From 519d6bdc125cbbc31e405b2b79e8f5268b9ee51b Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Mon, 26 Jun 2023 08:02:22 +0200
Subject: refresh patches
---
php-7.4.26-openssl3.patch | 193 +++++++++++++++++++++++-------------------
php-cve-2023-3247.patch | 152 +++++++++++++++++++++++++++++++++
php-ghsa-76gg-c692-v2mw.patch | 126 ---------------------------
php.spec | 6 +-
4 files changed, 262 insertions(+), 215 deletions(-)
create mode 100644 php-cve-2023-3247.patch
delete mode 100644 php-ghsa-76gg-c692-v2mw.patch
diff --git a/php-7.4.26-openssl3.patch b/php-7.4.26-openssl3.patch
index 9952f34..c23c517 100644
--- a/php-7.4.26-openssl3.patch
+++ b/php-7.4.26-openssl3.patch
@@ -1,7 +1,7 @@
-From f7da6fd2d5d2160ef67e0bee3ad76f28d7b71983 Mon Sep 17 00:00:00 2001
+From d040474c7c9d6d94e10c6757e5f100ecacabf19f Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@php.net>
Date: Sun, 8 Aug 2021 17:38:30 +0200
-Subject: [PATCH 01/26] minimal fix for openssl 3.0 (#7002)
+Subject: [PATCH 01/27] minimal fix for openssl 3.0 (#7002)
(cherry picked from commit a0972deb0f441fc7991001cb51efc994b70a3b51)
---
@@ -23,12 +23,12 @@ index aa819be422..9cb643601c 100644
REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_OAEP_PADDING", RSA_PKCS1_OAEP_PADDING, CONST_CS|CONST_PERSISTENT);
--
-2.31.1
+2.41.0
-From 557f613efc86158ef65200f2c994c28bad257850 Mon Sep 17 00:00:00 2001
+From ef7710bd3a3ce04ddada7221bf7ba9410d1a0fe8 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Wed, 4 Aug 2021 09:41:39 +0200
-Subject: [PATCH 02/26] ignore deprecated
+Subject: [PATCH 02/27] ignore deprecated
---
ext/openssl/openssl.c | 2 ++
@@ -73,12 +73,12 @@ index 348831189b..b2cb6164bd 100644
--EXPECT--
bool(true)
--
-2.31.1
+2.41.0
-From c83d7444d35e4b246f84c1adc1353f75fbd4b44c Mon Sep 17 00:00:00 2001
+From c421e4e98b35c1744f784c05ffd34583fbe96c37 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Wed, 4 Aug 2021 09:46:07 +0200
-Subject: [PATCH 03/26] Reduce security level in some OpenSSL tests
+Subject: [PATCH 03/27] Reduce security level in some OpenSSL tests
This allows tests using older protocols and algorithms to work
under OpenSSL 3.
@@ -345,12 +345,12 @@ index c1aaa04919..84a137b5f4 100644
phpt_wait();
--
-2.31.1
+2.41.0
-From c9a9ef0d62c19bd2b3f89772c5a800781b88d53c Mon Sep 17 00:00:00 2001
+From dfbbf02d413db19dd3337b5b60c55eb974ebb2b7 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Wed, 4 Aug 2021 09:57:40 +0200
-Subject: [PATCH 04/26] Adjust some tests for whitespace differences in OpenSSL
+Subject: [PATCH 04/27] Adjust some tests for whitespace differences in OpenSSL
3
A trailing newline is no longer present in OpenSSL 3.
@@ -453,12 +453,12 @@ index b80c1f71f1..38915157f3 100644
string(7) "CA:TRUE"
}
--
-2.31.1
+2.41.0
-From dabea364207985e67e138e70106b6977952c2729 Mon Sep 17 00:00:00 2001
+From a8e511110696e83f728faee9294798351c84fb85 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Wed, 4 Aug 2021 11:55:47 +0200
-Subject: [PATCH 05/26] Use different cipher in openssl_seal() test
+Subject: [PATCH 05/27] Use different cipher in openssl_seal() test
RC4 is insecure and not supported in newer versions.
@@ -518,12 +518,12 @@ index 111bf6f094..588efa707b 100644
Warning: openssl_seal(): not a public key (2th member of pubkeys) in %s on line %d
bool(false)
--
-2.31.1
+2.41.0
-From 55123a11413921e991929fdd3cdab3b855617d11 Mon Sep 17 00:00:00 2001
+From 54f6bd9814a09d57b80933b1cedfd4266286bb9a Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Wed, 4 Aug 2021 11:58:46 +0200
-Subject: [PATCH 06/26] Don't test legacy algorithms in SPKI tests
+Subject: [PATCH 06/27] Don't test legacy algorithms in SPKI tests
MD4 and RMD160 may not be available on newer OpenSSL versions.
