From 23151ed1380c3212b9647c62f2385da00a6fe379 Mon Sep 17 00:00:00 2001
From: Christophe Coevoet <stof@notk.org>
Date: Fri, 24 May 2019 12:09:27 +0200
Subject: [PATCH 1/9] Use constant time comparison in UriSigner

---
 src/Symfony/Component/HttpKernel/UriSigner.php | 2 +-
 src/Symfony/Component/HttpKernel/composer.json | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/Symfony/Component/HttpKernel/UriSigner.php b/src/Symfony/Component/HttpKernel/UriSigner.php
index 481270da519e1..ffe31a212157b 100644
--- a/src/Symfony/Component/HttpKernel/UriSigner.php
+++ b/src/Symfony/Component/HttpKernel/UriSigner.php
@@ -79,7 +79,7 @@ public function check($uri)
         $hash = $params[$this->parameter];
         unset($params[$this->parameter]);
 
-        return $this->computeHash($this->buildUrl($url, $params)) === $hash;
+        return hash_equals($this->computeHash($this->buildUrl($url, $params)), $hash);
     }
 
     private function computeHash($uri)
diff --git a/src/Symfony/Component/HttpKernel/composer.json b/src/Symfony/Component/HttpKernel/composer.json
index f47f1162d1cdc..7f471c680ed40 100644
--- a/src/Symfony/Component/HttpKernel/composer.json
+++ b/src/Symfony/Component/HttpKernel/composer.json
@@ -21,6 +21,7 @@
         "symfony/http-foundation": "~3.4.12|~4.0.12|^4.1.1",
         "symfony/debug": "^3.3.3|~4.0",
         "symfony/polyfill-ctype": "~1.8",
+        "symfony/polyfill-php56": "~1.8",
         "psr/log": "~1.0"
     },
     "require-dev": {

From 150741390d93f67a92295edc4d699a2237fec545 Mon Sep 17 00:00:00 2001
From: Nicolas Grekas <nicolas.grekas@gmail.com>
Date: Tue, 16 Jul 2019 11:30:28 +0200
Subject: [PATCH 2/9] [Cache] forbid serializing AbstractAdapter and
 TagAwareAdapter instances

---
 .../Component/Cache/Adapter/AbstractAdapter.php        | 10 ++++++++++
 .../Component/Cache/Adapter/TagAwareAdapter.php        | 10 ++++++++++
 2 files changed, 20 insertions(+)

diff --git a/src/Symfony/Component/Cache/Adapter/AbstractAdapter.php b/src/Symfony/Component/Cache/Adapter/AbstractAdapter.php
index 0868c16d47cf8..df5280b42dca7 100644
--- a/src/Symfony/Component/Cache/Adapter/AbstractAdapter.php
+++ b/src/Symfony/Component/Cache/Adapter/AbstractAdapter.php
@@ -276,6 +276,16 @@ public function commit()
         return $ok;
     }
 
+    public function __sleep()
+    {
+        throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
+    }
+
+    public function __wakeup()
+    {
+        throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
+    }
+
     public function __destruct()
     {
         if ($this->deferred) {
diff --git a/src/Symfony/Component/Cache/Adapter/TagAwareAdapter.php b/src/Symfony/Component/Cache/Adapter/TagAwareAdapter.php
index 362aceed0eb18..7b726237bf772 100644
--- a/src/Symfony/Component/Cache/Adapter/TagAwareAdapter.php
+++ b/src/Symfony/Component/Cache/Adapter/TagAwareAdapter.php
@@ -273,6 +273,16 @@ public function commit()
         return $this->invalidateTags([]);
     }
 
+    public function __sleep()
+    {
+        throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
+    }
+
+    public function __wakeup()
+    {
+        throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
+    }
+
     public function __destruct()
     {
         $this->commit();

From 6be5cc75a4817657c5574553a41bdd0193d4fe51 Mon Sep 17 00:00:00 2001
From: Nicolas Grekas <nicolas.grekas@gmail.com>
Date: Fri, 19 Apr 2019 14:48:43 +0200
Subject: [PATCH 3/9] [HttpFoundation] fix guessing mime-types of files with
 leading dash

