diff --git a/NEWS b/NEWS index ce604288a63..55a75903170 100644 --- a/NEWS +++ b/NEWS @@ -1,569 +1,23 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -?? ??? ????, PHP 8.3.0 - -- Core: - . Fixed oss-fuzz #54325 (Use-after-free of name in var-var with malicious - error handler). (ilutov) - . Fixed oss-fuzz #64209 (In-place modification of filename in - php_message_handler_for_zend). (ilutov) - -- DOM: - . Fixed bug GH-12616 (DOM: Removing XMLNS namespace node results in invalid - default: prefix). (nielsdos) - -- Intl: - . Fixed bug GH-12635 (Test bug69398.phpt fails with ICU 74.1). (nielsdos) - -- LibXML: - . Fixed bug GH-12702 (libxml2 2.12.0 issue building from src). (nono303) - -- MBString: - . Fixed bug GH-11992 (utf_encodings.phpt fails on Windows 32-bit). (nielsdos) - -- OpenSSL: - . Fixed bug #50713 (openssl_pkcs7_verify() may ignore untrusted CAs). - (Jakub Zelenka) - -- PCRE: - . Fixed bug GH-12628 (The gh11374 test fails on Alpinelinux). (nielsdos) - -- PGSQL: - . Reverted PG pipeline addition. (Jakub Zelenka) - -- PHPDBG: - . Fixed bug GH-12675 (MEMORY_LEAK in phpdbg_prompt.c). (nielsdos) - -- POSIX: - . Fixed bug GH-12725 (Call to undefined function posix_fpathconf() in default - configure setting). (petk) - -- SPL: - . Fixed bug GH-12721 (SplFileInfo::getFilename() segfault in combination - with GlobIterator and no directory separator). (nielsdos) - -- SQLite3: - . Fixed bug GH-12633 (sqlite3_defensive.phpt fails with sqlite 3.44.0). - (SakiTakamachi) - -- Standard: - . Fix memory leak in syslog device handling. (danog) - . Fixed bug GH-12621 (browscap segmentation fault when configured in the - vhost). (nielsdos) - . Fixed bug GH-12655 (proc_open() does not take into account references - in the descriptor array). (nielsdos) - -- Streams: - . Fixed bug #79945 (Stream wrappers in imagecreatefrompng causes segfault). - (Jakub Zelenka) - -- Zip: - . Fixed bug GH-12661 (Inconsistency in ZipArchive::addGlob remove_path Option - Behavior). (Remi) - -09 Nov 2023, PHP 8.3.0RC6 - -- Core: - . Fixed segfault caused by weak references to FFI objects. (sj-i) - . Fixed max_execution_time: don't delete an unitialized timer. (Kévin Dunglas) - . Fixed bug GH-12558 (Arginfo soft-breaks with namespaced class return type - if the class name starts with N). (kocsismate) - . Fixed oss-fuzz #63802 (OP1 leak in error path of post inc/dec). (ilutov) - -- DOM: - . Add missing NULL pointer error check. (icy17) - . Fixed bug #47531 (No way of removing redundant xmlns: declarations). - (nielsdos) - . Fix validation logic of php:function() callbacks. (nielsdos) - -- FPM: - . Fixed bug GH-9921 (Loading ext in FPM config does not register module - handlers). (Jakub Zelenka) - . Fixed bug #76922 (FastCGI terminates conn after FCGI_GET_VALUES). - (Jakub Zelenka) - -- Intl: - . Removed the BC break on IntlDateFormatter::construct which threw an - exception with an invalid locale. (David Carlier) - -- Opcache: - . Fixed COPY_TMP type inference for references. (ilutov) - -- PCRE: - . Fixed bug GH-11374 (Backport upstream fix, Different preg_match result - with -d pcre.jit=0). (mvorisek) - -- PGSQL: - . Fixed pipeline mode GH-9344. (degtyaryov) - -- SOAP: - . Fix potential crash with an edge case of persistent encoders. (nielsdos) - . Fixed bug #75306 (Memleak in SoapClient). (nielsdos) - -- XMLReader: - . Add missing NULL pointer error check. (icy17) - -- XMLWriter: - . Add missing NULL pointer error check. (icy17) - -- XSL: - . Fix validation logic of php:function() callbacks. (nielsdos) - - -26 Oct 2023, PHP 8.3.0RC5 - -- Core: - . Fixed double-free of non-interned enum case name. (ilutov) - . Fixed bug GH-12457 (Incorrect result of stripos with single character - needle). (SakiTakamachi) - . Fixed bug GH-12468 (Double-free of doc_comment when overriding static - property via trait). (ilutov) - -- DOM: - . Fix registerNodeClass with abstract class crashing. (nielsdos) - . Fix compile error when php_libxml.h header is included in