| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: php8-iconv | Distribution: openSUSE Tumbleweed |
| Version: 8.3.14 | Vendor: openSUSE |
| Release: 2.1 | Build date: Thu Nov 21 08:15:54 2024 |
| Group: Development/Libraries/PHP | Build host: reproducible |
| Size: 38777 | Source RPM: php8-8.3.14-2.1.src.rpm |
| Packager: http://bugs.opensuse.org | |
| Url: https://secure.php.net | |
| Summary: Character set conversion functions for PHP | |
This module contains an interface to iconv character set conversion facility. With this module, a string represented by a local character set can be turned into another character set, which may be the Unicode character set. Supported character sets depend on the iconv implementation of your system.
MIT AND PHP-3.01
* Thu Nov 21 2024 [email protected]
- version update to 8.3.14 [bsc#1233644] [bsc#1233651] [bsc#1233703] [bsc#1233702] [bsc#1233705]
CLI:
Fixed bug GH-16373 (Shebang is not skipped for router script in cli-server started through shebang).
Fixed bug GHSA-4w77-75f9-2c8w (Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface).
COM:
Fixed out of bound writes to SafeArray data.
Core:
Fixed bug GH-16168 (php 8.1 and earlier crash immediately when compiled with Xcode 16 clang on macOS 15).
Fixed bug GH-16371 (Assertion failure in Zend/zend_weakrefs.c:646).
Fixed bug GH-16515 (Incorrect propagation of ZEND_ACC_RETURN_REFERENCE for call trampoline).
Fixed bug GH-16509 (Incorrect line number in function redeclaration error).
Fixed bug GH-16508 (Incorrect line number in inheritance errors of delayed early bound classes).
Fixed bug GH-16648 (Use-after-free during array sorting).
Curl:
Fixed bug GH-16302 (CurlMultiHandle holds a reference to CurlHandle if curl_multi_add_handle fails).
Date:
Fixed bug GH-16454 (Unhandled INF in date_sunset() with tiny $utcOffset).
Fixed bug GH-14732 (date_sun_info() fails for non-finite values).
DBA:
Fixed bug GH-16390 (dba_open() can segfault for "pathless" streams).
DOM:
Fixed bug GH-16316 (DOMXPath breaks when not initialized properly).
Add missing hierarchy checks to replaceChild.
Fixed bug GH-16336 (Attribute intern document mismanagement).
Fixed bug GH-16338 (Null-dereference in ext/dom/node.c).
Fixed bug GH-16473 (dom_import_simplexml stub is wrong).
Fixed bug GH-16533 (Segfault when adding attribute to parent that is not an element).
Fixed bug GH-16535 (UAF when using document as a child).
Fixed bug GH-16593 (Assertion failure in DOM->replaceChild).
Fixed bug GH-16595 (Another UAF in DOM -> cloneNode).
EXIF:
Fixed bug GH-16409 (Segfault in exif_thumbnail when not dealing with a real file).
FFI:
Fixed bug GH-16397 (Segmentation fault when comparing FFI object).
Filter:
Fixed bug GH-16523 (FILTER_FLAG_HOSTNAME accepts ending hyphen).
FPM:
Fixed bug GH-16628 (FPM logs are getting corrupted with this log statement).
GD:
Fixed bug GH-16334 (imageaffine overflow on matrix elements).
Fixed bug GH-16427 (Unchecked libavif return values).
Fixed bug GH-16559 (UBSan abort in ext/gd/libgd/gd_interpolation.c:1007).
GMP:
Fixed floating point exception bug with gmp_pow when using large exposant values. (David Carlier).
Fixed bug GH-16411 (gmp_export() can cause overflow).
Fixed bug GH-16501 (gmp_random_bits() can cause overflow).
Fixed gmp_pow() overflow bug with large base/exponents.
Fixed segfaults and other issues related to operator overloading with GMP objects.
LDAP:
Fixed bug GHSA-g665-fm4p-vhff (OOB access in ldap_escape). (CVE-2024-8932)
MBstring:
Fixed bug GH-16361 (mb_substr overflow on start/length arguments).
MySQLnd:
Fixed bug GHSA-h35g-vwh6-m678 (Leak partial content of the heap through heap buffer over-read). (CVE-2024-8929)
Opcache:
Fixed bug GH-16408 (Array to string conversion warning emitted in optimizer).
OpenSSL:
Fixed bug GH-16357 (openssl may modify member types of certificate arrays).
Fixed bug GH-16433 (Large values for openssl_csr_sign() $days overflow).
Fix various memory leaks on error conditions in openssl_x509_parse().
PDO DBLIB:
Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the dblib quoter causing OOB writes). (CVE-2024-11236)
PDO Firebird:
Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the firebird quoter causing OOB writes). (CVE-2024-11236)
PDO ODBC:
Fixed bug GH-16450 (PDO_ODBC can inject garbage into field values).
Phar:
Fixed bug GH-16406 (Assertion failure in ext/phar/phar.c:2808).
PHPDBG:
Fixed bug GH-16174 (Empty string is an invalid expression for ev).
Reflection:
Fixed bug GH-16601 (Memory leak in Reflection constructors).
Session:
Fixed bug GH-16385 (Unexpected null returned by session_set_cookie_params).
Fixed bug GH-16290 (overflow on cookie_lifetime ini value).
SOAP:
Fixed bug GH-16318 (Recursive array segfaults soap encoding).
Fixed bug GH-16429 (Segmentation fault access null pointer in SoapClient).
Sockets:
Fixed bug with overflow socket_recvfrom $length argument.
SPL:
Fixed bug GH-16337 (Use-after-free in SplHeap).
Fixed bug GH-16464 (Use-after-free in SplDoublyLinkedList::offsetSet()).
Fixed bug GH-16479 (Use-after-free in SplObjectStorage::setInfo()).
Fixed bug GH-16478 (Use-after-free in SplFixedArray::unset()).
Fixed bug GH-16588 (UAF in Observer->serialize).
