update to 3.7.3
change: putty security fixes were integrated (was patched in pkgsrc)
This commit is contained in:
parent
c0a9a1a991
commit
25af1708ea
4 changed files with 6 additions and 124 deletions
|
@ -1,7 +1,7 @@
|
|||
# $NetBSD: Makefile,v 1.45 2013/08/07 16:48:49 drochner Exp $
|
||||
# $NetBSD: Makefile,v 1.46 2013/08/23 10:56:46 drochner Exp $
|
||||
#
|
||||
|
||||
VERSION= 3.7.2
|
||||
VERSION= 3.7.3
|
||||
DISTNAME= FileZilla_${VERSION}_src
|
||||
PKGNAME= filezilla-${VERSION}
|
||||
CATEGORIES= net x11
|
||||
|
|
|
@ -1,8 +1,6 @@
|
|||
$NetBSD: distinfo,v 1.18 2013/08/07 16:48:49 drochner Exp $
|
||||
$NetBSD: distinfo,v 1.19 2013/08/23 10:56:46 drochner Exp $
|
||||
|
||||
SHA1 (FileZilla_3.7.2_src.tar.bz2) = 12a241004bf10a4e28fec33c4d7e219dc3f8635e
|
||||
RMD160 (FileZilla_3.7.2_src.tar.bz2) = 2e993c7c9fa04e6e72cd9c120df871f4cdc4e09c
|
||||
Size (FileZilla_3.7.2_src.tar.bz2) = 3682007 bytes
|
||||
SHA1 (patch-CVE-2013-4206) = e4e6d4c5d26449d29a3b9d27956ecc6a255eeac7
|
||||
SHA1 (patch-CVE-2013-4208) = fd3a73dc554bf5bc39bac1150dd11594b4556346
|
||||
SHA1 (FileZilla_3.7.3_src.tar.bz2) = 34c3dd1943816a916c54e49cbbea51c97ef3f583
|
||||
RMD160 (FileZilla_3.7.3_src.tar.bz2) = 8fefebae9f2024dedab9841dc6fe3876305f8d2f
|
||||
Size (FileZilla_3.7.3_src.tar.bz2) = 3682494 bytes
|
||||
SHA1 (patch-data_makezip.sh.in) = 80acc96fce08e2e0831a4da0613f7b2eaebad465
|
||||
|
|
|
@ -1,87 +0,0 @@
|
|||
$NetBSD: patch-CVE-2013-4206,v 1.1 2013/08/07 16:48:49 drochner Exp $
|
||||
|
||||
fixes also CVE-2013-4207
|
||||
http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9977
|
||||
http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9996
|
||||
|
||||
--- src/putty/sshbn.c.orig 2011-08-21 17:53:50.000000000 +0000
|
||||
+++ src/putty/sshbn.c
|
||||
@@ -1018,6 +1018,13 @@ Bignum modmul(Bignum p, Bignum q, Bignum
|
||||
|
||||
pqlen = (p[0] > q[0] ? p[0] : q[0]);
|
||||
|
||||
+ /*
|
||||
+ * Make sure that we're allowing enough space. The shifting below
|
||||
+ * will underflow the vectors we allocate if pqlen is too small.
