Package: release.debian.org Severity: normal Tags: bookworm X-Debbugs-Cc: symf...@packages.debian.org, t...@security.debian.org Control: affects -1 + src:symfony User: release.debian....@packages.debian.org Usertags: pu
[4/9 for bookworm] This is a follow up from composer/DSA-5632-1 and similar to #1065058. In order to fix a Debian-specific issue related to CVE-2024-24821, we agreed with the security team to push related dependencies via the next point release. It also adds an upstream patch in order to fix the testsuite, already referenced via #1061033 in Debian. The only change (besides changelog entry) in the binary packages is of the following kind (thanks to diffoscope), for example for php-symfony-cache. │ │ ├── ./usr/share/php/Symfony/Component/Cache/autoload.php │ │ │ @@ -1,16 +1,16 @@ │ │ │ <?php │ │ │ │ │ │ // Require │ │ │ -require_once 'Psr/Cache/autoload.php'; │ │ │ -require_once 'Psr/Log/autoload.php'; │ │ │ -require_once 'Symfony/Component/VarExporter/autoload.php'; │ │ │ -require_once 'Symfony/Contracts/Cache/autoload.php'; │ │ │ -require_once 'Symfony/Contracts/Deprecation/autoload.php'; │ │ │ -require_once 'Symfony/Contracts/Service/autoload.php'; │ │ │ +require_once __DIR__ . '/../../../Psr/Cache/autoload.php'; │ │ │ +require_once __DIR__ . '/../../../Psr/Log/autoload.php'; │ │ │ +require_once __DIR__ . '/../VarExporter/autoload.php'; │ │ │ +require_once __DIR__ . '/../../Contracts/Cache/autoload.php'; │ │ │ +require_once __DIR__ . '/../../Contracts/Deprecation/autoload.php'; │ │ │ +require_once __DIR__ . '/../../Contracts/Service/autoload.php'; │ │ │ │ │ │ // Suggest The goal is to ensure related dependencies are loaded from the system path. The attached debdiff is a lot bigger, since this source package builds a hundred binary packages, and that d/rules has been adapted to keep the testsuite at buildtime effective. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable TIA for considering. Cheers, taffit
signature.asc
Description: PGP signature