MFH: r436313 r436321 r436323

Update to new upstream release 0.68 (security fixes)

Additional minor updates on top of cy@'s patch (USE_GNOME, USE_XORG,
LDFLAGS).

ChangeLog: http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html

[436321]
Add forgotten patch for Linux -> BSD portability.

[436323]
Remove leftover files.

The reference to these had been removed as of r184036 on 2007-02-03 already.

Submitted by:	cy@
Security:	CVE-2017-6542
Security:	9b973e97-0a99-11e7-ace7-080027ef73ec
Differential Revision:	https://reviews.freebsd.org/D10023

Approved by:	ports-secteam@ (junovitch@)

6 files changed, 30 insertions, 150 deletions

diff --git a/security/putty/Makefile b/security/putty/Makefile
index caa6fb7ba8f9..3cbe19cb2028 100644
--- a/security/putty/Makefile
+++ b/security/putty/Makefile
@@ -1,7 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	putty
-PORTVERSION=	0.67
+PORTVERSION=	0.68
 CATEGORIES=	security ipv6
 MASTER_SITES=	http://the.earth.li/~sgtatham/putty/${PORTVERSION}/ \
 		ftp://ftp.chiark.greenend.org.uk/users/sgtatham/putty-latest/
@@ -31,9 +31,12 @@ CONFLICTS_INSTALL?=	pssh-[0-9]* putty-nogtk-[0-9]*
 .include <bsd.port.options.mk>
 
 CFLAGS+=	-DBSD_PTYS -DOMIT_UTMP -DIPV6
+LDFLAGS+=	-Wl,--as-needed
 
 .if ${PORT_OPTIONS:MGTK2} && !defined(WITHOUT_X11)
-USE_GNOME=	gtk20
+USE_GNOME=	cairo gdkpixbuf2 gtk20
+USE_XORG=	x11
+
 PLIST_FILES+=	bin/pterm bin/putty bin/puttytel
 PLIST_FILES+=	man/man1/pterm.1.gz man/man1/putty.1.gz man/man1/puttytel.1.gz
 MAKE_ARGS+=	PUTTY_WITH_GTK=yes GTK_CONFIG="pkg-config gtk+-2.0 x11 --cflags"
diff --git a/security/putty/distinfo b/security/putty/distinfo
index 2c78b62483d0..213a8f1d8701 100644
--- a/security/putty/distinfo
+++ b/security/putty/distinfo
@@ -1,2 +1,3 @@
-SHA256 (putty-0.67.tar.gz) = 80192458e8a46229de512afeca5c757dd8fce09606b3c992fbaeeee29b994a47
-SIZE (putty-0.67.tar.gz) = 1955547
+TIMESTAMP = 1489606314
+SHA256 (putty-0.68.tar.gz) = 7ba256f46e5a353cafe811ce7914d0e22a52bdfc0e6e2d183ad28b5af44cd09c
+SIZE (putty-0.68.tar.gz) = 2114499
diff --git a/security/putty/files/mbrtowc.c b/security/putty/files/mbrtowc.c
deleted file mode 100644
index 99233773ef1e..000000000000
--- a/security/putty/files/mbrtowc.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/*-
- * Copyright (c) 2002, 2003 Tim J. Robbins.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: /tmp/pcvs/ports/security/putty/files/mbrtowc.c,v 1.1 2004-02-13 17:45:38 dinoex Exp $");
-
-#include <errno.h>
-#include <rune.h>
-#include <stdlib.h>
-#include <wchar.h>
-
-/*
- * Emulate the ISO C mbrtowc() function in terms of the deprecated
- * 4.4BSD sgetrune() function.
- */
-size_t
-mbrtowc(wchar_t * __restrict pwc, const char * __restrict s,
-    size_t n, mbstate_t * __restrict ps __unused)
-{
-        const char *e;
-        rune_t r;
-
-	if (s == NULL) {
-		pwc = NULL;
-		s = "";
-		n = 1;
-	}
-
-	if ((r = sgetrune(s, n, &e)) == _INVALID_RUNE) {
-		/*
-		 * The design of sgetrune() doesn't give us any way to tell
-		 * between incomplete and invalid multibyte sequences.
-		 */
-
-		if (n >= (size_t)MB_CUR_MAX) {
-			/*
-			 * If we have been supplied with at least MB_CUR_MAX
-			 * bytes and still cannot find a valid character, the
-			 * data must be invalid.
-			 */
-			errno = EILSEQ;
-			return ((size_t)-1);
-		}
-
-		/*
-		 * .. otherwise, it's an incomplete character or an invalid
-		 * character we cannot detect yet.
-		 */
-		return ((size_t)-2);
-	}
-
-	if (pwc != NULL)
-		*pwc = (wchar_t)r;
-
-	return (r != 0 ? (size_t)(e - s) : 0);
-}
diff --git a/security/putty/files/patch-Makefile.gtk b/security/putty/files/patch-Makefile.gtk
index b3d47c821323..976af7dce204 100644
--- a/security/putty/files/patch-Makefile.gtk
+++ b/security/putty/files/patch-Makefile.gtk
@@ -1,27 +1,28 @@
---- Makefile.gtk.orig	2015-02-28 15:33:27 UTC
-+++ Makefile.gtk
-@@ -110,7 +110,7 @@ GTK_CONFIG = sh -c 'pkg-config gtk+-2.0 
+--- Makefile.gtk.orig	2017-03-16 02:47:16.000000000 +0000
++++ Makefile.gtk	2017-03-16 02:47:16.000000000 +0000
+@@ -111,7 +111,7 @@
  
