non port: security/putty/distinfo |
Number of commits found: 33 |
Tuesday, 19 Dec 2023
|
22:24 Matthias Andree (mandree)
security/putty: security update → 0.80 to fix Terrapin vulnerability
Note this requires the server side to also add the protocol extension.
Security: 91955195-9ebb-11ee-bc14-a703705db3a6
Security: CVE-2023-48795
Changelog: https://lists.tartarus.org/pipermail/putty-announce/2023/000037.html
MFH: 2023Q4
f9007a5 |
Sunday, 27 Aug 2023
|
12:46 Matthias Andree (mandree)
security/putty: update → 0.79
ChangeLog: https://lists.tartarus.org/pipermail/putty-announce/2023/000036.html
MFH: 2023Q3
51b6c68 |
Saturday, 29 Oct 2022
|
19:15 Matthias Andree (mandree)
security/putty: update to 0.78 release
FreeBSD relevant changes since 20221023 snapshot:
* f9a8213d 2022-10-29 | Docs: add a 'pdf' cmake target. (origin/main,
origin/HEAD) [Jacob Nevins]
* 4ff82ab2 2022-10-28 | Update version number for 0.78 release. (tag: 0.78)
[Simon Tatham]
* 475c2387 2022-10-28 | Unix: stop accessing ctrl->fileselect for font
selectors. [Simon Tatham]
* 329a4cdd 2022-10-24 | authplugin-example.py: Flush stderr. [Jacob Nevins]
* 538c8fd2 2022-10-24 | authplugin-example.py: Mention documentation. [Jacob
Nevins]
* a7106d8e 2022-10-23 | Add missing initialisation of term->osc_strlen. [Simon
Tatham]
* bdb3ac9f 2022-10-23 | Restrict -pwfile / -pw to apply to server prompts only.
[Simon Tatham]
* 2fbb9284 2022-10-23 | Fix outdated comment relating to -pw. [Jacob Nevins]
* f7e86ca2 2022-10-22 | README: remove mention of doc/Makefile. [Jacob Nevins]
* f229aab2 2022-10-23 | Rewrap a paragraph in README. [Jacob Nevins]
MFH: 2022Q4 (after 10 days)
According to Simon, he caught this assertion error in the act,
and 475c2387 should fix
PR: 267253
a4d049c |
Sunday, 23 Oct 2022
|
10:25 Matthias Andree (mandree)
security/putty: update to snapshot 20221023
FreeBSD-relevant changes since previous snapshot:
* 75ac4443 2022-10-22 | Document subdomain matching of cert expr wildcards.
[Jacob Nevins]
* 500568d2 2022-10-22 | Docs: fix trivial typo from 6472f7fc77. [Jacob Nevins]
* 5f3b743e 2022-10-21 | Tweak certified-host-key prompt. [Jacob Nevins]
* bb1ebc9b 2022-10-21 | Docs: tweak certified-host-key warning responses. [Jacob
Nevins]
* 5716c638 2022-10-21 | Docs: cross-reference host-key warning sections. [Jacob
Nevins]
* 8c534c26 2022-10-21 | Docs: note "wrong host key" warning is stronger. [Jacob
Nevins]
* 1d1d81d6 2022-10-21 | Fix regressions in Gtk host key "More info". [Jacob
Nevins]
* dc9ab5e0 2022-10-21 | Rename NTRU Prime / Curve25519 kex in UI. [Jacob Nevins]
* 6472f7fc 2022-10-21 | Docs: update Pageant key list description. [Jacob
Nevins]
* 5d5a6a8f 2022-10-21 | Docs: MD5 is forced for SSH-1 key fingerprints. [Jacob
Nevins]
* d4298308 2022-10-21 | Docs: prime generation defaults are usually fine. [Jacob
Nevins]
* 2b5b7b5c 2022-10-21 | Docs: note warning about <2048-bit RSA/DSA keys. [Jacob
Nevins]
* 617bf732 2022-10-21 | Docs: PuTTYgen: fix gratuitous exclusion of PSFTP.
[Jacob Nevins]
* 11950739 2022-10-21 | Docs: add index alias for "ECDSA". [Jacob Nevins]
* 4af8a585 2022-10-20 | cmdgen: Fix docs and usage messages. [Jacob Nevins]
* 68c97fb2 2022-10-19 | Fix installing man pages from our tarballs. [Jacob
Nevins]
* 2222cd10 2022-10-12 | AES-GCM NEON: cope with missing vaddq_p128. [Simon
Tatham]
While here, fix PORTVERSION->DISTVERSION to get rid of the tilde
that confuses pkg(8).
