pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security/putty Update to 0.71



details:   https://anonhg.NetBSD.org/pkgsrc/rev/c0a0b53375ec
branches:  trunk
changeset: 394008:c0a0b53375ec
user:      ryoon <ryoon%pkgsrc.org@localhost>
date:      Mon Apr 01 12:10:43 2019 +0000

description:
Update to 0.71

Changelog:
 These features were new in 0.70 (released 2017-07-08):

    Security fix: the Windows PuTTY binaries should no longer be
    vulnerable to hijacking by specially named DLLs in the same
    directory, even a name we missed when we thought we'd fixed
    this in 0.69. See vuln-indirect-dll-hijack-3.

    Windows PuTTY should be able to print again, after our DLL
    hijacking defences broke that functionality.

    Windows PuTTY should be able to accept keyboard input outside
    the current code page, after our DLL hijacking defences broke
    that too.


 These features are new in 0.71 (released 2019-03-16):

    Security fixes found by an EU-funded bug bounty programme:

        a remotely triggerable memory overwrite in RSA key exchange,
        which can occur before host key verification

        potential recycling of random numbers used in cryptography

        on Windows, hijacking by a malicious help file in the same
        directory as the executable

        on Unix, remotely triggerable buffer overflow in any kind
        of server-to-client forwarding

        multiple denial-of-service attacks that can be triggered
        by writing to the terminal

    Other security enhancements: major rewrite of the crypto code
    to remove cache and timing side channels.

    User interface changes to protect against fake authentication
    prompts from a malicious server.

    We now provide pre-built binaries for Windows on Arm.

    Hardware-accelerated versions of the most common cryptographic
    primitives: AES, SHA-256, SHA-1.

    GTK PuTTY now supports non-X11 displays (e.g. Wayland) and
    high-DPI configurations.

    Type-ahead now works as soon as a PuTTY window is opened:
    keystrokes typed before authentication has finished will be
    buffered instead of being dropped.

    Support for GSSAPI key exchange: an alternative to the older
    GSSAPI authentication system which can keep your forwarded
    Kerberos credentials updated during a long session.

    More choices of user interface for clipboard handling.

    New terminal features: support the REP escape sequence (fixing
    an ncurses screen redraw failure), true colour, and SGR 2 dim
    text.

    Pressing Ctrl+Shift+PgUp or Ctrl+Shift+PgDn now takes you
    straight to the top or bottom of the terminal scrollback.

diffstat:

 security/putty/Makefile                        |   5 +-
 security/putty/distinfo                        |  20 +++++------
 security/putty/patches/patch-ldisc.c           |  18 +++++-----
 security/putty/patches/patch-misc.c            |   8 ++--
 security/putty/patches/patch-terminal.c        |  26 ++++++++++++++++
 security/putty/patches/patch-unix_Makefile.gtk |  14 ++++----
 security/putty/patches/patch-unix_gtkdlg.c     |  24 --------------
 security/putty/patches/patch-unix_gtkwin.c     |  42 --------------------------
 security/putty/patches/patch-windows_window.c  |  27 ----------------
 9 files changed, 57 insertions(+), 127 deletions(-)

diffs (280 lines):

diff -r 412a56048d23 -r c0a0b53375ec security/putty/Makefile
--- a/security/putty/Makefile   Mon Apr 01 11:38:51 2019 +0000
+++ b/security/putty/Makefile   Mon Apr 01 12:10:43 2019 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.55 2018/11/14 22:22:22 kleink Exp $
+# $NetBSD: Makefile,v 1.56 2019/04/01 12:10:43 ryoon Exp $
 #
 
-DISTNAME=      putty-0.69
-PKGREVISION=   6
+DISTNAME=      putty-0.71
 CATEGORIES=    security
 MASTER_SITES=  http://the.earth.li/~sgtatham/putty/${PKGVERSION_NOREV}/
 
diff -r 412a56048d23 -r c0a0b53375ec security/putty/distinfo
--- a/security/putty/distinfo   Mon Apr 01 11:38:51 2019 +0000
+++ b/security/putty/distinfo   Mon Apr 01 12:10:43 2019 +0000
@@ -1,16 +1,14 @@
-$NetBSD: distinfo,v 1.24 2018/08/01 05:34:17 maya Exp $
+$NetBSD: distinfo,v 1.25 2019/04/01 12:10:43 ryoon Exp $
 
-SHA1 (putty-0.69.tar.gz) = f98ec09ecba4d9a4efc66fac5c86078cef27b41a
-RMD160 (putty-0.69.tar.gz) = e120ead901dacd233885adb36afa82aaa10ad469
-SHA512 (putty-0.69.tar.gz) = 2739829adec60df5658709d61f8539d431f6b5d71b9b893fcefb2a04ac52bf2ace26f9ca784156d6540fa3f3e5858a86eb2921002b4cc05f9fbf22da7931ec2a
-Size (putty-0.69.tar.gz) = 2122306 bytes
-SHA1 (patch-ldisc.c) = e4dd89bfb2ddcb47aad46cc7c311f424aa6ab6be
-SHA1 (patch-misc.c) = fb7ba23f3c3301181d2ca7666a037f7bb3ac3f7b
+SHA1 (putty-0.71.tar.gz) = 6bc785c304aff029f28ca1bd71d8654db8f24f1a
+RMD160 (putty-0.71.tar.gz) = 0df8a21b993df7c526952fb375f0630e219da7f5
+SHA512 (putty-0.71.tar.gz) = f8791210bd5925b26d51b13f0558eea15dbac40808051165b236d6436226f5c2b0aa7d69288ed9e2bddc1066455678cfd0af73ef6b715a136c42f3b6f754ac07
+Size (putty-0.71.tar.gz) = 2423752 bytes
+SHA1 (patch-ldisc.c) = 9a12a0b96bdf57ae219651b38d695fa5440da354
+SHA1 (patch-misc.c) = fa1c2db8eb20ceaadb4b57b6aefa57f22d2ae26f
+SHA1 (patch-terminal.c) = 9e57f754bb2071c8c6b6a92ae63772eb10790121
 SHA1 (patch-timing.c) = 9dd79fde390878960e97c456628bbd5dcbcd07f9
-SHA1 (patch-unix_Makefile.gtk) = 399636a9b6d445fa0cdd55c7a887efa8f03bdc94
-SHA1 (patch-unix_gtkdlg.c) = 35b60132e3882ebdfeaa5e613a12b2daeb332451
-SHA1 (patch-unix_gtkwin.c) = 0df64e21e96fd9167aaf2bc4cdc9d52d99373218
+SHA1 (patch-unix_Makefile.gtk) = 7fe7859ad91afb57ef3ba31194ffd2ef784f638d
 SHA1 (patch-unix_uxnet.c) = 2d1c2939721993fe5616c2fe3f1935c03a31bb35
 SHA1 (patch-unix_uxpgnt.c) = b5625b33b940ea2870d3e91d38e2303a80d6887b
 SHA1 (patch-unix_uxucs.c) = a2a5021b515c3bade1126ed062bdc1eece1ca0f9
-SHA1 (patch-windows_window.c) = e851bad963967429131286c18e39d1ac4add4ae7
diff -r 412a56048d23 -r c0a0b53375ec security/putty/patches/patch-ldisc.c
--- a/security/putty/patches/patch-ldisc.c      Mon Apr 01 11:38:51 2019 +0000
+++ b/security/putty/patches/patch-ldisc.c      Mon Apr 01 12:10:43 2019 +0000
@@ -1,19 +1,19 @@
-$NetBSD: patch-ldisc.c,v 1.1 2012/02/22 15:30:20 wiz Exp $
+$NetBSD: patch-ldisc.c,v 1.2 2019/04/01 12:10:43 ryoon Exp $
 
 pwrite is a standard system call
 
---- ldisc.c.orig       2010-09-09 14:32:25.000000000 +0000
+--- ldisc.c.orig       2019-03-16 12:26:34.000000000 +0000
 +++ ldisc.c
-@@ -41,7 +41,7 @@ static int plen(Ldisc ldisc, unsigned ch
+@@ -42,7 +42,7 @@ static int plen(Ldisc *ldisc, unsigned c
        return 4;                      /* <XY> hex representation */
  }
  
