mirror of
https://github.com/php/php-src.git
synced 2024-12-02 14:24:10 +08:00
2367 lines
86 KiB
Plaintext
2367 lines
86 KiB
Plaintext
PHP NEWS
|
||
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||
?? ??? ????, PHP 8.2.27
|
||
|
||
- Calendar:
|
||
. Fixed jdtogregorian overflow. (David Carlier)
|
||
|
||
- Core:
|
||
. Fail early in *nix configuration build script. (hakre)
|
||
|
||
- FPM:
|
||
. Fixed GH-16432 (PHP-FPM 8.2 SIGSEGV in fpm_get_status). (Jakub Zelenka)
|
||
|
||
- OpenSSL:
|
||
. Prevent unexpected array entry conversion when reading key. (nielsdos)
|
||
. Fix various memory leaks related to openssl exports. (nielsdos)
|
||
. Fix memory leak in php_openssl_pkey_from_zval(). (nielsdos)
|
||
|
||
- PDO:
|
||
. Fixed memory leak of `setFetchMode()`. (SakiTakamachi)
|
||
|
||
- Phar:
|
||
. Fixed bug GH-16695 (phar:// tar parser and zero-length file header blocks).
|
||
(nielsdos, Hans Krentel)
|
||
|
||
21 Nov 2024, PHP 8.2.26
|
||
|
||
- Cli:
|
||
. Fixed bug GH-16373 (Shebang is not skipped for router script in cli-server
|
||
started through shebang). (ilutov)
|
||
|
||
- COM:
|
||
. Fixed out of bound writes to SafeArray data. (cmb)
|
||
|
||
- Core:
|
||
. Fixed bug GH-16168 (php 8.1 and earlier crash immediately when compiled
|
||
with Xcode 16 clang on macOS 15). (nielsdos)
|
||
. Fixed bug GH-16371 (Assertion failure in Zend/zend_weakrefs.c:646). (Arnaud)
|
||
. Fixed bug GH-16515 (Incorrect propagation of ZEND_ACC_RETURN_REFERENCE for
|
||
call trampoline). (ilutov)
|
||
. Fixed bug GH-16509 (Incorrect line number in function redeclaration error).
|
||
(ilutov)
|
||
. Fixed bug GH-16508 (Incorrect line number in inheritance errors of delayed
|
||
early bound classes). (ilutov)
|
||
. Fixed bug GH-16648 (Use-after-free during array sorting). (ilutov)
|
||
. Fixed bug GH-15915 (overflow with a high value for precision INI).
|
||
(David Carlier / cmb)
|
||
|
||
- Curl:
|
||
. Fixed bug GH-16302 (CurlMultiHandle holds a reference to CurlHandle if
|
||
curl_multi_add_handle fails). (timwolla)
|
||
|
||
- Date:
|
||
. Fixed bug GH-16454 (Unhandled INF in date_sunset() with tiny $utcOffset).
|
||
(cmb)
|
||
. Fixed bug GH-16037 (Assertion failure in ext/date/php_date.c). (Derick)
|
||
. Fixed bug GH-14732 (date_sun_info() fails for non-finite values). (cmb)
|
||
|
||
- DBA:
|
||
. Fixed bug GH-16390 (dba_open() can segfault for "pathless" streams). (cmb)
|
||
|
||
- DOM:
|
||
. Fixed bug GH-16316 (DOMXPath breaks when not initialized properly).
|
||
(nielsdos)
|
||
. Fixed bug GH-16473 (dom_import_simplexml stub is wrong). (nielsdos)
|
||
. Fixed bug GH-16533 (Segfault when adding attribute to parent that is not
|
||
an element). (nielsdos)
|
||
. Fixed bug GH-16535 (UAF when using document as a child). (nielsdos)
|
||
. Fixed bug GH-16593 (Assertion failure in DOM->replaceChild). (nielsdos)
|
||
. Fixed bug GH-16595 (Another UAF in DOM -> cloneNode). (nielsdos)
|
||
|
||
- EXIF:
|
||
. Fixed bug GH-16409 (Segfault in exif_thumbnail when not dealing with a
|
||
real file). (nielsdos, cmb)
|
||
|
||
- FFI:
|
||
. Fixed bug GH-16397 (Segmentation fault when comparing FFI object).
|
||
(nielsdos)
|
||
|
||
- Filter:
|
||
. Fixed bug GH-16523 (FILTER_FLAG_HOSTNAME accepts ending hyphen). (cmb)
|
||
|
||
- FPM:
|
||
. Fixed bug GH-16628 (FPM logs are getting corrupted with this log
|
||
statement). (nielsdos)
|
||
|
||
- GD:
|
||
. Fixed bug GH-16334 (imageaffine overflow on matrix elements).
|
||
(David Carlier)
|
||
. Fixed bug GH-16427 (Unchecked libavif return values). (cmb)
|
||
. Fixed bug GH-16559 (UBSan abort in ext/gd/libgd/gd_interpolation.c:1007).
|
||
(nielsdos)
|
||
|
||
- GMP:
|
||
. Fixed floating point exception bug with gmp_pow when using
|
||
large exposant values. (David Carlier).
|
||
. Fixed bug GH-16411 (gmp_export() can cause overflow). (cmb)
|
||
. Fixed bug GH-16501 (gmp_random_bits() can cause overflow).
|
||
(David Carlier)
|
||
. Fixed gmp_pow() overflow bug with large base/exponents.
|
||
(David Carlier)
|
||
. Fixed segfaults and other issues related to operator overloading with
|
||
GMP objects. (Girgias)
|
||
|
||
- MBstring:
|
||
. Fixed bug GH-16361 (mb_substr overflow on start/length arguments).
|
||
(David Carlier)
|
||
|
||
- OpenSSL:
|
||
. Fixed bug GH-16357 (openssl may modify member types of certificate arrays).
|
||
(cmb)
|
||
. Fixed bug GH-16433 (Large values for openssl_csr_sign() $days overflow).
|
||
(cmb)
|
||
. Fix various memory leaks on error conditions in openssl_x509_parse().
|
||
(nielsdos)
|
||
|
||
- PDO_ODBC:
|
||
. Fixed bug GH-16450 (PDO_ODBC can inject garbage into field values). (cmb)
|
||
|
||
- Phar:
|
||
. Fixed bug GH-16406 (Assertion failure in ext/phar/phar.c:2808). (nielsdos)
|
||
|
||
- PHPDBG:
|
||
. Fixed bug GH-16174 (Empty string is an invalid expression for ev). (cmb)
|
||
|
||
- Reflection:
|
||
. Fixed bug GH-16601 (Memory leak in Reflection constructors). (nielsdos)
|
||
|
||
- Session:
|
||
. Fixed bug GH-16385 (Unexpected null returned by session_set_cookie_params).
|
||
(nielsdos)
|
||
. Fixed bug GH-16290 (overflow on cookie_lifetime ini value).
|
||
(David Carlier)
|
||
|
||
- SOAP:
|
||
. Fixed bug GH-16429 (Segmentation fault access null pointer in SoapClient).
|
||
(nielsdos)
|
||
|
||
- Sockets:
|
||
. Fixed bug with overflow socket_recvfrom $length argument. (David Carlier)
|
||
|
||
- SPL:
|
||
. Fixed bug GH-16337 (Use-after-free in SplHeap). (nielsdos)
|
||
. Fixed bug GH-16464 (Use-after-free in SplDoublyLinkedList::offsetSet()).
|
||
(ilutov)
|
||
. Fixed bug GH-16479 (Use-after-free in SplObjectStorage::setInfo()). (ilutov)
|
||
. Fixed bug GH-16478 (Use-after-free in SplFixedArray::unset()). (ilutov)
|
||
. Fixed bug GH-16588 (UAF in Observer->serialize). (nielsdos)
|
||
. Fix GH-16477 (Segmentation fault when calling __debugInfo() after failed
|
||
SplFileObject::__constructor). (Girgias)
|
||
. Fixed bug GH-16589 (UAF in SplDoublyLinked->serialize()). (nielsdos)
|
||
. Fixed bug GH-14687 (segfault on SplObjectIterator instance).
|
||
(David Carlier)
|
||
. Fixed bug GH-16604 (Memory leaks in SPL constructors). (nielsdos)
|
||
. Fixed bug GH-16646 (UAF in ArrayObject::unset() and
|
||
ArrayObject::exchangeArray()). (ilutov)
|
||
|
||
- Standard:
|
||
. Fixed bug GH-16293 (Failed assertion when throwing in assert() callback with
|
||
bail enabled). (ilutov)
|
||
|
||
- SysVMsg:
|
||
. Fixed bug GH-16592 (msg_send() crashes when a type does not properly
|
||
serialized). (David Carlier / cmb)
|
||
|
||
- SysVShm:
|
||
. Fixed bug GH-16591 (Assertion error in shm_put_var). (nielsdos, cmb)
|
||
|
||
- XMLReader:
|
||
. Fixed bug GH-16292 (Segmentation fault in ext/xmlreader/php_xmlreader.c).
|
||
(nielsdos)
|
||
|
||
- Zlib:
|
||
. Fixed bug GH-16326 (Memory management is broken for bad dictionaries.)
|
||
(cmb)
|
||
|
||
24 Oct 2024, PHP 8.2.25
|
||
|
||
- Calendar:
|
||
. Fixed GH-16240: jdtounix overflow on argument value. (David Carlier)
|
||
. Fixed GH-16241: easter_days/easter_date overflow on year argument.
|
||
(David Carlier)
|
||
. Fixed GH-16263: jddayofweek overflow. (cmb)
|
||
. Fixed GH-16234: jewishtojd overflow. (nielsdos)
|
||
|
||
- CLI:
|
||
. Fixed bug GH-16137: duplicate http headers when set several times by
|
||
the client. (David Carlier)
|
||
|
||
- Core:
|
||
. Fixed bug GH-15712: zend_strtod overflow with precision INI set on
|
||
large value. (David Carlier)
|
||
. Fixed bug GH-15905 (Assertion failure for TRACK_VARS_SERVER). (cmb)
|
||
. Fixed bug GH-15907 (Failed assertion when promoting Serialize deprecation to
|
||
exception). (ilutov)
|
||
. Fixed bug GH-15851 (Segfault when printing backtrace during cleanup of
|
||
nested generator frame). (ilutov)
|
||
. Fixed bug GH-15866 (Core dumped in Zend/zend_generators.c). (Arnaud)
|
||
. Fixed bug GH-16188 (Assertion failure in Zend/zend_exceptions.c). (Arnaud)
|
||
. Fixed bug GH-16233 (Observer segfault when calling user function in
|
||
internal function via trampoline). (nielsdos)
|
||
|
||
- Date:
|
||
. Fixed bug GH-15582: Crash when not calling parent constructor of
|
||
DateTimeZone. (Derick)
|
||
. Fixed regression where signs after the first one were ignored while parsing
|
||
a signed integer, with the DateTimeInterface::modify() function. (Derick)
|
||
|
||
- DOM:
|
||
. Fixed bug GH-16039 (Segmentation fault (access null pointer) in
|
||
ext/dom/parentnode/tree.c). (nielsdos)
|
||
. Fixed bug GH-16151 (Assertion failure in ext/dom/parentnode/tree.c).
|
||
(nielsdos)
|
||
|
||
- GD:
|
||
. Fixed bug GH-16232 (bitshift overflow on wbmp file content reading /
|
||
fix backport from upstream). (David Carlier)
|
||
. Fixed bug GH-12264 (overflow/underflow on imagerotate degrees value)
|
||
(David Carlier)
|
||
. Fixed bug GH-16274 (imagescale underflow on RBG channels /
|
||
fix backport from upstream). (David Carlier)
|
||
|
||
- LDAP:
|
||
. Fixed bug GH-16032 (Various NULL pointer dereferencements in
|
||
ldap_modify_batch()). (Girgias)
|
||
. Fixed bug GH-16101 (Segfault in ldap_list(), ldap_read(), and ldap_search()
|
||
when LDAPs array is not a list). (Girgias)
|
||
. Fix GH-16132 (php_ldap_do_modify() attempts to free pointer not allocated
|
||
by ZMM.). (Girgias)
|
||
. Fix GH-16136 (Memory leak in php_ldap_do_modify() when entry is not a
|
||
proper dictionary). (Girgias)
|
||
|
||
- MBString:
|
||
. Fixed bug GH-16261 (Reference invariant broken in mb_convert_variables()).
|
||
(nielsdos)
|
||
|
||
- OpenSSL:
|
||
. Fixed stub for openssl_csr_new. (Jakub Zelenka)
|
||
|
||
- PCRE:
|
||
. Fixed bug GH-16189 (underflow on offset argument). (David Carlier)
|
||
. Fixed bug GH-16184 (UBSan address overflowed in ext/pcre/php_pcre.c).
|
||
(nielsdos)
|
||
|
||
- PHPDBG:
|
||
. Fixed bug GH-15901 (phpdbg: Assertion failure on i funcs). (cmb)
|
||
. Fixed bug GH-16181 (phpdbg: exit in exception handler reports fatal error).
|
||
(cmb)
|
||
|
||
- Reflection:
|
||
. Fixed bug GH-16187 (Assertion failure in ext/reflection/php_reflection.c).
|
||
(DanielEScherzer)
|
||
|
||
- SAPI:
|
||
. Fixed bug GH-15395 (php-fpm: zend_mm_heap corrupted with cgi-fcgi request).
|
||
(Jakub Zelenka, David Carlier)
|
||
|
||
- SimpleXML:
|
||
. Fixed bug GH-15837 (Segmentation fault in ext/simplexml/simplexml.c).
|
||
(nielsdos)
|
||
|
||
- Sockets:
|
||
. Fixed bug GH-16267 (socket_strerror overflow on errno argument).
|
||
(David Carlier)
|
||
|
||
- SOAP:
|
||
. Fixed bug #62900 (Wrong namespace on xsd import error message). (nielsdos)
|
||
. Fixed bug GH-16237 (Segmentation fault when cloning SoapServer). (nielsdos)
|
||
. Fix Soap leaking http_msg on error. (nielsdos)
|
||
. Fixed bug GH-16256 (Assertion failure in ext/soap/php_encoding.c:460).
|
||
(nielsdos)
|
||
. Fixed bug GH-16259 (Soap segfault when classmap instantiation fails).
|
||
(nielsdos)
|
||
|
||
- Standard:
|
||
. Fixed bug GH-15613 (overflow on unpack call hex string repeater).
|
||
(David Carlier)
|
||
. Fixed bug GH-15937 (overflow on stream timeout option value).
|
||
(David Carlier)
|
||
. Fixed bug GH-16053 (Assertion failure in Zend/zend_hash.c). (Arnaud)
|
||
|
||
- Streams:
|
||
. Fixed bugs GH-15908 and GH-15026 (leak / assertion failure in streams.c).
|
||
(nielsdos)
|
||
. Fixed bug GH-15980 (Signed integer overflow in main/streams/streams.c).
