Merge branch 'PHP-5.6' into PHP-7.0

* PHP-5.6:
Happy new year (Update copyright to 2016)

Happy new year (Update copyright to 2016)

Also fixed 'r'

Indent (not sure why it was messed)

Fixed bug #70963 (Unserialize shows UNKNOW in result)

Thanks to ryat for reportinig

Cleanup: removed deprecated commented code

Don't allocate memory for empty HashTables.

Merge branch 'PHP-5.6'

* PHP-5.6: (21 commits)
fix unit tests
update NEWS
add NEWS for fixes
Improve fix for #70172
Fix bug #70312 - HAVAL gives wrong hashes in

Merge branch 'PHP-5.6'

* PHP-5.6: (21 commits)
fix unit tests
update NEWS
add NEWS for fixes
Improve fix for #70172
Fix bug #70312 - HAVAL gives wrong hashes in specific cases
fix test
add test
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
Fix bug #70172 - Use After Free Vulnerability in unserialize()
Fix bug #70388 - SOAP serialize_function_call() type confusion
Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
Improve fix for #70385
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
Fix bug #70219 (Use after free vulnerability in session deserializer)
Fix bug ##70284 (Use after free vulnerability in unserialize() with GMP)
Fix for bug #69782
Add CVE IDs asigned (post release) to PHP 5.4.43
Add CVE IDs asigned to #69085 (PHP 5.4.39)
...

Conflicts:
ext/exif/exif.c
ext/gmp/gmp.c
ext/pcre/php_pcre.c
ext/session/session.c
ext/session/tests/session_decode_variation3.phpt
ext/soap/soap.c
ext/spl/spl_observer.c
ext/standard/var.c
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
ext/xsl/xsltprocessor.c

show more ...

Merge branch 'PHP-5.5' into PHP-5.6

* PHP-5.5:
update NEWS
add NEWS for fixes
Improve fix for #70172
Fix bug #70312 - HAVAL gives wrong hashes in specific cases

Merge branch 'PHP-5.5' into PHP-5.6

* PHP-5.5:
update NEWS
add NEWS for fixes
Improve fix for #70172
Fix bug #70312 - HAVAL gives wrong hashes in specific cases
fix test
add test
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
Fix bug #70172 - Use After Free Vulnerability in unserialize()
Fix bug #70388 - SOAP serialize_function_call() type confusion
Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
Improve fix for #70385
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
Fix bug #70219 (Use after free vulnerability in session deserializer)
Fix for bug #69782
Add CVE IDs asigned (post release) to PHP 5.4.43
Add CVE IDs asigned to #69085 (PHP 5.4.39)
5.4.45 next

Conflicts:
ext/pcre/php_pcre.c
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
ext/zip/php_zip.c

show more ...

Merge branch 'PHP-5.4' into PHP-5.5

* PHP-5.4:
Improve fix for #70172
Fix bug #70312 - HAVAL gives wrong hashes in specific cases
fix test
add test
Fix bug #703

Merge branch 'PHP-5.4' into PHP-5.5

* PHP-5.4:
Improve fix for #70172
Fix bug #70312 - HAVAL gives wrong hashes in specific cases
fix test
add test
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
Fix bug #70172 - Use After Free Vulnerability in unserialize()
Fix bug #70388 - SOAP serialize_function_call() type confusion
Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
Improve fix for #70385
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
Fix bug #70219 (Use after free vulnerability in session deserializer)
Fix for bug #69782
Add CVE IDs asigned (post release) to PHP 5.4.43
Add CVE IDs asigned to #69085 (PHP 5.4.39)
5.4.45 next

Conflicts:
configure.in
ext/pcre/php_pcre.c
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
main/php_version.h

show more ...

Fix bug #70172 - Use After Free Vulnerability in unserialize()

Fix bug #70219 (Use after free vulnerability in session deserializer)

zend_hash_resize seems useless, use zend_hash_extend

Fixed typo

Fixed bug #70211 (php 7 ZEND_HASH_IF_FULL_DO_RESIZE use after free)

Use specialized efree_size()

fix merge

Use ZSTR_ API to access zend_string elements (this is just renaming without semantick changes).

Improved zend_string API (Francois Laupretre)

Squashed commit of the following:

commit d96eab8d79b75ac83d49d49ae4665f948d15a804
Author: Francois Laupretre <francois@tekwire.net>

Improved zend_string API (Francois Laupretre)

Squashed commit of the following:

commit d96eab8d79b75ac83d49d49ae4665f948d15a804
Author: Francois Laupretre <francois@tekwire.net>
Date: Fri Jun 26 01:23:31 2015 +0200

Use the new 'ZSTR' macros in the rest of the code.

Does not change anything to the generated code (thanks to compat macros) but cleaner.

commit b3526439104ac7a89a8e0c79dbebf33b22bd01b8
Author: Francois Laupretre <francois@tekwire.net>
Date: Thu Jun 25 13:45:06 2015 +0200

Improve zend_string API

Add missing methods

show more ...

Fixed bug #68976 - Use After Free Vulnerability in unserialize()

Merge branch 'PHP-5.5' into PHP-5.6

* PHP-5.5:
Fixed bug #68976 - Use After Free Vulnerability in unserialize()

Conflicts:
ext/standard/var_unserializer.c

Merge branch 'PHP-5.4' into PHP-5.5

* PHP-5.4:
Fixed bug #68976 - Use After Free Vulnerability in unserialize()

Conflicts:
ext/standard/var_unserializer.c

Fixed bug #68976 - Use After Free Vulnerability in unserialize()

Merge branch 'PHP-5.5' into PHP-5.6

Conflicts:
ext/standard/var_unserializer.c

Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize)