diff --git a/composer.lock b/composer.lock
index b3e8cfba7093a7e249516dd06f80cdbeea2b7a28..5ba8a5c3719747bcfcbb1df14b78ad0e46a92ce7 100644
--- a/composer.lock
+++ b/composer.lock
@@ -12,12 +12,12 @@
"source": {
"type": "git",
"url": "https://github.com/drupal/php-signify.git",
- "reference": "1baaf6e9da6164dd091e45f65a64fbd515080264"
+ "reference": "9a805b345aaa22ad8f6b7831925ba3a5295ee45b"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/drupal/php-signify/zipball/1baaf6e9da6164dd091e45f65a64fbd515080264",
- "reference": "1baaf6e9da6164dd091e45f65a64fbd515080264",
+ "url": "https://api.github.com/repos/drupal/php-signify/zipball/9a805b345aaa22ad8f6b7831925ba3a5295ee45b",
+ "reference": "9a805b345aaa22ad8f6b7831925ba3a5295ee45b",
"shasum": ""
},
"require": {
@@ -25,7 +25,9 @@
"php": ">=5.3.0"
},
"require-dev": {
- "phpunit/phpunit": "^8.0"
+ "ext-mbstring": "*",
+ "phpunit/phpunit": "^4|^5|^6|^7|^8|^9",
+ "symfony/phpunit-bridge": "^2|^3|^4|^5"
},
"type": "library",
"extra": {
@@ -54,7 +56,7 @@
"security",
"signify"
],
- "time": "2019-10-04T21:34:22+00:00"
+ "time": "2020-03-02T14:34:55+00:00"
},
{
"name": "paragonie/random_compat",
@@ -107,16 +109,16 @@
},
{
"name": "paragonie/sodium_compat",
- "version": "v1.12.1",
+ "version": "v1.13.0",
"source": {
"type": "git",
"url": "https://github.com/paragonie/sodium_compat.git",
- "reference": "063cae9b3a7323579063e7037720f5b52b56c178"
+ "reference": "bbade402cbe84c69b718120911506a3aa2bae653"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/paragonie/sodium_compat/zipball/063cae9b3a7323579063e7037720f5b52b56c178",
- "reference": "063cae9b3a7323579063e7037720f5b52b56c178",
+ "url": "https://api.github.com/repos/paragonie/sodium_compat/zipball/bbade402cbe84c69b718120911506a3aa2bae653",
+ "reference": "bbade402cbe84c69b718120911506a3aa2bae653",
"shasum": ""
},
"require": {
@@ -185,7 +187,7 @@
"secret-key cryptography",
"side-channel resistant"
],
- "time": "2019-11-07T17:07:24+00:00"
+ "time": "2020-03-20T21:48:09+00:00"
}
],
"packages-dev": [],
diff --git a/scripts/update_dependencies.sh b/scripts/update_dependencies.sh
index dfcd2c3c8c35d6a1dd09f4301df49ed0ce99ad79..134ac088197f28cd6635b464829547bddaffee9b 100755
--- a/scripts/update_dependencies.sh
+++ b/scripts/update_dependencies.sh
@@ -5,6 +5,7 @@ composer install --no-dev -o
composer dump-autoload --no-dev --classmap-authoritative
rm -rfv vendor/drupal/php-signify/sh
rm -rfv vendor/drupal/php-signify/tests
+rm -rfv vendor/drupal/php-signify/.github
rm -rfv vendor/paragonie/random_compat/other
rm -rfv vendor/paragonie/random_compat/tests
find ./vendor -name .git -type d -prune -exec rm -rf {} \;
diff --git a/vendor/composer/installed.json b/vendor/composer/installed.json
index 837e49a67234cc894c073baaac671654ddc0142b..50d2378e61d800a7f50c8a16a8b88aba2cfb70f0 100644
--- a/vendor/composer/installed.json
+++ b/vendor/composer/installed.json
@@ -6,12 +6,12 @@
"source": {
"type": "git",
"url": "https://github.com/drupal/php-signify.git",
- "reference": "1baaf6e9da6164dd091e45f65a64fbd515080264"
+ "reference": "9a805b345aaa22ad8f6b7831925ba3a5295ee45b"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/drupal/php-signify/zipball/1baaf6e9da6164dd091e45f65a64fbd515080264",
- "reference": "1baaf6e9da6164dd091e45f65a64fbd515080264",
