IABSD.fr/src/usr.bin

Branch :


Log

Author Commit Date CI Message
cb2695c4 2020-09-30 09:11:38 Regen moduli.
104972a1 2020-09-27 07:22:05 openssh 8.4
30233ff7 2020-09-23 14:57:33 Escape+Up and the other arrow keys should be kept as Escape+Up and not converted to M-Up. Do not give them the implied meta flag so they don't match the M-Up entry in the output key tree. Fixes problem with vi reported by jsing@.
0320bad4 2020-09-22 15:45:20 Move a sentence to the right command.
831839b5 2020-09-22 08:41:27 Do not wrap at end of text when positioning at end of match because the length may include trailing spaces.
e2265670 2020-09-22 06:44:52 Resize screen to the correct size (borders need to be taken off).
d337e2ef 2020-09-22 05:23:34 Fix warnings on some platforms with %llx and add a new message to handle 64-bit client flags.
a3b07109 2020-09-21 07:29:09 close stdin when forking after authentication too; ok markus
89b0c167 2020-09-20 23:31:46 close stdout/stderr after "ssh -f ..." forking bz#3137, ok markus
b2aa37de 2020-09-20 05:47:25 cap channel input buffer size at 16MB; avoids high memory use when peer advertises a large window but is slow to consume the data we send (e.g. because of a slow network) reported by Pierre-Yves David fix with & ok markus@
71e3f240 2020-09-18 11:23:29 Free buffer earlier to avoid confusing some compilers, GitHub issue 2382.
cf415ead 2020-09-18 11:20:59 Some other warnings, GitHub issue 2382.
453bd449 2020-09-18 08:16:38 handle multiple messages in a single read() PR#183 by Dennis Kaarsemaker; feedback and ok markus@
c26f96cd 2020-09-18 05:23:03 tweak the client hostkey preference ordering algorithm to prefer the default ordering if the user has a key that matches the best-preference default algorithm. feedback and ok markus@
fd9cc1ad 2020-09-16 19:12:59 Add -q flag to unbind-key to hide errors, GitHub issue 2381.
10e1651a 2020-09-16 18:37:55 Fix some warnings, GitHub issue 2382.
2de47275 2020-09-16 03:07:31 Remove unused buf, last user was removed when switching to the sshbuf API. Patch from Sebastian Andrzej Siewior.
dbc83ade 2020-09-15 20:28:27 "Route show" and "netstat -r" provide formatting for routing tables with sufficient space to display v4 addresses cleanly, but which truncate v6 addresses. The -n flag on each already provides additional column width for IPv6 addresses. Make this formatting the default. OK phessler kn
b1a294b5 2020-09-15 11:47:42 We have sockaddr_storage these days, get rid of isc_sockaddr_t. OK beck, "beautiful" deraadt
8c9fac11 2020-09-15 11:46:19 The various sockaddr structures have length fields these days. OK beck
7240555e 2020-09-15 08:19:29 we no longer need isc_netaddr_t OK beck, deraadt (who also OK'ed the previous two diffs)
2f8d5e94 2020-09-15 08:15:59 remove 3 unused protos; ok florian
a537072d 2020-09-15 08:15:17 rewrite generating of IPv6 reverse names, lets us get rid of byaddr. OK beck
f3f77cb3 2020-09-15 08:13:35 move islinklocal, ismulticast, issitelocal from netaddr to sockaddr OK beck
4a1c6340 2020-09-15 07:45:06 Fix botched conversion. This was not converted from parse_uint() which took a maxlength of 10 but isc_parse_uint32 which took a base of 10 and unlimited lenght. Use a maxval of 128 for prefix lengths instead.
4fb3143d 2020-09-15 07:41:38 Remove igetnext prototype for the function does not exist. ok deraadt@
0ecd3aa5 2020-09-15 07:18:45 bump version to 0.29.2, of the changes upstream made between 0.29.1 and 0.29.2 there's effectively only one we didn't have yet which was handling for $C_PATH. turned out we also didn't use a bunch of others so add them too. bump copyright and remove $CSK$ marker while here tested in a ports build by aja@
f938cef3 2020-09-14 15:12:27 Allow snmp mibtree to take one or more arguments who will be converted to an output format of your choosing. OK deraadt@ jan@
a86169ec 2020-09-14 11:15:30 pf: Merge NOTES column into NAME column NOTES stays unused unless pf.conf(5) contains "set loginterface ..." in which case it merely amends what can otherwise be part of the NAME column. Merge the constant NOTES values for conditional counters into their NAME values to make the "pf" view look a little nicer and less empty by default; this also saves screen estate for possible future changes, e.g. we could increase column widths. OK tobhe
1fb015a8 2020-09-14 08:40:43 Mechanically replace isc_boolean_t with int. OK deraadt
1bf56eb0 2020-09-14 08:39:12 Bunch of dead stores and otherwise unused stuff lets us get rid of unix/net.{c.h}. We need to sprinkle in a few #includes that net.h dragged in. OK deraadt
427f8978 2020-09-14 08:37:08 Rewrite isc_time_microdiff() as uelapsed() and put it directly into dig sources, lets us get rid of unix/time.{c,h} OK deraadt
c49c5f05 2020-09-13 09:33:39 Get rid of isc_parse_uint32() and replace it with strtonum. While here use the standard strtonum error messages. input & OK beck, OK kn
a446e0a4 2020-09-13 09:32:02 remove unused lex states
e6d3fd4a 2020-09-13 09:31:36 remove unused LEX_OPTs
67b2be5a 2020-09-13 09:31:07 No need to refcount the parser, we never hold more than one reference.
