Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: php8-cli | Distribution: openSUSE Tumbleweed |
Version: 8.4.13 | Vendor: openSUSE |
Release: 1.2 | Build date: Fri Sep 26 08:27:17 2025 |
Group: Development/Libraries/PHP | Build host: reproducible |
Size: 11615669 | Source RPM: php8-8.4.13-1.2.src.rpm |
Packager: https://bugs.opensuse.org | |
Url: https://secure.php.net | |
Summary: Interpreter for the PHP scripting language version 8 |
PHP is a server-side HTML embedded scripting language designed primarily for web development but also used as a general-purpose programming language. This package contains the standard implementation of PHP, namely Zend PHP. Included are the PHP command-line binary and the configuration file (php.ini). Additional documentation is available in package php-doc.
MIT AND PHP-3.01
* Fri Sep 26 2025 pgajdos@suse.com - version update to 8.4.13 Core: Fixed bug GH-18850 (Repeated inclusion of file with __halt_compiler() triggers "Constant already defined" warning). Partially fixed bug GH-19542 (Scanning of string literals >=2GB will fail due to signed int overflow). Fixed bug GH-19544 (GC treats ZEND_WEAKREF_TAG_MAP references as WeakMap references). Fixed bug GH-19613 (Stale array iterator pointer). Fixed bug GH-19679 (zend_ssa_range_widening may fail to converge). Fixed bug GH-19681 (PHP_EXPAND_PATH broken with bash 5.3.0). Fixed bug GH-19720 (Assertion failure when error handler throws when accessing a deprecated constant). CLI: Fixed bug GH-19461 (Improve error message on listening error with IPv6 address). Date: Fixed date_sunrise() and date_sunset() with partial-hour UTC offset. DBA: Fixed bug GH-19706 (dba stream resource mismanagement). DOM: Fixed bug GH-19612 (Mitigate libxml2 tree dictionary bug). FPM: Fixed failed debug assertion when php_admin_value setting fails. Intl: Fixed bug GH-11952 (Fix locale strings canonicalization for IntlDateFormatter and NumberFormatter). Opcache: Fixed bug GH-19493 (JIT variable not stored before YIELD). OpenSSL: Fixed bug GH-19245 (Success error message on TLS stream accept failure). PGSQL: Fixed bug GH-19485 (potential use after free when using persistent pgsql connections). Phar: Fixed memory leaks when verifying OpenSSL signature. Fix memory leak in phar tar temporary file error handling code. Fix metadata leak when phar convert logic fails. Fix memory leak on failure in phar_convert_to_other(). Fixed bug GH-19752 (Phar decompression with invalid extension can cause UAF). Standard: Fixed bug GH-16649 (UAF during array_splice). Fixed bug GH-19577 (Avoid integer overflow when using a small offset and PHP_INT_MAX with LimitIterator). Streams: Remove incorrect call to zval_ptr_dtor() in user_wrapper_metadata(). Fix OSS-Fuzz #385993744. Zip: Fix memory leak in zip when encountering empty glob result. * Thu Aug 28 2025 pgajdos@suse.com - version update to 8.4.12 Core: Fixed GH-19169 build issue with C++17 and ZEND_STATIC_ASSERT macro. Fixed bug GH-19053 (Duplicate property slot with hooks and interface property). Fixed bug GH-19044 (Protected properties are not scoped according to their prototype). Fixed bug GH-18581 (Coerce numeric string keys from iterators when argument unpacking). Fixed OSS-Fuzz #434346548 (Failed assertion with throwing __toString in binary const expr). Fixed bug GH-19305 (Operands may be being released during comparison). Fixed bug GH-19303 (Unpacking empty packed array into uninitialized array causes assertion failure). Fixed bug GH-19306 (Generator can be resumed while fetching next value from delegated Generator). Fixed bug GH-19326 (Calling Generator::throw() on a running generator with a non-Generator delegate crashes). Fixed bug GH-19280 (Stale array iterator position on rehashing). Fixed bug GH-18736 (Circumvented type check with return by ref + finally). Fixed bug GH-19065 (Long match statement can segfault compiler during recursive SSA renaming). Calendar: Fixed bug GH-19371 (integer overflow in calendar.c). FTP: Fix theoretical issues with hrtime() not being available. GD: Fix incorrect comparison with result of php_stream_can_cast(). Hash: Fix crash on clone failure. Intl: Fix memleak on failure in collator_get_sort_key(). Fix return value on failure for resourcebundle count handler. LDAP: Fixed bug GH-18529 (additional inheriting of TLS int options). LibXML: Fixed bug GH-19098 (libxml<2.13 segmentation fault caused by php_libxml_node_free). MbString: Fixed bug GH-19397 (mb_list_encodings() can cause crashes on shutdown). Opcache: Reset global pointers to prevent use-after-free in zend_jit_status(). Fix issue with JIT restart and hooks. Fix crash with dynamic function defs in hooks during preload. OpenSSL: Fixed bug GH-18986 (OpenSSL backend: incorrect RAND_{load,write}_file() return value check). Fix error return check of EVP_CIPHER_CTX_ctrl(). Fixed bug GH-19428 (openssl_pkey_derive segfaults for DH derive with low key_length param). PDO Pgsql: Fixed dangling pointer access on _pdo_pgsql_trim_message helper. SOAP: Fixed bug GH-18640 (heap-use-after-free ext/soap/php_encoding.c:299:32 in soap_check_zval_ref). Sockets: Fix some potential crashes on incorrect argument value. Standard: Fixed OSS Fuzz #433303828 (Leak in failed unserialize() with opcache). Fix theoretical issues with hrtime() not being available. Fixed bug GH-19300 (Nested array_multisort invocation with error breaks). Windows: Free opened_path when opened_path_len >= MAXPATHLEN. * Fri Aug 08 2025 Arjen de Korte <suse+build@de-korte.org> - version update to 8.4.11 Calendar: Fixed jewishtojd overflow on year argument. Core: Fixed bug GH-18833 (Use after free with weakmaps dependent on destruction order). Fixed bug GH-18907 (Leak when creating cycle in hook). Fix OSS-Fuzz #427814456. Fix OSS-Fuzz #428983568 and #428760800. Fixed bug GH-17204 (-Wuseless-escape warnings emitted by re2c). Fixed bug GH-19064 (Undefined symbol 'execute_ex' on Windows ARM64). Curl: Fix memory leaks when returning refcounted value from curl callback. Remove incorrect string release. DOM: Fixed bug GH-18979 (Dom\XMLDocument::createComment() triggers undefined behavior with null byte). LDAP: Fixed GH-18902 ldap_exop/ldap_exop_sync assert triggered on empty request OID. MbString: Fixed bug GH-18901 (integer overflow mb_split). Opcache: Fixed bug GH-18639 (Internal class aliases can break preloading + JIT). Fixed bug GH-18899 (JIT function crash when emitting undefined variable warning and opline is not set yet). Fixed bug GH-14082 (Segmentation fault on unknown address 0x600000000018 in ext/opcache/jit/zend_jit.c). Fixed bug GH-18898 (SEGV zend_jit_op_array_hot with property hooks and preloading). OpenSSL: Fixed bug #80770 (It is not possible to get client peer certificate with stream_socket_server). PCNTL: Fixed bug GH-18958 (Fatal error during shutdown after pcntl_rfork() or pcntl_forkx() with zend-max-execution-timers). Phar: Fix stream double free in phar. Fix phar crash and file corruption with SplFileObject. SOAP: Fixed bug GH-18990, bug #81029, bug #47314 (SOAP HTTP socket not closing on object destruction). Fix memory leak when URL parsing fails in redirect. SPL: Fixed bug GH-19094 (Attaching class with no Iterator implementation to MultipleIterator causes crash). Standard: Fix misleading errors in printf(). Fix RCN violations in array functions. Fixed GH-18976 pack() overflow with h/H format and INT_MAX repeater value. Streams: Fixed GH-13264 (fgets() and stream_get_line() do not return false on filter fatal error). Zip: Fix leak when path is too long in ZipArchive::extractTo(). * Thu Jul 03 2025 pgajdos@suse.com - version update to 8.4.10 [bsc#1246146][bsc#1246148][bsc#1246167] BcMath: Fixed bug GH-18641 (Accessing a BcMath\Number property by ref crashes). Core: Fixed bugs GH-17711 and GH-18022 (Infinite recursion on deprecated attribute evaluation) and GH-18464 (Recursion protection for deprecation constants not released on bailout). Fixed GH-18695 (zend_ast_export() - float number is not preserved). Fix handling of references in zval_try_get_long(). Do not delete main chunk in zend_gc. Fix compile issues with zend_alloc and some non-default options. Curl: Fix memory leak when setting a list via curl_setopt fails. Date: Fix leaks with multiple calls to DatePeriod iterator current(). DOM: Fixed bug GH-18744 (classList works not correctly if copy HTMLElement by clone keyword). FPM: Fixed GH-18662 (fpm_get_status segfault). Hash: Fixed bug GH-14551 (PGO build fails with xxhash). Intl: Fix memory leak in intl_datetime_decompose() on failure. Fix memory leak in locale lookup on failure. Opcache: Fixed bug GH-18743 (Incompatibility in Inline TLS Assembly on Alpine 3.22). ODBC: Fix memory leak on php_odbc_fetch_hash() failure. OpenSSL: Fix memory leak of X509_STORE in php_openssl_setup_verify() on failure. Fixed bug #74796 (Requests through http proxy set peer name). PGSQL: Fixed GHSA-hrwm-9436-5mv3 (pgsql extension does not check for errors during escaping). (CVE-2025-1735) Fix warning not being emitted when failure to cancel a query with pg_cancel_query(). PDO ODBC: Fix memory leak if WideCharToMultiByte() fails. PDO Sqlite: Fixed memory leak with Pdo_Sqlite::createCollation when the callback has an incorrect return type. Phar: Add missing filter cleanups on phar failure. Fixed bug GH-18642 (Signed integer overflow in ext/phar fseek). PHPDBG: Fix 'phpdbg --help' segfault on shutdown with USE_ZEND_ALLOC=0. Random: Fix reference type confusion and leak in user random engine. Readline: Fix memory leak when calloc() fails in php_readline_completion_cb(). SimpleXML: Fixed bug GH-18597 (Heap-buffer-overflow in zend_alloc.c when assigning string with UTF-8 bytes). SOAP: Fix memory leaks in php_http.c when call_user_function() fails. Fixed GHSA-453j-q27h-5p8x (NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix). (CVE-2025-6491) Standard: Fixed GHSA-3cr5-j632-f35r (Null byte termination in hostnames). (CVE-2025-1220) Tidy: Fix memory leak in tidy output handler on error. Fix tidyOptIsReadonly deprecation, using tidyOptGetCategory. - modified patches % php-build-reproducible-phar.patch (refreshed) * Fri Jun 06 2025 pgajdos@suse.com - version update to 8.4.8 Core: Fixed GH-18480 (array_splice with large values for offset/length arguments). Partially fixed GH-18572 (nested object comparisons leading to stack overflow). Fixed OSS-Fuzz #417078295. Fixed OSS-Fuzz #418106144. Curl: Fixed GH-18460 (curl_easy_setopt with CURLOPT_USERPWD/CURLOPT_USERNAME/ CURLOPT_PASSWORD set the Authorization header when set to NULL). Date: Fixed bug GH-18076 (Since PHP 8, the date_sun_info() function returns inaccurate sunrise and sunset times, but other calculated times are correct) (JiriJozif). Fixed bug GH-18481 (date_sunrise with unexpected nan value for the offset). DOM: Backport lexbor/lexbor#274. Intl: Fix various reference issues. LDAP: Fixed bug GH-18529 (ldap no longer respects TLS_CACERT from ldaprc in ldap_start_tls()). Opcache: Fixed bug GH-18417 (Windows SHM reattachment fails when increasing memory_consumption or jit_buffer_size). Fixed bug GH-18297 (Exception not handled when jit guard is triggered). Fixed bug GH-18408 (Snapshotted poly_func / poly_this may be spilled). Fixed bug GH-18567 (Preloading with internal class alias triggers assertion failure). Fixed bug GH-18534 (FPM exit code 70 with enabled opcache and hooked properties in traits). Fix leak of accel_globals->key. OpenSSL: Fix missing checks against php_set_blocking() in xp_ssl.c. SPL: Fixed bug GH-18421 (Integer overflow with large numbers in LimitIterator). Standard: Fixed bug GH-17403 (Potential deadlock when putenv fails). Fixed bug GH-18400 (http_build_query type error is inaccurate). Fixed bug GH-18509 (Dynamic calls to assert() ignore zend.assertions). Windows: Fix leak+crash with sapi_windows_set_ctrl_handler(). Zip: Fixed bug GH-18431 (Registering ZIP progress callback twice doesn't work). Fixed bug GH-18438 (Handling of empty data and errors in ZipArchive::addPattern). * Fri May 09 2025 Arjen de Korte <suse+build@de-korte.org> - version update to 8.4.7 Core: Fixed bug GH-18038 (Lazy proxy calls magic methods twice). Fixed bug GH-18209 (Use-after-free in extract() with EXTR_REFS). Fixed bug GH-18268 (Segfault in array_walk() on object with added property hooks). Fixed bug GH-18304 (Changing the properties of a DateInterval through dynamic properties triggers a SegFault). Fix some leaks in php_scandir. DBA: FIxed bug GH-18247 dba_popen() memory leak on invalid path. Filter: Fixed bug GH-18309 (ipv6 filter integer overflow). GD: Fixed imagecrop() overflow with rect argument with x/width y/heigh usage in gdImageCrop(). Fixed GH-18243 imagettftext() overflow/underflow on font size value. Intl: Fix reference support for intltz_get_offset(). LDAP: Fixed bug GH-17776 (LDAP_OPT_X_TLS_* options can't be overridden). Fix NULL deref on high modification key. libxml: Fixed custom external entity loader returning an invalid resource leading to a confusing TypeError message. Opcache: Fixed bug GH-18294 (assertion failure zend_jit_ir.c). Fixed bug GH-18289 (Fix segfault in JIT). Fixed bug GH-18136 (tracing JIT floating point register clobbering on Windows and ARM64). OpenSSL: Fix memory leak in openssl_sign() when passing invalid algorithm. Fix potential leaks when writing to BIO fails. PDO Firebird: Fixed bug GH-18276 (persistent connection - "zend_mm_heap corrupted" with setAttribute()) Fixed bug GH-17383 (PDOException has wrong code and message since PHP 8.4) PDO Sqlite: Fix memory leak on error return of collation callback. PgSql: Fix uouv in pg_put_copy_end(). SPL: Fixed bug GH-18322 (SplObjectStorage debug handler mismanages memory). Standard: Fixed bug GH-18145 (php8ts crashes in php_clear_stat_cache()). Fix resource leak in iptcembed() on error. Tests: Address deprecated PHP 8.4 session options to prevent test failures. Zip: Fix uouv when handling empty options in ZipArchive::addGlob(). Fix memory leak when handling a too long path in ZipArchive::addGlob(). * Fri Apr 18 2025 Manu Maier <mmanu84@outlook.de> - version update to 8.4.6 BCMath: Fixed pointer subtraction for scale. Core: Fixed property hook backing value access in multi-level inheritance. Fixed accidentally inherited default value in overridden virtual properties. Fixed bug GH-17376 (Broken JIT polymorphism for property hooks added to child class). Fixed bug GH-17913 (ReflectionFunction::isDeprecated() returns incorrect results for closures created from magic __call()). Fixed bug GH-17941 (Stack-use-after-return with lazy objects and hooks). Fixed bug GH-17988 (Incorrect handling of hooked props without get hook in get_object_vars()). Fixed bug GH-17998 (Skipped lazy object initialization on primed SIMPLE_WRITE cache). Fixed bug GH-17998 (Assignment to backing value in set hook of lazy proxy calls hook again). Fixed bug GH-17961 (use-after-free during dl()'ed module class destruction). Fixed bug GH-15367 (dl() of module with aliased class crashes in shutdown). Fixed OSS-Fuzz #403308724. Fixed bug GH-13193 again (Significant performance degradation in 'foreach'). DBA: Fixed assertion violation when opening the same file with dba_open multiple times. DOM: Fixed bug GH-17991 (Assertion failure dom_attr_value_write). Fix weird unpack behaviour in DOM. Fixed bug GH-18090 (DOM: Svg attributes and tag names are being lowercased). Fix xinclude destruction of live attributes. Fuzzer: Fixed bug GH-18081 (Memory leaks in error paths of fuzzer SAPI). GD: Fixed bug GH-17984 (calls with arguments as array with references). LDAP: Fixed bug GH-18015 (Error messages for ldap_mod_replace are confusing). Mbstring: Fixed bug GH-17989 (mb_output_handler crash with unset http_output_conv_mimetypes). Opcache: Fixed bug GH-15834 (Segfault with hook "simple get" cache slot and minimal JIT). Fixed bug GH-17966 (Symfony JIT 1205 assertion failure). Fixed bug GH-18037 (SEGV Zend/zend_execute.c). Fixed bug GH-18050 (IN_ARRAY optimization in DFA pass is broken). Fixed bug GH-18113 (stack-buffer-overflow ext/opcache/jit/ir/ir_sccp.c). Fixed bug GH-18112 (NULL access with preloading and INI option). Fixed bug GH-18107 (Opcache CFG jmp optimization with try-finally breaks the exception table). PDO: Fix memory leak when destroying PDORow. Standard: Fix memory leaks in array_any() / array_all(). SOAP: Fixed bug #66049 (Typemap can break parsing in parse_packet_soap leading to a segfault) . SPL: Fixed bug GH-18018 (RC1 data returned from offsetGet causes UAF in ArrayObject). Treewide: Fixed bug GH-17736 (Assertion failure zend_reference_destroy()). Windows: Fixed bug GH-17836 (zend_vm_gen.php shouldn't break on Windows line endings). * Wed Apr 02 2025 pgajdos@suse.com - version update to 8.4.5 BCMath: Fixed bug GH-17398 (bcmul memory leak). Core: Fixed bug GH-17623 (Broken stack overflow detection for variable compilation). Fixed bug GH-17618 (UnhandledMatchError does not take zend.exception_ignore_args=1 into account). Fix fallback paths in fast_long_{add,sub}_function. Fixed bug OSS-Fuzz #391975641 (Crash when accessing property backing value by reference). Fixed bug GH-17718 (Calling static methods on an interface that has `__callStatic` is allowed). Fixed bug GH-17713 (ReflectionProperty::getRawValue() and related methods may call hooks of overridden properties). Fixed bug GH-17916 (Final abstract properties should error). Fixed bug GH-17866 (zend_mm_heap corrupted error after upgrading from 8.4.3 to 8.4.4). Fixed GHSA-rwp7-7vc6-8477 (Reference counting in php_request_shutdown causes Use-After-Free). (CVE-2024-11235) DOM: Fixed bug GH-17609 (Typo in error message: Dom\NO_DEFAULT_NS instead of Dom\HTML_NO_DEFAULT_NS). Fixed bug GH-17802 (\Dom\HTMLDocument querySelector attribute name is case sensitive in HTML). Fixed bug GH-17847 (xinclude destroys live node). Fix using Dom\Node with Dom\XPath callbacks. GD: Fixed bug GH-17703 (imagescale with both width and height negative values triggers only an Exception on width). Fixed bug GH-17772 (imagepalettetotruecolor crash with memory_limit=2M). FFI: Fix FFI Parsing of Pointer Declaration Lists. FPM: Fixed bug GH-17643 (FPM with httpd ProxyPass encoded PATH_INFO env). LDAP: Fixed bug GH-17704 (ldap_search fails when $attributes contains a non-packed array with numerical keys). LibXML: Fixed GHSA-wg4p-4hqh-c3g9 (Reocurrence of #72714). Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong `content-type` header when requesting a redirected resource). (CVE-2025-1219) MBString: Fixed bug GH-17503 (Undefined float conversion in mb_convert_variables). Opcache: Fixed bug GH-17654 (Multiple classes using same trait causes function JIT crash). Fixed bug GH-17577 (JIT packed type guard crash). Fixed bug GH-17747 (Exception on reading property in register-based FETCH_OBJ_R breaks JIT). Fixed bug GH-17715 (Null pointer deref in observer API when calling cases() method on preloaded enum). Fixed bug GH-17868 (Cannot allocate memory with tracing JIT on 8.4.4). PDO_SQLite: Fixed GH-17837 ()::getColumnMeta() on unexecuted statement segfaults). Fix cycle leak in sqlite3 setAuthorizer(). Fix memory leaks in pdo_sqlite callback registration. Phar: Fixed bug GH-17808: PharFileInfo refcount bug. PHPDBG: Partially fixed bug GH-17387 (Trivial crash in phpdbg lexer). Fix memory leak in phpdbg calling registered function. Reflection: Fixed bug GH-15902 (Core dumped in ext/reflection/php_reflection.c). Fixed missing final and abstract flags when dumping properties. Standard: Fixed bug #72666 (stat cache clearing inconsistent between file:// paths and plain paths). Streams: Fixed bug GH-17650 (realloc with size 0 in user_filters.c). Fix memory leak on overflow in _php_stream_scandir(). Fixed GHSA-hgf5-96fm-v528 (Stream HTTP wrapper header check might omit basic auth header). (CVE-2025-1736) Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location to 1024 bytes). (CVE-2025-1861) Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers without colon). (CVE-2025-1734) Fixed GHSA-v8xr-gpvj-cx9g (Header parser of `http` stream wrapper does not handle folded headers). (CVE-2025-1217) Windows: Fixed phpize for Windows 11 (24H2). Fixed GH-17855 (CURL_STATICLIB flag set even if linked with shared lib). Zlib: Fixed bug GH-17745 (zlib extension incorrectly handles object arguments). Fix memory leak when encoding check fails. Fix zlib support for large files. - version update to 8.4.4 Core: Fixed bug GH-17234 (Numeric parent hook call fails with assertion). Fixed bug GH-16892 (ini_parse_quantity() fails to parse inputs starting with 0x0b). Fixed bug GH-16886 (ini_parse_quantity() fails to emit warning for 0x+0). Fixed bug GH-17222 (__PROPERTY__ magic constant does not work in all constant expression contexts). Fixed bug GH-17214 (Relax final+private warning for trait methods with inherited final). Fixed NULL arithmetic during system program execution on Windows. Fixed potential OOB when checking for trailing spaces on Windows. Fixed bug GH-17408 (Assertion failure Zend/zend_exceptions.c). Fix may_have_extra_named_args flag for ZEND_AST_UNPACK. Fix NULL arithmetic in System V shared memory emulation for Windows. Fixed bug GH-17597 (#[\Deprecated] does not work for __call() and __callStatic()). DOM: Fixed bug GH-17397 (Assertion failure ext/dom/php_dom.c). Fixed bug GH-17486 (Incorrect error line numbers reported in Dom\HTMLDocument::createFromString). Fixed bug GH-17481 (UTF-8 corruption in \Dom\HTMLDocument). Fixed bug GH-17500 (Segfault with requesting nodeName on nameless doctype). Fixed bug GH-17485 (upstream fix, Self-closing tag on void elements shouldn't be a parse error/warning in \Dom\HTMLDocument). Fixed bug GH-17572 (getElementsByTagName returns collections with tagName-based indexing). Enchant: Fix crashes in enchant when passing null bytes. FTP: Fixed bug GH-16800 (ftp functions can abort with EINTR). GD: Fixed bug GH-17349 (Tiled truecolor filling looses single color transparency). Fixed bug GH-17373 (imagefttext() ignores clipping rect for palette images). Ported fix for libgd 223 (gdImageRotateGeneric() does not properly interpolate). Added support for reading GIFs without colormap to bundled libgd. Gettext: Fixed bug GH-17400 (bindtextdomain SEGV on invalid domain). Intl: Fixed bug GH-11874 (intl causing segfault in docker images). Opcache: Fixed bug GH-15981 (Segfault with frameless jumps and minimal JIT). Fixed bug GH-17307 (Internal closure causes JIT failure). Fixed bug GH-17428 (Assertion failure ext/opcache/jit/zend_jit_ir.c:8940). Fixed bug GH-17564 (Potential UB when reading from / writing to struct padding). PCNTL: Fixed pcntl_setcpuaffinity exception type from ValueError to TypeError for the cpu mask argument with entries type different than int/string. PCRE: Fixed bug GH-17122 (memory leak in regex). PDO: Fixed a memory leak when the GC is used to free a PDOStatment. Fixed a crash in the PDO Firebird Statement destructor. Fixed UAFs when changing default fetch class ctor args. PgSql: Fixed build failure when the constant PGRES_TUPLES_CHUNK is not present in the system. Phar: Fixed bug GH-17518 (offset overflow phar extractTo()). PHPDBG: Fix crashes in function registration + test. Session: Fix type confusion with session SID constant. Fixed bug GH-17541 (ext/session NULL pointer dereferencement during ID reset). SimpleXML: Fixed bug GH-17409 (Assertion failure Zend/zend_hash.c:1730). SNMP: Fixed bug GH-17330 (SNMP::setSecurity segfault on closed session). SPL: Fixed bug GH-15833 (Segmentation fault (access null pointer) in ext/spl/spl_array.c). Fixed bug GH-17516 (SplFileTempObject::getPathInfo() Undefined behavior on invalid class). Standard: Fixed bug GH-17447 (Assertion failure when array popping a self addressing variable). Windows: Fixed clang compiler detection. Zip: Fixed bug GH-17139 (Fix zip_entry_name() crash on invalid entry). - version update to 8.4.3 BcMath: Fixed bug GH-17049 (Correctly compare 0 and -0). Fixed bug GH-17061 (Now Number::round() does not remove trailing zeros). Fixed bug GH-17064 (Correctly round rounding mode with zero edge case). Fixed bug GH-17275 (Fixed the calculation logic of dividend scale). Core: Fixed bug OSS-Fuzz #382922236 (Duplicate dynamic properties in hooked object iterator properties table). Fixed unstable get_iterator pointer for hooked classes in shm on Windows. Fixed bug GH-17106 (ZEND_MATCH_ERROR misoptimization). Fixed bug GH-17162 (zend_array_try_init() with dtor can cause engine UAF). Fixed bug GH-17101 (AST->string does not reproduce constructor property promotion correctly). Fixed bug GH-17200 (Incorrect dynamic prop offset in hooked prop iterator). Fixed bug GH-17216 (Trampoline crash on error). DBA: Skip test if inifile is disabled. DOM: Fixed bug GH-17145 (DOM memory leak). Fixed bug GH-17201 (Dom\TokenList issues with interned string replace). Fixed bug GH-17224 (UAF in importNode). Embed: Make build command for program using embed portable. FFI: Fixed bug #79075 (FFI header parser chokes on comments). Fix memory leak on ZEND_FFI_TYPE_CHAR conversion failure. Fixed bug GH-16013 and bug #80857 (Big endian issues). Fileinfo: Fixed bug GH-17039 (PHP 8.4: Incorrect MIME content type). FPM: Fixed bug GH-13437 (FPM: ERROR: scoreboard: failed to lock (already locked)). Fixed bug GH-17112 (Macro redefinitions). Fixed bug GH-17208 (bug64539-status-json-encoding.phpt fail on 32-bits). GD: Fixed bug GH-16255 (Unexpected nan value in ext/gd/libgd/gd_filter.c). Ported fix for libgd bug 276 (Sometimes pixels are missing when storing images as BMPs). Gettext: Fixed bug GH-17202 (Segmentation fault ext/gettext/gettext.c bindtextdomain()). Iconv: Fixed bug GH-17047 (UAF on iconv filter failure). LDAP: Fixed bug GH-17280 (ldap_search() fails when $attributes array has holes). LibXML: Fixed bug GH-17223 (Memory leak in libxml encoding handling). MBString: Fixed bug GH-17112 (Macro redefinitions). Opcache: opcache_get_configuration() properly reports jit_prof_threshold. Fixed bug GH-17140 (Assertion failure in JIT trace exit with ZEND_FETCH_DIM_FUNC_ARG). Fixed bug GH-17151 (Incorrect RC inference of op1 of FETCH_OBJ and INIT_METHOD_CALL). Fixed bug GH-17246 (GC during SCCP causes segfault). Fixed bug GH-17257 (UBSAN warning in ext/opcache/jit/zend_jit_vm_helpers.c). PCNTL: Fix memory leak in cleanup code of pcntl_exec() when a non stringable value is encountered past the first entry. PgSql: Fixed bug GH-17158 (pg_fetch_result Shows Incorrect ArgumentCountError Message when Called With 1 Argument). Fixed further ArgumentCountError for calls with flexible number of arguments. Phar: Fixed bug GH-17137 (Segmentation fault ext/phar/phar.c). SimpleXML: Fixed bug GH-17040 (SimpleXML's unset can break DOM objects). Fixed bug GH-17153 (SimpleXML crash when using autovivification on document). Sockets: Fixed bug GH-16276 (socket_strerror overflow handling with INT_MIN). Fixed overflow on SO_LINGER values setting, strengthening values check on SO_SNDTIMEO/SO_RCVTIMEO for socket_set_option(). SPL: Fixed bug GH-17198 (SplFixedArray assertion failure with get_object_vars). Fixed bug GH-17225 (NULL deref in spl_directory.c). Streams: Fixed bug GH-17037 (UAF in user filter when adding existing filter name due to incorrect error handling). Fixed bug GH-16810 (overflow on fopen HTTP wrapper timeout value). Fixed bug GH-17067 (glob:// wrapper doesn't cater to CWD for ZTS builds). Windows: Hardened proc_open() against cmd.exe hijacking. XML: Fixed bug GH-1718 (unreachable program point in zend_hash). - modified patches % php-build-reproducible-phar.patch (refreshed) - version update to 8.4.2 BcMath: Fixed bug GH-16978 (Avoid unnecessary padding with leading zeros) (Saki Takamachi) Calendar: Fixed jdtogregorian overflow. Fixed cal_to_jd julian_days argument overflow. COM: Fixed bug GH-16991 (Getting typeinfo of non DISPATCH variant segfaults). Core: Fail early in *nix configuration build script. Fixed bug GH-16344 (setRawValueWithoutLazyInitialization() and skipLazyInitialization() may change initialized proxy). Fixed bug GH-16727 (Opcache bad signal 139 crash in ZTS bookworm (frankenphp)). Fixed bug GH-16799 (Assertion failure at Zend/zend_vm_execute.h:7469). Fixed bug GH-16630 (UAF in lexer with encoding translation and heredocs). Fix is_zend_ptr() huge block comparison. Fixed potential OOB read in zend_dirname() on Windows. Fixed bug GH-15964 (printf() can strip sign of -INF). Curl: Fixed bug GH-16802 (open_basedir bypass using curl extension). Fix various memory leaks in