The create_obj handler of InternalIterator is overwritten, but not the
clone_obj handler. This is not allowed.
In PHP 8.2 this didn't cause a segfault because the standard object
handler was used for the clone instead of the internal handler.
So then it allocates and frees the object using the standard object handlers.
In 8.3 however, the object is created using the standard object handler and
freed using the custom handler, resulting in the buffer overflow.
Even though bisect points to 1e1ea4f this only reveals the bug.
Closes GH-14882.
This creates a single M4 macro PHP_CHECK_BUILTIN and removes other
PHP_CHECK_BUILTIN_* macros. Checks are wrapped in AC_CACHE_CHECK and
PHP_HAVE_BUILTIN_* CPP macro definitions are defined to 1 if builtin
is found and undefined if not.
This also changes all PHP_HAVE_BUILTIN_ symbols to be either undefined
or defined (to value 1) and syncs all #if/ifdef/defined usages of them
in the php-src code. This way it is simpler to use them because they
don't need to be defined to value 0 on Windows, for example. This is
done as previous usages in php-src were mixed and on many places they
were only checked with ifdef.
OpenSSL versions before 0.9.7 provided its own crypt() function (and
des_* functions) in its Crypto library that interfered with the
implementation relying on crypt() from some other crypt library. This is
at this point obsolete as crypt and other functions that caused clashes
were removed in OpenSSL version 1.1.0.
In OpenSSL 0.9.7 des_old.c and des_old.h files were provided for BC.
In OpenSSL 0.9.8 crypt() function was renamed to _ossl_old_crypt and the
crypt macro definition was commented out in the des_old.h header.
In OpenSSL 1.1.0 the old DES API was removed, meaning OpenSSL's crypto
library no longer provides crypt() function as it used to.
References:
- Some further historic notes on this:
https://www.openldap.org/faq/data/cache/1041.html
- OpenSSL Git commit history and changelogs
* Handle BSD checksum utilities
The BSDs have different checksum utilities than GNU systems do. If we
don't see the GNU checksum utilities installed, use the BSD ones, as
their output is compatible enough.
Addresses part of GH-14688.
* Prefer GNU touch
BSD touch at least in macOS does not handle local timezone in the
timestamp (like 2024-06-27T10:26:23-03:00). As such, try GNU touch (as
ports systems almost always prefix with g if coreutils is installed) and
prefer that if available. It's not the end of the world though if GNU
touch isn't available, as BSD touch on some systems may support it, and
if it doesn't, then it's just timestamps, nothing too serious.
This uses AC_CONFIG_COMMANDS macro to conditionally output the warning
message at the end of configure phase if non-threaded Apache
installation has been found and PHP is built without --enable-zts.
Variables set in the 2nd argument (init-cmds) are for the command
invocation scope as the first argument doesn't have any knowledge of
configure variables as described in the Autoconf docs.
This is moved as it is related only to apache2handler SAPI and also
now warning is displayed a bit nicer at the end of the configure phase
after files are generated. This also enables outputting warning when
using config.status script.
The Apache HTTP server command-line tool (/usr/sbin/apache2) might be
part of a separate package, such as apache2-bin or similar. If not
installed, the configure script can still find the apxs tool, but
previously didn't check for the HTTP server tool separately. Otherwise,
configure syntax errors (integer expression expected) are thrown when
checking for the Apache version.
This removes the unused DEBUG_CFLAGS variable from configure.ac. It has
been once set in the build files similarly to Zend.m4 but was then
removed and simplified.
CS synced and DEBUG_CFLAGS checked and appended with AS_VAR_* macros.
This removes obsolete link to php-fpm.org and redundant manual link in
favor of a dedicated FPM chapters.
Can be tested with:
man sapi/fpm/php-fpm.8.in
AS_VAR_SET_IF doesn't behave the same as "test -n" and/or "test -z",
which becomes an issue for Apache's ZTS automatic enabling and CFLAGS
edge case where it would be explicitly set to empty value. It is safer
to use AS_VAR_IF instead of AS_VAR_SET_IF in these cases.
- AS_VAR_IF, AS_VAR_APPEND used and CS synced
- Added one missing AC_MSG_RESULT to properly put the configure output
log on each line
- AH_TEMPLATE used for HAVE_USERFAULTFD_WRITEFAULT to have help text on
lesser places
- Redundant terminating semicolons removed
- Redundant PTHREADS_CHECK call removed as it is already done in
configure.ac and before including SAPI M4 stubs
- Redundant CFLAGS and LIBS storing and restoring removed
When dealing with a file, we must free the contents if the function
fails. While here, also fix the error message because previously it
sounded like the filename was too long while in fact the file itself
is too large.
Closes GH-14862.
Apache 2.2 has been marked as EOL in December 2017 and doesn't receive
security patches any longer. Also, most *nix distributions and packages
mostly support 2.4 as minimum by now.
On Windows, this removes the configure option --enable-apache2-2handler
and merges the --enable-apache2handler and --enable-apache2-4handler
into a single option with favoring the --enable-apache2handler.
- The upstream MODULE_MAGIC_NUMBER is deprecated in favor of
MODULE_MAGIC_NUMBER_MAJOR in apache2/ap_mmn.h
- The initial upstream MODULE_MAGIC_NUMBER_MAJOR was 20111025 in Apache
2.4.0
- The upstream APLOG_USE_MODULE is always available since Apache 2.3.6
- The upstream CORE_PRIVATE is unnecessary and ignored since Apache
2.4.0
See:
https://forum.apachehaus.com/news-general-discussion/apache-2-2-users-your-time-is-running-out/
Discussion: https://news-web.php.net/php.internals/124067
The PTHREADS_CHECK is using cache variables so it is run only once early
during the configuration phase, before including SAPI and other M4
files. This removes the TSRM_CHECK_PTHREADS macro and moves the POSIX
Threads check after the PHP_THREAD_SAFETY variable is set in
configure.ac.
The check and error throw in PHP_BUILD_THREAD_SAFE is also joing into
this single check.
This removes the redundant tsrm.m4 file and PHP_CONFIGURE_PART call for
TSRM as it doesn't run any configuration checks anymore.
- AH_TEMPLATE sets the CPP macro help text on a single place
- AC_DEFINE can be used instead of AC_DEFINE_UNQUOTED
- AS_VAR_IF used and CS synced
- crypt() function is at this point required as all required algorithm
checks are depending on it and error is thrown if not found when using
external crypt library
HAVE_ERASE_EMPTY_LINE always gets the last AC_DEFINE help text, so it is
simpler to have the same help message for both definitions (readline and
editline). First text never got into header via autoheader anyway.
This wasn't activated due to inconsistent availability over the
editline/readline versions and variants. This now checks whether the
rl_erase_empty_line variable is available in library headers and enables
it based on that. On Windows this is for now still disabled due to
wineditline library, which doesn't have this yet.
Documentation already mentions the erase_empty_line setting:
https://www.php.net/manual/en/function.readline-info.php