@@ -659,12 +659,12 @@ index c760d0cb83..35badcda37 100644
-bool(true)
-bool(false)
--
-2.31.1
+2.41.0
-From dace8e9ff28889d110cc4617b91caca0d722238f Mon Sep 17 00:00:00 2001
+From 9f5fa8ab4e8d5ba1e9e12eac956ba658e2047b93 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Wed, 4 Aug 2021 12:48:02 +0200
-Subject: [PATCH 07/26] Only report provided ciphers in
+Subject: [PATCH 07/27] Only report provided ciphers in
openssl_get_cipher_methods()
With OpenSSL 3 ciphers may be registered, but not provided. Make
@@ -749,12 +749,12 @@ index 7926b475e7..29d64171d9 100644
#endif
--
-2.31.1
+2.41.0
-From 514a7e50e1bdc5d409c3d66c1593f0ce1a859b8e Mon Sep 17 00:00:00 2001
+From d03ccc6933b4e585980458455b17cb384a3e5ab6 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Wed, 4 Aug 2021 12:05:02 +0200
-Subject: [PATCH 08/26] Avoid RC4 use in another test
+Subject: [PATCH 08/27] Avoid RC4 use in another test
(cherry picked from commit 503146aa87e48f075f47a093ed7868e323814a66)
---
@@ -788,12 +788,12 @@ index d564bcf8e8..e19f07e7b1 100644
?>
--EXPECTF--
--
-2.31.1
+2.41.0
-From bcc416e4449c78361eefec90c6339839cc198bde Mon Sep 17 00:00:00 2001
+From cafc815c45cdc12ab559c2e9e1c1af0500ca0ca5 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Thu, 5 Aug 2021 11:50:11 +0200
-Subject: [PATCH 09/26] Relax error check
+Subject: [PATCH 09/27] Relax error check
The precise error is version-dependent, just check that there
is some kind of error reported.
@@ -823,12 +823,12 @@ index 327c916688..3f319b4b24 100644
-error:%s:key size too small
+bool(true)
--
-2.31.1
+2.41.0
-From 269c9b3cff4808d7cb62dde957429c26b7d2ac46 Mon Sep 17 00:00:00 2001
+From 736d5d5eac86df2e5710111f90a0196ce9335c60 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Thu, 5 Aug 2021 14:59:16 +0200
-Subject: [PATCH 10/26] Add test for openssl_dh_compute_key()
+Subject: [PATCH 10/27] Add test for openssl_dh_compute_key()
This function was not tested at all :(
@@ -874,12 +874,12 @@ index 0000000000..8730f4b57d
+--EXPECT--
+b0049944fa5d36f364dd02e675dde50f8c2d67481c5cf0fe2f248d383eec1d38c23d5ed2644fbef2676bcd6ce148361ca82619c8f93e10506cb89d0a1bdaa0f0bc6f68cef0f7cb6d97d43e8dda3c7a5c5a98ebd2342a605ce530fd46a0602d28d4afc48e92088d0bc42194ca8682a85317f812d81b86cd284eed405df2f76aae84ccd560856e8a3d0ce4f591394bca02eb8a1984ebb41bb19714fb8b579bcafd36a9051d51d075f66229893289d8a0c918bfd222f17803cc532d2cf93bb2a567953323ca409beb3237faae9c6fdfc671594324953badd07dd4770ee09fd19f90045654c5709e92aa614b83594c2f62a8bc3c7e786e54bc1259a0a737c70dd4cc
--
-2.31.1
+2.41.0
-From 6f81d18232ee8e17c2f299dc3008727b420ce114 Mon Sep 17 00:00:00 2001
+From 95ede22356cdcfb4053850437eb3bb59f8190e5c Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Wed, 4 Aug 2021 14:54:59 +0200
-Subject: [PATCH 11/26] Use different algorithm in pkcs7 tests
+Subject: [PATCH 11/27] Use different algorithm in pkcs7 tests
The default of OPENSSL_CIPHER_RC2_40 is no longer (non-legacy)
supported in OpenSSL 3, specify a newer cipher instead.
