Fix gcc-14 Wcalloc-transposed-args warnings

gcc-14 and later warns of inverted arguments in calloc or
calloc-like __alloc_size__ annotated functions.

Closes GH-13818.

Fix GH-13856: Member access within null pointer of type 'ps_files' in ext/session/mod_files.c

We should not mark the session as opened when there was a failure in
open.

Closes G

Fix GH-13856: Member access within null pointer of type 'ps_files' in ext/session/mod_files.c

We should not mark the session as opened when there was a failure in
open.

Closes GH-13858.

show more ...

[ci skip] NEWS

Implement request #71571: XSLT processor should provide option to change maxDepth (#13731)

There are two depth limiting parameters for XSLT templates.
1) maxTemplateDepth
This cor

Implement request #71571: XSLT processor should provide option to change maxDepth (#13731)

There are two depth limiting parameters for XSLT templates.
1) maxTemplateDepth
This corresponds to the recursion depth of a template. For very
complicated templates this can be hit.
2) maxTemplateVars
This is the total number of live variables. When using recursive
templates with lots of parameters you can hit this limit.

This patch introduces two new properties to XSLTProcessor that
corresponds to the above variables.

show more ...

Fix GH-13833: Applying zero offset to null pointer in zend_hash.c

MAPPHAR_FAIL will call the destructor of the manifest, mounted_dirs, and
virtual_dirs tables. When a new phar object is

Fix GH-13833: Applying zero offset to null pointer in zend_hash.c

MAPPHAR_FAIL will call the destructor of the manifest, mounted_dirs, and
virtual_dirs tables. When a new phar object is allocated using (p)ecalloc,
the bytes are zeroed, but the flag for an uninitialized table is
non-zero. So we have to manually set the flag in case that we have a
code path that can destroy the tables without first initializing them at
least once.

Closes GH-13847.

show more ...

Zend/zend_call_stack.c: fix build for Linux/uclibc-ng without pthread.

Fix the following build failure without pthread raised since version
8.3.0 and
https://github.com/php/php-src/c

Zend/zend_call_stack.c: fix build for Linux/uclibc-ng without pthread.

Fix the following build failure without pthread raised since version
8.3.0 and
https://github.com/php/php-src/commit/a11c8a30399e90c17c287b9656c0077bc5131c9c:

/home/buildroot/instance-0/output-1/build/php-8.3.4/Zend/zend_call_stack.c:39:11: fatal error: pthread.h: No such file or directory
39 | # include <pthread.h>
| ^~~~~~~~~~~

Fixes:
- http://autobuild.buildroot.org/results/a4ef648a9da50b26ed56d5d490e4cf5a1bfff970

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Close GH-13843

show more ...

Fix GH-13836: Renaming a file in a Phar to an already existing filename causes a NULL pointer dereference

If the destination already exists, then the `add` function on the
manifest will

Fix GH-13836: Renaming a file in a Phar to an already existing filename causes a NULL pointer dereference

If the destination already exists, then the `add` function on the
manifest will return NULL, resulting in a NULL entry and therefore a
NULL deref. As `copy()` (not `Phar::copy`) chooses to succeed and
overwrite the destination if it already exists, we should do the same.
Therefore the fix is as simple as changing `add` to `update`.

Closes GH-13840.

show more ...

Fix GH-13827: Null pointer access of type 'zval' in phpdbg_frame

We don't always have the line and filename in a backtrace frame, but
phpdbg assumes we do.

Closes GH-13831.

Fix GH-10495: feof on OpenSSL stream hangs indefinitely

This fixes the issue with unbounded waiting on SSL_peek which can happen
when only part of the record is fetched. It makes socket

Fix GH-10495: feof on OpenSSL stream hangs indefinitely

This fixes the issue with unbounded waiting on SSL_peek which can happen
when only part of the record is fetched. It makes socket non blocking so
it is possible to verify if OpenSSL is expecting some more data or if
there is an error.

This also fixes bug #79501

Closes GH-13487

show more ...

