atj / ssh-askpass-fullscreen Goto Github PK
View Code? Open in Web Editor NEWA small SSH askpass GUI using GTK+2
Home Page: http://github.com/atj/ssh-askpass-fullscreen
License: GNU General Public License v2.0
A small SSH askpass GUI using GTK+2
Home Page: http://github.com/atj/ssh-askpass-fullscreen
License: GNU General Public License v2.0
Originally reported in Debian as #568779 for 0.3 back in 2010, but I can be still reproduced in 1.2:
From: mike castleman [email protected]
Subject: ssh-askpass-fullscreen attempts to parse prompt as markup
Date: Sun, 07 Feb 2010 13:27:54 -0500
Package: ssh-askpass-fullscreen
Version: 0.3-3If you pass a string with angle brackets into it into
ssh-askpass-fullscreen, then it will attempt to parse the string as some
kind of markup. If the parsing fails, then ssh-askpass-fullscreen will
display no prompt at all. This failure to properly display a prompt
leaves the user with no idea what is going on.For example:
mlc@palm:~$ ssh-askpass-fullscreen 'Enter passphrase for <[email protected]>' (ssh-askpass-fullscreen:17193): Gtk-WARNING **: Failed to set text from markup due to error parsing markup: Error on line 1 char 90: '[email protected]' is not a valid name: '@'
However, other ssh-askpass implementations (such as ssh-askpass-gnome
and the the canonical ssh-askpass) do not have this markup-parsing
'feature' and so display the provided text without a problem.
ssh-askpass-fullscreen should do the same; otherwise, it violates the
interface assumptions that ssh-askpass has offered for years.
This seems to be due to these lines passing the value of the variable message
unescaped into %s:
ssh-askpass-fullscreen/src/ssh-askpass-fullscreen.c
Lines 370 to 371 in 8cae98c
On minimal fix seems to strip out all markup characters with g_strcanon()
or similar functions. Better would be probably to convert them to numerical XML escape codes.
P.S.: I've updated the Debian package of ssh-askpass-fullscreen to 1.2 and will upload it soon to Debian Unstable.
Citing from Debian bug report #967757:
This package has Build-Depends on GTK 2 (libgtk2.0-dev), or produces binary packages with a Depends on GTK 2.
GTK 2 was superseded by GTK 3 in 2011 (see https://bugs.debian.org/947713). It no longer receives any significant upstream maintenance, and in particular does not get feature development for new features like UI scaling on high-pixel-density displays (HiDPI) and native Wayland support. GTK 3 is in maintenance mode and GTK 4 is approaching release, so it seems like a good time to be thinking about
minimizing the amount of GTK 2 in the archive.GTK 2 is used by some important productivity applications like GIMP, and has also historically been a popular UI toolkit for proprietary software that we can't change, so perhaps removing GTK 2 from Debian will never be feasible. However, it has reached the point where a dependency on it is
a bug - not a release-critical bug, and not a bug that can necessarily be fixed quickly, but a piece of technical debt that maintainers should be aware of.A porting guide is provided in the GTK 3 documentation: https://developer.gnome.org/gtk3/stable/migrating.html
Some libraries (for example libgtkspell0) expose GTK as part of their API/ABI, in which case removing the deprecated dependency requires breaking API/ABI. For these libraries, in many cases there will already be a corresponding GTK 3 version (for example libgtkspell3-3-0), in which case the GTK 2-based library should probably be deprecated or removed itself. If there is no GTK 3 equivalent, of a GTK 2-based library, maintainers should talk to the dependent library's upstream developers about whether the dependent library should break API/ABI and switch to GTK 3, or whether the dependent library should itself be deprecated or removed.
A few packages extend GTK 2 by providing plugins (theme engines, input methods, etc.) or themes, for example ibus and mate-themes. If these packages deliberately support GTK 2 even though it is deprecated, and they also support GTK 3, then it is appropriate to mark this mass-filed bug as wontfix for now. I have tried to exclude these packages from the mass-bug-filing, but I probably missed some of them.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.