diff --git a/PHP-8.0-OpenSSL-3.0-compatibility.patch b/PHP-8.0-OpenSSL-3.0-compatibility.patch new file mode 100644 index 0000000..339a65c --- /dev/null +++ b/PHP-8.0-OpenSSL-3.0-compatibility.patch @@ -0,0 +1,54 @@ +diff -Naur openssl/openssl.c openssl-NEU/openssl.c +--- openssl/openssl.c 2023-08-03 19:13:08.000000000 +0200 ++++ openssl-NEU/openssl.c 2023-10-26 17:06:39.953717955 +0200 +@@ -1325,7 +1325,9 @@ + REGISTER_LONG_CONSTANT("OPENSSL_CMS_NOSIGS", CMS_NOSIGS, CONST_CS|CONST_PERSISTENT); + + REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_PADDING", RSA_PKCS1_PADDING, CONST_CS|CONST_PERSISTENT); ++#ifdef RSA_SSLV23_PADDING + REGISTER_LONG_CONSTANT("OPENSSL_SSLV23_PADDING", RSA_SSLV23_PADDING, CONST_CS|CONST_PERSISTENT); ++#endif + REGISTER_LONG_CONSTANT("OPENSSL_NO_PADDING", RSA_NO_PADDING, CONST_CS|CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_OAEP_PADDING", RSA_PKCS1_OAEP_PADDING, CONST_CS|CONST_PERSISTENT); + +diff -Naur openssl/tests/bug28382.phpt openssl-NEU/tests/bug28382.phpt +--- openssl/tests/bug28382.phpt 2023-08-03 19:13:08.000000000 +0200 ++++ openssl-NEU/tests/bug28382.phpt 2023-10-26 17:10:51.538942020 +0200 +@@ -9,11 +9,10 @@ + $cert = file_get_contents(__DIR__ . "/bug28382cert.txt"); + $ext = openssl_x509_parse($cert); + var_dump($ext['extensions']); +-/* openssl 1.0 prepends the string "Full Name:" to the crlDistributionPoints array key. +- For now, as this is the one difference only between 0.9.x and 1.x, it's handled with +- placeholders to not to duplicate the test. When more diffs come, a duplication would +- be probably a better solution. +-*/ ++/* ++ * The reason for %A at the end of crlDistributionPoints and authorityKeyIdentifier is that ++ * OpenSSL 3.0 removes new lines which were present in previous versions. ++ */^ + ?> + --EXPECTF-- + array(11) { +@@ -24,8 +23,7 @@ + ["nsCertType"]=> + string(30) "SSL Client, SSL Server, S/MIME" + ["crlDistributionPoints"]=> +- string(%d) "%AURI:http://mobile.blue-software.ro:90/ca/crl.shtml +-" ++ string(%d) "Full Name:%AURI:http://mobile.blue-software.ro:90/ca/crl.shtml%A" + ["nsCaPolicyUrl"]=> + string(38) "http://mobile.blue-software.ro:90/pub/" + ["subjectAltName"]=> +@@ -33,9 +31,8 @@ + ["subjectKeyIdentifier"]=> + string(59) "B0:A7:FF:F9:41:15:DE:23:39:BD:DD:31:0F:97:A0:B2:A2:74:E0:FC" + ["authorityKeyIdentifier"]=> +- string(115) "DirName:/C=RO/ST=Romania/L=Craiova/O=Sergiu/OU=Sergiu SRL/CN=Sergiu CA/emailAddress=n_sergiu@hotmail.com +-serial:00 +-" ++ string(%d) "DirName:/C=RO/ST=Romania/L=Craiova/O=Sergiu/OU=Sergiu SRL/CN=Sergiu CA/emailAddress=n_sergiu@hotmail.com ++serial:00%A" + ["keyUsage"]=> + string(71) "Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment" + ["nsBaseUrl"]=> diff --git a/mod_php_install.sh b/mod_php_install.sh index c689345..0f4b3e3 100755 --- a/mod_php_install.sh +++ b/mod_php_install.sh @@ -1888,8 +1888,8 @@ if ([[ "$PHP_MAJOR_VERSION" -eq 7 ]] && [[ "$PHP_MINOR_VERSION" -lt 4 ]]) \ _install_freetype=true - if [[ "$PHP_MAJOR_VERSION" -lt 7 ]] \ - || ([[ "$PHP_MAJOR_VERSION" -eq 7 ]] && [[ "$PHP_MINOR_VERSION" -eq 0 ]]) ; then + if [[ $PHP_MAJOR_VERSION -lt 7 ]] \ + || ([[ $PHP_MAJOR_VERSION -eq 7 ]] && [[ $PHP_MINOR_VERSION -eq 0 ]]) ; then echo "" @@ -1955,40 +1955,44 @@ if ([[ "$PHP_MAJOR_VERSION" -eq 7 ]] && [[ "$PHP_MINOR_VERSION" -lt 4 ]]) \ fi if [[ "$PHP_MAJOR_VERSION" -lt 7 ]] \ - || ([[ "$PHP_MAJOR_VERSION" -eq 7 ]] && [[ "$PHP_MINOR_VERSION" -lt 2 ]]) ; then + || ([[ "$PHP_MAJOR_VERSION" -eq 7 ]] && [[ "$PHP_MINOR_VERSION" -lt 4 ]]) ; then - echo "" - echo "" - echo -e "\033[32m--\033[m" - echo "" - echo -e "We need to install a version of libicu (icu4c), which supports" - echo -e "service 'icu-config'. The development library libicu-dev" - echo -e "of this distribution doesn't." - echo -e "" - echo -e "Which version of icu4c should be installed?" - echo "" - ICU4C_VERSION= - if [[ -n "$_ICU4C_VERSION" ]]; then - echononl "ICU4C Version [${_ICU4C_VERSION}]: " - read ICU4C_VERSION - if [[ "X$ICU4C_VERSION" = "X" ]] ; then - ICU4C_VERSION="$_ICU4C_VERSION" - fi - else - echononl "ICU4C Version: " - read ICU4C_VERSION - while [[ "X$ICU4C_VERSION" = "X" ]]; do - echo -e "\n \033[33m\033[1ICU4C Version must not be empty!