1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-11-24 00:45:52 +00:00

Update to 5.3.28

Security:	47b4e713-6513-11e3-868f-0025905a4771
This commit is contained in:
Florian Smeets 2013-12-14 23:30:36 +00:00
parent 9f9c07a861
commit 6fbff9d8da
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=336500
8 changed files with 50 additions and 119 deletions

View File

@ -1,6 +1,5 @@
# $FreeBSD$
PORTREVISION= 1
CATEGORIES= databases
MASTERDIR= ${.CURDIR}/../../lang/php53

View File

@ -1,6 +1,5 @@
# $FreeBSD$
PORTREVISION= 2
CATEGORIES= databases
MASTERDIR= ${.CURDIR}/../../lang/php53

View File

@ -1,7 +1,6 @@
# $FreeBSD$
CATEGORIES= ftp
PORTREVISION= 1
MASTERDIR= ${.CURDIR}/../../lang/php53

View File

@ -2,7 +2,7 @@
# $FreeBSD$
PORTNAME= php53
PORTVERSION= 5.3.27
PORTVERSION= 5.3.28
PORTREVISION?= 0
CATEGORIES?= lang devel www
MASTER_SITES= ${MASTER_SITE_PHP}

View File

@ -1,5 +1,5 @@
SHA256 (php-5.3.27.tar.bz2) = e12db21c623b82a2244c4dd9b06bb75af20868c1b748a105a6829a5acc36b287
SIZE (php-5.3.27.tar.bz2) = 11432791
SHA256 (php-5.3.28.tar.bz2) = 0cac960c651c4fbb3d21cf2f2b279a06e21948fb35a0d1439b97296cac1d8513
SIZE (php-5.3.28.tar.bz2) = 11051714
SHA256 (suhosin-patch-5.3.x-0.9.10.4.patch.gz) = 694f81a68120df89589d20262389b25431f8f2485b81da7519ffbf39edef14fd
SIZE (suhosin-patch-5.3.x-0.9.10.4.patch.gz) = 40805
SHA256 (php-5.3.x-mail-header.patch) = 5a677448b32d9f592703e2323a33facdb45e5c237dcca04aaea8ec3287f7db84

