The aim is to try to reduce the incidence of the two least helpful
classes of those reports: the ones which have just got mismatched
checksum files, and the ones which don't tell us the information that
would help.
(cherry picked from commit 8ff3b222430cea48500cabdf402efe1f459f9ae4)
What should have been links to the old DSA keys were actually a second
copy of the links to the old RSA ones. Ahem.
(cherry picked from commit b62af0f40aa15c3ab79c8166c34f60f6e4192214)
This gives pride of place to the new set of keys we've recently
generated, and relegates the old ones to an afterthought.
(cherry picked from commit bb68baf53bacfc71bb0144780cf0b2b63bd76f98)
Users have requested this from time to time, for distinguishing log
file names when there's more than one SSH server running on different
ports of the same host. Since we do take account of that possibility
in other areas (e.g. we cache host keys indexed by (host,port) rather
than just host), it doesn't seem unreasonable to do so here too.
(cherry picked from commit 0550943b51c538400e31ce18483032e446178120)
The validation end of XDM-AUTHORIZATION-1 needs to check that two
time_t values differ by at most XDM_MAXSKEW, which it was doing by
subtracting them and passing the result to abs(). This provoked a
warning from OS X's clang, on the reasonable enough basis that the
value passed to abs was unsigned.
Fixed by using the (well defined) unsigned arithmetic wraparound: to
check that the mathematical difference of two unsigned numbers is in
the interval [-k,+k], compute their difference _plus k_ as an
unsigned, and check the result is in the interval [0,2k] by doing an
unsigned comparison against 2k.
The aim is to try to reduce the incidence of the two least helpful
classes of those reports: the ones which have just got mismatched
checksum files, and the ones which don't tell us the information that
would help.
Users have requested this from time to time, for distinguishing log
file names when there's more than one SSH server running on different
ports of the same host. Since we do take account of that possibility
in other areas (e.g. we cache host keys indexed by (host,port) rather
than just host), it doesn't seem unreasonable to do so here too.
PuTTY now uses the updated version of Diffie-Hellman group exchange,
except for a few old OpenSSH versions which Darren Tucker reports only
support the old version.
FIXME: this needs further work because the Bugs config panel has now
overflowed.
(cherry picked from commit 62a1bce7cb3ecb98feb57c7f1fd5d55845ce1533)
PuTTY now uses the updated version of Diffie-Hellman group exchange,
except for a few old OpenSSH versions which Darren Tucker reports only
support the old version.
FIXME: this needs further work because the Bugs config panel has now
overflowed.
It would be rare to have a host keypair in .ppk format or on a client
machine to load into PuTTYgen, and it might confuse people into thinking
they are required to do so.
I don't think anyone has ever actually called it that, colloquially
_or_ formally, and if anyone ever did (in a bug report, say) I'd
probably have to stop and think to work out what they meant. It's
universally called Plink, and should be officially so as well :-)
I've shifted away from using the SVN revision number as a monotonic
version identifier (replacing it in the Windows version resource with
a count of days since an arbitrary epoch), and I've removed all uses
of SVN keyword expansion (replacing them with version information
written out by Buildscr).
While I'm at it, I've done a major rewrite of the affected code which
centralises all the computation of the assorted version numbers and
strings into Buildscr, so that they're all more or less alongside each
other rather than scattered across multiple source files.
I've also retired the MD5-based manifest file system. A long time ago,
it seemed like a good idea to arrange that binaries of PuTTY would
automatically cease to identify themselves as a particular upstream
version number if any changes were made to the source code, so that if
someone made a local tweak and distributed the result then I wouldn't
get blamed for the results. Since then I've decided the whole idea is
more trouble than it's worth, so now distribution tarballs will have
version information baked in and people can just cope with that.
[originally from svn r10262]
