diff --git a/net/putty/Makefile b/net/putty/Makefile index 560df0842e2..8e9df873155 100644 --- a/net/putty/Makefile +++ b/net/putty/Makefile @@ -1,8 +1,7 @@ COMMENT-main= SSH and telnet client COMMENT-gui= PuTTY GUI clients -V= 0.83 -REVISION= 1 +V= 0.84 DISTNAME= putty-$V PKGNAME-main= ${DISTNAME} PKGNAME-gui= ${DISTNAME:S/putty/putty-gui/} @@ -17,9 +16,9 @@ PERMIT_PACKAGE= Yes WANTLIB += c m WANTLIB-gui += ${WANTLIB} -WANTLIB-gui += ICE SM X11 Xext atk-1.0 cairo cairo-gobject gdk-3 -WANTLIB-gui += gdk_pixbuf-2.0 gio-2.0 glib-2.0 gobject-2.0 gtk-3 -WANTLIB-gui += harfbuzz intl pango-1.0 pangocairo-1.0 +WANTLIB-gui += ICE SM X11 Xext Xrender atk-1.0 cairo cairo-gobject +WANTLIB-gui += gdk_pixbuf-2.0 gdk-3 gio-2.0 glib-2.0 gobject-2.0 +WANTLIB-gui += gtk-3 harfbuzz intl pango-1.0 pangocairo-1.0 MODULES= devel/cmake diff --git a/net/putty/distinfo b/net/putty/distinfo index ef2227da9df..4ce9c42545c 100644 --- a/net/putty/distinfo +++ b/net/putty/distinfo @@ -1,2 +1,2 @@ -SHA256 (putty-0.83.tar.gz) = cYd3wT1j0N/5H+AxYrwqBbTfyLCCdjTNYLUc79/2McY= -SIZE (putty-0.83.tar.gz) = 3007178 +SHA256 (putty-0.84.tar.gz) = BgV4Yq4Zjx29IZ0MdJMIDVn2BhlLtQVsVJ40KqAbaf4= +SIZE (putty-0.84.tar.gz) = 3005843 diff --git a/net/putty/patches/patch-arm-enable_dit-sigill b/net/putty/patches/patch-arm-enable_dit-sigill deleted file mode 100644 index a119c3bdbb8..00000000000 --- a/net/putty/patches/patch-arm-enable_dit-sigill +++ /dev/null @@ -1,83 +0,0 @@ -From 965057d6d6c9de9fcf506c75b0a2fad22988c72b Mon Sep 17 00:00:00 2001 -From: Simon Tatham -Date: Sat, 15 Feb 2025 15:57:53 +0000 -Subject: [PATCH] Change strategy for the Arm instruction setting DIT. - -Colin Watson reported that a build failure occurred in the AArch64 -Debian build of PuTTY 0.83: - -gcc now defaults to enabling branch protection using AArch64 pointer -authentication, if the target architecture version supports it. -Debian's base supported architecture does not, but Armv8.4-A does. So -when I changed the compile flags for enable_dit.c to add --march=armv8.4-a, it didn't _just_ allow me to write the 'msr dit, %0' -instruction in my asm statement; it also unexpectedly turned on -pointer authentication in the containing function, which caused a -SIGILL when running on a pre-Armv8.4-A CPU, because although the code -correctly skipped the instruction that set DIT, it was already inside -enable_dit() at that point and couldn't avoid going through the -unsupported 'retaa' instruction which tries to check an auth code on -the return address. - -An obvious approach would be to add -mbranch-protection=none to the -compile flags for enable_dit.c. Another approach is to leave the -_compiler_ flags alone, and change the architecture in the assembler, -either via a fiddly -Wa,... option or by putting a .arch directive -inside the asm statement. But both have downsides. Turning off branch -protection is fine for the Debian build, but has the unwanted side -effect of turning it off (in that one function) even in builds -targeting a later architecture which _did_ want branch protection. And -changing the assembler's architecture risks changing it _down_ instead -of up, again perhaps invalidating other instructions generated by the -compiler (like if some later security feature is introduced that gcc -also wants to turn on by default). - -So instead I've taken the much simpler approach of not bothering to -change the target architecture at all, and instead generating the move -into DIT by hardcoding its actual instruction encoding. This meant I -also had to force the input value into a specific register, but I -don't think that does any harm (not _even_ wasting an extra -instruction in codegen). Now we should avoid interfering with any -security features the compiler wants to turn on or off: all of that -should be independent of the instruction I really wanted. ---- - crypto/CMakeLists.txt | 11 +++++++++-- - crypto/enable_dit.c | 6 +++++- - 2 files changed, 14 insertions(+), 3 deletions(-) - -diff -ru ../putty-0.83.orig/crypto/CMakeLists.txt ./crypto/CMakeLists.txt ---- ../putty-0.83.orig/crypto/CMakeLists.txt Sat Feb 1 22:20:18 2025 -+++ ./crypto/CMakeLists.txt Mon Mar 17 09:41:58 2025 -@@ -237,9 +237,16 @@ - endif() - - test_compile_with_flags(HAVE_ARM_DIT -- GNU_FLAGS -march=armv8.4-a - TEST_SOURCE " -- int main(void) { asm volatile(\"msr dit, %0\" :: \"r\"(1)); }" -+ #ifndef __aarch64__ -+ #error make sure this only even tries to work on AArch64 -+ #endif -+ #include -+ int main(void) { -+ register uint64_t one asm(\"x8\"); -+ one = 1; -+ asm volatile(\".inst 0xd51b42a8\" :: \"r\"(one)); -+ }" - ADD_SOURCES_IF_SUCCESSFUL enable_dit.c) - - set(HAVE_AES_NI ${HAVE_AES_NI} PARENT_SCOPE) -diff -ru ../putty-0.83.orig/crypto/enable_dit.c ./crypto/enable_dit.c ---- ../putty-0.83.orig/crypto/enable_dit.c Sat Feb 1 22:20:18 2025 -+++ ./crypto/enable_dit.c Mon Mar 17 09:41:58 2025 -@@ -20,5 +20,9 @@ - { - if (!platform_dit_available()) - return; -- asm volatile("msr dit, %0" :: "r"(1)); -+ register uint64_t one asm("x8"); -+ one = 1; -+ // This is the binary encoding of "msr dit, x8". You can check via, e.g., -+ // echo "msr dit,x8" | llvm-mc -triple aarch64 -mattr=+dit -show-encoding -+ asm volatile(".inst 0xd51b42a8" :: "r"(one)); - } diff --git a/net/putty/patches/patch-putty_h b/net/putty/patches/patch-putty_h index c0cf837f3a1..f8af7fb8dc6 100644 --- a/net/putty/patches/patch-putty_h +++ b/net/putty/patches/patch-putty_h @@ -1,7 +1,7 @@ Index: putty.h --- putty.h.orig +++ putty.h -@@ -1987,6 +1987,7 @@ typedef enum NoiseSourceId { +@@ -1954,6 +1954,7 @@ typedef enum NoiseSourceId { NOISE_SOURCE_THREADTIME, NOISE_SOURCE_PROCTIME, NOISE_SOURCE_PERFCOUNT, diff --git a/net/putty/patches/patch-unix_utils_subprocess_waiter_c b/net/putty/patches/patch-unix_utils_subprocess_waiter_c new file mode 100644 index 00000000000..c7147ddf9cb --- /dev/null +++ b/net/putty/patches/patch-unix_utils_subprocess_waiter_c @@ -0,0 +1,14 @@ +Index: unix/utils/subprocess_waiter.c +--- unix/utils/subprocess_waiter.c.orig ++++ unix/utils/subprocess_waiter.c +@@ -8,8 +8,9 @@ + #include "putty.h" + #include "tree234.h" + +-#include + #include ++#include ++#include + + struct SubprocessWaiter { + pid_t pid;