putty: update to 0.81. PuTTY 0.81, released today, fixes a critical vulnerability CVE-2024-31497 in the use of 521-bit ECDSA keys (ecdsa-sha2-nistp521). If you have used a 521-bit ECDSA private key with any previous version of PuTTY, consider the private key compromised: remove the public key from authorized_keys files, and generate a new key pair. However, this only affects that one algorithm and key size. No other size of ECDSA key is affected, and no other key type is affected.diff -r1.83 -r1.84 pkgsrc/security/putty/Makefile
(wiz)
@@ -1,17 +1,16 @@ | @@ -1,17 +1,16 @@ | |||
1 | # $NetBSD: Makefile,v 1.83 2024/04/07 07:34:57 wiz Exp $ | 1 | # $NetBSD: Makefile,v 1.84 2024/04/15 21:55:23 wiz Exp $ | |
2 | 2 | |||
3 | DISTNAME= putty-0.80 | 3 | DISTNAME= putty-0.81 | |
4 | PKGREVISION= 2 | |||
5 | CATEGORIES= security | 4 | CATEGORIES= security | |
6 | MASTER_SITES= http://the.earth.li/~sgtatham/putty/${PKGVERSION_NOREV}/ | 5 | MASTER_SITES= http://the.earth.li/~sgtatham/putty/${PKGVERSION_NOREV}/ | |
7 | 6 | |||
8 | MAINTAINER= pkgsrc-users@NetBSD.org | 7 | MAINTAINER= pkgsrc-users@NetBSD.org | |
9 | HOMEPAGE= https://www.chiark.greenend.org.uk/~sgtatham/putty/ | 8 | HOMEPAGE= https://www.chiark.greenend.org.uk/~sgtatham/putty/ | |
10 | COMMENT= Free implementation of Telnet and SSH for Win32 and Unix platforms | 9 | COMMENT= Free implementation of Telnet and SSH for Win32 and Unix platforms | |
11 | LICENSE= mit | 10 | LICENSE= mit | |
12 | 11 | |||
13 | USE_CMAKE= yes | 12 | USE_CMAKE= yes | |
14 | USE_TOOLS+= perl pkg-config | 13 | USE_TOOLS+= perl pkg-config | |
15 | 14 | |||
16 | # error: 'for' loop initial declarations are only allowed in C99 mode | 15 | # error: 'for' loop initial declarations are only allowed in C99 mode | |
17 | FORCE_C_STD= c99 | 16 | FORCE_C_STD= c99 |
@@ -1,8 +1,8 @@ | @@ -1,8 +1,8 @@ | |||
1 | $NetBSD: distinfo,v 1.37 2023/12/18 15:57:00 wiz Exp $ | 1 | $NetBSD: distinfo,v 1.38 2024/04/15 21:55:23 wiz Exp $ | |
2 | 2 | |||
3 | BLAKE2s (putty-0.80.tar.gz) = c9e95c3ef9118d17c5c4c185db5a4c4b5d9e7dc5ff0d598e20feba674a8266ff | 3 | BLAKE2s (putty-0.81.tar.gz) = c6e77fbf456bb5f43d2d65689e8d51d664962e715daef3373d5286a6c2676a65 | |
4 | SHA512 (putty-0.80.tar.gz) = c8a6b6fa54ecd8bcf4ec274fef51343dd9996e6458b250b5555c4dc88ded25e87f97277da482c29858510e65635112d541f559ab683635bd950572d850129f90 | 4 | SHA512 (putty-0.81.tar.gz) = d86f2fd0e126b18275d58cf64334b3b27c450899a1c2be2502de9faa2ef58f7fc8efc5d45f25c8395623f1e21917aa02407343bb2fee44c4c00b9f81267d5ecd | |
5 | Size (putty-0.80.tar.gz) = 2831433 bytes | 5 | Size (putty-0.81.tar.gz) = 2844616 bytes | |
6 | SHA1 (patch-ldisc.c) = cf31a65f920a3ea9b4a70602e4b2fd4d5df8d3e8 | 6 | SHA1 (patch-ldisc.c) = cf31a65f920a3ea9b4a70602e4b2fd4d5df8d3e8 | |
7 | SHA1 (patch-terminal.c) = 690d9021b14947ae24c68ecff6781ad255ab7a70 | 7 | SHA1 (patch-terminal.c) = 690d9021b14947ae24c68ecff6781ad255ab7a70 | |
8 | SHA1 (patch-timing.c) = a6a492fc8b22c58e2973c854bffa4c8bf71eb6a7 | 8 | SHA1 (patch-timing.c) = a6a492fc8b22c58e2973c854bffa4c8bf71eb6a7 |