Now
MAIN commitmail json YAML
pkgsrc/security/putty/Makefile@1.56
/
diff
pkgsrc/security/putty/distinfo@1.25 / diff
pkgsrc/security/putty/patches/patch-ldisc.c@1.2 / diff
pkgsrc/security/putty/patches/patch-misc.c@1.2 / diff
pkgsrc/security/putty/patches/patch-terminal.c@1.4 / diff
pkgsrc/security/putty/patches/patch-unix_Makefile.gtk@1.3 / diff
pkgsrc/security/putty/patches/patch-unix_gtkdlg.c deleted
pkgsrc/security/putty/patches/patch-unix_gtkwin.c deleted
pkgsrc/security/putty/patches/patch-windows_window.c deleted
pkgsrc/security/putty/distinfo@1.25 / diff
pkgsrc/security/putty/patches/patch-ldisc.c@1.2 / diff
pkgsrc/security/putty/patches/patch-misc.c@1.2 / diff
pkgsrc/security/putty/patches/patch-terminal.c@1.4 / diff
pkgsrc/security/putty/patches/patch-unix_Makefile.gtk@1.3 / diff
pkgsrc/security/putty/patches/patch-unix_gtkdlg.c deleted
pkgsrc/security/putty/patches/patch-unix_gtkwin.c deleted
pkgsrc/security/putty/patches/patch-windows_window.c deleted
Update to 0.71
Changelog:
These features were new in 0.70 (released 2017-07-08):
Security fix: the Windows PuTTY binaries should no longer be
vulnerable to hijacking by specially named DLLs in the same
directory, even a name we missed when we thought we'd fixed
this in 0.69. See vuln-indirect-dll-hijack-3.
Windows PuTTY should be able to print again, after our DLL
hijacking defences broke that functionality.
Windows PuTTY should be able to accept keyboard input outside
the current code page, after our DLL hijacking defences broke
that too.
These features are new in 0.71 (released 2019-03-16):
Security fixes found by an EU-funded bug bounty programme:
a remotely triggerable memory overwrite in RSA key exchange,
which can occur before host key verification
potential recycling of random numbers used in cryptography
on Windows, hijacking by a malicious help file in the same
directory as the executable
on Unix, remotely triggerable buffer overflow in any kind
of server-to-client forwarding
multiple denial-of-service attacks that can be triggered
by writing to the terminal
Other security enhancements: major rewrite of the crypto code
to remove cache and timing side channels.
User interface changes to protect against fake authentication
prompts from a malicious server.
We now provide pre-built binaries for Windows on Arm.
Hardware-accelerated versions of the most common cryptographic
primitives: AES, SHA-256, SHA-1.
GTK PuTTY now supports non-X11 displays (e.g. Wayland) and
high-DPI configurations.
Type-ahead now works as soon as a PuTTY window is opened:
keystrokes typed before authentication has finished will be
buffered instead of being dropped.
Support for GSSAPI key exchange: an alternative to the older
GSSAPI authentication system which can keep your forwarded
Kerberos credentials updated during a long session.
More choices of user interface for clipboard handling.
New terminal features: support the REP escape sequence (fixing
an ncurses screen redraw failure), true colour, and SGR 2 dim
text.
Pressing Ctrl+Shift+PgUp or Ctrl+Shift+PgDn now takes you
straight to the top or bottom of the terminal scrollback.
Changelog:
These features were new in 0.70 (released 2017-07-08):
Security fix: the Windows PuTTY binaries should no longer be
vulnerable to hijacking by specially named DLLs in the same
directory, even a name we missed when we thought we'd fixed
this in 0.69. See vuln-indirect-dll-hijack-3.
Windows PuTTY should be able to print again, after our DLL
hijacking defences broke that functionality.
Windows PuTTY should be able to accept keyboard input outside
the current code page, after our DLL hijacking defences broke
that too.
These features are new in 0.71 (released 2019-03-16):
Security fixes found by an EU-funded bug bounty programme:
a remotely triggerable memory overwrite in RSA key exchange,
which can occur before host key verification
potential recycling of random numbers used in cryptography
on Windows, hijacking by a malicious help file in the same
directory as the executable
on Unix, remotely triggerable buffer overflow in any kind
of server-to-client forwarding
multiple denial-of-service attacks that can be triggered
by writing to the terminal
Other security enhancements: major rewrite of the crypto code
to remove cache and timing side channels.
User interface changes to protect against fake authentication
prompts from a malicious server.
We now provide pre-built binaries for Windows on Arm.
Hardware-accelerated versions of the most common cryptographic
primitives: AES, SHA-256, SHA-1.
GTK PuTTY now supports non-X11 displays (e.g. Wayland) and
high-DPI configurations.
Type-ahead now works as soon as a PuTTY window is opened:
keystrokes typed before authentication has finished will be
buffered instead of being dropped.
Support for GSSAPI key exchange: an alternative to the older
GSSAPI authentication system which can keep your forwarded
Kerberos credentials updated during a long session.
More choices of user interface for clipboard handling.
New terminal features: support the REP escape sequence (fixing
an ncurses screen redraw failure), true colour, and SGR 2 dim
text.
Pressing Ctrl+Shift+PgUp or Ctrl+Shift+PgDn now takes you
straight to the top or bottom of the terminal scrollback.