Date: Sat, 14 Dec 2013 23:30:37 +0000 (UTC) From: Florian Smeets <flo@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r336500 - in head: databases/php53-interbase databases/php53-pdo_firebird ftp/php53-curl lang/php53 lang/php53/files security/php53-openssl security/vuxml Message-ID: <201312142330.rBENUb0T012996@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: flo Date: Sat Dec 14 23:30:36 2013 New Revision: 336500 URL: http://svnweb.freebsd.org/changeset/ports/336500 Log: Update to 5.3.28 Security: 47b4e713-6513-11e3-868f-0025905a4771 Deleted: head/lang/php53/files/patch-ext_openssl_openssl.c Modified: head/databases/php53-interbase/Makefile head/databases/php53-pdo_firebird/Makefile head/ftp/php53-curl/Makefile head/lang/php53/Makefile head/lang/php53/distinfo head/security/php53-openssl/Makefile head/security/vuxml/vuln.xml Modified: head/databases/php53-interbase/Makefile ============================================================================== --- head/databases/php53-interbase/Makefile Sat Dec 14 23:23:45 2013 (r336499) +++ head/databases/php53-interbase/Makefile Sat Dec 14 23:30:36 2013 (r336500) @@ -1,6 +1,5 @@ # $FreeBSD$ -PORTREVISION= 1 CATEGORIES= databases MASTERDIR= ${.CURDIR}/../../lang/php53 Modified: head/databases/php53-pdo_firebird/Makefile ============================================================================== --- head/databases/php53-pdo_firebird/Makefile Sat Dec 14 23:23:45 2013 (r336499) +++ head/databases/php53-pdo_firebird/Makefile Sat Dec 14 23:30:36 2013 (r336500) @@ -1,6 +1,5 @@ # $FreeBSD$ -PORTREVISION= 2 CATEGORIES= databases MASTERDIR= ${.CURDIR}/../../lang/php53 Modified: head/ftp/php53-curl/Makefile ============================================================================== --- head/ftp/php53-curl/Makefile Sat Dec 14 23:23:45 2013 (r336499) +++ head/ftp/php53-curl/Makefile Sat Dec 14 23:30:36 2013 (r336500) @@ -1,7 +1,6 @@ # $FreeBSD$ CATEGORIES= ftp -PORTREVISION= 1 MASTERDIR= ${.CURDIR}/../../lang/php53 Modified: head/lang/php53/Makefile ============================================================================== --- head/lang/php53/Makefile Sat Dec 14 23:23:45 2013 (r336499) +++ head/lang/php53/Makefile Sat Dec 14 23:30:36 2013 (r336500) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= php53 -PORTVERSION= 5.3.27 +PORTVERSION= 5.3.28 PORTREVISION?= 0 CATEGORIES?= lang devel www MASTER_SITES= ${MASTER_SITE_PHP} Modified: head/lang/php53/distinfo ============================================================================== --- head/lang/php53/distinfo Sat Dec 14 23:23:45 2013 (r336499) +++ head/lang/php53/distinfo Sat Dec 14 23:30:36 2013 (r336500) @@ -1,5 +1,5 @@ -SHA256 (php-5.3.27.tar.bz2) = e12db21c623b82a2244c4dd9b06bb75af20868c1b748a105a6829a5acc36b287 -SIZE (php-5.3.27.tar.bz2) = 11432791 +SHA256 (php-5.3.28.tar.bz2) = 0cac960c651c4fbb3d21cf2f2b279a06e21948fb35a0d1439b97296cac1d8513 +SIZE (php-5.3.28.tar.bz2) = 11051714 SHA256 (suhosin-patch-5.3.x-0.9.10.4.patch.gz) = 694f81a68120df89589d20262389b25431f8f2485b81da7519ffbf39edef14fd SIZE (suhosin-patch-5.3.x-0.9.10.4.patch.gz) = 40805 SHA256 (php-5.3.x-mail-header.patch) = 5a677448b32d9f592703e2323a33facdb45e5c237dcca04aaea8ec3287f7db84 Modified: head/security/php53-openssl/Makefile ============================================================================== --- head/security/php53-openssl/Makefile Sat Dec 14 23:23:45 2013 (r336499) +++ head/security/php53-openssl/Makefile Sat Dec 14 23:30:36 2013 (r336500) @@ -1,7 +1,5 @@ # $FreeBSD$ -PORTREVISION= 1 - CATEGORIES= security MASTERDIR= ${.CURDIR}/../../lang/php53 Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sat Dec 14 23:23:45 2013 (r336499) +++ head/security/vuxml/vuln.xml Sat Dec 14 23:30:36 2013 (r336500) @@ -51,6 +51,53 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="47b4e713-6513-11e3-868f-0025905a4771"> + <topic>PHP5 -- memory corruption in openssl_x509_parse()</topic> + <affects> + <package> + <name>php5</name> + <range><ge>5.4.0</ge><lt>5.4.23</lt></range> + </package> + <package> + <name>php53</name> + <range><lt>5.3.28</lt></range> + </package> + <package> + <name>php55</name> + <range><ge>5.5.0</ge><lt>5.5.7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Stefan Esser reports:</p> + <blockquote cite="https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html">; + <p>The PHP function openssl_x509_parse() uses a helper function + called asn1_time_to_time_t() to convert timestamps from ASN1 + string format into integer timestamp values. The parser within + this helper function is not binary safe and can therefore be + tricked to write up to five NUL bytes outside of an allocated + buffer.</p> + <p>This problem can be triggered by x509 certificates that contain + NUL bytes in their notBefore and notAfter timestamp fields and + leads to a memory corruption that might result in arbitrary + code execution.</p> + <p>Depending on how openssl_x509_parse() is used within a PHP + application the attack requires either a malicious cert signed + by a compromised/malicious CA or can be carried out with a + self-signed cert.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-6420</cvename> + <url>https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html</url>; + </references> + <dates> + <discovery>2013-12-13</discovery> + <entry>2013-12-14</entry> + </dates> + </vuln> + <vuln vid="dd116b19-64b3-11e3-868f-0025905a4771"> <topic>mozilla -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201312142330.rBENUb0T012996>