php-src/NEWS

1470 lines
52 KiB
Plaintext
Raw Normal View History

2015-07-21 22:36:36 +08:00
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
2023-06-20 22:07:05 +08:00
?? ??? ????, PHP 8.1.22
- Build:
. Fix GH-11522: PHP version check fails with '-' separator. (SVGAnimate)
- CLI:
. Fix interrupted CLI output causing the process to exit. (nielsdos)
- Core:
. Fixed oss-fuzz #60011 (Mis-compilation of by-reference nullsafe operator).
(ilutov)
Fix use-of-uninitialized-value with ??= on assert Normally, PHP evaluates all expressions in offsets (property or array), as well as the right hand side of assignments before actually fetching the offsets. This is well explained in this blog post. https://www.npopov.com/2017/04/14/PHP-7-Virtual-machine.html#writes-and-memory-safety For ??= we have a bit of a problem in that the rhs must only be evaluated if the lhs is null or undefined. Thus, we have to first compile the lhs with BP_VAR_IS, conditionally run the rhs and then re-fetch the lhs with BP_VAR_W to to make sure the offsets are valid if they have been invalidated. However, we don't want to just re-evaluate the entire lhs because it may contain side-effects, as in $array[$x++] ??= 42;. In this case, we don't want to re-evaluate $x++ because it would result in writing to a different offset than was previously tested. The same goes for function calls, like $array[foo()] ??= 42;, where the second call to foo() might result in a different value. PHP behaves correctly in these cases. This is implemented by memoizing sub-expressions in the lhs of ??= and reusing them when compiling the lhs for the second time. This is done for any expression that isn't a variable, i.e. anything that can (potentially) be written to. Unfortunately, this also means that function calls are considered writable due to their return-by-reference semantics, and will thus not be memoized. The expression foo()['bar'] ??= 42; will invoke foo() twice. Even worse, foo(bar()) ??= 42; will call both foo() and bar() twice, but foo(bar() + 1) ??= 42; will only call foo() twice. This is likely not by design, and was just overlooked in the implementation. The RFC does not specify how function calls in the lhs of the coalesce assignment behaves. This should probably be improved in the future. Now, the problem this commit actually fixes is that ??= may memoize expressions inside assert() function calls that may not actually execute. This is not only an issue when using the VAR in the second expression (which would usually also be skipped) but also when freeing the VAR. For this reason, it is not safe to memoize assert() sub-expressions. There are two possible solutions: 1. Don't memoize any sub-expressions of assert(), meaning they will execute twice. 2. Throw a compile error. Option 2 is not quite simple, because we can't disallow all memoization inside assert(), as that would break assertions like assert($array[foo()] ??= 'bar');. Code like this is highly unlikely (and dubious) but possible. In this case, we would need to make sure that a memoized value could not be used across the assert boundary it was created in. The complexity for this is not worthwhile. So we opt for option 1 and disable memoization immediately inside assert(). Fixes GH-11580 Closes GH-11581
2023-07-03 20:59:13 +08:00
. Fixed use-of-uninitialized-value with ??= on assert. (ilutov)
- Date:
. Fixed bug GH-11368 (Date modify returns invalid datetime). (Derick)
- Fileinfo:
. Fixed bug GH-11298 (finfo returns wrong mime type for xz files). (Anatol)
- FTP:
. Fix context option check for "overwrite". (JonasQuinten)
Fix most external GD 2.3.3 compatibility * ext/gd/tests/bug45799.phpt: tweak to work with external gd. The expected output from this test contains an extra newline with gd-2.3.3 from the system (Gentoo). Adding a whitespace wildcard takes care of it, and the test still passes with the bundled version of gd. * ext/gd/tests: external gd-2.3.3 compatibility. Support for the legacy "gd" image format was removed from gd-2.3.3 upstream: https://github.com/libgd/libgd/blob/master/CHANGELOG.md#233---2021-09-12 Several tests for the gd extension utilize that format, and naturally fail when gd-2.3.3 from the system is used. This commit skips those tests when the version of gd is at least 2.3.3. * ext/gd/tests/bug73159.phpt: skip with external gd >= 2.3.3 This test uses the imagegd2() function to check that https://github.com/libgd/libgd/issues/289 is fixed. When an external gd without support for the "gd" format is used, no error is thrown, but a nonsense result is printed: this is normal. The corresponding upstream test is disabled in that situation; it's not expected to work. This commit skips the corresponding PHP test under the same circumstances to fix a test failure with external gd >= 2.3.3. * ext/gd/tests/bug73155.phpt: skip with external gd >= 2.3.3 This test uses the imagegd2() function to check that https://github.com/libgd/libgd/issues/309 is fixed. When an external gd without support for the "gd" format is used, no error is thrown, but a nonsense result is printed: this is normal. The corresponding upstream test is disabled in that situation; it's not expected to work. This commit skips the corresponding PHP test under the same circumstances to fix a test failure with external gd >= 2.3.3. * ext/gd/tests/bug73157.phpt: skip with external gd >= 2.3.3 This test ensures that the third (chunk_size) parameter to imagegd2() is respected when a fourth parameter is also given. However, when an external gd without support for the "gd" format is used, the call to imagegd2() does not really work at all. It doesn't fail, but it produces an "image" with a nonsense chunk size. To avoid failures when an external gd >= 2.3.3 is used, we skip the test entirely in that case. * ext/gd/tests/bug77973.phpt: accept lowercase "Invalid" This test fails with an external gd because the test expects "Invalid" where upstream gd says "invalid". This commit tweaks the expected output to accept an arbitrary character in the i/I position. * ext/gd/tests/bug39780_extern.phpt: update for external gd-2.3.3. Since there are no CI runs with external gd, I can only assume that this test has fallen out-of-date due to changes in PHP itself. I've tweaked the expected output (only slightly) so that the test passes with both gd-2.3.2 and gd-2.3.3. * ext/gd/tests/bug66356.phpt: update expected output for external gd. Newer (external) versions of GD start their error messages with lowercase characters, whereas this test is expecting them in uppercase. A single-character wildcard now supports both formats. * ext/gd/tests/imagegd_truecolor.phpt: skip with external gd >= 2.3.3. This test uses the imagegd() function, but the "gd" format has been disabled by default in upstream gd-2.3.3. We still get some kind of image data back from the call to imagegd(), but its "signature", "truecolor", and "size" no longer match the expected values. This commit skips the test when an external gd >= 2.3.3 is used. * ext/gd/tests/createfromwbmp2_extern.phpt: update for external gd-2.3.3. * ext/gd/tests/libgd00086_extern.phpt: update for external gd-2.3.3. Since there are no CI runs with external gd, I can only assume that this test has fallen out-of-date due to changes in PHP itself. I've tweaked the expected output (only slightly) so that the test passes with both gd-2.3.2 and gd-2.3.3. * ext/gd/tests/bug77272.phpt: update expected output for external gd. Newer (external) versions of GD start their error messages with lowercase characters, whereas this test is expecting them in uppercase. A single-character wildcard now supports both formats. * ext/gd/tests/bug77479.phpt: update for newer external gd. This test fails with gd-2.3.3 (at least) due to minor capitalization and whitespace issues. We add some wildcards to account for the difference. Closes GH-11257. Closes GH-11262. Closes GH-11264. Closes GH-11280.
2023-05-17 20:59:53 +08:00
- GD:
. Fix most of the external libgd test failures. (Michael Orlitzky)
- MBString:
. Fix GH-11300 (license issue: restricted unicode license headers).
(nielsdos)
- PCNTL:
. Fixed bug GH-11498 (SIGCHLD is not always returned from proc_open).
(nielsdos)
- PCRE:
. Mangle PCRE regex cache key with JIT option. (mvorisek)
2023-06-20 22:07:05 +08:00
- PDO SQLite:
. Fix GH-11492 (Make test failure: ext/pdo_sqlite/tests/bug_42589.phpt).
(KapitanOczywisty, CViniciusSDias)
- Session:
. Removed broken url support for transferring session ID. (ilutov)
- Standard:
. Fix serialization of RC1 objects appearing in object graph twice. (ilutov)
- SQLite3:
. Fix replaced error handling in SQLite3Stmt::__construct. (nielsdos)
2023-06-20 22:07:05 +08:00
06 Jul 2023, PHP 8.1.21
2023-05-24 05:19:16 +08:00
- CLI:
. Fixed bug GH-11246 (cli/get_set_process_title fails on MacOS).
(James Lucas)
- Core:
. Fixed build for the riscv64 architecture/GCC 12. (Daniil Gentili)
- Curl:
. Fixed bug GH-11433 (Unable to set CURLOPT_ACCEPT_ENCODING to NULL).
(nielsdos)
- DOM:
. Fixed bugs GH-11288 and GH-11289 and GH-11290 and GH-9142 (DOMExceptions
and segfaults with replaceWith). (nielsdos)
. Fixed bug GH-10234 (Setting DOMAttr::textContent results in an empty
attribute value). (nielsdos)
. Fix return value in stub file for DOMNodeList::item. (divinity76)
. Fix spec compliance error with '*' namespace for
DOMDocument::getElementsByTagNameNS. (nielsdos)
. Fix DOMElement::append() and DOMElement::prepend() hierarchy checks.
(nielsdos)
. Fixed bug GH-11347 (Memory leak when calling a static method inside an
xpath query). (nielsdos)
. Fixed bug #67440 (append_node of a DOMDocumentFragment does not reconcile
namespaces). (nielsdos)
. Fixed bug #81642 (DOMChildNode::replaceWith() bug when replacing a node
with itself). (nielsdos)
. Fixed bug #77686 (Removed elements are still returned by getElementById).
