svn commit: r336500 - in head: databases/php53-interbase databases/php53-pdo_firebird ftp/php53-curl lang/php53 lang/php53/files security/php53-openssl security/vuxml
Florian Smeets
flo at FreeBSD.org
Sat Dec 14 23:30:39 UTC 2013
Author: flo
Date: Sat Dec 14 23:30:36 2013
New Revision: 336500
URL: http://svnweb.freebsd.org/changeset/ports/336500
Log:
Update to 5.3.28
Security: 47b4e713-6513-11e3-868f-0025905a4771
Deleted:
head/lang/php53/files/patch-ext_openssl_openssl.c
Modified:
head/databases/php53-interbase/Makefile
head/databases/php53-pdo_firebird/Makefile
head/ftp/php53-curl/Makefile
head/lang/php53/Makefile
head/lang/php53/distinfo
head/security/php53-openssl/Makefile
head/security/vuxml/vuln.xml
Modified: head/databases/php53-interbase/Makefile
==============================================================================
--- head/databases/php53-interbase/Makefile Sat Dec 14 23:23:45 2013 (r336499)
+++ head/databases/php53-interbase/Makefile Sat Dec 14 23:30:36 2013 (r336500)
@@ -1,6 +1,5 @@
# $FreeBSD$
-PORTREVISION= 1
CATEGORIES= databases
MASTERDIR= ${.CURDIR}/../../lang/php53
Modified: head/databases/php53-pdo_firebird/Makefile
==============================================================================
--- head/databases/php53-pdo_firebird/Makefile Sat Dec 14 23:23:45 2013 (r336499)
+++ head/databases/php53-pdo_firebird/Makefile Sat Dec 14 23:30:36 2013 (r336500)
@@ -1,6 +1,5 @@
# $FreeBSD$
-PORTREVISION= 2
CATEGORIES= databases
MASTERDIR= ${.CURDIR}/../../lang/php53
Modified: head/ftp/php53-curl/Makefile
==============================================================================
--- head/ftp/php53-curl/Makefile Sat Dec 14 23:23:45 2013 (r336499)
+++ head/ftp/php53-curl/Makefile Sat Dec 14 23:30:36 2013 (r336500)
@@ -1,7 +1,6 @@
# $FreeBSD$
CATEGORIES= ftp
-PORTREVISION= 1
MASTERDIR= ${.CURDIR}/../../lang/php53
Modified: head/lang/php53/Makefile
==============================================================================
--- head/lang/php53/Makefile Sat Dec 14 23:23:45 2013 (r336499)
+++ head/lang/php53/Makefile Sat Dec 14 23:30:36 2013 (r336500)
@@ -2,7 +2,7 @@
# $FreeBSD$
PORTNAME= php53
-PORTVERSION= 5.3.27
+PORTVERSION= 5.3.28
PORTREVISION?= 0
CATEGORIES?= lang devel www
MASTER_SITES= ${MASTER_SITE_PHP}
Modified: head/lang/php53/distinfo
==============================================================================
--- head/lang/php53/distinfo Sat Dec 14 23:23:45 2013 (r336499)
+++ head/lang/php53/distinfo Sat Dec 14 23:30:36 2013 (r336500)
@@ -1,5 +1,5 @@
-SHA256 (php-5.3.27.tar.bz2) = e12db21c623b82a2244c4dd9b06bb75af20868c1b748a105a6829a5acc36b287
-SIZE (php-5.3.27.tar.bz2) = 11432791
+SHA256 (php-5.3.28.tar.bz2) = 0cac960c651c4fbb3d21cf2f2b279a06e21948fb35a0d1439b97296cac1d8513
+SIZE (php-5.3.28.tar.bz2) = 11051714
SHA256 (suhosin-patch-5.3.x-0.9.10.4.patch.gz) = 694f81a68120df89589d20262389b25431f8f2485b81da7519ffbf39edef14fd
SIZE (suhosin-patch-5.3.x-0.9.10.4.patch.gz) = 40805
SHA256 (php-5.3.x-mail-header.patch) = 5a677448b32d9f592703e2323a33facdb45e5c237dcca04aaea8ec3287f7db84
Modified: head/security/php53-openssl/Makefile
==============================================================================
--- head/security/php53-openssl/Makefile Sat Dec 14 23:23:45 2013 (r336499)
+++ head/security/php53-openssl/Makefile Sat Dec 14 23:30:36 2013 (r336500)
@@ -1,7 +1,5 @@
# $FreeBSD$
-PORTREVISION= 1
-
CATEGORIES= security
MASTERDIR= ${.CURDIR}/../../lang/php53
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Sat Dec 14 23:23:45 2013 (r336499)
+++ head/security/vuxml/vuln.xml Sat Dec 14 23:30:36 2013 (r336500)
@@ -51,6 +51,53 @@ Note: Please add new entries to the beg
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="47b4e713-6513-11e3-868f-0025905a4771">
+ <topic>PHP5 -- memory corruption in openssl_x509_parse()</topic>
+ <affects>
+ <package>
+ <name>php5</name>
+ <range><ge>5.4.0</ge><lt>5.4.23</lt></range>
+ </package>
+ <package>
+ <name>php53</name>
+ <range><lt>5.3.28</lt></range>
+ </package>
+ <package>
+ <name>php55</name>
+ <range><ge>5.5.0</ge><lt>5.5.7</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Stefan Esser reports:</p>
+ <blockquote cite="https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html">
+ <p>The PHP function openssl_x509_parse() uses a helper function
+ called asn1_time_to_time_t() to convert timestamps from ASN1
+ string format into integer timestamp values. The parser within
+ this helper function is not binary safe and can therefore be
+ tricked to write up to five NUL bytes outside of an allocated
+ buffer.</p>
+ <p>This problem can be triggered by x509 certificates that contain
+ NUL bytes in their notBefore and notAfter timestamp fields and
+ leads to a memory corruption that might result in arbitrary
+ code execution.</p>
+ <p>Depending on how openssl_x509_parse() is used within a PHP
+ application the attack requires either a malicious cert signed
+ by a compromised/malicious CA or can be carried out with a
+ self-signed cert.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2013-6420</cvename>
+ <url>https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html</url>
+ </references>
+ <dates>
+ <discovery>2013-12-13</discovery>
+ <entry>2013-12-14</entry>
+ </dates>
+ </vuln>
+
<vuln vid="dd116b19-64b3-11e3-868f-0025905a4771">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-head
mailing list