diff options
author | Remi Collet <remi@remirepo.net> | 2019-03-05 15:51:09 +0100 |
---|---|---|
committer | Remi Collet <remi@remirepo.net> | 2019-03-05 15:51:09 +0100 |
commit | ea79f0802baf34e3fab36e28b83bab0e887e2511 (patch) | |
tree | 1139812c8e5a5efd7e103bc834aaa9914c9134f0 | |
parent | ecf0fb1d45df07bebf521862b526debeeab1772e (diff) |
add upstream patch for OpenSSL 1.1.1b
-rw-r--r-- | failed.txt | 3 | ||||
-rw-r--r-- | php-openssl111.patch | 29 | ||||
-rw-r--r-- | php.spec | 7 |
3 files changed, 36 insertions, 3 deletions
@@ -7,11 +7,10 @@ $ grep -r 'Tests failed' /var/lib/mock/scl72*/build.log /var/lib/mock/scl72el8x/build.log:Tests failed : 18 /var/lib/mock/scl72fc27x/build.log:Tests failed : 0 /var/lib/mock/scl72fc28x/build.log:Tests failed : 0 -/var/lib/mock/scl72fc29x/build.log:Tests failed : 2 +/var/lib/mock/scl72fc29x/build.log:Tests failed : 1 fc29x: - openssl_decrypt() with CCM cipher algorithm tests [ext/openssl/tests/openssl_decrypt_ccm.phpt] TLS server rate-limits client-initiated renegotiation [ext/openssl/tests/stream_server_reneg_limit.phpt] el8x: buildroot issue under investigation diff --git a/php-openssl111.patch b/php-openssl111.patch new file mode 100644 index 0000000..ea43711 --- /dev/null +++ b/php-openssl111.patch @@ -0,0 +1,29 @@ +From 19a44ffb7be91344550fa700830b8e62a73031ba Mon Sep 17 00:00:00 2001 +From: Anatol Belski <ab@php.net> +Date: Thu, 28 Feb 2019 12:48:47 +0100 +Subject: [PATCH] Sync with behavior change in OpenSSL 1.1.1b + +A behavior change in revealed by some openssl_decrypt() based test, +where an encrypt API is used with a decrypt context. The EVP_Cipher* +functions will automatically choose the right operation depending on the +context passed. +--- + ext/openssl/openssl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c +index 871a30c..7df5072 100644 +--- a/ext/openssl/openssl.c ++++ b/ext/openssl/openssl.c +@@ -6494,7 +6494,7 @@ static int php_openssl_cipher_update(const EVP_CIPHER *cipher_type, + { + int i = 0; + +- if (mode->is_single_run_aead && !EVP_EncryptUpdate(cipher_ctx, NULL, &i, NULL, (int)data_len)) { ++ if (mode->is_single_run_aead && !EVP_CipherUpdate(cipher_ctx, NULL, &i, NULL, (int)data_len)) { + php_openssl_store_errors(); + php_error_docref(NULL, E_WARNING, "Setting of data length failed"); + return FAILURE; +-- +2.1.4 + @@ -135,7 +135,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: %{?scl_prefix}php Version: %{upver}%{?rcver:~%{rcver}} -Release: 1%{?dist} +Release: 2%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -192,6 +192,7 @@ Patch49: php-7.2.16-pdooci.patch Patch91: php-7.2.0-oci8conf.patch # Upstream fixes (100+) +Patch100: php-openssl111.patch # Security fixes (200+) @@ -936,6 +937,7 @@ low-level PHP extension for the libsodium cryptographic library. %patch91 -p1 -b .remi-oci8 # upstream patches +%patch100 -p1 -b .up # security patches @@ -1884,6 +1886,9 @@ fi %changelog +* Tue Mar 5 2019 Remi Collet <remi@remirepo.net> - 7.2.16-2 +- add upstream patch for OpenSSL 1.1.1b + * Tue Mar 5 2019 Remi Collet <remi@remirepo.net> - 7.2.16-1 - Update to 7.2.16 - http://www.php.net/releases/7_2_16.php |