Commit 60a5ff72 authored by heddn's avatar heddn
Browse files

Issue #3126736: Update external dependencies

parent 5ffe0e19
......@@ -12,12 +12,12 @@
"source": {
"type": "git",
"url": "https://github.com/composer/semver.git",
"reference": "2667cf1143d1c79a81a2c65d9f7a87a9c549c259"
"reference": "811c569dd23a19b02116ac0613e2f67a76c15931"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/composer/semver/zipball/2667cf1143d1c79a81a2c65d9f7a87a9c549c259",
"reference": "2667cf1143d1c79a81a2c65d9f7a87a9c549c259",
"url": "https://api.github.com/repos/composer/semver/zipball/811c569dd23a19b02116ac0613e2f67a76c15931",
"reference": "811c569dd23a19b02116ac0613e2f67a76c15931",
"shasum": ""
},
"require": {
......@@ -65,7 +65,7 @@
"validation",
"versioning"
],
"time": "2019-12-02T13:30:57+00:00"
"time": "2020-03-17T11:42:48+00:00"
},
{
"name": "drupal/core-version",
......@@ -107,12 +107,12 @@
"source": {
"type": "git",
"url": "https://github.com/drupal/php-signify.git",
"reference": "1baaf6e9da6164dd091e45f65a64fbd515080264"
"reference": "9a805b345aaa22ad8f6b7831925ba3a5295ee45b"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/drupal/php-signify/zipball/1baaf6e9da6164dd091e45f65a64fbd515080264",
"reference": "1baaf6e9da6164dd091e45f65a64fbd515080264",
"url": "https://api.github.com/repos/drupal/php-signify/zipball/9a805b345aaa22ad8f6b7831925ba3a5295ee45b",
"reference": "9a805b345aaa22ad8f6b7831925ba3a5295ee45b",
"shasum": ""
},
"require": {
......@@ -120,7 +120,9 @@
"php": ">=5.3.0"
},
"require-dev": {
"phpunit/phpunit": "^8.0"
"ext-mbstring": "*",
"phpunit/phpunit": "^4|^5|^6|^7|^8|^9",
"symfony/phpunit-bridge": "^2|^3|^4|^5"
},
"type": "library",
"extra": {
......@@ -149,7 +151,7 @@
"security",
"signify"
],
"time": "2019-10-04T21:34:22+00:00"
"time": "2020-03-02T14:34:55+00:00"
},
{
"name": "paragonie/random_compat",
......@@ -202,16 +204,16 @@
},
{
"name": "paragonie/sodium_compat",
"version": "v1.12.1",
"version": "v1.13.0",
"source": {
"type": "git",
"url": "https://github.com/paragonie/sodium_compat.git",
"reference": "063cae9b3a7323579063e7037720f5b52b56c178"
"reference": "bbade402cbe84c69b718120911506a3aa2bae653"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/paragonie/sodium_compat/zipball/063cae9b3a7323579063e7037720f5b52b56c178",
"reference": "063cae9b3a7323579063e7037720f5b52b56c178",
"url": "https://api.github.com/repos/paragonie/sodium_compat/zipball/bbade402cbe84c69b718120911506a3aa2bae653",
"reference": "bbade402cbe84c69b718120911506a3aa2bae653",
"shasum": ""
},
"require": {
......@@ -280,7 +282,7 @@
"secret-key cryptography",
"side-channel resistant"
],
"time": "2019-11-07T17:07:24+00:00"
"time": "2020-03-20T21:48:09+00:00"
}
],
"packages-dev": [],
......
......@@ -5,6 +5,7 @@ composer install --no-dev -o
composer dump-autoload --no-dev --classmap-authoritative
rm -rfv vendor/drupal/php-signify/sh
rm -rfv vendor/drupal/php-signify/tests
rm -rfv vendor/drupal/php-signify/.github
rm -rfv vendor/paragonie/random_compat/other
rm -rfv vendor/paragonie/random_compat/tests
rm -rfv vendor/composer/semver/tests
......
