Preferably include from build dir (#13516)

* Include from build dir first

This fixes out of tree builds by ensuring that configure artifacts are included
from the build dir.

Preferably include from build dir (#13516)

* Include from build dir first

This fixes out of tree builds by ensuring that configure artifacts are included
from the build dir.

Before, out of tree builds would preferably include files from the src dir, as
the include path was defined as follows (ignoring includes from ext/ and sapi/) :

-I$(top_builddir)/main
-I$(top_srcdir)
-I$(top_builddir)/TSRM
-I$(top_builddir)/Zend
-I$(top_srcdir)/main
-I$(top_srcdir)/Zend
-I$(top_srcdir)/TSRM
-I$(top_builddir)/

As a result, an out of tree build would include configure artifacts such as
`main/php_config.h` from the src dir.

After this change, the include path is defined as follows:

-I$(top_builddir)/main
-I$(top_builddir)
-I$(top_srcdir)/main
-I$(top_srcdir)
-I$(top_builddir)/TSRM
-I$(top_builddir)/Zend
-I$(top_srcdir)/Zend
-I$(top_srcdir)/TSRM

* Fix extension include path for out of tree builds

* Include config.h with the brackets form

`#include "config.h"` searches in the directory containing the including-file
before any other include path. This can include the wrong config.h when building
out of tree and a config.h exists in the source tree.

Using `#include <config.h>` uses exclusively the include path, and gives
priority to the build dir.

show more ...

Fix bug #63937: Upload speed 10 times slower with PHP (#13041)

There are two slow parts in the upload logic:
- Reading from the input stream character by character
- Checking each ch

Fix bug #63937: Upload speed 10 times slower with PHP (#13041)

There are two slow parts in the upload logic:
- Reading from the input stream character by character
- Checking each character one by one to normalize line endings

First of all, the line normalization isn't necessary for binary
transfers, so we can use a simple read while loop to read bytes into the
transfer buffer.

Second, for the ASCII transfer where we do have to normalize line
endings, we can be smarter than reading one character at a time. There's
a php_stream_get_line() function that we can repurpose if the flags for
the stream are set up properly.

This patch implements these fixes.

Results: I tested this on an 850 MiB file, transferring this to an FTP
server running locally.

Results before patch:
Binary/ASCII transfer (same code path): 8.21s

Results after patch:
Binary transfer: 0.65s
ASCII transfer: 0.74s

Further improvement is probably possible by having a larger send buffer.

show more ...

ext/openssl: Bump minimum required OpenSSL version to 1.1.1

Bumps the minimum required OpenSSL version from 1.0.2 to 1.1.1.

OpenSSL 1.1.1 is an LTS release, but has reached[^1] EOL

ext/openssl: Bump minimum required OpenSSL version to 1.1.1

Bumps the minimum required OpenSSL version from 1.0.2 to 1.1.1.

OpenSSL 1.1.1 is an LTS release, but has reached[^1] EOL from upstream. However, Linux distro/OS vendors
continue to ship OpenSSL 1.1.1, so 1.1.1 was picked as the minimum. The current minimum 1.0.2 reached
EOL in 2018.

Bumping the minimum required OpenSSL version makes it possible for ext-openssl to remove a bunch of
conditional code, and assume that TLS 1.3 (shipped with OpenSSL 1.1.1) will be supported everywhere.

- Debian buster: 1.1.1[^2]
- Ubuntu 20.04: 1.1.1[^3]
- CentOS/RHEL 7: 1.0.2
- RHEL 8/Rocky 8/EL 8: 1.1.1
- Fedora 38: 3.0.9 (`openssl11` provides OpenSSL 1.1 as well)

RHEL/CentOS 7 reaches EOL mid 2024, so for PHP 8.4 scheduled towards the end of this year, we can safely
bump the minimum OpenSSL version.

[^1]: https://www.openssl.org/blog/blog/2023/03/28/1.1.1-EOL/index.html
[^2]: https://packages.debian.org/buster/libssl-dev
[^3]: https://packages.ubuntu.com/focal/libssl-dev

show more ...

Remove HAVE_INET_PTON (#13410)

Struct-pack stream-related data in ftpbuf (#12877)

Fix compilation of ftp without openssl

Closes GH-12866

Remove redundant assignments to ftp->data

ftp_getdata() already does this.

Closes GH-12849.

Cleanup internal data_close API

This always returns NULL. Also passing in data is not necessary as it is
always equal to ftp->data.

Fix GH-9348: FTP & SSL session reuse

The issue referenced here doesn't contain a reproducer, but I recently
received an email of a user with the exact same problem. I was able to
rec

Fix GH-9348: FTP & SSL session reuse

The issue referenced here doesn't contain a reproducer, but I recently
received an email of a user with the exact same problem. I was able to
recreate the scenario locally using vsftpd and setting
`require_ssl_reuse=YES` in the vsftpd configuration.

It turns out that our session resumption code is broken. It only works a
single time: the first time a data connection opens. Subsequent data
connections fail to reuse the session. This is because on every data
connection a new session is negotiated, but the current code always
tries to reuse the (stale) session of the control connection.

