diff --git a/NEWS b/NEWS index 2213ff10b1db7..a1dcf7c15d6bc 100644 --- a/NEWS +++ b/NEWS @@ -1,10 +1,790 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -?? ??? ????, PHP 8.6.0alpha1 +?? ??? ????, PHP 8.5.0RC2 + +- Core: + . Fix OSS-Fuzz #447521098 (Fatal error during sccp shift eval). (ilutov) + . Fixed bug GH-20002 (Broken build on *BSD with MSAN). (outtersg) + +- BcMath: + . Fixed bug GH-20006 (Power of 0 of BcMath number causes UB). (nielsdos) + +- Opcache: + . Fixed segfault in function JIT due to NAN to bool warning. (Girgias) + . Fixed bug GH-19984 (Double-free of EG(errors)/persistent_script->warnings on + persist of already persisted file). (ilutov, Arnaud) + +- SOAP: + . Fixed bug GH-19773 (SIGSEGV due to uninitialized soap_globals->lang_en). + (nielsdos, KaseyJenkins) + +- URI: + . Fixed Uri\WhatWg\Url::withPort() when an invalid value is passed. + (timwolla) + . Fixed Uri\WhatWg\Url::parse() when resolving a relative URL + against a base URL with query or fragment. (timwolla) + +25 Sep 2025, PHP 8.5.0RC1 + +- Core: + . Fixed bug GH-19765 (object_properties_load() bypasses readonly property + checks). (timwolla) + . The __sleep() and __wakeup() magic methods have been deprecated. (Girgias) + . Fixed hard_timeout with --enable-zend-max-execution-timers. (Appla) + . Fixed bug GH-19839 (Incorrect HASH_FLAG_HAS_EMPTY_IND flag on userland + array). (ilutov) + . Fixed bug GH-19823 (register_argc_argv deprecation emitted twice when + using OPcache). (timwolla) + . Fixed bug GH-19480 (error_log php.ini cannot be unset when open_basedir is + configured). (nielsdos) + . Fixed bug GH-19719 (Allow empty statements before declare(strict_types)). + (nielsdos) + . Casting floats that are not representable as ints now emits a warning. + (Girgias) + . Casting NAN to other types now emits a warning. (Girgias) + +- Bz2: + . Fixed bug GH-19810 (Broken bzopen() stream mode validation). (ilutov) + +- Curl: + . Fix cloning of CURLOPT_POSTFIELDS when using the clone operator instead + of the curl_copy_handle() function to clone a CurlHandle. (timwolla) + +- Date: + . Fixed GH-17159: "P" format for ::createFromFormat swallows string literals. + (nielsdos) + . The __wakeup() magic method of DateTimeInterface, DateTime, + DateTimeImmutable, DateTimeZone, DateInterval, and DatePeriod has been + deprecated in favour of the __unserialize() magic method. (Girgias) + +- Exif: + . Fix OSS-Fuzz #442954659 (zero-size box in HEIF file causes infinite loop). + (nielsdos) + . Fix OSS-Fuzz #442954659 (Crash in exif_scan_HEIF_header). (nielsdos) + . Various hardening fixes to HEIF parsing. (nielsdos) + +- FPM: + . Fixed GH-8157 (post_max_size evaluates .user.ini too late in php-fpm). + (Jakub Zelenka) + +- Iconv: + . Extends the ICONV_CONST preprocessor for illumos/solaris. (jMichaelA) + +- Opcache: + . Fixed bug GH-19669 (assertion failure in zend_jit_trace_type_to_info_ex). + (Arnaud) + . Fixed bug GH-19831 (function JIT may not deref property value). (Arnaud) + +- OpenSSL: + . Fixed build when --with-openssl-legacy-provider set. (Jakub Zelenka) + +- MBstring: + . Updated Unicode data tables to Unicode 17.0. (Yuya Hamada) + +- Reflection: + . ReflectionConstant is no longer final. (sasezaki) + +- SAPI: + . Fixed bug GH-18582 and #81451: http_response_code() does not override the + status code generated by header(). (ilutov, Jakub Zelenka) + +- Standard: + . Passing strings which are not one byte long to ord() is now deprecated. + (Girgias) + . Fixed bug GH-19801 (leaks in var_dump() and debug_zval_dump()). + (alexandre-daubois) + . Fixed GH-14402 (SplPriorityQueue, SplMinHeap, and SplMaxHeap lost their + data on serialize()). (alexandre-daubois) + +- URI: + . Fixed bug GH-19780 (InvalidUrlException should check $errors argument). + (nielsdos) + . Prevent modifying Uri\WhatWg\Url and Uri\Rfc3986\Uri objects by manually + calling __construct() or __unserialize(). (timwolla) + . Add new Uri\UriError exception that is thrown for internal error + conditions. (timwolla) + . Further clean up the internal API. (timwolla) + . Fixed bug GH-19892 (Refcounting on zend_empty_array). (ilutov, timwolla) + . Fixed handling of port numbers > 65535 with the internal + `php_uri_parse_to_struct()` API. (timwolla) + . Fix Uri\WhatWg\Url::withHost(). (timwolla) + +- Windows: + . Fix GH-19722 (_get_osfhandle asserts in debug mode when given a socket). + (dktapps) + +11 Sep 2025, PHP 8.5.0beta3 + +- Core: + . Destructing non-array values (other than NULL) using [] or list() now + emits a warning. (Girgias) + . Fixed bug GH-19637 (Incorrect Closure scope for FCC in constant + expression). (timwolla) + . Fixed bug GH-19613 (Stale array iterator pointer). (ilutov) + . Fixed bug GH-19679 (zend_ssa_range_widening may fail to converge). (Arnaud) + . Using null as an array offset or when calling array_key_exists() is now + deprecated. (alexandre-daubois) + . Fixed bug GH-19681 (PHP_EXPAND_PATH broken with bash 5.3.0). (Remi) + . Marks the stack as non-executable on Haiku. (David Carlier) + . Deriving $_SERVER['argc'] and $_SERVER['argv'] from the query string is + now deprecated. (timwolla, nicolasgrekas) + +- CLI: + . Fixed bug GH-19461 (Improve error message on listening error with IPv6 + address). (alexandre-daubois) + +- Date: + . Fixed date_sunrise() and date_sunset() with partial-hour UTC offset. + (ilutov) + +- EXIF: + . Added support to retrieve Exif from HEIF file. (Benstone Zhang) + +- FPM: + . Fixed failed debug assertion when php_admin_value setting fails. (ilutov) + +- Filter: + . Fixed bug GH-16993 (filter_var_array with FILTER_VALIDATE_INT|FILTER_NULL_ON_FAILURE + should emit warning for invalid filter usage). (alexandre-daubois) + +- Intl: + . Added grapheme_strpos(), grapheme_stripos(), grapheme_strrpos(), + grapheme_strripos(), grapheme_strstr(), grapheme_stristr() and + grapheme_levenshtein() functions add $locale parameter (Yuya Hamada). + . Fixed bug GH-11952 (Fix locale strings canonicalization for IntlDateFormatter + and NumberFormatter). (alexandre-daubois) + +- ODBC: + . Removed driver-specific build flags and support. (Calvin Buckley) + +- Opcache: + . Fixed bug GH-19486 (Incorrect opline after deoptimization). (Arnaud) + . Fixed bug GH-19601 (Wrong JIT stack setup on aarch64/clang). (Arnaud) + . Fixed bug GH-19388 (Broken opcache.huge_code_pages). (Arnaud) + . Fixed bug GH-19657 (Build fails on non-glibc/musl/freebsd/macos/win + platforms). (Arnaud) + +- PCRE: + . Upgraded to pcre2lib from 10.45 to 10.46. (nielsdos) + +- PDO: + . Driver specific methods in the PDO class are now deprecated. (Arnaud) + +- PDO_SQLITE: + . Add PDO\Sqlite::ATTR_TRANSACTION_MODE connection attribute. + (Samuel Štancl) + +- Reflection: + . Fix GH-19691 (getModifierNames() not reporting asymmetric visibility). + (DanielEScherzer) + +- Session: + . Fix RC violation of session SID constant deprecation attribute. (ilutov) + +- Standard: + . Fix GH-19610 (Deprecation warnings in functions taking as argument). + (Girgias) + . Fixed bug GH-19577 (Avoid integer overflow when using a small offset + and PHP_INT_MAX with LimitIterator). (alexandre-daubois) + . Implement GH-19188: Add support for new INI mail.cr_lf_mode. + (alexandre-daubois) + +- Streams: + . Fixed bug GH-14506 (Closing a userspace stream inside a userspace handler + causes heap corruption). (nielsdos) + . Avoid double conversion to string in php_userstreamop_readdir(). (nielsdos) + +- URI: + . Added support for Uri\Rfc3986\Uri::with*() methods. (kocsismate) + . Fixed memory management of Uri\WhatWg\Url objects. (timwolla) + . Fixed memory management of the internal "parse_url" URI parser. + (timwolla) + . Fixed double-free when assigning to $errors fails when using + the Uri\WhatWg\Url parser. (timwolla) + . Reject out-of-range ports when using the Uri\Rfc3986\Uri parser. + (timwolla) + . Return null instead of 0 for Uri\Rfc3986\Uri::getPort() when the + URI contains an empty port. (timwolla) + . Fixed creation of the InvalidUrlException when not passing an + errors zval to the internal whatwg parser. (timwolla) + . Clean up naming of internal API. (timwolla) + +28 Aug 2025, PHP 8.5.0beta2 + +- Core: + . Fixed bug GH-18850 (Repeated inclusion of file with __halt_compiler() + triggers "Constant already defined" warning). (ilutov) + . Fixed bug GH-19476 (pipe operator fails to correctly handle returning + by reference). (alexandre-daubois) + . The report_memleaks INI directive