|
||
(cmb)
|
||
|
||
- TSRM:
|
||
. Prevent closing of unrelated handles. (cmb)
|
||
|
||
- XML:
|
||
. Fixed bug GH-15868 (Assertion failure in xml_parse_into_struct after
|
||
exception). (nielsdos)
|
||
|
||
26 Sep 2024, PHP 8.2.24
|
||
|
||
- CGI:
|
||
. Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection
|
||
Vulnerability). (CVE-2024-8926) (nielsdos)
|
||
. Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is
|
||
bypassable due to the environment variable collision). (CVE-2024-8927)
|
||
(nielsdos)
|
||
|
||
- Core:
|
||
. Fixed bug GH-15408 (MSan false-positve on zend_max_execution_timer).
|
||
(zeriyoshi)
|
||
. Fixed bug GH-15515 (Configure error grep illegal option q). (Peter Kokot)
|
||
. Fixed bug GH-15514 (Configure error: genif.sh: syntax error). (Peter Kokot)
|
||
. Fixed bug GH-15565 (--disable-ipv6 during compilation produces error
|
||
EAI_SYSTEM not found). (nielsdos)
|
||
. Fixed bug GH-15587 (CRC32 API build error on arm 32-bit).
|
||
(Bernd Kuhls, Thomas Petazzoni)
|
||
. Fixed bug GH-15330 (Do not scan generator frames more than once). (Arnaud)
|
||
. Fixed uninitialized lineno in constant AST of internal enums. (ilutov)
|
||
|
||
- Curl:
|
||
. FIxed bug GH-15547 (curl_multi_select overflow on timeout argument).
|
||
(David Carlier)
|
||
|
||
- DOM:
|
||
. Fixed bug GH-15551 (Segmentation fault (access null pointer) in
|
||
ext/dom/xml_common.h). (nielsdos)
|
||
|
||
- Fileinfo:
|
||
. Fixed bug GH-15752 (Incorrect error message for finfo_file
|
||
with an empty filename argument). (DanielEScherzer)
|
||
|
||
- FPM:
|
||
. Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered).
|
||
(CVE-2024-9026) (Jakub Zelenka)
|
||
|
||
- MySQLnd:
|
||
. Fixed bug GH-15432 (Heap corruption when querying a vector). (cmb,
|
||
Kamil Tekiela)
|
||
|
||
- Opcache:
|
||
. Fixed bug GH-15661 (Access null pointer in
|
||
Zend/Optimizer/zend_inference.c). (nielsdos)
|
||
. Fixed bug GH-15658 (Segmentation fault in Zend/zend_vm_execute.h).
|
||
(nielsdos)
|
||
|
||
- SAPI:
|
||
. Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data).
|
||
(CVE-2024-8925) (Arnaud)
|
||
|
||
- SOAP:
|
||
. Fixed bug #73182 (PHP SOAPClient does not support stream context HTTP
|
||
headers in array form). (nielsdos)
|
||
|
||
- Standard:
|
||
. Fixed bug GH-15552 (Signed integer overflow in ext/standard/scanf.c). (cmb)
|
||
|
||
- Streams:
|
||
. Fixed bug GH-15628 (php_stream_memory_get_buffer() not zero-terminated).
|
||
(cmb)
|
||
|
||
29 Aug 2024, PHP 8.2.23
|
||
|
||
- Core:
|
||
. Fixed bug GH-15020 (Memory leak in Zend/Optimizer/escape_analysis.c).
|
||
(nielsdos)
|
||
. Fixed bug GH-15023 (Memory leak in Zend/zend_ini.c). (nielsdos)
|
||
. Fixed bug GH-13330 (Append -Wno-implicit-fallthrough flag conditionally).
|
||
(Peter Kokot)
|
||
. Fix uninitialized memory in network.c. (nielsdos)
|
||
. Fixed bug GH-15108 (Segfault when destroying generator during shutdown).
|
||
(Arnaud)
|
||
. Fixed bug GH-15275 (Crash during GC of suspended generator delegate).
|
||
(Arnaud)
|
||
|
||
- Curl:
|
||
. Fixed case when curl_error returns an empty string.
|
||
(David Carlier)
|
||
|
||
- DOM:
|
||
. Fix UAF when removing doctype and using foreach iteration. (nielsdos)
|
||
|
||
- FFI:
|
||
. Fixed bug GH-14286 (ffi enum type (when enum has no name) make memory
|
||
leak). (nielsdos, dstogov)
|
||
|
||
- Hash:
|
||
. Fix crash when converting array data for array in shm in xxh3. (nielsdos)
|
||
|
||
- Intl:
|
||
. Fixed bug GH-15087 (IntlChar::foldCase()'s $option is not optional). (cmb)
|
||
|
||
- Opcache:
|
||
. Fixed bug GH-13817 (Segmentation fault for enabled observers after pass 4).
|
||
(Bob)
|
||
. Fixed bug GH-13775 (Memory leak possibly related to opcache SHM placement).
|
||
(Arnaud, nielsdos)
|
||
|
||
- Output:
|
||
. Fixed bug GH-15179 (Segmentation fault (null pointer dereference) in
|
||
ext/standard/url_scanner_ex.re). (nielsdos)
|
||
|
||
- PDO_Firebird:
|
||
. Fix bogus fallthrough path in firebird_handle_get_attribute(). (nielsdos)
|
||
|
||
- PHPDBG:
|
||
. Fixed bug GH-13199 (EOF emits redundant prompt in phpdbg local console mode
|
||
with libedit/readline). (Peter Kokot)
|
||
. Fixed bug GH-15268 (heap buffer overflow in phpdbg
|
||
(zend_hash_num_elements() Zend/zend_hash.h)). (nielsdos)
|
||
. Fixed bug GH-15210 use-after-free on watchpoint allocations. (nielsdos)
|
||
|
||
- Random:
|
||
. Fixed part of bug GH-15381, checking getrandom availability on solaris.
|
||
(David Carlier)
|
||
|
||
- Soap:
|
||
. Fixed bug #55639 (Digest autentication dont work). (nielsdos)
|
||
. Fix SoapFault property destruction. (nielsdos)
|
||
. Fixed bug GH-15252 (SOAP XML broken since PHP 8.3.9 when using classmap
|
||
constructor option). (nielsdos)
|
||
|
||
- Standard:
|
||
. Fix passing non-finite timeout values in stream functions. (nielsdos)
|
||
. Fixed GH-14780 p(f)sockopen timeout overflow. (David Carlier)
|
||
. Fixed GH-15653 overflow on fgetcsv length parameter. (David Carlier)
|
||
|
||
- Streams:
|
||
. Fixed bug GH-15028 (Memory leak in ext/phar/stream.c). (nielsdos)
|
||
. Fixed bug GH-15034 (Integer overflow on stream_notification_callback
|
||
byte_max parameter with files bigger than 2GB). (nielsdos)
|
||
|
||
- Tidy:
|
||
. Fix memory leaks in ext/tidy basedir restriction code. (nielsdos)
|
||
|
||
01 Aug 2024, PHP 8.2.22
|
||
|
||
- Core:
|
||
. Fixed bug GH-13922 (Fixed support for systems with
|
||
sysconf(_SC_GETPW_R_SIZE_MAX) == -1). (Arnaud)
|
||
. Fixed bug GH-14626 (Fix is_zend_ptr() for huge blocks). (Arnaud)
|
||
. Fixed bug GH-14590 (Memory leak in FPM test gh13563-conf-bool-env.phpt.
|
||
(nielsdos)
|
||
. Fixed OSS-Fuzz #69765. (nielsdos)
|
||
. Fixed bug GH-14741 (Segmentation fault in Zend/zend_types.h). (nielsdos)
|
||
. Fixed bug GH-14969 (Use-after-free in property coercion with __toString()).
|
||
(ilutov)
|
||
. Fixed bug GH-14961 (Comment between -> and keyword results in parse error).
|
||
(ilutov)
|
||
|
||
- Dom:
|
||
. Fixed bug GH-14702 (DOMDocument::xinclude() crash). (nielsdos)
|
||
|
||
- Gd:
|
||
. ext/gd/tests/gh10614.phpt: skip if no PNG support. (orlitzky)
|
||
. restored warning instead of fata error. (dryabov)
|
||
|
||
- LibXML:
|
||
. Fixed bug GH-14563 (Build failure with libxml2 v2.13.0). (nielsdos)
|
||
|
||
- Opcache:
|
||
. Fixed bug GH-14550 (No warning message when Zend DTrace is enabled that
|
||
opcache.jit is implictly disabled). (nielsdos)
|
||
|
||
- Output:
|
||
. Fixed bug GH-14808 (Unexpected null pointer in Zend/zend_string.h with
|
||
empty output buffer). (nielsdos)
|
||
|
||
- PDO:
|
||
. Fixed bug GH-14712 (Crash with PDORow access to null property).
|
||
(David Carlier)
|
||
|
||
- Phar:
|
||
. Fixed bug GH-14603 (null string from zip entry).
|
||
(David Carlier)
|
||
|
||
- PHPDBG:
|
||
. Fixed bug GH-14596 (crashes with ASAN and ZEND_RC_DEBUG=1).
|
||
(David Carlier)
|
||
. Fixed bug GH-14553 (echo output trimmed at NULL byte). (nielsdos)
|
||
|
||
- Shmop:
|
||
. Fixed bug GH-14537 (shmop Windows 11 crashes the process). (nielsdos)
|
||
|
||
- SimpleXML:
|
||
. Fixed bug GH-14638 (null dereference after XML parsing failure).
|
||
(David Carlier)
|
||
|
||
- SPL:
|
||
. Fixed bug GH-14639 (Member access within null pointer in
|
||
ext/spl/spl_observer.c). (nielsdos)
|
||
|
||
- Standard:
|
||
. Fix 32-bit wordwrap test failures. (orlitzky)
|
||
. Fixed bug GH-14774 (time_sleep_until overflow). (David Carlier)
|
||
|
||
- Tidy:
|
||
. Fix memory leak in tidy_repair_file(). (nielsdos)
|
||
|
||
- Treewide:
|
||
. Fix compatibility with libxml2 2.13.2. (nielsdos)
|
||
|
||
- XML:
|
||
. Move away from to-be-deprecated libxml fields. (nielsdos)
|
||
. Fixed bug GH-14834 (Error installing PHP when --with-pear is used).
|
||
(nielsdos)
|
||
|
||
04 Jul 2024, PHP 8.2.21
|
||
|
||
- Core:
|
||
. Fixed bug GH-14315 (Incompatible pointer type warnings). (Peter Kokot)
|
||
. Fixed bug GH-12814 (max_execution_time reached too early on MacOS 14
|
||
when running on Apple Silicon). (Manuel Kress)
|
||
. Fixed bug GH-14387 (Crash when stack walking in destructor of yielded from
|
||
values during Generator->throw()). (Bob)
|
||
. Fixed bug GH-14456 (Attempting to initialize class with private constructor
|
||
calls destructor). (Girgias)
|
||
. Fixed bug GH-14549 (Incompatible function pointer type for fclose).
|
||
(Ryan Carsten Schmidt)
|
||
|
||
- BCMath:
|
||
. Fixed bug (bcpowmod() with mod = -1 returns 1 when it must be 0). (Girgias)
|
||
|
||
- Curl:
|
||
. Fixed bug GH-14307 (Test curl_basic_024 fails with curl 8.8.0). (nielsdos)
|
||
|
||
- DOM:
|
||
. Fixed bug GH-14343 (Memory leak in xml and dom). (nielsdos)
|
||
|
||
- FPM:
|
||
. Fixed bug GH-14037 (PHP-FPM ping.path and ping.response config vars are
|
||
ignored in status pool). (Wilhansen Li, Pierrick Charron)
|
||
|
||
- GD:
|
||
. Fix parameter numbers for imagecolorset(). (Giovanni Giacobbi)
|
||
|
||
- Intl:
|
||
. Fix reference handling in SpoofChecker. (nielsdos)
|
||
|
||
- MySQLnd:
|
||
. Partially fix bug GH-10599 (Apache crash on Windows when using a
|
||
self-referencing anonymous function inside a class with an active
|
||
mysqli connection). (nielsdos)
|
||
|
||
- Opcache:
|
||
. Fixed bug GH-14267 (opcache.jit=off does not allow enabling JIT at runtime).
|
||
(ilutov)
|
||
. Fixed TLS access in JIT on FreeBSD/amd64. (Arnaud)
|
||
. Fixed bug GH-11188 (Error when building TSRM in ARM64). (nielsdos)
|
||
|
||
- PDO ODBC:
|
||
. Fixed bug GH-14367 (incompatible SDWORD type with iODBC). (Calvin Buckley)
|
||
|
||
- PHPDBG:
|
||
. Fixed bug GH-13681 (segfault on watchpoint addition failure). (David Carlier)
|
||
|
||
- Soap:
|
||
. Fixed bug #47925 (PHPClient can't decompress response). (nielsdos)
|
||
. Fix missing error restore code. (nielsdos)
|
||
. Fix memory leak if calling SoapServer::setObject() twice. (nielsdos)
|
||
. Fix memory leak if calling SoapServer::setClass() twice. (nielsdos)
|
||
. Fix reading zlib ini settings in ext-soap. (nielsdos)
|
||
. Fix memory leaks with string function name lookups. (nielsdos)
|
||
. Fixed bug #69280 (SoapClient classmap doesn't support fully qualified class
|
||
name). (nielsdos)
|
||
. Fixed bug #76232 (SoapClient Cookie Header Semicolon). (nielsdos)
|
||
. Fixed memory leaks when calling SoapFault::__construct() twice. (Girgias)
|
||
|
||
- Sodium:
|
||
. Fix memory leaks in ext/sodium on failure of some functions. (nielsdos)
|
||
|
||
- SPL:
|
||
. Fixed bug GH-14290 (Member access within null pointer in extension spl).
|
||
(nielsdos)
|
||
|
||
- Standard:
|
||
. Fixed bug GH-14483 (Fixed off-by-one error in checking length of abstract
|
||
namespace Unix sockets). (Derick)
|
||
|
||
- Streams:
|
||
. Fixed bug GH-11078 (PHP Fatal error triggers pointer being freed was not
|
||
allocated and malloc: double free for ptr errors). (nielsdos)
|
||
|
||
06 Jun 2024, PHP 8.2.20
|
||
|
||
- CGI:
|
||
. Fixed buffer limit on Windows, replacing read call usage by _read.
|
||
(David Carlier)
|
||
. Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection
|
||
in PHP-CGI). (CVE-2024-4577) (nielsdos)
|
||
|
||
- CLI:
|
||
. Fixed bug GH-14189 (PHP Interactive shell input state incorrectly handles
|
||
quoted heredoc literals.). (nielsdos)
|
||
|
||
- Core:
|
||
. Fixed bug GH-13970 (Incorrect validation of #[Attribute] flags type for
|
||
non-compile-time expressions). (ilutov)
|
||
. Fixed bug GH-14140 (Floating point bug in range operation on Apple Silicon
|
||
hardware). (Derick, Saki)
|
||
|
||
- DOM:
|
||
. Fix crashes when entity declaration is removed while still having entity
|
||
references. (nielsdos)
|
||
. Fix references not handled correctly in C14N. (nielsdos)
|
||
. Fix crash when calling childNodes next() when iterator is exhausted.
