CVS commit: pkgsrc/security/putty

["Thomas Klausner" <wiz%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   wiz
Date:           Mon Dec 18 15:57:00 UTC 2023

Modified Files:
        pkgsrc/security/putty: Makefile distinfo

Log Message:
putty: update to 0.80.

PuTTY version 0.80 is released
------------------------------

This is a SECURITY UPDATE. We recommend that _everybody_ upgrade, as
soon as possible.

There is one security fix in this release:

 - Fix for a newly discovered security issue known as the 'Terrapin'
   attack, also numbered CVE-2023-48795. The issue affects widely-used
   OpenSSH extensions to the SSH protocol: the ChaCha20+Poly1305
   cipher system, and 'encrypt-then-MAC' mode.

   In order to benefit from the fix, you must be using a fixed version
   of PuTTY _and_ a server with the fix, so that they can agree to
   adopt a modified version of the protocol. Alternatively, you may be
   able to reconfigure PuTTY to avoid selecting any of the affected
   modes.

   If PuTTY 0.80 connects to an SSH server without the fix, it will
   warn you if the initial protocol negotiation chooses an insecure
   mode to run the connection in, so that you can abandon the
   connection. If it's possible to alter PuTTY's configuration to
   avoid the problem, then the warning message will tell you how to do
   it.

As well as this security fix, there are two other ordinary bug fixes
in 0.80:

 - On Windows, if you installed the MSI package, PuTTY could not find
   its help file. The help file was installed, but PuTTY wouldn't be
   able to open it, so the help buttons in its dialog boxes were
   missing.

 - Sometimes, if you were looking at the terminal scrollback, the view
   position would be reset to the bottom of the scrollback unwantedly,
   if the server sent terminal output that didn't actually cause
   anything to be printed.


To generate a diff of this commit:
cvs rdiff -u -r1.80 -r1.81 pkgsrc/security/putty/Makefile
cvs rdiff -u -r1.36 -r1.37 pkgsrc/security/putty/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/putty/Makefile
diff -u pkgsrc/security/putty/Makefile:1.80 pkgsrc/security/putty/Makefile:1.81
--- pkgsrc/security/putty/Makefile:1.80 Tue Nov 14 14:02:49 2023
+++ pkgsrc/security/putty/Makefile      Mon Dec 18 15:57:00 2023
@@ -1,8 +1,6 @@
-# $NetBSD: Makefile,v 1.80 2023/11/14 14:02:49 wiz Exp $
-#
+# $NetBSD: Makefile,v 1.81 2023/12/18 15:57:00 wiz Exp $
 
-DISTNAME=      putty-0.79
-PKGREVISION=   2
+DISTNAME=      putty-0.80
 CATEGORIES=    security
 MASTER_SITES=  http://the.earth.li/~sgtatham/putty/${PKGVERSION_NOREV}/
 
@@ -21,7 +19,7 @@ FORCE_C_STD=  c99
 
 .include "options.mk"
 
-.if !empty(OPSYS:M*BSD) || ${OPSYS} == "DragonFly" || ${OPSYS} == "Darwin"
+.if ${OPSYS:M*BSD} || ${OPSYS} == "DragonFly" || ${OPSYS} == "Darwin"
 CFLAGS+=       -DOMIT_UTMP
 .endif
 
@@ -39,7 +37,7 @@ CFLAGS.Linux+=        -DHAVE_FUTIMES -DHAVE_NO_
 LDFLAGS.Linux+=        -ldl
 
 .include "../../x11/gtk3/buildlink3.mk"
-.if !empty(PKG_BUILD_OPTIONS.gtk3:Mquartz)
+.if ${PKG_BUILD_OPTIONS.gtk3:Mquartz}
 BUILDLINK_TRANSFORM+=  rm:-lX11 rm:-lXext
 CFLAGS+=               -DOSX_GTK
 .endif

Index: pkgsrc/security/putty/distinfo
diff -u pkgsrc/security/putty/distinfo:1.36 pkgsrc/security/putty/distinfo:1.37
--- pkgsrc/security/putty/distinfo:1.36 Sun Oct 15 06:24:19 2023
+++ pkgsrc/security/putty/distinfo      Mon Dec 18 15:57:00 2023
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.36 2023/10/15 06:24:19 ryoon Exp $
+$NetBSD: distinfo,v 1.37 2023/12/18 15:57:00 wiz Exp $
 
-BLAKE2s (putty-0.79.tar.gz) = 583f894dceafd565f2f117eb4f692bab75870426fd7a97989fa565cdfb648a99
-SHA512 (putty-0.79.tar.gz) = 4f10f870b229c89e928921d3b350955ce1c1170a062e7943d9cc8dbd83389d82a9b844623541605f0db5a429d545c2d188bf8e384c6515466fae69b216120983
-Size (putty-0.79.tar.gz) = 2826618 bytes
+BLAKE2s (putty-0.80.tar.gz) = c9e95c3ef9118d17c5c4c185db5a4c4b5d9e7dc5ff0d598e20feba674a8266ff
+SHA512 (putty-0.80.tar.gz) = c8a6b6fa54ecd8bcf4ec274fef51343dd9996e6458b250b5555c4dc88ded25e87f97277da482c29858510e65635112d541f559ab683635bd950572d850129f90
+Size (putty-0.80.tar.gz) = 2831433 bytes
 SHA1 (patch-ldisc.c) = cf31a65f920a3ea9b4a70602e4b2fd4d5df8d3e8
 SHA1 (patch-terminal.c) = 690d9021b14947ae24c68ecff6781ad255ab7a70
 SHA1 (patch-timing.c) = a6a492fc8b22c58e2973c854bffa4c8bf71eb6a7