C++. - (Remi, nielsdos) - -- Fiber: - . Fixed bug GH-11121 (ReflectionFiber segfault). (danog, trowski, bwoebi) - -- FPM: - . Fixed bug GH-12232 (FPM: segfault dynamically loading extension without - opcache). (Jakub Zelenka) - -- Opcache: - . Added warning when JIT cannot be enabled. (danog) - . Fixed bug GH-8143 (Crashes in zend_accel_inheritance_cache_find since - upgrading to 8.1.3 due to corrupt on-disk file cache). (turchanov) - -- OpenSSL: - . Fixed bug GH-12489 (Missing sigbio creation checking in openssl_cms_verify). - (Jakub Zelenka) - -- Random: - . Fix Randomizer::getFloat() returning incorrect results under - certain circumstances. (timwolla) - -- SOAP: - . Fixed bug GH-12392 (Segmentation fault on SoapClient::__getTypes). - (nielsdos) - . Fixed bug #66150 (SOAP WSDL cache race condition causes Segmentation - Fault). (nielsdos) - . Fixed bug #67617 (SOAP leaves incomplete cache file on ENOSPC). (nielsdos) - . Fix incorrect uri check in SOAP caching. (nielsdos) - . Fix segfault and assertion failure with refcounted props and arrays. - (nielsdos) - -- Streams: - . Fixed bug #75708 (getimagesize with "&$imageinfo" fails on StreamWrappers). - (Jakub Zelenka) - -- XSL: - . Add missing module dependency. (nielsdos) - -12 Oct 2023, PHP 8.3.0RC4 - -- Core: - . Fixed bug #80092 (ZTS + preload = segfault on shutdown). (nielsdos) - . Fixed buffer underflow when compiling memoized expression. (ilutov) - -- CLI: - . Ensure a single Date header is present. (coppolafab) - -- CType: - . Fixed bug GH-11997 (ctype_alnum 5 times slower in PHP 8.1 or greater). - (nielsdos) - -- DOM: - . Restore old namespace reconciliation behaviour. (nielsdos) - . Fix broken cache invalidation with deallocated and reallocated document - node. (nielsdos) - . Fixed bug GH-8996 (DOMNode serialization on PHP ^8.1). (nielsdos) - -- Fileinfo: - . Fixed bug GH-11891 (fileinfo returns text/xml for some svg files). (usarise) - -- LibXML: - . Fix compile error with -Werror=incompatible-function-pointer-types and - old libxml2. (nielsdos) - -- MySQLnd: - . Fixed bug GH-12297 (PHP Startup: Invalid library (maybe not a PHP library) - 'mysqlnd.so' in Unknown on line). (nielsdos) - -- Opcache: - . Fixed opcache_invalidate() on deleted file. (mikhainin) - . Fixed bug GH-12380 (JIT+private array property access inside closure - accesses private property in child class). (nielsdos) - -- SimpleXML: - . Apply iterator fixes only on master. (nielsdos) - -- Standard: - . Fixed str_decrement() on "1". (ilutov) - -- XSL: - . Fix type error on XSLTProcessor::transformToDoc return value with - SimpleXML. (nielsdos) - -28 Sep 2023, PHP 8.3.0RC3 - -- Core: - . Fixed bug GH-12189 (#[Override] attribute in trait does not check for - parent class implementations). (timwolla) - . Fixed OSS Fuzz #62294 (Unsetting variable after ++/-- on string variable - warning). (Girgias) - . Fixed bug GH-12215 (Module entry being overwritten causes type errors in - ext/dom). (nielsdos) - . Fixed bug GH-12207 (memory leak when class using trait with doc block). - (rioderelfte) - . Fixed bug GH-12273 (__builtin_cpu_init check). (Freaky) - -- Filter: - . Fix explicit FILTER_REQUIRE_SCALAR with FILTER_CALLBACK (ilutov) - -- Hash: - . Fixed bug GH-12186 (segfault copying/cloning a finalized HashContext). - (MaxSem) - -- Intl: - . Fixed bug GH-12243 (segfault on IntlDateFormatter::construct). - (David Carlier) - . Fixed bug GH-12282 (IntlDateFormatter::construct should throw an exception - on an invalid locale). (David Carlier) - -- SimpleXML: - . Fixed bug GH-12170 (Can't use xpath with comments in SimpleXML). (nielsdos) - . Fixed bug GH-12192 (SimpleXML infinite loop when getName() is called - within foreach). (nielsdos) - . Fixed bug GH-12223 (Entity reference produces infinite loop in - var_dump/print_r). (nielsdos) - . Fixed bug GH-12208 (SimpleXML infinite loop when a cast is used inside a - foreach). (nielsdos) - . Fixed bug #55098 (SimpleXML iteration produces infinite loop). (nielsdos) - . Fixed bug