Enable ifunc checks on FreeBSD 12+

This was disabled in 2019 due to problems reported in FreeBSD 11. The original
report (PHP bug 77284) includes a comment that FreeBSD 12 worked - which

Enable ifunc checks on FreeBSD 12+

This was disabled in 2019 due to problems reported in FreeBSD 11. The original
report (PHP bug 77284) includes a comment that FreeBSD 12 worked - which also
happens to be the first version ifunc use appeared in libc.

Close GH-12288

show more ...

number_format: cast large floats within range of int to int

This prevents loosing precision for numbers above 2^52.

Closes GH-12333

[ci skip] zend_call_stack NEWS update

Fix #44383: PHP DateTime not converted to xsd:datetime

Closes GH-12437.
Closes GH-11725.

Feature: ext/pdo_firebird: Add transaction isolation level and mode settings (#12815)

* Added transaction isolation level and access mode

* Raise a ValueError if an invalid value i

Feature: ext/pdo_firebird: Add transaction isolation level and mode settings (#12815)

* Added transaction isolation level and access mode

* Raise a ValueError if an invalid value is passed to PDO::FB_TRANSACTION_ISOLATION_LEVEL.

show more ...

Fix max_execution_time with cli-server router script

When the cli-server specifies a router script, we run it using
zend_execute_scripts instead of php_execute_script, because the former

Fix max_execution_time with cli-server router script

When the cli-server specifies a router script, we run it using
zend_execute_scripts instead of php_execute_script, because the former preserves
the return value of the script. However, php_execute_script also starts resets
the execution timer with the value from max_execution_time. If the timer has
previously been initialized with max_input_time, it will never be reset, and
thus trigger at the incorrect time.

Closes GH-12886

show more ...

[sodium] Add AEGIS-128L and AEGIS-256 (#12867)

Also don't prevent usage of AES-GCM on aarch64, it's been supported since libsodium 1.0.18.

Fixes #12312

Fix GH-12727: NumberFormatter constructor throws an exception on invalid locale.

Also re-establishing exception throwing on IntlDateFormatter constructor
overwritten by accident most lik

Fix GH-12727: NumberFormatter constructor throws an exception on invalid locale.

Also re-establishing exception throwing on IntlDateFormatter constructor
overwritten by accident most likely so postponing it for next major
release.

Close GH-12868

show more ...

Fix GH-12854: 8.3 - as final trait-used method does not correctly report visibility in Reflection

Closes GH-12857.

PHP-8.3 is now for PHP 8.3.2-dev

Handle libxml2 OOM more consistently (#11927)

This is a continuation of commit c2a58ab07d, in which several OOM error
handling was converted to throwing an INVALID_STATE_ERR DOMException

Handle libxml2 OOM more consistently (#11927)

This is a continuation of commit c2a58ab07d, in which several OOM error
handling was converted to throwing an INVALID_STATE_ERR DOMException.
Some places were missed and they still returned false without an
exception, or threw a PHP_ERR DOMException.
Convert all of these to INVALID_STATE_ERR DOMExceptions. This also
reduces confusion of users going through documentation [1].

Unfortunately, not all node creations are checked for a NULL pointer.
Some places therefore will not do anything if an OOM occurs (well,
except crash).
On the one hand it's nice to handle these OOM cases.
On the other hand, this adds some complexity and it's very unlikely to
happen in the real world. But then again, "unlikely" situations have
caused trouble before. Ideally all cases should be checked.

[1] https://github.com/php/doc-en/issues/1741

show more ...

ext/pdo: Fixed PDO::setAttribute() and PDO::getAttribute() (#12793)

Fix the default value of $fetchMode in PDO::pgsqlGetNotify()

Fix GH-9348: FTP & SSL session reuse

The issue referenced here doesn't contain a reproducer, but I recently
received an email of a user with the exact same problem. I was able to
rec

Fix GH-9348: FTP & SSL session reuse

The issue referenced here doesn't contain a reproducer, but I recently
received an email of a user with the exact same problem. I was able to
recreate the scenario locally using vsftpd and setting
`require_ssl_reuse=YES` in the vsftpd configuration.

It turns out that our session resumption code is broken. It only works a
single time: the first time a data connection opens. Subsequent data
connections fail to reuse the session. This is because on every data
connection a new session is negotiated, but the current code always
tries to reuse the (stale) session of the control connection.

To fix this, we use SSL_CTX_sess_set_new_cb() to setup a callback that
gets called every time a new session is negotiated. We take a strong
reference using SSL_get1_session() and store it in the ftpbuf_t struct.
Every time we open a data connection we'll take that session.
This works because every control connection has at most a single
associated data connection.

Also disable internal session caching storage to not fill the cache up
with useless sessions.

There is no phpt for this because PHP does not support enforcing SSL
session reuse.
It is however testable manually by setting up vsftpd and setting the
`require_ssl_reuse=YES` function from before.

Closes GH-12851.

show more ...

Implement GH-12385: flush headers without body when calling flush()

Closes GH-12785.

Fix GH-12826: Weird pointers issue in nested loops

This regressed in cd53ce838a.
The loop with `zend_hash_iterators_update` hangs forever because
`iter_pos` can't advance to idx. Thi

Fix GH-12826: Weird pointers issue in nested loops

This regressed in cd53ce838a.
The loop with `zend_hash_iterators_update` hangs forever because
`iter_pos` can't advance to idx. This is because the
`zend_hash_iterators_lower_pos` upper bound is `target->nNumUsed`,
but that is set to `source->nNumOfElements`.
That means that if there are holes in the array, we still loop over all
the buckets but the number of bucket slots will not match.
Fix it by changing the assignment.

Closes GH-12831.

show more ...

Fix GH-12838: [SOAP] Temporary WSDL cache files not being deleted

If there are two users that can execute the script that caches a WSDL,
but the script is owned by a single user, then th

Fix GH-12838: [SOAP] Temporary WSDL cache files not being deleted

If there are two users that can execute the script that caches a WSDL,
but the script is owned by a single user, then the caching code will
name the cached file with the file owner username and a hash of the uri.
When one of the two tries to rename the file created by the other
process, this does not work because it has no permission to do so.
This then leaves temporary files floating in the temp directory.

To fix the immediate problem, unlink the file after rename has failed.
On the long term, this has to be fixed by taking the username of the
process instead of the username of the file owner.

Closes GH-12841.

show more ...

Fix leak of call->extra_named_params on internal __call

Fixes GH-12835
Closes GH-12836

Fix bug GH-12705: Segmentation fault in fpm_status_export_to_zval

Closes GH-12706

Add missing NULL checks for spl autoload table

Closes GH-12840.

[ci skip] NEWS

For acbdfd24ec.

Report fatal error if JIT cannot be enabled

Closes GH-12403

Fix phpGH-12763: PGSQL pg_untrace(): Argument #1 ($connection) must be of type resource or null, PgSql\Connection given.

jit: fixed JIT "Attempt to assign property of non-object" warning emitted at the same time as Error is being thrown

jit: fixed "Uninitialized string offset" warning being emitted at the same time as invalid offset Error