Fix GH-14037: Make /ping of php-fpm work with pm.status_listen pool

The ping feature of php-fpm monitoring was previously not working
in pm.status_listen pool due to the configuration va

Fix GH-14037: Make /ping of php-fpm work with pm.status_listen pool

The ping feature of php-fpm monitoring was previously not working
in pm.status_listen pool due to the configuration variables ping.path
and ping.response not being copied over to the worker when forked. This
results in the ping code path being disabled because the worker detects
that ping.path is not configured.

Closes GH-13980

Co-authored-by: Pierrick Charron <pierrick@php.net>

show more ...

ext/pgsql: adding postgresql 17 new libpq wrapper call.

pg_set_chunked_rows_size to allow to fetch results in chunk of max N rows.

close GH-14571

ext/pgsql: add pg_jit server info.

since PostgreSQL 11, LLVM JIT feature had been brought thus reporting
the settings to the client connection.

Close GH-14566

Update NEWS

Update NEWS

Fix GH-11078: PHP Fatal error triggers pointer being freed was not allocated and malloc: double free for ptr errors

Although the issue was demonstrated using Curl, the issue is purely in

Fix GH-11078: PHP Fatal error triggers pointer being freed was not allocated and malloc: double free for ptr errors

Although the issue was demonstrated using Curl, the issue is purely in
the streams layer of PHP.

Full analysis is written in GH-11078 [1], but here is the brief version:
Here's what actually happens:
1) We're creating a FILE handle from a stream using the casting mechanism.
This will create a cookie-based FILE handle using funopen.
2) We're reading stream data using fread from the userspace stream. This will
temporarily set a buffer into a field _bf.base [2]. This buffer is now equal
to the upload buffer that Curl allocated and note that that buffer is owned
by Curl.
3) The fatal error occurs and we bail out from the fread function, notice how
the reset code is never executed and so the buffer will still point to
Curl's upload buffer instead of FILE's own buffer [3].
4) The resources are destroyed, this includes our opened stream and because the
FILE handle is cached, it gets destroyed as well.
In fact, the stream code calls through fclose on purpose in this case.
5) The fclose code frees the _bs.base buffer [4].
However, this is not the buffer that FILE owns but the one that Curl owns
because it isn't reset properly due to the bailout!
6) The objects are getting destroyed, and so the curl free logic is invoked.
When Curl tries to gracefully clean up, it tries to free the buffer.
But that buffer is actually already freed mistakingly by the C library!

This also explains why we can't reproduce it on Linux: this bizarre buffer
swapping only happens on macOS and BSD, not on Linux.

To solve this, we switch to an unbuffered mode for cookie-based FILEs.
This avoids any stateful problems related to buffers especially when the
bailout mechanism triggers. As streams have their own buffering
mechanism, I don't expect this to impact performance.

[1] https://github.com/php/php-src/issues/11078#issuecomment-2155616843
[2] https://github.com/apple-open-source-mirror/Libc/blob/5e566be7a7047360adfb35ffc44c6a019a854bea/stdio/FreeBSD/fread.c#L102-L103
[3] https://github.com/apple-open-source-mirror/Libc/blob/5e566be7a7047360adfb35ffc44c6a019a854bea/stdio/FreeBSD/fread.c#L117
[4] https://github.com/apple-open-source-mirror/Libc/blob/5e566be7a7047360adfb35ffc44c6a019a854bea/stdio/FreeBSD/fclose.c#L66-L67

Closes GH-14524.

show more ...

fix memleak due to missing `pthread_attr_destroy()`-call

Closes GH-14510

fix memleak due to missing `pthread_attr_destroy()`-call

Closes GH-14510

Improve randomness of uploaded file names and files created by tempnam()

Closes GH-14364

Fix GH-13343: openssl_x509_parse should not allow omitted seconds in UTCTimes

Closes GH-14439

Signed-off-by: Jakub Zelenka <bukka@php.net>

Add Pdo\Pgsql::setNoticeCallback() (#14299)

This moves the new method from magically being added to the PDO class from the driver to just be available on the dedicated subclass.

