From ebae5dfd95025675bebebf2c0ed58189a58158dc Mon Sep 17 00:00:00 2001 From: Jordi Boggiano Date: Fri, 24 Jun 2016 14:58:32 +0100 Subject: [PATCH 1/2] Undo downgrade before trying again if http seems unreliable, refs #2835 --- src/Composer/Repository/ComposerRepository.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/Composer/Repository/ComposerRepository.php b/src/Composer/Repository/ComposerRepository.php index f2d10d943..43afa5317 100644 --- a/src/Composer/Repository/ComposerRepository.php +++ b/src/Composer/Repository/ComposerRepository.php @@ -644,6 +644,13 @@ class ComposerRepository extends ArrayRepository implements ConfigurableReposito $rfs = $preFileDownloadEvent->getRemoteFilesystem(); $json = $rfs->getContents($hostname, $filename, false); if ($sha256 && $sha256 !== hash('sha256', $json)) { + // undo downgrade before trying again if http seems to be hijacked or modifying content somehow + if ($this->allowSslDowngrade) { + $this->url = str_replace('http://', 'https://', $this->url); + $this->baseUrl = str_replace('http://', 'https://', $this->baseUrl); + $filename = str_replace('http://', 'https://', $filename); + } + if ($retries) { usleep(100000); From fd6455218e304e9b484bebb0efcdb67bb52d051d Mon Sep 17 00:00:00 2001 From: Jordi Boggiano Date: Sat, 25 Jun 2016 15:49:52 +0100 Subject: [PATCH 2/2] Avoid warnings in case cache dir is explicitly directed to /dev/null, fixes #5468 --- src/Composer/Cache.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/Composer/Cache.php b/src/Composer/Cache.php index a6044b630..4b1648841 100644 --- a/src/Composer/Cache.php +++ b/src/Composer/Cache.php @@ -44,6 +44,11 @@ class Cache $this->whitelist = $whitelist; $this->filesystem = $filesystem ?: new Filesystem(); + if (preg_match('{(^|[\\\\/])(\$null|NUL|/dev/null)([\\\\/]|$)}', $cacheDir)) { + $this->enabled = false; + return; + } + if ( (!is_dir($this->root) && !Silencer::call('mkdir', $this->root, 0777, true)) || !is_writable($this->root)