diff --git a/security/putty/Makefile b/security/putty/Makefile index a7ae097d6c5e..04672b79f2b6 100644 --- a/security/putty/Makefile +++ b/security/putty/Makefile @@ -1,110 +1,111 @@ -PORTNAME= putty -DISTVERSION= 0.82 -PORTREVISION= 0 -#DISTVERSIONSUFFIX= .0c59d49 -CATEGORIES= security -MASTER_SITES= http://the.earth.li/~sgtatham/putty/${PORTVERSION}/ \ - ftp://ftp.chiark.greenend.org.uk/users/sgtatham/putty-latest/ \ - LOCAL/mandree/ -#MASTER_SITES= https://tartarus.org/~simon/putty-prerel-snapshots/ +PORTNAME= putty +# https://tartarus.org/~simon/putty-prerel-snapshots/putty-0.83~pre20250105.1e45199.tar.gz +DISTVERSION= 0.83 +PORTREVISION= 0 +#DISTVERSIONSUFFIX= .ec158a2 +CATEGORIES= security +MASTER_SITES= http://the.earth.li/~sgtatham/putty/${PORTVERSION}/ \ + LOCAL/mandree/ +#MASTER_SITES= https://tartarus.org/~simon/putty-prerel-snapshots/ \ +# LOCAL/mandree/ MAINTAINER= mandree@FreeBSD.org COMMENT= Secure shell and telnet client including xterm emulator WWW= https://www.chiark.greenend.org.uk/~sgtatham/putty/ # test plan: test ALL 4 GSSAPI_* options, GTK3 yes/no, WITH_DEBUG=yes build. LICENSE= MIT LICENSE_FILE= ${PATCH_WRKSRC}/LICENCE USES= cmake cpe perl5 pkgconfig USE_PERL5= build CONFLICTS_INSTALL?= pssh* putty-nogtk* PATCH_STRIP= -p1 PLIST_FILES= bin/pageant \ bin/plink \ bin/pscp \ bin/psftp \ bin/psusan \ bin/puttygen \ share/man/man1/pageant.1.gz \ share/man/man1/plink.1.gz \ share/man/man1/pscp.1.gz \ share/man/man1/psftp.1.gz \ share/man/man1/psusan.1.gz \ share/man/man1/puttygen.1.gz OPTIONS_DEFINE= GTK3 OPTIONS_DEFAULT= GSSAPI_BASE GTK3 OPTIONS_SINGLE= GSSAPI_SELECT OPTIONS_SINGLE_GSSAPI_SELECT= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT \ GSSAPI_NONE .include LDFLAGS+= -Wl,--as-needed # XXX FIXME this is simplified on these assumptions: # - we only support GTK3 in FreeBSD # (Putty would support EOL GTK2 and GTK1 as well) # - Putty 0.77 cannot have X11 without the gdk/gdkx.h header i. e. GTK. .if ${PORT_OPTIONS:MGTK3} && !defined(WITHOUT_X11) USES+= xorg USE_XORG= x11 USES+= gnome USE_GNOME= cairo gdkpixbuf2 gtk30 CMAKE_ARGS+= -DPUTTY_GTK_VERSION:STRING=3 PLIST_FILES+= bin/pterm \ bin/putty \ share/man/man1/pterm.1.gz \ share/man/man1/putty.1.gz \ share/pixmaps/putty.ico DESKTOP_ENTRIES= "PuTTY" \ "${COMMENT}" \ "${PREFIX}/share/pixmaps/${PORTNAME}.ico" \ "${PORTNAME}" \ "" \ false .else CMAKE_ARGS+= -DPUTTY_GTK_VERSION:STRING=NONE .endif .if ${PORT_OPTIONS:MGSSAPI_BASE} # Heimdal-like in base system USES+= gssapi:base,flags CMAKE_ARGS+= -DKRB5_CONFIG:PATH=${KRB5CONFIG} \ -DPUTTY_GSSAPI:STRING=STATIC .elif ${PORT_OPTIONS:MGSSAPI_HEIMDAL} USES+= gssapi:heimdal,flags CMAKE_ARGS+= -DKRB5_CONFIG:PATH=${KRB5CONFIG} \ -DPUTTY_GSSAPI:STRING=STATIC .elif ${PORT_OPTIONS:MGSSAPI_MIT} USES+= gssapi:mit,flags CMAKE_ARGS+= -DKRB5_CONFIG:PATH=${KRB5CONFIG} \ -DPUTTY_GSSAPI:STRING=STATIC .else CMAKE_ARGS+= -DPUTTY_GSSAPI:STRING=OFF .endif post-patch: # we don't want to inherit FreeBSD commits # as PUTTY Git commit revisions, # so pretend we do not have Git: ${REINPLACE_CMD} '/FindGit/d' \ ${WRKSRC}/cmake/setup.cmake \ ${WRKSRC}/doc/CMakeLists.txt # nuke pkg-config detection of GSSAPI/Kerberos libs, # it interferes with FreeBSD's krb5-config approach ${REINPLACE_CMD} '/pkg_check_modules(KRB5 krb5-gssapi)/d' \ ${WRKSRC}/cmake/platforms/unix.cmake post-install: .if ${PORT_OPTIONS:MGTK3} @${MKDIR} ${STAGEDIR}${PREFIX}/share/pixmaps ${INSTALL_DATA} ${WRKSRC}/windows/putty.ico \ ${STAGEDIR}${PREFIX}/share/pixmaps/ .endif .include diff --git a/security/putty/distinfo b/security/putty/distinfo index 541b081ab0de..78d44287e9d2 100644 --- a/security/putty/distinfo +++ b/security/putty/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1734704014 -SHA256 (putty-0.82.tar.gz) = 195621638bb6b33784b4e96cdc296f332991b5244968dc623521c3703097b5d9 -SIZE (putty-0.82.tar.gz) = 2944148 +TIMESTAMP = 1739055533 +SHA256 (putty-0.83.tar.gz) = 718777c13d63d0dff91fe03162bc2a05b4dfc8b0827634cd60b51cefdff631c6 +SIZE (putty-0.83.tar.gz) = 3007178 diff --git a/security/putty/files/patch-296b6291d39c0cf118cd3081c3ab86a5889eb4d9 b/security/putty/files/patch-296b6291d39c0cf118cd3081c3ab86a5889eb4d9 deleted file mode 100644 index 30de85c82802..000000000000 --- a/security/putty/files/patch-296b6291d39c0cf118cd3081c3ab86a5889eb4d9 +++ /dev/null @@ -1,33 +0,0 @@ -From: Simon Tatham -Date: Sat, 7 Dec 2024 19:28:44 +0000 (+0000) -Subject: Fix error message when KEXINIT negotiation fails. -X-Git-Url: https://git.tartarus.org/?p=simon%2Fputty.git;a=commitdiff_plain;h=7da3449586ea3e6faaa92663d32774e28cf4e2e3;hp=296b6291d39c0cf118cd3081c3ab86a5889eb4d9 - -Fix error message when KEXINIT negotiation fails. - -By putting the wrong error-type enum value in a ScanKexinitsResult, I -accidentally caused nonsense messages of the form - - Selected key exchange algorithm "foo,bar,baz" does not correspond to any supported algorithm - -where "foo,bar,baz" is the full comma-separated list sent by the -server, so it's not even _an_ algorithm as the message suggests. - -Now the message is the one it should have been all along: - - Couldn't agree a key exchange algorithm (available: foo,bar,baz) ---- - -diff --git a/ssh/transport2.c b/ssh/transport2.c -index 5dd73cfe..b8e0d1c6 100644 ---- a/ssh/transport2.c -+++ b/ssh/transport2.c -@@ -1166,7 +1166,7 @@ static ScanKexinitsResult ssh2_scan_kexinits( - * Otherwise, any match failure _is_ a fatal error. - */ - ScanKexinitsResult skr = { -- .success = false, .error = SKR_UNKNOWN_ID, -+ .success = false, .error = SKR_NO_AGREEMENT, - .kind = kexlist_descr[i], .desc = slists[i], - }; - return skr; diff --git a/security/putty/files/patch-6a88b294276b9c24584efa18b9a37f437fa46712 b/security/putty/files/patch-6a88b294276b9c24584efa18b9a37f437fa46712 deleted file mode 100644 index 37bda1c8a77a..000000000000 --- a/security/putty/files/patch-6a88b294276b9c24584efa18b9a37f437fa46712 +++ /dev/null @@ -1,50 +0,0 @@ -From: Simon Tatham -Date: Sat, 7 Dec 2024 09:37:15 +0000 (+0000) -Subject: GTK: fix a crash when clicking Cancel on Change Settings. -X-Git-Url: https://git.tartarus.org/?p=simon%2Fputty.git;a=commitdiff_plain;h=296b6291d39c0cf118cd3081c3ab86a5889eb4d9;hp=6a88b294276b9c24584efa18b9a37f437fa46712 - -GTK: fix a crash when clicking Cancel on Change Settings. - -I only observed this in the GTK1 build, but I don't know for sure it -can't happen in other situations, so there's no reason not to be -careful. - -What seems to happen is that when the user clicks Cancel on the Change -Settings dialog box, we call gtk_widget_destroy on the window, which -emits the "destroy" signal on the window, our handler for which frees -the whole dlgparam. But _then_ GTK goes through and cleans up all the -sub-widgets of the dialog box, and some of those generate extra -events. In particular, destroying a list box