CM4all
diff --git a/‎.circleci/config.yml‎
Lines changed: 1 addition & 1 deletion b/‎.circleci/config.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/actions/setup-oracle/action.yml‎
Lines changed: 4 additions & 4 deletions b/‎.github/actions/setup-oracle/action.yml‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎.github/workflows/push.yml‎
Lines changed: 2 additions & 0 deletions b/‎.github/workflows/push.yml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎NEWS‎
Lines changed: 80 additions & 0 deletions b/‎NEWS‎
Lines changed: 80 additions & 0 deletions
diff --git a/‎Zend/tests/attributes/021_attribute_flags_type_is_validated.phpt‎
Lines changed: 11 additions & 2 deletions b/‎Zend/tests/attributes/021_attribute_flags_type_is_validated.phpt‎
Lines changed: 11 additions & 2 deletions
diff --git a/‎Zend/tests/attributes/022_attribute_flags_value_is_validated.phpt‎
Lines changed: 11 additions & 2 deletions b/‎Zend/tests/attributes/022_attribute_flags_value_is_validated.phpt‎
Lines changed: 11 additions & 2 deletions
diff --git a/‎Zend/tests/attributes/023_ast_node_in_validation.phpt‎
Lines changed: 11 additions & 2 deletions b/‎Zend/tests/attributes/023_ast_node_in_validation.phpt‎
Lines changed: 11 additions & 2 deletions
diff --git a/‎Zend/tests/attributes/032_attribute_validation_scope.phpt‎
Lines changed: 13 additions & 3 deletions b/‎Zend/tests/attributes/032_attribute_validation_scope.phpt‎
Lines changed: 13 additions & 3 deletions
diff --git a/‎Zend/tests/attributes/033_attribute_flags_type_is_not_validated_at_comp_time.phpt‎
Lines changed: 12 additions & 0 deletions b/‎Zend/tests/attributes/033_attribute_flags_type_is_not_validated_at_comp_time.phpt‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎Zend/tests/gh14009_001.phpt‎
Lines changed: 41 additions & 0 deletions b/‎Zend/tests/gh14009_001.phpt‎
Lines changed: 41 additions & 0 deletions
@@ -5,7 +5,7 @@ jobs:
     resource_class: arm.medium
     docker:
       - image: cimg/base:current-22.04
-      - image: mysql:8
+      - image: mysql:8.3
         environment:
           MYSQL_ALLOW_EMPTY_PASSWORD: true
           MYSQL_ROOT_PASSWORD: ''
 
@@ -13,10 +13,10 @@ runs:
           -d gvenzl/oracle-xe:slim
 
         mkdir /opt/oracle
-        wget -nv https://download.oracle.com/otn_software/linux/instantclient/instantclient-basiclite-linuxx64.zip
-        unzip instantclient-basiclite-linuxx64.zip && rm instantclient-basiclite-linuxx64.zip
-        wget -nv https://download.oracle.com/otn_software/linux/instantclient/instantclient-sdk-linuxx64.zip
-        unzip instantclient-sdk-linuxx64.zip && rm instantclient-sdk-linuxx64.zip
+        wget -nv https://download.oracle.com/otn_software/linux/instantclient/2114000/instantclient-basiclite-linux.x64-21.14.0.0.0dbru.zip
+        unzip instantclient-basiclite-linux.x64-21.14.0.0.0dbru.zip && rm instantclient-basiclite-linux.x64-21.14.0.0.0dbru.zip
+        wget -nv https://download.oracle.com/otn_software/linux/instantclient/2114000/instantclient-sdk-linux.x64-21.14.0.0.0dbru.zip
+        unzip instantclient-sdk-linux.x64-21.14.0.0.0dbru.zip && rm instantclient-sdk-linux.x64-21.14.0.0.0dbru.zip
         mv instantclient_*_* /opt/oracle/instantclient
         # interferes with libldap2 headers
         rm /opt/oracle/instantclient/sdk/include/ldap.h
 
@@ -72,6 +72,7 @@ jobs:
           # job id, not the job name)
           key: "LINUX_X64_${{ matrix.debug && 'DEBUG' || 'RELEASE' }}_${{ matrix.zts && 'ZTS' || 'NTS' }}-${{hashFiles('main/php_version.h')}}"
           append-timestamp: false
+          save: ${{ github.event_name != 'pull_request' }}
       - name: ./configure
         uses: ./.github/actions/configure-x64
         with:
@@ -111,6 +112,7 @@ jobs:
         with:
           key: "${{github.job}}-${{hashFiles('main/php_version.h')}}"
           append-timestamp: false
+          save: ${{ github.event_name != 'pull_request' }}
       - name: ./configure
         uses: ./.github/actions/configure-macos
         with:
 
