Implement GH-9826: Make class_alias() work with internal classes (#10483)

We can't increase the refcount of internal classes during request time.
To work around this problem we simply do

Implement GH-9826: Make class_alias() work with internal classes (#10483)

We can't increase the refcount of internal classes during request time.
To work around this problem we simply don't refcount aliases anymore and
add a check in the destruction to skip aliases entirely.
There were also some checks which checked for an alias implicitly by
comparing the refcount, these have been replaced by checking the type of
the zval instead.

show more ...

[skip ci] Add FFI BC to UPGRADING

Follow-up on commit 851e4623f58926ff387c43960ab5c31e09701c51

Fix GH-10377: Unable to have an anonymous readonly class

This fixes the oversight that an anonymous class should be able to be
readonly. Other identifiers such as final and abstract do n

Fix GH-10377: Unable to have an anonymous readonly class

This fixes the oversight that an anonymous class should be able to be
readonly. Other identifiers such as final and abstract do not make
sense. As we still want nice errors for when users try to use these
modifiers, or use multiple modifiers, we introduce a new function
zend_add_anonymous_class_modifier that will perform verification for
anonymous class modifiers, just like zend_add_class_modifier does for
non-anonymous classes.

Closes GH-10381

show more ...

proc_open: reject array with empty command name (#10559)

sockets add SO_RERROR/SO_ZEROIZE/SO_SPLICE net/openbsd's constants.

Closes GH-10563.

sockets updlite protocol support, with checksum coverage settings.

Close GH-10468

Implement dynamic class const fetch

https://wiki.php.net/rfc/dynamic_class_constant_fetch

Closes GH-9793

Fix GH-10259 ReflectionClass::getStaticProperties doesn't need null return type (#10418)

password: Use `php_random_bytes_throw` in `php_password_make_salt` (#10393)

The CSPRNG failing should be rare nowadays, but it *might* happen and without
this patch it's hard for the use

password: Use `php_random_bytes_throw` in `php_password_make_salt` (#10393)

The CSPRNG failing should be rare nowadays, but it *might* happen and without
this patch it's hard for the user to find out why the salt generation failed:
The error message is not actionable.

This patch will automatically set the CSPRNG exception to the `$previous`
exception of the ValueError that is thrown, allowing the developer to determine
the cause of the salt generation failure.

Before:

Fatal error: Uncaught ValueError: Unable to generate salt in php-src/test3.php:3
Stack trace:
#0 php-src/test3.php(3): password_hash(Object(SensitiveParameterValue), '2y')
#1 {main}
thrown in php-src/test3.php on line 3

After:

Fatal error: Uncaught Random\RandomException: Cannot open /dev/urandom: No such file or directory in php-src/test3.php:3
Stack trace:
#0 php-src/test3.php(3): password_hash(Object(SensitiveParameterValue), '2y')
#1 {main}

Next ValueError: Unable to generate salt in php-src/test3.php:3
Stack trace:
#0 php-src/test3.php(3): password_hash(Object(SensitiveParameterValue), '2y')
#1 {main}
thrown in php-src/test3.php on line 3

show more ...

[ci skip] UPGRADING

strtok warns in case the string to split was not set.

Close GH-10016.

sockets add AF_DIVERT constant.

Allow to bind a socket to a divert port without being concerned
by its address. for ipfw filter purpose (SO_USER_COOKIE constant).
FreeBSD only.

sockets add AF_DIVERT constant.

Allow to bind a socket to a divert port without being concerned
by its address. for ipfw filter purpose (SO_USER_COOKIE constant).
FreeBSD only.

Close GH-10415.

show more ...

Fix GH-10292 make the default value of the first parame of srand() and mt_srand() nullable (#10380)

Co-authored-by: Tim Düsterhus <timwolla@googlemail.com>

[ci skip] UPGRADING

GH-10149

Fix GH-8086: Introduce mail.mixed_lf_and_crlf INI

When this INI option is enabled, it reverts the line separator for
headers and message to LF which was a non conformant behavior in PHP

Fix GH-8086: Introduce mail.mixed_lf_and_crlf INI

When this INI option is enabled, it reverts the line separator for
headers and message to LF which was a non conformant behavior in PHP 7.
It is done because some non conformant MTAs fail to parse CRLF line
separator for headers and body.

This is used for mail and mb_send_mail functions.

show more ...

Implement GMP::__construct()

Implements a proper constructor for GMP as discussed in both GH-10158 and https://externals.io/message/119216.
Fixes GH-10155

Closes GH-10225

Implement GMP::__construct()

Implements a proper constructor for GMP as discussed in both GH-10158 and https://externals.io/message/119216.
Fixes GH-10155

Closes GH-10225

Signed-off-by: George Peter Banyard <girgias@php.net>

show more ...

socket DF flag on UDP socket via IP_MTU_DISCOVER on Linux and IP_DONTFRAGMENT on FreeBSD for path MTU discovery purpose.

idea proposal via ml :
https://marc.info/?l=php-internals&m=16732

socket DF flag on UDP socket via IP_MTU_DISCOVER on Linux and IP_DONTFRAGMENT on FreeBSD for path MTU discovery purpose.

idea proposal via ml :
https://marc.info/?l=php-internals&m=167329288509393&w=2

Close GH-10282

show more ...

posix adding posix_fpathconf.

follow-up on GH-10238 but with the file descriptor flavor.

