Merge branch 'master' into sccp

* master: (43 commits)
  Keep information about SSA variables, that may be modified indirectly.
  Added constants for known ldap controls OID and tests for ldap_get/set_option for controls
  Added support for controls to ldap_get_option
  [ci skip] sync NEWS
  NEWS for oniguruma
  Patch from the upstream git kkos/oniguruma#60 (CVE-2017-9228)
  Patch from the upstream git kkos/oniguruma#59 (CVE-2017-9229) b690371bbf97794b4a1d3f295d4fb9a8b05d402d Modified for onig 5.9.6
  Patch from the upstream git kkos/oniguruma#58 (CVE-2017-9227)
  Patch from the upstream git kkos/oniguruma#57 (CVE-2017-9224)
  Patch from the upstream git kkos/oniguruma#55 (CVE-2017-9226) b4bf968ad52afe14e60a2dc8a95d3555c543353a Modified for onig 5.9.6 f015fbdd95f76438cd86366467bb2b39870dd7c6 Modified for onig 5.9.6
  valid_symbol_table removed
  Improve fix for #74145
  Fix wddx
  Fix tests
  Fixed bug #74111
  Fix bug #74603 - use correct buffer size
  Fix bug #74651 - check EVP_SealInit as it can return -1
  Update NEWS
  Fix bug #74087
  Fixed parsing of strange formats with mixed month/day and time strings
  ...

Author: dstogov

UPGRADING.INTERNALS

@@ -8,6 +8,7 @@ PHP 7.2 INTERNALS UPGRADE NOTES
   e. IS_TYPE_IMMUTABLE removed
   f. zend_arg_info.class_name removed
   g. ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX changed
+  h. valid_symbol_table removed
 
 2. Build system changes
   a. Unix build system changes
@@ -44,6 +45,9 @@ PHP 7.2 INTERNALS UPGRADE NOTES
      use ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX for simple type
      use ZEND_BEGIN_ARG_WITH_RETURN_OBJ_INFO_EX for object
 
+  h. valid_symbol_table is removed from executor_globals.
+     Use EG(active) instead of removed EG(valid_symbol_table)
+
 ========================
 2. Build system changes
 ========================

Zend/tests/bug74603.ini

@@ -0,0 +1 @@
+0=0&~2000000000

Zend/tests/bug74603.phpt

@@ -0,0 +1,15 @@
+--TEST--
+Bug #74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability)
+--SKIPIF--
+<?php
+if (PHP_INT_MAX !== 2147483647)
+        die('skip for 32-bit only');
+--FILE--
+<?php
+var_dump(parse_ini_file(__DIR__ . "/bug74603.ini", true, INI_SCANNER_NORMAL));
+?>
+--EXPECT--
+array(1) {
+  [0]=>
+  string(1) "0"
+}

Zend/zend_ini_parser.y

@@ -55,7 +55,7 @@ static void zend_ini_do_op(char type, zval *result, zval *op1, zval *op2)
 	int i_result;
 	int i_op1, i_op2;
 	int str_len;
-	char str_result[MAX_LENGTH_OF_LONG];
+	char str_result[MAX_LENGTH_OF_LONG+1];
 
 	i_op1 = atoi(Z_STRVAL_P(op1));
 	zend_string_free(Z_STR_P(op1));