php-5.6/.git
22 months ago5.6.41 will be next. not really PHP-5.6 origin/PHP-5.6
Ferenc Kovacs [Wed, 9 Jan 2019 08:57:53 +0000 (09:57 +0100)]
5.6.41 will be next. not really

22 months agoFix bug #77418 - Heap overflow in utf32be_mbc_to_code
Stanislav Malyshev [Mon, 7 Jan 2019 07:31:15 +0000 (23:31 -0800)]
Fix bug #77418 - Heap overflow in utf32be_mbc_to_code

22 months ago[ci skip] Add NEWS
Stanislav Malyshev [Sun, 6 Jan 2019 21:03:38 +0000 (13:03 -0800)]
[ci skip] Add NEWS

22 months agoFix more issues with encodilng length
Stanislav Malyshev [Wed, 2 Jan 2019 08:36:30 +0000 (00:36 -0800)]
Fix more issues with encodilng length

Should fix bug #77381, bug #77382, bug #77385, bug #77394.

22 months agoFix #77270: imagecolormatch Out Of Bounds Write on Heap
Christoph M. Becker [Sun, 30 Dec 2018 12:59:26 +0000 (13:59 +0100)]
Fix #77270: imagecolormatch Out Of Bounds Write on Heap

At least some of the image reading functions may return images which
use color indexes greater than or equal to im->colorsTotal.  We cater
to this by always using a buffer size which is sufficient for
`gdMaxColors` in `gdImageColorMatch()`.

22 months agoFix bug #77380 (Global out of bounds read in xmlrpc base64 code)
Stanislav Malyshev [Wed, 2 Jan 2019 01:15:20 +0000 (17:15 -0800)]
Fix bug #77380  (Global out of bounds read in xmlrpc base64 code)

22 months agoFix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node)
Stanislav Malyshev [Sun, 30 Dec 2018 04:06:08 +0000 (20:06 -0800)]
Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node)

22 months agoFix bug #77370 - check that we do not read past buffer end when parsing multibytes
Stanislav Malyshev [Sun, 30 Dec 2018 03:51:24 +0000 (19:51 -0800)]
Fix bug #77370 - check that we do not read past buffer end when parsing multibytes

22 months agoFix #77269: Potential unsigned underflow in gdImageScale
Christoph M. Becker [Wed, 12 Dec 2018 15:00:59 +0000 (16:00 +0100)]
Fix #77269: Potential unsigned underflow in gdImageScale

Belatedly, we're porting the respective upstream patch[1].

[1] <https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35>

22 months agoFix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)
Stanislav Malyshev [Sun, 30 Dec 2018 02:25:37 +0000 (18:25 -0800)]
Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)

22 months agoFix bug #77242 (heap out of bounds read in xmlrpc_decode())
Stanislav Malyshev [Sun, 30 Dec 2018 01:56:36 +0000 (17:56 -0800)]
Fix bug #77242 (heap out of bounds read in xmlrpc_decode())

22 months agoRegenerate certs for openssl tests
Alexander Kurilo [Mon, 31 Dec 2018 09:19:36 +0000 (12:19 +0300)]
Regenerate certs for openssl tests

23 months ago5.6.40 will be next. probably not
Ferenc Kovacs [Wed, 5 Dec 2018 08:13:30 +0000 (09:13 +0100)]
5.6.40 will be next. probably not

23 months agoFix null pointer deref in qprint-encode filter (bug #77231)
Stanislav Malyshev [Mon, 3 Dec 2018 10:12:11 +0000 (02:12 -0800)]
Fix null pointer deref in qprint-encode filter (bug #77231)

23 months agoFix bug #77143 - add more checks to buffer reads
Stanislav Malyshev [Mon, 12 Nov 2018 22:02:26 +0000 (14:02 -0800)]
Fix bug #77143 - add more checks to buffer reads

23 months agoFix #77020: null pointer dereference in imap_mail
Stanislav Malyshev [Sun, 11 Nov 2018 18:04:01 +0000 (10:04 -0800)]
Fix #77020: null pointer dereference in imap_mail

If an empty $message is passed to imap_mail(), we must not set message
to NULL, since _php_imap_mail() is not supposed to handle NULL pointers
(opposed to pointers to NUL).

