PuTTY 0.75 is released

Simon Tatham anakin at pobox.com
Sat May 8 09:56:54 BST 2021


PuTTY version 0.75 is released
------------------------------

All the pre-built binaries, and the source code, are now available
from the PuTTY website at

    https://www.chiark.greenend.org.uk/~sgtatham/putty/

This release includes major new features, but it also includes a minor
security fix for Windows PuTTY. We urge Windows users to update.

This release fixes the following security issue:

 - On Windows, if a server sent control sequences at high speed to
   reconfigure the terminal window title repeatedly, PuTTY would pass
   on all those title changes to Windows itself at high enough speed
   to make the window system unresponsive, resulting in a denial of
   service to other local applications.

   (You can also work around this by turning off the remote window
   title changing feature.)

New features in this release include:

 - Pageant now permits you to load an SSH-2 private key file without
   giving the passphrase immediately. If you do, the key will remain
   in Pageant's memory in encrypted form, and Pageant will prompt for
   the passphrase the first time you try to use the key. After that it
   will behave like a normal key held in Pageant, unless you use the
   're-encrypt' option to return it to a state in which Pageant will
   ask for the passphrase again.

 - SSH-2 key fingerprints are now displayed by default in the OpenSSH
   format of base64-encoded SHA-256. (The historic MD5 format is still
   provided as an alternative.)

 - PuTTY's format for private key files has been updated. The new
   format, PPK3, does not depend on SHA-1, and also, it uses the
   Argon2 password hash function to make it more difficult for an
   encrypted key file stolen by an attacker to be brute-forced.

 - Additional cryptographic algorithms in SSH. We now support Curve448
   key exchange, Ed448 public keys, and the modern variants of RSA
   that use SHA-2 instead of SHA-1.

 - PuTTYgen now has more options for generating the primes used in RSA
   and DSA keys. It can generate them in such a way as to be _sure_
   they're prime (instead of the usual probabilistic approach), and it
   can generate 'strong' primes for RSA, which some standards require.

 - Terminal emulator: the control sequence ESC [ 9 m, to display text
   with strikethrough, is now supported.

 - The Unix version of the tools can now make their primary network
   connection to a Unix-domain socket in place of a TCP/IP endpoint.

 - PuTTY supports a new cleartext protocol containing just the
   innermost core of SSH, and the Unix distribution contains a server
   for it. Useful for talking over IPC channels like pipes to
   different environments on the same machine (like containers,
   separate network namespaces etc), with all the SSH amenities like
   port forwarding and file transfer, and no need to manage fake host
   keys and pointless passwords.

 - For retro-computing enthusiasts: the 1970s login protocol SUPDUP
   (RFC 734) is now supported, alongside Telnet and Rlogin.

Bug fixes in this release include:

 - When run without any saved sessions present, PSCP accidentally
   tried to connect to port 0 in place of port 22.

 - When exporting Ed25519 private keys in OpenSSH format, PuTTYgen
   wrote out about 1/256 of all keys in an unreadable state.

 - Terminal scrollback was sometimes corrupted so that it did not
   match the text that had been on the screen before the scroll.

 - The terminal was unable to display Unicode characters in the range
   U+F000 to U+F1FF (part of the private-use area).

 - In some edge cases of Windows maximise-by-dragging operations,
   PuTTY would fail to recalculate the thickness of its window border,
   and display text partly off the edge of its window.

 - When dragging Windows PuTTY between two monitors with different DPI
   settings, the window did not resize itself appropriately.

 - When using the test operation 'plink -shareexists' to see if a
   connection-sharing PuTTY was already open for a host, the upstream
   PuTTY could accidentally terminate if 'plink -shareexists' happened
   at just the wrong moment.

Enjoy using PuTTY!

Cheers,
Simon

-- 
import hashlib; print((lambda p,q,g,y,r,s,m: (lambda w:(pow(g,int(hashlib.sha1(
m.encode('ascii')).hexdigest(),16)*w%q,p)*pow(y,r*w%q,p)%p)%q)(pow(s,q-2,q))==r
and m)(0xb80b5dacabab6145,0xf70027d345023,0x7643bc4018957897,0x11c2e5d9951130c9
,0xa54d9cbe4e8ab,0x746c50eaa1910,      "Simon Tatham <anakin at pobox.com>"     ))



More information about the PuTTY-announce mailing list