is done by first deleting -all the list entries - and if one of those is selected, the list box's -selection changes, triggering an event which calls our callback that -tries to look up the control in the dlgparam we just freed. - -My simple workaround is to defer actually freeing the dlgparam, via a -toplevel callback. Then it's still lying around empty while all those -random events are firing. ---- - -diff --git a/unix/dialog.c b/unix/dialog.c -index 835ad978..fa645b3a 100644 ---- a/unix/dialog.c -+++ b/unix/dialog.c -@@ -3345,9 +3345,18 @@ static void dlgparam_destroy(GtkWidget *widget, gpointer data) - sfree(dp->selparams[i]); - } - sfree(dp->selparams); -+ dp->selparams = NULL; - } - #endif -- sfree(dp); -+ /* -+ * Instead of freeing dp right now, defer it until we return to -+ * the GTK main loop. Then if any other last-minute GTK events -+ * happen while the rest of the widgets are being cleaned up, our -+ * handlers will still be able to try to look things up in dp. -+ * (They won't find anything - we've just emptied it - but at -+ * least they won't crash while trying.) -+ */ -+ queue_toplevel_callback(sfree, dp); - } - - static void messagebox_handler(dlgcontrol *ctrl, dlgparam *dp, diff --git a/security/putty/files/patch-7da3449586ea3e6faaa92663d32774e28cf4e2e3 b/security/putty/files/patch-7da3449586ea3e6faaa92663d32774e28cf4e2e3 deleted file mode 100644 index 8c2427e006f9..000000000000 --- a/security/putty/files/patch-7da3449586ea3e6faaa92663d32774e28cf4e2e3 +++ /dev/null @@ -1,36 +0,0 @@ -From: Simon Tatham -Date: Wed, 4 Dec 2024 12:02:05 +0000 (+0100) -Subject: Fix use of aligned_alloc() to be ASan-clean. -X-Git-Url: https://git.tartarus.org/?p=simon%2Fputty.git;a=commitdiff_plain;h=c2d7ea8e67c462341e16d74e7a0ea42edd514635;hp=7da3449586ea3e6faaa92663d32774e28cf4e2e3 - -Fix use of aligned_alloc() to be ASan-clean. - -aligned_alloc() is used by testsc for all its memory allocation, to -avoid false-positive timing variations that depend on memory alignment -rather than actual secret data. But I'd forgotten that aligned_alloc -requires the allocation size to be a multiple of the requested -alignment. - -This showed up when I ran testsc in dry-run mode, and my normal build -happened to be using ASan, which complains at the invalid allocation -size. But it was theoretically a problem in all builds of -testsc. (Though, as far as I'm aware, not practically; and it _only_ -affected testsc.) ---- - -diff --git a/utils/memory.c b/utils/memory.c -index 0ba791ad..590be002 100644 ---- a/utils/memory.c -+++ b/utils/memory.c -@@ -35,7 +35,10 @@ void *safemalloc(size_t factor1, size_t factor2, size_t addend) - #ifdef MINEFIELD - p = minefield_c_malloc(size); - #elif defined ALLOCATION_ALIGNMENT -- p = aligned_alloc(ALLOCATION_ALIGNMENT, size); -+ /* aligned_alloc requires the allocation size to be rounded up */ -+ p = aligned_alloc( -+ ALLOCATION_ALIGNMENT, -+ (size + ALLOCATION_ALIGNMENT - 1) & ~(ALLOCATION_ALIGNMENT-1)); - #else - p = malloc(size); - #endif diff --git a/security/putty/files/patch-c72a86272446c0e4fb33c68601563549044b29e6 b/security/putty/files/patch-c72a86272446c0e4fb33c68601563549044b29e6 deleted file mode 100644 index ca26d6758f9d..000000000000 --- a/security/putty/files/patch-c72a86272446c0e4fb33c68601563549044b29e6 +++ /dev/null @@ -1,40 +0,0 @@ -From: Simon Tatham -Date: Thu, 28 Nov 2024 18:30:48 +0000 (+0000) -Subject: Fix a