--static void pwrite(Ldisc ldisc, unsigned char c)
-+static void pwrite_(Ldisc ldisc, unsigned char c)
+-static void pwrite(Ldisc *ldisc, unsigned char c)
++static void pwrite_(Ldisc *ldisc, unsigned char c)
  {
      if ((c >= 32 && c <= 126) ||
        (!in_utf(ldisc->term) && c >= 0xA0) ||
-@@ -217,7 +217,7 @@ void ldisc_send(void *handle, char *buf,
+@@ -229,7 +229,7 @@ void ldisc_send(Ldisc *ldisc, const void
                    int i;
                    c_write(ldisc, "^R\r\n", 4);
                    for (i = 0; i < ldisc->buflen; i++)
@@ -22,12 +22,12 @@
                }
                break;
              case CTRL('V'):          /* quote next char */
-@@ -284,7 +284,7 @@ void ldisc_send(void *handle, char *buf,
-               }
+@@ -294,7 +294,7 @@ void ldisc_send(Ldisc *ldisc, const void
+                 sgrowarray(ldisc->buf, ldisc->bufsiz, ldisc->buflen);
                ldisc->buf[ldisc->buflen++] = c;
                if (ECHOING)
 -                  pwrite(ldisc, (unsigned char) c);
 +                  pwrite_(ldisc, (unsigned char) c);
-               ldisc->quotenext = FALSE;
+               ldisc->quotenext = false;
                break;
            }
diff -r 412a56048d23 -r c0a0b53375ec security/putty/patches/patch-misc.c
--- a/security/putty/patches/patch-misc.c       Mon Apr 01 11:38:51 2019 +0000
+++ b/security/putty/patches/patch-misc.c       Mon Apr 01 12:10:43 2019 +0000
@@ -1,13 +1,13 @@
-$NetBSD: patch-misc.c,v 1.1 2015/04/08 18:45:22 ryoon Exp $
+$NetBSD: patch-misc.c,v 1.2 2019/04/01 12:10:43 ryoon Exp $
 
---- misc.c.orig        2015-02-28 15:33:27.000000000 +0000
+--- misc.c.orig        2019-03-16 12:26:34.000000000 +0000
 +++ misc.c
-@@ -964,7 +964,7 @@ int validate_manual_hostkey(char *key)
+@@ -158,7 +158,7 @@ bool validate_manual_hostkey(char *key)
                  if (q[3*i+2] != ':')
                      goto not_fingerprint; /* sorry */
              for (i = 0; i < 16*3 - 1; i++)
 -                key[i] = tolower(q[i]);
 +                key[i] = tolower((unsigned char)(q[i]));
              key[16*3 - 1] = '\0';
-             return TRUE;
+             return true;
          }
diff -r 412a56048d23 -r c0a0b53375ec security/putty/patches/patch-terminal.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/putty/patches/patch-terminal.c   Mon Apr 01 12:10:43 2019 +0000
@@ -0,0 +1,26 @@
+$NetBSD: patch-terminal.c,v 1.4 2019/04/01 12:10:43 ryoon Exp $
+
+Make the home/end keys work on BSD servers as well as Linux ones
+
+--- terminal.c.orig    2019-03-31 15:56:54.023245872 +0000
++++ terminal.c
+@@ -6746,8 +6746,17 @@ int format_small_keypad_key(char *buf, T
+         } else {
+             p += sprintf(p, "\x1B[%c", codes[code-1]);
+         }
+-    } else if ((code == 1 || code == 4) && term->rxvt_homeend) {
+-        p += sprintf(p, code == 1 ? "\x1B[H" : "\x1BOw");
++    } else if (code == 1 || code == 4) {
++      /* Home/End */
++      /* Send the correct XTerm or rxvt codes for home/end
++       * We used to send ^[1~ and [4~ for Xterm,
++       * but those are Linux console */
++      const char *he;
++      if (term->rxvt_homeend)
++          he = code == 1 ? "\x1B[7~" : "\x1B[8~";
++      else
++          he = code == 1 ? "\x1BOH" : "\x1BOF";
++      p += sprintf((char *) p, he);
+     } else {
+         p += sprintf(p, "\x1B[%d~", code);
+     }
diff -r 412a56048d23 -r c0a0b53375ec security/putty/patches/patch-unix_Makefile.gtk
--- a/security/putty/patches/patch-unix_Makefile.gtk    Mon Apr 01 11:38:51 2019 +0000
+++ b/security/putty/patches/patch-unix_Makefile.gtk    Mon Apr 01 12:10:43 2019 +0000
@@ -1,17 +1,17 @@
-$NetBSD: patch-unix_Makefile.gtk,v 1.2 2017/03/17 00:11:48 maya Exp $
+$NetBSD: patch-unix_Makefile.gtk,v 1.3 2019/04/01 12:10:43 ryoon Exp $
 
