[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

approval request for php-suhosin 0.9.32.1-1



Hi release team,

the long awaiting new release of php-suhosin was just released a couple of 
days before the freeze and due the broken watch file we missed it by time.
The new package would fix a bug (#584509,) severity important, and some other 
bugs.

php-suhosin (0.9.32.1-1) UNRELEASED; urgency=low

 * New upstream version (Closes: #584509)
   - Improved random number seed generation more by adding /dev/urandom juice
   - Fixed missing header file resulting in wrong php_combined_lcg() prototype
     being used
   - Added support for memory_limit > 2GB
   - Fixed missing header file resulting in compile errors
 * Drop 10_fix_function_prototype, integrated upstream
 * Update watch file

 -- Jan Wagner <waja@cyconet.org>  Tue, 13 Apr 2010 13:51:22 +0200

packaging changes:
 changelog                                |   13 +++++++++++++
 patches/00list                           |    1 -
 patches/10_fix_function_prototype.dpatch |   17 -----------------
 watch                                    |    2 +-
 4 files changed, 14 insertions(+), 19 deletions(-)

upstream changes:
 Changelog      |   10 ++++++++++
 execute.c      |   14 +++++++++++++-
 memory_limit.c |   12 ++++++++++--
 php_suhosin.h  |    2 +-
 4 files changed, 34 insertions(+), 4 deletions(-)

Patches against 0.9.31-1 are attached. Could you please state, if we are 
allowed to update the package via unstable?

Thanks and with kind regards, Jan.
-- 
Never write mail to <waja@spamfalle.info>, you have been warned!
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GIT d-- s+: a C+++ UL++++ P+ L+++ E--- W+++ N+++ o++ K++ w--- O M V- PS PE Y++
PGP++ t-- 5 X R tv- b+ DI D+ G++ e++ h---- r+++ y++++ 
------END GEEK CODE BLOCK------

diff -Nurb suhosin-0.9.31/Changelog suhosin-0.9.32.1/Changelog
--- suhosin-0.9.31/Changelog	2010-03-28 22:43:13.000000000 +0200
+++ suhosin-0.9.32.1/Changelog	2010-07-23 21:48:22.000000000 +0200
@@ -1,3 +1,13 @@
+2010-07-23 - 0.9.32.1
+
+    - Fixed missing header file resulting in compile errors
+
+2010-07-23 - 0.9.32
+
+    - Added support for memory_limit > 2GB
+    - Fixed missing header file resulting in wrong php_combined_lcg() prototype being used
+    - Improved random number seed generation more by adding /dev/urandom juice
+
 2010-03-28 - 0.9.31
 
     - Fix ZTS build of session.c
diff -Nurb suhosin-0.9.31/execute.c suhosin-0.9.32.1/execute.c
--- suhosin-0.9.31/execute.c	2010-03-28 22:43:13.000000000 +0200
+++ suhosin-0.9.32.1/execute.c	2010-07-23 21:48:22.000000000 +0200
@@ -23,12 +23,14 @@
 #include "config.h"
 #endif
 
+#include <fcntl.h>
 #include "php.h"
 #include "php_ini.h"
 #include "zend_hash.h"
 #include "zend_extensions.h"
 #include "ext/standard/info.h"
 #include "ext/standard/php_rand.h"
+#include "ext/standard/php_lcg.h"
 #include "php_suhosin.h"
 #include "zend_compile.h"
 #include "zend_llist.h"
@@ -1314,6 +1316,7 @@
     unsigned long stack_value = (unsigned long)&code_value;
     unsigned long heap_value  = (unsigned long)SUHOSIN_G(r_state);
     suhosin_SHA256_CTX   context;
+    int fd;
     
     code_value ^= code_value >> 32;
     stack_value ^= stack_value >> 32;
@@ -1330,8 +1333,17 @@
 #endif
     seedbuf[5] = (php_uint32) 0x7fffffff * php_combined_lcg(TSRMLS_C);
     
