From 9acf0a40094c1be40ea45dd355a224594ac7c1c8 Mon Sep 17 00:00:00 2001 From: Ilija Tovilo Date: Wed, 20 Nov 2024 13:41:39 +0100 Subject: [PATCH 01/52] [skip ci] Backport GA root workflow changes --- .github/workflows/root.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/root.yml b/.github/workflows/root.yml index f526e9bea30d..cefabd0394a4 100644 --- a/.github/workflows/root.yml +++ b/.github/workflows/root.yml @@ -46,12 +46,17 @@ jobs: matrix: branch: ${{ fromJson(needs.GENERATE_MATRIX.outputs.branches) }} with: - asan_ubuntu_version: '20.04' + asan_ubuntu_version: ${{ + (((matrix.branch.version[0] == 8 && matrix.branch.version[1] >= 5) || matrix.branch.version[0] >= 9) && '24.04') + || '20.04' }} branch: ${{ matrix.branch.ref }} community_verify_type_inference: ${{ (matrix.branch.version[0] == 8 && matrix.branch.version[1] >= 4) || matrix.branch.version[0] >= 9 }} libmysqlclient_with_mysqli: ${{ (matrix.branch.version[0] == 8 && matrix.branch.version[1] == 1) }} run_alpine: ${{ (matrix.branch.version[0] == 8 && matrix.branch.version[1] >= 4) || matrix.branch.version[0] >= 9 }} run_macos_arm64: ${{ (matrix.branch.version[0] == 8 && matrix.branch.version[1] >= 4) || matrix.branch.version[0] >= 9 }} - ubuntu_version: ${{ ((matrix.branch.version[0] == 8 && matrix.branch.version[1] >= 3) || matrix.branch.version[0] >= 9) && '22.04' || '20.04' }} + ubuntu_version: ${{ + (((matrix.branch.version[0] == 8 && matrix.branch.version[1] >= 5) || matrix.branch.version[0] >= 9) && '24.04') + || ((matrix.branch.version[0] == 8 && matrix.branch.version[1] >= 3) && '22.04') + || '20.04' }} windows_version: ${{ ((matrix.branch.version[0] == 8 && matrix.branch.version[1] >= 4) || matrix.branch.version[0] >= 9) && '2022' || '2019' }} secrets: inherit From c70b97d8eb833faaff74e5caa4b44e180b7ed49b Mon Sep 17 00:00:00 2001 From: Jakub Zelenka Date: Mon, 18 Nov 2024 11:05:43 +0100 Subject: [PATCH 02/52] Make MySQLnd protocol stmt test work on 32bit Closes GH-16869. --- ext/mysqli/tests/protocol_stmt_row_fetch_data.phpt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ext/mysqli/tests/protocol_stmt_row_fetch_data.phpt b/ext/mysqli/tests/protocol_stmt_row_fetch_data.phpt index d461ec24b8c0..af16a9eb2d05 100644 --- a/ext/mysqli/tests/protocol_stmt_row_fetch_data.phpt +++ b/ext/mysqli/tests/protocol_stmt_row_fetch_data.phpt @@ -40,7 +40,7 @@ $process->terminate(true); print "done!"; ?> ---EXPECT-- +--EXPECTF-- [*] Server started [*] Connection established [*] Sending - Server Greeting: 580000000a352e352e352d31302e352e31382d4d6172696144420003000000473e3f6047257c6700fef7080200ff81150000000000000f0000006c6b55463f49335f686c6431006d7973716c5f6e61746976655f70617373776f7264 @@ -80,7 +80,7 @@ string(19) "2014-12-16 13:00:01" [*] Sending - Stmt prepare data bitval: 0c0000010001000000020000000000003200000203646566087068705f74657374046461746104646174610673747276616c0673747276616c0ce000c8000000fd01100000003200000303646566087068705f74657374046461746104646174610662697476616c0662697476616c0c3f004000000010211000000005000004fe00000200 [*] Received: 0a00000017010000000001000000 [*] Sending - Stmt execute data bitval: 01000001023200000203646566087068705f74657374046461746104646174610673747276616c0673747276616c0ce000c8000000fd01100000003200000303646566087068705f74657374046461746104646174610662697476616c0662697476616c0c3f004000000010211000000005000004fe00002200100000050000047465737408080808080808080805000006fe00002200 -int(578721382704613384) +%s578721382704613384%s [*] Received: 050000001901000000200000001653454c4543542073747276616c2c2073747276616c2046524f4d2064617461 [*] Sending - Stmt prepare data strval: 0c0000010001000000020000000000003200000203646566087068705f74657374046461746104646174610673747276616c0673747276616c0ce000c8000000fd01100000003200000303646566087068705f74657374046461746104646174610673747276616c0673747276616c0ce000c8000000fd011000000005000004fe00000200 [*] Received: 0a00000017010000000001000000 From e23ac8341a7c755f1061134fc3a6ef4788f9595c Mon Sep 17 00:00:00 2001 From: Ilija Tovilo Date: Wed, 20 Nov 2024 13:53:05 +0100 Subject: [PATCH 03/52] [skip ci] Don't test mysqli with libmysqlclient 8.4 There are compile errors with 8.4 that we are no longer fixing. --- .github/workflows/nightly.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index b87b7389ef02..c4187ab5a796 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -814,12 +814,14 @@ jobs: with: withMysqli: ${{ inputs.libmysqlclient_with_mysqli }} - name: Build mysql-8.4 + if: ${{ !inputs.libmysqlclient_with_mysqli }} uses: ./.github/actions/build-libmysqlclient with: configurationParameters: ${{ !inputs.libmysqlclient_with_mysqli && '--enable-werror' || '' }} libmysql: mysql-8.4.0-linux-glibc2.28-x86_64.tar.xz withMysqli: ${{ inputs.libmysqlclient_with_mysqli }} - name: Test mysql-8.4 + if: ${{ !inputs.libmysqlclient_with_mysqli }} uses: ./.github/actions/test-libmysqlclient with: withMysqli: ${{ inputs.libmysqlclient_with_mysqli }} From aca88baf5f89c0f4ebc08232c5c6d1ac0a949a8e Mon Sep 17 00:00:00 2001 From: Ilija Tovilo Date: Fri, 15 Nov 2024 16:23:36 +0100 Subject: [PATCH 04/52] Move FreeBSD build to GitHub actions with QEMU Closes GH-16822 --- .cirrus.yml | 28 -------- .github/actions/freebsd/action.yml | 102 +++++++++++++++++++++++++++++ .github/workflows/nightly.yml | 10 +++ .github/workflows/push.yml | 8 +++ 4 files changed, 120 insertions(+), 28 deletions(-) delete mode 100644 .cirrus.yml create mode 100644 .github/actions/freebsd/action.yml diff --git a/.cirrus.yml b/.cirrus.yml deleted file mode 100644 index b4bc63538bea..000000000000 --- a/.cirrus.yml +++ /dev/null @@ -1,28 +0,0 @@ -env: - CIRRUS_CLONE_DEPTH: 1 - -freebsd_task: - name: FREEBSD_DEBUG_NTS - freebsd_instance: - image_family: freebsd-13-3 - env: - ARCH: amd64 - install_script: - #- sed -i -e 's/quarterly/latest/g' /etc/pkg/FreeBSD.conf - #- pkg upgrade -y - - kldload accf_http - - pkg install -y autoconf bison gmake re2c icu libiconv png freetype2 enchant2 bzip2 krb5 t1lib gmp tidyp libsodium libzip libxml2 libxslt openssl oniguruma pkgconf webp libavif - script: - - ./buildconf -f - - ./configure CFLAGS="-Wno-strict-prototypes -Wno-unused-but-set-variable -Wno-single-bit-bitfield-constant-conversion -Wno-unused-result" --prefix=/usr/local --enable-debug --enable-option-checking=fatal --enable-fpm --with-pdo-sqlite --without-pear --with-bz2 --with-avif --with-jpeg --with-webp --with-freetype --enable-gd --enable-exif --with-zip --with-zlib --enable-soap --enable-xmlreader --with-xsl --with-libxml --enable-shmop --enable-pcntl --enable-mbstring --with-curl --enable-sockets --with-openssl --with-iconv=/usr/local --enable-bcmath --enable-calendar --enable-ftp --with-kerberos --with-ffi --enable-zend-test --enable-dl-test=shared --enable-intl --with-mhash --with-sodium --enable-werror --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d - - gmake -j2 - - mkdir /etc/php.d - - gmake install - - echo opcache.enable_cli=1 > /etc/php.d/opcache.ini - - echo opcache.protect_memory=1 >> /etc/php.d/opcache.ini - # Specify opcache.preload_user as we're running as root. - - echo opcache.preload_user=root >> /etc/php.d/opcache.ini - tests_script: - - export SKIP_IO_CAPTURE_TESTS=1 - - export CI_NO_IPV6=1 - - sapi/cli/php run-tests.php -P -q -j2 -g FAIL,XFAIL,BORK,WARN,LEAK,XLEAK,SKIP --offline --show-diff --show-slow 1000 --set-timeout 120 -d zend_extension=opcache.so diff --git a/.github/actions/freebsd/action.yml b/.github/actions/freebsd/action.yml new file mode 100644 index 000000000000..1abc4b81992d --- /dev/null +++ b/.github/actions/freebsd/action.yml @@ -0,0 +1,102 @@ +name: FreeBSD +runs: + using: composite + steps: + - name: FreeBSD + uses: vmactions/freebsd-vm@v1 + with: + release: '13.3' + usesh: true + # Temporarily disable sqlite, as FreeBSD ships it with disabled double quotes. We'll need to fix our tests. + # https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=269889 + prepare: | + cd $GITHUB_WORKSPACE + + kldload accf_http + pkg install -y \ + autoconf \ + bison \ + gmake \ + re2c \ + icu \ + libiconv \ + png \ + freetype2 \ + enchant2 \ + bzip2 \ + t1lib \ + gmp \ + tidyp \ + libsodium \ + libzip \ + libxml2 \ + libxslt \ + openssl \ + oniguruma \ + pkgconf \ + webp \ + libavif \ + `#sqlite3` \ + curl + + ./buildconf -f + ./configure \ + --prefix=/usr/local \ + --enable-debug \ + --enable-option-checking=fatal \ + --enable-fpm \ + `#--with-pdo-sqlite` \ + --without-sqlite3 \ + --without-pdo-sqlite \ + --without-pear \ + --with-bz2 \ + --with-avif \ + --with-jpeg \ + --with-webp \ + --with-freetype \ + --enable-gd \ + --enable-exif \ + --with-zip \ + --with-zlib \ + --enable-soap \ + --enable-xmlreader \ + --with-xsl \ + --with-libxml \ + --enable-shmop \ + --enable-pcntl \ + --enable-mbstring \ + --with-curl \ + --enable-sockets \ + --with-openssl \ + --with-iconv=/usr/local \ + --enable-bcmath \ + --enable-calendar \ + --enable-ftp \ + --with-ffi \ + --enable-zend-test \ + --enable-dl-test=shared \ + --enable-intl \ + --with-mhash \ + --with-sodium \ + --with-config-file-path=/etc \ + --with-config-file-scan-dir=/etc/php.d + gmake -j2 + mkdir /etc/php.d + gmake install > /dev/null + echo opcache.enable_cli=1 > /etc/php.d/opcache.ini + echo opcache.protect_memory=1 >> /etc/php.d/opcache.ini + echo opcache.preload_user=root >> /etc/php.d/opcache.ini + run: | + cd $GITHUB_WORKSPACE + + export SKIP_IO_CAPTURE_TESTS=1 + export CI_NO_IPV6=1 + export STACK_LIMIT_DEFAULTS_CHECK=1 + sapi/cli/php run-tests.php \ + -P -q -j2 \ + -g FAIL,BORK,LEAK,XLEAK \ + --offline \ + --show-diff \ + --show-slow 1000 \ + --set-timeout 120 \ + -d zend_extension=opcache.so diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index c4187ab5a796..90e9a1d7b760 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -981,3 +981,13 @@ jobs: run: .github/scripts/windows/build.bat - name: Test run: .github/scripts/windows/test.bat + FREEBSD: + name: FREEBSD + runs-on: ubuntu-latest + steps: + - name: git checkout + uses: actions/checkout@v4 + with: + ref: ${{ inputs.branch }} + - name: FreeBSD + uses: ./.github/actions/freebsd diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index b1f84e402247..5264a3d290fa 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -170,3 +170,11 @@ jobs: run: .github/scripts/windows/build.bat - name: Test run: .github/scripts/windows/test.bat + FREEBSD: + name: FREEBSD + runs-on: ubuntu-latest + steps: + - name: git checkout + uses: actions/checkout@v4 + - name: FreeBSD + uses: ./.github/actions/freebsd From 51f5539914ae62ef8568ea1ed302dceda897c439 Mon Sep 17 00:00:00 2001 From: Jakub Zelenka Date: Sun, 24 Nov 2024 20:13:47 +0100 Subject: [PATCH 05/52] Change port for mysqli fake server auth message test --- ext/mysqli/tests/ghsa-h35g-vwh6-m678-auth-message.phpt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-auth-message.phpt b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-auth-message.phpt index db54a6c0177a..279aec6a2cba 100644 --- a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-auth-message.phpt +++ b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-auth-message.phpt @@ -6,7 +6,7 @@ mysqli Date: Sun, 24 Nov 2024 23:48:27 +0100 Subject: [PATCH 06/52] Increase MySQLi fake server read timeout for ASAN job --- ext/mysqli/tests/fake_server.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ext/mysqli/tests/fake_server.inc b/ext/mysqli/tests/fake_server.inc index b02fabc584c5..1127f6c00e3f 100644 --- a/ext/mysqli/tests/fake_server.inc +++ b/ext/mysqli/tests/fake_server.inc @@ -552,8 +552,8 @@ class my_mysqli_fake_server_conn public function read($bytes_len = 1024) { - // wait 10ms to fill the buffer - usleep(10000); + // wait 20ms to fill the buffer + usleep(20000); $data = fread($this->conn, $bytes_len); if ($data) { fprintf(STDERR, "[*] Received: %s\n", bin2hex($data)); From b263f351c46125156db356a2cfb840c06a8174af Mon Sep 17 00:00:00 2001 From: Ayesh Karunaratne Date: Sun, 24 Nov 2024 21:30:24 +0700 Subject: [PATCH 07/52] CI: FreeBSD on VM - set `copyback: false` The `vmactions/freebsd-vm` GitHub action rsyncs the work dir to to the VM. This adds a lot of log output due to `rsync -v` usage. Once the tests are compelte, the action copies the files _back_ by running `rsync` in reverse. However, we do not need these files back because we do not run any other steps that need access to the post-test files. Setting `copyback: false` disables this, and cuts the log size by about 5,000 lines. Closes Closes GH-16916. --- .github/actions/freebsd/action.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/actions/freebsd/action.yml b/.github/actions/freebsd/action.yml index 1abc4b81992d..ce9ba2445158 100644 --- a/.github/actions/freebsd/action.yml +++ b/.github/actions/freebsd/action.yml @@ -7,6 +7,7 @@ runs: with: release: '13.3' usesh: true + copyback: false # Temporarily disable sqlite, as FreeBSD ships it with disabled double quotes. We'll need to fix our tests. # https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=269889 prepare: | From 7685fb0e1c241f6a28f0f0999ba54d8d115de044 Mon Sep 17 00:00:00 2001 From: "Christoph M. Becker" Date: Mon, 25 Nov 2024 18:34:33 +0100 Subject: [PATCH 08/52] Enable GHSA-9pqp-7h25-4f32.phpt on Windows Closes GH-16933. --- tests/basic/GHSA-9pqp-7h25-4f32.phpt | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/basic/GHSA-9pqp-7h25-4f32.phpt b/tests/basic/GHSA-9pqp-7h25-4f32.phpt index 29bcb6557d5a..af8191637050 100644 --- a/tests/basic/GHSA-9pqp-7h25-4f32.phpt +++ b/tests/basic/GHSA-9pqp-7h25-4f32.phpt @@ -5,9 +5,6 @@ GHSA-9pqp-7h25-4f32 if (!getenv('TEST_PHP_CGI_EXECUTABLE')) { die("skip php-cgi not available"); } -if (substr(PHP_OS, 0, 3) == 'WIN') { - die("skip not for Windows in CI - probably resource issue"); -} ?> --FILE-- Date: Wed, 4 Dec 2024 20:43:49 +0100 Subject: [PATCH 09/52] Revert "Enable GHSA-9pqp-7h25-4f32.phpt on Windows" This reverts commit 7685fb0e1c241f6a28f0f0999ba54d8d115de044. The test fails at least for PHP-8.2+ on CI. Needs closer investigation. --- tests/basic/GHSA-9pqp-7h25-4f32.phpt | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/basic/GHSA-9pqp-7h25-4f32.phpt b/tests/basic/GHSA-9pqp-7h25-4f32.phpt index af8191637050..29bcb6557d5a 100644 --- a/tests/basic/GHSA-9pqp-7h25-4f32.phpt +++ b/tests/basic/GHSA-9pqp-7h25-4f32.phpt @@ -5,6 +5,9 @@ GHSA-9pqp-7h25-4f32 if (!getenv('TEST_PHP_CGI_EXECUTABLE')) { die("skip php-cgi not available"); } +if (substr(PHP_OS, 0, 3) == 'WIN') { + die("skip not for Windows in CI - probably resource issue"); +} ?> --FILE-- Date: Mon, 9 Dec 2024 12:33:44 +0100 Subject: [PATCH 10/52] Drop intl on macOS + PHP 8.1 build Based on the discussion in GH-16286, drop the intl build from macOS + PHP 8.1, since we cannot build with supported intl versions without too many changes. Closes GH-17092 See GH-16286 --- .github/actions/brew/action.yml | 3 +-- .github/actions/configure-macos/action.yml | 1 - 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/actions/brew/action.yml b/.github/actions/brew/action.yml index 3b36ec446ddc..5cd8d33cfa6b 100644 --- a/.github/actions/brew/action.yml +++ b/.github/actions/brew/action.yml @@ -32,5 +32,4 @@ runs: libjpeg \ libxslt \ postgresql - brew reinstall icu4c@74 - brew link icu4c gettext --force + brew link gettext --force diff --git a/.github/actions/configure-macos/action.yml b/.github/actions/configure-macos/action.yml index b21f6466c444..87627d4f8484 100644 --- a/.github/actions/configure-macos/action.yml +++ b/.github/actions/configure-macos/action.yml @@ -66,7 +66,6 @@ runs: --with-ffi \ --enable-zend-test \ --enable-dl-test=shared \ - --enable-intl \ --with-mhash \ --with-sodium \ --enable-dba \ From b0b39cdc3e5cf791ccd7f358b32ff1340a652d78 Mon Sep 17 00:00:00 2001 From: Dmitry Stogov Date: Tue, 19 Nov 2024 18:03:54 +0300 Subject: [PATCH 11/52] Backport JIT fix: set valid EX(opline) before calling gc_possible_root() (#16858) This will finally make the COMMUNTIY build of the PHP 8.1 build green. See https://github.com/php/php-src/pull/16858#issuecomment-2509010556 Closes GH-17091 --- ext/opcache/jit/zend_jit_arm64.dasc | 12 ++++++++++++ ext/opcache/jit/zend_jit_x86.dasc | 12 ++++++++++++ 2 files changed, 24 insertions(+) diff --git a/ext/opcache/jit/zend_jit_arm64.dasc b/ext/opcache/jit/zend_jit_arm64.dasc index 1583706855d4..b9a4fbc82e12 100644 --- a/ext/opcache/jit/zend_jit_arm64.dasc +++ b/ext/opcache/jit/zend_jit_arm64.dasc @@ -1533,6 +1533,9 @@ static bool logical_immediate_p(uint64_t value, uint32_t reg_size) || } | IF_GC_MAY_NOT_LEAK FCARG1x, >4, Rw(tmp_reg1), Rw(tmp_reg2) | // gc_possible_root(Z_COUNTED_P(z)) +|| if (opline) { +| SET_EX_OPLINE opline, TMP1 +|| } | EXT_CALL gc_possible_root, Rx(tmp_reg1) || } || if (cold && ((op_info) & ((MAY_BE_ANY|MAY_BE_UNDEF|MAY_BE_INDIRECT|MAY_BE_GUARD)-(MAY_BE_OBJECT|MAY_BE_RESOURCE))) != 0) { @@ -5972,6 +5975,9 @@ static int zend_jit_assign_to_variable(dasm_State **Dst, if (RC_MAY_BE_N(var_info) && (var_info & (MAY_BE_ARRAY|MAY_BE_OBJECT)) != 0) { |4: | IF_GC_MAY_NOT_LEAK FCARG1x, >8, TMP1w, TMP2w + if (opline) { + | SET_EX_OPLINE opline, REG0 + } | EXT_CALL gc_possible_root, REG0 if (in_cold) { | b >8 @@ -5999,6 +6005,9 @@ static int zend_jit_assign_to_variable(dasm_State **Dst, | GET_ZVAL_PTR FCARG1x, var_use_addr, TMP1 | GC_DELREF FCARG1x, TMP1w | IF_GC_MAY_NOT_LEAK FCARG1x, >5, TMP1w, TMP2w + if (opline) { + | SET_EX_OPLINE opline, TMP1 + } | EXT_CALL gc_possible_root, TMP1 if (Z_REG(var_use_addr) != ZREG_FP) { | ldr Rx(Z_REG(var_use_addr)), T1 // restore @@ -11980,6 +11989,9 @@ static int zend_jit_bind_global(dasm_State **Dst, const zend_op *opline, uint32_ |3: | // GC_ZVAL_CHECK_POSSIBLE_ROOT(variable_ptr) | IF_GC_MAY_NOT_LEAK FCARG1x, >5, TMP1w, TMP2w + if (opline) { + | SET_EX_OPLINE opline, REG0 + } | EXT_CALL gc_possible_root, REG0 | b >5 } diff --git a/ext/opcache/jit/zend_jit_x86.dasc b/ext/opcache/jit/zend_jit_x86.dasc index b3989a4ae254..a1d0a8e098a2 100644 --- a/ext/opcache/jit/zend_jit_x86.dasc +++ b/ext/opcache/jit/zend_jit_x86.dasc @@ -1443,6 +1443,9 @@ static size_t tsrm_tls_offset; |1: || } | IF_GC_MAY_NOT_LEAK FCARG1a, >4 +|| if (opline) { +| SET_EX_OPLINE opline, r0 +|| } | // gc_possible_root(Z_COUNTED_P(z)) | EXT_CALL gc_possible_root, r0 || } @@ -6526,6 +6529,9 @@ static int zend_jit_assign_to_variable(dasm_State **Dst, if (RC_MAY_BE_N(var_info) && (var_info & (MAY_BE_ARRAY|MAY_BE_OBJECT)) != 0) { |4: | IF_GC_MAY_NOT_LEAK FCARG1a, >8 + if (opline) { + | SET_EX_OPLINE opline, r0 + } | EXT_CALL gc_possible_root, r0 if (in_cold) { | jmp >8 @@ -6553,6 +6559,9 @@ static int zend_jit_assign_to_variable(dasm_State **Dst, | GET_ZVAL_PTR FCARG1a, var_use_addr | GC_DELREF FCARG1a | IF_GC_MAY_NOT_LEAK FCARG1a, >5 + if (opline) { + | SET_EX_OPLINE opline, r0 + } | EXT_CALL gc_possible_root, r0 if (Z_REG(var_use_addr) != ZREG_FP) { | mov Ra(Z_REG(var_use_addr)), T1 // restore @@ -12742,6 +12751,9 @@ static int zend_jit_bind_global(dasm_State **Dst, const zend_op *opline, uint32_ |3: | // GC_ZVAL_CHECK_POSSIBLE_ROOT(variable_ptr) | IF_GC_MAY_NOT_LEAK FCARG1a, >5 + if (opline) { + | SET_EX_OPLINE opline, r0 + } | EXT_CALL gc_possible_root, r1 | jmp >5 } From 806d2e073c1fe67dfe3c5791f4483f44dd991b28 Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Thu, 10 Oct 2024 22:39:19 +0200 Subject: [PATCH 12/52] Backport GH-16348 Agreed by RM: https://github.com/php/php-src/issues/16168#issuecomment-2525433557 The inline assembly uses labels with the prefix `.L`. On Linux systems this is the local label prefix. It appears that macOS uses `L` as a local prefix, which means that the prefix used in the inline assembly is not local for macOS systems [1]. When combined with inlining, this causes the compiler to get confused and merge a part of the inline assembly between different functions, causing control flow to jump from one function to another function. This is avoided on PHP 8.2 and up by the fact that it uses `zend_never_inline NOIPA`, but nothing guarantees that compiler changes won't affect this as well. To solve this issue, we instead use local labels. These will make the compiler pick the correct prefix, preventing the issue. Additionally, while here, we also change the computation of `delta`. It is undefined behaviour to compute the pointer difference between two different objects. To circumvent this, we cast first to `uintptr_t`. This change is cleanly backportable to 8.1 for vendors to pick up. [1] https://github.com/php/php-src/issues/16168#issuecomment-2404792553 With the help of investigation and testing of @ryandesign. Closes GH-16348. --- Zend/zend_string.c | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/Zend/zend_string.c b/Zend/zend_string.c index 1da3ce524852..c21b4f5d4610 100644 --- a/Zend/zend_string.c +++ b/Zend/zend_string.c @@ -397,33 +397,33 @@ ZEND_API bool ZEND_FASTCALL NO_CALLER_SAVED_REGISTERS I_REPLACE_SONAME_FNNAME_ZU #if defined(__GNUC__) && defined(__i386__) ZEND_API bool ZEND_FASTCALL zend_string_equal_val(zend_string *s1, zend_string *s2) { - char *ptr = ZSTR_VAL(s1); - size_t delta = (char*)s2 - (char*)s1; + const char *ptr = ZSTR_VAL(s1); + uintptr_t delta = (uintptr_t) s2 - (uintptr_t) s1; size_t len = ZSTR_LEN(s1); zend_ulong ret; __asm__ ( - ".LL0%=:\n\t" + "0:\n\t" "movl (%2,%3), %0\n\t" "xorl (%2), %0\n\t" - "jne .LL1%=\n\t" + "jne 1f\n\t" "addl $0x4, %2\n\t" "subl $0x4, %1\n\t" - "ja .LL0%=\n\t" + "ja 0b\n\t" "movl $0x1, %0\n\t" - "jmp .LL3%=\n\t" - ".LL1%=:\n\t" + "jmp 3f\n\t" + "1:\n\t" "cmpl $0x4,%1\n\t" - "jb .LL2%=\n\t" + "jb 2f\n\t" "xorl %0, %0\n\t" - "jmp .LL3%=\n\t" - ".LL2%=:\n\t" + "jmp 3f\n\t" + "2:\n\t" "negl %1\n\t" "lea 0x20(,%1,8), %1\n\t" "shll %b1, %0\n\t" "sete %b0\n\t" "movzbl %b0, %0\n\t" - ".LL3%=:\n" + "3:\n" : "=&a"(ret), "+c"(len), "+r"(ptr) @@ -435,33 +435,33 @@ ZEND_API bool ZEND_FASTCALL zend_string_equal_val(zend_string *s1, zend_string * #elif defined(__GNUC__) && defined(__x86_64__) && !defined(__ILP32__) ZEND_API bool ZEND_FASTCALL zend_string_equal_val(zend_string *s1, zend_string *s2) { - char *ptr = ZSTR_VAL(s1); - size_t delta = (char*)s2 - (char*)s1; + const char *ptr = ZSTR_VAL(s1); + uintptr_t delta = (uintptr_t) s2 - (uintptr_t) s1; size_t len = ZSTR_LEN(s1); zend_ulong ret; __asm__ ( - ".LL0%=:\n\t" + "0:\n\t" "movq (%2,%3), %0\n\t" "xorq (%2), %0\n\t" - "jne .LL1%=\n\t" + "jne 1f\n\t" "addq $0x8, %2\n\t" "subq $0x8, %1\n\t" - "ja .LL0%=\n\t" + "ja 0b\n\t" "movq $0x1, %0\n\t" - "jmp .LL3%=\n\t" - ".LL1%=:\n\t" + "jmp 3f\n\t" + "1:\n\t" "cmpq $0x8,%1\n\t" - "jb .LL2%=\n\t" + "jb 2f\n\t" "xorq %0, %0\n\t" - "jmp .LL3%=\n\t" - ".LL2%=:\n\t" + "jmp 3f\n\t" + "2:\n\t" "negq %1\n\t" "lea 0x40(,%1,8), %1\n\t" "shlq %b1, %0\n\t" "sete %b0\n\t" "movzbq %b0, %0\n\t" - ".LL3%=:\n" + "3:\n" : "=&a"(ret), "+c"(len), "+r"(ptr) From 39c292b1eb9543b26be7484c6e94bdb9afc333d5 Mon Sep 17 00:00:00 2001 From: Jakub Zelenka Date: Mon, 9 Dec 2024 20:33:05 +0100 Subject: [PATCH 13/52] Use empheral port for mysqli fake server tests --- ext/mysqli/tests/fake_server.inc | 34 ++++++++++++++----- .../ghsa-h35g-vwh6-m678-auth-message.phpt | 9 +++-- ext/mysqli/tests/ghsa-h35g-vwh6-m678-def.phpt | 8 ++--- .../tests/ghsa-h35g-vwh6-m678-filename.phpt | 7 ++-- ...hsa-h35g-vwh6-m678-query-len-overflow.phpt | 7 ++-- .../ghsa-h35g-vwh6-m678-stmt-row-bit.phpt | 7 ++-- .../ghsa-h35g-vwh6-m678-stmt-row-date.phpt | 7 ++-- ...ghsa-h35g-vwh6-m678-stmt-row-datetime.phpt | 7 ++-- .../ghsa-h35g-vwh6-m678-stmt-row-double.phpt | 7 ++-- .../ghsa-h35g-vwh6-m678-stmt-row-float.phpt | 7 ++-- .../ghsa-h35g-vwh6-m678-stmt-row-int.phpt | 7 ++-- ...ghsa-h35g-vwh6-m678-stmt-row-no-space.phpt | 7 ++-- .../ghsa-h35g-vwh6-m678-stmt-row-string.phpt | 7 ++-- .../ghsa-h35g-vwh6-m678-stmt-row-time.phpt | 7 ++-- .../tests/protocol_query_row_fetch_data.phpt | 9 +++-- .../tests/protocol_stmt_row_fetch_data.phpt | 7 ++-- 16 files changed, 72 insertions(+), 72 deletions(-) diff --git a/ext/mysqli/tests/fake_server.inc b/ext/mysqli/tests/fake_server.inc index 1127f6c00e3f..d6afbb049773 100644 --- a/ext/mysqli/tests/fake_server.inc +++ b/ext/mysqli/tests/fake_server.inc @@ -615,9 +615,11 @@ class my_mysqli_fake_server_conn class my_mysqli_fake_server_process { + private int $port; + public function __construct(private $process, private array $pipes) {} - public function terminate(bool $wait = false) + public function terminate(bool $wait = false): void { if ($wait) { $this->wait(); @@ -625,9 +627,18 @@ class my_mysqli_fake_server_process proc_terminate($this->process); } - public function wait() + public function wait(): void { - echo fgets($this->pipes[1]); + $line = fgets($this->pipes[1]); + if (preg_match('/\[\*\] Server started on \d+\.\d+\.\d+\.\d+:(\d+)/', $line, $matches)) { + $this->port = (int)$matches[1]; + } + echo $line; + } + + public function getPort(): int + { + return $this->port ?? throw new RuntimeException("Port not set"); } } @@ -807,15 +818,20 @@ function my_mysqli_test_query_response_row_read_two_fields(my_mysqli_fake_server } } -function run_fake_server(string $test_function, $port = 33305): void +function run_fake_server(string $test_function, int|string $port = 0): int { - $address = '127.0.0.1'; + $host = '127.0.0.1'; - $socket = @stream_socket_server("tcp://$address:$port", $errno, $errstr); + $socket = @stream_socket_server("tcp://$host:$port", $errno, $errstr); if (!$socket) { die("Failed to create socket: $errstr ($errno)\n"); } - echo "[*] Server started\n"; + if (intval($port) === 0) { + $address = stream_socket_get_name($socket, false); + list($host, $port) = explode(":", $address); + } + + echo "[*] Server started on $host:$port\n"; try { $conn = new my_mysqli_fake_server_conn($socket); @@ -832,7 +848,7 @@ function run_fake_server(string $test_function, $port = 33305): void } -function run_fake_server_in_background($test_function, $port = 33305): my_mysqli_fake_server_process +function run_fake_server_in_background($test_function, $port = 0): my_mysqli_fake_server_process { $command = [PHP_BINARY, '-n', __FILE__, 'mysqli_fake_server', $test_function, $port]; @@ -852,5 +868,5 @@ function run_fake_server_in_background($test_function, $port = 33305): my_mysqli } if (isset($argv) && $argc > 2 && $argv[1] == 'mysqli_fake_server') { - run_fake_server($argv[2], $argv[3] ?? '33305'); + run_fake_server($argv[2], $argv[3] ?? 0); } diff --git a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-auth-message.phpt b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-auth-message.phpt index 279aec6a2cba..666f47f4199f 100644 --- a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-auth-message.phpt +++ b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-auth-message.phpt @@ -6,16 +6,15 @@ mysqli wait(); try { - $conn = new mysqli( $servername, $username, $password, "", $port ); + $conn = new mysqli( $servername, $username, $password, "", $process->getPort()); $info = mysqli_info($conn); var_dump($info); } catch (Exception $e) { @@ -27,12 +26,12 @@ $process->terminate(); print "done!"; ?> --EXPECTF-- -[*] Server started +[*] Server started on 127.0.0.1:%d [*] Connection established [*] Sending - Server Greeting: 580000000a352e352e352d31302e352e31382d4d6172696144420003000000473e3f6047257c6700fef7080200ff81150000000000000f0000006c6b55463f49335f686c6431006d7973716c5f6e61746976655f70617373776f7264 [*] Received: 6900000185a21a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 [*] Sending - Malicious OK Auth Response [Extract heap through buffer over-read]: 0900000200000002000000fcff Warning: mysqli::__construct(): OK packet message length is past the packet size in %s on line %d -Unknown error while trying to connect via tcp://127.0.0.1:33305 +Unknown error while trying to connect via tcp://127.0.0.1:%d done! diff --git a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-def.phpt b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-def.phpt index 77f2232eca68..0883962321d2 100644 --- a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-def.phpt +++ b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-def.phpt @@ -6,16 +6,14 @@ mysqli wait(); -$conn = new mysqli($servername, $username, $password, "", $port); +$conn = new mysqli($servername, $username, $password, "", $process->getPort()); echo "[*] Running query on the fake server...\n"; @@ -34,7 +32,7 @@ $process->terminate(); print "done!"; ?> --EXPECTF-- -[*] Server started +[*] Server started on 127.0.0.1:%d [*] Connection established [*] Sending - Server Greeting: 580000000a352e352e352d31302e352e31382d4d6172696144420003000000473e3f6047257c6700fef7080200ff81150000000000000f0000006c6b55463f49335f686c6431006d7973716c5f6e61746976655f70617373776f7264 [*] Received: 6900000185a21a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 diff --git a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-filename.phpt b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-filename.phpt index 0b4db8ccece9..c397399a278a 100644 --- a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-filename.phpt +++ b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-filename.phpt @@ -6,15 +6,14 @@ mysqli wait(); -$conn = new mysqli($servername, $username, $password, "", $port); +$conn = new mysqli($servername, $username, $password, "", $process->getPort()); echo "[*] Running query on the fake server...\n"; $result = $conn->query("SELECT * from users"); @@ -27,7 +26,7 @@ $process->terminate(); print "done!"; ?> --EXPECTF-- -[*] Server started +[*] Server started on 127.0.0.1:%d [*] Connection established [*] Sending - Server Greeting: 580000000a352e352e352d31302e352e31382d4d6172696144420003000000473e3f6047257c6700fef7080200ff81150000000000000f0000006c6b55463f49335f686c6431006d7973716c5f6e61746976655f70617373776f7264 [*] Received: 6900000185a21a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 diff --git a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-query-len-overflow.phpt b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-query-len-overflow.phpt index f141a79bdaa8..797acbedff9a 100644 --- a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-query-len-overflow.phpt +++ b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-query-len-overflow.phpt @@ -6,15 +6,14 @@ mysqli wait(); -$conn = new mysqli($servername, $username, $password, "", $port); +$conn = new mysqli($servername, $username, $password, "", $process->getPort()); echo "[*] Query the fake server...\n"; $sql = "SELECT strval, strval FROM data"; @@ -33,7 +32,7 @@ $process->terminate(true); print "done!"; ?