And while it may not fix the issue, I still want this commit log
to appear in
PR: 267253
765de7a |
Thursday, 22 Sep 2022
|
19:01 Matthias Andree (mandree)
security/putty: update to 0.78~pre20220922
This permits a FreeBSD build without patches; the two remaining
items are 1. avoiding the GSSAPI-related call into pkg-config because it
would not cover base-GSSAPI so we force the fallback to krb5-config
(which we control by way of ports/Mk/Uses/gssapi.mk), and
2. making sure PuTTY's build would not ascend directory hierarchy to
pick up our ports tree's Git information. We are only packaging
(pre-)release tarballs where we do not need to run Git.
Thanks to Simon Tatham, upstream maintainer, for issuing the
pre-releases and being very responsive and open to making the
build experience smooth for everyone.
5a7297a |
Monday, 19 Sep 2022
|
17:29 Matthias Andree (mandree)
security/putty: Update to pre20220919 + 2 Git patches
This allows us to remove all local patch files.
4872e1b |
Sunday, 18 Sep 2022
|
11:35 Matthias Andree (mandree)
security/putty: upgrade to pre-release 0.78~pre20220916.e1b73f0
ChangeLog: https://lists.tartarus.org/pipermail/putty-announce/2022/000034.html
Please test this thoroughly and if you happen to have a Kerberos-
or GSSAPI-enabled SSH server, please give the maintainer feedback
whether GSSAPI works for you and which GSSAPI library you have
installed.
8b46420 |
Friday, 27 May 2022
|
23:20 Matthias Andree (mandree)
security/putty: update to 0.77
PuTTY 0.77 changed its build system to cmake, and restructured the
source code, thus the patches were regenerated and updated.
As a consequence, GSSAPI_BASE no longer works because cmake wants
pkg-config and hence .pc files.
GSSAPI_HEIMDAL does not compile due to #define (&_foo) xxx.
Both GSSAPI_BASE and GSSAPI_HEIMDAL were disabled. Assistance solicited.
There is a new experimental GSSAPI_DYNAMIC which permits configuring the
GSS provider at run-time, which the package maintainer cannot test
for lack of Kerberized access somewhere. Feedback solicited.
Puttytel was removed upstream, Psusan was added, which is just the inner
SSH protocol layer. See its man page for details.
GTK2 remnants were removed. GTK is currently inseparable from X11,
message was sent to upstream maintainer to see if that is intentional.
Manual pages now install into ${PREFIX}/share/man/man1 (previous
versions of the port installed into ${PREFIX}/man/man1).
Upstream changes: see
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
No MFH due to intrusive changes and removal of options.
f3d4c38 |
Sunday, 18 Jul 2021
|
08:49 Matthias Andree (mandree)
security/putty: update to 0.76.
FreeBSD relevant changes per
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
+ New option to abandon an SSH connection if the server allows you to
authenticate in a trivial manner.
+ Bug fix: user colour-palette reconfiguration via 'Change Settings'
were delayed-action.
+ Bug fix: server colour-palette reconfigurations were sometimes lost.
+ Bug fix: a tight loop could occur on reading a truncated private key
file.
7807f3b |
Saturday, 8 May 2021
|
15:00 Matthias Andree (mandree)
security/putty: update to 0.75
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
Deprecate -gtk2 version for Mid-December 2021.
Clean up a bit.
6b288be |
Sunday, 28 Jun 2020
|
13:55 mandree
security/putty*: upgrade to 0.74 security fix release
Changelog:
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
among them are these two---and more bugfixes beyond not listed here:
* Security fix: if an SSH server accepted an offer of a public key
and then rejected the signature, PuTTY could access freed memory,
if the key had come from an SSH agent.
* Security feature: new config option to disable PuTTY's dynamic
host key preference policy, if you prefer to avoid giving away
to eavesdroppers which hosts you have stored keys for.
MFH: 2020Q2
Security: 6190c0cd-b945-11ea-9401-2dcf562daa69
Security: CVE-2020-14002
Security: FZI-2020-5
|
Friday, 18 Oct 2019
|
15:58 mandree
Update to upstream release 0.73 (security fixes)
Relevant changes taken from this...
