#
cc39bc21 |
| 29-Oct-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-16590: UAF in session_encode() The `PS_ENCODE_LOOP` does not protect the session hash table that it iterates over. Change it by temporarily creating a copy. Closes GH-166
Fix GH-16590: UAF in session_encode() The `PS_ENCODE_LOOP` does not protect the session hash table that it iterates over. Change it by temporarily creating a copy. Closes GH-16640.
show more ...
|
#
064ea9c5 |
| 22-Sep-2024 |
Gina Peter Banyard |
Inlines the behaviour of php_mkdir_ex() into plain wrapper mkdir handler (#15520) This effectively inlines the behaviour of php_mkdir_ex() which is a deprecated API from at least 17 years ag
Inlines the behaviour of php_mkdir_ex() into plain wrapper mkdir handler (#15520) This effectively inlines the behaviour of php_mkdir_ex() which is a deprecated API from at least 17 years ago, and also fixes some of the return values. This also removes a dependency on ext/standard
show more ...
|
#
8109d210 |
| 13-Aug-2024 |
Gina Peter Bnayard |
ext/standard/url.c: Stop exposing php_replace_controlchars_ex() This is not used from a quick search on SourceGraph and this allows us to refactor it
|
#
85e66887 |
| 13-Aug-2024 |
Gina Peter Bnayard |
ext/standard/string.c: Remove to(upper|lower) PHP API in favour of Zend APIs
|
#
ded8fb79 |
| 02-Aug-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix UAF issues with PCRE after request shutdown There are two related issues, each tested. First problem: What happens is that on the CLI SAPI we have a per-request pcre cache,
Fix UAF issues with PCRE after request shutdown There are two related issues, each tested. First problem: What happens is that on the CLI SAPI we have a per-request pcre cache, and on there the request shutdown for the pcre module happens prior to the remaining live object destruction. So when the SPL object wants to clean up the regular expression object it gets a use-after-free. Second problem: Very similarly, the non-persistent resources are destroyed after request shutdown, so on the CLI SAPI the pcre request cache is already gone, but if a userspace stream references a regex in the pcre cache, this breaks. Two things that come immediately to mind: - We could fix it by no longer treating the CLI SAPI special and just use the same lifecycle as the module. This simplifies the pcre module code a bit too. I wonder why we even have the separation in the first place. The downside here is that we're using more the system allocator than Zend's allocator for cache entries. - We could modify the shutdown code to not remove regular expressions with a refcount>0 and modify php_pcre_pce_decref code such that it becomes php_pcre_pce_decref's job to clean up when the refcount becomes 0 during shutdown. However, this gets nasty quickly. I chose the first solution here as it should be reliable and simple. Closes GH-15064.
show more ...
|
#
16e218a5 |
| 08-Sep-2024 |
Peter Kokot |
Autotools: Obsolete PHP_TEST_BUILD, PHP_BUILD_THREAD_SAFE, and PHP_DEF_HAVE (#15802) The PHP_BUILD_THREAD_SAFE macro is a simple wrapper around setting the enable_zts variable and can't
Autotools: Obsolete PHP_TEST_BUILD, PHP_BUILD_THREAD_SAFE, and PHP_DEF_HAVE (#15802) The PHP_BUILD_THREAD_SAFE macro is a simple wrapper around setting the enable_zts variable and can't be used in PHP extensions realistically. The PHP_TEST_BUILD macro might produce warnings on certain compiler configurations and default AC_* macros like AC_LINK_IFELSE, AC_CHECK_LIB, or AC_CHECK_FUNC are better suited for such checks. Also, a quick browse through the open-source PHP extensions doesn't find usages of this macro except in imap extension where patch is was already sent: https://github.com/php/pecl-mail-imap/pull/11 PHP_DEF_HAVE is a wrapper around AC_DEFINE and using AC_DEFINE_UNQUOTED and AS_TR_CPP are better suited for this task where also help text can be passed. Usages in the open source PHP extensions have been checked and patches sent where found.
show more ...