Fix GH-16477 (Segmentation fault when calling __debugInfo() after failed SplFileObject::__constructor).
Fixed bug GH-16589 (UAF in SplDoublyLinked->serialize()).
Fixed bug GH-14687 (segfault on SplObjectIterator instance).
Fixed bug GH-16604 (Memory leaks in SPL constructors).
Fixed bug GH-16646 (UAF in ArrayObject::unset() and ArrayObject::exchangeArray()).
Standard:
Fixed bug GH-16293 (Failed assertion when throwing in assert() callback with bail enabled).
Streams:
Fixed bug GHSA-c5f2-jwm7-mmq2 (Configuring a proxy in a stream context might allow for CRLF injection in URIs). (CVE-2024-11234)
Fixed bug GHSA-r977-prxv-hc43 (Single byte overread with convert.quoted-printable-decode filter). (CVE-2024-11233)
SysVMsg:
Fixed bug GH-16592 (msg_send() crashes when a type does not properly serialized).
SysVShm:
Fixed bug GH-16591 (Assertion error in shm_put_var).
XMLReader:
Fixed bug GH-16292 (Segmentation fault in ext/xmlreader/php_xmlreader.c).
Zlib:
Fixed bug GH-16326 (Memory management is broken for bad dictionaries.) (cmb)
* Thu Oct 24 2024 [email protected]
- version update to 8.3.13
Calendar:
Fixed GH-16240: jdtounix overflow on argument value.
Fixed GH-16241: easter_days/easter_date overflow on year argument.
Fixed GH-16263: jddayofweek overflow.
Fixed GH-16234: jewishtojd overflow.
CLI:
Fixed bug GH-16137: duplicate http headers when set several times by the client.
Core:
Fixed bug GH-16054 (Segmentation fault when resizing hash table iterator list while adding).
Fixed bug GH-15905 (Assertion failure for TRACK_VARS_SERVER).
Fixed bug GH-15907 (Failed assertion when promoting Serialize deprecation to exception).
Fixed bug GH-15851 (Segfault when printing backtrace during cleanup of nested generator frame).
Fixed bug GH-15866 (Core dumped in Zend/zend_generators.c).
Fixed bug GH-16188 (Assertion failure in Zend/zend_exceptions.c).
Fixed bug GH-16233 (Observer segfault when calling user function in internal function via trampoline).
DOM:
Fixed bug GH-16039 (Segmentation fault (access null pointer) in ext/dom/parentnode/tree.c).
Fixed bug GH-16149 (Null pointer dereference in DOMElement->getAttributeNames()).
Fixed bug GH-16151 (Assertion failure in ext/dom/parentnode/tree.c).
Fixed bug GH-16150 (Use after free in php_dom.c).
Fixed bug GH-16152 (Memory leak in DOMProcessingInstruction/DOMDocument).
JSON:
Fixed bug GH-15168 (stack overflow in json_encode()).
GD:
Fixed bug GH-16232 (bitshift overflow on wbmp file content reading / fix backport from upstream).
Fixed bug GH-12264 (overflow/underflow on imagerotate degrees value) (David Carlier)
Fixed bug GH-16274 (imagescale underflow on RBG channels / fix backport from upstream).
LDAP:
Fixed bug GH-16032 (Various NULL pointer dereferencements in ldap_modify_batch()).
Fixed bug GH-16101 (Segfault in ldap_list(), ldap_read(), and ldap_search() when LDAPs array is not a list).
Fix GH-16132 (php_ldap_do_modify() attempts to free pointer not allocated by ZMM.).
Fix GH-16136 (Memory leak in php_ldap_do_modify() when entry is not a proper dictionary).
MBString:
Fixed bug GH-16261 (Reference invariant broken in mb_convert_variables()).
OpenSSL:
Fixed stub for openssl_csr_new.
PCRE:
Fixed bug GH-16189 (underflow on offset argument).
Fixed bug GH-16184 (UBSan address overflowed in ext/pcre/php_pcre.c).
PHPDBG:
Fixed bug GH-15901 (phpdbg: Assertion failure on i funcs).
Fixed bug GH-16181 (phpdbg: exit in exception handler reports fatal error).
Reflection:
Fixed bug GH-16187 (Assertion failure in ext/reflection/php_reflection.c).
SAPI:
Fixed bug GH-15395 (php-fpm: zend_mm_heap corrupted with cgi-fcgi request).
SimpleXML:
Fixed bug GH-15837 (Segmentation fault in ext/simplexml/simplexml.c).
Sockets:
Fixed bug GH-16267 (socket_strerror overflow on errno argument).
SOAP:
Fixed bug #73182 (PHP SOAPClient does not support stream context HTTP headers in array form).
Fixed bug #62900 (Wrong namespace on xsd import error message).
Fixed bug GH-15711 (SoapClient can't convert BackedEnum to scalar value).
Fixed bug GH-16237 (Segmentation fault when cloning SoapServer).
Fix Soap leaking http_msg on error.
Fixed bug GH-16256 (Assertion failure in ext/soap/php_encoding.c:460).
Fixed bug GH-16259 (Soap segfault when classmap instantiation fails).
SPL:
Fixed bug GH-15918 (Assertion failure in ext/spl/spl_fixedarray.c).
Standard:
Fixed bug GH-16053 (Assertion failure in Zend/zend_hash.c).
Fixed bug GH-15169 (stack overflow when var serialization in ext/standard/var).
Streams:
Fixed bugs GH-15908 and GH-15026 (leak / assertion failure in streams.c).
Fixed bug GH-15980 (Signed integer overflow in main/streams/streams.c).
TSRM:
Prevent closing of unrelated handles.
* Sat Sep 28 2024 Thorsten Kukuk <[email protected]>
- Add /srv/www directories to filelist [bsc#1231027]
* Thu Sep 26 2024 Arjen de Korte <[email protected]>
- version update to 8.3.12 [bsc#1231358], [bsc#1231382], [bsc#1231360]
CGI:
Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection Vulnerability). (CVE-2024-8926)
Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassable due to the environment variable collision). (CVE-2024-8927)
Core:
Fixed bug GH-15408 (MSan false-positve on zend_max_execution_timer).