\033[m\n" - echononl "ICU4C Version : " + if [[ "$PHP_MINOR_VERSION" -eq 0 ]] || ([[ "$os_dist" = "debian" ]] && [[ $os_version -gt 11 ]]); then + + echo "" + echo "" + echo -e "\033[32m--\033[m" + echo "" + echo -e "We need to install a version of libicu (icu4c), which supports" + echo -e "service 'icu-config'. The development library libicu-dev" + echo -e "of this distribution doesn't." + echo -e "" + echo -e "Which version of icu4c should be installed?" + echo "" + ICU4C_VERSION= + if [[ -n "$_ICU4C_VERSION" ]]; then + echononl "ICU4C Version [${_ICU4C_VERSION}]: " read ICU4C_VERSION - done + if [[ "X$ICU4C_VERSION" = "X" ]] ; then + ICU4C_VERSION="$_ICU4C_VERSION" + fi + else + echononl "ICU4C Version: " + read ICU4C_VERSION + while [[ "X$ICU4C_VERSION" = "X" ]]; do + echo -e "\n \033[33m\033[1ICU4C Version must not be empty!\033[m\n" + echononl "ICU4C Version : " + read ICU4C_VERSION + done + fi + + ICU4C_MAJOR_VERSION=`echo $ICU4C_VERSION | cut -d '-' -f1` + ICU4C_MINOR_VERSION=`echo $ICU4C_VERSION | cut -d '-' -f2` + + _install_icu4c=true + fi - ICU4C_MAJOR_VERSION=`echo $ICU4C_VERSION | cut -d '-' -f1` - ICU4C_MINOR_VERSION=`echo $ICU4C_VERSION | cut -d '-' -f2` - - _install_icu4c=true - if [[ "$os_dist" = "debian" ]] && [[ $os_version -gt 11 ]] ; then echo "" @@ -3799,7 +3803,7 @@ else fi echononl "\tApply patch to compile against OpenSSL 3.0.." -if [[ "$os_dist" = "debian" ]] && [[ $os_version -gt 11 ]] && [[ $PHP_MAJOR_VERSION = 7 ]]; then +if [[ "$os_dist" = "debian" ]] && [[ $os_version -gt 11 ]] && [[ $PHP_MAJOR_VERSION -eq 7 ]] ; then if [[ -f ${_srcdir}/PHP-7.4-OpenSSL-3.0-compatibility.patch ]] ; then patch -d $_builddir/ext -p 0 < ${_srcdir}/PHP-7.4-OpenSSL-3.0-compatibility.patch > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]]; then @@ -3812,6 +3816,20 @@ if [[ "$os_dist" = "debian" ]] && [[ $os_version -gt 11 ]] && [[ $PHP_MAJOR_VER echo_failed fatal "Can't find patchfile '${_srcdir}/PHP-7.4-OpenSSL-3.0-compatibility.patch'" fi +elif [[ "$os_dist" = "debian" ]] && [[ $os_version -gt 11 ]] && ([[ $PHP_MAJOR_VERSION -eq 8 ]] \ + && [[ $PHP_MINOR_VERSION -eq 0 ]]); then + if [[ -f ${_srcdir}/PHP-8.0-OpenSSL-3.0-compatibility.patch ]] ; then + patch -d $_builddir/ext -p 0 < ${_srcdir}/PHP-8.0-OpenSSL-3.0-compatibility.patch > $tmp_err_msg 2>&1 + if [[ $? -eq 0 ]]; then + echo_ok + else + echo_failed + fatal "$(cat $tmp_err_msg)" + fi + else + echo_failed + fatal "Can't find patchfile '${_srcdir}/PHP-8.0-OpenSSL-3.0-compatibility.patch'" + fi else echo_skipped fi @@ -3940,14 +3958,14 @@ else fi -if ([[ "$PHP_MAJOR_VERSION" -eq "5" ]] || ([[ "$PHP_MAJOR_VERSION" -eq "7" ]] && [[ "$PHP_MINOR_VERSION" -eq 0 ]])) \ +if ([[ $PHP_MAJOR_VERSION -eq 5 ]] || ([[ $PHP_MAJOR_VERSION -eq 7 ]] && [[ $PHP_MINOR_VERSION -eq 0 ]])) \ && [[ "$os_dist" = "debian" ]] && [[ $os_version -ge 10 ]]; then config_params="$config_params --with-libxml-dir=/usr/local/libxml2 --with-icu-dir=/usr/local/icu4c" fi -if ([[ "$PHP_MAJOR_VERSION" -eq "7" ]] && [[ "$PHP_MINOR_VERSION" -gt 0 ]] && [[ "$PHP_MINOR_VERSION" -lt 2 ]]) \ +if ([[ $PHP_MAJOR_VERSION -eq 7 ]] && [[ $PHP_MINOR_VERSION -gt 0 ]] && [[ $PHP_MINOR_VERSION -lt 4 ]]) \ && [[ "$os_dist" = "debian" ]] && [[ $os_version -ge 11 ]]; then config_params="$config_params --with-icu-dir=/usr/local/icu4c"