php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-29 11:42:17 +02:00
Code Issues Packages Projects Releases Wiki Activity
135,413 Commits 547 Branches 1,481 Tags
php-8.3.17RC1
Commit Graph

135413 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jakub Zelenka
84b5e309c6 Update versions for PHP-8.3.17RC1 php-8.3.17RC1 2025-01-28 19:40:53 +01:00
Ilija Tovilo
dc06a52362 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  [skip ci] Another flaky macOS phar test
 2025-01-28 12:58:55 +01:00
Ilija Tovilo
c14601cc90 Merge branch 'PHP-8.1' into PHP-8.2 
* PHP-8.1:
  [skip ci] Another flaky macOS phar test
 2025-01-28 12:58:42 +01:00
Ilija Tovilo
d9744869e6 [skip ci] Another flaky macOS phar test 2025-01-28 12:58:30 +01:00
Ilija Tovilo
2ad778bc76 Fix missing GC_PERSISTENT_LOCAL flag on accel_globals.key 2025-01-28 12:55:09 +01:00
Ilija Tovilo
b598dbf822 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  [skip ci] Another flaky macOS phar test
 2025-01-28 12:45:17 +01:00
Ilija Tovilo
01309961bb Merge branch 'PHP-8.1' into PHP-8.2 
* PHP-8.1:
  [skip ci] Another flaky macOS phar test
 2025-01-28 12:45:10 +01:00
Ilija Tovilo
65b990a1e0 [skip ci] Another flaky macOS phar test 2025-01-28 12:44:24 +01:00
Ilija Tovilo
cee3687180 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix cve-2014-3538 test
 2025-01-27 21:49:03 +01:00
Ilija Tovilo
7bda7ad31d Merge branch 'PHP-8.1' into PHP-8.2 
* PHP-8.1:
  Fix cve-2014-3538 test
 2025-01-27 21:48:47 +01:00
Ilija Tovilo
d17d58a982 Fix cve-2014-3538 test 
Make sure we have a unique test file to work with, and increase the time
for the nojit version to match the default version.

Closes GH-17600
 2025-01-27 20:01:13 +01:00
Ilija Tovilo
8ea9b04a23 Fix inline zend_string using struct padding 
As explained by Snape3058: On 64-bit machines, we typically have 7 bytes
of padding between the zend_string.val[0] char and the following char[].
This means that zend_string.val[1-7] write to and read from the struct
padding, which is a bad idea.

Allocate the given string separately instead.

Fixes GH-17564
Closes GH-17576
 2025-01-27 19:50:38 +01:00
Calvin Buckley
556def741c Fix crash in PDO_ODBC statement dtor (#17586) 
Port of 2ae897fff7 to PDO_ODBC.
 2025-01-27 13:41:11 -04:00
Ilija Tovilo
1a4810a23d Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix mysql mysql_native_password error on CircleCI
 2025-01-27 17:13:30 +01:00
Ilija Tovilo
ad8ba85903 Merge branch 'PHP-8.1' into PHP-8.2 
* PHP-8.1:
  Fix mysql mysql_native_password error on CircleCI
 2025-01-27 17:13:20 +01:00
Ilija Tovilo
c99fb05929 Fix mysql mysql_native_password error on CircleCI 
This is already fixed in higher branches. We'll need to fix this
properly when upgrading to MySQL 8.4, which we should do soon as 8.3 is
already EOL.

Closes GH-17560
 2025-01-27 17:11:29 +01:00
Gina Peter Banyard
3027600ffc ext/pdo: Fix a UAF when changing default fetch class ctor args 
Co-authored-by: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
 2025-01-26 23:32:35 +00:00
Christoph M. Becker
2e02cdfb5f Fix NULL arithmetic in System V shared memory emulation 
For the first child process execution, `TWG(shm)` is `NULL`; we need to
catch that to avoid undefined behavior.

