- version update to 8.4.16
Core:
Sync all boost.context files with release 1.86.0.
Fixed bug GH-20435 (SensitiveParameter doesn't work for named argument passing to variadic parameter).
Fixed bug GH-20286 (use-after-destroy during userland stream_close()).
Bz2:
Fix assertion failures resulting in crashes with stream filter object parameters.
Date:
Fix crashes when trying to instantiate uninstantiable classes via date static constructors.
DOM:
Fix memory leak when edge case is hit when registering xpath callback.
Fixed bug GH-20395 (querySelector and querySelectorAll requires elements in $selectors to be lowercase).
Fix missing NUL byte check on C14NFile().
Fibers:
Fixed bug GH-20483 (ASAN stack overflow with fiber.stack_size INI small value).
FTP:
Fixed bug GH-20601 (ftp_connect overflow on timeout).
GD:
Fixed bug GH-20511 (imagegammacorrect out of range input/output values).
Fixed bug GH-20602 (imagescale overflow with large height values).
Intl:
Fixed bug GH-20426 (Spoofchecker::setRestrictionLevel() error message suggests missing constants).
LibXML:
Fix some deprecations on newer libxml versions regarding input buffer/parser handling.
MbString:
Fixed bug GH-20491 (SLES15 compile error with mbstring oniguruma).
Fixed bug GH-20492 (mbstring compile warning due to non-strings).
MySQLnd:
Fixed bug GH-20528 (Regression breaks mysql connexion using an IPv6 address enclosed in square brackets).
Opcache:
OBS-URL: https://build.opensuse.org/request/show/1323606
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/php8?expand=0&rev=97
- main package require wwwrun:www user as it assumes it in filelist
[bsc#1255043]
- version update to 8.4.15
Core:
Fixed bug GH-19934 (CGI with auto_globals_jit=0 causes uouv).
Fixed bug GH-20073 (Assertion failure in WeakMap offset operations on reference).
Fixed bug GH-20085 (Assertion failure when combining lazy object get_properties exception with foreach loop).
Fixed bug GH-19844 (Don't bail when closing resources on shutdown).
Fixed bug GH-20177 (Accessing overridden private property in get_object_vars() triggers assertion error).
Fixed bug GH-20270 (Broken parent hook call with named arguments).
Fixed bug GH-20183 (Stale EG(opline_before_exception) pointer through eval).
DOM:
Partially fixed bug GH-16317 (DOM classes do not allow __debugInfo() overrides to work).
Fixed bug GH-20281 (\Dom\Document::getElementById() is inconsistent after nodes are removed).
Exif:
Fix possible memory leak when tag is empty.
FPM:
Fixed bug GH-19974 (fpm_status_export_to_zval segfault for parallel execution).
FTP:
Fixed bug GH-20240 (FTP with SSL: ftp_fput(): Connection timed out on successful writes).
GD:
Fixed bug GH-20070 (Return type violation in imagefilter when an invalid filter is provided).
Intl:
Fix memory leak on error in locale_filter_matches().
LibXML:
Fix not thread safe schema/relaxng calls.
MySQLnd:
Fixed bug GH-8978 (SSL certificate verification fails (port doubled)).
Fixed bug GH-20122 (getColumnMeta() for JSON-column in MySQL).
OBS-URL: https://build.opensuse.org/request/show/1323502
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/php8?expand=0&rev=96
- version update to 8.4.14
Core:
Fixed bug GH-19765 (object_properties_load() bypasses readonly property checks).
Fixed hard_timeout with --enable-zend-max-execution-timers.
Fixed bug GH-19792 (SCCP causes UAF for return value if both warning and exception are triggered).
Fixed bug GH-19653 (Closure named argument unpacking between temporary closures can cause a crash).
Fixed bug GH-19839 (Incorrect HASH_FLAG_HAS_EMPTY_IND flag on userland array).
Fixed bug GH-19480 (error_log php.ini cannot be unset when open_basedir is configured).
Fixed bug GH-20002 (Broken build on *BSD with MSAN).
CLI:
Fix useless "Failed to poll event" error logs due to EAGAIN in CLI server with PHP_CLI_SERVER_WORKERS.