|
||
(nielsdos)
|
||
. Fix crash in ParentNode::append() when dealing with a fragment
|
||
containing text nodes. (nielsdos)
|
||
|
||
- FFI:
|
||
. Fixed bug GH-14215 (Cannot use FFI::load on CRLF header file with
|
||
apache2handler). (nielsdos)
|
||
|
||
- Filter:
|
||
. Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL).
|
||
(CVE-2024-5458) (nielsdos)
|
||
|
||
- FPM:
|
||
. Fix bug GH-14175 (Show decimal number instead of scientific notation in
|
||
systemd status). (Benjamin Cremer)
|
||
|
||
- Hash:
|
||
. ext/hash: Swap the checking order of `__has_builtin` and `__GNUC__`
|
||
(Saki Takamachi)
|
||
|
||
- Intl:
|
||
. Fixed build regression on systems without C++17 compilers. (Calvin Buckley,
|
||
Peter Kokot)
|
||
|
||
- Ini:
|
||
. Fixed bug GH-14100 (Corrected spelling mistake in php.ini files).
|
||
(Marcus Xavier)
|
||
|
||
- MySQLnd:
|
||
. Fix bug GH-14255 (mysqli_fetch_assoc reports error from
|
||
nested query). (Kamil Tekiela)
|
||
|
||
- Opcache:
|
||
. Fixed bug GH-14109 (Fix accidental persisting of internal class constant in
|
||
shm). (ilutov)
|
||
|
||
- OpenSSL:
|
||
. The openssl_private_decrypt function in PHP, when using PKCS1 padding
|
||
(OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack
|
||
unless it is used with an OpenSSL version that includes the changes from this pull
|
||
request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection).
|
||
These changes are part of OpenSSL 3.2 and have also been backported to stable
|
||
versions of various Linux distributions, as well as to the PHP builds provided for
|
||
Windows since the previous release. All distributors and builders should ensure that
|
||
this version is used to prevent PHP from being vulnerable. (CVE-2024-2408)
|
||
|
||
- Standard:
|
||
. Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874).
|
||
(CVE-2024-5585) (nielsdos)
|
||
|
||
- XML:
|
||
. Fixed bug GH-14124 (Segmentation fault with XML extension under certain
|
||
memory limit). (nielsdos)
|
||
|
||
- XMLReader:
|
||
. Fixed bug GH-14183 (XMLReader::open() can't be overridden). (nielsdos)
|
||
|
||
09 May 2024, PHP 8.2.19
|
||
|
||
- Core:
|
||
. Fixed bug GH-13772 (Invalid execute_data->opline pointers in observer fcall
|
||
handlers when JIT is enabled). (Bob)
|
||
. Fixed bug GH-13931 (Applying zero offset to null pointer in
|
||
Zend/zend_opcode.c). (nielsdos)
|
||
. Fixed bug GH-13942 (Align the behavior of zend-max-execution-timers with
|
||
other timeout implementations). (Kévin Dunglas)
|
||
. Fixed bug GH-14003 (Broken cleanup of unfinished calls with callable convert
|
||
parameters). (ilutov)
|
||
. Fixed bug GH-14013 (Erroneous dnl appended in configure). (Peter Kokot)
|
||
. Fixed bug GH-10232 (If autoloading occurs during constant resolution
|
||
filename and lineno are identified incorrectly). (ranvis)
|
||
. Fixed bug GH-13727 (Missing void keyword). (Peter Kokot)
|
||
|
||
- Fibers:
|
||
. Fixed bug GH-13903 (ASAN false positive underflow when executing copy()).
|
||
(nielsdos)
|
||
|
||
- FPM:
|
||
. Fixed bug GH-13563 (Setting bool values via env in FPM config fails).
|
||
(Jakub Zelenka)
|
||
|
||
- Intl:
|
||
. Fixed build for icu 74 and onwards. (dunglas)
|
||
|
||
- MySQLnd:
|
||
. Fix shift out of bounds on 32-bit non-fast-path platforms. (nielsdos)
|
||
|
||
- Opcache:
|
||
. Fixed incorrect assumptions across compilation units for static calls.
|
||
(ilutov)
|
||
|
||
- OpenSSL:
|
||
. Fixed bug GH-10495 (feof on OpenSSL stream hangs indefinitely).
|
||
(Jakub Zelenka)
|
||
|
||
- PDO SQLite:
|
||
. Fix GH-13984 (Buffer size is now checked before memcmp). (Saki Takamachi)
|
||
. Fix GH-13998 (Manage refcount of agg_context->val correctly).
|
||
(Saki Takamachi)
|
||
|
||
- Phar:
|
||
. Fixed bug GH-13836 (Renaming a file in a Phar to an already existing
|
||
filename causes a NULL pointer dereference). (nielsdos)
|
||
. Fixed bug GH-13833 (Applying zero offset to null pointer in zend_hash.c).
|
||
(nielsdos)
|
||
. Fix potential NULL pointer dereference before calling EVP_SignInit. (icy17)
|
||
|
||
- PHPDBG:
|
||
. Fixed bug GH-13827 (Null pointer access of type 'zval' in phpdbg_frame).
|
||
(nielsdos)
|
||
|
||
- Posix:
|
||
. Fix usage of reentrant functions in ext/posix. (Arnaud)
|
||
|
||
- Session:
|
||
. Fixed bug GH-13856 (Member access within null pointer of type 'ps_files' in
|
||
ext/session/mod_files.c). (nielsdos)
|
||
. Fixed bug GH-13891 (memleak and segfault when using ini_set with
|
||
session.trans_sid_hosts). (nielsdos, kamil-tekiela)
|
||
. Fixed buffer _read/_write size limit on windows for the file mode. (David Carlier)
|
||
|
||
- Streams:
|
||
. Fixed file_get_contents() on Windows fails with "errno=22 Invalid
|
||
argument". (Damian Wójcik)
|
||
. Fixed bug GH-13264 (Part 1 - Memory leak on stream filter failure).
|
||
(Jakub Zelenka)
|
||
. Fixed bug GH-13860 (Incorrect PHP_STREAM_OPTION_CHECK_LIVENESS case in
|
||
ext/openssl/xp_ssl.c - causing use of dead socket). (nielsdos)
|
||
. Fixed bug GH-11678 (Build fails on musl 1.2.4 - lfs64). (Arnaud)
|
||
|
||
- Treewide:
|
||
. Fix gcc-14 Wcalloc-transposed-args warnings. (Cristian Rodríguez)
|
||
|
||
11 Apr 2024, PHP 8.2.18
|
||
|
||
- Core:
|
||
. Fixed bug GH-13612 (Corrupted memory in destructor with weak references).
|
||
(nielsdos)
|
||
. Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi)
|
||
. Fixed bug GH-13670 (GC does not scale well with a lot of objects created in
|
||
destructor). (Arnaud)
|
||
|
||
- DOM:
|
||
. Add some missing ZPP checks. (nielsdos)
|
||
. Fix potential memory leak in XPath evaluation results. (nielsdos)
|
||
. Fix phpdoc for DOMDocument load methods. (VincentLanglet)
|
||
|
||
- FPM
|
||
. Fixed incorrect check in fpm_shm_free(). (nielsdos)
|
||
|
||
- GD:
|
||
. Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky)
|
||
|
||
- Gettext:
|
||
. Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5
|
||
with category set to LC_ALL. (David Carlier)
|
||
|
||
- MySQLnd:
|
||
. Fix GH-13452 (Fixed handshake response [mysqlnd]). (Saki Takamachi)
|
||
. Fix incorrect charset length in check_mb_eucjpms(). (nielsdos)
|
||
|
||
- Opcache:
|
||
. Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null).
|
||
(Arnaud, Dmitry)
|
||
. Fixed GH-13712 (Segmentation fault for enabled observers when calling trait
|
||
method of internal trait when opcache is loaded). (Bob)
|
||
|
||
- PDO:
|
||
. Fix various PDORow bugs. (Girgias)
|
||
|
||
- Random:
|
||
. Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown
|
||
modes). (timwolla)
|
||
. Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between
|
||
requests when MT_RAND_PHP is used). (timwolla)
|
||
|
||
- Session:
|
||
. Fixed bug GH-13680 (Segfault with session_decode and compilation error).
|
||
(nielsdos)
|
||
|
||
- Sockets:
|
||
. Fixed bug GH-13604 (socket_getsockname returns random characters in the end
|
||
of the socket name). (David Carlier)
|
||
|
||
- SPL:
|
||
. Fixed bug GH-13531 (Unable to resize SplfixedArray after being unserialized
|
||
in PHP 8.2.15). (nielsdos)
|
||
. Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). (nielsdos)
|
||
|
||
- Standard:
|
||
. Fixed bug GH-11808 (Live filesystem modified by tests). (nielsdos)
|
||
. Fixed GH-13402 (Added validation of `\n` in $additional_headers of mail()).
|
||
(SakiTakamachi)
|
||
. Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows).
|
||
(divinity76)
|
||
. Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command
|
||
parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)
|
||
. Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to
|
||
partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
|
||
. Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true,
|
||
opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)
|
||
|
||
- XML:
|
||
. Fixed bug GH-13517 (Multiple test failures when building with
|
||
--with-expat). (nielsdos)
|
||
|
||
14 Mar 2024, PHP 8.2.17
|
||
|
||
- Core:
|
||
. Fix ZTS persistent resource crashes on shutdown. (nielsdos)
|
||
|
||
- Curl:
|
||
. Fix failing tests due to string changes in libcurl 8.6.0. (Ayesh)
|
||
|
||
- DOM:
|
||
. Fix reference access in dimensions for DOMNodeList and DOMNodeMap.
|
||
(nielsdos)
|
||
|
||
- Fileinfo:
|
||
. Fixed bug GH-13344 (finfo::buffer(): Failed identify data 0:(null),
|
||
backport). (nielsdos)
|
||
|
||
- FPM:
|
||
. Fixed bug #75712 (getenv in php-fpm should not read $_ENV, $_SERVER).
|
||
(Jakub Zelenka)
|
||
|
||
- GD:
|
||
. Fixed bug GH-12019 (detection of image formats in system gd library).
|
||
(Michael Orlitzky)
|
||
|
||
- MySQLnd:
|
||
. Fixed bug GH-11950 ([mysqlnd] Fixed not to set CR_MALFORMED_PACKET to error
|
||
if CR_SERVER_GONE_ERROR is already set). (Saki Takamachi)
|
||
|
||
- PGSQL:
|
||
. Fixed bug GH-13354 (pg_execute/pg_send_query_params/pg_send_execute
|
||
with null value passed by reference). (George Barbarosie)
|
||
|
||
- Standard:
|
||
. Fixed array key as hash to string (case insensitive) comparison typo
|
||
for the second operand buffer size (albeit unused for now). (A. Slepykh)
|
||
|
||
15 Feb 2024, PHP 8.2.16
|
||
|
||
- Core:
|
||
. Fixed timer leak in zend-max-execution-timers builds. (withinboredom)
|
||
. Fixed bug GH-12349 (linking failure on ARM with mold). (Jan Palus)
|
||
. Fixed bug GH-13097 (Anonymous class reference in trigger_error / thrown
|
||
Exception). (nielsdos)
|
||
. Fixed bug GH-13215 (GCC 14 build failure). (Remi)
|
||
|
||
- Curl:
|
||
. Fix missing error check in curl_multi_init(). (divinity76)
|
||
|
||
- FPM:
|
||
. Fixed bug GH-12996 (Incorrect SCRIPT_NAME with Apache ProxyPassMatch when
|
||
plus in path). (Jakub Zelenka)
|
||
|
||
- GD:
|
||
. Fixed bug GH-10344 (imagettfbbox(): Could not find/open font UNC path).
|
||
(nielsdos)
|
||
. Fixed bug GH-10614 (imagerotate will turn the picture all black, when
|
||
rotated 90). (nielsdos)
|
||
|
||
- MySQLnd:
|
||
. Fixed bug GH-12107 (When running a stored procedure (that returns a result
|
||
set) twice, PHP crashes). (nielsdos)
|
||
|
||
- Opcache:
|
||
. Fixed bug GH-13232 (Segmentation fault will be reported when JIT is off but
|
||
JIT_debug is still on). (nielsdos)
|
||
|
||
- OpenSSL:
|
||
. Fixed LibreSSL undefined reference when OPENSSL_NO_ENGINE not set.
|
||
(David Carlier).
|
||
|
||
- PDO_Firebird:
|
||
. Fix GH-13119 (Changed to convert float and double values into strings using
|
||
`H` format). (SakiTakamachi)
|
||
|
||
- Phar:
|
||
. Fixed bug #71465 (PHAR doesn't know about litespeed). (nielsdos)
|
||
. Fixed bug GH-13037 (PharData incorrectly extracts zip file). (nielsdos)
|
||
|
||
- Random:
|
||
. Fixed bug GH-13138 (Randomizer::pickArrayKeys() does not detect broken
|
||
engines). (timwolla)
|
||
|
||
- Session:
|
||
. Fixed bug GH-12504 (Corrupted session written when there's a fatal error
|
||
in autoloader). (nielsdos)
|
||
|
||
- Streams:
|
||
. Fixed bug GH-13071 (Copying large files using mmap-able source streams may
|
||
exhaust available memory and fail). (nielsdos)
|
||
|
||
18 Jan 2024, PHP 8.2.15
|
||
|
||
- Core:
|
||
. Fixed bug GH-12953 (false positive SSA integrity verification failed when
|
||
loading composer classmaps with more than 11k elements). (nielsdos)
|
||
. Fixed bug GH-12966 (missing cross-compiling 3rd argument so Autoconf doesn't
|
||
emit warnings). (Peter Kokot)
|
||
. Fixed bug GH-13727 (missing void keyword for C generate code for feature test).
|
||
(Peter Kokot/David Carlier)
|
||
|
||
- Cli:
|
||
. Fix incorrect timeout in built-in web server when using router script and
|
||
max_input_time. (ilutov)
|
||
|
||
- FFI:
|
||
. Fixed bug GH-9698 (stream_wrapper_register crashes with FFI\CData).
|
||
(Jakub Zelenka)
|
||
. Fixed bug GH-12905 (FFI::new interacts badly with observers). (nielsdos)
|
||
|
||
- GD:
|
||
. Fixed GH-13082 undefined behavior with GdFont instances handling with
|
||
imageload* and imagechar*. (David Carlier)
|
||
|
||
- Intl:
|
||
. Fixed GH-12943 (IntlDateFormatter::__construct accepts 'C' as valid locale).
|
||
(David Carlier)
|
||
|
||
- Hash:
|
||
. Fixed bug GH-12936 (hash() function hangs endlessly if using sha512 on
|
||
strings >= 4GiB). (nielsdos)
|
||
|
||
- ODBC:
|
||
. Fix crash on Apache shutdown with persistent connections. (nielsdos)
|
||
|
||
- Opcache:
|
||
. Fixed oss-fuzz #64727 (JIT undefined array key warning may overwrite DIM
|
||
with NULL when DIM is the same var as result). (ilutov)
|
||
. Added workaround for SELinux mprotect execheap issue.