GH-12167 (Unable to get processing instruction contents in - SimpleXML). (nielsdos) - . Fixed bug GH-12169 (Unable to get comment contents in SimpleXML). - (nielsdos) - -- Streams: - . Fixed bug GH-12190 (binding ipv4 address with both address and port at 0). - (David Carlier) - -- XML: - . Fix return type of stub of xml_parse_into_struct(). (nielsdos) - . Fix memory leak when calling xml_parse_into_struct() twice. (nielsdos) - -14 Sep 2023, PHP 8.3.0RC2 - -- Core: - . Fixed GH-11847 (DTrace enabled build is broken). (Filip Zrůst) - . Fixed bug GH-11876: ini_parse_quantity() accepts invalid quantities. - (Girgias) - . Fixed bug GH-12073 (Segfault when freeing incompletely initialized - closures). (ilutov) - . Fixed bug GH-12060 (Internal iterator rewind handler is called twice). - (ju1ius) - . Fixed OSS Fuzz #61865 (Undef variable in ++/-- for declared property - that is unset in error handler). (Girgias) - . Fixed bug GH-12102 (Incorrect compile error when using array access on TMP - value in function call). (ilutov) - . Fixed warning emitted when checking if a user stream is castable. (Girgias) - . Fixed bug GH-12123 (Compile error on MacOS with C++ extension when using - ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX). (kocsismate) - -- FPM: - . Fixed GH-12077 (PHP 8.3.0RC1 borked socket-close-on-exec.phpt). - (Jakub Zelenka) - -- Intl: - . Fixed bug GH-12020 (intl_get_error_message() broken after - MessageFormatter::formatMessage() fails). (Girgias) - -- ODBC: - . Fixed memory leak with failed SQLPrepare. (NattyNarwhal) - . Fixed persistent procedural ODBC connections not getting closed. - (NattyNarwhal) - -- PCRE: - . Update bundled libpcre2 to 10.42. (nielsdos) - -- SimpleXML: - . Fixed bug #52751 (XPath processing-instruction() function is not - supported). (nielsdos) - -- SPL: - . Fixed bug GH-11972 (RecursiveCallbackFilterIterator regression in 8.1.18). - (nielsdos) - -- Standard: - . Fixed bug GH-12151 (str_getcsv ending with escape zero segfualt). - (Jakub Zelenka) - -- SQLite3: - . Fixed bug GH-11878 (SQLite3 callback functions cause a memory leak with - a callable array). (nielsdos, arnaud-lb) - -31 Aug 2023, PHP 8.3.0RC1 - -- Core: - . Fixed bug GH-11937 (Constant ASTs containing objects). (ilutov) - . Introduced Zend guard recursion protection to fix __debugInfo issue. - (Jakub Zelenka) - . Fixed bug GH-11790 (On riscv64 require libatomic if actually needed). - (Jeremie Courreges-Anglas) - . Fixed oss-fuzz #61712 (assertion failure with error handler during binary - op). (nielsdos) - -- DOM: - . Fixed GH-11952 (Confusing warning when blocking entity loading via - libxml_set_external_entity_loader). (nielsdos) - -- FFI: - . Implement GH-11934 (Allow to pass CData into struct and/or union fields). - (nielsdos, KapitanOczywisty) - -- FPM: - . Fixed bug #76067 (system() function call leaks php-fpm listening sockets). - (Mikhail Galanin, Jakub Zelenka) - -- Standard: - . Added $before_needle argument to strrchr(). (HypeMC) - . Fixed GH-11982 (str_getcsv returns null byte for unterminated enclosure). - (Jakub Zelenka) - -- Streams: - . Fixed bug #52335 (fseek() on memory stream behavior different than file). - (Jakub Zelenka) - . Fixed bug #76857 (Can read "non-existant" files). (Jakub Zelenka) - -17 Aug 2023, PHP 8.3.0beta3 - -- Core: - . Fixed strerror_r detection at configuration time. (Kévin Dunglas) - . Fixed segfault during freeing of some incompletely initialized objects due - to OOM error (PDO, SPL, XSL). (ilutov) - . Fixed trait typed properties using a DNF type not being correctly bound. - (Girgias) - . Fixed trait property types not being arena allocated if copied from - an internal trait. (Girgias) - . Fixed deep copy of property DNF type during lazy class load. - (Girgias, ilutov) - . Fixed memory freeing of DNF types for non arena allocated types. - (Girgias, ju1ius) - -- DOM: - . adoptNode now respects the strict error checking property. (nielsdos) - . Align DOMChildNode parent checks with