Skip to content

[pull] master from php:master#741

Merged
pull[bot] merged 48 commits intodolfly:masterfrom
php:master
May 6, 2026
Merged

[pull] master from php:master#741
pull[bot] merged 48 commits intodolfly:masterfrom
php:master

Conversation

@pull
Copy link
Copy Markdown

@pull pull Bot commented May 6, 2026
edited
Loading

See Commits and Changes for more details.

Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

arnaud-lb and others added 30 commits May 5, 2026 11:43
@arnaud-lb
Fix compiler warning with GCC 16: variable 'offset' set but not used …
ac86e10 
…[-Werror=unused-but-set-variable=]
@arnaud-lb
Fix compiler warning with glibc 2.43 support of C23 const-preserving …
6a27514 
…standard library macros: assignment discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers]

See https://sourceware.org/cgit/glibc/commit/?id=cd748a63ab1

Closes GH-21950
@arnaud-lb
Fix bad merge
33caad7
@iluuu1994
Merge branch 'PHP-8.4' into PHP-8.5
45d9684 
* PHP-8.4:
  Fix compiler warning with glibc 2.43 support of C23 const-preserving standard library macros: assignment discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers]
  Fix compiler warning with GCC 16: variable 'offset' set but not used [-Werror=unused-but-set-variable=]
@iluuu1994
Merge branch 'PHP-8.5'
72cbc1f 
* PHP-8.5:
  Fix compiler warning with glibc 2.43 support of C23 const-preserving standard library macros: assignment discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers]
  Fix compiler warning with GCC 16: variable 'offset' set but not used [-Werror=unused-but-set-variable=]
@iluuu1994
GHSA-85c2-q967-79q5: [soap] Fix stale SOAP_GLOBAL(ref_map) pointer wi…
aee3b3a 
…th Apache Map

Fixes GHSA-85c2-q967-79q5
Fixes CVE-2026-6722
@iluuu1994
GHSA-m33r-qmcv-p97q: [soap] Fix use-after-free after header parsing f…
db2a7f9 
…ailure with SOAP_PERSISTENCE_SESSION

Fixes GHSA-m33r-qmcv-p97q
Fixes CVE-2026-7261
@iluuu1994
GHSA-hmxp-6pc4-f3vv: [soap] Fix broken Apache map value NULL check
79551ab 
Fixes GHSA-hmxp-6pc4-f3vv
Fixes CVE-2026-7262
@bukka @iluuu1994
GHSA-7qg2-v9fj-4mwv: [fpm] XSS within status endpoint
99a5ad7 
Fixes GHSA-7qg2-v9fj-4mwv
Fixes CVE-2026-6735
@vi3tL0u1s @iluuu1994
GHSA-wm6j-2649-pv75: [mbstring] Fix null pointer dereference in php_m…
79a054e 
…b_check_encoding() via mb_ereg_search_init()

Fixes GHSA-wm6j-2649-pv75
Fixes CVE-2026-7259
@iluuu1994
Merge branch 'PHP-8.2' into PHP-8.3
86bb29d 
* PHP-8.2:
  GHSA-wm6j-2649-pv75: [mbstring] Fix null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()
  GHSA-7qg2-v9fj-4mwv: [fpm] XSS within status endpoint
  GHSA-hmxp-6pc4-f3vv: [soap] Fix broken Apache map value NULL check
  GHSA-m33r-qmcv-p97q: [soap] Fix use-after-free after header parsing failure with SOAP_PERSISTENCE_SESSION
  GHSA-85c2-q967-79q5: [soap] Fix stale SOAP_GLOBAL(ref_map) pointer with Apache Map
@iluuu1994
Merge branch 'PHP-8.3' into PHP-8.4
a2ee688 
* PHP-8.3:
  GHSA-wm6j-2649-pv75: [mbstring] Fix null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()
  GHSA-7qg2-v9fj-4mwv: [fpm] XSS within status endpoint
  GHSA-hmxp-6pc4-f3vv: [soap] Fix broken Apache map value NULL check
  GHSA-m33r-qmcv-p97q: [soap] Fix use-after-free after header parsing failure with SOAP_PERSISTENCE_SESSION
  GHSA-85c2-q967-79q5: [soap] Fix stale SOAP_GLOBAL(ref_map) pointer with Apache Map
@iluuu1994
Merge branch 'PHP-8.4' into PHP-8.5
9db4c1a 
* PHP-8.4:
  GHSA-wm6j-2649-pv75: [mbstring] Fix null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()
  GHSA-7qg2-v9fj-4mwv: [fpm] XSS within status endpoint
  GHSA-hmxp-6pc4-f3vv: [soap] Fix broken Apache map value NULL check
  GHSA-m33r-qmcv-p97q: [soap] Fix use-after-free after header parsing failure with SOAP_PERSISTENCE_SESSION
  GHSA-85c2-q967-79q5: [soap] Fix stale SOAP_GLOBAL(ref_map) pointer with Apache Map
@iluuu1994
Merge branch 'PHP-8.5'
257cb3a 
* PHP-8.5:
  GHSA-wm6j-2649-pv75: [mbstring] Fix null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()
  GHSA-7qg2-v9fj-4mwv: [fpm] XSS within status endpoint
  GHSA-hmxp-6pc4-f3vv: [soap] Fix broken Apache map value NULL check
  GHSA-m33r-qmcv-p97q: [soap] Fix use-after-free after header parsing failure with SOAP_PERSISTENCE_SESSION
  GHSA-85c2-q967-79q5: [soap] Fix stale SOAP_GLOBAL(ref_map) pointer with Apache Map
@SakiTakamachi @iluuu1994
GHSA-w476-322c-wpvm: [pdo_firebird] Fix SQL injection via NUL bytes i…
3f40b65 
…n quoted strings

