Author: Colin Watson
Revision Date: 2015-08-23 18:47:52 UTC

* Backport from upstream:
  - Performance: cache character widths returned from Pango (closes:
    #792258).

Author: Colin Watson
Revision Date: 2015-08-23 18:47:52 UTC

* Backport from upstream:
  - Performance: cache character widths returned from Pango (closes:
    #792258).

Author: Thomas Ward
Revision Date: 2015-06-22 14:12:25 UTC

* SECURITY UPDATE: PuTTY did not properly wipe SSH-2 Private Keys from
  system memory, which can allow local users to obtain sensitive information
  by reading the memory. (LP: #1467631)
  - debian/patches/private-key-not-wiped-2.patch: Add in fix patch from
    Debian 0.63-10 packaging. Thanks to Patrick Coleman for the original
    patch.
  - CVE-2015-2157

Author: Thomas Ward
Revision Date: 2015-06-22 14:07:28 UTC

* SECURITY UPDATE: PuTTY did not properly wipe SSH-2 Private Keys from
  system memory, which can allow local users to obtain sensitive information
  by reading the memory. (LP: #1467631)
  - debian/patches/private-key-not-wiped-2.patch: Add in fix patch from
    Debian 0.63-10 packaging. Thanks to Patrick Coleman for the original
    patch.
  - CVE-2015-2157

Author: Thomas Ward
Revision Date: 2015-06-22 14:12:25 UTC

* SECURITY UPDATE: PuTTY did not properly wipe SSH-2 Private Keys from
  system memory, which can allow local users to obtain sensitive information
  by reading the memory. (LP: #1467631)
  - debian/patches/private-key-not-wiped-2.patch: Add in fix patch from
    Debian 0.63-10 packaging. Thanks to Patrick Coleman for the original
    patch.
  - CVE-2015-2157

Author: Thomas Ward
Revision Date: 2015-06-22 14:07:28 UTC

* SECURITY UPDATE: PuTTY did not properly wipe SSH-2 Private Keys from
  system memory, which can allow local users to obtain sensitive information
  by reading the memory. (LP: #1467631)
  - debian/patches/private-key-not-wiped-2.patch: Add in fix patch from
    Debian 0.63-10 packaging. Thanks to Patrick Coleman for the original
    patch.
  - CVE-2015-2157

Author: Colin Watson
Revision Date: 2015-03-01 12:59:15 UTC

* Backport from upstream:
  - Make kh2reg.py compatible with modern Python.
  - MATTA-2015-002: Enforce acceptable range for Diffie-Hellman server
    value.
  - Fix an erroneous length field in SSH-1 key load.
  - CVE-2015-2157: Fix failure to clear sensitive private key information
    from memory (closes: #779488).

Author: Colin Watson
Revision Date: 2015-03-01 12:59:15 UTC

* Backport from upstream:
  - Make kh2reg.py compatible with modern Python.
  - MATTA-2015-002: Enforce acceptable range for Diffie-Hellman server
    value.
  - Fix an erroneous length field in SSH-1 key load.
  - CVE-2015-2157: Fix failure to clear sensitive private key information
    from memory (closes: #779488).

Author: Colin Watson
Revision Date: 2014-10-12 20:47:42 UTC

* Backport from upstream (Simon Tatham), suggested by Jacob Nevins:
  - Fix incorrect handling of saved sessions with a dynamic SOCKS tunnel
    bound to a specific protocol (IPv4 or IPv6).

Author: Colin Watson
Revision Date: 2014-10-12 20:47:42 UTC

* Backport from upstream (Simon Tatham), suggested by Jacob Nevins:
  - Fix incorrect handling of saved sessions with a dynamic SOCKS tunnel
    bound to a specific protocol (IPv4 or IPv6).

Author: Colin Watson
Revision Date: 2014-04-08 12:19:08 UTC

* Backport from upstream (Simon Tatham):
  - Fix assertion failure in Unix PuTTYgen exports (LP: #1289176).