---
 .../File/MimeType/FileBinaryMimeTypeGuesser.php    |   4 ++--
 .../HttpFoundation/Tests/File/Fixtures/-test       | Bin 0 -> 35 bytes
 .../Tests/File/MimeType/MimeTypeTest.php           |  11 ++++++++++-
 3 files changed, 12 insertions(+), 3 deletions(-)
 create mode 100644 src/Symfony/Component/HttpFoundation/Tests/File/Fixtures/-test

diff --git a/src/Symfony/Component/HttpFoundation/File/MimeType/FileBinaryMimeTypeGuesser.php b/src/Symfony/Component/HttpFoundation/File/MimeType/FileBinaryMimeTypeGuesser.php
index cfa76843cc4f7..7045e94df673f 100644
--- a/src/Symfony/Component/HttpFoundation/File/MimeType/FileBinaryMimeTypeGuesser.php
+++ b/src/Symfony/Component/HttpFoundation/File/MimeType/FileBinaryMimeTypeGuesser.php
@@ -31,7 +31,7 @@ class FileBinaryMimeTypeGuesser implements MimeTypeGuesserInterface
      *
      * @param string $cmd The command to run to get the mime type of a file
      */
-    public function __construct($cmd = 'file -b --mime %s 2>/dev/null')
+    public function __construct($cmd = 'file -b --mime -- %s 2>/dev/null')
     {
         $this->cmd = $cmd;
     }
@@ -80,7 +80,7 @@ public function guess($path)
         ob_start();
 
         // need to use --mime instead of -i. see #6641
-        passthru(sprintf($this->cmd, escapeshellarg($path)), $return);
+        passthru(sprintf($this->cmd, escapeshellarg((0 === strpos($path, '-') ? './' : '').$path)), $return);
         if ($return > 0) {
             ob_end_clean();
 
diff --git a/src/Symfony/Component/HttpFoundation/Tests/File/Fixtures/-test b/src/Symfony/Component/HttpFoundation/Tests/File/Fixtures/-test
new file mode 100644
index 0000000000000000000000000000000000000000..b636f4b8df536b0a85e7cea1a6cf3f0bd3179b96
GIT binary patch
literal 35
jcmZ?wbh9u|WMp7uXkcLY4+c66KmZb9U}AD%WUvMRyAlZ1

literal 0
HcmV?d00001

diff --git a/src/Symfony/Component/HttpFoundation/Tests/File/MimeType/MimeTypeTest.php b/src/Symfony/Component/HttpFoundation/Tests/File/MimeType/MimeTypeTest.php
index 3960988a6a654..0418726b5b905 100644
--- a/src/Symfony/Component/HttpFoundation/Tests/File/MimeType/MimeTypeTest.php
+++ b/src/Symfony/Component/HttpFoundation/Tests/File/MimeType/MimeTypeTest.php
@@ -20,7 +20,16 @@
  */
 class MimeTypeTest extends TestCase
 {
-    protected $path;
+    public function testGuessWithLeadingDash()
+    {
+        $cwd = getcwd();
+        chdir(__DIR__.'/../Fixtures');
+        try {
+            $this->assertEquals('image/gif', MimeTypeGuesser::getInstance()->guess('-test'));
+        } finally {
+            chdir($cwd);
+        }
+    }
 
     public function testGuessImageWithoutExtension()
     {

From a4c4f00e17563864472855353b987337e01925d6 Mon Sep 17 00:00:00 2001
From: Fabien Potencier <fabien@potencier.org>
Date: Mon, 11 Nov 2019 17:24:44 +0100
Subject: [PATCH 4/9] bumped Symfony version to 3.4.35

