From owner-svn-ports-branches@FreeBSD.ORG  Tue Aug 27 12:02:50 2013
Return-Path: <owner-svn-ports-branches@FreeBSD.ORG>
Delivered-To: svn-ports-branches@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id 3E4E45FA;
 Tue, 27 Aug 2013 12:02:50 +0000 (UTC)
 (envelope-from garga@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 1C5162259;
 Tue, 27 Aug 2013 12:02:50 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r7RC2nPT036477;
 Tue, 27 Aug 2013 12:02:49 GMT (envelope-from garga@svn.freebsd.org)
Received: (from garga@localhost)
 by svn.freebsd.org (8.14.7/8.14.5/Submit) id r7RC2ngT036475;
 Tue, 27 Aug 2013 12:02:49 GMT (envelope-from garga@svn.freebsd.org)
Message-Id: <201308271202.r7RC2ngT036475@svn.freebsd.org>
From: Renato Botelho <garga@FreeBSD.org>
Date: Tue, 27 Aug 2013 12:02:49 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-branches@freebsd.org
Subject: svn commit: r325438 - in branches/RELENG_9_2_0: lang/php53/files
 security/php53-openssl
X-SVN-Group: ports-branches
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-branches@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: SVN commit messages for all the branches of the ports tree
 <svn-ports-branches.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-ports-branches>, 
 <mailto:svn-ports-branches-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-branches>
List-Post: <mailto:svn-ports-branches@freebsd.org>
List-Help: <mailto:svn-ports-branches-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-ports-branches>, 
 <mailto:svn-ports-branches-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Aug 2013 12:02:50 -0000

Author: garga
Date: Tue Aug 27 12:02:49 2013
New Revision: 325438
URL: http://svnweb.freebsd.org/changeset/ports/325438

Log:
  MFH 325434:
  
  - Add a patch to fix CVE-2013-4073
  - Bump php53-openssl PORTREVISION
  
  PR:		ports/181546
  Submitted by:	garga@
  Approved by:	portmgr (erwin), flo@ (maintainer)
  Obtained from:	http://git.php.net/?p=php-src.git;a=blobdiff;f=ext/openssl/openssl.c;h=c32748cb6443a4d8e4bb14fe96ad72e32ec8acff;hp=d7ac117e51c8f5d8ab0632c276af48d610b4b19e;hb=2874696a5a8d46639d261571f915c493cd875897;hpb=f4dc2240a048050a87a6e3e31573f13a2256cf2e
  Security:	CVE-2013-4073

Added:
  branches/RELENG_9_2_0/lang/php53/files/patch-ext_openssl_openssl.c
     - copied unchanged from r325434, head/lang/php53/files/patch-ext_openssl_openssl.c
Modified:
  branches/RELENG_9_2_0/security/php53-openssl/Makefile   (contents, props changed)
Directory Properties:
  branches/RELENG_9_2_0/   (props changed)

