pgajdos/php8
SHA256
1
0
Fork 0
forked from pool/php8
Code Pull Requests Activity

Compare commits

merge into: pgajdos:factory
Branches Tags
pgajdos:factory pgajdos:slfo-main pgajdos:slfo-1.2 pool:factory pool:slfo-main pool:slfo-1.2
...
pull from: pool:slfo-main
Branches Tags
pool:factory pool:slfo-main pool:slfo-1.2 pgajdos:factory pgajdos:slfo-main pgajdos:slfo-1.2

2 Commits
factory ... slfo-main

Author SHA256 Message Date
Petr Gajdos
e7e5c0f231 version update to 8.4.16 2026-01-07 12:39:38 +01:00
Petr Gajdos
71d809acc8 main package require wwwrun:www user as it assumes it in filelist 2025-12-18 11:24:52 +01:00
7 changed files with 381 additions and 45 deletions
Expand all files Collapse all files

BIN
php-8.4.10.tar.xz LFS
View File

Binary file not shown.

16
php-8.4.10.tar.xz.asc
View File

@@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEBhbpPZWvRxJD4mdhdwQm4X67s90FAmhkmUAACgkQdwQm4X67
s903TA/6AkonwSTFryS9cZzV03soHgS0eJqKNsf+pgIS+YiY+NUAe6Jl3TlKx5FX
3qKalCfUKDaWZX8Gso7psHHyY0a6oC3HD/xe8NV29VR1Zxe7dvqS2ovCu+7ek2wF
kyK2S7P7bRSIi9w5AMAHbVUbiOFB2AE98aBJ+H0n+kc50QltG4xe2/zcrx92fmwY
2aH8K/M4GsuPV+8pzpdSPT3yIa/iEknHf+1GfDy76+2D2gW9x2wr20QOJdEpr4kc
N6BoaZU+IrADT1pB04zYyeIy0a8gAXoHzUHsu2NW+rLOxYywtB1Xex7pQlEJw7h1
hNSvvAhJBQ1lYJQeF7o/a7ybplYe/2ypb9hjMsuvitncVl5JYvY2Ok9yxR8IxIUT
ryks9JezDD+xFuBeGqg1lOh1EiNHlJrvDeCz48KMKnOyWQNNrry98yr1mKRYft3Q
MLEIvj8ea13mEpBOd0Z2xwRUhYoMJrOymHFEEfprdFH0Sa2aThCUW3xEaPl2miAV
LsDjEthCNEnKA3AX5X1HEpbHm4g+ni/AK22if1IPrf94/oeENnDW5l4cktZt2h89
z/yToRjyh4yGbFWReC4KHx5vmNVEx7ltDfQEFuuCUzISaJMr48RPcSvzpqh//NHS
wYNXwIXSo/gN6U3XKAJWFenuvQLtd+/GUo3YzfNmx0+Pp2s8QI8=
=zmRy
-----END PGP SIGNATURE-----

BIN
php-8.4.16.tar.xz LFS Normal file
View File

Binary file not shown.

16
php-8.4.16.tar.xz.asc Normal file
View File

@@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEBhbpPZWvRxJD4mdhdwQm4X67s90FAmlBhAYACgkQdwQm4X67
s91cJA/6ApQMxSiKzPNb9H16elfGQ5xxpPdOiLphtfSXDrwfAkuXTMGLa1H6wM3y
pTl0dLE8n13lHoUHFhI6Ytw24ny+NEewWjODOc0N7WT8JaJJGdtV9S3gQVukzxPV
VgfB6Ikro0WDAaN5kbYt4MKlICvwBvVOyQ/qNR0NjzyIcnYKA2EiDM6vgImLW34c
6zys7H/pR9HZS6gQMwNXndHuyzkgsy5T7+FzJq0Ihj1V0ymWJFm9VOVIEos1siQ6
547VF0W5xj7nVDZStt7hkAaJUBYWqN2vrchRsO3uSW+cPO8XNSSjtvs8l0pb3qm/
nr4HKqC4fDcp5h5L7PlePhaQFP8G6lyaKi85gfzC44pfUGZixjkwuLE71L4QFQTa
YE7FaHgjoC6fxiSDp1MK5a+1REPuDJFAzSBs54JlgsiQIjM/SqZbhnzaKhXLLw6M
ovU2/GOvGhslj9EnFnzFOUrNfiG0v2cFNbZ7AYjPt6yRov32n0SV6QCkv2+q0KEK
C1isYyy4ofTQKVDoQP1Fcb6USyDPHV6b2CvTHYwR2/+/mT8w3xI/NEgQqr53fy8x
eZxYSMFXJ6rx5TRZzKdPwgzPu3j5IZSmXII9am6bJSYKyp8hxWq6DJ+Oatk06CAA
mP91xlA82UcM0XGH9ReRTzrV7C7KBE6jRkj6A3HjImkYbeDR6+A=
=LDlD
-----END PGP SIGNATURE-----