|
#
b97a60c9 |
| 08-Sep-2024 |
Peter Kokot |
Autotools: Check Apache version with apxs and HTTPD_VERSION variable (#15476) The apxs -q HTTPD_VERSION variable is available since Apache 2.4.17. This change obsoletes the PHP_AP_EXTRAC
Autotools: Check Apache version with apxs and HTTPD_VERSION variable (#15476) The apxs -q HTTPD_VERSION variable is available since Apache 2.4.17. This change obsoletes the PHP_AP_EXTRACT_VERSION macro and checks the version in the config.m4 file directly. Version is checked against the dotted format instead of the version number.
show more ...
|
#
6d6bf053 |
| 08-Sep-2024 |
Peter Kokot |
Autotools: Enable adding a list of paths in PHP_ADD_INCLUDE (#15777) This enables adding multiple include paths. For example: PHP_ADD_INCLUDE([ $abs_srcdir $
Autotools: Enable adding a list of paths in PHP_ADD_INCLUDE (#15777) This enables adding multiple include paths. For example: PHP_ADD_INCLUDE([ $abs_srcdir $abs_builddir $abs_srcdir/main $abs_builddir/main ], [1]) The 2nd argument "prepend" is now validated at Autoconf compile time instead of the configure time.
show more ...
|
#
94ecc1fe |
| 07-Sep-2024 |
Peter Kokot |
Autotools: Sync CS for PHP_PWRITE_TEST and PHP_PREAD_TEST (#15774) - AS_* macros used - Arguments quoted - Cache variable ac_cv_pread renamed to php_cv_func_pread - Cache variabl
Autotools: Sync CS for PHP_PWRITE_TEST and PHP_PREAD_TEST (#15774) - AS_* macros used - Arguments quoted - Cache variable ac_cv_pread renamed to php_cv_func_pread - Cache variables ac_cv_pwrite renamed to php_cv_func_pwrite
show more ...
|
#
56400f70 |
| 07-Sep-2024 |
Peter Kokot |
Autotools: s/M4 macros/Autoconf macros (#15778) M4 macros would mean macros for M4 language like m4_normalize() and similar. Macros defined with AC_DEFUN are better called simply Auotoco
Autotools: s/M4 macros/Autoconf macros (#15778) M4 macros would mean macros for M4 language like m4_normalize() and similar. Macros defined with AC_DEFUN are better called simply Auotoconf macros. [skip ci]
show more ...
|
#
6435bb5a |
| 04-Sep-2024 |
Levi Morrison |
Interrupt while internal frame is on the stack (#14627) * Check VM interrupt while internal frame is on top * Use tab instead of spaces * fix frame used in interrupt and re
Interrupt while internal frame is on the stack (#14627) * Check VM interrupt while internal frame is on top * Use tab instead of spaces * fix frame used in interrupt and refactor * remove unused failures for zend_jit_check_timeout * Fix JIT support Co-authored-by: Bob Weinand <bobwei9@hotmail.com> * Fix the missing store to vm_interrupt * Rename new functions * Special case zend_interrupt_function in JIT code * refactor to use ZEND_VM_SET_OPCODE_NO_INTERRUPT * Split atomic exchange into load + store It is difficult to determine performance of atomics sometimes. In this case, the separate load+store is still correct, and a load does not cause a modification, and might be faster for some platforms than an exchange. A load+store is slower than an exchange, but we're fine trading the penalty to the slow path and keeping the happy path faster. --------- Co-authored-by: Bob Weinand <bobwei9@hotmail.com>
show more ...
|
#
b81f9722 |
| 02-Sep-2024 |
Remi Collet |
[ci skip] NEWS and UPGRADING for PASSWORD_ARGON2 on openssl
|
#
1a126c54 |
| 31-Aug-2024 |
Peter Kokot |
Autotools: Normalize flags arguments (#15671) This is a follow up of 7edb9a07d750a92ceea9371588f10ff2f05df40f that provides passing compilation options to PHP_NEW_EXTENSION, PHP_ADD_
Autotools: Normalize flags arguments (#15671) This is a follow up of 7edb9a07d750a92ceea9371588f10ff2f05df40f that provides passing compilation options to PHP_NEW_EXTENSION, PHP_ADD_SOURCES, PHP_ADD_SOURCES_X, and PHP_SELECT_SAPI as a blank-or-newline-separated argument.
