Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package php-composer2 for openSUSE:Factory checked in at 2026-04-28 11:57:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/php-composer2 (Old) and /work/SRC/openSUSE:Factory/.php-composer2.new.11940 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "php-composer2" Tue Apr 28 11:57:22 2026 rev:34 rq:1349506 version:2.9.7 Changes: -------- --- /work/SRC/openSUSE:Factory/php-composer2/php-composer2.changes 2026-01-15 16:50:06.721806884 +0100 +++ /work/SRC/openSUSE:Factory/.php-composer2.new.11940/php-composer2.changes 2026-04-28 12:01:16.233727804 +0200 @@ -1,0 +2,31 @@ +Mon Apr 27 07:22:50 UTC 2026 - Petr Gajdos <[email protected]> + +- version update to 2.4.7 + * Fixes regression calling custom script command aliases that are called a substring + of a composer command (#12802) +- version update to 2.9.6 + * Security: Fixed command injection via malicious Perforce reference (GHSA-gqw4-4w2p-838q / CVE-2026-40261) + * Security: Fixed command injection via malicious Perforce repository definition (GHSA-wg36-wvj6-r67p / CVE-2026-40176) + * Security: Fixed git credentials remaining in git mirror .git/config after clone or update failed (2bcbfc3d) + * Security: Fixed usage of insecure 3DES ciphers when ext-curl is missing (5e71d77e) + * Security: Fixed Perforce unescaped user input in queryP4User shell command (ef3fc088) + * Security: Hardened git/hg/perforce/fossil identifier validation to ensure branch names starting with - do + not cause issues (6621d45, d836b90, 5e08c764) + * Fixed inconsistent treatment of SingleCommandApplication script commands wrt autoloading (#12758) + * Fixed GitHub API authentication errors not being visible to the user (#12737) + * Fixed some platform package parsing failing when Composer runs in web SAPIs (#12735) + * Fixed error reporting for clarity when a constraint cannot be parsed (#12743) +- version update to 2.9.5 + * Added support for new pie download-url-methods (#12727) + * Fixed detection of 7z when installed as 7za on some linux systems (#12731) + * Fixed warning because of the symfony/process CVE, 2.9.4 had a workaround already +- version update 2.9.4 + * Added active plugins to the diagnose command output (#12706) + * Fixed HTTP/3 causing issues with proxies (#12699) + * Fixed show command regression with long descriptions containing unicode characters (#12704) + * Fixed regression handling invalid unicode sequences in output (#12707) + * Fixed git rev-list usages to support older pre-2.33 git versions (#12705) + * Fixed issue handling paths with = in them on Windows (#12726) +- fixes [bsc#1262254], [bsc#1262255] + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ php-composer2.spec ++++++ --- /var/tmp/diff_new_pack.auPXuU/_old 2026-04-28 12:01:16.813751824 +0200 +++ /var/tmp/diff_new_pack.auPXuU/_new 2026-04-28 12:01:16.813751824 +0200 @@ -1,8 +1,7 @@ # # spec file for package php-composer2 # -# Copyright (c) 2026 SUSE LLC -# Copyright (c) 2025 SUSE LLC and contributors +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +17,7 @@ Name: php-composer2 -Version: 2.9.3 +Version: 2.9.7 Release: 0 Summary: Dependency Management for PHP License: MIT @@ -38,8 +37,6 @@ Requires: php-phar Requires: php-zip Requires: php-zlib -Requires(post): update-alternatives -Requires(postun): update-alternatives Provides: composer = %{version} Provides: php-composer = %{version} Provides: php7-composer = %{version} @@ -60,23 +57,11 @@ # Install compiled phar file install -d -m 0750 %{buildroot}%{_bindir} install -m 0755 %{SOURCE0} %{buildroot}%{_bindir}/composer2 -# Create a dummy target for /etc/alternatives/composer -mkdir -p %{buildroot}%{_sysconfdir}/alternatives -ln -s -f %{_sysconfdir}/alternatives/composer %{buildroot}%{_bindir}/composer - -%post -update-alternatives --install \ - %{_bindir}/composer composer %{_bindir}/composer2 2 - -%postun -if [ ! -f %{_bindir}/composer2 ] ; then - update-alternatives --remove composer %{_bindir}/composer2 -fi +ln -s ./composer2 %{buildroot}%{_bindir}/composer %files %license LICENSE %defattr(-,root,root,0755) %{_bindir}/composer %{_bindir}/composer2 -%ghost %{_sysconfdir}/alternatives/composer ++++++ composer.phar ++++++ Binary files /var/tmp/diff_new_pack.auPXuU/_old and /var/tmp/diff_new_pack.auPXuU/_new differ ++++++ composer.phar.asc ++++++ Binary files /var/tmp/diff_new_pack.auPXuU/_old and /var/tmp/diff_new_pack.auPXuU/_new differ