(nielsdos)
. Fixed bug #70359 (print_r() on DOMAttr causes Segfault in
php_libxml_node_free_list()). (nielsdos)
. Fixed bug #78577 (Crash in DOMNameSpace debug info handlers). (nielsdos)
. Fix lifetime issue with getAttributeNodeNS(). (nielsdos)
. Fix "invalid state error" with cloned namespace declarations. (nielsdos)
. Fixed bug #55294 and #47530 and #47847 (various namespace reconciliation
issues). (nielsdos)
. Fixed bug #80332 (Completely broken array access functionality with
DOMNamedNodeMap). (nielsdos)
- Opcache:
. Fix allocation loop in zend_shared_alloc_startup(). (nielsdos)
. Access violation on smm_shared_globals with ALLOC_FALLBACK. (KoudelkaB)
. Fixed bug GH-11336 (php still tries to unlock the shared memory ZendSem
with opcache.file_cache_only=1 but it was never locked). (nielsdos)
- OpenSSL:
. Fixed bug GH-9356 Incomplete validation of IPv6 Address fields in
subjectAltNames (James Lucas, Jakub Zelenka).
- PGSQL:
. Fixed intermittent segfault with pg_trace. (David Carlier)
- Phar:
. Fix cross-compilation check in phar generation for FreeBSD. (peter279k)
- SPL:
. Fixed bug GH-11338 (SplFileInfo empty getBasename with more than one
slash). (nielsdos)
- Standard:
. Fix access on NULL pointer in array_merge_recursive(). (ilutov)
. Fix exception handling in array_multisort(). (ilutov)
2023-05-24 05:19:16 +08:00
08 Jun 2023, PHP 8.1.20
2023-04-25 22:18:30 +08:00
- Core:
. Fixed bug GH-9068 (Conditional jump or move depends on uninitialised
value(s)). (nielsdos)
. Fixed bug GH-11189 (Exceeding memory limit in zend_hash_do_resize leaves
the array in an invalid state). (Bob)
. Fixed bug GH-11222 (foreach by-ref may jump over keys during a rehash).
(Bob)
- Date:
. Fixed bug GH-11281 (DateTimeZone::getName() does not include seconds in
offset). (nielsdos)
- Exif:
. Fixed bug GH-10834 (exif_read_data() cannot read smaller stream wrapper
chunk sizes). (nielsdos)
- FPM:
. Fixed bug GH-10461 (PHP-FPM segfault due to after free usage of
child->ev_std(out|err)). (Jakub Zelenka)
. Fixed bug #64539 (FPM status page: query_string not properly JSON encoded).
(Jakub Zelenka)
. Fixed memory leak for invalid primary script file handle. (Jakub Zelenka)
- Hash:
. Fixed bug GH-11180 (hash_file() appears to be restricted to 3 arguments).
(nielsdos)
- LibXML:
. Fixed bug GH-11160 (Few tests failed building with new libxml 2.11.0).
(nielsdos)
- Opcache:
. Fixed bug GH-11134 (Incorrect match default branch optimization). (ilutov)
. Fixed too wide OR and AND range inference. (nielsdos)
. Fixed bug GH-11245 (In some specific cases SWITCH with one default
statement will cause segfault). (nielsdos)
2023-04-25 22:18:30 +08:00
- PGSQL:
. Fixed parameter parsing of pg_lo_export(). (kocsismate)
- Phar:
. Fixed bug GH-11099 (Generating phar.php during cross-compile can't be
done). (peter279k)
- Soap:
2023-06-07 06:06:13 +08:00
. Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random
2023-06-22 14:04:56 +08:00
bytes in HTTP Digest authentication for SOAP).
(CVE-2023-3247) (nielsdos, timwolla)
. Fixed bug GH-8426 (make test fail while soap extension build). (nielsdos)
- SPL:
. Fixed bug GH-11178 (Segmentation fault in spl_array_it_get_current_data
(PHP 8.1.18)). (nielsdos)
- Standard:
. Fixed bug GH-11138 (move_uploaded_file() emits open_basedir warning for
source file). (ilutov)
. Fixed bug GH-11274 (POST/PATCH request switches to GET after a HTTP 308
redirect). (nielsdos)
- Streams:
. Fixed bug GH-10031 ([Stream] STREAM_NOTIFY_PROGRESS over HTTP emitted
irregularly for last chunk of data). (nielsdos)
. Fixed bug GH-11175 (Stream Socket Timeout). (nielsdos)
. Fixed bug GH-11177 (ASAN UndefinedBehaviorSanitizer when timeout = -1
passed to stream_socket_accept/stream_socket_client). (nielsdos)
2023-04-25 22:18:30 +08:00
11 May 2023, PHP 8.1.19
2023-03-30 08:51:20 +08:00
- Core:
. Fix inconsistent float negation in constant expressions. (ilutov)
. Fixed bug GH-8841 (php-cli core dump calling a badly formed function).
(nielsdos)
Fix GH-10737: PHP 8.1.16 segfaults on line 597 of sapi/apache2handler/sapi_apache2.c The TSRM keeps a hashtable mapping the thread IDs to the thread resource pointers. It's possible that the thread disappears without us knowing, and then another thread gets spawned some time later with the same ID as the disappeared thread. Note that since it's a new thread the TSRM key pointer and cached pointer will be NULL. The Apache request handler `php_handler()` will try to fetch some fields from the SAPI globals. It uses a lazy thread resource allocation by calling `ts_resource(0);`. This allocates a thread resource and sets up the TSRM pointers if they haven't been set up yet. At least, that's what's supposed to happen. But since we are in a situation where the thread ID still has the resources of the *old* thread associated in the hashtable, the loop in `ts_resource_ex` will find that thread resource and assume the thread has been setup already. But this is not the case since this thread is actually a new thread, just reusing the ID of the old one, without any relation whatsoever to the old thread. Because of this assumption, the TSRM pointers will not be setup, leading to a NULL pointer dereference when trying to access the SAPI globals. We can easily detect this scenario: if we're in the fallback path, and the pointer is NULL, and we're looking for our own thread resource, we know we're actually reusing a thread ID. In that case, we'll free up the old thread resources gracefully (gracefully because there might still be resources open like database connection which need to be shut down cleanly). After freeing the resources, we'll create the new resources for this thread as if the stale resources never existed in the first place. From that point forward, it is as if that situation never occurred. The fact that this situation happens isn't that bad because a child process containing threads will eventually be respawned anyway by the SAPI, so the stale thread resources won't remain forever. Note that we can't simply assign our own TSRM pointers to the existing thread resource for our ID, since it was actually from a different thread (just with the same ID!). Furthermore, the dynamically loaded extensions have their own pointer, which is only set when their constructor is called, so we'd have to call their constructor anyway... I also tried to call the dtor and then the ctor again for those resources on the pre-existing thread resource to reuse storage, but that didn't work properly because other code doesn't expect something like that to happen, which breaks assumptions, and this in turn caused Valgrind to (rightfully) complain about memory bugs. Note 2: I also had to fix a bug in the core globals destruction because it always assumed that the thread destroying them was the owning thread, which on TSRM shutdown isn't always the case. A similar bug was fixed recently with the JIT globals. Closes GH-10863.
2023-03-16 04:18:37 +08:00
. Fixed bug GH-10737 (PHP 8.1.16 segfaults on line 597 of
sapi/apache2handler/sapi_apache2.c). (nielsdos, ElliotNB)
. Fixed bug GH-11028 (Heap Buffer Overflow in zval_undefined_cv.). (nielsdos)
. Fixed bug GH-11108 (Incorrect CG(memoize_mode) state after bailout in ??=).
(ilutov)
2023-03-31 03:41:11 +08:00
- DOM:
. Fixed bug #80602 (Segfault when using DOMChildNode::before()).
(Nathan Freeman)
. Fixed incorrect error handling in dom_zvals_to_fragment(). (nielsdos)
2023-03-30 08:51:20 +08:00
2023-01-30 06:32:52 +08:00
- Exif:
. Fixed bug GH-9397 (exif read : warnings and errors : Potentially invalid
endianess, Illegal IFD size and Undefined index). (nielsdos)
2023-04-18 17:45:50 +08:00
- Intl:
. Fixed bug GH-11071 (TZData version not displayed anymore). (Remi)
- PCRE:
. Fixed bug GH-10968 (Segfault in preg_replace_callback_array()). (ilutov)
- Standard:
. Fixed bug GH-10990 (mail() throws TypeError after iterating over
$additional_headers array by reference). (nielsdos)
. Fixed bug GH-9775 (Duplicates returned by array_unique when using enums).
(ilutov)
2023-03-30 08:51:20 +08:00
13 Apr 2023, PHP 8.1.18
2023-03-01 04:37:52 +08:00
2023-03-03 18:40:09 +08:00
- Core:
. Added optional support for max_execution_time in ZTS/Linux builds
(Kévin Dunglas)
. Fixed use-after-free in recursive AST evaluation. (ilutov)
. Fixed bug GH-8646 (Memory leak PHP FPM 8.1). (nielsdos)
. Fixed bug GH-10801 (Named arguments in CTE functions cause a segfault).
(nielsdos)
. Fixed bug GH-8789 (PHP 8.0.20 (ZTS) zend_signal_handler_defer crashes on
apache). (nielsdos)
. Fixed bug GH-10015 (zend_signal_handler_defer crashes on apache shutdown).
(nielsdos)
. Fixed bug GH-10810 (Fix NUL byte terminating Exception::__toString()).
(ilutov)
. Fix potential memory corruption when mixing __callStatic() and FFI. (ilutov)
2023-03-01 04:37:52 +08:00
- Date:
. Fixed bug GH-10583 (DateTime modify with tz pattern should not update
linked timezone). (Derick)
- FPM:
. Fixed bug GH-10611 (fpm_env_init_main leaks environ). (nielsdos)
. Destroy file_handle in fpm_main. (Jakub Zelenka, nielsdos)
. Fixed bug #74129 (Incorrect SCRIPT_NAME with apache ProxyPassMatch when
spaces are in path). (Jakub Zelenka)
- FTP:
. Propagate success status of ftp_close(). (nielsdos)
. Fixed bug GH-10521 (ftp_get/ftp_nb_get resumepos offset is maximum 10GB).
