Merge branch 'PHP-5.5' into PHP-5.5.27

* PHP-5.5:
  Better fix for bug #69958
  update news
  Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM)
  Fix bug #69923 - Buffer overflow and stack smashing error in phar_fix_filepath
  Fix bug #69958 - Segfault in Phar::convertToData on invalid file
  add missing second argument for ucfirst to the proto
  Better fix for bug #69958
  Better fix for bug #69958
  update news
  Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM)
  Fix bug #69923 - Buffer overflow and stack smashing error in phar_fix_filepath
  Fix bug #69958 - Segfault in Phar::convertToData on invalid file
  fix unknown size of void error
  5.5.28 now - Security Only
  Move strlen() check to php_mail_detect_multiple_crlf()
  Fixed Bug #69874 : Can't set empty additional_headers for mail()

Conflicts:
	configure.in
	main/php_version.h

11 files changed, 201 insertions, 73 deletions

diff --git a/configure.in b/configure.in
index 3b50f85b0a..5e04545f7a 100644
--- a/configure.in
+++ b/configure.in
@@ -120,7 +120,7 @@ int zend_sprintf(char *buffer, const char *format, ...);
 PHP_MAJOR_VERSION=5
 PHP_MINOR_VERSION=5
 PHP_RELEASE_VERSION=27
-PHP_EXTRA_VERSION="RC1"
+PHP_EXTRA_VERSION=""
 PHP_VERSION="$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION"
 PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 10000 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION`
 
diff --git a/ext/mysqlnd/mysqlnd.c b/ext/mysqlnd/mysqlnd.c
index 7e982f56c5..c8563ee75b 100644
--- a/ext/mysqlnd/mysqlnd.c
+++ b/ext/mysqlnd/mysqlnd.c
@@ -400,7 +400,7 @@ MYSQLND_METHOD(mysqlnd_conn_data, set_server_option)(MYSQLND_CONN_DATA * const c
 
 		int2store(buffer, (unsigned int) option);
 		ret = conn->m->simple_command(conn, COM_SET_OPTION, buffer, sizeof(buffer), PROT_EOF_PACKET, FALSE, TRUE TSRMLS_CC);
-	
+
 		conn->m->local_tx_end(conn, this_func, ret TSRMLS_CC);
 	}
 	DBG_RETURN(ret);
@@ -464,27 +464,41 @@ mysqlnd_switch_to_ssl_if_needed(
 	}
 
 #ifdef MYSQLND_SSL_SUPPORTED
-	if ((greet_packet->server_capabilities & CLIENT_SSL) && (mysql_flags & CLIENT_SSL)) {
-		zend_bool verify = mysql_flags & CLIENT_SSL_VERIFY_SERVER_CERT? TRUE:FALSE;
-		DBG_INF("Switching to SSL");
-		if (!PACKET_WRITE(auth_packet, conn)) {
-			CONN_SET_STATE(conn, CONN_QUIT_SENT);
-			conn->m->send_close(conn TSRMLS_CC);
-			SET_CLIENT_ERROR(*conn->error_info, CR_SERVER_GONE_ERROR, UNKNOWN_SQLSTATE, mysqlnd_server_gone);
-			goto end;
-		}
+	if (mysql_flags & CLIENT_SSL) {
+		zend_bool server_has_ssl = (greet_packet->server_capabilities & CLIENT_SSL)? TRUE:FALSE;
+		if (server_has_ssl == FALSE) {
+			goto close_conn;
+		} else {
+			zend_bool verify = mysql_flags & CLIENT_SSL_VERIFY_SERVER_CERT? TRUE:FALSE;
+			DBG_INF("Switching to SSL");
+			if (!PACKET_WRITE(auth_packet, conn)) {
+				goto close_conn;
+			}
 
-		conn->net->data->m.set_client_option(conn->net, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, (const char *) &verify TSRMLS_CC);
+			conn->net->data->m.set_client_option(conn->net, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, (const char *) &verify TSRMLS_CC);
 
