From: Christoph M. Becker <cmbecker69@gmx.de>
Date: Mon, 5 Sep 2016 23:07:15 +0000 (+0200)
Subject: Merge branch 'PHP-5.6' into PHP-7.0
X-Git-Tag: php-7.1.0RC2~56^2~1
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=81ec843d0ee6a7e236cfab15f1908953d7247677;p=php

Merge branch 'PHP-5.6' into PHP-7.0
---

81ec843d0ee6a7e236cfab15f1908953d7247677
diff --cc NEWS
index 70fd86b8c2,bd677499d4..764ba49e58
--- a/NEWS
+++ b/NEWS
@@@ -10,36 -10,22 +10,40 @@@ PH
    . Fixed bug #67325 (imagetruecolortopalette: white is duplicated in palette).
      (cmb)
  
 -- Mbstring:
 -  . Fixed bug #72994 (mbc_to_code() out of bounds read). (Laruence, cmb)
 +- mbstring:
 +  . Fixed bug #66797 (mb_substr only takes 32-bit signed integer). (cmb)
  
  - Opcache:
 -  . Fixed bug #72590 (Opcache restart with kill_all_lockers does not work).
 -    (Keyur) (julien backport)
 +  . Fixed bug #72982 (Memory leak in zend_accel_blacklist_update_regexp()
 +    function). (Laruence)
 +
 +- phpdbg:
 +  . Fixed bug #72996 (phpdbg_prompt.c undefined reference to DL_LOAD). (Nikita)
 +
 +- SOAP:
 +  . Fixed bug #71711 (Soap Server Member variables reference bug). (Nikita)
 +  . Fixed bug #71996 (Using references in arrays doesn't work like expected).
 +    (Nikita)
 +
 +- Standard:
 +  . Fixed bug #71882 (Negative ftruncate() on php://memory exhausts memory).
 +    (cmb)
  
+ - Zip:
+   . Fixed bug #70752 (Depacking with wrong password leaves 0 length files).
+     (cmb)
+ 
 -15 Sep 2016, PHP 5.6.26
 +15 Sep 2016 PHP 7.0.11
  
  - Core:
 -  . Fixed bug #72907 (null pointer deref, segfault in gc_remove_zval_from_buffer
 -    (zend_gc.c:260)). (Laruence)
 +  . Fixed bug #72944 (Null pointer deref in zval_delref_p). (Dmitry)
 +  . Fixed bug #72943 (assign_dim on string doesn't reset hval). (Laruence)
 +  . Fixed bug #72911 (Memleak in zend_binary_assign_op_obj_helper). (Laruence)
 +  . Fixed bug #72813 (Segfault with __get returned by ref). (Laruence)
 +  . Fixed bug #72767 (PHP Segfaults when trying to expand an infinite operator).
 +    (Nikita)
 +  . Fixed bug #72854 (PHP Crashes on duplicate destructor call). (Nikita)
 +  . Fixed bug #72857 (stream_socket_recvfrom read access violation). (Anatol)
    . Fixed bug #72703 (Out of bounds global memory read in BF_crypt triggered by
      password_verify). (Anatol)
  
diff --cc ext/zip/php_zip.c
index b9f0bb73ac,eeca8ab44d..cfac566506
--- a/ext/zip/php_zip.c
+++ b/ext/zip/php_zip.c
@@@ -245,10 -285,15 +244,11 @@@ static int php_zip_extract_file(struct 
  		goto done;
  	}
  
- 	zf = zip_fopen(za, file, 0);
- 	if (zf == NULL) {
 -#if PHP_API_VERSION < 20100412
 -	stream = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
 -#else
+ 	stream = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS, NULL);
 -#endif
+ 
+ 	if (stream == NULL) {
  		n = -1;
- 		php_stream_close(stream);
+ 		zip_fclose(zf);
  		goto done;
  	}