Fixes GHSA-w476-322c-wpvm
Fixes CVE-2025-14179
@iluuu1994
Merge branch 'PHP-8.2' into PHP-8.3
0842621 
* PHP-8.2:
  GHSA-w476-322c-wpvm: [pdo_firebird] Fix SQL injection via NUL bytes in quoted strings
@iluuu1994
Merge branch 'PHP-8.3' into PHP-8.4
4cf8fb3 
* PHP-8.3:
  GHSA-w476-322c-wpvm: [pdo_firebird] Fix SQL injection via NUL bytes in quoted strings
@iluuu1994
Merge branch 'PHP-8.4' into PHP-8.5
a02c0ce 
* PHP-8.4:
  GHSA-w476-322c-wpvm: [pdo_firebird] Fix SQL injection via NUL bytes in quoted strings
@iluuu1994
Merge branch 'PHP-8.5'
3e57595 
* PHP-8.5:
  GHSA-w476-322c-wpvm: [pdo_firebird] Fix SQL injection via NUL bytes in quoted strings
@TimWolla @iluuu1994
GHSA-96wq-48vp-hh57: [metaphone] Fix signed integer overflow of char …
47def8c 
…array offset

Fixes GHSA-96wq-48vp-hh57
Fixes CVE-2026-7568
@iluuu1994
Merge branch 'PHP-8.2' into PHP-8.3
411c0de 
* PHP-8.2:
  GHSA-96wq-48vp-hh57: [metaphone] Fix signed integer overflow of char array offset
@iluuu1994
Merge branch 'PHP-8.3' into PHP-8.4
f5d445e 
* PHP-8.3:
  GHSA-96wq-48vp-hh57: [metaphone] Fix signed integer overflow of char array offset
@iluuu1994
Merge branch 'PHP-8.4' into PHP-8.5
3f6f38b 
* PHP-8.4:
  GHSA-96wq-48vp-hh57: [metaphone] Fix signed integer overflow of char array offset
@iluuu1994
Merge branch 'PHP-8.5'
63dcfb4 
* PHP-8.5:
  GHSA-96wq-48vp-hh57: [metaphone] Fix signed integer overflow of char array offset
@iluuu1994
GHSA-m8rr-4c36-8gq4: Consistently pass unsigned char to ctype.h funct…
a384187 
…ions

Fixes GHSA-m8rr-4c36-8gq4
Fixes CVE-2026-7258
@iluuu1994
GHSA-m8rr-4c36-8gq4: Consistently pass unsigned char to ctype.h funct…
398b7da 
…ions

Fixes GHSA-m8rr-4c36-8gq4
Fixes CVE-2026-7258
@iluuu1994
GHSA-m8rr-4c36-8gq4: Consistently pass unsigned char to ctype.h funct…
dc9e21b 
…ions

Fixes GHSA-m8rr-4c36-8gq4
Fixes CVE-2026-7258
@iluuu1994
GHSA-m8rr-4c36-8gq4: Consistently pass unsigned char to ctype.h funct…
b8dad93 
…ions

