symfony (2.8.7+dfsg-1.2ubuntu2) artful; urgency=medium

  * debian/patches/fix-php-7.1-vardumper-failures: Fix VarDumper and
    VarDumper tests on PHP7.1.  Thanks to Nicolas Grekas
    <nicolas.grekas@gmail.com>.
  * debian/patches/fix-php-7.1-classloader-failures: Fix ClassLoader
    tests with PHP7.1.  Thanks to Nicolas Grekas
    <nicolas.grekas@gmail.com>..
  * debian/patches/fix-php-7.1-filesystem-failures: Fix Filesystem test
    with PHP7.1.

 -- Nishanth Aravamudan <nish.aravamudan@canonical.com>  Fri, 26 May 2017 14:39:34 -0700

symfony (2.8.7+dfsg-1.2ubuntu1) artful; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - d: add nocheck and stage1 build profiles (LP #1544279).
    - d: build conflict with php-mongodb.

 -- Nishanth Aravamudan <nish.aravamudan@canonical.com>  Thu, 25 May 2017 14:41:35 -0700

symfony (2.8.7+dfsg-1.2) unstable; urgency=medium

  * Non-maintainer upload.
  * Backport additional upstream patches needed to fix FTBFS:
    -  Update IpValidatorTest data set with a valid reserved IP
    -  Relax 1 test failing with latest PHP versions

 -- James Clarke <jrtc27@debian.org>  Sun, 29 Jan 2017 16:05:28 +0000

symfony (2.8.7+dfsg-1.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Fix PHP 7.0/7.1 related failures (Closes: #832858)
  * Do not depend on a fixed date in layout tests (fixes FTBFS in 2017 and
    beyond)

 -- James Clarke <jrtc27@debian.org>  Sun, 29 Jan 2017 13:54:28 +0000

symfony (2.8.7+dfsg-1ubuntu1) yakkety; urgency=medium

  * Merge with Debian unstable (LP #1593412). Remaining changes:
    - d: add nocheck and stage1 build profiles (LP #1544279).
    - d: build conflict with php-mongodb.
  * Drop:
    - d/: Update to PHP 7.0 dependencies.
      [ Fixed in Debian ]
    - remove php5-symfony-debug
      + https://github.com/symfony/symfony/issues/17515#issuecomment-174425132.
      [ Fixed in 2.8.4+dfsg-2 ]
    - Update proxy-manager dependent tests to the 2.0.0 code syntax.
      [ Not needed in latest testing ]
    - New upstream release (2.7.10) (LP #1558848).
      [ Debian moved to 2.8.7 ]
    - Copy d/p/HttpFoundation-Fix-incompatibility-with-php-memcache.patch
      from Debian 2.8.2-1.
      [ Fixed in 2.8.2-1 ]
    - Update d/p/Workaround-OR-ed-versions-are-not-supported.patch for
      Proxy-Manager 2.0.0.
      [ Patch dropped in 2.8.4+dfsg-2 ]
    - Update d/licensing/image-checksums.dcf for new
      src/Symfony/Bundle/WebProfilerBundle/Resources/views/Collector/twig.html.twig
      SVG images.
      [ Fixed in Debian for newer upstream ]
    - php-symfony-class-loader: hardcode composer-derived dependencies, as
      we don't need polyfill if we only support PHP7.0.
      [ 16.10 has proper polyfill support ]
  * d/control: add php-symfony-security-acl to the stage1 build, as it
    depends on php-symfony-security-core from this package.

 -- Nishanth Aravamudan <nish.aravamudan@canonical.com>  Thu, 16 Jun 2016 12:50:42 -0700

symfony (2.8.7+dfsg-1) unstable; urgency=medium

  [ Fabien Potencier ]
  * updated VERSION for 2.8.7

  [ Nicolas Grekas ]
  * [PropertyAccess] Fix for PHP 7.0.7

 -- David Prévot <taffit@debian.org>  Tue, 07 Jun 2016 20:52:05 -0400

symfony (2.8.6+dfsg-1) unstable; urgency=high

  [ Fabien Potencier ]
  * bumped Symfony version to 2.8.6
  * limited the maximum length of a submitted username [CVE-2016-4423]

