Re: git: 28374e2250ce - main - lang/php83: Add non-default NOASLR option

Reply: Moin Rahman : "Re: git: 28374e2250ce - main - lang/php83: Add non-default NOASLR option"
In reply to: Muhammad Moinur Rahman : "git: 28374e2250ce - main - lang/php83: Add non-default NOASLR option"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Mathieu Arnold <mat_at_freebsd.org>
Date: Sat, 07 Oct 2023 11:51:26 UTC

On Sat, Oct 07, 2023 at 11:01:11AM +0000, Muhammad Moinur Rahman wrote:
> The branch main has been updated by bofh:
> 
> URL: https://cgit.FreeBSD.org/ports/commit/?id=28374e2250ce52ea7f88bef2e62c6e56181f573b
> 
> commit 28374e2250ce52ea7f88bef2e62c6e56181f573b
> Author:     Muhammad Moinur Rahman <bofh@FreeBSD.org>
> AuthorDate: 2023-10-07 10:56:44 +0000
> Commit:     Muhammad Moinur Rahman <bofh@FreeBSD.org>
> CommitDate: 2023-10-07 11:00:34 +0000
> 
>     lang/php83: Add non-default NOASLR option

So this should be an ASLR option that is on by default.

>     In certain corner cases php-fpm is creating zombie processes specially
>     from 13.2-RELEASE onwards. The exact reason has not been pin-pointed but
>     it looks like disabling ASLR solves the problem. So add a non-default
>     option NOASLR to allow the user build without ASLR.
>     
>     This patch will not go into lang/php80 but will go in lang/php81 and
>     lang/php82 after some more extensive tests.
>     
>     PR:             274135
>     Reported by:    ports@thelanman.net
> ---
>  lang/php83/Makefile | 26 +++++++++++++++++++++-----
>  1 file changed, 21 insertions(+), 5 deletions(-)
> 
> diff --git a/lang/php83/Makefile b/lang/php83/Makefile
> index 90ca4ef3b915..bf150d592329 100644
> --- a/lang/php83/Makefile
> +++ b/lang/php83/Makefile
> @@ -31,17 +31,15 @@ CONFIGURE_ARGS+=	--disable-all \
>  			--with-password-argon2=${LOCALBASE}
>  DESTDIRNAME=		INSTALL_ROOT
>  
> -USES+=		autoreconf:build ssl
> +USES+=		autoreconf:build localbase ssl
>  USE_GNOME=	libxml2
>  
> -CPPFLAGS=	-I${LOCALBASE}/include
> -
> -LDFLAGS=	-L${OPENSSLLIB} -lcrypto -lssl
> +LDFLAGS+=	-L${OPENSSLLIB} -lcrypto -lssl
>  # PR230207 Allow relocations against read-only segments (override lld default)
>  LDFLAGS_i386=	-Wl,-z,notext
>  
>  OPTIONS_DEFINE+=		CGI CLI DEBUG DTRACE EMBED FPM IPV6 LINKTHR \
> -				MYSQLND PHPDBG ZTS
> +				MYSQLND NOASLR PHPDBG ZTS
>  OPTIONS_DEFAULT=		CGI CLI DTRACE EMBED FPM LINKTHR MYSQLND
>  OPTIONS_EXCLUDE_DragonFly=	DTRACE
>  # ld(1) fails to link probes: Relocations in generic ELF (EM: 0)
> @@ -83,6 +81,7 @@ FPM_VARS=		PHP_SAPI+=fpm \
>  			USE_RC_SUBR+=php-fpm
>  IPV6_CONFIGURE_OFF=	--disable-ipv6
>  LINKTHR_LIBS=		-lpthread
> +NOASLR_USES=	elfctl
>  MYSQLND_CONFIGURE_ON=	--enable-mysqlnd
>  PHPDBG_CONFIGURE_ON=	--enable-phpdbg
>  PHPDBG_VARS=		PHP_SAPI+=phpdbg
> @@ -98,6 +97,23 @@ SHORTMODNAME=		php
>  WARNING=		"!!! If you have a threaded Apache, you must build ${PHP_PORT} with ZTS support to enable thread-safety in extensions !!!"
>  .endif
>  
> +.include <bsd.port.options.mk>
> +
> +.if ${PORT_OPTIONS:NOASLR}
> +.if ${PORT_OPTIONS:MCLI}
> +ELF_FEATURES+=+noaslr:sapi/cli/php
> +.endif
> +.if ${PORT_OPTIONS:MCGI}
> +ELF_FEATURES+=+noaslr:sapi/cgi/php-cgi
> +.endif
> +.if ${PORT_OPTIONS:MPHPDBG}
> +ELF_FEATURES+=+noaslr:sapi/phpdbg/phpdbg
> +.endif
> +.if ${PORT_OPTIONS:MFPM}
> +ELF_FEATURES+=+noaslr:sapi/fpm/php-fpm
> +.endif
> +.endif
> +
>  .include <bsd.port.pre.mk>
>  
>  .if ${ARCH} == riscv64
> 

-- 
Mathieu Arnold