head 1.2; access; symbols pkgsrc-2013Q2:1.1.0.2; locks; strict; comment @# @; 1.2 date 2013.08.23.10.56.46; author drochner; state dead; branches; next 1.1; commitid SWK0l4MhrXC6gz2x; 1.1 date 2013.08.07.16.48.49; author drochner; state Exp; branches 1.1.2.1; next ; commitid QRMOPc6vAWrEIx0x; 1.1.2.1 date 2013.08.07.16.48.49; author tron; state dead; branches; next 1.1.2.2; commitid IpneHqy4bDPYZm2x; 1.1.2.2 date 2013.08.21.21.59.57; author tron; state Exp; branches; next ; commitid IpneHqy4bDPYZm2x; desc @@ 1.2 log @update to 3.7.3 change: putty security fixes were integrated (was patched in pkgsrc) @ text @$NetBSD: patch-CVE-2013-4206,v 1.1 2013/08/07 16:48:49 drochner Exp $ fixes also CVE-2013-4207 http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9977 http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9996 --- src/putty/sshbn.c.orig 2011-08-21 17:53:50.000000000 +0000 +++ src/putty/sshbn.c @@@@ -1018,6 +1018,13 @@@@ Bignum modmul(Bignum p, Bignum q, Bignum pqlen = (p[0] > q[0] ? p[0] : q[0]); + /* + * Make sure that we're allowing enough space. The shifting below + * will underflow the vectors we allocate if pqlen is too small. + */ + if (2*pqlen <= mlen) + pqlen = mlen/2 + 1; + /* Allocate n of size pqlen, copy p to n */ n = snewn(pqlen, BignumInt); i = pqlen - p[0]; @@@@ -1306,7 +1313,18 @@@@ int ssh1_write_bignum(void *data, Bignum int bignum_cmp(Bignum a, Bignum b) { int amax = a[0], bmax = b[0]; - int i = (amax > bmax ? amax : bmax); + int i; + + /* Annoyingly we have two representations of zero */ + if (amax == 1 && a[amax] == 0) + amax = 0; + if (bmax == 1 && b[bmax] == 0) + bmax = 0; + + assert(amax == 0 || a[amax] != 0); + assert(bmax == 0 || b[bmax] != 0); + + i = (amax > bmax ? amax : bmax); while (i) { BignumInt aval = (i > amax ? 0 : a[i]); BignumInt bval = (i > bmax ? 0 : b[i]); @@@@ -1864,6 +1882,44 @@@@ int main(int argc, char **argv) freebn(b); freebn(c); freebn(p); + } else if (!strcmp(buf, "modmul")) { + Bignum a, b, m, c, p; + + if (ptrnum != 4) { + printf("%d: modmul with %d parameters, expected 4\n", + line, ptrnum); + exit(1); + } + a = bignum_from_bytes(ptrs[0], ptrs[1]-ptrs[0]); + b = bignum_from_bytes(ptrs[1], ptrs[2]-ptrs[1]); + m = bignum_from_bytes(ptrs[2], ptrs[3]-ptrs[2]); + c = bignum_from_bytes(ptrs[3], ptrs[4]-ptrs[3]); + p = modmul(a, b, m); + + if (bignum_cmp(c, p) == 0) { + passes++; + } else { + char *as = bignum_decimal(a); + char *bs = bignum_decimal(b); + char *ms = bignum_decimal(m); + char *cs = bignum_decimal(c); + char *ps = bignum_decimal(p); + + printf("%d: fail: %s * %s mod %s gave %s expected %s\n", + line, as, bs, ms, ps, cs); + fails++; + + sfree(as); + sfree(bs); + sfree(ms); + sfree(cs); + sfree(ps); + } + freebn(a); + freebn(b); + freebn(m); + freebn(c); + freebn(p); } else if (!strcmp(buf, "pow")) { Bignum base, expt, modulus, expected, answer; @ 1.1 log @update to 3.7.2 This is a major update, many fixes and improvements. Main reason for the update was to sync the embedded sftp client with putty after fixes for vulnerabilities. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-CVE-2013-4206 was added on branch pkgsrc-2013Q2 on 2013-08-21 21:59:57 +0000 @ text @d1 87 @ 1.1.2.2 log @Pullup ticket #4217 - requested by drochner net/filezilla: security update Revisions pulled up: - net/filezilla/Makefile 1.44-1.45 - net/filezilla/PLIST 1.10 - net/filezilla/distinfo 1.17-1.18 - net/filezilla/patches/patch-CVE-2013-4206 1.1 - net/filezilla/patches/patch-CVE-2013-4208 1.1 - net/filezilla/patches/patch-CVE-2013-4852-1 deleted - net/filezilla/patches/patch-CVE-2013-4852-2 deleted - net/filezilla/patches/patch-CVE-2013-4852-3 deleted - net/filezilla/patches/patch-aa deleted --- Module Name: pkgsrc Committed By: drochner Date: Tue Aug 6 12:55:10 UTC 2013 Modified Files: pkgsrc/net/filezilla: Makefile distinfo Added Files: pkgsrc/net/filezilla/patches: patch-CVE-2013-4852-1 patch-CVE-2013-4852-2 patch-CVE-2013-4852-3 Log Message: apply patches from pkgsrc/security/putty to fix embedded sftp client bump PKGREV --- Module Name: pkgsrc Committed By: drochner Date: Wed Aug 7 16:48:49 UTC 2013 Modified Files: pkgsrc/net/filezilla: Makefile PLIST distinfo Added Files: pkgsrc/net/filezilla/patches: patch-CVE-2013-4206 patch-CVE-2013-4208 Removed Files: pkgsrc/net/filezilla/patches: patch-CVE-2013-4852-1 patch-CVE-2013-4852-2 patch-CVE-2013-4852-3 patch-aa Log Message: update to 3.7.2 This is a major update, many fixes and improvements. Main reason for the update was to sync the embedded sftp client with putty after fixes for vulnerabilities. @ text @a0 87 $NetBSD$ fixes also CVE-2013-4207 http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9977 http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9996 --- src/putty/sshbn.c.orig 2011-08-21 17:53:50.000000000 +0000 +++ src/putty/sshbn.c @@@@ -1018,6 +1018,13 @@@@ Bignum modmul(Bignum p, Bignum q, Bignum pqlen = (p[0] > q[0] ? p[0] : q[0]); + /* + * Make sure that we're allowing enough space. The shifting below + * will underflow the vectors we allocate if pqlen is too small. + */ + if (2*pqlen <= mlen) + pqlen = mlen/2 + 1; + /* Allocate n of size pqlen, copy p to n */ n = snewn(pqlen, BignumInt); i = pqlen - p[0]; @@@@ -1306,7 +1313,18 @@@@ int ssh1_write_bignum(void *data, Bignum int bignum_cmp(Bignum a, Bignum b) { int amax = a[0], bmax = b[0]; - int i = (amax > bmax ? amax : bmax); + int i; + + /* Annoyingly we have two representations of zero */ + if (amax == 1 && a[amax] == 0) + amax = 0; + if (bmax == 1 && b[bmax] == 0) + bmax = 0; + + assert(amax == 0 || a[amax] != 0); + assert(bmax == 0 || b[bmax] != 0); + + i = (amax > bmax ? amax : bmax); while (i) { BignumInt aval = (i > amax ? 0 : a[i]); BignumInt bval = (i > bmax ? 0 : b[i]); @@@@ -1864,6 +1882,44 @@@@ int main(int argc, char **argv) freebn(b); freebn(c); freebn(p); + } else if (!strcmp(buf, "modmul")) { + Bignum a, b, m, c, p; + + if (ptrnum != 4) { + printf("%d: modmul with %d parameters, expected 4\n", + line, ptrnum); + exit(1); + } + a = bignum_from_bytes(ptrs[0], ptrs[1]-ptrs[0]); + b = bignum_from_bytes(ptrs[1], ptrs[2]-ptrs[1]); + m = bignum_from_bytes(ptrs[2], ptrs[3]-ptrs[2]); + c = bignum_from_bytes(ptrs[3], ptrs[4]-ptrs[3]); + p = modmul(a, b, m); + + if (bignum_cmp(c, p) == 0) { + passes++; + } else { + char *as = bignum_decimal(a); + char *bs = bignum_decimal(b); + char *ms = bignum_decimal(m); + char *cs = bignum_decimal(c); + char *ps = bignum_decimal(p); + + printf("%d: fail: %s * %s mod %s gave %s expected %s\n", + line, as, bs, ms, ps, cs); + fails++; + + sfree(as); + sfree(bs); + sfree(ms); + sfree(cs); + sfree(ps); + } + freebn(a); + freebn(b); + freebn(m); + freebn(c); + freebn(p); } else if (!strcmp(buf, "pow")) { Bignum base, expt, modulus, expected, answer; @