| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2019-12-15 | do not attempt to find an absolute path for sshd_config | Damien Miller | |
| SecurityKeyProvider=internal - unbreaks cfgparse regress test | |||
| 2019-12-15 | Clear r_list if the interface is passive. Additionaly move the check | remi | |
| for passive interface a bit further up so that the function can return earlier. Memory leak observed and reported by Jason Tubnor. OK benno@ | |||
| 2019-12-15 | allow ssh-keyscan to find security key hostkeys | Damien Miller | |
| 2019-12-15 | adapt to ssh-sk-client change | Damien Miller | |
| 2019-12-15 | allow security keys to act as host keys as well as user keys. | Damien Miller | |
| Previously we didn't do this because we didn't want to expose the attack surface presented by USB and FIDO protocol handling, but now that this is insulated behind ssh-sk-helper there is less risk. ok markus@ | |||
| 2019-12-15 | Make this fit in 80 cols. | Florian Obser | |
| 2019-12-15 | semarie diagnosed a what appeared to be a 'large backwards memcpy' of an | Theo de Raadt | |
| ipv6 address, but was actually oversize (a large union). correct access to the right subfield. ok florian semarie | |||
| 2019-12-15 | Explicitly print root user in status OWNER column | kn | |
| With "owner root:wheel" (any group) the status output prints ":wheel" only, presumably to emphasize that only group membership matters. Always print whatever is configured to be explicit and less confusing. OK jasper | |||
| 2019-12-15 | Allow more outgoing ports, the default 16 is pretty tight for the | Otto Moerbeek | |
| recursor. Also change strategy to not fetch addresses of nameservers pro-actively, it does not help a lot in typical unwind setups and consumes resources we would like to spend on actual resolving user queries. ok florian@ | |||
| 2019-12-15 | Add a missing unlock. | Visa Hankala | |
| Spotted by Hrvoje Popovski using witness(4) OK dlg@ | |||
| 2019-12-14 | Be less aggressive pre-allocating memory; ok florian@ | Otto Moerbeek | |
| 2019-12-14 | whitespace from go fmt + update a comment | Theo Buehler | |
| 2019-12-14 | rkpcie: Add support for gen2 negotiation | Kurt Miller | |
| * Enable gen2 link training when the dtb is configured with max-link-speed = <2>; * Workaround a rockchip bug where Target Link Speed is not set when PCIE_CLIENT_PCIE_GEN_SEL_2 is configured * Wait for LTSSM L0 state after initial link training to ensure gen2 link training does not start too early okay kettenis@ | |||
| 2019-12-14 | Simplify resolve_done. | Florian Obser | |
| - check if this is an answer to a still running query up front, if not there is nothing more to do - get rid of the retry case, we can now just inline it - reduce indent by always calculating elapsed time for DOUBT_NXDOMAIN_SEC Triggered by, input and OK otto | |||
| 2019-12-14 | failing fsync() with EINVAL should not cause a TempFail in mboxfile, | Gilles Chehade | |
| it means the file was most likely a device not supporting fsync() so we can't do much and retrying isn't going to help. | |||
| 2019-12-14 | introduce a bypass keyword so that builtin filters can bypass processing of | Gilles Chehade | |
| a phase when a condition is met suggested by several people including jung@, ok jung@ | |||
| 2019-12-14 | Strip out the optional login style before looking up user in passwd. | Todd C. Miller | |
| Reported by Dennis Lindroos. OK tb@ | |||
| 2019-12-14 | Return BI_SILENT not BI_AUTH if the challenge service is requested. | Todd C. Miller | |
| This bug was introduced in the login_passwd rewrite back in 2001. From Tom Longshine. | |||
| 2019-12-14 | Add sizes for free() in eso(4). | Frederic Cambus | |
| OK tedu@ | |||
| 2019-12-14 | Add sizes for free() in eap(4). | Frederic Cambus | |
| OK tedu@ | |||