View File

@ -1,111 +0,0 @@
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index d7ac117..c32748c 100644
--- ext/openssl/openssl.c
+++ ext/openssl/openssl.c
@@ -1398,6 +1398,74 @@ PHP_FUNCTION(openssl_x509_check_private_key)
}
/* }}} */
+/* Special handling of subjectAltName, see CVE-2013-4073
+ * Christian Heimes
+ */
+
+static int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension)
+{
+ GENERAL_NAMES *names;
+ const X509V3_EXT_METHOD *method = NULL;
+ long i, length, num;
+ const unsigned char *p;
+
+ method = X509V3_EXT_get(extension);
+ if (method == NULL) {
+ return -1;
+ }
+
+ p = extension->value->data;
+ length = extension->value->length;
+ if (method->it) {
+ names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length,
+ ASN1_ITEM_ptr(method->it)));
+ } else {
+ names = (GENERAL_NAMES*)(method->d2i(NULL, &p, length));
+ }
+ if (names == NULL) {
+ return -1;
+ }
+
+ num = sk_GENERAL_NAME_num(names);
+ for (i = 0; i < num; i++) {
+ GENERAL_NAME *name;
+ ASN1_STRING *as;
+ name = sk_GENERAL_NAME_value(names, i);
+ switch (name->type) {
+ case GEN_EMAIL:
+ BIO_puts(bio, "email:");
+ as = name->d.rfc822Name;
+ BIO_write(bio, ASN1_STRING_data(as),
+ ASN1_STRING_length(as));
+ break;
+ case GEN_DNS:
+ BIO_puts(bio, "DNS:");
+ as = name->d.dNSName;
+ BIO_write(bio, ASN1_STRING_data(as),
+ ASN1_STRING_length(as));
+ break;
+ case GEN_URI:
+ BIO_puts(bio, "URI:");
+ as = name->d.uniformResourceIdentifier;
+ BIO_write(bio, ASN1_STRING_data(as),
+ ASN1_STRING_length(as));
+ break;
+ default:
+ /* use builtin print for GEN_OTHERNAME, GEN_X400,
+ * GEN_EDIPARTY, GEN_DIRNAME, GEN_IPADD and GEN_RID
+ */
+ GENERAL_NAME_print(bio, name);
+ }
+ /* trailing ', ' except for last element */
+ if (i < (num - 1)) {
+ BIO_puts(bio, ", ");
+ }
+ }
+ sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
+
+ return 0;
+}
+
/* {{{ proto array openssl_x509_parse(mixed x509 [, bool shortnames=true])
Returns an array of the fields/values of the CERT */
PHP_FUNCTION(openssl_x509_parse)
@@ -1494,15 +1562,29 @@ PHP_FUNCTION(openssl_x509_parse)
for (i = 0; i < X509_get_ext_count(cert); i++) {
+ int nid;
extension = X509_get_ext(cert, i);
- if (OBJ_obj2nid(X509_EXTENSION_get_object(extension)) != NID_undef) {
+ nid = OBJ_obj2nid(X509_EXTENSION_get_object(extension));
+ if (nid != NID_undef) {
extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension)));
} else {
OBJ_obj2txt(buf, sizeof(buf)-1, X509_EXTENSION_get_object(extension), 1);
extname = buf;
}
bio_out = BIO_new(BIO_s_mem());
- if (X509V3_EXT_print(bio_out, extension, 0, 0)) {
+ if (nid == NID_subject_alt_name) {
+ if (openssl_x509v3_subjectAltName(bio_out, extension) == 0) {
+ add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1);
+ } else {
+ zval_dtor(return_value);
+ if (certresource == -1 && cert) {
+ X509_free(cert);
+ }
+ BIO_free(bio_out);
+ RETURN_FALSE;
+ }
+ }
+ else if (X509V3_EXT_print(bio_out, extension, 0, 0)) {
BIO_get_mem_ptr(bio_out, &bio_buf);
add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1);
} else {

View File

@ -1,7 +1,5 @@
# $FreeBSD$
PORTREVISION= 1
CATEGORIES= security
MASTERDIR= ${.CURDIR}/../../lang/php53

View File

@ -51,6 +51,53 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
<vuln vid="47b4e713-6513-11e3-868f-0025905a4771">
<topic>PHP5 -- memory corruption in openssl_x509_parse()</topic>
<affects>
<package>
<name>php5</name>
<range><ge>5.4.0</ge><lt>5.4.23</lt></range>
</package>
<package>
<name>php53</name>
<range><lt>5.3.28</lt></range>
</package>
<package>
<name>php55</name>
<range><ge>5.5.0</ge><lt>5.5.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Stefan Esser reports:</p>
<blockquote cite="https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html">
<p>The PHP function openssl_x509_parse() uses a helper function
called asn1_time_to_time_t() to convert timestamps from ASN1
string format into integer timestamp values. The parser within
this helper function is not binary safe and can therefore be
tricked to write up to five NUL bytes outside of an allocated
buffer.</p>
<p>This problem can be triggered by x509 certificates that contain
NUL bytes in their notBefore and notAfter timestamp fields and
leads to a memory corruption that might result in arbitrary
code execution.</p>
<p>Depending on how openssl_x509_parse() is used within a PHP
application the attack requires either a malicious cert signed
by a compromised/malicious CA or can be carried out with a
self-signed cert.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2013-6420</cvename>
<url>https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html</url>
</references>
<dates>
<discovery>2013-12-13</discovery>
<entry>2013-12-14</entry>
</dates>
</vuln>
<vuln vid="dd116b19-64b3-11e3-868f-0025905a4771">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>