2024-04-13 04:49:41 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
lang/php82: update to 8.2.18
This release includes security fixes.
11 Apr 2024, PHP 8.2.18
- Core:
. Fixed bug GH-13612 (Corrupted memory in destructor with weak references).
(nielsdos)
. Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi)
. Fixed bug GH-13670 (GC does not scale well with a lot of objects created in
destructor). (Arnaud)
- DOM:
. Add some missing ZPP checks. (nielsdos)
. Fix potential memory leak in XPath evaluation results. (nielsdos)
. Fix phpdoc for DOMDocument load methods. (VincentLanglet)
- FPM
. Fix incorrect check in fpm_shm_free(). (nielsdos)
- GD:
. Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky)
- Gettext:
. Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5
with category set to LC_ALL. (David Carlier)
- MySQLnd:
. Fix GH-13452 (Fixed handshake response [mysqlnd]). (Saki Takamachi)
. Fix incorrect charset length in check_mb_eucjpms(). (nielsdos)
- Opcache:
. Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null).
(Arnaud, Dmitry)
. Fixed GH-13712 (Segmentation fault for enabled observers when calling trait
method of internal trait when opcache is loaded). (Bob)
- PDO:
. Fix various PDORow bugs. (Girgias)
- Random:
. Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown
modes). (timwolla)
. Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between
requests when MT_RAND_PHP is used). (timwolla)
- Session:
. Fixed bug GH-13680 (Segfault with session_decode and compilation error).
(nielsdos)
- Sockets:
. Fixed bug GH-13604 (socket_getsockname returns random characters in the end
of the socket name). (David Carlier)
- SPL:
. Fixed bug GH-13531 (Unable to resize SplfixedArray after being unserialized
in PHP 8.2.15). (nielsdos)
. Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). (nielsdos)
- Standard:
. Fixed bug GH-11808 (Live filesystem modified by tests). (nielsdos)
. Fixed GH-13402 (Added validation of `\n` in $additional_headers of mail()).
(SakiTakamachi)
. Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows).
(divinity76)
. Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command
parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)
. Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to
partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
. Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true,
opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)
- XML:
. Fixed bug GH-13517 (Multiple test failures when building with
--with-expat). (nielsdos)
|
2024-03-17 17:46:06 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
lang/php82: update to 8.2.17
PHP 8.2.17 (2024-03-14)
- Core:
. Fix ZTS persistent resource crashes on shutdown. (nielsdos)
- Curl:
. Fix failing tests due to string changes in libcurl 8.6.0. (Ayesh)
- DOM:
. Fix reference access in dimensions for DOMNodeList and DOMNodeMap.
(nielsdos)
- Fileinfo:
. Fixed bug GH-13344 (finfo::buffer(): Failed identify data 0:(null),
backport). (nielsdos)
- FPM:
. Fixed bug #75712 (getenv in php-fpm should not read $_ENV, $_SERVER).
(Jakub Zelenka)
- GD:
. Fixed bug GH-12019 (detection of image formats in system gd library).
(Michael Orlitzky)
- MySQLnd:
. Fixed bug GH-11950 ([mysqlnd] Fixed not to set CR_MALFORMED_PACKET to error
if CR_SERVER_GONE_ERROR is already set). (Saki Takamachi)
- PGSQL:
. Fixed bug GH-13354 (pg_execute/pg_send_query_params/pg_send_execute
with null value passed by reference). (George Barbarosie)
- Standard:
. Fixed array key as hash to string (case insensitive) comparison typo
for the second operand buffer size (albeit unused for now). (A. Slepykh)
|
2024-02-16 14:16:59 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
lang/php82: update to 8.2.16
15 Feb 2024, PHP 8.2.16
- Core:
. Fixed timer leak in zend-max-execution-timers builds. (withinboredom)
. Fixed bug GH-12349 (linking failure on ARM with mold). (Jan Palus)
. Fixed bug GH-13097 (Anonymous class reference in trigger_error / thrown
Exception). (nielsdos)
. Fixed bug GH-13215 (GCC 14 build failure). (Remi)
- Curl:
. Fix missing error check in curl_multi_init(). (divinity76)
- FPM:
. Fixed bug GH-12996 (Incorrect SCRIPT_NAME with Apache ProxyPassMatch when
plus in path). (Jakub Zelenka)
- GD:
. Fixed bug GH-10344 (imagettfbbox(): Could not find/open font UNC path).
