Package: release.debian.org Severity: normal Tags: bookworm X-Debbugs-Cc: php-composer-xdebug-hand...@packages.debian.org, t...@security.debian.org Control: affects -1 + src:php-composer-xdebug-handler User: release.debian....@packages.debian.org Usertags: pu
[1/6 for bullseye] This is a follow up from composer/DSA-5632-1, similar to #1065057 in bookworm. In order to fix a Debian-specific issue related to CVE-2024-24821, we agreed with the security team to push related dependencies via the next point release. The only change (besides changelog entry) in the binary package is the following (thanks to diffoscope). │ │ ├── ./usr/share/php/Composer/XdebugHandler/autoload.php │ │ │ @@ -1,10 +1,10 @@ │ │ │ <?php │ │ │ │ │ │ -require_once 'Psr/Log/autoload.php'; │ │ │ +require_once __DIR__ . '/../../Psr/Log/autoload.php'; │ │ │ │ │ │ // @codingStandardsIgnoreFile The goal is to ensure related dependencies are loaded from the system path. The attached debdiff is a bit bigger, since it aims at keeping the testsuite at buildtime effective. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable TIA for considering. Cheers, taffit
diff -Nru php-composer-xdebug-handler-1.4.5/debian/autoload.php.tpl php-composer-xdebug-handler-1.4.5/debian/autoload.php.tpl --- php-composer-xdebug-handler-1.4.5/debian/autoload.php.tpl 2020-11-22 16:28:34.000000000 +0100 +++ php-composer-xdebug-handler-1.4.5/debian/autoload.php.tpl 2024-02-18 09:01:17.000000000 +0100 @@ -1,6 +1,6 @@ <?php -require_once 'Psr/Log/autoload.php'; +require_once __DIR__ . '/../../Psr/Log/autoload.php'; // @codingStandardsIgnoreFile // @codeCoverageIgnoreStart diff -Nru php-composer-xdebug-handler-1.4.5/debian/changelog php-composer-xdebug-handler-1.4.5/debian/changelog --- php-composer-xdebug-handler-1.4.5/debian/changelog 2020-11-22 16:32:26.000000000 +0100 +++ php-composer-xdebug-handler-1.4.5/debian/changelog 2024-02-18 09:02:41.000000000 +0100 @@ -1,3 +1,10 @@ +php-composer-xdebug-handler (1.4.5-1+deb11u1) bullseye; urgency=medium + + * Track debian/bullseye + * Force system dependencies loading + + -- David Prévot <taf...@debian.org> Sun, 18 Feb 2024 09:02:41 +0100 + php-composer-xdebug-handler (1.4.5-1) unstable; urgency=medium [ Martin Matthaei ] diff -Nru php-composer-xdebug-handler-1.4.5/debian/clean php-composer-xdebug-handler-1.4.5/debian/clean --- php-composer-xdebug-handler-1.4.5/debian/clean 2020-11-22 16:28:34.000000000 +0100 +++ php-composer-xdebug-handler-1.4.5/debian/clean 2024-02-18 09:01:35.000000000 +0100 @@ -1,4 +1,5 @@ Composer/ +Psr src/autoload.php vendor/ .phpunit.result.cache diff -Nru php-composer-xdebug-handler-1.4.5/debian/control php-composer-xdebug-handler-1.4.5/debian/control --- php-composer-xdebug-handler-1.4.5/debian/control 2020-11-22 16:31:14.000000000 +0100 +++ php-composer-xdebug-handler-1.4.5/debian/control 2024-02-18 08:59:53.000000000 +0100 @@ -11,7 +11,7 @@ Standards-Version: 4.5.1 Homepage: https://github.com/composer/xdebug-handler Vcs-Browser: https://salsa.debian.org/php-team/pear/php-composer-xdebug-handler -Vcs-Git: https://salsa.debian.org/php-team/pear/php-composer-xdebug-handler.git -b debian/latest +Vcs-Git: https://salsa.debian.org/php-team/pear/php-composer-xdebug-handler.git -b debian/bullseye Rules-Requires-Root: no Package: php-composer-xdebug-handler diff -Nru php-composer-xdebug-handler-1.4.5/debian/gbp.conf php-composer-xdebug-handler-1.4.5/debian/gbp.conf --- php-composer-xdebug-handler-1.4.5/debian/gbp.conf 2020-11-22 16:29:46.000000000 +0100 +++ php-composer-xdebug-handler-1.4.5/debian/gbp.conf 2024-02-18 08:59:57.000000000 +0100 @@ -1,5 +1,5 @@ [DEFAULT] -debian-branch = debian/latest +debian-branch = debian/bullseye pristine-tar = True pristine-tar-commit = True diff -Nru php-composer-xdebug-handler-1.4.5/debian/rules php-composer-xdebug-handler-1.4.5/debian/rules --- php-composer-xdebug-handler-1.4.5/debian/rules 2020-11-22 16:28:34.000000000 +0100 +++ php-composer-xdebug-handler-1.4.5/debian/rules 2024-02-18 09:02:12.000000000 +0100 @@ -8,7 +8,8 @@ --template debian/autoload.php.tpl \ src mkdir --parents vendor Composer - ln -s ../src Composer/XdebugHandler + cp -r src Composer/XdebugHandler + ln -s /usr/share/php/Psr . phpab \ --output vendor/autoload.php \ --template debian/autoload.tests.php.tpl \
signature.asc
Description: PGP signature
