Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 14 Dec 2013 23:30:37 +0000 (UTC)
From:      Florian Smeets <flo@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r336500 - in head: databases/php53-interbase databases/php53-pdo_firebird ftp/php53-curl lang/php53 lang/php53/files security/php53-openssl security/vuxml
Message-ID:  <201312142330.rBENUb0T012996@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: flo
Date: Sat Dec 14 23:30:36 2013
New Revision: 336500
URL: http://svnweb.freebsd.org/changeset/ports/336500

Log:
  Update to 5.3.28
  
  Security:	47b4e713-6513-11e3-868f-0025905a4771

Deleted:
  head/lang/php53/files/patch-ext_openssl_openssl.c
Modified:
  head/databases/php53-interbase/Makefile
  head/databases/php53-pdo_firebird/Makefile
  head/ftp/php53-curl/Makefile
  head/lang/php53/Makefile
  head/lang/php53/distinfo
  head/security/php53-openssl/Makefile
  head/security/vuxml/vuln.xml

Modified: head/databases/php53-interbase/Makefile
==============================================================================
--- head/databases/php53-interbase/Makefile	Sat Dec 14 23:23:45 2013	(r336499)
+++ head/databases/php53-interbase/Makefile	Sat Dec 14 23:30:36 2013	(r336500)
@@ -1,6 +1,5 @@
 # $FreeBSD$
 
-PORTREVISION=	1
 CATEGORIES=	databases
 
 MASTERDIR=	${.CURDIR}/../../lang/php53

Modified: head/databases/php53-pdo_firebird/Makefile
==============================================================================
--- head/databases/php53-pdo_firebird/Makefile	Sat Dec 14 23:23:45 2013	(r336499)
+++ head/databases/php53-pdo_firebird/Makefile	Sat Dec 14 23:30:36 2013	(r336500)
@@ -1,6 +1,5 @@
 # $FreeBSD$
 
-PORTREVISION=	2
 CATEGORIES=	databases
 
 MASTERDIR=	${.CURDIR}/../../lang/php53

Modified: head/ftp/php53-curl/Makefile
==============================================================================
--- head/ftp/php53-curl/Makefile	Sat Dec 14 23:23:45 2013	(r336499)
+++ head/ftp/php53-curl/Makefile	Sat Dec 14 23:30:36 2013	(r336500)
@@ -1,7 +1,6 @@
 # $FreeBSD$
 
 CATEGORIES=	ftp
-PORTREVISION=	1
 
 MASTERDIR=	${.CURDIR}/../../lang/php53
 

Modified: head/lang/php53/Makefile
==============================================================================
--- head/lang/php53/Makefile	Sat Dec 14 23:23:45 2013	(r336499)
+++ head/lang/php53/Makefile	Sat Dec 14 23:30:36 2013	(r336500)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	php53
-PORTVERSION=	5.3.27
+PORTVERSION=	5.3.28
 PORTREVISION?=	0
 CATEGORIES?=	lang devel www
 MASTER_SITES=	${MASTER_SITE_PHP}

Modified: head/lang/php53/distinfo
==============================================================================
--- head/lang/php53/distinfo	Sat Dec 14 23:23:45 2013	(r336499)
+++ head/lang/php53/distinfo	Sat Dec 14 23:30:36 2013	(r336500)
@@ -1,5 +1,5 @@
-SHA256 (php-5.3.27.tar.bz2) = e12db21c623b82a2244c4dd9b06bb75af20868c1b748a105a6829a5acc36b287
-SIZE (php-5.3.27.tar.bz2) = 11432791
+SHA256 (php-5.3.28.tar.bz2) = 0cac960c651c4fbb3d21cf2f2b279a06e21948fb35a0d1439b97296cac1d8513
+SIZE (php-5.3.28.tar.bz2) = 11051714
 SHA256 (suhosin-patch-5.3.x-0.9.10.4.patch.gz) = 694f81a68120df89589d20262389b25431f8f2485b81da7519ffbf39edef14fd
 SIZE (suhosin-patch-5.3.x-0.9.10.4.patch.gz) = 40805
 SHA256 (php-5.3.x-mail-header.patch) = 5a677448b32d9f592703e2323a33facdb45e5c237dcca04aaea8ec3287f7db84

Modified: head/security/php53-openssl/Makefile
==============================================================================
--- head/security/php53-openssl/Makefile	Sat Dec 14 23:23:45 2013	(r336499)
+++ head/security/php53-openssl/Makefile	Sat Dec 14 23:30:36 2013	(r336500)
@@ -1,7 +1,5 @@
 # $FreeBSD$
 
-PORTREVISION=	1
-
 CATEGORIES=	security
 
 MASTERDIR=	${.CURDIR}/../../lang/php53

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Sat Dec 14 23:23:45 2013	(r336499)
+++ head/security/vuxml/vuln.xml	Sat Dec 14 23:30:36 2013	(r336500)
@@ -51,6 +51,53 @@ Note:  Please add new entries to the beg
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">;
+  <vuln vid="47b4e713-6513-11e3-868f-0025905a4771">
+    <topic>PHP5 -- memory corruption in openssl_x509_parse()</topic>
+    <affects>
+      <package>
+	<name>php5</name>
+	<range><ge>5.4.0</ge><lt>5.4.23</lt></range>
+      </package>
+      <package>
+	<name>php53</name>
+	<range><lt>5.3.28</lt></range>
+      </package>
+      <package>
+	<name>php55</name>
+	<range><ge>5.5.0</ge><lt>5.5.7</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">;
+	<p>Stefan Esser reports:</p>
+	<blockquote cite="https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html">;
+	  <p>The PHP function openssl_x509_parse() uses a helper function
+	    called asn1_time_to_time_t() to convert timestamps from ASN1
+	    string format into integer timestamp values. The parser within
+	    this helper function is not binary safe and can therefore be
+	    tricked to write up to five NUL bytes outside of an allocated
+	    buffer.</p>
+	  <p>This problem can be triggered by x509 certificates that contain
+	    NUL bytes in their notBefore and notAfter timestamp fields and
+	    leads to a memory corruption that might result in arbitrary
+	    code execution.</p>
+	  <p>Depending on how openssl_x509_parse() is used within a PHP
+	    application the attack requires either a malicious cert signed
+	    by a compromised/malicious CA or can be carried out with a
+	    self-signed cert.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2013-6420</cvename>
+      <url>https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html</url>;
+    </references>
+    <dates>
+      <discovery>2013-12-13</discovery>
+      <entry>2013-12-14</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="dd116b19-64b3-11e3-868f-0025905a4771">
     <topic>mozilla -- multiple vulnerabilities</topic>
     <affects>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201312142330.rBENUb0T012996>