Age | Commit message (Collapse) | Author |
|
|
|
enabled via "ssh-keygen -m PKCS8" on operations that save private
keys to disk.
The OpenSSH native key format remains the default, but PKCS8 is a
superior format to PEM if interoperability with non-OpenSSH software
is required, as it may use a less terrible KDF (IIRC PEM uses a single
round of MD5 as a KDF).
adapted from patch by Jakub Jelen via bz3013; ok markus
|
|
operations: sshbuf_cmp() (bcmp-like) and sshbuf_find() (memmem like)
feedback and ok markus@
|
|
inside buffers with bounds checking. Intended to replace manual
pointer arithmetic wherever possible.
feedback and ok markus@
|
|
a heads-up on stderr at the end because otherwise, users may easily
miss the messages: because messages typically occur while parsing,
they typically preceed the output. This is most useful with flag
combinations like "-c -W all" but may also help in some unusual
error scenarios.
Inconvenient ordering of output originally pointed out by espie@
for the example situation that /tmp/ is not writeable.
|
|
This moves them from .data to .data.rel.ro
ok deraadt@ inoguchi@
|
|
sack hole list length or pool limit.
OK claudio@
|
|
It depends on the shell, is done by the shell if at all, is documented
in the ksh(1) manual, and who knows what other shells may or may not do.
Suggested by deraadt@.
|
|
- Add undocumented options below.
-alpn, -cert2, -certform, -dcertform, -dkeyform, -dpass, -dtls1, -key2,
-keyform, -keymatexport, -keymatexportlen, -mtu, -named_curve, -no_cache,
-no_ecdhe, -no_ticket, -pass, -port, -servername, -servername_fatal,
-status, -status_timeout, -status_url, -status_verbose, -timeout,
-tlsextdebug, -use_srtp, -verify_return_error
- Remove -hack, -psk and -psk_hint since not exist in source code.
I didn't add these 5 options since these were no-op.
-chain, -legacy_renegotiation, -nextprotoneg, -no_comp, -no_ssl2
This option was removed from manual in the past.
-no_ssl3
ok and suggestions from jmc@
|
|
Currently, if there are two instances of the same program, sndiod will
allocate one volume control to each. If both programs disconnect and
reconnect, the information of which control is assigned to which
program is lost. This makes difficult to run two instances of a player
and crossfade between each other with a MIDI controller.
To address this, the program chooses a 32-bit "id" (for now the
process pid) and sends it to the server. The server records the id in
the client's slot structure. When the server accepts a new
connection, it uses the id to identify the slot the client used during
the previous connection; if it was not recycled yet, it's assigned to
the program.
|
|
ssh-keyscan to harvest keys from servers that disable olde SHA1
ssh-rsa. bz#3029 from Jakub Jelen
|
|
resumed download but was considered already complete.
bz#2978 ok dtucker
|
|
multiple arguments when evaluated in a startup file or via one of the
'eval' commands.
This diff does treat the '(' and ')' chars differently during
evaluation than previously, in-so-far as they are not ignored if they
are at the end or start of a line now. However, even though these
characters are not ignored, this diff should not change the behaviour
of an extant .mg file, with '(' and ')' chars at the end and start of
a line. This situation is accomodated for in this diff (with limited
testing though).
|
|
the final pledge "stdio" within main() for better readability.
OK espie@
|
|
on an .It -column line, args() sets the MDOC_PHRASEQL flag to Quote
the Last word of the Phrase. Even if it turns out this quoting is not
needed because the word is already quoted for other reasons, clear the
flag at the end of parsing the phrase, such that the flag does not leak
to the next phrase.
This patch fixes the bug that the trailing Macro on a line of the form
.It "word<tab>word" Ta word Macro<eol>
was incorrectly considered quoted and hence not parsed.
Bug found by Havard Eidnes (he@) with the NetBSD gettytab(5) manual page:
https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=54361
Reported via Thomas Klausner (wiz@).
|
|
- Add undocumented options below.
-alpn, -certform, -dtls1, -host, -keyform, -keymatexport, -keymatexportlen,
-legacy_server_connect, -mtu, -no_ign_eof, -no_legacy_server_connect, -pass
-port, -serverpref, -sess_in, -sess_out, -status, -timeout, -use_srtp,
-verify_return_error
- Remove -psk and -psk_identity since not exist in source code.
I didn't add these 4 options since these were no-op.
-nextprotoneg, -legacy_renegotiation, -no_comp, -no_ssl2
This option was removed from manual in the past.
-no_ssl3
ok jmc@
|
|
build to verify there's no fallout, machines are fast now and 1 hour
of your time is worth saving a bunch of others 1+ hour of their time
in this case, paths.h broke this as noticed by jmc and 3 of my build
machines so far, but I might as well restart them all, so call it 8
machines impacted.
|
|
rediscovered that telnet has more more signal race conditions and trashing
of global state than all the rest of the openbsd source tree (where signal
races have either been fixed or marked with "XXX signal race". I don't
feel like being a hero here today, so I'm fixing a whitespace error in an
unrelated file.
|
|
an overflow, he left spaces at the end of the line. we have been incredibly
sloppy and not notice his oversight for 21 years.
bonus Y2K joke included.
|
|
everywhere and not only in the parsers.
For more uniform messages, use it at more places instead of err(3),
in particular in the main program.
While here, integrate a few trivial functions called at exactly one
place into the main option parser, and let a few more functions use
the normal convention of returning 0 for success and -1 for error.
|
|
the one from the first item. Fixes crash reported by M Kelly.
|
|
|
|
Makes the code simpler at virtually no cost since we need 8 entries
only. No behavior change.
|
|
No behavior change.
|
|
|
|
|
|
|
|
at the moment, no-output which turns off forwarding pane output. From
Thomas Adam. GitHub issue 1834.
|
|
ok bcook@ jsing@
|
|
just like <esc><left> moves left to the closest beginning of a word.
ok djm
|
|
(needed for control clients to send mouse sequences). Also add some
format flags for UTF-8 and SGR mouse mode. Requested by Bradley Smith in
GitHub issues 1832 and 1833.
|
|
|
|
|
|
Add missing -camellia*/-idea description to genrsa section.
ok jmc@
|
|
ok tb@ jsing@
|
|
parse on a single authorized_keys line; ok deraadt@
|
|
|
|
- dsa : add missing -pvk-none, -pvk-strong and -pvk-weak
add pvk format to -inform and -outform
- ocsp : add missing -header, -ignore_err, -no_explicit and -timeout
- rsa : add missing -pvk-none, -pvk-strong and -pvk-weak
add missing -RSAPublicKey_in and -RSAPublicKey_out
add pvk format to -inform and -outform
- smime : add missing -nosmimecap
- add pvk description at common format part
ok jmc@
|
|
manually.
|
|
|
|
- For pkcs12, add -camellia*/-idea, -LMK and -password
- For req, add -multivalue-rdn, -pkeyopt and -sigopt
- For verify, add -CRLfile and -trusted, and down -check_ss_sig description
- For x509, add -next_serial and -sigopt
- Remove the escape in -multivalue-rdn from ca section
ok jmc@
|
|
|
|
more than one line. GitHub issue 1822.
|
|
grid_cell to avoid padding. Fixes increased memory use reported by Suraj
N Kurapati.
|
|
another file in a startup file (e.g via find-file), then experience
another unrelated error with one of the lines being evaluated.
|
|
- For ec, add -param_out description
- For enc, add -v usage and description
- For pkcs7, add -print usage and description
ok jmc@
|
|
It doesn't make sense to simultaneously say "never time out" and "release
this terminal in a few minutes".
Input from kn@.
"just go for it" deraadt@
|
|
|
|
- Add undocumented option -r
ok jmc@
|
|
|