Git log: commit e2069f8f068fe3f2a06e70d0f87ce99b29fd0ba1
Author: Guilhem Moulin <guilhem@debian.org>
Date: Wed Apr 12 12:56:12 2023 +0200
d/README.source: Improve commit message based on gbp-import-orig(1)'s.
Gbp-Dch: Ignore
commit 91043ea42f2ab62d9c99db84ad92bcaea9765629
Author: Guilhem Moulin <guilhem@debian.org>
Date: Wed Apr 12 01:35:19 2023 +0200
Update changelog for 1.225-1 release
commit 86cdc88d0a897a14ba4afccfa07597c68833a4b6
Author: Guilhem Moulin <guilhem@debian.org>
Date: Wed Apr 12 02:26:47 2023 +0200
d/checks/04-kflag-udp: Pass ‘-z’ in the UDP reconnection test.
Without that flag udptest() is not called when STDIN is not a TTY, so
the test fails.
commit 2f5a8bea5f84847ee36a90e59f585b5cb3c07537
Author: Guilhem Moulin <guilhem@debian.org>
Date: Wed Apr 12 02:24:38 2023 +0200
d/p/udp-scan-timeout.patch: Call connection_info() and udptest() call when zflag is set.
This is the upstream behavior. We fix d/checks/10-vflag and d/checks/09-zflag to account
for the fact that ‘-z’ now prints connection information by default.
commit 8c3913031698ac05f1b6e225a5a3d523e419c5b0
Author: Guilhem Moulin <guilhem@debian.org>
Date: Wed Apr 12 01:34:03 2023 +0200
d/README.source: Use a secondary parent in the upstream branch.
This is useful to track upstream activity. The logic is inspired from
git-buildpackage's /usr/lib/python3/dist-packages/gbp/git/repository.py .
Even though the upstream VCS is CVS and they are using a monorepo, it
should work here since git-filter-branch(1) is deterministic
(subsequent calls will produce the same IDs).
commit 08f1670e0f7c682b3a86335c026a2df62daab3d4
Author: Guilhem Moulin <guilhem@debian.org>
Date: Wed Apr 12 01:49:17 2023 +0200
Refresh d/patches.
commit 57e0301518b7833b42ef40cdaf5e9e581b136e68
Merge: a7f8805 1440d55
Author: Guilhem Moulin <guilhem@debian.org>
Date: Wed Apr 12 03:53:34 2023 +0200
Updated version 1.225 from 'upstream/1.225'
commit 1440d55c974d02c22b59367796b4b4adec476dae
Merge: 73a423b 58f7e02
Author: Guilhem Moulin <guilhem@debian.org>
Date: Wed Apr 12 03:52:36 2023 +0200
Imported Upstream version 1.225
From OpenBSD 7.3
commit a7f880541f2d22e0d18d8e3ca5e396c5abe953b6
Author: Guilhem Moulin <guilhem@debian.org>
Date: Tue Apr 11 22:45:39 2023 +0200
d/README.source: rsync: Replace ‘-v’ flag with ‘-P’.
Nice to see progress when dowloading large files…
commit 58f7e02e06f4fc0f8e7c96ae30addb1a129137fe
Author: deraadt <deraadt@openbsd.org>
Date: Wed Jan 4 12:53:38 2023 +0000
ugly white space
commit 19c30d16179fac22582649112b24128783e084b3
Author: Guilhem Moulin <guilhem@debian.org>
Date: Tue Dec 20 16:22:04 2022 +0100
Update standards version to 4.6.2, no changes needed.
