Simon Tatham [Sun, 22 Nov 2015 22:50:30 +0000 (22:50 +0000)]
Fix a paste error in new make_handle_socket prototype.
Thanks to Colin Harrison for spotting it very quickly. No thanks to
Visual Studio for only giving me a _warning_ when I prototyped a
function with four parameters and called it with five!
Simon Tatham [Sun, 22 Nov 2015 14:33:28 +0000 (14:33 +0000)]
Option to log proxy setup diagnostics to the terminal.
It has three settings: on, off, and 'only until session starts'. The
idea of the last one is that if you use something like 'ssh -v' as
your proxy command, you probably wanted to see the initial SSH
connection-setup messages while you were waiting to see if the
connection would be set up successfully at all, but probably _didn't_
want a slew of diagnostics from rekeys disrupting your terminal in
mid-emacs once the session had got properly under way.
Default is off, to avoid startling people used to the old behaviour. I
wonder if I should have set it more aggressively, though.
Simon Tatham [Sun, 22 Nov 2015 11:50:37 +0000 (11:50 +0000)]
In GUI PuTTY, log standard error from local proxy commands.
On both Unix and Windows, we now redirect the local proxy command's
standard error into a third pipe; data received from that pipe is
broken up at newlines and logged in the Event Log. So if the proxy
command emits any error messages in the course of failing to connect
to something, you now have a fighting chance of finding out what went
wrong.
This feature is disabled in command-line tools like PSFTP and Plink,
on the basis that in that situation it seems more likely that the user
would expect standard-error output to go to the ordinary standard
error in the ordinary way. Only GUI PuTTY catches it and logs it like
this, because it either doesn't have a standard error at all (on
Windows) or is likely to be pointing it at some completely unhelpful
session log file (under X).
Simon Tatham [Sun, 22 Nov 2015 12:15:52 +0000 (12:15 +0000)]
Log the setup of proxied network connections.
I've defined a new value for the 'int type' parameter passed to
plug_log(), which proxy sockets will use to pass their backend
information on how the setup of their proxied connections are going.
I've implemented support for the new type code in all _nontrivial_
plug log functions (which, conveniently, are precisely the ones I just
refactored into backend_socket_log); the ones which just throw all
their log data away anyway will do that to the new code as well.
We use the new type code to log the DNS lookup and connection setup
for connecting to a networked proxy, and also to log the exact command
string sent down Telnet proxy connections (so the user can easily
debug mistakes in the configured format string) and the exact command
executed when spawning a local proxy process. (The latter was already
supported on Windows by a bodgy logging call taking advantage of
Windows in particular having no front end pointer; I've converted that
into a sensible use of the new plug_log facility, and done the same
thing on Unix.)
Simon Tatham [Sun, 22 Nov 2015 11:49:14 +0000 (11:49 +0000)]
Factor out the back ends' plug log functions.
I'm about to want to make a change to all those functions at once, and
since they're almost identical, it seemed easiest to pull them out
into a common helper. The new source file be_misc.c is intended to
contain helper code common to all network back ends (crypto and
non-crypto, in particular), and initially it contains a
backend_socket_log() function which is the common part of ssh_log(),
telnet_log(), rlogin_log() etc.
Simon Tatham [Sun, 22 Nov 2015 15:02:14 +0000 (15:02 +0000)]
Fix a memory leak in uxproxy.c.
We set up a pair of bufchains for the standard input and output
exchanged with the proxy process, but forgot to clear them when the
Local_Proxy_Socket is cleaned up.
Simon Tatham [Sun, 22 Nov 2015 09:58:14 +0000 (09:58 +0000)]
Tell the truth about DNS lookups in the Event Log.
We've always had the back-end code unconditionally print 'Looking up
host' before calling name_lookup. But name_lookup doesn't always do an
actual lookup - in cases where the connection will be proxied and
we're configured to let the proxy do the DNS for us, it just calls
sk_nonamelookup to return a dummy SockAddr with the unresolved name
still in it. It's better to print a message that varies depending on
whether we're _really_ doing DNS or not, e.g. so that people can tell
the difference between DNS failure and proxy misconfiguration.
