Commit 3f1409b024e for php.net
commit 3f1409b024ea59635ca239cdabbdd22b3d3a202c
Merge: 114260bdc4e d74085bf8c7
Author: Alexandre Daubois <alex.daubois@gmail.com>
Date: Thu Dec 4 09:12:35 2025 +0100
Merge branch 'PHP-8.5'
* PHP-8.5:
Fix GH-20370: forbid user stream filters to violate typed property constraints (#20373)
diff --cc NEWS
index d8242f50594,37c7e8734fc..1ec90015ef2
--- a/NEWS
+++ b/NEWS
@@@ -39,22 -517,222 +39,24 @@@ PH
. Fixed bug GH-20217 (ReflectionClass::isIterable() incorrectly returns true
for classes with property hooks). (alexandre-daubois)
-- SAPI:
- . Fixed bug GH-18582 and #81451: http_response_code() does not override the
- status code generated by header(). (ilutov, Jakub Zelenka)
-
-- Session:
- . session_start() throws a ValueError on option argument if not a hashmap
- or a TypeError if read_and_close value is not compatible with int.
- (David Carlier)
- . Added support for partitioned cookies. (nielsdos)
- . Fix RC violation of session SID constant deprecation attribute. (ilutov)
- . Fixed GH-19197: build broken with ZEND_STRL usage with memcpy
- when implemented as macro. (David Carlier)
-
-- SimpleXML:
- . Fixed bug GH-12231 (SimpleXML xpath should warn when returning other return
- types than node lists). (nielsdos)
-
-- SNMP:
- . snmpget, snmpset, snmp_get2, snmp_set2, snmp_get3, snmp_set3 and
- SNMP::__construct() throw an exception on invalid hostname, community
- timeout and retries arguments. (David Carlier)
-
-- SOAP:
- . Added support for configuring the URI parser for SoapClient::__doRequest()
- as described in https://wiki.php.net/rfc/url_parsing_api#plugability.
- (kocsismate)
- . Implement request #55503 (Extend __getTypes to support enumerations).
- (nielsdos, datibbaw)
- . Implement request #61105 (Support Soap 1.2 SoapFault Reason Text lang
- attribute). (nielsdos)
- . Fixed bug #49169 (SoapServer calls wrong function, although "SOAP action"
- header is correct). (nielsdos)
- . Fix namespace handling of WSDL and XML schema in SOAP,
- fixing at least GH-16320 and bug #68576. (nielsdos)
- . Fixed bug #70951 (Segmentation fault on invalid WSDL cache). (nielsdos)
- . Fixed bug GH-19773 (SIGSEGV due to uninitialized soap_globals->lang_en).
- (nielsdos, KaseyJenkins)
- . Fixed bug GH-19226 (Segfault when spawning new thread in soap extension).
- (Florian Engelhardt)
-
-- Sockets:
- . Added IPPROTO_ICMP/IPPROTO_ICMPV6 to create raw socket for ICMP usage.
- (David Carlier)
- . Added TCP_FUNCTION_BLK to change the TCP stack algorithm on FreeBSD.
- (David Carlier)
- . Added IP_BINDANY for a socket to bind to any address. (David Carlier)
- . Added SO_BUSY_POOL to reduce packets poll latency. (David Carlier)
- . Added UDP_SEGMENT support to optimise multiple large datagrams over UDP
- if the kernel and hardware supports it. (David Carlier)
- . Added SHUT_RD, SHUT_WR and SHUT_RDWR constants for socket_shutdown().
- (David Carlier)
- . Added TCP_FUNCTION_ALIAS, TCP_REUSPORT_LB_NUMA, TCP_REUSPORT_LB_NUMA_NODOM,
- TCP_REUSPORT_LB_CURDOM, TCP_BBR_ALGORITHM constants.
- . socket_set_option() catches possible overflow with SO_RCVTIMEO/SO_SNDTIMEO
- with timeout setting on windows. (David Carlier)
- . socket_create_listen() throws an exception on invalid port value.
