From owner-svn-ports-all@FreeBSD.ORG  Sat Dec 14 23:30:39 2013
Return-Path: <owner-svn-ports-all@FreeBSD.ORG>
Delivered-To: svn-ports-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id E7D37CE1;
 Sat, 14 Dec 2013 23:30:38 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id C7A9F16DE;
 Sat, 14 Dec 2013 23:30:38 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id rBENUcvX014557;
 Sat, 14 Dec 2013 23:30:38 GMT (envelope-from flo@svn.freebsd.org)
Received: (from flo@localhost)
 by svn.freebsd.org (8.14.7/8.14.7/Submit) id rBENUb0T012996;
 Sat, 14 Dec 2013 23:30:37 GMT (envelope-from flo@svn.freebsd.org)
Message-Id: <201312142330.rBENUb0T012996@svn.freebsd.org>
From: Florian Smeets <flo@FreeBSD.org>
Date: Sat, 14 Dec 2013 23:30:37 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r336500 - in head: databases/php53-interbase
 databases/php53-pdo_firebird ftp/php53-curl lang/php53 lang/php53/files
 security/php53-openssl security/vuxml
X-SVN-Group: ports-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Dec 2013 23:30:39 -0000

Author: flo
Date: Sat Dec 14 23:30:36 2013
New Revision: 336500
URL: http://svnweb.freebsd.org/changeset/ports/336500

Log:
  Update to 5.3.28
  
  Security:	47b4e713-6513-11e3-868f-0025905a4771

Deleted:
  head/lang/php53/files/patch-ext_openssl_openssl.c
Modified:
  head/databases/php53-interbase/Makefile
  head/databases/php53-pdo_firebird/Makefile
  head/ftp/php53-curl/Makefile
  head/lang/php53/Makefile
  head/lang/php53/distinfo
  head/security/php53-openssl/Makefile
  head/security/vuxml/vuln.xml

Modified: head/databases/php53-interbase/Makefile
==============================================================================
--- head/databases/php53-interbase/Makefile	Sat Dec 14 23:23:45 2013	(r336499)
+++ head/databases/php53-interbase/Makefile	Sat Dec 14 23:30:36 2013	(r336500)
@@ -1,6 +1,5 @@
 # $FreeBSD$
 
-PORTREVISION=	1
 CATEGORIES=	databases
 
 MASTERDIR=	${.CURDIR}/../../lang/php53

Modified: head/databases/php53-pdo_firebird/Makefile
==============================================================================
--- head/databases/php53-pdo_firebird/Makefile	Sat Dec 14 23:23:45 2013	(r336499)
+++ head/databases/php53-pdo_firebird/Makefile	Sat Dec 14 23:30:36 2013	(r336500)
@@ -1,6 +1,5 @@
 # $FreeBSD$
 
-PORTREVISION=	2
 CATEGORIES=	databases
 
 MASTERDIR=	${.CURDIR}/../../lang/php53

Modified: head/ftp/php53-curl/Makefile
==============================================================================
--- head/ftp/php53-curl/Makefile	Sat Dec 14 23:23:45 2013	(r336499)
+++ head/ftp/php53-curl/Makefile	Sat Dec 14 23:30:36 2013	(r336500)
@@ -1,7 +1,6 @@
 # $FreeBSD$
 
 CATEGORIES=	ftp
-PORTREVISION=	1
 
 MASTERDIR=	${.CURDIR}/../../lang/php53
 

Modified: head/lang/php53/Makefile
==============================================================================
--- head/lang/php53/Makefile	Sat Dec 14 23:23:45 2013	(r336499)
+++ head/lang/php53/Makefile	Sat Dec 14 23:30:36 2013	(r336500)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	php53
-PORTVERSION=	5.3.27
+PORTVERSION=	5.3.28
 PORTREVISION?=	0
 CATEGORIES?=	lang devel www
 MASTER_SITES=	${MASTER_SITE_PHP}

Modified: head/lang/php53/distinfo
==============================================================================
--- head/lang/php53/distinfo	Sat Dec 14 23:23:45 2013	(r336499)
+++ head/lang/php53/distinfo	Sat Dec 14 23:30:36 2013	(r336500)
@@ -1,5 +1,5 @@
-SHA256 (php-5.3.27.tar.bz2) = e12db21c623b82a2244c4dd9b06bb75af20868c1b748a105a6829a5acc36b287
-SIZE (php-5.3.27.tar.bz2) = 11432791
+SHA256 (php-5.3.28.tar.bz2) = 0cac960c651c4fbb3d21cf2f2b279a06e21948fb35a0d1439b97296cac1d8513
+SIZE (php-5.3.28.tar.bz2) = 11051714
 SHA256 (suhosin-patch-5.3.x-0.9.10.4.patch.gz) = 694f81a68120df89589d20262389b25431f8f2485b81da7519ffbf39edef14fd
 SIZE (suhosin-patch-5.3.x-0.9.10.4.patch.gz) = 40805
 SHA256 (php-5.3.x-mail-header.patch) = 5a677448b32d9f592703e2323a33facdb45e5c237dcca04aaea8ec3287f7db84

Modified: head/security/php53-openssl/Makefile
==============================================================================
--- head/security/php53-openssl/Makefile	Sat Dec 14 23:23:45 2013	(r336499)
+++ head/security/php53-openssl/Makefile	Sat Dec 14 23:30:36 2013	(r336500)
@@ -1,7 +1,5 @@
 # $FreeBSD$
 
-PORTREVISION=	1
-
 CATEGORIES=	security
 
 MASTERDIR=	${.CURDIR}/../../lang/php53

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Sat Dec 14 23:23:45 2013	(r336499)
+++ head/security/vuxml/vuln.xml	Sat Dec 14 23:30:36 2013	(r336500)
@@ -51,6 +51,53 @@ Note:  Please add new entries to the beg
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="47b4e713-6513-11e3-868f-0025905a4771">
+    <topic>PHP5 -- memory corruption in openssl_x509_parse()</topic>
+    <affects>
+      <package>
+	<name>php5</name>
+	<range><ge>5.4.0</ge><lt>5.4.23</lt></range>
+      </package>
+      <package>
+	<name>php53</name>
+	<range><lt>5.3.28</lt></range>
+      </package>
+      <package>
+	<name>php55</name>
+	<range><ge>5.5.0</ge><lt>5.5.7</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Stefan Esser reports:</p>
+	<blockquote cite="https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html">
+	  <p>The PHP function openssl_x509_parse() uses a helper function
+	    called asn1_time_to_time_t() to convert timestamps from ASN1
+	    string format into integer timestamp values. The parser within
+	    this helper function is not binary safe and can therefore be
+	    tricked to write up to five NUL bytes outside of an allocated
+	    buffer.</p>
+	  <p>This problem can be triggered by x509 certificates that contain
+	    NUL bytes in their notBefore and notAfter timestamp fields and
+	    leads to a memory corruption that might result in arbitrary
+	    code execution.</p>
+	  <p>Depending on how openssl_x509_parse() is used within a PHP
+	    application the attack requires either a malicious cert signed
+	    by a compromised/malicious CA or can be carried out with a
+	    self-signed cert.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2013-6420</cvename>
+      <url>https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html</url>
+    </references>
+    <dates>
+      <discovery>2013-12-13</discovery>
+      <entry>2013-12-14</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="dd116b19-64b3-11e3-868f-0025905a4771">
     <topic>mozilla -- multiple vulnerabilities</topic>
     <affects>