Since openssl's security problem has assigned CVE-2013-4248, update comment in the patch file.diff -r1.2 -r1.3 pkgsrc/lang/php55/distinfo
(taca)
@@ -1,23 +1,23 @@ | @@ -1,23 +1,23 @@ | |||
1 | $NetBSD: distinfo,v 1.2 2013/08/14 15:43:40 taca Exp $ | 1 | $NetBSD: distinfo,v 1.3 2013/08/16 00:38:34 taca Exp $ | |
2 | 2 | |||
3 | SHA1 (php-5.5.1.tar.bz2) = b31b6922cb2796a52be9dc6696f31fcbb20ac916 | 3 | SHA1 (php-5.5.1.tar.bz2) = b31b6922cb2796a52be9dc6696f31fcbb20ac916 | |
4 | RMD160 (php-5.5.1.tar.bz2) = fe1e20e59ac366f4c105c1cda22fbfeb98dbebd2 | 4 | RMD160 (php-5.5.1.tar.bz2) = fe1e20e59ac366f4c105c1cda22fbfeb98dbebd2 | |
5 | Size (php-5.5.1.tar.bz2) = 12004597 bytes | 5 | Size (php-5.5.1.tar.bz2) = 12004597 bytes | |
6 | SHA1 (patch-acinclude.m4) = afead7122844e8290d9ef4fdb8deec3c40cf0746 | 6 | SHA1 (patch-acinclude.m4) = afead7122844e8290d9ef4fdb8deec3c40cf0746 | |
7 | SHA1 (patch-configure) = ee537d9b0c5e13bddfbb04e944e81671ccb2ff22 | 7 | SHA1 (patch-configure) = ee537d9b0c5e13bddfbb04e944e81671ccb2ff22 | |
8 | SHA1 (patch-ext_gd_config.m4) = 2353efe6f25e1081b41d61033c3185cc643c7891 | 8 | SHA1 (patch-ext_gd_config.m4) = 2353efe6f25e1081b41d61033c3185cc643c7891 | |
9 | SHA1 (patch-ext_imap_config.m4) = 01681e8b54ee586ec4db72a5da2d0aec3fa89fcc | 9 | SHA1 (patch-ext_imap_config.m4) = 01681e8b54ee586ec4db72a5da2d0aec3fa89fcc | |
10 | SHA1 (patch-ext_mssql_php__mssql.c) = 732e48b05086180585a3087c2e9737db557dbc3b | 10 | SHA1 (patch-ext_mssql_php__mssql.c) = 732e48b05086180585a3087c2e9737db557dbc3b | |
11 | SHA1 (patch-ext_openssl_openssl.c) = da39a3ee5e6b4b0d3255bfef95601890afd80709 | 11 | SHA1 (patch-ext_openssl_openssl.c) = 5413f54cb3ba40b61ba74c4350446120020334a6 | |
12 | SHA1 (patch-ext_pdo__mysql_config.m4) = 3526e737da25129710218e7141d5a05ae0a51390 | 12 | SHA1 (patch-ext_pdo__mysql_config.m4) = 3526e737da25129710218e7141d5a05ae0a51390 | |
13 | SHA1 (patch-ext_pdo_config.m4) = 26a4ad02e5c6b7a54c3c54a6d026a3ccfed62c59 | 13 | SHA1 (patch-ext_pdo_config.m4) = 26a4ad02e5c6b7a54c3c54a6d026a3ccfed62c59 | |
14 | SHA1 (patch-ext_phar_Makefile.frag) = 1af23d9135557bc7ba2f3627b317d4cbef37aaba | 14 | SHA1 (patch-ext_phar_Makefile.frag) = 1af23d9135557bc7ba2f3627b317d4cbef37aaba | |
15 | SHA1 (patch-ext_phar_phar_phar.php) = 011f2d68048dbc63f5efcab4e23062daa9e8e08c | 15 | SHA1 (patch-ext_phar_phar_phar.php) = 011f2d68048dbc63f5efcab4e23062daa9e8e08c | |
16 | SHA1 (patch-ext_standard_basic__functions.c) = 563fe67eb78b786cd46195026381ef22128e0841 | 16 | SHA1 (patch-ext_standard_basic__functions.c) = 563fe67eb78b786cd46195026381ef22128e0841 | |
17 | SHA1 (patch-main_streams_cast.c) = 955aee9efb4868e00fbfc443bb7d92c71844a853 | 17 | SHA1 (patch-main_streams_cast.c) = 955aee9efb4868e00fbfc443bb7d92c71844a853 | |
