Changelog:
Core:
Fixed bug #78220 (Can't access OneDrive folder).
Fixed bug #77922 (Double release of doc comment on inherited shadow property).
Fixed bug #78441 (Parse error due to heredoc identifier followed by digit).
Fixed bug #77812 (Interactive mode does not support PHP 7.3-style heredoc).
FastCGI:
Fixed bug #78469 (FastCGI on_accept hook is not called when using named pipes on Windows).
FPM:
Fixed bug #78334 (fpm log prefix message includes wrong stdout/stderr notation).
Intl:
Ensure IDNA2003 rules are used with idn_to_ascii() and idn_to_utf8() when requested.
MBString:
Fixed bug #78559 (Heap buffer overflow in mb_eregi).
MySQLnd:
Fixed connect_attr issues and added the _server_host connection attribute.
ODBC:
Fixed bug #78473 (odbc_close() closes arbitrary resources).
PDO_MySQL:
Fixed bug #41997 (SP call yields additional empty result set).
sodium:
Fixed bug #78510 (Partially uninitialized buffer returned by sodium_crypto_generichash_init()).
Changelog taken from: https://www.php.net/ChangeLog-7.php#7.3.10
No MFH requested, because the new branch should be created in two days and i won't be able to commit
it before.
Changelog:
Core:
Fixed bug #77738 (Nullptr deref in zend_compile_expr).
Fixed bug #77660 (Segmentation fault on break 2147483648).
Fixed bug #77652 (Anonymous classes can lose their interface information).
Fixed bug #77345 (Stack Overflow caused by circular reference in garbage collection).
Fixed bug #76956 (Wrong value for 'syslog.filter' documented in php.ini).
Apache2Handler:
Fixed bug #77648 (BOM in sapi/apache2handler/php_functions.c).
Bcmath:
Fixed bug #77742 (bcpow() implementation related to gcc compiler optimization).
CLI Server:
Fixed bug #77722 (Incorrect IP set to $_SERVER['REMOTE_ADDR'] on the localhost).
COM:
Fixed bug #77578 (Crash when php unload).
EXIF:
Fixed bug #77753 (Heap-buffer-overflow in php_ifd_get32s).
Fixed bug #77831 (Heap-buffer-overflow in exif_iif_add_value).
FPM:
Fixed bug #77677 (FPM fails to build on AIX due to missing WCOREDUMP).
GD:
Fixed bug #77700 (Writing truecolor images as GIF ignores interlace flag).
MySQLi:
Fixed bug #77597 (mysqli_fetch_field hangs scripts).
Opcache:
Fixed bug #77743 (Incorrect pi node insertion for jmpznz with identical successors).
PCRE:
Fixed bug #76127 (preg_split does not raise an error on invalid UTF-8).
Phar:
Fixed bug #77697 (Crash on Big_Endian platform).
phpdbg:
Fixed bug #77767 (phpdbg break cmd aliases listed in help do not match actual aliases).
sodium:
Fixed bug #77646 (sign_detached() strings not terminated).
SQLite3:
Added sqlite3.defensive INI directive.
Standard:
Fixed bug #77664 (Segmentation fault when using undefined constant in custom wrapper).
Fixed bug #77669 (Crash in extract() when overwriting extracted array).
Fixed bug #76717 (var_export() does not create a parsable value for PHP_INT_MIN).
Fixed bug #77765 (FTP stream wrapper should set the directory as executable).
Changelog taken from: https://www.php.net/ChangeLog-7.php#7.3.4
MFH: 2019Q2
Changelog:
Core:
Fixed bug #77589 (Core dump using parse_ini_string with numeric sections).
Fixed bug #77329 (Buffer Overflow via overly long Error Messages).
Fixed bug #77494 (Disabling class causes segfault on member access).
Fixed bug #77498 (Custom extension Segmentation fault when declare static property).
Fixed bug #77530 (PHP crashes when parsing `(2)::class`).
Fixed bug #77546 (iptcembed broken function).
Fixed bug #77630 (rename() across the device may allow unwanted access during processing).
COM:
Fixed bug #77621 (Already defined constants are not properly reported).
Fixed bug #77626 (Persistence confusion in php_com_import_typelib()).
EXIF:
Fixed bug #77509 (Uninitialized read in exif_process_IFD_in_TIFF).
Fixed bug #77540 (Invalid Read on exif_process_SOFn).
Fixed bug #77563 (Uninitialized read in exif_process_IFD_in_MAKERNOTE).
Fixed bug #77659 (Uninitialized read in exif_process_IFD_in_MAKERNOTE).
