Update to 0.73

Changelog: Vulnerabilities fixed in this release include: - On Windows, the listening sockets used for local port forwarding were opened in a mode that did not prevent other processes from also listening on the same ports and stealing some of the incoming connections. - In the PuTTY terminal, bracketed paste mode was broken in 0.72, in a way that made the pasted data look like manual keyboard input. So any application relying on the bracketing sequences to protect against malicious clipboard contents would have been misled. - An SSH-1 server could trigger an access to freed memory by sending the SSH1_MSG_DISCONNECT message. Not known to be exploitable. Other bug fixes include: - Windows Plink no longer crashes on startup when it tries to tell you it's reusing an existing SSH connection. - Windows PuTTY now updates its terminal window size correctly if the screen resolution changes while it's maximised. - If you display the coloured error messages from gcc in the PuTTY terminal, there is no longer a missing character if a colour change happens exactly at the end of a line. - If you use the 'Clear Scrollback' menu option or escape sequence while text in the scrollback is selected, it no longer causes an assertion failure.
2019-10-01 15:22:41 +00:00 · 2019-10-01 15:22:41 +00:00 · df7a51c086
commit df7a51c086
parent 325443602f
5 changed files with 51 additions and 51 deletions
--- a/security/putty/Makefile
+++ b/security/putty/Makefile
@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.58 2019/07/25 12:50:06 ryoon Exp $
+# $NetBSD: Makefile,v 1.59 2019/10/01 15:22:41 ryoon Exp $
 #

-DISTNAME=	putty-0.72
+DISTNAME=	putty-0.73
 CATEGORIES=	security
 MASTER_SITES=	http://the.earth.li/~sgtatham/putty/${PKGVERSION_NOREV}/

--- a/security/putty/distinfo
+++ b/security/putty/distinfo
@ -1,14 +1,14 @@
-$NetBSD: distinfo,v 1.26 2019/07/25 12:50:06 ryoon Exp $
+$NetBSD: distinfo,v 1.27 2019/10/01 15:22:41 ryoon Exp $

-SHA1 (putty-0.72.tar.gz) = 9940e226e5b9f2da9b15109c0deabb168c92d850
-RMD160 (putty-0.72.tar.gz) = 4c3432e935a8ebc31b5c3f4770be542877f51942
-SHA512 (putty-0.72.tar.gz) = a963985e55dcd589c08ef51085808a6364629edd8ce6708ebdf516e0339a41b7f186f91d7d7f26b1fec03d60767f365246e6fa06e9ef042898355c2f90f355dd
-Size (putty-0.72.tar.gz) = 2449516 bytes
-SHA1 (patch-ldisc.c) = 9a12a0b96bdf57ae219651b38d695fa5440da354
+SHA1 (putty-0.73.tar.gz) = 17daebb82e476adfd578f6934c28f4d2c209b7d8
+RMD160 (putty-0.73.tar.gz) = 9e7c0084464963581bc47ce1b87e25ba51d27743
+SHA512 (putty-0.73.tar.gz) = 4ada4b8c6d68be44afede2676bc661fedfd1ea0b574b8232ad9aaa6f3a48baa9f4f0ded2955b3f2677a14db85a508f53c965cb00fcd7538a1ed9844031f0c5e5
+Size (putty-0.73.tar.gz) = 2459115 bytes
+SHA1 (patch-ldisc.c) = cf31a65f920a3ea9b4a70602e4b2fd4d5df8d3e8
 SHA1 (patch-misc.c) = fa1c2db8eb20ceaadb4b57b6aefa57f22d2ae26f
 SHA1 (patch-terminal.c) = 9e57f754bb2071c8c6b6a92ae63772eb10790121
-SHA1 (patch-timing.c) = 9dd79fde390878960e97c456628bbd5dcbcd07f9
+SHA1 (patch-timing.c) = a6a492fc8b22c58e2973c854bffa4c8bf71eb6a7
 SHA1 (patch-unix_Makefile.gtk) = 7fe7859ad91afb57ef3ba31194ffd2ef784f638d
 SHA1 (patch-unix_uxnet.c) = 2d1c2939721993fe5616c2fe3f1935c03a31bb35
 SHA1 (patch-unix_uxpgnt.c) = b5625b33b940ea2870d3e91d38e2303a80d6887b
-SHA1 (patch-unix_uxucs.c) = a2a5021b515c3bade1126ed062bdc1eece1ca0f9
+SHA1 (patch-unix_uxucs.c) = 47791025e5375e9e8649ce24bc9efff3c7d29ab4
--- a/security/putty/patches/patch-ldisc.c
+++ b/security/putty/patches/patch-ldisc.c
@ -1,33 +1,33 @@
-$NetBSD: patch-ldisc.c,v 1.2 2019/04/01 12:10:43 ryoon Exp $
+$NetBSD: patch-ldisc.c,v 1.3 2019/10/01 15:22:41 ryoon Exp $

 pwrite is a standard system call

--- ldisc.c.orig	2019-03-16 12:26:34.000000000 +0000
+--- ldisc.c.orig	2019-09-22 09:14:48.000000000 +0000
 +++ ldisc.c
-@@ -42,7 +42,7 @@ static int plen(Ldisc *ldisc, unsigned c
- 	return 4;		       /* <XY> hex representation */
+@@ -40,7 +40,7 @@ static int plen(Ldisc *ldisc, unsigned c
+         return 4;                      /* <XY> hex representation */
 }
 
