From 4a790bde36b7ef227354f393586d9fed41b55827 Mon Sep 17 00:00:00 2001
From: Lucas D Hedding <lucashedding@1463982.no-reply.drupal.org>
Date: Fri, 10 Apr 2020 14:16:51 -0600
Subject: [PATCH] Issue #3126736: Update external dependencies
---
composer.lock | 22 +++---
scripts/update_dependencies.sh | 1 +
vendor/composer/installed.json | 24 ++++---
vendor/drupal/php-signify/README.md | 2 +
vendor/drupal/php-signify/composer.json | 9 ++-
vendor/drupal/php-signify/src/Verifier.php | 6 ++
vendor/paragonie/sodium_compat/README.md | 2 +-
.../paragonie/sodium_compat/autoload-php7.php | 31 ++++++++
vendor/paragonie/sodium_compat/autoload.php | 70 ++++++++++---------
.../sodium_compat/lib/php72compat.php | 12 ++++
vendor/paragonie/sodium_compat/src/Compat.php | 16 ++---
vendor/paragonie/sodium_compat/src/File.php | 8 ++-
12 files changed, 136 insertions(+), 67 deletions(-)
create mode 100644 vendor/paragonie/sodium_compat/autoload-php7.php
diff --git a/composer.lock b/composer.lock
index b3e8cfba70..5ba8a5c371 100644
--- a/composer.lock
+++ b/composer.lock
@@ -12,12 +12,12 @@
"source": {
"type": "git",
"url": "https://github.com/drupal/php-signify.git",
- "reference": "1baaf6e9da6164dd091e45f65a64fbd515080264"
+ "reference": "9a805b345aaa22ad8f6b7831925ba3a5295ee45b"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/drupal/php-signify/zipball/1baaf6e9da6164dd091e45f65a64fbd515080264",
- "reference": "1baaf6e9da6164dd091e45f65a64fbd515080264",
+ "url": "https://api.github.com/repos/drupal/php-signify/zipball/9a805b345aaa22ad8f6b7831925ba3a5295ee45b",
+ "reference": "9a805b345aaa22ad8f6b7831925ba3a5295ee45b",
"shasum": ""
},
"require": {
@@ -25,7 +25,9 @@
"php": ">=5.3.0"
},
"require-dev": {
- "phpunit/phpunit": "^8.0"
+ "ext-mbstring": "*",
+ "phpunit/phpunit": "^4|^5|^6|^7|^8|^9",
+ "symfony/phpunit-bridge": "^2|^3|^4|^5"
},
"type": "library",
"extra": {
@@ -54,7 +56,7 @@
"security",
"signify"
],
- "time": "2019-10-04T21:34:22+00:00"
+ "time": "2020-03-02T14:34:55+00:00"
},
{
"name": "paragonie/random_compat",
@@ -107,16 +109,16 @@
},
{
"name": "paragonie/sodium_compat",
- "version": "v1.12.1",
+ "version": "v1.13.0",
"source": {
"type": "git",
"url": "https://github.com/paragonie/sodium_compat.git",
- "reference": "063cae9b3a7323579063e7037720f5b52b56c178"
+ "reference": "bbade402cbe84c69b718120911506a3aa2bae653"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/paragonie/sodium_compat/zipball/063cae9b3a7323579063e7037720f5b52b56c178",
- "reference": "063cae9b3a7323579063e7037720f5b52b56c178",
+ "url": "https://api.github.com/repos/paragonie/sodium_compat/zipball/bbade402cbe84c69b718120911506a3aa2bae653",
+ "reference": "bbade402cbe84c69b718120911506a3aa2bae653",
"shasum": ""
},
"require": {
@@ -185,7 +187,7 @@
"secret-key cryptography",
"side-channel resistant"
],
- "time": "2019-11-07T17:07:24+00:00"
+ "time": "2020-03-20T21:48:09+00:00"
}
],
"packages-dev": [],
diff --git a/scripts/update_dependencies.sh b/scripts/update_dependencies.sh
index dfcd2c3c8c..134ac08819 100755
--- a/scripts/update_dependencies.sh
