fix: handle the GNU specific version of strerror_r

Close GH-11882

Fix GH-11830: ParentNode methods should perform their checks upfront

Closes GH-11887.

Fix manually calling __construct() on DOM classes

Closes GH-11894.

Fix MySQL Statement has a empty query result when the response field has changed, also Segmentation fault

Closes GH-11551.

Revert the fix for GH-11498

People relied on manually waiting for children, but the fix for GH-11498
broke this. Fixing this in PHP is fundamentally incompatible with doing
the wait

Revert the fix for GH-11498

People relied on manually waiting for children, but the fix for GH-11498
broke this. Fixing this in PHP is fundamentally incompatible with doing
the wait loop in userland. This reverts to the old behaviour.

Closes GH-11863.

show more ...

Fix GH-10964: Improve `man` page about the built-in server

Closes GH-11857.

Fix GH-11438: mysqlnd fails to authenticate with sha256_password accounts using passwords longer than 19 characters

https://dev.mysql.com/doc/dev/mysql-server/latest/page_caching_sha2_authen

Fix GH-11438: mysqlnd fails to authenticate with sha256_password accounts using passwords longer than 19 characters

https://dev.mysql.com/doc/dev/mysql-server/latest/page_caching_sha2_authentication_exchanges.html
tells us that the nonce used in this authentication method is 20 bytes
long. However, we might receive additional scramble data in
php_mysqlnd_greet_read not used in this method.
On my test setup, I received 21 bytes (20 bytes + '\0'). This resulted
in the xor computation to incorrectly include the NUL byte. Every
password of at least 20 characters therefore failed to authenticate
using this method.

Looking at mysql-server source code also seems to reveal that it always
uses a fixed number of scramble bytes [1].

[1] https://github.com/mysql/mysql-server/blob/ea7087d885006918ad54458e7aad215b1650312c/sql/auth/sha2_password.cc#L1078-L1079

Closes GH-11445.

Co-authored-by: Kamil Tekiela <tekiela246@gmail.com>

show more ...

Fix GH-11440: authentication to a sha256_password account fails over SSL

This is similar to bug #78680, but that bug wasn't really fixed in all
places. This is the only remaining place.

Fix GH-11440: authentication to a sha256_password account fails over SSL

This is similar to bug #78680, but that bug wasn't really fixed in all
places. This is the only remaining place.

Closes GH-11444.

show more ...

Fix json_encode result on DOMDocument

According to https://www.php.net/manual/en/class.domdocument:
When using json_encode() on a DOMDocument object the result will be
that of en

Fix json_encode result on DOMDocument

According to https://www.php.net/manual/en/class.domdocument:
When using json_encode() on a DOMDocument object the result will be
that of encoding an empty object.

But this was broken in 8.1. The output was `{"config": null}`.
That's because the config property is defined with a default value of
NULL, hence it was included. The other properties are not included
because they don't have a default property, and nothing is ever written
to their backing field. Hence, the JSON encoder excludes them.
Similarly, `(array) $doc` would yield the same `config` key in the
array.

Closes GH-11840.

show more ...

NEWS

Signed-off-by: Ben Ramsey <ramsey@php.net>

Check if restart is pending before trying to lock SHM

This reduces lock contention when Opcache restart is scheduled
but not yet started.

Closes GH-11805

[ci skip] add CVE in NEWS

Fix GH-11791: Wrong default value of DOMDocument::xmlStandalone

At one point this was changed from a bool to an int in libxml2, with
negative values meaning it is unspecified. Because it

Fix GH-11791: Wrong default value of DOMDocument::xmlStandalone

At one point this was changed from a bool to an int in libxml2, with
negative values meaning it is unspecified. Because it is cast to a bool
this therefore returned true instead of the expected false.

Closes GH-11793.

show more ...

Fix empty argument cases for DOMParentNode methods

Closes GH-11768.

Fix DOMCharacterData::replaceWith() with itself

Previously, when replacing the node with itself (or contained within
itself), the node disappeared.

Closes GH-11770.

Fix incorrect attribute existence check in DOMElement::setAttributeNodeNS()

Closes GH-11776.

Fix DOMEntity field getter bugs

- publicId could crash PHP if none was provided
- notationName never worked

The fields of this classs were untested. This new test file changes t

Fix DOMEntity field getter bugs

- publicId could crash PHP if none was provided
- notationName never worked

The fields of this classs were untested. This new test file changes that.

Closes GH-11779.

show more ...

Fix GH-11716: cli server crashes on SIGINT when compiled with ZEND_RC_DEBUG=1

Closes GH-11757.

Prevent int overflow on $decimals in number_format

Closes GH-11714.
Closes GH-11649.

Fix GH-11715: opcache.interned_strings_buffer either has no effect or opcache_get_status() / phpinfo() is wrong

There are a couple of oddities.

1) The interned strings buffer compri

Fix GH-11715: opcache.interned_strings_buffer either has no effect or opcache_get_status() / phpinfo() is wrong

There are a couple of oddities.

1) The interned strings buffer comprises the whole hashtable
datastructure.
Therefore, it seems that the interned strings buffer size is the size of
only said table. However, in the current code it also includes the size
of the zend_accel_shared_globals.

2) ZCSG(interned_strings).end is computed starting from the accelerator
globals struct itself. I would expect it to start from the part where
the interned strings table starts.

3) When computing the used size, it is done using
ZCSG(interned_strings).end - ZCSG(interned_strings).start. However,
this does not include the uin32_t slots array because
ZCSG(interned_strings).start pointers after that array.

This patch corrrects these 3 points.

Closes GH-11717.

show more ...

Fix leaking definitions on FFI::cdef()->new()

Previously, FFI_G(symbols) and FFI_G(tags) were never cleaned up when calling
new on an existing object. However, if cdef() is called withou

Fix leaking definitions on FFI::cdef()->new()

Previously, FFI_G(symbols) and FFI_G(tags) were never cleaned up when calling
new on an existing object. However, if cdef() is called without parameters these
globals are NULL and might be created when new() creates new definitions. These
would then be discarded without freeing them.

Closes GH-11751

show more ...

PHP-8.1 is now for PHP-8.1.23-dev

Fix hash_pbkdf2 options parameter

The value needs to be initialized to NULL as it is optional. Furthermore, the
parameter was completely missing in the stub signature.

Closes GH

Fix hash_pbkdf2 options parameter

The value needs to be initialized to NULL as it is optional. Furthermore, the
parameter was completely missing in the stub signature.

Closes GH-11731

show more ...

Prevent potential deadlock if accelerated globals cannot be allocated

Not sure if this is possible to hit in practice, zend_accel_error_noreturn
doesn't return so the unlock isn't called

Prevent potential deadlock if accelerated globals cannot be allocated

Not sure if this is possible to hit in practice, zend_accel_error_noreturn
doesn't return so the unlock isn't called. Other callsites that use both
zend_accel_error_noreturn and zend_shared_alloc_unlock first perform the
unlocking.

Closes GH-11718.

show more ...

Fix GH-11587 PDO::ATTR_STRINGIFY_FETCHES should return strings even in if PDO::ATTR_EMULATE_PREPARES is enabled

This also includes a fix for the MySQL ND driver to actually respect the user

Fix GH-11587 PDO::ATTR_STRINGIFY_FETCHES should return strings even in if PDO::ATTR_EMULATE_PREPARES is enabled

This also includes a fix for the MySQL ND driver to actually respect the user decided behaviour.

Closes GH-11622

Signed-off-by: George Peter Banyard <girgias@php.net>

show more ...