From 3a2b54fd47a64b0f888075285158822766007ff9 Mon Sep 17 00:00:00 2001 From: Brady Wetherington Date: Tue, 31 Jan 2023 16:39:46 -0800 Subject: [PATCH] Add libsodium shim, and mark the sodium extension as 'optional' Trying to handle some composer.lock conflicts, as savely as possible. --- composer.json | 3 +- composer.lock | 87 ++++++++++++++++++++++++++++++++++++++++++++++++++- upgrade.php | 8 ++++- 3 files changed, 95 insertions(+), 3 deletions(-) diff --git a/composer.json b/composer.json index 4e71debc65..abcf675b1a 100644 --- a/composer.json +++ b/composer.json @@ -61,12 +61,13 @@ "nunomaduro/collision": "^5.4", "onelogin/php-saml": "^3.4", "paragonie/constant_time_encoding": "^2.3", - "symfony/polyfill-mbstring": "^1.22", + "paragonie/sodium_compat": "^1.19", "phpdocumentor/reflection-docblock": "^5.1", "phpspec/prophecy": "^1.10", "pragmarx/google2fa-laravel": "^1.3", "rollbar/rollbar-laravel": "^7.0", "spatie/laravel-backup": "^6.16", + "symfony/polyfill-mbstring": "^1.22", "tecnickcom/tc-lib-barcode": "^1.15", "unicodeveloper/laravel-password": "^1.0", "watson/validating": "^6.1" diff --git a/composer.lock b/composer.lock index b9022ba84f..525c6f8669 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,6 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "9bd2bbbd4b08d23336364da3d3a4561a", "packages": [ { "name": "alek13/slack", @@ -6299,6 +6298,92 @@ }, "time": "2020-10-15T08:29:30+00:00" }, + { + "name": "paragonie/sodium_compat", + "version": "v1.19.0", + "source": { + "type": "git", + "url": "https://github.com/paragonie/sodium_compat.git", + "reference": "cb15e403ecbe6a6cc515f855c310eb6b1872a933" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/paragonie/sodium_compat/zipball/cb15e403ecbe6a6cc515f855c310eb6b1872a933", + "reference": "cb15e403ecbe6a6cc515f855c310eb6b1872a933", + "shasum": "" + }, + "require": { + "paragonie/random_compat": ">=1", + "php": "^5.2.4|^5.3|^5.4|^5.5|^5.6|^7|^8" + }, + "require-dev": { + "phpunit/phpunit": "^3|^4|^5|^6|^7|^8|^9" + }, + "suggest": { + "ext-libsodium": "PHP < 7.0: Better performance, password hashing (Argon2i), secure memory management (memzero), and better security.", + "ext-sodium": "PHP >= 7.0: Better performance, password hashing (Argon2i), secure memory management (memzero), and better security." + }, + "type": "library", + "autoload": { + "files": [ + "autoload.php" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "ISC" + ], + "authors": [ + { + "name": "Paragon Initiative Enterprises", + "email": "security@paragonie.com" + }, + { + "name": "Frank Denis", + "email": "jedisct1@pureftpd.org" + } + ], + "description": "Pure PHP implementation of libsodium; uses the PHP extension if it exists", + "keywords": [ + "Authentication", + "BLAKE2b", + "ChaCha20", + "ChaCha20-Poly1305", + "Chapoly", + "Curve25519", + "Ed25519", + "EdDSA", + "Edwards-curve Digital Signature Algorithm", + "Elliptic Curve Diffie-Hellman", + "Poly1305", + "Pure-PHP cryptography", + "RFC 7748", + "RFC 8032", + "Salpoly", + "Salsa20", + "X25519", + "XChaCha20-Poly1305", + "XSalsa20-Poly1305", + "Xchacha20", + "Xsalsa20", + "aead", + "cryptography", + "ecdh", + "elliptic curve", + "elliptic curve cryptography", + "encryption", + "libsodium", + "php", + "public-key cryptography", + "secret-key cryptography", + "side-channel resistant" + ], + "support": { + "issues": "https://github.com/paragonie/sodium_compat/issues", + "source": "https://github.com/paragonie/sodium_compat/tree/v1.19.0" + }, + "time": "2022-09-26T03:40:35+00:00" + }, { "name": "phenx/php-font-lib", "version": "0.5.4", diff --git a/upgrade.php b/upgrade.php index ca71a61844..69ab2ffdab 100644 --- a/upgrade.php +++ b/upgrade.php @@ -176,6 +176,10 @@ $required_exts_array = 'zip', ]; +$recommended_exts_array = + [ + 'sodium', //note that extensions need to be in BOTH the $required_exts_array and this one to be 'optional' + ]; $ext_missing = ''; $ext_installed = ''; @@ -205,8 +209,10 @@ foreach ($required_exts_array as $required_ext) { } // If this isn't an either/or option, just add it to the string of errors conventionally - } else { + } elseif (!in_array($required_ext, $recommended_exts_array)){ $ext_missing .= '✘ MISSING PHP EXTENSION: '.$required_ext."\n"; + } else { + $ext_installed .= '- '.$required_ext." is *NOT* installed, but is recommended...\n"; } // The required extension string was found in the array of installed extensions - yay!