./lang/php84, PHP Hypertext Preprocessor version 8.4

[ Image CVSweb ] [ Image Homepage ] [ Image RSS ] [ Image Required by ] [ Image Add to tracker ]

Branch: CURRENT, Version: 8.4.18, Package name: php84-8.4.18, Maintainer: pkgsrc-users

PHP is a widely-used open source general-purpose scripting language
that is especially suited for web development and can be embedded
into HTML. It is modular, and object-oriented. Much of its syntax
is borrowed from C, Java and Perl with a couple of unique PHP-specific
features thrown in. The language is designed to allow web developers
to write dynamically generated pages quickly.

PHP 8.4 comes with numerous improvements and new features such as

* Property Hooks
* Asymmetric Property Visibility
* Lazy Objects
* #[\Deprecated] attribute
* Parsing RFC1867 (multipart) requests in non-POST HTTP requests
* Chaining new expressions without parentheses
* Improved Debugging Info for WeakReference
* Improved Debugging Info for Closure
* Defining Identical Symbols in Different Namespace Blocks
* And much much more...



Package options: inet6, readline, ssl

Master sites:

Filesize: 13354.215 KB

Version history: (Expand)

CVS history: (Expand)


   2026-02-13 16:26:05 by Takahiro Kambe | Files touched by this commit (1) | Package updated
Log message:
lang/php84: update to 8.4.18

PHP 8.4.18 (2026-02-12)

- Core:
  . Fixed bug GH-20837 (NULL dereference when calling ob_start() in shutdown
    function triggered by bailout in php_output_lock_error()). (timwolla)
  . Fix OSS-Fuzz #471533782 (Infinite loop in GC destructor fiber). (ilutov)
  . Fix OSS-Fuzz #472563272 (Borked block_pass JMP[N]Z optimization). (ilutov)
  . Fixed bug GH-GH-20914 (Internal enums can be cloned and compared). (Arnaud)
  . Fix OSS-Fuzz #474613951 (Leaked parent property default value). (ilutov)
  . Fixed bug GH-20766 (Use-after-free in FE_FREE with GC interaction). (Bob)
  . Fix OSS-Fuzz #471486164 (Broken by-ref assignment to uninitialized hooked
    backing value). (ilutov)
  . Fix OSS-Fuzz #438780145 (Nested finally with repeated return type check may
    uaf). (ilutov)
  . Fixed bug GH-20905 (Lazy proxy bailing __clone assertion). (ilutov)
  . Fixed bug GH-20479 (Hooked object properties overflow). (ndossche)

- Date:
  . Update timelib to 2022.16. (Derick)

- DOM:
  . Fixed GH-21041 (Dom\HTMLDocument corrupts closing tags within scripts).
    (lexborisov)

- MbString:
  . Fixed bug GH-20833 (mb_str_pad() divide by zero if padding string is
    invalid in the encoding). (ndossche)
  . Fixed bug GH-20836 (Stack overflow in mb_convert_variables with
    recursive array references). (alexandre-daubois)

- Opcache:
  . Fixed bug GH-20818 (Segfault in Tracing JIT with object reference).
    (khasinski)

- OpenSSL:
  . Fix memory leaks when sk_X509_new_null() fails. (ndossche)
  . Fix crash when in openssl_x509_parse() when i2s_ASN1_INTEGER() fails.
    (ndossche)
  . Fix crash in openssl_x509_parse() when X509_NAME_oneline() fails.
    (ndossche)

- Phar:
  . Fixed bug GH-20882 (buildFromIterator breaks with missing base directory).
    (ndossche)

- PGSQL:
  . Fixed INSERT/UPDATE queries building with PQescapeIdentifier() and possible
    UB. (David Carlier)

- Readline:
  . Fixed bug GH-18139 (Memory leak when overriding some settings
    via readline_info()). (ndossche)

- SPL:
  . Fixed bug GH-20856 (heap-use-after-free in SplDoublyLinkedList iterator
    when modifying during iteration). (ndossche)

- Standard:
  . Fixed bug #74357 (lchown fails to change ownership of symlink with ZTS)
    (Jakub Zelenka)
  . Fixed bug GH-20843 (var_dump() crash with nested objects)
    (David Carlier)
   2026-01-19 16:32:18 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
lang/php84: update to 8.4.17