|
||
See https://bugzilla.kernel.org/show_bug.cgi?id=218258. (ilutov)
|
||
|
||
- OpenSSL:
|
||
. Fixed bug GH-12987 (openssl_csr_sign might leak new cert on error).
|
||
(Jakub Zelenka)
|
||
|
||
- PDO:
|
||
. Fix GH-12969 (Fixed PDO::getAttribute() to get PDO::ATTR_STRINGIFY_FETCHES).
|
||
(SakiTakamachi)
|
||
|
||
- PDO_ODBC:
|
||
. Fixed bug GH-12767 (Unable to turn on autocommit mode with setAttribute()).
|
||
(SakiTakamachi)
|
||
|
||
- PGSQL:
|
||
. Fixed auto_reset_persistent handling and allow_persistent type. (David Carlier)
|
||
. Fixed bug GH-12974 (Apache crashes on shutdown when using pg_pconnect()).
|
||
(nielsdos)
|
||
|
||
- Phar:
|
||
. Fixed bug #77432 (Segmentation fault on including phar file). (nielsdos)
|
||
|
||
- PHPDBG:
|
||
. Fixed bug GH-12962 (Double free of init_file in phpdbg_prompt.c). (nielsdos)
|
||
|
||
- SimpleXML:
|
||
. Fix getting the address of an uninitialized property of a SimpleXMLElement
|
||
resulting in a crash. (nielsdos)
|
||
|
||
- Tidy:
|
||
. Fixed bug GH-12980 (tidynode.props.attribute is missing
|
||
"Boolean Attributes" and empty attributes). (nielsdos)
|
||
|
||
21 Dec 2023, PHP 8.2.14
|
||
|
||
- Core:
|
||
. Fixed oss-fuzz #54325 (Use-after-free of name in var-var with malicious
|
||
error handler). (ilutov)
|
||
. Fixed oss-fuzz #64209 (In-place modification of filename in
|
||
php_message_handler_for_zend). (ilutov)
|
||
. Fixed bug GH-12758 / GH-12768 (Invalid opline in OOM handlers within
|
||
ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC). (Florian Engelhardt)
|
||
. Fix various missing NULL checks. (nielsdos, dstogov)
|
||
. Fixed bug GH-12835 (Leak of call->extra_named_params on internal __call).
|
||
(ilutov)
|
||
|
||
- Date:
|
||
. Fixed improbably integer overflow while parsing really large (or small)
|
||
Unix timestamps. (Derick)
|
||
|
||
- DOM:
|
||
. Fixed bug GH-12616 (DOM: Removing XMLNS namespace node results in invalid
|
||
default: prefix). (nielsdos)
|
||
|
||
- FPM:
|
||
. Fixed bug GH-12705 (Segmentation fault in fpm_status_export_to_zval).
|
||
(Patrick Prasse)
|
||
|
||
- FTP:
|
||
. Fixed bug GH-9348 (FTP & SSL session reuse). (nielsdos)
|
||
|
||
- Intl:
|
||
. Fixed bug GH-12635 (Test bug69398.phpt fails with ICU 74.1). (nielsdos)
|
||
|
||
- LibXML:
|
||
. Fixed bug GH-12702 (libxml2 2.12.0 issue building from src). (nono303)
|
||
. Fixed test failures for libxml2 2.12.0. (nielsdos)
|
||
|
||
- MySQLnd:
|
||
. Avoid using uninitialised struct. (mikhainin)
|
||
. Fixed bug GH-12791 (Possible dereference of NULL in MySQLnd debug code).
|
||
(nielsdos)
|
||
|
||
- Opcache:
|
||
. Fixed JIT bug (Function JIT emits "Uninitialized string offset" warning
|
||
at the same time as invalid offset Error). (Girgias)
|
||
. Fixed JIT bug (JIT emits "Attempt to assign property of non-object"
|
||
warning at the same time as Error is being thrown). (Girgias)
|
||
|
||
- OpenSSL:
|
||
. Fixed bug #50713 (openssl_pkcs7_verify() may ignore untrusted CAs).
|
||
(Jakub Zelenka)
|
||
|
||
- PCRE:
|
||
. Fixed bug GH-12628 (The gh11374 test fails on Alpinelinux). (nielsdos)
|
||
|
||
- PDO PGSQL:
|
||
. Fixed the default value of $fetchMode in PDO::pgsqlGetNotify() (kocsismate)
|
||
|
||
- PGSQL:
|
||
. Fixed bug GH-12763 wrong argument type for pg_untrace. (degtyarov)
|
||
|
||
- PHPDBG:
|
||
. Fixed bug GH-12675 (MEMORY_LEAK in phpdbg_prompt.c). (nielsdos)
|
||
|
||
- SOAP:
|
||
. Fixed bug GH-12838 ([SOAP] Temporary WSDL cache files not being deleted).
|
||
(nielsdos)
|
||
|
||
- SPL:
|
||
. Fixed bug GH-12721 (SplFileInfo::getFilename() segfault in combination
|
||
with GlobIterator and no directory separator). (nielsdos)
|
||
|
||
- SQLite3:
|
||
. Fixed bug GH-12633 (sqlite3_defensive.phpt fails with sqlite 3.44.0).
|
||
(SakiTakamachi)
|
||
|
||
- Standard:
|
||
. Fix memory leak in syslog device handling. (danog)
|
||
. Fixed bug GH-12621 (browscap segmentation fault when configured in the
|
||
vhost). (nielsdos)
|
||
. Fixed bug GH-12655 (proc_open() does not take into account references
|
||
in the descriptor array). (nielsdos)
|
||
|
||
- Streams:
|
||
. Fixed bug #79945 (Stream wrappers in imagecreatefrompng causes segfault).
|
||
(Jakub Zelenka)
|
||
|
||
- Zip:
|
||
. Fixed bug GH-12661 (Inconsistency in ZipArchive::addGlob remove_path Option
|
||
Behavior). (Remi)
|
||
|
||
23 Nov 2023, PHP 8.2.13
|
||
|
||
- Core:
|
||
. Fixed double-free of non-interned enum case name. (ilutov)
|
||
. Fixed bug GH-12457 (Incorrect result of stripos with single character
|
||
needle). (SakiTakamachi)
|
||
. Fixed bug GH-12468 (Double-free of doc_comment when overriding static
|
||
property via trait). (ilutov)
|
||
. Fixed segfault caused by weak references to FFI objects. (sj-i)
|
||
. Fixed max_execution_time: don't delete an unitialized timer. (Kévin Dunglas)
|
||
. Fixed bug GH-12558 (Arginfo soft-breaks with namespaced class return type
|
||
if the class name starts with N). (kocsismate)
|
||
|
||
- DOM:
|
||
. Fix registerNodeClass with abstract class crashing. (nielsdos)
|
||
. Add missing NULL pointer error check. (icy17)
|
||
. Fix validation logic of php:function() callbacks. (nielsdos)
|
||
|
||
- Fiber:
|
||
. Fixed bug GH-11121 (ReflectionFiber segfault). (danog, trowski, bwoebi)
|
||
|
||
- FPM:
|
||
. Fixed bug GH-9921 (Loading ext in FPM config does not register module
|
||
handlers). (Jakub Zelenka)
|
||
. Fixed bug GH-12232 (FPM: segfault dynamically loading extension without
|
||
opcache). (Jakub Zelenka)
|
||
. Fixed bug #76922 (FastCGI terminates conn after FCGI_GET_VALUES).
|
||
(Jakub Zelenka)
|
||
|
||
- Intl:
|
||
. Removed the BC break on IntlDateFormatter::construct which threw an
|
||
exception with an invalid locale. (David Carlier)
|
||
|
||
- Opcache:
|
||
. Added warning when JIT cannot be enabled. (danog)
|
||
. Fixed bug GH-8143 (Crashes in zend_accel_inheritance_cache_find since
|
||
upgrading to 8.1.3 due to corrupt on-disk file cache). (turchanov)
|
||
|
||
- OpenSSL:
|
||
. Fixed bug GH-12489 (Missing sigbio creation checking in openssl_cms_verify).
|
||
(Jakub Zelenka)
|
||
|
||
- PCRE:
|
||
. Fixed bug GH-11374 (Backport upstream fix, Different preg_match result
|
||
with -d pcre.jit=0). (mvorisek)
|
||
|
||
- SOAP:
|
||
. Fixed bug GH-12392 (Segmentation fault on SoapClient::__getTypes).
|
||
(nielsdos)
|
||
. Fixed bug #66150 (SOAP WSDL cache race condition causes Segmentation
|
||
Fault). (nielsdos)
|
||
. Fixed bug #67617 (SOAP leaves incomplete cache file on ENOSPC). (nielsdos)
|
||
. Fix incorrect uri check in SOAP caching. (nielsdos)
|
||
. Fix segfault and assertion failure with refcounted props and arrays.
|
||
(nielsdos)
|
||
. Fix potential crash with an edge case of persistent encoders. (nielsdos)
|
||
. Fixed bug #75306 (Memleak in SoapClient). (nielsdos)
|
||
|
||
- Streams:
|
||
. Fixed bug #75708 (getimagesize with "&$imageinfo" fails on StreamWrappers).
|
||
(Jakub Zelenka)
|
||
|
||
- XMLReader:
|
||
. Add missing NULL pointer error check. (icy17)
|
||
|
||
- XMLWriter:
|
||
. Add missing NULL pointer error check. (icy17)
|
||
|
||
- XSL:
|
||
. Add missing module dependency. (nielsdos)
|
||
. Fix validation logic of php:function() callbacks. (nielsdos)
|
||
|
||
26 Oct 2023, PHP 8.2.12
|
||
|
||
- Core:
|
||
. Fixed bug GH-12207 (memory leak when class using trait with doc block).
|
||
(rioderelfte)
|
||
. Fixed bug GH-12215 (Module entry being overwritten causes type errors in
|
||
ext/dom). (nielsdos)
|
||
. Fixed bug GH-12273 (__builtin_cpu_init check). (Freaky)
|
||
. Fixed bug #80092 (ZTS + preload = segfault on shutdown). (nielsdos)
|
||
|
||
- CLI:
|
||
. Ensure a single Date header is present. (coppolafab)
|
||
|
||
- CType:
|
||
. Fixed bug GH-11997 (ctype_alnum 5 times slower in PHP 8.1 or greater).
|
||
(nielsdos)
|
||
|
||
- DOM:
|
||
. Restore old namespace reconciliation behaviour. (nielsdos)
|
||
. Fixed bug GH-8996 (DOMNode serialization on PHP ^8.1). (nielsdos)
|
||
|
||
- Fileinfo:
|
||
. Fixed bug GH-11891 (fileinfo returns text/xml for some svg files). (usarise)
|
||
|
||
- Filter:
|
||
. Fix explicit FILTER_REQUIRE_SCALAR with FILTER_CALLBACK (ilutov)
|
||
|
||
- Hash:
|
||
. Fixed bug GH-12186 (segfault copying/cloning a finalized HashContext).
|
||
(MaxSem)
|
||
|
||
- Intl:
|
||
. Fixed bug GH-12243 (segfault on IntlDateFormatter::construct).
|
||
(David Carlier)
|
||
. Fixed bug GH-12282 (IntlDateFormatter::construct should throw an exception
|
||
on an invalid locale). (David Carlier)
|
||
|
||
- MySQLnd:
|
||
. Fixed bug GH-12297 (PHP Startup: Invalid library (maybe not a PHP library)
|
||
'mysqlnd.so' in Unknown on line). (nielsdos)
|
||
|
||
- Opcache:
|
||
. Fixed opcache_invalidate() on deleted file. (mikhainin)
|
||
. Fixed bug GH-12380 (JIT+private array property access inside closure
|
||
accesses private property in child class). (nielsdos)
|
||
|
||
- PCRE:
|
||
. Fixed bug GH-11956 (Backport upstream fix, PCRE regular expressions with
|
||
JIT enabled gives different result). (nielsdos)
|
||
|
||
- SimpleXML:
|
||
. Fixed bug GH-12170 (Can't use xpath with comments in SimpleXML). (nielsdos)
|
||
. Fixed bug GH-12223 (Entity reference produces infinite loop in
|
||
var_dump/print_r). (nielsdos)
|
||
. Fixed bug GH-12167 (Unable to get processing instruction contents in
|
||
SimpleXML). (nielsdos)
|
||
. Fixed bug GH-12169 (Unable to get comment contents in SimpleXML).
|
||
(nielsdos)
|
||
|
||
- Streams:
|
||
. Fixed bug GH-12190 (binding ipv4 address with both address and port at 0).
|
||
(David Carlier)
|
||
|
||
- XML:
|
||
. Fix return type of stub of xml_parse_into_struct(). (nielsdos)
|
||
. Fix memory leak when calling xml_parse_into_struct() twice. (nielsdos)
|
||
|
||
- XSL:
|
||
. Fix type error on XSLTProcessor::transformToDoc return value with
|
||
SimpleXML. (nielsdos)
|
||
|
||
28 Sep 2023, PHP 8.2.11
|
||
|
||
- Core:
|
||
. Fixed bug GH-11937 (Constant ASTs containing objects). (ilutov)
|
||
. Fixed bug GH-11790 (On riscv64 require libatomic if actually needed).
|
||
(Jeremie Courreges-Anglas)
|
||
. Fixed bug GH-11876: ini_parse_quantity() accepts invalid quantities.
|
||
(Girgias)
|
||
. Fixed bug GH-12073 (Segfault when freeing incompletely initialized
|
||
closures). (ilutov)
|
||
. Fixed bug GH-12060 (Internal iterator rewind handler is called twice).
|
||
(ju1ius)
|
||
. Fixed bug GH-12102 (Incorrect compile error when using array access on TMP
|
||
value in function call). (ilutov)
|
||
|
||
- DOM:
|
||
. Fix memory leak when setting an invalid DOMDocument encoding. (nielsdos)
|
||
|
||
- Iconv:
|
||
. Fixed build for NetBSD which still uses the old iconv signature.
|
||
(David Carlier)
|
||
|
||
- Intl:
|
||
. Fixed bug GH-12020 (intl_get_error_message() broken after
|
||
MessageFormatter::formatMessage() fails). (Girgias)
|
||
|
||
- MySQLnd:
|
||
. Fixed bug GH-10270 (Invalid error message when connection via SSL fails:
|
||
"trying to connect via (null)"). (Kamil Tekiela)
|
||
|
||
- ODBC:
|
||
. Fixed memory leak with failed SQLPrepare. (NattyNarwhal)
|
||
. Fixed persistent procedural ODBC connections not getting closed.
|
||
(NattyNarwhal)
|
||
|
||
- SimpleXML:
|
||
. Fixed bug #52751 (XPath processing-instruction() function is not
|
||
supported). (nielsdos)
|
||
|
||
- SPL:
|
||
. Fixed bug GH-11972 (RecursiveCallbackFilterIterator regression in 8.1.18).
