pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/putty Update to 0.71
details: https://anonhg.NetBSD.org/pkgsrc/rev/c0a0b53375ec
branches: trunk
changeset: 394008:c0a0b53375ec
user: ryoon <ryoon%pkgsrc.org@localhost>
date: Mon Apr 01 12:10:43 2019 +0000
description:
Update to 0.71
Changelog:
These features were new in 0.70 (released 2017-07-08):
Security fix: the Windows PuTTY binaries should no longer be
vulnerable to hijacking by specially named DLLs in the same
directory, even a name we missed when we thought we'd fixed
this in 0.69. See vuln-indirect-dll-hijack-3.
Windows PuTTY should be able to print again, after our DLL
hijacking defences broke that functionality.
Windows PuTTY should be able to accept keyboard input outside
the current code page, after our DLL hijacking defences broke
that too.
These features are new in 0.71 (released 2019-03-16):
Security fixes found by an EU-funded bug bounty programme:
a remotely triggerable memory overwrite in RSA key exchange,
which can occur before host key verification
potential recycling of random numbers used in cryptography
on Windows, hijacking by a malicious help file in the same
directory as the executable
on Unix, remotely triggerable buffer overflow in any kind
of server-to-client forwarding
multiple denial-of-service attacks that can be triggered
by writing to the terminal
Other security enhancements: major rewrite of the crypto code
to remove cache and timing side channels.
User interface changes to protect against fake authentication
prompts from a malicious server.
We now provide pre-built binaries for Windows on Arm.
Hardware-accelerated versions of the most common cryptographic
primitives: AES, SHA-256, SHA-1.
GTK PuTTY now supports non-X11 displays (e.g. Wayland) and
high-DPI configurations.
Type-ahead now works as soon as a PuTTY window is opened:
keystrokes typed before authentication has finished will be
buffered instead of being dropped.
Support for GSSAPI key exchange: an alternative to the older
GSSAPI authentication system which can keep your forwarded
Kerberos credentials updated during a long session.
More choices of user interface for clipboard handling.
New terminal features: support the REP escape sequence (fixing
an ncurses screen redraw failure), true colour, and SGR 2 dim
text.
Pressing Ctrl+Shift+PgUp or Ctrl+Shift+PgDn now takes you
straight to the top or bottom of the terminal scrollback.
diffstat:
security/putty/Makefile | 5 +-
security/putty/distinfo | 20 +++++------
security/putty/patches/patch-ldisc.c | 18 +++++-----
security/putty/patches/patch-misc.c | 8 ++--
security/putty/patches/patch-terminal.c | 26 ++++++++++++++++
security/putty/patches/patch-unix_Makefile.gtk | 14 ++++----
security/putty/patches/patch-unix_gtkdlg.c | 24 --------------
security/putty/patches/patch-unix_gtkwin.c | 42 --------------------------
security/putty/patches/patch-windows_window.c | 27 ----------------
9 files changed, 57 insertions(+), 127 deletions(-)
diffs (280 lines):
diff -r 412a56048d23 -r c0a0b53375ec security/putty/Makefile
--- a/security/putty/Makefile Mon Apr 01 11:38:51 2019 +0000
