ZendPHP December 2023 Releases

December 2023

ZendPHP Fix

Fixed LDAP extension functionality for TLS on IBM i

Community fixes for 8.3.1

Core
- Fixed bug GH-12758 / GH-12768: Invalid opline in OOM handlers within ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC.
- Fix various missing NULL checks.
- Fixed bug GH-12835: Leak of call->extra_named_params on internal __call.
- Fixed bug GH-12826: Weird pointers issue in nested loops.
FPM
- Fixed bug GH-12705: Segmentation fault in fpm_status_export_to_zval.
FTP
- Fixed bug GH-9348: FTP & SSL session reuse.
LibXML
- Fixed test failures for libxml2 2.12.0.
MySQLnd
- Avoid using uninitialised struct.
- Fixed bug GH-12791: Possible dereference of NULL in MySQLnd debug code.
Opcache
- Fixed JIT bug: Function JIT emits "Uninitialized string offset" warning at the same time as invalid offset Error.
- Fixed JIT bug: JIT emits "Attempt to assign property of non-object" warning at the same time as Error is being thrown.
PDO PGSQL
- Fixed the default value of $fetchMode in PDO::pgsqlGetNotify()
SOAP
- Fixed bug GH-12838: [SOAP] Temporary WSDL cache files not being deleted.
Standard
- Fixed GH-12745: http_build_query() default null argument for $arg_separator is implicitly coerced to string.

Community fixes for 8.2.14

Core
- Fixed oss-fuzz #54325: Use-after-free of name in var-var with malicious error handler.
- Fixed oss-fuzz #64209: In-place modification of filename in php_message_handler_for_zend.
- Fixed bug GH-12758 / GH-12768: Invalid opline in OOM handlers within ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC.
- Fix various missing NULL checks.
- Fixed bug GH-12835: Leak of call->extra_named_params on internal __call.
Date
- Fixed improbably integer overflow while parsing really large (or small) Unix timestamps.
DOM
- Fixed bug GH-12616: DOM: Removing XMLNS namespace node results in invalid default: prefix.
FPM
- Fixed bug GH-12705: Segmentation fault in fpm_status_export_to_zval.
FTP
- Fixed bug GH-9348: FTP & SSL session reuse.
Intl
- Fixed bug GH-12635: Test bug69398.phpt fails with ICU 74.1.
LibXML
- Fixed bug GH-12702: libxml2 2.12.0 issue building from src.
- Fixed test failures for libxml2 2.12.0.
MySQLnd
- Avoid using uninitialised struct.
- Fixed bug GH-12791: Possible dereference of NULL in MySQLnd debug code.
Opcache
- Fixed JIT bug: Function JIT emits "Uninitialized string offset" warning at the same time as invalid offset Error.
- Fixed JIT bug: JIT emits "Attempt to assign property of non-object" warning at the same time as Error is being thrown.
OpenSSL
- Fixed bug #50713: openssl_pkcs7_verify() may ignore untrusted CAs.
PCRE
- Fixed bug GH-12628: The gh11374 test fails on Alpinelinux.
PDO PGSQL
- Fixed the default value of $fetchMode in PDO::pgsqlGetNotify()
PGSQL
- Fixed bug GH-12763: wrong argument type for pg_untrace.
PHPDBG
- Fixed bug GH-12675: MEMORY_LEAK in phpdbg_prompt.c.
SOAP
- Fixed bug GH-12838: [SOAP] Temporary WSDL cache files not being deleted.
SPL
- Fixed bug GH-12721: SplFileInfo::getFilename()segfault in combination with GlobIterator and no directory separator.
SQLite3
- Fixed bug GH-12633: sqlite3_defensive.phpt fails with sqlite 3.44.0.
Standard:
- Fix memory leak in syslog device handling.
- Fixed bug GH-12621: browscap segmentation fault when configured in the vhost.
- Fixed bug GH-12655: proc_open() does not take into account references in the descriptor array.
Streams
- Fixed bug #79945: Stream wrappers in imagecreatefrompng causes segfault.
Zip:
- Fixed bug GH-12661: Inconsistency in ZipArchive::addGlobremove_path Option Behavior.

Community fixes for 8.1.27

Core
- Fixed oss-fuzz #54325: Use-after-free of name in var-var with malicious error handler.
- Fixed oss-fuzz #64209: In-place modification of filename in php_message_handler_for_zend.
- Fixed bug GH-12758 / GH-12768: Invalid opline in OOM handlers within ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC.
DOM
- Fixed bug GH-12616: DOM: Removing XMLNS namespace node results in invalid default: prefix.
FPM
- Fixed bug GH-12705: Segmentation fault in fpm_status_export_to_zval.
Intl
- Fixed bug GH-12635: Test bug69398.phpt fails with ICU 74.1.
LibXML
- Fixed bug GH-12702: libxml2 2.12.0 issue building from src.
MySQLnd
- Avoid using uninitialised struct.
OpenSSL
- Fixed bug #50713: openssl_pkcs7_verify() may ignore untrusted CAs.
PCRE
- Fixed bug GH-12628: The gh11374 test fails on Alpinelinux.
PGSQL
- Fixed bug GH-12763: wrong argument type for pg_untrace.
PHPDBG
- Fixed bug GH-12675: MEMORY_LEAK in phpdbg_prompt.c.
SQLite3
- Fixed bug GH-12633: sqlite3_defensive.phpt fails with sqlite 3.44.0.
Standard
- Fix memory leak in syslog device handling.
- Fixed bug GH-12621: browscap segmentation fault when configured in the vhost.
- Fixed bug GH-12655: proc_open() does not take into account references in the descriptor array.
Streams
- Fixed bug #79945: Stream wrappers in imagecreatefrompng causes segfault.
Zip
- Fixed bug GH-12661: Inconsistency in ZipArchive::addGlobremove_path Option Behavior.