96885bc0 | 05-Aug-2023 |
Kévin Dunglas |
fix: handle the GNU specific version of strerror_r Close GH-11882 |
dddd309d | 05-Aug-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-11830: ParentNode methods should perform their checks upfront Closes GH-11887. |
08c4db7f | 06-Aug-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix manually calling __construct() on DOM classes Closes GH-11894. |
5cd0208e | 03-Aug-2023 |
Ilija Tovilo |
Don't test macOS & i386 without opcache on push It should be incredibly rare for something to fail only without opcache while also being platform specific. We're keeping opcache-less tes
Don't test macOS & i386 without opcache on push It should be incredibly rare for something to fail only without opcache while also being platform specific. We're keeping opcache-less tests for x64 Linux, macOS and i386 will continue to be tested without opcache in nightly. Closes GH-11867
show more ...
|
ca5d4821 | 28-Jun-2023 |
Yurun |
Fix MySQL Statement has a empty query result when the response field has changed, also Segmentation fault Closes GH-11551. |
dc586b12 | 03-Aug-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Mark buildFromIterator test as conflicting Commit 0b2e6bc2b0 started caching the directory entry type to improve performance. Shortly after, we've seen flaky failures of the buildFro
Mark buildFromIterator test as conflicting Commit 0b2e6bc2b0 started caching the directory entry type to improve performance. Shortly after, we've seen flaky failures of the buildFromIterator phar test. When it fails, it's always a value error in the constructor of RecursiveDirectoryIterator::__construct() with a "no such file or directory" error. What's happening here is this: 1) A parallel test creates a subdirectory in the current working dir. 2) This test checks hasChildren() on a directory entry, the cached entry returns "yes" on the subdirectory. 3) The parallel test finishes and removes the subdirectory. 4) The constructor mentioned above is called, causing an exception because the directory is gone. This race has always been possible, even before said commit. It's just that it was very hard to hit before: the expensive stat call made the race window hard to hit. The race is now easier to hit because of the caching that is fast. Since there's many tests that modify the current working directory, it seems best to mark this as an "all" conflict. We cannot avoid every TOC-TOU race when working with files with these phar tests. In particular, mounteddir.phpt caused every conflict I saw on CI, but there's more tests that create subdirectories in the current working directory. Closes GH-11869.
show more ...
|
f7be15db | 02-Aug-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Revert the fix for GH-11498 People relied on manually waiting for children, but the fix for GH-11498 broke this. Fixing this in PHP is fundamentally incompatible with doing the wait
Revert the fix for GH-11498 People relied on manually waiting for children, but the fix for GH-11498 broke this. Fixing this in PHP is fundamentally incompatible with doing the wait loop in userland. This reverts to the old behaviour. Closes GH-11863.
show more ...
|
162bd2a5 | 03-Aug-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix missing link variable in test |
997a3675 | 02-Aug-2023 |
Alexandre Daubois |
Fix GH-10964: Improve `man` page about the built-in server Closes GH-11857. |
509906b2 | 12-Jun-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-11438: mysqlnd fails to authenticate with sha256_password accounts using passwords longer than 19 characters https://dev.mysql.com/doc/dev/mysql-server/latest/page_caching_sha2_authen
Fix GH-11438: mysqlnd fails to authenticate with sha256_password accounts using passwords longer than 19 characters https://dev.mysql.com/doc/dev/mysql-server/latest/page_caching_sha2_authentication_exchanges.html tells us that the nonce used in this authentication method is 20 bytes long. However, we might receive additional scramble data in php_mysqlnd_greet_read not used in this method. On my test setup, I received 21 bytes (20 bytes + '\0'). This resulted in the xor computation to incorrectly include the NUL byte. Every password of at least 20 characters therefore failed to authenticate using this method. Looking at mysql-server source code also seems to reveal that it always uses a fixed number of scramble bytes [1]. [1] https://github.com/mysql/mysql-server/blob/ea7087d885006918ad54458e7aad215b1650312c/sql/auth/sha2_password.cc#L1078-L1079 Closes GH-11445. Co-authored-by: Kamil Tekiela <tekiela246@gmail.com>
show more ...
|
ed27d70d | 17-Jul-2023 |
Ilija Tovilo |
Fix use-of-uninitialized-value in start_fake_frame Closes GH-11732 |
94127c53 | 12-Jun-2023 |
nielsdos <7771979+nielsdos@users.noreply.github.com> |
Fix GH-11440: authentication to a sha256_password account fails over SSL This is similar to bug #78680, but that bug wasn't really fixed in all places. This is the only remaining place.
