diff options
| -rw-r--r-- | PHPINFO | 2 | ||||
| -rw-r--r-- | REFLECTION | 2 | ||||
| -rw-r--r-- | php-snuffleupagus.spec | 20 | ||||
| -rw-r--r-- | php85.patch | 179 |
4 files changed, 13 insertions, 190 deletions
@@ -2,7 +2,7 @@ snuffleupagus snuffleupagus support => enabled -Version => 0.12.0 +Version => 0.13.0 Valid config => yes Directive => Local Value => Master Value @@ -1,4 +1,4 @@ -Extension [ <persistent> extension #111 snuffleupagus version 0.12.0 ] { +Extension [ <persistent> extension #116 snuffleupagus version 0.13.0 ] { - INI { Entry [ sp.configuration_file <SYSTEM> ] diff --git a/php-snuffleupagus.spec b/php-snuffleupagus.spec index 29bcf7c..cc4b9ea 100644 --- a/php-snuffleupagus.spec +++ b/php-snuffleupagus.spec @@ -1,6 +1,6 @@ # remirepo spec file for php-snuffleupagus # -# SPDX-FileCopyrightText: Copyright 2018-2025 Remi Collet +# SPDX-FileCopyrightText: Copyright 2018-2026 Remi Collet # SPDX-License-Identifier: CECILL-2.1 # http://www.cecill.info/licences/Licence_CeCILL_V2-en.txt # @@ -16,7 +16,7 @@ %bcond_without tests -%global gh_commit 1c7598c432551d0c49c2c57f249ccd5ccabce638 +%global gh_commit 5f944e2b1085bdd07b75f7c13bec2b2ad49ea09e %global gh_short %(c=%{gh_commit}; echo ${c:0:7}) %global gh_owner jvoisin %global gh_project snuffleupagus @@ -31,19 +31,17 @@ Summary: Security module for PHP Name: %{?scl_prefix}php-snuffleupagus -Version: 0.12.0 +Version: 0.13.0 %if 0%{?gh_date} -Release: 1%{gh_date}.%{gh_short}%{?dist}%{!?scl:%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')}} +Release: 1%{gh_date}.%{gh_short}%{?dist} %else -Release: 3%{?dist}%{!?scl:%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')}} +Release: 1%{?dist} %endif License: LGPL-3.0-only Group: Development/Languages URL: https://github.com/%{gh_owner}/%{gh_project} Source0: https://github.com/%{gh_owner}/%{gh_project}/archive/%{gh_commit}/%{pkg_name}-%{version}-%{gh_short}.tar.gz -Patch0: php85.patch - BuildRequires: %{?dtsprefix}gcc BuildRequires: %{?scl_prefix}php-devel >= 7.0 # For tests/upload_validation_real.phpt @@ -75,8 +73,6 @@ Package built for PHP %(%{__php} -r 'echo PHP_MAJOR_VERSION.".".PHP_MINOR_VERSIO %setup -q -n %{gh_project}-%{gh_commit} cd %{sources} -%patch -P0 -p2 - # Sanity check, really often broken grep PHP_SNUFFLEUPAGUS_VERSION php_snuffleupagus.h # sed -e '/PHP_SNUFFLEUPAGUS_VERSION/s/0.9.0/0.8.0/' -i php_snuffleupagus.h @@ -171,6 +167,9 @@ VER=$(%{__php} -r 'echo PHP_VERSION_ID;') if [ $VER -lt 80000 ]; then rm -rf src/tests/*php8*/ fi +if [ $VER -lt 70100 ]; then + rm -rf src/tests/session_encryption/set_custom_session_handler2.phpt +fi cd %{sources} export SP_SKIP_OLD_PHP_CHECK=1 @@ -216,6 +215,9 @@ REPORT_EXIT_STATUS=1 \ %changelog +* Wed Jan 7 2026 Remi Collet <remi@remirepo.net> - 0.13.0-1 +- update to 0.13.0 + * Thu Oct 2 2025 Remi Collet <remi@remirepo.net> - 0.12.0-3 - add upstream patch for PHP 8.5.0RC1 diff --git a/php85.patch b/php85.patch deleted file mode 100644 index 63588b4..0000000 --- a/php85.patch +++ /dev/null @@ -1,179 +0,0 @@ -From ee5e383c6bbca94d5f93134510468b3fe87a470c Mon Sep 17 00:00:00 2001 -From: jvoisin <julien.voisin@dustri.org> -Date: Sun, 31 Aug 2025 16:05:44 +0200 -Subject: [PATCH] Add support for PHP8.5 - ---- - .github/workflows/builds.yml | 1 + - src/sp_cookie_encryption.c | 23 +++++++++++++++++-- - ...isabled_functions_shell_exec_backtick.phpt | 1 + - ...led_functions_shell_exec_backtick_var.phpt | 1 + - ...ctions_shell_exec_backtick_var_string.phpt | 1 + - 5 files changed, 25 insertions(+), 2 deletions(-) - -diff --git a/src/sp_cookie_encryption.c b/src/sp_cookie_encryption.c -index c833f943..ec5c7c2d 100644 ---- a/src/sp_cookie_encryption.c -+++ b/src/sp_cookie_encryption.c -@@ -48,7 +48,11 @@ static zend_string *encrypt_data(zend_string *data) { - #if PHP_VERSION_ID >= 70300 - static void php_head_parse_cookie_options_array( - zval *options, zend_long *expires, zend_string **path, zend_string **domain, -- zend_bool *secure, zend_bool *httponly, zend_string **samesite) { -+ zend_bool *secure, zend_bool *httponly, zend_string **samesite -+#if PHP_VERSION_ID >= 80500 -+ ,bool *partitioned -+#endif -+ ) { - int found = 0; - zend_string *key; - zval *value; -@@ -73,6 +77,11 @@ static void php_head_parse_cookie_options_array( - } else if (zend_string_equals_literal_ci(key, "samesite")) { - *samesite = zval_get_string(value); - found++; -+#if PHP_VERSION_ID >= 80500 -+ } else if (zend_string_equals_literal_ci(key, "partitioned")) { -+ *partitioned = zval_is_true(value); -+ found++; -+#endif - } else { - php_error_docref(NULL, E_WARNING, - "Unrecognized key '%s' found in the options array", -@@ -94,6 +103,9 @@ static void php_head_parse_cookie_options_array( - #endif - - PHP_FUNCTION(sp_setcookie) { -+#if PHP_VERSION_ID >= 80500 -+ zend_bool partitioned; -+#endif - zend_string *name = NULL, *value = NULL, *path = NULL, *domain = NULL, - *value_enc = NULL, - #if PHP_VERSION_ID < 70300 -@@ -133,7 +145,11 @@ PHP_FUNCTION(sp_setcookie) { - } - php_head_parse_cookie_options_array(expires_or_options, &expires, &path, - &domain, &secure, &httponly, -+#if PHP_VERSION_ID < 80500 - &samesite); -+#else -+ &samesite, &partitioned); -+#endif - } else { - expires = zval_get_long(expires_or_options); - } -@@ -194,9 +210,12 @@ PHP_FUNCTION(sp_setcookie) { - if (php_setcookie(name, (value_enc ? value_enc : value), expires, - (path_samesite ? path_samesite : path), domain, secure, 1, - httponly) == SUCCESS) { --#else -+#elif PHP_VERSION_ID < 80500 - if (php_setcookie(name, (value_enc ? value_enc : value), expires, path, - domain, secure, httponly, samesite, 1) == SUCCESS) { -+#else -+ if (php_setcookie(name, (value_enc ? value_enc : value), expires, path, -+ domain, secure, httponly, samesite, partitioned, false) == SUCCESS) { - #endif - RETVAL_TRUE; - } else { -diff --git a/src/tests/disable_function/disabled_functions_shell_exec_backtick.phpt b/src/tests/disable_function/disabled_functions_shell_exec_backtick.phpt -index aeb64c29..6f53ceae 100644 ---- a/src/tests/disable_function/disabled_functions_shell_exec_backtick.phpt -+++ b/src/tests/disable_function/disabled_functions_shell_exec_backtick.phpt -@@ -4,6 +4,7 @@ Disable functions - shell_exec via backtick operator - <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?> - --INI-- - sp.configuration_file={PWD}/config/disabled_functions_extra.ini -+error_reporting = E_ALL & ~E_DEPRECATED - --FILE-- - <?php - echo `ls`; -diff --git a/src/tests/disable_function/disabled_functions_shell_exec_backtick_var.phpt b/src/tests/disable_function/disabled_functions_shell_exec_backtick_var.phpt -index a312acfb..6ea5865d 100644 ---- a/src/tests/disable_function/disabled_functions_shell_exec_backtick_var.phpt -+++ b/src/tests/disable_function/disabled_functions_shell_exec_backtick_var.phpt -@@ -4,6 +4,7 @@ Disable functions - shell_exec via backtick operator in context of a var name - <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?