update to 3.7.3

change: putty security fixes were integrated (was patched in pkgsrc)

4 files changed, 6 insertions, 124 deletions

diff --git a/net/filezilla/Makefile b/net/filezilla/Makefile
index f51d1c21ce2..69a7a93e0b2 100644
--- a/net/filezilla/Makefile
+++ b/net/filezilla/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.45 2013/08/07 16:48:49 drochner Exp $
+# $NetBSD: Makefile,v 1.46 2013/08/23 10:56:46 drochner Exp $
 #
 
-VERSION=	3.7.2
+VERSION=	3.7.3
 DISTNAME=	FileZilla_${VERSION}_src
 PKGNAME=	filezilla-${VERSION}
 CATEGORIES=	net x11
diff --git a/net/filezilla/distinfo b/net/filezilla/distinfo
index 5c6bab14440..79487d1b0d4 100644
--- a/net/filezilla/distinfo
+++ b/net/filezilla/distinfo
@@ -1,8 +1,6 @@
-$NetBSD: distinfo,v 1.18 2013/08/07 16:48:49 drochner Exp $
+$NetBSD: distinfo,v 1.19 2013/08/23 10:56:46 drochner Exp $
 
-SHA1 (FileZilla_3.7.2_src.tar.bz2) = 12a241004bf10a4e28fec33c4d7e219dc3f8635e
-RMD160 (FileZilla_3.7.2_src.tar.bz2) = 2e993c7c9fa04e6e72cd9c120df871f4cdc4e09c
-Size (FileZilla_3.7.2_src.tar.bz2) = 3682007 bytes
-SHA1 (patch-CVE-2013-4206) = e4e6d4c5d26449d29a3b9d27956ecc6a255eeac7
-SHA1 (patch-CVE-2013-4208) = fd3a73dc554bf5bc39bac1150dd11594b4556346
+SHA1 (FileZilla_3.7.3_src.tar.bz2) = 34c3dd1943816a916c54e49cbbea51c97ef3f583
+RMD160 (FileZilla_3.7.3_src.tar.bz2) = 8fefebae9f2024dedab9841dc6fe3876305f8d2f
+Size (FileZilla_3.7.3_src.tar.bz2) = 3682494 bytes
 SHA1 (patch-data_makezip.sh.in) = 80acc96fce08e2e0831a4da0613f7b2eaebad465
diff --git a/net/filezilla/patches/patch-CVE-2013-4206 b/net/filezilla/patches/patch-CVE-2013-4206
deleted file mode 100644
index 5ea64c704b3..00000000000
--- a/net/filezilla/patches/patch-CVE-2013-4206
+++ /dev/null
@@ -1,87 +0,0 @@
-$NetBSD: patch-CVE-2013-4206,v 1.1 2013/08/07 16:48:49 drochner Exp $
-
-fixes also CVE-2013-4207
-http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9977
-http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9996
-
---- src/putty/sshbn.c.orig	2011-08-21 17:53:50.000000000 +0000
-+++ src/putty/sshbn.c
-@@ -1018,6 +1018,13 @@ Bignum modmul(Bignum p, Bignum q, Bignum
- 
-     pqlen = (p[0] > q[0] ? p[0] : q[0]);
- 
-+    /*
-+     * Make sure that we're allowing enough space. The shifting below
-+     * will underflow the vectors we allocate if pqlen is too small.
-+     */
-+    if (2*pqlen <= mlen)
-+        pqlen = mlen/2 + 1;
-+
-     /* Allocate n of size pqlen, copy p to n */
-     n = snewn(pqlen, BignumInt);
-     i = pqlen - p[0];
-@@ -1306,7 +1313,18 @@ int ssh1_write_bignum(void *data, Bignum
- int bignum_cmp(Bignum a, Bignum b)
- {
-     int amax = a[0], bmax = b[0];
--    int i = (amax > bmax ? amax : bmax);
-+    int i;
-+
-+    /* Annoyingly we have two representations of zero */
-+    if (amax == 1 && a[amax] == 0)
-+	    amax = 0;
-+    if (bmax == 1 && b[bmax] == 0)
-+	    bmax = 0;
-+
-+    assert(amax == 0 || a[amax] != 0);
-+    assert(bmax == 0 || b[bmax] != 0);
-+
-+    i = (amax > bmax ? amax : bmax);
-     while (i) {
- 	BignumInt aval = (i > amax ? 0 : a[i]);
- 	BignumInt bval = (i > bmax ? 0 : b[i]);
-@@ -1864,6 +1882,44 @@ int main(int argc, char **argv)
-             freebn(b);
-             freebn(c);
-             freebn(p);
-+        } else if (!strcmp(buf, "modmul")) {
-+            Bignum a, b, m, c, p;
-+
-+            if (ptrnum != 4) {
-+                printf("%d: modmul with %d parameters, expected 4\n",
-+                       line, ptrnum);
-+                exit(1);
-+            }
-+            a = bignum_from_bytes(ptrs[0], ptrs[1]-ptrs[0]);
-+            b = bignum_from_bytes(ptrs[1], ptrs[2]-ptrs[1]);
-+            m = bignum_from_bytes(ptrs[2], ptrs[3]-ptrs[2]);
-+            c = bignum_from_bytes(ptrs[3], ptrs[4]-ptrs[3]);
-+            p = modmul(a, b, m);
-+
-+            if (bignum_cmp(c, p) == 0) {
-+                passes++;
-+            } else {
-+                char *as = bignum_decimal(a);
-+                char *bs = bignum_decimal(b);
-+                char *ms = bignum_decimal(m);
-+                char *cs = bignum_decimal(c);
-+                char *ps = bignum_decimal(p);
-+                
-+                printf("%d: fail: %s * %s mod %s gave %s expected %s\n",
-+                       line, as, bs, ms, ps, cs);
-+                fails++;
-+
-+                sfree(as);
-+                sfree(bs);
-+                sfree(ms);
-+                sfree(cs);
-+                sfree(ps);
-+            }
-+            freebn(a);
-+            freebn(b);
-+            freebn(m);
-+            freebn(c);
-+            freebn(p);
-         } else if (!strcmp(buf, "pow")) {
-             Bignum base, expt, modulus, expected, answer;
- 
diff --git a/net/filezilla/patches/patch-CVE-2013-4208 b/net/filezilla/patches/patch-CVE-2013-4208
deleted file mode 100644
index 5464fa7c5d2..00000000000
--- a/net/filezilla/patches/patch-CVE-2013-4208
+++ /dev/null
@@ -1,29 +0,0 @@
-$NetBSD: patch-CVE-2013-4208,v 1.1 2013/08/07 16:48:49 drochner Exp $
-
-http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9988
-
---- src/putty/sshdss.c.orig	2013-08-06 09:08:32.000000000 +0000
-+++ src/putty/sshdss.c
-@@ -251,8 +251,13 @@ static int dss_verifysig(void *key, char
-     }
-     r = get160(&sig, &siglen);
-     s = get160(&sig, &siglen);
--    if (!r || !s)
-+    if (!r || !s) {
-+        if (r)
-+            freebn(r);
-+        if (s)
-+            freebn(s);
- 	return 0;
-+    }
- 
-     /*
-      * Step 1. w <- s^-1 mod q.
-@@ -601,6 +606,7 @@ static unsigned char *dss_sign(void *key
-     s = modmul(kinv, hxr, dss->q);     /* s = k^-1 * (hash + x*r) mod q */
-     freebn(hxr);
-     freebn(kinv);
-+    freebn(k);
-     freebn(hash);
- 
-     /*