Close GH-10253

unserialize: Strictly check for `:{` at object start (#10214)

* unserialize: Strictly check for `:{` at object start

* unserialize: Update CVE tests

It's unlikely that the

unserialize: Strictly check for `:{` at object start (#10214)

* unserialize: Strictly check for `:{` at object start

* unserialize: Update CVE tests

It's unlikely that the object syntax error contributed to the actual CVE. The
CVE is rather caused by the incorrect object serialization data of the `C`
format. Add a second string without such a syntax error to ensure that path is
still executed as well to ensure the CVE is absent.

* Fix test expectation in gmp/tests/bug74670.phpt

No changes to the input required, because the test actually is intended to
verify the behavior for a missing `}`, it's just that the report position changed.

* NEWS

* UPGRADING

show more ...

Implement Unicode conditional casing rules for Greek letter sigma

The capital Greek letter sigma (Σ) should be lowercased as σ except
when it appears at the end of a word; in that case,

Implement Unicode conditional casing rules for Greek letter sigma

The capital Greek letter sigma (Σ) should be lowercased as σ except
when it appears at the end of a word; in that case, it should be
lowercased as the special form ς.

This rule is included in the Unicode data file SpecialCasing.txt.
The condition for applying the rule is called "Final_Sigma" and is
defined in Unicode technical report 21. The rule is:

• For the special casing form to apply, the capital letter sigma must
be preceded by 0 or more "case-ignorable" characters, preceded by
at least 1 "cased" character.
• Further, capital sigma must NOT be followed by 0 or more
case-ignorable characters and then at least 1 cased character.

"Case-ignorable" characters include certain punctuation marks, like
the apostrophe, as well as various accent marks. There are actually
close to 500 different case-ignorable characters, including accent marks
from Cyrillic, Hebrew, Armenian, Arabic, Syriac, Bengali, Gujarati,
Telugu, Tibetan, and many other alphabets. This category also includes
zero-width spaces, codepoints which indicate RTL/LTR text direction,
certain musical symbols, etc.

Since the rule involves scanning over "0 or more" of such
case-ignorable characters, it may be necessary to scan arbitrarily far
to the left and right of capital sigma to determine whether the special
lowercase form should be used or not. However, since we are trying to
be both memory-efficient and CPU-efficient, this implementation limits
how far to the left we will scan. Generally, we scan up to 63 characters
to the left looking for a "cased" character, but not more.

When scanning to the right, we go up to the end of the string if
necessary, even if it means scanning over thousands of characters.

Anyways, it is almost impossible to imagine that natural text will
include "words" with more than 63 successive apostrophes (for example)
followed by a capital sigma.

Closes GH-8096.

show more ...

posix adding posix_pathconf.

to get configuration variables from a directory/file.
Closes GH-10238.

[ci skip] Add UPGRADING entry for posix changes

sockets adding TCP_QUICKACK constant.

having tigher control on ACK delays, difference is the setting
is `volatile` as it can be turned off by the kernel if not set
explicitally set

sockets adding TCP_QUICKACK constant.

having tigher control on ACK delays, difference is the setting
is `volatile` as it can be turned off by the kernel if not set
explicitally set otherwise on the socket.

Closes GH-10145.

show more ...

[ci skip] UPGRADING

Add Randomizer::nextFloat() and Randomizer::getFloat() (#9679)

* random: Add Randomizer::nextFloat()

* random: Check that doubles are IEEE-754 in Randomizer::nextFloat()

*

Add Randomizer::nextFloat() and Randomizer::getFloat() (#9679)

* random: Add Randomizer::nextFloat()

* random: Check that doubles are IEEE-754 in Randomizer::nextFloat()

* random: Add Randomizer::nextFloat() tests

* random: Add Randomizer::getFloat() implementing the y-section algorithm

The algorithm is published in:

Drawing Random Floating-Point Numbers from an Interval. Frédéric
Goualard, ACM Trans. Model. Comput. Simul., 32:3, 2022.
https://doi.org/10.1145/3503512

* random: Implement getFloat_gamma() optimization

see https://github.com/php/php-src/pull/9679/files#r994668327

* random: Add Random\IntervalBoundary

* random: Split the implementation of γ-section into its own file

* random: Add tests for Randomizer::getFloat()

* random: Fix γ-section for 32-bit systems

* random: Replace check for __STDC_IEC_559__ by compile-time check for DBL_MANT_DIG

* random: Drop nextFloat_spacing.phpt

* random: Optimize Randomizer::getFloat() implementation

* random: Reject non-finite parameters in Randomizer::getFloat()

* random: Add NEWS/UPGRADING for Randomizer’s float functionality

show more ...