From 5efe5f9274615cacd05206184fc9a1ab50c1d558 Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Tue, 3 May 2022 22:09:57 +0200
Subject: Add another user to the list!
---
doc/source/papers.rst | 1 +
1 file changed, 1 insertion(+)
(limited to 'doc/source')
diff --git a/doc/source/papers.rst b/doc/source/papers.rst
index 3d043f0..eb63021 100644
--- a/doc/source/papers.rst
+++ b/doc/source/papers.rst
@@ -124,6 +124,7 @@ Notable users
- `AdwCleaner `__'s backend- a notorious anti-pup
- `Alertot `__ - a Chilean continuous web security monitoring company
- `NBS System `__ - a French hosting/security company and author of snuffleupagus
+- `Mangadex `__ - a major manga website
- `Net4All `__ - a Swiss hosting company
- `Oceanet Technology `__ - a French hosting company
- `SwissCenter `__ - a Swiss datacenter & web hosting company
--
cgit v1.3
From c0e72a25f32e4916ac5eda8cb47888fd0a200b23 Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Sun, 15 May 2022 18:07:23 +0200
Subject: Bump the changelog
---
debian/changelog | 22 ++++++++++++++++++++
doc/source/changelog.rst | 52 ++++++++++++++++++++++++++++++++++--------------
src/php_snuffleupagus.h | 2 +-
3 files changed, 60 insertions(+), 16 deletions(-)
(limited to 'doc/source')
diff --git a/debian/changelog b/debian/changelog
index 51ca43d..831a0f2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,25 @@
+snuffleupagus (0.8.0) UNRELEASED; urgency=low
+ [ jvoisin ]
+ * Compatibility with PHP8.1
+ * Check for unsupported PHP version
+ * Backport of Suhosin-ng patches:
+ * Maximum stack depth/recursion limit
+ * Maximum length for session id
+ * $_SERVER strip/encode
+ * Configuration dump
+ * Support for conditional rules
+ * INI settings protection
+ * Output SP logs to stderr
+ * Ported Suhosin rules to SP
+ * Massive simplification of the configuration parser
+ * Better memory management
+ * Removal of internal calls to `call_user_func`
+ * Increased portability of the default rules access different version of PHP
+ * Start SP as late as possible, to hook as many things as possible
+ * XML and Session support are now checked at runtime instead of at compile time
+
+ -- jvoisin Sun, 15 Apr 2022 18:00:00 +0200
+
snuffleupagus (0.7.1) UNRELEASED; urgency=low
[ jvoisin ]
* Fixed possible memory-leaks when hooking via regular expressions
diff --git a/doc/source/changelog.rst b/doc/source/changelog.rst
index 6eaccd2..a69ec20 100644
--- a/doc/source/changelog.rst
+++ b/doc/source/changelog.rst
@@ -1,32 +1,54 @@
Changelog
=========
-0.8.0 - Woolly Mammoth
-----------------------
+0.8.0 - `Woolly Mammoth` `__ 2022/05/15
+-----------------------------------------------------------------------------------------------------
-- Massive simplification of the configuration parser
-- Better memory management
-- Removal of internal calls to `call_user_func`
-- Check for unsupported PHP version
-- Compatibility with PHP8.1
-- Suhosin features backports:
- - Maximum stack depth/recursion limit
- - Maximum length for session id
+New features
+^^^^^^^^^^^^
+* Compatibility with PHP8.1
+* Check for unsupported PHP version
+* Backport of Suhosin-ng patches:
+ * Maximum stack depth/recursion limit
+ * Maximum length for session id
+ * $_SERVER strip/encode
+ * Configuration dump
+ * Support for conditional rules
+ * INI settings protection
+ * Output SP logs to stderr