spec. (nielsdos) - . Fixed bug #80927 (Removing documentElement after creating attribute node: - possible use-after-free). (nielsdos) - . Fix various namespace prefix conflict resolution bugs. (nielsdos) - . Fix calling createAttributeNS() without prefix causing the default - namespace of the element to change. (nielsdos) - -- Opcache: - . Avoid resetting JIT counter handlers from multiple processes/threads. - (ilutov) - -- Standard: - . Fixed bug GH-11870 (Fix off-by-one bug when truncating tempnam prefix) - (athos-ribeiro) - -03 Aug 2023, PHP 8.3.0beta2 +23 Nov 2023, PHP 8.3.0 - Bcmath . Fixed GH-11761 (removing trailing zeros from numbers) (jorgsowa) -- Core: - . Fixed oss-fuzz #60741 (Leak in open_basedir). (ilutov) - -- DOM: - . Fixed bug GH-11792 (LIBXML_NOXMLDECL is not implemented or broken). - (nielsdos) - -- FFI: - . Fix leaking definitions when using FFI::cdef()->new(...). (ilutov) - -- Libxml: - . Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading - in XML without enabling it). (CVE-2023-3823) (nielsdos, ilutov) - -- MBString: - . Fix use-after-free of mb_list_encodings() return value. (ilutov) - -- Opcache: - . Avoid adding an unnecessary read-lock when loading script from shm if - restart is in progress. (mikhainin) - -- Phar: - . Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). - (CVE-2023-3824) (nielsdos) - -- Streams: - . Fixed bug GH-11735 (Use-after-free when unregistering user stream wrapper - from itself). (ilutov) - -20 Jul 2023, PHP 8.3.0beta1 - -- CLI: - . Implement GH-10024 (support linting multiple files at once using php -l). - (nielsdos) - -- Core: - . Fixed line number of JMP instruction over else block. (ilutov) - . Fixed use-of-uninitialized-value with ??= on assert. (ilutov) - . Fixed bug GH-11601 (Incorrect handling of unwind and graceful exit - exceptions). (ilutov) - . Added zend_call_stack_get implementation for OpenBSD. (David Carlier) - . Fixed oss-fuzz #60411 (Fix double-compilation of arrow-functions). (ilutov) - . Fixed build for FreeBSD before the 11.0 releases. (David Carlier) - . Add stack limit check in zend_eval_const_expr(). (Arnaud) - . Expose time spent collecting cycles in gc_status(). (Arnaud) - . Remove WeakMap entries whose key is only reachable through the entry value. - (Arnaud) - . Resolve open_basedir paths on INI update. (ilutov) - -- Curl: - . Added Curl options and constants up to (including) version 7.87. - (nielsdos, adoy) - -- DOM: - . Added DOMNode::contains() and DOMNameSpaceNode::contains(). (nielsdos) - . Added DOMElement::getAttributeNames(). (nielsdos) - . Added DOMNode::getRootNode(). (nielsdos) - . Added DOMElement::className and DOMElement::id. (nielsdos) - . Added DOMParentNode::replaceChildren(). (nielsdos) - . Added DOMNode::isConnected and DOMNameSpaceNode::isConnected. (nielsdos) - . Added DOMNode::parentElement and DOMNameSpaceNode::parentElement. - (nielsdos) - . Added DOMNode::isEqualNode(). (nielsdos) - . Added DOMElement::insertAdjacentElement() and - DOMElement::insertAdjacentText(). (nielsdos) - . Added DOMElement::toggleAttribute(). (nielsdos) - -- FPM: - . Added warning to log when fpm socket was not registered on the expected - path. (Joshua Behrens, Jakub Zelenka) - -- Hash: - . Fix use-of-uninitialized-value in hash_pbkdf2(), fix missing $options - parameter in signature. (ilutov) - -- Intl: - . Fix memory leak in MessageFormatter::format() on failure. (Girgias) - -- LDAP: - . Deprecate calling ldap_connect() with separate hostname and port. - (heiglandreas) - -- OpenSSL: - . Added support for additional EC parameters in openssl_pkey_new. (Eno-CN) - -- PDO: - . Fix GH-11587 (After php8.1, when PDO::ATTR_EMULATE_PREPARES is true - and PDO::ATTR_STRINGIFY_FETCHES is true, decimal zeros are no longer - filled). (SakiTakamachi) - -- Random: - . Deprecate MT_RAND_PHP. (timwolla) - -- SPL: - . Fixed GH-11573 (RecursiveDirectoryIterator::hasChildren is slow). - (nielsdos) - -- Standard: - . Added support for rounding negative places in