(nielsdos)
- IMAP:
. Fix build failure with Clang 16. (orlitzky)
- MySQLnd:
. Fixed bug GH-8979 (Possible Memory Leak with SSL-enabled MySQL
connections). (nielsdos)
- Opcache:
. Fixed build for macOS to cater with pkg-config settings. (David Carlier)
. Fixed bug GH-8065 (opcache.consistency_checks > 0 causes segfaults in
PHP >= 8.1.5 in fpm context). (nielsdos)
- OpenSSL:
. Add missing error checks on file writing functions. (nielsdos)
- PDO Firebird:
. Fixed bug GH-10908 (Bus error with PDO Firebird on RPI with 64 bit kernel
and 32 bit userland). (nielsdos)
- PDO ODBC:
. Fixed missing and inconsistent error checks on SQLAllocHandle. (nielsdos)
- Phar:
. Fixed bug GH-10766 (PharData archive created with Phar::Zip format does
not keep files metadata (datetime)). (nielsdos)
. Add missing error checks on EVP_MD_CTX_create() and EVP_VerifyInit().
(nielsdos)
- PGSQL:
. Fixed typo in the array returned from pg_meta_data (extended mode).
(David Carlier)
- SPL:
. Fixed bug GH-10519 (Array Data Address Reference Issue). (Nathan Freeman)
2023-03-25 23:26:18 +08:00
. Fixed bug GH-10844 (ArrayIterator allows modification of readonly props).
(ilutov)
- Standard:
. Fixed bug GH-10885 (stream_socket_server context leaks). (ilutov)
. Fixed bug GH-10052 (Browscap crashes PHP 8.1.12 on request shutdown
(apache2)). (nielsdos)
. Fixed oss-fuzz #57392 (Buffer-overflow in php_fgetcsv() with \0 delimiter
and enclosure). (ilutov)
. Fixed undefined behaviour in unpack(). (nielsdos)
2023-03-01 04:37:52 +08:00
16 Mar 2023, PHP 8.1.17
2023-01-18 00:24:25 +08:00
- Core:
. Fixed incorrect check condition in ZEND_YIELD. (nielsdos)
2023-01-25 06:19:21 +08:00
. Fixed incorrect check condition in type inference. (nielsdos)
2023-01-28 02:36:28 +08:00
. Fixed overflow check in OnUpdateMemoryConsumption. (nielsdos)
. Fixed bug GH-9916 (Entering shutdown sequence with a fiber suspended in a
Generator emits an unavoidable fatal error or crashes). (Arnaud)
. Fixed bug GH-10437 (Segfault/assertion when using fibers in shutdown
function after bailout). (trowski)
2023-02-15 03:27:29 +08:00
. Fixed SSA object type update for compound assignment opcodes. (nielsdos)
. Fixed language scanner generation build. (Daniel Black)
. Fixed zend_update_static_property() calling zend_update_static_property_ex()
misleadingly with the wrong return type. (nielsdos)
. Fix bug GH-10570 (Fixed unknown string hash on property fetch with integer
constant name). (nielsdos)
. Fixed php_fopen_primary_script() call resulted on zend_destroy_file_handle()
freeing dangling pointers on the handle as it was uninitialized. (nielsdos)
2023-01-25 06:19:21 +08:00
- Curl:
. Fixed deprecation warning at compile time. (Max Kellermann)
. Fixed bug GH-10270 (Unable to return CURL_READFUNC_PAUSE in readfunc
callback). (Pierrick Charron)
- Date:
. Fix GH-10447 ('p' format specifier does not yield 'Z' for 00:00). (Derick)
2023-01-25 06:19:21 +08:00
- FFI:
. Fixed incorrect bitshifting and masking in ffi bitfield. (nielsdos)
2023-01-18 00:24:25 +08:00
- Fiber:
. Fixed assembly on alpine x86. (nielsdos)
. Fixed bug GH-10496 (segfault when garbage collector is invoked inside of
fiber). (Bob, Arnaud)
- FPM:
. Fixed bug GH-10315 (FPM unknown child alert not valid). (Jakub Zelenka)
. Fixed bug GH-10385 (FPM successful config test early exit). (nielsdos)
- Intl:
. Fixed bug GH-10647 (Spoolchecker isSuspicious/areConfusable methods
error code's argument always returning NULL0. (Nathan Freeman)
- JSON:
. Fixed JSON scanner and parser generation build.
(Daniel Black, Jakub Zelenka)
- MBString:
. ext/mbstring: fix new_value length check. (Max Kellermann)
. Fix bug GH-10627 (mb_convert_encoding crashes PHP on Windows). (nielsdos)
- Opcache:
. Fix incorrect page_size check. (nielsdos)
. Fix readonly modification check when using inc/dec operators on readonly
property with JIT. (ilutov)
- OpenSSL:
. Fixed php_openssl_set_server_dh_param() DH params errors handling. (nielsdos)
2023-02-07 23:28:50 +08:00
- PDO OCI:
. Fixed bug #60994 (Reading a multibyte CLOB caps at 8192 chars).
(Michael Voříšek)
- PHPDBG:
. Fixed bug GH-10715 (heap buffer overflow on --run option misuse). (nielsdos)
- PGSQL:
. Fix GH-10672 (pg_lo_open segfaults in the strict_types mode). (girgias)
- Phar:
. Fix incorrect check in phar tar parsing. (nielsdos)
- Reflection:
. Fixed bug GH-10623 (Reflection::getClosureUsedVariables opcode fix with
variadic arguments). (nielsdos)
. Fix Segfault when using ReflectionFiber suspended by an internal function.
(danog)
- Session:
. Fixed ps_files_cleanup_dir() on failure code paths with -1 instead of 0 as
the latter was considered success by callers. (nielsdos).
- Standard:
. Fixed bug GH-10292 (Made the default value of the first param of srand() and
mt_srand() unknown). (kocsismate)
. Fix incorrect check in cs_8559_5 in map_from_unicode(). (nielsdos)
. Fix bug GH-9697 for reset/end/next/prev() attempting to move pointer of
properties table for certain internal classes such as FFI classes
. Fix incorrect error check in browsecap for pcre2_match(). (nielsdos)
- Tidy:
. Fix memory leaks when attempting to open a non-existing file or a file over
4GB. (Girgias)
. Add missing error check on tidyLoadConfig. (nielsdos)
- Zlib:
. Fixed output_handler directive value's length which counted the string
terminator. (nieldos)
2023-02-14 03:16:07 +08:00
14 Feb 2023, PHP 8.1.16
- Core:
. Fixed bug #81744 (Password_verify() always return true with some hash).
(CVE-2023-0567). (Tim Düsterhus)
. Fixed bug #81746 (1-byte array overrun in common path resolve code).
(CVE-2023-0568). (Niels Dossche)
2023-02-14 18:46:48 +08:00
- SAPI:
2023-02-14 18:23:59 +08:00
. Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart
2023-02-14 18:33:56 +08:00
request body). (CVE-2023-0662) (Jakub Zelenka)
2023-01-18 00:24:25 +08:00
02 Feb 2023, PHP 8.1.15
2022-12-08 01:29:37 +08:00
- Apache:
. Fixed bug GH-9949 (Partial content on incomplete POST request). (cmb)
2022-12-08 01:29:37 +08:00
- Core:
. Fixed bug GH-10072 (PHP crashes when execute_ex is overridden and a __call
trampoline is used from internal code). (Derick)
. Fix GH-10251 (Assertion `(flag & (1<<3)) == 0' failed). (nielsdos)
. Fix wrong comparison in block optimisation pass after opcode update. (nieldsdos)
2023-01-20 23:47:36 +08:00
. Fix GH-10248 (Assertion `!(zval_get_type(&(*(property))) == 10)' failed).
(nielsdos)
- Date:
. Fixed bug GH-9891 (DateTime modify with unixtimestamp (@) must work like
setTimestamp). (Derick)
. Fixed bug GH-10218 (DateTimeZone fails to parse time zones that contain the
"+" character). (Derick)
- Fiber:
. Fix assertion on stack allocation size. (nielsdos)
- FPM:
. Fixed bug GH-9981 (FPM does not reset fastcgi.error_header).
(Jakub Zelenka)
. Fixed bug #67244 (Wrong owner:group for listening unix socket).
(Jakub Zelenka)
- Hash:
. Handle exceptions from __toString in XXH3's initialization (nielsdos)
- LDAP:
. Fixed bug GH-10112 (LDAP\Connection::__construct() refers to ldap_create()).
(cmb)
- MBString:
. Fixed: mb_strlen (and a couple of other mbstring functions) would wrongly treat 0x80, 0xFD, 0xFE, 0xFF, and certain other byte values as the first byte of a 2-byte SJIS character. (Alex Dowad)
2022-12-21 21:55:21 +08:00
- Opcache:
. Fix inverted bailout value in zend_runtime_jit() (Max Kellermann).