(nielsdos)
. Fixed bug GH-10614 (imagerotate will turn the picture all black, when
rotated 90). (nielsdos)
- MySQLnd:
. Fixed bug GH-12107 (When running a stored procedure (that returns a result
set) twice, PHP crashes). (nielsdos)
- Opcache:
. Fixed bug GH-13232 (Segmentation fault will be reported when JIT is off but
JIT_debug is still on). (nielsdos)
- OpenSSL:
. Fixed LibreSSL undefined reference when OPENSSL_NO_ENGINE not set.
(David Carlier).
- PDO_Firebird:
. Fix GH-13119 (Changed to convert float and double values into strings using
`H` format). (SakiTakamachi)
- Phar:
. Fixed bug #71465 (PHAR doesn't know about litespeed). (nielsdos)
. Fixed bug GH-13037 (PharData incorrectly extracts zip file). (nielsdos)
- Random:
. Fixed bug GH-13138 (Randomizer::pickArrayKeys() does not detect broken
engines). (timwolla)
- Session:
. Fixed bug GH-12504 (Corrupted session written when there's a fatal error
in autoloader). (nielsdos)
- Streams:
. Fixed bug GH-13071 (Copying large files using mmap-able source streams may
exhaust available memory and fail). (nielsdos)
|
2024-01-21 08:56:16 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
lang/php82: update to 8.2.15
8.2.15 (2024-01-18)
- Core:
. Fixed bug GH-12953 (false positive SSA integrity verification failed when
loading composer classmaps with more than 11k elements). (nielsdos)
. Fixed bug GH-12966 (missing cross-compiling 3rd argument so Autoconf doesn't
emit warnings). (Peter Kokot)
- Cli:
. Fix incorrect timeout in built-in web server when using router script and
max_input_time. (ilutov)
- FFI:
. Fixed bug GH-9698 (stream_wrapper_register crashes with FFI\CData).
(Jakub Zelenka)
. Fixed bug GH-12905 (FFI::new interacts badly with observers). (nielsdos)
- Intl:
. Fixed GH-12943 (IntlDateFormatter::__construct accepts 'C' as valid locale).
(David Carlier)
- Hash:
. Fixed bug GH-12936 (hash() function hangs endlessly if using sha512 on
strings >= 4GiB). (nielsdos)
- ODBC:
. Fix crash on Apache shutdown with persistent connections. (nielsdos)
- Opcache:
. Fixed oss-fuzz #64727 (JIT undefined array key warning may overwrite DIM
with NULL when DIM is the same var as result). (ilutov)
. Added workaround for SELinux mprotect execheap issue.
See https://bugzilla.kernel.org/show_bug.cgi?id=218258. (ilutov)
- OpenSSL:
. Fixed bug GH-12987 (openssl_csr_sign might leak new cert on error).
(Jakub Zelenka)
- PDO:
. Fix GH-12969 (Fixed PDO::getAttribute() to get PDO::ATTR_STRINGIFY_FETCHES).
(SakiTakamachi)
- PDO_ODBC:
. Fixed bug GH-12767 (Unable to turn on autocommit mode with setAttribute()).
(SakiTakamachi)
- PGSQL:
. Fixed auto_reset_persistent handling and allow_persistent type. (David Carlier)
. Fixed bug GH-12974 (Apache crashes on shutdown when using pg_pconnect()).
