putty (0.74-1+deb11u1~deb10u2) buster-security; urgency=critical * LTS team upload * Fix CVE-2024-31497: biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. -- Bastien Roucariès Wed, 19 Jun 2024 21:49:08 +0000 putty (0.74-1+deb11u1~deb10u1) buster-security; urgency=medium * LTS team upload * Rebuild for buster-security. -- Bastien Roucariès Sun, 24 Mar 2024 19:14:08 +0000 putty (0.74-1+deb11u1) bullseye-security; urgency=medium * Cherry-pick from upstream: - CVE-2021-36367: New option to reject 'trivial' success of userauth (closes: #990901). - New macro PTRLEN_DECL_LITERAL. - Extra utility function add_to_commasep_pl. - CVE-2023-48795: Support OpenSSH's new strict kex feature (thanks to Simon Tatham for backporting assistance). Note that this does _not_ include upstream's added UI warning for servers vulnerable to Terrapin, which was too difficult to backport to this version. -- Colin Watson Fri, 22 Dec 2023 17:36:21 +0000 putty (0.74-1) unstable; urgency=medium * New upstream release. - SECURITY: Key list from agent used after free if server rejects signature after PK_OK. - CVE-2020-14002: Dynamic host key policy leaks information about known host keys. -- Colin Watson Sat, 27 Jun 2020 13:43:16 +0100 putty (0.73-3) unstable; urgency=medium * Cherry-pick from upstream: - pty_backend_create: set up SIGCHLD handler earlier (closes: #959396). -- Colin Watson Fri, 08 May 2020 15:52:01 +0100 putty (0.73-2) unstable; urgency=medium * Cherry-pick from upstream: - gtkfont: use PANGO_PIXELS_CEIL to work out font metrics (fixes rendering regression at some font sizes with Pango 1.44). -- Colin Watson Sun, 05 Apr 2020 12:22:42 +0100 putty (0.73-1) unstable; urgency=medium * New upstream release. -- Colin Watson Sun, 29 Sep 2019 17:10:38 +0100 putty (0.72-2) unstable; urgency=medium * Use debhelper-compat instead of debian/compat. * Port mkicon.py to Python 3 and drop build-dependency on python (closes: #937380). -- Colin Watson Sat, 31 Aug 2019 21:46:04 +0100 putty (0.72-1) unstable; urgency=medium * New upstream release. * Explicitly build-depend on python3, for test/cryptsuite.py. -- Colin Watson Tue, 23 Jul 2019 10:49:47 +0100 putty (0.71-1) experimental; urgency=medium * Add new upstream release signing key to debian/upstream/signing-key.asc (see https://www.chiark.greenend.org.uk/~sgtatham/putty/keys.html). * New upstream release (see https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html). - Make "putty user@host" work (closes: #509194). -- Colin Watson Wed, 20 Mar 2019 13:11:14 +0000 putty (0.70-6) unstable; urgency=high * Apply security patch series from upstream: - New facility for removing pending toplevel callbacks. - Fix one-byte buffer overrun in random_add_noise(). - uxnet: clean up callbacks when closing a NetSocket. - sk_tcp_close: fix memory leak of output bufchain. - Fix handling of bad RSA key with n=p=q=0. - Sanity-check the 'Public-Lines' field in ppk files. - Introduce an enum of the uxsel / select_result flags. - Switch to using poll(2) in place of select(2). - RSA kex: enforce the minimum key length. - Fix crash on ESC#6 + combining chars + GTK + odd-width terminal. - Limit the number of combining chars per terminal cell. - minibidi: fix read past end of line in rule W5. - Fix crash printing a width-2 char in a width-1 terminal. -- Colin Watson Sun, 17 Mar 2019 09:37:02 +0000 putty (0.70-5) unstable; urgency=medium [ Colin Watson ] * Mark all binary packages Multi-Arch: foreign. * Configure with --disable-git-commit to avoid a build failure due to trying to redefine SOURCE_COMMIT when building from the Debian git tree. * Cherry-pick from upstream: - Remove a fixed-size buffer in pscp.c (closes: #911955). - Remove a fixed-size buffer in cmdgen.c. - Stop using deprecated gtk_container_set_focus_chain(). [ Niels Thykier ] * Declare the explicit requirement for (fake)root. -- Colin Watson Sun, 28 Oct 2018 18:07:45 +0000 putty (0.70-4) unstable; urgency=medium * Cherry-pick from upstream: - Ignore spurious configure_area events, which