+++ b/security/putty/Makefile Mon Apr 01 12:10:43 2019 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.55 2018/11/14 22:22:22 kleink Exp $
+# $NetBSD: Makefile,v 1.56 2019/04/01 12:10:43 ryoon Exp $
#
-DISTNAME= putty-0.69
-PKGREVISION= 6
+DISTNAME= putty-0.71
CATEGORIES= security
MASTER_SITES= http://the.earth.li/~sgtatham/putty/${PKGVERSION_NOREV}/
diff -r 412a56048d23 -r c0a0b53375ec security/putty/distinfo
--- a/security/putty/distinfo Mon Apr 01 11:38:51 2019 +0000
+++ b/security/putty/distinfo Mon Apr 01 12:10:43 2019 +0000
@@ -1,16 +1,14 @@
-$NetBSD: distinfo,v 1.24 2018/08/01 05:34:17 maya Exp $
+$NetBSD: distinfo,v 1.25 2019/04/01 12:10:43 ryoon Exp $
-SHA1 (putty-0.69.tar.gz) = f98ec09ecba4d9a4efc66fac5c86078cef27b41a
-RMD160 (putty-0.69.tar.gz) = e120ead901dacd233885adb36afa82aaa10ad469
-SHA512 (putty-0.69.tar.gz) = 2739829adec60df5658709d61f8539d431f6b5d71b9b893fcefb2a04ac52bf2ace26f9ca784156d6540fa3f3e5858a86eb2921002b4cc05f9fbf22da7931ec2a
-Size (putty-0.69.tar.gz) = 2122306 bytes
-SHA1 (patch-ldisc.c) = e4dd89bfb2ddcb47aad46cc7c311f424aa6ab6be
-SHA1 (patch-misc.c) = fb7ba23f3c3301181d2ca7666a037f7bb3ac3f7b
+SHA1 (putty-0.71.tar.gz) = 6bc785c304aff029f28ca1bd71d8654db8f24f1a
+RMD160 (putty-0.71.tar.gz) = 0df8a21b993df7c526952fb375f0630e219da7f5
+SHA512 (putty-0.71.tar.gz) = f8791210bd5925b26d51b13f0558eea15dbac40808051165b236d6436226f5c2b0aa7d69288ed9e2bddc1066455678cfd0af73ef6b715a136c42f3b6f754ac07
+Size (putty-0.71.tar.gz) = 2423752 bytes
+SHA1 (patch-ldisc.c) = 9a12a0b96bdf57ae219651b38d695fa5440da354
+SHA1 (patch-misc.c) = fa1c2db8eb20ceaadb4b57b6aefa57f22d2ae26f
+SHA1 (patch-terminal.c) = 9e57f754bb2071c8c6b6a92ae63772eb10790121
SHA1 (patch-timing.c) = 9dd79fde390878960e97c456628bbd5dcbcd07f9
-SHA1 (patch-unix_Makefile.gtk) = 399636a9b6d445fa0cdd55c7a887efa8f03bdc94
-SHA1 (patch-unix_gtkdlg.c) = 35b60132e3882ebdfeaa5e613a12b2daeb332451
-SHA1 (patch-unix_gtkwin.c) = 0df64e21e96fd9167aaf2bc4cdc9d52d99373218
+SHA1 (patch-unix_Makefile.gtk) = 7fe7859ad91afb57ef3ba31194ffd2ef784f638d
SHA1 (patch-unix_uxnet.c) = 2d1c2939721993fe5616c2fe3f1935c03a31bb35
SHA1 (patch-unix_uxpgnt.c) = b5625b33b940ea2870d3e91d38e2303a80d6887b
SHA1 (patch-unix_uxucs.c) = a2a5021b515c3bade1126ed062bdc1eece1ca0f9
-SHA1 (patch-windows_window.c) = e851bad963967429131286c18e39d1ac4add4ae7
diff -r 412a56048d23 -r c0a0b53375ec security/putty/patches/patch-ldisc.c
--- a/security/putty/patches/patch-ldisc.c Mon Apr 01 11:38:51 2019 +0000
+++ b/security/putty/patches/patch-ldisc.c Mon Apr 01 12:10:43 2019 +0000
@@ -1,19 +1,19 @@
-$NetBSD: patch-ldisc.c,v 1.1 2012/02/22 15:30:20 wiz Exp $
+$NetBSD: patch-ldisc.c,v 1.2 2019/04/01 12:10:43 ryoon Exp $
pwrite is a standard system call
---- ldisc.c.orig 2010-09-09 14:32:25.000000000 +0000
+--- ldisc.c.orig 2019-03-16 12:26:34.000000000 +0000
+++ ldisc.c
-@@ -41,7 +41,7 @@ static int plen(Ldisc ldisc, unsigned ch
+@@ -42,7 +42,7 @@ static int plen(Ldisc *ldisc, unsigned c
return 4; /* <XY> hex representation */
}
--static void pwrite(Ldisc ldisc, unsigned char c)
-+static void pwrite_(Ldisc ldisc, unsigned char c)
+-static void pwrite(Ldisc *ldisc, unsigned char c)
