Bump for 7.2.23

Fixed bug #77191

Fixed bug #78379 (Cast to object confuses GC, causes crash)

Fix #78282: atime and mtime mismatch

The fix for bug #78241 assumed that `time_t` would always be 64bit, but
actually is 32bit for x86. We therefore enforce 64bit arithmetic to
avoi

Fix #78282: atime and mtime mismatch

The fix for bug #78241 assumed that `time_t` would always be 64bit, but
actually is 32bit for x86. We therefore enforce 64bit arithmetic to
avoid wrapping.

(cherry picked from commit bf242d58e77d50d4d8fdaaaca7ede686ec4467c0)

show more ...

Fix #78179: MariaDB server version incorrectly detected

As of MariaDB 10.0.2, the server reports a fake version number as work-
around for replication issues[1]. We apply the same "fix"

Fix #78179: MariaDB server version incorrectly detected

As of MariaDB 10.0.2, the server reports a fake version number as work-
around for replication issues[1]. We apply the same "fix" as in the
MariaDB client to cater to this.

[1] <https://github.com/MariaDB/server/commit/c50ee6c23dbeb090963580754bec2f0a96ac0557#diff-5b45fa673c88c06a9651c7906364f592>

show more ...

Fixed bug #78363

set version for release

add security NEW entries + reorder [ci skip]

Fix #77919: Potential UAF in Phar RSHUTDOWN

We have to properly clean up in case phar_flush() is failing.

We also make the expectation of the respective test case less liberal
t

Fix #77919: Potential UAF in Phar RSHUTDOWN

We have to properly clean up in case phar_flush() is failing.

We also make the expectation of the respective test case less liberal
to avoid missing such bugs in the future.

show more ...

Update NEWS

Fix bug #78326

Similar to what fread() does, truncate the stream_get_contents()
result if the original buffer was way too large.

Fixed bug #78333

Don't dereference float/double values at unknown address, instead
memcpy it into an aligned stack slot and dereference that.

Fix #78342: Bus error in configure test for iconv //IGNORE

We have to check the return value of iconv_open() for error, to avoid
that and potentially other undesired behavior of iconv().

Update NEWS

Fixed bug #77946

Save multi_info_read() result into easy handle.

Fixed bug #69100

move NEWS entry [ci skip]

Fixed bug #78297

next is 7.2.22

Fix bug #77124

This is a backport of 6fcae63f614d1ed4aaeaff7b13a7a4627b1f1312
to PHP 7.2.

Fix #78269 password_hash uses weak options for argon2

Fix bug #78291 Missing opcache directives

New opcache directives have been added recently which are returned
if using `ini_get_all('zend opcache')` but are not listed in the
directiv

Fix bug #78291 Missing opcache directives

New opcache directives have been added recently which are returned
if using `ini_get_all('zend opcache')` but are not listed in the
directives if using `opcache_get_configuration()`. This fix adds
those missing directives as well as if `opcache.mmap_base` is used
instead of `opcache.lockfile_path`. Also adds a test to ensure the
directives match with both methods of fetching.

show more ...

Fixed bug #78279

Even if we don't initialize the callback on every request, we
should still reset our globals to default values...

Upgrade to SQLite 3.28.0

Over the years, multiple security vulnerabilities[1] have been found
and fixed in SQLite3, so it makes sense to update our bundled libsqlite
to the latest av

Upgrade to SQLite 3.28.0

Over the years, multiple security vulnerabilities[1] have been found
and fixed in SQLite3, so it makes sense to update our bundled libsqlite
to the latest available version.

[1] <https://www.cvedetails.com/vulnerability-list/vendor_id-9237/Sqlite.html>

show more ...

Update NEWS [ci skip]