summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemi Collet <remi@remirepo.net>2023-09-20 16:00:57 +0200
committerRemi Collet <remi@php.net>2023-09-20 16:00:57 +0200
commiteb1d3b30bd05b57384824372496c4af2247f5d17 (patch)
treeebdd777ed0e05997abe01aae38dd3ae3df9086f7
parent6a91633e760aba49f8ef28099848d942ca1db19d (diff)
update to 0.10.0
-rw-r--r--PHPINFO2
-rw-r--r--REFLECTION2
-rw-r--r--php-snuffleupagus.spec12
-rw-r--r--upstream.patch373
4 files changed, 8 insertions, 381 deletions
diff --git a/PHPINFO b/PHPINFO
index 6e442a7..e5e7b90 100644
--- a/PHPINFO
+++ b/PHPINFO
@@ -2,7 +2,7 @@
snuffleupagus
snuffleupagus support => enabled
-Version => 0.9.0-sng (with Suhosin-NG patches)
+Version => 0.10.0-sng (with Suhosin-NG patches)
Valid config => yes
Directive => Local Value => Master Value
diff --git a/REFLECTION b/REFLECTION
index b2fed05..057b759 100644
--- a/REFLECTION
+++ b/REFLECTION
@@ -1,4 +1,4 @@
-Extension [ <persistent> extension #120 snuffleupagus version 0.9.0 ] {
+Extension [ <persistent> extension #125 snuffleupagus version 0.10.0 ] {
- INI {
Entry [ sp.configuration_file <SYSTEM> ]
diff --git a/php-snuffleupagus.spec b/php-snuffleupagus.spec
index 956ce12..3181e62 100644
--- a/php-snuffleupagus.spec
+++ b/php-snuffleupagus.spec
@@ -16,7 +16,7 @@
%bcond_without tests
-%global gh_commit 7d006a4b971aec04c42c06c877c0e496f1f62bc0
+%global gh_commit cb3d7aed877ce2a0952c00f1950d57c72d664b49
%global gh_short %(c=%{gh_commit}; echo ${c:0:7})
%global gh_owner jvoisin
%global gh_project snuffleupagus
@@ -31,19 +31,17 @@
Summary: Security module for PHP
Name: %{?scl_prefix}php-snuffleupagus
-Version: 0.9.0
+Version: 0.10.0
%if 0%{?gh_date}
Release: 1%{gh_date}.%{gh_short}%{?dist}%{!?scl:%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')}}
%else
-Release: 3%{?dist}%{!?scl:%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')}}
+Release: 1%{?dist}%{!?scl:%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')}}
%endif
License: LGPL-3.0-only
Group: Development/Languages
URL: https://github.com/%{gh_owner}/%{gh_project}
Source0: https://github.com/%{gh_owner}/%{gh_project}/archive/%{gh_commit}/%{pkg_name}-%{version}-%{gh_short}.tar.gz
-Patch0: upstream.patch
-
BuildRequires: %{?dtsprefix}gcc
BuildRequires: %{?scl_prefix}php-devel >= 7.0
BuildRequires: pcre-devel
@@ -74,7 +72,6 @@ Package built for PHP %(%{__php} -r 'echo PHP_MAJOR_VERSION.".".PHP_MINOR_VERSIO
%prep
%setup -q -n %{gh_project}-%{gh_commit}
-%patch -P0 -p1
cd %{sources}
# Sanity check, really often broken
@@ -224,6 +221,9 @@ REPORT_EXIT_STATUS=1 \
%changelog
+* Wed Sep 20 2023 Remi Collet <remi@remirepo.net> - 0.10.0-1
+- update to 0.10.0
+
* Tue Sep 5 2023 Remi Collet <remi@remirepo.net> - 0.9.0-3
- add upstream patches for PHP 8.3
- build out of sources tree
diff --git a/upstream.patch b/upstream.patch
deleted file mode 100644
index 4f9fa16..0000000
--- a/upstream.patch
+++ /dev/null
@@ -1,373 +0,0 @@
-From 1bf0f3ec9088d34383c564d6306901ae6dc94cb5 Mon Sep 17 00:00:00 2001
-From: jvoisin <julien.voisin@dustri.org>
-Date: Wed, 4 Jan 2023 19:06:28 +0100
-Subject: [PATCH] Fix the CI for PHP8.2
-
----
- .../deny_writable_execution.phpt | 10 ++--------
- .../deny_writable_execution_simulation.phpt | 20 +++++++------------
- .../dump_deny_writable_execution.phpt | 10 ++--------
- .../disabled_function_echo.phpt | 1 -
- .../disabled_function_echo_2.phpt | 1 -
- .../disabled_function_echo_local_var.phpt | 1 -
- .../disabled_function_print.phpt | 3 +--
- src/tests/xxe/disable_xxe_dom_disabled.phpt | 9 +++------
- src/tests/xxe/disable_xxe_simplexml.phpt | 9 +++------
- src/tests/xxe/disable_xxe_simplexml_oop.phpt | 9 +++------
- src/tests/xxe/disable_xxe_xml_parse.phpt | 13 +++++-------
- 11 files changed, 26 insertions(+), 60 deletions(-)
-
-diff --git a/src/tests/deny_writable/deny_writable_execution.phpt b/src/tests/deny_writable/deny_writable_execution.phpt
-index a6294797..383ffa57 100644
