Wed Aug 21 19:40:13 2013 UTC ()
Pullup ticket #4216 - requested by drochner
security/putty: security update
Revisions pulled up:
- security/putty/Makefile 1.34-1.35
- security/putty/distinfo 1.14-1.15
- security/putty/patches/patch-CVE-2013-4852-1 deleted
- security/putty/patches/patch-CVE-2013-4852-2 deleted
- security/putty/patches/patch-import.c 1.2-1.3
- security/putty/patches/patch-terminal.c deleted
- security/putty/patches/patch-timing.c 1.2
- security/putty/patches/patch-unix_gtkfont_c deleted
- security/putty/patches/patch-unix_gtkwin.c 1.3
- security/putty/patches/patch-unix_uxnet.c 1.2
- security/putty/patches/patch-unix_uxucs.c 1.2
- security/putty/patches/patch-windows_window.c 1.2
---
Module Name: pkgsrc
Committed By: drochner
Date: Tue Aug 6 12:23:37 UTC 2013
Modified Files:
pkgsrc/security/putty: Makefile distinfo
pkgsrc/security/putty/patches: patch-import.c
Added Files:
pkgsrc/security/putty/patches: patch-CVE-2013-4852-1
patch-CVE-2013-4852-2
Log Message:
add patch from upstream to fix possible heap overflow in SSH handshake
due to integer overflow (CVE-2013-4852)
bump PKGREV
---
Module Name: pkgsrc
Committed By: drochner
Date: Wed Aug 7 11:06:39 UTC 2013
Modified Files:
pkgsrc/security/putty: Makefile distinfo
pkgsrc/security/putty/patches: patch-import.c patch-timing.c
patch-unix_gtkwin.c patch-unix_uxnet.c patch-unix_uxucs.c
patch-windows_window.c
Removed Files:
pkgsrc/security/putty/patches: patch-CVE-2013-4852-1
patch-CVE-2013-4852-2 patch-terminal.c patch-unix_gtkfont_c
Log Message:
update to 0.63
This fixes a buffer overflow which was patched in pkgsrc
(CVE-2013-4852), two other buffer overflows (CVE-2013-4206,
CVE-2013-4207), and it clears private keys after use now
(CVE-2013-4208). Other than that, there are mostly bug fixes from 0.62
and a few small features.
(tron)
diff -r1.33 -r1.33.2.1 pkgsrc/security/putty/Makefile
diff -r1.13 -r1.13.6.1 pkgsrc/security/putty/distinfo
diff -r1.1 -r1.1.14.1 pkgsrc/security/putty/patches/patch-import.c
diff -r1.1 -r1.1.14.1 pkgsrc/security/putty/patches/patch-unix_uxnet.c
diff -r1.1 -r1.1.14.1 pkgsrc/security/putty/patches/patch-windows_window.c
diff -r1.2 -r0 pkgsrc/security/putty/patches/patch-terminal.c
diff -r1.1 -r1.1.6.1 pkgsrc/security/putty/patches/patch-timing.c
diff -r1.1 -r1.1.6.1 pkgsrc/security/putty/patches/patch-unix_uxucs.c
diff -r1.1 -r0 pkgsrc/security/putty/patches/patch-unix_gtkfont_c
diff -r1.2 -r1.2.6.1 pkgsrc/security/putty/patches/patch-unix_gtkwin.c
--- pkgsrc/security/putty/Makefile 2013/06/06 12:55:01 1.33
+++ pkgsrc/security/putty/Makefile 2013/08/21 19:40:13 1.33.2.1
@@ -1,10 +1,9 @@
-# $NetBSD: Makefile,v 1.33 2013/06/06 12:55:01 wiz Exp $
+# $NetBSD: Makefile,v 1.33.2.1 2013/08/21 19:40:13 tron Exp $
#
-DISTNAME= putty-0.62
-PKGREVISION= 9
+DISTNAME= putty-0.63
CATEGORIES= security
-MASTER_SITES= http://the.earth.li/~sgtatham/putty/0.62/
+MASTER_SITES= http://the.earth.li/~sgtatham/putty/0.63/
MAINTAINER= pkgsrc-users@NetBSD.org
HOMEPAGE= http://www.chiark.greenend.org.uk/~sgtatham/putty/
--- pkgsrc/security/putty/distinfo 2012/11/01 19:32:44 1.13
+++ pkgsrc/security/putty/distinfo 2013/08/21 19:40:13 1.13.6.1
@@ -1,15 +1,13 @@
-$NetBSD: distinfo,v 1.13 2012/11/01 19:32:44 joerg Exp $
+$NetBSD: distinfo,v 1.13.6.1 2013/08/21 19:40:13 tron Exp $
-SHA1 (putty-0.62.tar.gz) = 5898438614117ee7e3704fc3f30a3c4bf2041380
-RMD160 (putty-0.62.tar.gz) = 48324416005eb4b14654fc9e0e14d39f20971507
-Size (putty-0.62.tar.gz) = 1783106 bytes
-SHA1 (patch-import.c) = c2dc26aa851a326ea89e782ef93ae7bfdc916366
+SHA1 (putty-0.63.tar.gz) = 195c0603ef61082b91276faa8d4246ea472bba3b
+RMD160 (putty-0.63.tar.gz) = cf28d88a5f0e1db6c21bb0308bd59ed4d6399e5f
+Size (putty-0.63.tar.gz) = 1887913 bytes
+SHA1 (patch-import.c) = da6a34ec3412985858babb28821296c40e30d96b
SHA1 (patch-ldisc.c) = e4dd89bfb2ddcb47aad46cc7c311f424aa6ab6be
-SHA1 (patch-terminal.c) = bed37a83bb7afc56ff34d48f8079b37d9db0f948
-SHA1 (patch-timing.c) = b836da7194aa72ac88d94951070dc65f11978703
+SHA1 (patch-timing.c) = 9dd79fde390878960e97c456628bbd5dcbcd07f9
SHA1 (patch-unix_Makefile.gtk) = 0ad8226e2ad8e6e40d3eb9ddef4b22e7d07b7895
-SHA1 (patch-unix_gtkfont_c) = 0e57d4f49466ac73fb0d8cc8efb635e6f8a37f44
+SHA1 (patch-unix_gtkwin.c) = ccabdde03fda8bbc24d659a440fe48f96ab5d867
-SHA1 (patch-unix_gtkwin.c) = c62d1888b93476972180d14b1fd06d0ab8c8b04b
+SHA1 (patch-unix_uxnet.c) = 2d1c2939721993fe5616c2fe3f1935c03a31bb35
-SHA1 (patch-unix_uxnet.c) = 50e39093ece97b189da4a736713b59ed72c162d9
+SHA1 (patch-unix_uxucs.c) = a2a5021b515c3bade1126ed062bdc1eece1ca0f9
-SHA1 (patch-unix_uxucs.c) = c8a2c4a5f0f50a0c87ec643acd7a02f16dba576f
+SHA1 (patch-windows_window.c) = e851bad963967429131286c18e39d1ac4add4ae7
-SHA1 (patch-windows_window.c) = 0c9f4ad5870e63793278d6f04cae88154611e596
--- pkgsrc/security/putty/patches/Attic/patch-import.c 2012/02/22 15:27:16 1.1
+++ pkgsrc/security/putty/patches/Attic/patch-import.c 2013/08/21 19:40:13 1.1.14.1
@@ -1,8 +1,8 @@
-$NetBSD: patch-import.c,v 1.1 2012/02/22 15:27:16 wiz Exp $
+$NetBSD: patch-import.c,v 1.1.14.1 2013/08/21 19:40:13 tron Exp $
---- import.c.orig 2010-04-12 11:02:06.000000000 +0000
+--- import.c.orig 2013-07-20 13:15:20.000000000 +0000
+++ import.c
-@@ -717,8 +717,8 @@ int openssh_write(const Filename *filena
+@@ -725,8 +725,8 @@ int openssh_write(const Filename *filena
unsigned char *outblob;
int outlen;
struct mpint_pos numbers[9];
@@ -13,7 +13,7 @@
char zero[1];
unsigned char iv[8];
int ret = 0;
-@@ -1513,8 +1513,8 @@ int sshcom_write(const Filename *filenam
+@@ -1547,8 +1547,8 @@ int sshcom_write(const Filename *filenam
unsigned char *outblob;
int outlen;
struct mpint_pos numbers[6];
--- pkgsrc/security/putty/patches/Attic/patch-unix_uxnet.c 2012/02/22 15:27:17 1.1
+++ pkgsrc/security/putty/patches/Attic/patch-unix_uxnet.c 2013/08/21 19:40:13 1.1.14.1
@@ -1,8 +1,8 @@
-$NetBSD: patch-unix_uxnet.c,v 1.1 2012/02/22 15:27:17 wiz Exp $
+$NetBSD: patch-unix_uxnet.c,v 1.1.14.1 2013/08/21 19:40:13 tron Exp $
---- unix/uxnet.c.orig 2009-08-06 22:55:15.000000000 +0000
+--- unix/uxnet.c.orig 2013-07-27 18:35:48.000000000 +0000
+++ unix/uxnet.c
-@@ -526,10 +526,10 @@ static int try_connect(Actual_Socket soc
+@@ -534,10 +534,10 @@ static int try_connect(Actual_Socket soc
{
int s;
union sockaddr_union u;
@@ -10,8 +10,8 @@
+ const union sockaddr_union *sa = NULL;
int err = 0;
short localport;
-- int fl, salen, family;
-+ int fl, salen = 0, family;
+- int salen, family;
++ int salen = 0, family;
/*
* Remove the socket from the tree before we overwrite its
--- pkgsrc/security/putty/patches/Attic/patch-windows_window.c 2012/02/22 15:27:17 1.1
+++ pkgsrc/security/putty/patches/Attic/patch-windows_window.c 2013/08/21 19:40:13 1.1.14.1
@@ -1,14 +1,15 @@
-$NetBSD: patch-windows_window.c,v 1.1 2012/02/22 15:27:17 wiz Exp $
+$NetBSD: patch-windows_window.c,v 1.1.14.1 2013/08/21 19:40:13 tron Exp $
Make the home/end keys work on BSD servers as well as Linux ones
---- windows/window.c.orig 2011-07-16 11:26:19.000000000 +0000
+--- windows/window.c.orig 2013-08-04 19:32:10.000000000 +0000
+++ windows/window.c
-@@ -4302,8 +4302,17 @@ static int TranslateKey(UINT message, WP
+@@ -4520,9 +4520,17 @@ static int TranslateKey(UINT message, WP
p += sprintf((char *) p, "\x1BO%c", code + 'P' - 11);
return p - output;
}
-- if (cfg.rxvt_homeend && (code == 1 || code == 4)) {
+- if ((code == 1 || code == 4) &&
+- conf_get_int(conf, CONF_rxvt_homeend)) {
- p += sprintf((char *) p, code == 1 ? "\x1B[H" : "\x1BOw");
+ /* Home/End */
+ if (code == 1 || code == 4) {
@@ -16,7 +17,7 @@
+ * We used to send ^[1~ and [4~ for Xterm,
+ * but those are Linux console */
+ const char *he;
-+ if (cfg.rxvt_homeend)
++ if (conf_get_int(conf, CONF_rxvt_homeend))
+ he = code == 1 ? "\x1B[7~" : "\x1B[8~";
+ else
+ he = code == 1 ? "\x1BOH" : "\x1BOF";
--- pkgsrc/security/putty/patches/patch-timing.c 2012/11/01 19:32:44 1.1
+++ pkgsrc/security/putty/patches/patch-timing.c 2013/08/21 19:40:13 1.1.6.1
@@ -1,19 +1,17 @@
-$NetBSD: patch-timing.c,v 1.1 2012/11/01 19:32:44 joerg Exp $
+$NetBSD: patch-timing.c,v 1.1.6.1 2013/08/21 19:40:13 tron Exp $
---- timing.c.orig 2012-10-30 22:23:57.000000000 +0000
+--- timing.c.orig 2012-09-19 22:12:00.000000000 +0000
+++ timing.c
-@@ -41,21 +41,10 @@ static int compare_timers(void *av, void
+@@ -60,19 +60,10 @@ static int compare_timers(void *av, void
* Failing that, compare on the other two fields, just so that
* we don't get unwanted equality.