has been deprecated. (alexandre-daubois) + . Constant redeclaration has been deprecated. (alexandre-daubois) + . Fixed OSS-Fuzz #439125710 (Pipe cannot be used in write context). + (nielsdos) + . Added support for configuring the URI parser for the FTP/FTPS as well as + the SSL/TLS stream wrappers as described in + https://wiki.php.net/rfc/url_parsing_api#plugability. (kocsismate) + . Fixed bug GH-19548 (Shared memory violation on property inheritance). + (alexandre-daubois) + . Fixed bug GH-19544 (GC treats ZEND_WEAKREF_TAG_MAP references as WeakMap + references). (Arnaud, timwolla) + . Introduced the TAILCALL VM, enabled by default when compiling with Clang>=19 + on x86_64 or aarch64. (Arnaud) + . Enacted the follow-up phase of the "Path to Saner Increment/Decrement + operators" RFC, meaning that incrementing non-numeric strings is now + deprecated. (Girgias). + . Various closure binding issues are now deprecated. (alexandre-daubois) + . Fixed bug GH-18373 (Don't substitute self/parent with anonymous class). + (ilutov) + . Prohibit pipe & arrow function combination that leads to confusing parse + trees. (ilutov) + . The disable_classes INI directive has been removed. (Girgias) + . The locally predefined variable $http_response_header is deprecated. + (Girgias) + +- Filter: + . Added support for configuring the URI parser for FILTER_VALIDATE_URL + as described in https://wiki.php.net/rfc/url_parsing_api#plugability. + (kocsismate) + +- ODBC: + . Remove ODBCVER and assume ODBC 3.5. (Calvin Buckley) + +- Opcache: + . Fixed bug GH-19493 (JIT variable not stored before YIELD). (Arnaud) + +- OpenSSL: + . Implement #81724 (openssl_cms_encrypt only allows specific ciphers). + (Jakub Zelenka) + +- PDO: + . Driver specific constants in the PDO class are now deprecated. (Arnaud) + +- Phar: + . Fixed memory leaks when verifying OpenSSL signature. (Girgias) + +- Session: + . Added support for partitioned cookies. (nielsdos) + +- SOAP: + . Added support for configuring the URI parser for SoapClient::_doRequest() + as described in https://wiki.php.net/rfc/url_parsing_api#plugability. + (kocsismate) + +- SPL: + . Deprecate ArrayObject and ArrayIterator with objects. (Girgias) + +- Standard: + . Fixed bug GH-16649 (UAF during array_splice). (alexandre-daubois) + . Passing integers outside the interval [0, 255] to chr() is now deprecated. + (Girgias) + . Added support for partitioned cookies. (nielsdos) + +- Tokenizer: + . Fixed bug GH-19507 (Corrupted result after recursive tokenization during + token_get_all()). (kubawerlos, nielsdos, Arnaud) + +- URI: + . Clean up naming of internal API (header names, symbol names). + (Máté Kocsis, timwolla) + +14 Aug 2025, PHP 8.5.0beta1 + +- Core: + . Non-canonical cast names (boolean), (integer), (double), and (binary) have + been deprecated. (Girgias) + . The $exclude_disabled parameter of the get_defined_functions() function has + been deprecated, as it no longer has any effect since PHP 8.0. (Girgias) + . Terminating case statements with a semicolon instead of a colon has + been deprecated. (theodorejb) + . The backtick operator as an alias for shell_exec() has been deprecated. + (timwolla) + . Returning null from __debugInfo() has been deprecated. (DanielEScherzer) + . Support #[\Override] on properties. (Jiří Pudil) + +- Curl: + . The curl_close() function has been deprecated. (DanielEScherzer) + . The curl_share_close() function has been deprecated. (DanielEScherzer) + +- Date: + . The DATE_RFC7231 and DateTimeInterface::RFC7231 constants have been + deprecated. (jorgsowa) + +- DOM: + . Fixed bug GH-18877 (\Dom\HTMLDocument querySelectorAll selecting only the + first when using ~ and :has). (nielsdos, lexborisov) + +- FileInfo + . The finfo_close() function has been deprecated. (timwolla) + . The $context parameter of the finfo_buffer() function has been deprecated + as it is ignored. (Girgias) + +- GD: + . The imagedestroy() function has been deprecated. (DanielEScherzer) - Intl: - . Added IntlNumberRangeFormatter class to format an interval of two numbers - with a given skeleton, locale, collapse type and identity fallback. + . Intl's internal error mechanism has been modernized so that it + indicates more