Merge branch 'master' into test

* master: (39 commits)
  Add __debugInfo() to UPGRADING.
  fix TS build
  Update NEWS
  Update NEWS
  Update NEWS
  Small tidy ups and raise visibility of GitHub PR process
  Bug #41631: Observe socket read timeouts in SSL streams
  wrap int8_t and int16_t with #ifdef to avoid possible clashes
  - Updated to version 2014.6 (2014f)
  Removed Countable::count() change info from UPGRADE.INTERNALS too
  NEWS and UPGRADING for intdiv()
  Revert "Add SO_REUSEPORT + SO_BROADCAST support via socket stream context option"
  Fixed skip case for intdiv 64-bit test
  Use callback structure
  Add EXPECTF
  Fix handling of multi-result sets with PS...used to clean not only the result set but the whole PS.
  5.5.17 now
  5.4.33-dev now
  Add SO_REUSEPORT + SO_BROADCAST support via socket stream context option
  Add SO_REUSEPORT + SO_BROADCAST support via socket stream context option
  ...

Conflicts:
	ext/fileinfo/libmagic/softmagic.c
	main/streams/xp_socket.c

NEWS

@@ -16,6 +16,7 @@ PHP                                                                        NEWS
 - Standard:
   . Removed call_user_method() and call_user_method_array() functions. (Kalle)
   . Fix user session handlers (See rfc:session.user.return-value). (Sara)
+  . Added intdiv() function. (Andrea)
 
 - XSL:
   . Fixed bug #64776 (The XSLT extension is not thread safe). (Mike)

README.SUBMITTING_PATCH

@@ -17,7 +17,7 @@ Online Forums
 -------------
 There are several IRC channels where PHP developers are often
 available to discuss questions.  They include #php.pecl and #php.doc
-on the EFNet network and #php-dev-win on FreeNode.
+on the EFNet network and #winphp-dev on FreeNode.
 
 
 PHP Patches
@@ -33,27 +33,17 @@ and discuss it on the development mail list internals@lists.php.net.
 RFC Wiki accounts can be requested on
 http://wiki.php.net/start?do=register.  PHP extension maintainers can
 be found in the EXTENSIONS file in the PHP source.  Mail list
-subscription is explained on http://www.php.net/mailing-lists.php.
+subscription is explained on http://php.net/mailing-lists.php.
 
 Information on PHP internal C functions is at
-http://www.php.net/internals, though this is considered incomplete.
-Various external resources can be found on the web.  A standard
+http://php.net/internals, though this is considered incomplete.
+Various external resources can be found on the web.  See
+https://wiki.php.net/internals for some references.  A standard
 printed reference is the book "Extending and Embedding PHP" by Sara
 Golemon.
 
-Attach the patch to the PHP bug and consider sending a notification
-email about the change to internals@lists.php.net.  Also CC the
-extension maintainer.  Explain what has been changed by your patch.
-Test scripts should be included.
-
-Please make the mail subject prefix "[PATCH]".  If attaching a patch,
-ensure it has a file extension of ".txt".  This is because only MIME
-attachments of type 'text/*' are accepted.
-
 The preferred way to propose PHP patch is sending pull request from
-github.
-
-https://github.com/php/php-src
+GitHub: https://github.com/php/php-src
 
 Fork the official PHP repository and send a pull request. A
 notification will be sent to the pull request mailing list. Sending a
@@ -61,6 +51,17 @@ note to PHP Internals list (internals@lists.php.net) may help getting
 more feedback and quicker turnaround.  You can also add pull requests
 to bug reports at http://bugs.php.net/.
 
+If you are not using GitHub, attach your patch to a PHP bug and
+consider sending a notification email about the change to
+internals@lists.php.net.  If the bug is for an extension, also CC the
+extension maintainer.  Explain what has been changed by your patch.
+Test scripts should be included.
+
+Please make the mail subject prefix "[PATCH]".  If attaching a patch,
+ensure it has a file extension of ".txt".  This is because only MIME
+attachments of type 'text/*' are accepted.
+
+
 
 PHP Documentation Patches
 -------------------------
@@ -71,7 +72,7 @@ the PHP mail archives.
 
 If your change is large, then first discuss it with the mail list
 phpdoc@lists.php.net.  Subscription is explained on
-http://www.php.net/mailing-lists.php.
+http://php.net/mailing-lists.php.
 
 Information on contributing to PHP documentation is at
 http://php.net/dochowto and http://wiki.php.net/doc/howto

UPGRADING

@@ -28,6 +28,8 @@ PHP X.Y UPGRADE NOTES
 2. New Features
 ========================================
 
+- Standard
+  . intdiv() function for integer division added.
 
 ========================================
 3. Changes in SAPI modules
@@ -69,7 +71,7 @@ PHP X.Y UPGRADE NOTES
 ========================================
 
 - Core
-  , PHP_INT_MIN added.
+  . PHP_INT_MIN added.
 
 ========================================
 11. Changes to INI File Handling

ext/fileinfo/data_file.c

@@ -121057,7 +121057,7 @@ const unsigned char php_magic_database[2803888] = {
 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
 0x00, 0x00, 0x40, 0x00, 0x3D, 0x1B, 0x11, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
-0x00, 0x00, 0x00, 0x00, 0x34, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
+0x00, 0x00, 0x00, 0x00, 0x34, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
 0x5E, 0x5C, 0x73, 0x7B, 0x30, 0x2C, 0x31, 0x30, 0x30, 0x7D, 0x42, 0x45, 0x47, 0x49, 0x4E, 0x5C, 
 0x73, 0x7B, 0x30, 0x2C, 0x31, 0x30, 0x30, 0x7D, 0x5B, 0x7B, 0x5D, 0x00, 0x00, 0x00, 0x00, 0x00, 
 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 

ext/fileinfo/libmagic/softmagic.c

@@ -67,7 +67,7 @@ private int32_t mprint(struct magic_set *, struct magic *);
 private int32_t moffset(struct magic_set *, struct magic *);
 private void mdebug(uint32_t, const char *, size_t);
 private int mcopy(struct magic_set *, union VALUETYPE *, int, int,
-    const unsigned char *, uint32_t, size_t, size_t);
+    const unsigned char *, uint32_t, size_t, struct magic *);
 private int mconvert(struct magic_set *, struct magic *, int);
 private int print_sep(struct magic_set *, int);
 private int handle_annotation(struct magic_set *, struct magic *);
@@ -1041,7 +1041,7 @@ mdebug(uint32_t offset, const char *str, size_t len)
 
 private int
 mcopy(struct magic_set *ms, union VALUETYPE *p, int type, int indir,
-    const unsigned char *s, uint32_t offset, size_t nbytes, size_t linecnt)
+    const unsigned char *s, uint32_t offset, size_t nbytes, struct magic *m)
 {
 	/*
 	 * Note: FILE_SEARCH and FILE_REGEX do not actually copy
@@ -1061,15 +1061,24 @@ mcopy(struct magic_set *ms, union VALUETYPE *p, int type, int indir,
 			const char *last;	/* end of search region */
 			const char *buf;	/* start of search region */
 			const char *end;
-			size_t lines;
+			size_t lines, linecnt, bytecnt;
 
+			linecnt = m->str_range;
+			bytecnt = linecnt * 80;
+
+			if (bytecnt == 0) {
+				bytecnt = 8192;
+			}
+			if (bytecnt > nbytes) {
+				bytecnt = nbytes;
+			}
 			if (s == NULL) {
 				ms->search.s_len = 0;
 				ms->search.s = NULL;
 				return 0;
 			}
 			buf = RCAST(const char *, s) + offset;
-			end = last = RCAST(const char *, s) + nbytes;
+			end = last = RCAST(const char *, s) + bytecnt;
 			/* mget() guarantees buf <= last */
 			for (lines = linecnt, b = buf; lines && b < end &&
 			     ((b = CAST(const char *,
@@ -1082,7 +1091,7 @@ mcopy(struct magic_set *ms, union VALUETYPE *p, int type, int indir,
 					b++;
 			}
 			if (lines)
-				last = RCAST(const char *, s) + nbytes;
+				last = RCAST(const char *, s) + bytecnt;
 
 			ms->search.s = buf;
 			ms->search.s_len = last - buf;
@@ -1153,7 +1162,6 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m,
     int *need_separator, int *returnval)
 {
 	uint32_t soffset, offset = ms->offset;
-	uint32_t count = m->str_range;
 	int rv, oneed_separator, in_type;
 	char *sbuf, *rbuf;
 	union VALUETYPE *p = &ms->ms_value;
@@ -1165,13 +1173,12 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m,
 	}
 
 	if (mcopy(ms, p, m->type, m->flag & INDIR, s, (uint32_t)(offset + o),
-	    (uint32_t)nbytes, count) == -1)
+	    (uint32_t)nbytes, m) == -1)
 		return -1;
 
 	if ((ms->flags & MAGIC_DEBUG) != 0) {
 		fprintf(stderr, "mget(type=%d, flag=%x, offset=%u, o=%zu, "
-		    "nbytes=%zu, count=%u)\n", m->type, m->flag, offset, o,
-		    nbytes, count);
+		    "nbytes=%zu)\n", m->type, m->flag, offset, o, nbytes);
 		mdebug(offset, (char *)(void *)p, sizeof(union VALUETYPE));
 	}
 
@@ -1664,7 +1671,7 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m,
 			if ((ms->flags & MAGIC_DEBUG) != 0)
 				fprintf(stderr, "indirect +offs=%u\n", offset);
 		}
-		if (mcopy(ms, p, m->type, 0, s, offset, nbytes, count) == -1)
+		if (mcopy(ms, p, m->type, 0, s, offset, nbytes, m) == -1)
 			return -1;
 		ms->offset = offset;
 
@@ -2092,7 +2099,9 @@ magiccheck(struct magic_set *ms, struct magic *m)
 			zval subpats;
 			char *haystack;
 			
+			ZVAL_NULL(&retval);
 			ZVAL_NULL(&subpats);
+
 			/* Cut the search len from haystack, equals to REG_STARTEND */
 			haystack = estrndup(ms->search.s, ms->search.s_len);
 

ext/fileinfo/magicdata.patch

@@ -1,4 +1,58 @@
-Patches applied to file sources tree before generating magic.mgc
+Patches applied to file 5.17 sources tree before generating magic.mgc
 and before running create_data_file.php to create data_file.c.
 
 
+
+From 0b478f445b6b7540b58af5d1fe583fa9e48fd745 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Wed, 28 May 2014 19:52:36 +0000
+Subject: [PATCH] further optimize awk by not looking for the BEGIN regex until
+ we found the BEGIN (Jan Kaluza)
+
+---
+ magic/Magdir/commands | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/magic/Magdir/commands b/magic/Magdir/commands
+index bfffdef..26b2869 100644
+--- a/magic/Magdir/commands
++++ b/magic/Magdir/commands
+@@ -49,7 +49,8 @@
+ !:mime	text/x-awk
+ 0	string/wt	#!\ /usr/bin/awk	awk script text executable
+ !:mime	text/x-awk
+-0	regex		=^\\s{0,100}BEGIN\\s{0,100}[{]	awk script text
++0       search/16384    BEGIN
++>0	regex		=^\\s{0,100}BEGIN\\s{0,100}[{]	awk script text
+ 
+ # AT&T Bell Labs' Plan 9 shell
+ 0	string/wt	#!\ /bin/rc	Plan 9 rc shell script text executable
+-- 
+2.0.3
+
+From 71a8b6c0d758acb0f73e2e51421a711b5e9d6668 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Fri, 30 May 2014 16:48:44 +0000
+Subject: [PATCH] Limit regex search for BEGIN to the first 4K of the file.
+
+---
+ magic/Magdir/commands | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/magic/Magdir/commands b/magic/Magdir/commands
+index 26b2869..bcd0f43 100644
+--- a/magic/Magdir/commands
++++ b/magic/Magdir/commands
+@@ -49,8 +49,7 @@
+ !:mime	text/x-awk
+ 0	string/wt	#!\ /usr/bin/awk	awk script text executable
+ !:mime	text/x-awk
+-0       search/16384    BEGIN
+->0	regex		=^\\s{0,100}BEGIN\\s{0,100}[{]	awk script text
++0	regex/4096	=^\\s{0,100}BEGIN\\s{0,100}[{]	awk script text
+ 
+ # AT&T Bell Labs' Plan 9 shell
+ 0	string/wt	#!\ /bin/rc	Plan 9 rc shell script text executable
+-- 
+2.0.3
+

ext/fileinfo/tests/cve-2014-3538.phpt

@@ -0,0 +1,35 @@
+--TEST--
+Bug #66731: file: extensive backtraking
+--SKIPIF--
+<?php
+if (!class_exists('finfo'))
+	die('skip no fileinfo extension');
+--FILE--
+<?php
+$fd = __DIR__.'/cve-2014-3538.data';
+
+file_put_contents($fd,
+  'try:' .
+  str_repeat("\n", 1000000));
+
+$fi = finfo_open(FILEINFO_NONE);
+$t = microtime(true);
+var_dump(finfo_file($fi, $fd));
+$t = microtime(true) - $t;
+finfo_close($fi);
+if ($t < 1) {
+	echo "Ok\n";
+} else {
+	printf("Failed, time=%.2f\n", $t);
+}
+
+?>
+Done
+--CLEAN--
+<?php
+@unlink(__DIR__.'/cve-2014-3538.data');
+?>
+--EXPECTF--
+string(%d) "%s"
+Ok
+Done

ext/ftp/ftp.c

@@ -136,7 +136,7 @@ ftp_open(const char *host, short port, long timeout_sec TSRMLS_DC)
 
 	ftp->fd = php_network_connect_socket_to_host(host,
 			(unsigned short) (port ? port : 21), SOCK_STREAM,
-			0, &tv, NULL, NULL, NULL, 0 TSRMLS_CC);
+			0, &tv, NULL, NULL, NULL, 0, STREAM_SOCKOP_NONE TSRMLS_CC);
 	if (ftp->fd == -1) {
 		goto bail;
 	}

ext/gd/libgd/gdxpm.c

@@ -31,12 +31,17 @@ gdImagePtr gdImageCreateFromXpm (char *filename)
 	if (ret != XpmSuccess) {
 		return 0;
 	}
+	number = image.ncolors;
+	for(i = 0; i < number; i++) {
+		if (!image.colorTable[i].c_color) {
+			goto done;
+		}
+	}
 
 	if (!(im = gdImageCreate(image.width, image.height))) {
 		goto done;
 	}
 
-	number = image.ncolors;
 	colors = (int *) safe_emalloc(number, sizeof(int), 0);
 	for (i = 0; i < number; i++) {
 		switch (strlen (image.colorTable[i].c_color)) {

