openssl_pkey_new() checks private_key_bits >= 384 before generating any
key. For EC, X25519, ED25519, X448, and ED448 the size is inherent to
the curve or algorithm, so this check doesn't apply and causes failures
when default_bits is missing from openssl.cnf (which is the case in
OpenSSL 3.6's default config).
Skip the minimum-bits check for key types that don't use private_key_bits.
Closes GH-21387.
Registering namespace after the parsing is too late because parsing can
fail due to attributes referencing namespaces.
So we have to register fake namespaces before the parsing.
However, the clone operation reconciles namespaces in the wrong way, so
we have to clone via an object.
Closes GH-21371.
Insert type guards (CHECK_OP1_TRACE_TYPE / CHECK_OP2_TRACE_TYPE) on the
sensitive bailout paths in ADD/SUB/MUL JIT compilation: the MAY_BE_UNDEF
and non-numeric operand breaks. Guards are only emitted when the traced
operand type is IS_LONG or IS_DOUBLE, ensuring TSSA result type
predictions stay valid for side traces without affecting the normal
numeric fast path.
Fixes GH-20838
Co-authored-by: Dmitry Stogov <dmitrystogov@gmail.com>
The cookie option parser uses a wrong offset to start scanning
attributes, causing cookie values containing substrings like
"path=" or "domain=" to be falsely matched as attributes.
close GH-21400
This path wasn't tested (clearly).
To trigger this we use FFI, which seemed like the easiest way that
doesn't involve using another process messing with the shared memory.
Closes GH-21388.
On AIX, NSIG is def'd as SIGMAX64+1, and SIGMAX64 itself is def'd as
255:
```
$ grep -Rw SIGMAX64 /QOpenSys/usr/include/
/QOpenSys/usr/include/sys/signal.h:#define SIGMAX64 255
/QOpenSys/usr/include/sys/signal.h:#define SIGMAX SIGMAX64
/QOpenSys/usr/include/sys/signal.h:#define NSIG64 (SIGMAX64+1)
```
...this causes an overflow when we set num_signals from the value of
NSIG, per GCC:
```
/rpmbuild/BUILD/php-8.5.3/ext/pcntl/pcntl.c:216:25: warning: large integer implicitly truncated to unsigned type [-Woverflow]
PCNTL_G(num_signals) = NSIG;
^~~~
```
...when we try to use pcntl to i.e. install a signal handler, we get an
error from pcntl:
```
Fatal error: Uncaught ValueError: pcntl_signal(): Argument #1 ($signal) must be less than 0 in phar:///QOpenSys/pkgs/bin/composer/vendor/seld/signal-handler/src/SignalHandler.php:491
```
The easiest way to deal with this silly AIX behaviour is to just promote
the storage size.
Fix `PQTRACE_SUPPRESS_TIMESTAMPS` guard misspelling in pgsql.stub.php.
The guard has been misspelled as `PQTRACE_SUPPPRESS_TIMESTAMPS`
(three P's) since 7ec8ae12c4, preventing the
`PGSQL_TRACE_SUPPRESS_TIMESTAMPS` constant from being registered.
close GH-21386
ReflectionMethod::invoke() (and invokeArgs()) for Closure::__invoke()
incorrectly accepted any Closure object, not just the one the
ReflectionMethod was created from. This happened because all Closures
share a single zend_ce_closure class entry, so the instanceof_function()
check always passed.
Fix: store the original Closure object in intern->obj during
ReflectionMethod construction, then compare object identity in
reflection_method_invoke() to reject different Closure instances.
Closes GH-21362
This fixes the PHP deprecation warning:
PHP Deprecated: Implicit conversion from float 2048.96875 to int
loses precision in .../ext/mbstring/gen_rare_cp_bitvec.php on line 9