(nielsdos)
- Phar:
. Fixed bug #77432 (Segmentation fault on including phar file). (nielsdos)
- PHPDBG:
. Fixed bug GH-12962 (Double free of init_file in phpdbg_prompt.c). (nielsdos)
- SimpleXML:
. Fix getting the address of an uninitialized property of a SimpleXMLElement
resulting in a crash. (nielsdos)
- Tidy:
. Fixed bug GH-12980 (tidynode.props.attribute is missing
"Boolean Attributes" and empty attributes). (nielsdos)
|
2024-01-05 03:13:17 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
lang/php82: update to 8.2.14
PHP 8.2.14 (2023-12-21)
- Core:
. Fixed oss-fuzz #54325 (Use-after-free of name in var-var with malicious
error handler). (ilutov)
. Fixed oss-fuzz #64209 (In-place modification of filename in
php_message_handler_for_zend). (ilutov)
. Fixed bug GH-12758 / GH-12768 (Invalid opline in OOM handlers within
ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC). (Florian Engelhardt)
. Fix various missing NULL checks. (nielsdos, dstogov)
. Fixed bug GH-12835 (Leak of call->extra_named_params on internal __call).
(ilutov)
- Date:
. Fixed improbably integer overflow while parsing really large (or small)
Unix timestamps. (Derick)
- DOM:
. Fixed bug GH-12616 (DOM: Removing XMLNS namespace node results in invalid
default: prefix). (nielsdos)
- FPM:
. Fixed bug GH-12705 (Segmentation fault in fpm_status_export_to_zval).
(Patrick Prasse)
- FTP:
. Fixed bug GH-9348 (FTP & SSL session reuse). (nielsdos)
- Intl:
. Fixed bug GH-12635 (Test bug69398.phpt fails with ICU 74.1). (nielsdos)
- LibXML:
. Fixed bug GH-12702 (libxml2 2.12.0 issue building from src). (nono303)
. Fixed test failures for libxml2 2.12.0. (nielsdos)
- MySQLnd:
. Avoid using uninitialised struct. (mikhainin)
. Fixed bug GH-12791 (Possible dereference of NULL in MySQLnd debug code).
(nielsdos)
- Opcache:
. Fixed JIT bug (Function JIT emits "Uninitialized string offset" warning
at the same time as invalid offset Error). (Girgias)
. Fixed JIT bug (JIT emits "Attempt to assign property of non-object"
warning at the same time as Error is being thrown). (Girgias)
- OpenSSL:
. Fixed bug #50713 (openssl_pkcs7_verify() may ignore untrusted CAs).
(Jakub Zelenka)
- PCRE:
. Fixed bug GH-12628 (The gh11374 test fails on Alpinelinux). (nielsdos)
- PDO PGSQL:
. Fixed the default value of $fetchMode in PDO::pgsqlGetNotify() (kocsismate)
- PGSQL:
. Fixed bug GH-12763 wrong argument type for pg_untrace. (degtyarov)
- PHPDBG:
. Fixed bug GH-12675 (MEMORY_LEAK in phpdbg_prompt.c). (nielsdos)
- SOAP:
. Fixed bug GH-12838 ([SOAP] Temporary WSDL cache files not being deleted).
(nielsdos)
- SPL:
. Fixed bug GH-12721 (SplFileInfo::getFilename() segfault in combination
with GlobIterator and no directory separator). (nielsdos)
- SQLite3:
. Fixed bug GH-12633 (sqlite3_defensive.phpt fails with sqlite 3.44.0).
(SakiTakamachi)
- Standard:
. Fix memory leak in syslog device handling. (danog)
. Fixed bug GH-12621 (browscap segmentation fault when configured in the
vhost). (nielsdos)
. Fixed bug GH-12655 (proc_open() does not take into account references
in the descriptor array). (nielsdos)
- Streams:
. Fixed bug #79945 (Stream wrappers in imagecreatefrompng causes segfault).