+ * Ported Suhosin rules to SP
+
+Improvements
+^^^^^^^^^^^^
+* Massive simplification of the configuration parser
+* Better memory management
+* Removal of internal calls to `call_user_func`
+* Increased portability of the default rules access different version of PHP
+* Start SP as late as possible, to hook as many things as possible
+
+Bug fixes
+^^^^^^^^^
+* XML and Session support are now checked at runtime instead of at compile time
0.7.1 - `Proboscidea `__ 2021/08/02
-------------------------------------------------------------------------------------------------
-* Fixed possible memory-leaks when hooking via regular expressions
-* Modernise the code by removing usage of `strtok`
-* Prevent a possible crash during configuration reloading
-* Fix the default rules to catch dangerous `chmod` calls
+Improvements
+^^^^^^^^^^^^
* Improve compatibility with various `libpcre` configurations/versions
+* Modernise the code by removing usage of `strtok`
* Improve the default rules' compatibility with php8
* Prevent XXE in php8 as well
* Improve a bit the verbosity of the logs
* Add a rules file for php8
+Bug fixes
+^^^^^^^^^
+* Prevent a possible crash during configuration reloading
+* Fix the default rules to catch dangerous `chmod` calls
+* Fixed possible memory-leaks when hooking via regular expressions
+
0.7.0 - `Los Elefantes `__ 2021/01/02
---------------------------------------------------------------------------------------------------
@@ -46,7 +68,7 @@ Improvements
Bug fixes
^^^^^^^^^
-* The strict mode is now disableable
+* The strict mode can now be disabled
0.6.0 - `Elephant in the room `__ 2020/11/06
diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h
index 8dc7ccb..e40b31b 100644
--- a/src/php_snuffleupagus.h
+++ b/src/php_snuffleupagus.h
@@ -1,7 +1,7 @@
#ifndef PHP_SNUFFLEUPAGUS_H
#define PHP_SNUFFLEUPAGUS_H
-#define PHP_SNUFFLEUPAGUS_VERSION "0.8.0"
+#define PHP_SNUFFLEUPAGUS_VERSION "0.9.0"
#define PHP_SNUFFLEUPAGUS_EXTNAME "snuffleupagus"
#define PHP_SNUFFLEUPAGUS_AUTHOR "NBS System & Julien (jvoisin) Voisin & SektionEins GmbH"
#define PHP_SNUFFLEUPAGUS_URL "https://github.com/jvoisin/snuffleupagus"
--
cgit v1.3
From 3d206b9ae51680ae6c0f0eee3e11e667d343d3e4 Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Mon, 16 May 2022 19:49:18 +0200
Subject: Bump the changelog
---
debian/changelog | 7 +++++++
doc/source/changelog.rst | 11 ++++++++++-
src/php_snuffleupagus.h | 2 +-
3 files changed, 18 insertions(+), 2 deletions(-)
(limited to 'doc/source')
diff --git a/debian/changelog b/debian/changelog
index 831a0f2..3282469 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+snuffleupagus (0.8.1) UNRELEASED; urgency=low
+ [ jvoisin ]
+ * Fix the version number
+ * Fix a test on PHP7
+
+ -- jvoisin Sun, 16 Apr 2022 19:45:00 +0200
+
snuffleupagus (0.8.0) UNRELEASED; urgency=low
[ jvoisin ]
* Compatibility with PHP8.1
diff --git a/doc/source/changelog.rst b/doc/source/changelog.rst
index a69ec20..794afb8 100644
--- a/doc/source/changelog.rst
+++ b/doc/source/changelog.rst
@@ -1,7 +1,16 @@
Changelog
=========
-0.8.0 - `Woolly Mammoth` `__ 2022/05/15
+0.8.1 - `Batyr `__ 2022/05/16
+-------------------------------------------------------------------------------------------
+
+Bug fixes
+^^^^^^^^^
+* Fix the version number
+* Fix a test on PHP7
+
+
+0.8.0 - `Woolly Mammoth `__ 2022/05/15
