Since openssl's security problem has assigned CVE-2013-4248, update comment

in the patch file.

6 files changed, 124 insertions, 10 deletions

diff --git a/lang/php53/distinfo b/lang/php53/distinfo
index c3f88b7c811..2b319c58c92 100644
--- a/lang/php53/distinfo
+++ b/lang/php53/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.67 2013/08/14 15:42:56 taca Exp $
+$NetBSD: distinfo,v 1.68 2013/08/16 00:38:13 taca Exp $
 
 SHA1 (php-5.3.27.tar.bz2) = 4f95682940ebe1bc1a93812d593460625a2aae64
 RMD160 (php-5.3.27.tar.bz2) = c2887004859f32b25229ffe52d86270c8de194b7
@@ -17,7 +17,7 @@ SHA1 (patch-ah) = 697156508da2d837a1ea1a41f036eab4fb87e94b
 SHA1 (patch-ai) = 9659f73eef1b4fcca9b844bdaa785ac6d5e582a1
 SHA1 (patch-aj) = 181658ae523bd60f67750566711fc078b49191b7
 SHA1 (patch-al) = fe534d7d50a529e3c7d0ffed76afdb70bb55a521
-SHA1 (patch-ext_openssl_openssl.c) = 1018d60764162ef663089e94d1e133e097f4534c
+SHA1 (patch-ext_openssl_openssl.c) = f45f4322ac875db7b0bb86efb7cfda1f659ac6cc
 SHA1 (patch-ext_standard_basic__functions.c) = 017fd25e646af4d7eb2a0bd13b3c8da34eaee8c5
 SHA1 (patch-main_streams_cast.c) = d68b69c9418a8780b1610b8755487771f7c46a5a
 SHA1 (patch-php__mssql.c) = 524c4e5d7ede0e503049bf1febec58e0c4a29aa4
diff --git a/lang/php53/patches/patch-ext_openssl_openssl.c b/lang/php53/patches/patch-ext_openssl_openssl.c
index 613f8fa2432..577ae4edb2f 100644
--- a/lang/php53/patches/patch-ext_openssl_openssl.c
+++ b/lang/php53/patches/patch-ext_openssl_openssl.c
@@ -1,6 +1,6 @@
-$NetBSD: patch-ext_openssl_openssl.c,v 1.1 2013/08/14 15:42:56 taca Exp $
+$NetBSD: patch-ext_openssl_openssl.c,v 1.2 2013/08/16 00:38:13 taca Exp $
 
-Fix for CVE-2013-4073.
+Fix for CVE-2013-4248.
 
 --- ext/openssl/openssl.c.orig	2013-07-10 17:43:08.000000000 +0000
 +++ ext/openssl/openssl.c
diff --git a/lang/php54/distinfo b/lang/php54/distinfo
index 7b2b275b4c4..39f5c867672 100644
--- a/lang/php54/distinfo
+++ b/lang/php54/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.22 2013/08/14 15:43:22 taca Exp $
+$NetBSD: distinfo,v 1.23 2013/08/16 00:38:24 taca Exp $
 
 SHA1 (php-5.4.17.tar.bz2) = 7151b2cef85aaf3c2109ee28e88d01ddb6274d5b
 RMD160 (php-5.4.17.tar.bz2) = b167420094885593f068bcd3a012452a0156bb5b
@@ -8,7 +8,7 @@ SHA1 (patch-configure) = 5930b32de104cda553c9701086ffdf35a93f8d97
 SHA1 (patch-ext_gd_config.m4) = 2353efe6f25e1081b41d61033c3185cc643c7891
 SHA1 (patch-ext_imap_config.m4) = 01681e8b54ee586ec4db72a5da2d0aec3fa89fcc
 SHA1 (patch-ext_mssql_php__mssql.c) = 732e48b05086180585a3087c2e9737db557dbc3b
-SHA1 (patch-ext_openssl_openssl.c) = 70adfe7d8cd1edb7b222c4e4113c211181203440
+SHA1 (patch-ext_openssl_openssl.c) = 5413f54cb3ba40b61ba74c4350446120020334a6
 SHA1 (patch-ext_pdo__mysql_config.m4) = 3526e737da25129710218e7141d5a05ae0a51390
 SHA1 (patch-ext_pdo_config.m4) = 26a4ad02e5c6b7a54c3c54a6d026a3ccfed62c59
 SHA1 (patch-ext_phar_Makefile.frag) = 1af23d9135557bc7ba2f3627b317d4cbef37aaba
diff --git a/lang/php54/patches/patch-ext_openssl_openssl.c b/lang/php54/patches/patch-ext_openssl_openssl.c
index 14394d2fd8e..75cb407dddd 100644
--- a/lang/php54/patches/patch-ext_openssl_openssl.c
+++ b/lang/php54/patches/patch-ext_openssl_openssl.c
@@ -1,6 +1,6 @@
-$NetBSD: patch-ext_openssl_openssl.c,v 1.1 2013/08/14 15:43:22 taca Exp $
+$NetBSD: patch-ext_openssl_openssl.c,v 1.2 2013/08/16 00:38:24 taca Exp $
 
-Fix for CVE-2013-4073.
+Fix for CVE-2013-4248.
 
 --- ext/openssl/openssl.c.orig	2013-07-03 06:10:53.000000000 +0000
 +++ ext/openssl/openssl.c
diff --git a/lang/php55/distinfo b/lang/php55/distinfo
index cdfc00016b0..c1ebdf083c1 100644
--- a/lang/php55/distinfo
+++ b/lang/php55/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.2 2013/08/14 15:43:40 taca Exp $
+$NetBSD: distinfo,v 1.3 2013/08/16 00:38:34 taca Exp $
 
