From 5301bafbfa3d4d0032559076a255d4c26962424c Mon Sep 17 00:00:00 2001 From: taca Date: Fri, 13 Dec 2013 15:30:35 +0000 Subject: Update php53 to 5.3.28 (PHP 5.3.28). 12 Dec 2013, PHP 5.3.28 - Openssl: . Fixed handling null bytes in subjectAltName (CVE-2013-4073). (Christian Heimes) . Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420). (Stefan Esser). --- lang/php/phpversion.mk | 4 +- lang/php53/Makefile | 3 +- lang/php53/Makefile.php | 4 +- lang/php53/distinfo | 9 +- lang/php53/patches/patch-ext_openssl_openssl.c | 114 ------------------------- 5 files changed, 9 insertions(+), 125 deletions(-) delete mode 100644 lang/php53/patches/patch-ext_openssl_openssl.c (limited to 'lang') diff --git a/lang/php/phpversion.mk b/lang/php/phpversion.mk index ec0df9cbc2b..4a1fb831ca4 100644 --- a/lang/php/phpversion.mk +++ b/lang/php/phpversion.mk @@ -1,4 +1,4 @@ -# $NetBSD: phpversion.mk,v 1.49 2013/11/16 09:45:26 taca Exp $ +# $NetBSD: phpversion.mk,v 1.50 2013/12/13 15:30:35 taca Exp $ # # This file selects a PHP version, based on the user's preferences and # the installed packages. It does not add a dependency on the PHP @@ -81,7 +81,7 @@ PHPVERSION_MK= defined # Define each PHP's version. -PHP53_VERSION= 5.3.27 +PHP53_VERSION= 5.3.28 PHP54_VERSION= 5.4.22 PHP55_VERSION= 5.5.6 diff --git a/lang/php53/Makefile b/lang/php53/Makefile index e34f8ab6579..c61651fcbe9 100644 --- a/lang/php53/Makefile +++ b/lang/php53/Makefile @@ -1,10 +1,9 @@ -# $NetBSD: Makefile,v 1.44 2013/12/05 16:16:40 taca Exp $ +# $NetBSD: Makefile,v 1.45 2013/12/13 15:30:35 taca Exp $ # # We can't omit PKGNAME here to handle PKG_OPTIONS. # PKGNAME= php-${PHP_BASE_VERS} -PKGREVISION= 3 CATEGORIES= lang HOMEPAGE= http://www.php.net/ diff --git a/lang/php53/Makefile.php b/lang/php53/Makefile.php index f7eab1380e6..3de89a3b7e3 100644 --- a/lang/php53/Makefile.php +++ b/lang/php53/Makefile.php @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.php,v 1.37 2013/07/21 17:29:47 taca Exp $ +# $NetBSD: Makefile.php,v 1.38 2013/12/13 15:30:35 taca Exp $ # used by lang/php53/Makefile # used by www/ap-php/Makefile # used by www/php-fpm/Makefile @@ -53,7 +53,7 @@ PKG_SUGGESTED_OPTIONS+= inet6 ssl .if !empty(PKG_OPTIONS:Msuhosin) SUHOSIN_PHPVER= 5.3.25 -. if ${SUHOSIN_PHPVER} != ${PHP_BASE_VERS} && ${PHP_BASE_VERS} != "5.3.27" +. if ${SUHOSIN_PHPVER} != ${PHP_BASE_VERS} && ${PHP_BASE_VERS} != "5.3.28" PKG_FAIL_REASON+= "The suhosin patch is currently not available for" PKG_FAIL_REASON+= "this version of PHP. You may have to wait until" PKG_FAIL_REASON+= "an updated patch is released or temporarily" diff --git a/lang/php53/distinfo b/lang/php53/distinfo index ed7fde9c82c..6afa70308da 100644 --- a/lang/php53/distinfo +++ b/lang/php53/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.69 2013/12/05 16:16:40 taca Exp $ +$NetBSD: distinfo,v 1.70 2013/12/13 15:30:35 taca Exp $ -SHA1 (php-5.3.27.tar.bz2) = 4f95682940ebe1bc1a93812d593460625a2aae64 -RMD160 (php-5.3.27.tar.bz2) = c2887004859f32b25229ffe52d86270c8de194b7 -Size (php-5.3.27.tar.bz2) = 11432791 bytes +SHA1 (php-5.3.28.tar.bz2) = f985ca1f6a5f49ebfb25a08f1837a44c563b31f8 +RMD160 (php-5.3.28.tar.bz2) = e4910c0c365f39a5009807801bd5ee6e25be020d +Size (php-5.3.28.tar.bz2) = 11051714 bytes SHA1 (suhosin-patch-5.3.25-0.9.10.patch.bz2) = ce5883b05daf91e8a44fffbfa4d3989ac3311dd1 RMD160 (suhosin-patch-5.3.25-0.9.10.patch.bz2) = 6c4d0cfe070802481121be465b66d3cefe44da83 Size (suhosin-patch-5.3.25-0.9.10.patch.bz2) = 32447 bytes @@ -19,7 +19,6 @@ SHA1 (patch-aj) = 181658ae523bd60f67750566711fc078b49191b7 SHA1 (patch-al) = fe534d7d50a529e3c7d0ffed76afdb70bb55a521 SHA1 (patch-ext_date_lib_parse__iso__intervals.c) = 1243e4cda1d6446ee4f8b6cab61556fa07837139 SHA1 (patch-ext_date_lib_parse__iso__intervals.re) = 75d4abd666c17d7d5f8a4ee9e489bf2565f83524 -SHA1 (patch-ext_openssl_openssl.c) = f45f4322ac875db7b0bb86efb7cfda1f659ac6cc SHA1 (patch-ext_standard_basic__functions.c) = 017fd25e646af4d7eb2a0bd13b3c8da34eaee8c5 SHA1 (patch-main_streams_cast.c) = d68b69c9418a8780b1610b8755487771f7c46a5a SHA1 (patch-php__mssql.c) = 524c4e5d7ede0e503049bf1febec58e0c4a29aa4 diff --git a/lang/php53/patches/patch-ext_openssl_openssl.c b/lang/php53/patches/patch-ext_openssl_openssl.c deleted file mode 100644 index 577ae4edb2f..00000000000 --- a/lang/php53/patches/patch-ext_openssl_openssl.c +++ /dev/null @@ -1,114 +0,0 @@ -$NetBSD: patch-ext_openssl_openssl.c,v 1.2 2013/08/16 00:38:13 taca Exp $ - -Fix for CVE-2013-4248. - ---- ext/openssl/openssl.c.orig 2013-07-10 17:43:08.000000000 +0000 -+++ ext/openssl/openssl.c -@@ -1326,6 +1326,75 @@ PHP_FUNCTION(openssl_x509_check_private_ - } - /* }}} */ - -+ -+/* Special handling of subjectAltName, see CVE-2013-4073 -+ * Christian Heimes -+ */ -+ -+static int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension) -+{ -+ GENERAL_NAMES *names; -+ const X509V3_EXT_METHOD *method = NULL; -+ long i, length, num; -+ const unsigned char *p; -+ -+ method = X509V3_EXT_get(extension); -+ if (method == NULL) { -+ return -1; -+ } -+ -+ p = extension->value->data; -+ length = extension->value->length; -+ if (method->it) { -+ names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length, -+ ASN1_ITEM_ptr(method->it))); -+ } else { -+ names = (GENERAL_NAMES*)(method->d2i(NULL, &p, length)); -+ } -+ if (names == NULL) { -+ return -1; -+ } -+ -+ num = sk_GENERAL_NAME_num(names); -+ for (i = 0; i < num; i++) { -+ GENERAL_NAME *name; -+ ASN1_STRING *as; -+ name = sk_GENERAL_NAME_value(names, i); -+ switch (name->type) { -+ case GEN_EMAIL: -+ BIO_puts(bio, "email:"); -+ as = name->d.rfc822Name; -+ BIO_write(bio, ASN1_STRING_data(as), -+ ASN1_STRING_length(as)); -+ break; -+ case GEN_DNS: -+ BIO_puts(bio, "DNS:"); -+ as = name->d.dNSName; -+ BIO_write(bio, ASN1_STRING_data(as), -+ ASN1_STRING_length(as)); -+ break; -+ case GEN_URI: -+ BIO_puts(bio, "URI:"); -+ as = name->d.uniformResourceIdentifier; -+ BIO_write(bio, ASN1_STRING_data(as), -+ ASN1_STRING_length(as)); -+ break; -+ default: -+ /* use builtin print for GEN_OTHERNAME, GEN_X400, -+ * GEN_EDIPARTY, GEN_DIRNAME, GEN_IPADD and GEN_RID -+ */ -+ GENERAL_NAME_print(bio, name); -+ } -+ /* trailing ', ' except for last element */ -+ if (i < (num - 1)) { -+ BIO_puts(bio, ", "); -+ } -+ } -+ sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free); -+ -+ return 0; -+} -+ - /* {{{ proto array openssl_x509_parse(mixed x509 [, bool shortnames=true]) - Returns an array of the fields/values of the CERT */ - PHP_FUNCTION(openssl_x509_parse) -@@ -1422,15 +1491,29 @@ PHP_FUNCTION(openssl_x509_parse) - - - for (i = 0; i < X509_get_ext_count(cert); i++) { -+ int nid; - extension = X509_get_ext(cert, i); -- if (OBJ_obj2nid(X509_EXTENSION_get_object(extension)) != NID_undef) { -+ nid = OBJ_obj2nid(X509_EXTENSION_get_object(extension)); -+ if (nid != NID_undef) { - extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension))); - } else { - OBJ_obj2txt(buf, sizeof(buf)-1, X509_EXTENSION_get_object(extension), 1); - extname = buf; - } - bio_out = BIO_new(BIO_s_mem()); -- if (X509V3_EXT_print(bio_out, extension, 0, 0)) { -+ if (nid == NID_subject_alt_name) { -+ if (openssl_x509v3_subjectAltName(bio_out, extension) == 0) { -+ add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1); -+ } else { -+ zval_dtor(return_value); -+ if (certresource == -1 && cert) { -+ X509_free(cert); -+ } -+ BIO_free(bio_out); -+ RETURN_FALSE; -+ } -+ } -+ else if (X509V3_EXT_print(bio_out, extension, 0, 0)) { - BIO_get_mem_ptr(bio_out, &bio_buf); - add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1); - } else { -- cgit v1.2.3