Version in base suite: 7.4.33-1+deb11u3

Base version: php7.4_7.4.33-1+deb11u3
Target version: php7.4_7.4.33-1+deb11u4
Base file: /srv/ftp-master.debian.org/ftp/pool/main/p/php7.4/php7.4_7.4.33-1+deb11u3.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/p/php7.4/php7.4_7.4.33-1+deb11u4.dsc

 changelog                                                               |    8 
 patches/0059-Fix-missing-randomness-check-and-insufficient-random.patch |  101 ++++++++++
 patches/0060-Fix-GH-11382-add-missing-hash-header-for-bin2hex.patch     |   20 +
 patches/series                                                          |    2 
 4 files changed, 131 insertions(+)

diff -Nru php7.4-7.4.33/debian/changelog php7.4-7.4.33/debian/changelog
--- php7.4-7.4.33/debian/changelog	2023-02-22 20:07:47.000000000 +0000
+++ php7.4-7.4.33/debian/changelog	2023-06-09 16:51:37.000000000 +0000
@@ -1,3 +1,11 @@
+php7.4 (7.4.33-1+deb11u4) bullseye-security; urgency=high
+
+  * Backported from 8.0.29
+   + GHSA-76gg-c692-v2mw: Missing error check and insufficient random
+     bytes in HTTP Digest authentication for SOAP.
+
+ -- Ondřej Surý <ondrej@debian.org>  Fri, 09 Jun 2023 18:51:37 +0200
+
 php7.4 (7.4.33-1+deb11u3) bullseye-security; urgency=high
 
