[packages/php/PHP_7_1] Rel 8; use tls instead of ssl for fsockopen etc by default (backported from upstream bec91e1117fd352
arekm
arekm at pld-linux.org
Thu Jan 20 16:12:11 CET 2022
commit a71081b039c118c0e0a256ae6bcce7ff7c5c2c10
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Thu Jan 20 16:11:34 2022 +0100
Rel 8; use tls instead of ssl for fsockopen etc by default (backported from upstream bec91e1117fd3527897cde2f8a26eab9a20fa3dc)
openssl.patch | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++---
php.spec | 2 +-
2 files changed, 51 insertions(+), 4 deletions(-)
---
diff --git a/php.spec b/php.spec
index e3b77e5..a1f6f9c 100644
--- a/php.spec
+++ b/php.spec
@@ -151,7 +151,7 @@ Summary(ru.UTF-8): PHP Версии 7 - язык препроцессирова
Summary(uk.UTF-8): PHP Версії 7 - мова препроцесування HTML-файлів, виконувана на сервері
Name: %{orgname}%{php_suffix}
Version: 7.1.33
-Release: 7
+Release: 8
Epoch: 4
# All files licensed under PHP version 3.01, except
# Zend is licensed under Zend
diff --git a/openssl.patch b/openssl.patch
index d696980..d609433 100644
--- a/openssl.patch
+++ b/openssl.patch
@@ -1,6 +1,7 @@
---- php-5.3.29/ext/openssl/openssl.c~ 2021-10-23 19:18:21.000000000 +0200
-+++ php-5.3.29/ext/openssl/openssl.c 2021-10-23 19:19:01.483125024 +0200
-@@ -1044,7 +1044,9 @@ PHP_MINIT_FUNCTION(openssl)
+diff -urNp -x '*.orig' php-7.1.33.org/ext/openssl/openssl.c php-7.1.33/ext/openssl/openssl.c
+--- php-7.1.33.org/ext/openssl/openssl.c 2019-10-22 18:59:46.000000000 +0200
++++ php-7.1.33/ext/openssl/openssl.c 2022-01-20 15:55:08.279929919 +0100
+@@ -1471,7 +1471,9 @@ PHP_MINIT_FUNCTION(openssl)
REGISTER_LONG_CONSTANT("PKCS7_NOSIGS", PKCS7_NOSIGS, CONST_CS|CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_PADDING", RSA_PKCS1_PADDING, CONST_CS|CONST_PERSISTENT);
@@ -10,3 +11,49 @@
REGISTER_LONG_CONSTANT("OPENSSL_NO_PADDING", RSA_NO_PADDING, CONST_CS|CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_OAEP_PADDING", RSA_PKCS1_OAEP_PADDING, CONST_CS|CONST_PERSISTENT);
+diff -urNp -x '*.orig' php-7.1.33.org/ext/openssl/xp_ssl.c php-7.1.33/ext/openssl/xp_ssl.c
+--- php-7.1.33.org/ext/openssl/xp_ssl.c 2019-10-22 18:59:46.000000000 +0200
++++ php-7.1.33/ext/openssl/xp_ssl.c 2022-01-20 15:55:08.283263252 +0100
+@@ -2571,7 +2571,7 @@ php_stream *php_openssl_ssl_socket_facto
+
+ if (strncmp(proto, "ssl", protolen) == 0) {
+ sslsock->enable_on_connect = 1;
+- sslsock->method = get_crypto_method(context, STREAM_CRYPTO_METHOD_ANY_CLIENT);
++ sslsock->method = get_crypto_method(context, STREAM_CRYPTO_METHOD_TLS_ANY_CLIENT);
+ } else if (strncmp(proto, "sslv2", protolen) == 0) {
+ php_error_docref(NULL, E_WARNING, "SSLv2 unavailable in this PHP version");
+ php_stream_close(stream);
+@@ -2587,7 +2587,7 @@ php_stream *php_openssl_ssl_socket_facto
+ #endif
+ } else if (strncmp(proto, "tls", protolen) == 0) {
+ sslsock->enable_on_connect = 1;
+- sslsock->method = get_crypto_method(context, STREAM_CRYPTO_METHOD_TLS_CLIENT);
++ sslsock->method = get_crypto_method(context, STREAM_CRYPTO_METHOD_TLS_ANY_CLIENT);
+ } else if (strncmp(proto, "tlsv1.0", protolen) == 0) {
+ sslsock->enable_on_connect = 1;
+ sslsock->method = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT;
+diff -urNp -x '*.orig' php-7.1.33.org/main/streams/php_stream_transport.h php-7.1.33/main/streams/php_stream_transport.h
+--- php-7.1.33.org/main/streams/php_stream_transport.h 2019-10-22 19:00:03.000000000 +0200
++++ php-7.1.33/main/streams/php_stream_transport.h 2022-01-20 15:55:08.283263252 +0100
+@@ -172,8 +172,8 @@ typedef enum {
+ STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT = (1 << 3 | 1),
+ STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT = (1 << 4 | 1),
+ STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT = (1 << 5 | 1),
+- /* tls now equates only to the specific TLSv1 method for BC with pre-5.6 */
+- STREAM_CRYPTO_METHOD_TLS_CLIENT = (1 << 3 | 1),
++ /* TLS equates to TLS_ANY as of PHP 7.2 */
++ STREAM_CRYPTO_METHOD_TLS_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | 1),
+ STREAM_CRYPTO_METHOD_TLS_ANY_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | 1),
+ STREAM_CRYPTO_METHOD_ANY_CLIENT = ((1 << 1) | (1 << 2) | (1 << 3) | (1 << 4) | (1 << 5) | 1),
+ STREAM_CRYPTO_METHOD_SSLv2_SERVER = (1 << 1),
+@@ -183,8 +183,8 @@ typedef enum {
+ STREAM_CRYPTO_METHOD_TLSv1_0_SERVER = (1 << 3),
+ STREAM_CRYPTO_METHOD_TLSv1_1_SERVER = (1 << 4),
+ STREAM_CRYPTO_METHOD_TLSv1_2_SERVER = (1 << 5),
+- /* tls equates only to the specific TLSv1 method for BC with pre-5.6 */
+- STREAM_CRYPTO_METHOD_TLS_SERVER = (1 << 3),
++ /* TLS equates to TLS_ANY as of PHP 7.2 */
++ STREAM_CRYPTO_METHOD_TLS_SERVER = ((1 << 3) | (1 << 4) | (1 << 5)),
+ STREAM_CRYPTO_METHOD_TLS_ANY_SERVER = ((1 << 3) | (1 << 4) | (1 << 5)),
+ STREAM_CRYPTO_METHOD_ANY_SERVER = ((1 << 1) | (1 << 2) | (1 << 3) | (1 << 4) | (1 << 5))
+ } php_stream_xport_crypt_method_t;
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/php.git/commitdiff/a71081b039c118c0e0a256ae6bcce7ff7c5c2c10
More information about the pld-cvs-commit
mailing list