Author: Colin Watson
Revision Date: 2014-04-08 12:19:08 UTC

* Backport from upstream (Simon Tatham):
  - Fix assertion failure in Unix PuTTYgen exports (LP: #1289176).

Author: Colin Watson
Revision Date: 2013-08-07 11:50:45 UTC

* CVE-2013-4206: Buffer underrun in modmul could corrupt the heap.
* CVE-2013-4852: Negative string length in public-key signatures could
  cause integer overflow and overwrite all of memory (closes: #718779).
* CVE-2013-4207: Non-coprime values in DSA signatures can cause buffer
  overflow in modular inverse.
* CVE-2013-4208: Private keys were left in memory after being used by
  PuTTY tools.
* Backport some general proactive potentially-security-relevant tightening
  from upstream.

Author: Colin Watson
Revision Date: 2013-08-07 11:48:47 UTC

* CVE-2013-4206: Buffer underrun in modmul could corrupt the heap.
* CVE-2013-4852: Negative string length in public-key signatures could
  cause integer overflow and overwrite all of memory (closes: #718779).
* CVE-2013-4207: Non-coprime values in DSA signatures can cause buffer
  overflow in modular inverse.
* CVE-2013-4208: Private keys were left in memory after being used by
  PuTTY tools.
* Backport some general proactive potentially-security-relevant tightening
  from upstream.

Author: Colin Watson
Revision Date: 2013-08-07 11:44:22 UTC

* CVE-2013-4206: Buffer underrun in modmul could corrupt the heap.
* CVE-2013-4852: Negative string length in public-key signatures could
  cause integer overflow and overwrite all of memory (closes: #718779).
* CVE-2013-4207: Non-coprime values in DSA signatures can cause buffer
  overflow in modular inverse.
* CVE-2013-4208: Private keys were left in memory after being used by
  PuTTY tools.
* Backport some general proactive potentially-security-relevant tightening
  from upstream.

Author: Colin Watson
Revision Date: 2013-08-07 11:50:45 UTC

* CVE-2013-4206: Buffer underrun in modmul could corrupt the heap.
* CVE-2013-4852: Negative string length in public-key signatures could
  cause integer overflow and overwrite all of memory (closes: #718779).
* CVE-2013-4207: Non-coprime values in DSA signatures can cause buffer
  overflow in modular inverse.
* CVE-2013-4208: Private keys were left in memory after being used by
  PuTTY tools.
* Backport some general proactive potentially-security-relevant tightening
  from upstream.

Author: Colin Watson
Revision Date: 2013-08-07 11:48:47 UTC

* CVE-2013-4206: Buffer underrun in modmul could corrupt the heap.
* CVE-2013-4852: Negative string length in public-key signatures could
  cause integer overflow and overwrite all of memory (closes: #718779).
* CVE-2013-4207: Non-coprime values in DSA signatures can cause buffer
  overflow in modular inverse.
* CVE-2013-4208: Private keys were left in memory after being used by
  PuTTY tools.
* Backport some general proactive potentially-security-relevant tightening
  from upstream.

Author: Colin Watson
Revision Date: 2013-08-07 11:44:22 UTC

* CVE-2013-4206: Buffer underrun in modmul could corrupt the heap.
* CVE-2013-4852: Negative string length in public-key signatures could
  cause integer overflow and overwrite all of memory (closes: #718779).
* CVE-2013-4207: Non-coprime values in DSA signatures can cause buffer
  overflow in modular inverse.
* CVE-2013-4208: Private keys were left in memory after being used by
  PuTTY tools.
* Backport some general proactive potentially-security-relevant tightening
  from upstream.

