summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemi Collet <remi@remirepo.net>2019-07-12 15:53:30 +0200
committerRemi Collet <remi@remirepo.net>2019-07-12 15:53:30 +0200
commit1a68b62da1f9e5c1269e307936207af104bf1a94 (patch)
tree3c5a044bfd01678ed1cade9b9df7560ca06ebab8
parent7c76192fc9f86d6b163ef5fccb60ee6cf33ccc89 (diff)
- drop recode extension, moved to php-pecl-recode
- add upstream patch for argon2 password
-rw-r--r--php-7.4.0-recode.patch17
-rw-r--r--php-upstream.patch266
-rw-r--r--php.spec37
3 files changed, 275 insertions, 45 deletions
diff --git a/php-7.4.0-recode.patch b/php-7.4.0-recode.patch
deleted file mode 100644
index d60c703..0000000
--- a/php-7.4.0-recode.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-diff -up ./ext/recode/config9.m4.recode ./ext/recode/config9.m4
---- ./ext/recode/config9.m4.recode 2019-05-21 12:19:27.614484934 +0200
-+++ ./ext/recode/config9.m4 2019-05-21 12:20:41.534895969 +0200
-@@ -1,13 +1,5 @@
- dnl Check for extensions with which Recode can not work
- if test "$PHP_RECODE" != "no"; then
-- test "$PHP_IMAP" != "no" && recode_conflict="$recode_conflict imap"
--
-- if test -n "$MYSQL_LIBNAME"; then
-- PHP_CHECK_LIBRARY($MYSQL_LIBNAME, hash_insert, [
-- recode_conflict="$recode_conflict mysql"
-- ])
-- fi
--
- if test -n "$recode_conflict"; then
- AC_MSG_ERROR([recode extension can not be configured together with:$recode_conflict])
- fi
diff --git a/php-upstream.patch b/php-upstream.patch
new file mode 100644
index 0000000..1984dd9
--- /dev/null
+++ b/php-upstream.patch
@@ -0,0 +1,266 @@
+From f65956e4fb4dc15ba8129e69b13a2cd758e85f46 Mon Sep 17 00:00:00 2001
+From: Sara Golemon <pollita@php.net>
+Date: Tue, 9 Jul 2019 11:18:13 -0400
+Subject: [PATCH] Relax argon2 mem_cost down to 64k, bump time_cost to 4
+
+---
+ ext/sodium/sodium_pwhash.c | 5 ++---
+ .../tests/php_password_hash_argon2i.phpt | 18 +++++++++---------
+ .../tests/php_password_hash_argon2id.phpt | 19 ++++++++++---------
+ ext/standard/php_password.h | 7 ++-----
+ .../password_needs_rehash_argon2.phpt | 14 +++++---------
+ 5 files changed, 28 insertions(+), 35 deletions(-)
+
+diff --git a/ext/sodium/sodium_pwhash.c b/ext/sodium/sodium_pwhash.c
+index d615a24ab6e2..7b7f574e173a 100644
+--- a/ext/sodium/sodium_pwhash.c
++++ b/ext/sodium/sodium_pwhash.c
+@@ -29,7 +29,6 @@
+ #if SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)
+
+ /**
+- * OPSLIMIT and MEMLIMIT are taken from libsodium's MODERATE values.
+ * MEMLIMIT is normalized to KB even though sodium uses Bytes in order to
+ * present a consistent user-facing API.
+ *
+@@ -37,8 +36,8 @@
+ *
+ * When updating these values, synchronize ext/standard/php_password.h values.
