june updates

[N6REJ]

PR Type

Enhancement, Documentation, Other

---

Description

• Added comprehensive PHP configuration files for production and development environments with detailed settings and comments.
• Added OpenSSL configuration file for generating certificate requests with detailed settings.
• Added batch script for executing Phar commands.
• Updated build release script with new properties and formatting.
• Added README file for PHP interpreter with installation and contribution guidelines.
• Added snapshot file detailing the PHP build version and included extensions.
• Updated URLs for Composer and LessMSI in build properties.
• Added URLs for new binaries in build release properties.
• Added a list of third-party libraries and licensing information used in the PHP build.
• Deleted tools/7zip/License.txt.

---

Changes walkthrough 📝

	Relevant files
Configuration changes	4 files php.ini-production Add PHP production configuration file with detailed settings. tools/php/php.ini-production Added a comprehensive PHP configuration file for production environments. Included settings for error handling, resource limits, and various PHP extensions. Documented default values and recommendations for production and development environments. Provided detailed comments and explanations for each configuration directive. +1961/-0 openssl.cnf Add OpenSSL configuration file with detailed settings.      tools/php/extras/ssl/openssl.cnf Added an OpenSSL configuration file for generating certificate requests. Included sections for new OIDs, CA defaults, and TSA settings. Provided detailed comments and examples for various OpenSSL settings. +390/-0  php.ini-development Add PHP development configuration file with detailed settings. tools/php/php.ini-development Added a comprehensive PHP configuration file for development environments. Included detailed comments and settings for various PHP directives. Provided default values for development and production environments. +1959/-0 build-release.properties Add URLs for new binaries in build release properties.      build/build-release.properties Added URLs for bin.xlight.url and bin.mailpit.url. +2/-0
Documentation	3 files readme-redist-bins.txt Add third-party libraries and licensing information.          tools/php/readme-redist-bins.txt Added a list of third-party libraries and components used in the PHP build. Included licensing information for each component. Documented the redistribution terms and conditions for each library. +680/-0  README.md Add README for PHP interpreter with installation and contribution guidelines. tools/php/README.md Added README file for PHP interpreter with installation and contribution guidelines. Included links to documentation, build instructions, and contribution guidelines. +140/-0  snapshot.txt Add snapshot file with PHP build version and extensions.  tools/php/snapshot.txt Added snapshot file detailing the PHP build version and included extensions. Listed dependency information for various PHP modules. +145/-0
Miscellaneous	1 files phar.phar.bat Add batch script for executing Phar commands.                        tools/php/phar.phar.bat Added a batch script to execute the pharcommand.phar using php.exe. +1/-0
Enhancement	1 files build-release.xml Update build release script with new properties and formatting. build/build-release.xml Indented XML elements for better readability. Added new properties for bin.xlight.version and bin.mailpit.version. +64/-58
Dependencies	1 files build-commons.properties Update URLs for Composer and LessMSI in build properties. build/build-commons.properties Updated URLs for Composer and LessMSI to newer versions. +2/-2

---

💡 PR-Agent usage:
Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

[qodo-merge-pro]

PR Reviewer Guide 🔍

⏱️ Estimated effort to review [1-5]	4
🧪 Relevant tests	No
🔒 Security concerns	No
⚡ Key issues to review	Possible Redundancy: The PR introduces multiple similar properties and checks for versions of tools and binaries (e.g., bin.xlight.version, bin.mailpit.version). It's important to ensure that these additions are necessary and not duplicating existing functionality.
	Configuration Consistency: The PR adds new properties and URLs in build-release.properties for additional modules like xlight and mailpit. Reviewers should verify that these new modules are integrated consistently with the existing build process and check if all necessary configurations are updated.
	Documentation Update: The addition of a new README file for PHP requires a review to ensure that it is accurate and aligns with the project's standards for documentation. This includes checking links, ensuring that the installation instructions are clear, and that any new features or important changes are properly documented.