> --EXPECTF-- -[*] Server started +[*] Server started on 127.0.0.1:%d [*] Connection established [*] Sending - Server Greeting: 580000000a352e352e352d31302e352e31382d4d6172696144420003000000473e3f6047257c6700fef7080200ff81150000000000000f0000006c6b55463f49335f686c6431006d7973716c5f6e61746976655f70617373776f7264 [*] Received: 6900000185a21a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 diff --git a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-bit.phpt b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-bit.phpt index e43518217eb6..bf64bb62d1e6 100644 --- a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-bit.phpt +++ b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-bit.phpt @@ -6,15 +6,14 @@ mysqli wait(); -$conn = new mysqli($servername, $username, $password, "", $port); +$conn = new mysqli($servername, $username, $password, "", $process->getPort()); echo "[*] Preparing statement on the fake server...\n"; $stmt = $conn->prepare("SELECT bitval, timval FROM data"); @@ -36,7 +35,7 @@ $process->terminate(true); print "done!"; ?> --EXPECTF-- -[*] Server started +[*] Server started on 127.0.0.1:%d [*] Connection established [*] Sending - Server Greeting: 580000000a352e352e352d31302e352e31382d4d6172696144420003000000473e3f6047257c6700fef7080200ff81150000000000000f0000006c6b55463f49335f686c6431006d7973716c5f6e61746976655f70617373776f7264 [*] Received: 6900000185a21a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 diff --git a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-date.phpt b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-date.phpt index 76158e940d09..99a7381994ae 100644 --- a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-date.phpt +++ b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-date.phpt @@ -6,15 +6,14 @@ mysqli wait(); -$conn = new mysqli($servername, $username, $password, "", $port); +$conn = new mysqli($servername, $username, $password, "", $process->getPort()); echo "[*] Preparing statement on the fake server...\n"; $stmt = $conn->prepare("SELECT strval, datval FROM data"); @@ -36,7 +35,7 @@ $process->terminate(true); print "done!"; ?> --EXPECTF-- -[*] Server started +[*] Server started on 127.0.0.1:%d [*] Connection established [*] Sending - Server Greeting: 580000000a352e352e352d31302e352e31382d4d6172696144420003000000473e3f6047257c6700fef7080200ff81150000000000000f0000006c6b55463f49335f686c6431006d7973716c5f6e61746976655f70617373776f7264 [*] Received: 6900000185a21a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 diff --git a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-datetime.phpt b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-datetime.phpt index f53d5b83bd43..c6b9bd79fa98 100644 --- a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-datetime.phpt +++ b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-datetime.phpt @@ -6,15 +6,14 @@ mysqli wait(); -$conn = new mysqli($servername, $username, $password, "", $port); +$conn = new mysqli($servername, $username, $password, "", $process->getPort()); echo "[*] Preparing statement on the fake server...\n"; $stmt = $conn->prepare("SELECT strval, dtival FROM data"); @@ -36,7 +35,7 @@ $process->terminate(true); print "done!"; ?> --EXPECTF-- -[*] Server started +[*] Server started on 127.0.0.1:%d [*] Connection established [*] Sending - Server Greeting: 580000000a352e352e352d31302e352e31382d4d6172696144420003000000473e3f6047257c6700fef7080200ff81150000000000000f0000006c6b55463f49335f686c6431006d7973716c5f6e61746976655f70617373776f7264 [*] Received: 6900000185a21a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 diff --git a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-double.phpt b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-double.phpt index 03c9b045d737..460321d2ee5d 100644 --- a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-double.phpt +++ b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-double.phpt @@ -6,15 +6,14 @@ mysqli wait(); -$conn = new mysqli($servername, $username, $password, "", $port); +$conn = new mysqli($servername, $username, $password, "", $process->getPort()); echo "[*] Preparing statement on the fake server...\n"; $stmt = $conn->prepare("SELECT strval, dblval FROM data"); @@ -36,7 +35,7 @@ $process->terminate(true); print "done!"; ?> --EXPECTF-- -[*] Server started +[*] Server started on 127.0.0.1:%d [*] Connection established [*] Sending - Server Greeting: 580000000a352e352e352d31302e352e31382d4d6172696144420003000000473e3f6047257c6700fef7080200ff81150000000000000f0000006c6b55463f49335f686c6431006d7973716c5f6e61746976655f70617373776f7264 [*] Received: 6900000185a21a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 diff --git a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-float.phpt b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-float.phpt index b1ec9aa51eca..a1ea19bb4f6b 100644 --- a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-float.phpt +++ b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-float.phpt @@ -6,15 +6,14 @@ mysqli wait(); -$conn = new mysqli($servername, $username, $password, "", $port); +$conn = new mysqli($servername, $username, $password, "", $process->getPort()); echo "[*] Preparing statement on the fake server...\n"; $stmt = $conn->prepare("SELECT strval, fltval FROM data"); @@ -36,7 +35,7 @@ $process->terminate(true); print "done!"; ?> --EXPECTF-- -[*] Server started +[*] Server started on 127.0.0.1:%d [*] Connection established [*] Sending - Server Greeting: 580000000a352e352e352d31302e352e31382d4d6172696144420003000000473e3f6047257c6700fef7080200ff81150000000000000f0000006c6b55463f49335f686c6431006d7973716c5f6e61746976655f70617373776f7264 [*] Received: 6900000185a21a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 diff --git a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-int.phpt b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-int.phpt index 426d9ea7b3f9..839fadb21f0e 100644 --- a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-int.phpt +++ b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-int.phpt @@ -6,15 +6,14 @@ mysqli wait(); -$conn = new mysqli($servername, $username, $password, "", $port); +$conn = new mysqli($servername, $username, $password, "", $process->getPort()); echo "[*] Preparing statement on the fake server...\n"; $stmt = $conn->prepare("SELECT strval, intval FROM data"); @@ -36,7 +35,7 @@ $process->terminate(true); print "done!"; ?> --EXPECTF-- -[*] Server started +[*] Server started on 127.0.0.1:%d [*] Connection established [*] Sending - Server Greeting: 580000000a352e352e352d31302e352e31382d4d6172696144420003000000473e3f6047257c6700fef7080200ff81150000000000000f0000006c6b55463f49335f686c6431006d7973716c5f6e61746976655f70617373776f7264 [*] Received: 6900000185a21a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 diff --git a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-no-space.phpt b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-no-space.phpt index 6db6952d42a1..ce028483dec2 100644 --- a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-no-space.phpt +++ b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-no-space.phpt @@ -6,15 +6,14 @@ mysqli wait(); -$conn = new mysqli($servername, $username, $password, "", $port); +$conn = new mysqli($servername, $username, $password, "", $process->getPort()); echo "[*] Preparing statement on the fake server...\n"; $stmt = $conn->prepare("SELECT strval, strval FROM data"); @@ -36,7 +35,7 @@ $process->terminate(true); print "done!"; ?> --EXPECTF-- -[*] Server started +[*] Server started on 127.0.0.1:%d [*] Connection established [*] Sending - Server Greeting: 580000000a352e352e352d31302e352e31382d4d6172696144420003000000473e3f6047257c6700fef7080200ff81150000000000000f0000006c6b55463f49335f686c6431006d7973716c5f6e61746976655f70617373776f7264 [*] Received: 6900000185a21a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 diff --git a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-string.phpt b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-string.phpt index 55bad4cc544a..e40ed1d58c7f 100644 --- a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-string.phpt +++ b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-string.phpt @@ -6,15 +6,14 @@ mysqli wait(); -$conn = new mysqli($servername, $username, $password, "", $port); +$conn = new mysqli($servername, $username, $password, "", $process->getPort()); echo "[*] Preparing statement on the fake server...\n"; $stmt = $conn->prepare("SELECT item FROM items"); @@ -36,7 +35,7 @@ $process->terminate(true); print "done!"; ?> --EXPECTF-- -[*] Server started +[*] Server started on 127.0.0.1:%d [*] Connection established [*] Sending - Server Greeting: 580000000a352e352e352d31302e352e31382d4d6172696144420003000000473e3f6047257c6700fef7080200ff81150000000000000f0000006c6b55463f49335f686c6431006d7973716c5f6e61746976655f70617373776f7264 [*] Received: 6900000185a21a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 diff --git a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-time.phpt b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-time.phpt index 06918c375f31..6aa58898a8d5 100644 --- a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-time.phpt +++ b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-time.phpt @@ -6,15 +6,14 @@ mysqli wait(); -$conn = new mysqli($servername, $username, $password, "", $port); +$conn = new mysqli($servername, $username, $password, "", $process->getPort()); echo "[*] Preparing statement on the fake server...\n"; $stmt = $conn->prepare("SELECT strval, timval FROM data"); @@ -36,7 +35,7 @@ $process->terminate(true); print "done!"; ?> --EXPECTF-- -[*] Server started +[*] Server started on 127.0.0.1:%d [*] Connection established [*] Sending - Server Greeting: 580000000a352e352e352d31302e352e31382d4d6172696144420003000000473e3f6047257c6700fef7080200ff81150000000000000f0000006c6b55463f49335f686c6431006d7973716c5f6e61746976655f70617373776f7264 [*] Received: 6900000185a21a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 diff --git a/ext/mysqli/tests/protocol_query_row_fetch_data.phpt b/ext/mysqli/tests/protocol_query_row_fetch_data.phpt index 524fe5e587c6..22f9712ef7fb 100644 --- a/ext/mysqli/tests/protocol_query_row_fetch_data.phpt +++ b/ext/mysqli/tests/protocol_query_row_fetch_data.phpt @@ -6,15 +6,14 @@ mysqli wait(); -$conn = new mysqli($servername, $username, $password, "", $port); +$conn = new mysqli($servername, $username, $password, "", $process->getPort()); function my_query($conn, $field) { @@ -39,8 +38,8 @@ $process->terminate(true); print "done!"; ?> ---EXPECT-- -[*] Server started +--EXPECTF-- +[*] Server started on 127.0.0.1:%d [*] Connection established [*] Sending - Server Greeting: 580000000a352e352e352d31302e352e31382d4d6172696144420003000000473e3f6047257c6700fef7080200ff81150000000000000f0000006c6b55463f49335f686c6431006d7973716c5f6e61746976655f70617373776f7264 [*] Received: 6900000185a21a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 diff --git a/ext/mysqli/tests/protocol_stmt_row_fetch_data.phpt b/ext/mysqli/tests/protocol_stmt_row_fetch_data.phpt index af16a9eb2d05..6e689f9d2be5 100644 --- a/ext/mysqli/tests/protocol_stmt_row_fetch_data.phpt +++ b/ext/mysqli/tests/protocol_stmt_row_fetch_data.phpt @@ -6,15 +6,14 @@ mysqli wait(); -$conn = new mysqli($servername, $username, $password, "", $port); +$conn = new mysqli($servername, $username, $password, "", $process->getPort()); function my_query($conn, $field) { @@ -41,7 +40,7 @@ $process->terminate(true); print "done!"; ?> --EXPECTF-- -[*] Server started +[*] Server started on 127.0.0.1:%d [*] Connection established [*] Sending - Server Greeting: 580000000a352e352e352d31302e352e31382d4d6172696144420003000000473e3f6047257c6700fef7080200ff81150000000000000f0000006c6b55463f49335f686c6431006d7973716c5f6e61746976655f70617373776f7264 [*] Received: 6900000185a21a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 From 8a9d45b86f89bbaffa6e3f30eb8b75b39c509a1d Mon Sep 17 00:00:00 2001 From: Ilija Tovilo Date: Fri, 13 Sep 2024 15:29:21 +0200 Subject: [PATCH 14/52] Backport flaky flag for phar tests 4e12189604d76396f8c3b9d5dda6e8757f1d8618 b6ca871396328befca3f4e65a49a81b47cea1ced 062837aa13a72febf0fb14fd2b8afda338ee3f0a --- ext/phar/tests/033a.phpt | 6 ++++++ ext/phar/tests/phar_oo_002.phpt | 6 ++++++ ext/phar/tests/phar_oo_iswriteable.phpt | 6 ++++++ ext/phar/tests/stat.phpt | 6 ++++++ ext/phar/tests/tar/033a.phpt | 6 ++++++ ext/phar/tests/zip/033a.phpt | 6 ++++++ ext/posix/tests/posix_getgrnam_basic.phpt | 5 ++++- ext/posix/tests/posix_getgroups_basic.phpt | 6 ++++++ run-tests.php | 3 +++ 9 files changed, 49 insertions(+), 1 deletion(-) diff --git a/ext/phar/tests/033a.phpt b/ext/phar/tests/033a.phpt index c36c5c685398..355617b29f93 100644 --- a/ext/phar/tests/033a.phpt +++ b/ext/phar/tests/033a.phpt @@ -5,6 +5,12 @@ phar --INI-- phar.readonly=1 phar.require_hash=0 +--SKIPIF-- + --FILE-- --FILE-- --FILE-- --FILE-- --FILE-- --FILE-- --FILE-- --FILE-- setSection('XFAIL', ltrim(substr($output, 5))); + } elseif (!strncasecmp('flaky', $output, 5)) { + // Pretend we have a FLAKY section + $test->setSection('FLAKY', ltrim(substr($output, 5))); } elseif ($output !== '') { show_result("BORK", $output, $tested_file, 'reason: invalid output from SKIPIF', $temp_filenames); $PHP_FAILED_TESTS['BORKED'][] = [ From b8731767d83acf5ae2be6a26eab7f6721c94eb64 Mon Sep 17 00:00:00 2001 From: Jakub Zelenka Date: Mon, 16 Dec 2024 20:24:51 +0100 Subject: [PATCH 15/52] Fix GH-16955: Use empheral ports for OpenSSL server client tests And refactor some client server tests. Closes GH-17180 --- ext/openssl/tests/ServerClientTestCase.inc | 65 ++++++++++++++----- ext/openssl/tests/bug46127.phpt | 7 +- ext/openssl/tests/bug48182.phpt | 7 +- ext/openssl/tests/bug54992.phpt | 9 ++- ext/openssl/tests/bug62890.phpt | 8 +-- ext/openssl/tests/bug65538_001.phpt | 7 +- ext/openssl/tests/bug65538_003.phpt | 7 +- ext/openssl/tests/bug65729.phpt | 12 ++-- ext/openssl/tests/bug68265.phpt | 8 +-- ext/openssl/tests/bug68879.phpt | 8 +-- ext/openssl/tests/bug68920.phpt | 8 +-- ext/openssl/tests/bug69215.phpt | 8 +-- ext/openssl/tests/bug72333.phpt | 7 +- ext/openssl/tests/bug73072.phpt | 8 +-- ext/openssl/tests/bug74159.phpt | 8 +-- ext/openssl/tests/bug76705.phpt | 7 +- ext/openssl/tests/bug77390.phpt | 18 ++--- ext/openssl/tests/capture_peer_cert_001.phpt | 7 +- .../tests/openssl_peer_fingerprint_basic.phpt | 10 ++- ext/openssl/tests/peer_verification.phpt | 8 +-- ext/openssl/tests/san_ipv6_peer_matching.phpt | 10 ++- ext/openssl/tests/san_peer_matching.phpt | 10 ++- ext/openssl/tests/session_meta_capture.phpt | 8 +-- .../tests/session_meta_capture_tlsv13.phpt | 13 ++-- ext/openssl/tests/sni_server.phpt | 12 ++-- ext/openssl/tests/sni_server_key_cert.phpt | 12 ++-- .../tests/stream_crypto_flags_001.phpt | 8 +-- .../tests/stream_crypto_flags_002.phpt | 8 +-- .../tests/stream_crypto_flags_003.phpt | 8 +-- .../tests/stream_crypto_flags_004.phpt | 8 +-- ext/openssl/tests/stream_security_level.phpt | 9 ++- .../tests/stream_server_reneg_limit.phpt | 2 +- .../tests/stream_verify_peer_name_001.phpt | 7 +- .../tests/stream_verify_peer_name_002.phpt | 7 +- .../tests/stream_verify_peer_name_003.phpt | 9 ++- ext/openssl/tests/streams_crypto_method.phpt | 7 +- .../tests/tls_min_v1.0_max_v1.1_wrapper.phpt | 18 +++-- ext/openssl/tests/tls_wrapper.phpt | 18 +++-- .../tests/tls_wrapper_with_tls_v1.3.phpt | 20 +++--- ext/openssl/tests/tlsv1.0_wrapper.phpt | 12 ++-- ext/openssl/tests/tlsv1.1_wrapper.phpt | 12 ++-- ext/openssl/tests/tlsv1.2_wrapper.phpt | 12 ++-- ext/openssl/tests/tlsv1.3_wrapper.phpt | 12 ++-- .../stream_context_tcp_nodelay_server.phpt | 40 +++++------- 44 files changed, 236 insertions(+), 273 deletions(-) diff --git a/ext/openssl/tests/ServerClientTestCase.inc b/ext/openssl/tests/ServerClientTestCase.inc index 753366df6f4b..61d45385b624 100644 --- a/ext/openssl/tests/ServerClientTestCase.inc +++ b/ext/openssl/tests/ServerClientTestCase.inc @@ -4,14 +4,19 @@ const WORKER_ARGV_VALUE = 'RUN_WORKER'; const WORKER_DEFAULT_NAME = 'server'; -function phpt_notify($worker = WORKER_DEFAULT_NAME) +function phpt_notify(string $worker = WORKER_DEFAULT_NAME, string $message = ""): void { - ServerClientTestCase::getInstance()->notify($worker); + ServerClientTestCase::getInstance()->notify($worker, $message); } -function phpt_wait($worker = WORKER_DEFAULT_NAME, $timeout = null) +function phpt_wait($worker = WORKER_DEFAULT_NAME, $timeout = null): ?string { - ServerClientTestCase::getInstance()->wait($worker, $timeout); + return ServerClientTestCase::getInstance()->wait($worker, $timeout); +} + +function phpt_notify_server_start($server): void +{ + ServerClientTestCase::getInstance()->notify_server_start($server); } function phpt_has_sslv3() { @@ -119,43 +124,73 @@ class ServerClientTestCase eval($code); } - public function run($masterCode, $workerCode) + /** + * Run client and all workers + * + * @param string $clientCode The client PHP code + * @param string|array $workerCode + * @param bool $ephemeral Select whether automatic port selection and automatic awaiting is used + * @return void + * @throws Exception + */ + public function run(string $clientCode, string|array $workerCode, bool $ephemeral = true): void { if (!is_array($workerCode)) { $workerCode = [WORKER_DEFAULT_NAME => $workerCode]; } - foreach ($workerCode as $worker => $code) { + reset($workerCode); + $code = current($workerCode); + $worker = key($workerCode); + while ($worker != null) { $this->spawnWorkerProcess($worker, $this->stripPhpTagsFromCode($code)); + $code = next($workerCode); + if ($ephemeral) { + $addr = trim($this->wait($worker)); + if (empty($addr)) { + throw new \Exception("Failed server start"); + } + if ($code === false) { + $clientCode = preg_replace('/{{\s*ADDR\s*}}/', $addr, $clientCode); + } else { + $code = preg_replace('/{{\s*ADDR\s*}}/', $addr, $code); + } + } + $worker = key($workerCode); } - eval($this->stripPhpTagsFromCode($masterCode)); + + eval($this->stripPhpTagsFromCode($clientCode)); foreach ($workerCode as $worker => $code) { $this->cleanupWorkerProcess($worker); } } - public function wait($worker, $timeout = null) + public function wait($worker, $timeout = null): ?string { $handle = $this->isWorker ? STDIN : $this->workerStdOut[$worker]; if ($timeout === null) { - fgets($handle); - return true; + return fgets($handle); } stream_set_blocking($handle, false); $read = [$handle]; $result = stream_select($read, $write, $except, $timeout); if (!$result) { - return false; + return null; } - fgets($handle); + $result = fgets($handle); stream_set_blocking($handle, true); - return true; + return $result; + } + + public function notify(string $worker, string $message = ""): void + { + fwrite($this->isWorker ? STDOUT : $this->workerStdIn[$worker], "$message\n"); } - public function notify($worker) + public function notify_server_start($server): void { - fwrite($this->isWorker ? STDOUT : $this->workerStdIn[$worker], "\n"); + echo stream_socket_get_name($server, false) . "\n"; } } diff --git a/ext/openssl/tests/bug46127.phpt b/ext/openssl/tests/bug46127.phpt index 72b7bd748861..7c38192fca95 100644 --- a/ext/openssl/tests/bug46127.phpt +++ b/ext/openssl/tests/bug46127.phpt @@ -11,14 +11,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); $certFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug46127.pem.tmp'; $serverCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://127.0.0.1:0"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ 'local_cert' => '%s', ]]); $sock = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); - phpt_notify(); + phpt_notify_server_start($sock); $link = stream_socket_accept($sock); fwrite($link, "Sending bug 46127\n"); @@ -26,7 +26,7 @@ CODE; $serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://{{ ADDR }}"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ @@ -34,7 +34,6 @@ $clientCode = <<<'CODE' 'verify_peer_name' => false ]]); - phpt_wait(); $sock = stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx); echo fgets($sock); diff --git a/ext/openssl/tests/bug48182.phpt b/ext/openssl/tests/bug48182.phpt index b5fa518a8f4d..057b257038f2 100644 --- a/ext/openssl/tests/bug48182.phpt +++ b/ext/openssl/tests/bug48182.phpt @@ -12,14 +12,14 @@ $certFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug48182.pem.tmp'; $cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug48182-ca.pem.tmp'; $serverCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://127.0.0.1:0"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); - phpt_notify(); + phpt_notify_server_start($server); $client = @stream_socket_accept($server, 1); @@ -30,14 +30,13 @@ $serverCode = sprintf($serverCode, $certFile); $peerName = 'bug48182'; $clientCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://{{ ADDR }}"; $clientFlags = STREAM_CLIENT_CONNECT | STREAM_CLIENT_ASYNC_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'cafile' => '%s', 'peer_name' => '%s' ]]); - phpt_wait(); $client = stream_socket_client($serverUri, $errno, $errstr, 10, $clientFlags, $clientCtx); $data = "Sending data over to SSL server in async mode with contents like Hello World\n"; diff --git a/ext/openssl/tests/bug54992.phpt b/ext/openssl/tests/bug54992.phpt index 5cf65ff7a05b..bc5df171c5f0 100644 --- a/ext/openssl/tests/bug54992.phpt +++ b/ext/openssl/tests/bug54992.phpt @@ -12,14 +12,14 @@ $certFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug54992.pem.tmp'; $cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug54992-ca.pem.tmp'; $serverCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://127.0.0.1:0"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ 'local_cert' => '%s', ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); - phpt_notify(); + phpt_notify_server_start($server); @stream_socket_accept($server, 1); CODE; @@ -28,7 +28,7 @@ $serverCode = sprintf($serverCode, $certFile); $peerName = 'bug54992_actual_peer_name'; $wrongPeerName = 'bug54992_expected_peer_name'; $clientCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://{{ ADDR }}"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, @@ -36,7 +36,6 @@ $clientCode = <<<'CODE' 'peer_name' => '%s', ]]); - phpt_wait(); $client = stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx); var_dump($client); @@ -61,5 +60,5 @@ Warning: stream_socket_client(): Peer certificate CN=`bug54992_actual_peer_name' Warning: stream_socket_client(): Failed to enable crypto in %s on line %d -Warning: stream_socket_client(): Unable to connect to ssl://127.0.0.1:64321 (Unknown error) in %s on line %d +Warning: stream_socket_client(): Unable to connect to ssl://127.0.0.1:%d (Unknown error) in %s on line %d bool(false) diff --git a/ext/openssl/tests/bug62890.phpt b/ext/openssl/tests/bug62890.phpt index f8b3ee860519..aa9bec0e6963 100644 --- a/ext/openssl/tests/bug62890.phpt +++ b/ext/openssl/tests/bug62890.phpt @@ -19,8 +19,8 @@ $serverCode = <<<'CODE' 'security_level' => 1, ]]); - $server = stream_socket_server('tls://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); - phpt_notify(); + $server = stream_socket_server('tls://127.0.0.1:0', $errno, $errstr, $flags, $ctx); + phpt_notify_server_start($server); @stream_socket_accept($server, 3); CODE; $serverCode = sprintf($serverCode, $certFile); @@ -33,9 +33,7 @@ $clientCode = <<<'CODE' 'security_level' => 1, ]]); - phpt_wait(); - - $client = stream_socket_client("tls://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = stream_socket_client("tls://{{ ADDR }}", $errno, $errstr, 3, $flags, $ctx); var_dump($client); CODE; diff --git a/ext/openssl/tests/bug65538_001.phpt b/ext/openssl/tests/bug65538_001.phpt index c6f443627b53..e04f6cf820e4 100644 --- a/ext/openssl/tests/bug65538_001.phpt +++ b/ext/openssl/tests/bug65538_001.phpt @@ -12,14 +12,14 @@ $certFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug65538_001.pem.tmp'; $cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug65538_001-ca.pem.tmp'; $serverCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://127.0.0.1:0"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ 'local_cert' => '%s', ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); - phpt_notify(); + phpt_notify_server_start($server); $client = @stream_socket_accept($server); if ($client) { @@ -41,13 +41,12 @@ $serverCode = sprintf($serverCode, $certFile); $peerName = 'bug65538_001'; $clientCode = <<<'CODE' - $serverUri = "https://127.0.0.1:64321/"; + $serverUri = "https://{{ ADDR }}/"; $clientCtx = stream_context_create(['ssl' => [ 'cafile' => 'file://%s', 'peer_name' => '%s', ]]); - phpt_wait(); $html = file_get_contents($serverUri, false, $clientCtx); var_dump($html); diff --git a/ext/openssl/tests/bug65538_003.phpt b/ext/openssl/tests/bug65538_003.phpt index 3b16b7b030c6..c18a024f0761 100644 --- a/ext/openssl/tests/bug65538_003.phpt +++ b/ext/openssl/tests/bug65538_003.phpt @@ -17,14 +17,14 @@ $cacertFile = 'bug65538_003-ca.pem'; $cacertPhar = __DIR__ . DIRECTORY_SEPARATOR . 'bug65538_003-ca.phar.tmp'; $serverCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://127.0.0.1:0"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ 'local_cert' => '%s', ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); - phpt_notify(); + phpt_notify_server_start($server); $client = @stream_socket_accept($server); if ($client) { @@ -46,13 +46,12 @@ $serverCode = sprintf($serverCode, $certFile); $peerName = 'bug65538_003'; $clientCode = <<<'CODE' - $serverUri = "https://127.0.0.1:64321/"; + $serverUri = "https://{{ ADDR }}/"; $clientCtx = stream_context_create(['ssl' => [ 'cafile' => 'phar://%s/%s', 'peer_name' => '%s', ]]); - phpt_wait(); $html = file_get_contents($serverUri, false, $clientCtx); var_dump($html); diff --git a/ext/openssl/tests/bug65729.phpt b/ext/openssl/tests/bug65729.phpt index 21d2ac7f569c..6df22fd4a7aa 100644 --- a/ext/openssl/tests/bug65729.phpt +++ b/ext/openssl/tests/bug65729.phpt @@ -12,14 +12,14 @@ $certFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug65729.pem.tmp'; $cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug65729-ca.pem.tmp'; $serverCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://127.0.0.1:0"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); - phpt_notify(); + phpt_notify_server_start($server); $expected_names = ['foo.test.com.sg', 'foo.test.com', 'FOO.TEST.COM', 'foo.bar.test.com']; foreach ($expected_names as $name) { @@ -29,11 +29,9 @@ CODE; $serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://{{ ADDR }}"; $clientFlags = STREAM_CLIENT_CONNECT; - phpt_wait(); - $expected_names = ['foo.test.com.sg', 'foo.test.com', 'FOO.TEST.COM', 'foo.bar.test.com']; foreach ($expected_names as $expected_name) { $clientCtx = stream_context_create(['ssl' => [ @@ -65,7 +63,7 @@ Warning: stream_socket_client(): Peer certificate CN=`*.test.com' did not match Warning: stream_socket_client(): Failed to enable crypto in %s on line %d -Warning: stream_socket_client(): Unable to connect to ssl://127.0.0.1:64321 (Unknown error) in %s on line %d +Warning: stream_socket_client(): Unable to connect to ssl://127.0.0.1:%d (Unknown error) in %s on line %d bool(false) resource(%d) of type (stream) resource(%d) of type (stream) @@ -74,5 +72,5 @@ Warning: stream_socket_client(): Peer certificate CN=`*.test.com' did not match Warning: stream_socket_client(): Failed to enable crypto in %s on line %d -Warning: stream_socket_client(): Unable to connect to ssl://127.0.0.1:64321 (Unknown error) in %s on line %d +Warning: stream_socket_client(): Unable to connect to ssl://127.0.0.1:%d (Unknown error) in %s on line %d bool(false) diff --git a/ext/openssl/tests/bug68265.phpt b/ext/openssl/tests/bug68265.phpt index 9d72d47707ed..ca82543520ca 100644 --- a/ext/openssl/tests/bug68265.phpt +++ b/ext/openssl/tests/bug68265.phpt @@ -12,21 +12,21 @@ $certFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug68265.pem.tmp'; $san = 'DNS:debs.ak-online.be., DNS:debs.ak-online.net.'; $serverCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://127.0.0.1:0"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ 'local_cert' => '%s', ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); - phpt_notify(); + phpt_notify_server_start($server); stream_socket_accept($server, 30); CODE; $serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://{{ ADDR }}"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => false, @@ -34,8 +34,6 @@ $clientCode = <<<'CODE' 'peer_name' => 'debs.ak-online.net', ]]); - phpt_wait(); - var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); CODE; diff --git a/ext/openssl/tests/bug68879.phpt b/ext/openssl/tests/bug68879.phpt index b529b93e7f43..cf87d2b54376 100644 --- a/ext/openssl/tests/bug68879.phpt +++ b/ext/openssl/tests/bug68879.phpt @@ -12,21 +12,21 @@ $certFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug68879.pem.tmp'; $san = 'DNS:test.com, DNS:www.test.com, DNS:subdomain.test.com, IP:0:0:0:0:0:FFFF:A02:1, IP:10.2.0.1'; $serverCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://127.0.0.1:0"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ 'local_cert' => '%s', ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); - phpt_notify(); + phpt_notify_server_start($server); stream_socket_accept($server, 30); CODE; $serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://{{ ADDR }}"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => false, @@ -34,8 +34,6 @@ $clientCode = <<<'CODE' 'peer_name' => '10.2.0.1', ]]); - phpt_wait(); - var_dump(stream_socket_client($serverUri, $errno, $errstr, 30, $clientFlags, $clientCtx)); CODE; diff --git a/ext/openssl/tests/bug68920.phpt b/ext/openssl/tests/bug68920.phpt index b25dd715dbb5..4abe12586b0b 100644 --- a/ext/openssl/tests/bug68920.phpt +++ b/ext/openssl/tests/bug68920.phpt @@ -11,14 +11,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); $certFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug68920.pem.tmp'; $serverCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://127.0.0.1:0"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ 'local_cert' => '%s', ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); - phpt_notify(); + phpt_notify_server_start($server); stream_socket_accept($server, 30); stream_socket_accept($server, 30); @@ -28,11 +28,9 @@ CODE; $serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://{{ ADDR }}"; $clientFlags = STREAM_CLIENT_CONNECT; - phpt_wait(); - $ctx = stream_context_create(['ssl' => ['verify_peer'=> false, 