accurately which call site caused what error. + Moreover, some ext/date exceptions have been wrapped inside a + IntlException now. (Girgias) + . The intl.error_level INI setting has been deprecated. (Girgias) + +- MySQLi: + . The mysqli_execute() alias function has been deprecated. (timwolla) + +- OpenSSL: + . Fixed bug GH-19369 (8.5 | Regression in openssl_sign() - support for alias + algorithms appears to be broken). (Jakub Zelenka) + . The $key_length parameter for openssl_pkey_derive() has been deprecated. + (Girgias) + . Implement #80495 (Enable to set padding in openssl_(sign|verify). + (Jakub Zelenka) + . Implement #47728 (openssl_pkcs7_sign ignores new openssl flags). + (Jakub Zelenka) + +- PDO: + . The "uri:" DSN scheme has been deprecated due to security concerns with + DSNs coming from remote URIs. (timwolla) + +- Reflection: + . Fixed bug GH-17927 (Reflection: have some indication of property hooks in + `_property_string()`). (DanielEScherzer) + . The setAccessible() methods of various Reflection objects have been + deprecated, as those no longer have an effect. (timwolla) + . ReflectionClass::getConstant() for constants that do not exist has been + deprecated. (DanielEScherzer) + . ReflectionProperty::getDefaultValue() for properties without default values + has been deprecated. (DanielEScherzer) + +- SPL: + . Unregistering all autoloaders by passing the spl_autoload_call() function + as a callback argument to spl_autoload_unregister() has been deprecated. + Instead if this is needed, one should iterate over the return value of + spl_autoload_functions() and call spl_autoload_unregister() on each + value. (Girgias) + . The SplObjectStorage::contains(), SplObjectStorage::attach(), and + SplObjectStorage::detach() methods have been deprecated in favour of + SplObjectStorage::offsetExists(), SplObjectStorage::offsetSet(), and + SplObjectStorage::offsetUnset() respectively. (Girgias) + +- Standard: + . The socket_set_timeout() alias function has been deprecated. (timwolla) + . Passing null to to readdir(), rewinddir(), and closedir() to use the last + opened directory has been deprecated. (Girgias) + . Fixed bug GH-19153 (#[\Attribute] validation should error on + trait/interface/enum/abstract class). (DanielEScherzer) + +- XML: + . The xml_parser_free() function has been deprecated. (DanielEScherzer) + +31 Jul 2025, PHP 8.5.0alpha4 + +- Core: + . Add clone-with support to the clone() function. (timwolla, edorian) + . Fix support for non-userland stream notifiers. (timwolla) + . Added PHP_BUILD_PROVIDER constant. (timwolla) + . Fixed bug GH-19305 (Operands may be being released during comparison). + (Arnaud) + . Fixed bug GH-19306 (Generator can be resumed while fetching next value from + delegated Generator). (Arnaud) + . Fixed bug GH-19326 (Calling Generator::throw() on a running generator with + a non-Generator delegate crashes). (Arnaud) + +- Curl: + . Add support for CURLINFO_CONN_ID in curl_getinfo() (thecaliskan) + . Add support for CURLINFO_QUEUE_TIME_T in curl_getinfo() (thecaliskan) + . Add support for CURLOPT_SSL_SIGNATURE_ALGORITHMS. (Ayesh Karunaratne) + +- FPM: + . Make FPM access log limit configurable using log_limit. (Jakub Zelenka) + +- GD: + . Fix incorrect comparison with result of php_stream_can_cast(). (Girgias) + +- Intl: + . Fix return value on failure for resourcebundle count handler. (Girgias) + . Fixed bug GH-19307 (PGO builds of shared ext-intl are broken). (cmb) + +- OPcache: + . Disallow changing opcache.memory_consumption when SHM is already set up. + (timwolla) + . Fixed bug GH-15074 (Compiling opcache statically into ZTS PHP fails). + (Arnaud) + . Make OPcache non-optional (Arnaud, timwolla) + . Fixed bug GH-17422 (OPcache bypasses the user-defined error handler for + deprecations). (Arnaud, timwolla) + . Fixed bug GH-19301 (opcache build failure). (Remi) + +- OpenSSL: + . Add $digest_algo parameter to openssl_public_encrypt() and + openssl_private_decrypt() functions. (Jakub Zelenka) + +- POSIX: + . posix_kill and posix_setpgid throws a ValueError on invalid process_id. + (David Carlier) + . posix_setpgid throws a ValueError on invalid process_group_id, + posix_setrlimit throws a ValueError on invalid