Fix GH-11416: Crash with DatePeriod when uninitialised objects are passed in (PHP 8.2+)

Align DOMChildNode parent checks with spec

Closes GH-11905.

Fix GH-11416: Crash with DatePeriod when uninitialised objects are passed in

Fix segfault when DOMParentNode::prepend() is called when the child disappears

Closes GH-11906.

Fix off-by-one bug when truncating tempnam prefix

The tempnam documentation currently states that "Only the first 63
characters of the prefix are used, the rest are ignored". However whe

Fix off-by-one bug when truncating tempnam prefix

The tempnam documentation currently states that "Only the first 63
characters of the prefix are used, the rest are ignored". However when
the prefix is 64 characters-long, the current implementation fails to
strip the last character, diverging from the documented behavior. This
patch fixes the implementation so it matches the documented behavior for
that specific case where the prefix is 64 characters long.

Closes GH-11870

Signed-off-by: George Peter Banyard <girgias@php.net>

show more ...

Fix viable next sibling search for replaceWith

Closes GH-11888.

fix: handle the GNU specific version of strerror_r

Close GH-11882

Fix GH-11830: ParentNode methods should perform their checks upfront

Closes GH-11887.

Fix manually calling __construct() on DOM classes

Closes GH-11894.

[ci skip] NEWS for fa397e02 and 6f6fedcb

Fix MySQL Statement has a empty query result when the response field has changed, also Segmentation fault

Closes GH-11551.

Revert the fix for GH-11498

People relied on manually waiting for children, but the fix for GH-11498
broke this. Fixing this in PHP is fundamentally incompatible with doing
the wait

Revert the fix for GH-11498

People relied on manually waiting for children, but the fix for GH-11498
broke this. Fixing this in PHP is fundamentally incompatible with doing
the wait loop in userland. This reverts to the old behaviour.

Closes GH-11863.

show more ...

Fix GH-10964: Improve `man` page about the built-in server

Closes GH-11857.

Fix GH-11438: mysqlnd fails to authenticate with sha256_password accounts using passwords longer than 19 characters

https://dev.mysql.com/doc/dev/mysql-server/latest/page_caching_sha2_authen

Fix GH-11438: mysqlnd fails to authenticate with sha256_password accounts using passwords longer than 19 characters

https://dev.mysql.com/doc/dev/mysql-server/latest/page_caching_sha2_authentication_exchanges.html
tells us that the nonce used in this authentication method is 20 bytes
long. However, we might receive additional scramble data in
php_mysqlnd_greet_read not used in this method.
On my test setup, I received 21 bytes (20 bytes + '\0'). This resulted
in the xor computation to incorrectly include the NUL byte. Every
password of at least 20 characters therefore failed to authenticate
using this method.

Looking at mysql-server source code also seems to reveal that it always
uses a fixed number of scramble bytes [1].

[1] https://github.com/mysql/mysql-server/blob/ea7087d885006918ad54458e7aad215b1650312c/sql/auth/sha2_password.cc#L1078-L1079

Closes GH-11445.

Co-authored-by: Kamil Tekiela <tekiela246@gmail.com>

show more ...

Fixed bug GH-11854 (DateTime:createFromFormat stopped parsing datetime with extra space)

Synchronize zend_jit_stop_counter_handlers()

Avoid stopping counters repeatedly from different threads/processes.

Fixes GH-11609
Closes GH-11806

Fix GH-11440: authentication to a sha256_password account fails over SSL

This is similar to bug #78680, but that bug wasn't really fixed in all
places. This is the only remaining place.

Fix GH-11440: authentication to a sha256_password account fails over SSL

This is similar to bug #78680, but that bug wasn't really fixed in all
places. This is the only remaining place.

Closes GH-11444.

show more ...

Fix json_encode result on DOMDocument

According to https://www.php.net/manual/en/class.domdocument:
When using json_encode() on a DOMDocument object the result will be
that of en

Fix json_encode result on DOMDocument

According to https://www.php.net/manual/en/class.domdocument:
When using json_encode() on a DOMDocument object the result will be
that of encoding an empty object.

But this was broken in 8.1. The output was `{"config": null}`.
That's because the config property is defined with a default value of
NULL, hence it was included. The other properties are not included
because they don't have a default property, and nothing is ever written
to their backing field. Hence, the JSON encoder excludes them.
Similarly, `(array) $doc` would yield the same `config` key in the
array.

Closes GH-11840.

show more ...

Update NEWS for PHP 8.3.0beta2

NEWS

Signed-off-by: Ben Ramsey <ramsey@php.net>

Check if restart is pending before trying to lock SHM

This reduces lock contention when Opcache restart is scheduled
but not yet started.

Closes GH-11805

[ci skip] add CVE in NEWS

Fix uaf of MBSTRG(all_encodings_list)

We need to remove the value from the GC buffer before freeing it. Otherwise
shutdown will uaf when running the gc. Do that by switching from
zen

Fix uaf of MBSTRG(all_encodings_list)

We need to remove the value from the GC buffer before freeing it. Otherwise
shutdown will uaf when running the gc. Do that by switching from
zend_hash_destroy to zend_array_destroy, which should also be faster for freeing
members due to inlining of i_zval_ptr_dtor.

Closes GH-11822

show more ...

Fix GH-11792: LIBXML_NOXMLDECL is not implemented or broken

Fixes GH-11792.
Closes GH-11794.

Fix GH-11791: Wrong default value of DOMDocument::xmlStandalone

At one point this was changed from a bool to an int in libxml2, with
negative values meaning it is unspecified. Because it

Fix GH-11791: Wrong default value of DOMDocument::xmlStandalone

At one point this was changed from a bool to an int in libxml2, with
negative values meaning it is unspecified. Because it is cast to a bool
this therefore returned true instead of the expected false.

Closes GH-11793.

show more ...