   * Fix GH-10187: Segfault in stripslashes() with arm64
diff -Nru php7.4-7.4.33/debian/patches/0059-Fix-missing-randomness-check-and-insufficient-random.patch php7.4-7.4.33/debian/patches/0059-Fix-missing-randomness-check-and-insufficient-random.patch
--- php7.4-7.4.33/debian/patches/0059-Fix-missing-randomness-check-and-insufficient-random.patch	1970-01-01 00:00:00.000000000 +0000
+++ php7.4-7.4.33/debian/patches/0059-Fix-missing-randomness-check-and-insufficient-random.patch	2023-06-09 16:51:37.000000000 +0000
@@ -0,0 +1,101 @@
+From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
+Date: Sun, 16 Apr 2023 15:05:03 +0200
+Subject: Fix missing randomness check and insufficient random bytes for SOAP
+ HTTP Digest
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+If php_random_bytes_throw fails, the nonce will be uninitialized, but
+still sent to the server. The client nonce is intended to protect
+against a malicious server. See section 5.10 and 5.12 of RFC 7616 [1],
+and bullet point 2 below.
+
+Tim pointed out that even though it's the MD5 of the nonce that gets sent,
+enumerating 31 bits is trivial. So we have still a stack information leak
+of 31 bits.
+
+Furthermore, Tim found the following issues:
+* The small size of cnonce might cause the server to erroneously reject
+  a request due to a repeated (cnonce, nc) pair. As per the birthday
+  problem 31 bits of randomness will return a duplication with 50%
+  chance after less than 55000 requests and nc always starts counting at 1.
+* The cnonce is intended to protect the client and password against a
+  malicious server that returns a constant server nonce where the server
+  precomputed a rainbow table between passwords and correct client response.
+  As storage is fairly cheap, a server could precompute the client responses
+  for (a subset of) client nonces and still have a chance of reversing the
+  client response with the same probability as the cnonce duplication.
+
+  Precomputing the rainbow table for all 2^31 cnonces increases the rainbow
+  table size by factor 2 billion, which is infeasible. But precomputing it
+  for 2^14 cnonces only increases the table size by factor 16k and the server
+  would still have a 10% chance of successfully reversing a password with a
+  single client request.
+
+This patch fixes the issues by increasing the nonce size, and checking
+the return value of php_random_bytes_throw(). In the process we also get
+rid of the MD5 hashing of the nonce.
+
+[1] RFC 7616: https://www.rfc-editor.org/rfc/rfc7616
+
+Co-authored-by: Tim Düsterhus <timwolla@php.net>
+(cherry picked from commit 126d517ce240e9f638d9a5eaa509eaca49ef562a)
+---
+ NEWS                |  6 ++++++
+ ext/soap/php_http.c | 21 +++++++++++++--------
+ 2 files changed, 19 insertions(+), 8 deletions(-)
+
+diff --git a/NEWS b/NEWS
+index 3f8739e..7c07635 100644
+--- a/NEWS
++++ b/NEWS
+@@ -1,6 +1,12 @@
+ PHP                                                                        NEWS
+ |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
+ 
++Backported from 8.0.29
++
++- Soap:
++  . Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random
++    bytes in HTTP Digest authentication for SOAP). (nielsdos, timwolla)
++
+ Backported from 8.0.28
+ 
+ - Core:
+diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c
+index ee3dcbd..e3a9afd 100644
+--- a/ext/soap/php_http.c
++++ b/ext/soap/php_http.c
+@@ -666,18 +666,23 @@ try_again:
+ 			if ((digest = zend_hash_str_find(Z_OBJPROP_P(this_ptr), "_digest", sizeof("_digest")-1)) != NULL) {
+ 				if (Z_TYPE_P(digest) == IS_ARRAY) {
+ 					char          HA1[33], HA2[33], response[33], cnonce[33], nc[9];
+-					zend_long     nonce;
++					unsigned char nonce[16];
+ 					PHP_MD5_CTX   md5ctx;
+ 					unsigned char hash[16];
+ 
+-					php_random_bytes_throw(&nonce, sizeof(nonce));
+-					nonce &= 0x7fffffff;
++					if (UNEXPECTED(php_random_bytes_throw(&nonce, sizeof(nonce)) != SUCCESS)) {
++						ZEND_ASSERT(EG(exception));
++						php_stream_close(stream);
++						zend_hash_str_del(Z_OBJPROP_P(this_ptr), "httpurl", sizeof("httpurl")-1);
++						zend_hash_str_del(Z_OBJPROP_P(this_ptr), "httpsocket", sizeof("httpsocket")-1);
++						zend_hash_str_del(Z_OBJPROP_P(this_ptr), "_use_proxy", sizeof("_use_proxy")-1);
++						smart_str_free(&soap_headers_z);
++						smart_str_free(&soap_headers);
++						return FALSE;
++					}
+ 
+-					PHP_MD5Init(&md5ctx);
+-					snprintf(cnonce, sizeof(cnonce), ZEND_LONG_FMT, nonce);
+-					PHP_MD5Update(&md5ctx, (unsigned char*)cnonce, strlen(cnonce));
+-					PHP_MD5Final(hash, &md5ctx);
+-					make_digest(cnonce, hash);
++					php_hash_bin2hex(cnonce, nonce, sizeof(nonce));
++					cnonce[32] = 0;
+ 
+ 					if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "nc", sizeof("nc")-1)) != NULL &&
+ 					    Z_TYPE_P(tmp) == IS_LONG) {
diff -Nru php7.4-7.4.33/debian/patches/0060-Fix-GH-11382-add-missing-hash-header-for-bin2hex.patch php7.4-7.4.33/debian/patches/0060-Fix-GH-11382-add-missing-hash-header-for-bin2hex.patch
--- php7.4-7.4.33/debian/patches/0060-Fix-GH-11382-add-missing-hash-header-for-bin2hex.patch	1970-01-01 00:00:00.000000000 +0000
+++ php7.4-7.4.33/debian/patches/0060-Fix-GH-11382-add-missing-hash-header-for-bin2hex.patch	2023-06-09 16:51:37.000000000 +0000
@@ -0,0 +1,20 @@
+From: Remi Collet <remi@remirepo.net>
+Date: Tue, 6 Jun 2023 18:05:22 +0200
+Subject: Fix GH-11382 add missing hash header for bin2hex
+
+---
+ ext/soap/php_http.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c
+index e3a9afd..912b8e3 100644
+--- a/ext/soap/php_http.c
++++ b/ext/soap/php_http.c
+@@ -22,6 +22,7 @@
+ #include "ext/standard/base64.h"
+ #include "ext/standard/md5.h"
+ #include "ext/standard/php_random.h"
++#include "ext/hash/php_hash.h"
+ 
+ static char *get_http_header_value_nodup(char *headers, char *type, size_t *len);
+ static char *get_http_header_value(char *headers, char *type);
diff -Nru php7.4-7.4.33/debian/patches/series php7.4-7.4.33/debian/patches/series
--- php7.4-7.4.33/debian/patches/series	2023-02-22 20:07:47.000000000 +0000
+++ php7.4-7.4.33/debian/patches/series	2023-06-09 16:51:37.000000000 +0000
@@ -56,3 +56,5 @@
 0056-Introduce-max_multipart_body_parts-INI.patch
 0057-NEWS.patch
 0058-fix-NEWS-not-FPM-specific.patch
+0059-Fix-missing-randomness-check-and-insufficient-random.patch
+0060-Fix-GH-11382-add-missing-hash-header-for-bin2hex.patch