Log message:
Update php55 to 5.5.26.

11 Jun 2015, PHP 5.5.26

- Core:
  . Fixed bug #69566 (Conditional jump or move depends on uninitialised value
    in extension trait). (jbboehr at gmail dot com)
  . Fixed bug #66048 (temp. directory is cached during multiple requests).
    (Julien)
  . Fixed bug #69628 (complex GLOB_BRACE fails on Windows).
    (Christoph M. Becker)
  . Fixed bug #69646 (OS command injection vulnerability in escapeshellarg).
    (Anatol Belski)
  . Fixed bug #69719 (Incorrect handling of paths with NULs). (Stas)

- FTP:
  . Improved fix for bug #69545 (Integer overflow in ftp_genlist()
    resulting in heap overflow). (Max Spelsberg)

- GD:
  . Fixed bug #69479 (GD fails to build with newer libvpx). (Remi)

- Iconv:
  . Fixed bug #48147 (iconv with //IGNORE cuts the string). (Stas)

- Litespeed SAPI:
  . Fixed bug #68812 (Unchecked return value). (George Wang)

- Mail:
  . Fixed bug #68776 (mail() does not have mail header injection prevention for
    additional headers). (Yasuo)

- MCrypt:
  . Added file descriptor caching to mcrypt_create_iv() (Leigh)

- Opcache
  . Fixed bug #69549 (Memory leak with opcache.optimization_level=0xFFFFFFFF).
    (Laruence, Dmitry)

- PCRE:
  . Upgraded pcrelib to 8.37. (CVE-2015-2325, CVE-2015-2326)

- Phar:
  . Fixed bug #69680 (phar symlink in binary directory broken).
    (Matteo Bernardini, Remi)

- Postgres:
  . Fixed bug #69667 (segfault in php_pgsql_meta_data). (Remi)

- Sqlite3:
  . Upgrade bundled sqlite to 3.8.10.2. (CVE-2015-3414, CVE-2015-3415,
    CVE-2015-3416) (Kaplan)

Log message:
Update php55 to 5.5.25.

14 May 2015, PHP 5.5.25

- Core:
  . Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability). (Stas)
  . Fixed bug #69403 (str_repeat() sign mismatch based memory corruption).
    (Stas)
  . Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (Stas)
  . Fixed bug #69522 (heap buffer overflow in unpack()). (Stas)
  . Fixed bug #69467 (Wrong checked for the interface by using Trait).
    (Laruence)
  . Fixed bug #69420 (Invalid read in zend_std_get_method). (Laruence)
  . Fixed bug #60022 ("use statement [...] has no effect" depends on \ 
leading
    backslash). (Nikita)
  . Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer).
    (Dmitry)
  . Fixed bug #68652 (segmentation fault in destructor). (Dmitry)
  . Fixed bug #69419 (Returning compatible sub generator produces a warning).
    (Nikita)
  . Fixed bug #69472 (php_sys_readlink ignores misc errors from
    GetFinalPathNameByHandleA). (Jan Starke)

- FTP:
  . Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap
    overflow). (Stas)

- ODBC:
  . Fixed bug #69474 (ODBC: Query with same field name from two tables returns
    incorrect result). (Anatol)
  . Fixed bug #69381 (out of memory with sage odbc driver). (Frederic Marchall,
    Anatol Belski)

- OpenSSL:
  . Fixed bug #69402 (Reading empty SSL stream hangs until timeout).
    (Daniel Lowrey)

- PCNTL:
  . Fixed bug #68598 (pcntl_exec() should not allow null char). (Stas)

- Phar:
  . Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry filename
    starts with null). (Stas)

Log message:
Update php55 to 5.5.24.

16 Apr 2015, PHP 5.5.24

- Apache2handler:
  . Fixed bug #69218 (potential remote code execution with apache 2.4
    apache2handler). (Gerrit Venema)

- Core:
  . Fixed bug #66609 (php crashes with __get() and ++ operator in some cases).
    (Dmitry, Laruence)
  . Fixed bug #67626 (User exceptions not properly handled in streams).
    (Julian)
  . Fixed bug #68021 (get_browser() browser_name_regex returns non-utf-8
    characters). (Tjerk)
  . Fixed bug #68917 (parse_url fails on some partial urls). (Wei Dai)
  . Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM
    configuration options). (Anatol Belski)
  . Additional fix for bug #69152 (Type confusion vulnerability in
    exception::getTraceAsString). (Stas)
  . Fixed bug #69212 (Leaking VIA_HANDLER func when exception thrown in
    __call/... arg passing). (Nikita)
  . Fixed bug #69221 (Segmentation fault when using a generator in combination
    with an Iterator). (Nikita)
  . Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion
    vulnerability). (Stas)
  . Fixed bug #69353 (Missing null byte checks for paths in various PHP
    extensions). (Stas)

