diff options
author | Brian Evans <grknight@gentoo.org> | 2023-02-20 13:07:03 -0500 |
---|---|---|
committer | Brian Evans <grknight@gentoo.org> | 2023-02-20 14:43:13 -0500 |
commit | b711589df12322ac7ca3cbe4e5889a623dc81a96 (patch) | |
tree | b2ed80556f0c2bb199a60bb4323047fa2e275691 /dev-lang/php | |
parent | sys-cluster/rdma-core: Stabilize 43.0 x86, #895556 (diff) | |
download | gentoo-b711589df12322ac7ca3cbe4e5889a623dc81a96.tar.gz gentoo-b711589df12322ac7ca3cbe4e5889a623dc81a96.tar.bz2 gentoo-b711589df12322ac7ca3cbe4e5889a623dc81a96.zip |
dev-lang/php: Revbump for backporting CVE patches to 7.4
Bug: https://bugs.gentoo.org/895416
Signed-off-by: Brian Evans <grknight@gentoo.org>
Diffstat (limited to 'dev-lang/php')
-rw-r--r-- | dev-lang/php/files/php-7.4.33-CVE-2023-0567.patch | 114 | ||||
-rw-r--r-- | dev-lang/php/files/php-7.4.33-CVE-2023-0568.patch | 37 | ||||
-rw-r--r-- | dev-lang/php/files/php-7.4.33-CVE-2023-0662.patch | 48 | ||||
-rw-r--r-- | dev-lang/php/php-7.4.33-r2.ebuild | 753 |
4 files changed, 952 insertions, 0 deletions
diff --git a/dev-lang/php/files/php-7.4.33-CVE-2023-0567.patch b/dev-lang/php/files/php-7.4.33-CVE-2023-0567.patch new file mode 100644 index 000000000000..a0e72f380089 --- /dev/null +++ b/dev-lang/php/files/php-7.4.33-CVE-2023-0567.patch @@ -0,0 +1,114 @@ +diff --git a/ext/standard/crypt_blowfish.c b/ext/standard/crypt_blowfish.c +index 3806a290aee4..351d40308089 100644 +--- a/ext/standard/crypt_blowfish.c ++++ b/ext/standard/crypt_blowfish.c +@@ -371,7 +371,6 @@ static const unsigned char BF_atoi64[0x60] = { + #define BF_safe_atoi64(dst, src) \ + { \ + tmp = (unsigned char)(src); \ +- if (tmp == '$') break; /* PHP hack */ \ + if ((unsigned int)(tmp -= 0x20) >= 0x60) return -1; \ + tmp = BF_atoi64[tmp]; \ + if (tmp > 63) return -1; \ +@@ -399,13 +398,6 @@ static int BF_decode(BF_word *dst, const char *src, int size) + *dptr++ = ((c3 & 0x03) << 6) | c4; + } while (dptr < end); + +- if (end - dptr == size) { +- return -1; +- } +- +- while (dptr < end) /* PHP hack */ +- *dptr++ = 0; +- + return 0; + } + +diff --git a/ext/standard/tests/crypt/bcrypt_salt_dollar.phpt b/ext/standard/tests/crypt/bcrypt_salt_dollar.phpt +new file mode 100644 +index 000000000000..32e335f4b087 +--- /dev/null ++++ b/ext/standard/tests/crypt/bcrypt_salt_dollar.phpt +@@ -0,0 +1,82 @@ ++--TEST-- ++bcrypt correctly rejects salts containing $ ++--FILE-- ++<?php ++for ($i = 0; $i < 23; $i++) { ++ $salt = '$2y$04$' . str_repeat('0', $i) . '$'; ++ $result = crypt("foo", $salt); ++ var_dump($salt); ++ var_dump($result); ++ var_dump($result === $salt); ++} ++?> ++--EXPECT-- ++string(8) "$2y$04$$" ++string(2) "*0" ++bool(false) ++string(9) "$2y$04$0$" ++string(2) "*0" ++bool(false) ++string(10) "$2y$04$00$" ++string(2) "*0" ++bool(false) ++string(11) "$2y$04$000$" ++string(2) "*0" ++bool(false) ++string(12) "$2y$04$0000$" ++string(2) "*0" ++bool(false) ++string(13) "$2y$04$00000$" ++string(2) "*0" ++bool(false) ++string(14) "$2y$04$000000$" ++string(2) "*0" ++bool(false) ++string(15) "$2y$04$0000000$" ++string(2) "*0" ++bool(false) ++string(16) "$2y$04$00000000$" ++string(2) "*0" ++bool(false) ++string(17) "$2y$04$000000000$" ++string(2) "*0" ++bool(false) ++string(18) "$2y$04$0000000000$" ++string(2) "*0" ++bool(false) ++string(19) "$2y$04$00000000000$" ++string(2) "*0" ++bool(false) ++string(20) "$2y$04$000000000000$" ++string(2) "*0" ++bool(false) ++string(21) "$2y$04$0000000000000$" ++string(2) "*0" ++bool(false) ++string(22) "$2y$04$00000000000000$" ++string(2) "*0" ++bool(false) ++string(23) "$2y$04$000000000000000$" ++string(2) "*0" ++bool(false) ++string(24) "$2y$04$0000000000000000$" ++string(2) "*0" ++bool(false) ++string(25) "$2y$04$00000000000000000$" ++string(2) "*0" ++bool(false) ++string(26) "$2y$04$000000000000000000$" ++string(2) "*0" ++bool(false) ++string(27) "$2y$04$0000000000000000000$" ++string(2) "*0" ++bool(false) ++string(28) "$2y$04$00000000000000000000$" ++string(2) "*0" ++bool(false) ++string(29) "$2y$04$000000000000000000000$" ++string(2) "*0" ++bool(false) ++string(30) "$2y$04$0000000000000000000000$" ++string(60) "$2y$04$000000000000000000000u2a2UpVexIt9k3FMJeAVr3c04F5tcI8K" ++bool(false) diff --git a/dev-lang/php/files/php-7.4.33-CVE-2023-0568.patch b/dev-lang/php/files/php-7.4.33-CVE-2023-0568.patch new file mode 100644 index 000000000000..67c172ae214f --- /dev/null +++ b/dev-lang/php/files/php-7.4.33-CVE-2023-0568.patch @@ -0,0 +1,37 @@ +From a92acbad873a05470af1a47cb785a18eadd827b5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= <tim@bastelstu.be> +Date: Mon, 23 Jan 2023 22:13:57 +0100 +Subject: [PATCH] crypt: Fix possible buffer overread in php_crypt() + +--- + ext/standard/crypt.c | 1 + + ext/standard/tests/password/password_bcrypt_short.phpt | 8 ++++++++ + 2 files changed, 9 insertions(+) + create mode 100644 ext/standard/tests/password/password_bcrypt_short.phpt + +diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c +index 8c105cf910e8..8316c8b96063 100644 +--- a/ext/standard/crypt.c ++++ b/ext/standard/crypt.c +@@ -135,6 +135,7 @@ PHPAPI zend_string *php_crypt(const char *password, const int pass_len, const ch + } else if ( + salt[0] == '$' && + salt[1] == '2' && ++ salt[2] != 0 && + salt[3] == '$') { + char output[PHP_MAX_SALT_LEN + 1]; + +diff --git a/ext/standard/tests/password/password_bcrypt_short.phpt b/ext/standard/tests/password/password_bcrypt_short.phpt +new file mode 100644 +index 000000000000..085bc8a23904 +--- /dev/null ++++ b/ext/standard/tests/password/password_bcrypt_short.phpt +@@ -0,0 +1,8 @@ ++--TEST-- ++Test that password_hash() does not overread buffers when a short hash is passed ++--FILE-- ++<?php ++var_dump(password_verify("foo", '$2')); ++?> ++--EXPECT-- ++bool(false) diff --git a/dev-lang/php/files/php-7.4.33-CVE-2023-0662.patch b/dev-lang/php/files/php-7.4.33-CVE-2023-0662.patch new file mode 100644 index 000000000000..a6de37c27305 --- /dev/null +++ b/dev-lang/php/files/php-7.4.33-CVE-2023-0662.patch @@ -0,0 +1,48 @@ +diff --git a/main/main.c b/main/main.c +index 40684f32dc14..c58ea58bf5ac 100644 +--- a/main/main.c ++++ b/main/main.c +@@ -836,6 +836,7 @@ PHP_INI_BEGIN() + PHP_INI_ENTRY("disable_functions", "", PHP_INI_SYSTEM, NULL) + PHP_INI_ENTRY("disable_classes", "", PHP_INI_SYSTEM, NULL) + PHP_INI_ENTRY("max_file_uploads", "20", PHP_INI_SYSTEM|PHP_INI_PERDIR, NULL) ++ PHP_INI_ENTRY("max_multipart_body_parts", "-1", PHP_INI_SYSTEM|PHP_INI_PERDIR, NULL) + + STD_PHP_INI_BOOLEAN("allow_url_fopen", "1", PHP_INI_SYSTEM, OnUpdateBool, allow_url_fopen, php_core_globals, core_globals) + STD_PHP_INI_BOOLEAN("allow_url_include", "0", PHP_INI_SYSTEM, OnUpdateBool, allow_url_include, php_core_globals, core_globals) +diff --git a/main/rfc1867.c b/main/rfc1867.c +index b43cfae5a1e2..3086e8da3dbe 100644 +--- a/main/rfc1867.c ++++ b/main/rfc1867.c +@@ -694,6 +694,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */ + void *event_extra_data = NULL; + unsigned int llen = 0; + int upload_cnt = INI_INT("max_file_uploads"); ++ int body_parts_cnt = INI_INT("max_multipart_body_parts"); + const zend_encoding *internal_encoding = zend_multibyte_get_internal_encoding(); + php_rfc1867_getword_t getword; + php_rfc1867_getword_conf_t getword_conf; +@@ -715,6 +716,11 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */ + return; + } + ++ if (body_parts_cnt < 0) { ++ body_parts_cnt = PG(max_input_vars) + upload_cnt; ++ } ++ int body_parts_limit = body_parts_cnt; ++ + /* Get the boundary */ + boundary = strstr(content_type_dup, "boundary"); + if (!boundary) { +@@ -799,6 +805,11 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */ + char *pair = NULL; + int end = 0; + ++ if (--body_parts_cnt < 0) { ++ php_error_docref(NULL, E_WARNING, "Multipart body parts limit exceeded %d. To increase the limit change max_multipart_body_parts in php.ini.", body_parts_limit); ++ goto fileupload_done; ++ } ++ + while (isspace(*cd)) { + ++cd; + } diff --git a/dev-lang/php/php-7.4.33-r2.ebuild b/dev-lang/php/php-7.4.33-r2.ebuild new file mode 100644 index 000000000000..7c62bd3f1448 --- /dev/null +++ b/dev-lang/php/php-7.4.33-r2.ebuild @@ -0,0 +1,753 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="7" + +WANT_AUTOMAKE="none" + +inherit flag-o-matic systemd autotools + +MY_PV=${PV/_rc/RC} +DESCRIPTION="The PHP language runtime engine" +HOMEPAGE="https://www.php.net/" +SRC_URI="https://www.php.net/distributions/${P}.tar.xz" + +LICENSE="PHP-3.01 + BSD + Zend-2.0 + bcmath? ( LGPL-2.1+ ) + fpm? ( BSD-2 ) + gd? ( gd ) + unicode? ( BSD-2 LGPL-2.1 )" + +SLOT="$(ver_cut 1-2)" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos" + +S="${WORKDIR}/${PN}-${MY_PV}" + +# We can build the following SAPIs in the given order +SAPIS="embed cli cgi fpm apache2 phpdbg" + +# SAPIs and SAPI-specific USE flags (cli SAPI is default on): +IUSE="${IUSE} + ${SAPIS/cli/+cli} + threads" + +IUSE="${IUSE} acl argon2 bcmath berkdb bzip2 calendar cdb cjk + coverage +ctype curl debug + enchant exif ffi +fileinfo +filter firebird + +flatfile ftp gd gdbm gmp +iconv imap inifile + intl iodbc ipv6 +jit +json kerberos ldap ldap-sasl libedit lmdb + mhash mssql mysql mysqli nls + oci8-instant-client odbc +opcache pcntl pdo +phar +posix postgres qdbm + readline selinux +session session-mm sharedmem + +simplexml snmp soap sockets sodium spell sqlite ssl + sysvipc systemd test tidy +tokenizer tokyocabinet truetype unicode webp + +xml xmlreader xmlwriter xmlrpc xpm xslt zip zlib" + +# Without USE=readline or libedit, the interactive "php -a" CLI will hang. +# The Oracle instant client provides its own incompatible ldap library. +REQUIRED_USE=" + || ( cli cgi fpm apache2 embed phpdbg ) + cli? ( ^^ ( readline libedit ) ) + !cli? ( ?? ( readline libedit ) ) + truetype? ( gd zlib ) + webp? ( gd zlib ) + cjk? ( gd zlib ) + exif? ( gd zlib ) + xpm? ( gd zlib ) + gd? ( zlib ) + simplexml? ( xml ) + soap? ( xml ) + xmlrpc? ( xml iconv ) + xmlreader? ( xml ) + xmlwriter? ( xml ) + xslt? ( xml ) + ldap-sasl? ( ldap ) + oci8-instant-client? ( !ldap ) + qdbm? ( !gdbm ) + session-mm? ( session !threads ) + mysql? ( || ( mysqli pdo ) ) + firebird? ( pdo ) + mssql? ( pdo ) +" + +RESTRICT="!test? ( test )" + +# The supported (that is, autodetected) versions of BDB are listed in +# the ./configure script. Other versions *work*, but we need to stick to +# the ones that can be detected to avoid a repeat of bug #564824. +COMMON_DEPEND=" + >=app-eselect/eselect-php-0.9.1[apache2?,fpm?] + >=dev-libs/libpcre2-10.30[jit?,unicode] + fpm? ( acl? ( sys-apps/acl ) ) + apache2? ( www-servers/apache[apache2_modules_unixd(+),threads=] ) + argon2? ( app-crypt/argon2:= ) + berkdb? ( || ( sys-libs/db:5.3 sys-libs/db:4.8 ) ) + bzip2? ( app-arch/bzip2:0= ) + cdb? ( || ( dev-db/cdb dev-db/tinycdb ) ) + coverage? ( dev-util/lcov ) + curl? ( >=net-misc/curl-7.10.5 ) + enchant? ( <app-text/enchant-2.0:0 ) + ffi? ( >=dev-libs/libffi-3.0.11:= ) + firebird? ( dev-db/firebird ) + gd? ( media-libs/libjpeg-turbo:0= media-libs/libpng:0= ) + gdbm? ( >=sys-libs/gdbm-1.8.0:0= ) + gmp? ( dev-libs/gmp:0= ) + iconv? ( virtual/libiconv ) + imap? ( net-libs/c-client[kerberos=,ssl=] ) + intl? ( dev-libs/icu:= ) + kerberos? ( virtual/krb5 ) + ldap? ( >=net-nds/openldap-1.2.11:= ) + ldap-sasl? ( dev-libs/cyrus-sasl ) + libedit? ( dev-libs/libedit ) + lmdb? ( dev-db/lmdb:= ) + mssql? ( dev-db/freetds[mssql] ) + nls? ( sys-devel/gettext ) + oci8-instant-client? ( dev-db/oracle-instantclient[sdk] ) + odbc? ( iodbc? ( dev-db/libiodbc ) !iodbc? ( >=dev-db/unixODBC-1.8.13 ) ) + postgres? ( dev-db/postgresql:* ) + qdbm? ( dev-db/qdbm ) + readline? ( sys-libs/readline:0= ) + session-mm? ( dev-libs/mm ) + snmp? ( >=net-analyzer/net-snmp-5.2 ) + sodium? ( dev-libs/libsodium:=[-minimal] ) + spell? ( >=app-text/aspell-0.50 ) + sqlite? ( >=dev-db/sqlite-3.7.6.3 ) + ssl? ( >=dev-libs/openssl-1.0.1:0= <dev-libs/openssl-3.0 ) + tidy? ( app-text/htmltidy ) + tokyocabinet? ( dev-db/tokyocabinet ) + truetype? ( =media-libs/freetype-2* ) + unicode? ( dev-libs/oniguruma:= ) + webp? ( media-libs/libwebp:0= ) + xml? ( >=dev-libs/libxml2-2.7.6 ) + xpm? ( x11-libs/libXpm ) + xslt? ( dev-libs/libxslt ) + zip? ( >=dev-libs/libzip-1.2.0:= ) + zlib? ( >=sys-libs/zlib-1.2.0.4:0= ) +" + +RDEPEND="${COMMON_DEPEND} + virtual/mta + fpm? ( + selinux? ( sec-policy/selinux-phpfpm ) + systemd? ( sys-apps/systemd ) )" + +# Bison isn't actually needed when building from a release tarball +# However, the configure script will warn if it's absent or if you +# have an incompatible version installed. See bug 593278. +DEPEND="${COMMON_DEPEND} + app-arch/xz-utils + >=sys-devel/bison-3.0.1" + +BDEPEND="virtual/pkgconfig" + +PHP_MV="$(ver_cut 1)" + +PATCHES=( + "${FILESDIR}"/php-iodbc-header-location.patch + "${FILESDIR}"/bug81656-gcc-11.patch + "${FILESDIR}"/php-7.4.33-CVE-2022-31631.patch + "${FILESDIR}"/php-7.4.33-CVE-2023-0567.patch + "${FILESDIR}"/php-7.4.33-CVE-2023-0568.patch + "${FILESDIR}"/php-7.4.33-CVE-2023-0662.patch +) + +php_install_ini() { + local phpsapi="${1}" + + # work out where we are installing the ini file + php_set_ini_dir "${phpsapi}" + + # Always install the production INI file, bug 611214. + local phpinisrc="php.ini-production-${phpsapi}" + cp php.ini-production "${phpinisrc}" || die + + # default to /tmp for save_path, bug #282768 + sed -e 's|^;session.save_path .*$|session.save_path = "'"${EPREFIX}"'/tmp"|g' -i "${phpinisrc}" || die + + # Set the extension dir + sed -e "s|^extension_dir .*$|extension_dir = ${extension_dir}|g" \ + -i "${phpinisrc}" || die + + # Set the include path to point to where we want to find PEAR packages + sed -e 's|^;include_path = ".:/php/includes".*|include_path = ".:'"${EPREFIX}"'/usr/share/php'${PHP_MV}':'"${EPREFIX}"'/usr/share/php"|' -i "${phpinisrc}" || die + + insinto "${PHP_INI_DIR#${EPREFIX}}" + newins "${phpinisrc}" php.ini + + elog "Installing php.ini for ${phpsapi} into ${PHP_INI_DIR#${EPREFIX}}" + elog + + dodir "${PHP_EXT_INI_DIR#${EPREFIX}}" + dodir "${PHP_EXT_INI_DIR_ACTIVE#${EPREFIX}}" + + if use opcache; then + elog "Adding opcache to $PHP_EXT_INI_DIR" + echo "zend_extension=${PHP_DESTDIR}/$(get_libdir)/opcache.so" >> \ + "${D}/${PHP_EXT_INI_DIR}"/opcache.ini + dosym "../ext/opcache.ini" \ + "${PHP_EXT_INI_DIR_ACTIVE#${EPREFIX}}/opcache.ini" + fi + + # SAPI-specific handling + if [[ "${sapi}" == "fpm" ]] ; then + einfo "Installing FPM config files php-fpm.conf and www.conf" + insinto "${PHP_INI_DIR#${EPREFIX}}" + doins sapi/fpm/php-fpm.conf + insinto "${PHP_INI_DIR#${EPREFIX}}/fpm.d" + doins sapi/fpm/www.conf + fi + + dodoc php.ini-{development,production} +} + +php_set_ini_dir() { + PHP_INI_DIR="${EPREFIX}/etc/php/${1}-php${SLOT}" + PHP_EXT_INI_DIR="${PHP_INI_DIR}/ext" + PHP_EXT_INI_DIR_ACTIVE="${PHP_INI_DIR}/ext-active" +} + +src_prepare() { + default + + # In php-7.x, the FPM pool configuration files have been split off + # of the main config. By default the pool config files go in + # e.g. /etc/php-fpm.d, which isn't slotted. So here we move the + # include directory to a subdirectory "fpm.d" of $PHP_INI_DIR. Later + # we'll install the pool configuration file "www.conf" there. + php_set_ini_dir fpm + sed -i "s~^include=.