+ */
+-#define PHP_SODIUM_PWHASH_MEMLIMIT (256 << 10)
+-#define PHP_SODIUM_PWHASH_OPSLIMIT 3
++#define PHP_SODIUM_PWHASH_MEMLIMIT (64 << 10)
++#define PHP_SODIUM_PWHASH_OPSLIMIT 4
+ #define PHP_SODIUM_PWHASH_THREADS 1
+
+ static zend_string *php_sodium_argon2_hash(const zend_string *password, zend_array *options, int alg) {
+diff --git a/ext/sodium/tests/php_password_hash_argon2i.phpt b/ext/sodium/tests/php_password_hash_argon2i.phpt
+index 9ce6c7399eee..4522e6d1753a 100644
+--- a/ext/sodium/tests/php_password_hash_argon2i.phpt
++++ b/ext/sodium/tests/php_password_hash_argon2i.phpt
+@@ -36,38 +36,38 @@ foreach([1, 2, 4] as $mem) {
+ --EXPECTF--
+ Argon2 provider: string(%d) "%s"
+ Using password: string(44) "%s"
+-Hash: string(97) "$argon2i$v=19$m=262144,t=3,p=1$%s$%s"
++Hash: string(96) "$argon2i$v=19$m=65536,t=4,p=1$%s$%s"
+ bool(true)
+ bool(false)
+ Using password: string(44) "%s"
+-Hash: string(97) "$argon2i$v=19$m=262144,t=6,p=1$%s$%s"
++Hash: string(96) "$argon2i$v=19$m=65536,t=8,p=1$%s$%s"
+ bool(true)
+ bool(false)
+ Using password: string(44) "%s"
+-Hash: string(98) "$argon2i$v=19$m=262144,t=12,p=1$%s$%s"
++Hash: string(97) "$argon2i$v=19$m=65536,t=16,p=1$%s$%s"
+ bool(true)
+ bool(false)
+ Using password: string(44) "%s"
+-Hash: string(97) "$argon2i$v=19$m=524288,t=3,p=1$%s$%s"
++Hash: string(97) "$argon2i$v=19$m=131072,t=4,p=1$%s$%s"
+ bool(true)
+ bool(false)
+ Using password: string(44) "%s"
+-Hash: string(97) "$argon2i$v=19$m=524288,t=6,p=1$%s$%s"
++Hash: string(97) "$argon2i$v=19$m=131072,t=8,p=1$%s$%s"
+ bool(true)
+ bool(false)
+ Using password: string(44) "%s"
+-Hash: string(98) "$argon2i$v=19$m=524288,t=12,p=1$%s$%s"
++Hash: string(98) "$argon2i$v=19$m=131072,t=16,p=1$%s$%s"
+ bool(true)
+ bool(false)
+ Using password: string(44) "%s"
+-Hash: string(98) "$argon2i$v=19$m=1048576,t=3,p=1$%s$%s"
++Hash: string(97) "$argon2i$v=19$m=262144,t=4,p=1$%s$%s"
+ bool(true)
+ bool(false)
+ Using password: string(44) "%s"
+-Hash: string(98) "$argon2i$v=19$m=1048576,t=6,p=1$%s$%s"
++Hash: string(97) "$argon2i$v=19$m=262144,t=8,p=1$%s$%s"
+ bool(true)
+ bool(false)
+ Using password: string(44) "%s"
+-Hash: string(99) "$argon2i$v=19$m=1048576,t=12,p=1$%s$%s"
++Hash: string(98) "$argon2i$v=19$m=262144,t=16,p=1$%s$%s"
+ bool(true)
+ bool(false)
+diff --git a/ext/sodium/tests/php_password_hash_argon2id.phpt b/ext/sodium/tests/php_password_hash_argon2id.phpt
+index e6d4c1ee80a9..db5145718b8f 100644
+--- a/ext/sodium/tests/php_password_hash_argon2id.phpt
++++ b/ext/sodium/tests/php_password_hash_argon2id.phpt
+@@ -36,38 +36,39 @@ foreach([1, 2, 4] as $mem) {
+ --EXPECTF--
+ Argon2 provider: string(%d) "%s"
+ Using password: string(44) "%s"
+-Hash: string(98) "$argon2id$v=19$m=262144,t=3,p=1$%s$%s"
++Hash: string(97) "$argon2id$v=19$m=65536,t=4,p=1$%s$%s"
+ bool(true)
+ bool(false)
+ Using password: string(44) "%s"
+-Hash: string(98) "$argon2id$v=19$m=262144,t=6,p=1$%s$%s"
++Hash: string(97) "$argon2id$v=19$m=65536,t=8,p=1$%s$%s"
+ bool(true)
+ bool(false)
+ Using password: string(44) "%s"
+-Hash: string(99) "$argon2id$v=19$m=262144,t=12,p=1$%s$%s"
++Hash: string(98) "$argon2id$v=19$m=65536,t=16,p=1$%s$%s"
+ bool(true)
+ bool(false)
+ Using password: string(44) "%s"
+-Hash: string(98) "$argon2id$v=19$m=524288,t=3,p=1$%s$%s"
++Hash: string(98) "$argon2id$v=19$m=131072,t=4,p=1$%s$%s"
+ bool(true)
+ bool(false)
+ Using password: string(44) "%s"
