php-src/NEWS
Niels Dossche b9a5bfc355
Fix GH-10570: Assertion `(key)->h != 0 && "Hash must be known"' failed.
Fixes GH-10570, see GH-10570 for analysis.

Closes GH-10572
2023-02-24 20:40:29 +01:00

1167 lines
41 KiB
Plaintext

PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? ????, PHP 8.1.17
- Core:
. Fixed incorrect check condition in ZEND_YIELD. (nielsdos)
. Fixed incorrect check condition in type inference. (nielsdos)
. Fixed overflow check in OnUpdateMemoryConsumption. (nielsdos)
. Fixed bug GH-9916 (Entering shutdown sequence with a fiber suspended in a
Generator emits an unavoidable fatal error or crashes). (Arnaud)
. Fixed bug GH-10437 (Segfault/assertion when using fibers in shutdown
function after bailout). (trowski)
. Fixed SSA object type update for compound assignment opcodes. (nielsdos)
. Fixed language scanner generation build. (Daniel Black)
. Fixed zend_update_static_property() calling zend_update_static_property_ex()
misleadingly with the wrong return type. (nielsdos)
. Fixed unknown string hash on property fetch with integer constant name.
(nielsdos)
- Curl:
. Fixed deprecation warning at compile time. (Max Kellermann)
. Fixed bug GH-10270 (Unable to return CURL_READFUNC_PAUSE in readfunc
callback). (Pierrick Charron)
- Date:
. Fix GH-10447 ('p' format specifier does not yield 'Z' for 00:00). (Derick)
- FFI:
. Fixed incorrect bitshifting and masking in ffi bitfield. (nielsdos)
- Fiber:
. Fixed assembly on alpine x86. (nielsdos)
. Fixed bug GH-10496 (segfault when garbage collector is invoked inside of
fiber). (Bob, Arnaud)
- FPM:
. Fixed bug GH-10315 (FPM unknown child alert not valid). (Jakub Zelenka)
. Fixed bug GH-10385 (FPM successful config test early exit). (nielsdos)
- Intl:
. Fixed bug GH-10647 (Spoolchecker isSuspicious/areConfusable methods
error code's argument always returning NULL0. (Nathan Freeman)
- JSON:
. Fixed JSON scanner and parser generation build.
(Daniel Black, Jakub Zelenka)
- MBString:
. ext/mbstring: fix new_value length check. (Max Kellermann)
. Fix bug GH-10627 (mb_convert_encoding crashes PHP on Windows). (nielsdos)
- Opcache:
. Fix incorrect page_size check. (nielsdos)
- PDO OCI:
. Fixed bug #60994 (Reading a multibyte CLOB caps at 8192 chars).
(Michael Voříšek)
- PGSQL:
. Fix GH-10672 (pg_lo_open segfaults in the strict_types mode). (girgias)
- Phar:
. Fix incorrect check in phar tar parsing. (nielsdos)
- Reflection:
. Fixed bug GH-10623 (Reflection::getClosureUsedVariables opcode fix with
variadic arguments). (nielsdos)
. Fix Segfault when using ReflectionFiber suspended by an internal function.
(danog)
- Session:
. Fixed ps_files_cleanup_dir() on failure code paths with -1 instead of 0 as
the latter was considered success by callers. (nielsdos).
- Standard:
. Fixed bug GH-10292 (Made the default value of the first param of srand() and
mt_srand() unknown). (kocsismate)
. Fix incorrect check in cs_8559_5 in map_from_unicode(). (nielsdos)
. Fix bug GH-9697 for reset/end/next/prev() attempting to move pointer of
properties table for certain internal classes such as FFI classes
. Fix incorrect error check in browsecap for pcre2_match(). (nielsdos)
- Tidy:
. Fix memory leaks when attempting to open a non-existing file or a file over
4GB. (Girgias)
. Add missing error check on tidyLoadConfig. (nielsdos)
- Zlib:
. Fixed output_handler directive value's length which counted the string
terminator. (nieldos)
14 Feb 2023, PHP 8.1.16
- Core:
. Fixed bug #81744 (Password_verify() always return true with some hash).
(CVE-2023-0567). (Tim Düsterhus)
. Fixed bug #81746 (1-byte array overrun in common path resolve code).
(CVE-2023-0568). (Niels Dossche)
- SAPI:
. Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart
request body). (CVE-2023-0662) (Jakub Zelenka)
02 Feb 2023, PHP 8.1.15
- Apache:
. Fixed bug GH-9949 (Partial content on incomplete POST request). (cmb)
- Core:
. Fixed bug GH-10072 (PHP crashes when execute_ex is overridden and a __call
trampoline is used from internal code). (Derick)
. Fix GH-10251 (Assertion `(flag & (1<<3)) == 0' failed). (nielsdos)
. Fix wrong comparison in block optimisation pass after opcode update. (nieldsdos)
. Fix GH-10248 (Assertion `!(zval_get_type(&(*(property))) == 10)' failed).
(nielsdos)
- Date:
. Fixed bug GH-9891 (DateTime modify with unixtimestamp (@) must work like
setTimestamp). (Derick)
. Fixed bug GH-10218 (DateTimeZone fails to parse time zones that contain the
"+" character). (Derick)
- Fiber:
. Fix assertion on stack allocation size. (nielsdos)
- FPM:
. Fixed bug GH-9981 (FPM does not reset fastcgi.error_header).
(Jakub Zelenka)
. Fixed bug #67244 (Wrong owner:group for listening unix socket).
(Jakub Zelenka)
- Hash:
. Handle exceptions from __toString in XXH3's initialization (nielsdos)
- LDAP:
. Fixed bug GH-10112 (LDAP\Connection::__construct() refers to ldap_create()).
(cmb)
- MBString:
. Fixed: mb_strlen (and a couple of other mbstring functions) would wrongly treat 0x80, 0xFD, 0xFE, 0xFF, and certain other byte values as the first byte of a 2-byte SJIS character. (Alex Dowad)
- Opcache:
. Fix inverted bailout value in zend_runtime_jit() (Max Kellermann).