-		if (FAIL == conn->net->data->m.enable_ssl(conn->net TSRMLS_CC)) {
-			goto end;
+			if (FAIL == conn->net->data->m.enable_ssl(conn->net TSRMLS_CC)) {
+				goto end;
+			}
 		}
 	}
+#else
+	auth_packet->client_flags &= ~CLIENT_SSL;
+	if (!PACKET_WRITE(auth_packet, conn)) {
+		goto close_conn;
+	}
 #endif
 	ret = PASS;
 end:
 	PACKET_FREE(auth_packet);
 	DBG_RETURN(ret);
+
+close_conn:
+	CONN_SET_STATE(conn, CONN_QUIT_SENT);
+	conn->m->send_close(conn TSRMLS_CC);
+	SET_CLIENT_ERROR(*conn->error_info, CR_SERVER_GONE_ERROR, UNKNOWN_SQLSTATE, mysqlnd_server_gone);
+	PACKET_FREE(auth_packet);
+	DBG_RETURN(ret);
 }
 /* }}} */
 
@@ -1563,7 +1577,7 @@ MYSQLND_METHOD(mysqlnd_conn_data, sqlstate)(const MYSQLND_CONN_DATA * const conn
 
 
 /* {{{ mysqlnd_old_escape_string */
-PHPAPI ulong 
+PHPAPI ulong
 mysqlnd_old_escape_string(char * newstr, const char * escapestr, size_t escapestr_len TSRMLS_DC)
 {
 	DBG_ENTER("mysqlnd_old_escape_string");
@@ -1725,7 +1739,7 @@ MYSQLND_METHOD(mysqlnd_conn_data, statistic)(MYSQLND_CONN_DATA * conn, char **me
 
 			if (PASS == (ret = PACKET_READ(stats_header, conn))) {
 				/* will be freed by Zend, thus don't use the mnd_ allocator */
-				*message = estrndup(stats_header->message, stats_header->message_len); 
+				*message = estrndup(stats_header->message, stats_header->message_len);
 				*message_len = stats_header->message_len;
 				DBG_INF(*message);
 			}
@@ -1851,7 +1865,7 @@ MYSQLND_METHOD(mysqlnd_conn_data, shutdown)(MYSQLND_CONN_DATA * const conn, uint
 
 		conn->m->local_tx_end(conn, this_func, ret TSRMLS_CC);
 	}
-	DBG_RETURN(ret);	
+	DBG_RETURN(ret);
 }
 /* }}} */
 
@@ -2350,7 +2364,7 @@ MYSQLND_METHOD(mysqlnd_conn_data, set_client_option)(MYSQLND_CONN_DATA * const c
 				ret = FAIL;
 				break;
 			}
-				
+
 			new_charset_name = mnd_pestrdup(value, conn->persistent);
 			if (!new_charset_name) {
 				goto oom;
@@ -2429,11 +2443,11 @@ MYSQLND_METHOD(mysqlnd_conn_data, set_client_option)(MYSQLND_CONN_DATA * const c
 		default:
 			ret = FAIL;
 	}
-	conn->m->local_tx_end(conn, this_func, ret TSRMLS_CC);	
+	conn->m->local_tx_end(conn, this_func, ret TSRMLS_CC);
 	DBG_RETURN(ret);
 oom:
 	SET_OOM_ERROR(*conn->error_info);
-	conn->m->local_tx_end(conn, this_func, FAIL TSRMLS_CC);	
+	conn->m->local_tx_end(conn, this_func, FAIL TSRMLS_CC);
 end:
 	DBG_RETURN(FAIL);
 }
@@ -2510,7 +2524,7 @@ MYSQLND_METHOD(mysqlnd_conn_data, set_client_option_2d)(MYSQLND_CONN_DATA * cons
 	DBG_RETURN(ret);
 oom:
 	SET_OOM_ERROR(*conn->error_info);
-	conn->m->local_tx_end(conn, this_func, FAIL TSRMLS_CC);	
+	conn->m->local_tx_end(conn, this_func, FAIL TSRMLS_CC);
 end:
 	DBG_RETURN(FAIL);
 }
@@ -2551,7 +2565,7 @@ MYSQLND_METHOD(mysqlnd_conn_data, use_result)(MYSQLND_CONN_DATA * const conn TSR
 			conn->current_result = NULL;
 		} while (0);
 
-		conn->m->local_tx_end(conn, this_func, result == NULL? FAIL:PASS TSRMLS_CC);	
+		conn->m->local_tx_end(conn, this_func, result == NULL? FAIL:PASS TSRMLS_CC);
 	}
 
