php 7+: disable pcre.jit as it raise selinux AVC

2 files changed, 4 insertions, 7 deletions

diff --git a/php.ini b/php.ini
index 7a3547c..fc457f2 100644
--- a/php.ini
+++ b/php.ini
@@ -963,7 +963,7 @@ cli_server.color = On
 
 ;Enables or disables JIT compilation of patterns. This requires the PCRE
 ;library to be compiled with JIT support.
-;pcre.jit=1
+pcre.jit=0
 
 [Pdo]
 ; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off"
diff --git a/php71.spec b/php71.spec
index d5bb283..af9a5b1 100644
--- a/php71.spec
+++ b/php71.spec
@@ -1513,12 +1513,6 @@ install -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/php.ini
 install -m 755 -d $RPM_BUILD_ROOT%{_httpd_contentdir}/icons
 install -m 644 php.gif $RPM_BUILD_ROOT%{_httpd_contentdir}/icons/php.gif
 
-%if %{with_libpcre}
-if ! pkg-config libpcre --atleast-version 8.38 ; then
-   sed -e 's/;pcre.jit=1/pcre.jit=0/' -i $RPM_BUILD_ROOT%{_sysconfdir}/php.ini
-fi
-%endif
-
 # For third-party packaging:
 install -m 755 -d $RPM_BUILD_ROOT%{_datadir}/php
 
@@ -1994,6 +1988,9 @@ fi
 
 
 %changelog
+- disable pcre.jit everywhere as it raise AVC #1398474
+- sync provided configuration with upstream production defaults
+
 * Wed Nov  9 2016 Remi Collet <remi@fedoraproject.org> 7.1.0-0.8.RC6
 - Update to 7.1.0RC6