Since libxml version 2.9.0 external entity loading is disabled by default.
Bumping the version requirement means that XML processing in PHP is no
longer vulnerable to XXE processing attacks by default.
- Fix typo in build/php.m4
- Nothing uses HAVE_INTTYPES_H; so remove check for header file
- Nothing defines ZEND_ACCONFIG_H_NO_C_PROTOS; so remove #ifndef
- `format_money` was removed in 2019, so <monetary.h> no longer needed
- Nothing uses HAVE_NETDB_H; so remove check for header file
- Nothing checks HAVE_TERMIOS_H; so remove check for header file
(This was actually added when Wez Furlong was adding the original implementation of
PTY support in `proc_open`, since replaced.)
- Nothing checks HAVE_SYS_AUXV_H; so remove check for header file
- PHP_BUILD_DATE variable is not used for anything, so remove it
This variable was added to the Makefile, but from there, was not used for anything.
The comments suggest it was intended to allow 'reproducible builds'. Presumably,
this means that if a bug is found in a PHP binary somewhere, one could look at the
Makefile which it was built from, see the date, and then could check the same
code version out from source control. But... there can easily be multiple commits
to the repo in the same day. Also, what makes us think that the Makefile which a
binary was built from will be easily available?
Besides, ext/standard/info.c already embeds the build date and time in each binary...
but it does it using `__DATE__` and `__TIME__` (see `php_print_info`).
- Nothing checks HAVE_FINITE; so don't check for function
- Grammar fix to comment in build/php.m4
- Nothing sets $php_ldflags_add_usr_lib variable in configure, so remove conditional
This was added in 2002, when Rasmus was having difficulty building PHP on some
host and needed to have /usr/lib in the rpath. It was never documented and
probably has never been used by anyone else.
I reverted this previously for 7.4 because of bug #78769. Relanding
it now for master, because I still believe that this change is
right, and if it causes complications, those indicate a bug elsewhere.
---
These were checking whether the instruction set is supported by
the host CPU, however they were only used to condition on whether
this instruction set is targeted at all. It would still use dynamic
dispatch (e.g. based on ifunc resolvers) to select the actual
implementation. Whether the target is guaranteed to support the
instruction set without dispatch is determined based on pre-defined
macros like __SSE2__.
This removes the configure-time builtin cpu checks to remove
confusion. Additionally this allows targeting an architecture that
is newer than the host architecture.
We have to actually determine the proper `SIZEOF_OFF_T`.
Interestingly, it is `4` on Windows x64.
We also have to prevent the redefinition in pg_config.h. The clean
solution would likely be to not include pg_config.h at all, but that's
out of scope for BC reasons for now.
- Support for "-shared" option is taken from libtool-2.0 that is already at lease 15 years old.
- Change PHP build system to use "-shared" instead of "--tag=disable-static".
First, fix 5547d36120: the definition of
YFLAGS was not passed into the Makefile: AC_SUBST does not suffice, we
need PHP_SUBST_OLD. While at it, allow to pass variable and value at
the same time.
Then pass -Wall to bison, rather than only -Wempty-rules.
Use %precedence where associativity is useless.
Remove useless %precedence.
GH-5138
The annotation %empty is properly enforced: warnings when it's
missing, and errors when it's inappropriate. Support for %empty was
introduced in Bison 3.0.
Pass -Wempty-rule to Bison.
Closes GH-5134
Remove the check of PHP_OPENSSL inside SETUP_OPENSSL. It's the
responsibility of the caller to determine whether they want to
enable openssl or not. This makes SSL detection in IMAP work,
which uses a different option.
Additionally also clarify that --with-openssl-dir cannot actually
be used to specify an OpenSSL directory -- these options just
serve as a way to enable OpenSSL in extensions without also
enabling the OpenSSL extension. They need to be renamed to
something clearer in master.
Closes GH-5091.
This reverts commit edccf32f7f.
This was reported to cause issues for as yet unknown reasons in
bug #78769. As this was intended as code cleanup, revert this from
7.4 at least. May reapply it to master later.
These were checking whether the instruction set is supported by
the host CPU, however they were only used to condition on whether
this instruction set is targeted at all. It would still use dynamic
dispatch (e.g. based on ifunc resolvers) to select the actual
implementation. Whether the target is guaranteed to support the
instruction set without dispatch is determined based on pre-defined
macros like __SSE2__.
This removes the configure-time builtin cpu checks to remove
confusion. Additionally this allows targeting an architecture that
is newer than the host architecture.
C99 no longer has implicit function declarations and implicit ints.
Current GCC versions enable them as an extension, but this will
change in a future GCC version.
Instead of patching configuration headers template generated by
the given tools - autoheader, this moves patching these symbols to
the configure step before creating and invoking the config.status
and before the configuration header file is generated from the
patched template.
Closes GH-4374
Instead of building a custom macro for checking configure options,
Autoconf 2.62+ already outputs a warning at the beginning and the end
of the output of configure script. It automatically detects correct
and wrong options better.
This is related also to bug #55634.
So now instead a better way is the default Autoconf approach:
This outputs a warning at the beginning and end of the configure output:
./configure --with-non-existing
This results in fatal error:
./configure --non-existing
configure: error: unrecognized option: `--non-existing'
Try `./configure --help' for more information
The `--enable-option-checking=fatal` results in fatal error for all non
existing options:
./configure --with-non-existing --enable-option-checking=fatal
configure: error: unrecognized options: --with-non-existing
Closes GH-4348
This patch removes warnings when lexer and parser files are already
generated. For example, when downloading a PHP release. Realistically,
it is not so trivial to rebuild lexer and parser files without removing
them first. And considering that tarballs don't have cleaning tools
such as Git, this would require manual removali.
Related also to https://bugs.gentoo.org/593278
