PuTTY version 0.49 is released

Simon Tatham anakin@pobox.com
Wed, 28 Jun 2000 11:03:05 +0100

PuTTY version 0.49 has finally been released!

Unfortunately the Alpha build of the 0.49 release is currently
unavailable due to problems with our build machine, but we will put
it out as soon as we can.

The Intel x86 release, and the source code, are available now from
the PuTTY website


A full list of the new features since version 0.48 follows. In
particular, there have been some security fixes, so you are STRONGLY
encouraged to upgrade.

  * Stop the SSH protocol code from sending zero-length
    SSH_CMSG_STDIN_DATA packets when Shift is pressed. These appear
    to be harmless to Unix sshd, but cause VMS sshd to generate an
    Exit signal.
  * Fix a small bug about using special port numbers in pscp; thanks
    to Joris van Rantwijk.
  * Three security improvements. PuTTY now checks the CRC on
    incoming packets, checks that the packet length and string
    length fields on incoming SSH_SMSG_*_DATA packets are
    consistent, and outlaws attempts to set the terminal size too
    big by escape sequences (countering the xterm DoS attack shown
    in bugtraq #1298).
  * High-half characters (160 and above) are now supported in
    username and password input.
  * Bug fix: RSA keys whose storage format used an odd number of
    bytes (i.e. the bit length of the key, mod 16, was between 1 and
    8 inclusive) were being handled incorrectly. An sshd with an
    850-bit server key wasn't able to accept connections from PuTTY
    as a result.
  * pscp now has the "-ls" option to get a directory listing of a
    remote host. It does this by sending the command "ls -la
    <dirspec>", so it might well not work on non-Unix ssh servers.
    It's mainly there to allow a useful directory listing facility
    for potential GUI front ends.
  * Local line discipline is now invoked in more sensible
    circumstances, and understands Telnet Erase Line. Thanks to
    Robert de Bath.
  * Blinking cursor support (off by default). Thanks to Robert de
  * Hopefully vastly improved PuTTY's behaviour under load; also we
    can process incoming data even during a window move/resize.
    Thanks to Robert de Bath.
  * Better handling of the bug in which underlines are drawn outside
    the character cell. Now they don't get drawn at _all_, which is
    still non-ideal but it's better than rampaging screen
    corruption. Thanks to Robert de Bath.
  * Various terminal emulation upgrades. Thanks to Robert de Bath.
  * By popular demand, Shift-Tab now sends ESC [ Z instead of being
    indistinguishable from ordinary Tab.
  * ^C, ^Z and ^D now instruct the local-terminal line discipline to
    send Telnet special control codes. The local line discipline can
    also be enabled and disabled in mid-session without dropping
    data, and it's also linked to the Telnet ECHO option. Patch due
    to Robert de Bath.
  * Telnet SYNCH is now preceded by IAC, which it wasn't previously.
    Patch due to Robert de Bath.
  * Fixed the long-standing bug in which CSI ? Q and CSI Q were
    treated identically for most values of Q. Patch due to Robert de
  * Pressing Return in a Telnet session now sends Telnet NL instead
    of Telnet CR (in raw data, that's CR-LF not CR-NUL; ^J continues
    to send just LF). Unix telnetds should not notice any
    difference; others might suddenly start working. Patch due to
    Robert de Bath.
  * Much patchery in font selection code; with any luck, mixed
    OEM+ANSI line drawing mode will now be more reliable. Patch due
    to Robert de Bath.
  * An attempt has been made to deal with the dropping of incoming
    data between decoding and display.
  * Replaced all the algorithms that weren't already my own code.
    The DES, MD5, SHA, and CRC32 implementations used in PuTTY are
    now all written by me and distributable under the PuTTY licence,
    instead of being borrowed from a variety of other places. Better
    still, there are comments: the DES implementation contains a
    careful description of how the algorithm given in the spec was
    transformed into the optimised algorithm in the code, and the
    CRC32 implementation explains what a CRC is and how the table
    lookup algorithm works.
  * Scrollback behaviour has changed. ANSI Delete Line at the top of
    the screen now inserts the lines into the scrollback
    (previously, only genuine scroll-up would do this). However, the
    scrollback is never touched by scroll operations in the
    alternate screen.
  * The response to Ctrl-E is now "PuTTY" instead of the xtermalike
    sequence it was previously.
  * The command line option -log will now cause all data received
    from the remote host to be logged to a file putty.log.
  * PSCP now doesn't try to "recurse" into the directories . and ..
    like it did before.
  * Add keyboard accelerators on the System menu.
  * "Warn On Close" no longer applies to inactive windows: you can
    close one of those without complaint.
  * There is now a system to generate Borland and Cygnus makefiles
    from the master makefile, so that people can build PuTTY with
    other compilers but I still only have to maintain one makefile.

Simon Tatham         "Time and tide wait for no man,
<anakin@pobox.com>    but everybody waits for women."