23 months agoFix TSRM signature - php_stream_stat macro has it's own TSRM
Stanislav Malyshev [Sun, 2 Dec 2018 20:54:19 +0000 (12:54 -0800)]
Fix TSRM signature - php_stream_stat macro has it's own TSRM

23 months agoRegenerate certificates for openssl tests
Alexander Kurilo [Sun, 2 Dec 2018 07:53:45 +0000 (10:53 +0300)]
Regenerate certificates for openssl tests

23 months agoImprove test for bug77022
Stanislav Malyshev [Sun, 2 Dec 2018 20:06:13 +0000 (12:06 -0800)]
Improve test for bug77022

23 months agoFix bug #77022 - use file mode or umask for new files
Stanislav Malyshev [Sun, 2 Dec 2018 05:04:56 +0000 (21:04 -0800)]
Fix bug #77022 - use file mode or umask for new files

23 months agoAdd DISPLAY_INI_ENTRIES for imap
Stanislav Malyshev [Wed, 28 Nov 2018 23:45:51 +0000 (15:45 -0800)]
Add DISPLAY_INI_ENTRIES for imap

2 years agoDisable rsh/ssh functionality in imap by default (bug #77153)
Stanislav Malyshev [Mon, 19 Nov 2018 01:10:43 +0000 (17:10 -0800)]
Disable rsh/ssh functionality in imap by default (bug #77153)

2 years ago5.6.39 will be the next
Ferenc Kovacs [Tue, 11 Sep 2018 21:58:17 +0000 (23:58 +0200)]
5.6.39 will be the next

2 years agoUpdate NEWS
Stanislav Malyshev [Sun, 9 Sep 2018 19:19:38 +0000 (12:19 -0700)]
Update NEWS

2 years agoFix for bug #76582
Stanislav Malyshev [Sun, 29 Jul 2018 05:16:29 +0000 (22:16 -0700)]
Fix for bug #76582

The brigade seems to end up in a messed up state if something fails
in shutdown, so we clean it up.

2 years ago5.6.38 will be next
Ferenc Kovacs [Thu, 19 Jul 2018 14:32:50 +0000 (16:32 +0200)]
5.6.38 will be next

2 years agoAdd NEWS
Stanislav Malyshev [Mon, 16 Jul 2018 21:26:31 +0000 (14:26 -0700)]
Add NEWS

2 years agoFixed bug #76459 windows linkinfo lacks openbasedir check
Anatol Belski [Tue, 3 Jul 2018 11:51:31 +0000 (13:51 +0200)]
Fixed bug #76459 windows linkinfo lacks openbasedir check

2 years agoFix bug #76557: heap-buffer-overflow (READ of size 48) while reading exif data
Stanislav Malyshev [Mon, 2 Jul 2018 05:20:19 +0000 (22:20 -0700)]
Fix bug #76557: heap-buffer-overflow (READ of size 48) while reading exif data

Use MAKERNOTE length as data size.

2 years agoFix bug #76423 - Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of...
Stanislav Malyshev [Tue, 19 Jun 2018 23:26:36 +0000 (16:26 -0700)]
Fix bug #76423 - Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c

2 years ago5.6.37 will be next
Ferenc Kovacs [Tue, 24 Apr 2018 21:23:14 +0000 (23:23 +0200)]
5.6.37 will be next

2 years agoFix test portability
Anatol Belski [Tue, 24 Apr 2018 08:47:32 +0000 (10:47 +0200)]
Fix test portability

2 years agoFix tsrm_ls
Stanislav Malyshev [Mon, 23 Apr 2018 23:48:27 +0000 (16:48 -0700)]
Fix tsrm_ls

2 years agoMerge remote-tracking branch 'security/bug76249' into PHP-5.6
Stanislav Malyshev [Mon, 23 Apr 2018 20:44:19 +0000 (13:44 -0700)]
Merge remote-tracking branch 'security/bug76249' into PHP-5.6

* security/bug76249:
  Fix test
  Fix bug #76249 - fail on invalid sequences

2 years agoMerge remote-tracking branch 'security/bug76248' into PHP-5.6
Stanislav Malyshev [Mon, 23 Apr 2018 20:44:12 +0000 (13:44 -0700)]
Merge remote-tracking branch 'security/bug76248' into PHP-5.6

* security/bug76248:
  Fix bug #76248 - Malicious LDAP-Server Response causes Crash

2 years agoFix #76129 - remove more potential unfiltered outputs for phar
Stanislav Malyshev [Wed, 28 Mar 2018 04:22:28 +0000 (21:22 -0700)]
Fix #76129 - remove more potential unfiltered outputs for phar

2 years agoMerge remote-tracking branch 'security/PHP-5.6' into PHP-5.6
Stanislav Malyshev [Mon, 23 Apr 2018 20:42:51 +0000 (13:42 -0700)]
Merge remote-tracking branch 'security/PHP-5.6' into PHP-5.6

* security/PHP-5.6:
  Fix #76130: Heap Buffer Overflow (READ: 1786) in exif_iif_add_value
  Fix bug #75981: prevent reading beyond buffer start

2 years agoFix test
Stanislav Malyshev [Mon, 23 Apr 2018 05:19:51 +0000 (22:19 -0700)]
Fix test

2 years agoFix bug #76248 - Malicious LDAP-Server Response causes Crash
Stanislav Malyshev [Mon, 23 Apr 2018 05:01:35 +0000 (22:01 -0700)]
Fix bug #76248 - Malicious LDAP-Server Response causes Crash

2 years agoFix bug #76249 - fail on invalid sequences
Stanislav Malyshev [Mon, 23 Apr 2018 04:26:06 +0000 (21:26 -0700)]
Fix bug #76249 - fail on invalid sequences

2 years agoFix #76130: Heap Buffer Overflow (READ: 1786) in exif_iif_add_value
Christoph M. Becker [Tue, 27 Mar 2018 16:42:55 +0000 (18:42 +0200)]
Fix #76130: Heap Buffer Overflow (READ: 1786) in exif_iif_add_value

The MakerNote is not necessarily null-terminated, so we must not use
`strlen()` to avoid OOB reads.  Instead `php_strnlen()` is the proper
way to handle this.

2 years ago[ci skip] 5.6.36 will be next
Ferenc Kovacs [Wed, 28 Mar 2018 21:14:30 +0000 (23:14 +0200)]
[ci skip] 5.6.36 will be next

2 years ago[ci skip] Update NEWS
Anatol Belski [Tue, 27 Mar 2018 12:24:43 +0000 (14:24 +0200)]
[ci skip] Update NEWS

2 years agoDo not set PR_SET_DUMPABLE by default
Jakub Zelenka [Wed, 7 Mar 2018 18:12:56 +0000 (18:12 +0000)]
Do not set PR_SET_DUMPABLE by default

2 years ago5.6.35 is next
Ferenc Kovacs [Tue, 27 Feb 2018 22:57:06 +0000 (23:57 +0100)]
5.6.35 is next

2 years ago[ci skip] Update NEWS
Anatol Belski [Tue, 27 Feb 2018 10:31:37 +0000 (11:31 +0100)]
[ci skip] Update NEWS

2 years agoFix bug #75981: prevent reading beyond buffer start
Stanislav Malyshev [Tue, 20 Feb 2018 23:34:43 +0000 (15:34 -0800)]
Fix bug #75981: prevent reading beyond buffer start

2 years ago[ci skip] Set FPM maintainership
Stanislav Malyshev [Sat, 24 Feb 2018 00:43:10 +0000 (16:43 -0800)]
[ci skip] Set FPM maintainership

As per http://news.php.net/php.internals/101897, Jakub is officially
annointed as new FPM maintainer.

2 years agoFix bug #75981: prevent reading beyond buffer start
Stanislav Malyshev [Tue, 20 Feb 2018 23:34:43 +0000 (15:34 -0800)]
Fix bug #75981: prevent reading beyond buffer start

2 years ago2018
Remi Collet [Wed, 3 Jan 2018 14:12:39 +0000 (15:12 +0100)]
2018

2 years agophp 5.6.34 is next
Ferenc Kovacs [Tue, 2 Jan 2018 23:30:58 +0000 (00:30 +0100)]
php 5.6.34 is next

2 years agoUpdate NEWS
Stanislav Malyshev [Tue, 2 Jan 2018 03:53:00 +0000 (19:53 -0800)]
Update NEWS

2 years agoFixed bug #75571: Potential infinite loop in gdImageCreateFromGifCtx
Christoph M. Becker [Wed, 29 Nov 2017 17:52:33 +0000 (18:52 +0100)]
Fixed bug #75571: Potential infinite loop in gdImageCreateFromGifCtx

Due to a signedness confusion in `GetCode_` a corrupt GIF file can
trigger an infinite loop.  Furthermore we make sure that a GIF without
any palette entries is treated as invalid *after* open palette entries
have been removed.

