diff --git a/NEWS b/NEWS index 87a478e4b4e..021e45a5059 100644 --- a/NEWS +++ b/NEWS @@ -72,6 +72,10 @@ PHP NEWS - Intl: . Fix memory leak in MessageFormatter::format() on failure. (Girgias) +- Libxml: + . Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading + in XML without enabling it). (CVE-2023-3823) (nielsdos, ilutov) + - MBString: . Fix GH-11300 (license issue: restricted unicode license headers). (nielsdos) @@ -100,6 +104,8 @@ PHP NEWS - Phar: . Add missing check on EVP_VerifyUpdate() in phar util. (nielsdos) + . Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). + (CVE-2023-3824) (nielsdos) - PHPDBG: . Fixed bug GH-9669 (phpdbg -h options doesn't list the -z option). (adsr) diff --git a/ext/dom/tests/libxml_global_state_entity_loader_bypass.phpt b/ext/dom/tests/libxml_global_state_entity_loader_bypass.phpt index b28afd4694e..7fc2a249ac7 100644 --- a/ext/dom/tests/libxml_global_state_entity_loader_bypass.phpt +++ b/ext/dom/tests/libxml_global_state_entity_loader_bypass.phpt @@ -5,6 +5,7 @@ GHSA-3qrf-m4j2-pcrr (libxml global state entity loader bypass) if (!extension_loaded('libxml')) die('skip libxml extension not available'); if (!extension_loaded('dom')) die('skip dom extension not available'); if (!extension_loaded('zend-test')) die('skip zend-test extension not available'); +if (!function_exists('zend_test_override_libxml_global_state')) die('skip not for Windows'); ?> --FILE-- --FILE-- --FILE-- # include #endif @@ -271,6 +271,7 @@ static ZEND_FUNCTION(zend_get_current_func_name) RETURN_STR(function_name); } +#if defined(HAVE_LIBXML) && !defined(PHP_WIN32) static ZEND_FUNCTION(zend_test_override_libxml_global_state) { ZEND_PARSE_PARAMETERS_NONE(); @@ -282,6 +283,7 @@ static ZEND_FUNCTION(zend_test_override_libxml_global_state) (void) xmlLineNumbersDefault(1); (void) xmlKeepBlanksDefault(0); } +#endif /* TESTS Z_PARAM_ITERABLE and Z_PARAM_ITERABLE_OR_NULL */ static ZEND_FUNCTION(zend_iterable) diff --git a/ext/zend_test/test.stub.php b/ext/zend_test/test.stub.php index 82cf4606e3b..364792a5665 100644 --- a/ext/zend_test/test.stub.php +++ b/ext/zend_test/test.stub.php @@ -122,7 +122,7 @@ namespace { function zend_test_crash(?string $message = null): void {} -#ifdef HAVE_LIBXML +#if defined(HAVE_LIBXML) && !defined(PHP_WIN32) function zend_test_override_libxml_global_state(): void {} #endif } diff --git a/ext/zend_test/test_arginfo.h b/ext/zend_test/test_arginfo.h index e8534c09f03..f7252596195 100644 --- a/ext/zend_test/test_arginfo.h +++ b/ext/zend_test/test_arginfo.h @@ -86,7 +86,7 @@ ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_zend_test_crash, 0, 0, IS_VOID, ZEND_ARG_TYPE_INFO_WITH_DEFAULT_VALUE(0, message, IS_STRING, 1, "null") ZEND_END_ARG_INFO() -#if defined(HAVE_LIBXML) +#if defined(HAVE_LIBXML) && !defined(PHP_WIN32) ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_zend_test_override_libxml_global_state, 0, 0, IS_VOID, 0) ZEND_END_ARG_INFO() #endif @@ -153,7 +153,7 @@ static ZEND_FUNCTION(zend_get_current_func_name); static ZEND_FUNCTION(zend_call_method); static ZEND_FUNCTION(zend_get_map_ptr_last); static ZEND_FUNCTION(zend_test_crash); -#if defined(HAVE_LIBXML) +#if defined(HAVE_LIBXML) && !defined(PHP_WIN32) static ZEND_FUNCTION(zend_test_override_libxml_global_state); #endif static ZEND_FUNCTION(namespaced_func); @@ -196,7 +196,7 @@ static const zend_function_entry ext_functions[] = { ZEND_FE(zend_call_method, arginfo_zend_call_method) ZEND_FE(zend_get_map_ptr_last, arginfo_zend_get_map_ptr_last) ZEND_FE(zend_test_crash, arginfo_zend_test_crash) -#if defined(HAVE_LIBXML) +#if defined(HAVE_LIBXML) && !defined(PHP_WIN32) ZEND_FE(zend_test_override_libxml_global_state, arginfo_zend_test_override_libxml_global_state) #endif ZEND_NS_FE("ZendTestNS2\\ZendSubNS", namespaced_func, arginfo_ZendTestNS2_ZendSubNS_namespaced_func)