8.4.17 (2025-01-15)

- Core:
  . Fix OSS-Fuzz #465488618 (Wrong assumptions when dumping function signature
    with dynamic class const lookup default argument). (ilutov)
  . Fixed bug GH-20695 (Assertion failure in normalize_value() when parsing
    malformed INI input via parse_ini_string()). (ndossche)
  . Fixed bug GH-20714 (Uncatchable exception thrown in generator). (ilutov)
  . Fixed bug GH-20352 (UAF in php_output_handler_free via re-entrant
    ob_start() during error deactivation). (ndossche)

- Bz2:
  . Fixed bug GH-20620 (bzcompress overflow on large source size).
    (David Carlier)

- DOM:
  . Fixed bug GH-20722 (Null pointer dereference in DOM namespace node cloning
    via clone on malformed objects). (ndossche)
  . Fixed bug GH-20444 (Dom\XMLDocument::C14N() seems broken compared
    to DOMDocument::C14N()). (ndossche)

- GD:
  . Fixed bug GH-20622 (imagestring/imagestringup overflow). (David Carlier)

- Intl:
  . Fix leak in umsg_format_helper(). (ndossche)

- LDAP:
  . Fix memory leak in ldap_set_options(). (ndossche)

- Mbstring:
  . Fixed bug GH-20674 (mb_decode_mimeheader does not handle separator).
    (Yuya Hamada)

- PCNTL:
  . Fixed bug with pcntl_getcpuaffinity() on solaris regarding invalid
    process ids handling. (David Carlier)

- Phar:
  . Fixed bug GH-20732 (Phar::LoadPhar undefined behavior when reading fails).
    (ndossche)
  . Fix SplFileInfo::openFile() in write mode. (ndossche)
  . Fix build on legacy OpenSSL 1.1.0 systems. (Giovanni Giacobbi)
  . Fixed bug #74154 (Phar extractTo creates empty files). (ndossche)

- POSIX:
  . Fixed crash on posix groups to php array creation on macos.
    (David Carlier)

- SPL:
  . Fixed bug GH-20678 (resource created by GlobIterator crashes with fclose()).
    (David Carlier)

- Sqlite3:
  . Fixed bug GH-20699 (SQLite3Result fetchArray return array|false,
    null returned). (ndossche, plusminmax)

- Standard:
  . Fix error check for proc_open() command. (ndossche)
  . Fix memory leak in mail() when header key is numeric. (Girgias)
  . Fixed bug GH-20582 (Heap Buffer Overflow in iptcembed). (ndossche)

- Zlib:
  . Fix OOB gzseek() causing assertion failure. (ndossche)
   2026-01-07 09:49:50 by Thomas Klausner | Files touched by this commit (2525) 
Log message:
*: recursive bump for icu 78.1
   2025-12-19 15:32:35 by Takahiro Kambe | Files touched by this commit (1) | Package updated
Log message:
lang/php84: update to 8.4.16

PHP 8.4.16 (2025-12-18)

- Core:
  . Sync all boost.context files with release 1.86.0. (mvorisek)
  . Fixed bug GH-20435 (SensitiveParameter doesn't work for named argument
    passing to variadic parameter). (ndossche)
  . Fixed bug GH-20286 (use-after-destroy during userland stream_close()).
    (ndossche, David Carlier)

- Bz2:
  . Fix assertion failures resulting in crashes with stream filter
    object parameters. (ndossche)

- Date:
  . Fix crashes when trying to instantiate uninstantiable classes via date
    static constructors. (ndossche)

- DOM:
  . Fix memory leak when edge case is hit when registering xpath callback.
    (ndossche)
  . Fixed bug GH-20395 (querySelector and querySelectorAll requires elements
    in $selectors to be lowercase). (ndossche)
  . Fix missing NUL byte check on C14NFile(). (ndossche)

- Fibers:
  . Fixed bug GH-20483 (ASAN stack overflow with fiber.stack_size INI
    small value). (David Carlier)

- FTP:
  . Fixed bug GH-20601 (ftp_connect overflow on timeout). (David Carlier)

