This simplifies the libmagic patch:
- in upstream the HAVE_STRERROR check has been removed
- in upstream library the HAVE_SIGNAL_H has been removed
- indentations syncs with the upstream library
- some irrelevant changes removed from the patch (log comment), upstream
has this correctly logged already so no need to patch the comment.
Closes GH-4298
Also adds an --asan flag to run-tests.php to setup all the necessary
environment variables. Some tests are marked as skipped because they
are incompatible with asan or too slow.
I'm basing this on the DEBUG_ZTS build, which seems to give us the
most mileage.
When tests are run concurrently using the -j option there might be a
change of failure and writing to the same directory from both tests.
Use test filenames for generated temp dirs
Normalization include:
- Use dnl for everything that can be ommitted when configure is built in
favor of the shell comment character # which is visible in the output.
- Line length normalized to 80 columns
- Dots for most of the one line sentences
- Macro definitions include similar pattern header comments now
Previously zend_parse_parameters (and FastZPP) would handle invalid
arguments depending on strict_types: With strict_types=1, a TypeError
is thrown, with strict_types=0 a warning is thrown and (usually) NULL
is returned. Additionally, some functions (constructors always and
other methods sometimes) opt-it to throwing regardless of strict_types.
This commit changes zpp to always generate a TypeError exception in
PHP 8.
This patch removes the so called local variables defined per
file basis for certain editors to properly show tab width, and
similar settings. These are mainly used by Vim and Emacs editors
yet with recent changes the once working definitions don't work
anymore in Vim without custom plugins or additional configuration.
Neither are these settings synced across the PHP code base.
A simpler and better approach is EditorConfig and fixing code
using some code style fixing tools in the future instead.
This patch also removes the so called modelines for Vim. Modelines
allow Vim editor specifically to set some editor configuration such as
syntax highlighting, indentation style and tab width to be set in the
first line or the last 5 lines per file basis. Since the php test
files have syntax highlighting already set in most editors properly and
EditorConfig takes care of the indentation settings, this patch removes
these as well for the Vim 6.0 and newer versions.
With the removal of local variables for certain editors such as
Emacs and Vim, the footer is also probably not needed anymore when
creating extensions using ext_skel.php script.
Additionally, Vim modelines for setting php syntax and some editor
settings has been removed from some *.phpt files. All these are
mostly not relevant for phpt files neither work properly in the
middle of the file.
This parameter is always zero and not necessary to call pcre2_match.
I'm leaving the parameter behind on the _ex() variant, so the preg_flags
are still accessible in some way.
The change reduces the input size on patterns using posix character
classes. It is still better than reverting to the patterns from the
older version, as the upstream data uses posix classes also in the later
versions. The input reduction speeds up the pattern matching in some
cases.
This patch is functionally almost same as upstream, but might show some diff
when the input is very long. While the magic data in the newer versions is
functionally an improvement, with jit=0 it might show a performance regression.
The slowdown is negligible in the normal usage and is still acceptable for the
malicious input. If some functional regressions show up, this patch should be
reverted and the tests timing should be adapted instead.
Avoid patching where vanilla data suffices. More precisely, avoid data
using [:space:] posix class in regex, as it is likely to cause performance
regressions.
CVE-2014-3538 was fixed upstream, but the old patch was still kept in
the PHP port. This patch causes performance regressions when PCRE JIT is
not enabled. This is fixed by applying the relevant original code from
the newer libmagic, which makes the old patch obsolete as the
CVE-2014-3538 tests still pass.
This patch adds missing newlines, trims multiple redundant final
newlines into a single one, and trims redundant leading newlines in all
*.phpt sections.
According to POSIX, a line is a sequence of zero or more non-' <newline>'
characters plus a terminating '<newline>' character. [1] Files should
normally have at least one final newline character.
C89 [2] and later standards [3] mention a final newline:
"A source file that is not empty shall end in a new-line character,
which shall not be immediately preceded by a backslash character."
Although it is not mandatory for all files to have a final newline
fixed, a more consistent and homogeneous approach brings less of commit
differences issues and a better development experience in certain text
editors and IDEs.
[1] http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_206
[2] https://port70.net/~nsz/c/c89/c89-draft.html#2.1.1.2
[3] https://port70.net/~nsz/c/c99/n1256.html#5.1.1.2
This patch adds missing newlines, trims multiple redundant final
newlines into a single one, and trims redundant leading newlines in all
*.phpt sections.
According to POSIX, a line is a sequence of zero or more non-' <newline>'
characters plus a terminating '<newline>' character. [1] Files should
normally have at least one final newline character.
