Update simplesamlphp to 2.3.5

.extlib/simplesamlphp/docs/simplesamlphp-changelog.md

@@ -5,10 +5,32 @@
 This document lists the changes between versions of SimpleSAMLphp.
 See the [upgrade notes](https://simplesamlphp.org/docs/stable/simplesamlphp-upgrade-notes.html) for specific information about upgrading.
 
-## Version 2.3.4
+## Version 2.3.6
 
 Released TBD
 
+## Version 2.3.5
+
+Released 2024-12-02
+
+* Fix a regression that would cause the translations for modules to revert to English
+
+## Version 2.3.4
+
+Released 2024-12-02
+
+`Security`
+
+* A security bug was patched in the `saml2-library` that allowed for XXE during the parsing
+  of SAML2-messages (CVE-2024-52596)
+
+`Other fixes`
+
+* Attributes translations are now in the "attributes" domain (#2328).
+* Add `index` directive to Nginx example configuration (#2329).
+* Better error message when using legacy endpoints format (#2335).
+* Some minor improvements to the changes in 2.3.3.
+
 ## Version 2.3.3
 
 Released 2024-11-16

.extlib/simplesamlphp/docs/simplesamlphp-install.md

@@ -181,6 +181,7 @@ look like this:
 server {
     listen 443 ssl;
     server_name idp.example.com;
+    index index.php;
 
     ssl_certificate        /etc/pki/tls/certs/idp.example.com.crt;
     ssl_certificate_key    /etc/pki/tls/private/idp.example.com.key;

.extlib/simplesamlphp/docs/simplesamlphp-upgrade-notes-2.3.md

@@ -32,7 +32,7 @@ The use of plain-text admin-passwords has been deprecated. Generate a secure has
 - The language codes `pt-br` and `zh-tw` have been renamed to `pt_BR` and `zh_TW`.
   Please update your configuration to match the new names.
 
-- Endpoints are now only accepted in array-style. The old string-style was deprecated for 9 yrs
-  already and was broken anyway. See [endpoints]
+- Endpoints in metadata (e.g. "SingleSignOnLocation" and "AssertionCosumerService") can no longer be simple strings and are now only accepted in array-style. The old string-style was deprecated for 9 yrs
+  already and was broken anyway. See [endpoints] for the current format.
 
 [endpoints]: https://simplesamlphp.org/docs/stable/simplesamlphp-metadata-endpoints.html

.extlib/simplesamlphp/extra/simplesamlphp.spec

@@ -1,6 +1,6 @@
 %define name      simplesamlphp
 %define summary   SAML IDP/SP written in PHP
-%define version   2.3.3
+%define version   2.3.5
 %define release   1
 %define license   LGPL 2.1
 %define group     Networking/WWW

.extlib/simplesamlphp/metadata/saml20-sp-remote.php.dist

@@ -18,7 +18,7 @@ $metadata['https://saml2sp.example.org'] = [
             'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
         ],
     ],
-    'SingleLogoutService' =>  => [
+    'SingleLogoutService' => [
         [
             'Location' => 'https://saml2sp.example.org/module.php/saml/sp/saml2-logout.php/default-sp',
             'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
@@ -55,7 +55,7 @@ $metadata['google.com'] = [
 
 
 $metadata['https://legacy.example.edu'] = [
-    'AssertionConsumerService' =>  => [
+    'AssertionConsumerService' => [
         [
             'index' => 1,
             'isDefault' => true,

.extlib/simplesamlphp/modules/saml/src/Auth/Source/SP.php

@@ -583,8 +583,8 @@ private function startSSO2(Configuration $idpMetadata, array $state): void
 
         /* Only check for real info for Scoping element if we are going to send Scoping element */
         if ($this->disable_scoping !== true && $idpMetadata->getOptionalBoolean('disable_scoping', false) !== true) {
-            if (isset($state['IDPList'])) {
-                $ar->setIDPList($state['IDPList']);
+            if (isset($state['saml:IDPList'])) {
+                $ar->setIDPList($state['saml:IDPList']);
             } elseif (!empty($this->metadata->getOptionalArray('IDPList', []))) {
                 $ar->setIDPList($this->metadata->getArray('IDPList'));
             } elseif (!empty($idpMetadata->getOptionalArray('IDPList', []))) {

.extlib/simplesamlphp/src/SimpleSAML/Configuration.php

@@ -41,7 +41,7 @@ class Configuration implements Utils\ClearableState
     /**
      * The release version of this package
      */
-    public const VERSION = '2.3.3';
+    public const VERSION = '2.3.5';
 
     /**
      * A default value which means that the given option is required.
@@ -1207,9 +1207,14 @@ public function getEndpoints(string $endpointType): array
             return [];
         }
 
