archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-20 09:24:05 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
99637 commits 526 branches 1434 tags 881 MiB
Commit graph

690 commits

Author SHA1 Message Date
Joe Watkins
caa9ed28cc Merge branch 'pull-request/2097' 2016-10-17 16:05:32 +01:00
Julien Pauli
983f1e3618 Merge branch 'PHP-7.1' 
* PHP-7.1:
  Formatting. Fix possible memory corruption in FPM SHM management
  fix every work call mmap
 2016-09-23 13:54:46 +02:00
Julien Pauli
974ba6be7a Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Formatting. Fix possible memory corruption in FPM SHM management
  fix every work call mmap

Conflicts:
	sapi/fpm/fpm/fpm_scoreboard.c
 2016-09-23 13:54:22 +02:00
Julien Pauli
fbf87a8082 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Formatting. Fix possible memory corruption in FPM SHM management
  fix every work call mmap
 2016-09-23 13:53:22 +02:00
Julien Pauli
a22175b06f Formatting. Fix possible memory corruption in FPM SHM management 2016-09-23 13:52:58 +02:00
tom916
807004a446 fix every work call mmap 
fix fpm_scoreboard_free
 2016-09-23 13:52:58 +02:00
Sara Golemon
fd8e203fa2 Add .gitignore for fpm generated files 2016-08-21 12:53:01 -07:00
Stanislav Malyshev
d6a43a8562 Fix bug #72836 - integer overflow in base64_decode caused heap corruption 2016-08-16 22:55:41 -07:00
Matthias Endler
ad8b99c888 Fix some typos in PHP FPM configuration 
[skip ci]
 2016-08-15 22:50:14 +02:00
Remi Collet
d5ad4b8b14 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  FPM: add test for CVE-2016-5385
 2016-07-22 09:37:00 +02:00
Remi Collet
9622f973a5 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  FPM: add test for CVE-2016-5385
 2016-07-22 09:36:36 +02:00
Remi Collet
fb4a6dc0f1 FPM: add test for CVE-2016-5385 2016-07-22 09:35:09 +02:00
Julien Pauli
556cbfb6c3 Merge branch 'PHP-7.0' 
* PHP-7.0:
  Updated NEWS
  Updated NEWS
  Fix #72575: using --allow-to-run-as-root should ignore missing user directive
 2016-07-12 10:38:51 +02:00
Julien Pauli
3c356aa7cb Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Updated NEWS
  Fix #72575: using --allow-to-run-as-root should ignore missing user directive
 2016-07-12 10:38:22 +02:00
gooh
fb49f137ec Fix #72575: using --allow-to-run-as-root should ignore missing user 
directive

Trying to start PHP-FPM with the --allow-to-run-as-root flag will not
work when the user directive is not given in the FPM worker pool
configuration. Parsing the config will fail. Consequently, FPM cannot
start.

The check is in place to prevent FPM from getting started with root
privileges by accident. Prior to #61295 the check would also prevent
any non-root user to start PHP-FPM without a user directive present.

This patch adds an additional check to the config parser, checking for
the --allow-to-run-as-root flag to be present. If so, parsing will no
longer abort for root users even if the user directive is missing.

