Page 1 of 1
php-5.4.19 and php-suhosin-0.9.33-2 breaks session handling
Posted: Sun Sep 15, 2013 5:26 am
by deralte
Hi!
I've installed
php-5.4.19-25.el6.art.i686
and
php-suhosin-0.9.33-2.git1fba865.el6.art.i686
This combination breaks the session handling. You need to apply following pull request patch to make it work again
https://github.com/stefanesser/suhosin/pull/26
Would be nice if you could include it into your rpms.
More details to this bug under
http://robert.penz.name/663/session-ver ... h-suhosin/
Re: php-5.4.19 and php-suhosin-0.9.33-2 breaks session handl
Posted: Tue Sep 17, 2013 10:18 am
by scott
Ahh Its already based on the stanfesser branch, if this is something missing, could you send a .patch file?
Re: php-5.4.19 and php-suhosin-0.9.33-2 breaks session handl
Posted: Sat Sep 28, 2013 6:08 am
by deralte
The first link in my original post is the github pull request for the diff/patch file.
Re: php-5.4.19 and php-suhosin-0.9.33-2 breaks session handl
Posted: Sat Sep 28, 2013 11:12 am
by scott
Im definitely not seeing it then. Can you diff that against stefanesser-suhosin-1fba865.tgz and send me a patch?
Re: php-5.4.19 and php-suhosin-0.9.33-2 breaks session handl
Posted: Mon Sep 30, 2013 2:22 pm
by deralte
On the first Link I click on "Files Changed" and I get on following page:
https://github.com/stefanesser/suhosin/pull/26/files
where 3 lines are replaced by a 15 lines. or what to you need?
Re: php-5.4.19 and php-suhosin-0.9.33-2 breaks session handl
Posted: Mon Oct 07, 2013 9:33 am
by scott
ideally, a .patch against stefanesser-suhosin-1fba865.tgz
Re: php-5.4.19 and php-suhosin-0.9.33-2 breaks session handl
Posted: Tue Dec 17, 2013 11:17 am
by ikkk
# diff session.c session.c.orig
731,736c731
< if (key == NULL || !key[0] ||
< (*mod_data == NULL
< #if PHP_VERSION_ID >= 50400
< && !SESSION_G(mod_user_implemented)
< #endif
< )) {
---
> if (key == NULL || !key[0] || *mod_data == NULL) {
785,790c780
< if (key == NULL || !key[0] || val == NULL || strlen(key) > SUHOSIN_G(session_max_id_length) ||
< (*mod_data == NULL
< #if PHP_VERSION_ID >= 50400
< && !SESSION_G(mod_user_implemented)
< #endif
< )) {
---
> if (key == NULL || !key[0] || val == NULL || strlen(key) > SUHOSIN_G(session_max_id_length) || *mod_data == NULL) {
833,838c823
< if (key == NULL || !key[0] || strlen(key) > SUHOSIN_G(session_max_id_length) ||
< (*mod_data == NULL
< #if PHP_VERSION_ID >= 50400
< && !SESSION_G(mod_user_implemented)
< #endif
< )) {
---
> if (key == NULL || !key[0] || strlen(key) > SUHOSIN_G(session_max_id_length) || *mod_data == NULL) {
Re: php-5.4.19 and php-suhosin-0.9.33-2 breaks session handl
Posted: Tue Dec 17, 2013 11:19 am
by ikkk
This was against
https://github.com/stefanesser/suhosin/ ... master.zip
and with these changes and a compile as a extension - joomla1.5 logins are now working under php5.4.x
Re: php-5.4.19 and php-suhosin-0.9.33-2 breaks session handl
Posted: Fri Jun 27, 2014 7:33 am
by ikkk
Im still having this issue with php-suhosin from atomic on php5.4
heres my howto if it helps anyone to fix this
Code: Select all
mkdir /src
cd /src
wget https://github.com/stefanesser/suhosin/archive/master.zip
yum install unzip
unzip master
cd suhosin-master/
mv session.c session.c.orig
wget https://raw.github.com/blino/suhosin/117b6aa6efec61afaa1431c698dad8eb553b55f5/session.c
phpize
./configure
make
mv /usr/lib64/php/modules/suhosin.so /usr/lib64/php/modules/suhosin.so.old
cp /src/suhosin-master/modules/suhosin.so /usr/lib64/php/modules/suhosin.so
service httpd restart
Re: php-5.4.19 and php-suhosin-0.9.33-2 breaks session handl
Posted: Fri Jun 27, 2014 11:44 am
by ikkk
Theres no need for the patch with the suhosin 0.9.36 code - so you can skip these lines:
Code: Select all
mv session.c session.c.orig
wget https://raw.github.com/blino/suhosin/117b6aa6efec61afaa1431c698dad8eb553b55f5/session.c