Commit d935e3aa3b6 for php.net
commit d935e3aa3b65e83cfb29640a6a3adc00f451c867
Merge: 43a4f91c52a b63fe81e2d8
Author: Ilija Tovilo <ilija.tovilo@me.com>
Date: Tue Apr 7 19:10:59 2026 +0200
Merge branch 'PHP-8.3' into PHP-8.4
* PHP-8.3:
curl: add support for brotli and zstd on Windows
diff --cc NEWS
index e05216ed331,a376b45f450..45d5a171d6a
--- a/NEWS
+++ b/NEWS
@@@ -1,251 -1,11 +1,254 @@@
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-?? ??? ????, PHP 8.3.31
+?? ??? ????, PHP 8.4.21
+
+- Core:
+ . Fixed bug GH-19983 (GC assertion failure with fibers, generators and
+ destructors). (iliaal)
+ . Fixed bug GH-21478 (Forward property operations to real instance for
+ initialized lazy proxies). (iliaal)
+ - Curl:
+ . Add support for brotli and zstd on Windows. (Shivam Mathur)
+
-15 Jan 2026, PHP 8.3.30
+- DOM:
+ . Fixed bug GH-21566 (Dom\XMLDocument::C14N() emits duplicate xmlns
+ declarations after setAttributeNS()). (David Carlier)
+
+- Iconv:
+ . Fixed bug GH-17399 (iconv memory leak on bailout). (iliaal)
+
+- Opcache:
+ . Fixed bug GH-21158 (JIT: Assertion jit->ra[var].flags & (1<<0) failed in
+ zend_jit_use_reg). (Arnaud)
+ . Fixed bug GH-21593 (Borked function JIT JMPNZ smart branch). (ilutov)
+
+- OpenSSL:
+ . Fix a bunch of memory leaks and crashes on edge cases. (ndossche)
+
+- SPL:
+ . Fixed bug GH-21499 (RecursiveArrayIterator getChildren UAF after parent
+ free). (Girgias)
+ . Fix concurrent iteration and deletion issues in SplObjectStorage.
+ (ndossche)
+
+- Streams:
+ . Fixed bug GH-21468 (Segfault in file_get_contents w/ a https URL
+ and a proxy set). (ndossche)
+
+- XSL:
+ . Fixed bug GH-21600 (Segfault on module shutdown). (David Carlier)
+
+09 Apr 2026, PHP 8.4.20
+
+- Bz2:
+ . Fix truncation of total output size causing erroneous errors. (ndossche)
+
+- Core:
+ . Fixed bugs GH-20875, GH-20873, GH-20854 (Propagate IN_GET guard in
+ get_property_ptr_ptr for lazy proxies). (iliaal)
+
+- DOM:
+ . Fixed bug GH-21486 (Dom\HTMLDocument parser mangles xml:space and
+ xml:lang attributes). (ndossche)
+
+- FFI:
+ . Fixed resource leak in FFI::cdef() onsymbol resolution failure.
+ (David Carlier)
+
+- GD:
+ . Fixed bug GH-21431 (phpinfo() to display libJPEG 10.0 support).
+ (David Carlier)
+
+- Opcache:
+ . Fixed bug GH-20838 (JIT compiler produces wrong arithmetic results).
+ (Dmitry, iliaal)
+ . Fixed bug GH-21267 (JIT tracing: infinite loop on FETCH_OBJ_R with
+ IS_UNDEF property in polymorphic context). (Dmitry, iliaal)
+ . Fixed bug GH-21395 (uaf in jit). (ndossche)
+
+- OpenSSL:
+ . Fixed bug GH-21083 (Skip private_key_bits validation for EC/curve-based
+ keys). (iliaal)
+ . Fix missing error propagation for BIO_printf() calls. (ndossche)
+
+- PCRE:
+ . Fixed re-entrancy issue on php_pcre_match_impl, php_pcre_replace_impl,
+ php_pcre_split_impl, and php_pcre_grep_impl. (David Carlier)
+
+- PGSQL:
+ . Fixed preprocessor silently guarding PGSQL_SUPPRESS_TIMESTAMPS support
+ due to a typo. (KentarouTakeda)
+
+- SNMP:
+ . Fixed bug GH-21336 (SNMP::setSecurity() undefined behavior with
+ NULL arguments). (David Carlier)
+
+- SOAP:
+ . Fixed Set-Cookie parsing bug wrong offset while scanning attributes.
+ (David Carlier)
+
+- SPL:
+ . Fixed bug GH-21454 (missing write lock validation in SplHeap).
+ (ndossche)
+
+- Standard:
+ . Fixed bug GH-20906 (Assertion failure when messing up output buffers).
+ (ndossche)
+ . Fixed bug GH-20627 (Cannot identify some avif images with getimagesize).
