From nobody Sat Oct 07 11:55:13 2023 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4S2kJH6pYrz4wrQX; Sat, 7 Oct 2023 11:55:27 +0000 (UTC) (envelope-from bofh@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4S2kJH6NTFz3g2s; Sat, 7 Oct 2023 11:55:27 +0000 (UTC) (envelope-from bofh@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1696679727; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=KRnWMYkjskP0PHWzQgiKh70tBMnH8w7pVAJQUdu4k3U=; b=lQh/ijNjxCM3VfqQvGPT7+tkHI0Wlg/U+3RGZ697bykaF8k1qQ+5CD+5IB5ZHaeu0mZ750 MHDvwZlxE2du2M4GHupNLWfO8Z00OuGUP577NObhXG7baa0utBwc+vlllbmlrvJcc0MXyk TWTNLHD+Hc5PUKEcDBWmMD4K600f6+OAcTndexZPUUUUIOZQvobM1nUB0gyEKNXuh4H2BX rZrnLPrQaR3QXv0Q2YnldHToiL81UsjXRIbclaMTT4Rin6wdmfNRhb+HSnRIq9snAOa4b7 VnTdSgojSfr8OdiLpMTE0n1jUJROZUUulZzUfXhQRtDMIrMyPNHmSVgtOD3aFw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1696679727; a=rsa-sha256; cv=none; b=toyrWvJfUFbPtuIrbXC3D/L6Ik2zJ4WUAvYrx842KdphCCqjF8nEEDCZ7DIV600SFZlcnh KtpGUB7MkvAAcfMLZQMT0xPr5AZE6iBk60NjEKWzTRwQka6p3nxOcEIGWS2/tGe3Gr1+jk ehHqHgMRbnL9EwL8gcr8GuugejvPJzWAu/tb9GtJw8B1gCsNni1MT7QV52mAkDrtgn2t+n EUFYuVreCvsDPXpJ1/0kJj4An4hieMZ0GcT16AtKvAyHW4MJFlQYdtOVjR7zRb2hDVn05H kpEm3zBXD1noHK36Pjop6/A6EIoVw2hI+eewc879uxowzYg4PJ1IZo0hLSS1nw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1696679727; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=KRnWMYkjskP0PHWzQgiKh70tBMnH8w7pVAJQUdu4k3U=; b=qY0/KVdDz4ViKmWj1M+Q14u9ZjFOFcPOMYB9J/eVOR2YIpgyoNVCjCAkHav/5auDv1+ARI EdOzvOT3x6/uBcrFLEfgWjWJaIOYjgwd9ej7uD/6orUZjRb5db/xpSFQ0Z4youW2ohTeZZ fa2Da5QK5C+5upzvJEhgaJzje5ZRhVoOp/qKmI1yypItZO5x2ORKZa+x1knLHVhvU8slNp ahvcWI2A5nwJwqTsIh280YGuvI6P19t5WoJPvgF+tO3uLWfx/aiveqIA7l6c8I/QDFc0vb Ot3QD1q50AQxA+CVAvLLRxLy/W6w5bH/Ay39gSP9ZlkUa+p1TXGnKXT5aOeoeA== Received: from mx.bofh.network (mx.bofh.network [IPv6:2a01:4f8:261:25de::227]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature ECDSA (P-256) client-digest SHA256) (Client CN "mx.bofh.network", Issuer "R3" (verified OK)) (Authenticated sender: bofh/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4S2kJH1gzBzkxN; Sat, 7 Oct 2023 11:55:27 +0000 (UTC) (envelope-from bofh@freebsd.org) Received: from smtpclient.apple ( [217.117.226.147]) by mx.bofh.network (OpenSMTPD) with ESMTPSA id 33c709ea (TLSv1.2:ECDHE-ECDSA-AES256-GCM-SHA384:256:NO); Sat, 7 Oct 2023 11:55:23 +0000 (UTC) Content-Type: multipart/signed; boundary="Apple-Mail=_2C2B3FBE-84BC-415F-A992-196FFB4DCCAF"; protocol="application/pgp-signature"; micalg=pgp-sha512 