

70fe3894ddf216067085876de069f9bafd328fc4
diff --cc debian/changelog
index 3918ce37,0730643b..9395da2b
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,9 -1,45 +1,52 @@@
- php8.2 (8.2.24-1+rpi1) trixie-staging; urgency=medium
++php8.2 (8.2.26-4+rpi1) trixie-staging; urgency=medium
 +
 +  [changes brought forward from 8.2.7-1~deb12u1+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Thu, 20 Jul 2023 18:02:54 +0000]
 +  * Fix fpu setting for raspbian.
 +
-  -- Raspbian forward porter <root@raspbian.org>  Sun, 29 Sep 2024 13:14:14 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Thu, 12 Dec 2024 15:04:36 +0000
++
+ php8.2 (8.2.26-4) unstable; urgency=medium
+ 
+   * Remove the /usr/lib/libphp.so symbolic link if unowned
+     (Closes: #1035798)
+ 
+  -- Ondřej Surý <ondrej@debian.org>  Mon, 02 Dec 2024 08:33:26 +0100
+ 
+ php8.2 (8.2.26-3) unstable; urgency=medium
+ 
+   * Revert "ext/gmp: gmp_pow fix FPE with large values" patch
+ 
+  -- Ondřej Surý <ondrej@debian.org>  Mon, 25 Nov 2024 18:19:29 +0100
+ 
+ php8.2 (8.2.26-2) unstable; urgency=medium
+ 
+   * Fix GH-16870: gmp_pow(64, 11) throws overflow exception
+ 
+  -- Ondřej Surý <ondrej@debian.org>  Thu, 21 Nov 2024 15:40:21 +0100
+ 
+ php8.2 (8.2.26-1) unstable; urgency=medium
+ 
+   * New upstream version 8.2.26 (Closes: #1088688)
+    + Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface.
+    + [CVE-2024-8929]: Leak partial content of the heap through heap buffer
+      over-read.
+    + [CVE-2024-8932]: OOB access in ldap_escape.
+    + [CVE-2024-11233]: Single byte overread with
+      convert.quoted-printable-decode filter.     
+    + [CVE-2024-11234]: Configuring a proxy in a stream context might allow
+      for CRLF injection in URIs.
+    + [CVE-2024-11236]: Integer overflow in the dblib quoter causing OOB
+      writes.
+    + [CVE-2024-11236]: Integer overflow in the firebird quoter causing OOB
+      writes.
+ 
+  -- Ondřej Surý <ondrej@debian.org>  Thu, 21 Nov 2024 06:45:50 +0100
+ 
+ php8.2 (8.2.25-1) unstable; urgency=medium
+ 
+   * New upstream version 8.2.25
+ 
+  -- Ondřej Surý <ondrej@debian.org>  Wed, 30 Oct 2024 11:39:41 +0100
  
  php8.2 (8.2.24-1) unstable; urgency=medium