- (David Carlier)
- . socket_bind() throws an exception on invalid port value.
- (David Carlier)
- . socket_sendto() throws an exception on invalid port value.
- (David Carlier)
- . socket_addrinfo_lookup throws an exception on invalid hints value types.
- (David Carlier)
- . socket_addrinfo_lookup throws an exception if any of the hints value
- overflows. (David Carlier)
- . socket_addrinfo_lookup throws an exception if one or more hints entries
- has an index as numeric. (David Carlier)
- . socket_set_option with the options MCAST_LEAVE_GROUP/MCAST_LEAVE_SOURCE_GROUP
- will throw an exception if its value is not a valid array/object.
- (David Carlier)
- . socket_getsockname/socket_create/socket_bind handled AF_PACKET family socket.
- (David Carlier)
- . socket_set_option for multicast context throws a ValueError
- when the socket family is not of AF_INET/AF_INET6 family. (David Carlier)
-
-- Sodium:
- . Fix overall theoretical overflows on zend_string buffer allocations.
- (David Carlier/nielsdos)
-
-- SPL:
- . Fixed bug GH-20101 (SplHeap/SplPriorityQueue serialization
- exposes INDIRECTs). (nielsdos)
- . Improve __unserialize() hardening for SplHeap/SplPriorityQueue. (nielsdos)
- . Deprecate ArrayObject and ArrayIterator with objects. (Girgias)
- . Unregistering all autoloaders by passing the spl_autoload_call() function
- as a callback argument to spl_autoload_unregister() has been deprecated.
- Instead if this is needed, one should iterate over the return value of
- spl_autoload_functions() and call spl_autoload_unregister() on each
- value. (Girgias)
- . The SplObjectStorage::contains(), SplObjectStorage::attach(), and
- SplObjectStorage::detach() methods have been deprecated in favour of
- SplObjectStorage::offsetExists(), SplObjectStorage::offsetSet(), and
- SplObjectStorage::offsetUnset() respectively. (Girgias)
-
-- Sqlite:
- . Added Sqlite3Stmt::busy to check if a statement is still being executed.
- (David Carlier)
- . Added Sqlite3Stmt::explain to produce an explain query plan from
- the statement. (David Carlier)
- . Added Sqlite3Result::fetchAll to return all results at once from a query.
- (David Carlier)
+- Soap:
+ . Soap::__setCookie() when cookie name is a digit is now not stored and represented
+ as a string anymore but a int. (David Carlier)
- Standard:
- . Add HEIF/HEIC support to getimagesize. (Benstone Zhang)
- . Added support for partitioned cookies. (nielsdos)
- . Implement #71517 (Implement SVG support for getimagesize() and friends).
- (nielsdos)
- . Implement GH-19188: Add support for new INI mail.cr_lf_mode.
- (alexandre-daubois)
- . Optimized PHP html_entity_decode function. (Artem Ukrainskiy)
- . Minor optimization to array_chunk(). (nielsdos)
- . Optimized pack(). (nielsdos, divinity76)
- . Fixed crypt() tests on musl when using --with-external-libcrypt
- (Michael Orlitzky).
- . Fixed bug GH-18062 (is_callable(func(...), callable_name: $name) for first
- class callables returns wrong name). (timwolla)
- . Added array_first() and array_last(). (nielsdos)
- . Fixed bug GH-18823 (setlocale's 2nd and 3rd argument ignores strict_types).
- (nielsdos)
- . Fixed exit code handling of sendmail cmd and added warnings.
- (Jesse Hathaway)
- . Fixed bug GH-18897 (printf: empty precision is interpreted as precision 6,
- not as precision 0). (nielsdos)
- . Fixed bug GH-20257 (mail() heap overflow with an empty message in lf mode).
- (David Carlier)
- . Fixed bug GH-20201 (AVIF images misdetected as HEIF after introducing HEIF
- support in getimagesize()). (nielsdos)
. Fixed bug GH-19926 (reset internal pointer earlier while splicing array
while COW violation flag is still set). (alexandre-daubois)
- . Fixed bug GH-19801 (leaks in var_dump() and debug_zval_dump()).
