---
- branch: MAIN
  date: Sat Apr 13 02:49:41 UTC 2024
  files:
  - new: '1.427'
    old: '1.426'
    path: pkgsrc/lang/php/phpversion.mk
    pathrev: pkgsrc/lang/php/phpversion.mk@1.427
    type: modified
  - new: '1.20'
    old: '1.19'
    path: pkgsrc/lang/php82/distinfo
    pathrev: pkgsrc/lang/php82/distinfo@1.20
    type: modified
  - new: '1.18'
    old: '1.17'
    path: pkgsrc/lang/php82/patches/patch-configure
    pathrev: pkgsrc/lang/php82/patches/patch-configure@1.18
    type: modified
  id: 20240413T024941Z.2fef3ac28d0cc0ed7c3b69743be4abccf2c81fc6
  log: |
    lang/php82: update to 8.2.18

    This release includes security fixes.

    11 Apr 2024, PHP 8.2.18

    - Core:
      . Fixed bug GH-13612 (Corrupted memory in destructor with weak references).
        (nielsdos)
      . Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi)
      . Fixed bug GH-13670 (GC does not scale well with a lot of objects created in
        destructor). (Arnaud)

    - DOM:
      . Add some missing ZPP checks. (nielsdos)
      . Fix potential memory leak in XPath evaluation results. (nielsdos)
      . Fix phpdoc for DOMDocument load methods. (VincentLanglet)

    - FPM
      . Fix incorrect check in fpm_shm_free(). (nielsdos)

    - GD:
      . Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky)

    - Gettext:
      . Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5
        with category set to LC_ALL. (David Carlier)

    - MySQLnd:
      . Fix GH-13452 (Fixed handshake response [mysqlnd]). (Saki Takamachi)
      . Fix incorrect charset length in check_mb_eucjpms(). (nielsdos)

    - Opcache:
      . Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null).
        (Arnaud, Dmitry)
      . Fixed GH-13712 (Segmentation fault for enabled observers when calling trait
        method of internal trait when opcache is loaded). (Bob)

    - PDO:
      . Fix various PDORow bugs. (Girgias)

    - Random:
      . Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown
        modes). (timwolla)
      . Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between
        requests when MT_RAND_PHP is used). (timwolla)

    - Session:
      . Fixed bug GH-13680 (Segfault with session_decode and compilation error).
        (nielsdos)

    - Sockets:
      . Fixed bug GH-13604 (socket_getsockname returns random characters in the end
        of the socket name). (David Carlier)

    - SPL:
      . Fixed bug GH-13531 (Unable to resize SplfixedArray after being unserialized
        in PHP 8.2.15). (nielsdos)
      . Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). (nielsdos)

    - Standard:
      . Fixed bug GH-11808 (Live filesystem modified by tests). (nielsdos)
      . Fixed GH-13402 (Added validation of `\n` in $additional_headers of mail()).
        (SakiTakamachi)
      . Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows).
        (divinity76)
      . Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command
        parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)
      . Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to
        partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
      . Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true,
        opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)

    - XML:
      . Fixed bug GH-13517 (Multiple test failures when building with
        --with-expat). (nielsdos)
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/lang'
  unixtime: '1712976581'
  user: taca