Merge branch 'PHP-5.4' into PHP-5.5

* PHP-5.4:
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	.gitignore
	ext/date/php_date.c
	ext/spl/spl_array.c
	ext/spl/spl_observer.c

diff --cc .gitignore
index f696b15ebf94aaa5447ec793c889f84e1fbda378,46cddfb00ab8856a6375fc5342ebfc6c0ac2378f..9a6319597b4c28fb3d1a6e3b643bb77f727be7bc
--- 1/.gitignore
--- 2/.gitignore
+++ b/.gitignore
@@@ -19,7 -19,8 +19,10 @@@
  *.tgz
  *.tar.gz
  *.tar.bz2
 +*.tar.xz
+ *.tar.gz.asc
+ *.tar.bz2.asc
++*.tar.xz.asc
  .FBCIndex
  .FBCLockFolder
  .deps

diff --cc Zend/zend_exceptions.c
index f7eac9212c2036339730ef9e5dd13e76ebd0d880,82b777a958dc419a309ac79c47eda90167454139..806c2ef9e308b27824d00a4b6fde15164befc765
--- 1/Zend/zend_exceptions.c
--- 2/Zend/zend_exceptions.c
+++ b/Zend/zend_exceptions.c
@@@ -586,9 -613,9 +613,9 @@@ ZEND_METHOD(exception, getTraceAsString
        int res_len = 0, *len = &res_len, num = 0;
  
        DEFAULT_0_PARAMS;
-       
+ 
        trace = zend_read_property(default_exception_ce, getThis(), "trace", sizeof("trace")-1, 1 TSRMLS_CC);
 -      if(Z_TYPE_P(trace) != IS_ARRAY) {
 +      if (Z_TYPE_P(trace) != IS_ARRAY) {
                RETURN_FALSE;
        }
  

diff --cc ext/date/php_date.c
index 5071e2eef0a2189532d7700bd183595592533d39,dcd1b74fe4b85b23358f4f763f46c5eee1510fd4..47f78a22cd2ee03a260b32b1d278c725da71751d
--- 1/ext/date/php_date.c
--- 2/ext/date/php_date.c
+++ b/ext/date/php_date.c
@@@ -2307,10 -2209,10 +2307,10 @@@ static zend_object_value date_object_cl
                case TIMELIB_ZONETYPE_ABBR:
                        new_obj->tzi.z.utc_offset = old_obj->tzi.z.utc_offset;
                        new_obj->tzi.z.dst        = old_obj->tzi.z.dst;
 -                      new_obj->tzi.z.abbr       = old_obj->tzi.z.abbr;
 +                      new_obj->tzi.z.abbr       = strdup(old_obj->tzi.z.abbr);
                        break;
        }
-       
+ 
        return new_ov;
  }
  
@@@ -3512,23 -3123,8 +3512,23 @@@ static void php_date_isodate_set(zval *
        memset(&dateobj->time->relative, 0, sizeof(dateobj->time->relative));
        dateobj->time->relative.d = timelib_daynr_from_weeknr(y, w, d);
        dateobj->time->have_relative = 1;
-       
+ 
        timelib_update_ts(dateobj->time, NULL);
 +}
 +
 +/* {{{ proto DateTime date_isodate_set(DateTime object, long year, long week[, long day])
 +   Sets the ISO date.
 +*/
 +PHP_FUNCTION(date_isodate_set)
 +{
 +      zval *object;
 +      long  y, w, d = 1;
 +
 +      if (zend_parse_method_parameters(ZEND_NUM_ARGS() TSRMLS_CC, getThis(), "Oll|l", &object, date_ce_date, &y, &w, &d) == FAILURE) {
 +              RETURN_FALSE;
 +      }
 +
 +      php_date_isodate_set(object, y, w, d, return_value TSRMLS_CC);
  
