From 36f55ae51948d1c616d4f86e8f1b801704f8e9ad Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Fri, 10 Apr 2015 08:02:53 +0200 Subject: PHP 5.6: add upstream patch to drop SSLv3 tests --- php-5.6.8-openssltests.patch | 112 +++++++++++++++++++++++++++++++++++++++++++ php56.spec | 8 +++- 2 files changed, 119 insertions(+), 1 deletion(-) create mode 100644 php-5.6.8-openssltests.patch diff --git a/php-5.6.8-openssltests.patch b/php-5.6.8-openssltests.patch new file mode 100644 index 0000000..a989ac7 --- /dev/null +++ b/php-5.6.8-openssltests.patch @@ -0,0 +1,112 @@ +From 32484e3f5fc04f127199399a0ee52594912fa66a Mon Sep 17 00:00:00 2001 +From: Rasmus Lerdorf +Date: Wed, 8 Apr 2015 09:55:55 -0700 +Subject: [PATCH] Remove SSLv3 test dependencies SSLv3 is going away. Debian8 + already ships with an openssl with no SSLv3 support which was causing these + tests to fail. + +--- + ext/openssl/tests/session_meta_capture.phpt | 6 ------ + ext/openssl/tests/stream_crypto_flags_001.phpt | 4 ---- + ext/openssl/tests/stream_crypto_flags_003.phpt | 6 +----- + ext/openssl/tests/streams_crypto_method.phpt | 3 ++- + 4 files changed, 3 insertions(+), 16 deletions(-) + +diff --git a/ext/openssl/tests/session_meta_capture.phpt b/ext/openssl/tests/session_meta_capture.phpt +index f1f9610..a09d7e8 100644 +--- a/ext/openssl/tests/session_meta_capture.phpt ++++ b/ext/openssl/tests/session_meta_capture.phpt +@@ -35,11 +35,6 @@ + + phpt_wait(); + +- stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_SSLv3_CLIENT); +- stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx); +- $meta = stream_context_get_options($clientCtx)['ssl']['session_meta']; +- var_dump($meta['protocol']); +- + stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT); + stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx); + $meta = stream_context_get_options($clientCtx)['ssl']['session_meta']; +@@ -59,7 +54,6 @@ CODE; + include 'ServerClientTestCase.inc'; + ServerClientTestCase::getInstance()->run($clientCode, $serverCode); + --EXPECTF-- +-string(5) "SSLv3" + string(5) "TLSv1" + string(7) "TLSv1.1" + string(7) "TLSv1.2" +diff --git a/ext/openssl/tests/stream_crypto_flags_001.phpt b/ext/openssl/tests/stream_crypto_flags_001.phpt +index f988886..1ba9309 100644 +--- a/ext/openssl/tests/stream_crypto_flags_001.phpt ++++ b/ext/openssl/tests/stream_crypto_flags_001.phpt +@@ -32,9 +32,6 @@ $clientCode = <<<'CODE' + + phpt_wait(); + +- stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_SSLv3_CLIENT); +- var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); +- + stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT); + var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); + +@@ -47,4 +44,3 @@ ServerClientTestCase::getInstance()->run($clientCode, $serverCode); + --EXPECTF-- + resource(%d) of type (stream) + resource(%d) of type (stream) +-resource(%d) of type (stream) +diff --git a/ext/openssl/tests/stream_crypto_flags_003.phpt b/ext/openssl/tests/stream_crypto_flags_003.phpt +index 30ca7a7..28cb640 100644 +--- a/ext/openssl/tests/stream_crypto_flags_003.phpt ++++ b/ext/openssl/tests/stream_crypto_flags_003.phpt +@@ -13,7 +13,7 @@ $serverCode = <<<'CODE' + $serverCtx = stream_context_create(['ssl' => [ + 'local_cert' => __DIR__ . '/bug54992.pem', + +- // Only accept SSLv3 and TLSv1.2 connections ++ // Only accept TLSv1.2 connections + 'crypto_method' => STREAM_CRYPTO_METHOD_SSLv3_SERVER | STREAM_CRYPTO_METHOD_TLSv1_2_SERVER, + ]]); + +@@ -40,9 +40,6 @@ $clientCode = <<<'CODE' + stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT); + var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); + +- stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_SSLv3_CLIENT); +- var_dump(stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); +- + stream_context_set_option($clientCtx, 'ssl', 'crypto_method', STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT); + var_dump(@stream_socket_client($serverUri, $errno, $errstr, 1, $clientFlags, $clientCtx)); + +@@ -54,7 +51,6 @@ include 'ServerClientTestCase.inc'; + ServerClientTestCase::getInstance()->run($clientCode, $serverCode); + --EXPECTF-- + resource(%d) of type (stream) +-resource(%d) of type (stream) + bool(false) + bool(false) + +diff --git a/ext/openssl/tests/streams_crypto_method.phpt b/ext/openssl/tests/streams_crypto_method.phpt +index 84f7934..f8ec864 100644 +--- a/ext/openssl/tests/streams_crypto_method.phpt ++++ b/ext/openssl/tests/streams_crypto_method.phpt +@@ -4,6 +4,7 @@ Specific crypto method for ssl:// transports. + [ +- 'crypto_method' => STREAM_CRYPTO_METHOD_SSLv3_CLIENT, ++ 'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT, + 'verify_peer' => false, + 'verify_peer_name' => false + ]]); +-- +2.1.4 + diff --git a/php56.spec b/php56.spec index 7cd886c..66d509f 100644 --- a/php56.spec +++ b/php56.spec @@ -135,7 +135,7 @@ Version: 5.6.7 %if 0%{?snapdate:1}%{?rcver:1} Release: 0.1.%{?snapdate}%{?rcver}%{?dist} %else -Release: 1%{?dist} +Release: 2%{?dist} %endif # All files licensed under PHP version 3.01, except # Zend is licensed under Zend @@ -205,6 +205,8 @@ Patch91: php-5.6.3-oci8conf.patch Patch300: php-5.6.3-datetests.patch # Revert changes for pcre < 8.34 Patch301: php-5.6.0-oldpcre.patch +# Backported from 7.0 +Patch302: php-5.6.8-openssltests.patch # WIP @@ -969,6 +971,7 @@ rm -rf ext/json %patch301 -p1 -b .pcre834 %endif %endif +%patch302 -p1 -b .sslv3 # WIP patch @@ -1952,6 +1955,9 @@ fi %changelog +* Fri Apr 10 2015 Remi Collet 5.6.7-2 +- add upstream patch to drop SSLv3 tests + * Thu Mar 19 2015 Remi Collet 5.6.7-1 - Update to 5.6.7 http://www.php.net/releases/5_6_7.php -- cgit