Curl:
Fix cloning of CURLOPT_POSTFIELDS when using the clone operator instead of the curl_copy_handle() function to clone a CurlHandle.
Fix curl build and test failures with version 8.16.
Date:
Fixed GH-17159: "P" format for ::createFromFormat swallows string literals.
DOM:
Fix macro name clash on macOS.
Fixed bug GH-20022 (docker-php-ext-install DOM failed).
GD:
Fixed GH-19955 (imagefttext() memory leak).
MySQLnd:
Fixed bug #67563 (mysqli compiled with mysqlnd does not take ipv6 adress as parameter).
Opcache:
Fixed bug GH-19669 (assertion failure in zend_jit_trace_type_to_info_ex).
Fixed bug GH-19831 (function JIT may not deref property value).
Fixed bug GH-19889 (race condition in zend_runtime_jit(), zend_jit_hot_func()).
Phar:
Fix memory leak and invalid continuation after tar header writing fails.
Fix memory leaks when creating temp file fails when applying zip signature.
SimpleXML:
Fixed bug GH-19988 (zend_string_init with NULL pointer in simplexml (UB)).
Soap:
Fixed bug GH-19784 (SoapServer memory leak).
Fixed bug GH-20011 (Array of SoapVar of unknown type causes crash).
Standard:
Fixed bug GH-12265 (Cloning an object breaks serialization recursion).
Fixed bug GH-19701 (Serialize/deserialize loses some data).
Fixed bug GH-19801 (leaks in var_dump() and debug_zval_dump()).
Fixed bug GH-20043 (array_unique assertion failure with RC1 array causing an exception on sort).
Fixed bug GH-19926 (reset internal pointer earlier while splicing array while COW violation flag is still set).
Fixed bug GH-19570 (unable to fseek in /dev/zero and /dev/null).
Streams:
Fixed bug GH-19248 (Use strerror_r instead of strerror in main).
Fixed bug GH-17345 (Bug #35916 was not completely fixed).
Fixed bug GH-19705 (segmentation when attempting to flush on non seekable stream.
XMLReader:
Fixed bug GH-20009 (XMLReader leak on RelaxNG schema failure).
Zip:
Fixed bug GH-19688 (Remove pattern overflow in zip addGlob()).
Fixed bug GH-19932 (Memory leak in zip setEncryptionName()/setEncryptionIndex()). (forwarded request 1313254 from adkorte)
OBS-URL: https://build.opensuse.org/request/show/1313343
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/php8?expand=0&rev=95
- version update to 8.4.14
Core:
Fixed bug GH-19765 (object_properties_load() bypasses readonly property checks).
Fixed hard_timeout with --enable-zend-max-execution-timers.
Fixed bug GH-19792 (SCCP causes UAF for return value if both warning and exception are triggered).
Fixed bug GH-19653 (Closure named argument unpacking between temporary closures can cause a crash).
Fixed bug GH-19839 (Incorrect HASH_FLAG_HAS_EMPTY_IND flag on userland array).
Fixed bug GH-19480 (error_log php.ini cannot be unset when open_basedir is configured).
Fixed bug GH-20002 (Broken build on *BSD with MSAN).
CLI:
Fix useless "Failed to poll event" error logs due to EAGAIN in CLI server with PHP_CLI_SERVER_WORKERS.
Curl:
Fix cloning of CURLOPT_POSTFIELDS when using the clone operator instead of the curl_copy_handle() function to clone a CurlHandle.
Fix curl build and test failures with version 8.16.
Date:
Fixed GH-17159: "P" format for ::createFromFormat swallows string literals.
DOM:
Fix macro name clash on macOS.
Fixed bug GH-20022 (docker-php-ext-install DOM failed).
GD:
Fixed GH-19955 (imagefttext() memory leak).
MySQLnd:
Fixed bug #67563 (mysqli compiled with mysqlnd does not take ipv6 adress as parameter).
Opcache:
Fixed bug GH-19669 (assertion failure in zend_jit_trace_type_to_info_ex).
Fixed bug GH-19831 (function JIT may not deref property value).
