WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#35327 closed defect (bug) (fixed)

Using libsodium for random bytes breaks plugin update in WP 4.4

Reported by: krakendancer Owned by: dd32
Milestone: 4.4.2 Priority: normal
Severity: normal Version: 4.4
Component: External Libraries Keywords: fixed-major
Focuses: Cc:
PR Number:

Description

Running WP 4.4 on
CentOS 7.2.1511
nginx 1.9.9
PHP 5.4.16
libsodium 1.0.5
php-pecl-libsodium 1.0.2

After updating to WP 4.4 plug-ins cannot be updated anymore.

Updates fail with

[06-Jan-2016 12:21:21 UTC] PHP Fatal error: Call to undefined function Sodium\randombytes_buf() in /var/www/verifyne.me/wp/wp-includes/random_compat/random_bytes_libsodium.php on line 69

The lines 66 and 69 state

\Sodium\randombytes_buf

whereas the following works for me

\Sodium::randombytes_buf

Attachments (1)

35327.44-branch.diff (1.9 KB) - added by dd32 4 years ago.

Download all attachments as: .zip

Change History (11)

#1 @dd32
4 years ago

Hey @krakendancer Thanks for the report.

I've filed a bug upstream here: https://github.com/paragonie/random_compat/issues/85

According to the documentation, it's being called correctly, but perhaps not..

#2 @sarciszewski
4 years ago

\Sodium::

That syntax was dropped long before 1.0.0 was tagged. Please upgrade your extension to a stable version.

See also https://github.com/jedisct1/libsodium-php/issues/58 for a reason why you want to run, at minimum, version 1.0.1

#3 @sarciszewski
4 years ago

PHP 5.4.16
libsodium 1.0.5
php-pecl-libsodium 1.0.2

What is the ouput of the following script?

var_dump(
    Sodium::library_version_major(),
    Sodium::library_version_minor()
);

#4 @krakendancer
4 years ago

Supposing you mean

var_dump(
    Sodium::sodium_library_version_major(),
    Sodium::sodium_library_version_minor()
);

gives

int(7) int(6)

@dd32
4 years ago

#5 @dd32
4 years ago

  • Milestone changed from Awaiting Review to 4.4.2

We'll update to master in trunk to bring in the fix.
However for the 4.4 branch we'll need to instead use 35327.44-branch.diff as we can't add new files in a point release.

#6 @sarciszewski
4 years ago

We tagged and released 1.1.5 just now, which should work for your setup.

However, please note that libsodium no longer supports Sodium::method() and is now \Sodium\method().

Last edited 4 years ago by sarciszewski (previous) (diff)

#7 @dd32
4 years ago

  • Owner set to dd32
  • Resolution set to fixed
  • Status changed from new to closed

In 36220:

Update to Random_Compat 1.1.5 to fix an issue with older libSodium modules.

Props sarciszewski.
Fixes #35327 for trunk.

#8 @dd32
4 years ago

  • Component changed from General to External Libraries
  • Keywords fixed-major added
  • Resolution fixed deleted
  • Status changed from closed to reopened

#9 @dd32
4 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

In 36257:

Random_Compat: The version included with 4.4 only supports the PHP 5.2+ namespace version of libsodium, don't attempt to use it with PHP 5.2 or old libsodium versions.

Fixes #35327.

#10 @dd32
4 years ago

  • Summary changed from Usign libsodium for random bytes breaks plugin update in WP 4.4 to Using libsodium for random bytes breaks plugin update in WP 4.4
Note: See TracTickets for help on using tickets.