Version in base suite: 3.0.19-1+deb12u2

Base version: php-phpseclib3_3.0.19-1+deb12u2
Target version: php-phpseclib3_3.0.19-1+deb12u3
Base file: /srv/ftp-master.debian.org/ftp/pool/main/p/php-phpseclib3/php-phpseclib3_3.0.19-1+deb12u2.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/p/php-phpseclib3/php-phpseclib3_3.0.19-1+deb12u3.dsc

 /srv/release.debian.org/tmp/tWnYHRB46D/php-phpseclib3-3.0.19/debian/patches/0013-ASN1-limit-OID-length.patch |binary
 php-phpseclib3-3.0.19/debian/autoload.php.tpl                                                                |   31 +++++
 php-phpseclib3-3.0.19/debian/changelog                                                                       |   13 ++
 php-phpseclib3-3.0.19/debian/clean                                                                           |    3 
 php-phpseclib3-3.0.19/debian/patches/0011-BigInteger-put-guardrails-on-isPrime-and-randomPrime.patch         |   42 ++++++
 php-phpseclib3-3.0.19/debian/patches/0012-Tests-add-unit-test-for-EC-pub-key-with-excessively-.patch         |   46 +++++++
 php-phpseclib3-3.0.19/debian/patches/0014-Tests-updates-for-phpseclib-2.0.patch                              |   22 +++
 php-phpseclib3-3.0.19/debian/patches/0015-Tests-phpseclib-3.0-updates.patch                                  |   35 +++++
 php-phpseclib3-3.0.19/debian/patches/0016-BigInteger-optimize-getLength.patch                                |   62 ++++++++++
 php-phpseclib3-3.0.19/debian/patches/series                                                                  |    6 
 php-phpseclib3-3.0.19/debian/rules                                                                           |    6 
 php-phpseclib3-3.0.19/debian/source/include-binaries                                                         |    1 
 12 files changed, 262 insertions(+), 5 deletions(-)

diff -Nru php-phpseclib3-3.0.19/debian/autoload.php.tpl php-phpseclib3-3.0.19/debian/autoload.php.tpl
--- php-phpseclib3-3.0.19/debian/autoload.php.tpl	1970-01-01 00:00:00.000000000 +0000
+++ php-phpseclib3-3.0.19/debian/autoload.php.tpl	2024-02-27 20:58:00.000000000 +0000
@@ -0,0 +1,31 @@
+<?php
+
+// Require
+require_once __DIR__ . '/../ParagonIE/ConstantTime/autoload.php';
+require_once __DIR__ . '/../random_compat/random.php';
+
+// Suggest
+
+// @codingStandardsIgnoreFile
+// @codeCoverageIgnoreStart
+// this is an autogenerated file - do not edit
+spl_autoload_register(
+    function($class) {
+        static $classes = null;
+        if ($classes === null) {
+            $classes = array(
+                ___CLASSLIST___
+            );
+        }
+        $cn = strtolower($class);
+        if (isset($classes[$cn])) {
+            require ___BASEDIR___$classes[$cn];
+        }
+    },
+    ___EXCEPTION___,
+    ___PREPEND___
+);
+// @codeCoverageIgnoreEnd
+
+// Files
+require_once __DIR__.'/bootstrap.php';
diff -Nru php-phpseclib3-3.0.19/debian/changelog php-phpseclib3-3.0.19/debian/changelog
--- php-phpseclib3-3.0.19/debian/changelog	2023-12-31 11:13:49.000000000 +0000
+++ php-phpseclib3-3.0.19/debian/changelog	2024-02-27 20:58:00.000000000 +0000
@@ -1,3 +1,16 @@
+php-phpseclib3 (3.0.19-1+deb12u3) bookworm; urgency=medium
+
+  * Backport upstream fixes
+    - BigInteger: put guardrails on isPrime() and randomPrime() [CVE-2024-27354]
+    - Tests: add unit test for EC pub key with excessively large integer
+    - ASN1: limit OID length [CVE-2024-27355]
+    - Tests: updates for phpseclib 2.0
+    - Tests: phpseclib 3.0 updates
+    - BigInteger: optimize getLength()
+  * Force system dependencies loading
+
+ -- David PrÃ©vot <taffit@debian.org>  Tue, 27 Feb 2024 21:58:00 +0100