Fixed bug GH-19889 (race condition in zend_runtime_jit(), zend_jit_hot_func()).
Phar:
Fix memory leak and invalid continuation after tar header writing fails.
Fix memory leaks when creating temp file fails when applying zip signature.
SimpleXML:
Fixed bug GH-19988 (zend_string_init with NULL pointer in simplexml (UB)).
Soap:
Fixed bug GH-19784 (SoapServer memory leak).
Fixed bug GH-20011 (Array of SoapVar of unknown type causes crash).
Standard:
Fixed bug GH-12265 (Cloning an object breaks serialization recursion).
Fixed bug GH-19701 (Serialize/deserialize loses some data).
Fixed bug GH-19801 (leaks in var_dump() and debug_zval_dump()).
Fixed bug GH-20043 (array_unique assertion failure with RC1 array causing an exception on sort).
Fixed bug GH-19926 (reset internal pointer earlier while splicing array while COW violation flag is still set).
Fixed bug GH-19570 (unable to fseek in /dev/zero and /dev/null).
Streams:
Fixed bug GH-19248 (Use strerror_r instead of strerror in main).
Fixed bug GH-17345 (Bug #35916 was not completely fixed).
Fixed bug GH-19705 (segmentation when attempting to flush on non seekable stream.
XMLReader:
Fixed bug GH-20009 (XMLReader leak on RelaxNG schema failure).
Zip:
Fixed bug GH-19688 (Remove pattern overflow in zip addGlob()).
Fixed bug GH-19932 (Memory leak in zip setEncryptionName()/setEncryptionIndex()).
OBS-URL: https://build.opensuse.org/request/show/1313254
OBS-URL: https://build.opensuse.org/package/show/devel:languages:php/php8?expand=0&rev=223
- version update to 8.4.12
Core:
Fixed GH-19169 build issue with C++17 and ZEND_STATIC_ASSERT macro.
Fixed bug GH-19053 (Duplicate property slot with hooks and interface property).
Fixed bug GH-19044 (Protected properties are not scoped according to their prototype).
Fixed bug GH-18581 (Coerce numeric string keys from iterators when argument unpacking).
Fixed OSS-Fuzz #434346548 (Failed assertion with throwing __toString in binary const expr).
Fixed bug GH-19305 (Operands may be being released during comparison).
Fixed bug GH-19303 (Unpacking empty packed array into uninitialized array causes assertion failure).
Fixed bug GH-19306 (Generator can be resumed while fetching next value from delegated Generator).
Fixed bug GH-19326 (Calling Generator::throw() on a running generator with a non-Generator delegate crashes).
Fixed bug GH-19280 (Stale array iterator position on rehashing).
Fixed bug GH-18736 (Circumvented type check with return by ref + finally).
Fixed bug GH-19065 (Long match statement can segfault compiler during recursive SSA renaming).
Calendar:
Fixed bug GH-19371 (integer overflow in calendar.c).
FTP:
Fix theoretical issues with hrtime() not being available.
GD:
Fix incorrect comparison with result of php_stream_can_cast().
Hash:
Fix crash on clone failure.
Intl:
Fix memleak on failure in collator_get_sort_key().
Fix return value on failure for resourcebundle count handler.
LDAP:
Fixed bug GH-18529 (additional inheriting of TLS int options).
LibXML:
Fixed bug GH-19098 (libxml<2.13 segmentation fault caused by php_libxml_node_free).
MbString:
OBS-URL: https://build.opensuse.org/request/show/1301824
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/php8?expand=0&rev=93
Calendar:
Fixed jewishtojd overflow on year argument.
Core:
Fixed bug GH-18833 (Use after free with weakmaps dependent on destruction order).
Fixed bug GH-18907 (Leak when creating cycle in hook).
Fix OSS-Fuzz #427814456.
Fix OSS-Fuzz #428983568 and #428760800.
Fixed bug GH-17204 (-Wuseless-escape warnings emitted by re2c).
Fixed bug GH-19064 (Undefined symbol 'execute_ex' on Windows ARM64).
Curl:
Fix memory leaks when returning refcounted value from curl callback.
