diff options
Diffstat (limited to 'vendor/paragonie/random_compat/CHANGELOG.md')
| -rw-r--r-- | vendor/paragonie/random_compat/CHANGELOG.md | 260 |
1 files changed, 0 insertions, 260 deletions
diff --git a/vendor/paragonie/random_compat/CHANGELOG.md b/vendor/paragonie/random_compat/CHANGELOG.md deleted file mode 100644 index 247deace..00000000 --- a/vendor/paragonie/random_compat/CHANGELOG.md +++ /dev/null @@ -1,260 +0,0 @@ -### Version 2.0.2 - 2016-04-03 - -Added a consistency check (discovered by Taylor Hornby in his -[PHP encryption library](https://github.com/defuse/php-encryption)). It -wasn't likely causing any trouble for us. - -### Version 2.0.1 - 2016-03-18 - -Update comment in random.php - -### Version 2.0.0 - 2016-03-18 - -Due to downstream errors, the OpenSSL removal now belongs in version -2.0.0. - -### Version 1.3.1 - 2016-03-18 - -* Add more possible values to `open_baseir` check. - -### Version 1.3.0 - 2016-03-17 - -* Removed `openssl_random_pseudo_bytes()` entirely. If you are using - random_compat in PHP on a Unix-like OS but cannot access - `/dev/urandom`, version 1.3+ will throw an `Exception`. If you want to - trust OpenSSL, feel free to write your own fallback code. e.g. - - ```php - try { - $bytes = random_bytes(32); - } catch (Exception $ex) { - $strong = false; - $bytes = openssl_random_pseudo_bytes(32, $strong); - if (!$strong) { - throw $ex; - } - } - ``` - -### Version 1.2.2 - 2016-03-11 - -* To prevent applications from hanging, if `/dev/urandom` is not - accessible to PHP, skip mcrypt (which just fails before giving OpenSSL - a chance and was morally equivalent to not offering OpenSSL at all). - -### Version 1.2.1 - 2016-02-29 - -* PHP 5.6.10 - 5.6.12 will hang when mcrypt is used on Unix-based operating - systems ([PHP bug 69833](https://bugs.php.net/bug.php?id=69833)). If you are - running one of these versions, please upgrade (or make sure `/dev/urandom` is - readable) otherwise you're relying on OpenSSL. - -### Version 1.2.0 - 2016-02-05 - -* Whitespace and other cosmetic changes -* Added a changelog. -* We now ship with a command line utility to build a PHP Archive from the - command line. - - Every time we publish a new release, we will also upload a .phar - to Github. Our public key is signed by our GPG key. - -### Version 1.1.6 - 2016-01-29 - -* Eliminate `open_basedir` warnings by detecting this configuration setting. - (Thanks [@oucil](https://github.com/oucil) for reporting this.) -* Added install instructions to the README. -* Documentation cleanup (there is, in fact, no `MCRYPT_CREATE_IV` constant, I - meant to write `MCRYPT_DEV_URANDOM`) - -### Version 1.1.5 - 2016-01-06 - -Prevent fatal errors on platforms with older versions of libsodium. - -### Version 1.1.4 - 2015-12-10 - -Thanks [@narfbg](https://github.com/narfbg) for [critiquing the previous patch](https://github.com/paragonie/random_compat/issues/79#issuecomment-163590589) -and suggesting a fix. - -### Version 1.1.3 - 2015-12-09 - -The test for COM in disabled_classes is now case-insensitive. - -### Version 1.1.2 - 2015-12-09 - -Don't instantiate COM if it's a disabled class. Removes the E_WARNING on Windows. - -### Version 1.1.1 - 2015-11-30 - -Fix a performance issue with `/dev/urandom` buffering. - -### Version 1.1.0 - 2015-11-09 - -Fix performance issues with ancient versions of PHP on Windows, but dropped -support for PHP < 5.4.1 without mcrypt on Windows 7+ in the process. Since this - is a BC break, semver dictates a minor version bump. - -### Version 1.0.10 - 2015-10-23 - -* Avoid a performance killer with OpenSSL on Windows PHP 5.3.0 - 5.3.3 that was - affecting [WordPress users](https://core.trac.wordpress.org/ticket/34409). -* Use `$var = null` instead of `unset($var)` to avoid triggering the garbage - collector and slowing things down. - -### Version 1.0.9 - 2015-10-20 - -There is an outstanding issue `mcrypt_create_iv()` and PHP 7's `random_bytes()` -on Windows reported by [@nicolas-grekas](https://github.com/nicolas-grekas) caused by `proc_open()` and environment -variable handling (discovered by Appveyor when developing Symfony). - -Since the break is consistent, it's not our responsibility to fix it, but we -should fail the same way PHP 7 will (i.e. throw an `Exception` rather than raise -an error and then throw an `Exception`). - -### Version 1.0.8 - 2015-10-18 - -* Fix usability issues with Windows (`new COM('CAPICOM.Utilities.1')` is not - always available). -* You can now test all the possible drivers by running `phpunit.sh each` in the - `tests` directory. - -### Version 1.0.7 - 2015-10-16 - -Several large integer handling bugfixes were contributed by [@oittaa](https://github.com/oittaa). - -### Version 1.0.6 - 2015-10-15 - -Don't let the version number fool you, this was a pretty significant change. - -1. Added support for ext-libsodium, if it exists on the system. This is morally - equivalent to adding `getrandom(2)` support without having to expose the - syscall interface in PHP-land. -2. Relaxed open_basedir restrictions. In previous versions, if open_basedir was - set, PHP wouldn't even try to read from `/dev/urandom`. Now it will still do - so if you can. -3. Fixed integer casting inconsistencies between random_compat and PHP 7. -4. Handle edge cases where an integer overflow turns one of the parameters into - a float. - -One change that we discussed was making `random_bytes()` and `random_int()` -strict