Accepting request 186142 from home:AndreasStieger:branches:X11:Utilities

update to 0.63 [bnc#833567] CVE-2013-4852

OBS-URL: https://build.opensuse.org/request/show/186142
OBS-URL: https://build.opensuse.org/package/show/X11:Utilities/putty?expand=0&rev=8

putty.changes

@@ -1,3 +1,59 @@
+-------------------------------------------------------------------
+Tue Aug  6 19:09:06 UTC 2013 - andreas.stieger@gmx.de
+
+- update to 0.63
+  * Security fix: prevent a nefarious SSH server or network attacker
+    from crashing PuTTY at startup in three different ways by 
+    presenting a maliciously constructed public key and signature.
+    [bnc#833567] CVE-2013-4852
+  * Security fix: PuTTY no longer retains the private half of users' 
+    keys in memory by mistake after authenticating with them.
+  * Revamped the internal configuration storage system to remove all 
+    fixed arbitrary limits on string lengths. In particular, there 
+    should now no longer be an unreasonably small limit on the number 
+    of port forwardings PuTTY can store.
+  * Port-forwarded TCP connections which close one direction before the
+    other should now be reliably supported, with EOF propagated 
+    independently in the two directions. This also fixes some instances 
+    of port-forwarding data corruption (if the corruption consisted of
+    losing data from the very end of the connection) and some instances
+    of PuTTY failing to close when the session is over (because it 
+    wrongly thought a forwarding channel was still active when it was 
+    not).
+  * The terminal emulation now supports xterm's bracketed paste mode 
+    (allowing aware applications to tell the difference between typed
+    and pasted text, so that e.g. editors need not apply inappropriate
+    auto-indent).
+  * You can now choose to display bold text by both brightening the 
+    foreground colour and changing the font, not just one or the other.
+  * PuTTYgen will now never generate a 2047-bit key when asked for 2048 
+    (or more generally n−1 bits when asked for n).
+  * Some updates to default settings: PuTTYgen now generates 2048-bit 
+    keys by default (rather than 1024), and PuTTY defaults to UTF-8 
+    encoding and 2000 lines of scrollback (rather than ISO 8859-1 and
+    200).
+  * Unix: PSCP and PSFTP now preserve the Unix file permissions, on 
+    copies in both directions.
+  * Unix: dead keys and compose-character sequences are now supported.
+  * Unix: PuTTY and pterm now permit font fallback (where glyphs not 
+    present in your selected font are automatically filled in from other 
+    fonts on the system) even if you are using a server-side X11 font 
+    rather than a Pango client-side one.
+  * Bug fixes too numerous to list, mostly resulting from running the 
+    code through Coverity Scan which spotted an assortment of memory
+    and resource leaks, logic errors, and crashes in various circumstances. 
+- packaging changes:
+  * run make from base directory
+  * run tests
+  * remove putty-01-werror.diff
+  * remove putty-02-remove-gtk1.diff
+  * refresh putty-03-config.diff
+  * remove putty-05-glib-deprecated.diff
+  * remove putty-06-gtk2-indivhdr.diff
+  * remove autoconf calls and requirements
+  * package HTML documentation
+  * package LICENCE file
+
 -------------------------------------------------------------------
 Sun Dec 11 14:04:30 UTC 2011 - andreas.stieger@gmx.de