diff options
| author | drochner <drochner> | 2013-08-06 12:55:10 +0000 |
|---|---|---|
| committer | drochner <drochner> | 2013-08-06 12:55:10 +0000 |
| commit | e63b7b7ca688e8a5cedf7f2f2c49610e36649516 (patch) | |
| tree | 8407b0a7ce513de9aeb1cf23a613e908bd517f8a /net | |
| parent | b51f07cf1dd93837a9802a1a74852849f71054dd (diff) | |
| download | pkgsrc-e63b7b7ca688e8a5cedf7f2f2c49610e36649516.tar.gz | |
apply patches from pkgsrc/security/putty to fix embedded sftp client
bump PKGREV
Diffstat (limited to 'net')
| -rw-r--r-- | net/filezilla/Makefile | 4 | ||||
| -rw-r--r-- | net/filezilla/distinfo | 5 | ||||
| -rw-r--r-- | net/filezilla/patches/patch-CVE-2013-4852-1 | 24 | ||||
| -rw-r--r-- | net/filezilla/patches/patch-CVE-2013-4852-2 | 13 | ||||
| -rw-r--r-- | net/filezilla/patches/patch-CVE-2013-4852-3 | 13 |
5 files changed, 56 insertions, 3 deletions
diff --git a/net/filezilla/Makefile b/net/filezilla/Makefile index 615613f70b2..2fe3153af48 100644 --- a/net/filezilla/Makefile +++ b/net/filezilla/Makefile @@ -1,10 +1,10 @@ -# $NetBSD: Makefile,v 1.43 2013/06/06 12:54:55 wiz Exp $ +# $NetBSD: Makefile,v 1.44 2013/08/06 12:55:10 drochner Exp $ # VERSION= 3.5.0 DISTNAME= FileZilla_${VERSION}_src PKGNAME= filezilla-${VERSION} -PKGREVISION= 18 +PKGREVISION= 19 CATEGORIES= net x11 MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=filezilla/} EXTRACT_SUFX= .tar.bz2 diff --git a/net/filezilla/distinfo b/net/filezilla/distinfo index 059957a4e6c..be811461e1a 100644 --- a/net/filezilla/distinfo +++ b/net/filezilla/distinfo @@ -1,7 +1,10 @@ -$NetBSD: distinfo,v 1.16 2012/07/06 15:37:23 drochner Exp $ +$NetBSD: distinfo,v 1.17 2013/08/06 12:55:10 drochner Exp $ SHA1 (FileZilla_3.5.0_src.tar.bz2) = 0d351b74bbe70cbfea1d315fd07193089e6e1c9d RMD160 (FileZilla_3.5.0_src.tar.bz2) = c3ffc60ced15b7055c34d6ef07c97f516e6f276d Size (FileZilla_3.5.0_src.tar.bz2) = 3348649 bytes +SHA1 (patch-CVE-2013-4852-1) = dd22cfde06eb3f949801e84f3f7daec5578f81bb +SHA1 (patch-CVE-2013-4852-2) = 5bf47fc19cc5676fe8abeab799f62083da14b1ff +SHA1 (patch-CVE-2013-4852-3) = 6a0e97a0eb4afb37a087a0b1adb4698af3fe5a2d SHA1 (patch-aa) = 78237ce599dafa640b1488f188376ecc835dfe45 SHA1 (patch-data_makezip.sh.in) = 80acc96fce08e2e0831a4da0613f7b2eaebad465 diff --git a/net/filezilla/patches/patch-CVE-2013-4852-1 b/net/filezilla/patches/patch-CVE-2013-4852-1 new file mode 100644 index 00000000000..cbc780a8dec --- /dev/null +++ b/net/filezilla/patches/patch-CVE-2013-4852-1 @@ -0,0 +1,24 @@ +$NetBSD: patch-CVE-2013-4852-1,v 1.1 2013/08/06 12:55:10 drochner Exp $ + +see http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896 + +--- src/putty/sshdss.c.orig 2007-11-23 11:34:00.000000000 +0000 ++++ src/putty/sshdss.c +@@ -43,6 +43,8 @@ static void getstring(char **data, int * + if (*datalen < 4) + return; + *length = GET_32BIT(*data); ++ if (*length < 0) ++ return; + *datalen -= 4; + *data += 4; + if (*datalen < *length) +@@ -98,7 +100,7 @@ static void *dss_newkey(char *data, int + } + #endif + +- if (!p || memcmp(p, "ssh-dss", 7)) { ++ if (!p || slen != 7 || memcmp(p, "ssh-dss", 7)) { + sfree(dss); + return NULL; + } diff --git a/net/filezilla/patches/patch-CVE-2013-4852-2 b/net/filezilla/patches/patch-CVE-2013-4852-2 new file mode 100644 index 00000000000..f448d55026b --- /dev/null +++ b/net/filezilla/patches/patch-CVE-2013-4852-2 @@ -0,0 +1,13 @@ +$NetBSD: patch-CVE-2013-4852-2,v 1.1 2013/08/06 12:55:10 drochner Exp $ + +--- src/putty/sshrsa.c.orig 2009-01-03 15:44:15.000000000 +0000 ++++ src/putty/sshrsa.c +@@ -450,6 +450,8 @@ static void getstring(char **data, int * + if (*datalen < 4) + return; + *length = GET_32BIT(*data); ++ if (*length < 0) ++ return; + *datalen -= 4; + *data += 4; + if (*datalen < *length) diff --git a/net/filezilla/patches/patch-CVE-2013-4852-3 b/net/filezilla/patches/patch-CVE-2013-4852-3 new file mode 100644 index 00000000000..c4ee3ef850a --- /dev/null +++ b/net/filezilla/patches/patch-CVE-2013-4852-3 @@ -0,0 +1,13 @@ +$NetBSD: patch-CVE-2013-4852-3,v 1.1 2013/08/06 12:55:10 drochner Exp $ + +--- src/putty/import.c.orig 2008-02-22 03:00:11.000000000 +0000 ++++ src/putty/import.c +@@ -290,7 +290,7 @@ static int ssh2_read_mpint(void *data, i + if (len < 4) + goto error; + bytes = GET_32BIT(d); +- if (len < 4+bytes) ++ if (bytes < 0 || len-4 < bytes) + goto error; + + ret->start = d + 4; |