simon-git: putty (main): Simon Tatham
Commits to Tartarus hosted VCS
tartarus-commits at lists.tartarus.org
Mon Sep 12 09:37:28 BST 2022
TL;DR:
bbd46afd opensshcert_components: switch expiry times to UTC.
258a36be Change priority of new Diffie-Hellman groups.
49aa6c2b Remove FTP from release machinery.
Repository: https://git.tartarus.org/simon/putty.git
On the web: https://git.tartarus.org/?p=simon/putty.git
Branch updated: main
Committer: Simon Tatham <anakin at pobox.com>
Date: 2022-09-12 09:37:28
commit bbd46afd91b324a83d6c4ccaa9de32842a678ba9
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=bbd46afd91b324a83d6c4ccaa9de32842a678ba9;hp=5fdfe5ac8364f386f35b85d3adc4963ed00a6100
Author: Simon Tatham <anakin at pobox.com>
Date: Mon Sep 12 07:50:56 2022 +0100
opensshcert_components: switch expiry times to UTC.
Jacob points out that the output of 'puttygen --dump', where the
key_components are used, is much more likely to need to be machine-
than human-readable, and so it makes more sense to use a date/time
format that's invariant under external changes such as locale.
(He also points out that Windows's time zone description strings are
overly verbose!)
crypto/openssh-certs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 258a36be315436d050d1096d97ed4b668ece4593
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=258a36be315436d050d1096d97ed4b668ece4593;hp=bbd46afd91b324a83d6c4ccaa9de32842a678ba9
Author: Simon Tatham <anakin at pobox.com>
Date: Mon Sep 12 09:11:37 2022 +0100
Change priority of new Diffie-Hellman groups.
In the initial commit 031d86ed5ba4dd4 that introduced them, I
accidentally put them below the 'warn about insecurity' line, which I
didn't mean to. Moved them up to just above the existing group14.
Also, I've arranged them in a slightly weird order, so that the most
preferred group of this collection is the medium-sized group16,
followed by the larger ones (17 and 18) and then the smaller 15.
Rationale: larger is better _until_ it starts costing way too much CPU
time, and group18 can grind quite painfully on a slow machine. (And of
course users are free to reconfigure if they have different
preferences.)
This isn't really ideal, of course. The idea that you might not want
to use group18 *because it's slow* contradicts the basic concept of
PuTTY's current crypto-preferences UI, which assumes that you rank
things by security, which is why there's a dividing line below which
things are assumed insecure. I hope that in a future release we'll
rework the UI so that you can express more subtle ideas of what crypto
you do and don't like. But this will do for the moment.
The GSS versions of the same DH methods are reordered similarly.
crypto/diffie-hellman.c | 4 ++--
settings.c | 13 +++++++++----
2 files changed, 11 insertions(+), 6 deletions(-)
commit 49aa6c2b0899e322ca8acebd2a51b6a3f43028df
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=49aa6c2b0899e322ca8acebd2a51b6a3f43028df;hp=258a36be315436d050d1096d97ed4b668ece4593
Author: Simon Tatham <anakin at pobox.com>
Date: Mon Sep 12 09:18:37 2022 +0100
Remove FTP from release machinery.
We withdrew our FTP download links in July, when chiark's OS upgrade
made its previous ftpd go away. We've had no complaints at all about
that, so I think it's time to decide that FTP is officially obsolete,
and remove it from the script that does the uploads, and from the
release checklist.
CHECKLST.txt | 3 ---
release.pl | 24 ++++--------------------
2 files changed, 4 insertions(+), 23 deletions(-)
More information about the tartarus-commits
mailing list