+-Hash: string(98) "$argon2id$v=19$m=524288,t=6,p=1$%s$%s"
++Hash: string(98) "$argon2id$v=19$m=131072,t=8,p=1$%s$%s"
+ bool(true)
+ bool(false)
+ Using password: string(44) "%s"
+-Hash: string(99) "$argon2id$v=19$m=524288,t=12,p=1$%s$%s"
++Hash: string(99) "$argon2id$v=19$m=131072,t=16,p=1$%s$%s"
+ bool(true)
+ bool(false)
+ Using password: string(44) "%s"
+-Hash: string(99) "$argon2id$v=19$m=1048576,t=3,p=1$%s$%s"
++Hash: string(98) "$argon2id$v=19$m=262144,t=4,p=1$%s$%s"
+ bool(true)
+ bool(false)
+ Using password: string(44) "%s"
+-Hash: string(99) "$argon2id$v=19$m=1048576,t=6,p=1$%s$%s"
++Hash: string(98) "$argon2id$v=19$m=262144,t=8,p=1$%s$%s"
+ bool(true)
+ bool(false)
+ Using password: string(44) "%s"
+-Hash: string(100) "$argon2id$v=19$m=1048576,t=12,p=1$%s$%s"
++Hash: string(99) "$argon2id$v=19$m=262144,t=16,p=1$%s$%s"
+ bool(true)
+ bool(false)
++
+diff --git a/ext/standard/php_password.h b/ext/standard/php_password.h
+index ce3fdba6bbc4..97a6bf63a21e 100644
+--- a/ext/standard/php_password.h
++++ b/ext/standard/php_password.h
+@@ -34,14 +34,11 @@ PHP_MSHUTDOWN_FUNCTION(password);
+
+ #if HAVE_ARGON2LIB
+ /**
+- * OPSLIMIT and MEMLIMIT are taken from libsodium's MODERATE values.
+- * Threads are fixed at 1 by libsodium.
+- *
+ * When updating these values, synchronize ext/sodium/sodium_pwhash.c values.
+ * Note that libargon expresses memlimit in KB, while libsoidum uses bytes.
+ */
+-#define PHP_PASSWORD_ARGON2_MEMORY_COST (256 << 10)
+-#define PHP_PASSWORD_ARGON2_TIME_COST 3
++#define PHP_PASSWORD_ARGON2_MEMORY_COST (64 << 10)
++#define PHP_PASSWORD_ARGON2_TIME_COST 4
+ #define PHP_PASSWORD_ARGON2_THREADS 1
+ #endif
+
+diff --git a/ext/standard/tests/password/password_needs_rehash_argon2.phpt b/ext/standard/tests/password/password_needs_rehash_argon2.phpt
+index 9552be1dc924..69588d02ad4a 100644
+--- a/ext/standard/tests/password/password_needs_rehash_argon2.phpt
++++ b/ext/standard/tests/password/password_needs_rehash_argon2.phpt
+@@ -10,24 +10,20 @@ if (!defined('PASSWORD_ARGON2ID')) die('skip password_hash not built with Argon2
+
+ $hash = password_hash('test', PASSWORD_ARGON2I);
+ var_dump(password_needs_rehash($hash, PASSWORD_ARGON2I));
+-var_dump(password_needs_rehash($hash, PASSWORD_ARGON2I, ['memory_cost' => 1<<17]));
+-var_dump(password_needs_rehash($hash, PASSWORD_ARGON2I, ['time_cost' => 4]));
+-var_dump(password_needs_rehash($hash, PASSWORD_ARGON2I, ['threads' => 4]));
++var_dump(password_needs_rehash($hash, PASSWORD_ARGON2I, ['memory_cost' => PASSWORD_ARGON2_DEFAULT_MEMORY_COST * 2]));
++var_dump(password_needs_rehash($hash, PASSWORD_ARGON2I, ['time_cost' => PASSWORD_ARGON2_DEFAULT_TIME_COST + 1]));
+
+ $hash = password_hash('test', PASSWORD_ARGON2ID);
+ var_dump(password_needs_rehash($hash, PASSWORD_ARGON2ID));
+-var_dump(password_needs_rehash($hash, PASSWORD_ARGON2ID, ['memory_cost' => 1<<17]));
+-var_dump(password_needs_rehash($hash, PASSWORD_ARGON2ID, ['time_cost' => 4]));
+-var_dump(password_needs_rehash($hash, PASSWORD_ARGON2ID, ['threads' => 4]));
++var_dump(password_needs_rehash($hash, PASSWORD_ARGON2ID, ['memory_cost' => PASSWORD_ARGON2_DEFAULT_MEMORY_COST * 2]));
++var_dump(password_needs_rehash($hash, PASSWORD_ARGON2ID, ['time_cost' => PASSWORD_ARGON2_DEFAULT_TIME_COST + 1]));
++
+ echo "OK!";
+-?>
+ --EXPECT--
+ bool(false)
+ bool(true)
+ bool(true)
+-bool(true)
+ bool(false)
+ bool(true)
+ bool(true)
+-bool(true)
+ OK!