C89 [2] and later standards [3] mention a final newline:
"A source file that is not empty shall end in a new-line character,
which shall not be immediately preceded by a backslash character."
Although it is not mandatory for all files to have a final newline
fixed, a more consistent and homogeneous approach brings less of commit
differences issues and a better development experience in certain text
editors and IDEs.
[1] http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_206
[2] https://port70.net/~nsz/c/c89/c89-draft.html#2.1.1.2
[3] https://port70.net/~nsz/c/c99/n1256.html#5.1.1.2
This patch adds missing newlines, trims multiple redundant final
newlines into a single one, and trims redundant leading newlines in all
*.phpt sections.
According to POSIX, a line is a sequence of zero or more non-' <newline>'
characters plus a terminating '<newline>' character. [1] Files should
normally have at least one final newline character.
C89 [2] and later standards [3] mention a final newline:
"A source file that is not empty shall end in a new-line character,
which shall not be immediately preceded by a backslash character."
Although it is not mandatory for all files to have a final newline
fixed, a more consistent and homogeneous approach brings less of commit
differences issues and a better development experience in certain text
editors and IDEs.
[1] http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_206
[2] https://port70.net/~nsz/c/c89/c89-draft.html#2.1.1.2
[3] https://port70.net/~nsz/c/c99/n1256.html#5.1.1.2
This patch adds missing newlines, trims multiple redundant final
newlines into a single one, and trims redundant leading newlines in all
*.phpt sections.
According to POSIX, a line is a sequence of zero or more non-' <newline>'
characters plus a terminating '<newline>' character. [1] Files should
normally have at least one final newline character.
C89 [2] and later standards [3] mention a final newline:
"A source file that is not empty shall end in a new-line character,
which shall not be immediately preceded by a backslash character."
Although it is not mandatory for all files to have a final newline
fixed, a more consistent and homogeneous approach brings less of commit
differences issues and a better development experience in certain text
editors and IDEs.
[1] http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_206
[2] https://port70.net/~nsz/c/c89/c89-draft.html#2.1.1.2
[3] https://port70.net/~nsz/c/c99/n1256.html#5.1.1.2
This patch adds missing newlines, trims multiple redundant final
newlines into a single one, and trims redundant leading newlines.
According to POSIX, a line is a sequence of zero or more non-' <newline>'
characters plus a terminating '<newline>' character. [1] Files should
normally have at least one final newline character.
C89 [2] and later standards [3] mention a final newline:
"A source file that is not empty shall end in a new-line character,
which shall not be immediately preceded by a backslash character."
Although it is not mandatory for all files to have a final newline
fixed, a more consistent and homogeneous approach brings less of commit
differences issues and a better development experience in certain text
editors and IDEs.
[1] http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_206
[2] https://port70.net/~nsz/c/c89/c89-draft.html#2.1.1.2
[3] https://port70.net/~nsz/c/c99/n1256.html#5.1.1.2
This patch adds missing newlines, trims multiple redundant final
newlines into a single one, and trims redundant leading newlines.
According to POSIX, a line is a sequence of zero or more non-' <newline>'
characters plus a terminating '<newline>' character. [1] Files should
normally have at least one final newline character.
C89 [2] and later standards [3] mention a final newline:
"A source file that is not empty shall end in a new-line character,
which shall not be immediately preceded by a backslash character."
Although it is not mandatory for all files to have a final newline
fixed, a more consistent and homogeneous approach brings less of commit
differences issues and a better development experience in certain text
editors and IDEs.
[1] http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_206
[2] https://port70.net/~nsz/c/c89/c89-draft.html#2.1.1.2
[3] https://port70.net/~nsz/c/c99/n1256.html#5.1.1.2
This patch adds missing newlines, trims multiple redundant final
newlines into a single one, and trims redundant leading newlines.
According to POSIX, a line is a sequence of zero or more non-' <newline>'
characters plus a terminating '<newline>' character. [1] Files should
normally have at least one final newline character.
C89 [2] and later standards [3] mention a final newline:
"A source file that is not empty shall end in a new-line character,
which shall not be immediately preceded by a backslash character."
Although it is not mandatory for all files to have a final newline
fixed, a more consistent and homogeneous approach brings less of commit
differences issues and a better development experience in certain text
editors and IDEs.
[1] http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_206
[2] https://port70.net/~nsz/c/c89/c89-draft.html#2.1.1.2
[3] https://port70.net/~nsz/c/c99/n1256.html#5.1.1.2
This patch adds missing newlines, trims multiple redundant final
newlines into a single one, and trims redundant leading newlines.