ext/mysqli/tests/mysqli_stmt_multires.phpt

@@ -0,0 +1,120 @@
+--TEST--
+Multiple result set with PS
+--SKIPIF--
+<?php
+require_once('skipif.inc');
+require_once("connect.inc");
+if (!$IS_MYSQLND) {
+    die("skip mysqlnd only test");
+}
+require_once('skipifconnectfailure.inc');
+?>
+--FILE--
+<?php
+	require_once("connect.inc");
+	require('table.inc');
+
+	$stmt = mysqli_stmt_init($link);
+	if (!$link->query('DROP PROCEDURE IF EXISTS p123')) {
+		printf("[001] [%d] %s\n", $link->error, $link->errno);
+	}
+
+	if (!$link->query("CREATE PROCEDURE p123() BEGIN SELECT id+12, CONCAT_WS('-',label,'ahoi') FROM test ORDER BY id LIMIT 1; SELECT id + 42, CONCAT_WS('---',label, label) FROM test ORDER BY id LIMIT 1; END")) {
+		printf("[002] [%d] %s\n", $link->error, $link->errno);
+	}
+	
+	if (!($stmt = $link->prepare("CALL p123"))) {
+		printf("[003] [%d] %s\n", $stmt->error, $stmt->errno);
+	}
+
+	if (!$stmt->execute()) {
+		printf("[005] [%d] %s\n", $stmt->error, $stmt->errno);
+	}
+
+	$c_id = NULL;
+	$c_label = NULL;
+	if (!$stmt->bind_result($c_id, $c_label)) {
+		printf("[004] [%d] %s\n", $stmt->error, $stmt->errno);
+	}
+	var_dump("pre:",$c_id, $c_label);
+
+	if (!$stmt->fetch()) {
+		printf("[006] [%d] %s\n", $stmt->error, $stmt->errno);
+	}
+
+	var_dump("post:",$c_id, $c_label);
+
+	if ($stmt->fetch()) {
+		printf("[007] Shouldn't have fetched anything\n");
+		var_dump($c_id, $c_label);
+	}
+
+	if ($stmt->fetch()) {
+		printf("[008] No more rows expected\n");
+	}
+
+	if (!$stmt->more_results()) {
+		printf("[009] Expected more results\n");
+	} else {
+		var_dump("[009] next_result:", $stmt->next_result());
+	}
+
+	if (!$stmt->bind_result($c_id, $c_label)) {
+		printf("[010] [%d] %s\n", $stmt->error, $stmt->errno);
+	}
+	var_dump("pre:",$c_id, $c_label);
+
+	if (!$stmt->fetch()) {
+		printf("[011] [%d] %s\n", $stmt->error, $stmt->errno);
+	}
+
+	var_dump("post:",$c_id, $c_label);
+
+	if ($stmt->fetch()) {
+		printf("[012] No more rows expected\n");
+	}
+
+	if (!$stmt->more_results()) {
+		printf("[013] Expected more results\n");
+	} else {
+		var_dump("[013] next_result:", $stmt->next_result());
+	}
+
+	if ($stmt->more_results()) {
+		printf("[014] No more results expected\n");
+	} else {
+		printf("[014] No result, as expected\n");
+	}
+
+	$stmt->close();
+	$link->close();
+
+
+	echo "done";
+?>
+--CLEAN--
+<?php
+	require_once("connect.inc");
+	if (!$link->query('DROP PROCEDURE IF EXISTS p123')) {
+		printf("[001] [%d] %s\n", $link->error, $link->errno);
+	}
+?>
+--EXPECTF--
+string(4) "pre:"
+NULL
+NULL
+string(5) "post:"
+int(13)
+string(6) "a-ahoi"
+string(18) "[009] next_result:"
+bool(true)
+string(4) "pre:"
+int(13)
+string(6) "a-ahoi"
+string(5) "post:"
+int(43)
+string(5) "a---a"
+string(18) "[013] next_result:"
+bool(true)
+[014] No result, as expected
+done

ext/mysqlnd/mysqlnd_ps.c

@@ -43,7 +43,6 @@ enum_func_status mysqlnd_stmt_execute_batch_generate_request(MYSQLND_STMT * cons
 static void mysqlnd_stmt_separate_result_bind(MYSQLND_STMT * const stmt TSRMLS_DC);
 static void mysqlnd_stmt_separate_one_result_bind(MYSQLND_STMT * const stmt, unsigned int param_no TSRMLS_DC);
 
-
 /* {{{ mysqlnd_stmt::store_result */
 static MYSQLND_RES *
 MYSQLND_METHOD(mysqlnd_stmt, store_result)(MYSQLND_STMT * const s TSRMLS_DC)
@@ -246,7 +245,7 @@ MYSQLND_METHOD(mysqlnd_stmt, next_result)(MYSQLND_STMT * s TSRMLS_DC)
 	DBG_INF_FMT("server_status=%u cursor=%u", stmt->upsert_status->server_status, stmt->upsert_status->server_status & SERVER_STATUS_CURSOR_EXISTS);
 
 	/* Free space for next result */
-	s->m->free_stmt_content(s TSRMLS_CC);
+	s->m->free_stmt_result(s TSRMLS_CC);
 	{
 		enum_func_status ret = s->m->parse_execute_response(s TSRMLS_CC);
 		DBG_RETURN(ret);
@@ -2069,6 +2068,37 @@ mysqlnd_stmt_separate_one_result_bind(MYSQLND_STMT * const s, unsigned int param
 /* }}} */
 