+ "url": "https://api.github.com/repos/drupal/php-signify/zipball/9a805b345aaa22ad8f6b7831925ba3a5295ee45b",
+ "reference": "9a805b345aaa22ad8f6b7831925ba3a5295ee45b",
"shasum": ""
},
"require": {
@@ -19,9 +19,11 @@
"php": ">=5.3.0"
},
"require-dev": {
- "phpunit/phpunit": "^8.0"
+ "ext-mbstring": "*",
+ "phpunit/phpunit": "^4|^5|^6|^7|^8|^9",
+ "symfony/phpunit-bridge": "^2|^3|^4|^5"
},
- "time": "2019-10-04T21:34:22+00:00",
+ "time": "2020-03-02T14:34:55+00:00",
"type": "library",
"extra": {
"branch-alias": {
@@ -104,17 +106,17 @@
},
{
"name": "paragonie/sodium_compat",
- "version": "v1.12.1",
- "version_normalized": "1.12.1.0",
+ "version": "v1.13.0",
+ "version_normalized": "1.13.0.0",
"source": {
"type": "git",
"url": "https://github.com/paragonie/sodium_compat.git",
- "reference": "063cae9b3a7323579063e7037720f5b52b56c178"
+ "reference": "bbade402cbe84c69b718120911506a3aa2bae653"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/paragonie/sodium_compat/zipball/063cae9b3a7323579063e7037720f5b52b56c178",
- "reference": "063cae9b3a7323579063e7037720f5b52b56c178",
+ "url": "https://api.github.com/repos/paragonie/sodium_compat/zipball/bbade402cbe84c69b718120911506a3aa2bae653",
+ "reference": "bbade402cbe84c69b718120911506a3aa2bae653",
"shasum": ""
},
"require": {
@@ -128,7 +130,7 @@
"ext-libsodium": "PHP < 7.0: Better performance, password hashing (Argon2i), secure memory management (memzero), and better security.",
"ext-sodium": "PHP >= 7.0: Better performance, password hashing (Argon2i), secure memory management (memzero), and better security."
},
- "time": "2019-11-07T17:07:24+00:00",
+ "time": "2020-03-20T21:48:09+00:00",
"type": "library",
"installation-source": "dist",
"autoload": {
diff --git a/vendor/drupal/php-signify/README.md b/vendor/drupal/php-signify/README.md
index 38211f595857e5273fb76ca156a5399a5eb73348..6d17cb241e838d33e6699b3f3d356ac2be4d94b7 100644
--- a/vendor/drupal/php-signify/README.md
+++ b/vendor/drupal/php-signify/README.md
@@ -3,6 +3,8 @@
PHP library for verification of BSD Signify signature files, plus PHP and shell
implementations of verifying extended CSIG signature files.
+
+
## Use Case
Drupal's auto-update and core validation work depends on access to trusted
diff --git a/vendor/drupal/php-signify/composer.json b/vendor/drupal/php-signify/composer.json
index a8c94400866061e9c24c11f400c02eea56645eaf..271f702342e5411791d09d3d3ef27de5c616b5cb 100644
--- a/vendor/drupal/php-signify/composer.json
+++ b/vendor/drupal/php-signify/composer.json
@@ -14,14 +14,18 @@
"paragonie/sodium_compat": "^1.10"
},
"require-dev": {
- "phpunit/phpunit": "^8.0"
+ "phpunit/phpunit": "^4|^5|^6|^7|^8|^9",
+ "ext-mbstring": "*",
+ "symfony/phpunit-bridge": "^2|^3|^4|^5"
},
"autoload": {
"psr-4": {
"Drupal\\Signify\\": "src/"
}
},
- "autoload-dev": {
+ "autoload-dev": {},
+ "scripts": {
+ "test": "phpunit"
},
"extra": {
"branch-alias": {
@@ -29,4 +33,3 @@
}
}
}
-
diff --git a/vendor/drupal/php-signify/src/Verifier.php b/vendor/drupal/php-signify/src/Verifier.php
index 940827a6d412337c9b5e8541e5c71ca12c6a0ffb..ae829c661eb2076db2bc21df7dedd0710b1b0ba3 100644
--- a/vendor/drupal/php-signify/src/Verifier.php
+++ b/vendor/drupal/php-signify/src/Verifier.php
@@ -215,6 +215,9 @@ class Verifier
throw new VerifierException("The real path of checksum list file at \"$checksum_file\" could not be determined.");
}
