|
Revision tags: release/13.4.0-p5, release/13.5.0-p1, release/14.2.0-p3, release/13.5.0, release/14.2.0-p2, release/14.1.0-p8, release/13.4.0-p4, release/14.1.0-p7, release/14.2.0-p1, release/13.4.0-p3, release/14.2.0, release/13.4.0, release/14.1.0, release/13.3.0, release/14.0.0, release/13.2.0, release/12.4.0, release/13.1.0, release/12.3.0 |
|
| #
6eac665c |
| 02-Sep-2021 |
Ed Maste <[email protected]> |
openssh: diff reduction against upstream 7.9p1
Clean up whitespace and nonfunctional differences, and unused functions.
|
| #
27ceebbc |
| 31-Aug-2021 |
Ed Maste <[email protected]> |
openssh: simplify login class restrictions
Login class-based restrictions were introduced in 5b400a39b8ad. The
code was adapted for sshd's Capsicum sandbox and received many changes
over time, incl
openssh: simplify login class restrictions
Login class-based restrictions were introduced in 5b400a39b8ad. The
code was adapted for sshd's Capsicum sandbox and received many changes
over time, including at least fc3c19a9fcee, bd393de91cc3, and
e8c56fba2926.
During an attempt to upstream the work a much simpler approach was
suggested. Adopt it now in the in-tree OpenSSH to reduce conflicts with
future updates.
Submitted by: Yuchiro Naito (against OpenSSH-portable on GitHub)
Obtained from: https://github.com/openssh/openssh-portable/pull/262
Reviewed by: allanjude, kevans
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D31760
show more ...
|
|
Revision tags: release/13.0.0, release/12.2.0, release/11.4.0, release/12.1.0, release/11.3.0, release/12.0.0 |
|
| #
bd393de9 |
| 09-Oct-2018 |
Dag-Erling Smørgrav <[email protected]> |
Fix portability issues with the Capsicum patch committed in r339216:
- Wrap access to pw_change and pw_expire in the appropriate #ifdefs.
- Wrap calls to login_cap(3) API in appropriate #ifdefs.
- A
Fix portability issues with the Capsicum patch committed in r339216:
- Wrap access to pw_change and pw_expire in the appropriate #ifdefs.
- Wrap calls to login_cap(3) API in appropriate #ifdefs.
- Add wrapper for transferring time_t, which is still only 32 bits wide
on FreeBSD i386.
- Use a temporary variable to deserialize size_t.
Approved by: re (gjb)
show more ...
|
| #
fc3c19a9 |
| 06-Oct-2018 |
Ed Maste <[email protected]> |
sshd: address capsicum issues
* Add a wrapper to proxy login_getpwclass(3) as it is not allowed in
capability mode.
* Cache timezone data via caph_cache_tzdata() as we cannot access the
timezone
sshd: address capsicum issues
* Add a wrapper to proxy login_getpwclass(3) as it is not allowed in
capability mode.
* Cache timezone data via caph_cache_tzdata() as we cannot access the
timezone file.
* Reverse resolve hostname before entering capability mode.
PR: 231172
Submitted by: [email protected]
Reviewed by: cem, des
Approved by: re (rgrimes)
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D17128
show more ...
|