Merge branch 'oittaa-patch-1'

2024-09-19 15:11:40 +02:00 · 2016-10-02 22:20:44 -04:00 · 2016-10-02 22:20:44 -04:00 · cfe4facc1b
commit cfe4facc1b
parent d60aecf872 30886414a1
9 changed files with 130 additions and 70 deletions
--- a/app/Helpers/CryptoHelper.php
+++ b/app/Helpers/CryptoHelper.php
@ -3,7 +3,7 @@ namespace App\Helpers;

 class CryptoHelper {
    public static function generateRandomHex($rand_bytes_num) {
-        $rand_bytes = openssl_random_pseudo_bytes($rand_bytes_num, $crypt_secure);
+        $rand_bytes = random_bytes($rand_bytes_num);
        return bin2hex($rand_bytes);
    }
 }
--- a/composer.json
+++ b/composer.json
@ -9,7 +9,8 @@
        "laravel/lumen-framework": "5.1.*",
        "vlucas/phpdotenv": "~1.0",
        "illuminate/mail": "~5.1",
-        "yajra/laravel-datatables-oracle": "~6.0"
+        "yajra/laravel-datatables-oracle": "~6.0",
+        "paragonie/random_compat": "^1.0.6"
    },
    "require-dev": {
        "fzaninotto/faker": "~1.0",
--- a/composer.lock
+++ b/composer.lock
@ -4,7 +4,7 @@
        "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
        "This file is @generated automatically"
    ],
-    "content-hash": "b5a3fc2934cddc65939bd467cd3def24",
+    "content-hash": "c9b3d1fae340ed50d76dbc8c5ec73ab2",
    "packages": [
        {
            "name": "danielstjules/stringy",
@ -1860,16 +1860,16 @@
        },
        {
            "name": "paragonie/random_compat",
-            "version": "v1.2.0",
+            "version": "v1.4.1",
            "source": {
                "type": "git",
                "url": "https://github.com/paragonie/random_compat.git",
-                "reference": "b0e69d10852716b2ccbdff69c75c477637220790"
+                "reference": "c7e26a21ba357863de030f0b9e701c7d04593774"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/paragonie/random_compat/zipball/b0e69d10852716b2ccbdff69c75c477637220790",
-                "reference": "b0e69d10852716b2ccbdff69c75c477637220790",
+                "url": "https://api.github.com/repos/paragonie/random_compat/zipball/c7e26a21ba357863de030f0b9e701c7d04593774",
+                "reference": "c7e26a21ba357863de030f0b9e701c7d04593774",
                "shasum": ""
            },
            "require": {
@ -1904,7 +1904,7 @@
                "pseudorandom",
                "random"
            ],
-            "time": "2016-02-06 03:52:05"
+            "time": "2016-03-18 20:34:03"
        },
        {
            "name": "phenx/php-font-lib",
--- a/vendor/composer/autoload_files.php
+++ b/vendor/composer/autoload_files.php
@ -9,8 +9,8 @@ return array(
    '65fec9ebcfbb3cbb4fd0d519687aea01' => $vendorDir . '/danielstjules/stringy/src/Create.php',
    '72579e7bd17821bb1321b87411366eae' => $vendorDir . '/illuminate/support/helpers.php',
    '667aeda72477189d0494fecd327c3641' => $vendorDir . '/symfony/var-dumper/Resources/functions/dump.php',
-    '5255c38a0faeba867671b61dfda6d864' => $vendorDir . '/paragonie/random_compat/lib/random.php',
    '2c102faa651ef8ea5874edb585946bce' => $vendorDir . '/swiftmailer/swiftmailer/lib/swift_required.php',
+    '5255c38a0faeba867671b61dfda6d864' => $vendorDir . '/paragonie/random_compat/lib/random.php',
    '253c157292f75eb38082b5acb06f3f01' => $vendorDir . '/nikic/fast-route/src/functions.php',
    'f18cc91337d49233e5754e93f3ed9ec3' => $vendorDir . '/laravelcollective/html/src/helpers.php',
    'bee9632da3ca00a99623b9c35d0c4f8b' => $vendorDir . '/laravel/lumen-framework/src/helpers.php',
--- a/vendor/composer/autoload_static.php
+++ b/vendor/composer/autoload_static.php
@ -10,8 +10,8 @@ class ComposerStaticInit1022d009db9f708df68c1991f93b734b
        '65fec9ebcfbb3cbb4fd0d519687aea01' => __DIR__ . '/..' . '/danielstjules/stringy/src/Create.php',
        '72579e7bd17821bb1321b87411366eae' => __DIR__ . '/..' . '/illuminate/support/helpers.php',
        '667aeda72477189d0494fecd327c3641' => __DIR__ . '/..' . '/symfony/var-dumper/Resources/functions/dump.php',
-        '5255c38a0faeba867671b61dfda6d864' => __DIR__ . '/..' . '/paragonie/random_compat/lib/random.php',
        '2c102faa651ef8ea5874edb585946bce' => __DIR__ . '/..' . '/swiftmailer/swiftmailer/lib/swift_required.php',
+        '5255c38a0faeba867671b61dfda6d864' => __DIR__ . '/..' . '/paragonie/random_compat/lib/random.php',
        '253c157292f75eb38082b5acb06f3f01' => __DIR__ . '/..' . '/nikic/fast-route/src/functions.php',
        'f18cc91337d49233e5754e93f3ed9ec3' => __DIR__ . '/..' . '/laravelcollective/html/src/helpers.php',
        'bee9632da3ca00a99623b9c35d0c4f8b' => __DIR__ . '/..' . '/laravel/lumen-framework/src/helpers.php',
--- a/vendor/composer/installed.json
+++ b/vendor/composer/installed.json
@ -2273,56 +2273,6 @@
        "description": "Symfony DomCrawler Component",
        "homepage": "https://symfony.com"
    },
-    {
-        "name": "paragonie/random_compat",