  [ Charles Sarrazin ]
  * Fixed issue with blank password with Ldap [CVE-2016-2403]

  [ David Prévot ]
  * Build-depend on php-apcu-bc to pass more tests

 -- Daniel Beyer <dabe@deb.ymc.ch>  Tue, 10 May 2016 22:59:00 +0200

symfony (2.8.5+dfsg-1) unstable; urgency=medium

  [ Fabien Potencier ]
  * bumped Symfony version to 2.8.5

  [ David Prévot ]
  * Update Standards-Version to 3.9.8

 -- David Prévot <taffit@debian.org>  Tue, 03 May 2016 14:53:50 -0400

symfony (2.8.4+dfsg-2) unstable; urgency=medium

  [ David Prévot ]
  * Drop require-dev from homemade static autoload.php
  * Drop tests directory from homemade static autoload
  * Drop patch to workaround “OR-ed versions are not supported”
  * Keep tracking LTS version 2.8
  * Install Security changelog in sub-components
  * Update copyright

  [ Ondřej Surý ]
  * Get rid of php5-symfony-debug binary extension that has
    been deprecated for PHP 7.0 (Closes: #821559)

 -- Daniel Beyer <dabe@deb.ymc.ch>  Fri, 22 Apr 2016 14:10:26 +0200

symfony (2.8.4+dfsg-1) unstable; urgency=medium

  [ Fabien Potencier ]
  * bumped Symfony version to 2.8.4

  [ Daniel Beyer ]
  * Drop no longer needed patch to remove content from README.md files
    - Remove-content-from-README.md-files.patch

  [ David Prévot ]
  * Drop now useless upstream README
  * Update homemade static autoload.php
  * Depend on php-phpdocumentor-reflection for running more tests
  * Exclude group dns-sensitive

 -- David Prévot <taffit@debian.org>  Thu, 31 Mar 2016 19:25:29 -0400

symfony (2.8.3+dfsg-1) unstable; urgency=medium

  * Upload to unstable since everything should be in place now

  [ Fabien Potencier ]
  * updated VERSION for 2.8.3

  [ David Prévot ]
  * Explicit dependency on php5-common (Closes: #811431)
  * Update homemade static autoload.php
  * PHP 7.0 transition:
    - Drop some now useless php-* build-dependencies
    - Build with recent pkg-php-tools

  [ Daniel Beyer ]
  * Drop patch to fix broken test in VarDumper (no longer needed)
    - VarDumper-Fix-tests-on-PHP-7.patch

  [ Marco Pivetta ]
  * #17676 - making the proxy instantiation compatible with ProxyManager 2.x
    by detecting proxy features

 -- Daniel Beyer <dabe@deb.ymc.ch>  Tue, 22 Mar 2016 17:43:00 +0100

symfony (2.8.2+dfsg-1) experimental; urgency=medium

  * Upload new branch to experimental

  [ Fabien Potencier ]
  * updated VERSION for 2.8.2

  [ Daniel Beyer ]
  * Bump Standards-Version: in d/control (no changes needed)
  * Remove licensing for the no longer used Glyphish icons from d/copyright
  * Remove license CC-BY-3.0-US from d/copyright (no longer used)
  * Update debian/copyright for symfony 2.8
  * Add patch to fix broken test in the VarDumper component
    - VarDumper-Fix-tests-on-PHP-7.patch
  * Add patch to fix broken memcache session handler in HttpFoundation
    - HttpFoundation-Fix-incompatibility-with-php-memcache.patch
  * Use php7 for building (Closes: #814799)
  * Use php7 for DEP-8 (as-installed) tests
  * Use php5 for DEP-8 (as-installed) tests against php5-symfony-debug
  * Skip tests (build time and DEP-8) for component PropertyInfo
  * Add php-symfony-property-info
  * Add php-symfony-ldap
  * Update build and DEP-8 dependencies for Symfony 2.8

  [ David Prévot ]
  * Add CVE entry for previous changelog entry
  * Use the now packaged php-random-lib (via php-symfony-polyfill-php70)
    instead of an embedded copy
  * Add php-symfony-security-{core,csrf,guard,http}, php-symfony-security is
    becoming almost a metapackage
  * Add php-symfony, almost a metapackage depending on every component,
    shipping upgrading notes

 -- David Prévot <taffit@debian.org>  Sun, 21 Feb 2016 10:40:09 -0400

symfony (2.7.10-0ubuntu2) xenial; urgency=medium

  * php-symfony-class-loader: hardcode composer-derived dependencies, as
    we don't need polyfill if we only support PHP7.0.

