[packages/php/PHP_5_4] - rel 23; disable ssl v2/3
arekm
arekm at pld-linux.org
Fri Sep 28 14:07:57 CEST 2018
commit 1f4804f98759460c62aa5923596a847228daa371
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Fri Sep 28 14:07:48 2018 +0200
- rel 23; disable ssl v2/3
openssl.patch | 30 ++++++++++++++++++++++++++++++
php.spec | 3 ++-
2 files changed, 32 insertions(+), 1 deletion(-)
---
diff --git a/php.spec b/php.spec
index a50c838..8eed496 100644
--- a/php.spec
+++ b/php.spec
@@ -138,7 +138,7 @@ ERROR: You need to select at least one Apache SAPI to build shared modules.
%undefine with_filter
%endif
-%define rel 22
+%define rel 23
%define orgname php
%define ver_suffix 54
%define php_suffix %{!?with_default_php:%{ver_suffix}}
@@ -2203,6 +2203,7 @@ for sapi in $sapis; do
esac
%configure \
+ CFLAGS="%{rpmcflags} -DOPENSSL_NO_SSL2=1 -DOPENSSL_NO_SSL3=1" \
EXTRA_LDFLAGS="%{rpmldflags}" \
$sapi_args \
%if "%{!?configure_cache:0}%{?configure_cache}" == "0"
diff --git a/openssl.patch b/openssl.patch
index 7abb957..d054a1b 100644
--- a/openssl.patch
+++ b/openssl.patch
@@ -974,3 +974,33 @@ diff -ur php-5.4.45/ext/openssl.org/openssl.c php-5.4.45/ext/openssl/openssl.c
if (len >= 0) {
data[len] = 0;
+--- php-5.4.45/ext/openssl/xp_ssl.c~ 2015-09-01 22:09:37.000000000 +0200
++++ php-5.4.45/ext/openssl/xp_ssl.c 2018-09-28 14:06:51.890385590 +0200
+@@ -339,8 +339,13 @@ static inline int php_openssl_setup_cryp
+ break;
+ #endif
+ case STREAM_CRYPTO_METHOD_SSLv3_CLIENT:
++#ifdef OPENSSL_NO_SSL3
++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv3 support is not compiled into the OpenSSL library PHP is linked against");
++ return -1;
++#else
+ sslsock->is_client = 1;
+ method = SSLv3_client_method();
++#endif
+ break;
+ case STREAM_CRYPTO_METHOD_TLS_CLIENT:
+ sslsock->is_client = 1;
+@@ -351,8 +356,13 @@ static inline int php_openssl_setup_cryp
+ method = SSLv23_server_method();
+ break;
+ case STREAM_CRYPTO_METHOD_SSLv3_SERVER:
++#ifdef OPENSSL_NO_SSL3
++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv3 support is not compiled into the OpenSSL library PHP is linked against");
++ return -1;
++#else
+ sslsock->is_client = 0;
+ method = SSLv3_server_method();
++#endif
+ break;
+ case STREAM_CRYPTO_METHOD_SSLv2_SERVER:
+ #ifdef OPENSSL_NO_SSL2
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/php.git/commitdiff/1f4804f98759460c62aa5923596a847228daa371
More information about the pld-cvs-commit
mailing list