ChangeLog: https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
* Security fix: in bracketed paste mode, the terminal escape sequences that
should delimit the pasted data were appearing together on one side of it,
making it possible to misidentify pasted data as manual keyboard input.
* Bug fix (possibly security-related): an SSH-1 server sending a disconnection
message could cause an access to freed memory.
* Bug fix: tweaked terminal handling to prevent lost characters at the ends of
lines in gcc's coloured error messages.
* Bug fix: removed a bad interaction between the 'clear scrollback' operation
and mouse selection that could give rise to the dreaded "line==NULL"
assertion box.
MFH: 2019Q4
|
Saturday, 20 Jul 2019
|
16:16 mandree
Security update to new upstream release 0.72.
Security fixes found by the EU-funded bug bounty:
- two separate vulnerabilities affecting the obsolete SSH-1 protocol, both
available before host key checking
- a vulnerability in all the SSH client tools (PuTTY, Plink, PSFTP and PSCP) if
a malicious program can impersonate Pageant
Changelog: https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
Switch off -DSTATIC_GSSAPI build as that produces non-working executables
(assertion failures). Bug has been reported upstream.
MFH: 2019Q3
Security: 5914705c-ab03-11e9-a4f9-080027ac955c
|
Sunday, 17 Mar 2019
|
14:17 mandree
Update security/putty to 0.71 security fix release
Unfortunately, this new release breaks GSSAPI_NONE, which is removed
for now. Bug has been reported upstream.
Changelog: https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
MFH: 2019Q1
Security: 46e1ece5-48bd-11e9-9c40-080027ac955c
|
Friday, 11 Aug 2017
|
12:58 mandree
Update to 0.70, and make GSSAPI impl. selectable.
PR: 220838
Submitted by: cy@
|
Thursday, 4 May 2017
|
21:27 mandree
Update to new upstream release 0.69.
Upstream change "You can now explicitly configure SSH terminal mode
settings not to be sent to the server, if your server objects to them."
Enable pageant, was missing from the 0.68 upgrade.
Switch to GTK3, no longer compiles with GTK2.
The security fixes contained in 0.69 are only good on Windows, so not
flagging this as a security update.
|
Thursday, 16 Mar 2017
|
23:39 mandree
Update to new upstream release 0.68 (security fixes)
Additional minor updates on top of cy@'s patch (USE_GNOME, USE_XORG,
LDFLAGS).
ChangeLog: http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
Submitted by: cy@
MFH: 2017Q1
Security: CVE-2017-6542
Security: 9b973e97-0a99-11e7-ace7-080027ef73ec
Differential Revision: https://reviews.freebsd.org/D10023
|
Monday, 7 Mar 2016
|
16:54 mandree
Security upgrade to new upstream release 0.67.
Unix-relevant changes:
* Security fix: a buffer overrun in the old-style SCP protocol when receiving
the header of each file downloaded from the server is fixed. (CVE-2016-2563)
* Assorted other robustness fixes for crashes and memory leaks.
MFH: 2016Q1
Security: 7f0fbb30-e462-11e5-a3f3-080027ef73ec
Security: CVE-2016-2563
|
Monday, 9 Nov 2015
|
09:18 mandree
Update to new upstream release 0.66 (security fix).
Switch to USES=gssapi:mit.
Security: CVE-2015-5309
Security: 0cb0afd9-86b8-11e5-bf60-080027ef73ec
|
Wednesday, 29 Jul 2015
|
22:57 mandree
Update to new upstream bug-fix release 0.65
Release notes:
http://lists.tartarus.org/pipermail/putty-announce/2015/000021.html
|
Thursday, 5 Mar 2015
|
22:15 mandree
Upgrade to upstream bugfix release 0.64.
This fixes a security bug, various other bugs, and supports SSH
connection sharing between multiple instances of PuTTY and its tools.
MFH: 2015Q1
Security: 92fc2e2b-c383-11e4-8ef7-080027ef73ec
Security: CVE-2015-2157
|
Wednesday, 7 Aug 2013
|
16:11 mandree
Upgrade PuTTY to new 0.63 beta upstream release, adding vulnerability info.
Quoting the upstream's change log:
- Security fix: prevent a nefarious SSH server or network attacker from
crashing PuTTY at startup in three different ways by presenting a maliciously
constructed public key and signature.
- Security fix: PuTTY no longer retains the private half of users' keys in
memory by mistake after authenticating with them.
- Revamped the internal configuration storage system to remove all fixed
arbitrary limits on string lengths. In particular, there should now no longer
be an unreasonably small limit on the number of port forwardings PuTTY can
store.
