1PHP NEWS 2||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| 316 Dec 2021, PHP 8.1.1 4 5- IMAP: 6 . Fixed bug #81649 (imap_(un)delete accept sequences, not single numbers). 7 (cmb) 8 9- PCRE: 10 . Update bundled PCRE2 to 10.39. (cmb) 11 . Fixed bug #74604 (Out of bounds in php_pcre_replace_impl). (cmb, Dmitry) 12 13- Standard: 14 . Fixed bug #81659 (stream_get_contents() may unnecessarily overallocate). 15 (cmb) 16 1725 Nov 2021, PHP 8.1.0 18 19- Core: 20 . Fixed inclusion order for phpize builds on Windows. (cmb) 21 . Added missing hashtable insertion APIs for arr/obj/ref. (Sara) 22 . Implemented FR #77372 (Relative file path is removed from uploaded file). 23 (Björn Tantau) 24 . Fixed bug #81607 (CE_CACHE allocation with concurrent access). (Nikita, 25 Dmitry) 26 . Fixed bug #81507 (Fiber does not compile on AIX). (Clément Chigot) 27 . Fixed bug #78647 (SEGFAULT in zend_do_perform_implementation_check). 28 (Nikita) 29 . Fixed bug #81518 (Header injection via default_mimetype / default_charset). 30 (cmb) 31 . Fixed bug #75941 (Fix compile failure on Solaris with clang). (Jaromír 32 Doleček) 33 . Fixed bug #81380 (Observer may not be initialized properly). (krakjoe) 34 . Fixed bug #81514 (Using Enum as key in WeakMap triggers GC + SegFault). 35 (Nikita) 36 . Fixed bug #81520 (TEST_PHP_CGI_EXECUTABLE badly set in run-tests.php). 37 (Remi) 38 . Fixed bug #81377 (unset() of $GLOBALS sub-key yields warning). (Nikita) 39 . Fixed bug #81342 (New ampersand token parsing depends on new line after it). 40 (Nikita) 41 . Fixed bug #81280 (Unicode characters in cli.prompt causes segfault). 42 (krakjoe) 43 . Fixed bug #81192 ("Declaration should be compatible with" gives incorrect 44 line number with traits). (Nikita) 45 . Fixed bug #78919 (CLI server: insufficient cleanup if request startup 46 fails). (cataphract, cmb) 47 . Fixed bug #81303 (match error message improvements). (krakjoe) 48 . Fixed bug #81238 (Fiber support missing for Solaris Sparc). (trowski) 49 . Fixed bug #81237 (Comparison of fake closures doesn't work). (krakjoe) 50 . Fixed bug #81202 (powerpc64 build fails on fibers). (krakjoe) 51 . Fixed bug #80072 (Cyclic unserialize in TMPVAR operand may leak). (Nikita) 52 . Fixed bug #81163 (__sleep allowed to return non-array). (krakjoe) 53 . Fixed bug #75474 (function scope static variables are not bound to a unique 54 function). (Nikita) 55 . Fixed bug #53826 (__callStatic fired in base class through a parent call if 56 the method is private). (Nikita) 57 . Fixed bug #81076 (incorrect debug info on Closures with implicit binds). 58 (krakjoe) 59 60- CLI: 61 . Fixed bug #81496 (Server logs incorrect request method). (lauri) 62 63- COM: 64 . Dispatch using LANG_NEUTRAL instead of LOCALE_SYSTEM_DEFAULT. (Dmitry 65 Maksimov) 66 67- Curl: 68 . Fixed bug #81085 (Support CURLOPT_SSLCERT_BLOB for cert strings). 69 (camporter) 70 71- Date: 72 . Fixed bug #81458 (Regression Incorrect difference after timezone change). 73 (Derick) 74 . Fixed bug #81500 (Interval serialization regression since 7.3.14 / 7.4.2). 75 (cmb) 76 . Fixed bug #81504 (Incorrect timezone transition details for POSIX data). 77 (Derick) 78 . Fixed bug #80998 (Missing second with inverted interval). (Derick) 79 . Speed up finding timezone offset information. (Derick) 80 . Fixed bug #79580 (date_create_from_format misses leap year). (Derick) 81 . Fixed bug #80963 (DateTimeZone::getTransitions() truncated). (Derick) 82 . Fixed bug #80974 (Wrong diff between 2 dates in different timezones). 