+From db0eaa8cf1cbeeec5968a5f91a416541d354ccfe Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@php.net>
+Date: Wed, 10 Jul 2019 09:00:41 +0200
+Subject: [PATCH] improve libargon2/libsodium compatibility
+
+---
+ ext/standard/password.c | 15 +++++++++++++++
+ ext/standard/tests/password/bug75221.phpt | 2 +-
+ .../password/password_hash_error_argon2.phpt | 4 ++--
+ 3 files changed, 18 insertions(+), 3 deletions(-)
+
+diff --git a/ext/standard/password.c b/ext/standard/password.c
+index aacb30e61cb7..a12590c0e083 100644
+--- a/ext/standard/password.c
++++ b/ext/standard/password.c
+@@ -571,6 +571,21 @@ static const php_password_algo* php_password_algo_find_zval_ex(zval *arg, const
+ #if HAVE_ARGON2LIB
+ case 2: return &php_password_algo_argon2i;
+ case 3: return &php_password_algo_argon2id;
++#else
++ case 2:
++ {
++ zend_string *n = zend_string_init("argon2i", sizeof("argon2i")-1, 0);
++ const php_password_algo* ret = php_password_algo_find(n);
++ zend_string_release(n);
++ return ret;
++ }
++ case 3:
++ {
++ zend_string *n = zend_string_init("argon2id", sizeof("argon2id")-1, 0);
++ const php_password_algo* ret = php_password_algo_find(n);
++ zend_string_release(n);
++ return ret;
++ }
+ #endif
+ }
+ return NULL;
+diff --git a/ext/standard/tests/password/bug75221.phpt b/ext/standard/tests/password/bug75221.phpt
+index ec03f92ea6cd..bd6e386a164e 100644
+--- a/ext/standard/tests/password/bug75221.phpt
++++ b/ext/standard/tests/password/bug75221.phpt
+@@ -9,7 +9,7 @@ if (!defined('PASSWORD_ARGON2I')) die('skip password_hash not built with Argon2'
+ $hash = password_hash(
+ "php",
+ PASSWORD_ARGON2I,
+- ['memory_cost' => 16384, 'time_cost' => 2, 'threads' => 4]
++ ['memory_cost' => 64 << 10, 'time_cost' => 4, 'threads' => 1]
+ );
+ var_dump(substr($hash, -1, 1) !== "\0");
+ ?>
+diff --git a/ext/standard/tests/password/password_hash_error_argon2.phpt b/ext/standard/tests/password/password_hash_error_argon2.phpt
+index 070d61656ab1..2ea6b93627c0 100644
+--- a/ext/standard/tests/password/password_hash_error_argon2.phpt
++++ b/ext/standard/tests/password/password_hash_error_argon2.phpt
+@@ -21,7 +21,7 @@ NULL
+ Warning: password_hash(): Time cost is outside of allowed time range in %s on line %d
+ NULL
+
+-Warning: password_hash(): Invalid number of threads in %s on line %d
++Warning: password_hash(): %sthread%s
+ NULL
+
+ Warning: password_hash(): Memory cost is outside of allowed memory range in %s on line %d
+@@ -30,5 +30,5 @@ NULL
+ Warning: password_hash(): Time cost is outside of allowed time range in %s on line %d
+ NULL
+
+-Warning: password_hash(): Invalid number of threads in %s on line %d
++Warning: password_hash(): %sthread%s
+ NULL
diff --git a/php.spec b/php.spec
index 1cc834c..4de1b9c 100644
--- a/php.spec
+++ b/php.spec
@@ -75,7 +75,6 @@
%global with_tidy 1
%global with_sqlite3 1
%global with_enchant 1
-%global with_recode 1
%if 0%{?fedora} >= 27 || 0%{?rhel} >= 8
%global with_libpcre 1
%else
@@ -109,7 +108,7 @@
Summary: PHP scripting language for creating dynamic web sites
Name: %{?scl_prefix}php