Closes GH-17550.
 2025-01-25 18:57:30 +01:00
Christoph M. Becker
3a52aba20c Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Use preinstalled MySQL for Windows CI
 2025-01-25 17:41:33 +01:00
Christoph M. Becker
2692b483db Merge branch 'PHP-8.1' into PHP-8.2 
* PHP-8.1:
  Use preinstalled MySQL for Windows CI
 2025-01-25 17:40:48 +01:00
Christoph M. Becker
a403b76e88 Use preinstalled MySQL for Windows CI 
Recent hosted GH Windows runners already have MySQL preinstalled, so
there is no particular need to install it again via Chocolatey or other
means.

If we ever need to address more specific needs, we may want to have a
look at <https://github.com/ankane/setup-mysql>.

Closes GH-17561.
Closes GH-17570.
 2025-01-25 17:40:00 +01:00
Gina Peter Banyard
e6d917e4c9 Add NEWS entries 
Closes GH-17539
 2025-01-24 20:16:12 +00:00
Niels Dossche
2ae897fff7 Fix crash in firebird statement dtor 
If both the driver object and statement end up in the GC buffer and are
freed by the GC, then the destruction order is not deterministic and it
is possible that the driver object is freed before the statement. In
that case, accessing S->H will cause a UAF. As the resources are already
released we simply skip the destruction if the driver object is already
destroyed.
 2025-01-24 20:16:12 +00:00
Gina Peter Banyard
99f8ec33d9 ext/pdo: Fix memory leak if GC needs to free PDO Statement 2025-01-24 20:16:12 +00:00
Ilija Tovilo
7068357906 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GHA config yml error
 2025-01-24 15:44:30 +01:00
Ilija Tovilo
f281e89cd1 Merge branch 'PHP-8.1' into PHP-8.2 
* PHP-8.1:
  Fix GHA config yml error
 2025-01-24 15:44:12 +01:00
Ilija Tovilo
3e6f4702ba Fix GHA config yml error 2025-01-24 15:43:22 +01:00
Gina Peter Banyard
a85666c17b ext/session: Fix GH-17541 (ext/session NULL pointer dereferencement during ID reset) 
Closes GH-17541
Closes GH-17546
 2025-01-24 14:04:58 +00:00
Ilija Tovilo
cf973421f4 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  [skip ci] Use !cancelled() over always() in GHA config
 2025-01-24 14:27:38 +01:00
Ilija Tovilo
4b867d495a Merge branch 'PHP-8.1' into PHP-8.2 
* PHP-8.1:
  [skip ci] Use !cancelled() over always() in GHA config
 2025-01-24 14:27:29 +01:00
Ilija Tovilo
5b32011fb5 [skip ci] Use !cancelled() over always() in GHA config 
According to the documentation, !cancelled() should be used over
always() when the step should be executed regardless of success of
failure, but canceled when the workflow is canceled.

See https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/evaluate-expressions-in-workflows-and-actions#always
 2025-01-24 14:27:15 +01:00
Ilija Tovilo
61d4bd573b Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Skip Symfony/Wordpress in 8.1 build
  Backport nightly.yml
 2025-01-24 14:14:51 +01:00
Ilija Tovilo
d90475dee1 Merge branch 'PHP-8.1' into PHP-8.2 
* PHP-8.1:
  Skip Symfony/Wordpress in 8.1 build
  Backport nightly.yml
 2025-01-24 14:14:42 +01:00
Ilija Tovilo
5b8c960c9f Skip Symfony/Wordpress in 8.1 build 
There are two issues: The latest Symfony branches don't support 8.1
anymore. This could ber mitigated by switching to LTS for security
builds. However, there are also some JIT bugs that are hard to backport.
We'll skip these builds on 8.1 instead.
 2025-01-24 14:11:55 +01:00
Ilija Tovilo
f26250c7c7 Backport nightly.yml 
This file should stay up-to-date for consistent behavior across workflow
triggers.
 2025-01-24 12:24:39 +01:00
Niels Dossche
2a2cc2ccce Fix type confusion with session SID constant 
Closes GH-17548.
 2025-01-23 19:03:04 +01:00
Niels Dossche
0b3e637aec Fix may_have_extra_named_args flag for ZEND_AST_UNPACK 
The check for `!fbc || (fbc->common.fn_flags & ZEND_ACC_VARIADIC)` is
performed after `fbc` is set to NULL, so this always returns true.
This results in `ZEND_FCALL_MAY_HAVE_EXTRA_NAMED_PARAMS` always being
set for unpack sends. Fix it by moving the flag updates to the point
before setting `fbc` to NULL.