+++ b/scripts/update_dependencies.sh
@@ -5,6 +5,7 @@ composer install --no-dev -o
composer dump-autoload --no-dev --classmap-authoritative
rm -rfv vendor/drupal/php-signify/sh
rm -rfv vendor/drupal/php-signify/tests
+rm -rfv vendor/drupal/php-signify/.github
rm -rfv vendor/paragonie/random_compat/other
rm -rfv vendor/paragonie/random_compat/tests
find ./vendor -name .git -type d -prune -exec rm -rf {} \;
diff --git a/vendor/composer/installed.json b/vendor/composer/installed.json
index 837e49a672..50d2378e61 100644
--- a/vendor/composer/installed.json
+++ b/vendor/composer/installed.json
@@ -6,12 +6,12 @@
"source": {
"type": "git",
"url": "https://github.com/drupal/php-signify.git",
- "reference": "1baaf6e9da6164dd091e45f65a64fbd515080264"
+ "reference": "9a805b345aaa22ad8f6b7831925ba3a5295ee45b"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/drupal/php-signify/zipball/1baaf6e9da6164dd091e45f65a64fbd515080264",
- "reference": "1baaf6e9da6164dd091e45f65a64fbd515080264",
+ "url": "https://api.github.com/repos/drupal/php-signify/zipball/9a805b345aaa22ad8f6b7831925ba3a5295ee45b",
+ "reference": "9a805b345aaa22ad8f6b7831925ba3a5295ee45b",
"shasum": ""
},
"require": {
@@ -19,9 +19,11 @@
"php": ">=5.3.0"
},
"require-dev": {
- "phpunit/phpunit": "^8.0"
+ "ext-mbstring": "*",
+ "phpunit/phpunit": "^4|^5|^6|^7|^8|^9",
+ "symfony/phpunit-bridge": "^2|^3|^4|^5"
},
- "time": "2019-10-04T21:34:22+00:00",
+ "time": "2020-03-02T14:34:55+00:00",
"type": "library",
"extra": {
"branch-alias": {
@@ -104,17 +106,17 @@
},
{
"name": "paragonie/sodium_compat",
- "version": "v1.12.1",
- "version_normalized": "1.12.1.0",
+ "version": "v1.13.0",
+ "version_normalized": "1.13.0.0",
"source": {
"type": "git",
"url": "https://github.com/paragonie/sodium_compat.git",
- "reference": "063cae9b3a7323579063e7037720f5b52b56c178"
+ "reference": "bbade402cbe84c69b718120911506a3aa2bae653"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/paragonie/sodium_compat/zipball/063cae9b3a7323579063e7037720f5b52b56c178",
- "reference": "063cae9b3a7323579063e7037720f5b52b56c178",
+ "url": "https://api.github.com/repos/paragonie/sodium_compat/zipball/bbade402cbe84c69b718120911506a3aa2bae653",
+ "reference": "bbade402cbe84c69b718120911506a3aa2bae653",
"shasum": ""
},
"require": {
@@ -128,7 +130,7 @@
"ext-libsodium": "PHP < 7.0: Better performance, password hashing (Argon2i), secure memory management (memzero), and better security.",
"ext-sodium": "PHP >= 7.0: Better performance, password hashing (Argon2i), secure memory management (memzero), and better security."
},
- "time": "2019-11-07T17:07:24+00:00",
+ "time": "2020-03-20T21:48:09+00:00",
"type": "library",
"installation-source": "dist",
"autoload": {
diff --git a/vendor/drupal/php-signify/README.md b/vendor/drupal/php-signify/README.md
index 38211f5958..6d17cb241e 100644
--- a/vendor/drupal/php-signify/README.md
+++ b/vendor/drupal/php-signify/README.md
@@ -3,6 +3,8 @@
PHP library for verification of BSD Signify signature files, plus PHP and shell
implementations of verifying extended CSIG signature files.
+
+
## Use Case
Drupal's auto-update and core validation work depends on access to trusted
diff --git a/vendor/drupal/php-signify/composer.json b/vendor/drupal/php-signify/composer.json
index a8c9440086..271f702342 100644
--- a/vendor/drupal/php-signify/composer.json
+++ b/vendor/drupal/php-signify/composer.json
@@ -14,14 +14,18 @@
"paragonie/sodium_compat": "^1.10"
},
"require-dev": {
- "phpunit/phpunit": "^8.0"
+ "phpunit/phpunit": "^4|^5|^6|^7|^8|^9",
+ "ext-mbstring": "*",
+ "symfony/phpunit-bridge": "^2|^3|^4|^5"
},
"autoload": {
"psr-4": {
"Drupal\\Signify\\": "src/"
}
},
- "autoload-dev": {
+ "autoload-dev": {},
+ "scripts": {
+ "test": "phpunit"
},
"extra": {
"branch-alias": {
@@ -29,4 +33,3 @@
}
}
}
-
diff --git a/vendor/drupal/php-signify/src/Verifier.php b/vendor/drupal/php-signify/src/Verifier.php
index 940827a6d4..ae829c661e 100644
--- a/vendor/drupal/php-signify/src/Verifier.php
+++ b/vendor/drupal/php-signify/src/Verifier.php
@@ -215,6 +215,9 @@ class Verifier
throw new VerifierException("The real path of checksum list file at \"$checksum_file\" could not be determined.");
}
$working_directory = dirname($absolute_path);
+ if (is_dir($absolute_path)) {
+ throw new VerifierException("The checksum list file at \"$checksum_file\" is a directory, not a file.");
+ }
$signed_checksum_list = @file_get_contents($absolute_path);
if (empty($signed_checksum_list))
{
@@ -308,6 +311,9 @@ class Verifier
throw new VerifierException("The real path of checksum list file at \"$csig_checksum_file\" could not be determined.");
}
$working_directory = dirname($absolute_path);
+ if (is_dir($absolute_path)) {
+ throw new VerifierException("The checksum list file at \"$csig_checksum_file\" is a directory, not a file.");
+ }
$signed_checksum_list = file_get_contents($absolute_path);
if (empty($signed_checksum_list))
{
diff --git a/vendor/paragonie/sodium_compat/README.md b/vendor/paragonie/sodium_compat/README.md
index e142d4f1a0..d09d1b2581 100644
--- a/vendor/paragonie/sodium_compat/README.md
+++ b/vendor/paragonie/sodium_compat/README.md
@@ -10,7 +10,7 @@
Sodium Compat is a pure PHP polyfill for the Sodium cryptography library
(libsodium), a core extension in PHP 7.2.0+ and otherwise [available in PECL](https://pecl.php.net/package/libsodium).
-This library tentativeley supports PHP 5.2.4 - 7.x (latest), but officially
+This library tentativeley supports PHP 5.2.4 - 8.x (latest), but officially
only supports [non-EOL'd versions of PHP](https://secure.php.net/supported-versions.php).
If you have the PHP extension installed, Sodium Compat will opportunistically
diff --git a/vendor/paragonie/sodium_compat/autoload-php7.php b/vendor/paragonie/sodium_compat/autoload-php7.php
new file mode 100644
index 0000000000..482486043b
--- /dev/null
+++ b/vendor/paragonie/sodium_compat/autoload-php7.php
@@ -0,0 +1,31 @@
+<?php
+/*
+ This file should only ever be loaded on PHP 7+
+ */
+if (PHP_VERSION_ID < 70000) {
+ return;
+}
+
+spl_autoload_register(function ($class) {
+ $namespace = 'ParagonIE_Sodium_';
+ // Does the class use the namespace prefix?
+ $len = strlen($namespace);
+ if (strncmp($namespace, $class, $len) !== 0) {
+ // no, move to the next registered autoloader
+ return false;
+ }
+
+ // Get the relative class name
+ $relative_class = substr($class, $len);
+
+ // Replace the namespace prefix with the base directory, replace namespace
+ // separators with directory separators in the relative class name, append
+ // with .php
+ $file = dirname(__FILE__) . '/src/' . str_replace('_', '/', $relative_class) . '.php';
+ // if the file exists, require it
+ if (file_exists($file)) {
+ require_once $file;
+ return true;
+ }
+ return false;
+});
diff --git a/vendor/paragonie/sodium_compat/autoload.php b/vendor/paragonie/sodium_compat/autoload.php
index aa6ef8535b..d7c777b008 100644
--- a/vendor/paragonie/sodium_compat/autoload.php
+++ b/vendor/paragonie/sodium_compat/autoload.php
@@ -1,43 +1,49 @@
<?php
-if (!is_callable('sodiumCompatAutoloader')) {
- /**
- * Sodium_Compat autoloader.