Fix GH-13264: Part 1 - Memory leak on filter failure

Closes GH-13790

Fix NEWS for the last FPM change

Fixed GH-13581: threaded mod_php fails on NetBSD with No space available for Thread Local Storage.

Close GH-13832

ext/sockets: adding Linux's TCP_SYNCNT constant.

Useful to control how many SYN packets the client will send to the
server before giving up establishing a connection if the server does

ext/sockets: adding Linux's TCP_SYNCNT constant.

Useful to control how many SYN packets the client will send to the
server before giving up establishing a connection if the server does
not respond (usually 5 or 6 by default).

Close GH-13816

show more ...

Fix GH-13563: Setting bool values via env in FPM config fails

Closes GH-13786

revert base64_encode change

Fix GH-13433: Segmentation Fault in zend_class_init_statics when using opcache.preload

This regressed in 9a250cc9d6, which allowed static properties to get
overridden by a trait during i

Fix GH-13433: Segmentation Fault in zend_class_init_statics when using opcache.preload

This regressed in 9a250cc9d6, which allowed static properties to get
overridden by a trait during inheritance. In particular, because of the
change to the loop in zend_update_parent_ce(), it's not guaranteed that
all indirects are after one another.

This means that during persisting the zvals of the static members table,
some static properties may be skipped. In case of the test code, this
means that the array in the trait will keep referring to the old, new
freed, stale value. To solve this, we check the type for IS_INDIRECT,
which is the same as what zend_persist_calc() is already doing anyway.

Since 2543e61aed we can check for IS_INDIRECT to see if it should be
persisted or not.

Closes GH-13794.

show more ...

PHP-8.3 is now for PHP 8.3.6-dev

[ci skip] NEWS for base64_encode

[ci skip]

[ci skip]

[ci skip] NEWS

ext/openssl: Bump minimum required OpenSSL version to 1.1.1

Bumps the minimum required OpenSSL version from 1.0.2 to 1.1.1.

OpenSSL 1.1.1 is an LTS release, but has reached[^1] EOL

ext/openssl: Bump minimum required OpenSSL version to 1.1.1

Bumps the minimum required OpenSSL version from 1.0.2 to 1.1.1.

OpenSSL 1.1.1 is an LTS release, but has reached[^1] EOL from upstream. However, Linux distro/OS vendors
continue to ship OpenSSL 1.1.1, so 1.1.1 was picked as the minimum. The current minimum 1.0.2 reached
EOL in 2018.

Bumping the minimum required OpenSSL version makes it possible for ext-openssl to remove a bunch of
conditional code, and assume that TLS 1.3 (shipped with OpenSSL 1.1.1) will be supported everywhere.

- Debian buster: 1.1.1[^2]
- Ubuntu 20.04: 1.1.1[^3]
- CentOS/RHEL 7: 1.0.2
- RHEL 8/Rocky 8/EL 8: 1.1.1
- Fedora 38: 3.0.9 (`openssl11` provides OpenSSL 1.1 as well)

RHEL/CentOS 7 reaches EOL mid 2024, so for PHP 8.4 scheduled towards the end of this year, we can safely
bump the minimum OpenSSL version.

[^1]: https://www.openssl.org/blog/blog/2023/03/28/1.1.1-EOL/index.html
[^2]: https://packages.debian.org/buster/libssl-dev
[^3]: https://packages.ubuntu.com/focal/libssl-dev

show more ...

[ci skip] NEWS

Fix url_rewriter.hosts not used for output_add_rewrite_var()

If fixes issue where session.trans_sid_hosts used instead of
url_rewriter.hosts for output_add_rewrite_var().

Closes

Fix url_rewriter.hosts not used for output_add_rewrite_var()

If fixes issue where session.trans_sid_hosts used instead of
url_rewriter.hosts for output_add_rewrite_var().

Closes GH-13294

show more ...

Fix incorrect charset length in check_mb_eucjpms()

Closes GH-13781.