Remove incorrect string release.
DOM:
Fixed bug GH-18979 (Dom\XMLDocument::createComment() triggers undefined behavior with null byte).
LDAP:
Fixed GH-18902 ldap_exop/ldap_exop_sync assert triggered on empty request OID.
MbString:
Fixed bug GH-18901 (integer overflow mb_split).
Opcache:
Fixed bug GH-18639 (Internal class aliases can break preloading + JIT).
Fixed bug GH-18899 (JIT function crash when emitting undefined variable warning and opline is not set yet).
Fixed bug GH-14082 (Segmentation fault on unknown address 0x600000000018 in ext/opcache/jit/zend_jit.c).
Fixed bug GH-18898 (SEGV zend_jit_op_array_hot with property hooks and preloading).
OpenSSL:
Fixed bug #80770 (It is not possible to get client peer certificate with stream_socket_server).
PCNTL:
Fixed bug GH-18958 (Fatal error during shutdown after pcntl_rfork() or pcntl_forkx() with zend-max-execution-timers).
Phar:
Fix stream double free in phar.
Fix phar crash and file corruption with SplFileObject.
SOAP:
Fixed bug GH-18990, bug #81029, bug #47314 (SOAP HTTP socket not closing on object destruction).
Fix memory leak when URL parsing fails in redirect.
SPL:
Fixed bug GH-19094 (Attaching class with no Iterator implementation to MultipleIterator causes crash).
Standard:
Fix misleading errors in printf().
Fix RCN violations in array functions.
Fixed GH-18976 pack() overflow with h/H format and INT_MAX repeater value.
Streams:
Fixed GH-13264 (fgets() and stream_get_line() do not return false on filter fatal error).
Zip:
Fix leak when path is too long in ZipArchive::extractTo().
OBS-URL: https://build.opensuse.org/package/show/devel:languages:php/php8?expand=0&rev=217
- version update to 8.4.10 [bsc#1246146][bsc#1246148][bsc#1246167]
BcMath:
Fixed bug GH-18641 (Accessing a BcMath\Number property by ref crashes).
Core:
Fixed bugs GH-17711 and GH-18022 (Infinite recursion on deprecated attribute evaluation) and GH-18464 (Recursion protection for deprecation constants not released on bailout).
Fixed GH-18695 (zend_ast_export() - float number is not preserved).
Fix handling of references in zval_try_get_long().
Do not delete main chunk in zend_gc.
Fix compile issues with zend_alloc and some non-default options.
Curl:
Fix memory leak when setting a list via curl_setopt fails.
Date:
Fix leaks with multiple calls to DatePeriod iterator current().
DOM:
Fixed bug GH-18744 (classList works not correctly if copy HTMLElement by clone keyword).
FPM:
Fixed GH-18662 (fpm_get_status segfault).
Hash:
Fixed bug GH-14551 (PGO build fails with xxhash).
Intl:
Fix memory leak in intl_datetime_decompose() on failure.
Fix memory leak in locale lookup on failure.
Opcache:
Fixed bug GH-18743 (Incompatibility in Inline TLS Assembly on Alpine 3.22).
ODBC:
Fix memory leak on php_odbc_fetch_hash() failure.
OpenSSL:
Fix memory leak of X509_STORE in php_openssl_setup_verify() on failure.
Fixed bug #74796 (Requests through http proxy set peer name).
PGSQL:
OBS-URL: https://build.opensuse.org/request/show/1291490
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/php8?expand=0&rev=91
- version update to 8.4.8
Core:
Fixed GH-18480 (array_splice with large values for offset/length arguments).
Partially fixed GH-18572 (nested object comparisons leading to stack overflow).
Fixed OSS-Fuzz #417078295.
Fixed OSS-Fuzz #418106144.
Curl:
Fixed GH-18460 (curl_easy_setopt with CURLOPT_USERPWD/CURLOPT_USERNAME/ CURLOPT_PASSWORD set the Authorization header when set to NULL).
Date:
Fixed bug GH-18076 (Since PHP 8, the date_sun_info() function returns inaccurate sunrise and sunset times, but other calculated times are correct) (JiriJozif).