. Fix access to uninitialized variable in accel_preload(). (nielsdos)
. Fix zend_jit_find_trace() crashes. (Max Kellermann)
. Added missing lock for EXIT_INVALIDATE in zend_jit_trace_exit. (Max Kellermann)
2022-12-21 21:55:21 +08:00
- Phar:
. Fix wrong flags check for compression method in phar_object.c (nielsdos)
- PHPDBG:
. Fix undefined behaviour in phpdbg_load_module_or_extension(). (nielsdos)
. Fix NULL pointer dereference in phpdbg_create_conditional_breal(). (nielsdos)
. Fix GH-9710: phpdbg memory leaks by option "-h" (nielsdos)
. Fix phpdbg segmentation fault in case of malformed input (nielsdos)
- Posix:
. Fix memory leak in posix_ttyname() (girgias)
- Standard:
. Fix GH-10187 (Segfault in stripslashes() with arm64). (nielsdos)
. Fix substr_replace with slots in repl_ht being UNDEF. (nielsdos)
- TSRM:
. Fixed Windows shmget() wrt. IPC_PRIVATE. (Tyson Andre)
- XMLWriter
. Fix missing check for xmlTextWriterEndElement (nielsdos)
2022-12-08 01:29:37 +08:00
05 Jan 2023, PHP 8.1.14
2022-11-09 00:57:34 +08:00
- Core:
. Fixed bug GH-9905 (constant() behaves inconsistent when class is undefined).
(cmb)
. Fixed bug GH-9918 (License information for xxHash is not included in
README.REDIST.BINS file). (Akama Hitoshi)
. Fixed bug GH-9650 (Can't initialize heap: [0x000001e7]). (Michael Voříšek)
. Fixed potentially undefined behavior in Windows ftok(3) emulation. (cmb)
2022-11-09 00:57:34 +08:00
- Date:
. Fixed bug GH-9699 (DateTimeImmutable::diff differences in 8.1.10 onwards -
timezone related). (Derick)
. Fixed bug GH-9700 (DateTime::createFromFormat: Parsing TZID string is too
greedy). (Derick)
. Fixed bug GH-9866 (Time zone bug with \DateTimeInterface::diff()). (Derick)
. Fixed bug GH-9880 (DateTime diff returns wrong sign on day count when using
a timezone). (Derick)
2022-11-23 02:47:24 +08:00
- FPM:
. Fixed bug GH-9959 (Solaris port event mechanism is still broken after bug
#66694). (Petr Sumbera)
. Fixed bug #68207 (Setting fastcgi.error_header can result in a WARNING).
(Jakub Zelenka)
. Fixed bug GH-8517 (Random crash of FPM master process in
fpm_stdio_child_said). (Jakub Zelenka)
2022-11-23 02:47:24 +08:00
2022-11-13 20:40:45 +08:00
- MBString:
. Fixed bug GH-9535 (The behavior of mb_strcut in mbstring has been changed in
PHP8.1). (Nathan Freeman)
2022-11-25 21:07:30 +08:00
- Opcache:
. Fixed bug GH-9968 (Segmentation Fault during OPCache Preload).
(Arnaud, michdingpayc)
- OpenSSL:
. Fixed bug GH-9064 (PHP fails to build if openssl was built with --no-ec).
(Jakub Zelenka)
. Fixed bug GH-10000 (OpenSSL test failures when OpenSSL compiled with
no-dsa). (Jakub Zelenka)
2022-11-13 20:40:45 +08:00
- Pcntl:
2022-11-13 18:05:12 +08:00
. Fixed bug GH-9298 (Signal handler called after rshutdown leads to crash).
(Erki Aring)
- PDO_Firebird:
. Fixed bug GH-9971 (Incorrect NUMERIC value returned from PDO_Firebird).
(cmb)
2023-01-04 14:03:23 +08:00
- PDO/SQLite:
. Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631)
(cmb)
- Session:
. Fixed GH-9932 (session name silently fails with . and [). (David Carlier)
- SPL:
. Fixed GH-9883 (SplFileObject::__toString() reads next line). (Girgias)
. Fixed GH-10011 (Trampoline autoloader will get reregistered and cannot be
unregistered). (Girgias)
- SQLite3:
. Fixed bug #81742 (open_basedir bypass in SQLite3 by using file URI). (cmb)
2022-11-09 00:57:34 +08:00
24 Nov 2022, PHP 8.1.13
2022-10-12 07:47:00 +08:00
- CLI:
. Fixed bug GH-9709 (Null pointer dereference with -w/-s options). (Adam Saponara)
2022-10-16 18:44:05 +08:00
- Core:
. Fixed bug GH-9752 (Generator crashes when interrupted during argument
evaluation with extra named params). (Arnaud)
2022-10-22 16:44:37 +08:00
. Fixed bug GH-9801 (Generator crashes when memory limit is exceeded during
initialization). (Arnaud)
. Fixed potential NULL pointer dereference Windows shm*() functions. (cmb)
2022-11-04 23:01:52 +08:00
. Fixed bug GH-9750 (Generator memory leak when interrupted during argument
evaluation. (Arnaud)
2022-10-16 18:44:05 +08:00
2022-10-18 01:22:29 +08:00
- Date:
. Fixed bug GH-9763 (DateTimeZone ctr mishandles input and adds null byte if
the argument is an offset larger than 100*60 minutes). (Derick)
- FPM:
. Fixed bug GH-9754 (SaltStack (using Python subprocess) hangs when running
php-fpm 8.1.11). (Jakub Zelenka)
2022-10-28 18:23:37 +08:00
- mysqli:
. Fixed bug GH-9841 (mysqli_query throws warning despite using
silenced error mode). (Kamil Tekiela)
- MySQLnd:
. Fixed potential heap corruption due to alignment mismatch. (cmb)
2022-10-12 07:47:00 +08:00
- OpenSSL:
. Fixed bug GH-8430 (OpenSSL compiled with no-md2, no-md4 or no-rmd160 does
not build). (Jakub Zelenka, fsbruva)
- SOAP:
. Fixed GH-9720 (Null pointer dereference while serializing the response).
(cmb)
2022-10-11 21:24:53 +08:00
2022-10-12 07:47:00 +08:00
27 Oct 2022, PHP 8.1.12
2022-09-14 05:09:47 +08:00
- Core:
. Fixes segfault with Fiber on FreeBSD i386 architecture. (David Carlier)
- Fileinfo:
. Fixed bug GH-8805 (finfo returns wrong mime type for woff/woff2 files).
(Anatol)
2022-09-14 05:09:47 +08:00
2022-10-26 20:21:26 +08:00
- GD:
. Fixed bug #81739: OOB read due to insufficient input validation in
imageloadfont(). (CVE-2022-31630) (cmb)
- Hash:
. Fixed bug #81738: buffer overflow in hash_update() on long parameter.
(CVE-2022-37454) (nicky at mouha dot be)
2022-10-10 20:00:41 +08:00
- MBString:
- Fixed bug GH-9683 (Problem when ISO-2022-JP-MS is specified in
mb_ encode_mimeheader). (Alex Dowad)
- Opcache:
. Added indirect call reduction for jit on x86 architectures. (wxue1)
- Session:
. Fixed bug GH-9583 (session_create_id() fails with user defined save handler
that doesn't have a validateId() method). (Girgias)
2022-10-01 17:24:08 +08:00
- Streams:
. Fixed bug GH-9590 (stream_select does not abort upon exception or empty
valid fd set). (Arnaud)
2022-09-14 05:09:47 +08:00
29 Sep 2022, PHP 8.1.11
2022-08-16 23:45:29 +08:00
- Core:
. Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function)
(Tim Starling)
. Fixed bug GH-9361 (Segmentation fault on script exit #9379). (cmb,
Christian Schneider)
. Fixed bug GH-9447 (Invalid class FQN emitted by AST dump for new and class
constants in constant expressions). (ilutov)
2022-09-30 15:19:03 +08:00
. Fixed bug #81727: Don't mangle HTTP variable names that clash with ones
that have a specific semantic meaning. (CVE-2022-31629). (Derick)
- DOM:
. Fixed bug #79451 (DOMDocument->replaceChild on doctype causes double free).
(Nathan Freeman)
- FPM:
. Fixed bug GH-8885 (FPM access.log with stderr begins to write logs to
error_log after daemon reload). (Dmitry Menshikov)
. Fixed bug #77780 ("Headers already sent..." when previous connection was
aborted). (Jakub Zelenka)
- GMP
. Fixed bug GH-9308 (GMP throws the wrong error when a GMP object is passed
to gmp_init()). (Girgias)
- Intl
. Fixed bug GH-9421 (Incorrect argument number for ValueError in NumberFormatter).
(Girgias)
- PCRE:
. Fixed pcre.jit on Apple Silicon. (Niklas Keller)
- PDO_PGSQL:
. Fixed bug GH-9411 (PgSQL large object resource is incorrectly closed).
(Yurunsoft)
2022-09-30 15:19:03 +08:00
- Phar:
. Fixed bug #81726: phar wrapper: DOS when using quine gzip file.
(CVE-2022-31628). (cmb)
2022-09-02 19:53:20 +08:00
- Reflection:
. Fixed bug GH-8932 (ReflectionFunction provides no way to get the called
class of a Closure). (cmb, Nicolas Grekas)
- Streams:
. Fixed bug GH-9316 ($http_response_header is wrong for long status line).
(cmb, timwolla)
2022-08-16 23:45:29 +08:00
01 Sep 2022, PHP 8.1.10
2022-07-20 12:48:52 +08:00
- Core:
. Fixed --CGI-- support of run-tests.php. (cmb)
2022-08-04 23:05:12 +08:00
. Fixed incorrect double to long casting in latest clang. (zeriyoshi)
. Fixed bug GH-9266 (GC root buffer keeps growing when dtors are present).
(Michael Olšavský)
2022-07-20 12:48:52 +08:00
2022-07-21 19:34:45 +08:00
- Date:
. Fixed bug GH-8730 (DateTime::diff miscalculation is same time zone of
different type). (Derick)
2022-07-22 18:30:00 +08:00
. Fixed bug GH-8964 (DateTime object comparison after applying delta less
than 1 second). (Derick)
. Fixed bug GH-9106: (DateInterval 1.5s added to DateTimeInterface is rounded
down since PHP 8.1.0). (Derick)
2022-07-21 19:34:45 +08:00
. Fixed bug #81263 (Wrong result from DateTimeImmutable::diff). (Derick)
2022-07-21 21:09:27 +08:00
- DBA:
. Fixed LMDB driver memory leak on DB creation failure (Girgias)
. Fixed bug GH-9155 (dba_open("non-existing", "c-", "flatfile") segfaults)
(cmb)
2022-07-21 21:09:27 +08:00
- IMAP:
. Fixed bug GH-9309 (Segfault when connection is used after imap_close()).
