Log message:
Avoid using a non-literal string as format string.

Log message:
Update to 0.73

Changelog:
Vulnerabilities fixed in this release include:

 - On Windows, the listening sockets used for local port forwarding
   were opened in a mode that did not prevent other processes from
   also listening on the same ports and stealing some of the incoming
   connections.

 - In the PuTTY terminal, bracketed paste mode was broken in 0.72, in
   a way that made the pasted data look like manual keyboard input. So
   any application relying on the bracketing sequences to protect
   against malicious clipboard contents would have been misled.

 - An SSH-1 server could trigger an access to freed memory by sending
   the SSH1_MSG_DISCONNECT message. Not known to be exploitable.

Other bug fixes include:

 - Windows Plink no longer crashes on startup when it tries to tell
   you it's reusing an existing SSH connection.

 - Windows PuTTY now updates its terminal window size correctly if the
   screen resolution changes while it's maximised.

 - If you display the coloured error messages from gcc in the PuTTY
   terminal, there is no longer a missing character if a colour change
   happens exactly at the end of a line.

 - If you use the 'Clear Scrollback' menu option or escape sequence
   while text in the scrollback is selected, it no longer causes an
   assertion failure.

Log message:
Update to 0.72

Changelog:
This is a SECURITY UPDATE, fixing vulnerabilities in the obsolete SSH-1
protocol. It also includes many bug fixes over 0.71. We recommend that
everybody update.

Vulnerabilities fixed in this release include:

 - A malicious SSH-1 server could trigger a buffer overrun by sending
   extremely short RSA keys, or certain bad packet length fields.
   Either of these could happen before host key verification, so even
   if you trust the server you *intended* to connect to, you would
   still be at risk.

   (However, the SSH-1 protocol is obsolete, and recent versions of
   PuTTY do not try it by default, so you are only at risk if you work
   with old servers and have explicitly configured SSH-1.)

 - If a malicious process found a way to impersonate Pageant, then it
   could cause an integer overflow in any of the SSH client tools
   (PuTTY, Plink, PSCP, PSFTP) which accessed the malicious Pageant.

Other security-related bug fixes include:

 - The 'trust sigil' system introduced in PuTTY 0.71 to protect
   against server spoofing attacks had multiple bugs. Trust sigils
   were not turned off after login in the SSH-1 and Rlogin protocols,
   and not turned back on if you used the Restart Session command.
   Both are now fixed.

Other bug fixes include:

 - Kerberos key exchange could crash at the start of an SSH session
   in the presence of a third-party Windows provider such as
   MIT Kerberos for Windows, and could also crash if the server sent
   an ordinary SSH host key as part of the Kerberos exchange.

 - In SSH-2 keyboard-interactive authentication, one of the message
   fields sent by the server (namely the 'instructions' message) was
   accidentally never displayed to the user.

 - When using SSH-2 connection sharing, pasting text into a downstream
   PuTTY window that included a line longer than 16Kb could cause that
   window's connection to be closed.

 - When using PSCP in old-fashioned SCP mode, downloading files
   specified by a wildcard could cause a newline character to be
   appended to the downloaded file names. Also, using the -p option to
   preserve file times failed with a spurious error message.

 - On Windows, the numeric keypad key that should generate '.' or ','
   depending on keyboard layout was always generating '.'.

 - RSA keys generated by PuTTYgen could be 1 bit shorter than
   requested. (Harmless, but a regression in 0.71 compared to 0.70.)

Log message:
*: recursive bump for gdk-pixbuf2-2.38.1

Log message:
Update to 0.71

Changelog:
 These features were new in 0.70 (released 2017-07-08):

    Security fix: the Windows PuTTY binaries should no longer be
    vulnerable to hijacking by specially named DLLs in the same
    directory, even a name we missed when we thought we'd fixed
    this in 0.69. See vuln-indirect-dll-hijack-3.

    Windows PuTTY should be able to print again, after our DLL
    hijacking defences broke that functionality.

    Windows PuTTY should be able to accept keyboard input outside
    the current code page, after our DLL hijacking defences broke
    that too.

 These features are new in 0.71 (released 2019-03-16):

    Security fixes found by an EU-funded bug bounty programme:

	a remotely triggerable memory overwrite in RSA key exchange,
	which can occur before host key verification

	potential recycling of random numbers used in cryptography

	on Windows, hijacking by a malicious help file in the same
	directory as the executable

	on Unix, remotely triggerable buffer overflow in any kind
	of server-to-client forwarding

	multiple denial-of-service attacks that can be triggered
	by writing to the terminal

    Other security enhancements: major rewrite of the crypto code
    to remove cache and timing side channels.

    User interface changes to protect against fake authentication
    prompts from a malicious server.

    We now provide pre-built binaries for Windows on Arm.

    Hardware-accelerated versions of the most common cryptographic
    primitives: AES, SHA-256, SHA-1.

    GTK PuTTY now supports non-X11 displays (e.g. Wayland) and
    high-DPI configurations.

    Type-ahead now works as soon as a PuTTY window is opened:
    keystrokes typed before authentication has finished will be
    buffered instead of being dropped.

    Support for GSSAPI key exchange: an alternative to the older
    GSSAPI authentication system which can keep your forwarded
    Kerberos credentials updated during a long session.

    More choices of user interface for clipboard handling.

    New terminal features: support the REP escape sequence (fixing
    an ncurses screen redraw failure), true colour, and SGR 2 dim
    text.

    Pressing Ctrl+Shift+PgUp or Ctrl+Shift+PgDn now takes you
    straight to the top or bottom of the terminal scrollback.

Log message:
Revbump after cairo 1.16.0 update.

Log message:
Recursive revbump from hardbuzz-2.1.1

Log message:
putty: fix build after gdk_beep became deprecated.
bump pkgrevision for paranoia.

Log message:
Recursive bump for new fribidi dependency in pango.

Log message:
Recursive bumps for fontconfig and libzip dependency changes.