X-Original-To: alpine-aports@lists.alpinelinux.org
Received: from mail-lf0-f67.google.com (mail-lf0-f67.google.com [209.85.215.67])
	by lists.alpinelinux.org (Postfix) with ESMTP id 5F2665C3C57
	for <alpine-aports@lists.alpinelinux.org>; Mon,  3 Apr 2017 08:33:58 +0000 (GMT)
Received: by mail-lf0-f67.google.com with SMTP id r36so12199017lfi.0
        for <alpine-aports@lists.alpinelinux.org>; Mon, 03 Apr 2017 01:33:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id;
        bh=i7bNW9kWDr2+wQ60OclD8UHmktuLKknvGMUBRNXfh5Q=;
        b=nbQ0UCPtq4zl19ImiIF0RrIXf96Ds6vNjLqYwhKLwreQ8dfgVQti/uX0zexscGFlMP
         uIp8zK4goDb6fpUAh86LkUDkWEygQ/HM9pRCw1p+Qed7H6VLXlJSkidL3ddRW0xVShJl
         x/pTXv6dTLlhMjJs1TllRD9hEJ2WzHBrDmF9wC0fIXyQNc1VRgwxQ1UYYI0nZxzm+Fg2
         6wt1WMXig50ZdPj0z+OK8sIlgRjuaAmZGAAfwG6x0jKmtHdonueqc/wHXPzUedoG+Uuk
         on+2b+tmGdXTZB4yrlL4xCMnKYmCBSum2DlpOnTm8WI6ym8jeAqfY6hzXcCGXfGZhO0l
         MGiA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id;
        bh=i7bNW9kWDr2+wQ60OclD8UHmktuLKknvGMUBRNXfh5Q=;
        b=QKlv5ROV1O/X/WCg0Obib+Ut6ZVW1lGVzS3XHbUteRdloNZdLqOvx8QNwZeAIR152Q
         XQBGfW24Vqn7+VblDMVig1mD4ZlL1ht9JtRpmPz4gIn+x2BbbZ0+SZ7xuoQMXkbo52hr
         kZXCkWCyK+gn6cJz4qTRUYbD7HVW+dOyAABhoi8otLyiIV2TOXU2f2gO8PrOKeUb83jM
         qC4Y0sbjUEaap/FoRK9K8zXTaNUZedykD0i9a16QaYU6hnmxYQGWskZ/dqArt8Hk2Cru
         lrfr0lCK5IOCroVsa83WwZH5ZzXgMmS2DQGm56jHZvqaUvOziGhqd+44xMMp3+Cb8ZUH
         7WUA==
X-Gm-Message-State: AFeK/H0Qd4PGbY84RF8z3YRg3btTaJi6ypR167nS1YlJ4arudStPpDi92HuIAMqAY6nF0Q==
X-Received: by 10.25.18.95 with SMTP id h92mr4294929lfi.63.1491208437565;
        Mon, 03 Apr 2017 01:33:57 -0700 (PDT)
Received: from v3-5.util.wtbts.net ([83.145.235.199])
        by smtp.gmail.com with ESMTPSA id a16sm2457538lfk.24.2017.04.03.01.33.56
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 03 Apr 2017 01:33:57 -0700 (PDT)
From: Sergei Lukin <sergej.lukin@gmail.com>
To: alpine-aports@lists.alpinelinux.org
Cc: Sergei Lukin <sergej.lukin@gmail.com>
Subject: [alpine-aports] [PATCH v3.5] main/putty: security upgrade to 0.68 - fixes #7074
Date: Mon,  3 Apr 2017 08:33:49 +0000
Message-Id: <20170403083349.3206-1-sergej.lukin@gmail.com>
X-Mailer: git-send-email 2.11.1
X-Mailinglist: alpine-aports
Precedence: list
List-Id: Alpine Development <alpine-aports.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-aports+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-aports@lists.alpinelinux.org>
List-Help: <mailto:alpine-aports+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-aports+subscribe@lists.alpinelinux.org?subject=subscribe>

