ID: 44900
Updated by: [EMAIL PROTECTED]
Reported By: jd at cpanel dot net
Status: Assigned
Bug Type: Compile Failure
Operating System: RedHat Linux AS-2
PHP Version: 5.2.6
Assigned To: pajoye
New Comment:
Side note: 5.3.0 will have 0.9.8g as requirement (or at the 0.9.7 if
0.9.8 is too "new").
Previous Comments:
------------------------------------------------------------------------
[2008-05-03 11:48:25] [EMAIL PROTECTED]
Unless we explicitly stop to support this version, it costs nothing to
apply this patch for the person running Sarge and other conservative
OSes.
------------------------------------------------------------------------
[2008-05-03 11:46:02] [EMAIL PROTECTED]
The last 0.9.6 release was more than *four* years ago - you really
should upgrade as *numerous* security fixes where made there.
------------------------------------------------------------------------
[2008-05-02 23:55:58] jd at cpanel dot net
Description:
------------
PHP 5.2.6 introduces some memory cleanup code in the OpenSSL extension.
Unfortunately, EVP_MD_CTX_cleanup() is only available with OpenSSL
0.9.7 and higher. openssl.c needs to verify EVP_MD_CTX_cleanup() is
available...
diff -Nur php-5.2.6.orig/ext/openssl/openssl.c
php-5.2.6/ext/openssl/openssl.c
--- php-5.2.6.orig/ext/openssl/openssl.c 2008-04-07
05:44:03.000000000 -0500
+++ php-5.2.6/ext/openssl/openssl.c 2008-05-02 17:11:10.000000000
-0500
@@ -3522,7 +3522,9 @@
efree(sigbuf);
RETVAL_FALSE;
}
+#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
EVP_MD_CTX_cleanup(&md_ctx);
+#endif
if (keyresource == -1) {
EVP_PKEY_free(pkey);
}
@@ -3562,7 +3564,9 @@
EVP_VerifyInit (&md_ctx, mdtype);
EVP_VerifyUpdate (&md_ctx, data, data_len);
err = EVP_VerifyFinal (&md_ctx, (unsigned char *)signature,
signature_len, pkey);
+#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
EVP_MD_CTX_cleanup(&md_ctx);
+#endif
if (keyresource == -1) {
EVP_PKEY_free(pkey);
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=44900&edit=1
