rebase to 8.0.12
build using system libxcrypt compatibility with OpenSSL 3.0 snmp: add sha256 / sha512 security protocol phar: implement openssl_256 and openssl_512 for phar signatures phar: use sha256 signature by default Resolves: #1936635 Resolves: #1981423 Resolves: #1992492 Resolves: #1992513 Resolves: #2015903 Resolves: #2017111
This commit is contained in:
parent
7ddd1dd827
commit
6ca5499fd9
2
.gitignore
vendored
2
.gitignore
vendored
@ -14,3 +14,5 @@ php-7.*.xz.asc
|
||||
/php-8.0.5.tar.xz.asc
|
||||
/php-8.0.6.tar.xz
|
||||
/php-8.0.6.tar.xz.asc
|
||||
/php-8.0.12.tar.xz
|
||||
/php-8.0.12.tar.xz.asc
|
||||
|
4761
php-8.0.10-openssl3.patch
Normal file
4761
php-8.0.10-openssl3.patch
Normal file
File diff suppressed because one or more lines are too long
515
php-8.0.10-phar-sha.patch
Normal file
515
php-8.0.10-phar-sha.patch
Normal file
@ -0,0 +1,515 @@
|
||||
Backported for 8.0 from
|
||||
|
||||
|
||||
From 8bb0c74e24359a11216824117ac3adf3d5ef7b71 Mon Sep 17 00:00:00 2001
|
||||
From: Remi Collet <remi@remirepo.net>
|
||||
Date: Thu, 5 Aug 2021 11:10:15 +0200
|
||||
Subject: [PATCH] switch phar to use sha256 signature by default
|
||||
|
||||
---
|
||||
ext/phar/phar/pharcommand.inc | 2 +-
|
||||
ext/phar/tests/create_new_and_modify.phpt | 4 ++--
|
||||
ext/phar/tests/create_new_phar_c.phpt | 4 ++--
|
||||
ext/phar/tests/phar_setsignaturealgo2.phpt | 2 +-
|
||||
ext/phar/tests/tar/phar_setsignaturealgo2.phpt | 2 +-
|
||||
ext/phar/tests/zip/phar_setsignaturealgo2.phpt | 2 +-
|
||||
ext/phar/util.c | 6 +++---
|
||||
ext/phar/zip.c | 2 +-
|
||||
8 files changed, 12 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/ext/phar/phar/pharcommand.inc b/ext/phar/phar/pharcommand.inc
|
||||
index a31290eee75fe..5f698b4bec26b 100644
|
||||
--- a/ext/phar/phar/pharcommand.inc
|
||||
+++ b/ext/phar/phar/pharcommand.inc
|
||||
@@ -92,7 +92,7 @@ class PharCommand extends CLICommand
|
||||
'typ' => 'select',
|
||||
'val' => NULL,
|
||||
'inf' => '<method> Selects the hash algorithm.',
|
||||
- 'select' => array('md5' => 'MD5','sha1' => 'SHA1')
|
||||
+ 'select' => array('md5' => 'MD5','sha1' => 'SHA1', 'sha256' => 'SHA256', 'sha512' => 'SHA512', 'openssl' => 'OPENSSL')
|
||||
),
|
||||
'i' => array(
|
||||
'typ' => 'regex',
|
||||
diff --git a/ext/phar/tests/create_new_and_modify.phpt b/ext/phar/tests/create_new_and_modify.phpt
|
||||
index 02e36c6cea2fe..32defcae8a639 100644
|
||||
--- a/ext/phar/tests/create_new_and_modify.phpt
|
||||
+++ b/ext/phar/tests/create_new_and_modify.phpt
|
||||
@@ -49,8 +49,8 @@ include $pname . '/b.php';
|
||||
<?php unlink(__DIR__ . '/' . basename(__FILE__, '.clean.php') . '.phar.php'); ?>
|
||||
--EXPECTF--
|
||||
brand new!
|
||||
-string(40) "%s"
|
||||
-string(40) "%s"
|
||||
+string(%d) "%s"
|
||||
+string(%d) "%s"
|
||||
bool(true)
|
||||
modified!
|
||||
another!
|
||||
diff --git a/ext/phar/tests/create_new_phar_c.phpt b/ext/phar/tests/create_new_phar_c.phpt
|
||||
index 566d3c4d5f8ad..bf6d740fd1d10 100644
|
||||
--- a/ext/phar/tests/create_new_phar_c.phpt
|
||||
+++ b/ext/phar/tests/create_new_phar_c.phpt
|
||||
@@ -20,7 +20,7 @@ var_dump($phar->getSignature());
|
||||
--EXPECTF--
|
||||
array(2) {
|
||||
["hash"]=>
|
||||
- string(40) "%s"
|
||||
+ string(64) "%s"
|
||||
["hash_type"]=>
|
||||
- string(5) "SHA-1"
|
||||
+ string(7) "SHA-256"
|
||||
}
|
||||
diff --git a/ext/phar/tests/phar_setsignaturealgo2.phpt b/ext/phar/tests/phar_setsignaturealgo2.phpt
|
||||
index 293d3196713d8..4f31836fbbbcc 100644
|
||||
--- a/ext/phar/tests/phar_setsignaturealgo2.phpt
|
||||
+++ b/ext/phar/tests/phar_setsignaturealgo2.phpt
|
||||
@@ -52,7 +52,7 @@ array(2) {
|
||||
["hash"]=>
|
||||
string(%d) "%s"
|
||||
["hash_type"]=>
|
||||
- string(5) "SHA-1"
|
||||
+ string(7) "SHA-256"
|
||||
}
|
||||
array(2) {
|
||||
["hash"]=>
|
||||
diff --git a/ext/phar/tests/tar/phar_setsignaturealgo2.phpt b/ext/phar/tests/tar/phar_setsignaturealgo2.phpt
|
||||
index 9923ac5c88476..cc10a241d739b 100644
|
||||
--- a/ext/phar/tests/tar/phar_setsignaturealgo2.phpt
|
||||
+++ b/ext/phar/tests/tar/phar_setsignaturealgo2.phpt
|
||||
@@ -51,7 +51,7 @@ array(2) {
|
||||
["hash"]=>
|
||||
string(%d) "%s"
|
||||
["hash_type"]=>
|
||||
- string(5) "SHA-1"
|
||||
+ string(7) "SHA-256"
|
||||
}
|
||||
array(2) {
|
||||
["hash"]=>
|
||||
diff --git a/ext/phar/tests/zip/phar_setsignaturealgo2.phpt b/ext/phar/tests/zip/phar_setsignaturealgo2.phpt
|
||||
index 8de77479d7825..60fec578ee894 100644
|
||||
--- a/ext/phar/tests/zip/phar_setsignaturealgo2.phpt
|
||||
+++ b/ext/phar/tests/zip/phar_setsignaturealgo2.phpt
|
||||
@@ -78,7 +78,7 @@ array(2) {
|
||||
["hash"]=>
|
||||
string(%d) "%s"
|
||||
["hash_type"]=>
|
||||
- string(5) "SHA-1"
|
||||
+ string(7) "SHA-256"
|
||||
}
|
||||
array(2) {
|
||||
["hash"]=>
|
||||
diff --git a/ext/phar/util.c b/ext/phar/util.c
|
||||
index 314acfe81a788..8d2db03b69601 100644
|
||||
--- a/ext/phar/util.c
|
||||
+++ b/ext/phar/util.c
|
||||
@@ -1798,6 +1798,8 @@ int phar_create_signature(phar_archive_d
|
||||
*signature_length = 64;
|
||||
break;
|
||||
}
|
||||
+ default:
|
||||
+ phar->sig_flags = PHAR_SIG_SHA256;
|
||||
case PHAR_SIG_SHA256: {
|
||||
unsigned char digest[32];
|
||||
PHP_SHA256_CTX context;
|
||||
@@ -1894,8 +1896,6 @@ int phar_create_signature(phar_archive_d
|
||||
*signature_length = siglen;
|
||||
}
|
||||
break;
|
||||
- default:
|
||||
- phar->sig_flags = PHAR_SIG_SHA1;
|
||||
case PHAR_SIG_SHA1: {
|
||||
unsigned char digest[20];
|
||||
PHP_SHA1_CTX context;
|
||||
diff --git a/ext/phar/zip.c b/ext/phar/zip.c
|
||||
index 31d4bd2998215..c5e38cabf7b87 100644
|
||||
--- a/ext/phar/zip.c
|
||||
+++ b/ext/phar/zip.c
|
||||
@@ -1423,7 +1423,7 @@ int phar_zip_flush(phar_archive_data *phar, char *user_stub, zend_long len, int
|
||||
|
||||
memcpy(eocd.signature, "PK\5\6", 4);
|
||||
if (!phar->is_data && !phar->sig_flags) {
|
||||
- phar->sig_flags = PHAR_SIG_SHA1;
|
||||
+ phar->sig_flags = PHAR_SIG_SHA256;
|
||||
}
|
||||
if (phar->sig_flags) {
|
||||
PHAR_SET_16(eocd.counthere, zend_hash_num_elements(&phar->manifest) + 1);
|
||||
|
||||
From c51af22fef988c1b2f92b7b9e3a9d745f7084815 Mon Sep 17 00:00:00 2001
|
||||
From: Remi Collet <remi@remirepo.net>
|
||||
Date: Thu, 5 Aug 2021 16:49:48 +0200
|
||||
Subject: [PATCH] implement openssl_256 and openssl_512 for phar singatures
|
||||
|
||||
---
|
||||
ext/openssl/openssl.c | 1 +
|
||||
ext/phar/phar.1.in | 10 +++-
|
||||
ext/phar/phar.c | 8 +++-
|
||||
ext/phar/phar/pharcommand.inc | 14 +++++-
|
||||
ext/phar/phar_internal.h | 2 +
|
||||
ext/phar/phar_object.c | 24 ++++++++--
|
||||
ext/phar/tests/files/openssl256.phar | Bin 0 -> 7129 bytes
|
||||
ext/phar/tests/files/openssl256.phar.pubkey | 6 +++
|
||||
ext/phar/tests/files/openssl512.phar | Bin 0 -> 7129 bytes
|
||||
ext/phar/tests/files/openssl512.phar.pubkey | 6 +++
|
||||
.../phar_get_supported_signatures_002a.phpt | 6 ++-
|
||||
.../tests/tar/phar_setsignaturealgo2.phpt | 16 +++++++
|
||||
ext/phar/tests/test_signaturealgos.phpt | 8 ++++
|
||||
ext/phar/util.c | 45 ++++++++++++++----
|
||||
14 files changed, 128 insertions(+), 18 deletions(-)
|
||||
create mode 100644 ext/phar/tests/files/openssl256.phar
|
||||
create mode 100644 ext/phar/tests/files/openssl256.phar.pubkey
|
||||
create mode 100644 ext/phar/tests/files/openssl512.phar
|
||||
create mode 100644 ext/phar/tests/files/openssl512.phar.pubkey
|
||||
|
||||
diff --git a/ext/phar/phar.1.in b/ext/phar/phar.1.in
|
||||
index 77912b241dfd5..323e77b0e2a3b 100644
|
||||
--- a/ext/phar/phar.1.in
|
||||
+++ b/ext/phar/phar.1.in
|
||||
@@ -475,7 +475,15 @@ SHA512
|
||||
.TP
|
||||
.PD
|
||||
.B openssl
|
||||
-OpenSSL
|
||||
+OpenSSL using SHA-1
|
||||
+.TP
|
||||
+.PD
|
||||
+.B openssl_sha256
|
||||
+OpenSSL using SHA-256
|
||||
+.TP
|
||||
+.PD
|
||||
+.B openssl_sha512
|
||||
+OpenSSL using SHA-512
|
||||
|
||||
.SH SEE ALSO
|
||||
For a more or less complete description of PHAR look here:
|
||||
diff --git a/ext/phar/phar.c b/ext/phar/phar.c
|
||||
index 77f21cef9da53..bc08e4edde05d 100644
|
||||
--- a/ext/phar/phar.c
|
||||
+++ b/ext/phar/phar.c
|
||||
@@ -869,6 +869,8 @@ static int phar_parse_pharfile(php_stream *fp, char *fname, size_t fname_len, ch
|
||||
PHAR_GET_32(sig_ptr, sig_flags);
|
||||
|
||||
switch(sig_flags) {
|
||||
+ case PHAR_SIG_OPENSSL_SHA512:
|
||||
+ case PHAR_SIG_OPENSSL_SHA256:
|
||||
case PHAR_SIG_OPENSSL: {
|
||||
uint32_t signature_len;
|
||||
char *sig;
|
||||
@@ -903,7 +905,7 @@ static int phar_parse_pharfile(php_stream *fp, char *fname, size_t fname_len, ch
|
||||
return FAILURE;
|
||||
}
|
||||
|
||||
- if (FAILURE == phar_verify_signature(fp, end_of_phar, PHAR_SIG_OPENSSL, sig, signature_len, fname, &signature, &sig_len, error)) {
|
||||
+ if (FAILURE == phar_verify_signature(fp, end_of_phar, sig_flags, sig, signature_len, fname, &signature, &sig_len, error)) {
|
||||
efree(savebuf);
|
||||
efree(sig);
|
||||
php_stream_close(fp);
|
||||
@@ -3162,7 +3164,9 @@ int phar_flush(phar_archive_data *phar, char *user_stub, zend_long len, int conv
|
||||
|
||||
php_stream_write(newfile, digest, digest_len);
|
||||
efree(digest);
|
||||
- if (phar->sig_flags == PHAR_SIG_OPENSSL) {
|
||||
+ if (phar->sig_flags == PHAR_SIG_OPENSSL ||
|
||||
+ phar->sig_flags == PHAR_SIG_OPENSSL_SHA256 ||
|
||||
+ phar->sig_flags == PHAR_SIG_OPENSSL_SHA512) {
|
||||
phar_set_32(sig_buf, digest_len);
|
||||
php_stream_write(newfile, sig_buf, 4);
|
||||
}
|
||||
diff --git a/ext/phar/phar/pharcommand.inc b/ext/phar/phar/pharcommand.inc
|
||||
index 5f698b4bec26b..1b1eeca59c560 100644
|
||||
--- a/ext/phar/phar/pharcommand.inc
|
||||
+++ b/ext/phar/phar/pharcommand.inc
|
||||
@@ -92,7 +92,7 @@ class PharCommand extends CLICommand
|
||||
'typ' => 'select',
|
||||
'val' => NULL,
|
||||
'inf' => '<method> Selects the hash algorithm.',
|
||||
- 'select' => array('md5' => 'MD5','sha1' => 'SHA1', 'sha256' => 'SHA256', 'sha512' => 'SHA512', 'openssl' => 'OPENSSL')
|
||||
+ 'select' => ['md5' => 'MD5','sha1' => 'SHA1', 'sha256' => 'SHA256', 'sha512' => 'SHA512', 'openssl' => 'OPENSSL', 'openssl_sha256' => 'OPENSSL_SHA256', 'openssl_sha512' => 'OPENSSL_SHA512']
|
||||
),
|
||||
'i' => array(
|
||||
'typ' => 'regex',
|
||||
@@ -156,6 +156,8 @@ class PharCommand extends CLICommand
|
||||
$hash_avail = Phar::getSupportedSignatures();
|
||||
$hash_optional = array('SHA-256' => 'SHA256',
|
||||
'SHA-512' => 'SHA512',
|
||||
+ 'OpenSSL_sha256' => 'OpenSSL_SHA256',
|
||||
+ 'OpenSSL_sha512' => 'OpenSSL_SHA512',
|
||||
'OpenSSL' => 'OpenSSL');
|
||||
if (!in_array('OpenSSL', $hash_avail)) {
|
||||
unset($phar_args['y']);
|
||||
@@ -429,6 +431,16 @@ class PharCommand extends CLICommand
|
||||
self::error("Cannot use OpenSSL signing without key.\n");
|
||||
}
|
||||
return Phar::OPENSSL;
|
||||
+ case 'openssl_sha256':
|
||||
+ if (!$privkey) {
|
||||
+ self::error("Cannot use OpenSSL signing without key.\n");
|
||||
+ }
|
||||
+ return Phar::OPENSSL_SHA256;
|
||||
+ case 'openssl_sha512':
|
||||
+ if (!$privkey) {
|
||||
+ self::error("Cannot use OpenSSL signing without key.\n");
|
||||
+ }
|
||||
+ return Phar::OPENSSL_SHA512;
|
||||
}
|
||||
}
|
||||
// }}}
|
||||
diff --git a/ext/phar/phar_internal.h b/ext/phar/phar_internal.h
|
||||
index a9f81e2ab994a..30b408a8c4462 100644
|
||||
--- a/ext/phar/phar_internal.h
|
||||
+++ b/ext/phar/phar_internal.h
|
||||
@@ -88,6 +88,8 @@
|
||||
#define PHAR_SIG_SHA256 0x0003
|
||||
#define PHAR_SIG_SHA512 0x0004
|
||||
#define PHAR_SIG_OPENSSL 0x0010
|
||||
+#define PHAR_SIG_OPENSSL_SHA256 0x0011
|
||||
+#define PHAR_SIG_OPENSSL_SHA512 0x0012
|
||||
|
||||
/* flags byte for each file adheres to these bitmasks.
