From a4ce88ee0ddf7e29c5ed3e003ea18b7808390ae2 Mon Sep 17 00:00:00 2001
From: Remi Collet <fedora@famillecollet.com>
Date: Tue, 14 Feb 2017 13:51:07 +0100
Subject: php-pecl-zendopcache: backport security fix for bug #69090

---
 opcache.ini | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'opcache.ini')

diff --git a/opcache.ini b/opcache.ini
index c26c351..b195df6 100644
--- a/opcache.ini
+++ b/opcache.ini
@@ -93,3 +93,14 @@ opcache.blacklist_filename=@INIPATH@/opcache*.blacklist
 ; Useful for internal debugging only.
 ;opcache.protect_memory=0
 
+; Validate cached file permissions.
+; Leads OPcache to check file readability on each access to cached file.
+; This directive should be enabled in shared hosting environment, when few
+; users (PHP-FPM pools) reuse the common OPcache shared memory.
+;opcache.validate_permission=0
+
+; Prevent name collisions in chroot'ed environment.
+; This directive prevents file name collisions in different "chroot"
+; environments. It should be enabled for sites that may serve requests in
+; different "chroot" environments.
+;opcache.validate_root=0
-- 
cgit