Merge pull request #1 from jvoisin/pr1

pr for fetching upstream

3 files changed, 80 insertions, 15 deletions

diff --git a/doc/source/changelog.rst b/doc/source/changelog.rst
index 6eaccd2..a406953 100644
--- a/doc/source/changelog.rst
+++ b/doc/source/changelog.rst
@@ -1,32 +1,76 @@
 Changelog
 =========
 
-0.8.0 - Woolly Mammoth
-----------------------
+0.8.2 - `Surus <https://github.com/jvoisin/snuffleupagus/releases/tag/v0.8.2>`__ 2022/05/20
+-------------------------------------------------------------------------------------------
 
-- Massive simplification of the configuration parser
-- Better memory management
-- Removal of internal calls to `call_user_func`
-- Check for unsupported PHP version
-- Compatibility with PHP8.1
-- Suhosin features backports:
-  - Maximum stack depth/recursion limit
-  - Maximum length for session id
+Bug fixes
+^^^^^^^^^
+* Fix compilation when ZTS is used
+* Fix a possible infinite loop
+
+
+0.8.1 - `Batyr <https://github.com/jvoisin/snuffleupagus/releases/tag/v0.8.1>`__ 2022/05/16
+-------------------------------------------------------------------------------------------
+
+Bug fixes
+^^^^^^^^^
+* Fix the version number
+* Fix a test on PHP7
+
+Breaking Changes
+^^^^^^^^^^^^^^^^
+* `disable_xxe` is changed to `xxe_protection`
+
+
+0.8.0 - `Woolly Mammoth <https://github.com/jvoisin/snuffleupagus/releases/tag/v0.8.0>`__ 2022/05/15
+-----------------------------------------------------------------------------------------------------
+
+New features
+^^^^^^^^^^^^
+* Compatibility with PHP8.1
+* Check for unsupported PHP version
+* Backport of Suhosin-ng patches:
+  * Maximum stack depth/recursion limit
+  * Maximum length for session id
+  * $_SERVER strip/encode
+  * Configuration dump
+  * Support for conditional rules
+  * INI settings protection
+  * Output SP logs to stderr
+  * Ported Suhosin rules to SP
+
+Improvements
+^^^^^^^^^^^^
+* Massive simplification of the configuration parser
+* Better memory management
+* Removal of internal calls to `call_user_func`
+* Increased portability of the default rules access different version of PHP
+* Start SP as late as possible, to hook as many things as possible
+
+Bug fixes
+^^^^^^^^^
+* XML and Session support are now checked at runtime instead of at compile time
 
 
 0.7.1 - `Proboscidea <https://github.com/jvoisin/snuffleupagus/releases/tag/v0.7.0>`__ 2021/08/02
 -------------------------------------------------------------------------------------------------
 
-* Fixed possible memory-leaks when hooking via regular expressions               
-* Modernise the code by removing usage of `strtok`                               
-* Prevent a possible crash during configuration reloading                        
-* Fix the default rules to catch dangerous `chmod` calls                         
+Improvements
+^^^^^^^^^^^^
 * Improve compatibility with various `libpcre` configurations/versions           
+* Modernise the code by removing usage of `strtok`                               
 * Improve the default rules' compatibility with php8                             
 * Prevent XXE in php8 as well                                                    
 * Improve a bit the verbosity of the logs
 * Add a rules file for php8
 
+Bug fixes
+^^^^^^^^^
+* Prevent a possible crash during configuration reloading                        
+* Fix the default rules to catch dangerous `chmod` calls                         
+* Fixed possible memory-leaks when hooking via regular expressions               
+
 
 0.7.0 - `Los Elefantes <https://github.com/jvoisin/snuffleupagus/releases/tag/v0.7.0>`__ 2021/01/02
 ---------------------------------------------------------------------------------------------------
@@ -46,7 +90,7 @@ Improvements
 
 Bug fixes
 ^^^^^^^^^
-* The strict mode is now disableable
+* The strict mode can now be disabled
 
 
 0.6.0 - `Elephant in the room <https://github.com/jvoisin/snuffleupagus/releases/tag/v0.6.0>`__ 2020/11/06
diff --git a/doc/source/config.rst b/doc/source/config.rst
index 0b7b7fd..d7f7f24 100644
--- a/doc/source/config.rst
+++ b/doc/source/config.rst
@@ -75,6 +75,19 @@ The terminating ``;`` is optional for now, but it should be used for future comp
 Miscellaneous
 -------------
 
+conditions
+^^^^^^^^^^
+
+It's possible to use conditions to have configuration portables accross
+several setups.
+
+::
+  @condition PHP_VERSION_ID < 80000;
+    # some rules
+  @condition PHP_VERSION_ID >= 80000;
+    # some other rules
+  @end_condition;
+
 global
 ^^^^^^
 
@@ -261,6 +274,9 @@ readonly_exec
 the execution of writeable PHP files.
 
 It can either be ``enabled`` or ``disabled`` and can be used in ``simulation`` mode.
+``extended_checks`` can be specified to abort the execution if the executed
+file or the folder containing it is owned by the user the PHP process is
+running under.
 
 ::
 
diff --git a/doc/source/papers.rst b/doc/source/papers.rst
index 3d043f0..d13f33a 100644
--- a/doc/source/papers.rst
+++ b/doc/source/papers.rst
@@ -123,9 +123,14 @@ Notable users
 
 - `AdwCleaner <https://www.malwarebytes.com/adwcleaner/>`__'s backend- a notorious anti-pup
 - `Alertot <https://www.alertot.com/>`__ - a Chilean continuous web security monitoring company
+- `Control Web Panel <https://control-webpanel.com/>`__ - a free modern and intuitive control panel for servers and VPS
+- `Mangadex <https://mangadex.dev/mangadex-v5-infrastructure-overview/>`__ - a major manga website
 - `NBS System <https://www.nbs-system.com/>`__ - a French hosting/security company and author of snuffleupagus
 - `Net4All <https://net4all.ch/>`__ - a Swiss hosting company
 - `Oceanet Technology <https://www.oceanet-technology.com/>`__ - a French hosting company
+- The `Swedish team <https://ccdcoe.org/news/2021/sweden-scored-highest-at-the-cyber-defence-exercise-locked-shields-2021/>`__
+  of the `NATO <https://www.nato.int/>`__'s `CCDCOE <https://ccdcoe.org/>`__ 
+  `Locked Shields <https://ccdcoe.org/exercises/locked-shields/>`__ exercise.
 - `SwissCenter <https://swisscenter.com>`__ - a Swiss datacenter & web hosting company
 - `Toolslib <https://toolslib.net/>`__ - an `Alexa top 10k <https://www.alexa.com/siteinfo/toolslib.net>`__ website
 - `cPanel <https://cpanel.net/>`__ - one of the most popular web hosting control panel