- (alexandre-daubois)
- . Fixed GH-14402 (SplPriorityQueue, SplMinHeap, and SplMaxHeap lost their
- data on serialize()). (alexandre-daubois)
- . Fixed GH-19610 (Deprecation warnings in functions taking as argument).
- (Girgias)
- . Fixed bug GH-19577 (Avoid integer overflow when using a small offset
- and PHP_INT_MAX with LimitIterator). (alexandre-daubois)
- . Fixed bug GH-19153 (#[\Attribute] validation should error on
- trait/interface/enum/abstract class). (DanielEScherzer)
- . Fixed bug GH-19070 (setlocale($type, NULL) should not be deprecated).
- (nielsdos)
- . Fixed bug GH-16649 (UAF during array_splice). (alexandre-daubois)
- . Passing strings which are not one byte long to ord() is now deprecated.
- (Girgias)
- . Passing integers outside the interval [0, 255] to chr() is now deprecated.
- (Girgias)
- . The socket_set_timeout() alias function has been deprecated. (timwolla)
- . Passing null to readdir(), rewinddir(), and closedir() to use the last
- opened directory has been deprecated. (Girgias)
- Streams:
- . Fixed bug GH-16889 (stream_select() timeout useless for pipes on Windows).
- (cmb)
- . Fixed bug GH-19798: XP_SOCKET XP_SSL (Socket stream modules): Incorrect
- condition for Win32/Win64. (Jakub Zelenka)
- . Fixed bug GH-14506 (Closing a userspace stream inside a userspace handler
- causes heap corruption). (nielsdos)
- . Avoid double conversion to string in php_userstreamop_readdir(). (nielsdos)
-
-- Tests:
- . Allow to shuffle tests even in non-parallel mode. (dhuang00)
-
-- Tidy:
- . tidy::__construct/parseFile/parseString methods throw an exception if
- the configuration argument is invalid. (David Carlier)
- . Fixed GH-19021 (improved tidyOptGetCategory detection).
- (arjendekorte, David Carlier, Peter Kokot)
-
-- Tokenizer:
- . Fixed bug GH-19507 (Corrupted result after recursive tokenization during
- token_get_all()). (kubawerlos, nielsdos, Arnaud)
-
-- Windows:
- . Fixed bug GH-10992 (Improper long path support for relative paths). (cmb,
- nielsdos)
- . Fixed bug GH-16843 (Windows phpize builds ignore source subfolders). (cmb)
- . Fix GH-19722 (_get_osfhandle asserts in debug mode when given a socket).
- (dktapps)
-
-- XML:
- . The xml_parser_free() function has been deprecated. (DanielEScherzer)
-
-- XMLWriter:
- . Improved performance and reduce memory consumption. (nielsdos)
-
-- XSL:
- . Implement request #30622 (make $namespace parameter functional). (nielsdos)
-
-- Zlib:
- . gzfile, gzopen and readgzfile, their "use_include_path" argument
- is now a boolean. (David Carlier)
- . Fixed bug GH-16883 (gzopen() does not use the default stream context when
- opening HTTP URLs). (nielsdos)
- . Implemented GH-17668 (zlib streams should support locking). (nielsdos)
+ . Added so_reuseaddr streams context socket option that allows disabling
+ address resuse.
++ . Fixed bug GH-20370 (User stream filters could violate typed property
++ constraints). (alexandre-daubois)
- Zip:
- . Fixed missing zend_release_fcall_info_cache on the following methods
- ZipArchive::registerProgressCallback() and ZipArchive::registerCancelCallback()
- on failure. (David Carlier)
+ . Fixed ZipArchive callback being called after executor has shut down.
+ (ilutov)
+ . Support minimum version for libzip dependency updated to 1.0.0.
+ (David Carlier)
+
+<<< NOTE: Insert NEWS from last stable release here prior to actual release! >>>