PuTTY Pre-release 0.79:2023-08-24.27f0140

Source commit: c3526b15b5ac41f430909d228fe11655dcf46282

source/putty/doc/config.but

@@ -214,12 +214,15 @@ digits.
 \b \c{&T} will be replaced by the current time, as six digits
 (HHMMSS) with no punctuation.
 
-\b \c{&H} will be replaced by the host name you are connecting to.
+\b \c{&H} will be replaced by the host name you are connecting to
+(or the serial line, for a serial connection).
 
 \b \c{&P} will be replaced by the port number you are connecting to on
 the target host.
 
-For example, if you enter the host name
+(These are all case-insensitive.)
+
+For example, if you enter the file name
 \c{c:\\puttylogs\\log-&h-&y&m&d-&t.dat}, you will end up with files looking
 like
 
@@ -3030,6 +3033,9 @@ PuTTY can't fall back to using this file itself.
 
 \S{config-ssh-cert} \q{\ii{Certificate} to use with the private key}
 
+(This is optional. If you don't know you need it, you can leave this
+blank.)
+
 In some environments, user authentication keys can be signed in turn
 by a \q{certifying authority} (\q{CA} for short), and user accounts on
 an SSH server can be configured to automatically trust any key that's

source/putty/doc/errors.but

@@ -374,6 +374,10 @@ Check that you are connecting with the correct protocol (SSH, Telnet,
 etc), and check that the port number is correct. If that
 fails, consult the administrator of your server.
 
+This error can also be caused by a firewall in between you and the
+server, which rejects the connection and sends back the same type of
+error packet as the real server would have sent.
+
 \H{errors-conntimedout} \q{Network error: Connection timed out}
 
 This error means that the network connection PuTTY tried to make to

source/putty/doc/index.but

@@ -869,6 +869,9 @@ saved sessions from
 \IM{ssh.com private key format} \cw{ssh.com} private key file format
 \IM{ssh.com private key format} private key file, \cw{ssh.com}
 
+\IM{PEM-style} PEM-style OpenSSH private key format
+\IM{PEM-style} OpenSSH private key format, PEM-style
+
 \IM{importing keys} importing private keys
 \IM{importing keys} loading private keys
 

source/putty/doc/pgpkeys.but

@@ -56,25 +56,25 @@ The current issue of those keys are available for download from the
 PuTTY website, and are also available on PGP keyservers using the key
 IDs listed below.
 
-\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/master-2021.asc}{\s{Master Key} (2021)}
+\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/master-2023.asc}{\s{Master Key} (2023)}
 
-\dd RSA, 3072-bit. Key ID: \cw{DD4355EAAC1119DE}. Fingerprint:
-\cw{A872\_D42F\_1660\_890F\_0E05\_223E\_DD43\_55EA\_AC11\_19DE}
+\dd RSA, 4096-bit. Key ID: \cw{B15D9EFC216B06A1}. Fingerprint:
+\cw{28D4\_7C46\_55E7\_65A6\_D827\_AC66\_B15D\_9EFC\_216B\_06A1}
 
-\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/release-2021.asc}{\s{Release Key} (2021)}
+\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/release-2023.asc}{\s{Release Key} (2023)}
 
-\dd RSA, 3072-bit. Key ID: \cw{E4F83EA2AA4915EC}. Fingerprint:
-\cw{2CF6\_134B\_D3F7\_7A65\_88EB\_D668\_E4F8\_3EA2\_AA49\_15EC}
+\dd RSA, 3072-bit. Key ID: \cw{1993D21BCAD1AA77}. Fingerprint:
+\cw{F412\_BA3A\_A30F\_DC0E\_77B4\_E387\_1993\_D21B\_CAD1\_AA77}
 
-\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/snapshot-2021.asc}{\s{Snapshot Key} (2021)}
+\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/snapshot-2023.asc}{\s{Snapshot Key} (2023)}
 
-\dd RSA, 3072-bit. Key ID: \cw{B43979F89F446CFD}. Fingerprint:
-\cw{1FD3\_BCAC\_E532\_FBE0\_6A8C\_09E2\_B439\_79F8\_9F44\_6CFD}
+\dd RSA, 3072-bit. Key ID: \cw{10625E553F53FAAD}. Fingerprint:
+\cw{74CC\_6DD9\_ABA7\_31D4\_C5A0\_C2D0\_1062\_5E55\_3F53\_FAAD}
 