+#ifndef PHP_WIN32
+    fd = VCWD_OPEN("/dev/urandom", O_RDONLY);
+    if (fd >= 0) {
+        /* ignore error case - if urandom doesn't give us any/enough random bytes */
+        read(fd, &seedbuf[6], 2 * sizeof(php_uint32));
+        close(fd);
+    }
+#endif
+
     suhosin_SHA256Init(&context);
-	suhosin_SHA256Update(&context, (void *) seedbuf, sizeof(php_uint32) * 6);
+	suhosin_SHA256Update(&context, (void *) seedbuf, sizeof(php_uint32) * 8);
 	suhosin_SHA256Final(seedbuf, &context);
 }
 /* }}} */
diff -Nurb suhosin-0.9.31/memory_limit.c suhosin-0.9.32.1/memory_limit.c
--- suhosin-0.9.31/memory_limit.c	2010-03-28 22:43:13.000000000 +0200
+++ suhosin-0.9.32.1/memory_limit.c	2010-07-23 21:48:22.000000000 +0200
@@ -47,13 +47,21 @@
 		SUHOSIN_G(hard_memory_limit) = 0;
 	}
 	if (new_value) {
-		PG(memory_limit) = zend_atoi(new_value, new_value_length);
-		if (PG(memory_limit) > hard_memory_limit || PG(memory_limit) < 0) {
+		PG(memory_limit) = zend_atol(new_value, new_value_length);
+		if (hard_memory_limit > 0) {
+			if (PG(memory_limit) > hard_memory_limit) {
 			suhosin_log(S_MISC, "script tried to increase memory_limit to %u bytes which is above the allowed value", PG(memory_limit));
 			if (!SUHOSIN_G(simulation)) {
 				PG(memory_limit) = hard_memory_limit;
 				return FAILURE;
 			}
+			} else if (PG(memory_limit) < 0) {
+				suhosin_log(S_MISC, "script tried to disable memory_limit by setting it to a negative value %d bytes which is not allowed", PG(memory_limit));
+				if (!SUHOSIN_G(simulation)) {
+					PG(memory_limit) = hard_memory_limit;
+					return FAILURE;
+				}
+			}
 		}
 	} else {
 		PG(memory_limit) = hard_memory_limit;
diff -Nurb suhosin-0.9.31/php_suhosin.h suhosin-0.9.32.1/php_suhosin.h
--- suhosin-0.9.31/php_suhosin.h	2010-03-28 22:43:13.000000000 +0200
+++ suhosin-0.9.32.1/php_suhosin.h	2010-07-23 21:48:22.000000000 +0200
@@ -22,7 +22,7 @@
 #ifndef PHP_SUHOSIN_H
 #define PHP_SUHOSIN_H
 
-#define SUHOSIN_EXT_VERSION  "0.9.31"
+#define SUHOSIN_EXT_VERSION  "0.9.32.1"
 
 /*#define SUHOSIN_DEBUG*/
 #define SUHOSIN_LOG "/tmp/suhosin_log.txt"
diff -Nurb php-suhosin-0.9.31/debian/changelog php-suhosin-0.9.32.1/debian/changelog
--- php-suhosin-0.9.31/debian/changelog	2010-08-12 09:45:25.000000000 +0200
+++ php-suhosin-0.9.32.1/debian/changelog	2010-08-12 09:45:32.000000000 +0200
@@ -1,3 +1,16 @@
+php-suhosin (0.9.32.1-1) UNRELEASED; urgency=low
+
+  * New upstream version (Closes: #584509)
+    - Improved random number seed generation more by adding /dev/urandom juice
+    - Fixed missing header file resulting in wrong php_combined_lcg() prototype
+      being used
+    - Added support for memory_limit > 2GB
+    - Fixed missing header file resulting in compile errors
+  * Drop 10_fix_function_prototype, integrated upstream
+  * Update watch file
+
+ -- Jan Wagner <waja@cyconet.org>  Tue, 13 Apr 2010 13:51:22 +0200
+
 php-suhosin (0.9.31-1) unstable; urgency=low
 
   * New upstream version
diff -Nurb php-suhosin-0.9.31/debian/patches/00list php-suhosin-0.9.32.1/debian/patches/00list
--- php-suhosin-0.9.31/debian/patches/00list	2010-08-12 09:45:25.000000000 +0200
+++ php-suhosin-0.9.32.1/debian/patches/00list	1970-01-01 01:00:00.000000000 +0100
@@ -1 +0,0 @@
-10_fix_function_prototype
diff -Nurb php-suhosin-0.9.31/debian/patches/10_fix_function_prototype.dpatch php-suhosin-0.9.32.1/debian/patches/10_fix_function_prototype.dpatch
--- php-suhosin-0.9.31/debian/patches/10_fix_function_prototype.dpatch	2010-08-12 09:45:25.000000000 +0200
+++ php-suhosin-0.9.32.1/debian/patches/10_fix_function_prototype.dpatch	1970-01-01 01:00:00.000000000 +0100
@@ -1,17 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 10_fix_entropy.dpatch by Stefan <stefan.esser@sektioneins.de>
-##
-## DP: Fix entropy (http://bugs.debian.org/539307)
-
-@DPATCH@
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' php-suhosin-0.9.31~/execute.c php-suhosin-0.9.31/execute.c
---- php-suhosin-0.9.31~/execute.c	2010-04-13 11:36:29.000000000 +0200
-+++ php-suhosin-0.9.31/execute.c	2010-04-13 11:37:07.000000000 +0200
-@@ -28,6 +28,7 @@
- #include "zend_hash.h"
- #include "zend_extensions.h"
- #include "ext/standard/info.h"
-+#include "ext/standard/php_lcg.h"
- #include "ext/standard/php_rand.h"
- #include "php_suhosin.h"
- #include "zend_compile.h"
diff -Nurb php-suhosin-0.9.31/debian/watch php-suhosin-0.9.32.1/debian/watch
--- php-suhosin-0.9.31/debian/watch	2010-08-12 09:45:25.000000000 +0200
+++ php-suhosin-0.9.32.1/debian/watch	2010-08-12 09:45:32.000000000 +0200
@@ -1,2 +1,2 @@
 version=3
-http://www.hardened-php.net/suhosin/download.html http://download.suhosin.org/suhosin-(.*)\.tgz
+http://www.hardened-php.net/suhosin/download.html http://download.suhosin.org/suhosin-(.*)\.tar.gz

Attachment: signature.asc
Description: This is a digitally signed message part.


Reply to: