pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/security/putty



Module Name:    pkgsrc
Committed By:   ryoon
Date:           Mon Apr  1 12:10:43 UTC 2019

Modified Files:
        pkgsrc/security/putty: Makefile distinfo
        pkgsrc/security/putty/patches: patch-ldisc.c patch-misc.c
            patch-unix_Makefile.gtk
Added Files:
        pkgsrc/security/putty/patches: patch-terminal.c
Removed Files:
        pkgsrc/security/putty/patches: patch-unix_gtkdlg.c patch-unix_gtkwin.c
            patch-windows_window.c

Log Message:
Update to 0.71

Changelog:
 These features were new in 0.70 (released 2017-07-08):

    Security fix: the Windows PuTTY binaries should no longer be
    vulnerable to hijacking by specially named DLLs in the same
    directory, even a name we missed when we thought we'd fixed
    this in 0.69. See vuln-indirect-dll-hijack-3.

    Windows PuTTY should be able to print again, after our DLL
    hijacking defences broke that functionality.

    Windows PuTTY should be able to accept keyboard input outside
    the current code page, after our DLL hijacking defences broke
    that too.

 These features are new in 0.71 (released 2019-03-16):

    Security fixes found by an EU-funded bug bounty programme:

        a remotely triggerable memory overwrite in RSA key exchange,
        which can occur before host key verification

        potential recycling of random numbers used in cryptography

        on Windows, hijacking by a malicious help file in the same
        directory as the executable

        on Unix, remotely triggerable buffer overflow in any kind
        of server-to-client forwarding

        multiple denial-of-service attacks that can be triggered
        by writing to the terminal

    Other security enhancements: major rewrite of the crypto code
    to remove cache and timing side channels.

    User interface changes to protect against fake authentication
    prompts from a malicious server.

    We now provide pre-built binaries for Windows on Arm.

    Hardware-accelerated versions of the most common cryptographic
    primitives: AES, SHA-256, SHA-1.

    GTK PuTTY now supports non-X11 displays (e.g. Wayland) and
    high-DPI configurations.

    Type-ahead now works as soon as a PuTTY window is opened:
    keystrokes typed before authentication has finished will be
    buffered instead of being dropped.

    Support for GSSAPI key exchange: an alternative to the older
    GSSAPI authentication system which can keep your forwarded
    Kerberos credentials updated during a long session.

    More choices of user interface for clipboard handling.

    New terminal features: support the REP escape sequence (fixing
    an ncurses screen redraw failure), true colour, and SGR 2 dim
    text.

    Pressing Ctrl+Shift+PgUp or Ctrl+Shift+PgDn now takes you
    straight to the top or bottom of the terminal scrollback.


To generate a diff of this commit:
cvs rdiff -u -r1.55 -r1.56 pkgsrc/security/putty/Makefile
cvs rdiff -u -r1.24 -r1.25 pkgsrc/security/putty/distinfo
cvs rdiff -u -r1.1 -r1.2 pkgsrc/security/putty/patches/patch-ldisc.c \
    pkgsrc/security/putty/patches/patch-misc.c
cvs rdiff -u -r0 -r1.4 pkgsrc/security/putty/patches/patch-terminal.c
cvs rdiff -u -r1.2 -r1.3 \
    pkgsrc/security/putty/patches/patch-unix_Makefile.gtk
cvs rdiff -u -r1.1 -r0 pkgsrc/security/putty/patches/patch-unix_gtkdlg.c
cvs rdiff -u -r1.5 -r0 pkgsrc/security/putty/patches/patch-unix_gtkwin.c
cvs rdiff -u -r1.2 -r0 pkgsrc/security/putty/patches/patch-windows_window.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/putty/Makefile
diff -u pkgsrc/security/putty/Makefile:1.55 pkgsrc/security/putty/Makefile:1.56
--- pkgsrc/security/putty/Makefile:1.55 Wed Nov 14 22:22:22 2018
+++ pkgsrc/security/putty/Makefile      Mon Apr  1 12:10:43 2019
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.55 2018/11/14 22:22:22 kleink Exp $
+# $NetBSD: Makefile,v 1.56 2019/04/01 12:10:43 ryoon Exp $
 #
 