build failure with NO_GSSAPI defined. -X-Git-Url: https://git.tartarus.org/?p=simon%2Fputty.git;a=commitdiff_plain;h=8805cf3d9a1bb39c190345b9820ecefa9cfe801d;hp=c72a86272446c0e4fb33c68601563549044b29e6 - -Fix a build failure with NO_GSSAPI defined. - -The stub no-gss.c still wanted to know the layout of the -ssh_gss_liblist structure, in order to fill it in with nothing. ---- - -diff --git a/ssh/gss.h b/ssh/gss.h -index c819d48b..d11a359f 100644 ---- a/ssh/gss.h -+++ b/ssh/gss.h -@@ -3,6 +3,13 @@ - #include "putty.h" - #include "pgssapi.h" - -+/* This struct is defined even in NO_GSSAPI mode, so that stubs/no-gss.c can -+ * return an instance of it containing no libraries */ -+struct ssh_gss_liblist { -+ struct ssh_gss_library *libraries; -+ int nlibraries; -+}; -+ - #ifndef NO_GSSAPI - - #define SSH2_GSS_OIDTYPE 0x06 -@@ -49,10 +56,6 @@ struct ssh_gss_library; - * The free function cleans up the structure, and its associated - * libraries (if any). - */ --struct ssh_gss_liblist { -- struct ssh_gss_library *libraries; -- int nlibraries; --}; - struct ssh_gss_liblist *ssh_gss_setup(Conf *conf); - void ssh_gss_cleanup(struct ssh_gss_liblist *list); - diff --git a/security/putty/files/patch-f8e1a2b3a934d750aba7c26d182f52d71952c529 b/security/putty/files/patch-f8e1a2b3a934d750aba7c26d182f52d71952c529 deleted file mode 100644 index b2b67f41e4f7..000000000000 --- a/security/putty/files/patch-f8e1a2b3a934d750aba7c26d182f52d71952c529 +++ /dev/null @@ -1,43 +0,0 @@ -From: Simon Tatham -Date: Sat, 14 Dec 2024 11:44:28 +0000 (+0000) -Subject: Fix assertion failure on Restart Session. -X-Git-Url: https://git.tartarus.org/?p=simon%2Fputty.git;a=commitdiff_plain;h=edd5e13ffc976025443e0b9d75888249aa3325a9;hp=f8e1a2b3a934d750aba7c26d182f52d71952c529 - -Fix assertion failure on Restart Session. - -This occurred if the SSH server closed the connection for any -reason (in practice usually a timeout, but reproducible more easily by -manually killing a test server process) while the user was in the -middle of any kind of interactive prompt-based login in the GUI PuTTY -terminal (be it simple password, k-i, private key passphrase, -whatever). - -The problem was that term->userpass_state wasn't cleaned up when the -connection died, and then if you started a fresh SSH session in the -same terminal, the attempt to create a new term->userpass_state would -find there was one already there. - -The simplest place to insert the missing cleanup is the call to -term_provide_backend(), because that's a terminal API function which -is already called to notify the terminal that one backend has gone -away and the next one has turned up. - -(In fact, it's called twice, once to set term->backend to NULL when -the first session closes, and again when the session is restarted. I -see no harm in making the cleanup unconditional, not bothering to tell -the difference between the two cases.) ---- - -diff --git a/terminal/terminal.c b/terminal/terminal.c -index e127ff6e..2db81c9a 100644 ---- a/terminal/terminal.c -+++ b/terminal/terminal.c -@@ -2374,6 +2374,8 @@ void term_resize_request_completed(Terminal *term) - void term_provide_backend(Terminal *term, Backend *backend) - { - term->backend = backend; -+ if (term->userpass_state) -+ term_userpass_state_free(term->userpass_state); - if (term->backend && term->cols > 0 && term->rows > 0) - backend_size(term->backend, term->cols, term->rows); - }