| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
FreeBSD relevant changes since 20221023 snapshot:
* f9a8213d 2022-10-29 | Docs: add a 'pdf' cmake target. (origin/main, origin/HEAD) [Jacob Nevins]
* 4ff82ab2 2022-10-28 | Update version number for 0.78 release. (tag: 0.78) [Simon Tatham]
* 475c2387 2022-10-28 | Unix: stop accessing ctrl->fileselect for font selectors. [Simon Tatham]
* 329a4cdd 2022-10-24 | authplugin-example.py: Flush stderr. [Jacob Nevins]
* 538c8fd2 2022-10-24 | authplugin-example.py: Mention documentation. [Jacob Nevins]
* a7106d8e 2022-10-23 | Add missing initialisation of term->osc_strlen. [Simon Tatham]
* bdb3ac9f 2022-10-23 | Restrict -pwfile / -pw to apply to server prompts only. [Simon Tatham]
* 2fbb9284 2022-10-23 | Fix outdated comment relating to -pw. [Jacob Nevins]
* f7e86ca2 2022-10-22 | README: remove mention of doc/Makefile. [Jacob Nevins]
* f229aab2 2022-10-23 | Rewrap a paragraph in README. [Jacob Nevins]
MFH: 2022Q4 (after 10 days)
According to Simon, he caught this assertion error in the act,
and 475c2387 should fix
PR: 267253
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
FreeBSD-relevant changes since previous snapshot:
* 75ac4443 2022-10-22 | Document subdomain matching of cert expr wildcards. [Jacob Nevins]
* 500568d2 2022-10-22 | Docs: fix trivial typo from 6472f7fc77. [Jacob Nevins]
* 5f3b743e 2022-10-21 | Tweak certified-host-key prompt. [Jacob Nevins]
* bb1ebc9b 2022-10-21 | Docs: tweak certified-host-key warning responses. [Jacob Nevins]
* 5716c638 2022-10-21 | Docs: cross-reference host-key warning sections. [Jacob Nevins]
* 8c534c26 2022-10-21 | Docs: note "wrong host key" warning is stronger. [Jacob Nevins]
* 1d1d81d6 2022-10-21 | Fix regressions in Gtk host key "More info". [Jacob Nevins]
* dc9ab5e0 2022-10-21 | Rename NTRU Prime / Curve25519 kex in UI. [Jacob Nevins]
* 6472f7fc 2022-10-21 | Docs: update Pageant key list description. [Jacob Nevins]
* 5d5a6a8f 2022-10-21 | Docs: MD5 is forced for SSH-1 key fingerprints. [Jacob Nevins]
* d4298308 2022-10-21 | Docs: prime generation defaults are usually fine. [Jacob Nevins]
* 2b5b7b5c 2022-10-21 | Docs: note warning about <2048-bit RSA/DSA keys. [Jacob Nevins]
* 617bf732 2022-10-21 | Docs: PuTTYgen: fix gratuitous exclusion of PSFTP. [Jacob Nevins]
* 11950739 2022-10-21 | Docs: add index alias for "ECDSA". [Jacob Nevins]
* 4af8a585 2022-10-20 | cmdgen: Fix docs and usage messages. [Jacob Nevins]
* 68c97fb2 2022-10-19 | Fix installing man pages from our tarballs. [Jacob Nevins]
* 2222cd10 2022-10-12 | AES-GCM NEON: cope with missing vaddq_p128. [Simon Tatham]
While here, fix PORTVERSION->DISTVERSION to get rid of the tilde
that confuses pkg(8).
And while it may not fix the issue, I still want this commit log
to appear in
PR: 267253
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick a test patch from upstream maintainer:
- this uses fallback code for compilers not providing vaddq_p128
(f.i. clang-10 on FreeBSD 12.3 AMD64/aarch64)
- and uses vaddq_p128 on systems that provide it, for instance,
FreeBSD 13-STABLE AMD64/aarch64 with clang 14.0.5
Obtained from: Simon Tatham
MFH: 2022Q4
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
clang 10 (FreeBSD 12.3) does not support vaddq_p128 and similar
ARM NEON intrinsics, but clang 13 (FreeBSD 13.1) does.
