Branch :
| Author | Commit | Date | CI | Message |
|---|---|---|---|---|
| cb2695c4 | 2020-09-30 09:11:38 | Regen moduli. | ||
| 104972a1 | 2020-09-27 07:22:05 | openssh 8.4 | ||
| 30233ff7 | 2020-09-23 14:57:33 | Escape+Up and the other arrow keys should be kept as Escape+Up and not converted to M-Up. Do not give them the implied meta flag so they don't match the M-Up entry in the output key tree. Fixes problem with vi reported by jsing@. | ||
| 0320bad4 | 2020-09-22 15:45:20 | Move a sentence to the right command. | ||
| 831839b5 | 2020-09-22 08:41:27 | Do not wrap at end of text when positioning at end of match because the length may include trailing spaces. | ||
| e2265670 | 2020-09-22 06:44:52 | Resize screen to the correct size (borders need to be taken off). | ||
| d337e2ef | 2020-09-22 05:23:34 | Fix warnings on some platforms with %llx and add a new message to handle 64-bit client flags. | ||
| a3b07109 | 2020-09-21 07:29:09 | close stdin when forking after authentication too; ok markus | ||
| 89b0c167 | 2020-09-20 23:31:46 | close stdout/stderr after "ssh -f ..." forking bz#3137, ok markus | ||
| b2aa37de | 2020-09-20 05:47:25 | cap channel input buffer size at 16MB; avoids high memory use when peer advertises a large window but is slow to consume the data we send (e.g. because of a slow network) reported by Pierre-Yves David fix with & ok markus@ | ||
| 71e3f240 | 2020-09-18 11:23:29 | Free buffer earlier to avoid confusing some compilers, GitHub issue 2382. | ||
| cf415ead | 2020-09-18 11:20:59 | Some other warnings, GitHub issue 2382. | ||
| 453bd449 | 2020-09-18 08:16:38 | handle multiple messages in a single read() PR#183 by Dennis Kaarsemaker; feedback and ok markus@ | ||
| c26f96cd | 2020-09-18 05:23:03 | tweak the client hostkey preference ordering algorithm to prefer the default ordering if the user has a key that matches the best-preference default algorithm. feedback and ok markus@ | ||
| fd9cc1ad | 2020-09-16 19:12:59 | Add -q flag to unbind-key to hide errors, GitHub issue 2381. | ||
| 10e1651a | 2020-09-16 18:37:55 | Fix some warnings, GitHub issue 2382. | ||
| 2de47275 | 2020-09-16 03:07:31 | Remove unused buf, last user was removed when switching to the sshbuf API. Patch from Sebastian Andrzej Siewior. | ||
| dbc83ade | 2020-09-15 20:28:27 | "Route show" and "netstat -r" provide formatting for routing tables with sufficient space to display v4 addresses cleanly, but which truncate v6 addresses. The -n flag on each already provides additional column width for IPv6 addresses. Make this formatting the default. OK phessler kn | ||
| b1a294b5 | 2020-09-15 11:47:42 | We have sockaddr_storage these days, get rid of isc_sockaddr_t. OK beck, "beautiful" deraadt | ||
| 8c9fac11 | 2020-09-15 11:46:19 | The various sockaddr structures have length fields these days. OK beck | ||
| 7240555e | 2020-09-15 08:19:29 | we no longer need isc_netaddr_t OK beck, deraadt (who also OK'ed the previous two diffs) | ||
| 2f8d5e94 | 2020-09-15 08:15:59 | remove 3 unused protos; ok florian | ||
| a537072d | 2020-09-15 08:15:17 | rewrite generating of IPv6 reverse names, lets us get rid of byaddr. OK beck | ||
| f3f77cb3 | 2020-09-15 08:13:35 | move islinklocal, ismulticast, issitelocal from netaddr to sockaddr OK beck | ||
| 4a1c6340 | 2020-09-15 07:45:06 | Fix botched conversion. This was not converted from parse_uint() which took a maxlength of 10 but isc_parse_uint32 which took a base of 10 and unlimited lenght. Use a maxval of 128 for prefix lengths instead. | ||
| 4fb3143d | 2020-09-15 07:41:38 | Remove igetnext prototype for the function does not exist. ok deraadt@ | ||
| 0ecd3aa5 | 2020-09-15 07:18:45 | bump version to 0.29.2, of the changes upstream made between 0.29.1 and 0.29.2 there's effectively only one we didn't have yet which was handling for $C_PATH. turned out we also didn't use a bunch of others so add them too. bump copyright and remove $CSK$ marker while here tested in a ports build by aja@ | ||