Hence, those log messages are now generated inside name_lookup(),
which takes a couple of extra parameters for the purpose - a frontend
pointer to pass to logevent(), and a reason string so that it can say
what the hostname it's (optionally) looking up is going to be used
for. (The latter is intended for possible use in logging subsidiary
lookups for port forwarding, though the moment I haven't changed
the current setup where those connection setups aren't logged in
detail - we just pass NULL in that situation.)
Simon Tatham [Sun, 22 Nov 2015 12:06:54 +0000 (12:06 +0000)]
Remove unused SSL declarations from network.h.
There was a very old plan to flesh this out into an implementation of
SSLified Telnet, back when it looked as if that might be the winning
option for encrypted remote login. But SSH won, so that random junk in
network.h has been sitting around for decades doing nothing useful.
Simon Tatham [Thu, 12 Nov 2015 19:11:07 +0000 (19:11 +0000)]
Big revision to CHECKLST.txt for release.pl and Mason.
Half the release checklist has changed recently, what with me
completely reworking the website and also writing all this release
automation. I think these are all the checklist changes needed now the
dust has settled, though of course when I do the next actual release I
expect there'll turn out to be something I missed...
Simon Tatham [Thu, 12 Nov 2015 19:09:36 +0000 (19:09 +0000)]
Further release automation.
I've added extra modes to release.pl which should automate the more
tedious parts of the deployment phase: uploading the release build to
all the places it needs to go, checking its integrity once it gets
there, verifying that everything can be downloaded again usefully,
checking content-types etc.
The new version should check more thoroughly (it checks the whole FTP
and HTTP download directories, so it will spot errors like failing to
update the FTP 'latest' symlink), and take fewer commands to run.
Simon Tatham [Tue, 10 Nov 2015 18:49:51 +0000 (18:49 +0000)]
Fix potential segfaults in reading OpenSSH's ASN.1 key format.
The length coming back from ber_read_id_len might have overflowed, so
treat it as potentially negative. Also, while I'm here, accumulate it
inside ber_read_id_len as an unsigned, so as to avoid undefined
behaviour on integer overflow, and toint() it before return.
Thanks to Hanno Böck for spotting this, with the aid of AFL.
Simon Tatham [Tue, 10 Nov 2015 18:47:55 +0000 (18:47 +0000)]
Fix a segfault in parsing OpenSSH private key files.
The initial test for a line ending with "PRIVATE KEY-----" failed to
take into account the possibility that the line might be shorter than
that. Fixed by introducing a new library function strendswith(), and
strstartswith() for good measure, and using that.
Thanks to Hanno Böck for spotting this, with the aid of AFL.
Simon Tatham [Sat, 7 Nov 2015 20:15:24 +0000 (20:15 +0000)]
Fix an SSH-breaking bug from the fuzzing merge.
When we set ssh->sc{cipher,mac} to s->sc{cipher,mac}_tobe
conditionally, we should be conditionalising on the values we're
_reading_, not the ones we're about to overwrite.
Simon Tatham [Sat, 7 Nov 2015 15:59:00 +0000 (15:59 +0000)]
More post-release checklist updates, and a new script.
I've added a few sample shell commands in the upload procedure (mostly
so that I don't have to faff about remembering how rsync trailing
slashes work every time), and also written a script called
'release.pl', which automates the updating of the version number in
all the various places it needs to be done and also ensures the PSCP
and Plink transcripts in the docs will match the release itself.
Simon Tatham [Sat, 7 Nov 2015 15:15:07 +0000 (15:15 +0000)]
One small post-release checklist tweak.
I spotted that I've been checking that old-style Windows Help files
were delivered with content-type "application/octet-stream", but not
also checking the same thing about the marginally newer .CHM ones. (Or
at least not writing it down in the wishlist; I think I did actually
check on at least one occasion.)