-\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/contact-2021.asc}{\s{Secure Contact Key} (2021)}
+\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/contact-2023.asc}{\s{Secure Contact Key} (2023)}
 
-\dd RSA, 3072-bit. Key ID: \cw{012C59D4211BD62A}. Fingerprint:
-\cw{E30F\_1354\_2A04\_BE0E\_56F0\_5801\_012C\_59D4\_211B\_D62A}
+\dd RSA, 3072-bit. Key ID: \cw{1559F6A8929F5EFC}. Fingerprint:
+\cw{01F5\_A2B1\_1388\_D64B\_707F\_897F\_1559\_F6A8\_929F\_5EFC}
 
 \H{pgpkeys-security} Security details
 
@@ -153,7 +153,7 @@ once.
 
 \H{pgpkeys-rollover} Key rollover
 
-Our current keys were generated in August 2018.
+Our current keys were generated in July 2023.
 
 Each new Master Key is signed with the old one, to show that it really
 is owned by the same people and not substituted by an attacker.
@@ -169,6 +169,28 @@ generated keys.
 
 The details of all previous keys are given here.
 
+\s{Keys generated in the 2021 rollover}
+
+\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/master-2021.asc}{\s{Master Key} (2021)}
+
+\dd RSA, 3072-bit. Key ID: \cw{DD4355EAAC1119DE}. Fingerprint:
+\cw{A872\_D42F\_1660\_890F\_0E05\_223E\_DD43\_55EA\_AC11\_19DE}
+
+\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/release-2021.asc}{\s{Release Key} (2021)}
+
+\dd RSA, 3072-bit. Key ID: \cw{E4F83EA2AA4915EC}. Fingerprint:
+\cw{2CF6\_134B\_D3F7\_7A65\_88EB\_D668\_E4F8\_3EA2\_AA49\_15EC}
+
+\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/snapshot-2021.asc}{\s{Snapshot Key} (2021)}
+
+\dd RSA, 3072-bit. Key ID: \cw{B43979F89F446CFD}. Fingerprint:
+\cw{1FD3\_BCAC\_E532\_FBE0\_6A8C\_09E2\_B439\_79F8\_9F44\_6CFD}
+
+\dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/contact-2021.asc}{\s{Secure Contact Key} (2021)}
+
+\dd RSA, 3072-bit. Key ID: \cw{012C59D4211BD62A}. Fingerprint:
+\cw{E30F\_1354\_2A04\_BE0E\_56F0\_5801\_012C\_59D4\_211B\_D62A}
+
 \s{Keys generated in the 2018 rollover}
 
 \dt \W{https://www.chiark.greenend.org.uk/~sgtatham/putty/keys/master-2018.asc}{\s{Master Key} (2018)}

source/putty/doc/pubkey.but

@@ -507,13 +507,17 @@ passphrase in beforehand, and you will be warned if you are about to
 save a key without a passphrase.
 
 For OpenSSH there are two options. Modern OpenSSH actually has two
-formats it uses for storing private keys. \q{Export OpenSSH key}
+formats it uses for storing private keys: an older (\q{\i{PEM-style}})
+format, and a newer \q{native} format with better resistance to
+passphrase guessing and support for comments. \q{Export OpenSSH key}
 will automatically choose the oldest format supported for the key
 type, for maximum backward compatibility with older versions of
 OpenSSH; for newer key types like Ed25519, it will use the newer
 format as that is the only legal option. If you have some specific
 reason for wanting to use OpenSSH's newer format even for RSA, DSA,
-or ECDSA keys, you can choose \q{Export OpenSSH key (force new file
+or ECDSA keys \dash for instance, you know your file will only be
+used by OpenSSH 6.5 or newer (released in 2014), and want the extra
+security \dash you can choose \q{Export OpenSSH key (force new file
 format)}.
 
 Most clients for the older SSH-1 protocol use a standard format for

source/putty/doc/puttydoc.txt

@@ -1623,12 +1623,15 @@ Chapter 4: Configuring PuTTY
         -  `&T' will be replaced by the current time, as six digits
            (HHMMSS) with no punctuation.
 
