php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
143,591 Commits 545 Branches 1,479 Tags
PHP-8.5.1
Commit Graph

143591 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Volker Dusch
346fc95827 Update NEWS 2025-12-16 16:30:45 +01:00
Volker Dusch
d469621cc6 Merge remote-tracking branch 'security/PHP-8.5.1-security' into PHP-8.5.1 
* security/PHP-8.5.1-security:
  intl: Fix tests for icu update
  Suppress libxml deprecations
  Update NEWS with info about security issues
  Fix GHSA-www2-q4fc-65wf
  Fix GHSA-h96m-rvf9-jgm2
  Fix GHSA-8xr5-qppj-gvwj: PDO quoting result null deref
 2025-12-16 16:28:18 +01:00
Tim Düsterhus
631b364117 uri: Update to uriparser-0.9.9-85-g9a31011 (#20707) 
This is specifically to import uriparser/uriparser#284 to fix CVE-2025-67899.

(cherry picked from commit 284e202d25)
 2025-12-15 16:24:17 +01:00
Niels Dossche
b8b7add531 intl: Fix tests for icu update 2025-12-14 23:05:06 +01:00
Ilija Tovilo
1754cdc033 Suppress libxml deprecations 
Closes GH-20538
 2025-12-14 22:26:29 +01:00
Jakub Zelenka
9f903fbca5 Update NEWS with info about security issues 2025-12-14 19:41:16 +01:00
Niels Dossche
6ba83131aa Fix GHSA-www2-q4fc-65wf 2025-12-14 19:41:16 +01:00
Niels Dossche
a7f2a15c5b Fix GHSA-h96m-rvf9-jgm2 2025-12-14 19:41:12 +01:00
Jakub Zelenka
501b15ecbf Fix GHSA-8xr5-qppj-gvwj: PDO quoting result null deref 2025-12-12 11:55:48 +01:00
Volker Dusch
eb617f32bb Update news after cherry-picks 2025-12-09 14:56:07 +01:00
Gina Peter Banyard
b9d7268482 Fix GH-20553: PDO::FETCH_CLASSTYPE ignores $constructorArgs in PHP 8.5.0 
We must assign the ctor_arguments regardless of modes.
This regression was introduced during the refactoring of PDO's internals

Closes GH-20595
 2025-12-09 14:50:49 +01:00
Tim Düsterhus
3ae61e4666 uri: Update to uriparser-0.9.9-79-gf47a7f0 (#20671) 
This is in preparation of importing a fix for the uriparser/uriparser#282
security issue, which will likely depend on this refactoring to cleanly apply.
 2025-12-09 14:50:49 +01:00
David Carlier
671f95eea3 Fix GH-20603 issue on windows 32 bits. 
the timeout needed to be unsigned.

close GH-20634
 2025-12-09 14:50:44 +01:00
Daniel Scherzer
aa795a6aa3 Merge branch 'PHP-8.4' into PHP-8.5 
* PHP-8.4:
  Fix GH-20426: fix Spoofchecker::setRestrictionLevel() error (#20427)
 2025-12-01 13:40:23 -08:00
Daniel Scherzer
355d296baa Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-20426: fix Spoofchecker::setRestrictionLevel() error (#20427)
 2025-12-01 13:39:38 -08:00
Daniel Scherzer
c343ede18d Fix GH-20426: fix Spoofchecker::setRestrictionLevel() error (#20427) 2025-12-01 13:37:49 -08:00
Michael Voříšek
f8c7dc19a4 Add "since PHP 8.1" to ReflectionXxx::setAccessible() deprecations (#20555) 2025-12-01 12:57:19 -08:00
Niels Dossche
6afe2cef78 Merge branch 'PHP-8.4' into PHP-8.5 
* PHP-8.4:
  Fix GH-20614: SplFixedArray incorrectly handles references in deserialization
 2025-11-30 10:43:27 +01:00
Niels Dossche
9734ba4d21 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-20614: SplFixedArray incorrectly handles references in deserialization
 2025-11-30 10:42:19 +01:00
Niels Dossche
366ed4c750 Fix GH-20614: SplFixedArray incorrectly handles references in deserialization 
All other code caters to dereferencing array elements, except the
unserialize handler. This causes references to be present in the fixed
array even though this seems not intentional as reference assign is
otherwise impossible.
On 8.5+ this causes an assertion failure. On 8.3+ this causes references
to be present where they shouldn't be.

Closes GH-20616.
 2025-11-30 10:41:32 +01:00
David Carlier
227541cb96 Merge branch 'PHP-8.4' into PHP-8.5 
* PHP-8.4:
  Fix GH-20601: ftp_connect() timeout argument overflow.
 2025-11-29 23:06:15 +00:00
David Carlier
1701589884 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-20601: ftp_connect() timeout argument overflow.
 2025-11-29 23:05:37 +00:00
David Carlier
4312a446d0 Fix GH-20601: ftp_connect() timeout argument overflow. 
close GH-20603
 2025-11-29 23:05:14 +00:00
David Carlier
848269d6a8 Merge branch 'PHP-8.4' into PHP-8.5 
* PHP-8.4:
  Fix GH-20602: imagescale() overflow with large height values.
 2025-11-29 13:32:18 +00:00
David Carlier
6d5490861f Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-20602: imagescale() overflow with large height values.
 2025-11-29 13:31:38 +00:00
David Carlier
c8e13af455 Fix GH-20602: imagescale() overflow with large height values. 
close GH-20605
 2025-11-29 13:30:49 +00:00
Niels Dossche
1279bc60e7 Merge branch 'PHP-8.4' into PHP-8.5 
* PHP-8.4:
  Fix GH-20584: Information Leak of Memory
  Fix GH-20583: Stack overflow in http_build_query via deep structures
 2025-11-28 18:39:50 +01:00
Niels Dossche
159a75c93c Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-20584: Information Leak of Memory
  Fix GH-20583: Stack overflow in http_build_query via deep structures
 2025-11-28 18:39:27 +01:00
Niels Dossche
8fe7930533 Fix GH-20584: Information Leak of Memory 
The string added had uninitialized memory due to
php_read_stream_all_chunks() not moving the buffer position, resulting
in the same data always being overwritten instead of new data being
added to the end of the buffer.