+
 php-phpseclib3 (3.0.19-1+deb12u2) bookworm-security; urgency=medium
 
   * Backport upstream SSH2 changes
diff -Nru php-phpseclib3-3.0.19/debian/clean php-phpseclib3-3.0.19/debian/clean
--- php-phpseclib3-3.0.19/debian/clean	2023-12-31 11:13:49.000000000 +0000
+++ php-phpseclib3-3.0.19/debian/clean	2024-02-27 20:58:00.000000000 +0000
@@ -1,6 +1,7 @@
-debian/autoload.php.tpl
 debian/autoload.tests.php.tpl
+ParagonIE
 phpseclib/autoload.php
 phpseclib3
+random_compat
 tests/.phpunit.result.cache
 vendor/
diff -Nru php-phpseclib3-3.0.19/debian/patches/0011-BigInteger-put-guardrails-on-isPrime-and-randomPrime.patch php-phpseclib3-3.0.19/debian/patches/0011-BigInteger-put-guardrails-on-isPrime-and-randomPrime.patch
--- php-phpseclib3-3.0.19/debian/patches/0011-BigInteger-put-guardrails-on-isPrime-and-randomPrime.patch	1970-01-01 00:00:00.000000000 +0000
+++ php-phpseclib3-3.0.19/debian/patches/0011-BigInteger-put-guardrails-on-isPrime-and-randomPrime.patch	2024-02-27 20:58:00.000000000 +0000
@@ -0,0 +1,42 @@
+From: terrafrost <terrafrost@gmail.com>
+Date: Sat, 24 Feb 2024 08:38:47 -0600
+Subject: BigInteger: put guardrails on isPrime() and randomPrime()
+
+Origin: upstream, https://github.com/phpseclib/phpseclib/commit/0358eb163c55a9fd7b3848b9ecc83f6b9e49dbf5
+Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2024-27354
+---
+ phpseclib/Math/BigInteger/Engines/Engine.php | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/phpseclib/Math/BigInteger/Engines/Engine.php b/phpseclib/Math/BigInteger/Engines/Engine.php
+index 2b00bc3..3a735e7 100644
+--- a/phpseclib/Math/BigInteger/Engines/Engine.php
++++ b/phpseclib/Math/BigInteger/Engines/Engine.php
+@@ -781,6 +781,11 @@ abstract class Engine implements \JsonSerializable
+             $min = $temp;
+         }
+ 
++        $length = $max->getLength();
++        if ($length > 8196) {
++            throw new \RuntimeException("Generation of random prime numbers larger than 8196 has been disabled ($length)");
++        }
++
+         $x = static::randomRange($min, $max);
+ 
+         return static::randomRangePrimeInner($x, $min, $max);
+@@ -985,6 +990,15 @@ abstract class Engine implements \JsonSerializable
+      */
+     public function isPrime($t = false)
+     {
++        // OpenSSL limits RSA keys to 16384 bits. The length of an RSA key is equal to the length of the modulo, which is
++        // produced by multiplying the primes p and q by one another. The largest number two 8196 bit primes can produce is
++        // a 16384 bit number so, basically, 8196 bit primes are the largest OpenSSL will generate and if that's the largest
++        // that it'll generate it also stands to reason that that's the largest you'll be able to test primality on
++        $length = $this->getLength();
++        if ($length > 8196) {
++            throw new \RuntimeException("Primality testing is not supported for numbers larger than 8196 bits ($length)");
++        }
++
+         if (!$t) {
+             $t = $this->setupIsPrime();
+         }
diff -Nru php-phpseclib3-3.0.19/debian/patches/0012-Tests-add-unit-test-for-EC-pub-key-with-excessively-.patch php-phpseclib3-3.0.19/debian/patches/0012-Tests-add-unit-test-for-EC-pub-key-with-excessively-.patch
--- php-phpseclib3-3.0.19/debian/patches/0012-Tests-add-unit-test-for-EC-pub-key-with-excessively-.patch	1970-01-01 00:00:00.000000000 +0000
+++ php-phpseclib3-3.0.19/debian/patches/0012-Tests-add-unit-test-for-EC-pub-key-with-excessively-.patch	2024-02-27 20:58:00.000000000 +0000
@@ -0,0 +1,46 @@
+From: terrafrost <terrafrost@gmail.com>
+Date: Sat, 24 Feb 2024 08:42:27 -0600
