To prevent screwing up terminal settings on windows when printing to the terminal, turn off the virtual termial before print out to console. The file call these funtions are from scp.c, sftp.c and sshconnect(calls smprintf). The virtual termial are not enabled in scp and sftp. turn off it in vfmprintf is enough for now.
remove /usr/bin/time calls around tests, makes diffing test
runs harder. Based on patch from Mike Frysinger
Upstream-Regress-ID: 81c1083b14dcf473b23d2817882f40b346ebc95c
Creating the socket in $OBJ could blow past the (quite limited)
path limit for Unix domain sockets. As a bandaid for bz#2660,
reported by Colin Watson; ok dtucker@
fix regression in 7.4: deletion of PKCS#11-hosted keys
would fail unless they were specified by full physical pathname. Report and
fix from Jakub Jelen via bz#2682; ok dtucker@
Upstream-ID: 5b5bc20ca11cacb5d5eb29c3f93fd18425552268
Fix segfault when sshd attempts to load RSA1 keys (can
only happen when protocol v.1 support is enabled for the client). Reported by
Jakub Jelen in bz#2686; ok dtucker
Upstream-ID: 8fdaec2ba4b5f65db1d094f6714ce64b25d871d7
Mark the sshd_config UsePrivilegeSeparation option as
deprecated, effectively making privsep mandatory in sandboxing mode. ok
markus@ deraadt@
(note: this doesn't remove the !privsep code paths, though that will
happen eventually).
Upstream-ID: b4c52666256c4dd865f8ce9431af5d6ce2d74a0a
1. Deploy the key files to separate folder to avoid overwriting.
2. Enable hostkeys and kex unit tests.
3. Generate debug info in pdb
4. minor update on snmprintf
Allow clock_gettime syscall with X32 bit masked off. Apparently
this is required for at least some kernel versions. bz#2142
Patch mostly by Colin Watson. ok dtucker@
This stops the SC_ALLOW(), SC_ALLOW_ARG() and SC_DENY() macros
prepending __NR_ to the syscall number parameter and just makes
them explicit in the macro invocations.
No binary change in stripped object file before/after.
Check for integer overflow when parsing times in
convtime(). Reported by nicolas.iooss at m4x.org, ok djm@
Upstream-ID: 35e6a4e98f6fa24df50bfb8ba1307cf70e966f13
Syscall arguments are passed via an array of 64-bit values in struct
seccomp_data, but we were only inspecting the bottom 32 bits and not
even those correctly for BE systems.
Fortunately, the only case argument inspection was used was in the
socketcall filtering so using this for sandbox escape seems
impossible.
ok dtucker
#576 - fix the EVENT_CONSOLE_CARET issue.. Wrongly read the X, Y coordinates
#575 - when backspace key is pressed then screen is not refreshed correctly
#574 - when delete key is pressed then screen is not refreshed correctly (the last character is repeated in the end)
#573 - while using up/down arrows, screen is not refreshed correctly (there are some left over characters of bigger command)
#572 - clear screen is not clearing the whole console
#571 - Move the cursor to top of visible window so that nothing will be erased on the console.
#570 - code cleanup for console related logic
#569 - wrong implementation of TIOCGWINSZ. This is causing lot of issues when windows open ssh client is connecting to linux ssh server.
#568 - Scrolling issue when the cursor is at the last line of the visible window.
#567 - Logic to pass the raw buffer to console is wrong.
regress tests for loading certificates without public keys;
bz#2617 based on patch from Adam Eijdenberg; ok markus@ dtucker@
Upstream-Regress-ID: 0145d19328ed995b73fe2d9da33596b17429d0d0
allow ssh to use certificates accompanied by a private
key file but no corresponding plain *.pub public key. bz#2617 based on patch
from Adam Eijdenberg; ok dtucker@ markus@
Upstream-ID: 295668dca2c39505281577217583ddd2bd4b00b9
bagajjal
Yanbing
Manoj Ampalam
Darren Tucker
Damien Miller
djm@openbsd.org
markus@openbsd.org
deraadt@openbsd.org
dtucker@openbsd.org