From owner-svn-ports-head@FreeBSD.ORG Wed Feb 4 20:47:07 2015 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 409E46C8; Wed, 4 Feb 2015 20:47:07 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 20FF929C; Wed, 4 Feb 2015 20:47:07 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t14Kl74E049609; Wed, 4 Feb 2015 20:47:07 GMT (envelope-from cy@FreeBSD.org) Received: (from cy@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t14Kl5JU049601; Wed, 4 Feb 2015 20:47:05 GMT (envelope-from cy@FreeBSD.org) Message-Id: <201502042047.t14Kl5JU049601@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: cy set sender to cy@FreeBSD.org using -f From: Cy Schubert Date: Wed, 4 Feb 2015 20:47:05 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r378417 - in head/security: krb5 krb5-111 krb5-112 X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Feb 2015 20:47:07 -0000 Author: cy Date: Wed Feb 4 20:47:04 2015 New Revision: 378417 URL: https://svnweb.freebsd.org/changeset/ports/378417 QAT: https://qat.redports.org/buildarchive/r378417/ Log: Address: krb5 -- Vulnerabilities in kadmind, libgssrpc, gss_process_context_token VU#540092 CVE-2014-5352: gss_process_context_token() incorrectly frees context CVE-2014-9421: kadmind doubly frees partial deserialization results CVE-2014-9422: kadmind incorrectly validates server principal name CVE-2014-9423: libgssrpc server applications leak uninitialized bytes Security: VUXML: 24ce5597-acab-11e4-a847-206a8a720317 Security: MIT KRB5: VU#540092 Security: CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423 Modified: head/security/krb5-111/Makefile head/security/krb5-111/distinfo head/security/krb5-112/Makefile head/security/krb5-112/distinfo head/security/krb5/Makefile head/security/krb5/distinfo Modified: head/security/krb5-111/Makefile ============================================================================== --- head/security/krb5-111/Makefile Wed Feb 4 20:44:21 2015 (r378416) +++ head/security/krb5-111/Makefile Wed Feb 4 20:47:04 2015 (r378417) @@ -3,12 +3,13 @@ PORTNAME= krb5 PORTVERSION= 1.11.5 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/ PKGNAMESUFFIX= -111 DISTNAME= krb5-${PORTVERSION}-signed EXTRACT_SUFX= .tar +PATCHFILES= 2015-001-patch-r111.txt PATCH_SITES= http://web.mit.edu/kerberos/advisories/ PATCH_DIST_STRIP= -p2 Modified: head/security/krb5-111/distinfo ============================================================================== --- head/security/krb5-111/distinfo Wed Feb 4 20:44:21 2015 (r378416) +++ head/security/krb5-111/distinfo Wed Feb 4 20:47:04 2015 (r378417) @@ -1,2 +1,4 @@ SHA256 (krb5-1.11.5-signed.tar) = d3cee29a50b510526fa692c7c23832df60d4d1cfa66de21e288a897bed6b98c2 SIZE (krb5-1.11.5-signed.tar) = 11714560 +SHA256 (2015-001-patch-r111.txt) = d7e1ac2abf76e546680d2789d11aaafe3119a13bbdcd1008b742efea016816e2 +SIZE (2015-001-patch-r111.txt) = 12128 Modified: head/security/krb5-112/Makefile ============================================================================== --- head/security/krb5-112/Makefile Wed Feb 4 20:44:21 2015 (r378416) +++ head/security/krb5-112/Makefile Wed Feb 4 20:47:04 2015 (r378417) @@ -3,11 +3,13 @@ PORTNAME= krb5 PORTVERSION= 1.12.2 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= http://web.mit.edu/kerberos/dist/${PORTNAME}/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/ PKGNAMESUFFIX= -112 DISTNAME= ${PORTNAME}-${PORTVERSION}-signed EXTRACT_SUFX= .tar +PATCHFILES= 2015-001-patch-r112.txt PATCH_SITES= http://web.mit.edu/kerberos/advisories/ PATCH_DIST_STRIP= -p2 Modified: head/security/krb5-112/distinfo ============================================================================== --- head/security/krb5-112/distinfo Wed Feb 4 20:44:21 2015 (r378416) +++ head/security/krb5-112/distinfo Wed Feb 4 20:47:04 2015 (r378417) @@ -1,2 +1,4 @@ SHA256 (krb5-1.12.2-signed.tar) = 09bd180107b5c2b3b7378c57c023fb02a103d4cac39d6f2dd600275d7a4f3744 SIZE (krb5-1.12.2-signed.tar) = 11991040 +SHA256 (2015-001-patch-r112.txt) = 75d1d070293fef7faa2c5ffbe8de4afaefb95449564e7dd5da458588ba637449 +SIZE (2015-001-patch-r112.txt) = 12130 Modified: head/security/krb5/Makefile ============================================================================== --- head/security/krb5/Makefile Wed Feb 4 20:44:21 2015 (r378416) +++ head/security/krb5/Makefile Wed Feb 4 20:47:04 2015 (r378417) @@ -3,10 +3,12 @@ PORTNAME= krb5 PORTVERSION= 1.13 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= http://web.mit.edu/kerberos/dist/${PORTNAME}/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/ DISTNAME= ${PORTNAME}-${PORTVERSION}-signed EXTRACT_SUFX= .tar +PATCHFILES= 2015-001-patch-r113.txt PATCH_SITES= http://web.mit.edu/kerberos/advisories/ PATCH_DIST_STRIP= -p2 @@ -67,7 +69,13 @@ PLIST_SUB+= LDAP="@comment " .endif .if ${PORT_OPTIONS:MREADLINE} +.if ${OSVERSION} >= 1100000 +# libtool has some gas with libreadline in 11-CURRENT. +BUILD_DEPENDS+= ${LOCALBASE}/lib/libreadline.so.6:${PORTSDIR}/devel/readline +LIB_DEPENDS+= ${LOCALBASE}/lib/libreadline.so.6:${PORTSDIR}/devel/readline +.else USES+= readline:port +.endif CONFIGURE_ARGS+= --with-readline .endif Modified: head/security/krb5/distinfo ============================================================================== --- head/security/krb5/distinfo Wed Feb 4 20:44:21 2015 (r378416) +++ head/security/krb5/distinfo Wed Feb 4 20:47:04 2015 (r378417) @@ -1,2 +1,4 @@ SHA256 (krb5-1.13-signed.tar) = dc8f79ae9ab777d0f815e84ed02ac4ccfe3d5826eb4947a195dfce9fd95a9582 SIZE (krb5-1.13-signed.tar) = 12083200 +SHA256 (2015-001-patch-r113.txt) = c41cb0dd88abb53543697a6e91832d6e0639a99a811c3092904eff03fa4b5ec6 +SIZE (2015-001-patch-r113.txt) = 12569