XPost: linux.debian.devel.release

--uhM2aBhYgDraE1f7
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: php-zend-code@packages.debian.org, team@security.debian.org Control: affects -1 + src:php-zend-code
User: release.debian.org@packages.debian.org
Usertags: pu

[5/6 for bullseye]

This is a follow up from composer/DSA-5632-1, similar to #1065062 in
bookworm.

In order to fix a Debian-specific issue related to CVE-2024-24821, we
agreed with the security team to push related dependencies via the next
point release.

The only change (besides changelog entry) in the binary package is the following (thanks to diffoscope).

│ │ ├── ./usr/share/php/Laminas/Code/autoload.php
│ │ │ @@ -1,14 +1,12 @@
│ │ │ <?php
│ │ │
│ │ │ -require_once 'Laminas/EventManager/autoload.php';
│ │ │ -if (stream_resolve_include_path('Doctrine/Common/Annotations/autoload.php')){
│ │ │ - include_once 'Doctrine/Common/Annotations/autoload.php';
│ │ │ -}
│ │ │ -// include_once 'Laminas/Stdlib/autoload.php'; (already included by EventManager)
│ │ │ +require_once __DIR__ . '/../EventManager/autoload.php';
│ │ │ +if (stream_resolve_include_path(__DIR__ . '/../../Doctrine/Common/Annotations/autoload.php')) { include_once __DIR__ . '/../../Doctrine/Common/Annotations/autoload.php'; }
│ │ │ +// include_once __DIR__ . '/../Stdlib/autoload.php'; (already included by EventManager)
│ │ │
│ │ │ // @codingStandardsIgnoreFile

The goal is to ensure related dependencies are loaded from the system
path.

The attached debdiff is a bit bigger, since it aims at keeping the
testsuite at buildtime effective.

[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable

TIA for considering.

Cheers,

taffit

--uhM2aBhYgDraE1f7
Content-Type: text/x-diff; charset=iso-8859-1
Content-Disposition: attachment;
filename="php-zend-code_4.0.0-2+deb11u1.patch" Content-Transfer-Encoding: quoted-printable

diff -Nru php-zend-code-4.0.0/debian/autoload.php.tpl php-zend-code-4.0.0/debian/autoload.php.tpl
--- php-zend-code-4.0.0/debian/autoload.php.tpl 2021-01-11 20:28:16.000000000 +0100
+++ php-zend-code-4.0.0/debian/autoload.php.tpl 2024-02-18 12:20:19.000000000 +0100
@@ -1,10 +1,8 @@
<?php

-require_once 'Laminas/EventManager/autoload.php';
-if (stream_resolve_include_path('Doctrine/Common/Annotations/autoload.php')){ - include_once 'Doctrine/Common/Annotations/autoload.php';
-}
-// include_once 'Laminas/Stdlib/autoload.php'; (already included by EventManager)
+require_once __DIR__ . '/../EventManager/autoload.php';
+if (stream_resolve_include_path(__DIR__ . '/../../Doctrine/Common/Annotations/autoload.php')) { include_once __DIR__ . '/../../Doctrine/Common/Annotations/autoload.php'; }
+// include_once __DIR__ . '/../Stdlib/autoload.php'; (already included by EventManager)

// @codingStandardsIgnoreFile
// @codeCoverageIgnoreStart
diff -Nru php-zend-code-4.0.0/debian/changelog php-zend-code-4.0.0/debian/changelog
--- php-zend-code-4.0.0/debian/changelog 2021-01-14 04:40:38.000000000

XPost: linux.debian.devel.release

package release.debian.org
tags 1065077 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==============

Package: php-zend-code
Version: 4.0.0-2+deb11u1

Explanation: force system dependency loading

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)