Simon Tatham [Sat, 7 Nov 2015 14:45:20 +0000 (14:45 +0000)]
Make 'make install' ignore the new 'fuzzterm' binary.
It's for regression testing and fuzzing, so there's no use for it if
you're not a developer working on the source.
Leaving it out of the 'make install' target in Makefile.gtk is no
trouble because that's already handled manually in Recipe by inserting
a giant hairy Makefile fragment to do the installation. But
Makefile.am was just setting bin_PROGRAMS to the full set of binaries
built, so for that one, I had to invent a new Recipe program category
[UT] which moves a particular binary into noinst_PROGRAMS.
While I was at it, I've retired the [M] program category, which has
been lying around unused since Ben's old Mac OS pre-X port.
Simon Tatham [Sat, 7 Nov 2015 13:34:14 +0000 (13:34 +0000)]
Fix a build failure coming from the fuzzing branch.
Apparently if you maintain a branch for a long time where you only
compile with a non-default ifdef enabled, it becomes possible to not
notice a typo you left in the default branch :-)
Simon Tatham [Sat, 7 Nov 2015 09:54:05 +0000 (09:54 +0000)]
Merge tag '0.66'
This brings in the rest of the 0.66 branch, including some changes new
on master.
Conflicts:
doc/plink.but
sshrsa.c
(The conflicts were both trivial: in one, the addition of an extra
parameter to rsa2_newkey on master happened on the line next to 0.66's
addition of a check for NULL return value, and in the other, I'd got
the version number in the plink -h transcript messed up on master.)
Simon Tatham [Sat, 7 Nov 2015 09:14:42 +0000 (09:14 +0000)]
Initial 'merge -s ours' from 0.66 release branch.
Everything up to here on the release branch is cherry-picks from
master anyway, and some of their cherry-picked forms conflict with the
current state of master due to further work, so here I'm just
recording an ancestry relation to indicate that there's nothing up to
here on 0.66 that master hasn't got.
Simon Tatham [Fri, 25 Sep 2015 15:03:47 +0000 (16:03 +0100)]
Fix winhandl.c's failure to ever free a foreign handle.
Handles managed by winhandl.c have a 'busy' flag, which is used to
mean two things: (a) is a subthread currently blocked on this handle
so various operations in the main thread have to be deferred until it
finishes? And (b) is this handle currently one that should be returned
to the main loop to be waited for?
For HT_INPUT and HT_OUTPUT, those things are either both true or both
false, so a single flag covering both of them is fine. But HT_FOREIGN
handles have the property that they should always be waited for in the
main loop, but no subthread is blocked on them. The latter means that
operations done on them in the main thread should not be deferred; the
only such operation is cleaning them up in handle_free().
handle_free() was failing to spot this, and was deferring freeing
HT_FOREIGN handles until their subthread terminated - which of course
never happened. As a result, when a named pipe server was closed, its
actual Windows event object got destroyed, but winhandl.c still kept
passing it back to the main thread, leading to a tight loop because
MsgWaitForMultipleObjects would return ERROR_INVALID_HANDLE and never
block.
Simon Tatham [Sun, 9 Aug 2015 20:18:27 +0000 (21:18 +0100)]
Add a FAQ for 'checksum mismatch' reports.
The aim is to try to reduce the incidence of the two least helpful
classes of those reports: the ones which have just got mismatched
checksum files, and the ones which don't tell us the information that
would help.
Ben Harris [Sun, 18 Oct 2015 12:04:58 +0000 (13:04 +0100)]
Add FUZZING support to ssh.c.
This adds the "none" cipher and MAC, and also disables kex signure
verification and host-key checking. Since a client like this is
completely insecure, it also rewrites the client version string to
start "ISH", which should make it fail to interoperate with a real SSH
server. The server version string is still expected to begin "SSH" so
the real packet captures can be used against it.
