1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
|
diff --git a/php.ini-development b/php.ini-development
index 7564350..dda3c3a 100644
--- a/php.ini-development
+++ b/php.ini-development
@@ -315,6 +315,12 @@
; or per-virtualhost web server configuration file.
; Note: disables the realpath cache
; https://php.net/open-basedir
+
+; NOTE: this is considered a "broken" security measure.
+; Applications relying on this feature will not receive full
+; support by the security team. For more information please
+; see /usr/share/doc/php-common/README.Debian.security
+;
;open_basedir =
; This directive allows you to disable certain functions.
@@ -1350,7 +1356,7 @@
; where MODE is the octal representation of the mode. Note that this
; does not overwrite the process's umask.
; https://php.net/session.save-path
-;session.save_path = "/tmp"
+;session.save_path = "/var/lib/php/sessions"
; Whether to use strict session mode.
; Strict session mode does not accept an uninitialized session ID, and
diff --git a/sapi/fpm/php-fpm.8.in b/sapi/fpm/php-fpm.8.in
index 905946e..a4cf632 100644
--- a/sapi/fpm/php-fpm.8.in
+++ b/sapi/fpm/php-fpm.8.in
@@ -139,22 +139,8 @@
.TP
.B php.ini
The standard php configuration file.
-.SH EXAMPLES
-For any unix systems which use init.d for their main process manager, you should use the init script provided to start and stop the php-fpm daemon.
-.P
-.PD 1
-.RS
-sudo /etc/init.d/php-fpm start
-.RE
-.TP
-For any unix systems which use systemd for their main process manager, you should use the unit file provided to start and stop the php-fpm daemon.
-.P
-.PD 1
-.RS
-sudo systemctl start php-fpm.service
-.RE
-.TP
-If your installation has no appropriate init script, launch php-fpm with no arguments. It will launch as a daemon (background process) by default. The file @php_fpm_localstatedir@/run/php-fpm.pid determines whether php-fpm is already up and running. Once started, php-fpm then responds to several POSIX signals:
+.SH SIGNAL
+Once started, php-fpm then responds to several POSIX signals:
.P
.PD 0
.RS
@@ -168,10 +154,6 @@
.RE
.PD 1
.P
-.SH TIPS
-The PHP-FPM CGI daemon will work well with most popular webservers, including Apache2, lighttpd and nginx.
-.PD 1
-.P
.SH SEE ALSO
The PHP-FPM website:
.PD 0
diff --git a/main/streams/plain_wrapper.c b/main/streams/plain_wrapper.c
index f8c3d89..24aec33 100644
--- a/main/streams/plain_wrapper.c
+++ b/main/streams/plain_wrapper.c
@@ -750,7 +750,13 @@
switch (value) {
case PHP_STREAM_MMAP_SUPPORTED:
- return fd == -1 ? PHP_STREAM_OPTION_RETURN_ERR : PHP_STREAM_OPTION_RETURN_OK;
+ if (fd == -1)
+ return PHP_STREAM_OPTION_RETURN_ERR;
+ /* Don't mmap large files */
+ do_fstat(data, 1);
+ if (data->sb.st_size > 4 * 1024 * 1024)
+ return PHP_STREAM_OPTION_RETURN_ERR;
+ return PHP_STREAM_OPTION_RETURN_OK;
case PHP_STREAM_MMAP_MAP_RANGE:
if (do_fstat(data, 1) != 0) {
diff --git a/ext/dba/dba.c b/ext/dba/dba.c
index 2bfc368..6face3d 100644
diff --git a/ext/dba/dba_db3.c b/ext/dba/dba_db3.c
index 2f05901..f440d34 100644
--- a/ext/dba/dba_db3.c
+++ b/ext/dba/dba_db3.c
@@ -91,9 +91,9 @@
dbp->set_errcall(dbp, php_dba_db3_errcall_fcn);
if(
#if (DB_VERSION_MAJOR > 4 || (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1))
- (err=dbp->open(dbp, 0, info->path, NULL, type, gmode, filemode)) == 0) {