83 (Derick) 84 . Fixed bug #80998 (Missing second with inverted interval). (Derick) 85 . Fixed bug #81097 (DateTimeZone silently falls back to UTC when providing an 86 offset with seconds). (Derick) 87 . Fixed bug #81106 (Regression in 8.1: add() now truncate ->f). (Derick) 88 . Fixed bug #81273 (Date interval calculation not correct). (Derick) 89 . Fixed bug #52480 (Incorrect difference using DateInterval). (Derick) 90 . Fixed bug #62326 (date_diff() function returns false result). (Derick) 91 . Fixed bug #64992 (dst not handled past 2038). (Derick) 92 . Fixed bug #65003 (Wrong date diff). (Derick) 93 . Fixed bug #66545 (DateTime. diff returns negative values). (Derick) 94 . Fixed bug #68503 (date_diff on two dates with timezone set localised 95 returns wrong results). (Derick) 96 . Fixed bug #69806 (Incorrect date from timestamp). (Derick) 97 . Fixed bug #71700 (Extra day on diff between begin and end of march 2016). 98 (Derick) 99 . Fixed bug #71826 (DateTime::diff confuse on timezone 'Asia/Tokyo'). (Derick) 100 . Fixed bug #73460 (Datetime add not realising it already applied DST 101 change). (Derick) 102 . Fixed bug #74173 (DateTimeImmutable::getTimestamp() triggers DST switch in 103 incorrect time). (Derick) 104 . Fixed bug #74274 (Handling DST transitions correctly). (Derick) 105 . Fixed bug #74524 (Date diff is bad calculated, in same time zone). (Derick) 106 . Fixed bug #75167 (DateTime::add does only care about backward DST 107 transition, not forward). (Derick) 108 . Fixed bug #76032 (DateTime->diff having issues with leap days for 109 timezones ahead of UTC). (Derick) 110 . Fixed bug #76374 (Date difference varies according day time). (Derick) 111 . Fixed bug #77571 (DateTime's diff DateInterval incorrect in timezones from 112 UTC+01:00 to UTC+12:00). (Derick) 113 . Fixed bug #78452 (diff makes wrong in hour for Asia/Tehran). (Derick) 114 . Fixed bug #79452 (DateTime::diff() generates months differently between 115 time zones). (Derick) 116 . Fixed bug #79698 (timelib mishandles future timestamps (triggered by 'zic 117 -b slim')). (Derick) 118 . Fixed bug #79716 (Invalid date time created (with day "00")). (Derick) 119 . Fixed bug #80610 (DateTime calculate wrong with DateInterval). (Derick) 120 . Fixed bug #80664 (DateTime objects behave incorrectly around DST 121 transition). (Derick) 122 . Fixed bug #80913 (DateTime(Immutable)::sub around DST yield incorrect 123 time). (Derick) 124 125- DBA: 126 . Fixed bug #81588 (TokyoCabinet driver leaks memory). (girgias) 127 128- DOM: 129 . Fixed bug #81433 (DOMElement::setIdAttribute() called twice may remove ID). 130 (Viktor Volkov) 131 132- FFI: 133 . Fixed bug #79576 ("TYPE *" shows unhelpful message when type is not 134 defined). (Dmitry) 135 136- Filter: 137 . Fixed bug #61700 (FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing). 138 (cmb, Nikita) 139 140- FPM: 141 . Fixed bug #81513 (Future possibility for heap overflow in FPM zlog). 142 (Jakub Zelenka) 143 . Fixed bug #81026 (PHP-FPM oob R/W in root process leading to privilege 144 escalation) (CVE-2021-21703). (Jakub Zelenka) 145 . Added openmetrics status format. (Cees-Jan Kiewiet) 146 . Enable process renaming on macOS. (devnexen) 147 . Added pm.max_spawn_rate option to configure max spawn child processes rate. 148 (Paulius Sapragonas) 149 . Fixed bug #65800 (Events port mechanism). (psumbera) 150 151- FTP: 152 . Convert resource<ftp> to object \FTP\Connection. (Sara) 153 154- GD: 155 . Fixed bug #71316 (libpng warning from imagecreatefromstring). (cmb) 156 . Convert resource<gd font> to object \GdFont. (Sara) 157 158- hash: 159 . Implemented FR #68109 (Add MurmurHash V3). (Anatol, Michael) 160 . Implemented FR #73385 (Add xxHash support). (Anatol) 161 162- JSON: 163 . Fixed bug #81532 (Change of $depth behaviour in json_encode() on PHP 8.1). 