-----------------------------------------------------------------------------------------------------
New features
diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h
index e40b31b..8faaf3a 100644
--- a/src/php_snuffleupagus.h
+++ b/src/php_snuffleupagus.h
@@ -1,7 +1,7 @@
#ifndef PHP_SNUFFLEUPAGUS_H
#define PHP_SNUFFLEUPAGUS_H
-#define PHP_SNUFFLEUPAGUS_VERSION "0.9.0"
+#define PHP_SNUFFLEUPAGUS_VERSION "0.8.1"
#define PHP_SNUFFLEUPAGUS_EXTNAME "snuffleupagus"
#define PHP_SNUFFLEUPAGUS_AUTHOR "NBS System & Julien (jvoisin) Voisin & SektionEins GmbH"
#define PHP_SNUFFLEUPAGUS_URL "https://github.com/jvoisin/snuffleupagus"
--
cgit v1.3
From 79dc4956919f342a1bca3faa6c1b75293abe6663 Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Tue, 17 May 2022 20:41:04 +0200
Subject: Document a breaking change
---
doc/source/changelog.rst | 4 ++++
1 file changed, 4 insertions(+)
(limited to 'doc/source')
diff --git a/doc/source/changelog.rst b/doc/source/changelog.rst
index 794afb8..4bb0583 100644
--- a/doc/source/changelog.rst
+++ b/doc/source/changelog.rst
@@ -9,6 +9,10 @@ Bug fixes
* Fix the version number
* Fix a test on PHP7
+Breaking Changes
+^^^^^^^^^^^^^^^^
+* `disable_xxe` is changed to `xxe_protection`
+
0.8.0 - `Woolly Mammoth `__ 2022/05/15
-----------------------------------------------------------------------------------------------------
--
cgit v1.3
From a1a7d2030f40ce1f880e9944417c6ccbb48a3c13 Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Fri, 20 May 2022 22:00:35 +0200
Subject: Bump the changelog
---
debian/changelog | 7 +++++++
doc/source/changelog.rst | 9 +++++++++
src/php_snuffleupagus.h | 2 +-
3 files changed, 17 insertions(+), 1 deletion(-)
(limited to 'doc/source')
diff --git a/debian/changelog b/debian/changelog
index 3282469..034a34d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+snuffleupagus (0.8.2) UNRELEASED; urgency=low
+ [ jvoisin ]
+ * Fix compilation when ZTS is used
+ * Fix a possible infinite loop
+
+ -- jvoisin Sun, 20 Apr 2022 22:00:00 +0200
+
snuffleupagus (0.8.1) UNRELEASED; urgency=low
[ jvoisin ]
* Fix the version number
diff --git a/doc/source/changelog.rst b/doc/source/changelog.rst
index 4bb0583..a406953 100644
--- a/doc/source/changelog.rst
+++ b/doc/source/changelog.rst
@@ -1,6 +1,15 @@
Changelog
=========
+0.8.2 - `Surus `__ 2022/05/20
+-------------------------------------------------------------------------------------------
+
+Bug fixes
+^^^^^^^^^
+* Fix compilation when ZTS is used
+* Fix a possible infinite loop
+
+
0.8.1 - `Batyr `__ 2022/05/16
-------------------------------------------------------------------------------------------
diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h
index 8faaf3a..97fa0e4 100644
--- a/src/php_snuffleupagus.h
+++ b/src/php_snuffleupagus.h
@@ -1,7 +1,7 @@
#ifndef PHP_SNUFFLEUPAGUS_H
#define PHP_SNUFFLEUPAGUS_H
-#define PHP_SNUFFLEUPAGUS_VERSION "0.8.1"
+#define PHP_SNUFFLEUPAGUS_VERSION "0.8.2"
#define PHP_SNUFFLEUPAGUS_EXTNAME "snuffleupagus"
#define PHP_SNUFFLEUPAGUS_AUTHOR "NBS System & Julien (jvoisin) Voisin & SektionEins GmbH"
#define PHP_SNUFFLEUPAGUS_URL "https://github.com/jvoisin/snuffleupagus"
--
cgit v1.3
From d310283dd5b2dbd74d5077c436911fce4e2d2b7e Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Mon, 27 Jun 2022 23:03:56 +0200
Subject: Add another user to the propaganda page