According to POSIX, a line is a sequence of zero or more non-' <newline>'
characters plus a terminating '<newline>' character. [1] Files should
normally have at least one final newline character.
C89 [2] and later standards [3] mention a final newline:
"A source file that is not empty shall end in a new-line character,
which shall not be immediately preceded by a backslash character."
Although it is not mandatory for all files to have a final newline
fixed, a more consistent and homogeneous approach brings less of commit
differences issues and a better development experience in certain text
editors and IDEs.
[1] http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_206
[2] https://port70.net/~nsz/c/c89/c89-draft.html#2.1.1.2
[3] https://port70.net/~nsz/c/c99/n1256.html#5.1.1.2
This patch makes few remaining PHP development tools files
executable and adds a shebang to them.
The `#!/usr/bin/env php` shebang provides running the script via
`./script.php` and uses env to find PHP script location on the system.
At the same time it still provides running the script with a user
defined PHP location using `php script.php`. Shebang is not visible in
the output of the generated file.
This patch makes several scripts and PHP development tools files
executable and adds more proper shebangs to the PHP scripts.
The `#!/usr/bin/env php` shebang provides running the script via
`./script.php` and uses env to find PHP script location on the system.
At the same time it still provides running the script with a user
defined PHP location using `php script.php`.
Autoconf 2.50 released in 2001 made several macros obsolete including
the AC_TRY_RUN, AC_TRY_COMPILE and AC_TRY_LINK:
http://git.savannah.gnu.org/cgit/autoconf.git/tree/ChangeLog.2
These macros should be replaced with the current AC_FOO_IFELSE instead:
- AC_TRY_RUN with AC_RUN_IFELSE and AC_LANG_SOURCE
- AC_TRY_LINK with AC_LINK_IFELSE and AC_LANG_PROGRAM
- AC_TRY_COMPILE with AC_COMPILE_IFELSE and AC_LANG_PROGRAM
PHP 5.4 to 7.1 require Autoconf 2.59+ version, PHP 7.2 and above require
2.64+ version, and the PHP 7.2 phpize script requires 2.59+ version which
are all greater than above mentioned 2.50 version therefore systems
should be well supported by now.
This patch was created with the help of autoupdate script:
autoupdate <file>
Reference docs:
- https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Obsolete-Macros.html
- https://www.gnu.org/software/autoconf/manual/autoconf-2.59/autoconf.pdf
The $Id$ keywords were used in Subversion where they can be substituted
with filename, last revision number change, last changed date, and last
user who changed it.
In Git this functionality is different and can be done with Git attribute
ident. These need to be defined manually for each file in the
.gitattributes file and are afterwards replaced with 40-character
hexadecimal blob object name which is based only on the particular file
contents.
This patch simplifies handling of $Id$ keywords by removing them since
they are not used anymore.
PHP requires boolean typehints to be written "bool" and disallows
"boolean" as an alias. This changes the error messages to match
the actual type name and avoids confusing messages like "must be
of type boolean, boolean given".
This a followup to ce1d69a1f6, which
implements the same change for integer->int.
PHP requires integer typehints to be written "int" and does not
allow "integer" as an alias. This changes type error messages to
match the actual type name and avoids confusing messages like
"must be of the type integer, integer given".
Using ecalloc() to create objects is expensive, because the
dynamic-size memset() is unreasonably slow. Make sure we only
zero the main object structure with known size, as the properties
are intialized separately anyway.
Technically we do not need to zero the embedded zend_object
structure either, but as long as the memset argument is constant,
a couple more bytes don't really matter.
Note the behavior change, FILEINFO_CONTINUE will now always
append a string \012-. I'm leaving this as is for now, as this is
the behavior change in libmagic.
yet unfinished port to libmagic 5.28
catch with missing libmagic port pieces
regenerate data file with magic from 5.28
test magic files from 5.28
missing files
fix path
pure c99 is still not supported
move right to 5.29, yet some bugs present
more sync with orig lib
more ZMM usage
use unpatched data for now
partial revert according to bug #67705
Revert "more ZMM usage"
This reverts commit 5e3c9b851034b455942b219b18bdc49c8315c3ee.
