From 519d6bdc125cbbc31e405b2b79e8f5268b9ee51b Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Mon, 26 Jun 2023 08:02:22 +0200 Subject: refresh patches --- php-7.4.26-openssl3.patch | 193 +++++++++++++++++++++++------------------- php-cve-2023-3247.patch | 152 +++++++++++++++++++++++++++++++++ php-ghsa-76gg-c692-v2mw.patch | 126 --------------------------- php.spec | 6 +- 4 files changed, 262 insertions(+), 215 deletions(-) create mode 100644 php-cve-2023-3247.patch delete mode 100644 php-ghsa-76gg-c692-v2mw.patch diff --git a/php-7.4.26-openssl3.patch b/php-7.4.26-openssl3.patch index 9952f34..c23c517 100644 --- a/php-7.4.26-openssl3.patch +++ b/php-7.4.26-openssl3.patch @@ -1,7 +1,7 @@ -From f7da6fd2d5d2160ef67e0bee3ad76f28d7b71983 Mon Sep 17 00:00:00 2001 +From d040474c7c9d6d94e10c6757e5f100ecacabf19f Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Sun, 8 Aug 2021 17:38:30 +0200 -Subject: [PATCH 01/26] minimal fix for openssl 3.0 (#7002) +Subject: [PATCH 01/27] minimal fix for openssl 3.0 (#7002) (cherry picked from commit a0972deb0f441fc7991001cb51efc994b70a3b51) --- @@ -23,12 +23,12 @@ index aa819be422..9cb643601c 100644 REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_OAEP_PADDING", RSA_PKCS1_OAEP_PADDING, CONST_CS|CONST_PERSISTENT); -- -2.31.1 +2.41.0 -From 557f613efc86158ef65200f2c994c28bad257850 Mon Sep 17 00:00:00 2001 +From ef7710bd3a3ce04ddada7221bf7ba9410d1a0fe8 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Wed, 4 Aug 2021 09:41:39 +0200 -Subject: [PATCH 02/26] ignore deprecated +Subject: [PATCH 02/27] ignore deprecated --- ext/openssl/openssl.c | 2 ++ @@ -73,12 +73,12 @@ index 348831189b..b2cb6164bd 100644 --EXPECT-- bool(true) -- -2.31.1 +2.41.0 -From c83d7444d35e4b246f84c1adc1353f75fbd4b44c Mon Sep 17 00:00:00 2001 +From c421e4e98b35c1744f784c05ffd34583fbe96c37 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Wed, 4 Aug 2021 09:46:07 +0200 -Subject: [PATCH 03/26] Reduce security level in some OpenSSL tests +Subject: [PATCH 03/27] Reduce security level in some OpenSSL tests This allows tests using older protocols and algorithms to work under OpenSSL 3. @@ -345,12 +345,12 @@ index c1aaa04919..84a137b5f4 100644 phpt_wait(); -- -2.31.1 +2.41.0 -From c9a9ef0d62c19bd2b3f89772c5a800781b88d53c Mon Sep 17 00:00:00 2001 +From dfbbf02d413db19dd3337b5b60c55eb974ebb2b7 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Wed, 4 Aug 2021 09:57:40 +0200 -Subject: [PATCH 04/26] Adjust some tests for whitespace differences in OpenSSL +Subject: [PATCH 04/27] Adjust some tests for whitespace differences in OpenSSL 3 A trailing newline is no longer present in OpenSSL 3. @@ -453,12 +453,12 @@ index b80c1f71f1..38915157f3 100644 string(7) "CA:TRUE" } -- -2.31.1 +2.41.0 -From dabea364207985e67e138e70106b6977952c2729 Mon Sep 17 00:00:00 2001 +From a8e511110696e83f728faee9294798351c84fb85 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Wed, 4 Aug 2021 11:55:47 +0200 -Subject: [PATCH 05/26] Use different cipher in openssl_seal() test +Subject: [PATCH 05/27] Use different cipher in openssl_seal() test RC4 is insecure and not supported in newer versions. @@ -518,12 +518,12 @@ index 111bf6f094..588efa707b 100644 Warning: openssl_seal(): not a public key (2th member of pubkeys) in %s on line %d bool(false) -- -2.31.1 +2.41.0 -From 55123a11413921e991929fdd3cdab3b855617d11 Mon Sep 17 00:00:00 2001 +From 54f6bd9814a09d57b80933b1cedfd4266286bb9a Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Wed, 