Abuse the HAVE_NEON_PMULL cmake test to disable aesgcm-neon.c
unless vaddq_p128() is available.
http://ampere1.nyi.freebsd.org/data/123arm64-quarterly/31229ca1324c/logs/putty-nogtk-0.78~pre20220922.log:
/wrkdirs/usr/ports/security/putty-nogtk/work/putty-0.78~pre20220922.9fcfd67/crypto/aesgcm-neon.c:125:16:
warning: implicit declaration of function 'vaddq_p128' is invalid in C99 [-Wimplicit-function-declaration]
ctx->acc = vaddq_p128(ctx->acc, load_p128_be(coeff));
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This permits a FreeBSD build without patches; the two remaining
items are 1. avoiding the GSSAPI-related call into pkg-config because it
would not cover base-GSSAPI so we force the fallback to krb5-config
(which we control by way of ports/Mk/Uses/gssapi.mk), and
2. making sure PuTTY's build would not ascend directory hierarchy to
pick up our ports tree's Git information. We are only packaging
(pre-)release tarballs where we do not need to run Git.
Thanks to Simon Tatham, upstream maintainer, for issuing the
pre-releases and being very responsive and open to making the
build experience smooth for everyone.
|
|
|
|
|
| |
Pull in a fix from upstream's Git to avoid pulling in X11 headers
in no-GTK builds, so we can remove one more local workaround.
|
|
|
|
| |
This allows us to remove all local patch files.
|
|
|
|
|
|
|
|
|
|
|
| |
While it seems a nice idea to load the GSS provider library at run-time,
the existing search code hardwires library versions and only works
with krb5 (MIT Kerberos), and does not attempt to control library paths.
This sort of defeats the purpose, and we do not need a brittle
alternative for a robust GSSAPI_MIT.
So, drop the commented-out GSSAPI_DYNAMIC stuff from the Makefile.
|
|
|
|
|
|
|
|
|
| |
Make sure that putty only compiles and links against the configured
static GSSAPI version, especially against base even if krb5 or heimdal
are installed.
To that end, hand down the right krb5-config executable,
and punch out pkg-config from the shipped unix.cmake.
|
| |
|
|
|
|
|
|
| |
with a patch received from Simon Tatham, and mask GSSAPI_DYNAMIC
for now, because it is not working. Debugging going on, but let's
get GSSAPI working at all for now, and make GSSAPI_BASE the default.
|
|
|
|
|
|
|
|
|
| |
ChangeLog: https://lists.tartarus.org/pipermail/putty-announce/2022/000034.html
Please test this thoroughly and if you happen to have a Kerberos-
or GSSAPI-enabled SSH server, please give the maintainer feedback
whether GSSAPI works for you and which GSSAPI library you have
installed.
|
|
|
|
|
|
|
|
|
|
| |
Commit b7f05445c00f has added WWW entries to port Makefiles based on
WWW: lines in pkg-descr files.
This commit removes the WWW: lines of moved-over URLs from these
pkg-descr files.
Approved by: portmgr (tcberner)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.
Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.
There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.
This commit implements such a proposal and moves one of the WWW: entries
of each pkg-descr file into the respective port's Makefile. A heuristic
attempts to identify the most relevant URL in case there is more than
one WWW: entry in some pkg-descr file. URLs that are not moved into the
Makefile are prefixed with "See also:" instead of "WWW:" in the pkg-descr
files in order to preserve them.
There are 1256 ports that had no WWW: entries in pkg-descr files. These
ports will not be touched in this commit.
The portlint port has been adjusted to expect a WWW entry in each port
Makefile, and to flag any remaining "WWW:" lines in pkg-descr files as
deprecated.
Approved by: portmgr (tcberner)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PuTTY 0.77 changed its build system to cmake, and restructured the
source code, thus the patches were regenerated and updated.
As a consequence, GSSAPI_BASE no longer works because cmake wants
pkg-config and hence .pc files.
GSSAPI_HEIMDAL does not compile due to #define (&_foo) xxx.
Both GSSAPI_BASE and GSSAPI_HEIMDAL were disabled. Assistance solicited.
There is a new experimental GSSAPI_DYNAMIC which permits configuring the
GSS provider at run-time, which the package maintainer cannot test
for lack of Kerberized access somewhere. Feedback solicited.
Puttytel was removed upstream, Psusan was added, which is just the inner
SSH protocol layer. See its man page for details.
GTK2 remnants were removed. GTK is currently inseparable from X11,
message was sent to upstream maintainer to see if that is intentional.
Manual pages now install into ${PREFIX}/share/man/man1 (previous
versions of the port installed into ${PREFIX}/man/man1).
Upstream changes: see
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
No MFH due to intrusive changes and removal of options.
|
|
|
|
|
|
|
|
|
| |
The conflict checks compare the patterns first against the package
names without version (as reported by "pkg query "%n"), then - if
there was no match - agsinst the full package names including the
version (as reported by "pkg query "%n-%v").
Approved by: portmgr (blanket)
|
|
|
|
| |
Approved by: portmgr (blanket)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
FreeBSD relevant changes per
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
+ New option to abandon an SSH connection if the server allows you to
authenticate in a trivial manner.
+ Bug fix: user colour-palette reconfiguration via 'Change Settings'
were delayed-action.
+ Bug fix: server colour-palette reconfigurations were sometimes lost.
+ Bug fix: a tight loop could occur on reading a truncated private key
file.
|
|
|
|
|
|
|
|
| |
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
Deprecate -gtk2 version for Mid-December 2021.
Clean up a bit.
|
|
|
|
| |
Reported by: lwhsu
|
| |
|
|
|
|
|
|
|
|
|
|
| |
...rather than copying it into $FILESDIR where it would require
maintenance.
Reported by: danfe@
Notes:
svn path=/head/; revision=540995
|
|
|
|
| |
Notes:
svn path=/head/; revision=540719
|
|
|
|
| |
Notes:
svn path=/head/; revision=540718
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
among them are these two---and more bugfixes beyond not listed here:
* Security fix: if an SSH server accepted an offer of a public key
and then rejected the signature, PuTTY could access freed memory,
if the key had come from an SSH agent.
* Security feature: new config option to disable PuTTY's dynamic
host key preference policy, if you prefer to avoid giving away
to eavesdroppers which hosts you have stored keys for.
MFH: 2020Q2
Security: 6190c0cd-b945-11ea-9401-2dcf562daa69
Security: CVE-2020-14002
Security: FZI-2020-5
Notes:
svn path=/head/; revision=540716
|
|
|
|
|
|
|
|
|
| |
...to avoid permanent redirects, or broken sites.
MFH: 2020Q2 (blanket, download/WWW URL chase)
Notes:
svn path=/head/; revision=533061
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Relevant changes taken from this...
ChangeLog: https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
* Security fix: in bracketed paste mode, the terminal escape sequences that
should delimit the pasted data were appearing together on one side of it,
making it possible to misidentify pasted data as manual keyboard input.
* Bug fix (possibly security-related): an SSH-1 server sending a disconnection
message could cause an access to freed memory.
* Bug fix: tweaked terminal handling to prevent lost characters at the ends of
lines in gcc's coloured error messages.
* Bug fix: removed a bad interaction between the 'clear scrollback' operation
and mouse selection that could give rise to the dreaded "line==NULL"
assertion box.
MFH: 2019Q4
Notes:
svn path=/head/; revision=514728
|
|
|
|
| |
Notes:
svn path=/head/; revision=514144
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Security fixes found by the EU-funded bug bounty:
- two separate vulnerabilities affecting the obsolete SSH-1 protocol, both available before host key checking
- a vulnerability in all the SSH client tools (PuTTY, Plink, PSFTP and PSCP) if a malicious program can impersonate Pageant
Changelog: https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
Switch off -DSTATIC_GSSAPI build as that produces non-working executables
(assertion failures). Bug has been reported upstream.
MFH: 2019Q3
Security: 5914705c-ab03-11e9-a4f9-080027ac955c
Notes:
svn path=/head/; revision=507001
|
|
|
|
|
|
|
|
|
| |
Not bumping PORTREVISION as the default build is unaffected.
Obtained from: Jacob Nevins, upstream Git commit 7ad08649
Notes:
svn path=/head/; revision=496930
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unfortunately, this new release breaks GSSAPI_NONE, which is removed
for now. Bug has been reported upstream.
Changelog: https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
MFH: 2019Q1
Security: 46e1ece5-48bd-11e9-9c40-080027ac955c
Notes:
svn path=/head/; revision=496064
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While here, add a putty-gtk2 slave port and update _CONFLICTS.
Since the default package does not change, and pkg would handle conflicts
around attempted installation of the new -gtk2 package, omit the
PORTREVISION bump from Miroslav's original patch.
PR: 227200
Submitted by: Miroslav Lachman
Notes:
svn path=/head/; revision=466267
|
|
|
|
|
|
|
|
|
|
|
|
| |
The flag has partial support across the tree, and the same effect
can be obtained by using ".undef WITH_DEBUG".