. Fix access to uninitialized variable in accel_preload(). (nielsdos)
. Fix zend_jit_find_trace() crashes. (Max Kellermann)
. Added missing lock for EXIT_INVALIDATE in zend_jit_trace_exit. (Max Kellermann)
- Phar:
. Fix wrong flags check for compression method in phar_object.c (nielsdos)
- PHPDBG:
. Fix undefined behaviour in phpdbg_load_module_or_extension(). (nielsdos)
. Fix NULL pointer dereference in phpdbg_create_conditional_breal(). (nielsdos)
. Fix GH-9710: phpdbg memory leaks by option "-h" (nielsdos)
. Fix phpdbg segmentation fault in case of malformed input (nielsdos)
- Posix:
. Fix memory leak in posix_ttyname() (girgias)
- Standard:
. Fix GH-10187 (Segfault in stripslashes() with arm64). (nielsdos)
. Fix substr_replace with slots in repl_ht being UNDEF. (nielsdos)
- TSRM:
. Fixed Windows shmget() wrt. IPC_PRIVATE. (Tyson Andre)
- XMLWriter
. Fix missing check for xmlTextWriterEndElement (nielsdos)
05 Jan 2023, PHP 8.1.14
- Core:
. Fixed bug GH-9905 (constant() behaves inconsistent when class is undefined).
(cmb)
. Fixed bug GH-9918 (License information for xxHash is not included in
README.REDIST.BINS file). (Akama Hitoshi)
. Fixed bug GH-9650 (Can't initialize heap: [0x000001e7]). (Michael Voříšek)
. Fixed potentially undefined behavior in Windows ftok(3) emulation. (cmb)
- Date:
. Fixed bug GH-9699 (DateTimeImmutable::diff differences in 8.1.10 onwards -
timezone related). (Derick)
. Fixed bug GH-9700 (DateTime::createFromFormat: Parsing TZID string is too
greedy). (Derick)
. Fixed bug GH-9866 (Time zone bug with \DateTimeInterface::diff()). (Derick)
. Fixed bug GH-9880 (DateTime diff returns wrong sign on day count when using
a timezone). (Derick)
- FPM:
. Fixed bug GH-9959 (Solaris port event mechanism is still broken after bug
#66694). (Petr Sumbera)
. Fixed bug #68207 (Setting fastcgi.error_header can result in a WARNING).
(Jakub Zelenka)
. Fixed bug GH-8517 (Random crash of FPM master process in
fpm_stdio_child_said). (Jakub Zelenka)
- MBString:
. Fixed bug GH-9535 (The behavior of mb_strcut in mbstring has been changed in
PHP8.1). (Nathan Freeman)
- Opcache:
. Fixed bug GH-9968 (Segmentation Fault during OPCache Preload).
(Arnaud, michdingpayc)
- OpenSSL:
. Fixed bug GH-9064 (PHP fails to build if openssl was built with --no-ec).
(Jakub Zelenka)
. Fixed bug GH-10000 (OpenSSL test failures when OpenSSL compiled with
no-dsa). (Jakub Zelenka)
- Pcntl:
. Fixed bug GH-9298 (Signal handler called after rshutdown leads to crash).
(Erki Aring)
- PDO_Firebird:
. Fixed bug GH-9971 (Incorrect NUMERIC value returned from PDO_Firebird).
(cmb)
- PDO/SQLite:
. Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631)
(cmb)
- Session:
. Fixed GH-9932 (session name silently fails with . and [). (David Carlier)
- SPL:
. Fixed GH-9883 (SplFileObject::__toString() reads next line). (Girgias)
. Fixed GH-10011 (Trampoline autoloader will get reregistered and cannot be
unregistered). (Girgias)
- SQLite3:
. Fixed bug #81742 (open_basedir bypass in SQLite3 by using file URI). (cmb)
24 Nov 2022, PHP 8.1.13
- CLI:
. Fixed bug GH-9709 (Null pointer dereference with -w/-s options). (Adam Saponara)
- Core:
. Fixed bug GH-9752 (Generator crashes when interrupted during argument
evaluation with extra named params). (Arnaud)
. Fixed bug GH-9801 (Generator crashes when memory limit is exceeded during
initialization). (Arnaud)
. Fixed potential NULL pointer dereference Windows shm*() functions. (cmb)
. Fixed bug GH-9750 (Generator memory leak when interrupted during argument
evaluation. (Arnaud)
- Date:
. Fixed bug GH-9763 (DateTimeZone ctr mishandles input and adds null byte if
the argument is an offset larger than 100*60 minutes). (Derick)
- FPM:
. Fixed bug GH-9754 (SaltStack (using Python subprocess) hangs when running
php-fpm 8.1.11). (Jakub Zelenka)
- mysqli:
. Fixed bug GH-9841 (mysqli_query throws warning despite using
silenced error mode). (Kamil Tekiela)
- MySQLnd:
. Fixed potential heap corruption due to alignment mismatch. (cmb)
- OpenSSL:
. Fixed bug GH-8430 (OpenSSL compiled with no-md2, no-md4 or no-rmd160 does
not build). (Jakub Zelenka, fsbruva)
- SOAP:
. Fixed GH-9720 (Null pointer dereference while serializing the response).
(cmb)
27 Oct 2022, PHP 8.1.12
- Core:
. Fixes segfault with Fiber on FreeBSD i386 architecture. (David Carlier)
- Fileinfo:
. Fixed bug GH-8805 (finfo returns wrong mime type for woff/woff2 files).
(Anatol)
- GD:
. Fixed bug #81739: OOB read due to insufficient input validation in
imageloadfont(). (CVE-2022-31630) (cmb)
- Hash:
. Fixed bug #81738: buffer overflow in hash_update() on long parameter.
