now a passphrase-keyed MAC covering _all_ important data in the
file, including the public blob and the key comment. Should
conclusively scupper any attacks based on nobbling the key file in
an attempt to sucker the machine that decrypts it. MACing the
comment field also protects against a key-substitution attack (if
someone's worked out a way past our DSA protections and can extract
the private key from a signature, swapping key files and
substituting comments might just enable them to get the signature
they need to do this. Paranoid, but might as well).
[originally from svn r1413]
`put', it makes more sense to pick the _basename_ of the source
rather than use the whole path - particularly when the latter might
cause us to try to use a DOS pathname like `f:\stuff' in a Unix (or
worse, such as VMS!) file system.
[originally from svn r1265]
Partly because that's a good idea _anyway_, and partly because it
seems to be causing trouble. (Specifically, their pathetic attempt
to emulate plink's proper select handling seems to get confused when
the back end tries to open a local listening socket.)
[originally from svn r1264]
can't start the sftp subsystem. This should enable convenient sftp
access to SSH1-only systems: all the admin needs is to install
sftp-server in the right place.
[originally from svn r1228]
malicious SCP server could have written to areas other than the ones
the user requested; cleared up buffer overruns everywhere. Hopefully
we now do not use arbitrary buffer limits _anywhere_.
[originally from svn r1205]
by me to make the drag list behaviour slightly more intuitive.
WARNING: DO NOT LOOK AT pl_itemfrompt() IF YOU ARE SQUEAMISH.
[originally from svn r1199]
by ceasing to listen on input channels if the corresponding output
channel isn't accepting data. Has had basic check-I-didn't-actually-
break-anything-too-badly testing, but hasn't been genuinely tested
in stress conditions (because concocting stress conditions is non-
trivial).
[originally from svn r1198]
host-key-changed prompt: update-cache-and-connect, connect-without-
updating-cache, and abandon-connection. (Previously the middle one
was missing.)
[originally from svn r1122]
behaviour of FXP_REALPATH. (Specifically, BSD and GNU realpath(3)
disagree over whether to return success when computing the realpath
for a putative new file to be created in a valid directory. There's
no way we can tell from (say) the OpenSSH version string because
OpenSSH might have been compiled to use the local realpath _or_ its
own nonbroken one.)
[originally from svn r953]
