PHP 5.6: add upstream patch to drop SSLv3 tests

2 files changed, 119 insertions, 1 deletions

diff --git a/php-5.6.8-openssltests.patch b/php-5.6.8-openssltests.patch
new file mode 100644
index 0000000..a989ac7
--- /dev/null
+++ b/php-5.6.8-openssltests.patch
@@ -0,0 +1,112 @@
+From 32484e3f5fc04f127199399a0ee52594912fa66a Mon Sep 17 00:00:00 2001
+From: Rasmus Lerdorf <rasmus@lerdorf.com>
+Date: Wed, 8 Apr 2015 09:55:55 -0700
+Subject: [PATCH] Remove SSLv3 test dependencies SSLv3 is going away. Debian8
+ already ships with an openssl with no SSLv3 support which was causing these
+ tests to fail.
+
+---
+ ext/openssl/tests/session_meta_capture.phpt    | 6 ------
+ ext/openssl/tests/stream_crypto_flags_001.phpt | 4 ----
+ ext/openssl/tests/stream_crypto_flags_003.phpt | 6 +-----
+ ext/openssl/tests/streams_crypto_method.phpt   | 3 ++-
+ 4 files changed, 3 insertions(+), 16 deletions(-)
+
+diff --git a/ext/openssl/tests/session_meta_capture.phpt b/ext/openssl/tests/session_meta_capture.phpt
+index f1f9610..a09d7e8 100644
+--- a/ext/openssl/tests/session_meta_capture.phpt
++++ b/ext/openssl/tests/session_meta_capture.phpt
+@@ -35,11 +35,6 @@
+
+     phpt_wait();
+
+-    stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_SSLv3_CLIENT);
+-    stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx);
+-    $meta = stream_context_get_options($clientCtx)['ssl']['session_meta'];
+-    var_dump($meta['protocol']);
+-
+     stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT);
+     stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx);
+     $meta = stream_context_get_options($clientCtx)['ssl']['session_meta'];
+@@ -59,7 +54,6 @@ CODE;
+ include 'ServerClientTestCase.inc';
+ ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
+ --EXPECTF--
+-string(5) "SSLv3"
+ string(5) "TLSv1"
+ string(7) "TLSv1.1"
+ string(7) "TLSv1.2"
+diff --git a/ext/openssl/tests/stream_crypto_flags_001.phpt b/ext/openssl/tests/stream_crypto_flags_001.phpt
+index f988886..1ba9309 100644
+--- a/ext/openssl/tests/stream_crypto_flags_001.phpt
++++ b/ext/openssl/tests/stream_crypto_flags_001.phpt
+@@ -32,9 +32,6 @@ $clientCode = <<<'CODE'
+ 
+     phpt_wait();
+ 
+-    stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_SSLv3_CLIENT);
+-    var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
+-
+     stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT);
+     var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
+ 
+@@ -47,4 +44,3 @@ ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
+ --EXPECTF--
+ resource(%d) of type (stream)
+ resource(%d) of type (stream)
+-resource(%d) of type (stream)
+diff --git a/ext/openssl/tests/stream_crypto_flags_003.phpt b/ext/openssl/tests/stream_crypto_flags_003.phpt
+index 30ca7a7..28cb640 100644
+--- a/ext/openssl/tests/stream_crypto_flags_003.phpt
++++ b/ext/openssl/tests/stream_crypto_flags_003.phpt
+@@ -13,7 +13,7 @@ $serverCode = <<<'CODE'
+     $serverCtx = stream_context_create(['ssl' => [
+         'local_cert' => __DIR__ . '/bug54992.pem',
+ 
+-        // Only accept SSLv3 and TLSv1.2 connections
++        // Only accept TLSv1.2 connections
+         'crypto_method' => STREAM_CRYPTO_METHOD_SSLv3_SERVER  | STREAM_CRYPTO_METHOD_TLSv1_2_SERVER,
+     ]]);
+ 
+@@ -40,9 +40,6 @@ $clientCode = <<<'CODE'
+     stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT);
+     var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
+ 
+-    stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_SSLv3_CLIENT);
+-    var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
+-
+     stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT);
+     var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx));
+ 
+@@ -54,7 +51,6 @@ include 'ServerClientTestCase.inc';
+ ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
+ --EXPECTF--
+ resource(%d) of type (stream)
+-resource(%d) of type (stream)
+ bool(false)
+ bool(false)
+ 
+diff --git a/ext/openssl/tests/streams_crypto_method.phpt b/ext/openssl/tests/streams_crypto_method.phpt
+index 84f7934..f8ec864 100644
+--- a/ext/openssl/tests/streams_crypto_method.phpt
++++ b/ext/openssl/tests/streams_crypto_method.phpt
+@@ -4,6 +4,7 @@ Specific crypto method for ssl:// transports.
+ <?php
+ if (!extension_loaded("openssl")) die("skip openssl not loaded");
+ if (!function_exists("proc_open")) die("skip no proc_open");
++if (OPENSSL_VERSION_NUMBER < 0x10001001) die("skip OpenSSLv1.0.1 required");
+ --FILE--
+ <?php
+ $serverCode = <<<'CODE'
+@@ -37,7 +38,7 @@ $clientCode = <<<'CODE'
+     $serverUri = "https://127.0.0.1:64321/";
+     $clientFlags = STREAM_CLIENT_CONNECT;
+     $clientCtx = stream_context_create(['ssl' => [
+-        'crypto_method' => STREAM_CRYPTO_METHOD_SSLv3_CLIENT,
++        'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT,
+         'verify_peer' => false,
+         'verify_peer_name' => false
+     ]]);
+-- 
+2.1.4
+
diff --git a/php56.spec b/php56.spec
index 7cd886c..66d509f 100644
--- a/php56.spec
+++ b/php56.spec
@@ -135,7 +135,7 @@ Version: 5.6.7
 %if 0%{?snapdate:1}%{?rcver:1}
 Release: 0.1.%{?snapdate}%{?rcver}%{?dist}
 %else
-Release: 1%{?dist}
+Release: 2%{?dist}
 %endif
 # All files licensed under PHP version 3.01, except
 # Zend is licensed under Zend
@@ -205,6 +205,8 @@ Patch91: php-5.6.3-oci8conf.patch
 Patch300: php-5.6.3-datetests.patch
 # Revert changes for pcre < 8.34
 Patch301: php-5.6.0-oldpcre.patch
+# Backported from 7.0
+Patch302: php-5.6.8-openssltests.patch
 
 # WIP
 
@@ -969,6 +971,7 @@ rm -rf ext/json
 %patch301 -p1 -b .pcre834
 %endif
 %endif
+%patch302 -p1 -b .sslv3
 
 # WIP patch
 
@@ -1952,6 +1955,9 @@ fi
 
 
 %changelog
+* Fri Apr 10 2015 Remi Collet <remi@fedoraproject.org> 5.6.7-2
+- add upstream patch to drop SSLv3 tests
+
 * Thu Mar 19 2015 Remi Collet <remi@fedoraproject.org> 5.6.7-1
 - Update to 5.6.7
   http://www.php.net/releases/5_6_7.php