*$~include=${PHP_INI_DIR}/fpm.d/*.conf~" \ + sapi/fpm/php-fpm.conf.in \ + || die 'failed to move the include directory in php-fpm.conf' + + # Emulate buildconf to support cross-compilation + rm -fr aclocal.m4 autom4te.cache config.cache \ + configure main/php_config.h.in || die + eautoconf --force + eautoheader +} + +src_configure() { + filter-lto # bug 855644 + + addpredict /usr/share/snmp/mibs/.index #nowarn + addpredict /var/lib/net-snmp/mib_indexes #nowarn + + PHP_DESTDIR="${EPREFIX}/usr/$(get_libdir)/php${SLOT}" + + # The php-fpm config file wants localstatedir to be ${EPREFIX}/var + # and not the Gentoo default ${EPREFIX}/var/lib. See bug 572002. + local our_conf=( + --prefix="${PHP_DESTDIR}" + --mandir="${PHP_DESTDIR}/man" + --infodir="${PHP_DESTDIR}/info" + --libdir="${PHP_DESTDIR}/lib" + --with-libdir="$(get_libdir)" + --localstatedir="${EPREFIX}/var" + --without-pear + --without-valgrind + $(use_enable threads maintainer-zts) + ) + + our_conf+=( + $(use_with argon2 password-argon2 "${EPREFIX}/usr") + $(use_enable bcmath) + $(use_with bzip2 bz2 "${EPREFIX}/usr") + $(use_enable calendar) + $(use_enable coverage gcov) + $(use_enable ctype) + $(use_with curl) + $(use_enable xml dom) + $(use_with enchant) + $(use_enable exif) + $(use_with ffi) + $(use_enable fileinfo) + $(use_enable filter) + $(use_enable ftp) + $(use_with nls gettext "${EPREFIX}/usr") + $(use_with gmp gmp "${EPREFIX}/usr") + $(use_with mhash mhash "${EPREFIX}/usr") + $(use_with iconv iconv \ + $(use elibc_glibc || use elibc_musl || echo "${EPREFIX}/usr")) + $(use_enable intl) + $(use_enable ipv6) + $(use_enable json) + $(use_with kerberos) + $(use_with xml libxml) + $(use_enable unicode mbstring) + $(use_with ssl openssl) + $(use_enable pcntl) + $(use_enable phar) + $(use_enable pdo) + $(use_enable opcache) + $(use_with postgres pgsql "${EPREFIX}/usr") + $(use_enable posix) + $(use_with spell pspell "${EPREFIX}/usr") + $(use_enable simplexml) + $(use_enable sharedmem shmop) + $(use_with snmp snmp "${EPREFIX}/usr") + $(use_enable soap) + $(use_enable sockets) + $(use_with sodium) + $(use_with sqlite sqlite3) + $(use_enable sysvipc sysvmsg) + $(use_enable sysvipc sysvsem) + $(use_enable sysvipc sysvshm) + $(use_with tidy tidy "${EPREFIX}/usr") + $(use_enable tokenizer) + $(use_enable xml) + $(use_enable xmlreader) + $(use_enable xmlwriter) + $(use_with xmlrpc) + $(use_with xslt xsl) + $(use_with zip) + $(use_with zlib zlib "${EPREFIX}/usr") + $(use_enable debug) + ) + + # DBA support + if use cdb || use berkdb || use flatfile || use gdbm || use inifile \ + || use qdbm || use lmdb || use tokyocabinet ; then + our_conf+=( "--enable-dba" ) + fi + + # DBA drivers support + our_conf+=( + $(use_with cdb) + $(use_with berkdb db4 "${EPREFIX}/usr") + $(use_enable flatfile) + $(use_with gdbm gdbm "${EPREFIX}/usr") + $(use_enable inifile) + $(use_with qdbm qdbm "${EPREFIX}/usr") + $(use_with tokyocabinet tcadb "${EPREFIX}/usr") + $(use_with lmdb lmdb "${EPREFIX}/usr") + ) + + # Support for the GD graphics library + our_conf+=( + $(use_with truetype freetype) + $(use_enable cjk gd-jis-conv) + $(use_with gd jpeg) + $(use_with xpm) + $(use_with webp) + ) + # enable gd last, so configure can pick up the previous settings + our_conf+=( $(use_enable gd) ) + + # IMAP support + if use imap ; then + our_conf+=( + $(use_with imap imap "${EPREFIX}/usr") + $(use_with