several fixes, so it's now closer to the clean port
Since long the default PHP charset is UTF-8, however the Windows part is
out of step with this important point. The current implementation in PHP
doesn't technically permit to handle UTF-8 filepath and several other
things. Till now, only the ANSI compatible APIs are being used. Here is more
about it
https://msdn.microsoft.com/en-us/library/windows/desktop/dd317752%28v=vs.85%29.aspx
The patch fixes not only issues with multibyte filenames under
incompatible codepages, but indirectly also issues with some other multibyte
encodings like BIG5, Shift-JIS, etc. by providing a clean way to access
filenames in UTF-8. Below is a small list of issues from the bug tracker,
that are getting fixed:
https://bugs.php.net/63401https://bugs.php.net/41199https://bugs.php.net/50203https://bugs.php.net/71509https://bugs.php.net/64699https://bugs.php.net/64506https://bugs.php.net/30195https://bugs.php.net/65358https://bugs.php.net/61315https://bugs.php.net/70943https://bugs.php.net/70903https://bugs.php.net/63593https://bugs.php.net/54977https://bugs.php.net/54028https://bugs.php.net/43148https://bugs.php.net/30730https://bugs.php.net/33350https://bugs.php.net/35300https://bugs.php.net/46990https://bugs.php.net/61309https://bugs.php.net/69333https://bugs.php.net/45517https://bugs.php.net/70551https://bugs.php.net/50197https://bugs.php.net/72200https://bugs.php.net/37672
Yet more related tickets can for sure be found - on bugs.php.net, Stackoverflow
and Github. Some of the bugs are pretty recent, some descend to early
2000th, but the user comments in there last even till today. Just for example,
bug #30195 was opened in 2004, the latest comment in there was made in 2014. It
is certain, that these bugs descend not only to pure PHP use cases, but get also
redirected from the popular PHP based projects. Given the modern systems (and
those supported by PHP) are always based on NTFS, there is no excuse to keep
these issues unresolved.
The internalization approach on Windows is in many ways different from
UNIX and Linux, while it supports and is based on Unicode. It depends on the
current system code page, APIs used and exact kind how the binary was compiled
The locale doesn't affect the way Unicode or ANSI API work. PHP in particular
is being compiled without _UNICODE defined and this is conditioned by the
way we handle strings. Here is more about it
https://msdn.microsoft.com/en-us/library/tsbaswba.aspx
However, with any system code page ANSI functions automatically convert
paths to UTF-16. Paths in some encodings incompatible with the
current system code page, won't work correctly with ANSI APIs. PHP
till now only uses the ANSI Windows APIs.
For example, on a system with the current code page 1252, the paths
in cp1252 are supported and transparently converted to UTF-16 by the
ANSI functions. Once one wants to handle a filepath encoded with cp932 on
that particular system, an ANSI or a POSIX compatible function used in
PHP will produce an erroneous result. When trying to convert that cp932 path
to UTF-8 and passing to the ANSI functions, an ANSI function would
likely interpret the UTF-8 string as some string in the current code page and
create a filepath that represents every single byte of the UTF-8 string.
These behaviors are not only broken but also disregard the documented
INI settings.
This patch solves the issies with the multibyte paths on Windows by
intelligently enforcing the usage of the Unicode aware APIs. For
functions expect Unicode (fe CreateFileW, FindFirstFileW, etc.), arguments
will be converted to UTF-16 wide chars. For functions returning Unicode
aware data (fe GetCurrentDirectoryW, etc.), resulting wide string is
converted back to char's depending on the current PHP charset settings,
either to the current ANSI codepage (this is the behavior prior to this patch)
or to UTF-8 (the default behavior).
In a particular case, users might have to explicitly set
internal_encoding or default_charset, if filenames in ANSI codepage are
necessary. Current tests show no regressions and witness that this will be an
exotic case, the current default UTF-8 encoding is compatible with any
supported system. The dependency libraries are long switching to Unicode APIs,
so some tests were also added for extensions not directly related to streams.
At large, the patch brings over 150 related tests into the core. Those target
and was run on various environments with European, Asian, etc. codepages.
General PHP frameworks was tested and showed no regressions.
The impact on the current C code base is low, the most places affected
are the Windows only places in the three files tsrm_win32.c, zend_virtual_cwd.c
and plain_wrapper.c. The actual implementation of the most of the wide
char supporting functionality is in win32/ioutil.* and win32/codepage.*,
several low level functionsare extended in place to avoid reimplementation for
now. No performance impact was sighted. As previously mentioned, the ANSI APIs
used prior the patch perform Unicode conversions internally. Using the
Unicode APIs directly while doing custom conversions just retains the status
quo. The ways to optimize it are open (fe. by implementing caching for the
strings converted to wide variants).
The long path implementation is user transparent. If a path exceeds the
length of _MAX_PATH, it'll be automatically prefixed with \\?\. The MAXPATHLEN
is set to 2048 bytes.
