From 00bcf6ecbc38b79579c09b25dcf848c159513f5a Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Sat, 11 Feb 2017 07:08:53 +0000 Subject: [PATCH 1/5] Update documentation for 0.68. Several places in the docs were labelled for review because they need to change when 0.68's feature set comes in - no SSH-2 to SSH-1 fallback any more, but on the other hand, Unix Pageant now exists. --- doc/errors.but | 10 +++++----- doc/faq.but | 8 +++----- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/doc/errors.but b/doc/errors.but index e221a2d9..fdbdd861 100644 --- a/doc/errors.but +++ b/doc/errors.but @@ -69,11 +69,11 @@ change the \q{SSH protocol version} setting (see \k{config-ssh-prot}), or use the \c{-1} command-line option; in any case, you should not treat the resulting connection as secure. -You might start seeing this message with new versions of PuTTY -\#{XXX-REVIEW-BEFORE-RELEASE: (from 0.XX onwards)} -where you didn't before, because it used to be possible to configure -PuTTY to automatically fall back from SSH-2 to SSH-1. This is no -longer supported, to prevent the possibility of a downgrade attack. +You might start seeing this message with new versions of PuTTY (from +0.68 onwards) where you didn't before, because it used to be possible +to configure PuTTY to automatically fall back from SSH-2 to SSH-1. +This is no longer supported, to prevent the possibility of a downgrade +attack. \H{errors-cipher-warning} \q{The first cipher supported by the server is ... below the configured warning threshold} diff --git a/doc/faq.but b/doc/faq.but index 03de70d7..9c7b9a65 100644 --- a/doc/faq.but +++ b/doc/faq.but @@ -66,9 +66,8 @@ Yes. SSH-1 support has always been available in PuTTY. However, the SSH-1 protocol has many weaknesses and is no longer considered secure; you should use SSH-2 instead if at all possible. -\#{XXX-REVIEW-BEFORE-RELEASE: As of 0.68, PuTTY will no longer fall back to SSH-1 if the server -doesn't appear to support SSH-2; you must explicitly ask for SSH-1. } +doesn't appear to support SSH-2; you must explicitly ask for SSH-1. \S{faq-localecho}{Question} Does PuTTY support \i{local echo}? @@ -257,10 +256,9 @@ If you look at the source release, you should find a \c{unix} subdirectory. There are a couple of ways of building it, including the usual \c{configure}/\c{make}; see the file \c{README} in the source distribution. This should build you Unix -ports of Plink, PuTTY itself, PuTTYgen, PSCP, PSFTP, and also +ports of Plink, PuTTY itself, PuTTYgen, PSCP, PSFTP, Pageant, and also \i\c{pterm} - an \cw{xterm}-type program which supports the same -terminal emulation as PuTTY. \#{XXX-REVIEW-BEFORE-RELEASE:} -We do not yet have a Unix port of Pageant. +terminal emulation as PuTTY. If you don't have \i{Gtk}, you should still be able to build the command-line tools. From 946b26742a5692689b39c65bf038900e3b5eb21a Mon Sep 17 00:00:00 2001 From: Jacob Nevins Date: Fri, 17 Feb 2017 00:18:37 +0000 Subject: [PATCH 2/5] Clear out more XXX-REVIEW-BEFORE-RELEASE. --- doc/faq.but | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/doc/faq.but b/doc/faq.but index 9c7b9a65..ba0d5321 100644 --- a/doc/faq.but +++ b/doc/faq.but @@ -215,21 +215,17 @@ seems to be working so far. Currently, release versions of PuTTY tools only run on Windows systems and Unix. -\#{XXX-REVIEW-BEFORE-RELEASE: replace following two lines with: As of 0.68, the supplied PuTTY executables run on versions of -Windows from XP onwards,} -PuTTY runs on versions of Windows from Windows 95 onwards (but not -the 16-bit Windows 3.1; see \k{faq-win31}), -up to and including Windows 10; and we know of no reason why PuTTY -should not continue to work on future versions of Windows. +Windows from XP onwards, up to and including Windows 10; and we +know of no reason why PuTTY should not continue to work on +future versions of Windows. The 32-bit Windows executables we provide for the \q{\i{x86}} processor architecture should also work fine on 64-bit processors -that are backward-compatible with that architecture. -\#{XXX-REVIEW-BEFORE-RELEASE: The 64-bit executables will only -work on 64-bit versions of Windows. They will run somewhat faster -than 32-bit executables would on the same processor, but will -consume slightly more memory.