(cmb)
- Intl:
. Fixed IntlDateFormatter::formatObject() parameter type. (Gert de Pagter)
- MBString:
2022-07-21 19:34:45 +08:00
. Fixed bug GH-9008 (mb_detect_encoding(): wrong results with null $encodings).
(cmb)
- OPcache:
. Fixed bug GH-9033 (Loading blacklist file can fail due to negative length).
(cmb)
2022-08-02 01:32:02 +08:00
. Fixed bug GH-9164 (Segfault in zend_accel_class_hash_copy).
(Arnaud, Sergei Turchanov)
- OpenSSL:
. Fixed bug GH-9339 (OpenSSL oid_file path check warning contains
uninitialized path). (Jakub Zelenka)
- PDO_SQLite:
. Fixed bug GH-9032 (SQLite3 authorizer crashes on NULL values). (cmb)
- SQLite3:
. Fixed bug GH-9032 (SQLite3 authorizer crashes on NULL values). (cmb)
- Streams:
. Fixed bug GH-8472 (The resource returned by stream_socket_accept may have
incorrect metadata). (Jakub Zelenka)
. Fixed bug GH-8409 (SSL handshake timeout leaves persistent connections
hanging). (Jakub Zelenka, Twosee)
2022-07-20 12:48:52 +08:00
04 Aug 2022, PHP 8.1.9
2022-06-22 00:03:50 +08:00
- CLI:
. Fixed potential overflow for the builtin server via the PHP_CLI_SERVER_WORKERS
environment variable. (yiyuaner)
- Core:
. Fixed bug GH-8923 (error_log on Windows can hold the file write lock). (cmb)
2022-07-15 19:14:17 +08:00
. Fixed bug GH-8995 (WeakMap object reference offset causing TypeError).
(Tobias Bachert)
2022-07-10 05:00:52 +08:00
- CLI:
. Fixed GH-8952 (Intentionally closing std handles no longer possible).
(Arnaud, cmb)
- Date:
. Fixed bug #80047 (DatePeriod doesn't warn with custom DateTimeImmutable).
(Derick)
- FPM:
. Fixed zlog message prepend, free on incorrect address. (Heiko Weber)
. Fixed possible double free on configuration loading failure. (Heiko Weber).
- GD:
. Fixed bug GH-8848 (imagecopyresized() error refers to the wrong argument).
(cmb)
2022-06-22 00:03:50 +08:00
- Intl:
. Fixed build for ICU 69.x and onwards. (David Carlier)
- OPcache:
. Fixed bug GH-8847 (PHP hanging infinitly at 100% cpu when check php
syntaxe of a valid file). (Dmitry)
2022-07-18 18:35:24 +08:00
. Fixed bug GH-8030 (Segfault with JIT and large match/switch statements).
(Arnaud)
2022-07-08 05:08:20 +08:00
- Reflection:
. Fixed bug GH-8943 (Fixed Reflection::getModifiersNames() with readonly
modifier). (Pierrick)
. Fixed bug GH-8982 (Attribute with TARGET_METHOD is rejected on fake
closure of method). (ilutov)
2022-07-08 05:08:20 +08:00
- Standard:
. Fixed the crypt_sha256/512 api build with clang > 12. (David Carlier)
. Uses CCRandomGenerateBytes instead of arc4random_buf on macOs. (David Carlier).
. Fixed bug GH-9017 (php_stream_sock_open_from_socket could return NULL).
(Heiko Weber)
2022-06-22 00:03:50 +08:00
07 Jul 2022, PHP 8.1.8
2022-05-25 06:54:00 +08:00
- Core:
. Fixed bug GH-8338 (Intel CET is disabled unintentionally). (Chen, Hu)
. Fixed leak in Enum::from/tryFrom for internal enums when using JIT (ilutov)
. Fixed calling internal methods with a static return type from
extension code. (Sara)
. Fixed bug GH-8655 (Casting an object to array does not unwrap refcount=1
references). (Nicolas Grekas)
. Fixed potential use after free in php_binary_init(). (Heiko Weber)
. Fixed bug GH-7942 (Indirect mutation of readonly properties through
references). (ilutov)
- CLI:
. Fixed GH-8827 (Intentionally closing std handles no longer possible). (cmb)
- COM:
. Fixed bug GH-8778 (Integer arithmethic with large number variants fails).
(cmb)
- Curl:
. Fixed CURLOPT_TLSAUTH_TYPE is not treated as a string option. (Pierrick)
2022-05-26 22:18:56 +08:00
- Date:
. Fixed bug #72963 (Null-byte injection in CreateFromFormat and related
functions). (Derick)
2022-05-27 21:28:56 +08:00
. Fixed bug #74671 (DST timezone abbreviation has incorrect offset). (Derick)
. Fixed bug #77243 (Weekdays are calculated incorrectly for negative years).
(Derick)
2022-05-27 21:44:35 +08:00
. Fixed bug #78139 (timezone_open accepts invalid timezone string argument).
(Derick)
2022-05-26 22:18:56 +08:00
2022-07-06 05:20:23 +08:00
- Fileinfo:
. Fixed bug #81723 (Heap buffer overflow in finfo_buffer). (CVE-2022-31627)
(cmb)
- FPM:
. Fixed bug #67764 (fpm: syslog.ident don't work). (Jakub Zelenka)
2022-07-06 05:20:23 +08:00
- GD:
. Fixed imagecreatefromavif() memory leak. (cmb)
- MBString:
. mb_detect_encoding recognizes all letters in Czech alphabet (alexdowad)
. mb_detect_encoding recognizes all letters in Hungarian alphabet (alexdowad)
2022-06-03 13:55:24 +08:00
. Fixed bug GH-8685 (pcre not ready at mbstring startup). (Remi)
2022-06-13 20:39:00 +08:00
. Backwards-compatible mappings for 0x5C/0x7E in Shift-JIS are restored,
after they had been changed in 8.1.0. (Alex Dowad)
2022-05-25 06:54:00 +08:00
- ODBC:
. Fixed handling of single-key connection strings. (Calvin Buckley)
2022-05-27 19:19:19 +08:00
- OPcache:
. Fixed bug GH-8591 (tracing JIT crash after private instance method change).
(Arnaud, Dmitry, Oleg Stepanischev)
- OpenSSL:
. Fixed bug #50293 (Several openssl functions ignore the VCWD).
(Jakub Zelenka, cmb)
. Fixed bug #81713 (NULL byte injection in several OpenSSL functions working
with certificates). (Jakub Zelenka)
- PDO_ODBC:
. Fixed handling of single-key connection strings. (Calvin Buckley)
2022-06-15 21:39:24 +08:00
- Zip:
. Fixed bug GH-8781 (ZipArchive::close deletes zip file without updating stat
cache). (Remi)
2022-06-08 00:28:41 +08:00
09 Jun 2022, PHP 8.1.7
2022-04-27 08:22:15 +08:00
- CLI:
. Fixed bug GH-8575 (CLI closes standard streams too early). (Levi Morrison)
- Date:
. Fixed bug #51934 (strtotime plurals / incorrect time). (Derick)
. Fixed bug #51987 (Datetime fails to parse an ISO 8601 ordinal date
(extended format)). (Derick)
. Fixed bug #66019 (DateTime object does not support short ISO 8601 time
format - YYYY-MM-DDTHH) (cmb, Derick)
. Fixed bug #68549 (Timezones and offsets are not properly used when working
with dates) (Derick, Roel Harbers)
. Fixed bug #81565 (date parsing fails when provided with timezones including
seconds). (Derick)
. Fixed bug GH-7758 (Problems with negative timestamps and fractions).
(Derick, Ilija)
- FPM:
. Fixed ACL build check on MacOS. (David Carlier)
. Fixed bug #72185: php-fpm writes empty fcgi record causing nginx 502.
(Jakub Zelenka, loveharmful)
. Fixes use after free. (Heiko Weber).
2022-04-27 08:22:15 +08:00
2022-06-06 15:00:38 +08:00
- mysqlnd:
. Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626)
(c dot fol at ambionics dot io)
2022-05-13 18:24:32 +08:00
- OPcache:
2022-05-13 18:44:16 +08:00
. Fixed bug GH-8461 (tracing JIT crash after function/method change).
2022-05-13 18:24:32 +08:00
(Arnaud, Dmitry)
- OpenSSL:
. Fixed bug #79589 (error:14095126:SSL routines:ssl3_read_n:unexpected eof
while reading). (Jakub Zelenka)
- Pcntl:
. Fixed Haiku build. (David Carlier)
2022-06-06 15:00:38 +08:00
- pgsql
. Fixed bug #81720: Uninitialized array in pg_query_params().
(CVE-2022-31625) (cmb)
- Soap:
. Fixed bug GH-8578 (Error on wrong parameter on SoapHeader constructor).
(robertnisipeanu)
. Fixed bug GH-8538 (SoapClient may strip parts of nmtokens). (cmb)
- SPL:
. Fixed bug GH-8235 (iterator_count() may run indefinitely). (cmb)
2022-05-07 00:21:11 +08:00
- Standard:
. Fixed bug GH-8185 (Crash during unloading of extension after dl() in ZTS).