curl mime handling. DBA: Fixed bug GH-16990 (dba_list() is now zero-indexed instead of using resource ids) (kocsismate) DOM: Fixed bug GH-16777 (Calling the constructor again on a DOM object after it is in a document causes UAF). Fixed bug GH-16906 (Reloading document can cause UAF in iterator). FPM: Fixed GH-16432 (PHP-FPM 8.2 SIGSEGV in fpm_get_status). Fixed bug GH-16932 (wrong FPM status output). GD: Fixed GH-16776 (imagecreatefromstring overflow). GMP: Fixed bug GH-16890 (array_sum() with GMP can loose precision (LLP64)). Hash: Fixed GH-16711: Segfault in mhash(). Opcache: Fixed bug GH-16851 (JIT_G(enabled) not set correctly on other threads). Fixed bug GH-16902 (Set of opcache tests fail zts+aarch64). Fixed bug GH-16879 (JIT dead code skipping does not update call_level). OpenSSL: Prevent unexpected array entry conversion when reading key. Fix various memory leaks related to openssl exports. Fix memory leak in php_openssl_pkey_from_zval(). PDO: Fixed memory leak of `setFetchMode()`. Phar: Fixed bug GH-16695 (phar:// tar parser and zero-length file header blocks). PHPDBG: Fixed bug GH-15208 (Segfault with breakpoint map and phpdbg_clear()). SAPI: Fixed bug GH-16998 (UBSAN warning in rfc1867). SimpleXML: Fixed bug GH-16808 (Segmentation fault in RecursiveIteratorIterator ->current() with a xml element input). SOAP: Fix make check being invoked in ext/soap. Standard: Fixed bug GH-16905 (Internal iterator functions can't handle UNDEF properties). Fixed bug GH-16957 (Assertion failure in array_shift with self-referencing array). Streams: Fixed network connect poll interuption handling. Windows: Fixed bug GH-16849 (Error dialog causes process to hang). Windows Server 2025 is now properly reported. - version update to 8.4.1 * Property Hooks * Asymmetric Property Visibility * Lazy Objects * PDO driver-specific subclasses * BCMath object type * details: https://www.php.net/ChangeLog-8.php#8.4.1 * upgrading notes: https://www.php.net/manual/en/migration84.php * Fri Mar 14 2025 pgajdos@suse.com - version update to 8.3.19 BCMath: Fixed bug GH-17398 (bcmul memory leak). Core: Fixed bug GH-17623 (Broken stack overflow detection for variable compilation). Fixed bug GH-17618 (UnhandledMatchError does not take zend.exception_ignore_args=1 into account). Fix fallback paths in fast_long_{add,sub}_function. Fixed bug GH-17718 (Calling static methods on an interface that has `__callStatic` is allowed). Fixed bug GH-17797 (zend_test_compile_string crash on invalid script path). Fixed GHSA-rwp7-7vc6-8477 (Reference counting in php_request_shutdown causes Use-After-Free). (CVE-2024-11235) DOM: Fixed bug GH-17847 (xinclude destroys live node). FFI: Fix FFI Parsing of Pointer Declaration Lists. FPM: Fixed bug GH-17643 (FPM with httpd ProxyPass encoded PATH_INFO env). GD: Fixed bug GH-17772 (imagepalettetotruecolor crash with memory_limit=2M). LDAP: Fixed bug GH-17704 (ldap_search fails when $attributes contains a non-packed array with numerical keys). LibXML: Fixed GHSA-wg4p-4hqh-c3g9 (Reocurrence of #72714). Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong `content-type` header when requesting a redirected resource). (CVE-2025-1219) MBString: Fixed bug GH-17503 (Undefined float conversion in mb_convert_variables). Opcache: Fixed bug GH-17654 (Multiple classes using same trait causes function JIT crash). Fixed bug GH-17577 (JIT packed type guard crash). Fixed bug GH-17899 (zend_test_compile_string with invalid path when opcache is enabled). Fixed bug GH-17868 (Cannot allocate memory with tracing JIT). PDO_SQLite: Fixed GH-17837 ()::getColumnMeta() on unexecuted statement segfaults). Fix cycle leak in sqlite3 setAuthorizer(). Phar: Fixed bug GH-17808: PharFileInfo refcount bug. PHPDBG: Partially fixed bug GH-17387 (Trivial crash in phpdbg lexer). Fix memory leak in phpdbg calling registered function. Reflection: Fixed bug GH-15902 (Core dumped in ext/reflection/php_reflection.c). Standard: Fixed bug #72666 (stat cache clearing inconsistent between file:// paths and plain paths). Streams: Fixed bug GH-17650 (realloc with size 0 in user_filters.c). Fix memory leak on overflow in _php_stream_scandir(). Fixed GHSA-hgf5-96fm-v528 (Stream HTTP wrapper header check might omit basic auth header). (CVE-2025-1736) Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location to 1024 bytes). (CVE-2025-1861) Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers without colon). (CVE-2025-1734) Fixed GHSA-v8xr-gpvj-cx9g (Header parser of `http` stream wrapper does not handle folded headers). (CVE-2025-1217) Windows: Fixed phpize for Windows 11 (24H2). Fixed GH-17855 (CURL_STATICLIB flag set even if linked with shared lib). Zlib: Fixed bug GH-17745 (zlib extension incorrectly handles object arguments). Fix memory leak when encoding check fails. Fix zlib support for large files. - fixes: CVE-2025-1217 [bsc#1239664] CVE-2024-11235 [bsc#1239666] CVE-2025-1734 [bsc#1239668] CVE-2025-1861 [bsc#1239669] CVE-2025-1736 [bsc#1239670] CVE-2025-1219 [bsc#1239667] * Fri Feb 14 2025 pgajdos@suse.com - version update to 8.3.17 Core: Fixed bug GH-16892 (ini_parse_quantity() fails to parse inputs starting with 0x0b). Fixed bug GH-16886 (ini_parse_quantity() fails to emit warning for 0x+0). Fixed bug GH-17214 (Relax final+private warning for trait methods with inherited final). Fixed NULL arithmetic during system program execution on Windows. Fixed potential OOB when checking for trailing spaces on Windows. Fixed bug GH-17408 (Assertion failure Zend/zend_exceptions.c). Fix may_have_extra_named_args flag for ZEND_AST_UNPACK. Fix NULL arithmetic in System V shared memory emulation for Windows. DOM: Fixed bug GH-17500 (Segfault with requesting nodeName on nameless doctype). Enchant: Fix crashes in enchant when passing null bytes. FTP: Fixed bug GH-16800 (ftp functions can abort with EINTR). GD: Fixed bug GH-17349 (Tiled truecolor filling looses single color transparency). Fixed bug GH-17373 (imagefttext() ignores clipping rect for palette images). Ported fix for libgd 223 (gdImageRotateGeneric() does not properly interpolate). Intl: Fixed bug GH-11874 (intl causing segfault in docker images). Fixed bug GH-17469 (UConverter::transcode always emit E_WARNING on invalid encoding). Opcache: Fixed bug GH-17307 (Internal closure causes JIT failure). Fixed bug GH-17564 (Potential UB when reading from / writing to struct padding). PDO: Fixed a memory leak when the GC is used to free a PDOStatment. Fixed a crash in the PDO Firebird Statement destructor. Fixed UAFs when changing default fetch class ctor args. Phar: Fixed bug GH-17518 (offset overflow phar extractTo()). PHPDBG: Fix crashes in function registration + test. Session: Fix type confusion with session SID constant. Fixed bug GH-17541 (ext/session NULL pointer dereferencement during ID reset). SimpleXML: Fixed bug GH-17409 (Assertion failure Zend/zend_hash.c:1730). SNMP: Fixed bug GH-17330 (SNMP::setSecurity segfault on closed session). SPL: Fixed bug GH-17463 (crash on SplTempFileObject::ftruncate with negative value). Zip: Fixed bug GH-17139 (Fix zip_entry_name() crash on invalid entry). * Fri Feb 07 2025 pgajdos@suse.com - obsolete also apache2-mod_php7 [bsc#1236850] * Fri Jan 17 2025 pgajdos@suse.com - version update to 8.3.16 Core: Fixed bug GH-17106 (ZEND_MATCH_ERROR misoptimization). Fixed bug GH-17162 (zend_array_try_init() with dtor can cause engine UAF). Fixed bug GH-17101 (AST->string does not reproduce constructor property promotion correctly). Fixed bug GH-17211 (observer segfault on function loaded with dl()). Fixed bug GH-17216 (Trampoline crash on error). Date: Fixed bug GH-14709 DatePeriod::__construct() overflow on recurrences. DBA: Skip test if inifile is disabled. DOM: Fixed bug GH-17224 (UAF in importNode). Embed: Make build command for program using embed portable. FFI: Fixed bug #79075 (FFI header parser chokes on comments). Fix memory leak on ZEND_FFI_TYPE_CHAR conversion failure. Fixed bug GH-16013 and bug #80857 (Big endian issues). Filter: Fixed bug GH-16944 (Fix filtering special IPv4 and IPv6 ranges, by using information from RFC 6890). FPM: Fixed bug GH-13437 (FPM: ERROR: scoreboard: failed to lock (already locked)). Fixed bug GH-17112 (Macro redefinitions). Fixed bug GH-17208 (bug64539-status-json-encoding.phpt fail on 32-bits). GD: Fixed bug GH-16255 (Unexpected nan value in ext/gd/libgd/gd_filter.c). Ported fix for libgd bug 276 (Sometimes pixels are missing when storing images as BMPs). Gettext: Fixed bug GH-17202 (Segmentation fault ext/gettext/gettext.c bindtextdomain()). Iconv: Fixed bug GH-17047 (UAF on iconv filter failure). LDAP: Fixed bug GH-17280 (ldap_search() fails when $attributes array has holes). LibXML: Fixed bug GH-17223 (Memory leak in libxml encoding handling). MBString: Fixed bug GH-17112 (Macro redefinitions). Opcache: opcache_get_configuration() properly reports jit_prof_threshold. Fixed bug GH-17246 (GC during SCCP causes segfault). PCNTL: Fix memory leak in cleanup code of pcntl_exec() when a non stringable value is encountered past the first entry. PgSql: Fixed bug GH-17158 (pg_fetch_result Shows Incorrect ArgumentCountError Message when Called With 1 Argument). Fixed further ArgumentCountError for calls with flexible number of arguments. Phar: Fixed bug GH-17137 (Segmentation fault ext/phar/phar.c). SimpleXML: Fixed bug GH-17040 (SimpleXML's unset can break DOM objects). Fixed bug GH-17153 (SimpleXML crash when using autovivification on document). Sockets: Fixed bug GH-16276 (socket_strerror overflow handling with INT_MIN). Fixed overflow on SO_LINGER values setting, strengthening values check on SO_SNDTIMEO/SO_RCVTIMEO for socket_set_option(). SPL: Fixed bug GH-17225 (NULL deref in spl_directory.c). Streams: Fixed bug GH-17037 (UAF in user filter when adding existing filter name due to incorrect error handling). Fixed bug GH-16810 (overflow on fopen HTTP wrapper timeout value). Fixed bug GH-17067 (glob:// wrapper doesn't cater to CWD for ZTS builds). Windows: Hardened proc_open() against cmd.exe hijacking. XML: Fixed bug GH-1718 (unreachable program point in zend_hash). - modified patches % php-build-reproducible-phar.patch (refreshed) * Fri Jan 10 2025 pgajdos@suse.com - obsolete php7 to smooth the migration [bsc#1234788] * Fri Dec 20 2024 pgajdos@suse.com - version update to 8.3.15 Calendar: Fixed jdtogregorian overflow. Fixed cal_to_jd julian_days argument overflow. COM: Fixed bug GH-16991 (Getting typeinfo of non DISPATCH variant segfaults). Core: Fail early in *nix configuration build script. Fixed bug GH-16727 (Opcache bad signal 139 crash in ZTS bookworm (frankenphp)). Fixed bug GH-16799 (Assertion failure at Zend/zend_vm_execute.h:7469). Fixed bug GH-16630 (UAF in lexer with encoding translation and heredocs). Fix is_zend_ptr() huge block comparison. Fixed potential OOB read in zend_dirname() on Windows. Curl: Fixed bug GH-16802 (open_basedir bypass using curl extension). Fix various memory leaks in curl mime handling. DOM: Fixed bug GH-16777 (Calling the constructor again on a DOM object after it is in a document causes UAF). Fixed bug GH-16906 (Reloading document can cause UAF in iterator). FPM: Fixed GH-16432 (PHP-FPM 8.2 SIGSEGV in fpm_get_status). GD: Fixed GH-16776 (imagecreatefromstring overflow). GMP: Fixed bug GH-16890 (array_sum() with GMP can loose precision (LLP64)). Hash: Fixed GH-16711: Segfault in mhash(). Opcache: Fixed bug GH-16770 (Tracing JIT type mismatch when returning UNDEF). Fixed bug GH-16851 (JIT_G(enabled) not set correctly on other threads). Fixed bug GH-16902 (Set of opcache tests fail zts+aarch64). OpenSSL: Prevent unexpected array entry conversion when reading key. Fix various memory leaks related to openssl exports. Fix memory leak in php_openssl_pkey_from_zval(). PDO: Fixed memory leak of `setFetchMode()`. Phar: Fixed bug GH-16695 (phar:// tar parser and zero-length file header blocks). PHPDBG: Fixed bug GH-15208 (Segfault with breakpoint map and phpdbg_clear()). SAPI: Fixed bug GH-16998 (UBSAN warning in rfc1867). SimpleXML: Fixed bug GH-16808 (Segmentation fault in RecursiveIteratorIterator ->current() with a xml element input). SOAP: Fix make check being invoked in ext/soap. Standard: Fixed bug GH-16905 (Internal iterator functions can't handle UNDEF properties). Fixed bug GH-16957 (Assertion failure in array_shift with self-referencing array). Streams: Fixed network connect poll interuption handling. Windows: Fixed bug GH-16849 (Error dialog causes process to hang). - modified patches % php-ar-flags.patch (refreshed) % php-build-reproducible-phar.patch (refreshed) % php-date-regenerate-lexers.patch (refreshed) % php-systzdata-v24.patch (refreshed) * Thu Nov 21 2024 pgajdos@suse.com - version update to 8.3.14 [bsc#1233644] [bsc#1233651] [bsc#1233703] [bsc#1233702] [bsc#1233705] CLI: Fixed bug GH-16373 (Shebang is not skipped for router script in cli-server started through shebang). Fixed bug GHSA-4w77-75f9-2c8w (Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface). COM: Fixed out of bound writes to SafeArray data. Core: Fixed bug GH-16168 (php 8.1 and earlier crash immediately when compiled with Xcode 16 clang on macOS 15). Fixed bug GH-16371 (Assertion failure in Zend/zend_weakrefs.c:646). Fixed bug GH-16515 (Incorrect propagation of ZEND_ACC_RETURN_REFERENCE for call trampoline). Fixed bug GH-16509 (Incorrect line number in function redeclaration error). Fixed bug GH-16508 (Incorrect line number in inheritance errors of delayed early bound classes). Fixed bug GH-16648 (Use-after-free during array sorting). Curl: Fixed bug GH-16302 (CurlMultiHandle holds a reference to CurlHandle if curl_multi_add_handle fails). Date: Fixed bug GH-16454 (Unhandled INF in date_sunset() with tiny $utcOffset). Fixed bug GH-14732 (date_sun_info() fails for non-finite values). DBA: Fixed bug GH-16390 (dba_open() can segfault for "pathless" streams). DOM: Fixed bug GH-16316 (DOMXPath breaks when not initialized properly). Add missing hierarchy checks to replaceChild. Fixed bug GH-16336 (Attribute intern document mismanagement). Fixed bug GH-16338 (Null-dereference in ext/dom/node.c). Fixed bug GH-16473 (dom_import_simplexml stub is wrong). Fixed bug GH-16533 (Segfault when adding attribute to parent that is not an element). Fixed bug GH-16535 (UAF when using document as a child). Fixed bug GH-16593 (Assertion failure in DOM->replaceChild). Fixed bug GH-16595 (Another UAF in DOM -> cloneNode). EXIF: Fixed bug GH-16409 (Segfault in exif_thumbnail when not dealing with a real file). FFI: Fixed bug GH-16397 (Segmentation fault when comparing FFI object). Filter: Fixed bug GH-16523 (FILTER_FLAG_HOSTNAME accepts ending hyphen). FPM: Fixed bug GH-16628 (FPM logs are getting corrupted with this log statement). GD: Fixed bug GH-16334 (imageaffine overflow on matrix elements). Fixed bug GH-16427 (Unchecked libavif return values). Fixed bug GH-16559 (UBSan abort in ext/gd/libgd/gd_interpolation.c:1007). GMP: Fixed floating point exception bug with gmp_pow when using large exposant values. (David Carlier). Fixed bug GH-16411 (gmp_export() can cause overflow). Fixed bug GH-16501 (gmp_random_bits() can cause overflow). Fixed gmp_pow() overflow bug with large base/exponents. Fixed segfaults and other issues related to operator overloading with GMP objects. LDAP: Fixed bug GHSA-g665-fm4p-vhff (OOB access in ldap_escape). (CVE-2024-8932) MBstring: Fixed bug GH-16361 (mb_substr overflow on start/length arguments). MySQLnd: Fixed bug GHSA-h35g-vwh6-m678 (Leak partial content of the heap through heap buffer over-read). (CVE-2024-8929) Opcache: Fixed bug GH-16408 (Array to string conversion warning emitted in optimizer). OpenSSL: Fixed bug GH-16357 (openssl may modify member types of certificate arrays). Fixed bug GH-16433 (Large values for openssl_csr_sign() $days overflow). Fix various memory leaks on error conditions in openssl_x509_parse(). PDO DBLIB: Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the dblib quoter causing OOB writes). (CVE-2024-11236) PDO Firebird: Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the firebird quoter causing OOB writes). (CVE-2024-11236) PDO ODBC: Fixed bug GH-16450 (PDO_ODBC can inject garbage into field values). Phar: Fixed bug GH-16406 (Assertion failure in ext/phar/phar.c:2808). PHPDBG: Fixed bug GH-16174 (Empty string is an invalid expression for ev). Reflection: Fixed bug GH-16601 (Memory leak in Reflection constructors). Session: Fixed bug GH-16385 (Unexpected null returned by session_set_cookie_params). Fixed bug GH-16290 (overflow on cookie_lifetime ini value). SOAP: Fixed bug GH-16318 (Recursive array segfaults soap encoding). Fixed bug GH-16429 (Segmentation fault access null pointer in SoapClient). Sockets: Fixed bug with overflow socket_recvfrom $length argument. SPL: Fixed bug GH-16337 (Use-after-free in SplHeap). Fixed bug GH-16464 (Use-after-free in SplDoublyLinkedList::offsetSet()). Fixed bug GH-16479 (Use-after-free in SplObjectStorage::setInfo()). Fixed bug GH-16478 (Use-after-free in SplFixedArray::unset()). Fixed bug GH-16588 (UAF in Observer->serialize). Fix GH-16477 (Segmentation fault when calling __debugInfo() after failed SplFileObject::__constructor). Fixed bug GH-16589 (UAF in SplDoublyLinked->serialize()). Fixed bug GH-14687 (segfault on SplObjectIterator instance). Fixed bug GH-16604 (Memory leaks in SPL constructors). Fixed bug GH-16646 (UAF in ArrayObject::unset() and ArrayObject::exchangeArray()). Standard: Fixed bug GH-16293 (Failed assertion when throwing in assert() callback with bail enabled). Streams: Fixed bug GHSA-c5f2-jwm7-mmq2 (Configuring a proxy in a stream context might allow for CRLF injection in URIs). (CVE-2024-11234) Fixed bug GHSA-r977-prxv-hc43 (Single byte overread with convert.quoted-printable-decode filter). (CVE-2024-11233) SysVMsg: Fixed bug GH-16592 (msg_send() crashes when a type does not properly serialized). SysVShm: Fixed bug GH-16591 (Assertion error in shm_put_var). XMLReader: Fixed bug GH-16292 (Segmentation fault in ext/xmlreader/php_xmlreader.c). Zlib: Fixed bug GH-16326 (Memory management is broken for bad dictionaries.) (cmb) * Thu Oct 24 2024 pgajdos@suse.com - version update to 8.3.13 Calendar: Fixed GH-16240: jdtounix overflow on argument value. Fixed GH-16241: easter_days/easter_date overflow on year argument. Fixed GH-16263: jddayofweek overflow. Fixed GH-16234: jewishtojd overflow. CLI: Fixed bug GH-16137: duplicate http headers when set several times by the client. Core: Fixed bug GH-16054 (Segmentation fault when resizing hash table iterator list while adding). Fixed bug GH-15905 (Assertion failure for TRACK_VARS_SERVER). Fixed bug GH-15907 (Failed assertion when promoting Serialize deprecation to exception). Fixed bug GH-15851 (Segfault when printing backtrace during cleanup of nested generator frame). Fixed bug GH-15866 (Core dumped in Zend/zend_generators.c). Fixed bug GH-16188 (Assertion failure in Zend/zend_exceptions.c). Fixed bug GH-16233 (Observer