diff options
| author | Remi Collet <remi@remirepo.net> | 2024-08-26 15:02:17 +0200 |
|---|---|---|
| committer | Remi Collet <remi@php.net> | 2024-08-26 15:02:17 +0200 |
| commit | a3bc7da51b195f073fd549371b7814866fa15650 (patch) | |
| tree | b320852cdc2363da131b5349f5a6ad4c866b572d | |
| parent | 133908351487ad17ac68b1cd068074e4207ed133 (diff) | |
add backport for https://bugs.php.net/79589
error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading
| -rw-r--r-- | failed.txt | 16 | ||||
| -rw-r--r-- | php-8.0.21-openssl3.patch | 36 | ||||
| -rw-r--r-- | php.spec | 10 |
3 files changed, 53 insertions, 9 deletions
@@ -1,20 +1,24 @@ -===== 8.0.30-6 (2024-06-06) +===== 8.0.30-8 (2024-08-26) $ grep -ar 'Tests failed' /var/lib/mock/*/build.log -/var/lib/mock/scl80el7x/build.log:Tests failed : 0 -/var/lib/mock/scl80el8a/build.log:Tests failed : 0 -/var/lib/mock/scl80el8x/build.log:Tests failed : 0 +/var/lib/mock/scl80el8a/build.log:Tests failed : 3 +/var/lib/mock/scl80el8x/build.log:Tests failed : 3 /var/lib/mock/scl80el9a/build.log:Tests failed : 2 /var/lib/mock/scl80el9x/build.log:Tests failed : 2 -/var/lib/mock/scl80fc38x/build.log:Tests failed : 2 /var/lib/mock/scl80fc39a/build.log:Tests failed : 2 /var/lib/mock/scl80fc39x/build.log:Tests failed : 2 /var/lib/mock/scl80fc40a/build.log:Tests failed : 3 /var/lib/mock/scl80fc40x/build.log:Tests failed : 3 +/var/lib/mock/scl80fc41a/build.log:Tests failed : 3 +/var/lib/mock/scl80fc41x/build.log:Tests failed : 3 -fc38, fc39, el9: +el8 + 3 openssl_error_string() tests [ext/openssl/tests/openssl_error_string_basic.phpt] + 3 openssl_open() tests [ext/openssl/tests/openssl_open_basic.phpt] + 3 openssl_private_decrypt() tests [ext/openssl/tests/openssl_private_decrypt_basic.phpt] +fc39, fc40, fc41, el9: 3 openssl_error_string() tests (OpenSSL >= 3.0) [ext/openssl/tests/openssl_error_string_basic_openssl3.phpt] 3 openssl_private_decrypt() tests [ext/openssl/tests/openssl_private_decrypt_basic.phpt] fc40: diff --git a/php-8.0.21-openssl3.patch b/php-8.0.21-openssl3.patch index 74de0a5..972e2f7 100644 --- a/php-8.0.21-openssl3.patch +++ b/php-8.0.21-openssl3.patch @@ -4756,3 +4756,39 @@ index b119346fe1..d435a53e30 100644 -- 2.43.0 +From 74f75db0c3665677ec006cd379fd561feacffdc6 Mon Sep 17 00:00:00 2001 +From: Jakub Zelenka <bukka@php.net> +Date: Sun, 15 May 2022 13:49:17 +0100 +Subject: [PATCH] Fix bug #79589: ssl3_read_n:unexpected eof while reading + +The unexpected EOF failure was introduced in OpenSSL 3.0 to prevent +truncation attack. However there are many non complaint servers and +it is causing break for many users including potential majority +of those where the truncation attack is not applicable. For that reason +we try to keep behavior consitent with older OpenSSL versions which is +also the path chosen by some other languages and web servers. + +Closes GH-8369 +--- + NEWS | 4 ++++ + ext/openssl/tests/bug79589.phpt | 21 +++++++++++++++++++++ + ext/openssl/xp_ssl.c | 5 +++++ + 3 files changed, 30 insertions(+) + create mode 100644 ext/openssl/tests/bug79589.phpt + +diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c +index 918b3ca5b21df..ce23fb29f4296 100644 +--- a/ext/openssl/xp_ssl.c ++++ b/ext/openssl/xp_ssl.c +@@ -1649,6 +1649,11 @@ int php_openssl_setup_crypto(php_stream *stream, + + ssl_ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; + ++#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF ++ /* Only for OpenSSL 3+ to keep OpenSSL 1.1.1 behavior */ ++ ssl_ctx_options |= SSL_OP_IGNORE_UNEXPECTED_EOF; ++#endif ++ + if (!GET_VER_OPT("disable_compression") || zend_is_true(val)) { + ssl_ctx_options |= SSL_OP_NO_COMPRESSION; + } @@ -50,10 +50,10 @@ %global mysql_sock %(mysql_config --socket 2>/dev/null || echo /var/lib/mysql/mysql.sock) %ifarch aarch64 -%global oraclever 19.23 +%global oraclever 19.24 %global oraclemax 20 %global oraclelib 19.1 -%global oracledir 19.23 +%global oracledir 19.24 %else %global oraclever 23.5 %global oraclemax 24 @@ -128,7 +128,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: %{?scl_prefix}php Version: %{upver}%{?rcver:~%{rcver}}%{?gh_date:.%{gh_date}} -Release: 7%{?dist} +Release: 8%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -1892,6 +1892,10 @@ EOF %changelog +* Wed Jul 31 2024 Remi Collet <remi@remirepo.net> - 8.0.30-8 +- add backport for https://bugs.php.net/79589 + error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading + * Wed Jul 31 2024 Remi Collet <remi@remirepo.net> - 8.0.30-7 - use oracle client library version 23.5 on x86_64 |