Bug#946841: buster-pu: package simplesamlphp/1.16.3-1+deb10u2

[Adam D. Barratt]

Control: tags -1 + confirmed

On Mon, 2019-12-16 at 14:27 +0100, Thijs Kinkhorst wrote:
> The simpleSAMLphp package in buster suffers from an incompatibility
> with PHP 7.3 (also shipped in buster) that can be fixed with a one
> character change.
> 
> The bug report is at https://bugs.debian.org/944820
> 
> This was missed during the release cycle because the already existing
> and working simplesamlphp package was not fully re-tested when PHP
> 7.3 was introduced into buster.
> 

Please go ahead.

Regards,

Adam

Bug#946841: buster-pu: package simplesamlphp/1.16.3-1+deb10u2

[Thijs Kinkhorst]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

Hi,

The simpleSAMLphp package in buster suffers from an incompatibility with
PHP 7.3 (also shipped in buster) that can be fixed with a one character
change.

The bug report is at https://bugs.debian.org/944820

This was missed during the release cycle because the already existing
and working simplesamlphp package was not fully re-tested when PHP 7.3
was introduced into buster.

Please see attached debdiff for a proposed fix for buster.


Thanks,
Thijs
diff -Nru simplesamlphp-1.16.3/debian/changelog 
simplesamlphp-1.16.3/debian/changelog
--- simplesamlphp-1.16.3/debian/changelog   2019-11-03 06:46:13.0 
+0100
+++ simplesamlphp-1.16.3/debian/changelog   2019-12-16 14:15:00.0 
+0100
@@ -1,3 +1,9 @@
+simplesamlphp (1.16.3-1+deb10u2) buster; urgency=medium
+
+  * Fix incompatibility with PHP 7.3 (closes: #944820).
+
+ -- Thijs Kinkhorst   Mon, 16 Dec 2019 14:15:00 +0100
+
 simplesamlphp (1.16.3-1+deb10u1) buster-security; urgency=high
 
   * Fix security issue CVE-2019-3465.
diff -Nru simplesamlphp-1.16.3/debian/patches/fix-xmlseclibs-php73.patch 
simplesamlphp-1.16.3/debian/patches/fix-xmlseclibs-php73.patch
--- simplesamlphp-1.16.3/debian/patches/fix-xmlseclibs-php73.patch  
1970-01-01 01:00:00.0 +0100
+++ simplesamlphp-1.16.3/debian/patches/fix-xmlseclibs-php73.patch  
2019-12-16 14:15:00.0 +0100
@@ -0,0 +1,24 @@
+From: Stefan Winter 
+Date: Thu, 18 Oct 2018 07:24:07 +0200
+Subject: [PATCH] make regex PCRE2 compliant
+
+PHP7.3 makes a hard switch from PCRE to PCRE2, where the hyphen needs to be 
escaped. I've tested and confirmed that with PHP 7.3rc3
+- the code as was before this PR breaks with a PHP error about unable to 
compile the regex
+- the code with this one-character PR applied works just fine
+---
+ src/Utils/XPath.php | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/Utils/XPath.php b/src/Utils/XPath.php
+index 11e51fb..8cdc48e 100644
+--- a/vendor/robrichards/xmlseclibs/src/Utils/XPath.php
 b/vendor/robrichards/xmlseclibs/src/Utils/XPath.php
+@@ -7,7 +7,7 @@ class XPath
+ const ALPHANUMERIC = '\w\d';
+ const NUMERIC = '\d';
+ const LETTERS = '\w';
+-const EXTENDED_ALPHANUMERIC = '\w\d\s-_:\.';
++const EXTENDED_ALPHANUMERIC = '\w\d\s\-_:\.';
+ 
+ const SINGLE_QUOTE = '\'';
+ const DOUBLE_QUOTE = '"';
diff -Nru simplesamlphp-1.16.3/debian/patches/series 
simplesamlphp-1.16.3/debian/patches/series
--- simplesamlphp-1.16.3/debian/patches/series  2019-11-03 06:44:18.0 
+0100
+++ simplesamlphp-1.16.3/debian/patches/series  2019-12-16 14:15:00.0 
+0100
@@ -1,2 +1,3 @@
 debian_config.patch
 CVE-2019-3465.patch
+fix-xmlseclibs-php73.patch