mirror of
https://git.FreeBSD.org/ports.git
synced 2024-11-24 00:45:52 +00:00
Update to 5.3.28
Security: 47b4e713-6513-11e3-868f-0025905a4771
This commit is contained in:
parent
9f9c07a861
commit
6fbff9d8da
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=336500
@ -1,6 +1,5 @@
|
||||
# $FreeBSD$
|
||||
|
||||
PORTREVISION= 1
|
||||
CATEGORIES= databases
|
||||
|
||||
MASTERDIR= ${.CURDIR}/../../lang/php53
|
||||
|
@ -1,6 +1,5 @@
|
||||
# $FreeBSD$
|
||||
|
||||
PORTREVISION= 2
|
||||
CATEGORIES= databases
|
||||
|
||||
MASTERDIR= ${.CURDIR}/../../lang/php53
|
||||
|
@ -1,7 +1,6 @@
|
||||
# $FreeBSD$
|
||||
|
||||
CATEGORIES= ftp
|
||||
PORTREVISION= 1
|
||||
|
||||
MASTERDIR= ${.CURDIR}/../../lang/php53
|
||||
|
||||
|
@ -2,7 +2,7 @@
|
||||
# $FreeBSD$
|
||||
|
||||
PORTNAME= php53
|
||||
PORTVERSION= 5.3.27
|
||||
PORTVERSION= 5.3.28
|
||||
PORTREVISION?= 0
|
||||
CATEGORIES?= lang devel www
|
||||
MASTER_SITES= ${MASTER_SITE_PHP}
|
||||
|
@ -1,5 +1,5 @@
|
||||
SHA256 (php-5.3.27.tar.bz2) = e12db21c623b82a2244c4dd9b06bb75af20868c1b748a105a6829a5acc36b287
|
||||
SIZE (php-5.3.27.tar.bz2) = 11432791
|
||||
SHA256 (php-5.3.28.tar.bz2) = 0cac960c651c4fbb3d21cf2f2b279a06e21948fb35a0d1439b97296cac1d8513
|
||||
SIZE (php-5.3.28.tar.bz2) = 11051714
|
||||
SHA256 (suhosin-patch-5.3.x-0.9.10.4.patch.gz) = 694f81a68120df89589d20262389b25431f8f2485b81da7519ffbf39edef14fd
|
||||
SIZE (suhosin-patch-5.3.x-0.9.10.4.patch.gz) = 40805
|
||||
SHA256 (php-5.3.x-mail-header.patch) = 5a677448b32d9f592703e2323a33facdb45e5c237dcca04aaea8ec3287f7db84
|
||||
|
@ -1,111 +0,0 @@
|
||||
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
|
||||
index d7ac117..c32748c 100644
|
||||
--- ext/openssl/openssl.c
|
||||
+++ ext/openssl/openssl.c
|
||||
@@ -1398,6 +1398,74 @@ PHP_FUNCTION(openssl_x509_check_private_key)
|
||||
}
|
||||
/* }}} */
|
||||
|
||||
+/* Special handling of subjectAltName, see CVE-2013-4073
|
||||
+ * Christian Heimes
|
||||
+ */
|
||||
+
|
||||
+static int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension)
|
||||
+{
|
||||
+ GENERAL_NAMES *names;
|
||||
+ const X509V3_EXT_METHOD *method = NULL;
|
||||
+ long i, length, num;
|
||||
+ const unsigned char *p;
|
||||
+
|
||||
+ method = X509V3_EXT_get(extension);
|
||||
+ if (method == NULL) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ p = extension->value->data;
|
||||
+ length = extension->value->length;
|
||||
+ if (method->it) {
|
||||
+ names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length,
|
||||
+ ASN1_ITEM_ptr(method->it)));
|
||||
+ } else {
|
||||
+ names = (GENERAL_NAMES*)(method->d2i(NULL, &p, length));
|
||||
+ }
|
||||
+ if (names == NULL) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ num = sk_GENERAL_NAME_num(names);
|
||||
+ for (i = 0; i < num; i++) {
|
||||
+ GENERAL_NAME *name;
|
||||
+ ASN1_STRING *as;
|
||||
+ name = sk_GENERAL_NAME_value(names, i);
|
||||
+ switch (name->type) {
|
||||
+ case GEN_EMAIL:
|
||||
+ BIO_puts(bio, "email:");
|
||||
+ as = name->d.rfc822Name;
|
||||
+ BIO_write(bio, ASN1_STRING_data(as),
|
||||
+ ASN1_STRING_length(as));
|
||||
+ break;
|
||||
+ case GEN_DNS:
|
||||
+ BIO_puts(bio, "DNS:");
|
||||
+ as = name->d.dNSName;
|
||||
+ BIO_write(bio, ASN1_STRING_data(as),
|
||||
+ ASN1_STRING_length(as));
|
||||
+ break;
|
||||
+ case GEN_URI:
|
||||
+ BIO_puts(bio, "URI:");
|
||||
+ as = name->d.uniformResourceIdentifier;
|
||||
+ BIO_write(bio, ASN1_STRING_data(as),
|
||||
+ ASN1_STRING_length(as));
|
||||
+ break;
|
||||
+ default:
|
||||
+ /* use builtin print for GEN_OTHERNAME, GEN_X400,
|
||||
+ * GEN_EDIPARTY, GEN_DIRNAME, GEN_IPADD and GEN_RID
|
||||
+ */
|
||||
+ GENERAL_NAME_print(bio, name);
|
||||
+ }
|
||||
+ /* trailing ', ' except for last element */
|
||||
+ if (i < (num - 1)) {
|
||||
+ BIO_puts(bio, ", ");
|
||||
+ }
|
||||
+ }
|
||||
+ sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
/* {{{ proto array openssl_x509_parse(mixed x509 [, bool shortnames=true])
|
||||
Returns an array of the fields/values of the CERT */
|
||||
PHP_FUNCTION(openssl_x509_parse)
|
||||
@@ -1494,15 +1562,29 @@ PHP_FUNCTION(openssl_x509_parse)
|
||||
|
||||
|
||||
for (i = 0; i < X509_get_ext_count(cert); i++) {
|
||||
+ int nid;
|
||||
extension = X509_get_ext(cert, i);
|
||||
- if (OBJ_obj2nid(X509_EXTENSION_get_object(extension)) != NID_undef) {
|
||||
+ nid = OBJ_obj2nid(X509_EXTENSION_get_object(extension));
|
||||
+ if (nid != NID_undef) {
|
||||
extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension)));
|
||||
} else {
|
||||
OBJ_obj2txt(buf, sizeof(buf)-1, X509_EXTENSION_get_object(extension), 1);
|
||||
extname = buf;
|
||||
}
|
||||
bio_out = BIO_new(BIO_s_mem());
|
||||
- if (X509V3_EXT_print(bio_out, extension, 0, 0)) {
|
||||
+ if (nid == NID_subject_alt_name) {
|
||||
+ if (openssl_x509v3_subjectAltName(bio_out, extension) == 0) {
|
||||
+ add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1);
|
||||
+ } else {
|
||||
+ zval_dtor(return_value);
|
||||
+ if (certresource == -1 && cert) {
|
||||
+ X509_free(cert);
|
||||
+ }
|
||||
+ BIO_free(bio_out);
|
||||
+ RETURN_FALSE;
|
||||
+ }
|
||||
+ }
|
||||
+ else if (X509V3_EXT_print(bio_out, extension, 0, 0)) {
|
||||
BIO_get_mem_ptr(bio_out, &bio_buf);
|
||||
add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1);
|
||||
} else {
|
@ -1,7 +1,5 @@
|
||||
# $FreeBSD$
|
||||
|
||||
PORTREVISION= 1
|
||||
|
||||
CATEGORIES= security
|
||||
|
||||
MASTERDIR= ${.CURDIR}/../../lang/php53
|
||||
|
@ -51,6 +51,53 @@ Note: Please add new entries to the beginning of this file.
|
||||
|
||||
-->
|
||||
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
|
||||
<vuln vid="47b4e713-6513-11e3-868f-0025905a4771">
|
||||
<topic>PHP5 -- memory corruption in openssl_x509_parse()</topic>
|
||||
<affects>
|
||||
<package>
|
||||
<name>php5</name>
|
||||
<range><ge>5.4.0</ge><lt>5.4.23</lt></range>
|
||||
</package>
|
||||
<package>
|
||||
<name>php53</name>
|
||||
<range><lt>5.3.28</lt></range>
|
||||
</package>
|
||||
<package>
|
||||
<name>php55</name>
|
||||
<range><ge>5.5.0</ge><lt>5.5.7</lt></range>
|
||||
</package>
|
||||
</affects>
|
||||
<description>
|
||||
<body xmlns="http://www.w3.org/1999/xhtml">
|
||||
<p>Stefan Esser reports:</p>
|
||||
<blockquote cite="https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html">
|
||||
<p>The PHP function openssl_x509_parse() uses a helper function
|
||||
called asn1_time_to_time_t() to convert timestamps from ASN1
|
||||
string format into integer timestamp values. The parser within
|
||||
this helper function is not binary safe and can therefore be
|
||||
tricked to write up to five NUL bytes outside of an allocated
|
||||
buffer.</p>
|
||||
<p>This problem can be triggered by x509 certificates that contain
|
||||
NUL bytes in their notBefore and notAfter timestamp fields and
|
||||
leads to a memory corruption that might result in arbitrary
|
||||
code execution.</p>
|
||||
<p>Depending on how openssl_x509_parse() is used within a PHP
|
||||
application the attack requires either a malicious cert signed
|
||||
by a compromised/malicious CA or can be carried out with a
|
||||
self-signed cert.</p>
|
||||
</blockquote>
|
||||
</body>
|
||||
</description>
|
||||
<references>
|
||||
<cvename>CVE-2013-6420</cvename>
|
||||
<url>https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html</url>
|
||||
</references>
|
||||
<dates>
|
||||
<discovery>2013-12-13</discovery>
|
||||
<entry>2013-12-14</entry>
|
||||
</dates>
|
||||
</vuln>
|
||||
|
||||
<vuln vid="dd116b19-64b3-11e3-868f-0025905a4771">
|
||||
<topic>mozilla -- multiple vulnerabilities</topic>
|
||||
<affects>
|
||||
|
Loading…
Reference in New Issue
Block a user