---
doc/source/papers.rst | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
(limited to 'doc/source')
diff --git a/doc/source/papers.rst b/doc/source/papers.rst
index eb63021..cf75311 100644
--- a/doc/source/papers.rst
+++ b/doc/source/papers.rst
@@ -123,8 +123,9 @@ Notable users
- `AdwCleaner `__'s backend- a notorious anti-pup
- `Alertot `__ - a Chilean continuous web security monitoring company
-- `NBS System `__ - a French hosting/security company and author of snuffleupagus
+- `Control Web Panel `__ - a free modern and intuitive control panel for servers and VPS
- `Mangadex `__ - a major manga website
+- `NBS System `__ - a French hosting/security company and author of snuffleupagus
- `Net4All `__ - a Swiss hosting company
- `Oceanet Technology `__ - a French hosting company
- `SwissCenter `__ - a Swiss datacenter & web hosting company
--
cgit v1.3
From eaba9e0e7421fec0bc7a0cd8745dc3fb4e2e72f1 Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Tue, 12 Jul 2022 23:10:06 +0200
Subject: Document extended_checks for readonly_exec
---
doc/source/config.rst | 3 +++
1 file changed, 3 insertions(+)
(limited to 'doc/source')
diff --git a/doc/source/config.rst b/doc/source/config.rst
index 0b7b7fd..bbf3b91 100644
--- a/doc/source/config.rst
+++ b/doc/source/config.rst
@@ -261,6 +261,9 @@ readonly_exec
the execution of writeable PHP files.
It can either be ``enabled`` or ``disabled`` and can be used in ``simulation`` mode.
+``extended_checks`` can be specified to abort the execution if the executed
+file or the folder containing it is owned by the user the PHP process is
+running under.
::
--
cgit v1.3
From 06c72f58eb168de74150f6f5aa10f7f427f56c53 Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Tue, 19 Jul 2022 21:22:45 +0200
Subject: Add a notable user
---
doc/source/papers.rst | 3 +++
1 file changed, 3 insertions(+)
(limited to 'doc/source')
diff --git a/doc/source/papers.rst b/doc/source/papers.rst
index cf75311..d13f33a 100644
--- a/doc/source/papers.rst
+++ b/doc/source/papers.rst
@@ -128,6 +128,9 @@ Notable users
- `NBS System `__ - a French hosting/security company and author of snuffleupagus
- `Net4All `__ - a Swiss hosting company
- `Oceanet Technology `__ - a French hosting company
+- The `Swedish team `__
+ of the `NATO `__'s `CCDCOE `__
+ `Locked Shields `__ exercise.
- `SwissCenter `__ - a Swiss datacenter & web hosting company
- `Toolslib `__ - an `Alexa top 10k `__ website
- `cPanel `__ - one of the most popular web hosting control panel
--
cgit v1.3
From cbf0a9be15e4345bbe0da0c6be305434928ea759 Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Tue, 19 Jul 2022 21:26:26 +0200
Subject: Document conditions
---
doc/source/config.rst | 13 +++++++++++++
1 file changed, 13 insertions(+)
(limited to 'doc/source')
diff --git a/doc/source/config.rst b/doc/source/config.rst
index bbf3b91..d7f7f24 100644
--- a/doc/source/config.rst
+++ b/doc/source/config.rst
@@ -75,6 +75,19 @@ The terminating ``;`` is optional for now, but it should be used for future comp
Miscellaneous
-------------
+conditions
+^^^^^^^^^^
+
+It's possible to use conditions to have configuration portables accross
+several setups.
+
+::
+ @condition PHP_VERSION_ID < 80000;
+ # some rules
+ @condition PHP_VERSION_ID >= 80000;
+ # some other rules
+ @end_condition;
+
global
^^^^^^
--
cgit v1.3