---
 src/Symfony/Component/HttpKernel/Kernel.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php
index 7f9e4b4b05e94..2543f59245851 100644
--- a/src/Symfony/Component/HttpKernel/Kernel.php
+++ b/src/Symfony/Component/HttpKernel/Kernel.php
@@ -67,12 +67,12 @@ abstract class Kernel implements KernelInterface, RebootableInterface, Terminabl
     private $requestStackSize = 0;
     private $resetServices = false;
 
-    const VERSION = '3.4.34';
-    const VERSION_ID = 30434;
+    const VERSION = '3.4.35-DEV';
+    const VERSION_ID = 30435;
     const MAJOR_VERSION = 3;
     const MINOR_VERSION = 4;
-    const RELEASE_VERSION = 34;
-    const EXTRA_VERSION = '';
+    const RELEASE_VERSION = 35;
+    const EXTRA_VERSION = 'DEV';
 
     const END_OF_MAINTENANCE = '11/2020';
     const END_OF_LIFE = '11/2021';

From 7064ff35f2539e2c915257a50eb37839b485dbeb Mon Sep 17 00:00:00 2001
From: Nicolas Grekas <nicolas.grekas@gmail.com>
Date: Tue, 12 Nov 2019 11:06:38 +0100
Subject: [PATCH 5/9] [Workflow] fix lowest dep

---
 src/Symfony/Component/Workflow/composer.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Symfony/Component/Workflow/composer.json b/src/Symfony/Component/Workflow/composer.json
index c0bb655069d74..09e173a130090 100644
--- a/src/Symfony/Component/Workflow/composer.json
+++ b/src/Symfony/Component/Workflow/composer.json
@@ -21,7 +21,7 @@
     ],
     "require": {
         "php": "^5.5.9|>=7.0.8",
-        "symfony/property-access": "~3.4.31|^4.3.4"
+        "symfony/property-access": "^3.4|^4.3"
     },
     "require-dev": {
         "psr/log": "~1.0",

From 1c8edc55ad7d88c876c3facb8811c20db320fe18 Mon Sep 17 00:00:00 2001
From: Teoh Han Hui <teohhanhui@gmail.com>
Date: Tue, 12 Nov 2019 18:51:12 +0100
Subject: [PATCH 6/9] Allow returning null from NormalizerInterface::normalize

---
 .../Component/Serializer/Normalizer/NormalizerInterface.php   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Symfony/Component/Serializer/Normalizer/NormalizerInterface.php b/src/Symfony/Component/Serializer/Normalizer/NormalizerInterface.php
index 02a2118584923..4e0fbfb7a6b14 100644
--- a/src/Symfony/Component/Serializer/Normalizer/NormalizerInterface.php
+++ b/src/Symfony/Component/Serializer/Normalizer/NormalizerInterface.php
@@ -30,9 +30,9 @@ interface NormalizerInterface
      * @param string $format  Format the normalization result will be encoded as
      * @param array  $context Context options for the normalizer
      *
-     * @return array|string|int|float|bool
+     * @return array|string|int|float|bool|null
      *
-     * @throws InvalidArgumentException   Occurs when the object given is not an attempted type for the normalizer
+     * @throws InvalidArgumentException   Occurs when the object given is not a supported type for the normalizer
      * @throws CircularReferenceException Occurs when the normalizer detects a circular reference when no circular
      *                                    reference handler can fix it
      * @throws LogicException             Occurs when the normalizer is not called in an expected context

From bb8c82c0b5d89969aadd44d44873f69976d0233e Mon Sep 17 00:00:00 2001
From: Nicolas Grekas <nicolas.grekas@gmail.com>
Date: Tue, 5 Nov 2019 16:00:49 +0100
Subject: [PATCH 7/9] [Console] Constant STDOUT might be undefined.