show more ...
|
#
58aa6fc8 |
| 19-May-2023 |
Arnaud Le Blanc |
Lazy objects RFC: https://wiki.php.net/rfc/lazy-objects Closes GH-15019
|
#
7edb9a07 |
| 29-Aug-2024 |
Peter Kokot |
Autotools: Normalize 2nd arg in PHP_ADD_SOURCES_X (#15088) By using `m4_normalize(m4_expand([...]))`, the arguments can be split into newlines without using backslashes and it makes work
Autotools: Normalize 2nd arg in PHP_ADD_SOURCES_X (#15088) By using `m4_normalize(m4_expand([...]))`, the arguments can be split into newlines without using backslashes and it makes working with lists of files a bit easier. Tested: - variables inside the argument - M4 macro expansions - dnl comments - any sequence of newlines, backslash-then-newline, multiple spaces, tabs... - quoted/unquoted arguments This now works for PHP_NEW_EXTENSION, PHP_ADD_SOURCES, PHP_ADD_SOURCES_X, and PHP_SELECT_SAPI. The m4_normalize() usage is left in the php-src config.m4 files following the 0a0d2d063176d2fd8948be91c74c854ce630b91c for PECL extensions until phpize will be available on all supported versions (minimum PHP 8.4).
show more ...
|
#
fbacc0f9 |
| 28-Aug-2024 |
Peter Kokot |
Autotools: Normalize PHP_ADD_BUILD_DIR 1st argument (#15612) The m4_normalize(m4_expand([$1])) expands the given argument if it contains M4 macros, and then trims the items together into
Autotools: Normalize PHP_ADD_BUILD_DIR 1st argument (#15612) The m4_normalize(m4_expand([$1])) expands the given argument if it contains M4 macros, and then trims the items together into a space separated string in an intuitive way.
show more ...
|
#
0a0d2d06 |
| 28-Aug-2024 |
Peter Kokot |
Autotools: Normalize PHP_INSTALL_HEADERS arguments (#15620) The m4_normalize(m4_expand([...])) simplifies working with a list of header files. The m4_normalize() is at this point still u
Autotools: Normalize PHP_INSTALL_HEADERS arguments (#15620) The m4_normalize(m4_expand([...])) simplifies working with a list of header files. The m4_normalize() is at this point still used in the php-src config.m4 files because of copy/paste probability to community extensions where the arguments still need to be done in the old style to support phpize in PHP-8.3 and earlier. For example: PHP_INSTALL_HEADERS([ext/dom], m4_normalize([ dom_ce.h namespace_compat.h xml_common.h xpath_callbacks.h ])) When PHP 8.4 will be the minimum supported PHP version, the headers can be installed without using m4_normalize() in PECL extensions. For example: PHP_INSTALL_HEADERS([ext/dom], [ dom_ce.h namespace_compat.h xml_common.h xpath_callbacks.h ])
show more ...
|
#
dc8f18af |
| 23-Aug-2024 |
Peter Kokot |
Fix GH-15534: Bump minimum libxml2 version to 2.9.4 (#15536) The xmlDictPtr was moved before the includes in libxml2 2.9.4 so the <libxml/dict.h> can be included directly but for earlier
Fix GH-15534: Bump minimum libxml2 version to 2.9.4 (#15536) The xmlDictPtr was moved before the includes in libxml2 2.9.4 so the <libxml/dict.h> can be included directly but for earlier versions the <libxml/tree.h> needs to be included before. Since PHP requires libxml2 2.9.0 or later and this also fixes builds on Solaris 10. As earlier 2.9.0-2.9.3 libxml2 versions also include several security issues, this change bumps the required minimum libxml2 version to 2.9.4 On Windows, a check for minimum libxml2 version is also added. Co-authored-by: Christoph M. Becker <cmbecker69@gmx.de>
show more ...
