- version update to 8.3.17
Core:
Fixed bug GH-16892 (ini_parse_quantity() fails to parse inputs starting with 0x0b).
Fixed bug GH-16886 (ini_parse_quantity() fails to emit warning for 0x+0).
Fixed bug GH-17214 (Relax final+private warning for trait methods with inherited final).
Fixed NULL arithmetic during system program execution on Windows.
Fixed potential OOB when checking for trailing spaces on Windows.
Fixed bug GH-17408 (Assertion failure Zend/zend_exceptions.c).
Fix may_have_extra_named_args flag for ZEND_AST_UNPACK.
Fix NULL arithmetic in System V shared memory emulation for Windows.
DOM:
Fixed bug GH-17500 (Segfault with requesting nodeName on nameless doctype).
Enchant:
Fix crashes in enchant when passing null bytes.
FTP:
Fixed bug GH-16800 (ftp functions can abort with EINTR).
GD:
Fixed bug GH-17349 (Tiled truecolor filling looses single color transparency).
Fixed bug GH-17373 (imagefttext() ignores clipping rect for palette images).
Ported fix for libgd 223 (gdImageRotateGeneric() does not properly interpolate).
Intl:
Fixed bug GH-11874 (intl causing segfault in docker images).
Fixed bug GH-17469 (UConverter::transcode always emit E_WARNING on invalid encoding).
Opcache:
Fixed bug GH-17307 (Internal closure causes JIT failure).
Fixed bug GH-17564 (Potential UB when reading from / writing to struct padding).
PDO:
Fixed a memory leak when the GC is used to free a PDOStatment.
Fixed a crash in the PDO Firebird Statement destructor.
Fixed UAFs when changing default fetch class ctor args.
OBS-URL: https://build.opensuse.org/request/show/1245821
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/php8?expand=0&rev=83
- version update to 8.3.16
Core:
Fixed bug GH-17106 (ZEND_MATCH_ERROR misoptimization).
Fixed bug GH-17162 (zend_array_try_init() with dtor can cause engine UAF).
Fixed bug GH-17101 (AST->string does not reproduce constructor property promotion correctly).
Fixed bug GH-17211 (observer segfault on function loaded with dl()).
Fixed bug GH-17216 (Trampoline crash on error).
Date:
Fixed bug GH-14709 DatePeriod::__construct() overflow on recurrences.
DBA:
Skip test if inifile is disabled.
DOM:
Fixed bug GH-17224 (UAF in importNode).
Embed:
Make build command for program using embed portable.
FFI:
Fixed bug #79075 (FFI header parser chokes on comments).
Fix memory leak on ZEND_FFI_TYPE_CHAR conversion failure.
Fixed bug GH-16013 and bug #80857 (Big endian issues).
Filter:
Fixed bug GH-16944 (Fix filtering special IPv4 and IPv6 ranges, by using information from RFC 6890).
FPM:
Fixed bug GH-13437 (FPM: ERROR: scoreboard: failed to lock (already locked)).
Fixed bug GH-17112 (Macro redefinitions).
Fixed bug GH-17208 (bug64539-status-json-encoding.phpt fail on 32-bits).
GD:
Fixed bug GH-16255 (Unexpected nan value in ext/gd/libgd/gd_filter.c).
Ported fix for libgd bug 276 (Sometimes pixels are missing when storing images as BMPs).
Gettext:
Fixed bug GH-17202 (Segmentation fault ext/gettext/gettext.c bindtextdomain()).
OBS-URL: https://build.opensuse.org/request/show/1238427
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/php8?expand=0&rev=81
- version update to 8.3.15
Calendar:
Fixed jdtogregorian overflow.
Fixed cal_to_jd julian_days argument overflow.
COM:
Fixed bug GH-16991 (Getting typeinfo of non DISPATCH variant segfaults).
Core:
Fail early in *nix configuration build script.
Fixed bug GH-16727 (Opcache bad signal 139 crash in ZTS bookworm (frankenphp)).
Fixed bug GH-16799 (Assertion failure at Zend/zend_vm_execute.h:7469).
Fixed bug GH-16630 (UAF in lexer with encoding translation and heredocs).
