VirtualBox introduced a restriction on the valid range for hostonly
networks. When using a version of VirtualBox which includes this
restriction a check is performed on the defined IP address to validate
it is within either the default range (as defined in the VirtualBox
documentation) or the values defined in the network configuration
file.
Set flag on RSA keys of deprecated RSA SHA1 support when loading
keys based on server version of the transport. This ensures keys
are properly flagged. Flag name has been updated to provide context
on usage.
Version matching on the OpenSSH server version has also been updated
to handle customized naming in the version string (as seen in the
Windows port) and to properly handle when no match is found.
Fixes#12344#12408#12381
Keep the constraint on net-ssh tight so we can be confident that the
patching will be successful and that a net-ssh release won't inadvertently
cause our local updates to become non-functional.
Fix patch to only update the behavior for RSA based keys when the server
is recent enough to include the signature changes
Modifies `OpenSSL::PKey::RSA` to provide a `#signature_algorithm`
method which provides the signature algorithm value expected by
OpenSSH. The `#ssh_do_sign` method is updated to use the set
algorithm (SHA256) and `#to_blob` is updated to include the
signature algorithm instead of the key type.
Parts of the stdlib which have been externalized but are still
included within Ruby introduce issues when pinning Vagrant's
dependencies to resolve plugin installs. When determining
Vagrant's dependency list prior to solution generation, check
the specification and ignore any default gems to prevent
pinning versions that are not actual dependencies.
When uploading box file, check if the size is greater than
5GB. If the size is larger and the direct to storage option
is enabled, disable the option due to current 5GB restriction
on direct uploads.
This also checks if the redirect notification has been displayed
before inspecting the source and location to prevent repeat checks
after the notification has been sent.
This sets the `authenticate_box_url` hook as deprecated and also
disables the cloud auth middleware from adding an access token
as a URL parameter by default. An environment variable has been
added which can be used for re-enabling the access token URL
parameter behavior if required for some legacy system which does
not support the authorization header.
