Merge remote-tracking branch 'origin/PHP-5.6' into str_size_and_int64_56_backport

weltling · weltling · commit ba19cc7b451b · 2014-04-29T23:49:56.000+02:00
* origin/PHP-5.6:
  Added further notice about removal of IS_CONSTANT_INDEX/ARRAY macros
  Fix bug #67060: use default mode of 660
diff --git a/NEWS b/NEWS
@@ -45,6 +45,8 @@ PHP                                                                        NEWS
   . Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf).
   . Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor).
     (Julio Pintos)
+  . Fixed bug #67060 (sapi/fpm: possible privilege escalation due to insecure
+    default configuration) (CVE-2014-0185). (Stas)
 
 - GMP:
   . Fixed crashes in serialize/unserialize. (Stas)
diff --git a/UPGRADING.INTERNALS b/UPGRADING.INTERNALS
@@ -14,6 +14,7 @@ UPGRADE NOTES - PHP X.Y
   i. Addition of zend_hash_splice
   j. An additional parameter is sent to Countable::count()
   k. Unserialization of manipulated object strings
+  l. Removal of IS_CONSTANT_ARRAY and IS_CONSTANT_INDEX hack
 
 2. Build system changes
   a. Unix build system changes
@@ -206,6 +207,15 @@ UPGRADE NOTES - PHP X.Y
   fixed at the appropriate place by checking for the presence of the
   serialize callback in the class entry.
 
+  l. Removal of IS_CONSTANT_ARRAY and IS_CONSTANT_INDEX hack
+
+  These two #defines disappeared. Instead we have now IS_CONSTANT_AST which
+  covers also the functionality IS_CONSTANT_ARRAY bid and furthermore the
+  hack for marking zvals as constant index with IS_CONSTANT_INDEX is now
+  superfluous and so removed.
+  Please note that IS_CONSTANT_AST now has the same value than
+  IS_CONSTANT_ARRAY had.
+
 ========================
 2. Build system changes
 ========================
diff --git a/sapi/fpm/fpm/fpm_unix.c b/sapi/fpm/fpm/fpm_unix.c
@@ -39,7 +39,7 @@ int fpm_unix_resolve_socket_premissions(struct fpm_worker_pool_s *wp) /* {{{ */
 	/* uninitialized */
 	wp->socket_uid = -1;
 	wp->socket_gid = -1;
-	wp->socket_mode = 0666;
+	wp->socket_mode = 0660;
 
 	if (!c) {
 		return 0;
diff --git a/sapi/fpm/php-fpm.conf.in b/sapi/fpm/php-fpm.conf.in
@@ -166,10 +166,10 @@ listen = 127.0.0.1:9000
 ; permissions must be set in order to allow connections from a web server. Many
 ; BSD-derived systems allow connections regardless of permissions. 
 ; Default Values: user and group are set as the running user
-;                 mode is set to 0666
+;                 mode is set to 0660
 ;listen.owner = @php_fpm_user@
 ;listen.group = @php_fpm_group@
-;listen.mode = 0666
+;listen.mode = 0660
  
 ; List of ipv4 addresses of FastCGI clients which are allowed to connect.
 ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
