delta/php-git.git/sapi, branch php-7.3.11 git.php.net: repository/php-src.git Fix bug #78599 (env_path_info underflow can lead to RCE) (CVE-2019-11043) 2019-10-22T07:11:10+00:00 Jakub Zelenka bukka@php.net 2019-10-12T14:56:16+00:00 19e17d3807e6cc0b1ba9443ec5facbd33a61f8fe (cherry picked from commit ab061f95ca966731b1c84cf5b7b20155c0a1c06a) 
(cherry picked from commit ab061f95ca966731b1c84cf5b7b20155c0a1c06a)
Fix #78413: php-fpm request_terminate_timeout does not take effect after fastcgi_finish_request 2019-09-30T10:54:09+00:00 Sergei Turchanov turchanov@farpost.com 2019-08-28T04:37:52+00:00 e546d721e8c61fb1218335dc75b1874033c3ca24 To retain legacy behavior I decided to add an option to control request termination logic. If request_terminate_timeout_track_finished is set, then request will be tracked for time limits even after fastcgi_finish_request was called. This patch depends on the fix provided in BUG 78469 (otherwise php-fpm workers listening on named pipes on Windows will be erroneously terminated) (PR #4636) 
To retain legacy behavior I decided to add an option to control request
termination logic. If request_terminate_timeout_track_finished is set,
then request will be tracked for time limits even after
fastcgi_finish_request was called.

This patch depends on the fix provided in BUG 78469 (otherwise php-fpm
workers listening on named pipes on Windows will be erroneously terminated)
(PR #4636)
Merge branch 'PHP-7.2' into PHP-7.3 2019-09-17T10:19:39+00:00 Nikita Popov nikita.ppv@gmail.com 2019-09-17T10:19:39+00:00 3a2fa489ddcb7557e6c55de7fb488e4f32031bde 






Add tilde to allowed status/ping path
2019-09-17T10:19:21+00:00

Drakano
drakano@arcor.de

2019-09-12T08:18:30+00:00

252ebce0d7dc05695c6bfaad493e2626e1a2233f

Because of user specific webdirs it should be possible to set a
status/ping path like "/~username/status".

Closes GH-4698.





Because of user specific webdirs it should be possible to set a
status/ping path like "/~username/status".

Closes GH-4698.







Fix bug #78334 (fpm log prefix message includes wrong stdout/stderr notation)
2019-08-26T17:05:11+00:00

Tsuyoshi Sadakata
sadapon2008@gmail.com

2019-07-25T14:22:45+00:00

ffcf57fa187f55b6e2cf3e6de43b03332cc750de












Remove test for bug #77185
2019-07-22T10:40:26+00:00

Nikita Popov
nikita.ppv@gmail.com

2019-07-22T10:40:26+00:00

b59a9381b989c5c434b30482b1c1b8493f3ceb27

Seems to be very unreliable in CI.





Seems to be very unreliable in CI.







Reduce number of workers in test
2019-07-22T09:18:38+00:00

Nikita Popov
nikita.ppv@gmail.com

2019-07-22T09:18:38+00:00

5e4dbce5864811122110b49298e8b3eeb8b9d4b0

4 seems to be enough to reliably reproduce the issue. Let's see
if this works better in CI.





4 seems to be enough to reliably reproduce the issue. Let's see
if this works better in CI.







Prevent use after free in fpm_event_epoll_wait
2019-07-22T08:32:58+00:00

Maksim Nikulin
mnikulin@plesk.com

2019-01-23T05:19:29+00:00

bdf24f8d6d9d495ece354d6fd2dd6ed169198a2e

epoll event backend does not guarantee that child input/output events
are reported before SIGCHILD due to finished worker. While a bunch of
events received by epoll is being processed, child-related structures
may be removed before dispatching of an I/O event for the same child.
The result may be attempt to access to memory region allocated for
another purpose, segfault of the master process, and unavailable web
sites.

Postpone processing of SIGCHILD events till other events in the same
bunch are processed.

Fix Bug #62418 php-fpm master process crashes
Fix Bug #65398 Race condition between SIGCHLD and child stdout/stderr event leads to segfault
Fix Bug #75112 php-fpm crashing, hard to reproduce
Fix Bug #77114 php-fpm master segfaults in fpm_event_epoll_wait/fpm_event_fire
Fix Bug #77185 Use-after-free in FPM master event handling





epoll event backend does not guarantee that child input/output events
are reported before SIGCHILD due to finished worker. While a bunch of
events received by epoll is being processed, child-related structures
may be removed before dispatching of an I/O event for the same child.
The result may be attempt to access to memory region allocated for
another purpose, segfault of the master process, and unavailable web
sites.

Postpone processing of SIGCHILD events till other events in the same
bunch are processed.

Fix Bug #62418 php-fpm master process crashes
Fix Bug #65398 Race condition between SIGCHLD and child stdout/stderr event leads to segfault
Fix Bug #75112 php-fpm crashing, hard to reproduce
Fix Bug #77114 php-fpm master segfaults in fpm_event_epoll_wait/fpm_event_fire
Fix Bug #77185 Use-after-free in FPM master event handling







Merge branch 'PHP-7.2' into PHP-7.3
2019-07-21T04:01:06+00:00

George Wang
gwang@php.net

2019-07-21T04:01:06+00:00

82f35ab0890e192e76665194a245365d5d249638












Checked in LiteSpeed SAPI 7.5, addressed two main problems in "clean shutdown" introduced in 7.4.3,
2019-07-21T03:59:43+00:00

George Wang
gwang@php.net

2019-07-21T03:59:43+00:00

eb7e45f662bb8bba292caaa03f93759912bcddf0

1. falls in an infinite loop because PHP engine's inconsistent state, now override the ITIMER_PROF to 0.1 second, clean shutdown must finish before that.
2. generate too much error log, we completely disable "error_reporting" before calling php_request_shutdown().





1. falls in an infinite loop because PHP engine's inconsistent state, now override the ITIMER_PROF to 0.1 second, clean shutdown must finish before that.
2. generate too much error log, we completely disable "error_reporting" before calling php_request_shutdown().