rpms/php
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Update to PHP 5.6.1 http://php.net/releases/5_6_1.php

Browse Source 
- use default system cipher list by Fedora policy http://fedoraproject.org/wiki/Changes/CryptoPolicy
This commit is contained in:
Remi Collet 2014-10-03 08:54:02 +02:00
parent 48afca509a
commit 9dcbaa9e68
5 changed files with 76 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -31,3 +31,4 @@ php-5.5.*.xz
/php-5.6.0RC4-strip.tar.xz /php-5.6.0RC4-strip.tar.xz
/php-5.6.0-strip.tar.xz /php-5.6.0-strip.tar.xz
/php-5.6.1RC1-strip.tar.xz /php-5.6.1RC1-strip.tar.xz
/php-5.6.1-strip.tar.xz

60
php-bug68074.patch Normal file
View File

@ -0,0 +1,60 @@
From 0d776ef87b7b0c1e970c424cc5dcdf4cd6f500ac Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@php.net>
Date: Wed, 24 Sep 2014 10:34:55 +0200
Subject: [PATCH] Fix bug #68074 Allow to use system cipher list instead of
hardcoded value
---
ext/openssl/config0.m4 | 6 ++++++
ext/openssl/xp_ssl.c | 9 ++++++---
2 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/ext/openssl/config0.m4 b/ext/openssl/config0.m4
index a97114f..701e488 100644
--- a/ext/openssl/config0.m4
+++ b/ext/openssl/config0.m4
@@ -8,6 +8,9 @@ PHP_ARG_WITH(openssl, for OpenSSL support,
PHP_ARG_WITH(kerberos, for Kerberos support,
[ --with-kerberos[=DIR] OPENSSL: Include Kerberos support], no, no)
+PHP_ARG_WITH(system-ciphers, whether to use system default cipher list instead of hardcoded value,
+[ --with-system-ciphers OPENSSL: Use system default cipher list instead of hardcoded value], no, no)
+
if test "$PHP_OPENSSL" != "no"; then
PHP_NEW_EXTENSION(openssl, openssl.c xp_ssl.c, $ext_shared)
PHP_SUBST(OPENSSL_SHARED_LIBADD)
@@ -25,4 +28,7 @@ if test "$PHP_OPENSSL" != "no"; then
], [
AC_MSG_ERROR([OpenSSL check failed. Please check config.log for more information.])
])
+ if test "$PHP_SYSTEM_CIPHERS" != "no"; then
+ AC_DEFINE(USE_OPENSSL_SYSTEM_CIPHERS,1,[ Use system default cipher list instead of hardcoded value ])
+ fi
fi
diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
index de9e991..2f81dc7 100644
--- a/ext/openssl/xp_ssl.c
+++ b/ext/openssl/xp_ssl.c
@@ -1476,13 +1476,16 @@ int php_openssl_setup_crypto(php_stream *stream,
}
GET_VER_OPT_STRING("ciphers", cipherlist);
+#ifndef USE_OPENSSL_SYSTEM_CIPHERS
if (!cipherlist) {
cipherlist = OPENSSL_DEFAULT_STREAM_CIPHERS;
}
- if (SSL_CTX_set_cipher_list(sslsock->ctx, cipherlist) != 1) {
- return FAILURE;
+#endif
+ if (cipherlist) {
+ if (SSL_CTX_set_cipher_list(sslsock->ctx, cipherlist) != 1) {
+ return FAILURE;
+ }
}
-
if (FAILURE == set_local_cert(sslsock->ctx, stream TSRMLS_CC)) {
return FAILURE;
}
--
2.1.0

3
php.ini
View File

@ -1681,6 +1681,7 @@ mssql.secure_connection = Off
; The precedence is: default_charset < output_encoding < mbstring.http_output ; The precedence is: default_charset < output_encoding < mbstring.http_output
; To use an output encoding conversion, mbstring's output handler must be set ; To use an output encoding conversion, mbstring's output handler must be set
; otherwise output encoding conversion cannot be performed. ; otherwise output encoding conversion cannot be performed.
; http://php.net/mbstring.http-output
;mbstring.http_output = ;mbstring.http_output =
; enable automatic encoding translation according to ; enable automatic encoding translation according to
@ -1692,7 +1693,7 @@ mssql.secure_connection = Off
;mbstring.encoding_translation = Off ;mbstring.encoding_translation = Off
; automatic encoding detection order. ; automatic encoding detection order.
; "auto" detect order is changed accoding to mbstring.language ; "auto" detect order is changed according to mbstring.language
; http://php.net/mbstring.detect-order ; http://php.net/mbstring.detect-order
;mbstring.detect_order = auto ;mbstring.detect_order = auto

15
php.spec
View File

@ -57,12 +57,12 @@
%global db_devel libdb-devel %global db_devel libdb-devel
%endif %endif
%global rcver RC1 #global rcver RC1
Summary: PHP scripting language for creating dynamic web sites Summary: PHP scripting language for creating dynamic web sites
Name: php Name: php
Version: 5.6.1 Version: 5.6.1
Release: 0.2.RC1%{?dist} Release: 1%{?dist}
# All files licensed under PHP version 3.01, except # All files licensed under PHP version 3.01, except
# Zend is licensed under Zend # Zend is licensed under Zend
# TSRM is licensed under BSD # TSRM is licensed under BSD
@ -114,6 +114,7 @@ Patch46: php-5.4.9-fixheader.patch
Patch47: php-5.4.9-phpinfo.patch Patch47: php-5.4.9-phpinfo.patch
# Upstream fixes (100+) # Upstream fixes (100+)
Patch100: php-bug68074.patch
# Security fixes (200+) # Security fixes (200+)
@ -718,6 +719,7 @@ httpd -V | grep -q 'threaded:.*yes' && exit 1
%patch47 -p1 -b .phpinfo %patch47 -p1 -b .phpinfo
# upstream patches # upstream patches
%patch100 -p1 -b .bug68074
# security patches # security patches
@ -878,6 +880,7 @@ ln -sf ../configure
--without-gdbm \ --without-gdbm \
--with-jpeg-dir=%{_prefix} \ --with-jpeg-dir=%{_prefix} \
--with-openssl \ --with-openssl \
--with-system-ciphers \
--with-pcre-regex=%{_prefix} \ --with-pcre-regex=%{_prefix} \
--with-zlib \ --with-zlib \
--with-layout=GNU \ --with-layout=GNU \
@ -1481,7 +1484,13 @@ rm -f README.{Zeus,QNX,CVS-RULES}
%changelog %changelog
* Tue Sep 24 2014 Remi Collet <rcollet@redhat.com> 5.6.1-0.2.RC1 * Fri Oct 3 2014 Remi Collet <remi@fedoraproject.org> 5.6.1-1
- Update to PHP 5.6.1
http://php.net/releases/5_6_1.php
- use default system cipher list by Fedora policy
http://fedoraproject.org/wiki/Changes/CryptoPolicy
* Wed Sep 24 2014 Remi Collet <rcollet@redhat.com> 5.6.1-0.2.RC1
- provides nginx configuration (see #1142298) - provides nginx configuration (see #1142298)
* Sat Sep 13 2014 Remi Collet <rcollet@redhat.com> 5.6.1-0.1.RC1 * Sat Sep 13 2014 Remi Collet <rcollet@redhat.com> 5.6.1-0.1.RC1

2
sources
View File

@ -1 +1 @@
3b485b7b9844588ca54548b27ed874fc php-5.6.1RC1-strip.tar.xz 2827aeded7a1428819e0612a0eea940e php-5.6.1-strip.tar.xz