Pullup ticket #4216 - requested by drochner security/putty: security update Revisions pulled up: - security/putty/Makefile 1.34-1.35 - security/putty/distinfo 1.14-1.15 - security/putty/patches/patch-CVE-2013-4852-1 deleted - security/putty/patches/patch-CVE-2013-4852-2 deleted - security/putty/patches/patch-import.c 1.2-1.3 - security/putty/patches/patch-terminal.c deleted - security/putty/patches/patch-timing.c 1.2 - security/putty/patches/patch-unix_gtkfont_c deleted - security/putty/patches/patch-unix_gtkwin.c 1.3 - security/putty/patches/patch-unix_uxnet.c 1.2 - security/putty/patches/patch-unix_uxucs.c 1.2 - security/putty/patches/patch-windows_window.c 1.2 --- Module Name: pkgsrc Committed By: drochner Date: Tue Aug 6 12:23:37 UTC 2013 Modified Files: pkgsrc/security/putty: Makefile distinfo pkgsrc/security/putty/patches: patch-import.c Added Files: pkgsrc/security/putty/patches: patch-CVE-2013-4852-1 patch-CVE-2013-4852-2 Log Message: add patch from upstream to fix possible heap overflow in SSH handshake due to integer overflow (CVE-2013-4852) bump PKGREV --- Module Name: pkgsrc Committed By: drochner Date: Wed Aug 7 11:06:39 UTC 2013 Modified Files: pkgsrc/security/putty: Makefile distinfo pkgsrc/security/putty/patches: patch-import.c patch-timing.c patch-unix_gtkwin.c patch-unix_uxnet.c patch-unix_uxucs.c patch-windows_window.c Removed Files: pkgsrc/security/putty/patches: patch-CVE-2013-4852-1 patch-CVE-2013-4852-2 patch-terminal.c patch-unix_gtkfont_c Log Message: update to 0.63 This fixes a buffer overflow which was patched in pkgsrc (CVE-2013-4852), two other buffer overflows (CVE-2013-4206, CVE-2013-4207), and it clears private keys after use now (CVE-2013-4208). Other than that, there are mostly bug fixes from 0.62 and a few small features.diff -r1.33 -r1.33.2.1 pkgsrc/security/putty/Makefile
(tron)
@@ -1,20 +1,19 @@ | @@ -1,20 +1,19 @@ | |||
1 | # $NetBSD: Makefile,v 1.33 2013/06/06 12:55:01 wiz Exp $ | 1 | # $NetBSD: Makefile,v 1.33.2.1 2013/08/21 19:40:13 tron Exp $ | |
2 | # | 2 | # | |
3 | 3 | |||
4 | DISTNAME= putty-0.62 | 4 | DISTNAME= putty-0.63 | |
5 | PKGREVISION= 9 | |||
6 | CATEGORIES= security | 5 | CATEGORIES= security | |
7 | MASTER_SITES= http://the.earth.li/~sgtatham/putty/0.62/ | 6 | MASTER_SITES= http://the.earth.li/~sgtatham/putty/0.63/ | |
8 | 7 | |||
9 | MAINTAINER= pkgsrc-users@NetBSD.org | 8 | MAINTAINER= pkgsrc-users@NetBSD.org | |
10 | HOMEPAGE= http://www.chiark.greenend.org.uk/~sgtatham/putty/ | 9 | HOMEPAGE= http://www.chiark.greenend.org.uk/~sgtatham/putty/ | |
11 | COMMENT= Free implementation of Telnet and SSH for Win32 and Unix platforms | 10 | COMMENT= Free implementation of Telnet and SSH for Win32 and Unix platforms | |
12 | LICENSE= mit | 11 | LICENSE= mit | |
13 | 12 | |||
14 | USE_TOOLS+= gmake pkg-config | 13 | USE_TOOLS+= gmake pkg-config | |
15 | BUILD_DIRS= unix | 14 | BUILD_DIRS= unix | |
16 | 15 | |||
17 | MAKE_FILE= Makefile.gtk | 16 | MAKE_FILE= Makefile.gtk | |
18 | MAKE_FLAGS+= mandir=${PREFIX}/${PKGMANDIR} | 17 | MAKE_FLAGS+= mandir=${PREFIX}/${PKGMANDIR} | |
19 | 18 | |||
