[packages/php/PHP_5_2] (partial) OPENSSL_NO_SSL2 port from 5.3.29
glen
glen at pld-linux.org
Thu Mar 3 19:43:58 CET 2016
commit fcc49ef52e84b4cbb7c3a4957a2c3892d88195a9
Author: Elan Ruusamäe <glen at delfi.ee>
Date: Thu Mar 3 19:24:03 2016 +0200
(partial) OPENSSL_NO_SSL2 port from 5.3.29
only care that SSLv2_client_method symbol is not linked in
no-sslv2.patch | 46 ++++++++++++++++++++++++++++++++++++++++++++++
php.spec | 4 +++-
2 files changed, 49 insertions(+), 1 deletion(-)
---
diff --git a/php.spec b/php.spec
index 90f0ccf..b2d3406 100644
--- a/php.spec
+++ b/php.spec
@@ -112,7 +112,7 @@ ERROR: You need to select at least one Apache SAPI to build shared modules.
%define magic_mime /usr/share/misc/magic.mime
%endif
-%define rel 17
+%define rel 18
%define orgname php
%define ver_suffix 52
%define php_suffix %{!?with_default_php:%{ver_suffix}}
@@ -197,6 +197,7 @@ Patch44: %{orgname}-include_path.patch
Patch45: %{orgname}-imap-annotations.patch
Patch46: %{orgname}-imap-myrights.patch
Patch47: suhosin.patch
+Patch48: no-sslv2.patch
Patch49: %{orgname}-m4-divert.patch
Patch50: extension-shared-optional-dep.patch
Patch51: spl-shared.patch
@@ -1925,6 +1926,7 @@ done
%if %{with suhosin}
%patch47 -p1
%endif
+%patch48 -p1
%patch49 -p1
%patch50 -p1
%patch51 -p1
diff --git a/no-sslv2.patch b/no-sslv2.patch
new file mode 100644
index 0000000..5095416
--- /dev/null
+++ b/no-sslv2.patch
@@ -0,0 +1,46 @@
+--- php-5.2.17/ext/openssl/xp_ssl.c 2010-04-23 16:32:03.000000000 +0300
++++ php-5.3.29/ext/openssl/xp_ssl.c 2014-08-13 22:22:50.000000000 +0300
+@@ -333,9 +329,14 @@
+ method = SSLv23_client_method();
+ break;
+ case STREAM_CRYPTO_METHOD_SSLv2_CLIENT:
++#ifdef OPENSSL_NO_SSL2
++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not compiled into the OpenSSL library PHP is linked against");
++ return -1;
++#else
+ sslsock->is_client = 1;
+ method = SSLv2_client_method();
+ break;
++#endif
+ case STREAM_CRYPTO_METHOD_SSLv3_CLIENT:
+ sslsock->is_client = 1;
+ method = SSLv3_client_method();
+@@ -353,9 +354,14 @@
+ method = SSLv3_server_method();
+ break;
+ case STREAM_CRYPTO_METHOD_SSLv2_SERVER:
++#ifdef OPENSSL_NO_SSL2
++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not compiled into the OpenSSL library PHP is linked against");
++ return -1;
++#else
+ sslsock->is_client = 0;
+ method = SSLv2_server_method();
+ break;
++#endif
+ case STREAM_CRYPTO_METHOD_TLS_SERVER:
+ sslsock->is_client = 0;
+ method = TLSv1_server_method();
+@@ -813,8 +922,13 @@
+ sslsock->enable_on_connect = 1;
+ sslsock->method = STREAM_CRYPTO_METHOD_SSLv23_CLIENT;
+ } else if (strncmp(proto, "sslv2", protolen) == 0) {
++#ifdef OPENSSL_NO_SSL2
++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not compiled into the OpenSSL library PHP is linked against");
++ return NULL;
++#else
+ sslsock->enable_on_connect = 1;
+ sslsock->method = STREAM_CRYPTO_METHOD_SSLv2_CLIENT;
++#endif
+ } else if (strncmp(proto, "sslv3", protolen) == 0) {
+ sslsock->enable_on_connect = 1;
+ sslsock->method = STREAM_CRYPTO_METHOD_SSLv3_CLIENT;
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/php.git/commitdiff/fcc49ef52e84b4cbb7c3a4957a2c3892d88195a9
More information about the pld-cvs-commit
mailing list