|
||
(nielsdos)
|
||
|
||
- SQLite3:
|
||
. Fixed bug GH-11878 (SQLite3 callback functions cause a memory leak with
|
||
a callable array). (nielsdos, arnaud-lb)
|
||
|
||
31 Aug 2023, PHP 8.2.10
|
||
|
||
- CLI:
|
||
. Fixed bug GH-11716 (cli server crashes on SIGINT when compiled with
|
||
ZEND_RC_DEBUG=1). (nielsdos)
|
||
. Fixed bug GH-10964 (Improve man page about the built-in server).
|
||
(Alexandre Daubois)
|
||
|
||
- Date:
|
||
. Fixed bug GH-11416 (Crash with DatePeriod when uninitialised objects are
|
||
passed in). (Derick)
|
||
|
||
- Core:
|
||
. Fixed strerror_r detection at configuration time. (Kévin Dunglas)
|
||
. Fixed trait typed properties using a DNF type not being correctly bound.
|
||
(Girgias)
|
||
. Fixed trait property types not being arena allocated if copied from
|
||
an internal trait. (Girgias)
|
||
. Fixed deep copy of property DNF type during lazy class load.
|
||
(Girgias, ilutov)
|
||
. Fixed memory freeing of DNF types for non arena allocated types.
|
||
(Girgias, ju1ius)
|
||
|
||
- DOM:
|
||
. Fix DOMEntity field getter bugs. (nielsdos)
|
||
. Fix incorrect attribute existence check in DOMElement::setAttributeNodeNS.
|
||
(nielsdos)
|
||
. Fix DOMCharacterData::replaceWith() with itself. (nielsdos)
|
||
. Fix empty argument cases for DOMParentNode methods. (nielsdos)
|
||
. Fixed bug GH-11791 (Wrong default value of DOMDocument::xmlStandalone).
|
||
(nielsdos)
|
||
. Fix json_encode result on DOMDocument. (nielsdos)
|
||
. Fix manually calling __construct() on DOM classes. (nielsdos)
|
||
. Fixed bug GH-11830 (ParentNode methods should perform their checks
|
||
upfront). (nielsdos)
|
||
. Fix viable next sibling search for replaceWith. (nielsdos)
|
||
. Fix segfault when DOMParentNode::prepend() is called when the child
|
||
disappears. (nielsdos)
|
||
|
||
- FFI:
|
||
. Fix leaking definitions when using FFI::cdef()->new(...). (ilutov)
|
||
|
||
- Hash:
|
||
. Fix use-of-uninitialized-value in hash_pbkdf2(), fix missing $options
|
||
parameter in signature. (ilutov)
|
||
|
||
- MySQLnd:
|
||
. Fixed bug GH-11440 (authentication to a sha256_password account fails over
|
||
SSL). (nielsdos)
|
||
. Fixed bug GH-11438 (mysqlnd fails to authenticate with sha256_password
|
||
accounts using passwords longer than 19 characters).
|
||
(nielsdos, Kamil Tekiela)
|
||
. Fixed bug GH-11550 (MySQL Statement has a empty query result when
|
||
the response field has changed, also Segmentation fault).
|
||
(Yurunsoft)
|
||
. Fixed invalid error message "Malformed packet" when connection is dropped.
|
||
(Kamil Tekiela)
|
||
|
||
- Opcache:
|
||
. Fixed bug GH-11715 (opcache.interned_strings_buffer either has no effect or
|
||
opcache_get_status() / phpinfo() is wrong). (nielsdos)
|
||
. Avoid adding an unnecessary read-lock when loading script from shm if
|
||
restart is in progress. (mikhainin)
|
||
|
||
- PCNTL:
|
||
. Revert behaviour of receiving SIGCHLD signals back to the behaviour
|
||
before 8.1.22. (nielsdos)
|
||
|
||
- SPL:
|
||
. Fixed bug #81992 (SplFixedArray::setSize() causes use-after-free).
|
||
(nielsdos)
|
||
|
||
- Standard:
|
||
. Prevent int overflow on $decimals in number_format. (Marc Bennewitz)
|
||
. Fixed bug GH-11870 (Fix off-by-one bug when truncating tempnam prefix)
|
||
(athos-ribeiro)
|
||
|
||
03 Aug 2023, PHP 8.2.9
|
||
|
||
- Build:
|
||
. Fixed bug GH-11522 (PHP version check fails with '-' separator).
|
||
(SVGAnimate)
|
||
|
||
- CLI:
|
||
. Fix interrupted CLI output causing the process to exit. (nielsdos)
|
||
|
||
- Core:
|
||
. Fixed oss-fuzz #60011 (Mis-compilation of by-reference nullsafe operator).
|
||
(ilutov)
|
||
. Fixed line number of JMP instruction over else block. (ilutov)
|
||
. Fixed use-of-uninitialized-value with ??= on assert. (ilutov)
|
||
. Fixed oss-fuzz #60411 (Fix double-compilation of arrow-functions). (ilutov)
|
||
. Fixed build for FreeBSD before the 11.0 releases. (David Carlier)
|
||
|
||
- Curl:
|
||
. Fix crash when an invalid callback function is passed to
|
||
CURLMOPT_PUSHFUNCTION. (nielsdos)
|
||
|
||
- Date:
|
||
. Fixed bug GH-11368 (Date modify returns invalid datetime). (Derick)
|
||
. Fixed bug GH-11600 (Can't parse time strings which include (narrow)
|
||
non-breaking space characters). (Derick)
|
||
. Fixed bug GH-11854 (DateTime:createFromFormat stopped parsing datetime with
|
||
extra space). (nielsdos, Derick)
|
||
|
||
- DOM:
|
||
. Fixed bug GH-11625 (DOMElement::replaceWith() doesn't replace node with
|
||
DOMDocumentFragment but just deletes node or causes wrapping <></>
|
||
depending on libxml2 version). (nielsdos)
|
||
|
||
- Fileinfo:
|
||
. Fixed bug GH-11298 (finfo returns wrong mime type for xz files). (Anatol)
|
||
|
||
- FTP:
|
||
. Fix context option check for "overwrite". (JonasQuinten)
|
||
. Fixed bug GH-10562 (Memory leak and invalid state with consecutive
|
||
ftp_nb_fget). (nielsdos)
|
||
|
||
- GD:
|
||
. Fix most of the external libgd test failures. (Michael Orlitzky)
|
||
|
||
- Intl:
|
||
. Fix memory leak in MessageFormatter::format() on failure. (Girgias)
|
||
|
||
- Libxml:
|
||
. Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading
|
||
in XML without enabling it). (CVE-2023-3823) (nielsdos, ilutov)
|
||
|
||
- MBString:
|
||
. Fix GH-11300 (license issue: restricted unicode license headers).
|
||
(nielsdos)
|
||
|
||
- Opcache:
|
||
. Fixed bug GH-10914 (OPCache with Enum and Callback functions results in
|
||
segmentation fault). (nielsdos)
|
||
. Prevent potential deadlock if accelerated globals cannot be allocated.
|
||
(nielsdos)
|
||
|
||
- PCNTL:
|
||
. Fixed bug GH-11498 (SIGCHLD is not always returned from proc_open).
|
||
(nielsdos)
|
||
|
||
- PDO:
|
||
. Fix GH-11587 (After php8.1, when PDO::ATTR_EMULATE_PREPARES is true
|
||
and PDO::ATTR_STRINGIFY_FETCHES is true, decimal zeros are no longer
|
||
filled). (SakiTakamachi)
|
||
|
||
- PDO SQLite:
|
||
. Fix GH-11492 (Make test failure: ext/pdo_sqlite/tests/bug_42589.phpt).
|
||
(KapitanOczywisty, CViniciusSDias)
|
||
|
||
- Phar:
|
||
. Add missing check on EVP_VerifyUpdate() in phar util. (nielsdos)
|
||
. Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()).
|
||
(CVE-2023-3824) (nielsdos)
|
||
|
||
- PHPDBG:
|
||
. Fixed bug GH-9669 (phpdbg -h options doesn't list the -z option). (adsr)
|
||
|
||
- Session:
|
||
. Removed broken url support for transferring session ID. (ilutov)
|
||
|
||
- Standard:
|
||
. Fix serialization of RC1 objects appearing in object graph twice. (ilutov)
|
||
|
||
- Streams:
|
||
. Fixed bug GH-11735 (Use-after-free when unregistering user stream wrapper
|
||
from itself). (ilutov)
|
||
|
||
- SQLite3:
|
||
. Fix replaced error handling in SQLite3Stmt::__construct. (nielsdos)
|
||
|
||
- XMLReader:
|
||
. Fix GH-11548 (Argument corruption when calling XMLReader::open or
|
||
XMLReader::XML non-statically with observer active). (Bob)
|
||
|
||
06 Jul 2023, PHP 8.2.8
|
||
|
||
- CLI:
|
||
. Fixed bug GH-11246 (cli/get_set_process_title fails on MacOS).
|
||
(James Lucas)
|
||
|
||
- Core:
|
||
. Fixed build for the riscv64 architecture/GCC 12. (Daniil Gentili)
|
||
|
||
- Curl:
|
||
. Fixed bug GH-11433 (Unable to set CURLOPT_ACCEPT_ENCODING to NULL).
|
||
(nielsdos)
|
||
|
||
- Date:
|
||
. Fixed bug GH-11455 (Segmentation fault with custom object date properties).
|
||
(nielsdos)
|
||
|
||
- DOM:
|
||
. Fixed bugs GH-11288 and GH-11289 and GH-11290 and GH-9142 (DOMExceptions
|
||
and segfaults with replaceWith). (nielsdos)
|
||
. Fixed bug GH-10234 (Setting DOMAttr::textContent results in an empty
|
||
attribute value). (nielsdos)
|
||
. Fix return value in stub file for DOMNodeList::item. (divinity76)
|
||
. Fix spec compliance error with '*' namespace for
|
||
DOMDocument::getElementsByTagNameNS. (nielsdos)
|
||
. Fix DOMElement::append() and DOMElement::prepend() hierarchy checks.
|
||
(nielsdos)
|
||
. Fixed bug GH-11347 (Memory leak when calling a static method inside an
|
||
xpath query). (nielsdos)
|
||
. Fixed bug #67440 (append_node of a DOMDocumentFragment does not reconcile
|
||
namespaces). (nielsdos)
|
||
. Fixed bug #81642 (DOMChildNode::replaceWith() bug when replacing a node
|
||
with itself). (nielsdos)
|
||
. Fixed bug #77686 (Removed elements are still returned by getElementById).
|
||
(nielsdos)
|
||
. Fixed bug #70359 (print_r() on DOMAttr causes Segfault in
|
||
php_libxml_node_free_list()). (nielsdos)
|
||
. Fixed bug #78577 (Crash in DOMNameSpace debug info handlers). (nielsdos)
|
||
. Fix lifetime issue with getAttributeNodeNS(). (nielsdos)
|
||
. Fix "invalid state error" with cloned namespace declarations. (nielsdos)
|
||
. Fixed bug #55294 and #47530 and #47847 (various namespace reconciliation
|
||
issues). (nielsdos)
|
||
. Fixed bug #80332 (Completely broken array access functionality with
|
||
DOMNamedNodeMap). (nielsdos)
|
||
|
||
- Opcache:
|
||
. Fix allocation loop in zend_shared_alloc_startup(). (nielsdos)
|
||
. Access violation on smm_shared_globals with ALLOC_FALLBACK. (KoudelkaB)
|
||
. Fixed bug GH-11336 (php still tries to unlock the shared memory ZendSem
|
||
with opcache.file_cache_only=1 but it was never locked). (nielsdos)
|
||
|
||
- OpenSSL:
|
||
. Fixed bug GH-9356 Incomplete validation of IPv6 Address fields in
|
||
subjectAltNames (James Lucas, Jakub Zelenka).
|
||
|
||
- PCRE:
|
||
. Fix preg_replace_callback_array() pattern validation. (ilutov)
|
||
|
||
- PGSQL:
|
||
. Fixed intermittent segfault with pg_trace. (David Carlier)
|
||
|
||
- Phar:
|
||
. Fix cross-compilation check in phar generation for FreeBSD. (peter279k)
|
||
|
||
- SPL:
|
||
. Fixed bug GH-11338 (SplFileInfo empty getBasename with more than one
|
||
slash). (nielsdos)
|
||
|
||
- Standard:
|
||
. Fix access on NULL pointer in array_merge_recursive(). (ilutov)
|
||
. Fix exception handling in array_multisort(). (ilutov)
|
||
|
||
- SQLite3:
|
||
. Fixed bug GH-11451 (Invalid associative array containing duplicate
|
||
keys). (nielsdos)
|
||
|
||
08 Jun 2023, PHP 8.2.7
|
||
|
||
- Core:
|
||
. Fixed bug GH-11152 (Unable to alias namespaces containing reserved class
|
||
names). (ilutov)
|
||
. Fixed bug GH-9068 (Conditional jump or move depends on uninitialised
|
||
value(s)). (nielsdos)
|
||
. Fixed bug GH-11189 (Exceeding memory limit in zend_hash_do_resize leaves
|
||
the array in an invalid state). (Bob)
|
||
. Fixed bug GH-11063 (Compilation error on old GCC versions). (ingamedeo)
|
||
. Fixed bug GH-11222 (foreach by-ref may jump over keys during a rehash).
|
||
(Bob)
|
||
|
||
- Date:
|
||
. Fixed bug GH-11281 (DateTimeZone::getName() does not include seconds in
|
||
offset). (nielsdos)
|
||
|
||
- Exif:
|
||
. Fixed bug GH-10834 (exif_read_data() cannot read smaller stream wrapper
|
||
chunk sizes). (nielsdos)
|
||
|
||
- FPM:
|
||
. Fixed bug GH-10461 (PHP-FPM segfault due to after free usage of
|
||
child->ev_std(out|err)). (Jakub Zelenka)
|
||
. Fixed bug #64539 (FPM status page: query_string not properly JSON encoded).
|
||
(Jakub Zelenka)
|
||
. Fixed memory leak for invalid primary script file handle. (Jakub Zelenka)
|
||
|
||
- Hash:
|
||
. Fixed bug GH-11180 (hash_file() appears to be restricted to 3 arguments).
|
||
(nielsdos)
|
||
|
||
- LibXML:
|
||
. Fixed bug GH-11160 (Few tests failed building with new libxml 2.11.0).
|
||
(nielsdos)
|
||
|
||
- MBString:
|
||
. Fix bug GH-11217 (Segfault in mb_strrpos / mb_strripos when using negative
|
||
offset and ASCII encoding). (ilutov)
|
||
|
||
- Opcache:
|
||
. Fixed bug GH-11134 (Incorrect match default branch optimization). (ilutov)
|
||
. Fixed too wide OR and AND range inference. (nielsdos)
|
||
. Fixed missing class redeclaration error with OPcache enabled. (ilutov)
|
||
. Fixed bug GH-11245 (In some specific cases SWITCH with one default
|
||
statement will cause segfault). (nielsdos)
|
||
|
||
- PCNTL:
|
||
. Fixed maximum argument count of pcntl_forkx(). (nielsdos)
|
||
|
||
- PGSQL:
|
||
. Fixed parameter parsing of pg_lo_export(). (kocsismate)
|
||
|
||
- Phar:
|
||
. Fixed bug GH-11099 (Generating phar.php during cross-compile can't be
|
||
done). (peter279k)
|
||
|
||
- Soap:
|
||
. Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random
|
||
bytes in HTTP Digest authentication for SOAP).
