Wed Aug 14 15:43:22 2013 UTC ()

Add fix fo openssl, CVE-2013-4073.

Bump PKGREVISION.


(taca)

diff -r1.12 -r1.13 pkgsrc/lang/php54/Makefile
diff -r1.21 -r1.22 pkgsrc/lang/php54/distinfo
diff -r0 -r1.1 pkgsrc/lang/php54/patches/patch-ext_openssl_openssl.c

--- pkgsrc/lang/php54/Attic/Makefile 2013/08/13 10:22:26 1.12
+++ pkgsrc/lang/php54/Attic/Makefile 2013/08/14 15:43:22 1.13

 @@ -1,20 +1,20 @@
-# $NetBSD: Makefile,v 1.12 2013/08/13 10:22:26 joerg Exp $
+# $NetBSD: Makefile,v 1.13 2013/08/14 15:43:22 taca Exp $
+#
 # We can't omit PKGNAME here to handle PKG_OPTIONS.
+#
 PKGNAME=		php-${PHP_BASE_VERS}
-PKGREVISION=		1
+PKGREVISION=		2
 CATEGORIES=		lang
 HOMEPAGE=		http://www.php.net/
 COMMENT=		PHP Hypertext Preprocessor version 5.4
 LICENSE=		php
 TEST_TARGET=		test
 USE_TOOLS+=		gmake lex pkg-config
 LIBTOOL_OVERRIDE=	# empty
 PHP_CHECK_INSTALLED=	No
 PHP_VERSIONS_ACCEPTED=		54

--- pkgsrc/lang/php54/Attic/distinfo 2013/07/29 16:22:38 1.21
+++ pkgsrc/lang/php54/Attic/distinfo 2013/08/14 15:43:22 1.22

 @@ -1,22 +1,23 @@
-$NetBSD: distinfo,v 1.21 2013/07/29 16:22:38 taca Exp $
+$NetBSD: distinfo,v 1.22 2013/08/14 15:43:22 taca Exp $
 SHA1 (php-5.4.17.tar.bz2) = 7151b2cef85aaf3c2109ee28e88d01ddb6274d5b
 RMD160 (php-5.4.17.tar.bz2) = b167420094885593f068bcd3a012452a0156bb5b
 Size (php-5.4.17.tar.bz2) = 11697434 bytes
 SHA1 (patch-acinclude.m4) = afead7122844e8290d9ef4fdb8deec3c40cf0746
 SHA1 (patch-configure) = 5930b32de104cda553c9701086ffdf35a93f8d97
 SHA1 (patch-ext_gd_config.m4) = 2353efe6f25e1081b41d61033c3185cc643c7891
 SHA1 (patch-ext_imap_config.m4) = 01681e8b54ee586ec4db72a5da2d0aec3fa89fcc
 SHA1 (patch-ext_mssql_php__mssql.c) = 732e48b05086180585a3087c2e9737db557dbc3b
 SHA1 (patch-ext_openssl_openssl.c) = 70adfe7d8cd1edb7b222c4e4113c211181203440
 SHA1 (patch-ext_pdo__mysql_config.m4) = 3526e737da25129710218e7141d5a05ae0a51390
 SHA1 (patch-ext_pdo_config.m4) = 26a4ad02e5c6b7a54c3c54a6d026a3ccfed62c59
 SHA1 (patch-ext_phar_Makefile.frag) = 1af23d9135557bc7ba2f3627b317d4cbef37aaba
 SHA1 (patch-ext_phar_phar_phar.php) = 011f2d68048dbc63f5efcab4e23062daa9e8e08c
 SHA1 (patch-ext_standard_basic__functions.c) = 563fe67eb78b786cd46195026381ef22128e0841
 SHA1 (patch-ext_xml_xml.c) = 77785dd4849efe07746061a0b385989b9f7cc1bd
 SHA1 (patch-main_streams_cast.c) = 955aee9efb4868e00fbfc443bb7d92c71844a853
 SHA1 (patch-php.ini-development) = 79512bd276adaed6bcf5f7f28e965f8a6b589add
 SHA1 (patch-php.ini-production) = f5d275abe7668a139999b3607e99f271450f56ae
 SHA1 (patch-run-tests.php) = ff80b8ad52d7c0a43fa318ed9bffca9d7b3e688d
 SHA1 (patch-sapi_cgi_Makefile.frag) = ba16463cc2a350df1db80c78ac9aec44b20d4bfe
 SHA1 (patch-sapi_fpm_php-fpm.conf.in) = 2369bb6a426a7fb47dc73c88f0daa0f6fa67b593

$NetBSD: patch-ext_openssl_openssl.c,v 1.1 2013/08/14 15:43:22 taca Exp $

Fix for CVE-2013-4073.

--- ext/openssl/openssl.c.orig	2013-07-03 06:10:53.000000000 +0000
+++ ext/openssl/openssl.c
@@ -1398,6 +1398,75 @@ PHP_FUNCTION(openssl_x509_check_private_
 }
 /* }}} */
 
+
+/* Special handling of subjectAltName, see CVE-2013-4073
+ * Christian Heimes
+ */
+
+static int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension)
+{
+	GENERAL_NAMES *names;
+	const X509V3_EXT_METHOD *method = NULL;
+	long i, length, num;
+	const unsigned char *p;
+
+	method = X509V3_EXT_get(extension);
+	if (method == NULL) {
+		return -1;
+	}
+
+	p = extension->value->data;
+	length = extension->value->length;
+	if (method->it) {
+		names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length,
+						       ASN1_ITEM_ptr(method->it)));
+	} else {
+		names = (GENERAL_NAMES*)(method->d2i(NULL, &p, length));
+	}
+	if (names == NULL) {
+		return -1;
+	}
+
+	num = sk_GENERAL_NAME_num(names);
+	for (i = 0; i < num; i++) {
+		GENERAL_NAME *name;
+		ASN1_STRING *as;
+		name = sk_GENERAL_NAME_value(names, i);
+		switch (name->type) {
+		case GEN_EMAIL:
+			BIO_puts(bio, "email:");
+			as = name->d.rfc822Name;
+			BIO_write(bio, ASN1_STRING_data(as),
+				  ASN1_STRING_length(as));
+			break;
+		case GEN_DNS:
+			BIO_puts(bio, "DNS:");
+			as = name->d.dNSName;
+			BIO_write(bio, ASN1_STRING_data(as),
+				  ASN1_STRING_length(as));
+			break;
+		case GEN_URI:
+			BIO_puts(bio, "URI:");
+			as = name->d.uniformResourceIdentifier;
+			BIO_write(bio, ASN1_STRING_data(as),
+				  ASN1_STRING_length(as));
+			break;
+		default:
+			/* use builtin print for GEN_OTHERNAME, GEN_X400,
+			 * GEN_EDIPARTY, GEN_DIRNAME, GEN_IPADD and GEN_RID
+			 */
+			GENERAL_NAME_print(bio, name);
+		}
+		/* trailing ', ' except for last element */
+		if (i < (num - 1)) {
+			BIO_puts(bio, ", ");
+		}
+	}
+	sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
+
+	return 0;
+}
+
 /* {{{ proto array openssl_x509_parse(mixed x509 [, bool shortnames=true])
    Returns an array of the fields/values of the CERT */
 PHP_FUNCTION(openssl_x509_parse)
@@ -1494,15 +1563,29 @@ PHP_FUNCTION(openssl_x509_parse)
 
 
 	for (i = 0; i < X509_get_ext_count(cert); i++) {
+		int nid;
 		extension = X509_get_ext(cert, i);
-		if (OBJ_obj2nid(X509_EXTENSION_get_object(extension)) != NID_undef) {
+		nid = OBJ_obj2nid(X509_EXTENSION_get_object(extension));
+		if (nid != NID_undef) {
 			extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension)));
 		} else {
 			OBJ_obj2txt(buf, sizeof(buf)-1, X509_EXTENSION_get_object(extension), 1);
 			extname = buf;
 		}
 		bio_out = BIO_new(BIO_s_mem());
-		if (X509V3_EXT_print(bio_out, extension, 0, 0)) {
+		if (nid == NID_subject_alt_name) {
+			if (openssl_x509v3_subjectAltName(bio_out, extension) == 0) {
+				add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1);
+			} else {
+				zval_dtor(return_value);
+				if (certresource == -1 && cert) {
+					X509_free(cert);
+				}
+				BIO_free(bio_out);
+				RETURN_FALSE;
+			}
+		}
+		else if (X509V3_EXT_print(bio_out, extension, 0, 0)) {
 			BIO_get_mem_ptr(bio_out, &bio_buf);
 			add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1);
 		} else {