|
||||
All unused values are reserved */
|
||||
diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c
|
||||
index 9c1e5f2fa1eef..c05970e657f18 100644
|
||||
--- a/ext/phar/phar_object.c
|
||||
+++ b/ext/phar/phar_object.c
|
||||
@@ -1246,9 +1246,13 @@ PHP_METHOD(Phar, getSupportedSignatures)
|
||||
add_next_index_stringl(return_value, "SHA-512", 7);
|
||||
#ifdef PHAR_HAVE_OPENSSL
|
||||
add_next_index_stringl(return_value, "OpenSSL", 7);
|
||||
+ add_next_index_stringl(return_value, "OpenSSL_SHA256", 14);
|
||||
+ add_next_index_stringl(return_value, "OpenSSL_SHA512", 14);
|
||||
#else
|
||||
if (zend_hash_str_exists(&module_registry, "openssl", sizeof("openssl")-1)) {
|
||||
add_next_index_stringl(return_value, "OpenSSL", 7);
|
||||
+ add_next_index_stringl(return_value, "OpenSSL_SHA256", 14);
|
||||
+ add_next_index_stringl(return_value, "OpenSSL_SHA512", 14);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
@@ -3028,6 +3032,8 @@ PHP_METHOD(Phar, setSignatureAlgorithm)
|
||||
case PHAR_SIG_MD5:
|
||||
case PHAR_SIG_SHA1:
|
||||
case PHAR_SIG_OPENSSL:
|
||||
+ case PHAR_SIG_OPENSSL_SHA256:
|
||||
+ case PHAR_SIG_OPENSSL_SHA512:
|
||||
if (phar_obj->archive->is_persistent && FAILURE == phar_copy_on_write(&(phar_obj->archive))) {
|
||||
zend_throw_exception_ex(phar_ce_PharException, 0, "phar \"%s\" is persistent, unable to copy on write", phar_obj->archive->fname);
|
||||
RETURN_THROWS();
|
||||
@@ -3066,19 +3072,25 @@ PHP_METHOD(Phar, getSignature)
|
||||
add_assoc_stringl(return_value, "hash", phar_obj->archive->signature, phar_obj->archive->sig_len);
|
||||
switch(phar_obj->archive->sig_flags) {
|
||||
case PHAR_SIG_MD5:
|
||||
- add_assoc_stringl(return_value, "hash_type", "MD5", 3);
|
||||
+ add_assoc_string(return_value, "hash_type", "MD5");
|
||||
break;
|
||||
case PHAR_SIG_SHA1:
|
||||
- add_assoc_stringl(return_value, "hash_type", "SHA-1", 5);
|
||||
+ add_assoc_string(return_value, "hash_type", "SHA-1");
|
||||
break;
|
||||
case PHAR_SIG_SHA256:
|
||||
- add_assoc_stringl(return_value, "hash_type", "SHA-256", 7);
|
||||
+ add_assoc_string(return_value, "hash_type", "SHA-256");
|
||||
break;
|
||||
case PHAR_SIG_SHA512:
|
||||
- add_assoc_stringl(return_value, "hash_type", "SHA-512", 7);
|
||||
+ add_assoc_string(return_value, "hash_type", "SHA-512");
|
||||
break;
|
||||
case PHAR_SIG_OPENSSL:
|
||||
- add_assoc_stringl(return_value, "hash_type", "OpenSSL", 7);
|
||||
+ add_assoc_string(return_value, "hash_type", "OpenSSL");
|
||||
+ break;
|
||||
+ case PHAR_SIG_OPENSSL_SHA256:
|
||||
+ add_assoc_string(return_value, "hash_type", "OpenSSL_SHA256");
|
||||
+ break;
|
||||
+ case PHAR_SIG_OPENSSL_SHA512:
|
||||
+ add_assoc_string(return_value, "hash_type", "OpenSSL_SHA512");
|
||||
break;
|
||||
default:
|
||||
unknown = strpprintf(0, "Unknown (%u)", phar_obj->archive->sig_flags);
|
||||
@@ -5103,6 +5115,8 @@ void phar_object_init(void) /* {{{ */
|
||||
REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "PHPS", PHAR_MIME_PHPS)
|
||||
REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "MD5", PHAR_SIG_MD5)
|
||||
REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "OPENSSL", PHAR_SIG_OPENSSL)
|
||||
+ REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "OPENSSL_SHA256", PHAR_SIG_OPENSSL_SHA256)
|
||||
+ REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "OPENSSL_SHA512", PHAR_SIG_OPENSSL_SHA512)
|
||||
REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "SHA1", PHAR_SIG_SHA1)
|
||||
REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "SHA256", PHAR_SIG_SHA256)
|
||||
REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "SHA512", PHAR_SIG_SHA512)
|
||||
diff --git a/ext/phar/tests/phar_get_supported_signatures_002a.phpt b/ext/phar/tests/phar_get_supported_signatures_002a.phpt
|
||||
index 06d811f2c35c2..639143b3d2c90 100644
|
||||
--- a/ext/phar/tests/phar_get_supported_signatures_002a.phpt
|
||||
+++ b/ext/phar/tests/phar_get_supported_signatures_002a.phpt
|
||||
@@ -14,7 +14,7 @@ phar.readonly=0
|
||||
var_dump(Phar::getSupportedSignatures());
|
||||
?>
|
||||
--EXPECT--
|
||||
-array(5) {
|
||||
+array(7) {
|
||||
[0]=>
|
||||
string(3) "MD5"
|
||||
[1]=>
|
||||
@@ -25,4 +25,8 @@ array(5) {
|
||||
string(7) "SHA-512"
|
||||
[4]=>
|
||||
string(7) "OpenSSL"
|
||||
+ [5]=>
|
||||
+ string(14) "OpenSSL_SHA256"
|
||||
+ [6]=>
|
||||
+ string(14) "OpenSSL_SHA512"
|
||||
}
|
||||
diff --git a/ext/phar/tests/tar/phar_setsignaturealgo2.phpt b/ext/phar/tests/tar/phar_setsignaturealgo2.phpt
|
||||
index cc10a241d739b..c2eb5d77a5bf0 100644
|
||||
--- a/ext/phar/tests/tar/phar_setsignaturealgo2.phpt
|
||||
+++ b/ext/phar/tests/tar/phar_setsignaturealgo2.phpt
|
||||
@@ -38,6 +38,10 @@ $pkey = '';
|
||||
openssl_pkey_export($private, $pkey, NULL, $config_arg);
|
||||
$p->setSignatureAlgorithm(Phar::OPENSSL, $pkey);
|
||||
var_dump($p->getSignature());
|
||||
+$p->setSignatureAlgorithm(Phar::OPENSSL_SHA512, $pkey);
|
||||
+var_dump($p->getSignature());
|
||||
+$p->setSignatureAlgorithm(Phar::OPENSSL_SHA256, $pkey);
|
||||
+var_dump($p->getSignature());
|
||||
} catch (Exception $e) {
|
||||
echo $e->getMessage();
|
||||
}
|
||||
@@ -83,3 +87,15 @@ array(2) {
|
||||
["hash_type"]=>
|
||||
string(7) "OpenSSL"
|
||||
}
|
||||
+array(2) {
|
||||
+ ["hash"]=>
|
||||
+ string(%d) "%s"
|
||||
+ ["hash_type"]=>
|
||||
+ string(14) "OpenSSL_SHA512"
|
||||
+}
|
||||
+array(2) {
|
||||
+ ["hash"]=>
|
||||
+ string(%d) "%s"
|
||||
+ ["hash_type"]=>
|
||||
+ string(14) "OpenSSL_SHA256"
|
||||
+}
|
||||
diff --git a/ext/phar/util.c b/ext/phar/util.c
|
||||
index 8d2db03b69601..515830bf2c70a 100644
|
||||
--- a/ext/phar/util.c
|
||||
+++ b/ext/phar/util.c
|
||||
@@ -34,7 +34,7 @@
