PHP 8.4.21: Downloads, Changelog, News

Arnaud Le Blanc

• Reset stackmap reg in 9f33bff090
• NEWS in d1512d31b2

Calvin Buckley

• ext/pdo_odbc: Require non-empty string when building string buffer in GH-21652
• Update versions for PHP 8.4.21 in d3ca4dfad3

Daniel Scherzer

• GH-21754: sapi/cli: avoid deprecation messages with --rf and methods in GH-21758

David Carlier

• Fix GH-21496: UAF in dom_objects_free_storage in 26ab037d7c
• Fix GH-21557: jewishtojd returns 0 for years >= 6000 in 7647b47ae9
• Fix GH-21548: Dom\XMLDocument::C14N() emits duplicate xmlns declarations after setAttributeNS() in 4ee275fd59
• Fix GH-21600: Remove xsltCleanupGlobals call in ext/xsl MSHUTDOWN in 96e93e9f9d
• Fix GH-21664: iconv_mime_decode/iconv_mime_encode bailout corrupts EG(bailout) in 1f4b1699b7
• Fix GH-21688: SEGV in C14N on empty HTMLDocument in 19f73c5712
• Fix GH-21698: memory leak in ZipArchive::addGlob on early returns in 391ec277d5
• Add myself to DOM/XML/SOAP/SimpleXML/XMLReader/Writer and XSL in 72c12ea01a

Dmitry Stogov

• Update IR in GH-21594

Gina Peter Banyard

• Revert 49b2ff5d to fix bug GH-21499 in e912c022fd
• Fix-up NEWS in d64eb790f6

Hans Krentel (hakre)

• Add date.timezone=UTC to the INI overwrites in run-tests.php in d1670fb7e1

Ilia Alshanetsky

• Fix GH-19983: GC assertion failure with fibers, generators and destructors in b15c5972fb
• Fix GH-17399: iconv memory leak on bailout in 38628e89a5
• Fix GH-21478: Forward property operations to real instance for initialized lazy proxies in 9c082438f4
• Fix GH-21730: Mt19937::__debugInfo() leaks state HashTable when the serialize callback fails in GH-21733
• Fix GH-21731: Random\Engine\Xoshiro256StarStar::__unserialize() accepts all-zero state in GH-21732
• phar: restore is_link handler in phar_intercept_functions_shutdown in b77b50508b
• phar: fix NULL dereference in Phar::webPhar() when SCRIPT_NAME is absent in 36c4195a2e
• phar: free is_temp_dir entry before rejecting .phar/* paths in offsetGet in b9aaa05098
• phar: call phar_entry_delref before goto finish in phar_add_file error paths in 0c99bd76b1
• phar: propagate phar_stream_flush return value from phar_stream_close in 30f368567b

Ilija Tovilo

• Reduce memory limit for gh19983.phpt in 78a0b57e3b
• Fix function JIT JMPNZ smart branch in 455ae2880e
• Convert remaining K&R function declarations in libbcmath in 21664fb935
• [skip if] Drop NEWS entry in af50736ee2
• Fix faulty zend_try handling in zend_jit_trace() in 95e93b85fa
• Add EG(bailout) consistency assertion in e50cd125c9
• Fix missing addref for Countable::count() in 89729383e2
• Simplify gh21031.phpt and solve flakiness in afded3dffc
• Fix missing addref for __unset in 6c5bed3c56
• GHSA-85c2-q967-79q5: [soap] Fix stale SOAP_GLOBAL(ref_map) pointer with Apache Map in 78a02e1d8c
• GHSA-m33r-qmcv-p97q: [soap] Fix use-after-free after header parsing failure with SOAP_PERSISTENCE_SESSION in fe67d266d9
• GHSA-hmxp-6pc4-f3vv: [soap] Fix broken Apache map value NULL check in eb9d772723
• GHSA-m8rr-4c36-8gq4: Consistently pass unsigned char to ctype.h functions in 19cc220861
• GHSA-74r9-qxhc-fx53: [mbstring] Fix out-of-bounds access in mbfl_name2encoding_ex() in ae7dbd8197