(CVE-2022-37454) (nicky at mouha dot be)
- MBString:
- Fixed bug GH-9683 (Problem when ISO-2022-JP-MS is specified in
mb_ encode_mimeheader). (Alex Dowad)
- Opcache:
. Added indirect call reduction for jit on x86 architectures. (wxue1)
- Session:
. Fixed bug GH-9583 (session_create_id() fails with user defined save handler
that doesn't have a validateId() method). (Girgias)
- Streams:
. Fixed bug GH-9590 (stream_select does not abort upon exception or empty
valid fd set). (Arnaud)
29 Sep 2022, PHP 8.1.11
- Core:
. Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function)
(Tim Starling)
. Fixed bug GH-9361 (Segmentation fault on script exit #9379). (cmb,
Christian Schneider)
. Fixed bug GH-9447 (Invalid class FQN emitted by AST dump for new and class
constants in constant expressions). (ilutov)
. Fixed bug #81727: Don't mangle HTTP variable names that clash with ones
that have a specific semantic meaning. (CVE-2022-31629). (Derick)
- DOM:
. Fixed bug #79451 (DOMDocument->replaceChild on doctype causes double free).
(Nathan Freeman)
- FPM:
. Fixed bug GH-8885 (FPM access.log with stderr begins to write logs to
error_log after daemon reload). (Dmitry Menshikov)
. Fixed bug #77780 ("Headers already sent..." when previous connection was
aborted). (Jakub Zelenka)
- GMP
. Fixed bug GH-9308 (GMP throws the wrong error when a GMP object is passed
to gmp_init()). (Girgias)
- Intl
. Fixed bug GH-9421 (Incorrect argument number for ValueError in NumberFormatter).
(Girgias)
- PCRE:
. Fixed pcre.jit on Apple Silicon. (Niklas Keller)
- PDO_PGSQL:
. Fixed bug GH-9411 (PgSQL large object resource is incorrectly closed).
(Yurunsoft)
- Phar:
. Fixed bug #81726: phar wrapper: DOS when using quine gzip file.
(CVE-2022-31628). (cmb)
- Reflection:
. Fixed bug GH-8932 (ReflectionFunction provides no way to get the called
class of a Closure). (cmb, Nicolas Grekas)
- Streams:
. Fixed bug GH-9316 ($http_response_header is wrong for long status line).
(cmb, timwolla)
01 Sep 2022, PHP 8.1.10
- Core:
. Fixed --CGI-- support of run-tests.php. (cmb)
. Fixed incorrect double to long casting in latest clang. (zeriyoshi)
. Fixed bug GH-9266 (GC root buffer keeps growing when dtors are present).
(Michael Olšavský)
- Date:
. Fixed bug GH-8730 (DateTime::diff miscalculation is same time zone of
different type). (Derick)
. Fixed bug GH-8964 (DateTime object comparison after applying delta less
than 1 second). (Derick)
. Fixed bug GH-9106: (DateInterval 1.5s added to DateTimeInterface is rounded
down since PHP 8.1.0). (Derick)
. Fixed bug #81263 (Wrong result from DateTimeImmutable::diff). (Derick)
- DBA:
. Fixed LMDB driver memory leak on DB creation failure (Girgias)
. Fixed bug GH-9155 (dba_open("non-existing", "c-", "flatfile") segfaults)
(cmb)
- IMAP:
. Fixed bug GH-9309 (Segfault when connection is used after imap_close()).
(cmb)
- Intl:
. Fixed IntlDateFormatter::formatObject() parameter type. (Gert de Pagter)
- MBString:
. Fixed bug GH-9008 (mb_detect_encoding(): wrong results with null $encodings).
(cmb)
- OPcache:
. Fixed bug GH-9033 (Loading blacklist file can fail due to negative length).
(cmb)
. Fixed bug GH-9164 (Segfault in zend_accel_class_hash_copy).
(Arnaud, Sergei Turchanov)
- OpenSSL:
. Fixed bug GH-9339 (OpenSSL oid_file path check warning contains
uninitialized path). (Jakub Zelenka)
- PDO_SQLite:
. Fixed bug GH-9032 (SQLite3 authorizer crashes on NULL values). (cmb)
- SQLite3:
. Fixed bug GH-9032 (SQLite3 authorizer crashes on NULL values). (cmb)
- Streams:
. Fixed bug GH-8472 (The resource returned by stream_socket_accept may have
incorrect metadata). (Jakub Zelenka)
. Fixed bug GH-8409 (SSL handshake timeout leaves persistent connections
hanging). (Jakub Zelenka, Twosee)
04 Aug 2022, PHP 8.1.9
- CLI:
. Fixed potential overflow for the builtin server via the PHP_CLI_SERVER_WORKERS
environment variable. (yiyuaner)
- Core:
. Fixed bug GH-8923 (error_log on Windows can hold the file write lock). (cmb)
. Fixed bug GH-8995 (WeakMap object reference offset causing TypeError).
(Tobias Bachert)
- CLI:
. Fixed GH-8952 (Intentionally closing std handles no longer possible).
(Arnaud, cmb)
- Date:
. Fixed bug #80047 (DatePeriod doesn't warn with custom DateTimeImmutable).
(Derick)
- FPM:
. Fixed zlog message prepend, free on incorrect address. (Heiko Weber)
. Fixed possible double free on configuration loading failure. (Heiko Weber).
- GD:
. Fixed bug GH-8848 (imagecopyresized() error refers to the wrong argument).
(cmb)
- Intl:
. Fixed build for ICU 69.x and onwards. (David Carlier)
- OPcache:
. Fixed bug GH-8847 (PHP hanging infinitly at 100% cpu when check php
syntaxe of a valid file). (Dmitry)
. Fixed bug GH-8030 (Segfault with JIT and large match/switch statements).
(Arnaud)
- Reflection:
. Fixed bug GH-8943 (Fixed Reflection::getModifiersNames() with readonly
modifier). (Pierrick)
. Fixed bug GH-8982 (Attribute with TARGET_METHOD is rejected on fake
closure of method). (ilutov)
- Standard:
. Fixed the crypt_sha256/512 api build with clang > 12. (David Carlier)
. Uses CCRandomGenerateBytes instead of arc4random_buf on macOs. (David Carlier).
. Fixed bug GH-9017 (php_stream_sock_open_from_socket could return NULL).
(Heiko Weber)
07 Jul 2022, PHP 8.1.8
- Core:
. Fixed bug GH-8338 (Intel CET is disabled unintentionally). (Chen, Hu)
. Fixed leak in Enum::from/tryFrom for internal enums when using JIT (ilutov)
. Fixed calling internal methods with a static return type from
extension code. (Sara)
. Fixed bug GH-8655 (Casting an object to array does not unwrap refcount=1
references). (Nicolas Grekas)
. Fixed potential use after free in php_binary_init(). (Heiko Weber)
. Fixed bug GH-7942 (Indirect mutation of readonly properties through
references). (ilutov)
- CLI:
. Fixed GH-8827 (Intentionally closing std handles no longer possible). (cmb)
- COM:
. Fixed bug GH-8778 (Integer arithmethic with large number variants fails).
