Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package php8 for openSUSE:Factory checked in at 2026-05-11 16:48:32 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/php8 (Old) and /work/SRC/openSUSE:Factory/.php8.new.1966 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "php8" Mon May 11 16:48:32 2026 rev:107 rq:1352371 version:8.5.6 Changes: -------- --- /work/SRC/openSUSE:Factory/php8/php8.changes 2026-04-26 21:12:53.841304541 +0200 +++ /work/SRC/openSUSE:Factory/.php8.new.1966/php8.changes 2026-05-11 16:48:47.747634130 +0200 @@ -1,0 +2,68 @@ +Thu May 7 19:08:59 UTC 2026 - Arjen de Korte <[email protected]> + +- version update to 8.5.6 + Core: + Fixed bug GH-19983 (GC assertion failure with fibers, generators and destructors). + Fixed ZEND_API mismatch on zend_ce_closure forward decl for Windows+Clang. + Fixed bug GH-21504 (Incorrect RC-handling for ZEND_EXT_STMT op1). + Fixed bug GH-21478 (Forward property operations to real instance for initialized lazy proxies). + Fixed bug GH-21605 (Missing addref for Countable::count()). + Fixed bug GH-21699 (Assertion failure in shutdown_executor when resolving self::/parent::/static:: callables if the error handler throws). + Fixed bug GH-21603 (Missing addref for __unset). + Fixed bug GH-21760 (Trait with class constant name conflict against enum case causes SEGV). + CLI: + Fixed bug GH-21754 (`--rf` command line option with a method triggers ext/reflection deprecation warnings). + Curl: + Add support for brotli and zstd on Windows. + DOM: + Fixed GHSA-4jhr-8w89-j733 and GH-21566 (Dom\XMLDocument::C14N() emits duplicate xmlns declarations after setAttributeNS()). (CVE-2026-7263) + FPM: + Fixed GHSA-7qg2-v9fj-4mwv (XSS within status endpoint). (CVE-2026-6735) + Iconv: + Fixed bug GH-17399 (iconv memory leak on bailout). + Lexbor: + Upgrade to lexbor v2.7.0. + MBString: + Fixed GHSA-wm6j-2649-pv75 (Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()). (CVE-2026-7259) + Fixed GHSA-74r9-qxhc-fx53 (Out-of-bounds access in mbfl_name2encoding_ex()). (CVE-2026-6104) + Opcache: + Fixed bug GH-21158 (JIT: Assertion jit->ra[var].flags & (1<<0) failed in zend_jit_use_reg). + Fixed bug GH-21593 (Borked function JIT JMPNZ smart branch). + Fixed bug GH-21460 (COND optimization regression). + Fixed faulty returns out of zend_try block in zend_jit_trace(). + OpenSSL: + Fix memory leak regression in openssl_pbkdf2(). + Fix a bunch of memory leaks and crashes on edge cases. + PDO_Firebird: + Fixed GHSA-w476-322c-wpvm (SQL injection via NUL bytes in quoted strings). (CVE-2025-14179) + PDO_PGSQL: + Fixed bug GH-21683 (pdo_pgsql throws with ATTR_PREFETCH=0 on empty result set). + Phar: + Restore is_link handler in phar_intercept_functions_shutdown. + Fixed bug GH-21797 (phar: NULL dereference in Phar::webPhar() when SCRIPT_NAME is absent from SAPI environment). + Fix memory leak in Phar::offsetGet(). + Fix memory leak in phar_add_file(). + Fixed bug GH-21799 (phar: propagate phar_stream_flush return value from phar_stream_close). + Fix memory leak in phar_verify_signature() when md_ctx is invalid. + Random: + Fixed bug GH-21731 (Random\Engine\Xoshiro256StarStar::__unserialize() accepts all-zero state). + Session: + Fixed memory leak when session GC callback return a refcounted value. + SOAP: + Fixed GHSA-85c2-q967-79q5 (Stale SOAP_GLOBAL(ref_map) pointer with Apache Map). (CVE-2026-6722) + Fixed GHSA-m33r-qmcv-p97q (Use-after-free after header parsing failure with SOAP_PERSISTENCE_SESSION). (CVE-2026-7261) + Fixed GHSA-hmxp-6pc4-f3vv (Broken Apache map value NULL check). (CVE-2026-7262) + SPL: + Fixed bug GH-21499 (RecursiveArrayIterator getChildren UAF after parent free). + Fix concurrent iteration and deletion issues in SplObjectStorage. + Sqlite3: + Fixed wrong free list comparator pointer type. + Standard: + Fixed GHSA-96wq-48vp-hh57 (Signed integer overflow of char array offset). (CVE-2026-7568) + Fixed GHSA-m8rr-4c36-8gq4 (Consistently pass unsigned char to ctype.h functions). (CVE-2026-7258) + Streams: + Fixed bug GH-21468 (Segfault in file_get_contents w/ a https URL and a proxy set). + URI: + Fixed CVE-2026-42371 (uriparser before 1.0.1 has numeric truncation in text range comparison). (CVE-2026-42371) + +------------------------------------------------------------------- Old: ---- php-8.5.5.tar.xz php-8.5.5.tar.xz.asc New: ---- php-8.5.6.tar.xz php-8.5.6.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ php8.spec ++++++ --- /var/tmp/diff_new_pack.imldPC/_old 2026-05-11 16:48:48.891681003 +0200 +++ /var/tmp/diff_new_pack.imldPC/_new 2026-05-11 16:48:48.895681167 +0200 @@ -57,7 +57,7 @@ %bcond_without sodium Name: %{pprefix}%{php_name}%{psuffix} -Version: 8.5.5 +Version: 8.5.6 Release: 0 Summary: Interpreter for the PHP scripting language version 8 License: MIT AND PHP-3.01 ++++++ php-8.5.5.tar.xz -> php-8.5.6.tar.xz ++++++ /work/SRC/openSUSE:Factory/php8/php-8.5.5.tar.xz /work/SRC/openSUSE:Factory/.php8.new.1966/php-8.5.6.tar.xz differ: char 13, line 1