Fix is_zend_ptr() huge block comparison.
Fixed potential OOB read in zend_dirname() on Windows.
Curl:
Fixed bug GH-16802 (open_basedir bypass using curl extension).
Fix various memory leaks in curl mime handling.
DOM:
Fixed bug GH-16777 (Calling the constructor again on a DOM object after it is in a document causes UAF).
Fixed bug GH-16906 (Reloading document can cause UAF in iterator).
FPM:
Fixed GH-16432 (PHP-FPM 8.2 SIGSEGV in fpm_get_status).
GD:
Fixed GH-16776 (imagecreatefromstring overflow).
GMP:
Fixed bug GH-16890 (array_sum() with GMP can loose precision (LLP64)).
Hash:
Fixed GH-16711: Segfault in mhash().
Opcache:
Fixed bug GH-16770 (Tracing JIT type mismatch when returning UNDEF).
Fixed bug GH-16851 (JIT_G(enabled) not set correctly on other threads).
OBS-URL: https://build.opensuse.org/request/show/1232801
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/php8?expand=0&rev=79
- version update to 8.3.14
CLI:
Fixed bug GH-16373 (Shebang is not skipped for router script in cli-server started through shebang).
Fixed bug GHSA-4w77-75f9-2c8w (Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface).
COM:
Fixed out of bound writes to SafeArray data.
Core:
Fixed bug GH-16168 (php 8.1 and earlier crash immediately when compiled with Xcode 16 clang on macOS 15).
Fixed bug GH-16371 (Assertion failure in Zend/zend_weakrefs.c:646).
Fixed bug GH-16515 (Incorrect propagation of ZEND_ACC_RETURN_REFERENCE for call trampoline).
Fixed bug GH-16509 (Incorrect line number in function redeclaration error).
Fixed bug GH-16508 (Incorrect line number in inheritance errors of delayed early bound classes).
Fixed bug GH-16648 (Use-after-free during array sorting).
Curl:
Fixed bug GH-16302 (CurlMultiHandle holds a reference to CurlHandle if curl_multi_add_handle fails).
Date:
Fixed bug GH-16454 (Unhandled INF in date_sunset() with tiny $utcOffset).
Fixed bug GH-14732 (date_sun_info() fails for non-finite values).
DBA:
Fixed bug GH-16390 (dba_open() can segfault for "pathless" streams).
DOM:
Fixed bug GH-16316 (DOMXPath breaks when not initialized properly).
Add missing hierarchy checks to replaceChild.
Fixed bug GH-16336 (Attribute intern document mismanagement).
Fixed bug GH-16338 (Null-dereference in ext/dom/node.c).
Fixed bug GH-16473 (dom_import_simplexml stub is wrong).
Fixed bug GH-16533 (Segfault when adding attribute to parent that is not an element).
Fixed bug GH-16535 (UAF when using document as a child).
Fixed bug GH-16593 (Assertion failure in DOM->replaceChild).
Fixed bug GH-16595 (Another UAF in DOM -> cloneNode).
OBS-URL: https://build.opensuse.org/request/show/1225446
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/php8?expand=0&rev=77
- version update to 8.3.11
Core:
Fixed bug GH-15020 (Memory leak in Zend/Optimizer/escape_analysis.c).
Fixed bug GH-15023 (Memory leak in Zend/zend_ini.c).
Fixed bug GH-13330 (Append -Wno-implicit-fallthrough flag conditionally).
Fix uninitialized memory in network.c.
Fixed bug GH-15108 (Segfault when destroying generator during shutdown).
Fixed bug GH-15275 (Crash during GC of suspended generator delegate).
Curl:
Fixed case when curl_error returns an empty string.
DOM:
Fix UAF when removing doctype and using foreach iteration.
FFI:
Fixed bug GH-14286 (ffi enum type (when enum has no name) make memory leak).
Hash:
Fix crash when converting array data for array in shm in xxh3.
Intl:
Fixed bug GH-15087 (IntlChar::foldCase()'s $option is not optional).
Opcache:
Fixed bug GH-13817 (Segmentation fault for enabled observers after pass 4).
Fixed bug GH-13775 (Memory leak possibly related to opcache SHM placement).