I will also update the PHP docs since they still state the user
directive is a mandatory setting which it is not since #61295.
 2016-07-12 10:36:17 +02:00
Julien Pauli
51e7415575 Merge branch 'PHP-7.0' 
* PHP-7.0:
  Remove needless zeroing of anonymously mmap'd memory
  Remove needless zeroing of anonymously mmap'd memory
 2016-07-11 14:59:24 +02:00
Julien Pauli
fc2c301fe2 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Remove needless zeroing of anonymously mmap'd memory
  Remove needless zeroing of anonymously mmap'd memory
 2016-07-11 14:58:55 +02:00
Julien Pauli
2552cf248d Remove needless zeroing of anonymously mmap'd memory 2016-07-11 14:58:12 +02:00
Michael McConville
9dd5d96332 Remove needless zeroing of anonymously mmap'd memory 
All existing systems zero anonymously mmapped memory, and if I
understand correctly POSIX will be specifying this soon. Many projects
already rely on it, so no reasonable system would return memory of
unspecified value.
 2016-07-11 14:56:17 +02:00
Martin Vobruba
2809a676b5 Pass error severity to SAPI modules and raise corresponding error level in Apache 2016-07-11 09:34:48 +02:00
Remi Collet
d53fa7f451 Improve php-fpm systemd unit file 
- use PrivateTmp, now available everwhere, for better security
- add comment about how to customize the unit file
 2016-06-29 06:48:06 +02:00
Dmitry Stogov
0cfb47651c Fixed compilation warnings 2016-06-28 11:37:51 +03:00
Dmitry Stogov
1433162083 Fixed compilation warnings 2016-06-21 20:12:29 +03:00
Dmitry Stogov
22ecd4428a Fixed compilation warnings 2016-06-21 17:56:07 +03:00
Dmitry Stogov
1616038698 Added ZEND_ATTRIBUTE_FORMAT to some middind functions. 
"%p" replaced by ZEND_LONG_FMT to avoid compilation warnings.
Fixed most incorrect use cases of format specifiers.
 2016-06-21 16:00:37 +03:00
Dmitry Stogov
c8706331b5 Cleanup zend_signal API 2016-06-20 14:58:42 +03:00
Xinchen Hui
0ed4034881 Merge branch 'PHP-7.0' 
* PHP-7.0:
  Fixed bug #72308 (fastcgi_finish_request and logging environment variables)
 2016-06-02 14:17:00 +08:00
Xinchen Hui
31ce3a661a Fixed bug #72308 (fastcgi_finish_request and logging environment variables) 2016-06-02 14:16:32 +08:00
Ferenc Kovacs
1380a6c2ff Merge branch 'PHP-7.0' 
* PHP-7.0:
  mark frequent intermittent fpm test with XFAIL
 2016-04-18 09:05:16 +02:00
Ferenc Kovacs
8f35ee49ee Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  mark frequent intermittent fpm test with XFAIL
 2016-04-18 09:04:55 +02:00
Ferenc Kovacs
3a16f511d9 mark frequent intermittent fpm test with XFAIL 2016-04-18 09:04:27 +02:00
Mickaël
0c2e184eac fpm: call zend_signal_init() in child 
This addresses bug #71269.

When an fpm child handles more than one request, zend_signal_startup() will
override the saved signal handlers with the internal zend handlers set from the
previous request, causing a SIGQUIT signal to result in a core dump rather than
gracefully exiting (the expected behaviour).

This is fixed by adding a call to zend_signal_init() after setting the
signal handlers in the child. The same technique is used in the apache SAPI
module in commit fd5a756ad4 which addresses
bug #61083.
 2016-02-15 13:23:37 +08:00
Xinchen Hui
2b6f06b70c Merge branch 'patch-1' of https://github.com/mickael9/php-src 
* 'patch-1' of https://github.com/mickael9/php-src:
  fpm: call zend_signal_init() in child
 2016-02-15 13:23:01 +08:00
Lior Kaplan
85ce6a7d38 Merge branch 'PHP-7.0' 
* PHP-7.0:
  Align spacing in make install messages
 2016-02-08 20:33:17 +02:00
Lior Kaplan
fb7d673ef2 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Align spacing in make install messages
  Add entry for re-fix of #70976 in commit 14e4d393
 2016-02-08 20:29:24 +02:00
Lior Kaplan
6772fbff62 Align spacing in make install messages 2016-02-08 20:27:19 +02:00
Remi Collet
e846801c79 Merge branch 'PHP-7.0' 
* PHP-7.0:
  NEWS
  NEWS
  Fixed Bug #62172 FPM not working with Apache httpd 2.4 balancer/fcgi setup
 2016-01-29 10:24:58 +01:00
Remi Collet
c0802af52c Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  NEWS
  Fixed Bug #62172 FPM not working with Apache httpd 2.4 balancer/fcgi setup
 2016-01-29 10:24:15 +01:00
Remi Collet
07d2dcdf09 Fixed Bug #62172 FPM not working with Apache httpd 2.4 balancer/fcgi setup 
Only needed with Apache version < 2.4.12 (ex RHEL-7)
 2016-01-29 10:20:42 +01:00
Mickaël
b0780d3f41 fpm: call zend_signal_init() in child 
This addresses bug #71269.

