Fri Aug 16 00:38:34 2013 UTC ()
Since openssl's security problem has assigned CVE-2013-4248, update comment
in the patch file.


(taca)
diff -r1.2 -r1.3 pkgsrc/lang/php55/distinfo
diff -r1.1 -r1.2 pkgsrc/lang/php55/patches/patch-ext_openssl_openssl.c
cvs diff -r1.2 -r1.3 pkgsrc/lang/php55/Attic/distinfo (expand / switch to unified diff)

--- pkgsrc/lang/php55/Attic/distinfo 2013/08/14 15:43:40 1.2
+++ pkgsrc/lang/php55/Attic/distinfo 2013/08/16 00:38:34 1.3
@@ -1,23 +1,23 @@ @@ -1,23 +1,23 @@
1$NetBSD: distinfo,v 1.2 2013/08/14 15:43:40 taca Exp $ 1$NetBSD: distinfo,v 1.3 2013/08/16 00:38:34 taca Exp $
2 2
3SHA1 (php-5.5.1.tar.bz2) = b31b6922cb2796a52be9dc6696f31fcbb20ac916 3SHA1 (php-5.5.1.tar.bz2) = b31b6922cb2796a52be9dc6696f31fcbb20ac916
4RMD160 (php-5.5.1.tar.bz2) = fe1e20e59ac366f4c105c1cda22fbfeb98dbebd2 4RMD160 (php-5.5.1.tar.bz2) = fe1e20e59ac366f4c105c1cda22fbfeb98dbebd2
5Size (php-5.5.1.tar.bz2) = 12004597 bytes 5Size (php-5.5.1.tar.bz2) = 12004597 bytes
6SHA1 (patch-acinclude.m4) = afead7122844e8290d9ef4fdb8deec3c40cf0746 6SHA1 (patch-acinclude.m4) = afead7122844e8290d9ef4fdb8deec3c40cf0746
7SHA1 (patch-configure) = ee537d9b0c5e13bddfbb04e944e81671ccb2ff22 7SHA1 (patch-configure) = ee537d9b0c5e13bddfbb04e944e81671ccb2ff22
8SHA1 (patch-ext_gd_config.m4) = 2353efe6f25e1081b41d61033c3185cc643c7891 8SHA1 (patch-ext_gd_config.m4) = 2353efe6f25e1081b41d61033c3185cc643c7891
9SHA1 (patch-ext_imap_config.m4) = 01681e8b54ee586ec4db72a5da2d0aec3fa89fcc 9SHA1 (patch-ext_imap_config.m4) = 01681e8b54ee586ec4db72a5da2d0aec3fa89fcc
10SHA1 (patch-ext_mssql_php__mssql.c) = 732e48b05086180585a3087c2e9737db557dbc3b 10SHA1 (patch-ext_mssql_php__mssql.c) = 732e48b05086180585a3087c2e9737db557dbc3b
11SHA1 (patch-ext_openssl_openssl.c) = da39a3ee5e6b4b0d3255bfef95601890afd80709 11SHA1 (patch-ext_openssl_openssl.c) = 5413f54cb3ba40b61ba74c4350446120020334a6
12SHA1 (patch-ext_pdo__mysql_config.m4) = 3526e737da25129710218e7141d5a05ae0a51390 12SHA1 (patch-ext_pdo__mysql_config.m4) = 3526e737da25129710218e7141d5a05ae0a51390
13SHA1 (patch-ext_pdo_config.m4) = 26a4ad02e5c6b7a54c3c54a6d026a3ccfed62c59 13SHA1 (patch-ext_pdo_config.m4) = 26a4ad02e5c6b7a54c3c54a6d026a3ccfed62c59
14SHA1 (patch-ext_phar_Makefile.frag) = 1af23d9135557bc7ba2f3627b317d4cbef37aaba 14SHA1 (patch-ext_phar_Makefile.frag) = 1af23d9135557bc7ba2f3627b317d4cbef37aaba
15SHA1 (patch-ext_phar_phar_phar.php) = 011f2d68048dbc63f5efcab4e23062daa9e8e08c 15SHA1 (patch-ext_phar_phar_phar.php) = 011f2d68048dbc63f5efcab4e23062daa9e8e08c
16SHA1 (patch-ext_standard_basic__functions.c) = 563fe67eb78b786cd46195026381ef22128e0841 16SHA1 (patch-ext_standard_basic__functions.c) = 563fe67eb78b786cd46195026381ef22128e0841
17SHA1 (patch-main_streams_cast.c) = 955aee9efb4868e00fbfc443bb7d92c71844a853 17SHA1 (patch-main_streams_cast.c) = 955aee9efb4868e00fbfc443bb7d92c71844a853
18SHA1 (patch-makedist) = a2a77c3d15a28fee08fdd88f0c9fee6cbec107d8 18SHA1 (patch-makedist) = a2a77c3d15a28fee08fdd88f0c9fee6cbec107d8
19SHA1 (patch-php.ini-development) = 79512bd276adaed6bcf5f7f28e965f8a6b589add 19SHA1 (patch-php.ini-development) = 79512bd276adaed6bcf5f7f28e965f8a6b589add
20SHA1 (patch-php.ini-production) = f5d275abe7668a139999b3607e99f271450f56ae 20SHA1 (patch-php.ini-production) = f5d275abe7668a139999b3607e99f271450f56ae
21SHA1 (patch-run-tests.php) = ff80b8ad52d7c0a43fa318ed9bffca9d7b3e688d 21SHA1 (patch-run-tests.php) = ff80b8ad52d7c0a43fa318ed9bffca9d7b3e688d
22SHA1 (patch-sapi_cgi_Makefile.frag) = 16fc782c309c462d92e72b61d258b9701159748a 22SHA1 (patch-sapi_cgi_Makefile.frag) = 16fc782c309c462d92e72b61d258b9701159748a
23SHA1 (patch-sapi_fpm_php-fpm.conf.in) = 2369bb6a426a7fb47dc73c88f0daa0f6fa67b593 23SHA1 (patch-sapi_fpm_php-fpm.conf.in) = 2369bb6a426a7fb47dc73c88f0daa0f6fa67b593
cvs diff -r1.1 -r1.2 pkgsrc/lang/php55/patches/Attic/patch-ext_openssl_openssl.c (expand / switch to unified diff)

--- pkgsrc/lang/php55/patches/Attic/patch-ext_openssl_openssl.c 2013/08/14 15:43:40 1.1
+++ pkgsrc/lang/php55/patches/Attic/patch-ext_openssl_openssl.c 2013/08/16 00:38:34 1.2
@@ -0,0 +1,114 @@ @@ -0,0 +1,114 @@
 1$NetBSD: patch-ext_openssl_openssl.c,v 1.2 2013/08/16 00:38:34 taca Exp $
 2
 3Fix for CVE-2013-4248.
 4
 5--- ext/openssl/openssl.c.orig 2013-07-03 06:10:53.000000000 +0000
 6+++ ext/openssl/openssl.c
 7@@ -1398,6 +1398,75 @@ PHP_FUNCTION(openssl_x509_check_private_
 8 }
 9 /* }}} */
 10
 11+
 12+/* Special handling of subjectAltName, see CVE-2013-4073
 13+ * Christian Heimes
 14+ */
 15+
 16+static int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension)
 17+{
 18+ GENERAL_NAMES *names;
 19+ const X509V3_EXT_METHOD *method = NULL;
 20+ long i, length, num;
 21+ const unsigned char *p;
 22+
 23+ method = X509V3_EXT_get(extension);
 24+ if (method == NULL) {
 25+ return -1;
 26+ }
 27+
 28+ p = extension->value->data;
 29+ length = extension->value->length;
 30+ if (method->it) {
 31+ names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length,
 32+ ASN1_ITEM_ptr(method->it)));
 33+ } else {
 34+ names = (GENERAL_NAMES*)(method->d2i(NULL, &p, length));
 35+ }
 36+ if (names == NULL) {
 37+ return -1;
 38+ }
 39+
 40+ num = sk_GENERAL_NAME_num(names);
 41+ for (i = 0; i < num; i++) {
 42+ GENERAL_NAME *name;
 43+ ASN1_STRING *as;
 44+ name = sk_GENERAL_NAME_value(names, i);
 45+ switch (name->type) {
 46+ case GEN_EMAIL:
 47+ BIO_puts(bio, "email:");
 48+ as = name->d.rfc822Name;
 49+ BIO_write(bio, ASN1_STRING_data(as),
 50+ ASN1_STRING_length(as));
 51+ break;
 52+ case GEN_DNS:
 53+ BIO_puts(bio, "DNS:");
 54+ as = name->d.dNSName;
 55+ BIO_write(bio, ASN1_STRING_data(as),
 56+ ASN1_STRING_length(as));
 57+ break;
 58+ case GEN_URI:
 59+ BIO_puts(bio, "URI:");
 60+ as = name->d.uniformResourceIdentifier;
 61+ BIO_write(bio, ASN1_STRING_data(as),
 62+ ASN1_STRING_length(as));
 63+ break;
 64+ default:
 65+ /* use builtin print for GEN_OTHERNAME, GEN_X400,
 66+ * GEN_EDIPARTY, GEN_DIRNAME, GEN_IPADD and GEN_RID
 67+ */
 68+ GENERAL_NAME_print(bio, name);
 69+ }
 70+ /* trailing ', ' except for last element */
 71+ if (i < (num - 1)) {
 72+ BIO_puts(bio, ", ");
 73+ }
 74+ }
 75+ sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
 76+
 77+ return 0;
 78+}
 79+
 80 /* {{{ proto array openssl_x509_parse(mixed x509 [, bool shortnames=true])
 81 Returns an array of the fields/values of the CERT */
 82 PHP_FUNCTION(openssl_x509_parse)
 83@@ -1494,15 +1563,29 @@ PHP_FUNCTION(openssl_x509_parse)
 84
 85
 86 for (i = 0; i < X509_get_ext_count(cert); i++) {
 87+ int nid;
 88 extension = X509_get_ext(cert, i);
 89- if (OBJ_obj2nid(X509_EXTENSION_get_object(extension)) != NID_undef) {
 90+ nid = OBJ_obj2nid(X509_EXTENSION_get_object(extension));
 91+ if (nid != NID_undef) {
 92 extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension)));
 93 } else {
 94 OBJ_obj2txt(buf, sizeof(buf)-1, X509_EXTENSION_get_object(extension), 1);
 95 extname = buf;
 96 }
 97 bio_out = BIO_new(BIO_s_mem());
 98- if (X509V3_EXT_print(bio_out, extension, 0, 0)) {
 99+ if (nid == NID_subject_alt_name) {
 100+ if (openssl_x509v3_subjectAltName(bio_out, extension) == 0) {
 101+ add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1);
 102+ } else {
 103+ zval_dtor(return_value);
 104+ if (certresource == -1 && cert) {
 105+ X509_free(cert);
 106+ }
 107+ BIO_free(bio_out);
 108+ RETURN_FALSE;
 109+ }
 110+ }
 111+ else if (X509V3_EXT_print(bio_out, extension, 0, 0)) {
 112 BIO_get_mem_ptr(bio_out, &bio_buf);
 113 add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1);
 114 } else {