February 2023 Releases

February 14, 2023

Security release for community-supported PHP versions 8.2.3, 8.1.16, and 8.0.28.

Version 8.2.3 Community Fixes

- Core:
 . Fixed bug #81744 (Password_verify() always return true with some hash).
   (CVE-2023-0567)
 . Fixed bug #81746 (1-byte array overrun in common path resolve code).
   (CVE-2023-0568)

- FPM:
 . Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart
   request body). (CVE-2023-0662)

Version 8.1.16 Community Fixes

- Core:
 . Fixed bug #81744 (Password_verify() always return true with some hash).
   (CVE-2023-0567).
 . Fixed bug #81746 (1-byte array overrun in common path resolve code).
   (CVE-2023-0568).

- SAPI:
 . Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart
   request body). (CVE-2023-0662)

Version 8.0.28 Community Fixes

- Core:
 . Fixed bug #81744 (Password_verify() always return true with some hash).
   (CVE-2023-0567).
 . Fixed bug #81746 (1-byte array overrun in common path resolve code). 
   (CVE-2023-0568).

- SAPI:
 . Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart
   request body). (CVE-2023-0662)
 

February 02, 2023
 

PHP 8.2.2 Community Fixes

- Core:
 . Fixed bug GH-10200 (zif_get_object_vars:
   Assertion `!(((__ht)->u.flags & (1<<2)) != 0)' failed).
 . Fix GH-10251 (Assertion `(flag & (1<<3)) == 0' failed).
 . Fix GH-10240 (Assertion failure when adding more than 2**30 elements to an
   unpacked array).
 . Fix GH-9735 (Fiber stack variables do not participate in cycle collector).
 . Fix GH-9675 (Broken run_time_cache init for internal enum methods).
 

- FPM:
 . Fixed bug #77106 (Missing separator in FPM FastCGI errors). 
 . Fixed bug GH-9981 (FPM does not reset fastcgi.error_header).
 . Fixed bug #68591 (Configuration test does not perform UID lookups).
 . Fixed memory leak when running FPM config test.
 . Fixed bug #67244 (Wrong owner:group for listening unix socket).

- Hash:
 . Handle exceptions from __toString in XXH3's initialization

- LDAP:
 . Fixed bug GH-10112 (LDAP\Connection::__construct() refers to ldap_create()).
  

- Opcache:
 . Fix inverted bailout value in zend_runtime_jit() 
 . Fix access to uninitialized variable in accel_preload().
 . Fix zend_jit_find_trace() crashes.
 . Added missing lock for EXIT_INVALIDATE in zend_jit_trace_exit.

- Phar:
 . Fix wrong flags check for compression method in phar_object.c 

- PHPDBG:
 . Fix undefined behaviour in phpdbg_load_module_or_extension(). 
 . Fix NULL pointer dereference in phpdbg_create_conditional_breal().
 . Fix GH-9710: phpdbg memory leaks by option "-h" 
 . Fix phpdbg segmentation fault in case of malformed input 

- Posix:
 . Fix memory leak in posix_ttyname() 

- Random:
 . Fixed bug GH-10247 (Theoretical file descriptor leak for /dev/urandom).

- Standard:
 . Fix GH-10187 (Segfault in stripslashes() with arm64). 
 . Fixed bug GH-10214 (Incomplete validation of object syntax during
   unserialize()). 
 . Fix substr_replace with slots in repl_ht being UNDEF. 

- XMLWriter
 . Fix missing check for xmlTextWriterEndElement 

PHP 8.1.15 Community Fixes

- Apache:
 . Fixed bug GH-9949 (Partial content on incomplete POST request). 

- Core:
 . Fixed bug GH-10072 (PHP crashes when execute_ex is overridden and a __call
   trampoline is used from internal code). 
 . Fix GH-10251 (Assertion `(flag & (1<<3)) == 0' failed). 
 . Fix wrong comparison in block optimisation pass after opcode update.
 . Fix GH-10248 (Assertion `!(zval_get_type(&(*(property))) == 10)' failed).

- Date:
 . Fixed bug GH-9891 (DateTime modify with unixtimestamp (@) must work like
   setTimestamp).
 . Fixed bug GH-10218 (DateTimeZone fails to parse time zones that contain the
   "+" character). 

- Fiber:
 . Fix assertion on stack allocation size.

- FPM:
 . Fixed bug GH-9981 (FPM does not reset fastcgi.error_header).
 . Fixed bug #67244 (Wrong owner:group for listening unix socket).

- Hash:
 . Handle exceptions from __toString in XXH3's initialization

- LDAP:
 . Fixed bug GH-10112 (LDAP\Connection::__construct() refers to ldap_create()).

- MBString:
 . Fixed: mb_strlen (and a couple of other mbstring functions) would wrongly treat 0x80, 0xFD, 0xFE, 0xFF, and certain other byte values as the first byte of a 2-byte SJIS character.

- Opcache:
 . Fix inverted bailout value in zend_runtime_jit() 
 . Fix access to uninitialized variable in accel_preload(). 
 . Fix zend_jit_find_trace() crashes.
 . Added missing lock for EXIT_INVALIDATE in zend_jit_trace_exit. 

- Phar:
 . Fix wrong flags check for compression method in phar_object.c 

- PHPDBG:
 . Fix undefined behaviour in phpdbg_load_module_or_extension().
 . Fix NULL pointer dereference in phpdbg_create_conditional_breal().
 . Fix GH-9710: phpdbg memory leaks by option "-h"
 . Fix phpdbg segmentation fault in case of malformed input

- Posix:
 . Fix memory leak in posix_ttyname()

- Standard:
 . Fix GH-10187 (Segfault in stripslashes() with arm64). 
 . Fix substr_replace with slots in repl_ht being UNDEF.

- TSRM:
 . Fixed Windows shmget() wrt. IPC_PRIVATE.

- XMLWriter
 . Fix missing check for xmlTextWriterEndElement