This reverts commit c3717d9aec.
The final mitigation of the consequences with spectre should be
discussed more also with the regard to the happenings on the
developments. Right now a preliminary mitigation might be wrong or
suboptimal, thus reverting this.
The recently discovered security flaw Spectre requires a high resolution
timer. To the today's knowledge, PHP can't be used to create an attack for
this flaw. Still some concerns were raised, that there might be impact in
shared hosting environments. This patch adds a possibility to reduce the
timer resolution by an ini setting, thus giving administrators full
control. Especially, as the flaw was also demonstrated by an abuse of
the JS engine in a browser, Firefox reduced several time sources to 20us.
Any programming language, that doesn't compile to JIT, won't be able to
produce an attack vector for Meltdown and Spectre, at least by todays
knowledge. There are also other factors that say that the security
concern on the hrtime feature is to the big part not justified, still we
aim JIT in the future. Thus, adding a possibility to control the timer
resolution is a good and small enough tradeoff for safety and future.
convert_scalar_to_number() will now call cast_object() with an
_IS_NUMBER argument, in which case the cast handler should return
either an integer or floating point number, whichever is more
appropriate.
Previously convert_scalar_to_number() unconditionally converted
objects to integers instead.
Fixes bug #53033.
Fixes bug #54973.
Fixes bug #73108.
The existence of the following functions is now guaranteed:
* curl_reset()
* curl_strerror()
* curl_multi_strerror()
* curl_share_strerror()
libcurl 7.12.1 has been released more than 13 years ago and is
available even in RHEL 4.
This change may result in different mt_rand/rand sequences being
generated on 64-bit systems for a specific seed.
See also https://externals.io/message/100229.
This patch however does not drop support for the BeOS compatible variant, Haiku, see Github PR #2697 which is currently a WiP
I intentionally left out some fragments for BeOS in the build system for that seems to be bundles
It no longer includes a way to generate XML documentation (the PHP documentation utilities already got tools for that in svn under phpdoc/doc-base) and it no longer support function stubs.
$ php ext_skel.php --help
php ext_skel.php --ext=<name> [--experimental] [--author=<name>]
[--dir=<path>] [--std] [--onlyunix]
[--onlywindows] [--help]
--ext=<name> The name of the extension defined as <name>
--experimental Passed if this extension is experimental, this creates
the EXPERIMENTAL file in the root of the extension
--author=<name> Your name, this is used if --header is passed and
for the CREDITS file
--dir=<path> Path to the directory for where extension should be
created. Defaults to the directory of where this script
lives
--std If passed, the standard header and vim rules footer used
in extensions that is included in the core, will be used
--onlyunix Only generate configure scripts for Unix
--onlywindows Only generate configure scripts for Windows
--help This help
Example usage:
$ php ext_skel.php --ext test --std --experimental
$ php ext_skel.php --ext kalle --author "Kalle Sommer Nielsen"
$ php ext_skel.php --ext phpfi --dir "/home/kalle/dev/" --onlyunix