 	DBG_RETURN(result);
@@ -2591,7 +2605,7 @@ MYSQLND_METHOD(mysqlnd_conn_data, store_result)(MYSQLND_CONN_DATA * const conn T
 			conn->current_result = NULL;
 		} while (0);
 
-		conn->m->local_tx_end(conn, this_func, result == NULL? FAIL:PASS TSRMLS_CC);	
+		conn->m->local_tx_end(conn, this_func, result == NULL? FAIL:PASS TSRMLS_CC);
 	}
 	DBG_RETURN(result);
 }
@@ -2620,7 +2634,7 @@ MYSQLND_METHOD(mysqlnd_conn_data, set_autocommit)(MYSQLND_CONN_DATA * conn, unsi
 
 	if (PASS == conn->m->local_tx_start(conn, this_func TSRMLS_CC)) {
 		ret = conn->m->query(conn, (mode) ? "SET AUTOCOMMIT=1":"SET AUTOCOMMIT=0", sizeof("SET AUTOCOMMIT=1") - 1 TSRMLS_CC);
-		conn->m->local_tx_end(conn, this_func, ret TSRMLS_CC);	
+		conn->m->local_tx_end(conn, this_func, ret TSRMLS_CC);
 	}
 
 	DBG_RETURN(ret);
diff --git a/ext/phar/phar.c b/ext/phar/phar.c
index e7d7429610..4b9a493926 100644
--- a/ext/phar/phar.c
+++ b/ext/phar/phar.c
@@ -2141,7 +2141,7 @@ char *tsrm_strtok_r(char *s, const char *delim, char **last) /* {{{ */
  */
 char *phar_fix_filepath(char *path, int *new_len, int use_cwd TSRMLS_DC) /* {{{ */
 {
-	char newpath[MAXPATHLEN];
+	char *newpath;
 	int newpath_len;
 	char *ptr;
 	char *tok;
@@ -2149,8 +2149,10 @@ char *phar_fix_filepath(char *path, int *new_len, int use_cwd TSRMLS_DC) /* {{{
 
 	if (PHAR_G(cwd_len) && use_cwd && path_length > 2 && path[0] == '.' && path[1] == '/') {
 		newpath_len = PHAR_G(cwd_len);
+		newpath = emalloc(strlen(path) + newpath_len + 1);
 		memcpy(newpath, PHAR_G(cwd), newpath_len);
 	} else {
+		newpath = emalloc(strlen(path) + 2);
 		newpath[0] = '/';
 		newpath_len = 1;
 	}
@@ -2173,6 +2175,7 @@ char *phar_fix_filepath(char *path, int *new_len, int use_cwd TSRMLS_DC) /* {{{
 				if (*tok == '.') {
 					efree(path);
 					*new_len = 1;
+					efree(newpath);
 					return estrndup("/", 1);
 				}
 				break;
@@ -2180,9 +2183,11 @@ char *phar_fix_filepath(char *path, int *new_len, int use_cwd TSRMLS_DC) /* {{{
 				if (tok[0] == '.' && tok[1] == '.') {
 					efree(path);
 					*new_len = 1;
+					efree(newpath);
 					return estrndup("/", 1);
 				}
 		}
+		efree(newpath);
 		return path;
 	}
 
@@ -2231,7 +2236,8 @@ last_time:
 
 	efree(path);
 	*new_len = newpath_len;
-	return estrndup(newpath, newpath_len);
+	newpath[newpath_len] = '\0';
+	return erealloc(newpath, newpath_len + 1);
 }
 /* }}} */
 
diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c
index 0712b86f7b..46c3d7cb34 100644
--- a/ext/phar/phar_object.c
+++ b/ext/phar/phar_object.c
@@ -1252,7 +1252,7 @@ PHP_METHOD(Phar, __construct)
 	INIT_PZVAL(&arg2);
 	ZVAL_LONG(&arg2, flags);
 
-	zend_call_method_with_2_params(&zobj, Z_OBJCE_P(zobj), 
+	zend_call_method_with_2_params(&zobj, Z_OBJCE_P(zobj),
 		&spl_ce_RecursiveDirectoryIterator->constructor, "__construct", NULL, &arg1, &arg2);
 
 	if (!phar_data->is_persistent) {
@@ -1276,7 +1276,7 @@ PHP_METHOD(Phar, getSupportedSignatures)
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
-	
+
 	array_init(return_value);
 
 	add_next_index_stringl(return_value, "MD5", 3, 1);
@@ -1303,7 +1303,7 @@ PHP_METHOD(Phar, getSupportedCompression)
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
-	
+
 	array_init(return_value);
 	phar_request_initialize(TSRMLS_C);
 
