From b070f1080bdb59cbecaebe617f890c2859cb4448 Mon Sep 17 00:00:00 2001 From: Yasuo Ohgaki Date: Fri, 17 Jan 2014 12:34:23 +0900 Subject: [PATCH 1/6] Update NEWS --- NEWS | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 7dec1e52f15..2f098bf9c65 100644 --- a/NEWS +++ b/NEWS @@ -15,8 +15,8 @@ PHP NEWS ^M as lineend). (Laruence) - Session - . Fixed session module is sending multiple set-cookie headers when - session.use_strict_mode=1 (Yasuo) + . Fixed bug #66469 (Session module is sending multiple set-cookie headers when + session.use_strict_mode=1) (Yasuo) . Fixed bug #66481 (Segfaults on session_name()). (cmcdermottroe at engineyard dot com, Yasuo) From f6d137a71600bc2e12367cb5320ff6dd509566ec Mon Sep 17 00:00:00 2001 From: Gernot Vormayr Date: Tue, 2 Jul 2013 13:06:02 +0200 Subject: [PATCH 2/6] Add apparmor change hat functionality to fpm --- sapi/fpm/config.m4 | 17 +++++++++++++++++ sapi/fpm/fpm/fpm_conf.c | 6 ++++++ sapi/fpm/fpm/fpm_conf.h | 3 +++ sapi/fpm/fpm/fpm_unix.c | 30 ++++++++++++++++++++++++++++++ 4 files changed, 56 insertions(+) diff --git a/sapi/fpm/config.m4 b/sapi/fpm/config.m4 index bd6d64930b1..ba2b8e2d82b 100644 --- a/sapi/fpm/config.m4 +++ b/sapi/fpm/config.m4 @@ -536,6 +536,22 @@ AC_DEFUN([AC_FPM_SELECT], ]) dnl }}} +AC_DEFUN([AC_FPM_APPARMOR], +[ + AC_MSG_CHECKING([for apparmor]) + + SAVED_LIBS="$LIBS" + LIBS="$LIBS -lapparmor" + + AC_TRY_LINK([ #include ], [change_hat("test", 0);], [ + AC_DEFINE([HAVE_APPARMOR], 1, [do we have apparmor support?]) + AC_MSG_RESULT([yes]) + ], [ + LIBS="$SAVED_LIBS" + AC_MSG_RESULT([no]) + ]) +]) + AC_MSG_CHECKING(for FPM build) if test "$PHP_FPM" != "no"; then @@ -555,6 +571,7 @@ if test "$PHP_FPM" != "no"; then AC_FPM_EPOLL AC_FPM_POLL AC_FPM_SELECT + AC_FPM_APPARMOR PHP_ARG_WITH(fpm-user,, [ --with-fpm-user[=USER] Set the user for php-fpm to run as. (default: nobody)], nobody, no) diff --git a/sapi/fpm/fpm/fpm_conf.c b/sapi/fpm/fpm/fpm_conf.c index cd5fc34d0f2..9b699af99d8 100644 --- a/sapi/fpm/fpm/fpm_conf.c +++ b/sapi/fpm/fpm/fpm_conf.c @@ -149,6 +149,9 @@ static struct ini_value_parser_s ini_fpm_pool_options[] = { { "chdir", &fpm_conf_set_string, WPO(chdir) }, { "catch_workers_output", &fpm_conf_set_boolean, WPO(catch_workers_output) }, { "security.limit_extensions", &fpm_conf_set_string, WPO(security_limit_extensions) }, +#ifdef HAVE_APPARMOR + { "apparmor_hat", &fpm_conf_set_string, WPO(apparmor_hat) }, +#endif { 0, 0, 0 } }; @@ -644,6 +647,9 @@ int fpm_worker_pool_config_free(struct fpm_worker_pool_config_s *wpc) /* {{{ */ free(wpc->chroot); free(wpc->chdir); free(wpc->security_limit_extensions); +#ifdef HAVE_APPARMOR + free(wpc->apparmor_hat); +#endif for (kv = wpc->php_values; kv; kv = kv_next) { kv_next = kv->next; diff --git a/sapi/fpm/fpm/fpm_conf.h b/sapi/fpm/fpm/fpm_conf.h index efd65dc6d9d..8cd8690f187 100644 --- a/sapi/fpm/fpm/fpm_conf.h +++ b/sapi/fpm/fpm/fpm_conf.h @@ -87,6 +87,9 @@ struct fpm_worker_pool_config_s { struct key_value_s *env; struct key_value_s *php_admin_values; struct key_value_s *php_values; +#ifdef