IABSD.fr/src/usr.bin

Branch :


Log

Author Commit Date CI Message
067867af 2020-09-01 10:51:41 update currency exchange rates;
9f04068a 2020-09-01 09:19:01 Add -F to set-environment and source-file; GitHub issue 2359.
33491e32 2020-09-01 08:50:14 Only print below number when there is enough space.
cf629db8 2020-09-01 08:48:26 Allow a-z keys for display-panes to jump to higher numbered panes.
a907aba0 2020-08-31 16:08:28 crank to 6.8-beta
8b827e99 2020-08-31 04:33:17 refuse to add verify-required (PINful) FIDO keys to ssh-agent until the agent supports them properly
0cb81611 2020-08-31 00:17:41 Add RCS IDs to the few files that are missing them; from Pedro Martelletto
e33a93b3 2020-08-30 12:16:04 Fix :S with anchors and replacement gnezdo noticed that :S/old_string/new_string/ variable modifiers such as :S/^sth/&/ and :S/sth$/&/ with an anchor in the old_string and an & in the new_string don't work as documented (and expected) since they replace & with old_string including the anchors. This is because get_spatternarg() deals with skipping the anchors in pattern->lhs only after having replaced any '&' in the buffer that will eventually become new_string with pattern->lhs. Fix this by moving the logic of skipping the anchors from get_spatternarg() into common_get_patternarg() so it is done before & is handled. ok millert
2ed04c87 2020-08-28 16:29:16 Implement mktime() function for compatibility with mawk and gawk. This is the only missing time function compared to those two implementations. Doc changes OK jmc@
cd676bba 2020-08-28 03:15:52 Check that the addresses supplied to Match Address and Match LocalAddress are valid when parsing in config-test mode. This will catch address/mask mismatches before they cause problems at runtime. Found by Daniel Stocker, ok djm@
bad5e71c 2020-08-27 15:54:38 Remove a lie reported by Jamie Landeg-Jones <jamie at catflap dot org>: The times when -T man may have expanded .so requests are long gone, nor would such a feature be useful. Use soelim(1) if you need that.
e01d8257 2020-08-27 15:20:31 unveil(_PATH_DEV, "r") when -T or -u is used: who(1) is using stat(2) for determining the status of the tty ok deraadt@
0d0f340d 2020-08-27 14:59:42 Fix a regression caused by the insertion of two new tokens, which unintentionally made the -O tag= argument mandatory, breaking commands like "man -akO tag Ic=ulimit". Noticed while answering questions from Ian Ropers.
2909699b 2020-08-27 14:28:08 Make it more explicit that the statement "-O tag does not work with less(1)" only applies to -T html output mode, and why. Of course, -O tag works just fine with less(1) in the -T ascii and -T utf8 output modes. Potential for confusion pointed out by Ian Ropers.
fbe6102b 2020-08-27 12:58:00 Avoid artifacts in the most common case of closing conditional blocks when no arguments follow the closing brace, \}. For example, the line "'br\}" contained in the pod2man(1) preamble would throw a bogus "escaped character not allowed in a name" error. This issue was originally reported by Chris Bennett on ports@, and afresh1@ noticed it came from the pod2man(1) preamble.
fb0dc9ff 2020-08-27 12:34:00 sentence fix; from pedro martelletto
cb9b4a5c 2020-08-27 09:46:04 debug()-print a little info about FIDO-specific key fields via "ssh-keygen -vyf /path/key"
8c966c57 2020-08-27 09:43:28 skip a bit more FIDO token selection logic when only a single token is attached. with Pedro Martelletto
07d23686 2020-08-27 06:55:54 Add pane_last format, GitHub issue 2353.
