summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authordrochner <drochner>2013-08-07 11:06:39 +0000
committerdrochner <drochner>2013-08-07 11:06:39 +0000
commit928f889f6e6abb635034173d7d5ceb030aa170ab (patch)
tree6d86bf0befbbfc67a4f9a340214263d4d5742a04 /security
parent238cac9274467ef94bab76462fc27aa9b5587c4d (diff)
downloadpkgsrc-928f889f6e6abb635034173d7d5ceb030aa170ab.tar.gz
update to 0.63
This fixes a buffer overflow which was patched in pkgsrc (CVE-2013-4852), two other buffer overflows (CVE-2013-4206, CVE-2013-4207), and it clears private keys after use now (CVE-2013-4208). Other than that, there are mostly bug fixes from 0.62 and a few small features.
Diffstat (limited to 'security')
-rw-r--r--security/putty/Makefile7
-rw-r--r--security/putty/distinfo24
-rw-r--r--security/putty/patches/patch-CVE-2013-4852-124
-rw-r--r--security/putty/patches/patch-CVE-2013-4852-213
-rw-r--r--security/putty/patches/patch-import.c19
-rw-r--r--security/putty/patches/patch-terminal.c46
-rw-r--r--security/putty/patches/patch-timing.c14
-rw-r--r--security/putty/patches/patch-unix_gtkfont_c87
-rw-r--r--security/putty/patches/patch-unix_gtkwin.c11
-rw-r--r--security/putty/patches/patch-unix_uxnet.c10
-rw-r--r--security/putty/patches/patch-unix_uxucs.c8
-rw-r--r--security/putty/patches/patch-windows_window.c11
12 files changed, 44 insertions, 230 deletions
diff --git a/security/putty/Makefile b/security/putty/Makefile
index fa5b573da04..68adeedfc4a 100644
--- a/security/putty/Makefile
+++ b/security/putty/Makefile
@@ -1,10 +1,9 @@
-# $NetBSD: Makefile,v 1.34 2013/08/06 12:23:37 drochner Exp $
+# $NetBSD: Makefile,v 1.35 2013/08/07 11:06:39 drochner Exp $
#
-DISTNAME= putty-0.62
-PKGREVISION= 10
+DISTNAME= putty-0.63
CATEGORIES= security
-MASTER_SITES= http://the.earth.li/~sgtatham/putty/0.62/
+MASTER_SITES= http://the.earth.li/~sgtatham/putty/0.63/
MAINTAINER= pkgsrc-users@NetBSD.org
HOMEPAGE= http://www.chiark.greenend.org.uk/~sgtatham/putty/
diff --git a/security/putty/distinfo b/security/putty/distinfo
index db59bd53145..cb4f88ba950 100644
--- a/security/putty/distinfo
+++ b/security/putty/distinfo
@@ -1,17 +1,13 @@
-$NetBSD: distinfo,v 1.14 2013/08/06 12:23:37 drochner Exp $
+$NetBSD: distinfo,v 1.15 2013/08/07 11:06:39 drochner Exp $
-SHA1 (putty-0.62.tar.gz) = 5898438614117ee7e3704fc3f30a3c4bf2041380
-RMD160 (putty-0.62.tar.gz) = 48324416005eb4b14654fc9e0e14d39f20971507
-Size (putty-0.62.tar.gz) = 1783106 bytes
-SHA1 (patch-CVE-2013-4852-1) = 9f81e7b1c1135f153d7af1c4ca264d0af8df0cd8
-SHA1 (patch-CVE-2013-4852-2) = ca90d823b5ea59e4759fd48f63c28f0c8a3378da
-SHA1 (patch-import.c) = 2d88e956bb04e66a836992347e1252eeca78e8de
+SHA1 (putty-0.63.tar.gz) = 195c0603ef61082b91276faa8d4246ea472bba3b
+RMD160 (putty-0.63.tar.gz) = cf28d88a5f0e1db6c21bb0308bd59ed4d6399e5f
+Size (putty-0.63.tar.gz) = 1887913 bytes
+SHA1 (patch-import.c) = da6a34ec3412985858babb28821296c40e30d96b
SHA1 (patch-ldisc.c) = e4dd89bfb2ddcb47aad46cc7c311f424aa6ab6be
-SHA1 (patch-terminal.c) = bed37a83bb7afc56ff34d48f8079b37d9db0f948
-SHA1 (patch-timing.c) = b836da7194aa72ac88d94951070dc65f11978703
+SHA1 (patch-timing.c) = 9dd79fde390878960e97c456628bbd5dcbcd07f9
SHA1 (patch-unix_Makefile.gtk) = 0ad8226e2ad8e6e40d3eb9ddef4b22e7d07b7895
-SHA1 (patch-unix_gtkfont_c) = 0e57d4f49466ac73fb0d8cc8efb635e6f8a37f44
-SHA1 (patch-unix_gtkwin.c) = c62d1888b93476972180d14b1fd06d0ab8c8b04b
-SHA1 (patch-unix_uxnet.c) = 50e39093ece97b189da4a736713b59ed72c162d9
-SHA1 (patch-unix_uxucs.c) = c8a2c4a5f0f50a0c87ec643acd7a02f16dba576f
-SHA1 (patch-windows_window.c) = 0c9f4ad5870e63793278d6f04cae88154611e596
+SHA1 (patch-unix_gtkwin.c) = ccabdde03fda8bbc24d659a440fe48f96ab5d867
+SHA1 (patch-unix_uxnet.c) = 2d1c2939721993fe5616c2fe3f1935c03a31bb35
+SHA1 (patch-unix_uxucs.c) = a2a5021b515c3bade1126ed062bdc1eece1ca0f9
+SHA1 (patch-windows_window.c) = e851bad963967429131286c18e39d1ac4add4ae7
diff --git a/security/putty/patches/patch-CVE-2013-4852-1 b/security/putty/patches/patch-CVE-2013-4852-1
deleted file mode 100644
index dea86d664dd..00000000000
--- a/security/putty/patches/patch-CVE-2013-4852-1
+++ /dev/null
@@ -1,24 +0,0 @@
-$NetBSD: patch-CVE-2013-4852-1,v 1.1 2013/08/06 12:23:37 drochner Exp $
-
-see http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896
-
---- sshdss.c.orig 2007-10-03 21:21:18.000000000 +0000
-+++ sshdss.c
-@@ -43,6 +43,8 @@ static void getstring(char **data, int *
- if (*datalen < 4)
- return;
- *length = GET_32BIT(*data);
-+ if (*length < 0)
-+ return;
- *datalen -= 4;
- *data += 4;
- if (*datalen < *length)
-@@ -98,7 +100,7 @@ static void *dss_newkey(char *data, int
- }
- #endif
-
-- if (!p || memcmp(p, "ssh-dss", 7)) {
-+ if (!p || slen != 7 || memcmp(p, "ssh-dss", 7)) {
- sfree(dss);
- return NULL;
- }
diff --git a/security/putty/patches/patch-CVE-2013-4852-2 b/security/putty/patches/patch-CVE-2013-4852-2
deleted file mode 100644
index 0e94ad8151f..00000000000
--- a/security/putty/patches/patch-CVE-2013-4852-2
+++ /dev/null
@@ -1,13 +0,0 @@
-$NetBSD: patch-CVE-2013-4852-2,v 1.1 2013/08/06 12:23:37 drochner Exp $
-
---- sshrsa.c.orig 2011-02-18 08:25:39.000000000 +0000
-+++ sshrsa.c
-@@ -526,6 +526,8 @@ static void getstring(char **data, int *
- if (*datalen < 4)
- return;
- *length = GET_32BIT(*data);
-+ if (*length < 0)
-+ return;
- *datalen -= 4;
- *data += 4;
- if (*datalen < *length)
diff --git a/security/putty/patches/patch-import.c b/security/putty/patches/patch-import.c
index 14617c99457..6d36e32d3ec 100644
--- a/security/putty/patches/patch-import.c
+++ b/security/putty/patches/patch-import.c
@@ -1,19 +1,8 @@
-$NetBSD: patch-import.c,v 1.2 2013/08/06 12:23:37 drochner Exp $
+$NetBSD: patch-import.c,v 1.3 2013/08/07 11:06:39 drochner Exp $
-see http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896
-
---- import.c.orig 2010-04-12 11:02:06.000000000 +0000
+--- import.c.orig 2013-07-20 13:15:20.000000000 +0000
+++ import.c
-@@ -290,7 +290,7 @@ static int ssh2_read_mpint(void *data, i
- if (len < 4)
- goto error;
- bytes = GET_32BIT(d);
-- if (len < 4+bytes)
-+ if (bytes < 0 || len-4 < bytes)
- goto error;
-
- ret->start = d + 4;
-@@ -717,8 +717,8 @@ int openssh_write(const Filename *filena
+@@ -725,8 +725,8 @@ int openssh_write(const Filename *filena
unsigned char *outblob;
int outlen;
struct mpint_pos numbers[9];
@@ -24,7 +13,7 @@ see http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896
char zero[1];
unsigned char iv[8];
int ret = 0;
-@@ -1513,8 +1513,8 @@ int sshcom_write(const Filename *filenam
+@@ -1547,8 +1547,8 @@ int sshcom_write(const Filename *filenam
unsigned char *outblob;
int outlen;
struct mpint_pos numbers[6];
diff --git a/security/putty/patches/patch-terminal.c b/security/putty/patches/patch-terminal.c
deleted file mode 100644
index 2b8c6a15cd0..00000000000
--- a/security/putty/patches/patch-terminal.c
+++ /dev/null
@@ -1,46 +0,0 @@
-$NetBSD: patch-terminal.c,v 1.2 2012/11/01 19:32:44 joerg Exp $
-
-Make the home/end keys work on BSD servers as well as Linux ones
-
---- terminal.c.orig 2011-07-16 11:27:05.000000000 +0000
-+++ terminal.c
-@@ -6202,13 +6202,6 @@ void term_key(Terminal *term, Key_Sym ke
- }
- }
-
-- /* RXVT Home/End */
-- if (term->cfg.rxvt_homeend &&
-- (keysym == PK_HOME || keysym == PK_END)) {
-- p += sprintf((char *) p, keysym == PK_HOME ? "\x1B[H" : "\x1BOw");
-- goto done;
-- }
--
- if (term->vt52_mode) {
- int xkey;
-
-@@ -6229,11 +6222,23 @@ void term_key(Terminal *term, Key_Sym ke
- goto done;
- }
-
-+ /* Home/End */
-+ if (keysym == PK_HOME || keysym == PK_END) {
-+ /* Send the correct XTerm or rxvt codes for home/end
-+ * We used to send ^[1~ and [4~ for Xterm,
-+ * but those are Linux console */
-+ const char *he;
-+ if (term->cfg.rxvt_homeend)
-+ he = keysym == PK_HOME ? "\x1B[7~" : "\x1B[8~";
-+ else
-+ he = keysym == PK_HOME ? "\x1BOH" : "\x1BOF";
-+ p += sprintf((char *) p, "%s", he);
-+ goto done;
-+ }
-+
- switch (keysym) {
-- case PK_HOME: code = 1; break;
- case PK_INSERT: code = 2; break;
- case PK_DELETE: code = 3; break;
-- case PK_END: code = 4; break;
- case PK_PAGEUP: code = 5; break;
- case PK_PAGEDOWN: code = 6; break;
- default: code = 0; break; /* else gcc warns `enum value not used' */
diff --git a/security/putty/patches/patch-timing.c b/security/putty/patches/patch-timing.c
index 36d0925334f..bf7716c0d71 100644
--- a/security/putty/patches/patch-timing.c
+++ b/security/putty/patches/patch-timing.c
@@ -1,19 +1,17 @@
-$NetBSD: patch-timing.c,v 1.1 2012/11/01 19:32:44 joerg Exp $
+$NetBSD: patch-timing.c,v 1.2 2013/08/07 11:06:39 drochner Exp $
---- timing.c.orig 2012-10-30 22:23:57.000000000 +0000
+--- timing.c.orig 2012-09-19 22:12:00.000000000 +0000
+++ timing.c
-@@ -41,21 +41,10 @@ static int compare_timers(void *av, void
+@@ -60,19 +60,10 @@ static int compare_timers(void *av, void
* Failing that, compare on the other two fields, just so that
* we don't get unwanted equality.
