* PHP-5.4:
Fix bug #70019 - limit extracted files to given directory
Do not do convert_to_* on unserialize, it messes up references
Fix#69793 - limit what we accept when unserializing exception
Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
ignore signatures for packages too
Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
Fixed bug #69892
Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
Improved fix for Bug #69441
Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
Fix bug #70081: check types for SOAP variables
Conflicts:
.gitignore
ext/date/php_date.c
ext/spl/spl_array.c
ext/spl/spl_observer.c
* PHP-5.4:
fix format
update NEWS
Add test for bug #69522
Update tests
Fix bug #69522 - do not allow int overflow
Forgot test file
Fix bug #69403 and other int overflows
Fixed bug #69418 - more s->p fixes for filenames
Fixed bug #69364 - use smart_str to assemble strings
Fix bug #69453 - don't try to cut empty string
Fix bug #69545 - avoid overflow when reading list
Conflicts:
ext/pcntl/pcntl.c
ext/standard/basic_functions.c
ext/standard/pack.c
ext/standard/tests/dir/opendir_variation1-win32.phpt
* PHP-5.4:
5.4.41 next
fix CVE num
update NEWS
Fix bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode)
fix type in fix for #69085
fix CVE num
Conflicts:
configure.in
main/php_version.h
* PHP-5.4.40:
Additional fix for bug #69324
More fixes for bug #69152
Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)
Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar)
Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
Fixed bug #68901 (use after free)
Fixed bug #68740 (NULL Pointer Dereference)
Fix bug #66550 (SQLite prepared statement use-after-free)
Better fix for #68601 for perf https://bitbucket.org/libgd/gd-libgd/commits/81e9a993f2893d651d225646378e3fd1b7465467
Fix bug #68601 buffer read overflow in gd_gif_in.c
Revert "Merge branch 'PHP-5.4' of https://git.php.net/repository/php-src into PHP-5.4"
Fixed bug #69293
Add ZEND_ARG_CALLABLE_INFO to allow internal function to type hint against callable.
PharData::extractTo fails for tarball created by BSD tar
Phar did not know about PAX style global/file headers.
Skip them, to be able to read the contents of those archives.
Redirection will work correctly as long as PATH_INFO is available,
e.g. via the following nginx configuration:
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
Stanislav Malyshev