096c972c 2020-08-27 06:15:22 tweak previous;
e4ab4c29 2020-08-27 02:11:09 remove unreachable code I forgot to delete in r1.334
7365ccde 2020-08-27 01:08:45 Request PIN ahead of time for certain FIDO actions When we know that a particular action will require a PIN, such as downloading resident keys or generating a verify-required key, request the PIN before attempting it. joint work with Pedro Martelletto; ok markus@
15a2cdb6 2020-08-27 01:08:19 preserve verify-required for resident FIDO keys When downloading a resident, verify-required key from a FIDO token, preserve the verify-required in the private key that is written to disk. Previously we weren't doing that because of lack of support in the middleware API. from Pedro Martelletto; ok markus@ and myself
01bb7af0 2020-08-27 01:07:51 major rework of FIDO token selection logic When PINs are in use and multiple FIDO tokens are attached to a host, we cannot just blast requests at all attached tokens with the PIN specified as this will cause the per-token PIN failure counter to increment. If this retry counter hits the token's limit (usually 3 attempts), then the token will lock itself and render all (web and SSH) of its keys invalid. We don't want this. So this reworks the key selection logic for the specific case of multiple keys being attached. When multiple keys are attached and the operation requires a PIN, then the user must touch the key that they wish to use first in order to identify it. This may require multiple touches, but only if there are multiple keys attached AND (usually) the operation requires a PIN. The usual case of a single key attached should be unaffected. Work by Pedro Martelletto; ok myself and markus@
869858c2 2020-08-27 01:07:09 support for requiring user verified FIDO keys in sshd This adds a "verify-required" authorized_keys flag and a corresponding sshd_config option that tells sshd to require that FIDO keys verify the user identity before completing the signing/authentication attempt. Whether or not user verification was performed is already baked into the signature made on the FIDO token, so this is just plumbing that flag through and adding ways to require it. feedback and ok markus@
1f63d3c4 2020-08-27 01:06:18 support for user-verified FIDO keys FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token. This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication. feedback markus@ and Pedro Martelletto; ok markus@
d31303eb 2020-08-26 16:21:28 Add "t" to toggle the display of routing tables Swap the WAIT column with RTABLE (and vice versa); WAIT is wide enough to fit RTABLE, somewhat adds additional value to STATE and seems therefore most appropiate to hide in favour of RTABLE. Filtering rtables with "T" does not toggle the column, just like filtering users with "u" does not toggle between user and thread id. Feedback jmc OK remi
43dc5f42 2020-08-25 11:35:32 Allow colour to be spelt as color, from Boris Verkhovsky. GitHub issue 2317.
754b6bea 2020-08-25 07:27:34 Rename rtable filter variables and simplify buffer handling No functional change, the rename is for consistency and the buffer handling reduces churn in an upcoming diff.
aac46131 2020-08-24 05:23:30 Old Terminal.app versions do not respond correctly to secondary DA, instead responding with the primary DA response. Ignore it. Reported by Dave Vandervies.
493d2591 2020-08-24 05:22:28 Do not run off end of string when stripping delays, reported by Dave Vandervies.
f6c67779 2020-08-23 21:11:55 Filter by routing table "-T-0" for processes outside the default routing table, "-T3" for those in a specific one; same semantics as with other filters. Manual wording and command line flag taken from pgrep(1) being the only way to identify processes by routing table; After netstat(1)'s recent addition of "-R", filtering in top makes for handy tooling around rtable(4). "looks good to me" millert OK remi
03397e00 2020-08-22 18:34:29 Support looking up unix domain sockets by file name. The best that we can do is string comparison of the file name. Previously, "fstat /var/run/foo.sock" would return no results. The -f option still won't work for sockets since they are not file system objects. OK kn@
4b565362 2020-08-21 22:13:15 Print unp_path for unix domain sockets. OK kn@ mvs@
8d34ed16 2020-08-20 16:57:40 Add n: modifier to get length of a format, also automatically expand variable name arguments again if they contain a #{.
55a1066f 2020-08-19 11:10:42 Handle EADDRNOAVAIL from connect(2) gracefully The server's DNS name may yield multiple addresses of different address families; in case the local client has no suitable address, i.e. connect(2) fails with EADDRNOTAVAIL, do not fail hard but try the next address instead. Report (IPv6 only client with dualstack server) and diff from Sasha Romijn. OK job
6434f49b 2020-08-19 07:15:42 Set alert flag for the current window if the session is unattached. GitHub issues 1182 and 2299. From Eric Garver.
7a3e72b5 2020-08-19 06:37:23 Respond to colour requests if a colour is available, from Michal Goral.