-DISTNAME=      putty-0.69
-PKGREVISION=   6
+DISTNAME=      putty-0.71
 CATEGORIES=    security
 MASTER_SITES=  http://the.earth.li/~sgtatham/putty/${PKGVERSION_NOREV}/
 

Index: pkgsrc/security/putty/distinfo
diff -u pkgsrc/security/putty/distinfo:1.24 pkgsrc/security/putty/distinfo:1.25
--- pkgsrc/security/putty/distinfo:1.24 Wed Aug  1 05:34:17 2018
+++ pkgsrc/security/putty/distinfo      Mon Apr  1 12:10:43 2019
@@ -1,16 +1,14 @@
-$NetBSD: distinfo,v 1.24 2018/08/01 05:34:17 maya Exp $
+$NetBSD: distinfo,v 1.25 2019/04/01 12:10:43 ryoon Exp $
 
-SHA1 (putty-0.69.tar.gz) = f98ec09ecba4d9a4efc66fac5c86078cef27b41a
-RMD160 (putty-0.69.tar.gz) = e120ead901dacd233885adb36afa82aaa10ad469
-SHA512 (putty-0.69.tar.gz) = 2739829adec60df5658709d61f8539d431f6b5d71b9b893fcefb2a04ac52bf2ace26f9ca784156d6540fa3f3e5858a86eb2921002b4cc05f9fbf22da7931ec2a
-Size (putty-0.69.tar.gz) = 2122306 bytes
-SHA1 (patch-ldisc.c) = e4dd89bfb2ddcb47aad46cc7c311f424aa6ab6be
-SHA1 (patch-misc.c) = fb7ba23f3c3301181d2ca7666a037f7bb3ac3f7b
+SHA1 (putty-0.71.tar.gz) = 6bc785c304aff029f28ca1bd71d8654db8f24f1a
+RMD160 (putty-0.71.tar.gz) = 0df8a21b993df7c526952fb375f0630e219da7f5
+SHA512 (putty-0.71.tar.gz) = f8791210bd5925b26d51b13f0558eea15dbac40808051165b236d6436226f5c2b0aa7d69288ed9e2bddc1066455678cfd0af73ef6b715a136c42f3b6f754ac07
+Size (putty-0.71.tar.gz) = 2423752 bytes
+SHA1 (patch-ldisc.c) = 9a12a0b96bdf57ae219651b38d695fa5440da354
+SHA1 (patch-misc.c) = fa1c2db8eb20ceaadb4b57b6aefa57f22d2ae26f
+SHA1 (patch-terminal.c) = 9e57f754bb2071c8c6b6a92ae63772eb10790121
 SHA1 (patch-timing.c) = 9dd79fde390878960e97c456628bbd5dcbcd07f9
-SHA1 (patch-unix_Makefile.gtk) = 399636a9b6d445fa0cdd55c7a887efa8f03bdc94
-SHA1 (patch-unix_gtkdlg.c) = 35b60132e3882ebdfeaa5e613a12b2daeb332451
-SHA1 (patch-unix_gtkwin.c) = 0df64e21e96fd9167aaf2bc4cdc9d52d99373218
+SHA1 (patch-unix_Makefile.gtk) = 7fe7859ad91afb57ef3ba31194ffd2ef784f638d
 SHA1 (patch-unix_uxnet.c) = 2d1c2939721993fe5616c2fe3f1935c03a31bb35
 SHA1 (patch-unix_uxpgnt.c) = b5625b33b940ea2870d3e91d38e2303a80d6887b
 SHA1 (patch-unix_uxucs.c) = a2a5021b515c3bade1126ed062bdc1eece1ca0f9
-SHA1 (patch-windows_window.c) = e851bad963967429131286c18e39d1ac4add4ae7