| 2019-12-14 | Add sizes for free() in auixp(4). | Frederic Cambus | |
| OK tedu@ | |||
| 2019-12-14 | Add sizes for free() in auglx(4). | Frederic Cambus | |
| OK tedu@ | |||
| 2019-12-14 | Add sizes for free() in auacer(4). | Frederic Cambus | |
| OK tedu@ | |||
| 2019-12-14 | No use to create resolvers we know are going to be dead; ok florian@ | Otto Moerbeek | |
| 2019-12-14 | Revert previous. When we get an ACPI notification we already have the | Patrick Wildt | |
| ACPI lock and when we call our own ws_[gs]et_param functions we cannot take the lock again, because it's non-recursive. Thus we need to find another way, like not taking the lock if we already have it. But the solutions need to be discussed first, so back it out in the meantime. | |||
| 2019-12-14 | Fix comment: vmctl command options come before arguments | kn | |
| 2019-12-14 | Run Wycheproof HMAC test vectors against libcrypto. | Theo Buehler | |
| 2019-12-14 | Fix documented signatures of HMAC(3) and HMAC_Update(3). The n and len | Theo Buehler | |
| arguments were changed from int to size_t with the import of OpenSSL 0.9.8h in 2008. | |||
| 2019-12-14 | sync | Theo de Raadt | |
| 2019-12-14 | usb devices nodes have been excesively permissive. | Theo de Raadt | |
| repair that. | |||
| 2019-12-14 | sync | Theo de Raadt | |
| 2019-12-13 | sync | Theo de Raadt | |
| 2019-12-13 | gpr(4) goes away | Theo de Raadt | |
| 2019-12-13 | noone has gpr(4) devices. | Theo de Raadt | |
| 2019-12-13 | actually commit the ssh-sk-helper client code; ok markus | Damien Miller | |
| 2019-12-13 | fix DKIM example | Gilles Chehade | |
| mistake spotted by jmc@ | |||
| 2019-12-13 | perform security key enrollment via ssh-sk-helper too. This means | Damien Miller | |
| that ssh-keygen no longer needs to link against ssh-sk-helper, and only ssh-sk-helper needs libfido2 and /dev/uhid* access; feedback & ok markus@ | |||
| 2019-12-13 | allow sshbuf_put_stringb(buf, NULL); ok markus@ | Damien Miller | |
| 2019-12-13 | use ssh-sk-helper for all security key signing operations | Damien Miller | |
| This extracts and refactors the client interface for ssh-sk-helper from ssh-agent and generalises it for use by the other programs. This means that most OpenSSH tools no longer need to link against libfido2 or directly interact with /dev/uhid* requested by, feedback and ok markus@ | |||
| 2019-12-13 | occuring -> occurring | Gilles Chehade | |
| spotted by jmc@ | |||
| 2019-12-13 | trim previous; ok gilles | Jason McIntyre | |
| 2019-12-13 | Don't try dead resolvers; ok florian@ | Otto Moerbeek | |
| 2019-12-13 | print type as type and not as rcode | Otto Moerbeek | |
| 2019-12-13 | Revert two files committed by accident | Otto Moerbeek | |
| 2019-12-13 | Avoid leaks by using the _buf versions of sldns_wire2str_* functions. | Otto Moerbeek | |
| Also add some consistentcy checking to detect logic errors. ok @florian | |||
| 2019-12-13 | In rde_dispatch_imsg_session() reorder the case blocks a bit so they | Claudio Jeker | |
| group better together. | |||
| 2019-12-13 | add support for CIDR in a: spf atoms | Gilles Chehade | |
| diff from Quentin Rameau <quinq@fifth.space> | |||
| 2019-12-13 | file no longer exists | Gilles Chehade | |
| 2019-12-13 | lka_proc.c had common code to fork a proc filter for lka_filter.c and | Gilles Chehade | |
| lka_report.c, but now that lka_filter.c encompasses all the filter API, we might as well merge lka_proc.c and its handful of functions in it. | |||
| 2019-12-13 | Make acpivout(4) call ws_[gs]et_param instead of directly | Patrick Wildt | |
| calling the ACPI methods. On some machines, like my X395, those ACPI methods don't allow changing the brightness, so this allows acpivout(4) to e.g. use amdgpu(4)'s code. ok kettenis@ | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |