From: Stanislav Malyshev <stas@php.net>
Date: Tue, 1 Sep 2015 18:42:19 +0000 (-0700)
Subject: Merge branch 'PHP-5.4' into PHP-5.5
X-Git-Tag: php-5.5.29~4^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=33d3acaae79845e8bd587b4d0799ef2dca07fdc3;p=php

Merge branch 'PHP-5.4' into PHP-5.5

* PHP-5.4:
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  5.4.45 next

Conflicts:
	configure.in
	ext/pcre/php_pcre.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	main/php_version.h
---

33d3acaae79845e8bd587b4d0799ef2dca07fdc3