Fixed bug GH-18481 (date_sunrise with unexpected nan value for the offset).
DOM:
Backport lexbor/lexbor#274.
Intl:
Fix various reference issues.
LDAP:
Fixed bug GH-18529 (ldap no longer respects TLS_CACERT from ldaprc in ldap_start_tls()).
Opcache:
Fixed bug GH-18417 (Windows SHM reattachment fails when increasing memory_consumption or jit_buffer_size).
Fixed bug GH-18297 (Exception not handled when jit guard is triggered).
Fixed bug GH-18408 (Snapshotted poly_func / poly_this may be spilled).
Fixed bug GH-18567 (Preloading with internal class alias triggers assertion failure).
Fixed bug GH-18534 (FPM exit code 70 with enabled opcache and hooked properties in traits).
Fix leak of accel_globals->key.
OpenSSL:
Fix missing checks against php_set_blocking() in xp_ssl.c.
SPL:
Fixed bug GH-18421 (Integer overflow with large numbers in LimitIterator).
Standard:
Fixed bug GH-17403 (Potential deadlock when putenv fails).
OBS-URL: https://build.opensuse.org/request/show/1283579
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/php8?expand=0&rev=90
- version update to 8.4.7
Core:
Fixed bug GH-18038 (Lazy proxy calls magic methods twice).
Fixed bug GH-18209 (Use-after-free in extract() with EXTR_REFS).
Fixed bug GH-18268 (Segfault in array_walk() on object with added property hooks).
Fixed bug GH-18304 (Changing the properties of a DateInterval through dynamic properties triggers a SegFault).
Fix some leaks in php_scandir.
DBA:
FIxed bug GH-18247 dba_popen() memory leak on invalid path.
Filter:
Fixed bug GH-18309 (ipv6 filter integer overflow).
GD:
Fixed imagecrop() overflow with rect argument with x/width y/heigh usage in gdImageCrop().
Fixed GH-18243 imagettftext() overflow/underflow on font size value.
Intl:
Fix reference support for intltz_get_offset().
LDAP:
Fixed bug GH-17776 (LDAP_OPT_X_TLS_* options can't be overridden).
Fix NULL deref on high modification key.
libxml:
Fixed custom external entity loader returning an invalid resource leading to a confusing TypeError message.
Opcache:
Fixed bug GH-18294 (assertion failure zend_jit_ir.c).
Fixed bug GH-18289 (Fix segfault in JIT).
Fixed bug GH-18136 (tracing JIT floating point register clobbering on Windows and ARM64).
OpenSSL:
Fix memory leak in openssl_sign() when passing invalid algorithm.
Fix potential leaks when writing to BIO fails.
PDO Firebird:
Fixed bug GH-18276 (persistent connection - "zend_mm_heap corrupted" with setAttribute())
Fixed bug GH-17383 (PDOException has wrong code and message since PHP 8.4)
PDO Sqlite:
Fix memory leak on error return of collation callback.
PgSql:
Fix uouv in pg_put_copy_end().
SPL:
Fixed bug GH-18322 (SplObjectStorage debug handler mismanages memory).
Standard:
Fixed bug GH-18145 (php8ts crashes in php_clear_stat_cache()).
Fix resource leak in iptcembed() on error.
Tests:
Address deprecated PHP 8.4 session options to prevent test failures.
Zip:
Fix uouv when handling empty options in ZipArchive::addGlob().
Fix memory leak when handling a too long path in ZipArchive::addGlob(). (forwarded request 1276314 from adkorte)
OBS-URL: https://build.opensuse.org/request/show/1276711
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/php8?expand=0&rev=89
Core:
Fixed bug GH-18038 (Lazy proxy calls magic methods twice).
Fixed bug GH-18209 (Use-after-free in extract() with EXTR_REFS).
Fixed bug GH-18268 (Segfault in array_walk() on object with added property hooks).
Fixed bug GH-18304 (Changing the properties of a DateInterval through dynamic properties triggers a SegFault).
Fix some leaks in php_scandir.
DBA:
FIxed bug GH-18247 dba_popen() memory leak on invalid path.