(Arnaud)
2022-05-02 20:51:54 +08:00
- Zip:
. Fixed type for index in ZipArchive::replaceFile. (Martin Rehberger)
2022-04-27 08:22:15 +08:00
12 May 2022, PHP 8.1.6
2022-03-31 23:37:41 +08:00
- Core:
. Fixed bug GH-8310 (Registry settings are no longer recognized). (cmb)
. Fixed potential race condition during resource ID allocation. (ryancaicse)
. Fixed bug GH-8133 (Preloading of constants containing arrays with enums
segfaults). (ilutov)
. Fixed Haiku ZTS builds. (David Carlier)
- Date:
. Fixed bug GH-7752 (DateTimeZone::getTransitions() returns insufficient
data). (Derick)
. Fixed bug GH-8108 (Timezone doesn't work as intended). (Derick)
. Fixed bug #81660 (DateTimeZone::getTransitions() returns invalid data).
(Derick)
2022-04-01 23:38:10 +08:00
. Fixed bug GH-8289 (Exceptions thrown within a yielded from iterator are
not rethrown into the generator). (Bob)
2022-03-31 23:37:41 +08:00
- FFI:
. Fixed bug GH-8433 (Assigning function pointers to structs in FFI leaks).
(Bob)
- FPM:
. Fixed bug #76003 (FPM /status reports wrong number of active processe).
(Jakub Zelenka)
. Fixed bug #77023 (FPM cannot shutdown processes). (Jakub Zelenka)
. Fixed comment in kqueue remove callback log message. (David Carlier)
- Hash:
. Fixed bug #81714 (segfault when serializing finalized HashContext). (cmb)
- Iconv:
. Fixed bug GH-8218 (ob_end_clean does not reset Content-Encoding header).
(cmb)
- Intl:
. Fixed bug GH-8364 (msgfmt_format $values may not support references). (cmb)
- MBString:
. Number of error markers emitted for invalid UTF-8 text matches WHATWG specification.
This is a return to the behavior of PHP 8.0 and earlier. (alexdowad)
- MySQLi:
. Fixed bug GH-8267 (MySQLi uses unsupported format specifier on Windows).
(cmb)
2022-05-07 00:21:11 +08:00
- OPcache:
. Fixed bug GH-8063 (OPcache breaks autoloading after E_COMPILE_ERROR).
(Arnaud)
- SPL:
. Fixed bug GH-8366 (ArrayIterator may leak when calling __construct()).
(cmb)
. Fixed bug GH-8273 (SplFileObject: key() returns wrong value). (Girgias)
- Streams:
. Fixed php://temp does not preserve file-position when switched to temporary
file. (Bernd Holzmüller)
- zlib:
. Fixed bug GH-8218 (ob_end_clean does not reset Content-Encoding header).
(cmb)
14 Apr 2022, PHP 8.1.5
2022-03-03 00:38:22 +08:00
- Core:
. Fixed bug GH-8176 (Enum values in property initializers leak). (Bob)
. Fixed freeing of internal attribute arguments. (Bob)
. Fixed bug GH-8070 (memory leak of internal function attribute hash).
(Tim Düsterhus)
. Fixed bug GH-8160 (ZTS support on Alpine is broken). (Michael Voříšek)
- Filter:
. Fixed signedness confusion in php_filter_validate_domain(). (cmb)
- Intl:
. Fixed bug GH-8115 (Can't catch arg type deprecation when instantiating Intl
classes). (ilutov)
. Fixed bug GH-8142 (Compilation error on cygwin). (David Carlier)
. Fixed bug GH-7734 (Fix IntlPartsIterator key off-by-one error and first
key). (ilutov)
- MBString:
. Fixed bug GH-8208 (mb_encode_mimeheader: $indent functionality broken).
(cmb)
- MySQLi:
. Fixed bug GH-8068 (mysqli_fetch_object creates inaccessible properties).
(cmb)
- Pcntl:
. Fixed bug GH-8142 (Compilation error on cygwin). (David Carlier)
2022-03-03 00:38:22 +08:00
- PgSQL:
. Fixed result_type related stack corruption on LLP64 architectures. (cmb)
. Fixed bug GH-8253 (pg_insert() fails for references). (cmb)
- Sockets:
. Fixed Solaris builds. (David Carlier)
2022-05-23 05:29:32 +08:00
. Fix undefined behavior in php_set_inet6_addr. (ilutov)
- SPL:
. Fixed bug GH-8121 (SplFileObject - seek and key with csv file inconsistent).
(cmb)
. Fixed bug GH-8192 (Cannot override DirectoryIterator::current() without
return typehint in 8.1). (Nikita)
- Standard:
. Fixed bug GH-8048 (Force macOS to use statfs). (risner)
2022-03-01 18:32:28 +08:00
2022-03-03 00:38:22 +08:00
17 Mar 2022, PHP 8.1.4
2022-02-03 09:21:29 +08:00
- Core:
. Fixed Haiku ZTS build. (David Carlier)
2022-02-08 20:54:35 +08:00
. Fixed bug GH-8059 arginfo not regenerated for extension. (Remi)
. Fixed bug GH-8083 Segfault when dumping uncalled fake closure with static
variables. (ilutov)
. Fixed bug GH-7958 (Nested CallbackFilterIterator is leaking memory). (cmb)
. Fixed bug GH-8074 (Wrong type inference of range() result). (cmb)
. Fixed bug GH-8140 (Wrong first class callable by name optimization). (cmb)
. Fixed bug GH-8082 (op_arrays with temporary run_time_cache leak memory
when observed). (Bob)
- GD:
. Fixed libpng warning when loading interlaced images. (Brett)
- FPM:
. Fixed bug #76109 (Unsafe access to fpm scoreboard).
(Till Backhaus, Jakub Zelenka)
- Iconv:
. Fixed bug GH-7953 (ob_clean() only does not set Content-Encoding). (cmb)
. Fixed bug GH-7980 (Unexpected result for iconv_mime_decode). (cmb)
- MBString:
. Fixed bug GH-8128 (mb_check_encoding wrong result for 7bit). (alexdowad)
- MySQLnd:
. Fixed bug GH-8058 (NULL pointer dereference in mysqlnd package). (Kamil Tekiela)
- Reflection:
. Fixed bug GH-8080 (ReflectionClass::getConstants() depends on def. order).
(cmb)
. Fixed bug GH-8444 (Fix ReflectionProperty::__toString() of properties
containing instantiated enums). (ilutov)
- Zlib:
. Fixed bug GH-7953 (ob_clean() only does not set Content-Encoding). (cmb)
2022-02-03 07:44:02 +08:00
2022-02-03 09:21:29 +08:00
03 Feb 2022, PHP 8.1.3
2022-01-05 02:29:41 +08:00
- Core:
. Fixed bug #81430 (Attribute instantiation leaves dangling pointer).
(beberlei)
. Fixed bug GH-7896 (Environment vars may be mangled on Windows). (cmb)
. Fixed bug GH-7883 (Segfault when INI file is not readable). (Remi)
- FFI:
. Fixed bug GH-7867 (FFI::cast() from pointer to array is broken). (cmb,
dmitry)
2022-06-10 20:35:12 +08:00
- Filter:
. Fix #81708: UAF due to php_filter_float() failing for ints.
(CVE-2021-21708) (cmb)
- FPM:
. Fixed memory leak on invalid port. (David Carlier)
. Fixed bug GH-7842 (Invalid OpenMetrics response format returned by FPM
status page. (Stefano Arlandini)
2022-01-05 02:29:41 +08:00
- MBString:
. Fixed bug GH-7902 (mb_send_mail may delimit headers with LF only). (cmb)
2022-01-20 01:14:08 +08:00
- MySQLnd:
. Fixed bug GH-7972 (MariaDB version prefix 5.5.5- is not stripped). (Kamil Tekiela)
- pcntl:
. Fixed pcntl_rfork build for DragonFlyBSD. (David Carlier)
- Sockets:
. Fixed bug GH-7978 (sockets extension compilation errors). (David Carlier)
2022-01-04 20:40:46 +08:00
- Standard:
. Fixed bug GH-7899 (Regression in unpack for negative int value). (Remi)
. Fixed bug GH-7875 (mails are sent even if failure to log throws exception).
(cmb)
2022-01-19 08:09:44 +08:00
20 Jan 2022, PHP 8.1.2
2021-12-02 21:19:16 +08:00
- Core:
. Fixed bug #81216 (Nullsafe operator leaks dynamic property name). (Dmitry)
. Fixed bug #81684 (Using null coalesce assignment with $GLOBALS["x"] produces
opcode error). (ilutov)
. Fixed bug #81656 (GCC-11 silently ignores -R). (Michael Wallner)
. Fixed bug #81683 (Misleading "access type ... must be public" error message
on final or abstract interface methods). (ilutov)
. Fixed bug #81585 (cached_chunks are not counted to real_size on shutdown).
(cmb)
. Fixed bug GH-7757 (Multi-inherited final constant causes fatal error).
(cmb)
. Fixed zend_fibers.c build with ZEND_FIBER_UCONTEXT. (Petr Sumbera)
. Added riscv64 support for fibers. (Jeremie Courreges-Anglas)
- Filter:
. Fixed FILTER_FLAG_NO_RES_RANGE flag. (Yifan Tong)
- Hash:
. Fixed bug GH-7759 (Incorrect return types for hash() and hash_hmac()).
(cmb)
. Fixed bug GH-7826 (Inconsistent argument name in hash_hmac_file and
hash_file). (cmb)
- MBString:
. Fixed bug #81693 (mb_check_encoding(7bit) segfaults). (cmb)
- MySQLi:
. Fixed bug #81658 (MYSQL_OPT_LOAD_DATA_LOCAL_DIR not available in MariaDB).
