Ondřej Surý has released updated PHP 8.4.6 and 8.3.20 packages for Debian GNU/Linux 11 (Bullseye) LTS and 12 (Bookworm).
PHP 8.3.20 has fixed several bugs, including use-after-free during dl()'ed module class destruction, dl() of module with aliased class crashes in shutdown, significant performance degradation in 'foreach', weird unpack behavior in DOM, xinclude destruction of live attributes, and issues with embedding on Mac. Fuzzer fixed bug GH-18081, GD fixed bug GH-17984, Intl fixed locale_compose and locale_lookup to work with their array argument with values as references, UConverter::transcode with substitutes as references, Mbstring fixed bug GH-17989, Opcache fixed bug GH-18112, SPL fixed bug GH-18018, and Treewide fixed bug GH-17736. PHP 8.4.6 fixed pointer subtraction for scale, property hook backing value access in multi-level inheritance, accidentally inherited default value in overridden virtual properties, broken JIT polymorphism for property hooks added to child classes, Stack-use-after-return with lazy objects and hooks.
To add the repository:
#!/bin/bash # To add this repository please do:
if [ "$(whoami)" != "root" ]; then
SUDO=sudo
fi
${SUDO} apt-get -y install apt-transport-https lsb-release ca-certificates curl
${SUDO} wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
${SUDO} sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
${SUDO} apt-get updatePHP 8.3.20
- Core:
. Fixed bug GH-17961 (use-after-free during dl()'ed module class destruction). (Arnaud)
. Fixed bug GH-15367 (dl() of module with aliased class crashes in shutdown). (Arnaud)
. Fixed bug GH-13193 again (Significant performance degradation in 'foreach'). (nielsdos)
- DOM:
. Fix weird unpack behaviour in DOM. (nielsdos)
. Fix xinclude destruction of live attributes. (nielsdos)
- Embed:
. Fixed bug GH-8533 (Unable to link dynamic libphp on Mac). (Kévin Dunglas)
- Fuzzer:
. Fixed bug GH-18081 (Memory leaks in error paths of fuzzer SAPI). (Lung-Alexandra)
- GD:
. Fixed bug GH-17984 (calls with arguments as array with references). (David Carlier)
- Intl:
. Fix locale_compose and locale_lookup to work with their array argument with values as references. (David Carlier)
. Fix dateformat_format when the time is an array of references. (David Carlier)
. Fix UConverter::transcode with substitutes as references. (David Carlier)
- Mbstring:
. Fixed bug GH-17989 (mb_output_handler crash with unset http_output_conv_mimetypes). (nielsdos)
- Opcache:
. Fixed bug GH-18112 (NULL access with preloading and INI option). (nielsdos)
. Fixed bug GH-18107 (Opcache CFG jmp optimization with try-finally breaks the exception table). (nielsdos)
- PDO:
. Fix memory leak when destroying PDORow. (nielsdos)
- SOAP:
. Fixed bug #66049 (Typemap can break parsing in parse_packet_soap leading to a segfault) . (Remi)
- SPL:
. Fixed bug GH-18018 (RC1 data returned from offsetGet causes UAF in ArrayObject). (nielsdos)
- Treewide:
. Fixed bug GH-17736 (Assertion failure zend_reference_destroy()). (nielsdos)
- Windows:
. Fixed bug GH-17836 (zend_vm_gen.php shouldn't break on Windows line endings). (DanielEScherzer)PHP 8.4.6
- BCMath:
. Fixed pointer subtraction for scale. (SakiTakamachi)
- Core:
. Fixed property hook backing value access in multi-level inheritance. (ilutov)
. Fixed accidentally inherited default value in overridden virtual properties. (ilutov)
. Fixed bug GH-17376 (Broken JIT polymorphism for property hooks added to child class). (ilutov)
. Fixed bug GH-17913 (ReflectionFunction::isDeprecated() returns incorrect results for closures created from magic __call()). (timwolla)
. Fixed bug GH-17941 (Stack-use-after-return with lazy objects and hooks). (nielsdos)
. Fixed bug GH-17988 (Incorrect handling of hooked props without get hook in get_object_vars()). (ilutov)
. Fixed bug GH-17998 (Skipped lazy object initialization on primed SIMPLE_WRITE cache). (ilutov)
. Fixed bug GH-17998 (Assignment to backing value in set hook of lazy proxy calls hook again). (ilutov)
. Fixed bug GH-17961 (use-after-free during dl()'ed module class destruction). (Arnaud)
. Fixed bug GH-15367 (dl() of module with aliased class crashes in shutdown). (Arnaud)
. Fixed OSS-Fuzz #403308724. (nielsdos)
. Fixed bug GH-13193 again (Significant performance degradation in 'foreach'). (nielsdos)
- DBA:
. Fixed assertion violation when opening the same file with dba_open multiple times. (chschneider)
- DOM:
. Fixed bug GH-17991 (Assertion failure dom_attr_value_write). (nielsdos)
. Fix weird unpack behaviour in DOM. (nielsdos)
. Fixed bug GH-18090 (DOM: Svg attributes and tag names are being lowercased). (nielsdos)
. Fix xinclude destruction of live attributes. (nielsdos)
- Fuzzer:
. Fixed bug GH-18081 (Memory leaks in error paths of fuzzer SAPI). (Lung-Alexandra)
- GD:
. Fixed bug GH-17984 (calls with arguments as array with references). (David Carlier)
- LDAP:
. Fixed bug GH-18015 (Error messages for ldap_mod_replace are confusing). (nielsdos)
- Mbstring:
. Fixed bug GH-17989 (mb_output_handler crash with unset http_output_conv_mimetypes). (nielsdos)
- Opcache:
. Fixed bug GH-15834 (Segfault with hook "simple get" cache slot and minimal JIT). (nielsdos)
. Fixed bug GH-17966 (Symfony JIT 1205 assertion failure). (nielsdos)
. Fixed bug GH-18037 (SEGV Zend/zend_execute.c). (nielsdos)
. Fixed bug GH-18050 (IN_ARRAY optimization in DFA pass is broken). (ilutov)
. Fixed bug GH-18113 (stack-buffer-overflow ext/opcache/jit/ir/ir_sccp.c). (nielsdos)
. Fixed bug GH-18112 (NULL access with preloading and INI option). (nielsdos)
. Fixed bug GH-18107 (Opcache CFG jmp optimization with try-finally breaks the exception table). (nielsdos)
- PDO:
. Fix memory leak when destroying PDORow. (nielsdos)
- Standard:
. Fix memory leaks in array_any() / array_all(). (nielsdos)
- SOAP:
. Fixed bug #66049 (Typemap can break parsing in parse_packet_soap leading to a segfault) . (Remi)
- SPL:
. Fixed bug GH-18018 (RC1 data returned from offsetGet causes UAF in ArrayObject). (nielsdos)
- Treewide:
. Fixed bug GH-17736 (Assertion failure zend_reference_destroy()). (nielsdos)
- Windows:
. Fixed bug GH-17836 (zend_vm_gen.php shouldn't break on Windows line endings). (DanielEScherzer)