Fixed bug GH-15515 (Configure error grep illegal option q).
Fixed bug GH-15514 (Configure error: genif.sh: syntax error).
Fixed bug GH-15565 (--disable-ipv6 during compilation produces error EAI_SYSTEM not found).
Fixed bug GH-15587 (CRC32 API build error on arm 32-bit).
Fixed bug GH-15330 (Do not scan generator frames more than once).
Fixed uninitialized lineno in constant AST of internal enums.
Curl:
Fixed bug GH-15547 (curl_multi_select overflow on timeout argument).
DOM:
Fixed bug GH-15551 (Segmentation fault (access null pointer) in ext/dom/xml_common.h).
Fixed bug GH-15654 (Signed integer overflow in ext/dom/nodelist.c).
Fileinfo:
Fixed bug GH-15752 (Incorrect error message for finfo_file with an empty filename argument).
FPM:
Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered). (CVE-2024-9026)
MySQLnd:
Fixed bug GH-15432 (Heap corruption when querying a vector).
Opcache:
Fixed bug GH-15661 (Access null pointer in Zend/Optimizer/zend_inference.c).
Fixed bug GH-15658 (Segmentation fault in Zend/zend_vm_execute.h).
SAPI:
Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data). (CVE-2024-8925)
Standard:
Fixed bug GH-15552 (Signed integer overflow in ext/standard/scanf.c).
Streams:
Fixed bug GH-15628 (php_stream_memory_get_buffer() not zero-terminated).
* Fri Aug 30 2024 [email protected]
- version update to 8.3.11
Core:
Fixed bug GH-15020 (Memory leak in Zend/Optimizer/escape_analysis.c).
Fixed bug GH-15023 (Memory leak in Zend/zend_ini.c).
Fixed bug GH-13330 (Append -Wno-implicit-fallthrough flag conditionally).
Fix uninitialized memory in network.c.
Fixed bug GH-15108 (Segfault when destroying generator during shutdown).
Fixed bug GH-15275 (Crash during GC of suspended generator delegate).
Curl:
Fixed case when curl_error returns an empty string.
DOM:
Fix UAF when removing doctype and using foreach iteration.
FFI:
Fixed bug GH-14286 (ffi enum type (when enum has no name) make memory leak).
Hash:
Fix crash when converting array data for array in shm in xxh3.
Intl:
Fixed bug GH-15087 (IntlChar::foldCase()'s $option is not optional).
Opcache:
Fixed bug GH-13817 (Segmentation fault for enabled observers after pass 4).
Fixed bug GH-13775 (Memory leak possibly related to opcache SHM placement).
Output:
Fixed bug GH-15179 (Segmentation fault (null pointer dereference) in ext/standard/url_scanner_ex.re).
PDO_Firebird:
Fix bogus fallthrough path in firebird_handle_get_attribute().
PHPDBG:
Fixed bug GH-13199 (EOF emits redundant prompt in phpdbg local console mode with libedit/readline).
Fixed bug GH-15268 (heap buffer overflow in phpdbg (zend_hash_num_elements() Zend/zend_hash.h)).
Fixed bug GH-15210 use-after-free on watchpoint allocations.
Soap:
Fixed bug #55639 (Digest autentication dont work).
Fix SoapFault property destruction.
Fixed bug GH-15252 (SOAP XML broken since PHP 8.3.9 when using classmap constructor option).
Standard:
Fix passing non-finite timeout values in stream functions.
Fixed GH-14780 p(f)sockopen timeout overflow.
Streams:
Fixed bug GH-15028 (Memory leak in ext/phar/stream.c).
Fixed bug GH-15034 (Integer overflow on stream_notification_callback byte_max parameter with files bigger than 2GB).
Reverted fix for GH-14930 (Custom stream wrapper dir_readdir output truncated to 255 characters).
Tidy:
Fix memory leaks in ext/tidy basedir restriction code.
* Fri Aug 16 2024 Arjen de Korte <[email protected]>
- version update to 8.3.10
Core:
Fixed bug GH-13922 (Fixed support for systems with sysconf(_SC_GETPW_R_SIZE_MAX) == -1).
Fixed bug GH-14626 (Fix is_zend_ptr() for huge blocks).
Fixed bug GH-14590 (Memory leak in FPM test gh13563-conf-bool-env.phpt.
Fixed OSS-Fuzz #69765.
Fixed bug GH-14741 (Segmentation fault in Zend/zend_types.h).
Fixed bug GH-14969 (Use-after-free in property coercion with __toString()).
Dom:
Fixed bug GH-14702 (DOMDocument::xinclude() crash).
Fileinfo:
Fixed bug GH-14888 (README.REDIST.BINS refers to non-existing LICENSE).
Gd:
ext/gd/tests/gh10614.phpt: skip if no PNG support.
restored warning instead of fata error.
LibXML:
Fixed bug GH-14563 (Build failure with libxml2 v2.13.0).
Opcache:
Fixed bug GH-14550 (No warning message when Zend DTrace is enabled that opcache.jit is implictly disabled).
Output:
Fixed bug GH-14808 (Unexpected null pointer in Zend/zend_string.h with empty output buffer).
PDO:
Fixed bug GH-14712 (Crash with PDORow access to null property).
Phar:
Fixed bug GH-14603 (null string from zip entry).
PHPDBG:
Fixed bug GH-14596 (crashes with ASAN and ZEND_RC_DEBUG=1).
Fixed bug GH-14553 (echo output trimmed at NULL byte).
Shmop:
Fixed bug GH-14537 (shmop Windows 11 crashes the process).
SPL:
Fixed bug GH-14639 (Member access within null pointer in ext/spl/spl_observer.c).
Standard:
Fixed bug GH-14775 (range function overflow with negative step argument).