164 (Nikita) 165 166- LDAP: 167 . Convert resource<ldap link> to object \LDAP\Connection. (Máté) 168 . Convert resource<ldap result> to object \LDAP\Result. (Máté) 169 . Convert resource<ldap result entry> to object \LDAP\ResultEntry. (Máté) 170 171- MBString: 172 . Fixed bug #76167 (mbstring may use pointer from some previous request). 173 (cmb, cataphract) 174 . Fixed bug #81390 (mb_detect_encoding() regression). (alexdowad) 175 . Fixed bug #81349 (mb_detect_encoding misdetcts ASCII in some cases). 176 (Nikita) 177 . Fixed bug #81298 (mb_detect_encoding() segfaults when 7bit encoding is 178 specified). (Nikita) 179 180- MySQLi: 181 . Fixed bug #70372 (Emulate mysqli_fetch_all() for libmysqlclient). (Nikita) 182 . Fixed bug #80330 (Replace language in APIs and source code/docs). 183 (Darek Ślusarczyk) 184 . Fixed bug #80329 (Add option to specify LOAD DATA LOCAL white list folder 185 (including libmysql)). (Darek Ślusarczyk) 186 187- MySQLnd: 188 . Fixed bug #63327 (Crash (Bus Error) in mysqlnd due to wrong alignment). 189 (Nikita) 190 . Fixed bug #80761 (PDO uses too much memory). (Nikita) 191 192- Opcache: 193 . Fixed bug #81409 (Incorrect JIT code for ADD with a reference to array). 194 (Dmitry) 195 . Fixed bug #81255 (Memory leak in PHPUnit with functional JIT). 196 . Fixed bug #80959 (infinite loop in building cfg during JIT compilation). 197 (Nikita, Dmitry) 198 . Fixed bug #81225 (Wrong result with pow operator with JIT enabled). 199 (Dmitry) 200 . Fixed bug #81249 (Intermittent property assignment failure with JIT 201 enabled). (Dmitry) 202 . Fixed bug #81256 (Assertion `zv != ((void *)0)' failed for "preload" with 203 JIT). (Dmitry) 204 . Fixed bug #81133 (building opcache with phpize fails). (krakjoe) 205 . Fixed bug #81136 (opcache header not installed). (krakjoe) 206 . Added inheritance cache. (Dmitry) 207 208- OpenSSL: 209 . Fixed bug #81502 ($tag argument of openssl_decrypt() should accept 210 null/empty string). (Nikita) 211 . Bump minimal OpenSSL version to 1.0.2. (Jakub Zelenka) 212 213- PCRE: 214 . Fixed bug #81424 (PCRE2 10.35 JIT performance regression). (cmb) 215 . Bundled PCRE2 is 10.37. 216 217- PDO: 218 . Fixed bug #40913 (PDO_MYSQL: PDO::PARAM_LOB does not bind to a stream for 219 fetching a BLOB). (Nikita) 220 221- PDO MySQL: 222 . Fixed bug #80908 (PDO::lastInsertId() return wrong). (matt) 223 . Fixed bug #81037 (PDO discards error message text from prepared 224 statement). (Kamil Tekiela) 225 226- PDO OCI: 227 . Fixed bug #77120 (Support 'success with info' at connection). 228 (Sergei Morozov) 229 230- PDO ODBC: 231 . Implement PDO_ATTR_SERVER_VERSION and PDO_ATTR_SERVER_INFO for 232 PDO::getAttribute(). (Calvin Buckley) 233 234- PDO PgSQL: 235 . Fixed bug #81343 (pdo_pgsql: Inconsitent boolean conversion after calling 236 closeCursor()). (Philip Hofstetter) 237 238- PDO SQLite: 239 . Fixed bug #38334 (Proper data-type support for PDO_SQLITE). (Nikita) 240 241- PgSQL: 242 . Fixed bug #81509 (pg_end_copy still expects a resource). (Matteo) 243 . Convert resource<pgsql link> to object \PgSql\Connection. (Máté) 244 . Convert resource<pgsql result> to object \PgSql\Result. (Máté) 245 . Convert resource<pgsql large object> to object \PgSql\Lob. (Máté) 246 247- Phar: 248 . Use SHA256 by default for signature. (remi) 249 . Add support for OpenSSL_SHA256 and OpenSSL_SHA512 signature. (remi) 250 251- phpdbg: 252 . Fixed bug #81135 (unknown help topic