Skip to content

Commit 7c1cbd6

Browse files
committed
Update xmlseclibs to 3.1.4 due CVE-2025-66475
1 parent e0e1e68 commit 7c1cbd6

3 files changed

Lines changed: 23 additions & 5 deletions

File tree

onelogin-saml-sso/php/extlib/xmlseclibs/CHANGELOG.txt

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,19 @@
11
xmlseclibs.php
22
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
3+
08, Dec 2025, 3.1.4
4+
Security:
5+
- fix canonicalization bypass error (d0ge)
6+
7+
20, Nov 2024, 3.1.3
8+
Bug Fixes:
9+
- remove loadKey check due to BC issues
10+
11+
20, Nov 2024, 3.1.2
12+
Improvements:
13+
- Add tab to list of whitespace values to remove from cert. refs #252
14+
- loadKey should check return value for openssl_get_privatekey (sammarshallou)
15+
- Switch to GitHub actions (SharkMachine)
16+
317
05, Sep 2020, 3.1.1
418
Features:
519
- Support OAEP (iggyvolz)

onelogin-saml-sso/php/extlib/xmlseclibs/src/XMLSecurityDSig.php

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -293,7 +293,11 @@ private function canonicalizeData($node, $canonicalmethod, $arXPath=null, $prefi
293293
}
294294
}
295295

296-
return $node->C14N($exclusive, $withComments, $arXPath, $prefixList);
296+
$ret = $node->C14N($exclusive, $withComments, $arXPath, $prefixList);
297+
if ($ret === false) {
298+
throw new Exception("Canonicalization failed");
299+
}
300+
return $ret;
297301
}
298302

299303
/**
@@ -1050,7 +1054,7 @@ public static function staticAdd509Cert($parentRef, $cert, $isPEMFormat=true, $i
10501054
}
10511055
$subjectNameValue = implode(',', $parts);
10521056
} else {
1053-
$subjectNameValue = $certData['issuer'];
1057+
$subjectNameValue = $certData['subject'];
10541058
}
10551059
$x509SubjectNode = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509SubjectName', $subjectNameValue);
10561060
$x509DataNode->appendChild($x509SubjectNode);

onelogin-saml-sso/php/extlib/xmlseclibs/xmlseclibs.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
/**
33
* xmlseclibs.php
44
*
5-
* Copyright (c) 2007-2020, Robert Richards <rrichards@cdatazone.org>.
5+
* Copyright (c) 2007-2025, Robert Richards <rrichards@cdatazone.org>.
66
* All rights reserved.
77
*
88
* Redistribution and use in source and binary forms, with or without
@@ -35,9 +35,9 @@
3535
* POSSIBILITY OF SUCH DAMAGE.
3636
*
3737
* @author Robert Richards <rrichards@cdatazone.org>
38-
* @copyright 2007-2020 Robert Richards <rrichards@cdatazone.org>
38+
* @copyright 2007-2025 Robert Richards <rrichards@cdatazone.org>
3939
* @license http://www.opensource.org/licenses/bsd-license.php BSD License
40-
* @version 3.1.1
40+
* @version 3.1.4
4141
*/
4242

4343
$xmlseclibs_srcdir = dirname(__FILE__) . '/src/';

0 commit comments

Comments
 (0)