Autoconf assigns the current suitable shell to SHELL variable. This
notably fixes cases on Solaris 10 when using C shell or KornShell where
genif.sh: syntax error at line 35 occurs due to using the `sh` command.
Previously the CHECK_HEADER_ADD_INCLUDE function defined the
`HAVE_<header>_H` preprocessor macros to value 0 or 1 whether the
`<header.h>` file was found. This syncs it with Autotools build system
where most of these macros are either undefined or defined to 1.
In possible edge cases where such macros might be intentionally used
like this without being aware that HAVE_HEADER_H can be 0 or 1 on
Windows:
| #ifdef HAVE_HEADER_H
| ...
| #endif
there is backwards incompatibility for PECL extensions in case the
header wouldn't exist on Windows such code wouldn't execute. However,
this is considered a bug if such case is present. From the Autotools
point of view, the check is correct though and should be used with
ifdef/defined() checks.
Help text is also synced to Autotools style:
`Define to 1 if you have the <header.h> header file.`
Since the mysqlnd result set is arena allocated, we must not simply
free it, but rather call the appropriate `free_result` method.
Co-authored-by: Kamil Tekiela <tekiela246@gmail.com>
This fixes the build for amd64 platforms that do not have
`HAVE_FUNC_ATTRIBUTE_TARGET`, specifically Alpine/Musl as of now.
Closes GH-15384.
Related to GH-15312.
Previously, seen symbols were never cleaned during the compilation of a single
file. This makes it impossible to use a class or function from a different
namespace if such a symbol is also declared within the same file. This is
inconsistent with how it would work when split into different files.
targetted for socket_create_pair/socket_create, they re not considered
as socket type but to be ORed with these (to avoid socketpair2/socket2
likely), set O_CLOEXEC/O_NONBLOCK respectively on the file descriptors.
close GH-15322
As a follow-up to the commit which introduced support for Firebird 4.0+
data types[1], we add support for formats for types with time zones.
Since this uses the newer Firebird C++ API, pdo_firebird now requires a
C++ compiler to be built.
[1] <https://github.com/php/php-src/pull/14897>
Co-authored-by: Christoph M. Becker <cmbecker69@gmx.de>
Closes GH-15230.
This intends to supersede the two following PRs:
- #12000 because it does not modify the stub file, but only update the
arginfo file. It also proposes to merge to GA branches, and is
currently marked as Requires RM Approval.
- #12543 Essentially the same as this PR and from the same author, as
this, but its about a year old and requires rebasing anyway.
This adds the `CURL_HTTP_VERSION_3` and `CURL_HTTP_VERSION_3ONLY`
constants on relevant versions (7.66 and 7.88 respectively).
It is possible to use HTTP/3 without having these constants declared,
but having them declared in PHP makes things more approachable and
"official".
* hash: Add SSE2 implementation of SHA-256
Implementation taken from
tarsnap/libcperciva@661752aee8.
Co-authored-by: Christoph M. Becker <cmbecker69@gmx.de>
Co-authored-by: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
* zend_cpuinfo: Add ZEND_CPU_FEATURE_SHA
* hash: Add SHA-NI implementation of SHA-256
Implementation taken from
tarsnap/libcperciva@661752aee8.
Co-authored-by: Christoph M. Becker <cmbecker69@gmx.de>
* NEWS / UPGRADING
---------
Co-authored-by: Christoph M. Becker <cmbecker69@gmx.de>
Co-authored-by: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
When an `PHP_OUTPUT_HANDLER_FAILURE` occurs, the output handler becomes
disabled (i.e. the `PHP_OUTPUT_HANDLER_DISABLED` flag is set). However,
there is no guard for disabled handlers in `php_output_handler_op()`
what may cause serious issues (as reported, UB due to passing `NULL` as
the 2nd argument of `memcpy`, because the handler's buffer has already
been `NULL`ed). Therefore, we add a respective guard for disabled
handlers, and return `PHP_OUTPUT_HANDLER_FAILURE` right away.
Closes GH-15183.
Two issues:
1) We should not modify the object when we pass invalid values
2) We should reset the properties to their default value otherwise we
get a UAF.
Regressed in df219ccf9d
Closes GH-15248.
The 'rl_pending_input' is a variable in Readline library and checking it
with PHP_CHECK_LIBRARY wouldn't find it on some systems.
Library check works on most systems but not on the mentioned AIX in the
bug as it exports variables and functions differently whereas the linker
couldn't resolve the variable as a function.