List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\)) Subject: Re: git: 28374e2250ce - main - lang/php83: Add non-default NOASLR option From: Moin Rahman In-Reply-To: Date: Sat, 7 Oct 2023 13:55:13 +0200 Cc: ports-committers , dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org Message-Id: References: <202310071101.397B1Beq050941@gitrepo.freebsd.org> To: Mathieu Arnold X-Mailer: Apple Mail (2.3731.700.6) --Apple-Mail=_2C2B3FBE-84BC-415F-A992-196FFB4DCCAF Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii > On Oct 7, 2023, at 1:51 PM, Mathieu Arnold wrote: >=20 > On Sat, Oct 07, 2023 at 11:01:11AM +0000, Muhammad Moinur Rahman = wrote: >> The branch main has been updated by bofh: >>=20 >> URL: = https://cgit.FreeBSD.org/ports/commit/?id=3D28374e2250ce52ea7f88bef2e62c6e= 56181f573b >>=20 >> commit 28374e2250ce52ea7f88bef2e62c6e56181f573b >> Author: Muhammad Moinur Rahman >> AuthorDate: 2023-10-07 10:56:44 +0000 >> Commit: Muhammad Moinur Rahman >> CommitDate: 2023-10-07 11:00:34 +0000 >>=20 >> lang/php83: Add non-default NOASLR option >=20 > So this should be an ASLR option that is on by default. I thought about it but I will not do it in that way during the lifetime = of 12 as it will create confusion. As there was no ASLR in 12. >> In certain corner cases php-fpm is creating zombie processes = specially >> from 13.2-RELEASE onwards. The exact reason has not been = pin-pointed but >> it looks like disabling ASLR solves the problem. So add a = non-default >> option NOASLR to allow the user build without ASLR. >>=20 >> This patch will not go into lang/php80 but will go in lang/php81 = and >> lang/php82 after some more extensive tests. >>=20 >> PR: 274135 >> Reported by: ports@thelanman.net >> --- >> lang/php83/Makefile | 26 +++++++++++++++++++++----- >> 1 file changed, 21 insertions(+), 5 deletions(-) >>=20 >> diff --git a/lang/php83/Makefile b/lang/php83/Makefile >> index 90ca4ef3b915..bf150d592329 100644 >> --- a/lang/php83/Makefile >> +++ b/lang/php83/Makefile >> @@ -31,17 +31,15 @@ CONFIGURE_ARGS+=3D --disable-all \ >> --with-password-argon2=3D${LOCALBASE} >> DESTDIRNAME=3D INSTALL_ROOT >>=20 >> -USES+=3D autoreconf:build ssl >> +USES+=3D autoreconf:build localbase ssl >> USE_GNOME=3D libxml2 >>=20 >> -CPPFLAGS=3D -I${LOCALBASE}/include >> - >> -LDFLAGS=3D -L${OPENSSLLIB} -lcrypto -lssl >> +LDFLAGS+=3D -L${OPENSSLLIB} -lcrypto -lssl >> # PR230207 Allow relocations against read-only segments (override lld = default) >> LDFLAGS_i386=3D -Wl,-z,notext >>=20 >> OPTIONS_DEFINE+=3D CGI CLI DEBUG DTRACE EMBED FPM IPV6 LINKTHR \ >> - MYSQLND PHPDBG ZTS >> + MYSQLND NOASLR PHPDBG ZTS >> OPTIONS_DEFAULT=3D CGI CLI DTRACE EMBED FPM LINKTHR MYSQLND >> OPTIONS_EXCLUDE_DragonFly=3D DTRACE >> # ld(1) fails to link probes: Relocations in generic ELF (EM: 0) >> @@ -83,6 +81,7 @@ FPM_VARS=3D PHP_SAPI+=3Dfpm \ >> USE_RC_SUBR+=3Dphp-fpm >> IPV6_CONFIGURE_OFF=3D --disable-ipv6 >> LINKTHR_LIBS=3D -lpthread >> +NOASLR_USES=3D elfctl >> MYSQLND_CONFIGURE_ON=3D --enable-mysqlnd >> PHPDBG_CONFIGURE_ON=3D --enable-phpdbg >> PHPDBG_VARS=3D PHP_SAPI+=3Dphpdbg >> @@ -98,6 +97,23 @@ SHORTMODNAME=3D php >> WARNING=3D "!!! If you have a threaded Apache, you must build = ${PHP_PORT} with ZTS support to enable thread-safety in extensions !!!" >> .endif >>=20 >> +.include >> + >> +.if ${PORT_OPTIONS:NOASLR} >> +.if ${PORT_OPTIONS:MCLI} >> +ELF_FEATURES+=3D+noaslr:sapi/cli/php >> +.endif >> +.if ${PORT_OPTIONS:MCGI} >> +ELF_FEATURES+=3D+noaslr:sapi/cgi/php-cgi >> +.endif >> +.if ${PORT_OPTIONS:MPHPDBG} >> +ELF_FEATURES+=3D+noaslr:sapi/phpdbg/phpdbg >> +.endif >> +.if ${PORT_OPTIONS:MFPM} >> +ELF_FEATURES+=3D+noaslr:sapi/fpm/php-fpm >> +.endif >> +.endif >> + >> .include >>=20 >> .if ${ARCH} =3D=3D riscv64 >>=20 >=20 > -- > Mathieu Arnold --Apple-Mail=_2C2B3FBE-84BC-415F-A992-196FFB4DCCAF Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEETfdREoUGjQZKBS+fvbm1phfAvJEFAmUhRyFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDRE Rjc1MTEyODUwNjhEMDY0QTA1MkY5RkJEQjlCNUE2MTdDMEJDOTEACgkQvbm1phfA vJG/uBAAlPNfaIEPB6AKr8ohFpIl8SyftwhF6MddpgrwGXutvciSL2yaoCs3zo4/ JXDr/ZtLrMKTtMpZjsmjgHmlFjBDLkjIw77xZQtuxG+/mmhUcvBNX6g6dfQ2uGnQ q/GDH1FrifWy+0U5zfzTfMiIRelVXUKUbyPDICF4dMzr90szRUK+ESg8R/gImGpN 8O01Y65rCCqLSPWBe0Z6BKiPHvITZwUYpJwLi08MlKmP99aeqdt+jtkMtukLoQpf 2nizIXjihhb5cIbPkDD202rX0zNQ34OKIzBYzu6DtaTF9quEXfzX+BHdZlR4fKIo 4TD+XanbpJIUuC9hKPGZtaAsatrT6lFdQFOfmStkamGhUWuhnTjT9bZkc7XXHEg2 qw+c7dOD4zhnIJn7BpS3AOz3aHVBSh4qvyqsmGaekcm6C4DqBVAFGzqm4I+ar9r6 Z13tX0DRxnI/JfAzDUC28M14FFZQfIEcTzMEnVeBvos2g2aMBJoJh7HjLerJdF9j FUj7MG08kZwtf+kFdoraN0nKcAdSYeAbjz+hn1R85Ngr2DIsRz1QfYyGx8q/7/v1 mB2wOt0nGsLYBQiJrbxwpMS32lHhcSAHQqgc1UK2BX378bjy6L36ed7jTTkMGDYo wsIVZzloD/L5Oojqcw8BOgs6jP/XO8qKi56Bb1xzUVkxgh+4oiQ= =UK2h -----END PGP SIGNATURE----- --Apple-Mail=_2C2B3FBE-84BC-415F-A992-196FFB4DCCAF--