......@@ -6,12 +6,12 @@
"source": {
"type": "git",
"url": "https://github.com/composer/semver.git",
"reference": "2667cf1143d1c79a81a2c65d9f7a87a9c549c259"
"reference": "811c569dd23a19b02116ac0613e2f67a76c15931"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/composer/semver/zipball/2667cf1143d1c79a81a2c65d9f7a87a9c549c259",
"reference": "2667cf1143d1c79a81a2c65d9f7a87a9c549c259",
"url": "https://api.github.com/repos/composer/semver/zipball/811c569dd23a19b02116ac0613e2f67a76c15931",
"reference": "811c569dd23a19b02116ac0613e2f67a76c15931",
"shasum": ""
},
"require": {
......@@ -20,7 +20,7 @@
"require-dev": {
"phpunit/phpunit": "^4.5 || ^5.0.5"
},
"time": "2019-12-02T13:30:57+00:00",
"time": "2020-03-17T11:42:48+00:00",
"type": "library",
"extra": {
"branch-alias": {
......@@ -105,12 +105,12 @@
"source": {
"type": "git",
"url": "https://github.com/drupal/php-signify.git",
"reference": "1baaf6e9da6164dd091e45f65a64fbd515080264"
"reference": "9a805b345aaa22ad8f6b7831925ba3a5295ee45b"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/drupal/php-signify/zipball/1baaf6e9da6164dd091e45f65a64fbd515080264",
"reference": "1baaf6e9da6164dd091e45f65a64fbd515080264",
"url": "https://api.github.com/repos/drupal/php-signify/zipball/9a805b345aaa22ad8f6b7831925ba3a5295ee45b",
"reference": "9a805b345aaa22ad8f6b7831925ba3a5295ee45b",
"shasum": ""
},
"require": {
......@@ -118,9 +118,11 @@
"php": ">=5.3.0"
},
"require-dev": {
"phpunit/phpunit": "^8.0"
"ext-mbstring": "*",
"phpunit/phpunit": "^4|^5|^6|^7|^8|^9",
"symfony/phpunit-bridge": "^2|^3|^4|^5"
},
"time": "2019-10-04T21:34:22+00:00",
"time": "2020-03-02T14:34:55+00:00",
"type": "library",
"extra": {
"branch-alias": {
......@@ -203,17 +205,17 @@
},
{
"name": "paragonie/sodium_compat",
"version": "v1.12.1",
"version_normalized": "1.12.1.0",
"version": "v1.13.0",
"version_normalized": "1.13.0.0",
"source": {
"type": "git",
"url": "https://github.com/paragonie/sodium_compat.git",
"reference": "063cae9b3a7323579063e7037720f5b52b56c178"
"reference": "bbade402cbe84c69b718120911506a3aa2bae653"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/paragonie/sodium_compat/zipball/063cae9b3a7323579063e7037720f5b52b56c178",
"reference": "063cae9b3a7323579063e7037720f5b52b56c178",
"url": "https://api.github.com/repos/paragonie/sodium_compat/zipball/bbade402cbe84c69b718120911506a3aa2bae653",
"reference": "bbade402cbe84c69b718120911506a3aa2bae653",
"shasum": ""
},
"require": {
......@@ -227,7 +229,7 @@
"ext-libsodium": "PHP < 7.0: Better performance, password hashing (Argon2i), secure memory management (memzero), and better security.",
"ext-sodium": "PHP >= 7.0: Better performance, password hashing (Argon2i), secure memory management (memzero), and better security."
},
"time": "2019-11-07T17:07:24+00:00",
"time": "2020-03-20T21:48:09+00:00",
"type": "library",
"installation-source": "dist",
"autoload": {
......
......@@ -3,6 +3,10 @@
All notable changes to this project will be documented in this file.
This project adheres to [Semantic Versioning](http://semver.org/).
### [1.5.1] 2020-01-13
* Fixed: Parsing of aliased version was not validating the alias to be a valid version
### [1.5.0] 2019-03-19
* Added: some support for date versions (e.g. 201903) in `~` operator
......@@ -62,6 +66,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- Namespace: `Composer\Test\Package\LinkConstraint` -> `Composer\Test\Semver\Constraint`
* Changed: code style using php-cs-fixer.
[1.5.1]: https://github.com/composer/semver/compare/1.5.0...1.5.1
[1.5.0]: https://github.com/composer/semver/compare/1.4.2...1.5.0
[1.4.2]: https://github.com/composer/semver/compare/1.4.1...1.4.2
[1.4.1]: https://github.com/composer/semver/compare/1.4.0...1.4.1
[1.4.0]: https://github.com/composer/semver/compare/1.3.0...1.4.0
......
