* PHP-8.1:
Update NEWS with info about security issues
Fix GHSA-www2-q4fc-65wf
Fix GHSA-h96m-rvf9-jgm2
Fix GHSA-8xr5-qppj-gvwj: PDO quoting result null deref
Fix GH-20584: Information Leak of Memory
The string added had uninitialized memory due to
php_read_stream_all_chunks() not moving the buffer position, resulting
in the same data always being overwritten instead of new data being
added to the end of the buffer.
This is backport as there is a security impact as described in
GHSA-3237-qqm7-mfv7 .
According to @cmb69, PHP does not require VLA support
(https://github.com/php/php-src/pull/10304#discussion_r1069343092).
VLAs are a bad idea for several reasons, so let's get rid of them.
Two of the VLAs were probably unintended; unlike C++, C doesn't have
the concept of "constant expressions", so an array with a "const"
length is technically still a VLA. This is fixed by removing the
"const" variable, and using sizeof() instead.
(cherry picked from commit ff2a211d55)
The old Xcode sticks around, so make sure we sort in reverse to pick the newer
version. Technically we should use something like sort -Vr, but -V doesn't exist
on macOS. But that won't be a problem until Xcode 100, which my great great
grand children can worry about.
This resolves a crash in release builds. This may be dropped again in the
future once the bugfix lands.
Co-authored by Alexandre Daubois <alex.daubois@gmail.com>
Co-authored by Arnaud Le Blanc <arnaud.lb@gmail.com>
Co-authored by Jakub Zelenka <bukka@php.net>
Closes GH-20669
Symfony 8.1 and 8.0 now require PHP 8.4. Use 7.4 for PHP 8.3 and 8.2 builds. PHP
8.1 continues to be skipped. Sadly, this will need to be updated sporadically.
Closes GH-20512
In the latest version of libpcre2, the offsets appearing in some
"compilation failed" warnings have increased by one, as a result of
https://github.com/PCRE2Project/pcre2/pull/756
This is causing spurious test failures, so in this commit we replace
the hard-coded offsets by a regex that matches both values.
Gentoo-bug: https://bugs.gentoo.org/965018
Closes GH-20397
> LeakSanitizer has encountered a fatal error.
This happens only on 8.2/8.3 for some reason. Don't merge for 8.4 for now, we
can do that later if it reoccurs.
These tests:
- ext/standard/tests/network/udp4loop.phpt
- ext/sockets/tests/socket_create_listen.phpt
- ext/sockets/tests/socket_create_listen-win32.phpt
all use port 31338. socket_create_listen.phpt and its win32 variant are mutually
exclusive, so they can't conflict. While udp4loop.phpt tries multiple ports, the
other tests do not. If udp4loop.phpt runs first and socket_create_listen.phpt
starts before it ends, the port is still blocked. Bump the start port for
udp4loop.phpt to avoid conflicts.
jobs_url is a link to the api, rather than the website.
Also tweak wording, as we now only send one notification per workflow, rather
than per failed job.