 
+/* {{{ mysqlnd_stmt::free_stmt_result */
+static void
+MYSQLND_METHOD(mysqlnd_stmt, free_stmt_result)(MYSQLND_STMT * const s TSRMLS_DC)
+{
+	MYSQLND_STMT_DATA * stmt = s? s->data:NULL;
+	DBG_ENTER("mysqlnd_stmt::free_stmt_result");
+	if (!stmt) {
+		DBG_VOID_RETURN;
+	}
+
+	/*
+	  First separate the bound variables, which point to the result set, then
+	  destroy the set.
+	*/
+	mysqlnd_stmt_separate_result_bind(s TSRMLS_CC);
+	/* Not every statement has a result set attached */
+	if (stmt->result) {
+		stmt->result->m.free_result_internal(stmt->result TSRMLS_CC);
+		stmt->result = NULL;
+	}
+	if (stmt->error_info->error_list) {
+		zend_llist_clean(stmt->error_info->error_list);
+		mnd_pefree(stmt->error_info->error_list, s->persistent);
+		stmt->error_info->error_list = NULL;
+	}
+
+	DBG_VOID_RETURN;
+}
+/* }}} */
+
+
 /* {{{ mysqlnd_stmt::free_stmt_content */
 static void
 MYSQLND_METHOD(mysqlnd_stmt, free_stmt_content)(MYSQLND_STMT * const s TSRMLS_DC)
@@ -2099,22 +2129,7 @@ MYSQLND_METHOD(mysqlnd_stmt, free_stmt_content)(MYSQLND_STMT * const s TSRMLS_DC
 		stmt->param_bind = NULL;
 	}
 
-	/*
-	  First separate the bound variables, which point to the result set, then
-	  destroy the set.
-	*/
-	mysqlnd_stmt_separate_result_bind(s TSRMLS_CC);
-	/* Not every statement has a result set attached */
-	if (stmt->result) {
-		stmt->result->m.free_result_internal(stmt->result TSRMLS_CC);
-		stmt->result = NULL;
-	}
-	if (stmt->error_info->error_list) {
-		zend_llist_clean(stmt->error_info->error_list);
-		mnd_pefree(stmt->error_info->error_list, s->persistent);
-		stmt->error_info->error_list = NULL;
-	}
-
+	s->m->free_stmt_result(s TSRMLS_CC);
 	DBG_VOID_RETURN;
 }
 /* }}} */
@@ -2333,7 +2348,8 @@ MYSQLND_CLASS_METHODS_START(mysqlnd_stmt)
 	mysqlnd_stmt_execute_generate_request,
 	mysqlnd_stmt_execute_parse_response,
 	MYSQLND_METHOD(mysqlnd_stmt, free_stmt_content),
-	MYSQLND_METHOD(mysqlnd_stmt, flush)
+	MYSQLND_METHOD(mysqlnd_stmt, flush),
+	MYSQLND_METHOD(mysqlnd_stmt, free_stmt_result)
 MYSQLND_CLASS_METHODS_END;
 
 

ext/mysqlnd/mysqlnd_structs.h

@@ -786,6 +786,7 @@ typedef enum_func_status 	(*func_mysqlnd_stmt__generate_execute_request)(MYSQLND
 typedef enum_func_status	(*func_mysqlnd_stmt__parse_execute_response)(MYSQLND_STMT * const s TSRMLS_DC);
 typedef void 				(*func_mysqlnd_stmt__free_stmt_content)(MYSQLND_STMT * const s TSRMLS_DC);
 typedef enum_func_status	(*func_mysqlnd_stmt__flush)(MYSQLND_STMT * const stmt TSRMLS_DC);
+typedef void 				(*func_mysqlnd_stmt__free_stmt_result)(MYSQLND_STMT * const s TSRMLS_DC);
 
 struct st_mysqlnd_stmt_methods
 {
@@ -841,6 +842,8 @@ struct st_mysqlnd_stmt_methods
 	func_mysqlnd_stmt__free_stmt_content free_stmt_content;
 
 	func_mysqlnd_stmt__flush flush;
+
+	func_mysqlnd_stmt__free_stmt_result free_stmt_result;
 };
 
 

ext/openssl/xp_ssl.c

@@ -1768,13 +1768,59 @@ static size_t php_openssl_sockop_write(php_stream *stream, const char *buf, size
 }
 /* }}} */
 
+static void php_openssl_stream_wait_for_data(php_netstream_data_t *sock)
+{
+	int retval;
+	struct timeval *ptimeout;
+
+	if (sock->socket == -1) {
+		return;
+	}
+	
+	sock->timeout_event = 0;
+
+	if (sock->timeout.tv_sec == -1)
+		ptimeout = NULL;
+	else
+		ptimeout = &sock->timeout;
+
+	while(1) {
+		retval = php_pollfd_for(sock->socket, PHP_POLLREADABLE, ptimeout);
+
+		if (retval == 0)
+			sock->timeout_event = 1;
+
+		if (retval >= 0)
+			break;
+
+		if (php_socket_errno() != EINTR)
+			break;
+	}
+}
+
 static size_t php_openssl_sockop_read(php_stream *stream, char *buf, size_t count TSRMLS_DC) /* {{{ */
 {
 	php_openssl_netstream_data_t *sslsock = (php_openssl_netstream_data_t*)stream->abstract;
+	php_netstream_data_t *sock;
 	int nr_bytes = 0;
 
 	if (sslsock->ssl_active) {
 		int retry = 1;
+		sock = (php_netstream_data_t*)stream->abstract;
+
+		/* The SSL_read() function will block indefinitely waiting for data on a blocking
+		   socket. If we don't poll for readability first this operation has the potential
+		   to hang forever. To avoid this scenario we poll with a timeout before performing
+		   the actual read. If it times out we're finished.
+		*/
+		if (sock->is_blocked) {
+			php_openssl_stream_wait_for_data(sock);
+			if (sock->timeout_event) {
+				stream->eof = 1;
+				php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSL read operation timed out");
+				return nr_bytes;
+			}
+		}
 
