Simon Tatham [Sat, 7 Feb 2004 18:10:54 +0000 (18:10 +0000)]
Added a wrinkle to the version.c build in the Unix makefile, which
will validate an md5sums manifest and if all md5sums match will use
a version number provided in a file. This should allow me to produce
a Unix release source archive with the property that when unpacked
and built it will produce binaries advertising themselves as
`Release X.YZ', but as soon as the user starts fiddling with the
sources it will revert to `Unidentified build' (though of course the
user can still _explicitly_ ask for a release tag, and in fact this
will override the default if any default is specified).
Simon Tatham [Sat, 7 Feb 2004 10:02:20 +0000 (10:02 +0000)]
Charles Wilcox reported a signature validation bug with 2500-bit RSA
keys. This _appears_ to be due to me computing the byte count of the
key by dividing the bit count by 8 and rounding _down_ rather than
up. Therefore, I can't see how this code could ever have worked on
any SSH2 RSA key whose length was not a multiple of 8 bits; and
therefore I'm staggered that we haven't noticed it before! OpenSSH's
keygen appears to be scrupulous about ensuring the returned key
length is exactly what you asked for rather than one bit less, but
even so I'm astonished that _all_ keygen implementations for servers
we've ever interoperated with have avoided tripping this bug...
Jacob Nevins [Tue, 3 Feb 2004 14:47:43 +0000 (14:47 +0000)]
Patch from Theo Markettos: apparently "BSD-derived IP stacks fall over when
trying to bind to the localhost interface with a sockaddr_in which has non-zero
sin_zero fields." Zero sockaddr_in (and sockaddr_in6) before any use.
Simon Tatham [Thu, 22 Jan 2004 19:15:32 +0000 (19:15 +0000)]
Added a command-line key generation tool. Currently builds and runs
on Linux, but the (very few) platform-specific bits are already
abstracted out of the main code, so it should port to other
platforms with a minimum of fuss.
Simon Tatham [Wed, 21 Jan 2004 21:11:03 +0000 (21:11 +0000)]
Bah! Nicolas Barry correctly points out that my async agent code
simply doesn't work - if multiple concurrent agent requests are
attempted, some of them will fail for no apparent reason. I assume
concurrent SendMessage() calls don't work in the Windows API, or
some such. So I'm commenting out the async code for the moment
(there wasn't a Windows Pageant that made helpful use of it anyway
yet) and returning to the drawing board.
Simon Tatham [Wed, 21 Jan 2004 20:59:20 +0000 (20:59 +0000)]
Kaisuke Nakajima points out that it's unnecessary to translate
negative font sizes (meaning pixels) into positive ones (points) in
winstore.c, since it gets done anyway at the point of font creation;
and removing the code in winstore.c means that the precise font
entered by the user is saved in the config, rather than being
rounded.
Simon Tatham [Wed, 21 Jan 2004 19:56:08 +0000 (19:56 +0000)]
Darryl L. Miles's patch to support an optional port number argument
on the PSFTP `open' command; it was arguably a bug that this command
couldn't do such an obvious thing that could be done from the main
command line. Also had to fix a NULL-dereference in do_sftp_cleanup
in the process.
Simon Tatham [Tue, 20 Jan 2004 20:35:27 +0000 (20:35 +0000)]
Alexey Savelyev's mkfiles.pl patch to support lcc-win32. This has
caused a small amount of extra inconvenience at the tops of .rc
files, but it's been positive overall since lcc has managed to point
out some pedantic errors (typically static/extern mismatches between
function prototypes and definitions) which everything else missed.
Simon Tatham [Tue, 20 Jan 2004 19:41:43 +0000 (19:41 +0000)]
Josh Hill's patch for full-screen mode on a multi-monitor system:
clicks in the top left of the window should not be detected by
comparing the coordinates with (0,0) since this won't work on
secondary monitors.
Simon Tatham [Tue, 20 Jan 2004 19:30:41 +0000 (19:30 +0000)]
Mark Wutzke points out that the comment in sk_proxy_set_frozen()
states that plug_receive() may recurse back into
sk_proxy_set_frozen() again. Therefore, bufchain_consume() should
have been called _before_ calling plug_receive(), to prevent an
infinite loop overflowing the stack. I can't immediately figure out
under what circumstances this might happen, but it seems an
obviously sensible precaution.
Jacob Nevins [Tue, 20 Jan 2004 12:46:36 +0000 (12:46 +0000)]
`portfwd-loopback-choice' was not consistently documented.
- update usage info in tools
- ack, plink is over 24 lines now
- update man pages for Unix version
- Doc changes:
- move long description from (GUI) "config" to "using"
- sorry if complete specification isn't what this section is meant for,
but if you only read "using" it was hard to find.
