diff options
author | tron <tron> | 2013-08-25 16:52:09 +0000 |
---|---|---|
committer | tron <tron> | 2013-08-25 16:52:09 +0000 |
commit | 0f9b669ffe5532df95507495143ae23019e22ec0 (patch) | |
tree | 98eb1fedeb1790fe605fb8fa26fc5479a222c9d5 | |
parent | 29e94d0a06f06a1f358e2545e61429f2dffa94bb (diff) | |
download | pkgsrc-0f9b669ffe5532df95507495143ae23019e22ec0.tar.gz |
Pullup ticket #4220 - requested by taca
lang/php53: security patch
Revisions pulled up:
- lang/php53/Makefile 1.43 via patch
- lang/php53/distinfo 1.67-1.68
- lang/php53/patches/patch-ext_openssl_openssl.c 1.1-1.2
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Aug 14 15:42:56 UTC 2013
Modified Files:
pkgsrc/lang/php53: Makefile distinfo
Added Files:
pkgsrc/lang/php53/patches: patch-ext_openssl_openssl.c
Log Message:
Add fix fo openssl, CVE-2013-4073.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Aug 16 00:38:13 UTC 2013
Modified Files:
pkgsrc/lang/php53: distinfo
pkgsrc/lang/php53/patches: patch-ext_openssl_openssl.c
Log Message:
Since openssl's security problem has assigned CVE-2013-4248, update comment
in the patch file.
-rw-r--r-- | lang/php53/Makefile | 3 | ||||
-rw-r--r-- | lang/php53/distinfo | 3 | ||||
-rw-r--r-- | lang/php53/patches/patch-ext_openssl_openssl.c | 114 |
3 files changed, 118 insertions, 2 deletions
diff --git a/lang/php53/Makefile b/lang/php53/Makefile index 09a6e487d86..d6fb10295c2 100644 --- a/lang/php53/Makefile +++ b/lang/php53/Makefile @@ -1,9 +1,10 @@ -# $NetBSD: Makefile,v 1.39 2013/03/16 01:58:17 taca Exp $ +# $NetBSD: Makefile,v 1.39.4.1 2013/08/25 16:52:09 tron Exp $ # # We can't omit PKGNAME here to handle PKG_OPTIONS. # PKGNAME= php-${PHP_BASE_VERS} +PKGREVISION= 2 CATEGORIES= lang HOMEPAGE= http://www.php.net/ diff --git a/lang/php53/distinfo b/lang/php53/distinfo index dbc29214cb0..652fd2b1acc 100644 --- a/lang/php53/distinfo +++ b/lang/php53/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.65.2.1 2013/07/15 22:32:24 tron Exp $ +$NetBSD: distinfo,v 1.65.2.2 2013/08/25 16:52:09 tron Exp $ SHA1 (php-5.3.27.tar.bz2) = 4f95682940ebe1bc1a93812d593460625a2aae64 RMD160 (php-5.3.27.tar.bz2) = c2887004859f32b25229ffe52d86270c8de194b7 @@ -17,6 +17,7 @@ SHA1 (patch-ah) = 697156508da2d837a1ea1a41f036eab4fb87e94b SHA1 (patch-ai) = 9659f73eef1b4fcca9b844bdaa785ac6d5e582a1 SHA1 (patch-aj) = 181658ae523bd60f67750566711fc078b49191b7 SHA1 (patch-al) = fe534d7d50a529e3c7d0ffed76afdb70bb55a521 +SHA1 (patch-ext_openssl_openssl.c) = f45f4322ac875db7b0bb86efb7cfda1f659ac6cc SHA1 (patch-ext_standard_basic__functions.c) = 017fd25e646af4d7eb2a0bd13b3c8da34eaee8c5 SHA1 (patch-main_streams_cast.c) = d68b69c9418a8780b1610b8755487771f7c46a5a SHA1 (patch-php__mssql.c) = 524c4e5d7ede0e503049bf1febec58e0c4a29aa4 diff --git a/lang/php53/patches/patch-ext_openssl_openssl.c b/lang/php53/patches/patch-ext_openssl_openssl.c new file mode 100644 index 00000000000..15d0e83bff0 --- /dev/null +++ b/lang/php53/patches/patch-ext_openssl_openssl.c @@ -0,0 +1,114 @@ +$NetBSD: patch-ext_openssl_openssl.c,v 1.2.2.2 2013/08/25 16:52:09 tron Exp $ + +Fix for