PHP fix session randomness

Currently only php5.6 has a session patch and the generated entropy
isn't added to the session id. The following patch fixes that and adds
support to php7.

martijn@

Index: 5.6/patches/patch-ext_session_session_c
===================================================================
RCS file: /cvs/ports/lang/php/5.6/patches/patch-ext_session_session_c,v
retrieving revision 1.1
diff -u -p -r1.1 patch-ext_session_session_c
--- 5.6/patches/patch-ext_session_session_c 6 Feb 2016 23:30:25 -0000 1.1
+++ 5.6/patches/patch-ext_session_session_c 1 Jun 2018 07:14:32 -0000
@@ -2,18 +2,74 @@ $OpenBSD: patch-ext_session_session_c,v

Perhaps the whole function can be replaced, but we have to start somewhere.

---- ext/session/session.c.orig.port Mon Feb 1 23:04:02 2016
-+++ ext/session/session.c Mon Feb 1 23:48:25 2016
-@@ -346,7 +346,11 @@ PHPAPI char *php_session_create_id(PS_CREATE_SID_ARGS)
+--- ext/session/session.c.orig Thu Jul 6 00:25:00 2017
++++ ext/session/session.c Wed Oct 11 16:43:22 2017
+@@ -346,57 +346,23 @@ PHPAPI char *php_session_create_id(PS_CREATE_SID_ARGS)
efree(buf);

if (PS(entropy_length) > 0) {
-#ifdef PHP_WIN32
-+#if defined(__OpenBSD__)
-+ unsigned char rbuf[2048];
-+ size_t toread = PS(entropy_length);
-+ arc4random_buf(rbuf, MIN(toread, sizeof(rbuf)));
-+#elif defined(PHP_WIN32)
unsigned char rbuf[2048];
size_t toread = PS(entropy_length);
++ arc4random_buf(rbuf, MIN(toread, sizeof(rbuf)));
+
+- if (php_win32_get_random_bytes(rbuf, MIN(toread, sizeof(rbuf))) == SUCCESS){
+-
+- switch (PS(hash_func)) {
+- case PS_HASH_FUNC_MD5:
+- PHP_MD5Update(&md5_context, rbuf, toread);
+- break;
+- case PS_HASH_FUNC_SHA1:
+- PHP_SHA1Update(&sha1_context, rbuf, toread);
+- break;
++ switch (PS(hash_func)) {
++ case PS_HASH_FUNC_MD5:
++ PHP_MD5Update(&md5_context, rbuf, toread);
++ break;
++ case PS_HASH_FUNC_SHA1:
++ PHP_SHA1Update(&sha1_context, rbuf, toread);
++ break;
+ # if defined(HAVE_HASH_EXT) && !defined(COMPILE_DL_HASH)
+- case PS_HASH_FUNC_OTHER:
+- PS(hash_ops)->hash_update(hash_context, rbuf, toread);
+- break;
++ case PS_HASH_FUNC_OTHER:
++ PS(hash_ops)->hash_update(hash_context, rbuf, toread);
++ break;
+ # endif /* HAVE_HASH_EXT */
+- }
+ }
+-#else
+- int fd;
+-
+- fd = VCWD_OPEN(PS(entropy_file), O_RDONLY);
+- if (fd >= 0) {
+- unsigned char rbuf[2048];
+- int n;
+- int to_read = PS(entropy_length);
+-
+- while (to_read > 0) {
+- n = read(fd, rbuf, MIN(to_read, sizeof(rbuf)));
+- if (n <= 0) break;
+-
+- switch (PS(hash_func)) {
+- case PS_HASH_FUNC_MD5:
+- PHP_MD5Update(&md5_context, rbuf, n);
+- break;
+- case PS_HASH_FUNC_SHA1:
+- PHP_SHA1Update(&sha1_context, rbuf, n);
+- break;
+-#if defined(HAVE_HASH_EXT) && !defined(COMPILE_DL_HASH)
+- case PS_HASH_FUNC_OTHER:
+- PS(hash_ops)->hash_update(hash_context, rbuf, n);
+- break;
+-