CVE-2017-6542: Integer overflow in the ssh_agent_channel_data
---
 main/putty/APKBUILD               | 17 +++++++++--------
 main/putty/fix-big-int-type.patch | 14 --------------
 2 files changed, 9 insertions(+), 22 deletions(-)
 delete mode 100644 main/putty/fix-big-int-type.patch

diff --git a/main/putty/APKBUILD b/main/putty/APKBUILD
index 7c397de0dd..2113a34f4d 100644
--- a/main/putty/APKBUILD
+++ b/main/putty/APKBUILD
@@ -1,6 +1,7 @@
+# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
 # Maintainer: Jeff Bilyk <jbilyk@alpinelinux.org>
 pkgname=putty
-pkgver=0.67
+pkgver=0.68
 pkgrel=0
 pkgdesc="SSH and telnet client"
 url="http://www.chiark.greenend.org.uk/~sgtatham/putty/"
@@ -12,10 +13,13 @@ makedepends="$depends_dev"
 install=""
 subpackages="$pkgname-doc"
 source="http://the.earth.li/~sgtatham/putty/latest/putty-$pkgver.tar.gz
-fix-big-int-type.patch
 fix-include.patch
 "
 
+# secfixes:
+#   0.68-r0:
+#   - CVE-2017-6542
+
 _builddir="$srcdir"/putty-$pkgver
 prepare() {
 	local i
@@ -42,12 +46,9 @@ package() {
 	make DESTDIR="$pkgdir" install || return 1
 }
 
-md5sums="8d5d450e8f9a011e2e411e3f30827e9b  putty-0.67.tar.gz
-a9a76a4b889eaa3c25bce60c2c3d1211  fix-big-int-type.patch
+md5sums="1d933c04e256a669af5a3b85c090909a  putty-0.68.tar.gz
 c376fb348650e28b88cbf06c07cd35d4  fix-include.patch"
-sha256sums="80192458e8a46229de512afeca5c757dd8fce09606b3c992fbaeeee29b994a47  putty-0.67.tar.gz
-77cf14b0c1b793c79c3f80a6e11b57ca281a155a3b01c96ec052ec1cd37d849b  fix-big-int-type.patch
+sha256sums="7ba256f46e5a353cafe811ce7914d0e22a52bdfc0e6e2d183ad28b5af44cd09c  putty-0.68.tar.gz
 c10f453b2b8f4df670e192234ab14aa81d28f5b917a38c75d8936e351478c738  fix-include.patch"
-sha512sums="c2b17da46b8db3fe3837a10cb9cf5dd4b3ef6bfa15cadab83f3b87cf1479ed31fced90b774297ae53bdcbbdf230fc80d5c73d5ff3be6916fb591fd7ce3d35eca  putty-0.67.tar.gz
-7dae793a7f9c5248f10ebf456087c01459c99bc8ab931b06a9aa09d70ef010a06bf7b248c38b03ddd0b76d1a35d3b32a095ac99a22d08aa170ce0d100f5dffb7  fix-big-int-type.patch
+sha512sums="e3a6e4f45e1fce70d4cbb6d4769ab72b23c10920e48a88bba95b3f4c225b0193ddc1444e69d572bdec5e505d2c56fed365f07d990c156b35f272b56f978ef5d3  putty-0.68.tar.gz
 1ac1d9c803e0bc180b4c9a2dde357d06b0af37d182e8037fccc5c42f03f5e796fca0a1a2e6fa2db5ae27fbbdfb2579938a70ccf5028fee20c828a853607f330b  fix-include.patch"
diff --git a/main/putty/fix-big-int-type.patch b/main/putty/fix-big-int-type.patch
deleted file mode 100644
index 77c17284b2..0000000000
--- a/main/putty/fix-big-int-type.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-diff --git a/sshbn.h.orig b/sshbn.h
-index a043241..f2a3217 100644
---- a/sshbn.h.orig
-+++ b/sshbn.h
-@@ -26,7 +26,8 @@
-  * using the same 'two machine registers' kind of code generation that
-  * 32-bit targets use for 64-bit ints. If we have one of these, we can
-  * use a 64-bit BignumInt and a 128-bit BignumDblInt. */
--typedef __uint64_t BignumInt;
-+#include <stdint.h>
-+typedef uint64_t BignumInt;
- typedef __uint128_t BignumDblInt;
- #define BIGNUM_INT_MASK  0xFFFFFFFFFFFFFFFFULL
- #define BIGNUM_TOP_BIT   0x8000000000000000ULL
-- 
2.11.1



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---