Changelog:
These features were new in 0.70 (released 2017-07-08):
Security fix: the Windows PuTTY binaries should no longer be
vulnerable to hijacking by specially named DLLs in the same
directory, even a name we missed when we thought we'd fixed
this in 0.69. See vuln-indirect-dll-hijack-3.
Windows PuTTY should be able to print again, after our DLL
hijacking defences broke that functionality.
Windows PuTTY should be able to accept keyboard input outside
the current code page, after our DLL hijacking defences broke
that too.
These features are new in 0.71 (released 2019-03-16):
Security fixes found by an EU-funded bug bounty programme:
a remotely triggerable memory overwrite in RSA key exchange,
which can occur before host key verification
potential recycling of random numbers used in cryptography
on Windows, hijacking by a malicious help file in the same
directory as the executable
on Unix, remotely triggerable buffer overflow in any kind
of server-to-client forwarding
multiple denial-of-service attacks that can be triggered
by writing to the terminal
Other security enhancements: major rewrite of the crypto code
to remove cache and timing side channels.
User interface changes to protect against fake authentication
prompts from a malicious server.
We now provide pre-built binaries for Windows on Arm.
Hardware-accelerated versions of the most common cryptographic
primitives: AES, SHA-256, SHA-1.
GTK PuTTY now supports non-X11 displays (e.g. Wayland) and
high-DPI configurations.
Type-ahead now works as soon as a PuTTY window is opened:
keystrokes typed before authentication has finished will be
buffered instead of being dropped.
Support for GSSAPI key exchange: an alternative to the older
GSSAPI authentication system which can keep your forwarded
Kerberos credentials updated during a long session.
More choices of user interface for clipboard handling.
New terminal features: support the REP escape sequence (fixing
an ncurses screen redraw failure), true colour, and SGR 2 dim
text.
Pressing Ctrl+Shift+PgUp or Ctrl+Shift+PgDn now takes you
straight to the top or bottom of the terminal scrollback.
* Convert to use GTK 3 to fix build
Changelog:
These features are new in 0.69 (released 2017-04-29):
Security fix: the Windows PuTTY binaries should no longer be vulnerable to hijacking by specially named DLLs in the same directory, even the names we missed when we thought we'd fixed this in 0.68. See vuln-indirect-dll-hijack-2.
Windows PuTTY should work with MIT Kerberos again, after our DLL hijacking defences broke it.
Jump lists should now appear again on the PuTTY shortcut in the Windows Start Menu.
You can now explicitly configure SSH terminal mode settings not to be sent to the server, if your server objects to them.
PuTTY 0.68, released today, supports elliptic-curve cryptography for host
keys, user authentication keys, and key exchange. Also, for the first time,
it comes in a 64-bit Windows version.
This update may create a build issue for non-BSD due to ancient functions
being different on BSD and SYSV. there's always macros if this fails.
Changelog: 2016-03-05 PuTTY 0.67 released, fixing a SECURITY HOLE
PuTTY 0.67, released today, fixes a security hole in 0.66 and
before: vuln-pscp-sink-sscanf. It also contains a few other small
bug fixes.
Also, for the first time, the Windows executables in this release
(including the installer) are signed using an Authenticode certificate,
to help protect against tampering in transit from our website or
after downloading. You should find that they list "Simon Tatham"
as the verified publisher.
Changelog:
2015-11-07 PuTTY 0.66 released, fixing a SECURITY HOLE
PuTTY 0.66, released today, fixes a security hole in 0.65 and before:
vuln-ech-overflow. It also contains a few other small bug fixes and minor
features.
Problems found locating distfiles:
Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
Package libidea: missing distfile libidea-0.8.2b.tar.gz
Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
Package uvscan: missing distfile vlp4510e.tar.Z
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
* Avoid compilation error on tolower and char type.
Changelog:
2015-02-28 PuTTY 0.64 released, fixing a SECURITY HOLE
PuTTY 0.64, released today, fixes a security hole in 0.63 and before:
private-key-not-wiped-2. Also diffie-hellman-range-check has been argued
to be a security hole. In addition to these and other less critical bug
fixes, 0.64 also supports the major new feature of sharing an SSH connection
between multiple instances of PuTTY and its tools, and a command-line and
config option to specify the expected host key(s).
This fixes a buffer overflow which was patched in pkgsrc (CVE-2013-4852),
two other buffer overflows (CVE-2013-4206, CVE-2013-4207), and
it clears private keys after use now (CVE-2013-4208).
Other than that, there are mostly bug fixes from 0.62 and a few
small features.
to address issues with NetBSD-6(and earlier)'s fontconfig not being
new enough for pango.
While doing that, also bump freetype2 dependency to current pkgsrc
version.
Suggested by tron in PR 47882
2011-12-10 PuTTY 0.62 released
PuTTY 0.62 is out, containing only bug fixes from 0.61, in particular a security fix preventing passwords from being accidentally
retained in memory.
