diff options
| -rw-r--r-- | NEWS | 4 | ||||
| -rwxr-xr-x | UPGRADING | 14 | ||||
| -rw-r--r-- | Zend/Zend.m4 | 7 | ||||
| -rw-r--r-- | ext/session/session.c | 8 | ||||
| -rw-r--r-- | php.ini-development | 9 | ||||
| -rw-r--r-- | php.ini-production | 11 |
6 files changed, 42 insertions, 11 deletions
@@ -13,7 +13,9 @@ PHP NEWS - Added command line option --rz to CLI. (Johannes) - default_charset if not specified is now UTF-8 instead of ISO-8859-1. (Rasmus) - +- default session.entropy_file is now /dev/urandom or /dev/arandom if either + is present at compile time. (Rasmus) + ?? ??? 20??, PHP 5.3.3 - Upgraded bundled PCRE to version 8.01. (Ilia) @@ -40,7 +40,19 @@ UPGRADE NOTES - PHP X.Y default_charset = iso-8859-1 - to your php.ini to preserve pre-PHPX.Y behavior + to your php.ini to preserve pre-PHPX.Y behavior. + +- We now check at compile time if /dev/urandom or /dev/arandom + are present to provide non-blocking entropy to session id + generation. If either is present, session.entropy_file + now defaults to that file and session.entropy_length defaults + to 32. If you do not want extra entropy for your session ids + for some reason, add: + + session.entropy_file= + session.entropy_length=0 + + to your php.ini to preserve pre-PHPX.Y behavior. ============================= 2. Reserved words and classes diff --git a/Zend/Zend.m4 b/Zend/Zend.m4 index 6b1f705bee..c56b769a99 100644 --- a/Zend/Zend.m4 +++ b/Zend/Zend.m4 @@ -419,4 +419,11 @@ if test -r "/dev/urandom" && test -c "/dev/urandom"; then AC_MSG_RESULT(yes) else AC_MSG_RESULT(no) + AC_MSG_CHECKING(whether /dev/arandom exists) + if test -r "/dev/arandom" && test -c "/dev/arandom"; then + AC_DEFINE([HAVE_DEV_ARANDOM], 1, [Define if the target system has /dev/arandom device]) + AC_MSG_RESULT(yes) + else + AC_MSG_RESULT(no) + fi fi diff --git a/ext/session/session.c b/ext/session/session.c index 6456f68163..3455421a7e 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -781,8 +781,16 @@ PHP_INI_BEGIN() STD_PHP_INI_BOOLEAN("session.use_cookies", "1", PHP_INI_ALL, OnUpdateBool, use_cookies, php_ps_globals, ps_globals) STD_PHP_INI_BOOLEAN("session.use_only_cookies", "1", PHP_INI_ALL, OnUpdateBool, use_only_cookies, php_ps_globals, ps_globals) STD_PHP_INI_ENTRY("session.referer_check", "", PHP_INI_ALL, OnUpdateString, extern_referer_chk, php_ps_globals, ps_globals) +#if HAVE_DEV_URANDOM + STD_PHP_INI_ENTRY("session.entropy_file", "/dev/urandom", PHP_INI_ALL, OnUpdateString, entropy_file, php_ps_globals, ps_globals) + STD_PHP_INI_ENTRY("session.entropy_length", "32", PHP_INI_ALL, OnUpdateLong, entropy_length, php_ps_globals, ps_globals) +#elif HAVE_DEV_ARANDOM + STD_PHP_INI_ENTRY("session.entropy_file", "/dev/arandom", PHP_INI_ALL, OnUpdateString, entropy_file, php_ps_globals, ps_globals) + STD_PHP_INI_ENTRY("session.entropy_length", "32", PHP_INI_ALL, OnUpdateLong, entropy_length, php_ps_globals, ps_globals) +#else STD_PHP_INI_ENTRY("session.entropy_file", "", PHP_INI_ALL, OnUpdateString, entropy_file, php_ps_globals, ps_globals) STD_PHP_INI_ENTRY("session.entropy_length", "0", PHP_INI_ALL, OnUpdateLong, entropy_length, php_ps_globals, ps_globals) +#endif STD_PHP_INI_ENTRY("session.cache_limiter", "nocache", PHP_INI_ALL, OnUpdateString, cache_limiter, php_ps_globals, ps_globals) STD_PHP_INI_ENTRY("session.cache_expire", "180", PHP_INI_ALL, OnUpdateLong, cache_expire, php_ps_globals, ps_globals) PHP_INI_ENTRY("session.use_trans_sid", "0", PHP_INI_ALL, OnUpdateTransSid) diff --git a/php.ini-development b/php.ini-development index 7e304461c5..123187350d 100644 --- a/php.ini-development +++ b/php.ini-development @@ -1582,15 +1582,18 @@ session.referer_check = ; How many bytes to read from the file. ; http://php.net/session.entropy-length -session.entropy_length = 0 +;session.entropy_length = 32 ; Specified here to create the session id. ; http://php.net/session.entropy-file +; Defaults to /dev/urandom +; On systems that don't have /dev/urandom but do have /dev/arandom, this will default to /dev/arandom +; If neither are found at compile time, the default is no entropy file. ;session.entropy_file = /dev/urandom -session.entropy_file = ; http://php.net/session.entropy-length -;session.entropy_length = 16 +; defaults to 32 +;session.entropy_length = 32 ; Set to {nocache,private,public,} to determine HTTP caching aspects ; or leave this empty to avoid sending anti-caching headers. diff --git a/php.ini-production b/php.ini-production index 793f67ed7a..448be26405 100644 --- a/php.ini-production +++ b/php.ini-production @@ -1588,17 +1588,16 @@ session.bug_compat_warn = Off ; http://php.net/session.referer-check session.referer_check = -; How many bytes to read from the file. -; http://php.net/session.entropy-length -session.entropy_length = 0 - ; Specified here to create the session id. ; http://php.net/session.entropy-file +; Defaults to /dev/urandom +; On systems that don't have /dev/urandom but do have /dev/arandom, this will default to /dev/arandom +; If neither are found at compile time, the default is no entropy file. ;session.entropy_file = /dev/urandom -session.entropy_file = ; http://php.net/session.entropy-length -;session.entropy_length = 16 +; defaults to 32 +;session.entropy_length = 32 ; Set to {nocache,private,public,} to determine HTTP caching aspects ; or leave this empty to avoid sending anti-caching headers. |