Fix 32-bit wordwrap test failures.
Fixed bug GH-14774 (time_sleep_until overflow).
Streams:
Fixed bug GH-14930 (Custom stream wrapper dir_readdir output truncated to 255 characters in PHP 8.3).
Tidy:
Fix memory leak in tidy_repair_file().
Treewide:
Fix compatibility with libxml2 2.13.2.
XML:
Move away from to-be-deprecated libxml fields.
Fixed bug GH-14834 (Error installing PHP when --with-pear is used).
* Sun Jul 07 2024 [email protected]
- version update to 8.3.9
Core:
Fixed bug GH-14315 (Incompatible pointer type warnings).
Fixed bug GH-12814 (max_execution_time reached too early on MacOS 14 when running on Apple Silicon).
Fixed bug GH-14387 (Crash when stack walking in destructor of yielded from values during Generator->throw()).
Fixed bug GH-14456 (Attempting to initialize class with private constructor calls destructor).
Fixed bug GH-14510 (memleak due to missing pthread_attr_destroy()-call).
Fixed bug GH-14549 (Incompatible function pointer type for fclose).
BCMatch:
Fixed bug (bcpowmod() with mod = -1 returns 1 when it must be 0).
Curl:
Fixed bug GH-14307 (Test curl_basic_024 fails with curl 8.8.0).
DOM:
Fixed bug GH-14343 (Memory leak in xml and dom).
FPM:
Fixed bug GH-14037 (PHP-FPM ping.path and ping.response config vars are ignored in status pool).
GD:
Fix parameter numbers for imagecolorset().
Intl:
Fix reference handling in SpoofChecker.
MySQLnd:
Partially fix bug GH-10599 (Apache crash on Windows when using a self-referencing anonymous function inside a class with an active mysqli connection).
Opcache:
Fixed bug GH-14267 (opcache.jit=off does not allow enabling JIT at runtime).
Fixed TLS access in JIT on FreeBSD/amd64.
Fixed bug GH-11188 (Error when building TSRM in ARM64).
PDO ODBC:
Fixed bug GH-14367 (incompatible SDWORD type with iODBC).
PHPDBG:
Fixed bug GH-13681 (segfault on watchpoint addition failure).
Soap:
Fixed bug #47925 (PHPClient can't decompress response).
Fix missing error restore code.
Fix memory leak if calling SoapServer::setObject() twice.
Fix memory leak if calling SoapServer::setClass() twice.
Fix reading zlib ini settings in ext-soap.
Fix memory leaks with string function name lookups.
Fixed bug #69280 (SoapClient classmap doesn't support fully qualified class name).
Fixed bug #76232 (SoapClient Cookie Header Semicolon).
Fixed memory leaks when calling SoapFault::__construct() twice.
Sodium:
Fix memory leaks in ext/sodium on failure of some functions.
SPL:
Fixed bug GH-14290 (Member access within null pointer in extension spl).
Standard:
Fixed bug GH-14483 (Fixed off-by-one error in checking length of abstract namespace Unix sockets).
Streams:
Fixed bug GH-11078 (PHP Fatal error triggers pointer being freed was not allocated and malloc: double free for ptr errors).
* Thu Jun 20 2024 [email protected]
- drop unmaintained apache-rex usage
* Fri Jun 07 2024 [email protected]
- version update to 8.3.8 [bsc#1226073]
CGI:
Fixed buffer limit on Windows, replacing read call usage by _read.
Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection in PHP-CGI). (CVE-2024-4577)
CLI:
Fixed bug GH-14189 (PHP Interactive shell input state incorrectly handles quoted heredoc literals.).
Core:
Fixed bug GH-13970 (Incorrect validation of #[Attribute] flags type for non-compile-time expressions).
DOM:
Fix crashes when entity declaration is removed while still having entity references.
Fix references not handled correctly in C14N.
Fix crash when calling childNodes next() when iterator is exhausted.
Fix crash in ParentNode::append() when dealing with a fragment containing text nodes.
Filter:
Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL). (CVE-2024-5458)
FPM:
Fix bug GH-14175 (Show decimal number instead of scientific notation in systemd status).
Hash:
ext/hash: Swap the checking order of `__has_builtin` and `__GNUC__` (Saki Takamachi)
Intl:
Fixed build regression on systems without C++17 compilers.
MySQLnd:
Fix bug GH-14255 (mysqli_fetch_assoc reports error from nested query).
Opcache:
Fixed bug GH-14109 (Fix accidental persisting of internal class constant in shm).
OpenSSL:
The openssl_private_decrypt function in PHP and Marvin attack.
Standard:
Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874). (CVE-2024-5585)
XML:
Fixed bug GH-14124 (Segmentation fault with XML extension under certain memory limit).
XMLReader:
Fixed bug GH-14183 (XMLReader::open() can't be overridden).
- modified patches
% php-build-reproducible-phar.patch (refreshed)
* Thu May 09 2024 [email protected]
- version update to 8.3.7
Core:
Fixed zend_call_stack build with Linux/uclibc-ng without thread support.
Fixed bug GH-13772 (Invalid execute_data->opline pointers in observer fcall handlers when JIT is enabled).
Fixed bug GH-13931 (Applying zero offset to null pointer in Zend/zend_opcode.c).
Fixed bug GH-13942 (Align the behavior of zend-max-execution-timers with other timeout implementations).
Fixed bug GH-14003 (Broken cleanup of unfinished calls with callable convert parameters).
Fixed bug GH-14013 (Erroneous dnl appended in configure).
Fixed bug GH-10232 (If autoloading occurs during constant resolution filename and lineno are identified incorrectly).
Fixed bug GH-13727 (Missing void keyword).
Fibers:
Fixed bug GH-13903 (ASAN false positive underflow when executing copy()).
Fileinfo:
Fixed bug GH-13795 (Test failing in ext/fileinfo/tests/bug78987.phpt on big-endian PPC).
FPM:
Fixed bug GH-13563 (Setting bool values via env in FPM config fails).