HAVE_APPARMOR + char *apparmor_hat; +#endif }; struct ini_value_parser_s { diff --git a/sapi/fpm/fpm/fpm_unix.c b/sapi/fpm/fpm/fpm_unix.c index 48249e8a494..1159a132472 100644 --- a/sapi/fpm/fpm/fpm_unix.c +++ b/sapi/fpm/fpm/fpm_unix.c @@ -17,6 +17,10 @@ #include #endif +#ifdef HAVE_APPARMOR +#include +#endif + #include "fpm.h" #include "fpm_conf.h" #include "fpm_cleanup.h" @@ -222,6 +226,32 @@ int fpm_unix_init_child(struct fpm_worker_pool_s *wp) /* {{{ */ if (0 > fpm_clock_init()) { return -1; } + +#ifdef HAVE_APPARMOR + if (wp->config->apparmor_hat) { + char *con, *new_con; + if (aa_getcon(&con, NULL) == -1) { + zlog(ZLOG_SYSERROR, "[pool %s] failed to query apparmor confinement. Please check if \"/proc/*/attr/current\" is read and writeable.", wp->config->name); + return -1; + } + new_con = malloc(strlen(con) + strlen(wp->config->apparmor_hat) + 3); // // + 0 Byte + if (!new_con) { + zlog(ZLOG_SYSERROR, "[pool %s] failed to allocate memory for apparmor hat change.", wp->config->name); + return -1; + } + if (0 > sprintf(new_con, "%s//%s", con, wp->config->apparmor_hat)) { + zlog(ZLOG_SYSERROR, "[pool %s] failed to construct apparmor confinement.", wp->config->name); + return -1; + } + if (0 > aa_change_profile(new_con)) { + zlog(ZLOG_SYSERROR, "[pool %s] failed to change to new confinement (%s). Please check if \"/proc/*/attr/current\" is read and writeable and \"change_profile -> %s//*\" is allowed.", wp->config->name, new_con, con); + return -1; + } + free(con); + free(new_con); + } +#endif + return 0; } /* }}} */ From e3d3283405dd2168615e24196f5e844c121fdc55 Mon Sep 17 00:00:00 2001 From: Gernot Vormayr Date: Tue, 7 Jan 2014 00:19:01 +0100 Subject: [PATCH 3/6] Add --force-stderr to fpm --- sapi/fpm/fpm/fpm.c | 4 +++- sapi/fpm/fpm/fpm.h | 3 ++- sapi/fpm/fpm/fpm_main.c | 12 ++++++++++-- sapi/fpm/fpm/fpm_stdio.c | 2 +- 4 files changed, 16 insertions(+), 5 deletions(-) diff --git a/sapi/fpm/fpm/fpm.c b/sapi/fpm/fpm/fpm.c index b866f37f2d1..abfc7868015 100644 --- a/sapi/fpm/fpm/fpm.c +++ b/sapi/fpm/fpm/fpm.c @@ -39,10 +39,11 @@ struct fpm_globals_s fpm_globals = { .test_successful = 0, .heartbeat = 0, .run_as_root = 0, + .force_stderr = 0, .send_config_pipe = {0, 0}, }; -int fpm_init(int argc, char **argv, char *config, char *prefix, char *pid, int test_conf, int run_as_root, int force_daemon) /* {{{ */ +int fpm_init(int argc, char **argv, char *config, char *prefix, char *pid, int test_conf, int run_as_root, int force_daemon, int force_stderr) /* {{{ */ { fpm_globals.argc = argc; fpm_globals.argv = argv; @@ -52,6 +53,7 @@ int fpm_init(int argc, char **argv, char *config, char *prefix, char *pid, int t fpm_globals.prefix = prefix; fpm_globals.pid = pid; fpm_globals.run_as_root = run_as_root; + fpm_globals.force_stderr = force_stderr; if (0 > fpm_php_init_main() || 0 > fpm_stdio_init_main() || diff --git a/sapi/fpm/fpm/fpm.h b/sapi/fpm/fpm/fpm.h index 65d0e0d6912..68642a955d1 100644 --- a/sapi/fpm/fpm/fpm.h +++ b/sapi/fpm/fpm/fpm.h @@ -37,7 +37,7 @@ int fpm_run(int *max_requests); -int fpm_init(int argc, char **argv, char *config, char *prefix, char *pid, int test_conf, int run_as_root, int force_daemon); +int fpm_init(int argc, char **argv, char *config, char *prefix, char *pid, int test_conf, int run_as_root, int force_daemon, int force_stderr); struct fpm_globals_s { pid_t parent_pid; @@ -55,6 +55,7 @@ struct fpm_globals_s { int test_successful; int heartbeat; int run_as_root; + int force_stderr; int send_config_pipe[2]; }; diff --git a/sapi/fpm/fpm/fpm_main.c b/sapi/fpm/fpm/fpm_main.c index db9aeab9144..fccb80c571f 100644 --- a/sapi/fpm/fpm/fpm_main.c +++ b/sapi/fpm/fpm/fpm_main.c @@ -157,6 +157,7 @@ static const opt_struct OPTIONS[] = { {'R', 0, "allow-to-run-as-root"}, {'D', 0, "daemonize"}, {'F', 0, "nodaemonize"}, + {'O', 0, "force-stderr"}, {'-', 0, NULL} /* end of args */ }; @@ -921,7 +922,7 @@ static void php_cgi_usage(char *argv0) prog = "php"; } - php_printf( "Usage: %s [-n] [-e] [-h] [-i] [-m] [-v] [-t] [-p ] [-g ] [-c ] [-d foo[=bar]] [-y ] [-D] [-F]\n" + php_printf( "Usage: %s [-n] [-e] [-h] [-i] [-m] [-v] [-t] [-p ] [-g ] [-c ] [-d foo[=bar]] [-y ] [-D] [-F [-O]]\n" " -c | Look for php.ini file in this directory\n" " -n No php.ini file will be used\n" " -d foo[=bar] Define INI entry foo with value 'bar'\n" @@ -940,6 +941,8 @@ static void php_cgi_usage(char *argv0) " -D, --daemonize force to run in background, and ignore daemonize option from config file\n" " -F, --nodaemonize\n" " force to stay in foreground, and ignore daemonize option from config file\n" + " -O, --force-stderr\n" + " force output to stderr in nodaemonize even if stderr is not a TTY\n" " -R, --allow-to-run-as-root\n" " Allow pool to run as root (disabled by default)\n", prog, PHP_PREFIX); @@ -1572,6 +1575,7 @@ int main(int argc, char *argv[]) char *fpm_pid = NULL; int test_conf = 0; int force_daemon = -1; + int force_stderr = 0; int php_information = 0; int php_allow_to_run_as_root = 0; @@ -1700,6 +1704,10 @@ int main(int argc, char *argv[]) force_daemon = 0; break; + case 'O': /* force stderr even on non tty */ + force_stderr = 1; + break; + default: case 'h': case '?': @@ -1827,7 +1835,7 @@ consult the installation file that came with this distribution, or visit \n\ } } - if (0 > fpm_init(argc, argv, fpm_config ? fpm_config : CGIG(fpm_config), fpm_prefix, fpm_pid, test_conf, php_allow_to_run_as_root, force_daemon)) { + if (0 > fpm_init(argc, argv, fpm_config ? fpm_config : CGIG(fpm_config), fpm_prefix, fpm_pid, test_conf, php_allow_to_run_as_root, force_daemon, force_stderr)) { if (fpm_globals.send_config_pipe[1]) { int writeval = 0; diff --git a/sapi/fpm/fpm/fpm_stdio.c b/sapi/fpm/fpm/fpm_stdio.c index d81e10150db..33b0e01c87c 100644 --- a/sapi/fpm/fpm/fpm_stdio.c +++ b/sapi/fpm/fpm/fpm_stdio.c @@ -292,7 +292,7 @@ int fpm_stdio_open_error_log(int reopen) /* {{{ */ } else { fpm_globals.error_log_fd = fd; #if HAVE_UNISTD_H - if (fpm_global_config.daemonize || !isatty(STDERR_FILENO)) { + if (fpm_global_config.daemonize || (!isatty(STDERR_FILENO) && !fpm_globals.force_stderr)) { #else if (fpm_global_config.daemonize) { #endif