soft_limit and hard_limit + arguments. (David Carlier) + +- Reflection: + . Fixed bug GH-19187 (ReflectionNamedType::getName() prints nullable type when + retrieved from ReflectionProperty::getSettableType()). (ilutov) + +- Session: + . Fixed GH-19197: build broken with ZEND_STRL usage with memcpy + when implemented as macro. (David Carlier) + +- Soap: + . Fixed bug GH-19226 (Segfault when spawning new thread in soap extension). + (Florian Engelhardt) + +- Sockets: + . socket_set_option for multicast context throws a ValueError + when the socket family is not of AF_INET/AF_INET6 family. (David Carlier) + +- Standard: + . Add HEIF/HEIC support to getimagesize. (Benstone Zhang) + . Implement #71517 (Implement SVG support for getimagesize() and friends). + (nielsdos) + . Optimized PHP html_entity_decode function. (Artem Ukrainskiy) + . Minor optimization to array_chunk(). (nielsdos) + +- URI: + . Empty host handling is fixed. (Máté Kocsis) + . Error handling of Uri\WhatWg\Url::withHost() is fixed when the input + contains a port. Now, it triggers an exception; previously, the error + was silently swallowed. (Máté Kocsis) + . Support empty URIs with Uri\Rfc3986\Uri. (timwolla) + +17 Jul 2025, PHP 8.5.0alpha2 + +- Core: + . Fix OSS-Fuzz #427814452 (pipe compilation fails with assert). + (nielsdos, ilutov) + +- DOM: + . Make cloning DOM node lists, maps, and collections fail. (nielsdos) + . Added Dom\Element::getElementsByClassName(). (nielsdos) + +- PDO_ODBC + . Fetch larger block sizes and better handle SQL_NO_TOTAL when calling + SQLGetData. (Calvin Buckley, Saki Takamachi) + +- Standard: + . Optimized pack(). (nielsdos, divinity76) + . Fixed bug GH-19070 (setlocale($type, NULL) should not be deprecated). + (nielsdos) + +- URI: + . Return the singleton UrlValidationErrorType instances from Uri\WhatWg\Url + instead of creating new objects that are different from the singleton. + (timwolla) + +03 Jul 2025, PHP 8.5.0alpha1 + +- BCMath: + . Simplify `bc_divide()` code. (SakiTakamachi) + . If the result is 0, n_scale is set to 0. (SakiTakamachi) + . If size of BC_VECTOR array is within 64 bytes, stack area is now used. + (SakiTakamachi) + +- CLI: + . Add --ini=diff to print INI settings changed from the builtin default. + (timwolla) + . Drop support for -z CLI/CGI flag. (nielsdos) + . Fixed GH-17956 - development server 404 page does not adapt to mobiles. + (pascalchevrel) + +- CURL: + . Added CURLFOLLOW_ALL, CURLFOLLOW_OBEYCODE and CURLFOLLOW_FIRSTONLY + values for CURLOPT_FOLLOWLOCATION curl_easy_setopt option. (David Carlier) + +- COM: + . Fixed property access of PHP objects wrapped in variant. (cmb) + . Fixed method calls for PHP objects wrapped in variant. (cmb) + +- Core: + . Fixed bug GH-16665 (\array and \callable should not be usable in + class_alias). (nielsdos) + . Added PHP_BUILD_DATE constant. (cmb) + . Added support for Closures and first class callables in constant + expressions. (timwolla, Volker Dusch) + . Use `clock_gettime_nsec_np()` for high resolution timer on macOS + if available. (timwolla) + . Implement GH-15680 (Enhance zend_dump_op_array to properly represent + non-printable characters in string literals). (nielsdos, WangYihang) + . Add support for backtraces for fatal errors. (enorris) + . Fixed bug GH-17442 (Engine UAF with reference assign and dtor). (nielsdos) + . Improved error message of UnhandledMatchError for + zend.exception_string_param_max_len=0. (timwolla) + . Fixed bug GH-17959 (Relax missing trait fatal error to error exception). + (ilutov) + . Fixed bug GH-18033 (NULL-ptr dereference when using register_tick_function + in destructor). (nielsdos) + . Fixed bug GH-18026 (Improve "expecting token" error for ampersand). (ilutov) + . Added the #[\NoDiscard] attribute to indicate that a function's return + value is important and should be consumed. (timwolla, Volker Dusch) + . Added the (void) cast to indicate that not using a value is intentional. + (timwolla, Volker Dusch) + . Added get_error_handler(), get_exception_handler() functions. (Arnaud) + . Fixed bug GH-15753 and GH-16198 (Bind traits before parent class). (ilutov) + . Added support for casts in constant expressions. (nielsdos) + . Fixed bugs GH-17711 and