-        -  `&H' will be replaced by the host name you are connecting to.
+        -  `&H' will be replaced by the host name you are connecting to (or
+           the serial line, for a serial connection).
 
         -  `&P' will be replaced by the port number you are connecting to
            on the target host.
 
-       For example, if you enter the host name `c:\puttylogs\log-&h-&y&m&d-
+       (These are all case-insensitive.)
+
+       For example, if you enter the file name `c:\puttylogs\log-&h-&y&m&d-
        &t.dat', you will end up with files looking like
 
          log-server1.example.com-20010528-110859.dat
@@ -4396,6 +4399,9 @@ Chapter 4: Configuring PuTTY
 
 4.22.2 `Certificate to use with the private key'
 
+       (This is optional. If you don't know you need it, you can leave this
+       blank.)
+
        In some environments, user authentication keys can be signed in turn
        by a `certifying authority' (`CA' for short), and user accounts
        on an SSH server can be configured to automatically trust any key
@@ -7344,13 +7350,18 @@ Chapter 8: Using public keys for SSH authentication
        without a passphrase.
 
        For OpenSSH there are two options. Modern OpenSSH actually has two
-       formats it uses for storing private keys. `Export OpenSSH key' will
-       automatically choose the oldest format supported for the key type,
-       for maximum backward compatibility with older versions of OpenSSH;
-       for newer key types like Ed25519, it will use the newer format as
-       that is the only legal option. If you have some specific reason for
-       wanting to use OpenSSH's newer format even for RSA, DSA, or ECDSA
-       keys, you can choose `Export OpenSSH key (force new file format)'.
+       formats it uses for storing private keys: an older (`PEM-style')
+       format, and a newer `native' format with better resistance to
+       passphrase guessing and support for comments. `Export OpenSSH key'
+       will automatically choose the oldest format supported for the key
+       type, for maximum backward compatibility with older versions of
+       OpenSSH; for newer key types like Ed25519, it will use the newer
+       format as that is the only legal option. If you have some specific
+       reason for wanting to use OpenSSH's newer format even for RSA,
+       DSA, or ECDSA keys - for instance, you know your file will only
+       be used by OpenSSH 6.5 or newer (released in 2014), and want the
+       extra security - you can choose `Export OpenSSH key (force new file
+       format)'.
 
        Most clients for the older SSH-1 protocol use a standard format for
        storing private keys on disk. PuTTY uses this format as well; so if
@@ -8302,6 +8313,10 @@ Chapter 10: Common error messages
        Telnet, etc), and check that the port number is correct. If that
        fails, consult the administrator of your server.
 
+       This error can also be caused by a firewall in between you and the
+       server, which rejects the connection and sends back the same type of
+       error packet as the real server would have sent.
+
  10.19 `Network error: Connection timed out'
 
        This error means that the network connection PuTTY tried to make to
@@ -11609,25 +11624,25 @@ Appendix F: PuTTY download keys and signatures
        PuTTY website, and are also available on PGP keyservers using the
        key IDs listed below.
 
-       *Master Key* (2021)
+       *Master Key* (2023)
 
-           RSA, 3072-bit. Key ID: DD4355EAAC1119DE. Fingerprint:
-           A872 D42F 1660 890F 0E05 223E DD43 55EA AC11 19DE
+           RSA, 4096-bit. Key ID: B15D9EFC216B06A1. Fingerprint:
+           28D4 7C46 55E7 65A6 D827 AC66 B15D 9EFC 216B 06A1
 
-       *Release Key* (2021)
+       *Release Key* (2023)
 
-           RSA, 3072-bit. Key ID: E4F83EA2AA4915EC. Fingerprint:
-           2CF6 134B D3F7 7A65 88EB D668 E4F8 3EA2 AA49 15EC
+           RSA, 3072-bit. Key ID: 1993D21BCAD1AA77. Fingerprint:
+           F412 BA3A A30F DC0E 77B4 E387 1993 D21B CAD1 AA77
 
-       *Snapshot Key* (2021)
+       *Snapshot Key* (2023)
 
-           RSA, 3072-bit. Key ID: B43979F89F446CFD. Fingerprint:
-           1FD3 BCAC E532 FBE0 6A8C 09E2 B439 79F8 9F44 6CFD
+           RSA, 3072-bit. Key ID: 10625E553F53FAAD. Fingerprint:
+           74CC 6DD9 ABA7 31D4 C5A0 C2D0 1062 5E55 3F53 FAAD
 
-       *Secure Contact Key* (2021)
+       *Secure Contact Key* (2023)
 
-           RSA, 3072-bit. Key ID: 012C59D4211BD62A. Fingerprint:
-           E30F 1354 2A04 BE0E 56F0 5801 012C 59D4 211B D62A
+           RSA, 3072-bit. Key ID: 1559F6A8929F5EFC. Fingerprint:
+           01F5 A2B1 1388 D64B 707F 897F 1559 F6A8 929F 5EFC
 
    F.2 Security details
 
@@ -11707,7 +11722,7 @@ Appendix F: PuTTY download keys and signatures
 
    F.3 Key rollover
 
-       Our current keys were generated in August 2018.
+       Our current keys were generated in July 2023.
 
        Each new Master Key is signed with the old one, to show that it
        really is owned by the same people and not substituted by an
@@ -11724,6 +11739,28 @@ Appendix F: PuTTY download keys and signatures
 
        The details of all previous keys are given here.
 
+       *Keys generated in the 2021 rollover*
+
+       *Master Key* (2021)
+
+           RSA, 3072-bit. Key ID: DD4355EAAC1119DE. Fingerprint:
+           A872 D42F 1660 890F 0E05 223E DD43 55EA AC11 19DE
+
+       *Release Key* (2021)
+
+           RSA, 3072-bit. Key ID: E4F83EA2AA4915EC. Fingerprint:
+           2CF6 134B D3F7 7A65 88EB D668 E4F8 3EA2 AA49 15EC
+
+       *Snapshot Key* (2021)
+
+           RSA, 3072-bit. Key ID: B43979F89F446CFD. Fingerprint:
+           1FD3 BCAC E532 FBE0 6A8C 09E2 B439 79F8 9F44 6CFD
+
+       *Secure Contact Key* (2021)
+
+           RSA, 3072-bit. Key ID: 012C59D4211BD62A. Fingerprint:
+           E30F 1354 2A04 BE0E 56F0 5801 012C 59D4 211B D62A
+
        *Keys generated in the 2018 rollover*
 
        *Master Key* (2018)
@@ -12442,4 +12479,4 @@ H.6.12 PLUGIN_AUTH_FAILURE
        Secure Shell Protocol (SSH)' (better known by its wire id `keyboard-
        interactive').
 
-[PuTTY pre-release 0.79:2023-05-22.56b16bd]
+[PuTTY pre-release 0.79:2023-08-24.27f0140]

source/putty/doc/version.but

@@ -1 +1 @@
-\versionid PuTTY pre-release 0.79:2023-05-22.56b16bd
+\versionid PuTTY pre-release 0.79:2023-08-24.27f0140

source/putty/logging.c

@@ -22,8 +22,9 @@ struct LogContext {
     int logtype;                       /* cached out of conf */
 };
 
-static Filename *xlatlognam(Filename *s, char *hostname, int port,
-                            struct tm *tm);
+static Filename *xlatlognam(const Filename *s,
+                            const char *hostname, int port,
+                            const struct tm *tm);
 
 /*
  * Internal wrapper function which must be called for _all_ output
@@ -173,7 +174,7 @@ void logfopen(LogContext *ctx)
         filename_free(ctx->currlogfilename);
     ctx->currlogfilename =
         xlatlognam(conf_get_filename(ctx->conf, CONF_logfilename),
-                   conf_get_str(ctx->conf, CONF_host),
+                   conf_dest(ctx->conf),    /* hostname or serial line */
                    conf_get_int(ctx->conf, CONF_port), &tm);
 
     if (open_for_write_would_lose_data(ctx->currlogfilename)) {
@@ -451,10 +452,12 @@ void log_reconfig(LogContext *ctx, Conf *conf)
  *
  * "&Y":YYYY   "&m":MM   "&d":DD   "&T":hhmmss   "&h":<hostname>   "&&":&
  */
-static Filename *xlatlognam(Filename *src, char *hostname, int port,
-                            struct tm *tm)
+static Filename *xlatlognam(const Filename *src,
+                            const char *hostname, int port,
+                            const struct tm *tm)
 {
-    char buf[32], *bufp;
+    char buf[32];
+    const char *bufp;
     int size;
     strbuf *buffer;
     const char *s;