Output:
Fixed bug GH-15179 (Segmentation fault (null pointer dereference) in ext/standard/url_scanner_ex.re).
PDO_Firebird:
Fix bogus fallthrough path in firebird_handle_get_attribute().
PHPDBG:
Fixed bug GH-13199 (EOF emits redundant prompt in phpdbg local console mode with libedit/readline).
Fixed bug GH-15268 (heap buffer overflow in phpdbg (zend_hash_num_elements() Zend/zend_hash.h)).
Fixed bug GH-15210 use-after-free on watchpoint allocations.
Soap:
OBS-URL: https://build.opensuse.org/request/show/1197730
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/php8?expand=0&rev=73
- version update to 8.3.9
Core:
Fixed bug GH-14315 (Incompatible pointer type warnings).
Fixed bug GH-12814 (max_execution_time reached too early on MacOS 14 when running on Apple Silicon).
Fixed bug GH-14387 (Crash when stack walking in destructor of yielded from values during Generator->throw()).
Fixed bug GH-14456 (Attempting to initialize class with private constructor calls destructor).
Fixed bug GH-14510 (memleak due to missing pthread_attr_destroy()-call).
Fixed bug GH-14549 (Incompatible function pointer type for fclose).
BCMatch:
Fixed bug (bcpowmod() with mod = -1 returns 1 when it must be 0).
Curl:
Fixed bug GH-14307 (Test curl_basic_024 fails with curl 8.8.0).
DOM:
Fixed bug GH-14343 (Memory leak in xml and dom).
FPM:
Fixed bug GH-14037 (PHP-FPM ping.path and ping.response config vars are ignored in status pool).
GD:
Fix parameter numbers for imagecolorset().
Intl:
Fix reference handling in SpoofChecker.
MySQLnd:
Partially fix bug GH-10599 (Apache crash on Windows when using a self-referencing anonymous function inside a class with an active mysqli connection).
Opcache:
Fixed bug GH-14267 (opcache.jit=off does not allow enabling JIT at runtime).
Fixed TLS access in JIT on FreeBSD/amd64.
Fixed bug GH-11188 (Error when building TSRM in ARM64).
PDO ODBC:
Fixed bug GH-14367 (incompatible SDWORD type with iODBC).
PHPDBG:
Fixed bug GH-13681 (segfault on watchpoint addition failure).
OBS-URL: https://build.opensuse.org/request/show/1186042
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/php8?expand=0&rev=71
- version update to 8.3.8 [bsc#1226073]
CGI:
Fixed buffer limit on Windows, replacing read call usage by _read.
Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection in PHP-CGI). (CVE-2024-4577)
CLI:
Fixed bug GH-14189 (PHP Interactive shell input state incorrectly handles quoted heredoc literals.).
Core:
Fixed bug GH-13970 (Incorrect validation of #[Attribute] flags type for non-compile-time expressions).
DOM:
Fix crashes when entity declaration is removed while still having entity references.
Fix references not handled correctly in C14N.
Fix crash when calling childNodes next() when iterator is exhausted.
Fix crash in ParentNode::append() when dealing with a fragment containing text nodes.
Filter:
Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL). (CVE-2024-5458)
FPM:
Fix bug GH-14175 (Show decimal number instead of scientific notation in systemd status).
Hash:
ext/hash: Swap the checking order of `__has_builtin` and `__GNUC__` (Saki Takamachi)
Intl:
Fixed build regression on systems without C++17 compilers.
MySQLnd:
Fix bug GH-14255 (mysqli_fetch_assoc reports error from nested query).
Opcache:
Fixed bug GH-14109 (Fix accidental persisting of internal class constant in shm).
OpenSSL:
The openssl_private_decrypt function in PHP and Marvin attack.
Standard:
Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874). (CVE-2024-5585)
XML:
OBS-URL: https://build.opensuse.org/request/show/1179157
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/php8?expand=0&rev=68
- version update to 8.3.7
Core:
Fixed zend_call_stack build with Linux/uclibc-ng without thread support.
Fixed bug GH-13772 (Invalid execute_data->opline pointers in observer fcall handlers when JIT is enabled).
