Merge branch 'PHP-5.5' into PHP-7.0.5

* PHP-5.5:
  Fixed bug #71704 php_snmp_error() Format String Vulnerability
  Fixed bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut
  Fixed bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut
  Fix bug #71798 - Integer Overflow in php_raw_url_encode
  Fix bug #71860: Require valid paths for phar filenames
  Going for 5.5.34

Conflicts:
	configure.in
	ext/phar/phar_object.c
	ext/phar/tests/badparameters.phpt
	ext/phar/tests/create_path_error.phpt
	ext/phar/tests/pharfileinfo_construct.phpt
	ext/snmp/snmp.c
	ext/standard/url.c
	main/php_version.h

diff --cc ext/phar/phar.c
index 08f480d3034d32aea12fe149be5fc5a3388cd77e,17b0affd86ff751cb8e6046d04d91435b53fc6b8..860f5132d446a7b24c2bbf050ce6949381ea8db5
--- 1/ext/phar/phar.c
--- 2/ext/phar/phar.c
+++ b/ext/phar/phar.c
@@@ -2194,12 -2259,12 +2194,16 @@@ int phar_split_fname(const char *filena
  #ifdef PHP_WIN32
        char *save;
  #endif
 -      int ext_len, free_filename = 0;
 +      int ext_len;
 +
 +      if (CHECK_NULL_PATH(filename, filename_len)) {
 +              return FAILURE;
 +      }
  
+       if (CHECK_NULL_PATH(filename, filename_len)) {
+               return FAILURE;
+       }
+ 
        if (!strncasecmp(filename, "phar://", 7)) {
                filename += 7;
                filename_len -= 7;

diff --cc ext/standard/url.c
index 0138e4203f636e638512a977a8b8fdc5f7b6c717,27a216a5e0f850eefcbc30c238b56d1e60ae1da9..b7fd18869936d57b77649351ffa4fca05eec432f
--- 1/ext/standard/url.c
--- 2/ext/standard/url.c
+++ b/ext/standard/url.c
@@@ -606,27 -597,27 +606,27 @@@ PHPAPI size_t php_url_decode(char *str
  
  /* {{{ php_raw_url_encode
   */
 -PHPAPI char *php_raw_url_encode(char const *s, int len, int *new_length)
 +PHPAPI zend_string *php_raw_url_encode(char const *s, size_t len)
  {
-       register int x, y;
+       register size_t x, y;
 -      unsigned char *str;
 +      zend_string *str;
  
 -      str = (unsigned char *) safe_emalloc(3, len, 1);
 +      str = zend_string_alloc(3 * len, 0);
        for (x = 0, y = 0; len--; x++, y++) {
 -              str[y] = (unsigned char) s[x];
 +              ZSTR_VAL(str)[y] = (unsigned char) s[x];
  #ifndef CHARSET_EBCDIC
 -              if ((str[y] < '0' && str[y] != '-' && str[y] != '.') ||
 -                      (str[y] < 'A' && str[y] > '9') ||
 -                      (str[y] > 'Z' && str[y] < 'a' && str[y] != '_') ||
 -                      (str[y] > 'z' && str[y] != '~')) {
 -                      str[y++] = '%';
 -                      str[y++] = hexchars[(unsigned char) s[x] >> 4];
 -                      str[y] = hexchars[(unsigned char) s[x] & 15];
 +              if ((ZSTR_VAL(str)[y] < '0' && ZSTR_VAL(str)[y] != '-' && ZSTR_VAL(str)[y] != '.') ||
 +                      (ZSTR_VAL(str)[y] < 'A' && ZSTR_VAL(str)[y] > '9') ||
 +                      (ZSTR_VAL(str)[y] > 'Z' && ZSTR_VAL(str)[y] < 'a' && ZSTR_VAL(str)[y] != '_') ||
 +                      (ZSTR_VAL(str)[y] > 'z' && ZSTR_VAL(str)[y] != '~')) {
 +                      ZSTR_VAL(str)[y++] = '%';
 +                      ZSTR_VAL(str)[y++] = hexchars[(unsigned char) s[x] >> 4];
 +                      ZSTR_VAL(str)[y] = hexchars[(unsigned char) s[x] & 15];
  #else /*CHARSET_EBCDIC*/
 -              if (!isalnum(str[y]) && strchr("_-.~", str[y]) != NULL) {
 -                      str[y++] = '%';
 -                      str[y++] = hexchars[os_toascii[(unsigned char) s[x]] >> 4];
 -                      str[y] = hexchars[os_toascii[(unsigned char) s[x]] & 15];
 +              if (!isalnum(ZSTR_VAL(str)[y]) && strchr("_-.~", ZSTR_VAL(str)[y]) != NULL) {
 +                      ZSTR_VAL(str)[y++] = '%';
 +                      ZSTR_VAL(str)[y++] = hexchars[os_toascii[(unsigned char) s[x]] >> 4];
 +                      ZSTR_VAL(str)[y] = hexchars[os_toascii[(unsigned char) s[x]] & 15];
  #endif /*CHARSET_EBCDIC*/
                }
        }