putty (0.60+2010-02-20-1+squeeze4) squeeze-lts; urgency=medium * Non-maintainer upload by the Squeeze LTS team * More robust control sequence parameter handling, including: - CVE-2015-5309: Fix a potentially memory-corrupting integer overflow in the handling of the ECH (erase characters) control sequence in the terminal emulator. -- Ben Hutchings Tue, 24 Nov 2015 01:20:47 +0000 putty (0.60+2010-02-20-1+squeeze3) squeeze-lts; urgency=high * Backport from upstream: - MATTA-2015-002: Enforce acceptable range for Diffie-Hellman server value. - Fix an erroneous length field in SSH-1 key load. - CVE-2015-2157: Fix failure to clear sensitive private key information from memory (closes: #779488). -- Colin Watson Sun, 15 Mar 2015 17:44:52 +0000 putty (0.60+2010-02-20-1+squeeze2) oldstable-security; urgency=high * CVE-2011-4607: Passwords were left in memory using SSH keyboard-interactive auth. * CVE-2013-4206: Buffer underrun in modmul could corrupt the heap. * CVE-2013-4852: Negative string length in public-key signatures could cause integer overflow and overwrite all of memory (closes: #718779). * CVE-2013-4207: Non-coprime values in DSA signatures can cause buffer overflow in modular inverse. * CVE-2013-4208: Private keys were left in memory after being used by PuTTY tools. * Backport some general proactive potentially-security-relevant tightening from upstream. -- Colin Watson Thu, 08 Aug 2013 23:37:19 +0100 putty (0.60+2010-02-20-1) unstable; urgency=low * New experimental development snapshot. - Console utilities send prompts to /dev/tty or failing that stderr, not to stdout (closes: #422295). * Upgrade to debhelper v7. * Move documentation from putty-tools to a new putty-doc package (closes: #472195). * Add a watch file. * Convert to source format 3.0 (quilt). No remaining Debian patches! -- Colin Watson Mon, 22 Feb 2010 01:01:22 +0000 putty (0.60+2009-11-22-1) unstable; urgency=low * New experimental development snapshot. * Moved to bzr.debian.org; add Vcs-Bzr and Vcs-Browser control fields. -- Colin Watson Fri, 01 Jan 2010 14:50:45 +0000 putty (0.60+2009-08-22-3) unstable; urgency=low * Use x11.pc when compiling/linking against GTK (closes: #556125). -- Colin Watson Mon, 23 Nov 2009 20:39:22 +0000 putty (0.60+2009-08-22-2) unstable; urgency=low * Rebuild manual pages with halibut 1.0+svn20090906-1, fixing option markers (see #496063). * Stop calling dh_desktop, as it's now a no-op thanks to dpkg triggers. -- Colin Watson Mon, 07 Sep 2009 01:22:17 +0100 putty (0.60+2009-08-22-1) unstable; urgency=low * New experimental development snapshot. - Fix potential crash on "reget" in psftp. - Fix random seed behaviour in the absence of a seed file. - Support OpenSSH's method of specifying port numbers in known_hosts. - Improve Pango font handling performance. * Use dh_install, dh_installman, and dh_lintian, and use some other debhelper programs more effectively. * Upgrade to debhelper v6. -- Colin Watson Tue, 25 Aug 2009 21:50:05 +0100 putty (0.60+2009-04-05-1) unstable; urgency=low * New experimental development snapshot. - Stop attempting to make session logs private on Unix. This was introduced in r7084 at the same time as sensible permissions when writing private key files; however, it causes an assertion failure whenever an attempt is made to append to an existing log file on Unix, and it's not clear what "is_private" *should* do for append, so revert to log file security being the user's responsibility (LP: #212711). - Cope with GTK+ 2.0 encoding keypress strings in the current locale rather than in ISO-8859-1 (closes: #517535). -- Colin Watson Sun, 05 Apr 2009 22:42:02 +0100 putty (0.60+2009-02-22-1) unstable; urgency=low * New experimental development snapshot. - Uses GTK+ 2.0 (closes: #516641, LP: #271277) and as a result supports Unicode window titles (LP: #48781). - Fixes handling of trailing