 -- Nishanth Aravamudan <nish.aravamudan@canonical.com>  Fri, 18 Mar 2016 17:06:11 -0700

symfony (2.7.10-0ubuntu1) xenial; urgency=medium

  * New upstream release (2.7.10) (LP: #1558848).
  * Copy d/p/HttpFoundation-Fix-incompatibility-with-php-memcache.patch
    from Debian 2.8.2-1.
  * Update d/p/Workaround-OR-ed-versions-are-not-supported.patch for
    Proxy-Manager 2.0.0.
  * Fix issue during build by not invoking dh_php (remnant from
    removing php5-symfony-debug).
  * Update d/licensing/image-checksums.dcf for new
    src/Symfony/Bundle/WebProfilerBundle/Resources/views/Collector/twig.html.twig
    SVG images.
  * Drop:
    - d/p/Embed-paragonie-random_compat-into-the-security-comp.patch 
      [ not needed with PHP7.0 ]
    - d/p/cherrypick_5d433cab.patch
      [ present in 2.7.10 ]

 -- Nishanth Aravamudan <nish.aravamudan@canonical.com>  Thu, 17 Mar 2016 17:43:54 -0700

symfony (2.7.9+dfsg-1ubuntu2) xenial; urgency=medium

  [ Nishanth Aravamudan ]
  * Cherry-pick commit upstream 5d433cab.
  * Update proxy-manager dependent tests to the 2.0.0 code syntax.

 -- Steve Langasek <steve.langasek@ubuntu.com>  Sun, 21 Feb 2016 07:26:44 +0000

symfony (2.7.9+dfsg-1ubuntu1) xenial; urgency=medium

  * d/: Update to PHP 7.0 dependencies.
  * remove php5-symfony-debug
    - https://github.com/symfony/symfony/issues/17515#issuecomment-174425132.
  * d: add nocheck and stage1 build profiles.
  * LP: #1544279.

 -- Nishanth Aravamudan <nish.aravamudan@canonical.com>  Tue, 09 Feb 2016 17:00:21 -0800

symfony (2.7.9+dfsg-1) unstable; urgency=high

  [ Fabien Potencier ]
  * updated VERSION for 2.7.9
    Fix insecure fallback from SecureRandom when OpenSSL fails [CVE-2016-1902]

  [ Daniel Beyer ]
  * Drop patch to skip broken tests in the Process component (no longer needed)
    - Skip-broken-tests-in-Process-component.patch
  * Add patch to provide function random_bytes() for php 5
    - Embed-paragonie-random_compat-into-the-security-comp.patch
  * Add a README.Debian (Closes: #806903)

  [ David Prévot ]
  * Update autoload and dependencies for php-symfony-framework-bundle
  * Update copyright (years)
  * Add copyright entry for embedded paragonie/random_compat

 -- David Prévot <taffit@debian.org>  Sun, 17 Jan 2016 16:23:58 -0400

symfony (2.7.7+dfsg-1) unstable; urgency=high

  [ Christian Flothmann ]
  * Vulnerability in Security Remember-Me Service [CVE-2015-8125]
    - fix potential timing attack issue
    - mitigate CSRF timing attack vulnerability
    - prevent timing attacks in digest auth listener
  * Session Fixation in the "Remember Me" Login Feature [CVE-2015-8124]
    - migrate session after remember me authentication