Changes-By: lintian-brush
Fixes: lintian: out-of-date-standards-version
See-also: https://lintian.debian.org/tags/out-of-date-standards-version.html
commit 7f96f55696f929919aee21eb8424b42f2fdbbf5f
Author: tb <tb@openbsd.org>
Date: Sun Dec 18 12:53:18 2022 +0000
nc: skip connection info on failed or skipped udptest()
In udp mode, nc would always print that the connected succeeded
independently of whether that was actually the case. Don't do that.
idea/ok mpf
commit b795ebafde854e5cb8b7f986e7e7a343220b2eba
Author: tb <tb@openbsd.org>
Date: Sun Dec 18 12:51:10 2022 +0000
nc: do not test the connection in non-interactive mode
The connection test writes four X to the socket, which corrupts data
that we may want to pipe into nc. So don't do that if stdin is not a
tty but still do it in scan mode, this is needed according to chris.
based on a diff by and ok mpf
commit a7edea70622636e3d82dd4c67c858a43f4ae58b7
Author: tb <tb@openbsd.org>
Date: Sun Dec 18 12:48:28 2022 +0000
nc: clean up and simplify connection_infO()
ok mpf as part of a larger diff
commit 8dcf723f45fed5158bf14cccd25deeb000f430ba
Author: tb <tb@openbsd.org>
Date: Sun Dec 18 12:47:31 2022 +0000
nc: pass protocol name to connection_info()
Avoids repeated use of ternary operator on globals.
commit 400fd083eedaa518cbb37c8b7373e00d158ca8bb
Author: tb <tb@openbsd.org>
Date: Sun Dec 18 12:45:34 2022 +0000
nc: factor printing of connection info into a function
This simply moves a chunk of code in this spaghetti mess into its own
function with minimal changes.
idea from a diff by mpf
commit d417c25a18b0f28aff40e9271ae4e61408bf1e75
Merge: e8a09be 66744d2
Author: Guilhem Moulin <guilhem@debian.org>
Date: Mon Oct 31 12:07:04 2022 +0100
Merge branch 'netcat-openbsd-scrub-obsolete' into debian/latest
commit 66744d2c15edb4a95c239b25c1b8e9245cd195e3
Author: Debian Janitor <janitor@jelmer.uk>
Date: Fri Oct 28 01:08:38 2022 +0000
Remove constraints unnecessary since buster (oldstable)
* netcat-openbsd: Drop versioned constraint on netcat in Replaces.
* netcat-openbsd: Drop versioned constraint on netcat in Breaks.
Changes-By: deb-scrub-obsolete
commit b8acbd9eb89200fc00c151e26fbbccabacfdc458
Author: schwarze <schwarze@openbsd.org>
Date: Sun Sep 11 09:58:06 2022 +0000
Replace archaic \*(Lt and \*(Gt by plain < and >, respectively,
because these inspire devotion to cargo cult in developers.
Cleanup suggested by kn@.
commit aaf4ae28e8d65aeb62bea4ba464f527c8bfbcb5f
Author: djm <djm@openbsd.org>
Date: Wed Jun 8 20:20:26 2022 +0000
do not refuse valid IPv6 addresses in -X connect (HTTP CONNECT proxy)
support. Identified by Wilmer van der Gaast, ok millert@
commit 52fd7ebb7a8da78d852f0a1f46c988a4a974e817
Author: tb <tb@openbsd.org>
Date: Wed Jun 8 20:07:31 2022 +0000
KNF, mostly whitespace - no binary change on amd64
commit 8638ba6a626bf306cbf4a4da6ae892984ea761b5
Author: beck <beck@openbsd.org>
Date: Mon Jul 12 15:09:18 2021 +0000
Change the error reporting pattern throughout the tree when unveil
fails to report the path that the failure occured on. Suggested by
deraadt@ after some tech discussion.
Work done and verified by Ashton Fagg <ashton@fagg.id.au>
ok deraadt@ semarie@ claudio@
commit 9fa47cb6507ba9a2e5dcc2720e996ce72a5780e9
Author: jmc <jmc@openbsd.org>
Date: Wed Mar 31 20:41:35 2021 +0000
one of the examples needs an -N (and explanation);
diff from robert scheck
discussed with and tweaked by sthen
commit 09cf58fdf7097f957d08fa8d291054566bc7d5ff
Author: schwarze <schwarze@openbsd.org>
Date: Wed Feb 12 14:46:36 2020 +0000
Standardize argument naming for "sourceaddr" and unify the wording a bit,
similar to what deraadt@ recently did in other manual pages.
commit 1ab8f9a1072ba3c0839f7130c9bab3316fa2dfb5
Author: beck <beck@openbsd.org>
Date: Sun Jan 26 23:47:57 2020 +0000
revert previous nc loop refactor from 1.211, breaks bluhm's stuff
will attempt again later, now that there is new regress
commit 672f6be8a65d62ce16f4bd648f2fe39b5eb2b9a1
Author: bluhm <bluhm@openbsd.org>
Date: Tue Jan 7 17:36:04 2020 +0000
If the client provides a TLS certificate and the user specifies a
hash value on the nc(1) server command line, the netcat server must
use the TLS context of the accepted socket for verification. As
the listening socket was used instead, the verification was always
successful.
If the peer provides a certificate, there must be a hash. Make the
hash verification fail safe.
OK tb@
commit 4ff2af9ad898fb9662a85f19c6872763a80109c7
Author: bluhm <bluhm@openbsd.org>
Date: Mon Jan 6 19:39:58 2020 +0000
The unveil(2) for nc -U -u -l was wrong. The server cannot unveil
the file system as it has to connect to the UNIX domain client
socket. The path of the latter is determined dynamically. Instead
add a restrictive pledge(2) after connect(2).
OK tb@
commit 8d7fb01b9633a5c7f17624b2c652bcf63b1c2f91
Author: bluhm <bluhm@openbsd.org>
Date: Mon Jan 6 15:19:12 2020 +0000
When using UNIX domain sockets, always call report_sock() with the
path name of the socket. This avoids bad errors from getnameinfo(3).
Use the same error check for both calls to getnameinfo(3).
OK millert@ tb@
commit 24692729eb15055cd5eb376dbe87c99c7ea34426
Author: deraadt <deraadt@openbsd.org>
Date: Sun Nov 17 17:38:33 2019 +0000
fail to usage if extra argv are present
noticed by jsing and beck, ok tedu
commit deaebaf0d2697fa7e138991c3f765fdaf6b4bbd1
Author: beck <beck@openbsd.org>
Date: Wed Nov 13 04:10:38 2019 +0000
refactor the nc pool loop to not shut down the socket early, and
to handle tls_shutdown correctly if using TLS, doing tls_shutdown
correctly if we are using the -N flag
ok sthen@
commit f55c9a57f71b0c3ceb3bc64486ee46aeecfff4ba
Author: millert <millert@openbsd.org>
Date: Mon Nov 4 17:33:28 2019 +0000
Fix an out of bound read/write when using a proxy.
From Lucas AT sexy DOT is. OK job@ kn@
commit 440ce88731e9660e15cca8916fd3392a35b67c4d
Author: kn <kn@openbsd.org>
Date: Thu Oct 24 17:27:08 2019 +0000
Service names are still resolved with -n
Just like pfctl(8)'s -N, this flag only avoid DNS;
"nc -vz ::1 socks" still works.
Fix documentation by copying pfctl's wording.
OK deraadt
commit d86c384852ffc40c8b243277b4b61972eb928a7e
Author: job <job@openbsd.org>
Date: Thu Oct 24 12:48:54 2019 +0000
Print IP address in verbose mode
OK kn@
commit 7183e9488ec3e9132e7ed4b7cc938d6daa75d12e
Author: beck <beck@openbsd.org>
Date: Wed Oct 23 13:49:24 2019 +0000
Revert previous, which works for -N case but causes regress failures
for tls, since the socket is shut down without calling tls_close().
Since nc appears to have a problem with this in other shutdown() cases
I am simply going to bake a new diff for this.
noticed by bluhm@.
commit 378056f22aa61730a9c545f5f53b7256fba2977f
Author: beck <beck@openbsd.org>
Date: Thu Oct 17 14:29:24 2019 +0000
Fix -N flag to actually shut down the (entire) socket when the input
goes away. This allows for using nc in cases where the network server
will no longer expect anything after eof, instead of hanging waiting
for more input from our end.