ssl imap-ssl "${EPREFIX}/usr") + ) + fi + + # LDAP support + if use ldap ; then + our_conf+=( + $(use_with ldap ldap "${EPREFIX}/usr") + $(use_with ldap-sasl) + ) + fi + + # MySQL support + local mysqllib="mysqlnd" + local mysqlilib="mysqlnd" + + our_conf+=( $(use_with mysqli mysqli "${mysqlilib}") ) + + local mysqlsock="${EPREFIX}/var/run/mysqld/mysqld.sock" + if use mysql || use mysqli ; then + our_conf+=( $(use_with mysql mysql-sock "${mysqlsock}") ) + fi + + # ODBC support + if use odbc && use iodbc ; then + our_conf+=( + --without-unixODBC + --with-iodbc + $(use_with pdo pdo-odbc "iODBC,${EPREFIX}/usr") + ) + elif use odbc ; then + our_conf+=( + --with-unixODBC="${EPREFIX}/usr" + --without-iodbc + $(use_with pdo pdo-odbc "unixODBC,${EPREFIX}/usr") + ) + else + our_conf+=( + --without-unixODBC + --without-iodbc + --without-pdo-odbc + ) + fi + + # Oracle support + our_conf+=( $(use_with oci8-instant-client oci8) ) + + # PDO support + if use pdo ; then + our_conf+=( + $(use_with mssql pdo-dblib "${EPREFIX}/usr") + $(use_with mysql pdo-mysql "${mysqllib}") + $(use_with postgres pdo-pgsql) + $(use_with sqlite pdo-sqlite) + $(use_with firebird pdo-firebird "${EPREFIX}/usr") + $(use_with oci8-instant-client pdo-oci) + ) + fi + + # readline/libedit support + our_conf+=( + $(use_with readline readline "${EPREFIX}/usr") + $(use_with libedit) + ) + + # Session support + if use session ; then + our_conf+=( $(use_with session-mm mm "${EPREFIX}/usr") ) + else + our_conf+=( $(use_enable session) ) + fi + + # Use pic for shared modules such as apache2's mod_php + our_conf+=( --with-pic ) + + # we use the system copy of pcre + # --with-external-pcre affects ext/pcre + our_conf+=( + --with-external-pcre + $(use_with jit pcre-jit) + ) + + # Catch CFLAGS problems + # Fixes bug #14067. + # Changed order to run it in reverse for bug #32022 and #12021. + replace-cpu-flags "k6*" "i586" + + # Cache the ./configure test results between SAPIs. + our_conf+=( --cache-file="${T}/config.cache" ) + + # Support user-passed configuration parameters + our_conf+=( ${EXTRA_ECONF:-} ) + + # Support the Apache2 extras, they must be set globally for all + # SAPIs to work correctly, especially for external PHP extensions + + local one_sapi + local sapi + mkdir -p "${WORKDIR}/sapis-build" || die + for one_sapi in $SAPIS ; do + use "${one_sapi}" || continue + php_set_ini_dir "${one_sapi}" + + # The BUILD_DIR variable is used to determine where to output + # the files that autotools creates. This was all originally + # based on the autotools-utils eclass. + BUILD_DIR="${WORKDIR}/sapis-build/${one_sapi}" + cp -a "${S}" "${BUILD_DIR}" || die + cd "${BUILD_DIR}" || die + + local sapi_conf=( + --with-config-file-path="${PHP_INI_DIR}" + --with-config-file-scan-dir="${PHP_EXT_INI_DIR_ACTIVE}" + ) + + for sapi in $SAPIS ; do + case "$sapi" in + cli|cgi|embed|fpm|phpdbg) + if [[ "${one_sapi}" == "${sapi}" ]] ; then + sapi_conf+=( "--enable-${sapi}" ) + if [[ "fpm" == "${sapi}" ]] ; then + sapi_conf+=( + $(use_with acl fpm-acl) + $(use_with systemd fpm-systemd) + ) + fi + else + sapi_conf+=( "--disable-${sapi}" ) + fi + ;; + + apache2) + if [[ "${one_sapi}" == "${sapi}" ]] ; then + sapi_conf+=( --with-apxs2="${EPREFIX}/usr/bin/apxs" ) + else + sapi_conf+=( --without-apxs2 ) + fi + ;; + esac + done + + # Construct the $myeconfargs array by concatenating $our_conf + # (the common args) and $sapi_conf (the SAPI-specific args). + local myeconfargs=( "${our_conf[@]}" ) + myeconfargs+=( "${sapi_conf[@]}" ) + + pushd "${BUILD_DIR}" > /dev/null || die + econf "${myeconfargs[@]}" + popd > /dev/null || die + done +} + +src_compile() { + # snmp seems to run during src_compile, too (bug #324739) + addpredict /usr/share/snmp/mibs/.index #nowarn + addpredict /var/lib/net-snmp/mib_indexes #nowarn + + local sapi + for sapi in ${SAPIS} ; do + if use "${sapi}"; then + cd "${WORKDIR}/sapis-build/$sapi" || \ + die "Failed to change dir to ${WORKDIR}/sapis-build/$1" + emake + fi + done +} + +src_install() { + # see bug #324739 for what happens when we don't have that + addpredict /usr/share/snmp/mibs/.index #nowarn + + # grab the first SAPI that got built and install common files from there + local first_sapi="", sapi="" + for sapi in $SAPIS ; do + if use $sapi ; then + first_sapi=$sapi + break + fi + done + + # Makefile forgets to create this before trying to write to it... + dodir "${PHP_DESTDIR#${EPREFIX}}/bin" + + # Install php environment (without any sapis) + cd "${WORKDIR}/sapis-build/$first_sapi" || die + emake INSTALL_ROOT="${D}" \ + install-build install-headers install-programs + + local extension_dir="$("${ED}/${PHP_DESTDIR#${EPREFIX}}/bin/php-config" --extension-dir)" + + # Create the directory where we'll put version-specific php scripts + keepdir "/usr/share/php${PHP_MV}" + + local file="" + local sapi_list="" + + for sapi in ${SAPIS}; do + if use "${sapi}" ; then + einfo "Installing SAPI: ${sapi}" + cd "${WORKDIR}/sapis-build/${sapi}" || die + + if [[ "${sapi}" == "apache2" ]] ; then + # We're specifically not using emake install-sapi as libtool + # may cause unnecessary relink failures (see bug #351266) + insinto "${PHP_DESTDIR#${EPREFIX}}/apache2/" + newins ".libs/libphp${PHP_MV}$(get_libname)" \ + "libphp${PHP_MV}$(get_libname)" + keepdir "/usr/$(get_libdir)/apache2/modules" + else + # needed each time, php_install_ini would reset it + local dest="${PHP_DESTDIR#${EPREFIX}}" + into "${dest}" + case "$sapi" in + cli) + source="sapi/cli/php" + # Install the "phar" archive utility. + if use phar ; then + emake INSTALL_ROOT="${D}" install-pharcmd + dosym "..${dest#/usr}/bin/phar" "/usr/bin/phar${SLOT}" + fi + ;; + cgi) + source="sapi/cgi/php-cgi" + ;; + fpm) + source="sapi/fpm/php-fpm" + ;; + embed) + source="libs/libphp${PHP_MV}$(get_libname)" + ;; + phpdbg) + source="sapi/phpdbg/phpdbg" + ;; + *) + die "unhandled sapi in src_install" + ;; + esac + + if [[ "${source}" == *"$(get_libname)" ]]; then + dolib.so "${source}" + else + dobin "${source}" + local name="$(basename ${source})" + dosym "..${dest#/usr}/bin/${name}" "/usr/bin/${name}${SLOT}" + fi + fi + + php_install_ini "${sapi}" + + # construct correct SAPI string for php-config + # thanks to ferringb for the bash voodoo + if [[ "${sapi}" == "apache2" ]]; then + sapi_list="${sapi_list:+${sapi_list} }apache2handler" + else + sapi_list="${sapi_list:+${sapi_list} }${sapi}" + fi + fi + done + + # Installing opcache module + if use opcache ; then + into "${PHP_DESTDIR#${EPREFIX}}" + dolib.so "modules/opcache$(get_libname)" + fi + + # Install env.d files + newenvd "${FILESDIR}/20php5-envd" "20php${SLOT}" + sed -e "s|/lib/|/$(get_libdir)/|g" -i "${ED}/etc/env.d/20php${SLOT}" || die + sed -e "s|php5|php${SLOT}|g" -i "${ED}/etc/env.d/20php${SLOT}" || die + + # set php-config variable correctly (bug #278439) + sed -e "s:^\(php_sapis=\)\".