Closes GH-17534.
 2025-01-21 19:26:49 +01:00
Niels Dossche
5344bcca97 Fix GH-17408: Assertion failure Zend/zend_exceptions.c 
`zend_test_create_throwing_resource` sets the exception in the `test`
call frame and unwinds to `main`. It then throws for the `resource`
variable and verifies that the exception opline is set. However, it
wasn't set in `main`, it was set at the `test` call frame and rethrown later.
The assertion is too conservative, but the end result is right, so drop
the assertion.

Closes GH-17533.

Co-authored-by: Ilija Tovilo <ilija.tovilo@me.com>
 2025-01-21 08:20:38 +01:00
Jakub Zelenka
191e16b703 Merge branch 'PHP-8.2' into PHP-8.3 2025-01-19 20:38:19 +01:00
Jakub Zelenka
5d632230ba Merge branch 'PHP-8.1' into PHP-8.2 2025-01-19 20:37:53 +01:00
Jakub Zelenka
235d1b14a3 Fix GH-17499: mysqli flaky test: ghsa-h35g-vwh6-m678-stmt-row-string 2025-01-19 20:36:12 +01:00
Niels Dossche
eab209d81d Fix GH-17518: offset overflow phar extractTo() 
`search` can be the empty string, so we need to check the length before
checking the last char.

Closes GH-17519.
 2025-01-19 13:05:19 +01:00
David Carlier
a1d1269688 Fix GH-17469: UConverter::transcode() not hardcoding error handling. 
Respecting instead intl.use_exceptions/intl.error_level.

close GH-17488
 2025-01-17 22:23:27 +00:00
Niels Dossche
82d71a82aa Fix GH-17500: Segfault with requesting nodeName on nameless doctype 
Closes GH-17344.
 2025-01-17 19:36:47 +01:00
Derick Rethans
7da1ea4029 Updated to version 2025.1 (2025a) 2025-01-17 11:53:10 +00:00
Christoph M. Becker
ed8b11188b Fix potential OOB when checking for trailing spaces 
If `path_len` is zero, we must not access `path`, let alone try to
subtract `-1` from it.

Since `path` and `path_len` are supposed to come from a `zend_string`,
this is not a security issue.

Closes GH-17471.
 2025-01-16 00:01:22 +01:00
Christoph M. Becker
022a5fca91 Fix NULL arithmetic during system program execution 
For the first child process execution, `TWG(process)` is `NULL`; we
need to catch that to avoid undefined behavior.

Closes GH-17470.
 2025-01-15 22:53:20 +01:00
David Carlier
e4473abefc Fix GH-17463: SplTempFileObject::ftruncate() segfault on negative length. 
close GH-465
 2025-01-14 18:32:01 +00:00
Ilija Tovilo
a6a290d541 Relax final+private warning for trait methods with inherited final 
Fixes GH-17214
Closes GH-17381
 2025-01-13 16:46:01 +01:00
Niels Dossche
d08a9e0010 Fix GH-17139: Fix zip_entry_name() crash on invalid entry 
Don't increment the refcount, but latter remember the ID to check
afterwards whether the resource still exists.

Replaces GH-17142.
Closes GH-17439.
 2025-01-12 20:37:51 +01:00