[packages/php/PHP_7_1] Rel 8; use tls instead of ssl for fsockopen etc by default (backported from upstream bec91e1117fd352

arekm arekm at pld-linux.org
Thu Jan 20 16:12:11 CET 2022 

commit a71081b039c118c0e0a256ae6bcce7ff7c5c2c10
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Thu Jan 20 16:11:34 2022 +0100

    Rel 8; use tls instead of ssl for fsockopen etc by default (backported from upstream bec91e1117fd3527897cde2f8a26eab9a20fa3dc)

 openssl.patch | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++---
 php.spec      |  2 +-
 2 files changed, 51 insertions(+), 4 deletions(-)
---
diff --git a/php.spec b/php.spec
index e3b77e5..a1f6f9c 100644
--- a/php.spec
+++ b/php.spec
@@ -151,7 +151,7 @@ Summary(ru.UTF-8):	PHP Версии 7 - язык препроцессирова
 Summary(uk.UTF-8):	PHP Версії 7 - мова препроцесування HTML-файлів, виконувана на сервері
 Name:		%{orgname}%{php_suffix}
 Version:	7.1.33
-Release:	7
+Release:	8
 Epoch:		4
 # All files licensed under PHP version 3.01, except
 # Zend is licensed under Zend
diff --git a/openssl.patch b/openssl.patch
index d696980..d609433 100644
--- a/openssl.patch
+++ b/openssl.patch
@@ -1,6 +1,7 @@
---- php-5.3.29/ext/openssl/openssl.c~	2021-10-23 19:18:21.000000000 +0200
-+++ php-5.3.29/ext/openssl/openssl.c	2021-10-23 19:19:01.483125024 +0200
-@@ -1044,7 +1044,9 @@ PHP_MINIT_FUNCTION(openssl)
+diff -urNp -x '*.orig' php-7.1.33.org/ext/openssl/openssl.c php-7.1.33/ext/openssl/openssl.c
+--- php-7.1.33.org/ext/openssl/openssl.c	2019-10-22 18:59:46.000000000 +0200
++++ php-7.1.33/ext/openssl/openssl.c	2022-01-20 15:55:08.279929919 +0100
+@@ -1471,7 +1471,9 @@ PHP_MINIT_FUNCTION(openssl)
  	REGISTER_LONG_CONSTANT("PKCS7_NOSIGS", PKCS7_NOSIGS, CONST_CS|CONST_PERSISTENT);
  
  	REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_PADDING", RSA_PKCS1_PADDING, CONST_CS|CONST_PERSISTENT);
@@ -10,3 +11,49 @@
  	REGISTER_LONG_CONSTANT("OPENSSL_NO_PADDING", RSA_NO_PADDING, CONST_CS|CONST_PERSISTENT);
  	REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_OAEP_PADDING", RSA_PKCS1_OAEP_PADDING, CONST_CS|CONST_PERSISTENT);
  
+diff -urNp -x '*.orig' php-7.1.33.org/ext/openssl/xp_ssl.c php-7.1.33/ext/openssl/xp_ssl.c
+--- php-7.1.33.org/ext/openssl/xp_ssl.c	2019-10-22 18:59:46.000000000 +0200
++++ php-7.1.33/ext/openssl/xp_ssl.c	2022-01-20 15:55:08.283263252 +0100
+@@ -2571,7 +2571,7 @@ php_stream *php_openssl_ssl_socket_facto
+ 
+ 	if (strncmp(proto, "ssl", protolen) == 0) {
+ 		sslsock->enable_on_connect = 1;
+-		sslsock->method = get_crypto_method(context, STREAM_CRYPTO_METHOD_ANY_CLIENT);
++		sslsock->method = get_crypto_method(context, STREAM_CRYPTO_METHOD_TLS_ANY_CLIENT);
+ 	} else if (strncmp(proto, "sslv2", protolen) == 0) {
+ 		php_error_docref(NULL, E_WARNING, "SSLv2 unavailable in this PHP version");
+ 		php_stream_close(stream);
+@@ -2587,7 +2587,7 @@ php_stream *php_openssl_ssl_socket_facto
+ #endif
+ 	} else if (strncmp(proto, "tls", protolen) == 0) {
+ 		sslsock->enable_on_connect = 1;
+-		sslsock->method = get_crypto_method(context, STREAM_CRYPTO_METHOD_TLS_CLIENT);
++		sslsock->method = get_crypto_method(context, STREAM_CRYPTO_METHOD_TLS_ANY_CLIENT);
+ 	} else if (strncmp(proto, "tlsv1.0", protolen) == 0) {
+ 		sslsock->enable_on_connect = 1;
+ 		sslsock->method = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT;
+diff -urNp -x '*.orig' php-7.1.33.org/main/streams/php_stream_transport.h php-7.1.33/main/streams/php_stream_transport.h
+--- php-7.1.33.org/main/streams/php_stream_transport.h	2019-10-22 19:00:03.000000000 +0200
++++ php-7.1.33/main/streams/php_stream_transport.h	2022-01-20 15:55:08.283263252 +0100
+@@ -172,8 +172,8 @@ typedef enum {
+ 	STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT = (1 << 3 | 1),
+ 	STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT = (1 << 4 | 1),
+ 	STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT = (1 << 5 | 1),
+-	/* tls now equates only to the specific TLSv1 method for BC with pre-5.6 */
+-	STREAM_CRYPTO_METHOD_TLS_CLIENT = (1 << 3 | 1),
++	/* TLS equates to TLS_ANY as of PHP 7.2 */
++	STREAM_CRYPTO_METHOD_TLS_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | 1),
+ 	STREAM_CRYPTO_METHOD_TLS_ANY_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | 1),
+ 	STREAM_CRYPTO_METHOD_ANY_CLIENT = ((1 << 1) | (1 << 2) | (1 << 3) | (1 << 4) | (1 << 5) | 1),
+ 	STREAM_CRYPTO_METHOD_SSLv2_SERVER = (1 << 1),
+@@ -183,8 +183,8 @@ typedef enum {
+ 	STREAM_CRYPTO_METHOD_TLSv1_0_SERVER = (1 << 3),
+ 	STREAM_CRYPTO_METHOD_TLSv1_1_SERVER = (1 << 4),
+ 	STREAM_CRYPTO_METHOD_TLSv1_2_SERVER = (1 << 5),
+-	/* tls equates only to the specific TLSv1 method for BC with pre-5.6 */
+-	STREAM_CRYPTO_METHOD_TLS_SERVER = (1 << 3),
++	/* TLS equates to TLS_ANY as of PHP 7.2 */
++	STREAM_CRYPTO_METHOD_TLS_SERVER = ((1 << 3) | (1 << 4) | (1 << 5)),
+ 	STREAM_CRYPTO_METHOD_TLS_ANY_SERVER = ((1 << 3) | (1 << 4) | (1 << 5)),
+ 	STREAM_CRYPTO_METHOD_ANY_SERVER = ((1 << 1) | (1 << 2) | (1 << 3) | (1 << 4) | (1 << 5))
+ } php_stream_xport_crypt_method_t;
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/php.git/commitdiff/a71081b039c118c0e0a256ae6bcce7ff7c5c2c10

More information about the pld-cvs-commit mailing list