|
||
(CVE-2023-3247) (nielsdos, timwolla)
|
||
. Fixed bug GH-8426 (make test fail while soap extension build). (nielsdos)
|
||
|
||
- SPL:
|
||
. Fixed bug GH-11178 (Segmentation fault in spl_array_it_get_current_data
|
||
(PHP 8.1.18)). (nielsdos)
|
||
|
||
- Standard:
|
||
. Fixed bug GH-11138 (move_uploaded_file() emits open_basedir warning for
|
||
source file). (ilutov)
|
||
. Fixed bug GH-11274 (POST/PATCH request switches to GET after a HTTP 308
|
||
redirect). (nielsdos)
|
||
|
||
- Streams:
|
||
. Fixed bug GH-10031 ([Stream] STREAM_NOTIFY_PROGRESS over HTTP emitted
|
||
irregularly for last chunk of data). (nielsdos)
|
||
. Fixed bug GH-11175 (Stream Socket Timeout). (nielsdos)
|
||
. Fixed bug GH-11177 (ASAN UndefinedBehaviorSanitizer when timeout = -1
|
||
passed to stream_socket_accept/stream_socket_client). (nielsdos)
|
||
|
||
11 May 2023, PHP 8.2.6
|
||
|
||
- Core:
|
||
. Fix inconsistent float negation in constant expressions. (ilutov)
|
||
. Fixed bug GH-8841 (php-cli core dump calling a badly formed function).
|
||
(nielsdos)
|
||
. Fixed bug GH-10737 (PHP 8.1.16 segfaults on line 597 of
|
||
sapi/apache2handler/sapi_apache2.c). (nielsdos, ElliotNB)
|
||
. Fixed bug GH-11028 (Heap Buffer Overflow in zval_undefined_cv.). (nielsdos)
|
||
. Fixed bug GH-11108 (Incorrect CG(memoize_mode) state after bailout in ??=).
|
||
(ilutov)
|
||
|
||
- Date:
|
||
. Fixed bug where the diff() method would not return the right result around
|
||
DST changeover for date/times associated with a timezone identifier. (Derick)
|
||
. Fixed out-of-range bug when converting to/from around the LONG_MIN unix
|
||
timestamp. (Derick)
|
||
|
||
- DOM:
|
||
. Fixed bug #80602 (Segfault when using DOMChildNode::before()).
|
||
(Nathan Freeman)
|
||
. Fixed incorrect error handling in dom_zvals_to_fragment(). (nielsdos)
|
||
|
||
- Exif:
|
||
. Fixed bug GH-9397 (exif read : warnings and errors : Potentially invalid
|
||
endianess, Illegal IFD size and Undefined index). (nielsdos)
|
||
|
||
- Intl:
|
||
. Fixed bug GH-11071 (TZData version not displayed anymore). (Remi)
|
||
|
||
- PCRE:
|
||
. Fixed bug GH-10968 (Segfault in preg_replace_callback_array()). (ilutov)
|
||
|
||
- Reflection:
|
||
. Fixed bug GH-10983 (State-dependant segfault in
|
||
ReflectionObject::getProperties). (nielsdos)
|
||
|
||
- SPL:
|
||
. Handle indirect zvals and use up-to-date properties in
|
||
SplFixedArray::__serialize. (nielsdos)
|
||
|
||
- Standard:
|
||
. Fixed bug GH-10990 (mail() throws TypeError after iterating over
|
||
$additional_headers array by reference). (nielsdos)
|
||
. Fixed bug GH-9775 (Duplicates returned by array_unique when using enums).
|
||
(ilutov)
|
||
|
||
- Streams:
|
||
. Fixed bug GH-10406 (feof() behavior change for UNIX based socket
|
||
resources). (Jakub Zelenka)
|
||
|
||
13 Apr 2023, PHP 8.2.5
|
||
|
||
- Core:
|
||
. Added optional support for max_execution_time in ZTS/Linux builds
|
||
(Kévin Dunglas)
|
||
. Fixed use-after-free in recursive AST evaluation. (ilutov)
|
||
. Fixed bug GH-8646 (Memory leak PHP FPM 8.1). (nielsdos)
|
||
. Re-add some CTE functions that were removed from being CTE by a mistake.
|
||
(mvorisek)
|
||
. Remove CTE flag from array_diff_ukey(), which was added by mistake.
|
||
(mvorisek)
|
||
. Fixed bug GH-10801 (Named arguments in CTE functions cause a segfault).
|
||
(nielsdos)
|
||
. Fixed bug GH-8789 (PHP 8.0.20 (ZTS) zend_signal_handler_defer crashes on
|
||
apache). (nielsdos)
|
||
. Fixed bug GH-10015 (zend_signal_handler_defer crashes on apache shutdown).
|
||
(nielsdos)
|
||
. Fixed bug GH-10810 (Fix NUL byte terminating Exception::__toString()).
|
||
(ilutov)
|
||
. Fix potential memory corruption when mixing __callStatic() and FFI. (ilutov)
|
||
|
||
- Date:
|
||
. Fixed bug GH-10747 (Private and protected properties in serialized Date*
|
||
objects throw). (Derick)
|
||
|
||
- FPM:
|
||
. Fixed bug GH-10611 (fpm_env_init_main leaks environ). (nielsdos)
|
||
. Destroy file_handle in fpm_main. (Jakub Zelenka, nielsdos)
|
||
. Fixed bug #74129 (Incorrect SCRIPT_NAME with apache ProxyPassMatch when
|
||
spaces are in path). (Jakub Zelenka)
|
||
|
||
- FTP:
|
||
. Propagate success status of ftp_close(). (nielsdos)
|
||
. Fixed bug GH-10521 (ftp_get/ftp_nb_get resumepos offset is maximum 10GB).
|
||
(nielsdos)
|
||
|
||
- IMAP:
|
||
. Fix build failure with Clang 16. (orlitzky)
|
||
|
||
- MySQLnd:
|
||
. Fixed bug GH-8979 (Possible Memory Leak with SSL-enabled MySQL
|
||
connections). (nielsdos)
|
||
|
||
- Opcache:
|
||
. Fixed build for macOS to cater with pkg-config settings. (David Carlier)
|
||
. Fixed bug GH-8065 (opcache.consistency_checks > 0 causes segfaults in
|
||
PHP >= 8.1.5 in fpm context). (nielsdos)
|
||
|
||
- OpenSSL:
|
||
. Add missing error checks on file writing functions. (nielsdos)
|
||
|
||
- PDO Firebird:
|
||
. Fixed bug GH-10908 (Bus error with PDO Firebird on RPI with 64 bit kernel
|
||
and 32 bit userland). (nielsdos)
|
||
|
||
- Phar:
|
||
. Fixed bug GH-10766 (PharData archive created with Phar::Zip format does
|
||
not keep files metadata (datetime)). (nielsdos)
|
||
. Add missing error checks on EVP_MD_CTX_create() and EVP_VerifyInit().
|
||
(nielsdos)
|
||
|
||
- PDO ODBC:
|
||
. Fixed missing and inconsistent error checks on SQLAllocHandle. (nielsdos)
|
||
|
||
- PGSQL:
|
||
. Fixed typo in the array returned from pg_meta_data (extended mode).
|
||
(David Carlier)
|
||
|
||
- SPL:
|
||
. Fixed bug GH-10519 (Array Data Address Reference Issue). (Nathan Freeman)
|
||
. Fixed bug GH-10907 (Unable to serialize processed SplFixedArrays in
|
||
PHP 8.2.4). (nielsdos)
|
||
. Fixed bug GH-10844 (ArrayIterator allows modification of readonly props).
|
||
(ilutov)
|
||
|
||
- Standard:
|
||
. Fixed bug GH-10885 (stream_socket_server context leaks). (ilutov)
|
||
. Fixed bug GH-10052 (Browscap crashes PHP 8.1.12 on request shutdown
|
||
(apache2)). (nielsdos)
|
||
. Fixed oss-fuzz #57392 (Buffer-overflow in php_fgetcsv() with \0 delimiter
|
||
and enclosure). (ilutov)
|
||
. Fixed undefined behaviour in unpack(). (nielsdos)
|
||
|
||
16 Mar 2023, PHP 8.2.4
|
||
|
||
- Core:
|
||
. Fixed incorrect check condition in ZEND_YIELD. (nielsdos)
|
||
. Fixed incorrect check condition in type inference. (nielsdos)
|
||
. Fix incorrect check in zend_internal_call_should_throw(). (nielsdos)
|
||
. Fixed overflow check in OnUpdateMemoryConsumption. (nielsdos)
|
||
. Fixed bug GH-9916 (Entering shutdown sequence with a fiber suspended in a
|
||
Generator emits an unavoidable fatal error or crashes). (Arnaud)
|
||
. Fixed bug GH-10437 (Segfault/assertion when using fibers in shutdown
|
||
function after bailout). (trowski)
|
||
. Fixed SSA object type update for compound assignment opcodes. (nielsdos)
|
||
. Fixed language scanner generation build. (Daniel Black)
|
||
. Fixed zend_update_static_property() calling zend_update_static_property_ex()
|
||
misleadingly with the wrong return type. (nielsdos)
|
||
. Fix bug GH-10570 (Fixed unknown string hash on property fetch with integer
|
||
constant name). (nielsdos)
|
||
. Fixed php_fopen_primary_script() call resulted on zend_destroy_file_handle()
|
||
freeing dangling pointers on the handle as it was uninitialized. (nielsdos)
|
||
|
||
- Curl:
|
||
. Fixed deprecation warning at compile time. (Max Kellermann)
|
||
. Fixed bug GH-10270 (Unable to return CURL_READFUNC_PAUSE in readfunc
|
||
callback). (Pierrick Charron)
|
||
|
||
- Date:
|
||
. Fix GH-10447 ('p' format specifier does not yield 'Z' for 00:00). (Derick)
|
||
. Fix GH-10152 (Custom properties of Date's child classes are not
|
||
serialised). (Derick)
|
||
|
||
- FFI:
|
||
. Fixed incorrect bitshifting and masking in ffi bitfield. (nielsdos)
|
||
|
||
- Fiber:
|
||
. Fixed assembly on alpine x86. (nielsdos)
|
||
. Fixed bug GH-10496 (segfault when garbage collector is invoked inside of
|
||
fiber). (Bob, Arnaud)
|
||
|
||
- FPM:
|
||
. Fixed bug GH-10315 (FPM unknown child alert not valid). (Jakub Zelenka)
|
||
. Fixed bug GH-10385 (FPM successful config test early exit). (nielsdos)
|
||
|
||
- GMP:
|
||
. Properly implement GMP::__construct(). (nielsdos)
|
||
|
||
- Intl:
|
||
. Fixed bug GH-10647 (Spoolchecker isSuspicious/areConfusable methods
|
||
error code's argument always returning NULL0. (Nathan Freeman)
|
||
|
||
- JSON:
|
||
. Fixed JSON scanner and parser generation build.
|
||
(Daniel Black, Jakub Zelenka)
|
||
|
||
- MBString:
|
||
. ext/mbstring: fix new_value length check. (Max Kellermann)
|
||
. Fix bug GH-10627 (mb_convert_encoding crashes PHP on Windows). (nielsdos)
|
||
|
||
- Opcache:
|
||
. Fix incorrect page_size check. (nielsdos)
|
||
. Fix readonly modification check when using inc/dec operators on readonly
|
||
property with JIT. (ilutov)
|
||
|
||
- OpenSSL:
|
||
. Fixed php_openssl_set_server_dh_param() DH params errors handling. (nielsdos)
|
||
|
||
- PDO OCI:
|
||
. Fixed bug #60994 (Reading a multibyte CLOB caps at 8192 chars).
|
||
(Michael Voříšek)
|
||
|
||
- PHPDBG:
|
||
. Fixed bug GH-10715 (heap buffer overflow on --run option misuse). (nielsdos)
|
||
|
||
- PGSQL:
|
||
. Fix GH-10672 (pg_lo_open segfaults in the strict_types mode). (girgias)
|
||
|
||
- Phar:
|
||
. Fix incorrect check in phar tar parsing. (nielsdos)
|
||
|
||
- Random:
|
||
. Fix GH-10390 (Do not trust arc4random_buf() on glibc). (timwolla)
|
||
. Fix GH-10292 (Made the default value of the first param of srand() and
|
||
mt_srand() unknown). (kocsismate)
|
||
|
||
- Reflection:
|
||
. Fixed bug GH-10623 (Reflection::getClosureUsedVariables opcode fix with
|
||
variadic arguments). (nielsdos)
|
||
. Fix Segfault when using ReflectionFiber suspended by an internal function.
|
||
(danog)
|
||
|
||
- Session:
|
||
. Fixed ps_files_cleanup_dir() on failure code paths with -1 instead of 0 as
|
||
the latter was considered success by callers. (nielsdos).
|
||
|
||
- Standard:
|
||
. Fixed bug GH-8086 (Introduce mail.mixed_lf_and_crlf INI). (Jakub Zelenka)
|
||
. Fixed bug GH-10292 (Made the default value of the first param of srand() and
|
||
mt_srand() unknown). (kocsismate)
|
||
. Fix incorrect check in cs_8559_5 in map_from_unicode(). (nielsdos)
|
||
. Fix bug GH-9697 for reset/end/next/prev() attempting to move pointer of
|
||
properties table for certain internal classes such as FFI classes
|
||
. Fix incorrect error check in browsecap for pcre2_match(). (nielsdos)
|
||
|
||
- Streams:
|
||
. Fixed bug GH-10370 (File corruption in _php_stream_copy_to_stream_ex when
|
||
using copy_file_range). (nielsdos)
|
||
. Fixed bug GH-10548 (copy() fails on cifs mounts because of incorrect
|
||
copy_file_range() len). (nielsdos)
|
||
|
||
- Tidy:
|
||
. Fix memory leaks when attempting to open a non-existing file or a file over
|
||
4GB. (Girgias)
|
||
. Add missing error check on tidyLoadConfig. (nielsdos)
|
||
|
||
- Zlib:
|
||
. Fixed output_handler directive value's length which counted the string
|
||
terminator. (nieldos)
|
||
|
||
14 Feb 2023, PHP 8.2.3
|
||
|
||
- Core:
|
||
. Fixed bug #81744 (Password_verify() always return true with some hash).
|
||
(CVE-2023-0567). (Tim Düsterhus)
|
||
. Fixed bug #81746 (1-byte array overrun in common path resolve code).
|
||
(CVE-2023-0568). (Niels Dossche)
|
||
|
||
- SAPI:
|
||
. Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart
|
||
request body). (CVE-2023-0662) (Jakub Zelenka)
|
||
|
||
02 Feb 2023, PHP 8.2.2
|
||
|
||
- Core:
|
||
. Fixed bug GH-10200 (zif_get_object_vars:
|
||
Assertion `!(((__ht)->u.flags & (1<<2)) != 0)' failed). (nielsdos)
|
||
. Fix GH-10251 (Assertion `(flag & (1<<3)) == 0' failed). (nielsdos)
|
||
. Fix GH-10240 (Assertion failure when adding more than 2**30 elements to an
|
||
unpacked array). (Arnaud)
|
||
. Fix GH-9735 (Fiber stack variables do not participate in cycle collector).