Author: Colin Watson
Revision Date: 2013-08-07 04:00:18 UTC

* New upstream release.
  - CVE-2013-4206: Buffer underrun in modmul could corrupt the heap.
  - CVE-2013-4852: Negative string length in public-key signatures could
    cause integer overflow and overwrite all of memory (closes: #718779).
  - CVE-2013-4207: Non-coprime values in DSA signatures can cause buffer
    overflow in modular inverse.
  - CVE-2013-4208: Private keys were left in memory after being used by
    PuTTY tools.
  - Allow using a bold colour and a bold font at the same time (closes:
    #193352).
  - Use a monotonic clock (closes: #308552).
* Switch to the Autotools-based build system.
* Upgrade to debhelper v9.

Author: Colin Watson
Revision Date: 2013-08-07 04:00:18 UTC

* New upstream release.
  - CVE-2013-4206: Buffer underrun in modmul could corrupt the heap.
  - CVE-2013-4852: Negative string length in public-key signatures could
    cause integer overflow and overwrite all of memory (closes: #718779).
  - CVE-2013-4207: Non-coprime values in DSA signatures can cause buffer
    overflow in modular inverse.
  - CVE-2013-4208: Private keys were left in memory after being used by
    PuTTY tools.
  - Allow using a bold colour and a bold font at the same time (closes:
    #193352).
  - Use a monotonic clock (closes: #308552).
* Switch to the Autotools-based build system.
* Upgrade to debhelper v9.

Author: Colin Watson
Revision Date: 2013-02-25 20:36:40 UTC

* Backport from upstream (Simon Tatham, closes: #701425):
  - Check the return values of setuid and friends.
  - Remove the half-hearted attempt to make the utmp helper process drop
    privileges just before dying of a fatal signal.

Author: Colin Watson
Revision Date: 2013-02-25 20:36:40 UTC

* Backport from upstream (Simon Tatham, closes: #701425):
  - Check the return values of setuid and friends.
  - Remove the half-hearted attempt to make the utmp helper process drop
    privileges just before dying of a fatal signal.

Author: Colin Watson
Revision Date: 2012-08-23 12:58:52 UTC

* Backport from upstream (Simon Tatham):
  - Fix handling of non-default numeric keypad modes when Num Lock is on
    (closes: #680261).

Author: Colin Watson
Revision Date: 2012-03-04 16:09:28 UTC

* Backport from upstream (Simon Tatham, Jacob Nevins):
  - Generate keys more carefully, so that when the user asks for an n-bit
    key they always get an n-bit number instead of n-1. The latter was
    perfectly harmless but kept confusing users (closes: #661152).

Author: Colin Watson
Revision Date: 2011-07-13 15:26:33 UTC

* New upstream release.
* Update Vcs-* fields for Alioth changes.

Author: Colin Watson
Revision Date: 2010-12-08 17:54:50 UTC

* New experimental development snapshot.
  - Add more possible baud rates to the Unix serial backend (closes:
    #606328).
* Add ${misc:Depends}.
* Remove deprecated Encoding keys from desktop files.
* Remove deprecated Application categories from desktop files.
* Build with GSSAPI support (using run-time library binding).

Author: Colin Watson
Revision Date: 2010-02-22 01:01:22 UTC

* New experimental development snapshot.
  - Console utilities send prompts to /dev/tty or failing that stderr, not
    to stdout (closes: #422295).
* Upgrade to debhelper v7.
* Move documentation from putty-tools to a new putty-doc package (closes:
  #472195).
* Add a watch file.
* Convert to source format 3.0 (quilt). No remaining Debian patches!

Author: Colin Watson
Revision Date: 2010-01-01 14:50:45 UTC

* New experimental development snapshot.
* Moved to bzr.debian.org; add Vcs-Bzr and Vcs-Browser control fields.

Author: Colin Watson
Revision Date: 2009-09-07 01:22:17 UTC

* Rebuild manual pages with halibut 1.0+svn20090906-1, fixing option
  markers (see #496063).
* Stop calling dh_desktop, as it's now a no-op thanks to dpkg triggers.