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/pkcs12.h>
|
||||
#else
|
||||
-static int phar_call_openssl_signverify(int is_sign, php_stream *fp, zend_off_t end, char *key, size_t key_len, char **signature, size_t *signature_len);
|
||||
+static int phar_call_openssl_signverify(int is_sign, php_stream *fp, zend_off_t end, char *key, size_t key_len, char **signature, size_t *signature_len, php_uint32 sig_type);
|
||||
#endif
|
||||
|
||||
/* for links to relative location, prepend cwd of the entry */
|
||||
@@ -1381,11 +1381,11 @@ static int phar_hex_str(const char *digest, size_t digest_len, char **signature)
|
||||
/* }}} */
|
||||
|
||||
#ifndef PHAR_HAVE_OPENSSL
|
||||
-static int phar_call_openssl_signverify(int is_sign, php_stream *fp, zend_off_t end, char *key, size_t key_len, char **signature, size_t *signature_len) /* {{{ */
|
||||
+static int phar_call_openssl_signverify(int is_sign, php_stream *fp, zend_off_t end, char *key, size_t key_len, char **signature, size_t *signature_len, php_uint32 sig_type) /* {{{ */
|
||||
{
|
||||
zend_fcall_info fci;
|
||||
zend_fcall_info_cache fcc;
|
||||
- zval retval, zp[3], openssl;
|
||||
+ zval retval, zp[4], openssl;
|
||||
zend_string *str;
|
||||
|
||||
ZVAL_STRINGL(&openssl, is_sign ? "openssl_sign" : "openssl_verify", is_sign ? sizeof("openssl_sign")-1 : sizeof("openssl_verify")-1);
|
||||
@@ -1402,6 +1402,14 @@ static int phar_call_openssl_signverify(int is_sign, php_stream *fp, zend_off_t
|
||||
} else {
|
||||
ZVAL_EMPTY_STRING(&zp[0]);
|
||||
}
|
||||
+ if (sig_type == PHAR_SIG_OPENSSL_SHA512) {
|
||||
+ ZVAL_LONG(&zp[3], 9); /* value from openssl.c #define OPENSSL_ALGO_SHA512 9 */
|
||||
+ } else if (sig_type == PHAR_SIG_OPENSSL_SHA256) {
|
||||
+ ZVAL_LONG(&zp[3], 7); /* value from openssl.c #define OPENSSL_ALGO_SHA256 7 */
|
||||
+ } else {
|
||||
+ /* don't rely on default value which may change in the future */
|
||||
+ ZVAL_LONG(&zp[3], 1); /* value from openssl.c #define OPENSSL_ALGO_SHA1 1 */
|
||||
+ }
|
||||
|
||||
if ((size_t)end != Z_STRLEN(zp[0])) {
|
||||
zval_ptr_dtor_str(&zp[0]);
|
||||
@@ -1419,7 +1427,7 @@ static int phar_call_openssl_signverify(int is_sign, php_stream *fp, zend_off_t
|
||||
return FAILURE;
|
||||
}
|
||||
|
||||
- fci.param_count = 3;
|
||||
+ fci.param_count = 4;
|
||||
fci.params = zp;
|
||||
Z_ADDREF(zp[0]);
|
||||
if (is_sign) {
|
||||
@@ -1482,12 +1490,22 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, uint32_t sig_type,
|
||||
php_stream_rewind(fp);
|
||||
|
||||
switch (sig_type) {
|
||||
+ case PHAR_SIG_OPENSSL_SHA512:
|
||||
+ case PHAR_SIG_OPENSSL_SHA256:
|
||||
case PHAR_SIG_OPENSSL: {
|
||||
#ifdef PHAR_HAVE_OPENSSL
|
||||
BIO *in;
|
||||
EVP_PKEY *key;
|
||||
- EVP_MD *mdtype = (EVP_MD *) EVP_sha1();
|
||||
+ const EVP_MD *mdtype;
|
||||
EVP_MD_CTX *md_ctx;
|
||||
+
|
||||
+ if (sig_type == PHAR_SIG_OPENSSL_SHA512) {
|
||||
+ mdtype = EVP_sha512();
|
||||
+ } else if (sig_type == PHAR_SIG_OPENSSL_SHA256) {
|
||||
+ mdtype = EVP_sha256();
|
||||
+ } else {
|
||||
+ mdtype = EVP_sha1();
|
||||
+ }
|
||||
#else
|
||||
size_t tempsig;
|
||||
#endif
|
||||
@@ -1521,7 +1539,7 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, uint32_t sig_type,
|
||||
#ifndef PHAR_HAVE_OPENSSL
|
||||
tempsig = sig_len;
|
||||
|
||||
- if (FAILURE == phar_call_openssl_signverify(0, fp, end_of_phar, pubkey ? ZSTR_VAL(pubkey) : NULL, pubkey ? ZSTR_LEN(pubkey) : 0, &sig, &tempsig)) {
|
||||
+ if (FAILURE == phar_call_openssl_signverify(0, fp, end_of_phar, pubkey ? ZSTR_VAL(pubkey) : NULL, pubkey ? ZSTR_LEN(pubkey) : 0, &sig, &tempsig, sig_type)) {
|
||||
if (pubkey) {
|
||||
zend_string_release_ex(pubkey, 0);
|
||||
}
|
||||
@@ -1815,6 +1833,8 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
|
||||
*signature_length = 32;
|
||||
break;
|
||||
}
|
||||
+ case PHAR_SIG_OPENSSL_SHA512:
|
||||
+ case PHAR_SIG_OPENSSL_SHA256:
|
||||
case PHAR_SIG_OPENSSL: {
|
||||
unsigned char *sigbuf;
|
||||
#ifdef PHAR_HAVE_OPENSSL
|
||||
@@ -1822,6 +1842,15 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
|
||||
BIO *in;
|
||||
EVP_PKEY *key;
|
||||
EVP_MD_CTX *md_ctx;
|
||||
+ const EVP_MD *mdtype;
|
||||
+
|
||||
+ if (phar->sig_flags == PHAR_SIG_OPENSSL_SHA512) {
|
||||
+ mdtype = EVP_sha512();
|
||||
+ } else if (phar->sig_flags == PHAR_SIG_OPENSSL_SHA256) {
|
||||
+ mdtype = EVP_sha256();
|
||||
+ } else {
|
||||
+ mdtype = EVP_sha1();
|
||||
+ }
|
||||
|
||||
in = BIO_new_mem_buf(PHAR_G(openssl_privatekey), PHAR_G(openssl_privatekey_len));
|
||||
|
||||
@@ -1847,7 +1876,7 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
|
||||
siglen = EVP_PKEY_size(key);
|
||||
sigbuf = emalloc(siglen + 1);
|
||||
|
||||
- if (!EVP_SignInit(md_ctx, EVP_sha1())) {
|
||||
+ if (!EVP_SignInit(md_ctx, mdtype)) {
|
||||
EVP_PKEY_free(key);
|
||||
efree(sigbuf);
|
||||
if (error) {
|
||||
@@ -1885,7 +1914,7 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
|
||||
siglen = 0;
|
||||
php_stream_seek(fp, 0, SEEK_END);
|
||||
|
||||
- if (FAILURE == phar_call_openssl_signverify(1, fp, php_stream_tell(fp), PHAR_G(openssl_privatekey), PHAR_G(openssl_privatekey_len), (char **)&sigbuf, &siglen)) {
|
||||
+ if (FAILURE == phar_call_openssl_signverify(1, fp, php_stream_tell(fp), PHAR_G(openssl_privatekey), PHAR_G(openssl_privatekey_len), (char **)&sigbuf, &siglen, phar->sig_flags)) {
|
||||
if (error) {
|
||||
spprintf(error, 0, "unable to write phar \"%s\" with requested openssl signature", phar->fname);
|
||||
}
|
143
php-8.0.10-snmp-sha.patch
Normal file
143
php-8.0.10-snmp-sha.patch
Normal file
@ -0,0 +1,143 @@
|
||||
Backported for 8.0 from
|
||||
|
||||
|
||||
From 718e91343fddb8817a004f96f111c424843bf746 Mon Sep 17 00:00:00 2001
|
||||
