ZendPHP December 2023 Releases

ZendPHP Fix

Fixed LDAP extension functionality for TLS on IBM i

Community fixes for 8.3.1

  • Core

    • Fixed bug GH-12758 / GH-12768: Invalid opline in OOM handlers within ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC.
    • Fix various missing NULL checks.
    • Fixed bug GH-12835: Leak of call->extra_named_params on internal __call.
    • Fixed bug GH-12826: Weird pointers issue in nested loops.

  • FPM

    • Fixed bug GH-12705: Segmentation fault in fpm_status_export_to_zval.

  • FTP

    • Fixed bug GH-9348: FTP & SSL session reuse.

  • LibXML

    • Fixed test failures for libxml2 2.12.0.

  • MySQLnd

    • Avoid using uninitialised struct.
    • Fixed bug GH-12791: Possible dereference of NULL in MySQLnd debug code.

  • Opcache

    • Fixed JIT bug: Function JIT emits "Uninitialized string offset" warning at the same time as invalid offset Error.
    • Fixed JIT bug: JIT emits "Attempt to assign property of non-object" warning at the same time as Error is being thrown.

  • PDO PGSQL

    • Fixed the default value of $fetchMode in PDO::pgsqlGetNotify()

  • SOAP

    • Fixed bug GH-12838: [SOAP] Temporary WSDL cache files not being deleted.

  • Standard

    • Fixed GH-12745: http_build_query() default null argument for $arg_separator is implicitly coerced to string.

Community fixes for 8.2.14

  • Core

    • Fixed oss-fuzz #54325: Use-after-free of name in var-var with malicious error handler.
    • Fixed oss-fuzz #64209: In-place modification of filename in php_message_handler_for_zend.
    • Fixed bug GH-12758 / GH-12768: Invalid opline in OOM handlers within ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC.
    • Fix various missing NULL checks.
    • Fixed bug GH-12835: Leak of call->extra_named_params on internal __call.

  • Date

    • Fixed improbably integer overflow while parsing really large (or small) Unix timestamps.

  • DOM

    • Fixed bug GH-12616: DOM: Removing XMLNS namespace node results in invalid default: prefix.

  • FPM

    • Fixed bug GH-12705: Segmentation fault in fpm_status_export_to_zval.

  • FTP

    • Fixed bug GH-9348: FTP & SSL session reuse.

  • Intl

    • Fixed bug GH-12635: Test bug69398.phpt fails with ICU 74.1.

  • LibXML

    • Fixed bug GH-12702: libxml2 2.12.0 issue building from src.
    • Fixed test failures for libxml2 2.12.0.

  • MySQLnd

    • Avoid using uninitialised struct.
    • Fixed bug GH-12791: Possible dereference of NULL in MySQLnd debug code.

  • Opcache

    • Fixed JIT bug: Function JIT emits "Uninitialized string offset" warning at the same time as invalid offset Error.
    • Fixed JIT bug: JIT emits "Attempt to assign property of non-object" warning at the same time as Error is being thrown.

  • OpenSSL

    • Fixed bug #50713: openssl_pkcs7_verify() may ignore untrusted CAs.

  • PCRE

    • Fixed bug GH-12628: The gh11374 test fails on Alpinelinux.

  • PDO PGSQL

    • Fixed the default value of $fetchMode in PDO::pgsqlGetNotify()

  • PGSQL

    • Fixed bug GH-12763: wrong argument type for pg_untrace.

  • PHPDBG

    • Fixed bug GH-12675: MEMORY_LEAK in phpdbg_prompt.c.

  • SOAP

    • Fixed bug GH-12838: [SOAP] Temporary WSDL cache files not being deleted.

  • SPL

    • Fixed bug GH-12721: SplFileInfo::getFilename() segfault in combination with GlobIterator and no directory separator.

  • SQLite3

    • Fixed bug GH-12633: sqlite3_defensive.phpt fails with sqlite 3.44.0.

  • Standard:

    • Fix memory leak in syslog device handling.
    • Fixed bug GH-12621: browscap segmentation fault when configured in the vhost.
    • Fixed bug GH-12655: proc_open() does not take into account references in the descriptor array.

  • Streams

    • Fixed bug #79945: Stream wrappers in imagecreatefrompng causes segfault.

  • Zip:

    • Fixed bug GH-12661: Inconsistency in ZipArchive::addGlob remove_path Option Behavior.

Community fixes for 8.1.27

  • Core

    • Fixed oss-fuzz #54325: Use-after-free of name in var-var with malicious error handler.
    • Fixed oss-fuzz #64209: In-place modification of filename in php_message_handler_for_zend.
    • Fixed bug GH-12758 / GH-12768: Invalid opline in OOM handlers within ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC.

  • DOM

    • Fixed bug GH-12616: DOM: Removing XMLNS namespace node results in invalid default: prefix.

  • FPM

    • Fixed bug GH-12705: Segmentation fault in fpm_status_export_to_zval.

  • Intl

    • Fixed bug GH-12635: Test bug69398.phpt fails with ICU 74.1.

  • LibXML

    • Fixed bug GH-12702: libxml2 2.12.0 issue building from src.

  • MySQLnd

    • Avoid using uninitialised struct.

  • OpenSSL

    • Fixed bug #50713: openssl_pkcs7_verify() may ignore untrusted CAs.

  • PCRE

    • Fixed bug GH-12628: The gh11374 test fails on Alpinelinux.

  • PGSQL

    • Fixed bug GH-12763: wrong argument type for pg_untrace.

  • PHPDBG

    • Fixed bug GH-12675: MEMORY_LEAK in phpdbg_prompt.c.

  • SQLite3

    • Fixed bug GH-12633: sqlite3_defensive.phpt fails with sqlite 3.44.0.

  • Standard

    • Fix memory leak in syslog device handling.
    • Fixed bug GH-12621: browscap segmentation fault when configured in the vhost.
    • Fixed bug GH-12655: proc_open() does not take into account references in the descriptor array.

  • Streams

    • Fixed bug #79945: Stream wrappers in imagecreatefrompng causes segfault.

  • Zip

    • Fixed bug GH-12661: Inconsistency in ZipArchive::addGlob remove_path Option Behavior.