Merge pull request #693 from nextcloud/dependabot/composer/phpseclib/…

…phpseclib-2.0.32

Bump phpseclib/phpseclib from 2.0.31 to 2.0.32

composer.json

@@ -36,7 +36,7 @@
 		"php-ds/php-ds": "^1.3",
 		"php-http/guzzle7-adapter": "^1.0.0",
 		"php-opencloud/openstack": "^3.1",
-		"phpseclib/phpseclib": "2.0.31",
+		"phpseclib/phpseclib": "2.0.32",
 		"pimple/pimple": "^3.4.0",
 		"psr/container": "^1.1.1",
 		"psr/event-dispatcher": "^1.0",

composer/autoload_files.php

@@ -117,9 +117,9 @@
     '4af1dca6db8c527c6eed27bff85ff0e5' => $vendorDir . '/thecodingmachine/safe/generated/yaz.php',
     'fe43ca06499ac37bc2dedd823af71eb5' => $vendorDir . '/thecodingmachine/safe/generated/zip.php',
     '356736db98a6834f0a886b8d509b0ecd' => $vendorDir . '/thecodingmachine/safe/generated/zlib.php',
+    '8a9dc1de0ca7e01f3e08231539562f61' => $vendorDir . '/aws/aws-sdk-php/src/functions.php',
     '538ca81a9a966a6716601ecf48f4eaef' => $vendorDir . '/opis/closure/functions.php',
-    'decc78cc4436b1292c6c0d151b19445c' => $vendorDir . '/phpseclib/phpseclib/phpseclib/bootstrap.php',
     '2c102faa651ef8ea5874edb585946bce' => $vendorDir . '/swiftmailer/swiftmailer/lib/swift_required.php',
     '8825ede83f2f289127722d4e842cf7e8' => $vendorDir . '/symfony/polyfill-intl-grapheme/bootstrap.php',
-    '8a9dc1de0ca7e01f3e08231539562f61' => $vendorDir . '/aws/aws-sdk-php/src/functions.php',
+    'decc78cc4436b1292c6c0d151b19445c' => $vendorDir . '/phpseclib/phpseclib/phpseclib/bootstrap.php',
 );

composer/autoload_static.php

@@ -118,11 +118,11 @@ class ComposerStaticInit2f23f73bc0cc116b4b1eee1521aa8652
         '4af1dca6db8c527c6eed27bff85ff0e5' => __DIR__ . '/..' . '/thecodingmachine/safe/generated/yaz.php',
         'fe43ca06499ac37bc2dedd823af71eb5' => __DIR__ . '/..' . '/thecodingmachine/safe/generated/zip.php',
         '356736db98a6834f0a886b8d509b0ecd' => __DIR__ . '/..' . '/thecodingmachine/safe/generated/zlib.php',
+        '8a9dc1de0ca7e01f3e08231539562f61' => __DIR__ . '/..' . '/aws/aws-sdk-php/src/functions.php',
         '538ca81a9a966a6716601ecf48f4eaef' => __DIR__ . '/..' . '/opis/closure/functions.php',
-        'decc78cc4436b1292c6c0d151b19445c' => __DIR__ . '/..' . '/phpseclib/phpseclib/phpseclib/bootstrap.php',
         '2c102faa651ef8ea5874edb585946bce' => __DIR__ . '/..' . '/swiftmailer/swiftmailer/lib/swift_required.php',
         '8825ede83f2f289127722d4e842cf7e8' => __DIR__ . '/..' . '/symfony/polyfill-intl-grapheme/bootstrap.php',
-        '8a9dc1de0ca7e01f3e08231539562f61' => __DIR__ . '/..' . '/aws/aws-sdk-php/src/functions.php',
+        'decc78cc4436b1292c6c0d151b19445c' => __DIR__ . '/..' . '/phpseclib/phpseclib/phpseclib/bootstrap.php',
     );
 