---- a/src/tests/deny_writable/deny_writable_execution.phpt
-+++ b/src/tests/deny_writable/deny_writable_execution.phpt
-@@ -21,6 +21,8 @@ sp.configuration_file={PWD}/config/config_disable_writable.ini
- $dir = __DIR__;
-
- // just in case
-+@chmod("$dir/non_writable_file.txt", 0777);
-+@chmod("$dir/writable_file.txt", 0777);
- @unlink("$dir/non_writable_file.txt");
- @unlink("$dir/writable_file.txt");
-
-@@ -31,13 +33,5 @@ chmod("$dir/writable_file.txt", 0777);
- include "$dir/non_writable_file.txt";
- include "$dir/writable_file.txt";
- ?>
----CLEAN--
--<?php
--$dir = __DIR__;
--chmod("$dir/non_writable_file.txt", 0777);
--chmod("$dir/writable_file.txt", 0777);
--unlink("$dir/non_writable_file.txt");
--unlink("$dir/writable_file.txt");
--?>
- --EXPECTF--
- Fatal error: [snuffleupagus][0.0.0.0][readonly_exec][drop] Attempted execution of a writable file (%a/deny_writable_execution.php) in %a/deny_writable_execution.php on line 2
-diff --git a/src/tests/deny_writable/deny_writable_execution_simulation.phpt b/src/tests/deny_writable/deny_writable_execution_simulation.phpt
-index d4e48018..39dab32f 100644
---- a/src/tests/deny_writable/deny_writable_execution_simulation.phpt
-+++ b/src/tests/deny_writable/deny_writable_execution_simulation.phpt
-@@ -22,6 +22,8 @@ sp.configuration_file={PWD}/config/config_disable_writable_simulation.ini
- $dir = __DIR__;
-
- // just in case
-+@chmod("$dir/non_writable_file.txt", 0777);
-+@chmod("$dir/writable_file.txt", 0777);
- @unlink("$dir/non_writable_file.txt");
- @unlink("$dir/writable_file.txt");
-
-@@ -32,23 +34,15 @@ chmod("$dir/non_writable_file.txt", 0400);
- include "$dir/writable_file.txt";
- include "$dir/non_writable_file.txt";
- ?>
----CLEAN--
--<?php
--$dir = __DIR__;
--chmod("$dir/non_writable_file.txt", 0777);
--chmod("$dir/writable_file.txt", 0777);
--unlink("$dir/non_writable_file.txt");
--unlink("$dir/writable_file.txt");
--?>
- --EXPECTF--
--Warning: [snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution of a writable file (%a/deny_writable_execution_simulation.php) in %a/deny_writable_execution_simulation.php on line 2
-+Warning: [snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution of a writable file (%a/deny_writable_execution_simulation.php) in %a/deny_writable_execution_simulation.php on line %d
-
--Warning: [snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution of a writable file (%a/writable_file.txt) in %a/deny_writable_execution_simulation.php on line 12
-+Warning: [snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution of a writable file (%a/writable_file.txt) in %a/deny_writable_execution_simulation.php on line %d
-
--Warning: [snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution of a writable file (%a/writable_file.txt) in %a/writable_file.txt on line 1
-+Warning: [snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution of a writable file (%a/writable_file.txt) in %a/writable_file.txt on line %d
- Code execution within a writable file.
-
--Warning: [snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution of a file owned by the PHP process (%s/tests/deny_writable/non_writable_file.txt) in %s/tests/deny_writable/deny_writable_execution_simulation.php on line 13
-+Warning: [snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution of a file owned by the PHP process (%s/tests/deny_writable/non_writable_file.txt) in %s/tests/deny_writable/deny_writable_execution_simulation.php on line %d
-
--Warning: [snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution of a file owned by the PHP process (%s/tests/deny_writable/non_writable_file.txt) in %src/tests/deny_writable/non_writable_file.txt on line 1
-+Warning: [snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution of a file owned by the PHP process (%s/tests/deny_writable/non_writable_file.txt) in %src/tests/deny_writable/non_writable_file.txt on line %d
- Code execution within a non-writable file.