20 | INSTALLATION_DIRS= bin ${PKGMANDIR}/man1 | 19 | INSTALLATION_DIRS= bin ${PKGMANDIR}/man1 |
@@ -1,15 +1,13 @@ | @@ -1,15 +1,13 @@ | |||
1 | $NetBSD: distinfo,v 1.13 2012/11/01 19:32:44 joerg Exp $ | 1 | $NetBSD: distinfo,v 1.13.6.1 2013/08/21 19:40:13 tron Exp $ | |
2 | 2 | |||
3 | SHA1 (putty-0.62.tar.gz) = 5898438614117ee7e3704fc3f30a3c4bf2041380 | 3 | SHA1 (putty-0.63.tar.gz) = 195c0603ef61082b91276faa8d4246ea472bba3b | |
4 | RMD160 (putty-0.62.tar.gz) = 48324416005eb4b14654fc9e0e14d39f20971507 | 4 | RMD160 (putty-0.63.tar.gz) = cf28d88a5f0e1db6c21bb0308bd59ed4d6399e5f | |
5 | Size (putty-0.62.tar.gz) = 1783106 bytes | 5 | Size (putty-0.63.tar.gz) = 1887913 bytes | |
6 | SHA1 (patch-import.c) = c2dc26aa851a326ea89e782ef93ae7bfdc916366 | 6 | SHA1 (patch-import.c) = da6a34ec3412985858babb28821296c40e30d96b | |
7 | SHA1 (patch-ldisc.c) = e4dd89bfb2ddcb47aad46cc7c311f424aa6ab6be | 7 | SHA1 (patch-ldisc.c) = e4dd89bfb2ddcb47aad46cc7c311f424aa6ab6be | |
8 | SHA1 (patch-terminal.c) = bed37a83bb7afc56ff34d48f8079b37d9db0f948 | 8 | SHA1 (patch-timing.c) = 9dd79fde390878960e97c456628bbd5dcbcd07f9 | |
9 | SHA1 (patch-timing.c) = b836da7194aa72ac88d94951070dc65f11978703 | |||
10 | SHA1 (patch-unix_Makefile.gtk) = 0ad8226e2ad8e6e40d3eb9ddef4b22e7d07b7895 | 9 | SHA1 (patch-unix_Makefile.gtk) = 0ad8226e2ad8e6e40d3eb9ddef4b22e7d07b7895 | |
11 | SHA1 (patch-unix_gtkfont_c) = 0e57d4f49466ac73fb0d8cc8efb635e6f8a37f44 | 10 | SHA1 (patch-unix_gtkwin.c) = ccabdde03fda8bbc24d659a440fe48f96ab5d867 | |
12 | SHA1 (patch-unix_gtkwin.c) = c62d1888b93476972180d14b1fd06d0ab8c8b04b | 11 | SHA1 (patch-unix_uxnet.c) = 2d1c2939721993fe5616c2fe3f1935c03a31bb35 | |
13 | SHA1 (patch-unix_uxnet.c) = 50e39093ece97b189da4a736713b59ed72c162d9 | 12 | SHA1 (patch-unix_uxucs.c) = a2a5021b515c3bade1126ed062bdc1eece1ca0f9 | |
14 | SHA1 (patch-unix_uxucs.c) = c8a2c4a5f0f50a0c87ec643acd7a02f16dba576f | 13 | SHA1 (patch-windows_window.c) = e851bad963967429131286c18e39d1ac4add4ae7 | |
15 | SHA1 (patch-windows_window.c) = 0c9f4ad5870e63793278d6f04cae88154611e596 |
@@ -1,26 +1,26 @@ | @@ -1,26 +1,26 @@ | |||
1 | $NetBSD: patch-import.c,v 1.1 2012/02/22 15:27:16 wiz Exp $ | 1 | $NetBSD: patch-import.c,v 1.1.14.1 2013/08/21 19:40:13 tron Exp $ | |
2 | 2 | |||
3 | --- import.c.orig 2010-04-12 11:02:06.000000000 +0000 | 3 | --- import.c.orig 2013-07-20 13:15:20.000000000 +0000 | |
4 | +++ import.c | 4 | +++ import.c | |
5 | @@ -717,8 +717,8 @@ int openssh_write(const Filename *filena | 5 | @@ -725,8 +725,8 @@ int openssh_write(const Filename *filena | |
6 | unsigned char *outblob; | 6 | unsigned char *outblob; | |
7 | int outlen; | 7 | int outlen; | |
8 | struct mpint_pos numbers[9]; | 8 | struct mpint_pos numbers[9]; | |
9 | - int nnumbers, pos, len, seqlen, i; | 9 | - int nnumbers, pos, len, seqlen, i; | |
10 | - char *header, *footer; | 10 | - char *header, *footer; | |
11 | + int nnumbers = 0, pos = 0, len = 0, seqlen = 0, i = 0; | 11 | + int nnumbers = 0, pos = 0, len = 0, seqlen = 0, i = 0; | |
12 | + char *header = NULL, *footer = NULL; | 12 | + char *header = NULL, *footer = NULL; | |
13 | char zero[1]; | 13 | char zero[1]; | |
