Bug#1065059: bookworm-pu: package symfony/5.4.23+dfsg-1+deb12u2

Thu, 29 Feb 2024 02:45:35 -0800 

Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: symf...@packages.debian.org, t...@security.debian.org
Control: affects -1 + src:symfony
User: release.debian....@packages.debian.org
Usertags: pu

[4/9 for bookworm]

This is a follow up from composer/DSA-5632-1 and similar to #1065058.

In order to fix a Debian-specific issue related to CVE-2024-24821, we
agreed with the security team to push related dependencies via the next
point release. It also adds an upstream patch in order to fix the
testsuite, already referenced via #1061033 in Debian.

The only change (besides changelog entry) in the binary packages is of
the following kind (thanks to diffoscope), for example for
php-symfony-cache.

│ │ ├── ./usr/share/php/Symfony/Component/Cache/autoload.php
│ │ │ @@ -1,16 +1,16 @@
│ │ │  <?php
│ │ │
│ │ │  // Require
│ │ │ -require_once 'Psr/Cache/autoload.php';
│ │ │ -require_once 'Psr/Log/autoload.php';
│ │ │ -require_once 'Symfony/Component/VarExporter/autoload.php';
│ │ │ -require_once 'Symfony/Contracts/Cache/autoload.php';
│ │ │ -require_once 'Symfony/Contracts/Deprecation/autoload.php';
│ │ │ -require_once 'Symfony/Contracts/Service/autoload.php';
│ │ │ +require_once __DIR__ . '/../../../Psr/Cache/autoload.php';
│ │ │ +require_once __DIR__ . '/../../../Psr/Log/autoload.php';
│ │ │ +require_once __DIR__ . '/../VarExporter/autoload.php';
│ │ │ +require_once __DIR__ . '/../../Contracts/Cache/autoload.php';
│ │ │ +require_once __DIR__ . '/../../Contracts/Deprecation/autoload.php';
│ │ │ +require_once __DIR__ . '/../../Contracts/Service/autoload.php';
│ │ │
│ │ │  // Suggest

The goal is to ensure related dependencies are loaded from the system
path.

The attached debdiff is a lot bigger, since this source package builds
a hundred binary packages, and that d/rules has been adapted to keep the
testsuite at buildtime effective.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

TIA for considering.

Cheers,

taffit

Attachment: signature.asc
Description: PGP signature

Reply via email to