pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/security/putty
Module Name: pkgsrc
Committed By: ryoon
Date: Tue Oct 1 15:22:41 UTC 2019
Modified Files:
pkgsrc/security/putty: Makefile distinfo
pkgsrc/security/putty/patches: patch-ldisc.c patch-timing.c
patch-unix_uxucs.c
Log Message:
Update to 0.73
Changelog:
Vulnerabilities fixed in this release include:
- On Windows, the listening sockets used for local port forwarding
were opened in a mode that did not prevent other processes from
also listening on the same ports and stealing some of the incoming
connections.
- In the PuTTY terminal, bracketed paste mode was broken in 0.72, in
a way that made the pasted data look like manual keyboard input. So
any application relying on the bracketing sequences to protect
against malicious clipboard contents would have been misled.
- An SSH-1 server could trigger an access to freed memory by sending
the SSH1_MSG_DISCONNECT message. Not known to be exploitable.
Other bug fixes include:
- Windows Plink no longer crashes on startup when it tries to tell
you it's reusing an existing SSH connection.
- Windows PuTTY now updates its terminal window size correctly if the
screen resolution changes while it's maximised.
- If you display the coloured error messages from gcc in the PuTTY
terminal, there is no longer a missing character if a colour change
happens exactly at the end of a line.
- If you use the 'Clear Scrollback' menu option or escape sequence
while text in the scrollback is selected, it no longer causes an
assertion failure.
To generate a diff of this commit:
cvs rdiff -u -r1.58 -r1.59 pkgsrc/security/putty/Makefile
cvs rdiff -u -r1.26 -r1.27 pkgsrc/security/putty/distinfo
cvs rdiff -u -r1.2 -r1.3 pkgsrc/security/putty/patches/patch-ldisc.c \
pkgsrc/security/putty/patches/patch-timing.c \
pkgsrc/security/putty/patches/patch-unix_uxucs.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/security/putty/Makefile
diff -u pkgsrc/security/putty/Makefile:1.58 pkgsrc/security/putty/Makefile:1.59
--- pkgsrc/security/putty/Makefile:1.58 Thu Jul 25 12:50:06 2019
+++ pkgsrc/security/putty/Makefile Tue Oct 1 15:22:41 2019
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.58 2019/07/25 12:50:06 ryoon Exp $
+# $NetBSD: Makefile,v 1.59 2019/10/01 15:22:41 ryoon Exp $
#
-DISTNAME= putty-0.72
+DISTNAME= putty-0.73
CATEGORIES= security
MASTER_SITES= http://the.earth.li/~sgtatham/putty/${PKGVERSION_NOREV}/
Index: pkgsrc/security/putty/distinfo
diff -u pkgsrc/security/putty/distinfo:1.26 pkgsrc/security/putty/distinfo:1.27
--- pkgsrc/security/putty/distinfo:1.26 Thu Jul 25 12:50:06 2019
+++ pkgsrc/security/putty/distinfo Tue Oct 1 15:22:41 2019
@@ -1,14 +1,14 @@
-$NetBSD: distinfo,v 1.26 2019/07/25 12:50:06 ryoon Exp $
+$NetBSD: distinfo,v 1.27 2019/10/01 15:22:41 ryoon Exp $
-SHA1 (putty-0.72.tar.gz) = 9940e226e5b9f2da9b15109c0deabb168c92d850
-RMD160 (putty-0.72.tar.gz) = 4c3432e935a8ebc31b5c3f4770be542877f51942
