Package: symfony / 2.3.21+dfsg-4+deb8u3

Metadata

Package Version Patches format
symfony 2.3.21+dfsg-4+deb8u3 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0001 Add a vendor autoload.php needed to run tests during.patch | (download)

vendor/autoload.php | 9 9 + 0 - 0 !
1 file changed, 9 insertions(+)

 add a vendor/autoload.php needed to run tests during package build

0002 group online for test failing without network.patch | (download)

src/Symfony/Component/Filesystem/Tests/FilesystemTest.php | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 '@group online' for test failing without network

0003 Remove content from README.md files.patch | (download)

src/Symfony/Bridge/Doctrine/README.md | 14 0 + 14 - 0 !
src/Symfony/Bridge/Monolog/README.md | 13 0 + 13 - 0 !
src/Symfony/Bridge/Propel1/README.md | 13 0 + 13 - 0 !
src/Symfony/Bridge/ProxyManager/README.md | 15 0 + 15 - 0 !
src/Symfony/Bridge/Twig/README.md | 15 0 + 15 - 0 !
src/Symfony/Component/BrowserKit/README.md | 6 0 + 6 - 0 !
src/Symfony/Component/ClassLoader/README.md | 9 0 + 9 - 0 !
src/Symfony/Component/Config/README.md | 17 0 + 17 - 0 !
src/Symfony/Component/Console/README.md | 15 0 + 15 - 0 !
src/Symfony/Component/CssSelector/README.md | 6 0 + 6 - 0 !
src/Symfony/Component/Debug/README.md | 9 0 + 9 - 0 !
src/Symfony/Component/DependencyInjection/README.md | 9 0 + 9 - 0 !
src/Symfony/Component/DomCrawler/README.md | 8 0 + 8 - 0 !
src/Symfony/Component/EventDispatcher/README.md | 9 0 + 9 - 0 !
src/Symfony/Component/Filesystem/README.md | 8 0 + 8 - 0 !
src/Symfony/Component/Finder/README.md | 8 0 + 8 - 0 !
src/Symfony/Component/Form/README.md | 9 0 + 9 - 0 !
src/Symfony/Component/HttpFoundation/README.md | 9 0 + 9 - 0 !
src/Symfony/Component/HttpKernel/README.md | 9 0 + 9 - 0 !
src/Symfony/Component/Intl/README.md | 10 1 + 9 - 0 !
src/Symfony/Component/OptionsResolver/README.md | 11 0 + 11 - 0 !
src/Symfony/Component/Process/README.md | 9 0 + 9 - 0 !
src/Symfony/Component/PropertyAccess/README.md | 14 0 + 14 - 0 !
src/Symfony/Component/Routing/README.md | 9 0 + 9 - 0 !
src/Symfony/Component/Security/README.md | 23 0 + 23 - 0 !
src/Symfony/Component/Serializer/README.md | 15 0 + 15 - 0 !
src/Symfony/Component/Stopwatch/README.md | 13 0 + 13 - 0 !
src/Symfony/Component/Templating/README.md | 18 0 + 18 - 0 !
src/Symfony/Component/Translation/README.md | 6 0 + 6 - 0 !
src/Symfony/Component/Validator/README.md | 6 0 + 6 - 0 !
src/Symfony/Component/Yaml/README.md | 8 0 + 8 - 0 !
31 files changed, 1 insertion(+), 342 deletions(-)

 remove content from readme.md files

0004 Add more tests to group tty.patch | (download)

src/Symfony/Component/Process/Tests/AbstractProcessTest.php | 9 9 + 0 - 0 !
src/Symfony/Component/Process/Tests/SigchildDisabledProcessTest.php | 1 1 + 0 - 0 !
2 files changed, 10 insertions(+)

 add more tests to '@group tty'

Not all tests using a tty are in @group tty. This should be reported (and
fixed) upstream but needs further investigation:
 - There might be more tests needing a tty.
 - It could be that some tests in group tty may not need a tty.

0005 Process Make test AbstractProcessTest testStartAfter.patch | (download)

src/Symfony/Component/Process/Tests/AbstractProcessTest.php | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 [process] make test abstractprocesstest::teststartafteratimeout
 useful again

The test AbstractProcessTest::testStartAfterATimeout() is pretty useless, due
to two reasons:

1. Any exception is caught
This means even the exception thrown with
$this->fail('A RuntimeException should have been raised.');
is caught, making the test pretty useless.

2. Invalid PHP code gets executed
The command that is executed in the tests actually is:
# php -r "$n = 1000; while ($n--) {echo ''; usleep(1000); }"

This does not wait ~1s, but produces the following error:
PHP Parse error: syntax error, unexpected '=' in Command line code on line 1

0006 Increasing timeout in test AbstractProcessTest testS.patch | (download)

src/Symfony/Component/Process/Tests/AbstractProcessTest.php | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 increasing timeout in test
 AbstractProcessTest::testStartAfterATimeout()

This hopefully will allow ci.debian.net to run DEP-8 as installed tests
and might prevent FTBFS #775625 from hitting us again.

0007 isFromTrustedProxy to confirm request came from a tr.patch | (download)

src/Symfony/Component/HttpFoundation/Request.php | 13 9 + 4 - 0 !
src/Symfony/Component/HttpFoundation/Tests/RequestTest.php | 38 25 + 13 - 0 !
2 files changed, 34 insertions(+), 17 deletions(-)

 isfromtrustedproxy to confirm request came from a trusted proxy.

0008 Safe escaping of fragments for eval.patch | (download)

src/Symfony/Component/HttpKernel/HttpCache/Esi.php | 62 31 + 31 - 0 !
src/Symfony/Component/HttpKernel/Tests/HttpCache/EsiTest.php | 4 2 + 2 - 0 !
2 files changed, 33 insertions(+), 33 deletions(-)

 safe escaping of fragments for eval()

https://github.com/symfony/symfony/commit/195c57e1f50765aff33137689b16e126a689056a

0009 HttpKernel Do not call the FragmentListener if _cont.patch | (download)

src/Symfony/Component/HttpKernel/EventListener/FragmentListener.php | 2 1 + 1 - 0 !
src/Symfony/Component/HttpKernel/Tests/EventListener/FragmentListenerTest.php | 20 18 + 2 - 0 !
2 files changed, 19 insertions(+), 3 deletions(-)

 [httpkernel] do not call the fragmentlistener if _controller is
 already defined

0010 CVE 2015 8124 Session Fixation in the Remember Me Lo.patch | (download)

src/Symfony/Component/Security/Http/Firewall/RememberMeListener.php | 8 8 + 0 - 0 !
src/Symfony/Component/Security/Tests/Http/Firewall/RememberMeListenerTest.php | 63 63 + 0 - 0 !
2 files changed, 71 insertions(+)

 cve-2015-8124: session fixation in the "remember me" login feature

0011 CVE 2015 8125 Vulnerability in Security Remember Me .patch | (download)

src/Symfony/Component/Form/Extension/Csrf/CsrfProvider/DefaultCsrfProvider.php | 14 13 + 1 - 0 !
src/Symfony/Component/Security/Http/Firewall/DigestAuthenticationListener.php | 3 2 + 1 - 0 !
src/Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices.php | 3 2 + 1 - 0 !
src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php | 28 2 + 26 - 0 !
4 files changed, 19 insertions(+), 29 deletions(-)

 cve-2015-8125: vulnerability in security remember-me service

0012 CVE 2016 1902 SecureRandom s fallback not secure whe.patch | (download)

src/Symfony/Component/Security/Core/Util/SecureRandom.php | 86 2 + 84 - 0 !
src/Symfony/Component/Security/vendor/paragonie/random_compat/LICENSE | 22 22 + 0 - 0 !
src/Symfony/Component/Security/vendor/paragonie/random_compat/lib/byte_safe_strings.php | 173 173 + 0 - 0 !
src/Symfony/Component/Security/vendor/paragonie/random_compat/lib/cast_to_int.php | 71 71 + 0 - 0 !
src/Symfony/Component/Security/vendor/paragonie/random_compat/lib/error_polyfill.php | 42 42 + 0 - 0 !
src/Symfony/Component/Security/vendor/paragonie/random_compat/lib/random.php | 221 221 + 0 - 0 !
src/Symfony/Component/Security/vendor/paragonie/random_compat/lib/random_bytes_com_dotnet.php | 81 81 + 0 - 0 !
src/Symfony/Component/Security/vendor/paragonie/random_compat/lib/random_bytes_dev_urandom.php | 148 148 + 0 - 0 !
src/Symfony/Component/Security/vendor/paragonie/random_compat/lib/random_bytes_libsodium.php | 86 86 + 0 - 0 !
src/Symfony/Component/Security/vendor/paragonie/random_compat/lib/random_bytes_libsodium_legacy.php | 86 86 + 0 - 0 !
src/Symfony/Component/Security/vendor/paragonie/random_compat/lib/random_bytes_mcrypt.php | 76 76 + 0 - 0 !
src/Symfony/Component/Security/vendor/paragonie/random_compat/lib/random_bytes_openssl.php | 83 83 + 0 - 0 !
src/Symfony/Component/Security/vendor/paragonie/random_compat/lib/random_int.php | 191 191 + 0 - 0 !
13 files changed, 1282 insertions(+), 84 deletions(-)

 cve-2016-1902: securerandom's fallback not secure when openssl fails

Bug: https://github.com/symfony/symfony/issues/17359
0013 CVE 2016 4423 Large username storage in session.patch | (download)

src/Symfony/Component/Security/Core/SecurityContextInterface.php | 1 1 + 0 - 0 !
src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php | 5 5 + 0 - 0 !
src/Symfony/Component/Security/Tests/Http/Firewall/UsernamePasswordFormAuthenticationListenerTest.php | 78 78 + 0 - 0 !
3 files changed, 84 insertions(+)

 cve-2016-4423: large username storage in session