| f938cef3 | 2020-09-14 15:12:27 | Allow snmp mibtree to take one or more arguments who will be converted to an output format of your choosing. OK deraadt@ jan@ | ||
| a86169ec | 2020-09-14 11:15:30 | pf: Merge NOTES column into NAME column NOTES stays unused unless pf.conf(5) contains "set loginterface ..." in which case it merely amends what can otherwise be part of the NAME column. Merge the constant NOTES values for conditional counters into their NAME values to make the "pf" view look a little nicer and less empty by default; this also saves screen estate for possible future changes, e.g. we could increase column widths. OK tobhe | ||
| 1fb015a8 | 2020-09-14 08:40:43 | Mechanically replace isc_boolean_t with int. OK deraadt | ||
| 1bf56eb0 | 2020-09-14 08:39:12 | Bunch of dead stores and otherwise unused stuff lets us get rid of unix/net.{c.h}. We need to sprinkle in a few #includes that net.h dragged in. OK deraadt | ||
| 427f8978 | 2020-09-14 08:37:08 | Rewrite isc_time_microdiff() as uelapsed() and put it directly into dig sources, lets us get rid of unix/time.{c,h} OK deraadt | ||
| c49c5f05 | 2020-09-13 09:33:39 | Get rid of isc_parse_uint32() and replace it with strtonum. While here use the standard strtonum error messages. input & OK beck, OK kn | ||
| a446e0a4 | 2020-09-13 09:32:02 | remove unused lex states | ||
| e6d3fd4a | 2020-09-13 09:31:36 | remove unused LEX_OPTs | ||
| 67b2be5a | 2020-09-13 09:31:07 | No need to refcount the parser, we never hold more than one reference. | ||
| 1d333c94 | 2020-09-12 18:11:43 | Let snmp df make use of the new displayhint code, so we don't print random garbage to the description column if the server gives us that. OK jan@ | ||
| f7b961c1 | 2020-09-12 12:53:41 | trailing whitespace | ||
| 9c5836fb | 2020-09-12 07:19:59 | Remove unused callback mechanism / indirection. OK deraadt, millert | ||
| f39545a2 | 2020-09-09 21:57:27 | For the hostkey confirmation message: > Are you sure you want to continue connecting (yes/no/[fingerprint])? compare the fingerprint case sensitively; spotted Patrik Lundin ok dtucker | ||
| 08821f0d | 2020-09-09 16:57:05 | Element next-line scopes can nest. Consequently, even when closing one element next-line scope, the MAN_ELINE flag must not yet be cleared if the parent macro is another element macro having next-line scope, or an assertion failure is caused if all this is wrapped in another macro that has block next-line scope, for example .TP. Bug found in an afl run performed by Jan Schreiber <jes at posteo dot de>. | ||
| bc14ef1f | 2020-09-09 13:57:36 | Wrap long lines, add space in front of goto label in openssl(1) ocsp.c | ||
| b19a7d95 | 2020-09-09 13:40:24 | Do not abuse assert(3) to react to absurd input; the purpose of assert(3) only is to catch internal inconsistencies in the program itself. Issue found in an afl run performed by Jan Schreiber <jes at posteo dot de>. Instead, just cut down unreasonably wide spacing requested by the document to a narrower width. | ||
| 5eedcc54 | 2020-09-09 13:08:38 | Change SSLv23_client_method to TLS_client_method openssl(1) ocsp | ||
| cc102c10 | 2020-09-09 13:04:23 | Remove space between pointer '*' and variable name in ocsp.c | ||
| 92c3ac0c | 2020-09-09 12:53:42 | Convert openssl(1) ocsp option handling input and ok tb@ | ||
| 6fde9eb9 | 2020-09-09 12:47:46 | Add option type OPTION_UL_VALUE_OR ok tb@ | ||
| ee0a8761 | 2020-09-09 03:08:01 | when writing an attestation blob for a FIDO key, record all the data needed to verify the attestation. Previously we were missing the "authenticator data" that is included in the signature. spotted by Ian Haken feedback Pedro Martelletto and Ian Haken; ok markus@ | ||
| fe40fd41 | 2020-09-08 10:19:19 | Allow -N without a command to change or add a note to an existing key. | ||
