- version update to 8.4.14
Core:
Fixed bug GH-19765 (object_properties_load() bypasses readonly property checks).
Fixed hard_timeout with --enable-zend-max-execution-timers.
Fixed bug GH-19792 (SCCP causes UAF for return value if both warning and exception are triggered).
Fixed bug GH-19653 (Closure named argument unpacking between temporary closures can cause a crash).
Fixed bug GH-19839 (Incorrect HASH_FLAG_HAS_EMPTY_IND flag on userland array).
Fixed bug GH-19480 (error_log php.ini cannot be unset when open_basedir is configured).
Fixed bug GH-20002 (Broken build on *BSD with MSAN).
CLI:
Fix useless "Failed to poll event" error logs due to EAGAIN in CLI server with PHP_CLI_SERVER_WORKERS.
Curl:
Fix cloning of CURLOPT_POSTFIELDS when using the clone operator instead of the curl_copy_handle() function to clone a CurlHandle.
Fix curl build and test failures with version 8.16.
Date:
Fixed GH-17159: "P" format for ::createFromFormat swallows string literals.
DOM:
Fix macro name clash on macOS.
Fixed bug GH-20022 (docker-php-ext-install DOM failed).
GD:
Fixed GH-19955 (imagefttext() memory leak).
MySQLnd:
Fixed bug #67563 (mysqli compiled with mysqlnd does not take ipv6 adress as parameter).
Opcache:
Fixed bug GH-19669 (assertion failure in zend_jit_trace_type_to_info_ex).
Fixed bug GH-19831 (function JIT may not deref property value).
Fixed bug GH-19889 (race condition in zend_runtime_jit(), zend_jit_hot_func()).
Phar:
Fix memory leak and invalid continuation after tar header writing fails.
Fix memory leaks when creating temp file fails when applying zip signature.
SimpleXML:
Fixed bug GH-19988 (zend_string_init with NULL pointer in simplexml (UB)).
Soap:
Fixed bug GH-19784 (SoapServer memory leak).
Fixed bug GH-20011 (Array of SoapVar of unknown type causes crash).
Standard:
Fixed bug GH-12265 (Cloning an object breaks serialization recursion).
Fixed bug GH-19701 (Serialize/deserialize loses some data).
Fixed bug GH-19801 (leaks in var_dump() and debug_zval_dump()).
Fixed bug GH-20043 (array_unique assertion failure with RC1 array causing an exception on sort).
Fixed bug GH-19926 (reset internal pointer earlier while splicing array while COW violation flag is still set).
Fixed bug GH-19570 (unable to fseek in /dev/zero and /dev/null).
Streams:
Fixed bug GH-19248 (Use strerror_r instead of strerror in main).
Fixed bug GH-17345 (Bug #35916 was not completely fixed).
Fixed bug GH-19705 (segmentation when attempting to flush on non seekable stream.
XMLReader:
Fixed bug GH-20009 (XMLReader leak on RelaxNG schema failure).
Zip:
Fixed bug GH-19688 (Remove pattern overflow in zip addGlob()).
Fixed bug GH-19932 (Memory leak in zip setEncryptionName()/setEncryptionIndex()).
OBS-URL: https://build.opensuse.org/request/show/1313254
OBS-URL: https://build.opensuse.org/package/show/devel:languages:php/php8?expand=0&rev=223
- version update to 8.4.11
Calendar:
Fixed jewishtojd overflow on year argument.
Core:
Fixed bug GH-18833 (Use after free with weakmaps dependent on destruction order).
Fixed bug GH-18907 (Leak when creating cycle in hook).
Fix OSS-Fuzz #427814456.
Fix OSS-Fuzz #428983568 and #428760800.
Fixed bug GH-17204 (-Wuseless-escape warnings emitted by re2c).
Fixed bug GH-19064 (Undefined symbol 'execute_ex' on Windows ARM64).
Curl:
Fix memory leaks when returning refcounted value from curl callback.
Remove incorrect string release.
DOM:
Fixed bug GH-18979 (Dom\XMLDocument::createComment() triggers undefined behavior with null byte).
LDAP:
Fixed GH-18902 ldap_exop/ldap_exop_sync assert triggered on empty request OID.
MbString:
Fixed bug GH-18901 (integer overflow mb_split).
Opcache:
Fixed bug GH-18639 (Internal class aliases can break preloading + JIT).