- Port-forwarded TCP connections which close one direction before the other
should now be reliably supported, with EOF propagated independently in the
two directions. This also fixes some instances of port-forwarding data
corruption (if the corruption consisted of losing data from the very end of
the connection) and some instances of PuTTY failing to close when the session
is over (because it wrongly thought a forwarding channel was still active
when it was not).
- The terminal emulation now supports xterm's bracketed paste mode (allowing
aware applications to tell the difference between typed and pasted text, so
that e.g. editors need not apply inappropriate auto-indent).
- You can now choose to display bold text by both brightening the foreground
colour and changing the font, not just one or the other. - PuTTYgen will now
never generate a 2047-bit key when asked for 2048 (or more generally n[?]1
bits
when asked for n).
- Some updates to default settings: PuTTYgen now generates 2048-bit keys by
default (rather than 1024), and PuTTY defaults to UTF-8 encoding and 2000
lines of scrollback (rather than ISO 8859-1 and 200).
- Unix: PSCP and PSFTP now preserve the Unix file permissions, on copies in
both directions.
- Unix: dead keys and compose-character sequences are now supported.
- Unix: PuTTY and pterm now permit font fallback (where glyphs not present in
your selected font are automatically filled in from other fonts on the
system) even if you are using a server-side X11 font rather than a Pango
client-side one.
- Bug fixes too numerous to list, mostly resulting from running the code
through Coverity Scan which spotted an assortment of memory and resource
leaks, logic errors, and crashes in various circumstances.
Security: 4b448a96-ff73-11e2-b28d-080027ef73ec
Security: CVE-2013-4206
Security: CVE-2013-4207
Security: CVE-2013-4208
Security: CVE-2013-4852
|
Monday, 12 Dec 2011
|
19:57 mandree
Update PuTTY to new upstream security and bug fix release 0.62,
and add a new VuXML entry.
Changelog:
http://lists.tartarus.org/pipermail/putty-announce/2011/000017.html
Security: bbd5f486-24f1-11e1-95bc-080027ef73ec
Feature safe: yes
|
Sunday, 17 Jul 2011
|
14:18 mandree
- Take over maintainership from beat@ along his suggestion,
permit him to take it back or commit without my approval.
- Update to upstream version 0.61.
- Add OPTIONS for GSSAPI and GTK (both enabled by default).
NOTE: GSSAPI is currently broken on 9-CURRENT because the
Kerberos in base expects MD2 which isn't provided by OpenSSL.
- mark BROKEN on OSVERSION >= 900000 when GSSAPI is enabled
- heed CFLAGS, CC, WITH_DEBUG, INSTALL_* settings.
- WITHOUT_X11 is now an alias for WITHOUT_GTK
- drop utmp support, the upstream requires a utmpx implementation that
FreeBSD does not provide in any version.
- Preliminary clang support (adds files/patch-timing.c)
- Refreshed patches.
|
Sunday, 3 Jul 2011
|
14:03 ohauer
-remove MD5
|
Friday, 25 May 2007
|
12:34 garga
- Update to 0.60
PR: ports/112377
Submitted by: Dima Panov <fluffy@ael.ru>
|
Sunday, 11 Feb 2007
|
17:10 garga
Update to 0.59
|
Tuesday, 8 Nov 2005
|
14:33 garga
- Add SHA256
|
Saturday, 30 Apr 2005
|
15:17 leeym
- Update to 0.58
- Assign maintainership
PR: 80460
Submitted by: Renato Botelho <freebsd@galle.com.br>
|
Sunday, 20 Feb 2005
|
21:09 simon
Security update to 0.57.
Security:
http://vuxml.FreeBSD.org/a413ed94-836e-11d9-a9e7-0001020eed82.html
Approved by: erwin (mentor)
|
Thursday, 28 Oct 2004
|
10:17 dinoex
- Security Update to 0.56
|
Wednesday, 4 Aug 2004
|
08:03 dinoex
- Security update to 0.55
|
Friday, 13 Feb 2004
|
17:45 dinoex
PuTTY is a client program for the SSH, Telnet and Rlogin network protocols.
These protocols are all used to run a remote session on a computer,
over a network. PuTTY implements the client end of that session:
the end at which the session is displayed, rather than the end
at which it runs.
WWW: http://www.chiark.greenend.org.uk/~sgtatham/putty/
|
Number of commits found: 33 |