(devnexen)
. Introduced MYSQLI_IS_MARIADB. (devnexen)
. Fixed bug GH-7746 (mysqli_sql_exception->getSqlState()). (Kamil Tekiela)
- MySQLnd:
. Fixed bug where large bigints may be truncated. (Nathan Freeman, cmb)
- OCI8:
. Fixed bug GH-7765 (php_oci_cleanup_global_handles segfaults at second
call). (cmb)
- OPcache:
. Fixed bug #81679 (Tracing JIT crashes on reattaching). (cmb)
- Readline:
. Fixed bug #81598 (Cannot input unicode characters in PHP 8 interactive
shell). (Nikita)
- Reflection:
. Fixed bug #81681 (ReflectionEnum throwing exceptions). (cmb)
2021-12-02 21:19:16 +08:00
- PDO_PGSQL:
. Fixed error message allocation of PDO PgSQL. (SATO Kentaro)
- Sockets:
. Avoid void* arithmetic in sockets/multicast.c on NetBSD. (David Carlier)
. Fixed ext/sockets build on Haiku. (David Carlier)
- Spl:
. Fixed bug #75917 (SplFileObject::seek broken with CSV flags). (Aliaksandr
Bystry)
. Fixed bug GH-7809 (Cloning a faked SplFileInfo object may segfault). (cmb)
- Standard:
. Fixed bug GH-7748 (gethostbyaddr outputs binary string). (cmb)
. Fixed bug GH-7815 (php_uname doesn't recognise latest Windows versions).
(David Warner)
2021-12-02 21:19:16 +08:00
02 Dec 2021, PHP 8.1.1
2021-11-26 01:24:52 +08:00
- IMAP:
. Fixed bug #81649 (imap_(un)delete accept sequences, not single numbers).
(cmb)
2021-11-26 01:24:52 +08:00
- PCRE:
2021-11-27 19:54:14 +08:00
. Update bundled PCRE2 to 10.39. (cmb)
. Fixed bug #74604 (Out of bounds in php_pcre_replace_impl). (cmb, Dmitry)
- Standard:
. Fixed bug #81659 (stream_get_contents() may unnecessarily overallocate).
(cmb)
2021-11-26 01:24:52 +08:00
25 Nov 2021, PHP 8.1.0
2021-11-10 07:49:14 +08:00
- Core:
2021-11-27 20:18:59 +08:00
. Fixed inclusion order for phpize builds on Windows. (cmb)
. Added missing hashtable insertion APIs for arr/obj/ref. (Sara)
. Implemented FR #77372 (Relative file path is removed from uploaded file).
(Björn Tantau)
2021-11-27 19:54:14 +08:00
. Fixed bug #81607 (CE_CACHE allocation with concurrent access). (Nikita,
Dmitry)
. Fixed bug #81507 (Fiber does not compile on AIX). (Clément Chigot)
. Fixed bug #78647 (SEGFAULT in zend_do_perform_implementation_check).
(Nikita)
. Fixed bug #81518 (Header injection via default_mimetype / default_charset).
(cmb)
. Fixed bug #75941 (Fix compile failure on Solaris with clang). (Jaromír
Doleček)
. Fixed bug #81380 (Observer may not be initialized properly). (krakjoe)
. Fixed bug #81514 (Using Enum as key in WeakMap triggers GC + SegFault).
(Nikita)
2021-11-27 20:13:26 +08:00
. Fixed bug #81520 (TEST_PHP_CGI_EXECUTABLE badly set in run-tests.php).
2021-10-12 19:34:13 +08:00
(Remi)
. Fixed bug #81377 (unset() of $GLOBALS sub-key yields warning). (Nikita)
. Fixed bug #81342 (New ampersand token parsing depends on new line after it).
(Nikita)
. Fixed bug #81280 (Unicode characters in cli.prompt causes segfault).
(krakjoe)
. Fixed bug #81192 ("Declaration should be compatible with" gives incorrect
line number with traits). (Nikita)
. Fixed bug #78919 (CLI server: insufficient cleanup if request startup
fails). (cataphract, cmb)
2021-07-30 06:19:47 +08:00
. Fixed bug #81303 (match error message improvements). (krakjoe)
2021-11-27 19:54:14 +08:00
. Fixed bug #81238 (Fiber support missing for Solaris Sparc). (trowski)
. Fixed bug #81237 (Comparison of fake closures doesn't work). (krakjoe)
. Fixed bug #81202 (powerpc64 build fails on fibers). (krakjoe)
. Fixed bug #80072 (Cyclic unserialize in TMPVAR operand may leak). (Nikita)
2021-06-18 17:24:53 +08:00
. Fixed bug #81163 (__sleep allowed to return non-array). (krakjoe)
. Fixed bug #75474 (function scope static variables are not bound to a unique
function). (Nikita)
. Fixed bug #53826 (__callStatic fired in base class through a parent call if
the method is private). (Nikita)
. Fixed bug #81076 (incorrect debug info on Closures with implicit binds).
(krakjoe)
2021-11-27 19:54:14 +08:00
- CLI:
. Fixed bug #81496 (Server logs incorrect request method). (lauri)
- COM:
. Dispatch using LANG_NEUTRAL instead of LOCALE_SYSTEM_DEFAULT. (Dmitry
Maksimov)
2021-11-27 19:54:14 +08:00
- Curl:
. Fixed bug #81085 (Support CURLOPT_SSLCERT_BLOB for cert strings).
(camporter)
- Date:
2021-11-27 19:54:14 +08:00
. Fixed bug #81458 (Regression Incorrect difference after timezone change).
(Derick)
. Fixed bug #81500 (Interval serialization regression since 7.3.14 / 7.4.2).
(cmb)
. Fixed bug #81504 (Incorrect timezone transition details for POSIX data).
(Derick)
. Fixed bug #80998 (Missing second with inverted interval). (Derick)
. Speed up finding timezone offset information. (Derick)
. Fixed bug #79580 (date_create_from_format misses leap year). (Derick)
. Fixed bug #80963 (DateTimeZone::getTransitions() truncated). (Derick)
. Fixed bug #80974 (Wrong diff between 2 dates in different timezones).
(Derick)
. Fixed bug #80998 (Missing second with inverted interval). (Derick)
. Fixed bug #81097 (DateTimeZone silently falls back to UTC when providing an
offset with seconds). (Derick)
. Fixed bug #81106 (Regression in 8.1: add() now truncate ->f). (Derick)
. Fixed bug #81273 (Date interval calculation not correct). (Derick)
. Fixed bug #52480 (Incorrect difference using DateInterval). (Derick)
. Fixed bug #62326 (date_diff() function returns false result). (Derick)
. Fixed bug #64992 (dst not handled past 2038). (Derick)
. Fixed bug #65003 (Wrong date diff). (Derick)
. Fixed bug #66545 (DateTime. diff returns negative values). (Derick)
. Fixed bug #68503 (date_diff on two dates with timezone set localised
2021-11-27 19:54:14 +08:00
returns wrong results). (Derick)
. Fixed bug #69806 (Incorrect date from timestamp). (Derick)
. Fixed bug #71700 (Extra day on diff between begin and end of march 2016).
(Derick)
2021-11-27 19:54:14 +08:00
. Fixed bug #71826 (DateTime::diff confuse on timezone 'Asia/Tokyo'). (Derick)
. Fixed bug #73460 (Datetime add not realising it already applied DST
2021-11-27 19:54:14 +08:00
change). (Derick)
. Fixed bug #74173 (DateTimeImmutable::getTimestamp() triggers DST switch in
2021-11-27 19:54:14 +08:00
incorrect time). (Derick)
. Fixed bug #74274 (Handling DST transitions correctly). (Derick)
. Fixed bug #74524 (Date diff is bad calculated, in same time zone). (Derick)
. Fixed bug #75167 (DateTime::add does only care about backward DST
2021-11-27 19:54:14 +08:00
transition, not forward). (Derick)
. Fixed bug #76032 (DateTime->diff having issues with leap days for
2021-11-27 19:54:14 +08:00
timezones ahead of UTC). (Derick)
. Fixed bug #76374 (Date difference varies according day time). (Derick)
. Fixed bug #77571 (DateTime's diff DateInterval incorrect in timezones from
2021-11-27 19:54:14 +08:00
UTC+01:00 to UTC+12:00). (Derick)
. Fixed bug #78452 (diff makes wrong in hour for Asia/Tehran). (Derick)
. Fixed bug #79452 (DateTime::diff() generates months differently between
2021-11-27 19:54:14 +08:00
time zones). (Derick)
. Fixed bug #79698 (timelib mishandles future timestamps (triggered by 'zic
2021-11-27 19:54:14 +08:00
-b slim')). (Derick)
. Fixed bug #79716 (Invalid date time created (with day "00")). (Derick)
. Fixed bug #80610 (DateTime calculate wrong with DateInterval). (Derick)
. Fixed bug #80664 (DateTime objects behave incorrectly around DST
2021-11-27 19:54:14 +08:00
transition). (Derick)
. Fixed bug #80913 (DateTime(Immutable)::sub around DST yield incorrect
2021-11-27 19:54:14 +08:00
time). (Derick)
- DBA:
. Fixed bug #81588 (TokyoCabinet driver leaks memory). (girgias)
- DOM:
. Fixed bug #81433 (DOMElement::setIdAttribute() called twice may remove ID).
(Viktor Volkov)
- FFI:
. Fixed bug #79576 ("TYPE *" shows unhelpful message when type is not
defined). (Dmitry)
- Filter:
. Fixed bug #61700 (FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing).
(cmb, Nikita)
- FPM:
2021-11-27 19:54:14 +08:00
. Fixed bug #81513 (Future possibility for heap overflow in FPM zlog).
(Jakub Zelenka)
. Fixed bug #81026 (PHP-FPM oob R/W in root process leading to privilege
escalation) (CVE-2021-21703). (Jakub Zelenka)
. Added openmetrics status format. (Cees-Jan Kiewiet)
. Enable process renaming on macOS. (devnexen)
. Added pm.max_spawn_rate option to configure max spawn child processes rate.