|
||
(Arnaud)
|
||
. Fix GH-9675 (Broken run_time_cache init for internal enum methods).
|
||
(Petar Obradović, Bob)
|
||
. Fix GH-10248 (Assertion `!(zval_get_type(&(*(property))) == 10)' failed).
|
||
(nielsdos)
|
||
|
||
- FPM:
|
||
. Fixed bug #77106 (Missing separator in FPM FastCGI errors). (Jakub Zelenka)
|
||
. Fixed bug GH-9981 (FPM does not reset fastcgi.error_header).
|
||
(Jakub Zelenka)
|
||
. Fixed bug #68591 (Configuration test does not perform UID lookups).
|
||
(Jakub Zelenka)
|
||
. Fixed memory leak when running FPM config test. (Jakub Zelenka)
|
||
. Fixed bug #67244 (Wrong owner:group for listening unix socket).
|
||
(Jakub Zelenka)
|
||
|
||
- Hash:
|
||
. Handle exceptions from __toString in XXH3's initialization (nielsdos)
|
||
|
||
- LDAP:
|
||
. Fixed bug GH-10112 (LDAP\Connection::__construct() refers to ldap_create()).
|
||
(cmb)
|
||
|
||
- Opcache:
|
||
. Fix inverted bailout value in zend_runtime_jit() (Max Kellermann).
|
||
. Fix access to uninitialized variable in accel_preload(). (nielsdos)
|
||
. Fix zend_jit_find_trace() crashes. (Max Kellermann)
|
||
. Added missing lock for EXIT_INVALIDATE in zend_jit_trace_exit. (Max Kellermann)
|
||
|
||
- Phar:
|
||
. Fix wrong flags check for compression method in phar_object.c (nielsdos)
|
||
|
||
- PHPDBG:
|
||
. Fix undefined behaviour in phpdbg_load_module_or_extension(). (nielsdos)
|
||
. Fix NULL pointer dereference in phpdbg_create_conditional_breal(). (nielsdos)
|
||
. Fix GH-9710: phpdbg memory leaks by option "-h" (nielsdos)
|
||
. Fix phpdbg segmentation fault in case of malformed input (nielsdos)
|
||
|
||
- Posix:
|
||
. Fix memory leak in posix_ttyname() (girgias)
|
||
|
||
- Random:
|
||
. Fixed bug GH-10247 (Theoretical file descriptor leak for /dev/urandom). (timwolla)
|
||
|
||
- Standard:
|
||
. Fix GH-10187 (Segfault in stripslashes() with arm64). (nielsdos)
|
||
. Fixed bug GH-10214 (Incomplete validation of object syntax during
|
||
unserialize()). (timwolla)
|
||
. Fix substr_replace with slots in repl_ht being UNDEF. (nielsdos)
|
||
|
||
- XMLWriter
|
||
. Fix missing check for xmlTextWriterEndElement (nielsdos)
|
||
|
||
05 Jan 2023, PHP 8.2.1
|
||
|
||
- Core:
|
||
. Fixed bug GH-9905 (constant() behaves inconsistent when class is undefined).
|
||
(cmb)
|
||
. Fixed bug GH-9918 (License information for xxHash is not included in
|
||
README.REDIST.BINS file). (Akama Hitoshi)
|
||
. Fixed bug GH-9890 (OpenSSL legacy providers not available on Windows). (cmb)
|
||
. Fixed bug GH-9650 (Can't initialize heap: [0x000001e7]). (Michael Voříšek)
|
||
. Fixed potentially undefined behavior in Windows ftok(3) emulation. (cmb)
|
||
. Fixed GH-9769 (Misleading error message for unpacking of objects). (jhdxr)
|
||
|
||
- Apache:
|
||
. Fixed bug GH-9949 (Partial content on incomplete POST request). (cmb)
|
||
|
||
- FPM:
|
||
. Fixed bug GH-9959 (Solaris port event mechanism is still broken after bug
|
||
#66694). (Petr Sumbera)
|
||
. Fixed bug #68207 (Setting fastcgi.error_header can result in a WARNING).
|
||
(Jakub Zelenka)
|
||
. Fixed bug #80669 (FPM numeric user fails to set groups). (Jakub Zelenka)
|
||
. Fixed bug GH-8517 (Random crash of FPM master process in
|
||
fpm_stdio_child_said). (Jakub Zelenka)
|
||
|
||
- Imap:
|
||
. Fixed bug GH-10051 (IMAP: there's no way to check if a IMAP\Connection is
|
||
still open). (Girgias)
|
||
|
||
- MBString:
|
||
. Fixed bug GH-9535 (The behavior of mb_strcut in mbstring has been changed in
|
||
PHP8.1). (Nathan Freeman)
|
||
|
||
- Opcache:
|
||
. Fixed bug GH-9968 (Segmentation Fault during OPCache Preload).
|
||
(Arnaud, michdingpayc)
|
||
|
||
- OpenSSL:
|
||
. Fixed bug GH-9997 (OpenSSL engine clean up segfault). (Jakub Zelenka)
|
||
. Fixed bug GH-9064 (PHP fails to build if openssl was built with --no-ec).
|
||
(Jakub Zelenka)
|
||
. Fixed bug GH-10000 (OpenSSL test failures when OpenSSL compiled with
|
||
no-dsa). (Jakub Zelenka)
|
||
|
||
- Pcntl:
|
||
. Fixed bug GH-9298 (Signal handler called after rshutdown leads to crash).
|
||
(Erki Aring)
|
||
|
||
- PDO_Firebird:
|
||
. Fixed bug GH-9971 (Incorrect NUMERIC value returned from PDO_Firebird).
|
||
(cmb)
|
||
|
||
- PDO/SQLite:
|
||
. Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631)
|
||
(cmb)
|
||
|
||
- Session:
|
||
. Fixed GH-9932 (session name silently fails with . and [). (David Carlier)
|
||
|
||
- SPL:
|
||
. Fixed GH-9883 (SplFileObject::__toString() reads next line). (Girgias)
|
||
. Fixed GH-10011 (Trampoline autoloader will get reregistered and cannot be
|
||
unregistered). (Girgias)
|
||
|
||
- SQLite3:
|
||
. Fixed bug #81742 (open_basedir bypass in SQLite3 by using file URI). (cmb)
|
||
|
||
- TSRM:
|
||
. Fixed Windows shmget() wrt. IPC_PRIVATE. (Tyson Andre)
|
||
|
||
08 Dec 2022, PHP 8.2.0
|
||
|
||
- CLI:
|
||
. Fixed bug #81496 (Server logs incorrect request method). (lauri)
|
||
. Updated the mime-type table for the builtin-server. (Ayesh Karunaratne)
|
||
. Fixed potential overflow for the builtin server via the
|
||
PHP_CLI_SERVER_WORKERS environment variable. (yiyuaner)
|
||
. Fixed GH-8575 by changing STDOUT, STDERR and STDIN to not close on resource
|
||
destruction. (Jakub Zelenka)
|
||
. Implement built-in web server responding without body to HEAD request on
|
||
a static resource. (Vedran Miletic, Marin Martuslovic)
|
||
. Implement built-in web server responding with HTTP status 405 to
|
||
DELETE/PUT/PATCH request on a static resource.
|
||
(Vedran Miletic, Marin Martuslovic)
|
||
. Fixed bug GH-9709 (Null pointer dereference with -w/-s options).
|
||
(Adam Saponara)
|
||
|
||
- COM:
|
||
. Fixed bug GH-8750 (Can not create VT_ERROR variant type). (cmb)
|
||
|
||
- Core:
|
||
. Fixed bug #81380 (Observer may not be initialized properly). (krakjoe)
|
||
. Fixed bug GH-7771 (Fix filename/lineno of constant expressions). (ilutov)
|
||
. Fixed bug GH-7792 (Improve class type in error messages). (ilutov)
|
||
. Support huge pages on MacOS. (David CARLIER)
|
||
. Fixed bug GH-8655 (Casting an object to array does not unwrap refcount=1
|
||
references). (Nicolas Grekas)
|
||
. Fixed bug GH-8661 (Nullsafe in coalesce triggers undefined variable
|
||
warning). (ilutov)
|
||
. Fixed bug GH-7821 and GH-8418 (Allow arbitrary const expressions in backed
|
||
enums). (ilutov)
|
||
. Fixed bug GH-8810 (Incorrect lineno in backtrace of multi-line function
|
||
calls). (ilutov)
|
||
. Optimised code path for newly created file with the stream plain wrapper. (Max Kellermann)
|
||
. Uses safe_perealloc instead of perealloc for the
|
||
ZEND_PTR_STACK_RESIZE_IF_NEEDED to avoid possible overflows. (David Carlier)
|
||
. Reduced the memory footprint of strings returned by var_export(),
|
||
json_encode(), serialize(), iconv_*(), mb_ereg*(), session_create_id(),
|
||
http_build_query(), strstr(), Reflection*::__toString(). (Arnaud)
|
||
. Fixed bug GH-8995 (WeakMap object reference offset causing TypeError).
|
||
(Tobias Bachert)
|
||
. Added error_log_mode ini setting. (Mikhail Galanin)
|
||
. Updated request startup messages. (Eric Norris)
|
||
. Fixed bug GH-7900 (Arrow function with never return type compile-time
|
||
errors). (ilutov)
|
||
. Fixed incorrect double to long casting in latest clang. (zeriyoshi)
|
||
. Added support for defining constants in traits. (sj-i)
|
||
. Stop incorrectly emitting false positive deprecation notice alongside
|
||
unsupported syntax fatal error for `"{$g{'h'}}"`. (TysonAndre)
|
||
. Fix unexpected deprecated dynamic property warning, which occurred when
|
||
exit() in finally block after an exception was thrown without catching.
|
||
(Twosee)
|
||
. Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function)
|
||
(Tim Starling)
|
||
. Fixed bug GH-9227 (Trailing dots and spaces in filenames are ignored).
|
||
(cmb)
|
||
. Fixed bug GH-9285 (Traits cannot be used in readonly classes).
|
||
(kocsismate)
|
||
. Fixed bug GH-9186 (@strict-properties can be bypassed using
|
||
unserialization). (kocsismate)
|
||
. Fixed bug GH-9500 (Using dnf type with parentheses after readonly keyword
|
||
results in a parse error). (ilutov)
|
||
. Fixed bug GH-9516 ((A&B)|D as a param should allow AB or D. Not just A).
|
||
(Girgias)
|
||
. Fixed observer class notify with Opcache file_cache_only=1. (ilutov)
|
||
. Fixes segfault with Fiber on FreeBSD i386 architecture. (David Carlier)
|
||
. Fixed bug GH-9655 (Pure intersection types cannot be implicitly nullable)
|
||
(Girgias)
|
||
. Fixed bug GH-9589 (dl() segfaults when module is already loaded). (cmb,
|
||
Arnaud)
|
||
. Fixed bug GH-9752 (Generator crashes when interrupted during argument
|
||
evaluation with extra named params). (Arnaud)
|
||
. Fixed bug GH-9801 (Generator crashes when memory limit is exceeded during
|
||
initialization). (Arnaud)
|
||
. Fixed a bug with preloaded enums possibly segfaulting. (Bob)
|
||
. Fixed bug GH-9823 (Don’t reset func in zend_closure_internal_handler).
|
||
(Florian Sowade)
|
||
. Fixed potential NULL pointer dereference Windows shm*() functions. (cmb)
|
||
. Fix target validation for internal attributes with constructor property
|
||
promotion. (kooldev)
|
||
. Fixed bug GH-9750 (Generator memory leak when interrupted during argument
|
||
evaluation. (Arnaud)
|
||
|
||
- Curl:
|
||
. Added support for CURLOPT_XFERINFOFUNCTION. (David Carlier)
|
||
. Added support for CURLOPT_MAXFILESIZE_LARGE. (David Carlier)
|
||
. Added new constants from cURL 7.62 to 7.80. (Pierrick)
|
||
. New function curl_upkeep(). (Pierrick)
|
||
|
||
- Date:
|
||
. Fixed GH-8458 (DateInterval::createFromDateString does not throw if
|
||
non-relative items are present). (Derick)
|
||
. Fixed bug #52015 (Allow including end date in DatePeriod iterations)
|
||
(Daniel Egeberg, Derick)
|
||
. idate() now accepts format specifiers "N" (ISO Day-of-Week) and "o" (ISO
|
||
Year). (Pavel Djundik)
|
||
. Fixed bug GH-8730 (DateTime::diff miscalculation is same time zone of
|
||
different type). (Derick)
|
||
. Fixed bug GH-8964 (DateTime object comparison after applying delta less
|
||
than 1 second). (Derick)
|
||
. Fixed bug GH-9106: (DateInterval 1.5s added to DateTimeInterface is rounded
|
||
down since PHP 8.1.0). (Derick)
|
||
. Fixed bug #75035 (Datetime fails to unserialize "extreme" dates).
|
||
(Derick)
|
||
. Fixed bug #80483 (DateTime Object with 5-digit year can't unserialized).
|
||
(Derick)
|
||
. Fixed bug #81263 (Wrong result from DateTimeImmutable::diff). (Derick)
|
||
. Fixed bug GH-9431 (DateTime::getLastErrors() not returning false when no
|
||
errors/warnings). (Derick)
|
||
. Fixed bug with parsing large negative numbers with the @ notation. (Derick)
|
||
|
||
- DBA:
|
||
. Fixed LMDB driver hanging when attempting to delete a non-existing key
|
||
(Girgias)
|
||
. Fixed LMDB driver memory leak on DB creation failure (Girgias)
|
||
. Fixed GH-8856 (dba: lmdb: allow to override the MDB_NOSUBDIR flag). (Girgias)
|
||
|
||
- FFI:
|
||
. Fixed bug GH-9090 (Support assigning function pointers in FFI). (Adam
|
||
Saponara)
|
||
|
||
- Fileinfo:
|
||
. Fixed bug GH-8805 (finfo returns wrong mime type for woff/woff2 files).
|
||
(Anatol)
|
||
|
||
- Filter:
|
||
. Added FILTER_FLAG_GLOBAL_RANGE to filter Global IPs. (vnsavage)
|
||
|
||
- FPM:
|
||
. Emit error for invalid port setting. (David Carlier)
|
||
. Added extra check for FPM proc dumpable on SELinux based systems.
|
||
(David Carlier)
|
||
. Added support for listening queue on macOS. (David Carlier)
|
||
. Changed default for listen.backlog on Linux to -1. (Cristian Rodríguez)
|
||
. Added listen.setfib pool option to set route FIB on FreeBSD. (David Carlier)
|
||
. Added access.suppress_path pool option to filter access log entries.
|
||
(Mark Gallagher)
|
||
. Fixed on fpm scoreboard occasional warning on acquisition failure.
|
||
(Felix Wiedemann)
|
||
. Fixed bug GH-9754 (SaltStack (using Python subprocess) hangs when running
|
||
php-fpm 8.1.11). (Jakub Zelenka)
|
||
|
||
- FTP:
|
||
. Fix datetime format string to follow POSIX spec in ftp_mdtm(). (Jihwan Kim)
|
||
|
||
- GD:
|
||
. Fixed bug #81739: OOB read due to insufficient input validation in
|
||
imageloadfont(). (CVE-2022-31630) (cmb)
|
||
|
||
- GMP:
|
||
. Fixed bug GH-9308 (GMP throws the wrong error when a GMP object is passed
|
||
to gmp_init()). (Girgias)
|
||
|
||
- Hash:
|
||
. Fixed bug #81738: buffer overflow in hash_update() on long parameter.
|
||
(CVE-2022-37454) (nicky at mouha dot be)
|
||
. Fixed bug GH-10077: Fix compilation on RHEL 7 ppc64le. (Mattias Ellert)
|
||
|
||
- Intl:
|
||
. Update all grandfathered language tags with preferred values
|
||
. Fixed GH-7939 (Cannot unserialize IntlTimeZone objects). (cmb)
|
||
. Fixed build for ICU 69.x and onwards. (David Carlier)
|
||
. Declared Transliterator::$id as readonly to unlock subclassing it. (Nicolas
|
||
Grekas)
|
||
. Fixed bug GH-9421 (Incorrect argument number for ValueError in NumberFormatter).
|
||
(Girgias)
|
||
|
||
- MBString:
|
||
. Fixed bug GH-9248 (Segmentation fault in mb_strimwidth()). (cmb)
|
||
|
||
- mysqli:
|
||
. Fixed bug GH-9841 (mysqli_query throws warning despite using
|
||
silenced error mode). (Kamil Tekiela)
|
||
|
||
- MySQLnd:
|
||
. Fixed potential heap corruption due to alignment mismatch. (cmb)
|
||
|
||
- OCI8:
|
||
. Added oci8.prefetch_lob_size directive to tune LOB query performance
|
||
. Support for building against Oracle Client libraries 10.1 and 10.2 has been
|
||
dropped. Oracle Client libraries 11.2 or newer are now required.
|
||
|
||
- ODBC:
|
||
. Fixed bug GH-8300 (User input not escaped when building connection string).
|
||
(Calvin Buckley)
|
||
. Fixed bug GH-9347 (Current ODBC liveness checks may be inadequate). (Calvin
|
||
Buckley)
|
||
|
||
- Opcache:
|
||
. Allocate JIT buffer close to PHP .text segemnt to allow using direct
|
||
IP-relative calls and jumps.
|
||
(Su Tao, Wang Xue, Chen Hu, Lizhen Lizhen, Dmitry)
|
||
. Added initial support for JIT performance profiling generation
|
||
for macOs Instrument. (David Carlier)
|
||
. Fixed bug GH-8030 (Segfault with JIT and large match/switch statements).
|
||
(Arnaud)
|
||
. Added JIT support improvement for macOs for segments and executable permission
|
||
bit handling. (David Carlier)
|
||
. Added JIT buffer allocation near the .text section on FreeNSD. (David Carlier)
|
||
. Fixed bug GH-9371 (Crash with JIT on mac arm64)
|
||
(jdp1024/David Carlier)
|
||
. Fixed bug GH-9259 (opcache.interned_strings_buffer setting integer
|
||
overflow). (Arnaud)
|
||
. Added indirect call reduction for jit on x86 architectures. (wxue1)
|
||
|
||
- OPcache:
|
||
. Fixed bug GH-9164 (Segfault in zend_accel_class_hash_copy).
|
||
(Arnaud, Sergei Turchanov)
|
||
|
||
- OpenSSL:
|
||
. Discard poll calls on socket when no timeout/non blocking/MSG_DONTWAIT. (Max Kellermann)
|
||
. Fixed bug GH-9310 (SSL local_cert and local_pk do not respect
|
||
open_basedir). (Jakub Zelenka)
|
||
. Implement FR #76935 ("chacha20-poly1305" is an AEAD but does not work like
|
||
AEAD). (Jakub Zelenka)
|
||
. Added openssl_cipher_key_length function. (Jakub Zelenka)
|
||
. Fixed bug GH-9517 (Compilation error openssl extension related to PR
|
||
GH-9366). (Jakub Zelenka)
|
||
. Fixed missing clean up of OpenSSL engine list - attempt to fix GH-8620.
|
||
(Jakub Zelenka)
|
||
. Fixed bug GH-8430 (OpenSSL compiled with no-md2, no-md4 or no-rmd160 does
|
||
not build). (Jakub Zelenka, fsbruva)
|
||
|
||
- PCNTL:
|
||
. Fixed pcntl_(get|set)priority error handling for MacOS. (Juan Morales)
|
||
|
||
- PCRE:
|
||
. Implemented FR #77726 (Allow null character in regex patterns). (tobil4sk)
|
||
. Updated bundled libpcre to 10.40. (cmb)
|
||
|
||
- PDO:
|
||
. Fixed bug GH-9818 (Initialize run time cache in PDO methods).
|
||
(Florian Sowade)
|
||
|
||
- PDO_Firebird:
|
||
. Fixed bug GH-8576 (Bad interpretation of length when char is UTF-8). (cmb)
|
||
|
||
- PDO_ODBC:
|
||
. Fixed bug #80909 (crash with persistent connections in PDO_ODBC). (Calvin
|
||
Buckley)
|
||
. Fixed bug GH-8300 (User input not escaped when building connection string).
|
||
(Calvin Buckley)
|
||
. Fixed bug GH-9347 (Current ODBC liveness checks may be inadequate). (Calvin
|
||
Buckley)
|
||
. Fixed bug GH-9372 (HY010 when binding overlong parameter). (cmb)
|
||
|
||
- PDO_PGSQL:
|
||
. Fixed bug GH-9411 (PgSQL large object resource is incorrectly closed).
|
||
(Yurunsoft)
|
||
|
||
- Random:
|
||
. Added new random extension. (Go Kudo)
|
||
. Fixed bug GH-9067 (random extension is not thread safe). (cmb)
|
||
. Fixed bug GH-9055 (segmentation fault if user engine throws). (timwolla)
|
||
. Fixed bug GH-9066 (signed integer overflow). (zeriyoshi)
|
||
. Fixed bug GH-9083 (undefined behavior during shifting). (timwolla)
|
||
. Fixed bug GH-9088, GH-9056 (incorrect expansion of bytes when
|
||
generating uniform integers within a given range). (timwolla)
|
||
. Fixed bug GH-9089 (Fix memory leak on Randomizer::__construct()
|
||
call twice). (zeriyoshi)
|
||
. Fixed bug GH-9212 (PcgOneseq128XslRr64::jump() should not allow negative
|
||
$advance). (Anton Smirnov)
|
||
. Changed Mt19937 to throw a ValueError instead of InvalidArgumentException
|
||
for invalid $mode. (timwolla)
|
||
. Splitted Random\Randomizer::getInt() (without arguments) to
|
||
Random\Randomizer::nextInt(). (zeriyoshi)
|
||
. Fixed bug GH-9235 (non-existant $sequence parameter in stub for
|
||
PcgOneseq128XslRr64::__construct()). (timwolla)
|
||
. Fixed bug GH-9190, GH-9191 (undefined behavior for MT_RAND_PHP when
|
||
handling large ranges). (timwolla)
|
||
. Fixed bug GH-9249 (Xoshiro256StarStar does not reject the invalid
|
||
all-zero state). (timwolla)
|
||
. Removed redundant RuntimeExceptions from Randomizer methods. The
|
||
exceptions thrown by the engines will be exposed directly. (timwolla)
|
||
. Added extension specific Exceptions/Errors (RandomException, RandomError,
|
||
BrokenRandomEngineError). (timwolla)
|
||
. Fixed bug GH-9415 (Randomizer::getInt(0, 2**32 - 1) with Mt19937
|
||
always returns 1). (timwolla)
|
||
. Fixed Randomizer::getInt() consistency for 32-bit engines. (timwolla)
|
||
. Fixed bug GH-9464 (build on older macOs releases). (David Bohman)
|
||
. Fixed bug GH-9839 (Pre-PHP 8.2 output compatibility for non-mt_rand()
|
||
functions for MT_RAND_PHP). (timwolla)
|
||
|
||
- Reflection:
|
||
. Added ReflectionFunction::isAnonymous(). (Nicolas Grekas)
|
||
. Added ReflectionMethod::hasPrototype(). (Ollie Read)
|
||
. Narrow ReflectionEnum::getBackingType() return type to ReflectionNamedType.
|
||
(SamMousa)
|
||
. Fixed bug GH-8932 (ReflectionFunction provides no way to get the called
|
||
class of a Closure). (cmb, Nicolas Grekas)
|
||
|
||
- Session:
|
||
. Fixed bug GH-7787 (Improve session write failure message for user error
|
||
handlers). (ilutov)
|
||
. Fixed GH-9200 (setcookie has an obsolete expires date format). (timwolla)
|
||
. Fixed GH-9584 (Avoid memory corruption when not unregistering custom session
|
||
handler). (ilutov)
|
||
. Fixed bug GH-9583 (session_create_id() fails with user defined save handler
|
||
that doesn't have a validateId() method). (Girgias)
|
||
|
||
- SOAP:
|
||
. Fixed bug GH-9720 (Null pointer dereference while serializing the response).
|
||
(cmb)
|
||
|
||
- Sockets:
|
||
. Added TCP_NOTSENT_LOWAT socket option. (David Carlier)
|
||
. Added SO_MEMINFO socket option. (David Carlier)
|
||
. Added SO_RTABLE socket option (OpenBSD), equivalent of SO_MARK (Linux).
|
||
(David Carlier)
|
||
. Added TCP_KEEPALIVE, TCP_KEEPIDLE, TCP_KEEPINTVL, TCP_KEEPCNT socket
|
||
options. (David Carlier)
|
||
. Added ancillary data support for FreeBSD. (David Carlier)
|
||
. Added ancillary data support for NetBSD. (David Carlier)
|
||
. Added SO_BPF_EXTENSIONS socket option. (David Carlier)
|
||
. Added SO_SETFIB socket option. (David Carlier)
|
||
. Added TCP_CONGESTION socket option. (David Carlier)
|
||
. Added SO_ZEROCOPY/MSG_ZEROCOPY options. (David Carlier)
|
||
. Added SOL_FILTER socket option for Solaris. (David Carlier)
|
||
. Fixed socket constants regression as of PHP 8.2.0beta3. (Bruce Dou)
|
||
|
||
- Sodium:
|
||
. Added sodium_crypto_stream_xchacha20_xor_ic(). (Scott)
|
||
|
||
- SPL:
|
||
. Uses safe_erealloc instead of erealloc to handle heap growth
|
||
for the SplHeap::insert method to avoid possible overflows. (David Carlier)
|
||
. Widen iterator_to_array() and iterator_count()'s $iterator parameter to
|
||
iterable. (timwolla)
|
||
. Fixed bug #69181 (READ_CSV|DROP_NEW_LINE drops newlines within fields).
|
||
(cmb)
|
||
. Fixed bug #65069 (GlobIterator incorrect handling of open_basedir check).
|
||
(Jakub Zelenka)
|
||
|
||
- SQLite3:
|
||
. Changed sqlite3.defensive from PHP_INI_SYSTEM to PHP_INI_USER. (bohwaz)
|
||
|
||
- Standard:
|
||
. net_get_interfaces() also reports wireless network interfaces on Windows.
|
||
(Yurun)
|
||
. Finished AVIF support in getimagesize(). (Yannis Guyon)
|
||
. Fixed bug GH-7847 (stripos with large haystack has bad performance).
|
||
(ilutov)
|
||
. New function memory_reset_peak_usage(). (Patrick Allaert)
|
||
. Fixed parse_url(): can not recognize port without scheme. (pandaLIU)
|
||
. Deprecated utf8_encode() and utf8_decode(). (Rowan Tommins)
|
||
. Fixed the crypt_sha256/512 api build with clang > 12. (David Carlier)
|
||
. Uses safe_erealloc instead of erealloc to handle options in getopt
|
||
to avoid possible overflows. (David Carlier)
|
||
. Implemented FR GH-8924 (str_split should return empty array for empty
|
||
string). (Michael Vorisek)
|
||
. Added ini_parse_quantity function to convert ini quantities shorthand
|
||
notation to int. (Dennis Snell)
|
||
. Enable arc4random_buf for Linux glibc 2.36 and onwards
|
||
for the random_bytes. (Cristian Rodriguez)
|
||
. Uses CCRandomGenerateBytes instead of arc4random_buf on macOs. (David Carlier).
|
||
. Fixed bug #65489 (glob() basedir check is inconsistent). (Jakub Zelenka)
|
||
. Fixed GH-9200 (setcookie has an obsolete expires date format). (Derick)
|
||
. Fixed GH-9244 (Segfault with array_multisort + array_shift). (cmb)
|
||
. Fixed bug GH-9296 (`ksort` behaves incorrectly on arrays with mixed keys).
|
||
(Denis Vaksman)
|
||
. Marked crypt()'s $string parameter as #[\SensitiveParameter]. (timwolla)
|
||
. Fixed bug GH-9464 (build on older macOs releases). (David Bohman)
|
||
. Fixed bug GH-9518 (Disabling IPv6 support disables unrelated constants).
|
||
(cmb)
|
||
. Revert "Fixed parse_url(): can not recognize port without scheme."
|
||
(andypost)
|
||
|
||
- Streams:
|
||
. Set IP_BIND_ADDRESS_NO_PORT if available when connecting to remote host.
|
||
(Cristian Rodríguez)
|
||
. Fixed bug GH-8548 (stream_wrapper_unregister() leaks memory). (ilutov)
|
||
. Discard poll calls on socket when no timeout/non blocking/MSG_DONTWAIT. (Max Kellermann)
|
||
. Fixed bug GH-9316 ($http_response_header is wrong for long status line).
|
||
(cmb, timwolla)
|
||
. Fixed bug GH-9590 (stream_select does not abort upon exception or empty
|
||
valid fd set). (Arnaud)
|
||
. Fixed bug GH-9653 (file copy between different filesystems). (David Carlier)
|
||
. Fixed bug GH-9779 (stream_copy_to_stream fails if dest in append mode).
|
||
(Jakub Zelenka)
|
||
|
||
- Windows:
|
||
. Added preliminary support for (cross-)building for ARM64. (Yun Dou)
|
||
|
||
- XML:
|
||
. Added libxml_get_external_entity_loader() function. (Tim Starling)
|
||
|
||
- Zip:
|
||
. add ZipArchive::clearError() method
|
||
. add ZipArchive::getStreamName() method
|
||
. add ZipArchive::getStreamIndex() method
|
||
. On Windows, the Zip extension is now built as shared library (DLL) by
|
||
default. (cmb)
|
||
. Implement fseek for zip stream when possible with libzip 1.9.1. (Remi)
|