Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump phpseclib/phpseclib from 2.0.25 to 2.0.30 #25214

Merged
merged 3 commits into from
Jan 21, 2021
Merged

Bump phpseclib/phpseclib from 2.0.25 to 2.0.30 #25214

merged 3 commits into from
Jan 21, 2021

Conversation

ChristophWurst
Copy link
Member

@ChristophWurst ChristophWurst added this to the Nextcloud 21 milestone Jan 19, 2021
@ChristophWurst ChristophWurst added this to TO REVIEW (max 4 PRs) in Christoph's Tasks via automation Jan 19, 2021
ChristophWurst
ChristophWurst commented Jan 19, 2021
View reviewed changes
Copy link
Member Author

@ChristophWurst ChristophWurst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@rullzer rullzer mentioned this pull request Jan 19, 2021
Merged
15 tasks
@ChristophWurst ChristophWurst force-pushed the dependabot/composer/phpseclib/phpseclib-2.0.30 branch from e82e6fa to 15aab23 Compare January 19, 2021 19:18
@ChristophWurst
Bump phpseclib/phpseclib from 2.0.25 to 2.0.30
4373afe 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
@ChristophWurst ChristophWurst force-pushed the dependabot/composer/phpseclib/phpseclib-2.0.30 branch from 15aab23 to 4373afe Compare January 19, 2021 20:19
@rullzer rullzer mentioned this pull request Jan 20, 2021
Closed
@rullzer
Copy link
Member

rullzer commented Jan 20, 2021
edited
Loading

Ok got it. So the new phpseclib fails on parsing the root.crt since it contains more than 1 cert.
Before it just only took the first one.

We still ahve to fix:

  • the check app
  • the check core

@rullzer
phpsec lib can't parse multiple certs in one go
d751fed 
So we have to split it manually and do it ourselves

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
@rullzer
Also load CA properly in integrity check
fcbbcac 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
nickvergessen
nickvergessen reviewed Jan 20, 2021
View reviewed changes
lib/private/Installer.php
* @return string[]
*/
private function splitCerts(string $cert): array {
preg_match_all('([\-]{3,}[\S\ ]+?[\-]{3,}[\S\s]+?[\-]{3,}[\S\ ]+?[\-]{3,})', $cert, $matches);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Luckily we have tests that confirm this 🙈

@ChristophWurst
Copy link
Member Author

I think drone got stuck

@rullzer rullzer mentioned this pull request Jan 21, 2021
Merged
19 tasks
@rullzer
Copy link
Member

rullzer commented Jan 21, 2021

yeah restarted it so lets see

@faily-bot
Copy link

faily-bot bot commented Jan 21, 2021

🤖 beep boop beep 🤖

Here are the logs for the failed build:

Status of 1555: failure

acceptance-app-files-sharing-link

  • tests/acceptance/features/app-files-sharing-link.feature:147
Show full log 
  Scenario: access a shared link protected by password with an invalid password                # /drone/src/tests/acceptance/features/app-files-sharing-link.feature:147
    Given I act as John                                                                        # ActorContext::iActAs()
    And I am logged in                                                                         # LoginPageContext::iAmLoggedIn()
    And I share the link for "welcome.txt" protected by the password "abcdef"                  # FilesAppSharingContext::iShareTheLinkForProtectedByThePassword()
      │ The password protect field was not found disabled after 50 seconds, assumming that it was disabled and enabled again before the check started and continuing
    And I write down the shared link                                                           # FilesAppSharingContext::iWriteDownTheSharedLink()
      Element is no longer attached to the DOM
      For documentation on this error, please visit: http://seleniumhq.org/exceptions/stale_element_reference.html
      Build info: version: '2.53.1', revision: 'a36b8b1', time: '2016-06-30 17:37:03'
      System info: host: '5f508e1d53d8', ip: '172.28.0.2', os.name: 'Linux', os.arch: 'amd64', os.version: '4.15.0-124-generic', java.version: '1.8.0_91'
      Driver info: driver.version: unknown (WebDriver\Exception\StaleElementReference)
    When I act as Jane                                                                         # ActorContext::iActAs()
    And I visit the shared link I wrote down                                                   # PublicShareContext::iVisitTheSharedLinkIWroteDown()
    And I authenticate with password "fedcba"                                                  # PublicShareContext::iAuthenticateWithPassword()
    Then I see that the current page is the Authenticate page for the shared link I wrote down # PublicShareContext::iSeeThatTheCurrentPageIsTheAuthenticatePageForTheSharedLinkIWroteDown()
    And I see that a wrong password for the shared file message is shown                       # PublicShareContext::iSeeThatAWrongPasswordForTheSharedFileMessageIsShown()

@rullzer
Copy link
Member

rullzer commented Jan 21, 2021

So now different tests
So lets do this.

MorrisJobke
MorrisJobke approved these changes Jan 21, 2021
View reviewed changes
Copy link
Member

@MorrisJobke MorrisJobke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good 👍

Christoph's Tasks automation moved this from TO REVIEW (max 4 PRs) to TO INTEGRATE Jan 21, 2021
@MorrisJobke MorrisJobke merged commit 10214fb into master Jan 21, 2021
Christoph's Tasks automation moved this from TO INTEGRATE to DONE Jan 21, 2021
@MorrisJobke MorrisJobke deleted the dependabot/composer/phpseclib/phpseclib-2.0.30 branch January 21, 2021 09:25
@tcitworld tcitworld mentioned this pull request Jan 22, 2021
Closed
@LecrisUT LecrisUT mentioned this pull request Jan 25, 2021
Merged
@blizzz blizzz mentioned this pull request Jan 25, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nickvergessen nickvergessen nickvergessen left review comments

@rullzer rullzer rullzer approved these changes

@MorrisJobke MorrisJobke MorrisJobke approved these changes

@bertob bertob Awaiting requested review from bertob

Assignees
No one assigned
Labels
3. to review Waiting for reviews feature: dependencies security
Projects
No open projects
Christoph's Tasks
DONE
Milestone
Nextcloud 21
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@ChristophWurst @rullzer @nickvergessen @MorrisJobke