lp:debian/squeeze/putty
- Get this branch:
- bzr branch lp:debian/squeeze/putty
Related bugs
Bug #212711: Assertion failure when appending to log file | Undecided | Fix Committed |
Related blueprints
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 13. By Colin Watson
-
* CVE-2011-4607: Passwords were left in memory using SSH
keyboard-interactive auth.
* CVE-2013-4206: Buffer underrun in modmul could corrupt the heap.
* CVE-2013-4852: Negative string length in public-key signatures could
cause integer overflow and overwrite all of memory (closes: #718779).
* CVE-2013-4207: Non-coprime values in DSA signatures can cause buffer
overflow in modular inverse.
* CVE-2013-4208: Private keys were left in memory after being used by
PuTTY tools.
* Backport some general proactive potentially-security- relevant tightening
from upstream. - 12. By Colin Watson
-
* New experimental development snapshot.
- Console utilities send prompts to /dev/tty or failing that stderr, not
to stdout (closes: #422295).
* Upgrade to debhelper v7.
* Move documentation from putty-tools to a new putty-doc package (closes:
#472195).
* Add a watch file.
* Convert to source format 3.0 (quilt). No remaining Debian patches! - 11. By Colin Watson
-
* New experimental development snapshot.
* Moved to bzr.debian.org; add Vcs-Bzr and Vcs-Browser control fields. - 9. By Colin Watson
-
* Rebuild manual pages with halibut 1.0+svn20090906-1, fixing option
markers (see #496063).
* Stop calling dh_desktop, as it's now a no-op thanks to dpkg triggers. - 8. By Colin Watson
-
* New experimental development snapshot.
- Stop attempting to make session logs private on Unix. This was
introduced in r7084 at the same time as sensible permissions when
writing private key files; however, it causes an assertion failure
whenever an attempt is made to append to an existing log file on Unix,
and it's not clear what "is_private" *should* do for append, so revert
to log file security being the user's responsibility (LP: #212711).
- Cope with GTK+ 2.0 encoding keypress strings in the current locale
rather than in ISO-8859-1 (closes: #517535). - 7. By Colin Watson
-
* New experimental development snapshot.
- Uses GTK+ 2.0 (closes: #516641, LP: #271277) and as a result supports
Unicode window titles (LP: #48781).
- Fixes handling of trailing CR in key files (closes: #414784).
* Disabled upstream Kerberos support for now, as it produces unwanted
linkage in pterm and other binaries. - 6. By Colin Watson
-
* Build-depend on x11proto-core-dev rather than x-dev (thanks, Lintian).
* Backport from upstream (r8150, Jacob Nevins; closes: #503186,
LP: #67488):
- Fix for portfwd-addr-family: on Unix, when a tunnel is specified as
"Auto" (rather than IPv4 or IPv6-only; this is the default), try to
open up listening sockets on both address families, rather than
(unhelpfully) just IPv6. (And don't open one if the other can't be
bound, in a nod to CVE-2008-1483.) Based on a patch from Ben A L
Jemmett.
* Avoid problems with the -D_FORTIFY_SOURCE=2 default on Ubuntu by
explicitly ignoring results from a number of calls to read, write, and
fwrite. (This is pretty ham-handed and I've asked upstream whether they
have any better ideas for any of these.) - 5. By Colin Watson
-
* Move putty to Applications/
Network/ Communication menu sub-section.
* Use dh_desktop.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)