Filter:
Fixed bug GH-18309 (ipv6 filter integer overflow).
GD:
Fixed imagecrop() overflow with rect argument with x/width y/heigh usage in gdImageCrop().
Fixed GH-18243 imagettftext() overflow/underflow on font size value.
Intl:
Fix reference support for intltz_get_offset().
LDAP:
Fixed bug GH-17776 (LDAP_OPT_X_TLS_* options can't be overridden).
Fix NULL deref on high modification key.
libxml:
Fixed custom external entity loader returning an invalid resource leading to a confusing TypeError message.
Opcache:
Fixed bug GH-18294 (assertion failure zend_jit_ir.c).
Fixed bug GH-18289 (Fix segfault in JIT).
Fixed bug GH-18136 (tracing JIT floating point register clobbering on Windows and ARM64).
OpenSSL:
Fix memory leak in openssl_sign() when passing invalid algorithm.
Fix potential leaks when writing to BIO fails.
PDO Firebird:
Fixed bug GH-18276 (persistent connection - "zend_mm_heap corrupted" with setAttribute())
Fixed bug GH-17383 (PDOException has wrong code and message since PHP 8.4)
PDO Sqlite:
Fix memory leak on error return of collation callback.
PgSql:
Fix uouv in pg_put_copy_end().
SPL:
Fixed bug GH-18322 (SplObjectStorage debug handler mismanages memory).
Standard:
Fixed bug GH-18145 (php8ts crashes in php_clear_stat_cache()).
Fix resource leak in iptcembed() on error.
Tests:
Address deprecated PHP 8.4 session options to prevent test failures.
Zip:
Fix uouv when handling empty options in ZipArchive::addGlob().
Fix memory leak when handling a too long path in ZipArchive::addGlob().
OBS-URL: https://build.opensuse.org/package/show/devel:languages:php/php8?expand=0&rev=210
BCMath:
Fixed pointer subtraction for scale.
Core:
Fixed property hook backing value access in multi-level inheritance.
Fixed accidentally inherited default value in overridden virtual properties.
Fixed bug GH-17376 (Broken JIT polymorphism for property hooks added to child class).
Fixed bug GH-17913 (ReflectionFunction::isDeprecated() returns incorrect results for closures created from magic __call()).
Fixed bug GH-17941 (Stack-use-after-return with lazy objects and hooks).
Fixed bug GH-17988 (Incorrect handling of hooked props without get hook in get_object_vars()).
Fixed bug GH-17998 (Skipped lazy object initialization on primed SIMPLE_WRITE cache).
Fixed bug GH-17998 (Assignment to backing value in set hook of lazy proxy calls hook again).
Fixed bug GH-17961 (use-after-free during dl()'ed module class destruction).
Fixed bug GH-15367 (dl() of module with aliased class crashes in shutdown).
Fixed OSS-Fuzz #403308724.
Fixed bug GH-13193 again (Significant performance degradation in 'foreach').
DBA:
Fixed assertion violation when opening the same file with dba_open multiple times.
DOM:
Fixed bug GH-17991 (Assertion failure dom_attr_value_write).
Fix weird unpack behaviour in DOM.
Fixed bug GH-18090 (DOM: Svg attributes and tag names are being lowercased).
Fix xinclude destruction of live attributes.
Fuzzer:
Fixed bug GH-18081 (Memory leaks in error paths of fuzzer SAPI).
GD:
Fixed bug GH-17984 (calls with arguments as array with references).
LDAP:
Fixed bug GH-18015 (Error messages for ldap_mod_replace are confusing).
Mbstring:
Fixed bug GH-17989 (mb_output_handler crash with unset http_output_conv_mimetypes).
Opcache:
Fixed bug GH-15834 (Segfault with hook "simple get" cache slot and minimal JIT).
Fixed bug GH-17966 (Symfony JIT 1205 assertion failure).
Fixed bug GH-18037 (SEGV Zend/zend_execute.c).
Fixed bug GH-18050 (IN_ARRAY optimization in DFA pass is broken).
Fixed bug GH-18113 (stack-buffer-overflow ext/opcache/jit/ir/ir_sccp.c).