46
php-build-reproducible-phar.patch
View File

@@ -16,11 +16,11 @@ Signed-off-by: Arjen de Korte <build+github@de-korte.org>
ext/phar/zip.c | 2 +-
6 files changed, 18 insertions(+), 5 deletions(-)
Index: php-8.4.10/ext/phar/phar.c
Index: php-8.4.16/ext/phar/phar.c
===================================================================
--- php-8.4.10.orig/ext/phar/phar.c
+++ php-8.4.10/ext/phar/phar.c
@@ -2965,7 +2965,7 @@ void phar_flush_ex(phar_archive_data *ph
--- php-8.4.16.orig/ext/phar/phar.c
+++ php-8.4.16/ext/phar/phar.c
@@ -2936,7 +2936,7 @@ int phar_flush_ex(phar_archive_data *pha
4: metadata-len
+: metadata
*/
@@ -29,10 +29,10 @@ Index: php-8.4.10/ext/phar/phar.c
phar_set_32(entry_buffer, entry->uncompressed_filesize);
phar_set_32(entry_buffer+4, mytime);
phar_set_32(entry_buffer+8, entry->compressed_filesize);
Index: php-8.4.10/ext/phar/phar_internal.h
Index: php-8.4.16/ext/phar/phar_internal.h
===================================================================
--- php-8.4.10.orig/ext/phar/phar_internal.h
+++ php-8.4.10/ext/phar/phar_internal.h
--- php-8.4.16.orig/ext/phar/phar_internal.h
+++ php-8.4.16/ext/phar/phar_internal.h
@@ -315,6 +315,21 @@ static inline php_stream *phar_get_pharf
return PHAR_G(cached_fp)[phar->phar_pos].fp;
}
@@ -55,24 +55,24 @@ Index: php-8.4.10/ext/phar/phar_internal.h
static inline enum phar_fp_type phar_get_fp_type(const phar_entry_info *entry)
{
if (!entry->is_persistent) {
Index: php-8.4.10/ext/phar/stream.c
Index: php-8.4.16/ext/phar/stream.c
===================================================================
--- php-8.4.10.orig/ext/phar/stream.c
+++ php-8.4.10/ext/phar/stream.c
@@ -474,7 +474,7 @@ static int phar_stream_flush(php_stream
--- php-8.4.16.orig/ext/phar/stream.c
+++ php-8.4.16/ext/phar/stream.c
@@ -473,7 +473,7 @@ static int phar_stream_flush(php_stream
phar_entry_data *data = (phar_entry_data *) stream->abstract;
if (data->internal_file->is_modified) {
- data->internal_file->timestamp = time(0);
+ data->internal_file->timestamp = source_date_epoch_time(0);
phar_flush(data->phar, &error);
ret = phar_flush(data->phar, &error);
if (error) {
php_stream_wrapper_log_error(stream->wrapper, REPORT_ERRORS, "%s", error);
Index: php-8.4.10/ext/phar/tar.c
Index: php-8.4.16/ext/phar/tar.c
===================================================================
--- php-8.4.10.orig/ext/phar/tar.c
+++ php-8.4.10/ext/phar/tar.c
@@ -972,7 +972,7 @@ void phar_tar_flush(phar_archive_data *p
--- php-8.4.16.orig/ext/phar/tar.c
+++ php-8.4.16/ext/phar/tar.c
@@ -972,7 +972,7 @@ int phar_tar_flush(phar_archive_data *ph
char *buf, *signature, sigbuf[8];
entry.flags = PHAR_ENT_PERM_DEF_FILE;
@@ -81,10 +81,10 @@ Index: php-8.4.10/ext/phar/tar.c
entry.is_modified = 1;
entry.is_crc_checked = 1;
entry.is_tar = 1;
Index: php-8.4.10/ext/phar/util.c
Index: php-8.4.16/ext/phar/util.c
===================================================================
--- php-8.4.10.orig/ext/phar/util.c
+++ php-8.4.10/ext/phar/util.c
--- php-8.4.16.orig/ext/phar/util.c
+++ php-8.4.16/ext/phar/util.c
@@ -701,7 +701,7 @@ phar_entry_data *phar_get_or_create_entr
phar_add_virtual_dirs(phar, path, path_len);
@@ -94,11 +94,11 @@ Index: php-8.4.10/ext/phar/util.c
etemp.is_crc_checked = 1;
etemp.phar = phar;
etemp.filename = estrndup(path, path_len);
Index: php-8.4.10/ext/phar/zip.c
Index: php-8.4.16/ext/phar/zip.c
===================================================================
--- php-8.4.10.orig/ext/phar/zip.c
+++ php-8.4.10/ext/phar/zip.c
@@ -1271,7 +1271,7 @@ void phar_zip_flush(phar_archive_data *p
--- php-8.4.16.orig/ext/phar/zip.c
+++ php-8.4.16/ext/phar/zip.c
@@ -1251,7 +1251,7 @@ int phar_zip_flush(phar_archive_data *ph
pass.error = &temperr;
entry.flags = PHAR_ENT_PERM_DEF_FILE;