@@ -1548,7 +1548,7 @@ phar_spl_fileinfo:
 			}
 			return ZEND_HASH_APPLY_STOP;
 		}
-		
+
 		base = temp;
 		base_len = strlen(base);
 
@@ -1737,7 +1737,7 @@ after_open_fp:
 /* {{{ proto array Phar::buildFromDirectory(string base_dir[, string regex])
  * Construct a phar archive from an existing directory, recursively.
  * Optional second parameter is a regular expression for filtering directory contents.
- * 
+ *
  * Return value is an array mapping phar index to actual files added.
  */
 PHP_METHOD(Phar, buildFromDirectory)
@@ -1773,7 +1773,7 @@ PHP_METHOD(Phar, buildFromDirectory)
 	INIT_PZVAL(&arg2);
 	ZVAL_LONG(&arg2, SPL_FILE_DIR_SKIPDOTS|SPL_FILE_DIR_UNIXPATHS);
 
-	zend_call_method_with_2_params(&iter, spl_ce_RecursiveDirectoryIterator, 
+	zend_call_method_with_2_params(&iter, spl_ce_RecursiveDirectoryIterator,
 			&spl_ce_RecursiveDirectoryIterator->constructor, "__construct", NULL, &arg, &arg2);
 
 	if (EG(exception)) {
@@ -1790,7 +1790,7 @@ PHP_METHOD(Phar, buildFromDirectory)
 		RETURN_FALSE;
 	}
 
-	zend_call_method_with_1_params(&iteriter, spl_ce_RecursiveIteratorIterator, 
+	zend_call_method_with_1_params(&iteriter, spl_ce_RecursiveIteratorIterator,
 			&spl_ce_RecursiveIteratorIterator->constructor, "__construct", NULL, iter);
 
 	if (EG(exception)) {
@@ -1815,7 +1815,7 @@ PHP_METHOD(Phar, buildFromDirectory)
 		INIT_PZVAL(&arg2);
 		ZVAL_STRINGL(&arg2, regex, regex_len, 0);
 
-		zend_call_method_with_2_params(&regexiter, spl_ce_RegexIterator, 
+		zend_call_method_with_2_params(&regexiter, spl_ce_RegexIterator,
 			&spl_ce_RegexIterator->constructor, "__construct", NULL, iteriter, &arg2);
 	}
 
@@ -1936,7 +1936,7 @@ PHP_METHOD(Phar, buildFromIterator)
 PHP_METHOD(Phar, count)
 {
 	PHAR_ARCHIVE_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -2017,9 +2017,10 @@ static int phar_copy_file_contents(phar_entry_info *entry, php_stream *fp TSRMLS
 }
 /* }}} */
 
-static zval *phar_rename_archive(phar_archive_data *phar, char *ext, zend_bool compress TSRMLS_DC) /* {{{ */
+static zval *phar_rename_archive(phar_archive_data **sphar, char *ext, zend_bool compress TSRMLS_DC) /* {{{ */
 {
 	const char *oldname = NULL;
+	phar_archive_data *phar = *sphar;
 	char *oldpath = NULL;
 	char *basename = NULL, *basepath = NULL;
 	char *newname = NULL, *newpath = NULL;
@@ -2101,7 +2102,7 @@ static zval *phar_rename_archive(phar_archive_data *phar, char *ext, zend_bool c
 	spprintf(&newname, 0, "%s.%s", strtok(basename, "."), ext);
 	efree(basename);
 
-	
+
 
 	basepath = estrndup(oldpath, (strlen(oldpath) - oldname_len));
 	phar->fname_len = spprintf(&newpath, 0, "%s%s", basepath, newname);
@@ -2126,7 +2127,9 @@ static zval *phar_rename_archive(phar_archive_data *phar, char *ext, zend_bool c
 				(*pphar)->fp = phar->fp;
 				phar->fp = NULL;
 				phar_destroy_phar_data(phar TSRMLS_CC);
+				*sphar = NULL;
 				phar = *pphar;
+				*sphar = NULL;
 				phar->refcount++;
 				newpath = oldpath;
 				goto its_ok;
@@ -2333,15 +2336,19 @@ no_copy:
 		phar_add_virtual_dirs(phar, newentry.filename, newentry.filename_len TSRMLS_CC);
 	}
 
