Subject: CVS commit: pkgsrc/security/putty
From: Ryo ONODERA
Date: 2019-04-01 14:10:43
Message id: 20190401121043.528A0FB16@cvs.NetBSD.org
Log Message:
Update to 0.71

Changelog:
 These features were new in 0.70 (released 2017-07-08):

    Security fix: the Windows PuTTY binaries should no longer be
    vulnerable to hijacking by specially named DLLs in the same
    directory, even a name we missed when we thought we'd fixed
    this in 0.69. See vuln-indirect-dll-hijack-3.

    Windows PuTTY should be able to print again, after our DLL
    hijacking defences broke that functionality.

    Windows PuTTY should be able to accept keyboard input outside
    the current code page, after our DLL hijacking defences broke
    that too.

 These features are new in 0.71 (released 2019-03-16):

    Security fixes found by an EU-funded bug bounty programme:

	a remotely triggerable memory overwrite in RSA key exchange,
	which can occur before host key verification

	potential recycling of random numbers used in cryptography

	on Windows, hijacking by a malicious help file in the same
	directory as the executable

	on Unix, remotely triggerable buffer overflow in any kind
	of server-to-client forwarding

	multiple denial-of-service attacks that can be triggered
	by writing to the terminal

    Other security enhancements: major rewrite of the crypto code
    to remove cache and timing side channels.

    User interface changes to protect against fake authentication
    prompts from a malicious server.

    We now provide pre-built binaries for Windows on Arm.

    Hardware-accelerated versions of the most common cryptographic
    primitives: AES, SHA-256, SHA-1.

    GTK PuTTY now supports non-X11 displays (e.g. Wayland) and
    high-DPI configurations.

    Type-ahead now works as soon as a PuTTY window is opened:
    keystrokes typed before authentication has finished will be
    buffered instead of being dropped.

    Support for GSSAPI key exchange: an alternative to the older
    GSSAPI authentication system which can keep your forwarded
    Kerberos credentials updated during a long session.

    More choices of user interface for clipboard handling.

    New terminal features: support the REP escape sequence (fixing
    an ncurses screen redraw failure), true colour, and SGR 2 dim
    text.

    Pressing Ctrl+Shift+PgUp or Ctrl+Shift+PgDn now takes you
    straight to the top or bottom of the terminal scrollback.
Files:
RevisionActionfile
1.56modifypkgsrc/security/putty/Makefile
1.25modifypkgsrc/security/putty/distinfo
1.2modifypkgsrc/security/putty/patches/patch-ldisc.c
1.2modifypkgsrc/security/putty/patches/patch-misc.c
1.3modifypkgsrc/security/putty/patches/patch-unix_Makefile.gtk
1.4addpkgsrc/security/putty/patches/patch-terminal.c
1.1removepkgsrc/security/putty/patches/patch-unix_gtkdlg.c
1.5removepkgsrc/security/putty/patches/patch-unix_gtkwin.c
1.2removepkgsrc/security/putty/patches/patch-windows_window.c