Merge branch 'master' into test

* master: (39 commits)
  Add __debugInfo() to UPGRADING.
  fix TS build
  Update NEWS
  Update NEWS
  Update NEWS
  Small tidy ups and raise visibility of GitHub PR process
  Bug #41631: Observe socket read timeouts in SSL streams
  wrap int8_t and int16_t with #ifdef to avoid possible clashes
  - Updated to version 2014.6 (2014f)
  Removed Countable::count() change info from UPGRADE.INTERNALS too
  NEWS and UPGRADING for intdiv()
  Revert "Add SO_REUSEPORT + SO_BROADCAST support via socket stream context option"
  Fixed skip case for intdiv 64-bit test
  Use callback structure
  Add EXPECTF
  Fix handling of multi-result sets with PS...used to clean not only the result set but the whole PS.
  5.5.17 now
  5.4.33-dev now
  Add SO_REUSEPORT + SO_BROADCAST support via socket stream context option
  Add SO_REUSEPORT + SO_BROADCAST support via socket stream context option
  ...

Conflicts:
	ext/fileinfo/libmagic/softmagic.c
	main/streams/xp_socket.c

Author: dstogov

NEWS

@@ -16,6 +16,7 @@ PHP                                                                        NEWS
 - Standard:
   . Removed call_user_method() and call_user_method_array() functions. (Kalle)
   . Fix user session handlers (See rfc:session.user.return-value). (Sara)
+  . Added intdiv() function. (Andrea)
 
 - XSL:
   . Fixed bug #64776 (The XSLT extension is not thread safe). (Mike)

README.SUBMITTING_PATCH

@@ -17,7 +17,7 @@ Online Forums
 -------------
 There are several IRC channels where PHP developers are often
 available to discuss questions.  They include #php.pecl and #php.doc
-on the EFNet network and #php-dev-win on FreeNode.
+on the EFNet network and #winphp-dev on FreeNode.
 
 
 PHP Patches
@@ -33,34 +33,35 @@ and discuss it on the development mail list internals@lists.php.net.
 RFC Wiki accounts can be requested on
 http://wiki.php.net/start?do=register.  PHP extension maintainers can
 be found in the EXTENSIONS file in the PHP source.  Mail list
-subscription is explained on http://www.php.net/mailing-lists.php.
+subscription is explained on http://php.net/mailing-lists.php.
 
 Information on PHP internal C functions is at
-http://www.php.net/internals, though this is considered incomplete.
-Various external resources can be found on the web.  A standard
+http://php.net/internals, though this is considered incomplete.
+Various external resources can be found on the web.  See
+https://wiki.php.net/internals for some references.  A standard
 printed reference is the book "Extending and Embedding PHP" by Sara
 Golemon.
 
-Attach the patch to the PHP bug and consider sending a notification
-email about the change to internals@lists.php.net.  Also CC the
-extension maintainer.  Explain what has been changed by your patch.
-Test scripts should be included.
-
-Please make the mail subject prefix "[PATCH]".  If attaching a patch,
-ensure it has a file extension of ".txt".  This is because only MIME
-attachments of type 'text/*' are accepted.
-
 The preferred way to propose PHP patch is sending pull request from
-github.
-
-https://github.com/php/php-src
+GitHub: https://github.com/php/php-src
 
 Fork the official PHP repository and send a pull request. A
 notification will be sent to the pull request mailing list. Sending a
 note to PHP Internals list (internals@lists.php.net) may help getting
 more feedback and quicker turnaround.  You can also add pull requests
 to bug reports at http://bugs.php.net/.
 
+If you are not using GitHub, attach your patch to a PHP bug and
+consider sending a notification email about the change to
+internals@lists.php.net.  If the bug is for an extension, also CC the
+extension maintainer.  Explain what has been changed by your patch.
+Test scripts should be included.
+
+Please make the mail subject prefix "[PATCH]".  If attaching a patch,
+ensure it has a file extension of ".txt".  This is because only MIME
+attachments of type 'text/*' are accepted.
+
+
 
 PHP Documentation Patches
 -------------------------
@@ -71,7 +72,7 @@ the PHP mail archives.
 
 If your change is large, then first discuss it with the mail list
 phpdoc@lists.php.net.  Subscription is explained on
-http://www.php.net/mailing-lists.php.
+http://php.net/mailing-lists.php.
 
 Information on contributing to PHP documentation is at
 http://php.net/dochowto and http://wiki.php.net/doc/howto

UPGRADING

@@ -28,6 +28,8 @@ PHP X.Y UPGRADE NOTES
 2. New Features
 ========================================
 
+- Standard
+  . intdiv() function for integer division added.
 
 ========================================
 3. Changes in SAPI modules
@@ -69,7 +71,7 @@ PHP X.Y UPGRADE NOTES
 ========================================
 
 - Core
-  , PHP_INT_MIN added.
+  . PHP_INT_MIN added.
 