CR in key files (closes: #414784). * Disabled upstream Kerberos support for now, as it produces unwanted linkage in pterm and other binaries. -- Colin Watson Mon, 23 Feb 2009 10:11:54 +0000 putty (0.60-4) unstable; urgency=low * Build-depend on x11proto-core-dev rather than x-dev (thanks, Lintian). * Backport from upstream (r8150, Jacob Nevins; closes: #503186, LP: #67488): - Fix for portfwd-addr-family: on Unix, when a tunnel is specified as "Auto" (rather than IPv4 or IPv6-only; this is the default), try to open up listening sockets on both address families, rather than (unhelpfully) just IPv6. (And don't open one if the other can't be bound, in a nod to CVE-2008-1483.) Based on a patch from Ben A L Jemmett. * Avoid problems with the -D_FORTIFY_SOURCE=2 default on Ubuntu by explicitly ignoring results from a number of calls to read, write, and fwrite. (This is pretty ham-handed and I've asked upstream whether they have any better ideas for any of these.) -- Colin Watson Sun, 16 Nov 2008 22:06:59 +0000 putty (0.60-3) unstable; urgency=low * Move putty to Applications/Network/Communication menu sub-section. * Use dh_desktop. -- Colin Watson Wed, 28 May 2008 09:28:32 +0100 putty (0.60-2) unstable; urgency=low * Update to section structure from menu 2.1.35. -- Colin Watson Thu, 05 Jul 2007 12:19:47 +0100 putty (0.60-1) unstable; urgency=low * New upstream release (closes: #422935). - Pressing Ctrl+Break now sends a serial break signal in the serial back end, and in the SSH and Telnet backends it asks the server to do the same (if the server supports it). The previous Ctrl+Break behaviour can still be triggered with Ctrl-C. - You can now store a host name in the Default Settings. - In 0.59, it was possible to lock yourself out of the configuration dialog by configuring a serial connection in Default Settings. This should no longer be possible. - We've had reports of the error message `Unable to read from standard input' in Plink 0.59. We've found and fixed one cause of this message, and added better diagnostics in case there are others. - 0.59 could emit malformed SSH-2 packets that upset some servers (such as Foundry routers). Fixed. -- Colin Watson Thu, 10 May 2007 10:30:25 +0100 putty (0.59-3) experimental; urgency=low * Build-depend on python for icon generation (closes: #409115). -- Colin Watson Wed, 31 Jan 2007 08:45:16 +0000 putty (0.59-2) experimental; urgency=low * Build-depend on imagemagick for icon generation. -- Colin Watson Tue, 30 Jan 2007 12:53:24 +0000 putty (0.59-1) experimental; urgency=low * New upstream release. - PuTTY can now connect to a local serial port, as an alternative to making a network connection. - Support for password expiry in SSH-2. - Various performance improvements and cryptography upgrades. - The file transfer utilities PSCP and PSFTP now support files bigger than 2Gb (provided the underlying operating system does too). - Numerous other small bug fixes, including: + Return a well-formed response containing the empty string by default in response to a remote window title query (closes: #229232). + Remove the loops that close all open fds before running a subprocess. They were intended to make sure the child process didn't inherit anything embarrassing or inconvenient from us, such as the master end of its own pty, but now we instead do this by making sure to set all our own fds to not-FD_CLOEXEC on creation (closes: #357520). + Save private keys and session logs such that they're only readable by the owner (closes: #400804). + psftp: Fix double-free on mkdir (closes: #406090). * Update debian/copyright. * Install kh2reg.py in /usr/share/doc/putty-tools/examples (closes: #400806). * Install new pterm and putty icons. * Use transparency for GTK 1 window icons. -- Colin Watson Mon, 29 Jan 2007 21:38:53 +0000 putty (0.58-5) unstable; urgency=low * Remove Icon= from