-diff --git a/src/tests/deny_writable/dump_deny_writable_execution.phpt b/src/tests/deny_writable/dump_deny_writable_execution.phpt
-index c6dd6cd8..2e6bca51 100644
---- a/src/tests/deny_writable/dump_deny_writable_execution.phpt
-+++ b/src/tests/deny_writable/dump_deny_writable_execution.phpt
-@@ -32,6 +32,8 @@ foreach (glob("/tmp/dump_result/sp_dump.*") as $dump) {
- $dir = __DIR__;
-
- // just in case
-+@chmod("$dir/non_writable_file.txt", 0777);
-+@chmod("$dir/writable_file.txt", 0777);
- @unlink("$dir/non_writable_file.txt");
- @unlink("$dir/writable_file.txt");
-
-@@ -57,11 +59,3 @@ if ($res[2] != "GET:get_a='data_get_a_readonly' get_b='data_get_b_readonly' \n")
- --EXPECTF--
- %a
- WIN
----CLEAN--
--<?php
--$dir = __DIR__;
--chmod("$dir/non_writable_file.txt", 0777);
--chmod("$dir/writable_file.txt", 0777);
--unlink("$dir/non_writable_file.txt");
--unlink("$dir/writable_file.txt");
--?>
-diff --git a/src/tests/disable_function/disabled_function_echo.phpt b/src/tests/disable_function/disabled_function_echo.phpt
-index 12aaff48..b1da0dca 100644
---- a/src/tests/disable_function/disabled_function_echo.phpt
-+++ b/src/tests/disable_function/disabled_function_echo.phpt
-@@ -13,7 +13,6 @@ echo "qwe";
- test("rty");
- test("oops");
- ?>
----CLEAN--
- --EXPECTF--
- qwerty
- Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'echo' in %a/disabled_function_echo.php on line 3
-diff --git a/src/tests/disable_function/disabled_function_echo_2.phpt b/src/tests/disable_function/disabled_function_echo_2.phpt
-index 82a2fa1d..c1d98170 100644
---- a/src/tests/disable_function/disabled_function_echo_2.phpt
-+++ b/src/tests/disable_function/disabled_function_echo_2.phpt
-@@ -9,7 +9,6 @@ sp.configuration_file={PWD}/config/disabled_function_echo.ini
- echo "qwe";
- echo "1", "oops";
- ?>
----CLEAN--
- --EXPECTF--
- qwe1
- Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'echo' in %a/disabled_function_echo_2.php on line 3
-diff --git a/src/tests/disable_function/disabled_function_echo_local_var.phpt b/src/tests/disable_function/disabled_function_echo_local_var.phpt
-index ee1be1fb..52d1f481 100644
---- a/src/tests/disable_function/disabled_function_echo_local_var.phpt
-+++ b/src/tests/disable_function/disabled_function_echo_local_var.phpt
-@@ -14,7 +14,6 @@ test();
- $abc = 123;
- test();
- ?>
----CLEAN--
- --EXPECTF--
- 3
-
-diff --git a/src/tests/disable_function/disabled_function_print.phpt b/src/tests/disable_function/disabled_function_print.phpt
-index ec1b04f8..96008546 100644
---- a/src/tests/disable_function/disabled_function_print.phpt
-+++ b/src/tests/disable_function/disabled_function_print.phpt
-@@ -13,7 +13,6 @@ print "qwe";
- test("rty");
- test("oops");
- ?>
----CLEAN--
- --EXPECTF--
- qwerty
--Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'echo' in %a/disabled_function_print.php on line 3
-\ No newline at end of file
-+Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'echo' in %a/disabled_function_print.php on line 3
-diff --git a/src/tests/xxe/disable_xxe_dom_disabled.phpt b/src/tests/xxe/disable_xxe_dom_disabled.phpt
-index 4a888edb..20399ecf 100644
---- a/src/tests/xxe/disable_xxe_dom_disabled.phpt
-+++ b/src/tests/xxe/disable_xxe_dom_disabled.phpt
-@@ -10,6 +10,9 @@ dom
- --FILE--
- <?php
- $dir = __DIR__;
-+@unlink($dir . "/content.xml");
-+@unlink($dir . "/content.txt");
-+
- $content = '<content>WARNING, external entity loaded!</content>';
- file_put_contents($dir . '/content.txt', $content);
-
-@@ -52,9 +55,3 @@ libxml_disable_entity to false: WARNING, external entity loaded!