Copied: branches/RELENG_9_2_0/lang/php53/files/patch-ext_openssl_openssl.c (from r325434, head/lang/php53/files/patch-ext_openssl_openssl.c)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/RELENG_9_2_0/lang/php53/files/patch-ext_openssl_openssl.c	Tue Aug 27 12:02:49 2013	(r325438, copy of r325434, head/lang/php53/files/patch-ext_openssl_openssl.c)
@@ -0,0 +1,111 @@
+diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
+index d7ac117..c32748c 100644
+--- ext/openssl/openssl.c
++++ ext/openssl/openssl.c
+@@ -1398,6 +1398,74 @@ PHP_FUNCTION(openssl_x509_check_private_key)
+ }
+ /* }}} */
+ 
++/* Special handling of subjectAltName, see CVE-2013-4073
++ * Christian Heimes
++ */
++
++static int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension)
++{
++	GENERAL_NAMES *names;
++	const X509V3_EXT_METHOD *method = NULL;
++	long i, length, num;
++	const unsigned char *p;
++
++	method = X509V3_EXT_get(extension);
++	if (method == NULL) {
++		return -1;
++	}
++
++	p = extension->value->data;
++	length = extension->value->length;
++	if (method->it) {
++		names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length,
++						       ASN1_ITEM_ptr(method->it)));
++	} else {
++		names = (GENERAL_NAMES*)(method->d2i(NULL, &p, length));
++	}
++	if (names == NULL) {
++		return -1;
++	}
++
++	num = sk_GENERAL_NAME_num(names);
++	for (i = 0; i < num; i++) {
++			GENERAL_NAME *name;
++			ASN1_STRING *as;
++			name = sk_GENERAL_NAME_value(names, i);
++			switch (name->type) {
++				case GEN_EMAIL:
++					BIO_puts(bio, "email:");
++					as = name->d.rfc822Name;
++					BIO_write(bio, ASN1_STRING_data(as),
++						  ASN1_STRING_length(as));
++					break;
++				case GEN_DNS:
++					BIO_puts(bio, "DNS:");
++					as = name->d.dNSName;
++					BIO_write(bio, ASN1_STRING_data(as),
++						  ASN1_STRING_length(as));
++					break;
++				case GEN_URI:
++					BIO_puts(bio, "URI:");
++					as = name->d.uniformResourceIdentifier;
++					BIO_write(bio, ASN1_STRING_data(as),
++						  ASN1_STRING_length(as));
++					break;
++				default:
++					/* use builtin print for GEN_OTHERNAME, GEN_X400,
++					 * GEN_EDIPARTY, GEN_DIRNAME, GEN_IPADD and GEN_RID
++					 */
++					GENERAL_NAME_print(bio, name);
++			}
++			/* trailing ', ' except for last element */
++			if (i < (num - 1)) {
++				BIO_puts(bio, ", ");
++			}
++	}
++	sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
++
++	return 0;
++}
++
+ /* {{{ proto array openssl_x509_parse(mixed x509 [, bool shortnames=true])
+    Returns an array of the fields/values of the CERT */
+ PHP_FUNCTION(openssl_x509_parse)
+@@ -1494,15 +1562,29 @@ PHP_FUNCTION(openssl_x509_parse)
+ 
+ 
+ 	for (i = 0; i < X509_get_ext_count(cert); i++) {
++		int nid;
+ 		extension = X509_get_ext(cert, i);
+-		if (OBJ_obj2nid(X509_EXTENSION_get_object(extension)) != NID_undef) {
++		nid = OBJ_obj2nid(X509_EXTENSION_get_object(extension));
++		if (nid != NID_undef) {
+ 			extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension)));
+ 		} else {
+ 			OBJ_obj2txt(buf, sizeof(buf)-1, X509_EXTENSION_get_object(extension), 1);
+ 			extname = buf;
+ 		}
+ 		bio_out = BIO_new(BIO_s_mem());
+-		if (X509V3_EXT_print(bio_out, extension, 0, 0)) {
++		if (nid == NID_subject_alt_name) {
++			if (openssl_x509v3_subjectAltName(bio_out, extension) == 0) {
++				add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1);
++			} else {
++				zval_dtor(return_value);
++				if (certresource == -1 && cert) {
++					X509_free(cert);
++				}
++				BIO_free(bio_out);
++				RETURN_FALSE;
++			}
++		}
++		else if (X509V3_EXT_print(bio_out, extension, 0, 0)) {
+ 			BIO_get_mem_ptr(bio_out, &bio_buf);
+ 			add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1);
+ 		} else {

Modified: branches/RELENG_9_2_0/security/php53-openssl/Makefile
==============================================================================
--- branches/RELENG_9_2_0/security/php53-openssl/Makefile	Tue Aug 27 11:39:42 2013	(r325437)
+++ branches/RELENG_9_2_0/security/php53-openssl/Makefile	Tue Aug 27 12:02:49 2013	(r325438)
@@ -5,6 +5,8 @@
 # $FreeBSD$
 #
 
+PORTREVISION=	1
+
 CATEGORIES=	security
 
 MASTERDIR=	${.CURDIR}/../../lang/php53