./security/putty, Free implementation of Telnet and SSH for Win32 and Unix platforms

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 0.80, Package name: putty-0.80, Maintainer: pkgsrc-users

PuTTY is a client program for the SSH, Telnet and Rlogin network protocols.

These protocols are all used to run a remote session on a computer, over a
network. PuTTY implements the client end of that session: the end at which
the session is displayed, rather than the end at which it runs.


Required to run:
[x11/gtk3]

Required to build:
[pkgtools/x11-links] [x11/xcb-proto] [x11/fixesproto4] [pkgtools/cwrappers] [x11/xorgproto]

Package options: inet6

Master sites:

Filesize: 2765.071 KB

Version history: (Expand)


CVS history: (Expand)


   2023-12-18 16:57:00 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
putty: update to 0.80.

PuTTY version 0.80 is released
------------------------------

This is a SECURITY UPDATE. We recommend that _everybody_ upgrade, as
soon as possible.

There is one security fix in this release:

 - Fix for a newly discovered security issue known as the 'Terrapin'
   attack, also numbered CVE-2023-48795. The issue affects widely-used
   OpenSSH extensions to the SSH protocol: the ChaCha20+Poly1305
   cipher system, and 'encrypt-then-MAC' mode.

   In order to benefit from the fix, you must be using a fixed version
   of PuTTY _and_ a server with the fix, so that they can agree to
   adopt a modified version of the protocol. Alternatively, you may be
   able to reconfigure PuTTY to avoid selecting any of the affected
   modes.

   If PuTTY 0.80 connects to an SSH server without the fix, it will
   warn you if the initial protocol negotiation chooses an insecure
   mode to run the connection in, so that you can abandon the
   connection. If it's possible to alter PuTTY's configuration to
   avoid the problem, then the warning message will tell you how to do
   it.

As well as this security fix, there are two other ordinary bug fixes
in 0.80:

 - On Windows, if you installed the MSI package, PuTTY could not find
   its help file. The help file was installed, but PuTTY wouldn't be
   able to open it, so the help buttons in its dialog boxes were
   missing.

 - Sometimes, if you were looking at the terminal scrollback, the view
   position would be reset to the bottom of the scrollback unwantedly,
   if the server sent terminal output that didn't actually cause
   anything to be printed.
   2023-11-14 15:03:25 by Thomas Klausner | Files touched by this commit (1145)
Log message:
*: recursive bump for cairo dependency changes
   2023-11-12 14:24:43 by Thomas Klausner | Files touched by this commit (2570)
Log message:
*: revebump for new brotli option for freetype2

Addresses PR 57693
   2023-10-15 08:24:20 by Ryo ONODERA | Files touched by this commit (2)
Log message:
putty: Update to 0.79

Changelog:
2023-08-26 PuTTY 0.79 released

PuTTY 0.79, released today, is mostly a bug fix release, with only
minor new features in SSH and terminal mouse handling.

The most important bug fix is that we've restored the Windows
'install scope' to the way it was in 0.77 and earlier, reverting
the security workaround we had to put into 0.78. This means the
0.79 Windows installer will not uninstall 0.78 automatically, so
we recommend uninstalling 0.78 by hand first, if you have it
installed. As before, if you've ended up with both versions installed,
uninstalling them both and then running the new installer will put
everything right.
   2023-08-02 18:17:20 by Nia Alarie | Files touched by this commit (41)
Log message:
*: Use FORCE_C_STD=c99 for C packages that use for loop initial
declarations without setting -std=c99.
   2023-07-12 23:31:08 by Nia Alarie | Files touched by this commit (1)
Log message:
putty: Assumes compiler defaults to c99.
   2023-02-14 19:19:49 by Tobias Nygren | Files touched by this commit (1) | Package updated
Log message:
putty: update macOS build fix
   2023-02-14 04:28:07 by Ryo ONODERA | Files touched by this commit (7) | Package updated
Log message:
putty: Update to 0.78

Changelog:
 These features are new in 0.78 (released 2022-10-29):

    Support for OpenSSH certificates, for both user authentication keys and host \ 
keys.
    New SSH proxy modes, for running a custom shell command or subsystem on the \ 
proxy server instead of forwarding a port through it.
    New plugin system to allow a helper program to provide responses in \ 
keyboard-interactive authentication, intended to automate one-time password \ 
systems.
    Support for NTRU Prime post-quantum key exchange,
    Support for AES-GCM (in the OpenSSH style rather than RFC 5647).
    Support for more forms of Diffie-Hellman key exchange: new larger integer \ 
groups (such as group16 and group18), and support for using those and ECDH with \ 
GSSAPI.
    SSH configuration panels slightly reorganised. In particular, the \ 
configuration option 'Private key file for authentication' has moved to a new \ 
'Credentials' panel alongside controls for some of the above new features.
    Bug fix: the 32-bit Windows build now runs on Windows XP again.
    Bug fix: server-controlled window title setting now works again even if the \ 
character set is ISO 8859 (or a few other affected single-byte character sets).
    Bug fix: certain forms of OSC escape sequences (sent by some real servers) \ 
could cause PuTTY to crash.
    Bug fix: the -pwfile/-pw options no longer affect local key passphrase \ 
prompts, and no longer suppress Plink's anti-spoofing measures.
    Note: installing the 0.78 or later Windows installer will not automatically \ 
uninstall 0.77 or earlier, due to a change we've made to work around a bug. We \ 
recommend uninstalling the old version first, if possible. If both end up \ 
installed, uninstalling both and then re-installing the new version will fix \ 
things up.

These features were new in 0.77 (released 2022-05-27):

    Major improvements to network proxy support:
        Support for interactively prompting the user if the proxy server \ 
requires authentication.
        Built-in support for proxying via another SSH server, so that PuTTY will \ 
SSH to the proxy and then automatically forward a port through it to the \ 
destination host. (Similar to running plink -nc as a subprocess, but more \ 
convenient to set up, and allows you to answer interactive prompts presented by \ 
the proxy.)
        Support for HTTP Digest authentication, when talking to HTTP proxies.
    Introduced pterm.exe, a PuTTY-like wrapper program for Windows command \ 
prompts (or anything else running in a Windows console). Not yet included in the \ 
installer, but available as a .exe file from the Download page.
    Updated Unicode and bidi support to Unicode 14.0.0.
    New command-line option -pwfile, like -pw except that it reads the password \ 
from a file so that it doesn't show up on the command line.
    Windows Pageant: option --openssh-config to allow easy interoperation with \ 
Windows's ssh.exe.
    -pw (and -pwfile) now do not fall back to interactively prompting for a \ 
password if the provided password fails. (That was the original intention.)
    New configuration options for keyboard handling:
        Option to control handling of Shift + arrow keys
        Extra mode in the function-keys option, for modern xterm (v216 and above).
    Bug workaround flag to wait for the server's SSH greeting before sending our \ 
own, for servers (or proxies) that lose outgoing data before seeing any incoming \ 
data.
    Crypto update: added side-channel resistance in probabilistic RSA key generation.
    Crypto update: retired the use of short Diffie-Hellman exponents (just in case).
    Bug fix: reconfiguring remote port forwardings more than once no longer crashes.
    Bug fix: terminal output processing is now paused while handling a \ 
remote-controlled terminal resize, so that the subsequent screen redraw is \ 
interpreted relative to the new terminal size instead of the old.
    Bug fix: Windows PuTTYgen's mouse-based entropy collection now handles \ 
high-frequency mice without getting confused.
    Bug fix: Windows Pageant can now handle large numbers of concurrent \ 
connections without hanging or crashing.
    Bug fix: if Windows Pageant is started multiple times simultaneously, the \ 
instances should reliably agree on one of them to be the persistent server.
    Bug fix: remote-controlled changes of window title are now interpreted \ 
according to the configured character set.
    Bug fix: remote-controlled changes of window title no longer get confused by \ 
UTF-8 characters whose encoding includes the byte 0x9C (which terminates the \ 
control sequence in non-UTF-8 contexts).
    Bug fix: popping up the window context menu in the middle of a drag-select \ 
now no longer leaves the drag in a stuck state.
    Bug fix: extensive use of true colour in the terminal no longer slows down \ 
window redraws unnecessarily.
    Bug fix: when PSCP reports the server sending a disallowed compound \ 
pathname, it correctly reports the replacement name it's using for the \ 
downloaded file.
    Bug fix: enabling X11 forwarding in psusan failed to fall back through \ 
possible port numbers for the forwarded X display.
    For developers: migrated the build system to CMake, removing the old \ 
idiosyncratic mkfiles.pl and the autotools system.