diff --git a/layers/openssl3.patch b/layers/openssl3.patch new file mode 100644 index 00000000..8b053983 --- /dev/null +++ b/layers/openssl3.patch @@ -0,0 +1,13 @@ +Patch for OpenSSL 3 support for PHP 8.0 +--- a/ext/openssl/openssl.c ++++ b/ext/openssl/openssl.c +@@ -1325,7 +1325,9 @@ + REGISTER_LONG_CONSTANT("OPENSSL_CMS_NOSIGS", CMS_NOSIGS, CONST_CS|CONST_PERSISTENT); + + REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_PADDING", RSA_PKCS1_PADDING, CONST_CS|CONST_PERSISTENT); ++#ifdef RSA_SSLV23_PADDING + REGISTER_LONG_CONSTANT("OPENSSL_SSLV23_PADDING", RSA_SSLV23_PADDING, CONST_CS|CONST_PERSISTENT); ++#endif + REGISTER_LONG_CONSTANT("OPENSSL_NO_PADDING", RSA_NO_PADDING, CONST_CS|CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_OAEP_PADDING", RSA_PKCS1_OAEP_PADDING, CONST_CS|CONST_PERSISTENT); + diff --git a/php-80/Dockerfile b/php-80/Dockerfile index ce2d1a43..01d5f2f0 100644 --- a/php-80/Dockerfile +++ b/php-80/Dockerfile @@ -103,13 +103,14 @@ RUN set -xe; \ # Needed by: # - curl # - php -ENV VERSION_OPENSSL=1.1.1w +RUN yum install -y perl-IPC-Cmd +ENV VERSION_OPENSSL=3.2.0-beta1 ENV OPENSSL_BUILD_DIR=${BUILD_DIR}/openssl ENV CA_BUNDLE_SOURCE="https://curl.se/ca/cacert.pem" ENV CA_BUNDLE="${INSTALL_DIR}/bref/ssl/cert.pem" RUN set -xe; \ mkdir -p ${OPENSSL_BUILD_DIR}; \ - curl -Ls https://github.com/openssl/openssl/archive/OpenSSL_${VERSION_OPENSSL//./_}.tar.gz \ + curl -Ls https://github.com/openssl/openssl/releases/download/openssl-${VERSION_OPENSSL}/openssl-${VERSION_OPENSSL}.tar.gz \ | tar xzC ${OPENSSL_BUILD_DIR} --strip-components=1 WORKDIR ${OPENSSL_BUILD_DIR}/ RUN CFLAGS="" \ @@ -384,6 +385,10 @@ ARG VERSION_PHP RUN curl --location --silent --show-error --fail https://www.php.net/get/php-${VERSION_PHP}.tar.gz/from/this/mirror \ | tar xzC . --strip-components=1 +COPY layers/openssl3.patch ${PHP_BUILD_DIR} +RUN patch -N -p1 -s < openssl3.patch +RUN rm openssl3.patch + # Configure the build # -fstack-protector-strong : Be paranoid about stack overflows # -fpic : Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) diff --git a/php-81/Dockerfile b/php-81/Dockerfile index 3ef0bd60..a6614df9 100644 --- a/php-81/Dockerfile +++ b/php-81/Dockerfile @@ -104,7 +104,7 @@ RUN set -xe; \ # - curl # - php RUN yum install -y perl-IPC-Cmd -ENV VERSION_OPENSSL=3.0.12 +ENV VERSION_OPENSSL=3.2.0-beta1 ENV OPENSSL_BUILD_DIR=${BUILD_DIR}/openssl ENV CA_BUNDLE_SOURCE="https://curl.se/ca/cacert.pem" ENV CA_BUNDLE="${INSTALL_DIR}/bref/ssl/cert.pem" diff --git a/php-82/Dockerfile b/php-82/Dockerfile index d74cedf7..159d1434 100644 --- a/php-82/Dockerfile +++ b/php-82/Dockerfile @@ -104,7 +104,7 @@ RUN set -xe; \ # - curl # - php RUN yum install -y perl-IPC-Cmd -ENV VERSION_OPENSSL=3.0.12 +ENV VERSION_OPENSSL=3.2.0-beta1 ENV OPENSSL_BUILD_DIR=${BUILD_DIR}/openssl ENV CA_BUNDLE_SOURCE="https://curl.se/ca/cacert.pem" ENV CA_BUNDLE="${INSTALL_DIR}/bref/ssl/cert.pem" diff --git a/php-83/Dockerfile b/php-83/Dockerfile index 5befd8e1..3202a636 100644 --- a/php-83/Dockerfile +++ b/php-83/Dockerfile @@ -105,7 +105,7 @@ RUN set -xe; \ # - curl # - php RUN yum install -y perl-IPC-Cmd -ENV VERSION_OPENSSL=3.0.12 +ENV VERSION_OPENSSL=3.2.0-beta1 ENV OPENSSL_BUILD_DIR=${BUILD_DIR}/openssl ENV CA_BUNDLE_SOURCE="https://curl.se/ca/cacert.pem" ENV CA_BUNDLE="${INSTALL_DIR}/bref/ssl/cert.pem"