source/putty/putty.h

@@ -21,14 +21,14 @@
  * Fingerprints of the current and previous PGP master keys, to
  * establish a trust path between an executable and other files.
  */
-#define PGP_MASTER_KEY_YEAR "2021"
-#define PGP_MASTER_KEY_DETAILS "RSA, 3072-bit"
+#define PGP_MASTER_KEY_YEAR "2023"
+#define PGP_MASTER_KEY_DETAILS "RSA, 4096-bit"
 #define PGP_MASTER_KEY_FP                                  \
-    "A872 D42F 1660 890F 0E05  223E DD43 55EA AC11 19DE"
-#define PGP_PREV_MASTER_KEY_YEAR "2018"
-#define PGP_PREV_MASTER_KEY_DETAILS "RSA, 4096-bit"
+    "28D4 7C46 55E7 65A6 D827  AC66 B15D 9EFC 216B 06A1"
+#define PGP_PREV_MASTER_KEY_YEAR "2021"
+#define PGP_PREV_MASTER_KEY_DETAILS "RSA, 3072-bit"
 #define PGP_PREV_MASTER_KEY_FP                                  \
-    "24E1 B1C5 75EA 3C9F F752  A922 76BC 7FE4 EBFD 2D9E"
+    "A872 D42F 1660 890F 0E05  223E DD43 55EA AC11 19DE"
 
 /*
  * Definitions of three separate indexing schemes for colour palette

source/putty/ssh/sharing.c

@@ -1770,7 +1770,7 @@ static void share_receive(Plug *plug, int urgent, const char *data, size_t len)
             char *buf = dupprintf("Version string far too long\n");
             share_disconnect(cs, buf);
             sfree(buf);
-            goto dead;
+            return;
         }
         cs->recvbuf[cs->recvlen++] = c;
     }
@@ -1785,7 +1785,7 @@ static void share_receive(Plug *plug, int urgent, const char *data, size_t len)
         char *buf = dupprintf("Version string did not have expected prefix\n");
         share_disconnect(cs, buf);
         sfree(buf);
-        goto dead;
+        return;
     }
     if (cs->recvlen > 0 && cs->recvbuf[cs->recvlen-1] == '\015')
         cs->recvlen--;                 /* trim off \r before \n */
@@ -1810,7 +1810,7 @@ static void share_receive(Plug *plug, int urgent, const char *data, size_t len)
                                   (unsigned)cs->curr_packetlen);
             share_disconnect(cs, buf);
             sfree(buf);
-            goto dead;
+            return;
         }
         while (cs->recvlen < cs->curr_packetlen) {
             crGetChar(c);
@@ -1821,7 +1821,6 @@ static void share_receive(Plug *plug, int urgent, const char *data, size_t len)
                                       cs->recvbuf + 5, cs->recvlen - 5);
     }
 
-  dead:;
     crFinishV;
 }
 

source/putty/utils/conf_dest.c

@@ -0,0 +1,15 @@
+/*
+ * Decide whether the 'host name' or 'serial line' field of a Conf is
+ * important, based on which protocol it has selected.
+ */
+
+#include "putty.h"
+
+char const *conf_dest(Conf *conf)
+{
+    if (conf_get_int(conf, CONF_protocol) == PROT_SERIAL)
+        return conf_get_str(conf, CONF_serline);
+    else
+        return conf_get_str(conf, CONF_host);
+}
+

source/putty/version.h

@@ -1,5 +1,5 @@
 /* Generated by automated build script */
 #define PRERELEASE 0.79
-#define TEXTVER "Pre-release 0.79:2023-05-22.56b16bd"
-#define SSHVER "-Prerelease-0.79:20230522.56b16bd"
-#define BINARY_VERSION 0,78,33974,0
+#define TEXTVER "Pre-release 0.79:2023-08-24.27f0140"
+#define SSHVER "-Prerelease-0.79:20230824.27f0140"
+#define BINARY_VERSION 0,78,34068,0