Package: php-sabredav / 1.8.10-2

Metadata

Package Version Patches format
php-sabredav 1.8.10-2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0001 Use ClassLoader from Symfony instead of autoload.patch | (download)

tests/bootstrap.php | 9 8 + 1 - 0 !
1 file changed, 8 insertions(+), 1 deletion(-)

 use classloader from symfony instead of autoload

Work around the lack of proper autoload.php from composer by using the
ClassLoader element from Symfony.
http://symfony.com/doc/current/components/class_loader/class_loader.html
0002 Skip failing tests starting with PHP 5.5.10.patch | (download)

tests/Sabre/CalDAV/CalendarQueryParserTest.php | 8 8 + 0 - 0 !
1 file changed, 8 insertions(+)

 skip failing tests starting with php 5.5.10

Bug-Debian: https://bugs.debian.org/743111
Bug: https://github.com/fruux/sabre-dav/issues/425

0003 Only accept HTTP and HTTPS as protocol.patch | (download)

lib/Sabre/DAV/Client.php | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 only accept http and https as protocol

We do not want to follow redirects to other protocols since they might allow an adversary to bypass network restrictions. (i.e. a redirect to ftp:// might be used to access files of a FTP server which might be in a secure zone and not be reachable from the net but from the ownCloud server)

See https://github.com/owncloud/core/pull/11032 for the change in ownCloud and https://github.com/fruux/sabre-http/pull/14 for the PR for sabre-http

0004 Fix unit test.patch | (download)

tests/Sabre/DAV/ClientTest.php | 26 22 + 4 - 0 !
1 file changed, 22 insertions(+), 4 deletions(-)

 fix unit test