php-5.4.19 and php-suhosin-0.9.33-2 breaks session handling
php-5.4.19 and php-suhosin-0.9.33-2 breaks session handling
Hi!
I've installed
php-5.4.19-25.el6.art.i686
and
php-suhosin-0.9.33-2.git1fba865.el6.art.i686
This combination breaks the session handling. You need to apply following pull request patch to make it work again
https://github.com/stefanesser/suhosin/pull/26
Would be nice if you could include it into your rpms.
More details to this bug under
http://robert.penz.name/663/session-ver ... h-suhosin/
I've installed
php-5.4.19-25.el6.art.i686
and
php-suhosin-0.9.33-2.git1fba865.el6.art.i686
This combination breaks the session handling. You need to apply following pull request patch to make it work again
https://github.com/stefanesser/suhosin/pull/26
Would be nice if you could include it into your rpms.
More details to this bug under
http://robert.penz.name/663/session-ver ... h-suhosin/
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: php-5.4.19 and php-suhosin-0.9.33-2 breaks session handl
Ahh Its already based on the stanfesser branch, if this is something missing, could you send a .patch file?
Re: php-5.4.19 and php-suhosin-0.9.33-2 breaks session handl
The first link in my original post is the github pull request for the diff/patch file.
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: php-5.4.19 and php-suhosin-0.9.33-2 breaks session handl
Im definitely not seeing it then. Can you diff that against stefanesser-suhosin-1fba865.tgz and send me a patch?
Re: php-5.4.19 and php-suhosin-0.9.33-2 breaks session handl
On the first Link I click on "Files Changed" and I get on following page:
https://github.com/stefanesser/suhosin/pull/26/files
where 3 lines are replaced by a 15 lines. or what to you need?
https://github.com/stefanesser/suhosin/pull/26/files
where 3 lines are replaced by a 15 lines. or what to you need?
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: php-5.4.19 and php-suhosin-0.9.33-2 breaks session handl
ideally, a .patch against stefanesser-suhosin-1fba865.tgz
Re: php-5.4.19 and php-suhosin-0.9.33-2 breaks session handl
# diff session.c session.c.orig
731,736c731
< if (key == NULL || !key[0] ||
< (*mod_data == NULL
< #if PHP_VERSION_ID >= 50400
< && !SESSION_G(mod_user_implemented)
< #endif
< )) {
---
> if (key == NULL || !key[0] || *mod_data == NULL) {
785,790c780
< if (key == NULL || !key[0] || val == NULL || strlen(key) > SUHOSIN_G(session_max_id_length) ||
< (*mod_data == NULL
< #if PHP_VERSION_ID >= 50400
< && !SESSION_G(mod_user_implemented)
< #endif
< )) {
---
> if (key == NULL || !key[0] || val == NULL || strlen(key) > SUHOSIN_G(session_max_id_length) || *mod_data == NULL) {
833,838c823
< if (key == NULL || !key[0] || strlen(key) > SUHOSIN_G(session_max_id_length) ||
< (*mod_data == NULL
< #if PHP_VERSION_ID >= 50400
< && !SESSION_G(mod_user_implemented)
< #endif
< )) {
---
> if (key == NULL || !key[0] || strlen(key) > SUHOSIN_G(session_max_id_length) || *mod_data == NULL) {
731,736c731
< if (key == NULL || !key[0] ||
< (*mod_data == NULL
< #if PHP_VERSION_ID >= 50400
< && !SESSION_G(mod_user_implemented)
< #endif
< )) {
---
> if (key == NULL || !key[0] || *mod_data == NULL) {
785,790c780
< if (key == NULL || !key[0] || val == NULL || strlen(key) > SUHOSIN_G(session_max_id_length) ||
< (*mod_data == NULL
< #if PHP_VERSION_ID >= 50400
< && !SESSION_G(mod_user_implemented)
< #endif
< )) {
---
> if (key == NULL || !key[0] || val == NULL || strlen(key) > SUHOSIN_G(session_max_id_length) || *mod_data == NULL) {
833,838c823
< if (key == NULL || !key[0] || strlen(key) > SUHOSIN_G(session_max_id_length) ||
< (*mod_data == NULL
< #if PHP_VERSION_ID >= 50400
< && !SESSION_G(mod_user_implemented)
< #endif
< )) {
---
> if (key == NULL || !key[0] || strlen(key) > SUHOSIN_G(session_max_id_length) || *mod_data == NULL) {
Re: php-5.4.19 and php-suhosin-0.9.33-2 breaks session handl
This was against https://github.com/stefanesser/suhosin/ ... master.zip
and with these changes and a compile as a extension - joomla1.5 logins are now working under php5.4.x
and with these changes and a compile as a extension - joomla1.5 logins are now working under php5.4.x
Re: php-5.4.19 and php-suhosin-0.9.33-2 breaks session handl
Im still having this issue with php-suhosin from atomic on php5.4
heres my howto if it helps anyone to fix this
heres my howto if it helps anyone to fix this
Code: Select all
mkdir /src
cd /src
wget https://github.com/stefanesser/suhosin/archive/master.zip
yum install unzip
unzip master
cd suhosin-master/
mv session.c session.c.orig
wget https://raw.github.com/blino/suhosin/117b6aa6efec61afaa1431c698dad8eb553b55f5/session.c
phpize
./configure
make
mv /usr/lib64/php/modules/suhosin.so /usr/lib64/php/modules/suhosin.so.old
cp /src/suhosin-master/modules/suhosin.so /usr/lib64/php/modules/suhosin.so
service httpd restart
Re: php-5.4.19 and php-suhosin-0.9.33-2 breaks session handl
Theres no need for the patch with the suhosin 0.9.36 code - so you can skip these lines:
Code: Select all
mv session.c session.c.orig
wget https://raw.github.com/blino/suhosin/117b6aa6efec61afaa1431c698dad8eb553b55f5/session.c