++static void pwrite_(Ldisc *ldisc, unsigned char c)
{
if ((c >= 32 && c <= 126) ||
(!in_utf(ldisc->term) && c >= 0xA0) ||
-@@ -217,7 +217,7 @@ void ldisc_send(void *handle, char *buf,
+@@ -229,7 +229,7 @@ void ldisc_send(Ldisc *ldisc, const void
int i;
c_write(ldisc, "^R\r\n", 4);
for (i = 0; i < ldisc->buflen; i++)
@@ -22,12 +22,12 @@
}
break;
case CTRL('V'): /* quote next char */
-@@ -284,7 +284,7 @@ void ldisc_send(void *handle, char *buf,
- }
+@@ -294,7 +294,7 @@ void ldisc_send(Ldisc *ldisc, const void
+ sgrowarray(ldisc->buf, ldisc->bufsiz, ldisc->buflen);
ldisc->buf[ldisc->buflen++] = c;
if (ECHOING)
- pwrite(ldisc, (unsigned char) c);
+ pwrite_(ldisc, (unsigned char) c);
- ldisc->quotenext = FALSE;
+ ldisc->quotenext = false;
break;
}
diff -r 412a56048d23 -r c0a0b53375ec security/putty/patches/patch-misc.c
--- a/security/putty/patches/patch-misc.c Mon Apr 01 11:38:51 2019 +0000
+++ b/security/putty/patches/patch-misc.c Mon Apr 01 12:10:43 2019 +0000
@@ -1,13 +1,13 @@
-$NetBSD: patch-misc.c,v 1.1 2015/04/08 18:45:22 ryoon Exp $
+$NetBSD: patch-misc.c,v 1.2 2019/04/01 12:10:43 ryoon Exp $
---- misc.c.orig 2015-02-28 15:33:27.000000000 +0000
+--- misc.c.orig 2019-03-16 12:26:34.000000000 +0000
+++ misc.c
-@@ -964,7 +964,7 @@ int validate_manual_hostkey(char *key)
+@@ -158,7 +158,7 @@ bool validate_manual_hostkey(char *key)
if (q[3*i+2] != ':')
goto not_fingerprint; /* sorry */
for (i = 0; i < 16*3 - 1; i++)
- key[i] = tolower(q[i]);
+ key[i] = tolower((unsigned char)(q[i]));
key[16*3 - 1] = '\0';
- return TRUE;
+ return true;
}
diff -r 412a56048d23 -r c0a0b53375ec security/putty/patches/patch-terminal.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/putty/patches/patch-terminal.c Mon Apr 01 12:10:43 2019 +0000
@@ -0,0 +1,26 @@
+$NetBSD: patch-terminal.c,v 1.4 2019/04/01 12:10:43 ryoon Exp $
+
+Make the home/end keys work on BSD servers as well as Linux ones
+
+--- terminal.c.orig 2019-03-31 15:56:54.023245872 +0000
++++ terminal.c
+@@ -6746,8 +6746,17 @@ int format_small_keypad_key(char *buf, T
+ } else {
+ p += sprintf(p, "\x1B[%c", codes[code-1]);
+ }
+- } else if ((code == 1 || code == 4) && term->rxvt_homeend) {
+- p += sprintf(p, code == 1 ? "\x1B[H" : "\x1BOw");
++ } else if (code == 1 || code == 4) {
++ /* Home/End */
++ /* Send the correct XTerm or rxvt codes for home/end
++ * We used to send ^[1~ and [4~ for Xterm,
++ * but those are Linux console */
++ const char *he;
++ if (term->rxvt_homeend)
++ he = code == 1 ? "\x1B[7~" : "\x1B[8~";
++ else
++ he = code == 1 ? "\x1BOH" : "\x1BOF";
++ p += sprintf((char *) p, he);
+ } else {
+ p += sprintf(p, "\x1B[%d~", code);
+ }
diff -r 412a56048d23 -r c0a0b53375ec security/putty/patches/patch-unix_Makefile.gtk
--- a/security/putty/patches/patch-unix_Makefile.gtk Mon Apr 01 11:38:51 2019 +0000
+++ b/security/putty/patches/patch-unix_Makefile.gtk Mon Apr 01 12:10:43 2019 +0000
@@ -1,17 +1,17 @@
-$NetBSD: patch-unix_Makefile.gtk,v 1.2 2017/03/17 00:11:48 maya Exp $
+$NetBSD: patch-unix_Makefile.gtk,v 1.3 2019/04/01 12:10:43 ryoon Exp $
Allow adding CFLAGS from the pkgsrc environment.
Use pkgsrc infrastructure for deciding on whether to link against libdl or not.
---- unix/Makefile.gtk.orig 2017-02-18 17:10:17.000000000 +0000
+--- unix/Makefile.gtk.orig 2019-03-16 12:26:40.000000000 +0000
+++ unix/Makefile.gtk
-@@ -111,14 +111,14 @@ GTK_CONFIG = sh -c 'pkg-config gtk+-3.0
+@@ -109,14 +109,14 @@ GTK_CONFIG = sh -c 'pkg-config gtk+-3.0
unexport CFLAGS # work around a weird issue with krb5-config
--CFLAGS = -O2 -Wall -Werror -g -I.././ -I../charset/ -I../windows/ -I../unix/ \
-+CFLAGS += -O2 -Wall -Werror -g -I.././ -I../charset/ -I../windows/ -I../unix/ \
- $(shell $(GTK_CONFIG) --cflags) -D _FILE_OFFSET_BITS=64
+-CFLAGS = -O2 -Wall -Werror -std=gnu99 -Wvla -g -I.././ -I../charset/ \
++CFLAGS += -O2 -Wall -Werror -std=gnu99 -Wvla -g -I.././ -I../charset/ \
+ -I../windows/ -I../unix/ $(shell $(GTK_CONFIG) --cflags) -D _FILE_OFFSET_BITS=64
XLDFLAGS = $(LDFLAGS) $(shell $(GTK_CONFIG) --libs)
ULDFLAGS = $(LDFLAGS)
ifeq (,$(findstring NO_GSSAPI,$(COMPAT)))
@@ -23,7 +23,7 @@
else
CFLAGS+= -DNO_LIBDL $(shell $(KRB5CONFIG) --cflags gssapi)
XLDFLAGS+= $(shell $(KRB5CONFIG) --libs gssapi)
-@@ -128,7 +128,7 @@ endif
+@@ -126,7 +126,7 @@ endif
INSTALL=install
INSTALL_PROGRAM=$(INSTALL)
INSTALL_DATA=$(INSTALL)
diff -r 412a56048d23 -r c0a0b53375ec security/putty/patches/patch-unix_gtkdlg.c
--- a/security/putty/patches/patch-unix_gtkdlg.c Mon Apr 01 11:38:51 2019 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,24 +0,0 @@
-$NetBSD: patch-unix_gtkdlg.c,v 1.1 2018/08/01 05:34:18 maya Exp $
-
-gdk_beep deprecated, replace with gdk_display_beep.
