Path to this page:
Subject: CVS commit: pkgsrc/security/putty
From: Ryo ONODERA
Date: 2020-06-29 13:49:50
Message id: 20200629114950.87045FB28@cvs.NetBSD.org
Log Message:
putty: Update to 0.74
Changelog:
This release fixes the following security issues:
- In some situations an SSH server could cause PuTTY to access freed
mdmory by pretending to accept an SSH key and then refusing the
actual signature. It can only happen if you're using an SSH agent.
- New configuration option to disable PuTTY's default policy of
changing its host key algorithm preferences to prefer keys it
already knows. (There is a theoretical information leak in this
policy.)
Other bug fixes include:
- Windows installer: the text in the installer UI is now visible in
Windows high-contrast mode. (Previously it was white on white by
mistake.)
- Windows 7: fixed spurious OS out-of-memory error when reading
passwords from a Windows console (e.g. psftp).
- Terminal crash: the dreaded "line==NULL" error could happen if an
application switched between the main and alternate screens while
the user was looking at the scrollback.
- Terminal crash: the terminal could fail an assertion when sending
an empty answerback string, and when pasting text none of whose
characters exist in the selected character set.
- SSH: fixed endless memory-allocating loop that could be triggered
by the combination of a misbehaving SSH agent and PuTTY's bug
compatibility mode for padded RSA signatures.
- File transfer: when uploading files to some SFTP servers (e.g. the
one in proftpd's mod_sftp), PSFTP would consume up to 4GB of local
memory before sending anything to the server.
- Terminal behaviour: sometimes the cursor was put in the wrong place
after restoring from the alternate screen.
- GTK: fixed font size calculation when using newer Pango libraries
(e.g. the one on Ubuntu 20.04).
- GTK: scroll wheel events now work in unusual environments like VNC.
Files: