������php-composer2-2.2.3-150400.3.9.1������������������������������������������������������������������<���>�������,���������������������������������������������������Z�����e˂p9|�����Lz,#[;CUOȦ�%��9�
�
ͲO�m�v]g>oͽoDy_�R(cDa
٩�Tۀ&0ha^Y+oc;1I$VӸ\U.%$�؆�� H>�B�p>z2pz�uO/$%�S#lG}\X���z3x.MChρy`,{I����Sr 2hY1�mB�#>JQ^j(~1�r���>��������������������E��K,���?������K��������d��������������������������������������������������������������� ���#���������� ���A������������������������������������������������������������������������������������������������������������ ������������������$��������������=��������������C���������������J������������������������������������������������������ �������"�������
�������,���������������@����������������������
�����������������������������������������������������*���������������T���������������h����������������������������������������������������(���������������8���������������9�������@�������:��������������>������G��������@������G��������B������G��������F������G,�������G������G@�������H������GT�������I������Gh�������X������Gp�������Y������G�������Z������G�������[������G�������\������G�������]������G�������^������H��������b������HW�������c������I��������d������I�������e������I�������f������I�������l������I�������u������I�������v������I�������w������J�������x������J�������y������J�������z������J�������������J�������������J�������������J�������������K�����C�php-composer2�2.2.3�150400.3.9.1�Dependency Management for PHP�Composer is a dependency manager tracking local dependencies of your projects
and libraries.���e˂h03-ch2a�����#SUSE Linux Enterprise 15�SUSE LLC �MIT�https://www.suse.com/�Development/Libraries/Other�https://getcomposer.org/�linux�noarch�update-alternatives --install \
/usr/bin/composer composer /usr/bin/composer2 2�if [ ! -f /usr/bin/composer2 ] ; then
update-alternatives --remove composer /usr/bin/composer2
fi������������#�������.�A큤����������e˂e˂e˂e˂e˂��f5ce2f9dfa192ab9a2196b3dc08f86eb909520127e0a368e88d6d8b6910c9a32��c8cce4b6b9729f264ffdf9296d505d63432497feeed1f586d1902b942197e024��/etc/alternatives/composer�������@���������������root�root�root�root�root�root�root�root�root�root�php-composer2-2.2.3-150400.3.9.1.src.rpm��composer�php-composer�php-composer2�php5-composer�php7-composer�����������@������������������������������������
���
���
���
��������/bin/sh�/bin/sh�/usr/bin/env�php�php-curl�php-json�php-mbstring�php-openssl�php-phar�php-zip�php-zlib�rpmlib(CompressedFileNames)�rpmlib(FileDigests)�rpmlib(PayloadFilesHavePrefix)�rpmlib(PayloadIsXz)�update-alternatives�update-alternatives����5.3.2��������3.0.4-1�4.6.0-1�4.0-1�5.2-1���4.14.3���eYe�c��aaa@aD@aA@`@`@_hpgajdos@suse.com�pgajdos@suse.com�pgajdos@suse.com�pgajdos@suse.com�i@guoyunhe.me�i@guoyunhe.me�pgajdos@suse.com�jweberhofer@weberhofer.at�kkaempf@suse.com�kkaempf@suse.com�i@guoyunhe.me�- security update
- added patches
fix CVE-2024-24821 [bsc#1219757], under certain conditions arbitrary code execution may lead to local privilege escalation, provide lateral user movement or malicious code execution
+ php-composer2-CVE-2024-24821.patch�- security update
- modified patches
% php-composer2-CVE-2022-24828.patch (refreshed)
- added patches
fix CVE-2023-43655 [bsc#1215859], Remote Code Execution via web-accessible composer.phar
+ php-composer2-CVE-2023-43655.patch�- security update
- added patches
fix CVE-2022-24828 [bsc#1198494], Code injection vulnerability
+ php-composer2-CVE-2022-24828.patch�- version update to 2.2.3
2.2.3 2021-12-31
* Fixed issue with PHPUnit and process isolation now including PHPUnit
<6.5 (#10387)
* Fixed interoperability issue with laminas/laminas-zendframework-bridge
and Composer 2.2 (#10401)
* Fixed binary proxies for shell scripts to work correctly when they are
symlinked (jakzal/phpqa#336)
* Fixed overly greedy pool optimization in cases where a locked package
is not required by anything anymore in a partial update (#10405)
2.2.2 2021-12-29
* Added COMPOSER_BIN_DIR env var and _composer_bin_dir global containing
the path to the bin-dir for binaries. Packages relying on finding the
bin dir with $BASH_SOURCES[0] will need to update their binaries (#10402)