4 Aug 2021 11:58:46 +0200 -Subject: [PATCH 06/26] Don't test legacy algorithms in SPKI tests +Subject: [PATCH 06/27] Don't test legacy algorithms in SPKI tests MD4 and RMD160 may not be available on newer OpenSSL versions. @@ -659,12 +659,12 @@ index c760d0cb83..35badcda37 100644 -bool(true) -bool(false) -- -2.31.1 +2.41.0 -From dace8e9ff28889d110cc4617b91caca0d722238f Mon Sep 17 00:00:00 2001 +From 9f5fa8ab4e8d5ba1e9e12eac956ba658e2047b93 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Wed, 4 Aug 2021 12:48:02 +0200 -Subject: [PATCH 07/26] Only report provided ciphers in +Subject: [PATCH 07/27] Only report provided ciphers in openssl_get_cipher_methods() With OpenSSL 3 ciphers may be registered, but not provided. Make @@ -749,12 +749,12 @@ index 7926b475e7..29d64171d9 100644 #endif -- -2.31.1 +2.41.0 -From 514a7e50e1bdc5d409c3d66c1593f0ce1a859b8e Mon Sep 17 00:00:00 2001 +From d03ccc6933b4e585980458455b17cb384a3e5ab6 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Wed, 4 Aug 2021 12:05:02 +0200 -Subject: [PATCH 08/26] Avoid RC4 use in another test +Subject: [PATCH 08/27] Avoid RC4 use in another test (cherry picked from commit 503146aa87e48f075f47a093ed7868e323814a66) --- @@ -788,12 +788,12 @@ index d564bcf8e8..e19f07e7b1 100644 ?> --EXPECTF-- -- -2.31.1 +2.41.0 -From bcc416e4449c78361eefec90c6339839cc198bde Mon Sep 17 00:00:00 2001 +From cafc815c45cdc12ab559c2e9e1c1af0500ca0ca5 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Thu, 5 Aug 2021 11:50:11 +0200 -Subject: [PATCH 09/26] Relax error check +Subject: [PATCH 09/27] Relax error check The precise error is version-dependent, just check that there is some kind of error reported. @@ -823,12 +823,12 @@ index 327c916688..3f319b4b24 100644 -error:%s:key size too small +bool(true) -- -2.31.1 +2.41.0 -From 269c9b3cff4808d7cb62dde957429c26b7d2ac46 Mon Sep 17 00:00:00 2001 +From 736d5d5eac86df2e5710111f90a0196ce9335c60 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Thu, 5 Aug 2021 14:59:16 +0200 -Subject: [PATCH 10/26] Add test for openssl_dh_compute_key() +Subject: [PATCH 10/27] Add test for openssl_dh_compute_key() This function was not tested at all :( @@ -874,12 +874,12 @@ index 0000000000..8730f4b57d +--EXPECT-- +b0049944fa5d36f364dd02e675dde50f8c2d67481c5cf0fe2f248d383eec1d38c23d5ed2644fbef2676bcd6ce148361ca82619c8f93e10506cb89d0a1bdaa0f0bc6f68cef0f7cb6d97d43e8dda3c7a5c5a98ebd2342a605ce530fd46a0602d28d4afc48e92088d0bc42194ca8682a85317f812d81b86cd284eed405df2f76aae84ccd560856e8a3d0ce4f591394bca02eb8a1984ebb41bb19714fb8b579bcafd36a9051d51d075f66229893289d8a0c918bfd222f17803cc532d2cf93bb2a567953323ca409beb3237faae9c6fdfc671594324953badd07dd4770ee09fd19f90045654c5709e92aa614b83594c2f62a8bc3c7e786e54bc1259a0a737c70dd4cc -- -2.31.1 +2.41.0 -From 6f81d18232ee8e17c2f299dc3008727b420ce114 Mon Sep 17 00:00:00 2001 +From 95ede22356cdcfb4053850437eb3bb59f8190e5c Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Wed, 4 Aug 2021 14:54:59 +0200 -Subject: [PATCH 11/26] Use different algorithm in pkcs7 tests +Subject: [PATCH 11/27] Use different algorithm in pkcs7 tests The default of OPENSSL_CIPHER_RC2_40 is no longer (non-legacy) supported in OpenSSL 3, specify a newer cipher instead. @@ -965,12 +965,12 @@ index f823462f9e..e38a006d0c 100644 bool(true) true -- -2.31.1 +2.41.0 -From 9f9df4446699cd09cd70046f8bee66272aca2dac Mon Sep 17 00:00:00 2001 +From 1942dc87aaa0e473ec74d5be68866b327a2dd62b Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Thu, 5 Aug 2021 17:07:44 +0200 -Subject: [PATCH 12/26] Use larger key size for DSA/DH tests +Subject: [PATCH 12/27] Use larger key size for DSA/DH tests OpenSSL 3 validates allowed sizes strictly, pick minimum sizes that are supported. @@ -1014,12 +1014,12 @@ index c5f5575e2c..7beb020a4c 100644 ?> --EXPECTF-- -- -2.31.1 +2.41.0 -From 261db4fde8b2de3d0b39cac5d376ef425aad7ef2 Mon Sep 17 00:00:00 2001 +From b8904668632df0eadb5f24b365f1b2189f6694c7 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Wed, 4 Aug 2021 13:54:26 +0200 -Subject: [PATCH 13/26] Skip some tests if cipher not available +Subject: [PATCH 13/27] Skip some tests if cipher not available (cherry picked from commit d23a8b33abc3cd7e516563877a3f698b7a94ac10) --- @@ -1084,22 +1084,20 @@ index 4175e703d2..e846b42e78 100644 +bool(true) NULL -- -2.31.1 +2.41.0 -From 93c0873333a8b257edb082d3f106fdef67495c44 Mon Sep 17 00:00:00 2001 +From 1f611e84806818b53cda70708f7eb6d1915b2887 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Fri, 6 Aug 2021 10:35:49 +0200 -Subject: [PATCH 14/26] Generate pkcs12_read test inputs on the fly +Subject: [PATCH 14/27] Generate pkcs12_read test inputs on the fly The old p12_with_extra_certs.p12 file uses an unsupported something. (cherry picked from commit 5843ba518cfb9ac6ae6d6a69629239cbf77d4cfb) --- - ext/openssl/tests/bug74022_2.phpt | 10 ++-- - .../tests/openssl_pkcs12_read_basic.phpt | 46 ++++++++++-------- - ext/openssl/tests/p12_with_extra_certs.p12 | Bin 3205 -> 0 bytes - 3 files changed, 31 insertions(+), 25 deletions(-) - delete mode 100644 ext/openssl/tests/p12_with_extra_certs.p12 + ext/openssl/tests/bug74022_2.phpt | 10 ++-- + .../tests/openssl_pkcs12_read_basic.phpt | 46 ++++++++++--------- + 2 files changed, 31 insertions(+), 25 deletions(-) diff --git a/ext/openssl/tests/bug74022_2.phpt b/ext/openssl/tests/bug74022_2.phpt index 07cb683274..4220149db2 100644 @@ -1188,14 +1186,13 @@ index b81b4d9dac..8cb2b41fd7 100644 -----END CERTIFICATE----- " } - -- -2.31.1 +2.41.0 -From 64bedf19c7caa47193c22f6fbb134574eb0cf2dd Mon Sep 17 00:00:00 2001 +From 770edaa92bbf183455a60b902b12fc33ff56e95a Mon Sep 17 00:00:00 2001 From: Jakub Zelenka Date: Sun, 8 Aug 2021 20:54:46 +0100 -Subject: [PATCH 15/26] Make CertificateGenerator not dependent on external +Subject: [PATCH 15/27] Make CertificateGenerator not dependent on external config in OpenSSL 3.0 (cherry picked from commit c90c9c7545427d9d35cbac45c4ec896f54619744) @@ -1248,12 +1245,12 @@ index b409376058..6fe9b4e9a8 100644 file_put_contents($file, $certText . PHP_EOL . $keyText); } finally { -- -2.31.1 +2.41.0 -From f2c252b9a083c01eff3f665a406efe5b44f323a3 Mon Sep 17 00:00:00 2001 +From 1234e56683d3f040eb98f7aabf745cf7baccc0e4 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Tue, 10 Aug 2021 11:50:18 +0200 -Subject: [PATCH 16/26] Fork openssl_error_string() test for OpenSSL +Subject: [PATCH 16/27] Fork openssl_error_string() test for OpenSSL The used error code differ signficantly, so use a separate test file. @@ -1284,12 +1281,12 @@ index cdf558e9a5..f9f0e7062f 100644 Date: Sun, 8 Aug 2021 17:39:06 +0200 -Subject: [PATCH 17/26] Use OpenSSL NCONF APIs (#7337) +Subject: [PATCH 17/27] Use OpenSSL NCONF APIs (#7337) (cherry picked from commit 94bc5fce261a4a56a545bdfb25d5c2452a07de08) --- @@ -1462,12 +1459,12 @@ index e0b3772a29..666616e7c5 100644 { php_openssl_store_errors(); -- -2.31.1 +2.41.0 -From