| 30c2fcb2 | 2020-09-06 14:44:19 | After .ti, there are many reasons why the offset may change, so setting it back later requires a guard against underflow, or subsequent assertions may fail. Issue found in an afl run performed by Jan Schreiber <jes at posteo dot de>. | ||
| 8aed4565 | 2020-09-06 09:49:11 | On tls_config_set_protocols() failure, include the output of tls_config_error() in the errx() message. discussed with jsing | ||
| 04e4226c | 2020-09-06 09:15:04 | Wording tweak from jsing | ||
| 8c3ce041 | 2020-09-06 09:03:13 | Use an int for the verification depth and drop a cast. from jca | ||
| b4f44fcb | 2020-09-06 09:01:01 | Document -S protocols in ftp(1) ok jca | ||
| 8360cc0e | 2020-09-06 09:00:37 | Allow specifying supported TLS protocols in ftp(1) This adds the possibility of specifying the TLS protocols for ftp(1) to use via -S "protocols=tlsv1.2:tlsv1.1" or -S "protocols=all" or simlar options. This works the same way as nc(1)'s -T protocols option using tls_config_{parse,set}_protocols(3) internally. ok jca | ||
| a1750446 | 2020-09-04 12:24:25 | calloc cb data so the client is NULL. | ||
| c5afe1d3 | 2020-09-03 20:33:20 | Fix two issues with .po (page offset) formatting: 1. Truncate excessive offsets to a width reasonable in the context of manual pages instead of printing excessively long lines and sometimes causing assertion failures; found in an afl run performed by Jan Schreiber <jes at posteo dot de>. 2. Remember both the requested and the applied page offset; otherwise, subtracting an excessive width, then adding it again, would end up with an incorrectly large offset. While here, simplify the code by reverting the previous offset up front, and also add some comments to make the general ideas easier to understand. | ||
| 97ab3ebb | 2020-09-03 17:37:06 | If .ti had an excessive argument, using it was attempted, in some cases resulting in an assertion failure. Instead, truncate the temporary indent to a width reasonable in a manual page. I found the issue in an afl run that was performed by Jan Schreiber <jes at posteo dot de>. | ||
| f3a4b49c | 2020-09-03 12:47:33 | Do not free old session working directory until after expanding the new one because it may be needed. | ||
| 7c730607 | 2020-09-03 04:19:53 | Switch use of '\0' to NULL Fix a clang 10 warning about comparing a pointer to a null character. The condition "if ((s = symnam[i]) == '\0')" used to be "if (s = symnam[i])" and the incorrect spelling of NULL was chosen in a -Wall cleanup 19 years ago (-r 1.6). Upstream uses a naked 0 instead of NULL, so does NetBSD. ok martijn millert | ||
| 75fe7ac9 | 2020-09-02 17:19:58 | Check started flag before looking for capability. | ||
| 9a1da370 | 2020-09-02 16:36:48 | Do not indent by SIZE_MAX/2 when .ce occurs inside explicit no-fill mode. While here, drop two unused arguments from the function term_field(); the related work was already done by term_fill() before this commit. I found the bug in an afl run that was performed by Jan Schreiber <jes at posteo dot de>. | ||
| e4f0ed7f | 2020-09-02 13:46:35 | Add a -w flag to set- and load-buffer to send to clipboard using OSC 52. GitHub issue 2363. | ||
| c107dca7 | 2020-09-01 18:24:09 | Ignore unreasonably large spacing modifiers in tbl layouts. Jan Schreiber <jes at posteo dot de> ran afl on mandoc and it turned out mandoc tried to use spacing modifiers so large that they would trigger assertion failures in term_ascii.c, function locale_advance(). | ||
| b9a0c77e | 2020-09-01 17:20:02 | Missed WRITE_BIG -> WRITE_10 | ||
| a6b0224a | 2020-09-01 12:33:48 | Fix build with -fno-common (default in clang 11) Input and ok mortimer@ | ||
| 067867af | 2020-09-01 10:51:41 | update currency exchange rates; | ||
| 9f04068a | 2020-09-01 09:19:01 | Add -F to set-environment and source-file; GitHub issue 2359. | ||
| 33491e32 | 2020-09-01 08:50:14 | Only print below number when there is enough space. | ||