'peer_fingerprint' => true]]); $sock = stream_socket_client($serverUri, $errno, $errstr, 30, $clientFlags, $ctx); var_dump($sock); diff --git a/ext/openssl/tests/bug69215.phpt b/ext/openssl/tests/bug69215.phpt index fcae9c19a9e6..8b5dc5a261f3 100644 --- a/ext/openssl/tests/bug69215.phpt +++ b/ext/openssl/tests/bug69215.phpt @@ -13,7 +13,7 @@ $clientCertFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug69215-client.pem.tmp'; $serverCertFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug69215-server.pem.tmp'; $serverCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://127.0.0.1:0"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ 'local_cert' => '%s', @@ -24,14 +24,14 @@ $serverCode = <<<'CODE' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); - phpt_notify(); + phpt_notify_server_start($server); stream_socket_accept($server, 30); CODE; $serverCode = sprintf($serverCode, $serverCertFile, $caCertFile); $clientCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://{{ ADDR }}"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'local_cert' => '%s', @@ -41,8 +41,6 @@ $clientCode = <<<'CODE' 'peer_name' => 'bug69215-server', ]]); - phpt_wait(); - var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); CODE; $clientCode = sprintf($clientCode, $clientCertFile, $caCertFile); diff --git a/ext/openssl/tests/bug72333.phpt b/ext/openssl/tests/bug72333.phpt index d484db77f02c..57faf4d8fc99 100644 --- a/ext/openssl/tests/bug72333.phpt +++ b/ext/openssl/tests/bug72333.phpt @@ -14,8 +14,8 @@ $serverCode = <<<'CODE' $context = stream_context_create(['ssl' => ['local_cert' => '%s']]); $flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN; - $fp = stream_socket_server("ssl://127.0.0.1:10011", $errornum, $errorstr, $flags, $context); - phpt_notify(); + $fp = stream_socket_server("ssl://127.0.0.1:0", $errornum, $errorstr, $flags, $context); + phpt_notify_server_start($fp); $conn = stream_socket_accept($fp); $total = 100000; $result = fread($conn, $total); @@ -40,8 +40,7 @@ $peerName = 'bug72333'; $clientCode = <<<'CODE' $context = stream_context_create(['ssl' => ['verify_peer' => false, 'peer_name' => '%s']]); - phpt_wait(); - $fp = stream_socket_client("ssl://127.0.0.1:10011", $errornum, $errorstr, 3000, STREAM_CLIENT_CONNECT, $context); + $fp = stream_socket_client("ssl://{{ ADDR }}", $errornum, $errorstr, 3000, STREAM_CLIENT_CONNECT, $context); stream_set_blocking($fp, false); function blocking_fwrite($fp, $buf) { diff --git a/ext/openssl/tests/bug73072.phpt b/ext/openssl/tests/bug73072.phpt index 953dc74efbea..881de20937f2 100644 --- a/ext/openssl/tests/bug73072.phpt +++ b/ext/openssl/tests/bug73072.phpt @@ -18,9 +18,9 @@ $serverCode = <<<'CODE' ] ]]); - $server = stream_socket_server('tls://127.0.0.1:64322', $errno, $errstr, $flags, $ctx); + $server = stream_socket_server('tls://127.0.0.1:0', $errno, $errstr, $flags, $ctx); + phpt_notify_server_start($server); - phpt_notify(); @stream_socket_accept($server, 3); // if there is a segfault, this won't be called fwrite(STDERR, "done\n"); @@ -33,11 +33,9 @@ $clientCode = <<<'CODE' 'capture_peer_cert' => true ]; - phpt_wait(); - $ctxArr['peer_name'] = 'domain1.com'; $ctx = stream_context_create(['ssl' => $ctxArr]); - @stream_socket_client("tls://127.0.0.1:64322", $errno, $errstr, 1, $flags, $ctx); + @stream_socket_client("tls://{{ ADDR }}", $errno, $errstr, 1, $flags, $ctx); CODE; include 'ServerClientTestCase.inc'; diff --git a/ext/openssl/tests/bug74159.phpt b/ext/openssl/tests/bug74159.phpt index 92bdba10d27d..523169e364a8 100644 --- a/ext/openssl/tests/bug74159.phpt +++ b/ext/openssl/tests/bug74159.phpt @@ -15,7 +15,7 @@ $cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug74159-ca.pem.tmp'; // not really reliable on more powerful machine but cover different // scenarios which might be useful. More reliable test is bug72333.phpt $serverCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:10012"; + $serverUri = "ssl://127.0.0.1:0"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ 'local_cert' => '%s', @@ -23,7 +23,7 @@ $serverCode = <<<'CODE' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); - phpt_notify(); + phpt_notify_server_start($server); $client = stream_socket_accept($server, 1); @@ -73,7 +73,7 @@ $clientCode = <<<'CODE' exit("$errstr\n"); }); - $serverUri = "tcp://127.0.0.1:10012"; + $serverUri = "tcp://{{ ADDR }}"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, @@ -81,8 +81,6 @@ $clientCode = <<<'CODE' 'peer_name' => '%s', ]]); - phpt_wait(); - $fp = stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx); stream_set_blocking($fp, false); diff --git a/ext/openssl/tests/bug76705.phpt b/ext/openssl/tests/bug76705.phpt index 0ff9a563932e..6e898c57b64f 100644 --- a/ext/openssl/tests/bug76705.phpt +++ b/ext/openssl/tests/bug76705.phpt @@ -9,20 +9,20 @@ if (!function_exists("proc_open")) die("skip no proc_open"); --FILE-- [ 'local_cert' => __DIR__ . '/bug76705.pem' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); - phpt_notify(); + phpt_notify_server_start($server); @stream_socket_accept($server, 1); CODE; $clientCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64323"; + $serverUri = "ssl://{{ ADDR }}"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, @@ -33,7 +33,6 @@ $clientCode = <<<'CODE' ] ]]); - phpt_wait(); var_dump(stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx)); CODE; diff --git a/ext/openssl/tests/bug77390.phpt b/ext/openssl/tests/bug77390.phpt index b45910b76649..a55ee16f4bf0 100644 --- a/ext/openssl/tests/bug77390.phpt +++ b/ext/openssl/tests/bug77390.phpt @@ -15,11 +15,7 @@ $peerName = 'bug77390'; $clientCode = <<<'CODE' $context = stream_context_create(['ssl' => ['verify_peer' => false, 'peer_name' => '%s']]); - phpt_wait('server'); - phpt_notify('proxy'); - - phpt_wait('proxy'); - $fp = stream_socket_client("ssl://127.0.0.1:10012", $errornum, $errorstr, 3000, STREAM_CLIENT_CONNECT, $context); + $fp = stream_socket_client("ssl://{{ ADDR }}", $errornum, $errorstr, 3000, STREAM_CLIENT_CONNECT, $context); stream_set_blocking($fp, false); $read = [$fp]; @@ -57,8 +53,8 @@ $serverCode = <<<'CODE' $context = stream_context_create(['ssl' => ['local_cert' => '%s']]); $flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN; - $fp = stream_socket_server("ssl://127.0.0.1:10011", $errornum, $errorstr, $flags, $context); - phpt_notify(); + $fp = stream_socket_server("ssl://127.0.0.1:0", $errornum, $errorstr, $flags, $context); + phpt_notify_server_start($fp); $conn = stream_socket_accept($fp); fwrite($conn, 'warmup'); @@ -71,14 +67,12 @@ CODE; $serverCode = sprintf($serverCode, $certFile); $proxyCode = <<<'CODE' - phpt_wait(); - - $upstream = stream_socket_client("tcp://127.0.0.1:10011", $errornum, $errorstr, 3000, STREAM_CLIENT_CONNECT); + $upstream = stream_socket_client("tcp://{{ ADDR }}", $errornum, $errorstr, 3000, STREAM_CLIENT_CONNECT); stream_set_blocking($upstream, false); $flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN; - $server = stream_socket_server("tcp://127.0.0.1:10012", $errornum, $errorstr, $flags); - phpt_notify(); + $server = stream_socket_server("tcp://127.0.0.1:0", $errornum, $errorstr, $flags); + phpt_notify_server_start($server); $conn = stream_socket_accept($server); stream_set_blocking($conn, false); diff --git a/ext/openssl/tests/capture_peer_cert_001.phpt b/ext/openssl/tests/capture_peer_cert_001.phpt index dc1e2caa6a97..bbf9e6d2c5f5 100644 --- a/ext/openssl/tests/capture_peer_cert_001.phpt +++ b/ext/openssl/tests/capture_peer_cert_001.phpt @@ -12,14 +12,14 @@ $certFile = __DIR__ . DIRECTORY_SEPARATOR . 'capture_peer_cert_001.pem.tmp'; $cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'capture_peer_cert_001-ca.pem.tmp'; $serverCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://127.0.0.1:0"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); - phpt_notify(); + phpt_notify_server_start($server); @stream_socket_accept($server, 1); CODE; @@ -27,14 +27,13 @@ $serverCode = sprintf($serverCode, $certFile); $peerName = 'capture_peer_cert_001'; $clientCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://{{ ADDR }}"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'capture_peer_cert' => true, 'cafile' => '%s' ]]); - phpt_wait(); $client = @stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx); $cert = stream_context_get_options($clientCtx)['ssl']['peer_certificate']; var_dump(openssl_x509_parse($cert)['subject']['CN']); diff --git a/ext/openssl/tests/openssl_peer_fingerprint_basic.phpt b/ext/openssl/tests/openssl_peer_fingerprint_basic.phpt index fb2c852160c1..34080446088d 100644 --- a/ext/openssl/tests/openssl_peer_fingerprint_basic.phpt +++ b/ext/openssl/tests/openssl_peer_fingerprint_basic.phpt @@ -12,14 +12,14 @@ $certFile = __DIR__ . DIRECTORY_SEPARATOR . 'openssl_peer_fingerprint_basic.pem. $cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'openssl_peer_fingerprint_basic-ca.pem.tmp'; $serverCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://127.0.0.1:0"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); - phpt_notify(); + phpt_notify_server_start($server); @stream_socket_accept($server, 1); @stream_socket_accept($server, 1); @@ -28,7 +28,7 @@ $serverCode = sprintf($serverCode, $certFile); $peerName = 'openssl_peer_fingerprint_basic'; $clientCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://{{ ADDR }}"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, @@ -37,8 +37,6 @@ $clientCode = <<<'CODE' 'peer_name' => '%s', ]]); - phpt_wait(); - stream_context_set_option($clientCtx, 'ssl', 'peer_fingerprint', '%s'); var_dump(stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx)); @@ -75,6 +73,6 @@ Warning: stream_socket_client(): peer_fingerprint match failure in %s on line %d Warning: stream_socket_client(): Failed to enable crypto in %s on line %d -Warning: stream_socket_client(): Unable to connect to ssl://127.0.0.1:64321 (Unknown error) in %s on line %d +Warning: stream_socket_client(): Unable to connect to ssl://127.0.0.1:%d (Unknown error) in %s on line %d bool(false) resource(%d) of type (stream) diff --git a/ext/openssl/tests/peer_verification.phpt b/ext/openssl/tests/peer_verification.phpt index 3ca5f8e14136..bda68c933ca4 100644 --- a/ext/openssl/tests/peer_verification.phpt +++ b/ext/openssl/tests/peer_verification.phpt @@ -12,14 +12,14 @@ $certFile = __DIR__ . DIRECTORY_SEPARATOR . 'peer_verification.pem.tmp'; $cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'peer_verification-ca.pem.tmp'; $serverCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://127.0.0.1:0"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); - phpt_notify(); + phpt_notify_server_start($server); for ($i = 0; $i < 5; $i++) { @stream_socket_accept($server, 1); @@ -29,12 +29,10 @@ $serverCode = sprintf($serverCode, $certFile); $peerName = 'peer_verification'; $clientCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://{{ ADDR }}"; $clientFlags = STREAM_CLIENT_CONNECT; $caFile = '%s'; - phpt_wait(); - // Expected to fail -- untrusted server cert and no CA File present var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags)); diff --git a/ext/openssl/tests/san_ipv6_peer_matching.phpt b/ext/openssl/tests/san_ipv6_peer_matching.phpt index 81966025d396..bc3bd02f269c 100644 --- a/ext/openssl/tests/san_ipv6_peer_matching.phpt +++ b/ext/openssl/tests/san_ipv6_peer_matching.phpt @@ -17,14 +17,14 @@ $certFile = __DIR__ . DIRECTORY_SEPARATOR . 'san_ipv6_peer_matching.pem.tmp'; $san = 'IP:2001:db8:85a3:8d3:1319:8a2e:370:7348'; $serverCode = <<<'CODE' - $serverUri = "ssl://[::1]:64324"; + $serverUri = "ssl://[::1]:0"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ 'local_cert' => '%s', ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); - phpt_notify(); + phpt_notify_server_start($server); @stream_socket_accept($server, 1); @stream_socket_accept($server, 1); @@ -32,14 +32,12 @@ CODE; $serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' - $serverUri = "ssl://[::1]:64324"; + $serverUri = "ssl://{{ ADDR }}"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => false, ]]); - phpt_wait(); - stream_context_set_option($clientCtx, 'ssl', 'peer_name', '2001:db8:85a3:8d3:1319:8a2e:370:7348'); var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); @@ -65,5 +63,5 @@ Warning: stream_socket_client(): Unable to locate peer certificate CN in %s on l Warning: stream_socket_client(): Failed to enable crypto in %s on line %d -Warning: stream_socket_client(): Unable to connect to ssl://[::1]:64324 (Unknown error) in %s on line %d +Warning: stream_socket_client(): Unable to connect to ssl://[::1]:%d (Unknown error) in %s on line %d bool(false) diff --git a/ext/openssl/tests/san_peer_matching.phpt b/ext/openssl/tests/san_peer_matching.phpt index cc828fe004bb..0df18f4a9250 100644 --- a/ext/openssl/tests/san_peer_matching.phpt +++ b/ext/openssl/tests/san_peer_matching.phpt @@ -12,14 +12,14 @@ $certFile = __DIR__ . DIRECTORY_SEPARATOR . 'san_peer_matching.pem.tmp'; $san = 'DNS:example.org, DNS:www.example.org, DNS:test.example.org'; $serverCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://127.0.0.1:0"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ 'local_cert' => '%s', ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); - phpt_notify(); + phpt_notify_server_start($server); @stream_socket_accept($server, 1); @stream_socket_accept($server, 1); @@ -27,14 +27,12 @@ CODE; $serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://{{ ADDR }}"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => false, ]]); - phpt_wait(); - stream_context_set_option($clientCtx, 'ssl', 'peer_name', 'example.org'); var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); @@ -60,5 +58,5 @@ Warning: stream_socket_client(): Unable to locate peer certificate CN in %s on l Warning: stream_socket_client(): Failed to enable crypto in %s on line %d -Warning: stream_socket_client(): Unable to connect to ssl://127.0.0.1:64321 (Unknown error) in %s on line %d +Warning: stream_socket_client(): Unable to connect to ssl://127.0.0.1:%d (Unknown error) in %s on line %d bool(false) diff --git a/ext/openssl/tests/session_meta_capture.phpt b/ext/openssl/tests/session_meta_capture.phpt index 36e3855f80aa..c642126a1269 100644 --- a/ext/openssl/tests/session_meta_capture.phpt +++ b/ext/openssl/tests/session_meta_capture.phpt @@ -12,7 +12,7 @@ $certFile = __DIR__ . DIRECTORY_SEPARATOR . 'session_meta_capture.pem.tmp'; $cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'session_meta_capture-ca.pem.tmp'; $serverCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://127.0.0.1:0"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ 'local_cert' => '%s', @@ -20,7 +20,7 @@ $serverCode = <<<'CODE' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); - phpt_notify(); + phpt_notify_server_start($server); @stream_socket_accept($server, 1); @stream_socket_accept($server, 1); @@ -31,7 +31,7 @@ $serverCode = sprintf($serverCode, $certFile); $peerName = 'session_meta_capture'; $clientCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://{{ ADDR }}"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, @@ -40,8 +40,6 @@ $clientCode = <<<'CODE' 'security_level' => 0, ]]); - phpt_wait(); - stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT); $stream = stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx); var_dump(stream_get_meta_data($stream)['crypto']['protocol']); diff --git a/ext/openssl/tests/session_meta_capture_tlsv13.phpt b/ext/openssl/tests/session_meta_capture_tlsv13.phpt index e07fb8c24e47..a21813d95031 100644 --- a/ext/openssl/tests/session_meta_capture_tlsv13.phpt +++ b/ext/openssl/tests/session_meta_capture_tlsv13.phpt @@ -13,7 +13,7 @@ $certFile = __DIR__ . DIRECTORY_SEPARATOR . 'session_meta_capture_tlsv13.pem.tmp $cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'session_meta_capture_tlsv13-ca.pem.tmp'; $serverCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://127.0.0.1:0"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ 'local_cert' => '%s', @@ -21,7 +21,7 @@ $serverCode = <<<'CODE' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); - phpt_notify(); + phpt_notify_server_start($server); @stream_socket_accept($server, 1); CODE; @@ -29,7 +29,7 @@ $serverCode = sprintf($serverCode, $certFile); $peerName = 'session_meta_capture_tlsv13'; $clientCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://{{ ADDR }}"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, @@ -37,8 +37,6 @@ $clientCode = <<<'CODE' 'peer_name' => '%s' ]]); - phpt_wait(); - stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT); $stream = stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx); var_dump(stream_get_meta_data($stream)['crypto']['protocol']); @@ -53,5 +51,10 @@ $certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile); include 'ServerClientTestCase.inc'; ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> +--CLEAN-- + --EXPECT-- string(7) "TLSv1.3" diff --git a/ext/openssl/tests/sni_server.phpt b/ext/openssl/tests/sni_server.phpt index cb3b3d771684..36a0621943eb 100644 --- a/ext/openssl/tests/sni_server.phpt +++ b/ext/openssl/tests/sni_server.phpt @@ -19,8 +19,8 @@ $serverCode = <<<'CODE' ] ]]); - $server = stream_socket_server('tls://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); - phpt_notify(); + $server = stream_socket_server('tls://127.0.0.1:0', $errno, $errstr, $flags, $ctx); + phpt_notify_server_start($server); for ($i=0; $i < 3; $i++) { @stream_socket_accept($server, 3); @@ -34,23 +34,21 @@ $clientCode = <<<'CODE' 'capture_peer_cert' => true ]; - phpt_wait(); - $ctxArr['peer_name'] = 'cs.php.net'; $ctx = stream_context_create(['ssl' => $ctxArr]); - $client = stream_socket_client("tls://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx); + $client = stream_socket_client("tls://{{ ADDR }}", $errno, $errstr, 1, $flags, $ctx); $cert = stream_context_get_options($ctx)['ssl']['peer_certificate']; var_dump(openssl_x509_parse($cert)['subject']['CN']); $ctxArr['peer_name'] = 'uk.php.net'; $ctx = stream_context_create(['ssl' => $ctxArr]); - $client = @stream_socket_client("tls://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx); + $client = @stream_socket_client("tls://{{ ADDR }}", $errno, $errstr, 1, $flags, $ctx); $cert = stream_context_get_options($ctx)['ssl']['peer_certificate']; var_dump(openssl_x509_parse($cert)['subject']['CN']); $ctxArr['peer_name'] = 'us.php.net'; $ctx = stream_context_create(['ssl' => $ctxArr]); - $client = @stream_socket_client("tls://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx); + $client = @stream_socket_client("tls://{{ ADDR }}", $errno, $errstr, 1, $flags, $ctx); $cert = stream_context_get_options($ctx)['ssl']['peer_certificate']; var_dump(openssl_x509_parse($cert)['subject']['CN']); CODE; diff --git a/ext/openssl/tests/sni_server_key_cert.phpt b/ext/openssl/tests/sni_server_key_cert.phpt index 2d0ef8c19448..b6adf8131de6 100644 --- a/ext/openssl/tests/sni_server_key_cert.phpt +++ b/ext/openssl/tests/sni_server_key_cert.phpt @@ -28,8 +28,8 @@ $serverCode = <<<'CODE' ] ]]); - $server = stream_socket_server('tls://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); - phpt_notify(); + $server = stream_socket_server('tls://127.0.0.1:0', $errno, $errstr, $flags, $ctx); + phpt_notify_server_start($server); for ($i=0; $i < 3; $i++) { @stream_socket_accept($server, 3); @@ -43,23 +43,21 @@ $clientCode = <<<'CODE' 'capture_peer_cert' => true ]; - phpt_wait(); - $ctxArr['peer_name'] = 'cs.php.net'; $ctx = stream_context_create(['ssl' => $ctxArr]); - $client = stream_socket_client("tls://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx); + $client = stream_socket_client("tls://{{ ADDR }}", $errno, $errstr, 1, $flags, $ctx); $cert = stream_context_get_options($ctx)['ssl']['peer_certificate']; var_dump(openssl_x509_parse($cert)['subject']['CN']); $ctxArr['peer_name'] = 'uk.php.net'; $ctx = stream_context_create(['ssl' => $ctxArr]); - $client = @stream_socket_client("tls://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx); + $client = @stream_socket_client("tls://{{ ADDR }}", $errno, $errstr, 1, $flags, $ctx); $cert = stream_context_get_options($ctx)['ssl']['peer_certificate']; var_dump(openssl_x509_parse($cert)['subject']['CN']); $ctxArr['peer_name'] = 'us.php.net'; $ctx = stream_context_create(['ssl' => $ctxArr]); - $client = @stream_socket_client("tls://127.0.0.1:64321", $errno, $errstr, 1, $flags, $ctx); + $client = @stream_socket_client("tls://{{ ADDR }}", $errno, $errstr, 1, $flags, $ctx); $cert = stream_context_get_options($ctx)['ssl']['peer_certificate']; var_dump(openssl_x509_parse($cert)['subject']['CN']); CODE; diff --git a/ext/openssl/tests/stream_crypto_flags_001.phpt b/ext/openssl/tests/stream_crypto_flags_001.phpt index 74caacc2ea91..ed22864a32e5 100644 --- a/ext/openssl/tests/stream_crypto_flags_001.phpt +++ b/ext/openssl/tests/stream_crypto_flags_001.phpt @@ -12,7 +12,7 @@ $certFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_001.pem.tmp'; $cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_001-ca.pem.tmp'; $serverCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://127.0.0.1:0"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ 'local_cert' => '%s', @@ -20,7 +20,7 @@ $serverCode = <<<'CODE' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); - phpt_notify(); + phpt_notify_server_start($server); @stream_socket_accept($server, 1); @stream_socket_accept($server, 1); @@ -30,7 +30,7 @@ $serverCode = sprintf($serverCode, $certFile); $peerName = 'stream_crypto_flags_001'; $clientCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://{{ ADDR }}"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, @@ -39,8 +39,6 @@ $clientCode = <<<'CODE' 'security_level' => 0, ]]); - phpt_wait(); - stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT); var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); diff --git a/ext/openssl/tests/stream_crypto_flags_002.phpt b/ext/openssl/tests/stream_crypto_flags_002.phpt index 870fd00e581b..8b73f883c3fd 100644 --- a/ext/openssl/tests/stream_crypto_flags_002.phpt +++ b/ext/openssl/tests/stream_crypto_flags_002.phpt @@ -12,7 +12,7 @@ $certFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_002.pem.tmp'; $cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_002-ca.pem.tmp'; $serverCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://127.0.0.1:0"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ 'local_cert' => '%s', @@ -20,7 +20,7 @@ $serverCode = <<<'CODE' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); - phpt_notify(); + phpt_notify_server_start($server); @stream_socket_accept($server, 1); @stream_socket_accept($server, 1); @@ -31,7 +31,7 @@ $serverCode = sprintf($serverCode, $certFile); $peerName = 'stream_crypto_flags_002'; $clientCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://{{ ADDR }}"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, @@ -40,8 +40,6 @@ $clientCode = <<<'CODE' 'security_level' => 0, ]]); - phpt_wait(); - stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT); var_dump(stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx)); diff --git a/ext/openssl/tests/stream_crypto_flags_003.phpt b/ext/openssl/tests/stream_crypto_flags_003.phpt index a75dd18cf6a7..a112fcff0b9d 100644 --- a/ext/openssl/tests/stream_crypto_flags_003.phpt +++ b/ext/openssl/tests/stream_crypto_flags_003.phpt @@ -13,7 +13,7 @@ $certFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_003.pem.tmp'; $cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_003-ca.pem.tmp'; $serverCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://127.0.0.1:0"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ 'local_cert' => '%s', @@ -24,7 +24,7 @@ $serverCode = <<<'CODE' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); - phpt_notify(); + phpt_notify_server_start($server); @stream_socket_accept($server, 1); @stream_socket_accept($server, 1); @@ -35,7 +35,7 @@ $serverCode = sprintf($serverCode, $certFile); $peerName = 'stream_crypto_flags_003'; $clientCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://{{ ADDR }}"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, @@ -44,8 +44,6 @@ $clientCode = <<<'CODE' 'security_level' => 0, ]]); - phpt_wait(); - stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT); var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); diff --git a/ext/openssl/tests/stream_crypto_flags_004.phpt b/ext/openssl/tests/stream_crypto_flags_004.phpt index 0a2fbc123dfd..cfd54c9bc1c8 100644 --- a/ext/openssl/tests/stream_crypto_flags_004.phpt +++ b/ext/openssl/tests/stream_crypto_flags_004.phpt @@ -12,7 +12,7 @@ $certFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_004.pem.tmp'; $cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_crypto_flags_004-ca.pem.tmp'; $serverCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://127.0.0.1:0"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ 'local_cert' => '%s', @@ -21,7 +21,7 @@ $serverCode = <<<'CODE' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); - phpt_notify(); + phpt_notify_server_start($server); @stream_socket_accept($server, 1); @stream_socket_accept($server, 1); @@ -32,7 +32,7 @@ $serverCode = sprintf($serverCode, $certFile); $peerName = 'stream_crypto_flags_004'; $clientCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://{{ ADDR }}"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, @@ -41,8 +41,6 @@ $clientCode = <<<'CODE' 'security_level' => 0, ]]); - phpt_wait(); - // Should succeed because the SSLv23 handshake here is compatible with the // TLSv1 hello method employed in the server var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); diff --git a/ext/openssl/tests/stream_security_level.phpt b/ext/openssl/tests/stream_security_level.phpt index 0892857a2df2..d6c967b59d34 100644 --- a/ext/openssl/tests/stream_security_level.phpt +++ b/ext/openssl/tests/stream_security_level.phpt @@ -19,7 +19,7 @@ $certFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_security_level.pem.tmp'; $cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_security_level-ca.pem.tmp'; $serverCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64322"; + $serverUri = "ssl://127.0.0.1:0"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ 'local_cert' => '%s', @@ -29,14 +29,14 @@ $serverCode = <<<'CODE' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); - phpt_notify(); + phpt_notify_server_start($server); @stream_socket_accept($server, 1); CODE; $serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64322"; + $serverUri = "ssl://{{ ADDR }}"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'security_level' => %d, @@ -45,7 +45,6 @@ $clientCode = <<<'CODE' 'verify_peer_name' => false ]]); - phpt_wait(); $client = stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx); var_dump($client); @@ -71,5 +70,5 @@ error:%s:SSL routines:%S:certificate verify failed in %s : eval()'d code on line Warning: stream_socket_client(): Failed to enable crypto in %s : eval()'d code on line %d -Warning: stream_socket_client(): Unable to connect to ssl://127.0.0.1:64322 (Unknown error) in %s : eval()'d code on line %d +Warning: stream_socket_client(): Unable to connect to ssl://127.0.0.1:%d (Unknown error) in %s : eval()'d code on line %d bool(false) diff --git a/ext/openssl/tests/stream_server_reneg_limit.phpt b/ext/openssl/tests/stream_server_reneg_limit.phpt index d661e9dc4233..d84906c81ca7 100644 --- a/ext/openssl/tests/stream_server_reneg_limit.phpt +++ b/ext/openssl/tests/stream_server_reneg_limit.phpt @@ -99,7 +99,7 @@ $certificateGenerator = new CertificateGenerator(); $certificateGenerator->saveNewCertAsFileWithKey('stream_security_level', $certFile); include 'ServerClientTestCase.inc'; -ServerClientTestCase::getInstance()->run($serverCode, $clientCode); +ServerClientTestCase::getInstance()->run($serverCode, $clientCode, false); ?> --CLEAN-- [ 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); - phpt_notify(); + phpt_notify_server_start($server); @stream_socket_accept($server, 1); CODE; @@ -26,14 +26,13 @@ $serverCode = sprintf($serverCode, $certFile); $peerName = 'stream_verify_peer_name_001'; $clientCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://{{ ADDR }}"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => false, 'peer_name' => '%s' ]]); - phpt_wait(); $client = stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx); var_dump($client); diff --git a/ext/openssl/tests/stream_verify_peer_name_002.phpt b/ext/openssl/tests/stream_verify_peer_name_002.phpt index a18ddd691114..c6c4045a1a62 100644 --- a/ext/openssl/tests/stream_verify_peer_name_002.phpt +++ b/ext/openssl/tests/stream_verify_peer_name_002.phpt @@ -12,14 +12,14 @@ $certFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_verify_peer_name_002.pem.tmp $cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_verify_peer_name_002-ca.pem.tmp'; $serverCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://127.0.0.1:0"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); - phpt_notify(); + phpt_notify_server_start($server); @stream_socket_accept($server, 1); CODE; @@ -27,7 +27,7 @@ $serverCode = sprintf($serverCode, $certFile); $actualPeerName = 'stream_verify_peer_name_002'; $clientCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://{{ ADDR }}"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, @@ -35,7 +35,6 @@ $clientCode = <<<'CODE' 'verify_peer_name' => false ]]); - phpt_wait(); $client = stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx); var_dump($client); diff --git a/ext/openssl/tests/stream_verify_peer_name_003.phpt b/ext/openssl/tests/stream_verify_peer_name_003.phpt index 835e55eec069..1ebd42c2fd45 100644 --- a/ext/openssl/tests/stream_verify_peer_name_003.phpt +++ b/ext/openssl/tests/stream_verify_peer_name_003.phpt @@ -12,14 +12,14 @@ $certFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_verify_peer_name_003.pem.tmp $cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'stream_verify_peer_name_003-ca.pem.tmp'; $serverCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://127.0.0.1:0"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ 'local_cert' => '%s' ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); - phpt_notify(); + phpt_notify_server_start($server); @stream_socket_accept($server, 1); CODE; @@ -27,14 +27,13 @@ $serverCode = sprintf($serverCode, $certFile); $actualPeerName = 'stream_verify_peer_name_003'; $clientCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://{{ ADDR }}"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'verify_peer' => true, 'cafile' => '%s' ]]); - phpt_wait(); $client = stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx); var_dump($client); @@ -59,5 +58,5 @@ Warning: stream_socket_client(): Peer certificate CN=`stream_verify_peer_name_00 Warning: stream_socket_client(): Failed to enable crypto in %s on line %d -Warning: stream_socket_client(): Unable to connect to ssl://127.0.0.1:64321 (Unknown error) in %s on line %d +Warning: stream_socket_client(): Unable to connect to ssl://127.0.0.1:%d (Unknown error) in %s on line %d bool(false) diff --git a/ext/openssl/tests/streams_crypto_method.phpt b/ext/openssl/tests/streams_crypto_method.phpt index 92654c877c5e..39584b50cdbf 100644 --- a/ext/openssl/tests/streams_crypto_method.phpt +++ b/ext/openssl/tests/streams_crypto_method.phpt @@ -11,14 +11,14 @@ if (!function_exists("proc_open")) die("skip no proc_open"); $certFile = __DIR__ . DIRECTORY_SEPARATOR . 