* PHP-5.6:
Fixed test
Added validation to parse_url() to prohibit restricted characters inside login/pass components based on RFC3986
Apparently negative wordwrap is a thing and should work as length = 0.
* PHP-5.5:
Fixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
update NEWS
fix tests
fix build
Fix bug #72455: Heap Overflow due to integer overflows
Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
Fix bug #72298 pass2_no_dither out-of-bounds access
Fixed#72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
Fix bug #72262 - do not overflow int
Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
Fix bug #72275: don't allow smart_str to overflow int
Fix bug #72340: Double Free Courruption in wddx_deserialize
update NEWS
Fix#66387: Stack overflow with imagefilltoborder
Skip test which is 64bits only
5.5.37 now
Conflicts:
configure.in
ext/mcrypt/mcrypt.c
ext/spl/spl_directory.c
main/php_version.h
* PHP-7.0:
Fixed bug #71704 php_snmp_error() Format String Vulnerability
Fixed bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut
Updated to version 2016.3 (2016c)
Fixed bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut
Fixed bug #71527 Buffer over-write in finfo_open with malformed magic file
Fix bug #71798 - Integer Overflow in php_raw_url_encode
update NEWS
Disable huge pages in the Zend allocator by default As per the discussion on internals, this is an expert feature that needs special system-level configuration and care.
Added ability to disable huge pages in Zend Memeory Manager through the environment variable USE_ZEND_ALLOC_HUGE_PAGES=0.
Fix bug #71860: Require valid paths for phar filenames
Fix bug #71860: Require valid paths for phar filenames
update NEWS
Fixed bug #71704 php_snmp_error() Format String Vulnerability
Merge branch 'PHP-5.6' into PHP-7.0
Updated to version 2016.2 (2016b)
update libs versions
set RC1 versions
Going for 5.5.34
* origin/PHP-7.0.5:
Fixed bug #71704 php_snmp_error() Format String Vulnerability
Fixed bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut
Updated to version 2016.3 (2016c)
Fixed bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut
Fixed bug #71527 Buffer over-write in finfo_open with malformed magic file
Fix bug #71798 - Integer Overflow in php_raw_url_encode
update NEWS
Disable huge pages in the Zend allocator by default As per the discussion on internals, this is an expert feature that needs special system-level configuration and care.
Added ability to disable huge pages in Zend Memeory Manager through the environment variable USE_ZEND_ALLOC_HUGE_PAGES=0.
Fix bug #71860: Require valid paths for phar filenames
Fix bug #71860: Require valid paths for phar filenames
update NEWS
Fixed bug #71704 php_snmp_error() Format String Vulnerability
Merge branch 'PHP-5.6' into PHP-7.0
Updated to version 2016.2 (2016b)
update libs versions
set RC1 versions
Going for 5.5.34
If a colon occurs in a query string or fragment of a partial URL without
scheme, parse_url() tries to regard it as port separator. If up to 5 digits
follow and then a slash or the end of the string, parse_url() fails.
We're fixing this by checking whether the colon is part of the query string or
the fragment, under the assumption that question marks and hash signs are only
allowed as separators of query string and fragments, respectively, what is
guarenteed for URIs (RFC 3986), but not necessarily for URLs (RFC 1738) where
question marks are allowed for usernames and passwords.
Anyhow, this constitutes a minor BC, so the fix is applied to master only.
Empty usernames and passwords are now treated differently from no username or password
For example, empty password:
ftp://user:@example.org
Empty username:
ftp://:password@example.org
Empty username and empty password
ftp://:@example.org
