./lang/php83, PHP Hypertext Preprocessor version 8.3

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 8.3.14, Package name: php-8.3.14, Maintainer: pkgsrc-users

PHP is a widely-used open source general-purpose scripting language
that is especially suited for web development and can be embedded
into HTML. It is modular, and object-oriented. Much of its syntax
is borrowed from C, Java and Perl with a couple of unique PHP-specific
features thrown in. The language is designed to allow web developers
to write dynamically generated pages quickly.

PHP 8.3 comes with numerous improvements and new features such as

* Typed Class Constants
* Fetch class constant dynamically syntax
* Readonly Amendments
* Override Attribute
* New Randomizer method Random\Randomizer::getBytesFromString
* New function json_validate
* And much much more...



Package options: inet6, readline, ssl

Master sites:

Filesize: 12226.063 KB

Version history: (Expand)

CVS history: (Expand)


   2024-11-25 15:36:20 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
lang/php82: update to 8.2.26

PHP 8.3.14 (2024-11-21)

- CLI:
  . Fixed bug GH-16373 (Shebang is not skipped for router script in cli-server
    started through shebang). (ilutov)
  . Fixed bug GHSA-4w77-75f9-2c8w (Heap-Use-After-Free in sapi_read_post_data
    Processing in CLI SAPI Interface). (nielsdos)

- COM:
  . Fixed out of bound writes to SafeArray data. (cmb)

- Core:
  . Fixed bug GH-16168 (php 8.1 and earlier crash immediately when compiled
    with Xcode 16 clang on macOS 15). (nielsdos)
  . Fixed bug GH-16371 (Assertion failure in Zend/zend_weakrefs.c:646). (Arnaud)
  . Fixed bug GH-16515 (Incorrect propagation of ZEND_ACC_RETURN_REFERENCE for
    call trampoline). (ilutov)
  . Fixed bug GH-16509 (Incorrect line number in function redeclaration error).
    (ilutov)
  . Fixed bug GH-16508 (Incorrect line number in inheritance errors of delayed
    early bound classes). (ilutov)
  . Fixed bug GH-16648 (Use-after-free during array sorting). (ilutov)

- Curl:
  . Fixed bug GH-16302 (CurlMultiHandle holds a reference to CurlHandle if
    curl_multi_add_handle fails). (timwolla)

- Date:
  . Fixed bug GH-16454 (Unhandled INF in date_sunset() with tiny $utcOffset).
    (cmb)
  . Fixed bug GH-14732 (date_sun_info() fails for non-finite values). (cmb)

- DBA:
  . Fixed bug GH-16390 (dba_open() can segfault for "pathless" \ 
streams). (cmb)

- DOM:
  . Fixed bug GH-16316 (DOMXPath breaks when not initialized properly).
    (nielsdos)
  . Add missing hierarchy checks to replaceChild. (nielsdos)
  . Fixed bug GH-16336 (Attribute intern document mismanagement). (nielsdos)
  . Fixed bug GH-16338 (Null-dereference in ext/dom/node.c). (nielsdos)
  . Fixed bug GH-16473 (dom_import_simplexml stub is wrong). (nielsdos)
  . Fixed bug GH-16533 (Segfault when adding attribute to parent that is not
    an element). (nielsdos)
  . Fixed bug GH-16535 (UAF when using document as a child). (nielsdos)
  . Fixed bug GH-16593 (Assertion failure in DOM->replaceChild). (nielsdos)
  . Fixed bug GH-16595 (Another UAF in DOM -> cloneNode). (nielsdos)

- EXIF:
  . Fixed bug GH-16409 (Segfault in exif_thumbnail when not dealing with a
    real file). (nielsdos, cmb)

- FFI:
  . Fixed bug GH-16397 (Segmentation fault when comparing FFI object).
    (nielsdos)

- Filter:
  . Fixed bug GH-16523 (FILTER_FLAG_HOSTNAME accepts ending hyphen). (cmb)

- FPM:
  . Fixed bug GH-16628 (FPM logs are getting corrupted with this log
    statement). (nielsdos)

- GD:
  . Fixed bug GH-16334 (imageaffine overflow on matrix elements).
    (David Carlier)
  . Fixed bug GH-16427 (Unchecked libavif return values). (cmb)
  . Fixed bug GH-16559 (UBSan abort in ext/gd/libgd/gd_interpolation.c:1007).
    (nielsdos)