- ensure enough references to this made in other sections (GUI,
command-line)
- update instance of plink usage info
Simon Tatham [Sun, 18 Jan 2004 09:14:41 +0000 (09:14 +0000)]
Memory management fixes. Fixed a segfault in SSH1 compression
cleanup noticed by Gerhard Wiesinger, and also fixed some memory
leaks spotted by valgrind while debugging same.
Simon Tatham [Sat, 17 Jan 2004 13:48:40 +0000 (13:48 +0000)]
Joe Yates's patch to make mkfiles.pl generate Visual Studio project
files as well as an nmake makefile. Needed line-end tweakery in
order to be able to generate usable project files when run on Unix,
but other than that appears fine. Ooh!
Simon Tatham [Sat, 17 Jan 2004 13:24:59 +0000 (13:24 +0000)]
So _that's_ why mkfiles.pl was running so slowly on my Windows box!
&findfile() now caches its results. At least one full order of
magnitude speedup when running on an SMB-mounted volume. Phew.
Simon Tatham [Sat, 17 Jan 2004 13:00:18 +0000 (13:00 +0000)]
Idiot me! store_host_key() was blindly _appending_ new host keys to
the end of the host key file. This is perfectly all right if a host
key never changes, but it's completely useless if you need to
replace an existing entry. This version should do better.
Simon Tatham [Thu, 1 Jan 2004 16:42:48 +0000 (16:42 +0000)]
Joe Yates's memory leak patch was overenthusiastically freeing
things; it called freebn on the DH gex values even if DH gex had not
taken place. Bug was trivially reproducible as a NULL-dereference
segfault by making any SSH2 connection with DH gex disabled. Should
now be fixed.
Simon Tatham [Tue, 16 Dec 2003 18:28:43 +0000 (18:28 +0000)]
Andy Hood points out that `#ifdef MONITOR_DEFAULTTONEAREST' would
benefit from _also_ being conditional on NO_MULTIMON not being
defined, to prevent the possibility of only half the multimon code
being included.
Jacob Nevins [Wed, 3 Dec 2003 23:25:48 +0000 (23:25 +0000)]
Spotted by Tim Kosse: reput on an already complete file was hanging.
Should be fixed now (we only wait for packets if we know there are some
that haven't been replied to yet).
Jacob Nevins [Mon, 24 Nov 2003 13:40:58 +0000 (13:40 +0000)]
I think the time has come for PuTTYgen to mention "authorized_keys" instead
of "authorized_keys2" by default. I believe this change was made in OpenSSH
around June 2001, so any versions which it applies should have been replaced
by now for other reasons.
(The docs still adequately document the confusion surrounding this)
Simon Tatham [Thu, 20 Nov 2003 18:41:12 +0000 (18:41 +0000)]
Introduce a new mouse handling option, in which the right button
brings up the context menu (and you can then paste by selecting
`Paste'). Should be more friendly to Windows-oriented users as
opposed to expatriate X users; also has the effect of making it more
difficult to paste into PuTTY by a single misplaced mouse click,
which has been a common theme of complaint recently.
For the moment, `Compromise' (the X-like behaviour with the right
and middle buttons reversed so that two-button users still get the
two most important functions) is still the default. I'm uncertain
that it might not be better to make the new option the default,
though, since the compromise option is optimal for _nobody_.
Simon Tatham [Thu, 20 Nov 2003 18:33:22 +0000 (18:33 +0000)]
Move the `translation of line drawing characters when pasting'
option from the Selection panel to the Translation panel (where it
fits at least as well). This frees a line in the Selection panel
which I'm about to use for an additional mouse handling option.
Simon Tatham [Wed, 19 Nov 2003 20:48:30 +0000 (20:48 +0000)]
Introduce a context menu which appears on Ctrl+rightclick. This menu
contains all the stuff in the System menu except for the standard
System menu bits (move, resize, close etc), and also contains `Paste'.
Jacob Nevins [Thu, 6 Nov 2003 14:17:56 +0000 (14:17 +0000)]
Cosmetic fix from Daniel Fazekas: apparently we were failing to allow
window-furniture in Playschool Windows be animated on mouse-over. This
fix also seems like the Right Thing to do. I've tried it and it seems
harmless enough on Win2K.
Simon Tatham [Thu, 30 Oct 2003 10:41:59 +0000 (10:41 +0000)]
Hmm, that relative link wasn't too good. Try a more helpful one.
Also add to the release checklist so that I'll remember to set this
up properly in the next set of release docs...
