./lang/php83, PHP Hypertext Preprocessor version 8.3

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 8.3.29nb1, Package name: php83-8.3.29nb1, Maintainer: pkgsrc-users

PHP is a widely-used open source general-purpose scripting language
that is especially suited for web development and can be embedded
into HTML. It is modular, and object-oriented. Much of its syntax
is borrowed from C, Java and Perl with a couple of unique PHP-specific
features thrown in. The language is designed to allow web developers
to write dynamically generated pages quickly.

PHP 8.3 comes with numerous improvements and new features such as

* Typed Class Constants
* Fetch class constant dynamically syntax
* Readonly Amendments
* Override Attribute
* New Randomizer method Random\Randomizer::getBytesFromString
* New function json_validate
* And much much more...



Package options: inet6, readline, ssl

Master sites:

Filesize: 12306.586 KB

Version history: (Expand)

CVS history: (Expand)


   2026-01-07 09:49:50 by Thomas Klausner | Files touched by this commit (2525) 
Log message:
*: recursive bump for icu 78.1
   2025-12-19 15:31:20 by Takahiro Kambe | Files touched by this commit (1) | Package updated
Log message:
lang/php83: update to 8.3.29

PHP 8.3.29 (2025-12-18)

- Core:
  . Sync all boost.context files with release 1.86.0. (mvorisek)
  . Fixed bug GH-20435 (SensitiveParameter doesn't work for named argument
    passing to variadic parameter). (ndossche)
  . Fixed bug GH-20286 (use-after-destroy during userland stream_close()).
    (ndossche, David Carlier)

- Bz2:
  . Fix assertion failures resulting in crashes with stream filter
    object parameters. (ndossche)

- Date:
  . Fix crashes when trying to instantiate uninstantiable classes via date
    static constructors. (ndossche)

- DOM:
  . Fix missing NUL byte check on C14NFile(). (ndossche)

- Fibers:
  . Fixed bug GH-20483 (ASAN stack overflow with fiber.stack_size INI
    small value). (David Carlier)

- FTP:
  . Fixed bug GH-20601 (ftp_connect overflow on timeout). (David Carlier)

- GD:
  . Fixed bug GH-20511 (imagegammacorrect out of range input/output values).
    (David Carlier)
  . Fixed bug GH-20602 (imagescale overflow with large height values).
    (David Carlier)

- Intl:
  . Fixed bug GH-20426 (Spoofchecker::setRestrictionLevel() error message
    suggests missing constants). (DanielEScherzer)

- LibXML:
  . Fix some deprecations on newer libxml versions regarding input
    buffer/parser handling. (ndossche)

- MbString:
  . Fixed bug GH-20491 (SLES15 compile error with mbstring oniguruma).
    (ndossche)
  . Fixed bug GH-20492 (mbstring compile warning due to non-strings).
    (ndossche)

- MySQLnd:
  . Fixed bug GH-20528 (Regression breaks mysql connexion using an IPv6 address
    enclosed in square brackets). (Remi)

- Opcache:
  . Fixed bug GH-20329 (opcache.file_cache broken with full interned string
    buffer). (Arnaud)

- PDO:
  . Fixed GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). (CVE-2025-14180)
    (Jakub Zelenka)

- Phar:
  . Fixed bug GH-20442 (Phar does not respect case-insensitiveness of
    __halt_compiler() when reading stub). (ndossche, TimWolla)
  . Fix broken return value of fflush() for phar file entries. (ndossche)
  . Fix assertion failure when fseeking a phar file out of bounds. (ndossche)

- PHPDBG:
  . Fixed ZPP type violation in phpdbg_get_executable() and phpdbg_end_oplog().
    (Girgias)

- SPL:
  . Fixed bug GH-20614 (SplFixedArray incorrectly handles references
    in deserialization). (ndossche)