 		do {
 			nr_bytes = SSL_read(sslsock->ssl_handle, buf, count);

ext/standard/basic_functions.c

@@ -1758,6 +1758,11 @@ ZEND_BEGIN_ARG_INFO(arginfo_fmod, 0)
 	ZEND_ARG_INFO(0, x)
 	ZEND_ARG_INFO(0, y)
 ZEND_END_ARG_INFO()
+
+ZEND_BEGIN_ARG_INFO(arginfo_intdiv, 0)
+	ZEND_ARG_INFO(0, numerator)
+	ZEND_ARG_INFO(0, divisor)
+ZEND_END_ARG_INFO()
 /* }}} */
 /* {{{ md5.c */
 ZEND_BEGIN_ARG_INFO_EX(arginfo_md5, 0, 0, 1)
@@ -2894,6 +2899,7 @@ const zend_function_entry basic_functions[] = { /* {{{ */
 	PHP_FE(base_convert,													arginfo_base_convert)
 	PHP_FE(number_format,													arginfo_number_format)
 	PHP_FE(fmod,															arginfo_fmod)
+	PHP_FE(intdiv,															arginfo_intdiv)
 #ifdef HAVE_INET_NTOP
 	PHP_RAW_NAMED_FE(inet_ntop,		php_inet_ntop,								arginfo_inet_ntop)
 #endif

ext/standard/info.c

@@ -587,6 +587,14 @@ PHPAPI zend_string *php_get_uname(char mode)
 
 		php_get_windows_cpu(wincpu, sizeof(wincpu));
 		dwBuild = (DWORD)(HIWORD(dwVersion));
+		
+		/* Windows "version" 6.2 could be Windows 8/Windows Server 2012, but also Windows 8.1/Windows Server 2012 R2 */
+		if (dwWindowsMajorVersion == 6 && dwWindowsMinorVersion == 2) {
+			if (strncmp(winver, "Windows 8.1", 11) == 0 || strncmp(winver, "Windows Server 2012 R2", 22) == 0) {
+				dwWindowsMinorVersion = 3;
+			}
+		}
+		
 		snprintf(tmp_uname, sizeof(tmp_uname), "%s %s %d.%d build %d (%s) %s",
 				 "Windows NT", ComputerName,
 				 dwWindowsMajorVersion, dwWindowsMinorVersion, dwBuild, winver?winver:"unknown", wincpu);

ext/standard/math.c

@@ -1406,7 +1406,28 @@ PHP_FUNCTION(fmod)
 }
 /* }}} */
 
-
+/* {{{ proto int intdiv(int numerator, int divisor)
+   Returns the integer division of the numerator by the divisor */
+PHP_FUNCTION(intdiv) 
+{
+	long numerator, divisor;
+	
+	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ll", &numerator, &divisor) == FAILURE) {
+		return;
+	}
+	
+	if (divisor == 0) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Division by zero");
+		RETURN_BOOL(0);
+	} else if (divisor == -1 && numerator == LONG_MIN) {
+		/* Prevent overflow error/crash 
+		   We don't return a float here as that violates function contract */
+		RETURN_LONG(0);
+	}
+	
+	RETURN_LONG(numerator/divisor);
+}
+/* }}} */ 
 
 /*
  * Local variables:

ext/standard/php_math.h

@@ -66,6 +66,7 @@ PHP_FUNCTION(number_format);
 PHP_FUNCTION(fmod);
 PHP_FUNCTION(deg2rad);
 PHP_FUNCTION(rad2deg);
+PHP_FUNCTION(intdiv);
 
    /*
    WARNING: these functions are expermental: they could change their names or 

ext/standard/tests/math/intdiv.phpt

@@ -0,0 +1,25 @@
+--TEST--
+intdiv functionality
+--FILE--
+<?php
+var_dump(intdiv(3, 2));
+var_dump(intdiv(-3, 2));
+var_dump(intdiv(3, -2));
+var_dump(intdiv(-3, -2));
+var_dump(intdiv(PHP_INT_MAX, PHP_INT_MAX));
+var_dump(intdiv(-PHP_INT_MAX - 1, -PHP_INT_MAX - 1));
+var_dump(intdiv(-PHP_INT_MAX - 1, -1));
+var_dump(intdiv(1, 0));
+
+?>
+--EXPECTF--
+int(1)
+int(-1)
+int(-1)
+int(1)
+int(1)
+int(1)
+int(0)
+
+Warning: intdiv(): Division by zero in %s on line 9
+bool(false)

ext/standard/tests/math/intdiv_64bit.phpt

@@ -0,0 +1,15 @@
+--TEST--
+intdiv functionality
+--SKIPIF--
+<?php
+if (PHP_INT_SIZE !== 8) {
+    die("skip this test is for 64-bit platforms only");
+}
+?>
+--FILE--
+<?php
+// (int)(PHP_INT_MAX / 3) gives a different result
+var_dump(intdiv(PHP_INT_MAX, 3));
+?>
+--EXPECTF--
+int(3074457345618258602)

