| Age | Commit message (Collapse) | Author |
|---|
|
There is no reason to check the version of OpenSSL (in Debian). If it's
not compatible the soname will change. OpenSSH seems to want to do a
check for the soname based on the version number, but wants to keep the
status of the release the same. Remove that check on the status since
it doesn't tell you anything about how compatible that version is.
Author: Colin Watson <cjwatson@debian.org>
Bug-Debian: https://bugs.debian.org/93581
Bug-Debian: https://bugs.debian.org/664383
Bug-Debian: https://bugs.debian.org/732940
Forwarded: not-needed
Last-Update: 2014-10-07
Patch-Name: no-openssl-version-status.patch
|
|
This allows SSHFP DNS records to be verified if glibc 2.11 is installed.
Origin: vendor, https://cvs.fedoraproject.org/viewvc/F-12/openssh/openssh-5.2p1-edns.patch?revision=1.1&view=markup
Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572049
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572049
Last-Update: 2010-04-06
Patch-Name: dnssec-sshfp.patch
|
|
Rejected upstream due to discomfort with magic usernames; a better approach
will need an SSH protocol change. In the meantime, this came from Debian's
SELinux maintainer, so we'll keep it until we have something better.
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641
Bug-Debian: http://bugs.debian.org/394795
Last-Update: 2018-08-24
Patch-Name: selinux-role.patch
|
|
Missing last argument to OPENSSL_init_crypto()
|
|
OpenSSL 1.1.x soft-deprecated OPENSSL_config in favour of
OPENSSL_init_crypto; pointed out by Jakub Jelen
|
|
Don't let systems with broken printf(3) avoid our replacements
via asprintf(3)/vasprintf(3) calling libc internally. From djm@
|
|
probably unreachable on this platform; pointed out by
coolbugcheckers AT gmail.com
|
|
Apparently some NIS implementations can leave pw->pw_passwd (or the
shadow equivalent) NULL.
bz#2909; based on patch from Todd Eigenschink
|
|
|
|
Polyfill missing API with replacement functions extracted from LibreSSL
|
|
Patch from jjelen at redhat via bz#2687. (OpenSSH never calls
setproctitle with a null format so len is always initialized).
|
|
Patch from jjelen at redhat via bz#2687.
|
|
remove obsolete and un-needed include
|
|
Further header file standarization in Cygwin uncovered a lazy
indirect include in bsd-cygwin_util.c
Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
|
|
|
|
Truncation cannot happen unless the system has set PATH_MAX to some
nonsensically low value.
bz#2862, patch from Daniel Le
|
|
Prevents macro redefinition warnings on OSX.
|
|
OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
|
|
Fixes build with -Werror on at least Fedora and probably others.
|
|
|
|
Do not write to bufsiz until we are sure the malloc has succeeded,
in case any callers rely on it (which they shouldn't). ok djm@
|
|
Add getline for the benefit of platforms that don't have it. Sourced
from NetBSD (OpenBSD's implementation is a little too chummy with the
internals of FILE).
|
|
revision 1.17
date: 2018/05/14 04:39:04; author: djm; state: Exp; lines: +5 -2;
commitid: 53zY8GjViUBnWo8Z;
constrain fractional part to [0-9] (less confusing to static analysis); ok ian@
|
|
This ensures it picks up the definition of DEF_WEAK, the lack of which
can cause compile errors in some cases (eg modern AIX). From
michael at felt.demon.nl.
|
|
bz2855, ok dtucker@
|
|
Only applies when built --without-openssl. Thanks Jann Horn for
reminder.
|
|
Spotted using https://github.com/lucasdemarchi/codespell
|
|
On at least some revisions of AIX, strndup returns unterminated strings
under some conditions, apparently because strnlen returns incorrect
values in those cases. Disable both on AIX and use the replacements
from openbsd-compat. Fixes problem with ECDSA keys there, ok djm.
|
|
struct ssh is needed by implementations of sys_auth_passwd() that were
converted in commit bba02a50. Needed to fix build on AIX, I assume for
the other platforms too (although it should be harmless if not needed).
|
|
Fixes compile error on AIX.
|
|
modified: openbsd-compat/port-aix.c
modified: openbsd-compat/port-uw.c
propogate changes to auth-passwd.c in commit
7c856857607112a3dfe6414696bf4c7ab7fb0cb3 to other providers
of sys_auth_passwd()
|
|
Some really old platforms (eg SunOS4) segfault on fflush(NULL) so check
for and work around. With klausz at haus-gisela.de.
|
|
Some platforms don't have strndup, which includes Solaris 10, NetBSD 3
and FreeBSD 6.
|
|
This will make maintenance and changes easier. "no objection" tim@
|
|
|
|
|
|
Also a couple of minor changes: fail if we can't lock instead of
silently succeeding, and apply a couple of minor style fixes.
|
|
From NetBSD's src/trunk/tools/compat/flock.c, no OpenSSH changes yet.
|
|
Use string_to_security_class() instead.
|
|
AC_FUNC_GETPGRP tests if getpgrp(0) works, which it does if it's not
declared. Instead, test if the zero-arg version we want to use works.
|
|
|
|
|
|
Configure assumes that if malloc(0) returns null then calloc(0,n)
also does. On some old platforms (SunOS4) malloc behaves as expected
(as determined by AC_FUNC_MALLOC) but calloc doesn't. Test for this
at configure time and activate the replacement function if found, plus
handle this case in rpl_calloc.
|
|
|
|
|
|
Since explicit_bzero uses it via an indirect it needs to be a function
not just a macro.
|
|
|
|
|
|
The code required to support it is quite invasive to the mainline
code that is synced with upstream and is an ongoing maintenance burden.
Both the hardware and software are literal museum pieces these days and
we could not find anyone still running OpenSSH on one.
|
|
|
