mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-13 12:32:08 +02:00
Code Issues Projects Releases Wiki Activity

MDL-56917 core_upgrade: Do not use the raw version to check cURL caps.

Browse Source 
Some Linux distros can backport features due to security issues
while keeping the same (old) version. See e.g.:
- RHEL 7, https://rhn.redhat.com/errata/RHSA-2015-2159.html
- RHEL 6, https://rhn.redhat.com/errata/RHBA-2016-0842.html
- Remi PHP 7.0.x, https://github.com/remicollet/remirepo/commit/87954ef9ca41
This commit is contained in:
Matteo Scaramuccia 2016-11-12 23:35:40 +01:00
parent 0b8e0c374f
commit ade30c673c
2 changed files with 4 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/classes/upgrade/util.php
View File

@ -86,7 +86,9 @@ final class util {
* @return bool
*/
public static function can_use_tls12(array $curlinfo, $uname) {
if ($curlinfo['version_number'] < 467456 || !defined('CURL_SSLVERSION_TLSv1_2')) {
// Do not compare the cURL version, e.g. $curlinfo['version_number'], with v7.34.0 (467456):
// some Linux distros backport security issues and keep lower version numbers.
if (!defined('CURL_SSLVERSION_TLSv1_2')) {
return false;
}

18
lib/tests/upgrade_util_test.php
View File

@ -24,7 +24,7 @@
defined('MOODLE_INTERNAL') || die();
// Hack to let tests run on travis..
// Hack to let tests run on Travis CI.
defined('CURL_SSLVERSION_TLSv1_2') || define('CURL_SSLVERSION_TLSv1_2', 6);
/**
@ -36,16 +36,6 @@ defined('CURL_SSLVERSION_TLSv1_2') || define('CURL_SSLVERSION_TLSv1_2', 6);
*/
class upgrade_util_testcase extends advanced_testcase {
/**
* A cURL version that supports TLS 1.2.
*/
const VALID_CURL_VERSION = 467456;
/**
* A cURL version that does not support TLS 1.2.
*/
const INVALID_CURL_VERSION = 467455;
/**
* The value of PHP_ZTS when thread safety is enabled.
*/
@ -132,17 +122,11 @@ class upgrade_util_testcase extends advanced_testcase {
// Set the curl values we are testing to the passed data.
$curlinfo['ssl_version'] = $sslversion;
$curlinfo['version_number'] = self::VALID_CURL_VERSION;
// Set uname to system value if none passed in test case.
$uname = !empty($uname) ? $uname : php_uname('r');
$this->assertSame($expected, \core\upgrade\util::can_use_tls12($curlinfo, $uname));
// Now set the curl version to outdated one.
$curlinfo['version_number'] = self::INVALID_CURL_VERSION;
// Tls12 should never be possible now curl version is bad.
$this->assertFalse(\core\upgrade\util::can_use_tls12($curlinfo, $uname));
}
/**