From: Remi Collet <remi@php.net>
|
||||
Date: Wed, 11 Aug 2021 13:02:18 +0200
|
||||
Subject: [PATCH] add SHA256 and SHA512 for security protocol
|
||||
|
||||
---
|
||||
ext/snmp/config.m4 | 18 +++++++++-
|
||||
ext/snmp/snmp.c | 33 ++++++++++++++++++-
|
||||
.../tests/snmp-object-setSecurity_error.phpt | 2 +-
|
||||
ext/snmp/tests/snmp3-error.phpt | 2 +-
|
||||
4 files changed, 51 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/ext/snmp/config.m4 b/ext/snmp/config.m4
|
||||
index 1475ddfe2b7f0..f285a572de9cb 100644
|
||||
--- a/ext/snmp/config.m4
|
||||
+++ b/ext/snmp/config.m4
|
||||
@@ -30,7 +30,7 @@ if test "$PHP_SNMP" != "no"; then
|
||||
AC_MSG_ERROR([Could not find the required paths. Please check your net-snmp installation.])
|
||||
fi
|
||||
else
|
||||
- AC_MSG_ERROR([Net-SNMP version 5.3 or greater reqired (detected $snmp_full_version).])
|
||||
+ AC_MSG_ERROR([Net-SNMP version 5.3 or greater required (detected $snmp_full_version).])
|
||||
fi
|
||||
else
|
||||
AC_MSG_ERROR([Could not find net-snmp-config binary. Please check your net-snmp installation.])
|
||||
@@ -54,6 +54,22 @@ if test "$PHP_SNMP" != "no"; then
|
||||
$SNMP_SHARED_LIBADD
|
||||
])
|
||||
|
||||
+ dnl Check whether usmHMAC192SHA256AuthProtocol exists.
|
||||
+ PHP_CHECK_LIBRARY($SNMP_LIBNAME, usmHMAC192SHA256AuthProtocol,
|
||||
+ [
|
||||
+ AC_DEFINE(HAVE_SNMP_SHA256, 1, [ ])
|
||||
+ ], [], [
|
||||
+ $SNMP_SHARED_LIBADD
|
||||
+ ])
|
||||
+
|
||||
+ dnl Check whether usmHMAC384SHA512AuthProtocol exists.
|
||||
+ PHP_CHECK_LIBRARY($SNMP_LIBNAME, usmHMAC384SHA512AuthProtocol,
|
||||
+ [
|
||||
+ AC_DEFINE(HAVE_SNMP_SHA512, 1, [ ])
|
||||
+ ], [], [
|
||||
+ $SNMP_SHARED_LIBADD
|
||||
+ ])
|
||||
+
|
||||
PHP_NEW_EXTENSION(snmp, snmp.c, $ext_shared)
|
||||
PHP_SUBST(SNMP_SHARED_LIBADD)
|
||||
fi
|
||||
diff --git a/ext/snmp/snmp.c b/ext/snmp/snmp.c
|
||||
index 69d6549405b17..f0917501751f5 100644
|
||||
--- a/ext/snmp/snmp.c
|
||||
+++ b/ext/snmp/snmp.c
|
||||
@@ -29,6 +29,7 @@
|
||||
#include "php_snmp.h"
|
||||
|
||||
#include "zend_exceptions.h"
|
||||
+#include "zend_smart_string.h"
|
||||
#include "ext/spl/spl_exceptions.h"
|
||||
#include "snmp_arginfo.h"
|
||||
|
||||
@@ -938,16 +939,48 @@ static int netsnmp_session_set_auth_prot
|
||||
if (!strcasecmp(prot, "MD5")) {
|
||||
s->securityAuthProto = usmHMACMD5AuthProtocol;
|
||||
s->securityAuthProtoLen = USM_AUTH_PROTO_MD5_LEN;
|
||||
- } else
|
||||
+ return true;
|
||||
+ }
|
||||
#endif
|
||||
+
|
||||
if (!strcasecmp(prot, "SHA")) {
|
||||
s->securityAuthProto = usmHMACSHA1AuthProtocol;
|
||||
s->securityAuthProtoLen = USM_AUTH_PROTO_SHA_LEN;
|
||||
- } else {
|
||||
- zend_value_error("Authentication protocol must be either \"MD5\" or \"SHA\"");
|
||||
- return (-1);
|
||||
+ return true;
|
||||
}
|
||||
- return (0);
|
||||
+
|
||||
+#ifdef HAVE_SNMP_SHA256
|
||||
+ if (!strcasecmp(prot, "SHA256")) {
|
||||
+ s->securityAuthProto = usmHMAC192SHA256AuthProtocol;
|
||||
+ s->securityAuthProtoLen = sizeof(usmHMAC192SHA256AuthProtocol) / sizeof(oid);
|
||||
+ return true;
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
+#ifdef HAVE_SNMP_SHA512
|
||||
+ if (!strcasecmp(prot, "SHA512")) {
|
||||
+ s->securityAuthProto = usmHMAC384SHA512AuthProtocol;
|
||||
+ s->securityAuthProtoLen = sizeof(usmHMAC384SHA512AuthProtocol) / sizeof(oid);
|
||||
+ return true;
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
+ smart_string err = {0};
|
||||
+
|
||||
+ smart_string_appends(&err, "Authentication protocol must be \"SHA\"");
|
||||
+#ifdef HAVE_SNMP_SHA256
|
||||
+ smart_string_appends(&err, " or \"SHA256\"");
|
||||
+#endif
|
||||
+#ifdef HAVE_SNMP_SHA512
|
||||
+ smart_string_appends(&err, " or \"SHA512\"");
|
||||
+#endif
|
||||
+#ifndef DISABLE_MD5
|
||||
+ smart_string_appends(&err, " or \"MD5\"");
|
||||
+#endif
|
||||
+ smart_string_0(&err);
|
||||
+ zend_value_error("%s", err.c);
|
||||
+ smart_string_free(&err);
|
||||
+ return false;
|
||||
}
|
||||
/* }}} */
|
||||
|
||||
diff --git a/ext/snmp/tests/snmp-object-setSecurity_error.phpt b/ext/snmp/tests/snmp-object-setSecurity_error.phpt
|
||||
index f8de846492a75..cf4f928837773 100644
|
||||
--- a/ext/snmp/tests/snmp-object-setSecurity_error.phpt
|
||||
+++ b/ext/snmp/tests/snmp-object-setSecurity_error.phpt
|
||||
@@ -59,7 +59,7 @@ var_dump($session->close());
|
||||
--EXPECTF--
|
||||
Security level must be one of "noAuthNoPriv", "authNoPriv", or "authPriv"
|
||||
Security level must be one of "noAuthNoPriv", "authNoPriv", or "authPriv"
|
||||
-Authentication protocol must be either "MD5" or "SHA"
|
||||
+Authentication protocol must be %s
|
||||
|
||||
Warning: SNMP::setSecurity(): Error generating a key for authentication pass phrase '': Generic error (The supplied password length is too short.) in %s on line %d
|
||||
bool(false)
|
||||
diff --git a/ext/snmp/tests/snmp3-error.phpt b/ext/snmp/tests/snmp3-error.phpt
|
||||
index 849e363b45058..389800dad6b28 100644
|
||||
--- a/ext/snmp/tests/snmp3-error.phpt
|
||||
+++ b/ext/snmp/tests/snmp3-error.phpt
|
||||
@@ -58,7 +58,7 @@ try {
|
||||
Checking error handling
|
||||
Security level must be one of "noAuthNoPriv", "authNoPriv", or "authPriv"
|
||||
Security level must be one of "noAuthNoPriv", "authNoPriv", or "authPriv"
|
||||
-Authentication protocol must be either "MD5" or "SHA"
|
||||
+Authentication protocol must be %s
|
||||
|
||||
Warning: snmp3_get(): Error generating a key for authentication pass phrase '': Generic error (The supplied password length is too short.) in %s on line %d
|
||||
bool(false)
|
@ -5,6 +5,7 @@ Add support for use of the system timezone database, rather
|
||||
than embedding a copy. Discussed upstream but was not desired.