- GD:
  . Fixed bug GH-20511 (imagegammacorrect out of range input/output values).
    (David Carlier)
  . Fixed bug GH-20602 (imagescale overflow with large height values).
    (David Carlier)

- Intl:
  . Fixed bug GH-20426 (Spoofchecker::setRestrictionLevel() error message
    suggests missing constants). (DanielEScherzer)

- LibXML:
  . Fix some deprecations on newer libxml versions regarding input
    buffer/parser handling. (ndossche)

- MbString:
  . Fixed bug GH-20491 (SLES15 compile error with mbstring oniguruma).
    (ndossche)
  . Fixed bug GH-20492 (mbstring compile warning due to non-strings).
    (ndossche)

- MySQLnd:
  . Fixed bug GH-20528 (Regression breaks mysql connexion using an IPv6 address
    enclosed in square brackets). (Remi)

- Opcache:
  . Fixed bug GH-20329 (opcache.file_cache broken with full interned string
    buffer). (Arnaud)

- PDO:
  . Fixed GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). (CVE-2025-14180)
    (Jakub Zelenka)

- Phar:
  . Fixed bug GH-20442 (Phar does not respect case-insensitiveness of
    __halt_compiler() when reading stub). (ndossche, TimWolla)
  . Fix broken return value of fflush() for phar file entries. (ndossche)
  . Fix assertion failure when fseeking a phar file out of bounds. (ndossche)

- PHPDBG:
  . Fixed ZPP type violation in phpdbg_get_executable() and phpdbg_end_oplog().
    (Girgias)

- SPL:
  . Fixed bug GH-20614 (SplFixedArray incorrectly handles references
    in deserialization). (ndossche)

- Standard:
  . Fix memory leak in array_diff() with custom type checks. (ndossche)
  . Fixed bug GH-20583 (Stack overflow in http_build_query
    via deep structures). (ndossche)
  . Fixed GHSA-www2-q4fc-65wf (Null byte termination in dns_get_record()).
    (ndossche)
  . Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in array_merge()).
    (CVE-2025-14178) (ndossche)
  . Fixed GHSA-3237-qqm7-mfv7 (Information Leak of Memory in getimagesize).
    (CVE-2025-14177) (ndossche)

- Tidy:
  . Fixed bug GH-20374 (PHP with tidy and custom-tags). (ndossche)

- XML:
  . Fixed bug GH-20439 (xml_set_default_handler() does not properly handle
    special characters in attributes when passing data to callback). (ndossche)

- Zip:
  . Fix crash in property existence test. (ndossche)
  . Don't truncate return value of zip_fread() with user sizes. (ndossche)

- Zlib:
  . Fix assertion failures resulting in crashes with stream filter
    object parameters. (ndossche)
   2025-11-23 13:40:14 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
lang/php84: update to 8.4.15

PHP 8.4.15 (2025-11-20)

- Core:
  . Fixed bug GH-19934 (CGI with auto_globals_jit=0 causes uouv). (ilutov)
  . Fixed bug GH-20073 (Assertion failure in WeakMap offset operations on
    reference). (nielsdos)
  . Fixed bug GH-20085 (Assertion failure when combining lazy object
    get_properties exception with foreach loop). (nielsdos)
  . Fixed bug GH-19844 (Don't bail when closing resources on shutdown). (ilutov)
  . Fixed bug GH-20177 (Accessing overridden private property in
    get_object_vars() triggers assertion error). (ilutov)
  . Fixed bug GH-20270 (Broken parent hook call with named arguments). (ilutov)
  . Fixed bug GH-20183 (Stale EG(opline_before_exception) pointer through eval).
    (ilutov)

- DOM:
  . Partially fixed bug GH-16317 (DOM classes do not allow
    __debugInfo() overrides to work). (nielsdos)
  . Fixed bug GH-20281 (\Dom\Document::getElementById() is inconsistent
    after nodes are removed). (nielsdos)

- Exif:
  . Fix possible memory leak when tag is empty. (nielsdos)

- FPM:
  . Fixed bug GH-19974 (fpm_status_export_to_zval segfault for parallel
    execution). (Jakub Zelenka, txuna)

- FTP:
  . Fixed bug GH-20240 (FTP with SSL: ftp_fput(): Connection timed out on
    successful writes). (nielsdos)