Index: pkgsrc/security/putty/patches/patch-ldisc.c
diff -u pkgsrc/security/putty/patches/patch-ldisc.c:1.1 pkgsrc/security/putty/patches/patch-ldisc.c:1.2
--- pkgsrc/security/putty/patches/patch-ldisc.c:1.1     Wed Feb 22 15:30:20 2012
+++ pkgsrc/security/putty/patches/patch-ldisc.c Mon Apr  1 12:10:43 2019
@@ -1,19 +1,19 @@
-$NetBSD: patch-ldisc.c,v 1.1 2012/02/22 15:30:20 wiz Exp $
+$NetBSD: patch-ldisc.c,v 1.2 2019/04/01 12:10:43 ryoon Exp $
 
 pwrite is a standard system call
 
---- ldisc.c.orig       2010-09-09 14:32:25.000000000 +0000
+--- ldisc.c.orig       2019-03-16 12:26:34.000000000 +0000
 +++ ldisc.c
-@@ -41,7 +41,7 @@ static int plen(Ldisc ldisc, unsigned ch
+@@ -42,7 +42,7 @@ static int plen(Ldisc *ldisc, unsigned c
        return 4;                      /* <XY> hex representation */
  }
  
--static void pwrite(Ldisc ldisc, unsigned char c)
-+static void pwrite_(Ldisc ldisc, unsigned char c)
+-static void pwrite(Ldisc *ldisc, unsigned char c)
++static void pwrite_(Ldisc *ldisc, unsigned char c)
  {
      if ((c >= 32 && c <= 126) ||
        (!in_utf(ldisc->term) && c >= 0xA0) ||
-@@ -217,7 +217,7 @@ void ldisc_send(void *handle, char *buf,
+@@ -229,7 +229,7 @@ void ldisc_send(Ldisc *ldisc, const void
                    int i;
                    c_write(ldisc, "^R\r\n", 4);
                    for (i = 0; i < ldisc->buflen; i++)
@@ -22,12 +22,12 @@ pwrite is a standard system call
                }
                break;
              case CTRL('V'):          /* quote next char */
-@@ -284,7 +284,7 @@ void ldisc_send(void *handle, char *buf,
-               }
+@@ -294,7 +294,7 @@ void ldisc_send(Ldisc *ldisc, const void
+                 sgrowarray(ldisc->buf, ldisc->bufsiz, ldisc->buflen);
                ldisc->buf[ldisc->buflen++] = c;
                if (ECHOING)
 -                  pwrite(ldisc, (unsigned char) c);
 +                  pwrite_(ldisc, (unsigned char) c);
-               ldisc->quotenext = FALSE;
+               ldisc->quotenext = false;
                break;
            }
Index: pkgsrc/security/putty/patches/patch-misc.c
diff -u pkgsrc/security/putty/patches/patch-misc.c:1.1 pkgsrc/security/putty/patches/patch-misc.c:1.2
--- pkgsrc/security/putty/patches/patch-misc.c:1.1      Wed Apr  8 18:45:22 2015
+++ pkgsrc/security/putty/patches/patch-misc.c  Mon Apr  1 12:10:43 2019
@@ -1,13 +1,13 @@
-$NetBSD: patch-misc.c,v 1.1 2015/04/08 18:45:22 ryoon Exp $
+$NetBSD: patch-misc.c,v 1.2 2019/04/01 12:10:43 ryoon Exp $
 
---- misc.c.orig        2015-02-28 15:33:27.000000000 +0000
+--- misc.c.orig        2019-03-16 12:26:34.000000000 +0000
 +++ misc.c
-@@ -964,7 +964,7 @@ int validate_manual_hostkey(char *key)
+@@ -158,7 +158,7 @@ bool validate_manual_hostkey(char *key)
                  if (q[3*i+2] != ':')
                      goto not_fingerprint; /* sorry */
              for (i = 0; i < 16*3 - 1; i++)
 -                key[i] = tolower(q[i]);
 +                key[i] = tolower((unsigned char)(q[i]));
              key[16*3 - 1] = '\0';
-             return TRUE;
+             return true;
          }

Index: pkgsrc/security/putty/patches/patch-unix_Makefile.gtk
diff -u pkgsrc/security/putty/patches/patch-unix_Makefile.gtk:1.2 pkgsrc/security/putty/patches/patch-unix_Makefile.gtk:1.3
--- pkgsrc/security/putty/patches/patch-unix_Makefile.gtk:1.2   Fri Mar 17 00:11:48 2017
+++ pkgsrc/security/putty/patches/patch-unix_Makefile.gtk       Mon Apr  1 12:10:43 2019
@@ -1,17 +1,17 @@
-$NetBSD: patch-unix_Makefile.gtk,v 1.2 2017/03/17 00:11:48 maya Exp $
+$NetBSD: patch-unix_Makefile.gtk,v 1.3 2019/04/01 12:10:43 ryoon Exp $
 
 Allow adding CFLAGS from the pkgsrc environment.
 Use pkgsrc infrastructure for deciding on whether to link against libdl or not.
 
