Fix bug #77950 - Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG
I do not completely understand what is going on there, but I am pretty
sure dir_entry <= offset_base if not a normal situation, so we better not
to rely on such dir_entry.
Fix #77821: Potential heap corruption in TSendMail()
`zend_string_tolower()` returns a copy (not a duplicate) of the given
string, if it is already in lower case. In this case we must not not
`zend_string_free()` both strings. The cleanest solution is to call
` zend_string_release()` on both strings, which properly handles the
refcount.
Peter Kokot [Mon, 29 Apr 2019 20:34:43 +0000 (22:34 +0200)]
Remove TSRM configuration header
TSRM configuration header file was once created by separate autoconf
build system for TSRM and is with the current code not directly needed
like this anymore.
Fix #77943: imageantialias($image, false); does not work
Firstly, we must not call `gdImageSetAntiAliased()` (which sets the
color to anti-alias), but rather modify the `gdImage.AA` flag.
Furthermore, we have to actually use the supplied boolean value.
We also make sure that we don't attempt to enable anti-aliasing for
palette images.
Fix #77943: imageantialias($image, false); does not work
Firstly, we must not call `gdImageSetAntiAliased()` (which sets the
color to anti-alias), but rather modify the `gdImage.AA` flag.
Furthermore, we have to actually use the supplied boolean value.
We also make sure that we don't attempt to enable anti-aliasing for
palette images.
The MS docs on `SQLColAttribute()`[1] state regarding the
`NumericAttributePtr` parameter:
| Please note that some drivers may only write the lower 32-bit or
| 16-bit of a buffer and leave the higher-order bit unchanged.
| Therefore, applications should initialize the value to 0 before
| calling this function.
Due to former restrictions of the libcurl API, curl multipart/formdata
file uploads supported only proper files. However, as of curl 7.56.0
the new `curl_mime_*()` API is available (and already supported by
PHP[1]), which allows us to support arbitrary *seekable* streams, which
is generally desirable, and particularly resolves issues with the
transparent Unicode and long part support on Windows (see bug #77711).
Note that older curl versions are still supported, but CURLFile is
still restricted to proper files in this case.
These tests are obviously meant to test successful and failing uri:
DSNs, but did not pass proper file:// URIs, so actually ended up
testing for invalid data source URIs twice. We fix this, and adjust
the expectations accordingly.
We also unfork the -win32 variant, since both test cases are almost
identical, and the expected error message may be either one.
Peter Kokot [Sat, 27 Apr 2019 15:21:56 +0000 (17:21 +0200)]
Simplify checking of *nix build tools
The buildmk.stamp file has been created by the *nix build checking step
to run the check step only once. Instead of poluting the project root
directory, the stamp file can be also omitted. Performance difference is
very minimal to not justify having the stamp check at all today anymore.
This patch integrates the buildcheck.sh to buildconf script directly.
Peter Kokot [Sun, 28 Apr 2019 03:15:47 +0000 (05:15 +0200)]
Remove unused TSRM/readdir.h header
This was once part of TSRM but then got refactored into the windows
implementation win32/readdir.h directly. Instead of including such files
directly code should use zend_virtual_cwd.h which is already part of the
php.h file.
MySQL/MariaDB version strings may have suffixes which may contain dots;
for instance, Debian stretch has 5.5.5-10.1.37-MariaDB-0+deb9u1 or
such. Therefore, we make the version extraction more liberal, and only
require that there are at least three parts separated by dot, and
ignore additional parts.
We also fix an erroneous test expectation, which would be triggered on
CI now, right away. This patch has been provided by petk@.
Peter Kokot [Sun, 28 Apr 2019 19:15:54 +0000 (21:15 +0200)]
Enhance the buildconf force option
The force option used to only remove the Autoconf cache files. Now it
also removes entire configure file so the configure file always gets
rebuilt when needs be done.
Additionally, the buildconf now also accepts the shorter version of the
force option:
buildconf -f
Peter Kokot [Thu, 25 Apr 2019 20:44:56 +0000 (22:44 +0200)]
Automatically remove aclocal.m4 if present
Commit 4e7064d173d2b5b22e159fcf52d22b10213b67b8 removed the usage of
`aclocal.m4`. When using Git repositories, many times cleaning of the
generated files is not done prior to running phpize or buildconf. For
example:
To not accidentally include `aclocal.m4` file in the generated configure
this enhances build system experience a bit more by removing aclocal.m4
file prior to start building configure file using phpize or buildconf.
Fix #77944: Wrong meta pdo_type for bigint on LLP64
When actually fetching the data, bigint (unsigned) column values are
returned as integers on LLP64 architectures, so their pdo_type has to
be PDO::PARAM_INT accordingly.
Add --enable-werror configure option and use it on Travis. It's not
possible to directly use CFLAGS, because it also affects configure
checks which often throw warnings.
We can't enable something similar for Windows builds at this time,
because they throw a lot more warnings.
We must not (try to) modify shared values, but rather have to use our
own copies, if unixified filenames are required on Windows. To avoid
excessive string duplication, we add checks whether the filenames are
already unixified (i.e. do not contain backslashes). To improve the
performance if we need to copy strings, we use do_alloca() and friends.
Besides generally being somewhat messy, the handling of unixified
filenames is still suboptimal performance-wise, but we leave this for a
future cleanup, and focus on fixing the issue at hand for now.
We also enable opcache.protect_memory for the AppVeyor CI.
Peter Kokot [Tue, 12 Mar 2019 23:25:07 +0000 (00:25 +0100)]
Move acinclude.m4 to build/php.m4
The acinclude.m4 file is in a usual Autotools build processed with
Automake's aclocal tool. Since PHP currently doesn't use Automake and
aclocal this file can be moved into the build directory. PHP build
system currently generates a combined aclocal.m4 file that Autoconf
can processes automatically.
However, a newer practice is writing all local macros in separate
dedicated files prefixed with package name, in PHP's case PHP_MACRO_NAME
and putting them in a common `m4` directory. PHP uses currently `build`
directory for this purpose.
Name `php.m4` probably most resembles such file for PHP's case.
PHP manually created the aclocal.m4 file from acinclude.m4 and
build/libtool.m4. Which is also not a particularly good practice [1], so
this patch also removes the generated alocal.m4 usage and uses
m4_include() calls manually in the configure.ac and phpize.m4 files
manually.
- sort order is not important but can be alphabetical
- list of *.m4 files prerequisites for configure script generation
updated
- Moving m4_include() before AC_INIT also removes all comments starting
with hash character (`#`) in the included files.
Peter Kokot [Mon, 22 Apr 2019 22:20:50 +0000 (00:20 +0200)]
Simplify libxmlrpc bundling and building
The xmlrpc library is a forked, modified and bundled into the PHP source
code. Instead of having a separate *nix build system files in the xmlrpc
library this patch removes unneeded build checks.
- AC_PROG_CC is not needed to be called by the extension itself since it
is already part of the main configure.ac and the phpize's
configure.ac.
- UNDEF_THREADS_HACK is not used in the current codebase.
- Symbols defined by XMLRPC_HEADER_CHECKS are not used in the current
code.
- Symbols defined by XMLRPC_FUNCTION_CHECKS are not used in the current
code.
- AC_PROG_RANLIB is already done by the TSRM's files and isn't needed
for the xmlrpc extension to work.
- AC_PROG_LN_S is already done by the PHP main configure.ac and also
isn't needed by the xmlrpc extension to be built.
projects / php / log