Mbstring:
Fixed bug #77514 (mb_ereg_replace() with trailing backslash adds null byte).
MySQL:
Disabled LOCAL INFILE by default, can be enabled using php.ini directive mysqli.allow_local_infile for mysqli, or PDO::MYSQL_ATTR_LOCAL_INFILE attribute for pdo_mysql.
OpenSSL:
Fixed bug #77390 (feof might hang on TLS streams in case of fragmented TLS records).
PDO_OCI:
Support Oracle Database tracing attributes ACTION, MODULE, CLIENT_INFO, and CLIENT_IDENTIFIER.
PHAR:
Fixed bug #77396 (Null Pointer Dereference in phar_create_or_parse_filename).
Fixed bug #77586 (phar_tar_writeheaders_int() buffer overflow).
phpdbg:
Fixed bug #76596 (phpdbg support for display_errors=stderr).
SPL:
Fixed bug #51068 (DirectoryIterator glob:// don't support current path relative queries).
Fixed bug #77431 (openFile() silently truncates after a null byte).
Standard:
Fixed bug #77552 (Unintialized php_stream_statbuf in stat functions).
Fixed bug #77612 (setcookie() sets incorrect SameSite header if all of its options filled).
Changelog taken from: http://www.php.net/ChangeLog-7.php#7.3.3
MFH: 2019Q1
Changelog:
Core:
Fixed bug #77369 (memcpy with negative length via crafted DNS response).
Fixed bug #77387 (Recursion detection broken when printing GLOBALS).
Fixed bug #77376 ("undefined function" message no longer includes namespace).
Fixed bug #77357 (base64_encode / base64_decode doest not work on nested VM).
Fixed bug #77339 (__callStatic may get incorrect arguments).
Fixed bug #77317 (__DIR__, __FILE__, realpath() reveal physical path for subst virtual drive).
Fixed bug #77263 (Segfault when using 2 RecursiveFilterIterator).
Fixed bug #77447 (PHP 7.3 built with ASAN crashes in zend_cpu_supports_avx2).
Fixed bug #77484 (Zend engine crashes when calling realpath in invalid working dir).
Curl:
Fixed bug #76675 (Segfault with H2 server push).
Fileinfo:
Fixed bug #77346 (webm files incorrectly detected as application/octet-stream).
FPM:
Fixed bug #77430 (php-fpm crashes with Main process exited, code=dumped, status=11/SEGV).
GD:
Fixed bug #73281 (imagescale(…, IMG_BILINEAR_FIXED) can cause black border).
Fixed bug #73614 (gdImageFilledArc() doesn't properly draw pies).
Fixed bug #77272 (imagescale() may return image resource on failure).
Fixed bug #77391 (1bpp BMPs may fail to be loaded).
Fixed bug #77479 (imagewbmp() segfaults with very large images).
ldap:
Fixed bug #77440 (ldap_bind using ldaps or ldap_start_tls()=exception in libcrypto-1_1-x64.dll).
Mbstring:
Fixed bug #77428 (mb_ereg_replace() doesn't replace a substitution variable).
Fixed bug #77454 (mb_scrub() silently truncates after a null byte).
MySQLnd:
Fixed bug #77308 (Unbuffered queries memory leak).
Fixed bug #75684 (In mysqlnd_ext_plugin.h the plugin methods family has no external visibility).
Opcache:
Fixed bug #77266 (Assertion failed in dce_live_ranges).
Fixed bug #77257 (value of variable assigned in a switch() construct gets lost).
Fixed bug #77434 (php-fpm workers are segfaulting in zend_gc_addre).
Fixed bug #77361 (configure fails on 64-bit AIX when opcache enabled).
Fixed bug #77287 (Opcache literal compaction is incompatible with EXT opcodes).
PCRE:
Fixed bug #77338 (get_browser with empty string).
PDO:
Fixed bug #77273 (array_walk_recursive corrupts value types leading to PDO failure).
PDO MySQL:
Fixed bug #77289 (PDO MySQL segfaults with persistent connection).
SOAP:
Fixed bug #77410 (Segmentation Fault when executing method with an empty parameter).
Sockets:
Fixed bug #76839 (socket_recvfrom may return an invalid 'from' address on MacOS).
SPL:
Fixed bug #77298 (segfault occurs when add property to unserialized empty ArrayObject).
Standard:
Fixed bug #77395 (segfault about array_multisort).
Fixed bug #77439 (parse_str segfaults when inserting item into existing array).