GH-18022 (Infinite recursion on deprecated attribute + evaluation) and GH-18464 (Recursion protection for deprecation constants not + released on bailout). (DanielEScherzer and ilutov) + . Fixed AST printing for immediately invoked Closure. (Dmitrii Derepko) + . Properly handle __debugInfo() returning an array reference. (nielsdos) + . Properly handle reference return value from __toString(). (nielsdos) + . Added the pipe (|>) operator. (crell) + . Added support for `final` with constructor property promotion. + (DanielEScherzer) + . Do not use RTLD_DEEPBIND if dlmopen is available. (Daniil Gentili) + . Make `clone()` a function. (timwolla, edorian) + . Fixed bug GH-19081 (Wrong lineno in property error with constructor property + promotion). (ilutov) + +- Curl: + . Added curl_multi_get_handles(). (timwolla) + . Added curl_share_init_persistent(). (enorris) + . Added CURLINFO_USED_PROXY, CURLINFO_HTTPAUTH_USED, and CURLINFO_PROXYAUTH_USED + support to curl_getinfo. (Ayesh Karunaratne) + +- Date: + . Fix undefined behaviour problems regarding integer overflow in extreme edge + cases. (nielsdos, cmb, ilutov) + +- DOM: + . Added Dom\Element::$outerHTML. (nielsdos) + . Added Dom\Element::insertAdjacentHTML(). (nielsdos) + . Added $children property to ParentNode implementations. (nielsdos) + +- Enchant: + . Added enchant_dict_remove_from_session(). (nielsdos) + . Added enchant_dict_remove(). (nielsdos) + . Fix missing empty string checks. (nielsdos) + +- EXIF: + . Add OffsetTime* Exif tags. (acc987) + +- Fileinfo: + . Upgrade to file 5.46. (nielsdos) + . Change return type of finfo_close() to true. (timwolla) + +- FPM: + . Fixed GH-17645 (FPM with httpd ProxyPass does not decode script path). + (Jakub Zelenka) + +- GD: + . Fixed bug #68629 (Transparent artifacts when using imagerotate). (pierre, + cmb) + . Fixed bug #64823 (ZTS GD fails to to find system TrueType font). (cmb) + +- Intl: + . Bumped ICU requirement to ICU >= 57.1. (cmb) + . IntlDateFormatter::setTimeZone()/datefmt_set_timezone() throws an exception + with uninitialised classes or clone failure. (David Carlier) + . Added DECIMAL_COMPACT_SHORT/DECIMAL_COMPACT_LONG for NumberFormatter class. (BogdanUngureanu) + . Added Locale::isRightToLeft to check if a locale is written right to left. + (David Carlier) + . Added null bytes presence in locale inputs for Locale class. (David Carlier) + . Added grapheme_levenshtein() function. (Yuya Hamada) + . Added Locale::addLikelySubtags/Locale::minimizeSubtags to handle + adding/removing likely subtags to a locale. (David Carlier) + . Added IntlListFormatter class to format a list of items with a locale, + operands types and units. (BogdanUngureanu) + . Fixed bug GH-18566 ([intl] Weird numeric sort in Collator). (nielsdos) + +- LDAP: + . Allow ldap_get_option to retrieve global option by allowing NULL for + connection instance ($ldap). (Remi) + +- MySQLi: + . Fixed bugs GH-17900 and GH-8084 (calling mysqli::__construct twice). + (nielsdos) + +- MySQLnd: + . Added mysqlnd.collect_memory_statistics to ini quick reference. + (hauk92) + +- Opcache: + . Fixed ZTS OPcache build on Cygwin. (cmb) + . Added opcache.file_cache_read_only. (Samuel Melrose) + . Updated default value of opcache.jit_hot_loop. (Arnaud) + . Log a warning when opcache lock file permissions could not be changed. + (Taavi Eomäe) + +- OpenSSL: + . Added openssl.libctx INI that allows to select the OpenSSL library context + type and convert various parts of the extension to use the custom libctx. + (Jakub Zelenka) + +- Output: + . Fixed calculation of aligned buffer size. (cmb) + +- PCNTL: + . Extend pcntl_waitid with rusage parameter. (vrza) + +- PCRE: + . Upgraded to pcre2lib from 10.44 to 10.45. (nielsdos) + . Remove PCRE2_EXTRA_ALLOW_LOOKAROUND_BSK from pcre compile options. + (mvorisek) + +- PDO_PGSQL: + . Added Iterable support for PDO::pgsqlCopyFromArray. (KentarouTakeda) + . Implement GH-15387 Pdo\Pgsql::setAttribute(PDO::ATTR_PREFETCH, 0) or + Pdo\Pgsql::prepare(…, [ PDO::ATTR_PREFETCH => 0 ]) make fetch() lazy + instead of storing the whole result set in memory (Guillaume Outters) + +- PDO_SQLITE: + . throw on null bytes / resolve GH-13952 (divinity76). + . Implement GH-17321: Add setAuthorizer to Pdo\Sqlite. (nielsdos) + . PDO::sqliteCreateCollation now throws a TypeError if the callback + has a wrong return type. (David Carlier) + . Added Pdo_Sqlite::ATTR_BUSY_STATEMENT constant to check + if a statement is currently executing. (David Carlier) + . Added Pdo_Sqlite::ATTR_EXPLAIN_STATEMENT constant to set a statement + in either EXPLAIN_MODE_PREPARED, EXPLAIN_MODE_EXPLAIN, + EXPLAIN_MODE_EXPLAIN_QUERY_PLAN modes. (David Carlier) + +- PGSQL: + . Added pg_close_stmt to close a prepared statement while allowing + its name to be reused. (David Carlier) + . Added Iterable support for pgsql_copy_from. (David Carlier) + . pg_connect checks if connection_string contains any null byte, + pg_close_stmt check if the statement contains any null byte. + (David Carlier) + . Added pg_service to get the connection current service identifier. + (David Carlier) + +- POSIX: + . Added POSIX_SC_OPEN_MAX constant to get the number of file descriptors + a process can handle. (David Carlier) + . posix_ttyname() sets last_error to EBADF on invalid file descriptors, + posix_isatty() raises E_WARNING on invalid file descriptors, + posix_fpathconf checks invalid file descriptors. (David Carlier) + +- Random: + . Moves from /dev/urandom usage to arc4random_buf on Haiku. (David Carlier) + +- Reflection: + . Added ReflectionConstant::getExtension() and ::getExtensionName(). + (DanielEScherzer) + . Fixed bug GH-12856 (ReflectionClass::getStaticPropertyValue() returns UNDEF + zval for uninitialized typed properties). (nielsdos) + . Fixed bug GH-15766 (ReflectionClass::__toString() should have better output + for enums). (DanielEScherzer) + . Added ReflectionProperty::getMangledName() method. (alexandre-daubois) + +- Session: + . session_start() throws a ValueError on option argument if not a hashmap + or a TypeError if read_and_close value is not compatible with int. + (David Carlier) + +- SimpleXML: + . Fixed bug GH-12231 (SimpleXML xpath should warn when returning other return + types than node lists). (nielsdos) + +- SNMP: + . snmpget, snmpset, snmp_get2, snmp_set2, snmp_get3, snmp_set3 and + SNMP::__construct() throw an exception on invalid hostname, community + timeout and retries arguments. (David Carlier) + +- SOAP: + . Fixed bug #49169 (SoapServer calls wrong function, although "SOAP action" + header is correct). (nielsdos) + . Fix namespace handling of WSDL and XML schema in SOAP, + fixing at least GH-16320 and bug #68576. (nielsdos) + . Fixed bug #70951 (Segmentation fault on invalid WSDL cache). (nielsdos) + . Implement request #55503 (Extend __getTypes to support enumerations). + (nielsdos, datibbaw) + . Implement request #61105 (Support Soap 1.2 SoapFault Reason Text lang + attribute). (nielsdos) + +- Sockets: + . Added IPPROTO_ICMP/IPPROTO_ICMPV6 to create raw socket for ICMP usage. + (David Carlier) + . Added TCP_FUNCTION_BLK to change the TCP stack algorithm on FreeBSD. + (David Carlier) + . socket_set_option() catches possible overflow with SO_RCVTIMEO/SO_SNDTIMEO + with timeout setting on windows. (David Carlier) + . Added TCP_FUNCTION_ALIAS, TCP_REUSPORT_LB_NUMA, TCP_REUSPORT_LB_NUMA_NODOM, + TCP_REUSPORT_LB_CURDOM, TCP_BBR_ALGORITHM constants. + . socket_create_listen() throws an exception on invalid port value. + (David Carlier) + . socket_bind() throws an exception on invalid port value. + (David Carlier) + . socket_sendto() throws an exception on invalid port value. + (David Carlier) + . socket_addrinfo_lookup throws an exception on invalid hints value types. + (David Carlier) + . socket_addrinfo_lookup throws an exception if any of the hints value + overflows. (David Carlier) + . socket_addrinfo_lookup throws an exception if one or more hints entries + has an index as numeric. (David Carlier) + . socket_set_option with the options MCAST_LEAVE_GROUP/MCAST_LEAVE_SOURCE_GROUP + will throw an exception if its value is not a valid array/object. + (David Carlier) + . socket_getsockname/socket_create/socket_bind handled AF_PACKET family socket. + (David Carlier) + . Added IP_BINDANY for a socket to bind to any address. (David Carlier) + . Added SO_BUSY_POOL to reduce packets poll latency. (David Carlier) + - Added UDP_SEGMENT