| cf629db8 | 2020-09-01 08:48:26 | Allow a-z keys for display-panes to jump to higher numbered panes. | ||
| a907aba0 | 2020-08-31 16:08:28 | crank to 6.8-beta | ||
| 8b827e99 | 2020-08-31 04:33:17 | refuse to add verify-required (PINful) FIDO keys to ssh-agent until the agent supports them properly | ||
| 0cb81611 | 2020-08-31 00:17:41 | Add RCS IDs to the few files that are missing them; from Pedro Martelletto | ||
| e33a93b3 | 2020-08-30 12:16:04 | Fix :S with anchors and replacement gnezdo noticed that :S/old_string/new_string/ variable modifiers such as :S/^sth/&/ and :S/sth$/&/ with an anchor in the old_string and an & in the new_string don't work as documented (and expected) since they replace & with old_string including the anchors. This is because get_spatternarg() deals with skipping the anchors in pattern->lhs only after having replaced any '&' in the buffer that will eventually become new_string with pattern->lhs. Fix this by moving the logic of skipping the anchors from get_spatternarg() into common_get_patternarg() so it is done before & is handled. ok millert | ||
| 2ed04c87 | 2020-08-28 16:29:16 | Implement mktime() function for compatibility with mawk and gawk. This is the only missing time function compared to those two implementations. Doc changes OK jmc@ | ||
| cd676bba | 2020-08-28 03:15:52 | Check that the addresses supplied to Match Address and Match LocalAddress are valid when parsing in config-test mode. This will catch address/mask mismatches before they cause problems at runtime. Found by Daniel Stocker, ok djm@ | ||
| bad5e71c | 2020-08-27 15:54:38 | Remove a lie reported by Jamie Landeg-Jones <jamie at catflap dot org>: The times when -T man may have expanded .so requests are long gone, nor would such a feature be useful. Use soelim(1) if you need that. | ||
| e01d8257 | 2020-08-27 15:20:31 | unveil(_PATH_DEV, "r") when -T or -u is used: who(1) is using stat(2) for determining the status of the tty ok deraadt@ | ||
| 0d0f340d | 2020-08-27 14:59:42 | Fix a regression caused by the insertion of two new tokens, which unintentionally made the -O tag= argument mandatory, breaking commands like "man -akO tag Ic=ulimit". Noticed while answering questions from Ian Ropers. | ||
| 2909699b | 2020-08-27 14:28:08 | Make it more explicit that the statement "-O tag does not work with less(1)" only applies to -T html output mode, and why. Of course, -O tag works just fine with less(1) in the -T ascii and -T utf8 output modes. Potential for confusion pointed out by Ian Ropers. | ||
| fbe6102b | 2020-08-27 12:58:00 | Avoid artifacts in the most common case of closing conditional blocks when no arguments follow the closing brace, \}. For example, the line "'br\}" contained in the pod2man(1) preamble would throw a bogus "escaped character not allowed in a name" error. This issue was originally reported by Chris Bennett on ports@, and afresh1@ noticed it came from the pod2man(1) preamble. | ||
| fb0dc9ff | 2020-08-27 12:34:00 | sentence fix; from pedro martelletto | ||
| cb9b4a5c | 2020-08-27 09:46:04 | debug()-print a little info about FIDO-specific key fields via "ssh-keygen -vyf /path/key" | ||
| 8c966c57 | 2020-08-27 09:43:28 | skip a bit more FIDO token selection logic when only a single token is attached. with Pedro Martelletto | ||
| 07d23686 | 2020-08-27 06:55:54 | Add pane_last format, GitHub issue 2353. | ||
| 096c972c | 2020-08-27 06:15:22 | tweak previous; | ||
| e4ab4c29 | 2020-08-27 02:11:09 | remove unreachable code I forgot to delete in r1.334 | ||
| 7365ccde | 2020-08-27 01:08:45 | Request PIN ahead of time for certain FIDO actions When we know that a particular action will require a PIN, such as downloading resident keys or generating a verify-required key, request the PIN before attempting it. joint work with Pedro Martelletto; ok markus@ | ||
