mischief/openbsd-src
1
0
Fork 0
mirror of https://github.com/openbsd/src.git synced 2025-01-03 06:45:37 -08:00
Code
237,168 Commits 1 Branch 0 Tags 810 MiB
8889493e35
Commit Graph

34159 Commits

Author SHA1 Message Date
sobrado
8f80aa97a4 add missing option "-d" to flex(1)'s usage. 
ok jmc@, a few weeks ago.
 2024-12-18 12:33:57 +00:00
nicm
5df986e2a2 Assign excess space more evenly when spreading out cells, from Torbjorn 
Lonnemark.
 2024-12-17 08:40:24 +00:00
nicm
926caf46e6 Add a nesting limit to source-file, from Fadi Afani in GitHub issue 
4223.
 2024-12-16 09:13:09 +00:00
nicm
be3910bdd6 Memory leak, GitHub issue 4298. 2024-12-16 08:54:34 +00:00
nicm
f2412267dc Missing main-vertical-mirrored from layout list, from charlotte at 
lottia dot net.
 2024-12-16 08:51:41 +00:00
dtucker
feb3ea439d Plug leak on error path, spotted by Coverity. ok djm@ 2024-12-12 09:09:09 +00:00
tb
5e6abc6fb4 ciphers: remove tls1 and tls1_1 leftovers 
The options were already removed from the manual in 91e7614a.

From Renaud Allard (hand-applied since patch was mangled)
 2024-12-11 12:18:05 +00:00
millert
8a7444b3f2 The "c" command should start the next cycle as clarified in POSIX 
2024.  This is also consistent with historical behavior.
Prompted by Mohamed Akram with a diff from uwe@netbsd.
 2024-12-10 23:49:55 +00:00
jsg
26e4a7effd add HISTORY section; from Evan Silberman 2024-12-10 05:10:13 +00:00
florian
407e22462b Implement RESINFO (RFC 9606) 
This is more or less a copy of txt_16.c.

OK caspar
 2024-12-09 12:24:01 +00:00
djm
84a2368111 replace bespoke logging of MaxSessions enforcement with new ratelimited 
logging infrastructure.

Add ratelimits to logging of connections dropped by PerSourcePenalties

ok dtucker
 2024-12-07 10:12:19 +00:00
djm
cc7fda5dc1 add infrastructure for ratelimited logging; feedback/ok dtucker 2024-12-07 10:05:36 +00:00
djm
747ebedabb allow glob(3) patterns for sshd_config AuthorizedKeysFile and 
AuthorizedPrincipalsFile directives; bz2755 ok dtucker
 2024-12-06 16:24:27 +00:00
djm
5b6bbb3d58 support VersionAddendum in the client, mirroring the option of 
the same name in the server; bz2745 ok dtucker@
 2024-12-06 16:21:48 +00:00
djm
581c1d79a7 clarify encoding of options/extensions; bz2389 2024-12-06 16:02:12 +00:00
djm
976a9bf1e5 ignore SIGPIPE here; some downstreams have had this for years... 2024-12-06 15:17:15 +00:00
djm
31527a040c sync -o option lists with ssh.1; requested jmc@ 2024-12-06 15:12:56 +00:00
nicm
95980d0818 Preserve modifiers on backspace. 2024-12-06 09:07:40 +00:00
nicm
a1f482fe91 Do not write bracketed paste keys themselves if the pane has not asked 
for them.
 2024-12-06 09:06:56 +00:00
dtucker
c05259c408 Change "login again" to "log in again" in password change message. From 
ThinLinc-Zeijlon via github PR#532.
 2024-12-06 06:55:28 +00:00
naddy
b56918e34f catch up documentation: AES-GCM is preferred to AES-CTR 2024-12-05 22:45:03 +00:00
dtucker
14d1766073 De-magic the x11 base port number into a define. ok djm@ 2024-12-05 06:49:26 +00:00
dtucker
0a9ac28277 Prevent integer overflow in x11 port handling. These are theoretically 
possible if the admin misconfigures X11DisplayOffset or the user
misconfigures their own $DISPLAY, but don't happen in normal operation.
From Suhov Roman via bz#3730, ok djm@
 2024-12-05 06:47:00 +00:00
nicm
6338d89d41 Fix backspace option for new key format, GitHub issue 4284. 2024-12-04 19:11:15 +00:00
djm
8823bb00fc sync the list of options accepted by -o with ssh_config.5 
prompted by bz3455
 2024-12-04 14:37:55 +00:00
djm
e2c061ecb9 don't screw up ssh-keygen -l output when the file contains CR 
characters; GHPR236 bz3385, fix from Dmitry Belyavskiy
 2024-12-04 14:24:20 +00:00
tb
e8e63f6878 Fix up authority and subject key identifiers in force pubkey mode 
Upstream decided that this nonsense was worth an ABI break and added stuff
to the X509_CTX so they could hang the issuer's public key off it so that
they could adjust the key identifiers as needed. Let's avoid that and do
it the slightly less nasty way by updating the AKI and SKI as needed.