*/
--#ifdef __LCC__
+-#if defined(__LCC__) || defined(__clang__)
- /* lcc won't let us compare function pointers. Legal, but annoying. */
- {
- int c = memcmp(&a->fn, &b->fn, sizeof(a->fn));
-- if (c < 0)
-- return -1;
-- else if (c > 0)
-- return +1;
+- if (c)
+- return c;
- }
-#else
- if (a->fn < b->fn)
diff --git a/security/putty/patches/patch-unix_gtkfont_c b/security/putty/patches/patch-unix_gtkfont_c
deleted file mode 100644
index 49f62a63ba6..00000000000
--- a/security/putty/patches/patch-unix_gtkfont_c
+++ /dev/null
@@ -1,87 +0,0 @@
-$NetBSD: patch-unix_gtkfont_c,v 1.1 2012/05/07 01:14:15 dholland Exp $
-
-Fix build with latest glib2.
-
---- unix/gtkfont.c~ 2010-08-10 17:21:25.000000000 +0000
-+++ unix/gtkfont.c
-@@ -524,21 +524,21 @@ static void x11font_enum_fonts(GtkWidget
- style = p;
- p += sprintf(p, "%s", components[2][0] ? components[2] :
- "regular");
-- if (!g_strcasecmp(components[3], "i"))
-+ if (!g_ascii_strcasecmp(components[3], "i"))
- p += sprintf(p, " italic");
-- else if (!g_strcasecmp(components[3], "o"))
-+ else if (!g_ascii_strcasecmp(components[3], "o"))
- p += sprintf(p, " oblique");
-- else if (!g_strcasecmp(components[3], "ri"))
-+ else if (!g_ascii_strcasecmp(components[3], "ri"))
- p += sprintf(p, " reverse italic");
-- else if (!g_strcasecmp(components[3], "ro"))
-+ else if (!g_ascii_strcasecmp(components[3], "ro"))
- p += sprintf(p, " reverse oblique");
-- else if (!g_strcasecmp(components[3], "ot"))
-+ else if (!g_ascii_strcasecmp(components[3], "ot"))
- p += sprintf(p, " other-slant");
-- if (components[4][0] && g_strcasecmp(components[4], "normal"))
-+ if (components[4][0] && g_ascii_strcasecmp(components[4], "normal"))
- p += sprintf(p, " %s", components[4]);
-- if (!g_strcasecmp(components[10], "m"))
-+ if (!g_ascii_strcasecmp(components[10], "m"))
- p += sprintf(p, " [M]");
-- if (!g_strcasecmp(components[10], "c"))
-+ if (!g_ascii_strcasecmp(components[10], "c"))
- p += sprintf(p, " [C]");
- if (components[5][0])
- p += sprintf(p, " %s", components[5]);
-@@ -550,23 +550,23 @@ static void x11font_enum_fonts(GtkWidget
- */
- p++;
- stylekey = p;
-- if (!g_strcasecmp(components[2], "medium") ||
-- !g_strcasecmp(components[2], "regular") ||
-- !g_strcasecmp(components[2], "normal") ||
-- !g_strcasecmp(components[2], "book"))
-+ if (!g_ascii_strcasecmp(components[2], "medium") ||
-+ !g_ascii_strcasecmp(components[2], "regular") ||
-+ !g_ascii_strcasecmp(components[2], "normal") ||
-+ !g_ascii_strcasecmp(components[2], "book"))
- weightkey = 0;
-- else if (!g_strncasecmp(components[2], "demi", 4) ||
-- !g_strncasecmp(components[2], "semi", 4))
-+ else if (!g_ascii_strncasecmp(components[2], "demi", 4) ||
-+ !g_ascii_strncasecmp(components[2], "semi", 4))
- weightkey = 1;
- else
- weightkey = 2;
-- if (!g_strcasecmp(components[3], "r"))
-+ if (!g_ascii_strcasecmp(components[3], "r"))
- slantkey = 0;
-- else if (!g_strncasecmp(components[3], "r", 1))
-+ else if (!g_ascii_strncasecmp(components[3], "r", 1))
- slantkey = 2;
- else
- slantkey = 1;
-- if (!g_strcasecmp(components[4], "normal"))
-+ if (!g_ascii_strcasecmp(components[4], "normal"))
- setwidthkey = 0;
- else
- setwidthkey = 1;
-@@ -774,7 +774,7 @@ static int pangofont_check_desc_makes_se
-
- matched = FALSE;
- for (i = 0; i < nfamilies; i++) {
-- if (!g_strcasecmp(pango_font_family_get_name(families[i]),
-+ if (!g_ascii_strcasecmp(pango_font_family_get_name(families[i]),
- pango_font_description_get_family(desc))) {
- matched = TRUE;
- break;
-@@ -1393,7 +1393,7 @@ static int strnullcasecmp(const char *a,
- /*
- * Otherwise, ordinary strcasecmp.
- */
-- return g_strcasecmp(a, b);
-+ return g_ascii_strcasecmp(a, b);
- }
-
- static int fontinfo_realname_compare(void *av, void *bv)
diff --git a/security/putty/patches/patch-unix_gtkwin.c b/security/putty/patches/patch-unix_gtkwin.c
index 5c5e7e080e4..61b64be8f42 100644
--- a/security/putty/patches/patch-unix_gtkwin.c
+++ b/security/putty/patches/patch-unix_gtkwin.c
@@ -1,14 +1,15 @@
-$NetBSD: patch-unix_gtkwin.c,v 1.2 2012/11/01 19:32:44 joerg Exp $
+$NetBSD: patch-unix_gtkwin.c,v 1.3 2013/08/07 11:06:39 drochner Exp $
Make the home/end keys work on BSD servers as well as Linux ones
---- unix/gtkwin.c.orig 2011-05-07 10:57:19.000000000 +0000
+--- unix/gtkwin.c.orig 2013-07-20 13:15:10.000000000 +0000
+++ unix/gtkwin.c
-@@ -1033,9 +1033,17 @@ gint key_event(GtkWidget *widget, GdkEve
+@@ -1132,10 +1132,17 @@ gint key_event(GtkWidget *widget, GdkEve
use_ucsoutput = FALSE;
goto done;
}
-- if (inst->cfg.rxvt_homeend && (code == 1 || code == 4)) {
+- if ((code == 1 || code == 4) &&
+- conf_get_int(inst->conf, CONF_rxvt_homeend)) {
- end = 1 + sprintf(output+1, code == 1 ? "\x1B[H" : "\x1BOw");
- use_ucsoutput = FALSE;
+ /* Home/End */
@@ -17,7 +18,7 @@ Make the home/end keys work on BSD servers as well as Linux ones
+ * We used to send ^[1~ and [4~ for Xterm,
+ * but those are Linux console */
+ const char *he;
-+ if (inst->cfg.rxvt_homeend)
++ if (conf_get_int(inst->conf, CONF_rxvt_homeend))
+ he = code == 1 ? "\x1B[7~" : "\x1B[8~";
+ else
+ he = code == 1 ? "\x1BOH" : "\x1BOF";
diff --git a/security/putty/patches/patch-unix_uxnet.c b/security/putty/patches/patch-unix_uxnet.c
index 7268e372779..07f07c8f0f0 100644
--- a/security/putty/patches/patch-unix_uxnet.c
+++ b/security/putty/patches/patch-unix_uxnet.c
@@ -1,8 +1,8 @@
-$NetBSD: patch-unix_uxnet.c,v 1.1 2012/02/22 15:27:17 wiz Exp $
+$NetBSD: patch-unix_uxnet.c,v 1.2 2013/08/07 11:06:39 drochner Exp $
---- unix/uxnet.c.orig 2009-08-06 22:55:15.000000000 +0000