14 | unsigned char iv[8]; | 14 | unsigned char iv[8]; | |
15 | int ret = 0; | 15 | int ret = 0; | |
16 | @@ -1513,8 +1513,8 @@ int sshcom_write(const Filename *filenam | 16 | @@ -1547,8 +1547,8 @@ int sshcom_write(const Filename *filenam | |
17 | unsigned char *outblob; | 17 | unsigned char *outblob; | |
18 | int outlen; | 18 | int outlen; | |
19 | struct mpint_pos numbers[6]; | 19 | struct mpint_pos numbers[6]; | |
20 | - int nnumbers, initial_zero, pos, lenpos, i; | 20 | - int nnumbers, initial_zero, pos, lenpos, i; | |
21 | - char *type; | 21 | - char *type; | |
22 | + int nnumbers = 0, initial_zero = 0, pos = 0, lenpos = 0, i = 0; | 22 | + int nnumbers = 0, initial_zero = 0, pos = 0, lenpos = 0, i = 0; | |
23 | + char *type = NULL; | 23 | + char *type = NULL; | |
24 | char *ciphertext; | 24 | char *ciphertext; | |
25 | int cipherlen; | 25 | int cipherlen; | |
26 | int ret = 0; | 26 | int ret = 0; |
@@ -1,17 +1,17 @@ | @@ -1,17 +1,17 @@ | |||
1 | $NetBSD: patch-unix_uxnet.c,v 1.1 2012/02/22 15:27:17 wiz Exp $ | 1 | $NetBSD: patch-unix_uxnet.c,v 1.1.14.1 2013/08/21 19:40:13 tron Exp $ | |
2 | 2 | |||
3 | --- unix/uxnet.c.orig 2009-08-06 22:55:15.000000000 +0000 | 3 | --- unix/uxnet.c.orig 2013-07-27 18:35:48.000000000 +0000 | |
4 | +++ unix/uxnet.c | 4 | +++ unix/uxnet.c | |
5 | @@ -526,10 +526,10 @@ static int try_connect(Actual_Socket soc | 5 | @@ -534,10 +534,10 @@ static int try_connect(Actual_Socket soc | |
6 | { | 6 | { | |
7 | int s; | 7 | int s; | |
8 | union sockaddr_union u; | 8 | union sockaddr_union u; | |
9 | - const union sockaddr_union *sa; | 9 | - const union sockaddr_union *sa; | |
10 | + const union sockaddr_union *sa = NULL; | 10 | + const union sockaddr_union *sa = NULL; | |
11 | int err = 0; | 11 | int err = 0; | |
12 | short localport; | 12 | short localport; | |
13 | - int fl, salen, family; | 13 | - int salen, family; | |
14 | + int fl, salen = 0, family; | 14 | + int salen = 0, family; | |
15 | 15 | |||
16 | /* | 16 | /* | |
17 | * Remove the socket from the tree before we overwrite its | 17 | * Remove the socket from the tree before we overwrite its |
@@ -1,26 +1,27 @@ | @@ -1,26 +1,27 @@ | |||
1 | $NetBSD: patch-windows_window.c,v 1.1 2012/02/22 15:27:17 wiz Exp $ | 1 | $NetBSD: patch-windows_window.c,v 1.1.14.1 2013/08/21 19:40:13 tron Exp $ | |
2 | 2 | |||
3 | Make the home/end keys work on BSD servers as well as Linux ones | 3 | Make the home/end keys work on BSD servers as well as Linux ones | |
4 | 4 | |||
5 | --- windows/window.c.orig 2011-07-16 11:26:19.000000000 +0000 | 5 | --- windows/window.c.orig 2013-08-04 19:32:10.000000000 +0000 | |
6 | +++ windows/window.c | 6 | +++ windows/window.c | |
7 | @@ -4302,8 +4302,17 @@ static int TranslateKey(UINT message, WP | 7 | @@ -4520,9 +4520,17 @@ static int TranslateKey(UINT message, WP | |
8 | p += sprintf((char *) p, "\x1BO%c", code + 'P' - 11); | 8 | p += sprintf((char *) p, "\x1BO%c", code + 'P' - 11); | |
9 | return p - output; | 9 | return p - output; | |
10 | } | 10 | } | |
11 | - if (cfg.rxvt_homeend && (code == 1 || code == 4)) { | 11 | - if ((code == 1 || code == 4) && | |
12 | - conf_get_int(conf, CONF_rxvt_homeend)) { | |||