-	if ((ret = phar_rename_archive(phar, ext, 0 TSRMLS_CC))) {
+	if ((ret = phar_rename_archive(&phar, ext, 0 TSRMLS_CC))) {
 		return ret;
 	} else {
-		zend_hash_destroy(&(phar->manifest));
-		zend_hash_destroy(&(phar->mounted_dirs));
-		zend_hash_destroy(&(phar->virtual_dirs));
-		php_stream_close(phar->fp);
-		efree(phar->fname);
-		efree(phar);
+		if(phar != NULL) {
+			zend_hash_destroy(&(phar->manifest));
+			zend_hash_destroy(&(phar->mounted_dirs));
+			zend_hash_destroy(&(phar->virtual_dirs));
+			if (phar->fp) {
+				php_stream_close(phar->fp);
+			}
+			efree(phar->fname);
+			efree(phar);
+		}
 		return NULL;
 	}
 }
@@ -2559,7 +2566,7 @@ PHP_METHOD(Phar, convertToData)
 PHP_METHOD(Phar, isCompressed)
 {
 	PHAR_ARCHIVE_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -2583,7 +2590,7 @@ PHP_METHOD(Phar, isWritable)
 {
 	php_stream_statbuf ssb;
 	PHAR_ARCHIVE_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -2661,7 +2668,7 @@ PHP_METHOD(Phar, delete)
 PHP_METHOD(Phar, getAlias)
 {
 	PHAR_ARCHIVE_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -2678,7 +2685,7 @@ PHP_METHOD(Phar, getAlias)
 PHP_METHOD(Phar, getPath)
 {
 	PHAR_ARCHIVE_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -2794,7 +2801,7 @@ valid_alias:
 PHP_METHOD(Phar, getVersion)
 {
 	PHAR_ARCHIVE_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -2809,7 +2816,7 @@ PHP_METHOD(Phar, getVersion)
 PHP_METHOD(Phar, startBuffering)
 {
 	PHAR_ARCHIVE_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -2824,7 +2831,7 @@ PHP_METHOD(Phar, startBuffering)
 PHP_METHOD(Phar, isBuffering)
 {
 	PHAR_ARCHIVE_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -2841,7 +2848,7 @@ PHP_METHOD(Phar, stopBuffering)
 	char *error;
 
 	PHAR_ARCHIVE_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -3076,7 +3083,7 @@ PHP_METHOD(Phar, setSignatureAlgorithm)
 PHP_METHOD(Phar, getSignature)
 {
 	PHAR_ARCHIVE_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -3120,7 +3127,7 @@ PHP_METHOD(Phar, getSignature)
 PHP_METHOD(Phar, getModified)
 {
 	PHAR_ARCHIVE_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -3382,7 +3389,7 @@ PHP_METHOD(Phar, decompressFiles)
 {
 	char *error;
 	PHAR_ARCHIVE_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -3899,7 +3906,7 @@ PHP_METHOD(Phar, getStub)
 	phar_entry_info *stub;
 
 	PHAR_ARCHIVE_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -4002,7 +4009,7 @@ PHP_METHOD(Phar, hasMetadata)
 PHP_METHOD(Phar, getMetadata)
 {
 	PHAR_ARCHIVE_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -4450,7 +4457,7 @@ PHP_METHOD(PharFileInfo, __construct)
 	INIT_PZVAL(&arg1);
 	ZVAL_STRINGL(&arg1, fname, fname_len, 0);
 
