svn commit: r379969 - in head/security/krb5-111: . files

Cy Schubert cy at FreeBSD.org
Thu Feb 26 01:20:19 UTC 2015 

Author: cy
Date: Thu Feb 26 01:20:17 2015
New Revision: 379969
URL: https://svnweb.freebsd.org/changeset/ports/379969
QAT: https://qat.redports.org/buildarchive/r379969/

Log:
  Update 1.11.5 --> 1.11.6
  
  This is a bugfix release.  The krb5-1.11 release series has reached
  the end of its maintenance period, and krb5-1.11.6 is the last planned
  release in the krb5-1.11 series.  For new deployments, installers
  should prefer the krb5-1.13 release series or later.
  This commit deprecates this port.
  
  * Work around a gcc optimizer bug that could cause DB2 KDC database
    operations to spin in an infinite loop
  
  * Fix a backward compatibility problem with the LDAP KDB schema that
    could prevent krb5-1.11 and later from decoding entries created by
    krb5-1.6.
  
  * Handle certain invalid RFC 1964 GSS tokens correctly to avoid
    invalid memory reference vulnerabilities.  [CVE-2014-4341
    CVE-2014-4342]
  
  * Fix memory management vulnerabilities in GSSAPI SPNEGO.
    [CVE-2014-4343 CVE-2014-4344]
  
  * Fix buffer overflow vulnerability in LDAP KDB back end.
    [CVE-2014-4345]
  
  * Fix multiple vulnerabilities in the LDAP KDC back end.
    [CVE-2014-5354 CVE-2014-5353]
  
  * Fix multiple kadmind vulnerabilities, some of which are based in the
    gssrpc library. [CVE-2014-5352 CVE-2014-9421 CVE-2014-9422
    CVE-2014-9423]
  
  Security:	dbf9e66c-bd50-11e4-a7ba-206a8a720317
  		CVE-2014-4341, CVE-2014-4342, CVE-2014-4343, CVE-2014-4344
  		CVE-2014-4345, CVE-2014-5354, CVE-2014-5353, CVE-2014-5352
  		CVE-2014-9421, CVE-2014-9422, CVE-2014-9423

Deleted:
  head/security/krb5-111/files/patch-plugins__kdb__ldap__libkdb_ldap__ldap_pwd_policy.c
Modified:
  head/security/krb5-111/Makefile
  head/security/krb5-111/distinfo
  head/security/krb5-111/files/patch-lib-apputils-net-server.c

Modified: head/security/krb5-111/Makefile
==============================================================================
--- head/security/krb5-111/Makefile	Thu Feb 26 01:12:44 2015	(r379968)
+++ head/security/krb5-111/Makefile	Thu Feb 26 01:20:17 2015	(r379969)
@@ -2,17 +2,18 @@
 # $FreeBSD$
 
 PORTNAME=		krb5
-PORTVERSION=		1.11.5
-PORTREVISION=		6
+PORTVERSION=		1.11.6
 CATEGORIES=		security
 MASTER_SITES=		http://web.mit.edu/kerberos/dist/krb5/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/
 PKGNAMESUFFIX=		-111
 DISTNAME=		krb5-${PORTVERSION}-signed
 EXTRACT_SUFX=		.tar
 
+DEPRECATED=		EOLed by MIT in December 2014.
+EXPIRATION_DATE=	2015-08-31
+
 PATCH_SITES=		http://web.mit.edu/kerberos/advisories/
 PATCH_DIST_STRIP=	-p2
-PATCHFILES=		2015-001-patch-r111.txt
 
 MAINTAINER=		cy at FreeBSD.org
 COMMENT=		Authentication system developed at MIT, successor to Kerberos IV

Modified: head/security/krb5-111/distinfo
==============================================================================
--- head/security/krb5-111/distinfo	Thu Feb 26 01:12:44 2015	(r379968)
+++ head/security/krb5-111/distinfo	Thu Feb 26 01:20:17 2015	(r379969)
@@ -1,4 +1,4 @@
-SHA256 (krb5-1.11.5-signed.tar) = d3cee29a50b510526fa692c7c23832df60d4d1cfa66de21e288a897bed6b98c2
-SIZE (krb5-1.11.5-signed.tar) = 11714560
+SHA256 (krb5-1.11.6-signed.tar) = 8f2e879fe5d8f1d8bb1c740a3778cd910af423649e527eb230dbac42b510e743
+SIZE (krb5-1.11.6-signed.tar) = 11755520
 SHA256 (2015-001-patch-r111.txt) = d7e1ac2abf76e546680d2789d11aaafe3119a13bbdcd1008b742efea016816e2
 SIZE (2015-001-patch-r111.txt) = 12128

Modified: head/security/krb5-111/files/patch-lib-apputils-net-server.c
==============================================================================
--- head/security/krb5-111/files/patch-lib-apputils-net-server.c	Thu Feb 26 01:12:44 2015	(r379968)
+++ head/security/krb5-111/files/patch-lib-apputils-net-server.c	Thu Feb 26 01:20:17 2015	(r379969)
@@ -1,6 +1,6 @@
---- ./lib/apputils/net-server.c.orig	2014-04-17 08:07:05.144912855 +0000
-+++ ./lib/apputils/net-server.c	2014-04-17 08:07:59.603908167 +0000
-@@ -992,8 +992,12 @@
+--- ./lib/apputils/net-server.c.orig	2015-02-24 14:19:36.000000000 -0800
++++ ./lib/apputils/net-server.c	2015-02-25 16:57:05.339001826 -0800
+@@ -1038,8 +1038,12 @@
      case RTM_NEWADDR: return "RTM_NEWADDR";
      case RTM_DELADDR: return "RTM_DELADDR";
      case RTM_IFINFO: return "RTM_IFINFO";
@@ -13,16 +13,3 @@
      case RTM_RESOLVE: return "RTM_RESOLVE";
  #ifdef RTM_NEWMADDR
      case RTM_NEWMADDR: return "RTM_NEWMADDR";
-@@ -1026,8 +1030,12 @@
-     case RTM_NEWADDR:
-     case RTM_DELADDR:
-     case RTM_IFINFO:
-+#ifdef RTM_OLDADD
-     case RTM_OLDADD:
-+#endif
-+#ifdef RTM_OLDDEL
-     case RTM_OLDDEL:
-+#endif
-         /*
-          * Some flags indicate routing table updates that don't
-          * indicate local address changes.  They may come from

More information about the svn-ports-head mailing list