[qodo-merge-pro]

PR Code Suggestions ✨

Category	Suggestion	Score
Security	Disable PHP version exposure to increase security To improve the security of PHP applications, it's advisable to set expose_php to Off. This directive controls whether PHP reveals its presence on the server by including its signature in the web server header. By setting it to Off, you can obscure the fact that PHP is installed, which could help prevent targeted attacks. tools/php/php.ini-development [408] -expose_php = On +expose_php = Off Apply this suggestion Suggestion importance[1-10]: 10 Why: This is a crucial security improvement. Disabling expose_php helps prevent potential attackers from identifying the PHP version, thereby reducing the attack surface.	10
	Replace SHA-1 with more secure hashing algorithms in the digest list It's recommended to avoid using SHA-1 for digest algorithms due to its known vulnerabilities and weaknesses. Consider using more secure alternatives such as SHA-256 or SHA-512. tools/php/extras/ssl/openssl.cnf [324] -digests = sha1, sha256, sha384, sha512 +digests = sha256, sha384, sha512 Apply this suggestion Suggestion importance[1-10]: 10 Why: SHA-1 is known to have vulnerabilities, and replacing it with more secure algorithms like SHA-256 or SHA-512 significantly enhances security.	10
	Disable expose_php to enhance security by hiding PHP's presence on the server For security reasons, it's recommended to disable the expose_php directive in production environments. This directive controls whether PHP reveals that it is installed on the server by including its signature in the Web server header. tools/php/php.ini-production [410] -expose_php = On +expose_php = Off Apply this suggestion Suggestion importance[1-10]: 9 Why: Disabling expose_php is a strong security recommendation to prevent revealing PHP's presence on the server, which can reduce the risk of targeted attacks.	9
	Enforce unique subjects in certificates to enhance security For better security practices, consider setting the unique_subject to 'yes' to ensure that each certificate has a unique subject. This helps in managing certificates and preventing potential security issues. tools/php/extras/ssl/openssl.cnf [86] -#unique_subject = no +unique_subject = yes Apply this suggestion Suggestion importance[1-10]: 9 Why: Setting unique_subject to 'yes' ensures that each certificate has a unique subject, which helps in managing certificates and preventing potential security issues.	9
	Specify a secure default message digest algorithm to enhance security The default_md is set to 'default', which might use less secure hashing algorithms depending on the OpenSSL version. Specify a more secure default message digest explicitly, such as 'sha256'. tools/php/extras/ssl/openssl.cnf [114] -default_md = default +default_md = sha256 Apply this suggestion Suggestion importance[1-10]: 8 Why: Explicitly setting default_md to 'sha256' ensures the use of a secure hashing algorithm, which is important for maintaining security.	8
Possible issue	Remove the duplicate entry for pcre2lib It appears that the entry for pcre2lib (ext/pcre) is duplicated in the document. Consider removing the duplicate entry to maintain clarity and avoid confusion in the documentation. tools/php/readme-redist-bins.txt [3-22] 3. pcre2lib (ext/pcre) -22. 3. pcre2lib (ext/pcre) Apply this suggestion Suggestion importance[1-10]: 9 Why: The suggestion correctly identifies a duplicate entry for pcre2lib, which should be removed to maintain clarity and avoid confusion in the documentation.	9
	Remove the redundant entry for main/strlcpy The entry for main/strlcpy appears twice in the list. To ensure the document is concise and clear, consider removing the redundant entry. tools/php/readme-redist-bins.txt [12-436] 12. main/strlcpy -436. 12. main/strlcpy Apply this suggestion Suggestion importance[1-10]: 9 Why: The suggestion correctly identifies a redundant entry for main/strlcpy, which should be removed to ensure the document is concise and clear.	9
	Remove the duplicate entry for main/strlcat The entry for main/strlcat is repeated in the document. Removing the duplicate will help in keeping the document concise and prevent any confusion. tools/php/readme-redist-bins.txt [11-435] 11. main/strlcat -435. 11. main/strlcat Apply this suggestion Suggestion importance[1-10]: 9 Why: The suggestion correctly identifies a duplicate entry for main/strlcat, which should be removed to keep the document concise and prevent any confusion.	9