caused a lot of flickering on GTK+ 3. -- Colin Watson Thu, 05 Apr 2018 00:27:48 +0100 putty (0.70-3) unstable; urgency=medium * Use GDK_BACKEND x11 when built with X support (thanks, Andreas Henriksson; closes: #861603). -- Colin Watson Tue, 03 Apr 2018 02:03:31 +0100 putty (0.70-2) unstable; urgency=medium * Move VCS to salsa.debian.org. * Cherry-pick from upstream: - Use gdk_display_beep() in place of obsolete gdk_beep() (closes: #891519). -- Colin Watson Sun, 04 Mar 2018 18:20:39 +0000 putty (0.70-1) unstable; urgency=medium * New upstream release. -- Colin Watson Sat, 08 Jul 2017 13:19:23 +0100 putty (0.69-2) unstable; urgency=medium * Update Homepage and debian/copyright download URL to use HTTPS. * Upload to unstable. -- Colin Watson Sun, 18 Jun 2017 12:20:31 +0100 putty (0.69-1) experimental; urgency=medium * New upstream release. -- Colin Watson Sat, 29 Apr 2017 13:14:57 +0100 putty (0.68-2) experimental; urgency=medium * Move pageant from putty-tools to putty, since it depends on GTK+ (thanks, Dr. Markus Waldeck). -- Colin Watson Sun, 02 Apr 2017 17:26:23 +0100 putty (0.68-1) experimental; urgency=medium * New upstream release. - Supports elliptic-curve cryptography for host keys, user authentication keys, and key exchange (closes: #854287). - Ported to GTK+ 3. * Use HTTPS URL in debian/watch. * Install Pageant, which is now ported to Unix. * Cherry-pick a set of upstream patches to get things working with GTK+ 3.22: - Handle GTK 3.22's deprecation of gdk_cairo_create(). - Handle deprecation of gtk_menu_popup. - Use CSS to set window backgrounds with GTK+ 3. - Handle deprecation of gdk_screen_{width,height}. - Replace deprecated gtk_window_set_wmclass with raw Xlib. - Change Cairo image surface type from RGB24 to ARGB32. * Update download URL in debian/copyright (thanks, Dr. Markus Waldeck). -- Colin Watson Sun, 02 Apr 2017 00:16:29 +0100 putty (0.67-3) unstable; urgency=high * CVE-2017-6542: Sanity-check message length fields in CHAN_AGENT input (thanks, Simon Tatham; closes: #857642). -- Colin Watson Wed, 22 Mar 2017 14:42:13 +0000 putty (0.67-2) unstable; urgency=medium * Backport from upstream: - Add command-line passphrase-file options to command-line PuTTYgen. -- Colin Watson Fri, 18 Mar 2016 22:32:33 +0000 putty (0.67-1) unstable; urgency=high * New upstream release. - CVE-2016-2563: Fix buffer overrun in the old-style SCP protocol (closes: #816921). -- Colin Watson Sun, 06 Mar 2016 18:41:16 +0000 putty (0.66-4) unstable; urgency=medium * Use HTTPS for Vcs-* URLs, and link to cgit rather than gitweb. * Fix misleading-indentation and strict-aliasing warnings from GCC 6 (closes: #811581). -- Colin Watson Fri, 05 Feb 2016 13:47:21 +0000 putty (0.66-3) unstable; urgency=medium * Add a Homepage field. * Add Keywords fields to pterm.desktop and putty.desktop. * Build with large file support. -- Colin Watson Mon, 04 Jan 2016 15:18:57 +0000 putty (0.66-2) unstable; urgency=medium * Fix dh_fixperms override to work properly with an architecture-independent-only build (closes: #806098). * Do much less work in architecture-independent-only builds. * Fix build failure on GNU/Hurd (closes: #805505). -- Colin Watson Tue, 24 Nov 2015 17:10:21 +0000 putty (0.66-1) unstable; urgency=high * New upstream release. - CVE-2015-5309: Fix a potentially memory-corrupting integer overflow in the handling of the ECH (erase characters) control sequence in the terminal emulator. * Use dh-exec to remove the need to override dh_install. * Add OpenPGP signature checking configuration to watch file. -- Colin Watson Sat, 07 Nov 2015 16:10:41 +0000 putty (0.65-2) unstable; urgency=medium * Backport from upstream: - Performance: cache character widths returned from Pango (closes: #792258). -- Colin Watson Sun, 23 Aug 2015 18:47:52 +0100 putty (0.65-1) unstable; urgency=medium * New upstream release. -- Colin Watson Tue, 28 Jul 2015 11:18:13 +0100 putty (0.64-1) unstable; urgency=medium * New upstream release. - Support sharing an SSH connection between multiple instances of PuTTY