Fixes GHSA-m8rr-4c36-8gq4
Fixes CVE-2026-7258
@iluuu1994
Merge branch 'PHP-8.5'
529b145 
* PHP-8.5:
  GHSA-m8rr-4c36-8gq4: Consistently pass unsigned char to ctype.h functions
@iluuu1994
GHSA-74r9-qxhc-fx53: [mbstring] Fix out-of-bounds access in mbfl_name…
56ee76f 
…2encoding_ex()

Fixes GHSA-74r9-qxhc-fx53
Fixes CVE-2026-6104
iluuu1994 and others added 18 commits May 6, 2026 13:13
@iluuu1994
Merge branch 'PHP-8.4' into PHP-8.5
f30cb44 
* PHP-8.4:
  GHSA-74r9-qxhc-fx53: [mbstring] Fix out-of-bounds access in mbfl_name2encoding_ex()
@iluuu1994
Merge branch 'PHP-8.5'
388f307 
* PHP-8.5:
  GHSA-74r9-qxhc-fx53: [mbstring] Fix out-of-bounds access in mbfl_name2encoding_ex()
@iluuu1994
Fix mbstring test with oniguruma deprecation
72e3d85
@saundefined @iluuu1994
[skip ci] Add NEWS entries for 8.2.31 security issues
887e649
@iluuu1994
Merge branch 'PHP-8.2' into PHP-8.3
5f5245c 
* PHP-8.2:
  [skip ci] Add NEWS entries for 8.2.31 security issues
@iluuu1994
Merge branch 'PHP-8.3' into PHP-8.4
e77f582 
* PHP-8.3:
  [skip ci] Add NEWS entries for 8.2.31 security issues
@iluuu1994
Merge branch 'PHP-8.4' into PHP-8.5
7596239 
* PHP-8.4:
  [skip ci] Add NEWS entries for 8.2.31 security issues
@iluuu1994
Merge branch 'PHP-8.5'
d056b6e 
* PHP-8.5:
  [skip ci] Add NEWS entries for 8.2.31 security issues
@saundefined
PHP-8.2 is now for PHP 8.2.32-dev
e9e41af
@saundefined
Merge branch 'PHP-8.2' into PHP-8.3
e754e7d 
* PHP-8.2:
  PHP-8.2 is now for PHP 8.2.32-dev

# Conflicts:
#	Zend/zend.h
#	configure.ac
#	main/php_version.h
@saundefined
Merge branch 'PHP-8.3' into PHP-8.4
80f0661 
* PHP-8.3:
  PHP-8.2 is now for PHP 8.2.32-dev
@saundefined
Merge branch 'PHP-8.4' into PHP-8.5
3ef978f 
* PHP-8.4:
  PHP-8.2 is now for PHP 8.2.32-dev
@saundefined
Merge branch 'PHP-8.5'
242fee9 
* PHP-8.5:
  PHP-8.2 is now for PHP 8.2.32-dev
@iluuu1994
[skip ci] Adjust credits for GHSA-96wq-48vp-hh57.phpt
fee84dd 
As requested by the reporter.
@iluuu1994
Merge branch 'PHP-8.2' into PHP-8.3
cbf6598 
* PHP-8.2:
  [skip ci] Adjust credits for GHSA-96wq-48vp-hh57.phpt
@iluuu1994
Merge branch 'PHP-8.3' into PHP-8.4
14f2071 
* PHP-8.3:
  [skip ci] Adjust credits for GHSA-96wq-48vp-hh57.phpt
@iluuu1994
Merge branch 'PHP-8.4' into PHP-8.5
0017e9b 
* PHP-8.4:
  [skip ci] Adjust credits for GHSA-96wq-48vp-hh57.phpt
@iluuu1994
Merge branch 'PHP-8.5'
0173ef4 
* PHP-8.5:
  [skip ci] Adjust credits for GHSA-96wq-48vp-hh57.phpt
@pull pull Bot locked and limited conversation to collaborators May 6, 2026
@pull pull Bot added the ⤵️ pull label May 6, 2026
@pull pull Bot merged commit 0173ef4 into dolfly:master May 6, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

⤵️ pull

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@arnaud-lb @iluuu1994 @bukka @vi3tL0u1s @SakiTakamachi @TimWolla @saundefined