./security/putty, Free implementation of Telnet and SSH for Win32 and Unix platforms

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 0.74nb1, Package name: putty-0.74nb1, Maintainer: pkgsrc-users

PuTTY is a client program for the SSH, Telnet and Rlogin network protocols.

These protocols are all used to run a remote session on a computer, over a
network. PuTTY implements the client end of that session: the end at which
the session is displayed, rather than the end at which it runs.

Required to run:

Required to build:
[pkgtools/x11-links] [x11/xcb-proto] [x11/fixesproto4] [pkgtools/cwrappers] [x11/xorgproto]

Package options: inet6

Master sites:

SHA1: 17b160e9720f67f9af9399d7d185b913b81f18fe
RMD160: 0bcc5b606f19379168d19de6f5b764a7c2753bf5
Filesize: 2418.47 KB

Version history: (Expand)

CVS history: (Expand)

   2020-08-18 05:44:53 by Tobias Nygren | Files touched by this commit (1)
Log message:
putty: define -DHAVE_NO_SETRESUID on NetBSD
   2020-08-17 22:20:41 by Leonardo Taccari | Files touched by this commit (2202)
Log message:
*: revbump after fontconfig bl3 changes (libuuid removal)
   2020-07-30 15:32:33 by Tobias Nygren | Files touched by this commit (3)
Log message:
putty: fix build on Linux
   2020-06-29 13:49:50 by Ryo ONODERA | Files touched by this commit (3) | Package updated
Log message:
putty: Update to 0.74

This release fixes the following security issues:

 - In some situations an SSH server could cause PuTTY to access freed
   mdmory by pretending to accept an SSH key and then refusing the
   actual signature. It can only happen if you're using an SSH agent.

 - New configuration option to disable PuTTY's default policy of
   changing its host key algorithm preferences to prefer keys it
   already knows. (There is a theoretical information leak in this

Other bug fixes include:

 - Windows installer: the text in the installer UI is now visible in
   Windows high-contrast mode. (Previously it was white on white by

 - Windows 7: fixed spurious OS out-of-memory error when reading
   passwords from a Windows console (e.g. psftp).

 - Terminal crash: the dreaded "line==NULL" error could happen if an
   application switched between the main and alternate screens while
   the user was looking at the scrollback.

 - Terminal crash: the terminal could fail an assertion when sending
   an empty answerback string, and when pasting text none of whose
   characters exist in the selected character set.

 - SSH: fixed endless memory-allocating loop that could be triggered
   by the combination of a misbehaving SSH agent and PuTTY's bug
   compatibility mode for padded RSA signatures.

 - File transfer: when uploading files to some SFTP servers (e.g. the
   one in proftpd's mod_sftp), PSFTP would consume up to 4GB of local
   memory before sending anything to the server.

 - Terminal behaviour: sometimes the cursor was put in the wrong place
   after restoring from the alternate screen.

 - GTK: fixed font size calculation when using newer Pango libraries
   (e.g. the one on Ubuntu 20.04).

 - GTK: scroll wheel events now work in unusual environments like VNC.
   2020-03-10 23:11:24 by Thomas Klausner | Files touched by this commit (1681) | Package updated
Log message:
librsvg: update bl3.mk to remove libcroco in rust case

recursive bump for the dependency change
   2020-03-08 17:51:54 by Thomas Klausner | Files touched by this commit (2833)
Log message:
*: recursive bump for libffi
   2019-12-19 23:22:33 by Joerg Sonnenberger | Files touched by this commit (2)
Log message:
Avoid using a non-literal string as format string.
   2019-10-01 17:22:41 by Ryo ONODERA | Files touched by this commit (5) | Package updated
Log message:
Update to 0.73

Vulnerabilities fixed in this release include:

 - On Windows, the listening sockets used for local port forwarding
   were opened in a mode that did not prevent other processes from
   also listening on the same ports and stealing some of the incoming

 - In the PuTTY terminal, bracketed paste mode was broken in 0.72, in
   a way that made the pasted data look like manual keyboard input. So
   any application relying on the bracketing sequences to protect
   against malicious clipboard contents would have been misled.

 - An SSH-1 server could trigger an access to freed memory by sending
   the SSH1_MSG_DISCONNECT message. Not known to be exploitable.

Other bug fixes include:

 - Windows Plink no longer crashes on startup when it tries to tell
   you it's reusing an existing SSH connection.

 - Windows PuTTY now updates its terminal window size correctly if the
   screen resolution changes while it's maximised.

 - If you display the coloured error messages from gcc in the PuTTY
   terminal, there is no longer a missing character if a colour change
   happens exactly at the end of a line.

 - If you use the 'Clear Scrollback' menu option or escape sequence
   while text in the scrollback is selected, it no longer causes an
   assertion failure.