(cmb)
- Curl:
. Fixed CURLOPT_TLSAUTH_TYPE is not treated as a string option. (Pierrick)
- Date:
. Fixed bug #72963 (Null-byte injection in CreateFromFormat and related
functions). (Derick)
. Fixed bug #74671 (DST timezone abbreviation has incorrect offset). (Derick)
. Fixed bug #77243 (Weekdays are calculated incorrectly for negative years).
(Derick)
. Fixed bug #78139 (timezone_open accepts invalid timezone string argument).
(Derick)
- Fileinfo:
. Fixed bug #81723 (Heap buffer overflow in finfo_buffer). (CVE-2022-31627)
(cmb)
- FPM:
. Fixed bug #67764 (fpm: syslog.ident don't work). (Jakub Zelenka)
- GD:
. Fixed imagecreatefromavif() memory leak. (cmb)
- MBString:
. mb_detect_encoding recognizes all letters in Czech alphabet (alexdowad)
. mb_detect_encoding recognizes all letters in Hungarian alphabet (alexdowad)
. Fixed bug GH-8685 (pcre not ready at mbstring startup). (Remi)
. Backwards-compatible mappings for 0x5C/0x7E in Shift-JIS are restored,
after they had been changed in 8.1.0. (Alex Dowad)
- ODBC:
. Fixed handling of single-key connection strings. (Calvin Buckley)
- OPcache:
. Fixed bug GH-8591 (tracing JIT crash after private instance method change).
(Arnaud, Dmitry, Oleg Stepanischev)
- OpenSSL:
. Fixed bug #50293 (Several openssl functions ignore the VCWD).
(Jakub Zelenka, cmb)
. Fixed bug #81713 (NULL byte injection in several OpenSSL functions working
with certificates). (Jakub Zelenka)
- PDO_ODBC:
. Fixed handling of single-key connection strings. (Calvin Buckley)
- Zip:
. Fixed bug GH-8781 (ZipArchive::close deletes zip file without updating stat
cache). (Remi)
09 Jun 2022, PHP 8.1.7
- CLI:
. Fixed bug GH-8575 (CLI closes standard streams too early). (Levi Morrison)
- Date:
. Fixed bug #51934 (strtotime plurals / incorrect time). (Derick)
. Fixed bug #51987 (Datetime fails to parse an ISO 8601 ordinal date
(extended format)). (Derick)
. Fixed bug #66019 (DateTime object does not support short ISO 8601 time
format - YYYY-MM-DDTHH) (cmb, Derick)
. Fixed bug #68549 (Timezones and offsets are not properly used when working
with dates) (Derick, Roel Harbers)
. Fixed bug #81565 (date parsing fails when provided with timezones including
seconds). (Derick)
. Fixed bug GH-7758 (Problems with negative timestamps and fractions).
(Derick, Ilija)
- FPM:
. Fixed ACL build check on MacOS. (David Carlier)
. Fixed bug #72185: php-fpm writes empty fcgi record causing nginx 502.
(Jakub Zelenka, loveharmful)
. Fixes use after free. (Heiko Weber).
- mysqlnd:
. Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626)
(c dot fol at ambionics dot io)
- OPcache:
. Fixed bug GH-8461 (tracing JIT crash after function/method change).
(Arnaud, Dmitry)
- OpenSSL:
. Fixed bug #79589 (error:14095126:SSL routines:ssl3_read_n:unexpected eof
while reading). (Jakub Zelenka)
- Pcntl:
. Fixed Haiku build. (David Carlier)
- pgsql
. Fixed bug #81720: Uninitialized array in pg_query_params().
(CVE-2022-31625) (cmb)
- Soap:
. Fixed bug GH-8578 (Error on wrong parameter on SoapHeader constructor).
(robertnisipeanu)
. Fixed bug GH-8538 (SoapClient may strip parts of nmtokens). (cmb)
- SPL:
. Fixed bug GH-8235 (iterator_count() may run indefinitely). (cmb)
- Standard:
. Fixed bug GH-8185 (Crash during unloading of extension after dl() in ZTS).
(Arnaud)
- Zip:
. Fixed type for index in ZipArchive::replaceFile. (Martin Rehberger)
12 May 2022, PHP 8.1.6
- Core:
. Fixed bug GH-8310 (Registry settings are no longer recognized). (cmb)
. Fixed potential race condition during resource ID allocation. (ryancaicse)
. Fixed bug GH-8133 (Preloading of constants containing arrays with enums
segfaults). (ilutov)
. Fixed Haiku ZTS builds. (David Carlier)
- Date:
. Fixed bug GH-7752 (DateTimeZone::getTransitions() returns insufficient
data). (Derick)
. Fixed bug GH-8108 (Timezone doesn't work as intended). (Derick)
. Fixed bug #81660 (DateTimeZone::getTransitions() returns invalid data).
(Derick)
. Fixed bug GH-8289 (Exceptions thrown within a yielded from iterator are
not rethrown into the generator). (Bob)
- FFI:
. Fixed bug GH-8433 (Assigning function pointers to structs in FFI leaks).
(Bob)
- FPM:
. Fixed bug #76003 (FPM /status reports wrong number of active processe).
(Jakub Zelenka)
. Fixed bug #77023 (FPM cannot shutdown processes). (Jakub Zelenka)
. Fixed comment in kqueue remove callback log message. (David Carlier)
- Hash:
. Fixed bug #81714 (segfault when serializing finalized HashContext). (cmb)
- Iconv:
. Fixed bug GH-8218 (ob_end_clean does not reset Content-Encoding header).
(cmb)
- Intl:
. Fixed bug GH-8364 (msgfmt_format $values may not support references). (cmb)
- MBString:
. Number of error markers emitted for invalid UTF-8 text matches WHATWG specification.
This is a return to the behavior of PHP 8.0 and earlier. (alexdowad)
- MySQLi:
. Fixed bug GH-8267 (MySQLi uses unsupported format specifier on Windows).
(cmb)
- OPcache:
. Fixed bug GH-8063 (OPcache breaks autoloading after E_COMPILE_ERROR).
(Arnaud)
- SPL:
. Fixed bug GH-8366 (ArrayIterator may leak when calling __construct()).
(cmb)
. Fixed bug GH-8273 (SplFileObject: key() returns wrong value). (Girgias)
- Streams:
. Fixed php://temp does not preserve file-position when switched to temporary
file. (Bernd Holzmüller)
- zlib:
. Fixed bug GH-8218 (ob_end_clean does not reset Content-Encoding header).
(cmb)
14 Apr 2022, PHP 8.1.5
- Core:
. Fixed bug GH-8176 (Enum values in property initializers leak). (Bob)
. Fixed freeing of internal attribute arguments. (Bob)
. Fixed bug GH-8070 (memory leak of internal function attribute hash).
(Tim Düsterhus)
. Fixed bug GH-8160 (ZTS support on Alpine is broken). (Michael Voříšek)
- Filter:
. Fixed signedness confusion in php_filter_validate_domain(). (cmb)
- Intl:
. Fixed bug GH-8115 (Can't catch arg type deprecation when instantiating Intl
classes). (ilutov)
. Fixed bug GH-8142 (Compilation error on cygwin). (David Carlier)
. Fixed bug GH-7734 (Fix IntlPartsIterator key off-by-one error and first
key). (ilutov)
- MBString:
. Fixed bug GH-8208 (mb_encode_mimeheader: $indent functionality broken).
(cmb)
- MySQLi:
. Fixed bug GH-8068 (mysqli_fetch_object creates inaccessible properties).
(cmb)
- Pcntl:
. Fixed bug GH-8142 (Compilation error on cygwin). (David Carlier)
- PgSQL:
. Fixed result_type related stack corruption on LLP64 architectures. (cmb)
. Fixed bug GH-8253 (pg_insert() fails for references). (cmb)
- Sockets:
. Fixed Solaris builds. (David Carlier)
. Fix undefined behavior in php_set_inet6_addr. (ilutov)
- SPL:
. Fixed bug GH-8121 (SplFileObject - seek and key with csv file inconsistent).
(cmb)
. Fixed bug GH-8192 (Cannot override DirectoryIterator::current() without
return typehint in 8.1). (Nikita)
- Standard:
. Fixed bug GH-8048 (Force macOS to use statfs). (risner)
17 Mar 2022, PHP 8.1.4
- Core:
. Fixed Haiku ZTS build. (David Carlier)
. Fixed bug GH-8059 arginfo not regenerated for extension. (Remi)
. Fixed bug GH-8083 Segfault when dumping uncalled fake closure with static
variables. (ilutov)
. Fixed bug GH-7958 (Nested CallbackFilterIterator is leaking memory). (cmb)
. Fixed bug GH-8074 (Wrong type inference of range() result). (cmb)
. Fixed bug GH-8140 (Wrong first class callable by name optimization). (cmb)
. Fixed bug GH-8082 (op_arrays with temporary run_time_cache leak memory
when observed). (Bob)
- GD:
. Fixed libpng warning when loading interlaced images. (Brett)
- FPM:
. Fixed bug #76109 (Unsafe access to fpm scoreboard).
(Till Backhaus, Jakub Zelenka)
- Iconv:
. Fixed bug GH-7953 (ob_clean() only does not set Content-Encoding). (cmb)
. Fixed bug GH-7980 (Unexpected result for iconv_mime_decode). (cmb)
- MBString:
. Fixed bug GH-8128 (mb_check_encoding wrong result for 7bit). (alexdowad)
- MySQLnd:
. Fixed bug GH-8058 (NULL pointer dereference in mysqlnd package). (Kamil Tekiela)
- Reflection:
. Fixed bug GH-8080 (ReflectionClass::getConstants() depends on def. order).
(cmb)
. Fixed bug GH-8444 (Fix ReflectionProperty::__toString() of properties
containing instantiated enums). (ilutov)
- Zlib:
. Fixed bug GH-7953 (ob_clean() only does not set Content-Encoding). (cmb)
03 Feb 2022, PHP 8.1.3
- Core:
. Fixed bug #81430 (Attribute instantiation leaves dangling pointer).
(beberlei)
. Fixed bug GH-7896 (Environment vars may be mangled on Windows). (cmb)
. Fixed bug GH-7883 (Segfault when INI file is not readable). (Remi)
- FFI:
. Fixed bug GH-7867 (FFI::cast() from pointer to array is broken). (cmb,
dmitry)
- Filter:
. Fix #81708: UAF due to php_filter_float() failing for ints.
(CVE-2021-21708) (cmb)
- FPM:
. Fixed memory leak on invalid port. (David Carlier)
. Fixed bug GH-7842 (Invalid OpenMetrics response format returned by FPM
status page. (Stefano Arlandini)
- MBString:
. Fixed bug GH-7902 (mb_send_mail may delimit headers with LF only). (cmb)
- MySQLnd:
. Fixed bug GH-7972 (MariaDB version prefix 5.5.5- is not stripped). (Kamil Tekiela)
- pcntl:
. Fixed pcntl_rfork build for DragonFlyBSD. (David Carlier)
- Sockets:
. Fixed bug GH-7978 (sockets extension compilation errors). (David Carlier)
- Standard:
. Fixed bug GH-7899 (Regression in unpack for negative int value). (Remi)
. Fixed bug GH-7875 (mails are sent even if failure to log throws exception).
(cmb)
20 Jan 2022, PHP 8.1.2
- Core:
. Fixed bug #81216 (Nullsafe operator leaks dynamic property name). (Dmitry)
. Fixed bug #81684 (Using null coalesce assignment with $GLOBALS["x"] produces
opcode error). (ilutov)
. Fixed bug #81656 (GCC-11 silently ignores -R). (Michael Wallner)
. Fixed bug #81683 (Misleading "access type ... must be public" error message
on final or abstract interface methods). (ilutov)
. Fixed bug #81585 (cached_chunks are not counted to real_size on shutdown).
