.github/scripts/windows/build_task.bat

@@ -5,11 +5,6 @@ if /i "%GITHUB_ACTIONS%" neq "True" (
     exit /b 3
 )
 
-del /f /q C:\Windows\System32\libcrypto-1_1-x64.dll >NUL 2>NUL
-if %errorlevel% neq 0 exit /b 3
-del /f /q C:\Windows\System32\libssl-1_1-x64.dll >NUL 2>NUL
-if %errorlevel% neq 0 exit /b 3
-
 call %~dp0find-target-branch.bat
 set STABILITY=staging
 set DEPS_DIR=%PHP_BUILD_CACHE_BASE_DIR%\deps-%BRANCH%-%PHP_SDK_VS%-%PHP_SDK_ARCH%

.github/scripts/windows/test_task.bat

@@ -137,6 +137,8 @@ for %%i in (ldap oci8_12c pdo_oci) do (
 
 set TEST_PHPDBG_EXECUTABLE=%PHP_BUILD_DIR%\phpdbg.exe
 
+copy /-y %DEPS_DIR%\bin\*.dll %PHP_BUILD_DIR%\*
+
 mkdir c:\tests_tmp
 
 nmake test TESTS="%OPCACHE_OPTS% -g FAIL,BORK,LEAK,XLEAK --no-progress -q --offline --show-diff --show-slow 1000 --set-timeout 120 --temp-source c:\tests_tmp --temp-target c:\tests_tmp --bless %PARALLEL%"

.github/workflows/nightly.yml

@@ -520,7 +520,7 @@ jobs:
       - name: Test Laravel
         if: ${{ !cancelled() }}
         run: |
-          git clone https://github.com/laravel/framework.git --branch=master --depth=1
+          git clone https://github.com/laravel/framework.git --depth=1
           cd framework
           git rev-parse HEAD
           php /usr/bin/composer install --no-progress --ignore-platform-reqs

.github/workflows/windows-builds.yml

@@ -0,0 +1,23 @@
+name: Windows builds
+run-name: Windows builds for ${{ inputs.tag || github.ref_name }}
+on:
+  push:
+    tags:
+      - 'php-*'
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'Tag version'
+        required: true
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    name: Build
+    steps:
+      - name: Build
+        env:
+          GITHUB_TOKEN: ${{ secrets.WINDOWS_BUILDS_TOKEN }}
+        run: |
+          TAG="${{ inputs.tag || github.ref_name }}"
+          gh workflow run php.yml -R php/php-windows-builder -f php-version="${TAG#php-}"

.gitignore

@@ -291,6 +291,11 @@ tmp-php.ini
 /junit.out.xml
 /.ccache/
 
+# ------------------------------------------------------------------------------
+# Additional test build files
+# ------------------------------------------------------------------------------
+/ext/standard/tests/helpers/bad_cmd.exe
+
 # ------------------------------------------------------------------------------
 # Special cases to invert previous ignore patterns
 # ------------------------------------------------------------------------------

