lp:putty

Created by VCS imports on 2008-08-07 and last modified on 2014-10-21
Get this branch:
bzr branch lp:putty

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
VCS imports
Project:
PuTTY
Status:
Development

Import details

Import Status: Failed

This branch is an import of the Subversion branch from svn://svn.tartarus.org/sgt/putty.

The import has been suspended because it failed 5 or more times in succession.

Last successful import was on 2016-09-28.

Import started on 2016-10-02 on pear and finished on 2016-10-02 taking 15 seconds — see the log
Import started on 2016-09-30 on pear and finished on 2016-09-30 taking 20 seconds — see the log
Import started on 2016-09-29 on pear and finished on 2016-09-29 taking 20 seconds — see the log
Import started on 2016-09-29 on pear and finished on 2016-09-29 taking 15 seconds — see the log

Whiteboard

See bug https://bugs.edge.launchpad.net/launchpad-cscvs/+bug/256050 (and weep).
  -- mwhudson, 2008-08-14

Recent revisions

3757. By jacob on 2014-10-21

Cross-reference the description of <email address hidden>
to its bug-compatibility mode.

3756. By simon on 2014-10-01

Turn mkunxarc.sh back into an ordinary sh script.

It became bash-dependent in r9229 because I used a bashism to remove
the 'r' from the front of $SVN_REV, but that's not needed any more.

3755. By simon on 2014-10-01

Add a missing bounds check in the Deflate decompressor.

The symbol alphabet used for encoding ranges of backward distances in
a Deflate compressed block contains 32 symbol values, but two of them
(symbols 30 and 31) have no meaning, and hence it is an encoding error
for them to appear in a compressed block. If a compressed file did so
anyway, this decompressor would index past the end of the distcodes[]
array. Oops.

This is clearly a bug, but I don't believe it's a vulnerability. The
nonsense record we load from distcodes[] in this situation contains an
indeterminate bogus value for 'extrabits' (how many more bits to read
from the input stream to complete the backward distance) and also for
the offset to add to the backward distance after that. But neither of
these can lead to a buffer overflow: if extrabits is so big that
dctx->nbits (which is capped at 32) never exceeds it, then the
decompressor will simply swallow all further data without producing
any output, and otherwise the decompressor will consume _some_ number
of spare bits from the input, work out a backward distance and an
offset in the sliding window which will be utter nonsense and probably
out of bounds, but fortunately will then AND the offset with 0x7FFF at
the last minute, which makes it safe again. So I think the worst that
a malicious compressor can do is to cause the decompressor to generate
strange data, which of course it could do anyway if it wanted to by
sending that same data legally compressed.

3754. By simon on 2014-09-24

Rework versioning system to not depend on Subversion.

I've shifted away from using the SVN revision number as a monotonic
version identifier (replacing it in the Windows version resource with
a count of days since an arbitrary epoch), and I've removed all uses
of SVN keyword expansion (replacing them with version information
written out by Buildscr).

While I'm at it, I've done a major rewrite of the affected code which
centralises all the computation of the assorted version numbers and
strings into Buildscr, so that they're all more or less alongside each
other rather than scattered across multiple source files.

I've also retired the MD5-based manifest file system. A long time ago,
it seemed like a good idea to arrange that binaries of PuTTY would
automatically cease to identify themselves as a particular upstream
version number if any changes were made to the source code, so that if
someone made a local tweak and distributed the result then I wouldn't
get blamed for the results. Since then I've decided the whole idea is
more trouble than it's worth, so now distribution tarballs will have
version information baked in and people can just cope with that.

3753. By jacob on 2014-09-23

Correct man page description of -hostkey to match actual behaviour.

3752. By simon on 2014-09-23

Bodge around the failing Coverity build in winshare.c.

The winegcc hack I use for my Coverity builds is currently using a
version of wincrypt.h that's missing a couple of constants I use.
Ensure they're defined by hand, but (just in case I defined them
_wrong_) also provide a command-line define so I can do that only in
the case of Coverity builds.

3751. By jacob on 2014-09-20

Add some index terms for host key overrides.

3750. By jacob on 2014-09-20

Update transcripts for recent command-line help changes.

3749. By jacob on 2014-09-20

Move -sercfg out of the "SSH only" section of command-line help.

3748. By jacob on 2014-09-20

Update command-line help and man pages for -hostkey.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.

Subscribers