18 | SHA1 (patch-makedist) = a2a77c3d15a28fee08fdd88f0c9fee6cbec107d8 | 18 | SHA1 (patch-makedist) = a2a77c3d15a28fee08fdd88f0c9fee6cbec107d8 | |
19 | SHA1 (patch-php.ini-development) = 79512bd276adaed6bcf5f7f28e965f8a6b589add | 19 | SHA1 (patch-php.ini-development) = 79512bd276adaed6bcf5f7f28e965f8a6b589add | |
20 | SHA1 (patch-php.ini-production) = f5d275abe7668a139999b3607e99f271450f56ae | 20 | SHA1 (patch-php.ini-production) = f5d275abe7668a139999b3607e99f271450f56ae | |
21 | SHA1 (patch-run-tests.php) = ff80b8ad52d7c0a43fa318ed9bffca9d7b3e688d | 21 | SHA1 (patch-run-tests.php) = ff80b8ad52d7c0a43fa318ed9bffca9d7b3e688d | |
22 | SHA1 (patch-sapi_cgi_Makefile.frag) = 16fc782c309c462d92e72b61d258b9701159748a | 22 | SHA1 (patch-sapi_cgi_Makefile.frag) = 16fc782c309c462d92e72b61d258b9701159748a | |
23 | SHA1 (patch-sapi_fpm_php-fpm.conf.in) = 2369bb6a426a7fb47dc73c88f0daa0f6fa67b593 | 23 | SHA1 (patch-sapi_fpm_php-fpm.conf.in) = 2369bb6a426a7fb47dc73c88f0daa0f6fa67b593 |
@@ -0,0 +1,114 @@ | @@ -0,0 +1,114 @@ | |||
1 | $NetBSD: patch-ext_openssl_openssl.c,v 1.2 2013/08/16 00:38:34 taca Exp $ | |||
2 | ||||
3 | Fix for CVE-2013-4248. | |||
4 | ||||
5 | --- ext/openssl/openssl.c.orig 2013-07-03 06:10:53.000000000 +0000 | |||
6 | +++ ext/openssl/openssl.c | |||
7 | @@ -1398,6 +1398,75 @@ PHP_FUNCTION(openssl_x509_check_private_ | |||
8 | } | |||
9 | /* }}} */ | |||
10 | ||||
11 | + | |||
12 | +/* Special handling of subjectAltName, see CVE-2013-4073 | |||
13 | + * Christian Heimes | |||
14 | + */ | |||
15 | + | |||
16 | +static int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension) | |||
17 | +{ | |||
18 | + GENERAL_NAMES *names; | |||
19 | + const X509V3_EXT_METHOD *method = NULL; | |||
20 | + long i, length, num; | |||
21 | + const unsigned char *p; | |||
22 | + | |||
23 | + method = X509V3_EXT_get(extension); | |||
24 | + if (method == NULL) { | |||
25 | + return -1; | |||
26 | + } | |||
27 | + | |||
28 | + p = extension->value->data; | |||
29 | + length = extension->value->length; | |||
30 | + if (method->it) { | |||
31 | + names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length, | |||
32 | + ASN1_ITEM_ptr(method->it))); | |||
33 | + } else { | |||
34 | + names = (GENERAL_NAMES*)(method->d2i(NULL, &p, length)); | |||
35 | + } | |||
36 | + if (names == NULL) { | |||
37 | + return -1; | |||
38 | + } | |||
39 | + | |||
40 | + num = sk_GENERAL_NAME_num(names); | |||
41 | + for (i = 0; i < num; i++) { | |||
42 | + GENERAL_NAME *name; | |||
43 | + ASN1_STRING *as; | |||
44 | + name = sk_GENERAL_NAME_value(names, i); | |||
45 | + switch (name->type) { | |||
46 | + case GEN_EMAIL: | |||
47 | + BIO_puts(bio, "email:"); | |||
48 | + as = name->d.rfc822Name; | |||
49 | + BIO_write(bio, ASN1_STRING_data(as), | |||
50 | + ASN1_STRING_length(as)); | |||
51 | + break; | |||
52 | + case GEN_DNS: | |||
53 | + BIO_puts(bio, "DNS:"); | |||
54 | + as = name->d.dNSName; | |||
55 | + BIO_write(bio, ASN1_STRING_data(as), | |||
56 | + ASN1_STRING_length(as)); | |||
57 | + break; | |||
58 | + case GEN_URI: | |||
59 | + BIO_puts(bio, "URI:"); | |||
60 | + as = name->d.uniformResourceIdentifier; | |||
61 | + BIO_write(bio, ASN1_STRING_data(as), | |||
62 | + ASN1_STRING_length(as)); | |||
63 | + break; | |||
64 | + default: | |||
65 | + /* use builtin print for GEN_OTHERNAME, GEN_X400, | |||
66 | + * GEN_EDIPARTY, GEN_DIRNAME, GEN_IPADD and GEN_RID | |||
67 | + */ | |||
68 | + GENERAL_NAME_print(bio, name); | |||
69 | + } | |||
70 | + /* trailing ', ' except for last element */ | |||
71 | + if (i < (num - 1)) { | |||
72 | + BIO_puts(bio, ", "); | |||
73 | + } | |||
74 | + } | |||
75 | + sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free); | |||
76 | + | |||
77 | + return 0; | |||
78 | +} | |||
79 | + | |||
80 | /* {{{ proto array openssl_x509_parse(mixed x509 [, bool shortnames=true]) | |||
81 | Returns an array of the fields/values of the CERT */ | |||
82 | PHP_FUNCTION(openssl_x509_parse) | |||
83 | @@ -1494,15 +1563,29 @@ PHP_FUNCTION(openssl_x509_parse) | |||
84 | ||||
85 | ||||
86 | for (i = 0; i < X509_get_ext_count(cert); i++) { | |||
87 | + int nid; | |||
88 | extension = X509_get_ext(cert, i); | |||
89 | - if (OBJ_obj2nid(X509_EXTENSION_get_object(extension)) != NID_undef) { | |||
90 | + nid = OBJ_obj2nid(X509_EXTENSION_get_object(extension)); | |||
91 | + if (nid != NID_undef) { | |||
92 | extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension))); | |||
93 | } else { | |||
94 | OBJ_obj2txt(buf, sizeof(buf)-1, X509_EXTENSION_get_object(extension), 1); | |||
95 | extname = buf; | |||
96 | } | |||
97 | bio_out = BIO_new(BIO_s_mem()); | |||
98 | - if (X509V3_EXT_print(bio_out, extension, 0, 0)) { | |||
99 | + if (nid == NID_subject_alt_name) { | |||
100 | + if (openssl_x509v3_subjectAltName(bio_out, extension) == 0) { | |||
101 | + add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1); | |||
102 | + } else { | |||
103 | + zval_dtor(return_value); | |||
104 | + if (certresource == -1 && cert) { | |||
105 | + X509_free(cert); | |||
106 | + } | |||
107 | + BIO_free(bio_out); | |||
108 | + RETURN_FALSE; | |||
109 | + } | |||
110 | + } | |||
111 | + else if (X509V3_EXT_print(bio_out, extension, 0, 0)) { | |||
112 | BIO_get_mem_ptr(bio_out, &bio_buf); | |||
113 | add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1); | |||
114 | } else { |