From c2cf26468e469d4c77805f2881229a0d33533be4 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Oct 30 2018 04:59:37 +0000
Subject: import php-5.4.16-46.el7


---

diff --git a/SOURCES/php-5.4.16-openssl-config.patch b/SOURCES/php-5.4.16-openssl-config.patch
new file mode 100644
index 0000000..2703413
--- /dev/null
+++ b/SOURCES/php-5.4.16-openssl-config.patch
@@ -0,0 +1,25 @@
+Adapted for 5.4.16 from
+https://github.com/php/php-src/commit/1f843a8fb50de77a3f53a6b892a46d9e0afdfdd7
+
+See https://bugzilla.redhat.com/1408301
+
+
+diff -up ./ext/openssl/openssl.c.old ./ext/openssl/openssl.c
+--- ./ext/openssl/openssl.c.old	2018-06-19 14:29:32.461412077 +0200
++++ ./ext/openssl/openssl.c	2018-06-19 14:29:56.351152059 +0200
+@@ -1038,6 +1038,7 @@ PHP_MINIT_FUNCTION(openssl)
+ 	le_x509 = zend_register_list_destructors_ex(php_x509_free, NULL, "OpenSSL X.509", module_number);
+ 	le_csr = zend_register_list_destructors_ex(php_csr_free, NULL, "OpenSSL X.509 CSR", module_number);
+ 
++	OPENSSL_config(NULL); 
+ 	SSL_library_init();
+ 	OpenSSL_add_all_ciphers();
+ 	OpenSSL_add_all_digests();
+@@ -1178,6 +1179,7 @@ PHP_MINFO_FUNCTION(openssl)
+ PHP_MSHUTDOWN_FUNCTION(openssl)
+ {
+ 	EVP_cleanup();
++	CONF_modules_free();
+ 
+ 	php_unregister_url_stream_wrapper("https" TSRMLS_CC);
+ 	php_unregister_url_stream_wrapper("ftps" TSRMLS_CC);
diff --git a/SPECS/php.spec b/SPECS/php.spec
index f8a1c37..8676d47 100644
--- a/SPECS/php.spec
+++ b/SPECS/php.spec
@@ -69,7 +69,7 @@
 Summary: PHP scripting language for creating dynamic web sites
 Name: php
 Version: 5.4.16
-Release: 45%{?dist}
+Release: 46%{?dist}
 # All files licensed under PHP version 3.01, except
 # Zend is licensed under Zend
 # TSRM is licensed under BSD
@@ -149,6 +149,8 @@ Patch49: php-5.4.16-curltls.patch
 Patch50: php-5.4.16-fpmclearenv.patch
 # fix default_socket_timeout does not work with SSL
 Patch51: php-5.4.16-openssl-timeout.patch
+# load openssl configuration file
+Patch52: php-5.4.16-openssl-config.patch
 
 # Fixes for tests
 Patch60: php-5.4.16-pdotests.patch
@@ -733,6 +735,7 @@ support for using the enchant library to PHP.
 %patch49 -p1 -b .curltls
 %patch50 -p1 -b .clearenv
 %patch51 -p1 -b .ssl_timeout
+%patch52 -p1 -b .config
 
 %patch60 -p1 -b .pdotests
 
@@ -1564,6 +1567,9 @@ fi
 
 
 %changelog
+* Tue Jun 19 2018 Remi Collet <rcollet@redhat.com> - 5.4.16-46
+- load openssl configuration file on startup #1408301
+
 * Tue Jan 23 2018 Remi Collet <rcollet@redhat.com> - 5.4.16-45
 - gd: fix buffer over-read into uninitialized memory CVE-2017-7890