5fcfc6ff 2020-08-17 18:41:23 -F requires at least 5 columns for folding, while a tab at start of line is 8 columns. This causes an infinite loop in the folding logic. Fix this by implementing an escape hatch so that only a single fold can occur. This does mean that a tab with a -F smaller or equal to 8 will always print the newline escape backslash in the 8th column. Bug reported by phillbush <at> cock <dot> li Minor tweak and OK deraadt@
a8dc0ba1 2020-08-17 18:12:12 honor /etc/nologin by unveiled it ok deraadt@
b1b24323 2020-08-14 17:44:53 '!' does not need to be escaped; confirmed by naddy and deraadt
a09091e5 2020-08-13 12:37:16 new kstat(1) manual page, using info from dlg@, from his commit messages, and from partial code inspection; OK dlg@
dcf22d41 2020-08-12 01:23:45 ssh-keyscan(1): simplify conloop() with timercmp(3), timersub(3); ok djm@
60613915 2020-08-11 16:57:05 Update awk to August 7, 2020 version.
210ec77e 2020-08-11 09:49:57 let ssh_config(5)'s AddKeysToAgent keyword accept a time limit for keys in addition to its current flag options. Time-limited keys will automatically be removed from ssh-agent after their expiry time has passed; ok markus@
272d1ebd 2020-08-11 09:45:54 let the "Confirm user presence for key ..." ssh-askpass notification respect $SSH_ASKPASS_REQUIRE; ok markus@
6b04bb45 2020-08-11 01:07:47 add -w so kstat can update and print stats at a specified wait interval.
81e355e4 2020-08-10 06:51:40 sigh, i made the previous diff to small. main needs to understand the kstat_tree type now, so move the declaration up.
62fc0d78 2020-08-10 06:39:52 factor out the printing of kstats. no functional change otherwise.
59ead937 2020-08-10 01:13:28 add the ability to filter which kstats are displayed. kstats are identified by a "provider:instance:name:unit" tuple, where provider and name are strings, and instance and unit are integers. you can pass tuples as arguments to kstat to select them for display, eg, to see the rxq and txq stats for the first rings on an em0 interface, you can run `kstat em0:0:rxq:0 em0:0:txq:0`. this can be pretty tedious if you want to select a group of stats quickly though, so there's some wildcard and pattern matching support. firstly, empty fields in the tuple are wildcarded, eg, if you want to see all the stats that an mcx0 interface provides then run `kstat mcx0:::`. secondly, strings in a tuple (ie, the provider and name fields) are compared using fnmatch(3) so you can use shell like patterns to match fields. to expand the last example to all mcx interfaces, you can run `kstat mcx*:::`. lastly, you can pass a bare name to match on all kstats with that name. eg, to see the txq stats for all interfaces, just run `kstat txq`.
e451a623 2020-08-09 16:38:24 Convert openssl req option handling. With input from inoguchi@ ok beck@ inoguchi@
97da2ad2 2020-08-08 14:01:31 Reorder SNMPv2-MIB to match order with original document. Some minor touchups while here.
2e6355c0 2020-08-08 13:13:19 Reorganize SNMPv2-MIB so that all it's elements are together and in order of the original definition, for better comparability. While here rename snmpProxies to snmpProxys, since that's what it's called. Also add the zeroDotZero object.
6972fbe4 2020-08-08 13:02:54 Clean up smi_mibtree. It checks on o_oid[0] for 0, which prevents us from adding the ccitt oid and its zeroDotZero subsidiary. Change this to check for o_name, which is always set, because mibtree is filled by MIBDECL().
e48b1d2e 2020-08-08 08:57:29 Implement SNMP-USM-AES-MIB and SNMP-USM-HMAC-SHA2-MIB
16c279e6 2020-08-08 08:37:57 Polish up SNMP-USER-BASED-SM-MIB and SNMP-FRAMEWORK-MIB. This changes a couple of object names, but this makes them comply with the actual MIB definition.
