From ea79f0802baf34e3fab36e28b83bab0e887e2511 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Tue, 5 Mar 2019 15:51:09 +0100
Subject: add upstream patch for OpenSSL 1.1.1b

---
 failed.txt           |  3 +--
 php-openssl111.patch | 29 +++++++++++++++++++++++++++++
 php.spec             |  7 ++++++-
 3 files changed, 36 insertions(+), 3 deletions(-)
 create mode 100644 php-openssl111.patch

diff --git a/failed.txt b/failed.txt
index 9649a96..11f3c0a 100644
--- a/failed.txt
+++ b/failed.txt
@@ -7,11 +7,10 @@ $ grep -r 'Tests failed' /var/lib/mock/scl72*/build.log
 /var/lib/mock/scl72el8x/build.log:Tests failed    :    18
 /var/lib/mock/scl72fc27x/build.log:Tests failed    :    0
 /var/lib/mock/scl72fc28x/build.log:Tests failed    :    0
-/var/lib/mock/scl72fc29x/build.log:Tests failed    :    2
+/var/lib/mock/scl72fc29x/build.log:Tests failed    :    1
 
 
 fc29x:
-		openssl_decrypt() with CCM cipher algorithm tests [ext/openssl/tests/openssl_decrypt_ccm.phpt]
 		TLS server rate-limits client-initiated renegotiation [ext/openssl/tests/stream_server_reneg_limit.phpt]
 el8x:
 		buildroot issue under investigation
diff --git a/php-openssl111.patch b/php-openssl111.patch
new file mode 100644
index 0000000..ea43711
--- /dev/null
+++ b/php-openssl111.patch
@@ -0,0 +1,29 @@
+From 19a44ffb7be91344550fa700830b8e62a73031ba Mon Sep 17 00:00:00 2001
+From: Anatol Belski <ab@php.net>
+Date: Thu, 28 Feb 2019 12:48:47 +0100
+Subject: [PATCH] Sync with behavior change in OpenSSL 1.1.1b
+
+A behavior change in revealed by some openssl_decrypt() based test,
+where an encrypt API is used with a decrypt context. The EVP_Cipher*
+functions will automatically choose the right operation depending on the
+context passed.
+---
+ ext/openssl/openssl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
+index 871a30c..7df5072 100644
+--- a/ext/openssl/openssl.c
++++ b/ext/openssl/openssl.c
+@@ -6494,7 +6494,7 @@ static int php_openssl_cipher_update(const EVP_CIPHER *cipher_type,
+ {
+ 	int i = 0;
+ 
+-	if (mode->is_single_run_aead && !EVP_EncryptUpdate(cipher_ctx, NULL, &i, NULL, (int)data_len)) {
++	if (mode->is_single_run_aead && !EVP_CipherUpdate(cipher_ctx, NULL, &i, NULL, (int)data_len)) {
+ 		php_openssl_store_errors();
+ 		php_error_docref(NULL, E_WARNING, "Setting of data length failed");
+ 		return FAILURE;
+-- 
+2.1.4
+
diff --git a/php.spec b/php.spec
index af1579d..22e0962 100644
--- a/php.spec
+++ b/php.spec
@@ -135,7 +135,7 @@
 Summary: PHP scripting language for creating dynamic web sites
 Name: %{?scl_prefix}php
 Version: %{upver}%{?rcver:~%{rcver}}
-Release: 1%{?dist}
+Release: 2%{?dist}
 # All files licensed under PHP version 3.01, except
 # Zend is licensed under Zend
 # TSRM is licensed under BSD
@@ -192,6 +192,7 @@ Patch49: php-7.2.16-pdooci.patch
 Patch91: php-7.2.0-oci8conf.patch
 
 # Upstream fixes (100+)
+Patch100: php-openssl111.patch
 
 # Security fixes (200+)
 
@@ -936,6 +937,7 @@ low-level PHP extension for the libsodium cryptographic library.
 %patch91 -p1 -b .remi-oci8
 
 # upstream patches
+%patch100 -p1 -b .up
 
 # security patches
 
@@ -1884,6 +1886,9 @@ fi
 
 
 %changelog
+* Tue Mar  5 2019 Remi Collet <remi@remirepo.net> - 7.2.16-2
+- add upstream patch for OpenSSL 1.1.1b
+
 * Tue Mar  5 2019 Remi Collet <remi@remirepo.net> - 7.2.16-1
 - Update to 7.2.16 - http://www.php.net/releases/7_2_16.php
 
-- 
cgit