From: Elan Ruusamäe <glen@delfi.ee>
Date: Thu, 3 Mar 2016 17:24:03 +0000 (+0200)
Subject: (partial) OPENSSL_NO_SSL2 port from 5.3.29
X-Git-Tag: auto/th/php52-5.2.17-20130717.18
X-Git-Url: https://git.pld-linux.org/?a=commitdiff_plain;h=fcc49ef52e84b4cbb7c3a4957a2c3892d88195a9;hp=be5d443de2b2c4611adfb4fc45570e3584afdaeb;p=packages%2Fphp.git

(partial) OPENSSL_NO_SSL2 port from 5.3.29

only care that SSLv2_client_method symbol is not linked in
---

diff --git a/no-sslv2.patch b/no-sslv2.patch
new file mode 100644
index 0000000..5095416
--- /dev/null
+++ b/no-sslv2.patch
@@ -0,0 +1,46 @@
+--- php-5.2.17/ext/openssl/xp_ssl.c	2010-04-23 16:32:03.000000000 +0300
++++ php-5.3.29/ext/openssl/xp_ssl.c	2014-08-13 22:22:50.000000000 +0300
+@@ -333,9 +329,14 @@
+ 			method = SSLv23_client_method();
+ 			break;
+ 		case STREAM_CRYPTO_METHOD_SSLv2_CLIENT:
++#ifdef OPENSSL_NO_SSL2
++			php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not compiled into the OpenSSL library PHP is linked against");
++			return -1;
++#else
+ 			sslsock->is_client = 1;
+ 			method = SSLv2_client_method();
+ 			break;
++#endif
+ 		case STREAM_CRYPTO_METHOD_SSLv3_CLIENT:
+ 			sslsock->is_client = 1;
+ 			method = SSLv3_client_method();
+@@ -353,9 +354,14 @@
+ 			method = SSLv3_server_method();
+ 			break;
+ 		case STREAM_CRYPTO_METHOD_SSLv2_SERVER:
++#ifdef OPENSSL_NO_SSL2
++			php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not compiled into the OpenSSL library PHP is linked against");
++			return -1;
++#else
+ 			sslsock->is_client = 0;
+ 			method = SSLv2_server_method();
+ 			break;
++#endif
+ 		case STREAM_CRYPTO_METHOD_TLS_SERVER:
+ 			sslsock->is_client = 0;
+ 			method = TLSv1_server_method();
+@@ -813,8 +922,13 @@
+ 		sslsock->enable_on_connect = 1;
+ 		sslsock->method = STREAM_CRYPTO_METHOD_SSLv23_CLIENT;
+ 	} else if (strncmp(proto, "sslv2", protolen) == 0) {
++#ifdef OPENSSL_NO_SSL2
++		php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not compiled into the OpenSSL library PHP is linked against");
++		return NULL;
++#else
+ 		sslsock->enable_on_connect = 1;
+ 		sslsock->method = STREAM_CRYPTO_METHOD_SSLv2_CLIENT;
++#endif
+ 	} else if (strncmp(proto, "sslv3", protolen) == 0) {
+ 		sslsock->enable_on_connect = 1;
+ 		sslsock->method = STREAM_CRYPTO_METHOD_SSLv3_CLIENT;
diff --git a/php.spec b/php.spec
index 90f0ccf..b2d3406 100644
--- a/php.spec
+++ b/php.spec
@@ -112,7 +112,7 @@ ERROR: You need to select at least one Apache SAPI to build shared modules.
 %define		magic_mime	/usr/share/misc/magic.mime
 %endif
 
-%define		rel	17
+%define		rel	18
 %define		orgname	php
 %define		ver_suffix 52
 %define		php_suffix %{!?with_default_php:%{ver_suffix}}
@@ -197,6 +197,7 @@ Patch44:	%{orgname}-include_path.patch
 Patch45:	%{orgname}-imap-annotations.patch
 Patch46:	%{orgname}-imap-myrights.patch
 Patch47:	suhosin.patch
+Patch48:	no-sslv2.patch
 Patch49:	%{orgname}-m4-divert.patch
 Patch50:	extension-shared-optional-dep.patch
 Patch51:	spl-shared.patch
@@ -1925,6 +1926,7 @@ done
 %if %{with suhosin}
 %patch47 -p1
 %endif
+%patch48 -p1
 %patch49 -p1
 %patch50 -p1
 %patch51 -p1