+ (y-guyon)
+
+- Sysvshm:
+ . Fix memory leak in shm_get_var() when variable is corrupted. (ndossche)
+
+- XSL:
+ . Fix GH-21357 (XSLTProcessor works with DOMDocument, but fails with
+ Dom\XMLDocument). (ndossche)
+ . Fixed bug GH-21496 (UAF in dom_objects_free_storage).
+ (David Carlier/ndossche)
+
+12 Mar 2026, PHP 8.4.19
+
+- Core:
+ . Fixed bug GH-21029 (zend_mm_heap corrupted on Aarch64, LTO builds). (Arnaud)
+ . Fixed bug GH-20657 (Assertion failure in zend_lazy_object_get_info triggered
+ by setRawValueWithoutLazyInitialization() and newLazyGhost()). (Arnaud)
+ . Fixed bug GH-20504 (Assertion failure in zend_get_property_guard when
+ accessing properties on Reflection LazyProxy via isset()). (Arnaud)
+ . Fixed OSS-Fuzz #478009707 (Borked assign-op/inc/dec on untyped hooked
+ property backing value). (ilutov)
+ . Fixed bug GH-21215 (Build fails with -std=). (Arnaud)
+ . Fixed bug GH-13674 (Build system installs libtool wrappers when using
+ slibtool). (Michael Orlitzky)
+
+- Curl:
+ . Fixed bug GH-21023 (CURLOPT_XFERINFOFUNCTION crash with a null callback).
+ (David Carlier)
+ . Don't truncate length. (ndossche)
+
+- Date:
+ . Fixed bug GH-20936 (DatePeriod::__set_state() cannot handle null start).
+ (ndossche)
+ . Fix timezone offset with seconds losing precision. (ndossche)
+
+- DOM:
+ . Fixed bug GH-21077 (Accessing Dom\Node::baseURI can throw TypeError).
+ (ndossche)
+ . Fixed bug GH-21097 (Accessing Dom\Node properties can can throw TypeError).
+ (ndossche)
+
+- MBString:
+ . Fixed bug GH-21223; mb_guess_encoding no longer crashes when passed huge
+ list of candidate encodings (with 200,000+ entries). (Jordi Kroon)
+
+- Opcache:
+ . Fixed bug GH-20718 ("Insufficient shared memory" when using JIT on Solaris).
+ (Petr Sumbera)
+ . Fixed bug GH-21227 (Borked SCCP of array containing partial object).
+ (ilutov)
+ . Fixed bug GH-21052 (Preloaded constant erroneously propagated to file-cached
+ script). (ilutov)
+
+- OpenSSL:
+ . Fix a bunch of leaks and error propagation. (ndossche)
+
+- PCNTL:
+ . Fixed pcntl_setns() internal errors handling regarding errnos.
+ (David Carlier/ndossche)
+ . Fixed cpuset leak in pcntl_setcpuaffinity on out-of-range CPU ID
+ on NetBSD/Solaris platforms. (David Carlier)
+ . Fixed pcntl_signal() signal table registering the callback first
+ OS-wise before the internal list. (David Carlier)
+ . Fixed pcntl_signal_dispatch() stale pointer and exception
+ handling. (David Carlier)
+
+- PCRE:
+ . Fixed preg_match memory leak with invalid regexes. (David Carlier)
+ . Fixed pcre2_code leak when pcre2_pattern_info() fails after a
+ successful pcre2_compile(), and match_sets/match_data/marks leaks
+ in php_pcre_match_impl(). (David Carlier)
+
+- PDO_PGSQL:
+ . Fixed bug GH-21055 (connection attribute status typo for GSS negotiation).
+ (lsaos)
+
+- PGSQL:
+ . Fixed bug GH-21162 (pg_connect() memory leak on error).
+ (David Carlier)
+
+- Sockets:
+ . Fixed bug GH-21161 (socket_set_option() crash with array 'addr'
+ entry as null). (David Carlier)
+ . Fixed possible addr length overflow with socket_connect() and AF_UNIX
+ family sockets. (David Carlier)
+
+- Windows:
+ . Fixed compilation with clang (missing intrin.h include). (Kévin Dunglas)
+
+12 Feb 2026, PHP 8.4.18
+
+- Core:
+ . Fixed bug GH-20837 (NULL dereference when calling ob_start() in shutdown
+ function triggered by bailout in php_output_lock_error()). (timwolla)
+ . Fix OSS-Fuzz #471533782 (Infinite loop in GC destructor fiber). (ilutov)
+ . Fix OSS-Fuzz #472563272 (Borked block_pass JMP[N]Z optimization). (ilutov)
+ . Fixed bug GH-GH-20914 (Internal enums can be cloned and compared). (Arnaud)
+ . Fix OSS-Fuzz #474613951 (Leaked parent property default value). (ilutov)
+ . Fixed bug GH-20766 (Use-after-free in FE_FREE with GC interaction). (Bob)
+ . Fix OSS-Fuzz #471486164 (Broken by-ref assignment to uninitialized hooked
+ backing value). (ilutov)
+ . Fix OSS-Fuzz #438780145 (Nested finally with repeated return type check may
+ uaf). (ilutov)
+ . Fixed bug GH-20905 (Lazy proxy bailing __clone assertion). (ilutov)
+ . Fixed bug GH-20479 (Hooked object properties overflow). (ndossche)
+
+- Date:
+ . Update timelib to 2022.16. (Derick)
+
+- DOM:
+ . Fixed GH-21041 (Dom\HTMLDocument corrupts closing tags within scripts).