......@@ -46,7 +46,7 @@ The `Composer\Semver\Comparator` class provides the following methods for compar
* equalTo($v1, $v2)
* notEqualTo($v1, $v2)
Each function takes two version strings as arguments. For example:
Each function takes two version strings as arguments and returns a boolean. For example:
```php
use Composer\Semver\Comparator;
......
......@@ -134,7 +134,7 @@ class Constraint implements ConstraintInterface
* @param string $a
* @param string $b
* @param string $operator
* @param bool $compareBranches
* @param bool $compareBranches
*
* @throws \InvalidArgumentException if invalid operator is given.
*
......@@ -167,7 +167,7 @@ class Constraint implements ConstraintInterface
/**
* @param Constraint $provider
* @param bool $compareBranches
* @param bool $compareBranches
*
* @return bool
*/
......
......@@ -27,7 +27,7 @@ class MultiConstraint implements ConstraintInterface
/**
* @param ConstraintInterface[] $constraints A set of constraints
* @param bool $conjunctive Whether the constraints should be treated as conjunctive or disjunctive
* @param bool $conjunctive Whether the constraints should be treated as conjunctive or disjunctive
*/
public function __construct(array $constraints, $conjunctive = true)
{
......
......@@ -45,7 +45,7 @@ class Semver
/**
* Return all versions that satisfy given constraints.
*
* @param array $versions
* @param array $versions
* @param string $constraints
*
* @return array
......@@ -85,7 +85,7 @@ class Semver
/**
* @param array $versions
* @param int $direction
* @param int $direction
*
* @return array
*/
......
......@@ -108,6 +108,9 @@ class VersionParser
// strip off aliasing
if (preg_match('{^([^,\s]++) ++as ++([^,\s]++)$}', $version, $match)) {
// verify that the alias is a version without constraint
$this->normalize($match[2]);
$version = $match[1];
}
......@@ -484,10 +487,10 @@ class VersionParser
*
* Support function for {@link parseConstraint()}
*
* @param array $matches Array with version parts in array indexes 1,2,3,4
* @param int $position 1,2,3,4 - which segment of the version to increment/decrement
* @param int $increment
* @param string $pad The string to pad version parts after $position
* @param array $matches Array with version parts in array indexes 1,2,3,4
* @param int $position 1,2,3,4 - which segment of the version to increment/decrement
* @param int $increment
* @param string $pad The string to pad version parts after $position
*
* @return string The new version
*/
......
......@@ -3,6 +3,8 @@
PHP library for verification of BSD Signify signature files, plus PHP and shell
implementations of verifying extended CSIG signature files.
![PHP Composer](https://github.com/drupal/php-signify/workflows/PHP%20Composer/badge.svg)
## Use Case
Drupal's auto-update and core validation work depends on access to trusted
......
......@@ -14,14 +14,18 @@
"paragonie/sodium_compat": "^1.10"
},
"require-dev": {
"phpunit/phpunit": "^8.0"
"phpunit/phpunit": "^4|^5|^6|^7|^8|^9",
"ext-mbstring": "*",
"symfony/phpunit-bridge": "^2|^3|^4|^5"
},
"autoload": {
"psr-4": {
"Drupal\\Signify\\": "src/"
}
},
"autoload-dev": {
"autoload-dev": {},
"scripts": {
"test": "phpunit"
},
"extra": {
"branch-alias": {
......@@ -29,4 +33,3 @@
}
}
}
......@@ -215,6 +215,9 @@ class Verifier
throw new VerifierException("The real path of checksum list file at \"$checksum_file\" could not be determined.");
}
$working_directory = dirname($absolute_path);
if (is_dir($absolute_path)) {
throw new VerifierException("The checksum list file at \"$checksum_file\" is a directory, not a file.");
}
$signed_checksum_list = @file_get_contents($absolute_path);
if (empty($signed_checksum_list))
{
......@@ -308,6 +311,9 @@ class Verifier
throw new VerifierException("The real path of checksum list file at \"$csig_checksum_file\" could not be determined.");
}
$working_directory = dirname($absolute_path);
if (is_dir($absolute_path)) {
throw new VerifierException("The checksum list file at \"$csig_checksum_file\" is a directory, not a file.");
}
$signed_checksum_list = file_get_contents($absolute_path);
if (empty($signed_checksum_list))
{
......
