Merge pull request #2379 from nextcloud/dependabot/composer/phpseclib/phpseclib-2.0.53

build(deps): bump phpseclib/phpseclib from 2.0.52 to 2.0.53

Author: nickvergessen

.github/workflows/composer-auto.yml

@@ -1,4 +1,4 @@
-name: Compile Command
+name: Composer-update comment
 
 on:
   issue_comment:
@@ -9,7 +9,7 @@ permissions:
 
 jobs:
   init:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-low
 
     # On pull requests and if the comment starts with `/composer-update`
     if: github.event.issue.pull_request != '' && startsWith(github.event.comment.body, '/composer-update')

composer.json

@@ -44,7 +44,7 @@
 		"pear/pear-core-minimal": "^1.10",
 		"php-http/guzzle7-adapter": "^1.1.0",
 		"php-opencloud/openstack": "^3.14",
-		"phpseclib/phpseclib": "^2.0.52",
+		"phpseclib/phpseclib": "^2.0.53",
 		"pimple/pimple": "^3.6.0",
 		"psr/clock": "^1.0",
 		"psr/container": "^2.0.2",

composer.lock

@@ -2912,17 +2912,17 @@
         },
         {
             "name": "phpseclib/phpseclib",
-            "version": "2.0.52",
-            "version_normalized": "2.0.52.0",
+            "version": "2.0.53",
+            "version_normalized": "2.0.53.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpseclib/phpseclib.git",
-                "reference": "2552c4001631d1cc844332faea6a08a49c964b28"
+                "reference": "2d1a664b940b9b8f367185307dc010d11a2790f3"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/2552c4001631d1cc844332faea6a08a49c964b28",
-                "reference": "2552c4001631d1cc844332faea6a08a49c964b28",
+                "url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/2d1a664b940b9b8f367185307dc010d11a2790f3",
+                "reference": "2d1a664b940b9b8f367185307dc010d11a2790f3",
                 "shasum": ""
             },
             "require": {
@@ -2940,7 +2940,7 @@
                 "ext-openssl": "Install the OpenSSL extension in order to speed up a wide variety of cryptographic operations.",
                 "ext-xml": "Install the XML extension to load XML formatted public keys."
             },
-            "time": "2026-03-19T02:54:44+00:00",
+            "time": "2026-04-10T01:30:02+00:00",
             "type": "library",
             "installation-source": "dist",
             "autoload": {
@@ -3005,7 +3005,7 @@
             ],
             "support": {
                 "issues": "https://github.com/phpseclib/phpseclib/issues",
-                "source": "https://github.com/phpseclib/phpseclib/tree/2.0.52"
+                "source": "https://github.com/phpseclib/phpseclib/tree/2.0.53"
             },
             "funding": [
                 {

composer/installed.json

@@ -410,9 +410,9 @@
             'dev_requirement' => false,
         ),
         'phpseclib/phpseclib' => array(
-            'pretty_version' => '2.0.52',
-            'version' => '2.0.52.0',
-            'reference' => '2552c4001631d1cc844332faea6a08a49c964b28',
+            'pretty_version' => '2.0.53',
+            'version' => '2.0.53.0',
+            'reference' => '2d1a664b940b9b8f367185307dc010d11a2790f3',
             'type' => 'library',
             'install_path' => __DIR__ . '/../phpseclib/phpseclib',
             'aliases' => array(),

composer/installed.php

@@ -3793,7 +3793,7 @@ function _get_binary_packet($skip_channel_filter = false)
                 $this->bitmap = 0;
                 user_error('Error reading socket');
                 return false;
-            } elseif ($hmac != $this->hmac_check->hash(pack('NNCa*', $this->get_seq_no, $packet_length, $padding_length, $payload . $padding))) {
+            } elseif (!$this->_equals($hmac, $this->hmac_check->hash(pack('NNCa*', $this->get_seq_no, $packet_length, $padding_length, $payload . $padding)))) {
                 user_error('Invalid HMAC');
                 return false;
             }
@@ -5693,4 +5693,33 @@ function bytesUntilKeyReexchange($bytes)
     {
         $this->doKeyReexchangeAfterXBytes = $bytes;
     }
+
+    /**
+     * Constant time equality testing
+     *
+     * Pretty much copy / pasted from Crypt/RSA.php
+     *
+     * @access private
+     * @param string $x
+     * @param string $y
+     * @return bool
+     */
+    function _equals($x, $y)
+    {
+        if (function_exists('hash_equals')) {
+            return hash_equals($x, $y);
+        }
+
+        if (strlen($x) != strlen($y)) {
+            return false;
+        }
+
+        $result = "\0";
+        $x^= $y;
+        for ($i = 0; $i < strlen($x); $i++) {
+            $result|= $x[$i];
+        }
+
+        return $result === "\0";
+    }
 }