- Curl:
  . Implemented FR#69278 (HTTP2 support). (Masaki Kagaya)
  . Fixed bug #69316 (Use-after-free in php_curl related to
    CURLOPT_FILE/_INFILE/_WRITEHEADER). (Laruence)

- Date:
  . Export date_get_immutable_ce so that it can be used by extensions. (Derick
    Rethans)
  . Fixed bug #69336 (Issues with "last day of <monthname>"). \ 
(Derick Rethans)

- Enchant:
  . Fixed bug #65406 (Enchant broker plugins are in the wrong place in windows
    builds). (Anatol)

- Fileinfo:
  . Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or
    segfault). (Anatol Belski)

- Filter:
  . Fixed bug #69202 (FILTER_FLAG_STRIP_BACKTICK ignored unless other
    flags are used). (Jeff Welch)
  . Fixed bug #69203 (FILTER_FLAG_STRIP_HIGH doesn't strip ASCII 127). (Jeff
    Welch)

- Mbstring:
  . Fixed bug #68846 (False detection of CJK Unified Ideographs Extension E).
    (Masaki Kagaya)

- OPCache
   . Fixed bug #68677 (Use After Free). (CVE-2015-1351) (Laruence)
   . Fixed bug #69281 (opcache_is_script_cached no longer works). (danack)

- OpenSSL:
  . Fixed bug #67403 (Add signatureType to openssl_x509_parse).
  . Add a check for RAND_egd to allow compiling against LibreSSL (Leigh)

- Phar:
  . Fixed bug #64343 (PharData::extractTo fails for tarball created by BSD tar).
    (Mike)
  . Fixed bug #64931 (phar_add_file is too restrictive on filename). (Mike)
  . Fixed bug #65467 (Call to undefined method cli_arg_typ_string). (Mike)
  . Fixed bug #67761 (Phar::mapPhar fails for Phars inside a path containing
    ".tar"). (Mike)
  . Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (Stas)
  . Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in
    phar_set_inode). (Stas)

- Postgres:
  . Fixed bug #68741 (Null pointer dereference). (CVE-2015-1352) (Laruence)

- SPL:
  . Fixed bug #69227 (Use after free in zval_scan caused by
     spl_object_storage_get_gc). (adam dot scarr at 99designs dot com)

- SOAP:
  . Fixed bug #69293 (NEW segfault when using SoapClient::__setSoapHeader
     (bisected, regression)). (thomas at shadowweb dot org, Laruence)

- SQLITE:
  . Fixed bug #68760 (SQLITE segfaults if custom collator throws an exception).
     (Dan Ackroyd)
  . Fixed bug #69287 (Upgrade bundled sqlite to 3.8.8.3). (Anatol)

Log message:
Update php55 to 5.5.23, including security fix.

19 Mar 2015, PHP 5.5.23

- Core:
  . Fixed bug #69174 (leaks when unused inner class use traits precedence).
    (Laruence)
  . Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize).
    (Laruence)
  . Fixed bug #69121 (Segfault in get_current_user when script owner is not
    in passwd with ZTS build). (dan at syneto dot net)
  . Fixed bug #65593 (Segfault when calling ob_start from output buffering
    callback). (Mike)
  . Fixed bug #69017 (Fail to push to the empty array with the constant value
    defined in class scope). (Laruence)
  . Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file
    not validated in memory.c). (nayana at ddproperty dot com)
  . Fixed bug #68166 (Exception with invalid character causes segv). (Rasmus)
  . Fixed bug #69141 (Missing arguments in reflection info for some builtin
    functions). (kostyantyn dot lysyy at oracle dot com)
  . Fixed bug #68976 (Use After Free Vulnerability in unserialize()). (Stas)
  . Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM
    configuration options). (Anatol Belski)
  . Fixed bug #69207 (move_uploaded_file allows nulls in path). (Stas)

- CGI:
  . Fixed bug #69015 (php-cgi's getopt does not see $argv). (Laruence)

- CLI:
  . Fixed bug #67741 (auto_prepend_file messes up __LINE__). (Reeze Xia)

- cURL:
  . Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL on
    Win32). (Grant Pannell)
  . Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported
    by libcurl. (Linus Unneback)