When an fpm child handles more than one request, zend_signal_startup() will
override the saved signal handlers with the internal zend handlers set from the
previous request, causing a SIGQUIT signal to result in a core dump rather than
gracefully exiting (the expected behaviour).

This is fixed by adding a call to zend_signal_init() after setting the
signal handlers in the child. The same technique is used in the apache SAPI
module in commit fd5a756ad4 which addresses
bug #61083.
 2016-01-09 04:54:02 +01:00
Anatol Belski
ea130bfd59 Merge branch 'PHP-7.0' 
* PHP-7.0:
  Update NEWS
  add NEWS entries for 7.0.2
  re-apply the patch from 1785d2b805
  Improve fix for bug #70976
  Fix bug #70976: fix boundary check on gdImageRotateInterpolated
  Fixed bug #70755: fpm_log.c memory leak and buffer overflow
  fix merge mistake
  Fixed #70728
  Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet Deserialization)
  Improve fix for bug #70976
  Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet Deserialization)
  Fixed bug #70741: Session WDDX Packet Deserialization Type Confusion Vulnerability
  Fixed #70728
  Fixed bug #70755: fpm_log.c memory leak and buffer overflow
  Fix bug #70976: fix boundary check on gdImageRotateInterpolated
  typofix
 2016-01-06 06:10:39 +01:00
Anatol Belski
c0928be7f8 Merge remote-tracking branch 'phpsec/PHP-7.0' into PHP-7.0 
* phpsec/PHP-7.0:
  add NEWS entries for 7.0.2
  re-apply the patch from 1785d2b805
  Improve fix for bug #70976
  Fix bug #70976: fix boundary check on gdImageRotateInterpolated
  Fixed bug #70755: fpm_log.c memory leak and buffer overflow
  fix merge mistake
  Fixed #70728
  Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet Deserialization)
 2016-01-06 06:09:12 +01:00
Stanislav Malyshev
13750cb0a1 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Update NEWS
  Improve fix for bug #70976
  Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet Deserialization)
  Fixed bug #70741: Session WDDX Packet Deserialization Type Confusion Vulnerability
  Fixed #70728
  Fixed bug #70755: fpm_log.c memory leak and buffer overflow
  Fix bug #70976: fix boundary check on gdImageRotateInterpolated
  typofix
 2016-01-05 19:38:29 -08:00
Julien Pauli
928d2cb3a4 Merge branch 'PHP-7.0' 
* PHP-7.0:
  Happy new year (Update copyright to 2016)
 2016-01-04 18:14:08 +01:00
Julien Pauli
736b91c650 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Happy new year (Update copyright to 2016)

Conflicts:
	ext/json/php_json_encoder.h
	sapi/continuity/capi.c
 2016-01-04 18:13:38 +01:00
Stanislav Malyshev
2eaa755660 Fixed bug #70755: fpm_log.c memory leak and buffer overflow 2016-01-04 17:36:42 +01:00
Lior Kaplan
53fb2f1e5c Happy new year (Update copyright to 2016) 2016-01-03 01:44:37 +02:00
Lior Kaplan
3d5438bf7b Merge branch 'PHP-7.0' 
* PHP-7.0:
  Update header to PHP Version 7
  Happy new year (Update copyright to 2016)
  Happy new year (Update copyright to 2016)
 2016-01-01 20:04:31 +02:00
Lior Kaplan
ed35de784f Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Happy new year (Update copyright to 2016)
 2016-01-01 19:48:25 +02:00
Lior Kaplan
49493a2dcf Happy new year (Update copyright to 2016) 2016-01-01 19:21:47 +02:00