and its tools. - Add a command-line and config option to specify the expected host key(s). -- Colin Watson Sun, 14 Jun 2015 11:03:52 +0100 putty (0.63-10) unstable; urgency=medium * Backport from upstream: - Make kh2reg.py compatible with modern Python. - MATTA-2015-002: Enforce acceptable range for Diffie-Hellman server value. - Fix an erroneous length field in SSH-1 key load. - CVE-2015-2157: Fix failure to clear sensitive private key information from memory (closes: #779488). -- Colin Watson Sun, 01 Mar 2015 12:59:15 +0000 putty (0.63-9) unstable; urgency=medium * Backport from upstream (Simon Tatham): - Revert the default for font bolding style back to using colours rather than fonts (closes: #772948). -- Colin Watson Sat, 13 Dec 2014 10:11:04 +0000 putty (0.63-8) unstable; urgency=medium * Backport from upstream (Simon Tatham), suggested by Jacob Nevins: - Fix incorrect handling of saved sessions with a dynamic SOCKS tunnel bound to a specific protocol (IPv4 or IPv6). -- Colin Watson Sun, 12 Oct 2014 20:47:42 +0100 putty (0.63-7) unstable; urgency=medium * Build with all hardening options. (Thanks, Markus.) -- Colin Watson Sun, 24 Aug 2014 00:29:36 +0100 putty (0.63-6) unstable; urgency=medium * Backport two upstream patches to fix runaway timer explosions (closes: #758473). -- Colin Watson Wed, 20 Aug 2014 21:05:52 +0100 putty (0.63-5) unstable; urgency=medium * Backport from upstream (Simon Tatham): - Fix an annoying timer-handling warning from current versions of GTK. -- Colin Watson Mon, 21 Apr 2014 21:57:57 +0100 putty (0.63-4) unstable; urgency=medium * Backport from upstream (Simon Tatham): - Fix assertion failure in Unix PuTTYgen exports (LP: #1289176). -- Colin Watson Tue, 08 Apr 2014 12:19:08 +0100 putty (0.63-3) unstable; urgency=medium * Use dh-autoreconf, with the aid of a few upstream patches to make things work with current autotools. * Backport upstream patch to add some assertions in sshzlib.c, fixing build with -O3. -- Colin Watson Wed, 12 Mar 2014 12:07:04 +0000 putty (0.63-2) unstable; urgency=low * Support parallel builds. * Switch to git; adjust Vcs-* fields. -- Colin Watson Wed, 08 Jan 2014 13:01:57 +0000 putty (0.63-1) unstable; urgency=low * New upstream release. - CVE-2013-4206: Buffer underrun in modmul could corrupt the heap. - CVE-2013-4852: Negative string length in public-key signatures could cause integer overflow and overwrite all of memory (closes: #718779). - CVE-2013-4207: Non-coprime values in DSA signatures can cause buffer overflow in modular inverse. - CVE-2013-4208: Private keys were left in memory after being used by PuTTY tools. - Allow using a bold colour and a bold font at the same time (closes: #193352). - Use a monotonic clock (closes: #308552). * Switch to the Autotools-based build system. * Upgrade to debhelper v9. -- Colin Watson Wed, 07 Aug 2013 04:00:18 +0100 putty (0.62-11) unstable; urgency=low * Backport from upstream (Ben Harris, Simon Tatham): - Avoid function pointer comparison when using clang. -- Colin Watson Tue, 04 Jun 2013 15:45:00 +0100 putty (0.62-10) unstable; urgency=low * Backport from upstream (Simon Tatham, closes: #701425): - Check the return values of setuid and friends. - Remove the half-hearted attempt to make the utmp helper process drop privileges just before dying of a fatal signal. -- Colin Watson Mon, 25 Feb 2013 20:36:40 +0000 putty (0.62-9) unstable; urgency=low * Backport from upstream (Simon Tatham): - Fix handling of non-default numeric keypad modes when Num Lock is on (closes: #680261). -- Colin Watson Thu, 23 Aug 2012 12:58:52 +0100 putty (0.62-8) unstable; urgency=low * Backport from upstream (Simon Tatham): - Support dead keys and compose sequences (closes: #221786, #250464). -- Colin Watson Fri, 22 Jun 2012 15:18:51 +0100 putty (0.62-7) unstable; urgency=low * Add System category to pterm.desktop (closes: #678126). * Use dpkg-buildflags to enable hardening options. -- Colin Watson Tue, 19 Jun 2012 13:28:15 +0100 putty (0.62-6) unstable; urgency=low * Backport from