Fixed bug GH-18899 (JIT function crash when emitting undefined variable warning and opline is not set yet).
Fixed bug GH-14082 (Segmentation fault on unknown address 0x600000000018 in ext/opcache/jit/zend_jit.c).
Fixed bug GH-18898 (SEGV zend_jit_op_array_hot with property hooks and preloading).
OpenSSL:
Fixed bug #80770 (It is not possible to get client peer certificate with stream_socket_server).
PCNTL:
Fixed bug GH-18958 (Fatal error during shutdown after pcntl_rfork() or pcntl_forkx() with zend-max-execution-timers).
Phar:
Fix stream double free in phar.
Fix phar crash and file corruption with SplFileObject.
SOAP:
Fixed bug GH-18990, bug #81029, bug #47314 (SOAP HTTP socket not closing on object destruction).
Fix memory leak when URL parsing fails in redirect.
SPL:
Fixed bug GH-19094 (Attaching class with no Iterator implementation to MultipleIterator causes crash).
Standard:
Fix misleading errors in printf().
Fix RCN violations in array functions.
Fixed GH-18976 pack() overflow with h/H format and INT_MAX repeater value.
Streams:
Fixed GH-13264 (fgets() and stream_get_line() do not return false on filter fatal error).
Zip:
Fix leak when path is too long in ZipArchive::extractTo().
OBS-URL: https://build.opensuse.org/request/show/1298441
OBS-URL: https://build.opensuse.org/package/show/devel:languages:php/php8?expand=0&rev=217
- version update to 8.4.7
Core:
Fixed bug GH-18038 (Lazy proxy calls magic methods twice).
Fixed bug GH-18209 (Use-after-free in extract() with EXTR_REFS).
Fixed bug GH-18268 (Segfault in array_walk() on object with added property hooks).
Fixed bug GH-18304 (Changing the properties of a DateInterval through dynamic properties triggers a SegFault).
Fix some leaks in php_scandir.
DBA:
FIxed bug GH-18247 dba_popen() memory leak on invalid path.
Filter:
Fixed bug GH-18309 (ipv6 filter integer overflow).
GD:
Fixed imagecrop() overflow with rect argument with x/width y/heigh usage in gdImageCrop().
Fixed GH-18243 imagettftext() overflow/underflow on font size value.
Intl:
Fix reference support for intltz_get_offset().
LDAP:
Fixed bug GH-17776 (LDAP_OPT_X_TLS_* options can't be overridden).
Fix NULL deref on high modification key.
libxml:
Fixed custom external entity loader returning an invalid resource leading to a confusing TypeError message.
Opcache:
Fixed bug GH-18294 (assertion failure zend_jit_ir.c).
Fixed bug GH-18289 (Fix segfault in JIT).
Fixed bug GH-18136 (tracing JIT floating point register clobbering on Windows and ARM64).
OpenSSL:
Fix memory leak in openssl_sign() when passing invalid algorithm.
Fix potential leaks when writing to BIO fails.
PDO Firebird:
Fixed bug GH-18276 (persistent connection - "zend_mm_heap corrupted" with setAttribute())
Fixed bug GH-17383 (PDOException has wrong code and message since PHP 8.4)
PDO Sqlite:
Fix memory leak on error return of collation callback.
PgSql:
Fix uouv in pg_put_copy_end().
SPL:
Fixed bug GH-18322 (SplObjectStorage debug handler mismanages memory).
Standard:
Fixed bug GH-18145 (php8ts crashes in php_clear_stat_cache()).
Fix resource leak in iptcembed() on error.
Tests:
Address deprecated PHP 8.4 session options to prevent test failures.
Zip:
Fix uouv when handling empty options in ZipArchive::addGlob().
Fix memory leak when handling a too long path in ZipArchive::addGlob().
OBS-URL: https://build.opensuse.org/request/show/1276314
OBS-URL: https://build.opensuse.org/package/show/devel:languages:php/php8?expand=0&rev=210
- version update to 8.4.6
BCMath:
Fixed pointer subtraction for scale.
Core:
Fixed property hook backing value access in multi-level inheritance.
Fixed accidentally inherited default value in overridden virtual properties.
Fixed bug GH-17376 (Broken JIT polymorphism for property hooks added to child class).
