File php-composer2.spec of Package php-composer2.32589

#
# spec file for package php-composer2
#
# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via https://bugs.opensuse.org/
#


Name:           php-composer2
Version:        2.2.3
Release:        0
Summary:        Dependency Management for PHP
License:        MIT
Group:          Development/Libraries/Other
URL:            https://getcomposer.org/
Source0:        https://getcomposer.org/download/%{version}/composer.phar
# CVE-2022-24828 [bsc#1198494], Code injection vulnerability
Patch0:         php-composer2-CVE-2022-24828.patch
# CVE-2023-43655 [bsc#1215859], Remote Code Execution via web-accessible composer.phar
Patch1:         php-composer2-CVE-2023-43655.patch
# CVE-2024-24821 [bsc#1219757], under certain conditions arbitrary code execution may lead to local privilege escalation, provide lateral user movement or malicious code execution
Patch2:         php-composer2-CVE-2024-24821.patch
Requires:       php-curl
Requires:       php-json
Requires:       php-mbstring
Requires:       php-openssl
Requires:       php-phar
Requires:       php-zip
Requires:       php-zlib
Requires(post): update-alternatives
Requires(postun):update-alternatives
Provides:       composer = %{version}
Provides:       php-composer = %{version}
Provides:       php5-composer = %{version}
Provides:       php7-composer = %{version}
Obsoletes:      php-composer < %{version}
BuildArch:      noarch
%if 0%{?sles_version} >= 10
BuildRequires:  php53 >= 5.3.2
Requires:       php53 >= 5.3.2
%else
BuildRequires:  php >= 5.3.2
Requires:       php >= 5.3.2
%endif
BuildRequires:  php8-phar

%description
Composer is a dependency manager tracking local dependencies of your projects
and libraries.

%prep
%setup -q -c -T
mkdir SRC && cd SRC
cp %{SOURCE0} .
phar extract -f composer.phar
# 1. patch files
patch -p1 < %{PATCH0}
patch -p1 < %{PATCH1}
patch -p1 < %{PATCH2}
echo 'phar.readonly=Off' > ../php.ini
# 2. add patched files into the phar
PHPRC=../php.ini phar add -f composer.phar $(grep '+++' $(dirname %{PATCH0})/*.patch | sed -e 's:.*b/::' -e 's:\s.*::')
cd ..

%build

%install
# Install compiled phar file
install -d -m 0750 %{buildroot}%{_bindir}
install -m 0755 SRC/composer.phar %{buildroot}%{_bindir}/composer2
# Create a dummy target for /etc/alternatives/composer
mkdir -p %{buildroot}%{_sysconfdir}/alternatives
ln -s -f %{_sysconfdir}/alternatives/composer %{buildroot}%{_bindir}/composer

%post
update-alternatives --install \
   %{_bindir}/composer composer %{_bindir}/composer2 2

%postun
if [ ! -f %{_bindir}/composer2 ] ; then
   update-alternatives --remove composer %{_bindir}/composer2
fi

%files
%license SRC/LICENSE
%defattr(-,root,root,0755)
%{_bindir}/composer
%{_bindir}/composer2
%ghost %_sysconfdir/alternatives/composer

%changelog