| #
da81b5c8 |
| 20-Nov-2024 |
Christoph M. Becker |
Reapply "Merge branch 'PHP-8.3' into PHP-8.4"
This reverts commit 83ca37483c87f1de9384a6977f069589606c8640, and
fixes the previous bad merge.
|
| #
83ca3748 |
| 20-Nov-2024 |
Christoph M. Becker |
Revert "Merge branch 'PHP-8.3' into PHP-8.4"
This reverts commit ae62779386fe2a736412873ca6931296101529d5, reversing
changes made to 19e685ecc467a0f1dd5413f033fc6311e118473d.
Th
Revert "Merge branch 'PHP-8.3' into PHP-8.4"
This reverts commit ae62779386fe2a736412873ca6931296101529d5, reversing
changes made to 19e685ecc467a0f1dd5413f033fc6311e118473d.
This was a bad merge; I'll have a look shortly.
show more ...
|
| #
ff3b4eca |
| 19-Nov-2024 |
Dylan K. Taylor |
Fix GH-16851: JIT_G(enabled) not set correctly on other threads
There doesn't seem to be a thread post-startup hook that runs after
zend_startup_cb() that could be used for this
Fix GH-16851: JIT_G(enabled) not set correctly on other threads
There doesn't seem to be a thread post-startup hook that runs after
zend_startup_cb() that could be used for this
this fix is similar to accel_startup_ok() as seen here: https://github.com/php/php-src/blob/fc1db70f106525e81f9a24539340b7cf2e82e844/ext/opcache/ZendAccelerator.c#L2631-L2634
Closes GH-16853.
show more ...
|
| #
78c201a3 |
| 18-Nov-2024 |
Jakub Zelenka |
Update NEWS with security fixes info
|
| #
1fd82aa1 |
| 20-Nov-2024 |
Saki Takamachi |
PHP-8.4 is now for PHP 8.4.1-dev
|
| #
315fef2c |
| 19-Nov-2024 |
Saki Takamachi |
Prepare NEWS for 8.4.0
|
| #
fa36346a |
| 19-Nov-2024 |
Saki Takamachi |
[skip ci] NEWS for #16694
|
| #
e44b7625 |
| 17-Nov-2024 |
Christoph M. Becker |
Fix GH-16839: Error on building Opcache JIT for Windows ARM64
OPcache JIT does not support Windows ARM64, so we should not allow
`--enable-opcache-jit` in the first place.
Due t
Fix GH-16839: Error on building Opcache JIT for Windows ARM64
OPcache JIT does not support Windows ARM64, so we should not allow
`--enable-opcache-jit` in the first place.
Due to the way `ARG_ENABLE()` is handled on Windows, we do not attempt
to suppress the configure option, but just do not enable JIT when the
user attempts to, and adapt the help text.
Closes GH-16841.
show more ...
|
| #
6dec6a6d |
| 10-Nov-2024 |
Christoph M. Becker |
Add PHP_BUILD_DATE constant
This information can be occasionally useful, and would otherwise need
to be parsed from `phpinfo()` output.
However, maybe more importantly we unify
Add PHP_BUILD_DATE constant
This information can be occasionally useful, and would otherwise need
to be parsed from `phpinfo()` output.
However, maybe more importantly we unify the build date between what is
given by `php -v` and `php -i`, since these compilation units are not
necessarily preprocessed within the same second.
Closes GH-16747.
show more ...
|
| #
fc1db70f |
| 06-Nov-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-16630: UAF in lexer with encoding translation and heredocs
zend_save_lexical_state() can be nested multiple times, for example for
the parser initialization and then in the heredo
Fix GH-16630: UAF in lexer with encoding translation and heredocs
zend_save_lexical_state() can be nested multiple times, for example for
the parser initialization and then in the heredoc lexing. The input
should not be freed if we restore to the same filtered string.
Closes GH-16716.
show more ...
|
| #
048fa7ba |
| 14-Nov-2024 |
Ilija Tovilo |
Fix get_object_vars() for non-hooked props in hooked prop iter
The zend_hash_update_ind() variant unwraps indirects, rather than creating them.
Don't use _zend_hash_append_ind() because
Fix get_object_vars() for non-hooked props in hooked prop iter
The zend_hash_update_ind() variant unwraps indirects, rather than creating them.
Don't use _zend_hash_append_ind() because the property might already exist.
Fixes GH-16725
Closes GH-16805
show more ...
|
| #
80894d87 |
| 17-Nov-2024 |
David Carlier |
Fix GH-16834: cal_from_jd overflow on julian_day argument.
close GH-16836
|
| #
5e360b64 |
| 11-Nov-2024 |
Gina Peter Banyard |
ext/pdo_pgsql: Remove new PDO class constant specific to PGSQL driver
Closes GH-16755
|
| #
18b18f0e |
| 15-Nov-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-16777: Calling the constructor again on a DOM object after it is in a document causes UAF
Closes GH-16824.
|
| #
fbb00619 |
| 15-Nov-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-16808: Segmentation fault in RecursiveIteratorIterator->current() with a xml element input
When the current data is invalid, NULL must be returned. At least that's
how the check i
Fix GH-16808: Segmentation fault in RecursiveIteratorIterator->current() with a xml element input
When the current data is invalid, NULL must be returned. At least that's
how the check in SPL works and how other extensions do this as well.
