Age | Commit message (Collapse) | Author |
|
POSIX specifies that when given a symlink, AT_SYMLINK_NOFOLLOW should
update the symlink and not the destination. The compat code doesn't
have a way to do this, so where possible it fails instead of following a
symlink when explicitly asked not to. Instead of checking for an explicit
failure, check that it does not update the destination, which both the
real and compat implementations should honour.
Inspired by github pull req #125 from chutzpah at gentoo.org.
Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=182898192d4b720e4faeafd5b39c2cfb3b92aa21
Last-Update: 2019-06-09
Patch-Name: fix-utimensat-test.patch
|
|
There is no reason to check the version of OpenSSL (in Debian). If it's
not compatible the soname will change. OpenSSH seems to want to do a
check for the soname based on the version number, but wants to keep the
status of the release the same. Remove that check on the status since
it doesn't tell you anything about how compatible that version is.
Author: Colin Watson <cjwatson@debian.org>
Bug-Debian: https://bugs.debian.org/93581
Bug-Debian: https://bugs.debian.org/664383
Bug-Debian: https://bugs.debian.org/732940
Forwarded: not-needed
Last-Update: 2014-10-07
Patch-Name: no-openssl-version-status.patch
|
|
This allows SSHFP DNS records to be verified if glibc 2.11 is installed.
Origin: vendor, https://cvs.fedoraproject.org/viewvc/F-12/openssh/openssh-5.2p1-edns.patch?revision=1.1&view=markup
Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572049
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572049
Last-Update: 2010-04-06
Patch-Name: dnssec-sshfp.patch
|
|
Rejected upstream due to discomfort with magic usernames; a better approach
will need an SSH protocol change. In the meantime, this came from Debian's
SELinux maintainer, so we'll keep it until we have something better.
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641
Bug-Debian: http://bugs.debian.org/394795
Last-Update: 2019-06-05
Patch-Name: selinux-role.patch
|
|
It's not needed, and is not available from the call site in loginrec.c
Should only affect AIX, spotted by Kevin Brott.
|
|
Spotted by Kevin Brott.
|
|
|
|
Fixes build on systems that don't have it (Solaris <=9) Found by
Tom G. Christensen.
|
|
The latter checks for memory exhaustion and integer overflow and may be
at a less predictable place. Sanity check by vinschen at redhat.com, ok
djm@
|
|
Patch from vinschen at redhat.com, updated a little by me.
|
|
The previous revert enabled case-insensitive user names again. This
patch implements the case-insensitive user and group name matching.
To allow Unicode chars, implement the matcher using wchar_t chars in
Cygwin-specific code. Keep the generic code changes as small as possible.
Cygwin: implement case-insensitive Unicode user and group name matching
Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
|
|
|
|
This reverts commit acc9b29486dfd649dfda474e5c1a03b317449f1c.
Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
|
|
Prevents macro redefinition warning on at least NetBSD 6.1.
|
|
|
|
Fixes builds on at least OS X Lion, NetBSD 6 and Solaris 10.
|
|
Some systems (eg older OS X) do not have utimensat, so provide minimal
implementation in compat layer. Fixes build on at least El Capitan.
|
|
|
|
Try the new init function (OPENSSL_init_crypto) before falling back to
the old one (OpenSSL_add_all_algorithms).
|
|
Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually
supports it.
Move all libcrypto initialisation to a single function, and call that
from seed_rng() that is called early in each tool's main().
Prompted by patch from Rosen Penev
|
|
Check for the presence of OPENSSL_init_crypto and all the flags we want
before trying to use it (bz#2931).
|
|
Both INSTALL and configure.ac claim OpenSSL >= 1.0.1 is supported; fix
compile-time check for 1.0.1 to match.
|
|
ECDSA code in openssh-compat.h and libressl-api-compat.c needs to be
guarded by OPENSSL_HAS_ECC
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
|
|
|
Use detected functions in compat layer instead of guessing based on
versions. Really fixes builds with LibreSSL, not just configure.
|
|
I thought OpenSSL 1.0.x offered the new-style OpenSSL_version_num() API
to obtain version number, but they don't.
|
|
bz#2921, patch from cotequeiroz
|
|
Missing last argument to OPENSSL_init_crypto()
|
|
OpenSSL 1.1.x soft-deprecated OPENSSL_config in favour of
OPENSSL_init_crypto; pointed out by Jakub Jelen
|
|
Don't let systems with broken printf(3) avoid our replacements
via asprintf(3)/vasprintf(3) calling libc internally. From djm@
|
|
probably unreachable on this platform; pointed out by
coolbugcheckers AT gmail.com
|
|
Apparently some NIS implementations can leave pw->pw_passwd (or the
shadow equivalent) NULL.
bz#2909; based on patch from Todd Eigenschink
|
|
|
|
Polyfill missing API with replacement functions extracted from LibreSSL
|
|
Patch from jjelen at redhat via bz#2687. (OpenSSH never calls
setproctitle with a null format so len is always initialized).
|
|
Patch from jjelen at redhat via bz#2687.
|
|
remove obsolete and un-needed include
|
|
Further header file standarization in Cygwin uncovered a lazy
indirect include in bsd-cygwin_util.c
Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
|
|
|
|
Truncation cannot happen unless the system has set PATH_MAX to some
nonsensically low value.
bz#2862, patch from Daniel Le
|
|
Prevents macro redefinition warnings on OSX.
|
|
OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
|
|
Fixes build with -Werror on at least Fedora and probably others.
|
|
|
|
Do not write to bufsiz until we are sure the malloc has succeeded,
in case any callers rely on it (which they shouldn't). ok djm@
|
|
Add getline for the benefit of platforms that don't have it. Sourced
from NetBSD (OpenBSD's implementation is a little too chummy with the
internals of FILE).
|
|
revision 1.17
date: 2018/05/14 04:39:04; author: djm; state: Exp; lines: +5 -2;
commitid: 53zY8GjViUBnWo8Z;
constrain fractional part to [0-9] (less confusing to static analysis); ok ian@
|
|
This ensures it picks up the definition of DEF_WEAK, the lack of which
can cause compile errors in some cases (eg modern AIX). From
michael at felt.demon.nl.
|
|
bz2855, ok dtucker@
|
|
Only applies when built --without-openssl. Thanks Jann Horn for
reminder.
|