        RETURN_ZVAL(object, 1, 0);
  }
@@@ -3699,13 -3257,18 +3699,13 @@@ PHP_METHOD(DateTimeZone, __construct
  {
        char *tz;
        int tz_len;
 -      timelib_tzinfo *tzi = NULL;
        php_timezone_obj *tzobj;
        zend_error_handling error_handling;
-       
+ 
        zend_replace_error_handling(EH_THROW, NULL, &error_handling TSRMLS_CC);
        if (SUCCESS == zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &tz, &tz_len)) {
 -              if (SUCCESS == timezone_initialize(&tzi, tz TSRMLS_CC)) {
 -                      tzobj = zend_object_store_get_object(getThis() TSRMLS_CC);
 -                      tzobj->type = TIMELIB_ZONETYPE_ID;
 -                      tzobj->tzi.tz = tzi;
 -                      tzobj->initialized = 1;
 -              } else {
 +              tzobj = zend_object_store_get_object(getThis() TSRMLS_CC);
 +              if (FAILURE == timezone_initialize(tzobj, tz TSRMLS_CC)) {
                        ZVAL_NULL(getThis());
                }
        }
@@@ -4381,12 -3895,12 +4387,12 @@@ PHP_METHOD(DatePeriod, __construct
        int   isostr_len = 0;
        timelib_time *clone;
        zend_error_handling error_handling;
-       
+ 
        zend_replace_error_handling(EH_THROW, NULL, &error_handling TSRMLS_CC);
 -      if (zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET, ZEND_NUM_ARGS() TSRMLS_CC, "OOl|l", &start, date_ce_date, &interval, date_ce_interval, &recurrences, &options) == FAILURE) {
 -              if (zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET, ZEND_NUM_ARGS() TSRMLS_CC, "OOO|l", &start, date_ce_date, &interval, date_ce_interval, &end, date_ce_date, &options) == FAILURE) {
 +      if (zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET, ZEND_NUM_ARGS() TSRMLS_CC, "OOl|l", &start, date_ce_interface, &interval, date_ce_interval, &recurrences, &options) == FAILURE) {
 +              if (zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET, ZEND_NUM_ARGS() TSRMLS_CC, "OOO|l", &start, date_ce_interface, &interval, date_ce_interval, &end, date_ce_interface, &options) == FAILURE) {
                        if (zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET, ZEND_NUM_ARGS() TSRMLS_CC, "s|l", &isostr, &isostr_len, &options) == FAILURE) {
 -                              php_error_docref(NULL TSRMLS_CC, E_WARNING, "This constructor accepts either (DateTime, DateInterval, int) OR (DateTime, DateInterval, DateTime) OR (string) as arguments.");
 +                              php_error_docref(NULL TSRMLS_CC, E_WARNING, "This constructor accepts either (DateTimeInterface, DateInterval, int) OR (DateTimeInterface, DateInterval, DateTime) OR (string) as arguments.");
                                zend_restore_error_handling(&error_handling TSRMLS_CC);
                                return;
                        }

diff --cc ext/openssl/openssl.c
index 9c4131f608a1253c7c426a5200628a9ebe6609dc,c0e3d8a981501cb87db12c7c6dcdac49d98643e4..fb3069a4a75463888ca439d10060c36074916f3e
mode 100644,100755..100644
--- 1/ext/openssl/openssl.c
--- 2/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@@ -5154,9 -5087,8 +5153,8 @@@ PHP_FUNCTION(openssl_random_pseudo_byte
        buffer = emalloc(buffer_length + 1);
  
  #ifdef PHP_WIN32
-       strong_result = 1;
        /* random/urandom equivalent on Windows */
 -      if (php_win32_get_random_bytes(buffer, (size_t) buffer_length) == FAILURE) {
 +      if (php_win32_get_random_bytes(buffer, (size_t) buffer_length) == FAILURE){
                efree(buffer);
                if (zstrong_result_returned) {
                        ZVAL_BOOL(zstrong_result_returned, 0);

diff --cc ext/phar/phar_internal.h
Simple merge

diff --cc ext/phar/phar_object.c
Simple merge

diff --cc ext/soap/php_http.c
Simple merge

diff --cc ext/spl/spl_array.c
Simple merge

diff --cc ext/spl/spl_dllist.c
Simple merge

diff --cc ext/spl/spl_observer.c
Simple merge