Ben Harris [Sat, 17 Oct 2015 20:00:31 +0000 (21:00 +0100)]
Handle packets with no type byte by returning SSH_MSG_UNIMPLEMENTED.
The previous assertion failure is obviously wrong, but RFC 4253 doesn't
explicitly declare them to be a protocol error. Currently, the incoming
packet isn't logged, which might cause some confusion for log parsers.
Ben Harris [Sat, 17 Oct 2015 15:26:51 +0000 (16:26 +0100)]
Add FUZZING build option that disables the random number generator.
Starting up the random number generator is by far the slowest part of
plink's startup, and randomness is bad for fuzzing, so disabling it
should make fuzzing more effective.
Ben Harris [Sat, 17 Oct 2015 13:06:06 +0000 (14:06 +0100)]
Add an explicit PROXY_FUZZ that just feeds a file into the backend.
This saves the need to fork and exec "cat", which should speed things
up. It also ensures that the network output goes to /dev/null, which
should avoid problems with blocking when writing to a full pipe.
Ben Harris [Tue, 13 Oct 2015 19:33:12 +0000 (20:33 +0100)]
Check the x argument to check_boundary() more carefully.
This is a minimal fix for CVE-2015-5309, and while it's probably
unnecessary now, it seems worth committing for defence in depth and to
give downstreams something reasonably non-intrusive to cherry-pick.
Ben Harris [Wed, 7 Oct 2015 22:54:39 +0000 (23:54 +0100)]
More robust control sequence parameter handling.
Parameters are now accumulated in unsigned integers and carefully checked
for overflow (which is turned into saturation). Things that consume them
now have explicit range checks (again, saturating) to ensure that their
inputs are sane. This should make it much harder to cause overflow by
supplying ludicrously large numbers.
Fixes two bugs found with the help of afl-fuzz. One of them may be
exploitable and is CVE-2015-5309.
Ben Harris [Tue, 13 Oct 2015 19:33:12 +0000 (20:33 +0100)]
Check the x argument to check_boundary() more carefully.
This is a minimal fix for CVE-2015-5309, and while it's probably
unnecessary now, it seems worth committing for defence in depth and to
give downstreams something reasonably non-intrusive to cherry-pick.
Ben Harris [Wed, 7 Oct 2015 22:54:39 +0000 (23:54 +0100)]
More robust control sequence parameter handling.
Parameters are now accumulated in unsigned integers and carefully checked
for overflow (which is turned into saturation). Things that consume them
now have explicit range checks (again, saturating) to ensure that their
inputs are sane. This should make it much harder to cause overflow by
supplying ludicrously large numbers.
Fixes two bugs found with the help of afl-fuzz. One of them may be
exploitable and is CVE-2015-5309.
Ben Harris [Sat, 17 Oct 2015 20:00:31 +0000 (21:00 +0100)]
Handle packets with no type byte by returning SSH_MSG_UNIMPLEMENTED.
The previous assertion failure is obviously wrong, but RFC 4253 doesn't
explicitly declare them to be a protocol error. Currently, the incoming
packet isn't logged, which might cause some confusion for log parsers.
Simon Tatham [Sat, 24 Oct 2015 15:44:37 +0000 (16:44 +0100)]
Initialise the random state in ssh_test_for_upstream().
This protects the Unix platform sharing code in the case where no salt
file exists yet in the connection-sharing directory, in which case
make_dirname() will want to create one by using some random bytes, and
prior to this commit, would fail an assertion because the random
number generator wasn't set up.
It would be neater to just return FALSE from ssh_test_for_upstream in
that situation - if there's no salt file, then no sharing socket can
be valid anyway - but that would involve doing more violence to the
code structure than I'm currently prepared to do for a minor elegance
gain.
Simon Tatham [Fri, 25 Sep 2015 08:23:26 +0000 (09:23 +0100)]
Sanitise bad characters in log file names.
On Windows, colons are illegal in filenames, because they're part of
the path syntax. But colons can appear in automatically constructed
log file names, if an IPv6 address is expanded from the &H placeholder.
