From owner-svn-ports-all@FreeBSD.ORG  Wed Feb  4 20:47:07 2015
Return-Path: <owner-svn-ports-all@FreeBSD.ORG>
Delivered-To: svn-ports-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 409E46C8;
 Wed,  4 Feb 2015 20:47:07 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 20FF929C;
 Wed,  4 Feb 2015 20:47:07 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t14Kl74E049609;
 Wed, 4 Feb 2015 20:47:07 GMT (envelope-from cy@FreeBSD.org)
Received: (from cy@localhost)
 by svn.freebsd.org (8.14.9/8.14.9/Submit) id t14Kl5JU049601;
 Wed, 4 Feb 2015 20:47:05 GMT (envelope-from cy@FreeBSD.org)
Message-Id: <201502042047.t14Kl5JU049601@svn.freebsd.org>
X-Authentication-Warning: svn.freebsd.org: cy set sender to cy@FreeBSD.org
 using -f
From: Cy Schubert <cy@FreeBSD.org>
Date: Wed, 4 Feb 2015 20:47:05 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r378417 - in head/security: krb5 krb5-111 krb5-112
X-SVN-Group: ports-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Feb 2015 20:47:07 -0000

Author: cy
Date: Wed Feb  4 20:47:04 2015
New Revision: 378417
URL: https://svnweb.freebsd.org/changeset/ports/378417
QAT: https://qat.redports.org/buildarchive/r378417/

Log:
  Address: krb5 -- Vulnerabilities in kadmind, libgssrpc,
  gss_process_context_token VU#540092
  
  CVE-2014-5352: gss_process_context_token() incorrectly frees context
  
  CVE-2014-9421: kadmind doubly frees partial deserialization results
  
  CVE-2014-9422: kadmind incorrectly validates server principal name
  
  CVE-2014-9423: libgssrpc server applications leak uninitialized bytes
  
  Security:	VUXML: 24ce5597-acab-11e4-a847-206a8a720317
  Security:	MIT KRB5: VU#540092
  Security:	CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423

Modified:
  head/security/krb5-111/Makefile
  head/security/krb5-111/distinfo
  head/security/krb5-112/Makefile
  head/security/krb5-112/distinfo
  head/security/krb5/Makefile
  head/security/krb5/distinfo

Modified: head/security/krb5-111/Makefile
==============================================================================
--- head/security/krb5-111/Makefile	Wed Feb  4 20:44:21 2015	(r378416)
+++ head/security/krb5-111/Makefile	Wed Feb  4 20:47:04 2015	(r378417)
@@ -3,12 +3,13 @@
 
 PORTNAME=		krb5
 PORTVERSION=		1.11.5
-PORTREVISION=		3
+PORTREVISION=		4
 CATEGORIES=		security
 MASTER_SITES=		http://web.mit.edu/kerberos/dist/krb5/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/
 PKGNAMESUFFIX=		-111
 DISTNAME=		krb5-${PORTVERSION}-signed
 EXTRACT_SUFX=		.tar
+PATCHFILES=		2015-001-patch-r111.txt
 
 PATCH_SITES=		http://web.mit.edu/kerberos/advisories/
 PATCH_DIST_STRIP=	-p2

Modified: head/security/krb5-111/distinfo
==============================================================================
--- head/security/krb5-111/distinfo	Wed Feb  4 20:44:21 2015	(r378416)
+++ head/security/krb5-111/distinfo	Wed Feb  4 20:47:04 2015	(r378417)
@@ -1,2 +1,4 @@
 SHA256 (krb5-1.11.5-signed.tar) = d3cee29a50b510526fa692c7c23832df60d4d1cfa66de21e288a897bed6b98c2
 SIZE (krb5-1.11.5-signed.tar) = 11714560
+SHA256 (2015-001-patch-r111.txt) = d7e1ac2abf76e546680d2789d11aaafe3119a13bbdcd1008b742efea016816e2
+SIZE (2015-001-patch-r111.txt) = 12128

