./security/putty, Free implementation of Telnet and SSH for Win32 and Unix platforms

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 0.81nb2, Package name: putty-0.81nb2, Maintainer: pkgsrc-users

PuTTY is a client program for the SSH, Telnet and Rlogin network protocols.

These protocols are all used to run a remote session on a computer, over a
network. PuTTY implements the client end of that session: the end at which
the session is displayed, rather than the end at which it runs.


Required to run:
[x11/gtk3]

Required to build:
[pkgtools/x11-links] [x11/xcb-proto] [x11/fixesproto4] [pkgtools/cwrappers] [x11/xorgproto]

Package options: inet6

Master sites:

Filesize: 2777.945 KB

Version history: (Expand)


CVS history: (Expand)


   2024-04-15 23:55:23 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
putty: update to 0.81.

PuTTY 0.81, released today, fixes a critical vulnerability
CVE-2024-31497 in the use of 521-bit ECDSA keys (ecdsa-sha2-nistp521).
If you have used a 521-bit ECDSA private key with any previous
version of PuTTY, consider the private key compromised: remove the
public key from authorized_keys files, and generate a new key pair.

However, this only affects that one algorithm and key size. No
other size of ECDSA key is affected, and no other key type is
affected.
   2024-04-07 09:35:33 by Thomas Klausner | Files touched by this commit (1138)
Log message:
*: bump for cairo buildlink3.mk change

lzo was made an option
   2024-04-06 10:07:18 by Thomas Klausner | Files touched by this commit (1490)
Log message:
* recursive bump for libxkbcommon 1.7.0

Marc Baudoin reported problems with using old binary packages
with the new libkxbcommon, so force everything to 1.7.0
   2023-12-18 16:57:00 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
putty: update to 0.80.

PuTTY version 0.80 is released
------------------------------

This is a SECURITY UPDATE. We recommend that _everybody_ upgrade, as
soon as possible.

There is one security fix in this release:

 - Fix for a newly discovered security issue known as the 'Terrapin'
   attack, also numbered CVE-2023-48795. The issue affects widely-used
   OpenSSH extensions to the SSH protocol: the ChaCha20+Poly1305
   cipher system, and 'encrypt-then-MAC' mode.

   In order to benefit from the fix, you must be using a fixed version
   of PuTTY _and_ a server with the fix, so that they can agree to
   adopt a modified version of the protocol. Alternatively, you may be
   able to reconfigure PuTTY to avoid selecting any of the affected
   modes.

   If PuTTY 0.80 connects to an SSH server without the fix, it will
   warn you if the initial protocol negotiation chooses an insecure
   mode to run the connection in, so that you can abandon the
   connection. If it's possible to alter PuTTY's configuration to
   avoid the problem, then the warning message will tell you how to do
   it.

As well as this security fix, there are two other ordinary bug fixes
in 0.80:

 - On Windows, if you installed the MSI package, PuTTY could not find
   its help file. The help file was installed, but PuTTY wouldn't be
   able to open it, so the help buttons in its dialog boxes were
   missing.

 - Sometimes, if you were looking at the terminal scrollback, the view
   position would be reset to the bottom of the scrollback unwantedly,
   if the server sent terminal output that didn't actually cause
   anything to be printed.
   2023-11-14 15:03:25 by Thomas Klausner | Files touched by this commit (1145)
Log message:
*: recursive bump for cairo dependency changes
   2023-11-12 14:24:43 by Thomas Klausner | Files touched by this commit (2570)
Log message:
*: revebump for new brotli option for freetype2

Addresses PR 57693
   2023-10-15 08:24:20 by Ryo ONODERA | Files touched by this commit (2)
Log message:
putty: Update to 0.79

Changelog:
2023-08-26 PuTTY 0.79 released

PuTTY 0.79, released today, is mostly a bug fix release, with only
minor new features in SSH and terminal mouse handling.

The most important bug fix is that we've restored the Windows
'install scope' to the way it was in 0.77 and earlier, reverting
the security workaround we had to put into 0.78. This means the
0.79 Windows installer will not uninstall 0.78 automatically, so
we recommend uninstalling 0.78 by hand first, if you have it
installed. As before, if you've ended up with both versions installed,
uninstalling them both and then running the new installer will put
everything right.
   2023-08-02 18:17:20 by Nia Alarie | Files touched by this commit (41)
Log message:
*: Use FORCE_C_STD=c99 for C packages that use for loop initial
declarations without setting -std=c99.