-	zend_call_method_with_1_params(&zobj, Z_OBJCE_P(zobj), 
+	zend_call_method_with_1_params(&zobj, Z_OBJCE_P(zobj),
 		&spl_ce_SplFileInfo->constructor, "__construct", NULL, &arg1);
 }
 /* }}} */
@@ -4488,7 +4495,7 @@ PHP_METHOD(PharFileInfo, __destruct)
 PHP_METHOD(PharFileInfo, getCompressedSize)
 {
 	PHAR_ENTRY_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -4530,7 +4537,7 @@ PHP_METHOD(PharFileInfo, isCompressed)
 PHP_METHOD(PharFileInfo, getCRC32)
 {
 	PHAR_ENTRY_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -4556,7 +4563,7 @@ PHP_METHOD(PharFileInfo, getCRC32)
 PHP_METHOD(PharFileInfo, isCRCChecked)
 {
 	PHAR_ENTRY_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -4571,7 +4578,7 @@ PHP_METHOD(PharFileInfo, isCRCChecked)
 PHP_METHOD(PharFileInfo, getPharFlags)
 {
 	PHAR_ENTRY_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -4649,7 +4656,7 @@ PHP_METHOD(PharFileInfo, chmod)
 PHP_METHOD(PharFileInfo, hasMetadata)
 {
 	PHAR_ENTRY_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -4664,7 +4671,7 @@ PHP_METHOD(PharFileInfo, hasMetadata)
 PHP_METHOD(PharFileInfo, getMetadata)
 {
 	PHAR_ENTRY_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -4745,7 +4752,7 @@ PHP_METHOD(PharFileInfo, delMetadata)
 	char *error;
 
 	PHAR_ENTRY_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -4803,7 +4810,7 @@ PHP_METHOD(PharFileInfo, getContent)
 	phar_entry_info *link;
 
 	PHAR_ENTRY_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -4977,7 +4984,7 @@ PHP_METHOD(PharFileInfo, decompress)
 {
 	char *error;
 	PHAR_ENTRY_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
diff --git a/ext/phar/tests/bug69958.phpt b/ext/phar/tests/bug69958.phpt
new file mode 100644
index 0000000000..96f2198b14
--- /dev/null
+++ b/ext/phar/tests/bug69958.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Phar: bug #69958: Segfault in Phar::convertToData on invalid file
+--XFAIL--
+Still has memory leaks, see https://bugs.php.net/bug.php?id=70005
+--SKIPIF--
+<?php if (!extension_loaded("phar")) die("skip"); ?>
+--FILE--
+<?php
+$tarphar = new PharData(__DIR__.'/bug69958.tar');
+$phar = $tarphar->convertToData(Phar::TAR); 
+--EXPECTF--
+Fatal error: Uncaught exception 'BadMethodCallException' with message 'phar "%s/bug69958.tar" exists and must be unlinked prior to conversion' in %s/bug69958.php:%d
+Stack trace:
+#0 %s/bug69958.php(%d): PharData->convertToData(%d)
+#1 {main}
+  thrown in %s/bug69958.php on line %d
diff --git a/ext/phar/tests/bug69958.tar b/ext/phar/tests/bug69958.tar
new file mode 100644
index 0000000000..02275248bd
--- /dev/null
+++ b/ext/phar/tests/bug69958.tar
diff --git a/ext/standard/mail.c b/ext/standard/mail.c
index 09e0a5546b..17c09dbcaa 100644
--- a/ext/standard/mail.c
+++ b/ext/standard/mail.c
@@ -226,7 +226,7 @@ void php_mail_log_to_file(char *filename, char *message, size_t message_size TSR
 static int php_mail_detect_multiple_crlf(char *hdr) {
 	/* This function detects multiple/malformed multiple newlines. */
 
-	if (!hdr) {
+	if (!hdr || !strlen(hdr)) {
 		return 0;
 	}
 
@@ -321,7 +321,7 @@ PHPAPI int php_mail(char *to, char *subject, char *message, char *headers, char
 
 		php_basename(tmp, strlen(tmp), NULL, 0,&f, &f_len TSRMLS_CC);
 
-		if (headers != NULL) {
+		if (headers != NULL && *headers) {
 			spprintf(&hdr, 0, "X-PHP-Originating-Script: %ld:%s\n%s", php_getuid(TSRMLS_C), f, headers);
 		} else {
 			spprintf(&hdr, 0, "X-PHP-Originating-Script: %ld:%s", php_getuid(TSRMLS_C), f);
@@ -429,7 +429,7 @@ PHPAPI int php_mail(char *to, char *subject, char *message, char *headers, char
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Could not execute mail delivery program '%s'", sendmail_path);
 #if PHP_SIGCHILD
 		if (sig_handler) {
-			signal(SIGCHLD, sig_handler);						
+			signal(SIGCHLD, sig_handler);
 		}
 #endif
 		MAIL_RET(0);
diff --git a/ext/standard/string.c b/ext/standard/string.c
index 8c850512c7..63eede1c71 100644
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -2749,7 +2749,7 @@ PHP_FUNCTION(lcfirst)
 }
 /* }}} */
 