@@ -965,12 +965,12 @@ index f823462f9e..e38a006d0c 100644
bool(true)
true
--
-2.31.1
+2.41.0
-From 9f9df4446699cd09cd70046f8bee66272aca2dac Mon Sep 17 00:00:00 2001
+From 1942dc87aaa0e473ec74d5be68866b327a2dd62b Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Thu, 5 Aug 2021 17:07:44 +0200
-Subject: [PATCH 12/26] Use larger key size for DSA/DH tests
+Subject: [PATCH 12/27] Use larger key size for DSA/DH tests
OpenSSL 3 validates allowed sizes strictly, pick minimum sizes
that are supported.
@@ -1014,12 +1014,12 @@ index c5f5575e2c..7beb020a4c 100644
?>
--EXPECTF--
--
-2.31.1
+2.41.0
-From 261db4fde8b2de3d0b39cac5d376ef425aad7ef2 Mon Sep 17 00:00:00 2001
+From b8904668632df0eadb5f24b365f1b2189f6694c7 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Wed, 4 Aug 2021 13:54:26 +0200
-Subject: [PATCH 13/26] Skip some tests if cipher not available
+Subject: [PATCH 13/27] Skip some tests if cipher not available
(cherry picked from commit d23a8b33abc3cd7e516563877a3f698b7a94ac10)
---
@@ -1084,22 +1084,20 @@ index 4175e703d2..e846b42e78 100644
+bool(true)
NULL
--
-2.31.1
+2.41.0
-From 93c0873333a8b257edb082d3f106fdef67495c44 Mon Sep 17 00:00:00 2001
+From 1f611e84806818b53cda70708f7eb6d1915b2887 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Fri, 6 Aug 2021 10:35:49 +0200
-Subject: [PATCH 14/26] Generate pkcs12_read test inputs on the fly
+Subject: [PATCH 14/27] Generate pkcs12_read test inputs on the fly
The old p12_with_extra_certs.p12 file uses an unsupported something.
(cherry picked from commit 5843ba518cfb9ac6ae6d6a69629239cbf77d4cfb)
---
- ext/openssl/tests/bug74022_2.phpt | 10 ++--
- .../tests/openssl_pkcs12_read_basic.phpt | 46 ++++++++++--------
- ext/openssl/tests/p12_with_extra_certs.p12 | Bin 3205 -> 0 bytes
- 3 files changed, 31 insertions(+), 25 deletions(-)
- delete mode 100644 ext/openssl/tests/p12_with_extra_certs.p12
+ ext/openssl/tests/bug74022_2.phpt | 10 ++--
+ .../tests/openssl_pkcs12_read_basic.phpt | 46 ++++++++++---------
+ 2 files changed, 31 insertions(+), 25 deletions(-)
diff --git a/ext/openssl/tests/bug74022_2.phpt b/ext/openssl/tests/bug74022_2.phpt
index 07cb683274..4220149db2 100644
@@ -1188,14 +1186,13 @@ index b81b4d9dac..8cb2b41fd7 100644
-----END CERTIFICATE-----
"
}
-
--
-2.31.1
+2.41.0
-From 64bedf19c7caa47193c22f6fbb134574eb0cf2dd Mon Sep 17 00:00:00 2001
+From 770edaa92bbf183455a60b902b12fc33ff56e95a Mon Sep 17 00:00:00 2001
From: Jakub Zelenka <bukka@php.net>
Date: Sun, 8 Aug 2021 20:54:46 +0100
-Subject: [PATCH 15/26] Make CertificateGenerator not dependent on external
+Subject: [PATCH 15/27] Make CertificateGenerator not dependent on external
config in OpenSSL 3.0
(cherry picked from commit c90c9c7545427d9d35cbac45c4ec896f54619744)
@@ -1248,12 +1245,12 @@ index b409376058..6fe9b4e9a8 100644
file_put_contents($file, $certText . PHP_EOL . $keyText);
} finally {
--
-2.31.1
+2.41.0
-From f2c252b9a083c01eff3f665a406efe5b44f323a3 Mon Sep 17 00:00:00 2001
+From 1234e56683d3f040eb98f7aabf745cf7baccc0e4 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Tue, 10 Aug 2021 11:50:18 +0200
-Subject: [PATCH 16/26] Fork openssl_error_string() test for OpenSSL
+Subject: [PATCH 16/27] Fork openssl_error_string() test for OpenSSL
The used error code differ signficantly, so use a separate test
file.