 Allow adding CFLAGS from the pkgsrc environment.
 Use pkgsrc infrastructure for deciding on whether to link against libdl or not.
 
---- unix/Makefile.gtk.orig     2017-02-18 17:10:17.000000000 +0000
+--- unix/Makefile.gtk.orig     2019-03-16 12:26:40.000000000 +0000
 +++ unix/Makefile.gtk
-@@ -111,14 +111,14 @@ GTK_CONFIG = sh -c 'pkg-config gtk+-3.0 
+@@ -109,14 +109,14 @@ GTK_CONFIG = sh -c 'pkg-config gtk+-3.0 
  
  unexport CFLAGS # work around a weird issue with krb5-config
  
--CFLAGS = -O2 -Wall -Werror -g -I.././ -I../charset/ -I../windows/ -I../unix/ \
-+CFLAGS += -O2 -Wall -Werror -g -I.././ -I../charset/ -I../windows/ -I../unix/ \
-               $(shell $(GTK_CONFIG) --cflags) -D _FILE_OFFSET_BITS=64
+-CFLAGS = -O2 -Wall -Werror -std=gnu99 -Wvla -g -I.././ -I../charset/ \
++CFLAGS += -O2 -Wall -Werror -std=gnu99 -Wvla -g -I.././ -I../charset/ \
+               -I../windows/ -I../unix/ $(shell $(GTK_CONFIG) --cflags) -D _FILE_OFFSET_BITS=64
  XLDFLAGS = $(LDFLAGS) $(shell $(GTK_CONFIG) --libs)
  ULDFLAGS = $(LDFLAGS)
  ifeq (,$(findstring NO_GSSAPI,$(COMPAT)))
@@ -23,7 +23,7 @@
  else
  CFLAGS+= -DNO_LIBDL $(shell $(KRB5CONFIG) --cflags gssapi)
  XLDFLAGS+= $(shell $(KRB5CONFIG) --libs gssapi)
-@@ -128,7 +128,7 @@ endif
+@@ -126,7 +126,7 @@ endif
  INSTALL=install
  INSTALL_PROGRAM=$(INSTALL)
  INSTALL_DATA=$(INSTALL)
diff -r 412a56048d23 -r c0a0b53375ec security/putty/patches/patch-unix_gtkdlg.c
--- a/security/putty/patches/patch-unix_gtkdlg.c        Mon Apr 01 11:38:51 2019 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,24 +0,0 @@
-$NetBSD: patch-unix_gtkdlg.c,v 1.1 2018/08/01 05:34:18 maya Exp $
-
-gdk_beep deprecated, replace with gdk_display_beep.
-
---- unix/gtkdlg.c.orig 2017-04-24 13:52:45.000000000 +0000
-+++ unix/gtkdlg.c
-@@ -1037,7 +1037,7 @@ void dlg_set_focus(union control *ctrl, 
-  */
- void dlg_beep(void *dlg)
- {
--    gdk_beep();
-+    gdk_display_beep(gdk_display_get_default());
- }
- 
- #if !GTK_CHECK_VERSION(3,0,0)
-@@ -1491,7 +1491,7 @@ static void draglist_move(struct dlgpara
-     if ((index < 0) ||
-       (index == 0 && direction < 0) ||
-       (index == g_list_length(children)-1 && direction > 0)) {
--      gdk_beep();
-+      gdk_display_beep(gdk_display_get_default());
-       return;
-     }
- 
diff -r 412a56048d23 -r c0a0b53375ec security/putty/patches/patch-unix_gtkwin.c
--- a/security/putty/patches/patch-unix_gtkwin.c        Mon Apr 01 11:38:51 2019 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,42 +0,0 @@
-$NetBSD: patch-unix_gtkwin.c,v 1.5 2018/08/01 05:34:18 maya Exp $
-
-Make the home/end keys work on BSD servers as well as Linux ones
-gdk_beep deprecated, use gdk_display_beep.
-
---- unix/gtkwin.c.orig 2017-04-24 13:52:45.000000000 +0000