- *
- * @param string $class Class name to be autoloaded.
- *
- * @return bool Stop autoloading?
- */
- function sodiumCompatAutoloader($class)
- {
- $namespace = 'ParagonIE_Sodium_';
- // Does the class use the namespace prefix?
- $len = strlen($namespace);
- if (strncmp($namespace, $class, $len) !== 0) {
- // no, move to the next registered autoloader
- return false;
- }
+if (PHP_VERSION_ID < 70000) {
+ if (!is_callable('sodiumCompatAutoloader')) {
+ /**
+ * Sodium_Compat autoloader.
+ *
+ * @param string $class Class name to be autoloaded.
+ *
+ * @return bool Stop autoloading?
+ */
+ function sodiumCompatAutoloader($class)
+ {
+ $namespace = 'ParagonIE_Sodium_';
+ // Does the class use the namespace prefix?
+ $len = strlen($namespace);
+ if (strncmp($namespace, $class, $len) !== 0) {
+ // no, move to the next registered autoloader
+ return false;
+ }
- // Get the relative class name
- $relative_class = substr($class, $len);
+ // Get the relative class name
+ $relative_class = substr($class, $len);
- // Replace the namespace prefix with the base directory, replace namespace
- // separators with directory separators in the relative class name, append
- // with .php
- $file = dirname(__FILE__) . '/src/' . str_replace('_', '/', $relative_class) . '.php';
- // if the file exists, require it
- if (file_exists($file)) {
- require_once $file;
- return true;
+ // Replace the namespace prefix with the base directory, replace namespace
+ // separators with directory separators in the relative class name, append
+ // with .php
+ $file = dirname(__FILE__) . '/src/' . str_replace('_', '/', $relative_class) . '.php';
+ // if the file exists, require it
+ if (file_exists($file)) {
+ require_once $file;
+ return true;
+ }
+ return false;
}
- return false;
- }
- // Now that we have an autoloader, let's register it!
- spl_autoload_register('sodiumCompatAutoloader');
+ // Now that we have an autoloader, let's register it!
+ spl_autoload_register('sodiumCompatAutoloader');
+ }
+} else {
+ require_once dirname(__FILE__) . '/autoload-php7.php';
}
-require_once dirname(__FILE__) . '/src/SodiumException.php';
+if (!class_exists('SodiumException', false)) {
+ require_once dirname(__FILE__) . '/src/SodiumException.php';
+}
if (PHP_VERSION_ID >= 50300) {
// Namespaces didn't exist before 5.3.0, so don't even try to use this
// unless PHP >= 5.3.0
diff --git a/vendor/paragonie/sodium_compat/lib/php72compat.php b/vendor/paragonie/sodium_compat/lib/php72compat.php
index c39ec26a88..fa8c37299f 100644
--- a/vendor/paragonie/sodium_compat/lib/php72compat.php
+++ b/vendor/paragonie/sodium_compat/lib/php72compat.php
@@ -26,6 +26,10 @@ foreach (array(
'CRYPTO_AEAD_CHACHA20POLY1305_IETF_NSECBYTES',
'CRYPTO_AEAD_CHACHA20POLY1305_IETF_NPUBBYTES',
'CRYPTO_AEAD_CHACHA20POLY1305_IETF_ABYTES',
+ 'CRYPTO_AEAD_XCHACHA20POLY1305_IETF_KEYBYTES',
+ 'CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NSECBYTES',
+ 'CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES',
+ 'CRYPTO_AEAD_XCHACHA20POLY1305_IETF_ABYTES',
'CRYPTO_AUTH_BYTES',
'CRYPTO_AUTH_KEYBYTES',
'CRYPTO_BOX_SEALBYTES',
@@ -62,6 +66,12 @@ foreach (array(
'CRYPTO_PWHASH_OPSLIMIT_MODERATE',
'CRYPTO_PWHASH_MEMLIMIT_SENSITIVE',
'CRYPTO_PWHASH_OPSLIMIT_SENSITIVE',
+ 'CRYPTO_PWHASH_SCRYPTSALSA208SHA256_SALTBYTES',