-        "version": "v1.2.0",
-        "version_normalized": "1.2.0.0",
-        "source": {
-            "type": "git",
-            "url": "https://github.com/paragonie/random_compat.git",
-            "reference": "b0e69d10852716b2ccbdff69c75c477637220790"
-        },
-        "dist": {
-            "type": "zip",
-            "url": "https://api.github.com/repos/paragonie/random_compat/zipball/b0e69d10852716b2ccbdff69c75c477637220790",
-            "reference": "b0e69d10852716b2ccbdff69c75c477637220790",
-            "shasum": ""
-        },
-        "require": {
-            "php": ">=5.2.0"
-        },
-        "require-dev": {
-            "phpunit/phpunit": "4.*|5.*"
-        },
-        "suggest": {
-            "ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
-        },
-        "time": "2016-02-06 03:52:05",
-        "type": "library",
-        "installation-source": "dist",
-        "autoload": {
-            "files": [
-                "lib/random.php"
-            ]
-        },
-        "notification-url": "https://packagist.org/downloads/",
-        "license": [
-            "MIT"
-        ],
-        "authors": [
-            {
-                "name": "Paragon Initiative Enterprises",
-                "email": "security@paragonie.com",
-                "homepage": "https://paragonie.com"
-            }
-        ],
-        "description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
-        "keywords": [
-            "csprng",
-            "pseudorandom",
-            "random"
-        ]
-    },
    {
        "name": "symfony/security-core",
        "version": "v2.7.9",
@ -4314,5 +4264,55 @@
            "laravel4",
            "laravel5"
        ]
+    },
+    {
+        "name": "paragonie/random_compat",
+        "version": "v1.4.1",
+        "version_normalized": "1.4.1.0",
+        "source": {
+            "type": "git",
+            "url": "https://github.com/paragonie/random_compat.git",
+            "reference": "c7e26a21ba357863de030f0b9e701c7d04593774"
+        },
+        "dist": {
+            "type": "zip",
+            "url": "https://api.github.com/repos/paragonie/random_compat/zipball/c7e26a21ba357863de030f0b9e701c7d04593774",
+            "reference": "c7e26a21ba357863de030f0b9e701c7d04593774",
+            "shasum": ""
+        },
+        "require": {
+            "php": ">=5.2.0"
+        },
+        "require-dev": {
+            "phpunit/phpunit": "4.*|5.*"
+        },
+        "suggest": {
+            "ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
+        },
+        "time": "2016-03-18 20:34:03",
+        "type": "library",
+        "installation-source": "dist",
+        "autoload": {
+            "files": [
+                "lib/random.php"
+            ]
+        },
+        "notification-url": "https://packagist.org/downloads/",
+        "license": [
+            "MIT"
+        ],
+        "authors": [
+            {
+                "name": "Paragon Initiative Enterprises",
+                "email": "security@paragonie.com",
+                "homepage": "https://paragonie.com"
+            }
+        ],
+        "description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
+        "keywords": [
+            "csprng",
+            "pseudorandom",
+            "random"
+        ]
    }
 ]
--- a/vendor/paragonie/random_compat/CHANGELOG.md
+++ b/vendor/paragonie/random_compat/CHANGELOG.md
@ -1,4 +1,49 @@
-### Version 1.2.0 - 2015-02-05
+### Version 1.4.1 - 2016-03-18
+
+Update comment in random.php
+
+### Version 1.4.0 - 2016-03-18
+
+Restored OpenSSL in the version 1 branch in preparation to remove
+OpenSSL in version 2.
+
+### Version 1.3.1/1.2.3 - 2016-03-18
+
+* Add more possible values to `open_baseir` check.
+
+### Version 1.3.0 - 2016-03-17
+
+* Removed `openssl_random_pseudo_bytes()` entirely. If you are using
+  random_compat in PHP on a Unix-like OS but cannot access
+  `/dev/urandom`, version 1.3+ will throw an `Exception`. If you want to
+  trust OpenSSL, feel free to write your own fallback code. e.g.
+  
+  ```php
+  try {
+      $bytes = random_bytes(32);
+  } catch (Exception $ex) {
+      $strong = false;
+      $bytes = openssl_random_pseudo_bytes(32, $strong);
+      if (!$strong) {
+          throw $ex;
+      }
+  }
+  ```
+
+### Version 1.2.2 - 2016-03-11
+
+* To prevent applications from hanging, if `/dev/urandom` is not
+  accessible to PHP, skip mcrypt (which just fails before giving OpenSSL
+  a chance and was morally equivalent to not offering OpenSSL at all).
+
+### Version 1.2.1 - 2016-02-29
+
+* PHP 5.6.10 - 5.6.12 will hang when mcrypt is used on Unix-based operating 
+  systems ([PHP bug 69833](https://bugs.php.net/bug.php?id=69833)). If you are
+  running one of these versions, please upgrade (or make sure `/dev/urandom` is
+  readable) otherwise you're relying on OpenSSL.
+
+### Version 1.2.0 - 2016-02-05