Intl:
Fixed build for icu 74 and onwards.
MySQLnd:
Fix shift out of bounds on 32-bit non-fast-path platforms.
Opcache:
Fixed bug GH-13433 (Segmentation Fault in zend_class_init_statics when using opcache.preload).
Fixed incorrect assumptions across compilation units for static calls.
OpenSSL:
Fixed bug GH-10495 (feof on OpenSSL stream hangs indefinitely).
PDO SQLite:
Fix GH-13984 (Buffer size is now checked before memcmp).
Fix GH-13998 (Manage refcount of agg_context->val correctly).
Phar:
Fixed bug GH-13836 (Renaming a file in a Phar to an already existing filename causes a NULL pointer dereference).
Fixed bug GH-13833 (Applying zero offset to null pointer in zend_hash.c).
Fix potential NULL pointer dereference before calling EVP_SignInit.
PHPDBG:
Fixed bug GH-13827 (Null pointer access of type 'zval' in phpdbg_frame).
Posix:
Fix usage of reentrant functions in ext/posix.
Session:
Fixed bug GH-13856 (Member access within null pointer of type 'ps_files' in ext/session/mod_files.c).
Fixed bug GH-13891 (memleak and segfault when using ini_set with session.trans_sid_hosts).
Fixed buffer _read/_write size limit on windows for the file mode.
Streams:
Fixed file_get_contents() on Windows fails with "errno=22 Invalid argument".
Fixed bug GH-13264 (Part 1 - Memory leak on stream filter failure).
Fixed bug GH-13860 (Incorrect PHP_STREAM_OPTION_CHECK_LIVENESS case in ext/openssl/xp_ssl.c - causing use of dead socket).
Fixed bug GH-11678 (Build fails on musl 1.2.4 - lfs64).
Treewide:
Fix gcc-14 Wcalloc-transposed-args warnings.
* Fri Apr 12 2024 [email protected]
- version update to 8.3.6 [bsc#1222857] [bsc#1222858]
Core:
Fixed GH-13569 (GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when scanning WeakMaps).
Fixed bug GH-13612 (Corrupted memory in destructor with weak references).
Fixed bug GH-13446 (Restore exception handler after it finishes).
Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure).
Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor).
DOM:
Add some missing ZPP checks.
Fix potential memory leak in XPath evaluation results.
FPM:
Fixed GH-11086 (FPM: config test runs twice in daemonised mode).
Fix incorrect check in fpm_shm_free().
GD:
Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests).
Gettext:
Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL.
MySQLnd:
Fix GH-13452 (Fixed handshake response [mysqlnd]).
Fix incorrect charset length in check_mb_eucjpms().
Opcache:
Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null).
Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded).
Random:
Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes).
Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used).
Session:
Fixed bug GH-13680 (Segfault with session_decode and compilation error).
SPL:
Fixed bug GH-13685 (Unexpected null pointer in zend_string.h).
Standard:
Fixed bug GH-11808 (Live filesystem modified by tests).
Fixed GH-13402 (Added validation of `\n` in $additional_headers of mail()).
Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows).
Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874)
Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756)
Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096)
Fixed bug GHSA-fjp9-9hwx-59fq (mb_encode_mimeheader runs endlessly for some inputs). (CVE-2024-2757)
Fix bug GH-13932 (Attempt to fix mbstring on windows build) (msvc).
* Tue Mar 19 2024 [email protected]
- version update to 8.3.4
* This is a bug fix release.
* Wed Mar 06 2024 Pedro Monreal <[email protected]>
- Use the system default cipher list instead of hardcoded values
by using crypto-policies. [bsc#1211301]
* Use the --with-system-ciphers configure option.
* Fri Feb 16 2024 [email protected]
- version update to 8.3.3
* A bugfix release.
- modified patches
% php-build-reproducible-phar.patch (refreshed)
* Thu Jan 18 2024 [email protected]
- version update to 8.3.2
* This is a bug fix release.
- modified patches
% php-ar-flags.patch (refreshed)
% php-build-reproducible-phar.patch (refreshed)
* Wed Dec 27 2023 Manu Maier <[email protected]>
- version update to 8.3.1
* This is a bug fix release.
https://www.php.net/ChangeLog-8.php#8.3.1
* Fri Nov 24 2023 [email protected]
- version update to 8.3.0
* https://www.php.net/releases/8.3/en.php
* Typed class constants
* Dynamic class constant fetch
* New #[\Override] attribute
* Deep-cloning of readonly properties
* New json_validate() function
* New Randomizer::getBytesFromString() method
* New Randomizer::getFloat() and Randomizer::nextFloat() methods
* New DOMElement::getAttributeNames(),
DOMElement::insertAdjacentElement(),
DOMElement::insertAdjacentText(),
DOMElement::toggleAttribute(),
DOMNode::contains(), DOMNode::getRootNode(),
DOMNode::isEqualNode(), DOMNameSpaceNode::contains(), and
DOMParentNode::replaceChildren() methods.
* New IntlCalendar::setDate(),
IntlCalendar::setDateTime(),
IntlGregorianCalendar::createFromDate(), and
IntlGregorianCalendar::createFromDateTime() methods.
* New ldap_connect_wallet(), and ldap_exop_sync() functions.
* New mb_str_pad() function.
* New posix_sysconf(), posix_pathconf(), posix_fpathconf(),
and posix_eaccess() functions.
* New ReflectionMethod::createFromMethodName() method.
* New socket_atmark() function.
* New str_increment(), str_decrement(),
and stream_context_set_options() functions.
* New ZipArchive::getArchiveFlag() method.
* Support for generation EC keys with custom EC parameters in
OpenSSL extension.
* New INI setting zend.max_allowed_stack_size to set the maximum
allowed stack size.
* php.ini now supports fallback/default value syntax.
* Anonymous classes can now be readonly.