'streams_crypto_method.pem.tmp'; $serverCode = <<<'CODE' - $serverUri = "ssl://127.0.0.1:64321"; + $serverUri = "ssl://127.0.0.1:0"; $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; $serverCtx = stream_context_create(['ssl' => [ 'local_cert' => '%s', ]]); $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx); - phpt_notify(); + phpt_notify_server_start($server); $client = @stream_socket_accept($server); if ($client) { @@ -39,7 +39,7 @@ CODE; $serverCode = sprintf($serverCode, $certFile); $clientCode = <<<'CODE' - $serverUri = "https://127.0.0.1:64321/"; + $serverUri = "https://{{ ADDR }}/"; $clientFlags = STREAM_CLIENT_CONNECT; $clientCtx = stream_context_create(['ssl' => [ 'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT, @@ -47,7 +47,6 @@ $clientCode = <<<'CODE' 'verify_peer_name' => false ]]); - phpt_wait(); echo file_get_contents($serverUri, false, $clientCtx); CODE; diff --git a/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt b/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt index 5d04263cfbc7..5be76547f209 100644 --- a/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt +++ b/ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt @@ -19,8 +19,8 @@ $serverCode = <<<'CODE' 'security_level' => 0, ]]); - $server = stream_socket_server('tls://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); - phpt_notify(); + $server = stream_socket_server('tls://127.0.0.1:0', $errno, $errstr, $flags, $ctx); + phpt_notify_server_start($server); for ($i=0; $i < (phpt_has_sslv3() ? 6 : 5); $i++) { @stream_socket_accept($server, 3); @@ -36,24 +36,22 @@ $clientCode = <<<'CODE' 'security_level' => 0, ]]); - phpt_wait(); - - $client = stream_socket_client("tlsv1.0://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = stream_socket_client("tlsv1.0://{{ ADDR }}", $errno, $errstr, 3, $flags, $ctx); var_dump($client); - $client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = @stream_socket_client("sslv3://{{ ADDR }}", $errno, $errstr, 3, $flags, $ctx); var_dump($client); - $client = @stream_socket_client("tlsv1.1://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = @stream_socket_client("tlsv1.1://{{ ADDR }}", $errno, $errstr, 3, $flags, $ctx); var_dump($client); - $client = @stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = @stream_socket_client("tlsv1.2://{{ ADDR }}", $errno, $errstr, 3, $flags, $ctx); var_dump($client); - $client = @stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = @stream_socket_client("ssl://{{ ADDR }}", $errno, $errstr, 3, $flags, $ctx); var_dump($client); - $client = @stream_socket_client("tls://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = @stream_socket_client("tls://{{ ADDR }}", $errno, $errstr, 3, $flags, $ctx); var_dump($client); CODE; diff --git a/ext/openssl/tests/tls_wrapper.phpt b/ext/openssl/tests/tls_wrapper.phpt index 2220fbc0ac1d..7dcaa704cab8 100644 --- a/ext/openssl/tests/tls_wrapper.phpt +++ b/ext/openssl/tests/tls_wrapper.phpt @@ -18,8 +18,8 @@ $serverCode = <<<'CODE' 'security_level' => 0, ]]); - $server = stream_socket_server('tls://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); - phpt_notify(); + $server = stream_socket_server('tls://127.0.0.1:0', $errno, $errstr, $flags, $ctx); + phpt_notify_server_start($server); for ($i = 0; $i < (phpt_has_sslv3() ? 6 : 5); $i++) { @stream_socket_accept($server, 3); @@ -35,24 +35,22 @@ $clientCode = <<<'CODE' 'security_level' => 0, ]]); - phpt_wait(); - - $client = stream_socket_client("tlsv1.0://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = stream_socket_client("tlsv1.0://{{ ADDR }}", $errno, $errstr, 3, $flags, $ctx); var_dump($client); - $client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = @stream_socket_client("sslv3://{{ ADDR }}", $errno, $errstr, 3, $flags, $ctx); var_dump($client); - $client = @stream_socket_client("tlsv1.1://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = @stream_socket_client("tlsv1.1://{{ ADDR }}", $errno, $errstr, 3, $flags, $ctx); var_dump($client); - $client = @stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = @stream_socket_client("tlsv1.2://{{ ADDR }}", $errno, $errstr, 3, $flags, $ctx); var_dump($client); - $client = @stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = @stream_socket_client("ssl://{{ ADDR }}", $errno, $errstr, 3, $flags, $ctx); var_dump($client); - $client = @stream_socket_client("tls://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = @stream_socket_client("tls://{{ ADDR }}", $errno, $errstr, 3, $flags, $ctx); var_dump($client); CODE; diff --git a/ext/openssl/tests/tls_wrapper_with_tls_v1.3.phpt b/ext/openssl/tests/tls_wrapper_with_tls_v1.3.phpt index 67c30cac87bc..5d38c5606c4f 100644 --- a/ext/openssl/tests/tls_wrapper_with_tls_v1.3.phpt +++ b/ext/openssl/tests/tls_wrapper_with_tls_v1.3.phpt @@ -18,8 +18,8 @@ $serverCode = <<<'CODE' 'security_level' => 0, ]]); - $server = stream_socket_server('tls://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); - phpt_notify(); + $server = stream_socket_server('tls://127.0.0.1:0', $errno, $errstr, $flags, $ctx); + phpt_notify_server_start($server); for ($i = 0; $i < (phpt_has_sslv3() ? 7 : 6); $i++) { @stream_socket_accept($server, 3); @@ -35,27 +35,25 @@ $clientCode = <<<'CODE' 'security_level' => 0, ]]); - phpt_wait(); - - $client = stream_socket_client("tlsv1.0://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = stream_socket_client("tlsv1.0://{{ ADDR }}", $errno, $errstr, 3, $flags, $ctx); var_dump($client); - $client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = @stream_socket_client("sslv3://{{ ADDR }}", $errno, $errstr, 3, $flags, $ctx); var_dump($client); - $client = @stream_socket_client("tlsv1.1://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = @stream_socket_client("tlsv1.1://{{ ADDR }}", $errno, $errstr, 3, $flags, $ctx); var_dump($client); - $client = @stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = @stream_socket_client("tlsv1.2://{{ ADDR }}", $errno, $errstr, 3, $flags, $ctx); var_dump($client); - $client = @stream_socket_client("tlsv1.3://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = @stream_socket_client("tlsv1.3://{{ ADDR }}", $errno, $errstr, 3, $flags, $ctx); var_dump($client); - $client = @stream_socket_client("ssl://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = @stream_socket_client("ssl://{{ ADDR }}", $errno, $errstr, 3, $flags, $ctx); var_dump($client); - $client = @stream_socket_client("tls://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = @stream_socket_client("tls://{{ ADDR }}", $errno, $errstr, 3, $flags, $ctx); var_dump($client); CODE; diff --git a/ext/openssl/tests/tlsv1.0_wrapper.phpt b/ext/openssl/tests/tlsv1.0_wrapper.phpt index c712217271b1..38d44847cdb5 100644 --- a/ext/openssl/tests/tlsv1.0_wrapper.phpt +++ b/ext/openssl/tests/tlsv1.0_wrapper.phpt @@ -17,8 +17,8 @@ $serverCode = <<<'CODE' 'security_level' => 0, ]]); - $server = stream_socket_server('tlsv1.0://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); - phpt_notify(); + $server = stream_socket_server('tlsv1.0://127.0.0.1:0', $errno, $errstr, $flags, $ctx); + phpt_notify_server_start($server); for ($i = 0; $i < (phpt_has_sslv3() ? 3 : 2); $i++) { @stream_socket_accept($server, 3); @@ -34,15 +34,13 @@ $clientCode = <<<'CODE' 'security_level' => 0, ]]); - phpt_wait(); - - $client = stream_socket_client("tlsv1.0://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = stream_socket_client("tlsv1.0://{{ ADDR }}", $errno, $errstr, 3, $flags, $ctx); var_dump($client); - $client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = @stream_socket_client("sslv3://{{ ADDR }}", $errno, $errstr, 3, $flags, $ctx); var_dump($client); - $client = @stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = @stream_socket_client("tlsv1.2://{{ ADDR }}", $errno, $errstr, 3, $flags, $ctx); var_dump($client); CODE; diff --git a/ext/openssl/tests/tlsv1.1_wrapper.phpt b/ext/openssl/tests/tlsv1.1_wrapper.phpt index a1525350572b..6cdcd52fe500 100644 --- a/ext/openssl/tests/tlsv1.1_wrapper.phpt +++ b/ext/openssl/tests/tlsv1.1_wrapper.phpt @@ -17,8 +17,8 @@ $serverCode = <<<'CODE' 'security_level' => 0, ]]); - $server = stream_socket_server('tlsv1.1://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); - phpt_notify(); + $server = stream_socket_server('tlsv1.1://127.0.0.1:0', $errno, $errstr, $flags, $ctx); + phpt_notify_server_start($server); for ($i = 0; $i < (phpt_has_sslv3() ? 3 : 2); $i++) { @stream_socket_accept($server, 3); @@ -34,15 +34,13 @@ $clientCode = <<<'CODE' 'security_level' => 0, ]]); - phpt_wait(); - - $client = stream_socket_client("tlsv1.1://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = stream_socket_client("tlsv1.1://{{ ADDR }}", $errno, $errstr, 3, $flags, $ctx); var_dump($client); - $client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = @stream_socket_client("sslv3://{{ ADDR }}", $errno, $errstr, 3, $flags, $ctx); var_dump($client); - $client = @stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = @stream_socket_client("tlsv1.2://{{ ADDR }}", $errno, $errstr, 3, $flags, $ctx); var_dump($client); CODE; diff --git a/ext/openssl/tests/tlsv1.2_wrapper.phpt b/ext/openssl/tests/tlsv1.2_wrapper.phpt index b0b2c28c4837..e429687b52c4 100644 --- a/ext/openssl/tests/tlsv1.2_wrapper.phpt +++ b/ext/openssl/tests/tlsv1.2_wrapper.phpt @@ -16,8 +16,8 @@ $serverCode = <<<'CODE' 'local_cert' => '%s', ]]); - $server = stream_socket_server('tlsv1.2://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); - phpt_notify(); + $server = stream_socket_server('tlsv1.2://127.0.0.1:0', $errno, $errstr, $flags, $ctx); + phpt_notify_server_start($server); for ($i = 0; $i < (phpt_has_sslv3() ? 3 : 2); $i++) { @stream_socket_accept($server, 3); @@ -32,15 +32,13 @@ $clientCode = <<<'CODE' 'verify_peer_name' => false, ]]); - phpt_wait(); - - $client = stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = stream_socket_client("tlsv1.2://{{ ADDR }}", $errno, $errstr, 3, $flags, $ctx); var_dump($client); - $client = @stream_socket_client("sslv3://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = @stream_socket_client("sslv3://{{ ADDR }}", $errno, $errstr, 3, $flags, $ctx); var_dump($client); - $client = @stream_socket_client("tlsv1.1://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = @stream_socket_client("tlsv1.1://{{ ADDR }}", $errno, $errstr, 3, $flags, $ctx); var_dump($client); CODE; diff --git a/ext/openssl/tests/tlsv1.3_wrapper.phpt b/ext/openssl/tests/tlsv1.3_wrapper.phpt index 9b04a2ef002a..ee22a9e1c4bc 100644 --- a/ext/openssl/tests/tlsv1.3_wrapper.phpt +++ b/ext/openssl/tests/tlsv1.3_wrapper.phpt @@ -17,8 +17,8 @@ $serverCode = <<<'CODE' 'local_cert' => '%s', ]]); - $server = stream_socket_server('tlsv1.3://127.0.0.1:64321', $errno, $errstr, $flags, $ctx); - phpt_notify(); + $server = stream_socket_server('tlsv1.3://127.0.0.1:0', $errno, $errstr, $flags, $ctx); + phpt_notify_server_start($server); for ($i=0; $i < 3; $i++) { @stream_socket_accept($server, 3); @@ -33,15 +33,13 @@ $clientCode = <<<'CODE' 'verify_peer_name' => false, ]]); - phpt_wait(); - - $client = stream_socket_client("tlsv1.3://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = stream_socket_client("tlsv1.3://{{ ADDR }}", $errno, $errstr, 3, $flags, $ctx); var_dump($client); - $client = @stream_socket_client("tlsv1.0://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = @stream_socket_client("tlsv1.0://{{ ADDR }}", $errno, $errstr, 3, $flags, $ctx); var_dump($client); - $client = @stream_socket_client("tlsv1.2://127.0.0.1:64321", $errno, $errstr, 3, $flags, $ctx); + $client = @stream_socket_client("tlsv1.2://{{ ADDR }}", $errno, $errstr, 3, $flags, $ctx); var_dump($client); CODE; diff --git a/ext/standard/tests/streams/stream_context_tcp_nodelay_server.phpt b/ext/standard/tests/streams/stream_context_tcp_nodelay_server.phpt index c4c3b94d3c17..6f656ca15f9c 100644 --- a/ext/standard/tests/streams/stream_context_tcp_nodelay_server.phpt +++ b/ext/standard/tests/streams/stream_context_tcp_nodelay_server.phpt @@ -2,6 +2,13 @@ stream context tcp_nodelay server --EXTENSIONS-- sockets +--SKIPIF-- + --FILE-- 0); + $si = socket_get_option(socket_import_stream($server), SOL_TCP, TCP_NODELAY) > 0 ? "nodelay": "delay"; + $ci = socket_get_option(socket_import_stream($conn), SOL_TCP, TCP_NODELAY) > 0 ? "nodelay": "delay"; - var_dump(socket_get_option( - socket_import_stream($client), - SOL_TCP, TCP_NODELAY) > 0); - - fclose($client); - fclose($server); + phpt_notify(message:"server-$si:conn-$ci"); CODE; $clientCode = <<<'CODE' - $test = stream_socket_client( - "tcp://127.0.0.1:9099", $errno, $errstr, 10); - - sleep(1); + $test = stream_socket_client("tcp://{{ ADDR }}", $errno, $errstr, 10); - fclose($test); + echo phpt_wait(); CODE; -include sprintf( - "%s/../../../openssl/tests/ServerClientTestCase.inc", - __DIR__); -ServerClientTestCase::getInstance()->run($serverCode, $clientCode); +include sprintf("%s/../../../openssl/tests/ServerClientTestCase.inc", __DIR__); +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); ?> --EXPECT-- -bool(false) -bool(true) +server-delay:conn-nodelay From 9e1b58274e55161ff57e6efe3584235b8754d605 Mon Sep 17 00:00:00 2001 From: Jakub Zelenka Date: Tue, 31 Dec 2024 13:39:33 +0100 Subject: [PATCH 16/52] Test stream_context_tcp_nodelay_server on Windows Closes GH-17308 --- .github/scripts/windows/test_task.bat | 3 ++- .../tests/streams/stream_context_tcp_nodelay_server.phpt | 7 ++----- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/scripts/windows/test_task.bat b/.github/scripts/windows/test_task.bat index c4ac5c0de458..29cf1e4f2b61 100644 --- a/.github/scripts/windows/test_task.bat +++ b/.github/scripts/windows/test_task.bat @@ -97,8 +97,9 @@ rem generate php.ini echo extension_dir=%PHP_BUILD_DIR% > %PHP_BUILD_DIR%\php.ini echo opcache.file_cache=%PHP_BUILD_DIR%\test_file_cache >> %PHP_BUILD_DIR%\php.ini if "%OPCACHE%" equ "1" echo zend_extension=php_opcache.dll >> %PHP_BUILD_DIR%\php.ini -rem work-around for some spawned PHP processes requiring OpenSSL +rem work-around for some spawned PHP processes requiring OpenSSL and sockets echo extension=php_openssl.dll >> %PHP_BUILD_DIR%\php.ini +echo extension=php_sockets.dll >> %PHP_BUILD_DIR%\php.ini rem remove ext dlls for which tests are not supported for %%i in (imap ldap oci8_12c pdo_firebird pdo_oci snmp) do ( diff --git a/ext/standard/tests/streams/stream_context_tcp_nodelay_server.phpt b/ext/standard/tests/streams/stream_context_tcp_nodelay_server.phpt index 6f656ca15f9c..e20e294180cc 100644 --- a/ext/standard/tests/streams/stream_context_tcp_nodelay_server.phpt +++ b/ext/standard/tests/streams/stream_context_tcp_nodelay_server.phpt @@ -5,9 +5,6 @@ sockets --SKIPIF-- --FILE-- run($clientCode, $serverCode); ?> ---EXPECT-- +--EXPECTF-- server-delay:conn-nodelay + From 235d1b14a3fa317cd2837d16aae716b615bea40c Mon Sep 17 00:00:00 2001 From: Jakub Zelenka Date: Sun, 19 Jan 2025 20:36:12 +0100 Subject: [PATCH 17/52] Fix GH-17499: mysqli flaky test: ghsa-h35g-vwh6-m678-stmt-row-string --- ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-string.phpt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-string.phpt b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-string.phpt index e40ed1d58c7f..bd12aee3ed15 100644 --- a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-string.phpt +++ b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-string.phpt @@ -47,6 +47,6 @@ print "done!"; [*] Sending - Malicious Stmt Response for items [Extract heap through buffer over-read]: 01000001013000000203646566087068705f74657374056974656d73056974656d73046974656d046974656d0ce000c8000000fd011000000005000003fe00002200070000040000fa7465737405000005fe00002200 Warning: mysqli_result::fetch_assoc(): Malformed server packet. Field length pointing after the end of packet in %s on line %d -[*] Received: 0500000019010000000100000001 +[*] Received: 05000000190100000%d [*] Server finished done! From f26250c7c78aba959e57d5ac5b1aa388d5685f64 Mon Sep 17 00:00:00 2001 From: Ilija Tovilo Date: Fri, 24 Jan 2025 12:24:18 +0100 Subject: [PATCH 18/52] Backport nightly.yml This file should stay up-to-date for consistent behavior across workflow triggers. --- .github/workflows/nightly.yml | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 90e9a1d7b760..4041271f4d04 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -227,6 +227,8 @@ jobs: runs-on: ubuntu-latest container: image: ubuntu:${{ inputs.ubuntu_version }} + env: + PDO_FIREBIRD_TEST_DSN: firebird:dbname=firebird:test.fdb services: mysql: image: mysql:8.3 @@ -235,6 +237,15 @@ jobs: env: MYSQL_DATABASE: test MYSQL_ROOT_PASSWORD: root + firebird: + image: jacobalberty/firebird + ports: + - 3050:3050 + env: + ISC_PASSWORD: test + FIREBIRD_DATABASE: test.fdb + FIREBIRD_USER: test + FIREBIRD_PASSWORD: test steps: - name: git checkout uses: actions/checkout@v4 @@ -952,10 +963,18 @@ jobs: - x64: true zts: true opcache: true + asan: false - x64: false zts: false opcache: false - name: "WINDOWS_${{ matrix.x64 && 'X64' || 'X86' }}_${{ matrix.zts && 'ZTS' || 'NTS' }}" + asan: false + - x64: true + zts: true + opcache: true + asan: true + branch: 'master' + timeout: 120 + name: "WINDOWS_${{ matrix.x64 && 'X64' || 'X86' }}_${{ matrix.zts && 'ZTS' || 'NTS' }}${{ matrix.asan && '_ASAN' || ''}}" runs-on: windows-${{ inputs.windows_version }} env: PHP_BUILD_CACHE_BASE_DIR: C:\build-cache @@ -968,6 +987,7 @@ jobs: INTRINSICS: "${{ matrix.zts && 'AVX2' || '' }}" PARALLEL: -j2 OPCACHE: "${{ matrix.opcache && '1' || '0' }}" + ASAN: "${{ matrix.asan && '1' || '0' }}" steps: - name: git config run: git config --global core.autocrlf false && git config --global core.eol lf From 5b8c960c9feb0db240da8818d901a11bdaceba0e Mon Sep 17 00:00:00 2001 From: Ilija Tovilo Date: Fri, 24 Jan 2025 12:40:36 +0100 Subject: [PATCH 19/52] Skip Symfony/Wordpress in 8.1 build There are two issues: The latest Symfony branches don't support 8.1 anymore. This could ber mitigated by switching to LTS for security builds. However, there are also some JIT bugs that are hard to backport. We'll skip these builds on 8.1 instead. --- .github/workflows/nightly.yml | 12 +++++++++--- .github/workflows/root.yml | 2 ++ 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 4041271f4d04..fba5b095f83d 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -26,6 +26,12 @@ on: windows_version: required: true type: string + skip_symfony: + required: true + type: boolean + skip_wordpress: + required: true + type: boolean permissions: contents: read jobs: @@ -554,7 +560,7 @@ jobs: exit 1 fi - name: Test Symfony - if: always() + if: always() && !inputs.skip_symfony run: | git clone https://github.com/symfony/symfony.git --depth=1 cd symfony @@ -586,7 +592,7 @@ jobs: exit 1 fi - name: 'Symfony Preloading' - if: always() + if: always() && !inputs.skip_symfony run: | php /usr/bin/composer create-project symfony/symfony-demo symfony_demo --no-progress --ignore-platform-reqs cd symfony_demo @@ -594,7 +600,7 @@ jobs: sed -i 's/PHP_SAPI/"cli-server"/g' var/cache/dev/App_KernelDevDebugContainer.preload.php php -d opcache.preload=var/cache/dev/App_KernelDevDebugContainer.preload.php public/index.php - name: Test Wordpress - if: always() + if: always() && !inputs.skip_wordpress run: | git clone https://github.com/WordPress/wordpress-develop.git wordpress --depth=1 cd wordpress diff --git a/.github/workflows/root.yml b/.github/workflows/root.yml index cefabd0394a4..5cdd70489343 100644 --- a/.github/workflows/root.yml +++ b/.github/workflows/root.yml @@ -59,4 +59,6 @@ jobs: || ((matrix.branch.version[0] == 8 && matrix.branch.version[1] >= 3) && '22.04') || '20.04' }} windows_version: ${{ ((matrix.branch.version[0] == 8 && matrix.branch.version[1] >= 4) || matrix.branch.version[0] >= 9) && '2022' || '2019' }} + skip_symfony: ${{ matrix.branch.version[0] == 8 && matrix.branch.version[1] == 1 }} + skip_wordpress: ${{ matrix.branch.version[0] == 8 && matrix.branch.version[1] == 1 }} secrets: inherit From 5b32011fb5651bbad42572c7ceacdd85e65f4726 Mon Sep 17 00:00:00 2001 From: Ilija Tovilo Date: Fri, 24 Jan 2025 14:25:24 +0100 Subject: [PATCH 20/52] [skip ci] Use !cancelled() over always() in GHA config According to the documentation, !cancelled() should be used over always() when the step should be executed regardless of success of failure, but canceled when the workflow is canceled. See https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/evaluate-expressions-in-workflows-and-actions#always --- .github/workflows/nightly.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index fba5b095f83d..c2816d72cf18 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -427,7 +427,7 @@ jobs: -d zend_extension=opcache.so -d opcache.enable_cli=1 - uses: codecov/codecov-action@v4 - if: always() + if: !cancelled() with: fail_ci_if_error: true token: ${{ secrets.CODECOV_TOKEN }} @@ -500,7 +500,7 @@ jobs: echo opcache.jit_hot_side_exit=1 >> /etc/php.d/opcache.ini php -v - name: Test AMPHP - if: always() + if: !cancelled() run: | repositories="amp cache dns file http parallel parser pipeline process serialization socket sync websocket-client websocket-server" X=0 @@ -518,7 +518,7 @@ jobs: done exit $X - name: Test Laravel - if: always() + if: !cancelled() run: | git clone https://github.com/laravel/framework.git --branch=master --depth=1 cd framework @@ -531,7 +531,7 @@ jobs: exit 1 fi - name: Test ReactPHP - if: always() + if: !cancelled() run: | repositories="async cache child-process datagram dns event-loop promise promise-stream promise-timer stream" X=0 @@ -549,7 +549,7 @@ jobs: done exit $X - name: Test Revolt PHP - if: always() + if: !cancelled() run: | git clone https://github.com/revoltphp/event-loop.git --depth=1 cd event-loop @@ -560,7 +560,7 @@ jobs: exit 1 fi - name: Test Symfony - if: always() && !inputs.skip_symfony + if: !cancelled() && !inputs.skip_symfony run: | git clone https://github.com/symfony/symfony.git --depth=1 cd symfony @@ -581,7 +581,7 @@ jobs: done exit $X - name: Test PHPUnit - if: always() + if: !cancelled() run: | git clone https://github.com/sebastianbergmann/phpunit.git --branch=main --depth=1 cd phpunit @@ -592,7 +592,7 @@ jobs: exit 1 fi - name: 'Symfony Preloading' - if: always() && !inputs.skip_symfony + if: !cancelled() && !inputs.skip_symfony run: | php /usr/bin/composer create-project symfony/symfony-demo symfony_demo --no-progress --ignore-platform-reqs cd symfony_demo @@ -600,7 +600,7 @@ jobs: sed -i 's/PHP_SAPI/"cli-server"/g' var/cache/dev/App_KernelDevDebugContainer.preload.php php -d opcache.preload=var/cache/dev/App_KernelDevDebugContainer.preload.php public/index.php - name: Test Wordpress - if: always() && !inputs.skip_wordpress + if: !cancelled() && !inputs.skip_wordpress run: | git clone https://github.com/WordPress/wordpress-develop.git wordpress --depth=1 cd wordpress From 3e6f4702ba2a1e58561b62263a63436d59a4a463 Mon Sep 17 00:00:00 2001 From: Ilija Tovilo Date: Fri, 24 Jan 2025 15:43:22 +0100 Subject: [PATCH 21/52] Fix GHA config yml error --- .github/workflows/nightly.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index c2816d72cf18..4c8ec23b158a 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -427,7 +427,7 @@ jobs: -d zend_extension=opcache.so -d opcache.enable_cli=1 - uses: codecov/codecov-action@v4 - if: !cancelled() + if: ${{ !cancelled() }} with: fail_ci_if_error: true token: ${{ secrets.CODECOV_TOKEN }} @@ -500,7 +500,7 @@ jobs: echo opcache.jit_hot_side_exit=1 >> /etc/php.d/opcache.ini php -v - name: Test AMPHP - if: !cancelled() + if: ${{ !cancelled() }} run: | repositories="amp cache dns file http parallel parser pipeline process serialization socket sync websocket-client websocket-server" X=0 @@ -518,7 +518,7 @@ jobs: done exit $X - name: Test Laravel - if: !cancelled() + if: ${{ !cancelled() }} run: | git clone https://github.com/laravel/framework.git --branch=master --depth=1 cd framework @@ -531,7 +531,7 @@ jobs: exit 1 fi - name: Test ReactPHP - if: !cancelled() + if: ${{ !cancelled() }} run: | repositories="async cache child-process datagram dns event-loop promise promise-stream promise-timer stream" X=0 @@ -549,7 +549,7 @@ jobs: done exit $X - name: Test Revolt PHP - if: !cancelled() + if: ${{ !cancelled() }} run: | git clone https://github.com/revoltphp/event-loop.git --depth=1 cd event-loop @@ -560,7 +560,7 @@ jobs: exit 1 fi - name: Test Symfony - if: !cancelled() && !inputs.skip_symfony + if: ${{ !cancelled() && !inputs.skip_symfony }} run: | git clone https://github.com/symfony/symfony.git --depth=1 cd symfony @@ -581,7 +581,7 @@ jobs: done exit $X - name: Test PHPUnit - if: !cancelled() + if: ${{ !cancelled() }} run: | git clone https://github.com/sebastianbergmann/phpunit.git --branch=main --depth=1 cd phpunit @@ -592,7 +592,7 @@ jobs: exit 1 fi - name: 'Symfony Preloading' - if: !cancelled() && !inputs.skip_symfony + if: ${{ !cancelled() && !inputs.skip_symfony }} run: | php /usr/bin/composer create-project symfony/symfony-demo symfony_demo --no-progress --ignore-platform-reqs cd symfony_demo @@ -600,7 +600,7 @@ jobs: sed -i 's/PHP_SAPI/"cli-server"/g' var/cache/dev/App_KernelDevDebugContainer.preload.php php -d opcache.preload=var/cache/dev/App_KernelDevDebugContainer.preload.php public/index.php - name: Test Wordpress - if: !cancelled() && !inputs.skip_wordpress + if: ${{ !cancelled() && !inputs.skip_wordpress }} run: | git clone https://github.com/WordPress/wordpress-develop.git wordpress --depth=1 cd wordpress From a403b76e8819784cc7a7597d04af171793b26e7a Mon Sep 17 00:00:00 2001 From: "Christoph M. Becker" Date: Sat, 25 Jan 2025 01:44:51 +0100 Subject: [PATCH 22/52] Use preinstalled MySQL for Windows CI Recent hosted GH Windows runners already have MySQL preinstalled, so there is no particular need to install it again via Chocolatey or other means. If we ever need to address more specific needs, we may want to have a look at . Closes GH-17561. Closes GH-17570. --- .github/actions/setup-windows/action.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/actions/setup-windows/action.yml b/.github/actions/setup-windows/action.yml index 4786242455a1..e0a3fd4e7d31 100644 --- a/.github/actions/setup-windows/action.yml +++ b/.github/actions/setup-windows/action.yml @@ -3,10 +3,12 @@ runs: using: composite steps: - name: Setup MySQL - shell: pwsh + shell: cmd run: | - choco install mysql -y --no-progress --params="/port:3306" - mysql.exe --port=3306 --user=root --password="" -e "ALTER USER 'root'@'localhost' IDENTIFIED BY 'Password12!'; FLUSH PRIVILEGES;" + mysqld --initialize-insecure + mysqld --install + net start MySQL + mysql --port=3306 --user=root --password="" -e "ALTER USER 'root'@'localhost' IDENTIFIED BY 'Password12!'; FLUSH PRIVILEGES;" - name: Setup MSSQL shell: pwsh run: | From c99fb059295ed14034be17904f95e90ea80bb917 Mon Sep 17 00:00:00 2001 From: Ilija Tovilo Date: Fri, 24 Jan 2025 14:39:30 +0100 Subject: [PATCH 23/52] Fix mysql mysql_native_password error on CircleCI This is already fixed in higher branches. We'll need to fix this properly when upgrading to MySQL 8.4, which we should do soon as 8.3 is already EOL. Closes GH-17560 --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 2320d2baca9c..d9ad3f7c0a65 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -5,7 +5,7 @@ jobs: resource_class: arm.medium docker: - image: cimg/base:current-22.04 - - image: mysql:8 + - image: mysql:8.3 environment: MYSQL_ALLOW_EMPTY_PASSWORD: true MYSQL_ROOT_PASSWORD: '' From d17d58a9825675e75a7a5473cf4c7aae0334d056 Mon Sep 17 00:00:00 2001 From: Ilija Tovilo Date: Mon, 27 Jan 2025 19:59:49 +0100 Subject: [PATCH 24/52] Fix cve-2014-3538 test Make sure we have a unique test file to work with, and increase the time for the nojit version to match the default version. Closes GH-17600 --- ext/fileinfo/tests/cve-2014-3538-mb.phpt | 2 +- ext/fileinfo/tests/cve-2014-3538-nojit.phpt | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ext/fileinfo/tests/cve-2014-3538-mb.phpt b/ext/fileinfo/tests/cve-2014-3538-mb.phpt index 6e8d32ec5671..81733962ebe6 100644 --- a/ext/fileinfo/tests/cve-2014-3538-mb.phpt +++ b/ext/fileinfo/tests/cve-2014-3538-mb.phpt @@ -32,7 +32,7 @@ if ($t < 3) { Done --CLEAN-- --EXPECTF-- string(%d) "%s" diff --git a/ext/fileinfo/tests/cve-2014-3538-nojit.phpt b/ext/fileinfo/tests/cve-2014-3538-nojit.phpt index f3a5fa7fb4f7..2010d538da95 100644 --- a/ext/fileinfo/tests/cve-2014-3538-nojit.phpt +++ b/ext/fileinfo/tests/cve-2014-3538-nojit.phpt @@ -13,7 +13,7 @@ if (getenv('SKIP_PERF_SENSITIVE')) pcre.jit=0 --FILE-- --EXPECTF-- string(%d) "%s" From 65b990a1e0fd2ce15c4e74301b5a266e00f526f5 Mon Sep 17 00:00:00 2001 From: Ilija Tovilo Date: Tue, 28 Jan 2025 12:44:24 +0100 Subject: [PATCH 25/52] [skip ci] Another flaky macOS phar test --- ext/phar/tests/tar/033.phpt | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ext/phar/tests/tar/033.phpt b/ext/phar/tests/tar/033.phpt index fa6ed5959cc0..f13121951fe5 100644 --- a/ext/phar/tests/tar/033.phpt +++ b/ext/phar/tests/tar/033.phpt @@ -5,6 +5,12 @@ phar --INI-- phar.readonly=0 phar.require_hash=0 +--SKIPIF-- + --FILE-- Date: Tue, 28 Jan 2025 12:58:30 +0100 Subject: [PATCH 26/52] [skip ci] Another flaky macOS phar test --- ext/phar/tests/033.phpt | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ext/phar/tests/033.phpt b/ext/phar/tests/033.phpt index 30d6cf6c5511..4dcff19996d5 100644 --- a/ext/phar/tests/033.phpt +++ b/ext/phar/tests/033.phpt @@ -5,6 +5,12 @@ phar --INI-- phar.readonly=0 phar.require_hash=0 +--SKIPIF-- + --FILE-- Date: Sun, 2 Feb 2025 11:21:45 +0100 Subject: [PATCH 27/52] Relax timezone_IDforWindowsID_basic2.phpt expectations Apparently, some ICU versions report "America/Los_Angeles" for the `ZZ` case, what matches the behavior of ICU 76.1 (on Windows). Possibly, there has been some bug fix backport on some systems. Anyhow, either seems fine, so we're not picky about that. Closes GH-17669. --- ext/intl/tests/timezone_IDforWindowsID_basic2.phpt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ext/intl/tests/timezone_IDforWindowsID_basic2.phpt b/ext/intl/tests/timezone_IDforWindowsID_basic2.phpt index aeb9b1689915..2b8f223dad80 100644 --- a/ext/intl/tests/timezone_IDforWindowsID_basic2.phpt +++ b/ext/intl/tests/timezone_IDforWindowsID_basic2.phpt @@ -24,7 +24,7 @@ foreach ($tzs as $tz => $regions) { } } ?