- GD:
  . Fixed bug GH-20070 (Return type violation in imagefilter when an invalid
    filter is provided). (Girgias)

- Intl:
  . Fix memory leak on error in locale_filter_matches(). (nielsdos)

- LibXML:
  . Fix not thread safe schema/relaxng calls. (SpencerMalone, nielsdos)

- MySQLnd:
  . Fixed bug GH-8978 (SSL certificate verification fails (port doubled)).
    (nielsdos)
  . Fixed bug GH-20122 (getColumnMeta() for JSON-column in MySQL). (nielsdos)

- Opcache:
  . Fixed bug GH-20081 (access to uninitialized vars in preload_load()).
    (Arnaud)
  . Fixed bug GH-20121 (JIT broken in ZTS builds on MacOS 15).
    (Arnaud, Shivam Mathur)
  . Fixed bug GH-19875 (JIT 1205 segfault on large file compiled in subprocess).
    (Arnaud)
  . Fixed bug GH-20012 (heap buffer overflow in jit). (Arnaud)
  . Partially fixed bug GH-17733 (Avoid calling wrong function when reusing file
    caches across differing environments). (ilutov)

- PgSql:
  . Fix memory leak when first string conversion fails. (nielsdos)
  . Fix segfaults when attempting to fetch row into a non-instantiable class
    name. (Girgias, nielsdos)

- Phar:
  . Fix memory leak of argument in webPhar. (nielsdos)
  . Fix memory leak when setAlias() fails. (nielsdos)
  . Fix a bunch of memory leaks in phar_parse_zipfile() error handling.
    (nielsdos)
  . Fix file descriptor/memory leak when opening central fp fails. (nielsdos)
  . Fix memleak+UAF when opening temp stream in buildFromDirectory() fails.
    (nielsdos)
  . Fix potential buffer length truncation due to usage of type int instead
    of type size_t. (Girgias)
  . Fix memory leak when openssl polyfill returns garbage. (nielsdos)
  . Fix file descriptor leak in phar_zip_flush() on failure. (nielsdos)
  . Fix memory leak when opening temp file fails while trying to open
    gzip-compressed archive. (nielsdos)
  . Fixed bug GH-20302 (Freeing a phar alias may invalidate
    PharFileInfo objects). (nielsdos)

- Random:
  . Fix Randomizer::__serialize() w.r.t. INDIRECTs. (nielsdos)

- Reflection:
  . Fixed bug GH-20217 (ReflectionClass::isIterable() incorrectly returns true
    for classes with property hooks). (alexandre-daubois)

- SimpleXML:
  . Partially fixed bug GH-16317 (SimpleXML does not allow __debugInfo() overrides
    to work). (nielsdos)

- Streams:
  . Fixed bug GH-19798: XP_SOCKET XP_SSL (Socket stream modules): Incorrect
    condition for Win32/Win64. (Jakub Zelenka)

- Tidy:
  . Fixed GH-19021 (improved tidyOptGetCategory detection).
    (arjendekorte, David Carlier, Peter Kokot)
  . Fix UAF in tidy when tidySetErrorBuffer() fails. (nielsdos)

- XMLReader:
  . Fix arginfo/zpp violations when LIBXML_SCHEMAS_ENABLED is not available.
    (nielsdos)

- Windows:
  . Fix GH-19722 (_get_osfhandle asserts in debug mode when given a socket).
    (dktapps)
   2025-10-24 07:28:47 by Takahiro Kambe | Files touched by this commit (1) | Package updated
Log message:
lang/php84: update to 8.4.14

PHP 8.4.14 (2025-10-21)

- Core:
  . Fixed bug GH-19765 (object_properties_load() bypasses readonly property
    checks). (timwolla)
  . Fixed hard_timeout with --enable-zend-max-execution-timers. (Appla)
  . Fixed bug GH-19792 (SCCP causes UAF for return value if both warning and
    exception are triggered). (nielsdos)
  . Fixed bug GH-19653 (Closure named argument unpacking between temporary
    closures can cause a crash). (nielsdos, Arnaud, Bob)
  . Fixed bug GH-19839 (Incorrect HASH_FLAG_HAS_EMPTY_IND flag on userland
    array). (ilutov)
  . Fixed bug GH-19480 (error_log php.ini cannot be unset when open_basedir is
    configured). (nielsdos)
  . Fixed bug GH-20002 (Broken build on *BSD with MSAN). (outtersg)

