From d866490dfbe197ab7750182c3d19ddeca2c6a796 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Fri, 10 Apr 2015 08:00:05 +0200 Subject: [PATCH] add upstream patch to drop SSLv3 tests --- php-5.6.8-openssltests.patch | 112 +++++++++++++++++++++++++++++++++++ php.spec | 8 ++- 2 files changed, 119 insertions(+), 1 deletion(-) create mode 100644 php-5.6.8-openssltests.patch diff --git a/php-5.6.8-openssltests.patch b/php-5.6.8-openssltests.patch new file mode 100644 index 0000000..a989ac7 --- /dev/null +++ b/php-5.6.8-openssltests.patch @@ -0,0 +1,112 @@ +From 32484e3f5fc04f127199399a0ee52594912fa66a Mon Sep 17 00:00:00 2001 +From: Rasmus Lerdorf +Date: Wed, 8 Apr 2015 09:55:55 -0700 +Subject: [PATCH] Remove SSLv3 test dependencies SSLv3 is going away. Debian8 + already ships with an openssl with no SSLv3 support which was causing these + tests to fail. + +--- + ext/openssl/tests/session_meta_capture.phpt | 6 ------ + ext/openssl/tests/stream_crypto_flags_001.phpt | 4 ---- + ext/openssl/tests/stream_crypto_flags_003.phpt | 6 +----- + ext/openssl/tests/streams_crypto_method.phpt | 3 ++- + 4 files changed, 3 insertions(+), 16 deletions(-) + +diff --git a/ext/openssl/tests/session_meta_capture.phpt b/ext/openssl/tests/session_meta_capture.phpt +index f1f9610..a09d7e8 100644 +--- a/ext/openssl/tests/session_meta_capture.phpt ++++ b/ext/openssl/tests/session_meta_capture.phpt +@@ -35,11 +35,6 @@ + + phpt_wait(); + +- stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_SSLv3_CLIENT); +- stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx); +- $meta = stream_context_get_options($clientCtx)['ssl']['session_meta']; +- var_dump($meta['protocol']); +- + stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT); + stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx); + $meta = stream_context_get_options($clientCtx)['ssl']['session_meta']; +@@ -59,7 +54,6 @@ CODE; + include 'ServerClientTestCase.inc'; + ServerClientTestCase::getInstance()->run($clientCode, $serverCode); + --EXPECTF-- +-string(5) "SSLv3" + string(5) "TLSv1" + string(7) "TLSv1.1" + string(7) "TLSv1.2" +diff --git a/ext/openssl/tests/stream_crypto_flags_001.phpt b/ext/openssl/tests/stream_crypto_flags_001.phpt +index f988886..1ba9309 100644 +--- a/ext/openssl/tests/stream_crypto_flags_001.phpt ++++ b/ext/openssl/tests/stream_crypto_flags_001.phpt +@@ -32,9 +32,6 @@ $clientCode = <<<'CODE' + + phpt_wait(); + +- stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_SSLv3_CLIENT); +- var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); +- + stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT); + var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); + +@@ -47,4 +44,3 @@ ServerClientTestCase::getInstance()->run($clientCode, $serverCode); + --EXPECTF-- + resource(%d) of type (stream) + resource(%d) of type (stream) +-resource(%d) of type (stream) +diff --git a/ext/openssl/tests/stream_crypto_flags_003.phpt b/ext/openssl/tests/stream_crypto_flags_003.phpt +index 30ca7a7..28cb640 100644 +--- a/ext/openssl/tests/stream_crypto_flags_003.phpt ++++ b/ext/openssl/tests/stream_crypto_flags_003.phpt +@@ -13,7 +13,7 @@ $serverCode = <<<'CODE' + $serverCtx = stream_context_create(['ssl' => [ + 'local_cert' => __DIR__ . '/bug54992.pem', + +- // Only accept SSLv3 and TLSv1.2 connections ++ // Only accept TLSv1.2 connections + 'crypto_method' => STREAM_CRYPTO_METHOD_SSLv3_SERVER | STREAM_CRYPTO_METHOD_TLSv1_2_SERVER, + ]]); + +@@ -40,9 +40,6 @@ $clientCode = <<<'CODE' + stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT); + var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); + +- stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_SSLv3_CLIENT); +- var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); +- + stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT); + var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); + +@@ -54,7 +51,6 @@ include 'ServerClientTestCase.inc'; + ServerClientTestCase::getInstance()->run($clientCode, $serverCode); + --EXPECTF-- + resource(%d) of type (stream) +-resource(%d) of type (stream) + bool(false) + bool(false) + +diff --git a/ext/openssl/tests/streams_crypto_method.phpt b/ext/openssl/tests/streams_crypto_method.phpt +index 84f7934..f8ec864 100644 +--- a/ext/openssl/tests/streams_crypto_method.phpt ++++ b/ext/openssl/tests/streams_crypto_method.phpt +@@ -4,6 +4,7 @@ Specific crypto method for ssl:// transports. + [ +- 'crypto_method' => STREAM_CRYPTO_METHOD_SSLv3_CLIENT, ++ 'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT, + 'verify_peer' => false, + 'verify_peer_name' => false + ]]); +-- +2.1.4 + diff --git a/php.spec b/php.spec index fbe5063..256ccc0 100644 --- a/php.spec +++ b/php.spec @@ -58,7 +58,7 @@ %endif %global rcver RC1 -%global rpmrel 2 +%global rpmrel 3 Summary: PHP scripting language for creating dynamic web sites Name: php @@ -124,6 +124,8 @@ Patch47: php-5.6.3-phpinfo.patch # Fixes for tests (300+) # Factory is droped from system tzdata Patch300: php-5.6.3-datetests.patch +# Backported from 7.0 +Patch302: php-5.6.8-openssltests.patch BuildRequires: bzip2-devel, curl-devel >= 7.9 @@ -726,6 +728,7 @@ httpd -V | grep -q 'threaded:.*yes' && exit 1 # Fixes for tests %patch300 -p1 -b .datetests +%patch302 -p1 -b .sslv3 # Prevent %%doc confusion over LICENSE files @@ -1478,6 +1481,9 @@ rm -f README.{Zeus,QNX,CVS-RULES} %changelog +* Fri Apr 10 2015 Remi Collet 5.6.8-0.3.RC1 +- add upstream patch to drop SSLv3 tests + * Mon Apr 6 2015 Tom Callaway - 5.6.8-0.2.RC1 - rebuild for libvpx 1.4.0