> ---EXPECT-- +--EXPECTF-- ** Gnomeregan bool(false) Error: intltz_get_windows_id: Unknown windows timezone: U_ILLEGAL_ARGUMENT_ERROR @@ -35,7 +35,7 @@ string(19) "America/Los_Angeles" string(17) "America/Vancouver" string(19) "America/Los_Angeles" string(19) "America/Los_Angeles" -string(7) "PST8PDT" +string(%d) "%r(PST8PDT|America\/Los_Angeles)%r" ** Romance Standard Time string(12) "Europe/Paris" string(15) "Europe/Brussels" From d8aedb589c2de5f254c46f9da0dfdbc11433ec20 Mon Sep 17 00:00:00 2001 From: Ilija Tovilo Date: Tue, 4 Feb 2025 14:51:33 +0100 Subject: [PATCH 28/52] [skip ci] Another flaky phar macOS test --- ext/phar/tests/zip/033.phpt | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ext/phar/tests/zip/033.phpt b/ext/phar/tests/zip/033.phpt index de4ba2b71f02..cf5ccd9a5105 100644 --- a/ext/phar/tests/zip/033.phpt +++ b/ext/phar/tests/zip/033.phpt @@ -5,6 +5,12 @@ phar --INI-- phar.readonly=0 phar.require_hash=0 +--SKIPIF-- + --FILE-- Date: Wed, 5 Feb 2025 15:58:25 +0100 Subject: [PATCH 29/52] Fix curl_basic_022.phpt for libcurl 8.12.0 Due to a deliberate change in libcurl, the expiration is now capped to at most 400 days. We could solve this by choosing another date roughly a year in the future, but would need to update the test next year. This would be especially annoying for security branches. Another option would be to actually parse the cookie list lines, but that might not be worth the trouble. Instead we just ignore the exact timestamp created by libcurl. [1] Closes GH-17709. --- ext/curl/tests/curl_basic_022.phpt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ext/curl/tests/curl_basic_022.phpt b/ext/curl/tests/curl_basic_022.phpt index e905dfd885d1..4a2177e06bd4 100644 --- a/ext/curl/tests/curl_basic_022.phpt +++ b/ext/curl/tests/curl_basic_022.phpt @@ -11,10 +11,10 @@ curl_setopt($ch, CURLOPT_COOKIELIST, 'Set-Cookie: C2=v2; expires=Thu, 31-Dec-203 var_dump(curl_getinfo($ch, CURLINFO_COOKIELIST)); ?> ---EXPECT-- +--EXPECTF-- array(2) { [0]=> - string(38) ".php.net TRUE / FALSE 2145916799 C1 v1" + string(38) ".php.net TRUE / FALSE %d C1 v1" [1]=> - string(38) ".php.net TRUE / FALSE 2145916799 C2 v2" + string(38) ".php.net TRUE / FALSE %d C2 v2" } From 726cf51236b03c3922544f1ac521bc1fa9c2643e Mon Sep 17 00:00:00 2001 From: Ilija Tovilo Date: Wed, 5 Feb 2025 13:16:18 +0100 Subject: [PATCH 30/52] Add CONFLICT all to random port test If we're very unlucky, we can get the same port opened as an ephemeral port by some other test. Closes GH-17706 --- ext/standard/tests/network/bug20134.phpt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ext/standard/tests/network/bug20134.phpt b/ext/standard/tests/network/bug20134.phpt index b5a7234f73c4..6692e92b3105 100644 --- a/ext/standard/tests/network/bug20134.phpt +++ b/ext/standard/tests/network/bug20134.phpt @@ -2,6 +2,8 @@ Bug #20134 (UDP reads from invalid ports) --INI-- default_socket_timeout=1 +--CONFLICTS-- +all --FILE-- Date: Mon, 10 Feb 2025 17:44:33 +0100 Subject: [PATCH 31/52] [skip ci] Fix phpize for Windows 11 (24H2) It seems like n === undefined must have worked on older versions of jscript, but currently it just causes the insertion to silently fail. This sets n to an empty string, allowing phpize to include the local config.w32 files. --- NEWS | 7 +++++-- win32/build/phpize.js.in | 1 + 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index aa23510db175..7324aaf5bef5 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,10 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| +?? ??? ????, PHP 8.1.32 + +- Windows: + . Fixed phpize for Windows 11 (24H2). (bwoebi) + 21 Nov 2024, PHP 8.1.31 - CLI: @@ -28,8 +33,6 @@ PHP NEWS . Fixed bug GHSA-r977-prxv-hc43 (Single byte overread with convert.quoted-printable-decode filter). (CVE-2024-11233) (nielsdos) - - 26 Sep 2024, PHP 8.1.30 - CGI: diff --git a/win32/build/phpize.js.in b/win32/build/phpize.js.in index 49871481e890..c5f57737c97d 100644 --- a/win32/build/phpize.js.in +++ b/win32/build/phpize.js.in @@ -91,6 +91,7 @@ function find_config_w32(dirname) deps = get_module_dep(contents); + n = ""; item = new Module_Item(n, c, dir_line, deps, contents); MODULES.Add(n, item); } From f4aadb5537f87afb4ffd5133ff92532f2c1d8e15 Mon Sep 17 00:00:00 2001 From: Shivam Mathur Date: Thu, 30 Jan 2025 11:46:57 +0000 Subject: [PATCH 32/52] ci: add workflow to trigger windows builds --- .github/workflows/windows-builds.yml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 .github/workflows/windows-builds.yml diff --git a/.github/workflows/windows-builds.yml b/.github/workflows/windows-builds.yml new file mode 100644 index 000000000000..6bb4cd897164 --- /dev/null +++ b/.github/workflows/windows-builds.yml @@ -0,0 +1,23 @@ +name: Windows builds +run-name: Windows builds for ${{ inputs.tag || github.ref_name }} +on: + push: + tags: + - 'php-*' + workflow_dispatch: + inputs: + tag: + description: 'Tag version' + required: true + +jobs: + publish: + runs-on: ubuntu-latest + name: Build + steps: + - name: Build + env: + GITHUB_TOKEN: ${{ secrets.WINDOWS_BUILDS_TOKEN }} + run: | + TAG="${{ inputs.tag || github.ref_name }}" + gh workflow run php.yml -R php/php-windows-builder -f php-version="${TAG#php-}" From e71b8cae7e68d0f99d71e66c6cdfab9045c6cafa Mon Sep 17 00:00:00 2001 From: Ilija Tovilo Date: Mon, 24 Feb 2025 12:20:34 +0100 Subject: [PATCH 33/52] [skip ci] Use laravel default branch in community build See: https://github.com/laravel/framework/issues/54754#issuecomment-2678092563 According to this comment, the default branch more actively receives changes throuought the year than master. Hence, it makes more sense to test the default branch. --- .github/workflows/nightly.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 4c8ec23b158a..2377286ca830 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -520,7 +520,7 @@ jobs: - name: Test Laravel if: ${{ !cancelled() }} run: | - git clone https://github.com/laravel/framework.git --branch=master --depth=1 + git clone https://github.com/laravel/framework.git --depth=1 cd framework git rev-parse HEAD php /usr/bin/composer install --no-progress --ignore-platform-reqs From 4694c3e9977e53799870c998991e205056dba4f8 Mon Sep 17 00:00:00 2001 From: Calvin Buckley Date: Mon, 3 Mar 2025 10:04:02 -0400 Subject: [PATCH 34/52] Attempt at ppc64 CI (#17945) This assumes gentoo (which has best ppc64be support of mainstream distributions). (Rebased onto the new workflow_call approach) --- .github/actions/configure-gentoo/action.yml | 81 +++++++++++++++++++++ .github/actions/test-gentoo/action.yml | 34 +++++++++ .github/workflows/nightly.yml | 46 ++++++++++++ .github/workflows/root.yml | 1 + 4 files changed, 162 insertions(+) create mode 100644 .github/actions/configure-gentoo/action.yml create mode 100644 .github/actions/test-gentoo/action.yml diff --git a/.github/actions/configure-gentoo/action.yml b/.github/actions/configure-gentoo/action.yml new file mode 100644 index 000000000000..e1ae914681fb --- /dev/null +++ b/.github/actions/configure-gentoo/action.yml @@ -0,0 +1,81 @@ +name: ./configure +inputs: + configurationParameters: + default: '' + required: false + skipSlow: + default: false + required: false +runs: + using: composite + steps: + - shell: bash + run: | + set -x + ./buildconf --force + ./configure \ + --enable-option-checking=fatal \ + --prefix=/usr \ + --with-libdir=lib64 \ + --enable-phpdbg \ + --enable-fpm \ + --with-pdo-mysql=mysqlnd \ + --with-mysqli=mysqlnd \ + ${{ inputs.skipSlow == 'false' && '--with-pgsql' || '' }} \ + ${{ inputs.skipSlow == 'false' && '--with-pdo-pgsql' || '' }} \ + ${{ inputs.skipSlow == 'false' && '--with-pdo-sqlite' || '' }} \ + --enable-intl \ + --without-pear \ + --enable-gd \ + --with-jpeg \ + --with-webp \ + --with-freetype \ + --with-xpm \ + --enable-exif \ + --with-zip \ + --with-zlib \ + --enable-soap \ + --enable-xmlreader \ + --with-xsl \ + ${{ inputs.skipSlow == 'false' && '--with-tidy' || '' }} \ + --enable-sysvsem \ + --enable-sysvshm \ + --enable-shmop \ + --enable-pcntl \ + --with-readline \ + --enable-mbstring \ + --with-iconv \ + --with-curl \ + --with-gettext \ + --enable-sockets \ + --with-bz2 \ + --with-openssl \ + --with-gmp \ + --enable-bcmath \ + --enable-calendar \ + --enable-ftp \ + ${{ inputs.skipSlow == 'false' && '--with-enchant=/usr' || '' }} \ + --enable-sysvmsg \ + --with-ffi \ + --enable-zend-test \ + ${{ inputs.skipSlow == 'false' && '--enable-dl-test=shared' || '' }} \ + ${{ inputs.skipSlow == 'false' && '--with-ldap' || '' }} \ + ${{ inputs.skipSlow == 'false' && '--with-ldap-sasl' || '' }} \ + --with-password-argon2 \ + --with-mhash \ + --with-sodium \ + --enable-dba \ + --with-cdb \ + --enable-flatfile \ + --enable-inifile \ + --with-tcadb \ + --with-lmdb \ + --with-qdbm \ + ${{ inputs.skipSlow == 'false' && '--with-snmp' || '' }} \ + ${{ inputs.skipSlow == 'false' && '--with-unixODBC' || '' }} \ + ${{ inputs.skipSlow == 'false' && '--with-pdo-odbc=unixODBC,/usr' || '' }} \ + --with-config-file-path=/etc \ + --with-config-file-scan-dir=/etc/php.d \ + ${{ inputs.skipSlow == 'false' && '--with-pdo-dblib' || '' }} \ + --enable-werror \ + ${{ inputs.configurationParameters }} || cat config.log diff --git a/.github/actions/test-gentoo/action.yml b/.github/actions/test-gentoo/action.yml new file mode 100644 index 000000000000..ec9fb0b70c6a --- /dev/null +++ b/.github/actions/test-gentoo/action.yml @@ -0,0 +1,34 @@ +name: Test +inputs: + runTestsParameters: + default: '' + required: false +runs: + using: composite + steps: + - shell: bash + run: | + set -x + # XXX: Set up other database tests? + # XXX: These tests are not running containerized + export MYSQL_TEST_USER=ci + export MYSQL_TEST_PASSWD=ci + if [[ -z "$PDO_MYSQL_TEST_DSN" ]]; then + export PDO_MYSQL_TEST_DSN="mysql:host=localhost;dbname=test" + fi + export PDO_MYSQL_TEST_USER=ci + export PDO_MYSQL_TEST_PASS=ci + export PGSQL_TEST_CONNSTR="host=localhost dbname=test port=5432 user=ci password=ci" + if [[ -z "$PDO_PGSQL_TEST_DSN" ]]; then + export PDO_PGSQL_TEST_DSN="pgsql:host=localhost port=5432 dbname=test user=ci password=ci" + fi + # Slow tests criteron is doubled because this runner isn't as fast as others + export SKIP_IO_CAPTURE_TESTS=1 + export STACK_LIMIT_DEFAULTS_CHECK=1 + sapi/cli/php run-tests.php -P -q ${{ inputs.runTestsParameters }} \ + -j$(nproc) \ + -g FAIL,BORK,LEAK,XLEAK \ + --no-progress \ + --show-diff \ + --show-slow 2000 \ + --set-timeout 120 diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 2377286ca830..7993c1b6e358 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -17,6 +17,9 @@ on: run_alpine: required: true type: boolean + run_linux_ppc64: + required: true + type: boolean run_macos_arm64: required: true type: boolean @@ -35,6 +38,49 @@ on: permissions: contents: read jobs: + LINUX_PPC64: + if: inputs.run_linux_ppc64 + name: LINUX_PPC64_ASAN_UBSAN_DEBUG_ZTS + # This runs on a self-hosted runner; see https://wiki.php.net/systems/ci + runs-on: [self-hosted, gentoo, ppc64] + steps: + - name: git checkout + uses: actions/checkout@v4 + with: + ref: ${{ inputs.branch }} + - name: System info + run: | + echo "::group::Show host CPU info" + lscpu + echo "::endgroup::" + echo "::group::Show installed packages" + cat /var/lib/portage/world + echo "::endgroup::" + - name: ./configure + uses: ./.github/actions/configure-gentoo + with: + configurationParameters: >- + CFLAGS="-fsanitize=undefined,address -fno-sanitize=function -DZEND_TRACK_ARENA_ALLOC" + LDFLAGS="-fsanitize=undefined,address -fno-sanitize=function" + CC=clang-17 + CXX=clang++-17 + --enable-debug + --enable-zts + skipSlow: false # FIXME: This should likely include slow extensions + - name: make + run: make -j$(/usr/bin/nproc) >/dev/null + # Skip an install action for now + - name: Tests + uses: ./.github/actions/test-gentoo + # There is no PPC JIT, so rip this out + with: + runTestsParameters: >- + --asan -x + - name: Notify Slack + if: failure() + uses: ./.github/actions/notify-slack + with: + token: ${{ secrets.ACTION_MONITORING_SLACK }} ALPINE: if: inputs.run_alpine name: ALPINE_X64_ASAN_UBSAN_DEBUG_ZTS diff --git a/.github/workflows/root.yml b/.github/workflows/root.yml index 5cdd70489343..25b7a6baadef 100644 --- a/.github/workflows/root.yml +++ b/.github/workflows/root.yml @@ -53,6 +53,7 @@ jobs: community_verify_type_inference: ${{ (matrix.branch.version[0] == 8 && matrix.branch.version[1] >= 4) || matrix.branch.version[0] >= 9 }} libmysqlclient_with_mysqli: ${{ (matrix.branch.version[0] == 8 && matrix.branch.version[1] == 1) }} run_alpine: ${{ (matrix.branch.version[0] == 8 && matrix.branch.version[1] >= 4) || matrix.branch.version[0] >= 9 }} + run_linux_ppc64: ${{ (matrix.branch.version[0] == 8 && matrix.branch.version[1] >= 4) || matrix.branch.version[0] >= 9 }} run_macos_arm64: ${{ (matrix.branch.version[0] == 8 && matrix.branch.version[1] >= 4) || matrix.branch.version[0] >= 9 }} ubuntu_version: ${{ (((matrix.branch.version[0] == 8 && matrix.branch.version[1] >= 5) || matrix.branch.version[0] >= 9) && '24.04') From dc6586dd9d4bfa94cd6424a81a91c4f1f183f611 Mon Sep 17 00:00:00 2001 From: Calvin Buckley Date: Wed, 5 Mar 2025 10:17:39 -0400 Subject: [PATCH 35/52] Skip mysqli/tests/bug73462 on PPC CI (#17971) * Skip this test on PPC CI Seems to be unfortunately flaky with persistent connections. * use spaces in phpt file --- ext/mysqli/tests/bug73462.phpt | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ext/mysqli/tests/bug73462.phpt b/ext/mysqli/tests/bug73462.phpt index a5ae94acffa8..c4d68ca4f593 100644 --- a/ext/mysqli/tests/bug73462.phpt +++ b/ext/mysqli/tests/bug73462.phpt @@ -5,6 +5,13 @@ mysqli --SKIPIF-- --FILE-- Date: Thu, 6 Mar 2025 15:01:30 +0100 Subject: [PATCH 36/52] Fix flaky DatePeriod test $start and $end use the H:i:s from the current time. If $end happens on a second boundary, $start + 4 days will include $end, thus performing an extra iteration. Fix this by setting H:i:s to 00:00:00. --- ext/date/tests/DatePeriod_no_advance_on_valid.phpt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ext/date/tests/DatePeriod_no_advance_on_valid.phpt b/ext/date/tests/DatePeriod_no_advance_on_valid.phpt index 6a8a9d0f5d04..936861ca172c 100644 --- a/ext/date/tests/DatePeriod_no_advance_on_valid.phpt +++ b/ext/date/tests/DatePeriod_no_advance_on_valid.phpt @@ -3,8 +3,8 @@ Date Period iterators do not advance on valid() --FILE-- getIterator(); From 5fcc8d4cd19552b5ea7c154a0040832b10e4fab6 Mon Sep 17 00:00:00 2001 From: Ilija Tovilo Date: Thu, 6 Mar 2025 15:24:15 +0100 Subject: [PATCH 37/52] Upgrade security branches to Ubuntu 22.04 20.04 goes out of security support in 2 months. Backporting various commits. See d98963a0713662c567091cdb09a7c9d97a067ce4 See af721c9c361643df13a8137d22de9acde82512e5 See 378b79b90c64997b6fded3381bc5fc8443115b64 Closes GH-17963 --- .github/actions/setup-mssql/action.yml | 2 +- .github/actions/setup-x64/action.yml | 2 +- .github/scripts/setup-slapd.sh | 6 ++++-- .github/workflows/push.yml | 2 +- .github/workflows/root.yml | 5 ++--- Zend/zend_portability.h | 24 ++++++++++++++++++++++++ ext/imap/php_imap.c | 16 +++++++++++++--- ext/imap/php_imap.h | 2 ++ ext/oci8/php_oci8_int.h | 2 ++ ext/opcache/jit/dynasm/dasm_x86.h | 7 +++++++ ext/pdo/pdo_dbh.c | 2 +- ext/pdo_oci/php_pdo_oci_int.h | 9 +++++++++ ext/soap/php_encoding.c | 9 ++++++++- 13 files changed, 75 insertions(+), 13 deletions(-) diff --git a/.github/actions/setup-mssql/action.yml b/.github/actions/setup-mssql/action.yml index c069744a21b5..dd372a5637aa 100644 --- a/.github/actions/setup-mssql/action.yml +++ b/.github/actions/setup-mssql/action.yml @@ -11,4 +11,4 @@ runs: -p 1433:1433 \ --name sql1 \ -h sql1 \ - -d mcr.microsoft.com/mssql/server:2019-CU8-ubuntu-16.04 + -d mcr.microsoft.com/mssql/server:2022-CU14-ubuntu-22.04 diff --git a/.github/actions/setup-x64/action.yml b/.github/actions/setup-x64/action.yml index d03a51f455b3..9d49107fb3ca 100644 --- a/.github/actions/setup-x64/action.yml +++ b/.github/actions/setup-x64/action.yml @@ -7,7 +7,7 @@ runs: set -x sudo service slapd start - docker exec sql1 /opt/mssql-tools/bin/sqlcmd -S 127.0.0.1 -U SA -P "" -Q "create login pdo_test with password='password', check_policy=off; create user pdo_test for login pdo_test; grant alter, control to pdo_test;" + docker exec sql1 /opt/mssql-tools18/bin/sqlcmd -S 127.0.0.1 -U SA -C -P "" -Q "create login pdo_test with password='password', check_policy=off; create user pdo_test for login pdo_test; grant alter, control to pdo_test;" sudo locale-gen de_DE ./.github/scripts/setup-slapd.sh diff --git a/.github/scripts/setup-slapd.sh b/.github/scripts/setup-slapd.sh index ec0b2d306044..fcaa67d0a5f7 100755 --- a/.github/scripts/setup-slapd.sh +++ b/.github/scripts/setup-slapd.sh @@ -1,5 +1,5 @@ #!/bin/sh -set -ex +set -e # Create TLS certificate sudo mkdir -p /etc/ldap/ssl @@ -42,7 +42,9 @@ sudo sed -e 's|^\s*SLAPD_SERVICES\s*=.*$|SLAPD_SERVICES="ldap:/// ldaps:/// ldap # Configure LDAP database. DBDN=`sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config '(&(olcRootDN=*)(olcSuffix=*))' dn | grep -i '^dn:' | sed -e 's/^dn:\s*//'`; -sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/ppolicy.ldif +if test -f "/etc/ldap/schema/ppolicy.ldif"; then + sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/ppolicy.ldif +fi sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// << EOF dn: $DBDN diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 5264a3d290fa..ddc90935018b 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -68,7 +68,7 @@ jobs: - debug: false zts: true name: "LINUX_X64_${{ matrix.debug && 'DEBUG' || 'RELEASE' }}_${{ matrix.zts && 'ZTS' || 'NTS' }}" - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - name: git checkout uses: actions/checkout@v4 diff --git a/.github/workflows/root.yml b/.github/workflows/root.yml index 25b7a6baadef..2bb895e96b66 100644 --- a/.github/workflows/root.yml +++ b/.github/workflows/root.yml @@ -48,7 +48,7 @@ jobs: with: asan_ubuntu_version: ${{ (((matrix.branch.version[0] == 8 && matrix.branch.version[1] >= 5) || matrix.branch.version[0] >= 9) && '24.04') - || '20.04' }} + || '22.04' }} branch: ${{ matrix.branch.ref }} community_verify_type_inference: ${{ (matrix.branch.version[0] == 8 && matrix.branch.version[1] >= 4) || matrix.branch.version[0] >= 9 }} libmysqlclient_with_mysqli: ${{ (matrix.branch.version[0] == 8 && matrix.branch.version[1] == 1) }} @@ -57,8 +57,7 @@ jobs: run_macos_arm64: ${{ (matrix.branch.version[0] == 8 && matrix.branch.version[1] >= 4) || matrix.branch.version[0] >= 9 }} ubuntu_version: ${{ (((matrix.branch.version[0] == 8 && matrix.branch.version[1] >= 5) || matrix.branch.version[0] >= 9) && '24.04') - || ((matrix.branch.version[0] == 8 && matrix.branch.version[1] >= 3) && '22.04') - || '20.04' }} + || '22.04' }} windows_version: ${{ ((matrix.branch.version[0] == 8 && matrix.branch.version[1] >= 4) || matrix.branch.version[0] >= 9) && '2022' || '2019' }} skip_symfony: ${{ matrix.branch.version[0] == 8 && matrix.branch.version[1] == 1 }} skip_wordpress: ${{ matrix.branch.version[0] == 8 && matrix.branch.version[1] == 1 }} diff --git a/Zend/zend_portability.h b/Zend/zend_portability.h index 8f545ecba807..120b166f7ce8 100644 --- a/Zend/zend_portability.h +++ b/Zend/zend_portability.h @@ -685,4 +685,28 @@ extern "C++" { # define ZEND_INDIRECT_RETURN #endif +#define __ZEND_DO_PRAGMA(x) _Pragma(#x) +#define _ZEND_DO_PRAGMA(x) __ZEND_DO_PRAGMA(x) +#if defined(__clang__) +# define ZEND_DIAGNOSTIC_IGNORED_START(warning) \ + _Pragma("clang diagnostic push") \ + _ZEND_DO_PRAGMA(clang diagnostic ignored warning) +# define ZEND_DIAGNOSTIC_IGNORED_END \ + _Pragma("clang diagnostic pop") +#elif defined(__GNUC__) +# define ZEND_DIAGNOSTIC_IGNORED_START(warning) \ + _Pragma("GCC diagnostic push") \ + _ZEND_DO_PRAGMA(GCC diagnostic ignored warning) +# define ZEND_DIAGNOSTIC_IGNORED_END \ + _Pragma("GCC diagnostic pop") +#else +# define ZEND_DIAGNOSTIC_IGNORED_START(warning) +# define ZEND_DIAGNOSTIC_IGNORED_END +#endif + +/** @deprecated */ +#define ZEND_CGG_DIAGNOSTIC_IGNORED_START ZEND_DIAGNOSTIC_IGNORED_START +/** @deprecated */ +#define ZEND_CGG_DIAGNOSTIC_IGNORED_END ZEND_DIAGNOSTIC_IGNORED_END + #endif /* ZEND_PORTABILITY_H */ diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c index 59244b664d7d..5c45e213aa58 100644 --- a/ext/imap/php_imap.c +++ b/ext/imap/php_imap.c @@ -695,11 +695,9 @@ PHP_RINIT_FUNCTION(imap) } /* }}} */ -/* {{{ PHP_RSHUTDOWN_FUNCTION */ -PHP_RSHUTDOWN_FUNCTION(imap) +static void free_errorlist(void) { ERRORLIST *ecur = NIL; - STRINGLIST *acur = NIL; if (IMAPG(imap_errorstack) != NIL) { /* output any remaining errors at their original error level */ @@ -715,6 +713,11 @@ PHP_RSHUTDOWN_FUNCTION(imap) mail_free_errorlist(&IMAPG(imap_errorstack)); IMAPG(imap_errorstack) = NIL; } +} + +static void free_stringlist(void) +{ + STRINGLIST *acur = NIL; if (IMAPG(imap_alertstack) != NIL) { /* output any remaining alerts at E_NOTICE level */ @@ -730,6 +733,13 @@ PHP_RSHUTDOWN_FUNCTION(imap) mail_free_stringlist(&IMAPG(imap_alertstack)); IMAPG(imap_alertstack) = NIL; } +} + +/* {{{ PHP_RSHUTDOWN_FUNCTION */ +PHP_RSHUTDOWN_FUNCTION(imap) +{ + free_errorlist(); + free_stringlist(); return SUCCESS; } /* }}} */ diff --git a/ext/imap/php_imap.h b/ext/imap/php_imap.h index ce32d3cda8d9..24019521d61b 100644 --- a/ext/imap/php_imap.h +++ b/ext/imap/php_imap.h @@ -47,7 +47,9 @@ # endif /* these are used for quota support */ + ZEND_DIAGNOSTIC_IGNORED_START("-Wstrict-prototypes") # include "c-client.h" /* includes mail.h and rfc822.h */ + ZEND_DIAGNOSTIC_IGNORED_END # include "imap4r1.h" /* location of c-client quota functions */ #else # include "mail.h" diff --git a/ext/oci8/php_oci8_int.h b/ext/oci8/php_oci8_int.h index 171edfa53d24..0851f74f3f41 100644 --- a/ext/oci8/php_oci8_int.h +++ b/ext/oci8/php_oci8_int.h @@ -53,7 +53,9 @@ /* }}} */ #include "ext/standard/php_string.h" +ZEND_DIAGNOSTIC_IGNORED_START("-Wstrict-prototypes") #include +ZEND_DIAGNOSTIC_IGNORED_END extern int le_connection; extern int le_pconnection; diff --git a/ext/opcache/jit/dynasm/dasm_x86.h b/ext/opcache/jit/dynasm/dasm_x86.h index 618925c2d257..098b226b06a1 100644 --- a/ext/opcache/jit/dynasm/dasm_x86.h +++ b/ext/opcache/jit/dynasm/dasm_x86.h @@ -124,7 +124,14 @@ void dasm_free(Dst_DECL) void dasm_setupglobal(Dst_DECL, void **gl, unsigned int maxgl) { dasm_State *D = Dst_REF; +#ifdef __GNUC__ +# pragma GCC diagnostic push +# pragma GCC diagnostic ignored "-Warray-bounds" +#endif D->globals = gl - 10; /* Negative bias to compensate for locals. */ +#ifdef __GNUC__ +# pragma GCC diagnostic pop +#endif DASM_M_GROW(Dst, int, D->lglabels, D->lgsize, (10+maxgl)*sizeof(int)); } diff --git a/ext/pdo/pdo_dbh.c b/ext/pdo/pdo_dbh.c index 9544a7215bbf..d15bb3ac233f 100644 --- a/ext/pdo/pdo_dbh.c +++ b/ext/pdo/pdo_dbh.c @@ -81,7 +81,7 @@ void pdo_raise_impl_error(pdo_dbh_t *dbh, pdo_stmt_t *stmt, const char *sqlstate pdo_err = &stmt->error_code; } - strncpy(*pdo_err, sqlstate, 6); + memcpy(*pdo_err, sqlstate, sizeof(pdo_error_type)); /* hash sqlstate to error messages */ msg = pdo_sqlstate_state_to_description(*pdo_err); diff --git a/ext/pdo_oci/php_pdo_oci_int.h b/ext/pdo_oci/php_pdo_oci_int.h index dbffb22d092f..dd513ff94e06 100644 --- a/ext/pdo_oci/php_pdo_oci_int.h +++ b/ext/pdo_oci/php_pdo_oci_int.h @@ -14,7 +14,14 @@ +----------------------------------------------------------------------+ */ +#ifndef PHP_PDO_OCI_INT_H +#define PHP_PDO_OCI_INT_H + +#include "zend_portability.h" + +ZEND_DIAGNOSTIC_IGNORED_START("-Wstrict-prototypes") #include +ZEND_DIAGNOSTIC_IGNORED_END typedef struct { const char *file; @@ -105,3 +112,5 @@ enum { PDO_OCI_ATTR_MODULE, PDO_OCI_ATTR_CALL_TIMEOUT }; + +#endif /* PHP_PDO_OCI_INT_H */ diff --git a/ext/soap/php_encoding.c b/ext/soap/php_encoding.c index 20f60f48d6a2..4d389a8c5857 100644 --- a/ext/soap/php_encoding.c +++ b/ext/soap/php_encoding.c @@ -2388,7 +2388,14 @@ static xmlNodePtr to_xml_array(encodeTypePtr type, zval *data, int style, xmlNod if (style == SOAP_ENCODED) { if (soap_version == SOAP_1_1) { smart_str_0(&array_type); - if (strcmp(ZSTR_VAL(array_type.s),"xsd:anyType") == 0) { +#if defined(__GNUC__) && __GNUC__ >= 11 + ZEND_DIAGNOSTIC_IGNORED_START("-Wstringop-overread") +#endif + bool is_xsd_any_type = strcmp(ZSTR_VAL(array_type.s),"xsd:anyType") == 0; +#if defined(__GNUC__) && __GNUC__ >= 11 + ZEND_DIAGNOSTIC_IGNORED_END +#endif + if (is_xsd_any_type) { smart_str_free(&array_type); smart_str_appendl(&array_type,"xsd:ur-type",sizeof("xsd:ur-type")-1); } From 5e8aff2c5fdd4c278446f85b267aab680a9fdca3 Mon Sep 17 00:00:00 2001 From: Calvin Buckley Date: Fri, 7 Mar 2025 10:39:14 -0400 Subject: [PATCH 38/52] Remove "Notify Slack" on ppc nightly workflow (#17993) We get weird failures at here, and Ilija was talking about possibly removing it in general. --- .github/workflows/nightly.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 7993c1b6e358..c9e685060431 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -76,11 +76,6 @@ jobs: with: runTestsParameters: >- --asan -x - - name: Notify Slack - if: failure() - uses: ./.github/actions/notify-slack - with: - token: ${{ secrets.ACTION_MONITORING_SLACK }} ALPINE: if: inputs.run_alpine name: ALPINE_X64_ASAN_UBSAN_DEBUG_ZTS From b0858427aaccdae0db6764c0e86ae9489a92032e Mon Sep 17 00:00:00 2001 From: Ilija Tovilo Date: Fri, 24 Mar 2023 10:13:25 +0100 Subject: [PATCH 39/52] Suppress snmp lib memory leak, skip ASAN tests I don't know enough about this library to fix those :( Cherry-picked from: be4db6b5505fb32489a5bf2723ea85b7af8d4fac ba1d9d0ab2cfae4c438513b7016c40b843868ac0 --- .github/lsan-suppressions.txt | 1 + ext/snmp/tests/snmp-object-errno-errstr.phpt | 1 + ext/snmp/tests/snmp-object-error.phpt | 1 + ext/snmp/tests/snmp2_get.phpt | 1 + ext/snmp/tests/snmp2_set-nomib.phpt | 1 + ext/snmp/tests/snmp2_walk.phpt | 1 + ext/snmp/tests/snmp3-error.phpt | 1 + ext/snmp/tests/snmp_getvalue.phpt | 1 + ext/snmp/tests/snmpget.phpt | 1 + ext/snmp/tests/snmpset-nomib.phpt | 1 + ext/snmp/tests/snmpwalk.phpt | 1 + 11 files changed, 11 insertions(+) diff --git a/.github/lsan-suppressions.txt b/.github/lsan-suppressions.txt index 5c2ee76e4607..f547205d985b 100644 --- a/.github/lsan-suppressions.txt +++ b/.github/lsan-suppressions.txt @@ -1 +1,2 @@ leak:acommon::DictInfoList::elements +leak:netsnmp_init_mib_internals diff --git a/ext/snmp/tests/snmp-object-errno-errstr.phpt b/ext/snmp/tests/snmp-object-errno-errstr.phpt index 831a9f3319db..783191c2c00d 100644 --- a/ext/snmp/tests/snmp-object-errno-errstr.phpt +++ b/ext/snmp/tests/snmp-object-errno-errstr.phpt @@ -7,6 +7,7 @@ snmp --SKIPIF-- --FILE-- --FILE-- --FILE-- --ENV-- MIBS= diff --git a/ext/snmp/tests/snmp2_walk.phpt b/ext/snmp/tests/snmp2_walk.phpt index 4cd9b3a85b6f..fcf14424ca05 100644 --- a/ext/snmp/tests/snmp2_walk.phpt +++ b/ext/snmp/tests/snmp2_walk.phpt @@ -7,6 +7,7 @@ snmp --SKIPIF-- --FILE-- --FILE-- --FILE-- --FILE-- --ENV-- MIBS= diff --git a/ext/snmp/tests/snmpwalk.phpt b/ext/snmp/tests/snmpwalk.phpt index b0e8a8a8afd1..61ef33a70a29 100644 --- a/ext/snmp/tests/snmpwalk.phpt +++ b/ext/snmp/tests/snmpwalk.phpt @@ -7,6 +7,7 @@ snmp --SKIPIF-- --FILE-- Date: Sat, 8 Mar 2025 15:21:18 +0100 Subject: [PATCH 40/52] Increase CircleCI no_output_timeout Closes GH-18002 --- .circleci/config.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index d9ad3f7c0a65..b440bd643e6f 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -166,6 +166,7 @@ jobs: `#--enable-werror` - run: name: make + no_output_timeout: 30m command: make -j2 > /dev/null - run: name: make install @@ -177,6 +178,7 @@ jobs: echo opcache.protect_memory=1 >> /etc/php.d/opcache.ini - run: name: Test + no_output_timeout: 30m command: | sapi/cli/php run-tests.php \ -d zend_extension=opcache.so \ From f209eb448e765fd920ab79c0abaf083ea275529b Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Mon, 10 Mar 2025 20:22:11 +0100 Subject: [PATCH 41/52] Fix tests for libxml2 2.14 See GH-18009. --- ext/dom/tests/DOMDocument_loadHTMLfile_variation1.phpt | 4 ++++ ext/dom/tests/bug69679.phpt | 4 ++-- ext/dom/tests/bug78025.phpt | 3 +-- ext/dom/tests/bug80268_2.phpt | 7 ++----- ext/simplexml/tests/bug51615.phpt | 7 ++----- 5 files changed, 11 insertions(+), 14 deletions(-) diff --git a/ext/dom/tests/DOMDocument_loadHTMLfile_variation1.phpt b/ext/dom/tests/DOMDocument_loadHTMLfile_variation1.phpt index 3519a9fa215f..f6ebd25761b0 100644 --- a/ext/dom/tests/DOMDocument_loadHTMLfile_variation1.phpt +++ b/ext/dom/tests/DOMDocument_loadHTMLfile_variation1.phpt @@ -8,6 +8,10 @@ Antonio Diaz Ruiz assert.bail=true --EXTENSIONS-- dom +--SKIPIF-- += 21400) die("skip libxml >= 2.14 no longer has this non-standard warning"); +?> --FILE-- U+0000 loadHTML($html); print($doc->saveHTML()); ?> ---EXPECT-- +--EXPECTF-- -U+0000 +U+0000 %r(�|)%r diff --git a/ext/dom/tests/bug78025.phpt b/ext/dom/tests/bug78025.phpt index 910f7728c3c2..d6f84939c5f1 100644 --- a/ext/dom/tests/bug78025.phpt +++ b/ext/dom/tests/bug78025.phpt @@ -6,9 +6,8 @@ dom "; $dom = new DOMDocument; -$dom->loadHTML($htm); +$dom->loadHTML($htm, LIBXML_NOERROR); var_dump($dom->doctype->name); ?> --EXPECTF-- -Warning: DOMDocument::loadHTML(): htmlParseDocTypeDecl : no DOCTYPE name ! in Entity, line: 1 in %s on line %d string(0) "" diff --git a/ext/dom/tests/bug80268_2.phpt b/ext/dom/tests/bug80268_2.phpt index af8cf7faca5a..dcde29e6835a 100644 --- a/ext/dom/tests/bug80268_2.phpt +++ b/ext/dom/tests/bug80268_2.phpt @@ -9,13 +9,13 @@ if (LIBXML_VERSION < 20912) die('skip For libxml2 >= 2.9.12 only'); --FILE-- loadHTML("

