6bef57f2e2
Merge branch 'PHP-7.4'
...
* PHP-7.4:
Fix bug #78599 (env_path_info underflow can lead to RCE) (CVE-2019-11043)
bump versions after release
set versions for release
2019-10-21 13:17:32 -07:00
59953efc09
Merge branch 'PHP-7.3' into PHP-7.4
...
* PHP-7.3:
Fix bug #78599 (env_path_info underflow can lead to RCE) (CVE-2019-11043)
bump versions after release
set versions for release
2019-10-21 13:17:27 -07:00
57b4dcbe77
Merge branch 'PHP-7.2' into PHP-7.3
...
* PHP-7.2:
Fix bug #78599 (env_path_info underflow can lead to RCE) (CVE-2019-11043)
bump versions after release
set versions for release
2019-10-21 13:17:19 -07:00
4b5cdda0c7
Merge branch 'PHP-7.1' into PHP-7.2
...
* PHP-7.1:
Fix bug #78599 (env_path_info underflow can lead to RCE) (CVE-2019-11043)
bump versions after release
set versions for release
2019-10-21 13:17:09 -07:00
ab061f95ca
Fix bug #78599 (env_path_info underflow can lead to RCE) (CVE-2019-11043)
2019-10-20 22:50:04 -07:00
878f8b0b23
Merge branch 'PHP-7.4'
2019-10-20 16:59:30 +01:00
d537ae73e0
Skip fpm bug #74083 test on Windows
...
Have not expected side effects of `include`.
2019-10-20 16:08:55 +01:00
2f9f409156
Add (slow) test for fpm concurrent reloads #74083
2019-10-20 16:08:55 +01:00
ae5154c6c6
Block signals during fpm master initialization
...
Fix PHP-FPM failure in the case of concurrent reload attempts.
Postpone signal delivery to the fpm master process till proper signal
handlers are set. Prevent the following case:
- Running master process receives `SIGUSR2` and performs `execvp()`.
- Another `SIGUSR2` is arrived before signal handlers are set.
- Master process dies.
- Requests to the HTTP server handled by PHP-fpm can not be served
any more.
Block some signals using `sigprocmask()` before `execvp()` and early
in the `main()` function. Unblock signals as soon as proper
handlers are set.
Fixes bug #74083
2019-10-20 16:08:55 +01:00
0436bc875e
Merge branch 'PHP-7.4'
...
* PHP-7.4:
Fix miscellaneous typos in docs
2019-10-19 19:20:25 +02:00
38f388fba4
Fix miscellaneous typos in docs
2019-10-19 19:19:28 +02:00
273731fb76
Add Zend class/interface arginfo stubs
...
We also change `Generator::throw()` to expect a `Throwable` in the
first place, and we now throw a TypeError instead of returning `false`
from `Exception::getTraceAsString()`.
2019-10-15 16:21:00 +02:00
db233501ff
Use clean shutdown on uncaught exception
2019-10-11 12:41:15 +02:00
b64a182233
Revert "Link executable files using non PIC object files. This reduces PIC overhead and improves performance."
...
This reverts commit eef85229d0
2019-10-10 16:28:59 +03:00
f1aff654be
Use php stream in exif fuzzer
...
This has the main benefit that we don't go through the
realpath cache, which will cause leak checking to be
disabled.
2019-10-10 12:33:15 +02:00
bd21e202b9
Reduce oniguruma limits in fuzzing sapi
...
The defaults are fairly conservative and may still take quite a
bit to match a single expression. Reduce them by a factor of 10x
to speed up fuzzing.
2019-10-08 17:38:49 +02:00
76c8f2ed34
Fix regex in generate_parser_corpus.php
...
The next section after --FILE-- is not necessarily --EXPECT--.
Accept any section.
Closes GH-4770.
2019-10-02 16:56:41 +02:00
872a759f88
Limit input size in exif fuzzer
...
Probably still too much...
2019-10-01 18:29:23 +02:00
4d49ec208e
Add --enable-fuzzer-msan flag
...
To build fuzzers with memory sanitizer.
2019-10-01 13:04:47 +02:00
15761ef359
Pass mode to open() in exif fuzzer
...
Funny how despite all those sanitizers running, nothing ever
caught this...
2019-09-30 18:23:47 +02:00
235983dfde
Merge branch 'PHP-7.4'
2019-09-30 17:52:39 +02:00
0aa3acc6c4
Fix borked SKIPIFs
2019-09-30 17:51:41 +02:00
b442a9b69b
Merge branch 'PHP-7.4'
2019-09-30 12:54:45 +02:00
27f5785363
Merge branch 'PHP-7.3' into PHP-7.4
2019-09-30 12:54:18 +02:00
e546d721e8
Fix #78413 : php-fpm request_terminate_timeout does not take effect after fastcgi_finish_request
...
To retain legacy behavior I decided to add an option to control request
termination logic. If request_terminate_timeout_track_finished is set,
then request will be tracked for time limits even after
fastcgi_finish_request was called.
This patch depends on the fix provided in BUG 78469 (otherwise php-fpm
workers listening on named pipes on Windows will be erroneously terminated)
(PR #4636 )
2019-09-30 12:54:09 +02:00
61f8f68a79
Make fuzzing sapi i386 compatible
...
* Avoid an unnecessary -lstdc++ dependency. It's not going to be
used in the end anyway, and is an unnecessary hassle to set up.
* Use $LIB_FUZZING_ENGINE instead of hardcoding -lFuzzingEngine.
2019-09-27 23:58:48 +02:00
31ff9f3e29
Merge branch 'PHP-7.4'
2019-09-27 11:20:48 +02:00
f2826954ac
XFAIL sapi/fpm/tests/log-bwd-multiple-msgs-stdout-stderr.phpt
...
This is supposed to be addressed by GH-4007, but that seems stalled
for now.
2019-09-27 11:18:50 +02:00
7e295da81c
Limit max length for parser fuzzer
...
We're getting some very large inputs (~500KB) on OSS-Fuzz, which
slot down performance a lot. Let's try limiting this, starting
with a still fairly large value of 64KB.
Also remove the max_execution_time limit, so that slow test cases
cause a genuine libfuzzer timeout and we may investigate them.
2019-09-26 10:45:47 +02:00
5d6e923d46
Remove mention of PHP major version in Copyright headers
...
Closes GH-4732.
2019-09-25 14:51:43 +02:00
1fe47ad233
Add new entries for exif and unserialize fuzzing corpus
2019-09-24 12:34:30 +02:00
8d7911ef56
Standardize type printing in reflection
...
Use ?T instead of "T or NULL".
2019-09-23 15:40:03 +02:00
418d243e37
Change instructions to use oniguruma from git
...
Some bugs are already fixed there.
[ci skip]
2019-09-18 14:56:25 +02:00
d7b4cdff3f
Add instructions for building an instrumented libonig
...
[ci skip]
2019-09-18 12:49:42 +02:00
f613e32058
Merge branch 'PHP-7.4'
2019-09-17 12:19:57 +02:00
1a5f04688e
Merge branch 'PHP-7.3' into PHP-7.4
2019-09-17 12:19:45 +02:00
3a2fa489dd
Merge branch 'PHP-7.2' into PHP-7.3
2019-09-17 12:19:39 +02:00
252ebce0d7
Add tilde to allowed status/ping path
...
Because of user specific webdirs it should be possible to set a
status/ping path like "/~username/status".
Closes GH-4698.
2019-09-17 12:19:21 +02:00
c1adb7a74e
Move scripts out of corpus/ directory
2019-09-16 20:18:29 +02:00
c4e2ca607f
Various improvements to fuzzer SAPIs
2019-09-16 16:04:10 +02:00
41f45647f9
Add fuzzer SAPIs to the core
2019-09-16 16:04:09 +02:00
a86e04876b
Merge branch 'PHP-7.4'
2019-09-14 00:25:39 +02:00
fa07a9c223
Fix symtable_cache_limit assignment in phpdbg
...
The meaning of the limit changed in 7.4, it now points one past the
end. Adjust code accordingly.
2019-09-14 00:25:07 +02:00
eef85229d0
Link executable files using non PIC object files. This reduces PIC overhead and improves performance.
2019-09-07 11:59:11 +03:00
64b2ee606c
Merge branch 'non_pic'
...
* non_pic:
Link executable files using non PIC object files. This reduces PIC overhead and improves performance.
2019-09-06 11:45:43 +03:00
edf5896a4e
Merge branch 'PHP-7.4'
2019-09-05 18:29:30 +02:00
9ec61e43d4
Fix pipe detection and stream position handling
...
There are two related changes here:
1. Also check for S_ISCHR/FILE_TYPE_CHAR when checking for pipes, so
that we detect ttys as well, which are also not seekable.
2. Always set position=-1 (i.e. ftell will return false) when a pipe
is detected. Previously position=0 was sometimes used, depending on
whether we're on Windows/Linux and whether the FD or FILE codepath
was used.
2019-09-05 18:29:15 +02:00
56e880af9f
Link executable files using non PIC object files. This reduces PIC overhead and improves performance.
2019-09-03 23:42:22 +03:00
be8247101d
Merge branch 'PHP-7.4'
2019-08-30 11:02:40 +02:00
b4088ba509
Avoid accessing undefined index in CLI server test
2019-08-30 11:02:30 +02:00
Stanislav Malyshev