*\"$:\1\"${sapi_list}\":" -i \ + "${ED}/usr/$(get_libdir)/php${SLOT}/bin/php-config" || die + + if use fpm ; then + if use systemd; then + systemd_newunit "${FILESDIR}/php-fpm_at.service" \ + "php-fpm@${SLOT}.service" + else + systemd_newunit "${FILESDIR}/php-fpm_at-simple.service" \ + "php-fpm@${SLOT}.service" + fi + fi +} + +src_test() { + echo ">>> Test phase [test]: ${CATEGORY}/${PF}" + PHP_BIN="${WORKDIR}/sapis-build/cli/sapi/cli/php" + if [[ ! -x "${PHP_BIN}" ]] ; then + ewarn "Test phase requires USE=cli, skipping" + return + else + export TEST_PHP_EXECUTABLE="${PHP_BIN}" + fi + + if [[ -x "${WORKDIR}/sapis-build/cgi/sapi/cgi/php-cgi" ]] ; then + export TEST_PHP_CGI_EXECUTABLE="${WORKDIR}/sapis-build/cgi/sapi/cgi/php-cgi" + fi + + if [[ -x "${WORKDIR}/sapis-build/phpdbg/sapi/phpdbg/phpdbg" ]] ; then + export TEST_PHPDBG_EXECUTABLE="${WORKDIR}/sapis-build/phpdbg/sapi/phpdbg/phpdbg" + fi + + REPORT_EXIT_STATUS=1 "${TEST_PHP_EXECUTABLE}" -n -d \ + "session.save_path=${T}" \ + "${WORKDIR}/sapis-build/cli/run-tests.php" -n -q -d \ + "session.save_path=${T}" + + for name in ${EXPECTED_TEST_FAILURES}; do + mv "${name}.out" "${name}.out.orig" 2>/dev/null || die + done + + local failed="$(find -name '*.out')" + if [[ ${failed} != "" ]] ; then + ewarn "The following test cases failed unexpectedly:" + for name in ${failed}; do + ewarn " ${name/.out/}" + done + else + einfo "No unexpected test failures, all fine" + fi + + if [[ ${PHP_SHOW_UNEXPECTED_TEST_PASS} == "1" ]] ; then + local passed="" + for name in ${EXPECTED_TEST_FAILURES}; do + [[ -f "${name}.diff" ]] && continue + passed="${passed} ${name}" + done + if [[ ${passed} != "" ]] ; then + einfo "The following test cases passed unexpectedly:" + for name in ${passed}; do + ewarn " ${passed}" + done + else + einfo "None of the known-to-fail tests passed, all fine" + fi + fi +} + +pkg_postinst() { + # Output some general info to the user + if use apache2 ; then + elog + elog "To enable PHP in apache, you will need to add \"-D PHP\" to" + elog "your apache2 command. OpenRC users can append that string to" + elog "APACHE2_OPTS in /etc/conf.d/apache2." + elog + elog "The apache module configuration file 70_mod_php.conf is" + elog "provided (and maintained) by eselect-php." + elog + fi + + # Create the symlinks for php + local m + for m in ${SAPIS}; do + [[ ${m} == 'embed' ]] && continue; + if use $m ; then + local ci=$(eselect php show $m) + if [[ -z $ci ]]; then + eselect php set $m php${SLOT} || die + einfo "Switched ${m} to use php:${SLOT}" + einfo + elif [[ $ci != "php${SLOT}" ]] ; then + elog "To switch $m to use php:${SLOT}, run" + elog " eselect php set $m php${SLOT}" + elog + fi + fi + done + + # Remove dead symlinks for SAPIs that were just disabled. For + # example, if the user has the cgi SAPI enabled, then he has an + # eselect-php symlink for it. If he later reinstalls PHP with + # USE="-cgi", that symlink will break. This call to eselect is + # supposed to remove that dead link per bug 572436. + eselect php cleanup || die + + if ! has "php${SLOT/./-}" ${PHP_TARGETS}; then + elog "To build extensions for this version of PHP, you will need to" + elog "add php${SLOT/./-} to your PHP_TARGETS USE_EXPAND variable." + elog + fi + + # Warn about the removal of PHP_INI_VERSION if the user has it set. + if [[ -n "${PHP_INI_VERSION}" ]]; then + ewarn 'The PHP_INI_VERSION variable has been phased out. You may' + ewarn 'remove it from your configuration at your convenience. See' + ewarn + ewarn ' https://bugs.gentoo.org/611214' + ewarn + ewarn 'for more information.' + fi + + elog "For details on how version slotting works, please see" + elog "the wiki:" + elog + elog " https://wiki.gentoo.org/wiki/PHP" + elog +} + +pkg_postrm() { + # This serves two purposes. First, if we have just removed the last + # installed version of PHP, then this will remove any dead symlinks + # belonging to eselect-php. Second, if a user upgrades slots from + # (say) 5.6 to 7.0 and depcleans the old slot, then this will update + # his existing symlinks to point to the new 7.0 installation. The + # latter is bug 432962. + # + # Note: the eselect-php package may not be installed at this point, + # so we can't die() if this command fails. + eselect php cleanup +} |