pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/security/putty



Module Name:    pkgsrc
Committed By:   ryoon
Date:           Tue Oct  1 15:22:41 UTC 2019

Modified Files:
        pkgsrc/security/putty: Makefile distinfo
        pkgsrc/security/putty/patches: patch-ldisc.c patch-timing.c
            patch-unix_uxucs.c

Log Message:
Update to 0.73

Changelog:
Vulnerabilities fixed in this release include:

 - On Windows, the listening sockets used for local port forwarding
   were opened in a mode that did not prevent other processes from
   also listening on the same ports and stealing some of the incoming
   connections.

 - In the PuTTY terminal, bracketed paste mode was broken in 0.72, in
   a way that made the pasted data look like manual keyboard input. So
   any application relying on the bracketing sequences to protect
   against malicious clipboard contents would have been misled.

 - An SSH-1 server could trigger an access to freed memory by sending
   the SSH1_MSG_DISCONNECT message. Not known to be exploitable.

Other bug fixes include:

 - Windows Plink no longer crashes on startup when it tries to tell
   you it's reusing an existing SSH connection.

 - Windows PuTTY now updates its terminal window size correctly if the
   screen resolution changes while it's maximised.

 - If you display the coloured error messages from gcc in the PuTTY
   terminal, there is no longer a missing character if a colour change
   happens exactly at the end of a line.

 - If you use the 'Clear Scrollback' menu option or escape sequence
   while text in the scrollback is selected, it no longer causes an
   assertion failure.


To generate a diff of this commit:
cvs rdiff -u -r1.58 -r1.59 pkgsrc/security/putty/Makefile
cvs rdiff -u -r1.26 -r1.27 pkgsrc/security/putty/distinfo
cvs rdiff -u -r1.2 -r1.3 pkgsrc/security/putty/patches/patch-ldisc.c \
    pkgsrc/security/putty/patches/patch-timing.c \
    pkgsrc/security/putty/patches/patch-unix_uxucs.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/putty/Makefile
diff -u pkgsrc/security/putty/Makefile:1.58 pkgsrc/security/putty/Makefile:1.59
--- pkgsrc/security/putty/Makefile:1.58 Thu Jul 25 12:50:06 2019
+++ pkgsrc/security/putty/Makefile      Tue Oct  1 15:22:41 2019
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.58 2019/07/25 12:50:06 ryoon Exp $
+# $NetBSD: Makefile,v 1.59 2019/10/01 15:22:41 ryoon Exp $
 #
 
-DISTNAME=      putty-0.72
+DISTNAME=      putty-0.73
 CATEGORIES=    security
 MASTER_SITES=  http://the.earth.li/~sgtatham/putty/${PKGVERSION_NOREV}/
 

Index: pkgsrc/security/putty/distinfo
diff -u pkgsrc/security/putty/distinfo:1.26 pkgsrc/security/putty/distinfo:1.27
--- pkgsrc/security/putty/distinfo:1.26 Thu Jul 25 12:50:06 2019
+++ pkgsrc/security/putty/distinfo      Tue Oct  1 15:22:41 2019
@@ -1,14 +1,14 @@
-$NetBSD: distinfo,v 1.26 2019/07/25 12:50:06 ryoon Exp $
+$NetBSD: distinfo,v 1.27 2019/10/01 15:22:41 ryoon Exp $
 