12 | - p += sprintf((char *) p, code == 1 ? "\x1B[H" : "\x1BOw"); | 13 | - p += sprintf((char *) p, code == 1 ? "\x1B[H" : "\x1BOw"); | |
13 | + /* Home/End */ | 14 | + /* Home/End */ | |
14 | + if (code == 1 || code == 4) { | 15 | + if (code == 1 || code == 4) { | |
15 | + /* Send the correct XTerm or rxvt codes for home/end | 16 | + /* Send the correct XTerm or rxvt codes for home/end | |
16 | + * We used to send ^[1~ and [4~ for Xterm, | 17 | + * We used to send ^[1~ and [4~ for Xterm, | |
17 | + * but those are Linux console */ | 18 | + * but those are Linux console */ | |
18 | + const char *he; | 19 | + const char *he; | |
19 | + if (cfg.rxvt_homeend) | 20 | + if (conf_get_int(conf, CONF_rxvt_homeend)) | |
20 | + he = code == 1 ? "\x1B[7~" : "\x1B[8~"; | 21 | + he = code == 1 ? "\x1B[7~" : "\x1B[8~"; | |
21 | + else | 22 | + else | |
22 | + he = code == 1 ? "\x1BOH" : "\x1BOF"; | 23 | + he = code == 1 ? "\x1BOH" : "\x1BOF"; | |
23 | + p += sprintf((char *) p, he); | 24 | + p += sprintf((char *) p, he); | |
24 | return p - output; | 25 | return p - output; | |
25 | } | 26 | } | |
26 | if (code) { | 27 | if (code) { |
@@ -1,28 +1,26 @@ | @@ -1,28 +1,26 @@ | |||
1 | $NetBSD: patch-timing.c,v 1.1 2012/11/01 19:32:44 joerg Exp $ | 1 | $NetBSD: patch-timing.c,v 1.1.6.1 2013/08/21 19:40:13 tron Exp $ | |
2 | 2 | |||
3 | --- timing.c.orig 2012-10-30 22:23:57.000000000 +0000 | 3 | --- timing.c.orig 2012-09-19 22:12:00.000000000 +0000 | |
4 | +++ timing.c | 4 | +++ timing.c | |
5 | @@ -41,21 +41,10 @@ static int compare_timers(void *av, void | 5 | @@ -60,19 +60,10 @@ static int compare_timers(void *av, void | |
6 | * Failing that, compare on the other two fields, just so that | 6 | * Failing that, compare on the other two fields, just so that | |
7 | * we don't get unwanted equality. | 7 | * we don't get unwanted equality. | |
8 | */ | 8 | */ | |
9 | -#ifdef __LCC__ | 9 | -#if defined(__LCC__) || defined(__clang__) | |
10 | - /* lcc won't let us compare function pointers. Legal, but annoying. */ | 10 | - /* lcc won't let us compare function pointers. Legal, but annoying. */ | |
11 | - { | 11 | - { | |
12 | - int c = memcmp(&a->fn, &b->fn, sizeof(a->fn)); | 12 | - int c = memcmp(&a->fn, &b->fn, sizeof(a->fn)); | |
13 | - if (c < 0) | 13 | - if (c) | |
14 | - return -1; | 14 | - return c; | |
15 | - else if (c > 0) | |||
16 | - return +1; | |||
17 | - } | 15 | - } | |
18 | -#else | 16 | -#else | |
19 | - if (a->fn < b->fn) | 17 | - if (a->fn < b->fn) | |
20 | + if ((uintptr_t)a->fn < (uintptr_t)b->fn) | 18 | + if ((uintptr_t)a->fn < (uintptr_t)b->fn) | |
21 | return -1; | 19 | return -1; | |
22 | - else if (a->fn > b->fn) | 20 | - else if (a->fn > b->fn) | |
23 | + else if ((uintptr_t)a->fn > (uintptr_t)b->fn) | 21 | + else if ((uintptr_t)a->fn > (uintptr_t)b->fn) | |
24 | return +1; | 22 | return +1; | |
25 | -#endif | 23 | -#endif | |
26 | 24 | |||
27 | if (a->ctx < b->ctx) | 25 | if (a->ctx < b->ctx) | |
28 | return -1; | 26 | return -1; |
@@ -1,13 +1,13 @@ | @@ -1,13 +1,13 @@ | |||
1 | $NetBSD: patch-unix_uxucs.c,v 1.1 2012/11/01 19:32:44 joerg Exp $ | 1 | $NetBSD: patch-unix_uxucs.c,v 1.1.6.1 2013/08/21 19:40:13 tron Exp $ | |
