diff options
author | drochner <drochner> | 2013-08-07 11:06:39 +0000 |
---|---|---|
committer | drochner <drochner> | 2013-08-07 11:06:39 +0000 |
commit | 928f889f6e6abb635034173d7d5ceb030aa170ab (patch) | |
tree | 6d86bf0befbbfc67a4f9a340214263d4d5742a04 /security | |
parent | 238cac9274467ef94bab76462fc27aa9b5587c4d (diff) | |
download | pkgsrc-928f889f6e6abb635034173d7d5ceb030aa170ab.tar.gz |
update to 0.63
This fixes a buffer overflow which was patched in pkgsrc (CVE-2013-4852),
two other buffer overflows (CVE-2013-4206, CVE-2013-4207), and
it clears private keys after use now (CVE-2013-4208).
Other than that, there are mostly bug fixes from 0.62 and a few
small features.
Diffstat (limited to 'security')
-rw-r--r-- | security/putty/Makefile | 7 | ||||
-rw-r--r-- | security/putty/distinfo | 24 | ||||
-rw-r--r-- | security/putty/patches/patch-CVE-2013-4852-1 | 24 | ||||
-rw-r--r-- | security/putty/patches/patch-CVE-2013-4852-2 | 13 | ||||
-rw-r--r-- | security/putty/patches/patch-import.c | 19 | ||||
-rw-r--r-- | security/putty/patches/patch-terminal.c | 46 | ||||
-rw-r--r-- | security/putty/patches/patch-timing.c | 14 | ||||
-rw-r--r-- | security/putty/patches/patch-unix_gtkfont_c | 87 | ||||
-rw-r--r-- | security/putty/patches/patch-unix_gtkwin.c | 11 | ||||
-rw-r--r-- | security/putty/patches/patch-unix_uxnet.c | 10 | ||||
-rw-r--r-- | security/putty/patches/patch-unix_uxucs.c | 8 | ||||
-rw-r--r-- | security/putty/patches/patch-windows_window.c | 11 |
12 files changed, 44 insertions, 230 deletions
diff --git a/security/putty/Makefile b/security/putty/Makefile index fa5b573da04..68adeedfc4a 100644 --- a/security/putty/Makefile +++ b/security/putty/Makefile @@ -1,10 +1,9 @@ -# $NetBSD: Makefile,v 1.34 2013/08/06 12:23:37 drochner Exp $ +# $NetBSD: Makefile,v 1.35 2013/08/07 11:06:39 drochner Exp $ # -DISTNAME= putty-0.62 -PKGREVISION= 10 +DISTNAME= putty-0.63 CATEGORIES= security -MASTER_SITES= http://the.earth.li/~sgtatham/putty/0.62/ +MASTER_SITES= http://the.earth.li/~sgtatham/putty/0.63/ MAINTAINER= pkgsrc-users@NetBSD.org HOMEPAGE= http://www.chiark.greenend.org.uk/~sgtatham/putty/ diff --git a/security/putty/distinfo b/security/putty/distinfo index db59bd53145..cb4f88ba950 100644 --- a/security/putty/distinfo +++ b/security/putty/distinfo @@ -1,17 +1,13 @@ -$NetBSD: distinfo,v 1.14 2013/08/06 12:23:37 drochner Exp $ +$NetBSD: distinfo,v 1.15 2013/08/07 11:06:39 drochner Exp $ -SHA1 (putty-0.62.tar.gz) = 5898438614117ee7e3704fc3f30a3c4bf2041380 -RMD160 (putty-0.62.tar.gz) = 48324416005eb4b14654fc9e0e14d39f20971507 -Size (putty-0.62.tar.gz) = 1783106 bytes -SHA1 (patch-CVE-2013-4852-1) = 9f81e7b1c1135f153d7af1c4ca264d0af8df0cd8 -SHA1 (patch-CVE-2013-4852-2) = ca90d823b5ea59e4759fd48f63c28f0c8a3378da -SHA1 (patch-import.c) = 2d88e956bb04e66a836992347e1252eeca78e8de +SHA1 (putty-0.63.tar.gz) = 195c0603ef61082b91276faa8d4246ea472bba3b +RMD160 (putty-0.63.tar.gz) = cf28d88a5f0e1db6c21bb0308bd59ed4d6399e5f +Size (putty-0.63.tar.gz) = 1887913 bytes +SHA1 (patch-import.c) = da6a34ec3412985858babb28821296c40e30d96b SHA1 (patch-ldisc.c) = e4dd89bfb2ddcb47aad46cc7c311f424aa6ab6be -SHA1 (patch-terminal.c) = bed37a83bb7afc56ff34d48f8079b37d9db0f948 -SHA1 (patch-timing.c) = b836da7194aa72ac88d94951070dc65f11978703 +SHA1 (patch-timing.c) = 9dd79fde390878960e97c456628bbd5dcbcd07f9 SHA1 (patch-unix_Makefile.gtk) = 0ad8226e2ad8e6e40d3eb9ddef4b22e7d07b7895 -SHA1 (patch-unix_gtkfont_c) = 0e57d4f49466ac73fb0d8cc8efb635e6f8a37f44 -SHA1 (patch-unix_gtkwin.c) = c62d1888b93476972180d14b1fd06d0ab8c8b04b -SHA1 (patch-unix_uxnet.c) = 50e39093ece97b189da4a736713b59ed72c162d9 -SHA1 (patch-unix_uxucs.c) = c8a2c4a5f0f50a0c87ec643acd7a02f16dba576f -SHA1 (patch-windows_window.c) = 0c9f4ad5870e63793278d6f04cae88154611e596 +SHA1 (patch-unix_gtkwin.c) = ccabdde03fda8bbc24d659a440fe48f96ab5d867 +SHA1 (patch-unix_uxnet.c) = 2d1c2939721993fe5616c2fe3f1935c03a31bb35 +SHA1 (patch-unix_uxucs.c) = a2a5021b515c3bade1126ed062bdc1eece1ca0f9 +SHA1 (patch-windows_window.c) = e851bad963967429131286c18e39d1ac4add4ae7 diff --git a/security/putty/patches/patch-CVE-2013-4852-1 b/security/putty/patches/patch-CVE-2013-4852-1 deleted file mode 100644 index dea86d664dd..00000000000 --- a/security/putty/patches/patch-CVE-2013-4852-1 +++ /dev/null @@ -1,24 +0,0 @@ -$NetBSD: patch-CVE-2013-4852-1,v 1.1 2013/08/06 12:23:37 drochner Exp $ - -see http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896 - ---- sshdss.c.orig 2007-10-03 21:21:18.000000000 +0000 -+++ sshdss.c -@@ -43,6 +43,8 @@ static void getstring(char **data, int * - if (*datalen < 4) - return; - *length = GET_32BIT(*data); -+ if (*length < 0) -+ return; - *datalen -= 4; - *data += 4; - if (*datalen < *length) -@@ -98,7 +100,7 @@ static void *dss_newkey(char *data, int - } - #endif - -- if (!p || memcmp(p, "ssh-dss", 7)) { -+ if (!p || slen != 7 || memcmp(p, "ssh-dss", 7)) { - sfree(dss); - return NULL; - } diff --git a/security/putty/patches/patch-CVE-2013-4852-2 b/security/putty/patches/patch-CVE-2013-4852-2 deleted file mode 100644 index 0e94ad8151f..00000000000 --- a/security/putty/patches/patch-CVE-2013-4852-2 +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-CVE-2013-4852-2,v 1.1 2013/08/06 12:23:37 drochner Exp $ - ---- sshrsa.c.orig 2011-02-18 08:25:39.000000000 +0000 -+++ sshrsa.c -@@ -526,6 +526,8 @@ static void getstring(char **data, int * - if (*datalen < 4) - return; - *length = GET_32BIT(*data); -+ if (*length < 0) -+ return; - *datalen -= 4; - *data += 4; - if (*datalen < *length) diff --git a/security/putty/patches/patch-import.c b/security/putty/patches/patch-import.c index 14617c99457..6d36e32d3ec 100644 --- a/security/putty/patches/patch-import.c +++ b/security/putty/patches/patch-import.c @@ -1,19 +1,8 @@ -$NetBSD: patch-import.c,v 