| Age | Commit message (Collapse) | Author |
|---|
|
of .Do/.Dc, .Dq, .Lb, and .St untouched.
Reduces groff-mandoc differences in base by about 7%.
Reminded of the issue by naddy@.
|
|
Instead of just using .br, DocBook sometimes fiddles with the
utterly unportable internal register \n[an-break-flag] that is
only available in the GNU implementation of man(7) and then arms
an input line trap to call the equally unportable internal macro
.an-trap that, in the GNU implementation, inspects that variable;
all the world is GNU, isn't it?
Since naddy@ reports that quite a few ports manuals suffer from
this insanity, let's just translate it to the intended .br.
Et ceterum censeo DocBookem esse delendam.
|
|
For .it, ignore scaling units in roff_getnum().
Inside parentheses, skip whitespace after a sign in roff_getnum().
Parse and ignore unary plus in roff_getnum().
As a bonus, get rid of the only call to mandoc_strntoi() in roff.c.
|
|
ok schwarze@
|
|
|
|
|
|
from Kamil Rytarowski. ok bcallah
|
|
Pointed out by Pontus Lundkvist
|
|
revision 1.441
date: 2015/01/31 20:30:05; author: djm; state: Exp; lines: +17 -10; commitid
: x8klYPZMJSrVlt3O;
Let sshd load public host keys even when private keys are missing.
Allows sshd to advertise additional keys for future key rotation.
Also log fingerprint of hostkeys loaded; ok markus@
hostkey updates now require access to the private key, so we can't
load public keys only. The improved log messages (fingerprints of keys
loaded) are kept.
|
|
The client will not ask the server to prove ownership of the private
halves of any hitherto-unseen hostkeys it offers to the client.
Allow UpdateHostKeys option to take an 'ask' argument to let the
user manually review keys offered.
ok markus@
|
|
Deal with IP addresses (i.e. CheckHostIP)
Don't clobber known_hosts when nothing changed
ok markus@ as part of larger commit
|
|
Remove unneeded ssl.h includes. Also built-checked against openssl-1.0.1e.
ok otto@
|
|
improved diagnostics, minus six lines of code
|
|
rid of ``lignment 4 of symbol `crypto_sign_ed25519_ref_ge25519_base' in
mod_ge25519.o is smaller than 16 in mod_ed25519.o'' warnings at link time.
|
|
|
|
ok schwarze
|
|
is never NULL, but this is an accident.
|
|
|
|
there are events already available (for immediate processing)
|
|
avoid other signed integer being accidently promoted to unsigned
in future code.
|
|
Aq is not the same as <> in non-ASCII situations, so this caused
incorrect output in some places. And it provided no semantics besides.
ok schwarze@
|
|
ok sthen@
|
|
|
|
|
|
OK sthen@
|
|
was only called if -S was used. Fixes TLSv1.0/1.1. Problem reported by nigel@,
ok jsing
|
|
|
|
ok markus@
|
|
help/ok claudio
|
|
to random memory so when the sysctl-estimate is too small, the realloc() fails.
Problem reported by Ze Loff, ok claudio
|
|
with newly opened .Bl -column lists;
fixing an assertion failure jsg@ found with afl:
test case #481, Bl It Bl -column It Bd El text text El
|
|
it, make_pending(), which was the most difficult function of the
whole mdoc(7) parser. After almost five years of maintaining this
hellhole, i just noticed the pointer isn't needed after all.
Blocks are always rewound in the reverse order they were opened;
that even holds for broken blocks. Consequently, it is sufficient
to just mark broken blogs with the flag MDOC_BROKEN and breaking
blocks with the flag MDOC_ENDED. When rewinding, instead of iterating
the pending pointers, just iterate from each broken block to its
parents, rewinding all that are MDOC_ENDED and stopping after
processing the first ancestor that it not MDOC_BROKEN. For ENDBODY
markers, use the mdoc_node.body pointer in place of the former
mdoc_node.pending.
This also fixes an assertion failure found by jsg@ with afl,
test case #467 (Bo Bl It Bd Bc It), where (surprise surprise)
the pending pointer got corrupted.
Improved functionality, minus one function, minus one struct field,
minus 50 lines of code.
|
|
happen to cfg_cmd_q (possibly others) when source-file recurses into
cmdq_continue. Fixes bug reported by Ismail Donmez and Theo Buehler.
|
|
mode don't echo ^M locally
analysis and patch from Stanislav Brabec (sbrabec (at) suse.cz)
|
|
the correct return value. Prefer memcmp() anyway for portability.
ok jsing@ tedu@
|
|
that includes all currently supported protocols (TLSv1.0, TLSv1.1 and
TLSv1.2). Change all users of libtls to use TLS_PROTOCOLS_ALL so that they
maintain existing behaviour.
Discussed with tedu@ and reyk@.
|
|
ok jsing@
|
|
kvm_getfiles. This allows to run netstat without any extra privileges
and removes another setgid program from base..
There is still kvm reader code in there which is used for debugging
purposes (crashdump). netstat should still behave mostly the same.
deraadt@ and sthen@ agree that it is time to get this puppy in.
|
|
found by jsg@ with afl, test case #16
|
|
eventually leading to NULL pointer access;
found by jsg@ with afl, text case #455.
|
|
If you didn't enable deprecated code, there were missing err.h and
bn.h includes. This commit allows building with or without deprecated
code.
This was not derived from an OpenSSL commit. However, they recently
enabled OPENSSL_NO_DEPRECATED in git and fixed these header problems
in a different way.
Verified with clang that this only changes line numbers in the generated
asm.
ok miod@
|
|
generated after the socket to the peer has suffered a TCP reset. In
these cases, getpeername() won't work so cache the address earlier.
spotted in the wild via deraadt@ and tedu@
|
|
That could happen when their first argument was another called macro,
causing a NULL pointer access in .St validation found by jsg@ with afl.
Make in_line_argn() easier to understand by using one state
variable rather than two.
|
|
This is effectively a reimplementation of the functionality provided by
the previously removed c_rehash Perl script. The c_rehash script had a
number of known issues, including the fact that it needs to run openssl(1)
multiple times and that it starts by removing all symlinks before
putting them back, creating atomicity issues/race conditions, even when
nothing has changed.
certhash is self-contained and is intended to be stable - no changes
should be made unless something has actually changed. This means it can
be run regularly in a production environment without causing certificate
lookup failures.
Further testing and improvements will happen in tree.
Discussed with tedu@
|
|
|
|
is followed by the end of the input line instead of a font specifier.
Found by jsg@ with afl, test case #591.
While here, improve functionality as well:
* There is no "r" font modifier.
* Font specifiers (as opposed to font modifiers) are case sensitive.
* One-character font specifiers require trailing whitespace.
* Ignore parenthised and two-letter font specifiers.
|
|
from Svyatoslav Mishyn <juef at openmailboxd dot org>, Crux Linux
|
|
Feedback provided by jmc@ some time ago helped me to get this much
more concise than my initial attempt.
"i'm fine with it going in" jmc@
|
|
ok djm
|
|
ok markus@
|