$working_directory = dirname($absolute_path);
+ if (is_dir($absolute_path)) {
+ throw new VerifierException("The checksum list file at \"$checksum_file\" is a directory, not a file.");
+ }
$signed_checksum_list = @file_get_contents($absolute_path);
if (empty($signed_checksum_list))
{
@@ -308,6 +311,9 @@ class Verifier
throw new VerifierException("The real path of checksum list file at \"$csig_checksum_file\" could not be determined.");
}
$working_directory = dirname($absolute_path);
+ if (is_dir($absolute_path)) {
+ throw new VerifierException("The checksum list file at \"$csig_checksum_file\" is a directory, not a file.");
+ }
$signed_checksum_list = file_get_contents($absolute_path);
if (empty($signed_checksum_list))
{
diff --git a/vendor/paragonie/sodium_compat/README.md b/vendor/paragonie/sodium_compat/README.md
index e142d4f1a0da2a30475854e6f348ad50059b1051..d09d1b25816376198fd477d712f6648370f90a02 100644
--- a/vendor/paragonie/sodium_compat/README.md
+++ b/vendor/paragonie/sodium_compat/README.md
@@ -10,7 +10,7 @@
Sodium Compat is a pure PHP polyfill for the Sodium cryptography library
(libsodium), a core extension in PHP 7.2.0+ and otherwise [available in PECL](https://pecl.php.net/package/libsodium).
-This library tentativeley supports PHP 5.2.4 - 7.x (latest), but officially
+This library tentativeley supports PHP 5.2.4 - 8.x (latest), but officially
only supports [non-EOL'd versions of PHP](https://secure.php.net/supported-versions.php).
If you have the PHP extension installed, Sodium Compat will opportunistically
diff --git a/vendor/paragonie/sodium_compat/autoload-php7.php b/vendor/paragonie/sodium_compat/autoload-php7.php
new file mode 100644
index 0000000000000000000000000000000000000000..482486043bec3639dfcc5ebf0002fd0470f28ac4
--- /dev/null
+++ b/vendor/paragonie/sodium_compat/autoload-php7.php
@@ -0,0 +1,31 @@
+<?php
+/*
+ This file should only ever be loaded on PHP 7+
+ */
+if (PHP_VERSION_ID < 70000) {
+ return;
+}
+
+spl_autoload_register(function ($class) {
+ $namespace = 'ParagonIE_Sodium_';
+ // Does the class use the namespace prefix?
+ $len = strlen($namespace);
+ if (strncmp($namespace, $class, $len) !== 0) {
+ // no, move to the next registered autoloader
+ return false;
+ }
+
+ // Get the relative class name
+ $relative_class = substr($class, $len);
+
+ // Replace the namespace prefix with the base directory, replace namespace
+ // separators with directory separators in the relative class name, append
+ // with .php
+ $file = dirname(__FILE__) . '/src/' . str_replace('_', '/', $relative_class) . '.php';
+ // if the file exists, require it
+ if (file_exists($file)) {
+ require_once $file;
+ return true;
+ }
+ return false;
+});
diff --git a/vendor/paragonie/sodium_compat/autoload.php b/vendor/paragonie/sodium_compat/autoload.php
index aa6ef8535b2393b00abbd6044c3242b77d79e976..d7c777b0085cc4ce2b7958ae28ed58af5cc4c6b7 100644
--- a/vendor/paragonie/sodium_compat/autoload.php
+++ b/vendor/paragonie/sodium_compat/autoload.php
@@ -1,43 +1,49 @@
<?php
-if (!is_callable('sodiumCompatAutoloader')) {
- /**
- * Sodium_Compat autoloader.
- *
- * @param string $class Class name to be autoloaded.
- *
- * @return bool Stop autoloading?
- */
- function sodiumCompatAutoloader($class)
- {
- $namespace = 'ParagonIE_Sodium_';
- // Does the class use the namespace prefix?
