[skip ci] update NEWS for GH-14457

Fix GH-11188: Error when building TSRM in ARM64

Although the issue mentioned FreeBSD, this is a broader problem:
the current ARM64 code to load the TLS offset assumes a setup with
th

Fix GH-11188: Error when building TSRM in ARM64

Although the issue mentioned FreeBSD, this is a broader problem:
the current ARM64 code to load the TLS offset assumes a setup with
the non-default TLS model. This problem can also apply on some
configurations on other platforms.

Closes GH-11236.

show more ...

Fix reference handling in SpoofChecker

Closes GH-14414.

Fix bug #76232: SoapClient Cookie Header Semicolon

According to RFC 6265 [1] the cookies must be separated by "; " not ";",
and it must not end with ";".

[1] https://datatracker

Fix bug #76232: SoapClient Cookie Header Semicolon

According to RFC 6265 [1] the cookies must be separated by "; " not ";",
and it must not end with ";".

[1] https://datatracker.ietf.org/doc/html/rfc6265

Closes GH-14406.

show more ...

Fix bug #69280: SoapClient classmap doesn't support fully qualified class name (#14398)

There's a hash table that maps type names to class name, but names with
a leading backslash are no

Fix bug #69280: SoapClient classmap doesn't support fully qualified class name (#14398)

There's a hash table that maps type names to class name, but names with
a leading backslash are not supported. The engine has logic to strip
away the leading backslash that we should replicate here.

It works by checking if we need to make an actual copy in case an
unexpected (e.g. invalid data or leading backslash) situations are
detected. Upon making a copy we normalize the data in the table.

Furthermore, previously the code assumed that the key was always valid
and that the structure was a non-packed hash table. This isn't
necessarily the case. The new code fixes this as well.

Closes GH-14398.

show more ...

Fix bug #79701: getElementById does not correctly work with duplicate definitions

This is a long standing bug: IDs aren't properly tracked causing either
outdated or plain incorrect resu

Fix bug #79701: getElementById does not correctly work with duplicate definitions

This is a long standing bug: IDs aren't properly tracked causing either
outdated or plain incorrect results from getElementById.

This PR implements a pragmatic solution in which we still try to use the
ID lookup table to a degree, but only as a performance boost not as a
"single source of truth". Full details are explained in the
getElementById code.

Closes GH-14349.

show more ...

Fix GH-14387: Crash when stack walking in destructor of yielded from values during Generator->throw()

Fix memory leaks with string function name lookups

There's a few leaks where the string is copied for lowercasing but not released.
Where possible, use the _lc functionality of zend_hash

Fix memory leaks with string function name lookups

There's a few leaks where the string is copied for lowercasing but not released.
Where possible, use the _lc functionality of zend_hash to do the lookup
to avoid the leaks that currently exist with the manual lowercasing.

Closes GH-14390.

show more ...

ext/pgsql: adding pg_socket_poll.

Using PQSocketPoll to poll on a connection's socket.
Returns immediatly is there no event expected on read and write.
Other than that, it is a thin

ext/pgsql: adding pg_socket_poll.

Using PQSocketPoll to poll on a connection's socket.
Returns immediatly is there no event expected on read and write.
Other than that, it is a thin wrapper on top of poll, thus reflecting
its return value.

close GH-14366

show more ...

RFC: array_find (#14108)

see https://wiki.php.net/rfc/array_find

Fix reading zlib ini settings in ext-soap

zend_ini_long() actually expects the length without the NUL byte, but
we're passing the length *with* the NUL byte. This mess can actually be

Fix reading zlib ini settings in ext-soap

zend_ini_long() actually expects the length without the NUL byte, but
we're passing the length *with* the NUL byte. This mess can actually be
avoided altogether by using INI_INT, so use that instead.

Closes GH-14382.

show more ...

Fix memory leak if calling SoapServer::setClass() twice

Closes GH-14381.

Fix memory leak if calling SoapServer::setObject() twice

Closes GH-14380.

Fix missing error restore code in ext-soap (#14379)

The begin and end macros should be paired, but some of the end macro
calls were missing.

Partially backport GH-13782 to stable branches

This partially backports that PR to stable branches as it has been in master
without reported problems so far.
It's only a partial back

Partially backport GH-13782 to stable branches

This partially backports that PR to stable branches as it has been in master
without reported problems so far.
It's only a partial backport because the stable branches don't have the
ZTS persistent resource fix that would fix shutdown crashes, i.e. the
code change in mysqlnd_vio's close_stream is not backported.

This is fully fixed on master.

Closes GH-14324.
Closes GH-10599.

show more ...

ext/bcmath: Fixed bug (bcpowmod() with mod = -1 returns 1 when it must be 0)

Fix bug GH-11941: soap with session persistence will silently fails when "seession" built as a shared object (#14362)

This adds an optional dependency on the session extension and adds the

Fix bug GH-11941: soap with session persistence will silently fails when "seession" built as a shared object (#14362)

This adds an optional dependency on the session extension and adds the
necessary APIs to make the functionality work with lazy binding.