} +that are backward-compatible with that architecture. The 64-bit +executables will only work on 64-bit versions of Windows. They +will run somewhat faster than 32-bit executables would on the +same processor, but will consume slightly more memory. (We used to also provide executables for Windows for the Alpha processor, but stopped after 0.58 due to lack of interest.) @@ -1052,8 +1048,7 @@ is triggered by PuTTY 0.58. This was fixed in 0.59. The \W{http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/xp-wont-run}{\q{xp-wont-run}} entry in PuTTY's wishlist has more details. -\S{faq-system32}{Question} When I put -\#{XXX-REVIEW-BEFORE-RELEASE 32-bit} PuTTY in +\S{faq-system32}{Question} When I put 32-bit PuTTY in \cw{C:\\WINDOWS\\\i{SYSTEM32}} on my \i{64-bit Windows} system, \i{\q{Duplicate Session}} doesn't work. From 826c52144a2257ac52ee7ed21021c48bd24bd006 Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Sat, 18 Feb 2017 16:50:48 +0000 Subject: [PATCH 3/5] Fix the '--without-gtk' mode in configure. I had accidentally included the experimental "XT" app class (the GtkApplication-based packaging of Unix PuTTY/pterm for OS X) among the things that should still be built even when GTK is absent. That's definitely wrong. --- mkfiles.pl | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/mkfiles.pl b/mkfiles.pl index 5b7ebc1d..ae15ac48 100755 --- a/mkfiles.pl +++ b/mkfiles.pl @@ -1660,11 +1660,20 @@ if (defined $makefiles{'am'}) { print "endif\n\n"; @noinstcliprogs = ("noinst_PROGRAMS", "="); - foreach $p (&prognames("XT:UT")) { + foreach $p (&prognames("UT")) { ($prog, $type) = split ",", $p; push @noinstcliprogs, $prog; } + @noinstallprogs = @noinstcliprogs; + foreach $p (&prognames("XT")) { + ($prog, $type) = split ",", $p; + push @noinstallprogs, $prog; + } + print "if HAVE_GTK\n"; + print &splitline(join " ", @noinstallprogs), "\n"; + print "else\n"; print &splitline(join " ", @noinstcliprogs), "\n"; + print "endif\n\n"; %objtosrc = (); foreach $d (&deps("X", undef, "", "/", "am")) { From 1c1419bfce92bbdf70489a502bb2b2ba84690f39 Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Sat, 18 Feb 2017 17:06:46 +0000 Subject: [PATCH 4/5] Release checklist updates. These reflect the fact that I'm increasingly preferring to make a release-candidate build a few days in advance of the actual release, and give the team time to do a bit of testing on it before putting it up on the live website. Hence, I can't _quite_ fill in everything in the website announcement ahead of time - the release date has to wait until we know what it is, which means I need to have 'now fill in the release date' as part of the go-live checklist. Also, I've provided a better bob command for doing a release build (putting it somewhere safe to begin with, rather than leaving it precariously in my normal build directory). And while I'm here, I've standardised all my placeholder version numbers to X.YZ; previously half of them said 0.XX :-) --- CHECKLST.txt | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/CHECKLST.txt b/CHECKLST.txt index f4d41203..6d3cbee5 100644 --- a/CHECKLST.txt +++ b/CHECKLST.txt @@ -79,8 +79,11 @@ for it: - Update the website, in a local checkout: * Write a release file in components/releases which identifies the - new version, its release date, a section for the Changes page, - and a news announcement for the front page. + new version, a section for the Changes page, and a news + announcement for the front page. + + The one thing this can't yet contain is the release date; + that has to be put in at the last minute, when the release + goes live. Fill in 'FIXME', for the moment. * Disable the pre-release sections of the website (if previously enabled), by editing prerel_version() in components/Base.mc to return undef. @@ -95,15 +98,16 @@ for it: headers for those. * Add an entry to the @releases array in control/bugs2html. - - Build the release, by checking out the release tag: - git checkout 0.XX - bob . RELEASE=0.XX + - Make a release-candidate build from the release tag, and put the + build.out and build.log dfiles somewhere safe. Normally I store + these in an adjacent directory, so I'll run a command like + bob -o ../X.YZ/build-X.YZ-rcN.out -l ../X.YZ/build-X.YZ-rcN.log -c X.YZ . RELEASE=X.YZ This should generate a basically valid release directory as - `build.out/putty', and provide link maps and sign.sh alongside that - in build.out. + `build-X.YZ-rcN.out/putty', and provide link maps and sign.sh + alongside that. - - Double-check in build.log that the release was built from the right - git commit. + - Double-check in build-X.YZ-rcN.log that the release was built from + the right git commit. - Do a bit of checking of the release binaries: * make sure they basically work @@ -113,16 +117,22 @@ for it: * test the Windows installer * test the Unix source tarball. - - Sign the release: in the `build.out' directory, type + - Sign the release: in the `build-X.YZ-rcN.out' directory, type sh