1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 09:58:01 +00:00
Commit Graph

7401 Commits

Author SHA1 Message Date
Simon Tatham
430af47a38 Polish the output of read_ucd.py.
The initial outputs were all deliberately inconsistent with each
other, so that each one exactly matched the existing table I was
trying to replace.

Now I've done that check, I can clean them up. Normalised spacing and
case to be consistent; removed pointless indentation (these are now
include files, so they don't have to be indented to the same level as
the array declaration surrounding each one's #include); added a header
comment in each autogenerated file, saying that it's autogenerated,
what it's for, and who it's used by.

The currently supported version number of Unicode is also exposed in a
header file, so that I can put it in diagnostics.
2022-11-11 08:44:01 +00:00
Simon Tatham
b72c9aba28 New script to generate Unicode data tables.
This will replace the various pieces of Perl scattered throughout the
code base in comments above long boring data tables. The idea is that
those long boring tables will move into header files in the new
'unicode' directory, and will be #included from the source files that
use the tables.

One benefit is that I won't have to page tediously past the tables to
get to the actual code I want to edit. But more importantly, it should
now become easy to update to a new version of Unicode, by re-running
just one script and committing the changed versions of all the headers
in the 'unicode' subdir.

This version of the script regenerates six Unicode-derived tables in
the existing source code in a byte-for-byte identical form. In the
next commits I'll clean it up, commit the output, and delete the
tables from their previous locations.

(One table I _haven't_ incorporated into this system is the Arabic
shaping table in bidi.c, because my attempt to regenerate it came out
not matching the original at all. That _might_ be because the table is
based on an old Unicode standard and desperately needs updating, but
it might also be because I misunderstood how it works. So I'll leave
sorting that out for another time.)
2022-11-09 19:21:02 +00:00
Simon Tatham
69e217d23a Make decode_utf8() read from a BinarySource.
This enables it to handle data that isn't presented as a
NUL-terminated string.

In particular, the NUL byte can appear _within_ the string and be
correctly translated to the NUL wide character. So I've been able to
remove the awkwardness in the test rig of having to include the
terminating NUL in every test to ensure NUL has been tested, and
instead, insert a single explicit test for it.

Similarly to the previous commit, the simplification at the (one) call
site gives me a strong feeling of 'this is what the API should have
been all along'!
2022-11-09 19:21:02 +00:00
Simon Tatham
d89f2bfc55 Fix typo in decode_utf8 tests.
The test in question was supposed to contain the spurious UTF-8
encoding that 0xD800 would have if it were not a surrogate. But the
final continuation character 0x80 was instead 0x00.

The test passed anyway, because ED A0 was regarded as a truncated
sequence, instead of ED A0 80 being regarded as an illegal encoding of
a surrogate, and both return the same output!
2022-11-09 19:21:02 +00:00
Simon Tatham
834b58e39b Make encode_utf8() output to a BinarySink.
Previously it output to an ordinary char buffer, and returned the
number of bytes it had written. But three out of the four call sites
immediately chucked the resulting bytes into a BinarySink anyway. The
fourth, in windows/unicode.c, really is writing into successive
locations of a fixed-size buffer - but we can make that into a
BinarySink too, using the buffer_sink added in the previous commit.

So now encode_utf8() is renamed put_utf8_char, and the call sites all
look simpler than they started out.
2022-11-09 19:02:32 +00:00
Simon Tatham
991e22c9bb Implement a BinarySink writing to a fixed-size buffer.
This is one of marshal.c's small collection of handy BinarySink
adapters to existing kinds of thing, alongside stdio_sink and
bufchain_sink. It writes into a fixed-size buffer, discarding all
writes after the buffer fills up, and sets a flag to let you know if
it overflowed.

