Hi release team,
the long awaiting new release of php-suhosin was just released a couple of
days before the freeze and due the broken watch file we missed it by time.
The new package would fix a bug (#584509,) severity important, and some other
bugs.
php-suhosin (0.9.32.1-1) UNRELEASED; urgency=low
* New upstream version (Closes: #584509)
- Improved random number seed generation more by adding /dev/urandom juice
- Fixed missing header file resulting in wrong php_combined_lcg() prototype
being used
- Added support for memory_limit > 2GB
- Fixed missing header file resulting in compile errors
* Drop 10_fix_function_prototype, integrated upstream
* Update watch file
-- Jan Wagner <waja@cyconet.org> Tue, 13 Apr 2010 13:51:22 +0200
packaging changes:
changelog | 13 +++++++++++++
patches/00list | 1 -
patches/10_fix_function_prototype.dpatch | 17 -----------------
watch | 2 +-
4 files changed, 14 insertions(+), 19 deletions(-)
upstream changes:
Changelog | 10 ++++++++++
execute.c | 14 +++++++++++++-
memory_limit.c | 12 ++++++++++--
php_suhosin.h | 2 +-
4 files changed, 34 insertions(+), 4 deletions(-)
Patches against 0.9.31-1 are attached. Could you please state, if we are
allowed to update the package via unstable?
Thanks and with kind regards, Jan.
--
Never write mail to <waja@spamfalle.info>, you have been warned!
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GIT d-- s+: a C+++ UL++++ P+ L+++ E--- W+++ N+++ o++ K++ w--- O M V- PS PE Y++
PGP++ t-- 5 X R tv- b+ DI D+ G++ e++ h---- r+++ y++++
------END GEEK CODE BLOCK------
diff -Nurb suhosin-0.9.31/Changelog suhosin-0.9.32.1/Changelog
--- suhosin-0.9.31/Changelog 2010-03-28 22:43:13.000000000 +0200
+++ suhosin-0.9.32.1/Changelog 2010-07-23 21:48:22.000000000 +0200
@@ -1,3 +1,13 @@
+2010-07-23 - 0.9.32.1
+
+ - Fixed missing header file resulting in compile errors
+
+2010-07-23 - 0.9.32
+
+ - Added support for memory_limit > 2GB
+ - Fixed missing header file resulting in wrong php_combined_lcg() prototype being used
+ - Improved random number seed generation more by adding /dev/urandom juice
+
2010-03-28 - 0.9.31
- Fix ZTS build of session.c
diff -Nurb suhosin-0.9.31/execute.c suhosin-0.9.32.1/execute.c
--- suhosin-0.9.31/execute.c 2010-03-28 22:43:13.000000000 +0200
+++ suhosin-0.9.32.1/execute.c 2010-07-23 21:48:22.000000000 +0200
@@ -23,12 +23,14 @@
#include "config.h"
#endif
+#include <fcntl.h>
#include "php.h"
#include "php_ini.h"
#include "zend_hash.h"
#include "zend_extensions.h"
#include "ext/standard/info.h"
#include "ext/standard/php_rand.h"
+#include "ext/standard/php_lcg.h"
#include "php_suhosin.h"
#include "zend_compile.h"
#include "zend_llist.h"
@@ -1314,6 +1316,7 @@
unsigned long stack_value = (unsigned long)&code_value;
unsigned long heap_value = (unsigned long)SUHOSIN_G(r_state);
suhosin_SHA256_CTX context;
+ int fd;
code_value ^= code_value >> 32;
stack_value ^= stack_value >> 32;
@@ -1330,8 +1333,17 @@
#endif
seedbuf[5] = (php_uint32) 0x7fffffff * php_combined_lcg(TSRMLS_C);
+#ifndef PHP_WIN32
+ fd = VCWD_OPEN("/dev/urandom", O_RDONLY);
+ if (fd >= 0) {
+ /* ignore error case - if urandom doesn't give us any/enough random bytes */
+ read(fd, &seedbuf[6], 2 * sizeof(php_uint32));
+ close(fd);
+ }
+#endif
+
suhosin_SHA256Init(&context);
- suhosin_SHA256Update(&context, (void *) seedbuf, sizeof(php_uint32) * 6);
+ suhosin_SHA256Update(&context, (void *) seedbuf, sizeof(php_uint32) * 8);
suhosin_SHA256Final(seedbuf, &context);
}
/* }}} */
diff -Nurb suhosin-0.9.31/memory_limit.c suhosin-0.9.32.1/memory_limit.c
--- suhosin-0.9.31/memory_limit.c 2010-03-28 22:43:13.000000000 +0200
+++ suhosin-0.9.32.1/memory_limit.c 2010-07-23 21:48:22.000000000 +0200
@@ -47,13 +47,21 @@
SUHOSIN_G(hard_memory_limit) = 0;
}
if (new_value) {
- PG(memory_limit) = zend_atoi(new_value, new_value_length);
