Index: head/security/krb5-112/Makefile
===================================================================
--- head/security/krb5-112/Makefile	(revision 388306)
+++ head/security/krb5-112/Makefile	(revision 388307)
@@ -1,159 +1,158 @@
 # Created by: nectar@FreeBSD.org
 # $FreeBSD$
 
 PORTNAME=		krb5
-PORTVERSION=		1.12.3
-PORTREVISION=		2
+PORTVERSION=		1.12.4
 CATEGORIES=		security
 MASTER_SITES=		http://web.mit.edu/kerberos/dist/${PORTNAME}/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/
 PKGNAMESUFFIX=		-112
 DISTNAME=		${PORTNAME}-${PORTVERSION}-signed
 EXTRACT_SUFX=		.tar
 
 PATCH_SITES=		http://web.mit.edu/kerberos/advisories/
 PATCH_DIST_STRIP=	-p2
 
 MAINTAINER=		cy@FreeBSD.org
 COMMENT=		Authentication system developed at MIT, successor to Kerberos IV
 
 LICENSE=		MIT
 
 BUILD_DEPENDS=		gm4:${PORTSDIR}/devel/m4
 
 CONFLICTS=		heimdal-[0-9]* srp-[0-9]* krb5-[0-9]* krb5-maint-111-*
 
 LATEST_LINK=		${PORTNAME}-112
 KERBEROSV_URL=		http://web.mit.edu/kerberos/
 USE_PERL5=		build
 USE_LDCONFIG=		yes
 USE_CSTD=		gnu99
 GNU_CONFIGURE=		yes
 USES=			cpe gettext gmake perl5 libtool:build
 CONFIGURE_ARGS?=	--enable-shared --without-system-verto \
 			--disable-rpath --localstatedir="${PREFIX}/var"
 CONFIGURE_ENV=		INSTALL="${INSTALL}" INSTALL_LIB="${INSTALL_LIB}" YACC="${YACC}"
 MAKE_ARGS=		INSTALL="${INSTALL}" INSTALL_LIB="${INSTALL_LIB}"
 
 CPE_VENDOR=		mit
 CPE_VERSION=		5-${PORTVERSION}
 CPE_PRODUCT=		kerberos
 
 OPTIONS_DEFINE=		KRB5_PDF KRB5_HTML DNS_FOR_REALM LDAP READLINE
 OPTIONS_DEFAULT=	KRB5_PDF KRB5_HTML
 KRB5_PDF_DESC=		Install krb5 PDF documentation
 KRB5_HTML_DESC=		Install krb5 HTML documentation
 DNS_FOR_REALM_DESC=	Enable DNS lookups for Kerberos realm names
 LDAP=			Enable LDAP support
 
 .if defined(KRB5_HOME)
 PREFIX=			${KRB5_HOME}
 .endif
 CPPFLAGS+=		-I${LOCALBASE}/include -I${OPENSSLINC}
 LDFLAGS+=		-L${LOCALBASE}/lib -L${OPENSSLLIB}
 
 USE_OPENSSL=		yes
 USE_RC_SUBR=		kpropd
 
 .include <bsd.port.pre.mk>
 
 # Fix up -Wl,-rpath in LDFLAGS
 .if !empty(KRB5_HOME)
 _RPATH=	${KRB5_HOME}/lib:
 .else
 _RPATH=	${LOCALBASE}/lib:
 .endif
 .if !empty(LDFLAGS:M-Wl,-rpath,*)
 .for F in ${LDFLAGS:M-Wl,-rpath,*}
 LDFLAGS:=	-Wl,-rpath,${_RPATH}${F:S/-Wl,-rpath,//} \
 		${LDFLAGS:N-Wl,-rpath,*}
 .endfor
 .endif
 
 .if defined(KRB5_HOME) && ${KRB5_HOME} != ${LOCALBASE}
 BROKEN=			LIB_DEPENDS when using KRB5_HOME is broken
 .endif
 
 .if ${PORT_OPTIONS:MDNS_FOR_REALM}
 CONFIGURE_ARGS+=	--enable-dns-for-realm
 .endif
 
 .if ${PORT_OPTIONS:MLDAP}
 USE_OPENLDAP=		yes
 CONFIGURE_ARGS+=	--with-ldap
 PLIST_SUB+=		LDAP=""
 .else
 PLIST_SUB+=		LDAP="@comment "
 .endif
 
 .if ${PORT_OPTIONS:MREADLINE}
 .if ${OSVERSION} >= 1100000
 # libtool has some gas with libreadline in 11-CURRENT.
 BUILD_DEPENDS+=		libreadline.so:${PORTSDIR}/devel/readline
 LIB_DEPENDS+=		libreadline.so:${PORTSDIR}/devel/readline
 .else
 USES+=			readline:port
 CONFIGURE_ARGS+=	--with-readline
 .endif
 .endif
 
 .if defined(PROGRAM_TRANSFORM_NAME) && ${PROGRAM_TRANSFORM_NAME} != ""
 CONFIGURE_ARGS+=	--program-transform-name="${PROGRAM_TRANSFORM_NAME}"
 .endif
 
 WRKSRC=			${WRKDIR}/${PORTNAME}-${PORTVERSION}/src
 
 HTML_DOC_DIR=		${WRKDIR}/${PORTNAME}-${PORTVERSION}/doc/html
 PDF_DOC_DIR=		${WRKDIR}/${PORTNAME}-${PORTVERSION}/doc/pdf
 
 post-extract:
 	@${TAR} -C ${WRKDIR} -xzf ${WRKDIR}/${PORTNAME}-${PORTVERSION}.tar.gz --no-same-owner --no-same-permissions
 	@${RM} ${WRKDIR}/${PORTNAME}-${PORTVERSION}.tar.gz ${WRKDIR}/${PORTNAME}-${PORTVERSION}.tar.gz.asc
 
 post-install:
 	@${MKDIR} ${STAGEDIR}${PREFIX}/share/doc/krb5
 # html documentation
 .if ${PORT_OPTIONS:MKRB5_PDF}
 	pdf_files=`${FIND} ${PDF_DOC_DIR} ! -type d`
 	pdf_dirs=`${FIND} ${PDF_DOC_DIR} -type d`
 	for i in $${pdf_dirs}; do \
 		${MKDIR} ${STAGEDIR}${PREFIX}/share/doc/krb5/$${i}; \
 	done; \
 	for i in $${pdf_files}; do \
 		${INSTALL_MAN} $${pdf} ${PREFIX}/share/doc/krb5/$${i}; \
 		${ECHO_CMD} share/doc/krb5/$${i} >> ${TMPPLIST}; \
 	done
 .endif
 .if ${PORT_OPTIONS:MKRB5_HTML}
 	html_files=`${FIND} ${HTML_DOC_DIR} ! -type d | ${GREP} -v /_sources`
 	html_dirs=`${FIND} ${HTML_DOC_DIR} -type d | ${GREP} -v /_sources`
 	for i in $${html_dirs}; do \
 		${MKDIR} ${PREFIX}/share/doc/krb5/$${i}; \
 	done; \
 	for i in $${html_files}; do \
 		${INSTALL_MAN} $${i} ${PREFIX}/share/doc/krb5/$${i}; \
 		${ECHO_CMD} share/doc/krb5/$${i} >> ${TMPPLIST}; \
 	done
 .endif
 .if ${PORT_OPTIONS:MKRB5_PDF}
 	for i in $${pdf_dirs}; do \
 		${ECHO_CMD} @dir share/doc/krb5/$${i} >> ${TMPPLIST}; \
 	done | ${TAIL} -r >> ${TMPPLIST}
 .endif
 .if ${PORT_OPTIONS:MKRB5_HTML}
 	for i in $${html_dirs}; do \
 		${ECHO_CMD} @dir share/doc/krb5/$${i} >> ${TMPPLIST}; \
 	done | ${TAIL} -r >> ${TMPPLIST}
 .endif
 	${ECHO_CMD} @dir share/doc/krb5 >> ${TMPPLIST}
 	@${SED} "s%\${PREFIX}%${PREFIX}%" ${FILESDIR}/README.FreeBSD > ${STAGEDIR}${PREFIX}/share/doc/krb5/README.FreeBSD
 	@${CHMOD} 444 ${STAGEDIR}${PREFIX}/share/doc/krb5/README.FreeBSD
 	@${ECHO} "------------------------------------------------------"
 	@${ECHO} "This port of MIT Kerberos 5 includes remote login     "
 	@${ECHO} "daemons (telnetd and klogind).  These daemons default "
 	@${ECHO} "to using the system login program (/usr/bin/login).   "
 	@${ECHO} "Please see the file                                   "
 	@${ECHO} "${PREFIX}/share/doc/krb5/README.FreeBSD"
 	@${ECHO} "for more information.                                 "
 	@${ECHO} "------------------------------------------------------"
 