Additionaly, shut down if tls is in use if either side of the socket
goes away, since we higher level TLS operations (tls_read and write)
will require the socket to be both readable and writable as we can
get TLS_WANT_POLLIN or TLS_WANT_POLLOUT on either operation.
deraadt@ buying it. found by sthen@
commit 207912aea024b33eac5cf17ee413189eb755edb7
Author: mestre <mestre@openbsd.org>
Date: Thu Aug 8 16:49:35 2019 +0000
added /* no filesystem visibility */ above unveil("/", "") since "" is too easy
to misread.
as per suggestion by and OK deraadt@
commit 58e626c3a9a906e1a6165a6fd4a7943b062449cf
Author: benno <benno@openbsd.org>
Date: Mon Jul 29 15:19:03 2019 +0000
Make proxy auth work with http 1.1 speaking webservers.
Diff from Alexander Koeppe format_c -AT- online -DOT- de, thanks.
ok deraadt@
commit e599b7c6fde9db06b120887c148b40d19b68a112
Author: deraadt <deraadt@openbsd.org>
Date: Wed Jul 3 03:24:01 2019 +0000
snprintf/vsnprintf return < 0 on error, rather than -1.
commit 622c05a90fcf7f2e5bd0012c23f3435a1140f474
Author: deraadt <deraadt@openbsd.org>
Date: Fri Jun 28 13:34:58 2019 +0000
When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.
commit fba120fe5f722131a317213f3febddd1ab0303ba
Author: deraadt <deraadt@openbsd.org>
Date: Thu Jun 27 18:03:36 2019 +0000
Some asprintf() calls were checked < 0, rather than the precise == -1.
ok millert nicm tb, etc
commit 8caf78662473b4492f05e661e2b3e9272aa312c5
Author: jsing <jsing@openbsd.org>
Date: Tue Feb 26 17:32:47 2019 +0000
Correctly handle tls_read() and tls_write() failures.
Otherwise a TLS error (for example the remote end sent a fatal alert) is
silently ignored.
ok bluhm@ tb@
commit a022e094132ae1cb3744464ea857f38069ea6ac9
Author: mestre <mestre@openbsd.org>
Date: Thu Jan 10 12:44:54 2019 +0000
Revert back previous commit and stop including strings.h
Use memset(3) instead of bzero(3) since POSIX recommends using the former and
because it's also more portable (conforms to ANSI C standard)
OK tedu@ tb@
commit 3bb02a10887bef50ca036515fceed8353e1769f2
Author: inoguchi <inoguchi@openbsd.org>
Date: Wed Jan 9 12:58:18 2019 +0000
Include strings.h for bzero in usr.bin/nc
bzero is defined in strings.h.
ok deraadt@
commit 03a5a9b6f0dc146cdde7cbc129650be404caab84
Author: jmc <jmc@openbsd.org>
Date: Thu Dec 27 17:45:36 2018 +0000
too many words in previous;
commit bc96345b19ac7e06cad0c3230a33199ea91f8a48
Author: tedu <tedu@openbsd.org>
Date: Thu Dec 27 17:22:45 2018 +0000
port ranges can be ambiguous with hypenated port-names.
specify that ranges must be numeric, and only check for range if
first argument is a digit.
identified by danj, fix suggest by sthen
commit 8073b1841875138b86f5dbbf147cbe5e44e4241d
Author: tedu <tedu@openbsd.org>
Date: Thu Nov 29 14:25:06 2018 +0000
update for libtls default cert changes.
bonus: this exposed a few missing const qualifiers.
commit dcf53958dd61a7711a9b076720f1f114d13b7c7b
Author: bluhm <bluhm@openbsd.org>
Date: Fri Nov 9 04:05:14 2018 +0000
In verbose mode netcat reports to stderr when the listen system
call has finished. This allows to write race free scripts as they
can check that the server is up and running.
