pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/security/putty
Module Name: pkgsrc
Committed By: ryoon
Date: Mon Apr 1 12:10:43 UTC 2019
Modified Files:
pkgsrc/security/putty: Makefile distinfo
pkgsrc/security/putty/patches: patch-ldisc.c patch-misc.c
patch-unix_Makefile.gtk
Added Files:
pkgsrc/security/putty/patches: patch-terminal.c
Removed Files:
pkgsrc/security/putty/patches: patch-unix_gtkdlg.c patch-unix_gtkwin.c
patch-windows_window.c
Log Message:
Update to 0.71
Changelog:
These features were new in 0.70 (released 2017-07-08):
Security fix: the Windows PuTTY binaries should no longer be
vulnerable to hijacking by specially named DLLs in the same
directory, even a name we missed when we thought we'd fixed
this in 0.69. See vuln-indirect-dll-hijack-3.
Windows PuTTY should be able to print again, after our DLL
hijacking defences broke that functionality.
Windows PuTTY should be able to accept keyboard input outside
the current code page, after our DLL hijacking defences broke
that too.
These features are new in 0.71 (released 2019-03-16):
Security fixes found by an EU-funded bug bounty programme:
a remotely triggerable memory overwrite in RSA key exchange,
which can occur before host key verification
potential recycling of random numbers used in cryptography
on Windows, hijacking by a malicious help file in the same
directory as the executable
on Unix, remotely triggerable buffer overflow in any kind
of server-to-client forwarding
multiple denial-of-service attacks that can be triggered
by writing to the terminal
Other security enhancements: major rewrite of the crypto code
to remove cache and timing side channels.
User interface changes to protect against fake authentication
prompts from a malicious server.
We now provide pre-built binaries for Windows on Arm.
Hardware-accelerated versions of the most common cryptographic
primitives: AES, SHA-256, SHA-1.
GTK PuTTY now supports non-X11 displays (e.g. Wayland) and
high-DPI configurations.
Type-ahead now works as soon as a PuTTY window is opened:
keystrokes typed before authentication has finished will be
buffered instead of being dropped.
Support for GSSAPI key exchange: an alternative to the older
GSSAPI authentication system which can keep your forwarded
Kerberos credentials updated during a long session.
More choices of user interface for clipboard handling.
New terminal features: support the REP escape sequence (fixing
an ncurses screen redraw failure), true colour, and SGR 2 dim
text.
Pressing Ctrl+Shift+PgUp or Ctrl+Shift+PgDn now takes you
straight to the top or bottom of the terminal scrollback.
To generate a diff of this commit:
cvs rdiff -u -r1.55 -r1.56 pkgsrc/security/putty/Makefile
cvs rdiff -u -r1.24 -r1.25 pkgsrc/security/putty/distinfo
cvs rdiff -u -r1.1 -r1.2 pkgsrc/security/putty/patches/patch-ldisc.c \
pkgsrc/security/putty/patches/patch-misc.c
cvs rdiff -u -r0 -r1.4 pkgsrc/security/putty/patches/patch-terminal.c
cvs rdiff -u -r1.2 -r1.3 \
pkgsrc/security/putty/patches/patch-unix_Makefile.gtk
cvs rdiff -u -r1.1 -r0 pkgsrc/security/putty/patches/patch-unix_gtkdlg.c
cvs rdiff -u -r1.5 -r0 pkgsrc/security/putty/patches/patch-unix_gtkwin.c
cvs rdiff -u -r1.2 -r0 pkgsrc/security/putty/patches/patch-windows_window.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/security/putty/Makefile
diff -u pkgsrc/security/putty/Makefile:1.55 pkgsrc/security/putty/Makefile:1.56
--- pkgsrc/security/putty/Makefile:1.55 Wed Nov 14 22:22:22 2018
+++ pkgsrc/security/putty/Makefile Mon Apr 1 12:10:43 2019
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.55 2018/11/14 22:22:22 kleink Exp $
+# $NetBSD: Makefile,v 1.56 2019/04/01 12:10:43 ryoon Exp $
#
-DISTNAME= putty-0.69
-PKGREVISION= 6
+DISTNAME= putty-0.71
CATEGORIES= security
MASTER_SITES= http://the.earth.li/~sgtatham/putty/${PKGVERSION_NOREV}/
Index: pkgsrc/security/putty/distinfo
diff -u pkgsrc/security/putty/distinfo:1.24 pkgsrc/security/putty/distinfo:1.25
--- pkgsrc/security/putty/distinfo:1.24 Wed Aug 1 05:34:17 2018
+++ pkgsrc/security/putty/distinfo Mon Apr 1 12:10:43 2019
@@ -1,16 +1,14 @@
-$NetBSD: distinfo,v 1.24 2018/08/01 05:34:17 maya Exp $
+$NetBSD: distinfo,v 1.25 2019/04/01 12:10:43 ryoon Exp $
-SHA1 (putty-0.69.tar.gz) = f98ec09ecba4d9a4efc66fac5c86078cef27b41a
-RMD160 (putty-0.69.tar.gz) = e120ead901dacd233885adb36afa82aaa10ad469
-SHA512 (putty-0.69.tar.gz) = 2739829adec60df5658709d61f8539d431f6b5d71b9b893fcefb2a04ac52bf2ace26f9ca784156d6540fa3f3e5858a86eb2921002b4cc05f9fbf22da7931ec2a
-Size (putty-0.69.tar.gz) = 2122306 bytes
-SHA1 (patch-ldisc.c) = e4dd89bfb2ddcb47aad46cc7c311f424aa6ab6be
-SHA1 (patch-misc.c) = fb7ba23f3c3301181d2ca7666a037f7bb3ac3f7b
+SHA1 (putty-0.71.tar.gz) = 6bc785c304aff029f28ca1bd71d8654db8f24f1a
+RMD160 (putty-0.71.tar.gz) = 0df8a21b993df7c526952fb375f0630e219da7f5
+SHA512 (putty-0.71.tar.gz) = f8791210bd5925b26d51b13f0558eea15dbac40808051165b236d6436226f5c2b0aa7d69288ed9e2bddc1066455678cfd0af73ef6b715a136c42f3b6f754ac07
+Size (putty-0.71.tar.gz) = 2423752 bytes
+SHA1 (patch-ldisc.c) = 9a12a0b96bdf57ae219651b38d695fa5440da354
+SHA1 (patch-misc.c) = fa1c2db8eb20ceaadb4b57b6aefa57f22d2ae26f
+SHA1 (patch-terminal.c) = 9e57f754bb2071c8c6b6a92ae63772eb10790121
SHA1 (patch-timing.c) = 9dd79fde390878960e97c456628bbd5dcbcd07f9
-SHA1 (patch-unix_Makefile.gtk) = 399636a9b6d445fa0cdd55c7a887efa8f03bdc94
-SHA1 (patch-unix_gtkdlg.c) = 35b60132e3882ebdfeaa5e613a12b2daeb332451
-SHA1 (patch-unix_gtkwin.c) = 0df64e21e96fd9167aaf2bc4cdc9d52d99373218
+SHA1 (patch-unix_Makefile.gtk) = 7fe7859ad91afb57ef3ba31194ffd2ef784f638d
SHA1 (patch-unix_uxnet.c) = 2d1c2939721993fe5616c2fe3f1935c03a31bb35
SHA1 (patch-unix_uxpgnt.c) = b5625b33b940ea2870d3e91d38e2303a80d6887b
SHA1 (patch-unix_uxucs.c) = a2a5021b515c3bade1126ed062bdc1eece1ca0f9
-SHA1 (patch-windows_window.c) = e851bad963967429131286c18e39d1ac4add4ae7
Index: pkgsrc/security/putty/patches/patch-ldisc.c
diff -u pkgsrc/security/putty/patches/patch-ldisc.c:1.1 pkgsrc/security/putty/patches/patch-ldisc.c:1.2