-SHA1 (putty-0.72.tar.gz) = 9940e226e5b9f2da9b15109c0deabb168c92d850
-RMD160 (putty-0.72.tar.gz) = 4c3432e935a8ebc31b5c3f4770be542877f51942
-SHA512 (putty-0.72.tar.gz) = a963985e55dcd589c08ef51085808a6364629edd8ce6708ebdf516e0339a41b7f186f91d7d7f26b1fec03d60767f365246e6fa06e9ef042898355c2f90f355dd
-Size (putty-0.72.tar.gz) = 2449516 bytes
-SHA1 (patch-ldisc.c) = 9a12a0b96bdf57ae219651b38d695fa5440da354
+SHA1 (putty-0.73.tar.gz) = 17daebb82e476adfd578f6934c28f4d2c209b7d8
+RMD160 (putty-0.73.tar.gz) = 9e7c0084464963581bc47ce1b87e25ba51d27743
+SHA512 (putty-0.73.tar.gz) = 4ada4b8c6d68be44afede2676bc661fedfd1ea0b574b8232ad9aaa6f3a48baa9f4f0ded2955b3f2677a14db85a508f53c965cb00fcd7538a1ed9844031f0c5e5
+Size (putty-0.73.tar.gz) = 2459115 bytes
+SHA1 (patch-ldisc.c) = cf31a65f920a3ea9b4a70602e4b2fd4d5df8d3e8
 SHA1 (patch-misc.c) = fa1c2db8eb20ceaadb4b57b6aefa57f22d2ae26f
 SHA1 (patch-terminal.c) = 9e57f754bb2071c8c6b6a92ae63772eb10790121
-SHA1 (patch-timing.c) = 9dd79fde390878960e97c456628bbd5dcbcd07f9
+SHA1 (patch-timing.c) = a6a492fc8b22c58e2973c854bffa4c8bf71eb6a7
 SHA1 (patch-unix_Makefile.gtk) = 7fe7859ad91afb57ef3ba31194ffd2ef784f638d
 SHA1 (patch-unix_uxnet.c) = 2d1c2939721993fe5616c2fe3f1935c03a31bb35
 SHA1 (patch-unix_uxpgnt.c) = b5625b33b940ea2870d3e91d38e2303a80d6887b
-SHA1 (patch-unix_uxucs.c) = a2a5021b515c3bade1126ed062bdc1eece1ca0f9
+SHA1 (patch-unix_uxucs.c) = 47791025e5375e9e8649ce24bc9efff3c7d29ab4

Index: pkgsrc/security/putty/patches/patch-ldisc.c
diff -u pkgsrc/security/putty/patches/patch-ldisc.c:1.2 pkgsrc/security/putty/patches/patch-ldisc.c:1.3
--- pkgsrc/security/putty/patches/patch-ldisc.c:1.2     Mon Apr  1 12:10:43 2019
+++ pkgsrc/security/putty/patches/patch-ldisc.c Tue Oct  1 15:22:41 2019
@@ -1,33 +1,33 @@
-$NetBSD: patch-ldisc.c,v 1.2 2019/04/01 12:10:43 ryoon Exp $
+$NetBSD: patch-ldisc.c,v 1.3 2019/10/01 15:22:41 ryoon Exp $
 
 pwrite is a standard system call
 
---- ldisc.c.orig       2019-03-16 12:26:34.000000000 +0000
+--- ldisc.c.orig       2019-09-22 09:14:48.000000000 +0000
 +++ ldisc.c
-@@ -42,7 +42,7 @@ static int plen(Ldisc *ldisc, unsigned c
-       return 4;                      /* <XY> hex representation */
+@@ -40,7 +40,7 @@ static int plen(Ldisc *ldisc, unsigned c
+         return 4;                      /* <XY> hex representation */
  }
  
 -static void pwrite(Ldisc *ldisc, unsigned char c)
 +static void pwrite_(Ldisc *ldisc, unsigned char c)
  {
      if ((c >= 32 && c <= 126) ||
-       (!in_utf(ldisc->term) && c >= 0xA0) ||
-@@ -229,7 +229,7 @@ void ldisc_send(Ldisc *ldisc, const void
-                   int i;
-                   c_write(ldisc, "^R\r\n", 4);
-                   for (i = 0; i < ldisc->buflen; i++)
--                      pwrite(ldisc, ldisc->buf[i]);
-+                      pwrite_(ldisc, ldisc->buf[i]);
-               }
-               break;
-             case CTRL('V'):          /* quote next char */
-@@ -294,7 +294,7 @@ void ldisc_send(Ldisc *ldisc, const void
+         (!in_utf(ldisc->term) && c >= 0xA0) ||
+@@ -227,7 +227,7 @@ void ldisc_send(Ldisc *ldisc, const void
+                     int i;
+                     c_write(ldisc, "^R\r\n", 4);
+                     for (i = 0; i < ldisc->buflen; i++)
+-                        pwrite(ldisc, ldisc->buf[i]);
++                        pwrite_(ldisc, ldisc->buf[i]);
+                 }
+                 break;
+               case CTRL('V'):          /* quote next char */
+@@ -292,7 +292,7 @@ void ldisc_send(Ldisc *ldisc, const void
                  sgrowarray(ldisc->buf, ldisc->bufsiz, ldisc->buflen);
-               ldisc->buf[ldisc->buflen++] = c;
-               if (ECHOING)
--                  pwrite(ldisc, (unsigned char) c);
-+                  pwrite_(ldisc, (unsigned char) c);
-               ldisc->quotenext = false;
-               break;
-           }
+                 ldisc->buf[ldisc->buflen++] = c;
+                 if (ECHOING)
+-                    pwrite(ldisc, (unsigned char) c);
++                    pwrite_(ldisc, (unsigned char) c);
+                 ldisc->quotenext = false;
+                 break;
+             }
Index: pkgsrc/security/putty/patches/patch-timing.c
diff -u pkgsrc/security/putty/patches/patch-timing.c:1.2 pkgsrc/security/putty/patches/patch-timing.c:1.3
--- pkgsrc/security/putty/patches/patch-timing.c:1.2    Wed Aug  7 11:06:39 2013
+++ pkgsrc/security/putty/patches/patch-timing.c        Tue Oct  1 15:22:41 2019
@@ -1,6 +1,6 @@
-$NetBSD: patch-timing.c,v 1.2 2013/08/07 11:06:39 drochner Exp $
+$NetBSD: patch-timing.c,v 1.3 2019/10/01 15:22:41 ryoon Exp $
 