 ========================================
 11. Changes to INI File Handling

ext/date/lib/timezonedb.h

@@ -121057,7 +121057,7 @@ const unsigned char php_magic_database[2803888] = {
 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
 0x00, 0x00, 0x40, 0x00, 0x3D, 0x1B, 0x11, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
-0x00, 0x00, 0x00, 0x00, 0x34, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
+0x00, 0x00, 0x00, 0x00, 0x34, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
 0x5E, 0x5C, 0x73, 0x7B, 0x30, 0x2C, 0x31, 0x30, 0x30, 0x7D, 0x42, 0x45, 0x47, 0x49, 0x4E, 0x5C, 
 0x73, 0x7B, 0x30, 0x2C, 0x31, 0x30, 0x30, 0x7D, 0x5B, 0x7B, 0x5D, 0x00, 0x00, 0x00, 0x00, 0x00, 
 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 

ext/fileinfo/data_file.c

@@ -67,7 +67,7 @@ private int32_t mprint(struct magic_set *, struct magic *);
 private int32_t moffset(struct magic_set *, struct magic *);
 private void mdebug(uint32_t, const char *, size_t);
 private int mcopy(struct magic_set *, union VALUETYPE *, int, int,
-    const unsigned char *, uint32_t, size_t, size_t);
+    const unsigned char *, uint32_t, size_t, struct magic *);
 private int mconvert(struct magic_set *, struct magic *, int);
 private int print_sep(struct magic_set *, int);
 private int handle_annotation(struct magic_set *, struct magic *);
@@ -1041,7 +1041,7 @@ mdebug(uint32_t offset, const char *str, size_t len)
 
 private int
 mcopy(struct magic_set *ms, union VALUETYPE *p, int type, int indir,
-    const unsigned char *s, uint32_t offset, size_t nbytes, size_t linecnt)
+    const unsigned char *s, uint32_t offset, size_t nbytes, struct magic *m)
 {
 	/*
 	 * Note: FILE_SEARCH and FILE_REGEX do not actually copy
@@ -1061,15 +1061,24 @@ mcopy(struct magic_set *ms, union VALUETYPE *p, int type, int indir,
 			const char *last;	/* end of search region */
 			const char *buf;	/* start of search region */
 			const char *end;
-			size_t lines;
+			size_t lines, linecnt, bytecnt;
 
+			linecnt = m->str_range;
+			bytecnt = linecnt * 80;
+
+			if (bytecnt == 0) {
+				bytecnt = 8192;
+			}
+			if (bytecnt > nbytes) {
+				bytecnt = nbytes;
+			}
 			if (s == NULL) {
 				ms->search.s_len = 0;
 				ms->search.s = NULL;
 				return 0;
 			}
 			buf = RCAST(const char *, s) + offset;
-			end = last = RCAST(const char *, s) + nbytes;
+			end = last = RCAST(const char *, s) + bytecnt;
 			/* mget() guarantees buf <= last */
 			for (lines = linecnt, b = buf; lines && b < end &&
 			     ((b = CAST(const char *,
@@ -1082,7 +1091,7 @@ mcopy(struct magic_set *ms, union VALUETYPE *p, int type, int indir,
 					b++;
 			}
 			if (lines)
-				last = RCAST(const char *, s) + nbytes;
+				last = RCAST(const char *, s) + bytecnt;
 
 			ms->search.s = buf;
 			ms->search.s_len = last - buf;
@@ -1153,7 +1162,6 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m,
     int *need_separator, int *returnval)
 {
 	uint32_t soffset, offset = ms->offset;
-	uint32_t count = m->str_range;
 	int rv, oneed_separator, in_type;
 	char *sbuf, *rbuf;
 	union VALUETYPE *p = &ms->ms_value;
@@ -1165,13 +1173,12 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m,
 	}
 
 	if (mcopy(ms, p, m->type, m->flag & INDIR, s, (uint32_t)(offset + o),
-	    (uint32_t)nbytes, count) == -1)
+	    (uint32_t)nbytes, m) == -1)
 		return -1;
 
 	if ((ms->flags & MAGIC_DEBUG) != 0) {
 		fprintf(stderr, "mget(type=%d, flag=%x, offset=%u, o=%zu, "
-		    "nbytes=%zu, count=%u)\n", m->type, m->flag, offset, o,
-		    nbytes, count);
+		    "nbytes=%zu)\n", m->type, m->flag, offset, o, nbytes);
 		mdebug(offset, (char *)(void *)p, sizeof(union VALUETYPE));
 	}
 
@@ -1664,7 +1671,7 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m,
 			if ((ms->flags & MAGIC_DEBUG) != 0)
 				fprintf(stderr, "indirect +offs=%u\n", offset);
 		}
-		if (mcopy(ms, p, m->type, 0, s, offset, nbytes, count) == -1)
+		if (mcopy(ms, p, m->type, 0, s, offset, nbytes, m) == -1)
 			return -1;
 		ms->offset = offset;
 
@@ -2092,7 +2099,9 @@ magiccheck(struct magic_set *ms, struct magic *m)
 			zval subpats;
 			char *haystack;
 
+			ZVAL_NULL(&retval);
 			ZVAL_NULL(&subpats);
+
 			/* Cut the search len from haystack, equals to REG_STARTEND */
 			haystack = estrndup(ms->search.s, ms->search.s_len);
 

ext/fileinfo/libmagic/softmagic.c

@@ -1,4 +1,58 @@
-Patches applied to file sources tree before generating magic.mgc
+Patches applied to file 5.17 sources tree before generating magic.mgc
 and before running create_data_file.php to create data_file.c.
 
