* PHP-5.5: (27 commits)
fix non-standard C
update NEWS
5.4.41 next
fix CVE num
update NEWS
Fix bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode)
fix test
fix type in fix for #69085
fix memory leak & add test
Fix tests
fix CVE num
Fix bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability)
Fix test
Additional fix for bug #69324
More fixes for bug #69152
Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)
Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar)
Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
...
Conflicts:
ext/standard/http_fopen_wrapper.c
* PHP-5.4.40:
Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
Revert "Merge branch 'PHP-5.4' of https://git.php.net/repository/php-src into PHP-5.4"
Fixed bug #69293
Add ZEND_ARG_CALLABLE_INFO to allow internal function to type hint against callable.
Revert unintentional docblock change
It looks like commit dd8e59da8f
introduced an unintended docbloc change. I have reverted this
change in this commit.
Added test case.
Refactored the code to isolate the string handling. Fixed return values to use SUCCESS and FAILURE.
Removed unused error variable.
Indentation fix.
Removed the ugly goto.
Newer versions of libcurl prevent file:// location response headers by default,
which means that the open_basedir check is unnecessary — the fact
CURLOPT_REDIR_PROTOCOLS can't set CURLPROTO_FILE with open_basedir enabled
means that there's no possibility of breaching the open_basedir restriction,
and this allows HTTP redirects to be followed automatically.
Implements FR #65646 (re-enable CURLOPT_FOLLOWLOCATION with open_basedir or
safe_mode).
At present, when curl_setopt() is called with an option that requires the
creation of a curl_slist, we simply push the new curl_slist onto a list to be
freed when the curl handle is freed. This avoids a memory leak, but means that
repeated calls to curl_setopt() on the same handle with the same option wastes
previously allocated memory on curl_slist structs that will no longer be read.
This commit changes the zend_llist that was previously used to track the lists
to a HashTable keyed by the option number, which means that we can simply
update the hash table each time curl_setopt() is called.
Fixes bug #65458 (curl memory leak).