Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
50 most recent check-ins
|
2014-02-24
| ||
| 17:35 | Add a missing bn_restore_invariant in RSA blinding code. We were inventing a random number by starting with a long zero bignum and then setting bits at random, which left an opportunity for the result to be a non-normalised representation (with a leading zero word) and hence fail an assertion in bignum_cmp. Leaf check-in: d7de89b12b user: simon tags: trunk | |
|
2014-02-22
| ||
| 12:02 | Add some assertions in sshzlib.c. gcc 4.8 compiling with -O3 gives a new warning about the access to st->pending at the top of lz77_compress, because for some reason it thinks there's an out-of-bounds array access there (or perhaps just a potential one, I'm not really sure which side -Warray-bounds is erring on). Add an assertion reassuring it that st->npending can't get bigger than the size of st->pending at the site it's complaining about, and a second one at the site where st->npending is increased (just in case my analysis of why it can't happen was wrong!). Also add a comment explaining the assertions. check-in: d59600bfab user: simon tags: trunk | |
| 12:02 | Add the autogenerated empty.h to CLEANFILES. Colin Watson points out that it's untidy to create it with the makefile but not clean it up again in the same way. check-in: 9bdcecee98 user: simon tags: trunk | |
| 12:02 | Add the 'subdir-objects' option in the automake makefile. This rearranges the object files so that they each live alongside their original source file, instead of all being in the same directory. To my way of thinking this is a more or less neutral change (perhaps marginally less tidy), but autotools is apparently beginning to think it's the One True Way and 1.14 will give a warning if you don't have it enabled. check-in: 30b2a618a6 user: simon tags: trunk | |
| 12:01 | Move the Unix configure script up to the top level. Previously, 'configure' and its assorted machinery lived in the 'unix' subdir, because that seemed like a clean place to keep it given that all the other per-platform Makefiles live in their platform directories. However, this never sat all that happily with autotools, and even less so now that it likes to have object file pathnames parallel source file pathnames: if you have Makefile.am refer to source files outside its subdir as "../terminal.c" and enable subdir-objects then any out-of-tree build calls the corresponding object file "../terminal.o" and so your build products mostly end up at the directory above your build dir! And as of autotools 1.14 my previous compensatory bodge of prefixing every source file path in Makefile.am with "$(srcdir)" has stopped working too. So I'm giving in to necessity, and changing policy by moving the configure machinery up to the top level of the source tree where autotools will be less confused by it. This should not be taken as any indication of the primacy of the Unix port, only of the recalcitrance of autotools. Whereas before we had a trivial script called 'configure' at the top level that invoked unix/configure to effectively do an 'out-of-tree build' (for make purposes) at the top level of the source tree, we now have a similar script in unix/configure. So this _should_ make very little difference: people who were previously running configure from the top level should still be able to, and likewise people who were running it from the unix subdir. check-in: c37628a5ae user: simon tags: trunk | |
|
2014-02-16
| ||
| 10:40 | Enable xterm mouse reporting of wheel actions in GTK. I had somehow missed this completely out of the GTK mouse-button handling and never noticed until now! Of course, like any other mouse action, if you want it to be handled locally rather than passed through then you can hold down Shift. check-in: 7b7fe7cab5 user: simon tags: trunk | |
| 10:40 | Stop sending release events for mouse wheel 'buttons' in X mouse mode. On Windows (X mouse reporting of the mouse wheel isn't currently done by the Unix front end, though I'm shortly about to fix that too) a mouse wheel event is translated into a virtual button, and we send both a press and a release of that button to terminal.c, which encodes both in X mouse reporting escape sequences and passes them on to the server. This isn't consistent with what xterm does - scroll-wheel events are encoded _like_ button presses, but differ semantically in that they don't have matching releases. So we're updating to match xterm. check-in: 318dea6985 user: simon tags: trunk | |
|
2014-02-05
| ||
| 15:51 | Revert half of r10135, and re-fix properly. One of my changes in uxnet.c was outside the NO_IPV6 ifdef, and broke compilation in the normal mode. Revert all changes in that file and replace with a reference to the 'step' parameter in the no-IPv6 version of the SOCKADDR_FAMILY macro, so that those warnings are squelched anyway. check-in: abd47d5258 user: simon tags: trunk | |