- Ereg:
  . Fixed bug #69248 (heap overflow vulnerability in regcomp.c). (Stas)

- FPM:
  . Fixed bug #68822 (request time is reset too early). (honghu069 at 163 dot com)

- ODBC:
  . Fixed bug #68964 (Allowed memory size exhausted with odbc_exec). (Anatol)

- Opcache:
  . Fixed bug #69125 (Array numeric string as key). (Laruence)
  . Fixed bug #69038 (switch(SOMECONSTANT) misbehaves). (Laruence)

- OpenSSL:
  . Fixed bugs #61285, #68329, #68046, #41631 (encrypted streams don't observe
    socket timeouts). (Brad Broerman)

- pgsql:
  . Fixed bug #68638 (pg_update() fails to store infinite values).
    (william dot welter at 4linux dot com dot br, Laruence)

- Readline:
  . Fixed bug #69054 (Null dereference in readline_(read|write)_history() without
    parameters). (Laruence)

- SOAP:
  . Fixed bug #69085 (SoapClient's __call() type confusion through
    unserialize()). (andrea dot palazzo at truel dot it, Laruence)

- SPL:
  . Fixed bug #69108 ("Segmentation fault" when (de)serializing
    SplObjectStorage). (Laruence)
  . Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after
    calling getChildren()). (Julien)

- ZIP:
  . Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap
    boundary) (CVE-2015-2331). (Stas)

Log message:
Add a comment to the patch.

Log message:
Fix problem by PHP_BASE_VERS related changes.

Log message:
Well, the fpm_sockets.c patch doesn't belong in php-fpm, but
rather in the PHP package proper, and there's three of them.
Copy and adapt as necessary.
No revision bump here: only build fix for NetBSD with TCP_INFO.

Log message:
Update php55 to 5.5.22 (PHP 5.5.22).

19 Feb 2015, PHP 5.5.22

- Core:
  . Fixed bug #67068 (getClosure returns somethings that's not a closure).
    (Danack at basereality dot com)
  . Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname
    buffer overflow). (Stas)
  . Fixed bug #68942 (Use after free vulnerability in unserialize() with
    DateTimeZone). (CVE-2015-0273) (Stas)
  . Added NULL byte protection to exec, system and passthru. (Yasuo)
  . Removed support for multi-line headers, as the are deprecated by RFC 7230.
    (Stas)

- Date:
  . Fixed bug #45081 (strtotime incorrectly interprets SGT time zone). (Derick)

- Dba:
  . Fixed bug #68711 (useless comparisons). (bugreports at internot dot info)

- Enchant:
  . Fixed bug #6855 (heap buffer overflow in enchant_broker_request_dict()).
    (Antony)

- Fileinfo:
  . Fixed bug #68827 (Double free with disabled ZMM). (Joshua Rogers)

- FPM:
  . Fixed bug #66479 (Wrong response to FCGI_GET_VALUES). (Frank Stolle)
  . Fixed bug #68571 (core dump when webserver close the socket).
    (redfoxli069 at gmail dot com, Laruence)

- Libxml:
  . Fixed bug #64938 (libxml_disable_entity_loader setting is shared
    between threads). (Martin Jansen)

- OpenSSL:
  . Fixed bug #55618 (use case-insensitive cert name matching).
    (Daniel Lowrey)

- PDO_mysql:
  . Fixed bug #68750 (PDOMysql with mysqlnd does not allow the usage of
    named pipes). (steffenb198@aol.com)

- Phar:
  . Fixed bug #68901 (use after free). (bugreports at internot dot info)

- Pgsql:
  . Fixed Bug #65199 'pg_copy_from() modifies input array variable). (Yasuo)

- Sqlite3:
  . Fixed bug #68260 (SQLite3Result::fetchArray declares wrong
    required_num_args). (Julien)

- Mysqli:
  . Fixed bug #68114 (linker error on some OS X machines with fixed
    width decimal support) (Keyur Govande)
  . Fixed bug #68657 (Reading 4 byte floats with Mysqli and libmysqlclient
    has rounding errors) (Keyur Govande)

- Session:
  . Fixed bug #68941 (mod_files.sh is a bash-script) (bugzilla at ii.nl, Yasuo)
  . Fixed Bug #66623 (no EINTR check on flock) (Yasuo)
  . Fixed bug #68063 (Empty session IDs do still start sessions) (Yasuo)

- Standard:
  . Fixed bug #65272 (flock() out parameter not set correctly in windows).
    (Daniel Lowrey)
  . Fixed bug #69033 (Request may get env. variables from previous requests
    if PHP works as FastCGI)

- Streams:
  . Fixed bug which caused call after final close on streams filter. (Bob)

Log message:
Fix CVE-2015-0273 php: #68942 Use after free vulnerability in
unserialize() with DateTimeZone

Reviewed by wiz@

Log message:
Update php55 to 5.5.21.

