Update php53 to 5.3.28 (PHP 5.3.28).

12 Dec 2013, PHP 5.3.28

- Openssl:
  . Fixed handling null bytes in subjectAltName (CVE-2013-4073).
    (Christian Heimes)
  . Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420).
    (Stefan Esser).

5 files changed, 9 insertions, 125 deletions

diff --git a/lang/php/phpversion.mk b/lang/php/phpversion.mk
index ec0df9cbc2b..4a1fb831ca4 100644
--- a/lang/php/phpversion.mk
+++ b/lang/php/phpversion.mk
@@ -1,4 +1,4 @@
-# $NetBSD: phpversion.mk,v 1.49 2013/11/16 09:45:26 taca Exp $
+# $NetBSD: phpversion.mk,v 1.50 2013/12/13 15:30:35 taca Exp $
 #
 # This file selects a PHP version, based on the user's preferences and
 # the installed packages. It does not add a dependency on the PHP
@@ -81,7 +81,7 @@
 PHPVERSION_MK=	defined
 
 # Define each PHP's version.
-PHP53_VERSION=	5.3.27
+PHP53_VERSION=	5.3.28
 PHP54_VERSION=	5.4.22
 PHP55_VERSION=	5.5.6
 
diff --git a/lang/php53/Makefile b/lang/php53/Makefile
index e34f8ab6579..c61651fcbe9 100644
--- a/lang/php53/Makefile
+++ b/lang/php53/Makefile
@@ -1,10 +1,9 @@
-# $NetBSD: Makefile,v 1.44 2013/12/05 16:16:40 taca Exp $
+# $NetBSD: Makefile,v 1.45 2013/12/13 15:30:35 taca Exp $
 
 #
 # We can't omit PKGNAME here to handle PKG_OPTIONS.
 #
 PKGNAME=		php-${PHP_BASE_VERS}
-PKGREVISION=		3
 CATEGORIES=		lang
 
 HOMEPAGE=		http://www.php.net/
diff --git a/lang/php53/Makefile.php b/lang/php53/Makefile.php
index f7eab1380e6..3de89a3b7e3 100644
--- a/lang/php53/Makefile.php
+++ b/lang/php53/Makefile.php
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.php,v 1.37 2013/07/21 17:29:47 taca Exp $
+# $NetBSD: Makefile.php,v 1.38 2013/12/13 15:30:35 taca Exp $
 # used by lang/php53/Makefile
 # used by www/ap-php/Makefile
 # used by www/php-fpm/Makefile
@@ -53,7 +53,7 @@ PKG_SUGGESTED_OPTIONS+=	inet6 ssl
 
 .if !empty(PKG_OPTIONS:Msuhosin)
 SUHOSIN_PHPVER=		5.3.25
-.  if ${SUHOSIN_PHPVER} != ${PHP_BASE_VERS} && ${PHP_BASE_VERS} != "5.3.27"
+.  if ${SUHOSIN_PHPVER} != ${PHP_BASE_VERS} && ${PHP_BASE_VERS} != "5.3.28"
 PKG_FAIL_REASON+=	"The suhosin patch is currently not available for"
 PKG_FAIL_REASON+=	"this version of PHP.  You may have to wait until"
 PKG_FAIL_REASON+=	"an updated patch is released or temporarily"
diff --git a/lang/php53/distinfo b/lang/php53/distinfo
index ed7fde9c82c..6afa70308da 100644
--- a/lang/php53/distinfo
+++ b/lang/php53/distinfo
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.69 2013/12/05 16:16:40 taca Exp $
+$NetBSD: distinfo,v 1.70 2013/12/13 15:30:35 taca Exp $
 
-SHA1 (php-5.3.27.tar.bz2) = 4f95682940ebe1bc1a93812d593460625a2aae64
-RMD160 (php-5.3.27.tar.bz2) = c2887004859f32b25229ffe52d86270c8de194b7
-Size (php-5.3.27.tar.bz2) = 11432791 bytes
+SHA1 (php-5.3.28.tar.bz2) = f985ca1f6a5f49ebfb25a08f1837a44c563b31f8
+RMD160 (php-5.3.28.tar.bz2) = e4910c0c365f39a5009807801bd5ee6e25be020d
+Size (php-5.3.28.tar.bz2) = 11051714 bytes
 SHA1 (suhosin-patch-5.3.25-0.9.10.patch.bz2) = ce5883b05daf91e8a44fffbfa4d3989ac3311dd1
 RMD160 (suhosin-patch-5.3.25-0.9.10.patch.bz2) = 6c4d0cfe070802481121be465b66d3cefe44da83
 Size (suhosin-patch-5.3.25-0.9.10.patch.bz2) = 32447 bytes
@@ -19,7 +19,6 @@ SHA1 (patch-aj) = 181658ae523bd60f67750566711fc078b49191b7
 SHA1 (patch-al) = fe534d7d50a529e3c7d0ffed76afdb70bb55a521
 SHA1 (patch-ext_date_lib_parse__iso__intervals.c) = 1243e4cda1d6446ee4f8b6cab61556fa07837139
 SHA1 (patch-ext_date_lib_parse__iso__intervals.re) = 75d4abd666c17d7d5f8a4ee9e489bf2565f83524
-SHA1 (patch-ext_openssl_openssl.c) = f45f4322ac875db7b0bb86efb7cfda1f659ac6cc
 SHA1 (patch-ext_standard_basic__functions.c) = 017fd25e646af4d7eb2a0bd13b3c8da34eaee8c5
 SHA1 (patch-main_streams_cast.c) = d68b69c9418a8780b1610b8755487771f7c46a5a
 SHA1 (patch-php__mssql.c) = 524c4e5d7ede0e503049bf1febec58e0c4a29aa4
diff --git a/lang/php53/patches/patch-ext_openssl_openssl.c b/lang/php53/patches/patch-ext_openssl_openssl.c
deleted file mode 100644
index 577ae4edb2f..00000000000
--- a/lang/php53/patches/patch-ext_openssl_openssl.c
+++ /dev/null
@@ -1,114 +0,0 @@
-$NetBSD: patch-ext_openssl_openssl.c,v 1.2 2013/08/16 00:38:13 taca Exp $
-
-Fix for CVE-2013-4248.
-
---- ext/openssl/openssl.c.orig	2013-07-10 17:43:08.000000000 +0000
-+++ ext/openssl/openssl.c
-@@ -1326,6 +1326,75 @@ PHP_FUNCTION(openssl_x509_check_private_
- }
- /* }}} */
- 
-+
-+/* Special handling of subjectAltName, see CVE-2013-4073
-+ * Christian Heimes
-+ */
-+
-+static int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension)
-+{
-+	GENERAL_NAMES *names;
-+	const X509V3_EXT_METHOD *method = NULL;
-+	long i, length, num;
-+	const unsigned char *p;
-+
-+	method = X509V3_EXT_get(extension);
-+	if (method == NULL) {
-+		return -1;
-+	}
-+
-+	p = extension->value->data;
-+	length = extension->value->length;
-+	if (method->it) {
-+		names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length,
-+						       ASN1_ITEM_ptr(method->it)));
-+	} else {
-+		names = (GENERAL_NAMES*)(method->d2i(NULL, &p, length));
-+	}
-+	if (names == NULL) {
-+		return -1;
-+	}
-+
-+	num = sk_GENERAL_NAME_num(names);
-+	for (i = 0; i < num; i++) {
-+		GENERAL_NAME *name;
-+		ASN1_STRING *as;
-+		name = sk_GENERAL_NAME_value(names, i);
-+		switch (name->type) {
-+		case GEN_EMAIL:
-+			BIO_puts(bio, "email:");
-+			as = name->d.rfc822Name;
-+			BIO_write(bio, ASN1_STRING_data(as),
-+				  ASN1_STRING_length(as));
-+			break;
-+		case GEN_DNS:
-+			BIO_puts(bio, "DNS:");
-+			as = name->d.dNSName;
-+			BIO_write(bio, ASN1_STRING_data(as),
-+				  ASN1_STRING_length(as));
-+			break;
-+		case GEN_URI:
-+			BIO_puts(bio, "URI:");
-+			as = name->d.uniformResourceIdentifier;
-+			BIO_write(bio, ASN1_STRING_data(as),
-+				  ASN1_STRING_length(as));
-+			break;
-+		default:
-+			/* use builtin print for GEN_OTHERNAME, GEN_X400,
-+			 * GEN_EDIPARTY, GEN_DIRNAME, GEN_IPADD and GEN_RID
-+			 */
-+			GENERAL_NAME_print(bio, name);
-+		}
-+		/* trailing ', ' except for last element */
-+		if (i < (num - 1)) {
-+			BIO_puts(bio, ", ");
-+		}
-+	}
-+	sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
-+
-+	return 0;
-+}
-+
- /* {{{ proto array openssl_x509_parse(mixed x509 [, bool shortnames=true])
-    Returns an array of the fields/values of the CERT */
- PHP_FUNCTION(openssl_x509_parse)
-@@ -1422,15 +1491,29 @@ PHP_FUNCTION(openssl_x509_parse)
- 
- 
- 	for (i = 0; i < X509_get_ext_count(cert); i++) {
-+		int nid;
- 		extension = X509_get_ext(cert, i);
--		if (OBJ_obj2nid(X509_EXTENSION_get_object(extension)) != NID_undef) {
-+		nid = OBJ_obj2nid(X509_EXTENSION_get_object(extension));
-+		if (nid != NID_undef) {
- 			extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension)));
- 		} else {
- 			OBJ_obj2txt(buf, sizeof(buf)-1, X509_EXTENSION_get_object(extension), 1);
- 			extname = buf;
- 		}
- 		bio_out = BIO_new(BIO_s_mem());
--		if (X509V3_EXT_print(bio_out, extension, 0, 0)) {
-+		if (nid == NID_subject_alt_name) {
-+			if (openssl_x509v3_subjectAltName(bio_out, extension) == 0) {
-+				add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1);
-+			} else {
-+				zval_dtor(return_value);
-+				if (certresource == -1 && cert) {
-+					X509_free(cert);
-+				}
-+				BIO_free(bio_out);
-+				RETURN_FALSE;
-+			}
-+		}
-+		else if (X509V3_EXT_print(bio_out, extension, 0, 0)) {
- 			BIO_get_mem_ptr(bio_out, &bio_buf);
- 			add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1);
- 		} else {