| Age | Commit message (Collapse) | Author |
|---|
|
There is no reason to check the version of OpenSSL (in Debian). If it's
not compatible the soname will change. OpenSSH seems to want to do a
check for the soname based on the version number, but wants to keep the
status of the release the same. Remove that check on the status since
it doesn't tell you anything about how compatible that version is.
Author: Colin Watson <cjwatson@debian.org>
Bug-Debian: https://bugs.debian.org/93581
Bug-Debian: https://bugs.debian.org/664383
Bug-Debian: https://bugs.debian.org/732940
Forwarded: not-needed
Last-Update: 2014-10-07
Patch-Name: no-openssl-version-status.patch
|
|
This allows SSHFP DNS records to be verified if glibc 2.11 is installed.
Origin: vendor, https://cvs.fedoraproject.org/viewvc/F-12/openssh/openssh-5.2p1-edns.patch?revision=1.1&view=markup
Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572049
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572049
Last-Update: 2010-04-06
Patch-Name: dnssec-sshfp.patch
|
|
Rejected upstream due to discomfort with magic usernames; a better approach
will need an SSH protocol change. In the meantime, this came from Debian's
SELinux maintainer, so we'll keep it until we have something better.
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641
Bug-Debian: http://bugs.debian.org/394795
Last-Update: 2020-02-21
Patch-Name: selinux-role.patch
|
|
The point of the dummy declaration is so that MAKE_CLONE(...) can have
a trailing semicolon without introducing an empty declaration. So,
the macro replacement text should *not* have a trailing semicolon,
just like DEF_WEAK.
|
|
|
|
|
|
|
|
We switched the main code to use sigaction(), so the wrapper is no
longer used.
|
|
sigaction(2). This wrapper blocks all other signals during the handler
preventing races between handlers, and sets SA_RESTART which should reduce
the potential for short read/write operations.
OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519
|
|
Make struct timespec test consistent with existing timeval test.
Include time.h for timespec in compat header where required.
|
|
RIPEMD160 support was removed upstream in 2017, however we still had
a configure test and compat code for it, so clean those up now.
|
|
If the system (or one of the dependencies) implements memmem but does
not define the header, we would not declare it either resulting in
compiler warnings. Check for declaration explicitly. bz#3102.
|
|
This lets it pick up the -L path to libcrypto for example.
|
|
Check for -fPIC support from compiler
Compile libopenbsd-compat -fPIC
Don't mix -fPIE and -fPIC when compiling
|
|
revision 1.48
date: 2019/02/04 16:45:40; author: millert; state: Exp; lines: +16 -17; commitid: cpNtVC7erojNyctw;
Make gl_pathc, gl_matchc and gl_offs size_t in glob_t to match POSIX.
This requires a libc major version bump. OK deraadt@
|
|
revision 1.47
date: 2017/05/08 14:53:27; author: millert; state: Exp; lines: +34 -21; commitid: sYfxfyUHAfarP8sE;
Fix exponential CPU use with repeated '*' operators by changing '*'
handling to be interative instead of recursive.
Fix by Yves Orton, ported to OpenBSD glob.c by Ray Lai. OK tb@
|
|
revision 1.46
date: 2015/12/28 22:08:18; author: mmcc; state: Exp; lines: +5 -9; commitid: 0uXuF2O13NH9q2e1;
Remove NULL-checks before free() and a few related dead assignments.
ok and valuable input from millert@
|
|
revision 1.44
date: 2015/09/14 16:09:13; author: tedu; state: Exp; lines: +3 -5; commitid: iWfSX2BIn0sLw62l;
remove null check before free. from Michael McConville
ok semarie
|
|
revision 1.43
date: 2015/06/13 16:57:04; author: deraadt; state: Exp; lines: +4 -4; commitid: zOUKuqWBdOPOz1SZ;
in glob() initialize the glob_t before the first failure check.
from j@pureftpd.org
ok millert stsp
|
|
revision 1.42
date: 2015/02/05 12:59:57; author: millert; state: Exp; lines: +2 -1; commitid: DTQbfd4poqBW8iSJ;
Include stdint.h, not limits.h to get SIZE_MAX. OK guenther@
|
|
revision 1.41
date: 2014/10/08 05:35:27; author: deraadt; state: Exp; lines: +3 -3; commitid: JwTGarRLHQKDgPh2;
obvious realloc -> reallocarray conversion
|
|
revision 1.40
date: 2013/09/30 12:02:34; author: millert; state: Exp; lines: +14 -15;
Use PATH_MAX, NAME_MAX and LOGIN_NAME_MAX not MAXPATHNAMELEN,
MAXNAMLEN or MAXLOGNAME where possible. OK deraadt@
|
|
revision 1.39
date: 2012/01/20 07:09:42; author: tedu; state: Exp; lines: +4 -4;
the glob stat limit is way too low. bump to 2048.
while here, failed stats should count against the limit too.
ok deraadt sthen stsp
|
|
Prevents compile errors due to missing definitions (eg va_list) on
non-AIX platforms.
|
|
.. since we use symbols defined only when it is when using the compat
fnmatch.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Since utimensat uses struct timespec, move it to the section where we
define struct timespec when needed.
|
|
This makes mysignal implement reliable BSD semantics according to
Stevens' APUE. This was first attempted in 2001 but was reverted
due to problems with HP-UX 10.20 and select() and possibly grantpt().
Modern systems should be fine with it, but if any current platforms have
a problem with it now we can disable it just for those. ok djm@
|
|
Fixes build on IRIX. bz#3081.
|
|
Similar to the previous change to DEF_WEAK, some compilers don't like
the empty statement, so convert into a no-op function prototype.
|
|
spotted by Tim Rice; ok dtucker
|
|
Patch from vapier@gentoo.org.
|
|
from likan_999.student AT sina.com
|
|
Dropping this privilege removes the ability to create hard links to
files owned by other users. This is required for the legacy sftp rename
operation.
bz#3036; approach ok Alex Wilson (the original author of the Solaris
sandbox/pledge replacement code)
|
|
Refactor closefrom() to use a single brute-force close() loop fallback.
Based on patch from likan_999.student@sina.com in bz#3049. ok dtucker@
|
|
There is no parameter called "pathname", it should simply be "path".
bz#3059, patch from samuel at cendio.se.
|
|
Patch from jitendra.sharma at intel.com.
|
|
|
|
It's not needed on -portable (that's handled by includes.h) and not all
platforms have it.
|
|
Rather than attempt to apply 14 years' worth of changes to OpenBSD's sha2
I imported the current versions directly then re-applied the portability
changes. This also allowed re-syncing digest-libc.c against upstream.
|
|
These are not changed from their original state, the next commit will
re-apply the portable changes.
|
|
Remove PRIV_PROC_SESSION which was limiting ability to send SIGWINCH
signals to other sessions. bz#3030; report and fix from Darren Moffat
|
|
|