This should fix the build on systems where this caused issues, such as
AIX.
The <readline/readline.h> is not self-contained header and needs to also
have <stdio.h> included before to have FILE type available. This fixes
the issue on unpatched default readline installations, such as macOS.
Checking this variable ensures that the found library is the correct
library and also that it is of minimum version needed by current PHP
code (https://bugs.php.net/48608).
The library check:
```c
| char rl_pending_input ();
| int main (void) {
| return rl_pending_input ();
| }
```
The declaration check:
```c
| #include <stdio.h>
| #include <readline/readline.h>
| int main (void) {
| #ifndef rl_pending_input
| #ifdef __cplusplus
| (void) rl_pending_input;
| #else
| (void) rl_pending_input;
| #endif
| #endif
| ;
| return 0;
| }
```
Closes https://bugs.php.net/51558
When cloning a document, doc will not be equal to the actual new
document clone->doc. clone->doc will always point to the correct
document so use that instead when comparing document nodes.
Closes GH-15198.
When using libedit/readline integration in phpdbg:
./configure --with-libedit --enable-phpdbg-readline
EOF makes editline write prompt again in local console mode. For
example, this can be noticed when reading phpt test files from STDIN and
running phpdbg:
./sapi/cli/php run-tests.php sapi/phpdbg
Closes GH-13199
This is an old bug, but this is pretty easy to fix.
It's basically applying the same fix as I did for e878b9f.
Reported by YuanchengJiang.
Closes GH-15143.
* ext/gmp: Make GMP class final
RFC: https://wiki.php.net/rfc/gmp-final
* Update UPGRADING
Co-authored-by: Peter Kokot <peterkokot@gmail.com>
---------
Co-authored-by: Peter Kokot <peterkokot@gmail.com>
These get the next and previous sibling nodes, respectively.
We can already kind of do this by using the $child array, but that's
inconvenient when actually walking the tree by only using node
instances. Since the class is final, there is no BC break here.
Closes GH-15047.
Using compound literals is conforming to C99 (and up), but not with any
C++ standard. Since the code is in a public header, it might be used
by C++ extensions. Unfortunately, we cannot even used designated
initializers, because these are a C++20 feature, so we stick with
classic C/C++ code.
Closes GH-15100.
Instead of fixing up temporaries count in between observer steps, just apply the additional temporary in the two affected observer steps.
Closes GH-14018.
For top-level anonymous type definition we never store the declaration anywhere
else nor the type anywhere else.
The declaration keeps owning the type and it goes out of scope.
For anonymous fields this gets handled by the add_anonymous_field code that
removes the type from the declaration.
This patch does something similar in the parsing code when it is
detected we're dealing with an anonymous enum in a top-level declaration.
Closes GH-14839.
I don't understand the rationale of fatal erroring here. It seems this should
properly unprotect the compared elements when returning up the stack.
Related to GH-14980
Older GCC versions (< 7.0) don't support the -Wno-implicit-fallthrough
compiler flag. This adds the flag conditionally in case some other
compiler will run into same issue.
Fixes GH-13330
We were using atoi, which is only for integers. When the size does not
fit in an integer this breaks. Use ZEND_STRTOUL instead. Also make sure
invalid data isn't accidentally parsed into a file size.
Closes GH-15035.
Lower branches suffer from this as well but we cannot change the
behaviour there.
We also add NULL checks to check for allocation failure.
Closes GH-15014.
TIDY_APPLY_CONFIG can early return because it's a macro, but then the
cleanup paths are not executed. Transform this to a real function and
handle the cleanups correctly at the callsites.
Closes GH-15046.
RFC 2617 and 7616 describe that for the "Authorization" header we should
not put the qop nor nc value inside quotes. This differs from the
WWW-Authenticate header, which may have been the source of the confusion
in the implementation. While the version with quotes seems to work fine
in some cases, clearly not all servers accept the non-standard form.
To fix the issue, simply removing the quotes of those two header fields
of the client request to be in line with the RFC suffices.
I refer further to example 3.5 in RFC 2617 and example 3.9.1 in
RFC 7616.
RFC 2617: https://datatracker.ietf.org/doc/html/rfc2617
RFC 7616: https://datatracker.ietf.org/doc/html/rfc7616
Closes GH-14328.