|
2014-02-04
| ||
| 16:37 | Fix warnings when compiling with -DNO_IPV6. A user pointed out that 'family' was uninitialised in config.c, and when I tried test-building with -DNO_IPV6 (and the usual -Werror, of course) some unused variables showed up in uxnet.c too. check-in: a3ff424718 user: simon tags: trunk | |
|
2014-01-25
| ||
| 12:38 | Don't unconditionally reset scrollback on certain escape sequences. Handlers for a number of escape sequences, notably including ESC[J and the sequences that switch to/from the alternate screen, were unconditionally resetting the scrollback instead of first checking the 'Reset scrollback on display activity' configuration option. I've added the missing if statements, so now 'Reset scrollback on display activity' should actually mean what it says. For example, this would have inconvenienced an mplayer user, who wouldn't be able to go up and check their scrollback while mplayer was repeatedly redisplaying its status line, because mplayer uses ESC[J to erase each version of the status line before printing the next version. check-in: 02395144a9 user: simon tags: trunk | |
| 09:59 | Fix a potential crash in ssh_setup_portfwd. If we search for a colon by computing ptr + host_strcspn(ptr,":"), then the resulting pointer is always non-NULL, and the 'not found' condition is not !p but !*p. This typo could have caused PuTTY to overrun a string, but not in a security-bug sense because any such string would have to have been loaded from the configuration rather than received from a hostile source. check-in: 55833059a8 user: simon tags: trunk | |
| 09:58 | Support explicit IPv6 source addresses in Windows port forwarding. There's been a long-standing FIXME in Windows's sk_newlistener which says that in IPv6 mode, an explicit source address (e.g. from a command-line option of the form -L srcaddr:12345:dest:22) is ignored. Now it's honoured if possible. check-in: 54d31acb43 user: simon tags: trunk | |
| 09:58 | Avoid misidentifying unbracketed IPv6 literals as host:port. Both GUI PuTTY front ends have a piece of logic whereby a string is interpreted as host:port if there's _one_ colon in it, but if there's more than one colon then it's assumed to be an IPv6 literal with no trailing port number. This permits the PuTTY command line to take strings such as 'host', 'host:22' or '[::1]:22', but also cope with a bare v6 literal such as '::1'. This logic is also required in the two Plink front ends and in the processing of CONF_loghost for host key indexing in ssh.c, but was missing in all those places. Add it. check-in: dac07879fa user: simon tags: trunk | |
| 09:58 | Use the new host_str* functions to improve IPv6 literal support. I've gone through everywhere we handle host names / addresses (on command lines, in PuTTY config, in port forwarding, in X display names, in host key storage...) and tried to make them handle IPv6 literals sensibly, by using the host_str* functions I introduced in my previous commit. Generally it's now OK to use a bracketed IPv6 literal anywhere a hostname might have been valid; in a few cases where no ambiguity exists (e.g. no :port suffix is permitted anyway) unbracketed IPv6 literals are also acceptable. check-in: 7c4cad97cb user: simon tags: trunk | |
| 09:58 | New hostname-handling functions in misc.c. These are intended to make it easier to handle strings of the form "hostname:port" or other colon-separated things including hostnames (such as the -L and -R command-line option arguments), even though the hostname part might be a square-bracketed IPv6 address literal containing colons that have to _not_ be treated as separating the top-level string components. Three of these functions have semantics as much like existing C library functions as I could make them (host_strchr, host_strrchr, host_strcspn) so that it wouldn't be too error-prone to replace existing C functions with them at lots of call sites. The fourth function (host_strduptrim) just strips square brackets off anything that looks like an IPv6 literal. check-in: fb9857d0e6 user: simon tags: trunk | |
|
2014-01-16
| ||
| 13:16 | Fix assertion failure in Unix PuTTYgen exports. The assertions I added to sshrand.c in r9930 are now justified, because they were failing when cmdgen was used to convert a key into either foreign private key file format - both the export functions require random_byte() for one reason or another, and random_ref() hadn't been called first. check-in: fbcd95cbc9 user: simon tags: trunk | |
|
2014-01-15
| ||
| 17:57 | It's a new year. check-in: be67deef94 user: jacob tags: trunk | |
| 17:46 | Remove mention of ASCIICTLS. It hasn't done anything since r673 in 2000. check-in: 6b47391217 user: jacob tags: trunk | |
|
2014-01-11
