summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--php-bug68074.patch60
-rw-r--r--php56.spec14
2 files changed, 71 insertions, 3 deletions
diff --git a/php-bug68074.patch b/php-bug68074.patch
new file mode 100644
index 0000000..04451c1
--- /dev/null
+++ b/php-bug68074.patch
@@ -0,0 +1,60 @@
+From 0d776ef87b7b0c1e970c424cc5dcdf4cd6f500ac Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@php.net>
+Date: Wed, 24 Sep 2014 10:34:55 +0200
+Subject: [PATCH] Fix bug #68074 Allow to use system cipher list instead of
+ hardcoded value
+
+---
+ ext/openssl/config0.m4 | 6 ++++++
+ ext/openssl/xp_ssl.c | 9 ++++++---
+ 2 files changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/ext/openssl/config0.m4 b/ext/openssl/config0.m4
+index a97114f..701e488 100644
+--- a/ext/openssl/config0.m4
++++ b/ext/openssl/config0.m4
+@@ -8,6 +8,9 @@ PHP_ARG_WITH(openssl, for OpenSSL support,
+ PHP_ARG_WITH(kerberos, for Kerberos support,
+ [ --with-kerberos[=DIR] OPENSSL: Include Kerberos support], no, no)
+
++PHP_ARG_WITH(system-ciphers, whether to use system default cipher list instead of hardcoded value,
++[ --with-system-ciphers OPENSSL: Use system default cipher list instead of hardcoded value], no, no)
++
+ if test "$PHP_OPENSSL" != "no"; then
+ PHP_NEW_EXTENSION(openssl, openssl.c xp_ssl.c, $ext_shared)
+ PHP_SUBST(OPENSSL_SHARED_LIBADD)
+@@ -25,4 +28,7 @@ if test "$PHP_OPENSSL" != "no"; then
+ ], [
+ AC_MSG_ERROR([OpenSSL check failed. Please check config.log for more information.])
+ ])
++ if test "$PHP_SYSTEM_CIPHERS" != "no"; then
++ AC_DEFINE(USE_OPENSSL_SYSTEM_CIPHERS,1,[ Use system default cipher list instead of hardcoded value ])
++ fi
+ fi
+diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
+index de9e991..2f81dc7 100644
+--- a/ext/openssl/xp_ssl.c
++++ b/ext/openssl/xp_ssl.c
+@@ -1476,13 +1476,16 @@ int php_openssl_setup_crypto(php_stream *stream,
+ }
+
+ GET_VER_OPT_STRING("ciphers", cipherlist);
++#ifndef USE_OPENSSL_SYSTEM_CIPHERS
+ if (!cipherlist) {
+ cipherlist = OPENSSL_DEFAULT_STREAM_CIPHERS;
+ }
+- if (SSL_CTX_set_cipher_list(sslsock->ctx, cipherlist) != 1) {
+- return FAILURE;
++#endif
++ if (cipherlist) {
++ if (SSL_CTX_set_cipher_list(sslsock->ctx, cipherlist) != 1) {
++ return FAILURE;
++ }
+ }
+-
+ if (FAILURE == set_local_cert(sslsock->ctx, stream TSRMLS_CC)) {
+ return FAILURE;
+ }
+--
+2.1.0
+
diff --git a/php56.spec b/php56.spec
index 96c1534..d94cf4e 100644
--- a/php56.spec
+++ b/php56.spec
@@ -127,7 +127,7 @@
%endif
#global snapdate 201405061030
-%global rcver RC1
+#global rcver RC1
Summary: PHP scripting language for creating dynamic web sites
Name: php
@@ -135,7 +135,7 @@ Version: 5.6.1
%if 0%{?snapdate:1}%{?rcver:1}
Release: 0.2.%{?snapdate}%{?rcver}%{?dist}
%else
-Release: 1%{?dist}.2
+Release: 0.3%{?dist}
%endif
# All files licensed under PHP version 3.01, except
# Zend is licensed under Zend
@@ -197,6 +197,7 @@ Patch47: php-5.4.9-phpinfo.patch
Patch91: php-5.3.7-oci8conf.patch
# Upstream fixes (100+)
+Patch100: php-bug68074.patch
# Security fixes (200+)
@@ -954,6 +955,7 @@ rm -rf ext/json
%patch91 -p1 -b .remi-oci8
# upstream patches
+%patch100 -p1 -b .bug68074
# security patches
@@ -1146,6 +1148,7 @@ ln -sf ../configure
--without-gdbm \
--with-jpeg-dir=%{_prefix} \
--with-openssl \
+ --with-system-ciphers \
%if %{with_libpcre}
--with-pcre-regex=%{_prefix} \
%endif
@@ -1942,7 +1945,12 @@ fi
%changelog
-* Tue Sep 24 2014 Remi Collet <rcollet@redhat.com> 5.6.1-0.2.RC1
+* Fri Sep 26 2014 Remi Collet <rcollet@redhat.com> 5.6.1-0
+- test build for upcoming 5.6.1
+- use default system cipher list by Fedora policy
+ http://fedoraproject.org/wiki/Changes/CryptoPolicy
+
+* Wed Sep 24 2014 Remi Collet <rcollet@redhat.com> 5.6.1-0.2.RC1
- provides nginx configuration (see #1142298)
* Fri Sep 12 2014 Remi Collet <rcollet@redhat.com> 5.6.1-0.1.RC1