XPost: linux.debian.devel.release

--aYDjapSajnmon9cj
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: php-proxy-manager@packages.debian.org, team@security.debian.org Control: affects -1 + src:php-proxy-manager
User: release.debian.org@packages.debian.org
Usertags: pu

[5/9 for bookworm]

This is a follow up from composer/DSA-5632-1.

In order to fix a Debian-specific issue related to CVE-2024-24821, we
agreed with the security team to push related dependencies via the next
point release.

The only change (besides changelog entry) in the binary package is the following (thanks to diffoscope).

│ │ ├── ./usr/share/php/ProxyManager/autoload.php
│ │ │ @@ -1,12 +1,12 @@
│ │ │ <?php
│ │ │
│ │ │ // Require
│ │ │ -require_once 'Laminas/Code/autoload.php';
│ │ │ -require_once 'Symfony/Component/Filesystem/autoload.php';
│ │ │ +require_once __DIR__ . '/../Laminas/Code/autoload.php';
│ │ │ +require_once __DIR__ . '/../Symfony/Component/Filesystem/autoload.php';
│ │ │
│ │ │ // Suggest

The goal is to ensure related dependencies are loaded from the system
path.

The attached debdiff is a bit bigger, since it aims at keeping the
testsuite at buildtime effective.

[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable

TIA for considering.

Cheers,

taffit

--aYDjapSajnmon9cj
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: attachment;
filename="php-proxy-manager_2.11.1+1.0.14-1+deb12u1" Content-Transfer-Encoding: quoted-printable

diff -Nru php-proxy-manager-2.11.1+1.0.14/debian/autoload.php.tpl php-proxy-manager-2.11.1+1.0.14/debian/autoload.php.tpl
--- php-proxy-manager-2.11.1+1.0.14/debian/autoload.php.tpl 1970-01-01 01:00:00.000000000 +0100
+++ php-proxy-manager-2.11.1+1.0.14/debian/autoload.php.tpl 2024-02-15 22:58:41.000000000 +0100
@@ -0,0 +1,30 @@
+<?php
+
+// Require
+require_once __DIR__ . '/../Laminas/Code/autoload.php';
+require_once __DIR__ . '/../Symfony/Component/Filesystem/autoload.php';
+
+// Suggest
+
+// @codingStandardsIgnoreFile
+// @codeCoverageIgnoreStart
+// this is an autogenerated file - do not edit
+spl_autoload_register(
+ function($class) {
+ static $classes = null;
+ if ($classes === null) {
+ $classes = array(
+ ___CLASSLIST___
+ );
+ }
+ $cn = strtolower($class);
+ if (isset($classes[$cn])) {
+ require ___BASEDIR___$classes[$cn];
+ }
+ },
+ ___EXCEPTION___,
+ ___PREPEND___
+);
+// @codeCoverageIgnoreEnd
+
+// Files
diff -Nru php-proxy-manager-2.11.1+1.0.14/debian/changelog php-proxy-manager-

XPost: linux.debian.devel.release

Control: tags -1 + confirmed

On Thu, 2024-02-29 at 11:50 +0100, David Prévot wrote:

This is a follow up from composer/DSA-5632-1.

In order to fix a Debian-specific issue related to CVE-2024-24821, we
agreed with the security team to push related dependencies via the
next
point release.

Please go ahead.

Regards,

Adam

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.devel.release

package release.debian.org
tags 1065060 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==============

Package: php-proxy-manager
Version: 2.11.1+1.0.14-1+deb12u1

Explanation: force system dependency loading

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)