We only do this when force pubkey is in place so we don't change the
semantics of the batshit crazy config language that nobody understands.

ok job
 2024-12-04 08:14:34 +00:00
jsg
3bb7d5b07c spelling; ok djm@ 2024-12-03 22:30:03 +00:00
dtucker
8aa1e807a7 Remove fallback to compiled-in gropup for dhgex when the moduli file 
exists, but does not contain moduli within the client-requested range.
The fallback behaviour remains for the case where the moduli file does
not exist (typically, running tests prior to installing).
From bz#2793, based in part on patch from Joe Testa, ok djm@
 2024-12-03 16:27:53 +00:00
tb
773a72803d Remove redundant field of definition check 
This will allow us to get rid of EC_GROUP_method_of() in the near future.

ok djm
 2024-12-03 15:53:51 +00:00
dtucker
b67e94d27b Improve description of KbdInteractiveAuthentication. Based on bz#3658, 
fixes jmc@ ok markus@ djm@.
 2024-12-03 14:12:47 +00:00
jmc
ac44f26236 M-1 to M-7 for 7 preset layouts; from bunkmate 
ok nicm
 2024-12-03 11:18:34 +00:00
jmc
f934cab508 refer to glob(7) rather than fnmatch(3); 
from evan silberman

ok sthen semarie millert nicm
 2024-12-03 11:15:44 +00:00
djm
71e7e71144 support FIDO tokens that return no attestation data, e.g. recent 
WinHello. From Michael Braun via GHPR542
 2024-12-03 08:31:49 +00:00
jmc
394d9b5a8b glob patterns described in glob(7) not fnmatch(3); 
from evan silberman

ok sthen semarie millert
 2024-12-03 07:09:14 +00:00
djm
eac0e5c0ee unbreak 2024-12-02 14:06:42 +00:00
djm
08d45e79c0 prefer AES-GCM to AES-CTR; ok deraadt markus 2024-12-02 13:37:18 +00:00
tb
ee8ccd1f93 openssl speed: stop trying to use small curves 
secp160r1 and nistp192 are no longer available in libcrypto. Should have
been committed along with disabling these curves, but was missed.

ok jsing
 2024-11-30 10:05:41 +00:00
jmc
6f45564e3f undo unneccessary \*([GL]t sequences; balance that by adding Sq; 
from evan silberman
 2024-11-29 23:46:40 +00:00
dtucker
f651b06a4c Import regenerated moduli. 2024-11-29 00:13:36 +00:00
nicm
a65ab48513 Add extended keys flag for foot terminal. 2024-11-28 08:49:14 +00:00
djm
049e6dd2cb fix argument of "Compression" directive in ssh -G config dump, 
which used to work but broke in 9.8
 2024-11-27 16:07:08 +00:00
djm
f6e19f5194 new name/link for agent I-D 2024-11-27 13:27:34 +00:00
djm
0d94c36dfc mention that biometrics may be used for FIDO key user verification as 
well as PIN. Prompted by Zack Newman, ok jmc@
 2024-11-27 13:00:23 +00:00
nicm
891a8d2917 Do not check for latest client in callback since the type may be latest 
but with no window, fixes new-session -x and -y with another attached
client. GitHub issue 4268.
 2024-11-27 10:12:20 +00:00
nicm
33eead7d7c Do not stop drag on double or triple click, GitHub issue 4272. 2024-11-27 10:10:20 +00:00
djm
bae7b9e3be g/c outdated XXX comments 2024-11-26 22:05:51 +00:00
djm
0b69623076 Explicitly specify the signature algorithm when signing hostkeys-prove 
requests.

Fixes a corner-case triggered by UpdateHostKeys with one or more unknown
host keys stored in ssh-agent where sshd refuses to accept the signature
coming back from the agent.

Report/fix from Maxime Rey
 2024-11-26 22:01:37 +00:00
djm
72de640629 when using RSA keys to sign messages, select the signature algorithm 
based on the requested hash algorithm ("-Ohashalg=xxx").

This allows using something other than rsa-sha2-512, which may not
be supported on all signing backends, e.g. some smartcards only
support SHA256.

Patch from Morten Linderud; ok markus@
 2024-11-26 21:23:35 +00:00
nicm
4d3ac07a3f Add copy-mode-position-style and copy-mode-selection-style for copy 
mode (they default to mode-style as before).
 2024-11-26 15:52:41 +00:00