| Age | Commit message (Collapse) | Author |
|---|
|
|
|
What's worse, the tzfile.h that gets installed is over 20 years old
and doesn't match the real tzfile.h in libc/time. This makes the
tree safe for /usr/include/tzfile.h removal. The TM_YEAR_BASE
define has been moved to time.h temporarily until its usage is
replaced by 1900 in the tree. Actual removal of tzfile.h is pending
a ports build. Based on a diff from deraadt@
|
|
"and" and "or" to join sentence clauses, and you can use commas, but both hinders
reading;
|
|
Before/after:
127.0.0.1 - - [25/Feb/2015:09:39:24 +0100] "GET /h%ff%ffh%ff%ff.dat HTTP/1.0" 404 162 "-" "OpenBSD ftp"
127.0.0.1 - - [25/Feb/2015:09:39:27 +0100] "GET /h%c3%a9h%c3%a9.dat HTTP/1.0" 200 0 "-" "OpenBSD ftp"
Additionnally, avoid one case of undefined behaviour with ctype.h.
Input from guenther@, ok millert@
|
|
tls_config_insecure_noverifyname(), so that it is more accurate and keeps
inline with the distinction between DNS hostname and server name.
Requested by tedu@ during s2k15.
|
|
|
|
|
|
was only called if -S was used. Fixes TLSv1.0/1.1. Problem reported by nigel@,
ok jsing
|
|
that includes all currently supported protocols (TLSv1.0, TLSv1.1 and
TLSv1.2). Change all users of libtls to use TLS_PROTOCOLS_ALL so that they
maintain existing behaviour.
Discussed with tedu@ and reyk@.
|
|
the socks support seems to be dead, since there are no other references.
also, redeclaring a standard function? that's a no-no.
custom compiles with gate-ftp servers don't need to be supported either.
ok deraadt
|
|
allows removing sys/param.h include as well.
|
|
i removed/reworded these as in the case of ftp.1 it read badly anyway, and
for fstat.1 it meant i could zap an escape sequence; while here i replaced
some sequences of <space><tab> where a single <tab> was sufficient;
|
|
service, you'll need to stick with openbsd 5.6.
bonus: remove references to ebcdic.
ok deraadt
|
|
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)
|
|
work when using a https proxy because of a missing host header.
Remember the host form the url and write it into the http request.
Fix the format string when using Proxy-Authorization together with
Cookie. Also write the http request to the debugging output to
see what is going on.
input jca@; OK sthen@ mpi@
|
|
non-buffered. They were getting out of order.
from Kaspars Bankovskis, discussion included millert
|
|
troff displays these as typographic quotes, but nroff implementations
almost always print them literally, which rarely has the intended effect
with modern fonts, even in stock xterm.
These uses of `` '' can be replaced either with more semantic alternatives
or with Dq, which prints typographic quotes in a UTF-8 locale (but will
automatically fall back to `` '' in an ASCII locale).
improvements and ok schwarze@
|
|
|
|
|
|
programs.
ok deraadt@ millert@
|
|
Replace malloc() and realloc() calls that may have integer overflow in the
multiplication of the arguments with reallocarray().
ok deraadt@
|
|
ok miod@
|
|
possible :portnumber suffix.
Noticed by ajacoutot@
ok ajacoutot@ deraadt@
|
|
|
|
|
|
|
|
against the target hostname, not the proxy hostname. Issue reported by
dlg@, fix by Alex Wilson on tech@, tweaks by me.
No reply from tech@
|
|
|
|
down paths not previously marked as signal handled unsafe. Try to clean
up a few of them especially regarding errno, mark others as unsafe, and
repair a few by avoiding stdio. Glanced at by misc people in Slovenia,
but considered too risky before release..
|
|
!SMALL and SMALL sections. This makes future changes easier to review
and to compare with the man page's synopsis.
The usage output is the same as before so there is no change from the
user's point of view.
usage() cleanup and !SMALL/SMALL separation suggested by jmc@
ok jmc@
|
|
ok beck@ deraadt@
|
|
correct newlines. Of course, that means removing stdio use from
signal handlers. Can we find someone to rewrite the entire interactive
half of this program?
ok guenther
|
|
ok lteo@
|
|
-U command-line option.
feedback from deraadt@, halex@, and Adam Thompson
ok deraadt@ sthen@, man page changes ok jmc@
|
|
and password info before base64 encoding it for the Authorization header.
Also:
- eliminate the COOKIE_MAX_LEN constant (if they can fit it on the command
line or in their environment, surely we can malloc the base64 version)
- rename the variable with user:pass from "cookie" to "credentials"
- empty password isn't an error
- add a boolean ishttpurl so that we don't have to do strcmps on the schema
that we just set
- when looping across multiple ftp:// urls on the command line, don't
leak the username/password memory
problem noted by Se'bastien Marie (semarie-openbsd (at) latrappe.fr)
|
|
which we don;t have in base. after some discussion with jca, i've not removed
these references, but tried to make it clearer it's distributed with openssl
and not included in base;
|
|
Also, in 'ftp', always put the error message last, after the hostname/ipaddr.
ok jsing@ krw@ millert@
|
|
No functional change. Reported by Mike Small and Maxime Villard.
|
|
commit, to please lteo@
|
|
only once, and reuse the crafted SSL_CTX for further connections.
ok lteo@
|
|
From Fritjof Bornebusch.
|
|
|
|
check the server hostname against the subjectAltName extension field
and/or the CommonName DN portion. ok sthen@
|
|
|
|
ok guenther@ sthen@
|
|
kill the former. ok guenther@ sthen@
|
|
reported by matthieu. ok deraadt
|
|
ok deraadt
|
|
ok tedu@
|
|
|
