View 0001-Rework-scram_channel_binding-to-protect-from-downgra.patch
From 5bf51e7bdcfaf2d6e8af5132bb7884bc307f440b Mon Sep 17 00:00:00 2001 | |
From: Michael Paquier <michael@paquier.xyz> | |
Date: Tue, 22 May 2018 17:03:48 +0900 | |
Subject: [PATCH] Rework scram_channel_binding to protect from downgrade | |
attacks | |
When a client attempts to connect to a PostgreSQL cluster, it may be | |
possible that it requested channel binding with SCRAM authentication, | |
but that the server tricks the clister and forcibly downgrades the | |
authentication request. For example, a v10 cluster supports SCRAM but |
View Dockerfile
FROM alpine | |
MAINTAINER Yasuo Ohgaki version: 0.1 | |
RUN \ | |
apk update; \ | |
apk add gcc g++ make curl openssh-client rsync perl-net-dns | |
RUN \ | |
mkdir /package; \ | |
cd /package/; \ |
View hash_hkdf.xml.diff
Index: en/reference/hash/functions/hash-hkdf.xml | |
=================================================================== | |
--- en/reference/hash/functions/hash-hkdf.xml (リビジョン 342317) | |
+++ en/reference/hash/functions/hash-hkdf.xml (作業コピー) | |
@@ -3,7 +3,7 @@ | |
<refentry xml:id="function.hash-hkdf" xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink"> | |
<refnamediv> | |
<refname>hash_hkdf</refname> | |
- <refpurpose>Generate a HKDF key derivation of a supplied key input</refpurpose> | |
+ <refpurpose>Derive secure new key from existing key by using HKDF</refpurpose> |
View user_serializer.php
<?php | |
// This code is to explain why current API is not good for user defined serializer. | |
// https://wiki.php.net/rfc/user_defined_session_serializer | |
ob_start(); | |
ini_set('session.serialize_handler', 'php_serialize'); | |
ini_set('session.save_handler', 'files'); | |
ini_set('session.save_path', '/tmp'); | |
ini_set('session.use_strict_mode', 0); |
View session_serializer.patch
diff --git a/ext/session/session.c b/ext/session/session.c | |
index b2d0236..4b30b96 100644 | |
--- a/ext/session/session.c | |
+++ b/ext/session/session.c | |
@@ -890,19 +890,31 @@ PS_SERIALIZER_ENCODE_FUNC(php_binary) /* {{{ */ | |
smart_str buf = {0}; | |
php_serialize_data_t var_hash; | |
PS_ENCODE_VARS; | |
+ HashTable *_ht; | |
+ int key_type; |
View head.c.patch
diff --git a/ext/standard/head.c b/ext/standard/head.c | |
index eac9159..4842cb7d 100644 | |
--- a/ext/standard/head.c | |
+++ b/ext/standard/head.c | |
@@ -181,6 +181,74 @@ PHPAPI int php_setcookie(zend_string *name, zend_string *value, time_t expires, | |
return result; | |
} | |
+enum cookie_set_opts { | |
+ COOKIE_SET_EXPIRES = 0, |
View bug72997.php
<?php | |
ob_start(); | |
ini_set('session.use_cookies', 1); | |
ini_set('session.save_handler', 'files'); | |
session_name('BUG'); | |
session_start(); |
View mb_convert_variables.patch
diff --git a/ext/mbstring/mbstring.c b/ext/mbstring/mbstring.c | |
index d6d7cfc..b35a409 100644 | |
--- a/ext/mbstring/mbstring.c | |
+++ b/ext/mbstring/mbstring.c | |
@@ -3856,24 +3856,112 @@ PHP_FUNCTION(mb_convert_kana) | |
} | |
/* }}} */ | |
-#define PHP_MBSTR_STACK_BLOCK_SIZE 32 | |
+ |
View uniqid.patch
diff --git a/ext/standard/uniqid.c b/ext/standard/uniqid.c | |
index f429e6d..975e65b 100644 | |
--- a/ext/standard/uniqid.c | |
+++ b/ext/standard/uniqid.c | |
@@ -36,8 +36,11 @@ | |
#endif | |
#include "php_lcg.h" | |
+#include "php_random.h" | |
#include "uniqid.h" |
View master-rfc-session-without-hashing.patch
diff --git a/UPGRADING b/UPGRADING | |
index 5400a2e..56221f4 100644 | |
--- a/UPGRADING | |
+++ b/UPGRADING | |
@@ -71,6 +71,25 @@ PHP 7.1 UPGRADE NOTES | |
- OpenSSL: | |
. Dropped sslv2 stream. | |
+- Session: | |
+ . Session ID is generated from CSPNG directly. As a result, Session ID length |
NewerOlder