WordPress.org

Make WordPress Core

Opened 3 months ago

Closed 6 weeks ago

Last modified 6 weeks ago

#48371 closed enhancement (fixed)

Update sodium_compat to v1.12.1

Reported by: paragoninitiativeenterprises Owned by: SergeyBiryukov
Milestone: 5.3.1 Priority: normal
Severity: normal Version: 5.3
Component: External Libraries Keywords: has-patch commit
Focuses: Cc:
PR Number:

Description

https://github.com/paragonie/sodium_compat/releases/tag/v1.12.0

paragonie/sodium_compat 1.12.0 includes a speedup for signature verification on most platforms (and bugfixes for PHP 5.2 and 32-bit platforms), so it might be worth including in the next minor release of WordPress.

I can supply a patch against trunk if that will be helpful.

Attachments (2)

47381-update-sodium-compat.patch (140.3 KB) - added by paragoninitiativeenterprises 3 months ago.
sodium_compat v1.12.0
47381-update-sodium-compat-1-12-1.patch (140.3 KB) - added by paragoninitiativeenterprises 3 months ago.
Update to version 1.12.1

Download all attachments as: .zip

Change History (13)

#1 @SergeyBiryukov
3 months ago

  • Keywords needs-patch added
  • Milestone changed from Awaiting Review to 5.3.1

#2 @pierlo
3 months ago

Hi @paragoninitiativeenterprises, a patch would be great to get this ticket moving.

#3 @paragoninitiativeenterprises
3 months ago

  • Keywords has-patch added; needs-patch removed

Patch supplied

#4 @lukaswaudentio
3 months ago

It appears there is an incompatibility between the version currently deployed by WordPress 5.2.4 and the latest version of the library, causing WordPress to crash if another source attempts to load the latest version. An update of the library would be strongly appreciated.

Not sure if I'm encouraged to change properties here, but I would love to classify this as bug with a severity of at least major.

#5 @paragoninitiativeenterprises
3 months ago

  • Summary changed from Update sodium_compat to v1.12.0 to Update sodium_compat to v1.12.1

This should be ready to be tested/reviewed for the next WordPress release.

#6 @pierlo
3 months ago

Hey @dd32 or @tellyworth could I get a quick review on this? Tagging you all since you are more familiar with the library.

This ticket was mentioned in Slack in #core by audrasjb. View the logs.


2 months ago

#8 @SergeyBiryukov
2 months ago

  • Keywords commit added

This ticket was mentioned in Slack in #core by audrasjb. View the logs.


7 weeks ago

#10 @SergeyBiryukov
6 weeks ago

  • Owner set to SergeyBiryukov
  • Resolution set to fixed
  • Status changed from new to closed

In 46858:

Upgrade/Install: Update sodium_compat to v1.12.1.

This includes a speedup for signature verification on most platforms and bugfixes for 32-bit platforms.

Props paragoninitiativeenterprises, lukaswaudentio.
Fixes #48371.

#11 @SergeyBiryukov
6 weeks ago

In 46859:

Upgrade/Install: Update sodium_compat to v1.12.1.

This includes a speedup for signature verification on most platforms and bugfixes for 32-bit platforms.

Props paragoninitiativeenterprises, lukaswaudentio.
Merges [46858] to the 5.3 branch.
Fixes #48371.

Note: See TracTickets for help on using tickets.