@@ -1284,12 +1281,12 @@ index cdf558e9a5..f9f0e7062f 100644
<?php
// helper function to check openssl errors
--
-2.31.1
+2.41.0
-From dc1751ad95ebb04e756809e837feb9aac7a2fefe Mon Sep 17 00:00:00 2001
+From 49c081a3d22d621a3024d7ea4c32f0350228c60b Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Sun, 8 Aug 2021 17:39:06 +0200
-Subject: [PATCH 17/26] Use OpenSSL NCONF APIs (#7337)
+Subject: [PATCH 17/27] Use OpenSSL NCONF APIs (#7337)
(cherry picked from commit 94bc5fce261a4a56a545bdfb25d5c2452a07de08)
---
@@ -1462,12 +1459,12 @@ index e0b3772a29..666616e7c5 100644
{
php_openssl_store_errors();
--
-2.31.1
+2.41.0
-From df4e7dcc8121c444ff315e31d06182f164e686ed Mon Sep 17 00:00:00 2001
+From 95dd07c54542ac48cf7d43392f61b0423b04fe63 Mon Sep 17 00:00:00 2001
From: Jakub Zelenka <bukka@php.net>
Date: Sun, 12 Sep 2021 20:30:02 +0100
-Subject: [PATCH 18/26] Make OpenSSL tests less dependent on system config
+Subject: [PATCH 18/27] Make OpenSSL tests less dependent on system config
It fixes dependencies on system config if running tests with OpenSSL 3.0
@@ -1559,12 +1556,12 @@ index 41567e9b32..6c09238003 100644
$keyFailed = openssl_pkey_new($argsFailed);
--
-2.31.1
+2.41.0
-From 03f65a015256933426d2c87b399a4c4620b4c85c Mon Sep 17 00:00:00 2001
+From 6167fdd70654ff63a6a759cffbbdb5468e5c517a Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Fri, 6 Aug 2021 11:15:18 +0200
-Subject: [PATCH 19/26] Do not special case export of EC keys
+Subject: [PATCH 19/27] Do not special case export of EC keys
All other private keys are exported in PKCS#8 format, while EC
keys use traditional format. Switch them to use PKCS#8 format as
@@ -1578,10 +1575,9 @@ As the OpenSSL docs say:
(cherry picked from commit f2d3e75933fa155a5281c824263780dbc660ecb1)
---
- UPGRADING | 4 +++
ext/openssl/openssl.c | 36 ++++---------------
.../tests/openssl_pkey_export_basic.phpt | 6 +++-
- 3 files changed, 15 insertions(+), 31 deletions(-)
+ 2 files changed, 11 insertions(+), 31 deletions(-)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 666616e7c5..4af0942209 100644
@@ -1655,12 +1651,12 @@ index d71f8da9a3..47a82d7873 100644
bool(true)
resource(%d) of type (OpenSSL key)
--
-2.31.1
+2.41.0
-From 038c33feab7e6138f7977224897118dbb8059a55 Mon Sep 17 00:00:00 2001
+From 94c952911ba9b53470056f0e679c842311e601e5 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Thu, 5 Aug 2021 10:29:50 +0200
-Subject: [PATCH 20/26] Use EVP_PKEY APIs for key generation
+Subject: [PATCH 20/27] Use EVP_PKEY APIs for key generation
Use high level API instead of deprecated low level API.
@@ -1915,12 +1911,12 @@ index 4af0942209..588aa3902f 100644
/* }}} */
--
-2.31.1
+2.41.0
-From cc5ad532e6672ac74007caa83f2fb7796f69510b Mon Sep 17 00:00:00 2001
+From 3e896d255c644a0d1c27a6c19e074b43bfc4c5ac Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Mon, 9 Aug 2021 10:26:12 +0200
-Subject: [PATCH 21/26] Extract EC key initialization
+Subject: [PATCH 21/27] Extract EC key initialization
(cherry picked from commit 14d7c7e9aee5ab55a92ddc626b7b81c130ea7618)
---
@@ -2186,12 +2182,12 @@ index 588aa3902f..5671311508 100644
}
}
--
-2.31.1
+2.41.0
-From 7c3f98fb5000b95419848b3b2519b677e8852f3f Mon Sep 17 00:00:00 2001
+From 9ac7bdc3d7eb104d7d95e2b1aa4e2b631f45051b Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Mon, 9 Aug 2021 12:01:35 +0200
-Subject: [PATCH 22/26] Test calculation of EC public key from private key
+Subject: [PATCH 22/27] Test calculation of EC public key from private key
(cherry picked from commit 246698671f941b2034518ab04f35009b2da77bb1)
---
@@ -2229,12 +2225,12 @@ index 6c09238003..ecc34a3330 100644
NULL
resource(%d) of type (OpenSSL key)
--
-2.31.1
+2.41.0
-From 3b17fa3a6a34fd169c34e3d1dbb315c4c691c649 Mon Sep 17 00:00:00 2001
+From d8ffb2117e6b986cb4a5b8e5c0cf5c74af8a32fc Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Mon, 9 Aug 2021 11:12:20 +0200
-Subject: [PATCH 23/26] Use param API for creating EC keys
+Subject: [PATCH 23/27] Use param API for creating EC keys
Rather than the deprecated low level APIs.