Modified: head/security/krb5-112/Makefile
==============================================================================
--- head/security/krb5-112/Makefile	Wed Feb  4 20:44:21 2015	(r378416)
+++ head/security/krb5-112/Makefile	Wed Feb  4 20:47:04 2015	(r378417)
@@ -3,11 +3,13 @@
 
 PORTNAME=		krb5
 PORTVERSION=		1.12.2
+PORTREVISION=		1
 CATEGORIES=		security
 MASTER_SITES=		http://web.mit.edu/kerberos/dist/${PORTNAME}/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/
 PKGNAMESUFFIX=		-112
 DISTNAME=		${PORTNAME}-${PORTVERSION}-signed
 EXTRACT_SUFX=		.tar
+PATCHFILES=		2015-001-patch-r112.txt
 
 PATCH_SITES=		http://web.mit.edu/kerberos/advisories/
 PATCH_DIST_STRIP=	-p2

Modified: head/security/krb5-112/distinfo
==============================================================================
--- head/security/krb5-112/distinfo	Wed Feb  4 20:44:21 2015	(r378416)
+++ head/security/krb5-112/distinfo	Wed Feb  4 20:47:04 2015	(r378417)
@@ -1,2 +1,4 @@
 SHA256 (krb5-1.12.2-signed.tar) = 09bd180107b5c2b3b7378c57c023fb02a103d4cac39d6f2dd600275d7a4f3744
 SIZE (krb5-1.12.2-signed.tar) = 11991040
+SHA256 (2015-001-patch-r112.txt) = 75d1d070293fef7faa2c5ffbe8de4afaefb95449564e7dd5da458588ba637449
+SIZE (2015-001-patch-r112.txt) = 12130

Modified: head/security/krb5/Makefile
==============================================================================
--- head/security/krb5/Makefile	Wed Feb  4 20:44:21 2015	(r378416)
+++ head/security/krb5/Makefile	Wed Feb  4 20:47:04 2015	(r378417)
@@ -3,10 +3,12 @@
 
 PORTNAME=		krb5
 PORTVERSION=		1.13
+PORTREVISION=		1
 CATEGORIES=		security
 MASTER_SITES=		http://web.mit.edu/kerberos/dist/${PORTNAME}/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/
 DISTNAME=		${PORTNAME}-${PORTVERSION}-signed
 EXTRACT_SUFX=		.tar
+PATCHFILES=		2015-001-patch-r113.txt
 
 PATCH_SITES=		http://web.mit.edu/kerberos/advisories/
 PATCH_DIST_STRIP=	-p2
@@ -67,7 +69,13 @@ PLIST_SUB+=		LDAP="@comment "
 .endif
 
 .if ${PORT_OPTIONS:MREADLINE}
+.if ${OSVERSION} >= 1100000
+# libtool has some gas with libreadline in 11-CURRENT.
+BUILD_DEPENDS+=		${LOCALBASE}/lib/libreadline.so.6:${PORTSDIR}/devel/readline
+LIB_DEPENDS+=		${LOCALBASE}/lib/libreadline.so.6:${PORTSDIR}/devel/readline
+.else
 USES+=			readline:port
+.endif
 CONFIGURE_ARGS+=	--with-readline
 .endif
 

Modified: head/security/krb5/distinfo
==============================================================================
--- head/security/krb5/distinfo	Wed Feb  4 20:44:21 2015	(r378416)
+++ head/security/krb5/distinfo	Wed Feb  4 20:47:04 2015	(r378417)
@@ -1,2 +1,4 @@
 SHA256 (krb5-1.13-signed.tar) = dc8f79ae9ab777d0f815e84ed02ac4ccfe3d5826eb4947a195dfce9fd95a9582
 SIZE (krb5-1.13-signed.tar) = 12083200
+SHA256 (2015-001-patch-r113.txt) = c41cb0dd88abb53543697a6e91832d6e0639a99a811c3092904eff03fa4b5ec6
+SIZE (2015-001-patch-r113.txt) = 12569