freebsd-skq/crypto
Ed Maste afde517053 scp: validate filenames provided by server against wildcard in client
OpenSSH-portable commits:

check in scp client that filenames sent during remote->local directory
copies satisfy the wildcard specified by the user.

This checking provides some protection against a malicious server
sending unexpected filenames, but it comes at a risk of rejecting wanted
files due to differences between client and server wildcard expansion rules.

For this reason, this also adds a new -T flag to disable the check.

reported by Harry Sintonen
fix approach suggested by markus@;
has been in snaps for ~1wk courtesy deraadt@

OpenBSD-Commit-ID: 00f44b50d2be8e321973f3c6d014260f8f7a8eda

Minor patch conflict (getopt) resolved.

Obtained from: OpenSSH-portable 391ffc4b9d31fa1f4ad566499fef9176ff8a07dc

scp: add -T to usage();

OpenBSD-Commit-ID: a7ae14d9436c64e1bd05022329187ea3a0ce1899

Obtained from: OpenSSH-portable 2c21b75a7be6ebdcbceaebb43157c48dbb36f3d8

PR:		234965
Approved by:	des
MFC after:	3 days
Obtained from:	OpenSSH-portable 391ffc4b9d, 2c21b75a7b
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D19076
2019-02-21 22:45:54 +00:00
..
heimdal Remove unused sqlite3 bundled with heimdal. 2019-01-09 01:09:42 +00:00
openssh scp: validate filenames provided by server against wildcard in client 2019-02-21 22:45:54 +00:00
openssl Do not complain when /dev/crypto does not exist. 2018-12-14 01:06:34 +00:00
README

$FreeBSD$

This directory is for the EXACT same use as src/contrib, except it
holds crypto sources.  In other words, this holds raw sources obtained
from various third party vendors, with FreeBSD patches applied.  No
compilation is done from this directory, it is all done from the
src/secure directory.  The separation between src/contrib and src/crypto
is the result of an old USA law, which made these sources export
controlled, so they had to be kept separate.