Date: Wed, 4 Feb 2015 20:47:05 +0000 (UTC) From: Cy Schubert <cy@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r378417 - in head/security: krb5 krb5-111 krb5-112 Message-ID: <201502042047.t14Kl5JU049601@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cy Date: Wed Feb 4 20:47:04 2015 New Revision: 378417 URL: https://svnweb.freebsd.org/changeset/ports/378417 QAT: https://qat.redports.org/buildarchive/r378417/ Log: Address: krb5 -- Vulnerabilities in kadmind, libgssrpc, gss_process_context_token VU#540092 CVE-2014-5352: gss_process_context_token() incorrectly frees context CVE-2014-9421: kadmind doubly frees partial deserialization results CVE-2014-9422: kadmind incorrectly validates server principal name CVE-2014-9423: libgssrpc server applications leak uninitialized bytes Security: VUXML: 24ce5597-acab-11e4-a847-206a8a720317 Security: MIT KRB5: VU#540092 Security: CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423 Modified: head/security/krb5-111/Makefile head/security/krb5-111/distinfo head/security/krb5-112/Makefile head/security/krb5-112/distinfo head/security/krb5/Makefile head/security/krb5/distinfo Modified: head/security/krb5-111/Makefile ============================================================================== --- head/security/krb5-111/Makefile Wed Feb 4 20:44:21 2015 (r378416) +++ head/security/krb5-111/Makefile Wed Feb 4 20:47:04 2015 (r378417) @@ -3,12 +3,13 @@ PORTNAME= krb5 PORTVERSION= 1.11.5 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/ PKGNAMESUFFIX= -111 DISTNAME= krb5-${PORTVERSION}-signed EXTRACT_SUFX= .tar +PATCHFILES= 2015-001-patch-r111.txt PATCH_SITES= http://web.mit.edu/kerberos/advisories/ PATCH_DIST_STRIP= -p2 Modified: head/security/krb5-111/distinfo ============================================================================== --- head/security/krb5-111/distinfo Wed Feb 4 20:44:21 2015 (r378416) +++ head/security/krb5-111/distinfo Wed Feb 4 20:47:04 2015 (r378417) @@ -1,2 +1,4 @@ SHA256 (krb5-1.11.5-signed.tar) = d3cee29a50b510526fa692c7c23832df60d4d1cfa66de21e288a897bed6b98c2 SIZE (krb5-1.11.5-signed.tar) = 11714560 +SHA256 (2015-001-patch-r111.txt) = d7e1ac2abf76e546680d2789d11aaafe3119a13bbdcd1008b742efea016816e2 +SIZE (2015-001-patch-r111.txt) = 12128 Modified: head/security/krb5-112/Makefile ============================================================================== --- head/security/krb5-112/Makefile Wed Feb 4 20:44:21 2015 (r378416) +++ head/security/krb5-112/Makefile Wed Feb 4 20:47:04 2015 (r378417) @@ -3,11 +3,13 @@ PORTNAME= krb5 PORTVERSION= 1.12.2 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= http://web.mit.edu/kerberos/dist/${PORTNAME}/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/ PKGNAMESUFFIX= -112 DISTNAME= ${PORTNAME}-${PORTVERSION}-signed EXTRACT_SUFX= .tar +PATCHFILES= 2015-001-patch-r112.txt PATCH_SITES= http://web.mit.edu/kerberos/advisories/ PATCH_DIST_STRIP= -p2 Modified: head/security/krb5-112/distinfo ============================================================================== --- head/security/krb5-112/distinfo Wed Feb 4 20:44:21 2015 (r378416) +++ head/security/krb5-112/distinfo Wed Feb 4 20:47:04 2015 (r378417) @@ -1,2 +1,4 @@ SHA256 (krb5-1.12.2-signed.tar) = 09bd180107b5c2b3b7378c57c023fb02a103d4cac39d6f2dd600275d7a4f3744 SIZE (krb5-1.12.2-signed.tar) = 11991040 +SHA256 (2015-001-patch-r112.txt) = 75d1d070293fef7faa2c5ffbe8de4afaefb95449564e7dd5da458588ba637449 +SIZE (2015-001-patch-r112.txt) = 12130 Modified: head/security/krb5/Makefile ============================================================================== --- head/security/krb5/Makefile Wed Feb 4 20:44:21 2015 (r378416) +++ head/security/krb5/Makefile Wed Feb 4 20:47:04 2015 (r378417) @@ -3,10 +3,12 @@ PORTNAME= krb5 PORTVERSION= 1.13 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= http://web.mit.edu/kerberos/dist/${PORTNAME}/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/ DISTNAME= ${PORTNAME}-${PORTVERSION}-signed EXTRACT_SUFX= .tar +PATCHFILES= 2015-001-patch-r113.txt PATCH_SITES= http://web.mit.edu/kerberos/advisories/ PATCH_DIST_STRIP= -p2 @@ -67,7 +69,13 @@ PLIST_SUB+= LDAP="@comment " .endif .if ${PORT_OPTIONS:MREADLINE} +.if ${OSVERSION} >= 1100000 +# libtool has some gas with libreadline in 11-CURRENT. +BUILD_DEPENDS+= ${LOCALBASE}/lib/libreadline.so.6:${PORTSDIR}/devel/readline +LIB_DEPENDS+= ${LOCALBASE}/lib/libreadline.so.6:${PORTSDIR}/devel/readline +.else USES+= readline:port +.endif CONFIGURE_ARGS+= --with-readline .endif Modified: head/security/krb5/distinfo ============================================================================== --- head/security/krb5/distinfo Wed Feb 4 20:44:21 2015 (r378416) +++ head/security/krb5/distinfo Wed Feb 4 20:47:04 2015 (r378417) @@ -1,2 +1,4 @@ SHA256 (krb5-1.13-signed.tar) = dc8f79ae9ab777d0f815e84ed02ac4ccfe3d5826eb4947a195dfce9fd95a9582 SIZE (krb5-1.13-signed.tar) = 12083200 +SHA256 (2015-001-patch-r113.txt) = c41cb0dd88abb53543697a6e91832d6e0639a99a811c3092904eff03fa4b5ec6 +SIZE (2015-001-patch-r113.txt) = 12569
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201502042047.t14Kl5JU049601>