*/
--#ifdef __LCC__
+-#if defined(__LCC__) || defined(__clang__)
- /* lcc won't let us compare function pointers. Legal, but annoying. */
- {
- int c = memcmp(&a->fn, &b->fn, sizeof(a->fn));
-- if (c < 0)
-- return -1;
-- else if (c > 0)
-- return +1;
+- if (c)
+- return c;
- }
-#else
- if (a->fn < b->fn)
--- pkgsrc/security/putty/patches/Attic/patch-unix_uxucs.c 2012/11/01 19:32:44 1.1
+++ pkgsrc/security/putty/patches/Attic/patch-unix_uxucs.c 2013/08/21 19:40:13 1.1.6.1
@@ -1,9 +1,9 @@
-$NetBSD: patch-unix_uxucs.c,v 1.1 2012/11/01 19:32:44 joerg Exp $
+$NetBSD: patch-unix_uxucs.c,v 1.1.6.1 2013/08/21 19:40:13 tron Exp $
---- unix/uxucs.c.orig 2012-10-30 22:26:02.000000000 +0000
+--- unix/uxucs.c.orig 2013-07-22 07:12:05.000000000 +0000
+++ unix/uxucs.c
-@@ -76,7 +76,7 @@ int wc_to_mb(int codepage, int flags, wc
- setlocale(LC_CTYPE, "");
+@@ -72,7 +72,7 @@ int wc_to_mb(int codepage, int flags, co
+ memset(&state, 0, sizeof state);
while (wclen > 0) {
- int i = wcrtomb(output, wcstr[0], &state);
--- pkgsrc/security/putty/patches/Attic/patch-unix_gtkwin.c 2012/11/01 19:32:44 1.2
+++ pkgsrc/security/putty/patches/Attic/patch-unix_gtkwin.c 2013/08/21 19:40:13 1.2.6.1
@@ -1,14 +1,15 @@
-$NetBSD: patch-unix_gtkwin.c,v 1.2 2012/11/01 19:32:44 joerg Exp $
+$NetBSD: patch-unix_gtkwin.c,v 1.2.6.1 2013/08/21 19:40:13 tron Exp $
Make the home/end keys work on BSD servers as well as Linux ones
---- unix/gtkwin.c.orig 2011-05-07 10:57:19.000000000 +0000
+--- unix/gtkwin.c.orig 2013-07-20 13:15:10.000000000 +0000
+++ unix/gtkwin.c
-@@ -1033,9 +1033,17 @@ gint key_event(GtkWidget *widget, GdkEve
+@@ -1132,10 +1132,17 @@ gint key_event(GtkWidget *widget, GdkEve
use_ucsoutput = FALSE;
goto done;
}
-- if (inst->cfg.rxvt_homeend && (code == 1 || code == 4)) {
+- if ((code == 1 || code == 4) &&
+- conf_get_int(inst->conf, CONF_rxvt_homeend)) {
- end = 1 + sprintf(output+1, code == 1 ? "\x1B[H" : "\x1BOw");
- use_ucsoutput = FALSE;
+ /* Home/End */
@@ -17,7 +18,7 @@
+ * We used to send ^[1~ and [4~ for Xterm,
+ * but those are Linux console */
+ const char *he;
-+ if (inst->cfg.rxvt_homeend)
++ if (conf_get_int(inst->conf, CONF_rxvt_homeend))
+ he = code == 1 ? "\x1B[7~" : "\x1B[8~";
+ else
+ he = code == 1 ? "\x1BOH" : "\x1BOF";