+ (lexborisov)
+
+- MbString:
+ . Fixed bug GH-20833 (mb_str_pad() divide by zero if padding string is
+ invalid in the encoding). (ndossche)
+ . Fixed bug GH-20836 (Stack overflow in mb_convert_variables with
+ recursive array references). (alexandre-daubois)
+
+- Opcache:
+ . Fixed bug GH-20818 (Segfault in Tracing JIT with object reference).
+ (khasinski)
+
+- OpenSSL:
+ . Fix memory leaks when sk_X509_new_null() fails. (ndossche)
+ . Fix crash when in openssl_x509_parse() when i2s_ASN1_INTEGER() fails.
+ (ndossche)
+ . Fix crash in openssl_x509_parse() when X509_NAME_oneline() fails.
+ (ndossche)
+
+- Phar:
+ . Fixed bug GH-20882 (buildFromIterator breaks with missing base directory).
+ (ndossche)
+
+- PGSQL:
+ . Fixed INSERT/UPDATE queries building with PQescapeIdentifier() and possible
+ UB. (David Carlier)
+
+- Readline:
+ . Fixed bug GH-18139 (Memory leak when overriding some settings
+ via readline_info()). (ndossche)
+
+- SPL:
+ . Fixed bug GH-20856 (heap-use-after-free in SplDoublyLinkedList iterator
+ when modifying during iteration). (ndossche)
+
+- Standard:
+ . Fixed bug #74357 (lchown fails to change ownership of symlink with ZTS)
+ (Jakub Zelenka)
+ . Fixed bug GH-20843 (var_dump() crash with nested objects)
+ (David Carlier)
+
+15 Jan 2026, PHP 8.4.17
- Core:
. Fix OSS-Fuzz #465488618 (Wrong assumptions when dumping function signature
diff --cc ext/curl/config.w32
index 407659cf651,351051eb6b1..c45d7b6bd2e
--- a/ext/curl/config.w32
+++ b/ext/curl/config.w32
@@@ -22,12 -22,16 +22,15 @@@ if (PHP_CURL != "no")
(((PHP_ZLIB=="no") && (CHECK_LIB("zlib_a.lib;zlib.lib", "curl", PHP_CURL))) ||
(PHP_ZLIB_SHARED && CHECK_LIB("zlib.lib", "curl", PHP_CURL)) || (PHP_ZLIB == "yes" && (!PHP_ZLIB_SHARED))) &&
!isNaN(ver_num) &&
- (ver_num <= parseInt("0x073b00") || ver_num > parseInt("0x073b00") &&
- CHECK_LIB("normaliz.lib", "curl", PHP_CURL) &&
- CHECK_LIB("libssh2.lib", "curl", PHP_CURL) &&
- CHECK_LIB("nghttp2.lib", "curl", PHP_CURL) &&
- CHECK_LIB("brotlidec.lib", "curl", PHP_CURL) &&
- CHECK_LIB("brotlicommon.lib", "curl", PHP_CURL) &&
- CHECK_LIB("libzstd.lib", "curl", PHP_CURL))
+ (CHECK_LIB("normaliz.lib", "curl", PHP_CURL) &&
+ CHECK_LIB("libssh2.lib", "curl", PHP_CURL) &&
- CHECK_LIB("nghttp2.lib", "curl", PHP_CURL))
++ CHECK_LIB("nghttp2.lib", "curl", PHP_CURL) &&
++ CHECK_LIB("brotlidec.lib", "curl", PHP_CURL) &&
++ CHECK_LIB("brotlicommon.lib", "curl", PHP_CURL) &&
++ CHECK_LIB("libzstd.lib", "curl", PHP_CURL))
) {
EXTENSION("curl", "interface.c multi.c share.c curl_file.c");
- AC_DEFINE('HAVE_CURL', 1, 'Have cURL library');
+ AC_DEFINE('HAVE_CURL', 1, "Define to 1 if the PHP extension 'curl' is available.");
ADD_FLAG("CFLAGS_CURL", "/D PHP_CURL_EXPORTS=1");
if (curl_location.match(/libcurl_a\.lib$/)) {
ADD_FLAG("CFLAGS_CURL", "/D CURL_STATICLIB");