- $len = strlen($namespace);
- if (strncmp($namespace, $class, $len) !== 0) {
- // no, move to the next registered autoloader
- return false;
- }
+if (PHP_VERSION_ID < 70000) {
+ if (!is_callable('sodiumCompatAutoloader')) {
+ /**
+ * Sodium_Compat autoloader.
+ *
+ * @param string $class Class name to be autoloaded.
+ *
+ * @return bool Stop autoloading?
+ */
+ function sodiumCompatAutoloader($class)
+ {
+ $namespace = 'ParagonIE_Sodium_';
+ // Does the class use the namespace prefix?
+ $len = strlen($namespace);
+ if (strncmp($namespace, $class, $len) !== 0) {
+ // no, move to the next registered autoloader
+ return false;
+ }
- // Get the relative class name
- $relative_class = substr($class, $len);
+ // Get the relative class name
+ $relative_class = substr($class, $len);
- // Replace the namespace prefix with the base directory, replace namespace
- // separators with directory separators in the relative class name, append
- // with .php
- $file = dirname(__FILE__) . '/src/' . str_replace('_', '/', $relative_class) . '.php';
- // if the file exists, require it
- if (file_exists($file)) {
- require_once $file;
- return true;
+ // Replace the namespace prefix with the base directory, replace namespace
+ // separators with directory separators in the relative class name, append
+ // with .php
+ $file = dirname(__FILE__) . '/src/' . str_replace('_', '/', $relative_class) . '.php';
+ // if the file exists, require it
+ if (file_exists($file)) {
+ require_once $file;
+ return true;
+ }
+ return false;
}
- return false;
- }
- // Now that we have an autoloader, let's register it!
- spl_autoload_register('sodiumCompatAutoloader');
+ // Now that we have an autoloader, let's register it!
+ spl_autoload_register('sodiumCompatAutoloader');
+ }
+} else {
+ require_once dirname(__FILE__) . '/autoload-php7.php';
}
-require_once dirname(__FILE__) . '/src/SodiumException.php';
+if (!class_exists('SodiumException', false)) {
+ require_once dirname(__FILE__) . '/src/SodiumException.php';
+}
if (PHP_VERSION_ID >= 50300) {
// Namespaces didn't exist before 5.3.0, so don't even try to use this
// unless PHP >= 5.3.0
diff --git a/vendor/paragonie/sodium_compat/lib/php72compat.php b/vendor/paragonie/sodium_compat/lib/php72compat.php
index c39ec26a8894c0e602ec7174a6f1d7ac40d49d5b..fa8c37299fd85cfb2551e857be4245836bc40c08 100644
--- a/vendor/paragonie/sodium_compat/lib/php72compat.php
+++ b/vendor/paragonie/sodium_compat/lib/php72compat.php
@@ -26,6 +26,10 @@ foreach (array(
'CRYPTO_AEAD_CHACHA20POLY1305_IETF_NSECBYTES',
'CRYPTO_AEAD_CHACHA20POLY1305_IETF_NPUBBYTES',
'CRYPTO_AEAD_CHACHA20POLY1305_IETF_ABYTES',
+ 'CRYPTO_AEAD_XCHACHA20POLY1305_IETF_KEYBYTES',
+ 'CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NSECBYTES',
+ 'CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES',
+ 'CRYPTO_AEAD_XCHACHA20POLY1305_IETF_ABYTES',
'CRYPTO_AUTH_BYTES',
'CRYPTO_AUTH_KEYBYTES',
'CRYPTO_BOX_SEALBYTES',
@@ -62,6 +66,12 @@ foreach (array(
'CRYPTO_PWHASH_OPSLIMIT_MODERATE',
'CRYPTO_PWHASH_MEMLIMIT_SENSITIVE',
'CRYPTO_PWHASH_OPSLIMIT_SENSITIVE',
+ 'CRYPTO_PWHASH_SCRYPTSALSA208SHA256_SALTBYTES',
+ 'CRYPTO_PWHASH_SCRYPTSALSA208SHA256_STRPREFIX',
+ 'CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_INTERACTIVE',
