* PHP-5.5-security: (22 commits)
Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
updated NEWS
added test for bug #69354
revert skipif, this should run everywhere
further ODBC 3.0 compliance
more compliance with the ODBC 3.0
test fixes
Prevent GC from changing zval or object 'color' before they are actually inserted into possible roots buffer.
sigh, can't even copypaste without screwing up
oop, put both the error number and message for both db object to the error message
test fixes
Fixed bug #69281 (opcache_is_script_cached no longer works)
Fix typo: unitialized -> uninitialized
Fix typo: unitialized -> uninitialized
Fixed bug #68739 (Missing break / control flow). Fixed bug #68740 (NULL Pointer Dereference). Fixed bug #68677 (Use After Free).
Fixed bug #68739 (Missing break / control flow in curl)
Fixed bug #68740 (NULL Pointer Dereference)
Fixed bug #68677 (Use After Free in OPcache)
...
Conflicts:
configure.in
ext/curl/tests/bug69316.phpt
main/php_version.h
* PHP-5.4.40:
Additional fix for bug #69324
More fixes for bug #69152
Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)
Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar)
Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
Fixed bug #68901 (use after free)
Fixed bug #68740 (NULL Pointer Dereference)
Fix bug #66550 (SQLite prepared statement use-after-free)
Better fix for #68601 for perf 81e9a993f2
Fix bug #68601 buffer read overflow in gd_gif_in.c
Revert "Merge branch 'PHP-5.4' of https://git.php.net/repository/php-src into PHP-5.4"
Fixed bug #69293
Add ZEND_ARG_CALLABLE_INFO to allow internal function to type hint against callable.
* Removed ini options, safe_mode*
* Removed --enable-safe-mode --with-exec-dir configure options on Unix
* Updated extensions, SAPI's and core
* php_get_current_user() is now declared in main.c, thrus no need to include safe_mode.h anymore
and short form:
- when $content is given, the closing tag will be generated (even for empty
string)
- when $content is ignored or NULL is given, the short form will be used
also remove a few uneeded global variables
interesting new warnings:
/cvs/php5/ext/xmlwriter/php_xmlwriter.c:391: warning: 'xmlwriter_objects_clone' defined but not used
/cvs/php5/ext/xmlwriter/php_xmlwriter.c:1281: warning: 'zif_xmlwriter_start_dtd_entity' defined but not used
/cvs/php5/ext/xmlwriter/php_xmlwriter.c:1325: warning: 'zif_xmlwriter_end_dtd_entity' defined but not used
/cvs/php5/ext/xmlwriter/php_xmlwriter.c:1333: warning: 'zif_xmlwriter_write_dtd_entity' defined but not used