-+++ unix/gtkwin.c
-@@ -1586,13 +1586,21 @@ gint key_event(GtkWidget *widget, GdkEve
-               use_ucsoutput = FALSE;
-               goto done;
-           }
--          if ((code == 1 || code == 4) &&
--              conf_get_int(inst->conf, CONF_rxvt_homeend)) {
-+          /* Home/End */
-+          if (code == 1 || code == 4) {
- #ifdef KEY_EVENT_DIAGNOSTICS
-                 debug((" - rxvt style Home/End"));
- #endif
--              end = 1 + sprintf(output+1, code == 1 ? "\x1B[H" : "\x1BOw");
--              use_ucsoutput = FALSE;
-+              /* Send the correct XTerm or rxvt codes for home/end
-+               * We used to send ^[1~ and [4~ for Xterm,
-+               * but those are Linux console */
-+              const char *he;
-+              if (conf_get_int(inst->conf, CONF_rxvt_homeend))
-+                  he = code == 1 ? "\x1B[7~" : "\x1B[8~";
-+              else
-+                  he = code == 1 ? "\x1BOH" : "\x1BOF";
-+              end = 1 + sprintf(output+1, "%s", he);
-+
-               goto done;
-           }
-           if (code) {
-@@ -2921,7 +2929,7 @@ void sys_cursor(void *frontend, int x, i
- void do_beep(void *frontend, int mode)
- {
-     if (mode == BELL_DEFAULT)
--      gdk_beep();
-+      gdk_display_beep(gdk_display_get_default());
- }
- 
- int char_width(Context ctx, int uc)
diff -r 412a56048d23 -r c0a0b53375ec security/putty/patches/patch-windows_window.c
--- a/security/putty/patches/patch-windows_window.c     Mon Apr 01 11:38:51 2019 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,27 +0,0 @@
-$NetBSD: patch-windows_window.c,v 1.2 2013/08/07 11:06:39 drochner Exp $
-
-Make the home/end keys work on BSD servers as well as Linux ones
-
---- windows/window.c.orig      2013-08-04 19:32:10.000000000 +0000
-+++ windows/window.c
-@@ -4520,9 +4520,17 @@ static int TranslateKey(UINT message, WP
-               p += sprintf((char *) p, "\x1BO%c", code + 'P' - 11);
-           return p - output;
-       }
--      if ((code == 1 || code == 4) &&
--          conf_get_int(conf, CONF_rxvt_homeend)) {
--          p += sprintf((char *) p, code == 1 ? "\x1B[H" : "\x1BOw");
-+      /* Home/End */
-+      if (code == 1 || code == 4) {
-+          /* Send the correct XTerm or rxvt codes for home/end
-+           * We used to send ^[1~ and [4~ for Xterm,
-+             * but those are Linux console */
-+          const char *he;
-+          if (conf_get_int(conf, CONF_rxvt_homeend))
-+              he = code == 1 ? "\x1B[7~" : "\x1B[8~";
-+          else
-+              he = code == 1 ? "\x1BOH" : "\x1BOF";
-+          p += sprintf((char *) p, he);
-           return p - output;
-       }
-       if (code) {



Home | Main Index | Thread Index | Old Index