Update NEWS for #77120

Preparing for alpha2

Merge branch 'PHP-7.4' into PHP-8.0

* PHP-7.4:
Fix #81092: fflush before stream_filter_remove corrupts stream

Fix #81092: fflush before stream_filter_remove corrupts stream

When doing a non finishing flush, BZ2_bzCompress() returns BZ_FLUSH_OK
(not BZ_FINISH_OK) what requires us to do further fl

Fix #81092: fflush before stream_filter_remove corrupts stream

When doing a non finishing flush, BZ2_bzCompress() returns BZ_FLUSH_OK
(not BZ_FINISH_OK) what requires us to do further flushes right away.

We also refactor the while-loop as do-loop.

Closes GH-7113.

show more ...

Revert "Fix bug #24214 implement access to skip_last in user API for backtrace"

This reverts commit a5cef84de8473088ad549e3724127c81b907c49d.

Fix bug #24214 implement access to skip_last in user API for backtrace

Merge branch 'PHP-8.0'

* PHP-8.0:
fix bug #72998

fix bug #72998

the function fn_complete in libedit null checks matches[2]

Merge branch 'PHP-7.4' into PHP-8.0

* PHP-7.4:
Fixed bug #81070

This is a non-trivial merge. To avoid an ABI break, a new
zend_set_memory_limit_ex() function is added.

Fixed bug #81070

When the memory limit is reduced using an `ini_set("memory_limit", ..)`
below the currently allocated memory, the out-of-memory check overflowed.
Instead of implemen

Fixed bug #81070

When the memory limit is reduced using an `ini_set("memory_limit", ..)`
below the currently allocated memory, the out-of-memory check overflowed.
Instead of implementing additional checks during allocation,
`zend_set_memory_limit()` now validates the new memory limit. When
below the current memory usage the ini_set call will fail and throw
a warning.

This is part of GH-7040.

show more ...

Merge branch 'PHP-7.4' into PHP-8.0

* PHP-7.4:
Fix #76694: native Windows cert verification uses CN as sever name

Fix #76694: native Windows cert verification uses CN as sever name

This is not guaranteed to work, since the actual server name may only
be given as SAN. Since we're doing the peer veri

Fix #76694: native Windows cert verification uses CN as sever name

This is not guaranteed to work, since the actual server name may only
be given as SAN. Since we're doing the peer verification later anyway
(using the respective context options as appropriate), there is no need
to even supply a server name when verifying against the Windows cert
store.

Closes GH-7060.

show more ...

Merge branch 'PHP-7.4' into PHP-8.0

* PHP-7.4:
Fixed bug #81090

Fixed bug #81090

For concatenation, the in-place variant can be much more efficient,
because it will reallocate the string in-place. Special-case the
typed property compound assignme

Fixed bug #81090

For concatenation, the in-place variant can be much more efficient,
because it will reallocate the string in-place. Special-case the
typed property compound assignment code for the case where we
concatenate to a string, in which case we know that the result
will also be a string, and we don't need the type check anyway.

show more ...

NEWS: UPGRADING.INTERNALS: Add PCRE2 10.37 info

[ci skip]

Signed-off-by: Anatol Belski <ab@php.net>

Fixed bug #81088 error in regression test for oci_fetch_object() and oci_fetch_array()

Closes GH-7072

Fixed bug #80761

When row data split across multiple packets, allocate a temporary
buffer that can be reallocated, and only copy into the row buffer
pool arena once we know the final

Fixed bug #80761

When row data split across multiple packets, allocate a temporary
buffer that can be reallocated, and only copy into the row buffer
pool arena once we know the final size. This avoids quadratic
memory usage for very large results.

(cherry picked from commit 1fc4c89214c82fabbf997da58051a385d8fe50ab)

show more ...

Fixed bug #81051 (Broken property type handling after incrementing reference)

Merge branch 'PHP-7.4' into PHP-8.0

* PHP-7.4:
Fix #76359: open_basedir bypass through adding ".."

Fix #76359: open_basedir bypass through adding ".."

We explicitly forbid adding paths with a leading `..` to `open_basedir`
at runtime.

Closes GH-7024.

Merge branch 'PHP-7.4' into PHP-8.0

* PHP-7.4:
Fix bug #81068: Fix possible use-after-free in realpath_cache_clean()

Fix bug #81068: Fix possible use-after-free in realpath_cache_clean()

If ZTS is enabled, this can cause cwd_globals_ctor() to be called
multiple times, each with a freshly allocated virt

Fix bug #81068: Fix possible use-after-free in realpath_cache_clean()

If ZTS is enabled, this can cause cwd_globals_ctor() to be called
multiple times, each with a freshly allocated virtual_cwd_globals
instance. At shutdown time however, cwd_globals_dtor() will call
realpath_cache_clean(), which then possibly cleans up the same
realpath_cache instance more than once. Using AddressSanitzer, this
shows up as a heap use-after-free.

To avoid this, add a helper function to do the actual work on one
instance of a realpath_cache, and call it both from cwd_globals_dtor()
and realpath_cache_clean(). The former uses the virtual_cwd_globals
parameter passed in via the destructor, the latter uses the CWDG()
macro.

show more ...

Merge branch 'PHP-8.0'

* PHP-8.0:
Fix #81076 Invalid implicit binds cause incorrect count in static vars of closure debug info

Fix #81076 Invalid implicit binds cause incorrect count in static vars of closure debug info

Merge branch 'PHP-8.0'

* PHP-8.0:
Fix #77627 method_exists on Closure::__invoke