build(deps): bump phpseclib/phpseclib from 2.0.47 to 2.0.52

.github/workflows/composer-auto.yml

@@ -48,7 +48,7 @@ jobs:
       - name: Add reaction on start
         uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
         with:
-          token: ${{ secrets.COMMAND_BOT_PAT }}
+          token: ${{ secrets.COMMAND_BOT_PAT }} # zizmor: ignore[secrets-outside-env]
           repository: ${{ github.event.repository.full_name }}
           comment-id: ${{ github.event.comment.id }}
           reactions: '+1'
@@ -61,7 +61,7 @@ jobs:
         uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
         if: failure()
         with:
-          token: ${{ secrets.COMMAND_BOT_PAT }}
+          token: ${{ secrets.COMMAND_BOT_PAT }} # zizmor: ignore[secrets-outside-env]
           repository: ${{ github.event.repository.full_name }}
           comment-id: ${{ github.event.comment.id }}
           reactions: '-1'
@@ -75,7 +75,7 @@ jobs:
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: true
-          token: ${{ secrets.COMMAND_BOT_PAT }}
+          token: ${{ secrets.COMMAND_BOT_PAT }} # zizmor: ignore[secrets-outside-env]
           fetch-depth: 0
           ref: ${{ needs.init.outputs.head_ref }}
 
@@ -115,7 +115,7 @@ jobs:
         uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
         if: failure()
         with:
-          token: ${{ secrets.COMMAND_BOT_PAT }}
+          token: ${{ secrets.COMMAND_BOT_PAT }} # zizmor: ignore[secrets-outside-env]
           repository: '${{ github.event.repository.full_name }}'
           comment-id: '${{ github.event.comment.id }}'
           reactions: '-1'

composer.json

@@ -44,7 +44,7 @@
 		"pear/pear-core-minimal": "^1.10",
 		"php-http/guzzle7-adapter": "^1.1.0",
 		"php-opencloud/openstack": "^3.14",
-		"phpseclib/phpseclib": "^2.0.45",
+		"phpseclib/phpseclib": "^2.0.52",
 		"pimple/pimple": "^3.6.0",
 		"psr/clock": "^1.0",
 		"psr/container": "^2.0.2",

composer/installed.json

@@ -2911,25 +2911,25 @@
         },
         {
             "name": "phpseclib/phpseclib",
-            "version": "2.0.47",
-            "version_normalized": "2.0.47.0",
+            "version": "2.0.52",
+            "version_normalized": "2.0.52.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpseclib/phpseclib.git",
-                "reference": "b7d7d90ee7df7f33a664b4aea32d50a305d35adb"
+                "reference": "2552c4001631d1cc844332faea6a08a49c964b28"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/b7d7d90ee7df7f33a664b4aea32d50a305d35adb",
-                "reference": "b7d7d90ee7df7f33a664b4aea32d50a305d35adb",
+                "url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/2552c4001631d1cc844332faea6a08a49c964b28",
+                "reference": "2552c4001631d1cc844332faea6a08a49c964b28",
                 "shasum": ""
             },
             "require": {
                 "php": ">=5.3.3"
             },
             "require-dev": {
                 "phing/phing": "~2.7",
-                "phpunit/phpunit": "^4.8.35|^5.7|^6.0|^9.4",
+                "phpunit/phpunit": "^4.8.35|^5.7|^6.0|^8.5|^9.4",
                 "squizlabs/php_codesniffer": "~2.0"
             },
             "suggest": {
@@ -2939,7 +2939,7 @@
                 "ext-openssl": "Install the OpenSSL extension in order to speed up a wide variety of cryptographic operations.",
                 "ext-xml": "Install the XML extension to load XML formatted public keys."
             },
-            "time": "2024-02-26T04:55:38+00:00",
+            "time": "2026-03-19T02:54:44+00:00",
             "type": "library",
             "installation-source": "dist",
             "autoload": {
@@ -3004,7 +3004,7 @@
             ],
             "support": {
                 "issues": "https://github.com/phpseclib/phpseclib/issues",
-                "source": "https://github.com/phpseclib/phpseclib/tree/2.0.47"
+                "source": "https://github.com/phpseclib/phpseclib/tree/2.0.52"
             },
             "funding": [
                 {