upstream (Simon Tatham, Jacob Nevins): - Generate keys more carefully, so that when the user asks for an n-bit key they always get an n-bit number instead of n-1. The latter was perfectly harmless but kept confusing users (closes: #661152). -- Colin Watson Sun, 04 Mar 2012 16:09:28 +0000 putty (0.62-5) unstable; urgency=low * Ignore failures to generate PNG icons too. -- Colin Watson Wed, 08 Feb 2012 19:51:39 +0000 putty (0.62-4) unstable; urgency=low * Ignore failures to generate XPM icons. It's not the end of the world, and this fails on kFreeBSD due to some apparently undiagnosed imagemagick bug. * Drop icon-debug.patch, since it didn't especially help anyway. -- Colin Watson Wed, 08 Feb 2012 15:42:14 +0000 putty (0.62-3) unstable; urgency=low * Fix icon-debug.patch to print debug information to stderr, not stdout. -- Colin Watson Tue, 03 Jan 2012 21:34:28 +0000 putty (0.62-2) unstable; urgency=low * Avoid deprecated GLib functions. * Add temporary debugging patch to try to figure out why the kfreebsd-amd64 build is failing. -- Colin Watson Tue, 03 Jan 2012 18:14:45 +0000 putty (0.62-1) unstable; urgency=high * New upstream release. - [SECURITY] Wipe SSH keyboard-interactive replies from memory after authentication. -- Colin Watson Mon, 12 Dec 2011 02:05:49 +0000 putty (0.61-2) unstable; urgency=low * Add cross-compiling support. -- Colin Watson Tue, 27 Sep 2011 14:29:27 +0100 putty (0.61-1) unstable; urgency=low * New upstream release. * Update Vcs-* fields for Alioth changes. -- Colin Watson Wed, 13 Jul 2011 15:26:33 +0100 putty (0.60+2011-05-09-1) unstable; urgency=low * New experimental development snapshot. - Compiles cleanly with GCC 4.6 (closes: #625113, #625426). * Consistently capitalise SSH in the package description when referring to the protocol (closes: #610486). -- Colin Watson Mon, 09 May 2011 13:45:39 +0100 putty (0.60+2010-12-08-1) unstable; urgency=low * New experimental development snapshot. - Add more possible baud rates to the Unix serial backend (closes: #606328). * Add ${misc:Depends}. * Remove deprecated Encoding keys from desktop files. * Remove deprecated Application categories from desktop files. * Build with GSSAPI support (using run-time library binding). -- Colin Watson Wed, 08 Dec 2010 17:54:50 +0000 putty (0.60+2010-02-20-1) unstable; urgency=low * New experimental development snapshot. - Console utilities send prompts to /dev/tty or failing that stderr, not to stdout (closes: #422295). * Upgrade to debhelper v7. * Move documentation from putty-tools to a new putty-doc package (closes: #472195). * Add a watch file. * Convert to source format 3.0 (quilt). No remaining Debian patches! -- Colin Watson Mon, 22 Feb 2010 01:01:22 +0000 putty (0.60+2009-11-22-1) unstable; urgency=low * New experimental development snapshot. * Moved to bzr.debian.org; add Vcs-Bzr and Vcs-Browser control fields. -- Colin Watson Fri, 01 Jan 2010 14:50:45 +0000 putty (0.60+2009-08-22-3) unstable; urgency=low * Use x11.pc when compiling/linking against GTK (closes: #556125). -- Colin Watson Mon, 23 Nov 2009 20:39:22 +0000 putty (0.60+2009-08-22-2) unstable; urgency=low * Rebuild manual pages with halibut 1.0+svn20090906-1, fixing option markers (see #496063). * Stop calling dh_desktop, as it's now a no-op thanks to dpkg triggers. -- Colin Watson Mon, 07 Sep 2009 01:22:17 +0100 putty (0.60+2009-08-22-1) unstable; urgency=low * New experimental development snapshot. - Fix potential crash on "reget" in psftp. - Fix random seed behaviour in the absence of a seed file. - Support OpenSSH's method of specifying port numbers in known_hosts. - Improve Pango font handling performance. * Use dh_install, dh_installman, and dh_lintian, and use some other debhelper programs more effectively. * Upgrade to debhelper v6. -- Colin Watson Tue, 25 Aug 2009 21:50:05 +0100 putty (0.60+2009-04-05-1) unstable; urgency=low * New experimental development snapshot. - Stop attempting to make session logs private on Unix. This was introduced in r7084 at the same time as sensible