Fix GH-11440: authentication to a sha256_password account fails over SSL This is similar to bug #78680, but that bug wasn't really fixed in all places. This is the only remaining place. Closes GH-11444.
show more ...
|
6e468bbd | 31-Jul-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix json_encode result on DOMDocument According to https://www.php.net/manual/en/class.domdocument: When using json_encode() on a DOMDocument object the result will be that of en
Fix json_encode result on DOMDocument According to https://www.php.net/manual/en/class.domdocument: When using json_encode() on a DOMDocument object the result will be that of encoding an empty object. But this was broken in 8.1. The output was `{"config": null}`. That's because the config property is defined with a default value of NULL, hence it was included. The other properties are not included because they don't have a default property, and nothing is ever written to their backing field. Hence, the JSON encoder excludes them. Similarly, `(array) $doc` would yield the same `config` key in the array. Closes GH-11840.
show more ...
|
4553258d | 01-Aug-2023 |
Dmitry Stogov |
Fixed incorrect tracked malloc deallocation Fixes ext/ffi/tests/list.phpt failure |
e61dbe54 | 01-Aug-2023 |
Ilija Tovilo |
Fix zend/test arginfo stub hash |
ebbccb3d | 01-Aug-2023 |
Ben Ramsey |
Merge branch 'PHP-8.0' into PHP-8.1
|
d8f2584e | 31-Jul-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
NEWS Signed-off-by: Ben Ramsey <ramsey@php.net> |
62228a25 | 31-Jul-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Disable global state test on Windows It looks like the config.w32 uses CHECK_HEADER_ADD_INCLUDE to add the include path to libxml into the search path. That doesn't happen in zend-te
Disable global state test on Windows It looks like the config.w32 uses CHECK_HEADER_ADD_INCLUDE to add the include path to libxml into the search path. That doesn't happen in zend-test. To add to the Windows trouble, libxml is statically linked in, ext/libxml can only be built statically but ext/zend-test can be built both statically and dynamically. So the regression tests won't work in all possible configurations anyway on Windows. All of this is no problem on Linux because it just uses dynamic linking and pkg-config, without any magic. Signed-off-by: Ben Ramsey <ramsey@php.net>
show more ...
|
93b43ac2 | 31-Jul-2023 |
Derick Rethans |
Fix broken merge |
0870ebb8 | 31-Jul-2023 |
Derick Rethans |
Merge branch 'PHP-8.0' into PHP-8.1
|
c283c3ab | 15-Jul-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Sanitize libxml2 globals before parsing Fixes GHSA-3qrf-m4j2-pcrr. To parse a document with libxml2, you first need to create a parsing context. The parsing context contains par
Sanitize libxml2 globals before parsing Fixes GHSA-3qrf-m4j2-pcrr. To parse a document with libxml2, you first need to create a parsing context. The parsing context contains parsing options (e.g. XML_NOENT to substitute entities) that the application (in this case PHP) can set. Unfortunately, libxml2 also supports providing default set options. For example, if you call xmlSubstituteEntitiesDefault(1) then the XML_NOENT option will be added to the parsing options every time you create a parsing context **even if the application never requested XML_NOENT**. Third party extensions can override these globals, in particular the substitute entity global. This causes entity substitution to be unexpectedly active. Fix it by setting the parsing options to a sane known value. For API calls that depend on global state we introduce PHP_LIBXML_SANITIZE_GLOBALS() and PHP_LIBXML_RESTORE_GLOBALS(). For other APIs that work directly with a context we introduce php_libxml_sanitize_parse_ctxt_options().
show more ...
|
80316123 | 10-Jul-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix buffer mismanagement in phar_dir_read() Fixes GHSA-jqcx-ccgc-xwhv. |
3e9792f4 | 27-Jul-2023 |
Mikhail Galanin |
Check if restart is pending before trying to lock SHM This reduces lock contention when Opcache restart is scheduled but not yet started. Closes GH-11805 |
be71cadc | 22-Jun-2023 |
Remi Collet |
[ci skip] add CVE in NEWS |
32c7c433 | 06-Jun-2023 |
Pierrick Charron |
Fix wrong backporting of previous soap patch |