* https://www.php.net/ChangeLog-8.php#PHP_8_3
- modified patches
% php-ar-flags.patch (refreshed)
% php-build-reproducible-phar.patch (refreshed)
% php-ini.patch (refreshed)
- modified sources
% php8.keyring
- deleted patches
- php-systzdata-v23.patch
- added patches
+ php-systzdata-v24.patch
* Fri Nov 24 2023 [email protected]
- version update to 8.2.13
* This is a bug fix release.
https://www.php.net/ChangeLog-8.php#8.2.13
* Thu Oct 26 2023 [email protected]
- version update to 8.2.12
* This is a bug fix release.
https://www.php.net/ChangeLog-8.php#8.2.12
* Fri Sep 29 2023 [email protected]
- version update to 8.2.11
* This is a bug fix release.
* https://www.php.net/ChangeLog-8.php#8.2.11
* Tue Sep 26 2023 [email protected]
- add missing references to rpm changelog
- 15sp4 only:
[bsc#1200772], [jsc#SLE-24723] add pecl, pear
[jsc#SLE-23639] version update
* Fri Sep 01 2023 Bernhard Wiedemann <[email protected]>
- Use %make_build macro
* Fri Sep 01 2023 [email protected]
- version update to 8.2.10
* This is a bug fix release.
* https://www.php.net/ChangeLog-8.php#8.2.10
* Tue Aug 22 2023 [email protected]
- version update to 8.2.9
* This is a security release.
* Fixes CVE-2023-3824 [bsc#1214103] and CVE-2023-3823 [bsc#1214106]
* https://www.php.net/ChangeLog-8.php#8.2.9
- deleted patches
- php-unicode-allow-redistribution.patch (upstreamed)
- deleted sources
- repack.sh (not needed)
* Mon Jul 17 2023 [email protected]
- version update to 8.2.8
* This is a bug fix release.
* https://www.php.net/ChangeLog-8.php#8.2.8
- modified patches
% php-sort-filelist-phar.patch (refreshed)
* Thu Jun 22 2023 [email protected]
- version update to 8.2.7
* Readonly classes
* Disjunctive Normal Form (DNF) Types
* Allow null, false, and true as stand-alone types
* New "Random" extension
* Constants in traits
* Deprecate dynamic properties
* for details, see
https://www.php.net/releases/8.2/en.php
https://www.php.net/manual/en/migration82.php
- modified patches
% php-ar-flags.patch (refreshed)
% php-build-reproducible-phar.patch (refreshed)
% php-date-regenerate-lexers.patch (refreshed)
% php-ini.patch (refreshed)
% php-systzdata-v23.patch (refreshed)
- CVE-2023-3247 [bsc#1212349]
* Tue May 30 2023 [email protected]
- version update to 8.1.20
* This is a security release.
* https://www.php.net/ChangeLog-8.php#8.1.20
- force to repack tarball after update
https://github.com/php/php-src/issues/11300
- session.save_path set to /var/lib/php8/sessions in mod_php8.conf
and www.conf php-fpm pool example
- modified sources
% mod_php8.conf
- added sources
+ repack.sh
+ php-unicode-allow-redistribution.patch
* Thu May 25 2023 [email protected]
- repack the tarball temporarily [bsc#1211648]
* Tue May 23 2023 [email protected]
- also MIT license (systzdata patch, ext/date/lib/parse_posix.c)
[https://build.suse.de/request/show/298230]
* Fri May 12 2023 [email protected]
- version update to 8.1.19
* This is a bug fix release.
* https://www.php.net/ChangeLog-8.php#8.1.19
- modified patches
% php-ar-flags.patch (refreshed)
% php-build-reproducible-phar.patch (refreshed)
% php-ini.patch (refreshed)
% php-systzdata-v23.patch (refreshed)
* Wed May 10 2023 [email protected]
- downgrade back to 8.1.18
https://lists.opensuse.org/archives/list/[email protected]/thread/4ADCEV2FII7J5FZEWREFETTEVX7CDUSR/
* Thu May 04 2023 [email protected]
- version update to 8.2.5
* Readonly classes
* Disjunctive Normal Form (DNF) Types
* Allow null, false, and true as stand-alone types
* New "Random" extension
* Constants in traits
* Deprecate dynamic properties
* for details, see
https://www.php.net/releases/8.2/en.php
https://www.php.net/manual/en/migration82.php
- modified patches
% php-ar-flags.patch (refreshed)
% php-build-reproducible-phar.patch (refreshed)
% php-ini.patch (refreshed)
- deleted patches
- php-crypt-tests.patch (not needed)
- modified sources
% php8.keyring
* Thu Apr 20 2023 Arjen de Korte <[email protected]>
- The %_restart_on_update macro was removed from systemd-rpm-macros.
Remove %posttrans for FPM as it wasn't working as intended anyway.
[boo#1210576]
* Fri Apr 14 2023 [email protected]
- version update to 8.1.18
* This is a bug fix release.
https://www.php.net/ChangeLog-8.php#8.1.18
- modified patches
% php-ar-flags.patch (refreshed)
% php-build-reproducible-phar.patch (refreshed)
% php-ini.patch (refreshed)
* Thu Mar 16 2023 [email protected]
- version update to 8.1.17
* This is a bug fix release.
https://www.php.net/ChangeLog-8.php#8.1.17
* Tue Mar 14 2023 [email protected]
- update to newest systzdata patch [bsc#1208199]
- deleted patches
- php-systzdata-v21.patch (upstreamed)
- added patches
fix use of the system timezone database
+ php-systzdata-v23.patch
* Sun Mar 05 2023 Aeneas Jaißle <[email protected]>
- add "/usr/share/php" to include_path
* Fri Mar 03 2023 [email protected]
- allow to specify load order of extensions in %{php_sysconf}/conf.d
[bsc#1205162]
* Sat Feb 25 2023 Arjen de Korte <[email protected]>
- change to %bcond conditional build dependencies
* Thu Feb 16 2023 [email protected]
- version update to 8.1.16
* This is a security release that addresses CVE-2023-0567,
CVE-2023-0568, and CVE-2023-0662.