1.2 2013/08/06 12:23:37 drochner Exp $ +$NetBSD: patch-import.c,v 1.3 2013/08/07 11:06:39 drochner Exp $ -see http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896 - ---- import.c.orig 2010-04-12 11:02:06.000000000 +0000 +--- import.c.orig 2013-07-20 13:15:20.000000000 +0000 +++ import.c -@@ -290,7 +290,7 @@ static int ssh2_read_mpint(void *data, i - if (len < 4) - goto error; - bytes = GET_32BIT(d); -- if (len < 4+bytes) -+ if (bytes < 0 || len-4 < bytes) - goto error; - - ret->start = d + 4; -@@ -717,8 +717,8 @@ int openssh_write(const Filename *filena +@@ -725,8 +725,8 @@ int openssh_write(const Filename *filena unsigned char *outblob; int outlen; struct mpint_pos numbers[9]; @@ -24,7 +13,7 @@ see http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896 char zero[1]; unsigned char iv[8]; int ret = 0; -@@ -1513,8 +1513,8 @@ int sshcom_write(const Filename *filenam +@@ -1547,8 +1547,8 @@ int sshcom_write(const Filename *filenam unsigned char *outblob; int outlen; struct mpint_pos numbers[6]; diff --git a/security/putty/patches/patch-terminal.c b/security/putty/patches/patch-terminal.c deleted file mode 100644 index 2b8c6a15cd0..00000000000 --- a/security/putty/patches/patch-terminal.c +++ /dev/null @@ -1,46 +0,0 @@ -$NetBSD: patch-terminal.c,v 1.2 2012/11/01 19:32:44 joerg Exp $ - -Make the home/end keys work on BSD servers as well as Linux ones - ---- terminal.c.orig 2011-07-16 11:27:05.000000000 +0000 -+++ terminal.c -@@ -6202,13 +6202,6 @@ void term_key(Terminal *term, Key_Sym ke - } - } - -- /* RXVT Home/End */ -- if (term->cfg.rxvt_homeend && -- (keysym == PK_HOME || keysym == PK_END)) { -- p += sprintf((char *) p, keysym == PK_HOME ? "\x1B[H" : "\x1BOw"); -- goto done; -- } -- - if (term->vt52_mode) { - int xkey; - -@@ -6229,11 +6222,23 @@ void term_key(Terminal *term, Key_Sym ke - goto done; - } - -+ /* Home/End */ -+ if (keysym == PK_HOME || keysym == PK_END) { -+ /* Send the correct XTerm or rxvt codes for home/end -+ * We used to send ^[1~ and [4~ for Xterm, -+ * but those are Linux console */ -+ const char *he; -+ if (term->cfg.rxvt_homeend) -+ he = keysym == PK_HOME ? "\x1B[7~" : "\x1B[8~"; -+ else -+ he = keysym == PK_HOME ? "\x1BOH" : "\x1BOF"; -+ p += sprintf((char *) p, "%s", he); -+ goto done; -+ } -+ - switch (keysym) { -- case PK_HOME: code = 1; break; - case PK_INSERT: code = 2; break; - case PK_DELETE: code = 3; break; -- case PK_END: code = 4; break; - case PK_PAGEUP: code = 5; break; - case PK_PAGEDOWN: code = 6; break; - default: code = 0; break; /* else gcc warns `enum value not used' */ diff --git a/security/putty/patches/patch-timing.c b/security/putty/patches/patch-timing.c index 36d0925334f..bf7716c0d71 100644 --- a/security/putty/patches/patch-timing.c +++ b/security/putty/patches/patch-timing.c @@ -1,19 +1,17 @@ -$NetBSD: patch-timing.c,v 1.1 2012/11/01 19:32:44 joerg Exp $ +$NetBSD: patch-timing.c,v 1.2 2013/08/07 11:06:39 drochner Exp $ ---- timing.c.orig 2012-10-30 22:23:57.000000000 +0000 +--- timing.c.orig 2012-09-19 22:12:00.000000000 +0000 +++ timing.c -@@ -41,21 +41,10 @@ static int compare_timers(void *av, void +@@ -60,19 +60,10 @@ static int compare_timers(void *av, void * Failing that, compare on the other two fields, just so that * we don't get unwanted equality. */ --#ifdef __LCC__ +-#if defined(__LCC__) || defined(__clang__) - /* lcc won't let us compare function pointers. Legal, but annoying. */ - { - int c = memcmp(&a->fn, &b->fn, sizeof(a->fn)); -- if (c < 0) -- return -1; -- else if (c > 0) -- return +1; +- if (c) +- return c; - } -#else - if (a->fn < b->fn) diff --git a/security/putty/patches/patch-unix_gtkfont_c b/security/putty/patches/patch-unix_gtkfont_c deleted file mode 100644 index 49f62a63ba6..00000000000 --- a/security/putty/patches/patch-unix_gtkfont_c +++ /dev/null @@ -1,87 +0,0 @@ -$NetBSD: patch-unix_gtkfont_c,v 1.1 2012/05/07 01:14:15 dholland Exp $ - -Fix build with latest glib2. - ---- unix/gtkfont.c~ 2010-08-10 17:21:25.000000000 +0000 -+++ unix/gtkfont.c -@@ -524,21 +524,21 @@ static void x11font_enum_fonts(GtkWidget - style = p; - p += sprintf(p, "%s", components[2][0] ? components[2] : - "regular"); -- if (!g_strcasecmp(components[3], "i")) -+ if (!g_ascii_strcasecmp(components[3], "i")) - p += sprintf(p, " italic"); -- else if (!g_strcasecmp(components[3], "o")) -+ else if (!g_ascii_strcasecmp(components[3], "o")) - p += sprintf(p, " oblique"); -- else if (!g_strcasecmp(components[3], "ri")) -+ else if (!g_ascii_strcasecmp(components[3], "ri")) - p += sprintf(p, " reverse italic"); -- else if (!g_strcasecmp(components[3], "ro")) -+ else if (!g_ascii_strcasecmp(components[3], "ro")) - p += sprintf(p, " reverse oblique"); -- else if (!g_strcasecmp(components[3], "ot")) -+ else if (!g_ascii_strcasecmp(components[3], "ot")) - p += sprintf(p, " other-slant"); -- if (components[4][0] && g_strcasecmp(components[4], "normal")) -+ if (components[4][0] && g_ascii_strcasecmp(components[4], "normal")) - p += sprintf(p, " %s", components[4]); -- if (!g_strcasecmp(components[10], "m")) -+ if (!g_ascii_strcasecmp(components[10], "m")) - p += sprintf(p, " [M]"); -- if (!g_strcasecmp(components[10], "c")) -+ if (!g_ascii_strcasecmp(components[10], "c")) - p += sprintf(p, " [C]"); - if (components[5][0]) - p += sprintf(p, " %s", components[5]); -@@ -550,23 +550,23 @@ static void x11font_enum_fonts(GtkWidget - */ - p++; - stylekey = p; -- if (!g_strcasecmp(components[2], "medium") || -- !g_strcasecmp(components[2], "regular") || -- !g_strcasecmp(components[2], "normal") || -- !g_strcasecmp(components[2], "book")) -+ if (!g_ascii_strcasecmp(components[2], "medium") || -+ !g_ascii_strcasecmp(components[2], "regular") || -+ !g_ascii_strcasecmp(components[2], "normal") || -+ !g_ascii_strcasecmp(components[2], "book")) - weightkey = 0; -- else if (!g_strncasecmp(components[2], "demi", 4) || -- !g_strncasecmp(components[2], "semi", 4)) -+ else if (!g_ascii_strncasecmp(components[2], "demi", 4) || -+ !g_ascii_strncasecmp(components[2], "semi", 4)) - weightkey = 1; - else - weightkey = 2; -- if (!g_strcasecmp(components[3], "r")) -+ if (!g_ascii_strcasecmp(components[3], "r")) - slantkey = 0; -- else if (!g_strncasecmp(components[3], "r", 1)) -+ else if (!g_ascii_strncasecmp(components[3], "r", 1)) - slantkey = 2; - else - slantkey = 1; -- if (!g_strcasecmp(components[4], "normal")) -+ if (!g_ascii_strcasecmp(components[4], "normal")) - setwidthkey = 0; - else - setwidthkey = 1; -@@ -774,7 +774,7 @@ static int pangofont_check_desc_makes_se - - matched = FALSE; - for (i = 0; i < nfamilies; i++) { -- if (!g_strcasecmp(pango_font_family_get_name(families[i]), -+ if (!g_ascii_strcasecmp(pango_font_family_get_name(families[i]), - pango_font_description_get_family(desc))) { - matched = TRUE; - break; -@@ -1393,7 +1393,7 @@ static int strnullcasecmp(const char *a, - /* - * Otherwise, ordinary strcasecmp. - */ -- return g_strcasecmp(a, b); -+ return g_ascii_strcasecmp(a, b); - } - - static int fontinfo_realname_compare(void *av, void *bv) diff --git a/security/putty/patches/patch-unix_gtkwin.c b/security/putty/patches/patch-unix_gtkwin.c index 5c5e7e080e4..61b64be8f42 100644 --- a/security/putty/patches/patch-unix_gtkwin.c +++ b/security/putty/patches/patch-unix_gtkwin.c @@ -1,14 +1,15 @@ -$NetBSD: patch-unix_gtkwin.c,v 1.2 2012/11/01 19:32:44 joerg Exp $ +$NetBSD: patch-unix_gtkwin.c,v 1.3 2013/08/07 11:06:39 drochner Exp $ Make the home/end keys work on BSD servers as well as Linux ones ---- unix/gtkwin.c.orig 2011-05-07 10:57:19.000000000 +0000 +--- unix/gtkwin.c.orig 2013-07-20 13:15:10.000000000 +0000 +++ unix/gtkwin.c -@@ -1033,9 +1033,17 @@ gint key_event(GtkWidget *widget, GdkEve +@@ -1132,10 +1132,17 @@ gint key_event(GtkWidget *widget, GdkEve use_ucsoutput = FALSE; goto done; } -- if (inst->cfg.rxvt_homeend && (code == 1 || code == 4)) { +- if ((code == 1 || code == 4) && +- conf_get_int(inst->conf, CONF_rxvt_homeend)) { - end = 1 + sprintf(output+1, code == 1 ? "\x1B[H" : "\x1BOw"); - use_ucsoutput = FALSE; + /* Home/End */ @@ -17,7 +18,7 @@ Make the home/end keys work on BSD servers as well as Linux ones + * We used to send ^[1~ and [4~ for Xterm, + * but those are Linux console */ + const char *he; -+ if (inst->cfg.rxvt_homeend) ++ if (conf_get_int(inst->conf, CONF_rxvt_homeend)) + he = code == 1 ? "\x1B[7~" : "\x1B[8~"; + else + he = code == 1 ? "\x1BOH" : "\x1BOF"; diff --git a/security/putty/patches/patch-unix_uxnet.c b/security/putty/patches/patch-unix_uxnet.c index 7268e372779..07f07c8f0f0 100644 --- a/security/putty/patches/patch-unix_uxnet.c +++ b/security/putty/patches/patch-unix_uxnet.c @@ -1,8 +1,8 @@ -$NetBSD: patch-unix_uxnet.c,v 1.1 