27b4df32 2020-08-08 07:18:08 Somewhere during working on UTF-8 support I thought it was a good idea to use sysContact as a testcase, because it's readily available in snmpd, but forgetting it's actual textual convention as time went by, which is DisplayString (which is ASCII). Add support for the DisplayString textual convention, which is similar to having no textual convention, except that invalid bytes (value 128 and up) are printed as UTF-8 replacement characters, or question mark, depending on LC_CTYPE. Feedback and OK schwarze@
f35e0348 2020-08-08 07:11:47 Document UTF-8 support in snmp. Lots of feedback and OK schwarze@
14b12344 2020-08-07 07:02:57 Do not force line width to grid width because it may need to be larger to accomodate a wide character. GitHub issue 2336.
1e0c6b38 2020-08-06 17:23:29 Wow, the indentation is totally messed up, to the point where compilers complain (actually useful this time) ok millert
bbbc8bd0 2020-08-05 09:11:09 Change searching to behave more like emacs and so that regex searching doesn't overlap when searching forwards.
eb5d7a07 2020-08-04 08:50:01 Also ignore SIGQUIT so it can't be used to kill the client when locked.
1248928a 2020-08-03 14:45:54 Add support for UTF-8 DISPLAY-HINTs with octet length. For now only sysContact is supported with SnmpAdminString, but more shall follow soon(tm). Note that this will change output even in the C locale: Previously every unprintable byte would be tranformed to a '.', with this diff a valid UTF-8 multibyte or unprintable character will be squished into a single dot to give a better understanding of the intention of the original message. Invalid bytes will now be printed as question marks. Lot's of help and back and forth with schwarze@ who also kindly offered to walk away when I mentioned looking through MIB files for more objects to convert to this new code, which is understandable. OK schwarze@
fd9d9245 2020-08-03 10:52:38 Put the code handling \} into a new function roff_cond_checkend() and call that function not only from both places where copies existed - when processing text lines and when processing request/macro lines in conditional block scope - but also when closing a macro definition request, such that this construction works: .if n \{.de macroname macro content .. \} ignored arguments .macroname This fixes a bug reported by John Gardner <gardnerjohng at gmail dot com>. While here, avoid a confusing decrement of the line scope counter in roffnode_cleanscope() for conditional blocks that do not have line scope in the first place (no functional change for this part). Also improve validation of an internal invariant in roff_cblock() and polish some comments.
b7ec8c74 2020-08-03 02:53:51 ensure that certificate extensions are lexically sorted. Previously if the user specified a custom extension then the everything would be in order except the custom ones. bz3198 ok dtucker markus
dba54a79 2020-08-03 02:43:41 allow -A to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it. ok jmc dtucker markus
6c0867c1 2020-08-03 02:42:49 clang -Wimplicit-fallthrough does not recognise /* FALLTHROUGH */ comments, which is the style we currently use, and gives too many boring warnings. ok djm
e85eb45e 2020-08-03 01:08:37 Split some code that gives clang10 heartburn ok millert
f2fa7a92 2020-08-02 20:14:10 missing {} identified by clang10 ok martijn
1710b8e4 2020-08-01 06:19:59 update currency exchange rates;
b767a9ad 2020-07-31 04:19:37 Also compare username when checking for JumpHost loops. bz#3057, ok djm@
149ad3e3 2020-07-30 17:46:54 Don't print extra newlines on error before awk starts parsing. If awk prints an error message while when compile_time is still set to ERROR_PRINTING, don't try to print the context since there is none. This can happen due to a problem with, e.g., unknown command line options.
5df2889f 2020-07-30 17:45:44 Update awk to July 30, 2020 version.
0a287e03 2020-07-30 17:11:10 Improved handling of an unescaped '/' in a bracket expression.
140dce51 2020-07-30 07:32:52 Trim newline from ctime, from Thomas Adam.
4da86b84 2020-07-27 13:46:48 Wrap long lines s_server.c
72a107cf 2020-07-27 13:06:13 Add function prototype and move sub functions to bottom
f94a2c25 2020-07-27 12:29:51 Remove space between '*' and pointer variable in s_server.c
0e15fe22 2020-07-27 12:19:51 Remove 's_' prefix from member of s_server_config struct
5a233072 2020-07-27 12:09:14 Convert openssl(1) s_server option handling ok and comments from jsing@
247fdabf 2020-07-27 08:03:10 Add a -d option to display-message to set delay, from theonekeyg at gmail dot com in GitHub issue 2322.
b1ef1ce0 2020-07-26 21:59:16 Add / as alias for g (grep) Simpliy mdoc(7) markup for "n|# count" while here. Positive manual feedback jmc No objections millert
073a2214 2020-07-24 07:05:37 Add a hook when the pane title changed.
ef301d81 2020-07-24 01:57:06 Regular expression support in RS is an extension.