number_format(). - (Marc Bennewitz) - . Prevent precision loss on formatting decimal integers in number_format(). - (Marc Bennewitz) - . Added usage of posix_spawn for proc_open when supported by OS. - (Cristian Rodriguez) - -- Streams: - . Implemented GH-11242 (_php_stream_copy_to_mem: Allow specifying a maximum - length without allocating a buffer of that size). (Jakub Zelenka) - -06 Jul 2023, PHP 8.3.0alpha3 - -- Core: - . Fixed bug GH-11507 (String concatenation performance regression in 8.3). - (nielsdos) - . Fixed oss-fuzz #60011 (Mis-compilation of by-reference nullsafe operator). - (ilutov) - . Fixed GH-11488 (Missing "Optional parameter before required" deprecation on - union null type). (ilutov) - . Implement the #[\Override] attribute RFC. (timwolla) - -- DOM: - . Fixed bug GH-11500 (Namespace reuse in createElementNS() generates wrong - output). (nielsdos) - . Implemented DOMDocument::adoptNode(). Previously this always threw a - "not yet implemented" exception. (nielsdos) - . Fixed bug GH-9628 (Implicitly removing nodes from \DOMDocument breaks - existing references). (nielsdos) - -- Fileinfo: - . Fix GH-11408 (Unable to build PHP 8.3.0 alpha 1 / fileinfo extension). - (nielsdos) - -- MBString: - . Implement mb_str_pad() RFC. (nielsdos) - . Fixed bug GH-11514 (PHP 8.3 build fails with --enable-mbstring enabled). - (nielsdos) - -- Session: - . Fixed bug GH-11529 (Crash after dealing with an Apache request). (nielsdos) - -- Standard: - . Fix serialization of RC1 objects appearing in object graph twice. (ilutov) - -- XMLReader: - . Fix GH-11548 (Argument corruption when calling XMLReader::open or - XMLReader::XML non-statically with observer active). (Bob) - -- zip: - . zip extension version 1.22.0 for libzip 1.10.0. (Remi) - . add new error macros (ER_DATA_LENGTH and ER_NOT_ALLOWED). (Remi) - . add new archive global flags (ER_AFL_*). (Remi) - . add ZipArchive::setArchiveFlag and ZipArchive::getArchiveFlag methods. - (Remi) - - -22 Jun 2023, PHP 8.3.0alpha2 - -- Core: - . Fix GH-11388 (Allow "final" modifier when importing a method from a trait). - (nielsdos) - . Fixed bug GH-11406 (segfault with unpacking and magic method closure). - (nielsdos) - -- DOM: - . Fix #79700 (wrong use of libxml oldNs leads to performance problem). - (nielsdos) - . Fix #77894 (DOMNode::C14N() very slow on generated DOMDocuments even after - normalisation). (nielsdos) - . Revert changes to DOMAttr::$value and DOMAttr::$nodeValue expansion. - (nielsdos) - -- GD: - . Removed imagerotate "ignore_transparent" argument since it has no effect. - (David Carlier) - -- Streams: - . Implement GH-8641 (STREAM_NOTIFY_COMPLETED over HTTP never emitted). - (nielsdos, Jakub Zelenka) - . Fix bug GH-10406 (fgets on a redis socket connection fails on PHP 8.3). - (Jakub Zelenka) - -08 Jun 2023, PHP 8.3.0alpha1 - - CLI: . Added pdeathsig to builtin server to terminate workers when the master process is killed. (ilutov) . Fixed bug GH-11104 (STDIN/STDOUT/STDERR is not available for CLI without a script). (nielsdos) + . Implement GH-10024 (support linting multiple files at once using php -l). + (nielsdos) - Core: + . Fix GH-11388 (Allow "final" modifier when importing a method from a trait). + (nielsdos) + . Fixed bug GH-11406 (segfault with unpacking and magic method closure). + (nielsdos) . Fixed bug GH-9388 (Improve unset property and __get type incompatibility error message). (ilutov) . SA_ONSTACK is now set for signal handlers to be friendlier to other @@ -571,7 +25,6 @@ PHP NEWS . SA_ONSTACK is now set when signals are disabled. (Kévin Dunglas) . Fix GH-9649: Signal handlers now do a no-op instead of crashing when executed on threads not managed by TSRM. (Kévin Dunglas) - . Fixed potential NULL pointer dereference Windows shm*() functions. (cmb) . Added shadow stack support for fibers. (Chen Hu) . Fix bug GH-9965 (Fix accidental caching of default arguments with side effects). (ilutov) @@ -597,6 +50,46 @@ PHP NEWS operation). (nielsdos) . Fix GH-11348 (Closure