- GMP:
  . Fixed floating point exception bug with gmp_pow when using
    large exposant values. (David Carlier).
  . Fixed bug GH-16411 (gmp_export() can cause overflow). (cmb)
  . Fixed bug GH-16501 (gmp_random_bits() can cause overflow).
    (David Carlier)
  . Fixed gmp_pow() overflow bug with large base/exponents.
    (David Carlier)
  . Fixed segfaults and other issues related to operator overloading with
    GMP objects. (Girgias)

- LDAP:
  . Fixed bug GHSA-g665-fm4p-vhff (OOB access in ldap_escape). (CVE-2024-8932)
    (nielsdos)

- MBstring:
  . Fixed bug GH-16361 (mb_substr overflow on start/length arguments).
    (David Carlier)

- MySQLnd:
  . Fixed bug GHSA-h35g-vwh6-m678 (Leak partial content of the heap through
    heap buffer over-read). (CVE-2024-8929) (Jakub Zelenka)

- Opcache:
  . Fixed bug GH-16408 (Array to string conversion warning emitted in
    optimizer). (ilutov)

- OpenSSL:
  . Fixed bug GH-16357 (openssl may modify member types of certificate arrays).
    (cmb)
  . Fixed bug GH-16433 (Large values for openssl_csr_sign() $days overflow).
    (cmb)
  . Fix various memory leaks on error conditions in openssl_x509_parse().
    (nielsdos)

- PDO DBLIB:
  . Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the dblib quoter causing
    OOB writes). (CVE-2024-11236) (nielsdos)

- PDO Firebird:
  . Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the firebird quoter
    causing OOB writes). (CVE-2024-11236) (nielsdos)

- PDO ODBC:
  . Fixed bug GH-16450 (PDO_ODBC can inject garbage into field values). (cmb)

- Phar:
  . Fixed bug GH-16406 (Assertion failure in ext/phar/phar.c:2808). (nielsdos)

- PHPDBG:
  . Fixed bug GH-16174 (Empty string is an invalid expression for ev). (cmb)

- Reflection:
  . Fixed bug GH-16601 (Memory leak in Reflection constructors). (nielsdos)

- Session:
  . Fixed bug GH-16385 (Unexpected null returned by session_set_cookie_params).
    (nielsdos)
  . Fixed bug GH-16290 (overflow on cookie_lifetime ini value).
    (David Carlier)

- SOAP:
  . Fixed bug GH-16318 (Recursive array segfaults soap encoding). (nielsdos)
  . Fixed bug GH-16429 (Segmentation fault access null pointer in SoapClient).
    (nielsdos)

- Sockets:
  . Fixed bug with overflow socket_recvfrom $length argument. (David Carlier)

- SPL:
  . Fixed bug GH-16337 (Use-after-free in SplHeap). (nielsdos)
  . Fixed bug GH-16464 (Use-after-free in SplDoublyLinkedList::offsetSet()).
    (ilutov)
  . Fixed bug GH-16479 (Use-after-free in SplObjectStorage::setInfo()). (ilutov)
  . Fixed bug GH-16478 (Use-after-free in SplFixedArray::unset()). (ilutov)
  . Fixed bug GH-16588 (UAF in Observer->serialize). (nielsdos)
  . Fix GH-16477 (Segmentation fault when calling __debugInfo() after failed
    SplFileObject::__constructor). (Girgias)
  . Fixed bug GH-16589 (UAF in SplDoublyLinked->serialize()). (nielsdos)
  . Fixed bug GH-14687 (segfault on SplObjectIterator instance).
    (David Carlier)
  . Fixed bug GH-16604 (Memory leaks in SPL constructors). (nielsdos)
  . Fixed bug GH-16646 (UAF in ArrayObject::unset() and
    ArrayObject::exchangeArray()). (ilutov)

- Standard:
  . Fixed bug GH-16293 (Failed assertion when throwing in assert() callback with
    bail enabled). (ilutov)

- Streams:
  . Fixed bug GHSA-c5f2-jwm7-mmq2 (Configuring a proxy in a stream context
    might allow for CRLF injection in URIs). (CVE-2024-11234) (Jakub Zelenka)
  . Fixed bug GHSA-r977-prxv-hc43 (Single byte overread with
    convert.quoted-printable-decode filter). (CVE-2024-11233) (nielsdos)

