diff options
-rw-r--r-- | Makefile | 2 | ||||
-rw-r--r-- | php-5.2.0-includedir.patch | 2 | ||||
-rw-r--r-- | php-bug68074.patch | 60 | ||||
-rw-r--r-- | php.ini | 3 | ||||
-rw-r--r-- | php.spec | 14 |
5 files changed, 76 insertions, 5 deletions
@@ -1,6 +1,6 @@ SRCDIR := $(shell pwd) NAME := $(shell basename $(SRCDIR)) -include ../../../common/Makefile +include ../../common/Makefile srpm: rpmbuild $(RPMDEFINES) $(SRCDEFINES) --define 'scl php56' -bs $(NAME).spec diff --git a/php-5.2.0-includedir.patch b/php-5.2.0-includedir.patch index a1c3afe..ac4ae4a 100644 --- a/php-5.2.0-includedir.patch +++ b/php-5.2.0-includedir.patch @@ -5,7 +5,7 @@ EXPANDED_PHP_CONFIG_FILE_PATH=`eval echo "$PHP_CONFIG_FILE_PATH"` EXPANDED_PHP_CONFIG_FILE_SCAN_DIR=`eval echo "$PHP_CONFIG_FILE_SCAN_DIR"` -INCLUDE_PATH=.:$EXPANDED_PEAR_INSTALLDIR -+INCLUDE_PATH=.:$EXPANDED_PEAR_INSTALLDIR:${EXPANDED_DATADIR}/php ++INCLUDE_PATH=.:$EXPANDED_PEAR_INSTALLDIR:${EXPANDED_DATADIR}/php:/usr/share/pear:/usr/share/php exec_prefix=$old_exec_prefix libdir=$old_libdir diff --git a/php-bug68074.patch b/php-bug68074.patch new file mode 100644 index 0000000..04451c1 --- /dev/null +++ b/php-bug68074.patch @@ -0,0 +1,60 @@ +From 0d776ef87b7b0c1e970c424cc5dcdf4cd6f500ac Mon Sep 17 00:00:00 2001 +From: Remi Collet <remi@php.net> +Date: Wed, 24 Sep 2014 10:34:55 +0200 +Subject: [PATCH] Fix bug #68074 Allow to use system cipher list instead of + hardcoded value + +--- + ext/openssl/config0.m4 | 6 ++++++ + ext/openssl/xp_ssl.c | 9 ++++++--- + 2 files changed, 12 insertions(+), 3 deletions(-) + +diff --git a/ext/openssl/config0.m4 b/ext/openssl/config0.m4 +index a97114f..701e488 100644 +--- a/ext/openssl/config0.m4 ++++ b/ext/openssl/config0.m4 +@@ -8,6 +8,9 @@ PHP_ARG_WITH(openssl, for OpenSSL support, + PHP_ARG_WITH(kerberos, for Kerberos support, + [ --with-kerberos[=DIR] OPENSSL: Include Kerberos support], no, no) + ++PHP_ARG_WITH(system-ciphers, whether to use system default cipher list instead of hardcoded value, ++[ --with-system-ciphers OPENSSL: Use system default cipher list instead of hardcoded value], no, no) ++ + if test "$PHP_OPENSSL" != "no"; then + PHP_NEW_EXTENSION(openssl, openssl.c xp_ssl.c, $ext_shared) + PHP_SUBST(OPENSSL_SHARED_LIBADD) +@@ -25,4 +28,7 @@ if test "$PHP_OPENSSL" != "no"; then + ], [ + AC_MSG_ERROR([OpenSSL check failed. Please check config.log for more information.]) + ]) ++ if test "$PHP_SYSTEM_CIPHERS" != "no"; then ++ AC_DEFINE(USE_OPENSSL_SYSTEM_CIPHERS,1,[ Use system default cipher list instead of hardcoded value ]) ++ fi + fi +diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c +index de9e991..2f81dc7 100644 +--- a/ext/openssl/xp_ssl.c ++++ b/ext/openssl/xp_ssl.c +@@ -1476,13 +1476,16 @@ int php_openssl_setup_crypto(php_stream *stream, + } + + GET_VER_OPT_STRING("ciphers", cipherlist); ++#ifndef USE_OPENSSL_SYSTEM_CIPHERS + if (!cipherlist) { + cipherlist = OPENSSL_DEFAULT_STREAM_CIPHERS; + } +- if (SSL_CTX_set_cipher_list(sslsock->ctx, cipherlist) != 1) { +- return FAILURE; ++#endif ++ if (cipherlist) { ++ if (SSL_CTX_set_cipher_list(sslsock->ctx, cipherlist) != 1) { ++ return FAILURE; ++ } + } +- + if (FAILURE == set_local_cert(sslsock->ctx, stream TSRMLS_CC)) { + return FAILURE; + } +-- +2.1.0 + @@ -1681,6 +1681,7 @@ mssql.secure_connection = Off ; The precedence is: default_charset < output_encoding < mbstring.http_output ; To use an output encoding conversion, mbstring's output handler must be set ; otherwise output encoding conversion cannot be performed. +; http://php.net/mbstring.http-output ;mbstring.http_output = ; enable automatic encoding translation according to @@ -1692,7 +1693,7 @@ mssql.secure_connection = Off ;mbstring.encoding_translation = Off ; automatic encoding detection order. -; "auto" detect order is changed accoding to mbstring.language +; "auto" detect order is changed according to mbstring.language ; http://php.net/mbstring.detect-order ;mbstring.detect_order = auto @@ -126,8 +126,8 @@ Summary: PHP scripting language for creating dynamic web sites Name: %{?scl_prefix}php -Version: 5.6.0 -Release: 1%{?dist}.1 +Version: 5.6.1 +Release: 1%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -177,6 +177,7 @@ Patch47: php-5.4.9-phpinfo.patch Patch91: php-5.3.7-oci8conf.patch # Upstream fixes (100+) +Patch100: php-bug68074.patch # Security fixes (200+) @@ -852,6 +853,7 @@ support for using the enchant library to PHP. %patch91 -p1 -b .remi-oci8 # upstream patches +%patch100 -p1 -b .bug68074 # security patches @@ -1044,6 +1046,7 @@ ln -sf ../configure --without-gdbm \ --with-jpeg-dir=%{_root_prefix} \ --with-openssl \ + --with-system-ciphers \ %if %{with_libpcre} --with-pcre-regex=%{_root_prefix} \ %endif @@ -1715,6 +1718,13 @@ fi %changelog +* Fri Oct 3 2014 Remi Collet <remi@fedoraproject.org> 5.6.1-1 +- Update to PHP 5.6.1 + http://php.net/releases/5_6_1.php +- use default system cipher list by Fedora policy + http://fedoraproject.org/wiki/Changes/CryptoPolicy +- add system php library to default include_path + * Fri Aug 29 2014 Remi Collet <remi@fedoraproject.org> 5.6.0-1.1 - enable libvpx on EL 6 (with libvpx 1.3.0) - add php56-phpdbg command in base system |