| ||
| 05:23 | Generate IDE project files for Visual Studio 2010 and 2012. Thanks to Mike Edenfield for the initial version of this patch; I've polished it up a bit (in particular inventing a more overengineered GUID generation strategy) but most of it is his. check-in: bf25c6f428 user: simon tags: trunk | |
|
2014-01-09
| ||
| 04:22 | Added putty-cac current state Leaf check-in: 62dff76227 user: rkeene tags: putty-cac | |
| 03:42 | More work towards smartcard support Leaf check-in: fdc3acb4a7 user: rkeene tags: smartcard | |
|
2014-01-07
| ||
| 17:26 | Rename the handle-type enumeration values. Mike Edenfield points out that modern versions of the Windows SDK have decided that 'INPUT' is a sensible name for an OS data structure (sigh), and provided a patch to add a disambiguating prefix to winhandl.c's enum values INPUT, OUTPUT and FOREIGN. check-in: c4c02ad9d3 user: simon tags: trunk | |
| 06:21 | More work towards adding Smartcard support check-in: ac99fad22c user: rkeene tags: smartcard | |
| 05:30 | Stubbed out module loading check-in: ddd30aa4a3 user: rkeene tags: smartcard | |
| 05:13 | Corrected issues with copying in the provider/pin check-in: cd84c88205 user: rkeene tags: smartcard | |
| 05:09 | Merged in Cygwin fixes check-in: fdef7bc4c1 user: rkeene tags: smartcard | |
| 05:08 | Updated to always indicate that PROPERTYKEY is defined in Cygwin/Mingw32 Leaf check-in: c10746d902 user: rkeene tags: new-cygwin-fixes | |
| 05:03 | Corrected issue with HIGH_SURROGATE_START being undefined in some cases check-in: 2483280575 user: rkeene tags: new-cygwin-fixes | |
| 05:01 | Fixed INPUT conflict with tagINPUT in winuser.h check-in: a588f6596d user: rkeene tags: new-cygwin-fixes | |
| 04:59 | Removed "-mno-cygwin" as it is no longer used in mingw32 check-in: 7d5a75bea0 user: rkeene tags: new-cygwin-fixes | |
| 04:57 | Create new branch named "new-cygwin-fixes" check-in: 697fe1728c user: rkeene tags: new-cygwin-fixes | |
| 04:56 | Start of work on adding smartcard support check-in: 0f7cb20b46 user: rkeene tags: smartcard | |
| 00:10 | Create new branch named "smartcard" check-in: 9be29e78b7 user: rkeene tags: smartcard | |
|
2013-12-02
| ||
| 13:27 | Include another autoconf dropping in svn:ignore. check-in: 19507fbbd4 user: simon tags: trunk | |
| 13:26 | Fix breakage of SSH-2 packet decompression by r10070. The line that resets st->pktin->length to cover only the semantic payload of the SSH message was overwriting the modification to st->pktin->length performed by the optional decompression step. I didn't notice because I don't habitually enable compression. check-in: bcffebc70c user: simon tags: trunk | |
|
2013-12-01
| ||
| 12:02 | Use printf rather than echo to generate \versionid. (Sacrificing the ability to build PuTTY docs from Halibut source on SunOS 4, apparently, but I expect we'll live.) check-in: 4468ef8629 user: jacob tags: trunk | |
|
2013-11-30
| ||
| 14:01 | Document the 'bold black' hazard of bold-as-font. check-in: 4c056f3084 user: jacob tags: trunk | |
| 12:04 | Make GTK idle and quit function setup idempotent. I found last week that when a local proxy process terminated unexpectedly, Unix PuTTY went into a tight loop calling quit functions, because if idle_toplevel_callback_func is called from inside a subsidiary gtk_main then it will schedule a quit function and _not_ disable itself, so that that quit function keeps being rescheduled on subsequent calls. To fix, I've tried to make the whole handling of idle and quit functions more sensibly robust: we keep our own boolean flag indicating whether each of our functions has already been scheduled with GTK, and if so, we don't schedule the same one again. Also, when idle_toplevel_callback_func schedules a quit function, it should unschedule itself since it's now done everything it can until a gtk_main instance quits. check-in: f92a403fe9 user: simon tags: trunk | |
|
2013-11-25
| ||
| 13:46 | Fix interaction of insch() with selection highlights. Previously I had unthinkingly called the general-purpose check_selection() routine to indicate that I was going to mess with n character cells right of the cursor position, causing the selection highlight to be removed if it intersected that region. This is all wrong, since actually the whole region from cursor to EOL is modified by any character insertion or deletion, so if we were going to call check_selection it should be on that whole region. (Quick demo: select part of the line to the right of the cursor, then emit ESC[P or ESC[@ and see the text move left or right while the highlight stays put.) So we could just call check_selection() on that larger affected region, and that would be correct. However, we can do something slightly more elegant in the case where the selection is contained entirely within the subregion that moves to one side (as opposed to the characters that actually vanish at one or other end): we can move the selection highlight with the text under it, to preserve the visual reminder of which text was selected for as long as possible. check-in: 8850239d61 user: simon tags: trunk | |