([bsc#1208366], [bsc#1208367], [bsc#1208388])
* https://www.php.net/ChangeLog-8.php#8.1.16
* Fri Feb 03 2023 [email protected]
- version update to 8.1.15
* This is a bug fix release.
* https://www.php.net/ChangeLog-8.php#8.1.15
* Fri Jan 06 2023 [email protected]
- version update to 8.1.14
* This is a security release.
* fixed: CVE-2022-31631 [bsc#1206958]
* https://www.php.net/ChangeLog-8.php#8.1.14
* Wed Nov 30 2022 [email protected]
- amend %preun to fix [bsc#1205782]
* Fri Nov 25 2022 [email protected]
- version update to 8.1.13
* This is a bug fix release.
* https://www.php.net/ChangeLog-8.php#8.1.13
* Mon Oct 31 2022 [email protected]
- version update to 8.1.12
* This is a security release.
* fixed: CVE-2022-31630 [bsc#1204979], CVE-2022-37454 [bsc#1204577]
* https://www.php.net/ChangeLog-8.php#8.1.12
* Thu Sep 29 2022 [email protected]
- version update to 8.1.11
* This is a security release.
* CVEs fixed: CVE-2022-31628 [bsc#1203867], CVE-2022-31629 [bsc#1203870]
https://www.php.net/ChangeLog-8.php#8.1.11
* Fri Sep 02 2022 [email protected]
- version update to 8.1.10
* This is a bug fix release.
https://www.php.net/ChangeLog-8.php#8.1.10
* Fri Aug 19 2022 [email protected]
- version update to 8.1.9
* This is a bug fix release.
https://www.php.net/ChangeLog-8.php#8.1.9
* Mon Jul 18 2022 [email protected]
- version update to 8.1.8
* This is a security release.
https://www.php.net/ChangeLog-8.php#8.1.8
- fixes CVE-2022-31627 [bsc#1201499]
* Fri Jun 10 2022 [email protected]
- version update to 8.1.7
* This is a security release.
https://www.php.net/ChangeLog-8.php#8.1.7
* CVE-2022-31625 [bsc#1200645]
* CVE-2022-31626 [bsc#1200628]
* Wed May 25 2022 [email protected]
- version update to 8.1.6:
* This is a bug fix release.
https://www.php.net/ChangeLog-8.php#8.1.6
* Wed Apr 20 2022 [email protected]
- version update to 8.1.5:
* This is a bug fix release.
https://www.php.net/ChangeLog-8.php#8.1.5
* [bsc#1197644]
* Mon Apr 11 2022 [email protected]
- fpm %postrans: check whether sytemctl is available
* Fri Apr 08 2022 Arjen de Korte <[email protected]>
- Disable build with '-z now' as it breaks the php-mysql extension
[boo#1197994]
* Thu Mar 31 2022 Arjen de Korte <[email protected]>
- build PHP-FPM with libacl support (boo#1196870)
* Thu Mar 17 2022 Arjen de Korte <[email protected]>
- updated to 8.1.4: This is a bug fix release. See
https://www.php.net/ChangeLog-8.php#8.1.4
* Fri Feb 25 2022 Dominique Leuenberger <[email protected]>
- Fix boolean dep supplements: add parantheses. Without
parantheses, this results in three separate supplements, against
'php-fpm', 'and', and 'apache2' (boo#1196492).
* Fri Feb 18 2022 Arjen de Korte <[email protected]>
- updated to 8.1.3: This is a security release (CVE-2021-21708 [bsc#1196252])
which also contains several bug fixes.
See https://www.php.net/ChangeLog-8.php#8.1.3
* Fri Feb 11 2022 Arjen de Korte <[email protected]>
- provide an Apache configuration for PHP-FPM
+ php8-fpm.conf
* Fri Jan 28 2022 Arjen de Korte <[email protected]>
- update keyring to include PHP 8.1 release managers signing keys
% php8.keyring
* Thu Jan 20 2022 Arjen de Korte <[email protected]>
- updated to 8.1.2: This is a bug fix release. See
https://www.php.net/ChangeLog-8.php#8.1.2
- updated to 8.1.1: This is a bug fix release. See
https://www.php.net/ChangeLog-8.php#8.1.1
- update to 8.1.0: This release marks the latest major release of
the PHP language. See https://www.php.net/ChangeLog-8.php#8.1.0
- cleanup php8.rpmlintrc
- build ffi extension (experimental)
- enable avif support for gd extension
- rebased patches
% php-ar-flags.patch
% php-crypt-tests.patch
% php-ini.patch
% php-build-reproducible-phar.patch
- deleted patches
- php-systzdata-v20.patch
- php8-gd-removed-unused-constants.patch
- added patch
+ php-systzdata-v21.patch
* Thu Jan 20 2022 Arjen de Korte <[email protected]>
- updated to 8.0.15: This is a bug fix release. See
https://www.php.net/ChangeLog-8.php#8.0.15
* Sun Jan 09 2022 Arjen de Korte <[email protected]>
- use /tmp to store session information (boo#1194414)
% php-ini.patch
* Fri Dec 17 2021 Arjen de Korte <[email protected]>
- updated to 8.0.14: This is a bug fix release. See
https://www.php.net/ChangeLog-8.php#8.0.14
* Wed Dec 01 2021 Arjen de Korte <[email protected]>
- provide configuration for PHP-FPM out of the box (boo#1192414)
- package missing php.ini for PHP-FPM (boo#1192672)
* Fri Nov 19 2021 Arjen de Korte <[email protected]>
- updated to 8.0.13: This is a security release (CVE-2021-21707 [bsc#1193041])
which also contains several bug fixes.
See https://www.php.net/ChangeLog-8.php#8.0.13
* Thu Oct 21 2021 Arjen de Korte <[email protected]>
- updated to 8.0.12: This is a security release (CVE-2021-21703 [bsc#1192050])
which also contains several bug fixes.