--- pkgsrc/security/putty/patches/patch-ldisc.c:1.1 Wed Feb 22 15:30:20 2012
+++ pkgsrc/security/putty/patches/patch-ldisc.c Mon Apr 1 12:10:43 2019
@@ -1,19 +1,19 @@
-$NetBSD: patch-ldisc.c,v 1.1 2012/02/22 15:30:20 wiz Exp $
+$NetBSD: patch-ldisc.c,v 1.2 2019/04/01 12:10:43 ryoon Exp $
pwrite is a standard system call
---- ldisc.c.orig 2010-09-09 14:32:25.000000000 +0000
+--- ldisc.c.orig 2019-03-16 12:26:34.000000000 +0000
+++ ldisc.c
-@@ -41,7 +41,7 @@ static int plen(Ldisc ldisc, unsigned ch
+@@ -42,7 +42,7 @@ static int plen(Ldisc *ldisc, unsigned c
return 4; /* <XY> hex representation */
}
--static void pwrite(Ldisc ldisc, unsigned char c)
-+static void pwrite_(Ldisc ldisc, unsigned char c)
+-static void pwrite(Ldisc *ldisc, unsigned char c)
++static void pwrite_(Ldisc *ldisc, unsigned char c)
{
if ((c >= 32 && c <= 126) ||
(!in_utf(ldisc->term) && c >= 0xA0) ||
-@@ -217,7 +217,7 @@ void ldisc_send(void *handle, char *buf,
+@@ -229,7 +229,7 @@ void ldisc_send(Ldisc *ldisc, const void
int i;
c_write(ldisc, "^R\r\n", 4);
for (i = 0; i < ldisc->buflen; i++)
@@ -22,12 +22,12 @@ pwrite is a standard system call
}
break;
case CTRL('V'): /* quote next char */
-@@ -284,7 +284,7 @@ void ldisc_send(void *handle, char *buf,
- }
+@@ -294,7 +294,7 @@ void ldisc_send(Ldisc *ldisc, const void
+ sgrowarray(ldisc->buf, ldisc->bufsiz, ldisc->buflen);
ldisc->buf[ldisc->buflen++] = c;
if (ECHOING)
- pwrite(ldisc, (unsigned char) c);
+ pwrite_(ldisc, (unsigned char) c);
- ldisc->quotenext = FALSE;
+ ldisc->quotenext = false;
break;
}
Index: pkgsrc/security/putty/patches/patch-misc.c
diff -u pkgsrc/security/putty/patches/patch-misc.c:1.1 pkgsrc/security/putty/patches/patch-misc.c:1.2
--- pkgsrc/security/putty/patches/patch-misc.c:1.1 Wed Apr 8 18:45:22 2015
+++ pkgsrc/security/putty/patches/patch-misc.c Mon Apr 1 12:10:43 2019
@@ -1,13 +1,13 @@
-$NetBSD: patch-misc.c,v 1.1 2015/04/08 18:45:22 ryoon Exp $
+$NetBSD: patch-misc.c,v 1.2 2019/04/01 12:10:43 ryoon Exp $
---- misc.c.orig 2015-02-28 15:33:27.000000000 +0000
+--- misc.c.orig 2019-03-16 12:26:34.000000000 +0000
+++ misc.c
-@@ -964,7 +964,7 @@ int validate_manual_hostkey(char *key)
+@@ -158,7 +158,7 @@ bool validate_manual_hostkey(char *key)
if (q[3*i+2] != ':')
goto not_fingerprint; /* sorry */
for (i = 0; i < 16*3 - 1; i++)
- key[i] = tolower(q[i]);
+ key[i] = tolower((unsigned char)(q[i]));
key[16*3 - 1] = '\0';
- return TRUE;
+ return true;
}
Index: pkgsrc/security/putty/patches/patch-unix_Makefile.gtk
diff -u pkgsrc/security/putty/patches/patch-unix_Makefile.gtk:1.2 pkgsrc/security/putty/patches/patch-unix_Makefile.gtk:1.3
--- pkgsrc/security/putty/patches/patch-unix_Makefile.gtk:1.2 Fri Mar 17 00:11:48 2017
+++ pkgsrc/security/putty/patches/patch-unix_Makefile.gtk Mon Apr 1 12:10:43 2019
@@ -1,17 +1,17 @@
-$NetBSD: patch-unix_Makefile.gtk,v 1.2 2017/03/17 00:11:48 maya Exp $
+$NetBSD: patch-unix_Makefile.gtk,v 1.3 2019/04/01 12:10:43 ryoon Exp $
Allow adding CFLAGS from the pkgsrc environment.
Use pkgsrc infrastructure for deciding on whether to link against libdl or not.
---- unix/Makefile.gtk.orig 2017-02-18 17:10:17.000000000 +0000
+--- unix/Makefile.gtk.orig 2019-03-16 12:26:40.000000000 +0000
+++ unix/Makefile.gtk
-@@ -111,14 +111,14 @@ GTK_CONFIG = sh -c 'pkg-config gtk+-3.0
+@@ -109,14 +109,14 @@ GTK_CONFIG = sh -c 'pkg-config gtk+-3.0
unexport CFLAGS # work around a weird issue with krb5-config
--CFLAGS = -O2 -Wall -Werror -g -I.././ -I../charset/ -I../windows/ -I../unix/ \
-+CFLAGS += -O2 -Wall -Werror -g -I.././ -I../charset/ -I../windows/ -I../unix/ \
- $(shell $(GTK_CONFIG) --cflags) -D _FILE_OFFSET_BITS=64
+-CFLAGS = -O2 -Wall -Werror -std=gnu99 -Wvla -g -I.././ -I../charset/ \
++CFLAGS += -O2 -Wall -Werror -std=gnu99 -Wvla -g -I.././ -I../charset/ \
+ -I../windows/ -I../unix/ $(shell $(GTK_CONFIG) --cflags) -D _FILE_OFFSET_BITS=64
XLDFLAGS = $(LDFLAGS) $(shell $(GTK_CONFIG) --libs)
ULDFLAGS = $(LDFLAGS)
ifeq (,$(findstring NO_GSSAPI,$(COMPAT)))
@@ -23,7 +23,7 @@ Use pkgsrc infrastructure for deciding o
else
CFLAGS+= -DNO_LIBDL $(shell $(KRB5CONFIG) --cflags gssapi)
XLDFLAGS+= $(shell $(KRB5CONFIG) --libs gssapi)
-@@ -128,7 +128,7 @@ endif
+@@ -126,7 +126,7 @@ endif
INSTALL=install
INSTALL_PROGRAM=$(INSTALL)
INSTALL_DATA=$(INSTALL)
Added files:
Index: pkgsrc/security/putty/patches/patch-terminal.c
diff -u /dev/null pkgsrc/security/putty/patches/patch-terminal.c:1.4
--- /dev/null Mon Apr 1 12:10:43 2019
+++ pkgsrc/security/putty/patches/patch-terminal.c Mon Apr 1 12:10:43 2019
@@ -0,0 +1,26 @@
+$NetBSD: patch-terminal.c,v 1.4 2019/04/01 12:10:43 ryoon Exp $
+
+Make the home/end keys work on BSD servers as well as Linux ones
+
+--- terminal.c.orig 2019-03-31 15:56:54.023245872 +0000
++++ terminal.c
+@@ -6746,8 +6746,17 @@ int format_small_keypad_key(char *buf, T
+ } else {
+ p += sprintf(p, "\x1B[%c", codes[code-1]);
+ }
+- } else if ((code == 1 || code == 4) && term->rxvt_homeend) {
+- p += sprintf(p, code == 1 ? "\x1B[H" : "\x1BOw");
++ } else if (code == 1 || code == 4) {
++ /* Home/End */
++ /* Send the correct XTerm or rxvt codes for home/end
++ * We used to send ^[1~ and [4~ for Xterm,
++ * but those are Linux console */
++ const char *he;
++ if (term->rxvt_homeend)
++ he = code == 1 ? "\x1B[7~" : "\x1B[8~";
++ else
++ he = code == 1 ? "\x1BOH" : "\x1BOF";
++ p += sprintf((char *) p, he);
+ } else {
+ p += sprintf(p, "\x1B[%d~", code);
+ }
Home |
Main Index |
Thread Index |
Old Index