There was one of these in Windows Pageant a while back, under the name
'struct PageantReply' (introduced in commit b6cbad89fc, removed
again in 98538caa39 when the named-pipe revamp made it
unnecessary). This is the same idea but centralised for reusability.
2022-11-09 19:00:04 +00:00
Jacob Nevins
c8ba48be43 PuTTY WinMain: comment when config box pops up.
It's not entirely obvious, these days.
2022-11-06 02:05:17 +00:00
Jacob Nevins
9209c7ea38 Tweak another certified-host-key-prompt.
Like 5f3b743eb0, specifically reassure the user that taking the
add-to-cache action will not cause the CA that signed the key to be
trusted in any wider context, in the case where there was no previous
certified key cached. (I don't know why I missed this out before.)
2022-11-06 01:56:20 +00:00
Jacob Nevins
68db3d195d Use correct date in cert check error.
When a host certificate was used outside its valid date range, we were
displaying the current time where we meant to show the relevant bound of
the validity range.
2022-11-05 23:57:38 +00:00
Jacob Nevins
f78a1a944f Docs: fix typo in SUPDUP section. 2022-11-02 23:58:23 +00:00
Jacob Nevins
ebceb8bc94 Windows: fix terminal hang with resize forbidden.
A server attempt to resize the window (for instance via DECCOLM) when
"When window is resized" was set to "Forbid resizing completely" would
cause all terminal output to be suspended, due to the resize attempt
never being acknowledged.

(There are other code paths like this, which I've fixed for
completeness, but I don't think they have any effect: the terminal
filters out resize attempts to the current size before this point, and
even if a server can get such a request through the SUPDUP protocol, the
test for that is wrong and will never fire -- this needs fixing
separately.)
2022-11-02 23:51:57 +00:00
Simon Tatham
79b1cb2267 testcrypt: remove some pointless macros.
I just happened to notice ARG1 and ARGN in the code that builds the
dispatch table in process_line(), which aren't used at all, because
they date from a previous version of the testcrypt-func.h macro
system. They were supposed to be replaced everywhere with the unified
ARG.

So why didn't the missing definition of ARG break anything? Because
ARG only ever appears in the variadic part of a FUNC_INNER call - and
for this particular trawl of testcrypt-func.h, the variadic part isn't
ever used in the macro expansion in the first place. So there's no
need to define ARG and VOID to anything at all, not even the empty
string.
2022-10-30 10:38:36 +00:00
Jacob Nevins
f9a8213d95 Docs: add a 'pdf' cmake target.
We still don't build or ship a PDF PuTTY manual by default, but we may
as well conveniently expose Halibut's ability to do so.

(I don't guarantee the resulting PDF is particularly pretty -- some of
our overlong code lines do go off the right margin currently.)
2022-10-29 15:30:26 +01:00
Simon Tatham
d39bcaedba Some checklist updates for the Windows Store.
I didn't actually get these things wrong during the submission of
0.78, but I did notice that I'd forgotten to write them down.
2022-10-29 10:52:29 +01:00
Simon Tatham
2916f92467 Merge tag '0.78', for real this time.
Oops. The previous merge came from a version of the release tag we
ended up not using. This one reflects what really went into the
release.
2022-10-29 10:50:38 +01:00
Simon Tatham
fe2acf9984 Merge tag '0.78' 2022-10-29 08:55:53 +01:00
Simon Tatham
4ff82ab29a Update version number for 0.78 release. 2022-10-28 18:19:19 +01:00
Simon Tatham
475c23875e Unix: stop accessing ctrl->fileselect for font selectors.
The setup code for CTRL_FILESELECT and CTRL_FONTSELECT is shared,
which means it's a mistake to test ctrl->fileselect.just_button in it
without first checking which control type we're actually dealing with.

UBsan picks this up by complaining that the just_button field contains
some byte value that's illegal for a boolean. I think it's also the
cause of an intermittent assertion failure reported recently, in which
dlg_fontsel_set finds that uc->entry is NULL when it never ought to
be. If the byte from the wrong union branch happened to be 0 by sheer
bad luck, that could give rise to exactly that failure.
2022-10-28 17:49:59 +01:00
Jacob Nevins
329a4cdd79 authplugin-example.py: Flush stderr.
Python 3's stderr was fully-buffered when non-interactive, unlike
Python 2 and more or less everything else, until 3.9 in 2020(!):
https://bugs.python.org/issue13601