To fix this, we use SSL_CTX_sess_set_new_cb() to setup a callback that
gets called every time a new session is negotiated. We take a strong
reference using SSL_get1_session() and store it in the ftpbuf_t struct.
Every time we open a data connection we'll take that session.
This works because every control connection has at most a single
associated data connection.

Also disable internal session caching storage to not fill the cache up
with useless sessions.

There is no phpt for this because PHP does not support enforcing SSL
session reuse.
It is however testable manually by setting up vsftpd and setting the
`require_ssl_reuse=YES` function from before.

Closes GH-12851.

show more ...

inet_ntop requirement check at configure time instead (#12700)

following-up on GH-12551: removing inet_ntoa usage

Close GH-12554

Fix GH-10562: Memory leak and invalid state with consecutive ftp_nb_fget

When the user does not fully consume the data stream, but instead opens
a new one, a memory leak occurs. Moreover

Fix GH-10562: Memory leak and invalid state with consecutive ftp_nb_fget

When the user does not fully consume the data stream, but instead opens
a new one, a memory leak occurs. Moreover, the state is invalid: when
more commands arrive they'll be handled out-of-sync because the state of
the client does not match what the server is doing.
This leads to all sorts of weirdness, for example:
Warning: ftp_nb_fget(): OK.

Fix it by gracefully closing the old data stream when a new data stream
is started.

Closes GH-11606.

show more ...

More usage of known zend_str instead of C string (#11381)

Fix GH-10521: ftp_get/ftp_nb_get resumepos offset is maximum 10GB

The char arrays were too small for a long on 64-bit systems, which
resulted in cutting off the string at the end with a

Fix GH-10521: ftp_get/ftp_nb_get resumepos offset is maximum 10GB

The char arrays were too small for a long on 64-bit systems, which
resulted in cutting off the string at the end with a NUL byte. Use a
size of MAX_LENGTH_OF_LONG to fix this issue instead of a fixed size
of 11 chars.

Closes GH-10525.

show more ...

Fix datetime format string to follow POSIX spec in ftp_mdtm()

Closes GH-8259

Return value from ZEND_ATOL

Instead of assigning it as part of the macro itself, which makes
usage quite awkward.

Fixed some spaces used instead of tabs

Update http->https in license (#6945)

1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as

Update http->https in license (#6945)

1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier".
3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted.
4. fixed indentation in some files before |

show more ...

Fix #79100: Wrong FTP error messages

First we need to properly clear the `inbuf`, what is an amendment to
commit d2881adcbc[1].

Then we need to report `php_pollfd_for_ms()` fail

Fix #79100: Wrong FTP error messages

First we need to properly clear the `inbuf`, what is an amendment to
commit d2881adcbc[1].

Then we need to report `php_pollfd_for_ms()` failures right away; just
setting `errno` does not really help, since at least in some cases it
would have been overwritten before we actually could check it. We use
`php_socket_strerror()` to get a proper error message, and define
`ETIMEDOUT` to the proper value on Windows; otherwise we catch the
definition in errno.h, which is not compatible with WinSock. The
proper solution for this issue would likely be to include something
like ext/sockets/windows_common.h.

Finally, we ensure that we only report warnings using `inbuf`, if it is
not empty.

[1] <http://git.php.net/?p=php-src.git;a=commit;h=d2881adcbc9be60de7e7d45a3316b0e11b7eb1e8>.

Closes GH-6718.

show more ...

Fix #80901: Info leak in ftp extension

We ensure that inbuf is NUL terminated on `ftp_readline()` failure.

Closes GH-6894.

Fix #80901: Info leak in ftp extension

We ensure that inbuf is NUL terminated on `ftp_readline()` failure.

Closes GH-6894.

Fix #80880: SSL_read on shutdown, ftp/proc_open

When `SSL_read()` after `SSL_shutdown()` fails with `SSL_ERROR_SYSCALL`,
we should not warn about this, because it is likely caused by the

Fix #80880: SSL_read on shutdown, ftp/proc_open

When `SSL_read()` after `SSL_shutdown()` fails with `SSL_ERROR_SYSCALL`,
we should not warn about this, because it is likely caused by the peer
having closed the connection without having sent a close_notify
shutdown alert.

Signed-off-by: Christoph M. Becker <cmbecker69@gmx.de>

Closes GH-6803.

show more ...

Replace zend_bool uses with bool

We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.

Of course, zend_bool

Replace zend_bool uses with bool

We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.

Of course, zend_bool is retained as an alias.

show more ...

Remove some unnecessary HAVE_EXTNAME guards

A recurring pattern in old extension: Putting the whole source
code behind HAVE_EXTNAME. This is pointless, as the code is only
compiled i

Remove some unnecessary HAVE_EXTNAME guards

A recurring pattern in old extension: Putting the whole source
code behind HAVE_EXTNAME. This is pointless, as the code is only
compiled if the extension is enabled.

This removes a couple of them, but not all.

show more ...

Remove proto comments from C files

Closes GH-5758