See https://www.php.net/ChangeLog-8.php#8.0.12
* Thu Sep 23 2021 Arjen de Korte <[email protected]>
- updated to 8.0.11: This is a security release fixing CVE-2021-21706.
See https://www.php.net/ChangeLog-8.php#8.0.11
* Thu Sep 23 2021 [email protected]
- added patches
fix https://github.com/php/php-src/commit/b3646440b1808abf0874b6f89027ce53ec5da03f
+ php8-gd-removed-unused-constants.patch
* Thu Aug 26 2021 Arjen de Korte <[email protected]>
- updated to 8.0.10: This is a security release which also contains
several bug fixes. See https://www.php.net/ChangeLog-8.php#8.0.10
- deleted patch
- php-systzdata-v19.patch
- added patch
+ php-systzdata-v20.patch
* Wed Aug 04 2021 Marcus Rueckert <[email protected]>
- fix apparmor support: seems it requires a configure flag now.
* Thu Jul 29 2021 Arjen de Korte <[email protected]>
- updated to 8.0.9: This is a bug fix release. See
https://www.php.net/ChangeLog-8.php#8.0.9
* Thu Jul 01 2021 Arjen de Korte <[email protected]>
- updated to 8.0.8: This is a security release which also contains
several bug fixes. See https://www.php.net/ChangeLog-8.php#8.0.8
* Fri Jun 04 2021 Arjen de Korte <[email protected]>
- updated to 8.0.7: This is a bug fix release. See
https://www.php.net/ChangeLog-8.php#8.0.7
* Thu Jun 03 2021 Arjen de Korte <[email protected]>
- updated to 8.0.6: This release reverts a bug related to PDO_pgsql
that was introduced in PHP 8.0.5.
* Thu Apr 29 2021 Arjen de Korte <[email protected]>
- updated to 8.0.5: This is a bug fix release. See
https://www.php.net/ChangeLog-8.php#8.0.5
* Tue Apr 13 2021 Arjen de Korte <[email protected]>
- Do not hard-depend on systemd: use systemd_ordering instead of
systemd_requires.
* Tue Mar 09 2021 [email protected]
- <IfModule mod_php.c> instead of <IfModule mod_php8.c> [bsc#1183180]
- modified sources
% mod_php8.conf
* Thu Mar 04 2021 Arjen de Korte <[email protected]>
- updated to 8.0.3: This is a bug fix release. See
https://www.php.net/ChangeLog-8.php#8.0.3
* Mon Feb 01 2021 Arjen de Korte <[email protected]>
- updated to 8.0.2: This is a bug fix release. See
https://www.php.net/ChangeLog-8.php#8.0.2
- suppress warning for all flavors not equal to "" in multibuild
and obsoletes for php7
% php8.rpmlintrc
* Fri Jan 29 2021 Arjen de Korte <[email protected]>
- add conflicts with earlier versions of php (boo#1181292)
* Thu Jan 28 2021 Arjen de Korte <[email protected]>
- update contents of configuration file (still referenced php7)
% mod_php8.conf
* Sat Jan 23 2021 Arjen de Korte <[email protected]>
- require this PHP version of subpackages in Recommends/Suggests
- run apache-rex tests in php8:test as packages need to be build
first (otherwise tests run with previous version)
* Mon Jan 18 2021 Arjen de Korte <[email protected]>
- add conflicts with earlier version of php-devel and php-phar
- add obsoletes for all subtargets that don't have conflicts yet
- add php_cfgdir and php_extdir macros
* Fri Jan 15 2021 Arjen de Korte <[email protected]>
- replace php8.keyring with signatures for PHP-8 release managers
* Fri Jan 15 2021 Arjen de Korte <[email protected]>
- deleted patch (redundant cast, both sides are already signed int)
- php-odbc-cmp-int-cast.patch
* Wed Jan 13 2021 Arjen de Korte <[email protected]>
- install php8-cli if no sapi is selected upon php8 installation
- add conflicts with earlier version of php-cli, php-fastcgi and
php-fpm
* Mon Jan 11 2021 Arjen de Korte <[email protected]>
- put CLI binary in -cli subpackage so that other moduldes can depend
on the php base package that remains (and provides files and maps
common for all)
- remove Obsoletes: php5-*
* Fri Jan 08 2021 Arjen de Korte <[email protected]>
- updated to 8.0.1: This is a bug fix release. See
https://www.php.net/ChangeLog-8.php#8.0.1
- use pkgconfig() to resolve BuildRequires where upstream uses it too
- since php-7.4.0 when using --with-external-gd the configure options
- -with-xpm, --with-freetype and --with-jpeg are not needed anymore
(and neither are the respective BuildRequires)
- build the MySQL Native Driver as a shared module (rather than
builtin) to prevent a hard requirement for OpenSSL in the CLI
- add Recommends: php-openssl as many modules can optionally use it
- use new %ldconfig macros in Tumbleweed
- change PEAR dir to /usr/share/php/PEAR
* Fri Jan 08 2021 [email protected]
- install mod_php8 directly
- note it provides php_module instead of php8_module per upstream
change
* Thu Jan 07 2021 [email protected]
- install embed's libphp8.so directly
- deleted patches
- php-embed.patch (not needed)
* Wed Jan 06 2021 [email protected]
- deleted patches
- php-openssl.patch (undocumented and not upstreamed patch for a
long time)
- php7-arm-build-fixes.patch (do not build for SLE12 anymore)
- php-pts.patch (undocumented and not upstreamed patch for a long
time)
- imporved patch documentation
* Tue Jan 05 2021 [email protected]
- use cli sapi php-config --libs
* Sun Jan 03 2021 Arjen de Korte <[email protected]>
- php-phar requires the php-zlib extension
- trim specfile lint
/etc/php8/conf.d/10-iconv.ini /usr/lib/php8/extensions/iconv.so
Generated by rpm2html 1.8.1
Fabrice Bellet, Mon Dec 2 23:44:45 2024