- SysVMsg:
  . Fixed bug GH-16592 (msg_send() crashes when a type does not properly
    serialized). (David Carlier / cmb)

- SysVShm:
  . Fixed bug GH-16591 (Assertion error in shm_put_var). (nielsdos, cmb)

- XMLReader:
  . Fixed bug GH-16292 (Segmentation fault in ext/xmlreader/php_xmlreader.c).
    (nielsdos)

- Zlib:
  . Fixed bug GH-16326 (Memory management is broken for bad dictionaries.)
    (cmb)
   2024-11-14 23:22:33 by Thomas Klausner | Files touched by this commit (2429) 
Log message:
*: recursive bump for icu 76 shlib major version bump
   2024-11-10 23:09:50 by Patrick Welche | Files touched by this commit (5) 
Log message:
php83

Backport of

https://github.com/php/php-src/commit/2d6bd1644d104fe934a5117d232d3f50ffe9ff28

to fix

Cannot load lib/httpd/mod_php8.so into server: /usr/pkg/lib/httpd/mod_php8.so:
No space available for static Thread Local Storage

PR pkg/56717
   2024-11-01 13:55:19 by Thomas Klausner | Files touched by this commit (2426) 
Log message:
*: revbump for icu downgrade
   2024-11-01 01:54:33 by Thomas Klausner | Files touched by this commit (2427) 
Log message:
*: recursive bump for icu 76.1 shlib bump
   2024-10-24 15:52:06 by Takahiro Kambe | Files touched by this commit (1) | Package updated
Log message:
lang/php83: update to 8.3.13

24 Oct 2024, PHP 8.3.13

- Calendar:
  . Fixed GH-16240: jdtounix overflow on argument value. (David Carlier)
  . Fixed GH-16241: easter_days/easter_date overflow on year argument.
    (David Carlier)
  . Fixed GH-16263: jddayofweek overflow. (cmb)
  . Fixed GH-16234: jewishtojd overflow. (nielsdos)

- CLI:
  . Fixed bug GH-16137: duplicate http headers when set several times by
    the client. (David Carlier)

- Core:
  . Fixed bug GH-16054 (Segmentation fault when resizing hash table iterator
    list while adding). (nielsdos)
  . Fixed bug GH-15905 (Assertion failure for TRACK_VARS_SERVER). (cmb)
  . Fixed bug GH-15907 (Failed assertion when promoting Serialize deprecation to
    exception). (ilutov)
  . Fixed bug GH-15851 (Segfault when printing backtrace during cleanup of
    nested generator frame). (ilutov)
  . Fixed bug GH-15866 (Core dumped in Zend/zend_generators.c). (Arnaud)
  . Fixed bug GH-16188 (Assertion failure in Zend/zend_exceptions.c). (Arnaud)
  . Fixed bug GH-16233 (Observer segfault when calling user function in
    internal function via trampoline). (nielsdos)

- DOM:
  . Fixed bug GH-16039 (Segmentation fault (access null pointer) in
    ext/dom/parentnode/tree.c). (nielsdos)
  . Fixed bug GH-16149 (Null pointer dereference in
    DOMElement->getAttributeNames()). (nielsdos)
  . Fixed bug GH-16151 (Assertion failure in ext/dom/parentnode/tree.c).
    (nielsdos)
  . Fixed bug GH-16150 (Use after free in php_dom.c). (nielsdos)
  . Fixed bug GH-16152 (Memory leak in DOMProcessingInstruction/DOMDocument).
    (nielsdos)

- JSON:
  . Fixed bug GH-15168 (stack overflow in json_encode()). (nielsdos)

- GD:
  . Fixed bug GH-16232 (bitshift overflow on wbmp file content reading /
    fix backport from upstream). (David Carlier)
  . Fixed bug GH-12264 (overflow/underflow on imagerotate degrees value)
    (David Carlier)
  . Fixed bug GH-16274 (imagescale underflow on RBG channels /
    fix backport from upstream). (David Carlier)

- LDAP:
  . Fixed bug GH-16032 (Various NULL pointer dereferencements in
    ldap_modify_batch()). (Girgias)
  . Fixed bug GH-16101 (Segfault in ldap_list(), ldap_read(), and ldap_search()
    when LDAPs array is not a list). (Girgias)
  . Fix GH-16132 (php_ldap_do_modify() attempts to free pointer not allocated
    by ZMM.). (Girgias)
  . Fix GH-16136 (Memory leak in php_ldap_do_modify() when entry is not a
    proper dictionary). (Girgias)