segfault when calling user function in internal function via trampoline). DOM: Fixed bug GH-16039 (Segmentation fault (access null pointer) in ext/dom/parentnode/tree.c). Fixed bug GH-16149 (Null pointer dereference in DOMElement->getAttributeNames()). Fixed bug GH-16151 (Assertion failure in ext/dom/parentnode/tree.c). Fixed bug GH-16150 (Use after free in php_dom.c). Fixed bug GH-16152 (Memory leak in DOMProcessingInstruction/DOMDocument). JSON: Fixed bug GH-15168 (stack overflow in json_encode()). GD: Fixed bug GH-16232 (bitshift overflow on wbmp file content reading / fix backport from upstream). Fixed bug GH-12264 (overflow/underflow on imagerotate degrees value) (David Carlier) Fixed bug GH-16274 (imagescale underflow on RBG channels / fix backport from upstream). LDAP: Fixed bug GH-16032 (Various NULL pointer dereferencements in ldap_modify_batch()). Fixed bug GH-16101 (Segfault in ldap_list(), ldap_read(), and ldap_search() when LDAPs array is not a list). Fix GH-16132 (php_ldap_do_modify() attempts to free pointer not allocated by ZMM.). Fix GH-16136 (Memory leak in php_ldap_do_modify() when entry is not a proper dictionary). MBString: Fixed bug GH-16261 (Reference invariant broken in mb_convert_variables()). OpenSSL: Fixed stub for openssl_csr_new. PCRE: Fixed bug GH-16189 (underflow on offset argument). Fixed bug GH-16184 (UBSan address overflowed in ext/pcre/php_pcre.c). PHPDBG: Fixed bug GH-15901 (phpdbg: Assertion failure on i funcs). Fixed bug GH-16181 (phpdbg: exit in exception handler reports fatal error). Reflection: Fixed bug GH-16187 (Assertion failure in ext/reflection/php_reflection.c). SAPI: Fixed bug GH-15395 (php-fpm: zend_mm_heap corrupted with cgi-fcgi request). SimpleXML: Fixed bug GH-15837 (Segmentation fault in ext/simplexml/simplexml.c). Sockets: Fixed bug GH-16267 (socket_strerror overflow on errno argument). SOAP: Fixed bug #73182 (PHP SOAPClient does not support stream context HTTP headers in array form). Fixed bug #62900 (Wrong namespace on xsd import error message). Fixed bug GH-15711 (SoapClient can't convert BackedEnum to scalar value). Fixed bug GH-16237 (Segmentation fault when cloning SoapServer). Fix Soap leaking http_msg on error. Fixed bug GH-16256 (Assertion failure in ext/soap/php_encoding.c:460). Fixed bug GH-16259 (Soap segfault when classmap instantiation fails). SPL: Fixed bug GH-15918 (Assertion failure in ext/spl/spl_fixedarray.c). Standard: Fixed bug GH-16053 (Assertion failure in Zend/zend_hash.c). Fixed bug GH-15169 (stack overflow when var serialization in ext/standard/var). Streams: Fixed bugs GH-15908 and GH-15026 (leak / assertion failure in streams.c). Fixed bug GH-15980 (Signed integer overflow in main/streams/streams.c). TSRM: Prevent closing of unrelated handles. * Sat Sep 28 2024 Thorsten Kukuk <kukuk@suse.com> - Add /srv/www directories to filelist [bsc#1231027] * Thu Sep 26 2024 Arjen de Korte <suse+build@de-korte.org> - version update to 8.3.12 [bsc#1231358], [bsc#1231382], [bsc#1231360] CGI: Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection Vulnerability). (CVE-2024-8926) Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassable due to the environment variable collision). (CVE-2024-8927) Core: Fixed bug GH-15408 (MSan false-positve on zend_max_execution_timer). Fixed bug GH-15515 (Configure error grep illegal option q). Fixed bug GH-15514 (Configure error: genif.sh: syntax error). Fixed bug GH-15565 (--disable-ipv6 during compilation produces error EAI_SYSTEM not found). Fixed bug GH-15587 (CRC32 API build error on arm 32-bit). Fixed bug GH-15330 (Do not scan generator frames more than once). Fixed uninitialized lineno in constant AST of internal enums. Curl: Fixed bug GH-15547 (curl_multi_select overflow on timeout argument). DOM: Fixed bug GH-15551 (Segmentation fault (access null pointer) in ext/dom/xml_common.h). Fixed bug GH-15654 (Signed integer overflow in ext/dom/nodelist.c). Fileinfo: Fixed bug GH-15752 (Incorrect error message for finfo_file with an empty filename argument). FPM: Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered). (CVE-2024-9026) MySQLnd: Fixed bug GH-15432 (Heap corruption when querying a vector). Opcache: Fixed bug GH-15661 (Access null pointer in Zend/Optimizer/zend_inference.c). Fixed bug GH-15658 (Segmentation fault in Zend/zend_vm_execute.h). SAPI: Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data). (CVE-2024-8925) Standard: Fixed bug GH-15552 (Signed integer overflow in ext/standard/scanf.c). Streams: Fixed bug GH-15628 (php_stream_memory_get_buffer() not zero-terminated). * Fri Aug 30 2024 pgajdos@suse.com - version update to 8.3.11 Core: Fixed bug GH-15020 (Memory leak in Zend/Optimizer/escape_analysis.c). Fixed bug GH-15023 (Memory leak in Zend/zend_ini.c). Fixed bug GH-13330 (Append -Wno-implicit-fallthrough flag conditionally). Fix uninitialized memory in network.c. Fixed bug GH-15108 (Segfault when destroying generator during shutdown). Fixed bug GH-15275 (Crash during GC of suspended generator delegate). Curl: Fixed case when curl_error returns an empty string. DOM: Fix UAF when removing doctype and using foreach iteration. FFI: Fixed bug GH-14286 (ffi enum type (when enum has no name) make memory leak). Hash: Fix crash when converting array data for array in shm in xxh3. Intl: Fixed bug GH-15087 (IntlChar::foldCase()'s $option is not optional). Opcache: Fixed bug GH-13817 (Segmentation fault for enabled observers after pass 4). Fixed bug GH-13775 (Memory leak possibly related to opcache SHM placement). Output: Fixed bug GH-15179 (Segmentation fault (null pointer dereference) in ext/standard/url_scanner_ex.re). PDO_Firebird: Fix bogus fallthrough path in firebird_handle_get_attribute(). PHPDBG: Fixed bug GH-13199 (EOF emits redundant prompt in phpdbg local console mode with libedit/readline). Fixed bug GH-15268 (heap buffer overflow in phpdbg (zend_hash_num_elements() Zend/zend_hash.h)). Fixed bug GH-15210 use-after-free on watchpoint allocations. Soap: Fixed bug #55639 (Digest autentication dont work). Fix SoapFault property destruction. Fixed bug GH-15252 (SOAP XML broken since PHP 8.3.9 when using classmap constructor option). Standard: Fix passing non-finite timeout values in stream functions. Fixed GH-14780 p(f)sockopen timeout overflow. Streams: Fixed bug GH-15028 (Memory leak in ext/phar/stream.c). Fixed bug GH-15034 (Integer overflow on stream_notification_callback byte_max parameter with files bigger than 2GB). Reverted fix for GH-14930 (Custom stream wrapper dir_readdir output truncated to 255 characters). Tidy: Fix memory leaks in ext/tidy basedir restriction code. * Fri Aug 16 2024 Arjen de Korte <suse+build@de-korte.org> - version update to 8.3.10 Core: Fixed bug GH-13922 (Fixed support for systems with sysconf(_SC_GETPW_R_SIZE_MAX) == -1). Fixed bug GH-14626 (Fix is_zend_ptr() for huge blocks). Fixed bug GH-14590 (Memory leak in FPM test gh13563-conf-bool-env.phpt. Fixed OSS-Fuzz #69765. Fixed bug GH-14741 (Segmentation fault in Zend/zend_types.h). Fixed bug GH-14969 (Use-after-free in property coercion with __toString()). Dom: Fixed bug GH-14702 (DOMDocument::xinclude() crash). Fileinfo: Fixed bug GH-14888 (README.REDIST.BINS refers to non-existing LICENSE). Gd: ext/gd/tests/gh10614.phpt: skip if no PNG support. restored warning instead of fata error. LibXML: Fixed bug GH-14563 (Build failure with libxml2 v2.13.0). Opcache: Fixed bug GH-14550 (No warning message when Zend DTrace is enabled that opcache.jit is implictly disabled). Output: Fixed bug GH-14808 (Unexpected null pointer in Zend/zend_string.h with empty output buffer). PDO: Fixed bug GH-14712 (Crash with PDORow access to null property). Phar: Fixed bug GH-14603 (null string from zip entry). PHPDBG: Fixed bug GH-14596 (crashes with ASAN and ZEND_RC_DEBUG=1). Fixed bug GH-14553 (echo output trimmed at NULL byte). Shmop: Fixed bug GH-14537 (shmop Windows 11 crashes the process). SPL: Fixed bug GH-14639 (Member access within null pointer in ext/spl/spl_observer.c). Standard: Fixed bug GH-14775 (range function overflow with negative step argument). Fix 32-bit wordwrap test failures. Fixed bug GH-14774 (time_sleep_until overflow). Streams: Fixed bug GH-14930 (Custom stream wrapper dir_readdir output truncated to 255 characters in PHP 8.3). Tidy: Fix memory leak in tidy_repair_file(). Treewide: Fix compatibility with libxml2 2.13.2. XML: Move away from to-be-deprecated libxml fields. Fixed bug GH-14834 (Error installing PHP when --with-pear is used). * Sun Jul 07 2024 pgajdos@suse.com - version update to 8.3.9 Core: Fixed bug GH-14315 (Incompatible pointer type warnings). Fixed bug GH-12814 (max_execution_time reached too early on MacOS 14 when running on Apple Silicon). Fixed bug GH-14387 (Crash when stack walking in destructor of yielded from values during Generator->throw()). Fixed bug GH-14456 (Attempting to initialize class with private constructor calls destructor). Fixed bug GH-14510 (memleak due to missing pthread_attr_destroy()-call). Fixed bug GH-14549 (Incompatible function pointer type for fclose). BCMatch: Fixed bug (bcpowmod() with mod = -1 returns 1 when it must be 0). Curl: Fixed bug GH-14307 (Test curl_basic_024 fails with curl 8.8.0). DOM: Fixed bug GH-14343 (Memory leak in xml and dom). FPM: Fixed bug GH-14037 (PHP-FPM ping.path and ping.response config vars are ignored in status pool). GD: Fix parameter numbers for imagecolorset(). Intl: Fix reference handling in SpoofChecker. MySQLnd: Partially fix bug