- Standard:
  . Fix memory leak in array_diff() with custom type checks. (ndossche)
  . Fixed bug GH-20583 (Stack overflow in http_build_query
    via deep structures). (ndossche)
  . Fixed GHSA-www2-q4fc-65wf (Null byte termination in dns_get_record()).
    (ndossche)
  . Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in array_merge()).
    (CVE-2025-14178) (ndossche)
  . Fixed GHSA-3237-qqm7-mfv7 (Information Leak of Memory in getimagesize).
    (CVE-2025-14177) (ndossche)

- Tidy:
  . Fixed bug GH-20374 (PHP with tidy and custom-tags). (ndossche)

- XML:
  . Fixed bug GH-20439 (xml_set_default_handler() does not properly handle
    special characters in attributes when passing data to callback). (ndossche)

- Zip:
  . Fix crash in property existence test. (ndossche)
  . Don't truncate return value of zip_fread() with user sizes. (ndossche)

- Zlib:
  . Fix assertion failures resulting in crashes with stream filter
    object parameters. (ndossche)
   2025-11-23 13:38:01 by Takahiro Kambe | Files touched by this commit (2) 
Log message:
PHP 8.3.28 (2025-11-20)

- Core:
  . Fixed bug GH-19934 (CGI with auto_globals_jit=0 causes uouv). (ilutov)
  . Fixed bug GH-20073 (Assertion failure in WeakMap offset operations on
    reference). (nielsdos)
  . Fixed bug GH-19844 (Don't bail when closing resources on shutdown). (ilutov)
  . Fixed bug GH-20177 (Accessing overridden private property in
    get_object_vars() triggers assertion error). (ilutov)
  . Fixed bug GH-20183 (Stale EG(opline_before_exception) pointer through eval).
    (ilutov)

- DOM:
  . Partially fixed bug GH-16317 (DOM classes do not allow
    __debugInfo() overrides to work). (nielsdos)

- Exif:
  . Fix possible memory leak when tag is empty. (nielsdos)

- FPM:
  . Fixed bug GH-19974 (fpm_status_export_to_zval segfault for parallel
    execution). (Jakub Zelenka, txuna)

- FTP:
  . Fixed bug GH-20240 (FTP with SSL: ftp_fput(): Connection timed out on
    successful writes). (nielsdos)

- GD:
  . Fixed bug GH-20070 (Return type violation in imagefilter when an invalid
    filter is provided). (Girgias)

- Intl:
  . Fix memory leak on error in locale_filter_matches(). (nielsdos)

- LibXML:
  . Fix not thread safe schema/relaxng calls. (SpencerMalone, nielsdos)

- MySQLnd:
  . Fixed bug GH-8978 (SSL certificate verification fails (port doubled)).
    (nielsdos)
  . Fixed bug GH-20122 (getColumnMeta() for JSON-column in MySQL). (nielsdos)

- Opcache:
  . Fixed bug GH-20081 (access to uninitialized vars in preload_load()).
    (Arnaud)
  . Fixed bug GH-20121 (JIT broken in ZTS builds on MacOS 15).
    (Arnaud, Shivam Mathur)

- PgSql:
  . Fix memory leak when first string conversion fails. (nielsdos)
  . Fix segfaults when attempting to fetch row into a non-instantiable class
    name. (Girgias, nielsdos)

- Phar:
  . Fix memory leak of argument in webPhar. (nielsdos)
  . Fix memory leak when setAlias() fails. (nielsdos)
  . Fix a bunch of memory leaks in phar_parse_zipfile() error handling.
    (nielsdos)
  . Fix file descriptor/memory leak when opening central fp fails. (nielsdos)
  . Fix memleak+UAF when opening temp stream in buildFromDirectory() fails.
    (nielsdos)
  . Fix potential buffer length truncation due to usage of type int instead
    of type size_t. (Girgias)
  . Fix memory leak when openssl polyfill returns garbage. (nielsdos)
  . Fix file descriptor leak in phar_zip_flush() on failure. (nielsdos)
  . Fix memory leak when opening temp file fails while trying to open
    gzip-compressed archive. (nielsdos)
  . Fixed bug GH-20302 (Freeing a phar alias may invalidate
    PharFileInfo objects). (nielsdos)