-
---- unix/gtkdlg.c.orig 2017-04-24 13:52:45.000000000 +0000
-+++ unix/gtkdlg.c
-@@ -1037,7 +1037,7 @@ void dlg_set_focus(union control *ctrl,
- */
- void dlg_beep(void *dlg)
- {
-- gdk_beep();
-+ gdk_display_beep(gdk_display_get_default());
- }
-
- #if !GTK_CHECK_VERSION(3,0,0)
-@@ -1491,7 +1491,7 @@ static void draglist_move(struct dlgpara
- if ((index < 0) ||
- (index == 0 && direction < 0) ||
- (index == g_list_length(children)-1 && direction > 0)) {
-- gdk_beep();
-+ gdk_display_beep(gdk_display_get_default());
- return;
- }
-
diff -r 412a56048d23 -r c0a0b53375ec security/putty/patches/patch-unix_gtkwin.c
--- a/security/putty/patches/patch-unix_gtkwin.c Mon Apr 01 11:38:51 2019 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,42 +0,0 @@
-$NetBSD: patch-unix_gtkwin.c,v 1.5 2018/08/01 05:34:18 maya Exp $
-
-Make the home/end keys work on BSD servers as well as Linux ones
-gdk_beep deprecated, use gdk_display_beep.
-
---- unix/gtkwin.c.orig 2017-04-24 13:52:45.000000000 +0000
-+++ unix/gtkwin.c
-@@ -1586,13 +1586,21 @@ gint key_event(GtkWidget *widget, GdkEve
- use_ucsoutput = FALSE;
- goto done;
- }
-- if ((code == 1 || code == 4) &&
-- conf_get_int(inst->conf, CONF_rxvt_homeend)) {
-+ /* Home/End */
-+ if (code == 1 || code == 4) {
- #ifdef KEY_EVENT_DIAGNOSTICS
- debug((" - rxvt style Home/End"));
- #endif
-- end = 1 + sprintf(output+1, code == 1 ? "\x1B[H" : "\x1BOw");
-- use_ucsoutput = FALSE;
-+ /* Send the correct XTerm or rxvt codes for home/end
-+ * We used to send ^[1~ and [4~ for Xterm,
-+ * but those are Linux console */
-+ const char *he;
-+ if (conf_get_int(inst->conf, CONF_rxvt_homeend))
-+ he = code == 1 ? "\x1B[7~" : "\x1B[8~";
-+ else
-+ he = code == 1 ? "\x1BOH" : "\x1BOF";
-+ end = 1 + sprintf(output+1, "%s", he);
-+
- goto done;
- }
- if (code) {
-@@ -2921,7 +2929,7 @@ void sys_cursor(void *frontend, int x, i
- void do_beep(void *frontend, int mode)
- {
- if (mode == BELL_DEFAULT)
-- gdk_beep();
-+ gdk_display_beep(gdk_display_get_default());
- }
-
- int char_width(Context ctx, int uc)
diff -r 412a56048d23 -r c0a0b53375ec security/putty/patches/patch-windows_window.c
--- a/security/putty/patches/patch-windows_window.c Mon Apr 01 11:38:51 2019 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,27 +0,0 @@
-$NetBSD: patch-windows_window.c,v 1.2 2013/08/07 11:06:39 drochner Exp $
-
-Make the home/end keys work on BSD servers as well as Linux ones
-
---- windows/window.c.orig 2013-08-04 19:32:10.000000000 +0000
-+++ windows/window.c
-@@ -4520,9 +4520,17 @@ static int TranslateKey(UINT message, WP
- p += sprintf((char *) p, "\x1BO%c", code + 'P' - 11);
- return p - output;
- }
-- if ((code == 1 || code == 4) &&
-- conf_get_int(conf, CONF_rxvt_homeend)) {
-- p += sprintf((char *) p, code == 1 ? "\x1B[H" : "\x1BOw");
-+ /* Home/End */
-+ if (code == 1 || code == 4) {
-+ /* Send the correct XTerm or rxvt codes for home/end
-+ * We used to send ^[1~ and [4~ for Xterm,
-+ * but those are Linux console */
-+ const char *he;
-+ if (conf_get_int(conf, CONF_rxvt_homeend))
-+ he = code == 1 ? "\x1B[7~" : "\x1B[8~";
-+ else
-+ he = code == 1 ? "\x1BOH" : "\x1BOF";
-+ p += sprintf((char *) p, he);
- return p - output;
- }
- if (code) {
Home |
Main Index |
Thread Index |
Old Index