summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Delete the redundant tbl span flags, just inspect the actual dataschwarze2015-01-306-19/+11
| | | | | | | | where needed, which is less fragile. This fixes a subtle NULL pointer access to tp->tbl.cols: Due to a bug in the man(7) parser, the first span of a table can end up in a .TP head, in which case tblcalc() was never called. Found by jsg@ with afl.
* remove rndc (from bind) as well, ok deraadtsthen2015-01-301-2/+2
|
* fix a possible NULL-deref when trying to deref ifa->ifa_addrgilles2015-01-301-1/+3
| | | | ok eric@
* Tidy up detach-client a bit.nicm2015-01-301-23/+26
|
* TLS connect error message has changed, adapt tests.bluhm2015-01-304-4/+4
|
* Don't leak incompletely cloned static lease. Should never happenkrw2015-01-301-2/+4
| | | | | | but better safe than sorry. Noted and diff from Benjamin Baier. Thanks!
* Make the TLS connect and accept error messages consistent.bluhm2015-01-302-5/+4
| | | | OK jsing@
* Tweak error message to say 'realloc' since that's what's failing,krw2015-01-301-2/+2
| | | | not 'malloc'.
* Document the syslogd certificate validation options.bluhm2015-01-301-3/+11
| | | | OK jmc@
* Start TLS after the TCP connect has finished. Call the TLS connectbluhm2015-01-301-2/+3
| | | | | | callback when the connected socket is writable. This avoids calling a NULL error callback. OK deraadt@
* Focus off needs to be sent with tty_raw, reported by Geoff Nixon.nicm2015-01-301-2/+2
|
* Add a ssh_config HostbasedKeyType option to control whichdjm2015-01-307-120/+245
| | | | | | | | | host public key types are tried during hostbased authentication. This may be used to prevent too many keys being sent to the server, and blowing past its MaxAuthTries limit. bz#2211 based on patch by Iain Morgan; ok markus@
* Fix the default interactive level to install the "default" dependencies.espie2015-01-303-14/+19
| | | | Actually testing it caused me to write correct (and simpler) code...
* set a timeout to prevent hangs when talking to busted servers;djm2015-01-301-1/+2
| | | | ok markus@
* remove tenex transfer support. if you still have TOPS20 machines intedu2015-01-307-55/+14
| | | | | | service, you'll need to stick with openbsd 5.6. bonus: remove references to ebcdic. ok deraadt
* Abolish struct tbl_head and replace it by an "int col" member inschwarze2015-01-308-89/+40
| | | | struct tbl_cell. No functional change, minus 40 lines of code.
* Auditing the tbl(7) code for more NULL pointer accesses, i came outschwarze2015-01-305-72/+55
| | | | | empty-handed; so this is just KNF and some code simplifications, no functional change.
* avoid more fatal/exit in the packet.c paths that ssh-keyscandjm2015-01-309-114/+204
| | | | uses; feedback and "looks good" markus@
* regression test for 'wildcard CA' serial/key ID revocationsdjm2015-01-301-30/+44
|
* permit KRLs that revoke certificates by serial number or key IDdjm2015-01-303-51/+86
| | | | without scoping to a particular CA; ok markus@
* missing parentheses after if in do_convert_from() brokedjm2015-01-301-3/+3
| | | | | private key conversion from other formats some time in 2010; bz#2345 reported by jjelen AT redhat.com
* Make sure every layout line contains at least one cell;schwarze2015-01-307-14/+124
| | | | fixing a NULL pointer access in term_tbl() that jsg@ found with afl.
* fix ssh protocol 1, spotted by miod@djm2015-01-301-9/+20
|
* correctly handle table layout lines starting with a dotschwarze2015-01-301-2/+2
|
* Rework vis.3 so it has standard sections.doug2015-01-301-38/+41
| | | | | | | | | | Moved the return values from the description to a proper return values section. Broke up the description into function description followed by a subsection for the range and encoding. Replaced srclen with strlen(src) when srclen isn't an argument. Moved the common flag argument to its own paragraph. input schwarze@, input + ok jmc@
* reorg tbl(7) test suiteschwarze2015-01-2938-1123/+16
|
* reorg tbl(7) test suiteschwarze2015-01-2941-0/+1144
|
* remove no-op simple locksderaadt2015-01-293-167/+11
| | | | tested by jsg, ok miod
* back bpf.c down to 1.113, from before most recent timeout changes.tedu2015-01-291-8/+4
| | | | | | nmap is broken, as reported by kent fritz. pending further investigation, we should keep nmap working until a better fix is developed for the original problem.