df4e7dcc8121c444ff315e31d06182f164e686ed Mon Sep 17 00:00:00 2001 +From 95dd07c54542ac48cf7d43392f61b0423b04fe63 Mon Sep 17 00:00:00 2001 From: Jakub Zelenka Date: Sun, 12 Sep 2021 20:30:02 +0100 -Subject: [PATCH 18/26] Make OpenSSL tests less dependent on system config +Subject: [PATCH 18/27] Make OpenSSL tests less dependent on system config It fixes dependencies on system config if running tests with OpenSSL 3.0 @@ -1559,12 +1556,12 @@ index 41567e9b32..6c09238003 100644 $keyFailed = openssl_pkey_new($argsFailed); -- -2.31.1 +2.41.0 -From 03f65a015256933426d2c87b399a4c4620b4c85c Mon Sep 17 00:00:00 2001 +From 6167fdd70654ff63a6a759cffbbdb5468e5c517a Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Fri, 6 Aug 2021 11:15:18 +0200 -Subject: [PATCH 19/26] Do not special case export of EC keys +Subject: [PATCH 19/27] Do not special case export of EC keys All other private keys are exported in PKCS#8 format, while EC keys use traditional format. Switch them to use PKCS#8 format as @@ -1578,10 +1575,9 @@ As the OpenSSL docs say: (cherry picked from commit f2d3e75933fa155a5281c824263780dbc660ecb1) --- - UPGRADING | 4 +++ ext/openssl/openssl.c | 36 ++++--------------- .../tests/openssl_pkey_export_basic.phpt | 6 +++- - 3 files changed, 15 insertions(+), 31 deletions(-) + 2 files changed, 11 insertions(+), 31 deletions(-) diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 666616e7c5..4af0942209 100644 @@ -1655,12 +1651,12 @@ index d71f8da9a3..47a82d7873 100644 bool(true) resource(%d) of type (OpenSSL key) -- -2.31.1 +2.41.0 -From 038c33feab7e6138f7977224897118dbb8059a55 Mon Sep 17 00:00:00 2001 +From 94c952911ba9b53470056f0e679c842311e601e5 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Thu, 5 Aug 2021 10:29:50 +0200 -Subject: [PATCH 20/26] Use EVP_PKEY APIs for key generation +Subject: [PATCH 20/27] Use EVP_PKEY APIs for key generation Use high level API instead of deprecated low level API. @@ -1915,12 +1911,12 @@ index 4af0942209..588aa3902f 100644 /* }}} */ -- -2.31.1 +2.41.0 -From cc5ad532e6672ac74007caa83f2fb7796f69510b Mon Sep 17 00:00:00 2001 +From 3e896d255c644a0d1c27a6c19e074b43bfc4c5ac Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Mon, 9 Aug 2021 10:26:12 +0200 -Subject: [PATCH 21/26] Extract EC key initialization +Subject: [PATCH 21/27] Extract EC key initialization (cherry picked from commit 14d7c7e9aee5ab55a92ddc626b7b81c130ea7618) --- @@ -2186,12 +2182,12 @@ index 588aa3902f..5671311508 100644 } } -- -2.31.1 +2.41.0 -From 7c3f98fb5000b95419848b3b2519b677e8852f3f Mon Sep 17 00:00:00 2001 +From 9ac7bdc3d7eb104d7d95e2b1aa4e2b631f45051b Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Mon, 9 Aug 2021 12:01:35 +0200 -Subject: [PATCH 22/26] Test calculation of EC public key from private key +Subject: [PATCH 22/27] Test calculation of EC public key from private key (cherry picked from commit 246698671f941b2034518ab04f35009b2da77bb1) --- @@ -2229,12 +2225,12 @@ index 6c09238003..ecc34a3330 100644 NULL resource(%d) of type (OpenSSL key) -- -2.31.1 +2.41.0 -From 3b17fa3a6a34fd169c34e3d1dbb315c4c691c649 Mon Sep 17 00:00:00 2001 +From d8ffb2117e6b986cb4a5b8e5c0cf5c74af8a32fc Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Mon, 9 Aug 2021 11:12:20 +0200 -Subject: [PATCH 23/26] Use param API for creating EC keys +Subject: [PATCH 23/27] Use param API for creating EC keys Rather than the deprecated low level APIs. @@ -2386,12 +2382,12 @@ index 5671311508..5a76057c5f 100644 #endif -- -2.31.1 +2.41.0 -From 76efdaf49ccfb4462ce9493c04b5542570f72907 Mon Sep 17 00:00:00 2001 +From c1047e5c4bf6919ab9600318721d4fa6cbebb40b Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Mon, 9 Aug 2021 14:19:33 +0200 -Subject: [PATCH 24/26] Extract public key portion via PEM roundtrip +Subject: [PATCH 24/27] Extract public key portion via PEM roundtrip The workaround with cloning the X509_REQ no longer works in OpenSSL 3. Instead extract the public key portion by round @@ -2476,12 +2472,12 @@ index 5a76057c5f..00ab6dc73a 100644 if (tpubkey == NULL) { -- -2.31.1 +2.41.0 -From 134c4303f6ddca2553dadfe4e56808ef00ba39dd Mon Sep 17 00:00:00 2001 +From ee274b8bb13e8f9a3df79550be2ea3e4538c6326 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Tue, 10 Aug 2021 12:17:17 +0200 -Subject: [PATCH 25/26] Switch dh_param handling to EVP_PKEY API +Subject: [PATCH 25/27] Switch dh_param handling to EVP_PKEY API (cherry picked from commit ef787bae242fdd2e72625bbce6ab4ca466b1ef59) --- @@ -2546,12 +2542,12 @@ index 9710e44a07..f130bdee66 100644 return SUCCESS; } -- -2.31.1 +2.41.0 -From 7557896fc206bd318851b3810b55bb51dc43336f Mon Sep 17 00:00:00 2001 +From 6bb3f5d83ea5a108018b22b5e5b3b7dff77a66de Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Thu, 18 Nov 2021 15:08:19 +0100 -Subject: [PATCH 26/26] ignore remaining warnings +Subject: [PATCH 26/27] ignore remaining warnings --- ext/openssl/openssl.c | 3 ++- @@ -2579,5 +2575,30 @@ index 00ab6dc73a..b136729cb5 100644 EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); OSSL_PARAM *params = NULL; -- -2.31.1 +2.41.0 + +From 5019534853051a3cb3cce9811e98e583e568e112 Mon Sep 17 00:00:00 2001 +From: Remi Collet +Date: Mon, 26 Jun 2023 07:59:18 +0200 +Subject: [PATCH 27/27] don't use true + +--- + ext/openssl/openssl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c +index b136729cb5..d0fd976376 100644 +--- a/ext/openssl/openssl.c ++++ b/ext/openssl/openssl.c +@@ -4454,7 +4454,7 @@ static int php_openssl_pkey_init_legacy_ec(EC_KEY *eckey, zval *data, int *is_pr + } + + if (!EC_KEY_check_key(eckey)) { +- *is_private = true; ++ *is_private = 1; + PHP_OPENSSL_RAND_ADD_TIME(); + EC_KEY_generate_key(eckey); + php_openssl_store_errors(); +-- +2.41.0 diff --git a/php-cve-2023-3247.patch b/php-cve-2023-3247.patch new file mode 100644 index 0000000..e23aebf --- /dev/null +++ b/php-cve-2023-3247.patch @@ -0,0 +1,152 @@ +From 0cfca9aa1395271833848daec0bace51d965531d Mon Sep 17 00:00:00 2001 +From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> +Date: Sun, 16 Apr 2023 15:05:03 +0200 +Subject: [PATCH] Fix missing randomness check and insufficient random bytes + for SOAP HTTP Digest +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If php_random_bytes_throw fails, the nonce will be uninitialized, but +still sent to the server. The client nonce is intended to protect +against a malicious server. See section 5.10 and 5.12 of RFC 7616 [1], +and bullet point 2 below. + +Tim pointed out that even though it's the MD5 of the nonce that gets sent, +enumerating 31 bits is trivial. So we have still a stack information leak +of 31 bits. + +Furthermore, Tim found the following issues: +* The small size of cnonce might cause the server to erroneously reject + a request due to a repeated (cnonce, nc) pair. As per the birthday + problem 31 bits of randomness will return a duplication with 50% + chance after less than 55000 requests and nc always starts counting at 1. +* The