|
||||
+ */
|
||||
+ if (2*pqlen <= mlen)
|
||||
+ pqlen = mlen/2 + 1;
|
||||
+
|
||||
/* Allocate n of size pqlen, copy p to n */
|
||||
n = snewn(pqlen, BignumInt);
|
||||
i = pqlen - p[0];
|
||||
@@ -1306,7 +1313,18 @@ int ssh1_write_bignum(void *data, Bignum
|
||||
int bignum_cmp(Bignum a, Bignum b)
|
||||
{
|
||||
int amax = a[0], bmax = b[0];
|
||||
- int i = (amax > bmax ? amax : bmax);
|
||||
+ int i;
|
||||
+
|
||||
+ /* Annoyingly we have two representations of zero */
|
||||
+ if (amax == 1 && a[amax] == 0)
|
||||
+ amax = 0;
|
||||
+ if (bmax == 1 && b[bmax] == 0)
|
||||
+ bmax = 0;
|
||||
+
|
||||
+ assert(amax == 0 || a[amax] != 0);
|
||||
+ assert(bmax == 0 || b[bmax] != 0);
|
||||
+
|
||||
+ i = (amax > bmax ? amax : bmax);
|
||||
while (i) {
|
||||
BignumInt aval = (i > amax ? 0 : a[i]);
|
||||
BignumInt bval = (i > bmax ? 0 : b[i]);
|
||||
@@ -1864,6 +1882,44 @@ int main(int argc, char **argv)
|
||||
freebn(b);
|
||||
freebn(c);
|
||||
freebn(p);
|
||||
+ } else if (!strcmp(buf, "modmul")) {
|
||||
+ Bignum a, b, m, c, p;
|
||||
+
|
||||
+ if (ptrnum != 4) {
|
||||
+ printf("%d: modmul with %d parameters, expected 4\n",
|
||||
+ line, ptrnum);
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ a = bignum_from_bytes(ptrs[0], ptrs[1]-ptrs[0]);
|
||||
+ b = bignum_from_bytes(ptrs[1], ptrs[2]-ptrs[1]);
|
||||
+ m = bignum_from_bytes(ptrs[2], ptrs[3]-ptrs[2]);
|
||||
+ c = bignum_from_bytes(ptrs[3], ptrs[4]-ptrs[3]);
|
||||
+ p = modmul(a, b, m);
|
||||
+
|
||||
+ if (bignum_cmp(c, p) == 0) {
|
||||
+ passes++;
|
||||
+ } else {
|
||||
+ char *as = bignum_decimal(a);
|
||||
+ char *bs = bignum_decimal(b);
|
||||
+ char *ms = bignum_decimal(m);
|
||||
+ char *cs = bignum_decimal(c);
|
||||
+ char *ps = bignum_decimal(p);
|
||||
+
|
||||
+ printf("%d: fail: %s * %s mod %s gave %s expected %s\n",
|
||||
+ line, as, bs, ms, ps, cs);
|
||||
+ fails++;
|
||||
+
|
||||
+ sfree(as);
|
||||
+ sfree(bs);
|
||||
+ sfree(ms);
|
||||
+ sfree(cs);
|
||||
+ sfree(ps);
|
||||
+ }
|
||||
+ freebn(a);
|
||||
+ freebn(b);
|
||||
+ freebn(m);
|
||||
+ freebn(c);
|
||||
+ freebn(p);
|
||||
} else if (!strcmp(buf, "pow")) {
|
||||
Bignum base, expt, modulus, expected, answer;
|
||||
|
|
@ -1,29 +0,0 @@
|
|||
$NetBSD: patch-CVE-2013-4208,v 1.1 2013/08/07 16:48:49 drochner Exp $
|
||||
|
||||
http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9988
|
||||
|
||||
--- src/putty/sshdss.c.orig 2013-08-06 09:08:32.000000000 +0000
|
||||
+++ src/putty/sshdss.c
|
||||
@@ -251,8 +251,13 @@ static int dss_verifysig(void *key, char
|
||||
}
|
||||
r = get160(&sig, &siglen);
|
||||
s = get160(&sig, &siglen);
|
||||
- if (!r || !s)
|
||||
+ if (!r || !s) {
|
||||
+ if (r)
|
||||
+ freebn(r);
|
||||
+ if (s)
|
||||
+ freebn(s);
|
||||
return 0;
|
||||
+ }
|
||||
|
||||
/*
|
||||
* Step 1. w <- s^-1 mod q.
|
||||
@@ -601,6 +606,7 @@ static unsigned char *dss_sign(void *key
|
||||
s = modmul(kinv, hxr, dss->q); /* s = k^-1 * (hash + x*r) mod q */
|
||||
freebn(hxr);
|
||||
freebn(kinv);
|
||||
+ freebn(k);
|
||||
freebn(hash);
|
||||
|
||||
/*
|
Loading…
Reference in a new issue