Update to 5.3.28

Security: 47b4e713-6513-11e3-868f-0025905a4771
svn path=/head/; revision=336500
2024-11-21 00:25:50 +00:00 · 2013-12-14 23:30:36 +00:00 · 2013-12-14 23:30:36 +00:00 · 6fbff9d8da · 2021-03-31 03:12:20 +00:00
commit 6fbff9d8da
parent 9f9c07a861
8 changed files with 50 additions and 119 deletions
--- a/databases/php53-interbase/Makefile
+++ b/databases/php53-interbase/Makefile
@ -1,6 +1,5 @@
 # $FreeBSD$

-PORTREVISION=	1
 CATEGORIES=	databases

 MASTERDIR=	${.CURDIR}/../../lang/php53
--- a/databases/php53-pdo_firebird/Makefile
+++ b/databases/php53-pdo_firebird/Makefile
@ -1,6 +1,5 @@
 # $FreeBSD$

-PORTREVISION=	2
 CATEGORIES=	databases

 MASTERDIR=	${.CURDIR}/../../lang/php53
--- a/ftp/php53-curl/Makefile
+++ b/ftp/php53-curl/Makefile
@ -1,7 +1,6 @@
 # $FreeBSD$

 CATEGORIES=	ftp
-PORTREVISION=	1

 MASTERDIR=	${.CURDIR}/../../lang/php53

--- a/lang/php53/Makefile
+++ b/lang/php53/Makefile
@ -2,7 +2,7 @@
 # $FreeBSD$

 PORTNAME=	php53
-PORTVERSION=	5.3.27
+PORTVERSION=	5.3.28
 PORTREVISION?=	0
 CATEGORIES?=	lang devel www
 MASTER_SITES=	${MASTER_SITE_PHP}
--- a/lang/php53/distinfo
+++ b/lang/php53/distinfo
@ -1,5 +1,5 @@
-SHA256 (php-5.3.27.tar.bz2) = e12db21c623b82a2244c4dd9b06bb75af20868c1b748a105a6829a5acc36b287
-SIZE (php-5.3.27.tar.bz2) = 11432791
+SHA256 (php-5.3.28.tar.bz2) = 0cac960c651c4fbb3d21cf2f2b279a06e21948fb35a0d1439b97296cac1d8513
+SIZE (php-5.3.28.tar.bz2) = 11051714
 SHA256 (suhosin-patch-5.3.x-0.9.10.4.patch.gz) = 694f81a68120df89589d20262389b25431f8f2485b81da7519ffbf39edef14fd
 SIZE (suhosin-patch-5.3.x-0.9.10.4.patch.gz) = 40805
 SHA256 (php-5.3.x-mail-header.patch) = 5a677448b32d9f592703e2323a33facdb45e5c237dcca04aaea8ec3287f7db84
--- a/lang/php53/files/patch-ext_openssl_openssl.c
+++ b/lang/php53/files/patch-ext_openssl_openssl.c
@ -1,111 +0,0 @@
-diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index d7ac117..c32748c 100644
--- ext/openssl/openssl.c
-+++ ext/openssl/openssl.c
-@@ -1398,6 +1398,74 @@ PHP_FUNCTION(openssl_x509_check_private_key)
- }
- /* }}} */
- 
-+/* Special handling of subjectAltName, see CVE-2013-4073
-+ * Christian Heimes
-+ */
-+
-+static int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension)
-+{
-+	GENERAL_NAMES *names;
-+	const X509V3_EXT_METHOD *method = NULL;
-+	long i, length, num;
-+	const unsigned char *p;
-+
-+	method = X509V3_EXT_get(extension);
-+	if (method == NULL) {
-+		return -1;
-+	}
-+
-+	p = extension->value->data;
-+	length = extension->value->length;
-+	if (method->it) {
-+		names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length,
-+						       ASN1_ITEM_ptr(method->it)));
-+	} else {
-+		names = (GENERAL_NAMES*)(method->d2i(NULL, &p, length));
-+	}
-+	if (names == NULL) {
-+		return -1;
-+	}
-+
-+	num = sk_GENERAL_NAME_num(names);
-+	for (i = 0; i < num; i++) {
-+			GENERAL_NAME *name;
-+			ASN1_STRING *as;
-+			name = sk_GENERAL_NAME_value(names, i);
-+			switch (name->type) {
-+				case GEN_EMAIL:
-+					BIO_puts(bio, "email:");
-+					as = name->d.rfc822Name;
-+					BIO_write(bio, ASN1_STRING_data(as),
-+						  ASN1_STRING_length(as));
-+					break;
-+				case GEN_DNS:
-+					BIO_puts(bio, "DNS:");
-+					as = name->d.dNSName;
-+					BIO_write(bio, ASN1_STRING_data(as),
-+						  ASN1_STRING_length(as));
-+					break;
-+				case GEN_URI:
-+					BIO_puts(bio, "URI:");
-+					as = name->d.uniformResourceIdentifier;
-+					BIO_write(bio, ASN1_STRING_data(as),
-+						  ASN1_STRING_length(as));
-+					break;
-+				default:
-+					/* use builtin print for GEN_OTHERNAME, GEN_X400,
-+					 * GEN_EDIPARTY, GEN_DIRNAME, GEN_IPADD and GEN_RID
-+					 */
-+					GENERAL_NAME_print(bio, name);
-+			}
-+			/* trailing ', ' except for last element */
-+			if (i < (num - 1)) {
-+				BIO_puts(bio, ", ");
-+			}
-+	}
-+	sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
-+
-+	return 0;
-+}
-+
- /* {{{ proto array openssl_x509_parse(mixed x509 [, bool shortnames=true])
-    Returns an array of the fields/values of the CERT */
- PHP_FUNCTION(openssl_x509_parse)
-@@ -1494,15 +1562,29 @@ PHP_FUNCTION(openssl_x509_parse)
- 
- 
- 	for (i = 0; i < X509_get_ext_count(cert); i++) {
-+		int nid;
- 		extension = X509_get_ext(cert, i);
-		if (OBJ_obj2nid(X509_EXTENSION_get_object(extension)) != NID_undef) {
-+		nid = OBJ_obj2nid(X509_EXTENSION_get_object(extension));
-+		if (nid != NID_undef) {
- 			extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension)));
- 		} else {
- 			OBJ_obj2txt(buf, sizeof(buf)-1, X509_EXTENSION_get_object(extension), 1);
- 			extname = buf;
- 		}
- 		bio_out = BIO_new(BIO_s_mem());
-		if (X509V3_EXT_print(bio_out, extension, 0, 0)) {
-+		if (nid == NID_subject_alt_name) {
-+			if (openssl_x509v3_subjectAltName(bio_out, extension) == 0) {
-+				add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1);
-+			} else {
-+				zval_dtor(return_value);
-+				if (certresource == -1 && cert) {
-+					X509_free(cert);
-+				}
-+				BIO_free(bio_out);
-+				RETURN_FALSE;
-+			}
-+		}
-+		else if (X509V3_EXT_print(bio_out, extension, 0, 0)) {
- 			BIO_get_mem_ptr(bio_out, &bio_buf);
- 			add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1);
- 		} else {
--- a/security/php53-openssl/Makefile
+++ b/security/php53-openssl/Makefile
@ -1,7 +1,5 @@
 # $FreeBSD$

-PORTREVISION=	1
-
 CATEGORIES=	security

 MASTERDIR=	${.CURDIR}/../../lang/php53
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@ -51,6 +51,53 @@ Note:  Please add new entries to the beginning of this file.

 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="47b4e713-6513-11e3-868f-0025905a4771">
+    <topic>PHP5 -- memory corruption in openssl_x509_parse()</topic>
+    <affects>
+      <package>
+	<name>php5</name>
+	<range><ge>5.4.0</ge><lt>5.4.23</lt></range>
+      </package>
+      <package>
+	<name>php53</name>
+	<range><lt>5.3.28</lt></range>
+      </package>
+      <package>
+	<name>php55</name>
+	<range><ge>5.5.0</ge><lt>5.5.7</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Stefan Esser reports:</p>
+	<blockquote cite="https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html">
+	  <p>The PHP function openssl_x509_parse() uses a helper function
+	    called asn1_time_to_time_t() to convert timestamps from ASN1
+	    string format into integer timestamp values. The parser within
+	    this helper function is not binary safe and can therefore be
+	    tricked to write up to five NUL bytes outside of an allocated
+	    buffer.</p>
+	  <p>This problem can be triggered by x509 certificates that contain
+	    NUL bytes in their notBefore and notAfter timestamp fields and
+	    leads to a memory corruption that might result in arbitrary
+	    code execution.</p>
+	  <p>Depending on how openssl_x509_parse() is used within a PHP
+	    application the attack requires either a malicious cert signed
+	    by a compromised/malicious CA or can be carried out with a
+	    self-signed cert.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2013-6420</cvename>
+      <url>https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html</url>
+    </references>
+    <dates>
+      <discovery>2013-12-13</discovery>
+      <entry>2013-12-14</entry>
+    </dates>
+  </vuln>
+
  <vuln vid="dd116b19-64b3-11e3-868f-0025905a4771">
    <topic>mozilla -- multiple vulnerabilities</topic>
    <affects>