opcache fixing w/x pages creation on freebsd 13.1 and above.

By default, the system allows these but admin can disable them system wide.
However the procctl api permits to control it per

opcache fixing w/x pages creation on freebsd 13.1 and above.

By default, the system allows these but admin can disable them system wide.
However the procctl api permits to control it per process.

Closes GH-9896.

show more ...

Fix cross-compilation for shadow_stack_exists

Fix cross-compilation for copy_file_range

Fiber: add shadow stack support

Shadow stack is part of Intel's Control-Flow Enforcement Technology (CET).

Whenever a function is called, the return address is pushed onto both

Fiber: add shadow stack support

Shadow stack is part of Intel's Control-Flow Enforcement Technology (CET).

Whenever a function is called, the return address is pushed onto both
the regular stack and the shadow stack. When that function returns, the
return addresses are popped off both stacks and compared; if they fail
to match, #CP raised.

With this commit, we create shadow stack for each fiber context and
switch the shadow stack accordingly during fcontext switch.

Signed-off-by: Chen, Hu <hu1.chen@intel.com>

Closes GH-9283.

show more ...

Fix bug GH-9779: stream_copy_to_stream fail when dest in append mode

Fix GH-9653: does not inconditionally support copy_file_range on older kernels.

As mentioned in its manpage, it had been reworked in the 5.3 line to support cross filesystem interactions.

Fix GH-9653: does not inconditionally support copy_file_range on older kernels.

As mentioned in its manpage, it had been reworked in the 5.3 line to support cross filesystem interactions.
Closes #GH-9656

show more ...

Fix GH-9566: disable assembly for Fiber on FreeBSD i386.

preparing in case there is more architectures especially the not tested.

Fix GH-9566: disable assembly for Fiber on FreeBSD i386.

preparing in case there is more architectures especially the not tested.

Replace reallocarray with safe_perealloc

Fixes GH-9581

Replace reallocarray with safe_perealloc (#9593)

Use PDEATHSIG to kill cli-server workers if parent exists

Closes GH-9476

[ci skip] Fix typo in configure.ac (build → built)

Closes GH-9495.

Prepare for PHP 8.3

GH-9157: opcache fix build on older macOs releases.
Closes #9158.

opcache JIT support improvements attempts on macOs.

for cases when shared segments switch b/w R/W/X and R/X bits.

Closes #8382.

Add `reallocarray` implementation.

In a similar model as _safe_*alloc api but for the `userland` it guards
against overflow before (re)allocation, usage concealed in fpm for now.
Mod

Add `reallocarray` implementation.

In a similar model as _safe_*alloc api but for the `userland` it guards
against overflow before (re)allocation, usage concealed in fpm for now.
Modern Linux and most of BSD already have it.
Closes #8871.

show more ...

Introduction of timing attack safe bcmp implementation.

Nothing new but to refactor usage b/w hash and password
extensions but using volatile pointers to be a bit safer,
allowing to

Introduction of timing attack safe bcmp implementation.

Nothing new but to refactor usage b/w hash and password
extensions but using volatile pointers to be a bit safer,
allowing to expand its usage eventually.

show more ...

Add `SO_BPF_EXTENSIONS` flag to socket.

Returns the supported bpf extensions from the kernel. Linux only.
Closes GH-8713.

Make vm_interrupt and timed_out atomic (#8327)

This is done by adding a new zend_atomic_bool type. The type
definition is only available for compiler alignment and size info; it
shou

Make vm_interrupt and timed_out atomic (#8327)

This is done by adding a new zend_atomic_bool type. The type
definition is only available for compiler alignment and size info; it
should be treated as opaque and only the zend_atomic_bool_* family of
functions should be used.

Note that directly using atomic_bool is complicated. All C++ compilers
stdlibs that I checked typedef atomic_bool to std::atomic<bool>, which
can't be used in an extern "C" section, and there's at least one usage
of this in core, and probably more outside of it.

So, instead use platform specific functions, preferring compiler
intrinsics.

show more ...

Fix GH-8674: sockets extension won't build for older Linux kernels

In abscence of the needed header, disable the feature altogether.

Closes GH-8677.

Quote when adding to connection string in (PDO_)ODBC

Because the UID= and PWD= values are appended to the SQLDriverConnect
case when credentials are passed, we have to append them to the

Quote when adding to connection string in (PDO_)ODBC

Because the UID= and PWD= values are appended to the SQLDriverConnect
case when credentials are passed, we have to append them to the string
in case users are relying on this behaviour. However, they must be
quoted, or the arguments will be invalid (or possibly more injected).
This means users had to quote arguments or append credentials to the raw
connection string themselves.

It seems that ODBC quoting rules are consistent enough (and that
Microsoft trusts them enough to encode into the .NET BCL) that we can
actually check if the string is already quoted (in case a user is
already quoting because of this not being fixed), and if not, apply the
appropriate ODBC quoting rules.

This is because the code exists in main/, and are shared between
both ODBC extensions, so it doesn't make sense for it to only exist
in one or the other. There may be a better spot for it.

Closes GH-8307.

show more ...

Remove custom alloca() (#8513)

* Use arena in DCE instead of multiple alloca()
This requires passing the optimizer context

* Use our do_alloca() instead of alloca()

*

Remove custom alloca() (#8513)

* Use arena in DCE instead of multiple alloca()
This requires passing the optimizer context

* Use our do_alloca() instead of alloca()

* Use emalloc in DEBUG builds instead of stack allocations for do_alloca()
This helps detecting that we correctly free do_alloca()

show more ...

Update bug tracker links

The new php-src bugtracker is on Github.

Closes GH-8277.

main/streams/streams: use copy_file_range() on Linux (#8413)

copy_file_range() is a Linux-specific system call which allows
efficient copying between two file descriptors, eliminating th

main/streams/streams: use copy_file_range() on Linux (#8413)

copy_file_range() is a Linux-specific system call which allows
efficient copying between two file descriptors, eliminating the need
to transfer data from the kernel to userspace and back. For
networking file systems like NFS and Ceph, it even eliminates copying
data to the client, and local filesystems like Btrfs and XFS can
create shared extents.

show more ...

sapi/*: move duplicate "--define" code to library