- CLI:
  . Fix useless "Failed to poll event" error logs due to EAGAIN in CLI \ 
server
    with PHP_CLI_SERVER_WORKERS. (leotaku)

- Curl:
  . Fix cloning of CURLOPT_POSTFIELDS when using the clone operator instead
    of the curl_copy_handle() function to clone a CurlHandle. (timwolla)
  . Fix curl build and test failures with version 8.16.
    (nielsdos, ilutov, Jakub Zelenka)

- Date:
  . Fixed GH-17159: "P" format for ::createFromFormat swallows string \ 
literals.
    (nielsdos)

- DOM:
  . Fix macro name clash on macOS. (Ruoyu Zhong)
  . Fixed bug GH-20022 (docker-php-ext-install DOM failed). (nielsdos)

- GD:
  . Fixed GH-19955 (imagefttext() memory leak). (David Carlier)

- MySQLnd:
  . Fixed bug #67563 (mysqli compiled with mysqlnd does not take ipv6 adress
    as parameter). (nielsdos)

- Opcache:
  . Fixed bug GH-19669 (assertion failure in zend_jit_trace_type_to_info_ex).
    (Arnaud)
  . Fixed bug GH-19831 (function JIT may not deref property value). (Arnaud)
  . Fixed bug GH-19889 (race condition in zend_runtime_jit(),
    zend_jit_hot_func()). (Arnaud)

- Phar:
  . Fix memory leak and invalid continuation after tar header writing fails.
    (nielsdos)
  . Fix memory leaks when creating temp file fails when applying zip signature.
    (nielsdos)

- SimpleXML:
  . Fixed bug GH-19988 (zend_string_init with NULL pointer in simplexml (UB)).
    (nielsdos)

- Soap:
  . Fixed bug GH-19784 (SoapServer memory leak). (nielsdos)
  . Fixed bug GH-20011 (Array of SoapVar of unknown type causes crash).
    (nielsdos)

- Standard:
  . Fixed bug GH-12265 (Cloning an object breaks serialization recursion).
    (nielsdos)
  . Fixed bug GH-19701 (Serialize/deserialize loses some data). (nielsdos)
  . Fixed bug GH-19801 (leaks in var_dump() and debug_zval_dump()).
    (alexandre-daubois)
  . Fixed bug GH-20043 (array_unique assertion failure with RC1 array
    causing an exception on sort). (nielsdos)
  . Fixed bug GH-19926 (reset internal pointer earlier while splicing array
    while COW violation flag is still set). (alexandre-daubois)
  . Fixed bug GH-19570 (unable to fseek in /dev/zero and /dev/null).
    (nielsdos, divinity76)

- Streams:
  . Fixed bug GH-19248 (Use strerror_r instead of strerror in main).
    (Jakub Zelenka)
  . Fixed bug GH-17345 (Bug #35916 was not completely fixed). (nielsdos)
  . Fixed bug GH-19705 (segmentation when attempting to flush on non seekable
    stream. (bukka/David Carlier)

- XMLReader:
  . Fixed bug GH-20009 (XMLReader leak on RelaxNG schema failure). (nielsdos)

- Zip:
  . Fixed bug GH-19688 (Remove pattern overflow in zip addGlob()). (nielsdos)
  . Fixed bug GH-19932 (Memory leak in zip setEncryptionName()/setEncryptionIndex()).
    (David Carlier)
   2025-10-23 22:40:24 by Thomas Klausner | Files touched by this commit (2999) 
Log message:
*: recursive bump for pcre2

Running an old binary against the new pcre doesn't work:
/usr/pkg/lib/libpcre2-8.so.0: version PCRE2_10.47 required by \ 
/usr/pkg/lib/libglib-2.0.so.0 not defined
   2025-10-07 16:42:20 by Thomas Klausner | Files touched by this commit (3) 
Log message:
php-iconv: fix build with gcc 14

With help from taca@, thanks!