cnonce is intended to protect the client and password against a + malicious server that returns a constant server nonce where the server + precomputed a rainbow table between passwords and correct client response. + As storage is fairly cheap, a server could precompute the client responses + for (a subset of) client nonces and still have a chance of reversing the + client response with the same probability as the cnonce duplication. + + Precomputing the rainbow table for all 2^31 cnonces increases the rainbow + table size by factor 2 billion, which is infeasible. But precomputing it + for 2^14 cnonces only increases the table size by factor 16k and the server + would still have a 10% chance of successfully reversing a password with a + single client request. + +This patch fixes the issues by increasing the nonce size, and checking +the return value of php_random_bytes_throw(). In the process we also get +rid of the MD5 hashing of the nonce. + +[1] RFC 7616: https://www.rfc-editor.org/rfc/rfc7616 + +Co-authored-by: Tim Düsterhus +(cherry picked from commit 126d517ce240e9f638d9a5eaa509eaca49ef562a) +--- + NEWS | 6 ++++++ + ext/soap/php_http.c | 21 +++++++++++++-------- + 2 files changed, 19 insertions(+), 8 deletions(-) + +diff --git a/NEWS b/NEWS +index 3f8739eae7..7c07635cad 100644 +--- a/NEWS ++++ b/NEWS +@@ -1,6 +1,12 @@ + PHP NEWS + ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| + ++Backported from 8.0.29 ++ ++- Soap: ++ . Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random ++ bytes in HTTP Digest authentication for SOAP). (nielsdos, timwolla) ++ + Backported from 8.0.28 + + - Core: +diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c +index ee3dcbdc9a..e3a9afdbe9 100644 +--- a/ext/soap/php_http.c ++++ b/ext/soap/php_http.c +@@ -666,18 +666,23 @@ int make_http_soap_request(zval *this_ptr, + if ((digest = zend_hash_str_find(Z_OBJPROP_P(this_ptr), "_digest", sizeof("_digest")-1)) != NULL) { + if (Z_TYPE_P(digest) == IS_ARRAY) { + char HA1[33], HA2[33], response[33], cnonce[33], nc[9]; +- zend_long nonce; ++ unsigned char nonce[16]; + PHP_MD5_CTX md5ctx; + unsigned char hash[16]; + +- php_random_bytes_throw(&nonce, sizeof(nonce)); +- nonce &= 0x7fffffff; ++ if (UNEXPECTED(php_random_bytes_throw(&nonce, sizeof(nonce)) != SUCCESS)) { ++ ZEND_ASSERT(EG(exception)); ++ php_stream_close(stream); ++ zend_hash_str_del(Z_OBJPROP_P(this_ptr), "httpurl", sizeof("httpurl")-1); ++ zend_hash_str_del(Z_OBJPROP_P(this_ptr), "httpsocket", sizeof("httpsocket")-1); ++ zend_hash_str_del(Z_OBJPROP_P(this_ptr), "_use_proxy", sizeof("_use_proxy")-1); ++ smart_str_free(&soap_headers_z); ++ smart_str_free(&soap_headers); ++ return FALSE; ++ } + +- PHP_MD5Init(&md5ctx); +- snprintf(cnonce, sizeof(cnonce), ZEND_LONG_FMT, nonce); +- PHP_MD5Update(&md5ctx, (unsigned char*)cnonce, strlen(cnonce)); +- PHP_MD5Final(hash, &md5ctx); +- make_digest(cnonce, hash); ++ php_hash_bin2hex(cnonce, nonce, sizeof(nonce)); ++ cnonce[32] = 0; + + if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "nc", sizeof("nc")-1)) != NULL && + Z_TYPE_P(tmp) == IS_LONG) { +From 40439039c224bb8cdebd1b7b3d03b8cc11e7cce7 Mon Sep 17 00:00:00 2001 +From: Remi Collet +Date: Tue, 6 Jun 2023 18:05:22 +0200 +Subject: [PATCH] Fix GH-11382 add missing hash header for bin2hex + +--- + ext/soap/php_http.