 .include <bsd.port.post.mk>
Index: head/security/krb5-112/distinfo
===================================================================
--- head/security/krb5-112/distinfo	(revision 388306)
+++ head/security/krb5-112/distinfo	(revision 388307)
@@ -1,4 +1,2 @@
-SHA256 (krb5-1.12.3-signed.tar) = 091715da49f6aa72b98c9659229351b4b168fb96f84caa18228aaf7632db3483
-SIZE (krb5-1.12.3-signed.tar) = 12001280
-SHA256 (2015-001-patch-r112.txt) = 75d1d070293fef7faa2c5ffbe8de4afaefb95449564e7dd5da458588ba637449
-SIZE (2015-001-patch-r112.txt) = 12130
+SHA256 (krb5-1.12.4-signed.tar) = b95d029e4b376332b3517bad49becdd48503f82a7ac24e5f284a00aa091dd0d9
+SIZE (krb5-1.12.4-signed.tar) = 12011520
Index: head/security/krb5-112/files/patch-CVE-2015-2694
===================================================================
--- head/security/krb5-112/files/patch-CVE-2015-2694	(revision 388306)
+++ head/security/krb5-112/files/patch-CVE-2015-2694	(nonexistent)
@@ -1,65 +0,0 @@
---- plugins/preauth/otp/main.c.orig	2015-02-18 22:31:13 UTC
-+++ plugins/preauth/otp/main.c
-@@ -42,6 +42,7 @@ static krb5_preauthtype otp_pa_type_list
- struct request_state {
-     krb5_kdcpreauth_verify_respond_fn respond;
-     void *arg;
-+    krb5_enc_tkt_part *enc_tkt_reply;
- };
- 
- static krb5_error_code
-@@ -159,6 +160,9 @@ on_response(void *data, krb5_error_code 
-     if (retval == 0 && response != otp_response_success)
-         retval = KRB5_PREAUTH_FAILED;
- 
-+    if (retval == 0)
-+        rs.enc_tkt_reply->flags |= TKT_FLG_PRE_AUTH;
-+
-     rs.respond(rs.arg, retval, NULL, NULL, NULL);
- }
- 
-@@ -263,8 +267,6 @@ otp_verify(krb5_context context, krb5_da
-     krb5_data d, plaintext;
-     char *config;
- 
--    enc_tkt_reply->flags |= TKT_FLG_PRE_AUTH;
--
-     /* Get the FAST armor key. */
-     armor_key = cb->fast_armor(context, rock);
-     if (armor_key == NULL) {
-@@ -298,12 +300,14 @@ otp_verify(krb5_context context, krb5_da
-         goto error;
-     }
- 
--    /* Create the request state. */
-+    /* Create the request state.  Save the response callback, and the
-+     * enc_tkt_reply pointer so we can set the TKT_FLG_PRE_AUTH flag later. */
-     rs = k5alloc(sizeof(struct request_state), &retval);
-     if (rs == NULL)
-         goto error;
-     rs->arg = arg;
-     rs->respond = respond;
-+    rs->enc_tkt_reply = enc_tkt_reply;
- 
-     /* Get the principal's OTP configuration string. */
-     retval = cb->get_string(context, rock, "otp", &config);
---- plugins/preauth/pkinit/pkinit_srv.c.orig	2015-02-18 22:31:13 UTC
-+++ plugins/preauth/pkinit/pkinit_srv.c
-@@ -306,7 +306,7 @@ pkinit_server_verify_padata(krb5_context
- 
-     pkiDebug("pkinit_verify_padata: entered!\n");
-     if (data == NULL || data->length <= 0 || data->contents == NULL) {
--        (*respond)(arg, 0, NULL, NULL, NULL);
-+        (*respond)(arg, EINVAL, NULL, NULL, NULL);
-         return;
-     }
- 
-@@ -318,7 +318,7 @@ pkinit_server_verify_padata(krb5_context
- 
-     plgctx = pkinit_find_realm_context(context, moddata, request->server);
-     if (plgctx == NULL) {
--        (*respond)(arg, 0, NULL, NULL, NULL);
-+        (*respond)(arg, EINVAL, NULL, NULL, NULL);
-         return;
-     }
- 

Property changes on: head/security/krb5-112/files/patch-CVE-2015-2694
___________________________________________________________________
Deleted: fbsd:nokeywords
## -1 +0,0 ##
-yes
\ No newline at end of property
Deleted: svn:eol-style
## -1 +0,0 ##
-native
\ No newline at end of property
Deleted: svn:mime-type
## -1 +0,0 ##
-text/plain
\ No newline at end of property