support to optimise multiple large datagrams over UDP + if the kernel and hardware supports it. (David Carlier) + - Added SHUT_RD, SHUT_WR and SHUT_RDWR constants for socket_shutdown(). + (David Carlier) + +- Sodium: + . Fix overall theoretical overflows on zend_string buffer allocations. + (David Carlier/nielsdos) + +- Sqlite: + . Added Sqlite3Stmt::busy to check if a statement is still being executed. + (David Carlier) + . Added Sqlite3Stmt::explain to produce a explain query plan from + the statement. (David Carlier) + . Added Sqlite3Result::fetchAll to returns all results at once from a query. + (David Carlier) + +- Standard: + . Fixed crypt() tests on musl when using --with-external-libcrypt + (Michael Orlitzky). + . Fixed bug GH-18062 (is_callable(func(...), callable_name: $name) for first + class callables returns wrong name). (timwolla) + . Added array_first() and array_last(). (nielsdos) + . Fixed bug GH-18823 (setlocale's 2nd and 3rd argument ignores strict_types). + (nielsdos) + . Fixed exit code handling of sendmail cmd and added warnings. + (Jesse Hathaway) + . Fixed bug GH-18897 (printf: empty precision is interpreted as precision 6, + not as precision 0). (nielsdos) + +- Streams: + . Fixed bug GH-16889 (stream_select() timeout useless for pipes on Windows). + (cmb) + +- Tests: + . Allow to shuffle tests even in non-parallel mode. (dhuang00) + +- Tidy: + . tidy::__construct/parseFile/parseString methods throw an exception if + the configuration argument is invalid. (David Carlier) + +- Windows: + . Fixed bug GH-10992 (Improper long path support for relative paths). (cmb, + nielsdos) + . Fixed bug GH-16843 (Windows phpize builds ignore source subfolders). (cmb) + +- XMLWriter: + . Improved performance and reduce memory consumption. (nielsdos) + +- XSL: + . Implement request #30622 (make $namespace parameter functional). (nielsdos) + +- Zlib: + . gzfile, gzopen and readgzfile, their "use_include_path" argument + is now a boolean. (David Carlier) + . Fixed bug GH-16883 (gzopen() does not use the default stream context when + opening HTTP URLs). (nielsdos) + . Implemented GH-17668 (zlib streams should support locking). (nielsdos) <<< NOTE: Insert NEWS from last stable release here prior to actual release! >>> diff --git a/ext/standard/tests/streams/gh19705.phpt b/ext/standard/tests/streams/gh19705.phpt new file mode 100644 index 0000000000000..d34cfc700596d --- /dev/null +++ b/ext/standard/tests/streams/gh19705.phpt @@ -0,0 +1,11 @@ +--TEST-- +GH-19705 segmentation fault with non writable stream at stream_filter_append call. +--EXTENSIONS-- +zlib +--FILE-- + +--EXPECTF-- +resource(%d) of type (stream filter) diff --git a/main/network.c b/main/network.c index 47c0dba1d27e5..7be64c2c4e1f1 100644 --- a/main/network.c +++ b/main/network.c @@ -1074,7 +1074,7 @@ PHPAPI char *php_socket_strerror(long err, char *buf, size_t bufsize) char *errstr = strerror_r(err, ebuf, sizeof(ebuf)); buf = estrdup(errstr); # else - errno_t res = strerror_r(err, ebuf, sizeof(ebuf)); + int res = (int) strerror_r(err, ebuf, sizeof(ebuf)); if (res == 0) { buf = estrdup(ebuf); } else { @@ -1085,7 +1085,7 @@ PHPAPI char *php_socket_strerror(long err, char *buf, size_t bufsize) # ifdef STRERROR_R_CHAR_P buf = strerror_r(err, buf, bufsize); # else - errno_t res = strerror_r(err, buf, bufsize); + int res = (int) strerror_r(err, buf, bufsize); if (res != 0) { strncpy(buf, "Unknown error", bufsize); buf[bufsize?(bufsize-1):0] = 0; @@ -1130,7 +1130,7 @@ PHPAPI zend_string *php_socket_error_str(long err) char *errstr = strerror_r(err, ebuf, sizeof(ebuf)); # else const char *errstr; - errno_t res = strerror_r(err, ebuf, sizeof(ebuf)); + int res = (int) strerror_r(err, ebuf, sizeof(ebuf)); if (res == 0) { errstr = ebuf; } else { diff --git a/main/streams/streams.c b/main/streams/streams.c index 7f6765ba06229..379b93affde29 100644 --- a/main/streams/streams.c +++ b/main/streams/streams.c @@ -1296,7 +1296,7 @@ PHPAPI int _php_stream_flush(php_stream *stream, int closing) { int ret = 0; - if (stream->writefilters.head) { + if (stream->writefilters.head && stream->ops->write) { _php_stream_write_filtered(stream, NULL, 0, closing ? PSFS_FLAG_FLUSH_CLOSE : PSFS_FLAG_FLUSH_INC ); }