ext/sockets: Adding TCP_FUNCTION_BLK socket option for FreeBSD.

Allows to select an alternate TCP stack. For example with RACK,
a fast loss detection relying on timestamp per packet.

ext/sockets: Adding TCP_FUNCTION_BLK socket option for FreeBSD.

Allows to select an alternate TCP stack. For example with RACK,
a fast loss detection relying on timestamp per packet.

While it works system-wide, it can also apply in an individual socket level too.

close GH-16842

show more ...

Reapply "Merge branch 'PHP-8.3' into PHP-8.4"

This reverts commit 83ca37483c87f1de9384a6977f069589606c8640, and
fixes the previous bad merge.

Revert "Merge branch 'PHP-8.3' into PHP-8.4"

This reverts commit ae62779386fe2a736412873ca6931296101529d5, reversing
changes made to 19e685ecc467a0f1dd5413f033fc6311e118473d.

Th

Revert "Merge branch 'PHP-8.3' into PHP-8.4"

This reverts commit ae62779386fe2a736412873ca6931296101529d5, reversing
changes made to 19e685ecc467a0f1dd5413f033fc6311e118473d.

This was a bad merge; I'll have a look shortly.

show more ...

Fix GH-16851: JIT_G(enabled) not set correctly on other threads

There doesn't seem to be a thread post-startup hook that runs after
zend_startup_cb() that could be used for this

Fix GH-16851: JIT_G(enabled) not set correctly on other threads

There doesn't seem to be a thread post-startup hook that runs after
zend_startup_cb() that could be used for this

this fix is similar to accel_startup_ok() as seen here: https://github.com/php/php-src/blob/fc1db70f106525e81f9a24539340b7cf2e82e844/ext/opcache/ZendAccelerator.c#L2631-L2634

Closes GH-16853.

show more ...

Update NEWS with security fixes info

PHP-8.4 is now for PHP 8.4.1-dev

Prepare NEWS for 8.4.0

[skip ci] NEWS for #16694

Fix GH-16839: Error on building Opcache JIT for Windows ARM64

OPcache JIT does not support Windows ARM64, so we should not allow
`--enable-opcache-jit` in the first place.

Due t

Fix GH-16839: Error on building Opcache JIT for Windows ARM64

OPcache JIT does not support Windows ARM64, so we should not allow
`--enable-opcache-jit` in the first place.

Due to the way `ARG_ENABLE()` is handled on Windows, we do not attempt
to suppress the configure option, but just do not enable JIT when the
user attempts to, and adapt the help text.

Closes GH-16841.

show more ...

Add PHP_BUILD_DATE constant

This information can be occasionally useful, and would otherwise need
to be parsed from `phpinfo()` output.

However, maybe more importantly we unify

Add PHP_BUILD_DATE constant

This information can be occasionally useful, and would otherwise need
to be parsed from `phpinfo()` output.

However, maybe more importantly we unify the build date between what is
given by `php -v` and `php -i`, since these compilation units are not
necessarily preprocessed within the same second.

Closes GH-16747.

show more ...

Fix GH-16630: UAF in lexer with encoding translation and heredocs

zend_save_lexical_state() can be nested multiple times, for example for
the parser initialization and then in the heredo

Fix GH-16630: UAF in lexer with encoding translation and heredocs

zend_save_lexical_state() can be nested multiple times, for example for
the parser initialization and then in the heredoc lexing. The input
should not be freed if we restore to the same filtered string.

Closes GH-16716.

show more ...

Fix get_object_vars() for non-hooked props in hooked prop iter

The zend_hash_update_ind() variant unwraps indirects, rather than creating them.
Don't use _zend_hash_append_ind() because

Fix get_object_vars() for non-hooked props in hooked prop iter

The zend_hash_update_ind() variant unwraps indirects, rather than creating them.
Don't use _zend_hash_append_ind() because the property might already exist.

Fixes GH-16725
Closes GH-16805

show more ...

Fix GH-16834: cal_from_jd overflow on julian_day argument.

close GH-16836

ext/pdo_pgsql: Remove new PDO class constant specific to PGSQL driver

Closes GH-16755

Fix GH-16777: Calling the constructor again on a DOM object after it is in a document causes UAF

Closes GH-16824.

Fix GH-16808: Segmentation fault in RecursiveIteratorIterator->current() with a xml element input

When the current data is invalid, NULL must be returned. At least that's
how the check i

Fix GH-16808: Segmentation fault in RecursiveIteratorIterator->current() with a xml element input

When the current data is invalid, NULL must be returned. At least that's
how the check in SPL works and how other extensions do this as well.
If we don't do this, an UNDEF value gets propagated to a return value
(misprinted as null); leading to issues.

Closes GH-16825.

show more ...

Fix GH-16802: open_basedir bypass using curl extension

And fix a memleak while here.

Closes GH-16804.

Fix GH-16799: Assertion failure at Zend/zend_vm_execute.h:7469

zend_is_callable_ex() can unfortunately emit a deprecation, and then
a user error handler can throw an exception. This caus

Fix GH-16799: Assertion failure at Zend/zend_vm_execute.h:7469

zend_is_callable_ex() can unfortunately emit a deprecation, and then
a user error handler can throw an exception. This causes an assert
failure at ZEND_VM_NEXT_OPCODE(). We fix this by checking if there's an
exception after zend_is_callable_ex().

Closes GH-16803.

show more ...

Fix GH-16812: UAF on readline_info() after readline_write_history() call.

close GH-16813

Fix GH-16770: Tracing JIT type mismatch when returning UNDEF

When returning an UNDEF value, it actually becomes NULL.
The following code took this into account:
https://github.com/ph

Fix GH-16770: Tracing JIT type mismatch when returning UNDEF

When returning an UNDEF value, it actually becomes NULL.
The following code took this into account:
https://github.com/php/php-src/blob/28344e0445bc2abae8dc5f1376aa0ff350e6d66d/ext/opcache/jit/zend_jit_trace.c#L2196-L2199

But the stack does not update the type to NULL, causing a mismatch.

Closes GH-16784.

Co-authored-by: Dmitry Stogov <dmitry@zend.com>

show more ...

Close GH-16659: Bump ICU requirement to ICU >= 57.1

This requirements bump should rarely affect anybody in practice. All
major distros already ship more recent ICU versions, and even fo

Close GH-16659: Bump ICU requirement to ICU >= 57.1

This requirements bump should rarely affect anybody in practice. All
major distros already ship more recent ICU versions, and even for
Solaris 11, ICU 57.1 is available via OpenCSW. Note that ICU 57.1 has
been released on 2016-03-23[1].

[1] <https://icu.unicode.org/download/57>

Closes GH-16688.

show more ...

Fix GH-16771: imagecreatefromstring overflow on invalid format.

close GH-16776

Fix GH-16769: php_pcntl_set_user_signal_infos aborts when a signal is a reference.

close GH-16772

ext/sockets: adding IPPROTO_ICMP* constants for socket creations.

Is to create socket for Internet Control Message Protocol context.
Due to their nature, they are meant to be used via

ext/sockets: adding IPPROTO_ICMP* constants for socket creations.

Is to create socket for Internet Control Message Protocol context.
Due to their nature, they are meant to be used via
raw sockets rather than TCP/UDP.

close GH-16737

show more ...

Fix the name of the initializer parameter of ReflectionClass::resetAsLazyGhost()

Closes GH-16758