---- timing.c.orig      2012-09-19 22:12:00.000000000 +0000
+--- timing.c.orig      2019-09-22 09:14:51.000000000 +0000
 +++ timing.c
 @@ -60,19 +60,10 @@ static int compare_timers(void *av, void
       * Failing that, compare on the other two fields, just so that
@@ -9,18 +9,18 @@ $NetBSD: patch-timing.c,v 1.2 2013/08/07
 -#if defined(__LCC__) || defined(__clang__)
 -    /* lcc won't let us compare function pointers. Legal, but annoying. */
 -    {
--      int c = memcmp(&a->fn, &b->fn, sizeof(a->fn));
--      if (c)
--          return c;
+-        int c = memcmp(&a->fn, &b->fn, sizeof(a->fn));
+-        if (c)
+-            return c;
 -    }
--#else    
+-#else
 -    if (a->fn < b->fn)
 +    if ((uintptr_t)a->fn < (uintptr_t)b->fn)
-       return -1;
+         return -1;
 -    else if (a->fn > b->fn)
 +    else if ((uintptr_t)a->fn > (uintptr_t)b->fn)
-       return +1;
+         return +1;
 -#endif
  
      if (a->ctx < b->ctx)
-       return -1;
+         return -1;
Index: pkgsrc/security/putty/patches/patch-unix_uxucs.c
diff -u pkgsrc/security/putty/patches/patch-unix_uxucs.c:1.2 pkgsrc/security/putty/patches/patch-unix_uxucs.c:1.3
--- pkgsrc/security/putty/patches/patch-unix_uxucs.c:1.2        Wed Aug  7 11:06:39 2013
+++ pkgsrc/security/putty/patches/patch-unix_uxucs.c    Tue Oct  1 15:22:41 2019
@@ -1,13 +1,13 @@
-$NetBSD: patch-unix_uxucs.c,v 1.2 2013/08/07 11:06:39 drochner Exp $
+$NetBSD: patch-unix_uxucs.c,v 1.3 2019/10/01 15:22:41 ryoon Exp $
 
---- unix/uxucs.c.orig  2013-07-22 07:12:05.000000000 +0000
+--- unix/uxucs.c.orig  2019-09-22 09:14:52.000000000 +0000
 +++ unix/uxucs.c
-@@ -72,7 +72,7 @@ int wc_to_mb(int codepage, int flags, co
-       memset(&state, 0, sizeof state);
+@@ -68,7 +68,7 @@ int wc_to_mb(int codepage, int flags, co
+         memset(&state, 0, sizeof state);
  
-       while (wclen > 0) {
--          int i = wcrtomb(output, wcstr[0], &state);
-+          size_t i = wcrtomb(output, wcstr[0], &state);
-           if (i == (size_t)-1 || i > n - mblen)
-               break;
-           memcpy(mbstr+n, output, i);
+         while (wclen > 0) {
+-            int i = wcrtomb(output, wcstr[0], &state);
++            size_t i = wcrtomb(output, wcstr[0], &state);
+             if (i == (size_t)-1 || i > n - mblen)
+                 break;
+             memcpy(mbstr+n, output, i);



Home | Main Index | Thread Index | Old Index