|
||||
|
||||
History:
|
||||
r20: adapt for timelib 2020.03 (in 8.0.10RC1)
|
||||
r19: adapt for timelib 2020.02 (in 8.0.0beta2)
|
||||
r18: adapt for autotool change in 7.3.3RC1
|
||||
r17: adapt for timelib 2018.01 (in 7.3.2RC1)
|
||||
@ -30,9 +31,9 @@ r3: fix a crash if /usr/share/zoneinfo doesn't exist (Raphael Geissert)
|
||||
r2: add filesystem trawl to set up name alias index
|
||||
r1: initial revision
|
||||
|
||||
diff -up php-8.0.0beta3/ext/date/config0.m4.systzdata php-8.0.0beta3/ext/date/config0.m4
|
||||
--- php-8.0.0beta3/ext/date/config0.m4.systzdata 2020-09-01 19:13:26.000000000 +0200
|
||||
+++ php-8.0.0beta3/ext/date/config0.m4 2020-09-02 08:07:51.039979873 +0200
|
||||
diff -up ./ext/date/config0.m4.systzdata ./ext/date/config0.m4
|
||||
--- ./ext/date/config0.m4.systzdata 2021-08-10 11:35:28.000000000 +0200
|
||||
+++ ./ext/date/config0.m4 2021-08-10 12:09:41.067003517 +0200
|
||||
@@ -4,6 +4,19 @@ AC_CHECK_HEADERS([io.h])
|
||||
dnl Check for strtoll, atoll
|
||||
AC_CHECK_FUNCS(strtoll atoll)
|
||||
@ -53,9 +54,9 @@ diff -up php-8.0.0beta3/ext/date/config0.m4.systzdata php-8.0.0beta3/ext/date/co
|
||||
PHP_DATE_CFLAGS="-I@ext_builddir@/lib -DZEND_ENABLE_STATIC_TSRMLS_CACHE=1 -DHAVE_TIMELIB_CONFIG_H=1"
|
||||
timelib_sources="lib/astro.c lib/dow.c lib/parse_date.c lib/parse_tz.c
|
||||
lib/timelib.c lib/tm2unixtime.c lib/unixtime2tm.c lib/parse_iso_intervals.c lib/interval.c"
|
||||
diff -up php-8.0.0beta3/ext/date/lib/parse_tz.c.systzdata php-8.0.0beta3/ext/date/lib/parse_tz.c
|
||||
--- php-8.0.0beta3/ext/date/lib/parse_tz.c.systzdata 2020-09-01 19:13:26.000000000 +0200
|
||||
+++ php-8.0.0beta3/ext/date/lib/parse_tz.c 2020-09-02 08:07:51.039979873 +0200
|
||||
diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c
|
||||
--- ./ext/date/lib/parse_tz.c.systzdata 2021-08-10 11:35:28.000000000 +0200
|
||||
+++ ./ext/date/lib/parse_tz.c 2021-08-10 12:12:13.191605207 +0200
|
||||
@@ -26,8 +26,21 @@
|
||||
#include "timelib.h"
|
||||
#include "timelib_private.h"
|
||||
@ -90,7 +91,7 @@ diff -up php-8.0.0beta3/ext/date/lib/parse_tz.c.systzdata php-8.0.0beta3/ext/dat
|
||||
/* read ID */
|
||||
version = (*tzf)[3] - '0';
|
||||
*tzf += 4;
|
||||
@@ -418,7 +436,429 @@ void timelib_dump_tzinfo(timelib_tzinfo
|
||||
@@ -435,7 +453,429 @@ void timelib_dump_tzinfo(timelib_tzinfo
|
||||
}
|
||||
}
|
||||
|
||||
@ -521,7 +522,7 @@ diff -up php-8.0.0beta3/ext/date/lib/parse_tz.c.systzdata php-8.0.0beta3/ext/dat
|
||||
{
|
||||
int left = 0, right = tzdb->index_size - 1;
|
||||
|
||||
@@ -444,9 +884,48 @@ static int seek_to_tz_position(const uns
|
||||
@@ -461,9 +901,48 @@ static int seek_to_tz_position(const uns
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -570,7 +571,7 @@ diff -up php-8.0.0beta3/ext/date/lib/parse_tz.c.systzdata php-8.0.0beta3/ext/dat
|
||||
}
|
||||
|
||||
const timelib_tzdb_index_entry *timelib_timezone_identifiers_list(const timelib_tzdb *tzdb, int *count)
|
||||
@@ -458,7 +937,30 @@ const timelib_tzdb_index_entry *timelib_
|
||||
@@ -475,7 +954,30 @@ const timelib_tzdb_index_entry *timelib_
|
||||
int timelib_timezone_id_is_valid(const char *timezone, const timelib_tzdb *tzdb)
|
||||
{
|
||||
const unsigned char *tzf;
|
||||
@ -602,7 +603,7 @@ diff -up php-8.0.0beta3/ext/date/lib/parse_tz.c.systzdata php-8.0.0beta3/ext/dat
|
||||
}
|
||||
|
||||
static int skip_64bit_preamble(const unsigned char **tzf, timelib_tzinfo *tz)
|
||||
@@ -500,12 +1002,14 @@ static timelib_tzinfo* timelib_tzinfo_ct
|
||||
@@ -517,6 +1019,8 @@ static timelib_tzinfo* timelib_tzinfo_ct
|
||||
timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *tzdb, int *error_code)
|
||||
{
|
||||
const unsigned char *tzf;
|
||||
@ -611,14 +612,16 @@ diff -up php-8.0.0beta3/ext/date/lib/parse_tz.c.systzdata php-8.0.0beta3/ext/dat
|
||||
timelib_tzinfo *tmp;
|
||||
int version;
|
||||
int transitions_result, types_result;
|
||||
unsigned int type; /* TIMELIB_TZINFO_PHP or TIMELIB_TZINFO_ZONEINFO */
|
||||
@@ -524,7 +1028,7 @@ timelib_tzinfo *timelib_parse_tzfile(con
|
||||
|
||||
*error_code = TIMELIB_ERROR_NO_ERROR;
|
||||
|
||||
- if (seek_to_tz_position(&tzf, timezone, tzdb)) {
|
||||
+ if (seek_to_tz_position(&tzf, timezone, &memmap, &maplen, tzdb)) {
|
||||
tmp = timelib_tzinfo_ctor(timezone);
|
||||
|
||||
version = read_preamble(&tzf, tmp, &type);
|
||||
@@ -540,11 +1044,36 @@ timelib_tzinfo *timelib_parse_tzfile(con
|
||||
@@ -563,11 +1067,36 @@ timelib_tzinfo *timelib_parse_tzfile(con
|
||||
}
|
||||
skip_posix_string(&tzf, tmp);
|
||||
|
66
php-8.0.12-crypt.patch
Normal file
66
php-8.0.12-crypt.patch
Normal file
@ -0,0 +1,66 @@
|
||||
From 9f98bc58c7bb7fdbb25614ca645bbd7a465fdfed Mon Sep 17 00:00:00 2001
|
||||
From: Remi Collet <remi@remirepo.net>
|
||||
Date: Fri, 15 Oct 2021 15:45:50 +0200
|
||||
Subject: [PATCH] remove closing bracket in bad place
|
||||
|
||||
---
|
||||
build/php.m4 | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/build/php.m4 b/build/php.m4