-
         $eps = $this->configuration[$endpointType];
-        Assert::isArray($eps, Error\CriticalConfigurationError::class);
+        if (!is_array($eps)) {
+            $filename = explode('/', $loc)[0];
+            throw new Error\CriticalConfigurationError(
+                "Endpoint of type $endpointType is not an array in $loc.",
+                $filename,
+            );
+        }
 
         $eps_count = count($eps);
 

.extlib/simplesamlphp/src/SimpleSAML/Locale/Language.php

@@ -172,7 +172,7 @@ private function getInstalledLanguages(): array
         );
 
         // @deprecated - remove entire if-block in a new major release
-        if (array_intersect(['pt-br', 'st', 'zh-tw'], $configuredAvailableLanguages)) {
+        if (array_intersect(['pt-br', 'zh-tw'], $configuredAvailableLanguages)) {
             Logger::warning(
                 "Deprecated locales found in `language.available`. "
                 . "Please replace 'pt-br' with 'pt_BR',"

.extlib/simplesamlphp/vendor/autoload.php

@@ -22,4 +22,4 @@
 
 require_once __DIR__ . '/composer/autoload_real.php';
 
-return ComposerAutoloaderInitd92254016c92c1549c1187a87107524d::getLoader();
+return ComposerAutoloaderIniteb8044a5f31df9017f83ac696a2e46a4::getLoader();

.extlib/simplesamlphp/vendor/composer/autoload_real.php

@@ -2,7 +2,7 @@
 
 // autoload_real.php @generated by Composer
 
-class ComposerAutoloaderInitd92254016c92c1549c1187a87107524d
+class ComposerAutoloaderIniteb8044a5f31df9017f83ac696a2e46a4
 {
     private static $loader;
 
@@ -24,16 +24,16 @@ public static function getLoader()
 
         require __DIR__ . '/platform_check.php';
 
-        spl_autoload_register(array('ComposerAutoloaderInitd92254016c92c1549c1187a87107524d', 'loadClassLoader'), true, true);
+        spl_autoload_register(array('ComposerAutoloaderIniteb8044a5f31df9017f83ac696a2e46a4', 'loadClassLoader'), true, true);
         self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(__DIR__));
-        spl_autoload_unregister(array('ComposerAutoloaderInitd92254016c92c1549c1187a87107524d', 'loadClassLoader'));
+        spl_autoload_unregister(array('ComposerAutoloaderIniteb8044a5f31df9017f83ac696a2e46a4', 'loadClassLoader'));
 
         require __DIR__ . '/autoload_static.php';
-        call_user_func(\Composer\Autoload\ComposerStaticInitd92254016c92c1549c1187a87107524d::getInitializer($loader));
+        call_user_func(\Composer\Autoload\ComposerStaticIniteb8044a5f31df9017f83ac696a2e46a4::getInitializer($loader));
 
         $loader->register(true);
 
-        $filesToLoad = \Composer\Autoload\ComposerStaticInitd92254016c92c1549c1187a87107524d::$files;
+        $filesToLoad = \Composer\Autoload\ComposerStaticIniteb8044a5f31df9017f83ac696a2e46a4::$files;
         $requireFile = \Closure::bind(static function ($fileIdentifier, $file) {
             if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) {
                 $GLOBALS['__composer_autoload_files'][$fileIdentifier] = true;

.extlib/simplesamlphp/vendor/composer/autoload_static.php

@@ -4,7 +4,7 @@
 
 namespace Composer\Autoload;
 
-class ComposerStaticInitd92254016c92c1549c1187a87107524d
+class ComposerStaticIniteb8044a5f31df9017f83ac696a2e46a4
 {
     public static $files = array (
         '6e3fae29631ef280660b3cdad06f25a8' => __DIR__ . '/..' . '/symfony/deprecation-contracts/function.php',
@@ -354,9 +354,9 @@ class ComposerStaticInitd92254016c92c1549c1187a87107524d
     public static function getInitializer(ClassLoader $loader)
     {
         return \Closure::bind(function () use ($loader) {
-            $loader->prefixLengthsPsr4 = ComposerStaticInitd92254016c92c1549c1187a87107524d::$prefixLengthsPsr4;
-            $loader->prefixDirsPsr4 = ComposerStaticInitd92254016c92c1549c1187a87107524d::$prefixDirsPsr4;
-            $loader->classMap = ComposerStaticInitd92254016c92c1549c1187a87107524d::$classMap;
+            $loader->prefixLengthsPsr4 = ComposerStaticIniteb8044a5f31df9017f83ac696a2e46a4::$prefixLengthsPsr4;
+            $loader->prefixDirsPsr4 = ComposerStaticIniteb8044a5f31df9017f83ac696a2e46a4::$prefixDirsPsr4;
+            $loader->classMap = ComposerStaticIniteb8044a5f31df9017f83ac696a2e46a4::$classMap;
 
         }, null, ClassLoader::class);
     }