Merge pull request nextcloud#50 from nextcloud/stable10-update

Stable10 update

Author: LukasReschke

3rdparty/composer.lock

@@ -23,19 +23,26 @@ public static function getLoader()
         self::$loader = $loader = new \Composer\Autoload\ClassLoader();
         spl_autoload_unregister(array('ComposerAutoloaderInitcc75f134f7630c1ee3a8e4d7c86f3bcc', 'loadClassLoader'));
 
-        $map = require __DIR__ . '/autoload_namespaces.php';
-        foreach ($map as $namespace => $path) {
-            $loader->set($namespace, $path);
-        }
-
-        $map = require __DIR__ . '/autoload_psr4.php';
-        foreach ($map as $namespace => $path) {
-            $loader->setPsr4($namespace, $path);
-        }
-
-        $classMap = require __DIR__ . '/autoload_classmap.php';
-        if ($classMap) {
-            $loader->addClassMap($classMap);
+        $useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION');
+        if ($useStaticLoader) {
+            require_once __DIR__ . '/autoload_static.php';
+
+            call_user_func(\Composer\Autoload\ComposerStaticInitcc75f134f7630c1ee3a8e4d7c86f3bcc::getInitializer($loader));
+        } else {
+            $map = require __DIR__ . '/autoload_namespaces.php';
+            foreach ($map as $namespace => $path) {
+                $loader->set($namespace, $path);
+            }
+
+            $map = require __DIR__ . '/autoload_psr4.php';
+            foreach ($map as $namespace => $path) {
+                $loader->setPsr4($namespace, $path);
+            }
+
+            $classMap = require __DIR__ . '/autoload_classmap.php';
+            if ($classMap) {
+                $loader->addClassMap($classMap);
+            }
         }
 
         $loader->register(true);

3rdparty/vendor/composer/autoload_real.php

@@ -0,0 +1,37 @@
+<?php
+
+// autoload_static.php @generated by Composer
+
+namespace Composer\Autoload;
+
+class ComposerStaticInitcc75f134f7630c1ee3a8e4d7c86f3bcc
+{
+    public static $classMap = array (
+        'OneLogin_Saml2_Auth' => __DIR__ . '/..' . '/onelogin/php-saml/lib/Saml2/Auth.php',
+        'OneLogin_Saml2_AuthnRequest' => __DIR__ . '/..' . '/onelogin/php-saml/lib/Saml2/AuthnRequest.php',
+        'OneLogin_Saml2_Constants' => __DIR__ . '/..' . '/onelogin/php-saml/lib/Saml2/Constants.php',
+        'OneLogin_Saml2_Error' => __DIR__ . '/..' . '/onelogin/php-saml/lib/Saml2/Error.php',
+        'OneLogin_Saml2_LogoutRequest' => __DIR__ . '/..' . '/onelogin/php-saml/lib/Saml2/LogoutRequest.php',
+        'OneLogin_Saml2_LogoutResponse' => __DIR__ . '/..' . '/onelogin/php-saml/lib/Saml2/LogoutResponse.php',
+        'OneLogin_Saml2_Metadata' => __DIR__ . '/..' . '/onelogin/php-saml/lib/Saml2/Metadata.php',
+        'OneLogin_Saml2_Response' => __DIR__ . '/..' . '/onelogin/php-saml/lib/Saml2/Response.php',
+        'OneLogin_Saml2_Settings' => __DIR__ . '/..' . '/onelogin/php-saml/lib/Saml2/Settings.php',
+        'OneLogin_Saml2_Utils' => __DIR__ . '/..' . '/onelogin/php-saml/lib/Saml2/Utils.php',
+        'OneLogin_Saml_AuthRequest' => __DIR__ . '/..' . '/onelogin/php-saml/lib/Saml/AuthRequest.php',
+        'OneLogin_Saml_Metadata' => __DIR__ . '/..' . '/onelogin/php-saml/lib/Saml/Metadata.php',
+        'OneLogin_Saml_Response' => __DIR__ . '/..' . '/onelogin/php-saml/lib/Saml/Response.php',
+        'OneLogin_Saml_Settings' => __DIR__ . '/..' . '/onelogin/php-saml/lib/Saml/Settings.php',
+        'OneLogin_Saml_XmlSec' => __DIR__ . '/..' . '/onelogin/php-saml/lib/Saml/XmlSec.php',
+        'XMLSecEnc' => __DIR__ . '/..' . '/onelogin/php-saml/extlib/xmlseclibs/xmlseclibs.php',
+        'XMLSecurityDSig' => __DIR__ . '/..' . '/onelogin/php-saml/extlib/xmlseclibs/xmlseclibs.php',
+        'XMLSecurityKey' => __DIR__ . '/..' . '/onelogin/php-saml/extlib/xmlseclibs/xmlseclibs.php',
+    );
+
+    public static function getInitializer(ClassLoader $loader)
+    {
+        return \Closure::bind(function () use ($loader) {
+            $loader->classMap = ComposerStaticInitcc75f134f7630c1ee3a8e4d7c86f3bcc::$classMap;
+
+        }, null, ClassLoader::class);
+    }
+}