Jakub Zelenka

• Fix GH-21617: sni_server self signed certifcate expired in 0f38bfdef2
• Fix SNI tests for bugs #80770 and #74796 in 178a30b9e7
• Add back sni_server_ca for expired cert test in 1d8643deb7
• GHSA-7qg2-v9fj-4mwv: [fpm] XSS within status endpoint in 7537b5e62e

Jarne Clauw

• ext/phar: Fix memory leak in phar_verify_signature() when md_ctx is invalid in 2fe85279a0

Jorg Sowa

• ext/session: fix missing zval_ptr_dtor for retval in PS_GC_FUNC(user) in d96579371f

Marcos 'Marcão' Aurelio

• Fix GH-21699: callable resolution must fail if error handler threw during self/parent/static deprecations in GH-21712

ndossche

• Fix missing error propagation in openssl_x509_export_to_file() in 2004b709c4
• Fix error check on X509V3_EXT_print() in 5684949337
• openssl: Propagate PHP_OPENSSL_ASN1_INTEGER_set() failure in cea48b4781
• Fix UB and error propagation when X509_gmtime_adj() fails in 2467dfb18f
• Add missing error check on SSL_set_ex_data() in f81a9a2f7d
• Fix const-generic warning in xp_ssl.c in 883014debb
• openssl: Fix merge in c5fb035c67
• Fix concurrent iteration and deletion issues in SplObjectStorage in 43a4f91c52
• Upgrade Lexbor to v2.7.0 in 16baee5aaf

Niels Dossche

• Fix NPD when i2d_PKCS12_bio is called on NULL bio in 23b151a2ca
• Fix memory leak in check_cert() when X509_STORE_CTX_init() fails in eb6c48df6a
• Fix crash in php_openssl_pkey_init_ec() when EVP_PKEY_CTX_new() fails in 6b16390a5a
• Fix crash in openssl_digest() when EVP_MD_CTX_create() fails in b2f34721ab
• Fix crash in openssl_pkey_export() when BIO_new() fails in d0d9183d9d
• Fix crash in openssl_pkcs12_read() when BIO_new() fails in 5f9b6ed834
• Fix crash in php_openssl_create_sni_server_ctx() when SSL_CTX_new() fails in 1ef9aa7e32
• Fix memory leak on error path in openssl_open() in 20903a8485
• Fix memory leaks when adding certificate to store fails in 4bb68c567f
• Fix crash in openssl_pkey_get_details() when BIO_new() fails in e474d3c99f

Nora Dossche

• Fix NULL deref when enabling TLS fails and the peer name needs to be reset in 7782b8876b
• Fix build warning on LibreSSL in GH-21050
• Fix SKIPIF of openssl_password.phpt in GH-20941
• openssl: Fix missing error propagation in openssl_x509_export() in GH-21375
• openssl: Fix error propagation in csr exports in GH-21403
• Fix crash when ASN1_STRING_to_UTF8() fails in 8c11370974
• Fix error check on X509_set_subject_name() in 8b031ea6ed
• Fix memory leaks when php_openssl_dh_pub_from_priv() fails in 35e8cb87cb
• Add missing error check on BN_CTX_new() in 4cffcbaf4a
• Fix memory leaks when BN_bin2bn() fails in 7eb38cd3f5
• Fix memory leaks and missing error propagation when php_openssl_csr_make() fails to set a version in 79b1ca2064

Peter Kokot

• Remove redundant PHP manifest file in GH-21634

Pratik Bhujel

• zend_inheritance: Fix enum case conflict in trait binding in GH-21771

Saki Takamachi

• GHSA-w476-322c-wpvm: [pdo_firebird] Fix SQL injection via NUL bytes in quoted strings in 5e503b593e

Shivam Mathur

• Fix curl_setopt_ssl test for curl 8.19.0 in GH-21518
• curl: add support for brotli and zstd on Windows in 0c6fc66848
• Decrease zend.max_allowed_stack_size in stack_limit_015.phpt in cef6fbe64c
• Accept HY000 in pdo_firebird autocommit test in GH-21789

Tim Düsterhus

• Update GitHub Actions to codecov/codecov-action@v6 in f6ddc37e21
• GHSA-96wq-48vp-hh57: [metaphone] Fix signed integer overflow of char array offset in ac63f1b615

vi3tL0u1s

• GHSA-wm6j-2649-pv75: [mbstring] Fix null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init() in d738aa4bf3