     public static $prefixLengthsPsr4 = array (

composer/installed.json

@@ -2934,17 +2934,17 @@
         },
         {
             "name": "phpseclib/phpseclib",
-            "version": "2.0.31",
-            "version_normalized": "2.0.31.0",
+            "version": "2.0.32",
+            "version_normalized": "2.0.32.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpseclib/phpseclib.git",
-                "reference": "233a920cb38636a43b18d428f9a8db1f0a1a08f4"
+                "reference": "f5c4c19880d45d0be3e7d24ae8ac434844a898cd"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/233a920cb38636a43b18d428f9a8db1f0a1a08f4",
-                "reference": "233a920cb38636a43b18d428f9a8db1f0a1a08f4",
+                "url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/f5c4c19880d45d0be3e7d24ae8ac434844a898cd",
+                "reference": "f5c4c19880d45d0be3e7d24ae8ac434844a898cd",
                 "shasum": ""
             },
             "require": {
@@ -2961,7 +2961,7 @@
                 "ext-mcrypt": "Install the Mcrypt extension in order to speed up a few other cryptographic operations.",
                 "ext-openssl": "Install the OpenSSL extension in order to speed up a wide variety of cryptographic operations."
             },
-            "time": "2021-04-06T13:56:45+00:00",
+            "time": "2021-06-12T12:12:59+00:00",
             "type": "library",
             "installation-source": "dist",
             "autoload": {
@@ -3026,7 +3026,7 @@
             ],
             "support": {
                 "issues": "https://github.com/phpseclib/phpseclib/issues",
-                "source": "https://github.com/phpseclib/phpseclib/tree/2.0.31"
+                "source": "https://github.com/phpseclib/phpseclib/tree/2.0.32"
             },
             "funding": [
                 {

composer/installed.php

@@ -5,7 +5,7 @@
         'type' => 'library',
         'install_path' => __DIR__ . '/../',
         'aliases' => array(),
-        'reference' => '8ad453e849bfce8d360f4cc4fa547214930f880e',
+        'reference' => 'ace54d905eb58dce4866c6b2a5ad80382a2e9019',
         'name' => 'nextcloud/3rdparty',
         'dev' => true,
     ),
@@ -286,7 +286,7 @@
             'type' => 'library',
             'install_path' => __DIR__ . '/../',
             'aliases' => array(),
-            'reference' => '8ad453e849bfce8d360f4cc4fa547214930f880e',
+            'reference' => 'ace54d905eb58dce4866c6b2a5ad80382a2e9019',
             'dev_requirement' => false,
         ),
         'nextcloud/lognormalizer' => array(
@@ -425,12 +425,12 @@
             'dev_requirement' => false,
         ),
         'phpseclib/phpseclib' => array(
-            'pretty_version' => '2.0.31',
-            'version' => '2.0.31.0',
+            'pretty_version' => '2.0.32',
+            'version' => '2.0.32.0',
             'type' => 'library',
             'install_path' => __DIR__ . '/../phpseclib/phpseclib',
             'aliases' => array(),
-            'reference' => '233a920cb38636a43b18d428f9a8db1f0a1a08f4',
+            'reference' => 'f5c4c19880d45d0be3e7d24ae8ac434844a898cd',
             'dev_requirement' => false,
         ),
         'pimple/pimple' => array(

composer/package-versions-deprecated/src/PackageVersions/Versions.php

@@ -76,7 +76,7 @@ final class Versions
   'php-http/httplug' => '2.2.0@191a0a1b41ed026b717421931f8d3bd2514ffbf9',
   'php-http/promise' => '1.1.0@4c4c1f9b7289a2ec57cde7f1e9762a5789506f88',
   'php-opencloud/openstack' => 'v3.1.0@7b0eeb63defe533fb802514af3c70855c45eaf1e',
-  'phpseclib/phpseclib' => '2.0.31@233a920cb38636a43b18d428f9a8db1f0a1a08f4',
+  'phpseclib/phpseclib' => '2.0.32@f5c4c19880d45d0be3e7d24ae8ac434844a898cd',
   'pimple/pimple' => 'v3.4.0@86406047271859ffc13424a048541f4531f53601',
   'psr/container' => '1.1.1@8622567409010282b7aeebe4bb841fe98b58dcaf',
   'psr/event-dispatcher' => '1.0.0@dbefd12671e8a14ec7f180cab83036ed26714bb0',
@@ -120,7 +120,7 @@ final class Versions
   'web-auth/cose-lib' => 'v3.3.1@eea6fae63ff5c81bf98c115b1be5f38a69682c16',
   'web-auth/metadata-service' => 'v3.3.1@8488d3a832a38cc81c670fce05de1e515c6e64b1',
   'web-auth/webauthn-lib' => 'v3.3.1@e411527a41c1013512fccdfce61681eb36484c77',
-  'nextcloud/3rdparty' => 'dev-master@8ad453e849bfce8d360f4cc4fa547214930f880e',
+  'nextcloud/3rdparty' => 'dev-master@ace54d905eb58dce4866c6b2a5ad80382a2e9019',
 );
 
     private function __construct()

phpseclib/phpseclib/phpseclib/Crypt/RSA.php

@@ -2580,9 +2580,9 @@ function _rsaes_oaep_decrypt($c, $l = '')
             $offset+= $patternMatch ? 0 : 1;
         }
 