foo\0bar

"); +$doc->loadHTML("

foo\0bar

", LIBXML_NOERROR); $html = $doc->saveHTML(); var_dump(strpos($html, '

foo

') !== false); file_put_contents(__DIR__ . '/80268.html', "

foo\0bar

"); $doc = new DOMDocument; -$doc->loadHTMLFile(__DIR__ . '/80268.html'); +$doc->loadHTMLFile(__DIR__ . '/80268.html', LIBXML_NOERROR); $html = $doc->saveHTML(); var_dump(strpos($html, '

foo

') !== false); ?> @@ -24,8 +24,5 @@ var_dump(strpos($html, '

foo

') !== false); unlink(__DIR__ . '/80268.html'); ?> --EXPECTF-- -Warning: DOMDocument::loadHTML(): Char 0x0 out of allowed range in Entity, line: 1 in %s on line %d bool(false) - -Warning: DOMDocument::loadHTMLFile(): Char 0x0 out of allowed range in %s on line %d bool(false) diff --git a/ext/simplexml/tests/bug51615.phpt b/ext/simplexml/tests/bug51615.phpt index b0ac921fead2..7245434ff557 100644 --- a/ext/simplexml/tests/bug51615.phpt +++ b/ext/simplexml/tests/bug51615.phpt @@ -7,7 +7,7 @@ dom loadHTML('xx'); +$dom->loadHTML('xx', LIBXML_NOERROR); $html = simplexml_import_dom($dom); var_dump($html->body->span); @@ -18,15 +18,12 @@ foreach ($html->body->span as $obj) { ?> --EXPECTF-- -Warning: DOMDocument::loadHTML(): error parsing attribute name in Entity, line: 1 in %s on line %d - -Warning: DOMDocument::loadHTML(): error parsing attribute name in Entity, line: 1 in %s on line %d object(SimpleXMLElement)#%d (3) { ["@attributes"]=> array(2) { ["title"]=> string(0) "" - ["y"]=> + [%r("y"{1,2})%r]=> string(0) "" } [0]=> From d20b4c97a9f883b62b65b82d939c5af9a2028ef1 Mon Sep 17 00:00:00 2001 From: Jakub Zelenka Date: Tue, 31 Dec 2024 18:57:02 +0100 Subject: [PATCH 42/52] Fix GHSA-ghsa-v8xr-gpvj-cx9g: http header folding MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This adds HTTP header folding support for HTTP wrapper response headers. Reviewed-by: Tim Düsterhus --- ext/standard/http_fopen_wrapper.c | 343 ++++++++++++------ .../tests/http/ghsa-v8xr-gpvj-cx9g-001.phpt | 49 +++ .../tests/http/ghsa-v8xr-gpvj-cx9g-002.phpt | 51 +++ .../tests/http/ghsa-v8xr-gpvj-cx9g-003.phpt | 49 +++ .../tests/http/ghsa-v8xr-gpvj-cx9g-004.phpt | 48 +++ .../tests/http/ghsa-v8xr-gpvj-cx9g-005.phpt | 48 +++ .../tests/http/http_response_header_05.phpt | 30 -- 7 files changed, 484 insertions(+), 134 deletions(-) create mode 100644 ext/standard/tests/http/ghsa-v8xr-gpvj-cx9g-001.phpt create mode 100644 ext/standard/tests/http/ghsa-v8xr-gpvj-cx9g-002.phpt create mode 100644 ext/standard/tests/http/ghsa-v8xr-gpvj-cx9g-003.phpt create mode 100644 ext/standard/tests/http/ghsa-v8xr-gpvj-cx9g-004.phpt create mode 100644 ext/standard/tests/http/ghsa-v8xr-gpvj-cx9g-005.phpt delete mode 100644 ext/standard/tests/http/http_response_header_05.phpt diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c index 0a1cf0c5bf04..66f356222b4e 100644 --- a/ext/standard/http_fopen_wrapper.c +++ b/ext/standard/http_fopen_wrapper.c @@ -115,6 +115,171 @@ static bool check_has_header(const char *headers, const char *header) { return 0; } +typedef struct _php_stream_http_response_header_info { + php_stream_filter *transfer_encoding; + size_t file_size; + bool follow_location; + char location[HTTP_HEADER_BLOCK_SIZE]; +} php_stream_http_response_header_info; + +static void php_stream_http_response_header_info_init( + php_stream_http_response_header_info *header_info) +{ + header_info->transfer_encoding = NULL; + header_info->file_size = 0; + header_info->follow_location = 1; + header_info->location[0] = '\0'; +} + +/* Trim white spaces from response header line and update its length */ +static bool php_stream_http_response_header_trim(char *http_header_line, + size_t *http_header_line_length) +{ + char *http_header_line_end = http_header_line + *http_header_line_length - 1; + while (http_header_line_end >= http_header_line && + (*http_header_line_end == '\n' || *http_header_line_end == '\r')) { + http_header_line_end--; + } + + /* The primary definition of an HTTP header in RFC 7230 states: + * > Each header field consists of a case-insensitive field name followed + * > by a colon (":"), optional leading whitespace, the field value, and + * > optional trailing whitespace. */ + + /* Strip trailing whitespace */ + bool space_trim = (*http_header_line_end == ' ' || *http_header_line_end == '\t'); + if (space_trim) { + do { + http_header_line_end--; + } while (http_header_line_end >= http_header_line && + (*http_header_line_end == ' ' || *http_header_line_end == '\t')); + } + http_header_line_end++; + *http_header_line_end = '\0'; + *http_header_line_length = http_header_line_end - http_header_line; + + return space_trim; +} + +/* Process folding headers of the current line and if there are none, parse last full response + * header line. It returns NULL if the last header is finished, otherwise it returns updated + * last header line. */ +static zend_string *php_stream_http_response_headers_parse(php_stream *stream, + php_stream_context *context, int options, zend_string *last_header_line_str, + char *header_line, size_t *header_line_length, int response_code, + zval *response_header, php_stream_http_response_header_info *header_info) +{ + char *last_header_line = ZSTR_VAL(last_header_line_str); + size_t last_header_line_length = ZSTR_LEN(last_header_line_str); + char *last_header_line_end = ZSTR_VAL(last_header_line_str) + ZSTR_LEN(last_header_line_str) - 1; + + /* Process non empty header line. */ + if (header_line && (*header_line != '\n' && *header_line != '\r')) { + /* Removing trailing white spaces. */ + if (php_stream_http_response_header_trim(header_line, header_line_length) && + *header_line_length == 0) { + /* Only spaces so treat as an empty folding header. */ + return last_header_line_str; + } + + /* Process folding headers if starting with a space or a tab. */ + if (header_line && (*header_line == ' ' || *header_line == '\t')) { + char *http_folded_header_line = header_line; + size_t http_folded_header_line_length = *header_line_length; + /* Remove the leading white spaces. */ + while (*http_folded_header_line == ' ' || *http_folded_header_line == '\t') { + http_folded_header_line++; + http_folded_header_line_length--; + } + /* It has to have some characters because it would get returned after the call + * php_stream_http_response_header_trim above. */ + ZEND_ASSERT(http_folded_header_line_length > 0); + /* Concatenate last header line, space and current header line. */ + zend_string *extended_header_str = zend_string_concat3( + last_header_line, last_header_line_length, + " ", 1, + http_folded_header_line, http_folded_header_line_length); + zend_string_efree(last_header_line_str); + last_header_line_str = extended_header_str; + /* Return new header line. */ + return last_header_line_str; + } + } + + /* Find header separator position. */ + char *last_header_value = memchr(last_header_line, ':', last_header_line_length); + if (last_header_value) { + last_header_value++; /* Skip ':'. */ + + /* Strip leading whitespace. */ + while (last_header_value < last_header_line_end + && (*last_header_value == ' ' || *last_header_value == '\t')) { + last_header_value++; + } + } else { + /* There is no colon. Set the value to the end of the header line, which is effectively + * an empty string. */ + last_header_value = last_header_line_end; + } + + bool store_header = true; + zval *tmpzval = NULL; + + if (!strncasecmp(last_header_line, "Location:", sizeof("Location:")-1)) { + /* Check if the location should be followed. */ + if (context && (tmpzval = php_stream_context_get_option(context, "http", "follow_location")) != NULL) { + header_info->follow_location = zval_is_true(tmpzval); + } else if (!((response_code >= 300 && response_code < 304) + || 307 == response_code || 308 == response_code)) { + /* The redirection should not be automatic if follow_location is not set and + * response_code not in (300, 301, 302, 303 and 307) + * see http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.1 + * RFC 7238 defines 308: http://tools.ietf.org/html/rfc7238 */ + header_info->follow_location = 0; + } + strlcpy(header_info->location, last_header_value, sizeof(header_info->location)); + } else if (!strncasecmp(last_header_line, "Content-Type:", sizeof("Content-Type:")-1)) { + php_stream_notify_info(context, PHP_STREAM_NOTIFY_MIME_TYPE_IS, last_header_value, 0); + } else if (!strncasecmp(last_header_line, "Content-Length:", sizeof("Content-Length:")-1)) { + header_info->file_size = atoi(last_header_value); + php_stream_notify_file_size(context, header_info->file_size, last_header_line, 0); + } else if ( + !strncasecmp(last_header_line, "Transfer-Encoding:", sizeof("Transfer-Encoding:")-1) + && !strncasecmp(last_header_value, "Chunked", sizeof("Chunked")-1) + ) { + /* Create filter to decode response body. */ + if (!(options & STREAM_ONLY_GET_HEADERS)) { + zend_long decode = 1; + + if (context && (tmpzval = php_stream_context_get_option(context, "http", "auto_decode")) != NULL) { + decode = zend_is_true(tmpzval); + } + if (decode) { + if (header_info->transfer_encoding != NULL) { + /* Prevent a memory leak in case there are more transfer-encoding headers. */ + php_stream_filter_free(header_info->transfer_encoding); + } + header_info->transfer_encoding = php_stream_filter_create( + "dechunk", NULL, php_stream_is_persistent(stream)); + if (header_info->transfer_encoding != NULL) { + /* Do not store transfer-encoding header. */ + store_header = false; + } + } + } + } + + if (store_header) { + zval http_header; + ZVAL_NEW_STR(&http_header, last_header_line_str); + zend_hash_next_index_insert(Z_ARRVAL_P(response_header), &http_header); + } else { + zend_string_efree(last_header_line_str); + } + + return NULL; +} + static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, const char *path, const char *mode, int options, zend_string **opened_path, php_stream_context *context, int redirect_max, int flags, @@ -127,11 +292,12 @@ static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, zend_string *tmp = NULL; char *ua_str = NULL; zval *ua_zval = NULL, *tmpzval = NULL, ssl_proxy_peer_name; - char location[HTTP_HEADER_BLOCK_SIZE]; int reqok = 0; char *http_header_line = NULL; + zend_string *last_header_line_str = NULL; + php_stream_http_response_header_info header_info; char tmp_line[128]; - size_t chunk_size = 0, file_size = 0; + size_t chunk_size = 0; int eol_detect = 0; zend_string *transport_string; zend_string *errstr = NULL; @@ -142,8 +308,6 @@ static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, int header_init = ((flags & HTTP_WRAPPER_HEADER_INIT) != 0); int redirected = ((flags & HTTP_WRAPPER_REDIRECTED) != 0); int redirect_keep_method = ((flags & HTTP_WRAPPER_KEEP_METHOD) != 0); - bool follow_location = 1; - php_stream_filter *transfer_encoding = NULL; int response_code; smart_str req_buf = {0}; bool custom_request_method; @@ -653,8 +817,6 @@ static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, /* send it */ php_stream_write(stream, ZSTR_VAL(req_buf.s), ZSTR_LEN(req_buf.s)); - location[0] = '\0'; - if (Z_ISUNDEF_P(response_header)) { array_init(response_header); } @@ -736,130 +898,101 @@ static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, } } - /* read past HTTP headers */ + php_stream_http_response_header_info_init(&header_info); + /* read past HTTP headers */ while (!php_stream_eof(stream)) { size_t http_header_line_length; if (http_header_line != NULL) { efree(http_header_line); } - if ((http_header_line = php_stream_get_line(stream, NULL, 0, &http_header_line_length)) && *http_header_line != '\n' && *http_header_line != '\r') { - char *e = http_header_line + http_header_line_length - 1; - char *http_header_value; - - while (e >= http_header_line && (*e == '\n' || *e == '\r')) { - e--; - } - - /* The primary definition of an HTTP header in RFC 7230 states: - * > Each header field consists of a case-insensitive field name followed - * > by a colon (":"), optional leading whitespace, the field value, and - * > optional trailing whitespace. */ - - /* Strip trailing whitespace */ - while (e >= http_header_line && (*e == ' ' || *e == '\t')) { - e--; - } - - /* Terminate header line */ - e++; - *e = '\0'; - http_header_line_length = e - http_header_line; - - http_header_value = memchr(http_header_line, ':', http_header_line_length); - if (http_header_value) { - http_header_value++; /* Skip ':' */ - - /* Strip leading whitespace */ - while (http_header_value < e - && (*http_header_value == ' ' || *http_header_value == '\t')) { - http_header_value++; + if ((http_header_line = php_stream_get_line(stream, NULL, 0, &http_header_line_length))) { + bool last_line; + if (*http_header_line == '\r') { + if (http_header_line[1] != '\n') { + php_stream_close(stream); + stream = NULL; + php_stream_wrapper_log_error(wrapper, options, + "HTTP invalid header name (cannot start with CR character)!"); + goto out; } + last_line = true; + } else if (*http_header_line == '\n') { + last_line = true; } else { - /* There is no colon. Set the value to the end of the header line, which is - * effectively an empty string. */ - http_header_value = e; + last_line = false; } - - if (!strncasecmp(http_header_line, "Location:", sizeof("Location:")-1)) { - if (context && (tmpzval = php_stream_context_get_option(context, "http", "follow_location")) != NULL) { - follow_location = zval_is_true(tmpzval); - } else if (!((response_code >= 300 && response_code < 304) - || 307 == response_code || 308 == response_code)) { - /* we shouldn't redirect automatically - if follow_location isn't set and response_code not in (300, 301, 302, 303 and 307) - see http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.1 - RFC 7238 defines 308: http://tools.ietf.org/html/rfc7238 */ - follow_location = 0; + + if (last_header_line_str != NULL) { + /* Parse last header line. */ + last_header_line_str = php_stream_http_response_headers_parse(stream, context, + options, last_header_line_str, http_header_line, &http_header_line_length, + response_code, response_header, &header_info); + if (last_header_line_str != NULL) { + /* Folding header present so continue. */ + continue; } - strlcpy(location, http_header_value, sizeof(location)); - } else if (!strncasecmp(http_header_line, "Content-Type:", sizeof("Content-Type:")-1)) { - php_stream_notify_info(context, PHP_STREAM_NOTIFY_MIME_TYPE_IS, http_header_value, 0); - } else if (!strncasecmp(http_header_line, "Content-Length:", sizeof("Content-Length:")-1)) { - file_size = atoi(http_header_value); - php_stream_notify_file_size(context, file_size, http_header_line, 0); - } else if ( - !strncasecmp(http_header_line, "Transfer-Encoding:", sizeof("Transfer-Encoding:")-1) - && !strncasecmp(http_header_value, "Chunked", sizeof("Chunked")-1) - ) { - - /* create filter to decode response body */ - if (!(options & STREAM_ONLY_GET_HEADERS)) { - zend_long decode = 1; - - if (context && (tmpzval = php_stream_context_get_option(context, "http", "auto_decode")) != NULL) { - decode = zend_is_true(tmpzval); - } - if (decode) { - transfer_encoding = php_stream_filter_create("dechunk", NULL, php_stream_is_persistent(stream)); - if (transfer_encoding) { - /* don't store transfer-encodeing header */ - continue; - } - } + } else if (!last_line) { + /* The first line cannot start with spaces. */ + if (*http_header_line == ' ' || *http_header_line == '\t') { + php_stream_close(stream); + stream = NULL; + php_stream_wrapper_log_error(wrapper, options, + "HTTP invalid response format (folding header at the start)!"); + goto out; } + /* Trim the first line if it is not the last line. */ + php_stream_http_response_header_trim(http_header_line, &http_header_line_length); } - - { - zval http_header; - ZVAL_STRINGL(&http_header, http_header_line, http_header_line_length); - zend_hash_next_index_insert(Z_ARRVAL_P(response_header), &http_header); + if (last_line) { + /* For the last line the last header line must be NULL. */ + ZEND_ASSERT(last_header_line_str == NULL); + break; } + /* Save current line as the last line so it gets parsed in the next round. */ + last_header_line_str = zend_string_init(http_header_line, http_header_line_length, 0); } else { break; } } - if (!reqok || (location[0] != '\0' && follow_location)) { - if (!follow_location || (((options & STREAM_ONLY_GET_HEADERS) || ignore_errors) && redirect_max <= 1)) { + /* If the stream was closed early, we still want to process the last line to keep BC. */ + if (last_header_line_str != NULL) { + php_stream_http_response_headers_parse(stream, context, options, last_header_line_str, + NULL, NULL, response_code, response_header, &header_info); + } + + if (!reqok || (header_info.location[0] != '\0' && header_info.follow_location)) { + if (!header_info.follow_location || (((options & STREAM_ONLY_GET_HEADERS) || ignore_errors) && redirect_max <= 1)) { goto out; } - if (location[0] != '\0') - php_stream_notify_info(context, PHP_STREAM_NOTIFY_REDIRECTED, location, 0); + if (header_info.location[0] != '\0') + php_stream_notify_info(context, PHP_STREAM_NOTIFY_REDIRECTED, header_info.location, 0); php_stream_close(stream); stream = NULL; - if (transfer_encoding) { - php_stream_filter_free(transfer_encoding); - transfer_encoding = NULL; + if (header_info.transfer_encoding) { + php_stream_filter_free(header_info.transfer_encoding); + header_info.transfer_encoding = NULL; } - if (location[0] != '\0') { + if (header_info.location[0] != '\0') { char new_path[HTTP_HEADER_BLOCK_SIZE]; char loc_path[HTTP_HEADER_BLOCK_SIZE]; *new_path='\0'; - if (strlen(location)<8 || (strncasecmp(location, "http://", sizeof("http://")-1) && - strncasecmp(location, "https://", sizeof("https://")-1) && - strncasecmp(location, "ftp://", sizeof("ftp://")-1) && - strncasecmp(location, "ftps://", sizeof("ftps://")-1))) + if (strlen(header_info.location) < 8 || + (strncasecmp(header_info.location, "http://", sizeof("http://")-1) && + strncasecmp(header_info.location, "https://", sizeof("https://")-1) && + strncasecmp(header_info.location, "ftp://", sizeof("ftp://")-1) && + strncasecmp(header_info.location, "ftps://", sizeof("ftps://")-1))) { - if (*location != '/') { - if (*(location+1) != '\0' && resource->path) { + if (*header_info.location != '/') { + if (*(header_info.location+1) != '\0' && resource->path) { char *s = strrchr(ZSTR_VAL(resource->path), '/'); if (!s) { s = ZSTR_VAL(resource->path); @@ -875,15 +1008,17 @@ static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, if (resource->path && ZSTR_VAL(resource->path)[0] == '/' && ZSTR_VAL(resource->path)[1] == '\0') { - snprintf(loc_path, sizeof(loc_path) - 1, "%s%s", ZSTR_VAL(resource->path), location); + snprintf(loc_path, sizeof(loc_path) - 1, "%s%s", + ZSTR_VAL(resource->path), header_info.location); } else { - snprintf(loc_path, sizeof(loc_path) - 1, "%s/%s", ZSTR_VAL(resource->path), location); + snprintf(loc_path, sizeof(loc_path) - 1, "%s/%s", + ZSTR_VAL(resource->path), header_info.location); } } else { - snprintf(loc_path, sizeof(loc_path) - 1, "/%s", location); + snprintf(loc_path, sizeof(loc_path) - 1, "/%s", header_info.location); } } else { - strlcpy(loc_path, location, sizeof(loc_path)); + strlcpy(loc_path, header_info.location, sizeof(loc_path)); } if ((use_ssl && resource->port != 443) || (!use_ssl && resource->port != 80)) { snprintf(new_path, sizeof(new_path) - 1, "%s://%s:%d%s", ZSTR_VAL(resource->scheme), ZSTR_VAL(resource->host), resource->port, loc_path); @@ -891,7 +1026,7 @@ static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, snprintf(new_path, sizeof(new_path) - 1, "%s://%s%s", ZSTR_VAL(resource->scheme), ZSTR_VAL(resource->host), loc_path); } } else { - strlcpy(new_path, location, sizeof(new_path)); + strlcpy(new_path, header_info.location, sizeof(new_path)); } php_url_free(resource); @@ -951,7 +1086,7 @@ static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, if (header_init) { ZVAL_COPY(&stream->wrapperdata, response_header); } - php_stream_notify_progress_init(context, 0, file_size); + php_stream_notify_progress_init(context, 0, header_info.file_size); /* Restore original chunk size now that we're done with headers */ if (options & STREAM_WILL_CAST) @@ -967,8 +1102,8 @@ static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, /* restore mode */ strlcpy(stream->mode, mode, sizeof(stream->mode)); - if (transfer_encoding) { - php_stream_filter_append(&stream->readfilters, transfer_encoding); + if (header_info.transfer_encoding) { + php_stream_filter_append(&stream->readfilters, header_info.transfer_encoding); } /* It's possible that the server already sent in more data than just the headers. diff --git a/ext/standard/tests/http/ghsa-v8xr-gpvj-cx9g-001.phpt b/ext/standard/tests/http/ghsa-v8xr-gpvj-cx9g-001.phpt new file mode 100644 index 000000000000..f935b5a02ca9 --- /dev/null +++ b/ext/standard/tests/http/ghsa-v8xr-gpvj-cx9g-001.phpt @@ -0,0 +1,49 @@ +--TEST-- +GHSA-v8xr-gpvj-cx9g: Header parser of http stream wrapper does not handle folded headers (single) +--FILE-- + [ + "tcp_nodelay" => true + ] + ]); + + $server = stream_socket_server( + "tcp://127.0.0.1:0", $errno, $errstr, STREAM_SERVER_BIND | STREAM_SERVER_LISTEN, $ctxt); + phpt_notify_server_start($server); + + $conn = stream_socket_accept($server); + + phpt_notify(message:"server-accepted"); + + fwrite($conn, "HTTP/1.0 200 Ok\r\nContent-Type: text/html;\r\n charset=utf-8\r\n\r\nbody\r\n"); +CODE; + +$clientCode = <<<'CODE' + function stream_notification_callback($notification_code, $severity, $message, $message_code, $bytes_transferred, $bytes_max) { + switch($notification_code) { + case STREAM_NOTIFY_MIME_TYPE_IS: + echo "Found the mime-type: ", $message, PHP_EOL; + break; + } + } + + $ctx = stream_context_create(); + stream_context_set_params($ctx, array("notification" => "stream_notification_callback")); + var_dump(trim(file_get_contents("http://{{ ADDR }}", false, $ctx))); + var_dump($http_response_header); +CODE; + +include sprintf("%s/../../../openssl/tests/ServerClientTestCase.inc", __DIR__); +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); +?> +--EXPECTF-- +Found the mime-type: text/html; charset=utf-8 +string(4) "body" +array(2) { + [0]=> + string(15) "HTTP/1.0 200 Ok" + [1]=> + string(38) "Content-Type: text/html; charset=utf-8" +} diff --git a/ext/standard/tests/http/ghsa-v8xr-gpvj-cx9g-002.phpt b/ext/standard/tests/http/ghsa-v8xr-gpvj-cx9g-002.phpt new file mode 100644 index 000000000000..078d605b6718 --- /dev/null +++ b/ext/standard/tests/http/ghsa-v8xr-gpvj-cx9g-002.phpt @@ -0,0 +1,51 @@ +--TEST-- +GHSA-v8xr-gpvj-cx9g: Header parser of http stream wrapper does not handle folded headers (multiple) +--FILE-- + [ + "tcp_nodelay" => true + ] + ]); + + $server = stream_socket_server( + "tcp://127.0.0.1:0", $errno, $errstr, STREAM_SERVER_BIND | STREAM_SERVER_LISTEN, $ctxt); + phpt_notify_server_start($server); + + $conn = stream_socket_accept($server); + + phpt_notify(message:"server-accepted"); + + fwrite($conn, "HTTP/1.0 200 Ok\r\nContent-Type: text/html;\r\nCustom-Header: somevalue;\r\n param1=value1; \r\n param2=value2\r\n\r\nbody\r\n"); +CODE; + +$clientCode = <<<'CODE' + function stream_notification_callback($notification_code, $severity, $message, $message_code, $bytes_transferred, $bytes_max) { + switch($notification_code) { + case STREAM_NOTIFY_MIME_TYPE_IS: + echo "Found the mime-type: ", $message, PHP_EOL; + break; + } + } + + $ctx = stream_context_create(); + stream_context_set_params($ctx, array("notification" => "stream_notification_callback")); + var_dump(trim(file_get_contents("http://{{ ADDR }}", false, $ctx))); + var_dump($http_response_header); +CODE; + +include sprintf("%s/../../../openssl/tests/ServerClientTestCase.inc", __DIR__); +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); +?> +--EXPECTF-- +Found the mime-type: text/html; +string(4) "body" +array(3) { + [0]=> + string(15) "HTTP/1.0 200 Ok" + [1]=> + string(24) "Content-Type: text/html;" + [2]=> + string(54) "Custom-Header: somevalue; param1=value1; param2=value2" +} diff --git a/ext/standard/tests/http/ghsa-v8xr-gpvj-cx9g-003.phpt b/ext/standard/tests/http/ghsa-v8xr-gpvj-cx9g-003.phpt new file mode 100644 index 000000000000..ad5ddc879cea --- /dev/null +++ b/ext/standard/tests/http/ghsa-v8xr-gpvj-cx9g-003.phpt @@ -0,0 +1,49 @@ +--TEST-- +GHSA-v8xr-gpvj-cx9g: Header parser of http stream wrapper does not handle folded headers (empty) +--FILE-- + [ + "tcp_nodelay" => true + ] + ]); + + $server = stream_socket_server( + "tcp://127.0.0.1:0", $errno, $errstr, STREAM_SERVER_BIND | STREAM_SERVER_LISTEN, $ctxt); + phpt_notify_server_start($server); + + $conn = stream_socket_accept($server); + + phpt_notify(message:"server-accepted"); + + fwrite($conn, "HTTP/1.0 200 Ok\r\nContent-Type: text/html;\r\n \r\n charset=utf-8\r\n\r\nbody\r\n"); +CODE; + +$clientCode = <<<'CODE' + function stream_notification_callback($notification_code, $severity, $message, $message_code, $bytes_transferred, $bytes_max) { + switch($notification_code) { + case STREAM_NOTIFY_MIME_TYPE_IS: + echo "Found the mime-type: ", $message, PHP_EOL; + break; + } + } + + $ctx = stream_context_create(); + stream_context_set_params($ctx, array("notification" => "stream_notification_callback")); + var_dump(trim(file_get_contents("http://{{ ADDR }}", false, $ctx))); + var_dump($http_response_header); +CODE; + +include sprintf("%s/../../../openssl/tests/ServerClientTestCase.inc", __DIR__); +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); +?> +--EXPECTF-- +Found the mime-type: text/html; charset=utf-8 +string(4) "body" +array(2) { + [0]=> + string(15) "HTTP/1.0 200 Ok" + [1]=> + string(38) "Content-Type: text/html; charset=utf-8" +} diff --git a/ext/standard/tests/http/ghsa-v8xr-gpvj-cx9g-004.phpt b/ext/standard/tests/http/ghsa-v8xr-gpvj-cx9g-004.phpt new file mode 100644 index 000000000000..d0396e819fbd --- /dev/null +++ b/ext/standard/tests/http/ghsa-v8xr-gpvj-cx9g-004.phpt @@ -0,0 +1,48 @@ +--TEST-- +GHSA-v8xr-gpvj-cx9g: Header parser of http stream wrapper does not handle folded headers (first line) +--FILE-- + [ + "tcp_nodelay" => true + ] + ]); + + $server = stream_socket_server( + "tcp://127.0.0.1:0", $errno, $errstr, STREAM_SERVER_BIND | STREAM_SERVER_LISTEN, $ctxt); + phpt_notify_server_start($server); + + $conn = stream_socket_accept($server); + + phpt_notify(message:"server-accepted"); + + fwrite($conn, "HTTP/1.0 200 Ok\r\n Content-Type: text/html;\r\n \r\n charset=utf-8\r\n\r\nbody\r\n"); +CODE; + +$clientCode = <<<'CODE' + function stream_notification_callback($notification_code, $severity, $message, $message_code, $bytes_transferred, $bytes_max) { + switch($notification_code) { + case STREAM_NOTIFY_MIME_TYPE_IS: + echo "Found the mime-type: ", $message, PHP_EOL; + break; + } + } + + $ctx = stream_context_create(); + stream_context_set_params($ctx, array("notification" => "stream_notification_callback")); + var_dump(file_get_contents("http://{{ ADDR }}", false, $ctx)); + var_dump($http_response_header); +CODE; + +include sprintf("%s/../../../openssl/tests/ServerClientTestCase.inc", __DIR__); +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); +?> +--EXPECTF-- + +Warning: file_get_contents(http://127.0.0.1:%d): Failed to open stream: HTTP invalid response format (folding header at the start)! in %s +bool(false) +array(1) { + [0]=> + string(15) "HTTP/1.0 200 Ok" +} diff --git a/ext/standard/tests/http/ghsa-v8xr-gpvj-cx9g-005.phpt b/ext/standard/tests/http/ghsa-v8xr-gpvj-cx9g-005.phpt new file mode 100644 index 000000000000..037d2002cc53 --- /dev/null +++ b/ext/standard/tests/http/ghsa-v8xr-gpvj-cx9g-005.phpt @@ -0,0 +1,48 @@ +--TEST-- +GHSA-v8xr-gpvj-cx9g: Header parser of http stream wrapper does not handle folded headers (CR before header name) +--FILE-- + [ + "tcp_nodelay" => true + ] + ]); + + $server = stream_socket_server( + "tcp://127.0.0.1:0", $errno, $errstr, STREAM_SERVER_BIND | STREAM_SERVER_LISTEN, $ctxt); + phpt_notify_server_start($server); + + $conn = stream_socket_accept($server); + + phpt_notify(message:"server-accepted"); + + fwrite($conn, "HTTP/1.0 200 Ok\r\n\rIgnored: ignored\r\n\r\nbody\r\n"); +CODE; + +$clientCode = <<<'CODE' + function stream_notification_callback($notification_code, $severity, $message, $message_code, $bytes_transferred, $bytes_max) { + switch($notification_code) { + case STREAM_NOTIFY_MIME_TYPE_IS: + echo "Found the mime-type: ", $message, PHP_EOL; + break; + } + } + + $ctx = stream_context_create(); + stream_context_set_params($ctx, array("notification" => "stream_notification_callback")); + var_dump(file_get_contents("http://{{ ADDR }}", false, $ctx)); + var_dump($http_response_header); +CODE; + +include sprintf("%s/../../../openssl/tests/ServerClientTestCase.inc", __DIR__); +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); +?