+Subject: Tests: add unit test for EC pub key with excessively large integer
+
+Origin: backport, https://github.com/phpseclib/phpseclib/commit/e17409a3e39baf7c8ed9635c04130802463b117b
+---
+ tests/Unit/File/X509/X509Test.php    |  12 ++++++++++++
+ tests/Unit/File/X509/mal-cert-01.der | Bin 0 -> 3249 bytes
+ 2 files changed, 12 insertions(+)
+ create mode 100644 tests/Unit/File/X509/mal-cert-01.der
+
+diff --git a/tests/Unit/File/X509/X509Test.php b/tests/Unit/File/X509/X509Test.php
+index 32e8be7..aded4da 100644
+--- a/tests/Unit/File/X509/X509Test.php
++++ b/tests/Unit/File/X509/X509Test.php
+@@ -1289,4 +1289,16 @@ BbNA6tFZAwLoX18R6yEmzHAQ+R2Eliiaz7mgQ+M2d0ec6qQJFoO7aJsX
+ 
+         $this->assertIsArray($r);
+     }
++
++    public function testLargeInteger()
++    {
++        // cert has an elliptic curve public key with a specified curve (vs a named curve) with
++        // an excessively large integer value
++        $cert = file_get_contents(__DIR__ . '/mal-cert-01.der');
++
++        $x509 = new X509();
++        $x509->loadX509($cert);
++        $this->expectException(\RuntimeException::class);
++        $x509->getPublicKey();
++    }
+ }
+diff --git a/tests/Unit/File/X509/mal-cert-01.der b/tests/Unit/File/X509/mal-cert-01.der
+new file mode 100644
+index 0000000..3219ccd
+--- /dev/null
++++ b/tests/Unit/File/X509/mal-cert-01.der
+@@ -0,0 +1,7 @@
++0‚­0‚S '¹Ç×ÔQat.øâæ
++„ÝÜcjF0
++*†HÎ=010U	MALFORMED0231129085349Z241123085349Z010U	MALFORMED0‚ˆ0‚`*†HÎ=0‚S0‚
++¦*†HÎ=‚
++™ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ0[                                                                  Ä6†ç“jfxá&·Ÿ~!y¾f~ùÜ»¬U b•Î‡›üÛ-Î(ÙYò[ø˜! ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿþº®Üæ¯H ;¿Ò^ŒÐ6AA" 
++FÆ’ì‘nÀØ¹4 €¨„ç#WEÝ5O$ýdðQ9A£S0Q0Uf7ü¸’€ÿêûÍáß±ø‚0U#0€f7ü¸’€ÿêûÍáß±ø‚0Uÿ0ÿ0
++*†HÎ=H 0E üÄP4>¿|Hñv>/Kw³QÄƒ[H	{µa­’! ˜Ûå„`XÙïÎöt{äÁoñØÊsÑ±Å2Âä†ç²
+\ No newline at end of file
Binary files /srv/release.debian.org/tmp/imCukbhaZn/php-phpseclib3-3.0.19/debian/patches/0013-ASN1-limit-OID-length.patch and /srv/release.debian.org/tmp/tWnYHRB46D/php-phpseclib3-3.0.19/debian/patches/0013-ASN1-limit-OID-length.patch differ
diff -Nru php-phpseclib3-3.0.19/debian/patches/0014-Tests-updates-for-phpseclib-2.0.patch php-phpseclib3-3.0.19/debian/patches/0014-Tests-updates-for-phpseclib-2.0.patch
--- php-phpseclib3-3.0.19/debian/patches/0014-Tests-updates-for-phpseclib-2.0.patch	1970-01-01 00:00:00.000000000 +0000
+++ php-phpseclib3-3.0.19/debian/patches/0014-Tests-updates-for-phpseclib-2.0.patch	2024-02-27 20:58:00.000000000 +0000
@@ -0,0 +1,22 @@
+From: terrafrost <terrafrost@gmail.com>
+Date: Sat, 24 Feb 2024 13:26:33 -0600
+Subject: Tests: updates for phpseclib 2.0
+
+Origin: upstream, https://github.com/phpseclib/phpseclib/commit/0777e700b966b68287081cdb83e89834b846f84a
+---
+ tests/Unit/File/ASN1Test.php | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/Unit/File/ASN1Test.php b/tests/Unit/File/ASN1Test.php
+index 15d0a4b..72425d8 100644
+--- a/tests/Unit/File/ASN1Test.php
++++ b/tests/Unit/File/ASN1Test.php
+@@ -455,7 +455,7 @@ class ASN1Test extends PhpseclibTestCase
+     {
+         $cert = file_get_contents(dirname(__FILE__) . '/ASN1/mal-cert-02.der');
+ 
+-        $asn1 = new File_ASN1();
++        $asn1 = new ASN1();
+         //$this->setExpectedException('PHPUnit_Framework_Error_Notice');
+         $decoded = $asn1->decodeBER($cert);
+         $this->assertFalse($decoded[0]);
diff -Nru php-phpseclib3-3.0.19/debian/patches/0015-Tests-phpseclib-3.0-updates.patch php-phpseclib3-3.0.19/debian/patches/0015-Tests-phpseclib-3.0-updates.patch
--- php-phpseclib3-3.0.19/debian/patches/0015-Tests-phpseclib-3.0-updates.patch	1970-01-01 00:00:00.000000000 +0000