-
- Warning: [snuffleupagus][0.0.0.0][xxe][log] A call to libxml_disable_entity_loader was tried and nopped in %s/tests/xxe/disable_xxe_dom_disabled.php on line %d
- without xxe: foo
----CLEAN--
--<?php
--$dir = __DIR__;
--unlink($dir . "/content.xml");
--unlink($dir . "/content.txt");
--?>
-diff --git a/src/tests/xxe/disable_xxe_simplexml.phpt b/src/tests/xxe/disable_xxe_simplexml.phpt
-index 95601563..8a4f0333 100644
---- a/src/tests/xxe/disable_xxe_simplexml.phpt
-+++ b/src/tests/xxe/disable_xxe_simplexml.phpt
-@@ -11,6 +11,9 @@ simplexml
- --FILE--
- <?php
- $dir = __DIR__;
-+@unlink($dir . "/content.xml");
-+@unlink($dir . "/content.txt");
-+
- $content = 'WARNING, external entity loaded!';
- file_put_contents('content.txt', $content);
-
-@@ -44,9 +47,3 @@ printf("without xxe: %s", $doc->testing);
- libxml_disable_entity to true:
- libxml_disable_entity to false:
- without xxe: foo
----CLEAN--
--<?php
--$dir = __DIR__;
--unlink($dir . "/content.xml");
--unlink($dir . "/content.txt");
--?>
-diff --git a/src/tests/xxe/disable_xxe_simplexml_oop.phpt b/src/tests/xxe/disable_xxe_simplexml_oop.phpt
-index 1b2c4cac..c28c3649 100644
---- a/src/tests/xxe/disable_xxe_simplexml_oop.phpt
-+++ b/src/tests/xxe/disable_xxe_simplexml_oop.phpt
-@@ -11,6 +11,9 @@ simplexml
- --FILE--
- <?php
- $dir = __DIR__;
-+@unlink($dir . "/content.xml");
-+@unlink($dir . "/content.txt");
-+
- $content = 'WARNING, external entity loaded!';
- file_put_contents('content.txt', $content);
-
-@@ -44,9 +47,3 @@ printf("without xxe: %s", $doc->testing);
- libxml_disable_entity to true:
- libxml_disable_entity to false:
- without xxe: foo
----CLEAN--
--<?php
--$dir = __DIR__;
--unlink($dir . "/content.xml");
--unlink($dir . "/content.txt");
--?>
-diff --git a/src/tests/xxe/disable_xxe_xml_parse.phpt b/src/tests/xxe/disable_xxe_xml_parse.phpt
-index bc7e338b..4a8292d7 100644
---- a/src/tests/xxe/disable_xxe_xml_parse.phpt
-+++ b/src/tests/xxe/disable_xxe_xml_parse.phpt
-@@ -16,6 +16,9 @@ sp.configuration_file={PWD}/config/disable_xxe.ini
- --FILE--
- <?php
- $dir = __DIR__;
-+@unlink($dir . "/content.xml");
-+@unlink($dir . "/content.txt");
-+
- $content = 'WARNING, external entity loaded!';
- file_put_contents('content.txt', $content);
-
-@@ -71,7 +74,7 @@ $doc = xml_parse($parser, $xml, true);
- xml_parser_free($parser);
-
- --EXPECTF--
--Warning: [snuffleupagus][0.0.0.0][xxe][log] A call to libxml_disable_entity_loader was tried and nopped in %a.php on line 41
-+Warning: [snuffleupagus][0.0.0.0][xxe][log] A call to libxml_disable_entity_loader was tried and nopped in %a.php on line %d
- string(4) "TEST"
-
- array(0) {
-@@ -83,7 +86,7 @@ array(0) {
- string(7) "TESTING"
- string(4) "TEST"
-
--Warning: [snuffleupagus][0.0.0.0][xxe][log] A call to libxml_disable_entity_loader was tried and nopped in %a.php on line 46
-+Warning: [snuffleupagus][0.0.0.0][xxe][log] A call to libxml_disable_entity_loader was tried and nopped in %a.php on line %d
- string(4) "TEST"
-
- array(0) {
-@@ -104,9 +107,3 @@ array(0) {
- }
- textfoostring(7) "TESTING"
- string(4) "TEST"
----CLEAN--
--<?php
--$dir = __DIR__;
--unlink($dir . "/content.xml");
--unlink($dir . "/content.txt");
--?>
-From 709d850429d0d62b148bc235745c830c2f7a55be Mon Sep 17 00:00:00 2001
-From: jvoisin <julien.voisin@dustri.org>
-Date: Sun, 25 Jun 2023 14:25:46 +0200
-Subject: [PATCH] Remove ZEND_HOT
-
----
- src/sp_execute.c | 2 +-
- src/sp_pcre_compat.c | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/sp_execute.c b/src/sp_execute.c
-index 6e80b6df..f105b7f9 100644
---- a/src/sp_execute.c
-+++ b/src/sp_execute.c
-@@ -89,7 +89,7 @@ inline static void is_builtin_matching(
- should_disable_ht(EG(current_execute_data), function_name, param_value, param_name, SPCFG(disabled_functions_reg).disabled_functions, ht);
- }
-
--static void ZEND_HOT is_in_eval_and_whitelisted(zend_execute_data const* const execute_data) {
-+static void is_in_eval_and_whitelisted(zend_execute_data const* const execute_data) {
- sp_config_eval const* const config_eval = &(SPCFG(eval));
-
- if (EXPECTED(0 == SPG(in_eval))) {
-diff --git a/src/sp_pcre_compat.c b/src/sp_pcre_compat.c
-index 81c51fdc..3658692e 100644
---- a/src/sp_pcre_compat.c
-+++ b/src/sp_pcre_compat.c
-@@ -23,7 +23,7 @@ sp_pcre* sp_pcre_compile(const char* const pattern) {
- return ret;
- }
-
--bool ZEND_HOT sp_is_regexp_matching_len(const sp_pcre* regexp, const char* str, size_t len) {
-+bool sp_is_regexp_matching_len(const sp_pcre* regexp, const char* str, size_t len) {
- int ret = 0;
-
- assert(NULL != regexp);
-From 78668b6ef599f700ba939017dc805485452f5319 Mon Sep 17 00:00:00 2001
-From: jvoisin <julien.voisin@dustri.org>
-Date: Sun, 25 Jun 2023 14:56:43 +0200
-Subject: [PATCH] Fix an unserialize-related warning
-
-This should fix `Warning: unserialize(): Extra data starting at offset 8 of 72 bytes in unserialize.php on line 4`.
-On the flip side, it's not longer possible in PHP8.3 and above, when using
-Snuffleupagus, to have other extensions hooking unserialize().
----
- src/sp_unserialize.c | 18 +++++++++++++-----
- 1 file changed, 13 insertions(+), 5 deletions(-)
-
-diff --git a/src/sp_unserialize.c b/src/sp_unserialize.c
-index 641d9899..ab0d9edb 100644
---- a/src/sp_unserialize.c
-+++ b/src/sp_unserialize.c
-@@ -50,8 +50,6 @@ static zend_string *sp_do_hash_hmac_sha256(char* restrict data, size_t data_len,
- return hex_digest;
- }
-
--// ------------------
--
- PHP_FUNCTION(sp_serialize) {
- zif_handler orig_handler;
-
-@@ -130,11 +128,16 @@ PHP_FUNCTION(sp_unserialize) {
- }
- } else { status = 1; }
-
-- zif_handler orig_handler;
-+ zif_handler orig_handler = zend_hash_str_find_ptr(SPG(sp_internal_functions_hook), ZEND_STRL("unserialize"));
- if (0 == status) {
-- if ((orig_handler = zend_hash_str_find_ptr(SPG(sp_internal_functions_hook), ZEND_STRL("unserialize")))) {
-+#if PHP_VERSION_ID >= 80300
-+ // PHP8.3 gives a warning about trailing data in unserialize strings.
-+ php_unserialize_with_options(return_value, buf, buf_len - 64, opts, "unserialize");
-+#else
-+ if ((orig_handler)) {
- orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
- }
-+#endif
- } else {
- const sp_config_unserialize *config_unserialize = &(SPCFG(unserialize));
- if (config_unserialize->dump) {
-@@ -143,9 +146,14 @@ PHP_FUNCTION(sp_unserialize) {
- }
- if (true == config_unserialize->simulation) {
- sp_log_simulation("unserialize", "Invalid HMAC for %s", serialized_str);
-- if ((orig_handler = zend_hash_str_find_ptr(SPG(sp_internal_functions_hook), ZEND_STRL("unserialize")))) {
-+#if PHP_VERSION_ID >= 80300
-+ // PHP8.3 gives a warning about trailing data in unserialize strings.
-+ php_unserialize_with_options(return_value, buf, buf_len - 64, opts, "unserialize");
-+#else
-+ if ((orig_handler)) {
- orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
- }
-+#endif
- } else {
- sp_log_drop("unserialize", "Invalid HMAC for %s", serialized_str);
- }