2 | 2 | |||
3 | --- unix/uxucs.c.orig 2012-10-30 22:26:02.000000000 +0000 | 3 | --- unix/uxucs.c.orig 2013-07-22 07:12:05.000000000 +0000 | |
4 | +++ unix/uxucs.c | 4 | +++ unix/uxucs.c | |
5 | @@ -76,7 +76,7 @@ int wc_to_mb(int codepage, int flags, wc | 5 | @@ -72,7 +72,7 @@ int wc_to_mb(int codepage, int flags, co | |
6 | setlocale(LC_CTYPE, ""); | 6 | memset(&state, 0, sizeof state); | |
7 | 7 | |||
8 | while (wclen > 0) { | 8 | while (wclen > 0) { | |
9 | - int i = wcrtomb(output, wcstr[0], &state); | 9 | - int i = wcrtomb(output, wcstr[0], &state); | |
10 | + size_t i = wcrtomb(output, wcstr[0], &state); | 10 | + size_t i = wcrtomb(output, wcstr[0], &state); | |
11 | if (i == (size_t)-1 || i > n - mblen) | 11 | if (i == (size_t)-1 || i > n - mblen) | |
12 | break; | 12 | break; | |
13 | memcpy(mbstr+n, output, i); | 13 | memcpy(mbstr+n, output, i); |
@@ -1,27 +1,28 @@ | @@ -1,27 +1,28 @@ | |||
1 | $NetBSD: patch-unix_gtkwin.c,v 1.2 2012/11/01 19:32:44 joerg Exp $ | 1 | $NetBSD: patch-unix_gtkwin.c,v 1.2.6.1 2013/08/21 19:40:13 tron Exp $ | |
2 | 2 | |||
3 | Make the home/end keys work on BSD servers as well as Linux ones | 3 | Make the home/end keys work on BSD servers as well as Linux ones | |
4 | 4 | |||
5 | --- unix/gtkwin.c.orig 2011-05-07 10:57:19.000000000 +0000 | 5 | --- unix/gtkwin.c.orig 2013-07-20 13:15:10.000000000 +0000 | |
6 | +++ unix/gtkwin.c | 6 | +++ unix/gtkwin.c | |
7 | @@ -1033,9 +1033,17 @@ gint key_event(GtkWidget *widget, GdkEve | 7 | @@ -1132,10 +1132,17 @@ gint key_event(GtkWidget *widget, GdkEve | |
8 | use_ucsoutput = FALSE; | 8 | use_ucsoutput = FALSE; | |
9 | goto done; | 9 | goto done; | |
10 | } | 10 | } | |
11 | - if (inst->cfg.rxvt_homeend && (code == 1 || code == 4)) { | 11 | - if ((code == 1 || code == 4) && | |
12 | - conf_get_int(inst->conf, CONF_rxvt_homeend)) { | |||
12 | - end = 1 + sprintf(output+1, code == 1 ? "\x1B[H" : "\x1BOw"); | 13 | - end = 1 + sprintf(output+1, code == 1 ? "\x1B[H" : "\x1BOw"); | |
13 | - use_ucsoutput = FALSE; | 14 | - use_ucsoutput = FALSE; | |
14 | + /* Home/End */ | 15 | + /* Home/End */ | |
15 | + if (code == 1 || code == 4) { | 16 | + if (code == 1 || code == 4) { | |
16 | + /* Send the correct XTerm or rxvt codes for home/end | 17 | + /* Send the correct XTerm or rxvt codes for home/end | |
17 | + * We used to send ^[1~ and [4~ for Xterm, | 18 | + * We used to send ^[1~ and [4~ for Xterm, | |
18 | + * but those are Linux console */ | 19 | + * but those are Linux console */ | |
19 | + const char *he; | 20 | + const char *he; | |
20 | + if (inst->cfg.rxvt_homeend) | 21 | + if (conf_get_int(inst->conf, CONF_rxvt_homeend)) | |
21 | + he = code == 1 ? "\x1B[7~" : "\x1B[8~"; | 22 | + he = code == 1 ? "\x1B[7~" : "\x1B[8~"; | |
22 | + else | 23 | + else | |
23 | + he = code == 1 ? "\x1BOH" : "\x1BOF"; | 24 | + he = code == 1 ? "\x1BOH" : "\x1BOF"; | |
24 | + end = 1 + sprintf(output+1, "%s", he); | 25 | + end = 1 + sprintf(output+1, "%s", he); | |
25 | goto done; | 26 | goto done; | |
26 | } | 27 | } | |
27 | if (code) { | 28 | if (code) { |