+++ php-phpseclib3-3.0.19/debian/patches/0015-Tests-phpseclib-3.0-updates.patch	2024-02-27 20:58:00.000000000 +0000
@@ -0,0 +1,35 @@
+From: terrafrost <terrafrost@gmail.com>
+Date: Sat, 24 Feb 2024 13:23:49 -0600
+Subject: Tests: phpseclib 3.0 updates
+
+Origin: upstream, https://github.com/phpseclib/phpseclib/commit/baba459ca1b2619b173805ca3dfedc4e5a88eac6
+---
+ phpseclib/File/ASN1.php      | 2 +-
+ tests/Unit/File/ASN1Test.php | 1 -
+ 2 files changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/phpseclib/File/ASN1.php b/phpseclib/File/ASN1.php
+index 41ee514..26bc0bf 100644
+--- a/phpseclib/File/ASN1.php
++++ b/phpseclib/File/ASN1.php
+@@ -1151,7 +1151,7 @@ abstract class ASN1
+         $len = strlen($content);
+         // see https://github.com/openjdk/jdk/blob/2deb318c9f047ec5a4b160d66a4b52f93688ec42/src/java.base/share/classes/sun/security/util/ObjectIdentifier.java#L55
+         if ($len > 4096) {
+-            //user_error('Object Identifier size is limited to 4096 bytes');
++            //throw new \RuntimeException("Object identifier size is limited to 4096 bytes ($len bytes present)");
+             return false;
+         }
+ 
+diff --git a/tests/Unit/File/ASN1Test.php b/tests/Unit/File/ASN1Test.php
+index 72425d8..b39ce46 100644
+--- a/tests/Unit/File/ASN1Test.php
++++ b/tests/Unit/File/ASN1Test.php
+@@ -456,7 +456,6 @@ class ASN1Test extends PhpseclibTestCase
+         $cert = file_get_contents(dirname(__FILE__) . '/ASN1/mal-cert-02.der');
+ 
+         $asn1 = new ASN1();
+-        //$this->setExpectedException('PHPUnit_Framework_Error_Notice');
+         $decoded = $asn1->decodeBER($cert);
+         $this->assertFalse($decoded[0]);
+ 
diff -Nru php-phpseclib3-3.0.19/debian/patches/0016-BigInteger-optimize-getLength.patch php-phpseclib3-3.0.19/debian/patches/0016-BigInteger-optimize-getLength.patch
--- php-phpseclib3-3.0.19/debian/patches/0016-BigInteger-optimize-getLength.patch	1970-01-01 00:00:00.000000000 +0000
+++ php-phpseclib3-3.0.19/debian/patches/0016-BigInteger-optimize-getLength.patch	2024-02-27 20:58:00.000000000 +0000
@@ -0,0 +1,62 @@
+From: terrafrost <terrafrost@gmail.com>
+Date: Sat, 24 Feb 2024 13:41:06 -0600
+Subject: BigInteger: optimize getLength()
+
+Origin: backport, https://github.com/phpseclib/phpseclib/commit/a922309855328273b818bbff049e9f422b0678ed
+---
+ phpseclib/Math/BigInteger/Engines/Engine.php |  2 +-
+ phpseclib/Math/BigInteger/Engines/PHP.php    | 13 +++++++++++++
+ tests/Unit/File/ASN1Test.php                 |  5 ++---
+ 3 files changed, 16 insertions(+), 4 deletions(-)
+
+diff --git a/phpseclib/Math/BigInteger/Engines/Engine.php b/phpseclib/Math/BigInteger/Engines/Engine.php
+index 3a735e7..4c2c298 100644
+--- a/phpseclib/Math/BigInteger/Engines/Engine.php
++++ b/phpseclib/Math/BigInteger/Engines/Engine.php
+@@ -619,7 +619,7 @@ abstract class Engine implements \JsonSerializable
+      */
+     public function getLengthInBytes()
+     {
+-        return strlen($this->toBytes());
++        return (int) ceil($this->getLength() / 8);
+     }
+ 
+     /**
+diff --git a/phpseclib/Math/BigInteger/Engines/PHP.php b/phpseclib/Math/BigInteger/Engines/PHP.php
+index ab9bdc9..37bc168 100644
+--- a/phpseclib/Math/BigInteger/Engines/PHP.php
++++ b/phpseclib/Math/BigInteger/Engines/PHP.php
+@@ -1326,4 +1326,17 @@ abstract class PHP extends Engine
+ 
+         return array_reverse($vals);
+     }
++
++    /**
++     * Return the size of a BigInteger in bits
++     *
++     * @return int
++     */
++    public function getLength()
++    {
++        $max = count($this->value) - 1;
++        return $max != -1 ?