CVE-2013-4248. + +--- ext/openssl/openssl.c.orig 2013-07-10 17:43:08.000000000 +0000 ++++ ext/openssl/openssl.c +@@ -1326,6 +1326,75 @@ PHP_FUNCTION(openssl_x509_check_private_ + } + /* }}} */ + ++ ++/* Special handling of subjectAltName, see CVE-2013-4073 ++ * Christian Heimes ++ */ ++ ++static int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension) ++{ ++ GENERAL_NAMES *names; ++ const X509V3_EXT_METHOD *method = NULL; ++ long i, length, num; ++ const unsigned char *p; ++ ++ method = X509V3_EXT_get(extension); ++ if (method == NULL) { ++ return -1; ++ } ++ ++ p = extension->value->data; ++ length = extension->value->length; ++ if (method->it) { ++ names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length, ++ ASN1_ITEM_ptr(method->it))); ++ } else { ++ names = (GENERAL_NAMES*)(method->d2i(NULL, &p, length)); ++ } ++ if (names == NULL) { ++ return -1; ++ } ++ ++ num = sk_GENERAL_NAME_num(names); ++ for (i = 0; i < num; i++) { ++ GENERAL_NAME *name; ++ ASN1_STRING *as; ++ name = sk_GENERAL_NAME_value(names, i); ++ switch (name->type) { ++ case GEN_EMAIL: ++ BIO_puts(bio, "email:"); ++ as = name->d.rfc822Name; ++ BIO_write(bio, ASN1_STRING_data(as), ++ ASN1_STRING_length(as)); ++ break; ++ case GEN_DNS: ++ BIO_puts(bio, "DNS:"); ++ as = name->d.dNSName; ++ BIO_write(bio, ASN1_STRING_data(as), ++ ASN1_STRING_length(as)); ++ break; ++ case GEN_URI: ++ BIO_puts(bio, "URI:"); ++ as = name->d.uniformResourceIdentifier; ++ BIO_write(bio, ASN1_STRING_data(as), ++ ASN1_STRING_length(as)); ++ break; ++ default: ++ /* use builtin print for GEN_OTHERNAME, GEN_X400, ++ * GEN_EDIPARTY, GEN_DIRNAME, GEN_IPADD and GEN_RID ++ */ ++ GENERAL_NAME_print(bio, name); ++ } ++ /* trailing ', ' except for last element */ ++ if (i < (num - 1)) { ++ BIO_puts(bio, ", "); ++ } ++ } ++ sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free); ++ ++ return 0; ++} ++ + /* {{{ proto array openssl_x509_parse(mixed x509 [, bool shortnames=true]) + Returns an array of the fields/values of the CERT */ + PHP_FUNCTION(openssl_x509_parse) +@@ -1422,15 +1491,29 @@ PHP_FUNCTION(openssl_x509_parse) + + + for (i = 0; i < X509_get_ext_count(cert); i++) { ++ int nid; + extension = X509_get_ext(cert, i); +- if (OBJ_obj2nid(X509_EXTENSION_get_object(extension)) != NID_undef) { ++ nid = OBJ_obj2nid(X509_EXTENSION_get_object(extension)); ++ if (nid != NID_undef) { + extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension))); + } else { + OBJ_obj2txt(buf, sizeof(buf)-1, X509_EXTENSION_get_object(extension), 1); + extname = buf; + } + bio_out = BIO_new(BIO_s_mem()); +- if (X509V3_EXT_print(bio_out, extension, 0, 0)) { ++ if (nid == NID_subject_alt_name) { ++ if (openssl_x509v3_subjectAltName(bio_out, extension) == 0) { ++ add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1); ++ } else { ++ zval_dtor(return_value); ++ if (certresource == -1 && cert) { ++ X509_free(cert); ++ } ++ BIO_free(bio_out); ++ RETURN_FALSE; ++ } ++ } ++ else if (X509V3_EXT_print(bio_out, extension, 0, 0)) { + BIO_get_mem_ptr(bio_out, &bio_buf); + add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1); + } else { |