composer/installed.php

@@ -410,9 +410,9 @@
             'dev_requirement' => false,
         ),
         'phpseclib/phpseclib' => array(
-            'pretty_version' => '2.0.47',
-            'version' => '2.0.47.0',
-            'reference' => 'b7d7d90ee7df7f33a664b4aea32d50a305d35adb',
+            'pretty_version' => '2.0.52',
+            'version' => '2.0.52.0',
+            'reference' => '2552c4001631d1cc844332faea6a08a49c964b28',
             'type' => 'library',
             'install_path' => __DIR__ . '/../phpseclib/phpseclib',
             'aliases' => array(),

phpseclib/phpseclib/phpseclib/Crypt/Base.php

@@ -512,6 +512,11 @@ function __construct($mode = self::MODE_CBC)
 
         if (!defined('CRYPT_BASE_USE_REG_INTVAL')) {
             switch (true) {
+                // PHP 8.5, per https://www.php.net/manual/en/migration85.incompatible.php, now emits a warning
+                // "when casting floats (or strings that look like floats) to int if they cannot be represented as one"
+                case PHP_VERSION_ID >= 80500 && PHP_INT_SIZE == 4:
+                    define('CRYPT_BASE_USE_REG_INTVAL', false);
+                    break;
                 // PHP_OS & "\xDF\xDF\xDF" == strtoupper(substr(PHP_OS, 0, 3)), but a lot faster
                 case (PHP_OS & "\xDF\xDF\xDF") === 'WIN':
                 case !function_exists('php_uname'):
@@ -611,7 +616,6 @@ function getBlockLength()
      *
      * @access public
      * @param string $key
-     * @internal Could, but not must, extend by the child Crypt_* class
      */
     function setKey($key)
     {
@@ -2070,7 +2074,7 @@ function _unpad($text)
 
         $length = ord($text[strlen($text) - 1]);
 
-        if (!$length || $length > $this->block_size) {
+        if (!$length | ($length > $this->block_size)) {
             return false;
         }
 

phpseclib/phpseclib/phpseclib/Crypt/Blowfish.php

@@ -401,11 +401,11 @@ function __construct($mode = self::MODE_CBC)
     {
         parent::__construct($mode);
 
-        $this->sbox0 = array_map('intval', $this->sbox0);
-        $this->sbox1 = array_map('intval', $this->sbox1);
-        $this->sbox2 = array_map('intval', $this->sbox2);
-        $this->sbox3 = array_map('intval', $this->sbox3);
-        $this->parray = array_map('intval', $this->parray);
+        $this->sbox0 = array_map(array($this, 'safe_intval'), $this->sbox0);
+        $this->sbox1 = array_map(array($this, 'safe_intval'), $this->sbox1);
+        $this->sbox2 = array_map(array($this, 'safe_intval'), $this->sbox2);
+        $this->sbox3 = array_map(array($this, 'safe_intval'), $this->sbox3);
+        $this->parray = array_map(array($this, 'safe_intval'), $this->parray);
     }
 
     /**

phpseclib/phpseclib/phpseclib/Crypt/DES.php

@@ -147,6 +147,14 @@ class DES extends Base
      */
     var $keys;
 