---
 src/Symfony/Component/Console/Terminal.php | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/Symfony/Component/Console/Terminal.php b/src/Symfony/Component/Console/Terminal.php
index 53a0f7890b6ff..43a31826270bc 100644
--- a/src/Symfony/Component/Console/Terminal.php
+++ b/src/Symfony/Component/Console/Terminal.php
@@ -79,7 +79,9 @@ private static function initDimensions()
                 // or [w, h] from "wxh"
                 self::$width = (int) $matches[1];
                 self::$height = isset($matches[4]) ? (int) $matches[4] : (int) $matches[2];
-            } elseif (self::hasSttyAvailable()) {
+            } elseif (!self::hasVt100Support() && self::hasSttyAvailable()) {
+                // only use stty on Windows if the terminal does not support vt100 (e.g. Windows 7 + git-bash)
+                // testing for stty in a Windows 10 vt100-enabled console will implicitly disable vt100 support on STDOUT
                 self::initDimensionsUsingStty();
             } elseif (null !== $dimensions = self::getConsoleMode()) {
                 // extract [w, h] from "wxh"
@@ -91,6 +93,17 @@ private static function initDimensions()
         }
     }
 
+    /**
+     * Returns whether STDOUT has vt100 support (some Windows 10+ configurations).
+     */
+    private static function hasVt100Support()
+    {
+        return \function_exists('sapi_windows_vt100_support') && sapi_windows_vt100_support(fopen('php://stdout', 'w'));
+    }
+
+    /**
+     * Initializes dimensions using the output of an stty columns line.
+     */
     private static function initDimensionsUsingStty()
     {
         if ($sttyString = self::getSttyColumns()) {

From 3e258504f6e66b5ede1c105f59ef93ca9dcaeb26 Mon Sep 17 00:00:00 2001
From: Fabien Potencier <fabien@potencier.org>
Date: Wed, 13 Nov 2019 09:44:43 +0100
Subject: [PATCH 8/9] updated CHANGELOG for 3.4.35

---
 CHANGELOG-3.4.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/CHANGELOG-3.4.md b/CHANGELOG-3.4.md
index a72767317ec96..ba1027925d004 100644
--- a/CHANGELOG-3.4.md
+++ b/CHANGELOG-3.4.md
@@ -7,6 +7,13 @@ in 3.4 minor versions.
 To get the diff for a specific change, go to https://github.com/symfony/symfony/commit/XXX where XXX is the change hash
 To get the diff between two versions, go to https://github.com/symfony/symfony/compare/v3.4.0...v3.4.1
 
+* 3.4.35 (2019-11-13)
+
+ * bug #34344 [Console] Constant STDOUT might be undefined (nicolas-grekas)
+ * security #cve-2019-18889 [Cache] forbid serializing AbstractAdapter and TagAwareAdapter instances (nicolas-grekas)
+ * security #cve-2019-18888 [HttpFoundation] fix guessing mime-types of files with leading dash (nicolas-grekas)
+ * security #cve-2019-18887 [HttpKernel] Use constant time comparison in UriSigner (stof)
+
 * 3.4.34 (2019-11-11)
 
  * bug #34297 [DI] fix locators with numeric keys (nicolas-grekas)

From 02257c80981f1a30a8a5b13652161f97ad7b7c08 Mon Sep 17 00:00:00 2001
From: Fabien Potencier <fabien@potencier.org>
Date: Wed, 13 Nov 2019 09:44:50 +0100
Subject: [PATCH 9/9] updated VERSION for 3.4.35

---
 src/Symfony/Component/HttpKernel/Kernel.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php
index 2543f59245851..05b11f3665c5c 100644
--- a/src/Symfony/Component/HttpKernel/Kernel.php
+++ b/src/Symfony/Component/HttpKernel/Kernel.php
@@ -67,12 +67,12 @@ abstract class Kernel implements KernelInterface, RebootableInterface, Terminabl
     private $requestStackSize = 0;
     private $resetServices = false;
 
-    const VERSION = '3.4.35-DEV';
+    const VERSION = '3.4.35';
     const VERSION_ID = 30435;
     const MAJOR_VERSION = 3;
     const MINOR_VERSION = 4;
     const RELEASE_VERSION = 35;
-    const EXTRA_VERSION = 'DEV';
+    const EXTRA_VERSION = '';
 
     const END_OF_MAINTENANCE = '11/2020';
     const END_OF_LIFE = '11/2021';