* Fixed issue when new binary proxies are combined with PHPUnit and process
isolation (#10387)
* Fixed deprecation warnings when using Symfony 5.4+ and requiring
composer/composer itself (#10404)
* Fixed UX of plugin warnings (#10381)
2.2.1 2021-12-22
* Fixed plugin autoloading including files autoload rules from the root
package (#10382)
* Fixed issue parsing php files with unterminated comments found inside
backticks (#10385)
2.2.0 2021-12-22
* Added support for using dev-main as the default path repo package
version if no VCS info is available (#10372)
* Added --no-scripts as a globally supported flag to all Composer commands
to disable scripts execution (#10371)
* Fixed self-update failing in some edge cases due to loading plugins
(#10371)
* Fixed display of conflicts showing the wrong package name in some
conditions (#10355)
2.2.0-RC1 2021-12-08
* Bumped composer-runtime-api and composer-plugin-api to 2.2.0
* UX Change: Added allow-plugins config value to enhance security against
runtime execution, this will prompt you the first time you use a plugin
and may hang pipelines if they aren't using --no-interaction (-n) as they
should (#10314)
* Added an optimization pass to reduce the amount of redundant inspected
during resolution, drastically improving memory and CPU usage (#9261,
[#9620])
* Added a global $_composer_autoload_path variable containing the path
to autoload.php for binaries (#10137)
* Added wildcard support to --ignore-platform-req (e.g. ext-*) (#10083)
* Added support for ignoring the upper bound of platform requirements
using "name+" notation e.g. using --ignore-platform-req=php+ would
allow installing a package requiring php: 8.0.* on PHP 8.1, but not on
PHP 7.4. Useful for CI builds of upcoming PHP versions (#10318)
* Added support for setting platform packages to false in
config.platform to disable/hide them (#10308)
* Added use-parent-dir option to configure the prompt for using
composer.json in upper directory when none is present in current dir
(#10307)
* Added composer platform package which is always the exact version of
Composer running unlike composer-*-api packages (#10313)
* Added a --source flag to config command to show where config values
are loaded from (#10129)
* Added support for files autoloaders in the runtime scripts/plugins
contexts (#10065)
* Added retry behavior on certain http status and curl error codes (#10162)
* Added abandoned flag display in search command output
* Added support for --ignore-platform-reqs in outdated command (#10293)
* Added --only-vendor (-O) flag to search command to search (and return)
vendor names (#10336)
* Added COMPOSER_NO_DEV environment variable to set the --no-dev flag (#10262)
* Fixed archive command to behave more like git archive, gitignore/hgignore
are not taken into account anymore, and gitattributes support was improved
(#10309)
* Fixed unlocking of replacers when a replaced package is unlocked (#10280)
* Fixed auto-unlocked path repo packages also unlocking their transitive
deps when -w/-W is used (#10157)
* Fixed handling of recursive package links (e.g. requiring or replacing
oneself)
* Fixed env var reads to check $_SERVER and $_ENV before getenv for broader
ecosystem compatibility (#10218)
* Fixed archive command to produce archives with files sorted by name (#10274)
* Fixed VcsRepository issues where server failure could cause missing
tags/branches (#10319)
* Fixed some error reporting issues (#10283, #10339)�- Use update-alternatives
- Update to 2.1.14
* Fixed invalid release build (2.1.13 was deleted as invalid)
* Removed symfony/console ^6 support as we cannot be compatible
until Composer 2.3.0 is released. If you have issues with
Composer required as a dependency + Symfony make sure you stay
on Symfony 5.4 for now. (#10321)�- Obsoletes php-composer (version 1.x)
- Update to 2.1.12
* Fixed issues in proxied binary files relying on __FILE__ / __DIR__
on php <8 (#10261)
* Fixed 9999999-dev being shown in some cases by the show command (#10260)
* Fixed GitHub Actions output escaping regression on PHP 8.1 (#10250)
- Update to 2.1.11
* Fixed issues in proxied binary files when using declare() on php <8 (#10249)
* Fixed GitHub Actions output escaping issues (#10243)
