* All the PuTTY tools for Windows and Unix now contain the fingerprints of
the Master Keys. The method for accessing them is crude but universal:
a new "-pgpfp" command-line option. (Except Unix PuTTYgen, which takes
"--pgpfp" just to be awkward.)
* Move the key policy discussion from putty-website/keys.html to
putty/doc/pgpkeys.but, and autogenerate the former from the latter.
Also tweak the text somewhat and include the fingerprints of the
Master Keys themselves.
(I've merged the existing autogeneration scripts into a single new
one; I've left the old scripts and keys.html around until such time
as the webmonster reviews the changes and plumbs in the new script;
he should remove the old files then.)
[originally from svn r5524]
[this svn revision also touched putty-website]
discussed. Use Barrett and Silverman's convention of "SSH-1" for SSH protocol
version 1 and "SSH-2" for protocol 2 ("SSH1"/"SSH2" refer to ssh.com
implementations in this scheme). <http://www.snailbook.com/terms.html>
[originally from svn r5480]
connection_fatal(), since the latter is entitled to destroy the
backend so `ssh' may no longer be valid once it returns.
For the Unix port, switch exit(0) to gtk_main_quit() in
notify_remote_exit(), so that we don't exit before the subsequent
connection_fatal()!
[originally from svn r5445]
This was harder than verify_ssh_host_key() and askalg() put
together, because:
(a) askappend() can be called at any time, since it's a side effect
of data-logging functions. Therefore there can be an unfinished
askappend() alert at any time, and hence the OS X front end has
to be prepared to _queue_ other alerts which occur during that
time.
(b) logging.c has to do something with data that comes in while
it's waiting for an answer to askappend(). It buffers it until
it knows what the user wants done with it. This involved
something of a reorganisation of logging.c.
[originally from svn r5344]
now returns an integer: 0 means cancel the SSH connection and 1
means continue with it. Additionally, they can return -1, which
means `front end has set an asynchronous alert box in motion, please
wait to be called back with the result', and each one is passed a
callback function pointer and context for this purpose.
I have not yet done the same to askappend() yet, because it will
take a certain amount of reorganisation of logging.c.
Importantly, this checkin means the host key dialog box now works on
OS X.
[originally from svn r5330]
changing its mouse pointer. Currently this is only used in the (slightly-
arbitrarily-defined) "heavy" bits of SSH-2 key exchange. We override pointer
hiding while PuTTY is busy, but preserve pointer-hiding state.
Not yet implemented on the Mac.
Also switch to frobbing window-class cursor in Windows rather than relying on
SetCursor().
[originally from svn r5303]
structure, in preparation for wanting more than one of them in a
single process. This can't be done cleanly, because the whole
business with pty_pre_init pre-allocating the pty rather assumes we
want a known number of the things before we drop privileges; so
there's a horrid hack to make pty_pre_init work on platforms that
have at most one pty instance per process, but at the same time
things ought to work sensibly with more than one per process _if_
pty_pre_init isn't required.
[originally from svn r5261]
/dev/ptyXX we can open: we must also check that we can open and use
the corresponding /dev/ttyXX, because if it's been left in the wrong
mode then we will look terribly silly when we fork and _then_
discover our pty is unusable.
[originally from svn r5257]
* Make sk_getxdmdata() return an arbitrary string rather than two integers.
This better matches the spec, even if the current version always returns
six bytes
* On Unix, for PF_UNIX sockets, return a counter rather than a constant along
with the PID. This should allow multiple clients to connect within one
second, and is what Xlib does.
* On Unix, interpret AF_INET6 addresses like Xlib does, returning the
embedded IPv4 address for v4-mapped addresses, and six bytes of zeroes
otherwise. The latter is silly, but if I'm going to do anything more sane
I need to check that X servers won't reject it.
[originally from svn r5219]
latter in terms of the former. Also adjust the definition of
ipv4_is_loopback() to avoid using the non-standard inet_netof() and
IN_LOOPBACKNET, and move it next to its remaining uses.
[originally from svn r5215]
connection. Instead, correctly check IPv4 and IPv6 connections, assume that
AF_LOCAL is always local, and anything else is always remote.
This makes trivial local-to-remote forwarding work on my system.
[originally from svn r5180]
means that we send literal CRs and let the remote pty layer work out what to
do with them, so that if it wants raw mode it can have it.
[originally from svn r5114]
Fixes crashes when time() returns (time_t)-1 on Windows by using the
Win32 GetLocalTime() function. (The Unix implementation still just
uses time() and localtime().)
[originally from svn r5086]
of polishing to bring them to what I think should in principle be
release quality. Unlike the unfix.org patches themselves, this
checkin enables IPv6 by default; if you want to leave it out, you
have to build with COMPAT=-DNO_IPV6.
I have tested that this compiles on Visual C 7 (so the nightlies
_should_ acquire IPv6 support without missing a beat), but since I
don't have IPv6 set up myself I haven't actually tested that it
_works_. It still seems to make correct IPv4 connections, but that's
all I've been able to verify for myself. Further testing is needed.
[originally from svn r5047]
[this svn revision also touched putty-wishlist]
mid-session if we are not using SSHv1. I've done this by introducing
a generic `cfg_info' function which every back end can use to
communicate an int's worth of data to setup_config_box; in SSH
that's the protocol version in use, and in everything else it's
currently zero.
[originally from svn r5040]
[r5031 == d77102a8d5]
(which will gain more content anon).
Retire BUG_SSH2_DH_GEX and add a backwards-compatibility wart, since we never
did find a way of automatically detecting this alleged server bug, and in any
case there was only ever one report (<3D91F3B5.7030309@inwind.it>, FWIW).
Also generalise askcipher() to a new askalg() (thus touching all the
front-ends).
I've made some attempt to document what SSH key exchange is and why you care,
but it could use some review for clarity (and outright lies).
[originally from svn r5022]
comment when I unblock it in pty.c to reflect reality. Also I've
moved block_signal() out of pterm.c into signal.c, so I can
conveniently use it for unblocking SIGCHLD rather than having to
reinvent it in pty.c.
[originally from svn r5006]
pterm, which was breaking my bash job notification patch. This is
apparently not the case for xterm, so I've fiddled with it. Not
entirely sure _why_ it did this in the first place, but there we go.
[originally from svn r4997]
