Fix #81092: fflush before stream_filter_remove corrupts stream

When doing a non finishing flush, BZ2_bzCompress() returns BZ_FLUSH_OK
(not BZ_FINISH_OK) what requires us to do further fl

Fix #81092: fflush before stream_filter_remove corrupts stream

When doing a non finishing flush, BZ2_bzCompress() returns BZ_FLUSH_OK
(not BZ_FINISH_OK) what requires us to do further flushes right away.

We also refactor the while-loop as do-loop.

Closes GH-7113.

show more ...

Fixed bug #81104

When the memory limit is restored during shutdown, we may still
be using a lot of memory. Ignore the failure at that point and
set it again after the MM is shut down

Fixed bug #81104

When the memory limit is restored during shutdown, we may still
be using a lot of memory. Ignore the failure at that point and
set it again after the MM is shut down, at which point memory
usage should be at its lowest point.

show more ...

Try to fix libxml 2.9.12 tests

The test expectations here were for PHP 8.0, try to adjust them
for PHP 7.4.

Skip test without ZMM

Fixed bug #81070

When the memory limit is reduced using an `ini_set("memory_limit", ..)`
below the currently allocated memory, the out-of-memory check overflowed.
Instead of implemen

Fixed bug #81070

When the memory limit is reduced using an `ini_set("memory_limit", ..)`
below the currently allocated memory, the out-of-memory check overflowed.
Instead of implementing additional checks during allocation,
`zend_set_memory_limit()` now validates the new memory limit. When
below the current memory usage the ini_set call will fail and throw
a warning.

This is part of GH-7040.

show more ...

Fix #76694: native Windows cert verification uses CN as sever name

This is not guaranteed to work, since the actual server name may only
be given as SAN. Since we're doing the peer veri

Fix #76694: native Windows cert verification uses CN as sever name

This is not guaranteed to work, since the actual server name may only
be given as SAN. Since we're doing the peer verification later anyway
(using the respective context options as appropriate), there is no need
to even supply a server name when verifying against the Windows cert
store.

Closes GH-7060.

show more ...

Fixed bug #81090

For concatenation, the in-place variant can be much more efficient,
because it will reallocate the string in-place. Special-case the
typed property compound assignme

Fixed bug #81090

For concatenation, the in-place variant can be much more efficient,
because it will reallocate the string in-place. Special-case the
typed property compound assignment code for the case where we
concatenate to a string, in which case we know that the result
will also be a string, and we don't need the type check anyway.

show more ...

Fix typo in test case (doe → die)

Speed up ext/dba/tests/bug78808.phpt

This tests takes about 2 minutes on AppVeyor CI, what is super slow.
The problem is that we're doing 50,000 inserts of small keys and values
inst

Speed up ext/dba/tests/bug78808.phpt

This tests takes about 2 minutes on AppVeyor CI, what is super slow.
The problem is that we're doing 50,000 inserts of small keys and values
instead of only few inserts with large values, what basically has the
same effect regarding the mmap size.

Closes GH-7073.

show more ...

Make tests compatible with libxml2 2.9.12

This version of libxml introduced quite a few changes. Most of
them are differences in error reporting, while some also change
behavior, e.g

Make tests compatible with libxml2 2.9.12

This version of libxml introduced quite a few changes. Most of
them are differences in error reporting, while some also change
behavior, e.g. null bytes are no longer supported and xinclude
recursion is limited.

Closes GH-7030. Closes GH-7046.

Co-authored-by: Nikita Popov <nikic@php.net>

show more ...

Fix #76359: open_basedir bypass through adding ".."

We explicitly forbid adding paths with a leading `..` to `open_basedir`
at runtime.

Closes GH-7024.

Fix bug #81068: Fix possible use-after-free in realpath_cache_clean()

If ZTS is enabled, this can cause cwd_globals_ctor() to be called
multiple times, each with a freshly allocated virt

Fix bug #81068: Fix possible use-after-free in realpath_cache_clean()

If ZTS is enabled, this can cause cwd_globals_ctor() to be called
multiple times, each with a freshly allocated virtual_cwd_globals
instance. At shutdown time however, cwd_globals_dtor() will call
realpath_cache_clean(), which then possibly cleans up the same
realpath_cache instance more than once. Using AddressSanitzer, this
shows up as a heap use-after-free.

To avoid this, add a helper function to do the actual work on one
instance of a realpath_cache, and call it both from cwd_globals_dtor()
and realpath_cache_clean(). The former uses the virtual_cwd_globals
parameter passed in via the destructor, the latter uses the CWDG()
macro.

show more ...

Update version in php_version.h as well

The version there is automatically updated during `./configure`, but
not on Windows.

Fix handling of open_basedir that contains cwd

While resolving the path, the last step will reduce it down to ""
(an empty string) and realpath() will resolve this to getcwd().
If op

Fix handling of open_basedir that contains cwd

While resolving the path, the last step will reduce it down to ""
(an empty string) and realpath() will resolve this to getcwd().
If open_basedir contains the CWD, then that means open_basedir
will be bypassed for paths that don't have any components that
exist (if one of the components exists, then we abort the realpath
loop at that point).

Closes GH-7015.

show more ...

Fix #81048: phpinfo(INFO_VARIABLES) "Array to string conversion"

Now that we properly dereference references of the superglobals. we
also need to dereference contained references to avoi

Fix #81048: phpinfo(INFO_VARIABLES) "Array to string conversion"

Now that we properly dereference references of the superglobals. we
also need to dereference contained references to avoid to string
conversion.

Closes GH-7014.

show more ...

The PHP 7.4 branch is now for 7.4.21

[ci skip] Removed incorrect news entry

Closes GH-7007.

Properly push test artifacts

Cf. https://www.appveyor.com/docs/packaging-artifacts/#pushing-artifacts-from-scripts.

Closes GH-6990.

Fix NEWS

Fixed bug #81037 PDO discards error message text from prepared statement

Fix #81032: GD install is affected by external libgd installation

This PR replaces the bundled libgd includes from #include <foo.h> with
#include "foo.h" for gd-related headers to avoid

Fix #81032: GD install is affected by external libgd installation

This PR replaces the bundled libgd includes from #include <foo.h> with
#include "foo.h" for gd-related headers to avoid including headers that
may be available in system directories instead of the expected local
headers.

Closes GH-6975.

show more ...

Disable LSan for all PDO_Firebird tests

The tests leak memory, likely due to a slightly unclean shutdown of
libfbclient. To avoid failing CI, we disable LSan for all the tests.

Disable LSan for all PDO_Firebird tests

The tests leak memory, likely due to a slightly unclean shutdown of
libfbclient. To avoid failing CI, we disable LSan for all the tests.

Closes GH-6966.

show more ...

Fix #44643: bound parameters ignore explicit type definitions

If `SQLDescribeParam()` fails for a parameter, we must not assume
`SQL_LONGVARCHAR` for any param which is not `PDO_PARAM_LO

Fix #44643: bound parameters ignore explicit type definitions

If `SQLDescribeParam()` fails for a parameter, we must not assume
`SQL_LONGVARCHAR` for any param which is not `PDO_PARAM_LOB`. At least
mapping `PDO_PARAM_INT` to `SQL_INTEGER` should be safe, and not
introduce a BC break.

Closes GH-6973.

show more ...

missing ;

php-fpm: fix Solaris port events.mechanism

Bug #65800
Fix by: rainer.jung@kippdata.de