- Update to 2.1.10
* Added type annotations to all classes, which may have an effect on
CI/static analysis for people using Composer as a dependency (#10159)
* Fixed CurlDownloader requesting gzip encoding even when no gzip
support is present (#10153)
* Fixed regression in 2.1.6 where the help command was not working for
plugin commands (#10147)
* Fixed warning showing when an invalid cache dir is configured but
unused (#10125)
* Fixed require command reverting changes even though dependency
resolution succeeded when something fails in scripts for example (#10118)
* Fixed require not finding the right package version when some newly
required extension is missing from the system (#10167)
* Fixed proxied binary file issues, now using output buffering (e1dbd65)
* Fixed and improved error reporting in several edge cases (#9804,
[#10136], #10163, #10224, #10209)
* Fixed some more Windows CLI parameter escaping edge cases
- Update to 2.1.9
* Security: Fixed command injection vulnerability on Windows
(GHSA-frqg-7g38-6gcf / CVE-2021-41116)
* Fixed classmap parsing with a new class parser which does not rely
on regexes anymore (#10107)
* Fixed inline git credentials showing up in output in some conditions
(#10115)
* Fixed support for running updates while offline as long as the
cache contains enough information (#10116)
* Fixed show --all foo/bar which as of 2.0.0 was not showing all
versions anymore but only the installed one (#10095)
* Fixed VCS repos ignoring some versions silently when the API rate
limit is reached (#10132)
* Fixed CA bundle to remove the expired Let's Encrypt root CA�- requires php-mbstring [bnc#1187416]�- Update to 2.1.8
Fixed regression in 2.1.7 when parsing classmaps in files containing
invalid Unicode (gh#composer/composer#10102)
- Update to 2.1.7
* Added many type annotations internally, which may have an effect on
CI/static analysis for people using Composer as a dependency. This work will
continue in following releases
* Fixed regression in 2.1.6 when parsing classmaps with empty heredocs
(gh#composer/composer#10067)
* Fixed regression in 2.1.6 where list command was not showing plugin
commands (gh#composer/composer#10075)
* Fixed issue handling package updates where the package type changed
(gh#composer/composer#10076)
* Fixed docker being detected as WSL when run inside WSL
(gh#composer/composer#10094)
- Update to 2.1.6
* Updated internal PHAR signatures to be SHA512 instead of SHA1
* Fixed uncaught exception handler regression (gh#composer/composer#10022)
* Fixed more PHP 8.1 deprecation warnings
(gh#composer/composer#10036, gh#composer/composer#10038,
gh#composer/composer#10061)
* Fixed corrupted zips in the cache from blocking installs until a cache
clear, the bad archives are now deleted automatically on first failure
(gh#composer/composer#10028)
* Fixed URL sanitizer handling of new github tokens (gh#composer/composer#10048)
* Fixed issue finding classes with very long heredocs in classmap
autoload (gh#composer/composer#10050)
* Fixed proc_open being required for simple installs from zip, as well as
diagnose (gh#composer/composer#9253)
* Fixed path repository bug causing symlinks to be left behind after a
package is uninstalled (gh#composer/composer#10023)
* Fixed issue in 7-zip support on windows with certain archives
(gh#composer/composer#10058)
* Fixed bootstrapping process to avoid loading the composer.json and
plugins until necessary, speeding things up slightly (gh#composer/composer#10064)
* Fixed lib-openssl detection on FreeBSD (gh#composer/composer#10046)
* Fixed support for ircs:// protocol for support.irc composer.json entries�- Require php-curl as Composer strongly recommends this.�- Update to 2.1.5
Mostly bugfixes. See https://github.com/composer/composer/releases
for details.�- Version 2.0.2
* Fixed regression handling composer show -s in projects where no
version can be guessed from VCS
* Fixed regression handling partial updates/require when a lock
file was missing
* Fixed interop issue with plugins that need to update dist URLs
of packages
- Version 2.0.1
* Fixed crash on PHP8
- Version 2.0.0
* Breaking: This is a major release and while we tried to keep things
