Fix GH-8472: stream_socket_accept result may have incorrect metadata

Fix GH-9244: Segfault with array_multisort + array_shift

After restructuring non-packed arrays, we either need to pack them if
possible, or to rehash them.

Closes GH-9247.

[ci skip] update NEWS
--CGI-- fixes for PHP 8.1 / 8.0
https://github.com/php/php-src/commit/30ed8fb32da398f62bb08ebd59c607eeafc3621d

Handle all-zero state in Xoshiro256** (#9250)

- Retry if the CSPRNG generates a zero state.
- Throw ValueError if the user passes a zero state.

Fixes GH-9249

[ci skip] NEWS and UPGRADING for constants in traits (#9251)

see GH-8888

Merge remote-tracking branch 'upstream/PHP-8.1'

Merge remote-tracking branch 'upstream/PHP-8.0' into PHP-8.1

[CI skip] update NEWS

Remove ZEND_DVAL_TO_LVAL_CAST_OK (#9215)

* Remove ZEND_DVAL_TO_LVAL_CAST_OK
As far as I can see, this operation should always use the _slow method, and the results seem to be wrong when

Remove ZEND_DVAL_TO_LVAL_CAST_OK (#9215)

* Remove ZEND_DVAL_TO_LVAL_CAST_OK
As far as I can see, this operation should always use the _slow method, and the results seem to be wrong when ZEND_DVAL_TO_LVAL_CAST_OK is enabled.

* update NEWS

show more ...

Fix undefined behavior of MT_RAND_PHP if range exceeds ZEND_LONG_MAX (#9197)

RAND_RANGE_BADSCALING() invokes undefined behavior when (max - min) >
ZEND_LONG_MAX, because the intermediate

Fix undefined behavior of MT_RAND_PHP if range exceeds ZEND_LONG_MAX (#9197)

RAND_RANGE_BADSCALING() invokes undefined behavior when (max - min) >
ZEND_LONG_MAX, because the intermediate `double` might not fit into
`zend_long`.

Fix this by inlining a fixed version of the macro into Mt19937's range()
function. Fixing the macro itself cannot be done in the general case, because
the types of the inputs are not known. Instead of replacing one possibly broken
version with another possibly broken version, the macro is simply left as is
and should be removed in a future version.

The fix itself is simple: Instead of storing the "offset" in a `zend_long`, we
use a `zend_ulong` which is capable of storing the resulting double by
construction. With this fix the implementation of this broken scaling is
effectively identical to the implementation of php_random_range from a data
type perspective, making it easy to verify the correctness.

It was further empirically verified that the broken macro and the fix return
the same results for all possible values of `r` for several distinct pairs of
(min, max).

Fixes GH-9190
Fixes GH-9191

show more ...

Add ext/random Exception hierarchy (#9220)

* Add Random\Random{Error,Exception} and Random\BrokenRandomEngineError

* Throw BrokenRandomEngineError

* Throw RandomException o

Add ext/random Exception hierarchy (#9220)

* Add Random\Random{Error,Exception} and Random\BrokenRandomEngineError

* Throw BrokenRandomEngineError

* Throw RandomException on seeding failure

* Throw RandomException when CSPRNG fails

* Remove unused include from ext/random/engine_combinedlcg.c

* Remove unused include from ext/random/engine_secure.c

* Remove unused include from ext/random/random.c

* [ci skip] Add ext/random Exception hierarchy to NEWS

* [ci skip] Add the change of Exception for random_(int|bytes) to UPGRADING

show more ...

Fix bug #65489: glob() basedir check is inconsistent

This removes the inconsistent and incorrectly working open basedir check
on pattern in glob. It means that an empty array will be ret

Fix bug #65489: glob() basedir check is inconsistent

This removes the inconsistent and incorrectly working open basedir check
on pattern in glob. It means that an empty array will be returned even
if the whole pattern is outside the open basedir restriction.

show more ...