336
php8.changes
View File

@@ -1,3 +1,339 @@
-------------------------------------------------------------------
Fri Dec 19 07:51:15 UTC 2025 - Petr Gajdos <pgajdos@suse.com>
- version update to 8.4.16
Core:
Sync all boost.context files with release 1.86.0.
Fixed bug GH-20435 (SensitiveParameter doesn't work for named argument passing to variadic parameter).
Fixed bug GH-20286 (use-after-destroy during userland stream_close()).
Bz2:
Fix assertion failures resulting in crashes with stream filter object parameters.
Date:
Fix crashes when trying to instantiate uninstantiable classes via date static constructors.
DOM:
Fix memory leak when edge case is hit when registering xpath callback.
Fixed bug GH-20395 (querySelector and querySelectorAll requires elements in $selectors to be lowercase).
Fix missing NUL byte check on C14NFile().
Fibers:
Fixed bug GH-20483 (ASAN stack overflow with fiber.stack_size INI small value).
FTP:
Fixed bug GH-20601 (ftp_connect overflow on timeout).
GD:
Fixed bug GH-20511 (imagegammacorrect out of range input/output values).
Fixed bug GH-20602 (imagescale overflow with large height values).
Intl:
Fixed bug GH-20426 (Spoofchecker::setRestrictionLevel() error message suggests missing constants).
LibXML:
Fix some deprecations on newer libxml versions regarding input buffer/parser handling.
MbString:
Fixed bug GH-20491 (SLES15 compile error with mbstring oniguruma).
Fixed bug GH-20492 (mbstring compile warning due to non-strings).
MySQLnd:
Fixed bug GH-20528 (Regression breaks mysql connexion using an IPv6 address enclosed in square brackets).
Opcache:
Fixed bug GH-20329 (opcache.file_cache broken with full interned string buffer).
PDO:
Fixed GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). (CVE-2025-14180)
Phar:
Fixed bug GH-20442 (Phar does not respect case-insensitiveness of __halt_compiler() when reading stub).
Fix broken return value of fflush() for phar file entries.
Fix assertion failure when fseeking a phar file out of bounds.
PHPDBG:
Fixed ZPP type violation in phpdbg_get_executable() and phpdbg_end_oplog().
SPL:
Fixed bug GH-20614 (SplFixedArray incorrectly handles references in deserialization).
Standard:
Fix memory leak in array_diff() with custom type checks.
Fixed bug GH-20583 (Stack overflow in http_build_query via deep structures).
Fixed GHSA-www2-q4fc-65wf (Null byte termination in dns_get_record()).
Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in array_merge()). (CVE-2025-14178)
Fixed GHSA-3237-qqm7-mfv7 (Information Leak of Memory in getimagesize). (CVE-2025-14177)
Tidy:
Fixed bug GH-20374 (PHP with tidy and custom-tags).
XML:
Fixed bug GH-20439 (xml_set_default_handler() does not properly handle special characters in attributes when passing data to callback).
Zip:
Fix crash in property existence test.
Don't truncate return value of zip_fread() with user sizes.
Zlib:
Fix assertion failures resulting in crashes with stream filter object parameters.
- fixes CVE-2025-14178 [bsc#1255711]
CVE-2025-14180 [bsc#1255712]
CVE-2025-14177 [bsc#1255710]
-------------------------------------------------------------------
Thu Dec 18 09:34:11 UTC 2025 - Petr Gajdos <pgajdos@suse.com>
- main package require wwwrun:www user as it assumes it in filelist
[bsc#1255043]
-------------------------------------------------------------------
Thu Nov 20 14:46:37 UTC 2025 - pgajdos@suse.com
- version update to 8.4.15
Core:
Fixed bug GH-19934 (CGI with auto_globals_jit=0 causes uouv).