putty and pterm desktop files, as there are no icons yet. -- Colin Watson Mon, 17 Jul 2006 10:21:38 +0100 putty (0.58-4) unstable; urgency=low * Add desktop files for putty and pterm (thanks, Barry deFreese via Ubuntu; closes: https://launchpad.net/distros/ubuntu/+source/putty/+bug/29716). * Fix display timeouts on 64-bit systems (thanks, Peter Maydell; closes: #336390). -- Colin Watson Sat, 15 Apr 2006 10:52:28 +0100 putty (0.58-3) unstable; urgency=low * Dynamically allocate memory passed to putenv() in pty_init() and don't free it, otherwise TERM ends up unset. -- Colin Watson Fri, 15 Jul 2005 11:52:10 +0100 putty (0.58-2) unstable; urgency=low * Fix warnings with gcc-4.0 (closes: #287960). * Upgrade to debhelper compatibility level 4; level 2 is deprecated. -- Colin Watson Fri, 15 Jul 2005 11:08:53 +0100 putty (0.58-1) unstable; urgency=low * New upstream release (closes: #303296). - Wildcards (mput/mget) and recursive file transfer in PSFTP (closes: #254578). - You can now save your session details from the Change Settings dialog box, _after_ you've started your session. - Various improvements to Unicode support, including: + support for right-to-left and bidirectional text (Arabic, Hebrew etc). + support for Arabic text shaping. + support for Unicode combining characters. - Support for the xterm 256-colour control sequences. - Port forwardings can now be reconfigured in mid-session. - Support for IPv6. - More configurability and flexibility in SSH-2 key exchange. In particular, PuTTY can now initiate repeat key exchange during the session, which means that if your server doesn't initiate it (OpenSSH is known not to bother) you can still have the cryptographic benefits. - Display artefacts caused by characters overflowing their character cell should now all be gone. (This would probably have bothered Windows ClearType users more than anyone else.) - Keepalives are now supported everywhere. - Miscellaneous improvements for CJK/IME users. - New pterm timing code, reducing idle CPU usage (closes: #204811). * Build-depend on x-dev and libx11-dev rather than the transitional xlibs-dev package. -- Colin Watson Sun, 10 Apr 2005 12:47:35 +0100 putty (0.57-1) unstable; urgency=high * New upstream release, fixing pscp/psftp security holes exploitable by a malicious server after host key verification (closes: #296144). - [SECURITY] Fix heap corruption vulnerability in handling of response to SFTP FXP_READDIR request. - [SECURITY] Fix heap corruption vulnerability in handling of SFTP string fields. -- Colin Watson Sun, 20 Feb 2005 22:49:28 +0000 putty (0.56-1) unstable; urgency=high * New upstream release. - [SECURITY] A vulnerability discovered by iDEFENSE, potentially allowing arbitrary code execution on the client by a malicious server before host key verification, has been fixed (closes: #278414). - Ability to restart a session within an inactive window, via a new menu option. - Minimal support for not running a shell or command at all in SSH protocol 2 (equivalent to OpenSSH's `-N' option). PuTTY/Plink still provide a normal window for interaction, and have to be explicitly killed. - Transparent support for CHAP cryptographic authentication in the SOCKS 5 proxy protocol. - More diagnostics in the Event Log, particularly of SSH port forwarding. - Ability to request setting of environment variables in SSH (protocol 2 only). - Ability to send POSIX signals in SSH (protocol 2 only) via the `Special Commands' menu. - Bug fix: The PuTTY tools now more consistently support usernames containing `@' signs. - Support for the Polish character set `Mazovia'. - When logging is enabled, the log file is flushed more frequently, so that its contents can be viewed before it is closed. - More flexibility in SSH packet logging: known passwords and session data can be omitted from the log file. Passwords are