Fixed bug GH-18112 (NULL access with preloading and INI option).
Fixed bug GH-18107 (Opcache CFG jmp optimization with try-finally breaks the exception table).
PDO:
Fix memory leak when destroying PDORow.
Standard:
Fix memory leaks in array_any() / array_all().
SOAP:
Fixed bug #66049 (Typemap can break parsing in parse_packet_soap leading to a segfault) .
SPL:
Fixed bug GH-18018 (RC1 data returned from offsetGet causes UAF in ArrayObject).
Treewide:
Fixed bug GH-17736 (Assertion failure zend_reference_destroy()).
Windows:
Fixed bug GH-17836 (zend_vm_gen.php shouldn't break on Windows line endings).
OBS-URL: https://build.opensuse.org/package/show/devel:languages:php/php8?expand=0&rev=208
- version update to 8.4.5
BCMath:
Fixed bug GH-17398 (bcmul memory leak).
Core:
Fixed bug GH-17623 (Broken stack overflow detection for variable compilation).
Fixed bug GH-17618 (UnhandledMatchError does not take zend.exception_ignore_args=1 into account).
Fix fallback paths in fast_long_{add,sub}_function.
Fixed bug OSS-Fuzz #391975641 (Crash when accessing property backing value by reference).
Fixed bug GH-17718 (Calling static methods on an interface that has `__callStatic` is allowed).
Fixed bug GH-17713 (ReflectionProperty::getRawValue() and related methods may call hooks of overridden properties).
Fixed bug GH-17916 (Final abstract properties should error).
Fixed bug GH-17866 (zend_mm_heap corrupted error after upgrading from 8.4.3 to 8.4.4).
Fixed GHSA-rwp7-7vc6-8477 (Reference counting in php_request_shutdown causes Use-After-Free). (CVE-2024-11235)
DOM:
Fixed bug GH-17609 (Typo in error message: Dom\NO_DEFAULT_NS instead of Dom\HTML_NO_DEFAULT_NS).
Fixed bug GH-17802 (\Dom\HTMLDocument querySelector attribute name is case sensitive in HTML).
Fixed bug GH-17847 (xinclude destroys live node).
Fix using Dom\Node with Dom\XPath callbacks.
GD:
Fixed bug GH-17703 (imagescale with both width and height negative values triggers only an Exception on width).
Fixed bug GH-17772 (imagepalettetotruecolor crash with memory_limit=2M).
FFI:
Fix FFI Parsing of Pointer Declaration Lists.
FPM:
Fixed bug GH-17643 (FPM with httpd ProxyPass encoded PATH_INFO env).
LDAP:
Fixed bug GH-17704 (ldap_search fails when $attributes contains a non-packed array with numerical keys).
LibXML:
Fixed GHSA-wg4p-4hqh-c3g9 (Reocurrence of #72714).
Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong `content-type` header when requesting a redirected resource). (CVE-2025-1219)
OBS-URL: https://build.opensuse.org/request/show/1267591
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/php8?expand=0&rev=87
- version update to 8.3.17
Core:
Fixed bug GH-16892 (ini_parse_quantity() fails to parse inputs starting with 0x0b).
Fixed bug GH-16886 (ini_parse_quantity() fails to emit warning for 0x+0).
Fixed bug GH-17214 (Relax final+private warning for trait methods with inherited final).
Fixed NULL arithmetic during system program execution on Windows.
Fixed potential OOB when checking for trailing spaces on Windows.
Fixed bug GH-17408 (Assertion failure Zend/zend_exceptions.c).
Fix may_have_extra_named_args flag for ZEND_AST_UNPACK.
Fix NULL arithmetic in System V shared memory emulation for Windows.
DOM:
Fixed bug GH-17500 (Segfault with requesting nodeName on nameless doctype).
Enchant:
Fix crashes in enchant when passing null bytes.
FTP:
Fixed bug GH-16800 (ftp functions can abort with EINTR).
GD:
Fixed bug GH-17349 (Tiled truecolor filling looses single color transparency).
Fixed bug GH-17373 (imagefttext() ignores clipping rect for palette images).