-SHA512 (putty-0.72.tar.gz) = a963985e55dcd589c08ef51085808a6364629edd8ce6708ebdf516e0339a41b7f186f91d7d7f26b1fec03d60767f365246e6fa06e9ef042898355c2f90f355dd
-Size (putty-0.72.tar.gz) = 2449516 bytes
-SHA1 (patch-ldisc.c) = 9a12a0b96bdf57ae219651b38d695fa5440da354
+SHA1 (putty-0.73.tar.gz) = 17daebb82e476adfd578f6934c28f4d2c209b7d8
+RMD160 (putty-0.73.tar.gz) = 9e7c0084464963581bc47ce1b87e25ba51d27743
+SHA512 (putty-0.73.tar.gz) = 4ada4b8c6d68be44afede2676bc661fedfd1ea0b574b8232ad9aaa6f3a48baa9f4f0ded2955b3f2677a14db85a508f53c965cb00fcd7538a1ed9844031f0c5e5
+Size (putty-0.73.tar.gz) = 2459115 bytes
+SHA1 (patch-ldisc.c) = cf31a65f920a3ea9b4a70602e4b2fd4d5df8d3e8
SHA1 (patch-misc.c) = fa1c2db8eb20ceaadb4b57b6aefa57f22d2ae26f
SHA1 (patch-terminal.c) = 9e57f754bb2071c8c6b6a92ae63772eb10790121
-SHA1 (patch-timing.c) = 9dd79fde390878960e97c456628bbd5dcbcd07f9
+SHA1 (patch-timing.c) = a6a492fc8b22c58e2973c854bffa4c8bf71eb6a7
SHA1 (patch-unix_Makefile.gtk) = 7fe7859ad91afb57ef3ba31194ffd2ef784f638d
SHA1 (patch-unix_uxnet.c) = 2d1c2939721993fe5616c2fe3f1935c03a31bb35
SHA1 (patch-unix_uxpgnt.c) = b5625b33b940ea2870d3e91d38e2303a80d6887b
-SHA1 (patch-unix_uxucs.c) = a2a5021b515c3bade1126ed062bdc1eece1ca0f9
+SHA1 (patch-unix_uxucs.c) = 47791025e5375e9e8649ce24bc9efff3c7d29ab4
Index: pkgsrc/security/putty/patches/patch-ldisc.c
diff -u pkgsrc/security/putty/patches/patch-ldisc.c:1.2 pkgsrc/security/putty/patches/patch-ldisc.c:1.3
--- pkgsrc/security/putty/patches/patch-ldisc.c:1.2 Mon Apr 1 12:10:43 2019
+++ pkgsrc/security/putty/patches/patch-ldisc.c Tue Oct 1 15:22:41 2019
@@ -1,33 +1,33 @@
-$NetBSD: patch-ldisc.c,v 1.2 2019/04/01 12:10:43 ryoon Exp $
+$NetBSD: patch-ldisc.c,v 1.3 2019/10/01 15:22:41 ryoon Exp $
pwrite is a standard system call
---- ldisc.c.orig 2019-03-16 12:26:34.000000000 +0000
+--- ldisc.c.orig 2019-09-22 09:14:48.000000000 +0000
+++ ldisc.c
-@@ -42,7 +42,7 @@ static int plen(Ldisc *ldisc, unsigned c
- return 4; /* <XY> hex representation */
+@@ -40,7 +40,7 @@ static int plen(Ldisc *ldisc, unsigned c
+ return 4; /* <XY> hex representation */
}
-static void pwrite(Ldisc *ldisc, unsigned char c)
+static void pwrite_(Ldisc *ldisc, unsigned char c)
{
if ((c >= 32 && c <= 126) ||
- (!in_utf(ldisc->term) && c >= 0xA0) ||
-@@ -229,7 +229,7 @@ void ldisc_send(Ldisc *ldisc, const void
- int i;
- c_write(ldisc, "^R\r\n", 4);
- for (i = 0; i < ldisc->buflen; i++)
-- pwrite(ldisc, ldisc->buf[i]);
-+ pwrite_(ldisc, ldisc->buf[i]);
- }
- break;
- case CTRL('V'): /* quote next char */
-@@ -294,7 +294,7 @@ void ldisc_send(Ldisc *ldisc, const void
+ (!in_utf(ldisc->term) && c >= 0xA0) ||
+@@ -227,7 +227,7 @@ void ldisc_send(Ldisc *ldisc, const void
+ int i;
+ c_write(ldisc, "^R\r\n", 4);
+ for (i = 0; i < ldisc->buflen; i++)
+- pwrite(ldisc, ldisc->buf[i]);
++ pwrite_(ldisc, ldisc->buf[i]);
+ }
+ break;
+ case CTRL('V'): /* quote next char */
+@@ -292,7 +292,7 @@ void ldisc_send(Ldisc *ldisc, const void