sign.sh -r putty and enter the passphrases a lot of times. + - For my own safety, make the release candidate build read-only. + chmod -R a-w build-X.YZ-rcN.out build-X.YZ-rcN.log + The actual release procedure ---------------------------- Once all the above preparation is done and the release has been built locally, this is the procedure for putting it up on the web. + - Make a final adjustment to your local website changes, filling in + the release date in components/releases/X.YZ.mi. + - Upload the release itself and its link maps to everywhere it needs to be, by running this in the build.out directory: ../release.pl --version=X.YZ --upload @@ -147,7 +157,7 @@ locally, this is the procedure for putting it up on the web. commands along these lines: git push origin master # update the master branch git push origin --tags # should push the new release tag - git push origin :pre-0.XX # delete the pre-release branch + git push origin :pre-X.YZ # delete the pre-release branch - Run ~/adm/puttyweb.sh on atreus to update the website after all those git pushes. From 23fbc4f56b04ca5d387c16720caa05ddf2d63e2f Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Fri, 17 Feb 2017 19:39:58 +0000 Subject: [PATCH 5/5] Update version number for 0.68 release. This commit also updates the dumps of Plink's and PSCP's help output, adding the -proxycmd option to both and the -shareexists option to Plink. (Or rather, _re_-adding the latter, since it was introduced in error by commit 07af4ed10 due to a branch management error and hastily removed again in 29e8c24f9. This time it really does match reality.) --- Buildscr | 2 +- LATEST.VER | 2 +- doc/plink.but | 6 +++++- doc/pscp.but | 4 +++- windows/putty.iss | 8 ++++---- 5 files changed, 14 insertions(+), 8 deletions(-) diff --git a/Buildscr b/Buildscr index cff7f868..7ca4eb7f 100644 --- a/Buildscr +++ b/Buildscr @@ -35,7 +35,7 @@ module putty ifeq "$(RELEASE)" "" set Ndate $(!builddate) ifneq "$(Ndate)" "" in . do echo $(Ndate) | perl -pe 's/(....)(..)(..)/$$1-$$2-$$3/' > date ifneq "$(Ndate)" "" read Date date -set Epoch 15860 # update this at every release +set Epoch 16214 # update this at every release ifneq "$(Ndate)" "" in . do echo $(Ndate) | perl -ne 'use Time::Local; /(....)(..)(..)/ and print timegm(0,0,0,$$3,$$2-1,$$1) / 86400 - $(Epoch)' > days ifneq "$(Ndate)" "" read Days days diff --git a/LATEST.VER b/LATEST.VER index 7e2a4fb1..db1ed30c 100644 --- a/LATEST.VER +++ b/LATEST.VER @@ -1 +1 @@ -0.67 +0.68 diff --git a/doc/plink.but b/doc/plink.but index cecdcb03..351e13ea 100644 --- a/doc/plink.but +++ b/doc/plink.but @@ -41,7 +41,7 @@ use Plink: \c Z:\sysosd>plink \c Plink: command-line connection utility -\c Release 0.67 +\c Release 0.68 \c Usage: plink [options] [user@]host [command] \c ("host" can also be a PuTTY saved session name) \c Options: @@ -54,6 +54,8 @@ use Plink: \c -P port connect to specified port \c -l user connect with specified username \c -batch disable all interactive prompts +\c -proxycmd command +\c use 'command' as local proxy \c -sercfg configuration-string (e.g. 19200,8,n,1,X) \c Specify the serial configuration (serial only) \c The following options only apply to SSH connections: @@ -83,6 +85,8 @@ use Plink: \c -sshlog file \c -sshrawlog file \c log protocol details to a file +\c -shareexists +\c test whether a connection-sharing upstream exists Once this works, you are ready to use Plink. diff --git a/doc/pscp.but b/doc/pscp.but index 2b197275..27643a46 100644 --- a/doc/pscp.but +++ b/doc/pscp.but @@ -39,7 +39,7 @@ use PSCP: \c Z:\owendadmin>pscp \c PuTTY Secure Copy client -\c Release 0.67 +\c Release 0.68 \c Usage: pscp [options] [user@]host:source target \c pscp [options] source [source...] [user@]host:target \c pscp [options] -ls [user@]host:filespec @@ -63,6 +63,8 @@ use PSCP: \c -hostkey aa:bb:cc:... \c manually specify a host key (may be repeated) \c -batch disable all interactive prompts +\c -proxycmd command +\c use 'command' as local proxy \c -unsafe allow server-side wildcards (DANGEROUS) \c -sftp force use of SFTP protocol \c -scp force use of SCP protocol diff --git a/windows/putty.iss b/windows/putty.iss index 37b0ecdc..5ecabb78 100644 --- a/windows/putty.iss +++ b/windows/putty.iss @@ -14,10 +14,10 @@ [Setup] AppName=PuTTY -AppVerName=PuTTY version 0.67 -VersionInfoTextVersion=Release 0.67 -AppVersion=0.67 -VersionInfoVersion=0.67.0.0 +AppVerName=PuTTY version 0.68 +VersionInfoTextVersion=Release 0.68 +AppVersion=0.68 +VersionInfoVersion=0.68.0.0 AppPublisher=Simon Tatham AppPublisherURL=http://www.chiark.greenend.org.uk/~sgtatham/putty/ AppReadmeFile={app}\README.txt