Simon Tatham [Thu, 30 Oct 2003 10:30:23 +0000 (10:30 +0000)]
Move the reference to sitestyle.css out into a separate .but file
which is only included if you explicitly tell the docs Makefile to
do so. Also make it a relative reference, while we're at it.
Simon Tatham [Sun, 12 Oct 2003 14:12:54 +0000 (14:12 +0000)]
Actually fix winnet-if2lo, I think. Tested in an ad-hoc manner by
deliberately making a connection from nemesis's real IP address to
its loopback address; not tested in the original failing case of SMB.
Simon Tatham [Sun, 12 Oct 2003 13:46:12 +0000 (13:46 +0000)]
The WinSock library is now loaded at run-time, which means we can
attempt to load WS2 and then fall back to WS1 if that fails. This
should allow us to use WS2-specific functionality to find out the
local system's list of IP addresses, thus fixing winnet-if2lo, while
degrading gracefully back to the previous behaviour if that
functionality is unavailable. (I haven't yet actually done this; I've
just laid the groundwork.)
This checkin _may_ cause instability; it seemed fine to me on
initial testing, but it's a bit of an upheaval and I wouldn't like
to make bets on it just yet.
Jacob Nevins [Sun, 12 Oct 2003 13:16:39 +0000 (13:16 +0000)]
Remove all the "assert(len>0)" which forbade zero-length writes across the
from_backend() interface, after having made all implementations safe against
being called with len==0 and possibly-NULL/undefined "data".
(This includes making misc.c:bufchain_add() more robust in this area.)
Assertion was originally added 2002-03-01; e.g., see plink.c:1.53 [r1571].
I believe this now shouldn't break anything.
This should hopefully make `ppk-empty-comment' finally GO AWAY. (Tested
with Unix PuTTY.)
Jacob Nevins [Fri, 10 Oct 2003 22:58:53 +0000 (22:58 +0000)]
Add random commentary to SOCKS code.
Also fix what I think are a couple of very minor bugs in SOCKS4; one won't
affect anyone AFAIK, and the other is unlikely to cause trouble.
Jacob Nevins [Fri, 10 Oct 2003 21:20:01 +0000 (21:20 +0000)]
In SOCKS5 dynamic forwarding, we were echoing back DST.{ADDR,PORT} as
BND.{ADDR,PORT}. Besides being clearly wrong, correspondence with
Sascha Schwarz suggests that this can confuse some SOCKS5 clients
(Aventail and sockscap32) which seem to assume that the reply must
have ATYP=1 (IPv4 literal) and so get the length wrong.
Now all replies have ATYP=1 with BND.{ADDR,PORT} = 0.0.0.0:0 -- this
apparently follows practice in OpenSSH. (We don't have enough info to
fill these fields in correctly.)
Jacob Nevins [Tue, 7 Oct 2003 21:31:21 +0000 (21:31 +0000)]
`baltic-default-translation': change default Baltic (CP1257) encoding from
8859-4 to 8859-13 as suggested by Vaidrius Petrauskas, on the grounds that
he has a .lt address and sounds like he knows what he's talking about.
Simon Tatham [Sat, 27 Sep 2003 17:52:34 +0000 (17:52 +0000)]
First cut at speeding up SFTP. Generic download-management code in
sftp.c, and psftp.c now uses that instead of going it alone. Should
in principle be easily installed in PSCP as well, but I haven't done
it yet; also it only handles downloads, not uploads, and finally it
doesn't yet properly calculate the correct number of parallel
requests to queue. Still, it's a start, and in my own tests it
seemed to perform as expected (download speed suddenly became
roughly what you'd expect from the available bandwidth, and
decreased by roughly the expected number of round-trip times).
Jacob Nevins [Tue, 2 Sep 2003 19:00:17 +0000 (19:00 +0000)]
When loading SSH-2 key, ignore passphrase argument if key is unencrypted.
This should get rid of a problem that three or four people reported where
PuTTY intermittently reports "Unable to load private key" (MAC failed).
(ssh.c:do_ssh2_authconn() should also initialise its passphrase so it's not
passing garbage passphrases around, of course, but I haven't yet worked out
where the best place in the auth loop to do that would be.)
Jacob Nevins [Fri, 29 Aug 2003 22:52:57 +0000 (22:52 +0000)]
Work towards wish `keyfile-diagnostic'. Many sshpubk.c keyfile-loading
functions have sprouted `**errorstr' arguments, which if non-NULL can
return a textual error message. The interface additions are patchy and
ad-hoc since this seemed to suit the style of the existing interfaces.
I've since realised that most of this is masked by sanity-checking that
gets done before these functions are called, but it will at least report
MAC failures and the like (tested on Unix), which was the original point
of the exercise.
Note that not everyone who could be using this information is at the
moment.