BSD Commit Log Search

   Return immediately if the list is empty in mode_tree_key instead of
   crashing, from Bryce Miller in GitHub issue 5170.

   when no constraints are configured, do not wait for constraint replies
   openntpd-portable commit 2760aa0, bcook@

   when creating a peer out of a pool spec ("servers" in cfg), copy
   "trusted" just like weight and everything else
   openntpd-portable commit fd6d7d0 by bcook@

   Update because printconf missed a hypen.

   -       announce as4byte yes
   +       announce as-4byte yes

   announce as-4byte uses a hyphen in the name. Fix printconf to output the
   statement correctly.

   Save the rpkiNotify URI itself in the repository's RRDP state file

   Providing this mapping makes introspection & comparison of RRDP states
   across different instances easier.

   OK tb@

   Add a point at infinity check to ecdh_compute_key()

   While we already check that the peer's public point is on the curve and
   will reject the point at infinity when getting the affine coordinates,
   doing this earlier avoids doing work with the private key in a clearly
   invalid case.

   Suggested by Lucca Hirschi et al.

   [An EC_KEY_check_key() call was also suggested but this is a bit expensive
   and punishes callers that do that or equivalent already (e.g. ssh)]

   ok jsing kenjiro

   tlsext: add XXX to consider refusing anything but uncompressed point format

   ok jsing kenjiro

   The ssl_kex regress now passes.

   ssl_kex: ensure the public key uses uncompressed encoding

   EC_POINT_oct2point() does most of the validation we need it to do, but it
   has to accept the point at infinity, compressed and hybrid encodings for
   historic reasons. So exclude these cases: the point at infinity makes no
   sense here and will be caught later in ECDH_compute_key(), the compressed
   and hybrid encodings MUST NOT be supported per RFC 8422 section 5.1.2.

   This is implemented using the strategy already used in ec_convert.c since
   the point_conversion_form_t is completely unfit for anything.

   Set decode_error to ensure we send that alert. We may make some effort to
   use illegal_parameter later.

   Issue about the missing alert and the point at infinity raised by Lucca
   Hirschi et al.

   ok jsing kenjiro

   Adjust ssl_kex test for signature change in ssl_kex_peer_public_ecdhe_ecp()

   Add a decode_error argument to ssl_kex_peer_public_ecdhe_ecp()

   ok jsing kenjiro

   regress/libssl/unit: add a currently failing test for ECDHE kex

   sort SEE ALSO

   Move checking of whether the cursor is visible inside the if so that it
   always hits the calculation of the oy offset when the status line is at
   the top. From Michael Grant.

   Add -H flag to capture-pane to show hyperlinks.

   sadly attach functions cannot indicate failure (until we eventually
   fix that), so the device node remains inact (but broken).  Strange
   callbacks (like activate for suspend/resume) need to detect this situation
   in a device-dependent way for now.  Do that here.
   ok kettenis

   Add -L to show line numbers with capture-pane and -F to show line flags.

   Enable suspend/resume for qwz(4).

   Tested by me on the SGB4E (arm64) and the T40 (arm64) by deraadt@.

   ok kettenis@

   Clear entire lines when removing from history or freeing.

   Adapt to random direct map by also extracting pmap_direct_base with nlist
   issue spotted by anton; discussion with mlarkin and guenther

   Redraw entire session when making a new pane.

   Add -g flag to kill-session to kill all sessions in a group, GitHub
   issue 5157 from github at jiku dot jp.

   Add some additional environment variables needed for Wayland, from
   shbernal dot 01 at gmail dot com.

   Tweak previous.

   Add -E to split-window to explicitly make an empty pane rather than
   requiring an empty command.

   tls_conn_version: add missing .Pp in HISTORY

   ec_convert: point_conversion_t -> point_conversion_form_t in a comment

   Allow floating panes to be created partially off the window, based on a
   change from Michael Grant.

   Make crypto_sign_ed25519_keypair_from_seed() static to prevent compiler
   warnings since it's only used within ed25519.c.