Now we coerce any such illegal characters to '.', which is a bit of a
bodge but should at least cause a log file to be generated.
Simon Tatham [Fri, 25 Sep 2015 08:15:21 +0000 (09:15 +0100)]
Shout more loudly if we can't open a log file.
A user points out that logging fopen failures to the Event Log is a
bit obscure, and it's possible to proceed for months in the assumption
that your sessions are being correctly logged when in fact the
partition was full or you were aiming them at the wrong directory. Now
we produce output visibly in the PuTTY window.
Simon Tatham [Thu, 24 Sep 2015 16:30:04 +0000 (17:30 +0100)]
Command-line options to log sessions.
Log files, especially SSH packet logs, are often things you want to
generate in unusual circumstances, so it's good to have lots of ways
to ask for them. Particularly, it's especially painful to have to set
up a custom saved session to get diagnostics out of the command-line
tools.
I've added options '-sessionlog', '-sshlog' and '-sshrawlog', each of
which takes a filename argument. I think the fourth option (session
output but filtered down to the printable subset) is not really a
_debugging_ log in the same sense, so it's not as critical to have an
option for it.
Simon Tatham [Sat, 17 Oct 2015 16:30:53 +0000 (17:30 +0100)]
Fix spurious EAGAIN in Plink host key (and other) prompts.
Plink sets standard input into nonblocking mode, meaning that read()
from fd 0 in an interactive context will typically return -1 EAGAIN.
But the prompt functions in uxcons.c, used for verifying SSH host keys
and suchlike, were doing an unguarded read() from fd 0, and then
panicking and aborting the session when they got EAGAIN.
Fixed by inventing a wrapper around read(2) which handles EAGAIN but
passes all other errors back to the caller. (Seemed slightly less
dangerous than the stateful alternative of temporarily re-blockifying
the file descriptor.)
Cherry-picker's notes: the conflict was a trivial one. The new
function block_and_read() by this commit appears just before
verify_ssh_host_key(), which has a new prototype on the source branch,
close enough to disrupt the patch hunk's context. Easily fixed.
Simon Tatham [Thu, 3 Sep 2015 18:04:54 +0000 (19:04 +0100)]
Key rollover: fix the .htaccess files built by Buildscr.
The build script generates the .htaccess files that go in each
individual build and redirect generic names like 'putty.tar.gz' to the
real filenames including that build's version number. Those .htaccess
files redirect the corresponding signatures as well, so they need
updating now that we're generating signature files with a different
extension.
Simon Tatham [Wed, 2 Sep 2015 17:30:10 +0000 (18:30 +0100)]
Key rollover: switch to signing using the new keys.
sign.sh's command-line syntax has changed, so I've updated the sample
command line in CHECKLST as well. Also the file extensions of the
signatures have changed, so I've updated the pre-release verification
command line in CHECKLST too.
Simon Tatham [Tue, 1 Sep 2015 17:35:38 +0000 (18:35 +0100)]
pterm: set IUTF8 on pty devices depending on charset.
In a UTF-8 pterm, it makes sense to set the IUTF8 flag (on systems
that have one) on the pty device, so that line editing will take
account of UTF-8 multibyte characters.
Simon Tatham [Sun, 23 Aug 2015 13:13:30 +0000 (14:13 +0100)]
Performance: cache character widths returned from Pango.
Profiling reveals that pterm in Pango rendering mode uses an absurd
amount of CPU when it's not even actually _drawing_ the text, because
of all the calls to pango_layout_get_pixel_extents() while
pangofont_draw_text tries to work out which characters it can safely
draw as part of a long string. Caching the results speeds things up
greatly.
Simon Tatham [Sat, 22 Aug 2015 14:05:12 +0000 (15:05 +0100)]
'pterm --display' should set $DISPLAY inside the terminal.
If you open a pterm on a different display via the --display
command-line option rather than by setting $DISPLAY, I think (and
other terminals seem to agree) that it's sensible to set $DISPLAY
anyway for processes running inside the terminal.
