To prevent screwing up terminal settings on windows when printing to the terminal, turn off the virtual termial before print out to console. The file call these funtions are from scp.c, sftp.c and sshconnect(calls smprintf). The virtual termial are not enabled in scp and sftp. turn off it in vfmprintf is enough for now.
remove /usr/bin/time calls around tests, makes diffing test
runs harder. Based on patch from Mike Frysinger
Upstream-Regress-ID: 81c1083b14dcf473b23d2817882f40b346ebc95c
Creating the socket in $OBJ could blow past the (quite limited)
path limit for Unix domain sockets. As a bandaid for bz#2660,
reported by Colin Watson; ok dtucker@
fix regression in 7.4: deletion of PKCS#11-hosted keys
would fail unless they were specified by full physical pathname. Report and
fix from Jakub Jelen via bz#2682; ok dtucker@
Upstream-ID: 5b5bc20ca11cacb5d5eb29c3f93fd18425552268
Fix segfault when sshd attempts to load RSA1 keys (can
only happen when protocol v.1 support is enabled for the client). Reported by
Jakub Jelen in bz#2686; ok dtucker
Upstream-ID: 8fdaec2ba4b5f65db1d094f6714ce64b25d871d7
Mark the sshd_config UsePrivilegeSeparation option as
deprecated, effectively making privsep mandatory in sandboxing mode. ok
markus@ deraadt@
(note: this doesn't remove the !privsep code paths, though that will
happen eventually).
Upstream-ID: b4c52666256c4dd865f8ce9431af5d6ce2d74a0a
1. Deploy the key files to separate folder to avoid overwriting.
2. Enable hostkeys and kex unit tests.
3. Generate debug info in pdb
4. minor update on snmprintf
Allow clock_gettime syscall with X32 bit masked off. Apparently
this is required for at least some kernel versions. bz#2142
Patch mostly by Colin Watson. ok dtucker@
This stops the SC_ALLOW(), SC_ALLOW_ARG() and SC_DENY() macros
prepending __NR_ to the syscall number parameter and just makes
them explicit in the macro invocations.
No binary change in stripped object file before/after.
Check for integer overflow when parsing times in
convtime(). Reported by nicolas.iooss at m4x.org, ok djm@
Upstream-ID: 35e6a4e98f6fa24df50bfb8ba1307cf70e966f13
Syscall arguments are passed via an array of 64-bit values in struct
seccomp_data, but we were only inspecting the bottom 32 bits and not
even those correctly for BE systems.
Fortunately, the only case argument inspection was used was in the
socketcall filtering so using this for sandbox escape seems
impossible.
ok dtucker
Manoj Ampalam
bagajjal
Yanbing
Darren Tucker
Damien Miller
djm@openbsd.org
markus@openbsd.org
deraadt@openbsd.org
dtucker@openbsd.org