22 Jan 2014, PHP 5.5.21

- Core:
  . Upgraded crypt_blowfish to version 1.3. (Leigh)
  . Fixed bug #60704 (unlink() bug with some files path).
  . Fixed bug #65419 (Inside trait, self::class != __CLASS__). (Julien)
  . Fixed bug #65576 (Constructor from trait conflicts with inherited
    constructor). (dunglas at gmail dot com)
  . Fixed bug #55541 (errors spawn MessageBox, which blocks test automation).
    (Anatol)
  . Fixed bug #68297 (Application Popup provides too few information). (Anatol)
  . Fixed bug #65769 (localeconv() broken in TS builds). (Anatol)
  . Fixed bug #65230 (setting locale randomly broken). (Anatol)
  . Fixed bug #66764 (configure doesn't define EXPANDED_DATADIR / PHP_DATADIR
    correctly). (Ferenc)
  . Fixed bug #68583 (Crash in timeout thread). (Anatol)
  . Fixed bug #68594 (Use after free vulnerability in unserialize()).
    (CVE-2014-8142) (Stefan Esser)
  . Fixed bug #68676 (Explicit Double Free). (Kalle)
  . Fixed bug #68710 (Use After Free Vulnerability in PHP's unserialize()).
    (CVE-2015-0231) (Stefan Esser)

- CGI:
  . Fixed bug #68618 (out of bounds read crashes php-cgi).(CVE-2014-9427)
    (Stas)

- CLI server:
  . Fixed bug #68745 (Invalid HTTP requests make web server segfault). (Adam)

- cURL:
  . Fixed bug #67643 (curl_multi_getcontent returns '' when
    CURLOPT_RETURNTRANSFER isn't set). (Jille Timmermans)

- EXIF:
  . Fixed bug #68799: Free called on unitialized pointer. (CVE-2015-0232)
    (Stas)

- Fileinfo:
  . Fixed bug #68671 (incorrect expression in libmagic).
    (Joshua Rogers, Anatol Belski)
  . Removed readelf.c and related code from libmagic sources
    (Remi, Anatol)
  . Fixed bug #68735 (fileinfo out-of-bounds memory access).
    (Anatol)

- FPM:
  . Fixed bug #68751 (listen.allowed_clients is broken). (Remi)

- GD:
  . Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (Jan Bee, Remi)

- Mbstring:
  . Fixed bug #68504 (--with-libmbfl configure option not present on Windows).
    (Ashesh Vashi)

- Mcrypt:
  . Fixed possible read after end of buffer and use after free. (Dmitry)

- Opcache:
  . Fixed bug #67111 (Memory leak when using "continue 2" inside two \ 
foreach
    loops). (Nikita)

- OpenSSL:
  . Fixed bug #55618 (use case-insensitive cert name matching). (Daniel Lowrey)

- Pcntl:
  . Fixed bug #60509 (pcntl_signal doesn't decrease ref-count of old handler
    when setting SIG_DFL). (Julien)

- PCRE:
  . Fixed bug #66679 (Alignment Bug in PCRE 8.34 upstream).
    (Rainer Jung, Anatol Belski)

- pgsql:
  . Fixed bug #68697 (lo_export return -1 on failure). (Ondřej Surý)

- PDO:
  . Fixed bug #68371 (PDO#getAttribute() cannot be called with platform-specific
    attribute names). (Matteo)

- PDO_mysql:
  . Fixed bug #68424 (Add new PDO mysql connection attr to control multi
    statements option). (peter dot wolanin at acquia dot com)

- SPL:
  . Fixed bug #66405 (RecursiveDirectoryIterator::CURRENT_AS_PATHNAME
    breaks the RecursiveIterator). (Paul Garvin)
  . Fixed bug #65213 (cannot cast SplFileInfo to boolean) (Tjerk)
  . Fixed bug #68479 (Added escape parameter to SplFileObject::fputcsv). (Salathe)

- SQLite:
  . Fixed bug #68120 (Update bundled libsqlite to 3.8.7.2). (Anatol)

- Streams:
  . Fixed bug #68532 (convert.base64-encode omits padding bytes).
    (blaesius at krumedia dot de)