(cmb)
. Fixed bug GH-7757 (Multi-inherited final constant causes fatal error).
(cmb)
. Fixed zend_fibers.c build with ZEND_FIBER_UCONTEXT. (Petr Sumbera)
. Added riscv64 support for fibers. (Jeremie Courreges-Anglas)
- Filter:
. Fixed FILTER_FLAG_NO_RES_RANGE flag. (Yifan Tong)
- Hash:
. Fixed bug GH-7759 (Incorrect return types for hash() and hash_hmac()).
(cmb)
. Fixed bug GH-7826 (Inconsistent argument name in hash_hmac_file and
hash_file). (cmb)
- MBString:
. Fixed bug #81693 (mb_check_encoding(7bit) segfaults). (cmb)
- MySQLi:
. Fixed bug #81658 (MYSQL_OPT_LOAD_DATA_LOCAL_DIR not available in MariaDB).
(devnexen)
. Introduced MYSQLI_IS_MARIADB. (devnexen)
. Fixed bug GH-7746 (mysqli_sql_exception->getSqlState()). (Kamil Tekiela)
- MySQLnd:
. Fixed bug where large bigints may be truncated. (Nathan Freeman, cmb)
- OCI8:
. Fixed bug GH-7765 (php_oci_cleanup_global_handles segfaults at second
call). (cmb)
- OPcache:
. Fixed bug #81679 (Tracing JIT crashes on reattaching). (cmb)
- Readline:
. Fixed bug #81598 (Cannot input unicode characters in PHP 8 interactive
shell). (Nikita)
- Reflection:
. Fixed bug #81681 (ReflectionEnum throwing exceptions). (cmb)
- PDO_PGSQL:
. Fixed error message allocation of PDO PgSQL. (SATO Kentaro)
- Sockets:
. Avoid void* arithmetic in sockets/multicast.c on NetBSD. (David Carlier)
. Fixed ext/sockets build on Haiku. (David Carlier)
- Spl:
. Fixed bug #75917 (SplFileObject::seek broken with CSV flags). (Aliaksandr
Bystry)
. Fixed bug GH-7809 (Cloning a faked SplFileInfo object may segfault). (cmb)
- Standard:
. Fixed bug GH-7748 (gethostbyaddr outputs binary string). (cmb)
. Fixed bug GH-7815 (php_uname doesn't recognise latest Windows versions).
(David Warner)
02 Dec 2021, PHP 8.1.1
- IMAP:
. Fixed bug #81649 (imap_(un)delete accept sequences, not single numbers).
(cmb)
- PCRE:
. Update bundled PCRE2 to 10.39. (cmb)
. Fixed bug #74604 (Out of bounds in php_pcre_replace_impl). (cmb, Dmitry)
- Standard:
. Fixed bug #81659 (stream_get_contents() may unnecessarily overallocate).
(cmb)
25 Nov 2021, PHP 8.1.0
- Core:
. Fixed inclusion order for phpize builds on Windows. (cmb)
. Added missing hashtable insertion APIs for arr/obj/ref. (Sara)
. Implemented FR #77372 (Relative file path is removed from uploaded file).
(Björn Tantau)
. Fixed bug #81607 (CE_CACHE allocation with concurrent access). (Nikita,
Dmitry)
. Fixed bug #81507 (Fiber does not compile on AIX). (Clément Chigot)
. Fixed bug #78647 (SEGFAULT in zend_do_perform_implementation_check).
(Nikita)
. Fixed bug #81518 (Header injection via default_mimetype / default_charset).
(cmb)
. Fixed bug #75941 (Fix compile failure on Solaris with clang). (Jaromír
Doleček)
. Fixed bug #81380 (Observer may not be initialized properly). (krakjoe)
. Fixed bug #81514 (Using Enum as key in WeakMap triggers GC + SegFault).
(Nikita)
. Fixed bug #81520 (TEST_PHP_CGI_EXECUTABLE badly set in run-tests.php).
(Remi)
. Fixed bug #81377 (unset() of $GLOBALS sub-key yields warning). (Nikita)
. Fixed bug #81342 (New ampersand token parsing depends on new line after it).
(Nikita)
. Fixed bug #81280 (Unicode characters in cli.prompt causes segfault).
(krakjoe)
. Fixed bug #81192 ("Declaration should be compatible with" gives incorrect
line number with traits). (Nikita)
. Fixed bug #78919 (CLI server: insufficient cleanup if request startup
fails). (cataphract, cmb)
. Fixed bug #81303 (match error message improvements). (krakjoe)
. Fixed bug #81238 (Fiber support missing for Solaris Sparc). (trowski)
. Fixed bug #81237 (Comparison of fake closures doesn't work). (krakjoe)
. Fixed bug #81202 (powerpc64 build fails on fibers). (krakjoe)
. Fixed bug #80072 (Cyclic unserialize in TMPVAR operand may leak). (Nikita)
. Fixed bug #81163 (__sleep allowed to return non-array). (krakjoe)
. Fixed bug #75474 (function scope static variables are not bound to a unique
function). (Nikita)
. Fixed bug #53826 (__callStatic fired in base class through a parent call if
the method is private). (Nikita)
. Fixed bug #81076 (incorrect debug info on Closures with implicit binds).
(krakjoe)
- CLI:
. Fixed bug #81496 (Server logs incorrect request method). (lauri)
- COM:
. Dispatch using LANG_NEUTRAL instead of LOCALE_SYSTEM_DEFAULT. (Dmitry
Maksimov)
- Curl:
. Fixed bug #81085 (Support CURLOPT_SSLCERT_BLOB for cert strings).
(camporter)
- Date:
. Fixed bug #81458 (Regression Incorrect difference after timezone change).
(Derick)
. Fixed bug #81500 (Interval serialization regression since 7.3.14 / 7.4.2).
(cmb)
. Fixed bug #81504 (Incorrect timezone transition details for POSIX data).
(Derick)
. Fixed bug #80998 (Missing second with inverted interval). (Derick)
. Speed up finding timezone offset information. (Derick)
. Fixed bug #79580 (date_create_from_format misses leap year). (Derick)
. Fixed bug #80963 (DateTimeZone::getTransitions() truncated). (Derick)
. Fixed bug #80974 (Wrong diff between 2 dates in different timezones).
