Merge remote-tracking branch 'origin/master' into native-tls

* origin/master:
  fix unserializer patch
  move this entry to the correct version
  add missing NEWS entry
  add missing NEWS entry
  Updated or skipped certain 32-bit tests
  add NEWS entry for #68594
  5.4.37
  add more BC breaks
  update news
  add CVE
  add missing test file
  Fix bug #68594 - Use after free vulnerability in unserialize()
  Fix typo
  Hash value must not zero?

Author: weltling

UPGRADING

@@ -42,6 +42,11 @@ PHP X.Y UPGRADE NOTES
     It will now produce 2, not 1.
   . Function parameters with duplicate name are not allowed anymore. Definitions
     like “function foo($x,$x) {}” will lead to compile time error.
+  . Indirect variable, property and method references are now interpreted with
+    left-to-right semantics. See details in:
+	https://wiki.php.net/rfc/uniform_variable_syntax#semantic_differences_in_existing_syntax 
+  . The global keyword now only accepts simple variables. See details in:
+    https://wiki.php.net/rfc/uniform_variable_syntax#global_keyword_takes_only_simple_variables
 
 - DBA
   . dba_delete() now returns false if the key was not found for the inifile

Zend/tests/bug43128.phpt

@@ -15,5 +15,6 @@ eval("class $a {}");
 if ($a instanceof $a); // Segmentation fault
 new $a;                // Segmentation fault
 echo "ok\n";
+?>
 --EXPECT--
 ok

Zend/zend_string.h

@@ -279,6 +279,8 @@ static zend_always_inline zend_ulong zend_inline_hash_func(const char *str, size
 		case 0: break;
 EMPTY_SWITCH_DEFAULT_CASE()
 	}
+
+	ZEND_ASSERT(hash != 0);
 	return hash;
 }
 

ext/bcmath/tests/bug60377.phpt

@@ -1,7 +1,8 @@
 --TEST--
 bcscale related problem on 64bits platforms
 --SKIPIF--
-<?php if(!extension_loaded("bcmath")) print "skip"; ?>
+<?php if(!extension_loaded("bcmath")) die("skip");
+if (PHP_INT_SIZE != 8) die("skip: 64-bit only"); ?>
 --FILE--
 <?php
 $var48 = bcscale(634314234334311);

ext/curl/tests/curl_version_variation1.phpt

@@ -1,7 +1,8 @@
 --TEST--
 Test curl_version() function : usage variations - test values for $ascii argument
 --SKIPIF--
-<?php if (!extension_loaded("curl")) exit("skip curl extension not loaded"); ?>
+<?php if (!extension_loaded("curl")) exit("skip curl extension not loaded");
+if (PHP_INT_SIZE != 8) die('skip 64-bit only'); ?>
 --FILE--
 <?php
 

ext/exif/tests/exif_tagname_variation1.phpt

@@ -1,7 +1,9 @@
 --TEST--
 Test exif_tagname() function : usage variations  - different types for index argument
 --SKIPIF--
-<?php if (!extension_loaded('exif')) print 'skip exif extension not available';?>
+<?php if (!extension_loaded('exif')) print 'skip exif extension not available';
+if (PHP_INT_SIZE != 8) die('skip 64-bit only');
+?>
 --FILE--
 <?php
 

ext/gd/tests/imagecolorallocate_variation2.phpt

@@ -8,6 +8,7 @@ if(!extension_loaded('gd')) {
 if(!function_exists('imagecreatetruecolor')) {
     die('skip imagecreatetruecolor function is not available');
 }
+if (PHP_INT_SIZE != 8) die('skip 64-bit only');
 ?> 
 --FILE--
 <?php

ext/gd/tests/imagecolorallocate_variation4.phpt

@@ -8,6 +8,7 @@ if(!extension_loaded('gd')) {
 if(!function_exists('imagecreatetruecolor')) {
     die('skip imagecreatetruecolor function is not available');
 }
+if (PHP_INT_SIZE != 8) die('skip 64-bit only');
 ?>
 --FILE--
 <?php
@@ -210,4 +211,4 @@ int(657920)
 
 Warning: imagecolorallocate() expects parameter 4 to be long, resource given in %s on line %d
 NULL
-===DONE===
+===DONE===

ext/intl/tests/bug53512.phpt

@@ -1,7 +1,9 @@
 --TEST--
 Bug #53512 (NumberFormatter::setSymbol crash on bogus $attr values)
 --SKIPIF--
-<?php if( !extension_loaded( 'intl' ) ) print 'skip'; ?>
+<?php if( !extension_loaded( 'intl' ) ) die('skip');
+if (PHP_INT_SIZE != 8) die('skip 64-bit only');
+?>
 --FILE--
 <?php
 