ext/zlib/tests/bug67724.phpt

@@ -0,0 +1,26 @@
+--TEST--
+Bug #67724 (chained zlib filters silently fail with large amounts of data)
+--SKIPIF--
+<?php
+extension_loaded("zlib") or die("skip need ext/zlib");
+?>
+--FILE--
+<?php
+echo "Test\n";
+
+$f = fopen(__DIR__."/bug67724.gz.gz", "rb")
+	or die(current(error_get_last()));
+stream_filter_append($f, "zlib.inflate", STREAM_FILTER_READ, ["window" => 30]);
+stream_filter_append($f, "zlib.inflate", STREAM_FILTER_READ, ["window" => 30]);
+for ($i = 0; !feof($f); $i += strlen(fread($f, 0x1000)))
+	;
+fclose($f);
+
+var_dump($i);
+
+?>
+DONE
+--EXPECT--
+Test
+int(25600000)
+DONE

ext/zlib/zlib_filter.c

@@ -302,7 +302,8 @@ static php_stream_filter *php_zlib_filter_create(const char *filtername, zval *f
 
 	data->strm.zalloc = (alloc_func) php_zlib_alloc;
 	data->strm.zfree = (free_func) php_zlib_free;
-	data->strm.avail_out = data->outbuf_len = data->inbuf_len = 2048;
+	data->strm.avail_out = data->outbuf_len = 0x8000;
+	data->inbuf_len = 2048;
 	data->strm.next_in = data->inbuf = (Bytef *) pemalloc(data->inbuf_len, persistent);
 	if (!data->inbuf) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed allocating %zd bytes", data->inbuf_len);

main/network.c

@@ -416,13 +416,14 @@ static inline void sub_times(struct timeval a, struct timeval b, struct timeval
  * */
 /* {{{ php_network_bind_socket_to_local_addr */
 php_socket_t php_network_bind_socket_to_local_addr(const char *host, unsigned port,
-		int socktype, char **error_string, int *error_code
+		int socktype, long sockopts, char **error_string, int *error_code
 		TSRMLS_DC)
 {
 	int num_addrs, n, err = 0;
 	php_socket_t sock;
 	struct sockaddr **sal, **psal, *sa;
 	socklen_t socklen;
+	int sockoptval = 1;
 
 	num_addrs = php_network_getaddresses(host, socktype, &psal, error_string TSRMLS_CC);
 
@@ -464,9 +465,16 @@ php_socket_t php_network_bind_socket_to_local_addr(const char *host, unsigned po
 			/* attempt to bind */
 
 #ifdef SO_REUSEADDR
-			{
-				int val = 1;
-				setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char*)&val, sizeof(val));
+			setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char*)&sockoptval, sizeof(sockoptval));
+#endif
+#ifdef SO_REUSEPORT
+			if (sockopts & STREAM_SOCKOP_SO_REUSEPORT) {
+				setsockopt(sock, SOL_SOCKET, SO_REUSEPORT, (char*)&sockoptval, sizeof(sockoptval));
+			}
+#endif
+#ifdef SO_BROADCAST
+			if (sockopts & STREAM_SOCKOP_SO_BROADCAST) {
+				setsockopt(sock, SOL_SOCKET, SO_BROADCAST, (char*)&sockoptval, sizeof(sockoptval));
 			}
 #endif
 
@@ -764,7 +772,7 @@ PHPAPI php_socket_t php_network_accept_incoming(php_socket_t srvsock,
 /* {{{ php_network_connect_socket_to_host */
 php_socket_t php_network_connect_socket_to_host(const char *host, unsigned short port,
 		int socktype, int asynchronous, struct timeval *timeout, char **error_string,
-		int *error_code, char *bindto, unsigned short bindport
+		int *error_code, char *bindto, unsigned short bindport, long sockopts
 		TSRMLS_DC)
 {
 	int num_addrs, n, fatal = 0;
@@ -866,6 +874,7 @@ php_socket_t php_network_connect_socket_to_host(const char *host, unsigned short
 					}
 				}
 #endif
+
 				if (!local_address || bind(sock, local_address, local_address_len)) {
 					php_error_docref(NULL TSRMLS_CC, E_WARNING, "failed to bind to '%s:%d', system said: %s", bindto, bindport, strerror(errno));
 				}
@@ -880,6 +889,14 @@ skip_bind:
 				*error_string = NULL;
 			}
 
+#ifdef SO_BROADCAST
+			{
+				int val = 1;
+				if (sockopts & STREAM_SOCKOP_SO_BROADCAST) {
+					setsockopt(sock, SOL_SOCKET, SO_BROADCAST, (char*)&val, sizeof(val));
+				}
+			}
+#endif
 			n = php_network_connect_socket(sock, sa, socklen, asynchronous,
 					timeout ? &working_timeout : NULL,
 					error_string, error_code);

main/php_network.h

@@ -105,6 +105,11 @@ typedef int php_socket_t;
 # define SOCK_RECV_ERR -1
 #endif
 
+#define STREAM_SOCKOP_NONE         1 << 0
+#define STREAM_SOCKOP_SO_REUSEPORT 1 << 1
+#define STREAM_SOCKOP_SO_BROADCAST 1 << 2
+
+
 /* uncomment this to debug poll(2) emulation on systems that have poll(2) */
 /* #define PHP_USE_POLL_2_EMULATION 1 */
 
@@ -229,7 +234,7 @@ PHPAPI void php_network_freeaddresses(struct sockaddr **sal);
 
