From cd55a5bc4de584859c4d0a62709641d7ac90bfda Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Fri, 10 Apr 2015 08:02:53 +0200 Subject: PHP 5.6: add upstream patch to drop SSLv3 tests --- php-5.6.8-openssltests.patch | 112 +++++++++++++++++++++++++++++++++++++++++++ php.spec | 8 +++- 2 files changed, 119 insertions(+), 1 deletion(-) create mode 100644 php-5.6.8-openssltests.patch diff --git a/php-5.6.8-openssltests.patch b/php-5.6.8-openssltests.patch new file mode 100644 index 0000000..a989ac7 --- /dev/null +++ b/php-5.6.8-openssltests.patch @@ -0,0 +1,112 @@ +From 32484e3f5fc04f127199399a0ee52594912fa66a Mon Sep 17 00:00:00 2001 +From: Rasmus Lerdorf +Date: Wed, 8 Apr 2015 09:55:55 -0700 +Subject: [PATCH] Remove SSLv3 test dependencies SSLv3 is going away. Debian8 + already ships with an openssl with no SSLv3 support which was causing these + tests to fail. + +--- + ext/openssl/tests/session_meta_capture.phpt | 6 ------ + ext/openssl/tests/stream_crypto_flags_001.phpt | 4 ---- + ext/openssl/tests/stream_crypto_flags_003.phpt | 6 +----- + ext/openssl/tests/streams_crypto_method.phpt | 3 ++- + 4 files changed, 3 insertions(+), 16 deletions(-) + +diff --git a/ext/openssl/tests/session_meta_capture.phpt b/ext/openssl/tests/session_meta_capture.phpt +index f1f9610..a09d7e8 100644 +--- a/ext/openssl/tests/session_meta_capture.phpt ++++ b/ext/openssl/tests/session_meta_capture.phpt +@@ -35,11 +35,6 @@ + + phpt_wait(); + +- stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_SSLv3_CLIENT); +- stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx); +- $meta = stream_context_get_options($clientCtx)['ssl']['session_meta']; +- var_dump($meta['protocol']); +- + stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT); + stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx); + $meta = stream_context_get_options($clientCtx)['ssl']['session_meta']; +@@ -59,7 +54,6 @@ CODE; + include 'ServerClientTestCase.inc'; + ServerClientTestCase::getInstance()->run($clientCode, $serverCode); + --EXPECTF-- +-string(5) "SSLv3" + string(5) "TLSv1" + string(7) "TLSv1.1" + string(7) "TLSv1.2" +diff --git a/ext/openssl/tests/stream_crypto_flags_001.phpt b/ext/openssl/tests/stream_crypto_flags_001.phpt +index f988886..1ba9309 100644 +--- a/ext/openssl/tests/stream_crypto_flags_001.phpt ++++ b/ext/openssl/tests/stream_crypto_flags_001.phpt +@@ -32,9 +32,6 @@ $clientCode = <<<'CODE' + + phpt_wait(); + +- stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_SSLv3_CLIENT); +- var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); +- + stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT); + var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); + +@@ -47,4 +44,3 @@ ServerClientTestCase::getInstance()->run($clientCode, $serverCode); + --EXPECTF-- + resource(%d) of type (stream) + resource(%d) of type (stream) +-resource(%d) of type (stream) +diff --git a/ext/openssl/tests/stream_crypto_flags_003.phpt b/ext/openssl/tests/stream_crypto_flags_003.phpt +index 30ca7a7..28cb640 100644 +--- a/ext/openssl/tests/stream_crypto_flags_003.phpt ++++ b/ext/openssl/tests/stream_crypto_flags_003.phpt +@@ -13,7 +13,7 @@ $serverCode = <<<'CODE' + $serverCtx = stream_context_create(['ssl' => [ + 'local_cert' => __DIR__ . '/bug54992.pem', + +- // Only accept SSLv3 and TLSv1.2 connections ++ // Only accept TLSv1.2 connections + 'crypto_method' => STREAM_CRYPTO_METHOD_SSLv3_SERVER | STREAM_CRYPTO_METHOD_TLSv1_2_SERVER, + ]]); + +@@ -40,9 +40,6 @@ $clientCode = <<<'CODE' + stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT); + var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); + +- stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_SSLv3_CLIENT); +- var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); +- + stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT); + var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); + +@@ -54,7 +51,6 @@ include 'ServerClientTestCase.inc'; + ServerClientTestCase::getInstance()->run($clientCode, $serverCode); + --EXPECTF-- + resource(%d) of type (stream) +-resource(%d) of type (stream) + bool(false) + bool(false) + +diff --git a/ext/openssl/tests/streams_crypto_method.phpt b/ext/openssl/tests/streams_crypto_method.phpt +index 84f7934..f8ec864 100644 +--- a/ext/openssl/tests/streams_crypto_method.phpt ++++ b/ext/openssl/tests/streams_crypto_method.phpt +@@ -4,6 +4,7 @@ Specific crypto method for ssl:// transports. + [ +- 'crypto_method' => STREAM_CRYPTO_METHOD_SSLv3_CLIENT, ++ 'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT, + 'verify_peer' => false, + 'verify_peer_name' => false + ]]); +-- +2.1.4 + diff --git a/php.spec b/php.spec index b6b1408..d0a40ed 100644 --- a/php.spec +++ b/php.spec @@ -128,7 +128,7 @@ %endif %global rcver RC1 -%global rpmrel 1 +%global rpmrel 2 Summary: PHP scripting language for creating dynamic web sites Name: %{?scl_prefix}php @@ -196,6 +196,8 @@ Patch91: php-5.6.3-oci8conf.patch Patch300: php-5.6.3-datetests.patch # Revert changes for pcre < 8.34 Patch301: php-5.6.0-oldpcre.patch +# Backported from 7.0 +Patch302: php-5.6.8-openssltests.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -893,6 +895,7 @@ support for using the enchant library to PHP. %patch301 -p1 -b .pcre834 %endif %endif +%patch302 -p1 -b .sslv3 # Prevent %%doc confusion over LICENSE files cp Zend/LICENSE Zend/ZEND_LICENSE @@ -1776,6 +1779,9 @@ fi %changelog +* Fri Apr 10 2015 Remi Collet 5.6.8-0.2.RC1 +- add upstream patch to drop SSLv3 tests + * Wed Apr 1 2015 Remi Collet 5.6.8-0.1.RC1 - update to 5.6.8RC1 -- cgit