created from magic method does not accept named arguments). (nielsdos) + . Fix GH-11388 (Allow "final" modifier when importing a method from a trait). + (nielsdos) + . Fixed bug GH-11406 (segfault with unpacking and magic method closure). + (nielsdos) + . Fixed bug GH-11507 (String concatenation performance regression in 8.3). + (nielsdos) + . Fixed GH-11488 (Missing "Optional parameter before required" deprecation on + union null type). (ilutov) + . Implement the #[\Override] attribute RFC. (timwolla) + . Fixed bug GH-11601 (Incorrect handling of unwind and graceful exit + exceptions). (ilutov) + . Added zend_call_stack_get implementation for OpenBSD. (David Carlier) + . Add stack limit check in zend_eval_const_expr(). (Arnaud) + . Expose time spent collecting cycles in gc_status(). (Arnaud) + . Remove WeakMap entries whose key is only reachable through the entry value. + (Arnaud) + . Resolve open_basedir paths on INI update. (ilutov) + . Fixed oss-fuzz #60741 (Leak in open_basedir). (ilutov) + . Fixed segfault during freeing of some incompletely initialized objects due + to OOM error (PDO, SPL, XSL). (ilutov) + . Introduced Zend guard recursion protection to fix __debugInfo issue. + (Jakub Zelenka) + . Fixed oss-fuzz #61712 (assertion failure with error handler during binary + op). (nielsdos) + . Fixed GH-11847 (DTrace enabled build is broken). (Filip Zrůst) + . Fixed OSS Fuzz #61865 (Undef variable in ++/-- for declared property + that is unset in error handler). (Girgias) + . Fixed warning emitted when checking if a user stream is castable. (Girgias) + . Fixed bug GH-12123 (Compile error on MacOS with C++ extension when using + ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX). (kocsismate) + . Fixed bug GH-12189 (#[Override] attribute in trait does not check for + parent class implementations). (timwolla) + . Fixed OSS Fuzz #62294 (Unsetting variable after ++/-- on string variable + warning). (Girgias) + . Fixed buffer underflow when compiling memoized expression. (ilutov) + . Fixed oss-fuzz #63802 (OP1 leak in error path of post inc/dec). (ilutov) + +- Curl: + . Added Curl options and constants up to (including) version 7.87. + (nielsdos, adoy) - Date: . Implement More Appropriate Date/Time Exceptions RFC. (Derick) @@ -604,24 +97,73 @@ PHP NEWS - DOM: . Fix bug GH-8388 (DOMAttr unescapes character reference). (Tim Starling) . Fix bug GH-11308 (getElementsByTagName() is O(N^2)). (nielsdos) + . Fix #79700 (wrong use of libxml oldNs leads to performance problem). + (nielsdos) + . Fix #77894 (DOMNode::C14N() very slow on generated DOMDocuments even after + normalisation). (nielsdos) + . Revert changes to DOMAttr::$value and DOMAttr::$nodeValue expansion. + (nielsdos) + . Fixed bug GH-11500 (Namespace reuse in createElementNS() generates wrong + output). (nielsdos) + . Implemented DOMDocument::adoptNode(). Previously this always threw a + "not yet implemented" exception. (nielsdos) + . Fixed bug GH-9628 (Implicitly removing nodes from \DOMDocument breaks + existing references). (nielsdos) + . Added DOMNode::contains() and DOMNameSpaceNode::contains(). (nielsdos) + . Added DOMElement::getAttributeNames(). (nielsdos) + . Added DOMNode::getRootNode(). (nielsdos) + . Added DOMElement::className and DOMElement::id. (nielsdos) + . Added DOMParentNode::replaceChildren(). (nielsdos) + . Added DOMNode::isConnected and DOMNameSpaceNode::isConnected. (nielsdos) + . Added DOMNode::parentElement and DOMNameSpaceNode::parentElement. + (nielsdos) + . Added DOMNode::isEqualNode(). (nielsdos) + . Added DOMElement::insertAdjacentElement() and + DOMElement::insertAdjacentText(). (nielsdos) + . Added DOMElement::toggleAttribute(). (nielsdos) + . Fixed bug GH-11792 (LIBXML_NOXMLDECL is not implemented or broken). + (nielsdos) + . adoptNode now respects the strict error checking property. (nielsdos) + . Align DOMChildNode parent checks with spec. (nielsdos) + . Fixed bug #80927 (Removing documentElement after creating attribute node: + possible use-after-free). (nielsdos) + . Fix various namespace prefix conflict resolution bugs. (nielsdos) + . Fix calling createAttributeNS() without prefix causing the default + namespace of the element to change. (nielsdos) + . Fixed GH-11952 (Confusing warning when blocking entity loading via + libxml_set_external_entity_loader). (nielsdos) + . Fix broken cache invalidation with deallocated and reallocated document + node. (nielsdos) + . Fix compile error when php_libxml.h header is included in C++. + (Remi, nielsdos) + . Fixed bug #47531 (No way of removing redundant xmlns: declarations). + (nielsdos) - Exif: . Removed unneeded codepaths in exif_process_TIFF_in_JPEG(). (nielsdos) +- FFI: + . Implement GH-11934 (Allow to pass CData into struct and/or union fields). + (nielsdos, KapitanOczywisty) + - Fileinfo: . Upgrade bundled libmagic to 5.43. (Anatol) + . Fix GH-11408 (Unable to build PHP 8.3.0 alpha 1 / fileinfo extension). + (nielsdos) - FPM: . The status.listen shared pool now uses the same php_values (including expose_php) and php_admin_value as the pool it is shared with. (dwxh) + . Added warning to log when fpm socket was not registered on the expected + path. (Joshua Behrens, Jakub Zelenka) + . Fixed bug #76067 (system() function call leaks php-fpm listening sockets). + (Mikhail Galanin, Jakub Zelenka) + . Fixed GH-12077 (PHP 8.3.0RC1 borked socket-close-on-exec.phpt). + (Jakub Zelenka) - GD: - . Fixed bug #81739: OOB read due to insufficient input validation in - imageloadfont(). (CVE-2022-31630) (cmb) - -- Hash: - . Fixed bug #81738: buffer overflow in hash_update() on long parameter. - (CVE-2022-37454) (nicky at mouha dot be) + . Removed imagerotate "ignore_transparent" argument since it has no effect. + (David Carlier) - Intl: . Added pattern format error infos for numfmt_set_pattern. (David Carlier) @@ -631,10 +173,20 @@ PHP NEWS (David Carlier). . Updated IntlBreakInterator::setText return type. (David Carlier) . Updated IntlChar::enumCharNames return type. (David Carlier) + . Removed the BC break on IntlDateFormatter::construct which threw an + exception with an invalid locale. (David Carlier) - JSON: . Added json_validate(). (Juan Morales) +- LDAP: + . Deprecate calling ldap_connect() with separate hostname and port. + (heiglandreas) + +- LibXML: + . Fix compile error with -Werror=incompatible-function-pointer-types and + old libxml2. (nielsdos) + - MBString: . mb_detect_encoding is better able to identify the correct encoding for Turkish text. (Alex Dowad) @@ -664,6 +216,11 @@ PHP NEWS QPrint-encoding the input string. This previously caused strings in certain text encodings, especially UTF-16 and UTF-32, to be corrupted by mb_encode_mimeheader. (Alex Dowad) + . Implement mb_str_pad() RFC. (nielsdos) + . Fixed bug GH-11514 (PHP 8.3 build fails with --enable-mbstring enabled). + (nielsdos) + . Fix use-after-free of mb_list_encodings() return value. (ilutov) + . Fixed bug GH-11992 (utf_encodings.phpt fails on Windows 32-bit). (nielsdos) - mysqli: . mysqli_fetch_object raises a ValueError instead of an Exception. @@ -680,21 +237,27 @@ PHP NEWS (David Carlier) . Added memfd api usage, on Linux, for zend_shared_alloc_create_lock() to create an abstract anonymous file for the opcache's lock. (Max Kellermann) + . Avoid resetting JIT counter handlers from multiple processes/threads. + (ilutov) + . Fixed COPY_TMP type inference for references. (ilutov) - OpenSSL: . Added OPENSSL_CMS_OLDMIMETYPE and PKCS7_NOOLDMIMETYPE contants to switch between mime content types. (Daniel Kesselberg) . Fixed GH-11054: Reset OpenSSL errors when using a PEM public key. (Florian Moser) + . Added support for additional EC parameters in openssl_pkey_new. (Eno-CN) - PCNTL: . SA_ONSTACK is now set for pcntl_signal. (Kévin Dunglas) . Added SIGINFO constant. (David Carlier) +- PCRE: + . Update bundled libpcre2 to 10.42. (nielsdos) + - PGSQL: . pg_fetch_object raises a ValueError instead of an Exception. (David Carlier) - . Added GH-9344, pipeline