Merge branch 'PHP-5.5-security' into PHP-5.5.24

* PHP-5.5-security: (22 commits)
  Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
  Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
  Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
  updated NEWS
  added test for bug #69354
  revert skipif, this should run everywhere
  further ODBC 3.0 compliance
  more compliance with the ODBC 3.0
  test fixes
  Prevent GC from changing zval or object 'color' before they are actually inserted into possible roots buffer.
  sigh, can't even copypaste without screwing up
  oop, put both the error number and message for both db object to the error message
  test fixes
  Fixed bug #69281 (opcache_is_script_cached no longer works)
  Fix typo: unitialized -> uninitialized
  Fix typo: unitialized -> uninitialized
  Fixed bug #68739 (Missing break / control flow). Fixed bug #68740 (NULL Pointer Dereference). Fixed bug #68677 (Use After Free).
  Fixed bug #68739 (Missing break / control flow in curl)
  Fixed bug #68740 (NULL Pointer Dereference)
  Fixed bug #68677 (Use After Free in OPcache)
  ...

Conflicts:
	configure.in
	ext/curl/tests/bug69316.phpt
	main/php_version.h

2 files changed, 3 insertions, 8 deletions

diff --git a/Zend/tests/bug43201.phpt b/Zend/tests/bug43201.phpt
index 89e1b66727..53bb5ba98d 100644
--- a/Zend/tests/bug43201.phpt
+++ b/Zend/tests/bug43201.phpt
@@ -1,5 +1,5 @@
 --TEST--
-Bug #43201 (Crash on using unitialized vals and __get/__set)
+Bug #43201 (Crash on using uninitialized vals and __get/__set)
 --FILE--
 <?php
 class Foo {
diff --git a/Zend/zend_gc.c b/Zend/zend_gc.c
index 55ca456fd0..83458db631 100644
--- a/Zend/zend_gc.c
+++ b/Zend/zend_gc.c
@@ -147,8 +147,6 @@ ZEND_API void gc_zval_possible_root(zval *zv TSRMLS_DC)
 	GC_BENCH_INC(zval_possible_root);
 
 	if (GC_ZVAL_GET_COLOR(zv) != GC_PURPLE) {
-		GC_ZVAL_SET_PURPLE(zv);
-
 		if (!GC_ZVAL_ADDRESS(zv)) {
 			gc_root_buffer *newRoot = GC_G(unused);
 
@@ -159,7 +157,6 @@ ZEND_API void gc_zval_possible_root(zval *zv TSRMLS_DC)
 				GC_G(first_unused)++;
 			} else {
 				if (!GC_G(gc_enabled)) {
-					GC_ZVAL_SET_BLACK(zv);
 					return;
 				}
 				zv->refcount__gc++;
@@ -169,10 +166,10 @@ ZEND_API void gc_zval_possible_root(zval *zv TSRMLS_DC)
 				if (!newRoot) {
 					return;
 				}
-				GC_ZVAL_SET_PURPLE(zv);
 				GC_G(unused) = newRoot->prev;
 			}
 
+			GC_ZVAL_SET_PURPLE(zv);
 			newRoot->next = GC_G(roots).next;
 			newRoot->prev = &GC_G(roots);
 			GC_G(roots).next->prev = newRoot;
@@ -203,7 +200,6 @@ ZEND_API void gc_zobj_possible_root(zval *zv TSRMLS_DC)
 
 	obj = &EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(zv)].bucket.obj;
 	if (GC_GET_COLOR(obj->buffered) != GC_PURPLE) {
-		GC_SET_PURPLE(obj->buffered);
 		if (!GC_ADDRESS(obj->buffered)) {
 			gc_root_buffer *newRoot = GC_G(unused);
 
@@ -214,7 +210,6 @@ ZEND_API void gc_zobj_possible_root(zval *zv TSRMLS_DC)
 				GC_G(first_unused)++;
 			} else {
 				if (!GC_G(gc_enabled)) {
-					GC_ZVAL_SET_BLACK(zv);
 					return;
 				}
 				zv->refcount__gc++;
@@ -225,10 +220,10 @@ ZEND_API void gc_zobj_possible_root(zval *zv TSRMLS_DC)
 					return;
 				}
 				obj = &EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(zv)].bucket.obj;
-				GC_SET_PURPLE(obj->buffered);
 				GC_G(unused) = newRoot->prev;
 			}
 
+			GC_SET_PURPLE(obj->buffered);
 			newRoot->next = GC_G(roots).next;
 			newRoot->prev = &GC_G(roots);
 			GC_G(roots).next->prev = newRoot;