 PHPAPI php_socket_t php_network_connect_socket_to_host(const char *host, unsigned short port,
 		int socktype, int asynchronous, struct timeval *timeout, char **error_string,
-		int *error_code, char *bindto, unsigned short bindport 
+		int *error_code, char *bindto, unsigned short bindport, long sockopts
 		TSRMLS_DC);
 
 PHPAPI int php_network_connect_socket(php_socket_t sockfd,
@@ -244,7 +249,7 @@ PHPAPI int php_network_connect_socket(php_socket_t sockfd,
 	php_network_connect_socket((sock), (addr), (addrlen), 0, (timeout), NULL, NULL)
 
 PHPAPI php_socket_t php_network_bind_socket_to_local_addr(const char *host, unsigned port,
-		int socktype, char **error_string, int *error_code
+		int socktype, long sockopts, char **error_string, int *error_code
 		TSRMLS_DC);
 
 PHPAPI php_socket_t php_network_accept_incoming(php_socket_t srvsock,

main/streams/xp_socket.c

@@ -582,6 +582,8 @@ static inline int php_tcp_sockop_bind(php_stream *stream, php_netstream_data_t *
 {
 	char *host = NULL;
 	int portno, err;
+	long sockopts = STREAM_SOCKOP_NONE;
+	zval *tmpzval = NULL;
 
 #ifdef AF_UNIX
 	if (stream->ops == &php_stream_unix_socket_ops || stream->ops == &php_stream_unixdg_socket_ops) {
@@ -611,8 +613,28 @@ static inline int php_tcp_sockop_bind(php_stream *stream, php_netstream_data_t *
 		return -1;
 	}
 
+#ifdef SO_REUSEPORT
+	if (PHP_STREAM_CONTEXT(stream)
+		&& (tmpzval = php_stream_context_get_option(PHP_STREAM_CONTEXT(stream), "socket", "so_reuseport")) != NULL
+		&& zend_is_true(tmpzval TSRMLS_CC)
+	) {
+		sockopts |= STREAM_SOCKOP_SO_REUSEPORT;
+	}
+#endif
+
+#ifdef SO_BROADCAST
+	if (stream->ops == &php_stream_udp_socket_ops /* SO_BROADCAST is only applicable for UDP */
+		&& PHP_STREAM_CONTEXT(stream)
+		&& (tmpzval = php_stream_context_get_option(PHP_STREAM_CONTEXT(stream), "socket", "so_broadcast")) != NULL
+		&& zend_is_true(tmpzval TSRMLS_CC)
+	) {
+		sockopts |= STREAM_SOCKOP_SO_BROADCAST;
+	}
+#endif
+
 	sock->socket = php_network_bind_socket_to_local_addr(host, portno,
 			stream->ops == &php_stream_udp_socket_ops ? SOCK_DGRAM : SOCK_STREAM,
+			sockopts,
 			xparam->want_errortext ? &xparam->outputs.error_text : NULL,
 			&err
 			TSRMLS_CC);
@@ -632,6 +654,7 @@ static inline int php_tcp_sockop_connect(php_stream *stream, php_netstream_data_
 	int err = 0;
 	int ret;
 	zval *tmpzval = NULL;
+	long sockopts = STREAM_SOCKOP_NONE;
 
 #ifdef AF_UNIX
 	if (stream->ops == &php_stream_unix_socket_ops || stream->ops == &php_stream_unixdg_socket_ops) {
@@ -677,6 +700,16 @@ static inline int php_tcp_sockop_connect(php_stream *stream, php_netstream_data_
 		bindto = parse_ip_address_ex(Z_STRVAL_P(tmpzval), Z_STRLEN_P(tmpzval), &bindport, xparam->want_errortext, &xparam->outputs.error_text TSRMLS_CC);
 	}
 
+#ifdef SO_BROADCAST
+	if (stream->ops == &php_stream_udp_socket_ops /* SO_BROADCAST is only applicable for UDP */
+		&& PHP_STREAM_CONTEXT(stream)
+		&& (tmpzval = php_stream_context_get_option(PHP_STREAM_CONTEXT(stream), "socket", "so_broadcast")) != NULL
+		&& zend_is_true(tmpzval TSRMLS_CC)
+	) {
+		sockopts |= STREAM_SOCKOP_SO_BROADCAST;
+	}
+#endif
+
 	/* Note: the test here for php_stream_udp_socket_ops is important, because we
 	 * want the default to be TCP sockets so that the openssl extension can
 	 * re-use this code. */
@@ -688,7 +721,8 @@ static inline int php_tcp_sockop_connect(php_stream *stream, php_netstream_data_
 			xparam->want_errortext ? &xparam->outputs.error_text : NULL,
 			&err,
 			bindto,
-			bindport
+			bindport,
+			sockopts
 			TSRMLS_CC);
 	
 	ret = sock->socket == -1 ? -1 : 0;

win32/php_stdint.h

@@ -66,8 +66,12 @@
 // 7.18.1 Integer types
 
 // 7.18.1.1 Exact-width integer types
+#ifndef int8_t
 typedef __int8            int8_t;
+#endif
+#ifndef int16_t
 typedef __int16           int16_t;
+#endif
 #ifndef int32_t
 typedef __int32           int32_t;
 #endif