sgrowarray(ldisc->buf, ldisc->bufsiz, ldisc->buflen);
- ldisc->buf[ldisc->buflen++] = c;
- if (ECHOING)
-- pwrite(ldisc, (unsigned char) c);
-+ pwrite_(ldisc, (unsigned char) c);
- ldisc->quotenext = false;
- break;
- }
+ ldisc->buf[ldisc->buflen++] = c;
+ if (ECHOING)
+- pwrite(ldisc, (unsigned char) c);
++ pwrite_(ldisc, (unsigned char) c);
+ ldisc->quotenext = false;
+ break;
+ }
Index: pkgsrc/security/putty/patches/patch-timing.c
diff -u pkgsrc/security/putty/patches/patch-timing.c:1.2 pkgsrc/security/putty/patches/patch-timing.c:1.3
--- pkgsrc/security/putty/patches/patch-timing.c:1.2 Wed Aug 7 11:06:39 2013
+++ pkgsrc/security/putty/patches/patch-timing.c Tue Oct 1 15:22:41 2019
@@ -1,6 +1,6 @@
-$NetBSD: patch-timing.c,v 1.2 2013/08/07 11:06:39 drochner Exp $
+$NetBSD: patch-timing.c,v 1.3 2019/10/01 15:22:41 ryoon Exp $
---- timing.c.orig 2012-09-19 22:12:00.000000000 +0000
+--- timing.c.orig 2019-09-22 09:14:51.000000000 +0000
+++ timing.c
@@ -60,19 +60,10 @@ static int compare_timers(void *av, void
* Failing that, compare on the other two fields, just so that
@@ -9,18 +9,18 @@ $NetBSD: patch-timing.c,v 1.2 2013/08/07
-#if defined(__LCC__) || defined(__clang__)
- /* lcc won't let us compare function pointers. Legal, but annoying. */
- {
-- int c = memcmp(&a->fn, &b->fn, sizeof(a->fn));
-- if (c)
-- return c;
+- int c = memcmp(&a->fn, &b->fn, sizeof(a->fn));
+- if (c)
+- return c;
- }
--#else
+-#else
- if (a->fn < b->fn)
+ if ((uintptr_t)a->fn < (uintptr_t)b->fn)
- return -1;
+ return -1;
- else if (a->fn > b->fn)
+ else if ((uintptr_t)a->fn > (uintptr_t)b->fn)
- return +1;
+ return +1;
-#endif
if (a->ctx < b->ctx)
- return -1;
+ return -1;
Index: pkgsrc/security/putty/patches/patch-unix_uxucs.c
diff -u pkgsrc/security/putty/patches/patch-unix_uxucs.c:1.2 pkgsrc/security/putty/patches/patch-unix_uxucs.c:1.3
--- pkgsrc/security/putty/patches/patch-unix_uxucs.c:1.2 Wed Aug 7 11:06:39 2013
+++ pkgsrc/security/putty/patches/patch-unix_uxucs.c Tue Oct 1 15:22:41 2019
@@ -1,13 +1,13 @@
-$NetBSD: patch-unix_uxucs.c,v 1.2 2013/08/07 11:06:39 drochner Exp $
+$NetBSD: patch-unix_uxucs.c,v 1.3 2019/10/01 15:22:41 ryoon Exp $
---- unix/uxucs.c.orig 2013-07-22 07:12:05.000000000 +0000
+--- unix/uxucs.c.orig 2019-09-22 09:14:52.000000000 +0000
+++ unix/uxucs.c
-@@ -72,7 +72,7 @@ int wc_to_mb(int codepage, int flags, co
- memset(&state, 0, sizeof state);
+@@ -68,7 +68,7 @@ int wc_to_mb(int codepage, int flags, co
+ memset(&state, 0, sizeof state);
- while (wclen > 0) {
-- int i = wcrtomb(output, wcstr[0], &state);
-+ size_t i = wcrtomb(output, wcstr[0], &state);
- if (i == (size_t)-1 || i > n - mblen)
- break;
- memcpy(mbstr+n, output, i);
+ while (wclen > 0) {
+- int i = wcrtomb(output, wcstr[0], &state);
++ size_t i = wcrtomb(output, wcstr[0], &state);
+ if (i == (size_t)-1 || i > n - mblen)
+ break;
+ memcpy(mbstr+n, output, i);
Home |
Main Index |
Thread Index |
Old Index