Re: git: 28374e2250ce - main - lang/php83: Add non-default NOASLR option

Reply: Mathieu Arnold : "Re: git: 28374e2250ce - main - lang/php83: Add non-default NOASLR option"
In reply to: Mathieu Arnold : "Re: git: 28374e2250ce - main - lang/php83: Add non-default NOASLR option"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Moin Rahman <bofh_at_freebsd.org>
Date: Sat, 07 Oct 2023 11:55:13 UTC


> On Oct 7, 2023, at 1:51 PM, Mathieu Arnold <mat@FreeBSD.org> wrote:
> 
> On Sat, Oct 07, 2023 at 11:01:11AM +0000, Muhammad Moinur Rahman wrote:
>> The branch main has been updated by bofh:
>> 
>> URL: https://cgit.FreeBSD.org/ports/commit/?id=28374e2250ce52ea7f88bef2e62c6e56181f573b
>> 
>> commit 28374e2250ce52ea7f88bef2e62c6e56181f573b
>> Author:     Muhammad Moinur Rahman <bofh@FreeBSD.org>
>> AuthorDate: 2023-10-07 10:56:44 +0000
>> Commit:     Muhammad Moinur Rahman <bofh@FreeBSD.org>
>> CommitDate: 2023-10-07 11:00:34 +0000
>> 
>>    lang/php83: Add non-default NOASLR option
> 
> So this should be an ASLR option that is on by default.
I thought about it but I will not do it in that way during the lifetime of 12 as it will create confusion.

As there was no ASLR in 12.

>>    In certain corner cases php-fpm is creating zombie processes specially
>>    from 13.2-RELEASE onwards. The exact reason has not been pin-pointed but
>>    it looks like disabling ASLR solves the problem. So add a non-default
>>    option NOASLR to allow the user build without ASLR.
>> 
>>    This patch will not go into lang/php80 but will go in lang/php81 and
>>    lang/php82 after some more extensive tests.
>> 
>>    PR:             274135
>>    Reported by:    ports@thelanman.net
>> ---
>> lang/php83/Makefile | 26 +++++++++++++++++++++-----
>> 1 file changed, 21 insertions(+), 5 deletions(-)
>> 
>> diff --git a/lang/php83/Makefile b/lang/php83/Makefile
>> index 90ca4ef3b915..bf150d592329 100644
>> --- a/lang/php83/Makefile
>> +++ b/lang/php83/Makefile
>> @@ -31,17 +31,15 @@ CONFIGURE_ARGS+= --disable-all \
>> --with-password-argon2=${LOCALBASE}
>> DESTDIRNAME= INSTALL_ROOT
>> 
>> -USES+= autoreconf:build ssl
>> +USES+= autoreconf:build localbase ssl
>> USE_GNOME= libxml2
>> 
>> -CPPFLAGS= -I${LOCALBASE}/include
>> -
>> -LDFLAGS= -L${OPENSSLLIB} -lcrypto -lssl
>> +LDFLAGS+= -L${OPENSSLLIB} -lcrypto -lssl
>> # PR230207 Allow relocations against read-only segments (override lld default)
>> LDFLAGS_i386= -Wl,-z,notext
>> 
>> OPTIONS_DEFINE+= CGI CLI DEBUG DTRACE EMBED FPM IPV6 LINKTHR \
>> - MYSQLND PHPDBG ZTS
>> + MYSQLND NOASLR PHPDBG ZTS
>> OPTIONS_DEFAULT= CGI CLI DTRACE EMBED FPM LINKTHR MYSQLND
>> OPTIONS_EXCLUDE_DragonFly= DTRACE
>> # ld(1) fails to link probes: Relocations in generic ELF (EM: 0)
>> @@ -83,6 +81,7 @@ FPM_VARS= PHP_SAPI+=fpm \
>> USE_RC_SUBR+=php-fpm
>> IPV6_CONFIGURE_OFF= --disable-ipv6
>> LINKTHR_LIBS= -lpthread
>> +NOASLR_USES= elfctl
>> MYSQLND_CONFIGURE_ON= --enable-mysqlnd
>> PHPDBG_CONFIGURE_ON= --enable-phpdbg
>> PHPDBG_VARS= PHP_SAPI+=phpdbg
>> @@ -98,6 +97,23 @@ SHORTMODNAME= php
>> WARNING= "!!! If you have a threaded Apache, you must build ${PHP_PORT} with ZTS support to enable thread-safety in extensions !!!"
>> .endif
>> 
>> +.include <bsd.port.options.mk>
>> +
>> +.if ${PORT_OPTIONS:NOASLR}
>> +.if ${PORT_OPTIONS:MCLI}
>> +ELF_FEATURES+=+noaslr:sapi/cli/php
>> +.endif
>> +.if ${PORT_OPTIONS:MCGI}
>> +ELF_FEATURES+=+noaslr:sapi/cgi/php-cgi
>> +.endif
>> +.if ${PORT_OPTIONS:MPHPDBG}
>> +ELF_FEATURES+=+noaslr:sapi/phpdbg/phpdbg
>> +.endif
>> +.if ${PORT_OPTIONS:MFPM}
>> +ELF_FEATURES+=+noaslr:sapi/fpm/php-fpm
>> +.endif
>> +.endif
>> +
>> .include <bsd.port.pre.mk>
>> 
>> .if ${ARCH} == riscv64
>> 
> 
> --
> Mathieu Arnold