OK sthen@ tb@
commit 12bec0e4aa78519a54db0df0affe0858f97d4da1
Author: jsing <jsing@openbsd.org>
Date: Tue Nov 6 20:39:19 2018 +0000
Use TLS_CA_CERT_FILE instead of a separate define.
ok beck@ bluhm@ tb@
commit 7b0183f28e81bc5ad1ca6c8fe27bd9500d429142
Author: dlg <dlg@openbsd.org>
Date: Fri Oct 26 07:19:26 2018 +0000
show what went wrong with a unix domain socket, rather than fail silently
handy if you type the path wrong or don't have permission...
ok deraadt@
commit d3ed40f27efcc2d3435d961dcf771c0c018a6e36
Author: bluhm <bluhm@openbsd.org>
Date: Thu Oct 4 17:04:50 2018 +0000
Plug TLS context leak in nc(1) server and client mode. Move
tls_free(3) directly after close(2) to catch all cases.
based on a patch from Nan Xiao; OK tb@ deraadt@
commit c431c11469b88b1e38af42ed93f2a98918ecfef3
Author: jmc <jmc@openbsd.org>
Date: Tue Sep 25 20:05:07 2018 +0000
-T applies to ip6 too, apparently;
from nan xiao
commit 0355ebd9c0ad6519ac211225a92a44926d68ba93
Author: bluhm <bluhm@openbsd.org>
Date: Fri Sep 7 09:55:29 2018 +0000
Declare strings passed to local_listen() as const. This makes it
consistent to remote_connect() and getaddrinfo(3).
from Nan Xiao
commit bb8724fa472fdfd0bec3eec8532cc524db12d6bf
Author: bluhm <bluhm@openbsd.org>
Date: Thu Sep 6 13:23:02 2018 +0000
Do not close the socket twice in netcat.
from Nan Xiao; OK tb@
commit f567c38f3aeb5e7e60270e0e43990e11faa2c10e
Author: jmc <jmc@openbsd.org>
Date: Fri Aug 17 14:33:29 2018 +0000
spelling;
commit f61115b08978cb7e1b9957d41b4c49038de2a3b7
Author: schwarze <schwarze@openbsd.org>
Date: Fri Aug 17 14:03:10 2018 +0000
Make the wording more concise, use the imperative throughout, state
more precisely which options require which other options, add many
missing incompatibilities, mention the default for -e, and some
macro cleanup.
OK jmc@ tb@
commit ee5880c4dfda2bf6fdcdd73dfe845b303bdac888
Author: deraadt <deraadt@openbsd.org>
Date: Fri Aug 10 17:15:22 2018 +0000
In typical swiss-army style, various modes and options cause
different unveils. Joint work with beck and florian.
Let us know if you hit any corner cases.
commit 1cdb08602707d64769153b3b594064bdbc24bfa0
Author: beck <beck@openbsd.org>
Date: Fri Apr 27 15:17:53 2018 +0000
trailing whitespace, and move arg checking before pledge
in preparation for pledgepath
ok deraadt@
commit d2cc0dec34a4917e728faa3972f0405823d21fe7
Author: deraadt <deraadt@openbsd.org>
Date: Tue Mar 27 16:31:10 2018 +0000
Clear password buffers in non-terminating cases
ok tobias
commit 9dfca790da70ec1a10e994fd0587863f5b8e624f
Author: jsing <jsing@openbsd.org>
Date: Mon Mar 19 16:35:29 2018 +0000
Remove the tls_init() call, since it is no longer necessary.
ok bcook@ beck@ inoguchi@
commit 42533fc78eb62108482ddab524677489869e4f31
Author: jsing <jsing@openbsd.org>
Date: Tue Nov 28 16:59:10 2017 +0000
Allow TLS ciphers and protocols to be specified for nc(1).
Replace the "tlscompat" and "tlsall" options with "cipher" and "protocol"
options that are key/value pairs. This allows the user to specify ciphers
and protocols in a form that are accepted by tls_config_set_ciphers() and
tls_config_set_protocols() respectively.
ok beck@
(also ok jmc@ for a previous revision of the man page).
commit 155a33c539623351f97d4bf2d2d6b61fd127bd5f
Author: bluhm <bluhm@openbsd.org>
Date: Tue Oct 24 17:49:35 2017 +0000
Use a smaller buffer size too peek the receive data. The content
is discarded anyway, the plen variable is a leftover from the -j
jumbo option.
reported by Nan Xiao; OK deraadt@