From 2f7d76600fb79248ebc8d0c5a2651dc8a9fc597f Mon Sep 17 00:00:00 2001
From: tron <tron@pkgsrc.org>
Date: Wed, 21 Aug 2013 21:59:57 +0000
Subject: Pullup ticket #4217 - requested by drochner net/filezilla: security
 update

Revisions pulled up:
- net/filezilla/Makefile                                        1.44-1.45
- net/filezilla/PLIST                                           1.10
- net/filezilla/distinfo                                        1.17-1.18
- net/filezilla/patches/patch-CVE-2013-4206                     1.1
- net/filezilla/patches/patch-CVE-2013-4208                     1.1
- net/filezilla/patches/patch-CVE-2013-4852-1                   deleted
- net/filezilla/patches/patch-CVE-2013-4852-2                   deleted
- net/filezilla/patches/patch-CVE-2013-4852-3                   deleted
- net/filezilla/patches/patch-aa                                deleted

---
   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Tue Aug  6 12:55:10 UTC 2013

   Modified Files:
           pkgsrc/net/filezilla: Makefile distinfo
   Added Files:
           pkgsrc/net/filezilla/patches: patch-CVE-2013-4852-1
               patch-CVE-2013-4852-2 patch-CVE-2013-4852-3

   Log Message:
   apply patches from pkgsrc/security/putty to fix embedded sftp client
   bump PKGREV

---
   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Wed Aug  7 16:48:49 UTC 2013

   Modified Files:
           pkgsrc/net/filezilla: Makefile PLIST distinfo
   Added Files:
           pkgsrc/net/filezilla/patches: patch-CVE-2013-4206
   patch-CVE-2013-4208 Removed Files:
           pkgsrc/net/filezilla/patches: patch-CVE-2013-4852-1
               patch-CVE-2013-4852-2 patch-CVE-2013-4852-3 patch-aa

   Log Message:
   update to 3.7.2
   This is a major update, many fixes and improvements.
   Main reason for the update was to sync the embedded sftp client
   with putty after fixes for vulnerabilities.
---
 net/filezilla/patches/patch-CVE-2013-4852-3 | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 net/filezilla/patches/patch-CVE-2013-4852-3

(limited to 'net/filezilla/patches/patch-CVE-2013-4852-3')

diff --git a/net/filezilla/patches/patch-CVE-2013-4852-3 b/net/filezilla/patches/patch-CVE-2013-4852-3
new file mode 100644
index 00000000000..0db5916dbc3
--- /dev/null
+++ b/net/filezilla/patches/patch-CVE-2013-4852-3
@@ -0,0 +1,13 @@
+$NetBSD: patch-CVE-2013-4852-3,v 1.2.2.2 2013/08/21 21:59:57 tron Exp $
+
+--- src/putty/import.c.orig	2008-02-22 03:00:11.000000000 +0000
++++ src/putty/import.c
+@@ -290,7 +290,7 @@ static int ssh2_read_mpint(void *data, i
+     if (len < 4)
+         goto error;
+     bytes = GET_32BIT(d);
+-    if (len < 4+bytes)
++    if (bytes < 0 || len-4 < bytes)
+         goto error;
+ 
+     ret->start = d + 4;
-- 
cgit v1.2.3