+--- unix/uxnet.c.orig 2013-07-27 18:35:48.000000000 +0000
+++ unix/uxnet.c
-@@ -526,10 +526,10 @@ static int try_connect(Actual_Socket soc
+@@ -534,10 +534,10 @@ static int try_connect(Actual_Socket soc
{
int s;
union sockaddr_union u;
@@ -10,8 +10,8 @@ $NetBSD: patch-unix_uxnet.c,v 1.1 2012/02/22 15:27:17 wiz Exp $
+ const union sockaddr_union *sa = NULL;
int err = 0;
short localport;
-- int fl, salen, family;
-+ int fl, salen = 0, family;
+- int salen, family;
++ int salen = 0, family;
/*
* Remove the socket from the tree before we overwrite its
diff --git a/security/putty/patches/patch-unix_uxucs.c b/security/putty/patches/patch-unix_uxucs.c
index bfdc3d92258..8658af42ab0 100644
--- a/security/putty/patches/patch-unix_uxucs.c
+++ b/security/putty/patches/patch-unix_uxucs.c
@@ -1,9 +1,9 @@
-$NetBSD: patch-unix_uxucs.c,v 1.1 2012/11/01 19:32:44 joerg Exp $
+$NetBSD: patch-unix_uxucs.c,v 1.2 2013/08/07 11:06:39 drochner Exp $
---- unix/uxucs.c.orig 2012-10-30 22:26:02.000000000 +0000
+--- unix/uxucs.c.orig 2013-07-22 07:12:05.000000000 +0000
+++ unix/uxucs.c
-@@ -76,7 +76,7 @@ int wc_to_mb(int codepage, int flags, wc
- setlocale(LC_CTYPE, "");
+@@ -72,7 +72,7 @@ int wc_to_mb(int codepage, int flags, co
+ memset(&state, 0, sizeof state);
while (wclen > 0) {
- int i = wcrtomb(output, wcstr[0], &state);
diff --git a/security/putty/patches/patch-windows_window.c b/security/putty/patches/patch-windows_window.c
index c7087749845..2c334424f65 100644
--- a/security/putty/patches/patch-windows_window.c
+++ b/security/putty/patches/patch-windows_window.c
@@ -1,14 +1,15 @@
-$NetBSD: patch-windows_window.c,v 1.1 2012/02/22 15:27:17 wiz Exp $
+$NetBSD: patch-windows_window.c,v 1.2 2013/08/07 11:06:39 drochner Exp $
Make the home/end keys work on BSD servers as well as Linux ones
---- windows/window.c.orig 2011-07-16 11:26:19.000000000 +0000
+--- windows/window.c.orig 2013-08-04 19:32:10.000000000 +0000
+++ windows/window.c
-@@ -4302,8 +4302,17 @@ static int TranslateKey(UINT message, WP
+@@ -4520,9 +4520,17 @@ static int TranslateKey(UINT message, WP
p += sprintf((char *) p, "\x1BO%c", code + 'P' - 11);
return p - output;
}
-- if (cfg.rxvt_homeend && (code == 1 || code == 4)) {
+- if ((code == 1 || code == 4) &&
+- conf_get_int(conf, CONF_rxvt_homeend)) {
- p += sprintf((char *) p, code == 1 ? "\x1B[H" : "\x1BOw");
+ /* Home/End */
+ if (code == 1 || code == 4) {
@@ -16,7 +17,7 @@ Make the home/end keys work on BSD servers as well as Linux ones
+ * We used to send ^[1~ and [4~ for Xterm,
+ * but those are Linux console */
+ const char *he;
-+ if (cfg.rxvt_homeend)
++ if (conf_get_int(conf, CONF_rxvt_homeend))
+ he = code == 1 ? "\x1B[7~" : "\x1B[8~";
+ else
+ he = code == 1 ? "\x1BOH" : "\x1BOF";