Changelog taken from: http://www.php.net/ChangeLog-7.php#7.3.2
PR: 235576 235578
MFH: 2019Q1
Renaming the option to be inline with the already existing MYSQLND option
in the mysqli and pdo_mysqli ports.
Reported by: Jarrod Sayers <jarrod@downtools.com.au>
Currently PHP is always compiled with --enable-mysqlnd, to allow the use
of the native MySQL Native Driver. MySQL Native Driver is a replacement for the
MySQL Client Library.
While this is handy when working with MySQL there is no need for
it when MySQL is *not* used at all. This happens frequently when
working without databases or simply with other databases.
To avoid POLA the newly introduced option is a default option.
Disabling it will reduce the size of the package by ca. 175 KB,
which also helps in modern constraint VM run environments.
Submitted by: Reko Turja <reko.turja@liukuma.net>
Changelog:
Core:
Fixed bug #76654 (Build failure on Mac OS X on 32-bit Intel).
Fixed bug #71041 (zend_signal_startup() needs ZEND_API).
Fixed bug #76046 (PHP generates "FE_FREE" opcode on the wrong line).
Fixed bug #77291 (magic methods inherited from a trait may be ignored).
CURL:
Fixed bug #77264 (curl_getinfo returning microseconds, not seconds).
COM:
Fixed bug #77177 (Serializing or unserializing COM objects crashes).
Exif:
Fixed bug #77184 (Unsigned rational numbers are written out as signed rationals).
GD:
Fixed bug #77195 (Incorrect error handling of imagecreatefromjpeg()).
Fixed bug #77198 (auto cropping has insufficient precision).
Fixed bug #77200 (imagecropauto(…, GD_CROP_SIDES) crops left but not right).
Fixed bug #77269 (efree() on uninitialized Heap data in imagescale leads to use-after-free).
Fixed bug #77270 (imagecolormatch Out Of Bounds Write on Heap).
MBString:
Fixed bug #77367 (Negative size parameter in mb_split).
Fixed bug #77370 (Buffer overflow on mb regex functions - fetch_token).
Fixed bug #77371 (heap buffer overflow in mb regex functions - compile_string_node).
Fixed bug #77381 (heap buffer overflow in multibyte match_at).
Fixed bug #77382 (heap buffer overflow due to incorrect length in expand_case_fold_string).
Fixed bug #77385 (buffer overflow in fetch_token).
Fixed bug #77394 (Buffer overflow in multibyte case folding - unicode).
Fixed bug #77418 (Heap overflow in utf32be_mbc_to_code).
OCI8:
Fixed bug #76804 (oci_pconnect with OCI_CRED_EXT not working).
Added oci_set_call_timeout() for call timeouts.
Added oci_set_db_operation() for the DBOP end-to-end-tracing attribute.
Opcache:
Fixed bug #77215 (CFG assertion failure on multiple finalizing switch frees in one block).
Fixed bug #77275 (OPcache optimization problem for ArrayAccess->offsetGet).
PCRE:
Fixed bug #77193 (Infinite loop in preg_replace_callback).
PDO:
Handle invalid index passed to PDOStatement::fetchColumn() as error.
Phar:
Fixed bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext).
Soap:
Fixed bug #77088 (Segfault when using SoapClient with null options).
Sockets:
Fixed bug #77136 (Unsupported IPV6_RECVPKTINFO constants on macOS).
Sodium:
Fixed bug #77297 (SodiumException segfaults on PHP 7.3).
SPL:
Fixed bug #77359 (spl_autoload causes segfault).
Fixed bug #77360 (class_uses causes segfault).
SQLite3:
Fixed bug #77051 (Issue with re-binding on SQLite3).
Xmlrpc:
Fixed bug #77242 (heap out of bounds read in xmlrpc_decode()).
Fixed bug #77380 (Global out of bounds read in xmlrpc base64 code).
Changelog taken from: http://www.php.net/ChangeLog-7.php#7.3.1
Also removing the patch committed in r489721. The patch disables the use of
ifuncs and is part of the new relase 7.3.1.
MFH: 2019Q1
This port links some non-PIC code, which fails with lld as it defaults
to disallowing relocations against read-only segments. For i386 we can
just add -znotext unconditionally: for GNU BFD ld it just affirms BFD's
existing default.
PR: 214864, 230207
Sponsored by: The FreeBSD Foundation
Notable changes:
- Switch from PCRE to PCRE2
- Many modules now require PCRE2 for building
- graphics/php73-gd: X11 option is no longer default
Changes to Mk/Uses/php.mk approved by ale
