Update data tables for Unicode 11

Deprecate image2wbmp()

According to https://wiki.php.net/rfc/image2wbmp, we deprecate
`image2wbmp()`, rename the `$threshold` parameter to `$foreground`, and
remove superfluous code.

[ci skip] Add UPGRADING note

Add note about heredoc BC break

UPGRADING tweaks

Fix a typo and clarify that Reflection changes only affect string
export. No API relevant return values are changed.

[ci skip]

Add some upgrading notes for mbstring

[ci skip] Add upgrading note

Update NEWS and UPGRADING for openssl_pkey_derive

Implement flexible heredoc/nowdoc syntax

RFC: https://wiki.php.net/rfc/flexible_heredoc_nowdoc_syntaxes

* The ending label no longer has to be followed by a semicolon or
newli

Implement flexible heredoc/nowdoc syntax

RFC: https://wiki.php.net/rfc/flexible_heredoc_nowdoc_syntaxes

* The ending label no longer has to be followed by a semicolon or
newline. Any non-label character is fine.
* The ending label may be indented. The indentation will be stripped
from all lines in the heredoc/nowdoc string.

Lexing of heredoc strings performs a scan-ahead to determine the
indentation of the ending label, so that the correct amount of
indentation can be removed when calculting the semantic values for
use by the parser. This makes the implementation quite a bit more
complicated than we would like :/

show more ...

[ci skip] Update UPGRADING

Cf. ce1d69a1f6dcf15d43029301059c25e5bc09a577 and
fef879a2d63899ed25f39b4581c16682afdd0a8f, respectively.

Patch provided by Gabriel Caruso.

Expose functionality for NFKC_Casefold normalization

Replace the deprecated API by the newer one available with ICU 56+

[ci skip] Update UPGRADING

5c5bd3033997583887bd990e54c68adb2934bbdb removed support for `--with-libmbfl`.

Add support for rl_completion_suppress_append and rl_completion_append_character

These options are only available with libreadline.

Remove redundant warning in array_push() and array_unshift()

Cf. https://github.com/php/php-src/pull/3011.

Implement #51368: php_filter_float does not allow custom thousand separators

A set of hard-coded thousand separator characters (presently, `',.`) is
somewhat limited (users may prefer ot

Implement #51368: php_filter_float does not allow custom thousand separators

A set of hard-coded thousand separator characters (presently, `',.`) is
somewhat limited (users may prefer other separators, such as spaces or
underscores), as well as somewhat too liberal (arbitrary combinations
of different thousand separators are presently possible). Therefore we
introduce a `thousand` option analogous to `decimal`, which allows to
define the desired thousand separators as non-empty string, defaulting
to `',.`. While we easily could support empty strings here as well,
that would not make much sense, since this behavior can more easily be
accomplished by not setting the `FILTER_FLAG_ALLOW_THOUSAND` flag in
the first place.

show more ...

[ci skip] Add normalizer_get_raw_decomposition to UPGRADING

Add is_countable function

RFC: https://wiki.php.net/rfc/is-countable

Fix typo in upgrade notes

Bump libcurl requirement to 7.15.5

The existence of the following functions is now guaranteed:
* curl_escape()
* curl_unescape()
* curl_multi_setopt()

libcurl 7.15.5

Bump libcurl requirement to 7.15.5

The existence of the following functions is now guaranteed:
* curl_escape()
* curl_unescape()
* curl_multi_setopt()

libcurl 7.15.5 has been released 11.5 years ago and is available
even in RHEL 5.

show more ...

Add CURLOPT_REQUEST_TARGET constant

[ci skip] Fix typos

[ci skip] Update UPGRADING

Revert "Add possibility to lower timer resolution"

This reverts commit c3717d9aecbe65cb2e5778a24a91e9eaf638639e.

The final mitigation of the consequences with spectre should be

Revert "Add possibility to lower timer resolution"

This reverts commit c3717d9aecbe65cb2e5778a24a91e9eaf638639e.

The final mitigation of the consequences with spectre should be
discussed more also with the regard to the happenings on the
developments. Right now a preliminary mitigation might be wrong or
suboptimal, thus reverting this.

show more ...

Add possibility to lower timer resolution

The recently discovered security flaw Spectre requires a high resolution
timer. To the today's knowledge, PHP can't be used to create an attack

Add possibility to lower timer resolution

The recently discovered security flaw Spectre requires a high resolution
timer. To the today's knowledge, PHP can't be used to create an attack for
this flaw. Still some concerns were raised, that there might be impact in
shared hosting environments. This patch adds a possibility to reduce the
timer resolution by an ini setting, thus giving administrators full
control. Especially, as the flaw was also demonstrated by an abuse of
the JS engine in a browser, Firefox reduced several time sources to 20us.
Any programming language, that doesn't compile to JIT, won't be able to
produce an attack vector for Meltdown and Spectre, at least by todays
knowledge. There are also other factors that say that the security
concern on the hrtime feature is to the big part not justified, still we
aim JIT in the future. Thus, adding a possibility to control the timer
resolution is a good and small enough tradeoff for safety and future.

show more ...