  [ Fabien Potencier ]
  * updated VERSION for 2.7.7

  [ Daniel Beyer ]
  * Pin debian/watch to stable 2.x releases of Symfony

 -- Daniel Beyer <dabe@deb.ymc.ch>  Tue, 24 Nov 2015 08:10:09 +0100

symfony (2.7.6+dfsg-1) unstable; urgency=medium

  [ Fabien Potencier ]
  * updated VERSION for 2.7.6

  [ David Prévot ]
  * Update phpunit calls with regard to network access

 -- Daniel Beyer <dabe@deb.ymc.ch>  Sun, 08 Nov 2015 15:14:54 +0100

symfony (2.7.5+dfsg-1) unstable; urgency=medium

  [ Fabien Potencier ]
  * updated VERSION for 2.7.5

  [ David Prévot ]
  * debian/control:
    - Drop now useless transitional dummy packages
      (php-symfony-classloader and php-symfony-eventdispatcher)
    - php5-mongo makes the tests fail, since it requires a set up
      MongoDB server
  * debian/test/control: Add missing php-doctrine-data-fixtures
    dependency for CI

  [ Daniel Beyer ]
  * Correct incomplete autoloading for php-symfony-asset
  * Run tests parallel during build time, similar to how upstream does it
  * Run DEP-8 (as-installed) tests parallel, similar to how upstream does it
  * Remove prefixed 'NNNN-'-numbering for Debian patches
  * Use a simplistic vendor/autoload.php to run tests during build time.
    This is to make sure we use the autoload.php files generated by phpab
    and additionally eliminates the need to generate a vendor/autoload.php
    using phpab during build time. Instead we use now use a symbolic link
    for vendor/autoload.php pointing to debian/autoload.build.php.
  * Include tests in autoload.php files generated by phpab
  * Use a simplistic vendor/autoload.php for DEP-8 (as-installed) tests.
    This ensures we use the autoload.php files generated by phpab during
    DEP-8 (as-installed) test. Additionally we no longer need to generate
    a vendor/autoload.php using phpab. Instead we now simply use a symbolic
    link for vendor/autoload.php pointing to debian/autoload.DEP-8.php.
  * Add new patch fixing wrong autoloader detection used by some tests
    - FrameworkBundle-SecurityBundle-Don-t-try-to-include-.patch
  * Drop temporary workaround patch (no longer needed)
    - Temporary-workaround.patch
  * Update patch to skip additional tests needing network
    - group-online-for-test-failing-without-network.patch
  * Add new patch to skip broken tests in the Process component
    - Skip-broken-tests-in-Process-component.patch
  * Provide missing meta.json for php-symfony-intl

 -- Daniel Beyer <dabe@deb.ymc.ch>  Fri, 02 Oct 2015 20:41:11 -0400

symfony (2.7.1+dfsg-1) unstable; urgency=medium

  [ Fabien Potencier ]
  * updated VERSION for 2.7.1

 -- David Prévot <taffit@debian.org>  Sun, 14 Jun 2015 17:15:34 -0400

symfony (2.7.0+dfsg-1) unstable; urgency=medium

  [ Fabien Potencier ]
  * updated VERSION for 2.7.0

  [ David Prévot ]
  * Adapt minimal version in CI for unstable

 -- David Prévot <taffit@debian.org>  Sun, 31 May 2015 09:36:15 -0400

symfony (2.7.0~beta2+dfsg-2) unstable; urgency=high

  [ Daniel Beyer ]
  * Add patch to fix ESI unauthorized access [CVE-2015-4050]
    - 0007-HttpKernel-Do-not-call-the-FragmentListener-if-_cont.patch

  [ David Prévot ]
  * Override php-symfony-security-* as php-symfony-security

 -- David Prévot <taffit@debian.org>  Wed, 27 May 2015 09:05:23 -0400

symfony (2.7.0~beta2+dfsg-1) unstable; urgency=medium

  [ Fabien Potencier ]
  * updated VERSION for 2.7.0-BETA2

  [ David Prévot ]
  * Use HTTPS for homepage
  * Adapt minimal versions to unstable, and upload to unstble