Fixed bug GH-13931 (Applying zero offset to null pointer in Zend/zend_opcode.c).
Fixed bug GH-13942 (Align the behavior of zend-max-execution-timers with other timeout implementations).
Fixed bug GH-14003 (Broken cleanup of unfinished calls with callable convert parameters).
Fixed bug GH-14013 (Erroneous dnl appended in configure).
Fixed bug GH-10232 (If autoloading occurs during constant resolution filename and lineno are identified incorrectly).
Fixed bug GH-13727 (Missing void keyword).
Fibers:
Fixed bug GH-13903 (ASAN false positive underflow when executing copy()).
Fileinfo:
Fixed bug GH-13795 (Test failing in ext/fileinfo/tests/bug78987.phpt on big-endian PPC).
FPM:
Fixed bug GH-13563 (Setting bool values via env in FPM config fails).
Intl:
Fixed build for icu 74 and onwards.
MySQLnd:
Fix shift out of bounds on 32-bit non-fast-path platforms.
Opcache:
Fixed bug GH-13433 (Segmentation Fault in zend_class_init_statics when using opcache.preload).
Fixed incorrect assumptions across compilation units for static calls.
OpenSSL:
Fixed bug GH-10495 (feof on OpenSSL stream hangs indefinitely).
PDO SQLite:
Fix GH-13984 (Buffer size is now checked before memcmp).
Fix GH-13998 (Manage refcount of agg_context->val correctly).
Phar:
Fixed bug GH-13836 (Renaming a file in a Phar to an already existing filename causes a NULL pointer dereference).
OBS-URL: https://build.opensuse.org/request/show/1172959
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/php8?expand=0&rev=67
- version update to 8.3.6
Core:
Fixed GH-13569 (GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when scanning WeakMaps).
Fixed bug GH-13612 (Corrupted memory in destructor with weak references).
Fixed bug GH-13446 (Restore exception handler after it finishes).
Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure).
Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor).
DOM:
Add some missing ZPP checks.
Fix potential memory leak in XPath evaluation results.
FPM:
Fixed GH-11086 (FPM: config test runs twice in daemonised mode).
Fix incorrect check in fpm_shm_free().
GD:
Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests).
Gettext:
Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL.
MySQLnd:
Fix GH-13452 (Fixed handshake response [mysqlnd]).
Fix incorrect charset length in check_mb_eucjpms().
Opcache:
Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null).
Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded).
Random:
Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes).
Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used).
Session:
Fixed bug GH-13680 (Segfault with session_decode and compilation error).
SPL:
Fixed bug GH-13685 (Unexpected null pointer in zend_string.h).
OBS-URL: https://build.opensuse.org/request/show/1167767
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/php8?expand=0&rev=66
- version update to 8.3.4
- version update to 8.3.3
* A bugfix release.
- version update to 8.3.2
- version update to 8.3.1
https://www.php.net/ChangeLog-8.php#8.3.1
- version update to 8.3.0
* https://www.php.net/releases/8.3/en.php
* Typed class constants
* Dynamic class constant fetch
* New #[\Override] attribute
* Deep-cloning of readonly properties
* New json_validate() function
* New Randomizer::getBytesFromString() method
* New Randomizer::getFloat() and Randomizer::nextFloat() methods
* New DOMElement::getAttributeNames(),
DOMElement::insertAdjacentElement(),
DOMElement::insertAdjacentText(),
DOMElement::toggleAttribute(),
DOMNode::contains(), DOMNode::getRootNode(),
DOMNode::isEqualNode(), DOMNameSpaceNode::contains(), and
DOMParentNode::replaceChildren() methods.
* New IntlCalendar::setDate(),
IntlCalendar::setDateTime(),
IntlGregorianCalendar::createFromDate(), and
IntlGregorianCalendar::createFromDateTime() methods.
* New ldap_connect_wallet(), and ldap_exop_sync() functions.
* New mb_str_pad() function.
* New posix_sysconf(), posix_pathconf(), posix_fpathconf(),
OBS-URL: https://build.opensuse.org/request/show/1164955
OBS-URL: https://build.opensuse.org/package/show/devel:languages:php/php8?expand=0&rev=151
