summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--EXTENSIONS2
-rw-r--r--NEWS13
-rw-r--r--configure.in2
-rw-r--r--main/php_version.h6
-rw-r--r--sapi/fpm/fpm/fpm_conf.c3
-rw-r--r--sapi/fpm/fpm/fpm_conf.h1
-rw-r--r--sapi/fpm/fpm/fpm_unix.c2
-rw-r--r--sapi/fpm/php-fpm.conf.in6
8 files changed, 28 insertions, 7 deletions
diff --git a/EXTENSIONS b/EXTENSIONS
index f49cf3778b..260d3aff14 100644
--- a/EXTENSIONS
+++ b/EXTENSIONS
@@ -74,7 +74,7 @@ MAINTENANCE: Maintained
STATUS: Working
-------------------------------------------------------------------------------
EXTENSION: fpm
-PRIMARY MAINTAINER: Antony Dovgal <tony2001@php.net>, Jerome Loyet <fat@php.net>
+PRIMARY MAINTAINER: Jakub Zelenka <bukka@php.net>
MAINTENANCE: Maintained
STATUS: Working
SINCE: 5.3.3
diff --git a/NEWS b/NEWS
index bfc2a69166..db5523c98d 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,17 @@
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-?? ??? 2018, PHP 5.6.34
+?? ??? 2018, PHP 5.6.36
+
+29 Mar 2018, PHP 5.6.35
+
+- FPM:
+ . Fixed bug #75605 (Dumpable FPM child processes allow bypassing opcache
+ access controls). (Jakub Zelenka)
+
+01 Mar 2018, PHP 5.6.34
+
+- Standard:
+ . Fixed bug #75981 (stack-buffer-overflow while parsing HTTP response). (Stas)
04 Jan 2018, PHP 5.6.33
diff --git a/configure.in b/configure.in
index 3fb42ad0b9..23dc5e79a5 100644
--- a/configure.in
+++ b/configure.in
@@ -119,7 +119,7 @@ int zend_sprintf(char *buffer, const char *format, ...);
PHP_MAJOR_VERSION=5
PHP_MINOR_VERSION=6
-PHP_RELEASE_VERSION=34
+PHP_RELEASE_VERSION=36
PHP_EXTRA_VERSION="-dev"
PHP_VERSION="$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION"
PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 10000 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION`
diff --git a/main/php_version.h b/main/php_version.h
index b8528abac0..cec53e0cc9 100644
--- a/main/php_version.h
+++ b/main/php_version.h
@@ -2,7 +2,7 @@
/* edit configure.in to change version number */
#define PHP_MAJOR_VERSION 5
#define PHP_MINOR_VERSION 6
-#define PHP_RELEASE_VERSION 34
+#define PHP_RELEASE_VERSION 36
#define PHP_EXTRA_VERSION "-dev"
-#define PHP_VERSION "5.6.34-dev"
-#define PHP_VERSION_ID 50634
+#define PHP_VERSION "5.6.36-dev"
+#define PHP_VERSION_ID 50636
diff --git a/sapi/fpm/fpm/fpm_conf.c b/sapi/fpm/fpm/fpm_conf.c
index a4d28a6478..d77bf062f6 100644
--- a/sapi/fpm/fpm/fpm_conf.c
+++ b/sapi/fpm/fpm/fpm_conf.c
@@ -132,6 +132,7 @@ static struct ini_value_parser_s ini_fpm_pool_options[] = {
{ "listen.mode", &fpm_conf_set_string, WPO(listen_mode) },
{ "listen.allowed_clients", &fpm_conf_set_string, WPO(listen_allowed_clients) },
{ "process.priority", &fpm_conf_set_integer, WPO(process_priority) },
+ { "process.dumpable", &fpm_conf_set_boolean, WPO(process_dumpable) },
{ "pm", &fpm_conf_set_pm, WPO(pm) },
{ "pm.max_children", &fpm_conf_set_integer, WPO(pm_max_children) },
{ "pm.start_servers", &fpm_conf_set_integer, WPO(pm_start_servers) },
@@ -613,6 +614,7 @@ static void *fpm_worker_pool_config_alloc() /* {{{ */
wp->config->listen_backlog = FPM_BACKLOG_DEFAULT;
wp->config->pm_process_idle_timeout = 10; /* 10s by default */
wp->config->process_priority = 64; /* 64 means unset */
+ wp->config->process_dumpable = 0;
wp->config->clear_env = 1;
if (!fpm_worker_all_pools) {
@@ -1602,6 +1604,7 @@ static void fpm_conf_dump() /* {{{ */
} else {
zlog(ZLOG_NOTICE, "\tprocess.priority = %d", wp->config->process_priority);
}
+ zlog(ZLOG_NOTICE, "\tprocess.dumpable = %s", BOOL2STR(wp->config->process_dumpable));
zlog(ZLOG_NOTICE, "\tpm = %s", PM2STR(wp->config->pm));
zlog(ZLOG_NOTICE, "\tpm.max_children = %d", wp->config->pm_max_children);
zlog(ZLOG_NOTICE, "\tpm.start_servers = %d", wp->config->pm_start_servers);
diff --git a/sapi/fpm/fpm/fpm_conf.h b/sapi/fpm/fpm/fpm_conf.h
index 540b22795d..4021cbc2e3 100644
--- a/sapi/fpm/fpm/fpm_conf.h
+++ b/sapi/fpm/fpm/fpm_conf.h
@@ -64,6 +64,7 @@ struct fpm_worker_pool_config_s {
char *listen_mode;
char *listen_allowed_clients;
int process_priority;
+ int process_dumpable;
int pm;
int pm_max_children;
int pm_start_servers;
diff --git a/sapi/fpm/fpm/fpm_unix.c b/sapi/fpm/fpm/fpm_unix.c
index f0d4573483..7c78487df7 100644
--- a/sapi/fpm/fpm/fpm_unix.c
+++ b/sapi/fpm/fpm/fpm_unix.c
@@ -398,7 +398,7 @@ int fpm_unix_init_child(struct fpm_worker_pool_s *wp) /* {{{ */
}
#ifdef HAVE_PRCTL
- if (0 > prctl(PR_SET_DUMPABLE, 1, 0, 0, 0)) {
+ if (wp->config->process_dumpable && 0 > prctl(PR_SET_DUMPABLE, 1, 0, 0, 0)) {
zlog(ZLOG_SYSERROR, "[pool %s] failed to prctl(PR_SET_DUMPABLE)", wp->config->name);
}
#endif
diff --git a/sapi/fpm/php-fpm.conf.in b/sapi/fpm/php-fpm.conf.in
index dd037db768..39c8a2d488 100644
--- a/sapi/fpm/php-fpm.conf.in
+++ b/sapi/fpm/php-fpm.conf.in
@@ -197,6 +197,12 @@ listen = 127.0.0.1:9000
; Default Value: no set
; process.priority = -19
+; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user
+; or group is differrent than the master process user. It allows to create process
+; core dump and ptrace the process for the pool user.
+; Default Value: no
+; process.dumpable = yes
+
; Choose how the process manager will control the number of child processes.
; Possible Values:
; static - a fixed number (pm.max_children) of child processes;
View Lorry Controller Status