2 years agoFix bug #74782: remove file name from output to avoid XSS
Stanislav Malyshev [Sun, 2 Jul 2017 20:29:37 +0000 (13:29 -0700)]
Fix bug #74782: remove file name from output to avoid XSS

3 years agoBackport and apply upstream patch for CVE-2017-14107
Anatol Belski [Fri, 27 Oct 2017 11:16:56 +0000 (13:16 +0200)]
Backport and apply upstream patch for CVE-2017-14107

3 years ago5.6.33 is next
Ferenc Kovacs [Wed, 25 Oct 2017 01:36:30 +0000 (03:36 +0200)]
5.6.33 is next

3 years agoThese tests all assume that IPV6 is available.
Rasmus Lerdorf [Sat, 10 Jan 2015 01:24:48 +0000 (17:24 -0800)]
These tests all assume that IPV6 is available.

3 years agofix the travis build for PHP-5.6 using precise instead of trusty
Ferenc Kovacs [Tue, 24 Oct 2017 23:51:48 +0000 (01:51 +0200)]
fix the travis build for PHP-5.6 using precise instead of trusty

3 years agofix the travis build for PHP-5.6 using precise instead of trusty
Ferenc Kovacs [Tue, 24 Oct 2017 23:47:21 +0000 (01:47 +0200)]
fix the travis build for PHP-5.6 using precise instead of trusty

3 years agoParametrize the expected value to avoid platform false positives
Anatol Belski [Tue, 24 Oct 2017 16:33:21 +0000 (18:33 +0200)]
Parametrize the expected value to avoid platform false positives

3 years ago[ci skip] update NEWS
Anatol Belski [Tue, 24 Oct 2017 12:16:54 +0000 (14:16 +0200)]
[ci skip] update NEWS

3 years agoFixed bug #72535 arcfour encryption stream filter crashes php
Anatol Belski [Tue, 24 Oct 2017 11:59:18 +0000 (13:59 +0200)]
Fixed bug #72535 arcfour encryption stream filter crashes php

3 years agoFixed bug #75055 Out-Of-Bounds Read in timelib_meridian()
Anatol Belski [Tue, 24 Oct 2017 09:28:17 +0000 (11:28 +0200)]
Fixed bug #75055 Out-Of-Bounds Read in timelib_meridian()

3 years agoApply upstream patch for CVE-2016-1283
Anatol Belski [Thu, 28 Sep 2017 13:40:49 +0000 (15:40 +0200)]
Apply upstream patch for CVE-2016-1283

Fix bug #75207, see also
https://bugzilla.redhat.com/show_bug.cgi?id=1295385
https://vcs.pcre.org/pcre?view=revision&revision=1636

(cherry picked from commit d11fceab151cd0410645f81eb7444af4388470c3)

3 years agoadd missing NEWS entry for #74087 and also fix the formatting
Ferenc Kovacs [Wed, 5 Jul 2017 22:10:07 +0000 (00:10 +0200)]
add missing NEWS entry for #74087 and also fix the formatting

3 years agomove NEWS entry to the correct place, also bump the version
Ferenc Kovacs [Wed, 5 Jul 2017 22:05:14 +0000 (00:05 +0200)]
move NEWS entry to the correct place, also bump the version

3 years agoNEWS for oniguruma
Remi Collet [Wed, 5 Jul 2017 07:26:55 +0000 (09:26 +0200)]
NEWS for oniguruma

3 years agoPatch from the upstream git
Remi Collet [Tue, 30 May 2017 13:40:32 +0000 (15:40 +0200)]
Patch from the upstream git
https://github.com/kkos/oniguruma/issues/60 (CVE-2017-9228)

Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org>

3 years agoPatch from the upstream git
Remi Collet [Tue, 30 May 2017 13:39:21 +0000 (15:39 +0200)]
Patch from the upstream git
https://github.com/kkos/oniguruma/issues/59 (CVE-2017-9229)
b690371bbf97794b4a1d3f295d4fb9a8b05d402d Modified for onig 5.9.6

Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org>

3 years agoPatch from the upstream git
Remi Collet [Tue, 30 May 2017 13:38:17 +0000 (15:38 +0200)]
Patch from the upstream git
https://github.com/kkos/oniguruma/issues/58 (CVE-2017-9227)

Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org>

3 years agoPatch from the upstream git
Remi Collet [Tue, 30 May 2017 13:37:11 +0000 (15:37 +0200)]
Patch from the upstream git
https://github.com/kkos/oniguruma/issues/57 (CVE-2017-9224)

Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org>

3 years agoPatch from the upstream git
Remi Collet [Tue, 30 May 2017 13:35:42 +0000 (15:35 +0200)]
Patch from the upstream git
https://github.com/kkos/oniguruma/issues/55 (CVE-2017-9226)
b4bf968ad52afe14e60a2dc8a95d3555c543353a Modified for onig 5.9.6
f015fbdd95f76438cd86366467bb2b39870dd7c6 Modified for onig 5.9.6

Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org>

3 years agoImprove fix for #74145
Stanislav Malyshev [Wed, 5 Jul 2017 04:10:08 +0000 (21:10 -0700)]
Improve fix for #74145

3 years agoFix tests
Stanislav Malyshev [Wed, 5 Jul 2017 03:12:57 +0000 (20:12 -0700)]
Fix tests

3 years agoUpdate NEWS
Stanislav Malyshev [Wed, 5 Jul 2017 02:30:29 +0000 (19:30 -0700)]
Update NEWS

3 years agoFix bug #74087
Stanislav Malyshev [Wed, 5 Jul 2017 02:21:28 +0000 (19:21 -0700)]
Fix bug #74087

Ported from https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676&r2=1680&view=patch

3 years agoFixed parsing of strange formats with mixed month/day and time strings
Derick Rethans [Mon, 3 Jul 2017 11:37:11 +0000 (12:37 +0100)]
Fixed parsing of strange formats with mixed month/day and time strings

3 years agoFix bug #74145 - wddx parsing empty boolean tag leads to SIGSEGV
Stanislav Malyshev [Sun, 2 Jul 2017 21:25:54 +0000 (14:25 -0700)]
Fix bug #74145 - wddx parsing empty boolean tag leads to SIGSEGV

3 years agoFixed bug #74111
Nikita Popov [Sun, 25 Jun 2017 19:15:26 +0000 (21:15 +0200)]
Fixed bug #74111

3 years agoFix #74435: Buffer over-read into uninitialized memory
Christoph M. Becker [Tue, 20 Jun 2017 14:45:42 +0000 (16:45 +0200)]
Fix #74435: Buffer over-read into uninitialized memory

The stack allocated color map buffers were not zeroed before usage, and
so undefined palette indexes could cause information leakage.

3 years agoFix bug #74603 - use correct buffer size
Stanislav Malyshev [Tue, 20 Jun 2017 07:09:01 +0000 (00:09 -0700)]
Fix bug #74603 - use correct buffer size

3 years agoFix bug #74651 - check EVP_SealInit as it can return -1
Stanislav Malyshev [Tue, 20 Jun 2017 06:06:24 +0000 (23:06 -0700)]
Fix bug #74651 - check EVP_SealInit as it can return -1

3 years agoUpdate NEWS
Stanislav Malyshev [Sun, 25 Jun 2017 06:32:59 +0000 (23:32 -0700)]
Update NEWS

3 years agoFix bug #73807
Nikita Popov [Thu, 2 Feb 2017 15:04:02 +0000 (16:04 +0100)]
Fix bug #73807

3 years agofix test for 32bits (int -> float)
Remi Collet [Wed, 1 Feb 2017 09:25:30 +0000 (10:25 +0100)]
fix test for 32bits (int -> float)

(cherry picked from commit 0f1ae93bfa2feb3d0fd0b8d3036148df8ef856e2)