- Random:
  . Fix Randomizer::__serialize() w.r.t. INDIRECTs. (nielsdos)

- SimpleXML:
  . Partially fixed bug GH-16317 (SimpleXML does not allow __debugInfo() overrides
    to work). (nielsdos)

- Standard:
  . Fix shm corruption with coercion in options of unserialize(). (nielsdos)

- Streams:
  . Fixed bug GH-19798: XP_SOCKET XP_SSL (Socket stream modules): Incorrect
    condition for Win32/Win64. (Jakub Zelenka)

- Tidy:
  . Fixed GH-19021 (improved tidyOptGetCategory detection).
    (arjendekorte, David Carlier, Peter Kokot)
  . Fix UAF in tidy when tidySetErrorBuffer() fails. (nielsdos)

- XMLReader:
  . Fix arginfo/zpp violations when LIBXML_SCHEMAS_ENABLED is not available.
    (nielsdos)

- Windows:
  . Fix GH-19722 (_get_osfhandle asserts in debug mode when given a socket).
    (dktapps)

- Zip:
  . Fix memory leak when passing enc_method/enc_password is passed as option
    for ZipArchive::addGlob()/addPattern() and with consecutive calls.
    (David Carlier)
   2025-10-24 07:29:44 by Takahiro Kambe | Files touched by this commit (1) | Package updated
Log message:
lang/php83: update to 8.3.27

PHP 8.3.27 (2025-10-23)

- Core:
  . Fixed bug GH-19765 (object_properties_load() bypasses readonly property
    checks). (timwolla)
  . Fixed hard_timeout with --enable-zend-max-execution-timers. (Appla)
  . Fixed bug GH-19792 (SCCP causes UAF for return value if both warning and
    exception are triggered). (nielsdos)
  . Fixed bug GH-19653 (Closure named argument unpacking between temporary
    closures can cause a crash). (nielsdos, Arnaud, Bob)
  . Fixed bug GH-19839 (Incorrect HASH_FLAG_HAS_EMPTY_IND flag on userland
    array). (ilutov)
  . Fixed bug GH-19480 (error_log php.ini cannot be unset when open_basedir is
    configured). (nielsdos)
  . Fixed bug GH-20002 (Broken build on *BSD with MSAN). (outtersg)

- CLI:
  . Fix useless "Failed to poll event" error logs due to EAGAIN in CLI \ 
server
    with PHP_CLI_SERVER_WORKERS. (leotaku)

- Curl:
  . Fix cloning of CURLOPT_POSTFIELDS when using the clone operator instead
    of the curl_copy_handle() function to clone a CurlHandle. (timwolla)
  . Fix curl build and test failures with version 8.16.
    (nielsdos, ilutov, Jakub Zelenka)

- Date:
  . Fixed GH-17159: "P" format for ::createFromFormat swallows string \ 
literals.
    (nielsdos)

- DBA:
  . Fixed GH-19885 (dba_fetch() overflow on skip argument). (David Carlier)

- GD:
  . Fixed GH-19955 (imagefttext() memory leak). (David Carlier)

- MySQLnd:
  . Fixed bug #67563 (mysqli compiled with mysqlnd does not take ipv6 adress
    as parameter). (nielsdos)

- Phar:
  . Fix memory leak and invalid continuation after tar header writing fails.
    (nielsdos)
  . Fix memory leaks when creating temp file fails when applying zip signature.
    (nielsdos)

- SimpleXML:
  . Fixed bug GH-19988 (zend_string_init with NULL pointer in simplexml (UB)).
    (nielsdos)

- Soap:
  . Fixed bug GH-19784 (SoapServer memory leak). (nielsdos)
  . Fixed bug GH-20011 (Array of SoapVar of unknown type causes crash).
    (nielsdos)