@@ -2386,12 +2382,12 @@ index 5671311508..5a76057c5f 100644
#endif
--
-2.31.1
+2.41.0
-From 76efdaf49ccfb4462ce9493c04b5542570f72907 Mon Sep 17 00:00:00 2001
+From c1047e5c4bf6919ab9600318721d4fa6cbebb40b Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Mon, 9 Aug 2021 14:19:33 +0200
-Subject: [PATCH 24/26] Extract public key portion via PEM roundtrip
+Subject: [PATCH 24/27] Extract public key portion via PEM roundtrip
The workaround with cloning the X509_REQ no longer works in
OpenSSL 3. Instead extract the public key portion by round
@@ -2476,12 +2472,12 @@ index 5a76057c5f..00ab6dc73a 100644
if (tpubkey == NULL) {
--
-2.31.1
+2.41.0
-From 134c4303f6ddca2553dadfe4e56808ef00ba39dd Mon Sep 17 00:00:00 2001
+From ee274b8bb13e8f9a3df79550be2ea3e4538c6326 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Tue, 10 Aug 2021 12:17:17 +0200
-Subject: [PATCH 25/26] Switch dh_param handling to EVP_PKEY API
+Subject: [PATCH 25/27] Switch dh_param handling to EVP_PKEY API
(cherry picked from commit ef787bae242fdd2e72625bbce6ab4ca466b1ef59)
---
@@ -2546,12 +2542,12 @@ index 9710e44a07..f130bdee66 100644
return SUCCESS;
}
--
-2.31.1
+2.41.0
-From 7557896fc206bd318851b3810b55bb51dc43336f Mon Sep 17 00:00:00 2001
+From 6bb3f5d83ea5a108018b22b5e5b3b7dff77a66de Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Thu, 18 Nov 2021 15:08:19 +0100
-Subject: [PATCH 26/26] ignore remaining warnings
+Subject: [PATCH 26/27] ignore remaining warnings
---
ext/openssl/openssl.c | 3 ++-
@@ -2579,5 +2575,30 @@ index 00ab6dc73a..b136729cb5 100644
EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
OSSL_PARAM *params = NULL;
--
-2.31.1
+2.41.0
+
+From 5019534853051a3cb3cce9811e98e583e568e112 Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@remirepo.net>
+Date: Mon, 26 Jun 2023 07:59:18 +0200
+Subject: [PATCH 27/27] don't use true
+
+---
+ ext/openssl/openssl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
+index b136729cb5..d0fd976376 100644
+--- a/ext/openssl/openssl.c
++++ b/ext/openssl/openssl.c
+@@ -4454,7 +4454,7 @@ static int php_openssl_pkey_init_legacy_ec(EC_KEY *eckey, zval *data, int *is_pr
+ }
+
+ if (!EC_KEY_check_key(eckey)) {
+- *is_private = true;
++ *is_private = 1;
+ PHP_OPENSSL_RAND_ADD_TIME();
+ EC_KEY_generate_key(eckey);
+ php_openssl_store_errors();
+--
+2.41.0
diff --git a/php-cve-2023-3247.patch b/php-cve-2023-3247.patch
new file mode 100644
index 0000000..e23aebf
--- /dev/null
+++ b/php-cve-2023-3247.patch
@@ -0,0 +1,152 @@
+From 0cfca9aa1395271833848daec0bace51d965531d Mon Sep 17 00:00:00 2001
+From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
+Date: Sun, 16 Apr 2023 15:05:03 +0200
+Subject: [PATCH] Fix missing randomness check and insufficient random bytes
+ for SOAP HTTP Digest
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+If php_random_bytes_throw fails, the nonce will be uninitialized, but
+still sent to the server. The client nonce is intended to protect
+against a malicious server. See section 5.10 and 5.12 of RFC 7616 [1],
+and bullet point 2 below.