Fix PcgOneseq128XslRr64::__construct() definition in random.stub.php (#9235)

* Fix PcgOneseq128XslRr64::__construct() definition in random.stub.php

The second parameter does not act

Fix PcgOneseq128XslRr64::__construct() definition in random.stub.php (#9235)

* Fix PcgOneseq128XslRr64::__construct() definition in random.stub.php

The second parameter does not actually exist for a Oneseq PCG. It was removed
from the RFC before it went into voting.

* [ci skip] Add PcgOneseq128XslRr64 stub fix to NEWS

show more ...

[ci skip] Move the removal of the RuntimeException in ext/random to Beta 3

Didn't realize that Beta 2 was tagged before merging GH-9211 /
54e406cc509b400de17fbb331c7373b2bb9e3a34.

Clean up nested exceptions without value-add in ext/random (#9211)

* Remove exception in Randomizer::shuffleBytes()

The only way that `php_binary_string_shuffle` fails is when the e

Clean up nested exceptions without value-add in ext/random (#9211)

* Remove exception in Randomizer::shuffleBytes()

The only way that `php_binary_string_shuffle` fails is when the engine itself
fails. With the currently available list of engines we have:

- Mt19937 : Infallible.
- PcgOneseq128XslRr64: Infallible.
- Xoshiro256StarStar : Infallible.
- Secure : Practically infallible on modern systems.
Exception messages were cleaned up in GH-9169.
- User : Error when returning an empty string.
Error when seriously biased (range() fails).
And whatever Throwable the userland developer decides to use.

So the existing engines are either infallible or throw an Exception/Error with
a high quality message themselves, making this exception not a value-add and
possibly confusing.

* Remove exception in Randomizer::shuffleArray()

Same reasoning as in the previous commit applies.

* Remove exception in Randomizer::getInt()

Same reasoning as in the previous commit applies.

* Remove exception in Randomizer::nextInt()

Same reasoning as in the previous commit applies, except that it won't throw on
a seriously biased user engine, as `range()` is not used.

* Remove exception in Randomizer::getBytes()

Same reasoning as in the previous commit applies.

* Remove exception in Mt19937::generate()

This implementation is shared across all native engines. Thus the same
reasoning as the previous commits applies, except that the User engine does not
use this method. Thus is only applicable to the Secure engine, which is the
only fallible native engine.

* [ci skip] Add cleanup of Randomizer exceptions to NEWS

show more ...

[ci skip] Update NEWS for PHP 8.2.0 beta3

[ci-skip] Fix for bug #80047 was included in previous release

We are removing the entry in 8.0.23, as the fix was included
in the 8.0.22 release. Given that an entry already exists, we

[ci-skip] Fix for bug #80047 was included in previous release

We are removing the entry in 8.0.23, as the fix was included
in the 8.0.22 release. Given that an entry already exists, we
are just deleting extra lines.

show more ...

[ci skip] NEWS

[ci skip] NEWS

[ci skip] Move 'Core' into the correct alphabetical order in NEWS

see f957e3e7f17eac6e9195557f3fa79934f823fd38

[ci skip] Update NEWS for ext/random

This adds 50bd8ba51c0ea98ce82107e645f2f98c3e730a2a and fixes the formatting for
two other entries.

random: split Randomizer::getInt() without argument to Randomizer::nextInt()

Since argument overloading is not safe for reflection, the method needed
to be split appropriately.

random: split Randomizer::getInt() without argument to Randomizer::nextInt()

Since argument overloading is not safe for reflection, the method needed
to be split appropriately.

Co-authored-by: Tim Düsterhus <timwolla@googlemail.com>

Closes GH-9057.

show more ...

Declare Transliterator::$id as readonly to unlock subclassing it

Closes GH-9167.

Fix arrow function with never return type

Fixes GH-7900
Closes GH-9103

Fix attribute target validation on fake closures

Fixes GH-8982
Closes GH-9173