Appreciation to Pierre Joye, Matt Ficken, @algo13 and others for tips, ideas
and testing.
Thanks.
* PHP-7.0:
Fixed bug #71704 php_snmp_error() Format String Vulnerability
Fixed bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut
Updated to version 2016.3 (2016c)
Fixed bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut
Fixed bug #71527 Buffer over-write in finfo_open with malformed magic file
Fix bug #71798 - Integer Overflow in php_raw_url_encode
update NEWS
Disable huge pages in the Zend allocator by default As per the discussion on internals, this is an expert feature that needs special system-level configuration and care.
Added ability to disable huge pages in Zend Memeory Manager through the environment variable USE_ZEND_ALLOC_HUGE_PAGES=0.
Fix bug #71860: Require valid paths for phar filenames
Fix bug #71860: Require valid paths for phar filenames
update NEWS
Fixed bug #71704 php_snmp_error() Format String Vulnerability
Merge branch 'PHP-5.6' into PHP-7.0
Updated to version 2016.2 (2016b)
update libs versions
set RC1 versions
Going for 5.5.34
The test used rand(32, 127) to select the character, however
chr(127) results in "data" instead of the expected result, so this
test would fail in something like 1% of the runs.
Replace rand() with fixed character "a".
PHP_VERSION_ID
PHP_API_VERSION
ZEND_MODULE_API_NO
PHP_MAJOR_VERSION, PHP_MINOR_VERSION
ZEND_ENGINE_2
I've left litespeed alone, as it seems to genuinely maintain support
for many PHP versions.
* PHP-5.6: (27 commits)
fix non-standard C
update NEWS
5.4.41 next
fix CVE num
update NEWS
Fix bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode)
fix test
fix type in fix for #69085
fix memory leak & add test
Fix tests
fix CVE num
Fix bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability)
Fix test
Additional fix for bug #69324
More fixes for bug #69152
Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)
Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar)
Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
...
Conflicts:
Zend/zend_exceptions.c
ext/curl/interface.c
ext/dom/document.c
ext/fileinfo/libmagic/softmagic.c
ext/gd/gd.c
ext/hash/hash.c
ext/pgsql/pgsql.c
ext/phar/phar.c
ext/phar/phar_internal.h
ext/standard/http_fopen_wrapper.c
ext/standard/link.c
ext/standard/streamsfuncs.c
ext/xmlwriter/php_xmlwriter.c
ext/zlib/zlib.c
* PHP-5.5: (27 commits)
fix non-standard C
update NEWS
5.4.41 next
fix CVE num
update NEWS
Fix bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode)
fix test
fix type in fix for #69085
fix memory leak & add test
Fix tests
fix CVE num
Fix bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability)
Fix test
Additional fix for bug #69324
More fixes for bug #69152
Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)
Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar)
Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
...
Conflicts:
ext/standard/http_fopen_wrapper.c
* PHP-5.4.40:
Additional fix for bug #69324
More fixes for bug #69152
Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)
Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar)
Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
Fixed bug #68901 (use after free)
Fixed bug #68740 (NULL Pointer Dereference)
Fix bug #66550 (SQLite prepared statement use-after-free)
Better fix for #68601 for perf 81e9a993f2
Fix bug #68601 buffer read overflow in gd_gif_in.c
Revert "Merge branch 'PHP-5.4' of https://git.php.net/repository/php-src into PHP-5.4"
Fixed bug #69293
Add ZEND_ARG_CALLABLE_INFO to allow internal function to type hint against callable.
Introduces a ZEND_PARSE_PARAMS_THROW flag for zpp, which forces to
report FAILURE errors using a TypeException instead of a Warning,
like it would happen in strict mode.
Adds a zend_parse_parameters_throw() convenience function, which
invokes zpp with this flag.
Converts all cases I could identify, where we currently have
throwing zpp usage in constructors and replaces them with this API.
Error handling is still replaced to EH_THROW in some cases to handle
other, domain-specific errors in constructors.
* 'InternalClassClean' of github.com:Danack/php-src:
Fixed indentation. Fixed comment style. Fixed commented out code.
Reverted change to function name and added note of why it is different from the class it is actually changing.
Made UConverter throw an exception if the constructor fails.
Fixed PDO constructor to not return null.
Fixed fileinfo behaviour.
Made Phar throw exception on bad constructor.
Converted intl extension to use IntlException in constructors.
Fixed SplFixedArray and tests.
Fixed ReflectionExtension and ReflectionProperty.
Fixed ReflectionFunction, ReflectionMethod and ReflectionParameter.
Fixed PDORow behaviour and message.