> +--EXPECTF-- + +Warning: file_get_contents(http://127.0.0.1:%d): Failed to open stream: HTTP invalid header name (cannot start with CR character)! in %s +bool(false) +array(1) { + [0]=> + string(15) "HTTP/1.0 200 Ok" +} diff --git a/ext/standard/tests/http/http_response_header_05.phpt b/ext/standard/tests/http/http_response_header_05.phpt deleted file mode 100644 index c5fe60fa612b..000000000000 --- a/ext/standard/tests/http/http_response_header_05.phpt +++ /dev/null @@ -1,30 +0,0 @@ ---TEST-- -$http_reponse_header (whitespace-only "header") ---SKIPIF-- - ---INI-- -allow_url_fopen=1 ---FILE-- - $pid, 'uri' => $uri] = http_server($responses, $output); - -$f = file_get_contents($uri); -var_dump($f); -var_dump($http_response_header); - -http_server_kill($pid); - ---EXPECT-- -string(4) "Body" -array(2) { - [0]=> - string(15) "HTTP/1.0 200 Ok" - [1]=> - string(0) "" -} From 0548c4c1756724a89ef8310709419b08aadb2b3b Mon Sep 17 00:00:00 2001 From: Jakub Zelenka Date: Sun, 19 Jan 2025 17:49:53 +0100 Subject: [PATCH 43/52] Fix GHSA-pcmh-g36c-qc44: http headers without colon MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The header line must contain colon otherwise it is invalid and it needs to fail. Reviewed-by: Tim Düsterhus --- ext/standard/http_fopen_wrapper.c | 51 ++++++++++++++----- ext/standard/tests/http/bug47021.phpt | 22 ++++---- ext/standard/tests/http/bug75535.phpt | 4 +- .../tests/http/ghsa-pcmh-g36c-qc44-001.phpt | 51 +++++++++++++++++++ .../tests/http/ghsa-pcmh-g36c-qc44-002.phpt | 51 +++++++++++++++++++ 5 files changed, 154 insertions(+), 25 deletions(-) create mode 100644 ext/standard/tests/http/ghsa-pcmh-g36c-qc44-001.phpt create mode 100644 ext/standard/tests/http/ghsa-pcmh-g36c-qc44-002.phpt diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c index 66f356222b4e..66daa9134afb 100644 --- a/ext/standard/http_fopen_wrapper.c +++ b/ext/standard/http_fopen_wrapper.c @@ -118,6 +118,7 @@ static bool check_has_header(const char *headers, const char *header) { typedef struct _php_stream_http_response_header_info { php_stream_filter *transfer_encoding; size_t file_size; + bool error; bool follow_location; char location[HTTP_HEADER_BLOCK_SIZE]; } php_stream_http_response_header_info; @@ -127,6 +128,7 @@ static void php_stream_http_response_header_info_init( { header_info->transfer_encoding = NULL; header_info->file_size = 0; + header_info->error = false; header_info->follow_location = 1; header_info->location[0] = '\0'; } @@ -164,10 +166,11 @@ static bool php_stream_http_response_header_trim(char *http_header_line, /* Process folding headers of the current line and if there are none, parse last full response * header line. It returns NULL if the last header is finished, otherwise it returns updated * last header line. */ -static zend_string *php_stream_http_response_headers_parse(php_stream *stream, - php_stream_context *context, int options, zend_string *last_header_line_str, - char *header_line, size_t *header_line_length, int response_code, - zval *response_header, php_stream_http_response_header_info *header_info) +static zend_string *php_stream_http_response_headers_parse(php_stream_wrapper *wrapper, + php_stream *stream, php_stream_context *context, int options, + zend_string *last_header_line_str, char *header_line, size_t *header_line_length, + int response_code, zval *response_header, + php_stream_http_response_header_info *header_info) { char *last_header_line = ZSTR_VAL(last_header_line_str); size_t last_header_line_length = ZSTR_LEN(last_header_line_str); @@ -209,6 +212,19 @@ static zend_string *php_stream_http_response_headers_parse(php_stream *stream, /* Find header separator position. */ char *last_header_value = memchr(last_header_line, ':', last_header_line_length); if (last_header_value) { + /* Verify there is no space in header name */ + char *last_header_name = last_header_line + 1; + while (last_header_name < last_header_value) { + if (*last_header_name == ' ' || *last_header_name == '\t') { + header_info->error = true; + php_stream_wrapper_log_error(wrapper, options, + "HTTP invalid response format (space in header name)!"); + zend_string_efree(last_header_line_str); + return NULL; + } + ++last_header_name; + } + last_header_value++; /* Skip ':'. */ /* Strip leading whitespace. */ @@ -217,9 +233,12 @@ static zend_string *php_stream_http_response_headers_parse(php_stream *stream, last_header_value++; } } else { - /* There is no colon. Set the value to the end of the header line, which is effectively - * an empty string. */ - last_header_value = last_header_line_end; + /* There is no colon which means invalid response so error. */ + header_info->error = true; + php_stream_wrapper_log_error(wrapper, options, + "HTTP invalid response format (no colon in header line)!"); + zend_string_efree(last_header_line_str); + return NULL; } bool store_header = true; @@ -926,10 +945,16 @@ static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, if (last_header_line_str != NULL) { /* Parse last header line. */ - last_header_line_str = php_stream_http_response_headers_parse(stream, context, - options, last_header_line_str, http_header_line, &http_header_line_length, - response_code, response_header, &header_info); - if (last_header_line_str != NULL) { + last_header_line_str = php_stream_http_response_headers_parse(wrapper, stream, + context, options, last_header_line_str, http_header_line, + &http_header_line_length, response_code, response_header, &header_info); + if (EXPECTED(last_header_line_str == NULL)) { + if (UNEXPECTED(header_info.error)) { + php_stream_close(stream); + stream = NULL; + goto out; + } + } else { /* Folding header present so continue. */ continue; } @@ -959,8 +984,8 @@ static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, /* If the stream was closed early, we still want to process the last line to keep BC. */ if (last_header_line_str != NULL) { - php_stream_http_response_headers_parse(stream, context, options, last_header_line_str, - NULL, NULL, response_code, response_header, &header_info); + php_stream_http_response_headers_parse(wrapper, stream, context, options, + last_header_line_str, NULL, NULL, response_code, response_header, &header_info); } if (!reqok || (header_info.location[0] != '\0' && header_info.follow_location)) { diff --git a/ext/standard/tests/http/bug47021.phpt b/ext/standard/tests/http/bug47021.phpt index 326eceb687a5..168721f4ec1b 100644 --- a/ext/standard/tests/http/bug47021.phpt +++ b/ext/standard/tests/http/bug47021.phpt @@ -70,23 +70,27 @@ do_test(1, true); echo "\n"; ?> ---EXPECT-- +--EXPECTF-- + Type='text/plain' Hello -Size=5 -World + +Warning: file_get_contents(http://%s:%d): Failed to open stream: HTTP invalid response format (no colon in header line)! in %s + Type='text/plain' Hello -Size=5 -World + +Warning: file_get_contents(http://%s:%d): Failed to open stream: HTTP invalid response format (no colon in header line)! in %s + Type='text/plain' Hello -Size=5 -World + +Warning: file_get_contents(http://%s:%d): Failed to open stream: HTTP invalid response format (no colon in header line)! in %s + Type='text/plain' Hello -Size=5 -World + +Warning: file_get_contents(http://%s:%d): Failed to open stream: HTTP invalid response format (no colon in header line)! in %s diff --git a/ext/standard/tests/http/bug75535.phpt b/ext/standard/tests/http/bug75535.phpt index 7b015890d2f5..94348d1a027a 100644 --- a/ext/standard/tests/http/bug75535.phpt +++ b/ext/standard/tests/http/bug75535.phpt @@ -21,9 +21,7 @@ http_server_kill($pid); --EXPECT-- string(0) "" -array(2) { +array(1) { [0]=> string(15) "HTTP/1.0 200 Ok" - [1]=> - string(14) "Content-Length" } diff --git a/ext/standard/tests/http/ghsa-pcmh-g36c-qc44-001.phpt b/ext/standard/tests/http/ghsa-pcmh-g36c-qc44-001.phpt new file mode 100644 index 000000000000..bb7945ce62d0 --- /dev/null +++ b/ext/standard/tests/http/ghsa-pcmh-g36c-qc44-001.phpt @@ -0,0 +1,51 @@ +--TEST-- +GHSA-pcmh-g36c-qc44: Header parser of http stream wrapper does not verify header name and colon (colon) +--FILE-- + [ + "tcp_nodelay" => true + ] + ]); + + $server = stream_socket_server( + "tcp://127.0.0.1:0", $errno, $errstr, STREAM_SERVER_BIND | STREAM_SERVER_LISTEN, $ctxt); + phpt_notify_server_start($server); + + $conn = stream_socket_accept($server); + + phpt_notify(message:"server-accepted"); + + fwrite($conn, "HTTP/1.0 200 Ok\r\nContent-Type: text/html\r\nWrong-Header\r\nGood-Header: test\r\n\r\nbody\r\n"); +CODE; + +$clientCode = <<<'CODE' + function stream_notification_callback($notification_code, $severity, $message, $message_code, $bytes_transferred, $bytes_max) { + switch($notification_code) { + case STREAM_NOTIFY_MIME_TYPE_IS: + echo "Found the mime-type: ", $message, PHP_EOL; + break; + } + } + + $ctx = stream_context_create(); + stream_context_set_params($ctx, array("notification" => "stream_notification_callback")); + var_dump(file_get_contents("http://{{ ADDR }}", false, $ctx)); + var_dump($http_response_header); +CODE; + +include sprintf("%s/../../../openssl/tests/ServerClientTestCase.inc", __DIR__); +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); +?> +--EXPECTF-- +Found the mime-type: text/html + +Warning: file_get_contents(http://127.0.0.1:%d): Failed to open stream: HTTP invalid response format (no colon in header line)! in %s +bool(false) +array(2) { + [0]=> + string(15) "HTTP/1.0 200 Ok" + [1]=> + string(23) "Content-Type: text/html" +} diff --git a/ext/standard/tests/http/ghsa-pcmh-g36c-qc44-002.phpt b/ext/standard/tests/http/ghsa-pcmh-g36c-qc44-002.phpt new file mode 100644 index 000000000000..1d0e4fa70a2c --- /dev/null +++ b/ext/standard/tests/http/ghsa-pcmh-g36c-qc44-002.phpt @@ -0,0 +1,51 @@ +--TEST-- +GHSA-pcmh-g36c-qc44: Header parser of http stream wrapper does not verify header name and colon (name) +--FILE-- + [ + "tcp_nodelay" => true + ] + ]); + + $server = stream_socket_server( + "tcp://127.0.0.1:0", $errno, $errstr, STREAM_SERVER_BIND | STREAM_SERVER_LISTEN, $ctxt); + phpt_notify_server_start($server); + + $conn = stream_socket_accept($server); + + phpt_notify(message:"server-accepted"); + + fwrite($conn, "HTTP/1.0 200 Ok\r\nContent-Type: text/html\r\nWrong-Header : test\r\nGood-Header: test\r\n\r\nbody\r\n"); +CODE; + +$clientCode = <<<'CODE' + function stream_notification_callback($notification_code, $severity, $message, $message_code, $bytes_transferred, $bytes_max) { + switch($notification_code) { + case STREAM_NOTIFY_MIME_TYPE_IS: + echo "Found the mime-type: ", $message, PHP_EOL; + break; + } + } + + $ctx = stream_context_create(); + stream_context_set_params($ctx, array("notification" => "stream_notification_callback")); + var_dump(file_get_contents("http://{{ ADDR }}", false, $ctx)); + var_dump($http_response_header); +CODE; + +include sprintf("%s/../../../openssl/tests/ServerClientTestCase.inc", __DIR__); +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); +?> +--EXPECTF-- +Found the mime-type: text/html + +Warning: file_get_contents(http://127.0.0.1:%d): Failed to open stream: HTTP invalid response format (space in header name)! in %s +bool(false) +array(2) { + [0]=> + string(15) "HTTP/1.0 200 Ok" + [1]=> + string(23) "Content-Type: text/html" +} From ac1a054bb3eb5994a199e8b18cca28cbabf5943e Mon Sep 17 00:00:00 2001 From: Jakub Zelenka Date: Tue, 4 Mar 2025 09:01:34 +0100 Subject: [PATCH 44/52] Fix GHSA-52jp-hrpf-2jff: http redirect location truncation It converts the allocation of location to be on heap instead of stack and errors if the location length is greater than 8086 bytes. --- ext/standard/http_fopen_wrapper.c | 87 ++++++++++++------- .../tests/http/ghsa-52jp-hrpf-2jff-001.phpt | 58 +++++++++++++ .../tests/http/ghsa-52jp-hrpf-2jff-002.phpt | 55 ++++++++++++ 3 files changed, 168 insertions(+), 32 deletions(-) create mode 100644 ext/standard/tests/http/ghsa-52jp-hrpf-2jff-001.phpt create mode 100644 ext/standard/tests/http/ghsa-52jp-hrpf-2jff-002.phpt diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c index 66daa9134afb..dbed175d0642 100644 --- a/ext/standard/http_fopen_wrapper.c +++ b/ext/standard/http_fopen_wrapper.c @@ -67,15 +67,16 @@ #include "php_fopen_wrappers.h" -#define HTTP_HEADER_BLOCK_SIZE 1024 -#define PHP_URL_REDIRECT_MAX 20 -#define HTTP_HEADER_USER_AGENT 1 -#define HTTP_HEADER_HOST 2 -#define HTTP_HEADER_AUTH 4 -#define HTTP_HEADER_FROM 8 -#define HTTP_HEADER_CONTENT_LENGTH 16 -#define HTTP_HEADER_TYPE 32 -#define HTTP_HEADER_CONNECTION 64 +#define HTTP_HEADER_BLOCK_SIZE 1024 +#define HTTP_HEADER_MAX_LOCATION_SIZE 8182 /* 8192 - 10 (size of "Location: ") */ +#define PHP_URL_REDIRECT_MAX 20 +#define HTTP_HEADER_USER_AGENT 1 +#define HTTP_HEADER_HOST 2 +#define HTTP_HEADER_AUTH 4 +#define HTTP_HEADER_FROM 8 +#define HTTP_HEADER_CONTENT_LENGTH 16 +#define HTTP_HEADER_TYPE 32 +#define HTTP_HEADER_CONNECTION 64 #define HTTP_WRAPPER_HEADER_INIT 1 #define HTTP_WRAPPER_REDIRECTED 2 @@ -120,17 +121,15 @@ typedef struct _php_stream_http_response_header_info { size_t file_size; bool error; bool follow_location; - char location[HTTP_HEADER_BLOCK_SIZE]; + char *location; + size_t location_len; } php_stream_http_response_header_info; static void php_stream_http_response_header_info_init( php_stream_http_response_header_info *header_info) { - header_info->transfer_encoding = NULL; - header_info->file_size = 0; - header_info->error = false; + memset(header_info, 0, sizeof(php_stream_http_response_header_info)); header_info->follow_location = 1; - header_info->location[0] = '\0'; } /* Trim white spaces from response header line and update its length */ @@ -256,7 +255,22 @@ static zend_string *php_stream_http_response_headers_parse(php_stream_wrapper *w * RFC 7238 defines 308: http://tools.ietf.org/html/rfc7238 */ header_info->follow_location = 0; } - strlcpy(header_info->location, last_header_value, sizeof(header_info->location)); + size_t last_header_value_len = strlen(last_header_value); + if (last_header_value_len > HTTP_HEADER_MAX_LOCATION_SIZE) { + header_info->error = true; + php_stream_wrapper_log_error(wrapper, options, + "HTTP Location header size is over the limit of %d bytes", + HTTP_HEADER_MAX_LOCATION_SIZE); + zend_string_efree(last_header_line_str); + return NULL; + } + if (header_info->location_len == 0) { + header_info->location = emalloc(last_header_value_len + 1); + } else if (header_info->location_len <= last_header_value_len) { + header_info->location = erealloc(header_info->location, last_header_value_len + 1); + } + header_info->location_len = last_header_value_len; + memcpy(header_info->location, last_header_value, last_header_value_len + 1); } else if (!strncasecmp(last_header_line, "Content-Type:", sizeof("Content-Type:")-1)) { php_stream_notify_info(context, PHP_STREAM_NOTIFY_MIME_TYPE_IS, last_header_value, 0); } else if (!strncasecmp(last_header_line, "Content-Length:", sizeof("Content-Length:")-1)) { @@ -536,6 +550,8 @@ static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, } } + php_stream_http_response_header_info_init(&header_info); + if (stream == NULL) goto out; @@ -917,8 +933,6 @@ static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, } } - php_stream_http_response_header_info_init(&header_info); - /* read past HTTP headers */ while (!php_stream_eof(stream)) { size_t http_header_line_length; @@ -988,12 +1002,12 @@ static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, last_header_line_str, NULL, NULL, response_code, response_header, &header_info); } - if (!reqok || (header_info.location[0] != '\0' && header_info.follow_location)) { + if (!reqok || (header_info.location != NULL && header_info.follow_location)) { if (!header_info.follow_location || (((options & STREAM_ONLY_GET_HEADERS) || ignore_errors) && redirect_max <= 1)) { goto out; } - if (header_info.location[0] != '\0') + if (header_info.location != NULL) php_stream_notify_info(context, PHP_STREAM_NOTIFY_REDIRECTED, header_info.location, 0); php_stream_close(stream); @@ -1004,18 +1018,17 @@ static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, header_info.transfer_encoding = NULL; } - if (header_info.location[0] != '\0') { + if (header_info.location != NULL) { - char new_path[HTTP_HEADER_BLOCK_SIZE]; - char loc_path[HTTP_HEADER_BLOCK_SIZE]; + char *new_path = NULL; - *new_path='\0'; if (strlen(header_info.location) < 8 || (strncasecmp(header_info.location, "http://", sizeof("http://")-1) && strncasecmp(header_info.location, "https://", sizeof("https://")-1) && strncasecmp(header_info.location, "ftp://", sizeof("ftp://")-1) && strncasecmp(header_info.location, "ftps://", sizeof("ftps://")-1))) { + char *loc_path = NULL; if (*header_info.location != '/') { if (*(header_info.location+1) != '\0' && resource->path) { char *s = strrchr(ZSTR_VAL(resource->path), '/'); @@ -1033,31 +1046,35 @@ static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, if (resource->path && ZSTR_VAL(resource->path)[0] == '/' && ZSTR_VAL(resource->path)[1] == '\0') { - snprintf(loc_path, sizeof(loc_path) - 1, "%s%s", - ZSTR_VAL(resource->path), header_info.location); + spprintf(&loc_path, 0, "%s%s", ZSTR_VAL(resource->path), header_info.location); } else { - snprintf(loc_path, sizeof(loc_path) - 1, "%s/%s", - ZSTR_VAL(resource->path), header_info.location); + spprintf(&loc_path, 0, "%s/%s", ZSTR_VAL(resource->path), header_info.location); } } else { - snprintf(loc_path, sizeof(loc_path) - 1, "/%s", header_info.location); + spprintf(&loc_path, 0, "/%s", header_info.location); } } else { - strlcpy(loc_path, header_info.location, sizeof(loc_path)); + loc_path = header_info.location; + header_info.location = NULL; } if ((use_ssl && resource->port != 443) || (!use_ssl && resource->port != 80)) { - snprintf(new_path, sizeof(new_path) - 1, "%s://%s:%d%s", ZSTR_VAL(resource->scheme), ZSTR_VAL(resource->host), resource->port, loc_path); + spprintf(&new_path, 0, "%s://%s:%d%s", ZSTR_VAL(resource->scheme), + ZSTR_VAL(resource->host), resource->port, loc_path); } else { - snprintf(new_path, sizeof(new_path) - 1, "%s://%s%s", ZSTR_VAL(resource->scheme), ZSTR_VAL(resource->host), loc_path); + spprintf(&new_path, 0, "%s://%s%s", ZSTR_VAL(resource->scheme), + ZSTR_VAL(resource->host), loc_path); } + efree(loc_path); } else { - strlcpy(new_path, header_info.location, sizeof(new_path)); + new_path = header_info.location; + header_info.location = NULL; } php_url_free(resource); /* check for invalid redirection URLs */ if ((resource = php_url_parse(new_path)) == NULL) { php_stream_wrapper_log_error(wrapper, options, "Invalid redirect URL! %s", new_path); + efree(new_path); goto out; } @@ -1069,6 +1086,7 @@ static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, while (s < e) { \ if (iscntrl(*s)) { \ php_stream_wrapper_log_error(wrapper, options, "Invalid redirect URL! %s", new_path); \ + efree(new_path); \ goto out; \ } \ s++; \ @@ -1091,6 +1109,7 @@ static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, stream = php_stream_url_wrap_http_ex( wrapper, new_path, mode, options, opened_path, context, --redirect_max, new_flags, response_header STREAMS_CC); + efree(new_path); } else { php_stream_wrapper_log_error(wrapper, options, "HTTP request failed! %s", tmp_line); } @@ -1103,6 +1122,10 @@ static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, efree(http_header_line); } + if (header_info.location != NULL) { + efree(header_info.location); + } + if (resource) { php_url_free(resource); } diff --git a/ext/standard/tests/http/ghsa-52jp-hrpf-2jff-001.phpt b/ext/standard/tests/http/ghsa-52jp-hrpf-2jff-001.phpt new file mode 100644 index 000000000000..744cff9cc72f --- /dev/null +++ b/ext/standard/tests/http/ghsa-52jp-hrpf-2jff-001.phpt @@ -0,0 +1,58 @@ +--TEST-- +GHSA-52jp-hrpf-2jff: HTTP stream wrapper truncate redirect location to 1024 bytes (success) +--FILE-- + [ + "tcp_nodelay" => true + ] + ]); + + $server = stream_socket_server( + "tcp://127.0.0.1:0", $errno, $errstr, STREAM_SERVER_BIND | STREAM_SERVER_LISTEN, $ctxt); + phpt_notify_server_start($server); + + $conn = stream_socket_accept($server); + + phpt_notify(message:"server-accepted"); + + $loc = str_repeat("y", 8000); + fwrite($conn, "HTTP/1.0 301 Ok\r\nContent-Type: text/html;\r\nLocation: $loc\r\n\r\nbody\r\n"); +CODE; + +$clientCode = <<<'CODE' + function stream_notification_callback($notification_code, $severity, $message, $message_code, $bytes_transferred, $bytes_max) { + switch($notification_code) { + case STREAM_NOTIFY_MIME_TYPE_IS: + echo "Found the mime-type: ", $message, PHP_EOL; + break; + case STREAM_NOTIFY_REDIRECTED: + echo "Redirected: "; + var_dump($message); + } + } + + $ctx = stream_context_create(); + stream_context_set_params($ctx, array("notification" => "stream_notification_callback")); + var_dump(trim(file_get_contents("http://{{ ADDR }}", false, $ctx))); + var_dump($http_response_header); +CODE; + +include sprintf("%s/../../../openssl/tests/ServerClientTestCase.inc", __DIR__); +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); +?> +--EXPECTF-- +Found the mime-type: text/html; +Redirected: string(8000) "%s" + +Warning: file_get_contents(http://127.0.0.1:%d): Failed to open stream: %s +string(0) "" +array(3) { + [0]=> + string(15) "HTTP/1.0 301 Ok" + [1]=> + string(24) "Content-Type: text/html;" + [2]=> + string(8010) "Location: %s" +} diff --git a/ext/standard/tests/http/ghsa-52jp-hrpf-2jff-002.phpt b/ext/standard/tests/http/ghsa-52jp-hrpf-2jff-002.phpt new file mode 100644 index 000000000000..bc71fd4e4116 --- /dev/null +++ b/ext/standard/tests/http/ghsa-52jp-hrpf-2jff-002.phpt @@ -0,0 +1,55 @@ +--TEST-- +GHSA-52jp-hrpf-2jff: HTTP stream wrapper truncate redirect location to 1024 bytes (over limit) +--FILE-- + [ + "tcp_nodelay" => true + ] + ]); + + $server = stream_socket_server( + "tcp://127.0.0.1:0", $errno, $errstr, STREAM_SERVER_BIND | STREAM_SERVER_LISTEN, $ctxt); + phpt_notify_server_start($server); + + $conn = stream_socket_accept($server); + + phpt_notify(message:"server-accepted"); + + $loc = str_repeat("y", 9000); + fwrite($conn, "HTTP/1.0 301 Ok\r\nContent-Type: text/html;\r\nLocation: $loc\r\n\r\nbody\r\n"); +CODE; + +$clientCode = <<<'CODE' + function stream_notification_callback($notification_code, $severity, $message, $message_code, $bytes_transferred, $bytes_max) { + switch($notification_code) { + case STREAM_NOTIFY_MIME_TYPE_IS: + echo "Found the mime-type: ", $message, PHP_EOL; + break; + case STREAM_NOTIFY_REDIRECTED: + echo "Redirected: "; + var_dump($message); + } + } + + $ctx = stream_context_create(); + stream_context_set_params($ctx, array("notification" => "stream_notification_callback")); + var_dump(trim(file_get_contents("http://{{ ADDR }}", false, $ctx))); + var_dump($http_response_header); +CODE; + +include sprintf("%s/../../../openssl/tests/ServerClientTestCase.inc", __DIR__); +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); +?> +--EXPECTF-- +Found the mime-type: text/html; + +Warning: file_get_contents(http://127.0.0.1:%d): Failed to open stream: HTTP Location header size is over the limit of 8182 bytes in %s +string(0) "" +array(2) { + [0]=> + string(15) "HTTP/1.0 301 Ok" + [1]=> + string(24) "Content-Type: text/html;" +} From 41d49abbd99dab06cdae4834db664435f8177174 Mon Sep 17 00:00:00 2001 From: Jakub Zelenka Date: Fri, 14 Feb 2025 19:17:22 +0100 Subject: [PATCH 45/52] Fix GHSA-hgf5-96fm-v528: http user header check of crlf --- ext/standard/http_fopen_wrapper.c | 2 +- .../tests/http/ghsa-hgf5-96fm-v528-001.phpt | 65 +++++++++++++++++++ .../tests/http/ghsa-hgf5-96fm-v528-002.phpt | 62 ++++++++++++++++++ .../tests/http/ghsa-hgf5-96fm-v528-003.phpt | 64 ++++++++++++++++++ 4 files changed, 192 insertions(+), 1 deletion(-) create mode 100644 ext/standard/tests/http/ghsa-hgf5-96fm-v528-001.phpt create mode 100644 ext/standard/tests/http/ghsa-hgf5-96fm-v528-002.phpt create mode 100644 ext/standard/tests/http/ghsa-hgf5-96fm-v528-003.phpt diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c index dbed175d0642..46169e9569e2 100644 --- a/ext/standard/http_fopen_wrapper.c +++ b/ext/standard/http_fopen_wrapper.c @@ -108,7 +108,7 @@ static inline void strip_header(char *header_bag, char *lc_header_bag, static bool check_has_header(const char *headers, const char *header) { const char *s = headers; while ((s = strstr(s, header))) { - if (s == headers || *(s-1) == '\n') { + if (s == headers || (*(s-1) == '\n' && *(s-2) == '\r')) { return 1; } s++; diff --git a/ext/standard/tests/http/ghsa-hgf5-96fm-v528-001.phpt b/ext/standard/tests/http/ghsa-hgf5-96fm-v528-001.phpt new file mode 100644 index 000000000000..c40123560ef1 --- /dev/null +++ b/ext/standard/tests/http/ghsa-hgf5-96fm-v528-001.phpt @@ -0,0 +1,65 @@ +--TEST-- +GHSA-hgf5-96fm-v528: Stream HTTP wrapper header check might omit basic auth header (incorrect inside pos) +--FILE-- + [ + "tcp_nodelay" => true + ] + ]); + + $server = stream_socket_server( + "tcp://127.0.0.1:0", $errno, $errstr, STREAM_SERVER_BIND | STREAM_SERVER_LISTEN, $ctxt); + phpt_notify_server_start($server); + + $conn = stream_socket_accept($server); + + phpt_notify(message:"server-accepted"); + + $result = fread($conn, 1024); + $encoded_result = base64_encode($result); + + fwrite($conn, "HTTP/1.0 200 Ok\r\nContent-Type: text/html; charset=utf-8\r\n\r\n$encoded_result\r\n"); + +CODE; + +$clientCode = <<<'CODE' + $opts = [ + "http" => [ + "method" => "GET", + "header" => "Cookie: foo=bar\nauthorization:x\r\n" + ] + ]; + $ctx = stream_context_create($opts); + var_dump(explode("\r\n", base64_decode(file_get_contents("http://user:pwd@{{ ADDR }}", false, $ctx)))); + var_dump($http_response_header); +CODE; + +include sprintf("%s/../../../openssl/tests/ServerClientTestCase.inc", __DIR__); +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); +?> +--EXPECTF-- +array(7) { + [0]=> + string(14) "GET / HTTP/1.1" + [1]=> + string(33) "Authorization: Basic dXNlcjpwd2Q=" + [2]=> + string(21) "Host: 127.0.0.1:%d" + [3]=> + string(17) "Connection: close" + [4]=> + string(31) "Cookie: foo=bar +authorization:x" + [5]=> + string(0) "" + [6]=> + string(0) "" +} +array(2) { + [0]=> + string(15) "HTTP/1.0 200 Ok" + [1]=> + string(38) "Content-Type: text/html; charset=utf-8" +} diff --git a/ext/standard/tests/http/ghsa-hgf5-96fm-v528-002.phpt b/ext/standard/tests/http/ghsa-hgf5-96fm-v528-002.phpt new file mode 100644 index 000000000000..37a47df060a1 --- /dev/null +++ b/ext/standard/tests/http/ghsa-hgf5-96fm-v528-002.phpt @@ -0,0 +1,62 @@ +--TEST-- +GHSA-hgf5-96fm-v528: Header parser of http stream wrapper does not handle folded headers (correct start pos) +--FILE-- + [ + "tcp_nodelay" => true + ] + ]); + + $server = stream_socket_server( + "tcp://127.0.0.1:0", $errno, $errstr, STREAM_SERVER_BIND | STREAM_SERVER_LISTEN, $ctxt); + phpt_notify_server_start($server); + + $conn = stream_socket_accept($server); + + phpt_notify(message:"server-accepted"); + + $result = fread($conn, 1024); + $encoded_result = base64_encode($result); + + fwrite($conn, "HTTP/1.0 200 Ok\r\nContent-Type: text/html; charset=utf-8\r\n\r\n$encoded_result\r\n"); + +CODE; + +$clientCode = <<<'CODE' + $opts = [ + "http" => [ + "method" => "GET", + "header" => "Authorization: Bearer x\r\n" + ] + ]; + $ctx = stream_context_create($opts); + var_dump(explode("\r\n", base64_decode(file_get_contents("http://user:pwd@{{ ADDR }}", false, $ctx)))); + var_dump($http_response_header); +CODE; + +include sprintf("%s/../../../openssl/tests/ServerClientTestCase.inc", __DIR__); +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); +?> +--EXPECTF-- +array(6) { + [0]=> + string(14) "GET / HTTP/1.1" + [1]=> + string(21) "Host: 127.0.0.1:%d" + [2]=> + string(17) "Connection: close" + [3]=> + string(23) "Authorization: Bearer x" + [4]=> + string(0) "" + [5]=> + string(0) "" +} +array(2) { + [0]=> + string(15) "HTTP/1.0 200 Ok" + [1]=> + string(38) "Content-Type: text/html; charset=utf-8" +} diff --git a/ext/standard/tests/http/ghsa-hgf5-96fm-v528-003.phpt b/ext/standard/tests/http/ghsa-hgf5-96fm-v528-003.phpt new file mode 100644 index 000000000000..6c84679ff63b --- /dev/null +++ b/ext/standard/tests/http/ghsa-hgf5-96fm-v528-003.phpt @@ -0,0 +1,64 @@ +--TEST-- +GHSA-hgf5-96fm-v528: Header parser of http stream wrapper does not handle folded headers (correct middle pos) +--FILE-- + [ + "tcp_nodelay" => true + ] + ]); + + $server = stream_socket_server( + "tcp://127.0.0.1:0", $errno, $errstr, STREAM_SERVER_BIND | STREAM_SERVER_LISTEN, $ctxt); + phpt_notify_server_start($server); + + $conn = stream_socket_accept($server); + + phpt_notify(message:"server-accepted"); + + $result = fread($conn, 1024); + $encoded_result = base64_encode($result); + + fwrite($conn, "HTTP/1.0 200 Ok\r\nContent-Type: text/html; charset=utf-8\r\n\r\n$encoded_result\r\n"); + +CODE; + +$clientCode = <<<'CODE' + $opts = [ + "http" => [ + "method" => "GET", + "header" => "Cookie: x=y\r\nAuthorization: Bearer x\r\n" + ] + ]; + $ctx = stream_context_create($opts); + var_dump(explode("\r\n", base64_decode(file_get_contents("http://user:pwd@{{ ADDR }}", false, $ctx)))); + var_dump($http_response_header); +CODE; + +include sprintf("%s/../../../openssl/tests/ServerClientTestCase.inc", __DIR__); +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); +?> +--EXPECTF-- +array(7) { + [0]=> + string(14) "GET / HTTP/1.1" + [1]=> + string(21) "Host: 127.0.0.1:%d" + [2]=> + string(17) "Connection: close" + [3]=> + string(11) "Cookie: x=y" + [4]=> + string(23) "Authorization: Bearer x" + [5]=> + string(0) "" + [6]=> + string(0) "" +} +array(2) { + [0]=> + string(15) "HTTP/1.0 200 Ok" + [1]=> + string(38) "Content-Type: text/html; charset=utf-8" +} From b6004a043c16b211d462218fbb3f72db68ec2b18 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= Date: Wed, 20 Nov 2024 10:47:27 +0100 Subject: [PATCH 46/52] Fix GHSA-p3x9-6h7p-cgfc: libxml streams wrong `content-type` on redirect libxml streams use wrong content-type header when requesting a redirected resource. --- ext/dom/tests/ghsa-p3x9-6h7p-cgfc_001.phpt | 60 +++++++++++++++++ ext/dom/tests/ghsa-p3x9-6h7p-cgfc_002.phpt | 60 +++++++++++++++++ ext/dom/tests/ghsa-p3x9-6h7p-cgfc_003.phpt | 60 +++++++++++++++++ ext/libxml/libxml.c | 77 ++++++++++++---------- 4 files changed, 224 insertions(+), 33 deletions(-) create mode 100644 ext/dom/tests/ghsa-p3x9-6h7p-cgfc_001.phpt create mode 100644 ext/dom/tests/ghsa-p3x9-6h7p-cgfc_002.phpt create mode 100644 ext/dom/tests/ghsa-p3x9-6h7p-cgfc_003.phpt diff --git a/ext/dom/tests/ghsa-p3x9-6h7p-cgfc_001.phpt b/ext/dom/tests/ghsa-p3x9-6h7p-cgfc_001.phpt new file mode 100644 index 000000000000..47212cb34100 --- /dev/null +++ b/ext/dom/tests/ghsa-p3x9-6h7p-cgfc_001.phpt @@ -0,0 +1,60 @@ +--TEST-- +GHSA-p3x9-6h7p-cgfc: libxml streams use wrong `content-type` header when requesting a redirected resource (Basic) +--EXTENSIONS-- +dom +--SKIPIF-- + +--FILE-- + + + + GHSA-p3x9-6h7p-cgfc + + + + + + +