- if (PG(memory_limit) > hard_memory_limit || PG(memory_limit) < 0) {
+ PG(memory_limit) = zend_atol(new_value, new_value_length);
+ if (hard_memory_limit > 0) {
+ if (PG(memory_limit) > hard_memory_limit) {
suhosin_log(S_MISC, "script tried to increase memory_limit to %u bytes which is above the allowed value", PG(memory_limit));
if (!SUHOSIN_G(simulation)) {
PG(memory_limit) = hard_memory_limit;
return FAILURE;
}
+ } else if (PG(memory_limit) < 0) {
+ suhosin_log(S_MISC, "script tried to disable memory_limit by setting it to a negative value %d bytes which is not allowed", PG(memory_limit));
+ if (!SUHOSIN_G(simulation)) {
+ PG(memory_limit) = hard_memory_limit;
+ return FAILURE;
+ }
+ }
}
} else {
PG(memory_limit) = hard_memory_limit;
diff -Nurb suhosin-0.9.31/php_suhosin.h suhosin-0.9.32.1/php_suhosin.h
--- suhosin-0.9.31/php_suhosin.h 2010-03-28 22:43:13.000000000 +0200
+++ suhosin-0.9.32.1/php_suhosin.h 2010-07-23 21:48:22.000000000 +0200
@@ -22,7 +22,7 @@
#ifndef PHP_SUHOSIN_H
#define PHP_SUHOSIN_H
-#define SUHOSIN_EXT_VERSION "0.9.31"
+#define SUHOSIN_EXT_VERSION "0.9.32.1"
/*#define SUHOSIN_DEBUG*/
#define SUHOSIN_LOG "/tmp/suhosin_log.txt"
diff -Nurb php-suhosin-0.9.31/debian/changelog php-suhosin-0.9.32.1/debian/changelog --- php-suhosin-0.9.31/debian/changelog 2010-08-12 09:45:25.000000000 +0200 +++ php-suhosin-0.9.32.1/debian/changelog 2010-08-12 09:45:32.000000000 +0200 @@ -1,3 +1,16 @@ +php-suhosin (0.9.32.1-1) UNRELEASED; urgency=low + + * New upstream version (Closes: #584509) + - Improved random number seed generation more by adding /dev/urandom juice + - Fixed missing header file resulting in wrong php_combined_lcg() prototype + being used + - Added support for memory_limit > 2GB + - Fixed missing header file resulting in compile errors + * Drop 10_fix_function_prototype, integrated upstream + * Update watch file + + -- Jan Wagner <waja@cyconet.org> Tue, 13 Apr 2010 13:51:22 +0200 + php-suhosin (0.9.31-1) unstable; urgency=low * New upstream version diff -Nurb php-suhosin-0.9.31/debian/patches/00list php-suhosin-0.9.32.1/debian/patches/00list --- php-suhosin-0.9.31/debian/patches/00list 2010-08-12 09:45:25.000000000 +0200 +++ php-suhosin-0.9.32.1/debian/patches/00list 1970-01-01 01:00:00.000000000 +0100 @@ -1 +0,0 @@ -10_fix_function_prototype diff -Nurb php-suhosin-0.9.31/debian/patches/10_fix_function_prototype.dpatch php-suhosin-0.9.32.1/debian/patches/10_fix_function_prototype.dpatch --- php-suhosin-0.9.31/debian/patches/10_fix_function_prototype.dpatch 2010-08-12 09:45:25.000000000 +0200 +++ php-suhosin-0.9.32.1/debian/patches/10_fix_function_prototype.dpatch 1970-01-01 01:00:00.000000000 +0100 @@ -1,17 +0,0 @@ -#! /bin/sh /usr/share/dpatch/dpatch-run -## 10_fix_entropy.dpatch by Stefan <stefan.esser@sektioneins.de> -## -## DP: Fix entropy (http://bugs.debian.org/539307) - -@DPATCH@ -diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' php-suhosin-0.9.31~/execute.c php-suhosin-0.9.31/execute.c ---- php-suhosin-0.9.31~/execute.c 2010-04-13 11:36:29.000000000 +0200 -+++ php-suhosin-0.9.31/execute.c 2010-04-13 11:37:07.000000000 +0200 -@@ -28,6 +28,7 @@ - #include "zend_hash.h" - #include "zend_extensions.h" - #include "ext/standard/info.h" -+#include "ext/standard/php_lcg.h" - #include "ext/standard/php_rand.h" - #include "php_suhosin.h" - #include "zend_compile.h" diff -Nurb php-suhosin-0.9.31/debian/watch php-suhosin-0.9.32.1/debian/watch --- php-suhosin-0.9.31/debian/watch 2010-08-12 09:45:25.000000000 +0200 +++ php-suhosin-0.9.32.1/debian/watch 2010-08-12 09:45:32.000000000 +0200 @@ -1,2 +1,2 @@ version=3 -http://www.hardened-php.net/suhosin/download.html http://download.suhosin.org/suhosin-(.*)\.tgz +http://www.hardened-php.net/suhosin/download.html http://download.suhosin.org/suhosin-(.*)\.tar.gz
Attachment:
signature.asc
Description: This is a digitally signed message part.