ext/intl/tests/bug61487.phpt

@@ -1,7 +1,9 @@
 --TEST--
 grapheme() str[i]pos limits
 --SKIPIF--
-<?php if( !extension_loaded( 'intl' ) ) print 'skip'; ?>
+<?php if( !extension_loaded( 'intl' ) ) die('skip'); 
+if (PHP_INT_SIZE != 8) die('skip 64-bit only');
+?>
 --FILE--
 <?php
 var_dump(grapheme_stripos(1,1,2147483648));

ext/intl/tests/collator_get_locale2.phpt

@@ -3,6 +3,7 @@ get_locale() icu >= 4.8
 --SKIPIF--
 <?php if( !extension_loaded( 'intl' ) ) print 'skip'; ?>
 <?php if(version_compare(INTL_ICU_VERSION, '4.8') < 0) print 'skip'; ?>
+<?php if (PHP_INT_SIZE != 8) die('skip 64-bit only'); ?>
 --FILE--
 <?php
 

ext/intl/tests/dateformat_get_locale.phpt

@@ -1,7 +1,9 @@
 --TEST--
 datefmt_get_locale_code()
 --SKIPIF--
-<?php if( !extension_loaded( 'intl' ) ) print 'skip'; ?>
+<?php if( !extension_loaded( 'intl' ) ) die('skip');
+if (PHP_INT_SIZE != 8) die('skip 64-bit only');
+?>
 --FILE--
 <?php
 

ext/intl/tests/formatter_get_set_symbol2.phpt

@@ -3,6 +3,7 @@ numfmt_get/set_symbol() icu >= 4.8
 --SKIPIF--
 <?php if( !extension_loaded( 'intl' ) ) print 'skip'; ?>
 <?php if(version_compare(INTL_ICU_VERSION, '4.8') < 0) print 'skip'; ?>
+<?php if (PHP_INT_SIZE != 8) die('skip 64-bit only'); ?>
 --FILE--
 <?php
 

ext/mbstring/tests/mb_encode_mimeheader_variation5.phpt

@@ -4,6 +4,7 @@ Test mb_encode_mimeheader() function : usage variations - Pass different data ty
 <?php
 extension_loaded('mbstring') or die('skip');
 function_exists('mb_encode_mimeheader') or die("skip mb_encode_mimeheader() is not available in this build");
+if (PHP_INT_SIZE != 8) die('skip 64-bit only');
 ?>
 --FILE--
 <?php

ext/mbstring/tests/mb_split_variation3.phpt

@@ -4,6 +4,7 @@ Test mb_split() function : usage variations  - different parameter types for lim
 <?php
 extension_loaded('mbstring') or die('skip');
 function_exists('mb_split') or die("skip mb_split() is not available in this build");
+if (PHP_INT_SIZE != 8) die('skip 64-bit only');
 ?>
 --FILE--
 <?php
@@ -328,4 +329,4 @@ array(1) {
 
 Warning: mb_split() expects parameter 3 to be long, resource given in %s on line %d
 bool(false)
-Done
+Done

ext/mbstring/tests/mb_stripos_variation3.phpt

@@ -4,6 +4,7 @@ Test mb_stripos() function : usage variations - pass different data types as $of
 <?php
 extension_loaded('mbstring') or die('skip');
 function_exists('mb_stripos') or die("skip mb_stripos() is not available in this build");
+if (PHP_INT_SIZE != 8) die('skip 64-bit only');
 ?>
 --FILE--
 <?php

ext/mbstring/tests/mb_strpos_variation3.phpt

@@ -4,6 +4,7 @@ Test mb_strpos() function : usage variations - pass different data types as $off
 <?php
 extension_loaded('mbstring') or die('skip');
 function_exists('mb_strpos') or die("skip mb_strpos() is not available in this build");
+if (PHP_INT_SIZE != 8) die('skip 64-bit only');
 ?>
 --FILE--
 <?php

ext/mbstring/tests/mb_strripos_variation3_Bug45923.phpt

@@ -4,6 +4,7 @@ Test mb_strripos() function : usage variations - pass different data types as $o
 <?php
 extension_loaded('mbstring') or die('skip');
 function_exists('mb_strripos') or die("skip mb_strripos() is not available in this build");
+if (PHP_INT_SIZE != 8) die('skip 64-bit only');
 ?>
 --FILE--
 <?php

ext/standard/tests/serialize/bug68594.phpt

@@ -0,0 +1,23 @@
+--TEST--
+Bug #68545 Use after free vulnerability in unserialize()
+--FILE--
+<?php
+for ($i=4; $i<100; $i++) {
+	$m = new StdClass();
+
+	$u = array(1);
+
+	$m->aaa = array(1,2,&$u,4,5);
+	$m->bbb = 1;
+	$m->ccc = &$u;
+	$m->ddd = str_repeat("A", $i);
+
+	$z = serialize($m);
+	$z = str_replace("bbb", "aaa", $z);
+	$y = unserialize($z);
+	$z = serialize($y);
+}
+?>
+===DONE===
+--EXPECTF--
+===DONE===