++            $max * static::BASE + intval(ceil(log($this->value[$max] + 1, 2))) :
++            0;
++    }
+ }
+diff --git a/tests/Unit/File/ASN1Test.php b/tests/Unit/File/ASN1Test.php
+index b39ce46..0dd40ed 100644
+--- a/tests/Unit/File/ASN1Test.php
++++ b/tests/Unit/File/ASN1Test.php
+@@ -455,9 +455,8 @@ class ASN1Test extends PhpseclibTestCase
+     {
+         $cert = file_get_contents(dirname(__FILE__) . '/ASN1/mal-cert-02.der');
+ 
+-        $asn1 = new ASN1();
+-        $decoded = $asn1->decodeBER($cert);
+-        $this->assertFalse($decoded[0]);
++        $decoded = ASN1::decodeBER($cert);
++        $this->assertNull($decoded);
+ 
+         //$x509 = new X509();
+         //$x509->loadX509($cert);
diff -Nru php-phpseclib3-3.0.19/debian/patches/series php-phpseclib3-3.0.19/debian/patches/series
--- php-phpseclib3-3.0.19/debian/patches/series	2023-12-31 11:13:49.000000000 +0000
+++ php-phpseclib3-3.0.19/debian/patches/series	2024-02-27 20:58:00.000000000 +0000
@@ -8,3 +8,9 @@
 0008-SSH2-add-support-for-RFC8308.patch
 0009-SSH2-CS-adjustment.patch
 0010-SSH2-implement-terrapin-attack-countermeasures.patch
+0011-BigInteger-put-guardrails-on-isPrime-and-randomPrime.patch
+0012-Tests-add-unit-test-for-EC-pub-key-with-excessively-.patch
+0013-ASN1-limit-OID-length.patch
+0014-Tests-updates-for-phpseclib-2.0.patch
+0015-Tests-phpseclib-3.0-updates.patch
+0016-BigInteger-optimize-getLength.patch
diff -Nru php-phpseclib3-3.0.19/debian/rules php-phpseclib3-3.0.19/debian/rules
--- php-phpseclib3-3.0.19/debian/rules	2023-12-31 11:13:49.000000000 +0000
+++ php-phpseclib3-3.0.19/debian/rules	2024-02-27 20:58:00.000000000 +0000
@@ -3,10 +3,6 @@
 	dh $@
 
 override_dh_auto_build:
-	phpabtpl \
-		--basedir phpseclib \
-		composer.json \
-		> debian/autoload.php.tpl
 	phpab \
 		--output phpseclib/autoload.php \
 		--template debian/autoload.php.tpl \
@@ -20,6 +16,8 @@
 		--template debian/autoload.tests.php.tpl \
 	tests
 	ln -s phpseclib phpseclib3
+	ln -s /usr/share/php/ParagonIE
+	ln -s /usr/share/php/random_compat
 
 override_dh_auto_test:
 	phpunit --verbose --configuration tests/phpunit.xml
diff -Nru php-phpseclib3-3.0.19/debian/source/include-binaries php-phpseclib3-3.0.19/debian/source/include-binaries
--- php-phpseclib3-3.0.19/debian/source/include-binaries	1970-01-01 00:00:00.000000000 +0000
+++ php-phpseclib3-3.0.19/debian/source/include-binaries	2024-02-27 20:58:00.000000000 +0000
@@ -0,0 +1 @@
+debian/patches/0013-ASN1-limit-OID-length.patch