permissions when writing private key files; however, it causes an assertion failure whenever an attempt is made to append to an existing log file on Unix, and it's not clear what "is_private" *should* do for append, so revert to log file security being the user's responsibility (LP: #212711). - Cope with GTK+ 2.0 encoding keypress strings in the current locale rather than in ISO-8859-1 (closes: #517535). -- Colin Watson Sun, 05 Apr 2009 22:42:02 +0100 putty (0.60+2009-02-22-1) unstable; urgency=low * New experimental development snapshot. - Uses GTK+ 2.0 (closes: #516641, LP: #271277) and as a result supports Unicode window titles (LP: #48781). - Fixes handling of trailing CR in key files (closes: #414784). * Disabled upstream Kerberos support for now, as it produces unwanted linkage in pterm and other binaries. -- Colin Watson Mon, 23 Feb 2009 10:11:54 +0000 putty (0.60-4) unstable; urgency=low * Build-depend on x11proto-core-dev rather than x-dev (thanks, Lintian). * Backport from upstream (r8150, Jacob Nevins; closes: #503186, LP: #67488): - Fix for portfwd-addr-family: on Unix, when a tunnel is specified as "Auto" (rather than IPv4 or IPv6-only; this is the default), try to open up listening sockets on both address families, rather than (unhelpfully) just IPv6. (And don't open one if the other can't be bound, in a nod to CVE-2008-1483.) Based on a patch from Ben A L Jemmett. * Avoid problems with the -D_FORTIFY_SOURCE=2 default on Ubuntu by explicitly ignoring results from a number of calls to read, write, and fwrite. (This is pretty ham-handed and I've asked upstream whether they have any better ideas for any of these.) -- Colin Watson Sun, 16 Nov 2008 22:06:59 +0000 putty (0.60-3) unstable; urgency=low * Move putty to Applications/Network/Communication menu sub-section. * Use dh_desktop. -- Colin Watson Wed, 28 May 2008 09:28:32 +0100 putty (0.60-2) unstable; urgency=low * Update to section structure from menu 2.1.35. -- Colin Watson Thu, 05 Jul 2007 12:19:47 +0100 putty (0.60-1) unstable; urgency=low * New upstream release (closes: #422935). - Pressing Ctrl+Break now sends a serial break signal in the serial back end, and in the SSH and Telnet backends it asks the server to do the same (if the server supports it). The previous Ctrl+Break behaviour can still be triggered with Ctrl-C. - You can now store a host name in the Default Settings. - In 0.59, it was possible to lock yourself out of the configuration dialog by configuring a serial connection in Default Settings. This should no longer be possible. - We've had reports of the error message `Unable to read from standard input' in Plink 0.59. We've found and fixed one cause of this message, and added better diagnostics in case there are others. - 0.59 could emit malformed SSH-2 packets that upset some servers (such as Foundry routers). Fixed. -- Colin Watson Thu, 10 May 2007 10:30:25 +0100 putty (0.59-3) experimental; urgency=low * Build-depend on python for icon generation (closes: #409115). -- Colin Watson Wed, 31 Jan 2007 08:45:16 +0000 putty (0.59-2) experimental; urgency=low * Build-depend on imagemagick for icon generation. -- Colin Watson Tue, 30 Jan 2007 12:53:24 +0000 putty (0.59-1) experimental; urgency=low * New upstream release. - PuTTY can now connect to a local serial port, as an alternative to making a network connection. - Support for password expiry in SSH-2. - Various performance improvements and cryptography upgrades. - The file transfer utilities PSCP and PSFTP now support files bigger than 2Gb (provided the underlying operating system does too). - Numerous other small bug fixes, including: + Return a well-formed response containing the empty string by default in response to a remote window title query (closes: #229232). + Remove the loops that close all open fds before running a subprocess. They were intended to make sure the child process didn't inherit anything embarrassing or inconvenient from us, such as the master end of its own pty, but now we instead do this by making sure to