(Derick)
. Fixed bug #80998 (Missing second with inverted interval). (Derick)
. Fixed bug #81097 (DateTimeZone silently falls back to UTC when providing an
offset with seconds). (Derick)
. Fixed bug #81106 (Regression in 8.1: add() now truncate ->f). (Derick)
. Fixed bug #81273 (Date interval calculation not correct). (Derick)
. Fixed bug #52480 (Incorrect difference using DateInterval). (Derick)
. Fixed bug #62326 (date_diff() function returns false result). (Derick)
. Fixed bug #64992 (dst not handled past 2038). (Derick)
. Fixed bug #65003 (Wrong date diff). (Derick)
. Fixed bug #66545 (DateTime. diff returns negative values). (Derick)
. Fixed bug #68503 (date_diff on two dates with timezone set localised
returns wrong results). (Derick)
. Fixed bug #69806 (Incorrect date from timestamp). (Derick)
. Fixed bug #71700 (Extra day on diff between begin and end of march 2016).
(Derick)
. Fixed bug #71826 (DateTime::diff confuse on timezone 'Asia/Tokyo'). (Derick)
. Fixed bug #73460 (Datetime add not realising it already applied DST
change). (Derick)
. Fixed bug #74173 (DateTimeImmutable::getTimestamp() triggers DST switch in
incorrect time). (Derick)
. Fixed bug #74274 (Handling DST transitions correctly). (Derick)
. Fixed bug #74524 (Date diff is bad calculated, in same time zone). (Derick)
. Fixed bug #75167 (DateTime::add does only care about backward DST
transition, not forward). (Derick)
. Fixed bug #76032 (DateTime->diff having issues with leap days for
timezones ahead of UTC). (Derick)
. Fixed bug #76374 (Date difference varies according day time). (Derick)
. Fixed bug #77571 (DateTime's diff DateInterval incorrect in timezones from
UTC+01:00 to UTC+12:00). (Derick)
. Fixed bug #78452 (diff makes wrong in hour for Asia/Tehran). (Derick)
. Fixed bug #79452 (DateTime::diff() generates months differently between
time zones). (Derick)
. Fixed bug #79698 (timelib mishandles future timestamps (triggered by 'zic
-b slim')). (Derick)
. Fixed bug #79716 (Invalid date time created (with day "00")). (Derick)
. Fixed bug #80610 (DateTime calculate wrong with DateInterval). (Derick)
. Fixed bug #80664 (DateTime objects behave incorrectly around DST
transition). (Derick)
. Fixed bug #80913 (DateTime(Immutable)::sub around DST yield incorrect
time). (Derick)
- DBA:
. Fixed bug #81588 (TokyoCabinet driver leaks memory). (girgias)
- DOM:
. Fixed bug #81433 (DOMElement::setIdAttribute() called twice may remove ID).
(Viktor Volkov)
- FFI:
. Fixed bug #79576 ("TYPE *" shows unhelpful message when type is not
defined). (Dmitry)
- Filter:
. Fixed bug #61700 (FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing).
(cmb, Nikita)
- FPM:
. Fixed bug #81513 (Future possibility for heap overflow in FPM zlog).
(Jakub Zelenka)
. Fixed bug #81026 (PHP-FPM oob R/W in root process leading to privilege
escalation) (CVE-2021-21703). (Jakub Zelenka)
. Added openmetrics status format. (Cees-Jan Kiewiet)
. Enable process renaming on macOS. (devnexen)
. Added pm.max_spawn_rate option to configure max spawn child processes rate.
(Paulius Sapragonas)
. Fixed bug #65800 (Events port mechanism). (psumbera)
- FTP:
. Convert resource<ftp> to object \FTP\Connection. (Sara)
- GD:
. Fixed bug #71316 (libpng warning from imagecreatefromstring). (cmb)
. Convert resource<gd font> to object \GdFont. (Sara)
- hash:
. Implemented FR #68109 (Add MurmurHash V3). (Anatol, Michael)
. Implemented FR #73385 (Add xxHash support). (Anatol)
- JSON:
. Fixed bug #81532 (Change of $depth behaviour in json_encode() on PHP 8.1).
(Nikita)
. Fixed bug GH-8238 (Register JSON_ERROR_NON_BACKED_ENUM constant). (ilutov)
- LDAP:
. Convert resource<ldap link> to object \LDAP\Connection. (Máté)
. Convert resource<ldap result> to object \LDAP\Result. (Máté)
. Convert resource<ldap result entry> to object \LDAP\ResultEntry. (Máté)
- MBString:
. Fixed bug #76167 (mbstring may use pointer from some previous request).
(cmb, cataphract)
. Fixed bug #81390 (mb_detect_encoding() regression). (alexdowad)
. Fixed bug #81349 (mb_detect_encoding misdetcts ASCII in some cases).
(Nikita)
. Fixed bug #81298 (mb_detect_encoding() segfaults when 7bit encoding is
specified). (Nikita)
- MySQLi:
. Fixed bug #70372 (Emulate mysqli_fetch_all() for libmysqlclient). (Nikita)
. Fixed bug #80330 (Replace language in APIs and source code/docs).
(Darek Ślusarczyk)
. Fixed bug #80329 (Add option to specify LOAD DATA LOCAL white list folder
(including libmysql)). (Darek Ślusarczyk)
- MySQLnd:
. Fixed bug #63327 (Crash (Bus Error) in mysqlnd due to wrong alignment).
(Nikita)
. Fixed bug #80761 (PDO uses too much memory). (Nikita)
- Opcache:
. Fixed bug #81409 (Incorrect JIT code for ADD with a reference to array).
(Dmitry)
. Fixed bug #81255 (Memory leak in PHPUnit with functional JIT).
. Fixed bug #80959 (infinite loop in building cfg during JIT compilation).
(Nikita, Dmitry)
. Fixed bug #81225 (Wrong result with pow operator with JIT enabled).
(Dmitry)
. Fixed bug #81249 (Intermittent property assignment failure with JIT
enabled). (Dmitry)
. Fixed bug #81256 (Assertion `zv != ((void *)0)' failed for "preload" with
JIT). (Dmitry)
. Fixed bug #81133 (building opcache with phpize fails). (krakjoe)
. Fixed bug #81136 (opcache header not installed). (krakjoe)
. Added inheritance cache. (Dmitry)
- OpenSSL:
. Fixed bug #81502 ($tag argument of openssl_decrypt() should accept
null/empty string). (Nikita)
. Bump minimal OpenSSL version to 1.0.2. (Jakub Zelenka)
- PCRE:
. Fixed bug #81424 (PCRE2 10.35 JIT performance regression). (cmb)
. Bundled PCRE2 is 10.37.
- PDO:
. Fixed bug #40913 (PDO_MYSQL: PDO::PARAM_LOB does not bind to a stream for
fetching a BLOB). (Nikita)
- PDO MySQL:
. Fixed bug #80908 (PDO::lastInsertId() return wrong). (matt)
. Fixed bug #81037 (PDO discards error message text from prepared
statement). (Kamil Tekiela)
- PDO OCI:
. Fixed bug #77120 (Support 'success with info' at connection).
(Sergei Morozov)
- PDO ODBC:
. Implement PDO_ATTR_SERVER_VERSION and PDO_ATTR_SERVER_INFO for
PDO::getAttribute(). (Calvin Buckley)
- PDO PgSQL:
. Fixed bug #81343 (pdo_pgsql: Inconsitent boolean conversion after calling
closeCursor()). (Philip Hofstetter)
- PDO SQLite:
. Fixed bug #38334 (Proper data-type support for PDO_SQLITE). (Nikita)
- PgSQL:
. Fixed bug #81509 (pg_end_copy still expects a resource). (Matteo)
. Convert resource<pgsql link> to object \PgSql\Connection. (Máté)
. Convert resource<pgsql result> to object \PgSql\Result. (Máté)
. Convert resource<pgsql large object> to object \PgSql\Lob. (Máté)
- Phar:
. Use SHA256 by default for signature. (remi)
. Add support for OpenSSL_SHA256 and OpenSSL_SHA512 signature. (remi)
- phpdbg:
. Fixed bug #81135 (unknown help topic causes assertion failure). (krakjoe)
- PSpell:
. Convert resource<pspell> to object \PSpell\Dictionary. (Sara)
. Convert resource<pspell config> to object \PSpell\Config. (Sara)
- readline:
. Fixed bug #72998 (invalid read in readline completion). (krakjoe)
- Reflection:
. Fixed bug #81611 (ArgumentCountError when getting default value from
ReflectionParameter with new). (Cameron Porter)
. Fixed bug #81630 (PHP 8.1: ReflectionClass->getTraitAliases() crashes with
Internal error). (Nikita)
. Fixed bug #81457 (Enum: ReflectionMethod->getDeclaringClass() return a
ReflectionClass). (Nikita)
. Fixed bug #81474 (Make ReflectionEnum and related class non-final). (Nikita)
. Fixed bug #80821 (ReflectionProperty::getDefaultValue() returns current
value for statics). (Nikita)
. Fixed bug #80564 (ReflectionProperty::__toString() renders current value,
not default value). (Nikita)
. Fixed bug #80097 (ReflectionAttribute is not a Reflector). (beberlei)
. Fixed bug #81200 (no way to determine if Closure is static). (krakjoe)
. Implement ReflectionFunctionAbstract::getClosureUsedVariables. (krakjoe)
- Shmop:
. Fixed bug #81407 (shmop_open won't attach and causes php to crash). (cmb)
- SimpleXML:
. Fixed bug #81325 (Segfault in zif_simplexml_import_dom). (remi)
- SNMP:
. Implement SHA256 and SHA512 for security protocol. (remi)
- Sodium:
. Added the XChaCha20 stream cipher functions. (P.I.E. Security Team)
. Added the Ristretto255 functions, which are available in libsodium 1.0.18.
(P.I.E. Security Team)
- SPL:
. Fixed bug #66588 (SplFileObject::fgetcsv incorrectly returns a row on
premature EOF). (Aliaksandr Bystry)
. Fixed bug #80663 (Recursive SplFixedArray::setSize() may cause double-free).
(cmb, Nikita, Tyson Andre)
. Fixed bug #81477 (LimitIterator + SplFileObject regression in 8.0.1). (cmb)
. Fixed bug #81112 (Special json_encode behavior for SplFixedArray). (Nikita)
. Fixed bug #80945 ("Notice: Undefined index" on unset() ArrayObject
non-existing key). (Nikita)
. Fixed bug #80724 (FilesystemIterator::FOLLOW_SYMLINKS remove KEY_AS_FILE
from bitmask). (Cameron Porter)
- Standard:
. Fixed bug #81441 (gethostbyaddr('::1') returns ip instead of name after
calling some other method). (Nikita)
. Fixed bug #81491 (Incorrectly using libsodium for argon2 hashing).
(Dan Pock)
. Fixed bug #81142 (PHP 7.3+ memory leak when unserialize() is used on an
associative array). (Nikita)
. Fixed bug #81111 (Serialization is unexpectedly allowed on anonymous classes
with __serialize()). (Nikita)
. Fixed bug #81137 (hrtime breaks build on OSX before Sierra). (krakjoe)
. Fixed bug #77627 (method_exists on Closure::__invoke inconsistency).
(krakjoe)
- Streams:
. Fixed bug #81475 (stream_isatty emits warning with attached stream wrapper).
(cmb)
- XML:
. Fixed bug #79971 (special character is breaking the path in xml function)
(CVE-2021-21707). (cmb)
. Fixed bug #70962 (XML_OPTION_SKIP_WHITE strips embedded whitespace).
(Aliaksandr Bystry, cmb)
- Zip:
. Fixed bug #81490 (ZipArchive::extractTo() may leak memory). (cmb, Remi)
. Fixed bug #77978 (Dirname ending in colon unzips to wrong dir). (cmb)
. Fixed bug #81420 (ZipArchive::extractTo extracts outside of destination)
(CVE-2021-21706). (cmb)
. Fixed bug #80833 (ZipArchive::getStream doesn't use setPassword). (Remi)