@@ -1,5 +1,85 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
+06 Jun 2024, PHP 8.2.20
+
+- CGI:
+  . Fixed buffer limit on Windows, replacing read call usage by _read.
+    (David Carlier)
+  . Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection
+    in PHP-CGI). (CVE-2024-4577) (nielsdos)
+
+- CLI:
+  . Fixed bug GH-14189 (PHP Interactive shell input state incorrectly handles
+    quoted heredoc literals.). (nielsdos)
+
+- Core:
+  . Fixed bug GH-13970 (Incorrect validation of #[Attribute] flags type for
+    non-compile-time expressions). (ilutov)
+  . Fixed bug GH-14140 (Floating point bug in range operation on Apple Silicon
+    hardware). (Derick, Saki)
+
+- DOM:
+  . Fix crashes when entity declaration is removed while still having entity
+    references. (nielsdos)
+  . Fix references not handled correctly in C14N. (nielsdos)
+  . Fix crash when calling childNodes next() when iterator is exhausted.
+    (nielsdos)
+  . Fix crash in ParentNode::append() when dealing with a fragment
+    containing text nodes. (nielsdos)
+
+- FFI:
+  . Fixed bug GH-14215 (Cannot use FFI::load on CRLF header file with
+    apache2handler). (nielsdos)
+
+- Filter:
+  . Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL).
+    (CVE-2024-5458) (nielsdos)
+
+- FPM:
+  . Fix bug GH-14175 (Show decimal number instead of scientific notation in
+    systemd status). (Benjamin Cremer)
+
+- Hash:
+  . ext/hash: Swap the checking order of `__has_builtin` and `__GNUC__`
+    (Saki Takamachi)
+
+- Intl:
+  . Fixed build regression on systems without C++17 compilers. (Calvin Buckley,
+    Peter Kokot)
+
+- Ini:
+  . Fixed bug GH-14100 (Corrected spelling mistake in php.ini files).
+    (Marcus Xavier)
+
+- MySQLnd:
+  . Fix bug GH-14255 (mysqli_fetch_assoc reports error from
+    nested query). (Kamil Tekiela)
+
+- Opcache:
+  . Fixed bug GH-14109 (Fix accidental persisting of internal class constant in
+    shm). (ilutov)
+
+- OpenSSL:
+  . The openssl_private_decrypt function in PHP, when using PKCS1 padding
+    (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack
+    unless it is used with an OpenSSL version that includes the changes from this pull
+    request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection).
+    These changes are part of OpenSSL 3.2 and have also been backported to stable
+    versions of various Linux distributions, as well as to the PHP builds provided for
+    Windows since the previous release. All distributors and builders should ensure that
+    this version is used to prevent PHP from being vulnerable. (CVE-2024-2408)
+
+- Standard:
+  . Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874).
+    (CVE-2024-5585) (nielsdos)
+
+- XML:
+  . Fixed bug GH-14124 (Segmentation fault with XML extension under certain
+    memory limit). (nielsdos)
+
+- XMLReader:
+  . Fixed bug GH-14183 (XMLReader::open() can't be overridden). (nielsdos)
+
 09 May 2024, PHP 8.2.19
 
 - Core:
 
@@ -6,6 +6,15 @@ Attribute flags type is validated.
 #[Attribute("foo")]
 class A1 { }
 
+#[A1]
+class Foo {}
+
+try {
+    (new ReflectionClass(Foo::class))->getAttributes()[0]->newInstance();
+} catch (Error $e) {
+    echo $e->getMessage(), "\n";
+}
+
 ?>
---EXPECTF--
-Fatal error: Attribute::__construct(): Argument #1 ($flags) must be of type int, string given in %s
+--EXPECT--
+Attribute::__construct(): Argument #1 ($flags) must be of type int, string given
@@ -6,6 +6,15 @@ Attribute flags value is validated.
 #[Attribute(-1)]
 class A1 { }
 
+#[A1]
+class Foo { }
+
+try {
+    var_dump((new ReflectionClass(Foo::class))->getAttributes()[0]->newInstance());
+} catch (Error $e) {
+    echo $e->getMessage(), "\n";
+}
+
 ?>
---EXPECTF--
-Fatal error: Invalid attribute flags specified in %s
+--EXPECT--
+Invalid attribute flags specified
@@ -6,6 +6,15 @@ Attribute flags value is validated.
 #[Attribute(Foo::BAR)]
 class A1 { }
 
+#[A1]
+class Bar { }
+
+try {
+    var_dump((new ReflectionClass(Bar::class))->getAttributes()[0]->newInstance());
+} catch (Error $e) {
+    echo $e->getMessage(), "\n";
+}
+
 ?>
---EXPECTF--
-Fatal error: Class "Foo" not found in %s on line %d
+--EXPECT--
+Class "Foo" not found
@@ -1,9 +1,19 @@
 --TEST--
-Validation for "Attribute" does not use a scope when evaluating constant ASTs
+Validation for "Attribute" uses the class scope when evaluating constant ASTs
 --FILE--
 <?php
 #[Attribute(parent::x)]
 class x extends y {}
+
+class y {
+    protected const x = Attribute::TARGET_CLASS;
+}
+
+#[x]
+class z {}
+
+var_dump((new ReflectionClass(z::class))->getAttributes()[0]->newInstance());
 ?>
---EXPECTF--
-Fatal error: Cannot access "parent" when no class scope is active in %s on line %d
+--EXPECT--
+object(x)#1 (0) {
+}
@@ -0,0 +1,12 @@
+--TEST--
+Attribute flags type is not validated at compile time.
+--FILE--
+<?php
+
+#[Attribute("foo")]
+class A1 { }
+
+?>
+===DONE===
+--EXPECT--
+===DONE===
@@ -0,0 +1,41 @@
+--TEST--
+GH-14009: Traits inherit prototype
+--FILE--
+<?php
+
+class P {
+    protected function common() {
+        throw new Exception('Unreachable');
+    }
+}
+
+class A extends P {
+    public function test(P $sibling) {
+        $sibling->common();
+    }
+}
+
+class B extends P {
+    protected function common() {
+        echo __METHOD__, "\n";
+    }
+}
+
+trait T {
+    protected function common() {
+        echo __METHOD__, "\n";
+    }
+}
+
+class C extends P {
+    use T;
+}
+
+$a = new A();
+$a->test(new B());
+$a->test(new C());
+
+?>
+--EXPECT--
+B::common
+T::common