+
+Tim pointed out that even though it's the MD5 of the nonce that gets sent,
+enumerating 31 bits is trivial. So we have still a stack information leak
+of 31 bits.
+
+Furthermore, Tim found the following issues:
+* The small size of cnonce might cause the server to erroneously reject
+ a request due to a repeated (cnonce, nc) pair. As per the birthday
+ problem 31 bits of randomness will return a duplication with 50%
+ chance after less than 55000 requests and nc always starts counting at 1.
+* The cnonce is intended to protect the client and password against a
+ malicious server that returns a constant server nonce where the server
+ precomputed a rainbow table between passwords and correct client response.
+ As storage is fairly cheap, a server could precompute the client responses
+ for (a subset of) client nonces and still have a chance of reversing the
+ client response with the same probability as the cnonce duplication.
+
+ Precomputing the rainbow table for all 2^31 cnonces increases the rainbow
+ table size by factor 2 billion, which is infeasible. But precomputing it
+ for 2^14 cnonces only increases the table size by factor 16k and the server
+ would still have a 10% chance of successfully reversing a password with a
+ single client request.
+
+This patch fixes the issues by increasing the nonce size, and checking
+the return value of php_random_bytes_throw(). In the process we also get
+rid of the MD5 hashing of the nonce.
+
+[1] RFC 7616: https://www.rfc-editor.org/rfc/rfc7616
+
+Co-authored-by: Tim Düsterhus <timwolla@php.net>
+(cherry picked from commit 126d517ce240e9f638d9a5eaa509eaca49ef562a)
+---
+ NEWS | 6 ++++++
+ ext/soap/php_http.c | 21 +++++++++++++--------
+ 2 files changed, 19 insertions(+), 8 deletions(-)
+
+diff --git a/NEWS b/NEWS
+index 3f8739eae7..7c07635cad 100644
+--- a/NEWS
++++ b/NEWS
+@@ -1,6 +1,12 @@
+ PHP NEWS
+ |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
+
++Backported from 8.0.29
++
++- Soap:
++ . Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random
++ bytes in HTTP Digest authentication for SOAP). (nielsdos, timwolla)
++
+ Backported from 8.0.28
+
+ - Core:
+diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c
+index ee3dcbdc9a..e3a9afdbe9 100644
+--- a/ext/soap/php_http.c
++++ b/ext/soap/php_http.c
+@@ -666,18 +666,23 @@ int make_http_soap_request(zval *this_ptr,
+ if ((digest = zend_hash_str_find(Z_OBJPROP_P(this_ptr), "_digest", sizeof("_digest")-1)) != NULL) {
+ if (Z_TYPE_P(digest) == IS_ARRAY) {
+ char HA1[33], HA2[33], response[33], cnonce[33], nc[9];
+- zend_long nonce;
++ unsigned char nonce[16];
+ PHP_MD5_CTX md5ctx;
+ unsigned char hash[16];
+
+- php_random_bytes_throw(&nonce, sizeof(nonce));
+- nonce &= 0x7fffffff;
++ if (UNEXPECTED(php_random_bytes_throw(&nonce, sizeof(nonce)) != SUCCESS)) {
++ ZEND_ASSERT(EG(exception));
++ php_stream_close(stream);
++ zend_hash_str_del(Z_OBJPROP_P(this_ptr), "httpurl", sizeof("httpurl")-1);
++ zend_hash_str_del(Z_OBJPROP_P(this_ptr), "httpsocket", sizeof("httpsocket")-1);
++ zend_hash_str_del(Z_OBJPROP_P(this_ptr), "_use_proxy", sizeof("_use_proxy")-1);
++ smart_str_free(&soap_headers_z);
++ smart_str_free(&soap_headers);
++ return FALSE;
++ }
+
+- PHP_MD5Init(&md5ctx);
+- snprintf(cnonce, sizeof(cnonce), ZEND_LONG_FMT, nonce);
+- PHP_MD5Update(&md5ctx, (unsigned char*)cnonce, strlen(cnonce));
+- PHP_MD5Final(hash, &md5ctx);
+- make_digest(cnonce, hash);
++ php_hash_bin2hex(cnonce, nonce, sizeof(nonce));
++ cnonce[32] = 0;
+
+ if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "nc", sizeof("nc")-1)) != NULL &&