2012/02/22 15:27:17 wiz Exp $ +$NetBSD: patch-unix_uxnet.c,v 1.2 2013/08/07 11:06:39 drochner Exp $ ---- unix/uxnet.c.orig 2009-08-06 22:55:15.000000000 +0000 +--- unix/uxnet.c.orig 2013-07-27 18:35:48.000000000 +0000 +++ unix/uxnet.c -@@ -526,10 +526,10 @@ static int try_connect(Actual_Socket soc +@@ -534,10 +534,10 @@ static int try_connect(Actual_Socket soc { int s; union sockaddr_union u; @@ -10,8 +10,8 @@ $NetBSD: patch-unix_uxnet.c,v 1.1 2012/02/22 15:27:17 wiz Exp $ + const union sockaddr_union *sa = NULL; int err = 0; short localport; -- int fl, salen, family; -+ int fl, salen = 0, family; +- int salen, family; ++ int salen = 0, family; /* * Remove the socket from the tree before we overwrite its diff --git a/security/putty/patches/patch-unix_uxucs.c b/security/putty/patches/patch-unix_uxucs.c index bfdc3d92258..8658af42ab0 100644 --- a/security/putty/patches/patch-unix_uxucs.c +++ b/security/putty/patches/patch-unix_uxucs.c @@ -1,9 +1,9 @@ -$NetBSD: patch-unix_uxucs.c,v 1.1 2012/11/01 19:32:44 joerg Exp $ +$NetBSD: patch-unix_uxucs.c,v 1.2 2013/08/07 11:06:39 drochner Exp $ ---- unix/uxucs.c.orig 2012-10-30 22:26:02.000000000 +0000 +--- unix/uxucs.c.orig 2013-07-22 07:12:05.000000000 +0000 +++ unix/uxucs.c -@@ -76,7 +76,7 @@ int wc_to_mb(int codepage, int flags, wc - setlocale(LC_CTYPE, ""); +@@ -72,7 +72,7 @@ int wc_to_mb(int codepage, int flags, co + memset(&state, 0, sizeof state); while (wclen > 0) { - int i = wcrtomb(output, wcstr[0], &state); diff --git a/security/putty/patches/patch-windows_window.c b/security/putty/patches/patch-windows_window.c index c7087749845..2c334424f65 100644 --- a/security/putty/patches/patch-windows_window.c +++ b/security/putty/patches/patch-windows_window.c @@ -1,14 +1,15 @@ -$NetBSD: patch-windows_window.c,v 1.1 2012/02/22 15:27:17 wiz Exp $ +$NetBSD: patch-windows_window.c,v 1.2 2013/08/07 11:06:39 drochner Exp $ Make the home/end keys work on BSD servers as well as Linux ones ---- windows/window.c.orig 2011-07-16 11:26:19.000000000 +0000 +--- windows/window.c.orig 2013-08-04 19:32:10.000000000 +0000 +++ windows/window.c -@@ -4302,8 +4302,17 @@ static int TranslateKey(UINT message, WP +@@ -4520,9 +4520,17 @@ static int TranslateKey(UINT message, WP p += sprintf((char *) p, "\x1BO%c", code + 'P' - 11); return p - output; } -- if (cfg.rxvt_homeend && (code == 1 || code == 4)) { +- if ((code == 1 || code == 4) && +- conf_get_int(conf, CONF_rxvt_homeend)) { - p += sprintf((char *) p, code == 1 ? "\x1B[H" : "\x1BOw"); + /* Home/End */ + if (code == 1 || code == 4) { @@ -16,7 +17,7 @@ Make the home/end keys work on BSD servers as well as Linux ones + * We used to send ^[1~ and [4~ for Xterm, + * but those are Linux console */ + const char *he; -+ if (cfg.rxvt_homeend) ++ if (conf_get_int(conf, CONF_rxvt_homeend)) + he = code == 1 ? "\x1B[7~" : "\x1B[8~"; + else + he = code == 1 ? "\x1BOH" : "\x1BOF"; |