php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-30 04:02:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
138,755 Commits 547 Branches 1,481 Tags
php-8.4.0
Commit Graph

138755 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Saki Takamachi
b437f2b32e Update versions for PHP 8.4.0 php-8.4.0 2024-11-20 02:13:14 +09:00
Saki Takamachi
315fef2c72 Prepare NEWS for 8.4.0 2024-11-20 01:57:56 +09:00
Saki Takamachi
fa36346a6c [skip ci] NEWS for #16694 2024-11-20 00:42:40 +09:00
Saki Takamachi
2c8662d6f9 Fixed a bug in BcMath\Number::pow() and bcpow() when raising negative powers of 0. (#16694) 
Closes #16694
Fixes #16236
 2024-11-20 00:16:52 +09:00
Patrick Allaert
60e4f48fca Merge branch 'PHP-8.3' into PHP-8.4 2024-11-19 16:12:17 +01:00
Patrick Allaert
65bd3dbd2c Merge branch 'PHP-8.2' into PHP-8.3 2024-11-19 16:12:02 +01:00
Patrick Allaert
27a9965b97 Merge branch 'PHP-8.1' into PHP-8.2 2024-11-19 16:11:41 +01:00
Dmitry Stogov
9dade02569 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Backport JIT fix: set valid EX(opline) before calling gc_possible_root() (#16858)
 2024-11-19 18:04:33 +03:00
Dmitry Stogov
c6c3d9fa5a Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Backport JIT fix: set valid EX(opline) before calling gc_possible_root() (#16858)
 2024-11-19 18:04:15 +03:00
Dmitry Stogov
6167c64782 Backport JIT fix: set valid EX(opline) before calling gc_possible_root() (#16858) 2024-11-19 18:03:54 +03:00
Christoph M. Becker
e44b7625c5 Fix GH-16839: Error on building Opcache JIT for Windows ARM64 
OPcache JIT does not support Windows ARM64, so we should not allow
`--enable-opcache-jit` in the first place.

Due to the way `ARG_ENABLE()` is handled on Windows, we do not attempt
to suppress the configure option, but just do not enable JIT when the
user attempts to, and adapt the help text.

Closes GH-16841.
 2024-11-18 23:27:54 +01:00
Niels Dossche
e00d684420 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-16630: UAF in lexer with encoding translation and heredocs
 2024-11-18 19:59:08 +01:00
Niels Dossche
6a632a2d60 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-16630: UAF in lexer with encoding translation and heredocs
 2024-11-18 19:59:01 +01:00
Niels Dossche
fc1db70f10 Fix GH-16630: UAF in lexer with encoding translation and heredocs 
zend_save_lexical_state() can be nested multiple times, for example for
the parser initialization and then in the heredoc lexing. The input
should not be freed if we restore to the same filtered string.

Closes GH-16716.
 2024-11-18 19:58:02 +01:00
Dmitry Stogov
997431dea2 JIT: Set valid EX(opline) before calling gc_possible_root() 2024-11-18 19:31:26 +03:00
Jakub Zelenka
a001ad33f0 Update NEWS with security fixes info 2024-11-18 16:56:00 +01:00
Jakub Zelenka
32f905f1d6 Fix MySQLnd possible buffer over read in auth_protocol 2024-11-18 16:55:44 +01:00
Jakub Zelenka
e47f18156e Merge branch 'PHP-8.3' into PHP-8.4 2024-11-18 16:50:05 +01:00
Jakub Zelenka
1b6c3f7172 Merge branch 'PHP-8.2' into PHP-8.3 2024-11-18 16:48:50 +01:00
Jakub Zelenka
cae2582416 Run labeler only in php/php-src repository 
Closes GH-16844
 2024-11-18 16:43:15 +01:00
Ilija Tovilo
048fa7bacc Fix get_object_vars() for non-hooked props in hooked prop iter 
The zend_hash_update_ind() variant unwraps indirects, rather than creating them.
Don't use _zend_hash_append_ind() because the property might already exist.

Fixes GH-16725
Closes GH-16805
 2024-11-18 16:20:19 +01:00
Dmitry Stogov
159b71c0f4 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fixed test
 2024-11-18 15:35:13 +03:00
Dmitry Stogov
5198bcc561 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fixed test
 2024-11-18 15:35:09 +03:00
Dmitry Stogov
71403558d3 Fixed test 2024-11-18 15:34:55 +03:00
Dmitry Stogov
e55bf9a2ea Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-16829: Segmentation fault with opcache.jit=tracing enabled on aarch64
 2024-11-18 14:34:55 +03:00
Dmitry Stogov
5575703fb3 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-16829: Segmentation fault with opcache.jit=tracing enabled on aarch64
 2024-11-18 14:34:42 +03:00
Dmitry Stogov
79aaeeafe5 Fix GH-16829: Segmentation fault with opcache.jit=tracing enabled on aarch64 2024-11-18 14:27:08 +03:00
Niels Dossche
7dd336ae83 Fix GHSA-4w77-75f9-2c8w 2024-11-18 11:06:01 +01:00
Niels Dossche
81030c9bbb Fix GHSA-r977-prxv-hc43 
Move the bound check upwards. Since this doesn't generate output we can
check the bound first.
 2024-11-17 19:30:44 +01:00
Jakub Zelenka
2f5aa9f9d1 Fix GHSA-h35g-vwh6-m678: Mysqlnd - various heap buffer over-reads 
This fixes issues causing buffer over-read that leak heap content:
- RESP packet field default left over for COM_LIST
- RESP packet upsert filename
- OK packet message
- RESP packet for stmt row data
  - ps_fetch_from_1_to_8_bytes
  - ps_fetch_float
  - ps_fetch_double
  - ps_fetch_time
  - ps_fetch_date
  - ps_fetch_datetime
  - ps_fetch_string
  - ps_fetch_bit
- RESP packet for query row data (just possible overflow on 32bit)

