~alpine/aports

[alpine-aports] [PATCH v3.5] main/putty: security upgrade to 0.68 - fixes #7074

Sergei Lukin <sergej.lukin@gmail.com>
Details
Message ID
<20170403083349.3206-1-sergej.lukin@gmail.com>
Sender timestamp
1491208429
DKIM signature
missing
Download raw message
7 years ago
Patch: +9 -22 
CVE-2017-6542: Integer overflow in the ssh_agent_channel_data
---
 main/putty/APKBUILD               | 17 +++++++++--------
 main/putty/fix-big-int-type.patch | 14 --------------
 2 files changed, 9 insertions(+), 22 deletions(-)
 delete mode 100644 main/putty/fix-big-int-type.patch

diff --git a/main/putty/APKBUILD b/main/putty/APKBUILD
index 7c397de0dd..2113a34f4d 100644
--- a/main/putty/APKBUILD
+++ b/main/putty/APKBUILD
@@ -1,6 +1,7 @@
# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
# Maintainer: Jeff Bilyk <jbilyk@alpinelinux.org>
pkgname=putty
pkgver=0.67
pkgver=0.68
pkgrel=0
pkgdesc="SSH and telnet client"
url="http://www.chiark.greenend.org.uk/~sgtatham/putty/"
@@ -12,10 +13,13 @@ makedepends="$depends_dev"
install=""
subpackages="$pkgname-doc"
source="http://the.earth.li/~sgtatham/putty/latest/putty-$pkgver.tar.gz
fix-big-int-type.patch
fix-include.patch
"

# secfixes:
#   0.68-r0:
#   - CVE-2017-6542

_builddir="$srcdir"/putty-$pkgver
prepare() {
	local i
@@ -42,12 +46,9 @@ package() {
	make DESTDIR="$pkgdir" install || return 1
}

md5sums="8d5d450e8f9a011e2e411e3f30827e9b  putty-0.67.tar.gz
a9a76a4b889eaa3c25bce60c2c3d1211  fix-big-int-type.patch
md5sums="1d933c04e256a669af5a3b85c090909a  putty-0.68.tar.gz
c376fb348650e28b88cbf06c07cd35d4  fix-include.patch"
sha256sums="80192458e8a46229de512afeca5c757dd8fce09606b3c992fbaeeee29b994a47  putty-0.67.tar.gz
77cf14b0c1b793c79c3f80a6e11b57ca281a155a3b01c96ec052ec1cd37d849b  fix-big-int-type.patch
sha256sums="7ba256f46e5a353cafe811ce7914d0e22a52bdfc0e6e2d183ad28b5af44cd09c  putty-0.68.tar.gz
c10f453b2b8f4df670e192234ab14aa81d28f5b917a38c75d8936e351478c738  fix-include.patch"
sha512sums="c2b17da46b8db3fe3837a10cb9cf5dd4b3ef6bfa15cadab83f3b87cf1479ed31fced90b774297ae53bdcbbdf230fc80d5c73d5ff3be6916fb591fd7ce3d35eca  putty-0.67.tar.gz
7dae793a7f9c5248f10ebf456087c01459c99bc8ab931b06a9aa09d70ef010a06bf7b248c38b03ddd0b76d1a35d3b32a095ac99a22d08aa170ce0d100f5dffb7  fix-big-int-type.patch
sha512sums="e3a6e4f45e1fce70d4cbb6d4769ab72b23c10920e48a88bba95b3f4c225b0193ddc1444e69d572bdec5e505d2c56fed365f07d990c156b35f272b56f978ef5d3  putty-0.68.tar.gz
1ac1d9c803e0bc180b4c9a2dde357d06b0af37d182e8037fccc5c42f03f5e796fca0a1a2e6fa2db5ae27fbbdfb2579938a70ccf5028fee20c828a853607f330b  fix-include.patch"
diff --git a/main/putty/fix-big-int-type.patch b/main/putty/fix-big-int-type.patch
deleted file mode 100644
index 77c17284b2..0000000000
--- a/main/putty/fix-big-int-type.patch
@@ -1,14 +0,0 @@
diff --git a/sshbn.h.orig b/sshbn.h
index a043241..f2a3217 100644
--- a/sshbn.h.orig
+++ b/sshbn.h
@@ -26,7 +26,8 @@
  * using the same 'two machine registers' kind of code generation that
  * 32-bit targets use for 64-bit ints. If we have one of these, we can
  * use a 64-bit BignumInt and a 128-bit BignumDblInt. */
-typedef __uint64_t BignumInt;
+#include <stdint.h>
+typedef uint64_t BignumInt;
 typedef __uint128_t BignumDblInt;
 #define BIGNUM_INT_MASK  0xFFFFFFFFFFFFFFFFULL
 #define BIGNUM_TOP_BIT   0x8000000000000000ULL
-- 
2.11.1



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)