+    /**
+     * Key Cache "key"
+     *
+     * @see self::setupKey()
+     * @var array
+     */
+    var $kl;
+
     /**
      * Shuffle table.
      *
@@ -681,14 +689,14 @@ function _processBlock($block, $mode)
     {
         static $sbox1, $sbox2, $sbox3, $sbox4, $sbox5, $sbox6, $sbox7, $sbox8, $shuffleip, $shuffleinvip;
         if (!$sbox1) {
-            $sbox1 = array_map("intval", $this->sbox1);
-            $sbox2 = array_map("intval", $this->sbox2);
-            $sbox3 = array_map("intval", $this->sbox3);
-            $sbox4 = array_map("intval", $this->sbox4);
-            $sbox5 = array_map("intval", $this->sbox5);
-            $sbox6 = array_map("intval", $this->sbox6);
-            $sbox7 = array_map("intval", $this->sbox7);
-            $sbox8 = array_map("intval", $this->sbox8);
+            $sbox1 = array_map(array($this, 'safe_intval'), $this->sbox1);
+            $sbox2 = array_map(array($this, 'safe_intval'), $this->sbox2);
+            $sbox3 = array_map(array($this, 'safe_intval'), $this->sbox3);
+            $sbox4 = array_map(array($this, 'safe_intval'), $this->sbox4);
+            $sbox5 = array_map(array($this, 'safe_intval'), $this->sbox5);
+            $sbox6 = array_map(array($this, 'safe_intval'), $this->sbox6);
+            $sbox7 = array_map(array($this, 'safe_intval'), $this->sbox7);
+            $sbox8 = array_map(array($this, 'safe_intval'), $this->sbox8);
             /* Merge $shuffle with $[inv]ipmap */
             for ($i = 0; $i < 256; ++$i) {
                 $shuffleip[]    =  $this->shuffle[$this->ipmap[$i]];
@@ -1252,9 +1260,9 @@ function _setupKey()
                       $pc2mapd3[($d >>  8) & 0xFF] | $pc2mapd4[ $d        & 0xFF];
 
                 // Reorder: odd bytes/even bytes. Push the result in key schedule.
-                $val1 = ( $cp        & intval(0xFF000000)) | (($cp <<  8) & 0x00FF0000) |
+                $val1 = ( $cp        & $this->safe_intval(0xFF000000)) | (($cp <<  8) & 0x00FF0000) |
                         (($dp >> 16) & 0x0000FF00) | (($dp >>  8) & 0x000000FF);
-                $val2 = (($cp <<  8) & intval(0xFF000000)) | (($cp << 16) & 0x00FF0000) |
+                $val2 = (($cp <<  8) & $this->safe_intval(0xFF000000)) | (($cp << 16) & 0x00FF0000) |
                         (($dp >>  8) & 0x0000FF00) | ( $dp        & 0x000000FF);
                 $keys[$des_round][self::ENCRYPT][       ] = $val1;
                 $keys[$des_round][self::DECRYPT][$ki - 1] = $val1;
@@ -1324,14 +1332,14 @@ function _setupInlineCrypt()
             // Init code for both, encrypt and decrypt.
             $init_crypt = 'static $sbox1, $sbox2, $sbox3, $sbox4, $sbox5, $sbox6, $sbox7, $sbox8, $shuffleip, $shuffleinvip;
                 if (!$sbox1) {
-                    $sbox1 = array_map("intval", $self->sbox1);
-                    $sbox2 = array_map("intval", $self->sbox2);
-                    $sbox3 = array_map("intval", $self->sbox3);
-                    $sbox4 = array_map("intval", $self->sbox4);
-                    $sbox5 = array_map("intval", $self->sbox5);
-                    $sbox6 = array_map("intval", $self->sbox6);
-                    $sbox7 = array_map("intval", $self->sbox7);
-                    $sbox8 = array_map("intval", $self->sbox8);'
+                    $sbox1 = array_map(array($self, "safe_intval"), $self->sbox1);
+                    $sbox2 = array_map(array($self, "safe_intval"), $self->sbox2);
+                    $sbox3 = array_map(array($self, "safe_intval"), $self->sbox3);
+                    $sbox4 = array_map(array($self, "safe_intval"), $self->sbox4);
+                    $sbox5 = array_map(array($self, "safe_intval"), $self->sbox5);
+                    $sbox6 = array_map(array($self, "safe_intval"), $self->sbox6);
+                    $sbox7 = array_map(array($self, "safe_intval"), $self->sbox7);
+                    $sbox8 = array_map(array($self, "safe_intval"), $self->sbox8);'
                     /* Merge $shuffle with $[inv]ipmap */ . '
                     for ($i = 0; $i < 256; ++$i) {
                         $shuffleip[]    =  $self->shuffle[$self->ipmap[$i]];

