Merge branch 'PHP-7.1' into PHP-7.2

* PHP-7.1:
  Fix #77369 - memcpy with negative length via crafted DNS response
  Fix more issues with encodilng length
  Fix #77270: imagecolormatch Out Of Bounds Write on Heap
  Fix bug #77380  (Global out of bounds read in xmlrpc base64 code)
  Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node)
  Fix bug #77370 - check that we do not read past buffer end when parsing multibytes
  Fix #77269: Potential unsigned underflow in gdImageScale
  Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)
  Fix bug #77242 (heap out of bounds read in xmlrpc_decode())
  Regenerate certs for openssl tests

diff --cc ext/gd/libgd/gd_color_match.c
Simple merge

diff --cc ext/gd/tests/bug77269.phpt
index 0000000000000000000000000000000000000000,3bdc23e80a71768b42b11631995ef06a07bfe57e..c89f674b8a0e59396cc92ac2bfb9386380b70d8f
mode 000000,100644..100644
--- /dev/null
--- 2/ext/gd/tests/bug77269.phpt
+++ b/ext/gd/tests/bug77269.phpt
@@@ -1,0 -1,21 +1,21 @@@
 -Warning: imagecreate():%S product of memory allocation multiplication would exceed INT_MAX, failing operation gracefully
+ --TEST--
+ Bug #77269 (Potential unsigned underflow in gdImageScale)
+ --SKIPIF--
+ <?php
+ if (!extension_loaded('gd')) die('skip gd extension not available');
+ if (getenv("SKIP_SLOW_TESTS")) die("skip slow test");
+ ?>
+ --INI--
+ memory_limit=2G
+ --FILE--
+ <?php
+ $im = imagecreate(2**28, 1);
+ if(is_resource($im)) {
+       imagescale($im, 1, 1, IMG_TRIANGLE);
+ }
+ ?>
+ ===DONE===
+ --EXPECTF--
++Warning: imagescale():%S product of memory allocation multiplication would exceed INT_MAX, failing operation gracefully
+  in %s on line %d
+ ===DONE===

diff --cc ext/mbstring/oniguruma/src/regcomp.c
Simple merge

diff --cc ext/mbstring/oniguruma/src/regparse.c
index 8153513202b3c32446add0bb30d0dc9629be85bf,fcfaf4378c0613a95bcc5b0ee97344331c1cee07..0c0b07804b8e2bec04ac643c77b8b32e1d508ef3
--- 1/ext/mbstring/oniguruma/src/regparse.c
--- 2/ext/mbstring/oniguruma/regparse.c
+++ b/ext/mbstring/oniguruma/src/regparse.c
@@@ -3581,20 -3574,18 +3584,23 @@@ fetch_token(OnigToken* tok, UChar** src
        break;
  
      default:
 -      PUNFETCH;
 -      num = fetch_escaped_value(&p, end, env);
 -      if (num < 0) return num;
 -      /* set_raw: */
 -      if (tok->u.c != num) {
 -      tok->type = TK_CODE_POINT;
 -      tok->u.code = (OnigCodePoint )num;
 -      }
 -      else { /* string */
 +      {
 +        OnigCodePoint c2;
 +
 +        PUNFETCH;
 +        num = fetch_escaped_value(&p, end, env, &c2);
 +        if (num < 0) return num;
 +        /* set_raw: */
 +        if (tok->u.c != c2) {
 +          tok->type = TK_CODE_POINT;
 +          tok->u.code = c2;
 +        }
 +        else { /* string */
 +          p = tok->backp + enclen(enc, tok->backp);
+           int len;
+           SAFE_ENC_LEN(enc, tok->backp, end, len);
+           p = tok->backp + len;
 +        }
        }
        break;
      }

diff --cc ext/mbstring/oniguruma/src/regparse.h
Simple merge

diff --cc ext/phar/phar.c
Simple merge

diff --cc ext/standard/dns.c
Simple merge

diff --cc ext/xmlrpc/libxmlrpc/base64.c
Simple merge

diff --cc ext/xmlrpc/libxmlrpc/xml_element.c
Simple merge