|
||||
index 9746ba28f325..7fb9e3125d13 100644
|
||||
--- a/build/php.m4
|
||||
+++ b/build/php.m4
|
||||
@@ -2219,7 +2219,6 @@ struct crypt_data buffer;
|
||||
crypt_r("passwd", "hash", &buffer);
|
||||
]])],[php_cv_crypt_r_style=struct_crypt_data_gnu_source],[])
|
||||
fi
|
||||
- ])
|
||||
|
||||
if test "$php_cv_crypt_r_style" = "none"; then
|
||||
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
|
||||
From fc4e31467c352032ee709ac55d3c67bc22abcd8d Mon Sep 17 00:00:00 2001
|
||||
From: Remi Collet <remi@remirepo.net>
|
||||
Date: Fri, 15 Oct 2021 17:11:12 +0200
|
||||
Subject: [PATCH] add --with-external-libcrypt build option display an error
|
||||
message if some algo not available in external libcrypt
|
||||
|
||||
---
|
||||
ext/standard/config.m4 | 21 ++++++++++++++++-----
|
||||
1 file changed, 16 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/ext/standard/config.m4 b/ext/standard/config.m4
|
||||
index 58b9c5e658a4..3ec18be4d7df 100644
|
||||
--- a/ext/standard/config.m4
|
||||
+++ b/ext/standard/config.m4
|
||||
@@ -267,14 +267,25 @@ int main() {
|
||||
])])
|
||||
|
||||
|
||||
+PHP_ARG_WITH([external-libcrypt],
|
||||
+ [for external libcrypt or libxcrypt],
|
||||
+ [AS_HELP_STRING([--with-external-libcrypt],
|
||||
+ [Use external libcrypt or libxcrypt])],
|
||||
+ [no],
|
||||
+ [no])
|
||||
+
|
||||
dnl
|
||||
dnl If one of them is missing, use our own implementation, portable code is then possible
|
||||
dnl
|
||||
-dnl TODO This is currently always enabled
|
||||
-if test "$ac_cv_crypt_blowfish" = "no" || test "$ac_cv_crypt_des" = "no" || test "$ac_cv_crypt_ext_des" = "no" || test "$ac_cv_crypt_md5" = "no" || test "$ac_cv_crypt_sha512" = "no" || test "$ac_cv_crypt_sha256" = "no" || test "$ac_cv_func_crypt_r" != "yes" || true; then
|
||||
- AC_DEFINE_UNQUOTED(PHP_USE_PHP_CRYPT_R, 1, [Whether PHP has to use its own crypt_r for blowfish, des, ext des and md5])
|
||||
-
|
||||
- PHP_ADD_SOURCES(PHP_EXT_DIR(standard), crypt_freesec.c crypt_blowfish.c crypt_sha512.c crypt_sha256.c php_crypt_r.c)
|
||||
+dnl This is currently enabled by default
|
||||
+if test "$ac_cv_crypt_blowfish" = "no" || test "$ac_cv_crypt_des" = "no" || test "$ac_cv_crypt_ext_des" = "no" || test "$ac_cv_crypt_md5" = "no" || test "$ac_cv_crypt_sha512" = "no" || test "$ac_cv_crypt_sha256" = "no" || test "$ac_cv_func_crypt_r" != "yes" || test "$PHP_EXTERNAL_LIBCRYPT" = "no"; then
|
||||
+ if test "$PHP_EXTERNAL_LIBCRYPT" = "no"; then
|
||||
+ AC_DEFINE_UNQUOTED(PHP_USE_PHP_CRYPT_R, 1, [Whether PHP has to use its own crypt_r for blowfish, des, ext des and md5])
|
||||
+
|
||||
+ PHP_ADD_SOURCES(PHP_EXT_DIR(standard), crypt_freesec.c crypt_blowfish.c crypt_sha512.c crypt_sha256.c php_crypt_r.c)
|
||||
+ else
|
||||
+ AC_MSG_ERROR([Cannot use external libcrypt as some algo are missing])
|
||||
+ fi
|
||||
else
|
||||
AC_DEFINE_UNQUOTED(PHP_USE_PHP_CRYPT_R, 0, [Whether PHP has to use its own crypt_r for blowfish, des and ext des])
|
||||
fi
|
@ -1,47 +0,0 @@
|
||||
From eb8fb56b9b91996912bf9f5765963bf1efea025a Mon Sep 17 00:00:00 2001
|
||||
From: Remi Collet <remi@remirepo.net>
|
||||
Date: Thu, 27 May 2021 14:20:07 +0200
|
||||
Subject: [PATCH] Fix snmp build without DES
|
||||
|
||||
---
|
||||
ext/snmp/snmp.c | 16 ++++++++++++++--
|
||||
1 file changed, 14 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/ext/snmp/snmp.c b/ext/snmp/snmp.c
|
||||
index 35d19c8738828..d31995827880d 100644
|
||||
--- a/ext/snmp/snmp.c
|
||||
+++ b/ext/snmp/snmp.c
|
||||
@@ -955,19 +955,31 @@ static int netsnmp_session_set_auth_protocol(struct snmp_session *s, char *prot)
|
||||
Set the security protocol in the snmpv3 session */
|
||||
static int netsnmp_session_set_sec_protocol(struct snmp_session *s, char *prot)
|
||||
{
|
||||
+#ifndef NETSNMP_DISABLE_DES
|
||||
if (!strcasecmp(prot, "DES")) {
|
||||
s->securityPrivProto = usmDESPrivProtocol;
|
||||
s->securityPrivProtoLen = USM_PRIV_PROTO_DES_LEN;
|
||||
+ } else
|
||||
+#endif
|
||||
#ifdef HAVE_AES
|
||||
- } else if (!strcasecmp(prot, "AES128") || !strcasecmp(prot, "AES")) {
|
||||
+ if (!strcasecmp(prot, "AES128") || !strcasecmp(prot, "AES")) {
|
||||
s->securityPrivProto = usmAESPrivProtocol;
|
||||
s->securityPrivProtoLen = USM_PRIV_PROTO_AES_LEN;
|
||||
+ } else
|
||||
#endif
|
||||
- } else {
|
||||
+ {
|
||||
#ifdef HAVE_AES
|
||||
+#ifndef NETSNMP_DISABLE_DES
|
||||
zend_value_error("Security protocol must be one of \"DES\", \"AES128\", or \"AES\"");
|
||||
#else
|
||||
+ zend_value_error("Security protocol must be one of \"AES128\", or \"AES\"");
|
||||
+#endif
|
||||
+#else
|
||||
+#ifndef NETSNMP_DISABLE_DES
|
||||
zend_value_error("Security protocol must be \"DES\"");
|
||||
+#else
|
||||
+ zend_value_error("No security protocol supported");
|
||||
+#endif
|
||||
#endif
|
||||
return (-1);
|
||||
}
|
@ -1,23 +0,0 @@
|
||||
From a7df3564004807b812f189048463d8ad89fb0f21 Mon Sep 17 00:00:00 2001