Fixed bug GH-20073 (Assertion failure in WeakMap offset operations on reference).
Fixed bug GH-20085 (Assertion failure when combining lazy object get_properties exception with foreach loop).
Fixed bug GH-19844 (Don't bail when closing resources on shutdown).
Fixed bug GH-20177 (Accessing overridden private property in get_object_vars() triggers assertion error).
Fixed bug GH-20270 (Broken parent hook call with named arguments).
Fixed bug GH-20183 (Stale EG(opline_before_exception) pointer through eval).
DOM:
Partially fixed bug GH-16317 (DOM classes do not allow __debugInfo() overrides to work).
Fixed bug GH-20281 (\Dom\Document::getElementById() is inconsistent after nodes are removed).
Exif:
Fix possible memory leak when tag is empty.
FPM:
Fixed bug GH-19974 (fpm_status_export_to_zval segfault for parallel execution).
FTP:
Fixed bug GH-20240 (FTP with SSL: ftp_fput(): Connection timed out on successful writes).
GD:
Fixed bug GH-20070 (Return type violation in imagefilter when an invalid filter is provided).
Intl:
Fix memory leak on error in locale_filter_matches().
LibXML:
Fix not thread safe schema/relaxng calls.
MySQLnd:
Fixed bug GH-8978 (SSL certificate verification fails (port doubled)).
Fixed bug GH-20122 (getColumnMeta() for JSON-column in MySQL).
Opcache:
Fixed bug GH-20081 (access to uninitialized vars in preload_load()).
Fixed bug GH-20121 (JIT broken in ZTS builds on MacOS 15).
Fixed bug GH-19875 (JIT 1205 segfault on large file compiled in subprocess).
Fixed bug GH-20012 (heap buffer overflow in jit).
Partially fixed bug GH-17733 (Avoid calling wrong function when reusing file caches across differing environments).
PgSql:
Fix memory leak when first string conversion fails.
Fix segfaults when attempting to fetch row into a non-instantiable class name.
Phar:
Fix memory leak of argument in webPhar.
Fix memory leak when setAlias() fails.
Fix a bunch of memory leaks in phar_parse_zipfile() error handling.
Fix file descriptor/memory leak when opening central fp fails.
Fix memleak+UAF when opening temp stream in buildFromDirectory() fails.
Fix potential buffer length truncation due to usage of type int instead of type size_t.
Fix memory leak when openssl polyfill returns garbage.
Fix file descriptor leak in phar_zip_flush() on failure.
Fix memory leak when opening temp file fails while trying to open gzip-compressed archive.
Fixed bug GH-20302 (Freeing a phar alias may invalidate PharFileInfo objects).
Random:
Fix Randomizer::__serialize() w.r.t. INDIRECTs.
Reflection:
Fixed bug GH-20217 (ReflectionClass::isIterable() incorrectly returns true for classes with property hooks).
SimpleXML:
Partially fixed bug GH-16317 (SimpleXML does not allow __debugInfo() overrides to work).
Streams:
Fixed bug GH-19798: XP_SOCKET XP_SSL (Socket stream modules): Incorrect condition for Win32/Win64.
Tidy:
Fixed GH-19021 (improved tidyOptGetCategory detection).
Fix UAF in tidy when tidySetErrorBuffer() fails.
XMLReader:
Fix arginfo/zpp violations when LIBXML_SCHEMAS_ENABLED is not available.
-------------------------------------------------------------------
Thu Oct 23 19:02:50 UTC 2025 - Arjen de Korte <suse+build@de-korte.org>
- version update to 8.4.14
Core:
Fixed bug GH-19765 (object_properties_load() bypasses readonly property checks).
Fixed hard_timeout with --enable-zend-max-execution-timers.
Fixed bug GH-19792 (SCCP causes UAF for return value if both warning and exception are triggered).