phpseclib/phpseclib/phpseclib/Crypt/RSA.php

@@ -1345,7 +1345,7 @@ function.  As is, the definitive authority on this encoding scheme isn't the IET
 
                 return $components;
             case self::PUBLIC_FORMAT_OPENSSH:
-                $parts = explode(' ', $key, 3);
+                $parts = preg_split("#[\t ]+#", $key);
 
                 $key = isset($parts[1]) ? base64_decode($parts[1]) : false;
                 if ($key === false) {
@@ -1396,17 +1396,26 @@ function.  As is, the definitive authority on this encoding scheme isn't the IET
                 $this->components = array();
 
                 $xml = xml_parser_create('UTF-8');
-                xml_set_object($xml, $this);
-                xml_set_element_handler($xml, '_start_element_handler', '_stop_element_handler');
-                xml_set_character_data_handler($xml, '_data_handler');
+                if (version_compare(PHP_VERSION, '8.4.0', '>=')) {
+                    xml_set_element_handler($xml, array($this, '_start_element_handler'), array($this, '_stop_element_handler'));
+                    xml_set_character_data_handler($xml, array($this, '_data_handler'));
+                } else {
+                    xml_set_object($xml, $this);
+                    xml_set_element_handler($xml, '_start_element_handler', '_stop_element_handler');
+                    xml_set_character_data_handler($xml, '_data_handler');
+                }
                 // add <xml></xml> to account for "dangling" tags like <BitStrength>...</BitStrength> that are sometimes added
                 if (!xml_parse($xml, '<xml>' . $key . '</xml>')) {
-                    xml_parser_free($xml);
+                    if (PHP_VERSION_ID < 80500 && function_exists('xml_parser_free')) {
+                        xml_parser_free($xml);
+                    }
                     unset($xml);
                     return false;
                 }
 
-                xml_parser_free($xml);
+                if (PHP_VERSION_ID < 80500 && function_exists('xml_parser_free')) {
+                    xml_parser_free($xml);
+                }
                 unset($xml);
 
                 return isset($this->components['modulus']) && isset($this->components['publicExponent']) ? $this->components : false;
@@ -2824,7 +2833,7 @@ function _emsa_pss_encode($m, $emBits)
         $db = $ps . chr(1) . $salt;
         $dbMask = $this->_mgf1($h, $emLen - $this->hLen - 1);
         $maskedDB = $db ^ $dbMask;
-        $maskedDB[0] = ~chr(0xFF << ($emBits & 7)) & $maskedDB[0];
+        $maskedDB[0] = ~chr(256 - (1 << ($emBits & 7))) & $maskedDB[0];
         $em = $maskedDB . $h . chr(0xBC);
 
         return $em;
@@ -2860,13 +2869,13 @@ function _emsa_pss_verify($m, $em, $emBits)
 
         $maskedDB = substr($em, 0, -$this->hLen - 1);
         $h = substr($em, -$this->hLen - 1, $this->hLen);
-        $temp = chr(0xFF << ($emBits & 7));
+        $temp = chr(256 - (1 << ($emBits & 7)));
         if ((~$maskedDB[0] & $temp) != $temp) {
             return false;
         }
         $dbMask = $this->_mgf1($h, $emLen - $this->hLen - 1);
         $db = $maskedDB ^ $dbMask;
-        $db[0] = ~chr(0xFF << ($emBits & 7)) & $db[0];
+        $db[0] = ~chr(256 - (1 << ($emBits & 7))) & $db[0];
         $temp = $emLen - $this->hLen - $sLen - 2;
         if (substr($db, 0, $temp) != str_repeat(chr(0), $temp) || ord($db[$temp]) != 1) {
             return false;