GH-10599 (Apache crash on Windows when using a self-referencing anonymous function inside a class with an active mysqli connection). Opcache: Fixed bug GH-14267 (opcache.jit=off does not allow enabling JIT at runtime). Fixed TLS access in JIT on FreeBSD/amd64. Fixed bug GH-11188 (Error when building TSRM in ARM64). PDO ODBC: Fixed bug GH-14367 (incompatible SDWORD type with iODBC). PHPDBG: Fixed bug GH-13681 (segfault on watchpoint addition failure). Soap: Fixed bug #47925 (PHPClient can't decompress response). Fix missing error restore code. Fix memory leak if calling SoapServer::setObject() twice. Fix memory leak if calling SoapServer::setClass() twice. Fix reading zlib ini settings in ext-soap. Fix memory leaks with string function name lookups. Fixed bug #69280 (SoapClient classmap doesn't support fully qualified class name). Fixed bug #76232 (SoapClient Cookie Header Semicolon). Fixed memory leaks when calling SoapFault::__construct() twice. Sodium: Fix memory leaks in ext/sodium on failure of some functions. SPL: Fixed bug GH-14290 (Member access within null pointer in extension spl). Standard: Fixed bug GH-14483 (Fixed off-by-one error in checking length of abstract namespace Unix sockets). Streams: Fixed bug GH-11078 (PHP Fatal error triggers pointer being freed was not allocated and malloc: double free for ptr errors). * Thu Jun 20 2024 pgajdos@suse.com - drop unmaintained apache-rex usage * Fri Jun 07 2024 pgajdos@suse.com - version update to 8.3.8 [bsc#1226073] CGI: Fixed buffer limit on Windows, replacing read call usage by _read. Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection in PHP-CGI). (CVE-2024-4577) CLI: Fixed bug GH-14189 (PHP Interactive shell input state incorrectly handles quoted heredoc literals.). Core: Fixed bug GH-13970 (Incorrect validation of #[Attribute] flags type for non-compile-time expressions). DOM: Fix crashes when entity declaration is removed while still having entity references. Fix references not handled correctly in C14N. Fix crash when calling childNodes next() when iterator is exhausted. Fix crash in ParentNode::append() when dealing with a fragment containing text nodes. Filter: Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL). (CVE-2024-5458) FPM: Fix bug GH-14175 (Show decimal number instead of scientific notation in systemd status). Hash: ext/hash: Swap the checking order of `__has_builtin` and `__GNUC__` (Saki Takamachi) Intl: Fixed build regression on systems without C++17 compilers. MySQLnd: Fix bug GH-14255 (mysqli_fetch_assoc reports error from nested query). Opcache: Fixed bug GH-14109 (Fix accidental persisting of internal class constant in shm). OpenSSL: The openssl_private_decrypt function in PHP and Marvin attack. Standard: Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874). (CVE-2024-5585) XML: Fixed bug GH-14124 (Segmentation fault with XML extension under certain memory limit). XMLReader: Fixed bug GH-14183 (XMLReader::open() can't be overridden). - modified patches % php-build-reproducible-phar.patch (refreshed) * Thu May 09 2024 pgajdos@suse.com - version update to 8.3.7 Core: Fixed zend_call_stack build with Linux/uclibc-ng without thread support. Fixed bug GH-13772 (Invalid execute_data->opline pointers in observer fcall handlers when JIT is enabled). Fixed bug GH-13931 (Applying zero offset to null pointer in Zend/zend_opcode.c). Fixed bug GH-13942 (Align the behavior of zend-max-execution-timers with other timeout implementations). Fixed bug GH-14003 (Broken cleanup of unfinished calls with callable convert parameters). Fixed bug GH-14013 (Erroneous dnl appended in configure). Fixed bug GH-10232 (If autoloading occurs during constant resolution filename and lineno are identified incorrectly). Fixed bug GH-13727 (Missing void keyword). Fibers: Fixed bug GH-13903 (ASAN false positive underflow when executing copy()). Fileinfo: Fixed bug GH-13795 (Test failing in ext/fileinfo/tests/bug78987.phpt on big-endian PPC). FPM: Fixed bug GH-13563 (Setting bool values via env in FPM config fails). Intl: Fixed build for icu 74 and onwards. MySQLnd: Fix shift out of bounds on 32-bit non-fast-path platforms. Opcache: Fixed bug GH-13433 (Segmentation Fault in zend_class_init_statics when using opcache.preload). Fixed incorrect assumptions across compilation units for static calls. OpenSSL: Fixed bug GH-10495 (feof on OpenSSL stream hangs indefinitely). PDO SQLite: Fix GH-13984 (Buffer size is now checked before memcmp). Fix GH-13998 (Manage refcount of agg_context->val correctly). Phar: Fixed bug GH-13836 (Renaming a file in a Phar to an already existing filename causes a NULL pointer dereference). Fixed bug GH-13833 (Applying zero offset to null pointer in zend_hash.c). Fix potential NULL pointer dereference before calling EVP_SignInit. PHPDBG: Fixed bug GH-13827 (Null pointer access of type 'zval' in phpdbg_frame). Posix: Fix usage of reentrant functions in ext/posix. Session: Fixed bug GH-13856 (Member access within null pointer of type 'ps_files' in ext/session/mod_files.c). Fixed bug GH-13891 (memleak and segfault when using ini_set with session.trans_sid_hosts). Fixed buffer _read/_write size limit on windows for the file mode. Streams: Fixed file_get_contents() on Windows fails with "errno=22 Invalid argument". Fixed bug GH-13264 (Part 1 - Memory leak on stream filter failure). Fixed bug GH-13860 (Incorrect PHP_STREAM_OPTION_CHECK_LIVENESS case in ext/openssl/xp_ssl.c - causing use of dead socket). Fixed bug GH-11678 (Build fails on musl 1.2.4 - lfs64). Treewide: Fix gcc-14 Wcalloc-transposed-args warnings. * Fri Apr 12 2024 pgajdos@suse.com - version update to 8.3.6 [bsc#1222857] [bsc#1222858] Core: Fixed GH-13569 (GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when scanning WeakMaps). Fixed bug GH-13612 (Corrupted memory in destructor with weak references). Fixed bug GH-13446 (Restore exception handler after it finishes). Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor). DOM: Add some missing ZPP checks. Fix potential memory leak in XPath evaluation results. FPM: Fixed GH-11086 (FPM: config test runs twice in daemonised mode). Fix incorrect check in fpm_shm_free(). GD: Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). Gettext: Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL. MySQLnd: Fix GH-13452 (Fixed handshake response [mysqlnd]). Fix incorrect charset length in check_mb_eucjpms(). Opcache: Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null). Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded). Random: Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes). Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used). Session: Fixed bug GH-13680 (Segfault with session_decode and compilation error). SPL: Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). Standard: Fixed bug GH-11808 (Live filesystem modified by tests). Fixed GH-13402 (Added validation of `\n` in $additional_headers of mail()). Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows). Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756) Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) Fixed bug GHSA-fjp9-9hwx-59fq (mb_encode_mimeheader runs endlessly for some inputs). (CVE-2024-2757) Fix bug GH-13932 (Attempt to fix mbstring on windows build) (msvc). * Tue Mar 19 2024 pgajdos@suse.com - version update to 8.3.4 * This is a bug fix release. * Wed Mar 06 2024 Pedro Monreal <pmonreal@suse.com> - Use the system default cipher list instead of hardcoded values by using crypto-policies. [bsc#1211301] * Use the --with-system-ciphers configure option. * Fri Feb 16 2024 pgajdos@suse.com - version update to 8.3.3 * A bugfix release. - modified patches % php-build-reproducible-phar.patch (refreshed) * Thu Jan 18 2024 pgajdos@suse.com - version update to 8.3.2 * This is a bug fix release. - modified patches % php-ar-flags.patch (refreshed) % php-build-reproducible-phar.patch (refreshed) * Wed Dec 27 2023 Manu Maier <mmanu84@outlook.de> - version update to 8.3.1 * This is a bug fix release. https://www.php.net/ChangeLog-8.php#8.3.1 * Fri Nov 24 2023 pgajdos@suse.com - version update to 8.3.0 * https://www.php.net/releases/8.3/en.php * Typed class constants * Dynamic class constant fetch * New #[\Override] attribute * Deep-cloning of readonly properties * New json_validate() function * New Randomizer::getBytesFromString() method * New Randomizer::getFloat() and Randomizer::nextFloat() methods * New DOMElement::getAttributeNames(), DOMElement::insertAdjacentElement(), DOMElement::insertAdjacentText(), DOMElement::toggleAttribute(), DOMNode::contains(), DOMNode::getRootNode(), DOMNode::isEqualNode(), DOMNameSpaceNode::contains(), and DOMParentNode::replaceChildren() methods. * New IntlCalendar::setDate(), IntlCalendar::setDateTime(), IntlGregorianCalendar::createFromDate(), and IntlGregorianCalendar::createFromDateTime() methods. * New ldap_connect_wallet(), and ldap_exop_sync() functions. * New mb_str_pad() function. * New posix_sysconf(), posix_pathconf(), posix_fpathconf(), and posix_eaccess() functions. * New ReflectionMethod::createFromMethodName() method. * New socket_atmark() function. * New str_increment(), str_decrement(), and stream_context_set_options() functions. * New ZipArchive::getArchiveFlag() method. * Support for generation EC keys with custom EC parameters in OpenSSL extension. * New INI setting zend.max_allowed_stack_size to set the maximum allowed stack size. * php.ini now supports fallback/default value syntax. * Anonymous