Fixed bug GH-19653 (Closure named argument unpacking between temporary closures can cause a crash).
Fixed bug GH-19839 (Incorrect HASH_FLAG_HAS_EMPTY_IND flag on userland array).
Fixed bug GH-19480 (error_log php.ini cannot be unset when open_basedir is configured).
Fixed bug GH-20002 (Broken build on *BSD with MSAN).
CLI:
Fix useless "Failed to poll event" error logs due to EAGAIN in CLI server with PHP_CLI_SERVER_WORKERS.
Curl:
Fix cloning of CURLOPT_POSTFIELDS when using the clone operator instead of the curl_copy_handle() function to clone a CurlHandle.
Fix curl build and test failures with version 8.16.
Date:
Fixed GH-17159: "P" format for ::createFromFormat swallows string literals.
DOM:
Fix macro name clash on macOS.
Fixed bug GH-20022 (docker-php-ext-install DOM failed).
GD:
Fixed GH-19955 (imagefttext() memory leak).
MySQLnd:
Fixed bug #67563 (mysqli compiled with mysqlnd does not take ipv6 adress as parameter).
Opcache:
Fixed bug GH-19669 (assertion failure in zend_jit_trace_type_to_info_ex).
Fixed bug GH-19831 (function JIT may not deref property value).
Fixed bug GH-19889 (race condition in zend_runtime_jit(), zend_jit_hot_func()).
Phar:
Fix memory leak and invalid continuation after tar header writing fails.
Fix memory leaks when creating temp file fails when applying zip signature.
SimpleXML:
Fixed bug GH-19988 (zend_string_init with NULL pointer in simplexml (UB)).
Soap:
Fixed bug GH-19784 (SoapServer memory leak).
Fixed bug GH-20011 (Array of SoapVar of unknown type causes crash).
Standard:
Fixed bug GH-12265 (Cloning an object breaks serialization recursion).
Fixed bug GH-19701 (Serialize/deserialize loses some data).
Fixed bug GH-19801 (leaks in var_dump() and debug_zval_dump()).
Fixed bug GH-20043 (array_unique assertion failure with RC1 array causing an exception on sort).
Fixed bug GH-19926 (reset internal pointer earlier while splicing array while COW violation flag is still set).
Fixed bug GH-19570 (unable to fseek in /dev/zero and /dev/null).
Streams:
Fixed bug GH-19248 (Use strerror_r instead of strerror in main).
Fixed bug GH-17345 (Bug #35916 was not completely fixed).
Fixed bug GH-19705 (segmentation when attempting to flush on non seekable stream.
XMLReader:
Fixed bug GH-20009 (XMLReader leak on RelaxNG schema failure).
Zip:
Fixed bug GH-19688 (Remove pattern overflow in zip addGlob()).
Fixed bug GH-19932 (Memory leak in zip setEncryptionName()/setEncryptionIndex()).
-------------------------------------------------------------------
Fri Sep 26 06:27:17 UTC 2025 - pgajdos@suse.com
- version update to 8.4.13
Core:
Fixed bug GH-18850 (Repeated inclusion of file with __halt_compiler() triggers "Constant already defined" warning).
Partially fixed bug GH-19542 (Scanning of string literals >=2GB will fail due to signed int overflow).
Fixed bug GH-19544 (GC treats ZEND_WEAKREF_TAG_MAP references as WeakMap references).
Fixed bug GH-19613 (Stale array iterator pointer).
Fixed bug GH-19679 (zend_ssa_range_widening may fail to converge).
Fixed bug GH-19681 (PHP_EXPAND_PATH broken with bash 5.3.0).
Fixed bug GH-19720 (Assertion failure when error handler throws when accessing a deprecated constant).
CLI:
Fixed bug GH-19461 (Improve error message on listening error with IPv6 address).
Date:
Fixed date_sunrise() and date_sunset() with partial-hour UTC offset.
DBA:
Fixed bug GH-19706 (dba stream resource mismanagement).
DOM:
