zlog_buf_prefix() can return a larger length than what actually was
written due to its use of snprintf(). The code in
zlog_stream_prefix_ex() does not take this into account, other callers
do. What ends up happening then is that stream->length is set to the
length as if snprintf() was able to write all bytes, causing
stream->length to become larger than stream->buf.size, causing a
segfault.
In case the buffer was too small we try with a larger buffer up to a
limit of zlog_limit. This makes sure that the stream length will remain
bounded by the buffer size.
This also adds assertions to make the programmer intent clear and catch
this more easily in debug builds.
Closes GH-16680.
Apache only generates REDIRECT_STATUS, so explicitly check for that
if the server name is Apache, don't allow other variable names.
Furthermore, redirect.so and Netscape no longer exist, so
remove those entries as we can't check their server name anymore.
We now also check for the configuration override *first* such that it
always take precedence. This would allow for a mitigation path if
something like this happens in the future.
It's no use trying to work around whatever the operating system and Apache
do because we'll be fighting that until eternity.
Change the skip_getopt condition such that when we're running in
CGI or FastCGI mode we always skip the argument parsing.
This is a BC break, but this seems to be the only way to get rid of this
class of issues.
The PHP_BUILD_THREAD_SAFE macro is a simple wrapper around setting the
enable_zts variable and can't be used in PHP extensions realistically.
The PHP_TEST_BUILD macro might produce warnings on certain compiler
configurations and default AC_* macros like AC_LINK_IFELSE,
AC_CHECK_LIB, or AC_CHECK_FUNC are better suited for such checks. Also,
a quick browse through the open-source PHP extensions doesn't find
usages of this macro except in imap extension where patch is was already
sent:
https://github.com/php/pecl-mail-imap/pull/11
PHP_DEF_HAVE is a wrapper around AC_DEFINE and using AC_DEFINE_UNQUOTED
and AS_TR_CPP are better suited for this task where also help text can
be passed. Usages in the open source PHP extensions have been checked and
patches sent where found.
The apxs -q HTTPD_VERSION variable is available since Apache 2.4.17.
This change obsoletes the PHP_AP_EXTRACT_VERSION macro and checks the
version in the config.m4 file directly. Version is checked against the
dotted format instead of the version number.
This wraps checks in AC_CACHE_CHECK and replaces the "uname -sr" command
with simpler $host_alias as it is already set by the config.guess script
properly.
Travis was suspended https://github.com/php/php-src/pull/15314
This removes 404 errored Travis image in README, travis configuration
directory and YAML file and usages in tests.
[skip ci]
Co-authored-by: Gina Peter Banyard <girgias@php.net>
This is a follow up of 7edb9a07d7 that
provides passing compilation options to PHP_NEW_EXTENSION,
PHP_ADD_SOURCES, PHP_ADD_SOURCES_X, and PHP_SELECT_SAPI as a
blank-or-newline-separated argument.
The m4_normalize(m4_expand([$1])) expands the given argument if it
contains M4 macros, and then trims the items together into a space
separated string in an intuitive way.
Obsolete backticks can be replaced with the recommended $(...) (on
shells where the "newer" style still doesn't work, for example, on
Solaris 10 default shell, Autoconf takes care of that by re-executing
the script itself).