Ported fix for libgd 223 (gdImageRotateGeneric() does not properly interpolate).
Intl:
Fixed bug GH-11874 (intl causing segfault in docker images).
Fixed bug GH-17469 (UConverter::transcode always emit E_WARNING on invalid encoding).
Opcache:
Fixed bug GH-17307 (Internal closure causes JIT failure).
Fixed bug GH-17564 (Potential UB when reading from / writing to struct padding).
PDO:
Fixed a memory leak when the GC is used to free a PDOStatment.
Fixed a crash in the PDO Firebird Statement destructor.
Fixed UAFs when changing default fetch class ctor args.
OBS-URL: https://build.opensuse.org/request/show/1245821
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/php8?expand=0&rev=83
- version update to 8.3.16
Core:
Fixed bug GH-17106 (ZEND_MATCH_ERROR misoptimization).
Fixed bug GH-17162 (zend_array_try_init() with dtor can cause engine UAF).
Fixed bug GH-17101 (AST->string does not reproduce constructor property promotion correctly).
Fixed bug GH-17211 (observer segfault on function loaded with dl()).
Fixed bug GH-17216 (Trampoline crash on error).
Date:
Fixed bug GH-14709 DatePeriod::__construct() overflow on recurrences.
DBA:
Skip test if inifile is disabled.
DOM:
Fixed bug GH-17224 (UAF in importNode).
Embed:
Make build command for program using embed portable.
FFI:
Fixed bug #79075 (FFI header parser chokes on comments).
Fix memory leak on ZEND_FFI_TYPE_CHAR conversion failure.
Fixed bug GH-16013 and bug #80857 (Big endian issues).
Filter:
Fixed bug GH-16944 (Fix filtering special IPv4 and IPv6 ranges, by using information from RFC 6890).
FPM:
Fixed bug GH-13437 (FPM: ERROR: scoreboard: failed to lock (already locked)).
Fixed bug GH-17112 (Macro redefinitions).
Fixed bug GH-17208 (bug64539-status-json-encoding.phpt fail on 32-bits).
GD:
Fixed bug GH-16255 (Unexpected nan value in ext/gd/libgd/gd_filter.c).
Ported fix for libgd bug 276 (Sometimes pixels are missing when storing images as BMPs).
Gettext:
Fixed bug GH-17202 (Segmentation fault ext/gettext/gettext.c bindtextdomain()).
OBS-URL: https://build.opensuse.org/request/show/1238427
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/php8?expand=0&rev=81
- version update to 8.3.15
Calendar:
Fixed jdtogregorian overflow.
Fixed cal_to_jd julian_days argument overflow.
COM:
Fixed bug GH-16991 (Getting typeinfo of non DISPATCH variant segfaults).
Core:
Fail early in *nix configuration build script.
Fixed bug GH-16727 (Opcache bad signal 139 crash in ZTS bookworm (frankenphp)).
Fixed bug GH-16799 (Assertion failure at Zend/zend_vm_execute.h:7469).
Fixed bug GH-16630 (UAF in lexer with encoding translation and heredocs).
Fix is_zend_ptr() huge block comparison.
Fixed potential OOB read in zend_dirname() on Windows.
Curl:
Fixed bug GH-16802 (open_basedir bypass using curl extension).
Fix various memory leaks in curl mime handling.
DOM:
Fixed bug GH-16777 (Calling the constructor again on a DOM object after it is in a document causes UAF).
Fixed bug GH-16906 (Reloading document can cause UAF in iterator).
FPM:
Fixed GH-16432 (PHP-FPM 8.2 SIGSEGV in fpm_get_status).
GD:
Fixed GH-16776 (imagecreatefromstring overflow).
GMP:
Fixed bug GH-16890 (array_sum() with GMP can loose precision (LLP64)).
Hash:
Fixed GH-16711: Segfault in mhash().
Opcache:
Fixed bug GH-16770 (Tracing JIT type mismatch when returning UNDEF).
Fixed bug GH-16851 (JIT_G(enabled) not set correctly on other threads).
OBS-URL: https://build.opensuse.org/request/show/1232801
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/php8?expand=0&rev=79