Version: %{upver}%{?lower:~%{lower}}%{?gh_date:.%{gh_date}}
-Release: 12%{?dist}
+Release: 13%{?dist}
# All files licensed under PHP version 3.01, except
# Zend is licensed under Zend
# TSRM is licensed under BSD
@@ -146,7 +145,6 @@ Source53: 20-ffi.ini
Patch1: php-7.4.0-httpd.patch
Patch5: php-7.2.0-includedir.patch
Patch6: php-7.4.0-embed.patch
-Patch7: php-7.4.0-recode.patch
Patch8: php-7.2.0-libdb.patch
Patch9: php-7.0.7-curl.patch
@@ -165,6 +163,7 @@ Patch47: php-5.6.3-phpinfo.patch
Patch91: php-7.2.0-oci8conf.patch
# Upstream fixes (100+)
+Patch100: php-upstream.patch
# Security fixes (200+)
@@ -801,20 +800,6 @@ BuildRequires: aspell-devel >= 0.50.0
The %{?scl_prefix}php-pspell package contains a dynamic shared object that will add
support for using the pspell library to PHP.
-%if %{with_recode}
-%package recode
-Summary: A module for PHP applications for using the recode library
-Group: System Environment/Libraries
-# All files licensed under PHP version 3.01
-License: PHP
-Requires: %{?scl_prefix}php-common%{?_isa} = %{version}-%{release}
-BuildRequires: recode-devel
-
-%description recode
-The %{?scl_prefix}php-recode package contains a dynamic shared object that will add
-support for using the recode library to PHP.
-%endif
-
%package intl
Summary: Internationalization extension for PHP applications
Group: System Environment/Libraries
@@ -825,7 +810,6 @@ BuildRequires: pkgconfig(icu-i18n) >= 50.1
BuildRequires: pkgconfig(icu-io) >= 50.1
BuildRequires: pkgconfig(icu-uc) >= 50.1
-
%description intl
The %{?scl_prefix}php-intl package contains a dynamic shared object that will add
support for using the ICU library to PHP.
@@ -915,10 +899,11 @@ in pure PHP.
%setup -q -n php-%{upver}%{?rcver}
%endif
+rm -r ext/recode
+
%patch1 -p1 -b .mpmcheck
%patch5 -p1 -b .includedir
%patch6 -p1 -b .embed
-%patch7 -p1 -b .recode
%patch8 -p1 -b .libdb
%if 0%{?rhel}
%patch9 -p1 -b .curltls
@@ -938,6 +923,7 @@ sed -e 's/php-devel/%{?scl_prefix}php-devel/' -i scripts/phpize.in
%patch91 -p1 -b .remi-oci8
# upstream patches
+%patch100 -p1 -b .up
# security patches
@@ -1244,9 +1230,6 @@ build --libdir=%{_libdir}/php \
%if %{with_enchant}
--with-enchant=shared \
%endif
-%if %{with_recode}
- --with-recode=shared,%{_root_prefix} \
-%endif
--enable-fileinfo=shared \
--with-ffi=shared \
--with-sodium=shared
@@ -1493,9 +1476,6 @@ for mod in pgsql odbc ldap snmp xmlrpc \
%if %{with_freetds}
pdo_dblib \
%endif
-%if %{with_recode}
- recode \
-%endif
%if %{with_zip}
zip \
%endif
@@ -1770,9 +1750,6 @@ fi
%files pspell -f files.pspell
%files intl -f files.intl
%files process -f files.process
-%if %{with_recode}
-%files recode -f files.recode
-%endif
%if %{with_interbase}
%files pdo-firebird -f files.pdo_firebird
%endif
@@ -1794,6 +1771,10 @@ fi
%changelog
+* Fri Jul 12 2019 Remi Collet <remi@remirepo.net> - 7.4.0~alpha3-13
+- drop recode extension, moved to php-pecl-recode
+- add upstream patch for argon2 password
+
* Tue Jul 9 2019 Remi Collet <remi@remirepo.net> - 7.4.0~alpha3-12
- update to 7.4.0alpha3
- drop argon2 dependency using libsodium implementation