 -- David Prévot <taffit@debian.org>  Mon, 18 May 2015 23:00:16 -0400

symfony (2.7.0~beta1+dfsg-1) experimental; urgency=medium

  [ Fabien Potencier ]
  * [Asset] added the component
  * removed Propel bridge from Symfony Core
  * updated VERSION for 2.7.0-BETA1

  [ Nicolas Grekas ]
  * [PhpUnitBridge] new bridge for testing with PHPUnit

  [ David Prévot ]
  * Add php-symfony-asset
  * Add php-symfony-phpunit-bridge
  * Remove php-symfony-propel1-bridge
  * Provide php5-symfony-debug extension
  * Provide homemade autoload.php for all Composer packages
  * Drop extension sources from php-symfony-debug
  * Drop php-symfony2-yaml reference
  * Bump minimal php-twig version as needed for tests

  [ Daniel Beyer ]
  * Add SVG support to the image license checker
  * Update copyright (year) of the image license checker script
  * Update debian/copyright for symfony 2.7

 -- David Prévot <taffit@debian.org>  Mon, 13 Apr 2015 18:26:01 -0400

symfony (2.6.6+dfsg-1) experimental; urgency=medium

  [ Fabien Potencier ]
  * updated VERSION for 2.6.6

  [ David Prévot ]
  * Correct FTBFS fix attribution in previous changelog entry

  [ Nicolas Grekas ]
  * Safe escaping of fragments for eval()

  [ James Gilliland ]
  * isFromTrustedProxy to confirm request came from a trusted proxy.

 -- David Prévot <taffit@debian.org>  Wed, 01 Apr 2015 16:34:09 -0400

symfony (2.6.4+dfsg-1) experimental; urgency=low

  * Upload to experimental to respect the freeze
  * Provide new binary packages:
    - php-symfony-debug-bundle
    - php-symfony-expression-language
    - php-symfony-var-dumper

  [ Daniel Beyer ]
  * Validate that all new images and icons are properly licensed.
  * Let php-symfony-security provide 4 new versioned virtual packages
    - php-symfony-security-acl
    - php-symfony-security-core
    - php-symfony-security-csrf
    - php-symfony-security-http
  * Add new build-dependencies needed for tests
    - php-doctrine-bundle
    - php-email-validator
    - php5-sqlite
  * Update patches (add proper Symfony prefix in vendor/autoload.php)
    - 0001-Add-a-vendor-autoload.php-needed-to-run-tests-during.patch
    - DEP-8/Use-installed-class-for-DEP-8-tests.patch
  * Add pkg-php-tools-overrides for egulias/email-validator
  * Fix FTBFS as in 2.3 (Closes: #775625)

  [ David Prévot ]
  * Track latest version in debian/watch
  * New upstream version
  * Provide a get-orig-source target
  * Update copyright (years)
  * Workaround “OR-ed versions are not supported”
  * Use recent php-proxy-manager and phpunit for tests
  * Update dependencies for DEP-8 tests

 -- David Prévot <taffit@debian.org>  Fri, 06 Feb 2015 14:28:33 -0400

symfony (2.3.21+dfsg-1) unstable; urgency=low

  * New upstream version
  * Update build-dependencies (add php5-intl, drop php-symfony-icu and
    icu-devtools)
  * Exclude tests of type intl-data

 -- Daniel Beyer <dabe@deb.ymc.ch>  Sun, 26 Oct 2014 17:08:18 +0100

symfony (2.3.20+dfsg-1) unstable; urgency=low

  [ Daniel Beyer ]
  * New upstream version.
  * Drop patches (adopted upstream)
     - 0001-SwiftmailerBridge-Bump-allowed-versions-of-swiftmail.patch
     - 0004-Finder-Escape-location-for-regex-searches.patch
  * Fix DEP-8 tests failing if no tty is present

  [ David Prévot ]
  * Use repacksuffix feature of uscan

 -- Daniel Beyer <dabe@deb.ymc.ch>  Sat, 11 Oct 2014 01:44:50 +0200

symfony (2.3.19+dfsg-1) unstable; urgency=low

  * Initial release. (Closes: #513646)

 -- Daniel Beyer <dabe@deb.ymc.ch>  Sun, 07 Sep 2014 18:34:19 +0200