classes can now be readonly. * https://www.php.net/ChangeLog-8.php#PHP_8_3 - modified patches % php-ar-flags.patch (refreshed) % php-build-reproducible-phar.patch (refreshed) % php-ini.patch (refreshed) - modified sources % php8.keyring - deleted patches - php-systzdata-v23.patch - added patches + php-systzdata-v24.patch * Fri Nov 24 2023 pgajdos@suse.com - version update to 8.2.13 * This is a bug fix release. https://www.php.net/ChangeLog-8.php#8.2.13 * Thu Oct 26 2023 pgajdos@suse.com - version update to 8.2.12 * This is a bug fix release. https://www.php.net/ChangeLog-8.php#8.2.12 * Fri Sep 29 2023 pgajdos@suse.com - version update to 8.2.11 * This is a bug fix release. * https://www.php.net/ChangeLog-8.php#8.2.11 * Tue Sep 26 2023 pgajdos@suse.com - add missing references to rpm changelog - 15sp4 only: [bsc#1200772], [jsc#SLE-24723] add pecl, pear [jsc#SLE-23639] version update * Fri Sep 01 2023 Bernhard Wiedemann <bwiedemann@suse.com> - Use %make_build macro * Fri Sep 01 2023 pgajdos@suse.com - version update to 8.2.10 * This is a bug fix release. * https://www.php.net/ChangeLog-8.php#8.2.10 * Tue Aug 22 2023 pgajdos@suse.com - version update to 8.2.9 * This is a security release. * Fixes CVE-2023-3824 [bsc#1214103] and CVE-2023-3823 [bsc#1214106] * https://www.php.net/ChangeLog-8.php#8.2.9 - deleted patches - php-unicode-allow-redistribution.patch (upstreamed) - deleted sources - repack.sh (not needed) * Mon Jul 17 2023 pgajdos@suse.com - version update to 8.2.8 * This is a bug fix release. * https://www.php.net/ChangeLog-8.php#8.2.8 - modified patches % php-sort-filelist-phar.patch (refreshed) * Thu Jun 22 2023 pgajdos@suse.com - version update to 8.2.7 * Readonly classes * Disjunctive Normal Form (DNF) Types * Allow null, false, and true as stand-alone types * New "Random" extension * Constants in traits * Deprecate dynamic properties * for details, see https://www.php.net/releases/8.2/en.php https://www.php.net/manual/en/migration82.php - modified patches % php-ar-flags.patch (refreshed) % php-build-reproducible-phar.patch (refreshed) % php-date-regenerate-lexers.patch (refreshed) % php-ini.patch (refreshed) % php-systzdata-v23.patch (refreshed) - CVE-2023-3247 [bsc#1212349] * Tue May 30 2023 pgajdos@suse.com - version update to 8.1.20 * This is a security release. * https://www.php.net/ChangeLog-8.php#8.1.20 - force to repack tarball after update https://github.com/php/php-src/issues/11300 - session.save_path set to /var/lib/php8/sessions in mod_php8.conf and www.conf php-fpm pool example - modified sources % mod_php8.conf - added sources + repack.sh + php-unicode-allow-redistribution.patch * Thu May 25 2023 pgajdos@suse.com - repack the tarball temporarily [bsc#1211648] * Tue May 23 2023 pgajdos@suse.com - also MIT license (systzdata patch, ext/date/lib/parse_posix.c) [https://build.suse.de/request/show/298230] * Fri May 12 2023 pgajdos@suse.com - version update to 8.1.19 * This is a bug fix release. * https://www.php.net/ChangeLog-8.php#8.1.19 - modified patches % php-ar-flags.patch (refreshed) % php-build-reproducible-phar.patch (refreshed) % php-ini.patch (refreshed) % php-systzdata-v23.patch (refreshed) * Wed May 10 2023 pgajdos@suse.com - downgrade back to 8.1.18 https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/4ADCEV2FII7J5FZEWREFETTEVX7CDUSR/ * Thu May 04 2023 pgajdos@suse.com - version update to 8.2.5 * Readonly classes * Disjunctive Normal Form (DNF) Types * Allow null, false, and true as stand-alone types * New "Random" extension * Constants in traits * Deprecate dynamic properties * for details, see https://www.php.net/releases/8.2/en.php https://www.php.net/manual/en/migration82.php - modified patches % php-ar-flags.patch (refreshed) % php-build-reproducible-phar.patch (refreshed) % php-ini.patch (refreshed) - deleted patches - php-crypt-tests.patch (not needed) - modified sources % php8.keyring * Thu Apr 20 2023 Arjen de Korte <suse+build@de-korte.org> - The %_restart_on_update macro was removed from systemd-rpm-macros. Remove %posttrans for FPM as it wasn't working as intended anyway. [boo#1210576] * Fri Apr 14 2023 pgajdos@suse.com - version update to 8.1.18 * This is a bug fix release. https://www.php.net/ChangeLog-8.php#8.1.18 - modified patches % php-ar-flags.patch (refreshed) % php-build-reproducible-phar.patch (refreshed) % php-ini.patch (refreshed) * Thu Mar 16 2023 pgajdos@suse.com - version update to 8.1.17 * This is a bug fix release. https://www.php.net/ChangeLog-8.php#8.1.17 * Tue Mar 14 2023 pgajdos@suse.com - update to newest systzdata patch [bsc#1208199] - deleted patches - php-systzdata-v21.patch (upstreamed) - added patches fix use of the system timezone database + php-systzdata-v23.patch * Sun Mar 05 2023 Aeneas Jaißle <aj@ajaissle.de> - add "/usr/share/php" to include_path * Fri Mar 03 2023 pgajdos@suse.com - allow to specify load order of extensions in %{php_sysconf}/conf.d [bsc#1205162] * Sat Feb 25 2023 Arjen de Korte <suse+build@de-korte.org> - change to %bcond conditional build dependencies * Thu Feb 16 2023 pgajdos@suse.com - version update to 8.1.16 * This is a security release that addresses CVE-2023-0567, CVE-2023-0568, and CVE-2023-0662. ([bsc#1208366], [bsc#1208367], [bsc#1208388]) * https://www.php.net/ChangeLog-8.php#8.1.16 * Fri Feb 03 2023 pgajdos@suse.com - version update to 8.1.15 * This is a bug fix release. * https://www.php.net/ChangeLog-8.php#8.1.15 * Fri Jan 06 2023 pgajdos@suse.com - version update to 8.1.14 * This is a security release. * fixed: CVE-2022-31631 [bsc#1206958] * https://www.php.net/ChangeLog-8.php#8.1.14 * Wed Nov 30 2022 pgajdos@suse.com - amend %preun to fix [bsc#1205782] * Fri Nov 25 2022 pgajdos@suse.com - version update to 8.1.13 * This is a bug fix release. * https://www.php.net/ChangeLog-8.php#8.1.13 * Mon Oct 31 2022 pgajdos@suse.com - version update to 8.1.12 * This is a security release. * fixed: CVE-2022-31630 [bsc#1204979], CVE-2022-37454 [bsc#1204577] * https://www.php.net/ChangeLog-8.php#8.1.12 * Thu Sep 29 2022 pgajdos@suse.com - version update to 8.1.11 * This is a security release. * CVEs fixed: CVE-2022-31628 [bsc#1203867], CVE-2022-31629 [bsc#1203870] https://www.php.net/ChangeLog-8.php#8.1.11 * Fri Sep 02 2022 pgajdos@suse.com - version update to 8.1.10 * This is a bug fix release. https://www.php.net/ChangeLog-8.php#8.1.10 * Fri Aug 19 2022 pgajdos@suse.com - version update to 8.1.9 * This is a bug fix release. https://www.php.net/ChangeLog-8.php#8.1.9 * Mon Jul 18 2022 pgajdos@suse.com - version update to 8.1.8 * This is a security release. https://www.php.net/ChangeLog-8.php#8.1.8 - fixes CVE-2022-31627 [bsc#1201499] * Fri Jun 10 2022 pgajdos@suse.com - version update to 8.1.7 * This is a security release. https://www.php.net/ChangeLog-8.php#8.1.7 * CVE-2022-31625 [bsc#1200645] * CVE-2022-31626 [bsc#1200628] * Wed May 25 2022 pgajdos@suse.com - version update to 8.1.6: * This is a bug fix release. https://www.php.net/ChangeLog-8.php#8.1.6 * Wed Apr 20 2022 pgajdos@suse.com - version update to 8.1.5: * This is a bug fix release. https://www.php.net/ChangeLog-8.php#8.1.5 * [bsc#1197644] * Mon Apr 11 2022 pgajdos@suse.com - fpm %postrans: check whether sytemctl is available * Fri Apr 08 2022 Arjen de Korte <suse+build@de-korte.org> - Disable build with '-z now' as it breaks the php-mysql extension [boo#1197994] * Thu Mar 31 2022 Arjen de Korte <suse+build@de-korte.org> - build PHP-FPM with libacl support (boo#1196870) * Thu Mar 17 2022 Arjen de Korte <suse+build@de-korte.org> - updated to 8.1.4: This is a bug fix release. See https://www.php.net/ChangeLog-8.php#8.1.4 * Fri Feb 25 2022 Dominique Leuenberger <dimstar@opensuse.org> - Fix boolean dep supplements: add parantheses. Without parantheses, this results in three separate supplements, against 'php-fpm', 'and', and 'apache2' (boo#1196492). * Fri Feb 18 2022 Arjen de Korte <suse+build@de-korte.org> - updated to 8.1.3: This is a security release (CVE-2021-21708 [bsc#1196252]) which also contains several bug fixes. See https://www.php.net/ChangeLog-8.php#8.1.3 * Fri Feb 11 2022 Arjen de Korte <suse+build@de-korte.org> - provide an Apache configuration for PHP-FPM + php8-fpm.conf * Fri Jan 28 2022 Arjen de Korte <suse+build@de-korte.org> - update keyring to include PHP 8.1 release managers signing keys % php8.keyring * Thu Jan 20 2022 Arjen de Korte <suse+build@de-korte.org> - updated to 8.1.2: This is a bug fix release. See https://www.php.net/ChangeLog-8.php#8.1.2 - updated to 8.1.1: This is a bug fix release. See https://www.php.net/ChangeLog-8.php#8.1.1 - update to 8.1.0: This release marks the latest major release of the PHP language. See https://www.php.net/ChangeLog-8.php#8.1.0 - cleanup php8.rpmlintrc - build ffi extension (experimental) - enable avif support for gd extension - rebased patches % php-ar-flags.patch % php-crypt-tests.patch % php-ini.patch % php-build-reproducible-phar.patch - deleted patches - php-systzdata-v20.patch - php8-gd-removed-unused-constants.patch - added patch + php-systzdata-v21.patch * Thu Jan 20 2022 Arjen de Korte <suse+build@de-korte.org> - updated to 8.0.15: This is a bug fix release. See https://www.php.net/ChangeLog-8.php#8.0.15 * Sun Jan 09 2022 Arjen de Korte <suse+build@de-korte.org> - use /tmp to store session information (boo#1194414) % php-ini.patch
/etc/php8/cli /etc/php8/cli/php.ini /usr/bin/php /usr/bin/php8 /usr/share/man/man1/php.1.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Fri Oct 24 22:39:43 2025