(Jakub Zelenka)
- Zip:
. Fixed bug GH-12661 (Inconsistency in ZipArchive::addGlob remove_path Option
Behavior). (Remi)
|
2023-11-24 07:01:26 by Takahiro Kambe | Files touched by this commit (3) |
Log message:
PHP 8.2.13 (2023-11-23)
- Core:
. Fixed double-free of non-interned enum case name. (ilutov)
. Fixed bug GH-12457 (Incorrect result of stripos with single character
needle). (SakiTakamachi)
. Fixed bug GH-12468 (Double-free of doc_comment when overriding static
property via trait). (ilutov)
. Fixed segfault caused by weak references to FFI objects. (sj-i)
. Fixed max_execution_time: don't delete an unitialized timer. (Kévin Dunglas)
. Fixed bug GH-12558 (Arginfo soft-breaks with namespaced class return type
if the class name starts with N). (kocsismate)
- DOM:
. Fix registerNodeClass with abstract class crashing. (nielsdos)
. Add missing NULL pointer error check. (icy17)
. Fix validation logic of php:function() callbacks. (nielsdos)
- Fiber:
. Fixed bug GH-11121 (ReflectionFiber segfault). (danog, trowski, bwoebi)
- FPM:
. Fixed bug GH-9921 (Loading ext in FPM config does not register module
handlers). (Jakub Zelenka)
. Fixed bug GH-12232 (FPM: segfault dynamically loading extension without
opcache). (Jakub Zelenka)
. Fixed bug #76922 (FastCGI terminates conn after FCGI_GET_VALUES).
(Jakub Zelenka)
- Intl:
. Removed the BC break on IntlDateFormatter::construct which threw an
exception with an invalid locale. (David Carlier)
- Opcache:
. Added warning when JIT cannot be enabled. (danog)
. Fixed bug GH-8143 (Crashes in zend_accel_inheritance_cache_find since
upgrading to 8.1.3 due to corrupt on-disk file cache). (turchanov)
- OpenSSL:
. Fixed bug GH-12489 (Missing sigbio creation checking in openssl_cms_verify).
(Jakub Zelenka)
- PCRE:
. Fixed bug GH-11374 (Backport upstream fix, Different preg_match result
with -d pcre.jit=0). (mvorisek)
- SOAP:
. Fixed bug GH-12392 (Segmentation fault on SoapClient::__getTypes).
(nielsdos)
. Fixed bug #66150 (SOAP WSDL cache race condition causes Segmentation
Fault). (nielsdos)
. Fixed bug #67617 (SOAP leaves incomplete cache file on ENOSPC). (nielsdos)
. Fix incorrect uri check in SOAP caching. (nielsdos)
. Fix segfault and assertion failure with refcounted props and arrays.
(nielsdos)
. Fix potential crash with an edge case of persistent encoders. (nielsdos)
. Fixed bug #75306 (Memleak in SoapClient). (nielsdos)
- Streams:
. Fixed bug #75708 (getimagesize with "&$imageinfo" fails on \
StreamWrappers).
(Jakub Zelenka)
- XMLReader:
. Add missing NULL pointer error check. (icy17)
- XMLWriter:
. Add missing NULL pointer error check. (icy17)
- XSL:
. Add missing module dependency. (nielsdos)
. Fix validation logic of php:function() callbacks. (nielsdos)
|
2023-11-08 14:21:43 by Thomas Klausner | Files touched by this commit (2377) |
Log message:
*: recursive bump for icu 74.1
|
2023-10-27 17:02:43 by Takahiro Kambe | Files touched by this commit (3) | |
Log message:
lang/php82: update to 8.2.12
26 Oct 2023, PHP 8.2.12
- Core:
. Fixed bug GH-12207 (memory leak when class using trait with doc block).
(rioderelfte)
. Fixed bug GH-12215 (Module entry being overwritten causes type errors in
ext/dom). (nielsdos)
. Fixed bug GH-12273 (__builtin_cpu_init check). (Freaky)
. Fixed bug #80092 (ZTS + preload = segfault on shutdown). (nielsdos)
- CLI:
. Ensure a single Date header is present. (coppolafab)
- CType:
. Fixed bug GH-11997 (ctype_alnum 5 times slower in PHP 8.1 or greater).
