/trunk/vendor/composer/installed.json |
---|
837,12 → 837,12 |
"source": { |
"type": "git", |
"url": "https://github.com/phpseclib/phpseclib.git", |
"reference": "d2cd758ecb50addfe7a4283a2084a63efeefce3d" |
"reference": "4b1827beabce71953ca479485c0ae9c51287f2fe" |
}, |
"dist": { |
"type": "zip", |
"url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/d2cd758ecb50addfe7a4283a2084a63efeefce3d", |
"reference": "d2cd758ecb50addfe7a4283a2084a63efeefce3d", |
"url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/4b1827beabce71953ca479485c0ae9c51287f2fe", |
"reference": "4b1827beabce71953ca479485c0ae9c51287f2fe", |
"shasum": "" |
}, |
"require": { |
860,7 → 860,7 |
"ext-mcrypt": "Install the Mcrypt extension in order to speed up a few other cryptographic operations.", |
"ext-openssl": "Install the OpenSSL extension in order to speed up a wide variety of cryptographic operations." |
}, |
"time": "2023-12-19T04:55:17+00:00", |
"time": "2023-12-29T01:59:53+00:00", |
"type": "library", |
"installation-source": "dist", |
"autoload": { |
/trunk/vendor/composer/installed.php |
---|
189,7 → 189,7 |
'phpseclib/phpseclib' => array( |
'pretty_version' => '3.0.x-dev', |
'version' => '3.0.9999999.9999999-dev', |
'reference' => 'd2cd758ecb50addfe7a4283a2084a63efeefce3d', |
'reference' => '4b1827beabce71953ca479485c0ae9c51287f2fe', |
'type' => 'library', |
'install_path' => __DIR__ . '/../phpseclib/phpseclib', |
'aliases' => array(), |
/trunk/vendor/licenses |
---|
28,7 → 28,7 |
matthiasmullie/path-converter 1.1.3 MIT |
paragonie/constant_time_encoding v2.6.3 MIT |
paragonie/random_compat v9.99.100 MIT |
phpseclib/phpseclib 3.0.x-dev d2cd758 MIT |
phpseclib/phpseclib 3.0.x-dev 4b1827b MIT |
script47/bs5-utils master master MIT |
spamspan/spamspan master GPL-2.0-only |
spomky-labs/php-punycode 9999999-dev d12fe5c MIT |
/trunk/vendor/phpseclib/phpseclib/README.md |
---|
51,7 → 51,7 |
* PHP4 compatible |
* Composer compatible (PSR-0 autoloading) |
* Install using Composer: `composer require phpseclib/phpseclib:~1.0` |
* [Download 1.0.21 as ZIP](http://sourceforge.net/projects/phpseclib/files/phpseclib1.0.21.zip/download) |
* [Download 1.0.22 as ZIP](http://sourceforge.net/projects/phpseclib/files/phpseclib1.0.22.zip/download) |
## Security contact information |
/trunk/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/AsymmetricKey.php |
---|
382,7 → 382,7 |
$shortname = $meta->getShortName(); |
self::$plugins[static::ALGORITHM]['Keys'][strtolower($shortname)] = $fullname; |
if ($meta->hasConstant('IS_INVISIBLE')) { |
self::$invisiblePlugins[static::ALGORITHM] = strtolower($name); |
self::$invisiblePlugins[static::ALGORITHM][] = strtolower($shortname); |
} |
} |
} |
/trunk/vendor/phpseclib/phpseclib/phpseclib/Net/SSH2.php |
---|
1103,6 → 1103,16 |
private $errorOnMultipleChannels; |
/** |
* Terrapin Countermeasure |
* |
* "During initial KEX, terminate the connection if any unexpected or out-of-sequence packet is received" |
* -- https://github.com/openssh/openssh-portable/commit/1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5 |
* |
* @var int |
*/ |
private $extra_packets; |
/** |
* Default Constructor. |
* |
* $host can either be a string, representing the host, or a stream resource. |
1536,7 → 1546,7 |
$preferred['client_to_server']['comp'] : |
SSH2::getSupportedCompressionAlgorithms(); |
$kex_algorithms = array_merge($kex_algorithms, ['ext-info-c']); |
$kex_algorithms = array_merge($kex_algorithms, ['ext-info-c', 'kex-strict-c-v00@openssh.com']); |
// some SSH servers have buggy implementations of some of the above algorithms |
switch (true) { |
1592,6 → 1602,7 |
if ($kexinit_payload_server === false) { |
$this->send_binary_packet($kexinit_payload_client); |
$this->extra_packets = 0; |
$kexinit_payload_server = $this->get_binary_packet(); |
if ( |
1623,6 → 1634,11 |
$this->languages_server_to_client, |
$first_kex_packet_follows |
) = Strings::unpackSSH2('L10C', $response); |
if (in_array('kex-strict-s-v00@openssh.com', $this->kex_algorithms)) { |
if ($this->session_id === false && $this->extra_packets) { |
throw new \UnexpectedValueException('Possible Terrapin Attack detected'); |
} |
} |
$this->supported_private_key_algorithms = $this->server_host_key_algorithms; |
1881,6 → 1897,10 |
throw new \UnexpectedValueException('Expected SSH_MSG_NEWKEYS'); |
} |
if (in_array('kex-strict-s-v00@openssh.com', $this->kex_algorithms)) { |
$this->get_seq_no = $this->send_seq_no = 0; |
} |
$keyBytes = pack('Na*', strlen($keyBytes), $keyBytes); |
$this->encrypt = self::encryption_algorithm_to_crypt_instance($encrypt); |
3769,9 → 3789,11 |
$this->bitmap = 0; |
return false; |
case NET_SSH2_MSG_IGNORE: |
$this->extra_packets++; |
$payload = $this->get_binary_packet($skip_channel_filter); |
break; |
case NET_SSH2_MSG_DEBUG: |
$this->extra_packets++; |
Strings::shift($payload, 2); // second byte is "always_display" |
list($message) = Strings::unpackSSH2('s', $payload); |
$this->errors[] = "SSH_MSG_DEBUG: $message"; |
3780,6 → 3802,7 |
case NET_SSH2_MSG_UNIMPLEMENTED: |
return false; |
case NET_SSH2_MSG_KEXINIT: |
// this is here for key re-exchanges after the initial key exchange |
if ($this->session_id !== false) { |
if (!$this->key_exchange($payload)) { |
$this->bitmap = 0; |