(Paulius Sapragonas)
. Fixed bug #65800 (Events port mechanism). (psumbera)
2020-10-22 06:09:08 +08:00
- FTP:
. Convert resource<ftp> to object \FTP\Connection. (Sara)
2020-10-22 06:09:08 +08:00
2020-10-22 07:43:28 +08:00
- GD:
2021-11-27 19:54:14 +08:00
. Fixed bug #71316 (libpng warning from imagecreatefromstring). (cmb)
2020-10-22 07:43:28 +08:00
. Convert resource<gd font> to object \GdFont. (Sara)
- hash:
. Implemented FR #68109 (Add MurmurHash V3). (Anatol, Michael)
. Implemented FR #73385 (Add xxHash support). (Anatol)
2021-11-27 19:54:14 +08:00
- JSON:
. Fixed bug #81532 (Change of $depth behaviour in json_encode() on PHP 8.1).
(Nikita)
. Fixed bug GH-8238 (Register JSON_ERROR_NON_BACKED_ENUM constant). (ilutov)
2021-11-27 19:54:14 +08:00
- LDAP:
. Convert resource<ldap link> to object \LDAP\Connection. (Máté)
. Convert resource<ldap result> to object \LDAP\Result. (Máté)
. Convert resource<ldap result entry> to object \LDAP\ResultEntry. (Máté)
2021-11-27 19:54:14 +08:00
- MBString:
. Fixed bug #76167 (mbstring may use pointer from some previous request).
(cmb, cataphract)
. Fixed bug #81390 (mb_detect_encoding() regression). (alexdowad)
. Fixed bug #81349 (mb_detect_encoding misdetcts ASCII in some cases).
(Nikita)
. Fixed bug #81298 (mb_detect_encoding() segfaults when 7bit encoding is
specified). (Nikita)
- MySQLi:
. Fixed bug #70372 (Emulate mysqli_fetch_all() for libmysqlclient). (Nikita)
. Fixed bug #80330 (Replace language in APIs and source code/docs).
(Darek Ślusarczyk)
. Fixed bug #80329 (Add option to specify LOAD DATA LOCAL white list folder
(including libmysql)). (Darek Ślusarczyk)
- MySQLnd:
2021-11-27 19:54:14 +08:00
. Fixed bug #63327 (Crash (Bus Error) in mysqlnd due to wrong alignment).
(Nikita)
. Fixed bug #80761 (PDO uses too much memory). (Nikita)
2021-11-27 19:54:14 +08:00
- Opcache:
. Fixed bug #81409 (Incorrect JIT code for ADD with a reference to array).
(Dmitry)
2021-11-27 20:13:26 +08:00
. Fixed bug #81255 (Memory leak in PHPUnit with functional JIT).
. Fixed bug #80959 (infinite loop in building cfg during JIT compilation).
2021-11-27 19:54:14 +08:00
(Nikita, Dmitry)
. Fixed bug #81225 (Wrong result with pow operator with JIT enabled).
(Dmitry)
. Fixed bug #81249 (Intermittent property assignment failure with JIT
enabled). (Dmitry)
. Fixed bug #81256 (Assertion `zv != ((void *)0)' failed for "preload" with
JIT). (Dmitry)
. Fixed bug #81133 (building opcache with phpize fails). (krakjoe)
. Fixed bug #81136 (opcache header not installed). (krakjoe)
. Added inheritance cache. (Dmitry)
2020-10-11 04:02:26 +08:00
- OpenSSL:
2021-11-27 19:54:14 +08:00
. Fixed bug #81502 ($tag argument of openssl_decrypt() should accept
null/empty string). (Nikita)
2020-10-11 04:02:26 +08:00
. Bump minimal OpenSSL version to 1.0.2. (Jakub Zelenka)
- PCRE:
2021-11-27 19:54:14 +08:00
. Fixed bug #81424 (PCRE2 10.35 JIT performance regression). (cmb)
. Bundled PCRE2 is 10.37.
- PDO:
. Fixed bug #40913 (PDO_MYSQL: PDO::PARAM_LOB does not bind to a stream for
fetching a BLOB). (Nikita)
2021-11-27 19:54:14 +08:00
- PDO MySQL:
. Fixed bug #80908 (PDO::lastInsertId() return wrong). (matt)
. Fixed bug #81037 (PDO discards error message text from prepared
statement). (Kamil Tekiela)
2021-11-27 19:54:14 +08:00
- PDO OCI:
. Fixed bug #77120 (Support 'success with info' at connection).
(Sergei Morozov)
- PDO ODBC:
. Implement PDO_ATTR_SERVER_VERSION and PDO_ATTR_SERVER_INFO for
PDO::getAttribute(). (Calvin Buckley)
2021-11-27 19:54:14 +08:00
- PDO PgSQL:
. Fixed bug #81343 (pdo_pgsql: Inconsitent boolean conversion after calling
closeCursor()). (Philip Hofstetter)
- PDO SQLite:
. Fixed bug #38334 (Proper data-type support for PDO_SQLITE). (Nikita)
2021-11-27 19:59:28 +08:00
- PgSQL:
. Fixed bug #81509 (pg_end_copy still expects a resource). (Matteo)
. Convert resource<pgsql link> to object \PgSql\Connection. (Máté)
. Convert resource<pgsql result> to object \PgSql\Result. (Máté)
. Convert resource<pgsql large object> to object \PgSql\Lob. (Máté)
2021-11-27 19:54:14 +08:00
- Phar:
. Use SHA256 by default for signature. (remi)
. Add support for OpenSSL_SHA256 and OpenSSL_SHA512 signature. (remi)
- phpdbg:
. Fixed bug #81135 (unknown help topic causes assertion failure). (krakjoe)
2020-10-22 08:12:55 +08:00
- PSpell:
. Convert resource<pspell> to object \PSpell\Dictionary. (Sara)
. Convert resource<pspell config> to object \PSpell\Config. (Sara)
2020-10-22 08:12:55 +08:00
- readline:
. Fixed bug #72998 (invalid read in readline completion). (krakjoe)
- Reflection:
2021-11-27 19:54:14 +08:00
. Fixed bug #81611 (ArgumentCountError when getting default value from
ReflectionParameter with new). (Cameron Porter)
. Fixed bug #81630 (PHP 8.1: ReflectionClass->getTraitAliases() crashes with
Internal error). (Nikita)
. Fixed bug #81457 (Enum: ReflectionMethod->getDeclaringClass() return a
ReflectionClass). (Nikita)
. Fixed bug #81474 (Make ReflectionEnum and related class non-final). (Nikita)
. Fixed bug #80821 (ReflectionProperty::getDefaultValue() returns current
value for statics). (Nikita)
. Fixed bug #80564 (ReflectionProperty::__toString() renders current value,
not default value). (Nikita)
. Fixed bug #80097 (ReflectionAttribute is not a Reflector). (beberlei)
. Fixed bug #81200 (no way to determine if Closure is static). (krakjoe)
. Implement ReflectionFunctionAbstract::getClosureUsedVariables. (krakjoe)
- Shmop:
. Fixed bug #81407 (shmop_open won't attach and causes php to crash). (cmb)
- SimpleXML:
. Fixed bug #81325 (Segfault in zif_simplexml_import_dom). (remi)
- SNMP:
. Implement SHA256 and SHA512 for security protocol. (remi)
- Sodium:
. Added the XChaCha20 stream cipher functions. (P.I.E. Security Team)
. Added the Ristretto255 functions, which are available in libsodium 1.0.18.
(P.I.E. Security Team)
- SPL:
2021-11-27 19:54:14 +08:00
. Fixed bug #66588 (SplFileObject::fgetcsv incorrectly returns a row on
premature EOF). (Aliaksandr Bystry)
. Fixed bug #80663 (Recursive SplFixedArray::setSize() may cause double-free).
(cmb, Nikita, Tyson Andre)
. Fixed bug #81477 (LimitIterator + SplFileObject regression in 8.0.1). (cmb)
. Fixed bug #81112 (Special json_encode behavior for SplFixedArray). (Nikita)
. Fixed bug #80945 ("Notice: Undefined index" on unset() ArrayObject
non-existing key). (Nikita)
. Fixed bug #80724 (FilesystemIterator::FOLLOW_SYMLINKS remove KEY_AS_FILE
from bitmask). (Cameron Porter)
2021-11-27 19:54:14 +08:00
- Standard:
. Fixed bug #81441 (gethostbyaddr('::1') returns ip instead of name after
calling some other method). (Nikita)
. Fixed bug #81491 (Incorrectly using libsodium for argon2 hashing).
(Dan Pock)
. Fixed bug #81142 (PHP 7.3+ memory leak when unserialize() is used on an
associative array). (Nikita)
. Fixed bug #81111 (Serialization is unexpectedly allowed on anonymous classes
with __serialize()). (Nikita)
. Fixed bug #81137 (hrtime breaks build on OSX before Sierra). (krakjoe)
. Fixed bug #77627 (method_exists on Closure::__invoke inconsistency).
(krakjoe)
- Streams:
. Fixed bug #81475 (stream_isatty emits warning with attached stream wrapper).
(cmb)
- XML:
. Fixed bug #79971 (special character is breaking the path in xml function)
(CVE-2021-21707). (cmb)
. Fixed bug #70962 (XML_OPTION_SKIP_WHITE strips embedded whitespace).
(Aliaksandr Bystry, cmb)
- Zip:
. Fixed bug #81490 (ZipArchive::extractTo() may leak memory). (cmb, Remi)
. Fixed bug #77978 (Dirname ending in colon unzips to wrong dir). (cmb)
. Fixed bug #81420 (ZipArchive::extractTo extracts outside of destination)
(CVE-2021-21706). (cmb)
. Fixed bug #80833 (ZipArchive::getStream doesn't use setPassword). (Remi)