From owner-svn-ports-all@FreeBSD.ORG  Thu Feb 26 01:20:19 2015
Return-Path: <owner-svn-ports-all@FreeBSD.ORG>
Delivered-To: svn-ports-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 7C6F4AFE;
 Thu, 26 Feb 2015 01:20:19 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 5CE1D910;
 Thu, 26 Feb 2015 01:20:19 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t1Q1KJUg050215;
 Thu, 26 Feb 2015 01:20:19 GMT (envelope-from cy@FreeBSD.org)
Received: (from cy@localhost)
 by svn.freebsd.org (8.14.9/8.14.9/Submit) id t1Q1KINs050212;
 Thu, 26 Feb 2015 01:20:18 GMT (envelope-from cy@FreeBSD.org)
Message-Id: <201502260120.t1Q1KINs050212@svn.freebsd.org>
X-Authentication-Warning: svn.freebsd.org: cy set sender to cy@FreeBSD.org
 using -f
From: Cy Schubert <cy@FreeBSD.org>
Date: Thu, 26 Feb 2015 01:20:18 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r379969 - in head/security/krb5-111: . files
X-SVN-Group: ports-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Feb 2015 01:20:19 -0000

Author: cy
Date: Thu Feb 26 01:20:17 2015
New Revision: 379969
URL: https://svnweb.freebsd.org/changeset/ports/379969
QAT: https://qat.redports.org/buildarchive/r379969/

Log:
  Update 1.11.5 --> 1.11.6
  
  This is a bugfix release.  The krb5-1.11 release series has reached
  the end of its maintenance period, and krb5-1.11.6 is the last planned
  release in the krb5-1.11 series.  For new deployments, installers
  should prefer the krb5-1.13 release series or later.
  This commit deprecates this port.
  
  * Work around a gcc optimizer bug that could cause DB2 KDC database
    operations to spin in an infinite loop
  
  * Fix a backward compatibility problem with the LDAP KDB schema that
    could prevent krb5-1.11 and later from decoding entries created by
    krb5-1.6.
  
  * Handle certain invalid RFC 1964 GSS tokens correctly to avoid
    invalid memory reference vulnerabilities.  [CVE-2014-4341
    CVE-2014-4342]
  
  * Fix memory management vulnerabilities in GSSAPI SPNEGO.
    [CVE-2014-4343 CVE-2014-4344]
  
  * Fix buffer overflow vulnerability in LDAP KDB back end.
    [CVE-2014-4345]
  
  * Fix multiple vulnerabilities in the LDAP KDC back end.
    [CVE-2014-5354 CVE-2014-5353]
  
  * Fix multiple kadmind vulnerabilities, some of which are based in the
    gssrpc library. [CVE-2014-5352 CVE-2014-9421 CVE-2014-9422
    CVE-2014-9423]
  
  Security:	dbf9e66c-bd50-11e4-a7ba-206a8a720317
  		CVE-2014-4341, CVE-2014-4342, CVE-2014-4343, CVE-2014-4344
  		CVE-2014-4345, CVE-2014-5354, CVE-2014-5353, CVE-2014-5352
  		CVE-2014-9421, CVE-2014-9422, CVE-2014-9423

Deleted:
  head/security/krb5-111/files/patch-plugins__kdb__ldap__libkdb_ldap__ldap_pwd_policy.c
Modified:
  head/security/krb5-111/Makefile
  head/security/krb5-111/distinfo
  head/security/krb5-111/files/patch-lib-apputils-net-server.c

Modified: head/security/krb5-111/Makefile
==============================================================================
--- head/security/krb5-111/Makefile	Thu Feb 26 01:12:44 2015	(r379968)
+++ head/security/krb5-111/Makefile	Thu Feb 26 01:20:17 2015	(r379969)
@@ -2,17 +2,18 @@
 # $FreeBSD$
 
 PORTNAME=		krb5
-PORTVERSION=		1.11.5
-PORTREVISION=		6
+PORTVERSION=		1.11.6
 CATEGORIES=		security
 MASTER_SITES=		http://web.mit.edu/kerberos/dist/krb5/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/
 PKGNAMESUFFIX=		-111
 DISTNAME=		krb5-${PORTVERSION}-signed
 EXTRACT_SUFX=		.tar
 
+DEPRECATED=		EOLed by MIT in December 2014.
+EXPIRATION_DATE=	2015-08-31
+
 PATCH_SITES=		http://web.mit.edu/kerberos/advisories/
 PATCH_DIST_STRIP=	-p2
-PATCHFILES=		2015-001-patch-r111.txt
 
 MAINTAINER=		cy@FreeBSD.org
 COMMENT=		Authentication system developed at MIT, successor to Kerberos IV

Modified: head/security/krb5-111/distinfo
==============================================================================
--- head/security/krb5-111/distinfo	Thu Feb 26 01:12:44 2015	(r379968)
+++ head/security/krb5-111/distinfo	Thu Feb 26 01:20:17 2015	(r379969)
@@ -1,4 +1,4 @@
-SHA256 (krb5-1.11.5-signed.tar) = d3cee29a50b510526fa692c7c23832df60d4d1cfa66de21e288a897bed6b98c2
-SIZE (krb5-1.11.5-signed.tar) = 11714560
+SHA256 (krb5-1.11.6-signed.tar) = 8f2e879fe5d8f1d8bb1c740a3778cd910af423649e527eb230dbac42b510e743
+SIZE (krb5-1.11.6-signed.tar) = 11755520
 SHA256 (2015-001-patch-r111.txt) = d7e1ac2abf76e546680d2789d11aaafe3119a13bbdcd1008b742efea016816e2
 SIZE (2015-001-patch-r111.txt) = 12128

Modified: head/security/krb5-111/files/patch-lib-apputils-net-server.c
==============================================================================
--- head/security/krb5-111/files/patch-lib-apputils-net-server.c	Thu Feb 26 01:12:44 2015	(r379968)
+++ head/security/krb5-111/files/patch-lib-apputils-net-server.c	Thu Feb 26 01:20:17 2015	(r379969)
@@ -1,6 +1,6 @@
---- ./lib/apputils/net-server.c.orig	2014-04-17 08:07:05.144912855 +0000
-+++ ./lib/apputils/net-server.c	2014-04-17 08:07:59.603908167 +0000
-@@ -992,8 +992,12 @@
+--- ./lib/apputils/net-server.c.orig	2015-02-24 14:19:36.000000000 -0800
++++ ./lib/apputils/net-server.c	2015-02-25 16:57:05.339001826 -0800
+@@ -1038,8 +1038,12 @@
      case RTM_NEWADDR: return "RTM_NEWADDR";
      case RTM_DELADDR: return "RTM_DELADDR";
      case RTM_IFINFO: return "RTM_IFINFO";
@@ -13,16 +13,3 @@
      case RTM_RESOLVE: return "RTM_RESOLVE";
  #ifdef RTM_NEWMADDR
      case RTM_NEWMADDR: return "RTM_NEWMADDR";
-@@ -1026,8 +1030,12 @@
-     case RTM_NEWADDR:
-     case RTM_DELADDR:
-     case RTM_IFINFO:
-+#ifdef RTM_OLDADD
-     case RTM_OLDADD:
-+#endif
-+#ifdef RTM_OLDDEL
-     case RTM_OLDDEL:
-+#endif
-         /*
-          * Some flags indicate routing table updates that don't
-          * indicate local address changes.  They may come from