Dri

Add Pdo\Pgsql::setNoticeCallback() (#14299)

This moves the new method from magically being added to the PDO class from the driver to just be available on the dedicated subclass.

Drive-by fixes to NEWS and UPGRADING

show more ...

ext/pcre: update to PCRE2 v10.44 (#14498)

Previously: GH-13413.

This version also contains a fix with `preg_match('\X')`, so that it
can correctly detect grapheme clusters (PCRE

ext/pcre: update to PCRE2 v10.44 (#14498)

Previously: GH-13413.

This version also contains a fix with `preg_match('\X')`, so that it
can correctly detect grapheme clusters (PCRE2Project/pcre2#410).
This is useful to correctly [polyfill the new `grapheme_str_split`
function](https://php.watch/versions/8.4/grapheme_str_split#polyfill).

Diff: pcre2lib [v10.43..v10.44](https://github.com/PCRE2Project/pcre2/compare/pcre2-10.43...pcre2-10.44)

show more ...

Fix bug GH-14456: Attempting to initialize class with private constructor calls destructor

Closes GH-14469

ext/gd: imagewebp/imageavif/imagepng/imagejpeg stricter checks quality/speed.

close GH-14485

Fix parameter numbers and missing alpha check for imagecolorset()

The check for the alpha parameter existed in PHP 7.4 but was lost in PHP 8.0.

Fixes: 50765075db6b6d5a9597589601c59f

Fix parameter numbers and missing alpha check for imagecolorset()

The check for the alpha parameter existed in PHP 7.4 but was lost in PHP 8.0.

Fixes: 50765075db6b6d5a9597589601c59f743f6ee9c8

Closes GH-14477.

show more ...

Fix GH-14361: Deep recursion in zend_cfg.c causes segfault

Changes the CFG reachability algorithm to use iteration instead of
recursion.

Closes GH-14432.

PHP-8.1 is now for PHP 8.1.30-dev

Update NEWS

Co-authored-by: Eric Mann <ericmann@php.net>

[skip ci] update NEWS for GH-14457

[skip ci] update NEWS for GH-14457

Fix reference handling in SpoofChecker

Closes GH-14414.

Fix bug #76232: SoapClient Cookie Header Semicolon

According to RFC 6265 [1] the cookies must be separated by "; " not ";",
and it must not end with ";".

[1] https://datatracker

Fix bug #76232: SoapClient Cookie Header Semicolon

According to RFC 6265 [1] the cookies must be separated by "; " not ";",
and it must not end with ";".

[1] https://datatracker.ietf.org/doc/html/rfc6265

Closes GH-14406.

show more ...

Fix bug #69280: SoapClient classmap doesn't support fully qualified class name (#14398)

There's a hash table that maps type names to class name, but names with
a leading backslash are no

Fix bug #69280: SoapClient classmap doesn't support fully qualified class name (#14398)

There's a hash table that maps type names to class name, but names with
a leading backslash are not supported. The engine has logic to strip
away the leading backslash that we should replicate here.

It works by checking if we need to make an actual copy in case an
unexpected (e.g. invalid data or leading backslash) situations are
detected. Upon making a copy we normalize the data in the table.

Furthermore, previously the code assumed that the key was always valid
and that the structure was a non-packed hash table. This isn't
necessarily the case. The new code fixes this as well.

Closes GH-14398.

show more ...

Fix bug #79701: getElementById does not correctly work with duplicate definitions

This is a long standing bug: IDs aren't properly tracked causing either
outdated or plain incorrect resu

Fix bug #79701: getElementById does not correctly work with duplicate definitions

This is a long standing bug: IDs aren't properly tracked causing either
outdated or plain incorrect results from getElementById.

This PR implements a pragmatic solution in which we still try to use the
ID lookup table to a degree, but only as a performance boost not as a
"single source of truth". Full details are explained in the
getElementById code.

Closes GH-14349.

show more ...

Fix GH-14387: Crash when stack walking in destructor of yielded from values during Generator->throw()