 
+
+From 0b478f445b6b7540b58af5d1fe583fa9e48fd745 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Wed, 28 May 2014 19:52:36 +0000
+Subject: [PATCH] further optimize awk by not looking for the BEGIN regex until
+ we found the BEGIN (Jan Kaluza)
+
+---
+ magic/Magdir/commands | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/magic/Magdir/commands b/magic/Magdir/commands
+index bfffdef..26b2869 100644
+--- a/magic/Magdir/commands
++++ b/magic/Magdir/commands
+@@ -49,7 +49,8 @@
+ !:mime	text/x-awk
+ 0	string/wt	#!\ /usr/bin/awk	awk script text executable
+ !:mime	text/x-awk
+-0	regex		=^\\s{0,100}BEGIN\\s{0,100}[{]	awk script text
++0       search/16384    BEGIN
++>0	regex		=^\\s{0,100}BEGIN\\s{0,100}[{]	awk script text
+ 
+ # AT&T Bell Labs' Plan 9 shell
+ 0	string/wt	#!\ /bin/rc	Plan 9 rc shell script text executable
+-- 
+2.0.3
+
+From 71a8b6c0d758acb0f73e2e51421a711b5e9d6668 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Fri, 30 May 2014 16:48:44 +0000
+Subject: [PATCH] Limit regex search for BEGIN to the first 4K of the file.
+
+---
+ magic/Magdir/commands | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/magic/Magdir/commands b/magic/Magdir/commands
+index 26b2869..bcd0f43 100644
+--- a/magic/Magdir/commands
++++ b/magic/Magdir/commands
+@@ -49,8 +49,7 @@
+ !:mime	text/x-awk
+ 0	string/wt	#!\ /usr/bin/awk	awk script text executable
+ !:mime	text/x-awk
+-0       search/16384    BEGIN
+->0	regex		=^\\s{0,100}BEGIN\\s{0,100}[{]	awk script text
++0	regex/4096	=^\\s{0,100}BEGIN\\s{0,100}[{]	awk script text
+ 
+ # AT&T Bell Labs' Plan 9 shell
+ 0	string/wt	#!\ /bin/rc	Plan 9 rc shell script text executable
+-- 
+2.0.3
+

ext/fileinfo/magicdata.patch

@@ -0,0 +1,35 @@
+--TEST--
+Bug #66731: file: extensive backtraking
+--SKIPIF--
+<?php
+if (!class_exists('finfo'))
+	die('skip no fileinfo extension');
+--FILE--
+<?php
+$fd = __DIR__.'/cve-2014-3538.data';
+
+file_put_contents($fd,
+  'try:' .
+  str_repeat("\n", 1000000));
+
+$fi = finfo_open(FILEINFO_NONE);
+$t = microtime(true);
+var_dump(finfo_file($fi, $fd));
+$t = microtime(true) - $t;
+finfo_close($fi);
+if ($t < 1) {
+	echo "Ok\n";
+} else {
+	printf("Failed, time=%.2f\n", $t);
+}
+
+?>
+Done
+--CLEAN--
+<?php
+@unlink(__DIR__.'/cve-2014-3538.data');
+?>
+--EXPECTF--
+string(%d) "%s"
+Ok
+Done

ext/fileinfo/tests/cve-2014-3538.phpt

@@ -136,7 +136,7 @@ ftp_open(const char *host, short port, long timeout_sec TSRMLS_DC)
 
 	ftp->fd = php_network_connect_socket_to_host(host,
 			(unsigned short) (port ? port : 21), SOCK_STREAM,
-			0, &tv, NULL, NULL, NULL, 0 TSRMLS_CC);
+			0, &tv, NULL, NULL, NULL, 0, STREAM_SOCKOP_NONE TSRMLS_CC);
 	if (ftp->fd == -1) {
 		goto bail;
 	}

ext/ftp/ftp.c

@@ -31,12 +31,17 @@ gdImagePtr gdImageCreateFromXpm (char *filename)
 	if (ret != XpmSuccess) {
 		return 0;
 	}
+	number = image.ncolors;
+	for(i = 0; i < number; i++) {
+		if (!image.colorTable[i].c_color) {
+			goto done;
+		}
+	}
 
 	if (!(im = gdImageCreate(image.width, image.height))) {
 		goto done;
 	}
 
-	number = image.ncolors;
 	colors = (int *) safe_emalloc(number, sizeof(int), 0);
 	for (i = 0; i < number; i++) {
 		switch (strlen (image.colorTable[i].c_color)) {