......@@ -10,7 +10,7 @@
Sodium Compat is a pure PHP polyfill for the Sodium cryptography library
(libsodium), a core extension in PHP 7.2.0+ and otherwise [available in PECL](https://pecl.php.net/package/libsodium).
This library tentativeley supports PHP 5.2.4 - 7.x (latest), but officially
This library tentativeley supports PHP 5.2.4 - 8.x (latest), but officially
only supports [non-EOL'd versions of PHP](https://secure.php.net/supported-versions.php).
If you have the PHP extension installed, Sodium Compat will opportunistically
......
<?php
/*
This file should only ever be loaded on PHP 7+
*/
if (PHP_VERSION_ID < 70000) {
return;
}
spl_autoload_register(function ($class) {
$namespace = 'ParagonIE_Sodium_';
// Does the class use the namespace prefix?
$len = strlen($namespace);
if (strncmp($namespace, $class, $len) !== 0) {
// no, move to the next registered autoloader
return false;
}
// Get the relative class name
$relative_class = substr($class, $len);
// Replace the namespace prefix with the base directory, replace namespace
// separators with directory separators in the relative class name, append
// with .php
$file = dirname(__FILE__) . '/src/' . str_replace('_', '/', $relative_class) . '.php';
// if the file exists, require it
if (file_exists($file)) {
require_once $file;
return true;
}
return false;
});
<?php
if (!is_callable('sodiumCompatAutoloader')) {
/**
* Sodium_Compat autoloader.
*
* @param string $class Class name to be autoloaded.
*
* @return bool Stop autoloading?
*/
function sodiumCompatAutoloader($class)
{
$namespace = 'ParagonIE_Sodium_';
// Does the class use the namespace prefix?
$len = strlen($namespace);
if (strncmp($namespace, $class, $len) !== 0) {
// no, move to the next registered autoloader
return false;
}
if (PHP_VERSION_ID < 70000) {
if (!is_callable('sodiumCompatAutoloader')) {
/**
* Sodium_Compat autoloader.
*
* @param string $class Class name to be autoloaded.
*
* @return bool Stop autoloading?
*/
function sodiumCompatAutoloader($class)
{
$namespace = 'ParagonIE_Sodium_';
// Does the class use the namespace prefix?
$len = strlen($namespace);
if (strncmp($namespace, $class, $len) !== 0) {
// no, move to the next registered autoloader
return false;
}
// Get the relative class name
$relative_class = substr($class, $len);
// Get the relative class name
$relative_class = substr($class, $len);
// Replace the namespace prefix with the base directory, replace namespace
// separators with directory separators in the relative class name, append
// with .php
$file = dirname(__FILE__) . '/src/' . str_replace('_', '/', $relative_class) . '.php';
// if the file exists, require it
if (file_exists($file)) {
require_once $file;
return true;
// Replace the namespace prefix with the base directory, replace namespace
// separators with directory separators in the relative class name, append
// with .php
$file = dirname(__FILE__) . '/src/' . str_replace('_', '/', $relative_class) . '.php';
// if the file exists, require it
if (file_exists($file)) {
require_once $file;
return true;
}
return false;
}
return false;
}
// Now that we have an autoloader, let's register it!
spl_autoload_register('sodiumCompatAutoloader');
// Now that we have an autoloader, let's register it!
spl_autoload_register('sodiumCompatAutoloader');
}
} else {
require_once dirname(__FILE__) . '/autoload-php7.php';
}
require_once dirname(__FILE__) . '/src/SodiumException.php';
if (!class_exists('SodiumException', false)) {
require_once dirname(__FILE__) . '/src/SodiumException.php';
}
if (PHP_VERSION_ID >= 50300) {
// Namespaces didn't exist before 5.3.0, so don't even try to use this
// unless PHP >= 5.3.0
......
