openssl: Fix spkstr and spki leak in openssl_spki_new
spkstr is not free'd when running the test and valgrind reports a leak
of 32,318 bytes. The free condition is not met since keyresource is not
NULL, apart from that OPENSSL_free actually free's the allocated memory
by OPENSSL_malloc inside OpenSSL.
Valgrind reports 768 bytes leaked in openssl_spki_new when running the
testsuite. Remove the keyresource check to always free spki.
Since PECL/sqlite3 has been moved to ext/sqlite3 in 2008, the SQLite3
module version is hardcoded to `0.7-dev`. It doesn't appear to make
much sense to have an own module version for a bundled extensions, but
as other code might rely on it, we don't remove the constant but rather
make it an alias of the PHP version.
Manuel Mausz [Thu, 8 Jun 2017 23:43:08 +0000 (01:43 +0200)]
Fixed bug #74600
Make sure the hash entry is an array.
The origin fix broke support for HOST/PATH ini sections. Only the
beginning of the string has to match. Revert this check but use
zend_binary_strncasecmp instead of strncasecmp.
Côme Bernigaud [Tue, 30 May 2017 14:45:27 +0000 (16:45 +0200)]
Merge branch 'pull-request/2536' into PHP-7.0
* pull-request/2536:
ext/ldap/test: Test that ldap_connect() uses defaults from ldap.conf (openldap)
ext/ldap: Allow default host from ldap.conf to work.
Sara Golemon [Sun, 28 May 2017 15:20:21 +0000 (08:20 -0700)]
Fix abstract name handling to be binary safe
Per unix(7):
abstract: an abstract socket address is distinguished (from a
pathname socket) by the fact that sun_path[0] is a null byte
('\0'). The socket's address in this namespace is given by the
additional bytes in sun_path that are covered by the specified
length of the address structure. (Null bytes in the name have no
special significance.) The name has no connection with filesystem
pathnames. When the address of an abstract socket is returned,
the returned addrlen is greater than sizeof(sa_family_t) (i.e.,
greater than 2), and the name of the socket is contained in the
first (addrlen - sizeof(sa_family_t)) bytes of sun_path.
The existing implementation was assuming significance in null bytes
contained in the abstract address identifier.
David Caldwell [Thu, 25 May 2017 00:41:12 +0000 (00:41 +0000)]
ext/ldap: Allow default host from ldap.conf to work.
This fixes an regression introduced in e7af0fe1eb89e40671e86a588aa1b78607b85461. Previously, calling
ldap_connect() with no parameters would pass NULL to ldap_init(),
which causes it to use the default host specified in
/etc/ldap/ldap.conf (on Ubuntu).
When the code changed to use ldap_initialize(), it initialized a uri,
even if there were no parameters passed to ldap_connect(). Because of
this, there's no way to pass a NULL into ldap_initialize(), making it
impossible to use the default uri from ldap.conf.
This commit bypasses the uri creation when there is no host argument,
passing on a NULL to ldap_initialize() which restores the old PHP 5.5
behavior.
Christian Weiske [Fri, 21 Apr 2017 19:20:00 +0000 (21:20 +0200)]
Fixed bug #51918 Phar::webPhar() does not handle requests sent through PUT and DELETE method
phar: Support DELETE, HEAD and PUT HTTP methods in Phar::webPhar
Up to now only GET and POST requests could be handled with Phar::webPhar(),
which is insufficient for today's REST APIs.
This patch expands the list of supported HTTP methods.
Michael Heimpold [Mon, 17 Apr 2017 22:22:34 +0000 (00:22 +0200)]
Fix compiler warnings when compiled against musl libc
musl libc is complaining when <sys/poll.h> is used instead of <poll.h>
so change this.
This issue was reported for OpenWrt/LEDE where musl libc is the standard
C library instead of e.g. glibc, see the following link for the original PR:
https://github.com/openwrt/packages/pull/4263
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> Signed-off-by: Michael Heimpold <mhei@heimpold.de>
--
v3: refined checks/fallback paths as suggested by @bukka
v2: rebased to resolve merge conflict in main/php_network.h
Sara Golemon [Tue, 25 Apr 2017 10:52:48 +0000 (12:52 +0200)]
Follow up patch regarding bug #74216, see bug #74429
While the case in bug #74429 is not documented and is only worky due to
an implementation bug, the strength seems to breach some real world
apps. Given this patch doesn't impact the initial security fix for
bug #74216, it is reasonable to let the apps keep working. As mentioned
in the ticket, this behavior is a subject to change in future versions
and should not be abused.
Support also no,shared configure arg vals by default
This indirectly fixes bug #74398 where --with-extname is expected to be
configured shared with our default dependency package. With a non
default deps, it still can be enforced --with-extname=static
Alexander Ilyin [Tue, 18 Apr 2017 09:44:34 +0000 (02:44 -0700)]
Update php_network.h
```
In file included from /usr/local/include/php/main/php_network.h:124:0,
from /var/www/html/php-ext-handlersocketi-0.0.1/hs_response.c:3:
/usr/include/sys/poll.h:1:2: warning: #warning redirecting incorrect #include <sys/poll.h> to <poll.h> [-Wcpp]
#warning redirecting incorrect #include <sys/poll.h> to <poll.h>
^
```
Michael Heimpold [Thu, 13 Apr 2017 20:43:26 +0000 (22:43 +0200)]
ext/gettext: respect passed in library directory for all checks
A directory given to configure by --with-gettext=dir is only
used within the very first AC_CHECK_LIB. This is because the
temporary modified LDFLAGS variable is reset too early.
This results in functions not detected properly.
The original issue and patch was reported for OpenWrt/LEDE
distribution by @Dimazhan at:
https://github.com/openwrt/packages/issues/4250
Signed-off-by: Michael Heimpold <mhei@heimpold.de>