	Consolidate duplicate entries for ext/standard crypt The entry for ext/standard crypt is listed twice with detailed licensing information. It would be beneficial to consolidate these entries to streamline the document and avoid redundancy. tools/php/readme-redist-bins.txt [4-120] 4. ext/standard crypt -120. 4. ext/standard crypt Apply this suggestion Suggestion importance[1-10]: 8 Why: The suggestion correctly identifies duplicate entries for ext/standard crypt. Consolidating these entries will streamline the document and avoid redundancy.	8
Best practice	Ensure short_open_tag is disabled in both development and production environments It is recommended to disable the short_open_tag directive to prevent issues when generating XML documents and to encourage the use of the full tags for PHP code. The current setting in the development environment is Off, which is good, but it's also crucial to ensure this setting is consistent in the production environment for security and compatibility reasons. tools/php/php.ini-development [208] +short_open_tag = Off - Apply this suggestion Suggestion importance[1-10]: 8 Why: The suggestion correctly identifies the importance of disabling short_open_tag for security and compatibility reasons. The current setting is already Off in the development environment, and ensuring it is consistent in production is crucial.	8
	Use full paths for executables to ensure reliability across different environments It is recommended to use the full path for executables in batch scripts to avoid dependency on the system's PATH environment variable. This ensures that the script will run correctly regardless of the system configuration and user environment. tools/php/phar.phar.bat [1] -"%~dp0php.exe" "%~dp0pharcommand.phar" %* +"C:\Path\To\PHP\php.exe" "C:\Path\To\PHP\pharcommand.phar" %* Apply this suggestion Suggestion importance[1-10]: 7 Why: Using full paths for executables is a good practice to ensure the script runs correctly regardless of the system configuration. However, this suggestion assumes a specific path which may not be universally applicable.	7
Performance	Increase memory_limit to support more intensive operations and prevent script failures It's advisable to set memory_limit to a higher value in production environments to accommodate scripts that require more memory, especially under heavy load. This helps in preventing unexpected script terminations. tools/php/php.ini-production [445] -memory_limit = 128M +memory_limit = 256M Apply this suggestion Suggestion importance[1-10]: 7 Why: Increasing memory_limit can help accommodate scripts that require more memory, especially under heavy load. However, the suggested value should be carefully considered based on the server's capacity and application requirements.	7
	Reduce the memory limit to safeguard server resources Consider setting a more conservative memory limit to prevent poorly written scripts from consuming too much memory, which could affect server performance and stability. The current setting allows scripts to consume up to 128M, which might be excessive for many applications. tools/php/php.ini-development [443] -memory_limit = 128M +memory_limit = 64M Apply this suggestion Suggestion importance[1-10]: 7 Why: The suggestion to lower the memory limit is valid for improving server stability and performance. However, the appropriate memory limit can vary depending on the application, so this change should be considered in the context of the specific environment.	7
	Set a reasonable max_execution_time to prevent resource hogging by scripts Setting max_execution_time to a non-zero value in production environments can help prevent poorly written scripts from tying up the server resources indefinitely. Consider setting this to a reasonable limit. tools/php/php.ini-production [419] -max_execution_time = 30 +max_execution_time = 60 Apply this suggestion Suggestion importance[1-10]: 6 Why: Increasing max_execution_time can help prevent poorly written scripts from consuming server resources indefinitely. However, the suggested value of 60 seconds may still be arbitrary and should be tailored to specific use cases.	6
Compatibility	Verify compatibility of UTF8Strings across all systems using these certificates The string_mask setting is configured to only allow UTF8Strings, which is a good practice post-2004 PKIX recommendations. However, it's important to ensure that all connected systems can handle UTF8Strings to avoid compatibility issues. tools/php/extras/ssl/openssl.cnf [162] -string_mask = utf8only +string_mask = utf8only # Ensure compatibility with all systems interacting with these certificates Apply this suggestion Suggestion importance[1-10]: 6 Why: While the suggestion is good for ensuring compatibility, it is more of a reminder and does not change the actual configuration.	6