Bug#1065065: bookworm-pu: package php-doctrine-annotations/2.0.1-1+deb12u1

[David Prévot]

Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: php-doctrine-annotati...@packages.debian.org, 
t...@security.debian.org
Control: affects -1 + src:php-doctrine-annotations
User: release.debian....@packages.debian.org
Usertags: pu

[7/9 for bookworm]

This is a follow up from composer/DSA-5632-1.

In order to fix a Debian-specific issue related to CVE-2024-24821, we
agreed with the security team to push related dependencies via the next
point release.

The only change (besides changelog entry) in the binary package is the
following (thanks to diffoscope).

│ │ ├── ./usr/share/php/Doctrine/Common/Annotations/autoload.php
│ │ │ @@ -1,12 +1,12 @@
│ │ │  <?php
│ │ │  
│ │ │  // Require
│ │ │ -require_once 'Doctrine/Common/Lexer/autoload.php';
│ │ │ -require_once 'Psr/Cache/autoload.php';
│ │ │ +require_once __DIR__ . '/../Lexer/autoload.php';
│ │ │ +require_once __DIR__ . '/../../../Psr/Cache/autoload.php';
│ │ │  
│ │ │  // Suggest

The goal is to ensure related dependencies are loaded from the system
path.

The attached debdiff is a bit bigger, since it aims at keeping the
testsuite at buildtime effective.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

TIA for considering.

Cheers,

taffit

diff -Nru php-doctrine-annotations-2.0.1/debian/autoload.php.tpl php-doctrine-annotations-2.0.1/debian/autoload.php.tpl
--- php-doctrine-annotations-2.0.1/debian/autoload.php.tpl	1970-01-01 01:00:00.000000000 +0100
+++ php-doctrine-annotations-2.0.1/debian/autoload.php.tpl	2024-02-15 23:14:38.000000000 +0100
@@ -0,0 +1,30 @@
+<?php
+
+// Require
+require_once __DIR__ . '/../Lexer/autoload.php';
+require_once __DIR__ . '/../../../Psr/Cache/autoload.php';
+
+// Suggest
+
+// @codingStandardsIgnoreFile
+// @codeCoverageIgnoreStart
+// this is an autogenerated file - do not edit
+spl_autoload_register(
+    function($class) {
+        static $classes = null;
+        if ($classes === null) {
+            $classes = array(
+                ___CLASSLIST___
+            );
+        }
+        $cn = strtolower($class);
+        if (isset($classes[$cn])) {
+            require ___BASEDIR___$classes[$cn];
+        }
+    },
+    ___EXCEPTION___,
+    ___PREPEND___
+);
+// @codeCoverageIgnoreEnd
+
+// Files
diff -Nru php-doctrine-annotations-2.0.1/debian/changelog php-doctrine-annotations-2.0.1/debian/changelog
--- php-doctrine-annotations-2.0.1/debian/changelog	2023-02-03 05:28:39.000000000 +0100
+++ php-doctrine-annotations-2.0.1/debian/changelog	2024-02-15 23:14:38.000000000 +0100
@@ -1,3 +1,10 @@
+php-doctrine-annotations (2.0.1-1+deb12u1) bookworm; urgency=medium
+
+  * Track debian/bookworm
+  * Force system dependencies loading
+
+ -- David Prévot <taf...@debian.org>  Thu, 15 Feb 2024 23:14:38 +0100
+
 php-doctrine-annotations (2.0.1-1) unstable; urgency=medium
 
   [ Alexander M. Turek ]
diff -Nru php-doctrine-annotations-2.0.1/debian/clean php-doctrine-annotations-2.0.1/debian/clean
--- php-doctrine-annotations-2.0.1/debian/clean	2021-05-23 19:31:29.000000000 +0200
+++ php-doctrine-annotations-2.0.1/debian/clean	2024-02-15 23:14:38.000000000 +0100
@@ -1,5 +1,8 @@
 .phpunit.result.cache
-debian/autoload.php.tpl
 debian/autoload.tests.php.tpl
 lib/Doctrine/Common/Annotations/autoload.php
+lib/Doctrine/Common/Cache
+lib/Doctrine/Common/Lexer
+lib/Psr
+lib/Symfony
 vendor/
diff -Nru php-doctrine-annotations-2.0.1/debian/control php-doctrine-annotations-2.0.1/debian/control
--- php-doctrine-annotations-2.0.1/debian/control	2023-02-03 05:25:51.000000000 +0100
+++ php-doctrine-annotations-2.0.1/debian/control	2024-02-15 23:14:38.000000000 +0100
@@ -13,7 +13,7 @@
                phpunit,
                pkg-php-tools
 Standards-Version: 4.6.2
-Vcs-Git: https://salsa.debian.org/php-team/pear/php-doctrine-annotations.git
+Vcs-Git: https://salsa.debian.org/php-team/pear/php-doctrine-annotations.git -b debian/bookworm
 Vcs-Browser: https://salsa.debian.org/php-team/pear/php-doctrine-annotations
 Homepage: https://www.doctrine-project.org/projects/annotations.html
 Rules-Requires-Root: no
diff -Nru php-doctrine-annotations-2.0.1/debian/gbp.conf php-doctrine-annotations-2.0.1/debian/gbp.conf
--- php-doctrine-annotations-2.0.1/debian/gbp.conf	2021-02-20 14:25:27.000000000 +0100
+++ php-doctrine-annotations-2.0.1/debian/gbp.conf	2024-02-15 23:14:38.000000000 +0100
@@ -1,5 +1,5 @@
 [DEFAULT]
-debian-branch = debian/latest
+debian-branch = debian/bookworm
 filter = [ '.gitattributes' ]
 pristine-tar = True
 upstream-vcs-tag = %(version%~%-)s
diff -Nru php-doctrine-annotations-2.0.1/debian/rules php-doctrine-annotations-2.0.1/debian/rules
--- php-doctrine-annotations-2.0.1/debian/rules	2021-10-11 03:02:26.000000000 +0200
+++ php-doctrine-annotations-2.0.1/debian/rules	2024-02-15 23:14:38.000000000 +0100
@@ -1,15 +1,18 @@
 #!/usr/bin/make -f
 
 %:
-	dh $@
+	dh $@ -XCommon/Cache -XCommon/Lexer -Xlib/Psr -XSymfony
 
 override_dh_auto_build:
-	phpabtpl composer.json > debian/autoload.php.tpl
 	phpab \
 		--output lib/Doctrine/Common/Annotations/autoload.php \
 		--template debian/autoload.php.tpl \
 		lib/Doctrine/Common/Annotations
 	mkdir --parents vendor
+	ln -s /usr/share/php/Doctrine/Common/Cache lib/Doctrine/Common
+	ln -s /usr/share/php/Doctrine/Common/Lexer lib/Doctrine/Common
+	ln -s /usr/share/php/Psr lib
+	ln -s /usr/share/php/Symfony lib
 	phpabtpl \
 		--require doctrine/annotations \
 		--require doctrine/cache \

signature.asc
Description: PGP signature