> - --INI-- - sp.configuration_file={PWD}/config/disabled_functions_extra.ini -+error_reporting = E_ALL & ~E_DEPRECATED - --FILE-- - <?php - echo ${`ls`}; -diff --git a/src/tests/disable_function/disabled_functions_shell_exec_backtick_var_string.phpt b/src/tests/disable_function/disabled_functions_shell_exec_backtick_var_string.phpt -index ea77a7dd..f1175680 100644 ---- a/src/tests/disable_function/disabled_functions_shell_exec_backtick_var_string.phpt -+++ b/src/tests/disable_function/disabled_functions_shell_exec_backtick_var_string.phpt -@@ -4,6 +4,7 @@ Disable functions - shell_exec via backtick operator in context of a var name in - <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?> - --INI-- - sp.configuration_file={PWD}/config/disabled_functions_extra.ini -+error_reporting = E_ALL & ~E_DEPRECATED - --FILE-- - <?php - echo "{${`ls`}}"; -From 9509733befcb4010bc77b06fcf41e77078976e80 Mon Sep 17 00:00:00 2001 -From: jvoisin <julien.voisin@dustri.org> -Date: Wed, 1 Oct 2025 13:44:06 +0200 -Subject: [PATCH] Fix a cookie-related warning for PHP8.5.0 - -``` -========DIFF======== -001- OK -001+ Fatal error: Uncaught ValueError: setcookie(): "partitioned" option cannot be used without "secure" option in /builddir/build/BUILD/snuffleupagus-1c7598c432551d0c49c2c57f249ccd5ccabce638/src/tests/samesite_cookies.php:2 -002+ Stack trace: -003+ #0 /builddir/build/BUILD/snuffleupagus-1c7598c432551d0c49c2c57f249ccd5ccabce638/src/tests/samesite_cookies.php(2): setcookie('super_cookie', 'super_value') -004+ #1 {main} -005+ thrown in /builddir/build/BUILD/snuffleupagus-1c7598c432551d0c49c2c57f249ccd5ccabce638/src/tests/samesite_cookies.php on line 2 -========DONE======== -FAIL Cookie samesite [tests/samesite_cookies.phpt] -``` - -Even though the warning might be spurious, let's fix this properly, by -initialising `partitioned` to false, and by setting it only if `secure` is set -as well. ---- - src/sp_cookie_encryption.c | 15 +++++++++------ - 1 file changed, 9 insertions(+), 6 deletions(-) - -diff --git a/src/sp_cookie_encryption.c b/src/sp_cookie_encryption.c -index ec5c7c2d..888d2178 100644 ---- a/src/sp_cookie_encryption.c -+++ b/src/sp_cookie_encryption.c -@@ -104,7 +104,7 @@ static void php_head_parse_cookie_options_array( - - PHP_FUNCTION(sp_setcookie) { - #if PHP_VERSION_ID >= 80500 -- zend_bool partitioned; -+ zend_bool partitioned = false; - #endif - zend_string *name = NULL, *value = NULL, *path = NULL, *domain = NULL, - *value_enc = NULL, -@@ -144,12 +144,11 @@ PHP_FUNCTION(sp_setcookie) { - RETURN_FALSE; - } - php_head_parse_cookie_options_array(expires_or_options, &expires, &path, -- &domain, &secure, &httponly, --#if PHP_VERSION_ID < 80500 -- &samesite); --#else -- &samesite, &partitioned); -+ &domain, &secure, &httponly, &samesite -+#if PHP_VERSION_ID >= 80500 -+ , &partitioned - #endif -+ ); - } else { - expires = zval_get_long(expires_or_options); - } -@@ -214,6 +213,10 @@ PHP_FUNCTION(sp_setcookie) { - if (php_setcookie(name, (value_enc ? value_enc : value), expires, path, - domain, secure, httponly, samesite, 1) == SUCCESS) { - #else -+ if (!secure) { -+ // Can't have partitioned cookies without the secure flag. -+ partitioned = false; -+ } - if (php_setcookie(name, (value_enc ? value_enc : value), expires, path, - domain, secure, httponly, samesite, partitioned, false) == SUCCESS) { - #endif |