(It would be less faff to sys.stderr.reconfigure(line_buffering=True)
at the start, but that was only added in 3.7, whereas the 'flush'
argument to print() dates back to 3.3, so I chose that to minimise
the risk of version dependencies getting in the way of using this as
a working example.)
2022-10-24 12:52:44 +01:00
Jacob Nevins
538c8fd29c authplugin-example.py: Mention documentation.
(Just in case anyone's entry point is this example, and concludes they
have to reverse-engineer the protocol from the script.)
2022-10-24 12:50:58 +01:00
Simon Tatham
63edea07db Update version number for 0.78 release. 2022-10-23 18:00:14 +01:00
Simon Tatham
9701a3dcaa Merge osc_strlen fix from 'pre-0.78'. 2022-10-23 17:46:00 +01:00
Simon Tatham
a7106d8eb2 Add missing initialisation of term->osc_strlen.
An uninitialised value could have got as far as do_osc() via the
relatively recent code path for early termination of an OSC before
it's fully set up.
2022-10-23 17:45:51 +01:00
Simon Tatham
8b751c71c9 Merge -pwfile semantics fix from 'pre-0.78'. 2022-10-23 14:14:28 +01:00
Simon Tatham
bdb3ac9f3b Restrict -pwfile / -pw to apply to server prompts only.
Jacob spotted that an unused -pwfile input can be accidentally used as
the answer to Plink's antispoof 'press Return to begin session'
prompt, which is unintended and confusing.

To fix that, I've made the use of a command-line password conditional
on p->to_server, the flag in a prompts_t that indicates whether the
results of the prompts are going to be sent directly to the server or
consumed locally by PuTTY. (And I've also corrected the setting of
to_server in the antispoof prompt, which was true when it should have
been false.)

A side effect of this is that -pwfile will no longer work to provide a
private-key passphrase, if you're using public-key authentication
without Pageant. This is deliberate, because if you're doing that on
purpose then Pageant is a better way to achieve the same thing (or
else just store the key unencrypted, which is no worse); but in the
case of a server that sequentially demands public-key _and_ password
authentication, the new behaviour makes -pwfile apply to the right one
of the two prompts, i.e. the actual password.
2022-10-23 14:13:55 +01:00
Jacob Nevins
b2dbde11ce Merge comment fix from 'pre-0.78'. 2022-10-23 12:39:53 +01:00
Jacob Nevins
2fbb9284f3 Fix outdated comment relating to -pw. 2022-10-23 12:38:00 +01:00
Jacob Nevins
f7e86ca267 README: remove mention of doc/Makefile.
While cmake might create it, it's not something we ship any more.

This is a combined cherry-pick of:
  afebe8027f
  f229aab20c
2022-10-23 12:37:20 +01:00
Jacob Nevins
f229aab20c Rewrap a paragraph in README. 2022-10-23 12:36:24 +01:00
Jacob Nevins
afebe8027f README: remove mention of doc/Makefile.
While cmake might create it, it's not something we ship any more.
2022-10-22 09:59:02 +01:00
Simon Tatham
25d0a85c1f Merge build fix and checklist update from 'pre-0.78'. 2022-10-22 08:24:29 +01:00
Simon Tatham
0c59d49683 Update the pre-release-candidate testing checklist.
Removed 'try cmake 3.7 on Windows': I think that's not really
necessary, because Windows doesn't have the concept of an old overall
distro that makes it hard to upgrade a particular build tool.

On the other hand, added a big pile of other things I'd like not to
forget.
2022-10-22 08:23:06 +01:00
Simon Tatham
d2795e5cb5 Fix build with GTK3 prior to 3.22.23.
Those versions of GTK (or rather, GDK) don't support the
GDK_WINDOW_STATE_TOP_TILED constants; they only support the
non-directional GDK_WINDOW_STATE_TILED. And GTK < 3.10.0 doesn't even
support that.