This can be tested by configuring PHP with `--enable-session=shared` and
`--enable-soap=shared` and running the test suite, in particular the
buggy behaviour can be observed by the existing test `server009.phpt`.

show more ...

reflection: Add `ReflectionGenerator::isClosed()` (#14358)

* reflection: Add `ReflectionGenerator::isClosed()`

see https://github.com/php/php-src/pull/14167#issuecomment-2133641998

reflection: Add `ReflectionGenerator::isClosed()` (#14358)

* reflection: Add `ReflectionGenerator::isClosed()`

see https://github.com/php/php-src/pull/14167#issuecomment-2133641998

* Fix test expectation

* Drop `{{{` / `}}}` comments around `ReflectionGenerator::isClosed()`

show more ...

Fix GH-14343: Memory leak in xml and dom (#14347)

If there is no root, the namespace cannot be attached to it,
so we have to attach it to the old list.

This isn't a problem in "

Fix GH-14343: Memory leak in xml and dom (#14347)

If there is no root, the namespace cannot be attached to it,
so we have to attach it to the old list.

This isn't a problem in "new DOM" because namespaces are managed in a
separate structure there.

show more ...

ext/pgsql: adding pg_put_copy_data/pg_put_copy_end.

pg_put_copy_data allows to send COPY commands to the server.
pg_put_copy_end signals the end of the n commands.

Both return 3

ext/pgsql: adding pg_put_copy_data/pg_put_copy_end.

pg_put_copy_data allows to send COPY commands to the server.
pg_put_copy_end signals the end of the n commands.

Both return 3 states ; 1, 0 and -1 when 1 is success, 0 the buffer queue
is full then -1 for errors.

Close GH-14325

show more ...

Fix TLS access in JIT on FreeBSD/amd64

DTV elements are 8 bytes in size a per ABI [1], and the index is offset by 1
on FreeBSD [2]

[1] http://people.redhat.com/drepper/tls.pdf

Fix TLS access in JIT on FreeBSD/amd64

DTV elements are 8 bytes in size a per ABI [1], and the index is offset by 1
on FreeBSD [2]

[1] http://people.redhat.com/drepper/tls.pdf
[2] https://github.com/freebsd/freebsd-src/blob/bf56e8b9c8639ac4447d223b83cdc128107cc3cd/libexec/rtld-elf/rtld.c#L5260

Closes GH-13928

show more ...

Use ITIMER_REAL for timeout handling on MacOS / Apple Silicon system

setitimer(ITIMER_PROF) fires too early on MacOS 14 when running on Apple
Silicon. See https://openradar.appspot.com/r

Use ITIMER_REAL for timeout handling on MacOS / Apple Silicon system

setitimer(ITIMER_PROF) fires too early on MacOS 14 when running on Apple
Silicon. See https://openradar.appspot.com/radar?id=5583058442911744.

Fixes GH-12814
Closes GH-13567

show more ...

Fix bug #47925: PHPClient can't decompress response (transposed uncompress methods?)

The incorrect functions are being called to deal with incoming
compressed data.
gzip/x-gzip corre

Fix bug #47925: PHPClient can't decompress response (transposed uncompress methods?)

The incorrect functions are being called to deal with incoming
compressed data.
gzip/x-gzip corresponds to gzuncompress(), while deflate corresponds to
gzinflate().

The existing code for gzip compression also plays with removing the
first 10 bytes (i.e. the gzip header) to pass it to the inflate
implementation but that doesn't always work properly due to trailer
data. Get rid of that entirely by using the correct functions.

Closes GH-14321.

show more ...

Add support for Curve25519 + Curve448 based keys

For openssl_pkey_get_details we export the priv+pub parameters.

ED25519/ED448 do not support streaming, so we need to use
EVP_Di

Add support for Curve25519 + Curve448 based keys

For openssl_pkey_get_details we export the priv+pub parameters.

ED25519/ED448 do not support streaming, so we need to use
EVP_Digest{Sign,Verify} instead. In general the older EVP_{Sign,Verify}
interface should be avoided as the key is passed very late.
See BUGS section in OpenSSL manpages of EVP_{Sign,Verify}Final

Additionally per requirement we need to allow sign/verify without
digest. So we need to allow passing 0 as digest. In OpenSSL 3.0+ this also
corresponds to the default digest (see EVP_PKEY_get_default_digest_name).

For CSR creation we need to allow "null" as digest_alg option.

Closes GH-14052

show more ...

[skip ci] Update NEWS

Adding missed PHP-8.3 entry since these notes must be in all active
branches where the change was done except for the master branch.