+ 'CRYPTO_PWHASH_SCRYPTSALSA208SHA256_STRPREFIX',
+ 'CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_INTERACTIVE',
+ 'CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_INTERACTIVE',
+ 'CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_SENSITIVE',
+ 'CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_SENSITIVE',
'CRYPTO_SCALARMULT_BYTES',
'CRYPTO_SCALARMULT_SCALARBYTES',
'CRYPTO_SHORTHASH_BYTES',
@@ -84,6 +94,8 @@ foreach (array(
'CRYPTO_SIGN_KEYPAIRBYTES',
'CRYPTO_STREAM_KEYBYTES',
'CRYPTO_STREAM_NONCEBYTES',
+ 'LIBRARY_MAJOR_VERSION',
+ 'LIBRARY_MINOR_VERSION',
'LIBRARY_VERSION_MAJOR',
'LIBRARY_VERSION_MINOR',
'VERSION_STRING'
diff --git a/vendor/paragonie/sodium_compat/src/Compat.php b/vendor/paragonie/sodium_compat/src/Compat.php
index e49133fe05..ff76adbcb0 100644
--- a/vendor/paragonie/sodium_compat/src/Compat.php
+++ b/vendor/paragonie/sodium_compat/src/Compat.php
@@ -44,6 +44,8 @@ class ParagonIE_Sodium_Compat
*/
public static $fastMult = false;
+ const LIBRARY_MAJOR_VERSION = 9;
+ const LIBRARY_MINOR_VERSION = 1;
const LIBRARY_VERSION_MAJOR = 9;
const LIBRARY_VERSION_MINOR = 1;
const VERSION_STRING = 'polyfill-1.0.8';
@@ -3117,15 +3119,14 @@ class ParagonIE_Sodium_Compat
* with (sans pwhash and memzero).
*
* @return int
- * @psalm-suppress MixedInferredReturnType
- * @psalm-suppress UndefinedFunction
*/
public static function library_version_major()
{
- if (self::useNewSodiumAPI()) {
- return sodium_library_version_major();
+ if (self::useNewSodiumAPI() && defined('SODIUM_LIBRARY_MAJOR_VERSION')) {
+ return SODIUM_LIBRARY_MAJOR_VERSION;
}
if (self::use_fallback('library_version_major')) {
+ /** @psalm-suppress UndefinedFunction */
return (int) call_user_func('\\Sodium\\library_version_major');
}
return self::LIBRARY_VERSION_MAJOR;
@@ -3136,15 +3137,14 @@ class ParagonIE_Sodium_Compat
* with (sans pwhash and memzero).
*
* @return int
- * @psalm-suppress MixedInferredReturnType
- * @psalm-suppress UndefinedFunction
*/
public static function library_version_minor()
{
- if (self::useNewSodiumAPI()) {
- return sodium_library_version_minor();
+ if (self::useNewSodiumAPI() && defined('SODIUM_LIBRARY_MINOR_VERSION')) {
+ return SODIUM_LIBRARY_MINOR_VERSION;
}
if (self::use_fallback('library_version_minor')) {
+ /** @psalm-suppress UndefinedFunction */
return (int) call_user_func('\\Sodium\\library_version_minor');
}
return self::LIBRARY_VERSION_MINOR;
diff --git a/vendor/paragonie/sodium_compat/src/File.php b/vendor/paragonie/sodium_compat/src/File.php
index a28df9ffa9..b4948db36c 100644
--- a/vendor/paragonie/sodium_compat/src/File.php
+++ b/vendor/paragonie/sodium_compat/src/File.php
@@ -141,7 +141,9 @@ class ParagonIE_Sodium_File extends ParagonIE_Sodium_Core_Util
ParagonIE_Sodium_Compat::memzero($nonce);
ParagonIE_Sodium_Compat::memzero($ephKeypair);
} catch (SodiumException $ex) {
- unset($ephKeypair);
+ if (isset($ephKeypair)) {
+ unset($ephKeypair);
+ }
}
return $res;
}
@@ -328,7 +330,9 @@ class ParagonIE_Sodium_File extends ParagonIE_Sodium_Core_Util
ParagonIE_Sodium_Compat::memzero($nonce);
ParagonIE_Sodium_Compat::memzero($ephKeypair);
} catch (SodiumException $ex) {
- unset($ephKeypair);
+ if (isset($ephKeypair)) {
+ unset($ephKeypair);
+ }
}
return $res;
}
--
GitLab