- MBString:
  . Fixed bug GH-16261 (Reference invariant broken in mb_convert_variables()).
    (nielsdos)

- OpenSSL:
  . Fixed stub for openssl_csr_new. (Jakub Zelenka)

- PCRE:
  . Fixed bug GH-16189 (underflow on offset argument). (David Carlier)
  . Fixed bug GH-16184 (UBSan address overflowed in ext/pcre/php_pcre.c).
    (nielsdos)

- PHPDBG:
  . Fixed bug GH-15901 (phpdbg: Assertion failure on i funcs). (cmb)
  . Fixed bug GH-16181 (phpdbg: exit in exception handler reports fatal error).
    (cmb)

- Reflection:
  . Fixed bug GH-16187 (Assertion failure in ext/reflection/php_reflection.c).
    (DanielEScherzer)

- SAPI:
  . Fixed bug GH-15395 (php-fpm: zend_mm_heap corrupted with cgi-fcgi request).
    (Jakub Zelenka, David Carlier)

- SimpleXML:
  . Fixed bug GH-15837 (Segmentation fault in ext/simplexml/simplexml.c).
    (nielsdos)

- Sockets:
  . Fixed bug GH-16267 (socket_strerror overflow on errno argument).
    (David Carlier)

- SOAP:
  . Fixed bug #73182 (PHP SOAPClient does not support stream context HTTP
    headers in array form). (nielsdos)
  . Fixed bug #62900 (Wrong namespace on xsd import error message). (nielsdos)
  . Fixed bug GH-15711 (SoapClient can't convert BackedEnum to scalar value).
    (nielsdos)
  . Fixed bug GH-16237 (Segmentation fault when cloning SoapServer). (nielsdos)
  . Fix Soap leaking http_msg on error. (nielsdos)
  . Fixed bug GH-16256 (Assertion failure in ext/soap/php_encoding.c:460).
    (nielsdos)
  . Fixed bug GH-16259 (Soap segfault when classmap instantiation fails).
    (nielsdos)

- SPL:
  . Fixed bug GH-15918 (Assertion failure in ext/spl/spl_fixedarray.c).
    (nielsdos)

- Standard:
  . Fixed bug GH-16053 (Assertion failure in Zend/zend_hash.c). (Arnaud)
  . Fixed bug GH-15169 (stack overflow when var serialization in
    ext/standard/var). (nielsdos)

- Streams:
  . Fixed bugs GH-15908 and GH-15026 (leak / assertion failure in streams.c).
    (nielsdos)
  . Fixed bug GH-15980 (Signed integer overflow in main/streams/streams.c).
    (cmb)

- TSRM:
  . Prevent closing of unrelated handles. (cmb)

- Windows:
  . Fixed minimal Windows version. (cmb)
   2024-09-28 17:03:38 by Takahiro Kambe | Files touched by this commit (1) | Package updated
Log message:
lang/php83: update to 8.3.12

PHP 8.3.12 (2024-09-26)

- CGI:
  . Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection
    Vulnerability). (CVE-2024-8926) (nielsdos)
  . Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is
    bypassable due to the environment variable collision). (CVE-2024-8927)
    (nielsdos)

- Core:
  . Fixed bug GH-15408 (MSan false-positve on zend_max_execution_timer).
    (zeriyoshi)
  . Fixed bug GH-15515 (Configure error grep illegal option q). (Peter Kokot)
  . Fixed bug GH-15514 (Configure error: genif.sh: syntax error). (Peter Kokot)
  . Fixed bug GH-15565 (--disable-ipv6 during compilation produces error
    EAI_SYSTEM not found). (nielsdos)
  . Fixed bug GH-15587 (CRC32 API build error on arm 32-bit).
    (Bernd Kuhls, Thomas Petazzoni)
  . Fixed bug GH-15330 (Do not scan generator frames more than once). (Arnaud)
  . Fixed uninitialized lineno in constant AST of internal enums. (ilutov)

- Curl:
  . FIxed bug GH-15547 (curl_multi_select overflow on timeout argument).
    (David Carlier)

- DOM:
  . Fixed bug GH-15551 (Segmentation fault (access null pointer) in
    ext/dom/xml_common.h). (nielsdos)
  . Fixed bug GH-15654 (Signed integer overflow in ext/dom/nodelist.c).
    (nielsdos)

