From owner-freebsd-ports-bugs@FreeBSD.ORG Mon Aug 26 11:10:00 2013 Return-Path: Delivered-To: freebsd-ports-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 7F38E968 for ; Mon, 26 Aug 2013 11:10:00 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 5DA6B29E0 for ; Mon, 26 Aug 2013 11:10:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r7QBA0Fu068367 for ; Mon, 26 Aug 2013 11:10:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r7QBA0ZO068366; Mon, 26 Aug 2013 11:10:00 GMT (envelope-from gnats) Resent-Date: Mon, 26 Aug 2013 11:10:00 GMT Resent-Message-Id: <201308261110.r7QBA0ZO068366@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Renato Botelho Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 9452166A for ; Mon, 26 Aug 2013 11:08:28 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from oldred.freebsd.org (oldred.freebsd.org [8.8.178.121]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 828EF2987 for ; Mon, 26 Aug 2013 11:08:28 +0000 (UTC) Received: from oldred.freebsd.org ([127.0.1.6]) by oldred.freebsd.org (8.14.5/8.14.7) with ESMTP id r7QB8SKA090635 for ; Mon, 26 Aug 2013 11:08:28 GMT (envelope-from nobody@oldred.freebsd.org) Received: (from nobody@localhost) by oldred.freebsd.org (8.14.5/8.14.5/Submit) id r7QB8SHb090632; Mon, 26 Aug 2013 11:08:28 GMT (envelope-from nobody) Message-Id: <201308261108.r7QB8SHb090632@oldred.freebsd.org> Date: Mon, 26 Aug 2013 11:08:28 GMT From: Renato Botelho To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Subject: ports/181546: security/php53-openssl: Fix CVE-2013-4073 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Aug 2013 11:10:00 -0000 >Number: 181546 >Category: ports >Synopsis: security/php53-openssl: Fix CVE-2013-4073 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Aug 26 11:10:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Renato Botelho >Release: 10-current >Organization: ESF >Environment: FreeBSD fbsd1 10.0-CURRENT FreeBSD 10.0-CURRENT #0 r253541: Mon Jul 22 15:34:57 BRT 2013 root@fbsd1:/usr/obj/usr/src/sys/GARGA amd64 >Description: Add a patch to fix CVE-2013-4248 [1], it was obtained from [2]. Bump security/php53-openssl PORTREVISION. [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4248 [2] http://git.php.net/?p=php-src.git;a=blobdiff;f=ext/openssl/openssl.c;h=c32748cb6443a4d8e4bb14fe96ad72e32ec8acff;hp=d7ac117e51c8f5d8ab0632c276af48d610b4b19e;hb=2874696a5a8d46639d261571f915c493cd875897;hpb=f4dc2240a048050a87a6e3e31573f13a2256cf2e >How-To-Repeat: >Fix: Patch attached with submission follows: Index: lang/php53/files/patch-ext_openssl_openssl.c =================================================================== --- lang/php53/files/patch-ext_openssl_openssl.c (revision 0) +++ lang/php53/files/patch-ext_openssl_openssl.c (working copy) @@ -0,0 +1,111 @@ +diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c +index d7ac117..c32748c 100644 +--- ext/openssl/openssl.c ++++ ext/openssl/openssl.c +@@ -1398,6 +1398,74 @@ PHP_FUNCTION(openssl_x509_check_private_key) + } + /* }}} */ + ++/* Special handling of subjectAltName, see CVE-2013-4073 ++ * Christian Heimes ++ */ ++ ++static int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension) ++{ ++ GENERAL_NAMES *names; ++ const X509V3_EXT_METHOD *method = NULL; ++ long i, length, num; ++ const unsigned char *p; ++ ++ method = X509V3_EXT_get(extension); ++ if (method == NULL) { ++ return -1; ++ } ++ ++ p = extension->value->data; ++ length = extension->value->length; ++ if (method->it) { ++ names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length, ++ ASN1_ITEM_ptr(method->it))); ++ } else { ++ names = (GENERAL_NAMES*)(method->d2i(NULL, &p, length)); ++ } ++ if (names == NULL) { ++ return -1; ++ } ++ ++ num = sk_GENERAL_NAME_num(names); ++ for (i = 0; i < num; i++) { ++ GENERAL_NAME *name; ++ ASN1_STRING *as; ++ name = sk_GENERAL_NAME_value(names, i); ++ switch (name->type) { ++ case GEN_EMAIL: ++ BIO_puts(bio, "email:"); ++ as = name->d.rfc822Name; ++ BIO_write(bio, ASN1_STRING_data(as), ++ ASN1_STRING_length(as)); ++ break; ++ case GEN_DNS: ++ BIO_puts(bio, "DNS:"); ++ as = name->d.dNSName; ++ BIO_write(bio, ASN1_STRING_data(as), ++ ASN1_STRING_length(as)); ++ break; ++ case GEN_URI: ++ BIO_puts(bio, "URI:"); ++ as = name->d.uniformResourceIdentifier; ++ BIO_write(bio, ASN1_STRING_data(as), ++ ASN1_STRING_length(as)); ++ break; ++ default: ++ /* use builtin print for GEN_OTHERNAME, GEN_X400, ++ * GEN_EDIPARTY, GEN_DIRNAME, GEN_IPADD and GEN_RID ++ */ ++ GENERAL_NAME_print(bio, name); ++ } ++ /* trailing ', ' except for last element */ ++ if (i < (num - 1)) { ++ BIO_puts(bio, ", "); ++ } ++ } ++ sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free); ++ ++ return 0; ++} ++ + /* {{{ proto array openssl_x509_parse(mixed x509 [, bool shortnames=true]) + Returns an array of the fields/values of the CERT */ + PHP_FUNCTION(openssl_x509_parse) +@@ -1494,15 +1562,29 @@ PHP_FUNCTION(openssl_x509_parse) + + + for (i = 0; i < X509_get_ext_count(cert); i++) { ++ int nid; + extension = X509_get_ext(cert, i); +- if (OBJ_obj2nid(X509_EXTENSION_get_object(extension)) != NID_undef) { ++ nid = OBJ_obj2nid(X509_EXTENSION_get_object(extension)); ++ if (nid != NID_undef) { + extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension))); + } else { + OBJ_obj2txt(buf, sizeof(buf)-1, X509_EXTENSION_get_object(extension), 1); + extname = buf; + } + bio_out = BIO_new(BIO_s_mem()); +- if (X509V3_EXT_print(bio_out, extension, 0, 0)) { ++ if (nid == NID_subject_alt_name) { ++ if (openssl_x509v3_subjectAltName(bio_out, extension) == 0) { ++ add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1); ++ } else { ++ zval_dtor(return_value); ++ if (certresource == -1 && cert) { ++ X509_free(cert); ++ } ++ BIO_free(bio_out); ++ RETURN_FALSE; ++ } ++ } ++ else if (X509V3_EXT_print(bio_out, extension, 0, 0)) { + BIO_get_mem_ptr(bio_out, &bio_buf); + add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1); + } else { Index: security/php53-openssl/Makefile =================================================================== --- security/php53-openssl/Makefile (revision 325383) +++ security/php53-openssl/Makefile (working copy) @@ -5,6 +5,8 @@ # $FreeBSD$ # +PORTREVISION= 1 + CATEGORIES= security MASTERDIR= ${.CURDIR}/../../lang/php53 >Release-Note: >Audit-Trail: >Unformatted: