From 8c66b747d1938d5fa20a6e4da73df62661b3289d Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Tue, 19 Mar 2019 18:51:19 +0100 Subject: v7.2.17RC1 --- failed.txt | 10 ++++------ php-openssl111.patch | 29 ----------------------------- php.ini | 28 ++++++++++++++++++++++++---- php.spec | 11 ++++++----- 4 files changed, 34 insertions(+), 44 deletions(-) delete mode 100644 php-openssl111.patch diff --git a/failed.txt b/failed.txt index 0891bd9..621d74b 100644 --- a/failed.txt +++ b/failed.txt @@ -1,18 +1,16 @@ -===== 7.2.16 (2019-03-07) +===== 7.2.17RC1 (2019-03-21) -$ grep -r 'Tests failed' /var/lib/mock/scl72*/build.log +$ grep -ar 'Tests failed' /var/lib/mock/scl72*/build.log /var/lib/mock/scl72el6x/build.log:Tests failed : 0 /var/lib/mock/scl72el7x/build.log:Tests failed : 0 -/var/lib/mock/scl72el8x/build.log:Tests failed : 18 +/var/lib/mock/scl72el8x/build.log:Tests failed : 16 /var/lib/mock/scl72fc27x/build.log:Tests failed : 0 /var/lib/mock/scl72fc28x/build.log:Tests failed : 0 /var/lib/mock/scl72fc29x/build.log:Tests failed : 1 -/var/lib/mock/scl72fc29x/build.log:Tests failed : 2 +/var/lib/mock/scl72fc30x/build.log:Tests failed : 1 -fc30x: - openssl_decrypt() with CCM cipher algorithm tests [ext/openssl/tests/openssl_decrypt_ccm.phpt] fc29x, fc30x: TLS server rate-limits client-initiated renegotiation [ext/openssl/tests/stream_server_reneg_limit.phpt] el8x: diff --git a/php-openssl111.patch b/php-openssl111.patch deleted file mode 100644 index ea43711..0000000 --- a/php-openssl111.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 19a44ffb7be91344550fa700830b8e62a73031ba Mon Sep 17 00:00:00 2001 -From: Anatol Belski -Date: Thu, 28 Feb 2019 12:48:47 +0100 -Subject: [PATCH] Sync with behavior change in OpenSSL 1.1.1b - -A behavior change in revealed by some openssl_decrypt() based test, -where an encrypt API is used with a decrypt context. The EVP_Cipher* -functions will automatically choose the right operation depending on the -context passed. ---- - ext/openssl/openssl.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c -index 871a30c..7df5072 100644 ---- a/ext/openssl/openssl.c -+++ b/ext/openssl/openssl.c -@@ -6494,7 +6494,7 @@ static int php_openssl_cipher_update(const EVP_CIPHER *cipher_type, - { - int i = 0; - -- if (mode->is_single_run_aead && !EVP_EncryptUpdate(cipher_ctx, NULL, &i, NULL, (int)data_len)) { -+ if (mode->is_single_run_aead && !EVP_CipherUpdate(cipher_ctx, NULL, &i, NULL, (int)data_len)) { - php_openssl_store_errors(); - php_error_docref(NULL, E_WARNING, "Setting of data length failed"); - return FAILURE; --- -2.1.4 - diff --git a/php.ini b/php.ini index ecc660c..3add9fa 100644 --- a/php.ini +++ b/php.ini @@ -305,6 +305,7 @@ serialize_precision = -1 ; open_basedir, if set, limits all file operations to the defined directory ; and below. This directive makes most sense if used in a per-directory ; or per-virtualhost web server configuration file. +; Note: disables the realpath cache ; http://php.net/open-basedir ;open_basedir = @@ -337,6 +338,7 @@ disable_classes = ; Determines the size of the realpath cache to be used by PHP. This value should ; be increased on systems where PHP opens many files to reflect the quantity of ; the file operations performed. +; Note: if open_basedir is set, the cache is disabled ; http://php.net/realpath-cache-size ;realpath_cache_size = 4096k @@ -582,7 +584,7 @@ html_errors = On ; http://php.net/error-log ; Example: ;error_log = php_errors.log -; Log errors to syslog. +; Log errors to syslog (Event Log on Windows). ;error_log = syslog ;windows.show_crt_warning @@ -938,6 +940,13 @@ cli_server.color = On ; otherwise output encoding conversion cannot be performed. ;iconv.output_encoding = +[imap] +; rsh/ssh logins are disabled by default. Use this INI entry if you want to +; enable them. Note that the IMAP library does not filter mailbox names before +; passing them to rsh/ssh command, thus passing untrusted data to this function +; with rsh/ssh enabled is insecure. +;imap.enable_insecure_rsh=0 + [intl] ;intl.default_locale = ; This directive allows you to produce PHP errors when some error @@ -947,8 +956,19 @@ cli_server.color = On ;intl.use_exceptions = 0 [sqlite3] +; Directory pointing to SQLite3 extensions +; http://php.net/sqlite3.extension-dir ;sqlite3.extension_dir = +; SQLite defensive mode flag (only available from SQLite 3.26+) +; When the defensive flag is enabled, language features that allow ordinary +; SQL to deliberately corrupt the database file are disabled. This forbids +; writing directly to the schema, shadow tables (eg. FTS data tables), or +; the sqlite_dbpage virtual table. +; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html +; (for older SQLite versions, this flag has no use) +;sqlite3.defensive = 1 + [Pcre] ;PCRE library backtracking limit. ; http://php.net/pcre.backtrack-limit @@ -1002,12 +1022,12 @@ sendmail_path = /usr/sbin/sendmail -t -i ;mail.force_extra_parameters = ; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename -mail.add_x_header = On +mail.add_x_header = Off ; The path to a log file that will log all mail() calls. Log entries include ; the full path of the script, line number, To address and headers. ;mail.log = -; Log mail to syslog; +; Log mail to syslog (Event Log on Windows). ;mail.log = syslog [ODBC] @@ -1373,7 +1393,7 @@ session.use_trans_sid = 0 ; Set session ID character length. This value could be between 22 to 256. ; Shorter length than default is supported only for compatibility reason. ; Users should use 32 or more chars. -; http://php.net/session.sid_length +; http://php.net/session.sid-length ; Default Value: 32 ; Development Value: 26 ; Production Value: 26 diff --git a/php.spec b/php.spec index 22e0962..c807829 100644 --- a/php.spec +++ b/php.spec @@ -129,13 +129,13 @@ %global db_devel libdb-devel %endif -%global upver 7.2.16 -#global rcver RC1 +%global upver 7.2.17 +%global rcver RC1 Summary: PHP scripting language for creating dynamic web sites Name: %{?scl_prefix}php Version: %{upver}%{?rcver:~%{rcver}} -Release: 2%{?dist} +Release: 1%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -192,7 +192,6 @@ Patch49: php-7.2.16-pdooci.patch Patch91: php-7.2.0-oci8conf.patch # Upstream fixes (100+) -Patch100: php-openssl111.patch # Security fixes (200+) @@ -937,7 +936,6 @@ low-level PHP extension for the libsodium cryptographic library. %patch91 -p1 -b .remi-oci8 # upstream patches -%patch100 -p1 -b .up # security patches @@ -1886,6 +1884,9 @@ fi %changelog +* Tue Mar 19 2019 Remi Collet 7.2.17~RC1-1 +- update to 7.2.17RC1 + * Tue Mar 5 2019 Remi Collet - 7.2.16-2 - add upstream patch for OpenSSL 1.1.1b -- cgit