diff options
-rw-r--r-- | failed.txt | 16 | ||||
-rw-r--r-- | php-8.0.21-openssl3.patch | 36 | ||||
-rw-r--r-- | php80.spec | 10 |
3 files changed, 53 insertions, 9 deletions
@@ -1,20 +1,24 @@ -===== 8.0.30-6 (2024-06-06) +===== 8.0.30-8 (2024-08-26) $ grep -ar 'Tests failed' /var/lib/mock/*/build.log -/var/lib/mock/el7x80/build.log:Tests failed : 0 -/var/lib/mock/el8a80/build.log:Tests failed : 0 -/var/lib/mock/el8x80/build.log:Tests failed : 0 +/var/lib/mock/el8a80/build.log:Tests failed : 3 +/var/lib/mock/el8x80/build.log:Tests failed : 3 /var/lib/mock/el9a80/build.log:Tests failed : 2 /var/lib/mock/el9x80/build.log:Tests failed : 2 -/var/lib/mock/fc38x80/build.log:Tests failed : 2 /var/lib/mock/fc39a80/build.log:Tests failed : 2 /var/lib/mock/fc39x80/build.log:Tests failed : 2 /var/lib/mock/fc40a80/build.log:Tests failed : 3 /var/lib/mock/fc40x80/build.log:Tests failed : 3 +/var/lib/mock/fc41a80/build.log:Tests failed : 3 +/var/lib/mock/fc41x80/build.log:Tests failed : 3 -fc38, fc39, el9: +el8 + 3 openssl_error_string() tests [ext/openssl/tests/openssl_error_string_basic.phpt] + 3 openssl_open() tests [ext/openssl/tests/openssl_open_basic.phpt] + 3 openssl_private_decrypt() tests [ext/openssl/tests/openssl_private_decrypt_basic.phpt] +fc39, fc40, fc41, el9: 3 openssl_error_string() tests (OpenSSL >= 3.0) [ext/openssl/tests/openssl_error_string_basic_openssl3.phpt] 3 openssl_private_decrypt() tests [ext/openssl/tests/openssl_private_decrypt_basic.phpt] fc40: diff --git a/php-8.0.21-openssl3.patch b/php-8.0.21-openssl3.patch index 74de0a5..972e2f7 100644 --- a/php-8.0.21-openssl3.patch +++ b/php-8.0.21-openssl3.patch @@ -4756,3 +4756,39 @@ index b119346fe1..d435a53e30 100644 -- 2.43.0 +From 74f75db0c3665677ec006cd379fd561feacffdc6 Mon Sep 17 00:00:00 2001 +From: Jakub Zelenka <bukka@php.net> +Date: Sun, 15 May 2022 13:49:17 +0100 +Subject: [PATCH] Fix bug #79589: ssl3_read_n:unexpected eof while reading + +The unexpected EOF failure was introduced in OpenSSL 3.0 to prevent +truncation attack. However there are many non complaint servers and +it is causing break for many users including potential majority +of those where the truncation attack is not applicable. For that reason +we try to keep behavior consitent with older OpenSSL versions which is +also the path chosen by some other languages and web servers. + +Closes GH-8369 +--- + NEWS | 4 ++++ + ext/openssl/tests/bug79589.phpt | 21 +++++++++++++++++++++ + ext/openssl/xp_ssl.c | 5 +++++ + 3 files changed, 30 insertions(+) + create mode 100644 ext/openssl/tests/bug79589.phpt + +diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c +index 918b3ca5b21df..ce23fb29f4296 100644 +--- a/ext/openssl/xp_ssl.c ++++ b/ext/openssl/xp_ssl.c +@@ -1649,6 +1649,11 @@ int php_openssl_setup_crypto(php_stream *stream, + + ssl_ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; + ++#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF ++ /* Only for OpenSSL 3+ to keep OpenSSL 1.1.1 behavior */ ++ ssl_ctx_options |= SSL_OP_IGNORE_UNEXPECTED_EOF; ++#endif ++ + if (!GET_VER_OPT("disable_compression") || zend_is_true(val)) { + ssl_ctx_options |= SSL_OP_NO_COMPRESSION; + } @@ -25,10 +25,10 @@ %global mysql_sock %(mysql_config --socket 2>/dev/null || echo /var/lib/mysql/mysql.sock) %ifarch aarch64 -%global oraclever 19.23 +%global oraclever 19.24 %global oraclemax 20 %global oraclelib 19.1 -%global oracledir 19.23 +%global oracledir 19.24 %else %global oraclever 23.5 %global oraclemax 24 @@ -120,7 +120,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: php Version: %{upver}%{?rcver:~%{rcver}} -Release: 7%{?dist} +Release: 8%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -2230,6 +2230,10 @@ EOF %changelog +* Wed Jul 31 2024 Remi Collet <remi@remirepo.net> - 8.0.30-8 +- add backport for https://bugs.php.net/79589 + error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading + * Wed Jul 31 2024 Remi Collet <remi@remirepo.net> - 8.0.30-7 - use oracle client library version 23.5 on x86_64 |