- Standard:
  . Fixed bug GH-12265 (Cloning an object breaks serialization recursion).
    (nielsdos)
  . Fixed bug GH-19701 (Serialize/deserialize loses some data). (nielsdos)
  . Fixed bug GH-19801 (leaks in var_dump() and debug_zval_dump()).
    (alexandre-daubois)
  . Fixed bug GH-20043 (array_unique assertion failure with RC1 array
    causing an exception on sort). (nielsdos)
  . Fixed bug GH-19926 (reset internal pointer earlier while splicing array
    while COW violation flag is still set). (alexandre-daubois)
  . Fixed bug GH-19570 (unable to fseek in /dev/zero and /dev/null).
    (nielsdos, divinity76)

- Streams:
  . Fixed bug GH-19248 (Use strerror_r instead of strerror in main).
    (Jakub Zelenka)
  . Fixed bug GH-17345 (Bug #35916 was not completely fixed). (nielsdos)
  . Fixed bug GH-19705 (segmentation when attempting to flush on non seekable
    stream. (bukka/David Carlier)

- XMLReader:
  . Fixed bug GH-20009 (XMLReader leak on RelaxNG schema failure). (nielsdos)

- Zip:
  . Fixed bug GH-19688 (Remove pattern overflow in zip addGlob()). (nielsdos)
  . Fixed bug GH-19932 (Memory leak in zip setEncryptionName()/setEncryptionIndex()).
    (David Carlier)

- Zlib:
  . Fixed bug GH-19922 (Double free on gzopen). (David Carlier)
   2025-10-23 22:40:24 by Thomas Klausner | Files touched by this commit (2999) 
Log message:
*: recursive bump for pcre2

Running an old binary against the new pcre doesn't work:
/usr/pkg/lib/libpcre2-8.so.0: version PCRE2_10.47 required by \ 
/usr/pkg/lib/libglib-2.0.so.0 not defined
   2025-09-26 15:53:03 by Takahiro Kambe | Files touched by this commit (1) | Package updated
Log message:
lang/php83: update to 8.3.26

PHP 8.3.26 (2025-09-25)

- Core:
  . Fixed bug GH-18850 (Repeated inclusion of file with __halt_compiler()
    triggers "Constant already defined" warning). (ilutov)
  . Partially fixed bug GH-19542 (Scanning of string literals >=2GB will fail
    due to signed int overflow). (ilutov)
  . Fixed bug GH-19544 (GC treats ZEND_WEAKREF_TAG_MAP references as WeakMap
    references). (Arnaud, timwolla)
  . Fixed bug GH-19613 (Stale array iterator pointer). (ilutov)
  . Fixed bug GH-19679 (zend_ssa_range_widening may fail to converge). (Arnaud)
  . Fixed bug GH-19681 (PHP_EXPAND_PATH broken with bash 5.3.0). (Remi)
  . Fixed bug GH-19720 (Assertion failure when error handler throws when
    accessing a deprecated constant). (nielsdos)

- CLI:
  . Fixed bug GH-19461 (Improve error message on listening error with IPv6
    address). (alexandre-daubois)

- Date:
  . Fixed date_sunrise() and date_sunset() with partial-hour UTC offset.
    (ilutov)

- DOM:
  . Fixed bug GH-19612 (Mitigate libxml2 tree dictionary bug). (nielsdos)

- FPM:
  . Fixed failed debug assertion when php_admin_value setting fails. (ilutov)

- GD:
  . Fixed bug GH-19579 (imagefilledellipse underflow on width argument).
    (David Carlier)

- Intl:
  . Fixed bug GH-11952 (Fix locale strings canonicalization for IntlDateFormatter
    and NumberFormatter). (alexandre-daubois)

- OpenSSL:
  . Fixed bug GH-19245 (Success error message on TLS stream accept failure).
    (Jakub Zelenka)

- PGSQL:
  . Fixed bug GH-19485 (potential use after free when using persistent pgsql
    connections). (Mark Karpeles)