 * Whitespace and other cosmetic changes
 * Added a changelog.
@ -8,7 +53,7 @@
  Every time we publish a new release, we will also upload a .phar
  to Github. Our public key is signed by our GPG key.

-### Version 1.1.6 - 2015-01-29
+### Version 1.1.6 - 2016-01-29

 * Eliminate `open_basedir` warnings by detecting this configuration setting. 
  (Thanks [@oucil](https://github.com/oucil) for reporting this.)
--- a/vendor/paragonie/random_compat/ERRATA.md
+++ b/vendor/paragonie/random_compat/ERRATA.md
@ -25,8 +25,8 @@ the remaining implementations.
 The reason is simple: `mcrypt_create_iv()` is part of PHP's `ext/mcrypt` code,
 and is not part `libmcrypt`. It actually does the right thing:

- * On Unix-based operating systems, it reads from `/dev/urandom`, which is the
-   sane and correct thing to do.
+ * On Unix-based operating systems, it reads from `/dev/urandom`, which unlike `/dev/random`
+   is the sane and correct thing to do.
 * On Windows, it reads from `CryptGenRandom`, which is an exclusively Windows
   way to get random bytes.

--- a/vendor/paragonie/random_compat/lib/random.php
+++ b/vendor/paragonie/random_compat/lib/random.php
@ -2,6 +2,9 @@
 /**
 * Random_* Compatibility Library
 * for using the new PHP 7 random_* API in PHP 5 projects
+ * 
+ * @version 1.4.1
+ * @released 2016-03-18
 *
 * The MIT License (MIT)
 *
@ -89,10 +92,10 @@ if (PHP_VERSION_ID < 70000) {
                    PATH_SEPARATOR,
                    strtolower($RandomCompat_basedir)
                );
-                $RandomCompatUrandom = in_array(
-                    '/dev',
+                $RandomCompatUrandom = (array() !== array_intersect(
+                    array('/dev', '/dev/', '/dev/urandom'),
                    $RandomCompat_open_basedir
-                );
+                ));
                $RandomCompat_open_basedir = null;
            }

@ -113,8 +116,9 @@ if (PHP_VERSION_ID < 70000) {
                require_once $RandomCompatDIR.'/random_bytes_dev_urandom.php';
            }
            // Unset variables after use
-            $RandomCompatUrandom = null;
            $RandomCompat_basedir = null;
+        } else {
+            $RandomCompatUrandom = false;
        }

        /**
@ -126,10 +130,20 @@ if (PHP_VERSION_ID < 70000) {
            PHP_VERSION_ID >= 50307
            &&
            extension_loaded('mcrypt')
+            &&
+            (DIRECTORY_SEPARATOR !== '/' || $RandomCompatUrandom)
        ) {
-            // See random_bytes_mcrypt.php
-            require_once $RandomCompatDIR.'/random_bytes_mcrypt.php';
+            // Prevent this code from hanging indefinitely on non-Windows;
+            // see https://bugs.php.net/bug.php?id=69833
+            if (
+                DIRECTORY_SEPARATOR !== '/' || 
+                (PHP_VERSION_ID <= 50609 || PHP_VERSION_ID >= 50613)
+            ) {
+                // See random_bytes_mcrypt.php
+                require_once $RandomCompatDIR.'/random_bytes_mcrypt.php';
+            }
        }
+        $RandomCompatUrandom = null;

        if (
            !function_exists('random_bytes')