| Age | Commit message (Collapse) | Author |
|---|
|
level, validation must be separated from parsing and rewinding.
This first big step moves calling of the mdoc(7) post_*() functions
out of the parser loop into their own mdoc_validate() pass, while
using a new mdoc_state() module to make syntax tree state handling
available to both the parser loop and the validation pass.
|
|
|
|
Delete the outmdoc, outman, and outfree function pointers.
|
|
noticed by Svyatoslav Mishyn <juef at openmailbox dot org>
|
|
from Theo Buehler
|
|
ok deraadt
|
|
pledge doesn't let us pass directory file descriptors.
|
|
|
|
|
|
to match the owner of the output file.
|
|
ok millert@
|
|
|
|
alas "dns" is now a mandatory statement if you want to do dns!
|
|
|
|
"dns" was missing, and this was relying on "inet" support..
|
|
ok guenther@
|
|
|
|
in cat mode (-c, zcat), or in test mode (-t), or if there are no
file arguments and there is no -o outfile. Due to fts(3) we require
rpath even for compress <in >out.
"seems sound" deraadt@
|
|
|
|
"sendfd" is dropped after first message from the server.
|
|
ok semarie@
|
|
|
|
it is needed in order to let libssl UI_* function plays with echo on/off when
asking for password on terminal.
passwd subcommand needs additionnal "wpath cpath" in order to let it calls
fopen("/dev/tty", "w") (O_WRONLY with O_CREAT | O_TRUNC).
problem reported by several
with and ok doug@
|
|
early on, then a set of getpwnam/setresuid/... before quickly dropping to
"stdio recvfd". It receives fd's and runs the magic code on them in a
chroot'd "stdio" jail. We can do better than that.
Before the recent change, "proc" contained both the concepts of "forking"
and "setuid". "id" is now split out as a seperate request, and it is
exactly what this process needs momentarily. So this loses another window
of opportunity, in case we have a major bug in .... hmm, it'd have to be
in getpwnam....
ok tedu doug semarie gilles
|
|
in .Bl -column; it took me more than a day to get this right.
Triggered by a loosely related bug report from tim@.
The lesson for you is: Use .Ta macros in .Bl -column, avoid tabs,
or you are in for surprises: The last word before a tab is not
interpreted as a macro (unless there is a blank in between), the
first word after a tab isn't either (unless there is a blank in
between), and a blank after a tab causes a leading blank in the
respective output cell. Yes, "blank", "tab", "blank tab" and "tab
blank" all have different semantics; if you write code relying on
that, good luck maintaining it afterwards...
|
|
diffie-hellman-group-exchange to 2048 bits; ok markus@
|
|
program was called as mandoc(1) in the first place, remove "flock"
from our pledge(2) before entering the parsers and formatters.
OK millert@ deraadt@
|
|
canonicalisation - treat them as already canonical and remove the
trailing '.' before matching ssh_config; ok markus@
|
|
ok jca@
|
|
* removing unneeded casts of void* return values
* replacing varied and creative error messages with the allocation
function's name
* replacing errx() with err() so that the errno string is reported
ok beck@, jung@, millert@
|
|
ok dtucker@, djm@.
|
|
use pledge and file locking. OK deraadt@
|
|
Buehler.
|
|
ok deraadt
|
|
pledge "stdio rpath wpath cpath getpw proc exec tty" now.
It will be hard to drop many of those features unless cu becomes
privsep for the "upload" commands.
|
|
We will iterate and remove some of the pledges in the future. This is
conservative for now.
Tested by sthen@ and myself.
ok deraadt@
|
|
strings; reported by Nicholas Lemonias
|
|
patch from Michael Reed <m dot reed at mykolab dot com>.
Also drop .Tn while here.
|
|
Patch from Michael Reed <m dot reed at mykolab dot com>.
|
|
|
|
from rob pierce
|
|
Delete manual "Ta" handling because macro handling should
not be done in an argument parser but should be left to the
macro parsers, which exist anyway and work well.
No functional change, minus 40 lines of code.
Confusing and redundant code found while investigating
an old bug report from tim@.
|
|
calls phrase_ta() to handle a .Ta child macro, advance the body
pointer accordingly, such that a subsequent tab character rewinds
the right body block and doesn't fail an assertion. That happened
when there was nothing between the .Ta and the tab character.
Bug reported by tim@ some time ago.
|
|
unlink(2) and fopen(3) to prevent an attacker to open an old file
with wrong permissions before the secret is written into it. This
also guarantees that a new file with correct permissions is created.
Without fchmod(2) "fattr" can be removed from pledge.
with and OK deraadt@
|
|
with and OK deraadt@
|
|
char.
Part of a larger attempt to audit ctype function argument types with
Coccinelle.
ok deraadt@
|
|
|
|
with input by and ok deraadt@, millert@, tim@
|
|
|
|
Mostly diff by Daniel Dickman, who told me to commit in his stead,
as he's tied up at work.
|