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c +index e3a9afdbe9f..912b8e341d8 100644 +--- a/ext/soap/php_http.c ++++ b/ext/soap/php_http.c +@@ -22,6 +22,7 @@ + #include "ext/standard/base64.h" + #include "ext/standard/md5.h" + #include "ext/standard/php_random.h" ++#include "ext/hash/php_hash.h" + + static char *get_http_header_value_nodup(char *headers, char *type, size_t *len); + static char *get_http_header_value(char *headers, char *type); +-- +2.40.1 + +From f3021d66d7bb42d2578530cc94f9bde47e58eb10 Mon Sep 17 00:00:00 2001 +From: Remi Collet +Date: Thu, 15 Jun 2023 08:47:55 +0200 +Subject: [PATCH] add cve + +--- + NEWS | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/NEWS b/NEWS +index 7c07635cade..899644b3d63 100644 +--- a/NEWS ++++ b/NEWS +@@ -5,7 +5,8 @@ Backported from 8.0.29 + + - Soap: + . Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random +- bytes in HTTP Digest authentication for SOAP). (nielsdos, timwolla) ++ bytes in HTTP Digest authentication for SOAP). ++ (CVE-2023-3247) (nielsdos, timwolla) + + Backported from 8.0.28 + +-- +2.40.1 + diff --git a/php-ghsa-76gg-c692-v2mw.patch b/php-ghsa-76gg-c692-v2mw.patch deleted file mode 100644 index aa67ee6..0000000 --- a/php-ghsa-76gg-c692-v2mw.patch +++ /dev/null @@ -1,126 +0,0 @@ -From 0cfca9aa1395271833848daec0bace51d965531d Mon Sep 17 00:00:00 2001 -From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> -Date: Sun, 16 Apr 2023 15:05:03 +0200 -Subject: [PATCH] Fix missing randomness check and insufficient random bytes - for SOAP HTTP Digest -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -If php_random_bytes_throw fails, the nonce will be uninitialized, but -still sent to the server. The client nonce is intended to protect -against a malicious server. See section 5.10 and 5.12 of RFC 7616 [1], -and bullet point 2 below. - -Tim pointed out that even though it's the MD5 of the nonce that gets sent, -enumerating 31 bits is trivial. So we have still a stack information leak -of 31 bits. - -Furthermore, Tim found the following issues: -* The small size of cnonce might cause the server to erroneously reject - a request due to a repeated (cnonce, nc) pair. As per the birthday - problem 31 bits of randomness will return a duplication with 50% - chance after less than 55000 requests and nc always starts counting at 1. -* The cnonce is intended to protect the client and password against a - malicious server that returns a constant server nonce where the server - precomputed a rainbow table between passwords and correct client response. - As storage is fairly cheap, a server could precompute the client responses - for (a subset of) client nonces and still have a chance of reversing the - client response with the same probability as the cnonce duplication. - - Precomputing the rainbow table for all 2^31 cnonces increases the rainbow - table size by factor 2 billion, which is infeasible. But precomputing it - for 2^14 cnonces only increases the table size by factor 16k and the server - would still have a 10% chance of successfully reversing a password with a - single client request. - -This patch fixes the issues by increasing the nonce size, and checking -the return value of php_random_bytes_throw(). In the process we also get -rid of the MD5 hashing of the nonce. - -[1] RFC 7616: https://www.rfc-editor.org/rfc/rfc7616 - -Co-authored-by: Tim Düsterhus -(cherry picked from commit 126d517ce240e9f638d9a5eaa509eaca49ef562a) ---- - NEWS | 6 ++++++ - ext/soap/php_http.c | 21 +++++++++++++-------- - 2 files changed, 19 insertions(+), 8 deletions(-) - -diff --git a/NEWS b/NEWS -index 3f8739eae7..7c07635cad 100644 ---- a/NEWS -+++ b/NEWS -@@ -1,6 +1,12 @@ - PHP NEWS - ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| - -+Backported from 8.0.29 -+ -+- Soap: -+ . Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random -+ bytes in HTTP Digest authentication for SOAP). (nielsdos, timwolla) -+ - Backported from 8.0.28 - - - Core: -diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c -index ee3dcbdc9a..e3a9afdbe9 100644 ---- a/ext/soap/php_http.c -+++ b/ext/soap/php_http.c -@@ -666,18 +666,23 @@ int make_http_soap_request(zval *this_ptr, - if ((digest = zend_hash_str_find(Z_OBJPROP_P(this_ptr), "_digest", sizeof("_digest")-1)) != NULL) { - if (Z_TYPE_P(digest) == IS_ARRAY) { - char HA1[33], HA2[33], response[33], cnonce[33], nc[9]; -- zend_long nonce; -+ unsigned char nonce[16]; - PHP_MD5_CTX md5ctx; - unsigned char hash[16]; - -- php_random_bytes_throw(&nonce, sizeof(nonce)); -- nonce &= 0x7fffffff; -+ if (UNEXPECTED(php_random_bytes_throw(&nonce, sizeof(nonce)) != SUCCESS)) { -+ ZEND_ASSERT(EG(exception)); -+ php_stream_close(stream); -+ zend_hash_str_del(Z_OBJPROP_P(this_ptr), "httpurl", sizeof("httpurl")-1); -+ zend_hash_str_del(Z_OBJPROP_P(this_ptr), "httpsocket", sizeof("httpsocket")-1); -+ zend_hash_str_del(Z_OBJPROP_P(this_ptr), "_use_proxy", sizeof("_use_proxy")-1); -+ smart_str_free(&soap_headers_z); -+ smart_str_free(&soap_headers); -+ return FALSE; -+ } - -- PHP_MD5Init(&md5ctx); -- snprintf(cnonce, sizeof(cnonce), ZEND_LONG_FMT, nonce); -- PHP_MD5Update(&md5ctx, (unsigned char*)cnonce, strlen(cnonce)); -- PHP_MD5Final(hash, &md5ctx); -- make_digest(cnonce, hash); -+ php_hash_bin2hex(cnonce, nonce, sizeof(nonce)); -+ cnonce[32] = 0; - - if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "nc", sizeof("nc")-1)) != NULL && - Z_TYPE_P(tmp) == IS_LONG) { -From 40439039c224bb8cdebd1b7b3d03b8cc11e7cce7 Mon Sep 17 00:00:00 2001 -From: Remi Collet -Date: Tue, 6 Jun 2023 18:05:22 +0200 -Subject: [PATCH] Fix GH-11382 add missing hash header for bin2hex - ---- - ext/soap/php_http.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c -index e3a9afdbe9f..912b8e341d8 100644 ---- a/ext/soap/php_http.c -+++ b/ext/soap/php_http.c -@@ -22,6 +22,7 @@ - #include "ext/standard/base64.h" - #include "ext/standard/md5.h" - #include "ext/standard/php_random.h" -+#include "ext/hash/php_hash.h" - - static char *get_http_header_value_nodup(char *headers, char *type, size_t *len); - static char *get_http_header_value(char *headers, char *type); --- -2.40.1 - diff --git a/php.spec b/php.spec index f925080..ada1b08 100644 --- a/php.spec +++ b/php.spec @@ -179,7 +179,7 @@ Patch200: php-bug81740.patch Patch201: php-bug81744.patch Patch202: php-bug81746.patch Patch203: php-cve-2023-0662.patch -Patch204: php-ghsa-76gg-c692-v2mw.patch +Patch204: php-cve-2023-3247.patch # Fixes for tests (300+) # Factory is droped from system tzdata @@ -964,7 +964,7 @@ rm ext/openssl/tests/p12_with_extra_certs.p12 %patch -P201 -p1 -b .bug81744 %patch -P202 -p1 -b .bug81746 %patch -P203 -p1 -b .cve0662 -%patch -P204 -p1 -b .ghsa-76gg-c692-v2mw +%patch -P204 -p1 -b .cve3247 # Fixes for tests %patch -P300 -p1 -b .datetests @@ -1857,7 +1857,7 @@ EOF * Tue Jun 6 2023 Remi Collet - 7.4.33-7 - Fix Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP - GHSA-76gg-c692-v2mw + GHSA-76gg-c692-v2mw CVE-2023-3247 * Fri Apr 14 2023 Remi Collet - 7.4.33-6 - use ICU 72.1 -- cgit