PR #13498 bumped the required OpenSSL version to 1.1.1, but apparently
only for non Windows system. We catch up somewhat by dropping support
for OpenSSL < 1.1.0 on Windows; besides completely removing detection
of old OpenSSL versions in `SETUP_OPENSSL`, we also ensure that all
bundled extension using this function do no longer accept OpenSSL <
1.1.0, to avoid to still be able to build these extensions with older
`phpize` scripts.
We do not cater to `--phar-native-ssl` yet; that might better be
addressed by #14578.
Closes GH-14973.
When building ext/xmlreader with phpize, also ext/dom/dom_ce.h needs to
be installed by dom extension as it is used in
the ext/xmlreader/php_xmlreader.c.
cd ext/xmlreader
phpize
./configure
make
Closes GH-14978
This was only partially fixed in PHP-8.3. Backports and fixes the case for both
initialized and uninitialized property writes.
Fixes GH-14969
Closes GH-14971
The template element in HTML 5 is special in the sense that it does not
add its contents into the DOM tree, but instead keeps them in a separate
shadow DOM document fragment. Interacting with the DOM tree cannot touch
the elements in the document fragment.
Closes GH-14906.
According to the docs (https://www.php.net/manual/en/function.imagecreatefromwebp.php and https://www.php.net/manual/en/function.imagewebp.php), `false` should be returned on errors (similar to other functions of the `gd` extension), but actually all errors result in a `Fatal Error`. It doesn't look normal when trying to read an empty file or a file in the wrong format causes the program to stop. The problem seems to be related to a mega-patch that replaced `zend_error` with `zend_error_noreturn` almost everywhere. My patch fixes this behavior by switching from `zend_error_noerror` to `gd_error` (i.e. to `E_WARNING` level). All necessary memory cleanup is already in the code (as it was before the "zend_error_noreturn" patch).
Close GH-13774
The problem is that this line in the VM: `ZVAL_NULL(result);` changes the type
of arg1 as well, because after the DFA pass the result and input both use
CV0($result).
We should not contract assignments with CVs in frameless calls with
arguments.
An older attempt is found at GH-14876 that tried to modify the VM/JIT.
Closes GH-14903.
The LICENSE file of libmagic had been inadvertently removed when the
lib had been upgraded to 5.43. So we add the file `COPYING` from that
release[1], and rename it to `LICENSE`.
[1] <https://github.com/file/file/releases/tag/FILE5_43>
Closes GH-14917.
The create_obj handler of InternalIterator is overwritten, but not the
clone_obj handler. This is not allowed.
In PHP 8.2 this didn't cause a segfault because the standard object
handler was used for the clone instead of the internal handler.
So then it allocates and frees the object using the standard object handlers.
In 8.3 however, the object is created using the standard object handler and
freed using the custom handler, resulting in the buffer overflow.
Even though bisect points to 1e1ea4f this only reveals the bug.
Closes GH-14882.
When dealing with a file, we must free the contents if the function
fails. While here, also fix the error message because previously it
sounded like the filename was too long while in fact the file itself
is too large.
Closes GH-14862.
`spl_object_storage_attach_handle` creates an entry already, but only
fills it in at the end with `spl_object_storage_create_element` which
allocates memory. In this case the allocation fails and we're left with
a NULL slot. Doing the allocation first isn't an option because we want
to check whether the slot is occupied before allocating memory.
The simplest solution is to set the entry to NULL and check for a NULL
pointer upon destruction.
Closes GH-14849.
libxml2 2.13 makes changes to how the parsing state is set, update our
code accordingly. In particular, it started reporting entities within
attributes, while it should only report entities inside text nodes.
Closes GH-14837.
* PHP-8.2:
NEWS for compatibility in XML
Stop setting parse options directly
Stop relying on lastError directly
Stop relying on the sax2 flag directly
Port XML_GetCurrentByteIndex to public APIs
This broke in 6318040df2 when phpdbg
stopped using its custom printing routines. By relying on standard
printing routines, the embedded NUL bytes are causing the strings to be
cut off, even when using %.*s. Solve this by going straight to the
output routine, which is what the printf routine would've done anyway.
Closes GH-14822.
* PHP-8.2:
NEWS for GH-14814
ext/standard/tests: strings/wordwrap_memory_limit_32bit.phpt has two outputs
ext/standard/tests: 32bit wordwrap tests aren't just for Windows
When building pdo_mysql, pdo_pgsql, or pdo_sqlite with phpize from
the downloaded PHP 8.4 archive, also pdo_sql_parser.h and
php_pdo_int.h need to be installed.