-        // we do & instead of && to avoid https://en.wikipedia.org/wiki/Short-circuit_evaluation
+        // we do | instead of || to avoid https://en.wikipedia.org/wiki/Short-circuit_evaluation
         // to protect against timing attacks
-        if (!$hashesMatch & !$patternMatch) {
+        if (!$hashesMatch | !$patternMatch) {
             user_error('Decryption error');
             return false;
         }

phpseclib/phpseclib/phpseclib/File/ASN1.php

@@ -993,7 +993,10 @@ function _encode_der($source, $mapping, $idx = null, $special = array())
             case self::TYPE_GENERALIZED_TIME:
                 $format = $mapping['type'] == self::TYPE_UTC_TIME ? 'y' : 'Y';
                 $format.= 'mdHis';
+                // if $source does _not_ include timezone information within it then assume that the timezone is GMT
                 $date = new DateTime($source, new DateTimeZone('GMT'));
+                // if $source _does_ include timezone information within it then convert the time to GMT
+                $date->setTimezone(new DateTimeZone('GMT'));
                 $value = $date->format($format) . 'Z';
                 break;
             case self::TYPE_BIT_STRING:

phpseclib/phpseclib/phpseclib/File/X509.php

@@ -5058,7 +5058,7 @@ function _extractBER($str)
             $temp = $str;
         } else {
             $temp = preg_replace('#.*?^-+[^-]+-+[\r\n ]*$#ms', '', $str, 1);
-            $temp = preg_replace('#-+END.*[\r\n ]*.*#ms', '', $str, 1);
+            $temp = preg_replace('#-+END.*[\r\n ]*.*#ms', '', $temp, 1);
         }
         // remove new lines
         $temp = str_replace(array("\r", "\n", ' '), '', $temp);

phpseclib/phpseclib/phpseclib/Net/SFTP.php

@@ -269,6 +269,16 @@ class SFTP extends SSH2
      */
     var $preserveTime = false;
 
+    /**
+     * Was the last packet due to the channels being closed or not?
+     *
+     * @see self::get()
+     * @see self::get_sftp_packet()
+     * @var bool
+     * @access private
+     */
+    var $channel_close = false;
+
     /**
      * Default Constructor.
      *
@@ -425,6 +435,17 @@ function login($username)
             return false;
         }
 
+        return $this->_init_sftp_connection();
+    }
+
+    /**
+     * (Re)initializes the SFTP channel
+     *
+     * @return bool
+     * @access private
+     */
+    function _init_sftp_connection()
+    {
         $this->window_size_server_to_client[self::CHANNEL] = $this->window_size;
 
         $packet = pack(
@@ -2293,7 +2314,13 @@ function get($remote_file, $local_file = false, $offset = 0, $length = -1, $prog
                         if ($fclose_check) {
                             fclose($fp);
                         }
-                        user_error('Expected SSH_FX_DATA or SSH_FXP_STATUS');
+                        // maybe the file was successfully transferred, maybe it wasn't
+                        if ($this->channel_close) {
+                            $this->_init_sftp_connection();
+                            return false;
+                        } else {
+                            user_error('Expected SSH_FX_DATA or SSH_FXP_STATUS');
+                        }
                 }
                 $response = null;
             }
@@ -3055,6 +3082,8 @@ function _reset_connection($reason)
      */
     function _get_sftp_packet($request_id = null)
     {
+        $this->channel_close = false;
+
         if (isset($request_id) && isset($this->requestBuffer[$request_id])) {
             $this->packet_type = $this->requestBuffer[$request_id]['packet_type'];
             $temp = $this->requestBuffer[$request_id]['packet'];
@@ -3071,7 +3100,10 @@ function _get_sftp_packet($request_id = null)
         // SFTP packet length
         while (strlen($this->packet_buffer) < 4) {
             $temp = $this->_get_channel_packet(self::CHANNEL, true);
-            if (is_bool($temp)) {
+            if ($temp === true) {
+                if ($this->channel_status[self::CHANNEL] === NET_SSH2_MSG_CHANNEL_CLOSE) {
+                    $this->channel_close = true;
+                }
                 $this->packet_type = false;
                 $this->packet_buffer = '';
                 return false;