- Fileinfo:
  . Fixed bug GH-15752 (Incorrect error message for finfo_file
    with an empty filename argument). (DanielEScherzer)

- FPM:
  . Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered).
    (CVE-2024-9026) (Jakub Zelenka)

- MySQLnd:
  . Fixed bug GH-15432 (Heap corruption when querying a vector). (cmb,
    Kamil Tekiela)

- Opcache:
  . Fixed bug GH-15661 (Access null pointer in
    Zend/Optimizer/zend_inference.c). (nielsdos)
  . Fixed bug GH-15658 (Segmentation fault in Zend/zend_vm_execute.h).
    (nielsdos)

- SAPI:
  . Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data).
    (CVE-2024-8925) (Arnaud)

- Standard:
  . Fixed bug GH-15552 (Signed integer overflow in ext/standard/scanf.c). (cmb)

- Streams:
  . Fixed bug GH-15628 (php_stream_memory_get_buffer() not zero-terminated).
    (cmb)
   2024-08-31 06:36:24 by Takahiro Kambe | Files touched by this commit (1) | Package updated
Log message:
lang/php83: update to 8.3.11

PHP 8.3.11 (2024-08-29)

- Core:
  . Fixed bug GH-15020 (Memory leak in Zend/Optimizer/escape_analysis.c).
    (nielsdos)
  . Fixed bug GH-15023 (Memory leak in Zend/zend_ini.c). (nielsdos)
  . Fixed bug GH-13330 (Append -Wno-implicit-fallthrough flag conditionally).
    (Peter Kokot)
  . Fix uninitialized memory in network.c. (nielsdos)
  . Fixed bug GH-15108 (Segfault when destroying generator during shutdown).
    (Arnaud)
  . Fixed bug GH-15275 (Crash during GC of suspended generator delegate).
    (Arnaud)

- Curl:
  . Fixed case when curl_error returns an empty string.
    (David Carlier)

- DOM:
  . Fix UAF when removing doctype and using foreach iteration. (nielsdos)

- FFI:
  . Fixed bug GH-14286 (ffi enum type (when enum has no name) make memory
    leak). (nielsdos, dstogov)

- Hash:
  . Fix crash when converting array data for array in shm in xxh3. (nielsdos)

- Intl:
  . Fixed bug GH-15087 (IntlChar::foldCase()'s $option is not optional). (cmb)

- Opcache:
  . Fixed bug GH-13817 (Segmentation fault for enabled observers after pass 4).
    (Bob)
  . Fixed bug GH-13775 (Memory leak possibly related to opcache SHM placement).
    (Arnaud, nielsdos)

- Output:
  . Fixed bug GH-15179 (Segmentation fault (null pointer dereference) in
    ext/standard/url_scanner_ex.re). (nielsdos)

- PDO_Firebird:
  . Fix bogus fallthrough path in firebird_handle_get_attribute(). (nielsdos)

- PHPDBG:
  . Fixed bug GH-13199 (EOF emits redundant prompt in phpdbg local console mode
    with libedit/readline). (Peter Kokot)
  . Fixed bug GH-15268 (heap buffer overflow in phpdbg
    (zend_hash_num_elements() Zend/zend_hash.h)). (nielsdos)
  . Fixed bug GH-15210 use-after-free on watchpoint allocations. (nielsdos)

- Soap:
  . Fixed bug #55639 (Digest autentication dont work). (nielsdos)
  . Fix SoapFault property destruction. (nielsdos)
  . Fixed bug GH-15252 (SOAP XML broken since PHP 8.3.9 when using classmap
    constructor option). (nielsdos)

- Standard:
  . Fix passing non-finite timeout values in stream functions. (nielsdos)
  . Fixed GH-14780 p(f)sockopen timeout overflow. (David Carlier)

- Streams:
  . Fixed bug GH-15028 (Memory leak in ext/phar/stream.c). (nielsdos)
  . Fixed bug GH-15034 (Integer overflow on stream_notification_callback
    byte_max parameter with files bigger than 2GB). (nielsdos)
  . Reverted fix for GH-14930 (Custom stream wrapper dir_readdir output
    truncated to 255 characters). (Jakub Zelenka)

- Tidy:
  . Fix memory leaks in ext/tidy basedir restriction code. (nielsdos)