NEWS

@@ -1,6 +1,102 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-?? ??? ????, PHP 8.3.17
+13 Mar 2025, PHP 8.3.18
+
+- BCMath:
+  . Fixed bug GH-17398 (bcmul memory leak). (SakiTakamachi)
+
+- Core:
+  . Fixed bug GH-17623 (Broken stack overflow detection for variable
+    compilation). (ilutov)
+  . Fixed bug GH-17618 (UnhandledMatchError does not take
+    zend.exception_ignore_args=1 into account). (timwolla)
+  . Fix fallback paths in fast_long_{add,sub}_function. (nielsdos)
+  . Fixed bug GH-17718 (Calling static methods on an interface that has
+    `__callStatic` is allowed). (timwolla)
+  . Fixed bug GH-17797 (zend_test_compile_string crash on invalid
+    script path). (David Carlier)
+  . Fixed GHSA-rwp7-7vc6-8477 (Reference counting in php_request_shutdown
+    causes Use-After-Free). (CVE-2024-11235) (ilutov)
+
+- DOM:
+  . Fixed bug GH-17847 (xinclude destroys live node). (nielsdos)
+
+- FFI:
+  . Fix FFI Parsing of Pointer Declaration Lists. (davnotdev)
+
+- FPM:
+  . Fixed bug GH-17643 (FPM with httpd ProxyPass encoded PATH_INFO env).
+    (Jakub Zelenka)
+
+- GD:
+  . Fixed bug GH-17772 (imagepalettetotruecolor crash with memory_limit=2M).
+    (David Carlier)
+
+- LDAP:
+  . Fixed bug GH-17704 (ldap_search fails when $attributes contains a
+    non-packed array with numerical keys). (nielsdos, 7u83)
+
+- LibXML:
+  . Fixed GHSA-wg4p-4hqh-c3g9 (Reocurrence of #72714). (nielsdos)
+  . Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong `content-type` header
+    when requesting a redirected resource). (CVE-2025-1219) (timwolla)
+
+- MBString:
+  . Fixed bug GH-17503 (Undefined float conversion in mb_convert_variables).
+    (cmb)
+
+- Opcache:
+  . Fixed bug GH-17654 (Multiple classes using same trait causes function
+    JIT crash). (nielsdos)
+  . Fixed bug GH-17577 (JIT packed type guard crash). (nielsdos, Dmitry)
+  . Fixed bug GH-17899 (zend_test_compile_string with invalid path
+    when opcache is enabled). (David Carlier)
+  . Fixed bug GH-17868 (Cannot allocate memory with tracing JIT). (nielsdos)
+
+- PDO_SQLite:
+  . Fixed GH-17837 ()::getColumnMeta() on unexecuted statement segfaults).
+    (cmb)
+  . Fix cycle leak in sqlite3 setAuthorizer(). (nielsdos)
+
+- Phar:
+  . Fixed bug GH-17808: PharFileInfo refcount bug. (nielsdos)
+
+- PHPDBG:
+  . Partially fixed bug GH-17387 (Trivial crash in phpdbg lexer). (nielsdos)
+  . Fix memory leak in phpdbg calling registered function. (nielsdos)
+
+- Reflection:
+  . Fixed bug GH-15902 (Core dumped in ext/reflection/php_reflection.c).
+    (DanielEScherzer)
+
+- Standard:
+  . Fixed bug #72666 (stat cache clearing inconsistent between file:// paths
+    and plain paths). (Jakub Zelenka)
+
+- Streams:
+  . Fixed bug GH-17650 (realloc with size 0 in user_filters.c). (nielsdos)
+  . Fix memory leak on overflow in _php_stream_scandir(). (nielsdos)
+  . Fixed GHSA-hgf54-96fm-v528 (Stream HTTP wrapper header check might omit
+    basic auth header). (CVE-2025-1736) (Jakub Zelenka)
+  . Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location
+    to 1024 bytes). (CVE-2025-1861) (Jakub Zelenka)
+  . Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers
+    without colon). (CVE-2025-1734) (Jakub Zelenka)
+  . Fixed GHSA-v8xr-gpvj-cx9g (Header parser of `http` stream wrapper does not
+    handle folded headers). (CVE-2025-1217) (Jakub Zelenka)
+
+- Windows:
+  . Fixed phpize for Windows 11 (24H2). (bwoebi)
+  . Fixed GH-17855 (CURL_STATICLIB flag set even if linked with shared lib).
+    (cmb)
+
+- Zlib:
+  . Fixed bug GH-17745 (zlib extension incorrectly handles object arguments).
+    (nielsdos)
+  . Fix memory leak when encoding check fails. (nielsdos)
+  . Fix zlib support for large files. (nielsdos)
+
+13 Feb 2025, PHP 8.3.17
 
 - Core:
   . Fixed bug GH-16892 (ini_parse_quantity() fails to parse inputs starting
@@ -76,7 +172,7 @@ PHP                                                                        NEWS
   . Fixed bug GH-17139 (Fix zip_entry_name() crash on invalid entry).
     (nielsdos)
 
-02 Jan 2025, PHP 8.3.16RC1
+02 Jan 2025, PHP 8.3.16
 
 - Core:
   . Fixed bug GH-17106 (ZEND_MATCH_ERROR misoptimization). (ilutov)
@@ -275,7 +371,7 @@ PHP                                                                        NEWS
 - Windows:
   . Fixed bug GH-16849 (Error dialog causes process to hang). (cmb)
 
-07 Nov 2024, PHP 8.3.14RC1
+07 Nov 2024, PHP 8.3.14
 
 - CLI:
   . Fixed bug GH-16373 (Shebang is not skipped for router script in cli-server
@@ -1028,7 +1124,7 @@ PHP                                                                        NEWS
 - Treewide:
   . Fix gcc-14 Wcalloc-transposed-args warnings. (Cristian Rodríguez)
 
-28 Mar 2024, PHP 8.3.5RC1
+28 Mar 2024, PHP 8.3.5
 
 - Core:
   . Fixed GH-13569 (GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when
@@ -1297,7 +1393,7 @@ PHP                                                                        NEWS
   . Fixed bug GH-12980 (tidynode.props.attribute is missing
     "Boolean Attributes" and empty attributes). (nielsdos)
 
-07 Dec 2023, PHP 8.3.1RC1
+07 Dec 2023, PHP 8.3.1
 
 - Core:
   . Fixed bug GH-12758 / GH-12768 (Invalid opline in OOM handlers within

