Update PuTTY to new upstream security and bug fix release 0.62,

and add a new VuXML entry. Changelog: http://lists.tartarus.org/pipermail/putty-announce/2011/000017.html Security: bbd5f486-24f1-11e1-95bc-080027ef73ec Feature safe: yes
svn path=/head/; revision=287272
2024-10-20 20:09:11 +00:00 · 2011-12-12 19:57:18 +00:00 · 2011-12-12 19:57:18 +00:00 · 1450d5bdf8 · 2021-03-31 03:12:20 +00:00
commit 1450d5bdf8
parent 89cd36ea3e
3 changed files with 36 additions and 4 deletions
--- a/security/putty/Makefile
+++ b/security/putty/Makefile
@ -6,7 +6,7 @@
 #

 PORTNAME=	putty
-PORTVERSION=	0.61
+PORTVERSION=	0.62
 CATEGORIES=	security ipv6
 MASTER_SITES=	http://the.earth.li/~sgtatham/putty/%SUBDIR%/ \
 		ftp://ftp.chiark.greenend.org.uk/users/sgtatham/putty-latest/
@ -45,7 +45,7 @@ MAKE_ARGS+=	GTK_CONFIG=:
 .if !defined(WITHOUT_GSSAPI)
 _COMPAT=		-DSTATIC_GSSAPI
 .if ${OSVERSION} >= 900000
-LIB_DEPENDS=		krb5support.0:${PORTSDIR}/security/krb5
+LIB_DEPENDS+=		krb5support.0:${PORTSDIR}/security/krb5
 .endif
 .else
 _COMPAT=		-DNO_GSSAPI
--- a/security/putty/distinfo
+++ b/security/putty/distinfo
@ -1,2 +1,2 @@
-SHA256 (putty-0.61.tar.gz) = 0eb0ec2dcbaf803731343cd6cd03788f16781dc19f806c612e373430daf8c072
-SIZE (putty-0.61.tar.gz) = 1781830
+SHA256 (putty-0.62.tar.gz) = 8d187e86ee18c839895d263607b61788778564e3720e8d85c5305a04f9da0573
+SIZE (putty-0.62.tar.gz) = 1783106
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@ -47,6 +47,38 @@ Note:  Please add new entries to the beginning of this file.

 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="bbd5f486-24f1-11e1-95bc-080027ef73ec">
+    <topic>PuTTY 0.59 - 0.61 -- Password vulnerability</topic>
+    <affects>
+      <package>
+	<name>putty</name>
+	<range><ge>0.59</ge><lt>0.62</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Simon Tatham reports:</p>
+	<blockquote
+	  cite="http://lists.tartarus.org/pipermail/putty-announce/2011/000017.html">
+	  <p>PuTTY 0.62 fixes a security issue present in 0.59, 0.60 and 0.61.
+	    If you log in using SSH-2 keyboard-interactive authentication (which
+	    is the usual method used by modern servers to request a password),
+	    the password you type was accidentally kept in PuTTY's memory for
+	    the rest of its run, where it could be retrieved by other processes
+	    reading PuTTY's memory, or written out to swap files or crash
+	    dumps.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <mlist>http://lists.tartarus.org/pipermail/putty-announce/2011/000017.html</mlist>
+    </references>
+    <dates>
+      <discovery>2011-12-10</discovery>
+      <entry>2011-12-12</entry>
+    </dates>
+  </vuln>
+
  <vuln vid="bb389137-21fb-11e1-89b4-001ec9578670">
    <topic>asterisk -- Multiple Vulnerabilities</topic>
    <affects>