From dff0d51243d372b1efd30c7121f30fd2ef636b99 Mon Sep 17 00:00:00 2001 From: Gernot Vormayr Date: Tue, 7 Jan 2014 00:21:24 +0100 Subject: [PATCH 4/6] Add some basic and apparmor tests to fpm --- run-tests.php | 2 +- sapi/fpm/tests/001.phpt | 21 +++++++++ sapi/fpm/tests/002.phpt | 53 ++++++++++++++++++++++ sapi/fpm/tests/apparmor.phpt | 54 ++++++++++++++++++++++ sapi/fpm/tests/include.inc | 79 +++++++++++++++++++++++++++++++++ sapi/fpm/tests/skipapparmor.inc | 30 +++++++++++++ sapi/fpm/tests/skipif.inc | 13 ++++++ 7 files changed, 251 insertions(+), 1 deletion(-) create mode 100644 sapi/fpm/tests/001.phpt create mode 100644 sapi/fpm/tests/002.phpt create mode 100644 sapi/fpm/tests/apparmor.phpt create mode 100644 sapi/fpm/tests/include.inc create mode 100644 sapi/fpm/tests/skipapparmor.inc create mode 100644 sapi/fpm/tests/skipif.inc diff --git a/run-tests.php b/run-tests.php index 45ea29de519..cd6038e9b14 100755 --- a/run-tests.php +++ b/run-tests.php @@ -850,7 +850,7 @@ $exts_skipped = 0; $ignored_by_ext = 0; sort($exts_to_test); $test_dirs = array(); -$optionals = array('tests', 'ext', 'Zend', 'ZendEngine2', 'sapi/cli', 'sapi/cgi'); +$optionals = array('tests', 'ext', 'Zend', 'ZendEngine2', 'sapi/cli', 'sapi/cgi', 'sapi/fpm'); foreach($optionals as $dir) { if (@filetype($dir) == 'dir') { diff --git a/sapi/fpm/tests/001.phpt b/sapi/fpm/tests/001.phpt new file mode 100644 index 00000000000..b721bfa9254 --- /dev/null +++ b/sapi/fpm/tests/001.phpt @@ -0,0 +1,21 @@ +--TEST-- +FPM: version string +--SKIPIF-- + +--FILE-- + +--EXPECTF-- +string(%d) "PHP %s (fpm%s (built: %s +Copyright (c) 1997-20%s The PHP Group +Zend Engine v%s, Copyright (c) 1998-20%s Zend Technologies +" +Done diff --git a/sapi/fpm/tests/002.phpt b/sapi/fpm/tests/002.phpt new file mode 100644 index 00000000000..2ef6cedc385 --- /dev/null +++ b/sapi/fpm/tests/002.phpt @@ -0,0 +1,53 @@ +--TEST-- +FPM: Startup and connect +--SKIPIF-- + +--FILE-- + +--EXPECTF-- +string(%d) "[%d-%s-%d %d:%d:%d] NOTICE: fpm is running, pid %d +" +string(%d) "[%d-%s-%d %d:%d:%d] NOTICE: ready to handle connections +" +Done +--CLEAN-- + diff --git a/sapi/fpm/tests/apparmor.phpt b/sapi/fpm/tests/apparmor.phpt new file mode 100644 index 00000000000..cf9bd711181 --- /dev/null +++ b/sapi/fpm/tests/apparmor.phpt @@ -0,0 +1,54 @@ +--TEST-- +FPM: Apparmor Test +--DESCRIPTION-- +This test tries to launches a pool which tries to change to non existing +apparmor hat a. Test succeeds if apparmor is not running or hat is non +existant. +--SKIPIF-- + +--FILE-- + +--EXPECTF-- +string(%d) "%s +" +--CLEAN-- + diff --git a/sapi/fpm/tests/include.inc b/sapi/fpm/tests/include.inc new file mode 100644 index 00000000000..983cbd34541 --- /dev/null +++ b/sapi/fpm/tests/include.inc @@ -0,0 +1,79 @@ + array('pipe', 'w')]; + } + /* Since it's not possible to spawn a process under linux without using a + * shell in php (why?!?) we need a little shell trickery, so that we can + * actually kill php-fpm */ + $fpm = proc_open('killit () { kill $child; }; trap killit TERM; '.get_fpm_path().' -F -O -y '.