Fixed bug GH-19612 (Mitigate libxml2 tree dictionary bug).
FPM:
Fixed failed debug assertion when php_admin_value setting fails.
Intl:
Fixed bug GH-11952 (Fix locale strings canonicalization for IntlDateFormatter and NumberFormatter).
Opcache:
Fixed bug GH-19493 (JIT variable not stored before YIELD).
OpenSSL:
Fixed bug GH-19245 (Success error message on TLS stream accept failure).
PGSQL:
Fixed bug GH-19485 (potential use after free when using persistent pgsql connections).
Phar:
Fixed memory leaks when verifying OpenSSL signature.
Fix memory leak in phar tar temporary file error handling code.
Fix metadata leak when phar convert logic fails.
Fix memory leak on failure in phar_convert_to_other().
Fixed bug GH-19752 (Phar decompression with invalid extension can cause UAF).
Standard:
Fixed bug GH-16649 (UAF during array_splice).
Fixed bug GH-19577 (Avoid integer overflow when using a small offset and PHP_INT_MAX with LimitIterator).
Streams:
Remove incorrect call to zval_ptr_dtor() in user_wrapper_metadata().
Fix OSS-Fuzz #385993744.
Zip:
Fix memory leak in zip when encountering empty glob result.
-------------------------------------------------------------------
Thu Aug 28 15:30:21 UTC 2025 - pgajdos@suse.com
- version update to 8.4.12
Core:
Fixed GH-19169 build issue with C++17 and ZEND_STATIC_ASSERT macro.
Fixed bug GH-19053 (Duplicate property slot with hooks and interface property).
Fixed bug GH-19044 (Protected properties are not scoped according to their prototype).
Fixed bug GH-18581 (Coerce numeric string keys from iterators when argument unpacking).
Fixed OSS-Fuzz #434346548 (Failed assertion with throwing __toString in binary const expr).
Fixed bug GH-19305 (Operands may be being released during comparison).
Fixed bug GH-19303 (Unpacking empty packed array into uninitialized array causes assertion failure).
Fixed bug GH-19306 (Generator can be resumed while fetching next value from delegated Generator).
Fixed bug GH-19326 (Calling Generator::throw() on a running generator with a non-Generator delegate crashes).
Fixed bug GH-19280 (Stale array iterator position on rehashing).
Fixed bug GH-18736 (Circumvented type check with return by ref + finally).
Fixed bug GH-19065 (Long match statement can segfault compiler during recursive SSA renaming).
Calendar:
Fixed bug GH-19371 (integer overflow in calendar.c).
FTP:
Fix theoretical issues with hrtime() not being available.
GD:
Fix incorrect comparison with result of php_stream_can_cast().
Hash:
Fix crash on clone failure.
Intl:
Fix memleak on failure in collator_get_sort_key().
Fix return value on failure for resourcebundle count handler.
LDAP:
Fixed bug GH-18529 (additional inheriting of TLS int options).
LibXML:
Fixed bug GH-19098 (libxml<2.13 segmentation fault caused by php_libxml_node_free).
MbString:
Fixed bug GH-19397 (mb_list_encodings() can cause crashes on shutdown).
Opcache:
Reset global pointers to prevent use-after-free in zend_jit_status().
Fix issue with JIT restart and hooks.
Fix crash with dynamic function defs in hooks during preload.
OpenSSL:
Fixed bug GH-18986 (OpenSSL backend: incorrect RAND_{load,write}_file() return value check).
Fix error return check of EVP_CIPHER_CTX_ctrl().
Fixed bug GH-19428 (openssl_pkey_derive segfaults for DH derive with low key_length param).
PDO Pgsql:
Fixed dangling pointer access on _pdo_pgsql_trim_message helper.
SOAP:
Fixed bug GH-18640 (heap-use-after-free ext/soap/php_encoding.c:299:32 in soap_check_zval_ref).
