Bug#1065075: bullseye-pu: package symfony/4.4.19+dfsg-2+deb11u5

2024-04-22 Thread Jonathan Wiltshire 
Control: tag -1 confirmed

Please go ahead.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Bug#1065075: bullseye-pu: package symfony/4.4.19+dfsg-2+deb11u5

2024-02-29 Thread David Prévot 
Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: symf...@packages.debian.org, t...@security.debian.org
Control: affects -1 + src:symfony
User: release.debian@packages.debian.org
Usertags: pu

[3/6 for bullseye]

This is a follow up from composer/DSA-5632-1, similar to #1065059 in
bookworm.

In order to fix a Debian-specific issue related to CVE-2024-24821, we
agreed with the security team to push related dependencies via the next
point release. It also adds an upstream patch in order to fix the
testsuite, already referenced via #1061033 in Debian.

The only change (besides changelog entry) in the binary packages is of
the following kind (thanks to diffoscope), for example for
php-symfony-cache.

│ │ ├── ./usr/share/php/Symfony/Component/Cache/autoload.php
│ │ │ @@ -1,14 +1,13 @@
│ │ │  diff -Nru symfony-4.4.19+dfsg/debian/autoload.php 
symfony-4.4.19+dfsg/debian/autoload.php
--- symfony-4.4.19+dfsg/debian/autoload.php 2023-11-11 19:09:20.0 
+0100
+++ symfony-4.4.19+dfsg/debian/autoload.php 2024-02-18 10:59:51.0 
+0100
@@ -1,76 +1,76 @@
   Sun, 18 Feb 2024 10:59:51 +0100
+
 symfony (4.4.19+dfsg-2+deb11u4) bullseye; urgency=medium
 
   * [Mime] regenerate test certificates (Closes: #1034854)
diff -Nru symfony-4.4.19+dfsg/debian/clean symfony-4.4.19+dfsg/debian/clean
--- symfony-4.4.19+dfsg/debian/clean2023-11-11 19:09:20.0 +0100
+++ symfony-4.4.19+dfsg/debian/clean2024-02-18 10:59:51.0 +0100
@@ -1,5 +1,6 @@
 .phpunit.result.cache
 CHANGELOG
+build/
 debian/autoloaders/
 debian/packages_to_build/
 vendor/
diff -Nru 
symfony-4.4.19+dfsg/debian/patches/make-sure-that-the-submitted-year-is-an-accepted-choice.patch
 
symfony-4.4.19+dfsg/debian/patches/make-sure-that-the-submitted-year-is-an-accepted-choice.patch
--- 
symfony-4.4.19+dfsg/debian/patches/make-sure-that-the-submitted-year-is-an-accepted-choice.patch
1970-01-01 01:00:00.0 +0100
+++ 
symfony-4.4.19+dfsg/debian/patches/make-sure-that-the-submitted-year-is-an-accepted-choice.patch
2024-02-18 10:59:51.0 +0100
@@ -0,0 +1,35 @@
+From: Christian Flothmann 
+Date: Tue, 2 Jan 2024 08:56:56 +0100
+Subject: make sure that the submitted year is an accepted choice
+
+Origin: upstream, 
https://github.com/symfony/symfony/commit/64f675ced4c60a67f564608fb598dc27ea3de9f6
+Bug-Debian: https://bugs.debian.org/1061033
+---
+ .../Component/Form/Tests/Extension/Core/Type/DateTimeTypeTest.php| 1 +
+ src/Symfony/Component/Form/Tests/Extension/Core/Type/DateTypeTest.php| 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git 
a/src/Symfony/Component/Form/Tests/Extension/Core/Type/DateTimeTypeTest.php 
b/src/Symfony/Component/Form/Tests/Extension/Core/Type/DateTimeTypeTest.php
+index 506ec11..3016069 100644
+--- a/src/Symfony/Component/Form/Tests/Extension/Core/Type/DateTimeTypeTest.php
 b/src/Symfony/Component/Form/Tests/Extension/Core/Type/DateTimeTypeTest.php
+@@ -701,6 +701,7 @@ class DateTimeTypeTest extends BaseTypeTest
+ $form = $this->factory->create(static::TESTED_TYPE, null, [
+ 'widget' => $widget,
+ 'empty_data' => $emptyData,
++'years' => range(2018, (int) date('Y')),
+ ]);
+ $form->submit(null);
+ 
+diff --git 
a/src/Symfony/Component/Form/Tests/Extension/Core/Type/DateTypeTest.php 
b/src/Symfony/Component/Form/Tests/Extension/Core/Type/DateTypeTest.php
+index 5891cc0..893fac1 100644
+--- a/src/Symfony/Component/Form/Tests/Extension/Core/Type/DateTypeTest.php
 b/src/Symfony/Component/Form/Tests/Extension/Core/Type/DateTypeTest.php
+@@ -1021,6 +1021,7 @@ class DateTypeTest extends BaseTypeTest
+ $form = $this->factory->create(static::TESTED_TYPE, null, [
+ 'widget' => $widget,
+ 'empty_data' => $emptyData,
++'years' => range(2018, (int) date('Y')),
+ ]);
+ $form->submit(null);
+ 
diff -Nru symfony-4.4.19+dfsg/debian/patches/series 
symfony-4.4.19+dfsg/debian/patches/series
--- symfony-4.4.19+dfsg/debian/patches/series   2023-11-11 19:09:20.0 
+0100
+++ symfony-4.4.19+dfsg/debian/patches/series   2024-02-18 10:59:51.0 
+0100
@@ -24,3 +24,4 @@
 Security-Http-Remove-CSRF-tokens-from-storage-on-successf.patch
 Mime-regenerate-test-certificates.patch
 TwigBridge-Ensure-CodeExtension-s-filters-properly-escape.patch
+make-sure-that-the-submitted-year-is-an-accepted-choice.patch
diff -Nru 
symfony-4.4.19+dfsg/debian/patches/VarDumper-Adapt-to-homemade-autoload.patch 
symfony-4.4.19+dfsg/debian/patches/VarDumper-Adapt-to-homemade-autoload.patch
--- 
symfony-4.4.19+dfsg/debian/patches/VarDumper-Adapt-to-homemade-autoload.patch   
2023-11-11 19:09:20.0 +0100
+++ 
symfony-4.4.19+dfsg/debian/patches/VarDumper-Adapt-to-homemade-autoload.patch   
2024-02-18 10:59:51.0 +0100
@@ -4,11 +4,11 @@
 
 Forwarded: no
 ---
- src/Symfony/Component/VarDumper/Resources/bin/var-dump-server | 8 
- 1 file