Age | Commit message (Collapse) | Author |
|
Rejected upstream due to discomfort with magic usernames; a better approach
will need an SSH protocol change. In the meantime, this came from Debian's
SELinux maintainer, so we'll keep it until we have something better.
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641
Bug-Debian: http://bugs.debian.org/394795
Last-Update: 2019-06-05
Patch-Name: selinux-role.patch
|
|
It's not needed, and is not available from the call site in loginrec.c
Should only affect AIX, spotted by Kevin Brott.
|
|
Spotted by Kevin Brott.
|
|
|
|
Fixes build on systems that don't have it (Solaris <=9) Found by
Tom G. Christensen.
|
|
The latter checks for memory exhaustion and integer overflow and may be
at a less predictable place. Sanity check by vinschen at redhat.com, ok
djm@
|
|
Patch from vinschen at redhat.com, updated a little by me.
|
|
The previous revert enabled case-insensitive user names again. This
patch implements the case-insensitive user and group name matching.
To allow Unicode chars, implement the matcher using wchar_t chars in
Cygwin-specific code. Keep the generic code changes as small as possible.
Cygwin: implement case-insensitive Unicode user and group name matching
Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
|
|
|
|
This reverts commit acc9b29486dfd649dfda474e5c1a03b317449f1c.
Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
|
|
Prevents macro redefinition warning on at least NetBSD 6.1.
|
|
|
|
Fixes builds on at least OS X Lion, NetBSD 6 and Solaris 10.
|
|
Some systems (eg older OS X) do not have utimensat, so provide minimal
implementation in compat layer. Fixes build on at least El Capitan.
|
|
|
|
Try the new init function (OPENSSL_init_crypto) before falling back to
the old one (OpenSSL_add_all_algorithms).
|
|
Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually
supports it.
Move all libcrypto initialisation to a single function, and call that
from seed_rng() that is called early in each tool's main().
Prompted by patch from Rosen Penev
|
|
Check for the presence of OPENSSL_init_crypto and all the flags we want
before trying to use it (bz#2931).
|
|
Both INSTALL and configure.ac claim OpenSSL >= 1.0.1 is supported; fix
compile-time check for 1.0.1 to match.
|
|
ECDSA code in openssh-compat.h and libressl-api-compat.c needs to be
guarded by OPENSSL_HAS_ECC
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
|
|
|
Use detected functions in compat layer instead of guessing based on
versions. Really fixes builds with LibreSSL, not just configure.
|
|
I thought OpenSSL 1.0.x offered the new-style OpenSSL_version_num() API
to obtain version number, but they don't.
|
|
bz#2921, patch from cotequeiroz
|
|
Missing last argument to OPENSSL_init_crypto()
|
|
OpenSSL 1.1.x soft-deprecated OPENSSL_config in favour of
OPENSSL_init_crypto; pointed out by Jakub Jelen
|
|
Don't let systems with broken printf(3) avoid our replacements
via asprintf(3)/vasprintf(3) calling libc internally. From djm@
|
|
probably unreachable on this platform; pointed out by
coolbugcheckers AT gmail.com
|
|
Apparently some NIS implementations can leave pw->pw_passwd (or the
shadow equivalent) NULL.
bz#2909; based on patch from Todd Eigenschink
|
|
|
|
Polyfill missing API with replacement functions extracted from LibreSSL
|
|
Patch from jjelen at redhat via bz#2687. (OpenSSH never calls
setproctitle with a null format so len is always initialized).
|
|
Patch from jjelen at redhat via bz#2687.
|
|
remove obsolete and un-needed include
|
|
Further header file standarization in Cygwin uncovered a lazy
indirect include in bsd-cygwin_util.c
Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
|
|
|
|
Truncation cannot happen unless the system has set PATH_MAX to some
nonsensically low value.
bz#2862, patch from Daniel Le
|
|
Prevents macro redefinition warnings on OSX.
|
|
OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
|
|
Fixes build with -Werror on at least Fedora and probably others.
|
|
|
|
Do not write to bufsiz until we are sure the malloc has succeeded,
in case any callers rely on it (which they shouldn't). ok djm@
|
|
Add getline for the benefit of platforms that don't have it. Sourced
from NetBSD (OpenBSD's implementation is a little too chummy with the
internals of FILE).
|
|
revision 1.17
date: 2018/05/14 04:39:04; author: djm; state: Exp; lines: +5 -2;
commitid: 53zY8GjViUBnWo8Z;
constrain fractional part to [0-9] (less confusing to static analysis); ok ian@
|
|
This ensures it picks up the definition of DEF_WEAK, the lack of which
can cause compile errors in some cases (eg modern AIX). From
michael at felt.demon.nl.
|
|
bz2855, ok dtucker@
|
|
Only applies when built --without-openssl. Thanks Jann Horn for
reminder.
|
|
Spotted using https://github.com/lucasdemarchi/codespell
|
|
On at least some revisions of AIX, strndup returns unterminated strings
under some conditions, apparently because strnlen returns incorrect
values in those cases. Disable both on AIX and use the replacements
from openbsd-compat. Fixes problem with ECDSA keys there, ok djm.
|
|
struct ssh is needed by implementations of sys_auth_passwd() that were
converted in commit bba02a50. Needed to fix build on AIX, I assume for
the other platforms too (although it should be harmless if not needed).
|