Fixed bug GH-17913 (ReflectionFunction::isDeprecated() returns incorrect results for closures created from magic __call()).
Fixed bug GH-17941 (Stack-use-after-return with lazy objects and hooks).
Fixed bug GH-17988 (Incorrect handling of hooked props without get hook in get_object_vars()).
Fixed bug GH-17998 (Skipped lazy object initialization on primed SIMPLE_WRITE cache).
Fixed bug GH-17998 (Assignment to backing value in set hook of lazy proxy calls hook again).
Fixed bug GH-17961 (use-after-free during dl()'ed module class destruction).
Fixed bug GH-15367 (dl() of module with aliased class crashes in shutdown).
Fixed OSS-Fuzz #403308724.
Fixed bug GH-13193 again (Significant performance degradation in 'foreach').
DBA:
Fixed assertion violation when opening the same file with dba_open multiple times.
DOM:
Fixed bug GH-17991 (Assertion failure dom_attr_value_write).
Fix weird unpack behaviour in DOM.
Fixed bug GH-18090 (DOM: Svg attributes and tag names are being lowercased).
Fix xinclude destruction of live attributes.
Fuzzer:
Fixed bug GH-18081 (Memory leaks in error paths of fuzzer SAPI).
GD:
Fixed bug GH-17984 (calls with arguments as array with references).
LDAP:
Fixed bug GH-18015 (Error messages for ldap_mod_replace are confusing).
Mbstring:
Fixed bug GH-17989 (mb_output_handler crash with unset http_output_conv_mimetypes).
Opcache:
Fixed bug GH-15834 (Segfault with hook "simple get" cache slot and minimal JIT).
Fixed bug GH-17966 (Symfony JIT 1205 assertion failure).
Fixed bug GH-18037 (SEGV Zend/zend_execute.c).
Fixed bug GH-18050 (IN_ARRAY optimization in DFA pass is broken).
Fixed bug GH-18113 (stack-buffer-overflow ext/opcache/jit/ir/ir_sccp.c).
Fixed bug GH-18112 (NULL access with preloading and INI option).
Fixed bug GH-18107 (Opcache CFG jmp optimization with try-finally breaks the exception table).
PDO:
Fix memory leak when destroying PDORow.
Standard:
Fix memory leaks in array_any() / array_all().
SOAP:
Fixed bug #66049 (Typemap can break parsing in parse_packet_soap leading to a segfault) .
SPL:
Fixed bug GH-18018 (RC1 data returned from offsetGet causes UAF in ArrayObject).
Treewide:
Fixed bug GH-17736 (Assertion failure zend_reference_destroy()).
Windows:
Fixed bug GH-17836 (zend_vm_gen.php shouldn't break on Windows line endings).
OBS-URL: https://build.opensuse.org/request/show/1270788
OBS-URL: https://build.opensuse.org/package/show/devel:languages:php/php8?expand=0&rev=208
- version update to 8.3.4
- version update to 8.3.3
* A bugfix release.
- version update to 8.3.2
- version update to 8.3.1
https://www.php.net/ChangeLog-8.php#8.3.1
- version update to 8.3.0
* https://www.php.net/releases/8.3/en.php
* Typed class constants
* Dynamic class constant fetch
* New #[\Override] attribute
* Deep-cloning of readonly properties
* New json_validate() function
* New Randomizer::getBytesFromString() method
* New Randomizer::getFloat() and Randomizer::nextFloat() methods
* New DOMElement::getAttributeNames(),
DOMElement::insertAdjacentElement(),
DOMElement::insertAdjacentText(),
DOMElement::toggleAttribute(),
DOMNode::contains(), DOMNode::getRootNode(),
DOMNode::isEqualNode(), DOMNameSpaceNode::contains(), and
DOMParentNode::replaceChildren() methods.
* New IntlCalendar::setDate(),
IntlCalendar::setDateTime(),
IntlGregorianCalendar::createFromDate(), and
IntlGregorianCalendar::createFromDateTime() methods.
* New ldap_connect_wallet(), and ldap_exop_sync() functions.
* New mb_str_pad() function.
* New posix_sysconf(), posix_pathconf(), posix_fpathconf(),
OBS-URL: https://build.opensuse.org/request/show/1164955
OBS-URL: https://build.opensuse.org/package/show/devel:languages:php/php8?expand=0&rev=151
