Add possibility to lower timer resolution

The recently discovered security flaw Spectre requires a high resolution
timer. To the today's knowledge, PHP can't be used to create an attack

Add possibility to lower timer resolution

The recently discovered security flaw Spectre requires a high resolution
timer. To the today's knowledge, PHP can't be used to create an attack for
this flaw. Still some concerns were raised, that there might be impact in
shared hosting environments. This patch adds a possibility to reduce the
timer resolution by an ini setting, thus giving administrators full
control. Especially, as the flaw was also demonstrated by an abuse of
the JS engine in a browser, Firefox reduced several time sources to 20us.
Any programming language, that doesn't compile to JIT, won't be able to
produce an attack vector for Meltdown and Spectre, at least by todays
knowledge. There are also other factors that say that the security
concern on the hrtime feature is to the big part not justified, still we
aim JIT in the future. Thus, adding a possibility to control the timer
resolution is a good and small enough tradeoff for safety and future.

show more ...

Implement high resolution monotonic timer function hrtime()

Added entry on UPGRADING

Add _IS_NUMBER as cast_object() target type

convert_scalar_to_number() will now call cast_object() with an
_IS_NUMBER argument, in which case the cast handler should return
either an

Add _IS_NUMBER as cast_object() target type

convert_scalar_to_number() will now call cast_object() with an
_IS_NUMBER argument, in which case the cast handler should return
either an integer or floating point number, whichever is more
appropriate.

Previously convert_scalar_to_number() unconditionally converted
objects to integers instead.

Fixes bug #53033.
Fixes bug #54973.
Fixes bug #73108.

show more ...

Fixed bug #54043

Bump libcurl requirement to 7.12.1

The existence of the following functions is now guaranteed:
* curl_reset()
* curl_strerror()
* curl_multi_strerror()
* curl_share_strer

Bump libcurl requirement to 7.12.1

The existence of the following functions is now guaranteed:
* curl_reset()
* curl_strerror()
* curl_multi_strerror()
* curl_share_strerror()

libcurl 7.12.1 has been released more than 13 years ago and is
available even in RHEL 4.

show more ...

Remove opcache.inherited_hack

This ini directive has already been ignored since PHP 5.3.

Fix duplicate NEWS entry

Also add an UPGRADING note while at it, as this is potentially
BC breaking.

[ci skip]

Add gmp_kronecker()

Exposes the mpz_kronecker(), mpz_si_kronecker() and
mpz_kronecher_si() for computing the Kronecker symbol.

Add gmp_perfect_power()

Exposes the mpz_perfect_power_p() function.

We already had the more specific gmp_perfect_square() function.

Add gmp_lcm()

Exposes mpz_lcm() and mpz_lcm_ui() for calculating the least
common multiple.

We already expose the somewhat complementary gmp_gcd() function.

Add gmp_binomial()

Adds PHP bindings for mpz_bin_ui and mpz_bin_uiui, for calculating
binomial coefficients.

Implement list() reference assignments

Support list() reference assignments of the form:

list(&$a, list(&$b, $c)) = $d;

RFC: https://wiki.php.net/rfc/list_reference_ass

Implement list() reference assignments

Support list() reference assignments of the form:

list(&$a, list(&$b, $c)) = $d;

RFC: https://wiki.php.net/rfc/list_reference_assignment

show more ...

Fixed bug #74372

Merge branch 'PHP-7.2'

* PHP-7.2:
Mention spl_object_id in UPGRADING notes

Mention spl_object_id in UPGRADING notes

This was implemented in PR #2611

Note to UPGRADING about Spoofchecker::setRestrictionLevel()

Merge JSON_THROW_ON_ERROR

Refactored recursion pretection

[ci skip] hash_hmac_algos() is new in PHP 7.2.0

[ci skip] Fix more typos in UPGRADING

[ci skip] Update UPGRADING wrt. PR 2742

Merge branch 'PHP-7.2'

* PHP-7.2:
[ci skip] Fix typos in UPGRADING

[ci skip] Fix typos in UPGRADING

Merge branch 'pull-request/2745'

* pull-request/2745:
Fixed bug #75169 (BCMath errors/warnings bypass error handling)