-/* {{{ proto string ucwords(string str)
+/* {{{ proto string ucwords(string str [, string delims])
    Uppercase the first character of every word in a string */
 PHP_FUNCTION(ucwords)
 {
diff --git a/ext/standard/tests/mail/bug69874.phpt b/ext/standard/tests/mail/bug69874.phpt
new file mode 100644
index 0000000000..a952a73bdc
--- /dev/null
+++ b/ext/standard/tests/mail/bug69874.phpt
@@ -0,0 +1,42 @@
+--TEST--
+Bug #69874: Null addtional_headers does not send mail
+--INI--
+sendmail_path=tee mailBasic.out >/dev/null
+mail.add_x_header = Off
+--SKIPIF--
+<?php
+if(substr(PHP_OS, 0, 3) == "WIN")
+  die("skip Won't run on Windows");
+?>
+--FILE--
+<?php
+/* Prototype  : int mail(string to, string subject, string message [, string additional_headers [, string additional_parameters]])
+ * Description: Send an email message
+ * Source code: ext/standard/mail.c
+ * Alias to functions:
+ */
+
+echo "*** Testing mail() : send email without additional headers ***\n";
+
+// Initialise all required variables
+$to = 'user@company.com';
+$subject = 'Test Subject';
+$message = 'A Message';
+
+$outFile = "mailBasic.out";
+@unlink($outFile);
+
+var_dump( mail($to, $subject, $message) );
+echo file_get_contents($outFile);
+unlink($outFile);
+
+?>
+===DONE===
+--EXPECTF--
+*** Testing mail() : send email without additional headers ***
+bool(true)
+To: user@company.com
+Subject: Test Subject
+
+A Message
+===DONE===
diff --git a/ext/standard/tests/mail/bug69874_2.phpt b/ext/standard/tests/mail/bug69874_2.phpt
new file mode 100644
index 0000000000..53d991a26b
--- /dev/null
+++ b/ext/standard/tests/mail/bug69874_2.phpt
@@ -0,0 +1,43 @@
+--TEST--
+Bug #69874: Null addtional_headers does not send mail
+--INI--
+sendmail_path=tee mailBasic.out >/dev/null
+mail.add_x_header = On
+--SKIPIF--
+<?php
+if(substr(PHP_OS, 0, 3) == "WIN")
+  die("skip Won't run on Windows");
+?>
+--FILE--
+<?php
+/* Prototype  : int mail(string to, string subject, string message [, string additional_headers [, string additional_parameters]])
+ * Description: Send an email message
+ * Source code: ext/standard/mail.c
+ * Alias to functions:
+ */
+
+echo "*** Testing mail() : send email without additional headers ***\n";
+
+// Initialise all required variables
+$to = 'user@company.com';
+$subject = 'Test Subject';
+$message = 'A Message';
+
+$outFile = "mailBasic.out";
+@unlink($outFile);
+
+var_dump( mail($to, $subject, $message, '') );
+echo file_get_contents($outFile);
+unlink($outFile);
+
+?>
+===DONE===
+--EXPECTF--
+*** Testing mail() : send email without additional headers ***
+bool(true)
+To: user@company.com
+Subject: Test Subject
+X-PHP-Originating-Script: %d:bug69874_2.php
+
+A Message
+===DONE===
diff --git a/main/php_version.h b/main/php_version.h
index b079d94c8d..f7dc1a8534 100644
--- a/main/php_version.h
+++ b/main/php_version.h
@@ -3,6 +3,6 @@
 #define PHP_MAJOR_VERSION 5
 #define PHP_MINOR_VERSION 5
 #define PHP_RELEASE_VERSION 27
-#define PHP_EXTRA_VERSION "RC1"
-#define PHP_VERSION "5.5.27RC1"
+#define PHP_EXTRA_VERSION ""
+#define PHP_VERSION "5.5.27"
 #define PHP_VERSION_ID 50527