typed; meaning you could *only* pass integers to either function. While -most veteran programmers are probably only doing this already (we strongly -encourage it), it wouldn't be consistent with how these functions behave in PHP -7. Please use these functions responsibly. - -We've had even more of the PHP community involved in this release; the -contributors list has been updated. If I forgot anybody, I promise you it's not -because your contributions (either code or ideas) aren't valued, it's because -I'm a bit overloaded with information at the moment. Please let me know -immediately and I will correct my oversight. - -Thanks everyone for helping make random_compat better. - -### Version 1.0.5 - 2015-10-08 - -Got rid of the methods in the `Throwable` interface, which was causing problems -on PHP 5.2. While we would normally not care about 5.2 (since [5.4 and earlier are EOL'd](https://secure.php.net/supported-versions.php)), -we do want to encourage widespread adoption (e.g. [Wordpress](https://core.trac.wordpress.org/ticket/28633)). - -### Version 1.0.4 - 2015-10-02 - -Removed redundant `if()` checks, since `lib/random.php` is the entrypoint people -should use. - -### Version 1.0.3 - 2015-10-02 - -This release contains bug fixes contributed by the community. - -* Avoid a PHP Notice when PHP is running without the mbstring extension -* Use a compatible version of PHPUnit for testing on older versions of PHP - -Although none of these bugs were outright security-affecting, updating ASAP is -still strongly encouraged. - -### Version 1.0.2 - 2015-09-23 - -Less strict input validation on `random_int()` parameters. PHP 7's `random_int()` -accepts strings and floats that look like numbers, so we should too. - -Thanks [@dd32](https://github.com/@dd32) for correcting this oversight. - -### Version 1.0.1 - 2015-09-10 - -Instead of throwing an Exception immediately on insecure platforms, only do so -when `random_bytes()` is invoked. - -### Version 1.0.0 - 2015-09-07 - -Our API is now stable and forward-compatible with the CSPRNG features in PHP 7 -(as of 7.0.0 RC3). - -A lot of great people have contributed their time and expertise to make this -compatibility library possible. That this library has reached a stable release -is more a reflection on the community than it is on PIE. - -We are confident that random_compat will serve as the simplest and most secure -CSPRNG interface available for PHP5 projects. - -### Version 0.9.7 (pre-release) - 2015-09-01 - -An attempt to achieve compatibility with Error/TypeError in the RFC. - -This should be identical to 1.0.0 sans any last-minute changes or performance enhancements. - -### Version 0.9.6 (pre-release) - 2015-08-06 - -* Split the implementations into their own file (for ease of auditing) -* Corrected the file type check after `/dev/urandom` has been opened (thanks - [@narfbg](https://github.com/narfbg) and [@jedisct1](https://github.com/jedisct1)) - -### Version 0.9.5 (pre-release) - 2015-07-31 - -* Validate that `/dev/urandom` is a character device - * Reported by [@lokdnet](https://twitter.com/lokdnet) - * Investigated by [@narfbg](https://github.com/narfbg) and [frymaster](http://stackoverflow.com/users/1226810/frymaster) on [StackOverflow](http://stackoverflow.com/q/31631066/2224584) -* Remove support for `/dev/arandom` which is an old OpenBSD feature, thanks [@jedisct1](https://github.com/jedisct1) -* Prevent race conditions on the `filetype()` check, thanks [@jedisct1](https://github.com/jedisct1) -* Buffer file reads to 8 bytes (performance optimization; PHP defaults to 8192 bytes) - -### Version 0.9.4 (pre-release) - 2015-07-27 - -* Add logic to verify that `/dev/arandom` and `/dev/urandom` are actually devices. -* Some clean-up in the comments - -### Version 0.9.3 (pre-release) - 2015-07-22 - -Unless the Exceptions change to PHP 7 fails, this should be the last pre-release -version. If need be, we'll make one more pre-release version with compatible -behavior. - -Changes since 0.9.2: - -* Prioritize `/dev/arandom` and `/dev/urandom` over mcrypt. -[@oittaa](https://github.com/oittaa) removed the -1 and +1 juggling on `$range` calculations for `random_int()` -* Whitespace and comment clean-up, plus better variable names -* Actually put a description in the composer.json file... - -### Version 0.9.2 (pre-release) - 2015-07-16 - -* Consolidated `$range > PHP_INT_MAX` logic with `$range <= PHP_INT_MAX` (thanks - [@oittaa](https://github.com/oittaa) and [@CodesInChaos](https://github.com/CodesInChaos)) -* `tests/phpunit.sh` now also runs the tests with `mbstring.func_overload` and - `open_basedir` -* Style consistency, whitespace cleanup, more meaningful variable names - -### Version 0.9.1 (pre-release) - 2015-07-09 - -* Return random values on integer ranges > `PHP_INT_MAX` (thanks [@CodesInChaos](https://github.com/CodesInChaos)) -* Determined CSPRNG preference: - 1. `mcrypt_create_iv()` with `MCRYPT_DEV_URANDOM` - 2. `/dev/arandom` - 3. `/dev/urandom` - 4. `openssl_random_pseudo_bytes()` -* Optimized backend selection (thanks [@lt](https://github.com/lt)) -* Fix #3 (thanks [@scottchiefbaker](https://github.com/scottchiefbaker)) - -### Version 0.9.0 (pre-release) - 2015-07-07 - -This should be a sane polyfill for PHP 7's `random_bytes()` and `random_int()`. -We hesitate to call it production ready until it has received sufficient third -party review.
\ No newline at end of file |