+ 'CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_INTERACTIVE',
+ 'CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_SENSITIVE',
+ 'CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_SENSITIVE',
'CRYPTO_SCALARMULT_BYTES',
'CRYPTO_SCALARMULT_SCALARBYTES',
'CRYPTO_SHORTHASH_BYTES',
@@ -84,6 +94,8 @@ foreach (array(
'CRYPTO_SIGN_KEYPAIRBYTES',
'CRYPTO_STREAM_KEYBYTES',
'CRYPTO_STREAM_NONCEBYTES',
+ 'LIBRARY_MAJOR_VERSION',
+ 'LIBRARY_MINOR_VERSION',
'LIBRARY_VERSION_MAJOR',
'LIBRARY_VERSION_MINOR',
'VERSION_STRING'
diff --git a/vendor/paragonie/sodium_compat/src/Compat.php b/vendor/paragonie/sodium_compat/src/Compat.php
index e49133fe057644541efdad604d7bb17e2c0c494f..ff76adbcb04d500996c2534ca5084306dc406abf 100644
--- a/vendor/paragonie/sodium_compat/src/Compat.php
+++ b/vendor/paragonie/sodium_compat/src/Compat.php
@@ -44,6 +44,8 @@ class ParagonIE_Sodium_Compat
*/
public static $fastMult = false;
+ const LIBRARY_MAJOR_VERSION = 9;
+ const LIBRARY_MINOR_VERSION = 1;
const LIBRARY_VERSION_MAJOR = 9;
const LIBRARY_VERSION_MINOR = 1;
const VERSION_STRING = 'polyfill-1.0.8';
@@ -3117,15 +3119,14 @@ class ParagonIE_Sodium_Compat
* with (sans pwhash and memzero).
*
* @return int
- * @psalm-suppress MixedInferredReturnType
- * @psalm-suppress UndefinedFunction
*/
public static function library_version_major()
{
- if (self::useNewSodiumAPI()) {
- return sodium_library_version_major();
+ if (self::useNewSodiumAPI() && defined('SODIUM_LIBRARY_MAJOR_VERSION')) {
+ return SODIUM_LIBRARY_MAJOR_VERSION;
}
if (self::use_fallback('library_version_major')) {
+ /** @psalm-suppress UndefinedFunction */
return (int) call_user_func('\\Sodium\\library_version_major');
}
return self::LIBRARY_VERSION_MAJOR;
@@ -3136,15 +3137,14 @@ class ParagonIE_Sodium_Compat
* with (sans pwhash and memzero).
*
* @return int
- * @psalm-suppress MixedInferredReturnType
- * @psalm-suppress UndefinedFunction
*/
public static function library_version_minor()
{
- if (self::useNewSodiumAPI()) {
- return sodium_library_version_minor();
+ if (self::useNewSodiumAPI() && defined('SODIUM_LIBRARY_MINOR_VERSION')) {
+ return SODIUM_LIBRARY_MINOR_VERSION;
}
if (self::use_fallback('library_version_minor')) {
+ /** @psalm-suppress UndefinedFunction */
return (int) call_user_func('\\Sodium\\library_version_minor');
}
return self::LIBRARY_VERSION_MINOR;
diff --git a/vendor/paragonie/sodium_compat/src/File.php b/vendor/paragonie/sodium_compat/src/File.php
index a28df9ffa96f89b810c44d5babc2e560a7a1e01f..b4948db36c452b095ab2d3173fa08730d41b5466 100644
--- a/vendor/paragonie/sodium_compat/src/File.php
+++ b/vendor/paragonie/sodium_compat/src/File.php
@@ -141,7 +141,9 @@ class ParagonIE_Sodium_File extends ParagonIE_Sodium_Core_Util
ParagonIE_Sodium_Compat::memzero($nonce);
ParagonIE_Sodium_Compat::memzero($ephKeypair);
} catch (SodiumException $ex) {
- unset($ephKeypair);
+ if (isset($ephKeypair)) {
+ unset($ephKeypair);
+ }
}
return $res;
}
@@ -328,7 +330,9 @@ class ParagonIE_Sodium_File extends ParagonIE_Sodium_Core_Util
ParagonIE_Sodium_Compat::memzero($nonce);
ParagonIE_Sodium_Compat::memzero($ephKeypair);
} catch (SodiumException $ex) {
- unset($ephKeypair);
+ if (isset($ephKeypair)) {
+ unset($ephKeypair);
+ }
}
return $res;
}