  unexport CFLAGS # work around a weird issue with krb5-config
  
 -CFLAGS = -O2 -Wall -Werror -g -I.././ -I../charset/ -I../windows/ -I../unix/ \
 +CFLAGS := $(CFLAGS) -Wall -Werror -I.././ -I../charset/ -I../windows/ -I../unix/ \
- 		-I../macosx/ $(shell $(GTK_CONFIG) --cflags) -D _FILE_OFFSET_BITS=64
+ 		$(shell $(GTK_CONFIG) --cflags) -D _FILE_OFFSET_BITS=64
  XLDFLAGS = $(LDFLAGS) $(shell $(GTK_CONFIG) --libs)
  ULDFLAGS = $(LDFLAGS)
-@@ -137,7 +137,11 @@ man1dir=$(mandir)/man1
+@@ -138,8 +138,12 @@
  .SUFFIXES:
  
  
 +ifdef PUTTY_WITH_GTK
- all: plink pscp psftp pterm putty puttygen puttytel
+ all: cgtest fuzzterm osxlaunch pageant plink pscp psftp pterm ptermapp putty \
+ 		puttyapp puttygen puttytel testbn
 +else
 +all: plink pscp psftp puttygen
 +endif
  
- plink: be_all_s.o callback.o cmdline.o conf.o cproxy.o ldisc.o logging.o \
- 		misc.o noterm.o pgssapi.o pinger.o portfwd.o proxy.o raw.o \
-@@ -920,6 +924,8 @@ install:
+ cgtest: cgtest.o conf.o import.o misc.o notiming.o sshaes.o sshbcrypt.o \
+ 		sshblowf.o sshbn.o sshdes.o sshdss.o sshdssg.o sshecc.o \
+@@ -1050,6 +1054,8 @@
  	$(INSTALL_PROGRAM) -m 755 plink $(DESTDIR)$(bindir)/plink
  	$(INSTALL_PROGRAM) -m 755 pscp $(DESTDIR)$(bindir)/pscp
  	$(INSTALL_PROGRAM) -m 755 psftp $(DESTDIR)$(bindir)/psftp
@@ -30,7 +31,7 @@
  	$(INSTALL_PROGRAM) -m 755 pterm $(DESTDIR)$(bindir)/pterm
  	if test -n "$(UTMP_GROUP)"; then \
  	  chgrp $(UTMP_GROUP) $(DESTDIR)$(bindir)/pterm && \
-@@ -929,15 +935,17 @@ install:
+@@ -1059,15 +1065,17 @@
  	    chmod 4755 $(DESTDIR)$(bindir)/pterm; \
  	fi
  	$(INSTALL_PROGRAM) -m 755 putty $(DESTDIR)$(bindir)/putty
diff --git a/security/putty/files/patch-unix__uxpgnt.c b/security/putty/files/patch-unix__uxpgnt.c
new file mode 100644
index 000000000000..3ef98d5849fa
--- /dev/null
+++ b/security/putty/files/patch-unix__uxpgnt.c
@@ -0,0 +1,11 @@
+--- uxpgnt.c.orig	2017-03-16 03:33:18.000000000 +0000
++++ uxpgnt.c	2017-03-16 03:33:18.000000000 +0000
+@@ -270,7 +270,7 @@
+         /* Get out of our previous process group, to avoid being
+          * blasted by passing signals. But keep our controlling tty,
+          * so we can keep checking to see if we still have one. */
+-        setpgrp();
++        setpgrp(0,0);
+     } else {
+         /* Do that, but also leave our entire session and detach from
+          * the controlling tty (if any). */
diff --git a/security/putty/files/wcrtomb.c b/security/putty/files/wcrtomb.c
deleted file mode 100644
index f4888a8e72ab..000000000000
--- a/security/putty/files/wcrtomb.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*-
- * Copyright (c) 2002, 2003 Tim J. Robbins.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: /tmp/pcvs/ports/security/putty/files/wcrtomb.c,v 1.1 2004-02-13 17:45:39 dinoex Exp $");
-
-#include <errno.h>
-#include <limits.h>
-#include <rune.h>
-#include <stdlib.h>
-#include <wchar.h>
-
-/*
- * Emulate the ISO C wcrtomb() function in terms of the deprecated
- * 4.4BSD sputrune() function.
- */
-size_t
-wcrtomb(char * __restrict s, wchar_t wc,
-    mbstate_t * __restrict ps __unused)
-{
-	char *e;
-	char buf[MB_LEN_MAX];
-
-	if (s == NULL) {
-		s = buf;
-		wc = L'\0';
-	}
-	sputrune(wc, s, MB_CUR_MAX, &e);
-	if (e == NULL) {
-		errno = EILSEQ;
-		return ((size_t)-1);
-	}
-	return ((size_t)(e - s));
-}