 -static void pwrite(Ldisc *ldisc, unsigned char c)
 +static void pwrite_(Ldisc *ldisc, unsigned char c)
 {
     if ((c >= 32 && c <= 126) ||
- 	(!in_utf(ldisc->term) && c >= 0xA0) ||
-@@ -229,7 +229,7 @@ void ldisc_send(Ldisc *ldisc, const void
- 		    int i;
- 		    c_write(ldisc, "^R\r\n", 4);
- 		    for (i = 0; i < ldisc->buflen; i++)
-			pwrite(ldisc, ldisc->buf[i]);
-+			pwrite_(ldisc, ldisc->buf[i]);
- 		}
- 		break;
- 	      case CTRL('V'):	       /* quote next char */
-@@ -294,7 +294,7 @@ void ldisc_send(Ldisc *ldisc, const void
+         (!in_utf(ldisc->term) && c >= 0xA0) ||
+@@ -227,7 +227,7 @@ void ldisc_send(Ldisc *ldisc, const void
+                     int i;
+                     c_write(ldisc, "^R\r\n", 4);
+                     for (i = 0; i < ldisc->buflen; i++)
+-                        pwrite(ldisc, ldisc->buf[i]);
+                        pwrite_(ldisc, ldisc->buf[i]);
+                 }
+                 break;
+               case CTRL('V'):          /* quote next char */
+@@ -292,7 +292,7 @@ void ldisc_send(Ldisc *ldisc, const void
                 sgrowarray(ldisc->buf, ldisc->bufsiz, ldisc->buflen);
- 		ldisc->buf[ldisc->buflen++] = c;
- 		if (ECHOING)
-		    pwrite(ldisc, (unsigned char) c);
-+		    pwrite_(ldisc, (unsigned char) c);
- 		ldisc->quotenext = false;
- 		break;
- 	    }
+                 ldisc->buf[ldisc->buflen++] = c;
+                 if (ECHOING)
+-                    pwrite(ldisc, (unsigned char) c);
+                    pwrite_(ldisc, (unsigned char) c);
+                 ldisc->quotenext = false;
+                 break;
+             }
--- a/security/putty/patches/patch-timing.c
+++ b/security/putty/patches/patch-timing.c
@ -1,6 +1,6 @@
-$NetBSD: patch-timing.c,v 1.2 2013/08/07 11:06:39 drochner Exp $
+$NetBSD: patch-timing.c,v 1.3 2019/10/01 15:22:41 ryoon Exp $

--- timing.c.orig	2012-09-19 22:12:00.000000000 +0000
+--- timing.c.orig	2019-09-22 09:14:51.000000000 +0000
 +++ timing.c
@@ -60,19 +60,10 @@ static int compare_timers(void *av, void
      * Failing that, compare on the other two fields, just so that
@ -9,18 +9,18 @@ $NetBSD: patch-timing.c,v 1.2 2013/08/07 11:06:39 drochner Exp $
 -#if defined(__LCC__) || defined(__clang__)
 -    /* lcc won't let us compare function pointers. Legal, but annoying. */
 -    {
-	int c = memcmp(&a->fn, &b->fn, sizeof(a->fn));
-	if (c)
-	    return c;
+-        int c = memcmp(&a->fn, &b->fn, sizeof(a->fn));
+-        if (c)
+-            return c;
 -    }
-#else    
+-#else
 -    if (a->fn < b->fn)
 +    if ((uintptr_t)a->fn < (uintptr_t)b->fn)
- 	return -1;
+         return -1;
 -    else if (a->fn > b->fn)
 +    else if ((uintptr_t)a->fn > (uintptr_t)b->fn)
- 	return +1;
+         return +1;
 -#endif
 
     if (a->ctx < b->ctx)
- 	return -1;
+         return -1;
--- a/security/putty/patches/patch-unix_uxucs.c
+++ b/security/putty/patches/patch-unix_uxucs.c
@ -1,13 +1,13 @@
-$NetBSD: patch-unix_uxucs.c,v 1.2 2013/08/07 11:06:39 drochner Exp $
+$NetBSD: patch-unix_uxucs.c,v 1.3 2019/10/01 15:22:41 ryoon Exp $

--- unix/uxucs.c.orig	2013-07-22 07:12:05.000000000 +0000
+--- unix/uxucs.c.orig	2019-09-22 09:14:52.000000000 +0000
 +++ unix/uxucs.c
-@@ -72,7 +72,7 @@ int wc_to_mb(int codepage, int flags, co
- 	memset(&state, 0, sizeof state);
+@@ -68,7 +68,7 @@ int wc_to_mb(int codepage, int flags, co
+         memset(&state, 0, sizeof state);
 
- 	while (wclen > 0) {
-	    int i = wcrtomb(output, wcstr[0], &state);
-+	    size_t i = wcrtomb(output, wcstr[0], &state);
- 	    if (i == (size_t)-1 || i > n - mblen)
- 		break;
- 	    memcpy(mbstr+n, output, i);
+         while (wclen > 0) {
+-            int i = wcrtomb(output, wcstr[0], &state);
+            size_t i = wcrtomb(output, wcstr[0], &state);
+             if (i == (size_t)-1 || i > n - mblen)
+                 break;
+             memcpy(mbstr+n, output, i);