Reviewed by: mat, rene
Approved by: portmgr (rene)
Differential Revision: https://reviews.freebsd.org/D12548
Notes:
svn path=/head/; revision=452147
|
|
|
|
|
|
|
|
| |
PR: 220838
Submitted by: cy@
Notes:
svn path=/head/; revision=447756
|
|
|
|
|
|
|
|
| |
PR: 219095
Submitted by: ehaupt@
Notes:
svn path=/head/; revision=440836
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream change "You can now explicitly configure SSH terminal mode
settings not to be sent to the server, if your server objects to them."
Enable pageant, was missing from the 0.68 upgrade.
Switch to GTK3, no longer compiles with GTK2.
The security fixes contained in 0.69 are only good on Windows, so not
flagging this as a security update.
Notes:
svn path=/head/; revision=440116
|
|
|
|
|
|
|
| |
The reference to these had been removed as of r184036 on 2007-02-03 already.
Notes:
svn path=/head/; revision=436323
|
|
|
|
|
|
|
|
|
|
| |
Submitted by: cy@
Reported by: cy@
MFH: 2017Q1
Differential Revision: https://reviews.freebsd.org/D10023
Notes:
svn path=/head/; revision=436321
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Additional minor updates on top of cy@'s patch (USE_GNOME, USE_XORG,
LDFLAGS).
ChangeLog: http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
Submitted by: cy@
MFH: 2017Q1
Security: CVE-2017-6542
Security: 9b973e97-0a99-11e7-ace7-080027ef73ec
Differential Revision: https://reviews.freebsd.org/D10023
Notes:
svn path=/head/; revision=436313
|
|
|
|
| |
Notes:
svn path=/head/; revision=428696
|
|
|
|
|
|
|
|
|
|
| |
Mostly replace with ${}, but sometime, replace with $$() because it is
what was intended in the first place. (I think.)
Sponsored by: Absolight
Notes:
svn path=/head/; revision=418840
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unix-relevant changes:
* Security fix: a buffer overrun in the old-style SCP protocol when receiving
the header of each file downloaded from the server is fixed. (CVE-2016-2563)
* Assorted other robustness fixes for crashes and memory leaks.
MFH: 2016Q1
Security: 7f0fbb30-e462-11e5-a3f3-080027ef73ec
Security: CVE-2016-2563
Notes:
svn path=/head/; revision=410527
|
|
|
|
| |
Notes:
svn path=/head/; revision=402275
|
|
|
|
|
|
|
|
|
|
|
| |
Due to using both <bsd.port.pre.mk> and <bsd.port.options.mk>, the
USES+= gssapi:mit directive was ignored and not included in the build
dependency list. Remove <pre>/<post> includes to fix.
Approved by: mandree (maintainer)
Notes:
svn path=/head/; revision=402274
|
|
|
|
|
|
|
|
|
|
| |
Switch to USES=gssapi:mit.
Security: CVE-2015-5309
Security: 0cb0afd9-86b8-11e5-bf60-080027ef73ec
Notes:
svn path=/head/; revision=401087
|
|
|
|
|
|
|
|
|
| |
With hat: portmgr
Sponsored by: Absolight
Differential Revision: https://reviews.freebsd.org/D3694
Notes:
svn path=/head/; revision=399346
|
|
|
|
|
|
|
| |
Release notes: http://lists.tartarus.org/pipermail/putty-announce/2015/000021.html
Notes:
svn path=/head/; revision=393203
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Replace ${MASTER_SITE_FOO} with FOO.
- Merge MASTER_SITE_SUBDIR into MASTER_SITES when possible. (This means 99.9%
of the time.)
- Remove occurrences of MASTER_SITE_LOCAL when no subdirectory was present and
no hint of what it should be was present.
- Fix some logic.
- And generally, make things more simple and easy to understand.
While there, add magic values to the FESTIVAL, GENTOO, GIMP, GNUPG, QT and
SAMBA macros.
Also, replace some EXTRACT_SUFX occurences with USES=tar:*.
Checked by: make fetch-urlall-list
With hat: portmgr
Sponsored by: Absolight
Notes:
svn path=/head/; revision=386312
|
|
|
|
|
|
|
|
| |
PR: 198369
Submitted by: shun.fbsd.pr@dropcut.net
Notes:
svn path=/head/; revision=380619
|