From 415525005d4dbb13c41455c8a47aebbdfa7f3feb Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Mon, 10 Sep 2018 09:05:22 +0200
Subject: test build for upstream patches

---
 be50a72715c141befe6f34ece660745da894aaf3.patch | 37 +++++++++++++++++++++++++
 cd0a37994e3cbf1f0aa1174155d3d662cefe2e7a.patch | 38 ++++++++++++++++++++++++++
 failed.txt                                     |  5 +---
 php.spec                                       |  9 +++++-
 4 files changed, 84 insertions(+), 5 deletions(-)
 create mode 100644 be50a72715c141befe6f34ece660745da894aaf3.patch
 create mode 100644 cd0a37994e3cbf1f0aa1174155d3d662cefe2e7a.patch

diff --git a/be50a72715c141befe6f34ece660745da894aaf3.patch b/be50a72715c141befe6f34ece660745da894aaf3.patch
new file mode 100644
index 0000000..2bcf82d
--- /dev/null
+++ b/be50a72715c141befe6f34ece660745da894aaf3.patch
@@ -0,0 +1,37 @@
+From be50a72715c141befe6f34ece660745da894aaf3 Mon Sep 17 00:00:00 2001
+From: Jakub Zelenka <bukka@php.net>
+Date: Sun, 9 Sep 2018 18:53:37 +0100
+Subject: [PATCH] Fix ssl stream reneg limit test to print only after first
+ renegotiation
+
+It has been reported that in some setup the test does multiple
+renegotiations which is allowed.
+---
+ ext/openssl/tests/stream_server_reneg_limit.phpt | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/ext/openssl/tests/stream_server_reneg_limit.phpt b/ext/openssl/tests/stream_server_reneg_limit.phpt
+index f0353351a23a..f033cbabe343 100644
+--- a/ext/openssl/tests/stream_server_reneg_limit.phpt
++++ b/ext/openssl/tests/stream_server_reneg_limit.phpt
+@@ -22,14 +22,18 @@ if(substr(PHP_OS, 0, 3) == 'WIN') {
+  */
+ 
+ $serverCode = <<<'CODE'
++    $printed = false;
+     $serverUri = "ssl://127.0.0.1:64321";
+     $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
+     $serverCtx = stream_context_create(['ssl' => [
+         'local_cert' => __DIR__ . '/bug54992.pem',
+         'reneg_limit' => 0,
+         'reneg_window' => 30,
+-        'reneg_limit_callback' => function($stream) {
+-            var_dump($stream);
++        'reneg_limit_callback' => function($stream) use (&$printed) {
++            if (!$printed) {
++                $printed = true;
++                var_dump($stream);
++            }
+         }
+     ]]);
+ 
diff --git a/cd0a37994e3cbf1f0aa1174155d3d662cefe2e7a.patch b/cd0a37994e3cbf1f0aa1174155d3d662cefe2e7a.patch
new file mode 100644
index 0000000..0cb89c8
--- /dev/null
+++ b/cd0a37994e3cbf1f0aa1174155d3d662cefe2e7a.patch
@@ -0,0 +1,38 @@
+From cd0a37994e3cbf1f0aa1174155d3d662cefe2e7a Mon Sep 17 00:00:00 2001
+From: Jakub Zelenka <bukka@php.net>
+Date: Sun, 2 Sep 2018 20:00:08 +0100
+Subject: [PATCH] Fix stream_security_level.phpt with OpenSSL 1.1.1
+
+---
+ ext/openssl/tests/stream_security_level.phpt | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/ext/openssl/tests/stream_security_level.phpt b/ext/openssl/tests/stream_security_level.phpt
+index fb1d36a58624..26fedcf670e9 100644
+--- a/ext/openssl/tests/stream_security_level.phpt
++++ b/ext/openssl/tests/stream_security_level.phpt
+@@ -5,6 +5,7 @@ security_level setting to prohibit cert
+ if (!extension_loaded("openssl")) die("skip openssl not loaded");
+ if (OPENSSL_VERSION_NUMBER < 0x10100000) die("skip OpenSSL >= v1.1.0 required");
+ if (!function_exists("proc_open")) die("skip no proc_open");
++?>
+ --FILE--
+ <?php
+ $serverCode = <<<'CODE'
+@@ -24,7 +25,7 @@ $clientCode = <<<'CODE'
+ 	$serverUri = "ssl://127.0.0.1:64322";
+ 	$clientFlags = STREAM_CLIENT_CONNECT;
+ 	$clientCtx = stream_context_create(['ssl' => [
+-		'security_level' => 3,
++		'security_level' => 2,
+ 		'verify_peer' => true,
+ 		'cafile' => __DIR__ . '/bug54992-ca.pem',
+ 		'verify_peer_name' => false
+@@ -38,6 +39,7 @@ CODE;
+ 
+ include 'ServerClientTestCase.inc';
+ ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
++?>
+ --EXPECTF--
+ Warning: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:
+ error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in %s : eval()'d code on line %d
diff --git a/failed.txt b/failed.txt
index f64297f..caa8a89 100644
--- a/failed.txt
+++ b/failed.txt
@@ -8,12 +8,9 @@ $ grep -r 'Tests failed' /var/lib/mock/scl72*/build.log
 /var/lib/mock/scl72fc26x/build.log:Tests failed    :    0
 /var/lib/mock/scl72fc27x/build.log:Tests failed    :    0
 /var/lib/mock/scl72fc28x/build.log:Tests failed    :    0
-/var/lib/mock/scl72fc29x/build.log:Tests failed    :    2
+/var/lib/mock/scl72fc29x/build.log:Tests failed    :    0
 
 
-fc29x
-		security_level setting to prohibit cert [ext/openssl/tests/stream_security_level.phpt]
-		TLS server rate-limits client-initiated renegotiation [ext/openssl/tests/stream_server_reneg_limit.phpt]
 
 
 (1)	proc_open give erratic test results :(
diff --git a/php.spec b/php.spec
index 5876a36..c0beef9 100644
--- a/php.spec
+++ b/php.spec
@@ -130,7 +130,7 @@
 Summary: PHP scripting language for creating dynamic web sites
 Name: %{?scl_prefix}php
 Version: %{upver}%{?rcver:~%{rcver}}
-Release: 1%{?dist}
+Release: 2%{?dist}
 # All files licensed under PHP version 3.01, except
 # Zend is licensed under Zend
 # TSRM is licensed under BSD
@@ -185,6 +185,8 @@ Patch48: php-7.2.8-getallheaders.patch
 Patch91: php-7.2.0-oci8conf.patch
 
 # Upstream fixes (100+)
+Patch100: https://github.com/php/php-src/commit/cd0a37994e3cbf1f0aa1174155d3d662cefe2e7a.patch
+Patch101: https://github.com/php/php-src/commit/be50a72715c141befe6f34ece660745da894aaf3.patch
 
 # Security fixes (200+)
 
@@ -928,6 +930,8 @@ low-level PHP extension for the libsodium cryptographic library.
 %patch91 -p1 -b .remi-oci8
 
 # upstream patches
+%patch100 -p1 -b .up1
+%patch101 -p1 -b .up2
 
 # security patches
 
@@ -1868,6 +1872,9 @@ fi
 
 
 %changelog
+* Mon Sep 10 2018 Remi Collet <remi@remirepo.net> - 7.2.10~RC1-2
+- test build for upstream patches
+
 * Tue Aug 28 2018 Remi Collet <remi@remirepo.net> - 7.2.10~RC1-1
 - update to 7.2.10RC1
 
-- 
cgit