[mediawiki119] Added backport for bug 40995
Patrick Uiterwijk
puiterwijk at fedoraproject.org
Fri Dec 7 12:49:46 UTC 2012
commit 2d2aafb8f274b99755edecfb0b0fc27f7c431784
Author: Patrick Uiterwijk <puiterwijk at gmail.com>
Date: Fri Dec 7 13:49:35 2012 +0100
Added backport for bug 40995
mediawiki-1.19.2-backport-bug40995.patch | 75 ++++++++++++++++++++++++++++++
1 files changed, 75 insertions(+), 0 deletions(-)
---
diff --git a/mediawiki-1.19.2-backport-bug40995.patch b/mediawiki-1.19.2-backport-bug40995.patch
new file mode 100644
index 0000000..587226a
--- /dev/null
+++ b/mediawiki-1.19.2-backport-bug40995.patch
@@ -0,0 +1,75 @@
+diff -rupN includes/GlobalFunctions.php mediawiki-1.19.2/includes/GlobalFunctions.php
+--- includes/GlobalFunctions.php 2012-08-31 00:25:34.000000000 +0200
++++ includes/GlobalFunctions.php 2012-12-07 13:43:09.119920361 +0100
+@@ -3292,6 +3292,19 @@ function wfHttpOnlySafe() {
+ return true;
+ }
+
++//BACKPORT OF FIX FOR SECURITY ISSUE 40995 (RHBZ 882325)
++/**
++ * Check if there is sufficent entropy in php's built-in session generation
++ * @return bool true = there is sufficient entropy
++ */
++function wfCheckEntropy() {
++ return (
++ ( wfIsWindows() && version_compare( PHP_VERSION, '5.3.3', '>=' ) )
++ || ini_get( 'session.entropy_file' )
++ )
++ && intval( ini_get( 'session.entropy_length' ) ) >= 32;
++}
++
+ /**
+ * Override session_id before session startup if php's built-in
+ * session generation code is not secure.
+@@ -3306,11 +3319,8 @@ function wfFixSessionID() {
+ // - entropy_file is set or you're on Windows with php 5.3.3+
+ // - AND entropy_length is > 0
+ // We treat it as disabled if it doesn't have an entropy length of at least 32
+- $entropyEnabled = (
+- ( wfIsWindows() && version_compare( PHP_VERSION, '5.3.3', '>=' ) )
+- || ini_get( 'session.entropy_file' )
+- )
+- && intval( ini_get( 'session.entropy_length' ) ) >= 32;
++ //BACKPORT OF FIX FOR SECURITY ISSUE 40995 (RHBZ 882325)
++ $entropyEnabled = wfCheckEntropy();
+
+ // If built-in entropy is not enabled or not sufficient override php's built in session id generation code
+ if ( !$entropyEnabled ) {
+diff -rupN mediawiki-1.19.2/includes/specials/SpecialUserlogin.php mediawiki-1.19.2/includes/specials/SpecialUserlogin.php
+--- includes/specials/SpecialUserlogin.php 2012-08-31 00:25:34.000000000 +0200
++++ includes/specials/SpecialUserlogin.php 2012-12-07 13:46:40.432316382 +0100
+@@ -745,6 +745,8 @@ class LoginForm extends SpecialPage {
+ $userLang = Language::factory( $code );
+ $wgLang = $userLang;
+ $this->getContext()->setLanguage( $userLang );
++ //BACKPORT OF FIX FOR SECURITY ISSUE 40995 (RHBZ 882325)
++ $this->renewSessionId();
+ return $this->successfulLogin();
+ } else {
+ return $this->cookieRedirectCheck( 'login' );
+@@ -1179,7 +1181,24 @@ class LoginForm extends SpecialPage {
+ $wgRequest->setSessionData( 'wsCreateaccountToken', null );
+ }
+
+- /**
++ /**
++ * Renew the user's session id, using strong entropy
++ */
++ private function renewSessionId() {
++ if ( wfCheckEntropy() ) {
++ session_regenerate_id( false );
++ } else {
++ //If we don't trust PHP's entropy, we have to replace the session manually
++ $tmp = $_SESSION;
++ session_unset();
++ session_write_close();
++ session_id( MWCryptRand::generateHex( 32 ) );
++ session_start();
++ $_SESSION = $tmp;
++ }
++ }
++
++ /**
+ * @private
+ */
+ function cookieRedirectCheck( $type ) {
More information about the scm-commits
mailing list