1d333c94 2020-09-12 18:11:43 Let snmp df make use of the new displayhint code, so we don't print random garbage to the description column if the server gives us that. OK jan@
f7b961c1 2020-09-12 12:53:41 trailing whitespace
9c5836fb 2020-09-12 07:19:59 Remove unused callback mechanism / indirection. OK deraadt, millert
f39545a2 2020-09-09 21:57:27 For the hostkey confirmation message: > Are you sure you want to continue connecting (yes/no/[fingerprint])? compare the fingerprint case sensitively; spotted Patrik Lundin ok dtucker
08821f0d 2020-09-09 16:57:05 Element next-line scopes can nest. Consequently, even when closing one element next-line scope, the MAN_ELINE flag must not yet be cleared if the parent macro is another element macro having next-line scope, or an assertion failure is caused if all this is wrapped in another macro that has block next-line scope, for example .TP. Bug found in an afl run performed by Jan Schreiber <jes at posteo dot de>.
bc14ef1f 2020-09-09 13:57:36 Wrap long lines, add space in front of goto label in openssl(1) ocsp.c
b19a7d95 2020-09-09 13:40:24 Do not abuse assert(3) to react to absurd input; the purpose of assert(3) only is to catch internal inconsistencies in the program itself. Issue found in an afl run performed by Jan Schreiber <jes at posteo dot de>. Instead, just cut down unreasonably wide spacing requested by the document to a narrower width.
5eedcc54 2020-09-09 13:08:38 Change SSLv23_client_method to TLS_client_method openssl(1) ocsp
cc102c10 2020-09-09 13:04:23 Remove space between pointer '*' and variable name in ocsp.c
92c3ac0c 2020-09-09 12:53:42 Convert openssl(1) ocsp option handling input and ok tb@
6fde9eb9 2020-09-09 12:47:46 Add option type OPTION_UL_VALUE_OR ok tb@
ee0a8761 2020-09-09 03:08:01 when writing an attestation blob for a FIDO key, record all the data needed to verify the attestation. Previously we were missing the "authenticator data" that is included in the signature. spotted by Ian Haken feedback Pedro Martelletto and Ian Haken; ok markus@
fe40fd41 2020-09-08 10:19:19 Allow -N without a command to change or add a note to an existing key.
30c2fcb2 2020-09-06 14:44:19 After .ti, there are many reasons why the offset may change, so setting it back later requires a guard against underflow, or subsequent assertions may fail. Issue found in an afl run performed by Jan Schreiber <jes at posteo dot de>.
8aed4565 2020-09-06 09:49:11 On tls_config_set_protocols() failure, include the output of tls_config_error() in the errx() message. discussed with jsing
04e4226c 2020-09-06 09:15:04 Wording tweak from jsing
8c3ce041 2020-09-06 09:03:13 Use an int for the verification depth and drop a cast. from jca
b4f44fcb 2020-09-06 09:01:01 Document -S protocols in ftp(1) ok jca
8360cc0e 2020-09-06 09:00:37 Allow specifying supported TLS protocols in ftp(1) This adds the possibility of specifying the TLS protocols for ftp(1) to use via -S "protocols=tlsv1.2:tlsv1.1" or -S "protocols=all" or simlar options. This works the same way as nc(1)'s -T protocols option using tls_config_{parse,set}_protocols(3) internally. ok jca
a1750446 2020-09-04 12:24:25 calloc cb data so the client is NULL.
c5afe1d3 2020-09-03 20:33:20 Fix two issues with .po (page offset) formatting: 1. Truncate excessive offsets to a width reasonable in the context of manual pages instead of printing excessively long lines and sometimes causing assertion failures; found in an afl run performed by Jan Schreiber <jes at posteo dot de>. 2. Remember both the requested and the applied page offset; otherwise, subtracting an excessive width, then adding it again, would end up with an incorrectly large offset. While here, simplify the code by reverting the previous offset up front, and also add some comments to make the general ideas easier to understand.
