head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.2;
locks; strict;
comment	@# @;


1.2
date	2013.08.07.16.48.49;	author drochner;	state dead;
branches
	1.2.2.1;
next	1.1;
commitid	QRMOPc6vAWrEIx0x;

1.1
date	2013.08.06.12.55.10;	author drochner;	state Exp;
branches;
next	;
commitid	s1k9urRsBZ1Iso0x;

1.2.2.1
date	2013.08.07.16.48.49;	author tron;	state dead;
branches;
next	1.2.2.2;
commitid	IpneHqy4bDPYZm2x;

1.2.2.2
date	2013.08.21.21.59.57;	author tron;	state Exp;
branches;
next	;
commitid	IpneHqy4bDPYZm2x;


desc
@@


1.2
log
@update to 3.7.2
This is a major update, many fixes and improvements.
Main reason for the update was to sync the embedded sftp client
with putty after fixes for vulnerabilities.
@
text
@$NetBSD: patch-CVE-2013-4852-3,v 1.1 2013/08/06 12:55:10 drochner Exp $

--- src/putty/import.c.orig	2008-02-22 03:00:11.000000000 +0000
+++ src/putty/import.c
@@@@ -290,7 +290,7 @@@@ static int ssh2_read_mpint(void *data, i
     if (len < 4)
         goto error;
     bytes = GET_32BIT(d);
-    if (len < 4+bytes)
+    if (bytes < 0 || len-4 < bytes)
         goto error;
 
     ret->start = d + 4;
@


1.2.2.1
log
@file patch-CVE-2013-4852-3 was added on branch pkgsrc-2013Q2 on 2013-08-21 21:59:57 +0000
@
text
@d1 13
@


1.2.2.2
log
@Pullup ticket #4217 - requested by drochner
net/filezilla: security update

Revisions pulled up:
- net/filezilla/Makefile                                        1.44-1.45
- net/filezilla/PLIST                                           1.10
- net/filezilla/distinfo                                        1.17-1.18
- net/filezilla/patches/patch-CVE-2013-4206                     1.1
- net/filezilla/patches/patch-CVE-2013-4208                     1.1
- net/filezilla/patches/patch-CVE-2013-4852-1                   deleted
- net/filezilla/patches/patch-CVE-2013-4852-2                   deleted
- net/filezilla/patches/patch-CVE-2013-4852-3                   deleted
- net/filezilla/patches/patch-aa                                deleted

---
   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Tue Aug  6 12:55:10 UTC 2013

   Modified Files:
           pkgsrc/net/filezilla: Makefile distinfo
   Added Files:
           pkgsrc/net/filezilla/patches: patch-CVE-2013-4852-1
               patch-CVE-2013-4852-2 patch-CVE-2013-4852-3

   Log Message:
   apply patches from pkgsrc/security/putty to fix embedded sftp client
   bump PKGREV

---
   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Wed Aug  7 16:48:49 UTC 2013

   Modified Files:
           pkgsrc/net/filezilla: Makefile PLIST distinfo
   Added Files:
           pkgsrc/net/filezilla/patches: patch-CVE-2013-4206
   patch-CVE-2013-4208 Removed Files:
           pkgsrc/net/filezilla/patches: patch-CVE-2013-4852-1
               patch-CVE-2013-4852-2 patch-CVE-2013-4852-3 patch-aa

   Log Message:
   update to 3.7.2
   This is a major update, many fixes and improvements.
   Main reason for the update was to sync the embedded sftp client
   with putty after fixes for vulnerabilities.
@
text
@a0 13
$NetBSD$

--- src/putty/import.c.orig	2008-02-22 03:00:11.000000000 +0000
+++ src/putty/import.c
@@@@ -290,7 +290,7 @@@@ static int ssh2_read_mpint(void *data, i
     if (len < 4)
         goto error;
     bytes = GET_32BIT(d);
-    if (len < 4+bytes)
+    if (bytes < 0 || len-4 < bytes)
         goto error;
 
     ret->start = d + 4;
@


1.1
log
@apply patches from pkgsrc/security/putty to fix embedded sftp client
bump PKGREV
@
text
@d1 1
a1 1
$NetBSD$
@