If we don't do this, an UNDEF value gets propagated to a return value
(misprinted as null); leading to issues.
Closes GH-16825.
show more ...
|
| #
179ca2bf |
| 14-Nov-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-16802: open_basedir bypass using curl extension
And fix a memleak while here.
Closes GH-16804.
|
| #
553d79c7 |
| 14-Nov-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-16799: Assertion failure at Zend/zend_vm_execute.h:7469
zend_is_callable_ex() can unfortunately emit a deprecation, and then
a user error handler can throw an exception. This caus
Fix GH-16799: Assertion failure at Zend/zend_vm_execute.h:7469
zend_is_callable_ex() can unfortunately emit a deprecation, and then
a user error handler can throw an exception. This causes an assert
failure at ZEND_VM_NEXT_OPCODE(). We fix this by checking if there's an
exception after zend_is_callable_ex().
Closes GH-16803.
show more ...
|
| #
b8ba6f63 |
| 15-Nov-2024 |
David Carlier |
Fix GH-16812: UAF on readline_info() after readline_write_history() call.
close GH-16813
|
| #
cbb3b937 |
| 13-Nov-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-16770: Tracing JIT type mismatch when returning UNDEF
When returning an UNDEF value, it actually becomes NULL.
The following code took this into account:
https://github.com/ph
Fix GH-16770: Tracing JIT type mismatch when returning UNDEF
When returning an UNDEF value, it actually becomes NULL.
The following code took this into account:
https://github.com/php/php-src/blob/28344e0445bc2abae8dc5f1376aa0ff350e6d66d/ext/opcache/jit/zend_jit_trace.c#L2196-L2199
But the stack does not update the type to NULL, causing a mismatch.
Closes GH-16784.
Co-authored-by: Dmitry Stogov <dmitry@zend.com>
show more ...
|
| #
3815a773 |
| 03-Nov-2024 |
Christoph M. Becker |
Close GH-16659: Bump ICU requirement to ICU >= 57.1
This requirements bump should rarely affect anybody in practice. All
major distros already ship more recent ICU versions, and even fo
Close GH-16659: Bump ICU requirement to ICU >= 57.1
This requirements bump should rarely affect anybody in practice. All
major distros already ship more recent ICU versions, and even for
Solaris 11, ICU 57.1 is available via OpenCSW. Note that ICU 57.1 has
been released on 2016-03-23[1].
[1] <https://icu.unicode.org/download/57>
Closes GH-16688.
show more ...
|
| #
4124b04e |
| 13-Nov-2024 |
David Carlier |
Fix GH-16771: imagecreatefromstring overflow on invalid format.
close GH-16776
|
| #
b8115d6c |
| 13-Nov-2024 |
David Carlier |
Fix GH-16769: php_pcntl_set_user_signal_infos aborts when a signal is a reference.
close GH-16772
|
| #
33ba1a4a |
| 09-Nov-2024 |
David Carlier |
ext/sockets: adding IPPROTO_ICMP* constants for socket creations.
Is to create socket for Internet Control Message Protocol context.
Due to their nature, they are meant to be used via
ext/sockets: adding IPPROTO_ICMP* constants for socket creations.
Is to create socket for Internet Control Message Protocol context.
Due to their nature, they are meant to be used via
raw sockets rather than TCP/UDP.
close GH-16737
show more ...
|
| #
a8151fc5 |
| 30-Oct-2024 |
Arnaud Le Blanc |
Fix the name of the initializer parameter of ReflectionClass::resetAsLazyGhost()
Closes GH-16758
|
| #
02ee521e |
| 10-Nov-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-16727: Opcache bad signal 139 crash in ZTS bookworm (frankenphp)
Reproducer: https://github.com/php/php-src/issues/16727#issuecomment-2466256317
The root cause is a data race
Fix GH-16727: Opcache bad signal 139 crash in ZTS bookworm (frankenphp)
Reproducer: https://github.com/php/php-src/issues/16727#issuecomment-2466256317
The root cause is a data race between two different threads:
1) We allocate a lower cased name for an anonymous class here:
https://github.com/php/php-src/blob/f97353f228e21dcc2db24d7edf08c1cb3678b0fd/Zend/zend_compile.c#L8109
2) This gets looked up as an interned string here:
https://github.com/php/php-src/blob/f97353f228e21dcc2db24d7edf08c1cb3678b0fd/Zend/zend_compile.c#L8112
Assuming that there are uppercase symbols in the string and therefore
`lcname != name` and that `lcname` is not yet in the interned string table,
the pointer value of `lcname` won't change.
3) Here we add the string into the interned string table:
https://github.com/php/php-src/blob/f97353f228e21dcc2db24d7edf08c1cb3678b0fd/Zend/zend_compile.c#L8223
However, in the meantime another thread could've added the string into the interned string table.
This means that the following code will run, indirectly called via the `LITERAL_STR` macro,
freeing `lcname`: https://github.com/php/php-src/blob/62e53e6f4965f37d379a3fd21f65a4210c5c86b5/ext/opcache/ZendAccelerator.c#L572-L575
4) In the reproducer we then access the freed `lcname` string here:
https://github.com/php/php-src/blob/f97353f228e21dcc2db24d7edf08c1cb3678b0fd/Zend/zend_compile.c#L8229
This is solved in my patch by retrieving the interned string pointer
and putting it in `lcname`.
Closes GH-16748.
show more ...
|