97ab3ebb 2020-09-03 17:37:06 If .ti had an excessive argument, using it was attempted, in some cases resulting in an assertion failure. Instead, truncate the temporary indent to a width reasonable in a manual page. I found the issue in an afl run that was performed by Jan Schreiber <jes at posteo dot de>.
f3a4b49c 2020-09-03 12:47:33 Do not free old session working directory until after expanding the new one because it may be needed.
7c730607 2020-09-03 04:19:53 Switch use of '\0' to NULL Fix a clang 10 warning about comparing a pointer to a null character. The condition "if ((s = symnam[i]) == '\0')" used to be "if (s = symnam[i])" and the incorrect spelling of NULL was chosen in a -Wall cleanup 19 years ago (-r 1.6). Upstream uses a naked 0 instead of NULL, so does NetBSD. ok martijn millert
75fe7ac9 2020-09-02 17:19:58 Check started flag before looking for capability.
9a1da370 2020-09-02 16:36:48 Do not indent by SIZE_MAX/2 when .ce occurs inside explicit no-fill mode. While here, drop two unused arguments from the function term_field(); the related work was already done by term_fill() before this commit. I found the bug in an afl run that was performed by Jan Schreiber <jes at posteo dot de>.
e4f0ed7f 2020-09-02 13:46:35 Add a -w flag to set- and load-buffer to send to clipboard using OSC 52. GitHub issue 2363.
c107dca7 2020-09-01 18:24:09 Ignore unreasonably large spacing modifiers in tbl layouts. Jan Schreiber <jes at posteo dot de> ran afl on mandoc and it turned out mandoc tried to use spacing modifiers so large that they would trigger assertion failures in term_ascii.c, function locale_advance().
b9a0c77e 2020-09-01 17:20:02 Missed WRITE_BIG -> WRITE_10
a6b0224a 2020-09-01 12:33:48 Fix build with -fno-common (default in clang 11) Input and ok mortimer@
067867af 2020-09-01 10:51:41 update currency exchange rates;
9f04068a 2020-09-01 09:19:01 Add -F to set-environment and source-file; GitHub issue 2359.
33491e32 2020-09-01 08:50:14 Only print below number when there is enough space.
cf629db8 2020-09-01 08:48:26 Allow a-z keys for display-panes to jump to higher numbered panes.
a907aba0 2020-08-31 16:08:28 crank to 6.8-beta
8b827e99 2020-08-31 04:33:17 refuse to add verify-required (PINful) FIDO keys to ssh-agent until the agent supports them properly
0cb81611 2020-08-31 00:17:41 Add RCS IDs to the few files that are missing them; from Pedro Martelletto
e33a93b3 2020-08-30 12:16:04 Fix :S with anchors and replacement gnezdo noticed that :S/old_string/new_string/ variable modifiers such as :S/^sth/&/ and :S/sth$/&/ with an anchor in the old_string and an & in the new_string don't work as documented (and expected) since they replace & with old_string including the anchors. This is because get_spatternarg() deals with skipping the anchors in pattern->lhs only after having replaced any '&' in the buffer that will eventually become new_string with pattern->lhs. Fix this by moving the logic of skipping the anchors from get_spatternarg() into common_get_patternarg() so it is done before & is handled. ok millert
2ed04c87 2020-08-28 16:29:16 Implement mktime() function for compatibility with mawk and gawk. This is the only missing time function compared to those two implementations. Doc changes OK jmc@
cd676bba 2020-08-28 03:15:52 Check that the addresses supplied to Match Address and Match LocalAddress are valid when parsing in config-test mode. This will catch address/mask mismatches before they cause problems at runtime. Found by Daniel Stocker, ok djm@
bad5e71c 2020-08-27 15:54:38 Remove a lie reported by Jamie Landeg-Jones <jamie at catflap dot org>: The times when -T man may have expanded .so requests are long gone, nor would such a feature be useful. Use soelim(1) if you need that.
e01d8257 2020-08-27 15:20:31 unveil(_PATH_DEV, "r") when -T or -u is used: who(1) is using stat(2) for determining the status of the tty ok deraadt@
0d0f340d 2020-08-27 14:59:42 Fix a regression caused by the insertion of two new tokens, which unintentionally made the -O tag= argument mandatory, breaking commands like "man -akO tag Ic=ulimit". Noticed while answering questions from Ian Ropers.