3rdparty/vendor/composer/autoload_static.php

@@ -1,17 +1,17 @@
 [
     {
         "name": "onelogin/php-saml",
-        "version": "2.9.0",
-        "version_normalized": "2.9.0.0",
+        "version": "2.10.1",
+        "version_normalized": "2.10.1.0",
         "source": {
             "type": "git",
             "url": "https://github.com/onelogin/php-saml.git",
-            "reference": "64aff7d58e68d98eaa9220e1041da2bc9214ab51"
+            "reference": "1017afe7fe6da1def37cc92af37434fbba893d03"
         },
         "dist": {
             "type": "zip",
-            "url": "https://api.github.com/repos/onelogin/php-saml/zipball/64aff7d58e68d98eaa9220e1041da2bc9214ab51",
-            "reference": "64aff7d58e68d98eaa9220e1041da2bc9214ab51",
+            "url": "https://api.github.com/repos/onelogin/php-saml/zipball/1017afe7fe6da1def37cc92af37434fbba893d03",
+            "reference": "1017afe7fe6da1def37cc92af37434fbba893d03",
             "shasum": ""
         },
         "require": {
@@ -33,7 +33,7 @@
             "ext-mcrypt": "Install mcrypt and php5-mcrypt libs in order to support encryption",
             "lib-openssl": "Install openssl lib in order to handle with x509 certs (require to support sign and encryption)"
         },
-        "time": "2016-06-27 09:24:27",
+        "time": "2016-10-26 11:31:56",
         "type": "library",
         "installation-source": "dist",
         "autoload": {

3rdparty/vendor/composer/installed.json

@@ -10,15 +10,18 @@ php:
 env:
  - TRAVIS=true
 
+matrix:
+  fast_finish: true
+
 before_install:
- - curl -s https://getcomposer.org/installer | php
- - php composer.phar install --prefer-source --no-interaction
+ - composer self-update || true
+ - composer install --prefer-source --no-interaction
 
 before_script:
   - phpenv config-rm xdebug.ini
 
 script:
-  - phpunit --bootstrap tests/bootstrap.php --configuration tests/phpunit.xml
+  - vendor/bin/phpunit --bootstrap tests/bootstrap.php --configuration tests/phpunit.xml
   - php vendor/bin/phpcpd --exclude tests --exclude vendor .
   - php vendor/bin/phploc . --exclude vendor
   - php vendor/bin/phploc lib/.

3rdparty/vendor/onelogin/php-saml/.travis.yml

@@ -1,5 +1,35 @@
 CHANGELOG
 =========
+v.2.10.1
+* Fix error message on SignMetadata process
+* Fix issue on Assertion Signature validation when the assertion contains no namespace and it was encrypted
+
+v.2.10.0
+* Several security improvements:
+  * Conditions element required and unique.
+  * AuthnStatement element required and unique.
+  * SPNameQualifier must math the SP EntityID
+  * Reject saml:Attribute element with same “Name” attribute
+  * Reject empty nameID
+  * Require Issuer element. (Must match IdP EntityID).
+  * Destination value can't be blank (if present must match ACS URL).
+  * Check that the EncryptedAssertion element only contains 1 Assertion element.
+* Improve Signature validation process
+* AttributeConsumingService support
+* Support lowercase Urlencoding (ADFS compatibility).
+* [#154](https://github.com/onelogin/php-saml/pull/154) getSelfHost no longer returns a port number
+* [#156](https://github.com/onelogin/php-saml/pull/156) Use correct host on response destination fallback check
+* [#158](https://github.com/onelogin/php-saml/pull/158) NEW Control usage of X-Forwarded-* headers
+* Fix issue with buildRequestSignature. Added RelayState to the SignQuery only if is not null.
+* Add Signature Wrapping prevention Test
+* Improve _decryptAssertion in order to take care of Assertions with problems with namespaces
+* Improve documentation
+
+v.2.9.1
+.......
+* [134](https://github.com/onelogin/php-saml/pull/134) PHP7 production settings compiles out assert(), throw an exception explicitly
+* [132](https://github.com/onelogin/php-saml/pull/132) Add note for "wantAssertionsEncrypted"
+* Update copyright on LICENSE
 
 v.2.9.0
 -------

3rdparty/vendor/onelogin/php-saml/CHANGELOG

@@ -1,19 +1,23 @@
-Copyright (c) 2010-2014 OneLogin, LLC
+Copyright (c) 2010-2016 OneLogin, Inc.
 
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
+Permission is hereby granted, free of charge, to any person
+obtaining a copy of this software and associated documentation
+files (the "Software"), to deal in the Software without
+restriction, including without limitation the rights to use,
+copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following
+conditions:
 
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
 
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.