......@@ -26,6 +26,10 @@ foreach (array(
'CRYPTO_AEAD_CHACHA20POLY1305_IETF_NSECBYTES',
'CRYPTO_AEAD_CHACHA20POLY1305_IETF_NPUBBYTES',
'CRYPTO_AEAD_CHACHA20POLY1305_IETF_ABYTES',
'CRYPTO_AEAD_XCHACHA20POLY1305_IETF_KEYBYTES',
'CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NSECBYTES',
'CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES',
'CRYPTO_AEAD_XCHACHA20POLY1305_IETF_ABYTES',
'CRYPTO_AUTH_BYTES',
'CRYPTO_AUTH_KEYBYTES',
'CRYPTO_BOX_SEALBYTES',
......@@ -62,6 +66,12 @@ foreach (array(
'CRYPTO_PWHASH_OPSLIMIT_MODERATE',
'CRYPTO_PWHASH_MEMLIMIT_SENSITIVE',
'CRYPTO_PWHASH_OPSLIMIT_SENSITIVE',
'CRYPTO_PWHASH_SCRYPTSALSA208SHA256_SALTBYTES',
'CRYPTO_PWHASH_SCRYPTSALSA208SHA256_STRPREFIX',
'CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_INTERACTIVE',
'CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_INTERACTIVE',
'CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_SENSITIVE',
'CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_SENSITIVE',
'CRYPTO_SCALARMULT_BYTES',
'CRYPTO_SCALARMULT_SCALARBYTES',
'CRYPTO_SHORTHASH_BYTES',
......@@ -84,6 +94,8 @@ foreach (array(
'CRYPTO_SIGN_KEYPAIRBYTES',
'CRYPTO_STREAM_KEYBYTES',
'CRYPTO_STREAM_NONCEBYTES',
'LIBRARY_MAJOR_VERSION',
'LIBRARY_MINOR_VERSION',
'LIBRARY_VERSION_MAJOR',
'LIBRARY_VERSION_MINOR',
'VERSION_STRING'
......
......@@ -44,6 +44,8 @@ class ParagonIE_Sodium_Compat
*/
public static $fastMult = false;
const LIBRARY_MAJOR_VERSION = 9;
const LIBRARY_MINOR_VERSION = 1;
const LIBRARY_VERSION_MAJOR = 9;
const LIBRARY_VERSION_MINOR = 1;
const VERSION_STRING = 'polyfill-1.0.8';
......@@ -3117,15 +3119,14 @@ class ParagonIE_Sodium_Compat
* with (sans pwhash and memzero).
*
* @return int
* @psalm-suppress MixedInferredReturnType
* @psalm-suppress UndefinedFunction
*/
public static function library_version_major()
{
if (self::useNewSodiumAPI()) {
return sodium_library_version_major();
if (self::useNewSodiumAPI() && defined('SODIUM_LIBRARY_MAJOR_VERSION')) {
return SODIUM_LIBRARY_MAJOR_VERSION;
}
if (self::use_fallback('library_version_major')) {
/** @psalm-suppress UndefinedFunction */
return (int) call_user_func('\\Sodium\\library_version_major');
}
return self::LIBRARY_VERSION_MAJOR;
......@@ -3136,15 +3137,14 @@ class ParagonIE_Sodium_Compat
* with (sans pwhash and memzero).
*
* @return int
* @psalm-suppress MixedInferredReturnType
* @psalm-suppress UndefinedFunction
*/
public static function library_version_minor()
{
if (self::useNewSodiumAPI()) {
return sodium_library_version_minor();
if (self::useNewSodiumAPI() && defined('SODIUM_LIBRARY_MINOR_VERSION')) {
return SODIUM_LIBRARY_MINOR_VERSION;
}
if (self::use_fallback('library_version_minor')) {
/** @psalm-suppress UndefinedFunction */
return (int) call_user_func('\\Sodium\\library_version_minor');
}
return self::LIBRARY_VERSION_MINOR;
......
......@@ -141,7 +141,9 @@ class ParagonIE_Sodium_File extends ParagonIE_Sodium_Core_Util
ParagonIE_Sodium_Compat::memzero($nonce);
ParagonIE_Sodium_Compat::memzero($ephKeypair);
} catch (SodiumException $ex) {
unset($ephKeypair);
if (isset($ephKeypair)) {
unset($ephKeypair);
}
}
return $res;
}
......@@ -328,7 +330,9 @@ class ParagonIE_Sodium_File extends ParagonIE_Sodium_Core_Util
ParagonIE_Sodium_Compat::memzero($nonce);
ParagonIE_Sodium_Compat::memzero($ephKeypair);
} catch (SodiumException $ex) {
unset($ephKeypair);
if (isset($ephKeypair)) {
unset($ephKeypair);
}
}
return $res;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment