Bug#1065077: bullseye-pu: package php-zend-code/4.0.0-2+deb11u1

Thu, 29 Feb 2024 06:03:36 -0800 

Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: php-zend-c...@packages.debian.org, t...@security.debian.org
Control: affects -1 + src:php-zend-code
User: release.debian....@packages.debian.org
Usertags: pu

[5/6 for bullseye]

This is a follow up from composer/DSA-5632-1, similar to #1065062 in
bookworm.

In order to fix a Debian-specific issue related to CVE-2024-24821, we
agreed with the security team to push related dependencies via the next
point release.

The only change (besides changelog entry) in the binary package is the
following (thanks to diffoscope).

│ │ ├── ./usr/share/php/Laminas/Code/autoload.php
│ │ │ @@ -1,14 +1,12 @@
│ │ │  <?php
│ │ │  
│ │ │ -require_once 'Laminas/EventManager/autoload.php';
│ │ │ -if 
(stream_resolve_include_path('Doctrine/Common/Annotations/autoload.php')){
│ │ │ -    include_once 'Doctrine/Common/Annotations/autoload.php';
│ │ │ -}
│ │ │ -// include_once 'Laminas/Stdlib/autoload.php'; (already included by 
EventManager)
│ │ │ +require_once __DIR__ . '/../EventManager/autoload.php';
│ │ │ +if (stream_resolve_include_path(__DIR__ . 
'/../../Doctrine/Common/Annotations/autoload.php')) { include_once __DIR__ . 
'/../../Doctrine/Common/Annotations/autoload.php'; }
│ │ │ +// include_once __DIR__ . '/../Stdlib/autoload.php'; (already included 
by EventManager)
│ │ │  
│ │ │  // @codingStandardsIgnoreFile

The goal is to ensure related dependencies are loaded from the system
path.

The attached debdiff is a bit bigger, since it aims at keeping the
testsuite at buildtime effective.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

TIA for considering.

Cheers,

taffit

diff -Nru php-zend-code-4.0.0/debian/autoload.php.tpl php-zend-code-4.0.0/debian/autoload.php.tpl
--- php-zend-code-4.0.0/debian/autoload.php.tpl	2021-01-11 20:28:16.000000000 +0100
+++ php-zend-code-4.0.0/debian/autoload.php.tpl	2024-02-18 12:20:19.000000000 +0100
@@ -1,10 +1,8 @@
 <?php
 
-require_once 'Laminas/EventManager/autoload.php';
-if (stream_resolve_include_path('Doctrine/Common/Annotations/autoload.php')){
-    include_once 'Doctrine/Common/Annotations/autoload.php';
-}
-// include_once 'Laminas/Stdlib/autoload.php'; (already included by EventManager)
+require_once __DIR__ . '/../EventManager/autoload.php';
+if (stream_resolve_include_path(__DIR__ . '/../../Doctrine/Common/Annotations/autoload.php')) { include_once __DIR__ . '/../../Doctrine/Common/Annotations/autoload.php'; }
+// include_once __DIR__ . '/../Stdlib/autoload.php'; (already included by EventManager)
 
 // @codingStandardsIgnoreFile
 // @codeCoverageIgnoreStart
diff -Nru php-zend-code-4.0.0/debian/changelog php-zend-code-4.0.0/debian/changelog
--- php-zend-code-4.0.0/debian/changelog	2021-01-14 04:40:38.000000000 +0100
+++ php-zend-code-4.0.0/debian/changelog	2024-02-18 12:21:22.000000000 +0100
@@ -1,3 +1,10 @@
+php-zend-code (4.0.0-2+deb11u1) bullseye; urgency=medium
+
+  * Track debian/bullseye
+  * Force system dependencies loading
+
+ -- David Prévot <taf...@debian.org>  Sun, 18 Feb 2024 12:21:22 +0100
+
 php-zend-code (4.0.0-2) unstable; urgency=medium
 
   * Upload to unstable in sync with (reverse-)dependencies
diff -Nru php-zend-code-4.0.0/debian/clean php-zend-code-4.0.0/debian/clean
--- php-zend-code-4.0.0/debian/clean	2021-01-03 18:07:35.000000000 +0100
+++ php-zend-code-4.0.0/debian/clean	2024-02-18 12:18:12.000000000 +0100
@@ -1,4 +1,5 @@
 .phpunit.result.cache
+Doctrine
 src/autoload.php
 vendor/
 Laminas/
diff -Nru php-zend-code-4.0.0/debian/control php-zend-code-4.0.0/debian/control
--- php-zend-code-4.0.0/debian/control	2021-01-03 18:08:00.000000000 +0100
+++ php-zend-code-4.0.0/debian/control	2024-02-18 12:13:21.000000000 +0100
@@ -12,7 +12,7 @@
                pkg-php-tools
 Standards-Version: 4.5.1
 Homepage: https://docs.laminas.dev/laminas-code/
-Vcs-Git: https://salsa.debian.org/php-team/pear/php-zend-code.git -b debian/latest
+Vcs-Git: https://salsa.debian.org/php-team/pear/php-zend-code.git -b debian/bullseye
 Vcs-Browser: https://salsa.debian.org/php-team/pear/php-zend-code
 Rules-Requires-Root: no
 
diff -Nru php-zend-code-4.0.0/debian/gbp.conf php-zend-code-4.0.0/debian/gbp.conf
--- php-zend-code-4.0.0/debian/gbp.conf	2021-01-03 18:07:35.000000000 +0100
+++ php-zend-code-4.0.0/debian/gbp.conf	2024-02-18 12:13:27.000000000 +0100
@@ -1,5 +1,5 @@
 [DEFAULT]
-debian-branch = debian/latest
+debian-branch = debian/bullseye
 pristine-tar = True
 pristine-tar-commit = True
 
diff -Nru php-zend-code-4.0.0/debian/rules php-zend-code-4.0.0/debian/rules
--- php-zend-code-4.0.0/debian/rules	2021-01-03 18:07:35.000000000 +0100
+++ php-zend-code-4.0.0/debian/rules	2024-02-18 12:21:22.000000000 +0100
@@ -7,7 +7,10 @@
 		--template debian/autoload.php.tpl \
 		src
 	mkdir --parents vendor Laminas
-	ln -s ../src Laminas/Code
+	cp -r src Laminas/Code
+	ln -s /usr/share/php/Doctrine .
+	ln -s /usr/share/php/Laminas/EventManager Laminas
+	ln -s /usr/share/php/Laminas/Stdlib Laminas
 	phpab	--output vendor/autoload.php \
 		--template debian/autoload.tests.php.tpl \
 		test

Attachment: signature.asc
Description: PGP signature

Reply via email to