2909699b 2020-08-27 14:28:08 Make it more explicit that the statement "-O tag does not work with less(1)" only applies to -T html output mode, and why. Of course, -O tag works just fine with less(1) in the -T ascii and -T utf8 output modes. Potential for confusion pointed out by Ian Ropers.
fbe6102b 2020-08-27 12:58:00 Avoid artifacts in the most common case of closing conditional blocks when no arguments follow the closing brace, \}. For example, the line "'br\}" contained in the pod2man(1) preamble would throw a bogus "escaped character not allowed in a name" error. This issue was originally reported by Chris Bennett on ports@, and afresh1@ noticed it came from the pod2man(1) preamble.
fb0dc9ff 2020-08-27 12:34:00 sentence fix; from pedro martelletto
cb9b4a5c 2020-08-27 09:46:04 debug()-print a little info about FIDO-specific key fields via "ssh-keygen -vyf /path/key"
8c966c57 2020-08-27 09:43:28 skip a bit more FIDO token selection logic when only a single token is attached. with Pedro Martelletto
07d23686 2020-08-27 06:55:54 Add pane_last format, GitHub issue 2353.
096c972c 2020-08-27 06:15:22 tweak previous;
e4ab4c29 2020-08-27 02:11:09 remove unreachable code I forgot to delete in r1.334
7365ccde 2020-08-27 01:08:45 Request PIN ahead of time for certain FIDO actions When we know that a particular action will require a PIN, such as downloading resident keys or generating a verify-required key, request the PIN before attempting it. joint work with Pedro Martelletto; ok markus@
15a2cdb6 2020-08-27 01:08:19 preserve verify-required for resident FIDO keys When downloading a resident, verify-required key from a FIDO token, preserve the verify-required in the private key that is written to disk. Previously we weren't doing that because of lack of support in the middleware API. from Pedro Martelletto; ok markus@ and myself
01bb7af0 2020-08-27 01:07:51 major rework of FIDO token selection logic When PINs are in use and multiple FIDO tokens are attached to a host, we cannot just blast requests at all attached tokens with the PIN specified as this will cause the per-token PIN failure counter to increment. If this retry counter hits the token's limit (usually 3 attempts), then the token will lock itself and render all (web and SSH) of its keys invalid. We don't want this. So this reworks the key selection logic for the specific case of multiple keys being attached. When multiple keys are attached and the operation requires a PIN, then the user must touch the key that they wish to use first in order to identify it. This may require multiple touches, but only if there are multiple keys attached AND (usually) the operation requires a PIN. The usual case of a single key attached should be unaffected. Work by Pedro Martelletto; ok myself and markus@
869858c2 2020-08-27 01:07:09 support for requiring user verified FIDO keys in sshd This adds a "verify-required" authorized_keys flag and a corresponding sshd_config option that tells sshd to require that FIDO keys verify the user identity before completing the signing/authentication attempt. Whether or not user verification was performed is already baked into the signature made on the FIDO token, so this is just plumbing that flag through and adding ways to require it. feedback and ok markus@
1f63d3c4 2020-08-27 01:06:18 support for user-verified FIDO keys FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token. This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication. feedback markus@ and Pedro Martelletto; ok markus@
d31303eb 2020-08-26 16:21:28 Add "t" to toggle the display of routing tables Swap the WAIT column with RTABLE (and vice versa); WAIT is wide enough to fit RTABLE, somewhat adds additional value to STATE and seems therefore most appropiate to hide in favour of RTABLE. Filtering rtables with "T" does not toggle the column, just like filtering users with "u" does not toggle between user and thread id. Feedback jmc OK remi
43dc5f42 2020-08-25 11:35:32 Allow colour to be spelt as color, from Boris Verkhovsky. GitHub issue 2317.
754b6bea 2020-08-25 07:27:34 Rename rtable filter variables and simplify buffer handling No functional change, the rename is for consistency and the buffer handling reduces churn in an upcoming diff.
aac46131 2020-08-24 05:23:30 Old Terminal.app versions do not respond correctly to secondary DA, instead responding with the primary DA response. Ignore it. Reported by Dave Vandervies.
493d2591 2020-08-24 05:22:28 Do not run off end of string when stripping delays, reported by Dave Vandervies.
f6c67779 2020-08-23 21:11:55 Filter by routing table "-T-0" for processes outside the default routing table, "-T3" for those in a specific one; same semantics as with other filters. Manual wording and command line flag taken from pgrep(1) being the only way to identify processes by routing table; After netstat(1)'s recent addition of "-R", filtering in top makes for handy tooling around rtable(4). "looks good to me" millert OK remi
03397e00 2020-08-22 18:34:29 Support looking up unix domain sockets by file name. The best that we can do is string comparison of the file name. Previously, "fstat /var/run/foo.sock" would return no results. The -f option still won't work for sockets since they are not file system objects. OK kn@
4b565362 2020-08-21 22:13:15 Print unp_path for unix domain sockets. OK kn@ mvs@