|
||||
From: Remi Collet <remi@remirepo.net>
|
||||
Date: Tue, 18 May 2021 07:58:49 +0200
|
||||
Subject: [PATCH] minimal fix for openssl 3.0
|
||||
|
||||
---
|
||||
ext/openssl/openssl.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
|
||||
index 340e40a001bb6..0ed4233b21255 100644
|
||||
--- a/ext/openssl/openssl.c
|
||||
+++ b/ext/openssl/openssl.c
|
||||
@@ -1221,7 +1221,9 @@ PHP_MINIT_FUNCTION(openssl)
|
||||
REGISTER_LONG_CONSTANT("OPENSSL_CMS_NOSIGS", CMS_NOSIGS, CONST_CS|CONST_PERSISTENT);
|
||||
|
||||
REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_PADDING", RSA_PKCS1_PADDING, CONST_CS|CONST_PERSISTENT);
|
||||
+#ifdef RSA_SSLV23_PADDING
|
||||
REGISTER_LONG_CONSTANT("OPENSSL_SSLV23_PADDING", RSA_SSLV23_PADDING, CONST_CS|CONST_PERSISTENT);
|
||||
+#endif
|
||||
REGISTER_LONG_CONSTANT("OPENSSL_NO_PADDING", RSA_NO_PADDING, CONST_CS|CONST_PERSISTENT);
|
||||
REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_OAEP_PADDING", RSA_PKCS1_OAEP_PADDING, CONST_CS|CONST_PERSISTENT);
|
||||
|
36
php.spec
36
php.spec
@ -56,13 +56,13 @@
|
||||
%bcond_with imap
|
||||
%bcond_without lmdb
|
||||
|
||||
%global upver 8.0.6
|
||||
%global upver 8.0.12
|
||||
#global rcver RC1
|
||||
|
||||
Summary: PHP scripting language for creating dynamic web sites
|
||||
Name: php
|
||||
Version: %{upver}%{?rcver:~%{rcver}}
|
||||
Release: 9%{?dist}
|
||||
Release: 1%{?dist}
|
||||
# All files licensed under PHP version 3.01, except
|
||||
# Zend is licensed under Zend
|
||||
# TSRM is licensed under BSD
|
||||
@ -104,7 +104,7 @@ Patch9: php-8.0.6-deprecated.patch
|
||||
# Use system nikic/php-parser
|
||||
Patch41: php-8.0.0-parser.patch
|
||||
# use system tzdata
|
||||
Patch42: php-8.0.0-systzdata-v19.patch
|
||||
Patch42: php-8.0.10-systzdata-v20.patch
|
||||
# See http://bugs.php.net/53436
|
||||
Patch43: php-7.4.0-phpize.patch
|
||||
# Use -lldap_r for OpenLDAP
|
||||
@ -112,10 +112,17 @@ Patch45: php-7.4.0-ldap_r.patch
|
||||
# drop "Configure command" from phpinfo output
|
||||
# and only use gcc (instead of full version)
|
||||
Patch47: php-8.0.0-phpinfo.patch
|
||||
# add sha256 / sha512 security protocol, from 8.1
|
||||
Patch48: php-8.0.10-snmp-sha.patch
|
||||
# switch phar to use sha256 signature by default, from 8.1
|
||||
# implement openssl_256 and openssl_512 for phar signatures, from 8.1
|
||||
Patch49: php-8.0.10-phar-sha.patch
|
||||
# compatibility with OpenSSL 3.0, from 8.1
|
||||
Patch50: php-8.0.10-openssl3.patch
|
||||
# use system libxcrypt
|
||||
Patch51: php-8.0.12-crypt.patch
|
||||
|
||||
# Upstream fixes (100+)
|
||||
Patch100: php-openssl3.patch
|
||||
Patch101: php-net-snmp.patch
|
||||
|
||||
# Security fixes (200+)
|
||||
|
||||
@ -710,10 +717,13 @@ in pure PHP.
|
||||
%patch45 -p1 -b .ldap_r
|
||||
%endif
|
||||
%patch47 -p1 -b .phpinfo
|
||||
%patch48 -p1 -b .sha
|
||||
%patch49 -p1 -b .pharsha
|
||||
%patch50 -p1 -b .openssl3
|
||||
rm ext/openssl/tests/p12_with_extra_certs.p12
|
||||
%patch51 -p1 -b .libxcrypt
|
||||
|
||||
# upstream patches
|
||||
%patch100 -p1 -b .openssl3
|
||||
%patch101 -p1 -b .nodes
|
||||
|
||||
# security patches
|
||||
|
||||
@ -869,6 +879,7 @@ ln -sf ../configure
|
||||
--with-openssl \
|
||||
--with-system-ciphers \
|
||||
--with-external-pcre \
|
||||
--with-external-libcrypt \
|
||||
%ifarch s390 s390x sparc64 sparcv9 riscv64
|
||||
--without-pcre-jit \
|
||||
%endif
|
||||
@ -1525,6 +1536,17 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
|
||||
|
||||
|
||||
%changelog
|
||||
* Tue Oct 26 2021 Remi Collet <rcollet@redhat.com> - 8.0.12-1
|
||||
- rebase to 8.0.12 #2017111 #1981423
|
||||
- build using system libxcrypt #2015903
|
||||
|
||||
* Tue Sep 14 2021 Remi Collet <rcollet@redhat.com> - 8.0.10-1
|
||||
- rebase to 8.0.10 #1992513
|
||||
- compatibility with OpenSSL 3.0 #1992492
|
||||
- snmp: add sha256 / sha512 security protocol #1936635
|
||||
- phar: implement openssl_256 and openssl_512 for phar signatures
|
||||
- phar: use sha256 signature by default
|
||||
|
||||
* Thu Aug 19 2021 DJ Delorie <dj@redhat.com> - 8.0.6-9
|
||||
- Rebuilt for libffi 3.4.2 SONAME transition.
|
||||
Related: rhbz#1891914
|
||||
|
4
sources
4
sources
@ -1,2 +1,2 @@
|
||||
SHA512 (php-8.0.6.tar.xz) = 4915b9b5024ce1fb7bc3ba7c1a00831841bc970ebb68b6b1e6a00cbec4d8dcbbca3ca043882ffd9c4719a988d08275f77f9cee07ff3d45a71402dfc51bd31e04
|
||||
SHA512 (php-8.0.6.tar.xz.asc) = cf4e2e826fb85a823df2d9437585cb1ed91096d4b403d9f4df6cccaaffe921a6116e24b0b80f583222562d00c21563c580cad30d146d6e2b2c1077f28913fd88
|
||||
SHA512 (php-8.0.12.tar.xz) = 927b15c4443f3741a5325ec7bf387987b405cd5e64e40fd81f1945bf073adda30eeede8e1f98185f505cb61f969cf1abe05b8dad57a3c4e87971e8037bb16b23
|
||||
SHA512 (php-8.0.12.tar.xz.asc) = 90c8a179651ad530c8cb162a3d7f08472dd82a8c1b667b2df6ad0fd7c1cc1b97f18f8e13cae62d1176b36d579a1bd0646957631612a3ca11658d37c0dc6ff70b
|
||||
|
Loading…
Reference in New Issue
Block a user