Age | Commit message (Collapse) | Author |
|
- Fix IPQoS not being set on non-mapped v4-in-v6 addressed connections
(closes: #643312, #650512).
- Add a new privilege separation sandbox implementation for Linux's new
seccomp sandbox, automatically enabled on platforms that support it.
(Note: privilege separation sandboxing is still experimental.)
|
|
openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/getrrsetbyname.c]
bz 1320: Add optional support for LDNS, a BSD licensed DNS resolver library
which supports DNSSEC. Patch from Simon Vallet (svallet at genoscope cns fr)
with some rework from myself and djm. ok djm.
|
|
installed, the host key is published in an SSHFP RR secured with DNSSEC,
and VerifyHostKeyDNS=yes, then ssh will no longer prompt for host key
verification (closes: #572049).
|
|
fits into 16 bits to work around a bug in glibc's resolver where it masks
off the buffer size at 16 bits. Patch from Hauke Lampe, ok djm jakob.
|
|
[openbsd-compat/getrrsetbyname.c]
use RRSIG instead of SIG for DNSSEC. ok djm@
|
|
platform's _res if it has one. Should fix problem of DNSSEC record lookups
on NetBSD as reported by Curt Sampson.
|
|
an array for signatures when there are none since "calloc(0, n) returns
NULL on some platforms (eg Tru64), which is explicitly permitted by
POSIX. Diagnosis and patch by svallet genoscope.cns.fr.
|
|
openbsd-compat/bindresvport.c openbsd-compat/getrrsetbyname.c
openbsd-compat/port-tun.c openbsd-compat/rresvport.c] Include <arpa/inet.h>
for hton* and ntoh* macros. Required on (at least) HP-UX since we define
_XOPEN_SOURCE_EXTENDED. Found by santhi.amirta at gmail com.
|
|
|
|
[canohost.c channels.c cipher-acss.c defines.h dns.c gss-genr.c]
[gss-serv-krb5.c gss-serv.c log.h loginrec.c logintest.c readconf.c]
[servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c]
[ssh.c sshconnect.c sshd.c openbsd-compat/bindresvport.c]
[openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-misc.c]
[openbsd-compat/getrrsetbyname.c openbsd-compat/glob.c]
[openbsd-compat/mktemp.c openbsd-compat/port-linux.c]
[openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c]
[openbsd-compat/setproctitle.c openbsd-compat/xmmap.c]
make the portable tree compile again - sprinkle unistd.h and string.h
back in. Don't redefine __unused, as it turned out to be used in
headers on Linux, and replace its use in auth-pam.c with ARGSUSED
|
|
prevents warnings on platforms where _res is in the system headers.
|
|
_res, prevents problems on some platforms that have _res as a global but
don't have getrrsetbyname(), eg IRIX 5.3. Found and tested by
georg.schwarz at freenet.de, ok djm@.
|
|
ifdef lost during sync. Spotted by tim@.
|
|
after the copyright notices. Having them at the top next to the CVSIDs
guarantees a conflict for each and every sync.
|
|
resolving memory leak bz#1111 reported by kremenek AT cs.stanford.edu;
ok dtucker@
|
|
templates for _getshort and _getlong if missing to prevent compiler warnings
on Linux.
|
|
failing with NOMEMORY if no sigs are returned and malloc(0) returns NULL.
From Martin.Kraemer at Fujitsu-Siemens.com; ok djm@
|
|
-> HAVE_DECL_H_ERRNO.
|
|
is defined before using.
|
|
as extern int if not already declared. Fixes compile errors on old SCO
platforms. ok tim@
|
|
|
|
source file path (in OpenBSD tree).
|
|
|
|
openbsd-compat/getrrsetbyname.h] DNS fingerprint support is now always
compiled in but disabled in config.
|
|
HEADER.ad in arpa/nameser.h
|
|
_getlong in #ifndef
|
|
|
|
|
|
|