All those constants were under #ifdef already; I've just made the
ifdefs a bit more precise.
2022-10-22 07:48:56 +01:00
Jacob Nevins
2622e5266b Merge cert expr tweak from 'pre-0.78'. 2022-10-22 01:25:13 +01:00
Jacob Nevins
75ac444324 Document subdomain matching of cert expr wildcards.
In the manual, in comments, and in a new test.
2022-10-22 01:22:10 +01:00
Jacob Nevins
d9584eb6a3 Merge docs typos fix from 'pre-0.78'. 2022-10-22 00:20:47 +01:00
Jacob Nevins
500568d204 Docs: fix trivial typo from 6472f7fc77. 2022-10-22 00:20:03 +01:00
Jacob Nevins
75285933ae Merge host-key warning tweaks from 'pre-0.78'. 2022-10-21 20:42:04 +01:00
Jacob Nevins
5f3b743eb0 Tweak certified-host-key prompt.
Add a specific reassurance that taking the add-to-cache action will not
cause the CA that signed the key to be trusted in any wider context.
2022-10-21 20:41:37 +01:00
Jacob Nevins
344cde8ded Windows host-key warning: reinstate shortcut.
The "Cancel" button's keyboard shortcut was accidentally removed by
f1c8298000, having only just reinstated it in a77040afa1.

(Also, fix a couple of blatantly fibbing "accelerators used" comments.)
2022-10-21 20:41:36 +01:00
Jacob Nevins
61b3cde507 Merge cosmetic and docs fixes from 'pre-0.78'. 2022-10-21 20:13:16 +01:00
Jacob Nevins
bb1ebc9b57 Docs: tweak certified-host-key warning responses.
Mainly to try to clarify that if you're sat at this warning dialog/
prompt, no response you make to it will cause a new CA to be trusted for
signing arbitrary host keys.
2022-10-21 20:12:23 +01:00
Jacob Nevins
5716c638a5 Docs: cross-reference host-key warning sections.
The 'certified host key' variant of the host key warning always comes
with a scary 'POTENTIAL SECURITY BREACH!' message. So the error message
section with the scary title that should acknowledge that variant, and
the section about that variant should mention the scary warning.
2022-10-21 19:46:51 +01:00
Jacob Nevins
8c534c26fd Docs: note "wrong host key" warning is stronger.
To try to prime readers learning the often-seen "unknown host key"
warning to recognise the rarer and scarier "wrong host key" warning, if
they see it.
2022-10-21 19:43:26 +01:00
Jacob Nevins
1d1d81d66e Fix regressions in Gtk host key "More info".
A description like "SHA256 fingerprint:" could run into the previous
public key blob; and add a missing colon.
2022-10-21 19:01:58 +01:00
Jacob Nevins
dc9ab5e0f0 Rename NTRU Prime / Curve25519 kex in UI.
The previous name, which included '(quantum-resistant)', was too long to
be completely seen in the Windows config dialog's kex list (which is
narrower than the Gtk one, due to the Up/Down buttons). No point
including that explanation if people can't actually read it, so we'll
have to rely on docs to explain it.

(I did try squashing the rest of the name to "SNTRUP/X25519 hybrid", but
that wasn't enough.)

As some sort of compensation, index it more thoroughly in the docs, and
while I'm there, tweak the indexing of other key exchange algorithms
too.
2022-10-21 17:53:24 +01:00
Jacob Nevins
ca58e96982 Merge public-key docs fixes from 'pre-0.78'. 2022-10-21 13:06:28 +01:00
Jacob Nevins
6472f7fc77 Docs: update Pageant key list description.
GUI Pageant stopped using SSH identifiers for key types in fea08bb244,
but the docs were still referring to them.

As part of this, ensure that the term "NIST" is thoroughly
cross-referenced and indexed, since it now appears so prominently in
Pageant.

(While I'm there, reword the "it's OK that elliptic-curve keys are
smaller than RSA ones" note, as I kept tripping over the old wording.)
2022-10-21 13:04:57 +01:00
Jacob Nevins
5d5a6a8fd3 Docs: MD5 is forced for SSH-1 key fingerprints. 2022-10-21 13:04:41 +01:00
Jacob Nevins
d42983088a Docs: prime generation defaults are usually fine. 2022-10-21 13:02:36 +01:00