|
#
1b3c2040 |
| 22-Aug-2024 |
Peter Kokot |
Autotools: Add min-version argument to PHP_PROG_PHP macro (#15477) This makes a bit simpler to use this macro by optionally passing the required minimum PHP version. If version is not pa
Autotools: Add min-version argument to PHP_PROG_PHP macro (#15477) This makes a bit simpler to use this macro by optionally passing the required minimum PHP version. If version is not passed it falls back to 7.4 as before. Minimum version also added to configure.ac.
show more ...
|
#
660a860f |
| 20-Aug-2024 |
Peter Kokot |
Fix GH-15501: Windows HAVE_<header>_H macros defined to 1 or undefined (#15508) Previously the CHECK_HEADER_ADD_INCLUDE function defined the `HAVE_<header>_H` preprocessor macros to valu
Fix GH-15501: Windows HAVE_<header>_H macros defined to 1 or undefined (#15508) Previously the CHECK_HEADER_ADD_INCLUDE function defined the `HAVE_<header>_H` preprocessor macros to value 0 or 1 whether the `<header.h>` file was found. This syncs it with Autotools build system where most of these macros are either undefined or defined to 1. In possible edge cases where such macros might be intentionally used like this without being aware that HAVE_HEADER_H can be 0 or 1 on Windows: | #ifdef HAVE_HEADER_H | ... | #endif there is backwards incompatibility for PECL extensions in case the header wouldn't exist on Windows such code wouldn't execute. However, this is considered a bug if such case is present. From the Autotools point of view, the check is correct though and should be used with ifdef/defined() checks. Help text is also synced to Autotools style: `Define to 1 if you have the <header.h> header file.`
show more ...
|
#
ac3cdf54 |
| 18-Aug-2024 |
Gina Peter Bnayard |
[skip ci] Add UPGRADING.INTERNALS entry for EXIT opcode
|
#
3e05c86c |
| 17-Aug-2024 |
Gina Peter Bnayard |
ext/standard: Remove deprecated php_uint32 and php_int32 typedefs Use the standard uint32_t and int32_t types instead.
|
#
739805d0 |
| 12-Aug-2024 |
Gina Peter Bnayard |
ext/standard/info.c: Removed php_info_html_esc()
|
#
c02c1d44 |
| 08-Aug-2024 |
Arnaud Le Blanc |
Change YIELD/YIELD_FROM to do not increment opline (#15328) YIELD and YIELD_FROM increment opline before returning, but in most places we need the opline to point to the YIELD and YIELD_
Change YIELD/YIELD_FROM to do not increment opline (#15328) YIELD and YIELD_FROM increment opline before returning, but in most places we need the opline to point to the YIELD and YIELD_FROM. Here I change YIELD / YIELD_FROM to not increment opline. This simplifies the code and fixes GH-15275 in a better way. Closes GH-15328
show more ...
|
#
3a30c29d |
| 09-Aug-2024 |
Peter Kokot |
Autotools: Add pkg-config support for NET-SNMP library (#15261) NET-SNMP has pkg-config support since 5.8.1 This optionally finds the NET-SNMP library using pkg-config or falls
Autotools: Add pkg-config support for NET-SNMP library (#15261) NET-SNMP has pkg-config support since 5.8.1 This optionally finds the NET-SNMP library using pkg-config or falls back to find library on the system with net-snmp-config. The configure option argument (--with-snmp=DIR) works like before (path to the net-snmp-config). When explicitly using the DIR argument, the pkg-config check is silently skipped. When not using DIR argument, the SNMP_CFLAGS and SNMP_LIBS can be also used to find the NET-SNMP library: ./configure --with-snmp \ SNMP_CFLAGS=-I/path/to/net-snmp/include \ SNMP_LIBS="-L/path/to/net-snmp -lnetsnmp" Co-authored-by: Calvin Buckley <calvin@cmpct.info>
show more ...
|