3 years agoupdate NEWS
Ferenc Kovacs [Thu, 19 Jan 2017 00:16:31 +0000 (01:16 +0100)]
update NEWS

3 years agoFix #73869: Signed Integer Overflow gd_io.c
Christoph M. Becker [Sat, 17 Dec 2016 16:06:58 +0000 (17:06 +0100)]
Fix #73869: Signed Integer Overflow gd_io.c

GD2 stores the number of horizontal and vertical chunks as words (i.e. 2
byte unsigned). These values are multiplied and assigned to an int when
reading the image, what can cause integer overflows. We have to avoid
that, and also make sure that either chunk count is actually greater
than zero. If illegal chunk counts are detected, we bail out from
reading the image.

(cherry picked from commit 5b5d9db3988b829e0b121b74bb3947f01c2796a1)

3 years agoFix #73868: DOS vulnerability in gdImageCreateFromGd2Ctx()
Christoph M. Becker [Tue, 16 Aug 2016 16:23:36 +0000 (18:23 +0200)]
Fix #73868: DOS vulnerability in gdImageCreateFromGd2Ctx()

We must not pretend that there are image data if there are none. Instead
we fail reading the image file gracefully.

(cherry picked from commit cdb648dc4115ce0722f3cc75e6a65115fc0e56ab)

3 years agoAdd additional serialize tests for fixed bugs
Nikita Popov [Mon, 16 Jan 2017 12:24:13 +0000 (13:24 +0100)]
Add additional serialize tests for fixed bugs

These have been fixed as a side-effect of the delayed __wakeup
patch.

3 years agoFix typo
Stanislav Malyshev [Mon, 16 Jan 2017 08:23:06 +0000 (00:23 -0800)]
Fix typo

3 years agoFix test
Stanislav Malyshev [Mon, 16 Jan 2017 02:42:22 +0000 (18:42 -0800)]
Fix test

3 years agoUpdate more functions with path check
Stanislav Malyshev [Mon, 16 Jan 2017 01:31:08 +0000 (17:31 -0800)]
Update more functions with path check

3 years agoFix glob-wrapper.phpt to not fail in Windows
Mitch Hagstrand [Tue, 10 Jan 2017 19:51:55 +0000 (11:51 -0800)]
Fix glob-wrapper.phpt to not fail in Windows

3 years agoFix open_basedir check for glob:// opendir wrapper
Sara Golemon [Mon, 9 Jan 2017 19:02:50 +0000 (11:02 -0800)]
Fix open_basedir check for glob:// opendir wrapper

php_check_open_basedir() expects a local filesystem path,
but we're handing it a `glob://...` URI instead.

Move the check to after the path trim so that we're checking
a meaningful pathspec.

3 years agoadd skip when json not loaded
Remi Collet [Fri, 6 Jan 2017 05:23:59 +0000 (06:23 +0100)]
add skip when json not loaded

3 years ago5.6.31 is next
Ferenc Kovacs [Fri, 6 Jan 2017 00:43:11 +0000 (01:43 +0100)]
5.6.31 is next

3 years agoFix printf modifier
Nikita Popov [Thu, 5 Jan 2017 10:37:06 +0000 (11:37 +0100)]
Fix printf modifier

3 years agoAdd tests for delayed __wakeup()
Nikita Popov [Wed, 4 Jan 2017 23:20:56 +0000 (00:20 +0100)]
Add tests for delayed __wakeup()

3 years agoImplement delayed __wakeup
Nikita Popov [Wed, 4 Jan 2017 23:19:26 +0000 (00:19 +0100)]
Implement delayed __wakeup

3 years agoMerge branch 'PHP-5.6.30' into PHP-5.6
Stanislav Malyshev [Tue, 3 Jan 2017 04:56:32 +0000 (20:56 -0800)]
Merge branch 'PHP-5.6.30' into PHP-5.6

* PHP-5.6.30:
  Fix bug #73737 FPE when parsing a tag format
  Fix bug #73773 - Seg fault when loading hostile phar
  Fix bug #73825 - Heap out of bounds read on unserialize in finish_nested_data()
  Fix bug #73768 - Memory corruption when loading hostile phar
  Fix int overflows in phar (bug #73764)