Sockets:
Fix some potential crashes on incorrect argument value.
Standard:
Fixed OSS Fuzz #433303828 (Leak in failed unserialize() with opcache).
Fix theoretical issues with hrtime() not being available.
Fixed bug GH-19300 (Nested array_multisort invocation with error breaks).
Windows:
Free opened_path when opened_path_len >= MAXPATHLEN.
-------------------------------------------------------------------
Fri Aug 8 20:10:09 UTC 2025 - Arjen de Korte <suse+build@de-korte.org>
- version update to 8.4.11
Calendar:
Fixed jewishtojd overflow on year argument.
Core:
Fixed bug GH-18833 (Use after free with weakmaps dependent on destruction order).
Fixed bug GH-18907 (Leak when creating cycle in hook).
Fix OSS-Fuzz #427814456.
Fix OSS-Fuzz #428983568 and #428760800.
Fixed bug GH-17204 (-Wuseless-escape warnings emitted by re2c).
Fixed bug GH-19064 (Undefined symbol 'execute_ex' on Windows ARM64).
Curl:
Fix memory leaks when returning refcounted value from curl callback.
Remove incorrect string release.
DOM:
Fixed bug GH-18979 (Dom\XMLDocument::createComment() triggers undefined behavior with null byte).
LDAP:
Fixed GH-18902 ldap_exop/ldap_exop_sync assert triggered on empty request OID.
MbString:
Fixed bug GH-18901 (integer overflow mb_split).
Opcache:
Fixed bug GH-18639 (Internal class aliases can break preloading + JIT).
Fixed bug GH-18899 (JIT function crash when emitting undefined variable warning and opline is not set yet).
Fixed bug GH-14082 (Segmentation fault on unknown address 0x600000000018 in ext/opcache/jit/zend_jit.c).
Fixed bug GH-18898 (SEGV zend_jit_op_array_hot with property hooks and preloading).
OpenSSL:
Fixed bug #80770 (It is not possible to get client peer certificate with stream_socket_server).
PCNTL:
Fixed bug GH-18958 (Fatal error during shutdown after pcntl_rfork() or pcntl_forkx() with zend-max-execution-timers).
Phar:
Fix stream double free in phar.
Fix phar crash and file corruption with SplFileObject.
SOAP:
Fixed bug GH-18990, bug #81029, bug #47314 (SOAP HTTP socket not closing on object destruction).
Fix memory leak when URL parsing fails in redirect.
SPL:
Fixed bug GH-19094 (Attaching class with no Iterator implementation to MultipleIterator causes crash).
Standard:
Fix misleading errors in printf().
Fix RCN violations in array functions.
Fixed GH-18976 pack() overflow with h/H format and INT_MAX repeater value.
Streams:
Fixed GH-13264 (fgets() and stream_get_line() do not return false on filter fatal error).
Zip:
Fix leak when path is too long in ZipArchive::extractTo().
-------------------------------------------------------------------
Thu Jul 3 13:05:42 UTC 2025 - pgajdos@suse.com

6
php8.spec
View File

@@ -57,7 +57,7 @@
%bcond_without sodium
Name: %{pprefix}%{php_name}%{psuffix}
Version: 8.4.10
Version: 8.4.16
Release: 0
Summary: Interpreter for the PHP scripting language version 8
License: MIT AND PHP-3.01
@@ -172,6 +172,8 @@ BuildRequires: php-fpm = %{version}
%if "%{flavor}" == ""
Requires: php-sapi = %{version}
Requires: timezone
Requires: group(www)
Requires: user(wwwrun)
Recommends: php-ctype = %{version}
Recommends: php-dom = %{version}
Recommends: php-iconv = %{version}
@@ -325,8 +327,6 @@ Group: Development/Libraries/PHP
BuildRequires: php = %{version}
BuildRequires: pkgconfig(libsystemd) >= 209
Requires: php = %{version}
Requires: group(www)
Requires: user(wwwrun)
Provides: php-fpm = %{version}
Provides: php-sapi = %{version}
Obsoletes: php7-fpm