2011-11-27 PuTTY 0.62 pre-release builds available
PuTTY 0.61 had a few noticeable bugs in it (but nothing security-related), so we are planning to make a 0.62 release containing just bug
fixes. The Wishlist page lists the bugs that will be fixed by the 0.62 release. The Download page now contains pre-release snapshots of
0.62, which contain those bug fixes and should be otherwise stable. (The usual development snapshots, containing other development since
0.61, are also still available.)
2011-07-12 PuTTY 0.61 is released
PuTTY 0.61 is out, after over four years (sorry!), with new features, bug fixes, and compatibility updates for Windows 7 and various SSH
server software.
Patch provided by Jukka Salmi in PR 37056.
These features are new in beta 0.60 (released 2007-04-29):
* Pressing Ctrl+Break now sends a serial break signal. (The previous behaviour
can still be obtained with Ctrl+C.)
* Serial ports higher than COM9 now no longer need a leading \\.\.
* You can now store a host name in the Default Settings.
* Bug fix: serial connections and local proxies should no longer crash all the
time.
* Bug fix: configuring the default connection type to serial should no longer
cause the configuration dialog to be skipped on startup.
* Bug fix: "Unable to read from standard input" should now not happen, or if it
still does it should produce more detailed diagnostics.
* Bug fix: fixed some malformed SSH-2 packet generation.
* Other minor bug fixes.
and to support the "inet6" option instead.
Remaining usage of USE_INET6 was solely for the benefit of the scripts
that generate the README.html files. Replace:
BUILD_DEFS+= USE_INET6
with
BUILD_DEFS+= IPV6_READY
and teach the README-generation tools to look for that instead.
This nukes USE_INET6 from pkgsrc proper. We leave a tiny bit of code
to continue to support USE_INET6 for pkgsrc-wip until it has been nuked
from there as well.
Changes since 0.58:
* PuTTY can now connect to local serial ports as well as making
network connections.
* Windows PuTTY now supports "local proxying", where a network
connection is replaced by a local command. (Unix PuTTY has
supported this since it was first released in 0.54.) Also, Plink
has gained a "-nc" mode where the primary channel is replaced by
an SSH tunnel, which makes it particularly useful as the local
command to run.
* Improved speed of SSH on Windows (particularly SSH-2 key exchange
and public-key authentication).
* Improved SFTP throughput.
* Various cryptographic improvements in SSH-2, including SDCTR
cipher modes, a workaround for a weakness in CBC cipher modes, and
Diffie-Hellman group exchange with SHA-256.
* Support for the Arcfour cipher in SSH-2.
* Support for sending terminal modes in SSH.
* When Pageant is running and an SSH key is specified in the
configuration, PuTTY will now only try Pageant authentication with
that key. This gets round a problem where some servers would only
allow a limited number of keys to be offered before disconnecting.
* Support for SSH-2 password expiry mechanisms, and various other
improvements and bugfixes in authentication.
* A change to the SSH-2 password camouflage mechanism in 0.58 upset
some Cisco servers, so we have reverted to the old method.
* The Windows version now comes with documentation in HTML Help
format. (Windows Vista does not support the older WinHelp format.
However, we still provide documentation in that format, since
Win95 does not support HTML Help.)
* On Windows, when pasting as RTF, attributes of the selection such
as colours and formatting are also pasted.
* Ability to configure font quality on Windows (including
antialiasing and ClearType).
* The terminal is now restored to a sensible state when reusing a
window to restart a session.
* We now support an escape sequence invented by xterm which lets the
server clear the scrollback (CSI 3 J). This is useful for
applications such as terminal locking programs.
* Improvements to the Unix port:
+ now compiles cleanly with GCC 4
+ now has a configure script, and should be portable to more
platforms
* Bug fix: 0.58 utterly failed to run on some installations of
Windows XP.
* Bug fix: PSCP and PSFTP now support large files (greater than 4
gigabytes), provided the underlying operating system does too.
* Bug fix: PSFTP (and PSCP) sometimes ran slowly and consumed lots
of CPU when started directly from Windows Explorer.
* Bug fix: font linking (the automatic use of other fonts on the
system to provide Unicode characters not present in the selected
one) should now work again on Windows, after being broken in 0.58.
(However, it unfortunately still won't work for Arabic and other
right-to-left text.)
* Bug fix: if the remote server saturated PuTTY with data, PuTTY
could become unresponsive.
* Bug fix: certain large clipboard operations could cause PuTTY to
crash.
* Bug fix: SSH-1 connections tended to crash, particularly when
using port forwarding.
* Bug fix: SSH Tectia Server would reject SSH-2 tunnels from PuTTY
due to a malformed request.
* Bug fix: SSH-2 login banner messages were being dropped silently
under some circumstances.
* Bug fix: the cursor could end up in the wrong place when a
server-side application used the alternate screen.
* Bug fix: on Windows, PuTTY now tries harder to find a suitable
place to store its random seed file PUTTY.RND (previously it was
tending to end up in C:\ or C:\WINDOWS).
* Bug fix: IPv6 should now work on Windows Vista.
* Numerous other bugfixes, as usual.
