(partial) OPENSSL_NO_SSL2 port from 5.3.29

only care that SSLv2_client_method symbol is not linked in

diff --git a/no-sslv2.patch b/no-sslv2.patch
new file mode 100644 (file)
index 0000000..5095416
--- /dev/null
+++ b/no-sslv2.patch
@@ -0,0 +1,46 @@
+--- php-5.2.17/ext/openssl/xp_ssl.c    2010-04-23 16:32:03.000000000 +0300
++++ php-5.3.29/ext/openssl/xp_ssl.c    2014-08-13 22:22:50.000000000 +0300
+@@ -333,9 +329,14 @@
+                       method = SSLv23_client_method();
+                       break;
+               case STREAM_CRYPTO_METHOD_SSLv2_CLIENT:
++#ifdef OPENSSL_NO_SSL2
++                      php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not compiled into the OpenSSL library PHP is linked against");
++                      return -1;
++#else
+                       sslsock->is_client = 1;
+                       method = SSLv2_client_method();
+                       break;
++#endif
+               case STREAM_CRYPTO_METHOD_SSLv3_CLIENT:
+                       sslsock->is_client = 1;
+                       method = SSLv3_client_method();
+@@ -353,9 +354,14 @@
+                       method = SSLv3_server_method();
+                       break;
+               case STREAM_CRYPTO_METHOD_SSLv2_SERVER:
++#ifdef OPENSSL_NO_SSL2
++                      php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not compiled into the OpenSSL library PHP is linked against");
++                      return -1;
++#else
+                       sslsock->is_client = 0;
+                       method = SSLv2_server_method();
+                       break;
++#endif
+               case STREAM_CRYPTO_METHOD_TLS_SERVER:
+                       sslsock->is_client = 0;
+                       method = TLSv1_server_method();
+@@ -813,8 +922,13 @@
+               sslsock->enable_on_connect = 1;
+               sslsock->method = STREAM_CRYPTO_METHOD_SSLv23_CLIENT;
+       } else if (strncmp(proto, "sslv2", protolen) == 0) {
++#ifdef OPENSSL_NO_SSL2
++              php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not compiled into the OpenSSL library PHP is linked against");
++              return NULL;
++#else
+               sslsock->enable_on_connect = 1;
+               sslsock->method = STREAM_CRYPTO_METHOD_SSLv2_CLIENT;
++#endif
+       } else if (strncmp(proto, "sslv3", protolen) == 0) {
+               sslsock->enable_on_connect = 1;
+               sslsock->method = STREAM_CRYPTO_METHOD_SSLv3_CLIENT;

diff --git a/php.spec b/php.spec
index 90f0ccf4d500af7ca742232db94160cc0a9715bc..b2d3406b4014af57c7e29f595e4a946173572251 100644 (file)
--- a/php.spec
+++ b/php.spec
@@ -112,7 +112,7 @@ ERROR: You need to select at least one Apache SAPI to build shared modules.
 %define                magic_mime      /usr/share/misc/magic.mime
 %endif
 
-%define                rel     17
+%define                rel     18
 %define                orgname php
 %define                ver_suffix 52
 %define                php_suffix %{!?with_default_php:%{ver_suffix}}
@@ -197,6 +197,7 @@ Patch44:    %{orgname}-include_path.patch
 Patch45:       %{orgname}-imap-annotations.patch
 Patch46:       %{orgname}-imap-myrights.patch
 Patch47:       suhosin.patch
+Patch48:       no-sslv2.patch
 Patch49:       %{orgname}-m4-divert.patch
 Patch50:       extension-shared-optional-dep.patch
 Patch51:       spl-shared.patch
@@ -1925,6 +1926,7 @@ done
 %if %{with suhosin}
 %patch47 -p1
 %endif
+%patch48 -p1
 %patch49 -p1
 %patch50 -p1
 %patch51 -p1