It also adds various protocol tests using a new fake server.
 2024-11-17 19:30:13 +01:00
Niels Dossche
f9ecf90070 Fix GHSA-g665-fm4p-vhff: OOB access in ldap_escape 2024-11-17 19:29:56 +01:00
Jakub Zelenka
426a6d4539 Fix GHSA-c5f2-jwm7-mmq2: stream HTTP fulluri CRLF injection 2024-11-17 19:29:45 +01:00
Niels Dossche
69c5f68fdc Fix GHSA-5hqh-c84r-qjcv: Integer overflow in the firebird quoter causing OOB writes 2024-11-17 19:29:26 +01:00
Niels Dossche
d9baa9fed8 Fix GHSA-5hqh-c84r-qjcv: Integer overflow in the dblib quoter causing OOB writes 2024-11-17 19:29:16 +01:00
David Carlier
f7a508ca10 Merge branch 'PHP-8.3' into PHP-8.4 2024-11-17 12:27:36 +00:00
David Carlier
3fd0e4c461 Merge branch 'PHP-8.2' into PHP-8.3 2024-11-17 12:27:26 +00:00
David Carlier
80894d87d5 Fix GH-16834: cal_from_jd overflow on julian_day argument. 
close GH-16836
 2024-11-17 12:27:02 +00:00
Gina Peter Banyard
5e360b6402 ext/pdo_pgsql: Remove new PDO class constant specific to PGSQL driver 
Closes GH-16755
 2024-11-16 16:30:19 +00:00
Niels Dossche
d3fada3748 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-16777: Calling the constructor again on a DOM object after it is in a document causes UAF
  Fix GH-16808: Segmentation fault in RecursiveIteratorIterator->current() with a xml element input
 2024-11-16 13:42:14 +01:00
Niels Dossche
18b18f0ee0 Fix GH-16777: Calling the constructor again on a DOM object after it is in a document causes UAF 
Closes GH-16824.
 2024-11-16 13:42:01 +01:00
Niels Dossche
2ba18590bf Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-16808: Segmentation fault in RecursiveIteratorIterator->current() with a xml element input
 2024-11-16 13:41:29 +01:00
Niels Dossche
fbb0061993 Fix GH-16808: Segmentation fault in RecursiveIteratorIterator->current() with a xml element input 
When the current data is invalid, NULL must be returned. At least that's
how the check in SPL works and how other extensions do this as well.
If we don't do this, an UNDEF value gets propagated to a return value
(misprinted as null); leading to issues.

Closes GH-16825.
 2024-11-16 13:39:46 +01:00
Niels Dossche
1b803bc3f5 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-16802: open_basedir bypass using curl extension
 2024-11-15 21:17:51 +01:00
Niels Dossche
179ca2bf2a Fix GH-16802: open_basedir bypass using curl extension 
And fix a memleak while here.

Closes GH-16804.
 2024-11-15 21:17:36 +01:00
Niels Dossche
6a55beef90 Fix test expectation for different closure name in 8.4 2024-11-15 20:32:59 +01:00
Niels Dossche
4a5854ee62 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-16799: Assertion failure at Zend/zend_vm_execute.h:7469
 2024-11-15 20:03:26 +01:00
Niels Dossche
ed59c00661 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-16799: Assertion failure at Zend/zend_vm_execute.h:7469
 2024-11-15 20:03:19 +01:00
Niels Dossche
553d79c709 Fix GH-16799: Assertion failure at Zend/zend_vm_execute.h:7469 
zend_is_callable_ex() can unfortunately emit a deprecation, and then
a user error handler can throw an exception. This causes an assert
failure at ZEND_VM_NEXT_OPCODE(). We fix this by checking if there's an
exception after zend_is_callable_ex().

Closes GH-16803.
 2024-11-15 20:02:26 +01:00
Christoph M. Becker
54ae770cd6 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Adapt ext/intl tests for ICU 75.1 and 76.1
 2024-11-15 18:57:12 +01:00
Christoph M. Becker
716b03d081 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Adapt ext/intl tests for ICU 75.1 and 76.1
 2024-11-15 18:55:31 +01:00