summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemi Collet <remi@remirepo.net>2024-08-26 15:37:32 +0200
committerRemi Collet <remi@php.net>2024-08-26 15:37:32 +0200
commit950ea724334b6cbc8a51aa9a7d32f42d5dced8b7 (patch)
tree7b5e87c39e55b9bf5727acc17e29f246d8909a49
parent67b70950b734db9603280d90bf3b066354ab1fbc (diff)
add backport for https://bugs.php.net/79589
error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading
-rw-r--r--failed.txt6
-rw-r--r--php-7.4.26-openssl3.patch36
-rw-r--r--php.spec12
3 files changed, 47 insertions, 7 deletions
diff --git a/failed.txt b/failed.txt
index 94864ad..d9c6b78 100644
--- a/failed.txt
+++ b/failed.txt
@@ -1,17 +1,17 @@
-===== 7.4.33-15 (2024-06-06)
+===== 7.4.33-17 (2024-08-26)
$ grep -ar 'Tests failed' /var/lib/mock/*/build.log
-/var/lib/mock/scl74el7x/build.log:Tests failed : 0
/var/lib/mock/scl74el8a/build.log:Tests failed : 3
/var/lib/mock/scl74el8x/build.log:Tests failed : 3
/var/lib/mock/scl74el9a/build.log:Tests failed : 1
/var/lib/mock/scl74el9x/build.log:Tests failed : 1
-/var/lib/mock/scl74fc38x/build.log:Tests failed : 1
/var/lib/mock/scl74fc39a/build.log:Tests failed : 1
/var/lib/mock/scl74fc39x/build.log:Tests failed : 1
/var/lib/mock/scl80fc40a/build.log:Tests failed : 2
/var/lib/mock/scl80fc40x/build.log:Tests failed : 2
+/var/lib/mock/scl80fc41a/build.log:Tests failed : 2
+/var/lib/mock/scl80fc41x/build.log:Tests failed : 2
el8:
diff --git a/php-7.4.26-openssl3.patch b/php-7.4.26-openssl3.patch
index c23c517..aec6b96 100644
--- a/php-7.4.26-openssl3.patch
+++ b/php-7.4.26-openssl3.patch
@@ -2602,3 +2602,39 @@ index b136729cb5..d0fd976376 100644
--
2.41.0
+From 74f75db0c3665677ec006cd379fd561feacffdc6 Mon Sep 17 00:00:00 2001
+From: Jakub Zelenka <bukka@php.net>
+Date: Sun, 15 May 2022 13:49:17 +0100
+Subject: [PATCH] Fix bug #79589: ssl3_read_n:unexpected eof while reading
+
+The unexpected EOF failure was introduced in OpenSSL 3.0 to prevent
+truncation attack. However there are many non complaint servers and
+it is causing break for many users including potential majority
+of those where the truncation attack is not applicable. For that reason
+we try to keep behavior consitent with older OpenSSL versions which is
+also the path chosen by some other languages and web servers.
+
+Closes GH-8369
+---
+ NEWS | 4 ++++
+ ext/openssl/tests/bug79589.phpt | 21 +++++++++++++++++++++
+ ext/openssl/xp_ssl.c | 5 +++++
+ 3 files changed, 30 insertions(+)
+ create mode 100644 ext/openssl/tests/bug79589.phpt
+
+diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
+index 918b3ca5b21df..ce23fb29f4296 100644
+--- a/ext/openssl/xp_ssl.c
++++ b/ext/openssl/xp_ssl.c
+@@ -1652,6 +1652,11 @@ int php_openssl_setup_crypto(php_stream *stream,
+
+ ssl_ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+
++#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF
++ /* Only for OpenSSL 3+ to keep OpenSSL 1.1.1 behavior */
++ ssl_ctx_options |= SSL_OP_IGNORE_UNEXPECTED_EOF;
++#endif
++
+ if (!GET_VER_OPT("disable_compression") || zend_is_true(val)) {
+ ssl_ctx_options |= SSL_OP_NO_COMPRESSION;
+ }
diff --git a/php.spec b/php.spec
index 2f0e746..c19e38d 100644
--- a/php.spec
+++ b/php.spec
@@ -50,10 +50,10 @@
%global mysql_sock %(mysql_config --socket 2>/dev/null || echo /var/lib/mysql/mysql.sock)
%ifarch aarch64
-%global oraclever 19.23
+%global oraclever 19.24
%global oraclemax 20
%global oraclelib 19.1
-%global oracledir 19.23
+%global oracledir 19.24
%else
%global oraclever 23.5
%global oraclemax 24
@@ -119,7 +119,7 @@
Summary: PHP scripting language for creating dynamic web sites
Name: %{?scl_prefix}php
Version: %{upver}%{?rcver:~%{rcver}}%{?gh_date:.%{gh_date}}
-Release: 16%{?dist}
+Release: 17%{?dist}
# All files licensed under PHP version 3.01, except
# Zend is licensed under Zend
# TSRM is licensed under BSD
@@ -1889,7 +1889,11 @@ EOF
%changelog
-* Wed Jul 31 2024 Remi Collet <remi@remirepo.net> - 7.4.33-15
+* Mon Aug 26 2024 Remi Collet <remi@remirepo.net> - 7.4.33-17
+- add backport for https://bugs.php.net/79589
+ error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading
+
+* Wed Jul 31 2024 Remi Collet <remi@remirepo.net> - 7.4.33-16
- use oracle client library version 23.5 on x86_64
* Tue Jun 4 2024 Remi Collet <remi@remirepo.net> - 7.4.33-15