omitted by default. (This option isn't perfect for removing sensitive details; you should still review log files before letting them out of your sight.) - Ability to set environment variables in pterm. - PuTTY and pterm attempt to use a UTF-8 line character set by default if this is indicated by the locale; however, this can be overridden. - Fix build failure on amd64 due to ut_time's size (closes: #265910). - Fix blinking line cursors (closes: #272877). * Install HTML documentation in /usr/share/doc/putty-tools, and make putty depend on putty-tools for the documentation (closes: #278094). -- Colin Watson Tue, 26 Oct 2004 22:20:17 +0100 putty (0.55-1) unstable; urgency=high * New upstream release. - [SECURITY] A vulnerability discovered by Core Security Technologies (advisory number CORE-2004-0705), potentially allowing arbitrary code execution on the client by a malicious server before host key verification, has been fixed. - General robustness of the SSH1 implementation has been improved, which may have fixed further potential security problems although we are not aware of any specific ones. - A terminal speed is now sent to the SSH server. - Removed a spurious diagnostic message in Plink. - The `-load' option in PSCP and PSFTP should work better. - X forwarding can now talk to Unix sockets as well as TCP sockets (closes: #251257). - Various crashes and assertion failures fixed. -- Colin Watson Wed, 4 Aug 2004 01:43:20 +0100 putty (0.54-2) unstable; urgency=low * Upstream man page fixes: - putty(1): Remove claim that there's no Unix puttygen. - plink(1): Tart up, fix outright lies, mention web docs. - Add (probably frustratingly) bare-bones man pages for pscp and psftp. * debian/pterm.menu, debian/putty.menu: Quote 'needs' and 'section' arguments. * Policy version 3.5.9: no changes required. Deferring 3.5.10 and above until I've looked into 'x-terminal-emulator -e' compatibility. -- Colin Watson Fri, 27 Feb 2004 02:39:26 +0000 putty (0.54-1) unstable; urgency=low * New upstream release. First official Unix release! -- Colin Watson Sat, 14 Feb 2004 12:31:33 +0000 putty (0.53-b-2004-01-25-1) unstable; urgency=low * New upstream snapshot. - puttygen is now implemented, and is part of putty-tools. -- Colin Watson Sun, 25 Jan 2004 20:37:02 +0000 putty (0.53-b-2003-10-12-1) unstable; urgency=low * New upstream release. - Plink, PSCP, and PSFTP are now ready for prime-time. Create a new putty-tools package for them. - Possibly fix intermittent "Unable to load private key" errors with SSH protocol 2 (see #194067). * Advertise UTF-8 support in pterm's description. -- Colin Watson Sun, 12 Oct 2003 22:46:16 +0100 putty (0.53-b-2003-08-23-2) unstable; urgency=low * Fix -DSNAPSHOT calculation for NMU-style-versioned packages (thanks, Owen Dunn). -- Colin Watson Sun, 31 Aug 2003 14:22:59 +0100 putty (0.53-b-2003-08-23-1) unstable; urgency=low * New upstream snapshot. Among other things: - Fix a (non-security-critical) segfault in PuTTY's zlib code. - Selection handling improved: selection timestamps are set more accurately and X cut buffers are supported. - Shadow bold can be requested explicitly. -- Colin Watson Sun, 24 Aug 2003 00:03:28 +0100 putty (0.53-b-2003-05-14-1) unstable; urgency=low * New upstream snapshot, including: - Redraw the window border when the window background colour is reconfigured mid-session (closes: #193013). - Rename crc32() to crc32_compute(), to avoid clashing with zlib (closes: #192309). - Allow pterm to receive and understand COMPOUND_TEXT selections, including character set conversion where necessary (closes: #192307). -- Colin Watson Wed, 14 May 2003 02:29:47 +0100 putty (0.53-b-2003-05-13-1) unstable; urgency=low * New upstream snapshot. - Fix spin on exit with +ut, due to a stale file descriptor hanging around and getting closed later when it had become claimed by GTK (closes: #166396). - Add putty(1) man page (closes: #190570). -- Colin Watson Tue, 13 May 2003 03:34:56 +0100 putty (0.53-b-2003-05-11-1) unstable; urgency=low * New upstream snapshot, including: - Fix uninitialized value warning on arm (closes: #192674). - Fix int <=> pointer casting problems on alpha/ia64 (closes: #192701). - Restore -T option to pterm (closes: #191750). - Document NoRemoteQTitle resource and fix window versus icon title reporting (closes: #191751). - pterm will now attempt to guess suitable names for any missing fonts from the ones given; so it'll ask for a font twice as wide as your base one if you don't specify a wide font, it'll ask for a bolded version of your base font if you don't specify a bold font, and similarly for a wide/bold font. - Remove now-incorrect claim from pterm(1) that Unicode is not supported (with the last two changes, this closes: #187389). -- Colin Watson Sun, 11 May 2003 02:22:57 +0100 putty (0.53-b-2003-04-28-1) unstable; urgency=low * New upstream snapshot. - Fixes SIGPIPE blocking in pterm. -- Colin Watson Mon, 28 Apr 2003 17:20:55 +0100 putty (0.53-b-2003-04-24-1) unstable; urgency=low * New upstream snapshot. - PuTTY itself is now available for Unix, and packaged. - Compiled with optimization by default; several compiler warnings and bugs fixed as a result. * Set snapshot version number for the benefit of the About box. -- Colin Watson Thu, 24 Apr 2003 14:24:34 +0100 putty (0.53-b-2003-03-07-1) unstable; urgency=low * New upstream snapshot. - Sets WINDOWID, so that for example w3m inline images stand a better chance of appearing in the correct window. -- Colin Watson Fri, 7 Mar 2003 01:41:58 +0000 putty (0.53-b-2003-01-04-1) unstable; urgency=low * New upstream snapshot. - Version number tweaked slightly; it's really 0.53b-2003-01-04-1, but that compares less than 0.53-2002-11-08-1. - Supports UTF-8; just tell it to use a font in the iso10646-1 encoding. * Update copyright dates in debian/copyright to match LICENCE. * Just build pterm. No need to bother building plink as well when it's not part of a binary package. -- Colin Watson Sat, 4 Jan 2003 16:58:48 +0000 putty (0.53-2002-11-08-1) unstable; urgency=low * New upstream snapshot. - Uses the right kinds of dashes in pterm(1) (closes: #167761). - Stops at the right point when encountering an error parsing the command line (closes: #167787). * Document the utmp helper process in README.Debian (closes: #168016). -- Colin Watson Fri, 8 Nov 2002 19:28:32 +0000 putty (0.53-2002-11-03-1) unstable; urgency=low * New upstream snapshot. - Switches the default shadow bold offset to +1, which Crispin has been complaining about. - plink has been ported, but isn't packaged yet. -- Colin Watson Mon, 4 Nov 2002 00:15:03 +0000 putty (0.53-2002-10-26-1) unstable; urgency=low * New upstream snapshot. - Set background colour to avoid redraw flicker (closes: #165888). - CloseOnExit: 0 responds to keypresses as it claims (closes: #166397). -- Colin Watson Sat, 26 Oct 2002 01:34:33 +0100 putty (0.53-2002-10-24-1) unstable; urgency=low * New upstream snapshot. - Reap utmp helper zombie process when +ut is used (closes: #165887). * Install pterm setgid utmp so that it can make entries in the utmp and wtmp files, and add a lintian override for this. -- Colin Watson Thu, 24 Oct 2002 00:47:54 +0100 putty (0.53-2002-10-17-2) unstable; urgency=low * I used to be able to package things well, honest ... * Add menu file. * Register an alternative for x-terminal-emulator. -- Colin Watson Tue, 22 Oct 2002 01:06:45 +0100 putty (0.53-2002-10-17-1) unstable; urgency=low * Initial release, from upstream source snapshot. * I've put the source package in the net section because that probably fits PuTTY as a whole better, but I've put the pterm binary package in the x11 section. Go figure. -- Colin Watson Fri, 18 Oct 2002 14:58:42 +0100