set all our own fds to not-FD_CLOEXEC on creation (closes: #357520). + Save private keys and session logs such that they're only readable by the owner (closes: #400804). + psftp: Fix double-free on mkdir (closes: #406090). * Update debian/copyright. * Install kh2reg.py in /usr/share/doc/putty-tools/examples (closes: #400806). * Install new pterm and putty icons. * Use transparency for GTK 1 window icons. -- Colin Watson Mon, 29 Jan 2007 21:38:53 +0000 putty (0.58-5) unstable; urgency=low * Remove Icon= from putty and pterm desktop files, as there are no icons yet. -- Colin Watson Mon, 17 Jul 2006 10:21:38 +0100 putty (0.58-4) unstable; urgency=low * Add desktop files for putty and pterm (thanks, Barry deFreese via Ubuntu; closes: https://launchpad.net/distros/ubuntu/+source/putty/+bug/29716). * Fix display timeouts on 64-bit systems (thanks, Peter Maydell; closes: #336390). -- Colin Watson Sat, 15 Apr 2006 10:52:28 +0100 putty (0.58-3) unstable; urgency=low * Dynamically allocate memory passed to putenv() in pty_init() and don't free it, otherwise TERM ends up unset. -- Colin Watson Fri, 15 Jul 2005 11:52:10 +0100 putty (0.58-2) unstable; urgency=low * Fix warnings with gcc-4.0 (closes: #287960). * Upgrade to debhelper compatibility level 4; level 2 is deprecated. -- Colin Watson Fri, 15 Jul 2005 11:08:53 +0100 putty (0.58-1) unstable; urgency=low * New upstream release (closes: #303296). - Wildcards (mput/mget) and recursive file transfer in PSFTP (closes: #254578). - You can now save your session details from the Change Settings dialog box, _after_ you've started your session. - Various improvements to Unicode support, including: + support for right-to-left and bidirectional text (Arabic, Hebrew etc). + support for Arabic text shaping. + support for Unicode combining characters. - Support for the xterm 256-colour control sequences. - Port forwardings can now be reconfigured in mid-session. - Support for IPv6. - More configurability and flexibility in SSH-2 key exchange. In particular, PuTTY can now initiate repeat key exchange during the session, which means that if your server doesn't initiate it (OpenSSH is known not to bother) you can still have the cryptographic benefits. - Display artefacts caused by characters overflowing their character cell should now all be gone. (This would probably have bothered Windows ClearType users more than anyone else.) - Keepalives are now supported everywhere. - Miscellaneous improvements for CJK/IME users. - New pterm timing code, reducing idle CPU usage (closes: #204811). * Build-depend on x-dev and libx11-dev rather than the transitional xlibs-dev package. -- Colin Watson Sun, 10 Apr 2005 12:47:35 +0100 putty (0.57-1) unstable; urgency=high * New upstream release, fixing pscp/psftp security holes exploitable by a malicious server after host key verification (closes: #296144). - [SECURITY] Fix heap corruption vulnerability in handling of response to SFTP FXP_READDIR request. - [SECURITY] Fix heap corruption vulnerability in handling of SFTP string fields. -- Colin Watson Sun, 20 Feb 2005 22:49:28 +0000 putty (0.56-1) unstable; urgency=high * New upstream release. - [SECURITY] A vulnerability discovered by iDEFENSE, potentially allowing arbitrary code execution on the client by a malicious server before host key verification, has been fixed (closes: #278414). - Ability to restart a session within an inactive window, via a new menu option. - Minimal support for not running a shell or command at all in SSH protocol 2 (equivalent to OpenSSH's `-N' option). PuTTY/Plink still provide a normal window for interaction, and have to be explicitly killed. - Transparent support for CHAP cryptographic authentication in the SOCKS 5 proxy protocol. - More diagnostics in the Event Log, particularly of SSH port forwarding. - Ability to request setting of environment variables in SSH (protocol 2 only). - Ability to send POSIX signals in SSH (protocol 2 only) via the `Special Commands' menu. - Bug fix: The PuTTY tools now more consistently