Merge branch 'thirdparty_dev' into dev

Source commit: dc9f96d0bded1a752c5b891b3610e009309f75df

source/putty/misc.h

@@ -62,10 +62,14 @@ void base64_encode_atom(const unsigned char *data, int n, char *out);
 int base64_decode_atom(const char *atom, unsigned char *out);
 
 struct bufchain_granule;
-typedef struct bufchain_tag {
+struct bufchain_tag {
     struct bufchain_granule *head, *tail;
     int buffersize;		       /* current amount of buffered data */
-} bufchain;
+};
+#ifndef BUFCHAIN_TYPEDEF
+typedef struct bufchain_tag bufchain;  /* rest of declaration in misc.c */
+#define BUFCHAIN_TYPEDEF
+#endif
 
 void bufchain_init(bufchain *ch);
 void bufchain_clear(bufchain *ch);

source/putty/network.h

@@ -239,7 +239,10 @@ Socket new_error_socket(const char *errmsg, Plug plug);
 void backend_socket_log(void *frontend, int type, SockAddr addr, int port,
                         const char *error_msg, int error_code, Conf *conf,
                         int session_started);
+#ifndef BUFCHAIN_TYPEDEF
 typedef struct bufchain_tag bufchain;  /* rest of declaration in misc.c */
+#define BUFCHAIN_TYPEDEF
+#endif
 void log_proxy_stderr(Plug plug, bufchain *buf, const void *vdata, int len);
 
 #endif

source/putty/putty.h

@@ -715,7 +715,20 @@ void cleanup_exit(int);
     X(INT, NONE, change_username) /* allow username switching in SSH-2 */ \
     X(INT, INT, ssh_cipherlist) \
     X(FILENAME, NONE, keyfile) \
-    X(INT, NONE, sshprot) /* use v1 or v2 when both available */ \
+    /* \
+     * Which SSH protocol to use. \
+     * For historical reasons, the current legal values for CONF_sshprot \
+     * are: \
+     *  0 = SSH-1 only \
+     *  3 = SSH-2 only \
+     * We used to also support \
+     *  1 = SSH-1 with fallback to SSH-2 \
+     *  2 = SSH-2 with fallback to SSH-1 \
+     * and we continue to use 0/3 in storage formats rather than the more \
+     * obvious 1/2 to avoid surprises if someone saves a session and later \
+     * downgrades PuTTY. So it's easier to use these numbers internally too. \
+     */ \
+    X(INT, NONE, sshprot) \
     X(INT, NONE, ssh2_des_cbc) /* "des-cbc" unrecommended SSH-2 cipher */ \
     X(INT, NONE, ssh_no_userauth) /* bypass "ssh-userauth" (SSH-2 only) */ \
     X(INT, NONE, ssh_show_banner) /* show USERAUTH_BANNERs (SSH-2 only) */ \
@@ -1462,6 +1475,7 @@ unsigned long schedule_timer(int ticks, timer_fn_t fn, void *ctx);
 void expire_timer_context(void *ctx);
 int run_timers(unsigned long now, unsigned long *next);
 void timer_change_notify(unsigned long next);
+unsigned long timing_last_clock(void);
 
 /*
  * Exports from callback.c.

source/putty/ssh.c

@@ -3148,15 +3148,21 @@ static int do_ssh_init(Ssh ssh, unsigned char c)
     /* Anything greater or equal to "1.99" means protocol 2 is supported. */
     s->proto2 = ssh_versioncmp(s->version, "1.99") >= 0;
 
-    if (conf_get_int(ssh->conf, CONF_sshprot) == 0 && !s->proto1) {
-	bombout(("SSH protocol version 1 required by configuration but "
-		 "not provided by server"));
-	crStop(0);
-    }
-    if (conf_get_int(ssh->conf, CONF_sshprot) == 3 && !s->proto2) {
-	bombout(("SSH protocol version 2 required by configuration but "
-		 "not provided by server"));
-	crStop(0);
+    if (conf_get_int(ssh->conf, CONF_sshprot) == 0) {
+	if (!s->proto1) {
+	    bombout(("SSH protocol version 1 required by our configuration "
+		     "but not provided by server"));
+	    crStop(0);
+	}
+    } else if (conf_get_int(ssh->conf, CONF_sshprot) == 3) {
+	if (!s->proto2) {
+	    bombout(("SSH protocol version 2 required by our configuration "
+		     "but server only provides (old, insecure) SSH-1"));
+	    crStop(0);
+	}
+    } else {
+	/* No longer support values 1 or 2 for CONF_sshprot */
+	assert(!"Unexpected value for CONF_sshprot");
     }
 
     if (s->proto2 && (conf_get_int(ssh->conf, CONF_sshprot) >= 2 || !s->proto1))
@@ -3725,13 +3731,17 @@ static const char *connect_to_host(Ssh ssh, const char *host, int port,
     }
 
     /*
-     * If the SSH version number's fixed, set it now, and if it's SSH-2,
-     * send the version string too.
+     * The SSH version number is always fixed (since we no longer support
+     * fallback between versions), so set it now, and if it's SSH-2,
+     * send the version string now too.
      */
     sshprot = conf_get_int(ssh->conf, CONF_sshprot);
+    assert(sshprot == 0 || sshprot == 3);
     if (sshprot == 0)
+	/* SSH-1 only */
 	ssh->version = 1;
     if (sshprot == 3 && !ssh->bare_connection) {
+	/* SSH-2 only */
 	ssh->version = 2;
 	ssh_send_verstring(ssh, "SSH-", NULL);
     }

source/putty/version.h

@@ -1,5 +1,5 @@
 /* Generated by automated build script */
 #define SNAPSHOT
-#define TEXTVER "Development snapshot 2016-03-31.7f3c956"
-#define SSHVER "PuTTY-Snapshot-2016-03-31.7f3c956"
-#define BINARY_VERSION 0,67,1031,0
+#define TEXTVER "Development snapshot 2016-04-07.8552f5c"
+#define SSHVER "PuTTY-Snapshot-2016-04-07.8552f5c"
+#define BINARY_VERSION 0,67,1038,0

source/putty/windows/winsecur.c

@@ -243,7 +243,7 @@ int setprocessacl(char *error)
 
     static const nastyace=WRITE_DAC | WRITE_OWNER |
 	PROCESS_CREATE_PROCESS | PROCESS_CREATE_THREAD |
-	PROCESS_DUP_HANDLE | PROCESS_QUERY_INFORMATION |
+	PROCESS_DUP_HANDLE |
 	PROCESS_SET_QUOTA | PROCESS_SET_INFORMATION |
 	PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE |
 	PROCESS_SUSPEND_RESUME;