Closes GH-20592.
 2025-11-28 18:38:48 +01:00
Niels Dossche
292a7f73ba Fix GH-20583: Stack overflow in http_build_query via deep structures 
Closes GH-20590.
 2025-11-28 18:38:18 +01:00
Niels Dossche
d13b5ebc08 Merge branch 'PHP-8.4' into PHP-8.5 
* PHP-8.4:
  Fix GH-20286: use-after-destroy during userland stream_close()
 2025-11-23 17:52:42 +01:00
Niels Dossche
eb733a3127 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-20286: use-after-destroy during userland stream_close()
 2025-11-23 17:51:35 +01:00
Niels Dossche
27f17c3322 Fix GH-20286: use-after-destroy during userland stream_close() 
Closes GH-20493.

Co-authored-by: David Carlier <devnexen@gmail.com>
 2025-11-23 17:46:28 +01:00
David Carlier
1787765696 Fix GH-20546: Zend preserve_none attribute config check on macOs issue. 
This attribute fails on macOs due to the inline assembly test.
Due to an old Darwin C ABI convention, symbols are prefixed with an
underscore so we need to take in account also for x86_64.

close GH-20559
 2025-11-22 23:10:08 +00:00
David Carlier
5562e5558a Merge branch 'PHP-8.4' into PHP-8.5 
* PHP-8.4:
  Fix GH-20554: php_cli_server() get http status as string build issue.
 2025-11-22 22:26:01 +00:00
David Carlier
30fbcf9d7e Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-20554: php_cli_server() get http status as string build issue.
 2025-11-22 22:25:51 +00:00
David Carlier
9149c35514 Fix GH-20554: php_cli_server() get http status as string build issue. 
due to the signature of this helper it needs to be const also
bsearch key argument needs to be too.

close GH-20556
 2025-11-22 22:25:33 +00:00
David Carlier
4d71d8a454 Merge branch 'PHP-8.4' into PHP-8.5 
* PHP-8.4:
  Fix GH-20551: imagegammacorrect out of range gamma value.
 2025-11-22 22:23:41 +00:00
David Carlier
30cb1998ae Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-20551: imagegammacorrect out of range gamma value.
 2025-11-22 22:22:50 +00:00
David Carlier
f88d247ce2 Fix GH-20551: imagegammacorrect out of range gamma value. 
close GH-20552
 2025-11-22 22:22:27 +00:00
Remi Collet
e2219488ba NEWS 2025-11-21 09:21:03 +01:00
Remi Collet
7bdeedb430 Merge branch 'PHP-8.4' into PHP-8.5 
* PHP-8.4:
  NEWS
  NEWS
  Fix GH-20528: Regression breaks mysql connexion using an IPv6 address enclosed in square brackets
 2025-11-21 09:20:41 +01:00
Remi Collet
74c4510da9 NEWS 2025-11-21 09:20:22 +01:00
Remi Collet
c9de303087 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  NEWS
  Fix GH-20528: Regression breaks mysql connexion using an IPv6 address enclosed in square brackets
 2025-11-21 09:19:56 +01:00
Remi Collet
769f319867 NEWS 2025-11-21 09:19:38 +01:00
Remi Collet
9d71c1e0b6 Fix GH-20528: Regression breaks mysql connexion using an IPv6 address enclosed in square brackets 2025-11-21 09:17:20 +01:00
Niels Dossche
929e7177f1 Merge branch 'PHP-8.4' into PHP-8.5 
* PHP-8.4:
  Fix GH-20492: mbstring compile warning due to non-strings
  Fix GH-20491: SLES15 compile error with mbstring oniguruma
 2025-11-20 19:26:48 +01:00
Niels Dossche
10ac41f158 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-20492: mbstring compile warning due to non-strings
  Fix GH-20491: SLES15 compile error with mbstring oniguruma
 2025-11-20 19:23:36 +01:00
Niels Dossche
159ef1401c Fix GH-20492: mbstring compile warning due to non-strings 
This is a partial backport of ea69276f, but without changing public
headers as that's not allowed at this point.

Closes GH-20494.
 2025-11-20 19:17:55 +01:00
Niels Dossche
a1912e3cdd Fix GH-20491: SLES15 compile error with mbstring oniguruma 
The issue is specific to SLES15.
Arguably this should be reported to them as it seems to me they meddled
with the oniguruma source code.

The definition in oniguruma.h on that platform looks like this (same as upstream):
```c
ONIG_EXTERN
int onig_error_code_to_str PV_((OnigUChar* s, int err_code, ...));
```

Where `PV_` is defined as (differs):
```c
#ifndef PV_
#ifdef HAVE_STDARG_PROTOTYPES
# define PV_(args) args
#else
# define PV_(args) ()
#endif
#endif
```

So that means that `HAVE_STDARG_PROTOTYPES` is unset.
This can be set if we define `HAVE_STDARG_H`,
which we can do because PHP requires at least C99 in which the header
is always available.
We could also use an autoconf check, but this isn't really necessary as
it will always succeed.
 2025-11-20 19:17:17 +01:00