- Phar:
  . Fixed memory leaks when verifying OpenSSL signature. (Girgias)
  . Fix memory leak in phar tar temporary file error handling code. (nielsdos)
  . Fix metadata leak when phar convert logic fails. (nielsdos)
  . Fix memory leak on failure in phar_convert_to_other(). (nielsdos)
  . Fixed bug GH-19752 (Phar decompression with invalid extension
    can cause UAF). (nielsdos)

- Standard:
  . Fixed bug GH-16649 (UAF during array_splice). (alexandre-daubois)
  . Fixed bug GH-19577 (Avoid integer overflow when using a small offset
    and PHP_INT_MAX with LimitIterator). (alexandre-daubois)

- Streams:
  . Remove incorrect call to zval_ptr_dtor() in user_wrapper_metadata().
    (nielsdos)
  . Fix OSS-Fuzz #385993744. (nielsdos)

- Tidy:
  . Fixed GH-19021 build issue with libtidy in regard of tidyOptIsReadonly
    deprecation and TidyInternalCategory being available later than
    tidyOptGetCategory. (arjendekorte)

- Zip:
  . Fix memory leak in zip when encountering empty glob result. (nielsdos)
   2025-08-29 16:21:53 by Takahiro Kambe | Files touched by this commit (1) | Package updated
Log message:
lang/php83: update to 8.3.25

PHP 8.3.25 (2025-08-28)

- Core:
  . Fixed GH-19169 build issue with C++17 and ZEND_STATIC_ASSERT macro.
    (psumbera)
  . Fixed bug GH-18581 (Coerce numeric string keys from iterators when argument
    unpacking). (ilutov)
  . Fixed OSS-Fuzz #434346548 (Failed assertion with throwing __toString in
    binary const expr). (ilutov)
  . Fixed bug GH-19305 (Operands may be being released during comparison).
    (Arnaud)
  . Fixed bug GH-19303 (Unpacking empty packed array into uninitialized array
    causes assertion failure). (nielsdos)
  . Fixed bug GH-19306 (Generator can be resumed while fetching next value from
    delegated Generator). (Arnaud)
  . Fixed bug GH-19326 (Calling Generator::throw() on a running generator with
    a non-Generator delegate crashes). (Arnaud)
  . Fixed bug GH-18736 (Circumvented type check with return by ref + finally).
    (ilutov)
  . Fixed zend call stack size for macOs/arm64. (David Carlier)
  . Fixed bug GH-19065 (Long match statement can segfault compiler during
    recursive SSA renaming). (nielsdos, Arnaud)

- Calendar:
  . Fixed bug GH-19371 (integer overflow in calendar.c). (nielsdos)

- FTP:
  . Fix theoretical issues with hrtime() not being available. (nielsdos)

- GD:
  . Fix incorrect comparison with result of php_stream_can_cast(). (Girgias)

- Hash:
  . Fix crash on clone failure. (nielsdos)

- Intl:
  . Fixed GH-19261: msgfmt_parse_message leaks on message creation failure.
    (David Carlier)
  . Fix return value on failure for resourcebundle count handler. (Girgias)

- LDAP:
  . Fixed bug GH-18529 (additional inheriting of TLS int options).
    (Jakub Zelenka)

- LibXML:
  . Fixed bug GH-19098 (libxml<2.13 segmentation fault caused by
    php_libxml_node_free). (nielsdos)

- MbString:
  . Fixed bug GH-19397 (mb_list_encodings() can cause crashes on shutdown).
    (nielsdos)

- Opcache:
  . Reset global pointers to prevent use-after-free in zend_jit_status().
    (Florian Engelhardt)

- OpenSSL:
  . Fixed bug GH-18986 (OpenSSL backend: incorrect RAND_{load,write}_file()
    return value check). (nielsdos, botovq)
  . Fix error return check of EVP_CIPHER_CTX_ctrl(). (nielsdos)
  . Fixed bug GH-19428 (openssl_pkey_derive segfaults for DH derive with low
    key_length param). (Jakub Zelenka)

- PDO Pgsql:
  . Fixed dangling pointer access on _pdo_pgsql_trim_message helper.
    (dixyes)

- Readline:
  . Fixed bug GH-19250 and bug #51360 (Invalid conftest for rl_pending_input).
    (petk, nielsdos)

- SOAP:
  . Fixed bug GH-18640 (heap-use-after-free ext/soap/php_encoding.c:299:32
    in soap_check_zval_ref). (nielsdos)

- Sockets:
  . Fix some potential crashes on incorrect argument value. (nielsdos)

- Standard:
  . Fixed OSS Fuzz #433303828 (Leak in failed unserialize() with opcache).
    (ilutov)
  . Fix theoretical issues with hrtime() not being available. (nielsdos)
  . Fixed bug GH-19300 (Nested array_multisort invocation with error breaks).
    (nielsdos)

- Windows:
  . Free opened_path when opened_path_len >= MAXPATHLEN. (dixyes)
   2025-08-02 05:11:45 by Takahiro Kambe | Files touched by this commit (1) | Package updated
Log message:
lang/php83: update to 8.3.24

PHP 8.3.24 (2025-07-31)

- Calendar:
  . Fixed jewishtojd overflow on year argument. (David Carlier)

- Core:
  . Fixed bug GH-18833 (Use after free with weakmaps dependent on destruction
    order). (Daniil Gentili)
  . Fix OSS-Fuzz #427814456. (nielsdos)
  . Fix OSS-Fuzz #428983568 and #428760800. (nielsdos)
  . Fixed bug GH-17204 -Wuseless-escape warnings emitted by re2c. (Peter Kokot)

- Curl:
  . Fix memory leaks when returning refcounted value from curl callback.
    (nielsdos)
  . Remove incorrect string release. (nielsdos)

- LDAP:
  . Fixed GH-18902 ldap_exop/ldap_exop_sync assert triggered on empty
    request OID. (David Carlier)

- MbString:
  . Fixed bug GH-18901 (integer overflow mb_split). (nielsdos)

- OCI8:
  . Fixed bug GH-18873 (OCI_RETURN_LOBS flag causes oci8 to leak memory).
    (Saki Takamachi)

- Opcache:
  . Fixed bug GH-18639 (Internal class aliases can break preloading + JIT).
    (nielsdos)
  . Fixed bug GH-14082 (Segmentation fault on unknown address 0x600000000018
    in ext/opcache/jit/zend_jit.c). (nielsdos)

- OpenSSL:
  . Fixed bug #80770 (It is not possible to get client peer certificate with
    stream_socket_server). (Jakub Zelenka)

- PCNTL:
  . Fixed bug GH-18958 (Fatal error during shutdown after pcntl_rfork() or
    pcntl_forkx() with zend-max-execution-timers). (Arnaud)

- Phar:
  . Fix stream double free in phar. (nielsdos, dixyes)
  . Fix phar crash and file corruption with SplFileObject. (nielsdos)

- SOAP:
  . Fixed bug GH-18990, bug #81029, bug #47314 (SOAP HTTP socket not closing
    on object destruction). (nielsdos)
  . Fix memory leak when URL parsing fails in redirect. (Girgias)

- SPL:
  . Fixed bug GH-19094 (Attaching class with no Iterator implementation to
    MultipleIterator causes crash). (nielsdos)

- Standard:
  . Fix misleading errors in printf(). (nielsdos)
  . Fix RCN violations in array functions. (nielsdos)
  . Fixed GH-18976 pack() overflow with h/H format and INT_MAX repeater value.
    (David Carlier)

- Streams:
  . Fixed GH-13264 (fgets() and stream_get_line() do not return false on filter
    fatal error). (Jakub Zelenka)

- Zip:
  . Fix leak when path is too long in ZipArchive::extractTo(). (nielsdos)