Module Name:	pkgsrc
Committed By:	martti
Date:		Tue Aug 31 10:27:38 UTC 2004

Modified Files:
	pkgsrc/security/dropbear: Makefile distinfo
	pkgsrc/security/dropbear/patches: patch-aa

Log Message:
Updated dropbear to 0.43

- SECURITY: Don't try to free() uninitialised variables in DSS verification
  code. Thanks to Arne Bernin for pointing out this bug. This is possibly
  exploitable, all users with DSS and pubkey-auth compiled in are advised to
  upgrade.

- Clean up agent forwarding socket files correctly, patch from Gerrit Pape.

- Don't go into an infinite loop when portforwarding to servers which don't
  send any initial data/banner. Patch from Nikola Vladov

- Fix for network vs. host byte order in logging remote TCP ports, also
  from Gerrit Pape.

- Initialise many pointers to NULL, for general safety. Also checked cleanup
  code for mp_ints (related to security issues above).


To generate a diff of this commit:
cvs rdiff -r1.5 -r1.6 pkgsrc/security/dropbear/Makefile
cvs rdiff -r1.3 -r1.4 pkgsrc/security/dropbear/distinfo
cvs rdiff -r1.3 -r1.4 pkgsrc/security/dropbear/patches/patch-aa

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.