compatible for most users, you might want to have a look at the
UPGRADE guides
* Many CPU and memory performance improvements
* The update command is now much more deterministic as it does not
take the already installed packages into account
* Package installation now performs all network operations first
before doing any changes on disk, to reduce the chances of ending
up with a partially updated vendor dir
* Partial updates and require/remove are now much faster as they
only load the metadata required for the updated packages
* Added a platform-check step when vendor/autoload.php gets initialized
which checks the current PHP version/extensions match what is
expected and fails hard otherwise. Can be disabled with the
platform-check config option
* Added a Composer\InstalledVersions class which is autoloaded in
every project and lets you check which packages/versions are
present at runtime
* Added a composer-runtime-api virtual package which you can require
(as e.g. ^2.0) to ensure things like the InstalledVersions class
above are present. It will effectively force people to use Composer
2.x to install your project
* Added support for parallel downloads of package metadata and zip
files, this requires that the curl extension is present and we thus
strongly recommend enabling curl
* Added parallel installation of packages (requires OSX/Linux/WSL,
and that unzip is present in PATH)
* Added much clearer dependency resolution error reporting for common
error cases
* Added support for updating to a specific version with partial
updates, as well as a --with flag to pass in temporary constraint
overrides
* Added automatic removal of packages which are not required anymore
whenever an update is done, this will purge packages previously
left over by partial updates and require/remove
* Added support for TTY mode on Linux/OSX/WSL so that script handlers
now run in interactive mode
* Added only, exclude and canonical options to all repositories, see
repository priorities for details
* Added support for many new lib-* packages in the platform repository
and improved version detection for some ext-* and lib-* packages
* Added pre-operations-exec event to be fired before the packages get
installed/upgraded/removed
* Added pre-pool-create event to be fired before the package pool for
the dependency solver is created, which lets you modify the list
of packages going in
* Added post-file-download event to be fired after package dist files
are downloaded, which lets you do additional checks on the files
* Added --locked flag to show command to see the packages from the
composer.lock file
* Added --unused flag to remove command to make sure any packages
which are not needed anymore get removed
* Added --dry-run flag to require and remove commands
* Added --no-install flag to update, require and remove commands to
disable the install step and only do the update step (composer.lock
file update)
* Added an --ask flag to create-project command to make Composer prompt
for the install dir name, useful for project install instructions
* Added support for multiple --repository flags being passed into
the create-project command, only useful in combination with
- -add-repository to persist them to composer.json
* Added --with-dependencies and --with-all-dependencies flag aliases
to require and remove commands for consistency with update
* Added shorthand aliases -w for --with-dependencies and -W for
- -with-all-dependencies on update/require/remove commands
* Added more info to vendor/composer/installed.json, a dev key stores
whether dev requirements were installed, and every package now has
an install-path key with its install location
* Added COMPOSER_DISABLE_NETWORK which if set makes Composer do its
best to run offline. This can be useful when you have poor
connectivity or to do benchmarking without network jitter
* Added COMPOSER_DEBUG_EVENTS=1 env var support for plugin authors
to figure out which events are triggered when
* Added setCustomCacheKey to PreFileDownloadEvent and fixed a cache
bug for integrations changing the processed url of package archives
* Added Composer\Util\SyncHelper for plugin authors to deal with
async Promises more easily
* Added $composer->getLoop()->getHttpDownloader() to get access to
the main HttpDownloader instance in plugins
* Added --json and --merge flags to config command to allow editing
complex extra.* values by using json as input
* Added confirmation prompt when running Composer as superuser in
interactive mode
* Added --no-check-version to validate command to remove the warning
in case the version is defined
* Added --ignore-platform-req (without s) to all commands supporting
- -ignore-platform-reqs, which accepts a package name so you can
ignore only specific platform requirements
* Added --no-dev support to show and outdated commands to skip dev
requirements
* Added --format=summary flag to license command
* Added a cache-read-only config option to make the cache usable in
read only mode for containers and such
* Added support for wildcards (*) in classmap autoloader paths
* Added support for configuring GitLab deploy tokens in addition to
private tokens, see gitlab-token
* Added support for package version guessing for require and init
command to take all platform packages into account, not just php
version
* Added support for tar in artifact repositories
* Added a non-zero exit code (2) and warning to remove command when
a package to be removed could not be removed
* Added --apcu-autoloader-prefix (or --apcu-prefix for dump-autoload
command) flag to let people use apcu autoloading in a deterministic
output way if that is needed
* Fixed package ordering when autoloading and especially when loading
plugins, to make sure dependencies are loaded before their dependents
* Fixed suggest output being very spammy, it now is only one line
long and shows more rarely
* Fixed conflict rules like e.g. >=5 from matching dev-master, as
it is not normalized to 9999999-dev internally anymore
* Fixed solver bug resulting in endless loops in some cases
* Lots of minor bug fixes and improvements�/bin/sh�/bin/sh�php-composer�h03-ch2a 1707836076���������������������������������������������������������������������2.2.3�2.2.3�2.2.3-150400.3.9.1�2.2.3�2.2.3������2.2.3�����������������������composer�composer�composer2�php-composer2�LICENSE�/etc/alternatives/�/usr/bin/�/usr/share/licenses/�/usr/share/licenses/php-composer2/�-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g�obs://build.suse.de/SUSE:Maintenance:32589/SUSE_SLE-15-SP4_Update/c3db8f492e3aeed08024e91d83809f93-php-composer2.SUSE_SLE-15-SP4_Update�drpm�xz�5�noarch-suse-linux���������������������cannot open `/home/abuild/rpmbuild/BUILDROOT/php-composer2-2.2.3-150400.3.9.1.x86_64/etc/alternatives/composer' (No such file or directory)��a /usr/bin/env php script executable (binary data)�directory�ASCII text��������������������������������������������R���tWQ
t" wSX����utf-8�ea2823f128d84c78772d08136611a4f41d9629b649b73d8517708c99c77a3da5���������?��������7zXZ��
���!�����t/
]�"��k%^ ϻ
؛{U�^Ƨmt�5lwE EX@fV
g�zR|%5^%O=x*m$�(w�4 �Z3��ݫ*JL��$&�a2�zͫ+M�A ��-F�oڼ���;B >.bhmW�+Y#]�R}W}"3X4n�vK�pcTo0,�I3ߛEY"�[Z:'9!�Q(! ^TyT
�OrP,Q�x�iJl��H>��z^X+3%|_8_G!m�֦L@c%+Ǯ��p5�Tklwb;�۾^��C5q^6W
>��0!C×G�U}VeBv
ASM��i�7#d�5y�0ɑZ4!Ia7
飿t��͈�r1{w�o�Q��5BU/ì3�?˖`Sw�/�\y0Bh**h`D�_wNCϡ �=19j2gM=>.�׆�D�h|n)57���0}y� r|?�cKQSRUBw|+Il�p#0o)A&Pl
tʯ-&�]HXz\O��iKUDyhr@u�e�h�j�w�\G�`�*SM)e
�`PK�낭X�G窥â�&iVym�*]ǫ<0��+4<'�ro�(
(:4PTT�,o >A��u~4ad�F�Wu;83��u0?b]30[M*o7E��ԉ�϶ϢLջ>NK�)W;jCɨ_5m\69`>B=^Sb^H)uQ^��YscNW�iE�ih��^a<)~rOУ�g�~NE[('y.!J"[35쨴=9��7%KxCmi�5H��2�:G g8Q^qpפWCʱ�
Bp_�7g�H�C
oTjS:R��:~�P} 0rU�^ߘk,b:lBdf8�{Dbo"@[��.zU.�b`9j!Xe%5�d;'K3Ϫ;��\MYҡ��R*'
Q/Gz=ސ�x1=�3#?Q1��9J-�Wp�%Δ,.&"*5�9(�\ʾy:+369ΡBN}�*�տ���'Ѥ�d"QKUtP�y}Jl#�SZ�㓛q�*�9sZHvC�Wu��2KZp�JՒa,tζ2
KDhND|I�hr��!�_h15rg$($��Ϭ洝1�]ve!
*#W��^qq�
x|)�#kM��lG�xk��rf(�R(mj&EW9.
:?ߟ`�J+æY
�.=up:6x,�(p
{8ݣsD�4*\Id�buNC��"Tg.;OkS[�bQMx�,[46�/J�B�F��!&a^
�x)�^j+ NѦOt5 ԚAɴ�u֞�>qD#}/k/g���)C�{x��hF�B�ЎԐ �l
;z��d\N[6R2^c��
<�YKh�I��AAi�\"�7�;@�OXKm4cNΏSxl.&)B ;�֧kzEg�s�9.%Tc��ߠAs�|���Y/w`�U�ڛ08�O9w$`�d<
;x�T̰8Xn�θAi�? Z揬p@�y\݇�,�bˏ{ !҆x/�zh�yXC48��*EM|z-N�"��etuGa⣞��I��blԚ\t M�K��>nȜ5LO�QaE�-4w5_gU 7Z}:wsX\y��Y\Z-�綃P�Au�~C��:͍,Q�%'LD`g!~C�{ڰ�]>A^HvAGTb�.3HcU�ہ&@0�S�3E�>[`lpB5u3�EC
Z/y'"oXKא5ZNb��su#!�=_%0Y8�+X�h;�hZYړ]r G�Πc@f'FH _bݸg";�^=2\