Subject: CVS commit: [pkgsrc-2013Q2] pkgsrc/security/putty
From: Matthias Scheler
Date: 2013-08-21 21:40:13
Message id: 20130821194013.85C8296@cvs.netbsd.org

Log Message:
Pullup ticket #4216 - requested by drochner
security/putty: security update

Revisions pulled up:
- security/putty/Makefile                                       1.34-1.35
- security/putty/distinfo                                       1.14-1.15
- security/putty/patches/patch-CVE-2013-4852-1                  deleted
- security/putty/patches/patch-CVE-2013-4852-2                  deleted
- security/putty/patches/patch-import.c                         1.2-1.3
- security/putty/patches/patch-terminal.c                       deleted
- security/putty/patches/patch-timing.c                         1.2
- security/putty/patches/patch-unix_gtkfont_c                   deleted
- security/putty/patches/patch-unix_gtkwin.c                    1.3
- security/putty/patches/patch-unix_uxnet.c                     1.2
- security/putty/patches/patch-unix_uxucs.c                     1.2
- security/putty/patches/patch-windows_window.c                 1.2

---
   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Tue Aug  6 12:23:37 UTC 2013

   Modified Files:
           pkgsrc/security/putty: Makefile distinfo
           pkgsrc/security/putty/patches: patch-import.c
   Added Files:
           pkgsrc/security/putty/patches: patch-CVE-2013-4852-1
               patch-CVE-2013-4852-2

   Log Message:
   add patch from upstream to fix possible heap overflow in SSH handshake
   due to integer overflow (CVE-2013-4852)
   bump PKGREV

---
   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Wed Aug  7 11:06:39 UTC 2013

   Modified Files:
           pkgsrc/security/putty: Makefile distinfo
           pkgsrc/security/putty/patches: patch-import.c patch-timing.c
               patch-unix_gtkwin.c patch-unix_uxnet.c patch-unix_uxucs.c
               patch-windows_window.c
   Removed Files:
           pkgsrc/security/putty/patches: patch-CVE-2013-4852-1
               patch-CVE-2013-4852-2 patch-terminal.c patch-unix_gtkfont_c

   Log Message:
   update to 0.63
   This fixes a buffer overflow which was patched in pkgsrc
   (CVE-2013-4852), two other buffer overflows (CVE-2013-4206,
   CVE-2013-4207), and it clears private keys after use now
   (CVE-2013-4208). Other than that, there are mostly bug fixes from 0.62
   and a few small features.

Files:
RevisionActionfile
1.33.2.1modifypkgsrc/security/putty/Makefile
1.13.6.1modifypkgsrc/security/putty/distinfo
1.1.14.1modifypkgsrc/security/putty/patches/patch-import.c
1.1.6.1modifypkgsrc/security/putty/patches/patch-timing.c
1.2.6.1modifypkgsrc/security/putty/patches/patch-unix_gtkwin.c
1.1.14.1modifypkgsrc/security/putty/patches/patch-unix_uxnet.c
1.1.6.1modifypkgsrc/security/putty/patches/patch-unix_uxucs.c
1.1.14.1modifypkgsrc/security/putty/patches/patch-windows_window.c
1.2removepkgsrc/security/putty/patches/patch-terminal.c
1.1removepkgsrc/security/putty/patches/patch-unix_gtkfont_c