 SHA1 (php-5.5.1.tar.bz2) = b31b6922cb2796a52be9dc6696f31fcbb20ac916
 RMD160 (php-5.5.1.tar.bz2) = fe1e20e59ac366f4c105c1cda22fbfeb98dbebd2
@@ -8,7 +8,7 @@ SHA1 (patch-configure) = ee537d9b0c5e13bddfbb04e944e81671ccb2ff22
 SHA1 (patch-ext_gd_config.m4) = 2353efe6f25e1081b41d61033c3185cc643c7891
 SHA1 (patch-ext_imap_config.m4) = 01681e8b54ee586ec4db72a5da2d0aec3fa89fcc
 SHA1 (patch-ext_mssql_php__mssql.c) = 732e48b05086180585a3087c2e9737db557dbc3b
-SHA1 (patch-ext_openssl_openssl.c) = da39a3ee5e6b4b0d3255bfef95601890afd80709
+SHA1 (patch-ext_openssl_openssl.c) = 5413f54cb3ba40b61ba74c4350446120020334a6
 SHA1 (patch-ext_pdo__mysql_config.m4) = 3526e737da25129710218e7141d5a05ae0a51390
 SHA1 (patch-ext_pdo_config.m4) = 26a4ad02e5c6b7a54c3c54a6d026a3ccfed62c59
 SHA1 (patch-ext_phar_Makefile.frag) = 1af23d9135557bc7ba2f3627b317d4cbef37aaba
diff --git a/lang/php55/patches/patch-ext_openssl_openssl.c b/lang/php55/patches/patch-ext_openssl_openssl.c
index e69de29bb2d..a6035dd2dac 100644
--- a/lang/php55/patches/patch-ext_openssl_openssl.c
+++ b/lang/php55/patches/patch-ext_openssl_openssl.c
@@ -0,0 +1,114 @@
+$NetBSD: patch-ext_openssl_openssl.c,v 1.2 2013/08/16 00:38:34 taca Exp $
+
+Fix for CVE-2013-4248.
+
+--- ext/openssl/openssl.c.orig	2013-07-03 06:10:53.000000000 +0000
++++ ext/openssl/openssl.c
+@@ -1398,6 +1398,75 @@ PHP_FUNCTION(openssl_x509_check_private_
+ }
+ /* }}} */
+ 
++
++/* Special handling of subjectAltName, see CVE-2013-4073
++ * Christian Heimes
++ */
++
++static int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension)
++{
++	GENERAL_NAMES *names;
++	const X509V3_EXT_METHOD *method = NULL;
++	long i, length, num;
++	const unsigned char *p;
++
++	method = X509V3_EXT_get(extension);
++	if (method == NULL) {
++		return -1;
++	}
++
++	p = extension->value->data;
++	length = extension->value->length;
++	if (method->it) {
++		names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length,
++						       ASN1_ITEM_ptr(method->it)));
++	} else {
++		names = (GENERAL_NAMES*)(method->d2i(NULL, &p, length));
++	}
++	if (names == NULL) {
++		return -1;
++	}
++
++	num = sk_GENERAL_NAME_num(names);
++	for (i = 0; i < num; i++) {
++		GENERAL_NAME *name;
++		ASN1_STRING *as;
++		name = sk_GENERAL_NAME_value(names, i);
++		switch (name->type) {
++		case GEN_EMAIL:
++			BIO_puts(bio, "email:");
++			as = name->d.rfc822Name;
++			BIO_write(bio, ASN1_STRING_data(as),
++				  ASN1_STRING_length(as));
++			break;
++		case GEN_DNS:
++			BIO_puts(bio, "DNS:");
++			as = name->d.dNSName;
++			BIO_write(bio, ASN1_STRING_data(as),
++				  ASN1_STRING_length(as));
++			break;
++		case GEN_URI:
++			BIO_puts(bio, "URI:");
++			as = name->d.uniformResourceIdentifier;
++			BIO_write(bio, ASN1_STRING_data(as),
++				  ASN1_STRING_length(as));
++			break;
++		default:
++			/* use builtin print for GEN_OTHERNAME, GEN_X400,
++			 * GEN_EDIPARTY, GEN_DIRNAME, GEN_IPADD and GEN_RID
++			 */
++			GENERAL_NAME_print(bio, name);
++		}
++		/* trailing ', ' except for last element */
++		if (i < (num - 1)) {
++			BIO_puts(bio, ", ");
++		}
++	}
++	sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
++
++	return 0;
++}
++
+ /* {{{ proto array openssl_x509_parse(mixed x509 [, bool shortnames=true])
+    Returns an array of the fields/values of the CERT */
+ PHP_FUNCTION(openssl_x509_parse)
+@@ -1494,15 +1563,29 @@ PHP_FUNCTION(openssl_x509_parse)
+ 
+ 
+ 	for (i = 0; i < X509_get_ext_count(cert); i++) {
++		int nid;
+ 		extension = X509_get_ext(cert, i);
+-		if (OBJ_obj2nid(X509_EXTENSION_get_object(extension)) != NID_undef) {
++		nid = OBJ_obj2nid(X509_EXTENSION_get_object(extension));
++		if (nid != NID_undef) {
+ 			extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension)));
+ 		} else {
+ 			OBJ_obj2txt(buf, sizeof(buf)-1, X509_EXTENSION_get_object(extension), 1);
+ 			extname = buf;
+ 		}
+ 		bio_out = BIO_new(BIO_s_mem());
+-		if (X509V3_EXT_print(bio_out, extension, 0, 0)) {
++		if (nid == NID_subject_alt_name) {
++			if (openssl_x509v3_subjectAltName(bio_out, extension) == 0) {
++				add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1);
++			} else {
++				zval_dtor(return_value);
++				if (certresource == -1 && cert) {
++					X509_free(cert);
++				}
++				BIO_free(bio_out);
++				RETURN_FALSE;
++			}
++		}
++		else if (X509V3_EXT_print(bio_out, extension, 0, 0)) {
+ 			BIO_get_mem_ptr(bio_out, &bio_buf);
+ 			add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1);
+ 		} else {