support usernames containing `@' signs. - Support for the Polish character set `Mazovia'. - When logging is enabled, the log file is flushed more frequently, so that its contents can be viewed before it is closed. - More flexibility in SSH packet logging: known passwords and session data can be omitted from the log file. Passwords are omitted by default. (This option isn't perfect for removing sensitive details; you should still review log files before letting them out of your sight.) - Ability to set environment variables in pterm. - PuTTY and pterm attempt to use a UTF-8 line character set by default if this is indicated by the locale; however, this can be overridden. - Fix build failure on amd64 due to ut_time's size (closes: #265910). - Fix blinking line cursors (closes: #272877). * Install HTML documentation in /usr/share/doc/putty-tools, and make putty depend on putty-tools for the documentation (closes: #278094). -- Colin Watson Tue, 26 Oct 2004 22:20:17 +0100 putty (0.55-1) unstable; urgency=high * New upstream release. - [SECURITY] A vulnerability discovered by Core Security Technologies (advisory number CORE-2004-0705), potentially allowing arbitrary code execution on the client by a malicious server before host key verification, has been fixed. - General robustness of the SSH1 implementation has been improved, which may have fixed further potential security problems although we are not aware of any specific ones. - A terminal speed is now sent to the SSH server. - Removed a spurious diagnostic message in Plink. - The `-load' option in PSCP and PSFTP should work better. - X forwarding can now talk to Unix sockets as well as TCP sockets (closes: #251257). - Various crashes and assertion failures fixed. -- Colin Watson Wed, 4 Aug 2004 01:43:20 +0100 putty (0.54-2) unstable; urgency=low * Upstream man page fixes: - putty(1): Remove claim that there's no Unix puttygen. - plink(1): Tart up, fix outright lies, mention web docs. - Add (probably frustratingly) bare-bones man pages for pscp and psftp. * debian/pterm.menu, debian/putty.menu: Quote 'needs' and 'section' arguments. * Policy version 3.5.9: no changes required. Deferring 3.5.10 and above until I've looked into 'x-terminal-emulator -e' compatibility. -- Colin Watson Fri, 27 Feb 2004 02:39:26 +0000 putty (0.54-1) unstable; urgency=low * New upstream release. First official Unix release! -- Colin Watson Sat, 14 Feb 2004 12:31:33 +0000 putty (0.53-b-2004-01-25-1) unstable; urgency=low * New upstream snapshot. - puttygen is now implemented, and is part of putty-tools. -- Colin Watson Sun, 25 Jan 2004 20:37:02 +0000 putty (0.53-b-2003-10-12-1) unstable; urgency=low * New upstream release. - Plink, PSCP, and PSFTP are now ready for prime-time. Create a new putty-tools package for them. - Possibly fix intermittent "Unable to load private key" errors with SSH protocol 2 (see #194067). * Advertise UTF-8 support in pterm's description. -- Colin Watson Sun, 12 Oct 2003 22:46:16 +0100 putty (0.53-b-2003-08-23-2) unstable; urgency=low * Fix -DSNAPSHOT calculation for NMU-style-versioned packages (thanks, Owen Dunn). -- Colin Watson Sun, 31 Aug 2003 14:22:59 +0100 putty (0.53-b-2003-08-23-1) unstable; urgency=low * New upstream snapshot. Among other things: - Fix a (non-security-critical) segfault in PuTTY's zlib code. - Selection handling improved: selection timestamps are set more accurately and X cut buffers are supported. - Shadow bold can be requested explicitly. -- Colin Watson Sun, 24 Aug 2003 00:03:28 +0100 putty (0.53-b-2003-05-14-1) unstable; urgency=low * New upstream snapshot, including: - Redraw the window border when the window background colour is reconfigured mid-session (closes: #193013). - Rename crc32() to crc32_compute(), to avoid clashing with zlib (closes: #192309). - Allow pterm to receive and understand COMPOUND_TEXT selections, including character set conversion where necessary (closes: #192307). -- Colin Watson Wed, 14 May 2003 02:29:47 +0100 putty (0.53-b-2003-05-13-1) unstable; urgency=low * New upstream snapshot. - Fix spin on exit with +ut, due to a stale file descriptor hanging around and getting closed later when it had become claimed by GTK (closes: #166396). - Add putty(1) man page (closes: #190570). -- Colin Watson Tue, 13 May 2003 03:34:56 +0100 putty (0.53-b-2003-05-11-1) unstable; urgency=low * New upstream snapshot, including: - Fix uninitialized value warning on arm (closes: #192674). - Fix int <=> pointer casting problems on alpha/ia64 (closes: #192701). - Restore -T option to pterm (closes: #191750). - Document NoRemoteQTitle resource and fix window versus icon title reporting (closes: #191751). - pterm will now attempt to guess suitable names for any missing fonts from the ones given; so it'll ask for a font twice as wide as your base one if you don't specify a wide font, it'll ask for a bolded version of your base font if you don't specify a bold font, and similarly for a wide/bold font. - Remove now-incorrect claim from pterm(1) that Unicode is not supported (with the last two changes, this closes: #187389). -- Colin Watson Sun, 11 May 2003 02:22:57 +0100 putty (0.53-b-2003-04-28-1) unstable; urgency=low * New upstream snapshot. - Fixes SIGPIPE blocking in pterm. -- Colin Watson Mon, 28 Apr 2003 17:20:55 +0100 putty (0.53-b-2003-04-24-1) unstable; urgency=low * New upstream snapshot. - PuTTY itself is now available for Unix, and packaged. - Compiled with optimization by default; several compiler warnings and bugs fixed as a result. * Set snapshot version number for the benefit of the About box. -- Colin Watson Thu, 24 Apr 2003 14:24:34 +0100 putty (0.53-b-2003-03-07-1) unstable; urgency=low * New upstream snapshot. - Sets WINDOWID, so that for example w3m inline images stand a better chance of appearing in the correct window. -- Colin Watson Fri, 7 Mar 2003 01:41:58 +0000 putty (0.53-b-2003-01-04-1) unstable; urgency=low * New upstream snapshot. - Version number tweaked slightly; it's really 0.53b-2003-01-04-1, but that compares less than 0.53-2002-11-08-1. - Supports UTF-8; just tell it to use a font in the iso10646-1 encoding. * Update copyright dates in debian/copyright to match LICENCE. * Just build pterm. No need to bother building plink as well when it's not part of a binary package. -- Colin Watson Sat, 4 Jan 2003 16:58:48 +0000 putty (0.53-2002-11-08-1) unstable; urgency=low * New upstream snapshot. - Uses the right kinds of dashes in pterm(1) (closes: #167761). - Stops at the right point when encountering an error parsing the command line (closes: #167787). * Document the utmp helper process in README.Debian (closes: #168016). -- Colin Watson Fri, 8 Nov 2002 19:28:32 +0000 putty (0.53-2002-11-03-1) unstable; urgency=low * New upstream snapshot. - Switches the default shadow bold offset to +1, which Crispin has been complaining about. - plink has been ported, but isn't packaged yet. -- Colin Watson Mon, 4 Nov 2002 00:15:03 +0000 putty (0.53-2002-10-26-1) unstable; urgency=low * New upstream snapshot. - Set background colour to avoid redraw flicker (closes: #165888). - CloseOnExit: 0 responds to keypresses as it claims (closes: #166397). -- Colin Watson Sat, 26 Oct 2002 01:34:33 +0100 putty (0.53-2002-10-24-1) unstable; urgency=low * New upstream snapshot. - Reap utmp helper zombie process when +ut is used (closes: #165887). * Install pterm setgid utmp so that it can make entries in the utmp and wtmp files, and add a lintian override for this. -- Colin Watson Thu, 24 Oct 2002 00:47:54 +0100 putty (0.53-2002-10-17-2) unstable; urgency=low * I used to be able to package things well, honest ... * Add menu file. * Register an alternative for x-terminal-emulator. -- Colin Watson Tue, 22 Oct 2002 01:06:45 +0100 putty (0.53-2002-10-17-1) unstable; urgency=low * Initial release, from upstream source snapshot. * I've put the source package in the net section because that probably fits PuTTY as a whole better, but I've put the pterm binary package in the x11 section. Go figure. -- Colin Watson Fri, 18 Oct 2002 14:58:42 +0100