+ Z_TYPE_P(tmp) == IS_LONG) {
+From 40439039c224bb8cdebd1b7b3d03b8cc11e7cce7 Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@remirepo.net>
+Date: Tue, 6 Jun 2023 18:05:22 +0200
+Subject: [PATCH] Fix GH-11382 add missing hash header for bin2hex
+
+---
+ ext/soap/php_http.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c
+index e3a9afdbe9f..912b8e341d8 100644
+--- a/ext/soap/php_http.c
++++ b/ext/soap/php_http.c
+@@ -22,6 +22,7 @@
+ #include "ext/standard/base64.h"
+ #include "ext/standard/md5.h"
+ #include "ext/standard/php_random.h"
++#include "ext/hash/php_hash.h"
+
+ static char *get_http_header_value_nodup(char *headers, char *type, size_t *len);
+ static char *get_http_header_value(char *headers, char *type);
+--
+2.40.1
+
+From f3021d66d7bb42d2578530cc94f9bde47e58eb10 Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@remirepo.net>
+Date: Thu, 15 Jun 2023 08:47:55 +0200
+Subject: [PATCH] add cve
+
+---
+ NEWS | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/NEWS b/NEWS
+index 7c07635cade..899644b3d63 100644
+--- a/NEWS
++++ b/NEWS
+@@ -5,7 +5,8 @@ Backported from 8.0.29
+
+ - Soap:
+ . Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random
+- bytes in HTTP Digest authentication for SOAP). (nielsdos, timwolla)
++ bytes in HTTP Digest authentication for SOAP).
++ (CVE-2023-3247) (nielsdos, timwolla)
+
+ Backported from 8.0.28
+
+--
+2.40.1
+
diff --git a/php-ghsa-76gg-c692-v2mw.patch b/php-ghsa-76gg-c692-v2mw.patch
deleted file mode 100644
index aa67ee6..0000000
--- a/php-ghsa-76gg-c692-v2mw.patch
+++ /dev/null
@@ -1,126 +0,0 @@
-From 0cfca9aa1395271833848daec0bace51d965531d Mon Sep 17 00:00:00 2001
-From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
-Date: Sun, 16 Apr 2023 15:05:03 +0200
-Subject: [PATCH] Fix missing randomness check and insufficient random bytes
- for SOAP HTTP Digest
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-If php_random_bytes_throw fails, the nonce will be uninitialized, but
-still sent to the server. The client nonce is intended to protect
-against a malicious server. See section 5.10 and 5.12 of RFC 7616 [1],
-and bullet point 2 below.
-
-Tim pointed out that even though it's the MD5 of the nonce that gets sent,
-enumerating 31 bits is trivial. So we have still a stack information leak
-of 31 bits.
-
-Furthermore, Tim found the following issues:
-* The small size of cnonce might cause the server to erroneously reject
- a request due to a repeated (cnonce, nc) pair. As per the birthday
- problem 31 bits of randomness will return a duplication with 50%
- chance after less than 55000 requests and nc always starts counting at 1.
-* The cnonce is intended to protect the client and password against a
- malicious server that returns a constant server nonce where the server
- precomputed a rainbow table between passwords and correct client response.
- As storage is fairly cheap, a server could precompute the client responses
- for (a subset of) client nonces and still have a chance of reversing the
- client response with the same probability as the cnonce duplication.
-
- Precomputing the rainbow table for all 2^31 cnonces increases the rainbow
- table size by factor 2 billion, which is infeasible. But precomputing it
- for 2^14 cnonces only increases the table size by factor 16k and the server
- would still have a 10% chance of successfully reversing a password with a
- single client request.
-
-This patch fixes the issues by increasing the nonce size, and checking
-the return value of php_random_bytes_throw(). In the process we also get
-rid of the MD5 hashing of the nonce.
-
-[1] RFC 7616: https://www.rfc-editor.org/rfc/rfc7616
-
-Co-authored-by: Tim Düsterhus <timwolla@php.net>
-(cherry picked from commit 126d517ce240e9f638d9a5eaa509eaca49ef562a)
----
- NEWS | 6 ++++++
- ext/soap/php_http.c | 21 +++++++++++++--------
- 2 files changed, 19 insertions(+), 8 deletions(-)
-
-diff --git a/NEWS b/NEWS
-index 3f8739eae7..7c07635cad 100644
---- a/NEWS
-+++ b/NEWS
-@@ -1,6 +1,12 @@
- PHP NEWS
- |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-
-+Backported from 8.0.29
-+
-+- Soap:
-+ . Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random
-+ bytes in HTTP Digest authentication for SOAP). (nielsdos, timwolla)
-+
- Backported from 8.0.28
-
- - Core:
-diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c
-index ee3dcbdc9a..e3a9afdbe9 100644
---- a/ext/soap/php_http.c
-+++ b/ext/soap/php_http.c
-@@ -666,18 +666,23 @@ int make_http_soap_request(zval *this_ptr,
- if ((digest = zend_hash_str_find(Z_OBJPROP_P(this_ptr), "_digest", sizeof("_digest")-1)) != NULL) {
- if (Z_TYPE_P(digest) == IS_ARRAY) {
- char HA1[33], HA2[33], response[33], cnonce[33], nc[9];
-- zend_long nonce;
-+ unsigned char nonce[16];
- PHP_MD5_CTX md5ctx;
- unsigned char hash[16];
-
-- php_random_bytes_throw(&nonce, sizeof(nonce));
-- nonce &= 0x7fffffff;
-+ if (UNEXPECTED(php_random_bytes_throw(&nonce, sizeof(nonce)) != SUCCESS)) {
-+ ZEND_ASSERT(EG(exception));
-+ php_stream_close(stream);
-+ zend_hash_str_del(Z_OBJPROP_P(this_ptr), "httpurl", sizeof("httpurl")-1);
-+ zend_hash_str_del(Z_OBJPROP_P(this_ptr), "httpsocket", sizeof("httpsocket")-1);
-+ zend_hash_str_del(Z_OBJPROP_P(this_ptr), "_use_proxy", sizeof("_use_proxy")-1);
-+ smart_str_free(&soap_headers_z);
-+ smart_str_free(&soap_headers);
-+ return FALSE;
-+ }
-
-- PHP_MD5Init(&md5ctx);
-- snprintf(cnonce, sizeof(cnonce), ZEND_LONG_FMT, nonce);
-- PHP_MD5Update(&md5ctx, (unsigned char*)cnonce, strlen(cnonce));
-- PHP_MD5Final(hash, &md5ctx);
-- make_digest(cnonce, hash);
-+ php_hash_bin2hex(cnonce, nonce, sizeof(nonce));
-+ cnonce[32] = 0;
-
- if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "nc", sizeof("nc")-1)) != NULL &&
- Z_TYPE_P(tmp) == IS_LONG) {
-From 40439039c224bb8cdebd1b7b3d03b8cc11e7cce7 Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Tue, 6 Jun 2023 18:05:22 +0200
-Subject: [PATCH] Fix GH-11382 add missing hash header for bin2hex
-
----
- ext/soap/php_http.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c
-index e3a9afdbe9f..912b8e341d8 100644
---- a/ext/soap/php_http.c
-+++ b/ext/soap/php_http.c
-@@ -22,6 +22,7 @@
- #include "ext/standard/base64.h"
- #include "ext/standard/md5.h"
- #include "ext/standard/php_random.h"
-+#include "ext/hash/php_hash.h"
-
- static char *get_http_header_value_nodup(char *headers, char *type, size_t *len);
- static char *get_http_header_value(char *headers, char *type);
---
-2.40.1
-
diff --git a/php.spec b/php.spec
index f925080..ada1b08 100644
--- a/php.spec
+++ b/php.spec
@@ -179,7 +179,7 @@ Patch200: php-bug81740.patch
Patch201: php-bug81744.patch
Patch202: php-bug81746.patch
Patch203: php-cve-2023-0662.patch
-Patch204: php-ghsa-76gg-c692-v2mw.patch
+Patch204: php-cve-2023-3247.patch
# Fixes for tests (300+)
# Factory is droped from system tzdata
@@ -964,7 +964,7 @@ rm ext/openssl/tests/p12_with_extra_certs.p12
%patch -P201 -p1 -b .bug81744
%patch -P202 -p1 -b .bug81746
%patch -P203 -p1 -b .cve0662
-%patch -P204 -p1 -b .ghsa-76gg-c692-v2mw
+%patch -P204 -p1 -b .cve3247
# Fixes for tests
%patch -P300 -p1 -b .datetests
@@ -1857,7 +1857,7 @@ EOF
* Tue Jun 6 2023 Remi Collet <remi@remirepo.net> - 7.4.33-7
- Fix Missing error check and insufficient random bytes in HTTP Digest
authentication for SOAP
- GHSA-76gg-c692-v2mw
+ GHSA-76gg-c692-v2mw CVE-2023-3247
* Fri Apr 14 2023 Remi Collet <remi@remirepo.net> - 7.4.33-6
- use ICU 72.1
--
cgit