diff --git a/NEWS b/NEWS index fe0b3f261d71..f71cd06990bd 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,6 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -?? ??? ????, PHP 8.3.5 +11 Apr 2024, PHP 8.3.6 - Core: . Fixed GH-13569 (GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when @@ -63,8 +63,9 @@ PHP NEWS partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos) . Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) (Jakub Zelenka) - Fixed bug GHSA-fjp9-9hwx-59fq (mb_encode_mimeheader runs endlessly for some + . Fixed bug GHSA-fjp9-9hwx-59fq (mb_encode_mimeheader runs endlessly for some inputs). (CVE-2024-2757) (Alex Dowad) + . Fix bug GH-13932 (Attempt to fix mbstring on windows build) (msvc). (David Carlier) 14 Mar 2024, PHP 8.3.4 diff --git a/Zend/zend.h b/Zend/zend.h index 074e1f168031..5ed2e6fd5f08 100644 --- a/Zend/zend.h +++ b/Zend/zend.h @@ -20,7 +20,7 @@ #ifndef ZEND_H #define ZEND_H -#define ZEND_VERSION "4.3.5-dev" +#define ZEND_VERSION "4.3.6" #define ZEND_ENGINE_3 diff --git a/configure.ac b/configure.ac index 906c46c2e1d4..b2a12ef858e6 100644 --- a/configure.ac +++ b/configure.ac @@ -17,7 +17,7 @@ dnl Basic autoconf initialization, generation of config.nice. dnl ---------------------------------------------------------------------------- AC_PREREQ([2.68]) -AC_INIT([PHP],[8.3.5-dev],[https://github.com/php/php-src/issues],[php],[https://www.php.net]) +AC_INIT([PHP],[8.3.6],[https://github.com/php/php-src/issues],[php],[https://www.php.net]) AC_CONFIG_SRCDIR([main/php_version.h]) AC_CONFIG_AUX_DIR([build]) AC_PRESERVE_HELP_ORDER diff --git a/ext/mbstring/mbstring.c b/ext/mbstring/mbstring.c index 618fff55362e..558441b0b461 100644 --- a/ext/mbstring/mbstring.c +++ b/ext/mbstring/mbstring.c @@ -5853,6 +5853,8 @@ static void transfer_encode_mime_bytes(mb_convert_buf *tmpbuf, mb_convert_buf *o MB_CONVERT_BUF_STORE(outbuf, out, limit); } +#define MBSTRING_HEADER_ENC_WCHAR_BUFSIZE 90 + static zend_string* mb_mime_header_encode(zend_string *input, const mbfl_encoding *incode, const mbfl_encoding *outcode, bool base64, char *linefeed, size_t linefeed_len, zend_long indent) { unsigned char *in = (unsigned char*)ZSTR_VAL(input); @@ -5883,8 +5885,7 @@ static zend_string* mb_mime_header_encode(zend_string *input, const mbfl_encodin unsigned int state = 0; /* wchar_buf should be big enough that when it is full, we definitely have enough * wchars to fill an entire line of output */ - const size_t wchar_buf_len = 90; - uint32_t wchar_buf[wchar_buf_len]; + uint32_t wchar_buf[MBSTRING_HEADER_ENC_WCHAR_BUFSIZE]; uint32_t *p, *e; /* What part of wchar_buf is filled with still-unprocessed data which should not * be overwritten? */ @@ -5895,7 +5896,7 @@ static zend_string* mb_mime_header_encode(zend_string *input, const mbfl_encodin * spaces), just pass it through unchanged */ bool checking_leading_spaces = true; while (in_len) { - size_t out_len = incode->to_wchar(&in, &in_len, wchar_buf, wchar_buf_len, &state); + size_t out_len = incode->to_wchar(&in, &in_len, wchar_buf, MBSTRING_HEADER_ENC_WCHAR_BUFSIZE, &state); p = wchar_buf; e = wchar_buf + out_len; @@ -5929,9 +5930,9 @@ no_passthrough: ; * do so all the way to the end of the string */ while (in_len) { /* Decode part of the input string, refill wchar_buf */ - ZEND_ASSERT(offset + MBSTRING_MIN_WCHAR_BUFSIZE <= wchar_buf_len); - size_t out_len = incode->to_wchar(&in, &in_len, wchar_buf + offset, wchar_buf_len - offset, &state); - ZEND_ASSERT(out_len <= wchar_buf_len - offset); + ZEND_ASSERT(offset + MBSTRING_MIN_WCHAR_BUFSIZE <= MBSTRING_HEADER_ENC_WCHAR_BUFSIZE); + size_t out_len = incode->to_wchar(&in, &in_len, wchar_buf + offset, MBSTRING_HEADER_ENC_WCHAR_BUFSIZE - offset, &state); + ZEND_ASSERT(out_len <= MBSTRING_HEADER_ENC_WCHAR_BUFSIZE - offset); p = wchar_buf; e = wchar_buf + offset + out_len; /* ASCII output is broken into space-delimited 'words' @@ -6039,16 +6040,16 @@ mime_encoding_needed: ; /* Do we need to refill wchar_buf to make sure we don't run out of wchars * in the middle of a line? */ offset = e - p; - if (wchar_buf_len - offset < MBSTRING_MIN_WCHAR_BUFSIZE) { + if (MBSTRING_HEADER_ENC_WCHAR_BUFSIZE - offset < MBSTRING_MIN_WCHAR_BUFSIZE) { goto start_new_line; } memmove(wchar_buf, p, offset * sizeof(uint32_t)); while(true) { refill_wchar_buf: ; - ZEND_ASSERT(offset + MBSTRING_MIN_WCHAR_BUFSIZE <= wchar_buf_len); - size_t out_len = incode->to_wchar(&in, &in_len, wchar_buf + offset, wchar_buf_len - offset, &state); - ZEND_ASSERT(out_len <= wchar_buf_len - offset); + ZEND_ASSERT(offset + MBSTRING_MIN_WCHAR_BUFSIZE <= MBSTRING_HEADER_ENC_WCHAR_BUFSIZE); + size_t out_len = incode->to_wchar(&in, &in_len, wchar_buf + offset, MBSTRING_HEADER_ENC_WCHAR_BUFSIZE - offset, &state); + ZEND_ASSERT(out_len <= MBSTRING_HEADER_ENC_WCHAR_BUFSIZE - offset); p = wchar_buf; e = wchar_buf + offset + out_len; @@ -6129,7 +6130,7 @@ start_new_line: ; buf.out = mb_convert_buf_add(buf.out, ' '); line_start = mb_convert_buf_len(&buf); offset = e - p; - if (in_len && (wchar_buf_len - offset >= MBSTRING_MIN_WCHAR_BUFSIZE)) { + if (in_len && (MBSTRING_HEADER_ENC_WCHAR_BUFSIZE - offset >= MBSTRING_MIN_WCHAR_BUFSIZE)) { /* Copy any remaining wchars to beginning of buffer and refill * the rest of the buffer */ memmove(wchar_buf, p, offset * sizeof(uint32_t)); diff --git a/main/php_version.h b/main/php_version.h index e10e9f0a96d1..fc12da3e3ed6 100644 --- a/main/php_version.h +++ b/main/php_version.h @@ -2,7 +2,7 @@ /* edit configure.ac to change version number */ #define PHP_MAJOR_VERSION 8 #define PHP_MINOR_VERSION 3 -#define PHP_RELEASE_VERSION 5 -#define PHP_EXTRA_VERSION "-dev" -#define PHP_VERSION "8.3.5-dev" -#define PHP_VERSION_ID 80305 +#define PHP_RELEASE_VERSION 6 +#define PHP_EXTRA_VERSION "" +#define PHP_VERSION "8.3.6" +#define PHP_VERSION_ID 80306