Simon Tatham [Sat, 8 Aug 2015 12:35:44 +0000 (13:35 +0100)]
New formatting directive in logfile naming: &P for port number.
Users have requested this from time to time, for distinguishing log
file names when there's more than one SSH server running on different
ports of the same host. Since we do take account of that possibility
in other areas (e.g. we cache host keys indexed by (host,port) rather
than just host), it doesn't seem unreasonable to do so here too.
Simon Tatham [Thu, 6 Aug 2015 18:25:56 +0000 (19:25 +0100)]
Work around a failure in Windows 10 jump lists.
We've had several reports that launching saved sessions from the
Windows 10 jump list fails; Changyu Li reports that this is because we
create those IShellLink objects with a command line string starting
with @, and in Windows 10 that causes the SetArguments method to
silently do the wrong thing.
Simon Tatham [Sat, 1 Aug 2015 21:11:16 +0000 (22:11 +0100)]
Don't try to load GSSAPI libs unless we'll use them.
A user reports that in a particular situation one of the calls to
LoadLibrary from wingss.c has unwanted side effects, and points out
that this happens even when the saved session has GSSAPI disabled. So
I've evaluated as much as possible of the condition under which we
check the results of GSS library loading, and deferred the library
loading itself until after that condition says we even care about the
results.
Simon Tatham [Mon, 27 Jul 2015 19:06:02 +0000 (20:06 +0100)]
Handle the VK_PACKET virtual key code.
This is generated in response to the SendInput() Windows API call, if
that in turn is passed an KEYBDINPUT structure with KEYEVENTF_UNICODE
set. That method of input generation is used by programs such as
'WinCompose' to send an arbitrary Unicode character as if it had been
typed at the keyboard, even if the keyboard doesn't actually provide a
key for it.
Like VK_PROCESSKEY, this key code is an exception to our usual policy
of manually translating keystrokes: we handle it by calling
TranslateMessage, to get back the Unicode character it contains as a
WM_CHAR message.
(If that Unicode character in turn is outside the BMP, it may come
back as a pair of WM_CHARs in succession containing UTF-16 surrogates;
if so, that's OK, because the new Unicode WM_CHAR handler can cope.)
Simon Tatham [Mon, 27 Jul 2015 19:06:02 +0000 (20:06 +0100)]
Turn the Windows PuTTY main window into a Unicode window.
This causes WM_CHAR messages sent to us to have a wParam containing a
16-bit value encoded in UTF-16, rather than an 8-bit value encoded in
the system code page.
As far as I can tell, there aren't many other knock-on effects - e.g.
you can still interact with the window using ordinary char-based API
functions such as SetWindowText, and the Windows API will do the
necessary conversions behind the scenes. However, even so, I'm half
expecting some sort of unforeseen bug to show up as a result of this.
Simon Tatham [Mon, 27 Jul 2015 19:06:02 +0000 (20:06 +0100)]
New centralised helper function dup_mb_to_wc().
PuTTY's main mb_to_wc() function is all very well for embedding in
fiddly data pipelines, but for the simple job of turning a C string
into a C wide string, really I want something much more like
dupprintf. So here is one.
I've had to put it in a new separate source file miscucs.c rather than
throwing it into misc.c, because misc.c is linked into tools that
don't also include a module providing the internal Unicode API (winucs
or uxucs). The new miscucs.c appears only in Unicode-using tools.
Simon Tatham [Sat, 25 Jul 2015 10:28:32 +0000 (11:28 +0100)]
Post-0.65 release checklist updates.
The -F option is no longer needed to bob in this situation; that
hasn't been the directory I keep release announcements in for a long
time; the Docs page needs adjusting for pre-release retirement as well
as the Downloads page.
Simon Tatham [Mon, 28 Sep 2015 19:18:58 +0000 (20:18 +0100)]
Make 'extend selection' mouse button work again.
