diff --git a/php-openssl111.patch b/php-openssl111.patch new file mode 100644 index 0000000..ea43711 --- /dev/null +++ b/php-openssl111.patch @@ -0,0 +1,29 @@ +From 19a44ffb7be91344550fa700830b8e62a73031ba Mon Sep 17 00:00:00 2001 +From: Anatol Belski +Date: Thu, 28 Feb 2019 12:48:47 +0100 +Subject: [PATCH] Sync with behavior change in OpenSSL 1.1.1b + +A behavior change in revealed by some openssl_decrypt() based test, +where an encrypt API is used with a decrypt context. The EVP_Cipher* +functions will automatically choose the right operation depending on the +context passed. +--- + ext/openssl/openssl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c +index 871a30c..7df5072 100644 +--- a/ext/openssl/openssl.c ++++ b/ext/openssl/openssl.c +@@ -6494,7 +6494,7 @@ static int php_openssl_cipher_update(const EVP_CIPHER *cipher_type, + { + int i = 0; + +- if (mode->is_single_run_aead && !EVP_EncryptUpdate(cipher_ctx, NULL, &i, NULL, (int)data_len)) { ++ if (mode->is_single_run_aead && !EVP_CipherUpdate(cipher_ctx, NULL, &i, NULL, (int)data_len)) { + php_openssl_store_errors(); + php_error_docref(NULL, E_WARNING, "Setting of data length failed"); + return FAILURE; +-- +2.1.4 + diff --git a/php.spec b/php.spec index 12d466d..ac1abfc 100644 --- a/php.spec +++ b/php.spec @@ -59,7 +59,7 @@ %endif %global upver 7.3.3 -%global rcver RC1 +#global rcver RC1 Summary: PHP scripting language for creating dynamic web sites Name: php @@ -111,6 +111,7 @@ Patch46: php-7.2.4-fixheader.patch Patch47: php-5.6.3-phpinfo.patch # Upstream fixes (100+) +Patch100: php-openssl111.patch # Security fixes (200+) @@ -712,6 +713,7 @@ low-level PHP extension for the libsodium cryptographic library. %patch47 -p1 -b .phpinfo # upstream patches +%patch100 -p1 -b .up # security patches @@ -1556,6 +1558,10 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || : %changelog +* Wed Mar 6 2019 Remi Collet - 7.3.3-1 +- Update to 7.3.3 - http://www.php.net/releases/7_3_3.php +- add upstream patch for OpenSSL 1.1.1b + * Tue Feb 19 2019 Remi Collet - 7.3.3~RC1-1 - update to 7.3.3RC1 - adapt systzdata patch (v18) diff --git a/sources b/sources index c23a56c..377d1f5 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (php-7.3.3RC1.tar.xz) = 417dac7b001d2839b55dd80e5ba41a4e4647a84618a5b811eda3712f888c538af679a8cef4b09248bc967ba41ef62f3f448f65b69561d39412e4b6accde72c79 +SHA512 (php-7.3.3.tar.xz) = bad5fa35f5962fa23dbe01fe85f76ce80e431cf2f9719284c082bb1fa32af26407407a97d3bf999165a6158f83a9669e3dd641f6d70028ec644b74a414fb803d