causes assertion failure). (krakjoe) 253 254- PSpell: 255 . Convert resource<pspell> to object \PSpell\Dictionary. (Sara) 256 . Convert resource<pspell config> to object \PSpell\Config. (Sara) 257 258- readline: 259 . Fixed bug #72998 (invalid read in readline completion). (krakjoe) 260 261- Reflection: 262 . Fixed bug #81611 (ArgumentCountError when getting default value from 263 ReflectionParameter with new). (Cameron Porter) 264 . Fixed bug #81630 (PHP 8.1: ReflectionClass->getTraitAliases() crashes with 265 Internal error). (Nikita) 266 . Fixed bug #81457 (Enum: ReflectionMethod->getDeclaringClass() return a 267 ReflectionClass). (Nikita) 268 . Fixed bug #81474 (Make ReflectionEnum and related class non-final). (Nikita) 269 . Fixed bug #80821 (ReflectionProperty::getDefaultValue() returns current 270 value for statics). (Nikita) 271 . Fixed bug #80564 (ReflectionProperty::__toString() renders current value, 272 not default value). (Nikita) 273 . Fixed bug #80097 (ReflectionAttribute is not a Reflector). (beberlei) 274 . Fixed bug #81200 (no way to determine if Closure is static). (krakjoe) 275 . Implement ReflectionFunctionAbstract::getClosureUsedVariables. (krakjoe) 276 277- Shmop: 278 . Fixed bug #81407 (shmop_open won't attach and causes php to crash). (cmb) 279 280- SimpleXML: 281 . Fixed bug #81325 (Segfault in zif_simplexml_import_dom). (remi) 282 283- SNMP: 284 . Implement SHA256 and SHA512 for security protocol. (remi) 285 286- Sodium: 287 . Added the XChaCha20 stream cipher functions. (P.I.E. Security Team) 288 . Added the Ristretto255 functions, which are available in libsodium 1.0.18. 289 (P.I.E. Security Team) 290 291- SPL: 292 . Fixed bug #66588 (SplFileObject::fgetcsv incorrectly returns a row on 293 premature EOF). (Aliaksandr Bystry) 294 . Fixed bug #80663 (Recursive SplFixedArray::setSize() may cause double-free). 295 (cmb, Nikita, Tyson Andre) 296 . Fixed bug #81477 (LimitIterator + SplFileObject regression in 8.0.1). (cmb) 297 . Fixed bug #81112 (Special json_encode behavior for SplFixedArray). (Nikita) 298 . Fixed bug #80945 ("Notice: Undefined index" on unset() ArrayObject 299 non-existing key). (Nikita) 300 . Fixed bug #80724 (FilesystemIterator::FOLLOW_SYMLINKS remove KEY_AS_FILE 301 from bitmask). (Cameron Porter) 302 303- Standard: 304 . Fixed bug #81441 (gethostbyaddr('::1') returns ip instead of name after 305 calling some other method). (Nikita) 306 . Fixed bug #81491 (Incorrectly using libsodium for argon2 hashing). 307 (Dan Pock) 308 . Fixed bug #81142 (PHP 7.3+ memory leak when unserialize() is used on an 309 associative array). (Nikita) 310 . Fixed bug #81111 (Serialization is unexpectedly allowed on anonymous classes 311 with __serialize()). (Nikita) 312 . Fixed bug #81137 (hrtime breaks build on OSX before Sierra). (krakjoe) 313 . Fixed bug #77627 (method_exists on Closure::__invoke inconsistency). 314 (krakjoe) 315 316- Streams: 317 . Fixed bug #81475 (stream_isatty emits warning with attached stream wrapper). 318 (cmb) 319 320- XML: 321 . Fixed bug #79971 (special character is breaking the path in xml function) 322 (CVE-2021-21707). (cmb) 323 . Fixed bug #70962 (XML_OPTION_SKIP_WHITE strips embedded whitespace). 324 (Aliaksandr Bystry, cmb) 325 326- Zip: 327 . Fixed bug #81490 (ZipArchive::extractTo() may leak memory). (cmb, Remi) 328 . Fixed bug #77978 (Dirname ending in colon unzips to wrong dir). (cmb) 329 . Fixed bug #81420 (ZipArchive::extractTo extracts outside of destination) 330 (CVE-2021-21706). (cmb) 331 . Fixed bug #80833 (ZipArchive::getStream doesn't use setPassword). (Remi) 332