* Correct buffer overflow in handling of pax extension headers, caughtguenther2015-01-291-36/+81
| | | | | | by the memcpy() overlap check. ok millert@ deraadt@
* At upgrade time delete sendmail,named,nginx,openssl binaries becausederaadt2015-01-291-1/+5
| | | | | they may reside earlier in the path than a pkg. prompted by tedu, with halex
* Fix a regression that removed support for using service names insteadreyk2015-01-291-1/+13
| | | | | | | of ports. It is now possible to use "listen on * port www" again. Found by ajacoutot@ OK ajacoutot@ blambert@
* manual SAs described in ipsec.conf(5) not ipsecctl(8);jmc2015-01-291-3/+3
| | | | from paul gorman
* Use .Rv where appropriate, and move it to RETURN VALUES;schwarze2015-01-2910-84/+47
| | | | | remove .Tn, and a few minor macro adjustments. Patch from Kaspars at Bankovskis dot net.
* Radical cleanup of COMPATIBILITY sections:schwarze2015-01-296-311/+92
| | | | | | | | Remove lots of lies, dozens of irrelevant implementation details, and all references to groff versions older than 1.17. Move relevant information to the pages where it belongs, and out of mandoc(1) in particular. Add some missing general remarks to roff(7), where it fits the character and purpose of the page much better.
* dial the time back to about 0.1s, closer to the original targets andtedu2015-01-281-4/+4
| | | | friendlier for users. requested by deraadt
* Add a test where the TLS handshake fails because of null ciphers.bluhm2015-01-282-1/+43
|
* update to new API (key_fingerprint => sshkey_fingerprint)djm2015-01-2812-68/+81
| | | | | check sshkey_fingerprint return values; ok markus
* - Add PCH2 and PCH LPT to the list of chips capable of only 9K jumbos.brad2015-01-282-5/+13
| | | | | | | | | - Updated PBA values for the 82574 controller (20KB) and ICH9/10 with jumbos (14KB). Tested by a few on 82574, ICH9 and PCH LPT From FreeBSD
* Revert rtdeletemsg conversion. It was not ok'd, I misunderstood bluhm@'smpi2015-01-285-40/+69
| | | | email.
* avoid fatal() calls in packet codedjm2015-01-281-3/+15
| | | | | makes ssh-keyscan more reliable against server failures ok dtucker@ markus@
* When comparing the LSA with the Ack, also check the age field. Thisbluhm2015-01-282-4/+18
| | | | | ensures that a LSA withdrawal is not acked by a previous update. From Florian Riehm; OK claudio@
* avoid fatal() calls in packet codedjm2015-01-287-29/+54
| | | | | makes ssh-keyscan more reliable against server failures ok dtucker@ markus@
* Clean up eqn(7) error handling:schwarze2015-01-288-68/+141
| | | | | | | | * When "define" fails, do not drop the whole equation. * Free memory after "undef". * Use standard mandoc error types instead of rolling our own. * Delete obfuscating EQN_MSG() macro. * Add function prototypes while here.
* revert back to initial vnodes again so we can be sure nfs likes ittedu2015-01-281-2/+2
|
* Test the x509 certificate validation of syslog over TLS.bluhm2015-01-2813-11/+323
|
* If not explicitly disabled, syslogd verifies the x509 certificatebluhm2015-01-281-30/+60
| | | | | | and hostname of the TLS server before sending any messages to it. Per default /etc/ssl/cert.pem is used as CA file. OK deraadt@
* * Polish tbl(7) error reporting.schwarze2015-01-2819-64/+157
| | | | | | * Do not print out macro names in tbl(7) data blocks. * Like with GNU tbl, let empty tables cause a blank line. * Avoid producing empty tables in -Tman.
* Remove ssl_by_mem_ctrl() and x509_mem_lookup to unbreak the build. Itreyk2015-01-281-60/+1
| | | | | | | caused a conflict with a new function in LibreSSL but wasn't even used by ldapd. No functional change. OK deraadt@
* For now, it can't be helped that mandoc tbl(7) ignores high-level macros,schwarze2015-01-288-36/+35
| | | | | | but stop throwing away their arguments. This fixes information loss in a handful of Xenocara manuals, at the price of a small amount of formatting noise creeping through.
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.