Zend/tests/gh_17718_001.phpt

@@ -0,0 +1,17 @@
+--TEST--
+GH-17718: Disallow calling abstract `__callStatic()` trampoline on an interface
+--FILE--
+<?php
+
+interface Foo {
+    public static function __callStatic($method, $args);
+}
+
+Foo::bar();
+
+?>
+--EXPECTF--
+Fatal error: Uncaught Error: Cannot call abstract method Foo::bar() in %s:%d
+Stack trace:
+#0 {main}
+  thrown in %s on line %d

Zend/tests/gh_17718_002.phpt

@@ -0,0 +1,17 @@
+--TEST--
+GH-17718: Disallow calling abstract `__callStatic()` trampoline on an abstract class
+--FILE--
+<?php
+
+abstract class Foo {
+    abstract public static function __callStatic($method, $args);
+}
+
+Foo::bar();
+
+?>
+--EXPECTF--
+Fatal error: Uncaught Error: Cannot call abstract method Foo::bar() in %s:%d
+Stack trace:
+#0 {main}
+  thrown in %s on line %d

Zend/tests/gh_17728.phpt

@@ -0,0 +1,24 @@
+--TEST--
+GH-17728: Assertion failure when calling static method of trait with `__callStatic()` with throwing error handler
+--FILE--
+<?php
+
+set_error_handler(function (int $errno, string $errstr, string $errfile, int $errline) {
+    throw new \ErrorException($errstr, 0, $errno, $errfile, $errline);
+});
+
+trait Foo {
+    public static function __callStatic($method, $args) {
+        var_dump($method);
+    }
+}
+
+try {
+    Foo::bar();
+} catch (ErrorException $e) {
+    echo $e->getMessage(), PHP_EOL;
+}
+
+?>
+--EXPECT--
+Calling static trait method Foo::bar is deprecated, it should only be called on a class using the trait

Zend/tests/ghsa-rwp7-7vc6-8477_001.phpt

@@ -0,0 +1,26 @@
+--TEST--
+GHSA-rwp7-7vc6-8477: Use-after-free for ??= due to incorrect live-range calculation
+--FILE--
+<?php
+
+class Foo {
+    public function foo() {
+        return $this;
+    }
+
+    public function __set($name, $value) {
+        throw new Exception('Hello');
+    }
+}
+
+$foo = new Foo();
+
+try {
+    $foo->foo()->baz ??= 1;
+} catch (Exception $e) {
+    echo $e->getMessage();
+}
+
+?>
+--EXPECT--
+Hello

Zend/tests/ghsa-rwp7-7vc6-8477_002.phpt

@@ -0,0 +1,24 @@
+--TEST--
+GHSA-rwp7-7vc6-8477: Use-after-free for ??= due to incorrect live-range calculation
+--FILE--
+<?php
+
+class Foo {
+    public int $prop;
+
+    public function foo() {
+        return $this;
+    }
+}
+
+$foo = new Foo();
+
+try {
+    $foo->foo()->prop ??= 'foo';
+} catch (Error $e) {
+    echo $e->getMessage();
+}
+
+?>
+--EXPECT--
+Cannot assign string to property Foo::$prop of type int

Zend/tests/ghsa-rwp7-7vc6-8477_003.phpt

@@ -0,0 +1,22 @@
+--TEST--
+GHSA-rwp7-7vc6-8477: Use-after-free for ??= due to incorrect live-range calculation
+--FILE--
+<?php
+
+class Foo {
+    public int $prop;
+}
+
+function newFoo() {
+    return new Foo();
+}
+
+try {
+    newFoo()->prop ??= 'foo';
+} catch (Error $e) {
+    echo $e->getMessage();
+}
+
+?>
+--EXPECT--
+Cannot assign string to property Foo::$prop of type int

Zend/tests/match/049.phpt

@@ -0,0 +1,42 @@
+--TEST--
+Match expression error messages (zend.exception_ignore_args=1)
+--INI--
+zend.exception_ignore_args=1
+--FILE--
+<?php
+
+class Beep {}
+
+function test(mixed $var) {
+    try {
+        match($var) {};
+    } catch (UnhandledMatchError $e) {
+        print $e->getMessage() . PHP_EOL;
+    }
+}
+
+test(null);
+test(1);
+test(5.5);
+test(5.0);
+test("foo");
+test(true);
+test(false);
+test([1, 2, 3]);
+test(new Beep());
+// Testing long strings.
+test(str_repeat('e', 100));
+test(str_repeat("e\n", 100));
+?>
+--EXPECT--
+Unhandled match case of type null
+Unhandled match case of type int
+Unhandled match case of type float
+Unhandled match case of type float
+Unhandled match case of type string
+Unhandled match case of type bool
+Unhandled match case of type bool
+Unhandled match case of type array
+Unhandled match case of type Beep
+Unhandled match case of type string
+Unhandled match case of type string