| 12:35 | Switch to using SIDs in make_private_security_descriptor(). Daniel Meidlinger reports that at least one Windows machine which is not obviously otherwise misconfigured will respond to our SetEntriesInAcl call with odd errors like ERROR_NONE_MAPPED or ERROR_TRUSTED_RELATIONSHIP_FAILURE. This is apparently to do with failure to convert the names "EVERYONE" and "CURRENT_USER" used in the ACL specification to SIDs. (Or perhaps only one of them is the problem - I didn't investigate in that direction.) If we instead construct a fully SID-based ACL, using the well-known world SID in place of EVERYONE and calling our existing get_user_sid routine in place of CURRENT_USER, he reports that the problem goes away, so let's do that instead. While I'm here, I've slightly simplified the function prototype of make_private_security_descriptor(), by turning 'networksid' into an internal static that we can reuse in subsequent calls once we've set it up. (Mostly because I didn't fancy adding another two pointless parameters at every call site for the two new SIDs.) check-in: 349ccaac0a user: simon tags: trunk | |
|
2013-11-23
| ||
| 10:54 | Remove an unused variable orphaned by r10092. check-in: 837e4c1632 user: simon tags: trunk | |
|
2013-11-22
| ||
| 13:41 | SetEntriesInAcl returns its error code directly. According to the MSDN documentation, that is. Why oh why? Everything _else_ leaves it in GetLastError(). check-in: acd593e0ad user: simon tags: trunk | |
| 13:41 | Pass the right number of entries to SetEntriesInAcl! check-in: 074d8b4052 user: simon tags: trunk | |
| 13:41 | Include the numeric error code in win_strerror's output. This will be useful if someone gets a mysterious Windows error on a system configured into a language we don't speak - if they cut and paste the error message to send to us, then we won't have to try to translate it. check-in: e00724f199 user: simon tags: trunk | |
|
2013-11-18
| ||
| 16:34 | Fix up the Windows help context stuff for the new connection sharing controls. check-in: 5d4d60ef11 user: jacob tags: trunk | |
| 13:07 | Gracefully degrade in the absence of CryptProtectMemory. XP doesn't have it, and I think having connection sharing work without its privacy enhancement is better than having it not work at all. check-in: e5114b37b0 user: simon tags: trunk | |
| 13:07 | Restore compatibility with older autoconfs. The one in Ubuntu 10.04 doesn't know what AM_PROG_AR means, so configure.ac was broken in r10053 when fixing compatibility with later versions; you can't win... check-in: 72ed2c889b user: simon tags: trunk | |
|
2013-11-17
| ||
| 08:05 | Fix an assortment of dupprintf() format string bugs. I've enabled gcc's format-string checking on dupprintf, by declaring it in misc.h to have the appropriate GNU-specific attribute. This pointed out a selection of warnings, which I've fixed. check-in: 44f33ce7e0 user: simon tags: trunk | |
| 08:05 | Implement connection sharing between instances of PuTTY. The basic strategy is described at the top of the new source file sshshare.c. In very brief: an 'upstream' PuTTY opens a Unix-domain socket or Windows named pipe, and listens for connections from other PuTTYs wanting to run sessions on the same server. The protocol spoken down that socket/pipe is essentially the bare ssh-connection protocol, using a trivial binary packet protocol with no encryption, and the upstream has to do some fiddly transformations that I've been referring to as 'channel-number NAT' to avoid resource clashes between the sessions it's managing. This is quite different from OpenSSH's approach of using the Unix- domain socket as a means of passing file descriptors around; the main reason for that is that fd-passing is Unix-specific but this system has to work on Windows too. However, there are additional advantages, such as making it easy for each downstream PuTTY to run its own independent set of port and X11 forwardings (though the method for making the latter work is quite painful). Sharing is off by default, but configuration is intended to be very easy in the normal case - just tick one box in the SSH config panel and everything else happens automatically. check-in: 998dfad436 user: simon tags: trunk | |
| 08:05 | Move the dynamic loading of advapi into its own module. There's now a winsecur.[ch], which centralises helper functions using the Windows security stuff in advapi.h (currently just get_user_sid), and also centralises the run-time loading of those functions and checking they're all there. check-in: fea133a5df user: simon tags: trunk | |