| 15a2cdb6 | 2020-08-27 01:08:19 | preserve verify-required for resident FIDO keys When downloading a resident, verify-required key from a FIDO token, preserve the verify-required in the private key that is written to disk. Previously we weren't doing that because of lack of support in the middleware API. from Pedro Martelletto; ok markus@ and myself | ||
| 01bb7af0 | 2020-08-27 01:07:51 | major rework of FIDO token selection logic When PINs are in use and multiple FIDO tokens are attached to a host, we cannot just blast requests at all attached tokens with the PIN specified as this will cause the per-token PIN failure counter to increment. If this retry counter hits the token's limit (usually 3 attempts), then the token will lock itself and render all (web and SSH) of its keys invalid. We don't want this. So this reworks the key selection logic for the specific case of multiple keys being attached. When multiple keys are attached and the operation requires a PIN, then the user must touch the key that they wish to use first in order to identify it. This may require multiple touches, but only if there are multiple keys attached AND (usually) the operation requires a PIN. The usual case of a single key attached should be unaffected. Work by Pedro Martelletto; ok myself and markus@ | ||
| 869858c2 | 2020-08-27 01:07:09 | support for requiring user verified FIDO keys in sshd This adds a "verify-required" authorized_keys flag and a corresponding sshd_config option that tells sshd to require that FIDO keys verify the user identity before completing the signing/authentication attempt. Whether or not user verification was performed is already baked into the signature made on the FIDO token, so this is just plumbing that flag through and adding ways to require it. feedback and ok markus@ | ||
| 1f63d3c4 | 2020-08-27 01:06:18 | support for user-verified FIDO keys FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token. This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication. feedback markus@ and Pedro Martelletto; ok markus@ | ||
| d31303eb | 2020-08-26 16:21:28 | Add "t" to toggle the display of routing tables Swap the WAIT column with RTABLE (and vice versa); WAIT is wide enough to fit RTABLE, somewhat adds additional value to STATE and seems therefore most appropiate to hide in favour of RTABLE. Filtering rtables with "T" does not toggle the column, just like filtering users with "u" does not toggle between user and thread id. Feedback jmc OK remi | ||
| 43dc5f42 | 2020-08-25 11:35:32 | Allow colour to be spelt as color, from Boris Verkhovsky. GitHub issue 2317. | ||
| 754b6bea | 2020-08-25 07:27:34 | Rename rtable filter variables and simplify buffer handling No functional change, the rename is for consistency and the buffer handling reduces churn in an upcoming diff. | ||
| aac46131 | 2020-08-24 05:23:30 | Old Terminal.app versions do not respond correctly to secondary DA, instead responding with the primary DA response. Ignore it. Reported by Dave Vandervies. | ||
| 493d2591 | 2020-08-24 05:22:28 | Do not run off end of string when stripping delays, reported by Dave Vandervies. | ||
| f6c67779 | 2020-08-23 21:11:55 | Filter by routing table "-T-0" for processes outside the default routing table, "-T3" for those in a specific one; same semantics as with other filters. Manual wording and command line flag taken from pgrep(1) being the only way to identify processes by routing table; After netstat(1)'s recent addition of "-R", filtering in top makes for handy tooling around rtable(4). "looks good to me" millert OK remi | ||
| 03397e00 | 2020-08-22 18:34:29 | Support looking up unix domain sockets by file name. The best that we can do is string comparison of the file name. Previously, "fstat /var/run/foo.sock" would return no results. The -f option still won't work for sockets since they are not file system objects. OK kn@ | ||
| 4b565362 | 2020-08-21 22:13:15 | Print unp_path for unix domain sockets. OK kn@ mvs@ |