I broke it as a side effect of commit 30e63c105, in which I intended
to ignore mouse drag events that hadn't been preceded by a click. I
didn't spot that right-clicks (assuming Unix-style button mappings) go
through the same code path as left-drags, and hence were being ignored
even though they _were_ their own initiating click.
Simon Tatham [Mon, 28 Sep 2015 18:52:38 +0000 (19:52 +0100)]
Include stdint.h (where available) for uintptr_t.
Commit f2e61275f introduced the use of uintptr_t, without adding an
include of <stdint.h> which is where the C standard says that type
should be defined. This didn't cause a build failure, because Visual
Studio also defines it in <stddef.h> which we do include. But a user
points out that other Windows toolchains - e.g. MinGW - don't
necessarily do the same.
I can't add an unconditional include of <stdint.h>, because the VS I
use for the current official builds doesn't have that header at all.
So I conditionalise it out for old VS; if it needs throwing out for
any other toolchain, I'll add further conditions as reports come in.
Simon Tatham [Sat, 26 Sep 2015 13:17:51 +0000 (14:17 +0100)]
Set GTK3 as the default, and stop marking it unfinished.
Today I've gone through the whole GTK front end, doing a manual test
of every piece of code that I either remembered having had to fiddle
with for GTK3, or suddenly realised I _should_ have fiddled with. I've
fixed all the bugs arising from that exercise; and what with that, the
fact that the new Cairo image surface strategy makes server-side font
handling _faster_ in GTK3 than in GTK2, and the fact that GTK3 also
supports the shiny new smooth scrolling system for touchpads, I
suddenly think that the GTK3 build is now at least as good as GTK2.
So I've switched the configure script over to picking it by default if
it can, and I've also removed the 'unfinished and experimental'
warning if you select it. I for one will now start using GTK3 PuTTY
and pterm for my day-to-day work.
Simon Tatham [Sat, 26 Sep 2015 13:13:56 +0000 (14:13 +0100)]
Widen the GTK askalg() message box.
In GTK3, the line 'Continue with connection?' got wrapped (in spite of
my attempt to enforce via string_width() that it didn't - probably a
few pixels were needed on top of that for various padding and
furniture) so it looked even sillier. But it looked a bit narrow to be
sensible even in GTK2, so the simplest answer is just to widen it
considerably.
Simon Tatham [Sat, 26 Sep 2015 13:09:27 +0000 (14:09 +0100)]
Make sure Escape terminates the About box.
I think it only did so in GTK2 by virtue of the About box being a
GtkDialog. But in GTK3 I've abandoned GtkDialog for not being flexible
enough, so I have to process the Escape key myself.
Simon Tatham [Sat, 26 Sep 2015 12:57:12 +0000 (13:57 +0100)]
Make sure Escape in a message box always does something.
The askalg() dialog, and several one-button things like the licence
box, have no button labelled 'cancel'. But in all cases we do want
Escape to terminate the box, with as negative an answer as is
available. So now we assign the 'iscancel' flag to any button whose
numeric value is the smallest of the ones given as input to
messagebox().
(In a one-button box, this leads to isdefault and iscancel _both_
being set for that button. That's fine; it works.)
Simon Tatham [Sat, 26 Sep 2015 12:22:49 +0000 (13:22 +0100)]
Fix GTK keyboard-shortcut focusing of CTRL_LISTBOX.
I had put an entire piece of code into win_key_press's SHORTCUT_UCTRL
handler to carefully handle all the different kinds of list box
control and do something sensible with each one, and then I just went
and used a generic SHORTCUT_FOCUS type shortcut instead of actually
_calling_ all that carefully prepared code.
Now selecting (say) the character-classes list box in the Selection
panel using its Alt-e shortcut works; also, shortcut-selecting a popup
menu such as the ones in the Bugs panel causes the menu to pop up,
which I think is nicer than what previously happened.
Simon Tatham [Sat, 26 Sep 2015 12:12:25 +0000 (13:12 +0100)]
Permit the config box treeview to be keyboard-selected.
