Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: symf...@packages.debian.org, t...@security.debian.org
Control: affects -1 + src:symfony
User: release.debian@packages.debian.org
Usertags: pu
[3/6 for bullseye]
This is a follow up from composer/DSA-5632-1, similar to #1065059 in
bookworm.
In order to fix a Debian-specific issue related to CVE-2024-24821, we
agreed with the security team to push related dependencies via the next
point release. It also adds an upstream patch in order to fix the
testsuite, already referenced via #1061033 in Debian.
The only change (besides changelog entry) in the binary packages is of
the following kind (thanks to diffoscope), for example for
php-symfony-cache.
│ │ ├── ./usr/share/php/Symfony/Component/Cache/autoload.php
│ │ │ @@ -1,14 +1,13 @@
│ │ │ diff -Nru symfony-4.4.19+dfsg/debian/autoload.php
symfony-4.4.19+dfsg/debian/autoload.php
--- symfony-4.4.19+dfsg/debian/autoload.php 2023-11-11 19:09:20.0
+0100
+++ symfony-4.4.19+dfsg/debian/autoload.php 2024-02-18 10:59:51.0
+0100
@@ -1,76 +1,76 @@
Sun, 18 Feb 2024 10:59:51 +0100
+
symfony (4.4.19+dfsg-2+deb11u4) bullseye; urgency=medium
* [Mime] regenerate test certificates (Closes: #1034854)
diff -Nru symfony-4.4.19+dfsg/debian/clean symfony-4.4.19+dfsg/debian/clean
--- symfony-4.4.19+dfsg/debian/clean2023-11-11 19:09:20.0 +0100
+++ symfony-4.4.19+dfsg/debian/clean2024-02-18 10:59:51.0 +0100
@@ -1,5 +1,6 @@
.phpunit.result.cache
CHANGELOG
+build/
debian/autoloaders/
debian/packages_to_build/
vendor/
diff -Nru
symfony-4.4.19+dfsg/debian/patches/make-sure-that-the-submitted-year-is-an-accepted-choice.patch
symfony-4.4.19+dfsg/debian/patches/make-sure-that-the-submitted-year-is-an-accepted-choice.patch
---
symfony-4.4.19+dfsg/debian/patches/make-sure-that-the-submitted-year-is-an-accepted-choice.patch
1970-01-01 01:00:00.0 +0100
+++
symfony-4.4.19+dfsg/debian/patches/make-sure-that-the-submitted-year-is-an-accepted-choice.patch
2024-02-18 10:59:51.0 +0100
@@ -0,0 +1,35 @@
+From: Christian Flothmann
+Date: Tue, 2 Jan 2024 08:56:56 +0100
+Subject: make sure that the submitted year is an accepted choice
+
+Origin: upstream,
https://github.com/symfony/symfony/commit/64f675ced4c60a67f564608fb598dc27ea3de9f6
+Bug-Debian: https://bugs.debian.org/1061033
+---
+ .../Component/Form/Tests/Extension/Core/Type/DateTimeTypeTest.php| 1 +
+ src/Symfony/Component/Form/Tests/Extension/Core/Type/DateTypeTest.php| 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git
a/src/Symfony/Component/Form/Tests/Extension/Core/Type/DateTimeTypeTest.php
b/src/Symfony/Component/Form/Tests/Extension/Core/Type/DateTimeTypeTest.php
+index 506ec11..3016069 100644
+--- a/src/Symfony/Component/Form/Tests/Extension/Core/Type/DateTimeTypeTest.php
b/src/Symfony/Component/Form/Tests/Extension/Core/Type/DateTimeTypeTest.php
+@@ -701,6 +701,7 @@ class DateTimeTypeTest extends BaseTypeTest
+ $form = $this->factory->create(static::TESTED_TYPE, null, [
+ 'widget' => $widget,
+ 'empty_data' => $emptyData,
++'years' => range(2018, (int) date('Y')),
+ ]);
+ $form->submit(null);
+
+diff --git
a/src/Symfony/Component/Form/Tests/Extension/Core/Type/DateTypeTest.php
b/src/Symfony/Component/Form/Tests/Extension/Core/Type/DateTypeTest.php
+index 5891cc0..893fac1 100644
+--- a/src/Symfony/Component/Form/Tests/Extension/Core/Type/DateTypeTest.php
b/src/Symfony/Component/Form/Tests/Extension/Core/Type/DateTypeTest.php
+@@ -1021,6 +1021,7 @@ class DateTypeTest extends BaseTypeTest
+ $form = $this->factory->create(static::TESTED_TYPE, null, [
+ 'widget' => $widget,
+ 'empty_data' => $emptyData,
++'years' => range(2018, (int) date('Y')),
+ ]);
+ $form->submit(null);
+
diff -Nru symfony-4.4.19+dfsg/debian/patches/series
symfony-4.4.19+dfsg/debian/patches/series
--- symfony-4.4.19+dfsg/debian/patches/series 2023-11-11 19:09:20.0
+0100
+++ symfony-4.4.19+dfsg/debian/patches/series 2024-02-18 10:59:51.0
+0100
@@ -24,3 +24,4 @@
Security-Http-Remove-CSRF-tokens-from-storage-on-successf.patch
Mime-regenerate-test-certificates.patch
TwigBridge-Ensure-CodeExtension-s-filters-properly-escape.patch
+make-sure-that-the-submitted-year-is-an-accepted-choice.patch
diff -Nru
symfony-4.4.19+dfsg/debian/patches/VarDumper-Adapt-to-homemade-autoload.patch
symfony-4.4.19+dfsg/debian/patches/VarDumper-Adapt-to-homemade-autoload.patch
---
symfony-4.4.19+dfsg/debian/patches/VarDumper-Adapt-to-homemade-autoload.patch
2023-11-11 19:09:20.0 +0100
+++
symfony-4.4.19+dfsg/debian/patches/VarDumper-Adapt-to-homemade-autoload.patch
2024-02-18 10:59:51.0 +0100
@@ -4,11 +4,11 @@
Forwarded: no
---
- src/Symfony/Component/VarDumper/Resources/bin/var-dump-server | 8
- 1 file