security update to PuTTY 0.73

"This is a SECURITY UPDATE, fixing minor vulnerabilities affecting port
forwarding on Windows; bracketed paste mode in the terminal; and any
use of SSH-1. We recommend that anyone using those features should
update."

net/putty/Makefile

@@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.33 2019/07/20 11:55:25 sthen Exp $
+# $OpenBSD: Makefile,v 1.34 2019/09/30 08:45:39 sthen Exp $
 
 COMMENT-main=	SSH and telnet client
 COMMENT-gui=	PuTTY GUI clients
 
-V=		0.72
+V=		0.73
 DISTNAME=	putty-$V
 PKGNAME-main=	${DISTNAME}
 PKGNAME-gui=	${DISTNAME:S/putty/putty-gui/}

net/putty/distinfo

@@ -1,2 +1,2 @@
-SHA256 (putty-0.72.tar.gz) = 8ja1omsJBYCbPNGQFY6Lldgfhq00/dl6QxLBh38s7F8=
-SIZE (putty-0.72.tar.gz) = 2449516
+SHA256 (putty-0.73.tar.gz) = PbC1QD+0GuzTqlBmETZmUNknZQtus9g5rU3MeCUZ3xw=
+SIZE (putty-0.73.tar.gz) = 2459115

net/putty/patches/patch-unix_uxnoise_c

@@ -1,4 +1,4 @@
-$OpenBSD: patch-unix_uxnoise_c,v 1.5 2019/07/20 11:55:25 sthen Exp $
+$OpenBSD: patch-unix_uxnoise_c,v 1.6 2019/09/30 08:45:39 sthen Exp $
 
 Index: unix/uxnoise.c
 --- unix/uxnoise.c.orig
@@ -12,16 +12,16 @@ Index: unix/uxnoise.c
 -
 -    fd = open("/dev/urandom", O_RDONLY);
 -    if (fd < 0)
--	return false;
+-        return false;
 -
 -    ngot = 0;
 -    while (ngot < len) {
--	ret = read(fd, buf+ngot, len-ngot);
--	if (ret < 0) {
--	    close(fd);
--	    return false;
--	}
--	ngot += ret;
+-        ret = read(fd, buf+ngot, len-ngot);
+-        if (ret < 0) {
+-            close(fd);
+-            return false;
+-        }
+-        ngot += ret;
 -    }
 -
 -    close(fd);
@@ -41,32 +41,32 @@ Index: unix/uxnoise.c
 +    char buf[32];
  
 -    if (read_dev_urandom(buf, 32)) {
--	got_dev_urandom = true;
--	func(buf, 32);
+-        got_dev_urandom = true;
+-        func(buf, 32);
 -    }
 +    if (read_dev_urandom(buf, sizeof(buf)))
-+	func(buf, sizeof(buf));
++        func(buf, sizeof(buf));
  
 -    fp = popen("ps -axu 2>/dev/null", "r");
 -    if (fp) {
--	while ( (ret = fread(buf, 1, sizeof(buf), fp)) > 0)
--	    func(buf, ret);
--	pclose(fp);
+-        while ( (ret = fread(buf, 1, sizeof(buf), fp)) > 0)
+-            func(buf, ret);
+-        pclose(fp);
 -    } else if (!got_dev_urandom) {
--	fprintf(stderr, "popen: %s\n"
--		"Unable to access fallback entropy source\n", strerror(errno));
--	exit(1);
+-        fprintf(stderr, "popen: %s\n"
+-                "Unable to access fallback entropy source\n", strerror(errno));
+-        exit(1);
 -    }
 -
 -    fp = popen("ls -al /tmp 2>/dev/null", "r");
 -    if (fp) {
--	while ( (ret = fread(buf, 1, sizeof(buf), fp)) > 0)
--	    func(buf, ret);
--	pclose(fp);
+-        while ( (ret = fread(buf, 1, sizeof(buf), fp)) > 0)
+-            func(buf, ret);
+-        pclose(fp);
 -    } else if (!got_dev_urandom) {
--	fprintf(stderr, "popen: %s\n"
--		"Unable to access fallback entropy source\n", strerror(errno));
--	exit(1);
+-        fprintf(stderr, "popen: %s\n"
+-                "Unable to access fallback entropy source\n", strerror(errno));
+-        exit(1);
 -    }
 -
      read_random_seed(func);
@@ -83,14 +83,14 @@ Index: unix/uxnoise.c
      struct rusage rusage;
  
 -    if ((fd = open("/proc/meminfo", O_RDONLY)) >= 0) {
--	while ( (ret = read(fd, buf, sizeof(buf))) > 0)
--	    random_add_noise(NOISE_SOURCE_MEMINFO, buf, ret);
--	close(fd);
+-        while ( (ret = read(fd, buf, sizeof(buf))) > 0)
+-            random_add_noise(NOISE_SOURCE_MEMINFO, buf, ret);
+-        close(fd);
 -    }
 -    if ((fd = open("/proc/stat", O_RDONLY)) >= 0) {
--	while ( (ret = read(fd, buf, sizeof(buf))) > 0)
--	    random_add_noise(NOISE_SOURCE_STAT, buf, ret);
--	close(fd);
+-        while ( (ret = read(fd, buf, sizeof(buf))) > 0)
+-            random_add_noise(NOISE_SOURCE_STAT, buf, ret);
+-        close(fd);
 -    }
 +    arc4random_buf(buf, 8);
 +    random_add_noise(NOISE_SOURCE_ARC4RANDOM, buf, sizeof(buf));