I'd failed to set the widget field in its shortcut structure, leading
to an annoying GTK warning log message and no useful UI action when
Alt-G was pressed in the config box.
Simon Tatham [Sat, 26 Sep 2015 11:59:26 +0000 (12:59 +0100)]
Remove a couple of outdated FIXME comments.
I had originally planned to implement a Compose-type key locally in
GTK PuTTY, as I did in Windows PuTTY. But in fact we've done this for
some time by delegating to the GTK IM system, which is a far better
idea anyway. So there's no point any more having the FIXME comment
that mentions Compose keys.
Also, there was a comment worrying about what I was going to do about
double-width characters in Pango, which is long since sorted out.
Simon Tatham [Sat, 26 Sep 2015 10:48:21 +0000 (11:48 +0100)]
Add some missing GTK focus-in event handlers.
Fixes a behaviour which I intended all along but apparently didn't
work before on GTK: if you start PuTTY, _select_ a saved session in
the list box but don't hit Load, and then just hit Open, then it will
be implicitly loaded and run for you, as a special case to save you an
extra button-press.
This depends on noticing that the saved-sessions list box last had the
focus, for which I need my widget_focus() handler to be called for
basically all config widgets so that I can track what _did_ last have
focus. Unfortunately, I missed a couple out.
Simon Tatham [Sat, 26 Sep 2015 10:09:20 +0000 (11:09 +0100)]
Don't defer displaying the prompt label in gtkask.
The previous sequence of events was that I would display the window
synchronously (via gtk_widget_show_now), so that I knew it was
actually on the screen and realised as an X window, and then I'd grab
the keyboard, and once the keyboard was grabbed, connect up the
keyboard event handlers and display the prompt.
I have to assume that deferring the display of the 'enter the
passphrase' prompt until the keyboard handlers were set up was
intended as some sort of 'not misleading the user' measure - don't
tell them to start typing until we're actually ready to start typing.
But unfortunately it has the side effect that the window is displayed
at a much smaller size before the prompt label appears, and centred on
the screen according to _that_ size - and then we display the prompt
label and the window resizes and is now off-centre. So I think it's
better not to try to be clever, and just make the window come up at
the right size initially.
(Actually, it looks as if nothing in the window is actually drawn
until that whole init function is finished anyway, so the prompt label
_already_ doesn't get physically displayed too early. So the whole
idea was pointless in the first place!)
Simon Tatham [Sat, 26 Sep 2015 09:42:02 +0000 (10:42 +0100)]
Visually distinguish charset headings in GTK3 unifontsel.
When displaying a server-side font, the unified font selector's
font-style list box contains some lines which are character-set
headings, and others which are actually selectable font styles. We tag
the former with the "sensitive"=FALSE attribute, to prevent them from
responding to clicks. In GTK2, this also made them visually distinct
from the normal lines, by greying them out; in GTK3 it makes no visual
difference.
The simplest solution is to bold those lines, hinting that they're
sort of section headings. That looks OK in GTK2 as well, so I've done
it unconditionally.
Simon Tatham [Sat, 26 Sep 2015 09:18:53 +0000 (10:18 +0100)]
Fix combining character handling in Pango.
The top-level loop in gtkwin.c which draws text was expecting that the
right way to draw a printing character plus combining characters was
to overprint them one by one on top of each other. This is an OK
assumption for X bitmap fonts, but in Pango, it works very badly -
most obviously because asking Pango to display a combining char on its
own causes it to print a dotted circle representing the base char, but
also because surely there will be character combinations where Pango
wants to do something more sophisticated than just printing them each
at a standard offset, and it would be a shame not to let it.
So I've moved the previous overprinting loop down into the x11font
subclass of the unifont mechanism. The top-level gtkwin.c drawing code
now calls a new method unifont_draw_combining, which in the X11 case
does the same loop as before, but in the Pango case, just passes a
whole base+combinings string to Pango in one go and lets it do the
best job it can.