+ (err=(dbp->open)(dbp, 0, info->path, NULL, type, gmode, filemode)) == 0) {
#else
- (err=dbp->open(dbp, info->path, NULL, type, gmode, filemode)) == 0) {
+ (err=(dbp->open)(dbp, info->path, NULL, type, gmode, filemode)) == 0) {
#endif
dba_db3_data *data;
diff --git a/ext/dba/dba_db4.c b/ext/dba/dba_db4.c
index 93dd36d..41e8f23 100644
--- a/ext/dba/dba_db4.c
+++ b/ext/dba/dba_db4.c
@@ -120,9 +120,9 @@
dbp->set_errcall(dbp, php_dba_db4_errcall_fcn);
if (
#if (DB_VERSION_MAJOR > 4 || (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1))
- (err=dbp->open(dbp, 0, info->path, NULL, type, gmode, filemode)) == 0) {
+ (err=(dbp->open)(dbp, 0, info->path, NULL, type, gmode, filemode)) == 0) {
#else
- (err=dbp->open(dbp, info->path, NULL, type, gmode, filemode)) == 0) {
+ (err=(dbp->open)(dbp, info->path, NULL, type, gmode, filemode)) == 0) {
#endif
dba_db4_data *data;
diff --git a/ext/standard/tests/strings/setlocale_variation2.phpt b/ext/standard/tests/strings/setlocale_variation2.phpt
index 6f62f71..d8666ba 100644
--- a/ext/standard/tests/strings/setlocale_variation2.phpt
+++ b/ext/standard/tests/strings/setlocale_variation2.phpt
@@ -47,6 +47,7 @@
//try different locale names
$failure_locale = array();
$success_count = 0;
+$expected = 0;
echo "-- Test setlocale() with all available locale in the system --\n";
// gather all locales installed in the system(stored $all_system_locales),
@@ -56,6 +57,10 @@
if(setlocale(LC_ALL,$value )){
$success_count++;
}
+ else if ($value == 'no_NO.ISO-8859-1') {
+ // ignore this one, see rhbz #971416
+ $expected++;
+ }
else{
//failure values are put in to an array $failure_locale
$failure_locale[] = $value;
@@ -64,11 +69,11 @@
echo "No of locales found on the machine = ".count($all_system_locales)."\n";
echo "No of setlocale() success = ".$success_count."\n";
-echo "Expected no of failures = 0\n";
+echo "Expected no of failures = $expected\n";
echo "Test ";
// check if there were any failure of setlocale() function earlier, if any
// failure then dump the list of failing locales
-if($success_count != count($all_system_locales)){
+if(($success_count + $expected) != count($all_system_locales)){
echo "FAILED\n";
echo "Names of locale() for which setlocale() failed ...\n";
var_dump($failure_locale);
@@ -84,6 +89,6 @@
-- Test setlocale() with all available locale in the system --
No of locales found on the machine = %d
No of setlocale() success = %d
-Expected no of failures = 0
+Expected no of failures = %d
Test PASSED
Done
diff --git a/ext/pcre/tests/grep2.phpt b/ext/pcre/tests/grep2.phpt
index 9721dfb..4c35ec3 100644
--- a/ext/pcre/tests/grep2.phpt
+++ b/ext/pcre/tests/grep2.phpt
@@ -36,12 +36,6 @@
string(1) "1"
}
bool(true)
-array(3) {
- [5]=>
- string(1) "a"
- ["xyz"]=>
- string(2) "q6"
- [6]=>
- string(3) "h20"
+array(0) {
}
-bool(false)
+bool(true)
diff --git a/ext/pcre/tests/match_flags3.phpt b/ext/pcre/tests/match_flags3.phpt
index 6511c71..05c62a0 100644
--- a/ext/pcre/tests/match_flags3.phpt
+++ b/ext/pcre/tests/match_flags3.phpt
@@ -41,5 +41,5 @@
}
}
-Warning: preg_match(): Compilation failed: %s name must start with a non-digit at offset %d in %smatch_flags3.php on line %d
+Warning: preg_match(): Numeric named subpatterns are not allowed in %smatch_flags3.php on line %d
bool(false)
|