GHSA-p3x9-6h7p-cgfc

+ + + EOT; + // Intentionally using non-standard casing for content-type to verify it is matched not case sensitively. + yield "data://text/plain,HTTP/1.1 200 OK\r\nconteNt-tyPe: text/html; charset=utf-8\r\n\r\n{$xml}"; +} + +['pid' => $pid, 'uri' => $uri] = http_server('genResponses', $output); +$document = new \DOMDocument(); +$document->loadHTMLFile($uri); + +$h1 = $document->getElementsByTagName('h1'); +var_dump($h1->length); +var_dump($document->saveHTML()); +http_server_kill($pid); +?> +--EXPECT-- +int(1) +string(266) " + + + GHSA-p3x9-6h7p-cgfc + + + + + + +

GHSA-p3x9-6h7p-cgfc

+ + +" diff --git a/ext/dom/tests/ghsa-p3x9-6h7p-cgfc_002.phpt b/ext/dom/tests/ghsa-p3x9-6h7p-cgfc_002.phpt new file mode 100644 index 000000000000..a7eff3b9a8b7 --- /dev/null +++ b/ext/dom/tests/ghsa-p3x9-6h7p-cgfc_002.phpt @@ -0,0 +1,60 @@ +--TEST-- +GHSA-p3x9-6h7p-cgfc: libxml streams use wrong `content-type` header when requesting a redirected resource (Missing content-type) +--EXTENSIONS-- +dom +--SKIPIF-- + +--FILE-- + + + + GHSA-p3x9-6h7p-cgfc + + + + + + +

GHSA-p3x9-6h7p-cgfc

+ + + EOT; + // Missing content-type in actual response. + yield "data://text/plain,HTTP/1.1 200 OK\r\n\r\n{$xml}"; +} + +['pid' => $pid, 'uri' => $uri] = http_server('genResponses', $output); +$document = new \DOMDocument(); +$document->loadHTMLFile($uri); + +$h1 = $document->getElementsByTagName('h1'); +var_dump($h1->length); +var_dump($document->saveHTML()); +http_server_kill($pid); +?> +--EXPECT-- +int(1) +string(266) " + + + GHSA-p3x9-6h7p-cgfc + + + + + + +

GHSA-p3x9-6h7p-cgfc

+ + +" diff --git a/ext/dom/tests/ghsa-p3x9-6h7p-cgfc_003.phpt b/ext/dom/tests/ghsa-p3x9-6h7p-cgfc_003.phpt new file mode 100644 index 000000000000..178b35f3525a --- /dev/null +++ b/ext/dom/tests/ghsa-p3x9-6h7p-cgfc_003.phpt @@ -0,0 +1,60 @@ +--TEST-- +GHSA-p3x9-6h7p-cgfc: libxml streams use wrong `content-type` header when requesting a redirected resource (Reason with colon) +--EXTENSIONS-- +dom +--SKIPIF-- + +--FILE-- + + + + GHSA-p3x9-6h7p-cgfc + + + + + + +

GHSA-p3x9-6h7p-cgfc

+ + + EOT; + // Missing content-type in actual response. + yield "data://text/plain,HTTP/1.1 200 OK: This is fine\r\n\r\n{$xml}"; +} + +['pid' => $pid, 'uri' => $uri] = http_server('genResponses', $output); +$document = new \DOMDocument(); +$document->loadHTMLFile($uri); + +$h1 = $document->getElementsByTagName('h1'); +var_dump($h1->length); +var_dump($document->saveHTML()); +http_server_kill($pid); +?> +--EXPECT-- +int(1) +string(266) " + + + GHSA-p3x9-6h7p-cgfc + + + + + + +

GHSA-p3x9-6h7p-cgfc

+ + +" diff --git a/ext/libxml/libxml.c b/ext/libxml/libxml.c index dc5e77909523..3311346d4bcf 100644 --- a/ext/libxml/libxml.c +++ b/ext/libxml/libxml.c @@ -374,42 +374,53 @@ php_libxml_input_buffer_create_filename(const char *URI, xmlCharEncoding enc) if (Z_TYPE(s->wrapperdata) == IS_ARRAY) { zval *header; - ZEND_HASH_FOREACH_VAL_IND(Z_ARRVAL(s->wrapperdata), header) { + /* Scan backwards: The header array might contain the headers for multiple responses, if + * a redirect was followed. + */ + ZEND_HASH_REVERSE_FOREACH_VAL_IND(Z_ARRVAL(s->wrapperdata), header) { const char buf[] = "Content-Type:"; - if (Z_TYPE_P(header) == IS_STRING && - !zend_binary_strncasecmp(Z_STRVAL_P(header), Z_STRLEN_P(header), buf, sizeof(buf)-1, sizeof(buf)-1)) { - char *needle = estrdup("charset="); - char *haystack = estrndup(Z_STRVAL_P(header), Z_STRLEN_P(header)); - char *encoding = php_stristr(haystack, needle, Z_STRLEN_P(header), sizeof("charset=")-1); - - if (encoding) { - char *end; - - encoding += sizeof("charset=")-1; - if (*encoding == '"') { - encoding++; - } - end = strchr(encoding, ';'); - if (end == NULL) { - end = encoding + strlen(encoding); - } - end--; /* end == encoding-1 isn't a buffer underrun */ - while (*end == ' ' || *end == '\t') { - end--; - } - if (*end == '"') { - end--; - } - if (encoding >= end) continue; - *(end+1) = '\0'; - enc = xmlParseCharEncoding(encoding); - if (enc <= XML_CHAR_ENCODING_NONE) { - enc = XML_CHAR_ENCODING_NONE; + if (Z_TYPE_P(header) == IS_STRING) { + /* If no colon is found in the header, we assume it's the HTTP status line and bail out. */ + char *colon = memchr(Z_STRVAL_P(header), ':', Z_STRLEN_P(header)); + char *space = memchr(Z_STRVAL_P(header), ' ', Z_STRLEN_P(header)); + if (colon == NULL || space < colon) { + break; + } + + if (!zend_binary_strncasecmp(Z_STRVAL_P(header), Z_STRLEN_P(header), buf, sizeof(buf)-1, sizeof(buf)-1)) { + char *needle = estrdup("charset="); + char *haystack = estrndup(Z_STRVAL_P(header), Z_STRLEN_P(header)); + char *encoding = php_stristr(haystack, needle, Z_STRLEN_P(header), sizeof("charset=")-1); + + if (encoding) { + char *end; + + encoding += sizeof("charset=")-1; + if (*encoding == '"') { + encoding++; + } + end = strchr(encoding, ';'); + if (end == NULL) { + end = encoding + strlen(encoding); + } + end--; /* end == encoding-1 isn't a buffer underrun */ + while (*end == ' ' || *end == '\t') { + end--; + } + if (*end == '"') { + end--; + } + if (encoding >= end) continue; + *(end+1) = '\0'; + enc = xmlParseCharEncoding(encoding); + if (enc <= XML_CHAR_ENCODING_NONE) { + enc = XML_CHAR_ENCODING_NONE; + } } + efree(haystack); + efree(needle); + break; /* found content-type */ } - efree(haystack); - efree(needle); - break; /* found content-type */ } } ZEND_HASH_FOREACH_END(); } From 0e715e71d945b68f8ccedd62c5960df747af6625 Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Wed, 18 Dec 2024 18:44:05 +0100 Subject: [PATCH 47/52] Fix GHSA-wg4p-4hqh-c3g9 --- ext/xml/tests/toffset_bounds.phpt | 42 +++++++++++++++++++++++++++++++ ext/xml/xml.c | 12 ++++++--- 2 files changed, 50 insertions(+), 4 deletions(-) create mode 100644 ext/xml/tests/toffset_bounds.phpt diff --git a/ext/xml/tests/toffset_bounds.phpt b/ext/xml/tests/toffset_bounds.phpt new file mode 100644 index 000000000000..5a3fd22f86cd --- /dev/null +++ b/ext/xml/tests/toffset_bounds.phpt @@ -0,0 +1,42 @@ +--TEST-- +XML_OPTION_SKIP_TAGSTART bounds +--EXTENSIONS-- +xml +--FILE-- +"; +$parser = xml_parser_create(); +xml_parser_set_option($parser, XML_OPTION_SKIP_TAGSTART, 100); +$res = xml_parse_into_struct($parser,$sample,$vals,$index); +var_dump($vals); +?> +--EXPECT-- +array(3) { + [0]=> + array(3) { + ["tag"]=> + string(0) "" + ["type"]=> + string(4) "open" + ["level"]=> + int(1) + } + [1]=> + array(3) { + ["tag"]=> + string(0) "" + ["type"]=> + string(8) "complete" + ["level"]=> + int(2) + } + [2]=> + array(3) { + ["tag"]=> + string(0) "" + ["type"]=> + string(5) "close" + ["level"]=> + int(1) + } +} diff --git a/ext/xml/xml.c b/ext/xml/xml.c index 56f81c4305b4..1638f36e8ebc 100644 --- a/ext/xml/xml.c +++ b/ext/xml/xml.c @@ -667,9 +667,11 @@ void _xml_startElementHandler(void *userData, const XML_Char *name, const XML_Ch array_init(&tag); array_init(&atr); - _xml_add_to_info(parser, ZSTR_VAL(tag_name) + parser->toffset); + char *skipped_tag_name = SKIP_TAGSTART(ZSTR_VAL(tag_name)); - add_assoc_string(&tag, "tag", SKIP_TAGSTART(ZSTR_VAL(tag_name))); /* cast to avoid gcc-warning */ + _xml_add_to_info(parser, skipped_tag_name); + + add_assoc_string(&tag, "tag", skipped_tag_name); add_assoc_string(&tag, "type", "open"); add_assoc_long(&tag, "level", parser->level); @@ -736,9 +738,11 @@ void _xml_endElementHandler(void *userData, const XML_Char *name) } else { array_init(&tag); - _xml_add_to_info(parser, ZSTR_VAL(tag_name) + parser->toffset); + char *skipped_tag_name = SKIP_TAGSTART(ZSTR_VAL(tag_name)); + + _xml_add_to_info(parser, skipped_tag_name); - add_assoc_string(&tag, "tag", SKIP_TAGSTART(ZSTR_VAL(tag_name))); /* cast to avoid gcc-warning */ + add_assoc_string(&tag, "tag", skipped_tag_name); add_assoc_string(&tag, "type", "close"); add_assoc_long(&tag, "level", parser->level); From 74d548bf58d878c99f83671986728b65cb5b07fc Mon Sep 17 00:00:00 2001 From: Jakub Zelenka Date: Fri, 7 Mar 2025 13:40:40 +0100 Subject: [PATCH 48/52] Update NEWS with entries for security fixes --- NEWS | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 7324aaf5bef5..87a7e7d080c4 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,21 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -?? ??? ????, PHP 8.1.32 +13 Mar 2025, PHP 8.1.32 + +- LibXML: + . Fixed GHSA-wg4p-4hqh-c3g9 (Reocurrence of #72714). (nielsdos) + . Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong `content-type` header + when requesting a redirected resource). (CVE-2025-1219) (timwolla) + +- Streams: + . Fixed GHSA-hgf54-96fm-v528 (Stream HTTP wrapper header check might omit + basic auth header). (CVE-2025-1736) (Jakub Zelenka) + . Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location + to 1024 bytes). (CVE-2025-1861) (Jakub Zelenka) + . Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers + without colon). (CVE-2025-1734) (Jakub Zelenka) + . Fixed GHSA-v8xr-gpvj-cx9g (Header parser of `http` stream wrapper does not + handle folded headers). (CVE-2025-1217) (Jakub Zelenka) - Windows: . Fixed phpize for Windows 11 (24H2). (bwoebi) From fe862bbf631db469ad7b9105cdec733d542f4c7a Mon Sep 17 00:00:00 2001 From: Ben Ramsey Date: Tue, 11 Mar 2025 16:21:45 -0500 Subject: [PATCH 49/52] Update versions for PHP 8.1.32 --- Zend/zend.h | 2 +- configure.ac | 2 +- main/php_version.h | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Zend/zend.h b/Zend/zend.h index dcf69979f952..c7d55f1cab00 100644 --- a/Zend/zend.h +++ b/Zend/zend.h @@ -20,7 +20,7 @@ #ifndef ZEND_H #define ZEND_H -#define ZEND_VERSION "4.1.31-dev" +#define ZEND_VERSION "4.1.32" #define ZEND_ENGINE_3 diff --git a/configure.ac b/configure.ac index f6902707abb1..67b636580da1 100644 --- a/configure.ac +++ b/configure.ac @@ -17,7 +17,7 @@ dnl Basic autoconf initialization, generation of config.nice. dnl ---------------------------------------------------------------------------- AC_PREREQ([2.68]) -AC_INIT([PHP],[8.1.31-dev],[https://github.com/php/php-src/issues],[php],[https://www.php.net]) +AC_INIT([PHP],[8.1.32],[https://github.com/php/php-src/issues],[php],[https://www.php.net]) AC_CONFIG_SRCDIR([main/php_version.h]) AC_CONFIG_AUX_DIR([build]) AC_PRESERVE_HELP_ORDER diff --git a/main/php_version.h b/main/php_version.h index bff672258347..de3d935b2ab4 100644 --- a/main/php_version.h +++ b/main/php_version.h @@ -2,7 +2,7 @@ /* edit configure.ac to change version number */ #define PHP_MAJOR_VERSION 8 #define PHP_MINOR_VERSION 1 -#define PHP_RELEASE_VERSION 31 -#define PHP_EXTRA_VERSION "-dev" -#define PHP_VERSION "8.1.31-dev" -#define PHP_VERSION_ID 80131 +#define PHP_RELEASE_VERSION 32 +#define PHP_EXTRA_VERSION "" +#define PHP_VERSION "8.1.32" +#define PHP_VERSION_ID 80132 From e3a6c82e94d4e2a126a08361e155ff090b51fd74 Mon Sep 17 00:00:00 2001 From: Ben Ramsey Date: Tue, 11 Mar 2025 16:50:39 -0500 Subject: [PATCH 50/52] Revert "Update versions for PHP 8.1.32" This reverts commit fe862bbf631db469ad7b9105cdec733d542f4c7a. --- Zend/zend.h | 2 +- configure.ac | 2 +- main/php_version.h | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Zend/zend.h b/Zend/zend.h index c7d55f1cab00..dcf69979f952 100644 --- a/Zend/zend.h +++ b/Zend/zend.h @@ -20,7 +20,7 @@ #ifndef ZEND_H #define ZEND_H -#define ZEND_VERSION "4.1.32" +#define ZEND_VERSION "4.1.31-dev" #define ZEND_ENGINE_3 diff --git a/configure.ac b/configure.ac index 67b636580da1..f6902707abb1 100644 --- a/configure.ac +++ b/configure.ac @@ -17,7 +17,7 @@ dnl Basic autoconf initialization, generation of config.nice. dnl ---------------------------------------------------------------------------- AC_PREREQ([2.68]) -AC_INIT([PHP],[8.1.32],[https://github.com/php/php-src/issues],[php],[https://www.php.net]) +AC_INIT([PHP],[8.1.31-dev],[https://github.com/php/php-src/issues],[php],[https://www.php.net]) AC_CONFIG_SRCDIR([main/php_version.h]) AC_CONFIG_AUX_DIR([build]) AC_PRESERVE_HELP_ORDER diff --git a/main/php_version.h b/main/php_version.h index de3d935b2ab4..bff672258347 100644 --- a/main/php_version.h +++ b/main/php_version.h @@ -2,7 +2,7 @@ /* edit configure.ac to change version number */ #define PHP_MAJOR_VERSION 8 #define PHP_MINOR_VERSION 1 -#define PHP_RELEASE_VERSION 32 -#define PHP_EXTRA_VERSION "" -#define PHP_VERSION "8.1.32" -#define PHP_VERSION_ID 80132 +#define PHP_RELEASE_VERSION 31 +#define PHP_EXTRA_VERSION "-dev" +#define PHP_VERSION "8.1.31-dev" +#define PHP_VERSION_ID 80131 From 8aab89bc8d6897d42664f9059c7da70b23830665 Mon Sep 17 00:00:00 2001 From: Ben Ramsey Date: Tue, 11 Mar 2025 16:52:23 -0500 Subject: [PATCH 51/52] Update versions for PHP 8.1.32 [skip ci] --- Zend/zend.h | 2 +- configure.ac | 2 +- main/php_version.h | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Zend/zend.h b/Zend/zend.h index dcf69979f952..c522330db0ad 100644 --- a/Zend/zend.h +++ b/Zend/zend.h @@ -20,7 +20,7 @@ #ifndef ZEND_H #define ZEND_H -#define ZEND_VERSION "4.1.31-dev" +#define ZEND_VERSION "4.1.32-dev" #define ZEND_ENGINE_3 diff --git a/configure.ac b/configure.ac index f6902707abb1..898386056ddd 100644 --- a/configure.ac +++ b/configure.ac @@ -17,7 +17,7 @@ dnl Basic autoconf initialization, generation of config.nice. dnl ---------------------------------------------------------------------------- AC_PREREQ([2.68]) -AC_INIT([PHP],[8.1.31-dev],[https://github.com/php/php-src/issues],[php],[https://www.php.net]) +AC_INIT([PHP],[8.1.32-dev],[https://github.com/php/php-src/issues],[php],[https://www.php.net]) AC_CONFIG_SRCDIR([main/php_version.h]) AC_CONFIG_AUX_DIR([build]) AC_PRESERVE_HELP_ORDER diff --git a/main/php_version.h b/main/php_version.h index bff672258347..0e2bf32c124b 100644 --- a/main/php_version.h +++ b/main/php_version.h @@ -2,7 +2,7 @@ /* edit configure.ac to change version number */ #define PHP_MAJOR_VERSION 8 #define PHP_MINOR_VERSION 1 -#define PHP_RELEASE_VERSION 31 +#define PHP_RELEASE_VERSION 32 #define PHP_EXTRA_VERSION "-dev" -#define PHP_VERSION "8.1.31-dev" -#define PHP_VERSION_ID 80131 +#define PHP_VERSION "8.1.32-dev" +#define PHP_VERSION_ID 80132 From aa4bed90d8927de8c2648ea5f3f4a32c56301b71 Mon Sep 17 00:00:00 2001 From: Ben Ramsey Date: Tue, 11 Mar 2025 17:02:51 -0500 Subject: [PATCH 52/52] Prepare for PHP 8.1.32 --- Zend/zend.h | 2 +- configure.ac | 2 +- main/php_version.h | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Zend/zend.h b/Zend/zend.h index c522330db0ad..c7d55f1cab00 100644 --- a/Zend/zend.h +++ b/Zend/zend.h @@ -20,7 +20,7 @@ #ifndef ZEND_H #define ZEND_H -#define ZEND_VERSION "4.1.32-dev" +#define ZEND_VERSION "4.1.32" #define ZEND_ENGINE_3 diff --git a/configure.ac b/configure.ac index 898386056ddd..67b636580da1 100644 --- a/configure.ac +++ b/configure.ac @@ -17,7 +17,7 @@ dnl Basic autoconf initialization, generation of config.nice. dnl ---------------------------------------------------------------------------- AC_PREREQ([2.68]) -AC_INIT([PHP],[8.1.32-dev],[https://github.com/php/php-src/issues],[php],[https://www.php.net]) +AC_INIT([PHP],[8.1.32],[https://github.com/php/php-src/issues],[php],[https://www.php.net]) AC_CONFIG_SRCDIR([main/php_version.h]) AC_CONFIG_AUX_DIR([build]) AC_PRESERVE_HELP_ORDER diff --git a/main/php_version.h b/main/php_version.h index 0e2bf32c124b..de3d935b2ab4 100644 --- a/main/php_version.h +++ b/main/php_version.h @@ -3,6 +3,6 @@ #define PHP_MAJOR_VERSION 8 #define PHP_MINOR_VERSION 1 #define PHP_RELEASE_VERSION 32 -#define PHP_EXTRA_VERSION "-dev" -#define PHP_VERSION "8.1.32-dev" +#define PHP_EXTRA_VERSION "" +#define PHP_VERSION "8.1.32" #define PHP_VERSION_ID 80132