mode support. (David Carlier) . pg_cancel use thread safe PQcancel api instead. (David Carlier) . pg_trace new PGSQL_TRACE_SUPPRESS_TIMESTAMPS/PGSQL_TRACE_REGRESS_MODE contants support. (David Carlier) @@ -707,7 +270,7 @@ PHP NEWS - Phar: . Fix memory leak in phar_rename_archive(). (stkeke) -- Posix: +- POSIX: . Added posix_sysconf. (David Carlier) . Added posix_pathconf. (David Carlier) . Added posix_fpathconf. (David Carlier) @@ -717,22 +280,31 @@ PHP NEWS - Random: . Added Randomizer::getBytesFromString(). (Joshua Rüsweg) . Added Randomizer::nextFloat(), ::getFloat(), and IntervalBoundary. (timwolla) - . Fix GH-10292 (Made the default value of the first param of srand() and - mt_srand() nullable). (kocsismate) . Enable getrandom() for NetBSD (from 10.x). (David Carlier) + . Deprecate MT_RAND_PHP. (timwolla) + . Fix Randomizer::getFloat() returning incorrect results under + certain circumstances. (timwolla) - Reflection: . Fix GH-9470 (ReflectionMethod constructor should not find private parent method). (ilutov) . Fix GH-10259 (ReflectionClass::getStaticProperties doesn't need null return type). (kocsismate) - . Fix Segfault when using ReflectionFiber suspended by an internal function. - (danog) - SAPI: . Fixed GH-11141 (Could not open input file: should be sent to stderr). (nielsdos) +- Session: + . Fixed bug GH-11529 (Crash after dealing with an Apache request). (nielsdos) + +- SimpleXML: + . Fixed bug GH-12192 (SimpleXML infinite loop when getName() is called + within foreach). (nielsdos) + . Fixed bug GH-12208 (SimpleXML infinite loop when a cast is used inside a + foreach). (nielsdos) + . Fixed bug #55098 (SimpleXML iteration produces infinite loop). (nielsdos) + - Sockets: . Added SO_ATTACH_REUSEPORT_CBPF socket option, to give tighter control over socket binding for a cpu core. (David Carlier) @@ -750,6 +322,10 @@ PHP NEWS . Added SO_REUSEPORT_LB freebsd constant. (David Carlier) . Added IP_BIND_ADDRESS_NO_PORT. (David Carlier) +- SPL: + . Fixed GH-11573 (RecursiveDirectoryIterator::hasChildren is slow). + (nielsdos) + - Standard: . E_NOTICEs emitted by unserialize() have been promoted to E_WARNING. (timwolla) . unserialize() now emits a new E_WARNING if the input contains unconsumed @@ -767,14 +343,38 @@ PHP NEWS specified). (ilutov) . Fix GH-10742 (http_response_code emits no error when headers were already sent). (NattyNarwhal) + . Added support for rounding negative places in number_format(). + (Marc Bennewitz) + . Prevent precision loss on formatting decimal integers in number_format(). + (Marc Bennewitz) + . Added usage of posix_spawn for proc_open when supported by OS. + (Cristian Rodriguez) + . Added $before_needle argument to strrchr(). (HypeMC) + . Fixed GH-11982 (str_getcsv returns null byte for unterminated enclosure). + (Jakub Zelenka) + . Fixed str_decrement() on "1". (ilutov) - Streams: . Fixed bug #51056: blocking fread() will block even if data is available. (Jakub Zelenka) . Added storing of the original path used to open xport stream. (Luc Vieillescazes) + . Implement GH-8641 (STREAM_NOTIFY_COMPLETED over HTTP never emitted). + (nielsdos, Jakub Zelenka) + . Fix bug GH-10406 (fgets on a redis socket connection fails on PHP 8.3). + (Jakub Zelenka) + . Implemented GH-11242 (_php_stream_copy_to_mem: Allow specifying a maximum + length without allocating a buffer of that size). (Jakub Zelenka) + . Fixed bug #52335 (fseek() on memory stream behavior different than file). + (Jakub Zelenka) + . Fixed bug #76857 (Can read "non-existant" files). (Jakub Zelenka) - XSLTProcessor: . Fixed bug #69168 (DomNode::getNodePath() returns invalid path). (nielsdos) -<<< NOTE: Insert NEWS from last stable release here prior to actual release! >>> +- ZIP: + . zip extension version 1.22.0 for libzip 1.10.0. (Remi) + . add new error macros (ER_DATA_LENGTH and ER_NOT_ALLOWED). (Remi) + . add new archive global flags (ER_AFL_*). (Remi) + . add ZipArchive::setArchiveFlag and ZipArchive::getArchiveFlag methods. + (Remi)