483368fb 2020-07-23 20:19:27 Change line counter from int to unsigned long long to reduce overflow. In case unsigned long long is miraculously still too small add an additional overflow detection so we stop counting and add a marker to couter output. Input on earlier diff guenther@ OK millert
2c40dbd1 2020-07-23 20:13:01 getline(3) does it's own memory allocation. No need to use an intermediate buffer and copy it over to the final destination. Tweaks and OK millert@, schwarze@
5784a26a 2020-07-23 14:17:56 Check all lists if option not found already.
8a6c6275 2020-07-22 13:29:05 Avoid running out of memory with query-replace-regex ^ Choosing ! (replace rest) never advances beyond the current line and keeps inserting the replacement test, and mg eventually runs out of memory. Patch from Mark Willson with minor stylistic tweaks. Looks good to Hiltjo Posthuma who would have preferred making forward replacing on empty lines work. Mark argued that this makes it behave consistently with the current behaviour when searching for ^ and the point at the beginning of a non-empty line in which case the cursor does not move either. Also tested by krw
82bc5afb 2020-07-22 13:22:53 Prevent mg segfault with query-replace-regex replacing ^ Patch from Mark Willson with a minor tweak
85b81c84 2020-07-22 06:21:46 Correct checks for window borders.
90f584c6 2020-07-21 15:08:48 undocumented options -O outfilename and -O tagfilename to support regression testing without a tty; no user visible change intended
6523adaf 2020-07-21 05:24:33 Fix show-buffer when run from inside tmux, GitHub issue 2314.
95944651 2020-07-20 18:57:19 If closefile() is called on std{in,out,err}, freopen() /dev/null instead. Otherwise, awk will continue trying to perform I/O on a closed stdio stream. This appears to be consistent with how gawk behaves. OK tim@
8bde1373 2020-07-20 18:55:15 In closeall(), skip stdin and flush std{err,out} instead of closing. Otherwise awk could fclose(stdin) twice (it may appear more than once) and closing stderr means awk cannot report errors closing other streams. OK tim@
e886970e 2020-07-20 14:52:12 as jmc@ points out, i missed a few instances of .Xr more 1
c9771691 2020-07-20 14:25:22 Switch the default pager from "more -s" to "less". POSIX explicitly allows using a different default pager if that is documented. The pager provided in the OpenBSD base system is less(1). It can merely be called as more(1) for compatibility. Our man(1) implementation uses less(1) features that traditional more(1) did not provide, in particular tagging. Besides, as noted by deraadt@, the user interface of less(1) is slightly more refined and preferable over the user inferface of more(1). This switch was originally suggested by Ian Ropers. As explained by jmc@ and deraadt@, the -s flag was added a very long time ago when an antique version of groff(1) had an annoying bug in terminal output that would randomly display blank lines in the middle of pages. Clearly, -s has no longer been needed for many years, so drop it from the default pager invocation. OK deraadt@ jmc@ martijn@ job@
d3a07ef2 2020-07-19 13:19:25 Delete support for LC_MESSAGES which we shall never implement. This nicely simplifies the code, deleting three header inclusions and calls to various complicated library functions. Dead code reported by Jan Stary <hans at stare dot cz>. Garbage collect pointless (void) casts and a .Tn macro while here. Tweaks and OK martijn@, OK millert@ and kn@ on an earlier version.
c2008cb8 2020-07-19 11:13:35 Don't add server.device knob if there's only one audio device
6a564c82 2020-07-19 11:07:14 Fix initial alternate device number The initial alternate device number was set to 1 (instead of -1), causing device number 1 to be skipped the first time sndiod is used.
6a636119 2020-07-18 21:44:17 oops - the description of -i had a similarly incorrect text as -I concerning use of -f; remove that too; pointed out by guenther