Address: krb5 -- Vulnerabilities in kadmind, libgssrpc,

gss_process_context_token VU#540092

CVE-2014-5352: gss_process_context_token() incorrectly frees context

CVE-2014-9421: kadmind doubly frees partial deserialization results

CVE-2014-9422: kadmind incorrectly validates server principal name

CVE-2014-9423: libgssrpc server applications leak uninitialized bytes

Security:	VUXML: 24ce5597-acab-11e4-a847-206a8a720317
Security:	MIT KRB5: VU#540092
Security:	CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423

1 files changed, 8 insertions, 0 deletions

diff --git a/security/krb5/Makefile b/security/krb5/Makefile
index 760618ee38ee..5d19e3ffd7e9 100644
--- a/security/krb5/Makefile
+++ b/security/krb5/Makefile
@@ -3,10 +3,12 @@
 
 PORTNAME=		krb5
 PORTVERSION=		1.13
+PORTREVISION=		1
 CATEGORIES=		security
 MASTER_SITES=		http://web.mit.edu/kerberos/dist/${PORTNAME}/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/
 DISTNAME=		${PORTNAME}-${PORTVERSION}-signed
 EXTRACT_SUFX=		.tar
+PATCHFILES=		2015-001-patch-r113.txt
 
 PATCH_SITES=		http://web.mit.edu/kerberos/advisories/
 PATCH_DIST_STRIP=	-p2
@@ -67,7 +69,13 @@ PLIST_SUB+=		LDAP="@comment "
 .endif
 
 .if ${PORT_OPTIONS:MREADLINE}
+.if ${OSVERSION} >= 1100000
+# libtool has some gas with libreadline in 11-CURRENT.
+BUILD_DEPENDS+=		${LOCALBASE}/lib/libreadline.so.6:${PORTSDIR}/devel/readline
+LIB_DEPENDS+=		${LOCALBASE}/lib/libreadline.so.6:${PORTSDIR}/devel/readline
+.else
 USES+=			readline:port
+.endif
 CONFIGURE_ARGS+=	--with-readline
 .endif