Author: Colin Watson
Revision Date: 2008-11-16 22:06:59 UTC

* Build-depend on x11proto-core-dev rather than x-dev (thanks, Lintian).
* Backport from upstream (r8150, Jacob Nevins; closes: #503186,
  LP: #67488):
  - Fix for portfwd-addr-family: on Unix, when a tunnel is specified as
    "Auto" (rather than IPv4 or IPv6-only; this is the default), try to
    open up listening sockets on both address families, rather than
    (unhelpfully) just IPv6. (And don't open one if the other can't be
    bound, in a nod to CVE-2008-1483.) Based on a patch from Ben A L
    Jemmett.
* Avoid problems with the -D_FORTIFY_SOURCE=2 default on Ubuntu by
  explicitly ignoring results from a number of calls to read, write, and
  fwrite. (This is pretty ham-handed and I've asked upstream whether they
  have any better ideas for any of these.)

Author: Colin Watson
Revision Date: 2008-05-28 09:28:32 UTC

* Move putty to Applications/Network/Communication menu sub-section.
* Use dh_desktop.

Author: Michael Bienia
Revision Date: 2007-11-23 21:35:24 UTC

Rebuild for libglib1.2 -> libglib1.2ldbl transition.

Author: Colin Watson
Revision Date: 2007-05-10 10:30:25 UTC

* New upstream release (closes: #422935).
  - Pressing Ctrl+Break now sends a serial break signal in the serial back
    end, and in the SSH and Telnet backends it asks the server to do the
    same (if the server supports it). The previous Ctrl+Break behaviour
    can still be triggered with Ctrl-C.
  - You can now store a host name in the Default Settings.
  - In 0.59, it was possible to lock yourself out of the configuration
    dialog by configuring a serial connection in Default Settings. This
    should no longer be possible.
  - We've had reports of the error message `Unable to read from standard
    input' in Plink 0.59. We've found and fixed one cause of this message,
    and added better diagnostics in case there are others.
  - 0.59 could emit malformed SSH-2 packets that upset some servers (such
    as Foundry routers). Fixed.

Author: Colin Watson
Revision Date: 2007-01-30 12:53:24 UTC

Build-depend on imagemagick for icon generation.

Author: Colin Watson
Revision Date: 2006-04-15 10:52:28 UTC

* Add desktop files for putty and pterm (thanks, Barry deFreese via
  Ubuntu; closes:
  https://launchpad.net/distros/ubuntu/+source/putty/+bug/29716).
* Fix display timeouts on 64-bit systems (thanks, Peter Maydell;
  closes: #336390).

Author: Colin Watson
Revision Date: 2006-04-15 10:52:28 UTC

* Add desktop files for putty and pterm (thanks, Barry deFreese via
  Ubuntu; closes:
  https://launchpad.net/distros/ubuntu/+source/putty/+bug/29716).
* Fix display timeouts on 64-bit systems (thanks, Peter Maydell;
  closes: #336390).

Author: Colin Watson
Revision Date: 2005-07-15 11:52:10 UTC

Dynamically allocate memory passed to putenv() in pty_init() and don't
free it, otherwise TERM ends up unset.

Author: Colin Watson
Revision Date: 2005-02-20 22:49:28 UTC

* New upstream release, fixing pscp/psftp security holes exploitable by a
  malicious server after host key verification (closes: #296144).
  - [SECURITY] Fix heap corruption vulnerability in handling of response
    to SFTP FXP_READDIR request.
  - [SECURITY] Fix heap corruption vulnerability in handling of SFTP
    string fields.

Author: Colin Watson
Revision Date: 2004-02-27 02:39:26 UTC

* Upstream man page fixes:
  - putty(1): Remove claim that there's no Unix puttygen.
  - plink(1): Tart up, fix outright lies, mention web docs.
  - Add (probably frustratingly) bare-bones man pages for pscp and psftp.
* debian/pterm.menu, debian/putty.menu: Quote 'needs' and 'section'
  arguments.
* Policy version 3.5.9: no changes required. Deferring 3.5.10 and above
  until I've looked into 'x-terminal-emulator -e' compatibility.