---- unix/Makefile.gtk.orig     2017-02-18 17:10:17.000000000 +0000
+--- unix/Makefile.gtk.orig     2019-03-16 12:26:40.000000000 +0000
 +++ unix/Makefile.gtk
-@@ -111,14 +111,14 @@ GTK_CONFIG = sh -c 'pkg-config gtk+-3.0 
+@@ -109,14 +109,14 @@ GTK_CONFIG = sh -c 'pkg-config gtk+-3.0 
  
  unexport CFLAGS # work around a weird issue with krb5-config
  
--CFLAGS = -O2 -Wall -Werror -g -I.././ -I../charset/ -I../windows/ -I../unix/ \
-+CFLAGS += -O2 -Wall -Werror -g -I.././ -I../charset/ -I../windows/ -I../unix/ \
-               $(shell $(GTK_CONFIG) --cflags) -D _FILE_OFFSET_BITS=64
+-CFLAGS = -O2 -Wall -Werror -std=gnu99 -Wvla -g -I.././ -I../charset/ \
++CFLAGS += -O2 -Wall -Werror -std=gnu99 -Wvla -g -I.././ -I../charset/ \
+               -I../windows/ -I../unix/ $(shell $(GTK_CONFIG) --cflags) -D _FILE_OFFSET_BITS=64
  XLDFLAGS = $(LDFLAGS) $(shell $(GTK_CONFIG) --libs)
  ULDFLAGS = $(LDFLAGS)
  ifeq (,$(findstring NO_GSSAPI,$(COMPAT)))
@@ -23,7 +23,7 @@ Use pkgsrc infrastructure for deciding o
  else
  CFLAGS+= -DNO_LIBDL $(shell $(KRB5CONFIG) --cflags gssapi)
  XLDFLAGS+= $(shell $(KRB5CONFIG) --libs gssapi)
-@@ -128,7 +128,7 @@ endif
+@@ -126,7 +126,7 @@ endif
  INSTALL=install
  INSTALL_PROGRAM=$(INSTALL)
  INSTALL_DATA=$(INSTALL)

Added files:

Index: pkgsrc/security/putty/patches/patch-terminal.c
diff -u /dev/null pkgsrc/security/putty/patches/patch-terminal.c:1.4
--- /dev/null   Mon Apr  1 12:10:43 2019
+++ pkgsrc/security/putty/patches/patch-terminal.c      Mon Apr  1 12:10:43 2019
@@ -0,0 +1,26 @@
+$NetBSD: patch-terminal.c,v 1.4 2019/04/01 12:10:43 ryoon Exp $
+
+Make the home/end keys work on BSD servers as well as Linux ones
+
+--- terminal.c.orig    2019-03-31 15:56:54.023245872 +0000
++++ terminal.c
+@@ -6746,8 +6746,17 @@ int format_small_keypad_key(char *buf, T
+         } else {
+             p += sprintf(p, "\x1B[%c", codes[code-1]);
+         }
+-    } else if ((code == 1 || code == 4) && term->rxvt_homeend) {
+-        p += sprintf(p, code == 1 ? "\x1B[H" : "\x1BOw");
++    } else if (code == 1 || code == 4) {
++      /* Home/End */
++      /* Send the correct XTerm or rxvt codes for home/end
++       * We used to send ^[1~ and [4~ for Xterm,
++       * but those are Linux console */
++      const char *he;
++      if (term->rxvt_homeend)
++          he = code == 1 ? "\x1B[7~" : "\x1B[8~";
++      else
++          he = code == 1 ? "\x1BOH" : "\x1BOF";
++      p += sprintf((char *) p, he);
+     } else {
+         p += sprintf(p, "\x1B[%d~", code);
+     }



Home | Main Index | Thread Index | Old Index