(nielsdos)
- DOM:
. Restore old namespace reconciliation behaviour. (nielsdos)
. Fixed bug GH-8996 (DOMNode serialization on PHP ^8.1). (nielsdos)
- Fileinfo:
. Fixed bug GH-11891 (fileinfo returns text/xml for some svg files). (usarise)
- Filter:
. Fix explicit FILTER_REQUIRE_SCALAR with FILTER_CALLBACK (ilutov)
- Hash:
. Fixed bug GH-12186 (segfault copying/cloning a finalized HashContext).
(MaxSem)
- Intl:
. Fixed bug GH-12243 (segfault on IntlDateFormatter::construct).
(David Carlier)
. Fixed bug GH-12282 (IntlDateFormatter::construct should throw an exception
on an invalid locale). (David Carlier)
- MySQLnd:
. Fixed bug GH-12297 (PHP Startup: Invalid library (maybe not a PHP library)
'mysqlnd.so' in Unknown on line). (nielsdos)
- Opcache:
. Fixed opcache_invalidate() on deleted file. (mikhainin)
. Fixed bug GH-12380 (JIT+private array property access inside closure
accesses private property in child class). (nielsdos)
- PCRE:
. Fixed bug GH-11956 (Backport upstream fix, PCRE regular expressions with
JIT enabled gives different result). (nielsdos)
- SimpleXML:
. Fixed bug GH-12170 (Can't use xpath with comments in SimpleXML). (nielsdos)
. Fixed bug GH-12223 (Entity reference produces infinite loop in
var_dump/print_r). (nielsdos)
. Fixed bug GH-12167 (Unable to get processing instruction contents in
SimpleXML). (nielsdos)
. Fixed bug GH-12169 (Unable to get comment contents in SimpleXML).
(nielsdos)
- Streams:
. Fixed bug GH-12190 (binding ipv4 address with both address and port at 0).
(David Carlier)
- XML:
. Fix return type of stub of xml_parse_into_struct(). (nielsdos)
. Fix memory leak when calling xml_parse_into_struct() twice. (nielsdos)
- XSL:
. Fix type error on XSLTProcessor::transformToDoc return value with
SimpleXML. (nielsdos)
|
2023-10-25 00:11:51 by Thomas Klausner | Files touched by this commit (2298) |
Log message:
*: bump for openssl 3
|
2023-09-29 17:08:06 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
lang/php82: update to 8.2.11
28 Sep 2023, PHP 8.2.11
- Core:
. Fixed bug GH-11937 (Constant ASTs containing objects). (ilutov)
. Fixed bug GH-11790 (On riscv64 require libatomic if actually needed).
(Jeremie Courreges-Anglas)
. Fixed bug GH-11876: ini_parse_quantity() accepts invalid quantities.
(Girgias)
. Fixed bug GH-12073 (Segfault when freeing incompletely initialized
closures). (ilutov)
. Fixed bug GH-12060 (Internal iterator rewind handler is called twice).
(ju1ius)
. Fixed bug GH-12102 (Incorrect compile error when using array access on TMP
value in function call). (ilutov)
- DOM:
. Fix memory leak when setting an invalid DOMDocument encoding. (nielsdos)
- Iconv:
. Fixed build for NetBSD which still uses the old iconv signature.
(David Carlier)
- Intl:
. Fixed bug GH-12020 (intl_get_error_message() broken after
MessageFormatter::formatMessage() fails). (Girgias)
- MySQLnd:
. Fixed bug GH-10270 (Invalid error message when connection via SSL fails:
"trying to connect via (null)"). (Kamil Tekiela)
- ODBC:
. Fixed memory leak with failed SQLPrepare. (NattyNarwhal)
. Fixed persistent procedural ODBC connections not getting closed.
(NattyNarwhal)
- SimpleXML:
. Fixed bug #52751 (XPath processing-instruction() function is not
supported). (nielsdos)
- SPL:
. Fixed bug GH-11972 (RecursiveCallbackFilterIterator regression in 8.1.18).
(nielsdos)
- SQLite3:
. Fixed bug GH-11878 (SQLite3 callback functions cause a memory leak with
a callable array). (nielsdos, arnaud-lb)
|