$cfg.' '.$extra_args.' 2>&1 & child=$!; wait', $desc, $pipes); + register_shutdown_function( + function($fpm) use($cfg) { + @unlink($cfg); + if (is_resource($fpm)) { + @proc_terminate($fpm); + while (proc_get_status($fpm)['running']) { + usleep(10000); + } + } + }, + $fpm + ); + if ($out !== false) { + $out = $pipes[1]; + } + return $fpm; +} +/* }}} */ + +function run_fpm_till($needle, $config, $max = 10) /* {{{ */ +{ + $i = 0; + $fpm = run_fpm($config, $tail); + if (is_resource($fpm)) { + while($i < $max) { + $i++; + $line = fgets($tail); + if(preg_match($needle, $line) === 1) { + break; + } + } + if ($i >= $max) { + $line = false; + } + proc_terminate($fpm); + stream_get_contents($tail); + fclose($tail); + proc_close($fpm); + } + return $line; +} +/* }}} */ + +?> diff --git a/sapi/fpm/tests/skipapparmor.inc b/sapi/fpm/tests/skipapparmor.inc new file mode 100644 index 00000000000..b286d0361dc --- /dev/null +++ b/sapi/fpm/tests/skipapparmor.inc @@ -0,0 +1,30 @@ + diff --git a/sapi/fpm/tests/skipif.inc b/sapi/fpm/tests/skipif.inc new file mode 100644 index 00000000000..8c569daafdc --- /dev/null +++ b/sapi/fpm/tests/skipif.inc @@ -0,0 +1,13 @@ + From 98e6c8ca2db38b2f129de15e6a4ee4e96c1b6f7a Mon Sep 17 00:00:00 2001 From: Antony Dovgal Date: Thu, 16 Jan 2014 17:53:40 +0400 Subject: [PATCH 5/6] fix indentation --- sapi/fpm/config.m4 | 38 ++++++++++++++++---------------- sapi/fpm/fpm/fpm.c | 4 ++-- sapi/fpm/fpm/fpm.h | 2 +- sapi/fpm/fpm/fpm_conf.c | 4 ++-- sapi/fpm/fpm/fpm_conf.h | 2 +- sapi/fpm/fpm/fpm_main.c | 10 ++++----- sapi/fpm/fpm/fpm_unix.c | 49 +++++++++++++++++++++++------------------ 7 files changed, 57 insertions(+), 52 deletions(-) diff --git a/sapi/fpm/config.m4 b/sapi/fpm/config.m4 index ba2b8e2d82b..40cd69c7195 100644 --- a/sapi/fpm/config.m4 +++ b/sapi/fpm/config.m4 @@ -538,18 +538,18 @@ dnl }}} AC_DEFUN([AC_FPM_APPARMOR], [ - AC_MSG_CHECKING([for apparmor]) + AC_MSG_CHECKING([for apparmor]) - SAVED_LIBS="$LIBS" - LIBS="$LIBS -lapparmor" + SAVED_LIBS="$LIBS" + LIBS="$LIBS -lapparmor" - AC_TRY_LINK([ #include ], [change_hat("test", 0);], [ - AC_DEFINE([HAVE_APPARMOR], 1, [do we have apparmor support?]) - AC_MSG_RESULT([yes]) - ], [ - LIBS="$SAVED_LIBS" - AC_MSG_RESULT([no]) - ]) + AC_TRY_LINK([ #include ], [change_hat("test", 0);], [ + AC_DEFINE([HAVE_APPARMOR], 1, [do we have apparmor support?]) + AC_MSG_RESULT([yes]) + ], [ + LIBS="$SAVED_LIBS" + AC_MSG_RESULT([no]) + ]) ]) @@ -563,15 +563,15 @@ if test "$PHP_FPM" != "no"; then AC_FPM_TRACE AC_FPM_BUILTIN_ATOMIC AC_FPM_LQ - AC_FPM_SYSCONF - AC_FPM_TIMES - AC_FPM_KQUEUE - AC_FPM_PORT - AC_FPM_DEVPOLL - AC_FPM_EPOLL - AC_FPM_POLL - AC_FPM_SELECT - AC_FPM_APPARMOR + AC_FPM_SYSCONF + AC_FPM_TIMES + AC_FPM_KQUEUE + AC_FPM_PORT + AC_FPM_DEVPOLL + AC_FPM_EPOLL + AC_FPM_POLL + AC_FPM_SELECT + AC_FPM_APPARMOR PHP_ARG_WITH(fpm-user,, [ --with-fpm-user[=USER] Set the user for php-fpm to run as. (default: nobody)], nobody, no) diff --git a/sapi/fpm/fpm/fpm.c b/sapi/fpm/fpm/fpm.c index abfc7868015..96a29c5f102 100644 --- a/sapi/fpm/fpm/fpm.c +++ b/sapi/fpm/fpm/fpm.c @@ -39,7 +39,7 @@ struct fpm_globals_s fpm_globals = { .test_successful = 0, .heartbeat = 0, .run_as_root = 0, - .force_stderr = 0, + .force_stderr = 0, .send_config_pipe = {0, 0}, }; @@ -53,7 +53,7 @@ int fpm_init(int argc, char **argv, char *config, char *prefix, char *pid, int t fpm_globals.prefix = prefix; fpm_globals.pid = pid; fpm_globals.run_as_root = run_as_root; - fpm_globals.force_stderr = force_stderr; + fpm_globals.force_stderr = force_stderr; if (0 > fpm_php_init_main() || 0 > fpm_stdio_init_main() || diff --git a/sapi/fpm/fpm/fpm.h b/sapi/fpm/fpm/fpm.h index 68642a955d1..4916140e174 100644 --- a/sapi/fpm/fpm/fpm.h +++ b/sapi/fpm/fpm/fpm.h @@ -55,7 +55,7 @@ struct fpm_globals_s { int test_successful; int heartbeat; int run_as_root; - int force_stderr; + int force_stderr; int send_config_pipe[2]; }; diff --git a/sapi/fpm/fpm/fpm_conf.c b/sapi/fpm/fpm/fpm_conf.c index 9b699af99d8..20adf91df44 100644 --- a/sapi/fpm/fpm/fpm_conf.c +++ b/sapi/fpm/fpm/fpm_conf.c @@ -150,7 +150,7 @@ static struct ini_value_parser_s ini_fpm_pool_options[] = { { "catch_workers_output", &fpm_conf_set_boolean, WPO(catch_workers_output) }, { "security.limit_extensions", &fpm_conf_set_string, WPO(security_limit_extensions) }, #ifdef HAVE_APPARMOR - { "apparmor_hat", &fpm_conf_set_string, WPO(apparmor_hat) }, + { "apparmor_hat", &fpm_conf_set_string, WPO(apparmor_hat) }, #endif { 0, 0, 0 } }; @@ -648,7 +648,7 @@ int fpm_worker_pool_config_free(struct fpm_worker_pool_config_s *wpc) /* {{{ */ free(wpc->chdir); free(wpc->security_limit_extensions); #ifdef HAVE_APPARMOR - free(wpc->apparmor_hat); + free(wpc->apparmor_hat); #endif for (kv = wpc->php_values; kv; kv = kv_next) { diff --git a/sapi/fpm/fpm/fpm_conf.h b/sapi/fpm/fpm/fpm_conf.h index 8cd8690f187..4b297490422 100644 --- a/sapi/fpm/fpm/fpm_conf.h +++ b/sapi/fpm/fpm/fpm_conf.h @@ -88,7 +88,7 @@ struct fpm_worker_pool_config_s { struct key_value_s *php_admin_values; struct key_value_s *php_values; #ifdef HAVE_APPARMOR - char *apparmor_hat; + char *apparmor_hat; #endif }; diff --git a/sapi/fpm/fpm/fpm_main.c b/sapi/fpm/fpm/fpm_main.c index fccb80c571f..93090832f50 100644 --- a/sapi/fpm/fpm/fpm_main.c +++ b/sapi/fpm/fpm/fpm_main.c @@ -157,7 +157,7 @@ static const opt_struct OPTIONS[] = { {'R', 0, "allow-to-run-as-root"}, {'D', 0, "daemonize"}, {'F', 0, "nodaemonize"}, - {'O', 0, "force-stderr"}, + {'O', 0, "force-stderr"}, {'-', 0, NULL} /* end of args */ }; @@ -1575,7 +1575,7 @@ int main(int argc, char *argv[]) char *fpm_pid = NULL; int test_conf = 0; int force_daemon = -1; - int force_stderr = 0; + int force_stderr = 0; int php_information = 0; int php_allow_to_run_as_root = 0; @@ -1704,9 +1704,9 @@ int main(int argc, char *argv[]) force_daemon = 0; break; - case 'O': /* force stderr even on non tty */ - force_stderr = 1; - break; + case 'O': /* force stderr even on non tty */ + force_stderr = 1; + break; default: case 'h': diff --git a/sapi/fpm/fpm/fpm_unix.c b/sapi/fpm/fpm/fpm_unix.c index 1159a132472..b32213fa74f 100644 --- a/sapi/fpm/fpm/fpm_unix.c +++ b/sapi/fpm/fpm/fpm_unix.c @@ -228,28 +228,33 @@ int fpm_unix_init_child(struct fpm_worker_pool_s *wp) /* {{{ */ } #ifdef HAVE_APPARMOR - if (wp->config->apparmor_hat) { - char *con, *new_con; - if (aa_getcon(&con, NULL) == -1) { - zlog(ZLOG_SYSERROR, "[pool %s] failed to query apparmor confinement. Please check if \"/proc/*/attr/current\" is read and writeable.", wp->config->name); - return -1; - } - new_con = malloc(strlen(con) + strlen(wp->config->apparmor_hat) + 3); // // + 0 Byte - if (!new_con) { - zlog(ZLOG_SYSERROR, "[pool %s] failed to allocate memory for apparmor hat change.", wp->config->name); - return -1; - } - if (0 > sprintf(new_con, "%s//%s", con, wp->config->apparmor_hat)) { - zlog(ZLOG_SYSERROR, "[pool %s] failed to construct apparmor confinement.", wp->config->name); - return -1; - } - if (0 > aa_change_profile(new_con)) { - zlog(ZLOG_SYSERROR, "[pool %s] failed to change to new confinement (%s). Please check if \"/proc/*/attr/current\" is read and writeable and \"change_profile -> %s//*\" is allowed.", wp->config->name, new_con, con); - return -1; - } - free(con); - free(new_con); - } + if (wp->config->apparmor_hat) { + char *con, *new_con; + + if (aa_getcon(&con, NULL) == -1) { + zlog(ZLOG_SYSERROR, "[pool %s] failed to query apparmor confinement. Please check if \"/proc/*/attr/current\" is read and writeable.", wp->config->name); + return -1; + } + + new_con = malloc(strlen(con) + strlen(wp->config->apparmor_hat) + 3); // // + 0 Byte + if (!new_con) { + zlog(ZLOG_SYSERROR, "[pool %s] failed to allocate memory for apparmor hat change.", wp->config->name); + return -1; + } + + if (0 > sprintf(new_con, "%s//%s", con, wp->config->apparmor_hat)) { + zlog(ZLOG_SYSERROR, "[pool %s] failed to construct apparmor confinement.", wp->config->name); + return -1; + } + + if (0 > aa_change_profile(new_con)) { + zlog(ZLOG_SYSERROR, "[pool %s] failed to change to new confinement (%s). Please check if \"/proc/*/attr/current\" is read and writeable and \"change_profile -> %s//*\" is allowed.", wp->config->name, new_con, con); + return -1; + } + + free(con); + free(new_con); + } #endif return 0; From 7f0aff52cf35db89c1285ddb931fc118e1127561 Mon Sep 17 00:00:00 2001 From: Anatol Belski Date: Fri, 17 Jan 2014 11:03:40 +0100 Subject: [PATCH 6/6] added appropriate exception handling flag to ext\intl According to the doc page http://msdn.microsoft.com/en-us/library/1deeycx5.aspx it's appropriate as none of the extern C functions do throw exceptions. This also fixes the warning C4530. --- ext/intl/config.w32 | 1 + 1 file changed, 1 insertion(+) diff --git a/ext/intl/config.w32 b/ext/intl/config.w32 index bb1dca8124a..22cde6bd6d9 100644 --- a/ext/intl/config.w32 +++ b/ext/intl/config.w32 @@ -118,6 +118,7 @@ if (PHP_INTL != "no") { "intl"); ADD_FLAG("LIBS_INTL", "icudt.lib icuin.lib icuio.lib icule.lib iculx.lib"); + ADD_FLAG("CFLAGS_INTL", "/EHsc"); AC_DEFINE("HAVE_INTL", 1, "Internationalization support enabled"); } else { WARNING("intl not enabled; libraries and/or headers not found");