tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,260 Commits 6 Branches 20 Tags 97 MiB
Commit Graph

615 Commits

Author SHA1 Message Date
Darren Tucker 5f41f030e2 Remove NO_IPPORT_RESERVED_CONCEPT 
Replace by defining IPPORT_RESERVED to zero on Cygwin, which should have
the same effect without causing problems syncing patches with OpenBSD.
Resync the two affected functions with OpenBSD.  ok djm, sanity checked
by Corinna.
 2016-04-08 21:21:27 +10:00
Darren Tucker b3413534aa Tidy up openssl header test. 2016-04-04 11:09:21 +10:00
Darren Tucker 815bcac0b9 Fix configure-time warnings for openssl test. 2016-04-04 11:07:59 +10:00
Damien Miller 39f303b1f3 fix sandbox on OSX Lion 
sshd was failing with:

ssh_sandbox_child: sandbox_init: dlopen(/usr/lib/libsandbox.1.dylib, 261):cw
  image not found [preauth]

caused by chroot before sandboxing. Avoid by explicitly linking libsandbox
to sshd. Spotted by Darren.
 2016-02-23 12:58:53 +11:00
Darren Tucker 907091acb1 Make Solaris privs code build on older systems. 
Not all systems with Solaris privs have priv_basicset so factor that
out and provide backward compatibility code.  Similarly, not all have
PRIV_NET_ACCESS so wrap that in #ifdef.  Based on code from
alex at cooperi.net and djm@ with help from carson at taltos.org and
wieland at purdue.edu.
 2016-02-19 09:05:39 +11:00
Darren Tucker 2fee909c3c Look for gethostbyname in libresolv and libnsl. 
Should fix build problem on Solaris 2.6 reported by Tom G. Christensen.
 2016-02-17 09:48:15 +11:00
Damien Miller 4626cbaf78 Support Illumos/Solaris fine-grained privileges 
Includes a pre-auth privsep sandbox and several pledge()
emulations. bz#2511, patch by Alex Wilson.

ok dtucker@
 2016-01-08 14:29:12 +11:00
Darren Tucker b5fa0cd735 Allow --without-ssl-engine with --without-openssl 
Patch from Mike Frysinger via github.
 2015-12-15 15:10:32 +11:00
Darren Tucker c1d7e546f6 Include openssl crypto.h for SSLeay. 
Patch from doughdemon via github.
 2015-12-15 14:27:09 +11:00
Darren Tucker 3ddd15e1b6 Add a null implementation of pledge. 
Fixes builds on almost everything.
 2015-11-30 07:23:53 +11:00
Darren Tucker 1560596f44 Fix compiler warnings in the openssl header check. 
Noted by Austin English.
 2015-11-10 11:14:47 +11:00
Damien Miller fafe1d84a2 s/SANDBOX_TAME/SANDBOX_PLEDGE/g 2015-10-14 09:22:15 -07:00
deraadt@openbsd.org 2539dce2a0 upstream commit 
Change all tame callers to namechange to pledge(2).

Upstream-ID: 17e654fc27ceaf523c60f4ffd9ec7ae4e7efc7f2
 2015-10-14 03:22:08 +11:00
Damien Miller 9846a2f406 hook tame(2) sandbox up to build 
OpenBSD only for now
 2015-10-08 04:30:48 +11:00
Darren Tucker 366bada1e9 Correct default value for --with-ssh1. 
bz#2457, from konto-mindrot.org at walimnieto.com.
 2015-09-11 13:33:23 +10:00
Darren Tucker 7ad8b287c8 Force resolution of _res for correct detection. 
bz#2259, from sconeu at yahoo.com.
 2015-09-11 13:11:02 +10:00
Damien Miller f498a98cf8 don't check for yp_match; ok tim@ 2015-09-03 09:11:22 +10:00
Darren Tucker d3e2aee414 Check if realpath works on nonexistent files. 
On some platforms the native realpath doesn't work with non-existent
files (this is actually specified in some versions of POSIX), however
the sftp spec says its realpath with "canonicalize any given path name".
On those platforms, use realpath from the compat library.

In addition, when compiling with -DFORTIFY_SOURCE, glibc redefines
the realpath symbol to the checked version, so redefine ours to
something else so we pick up the compat version we want.

bz#2428, ok djm@
 2015-07-17 12:58:02 +10:00
djm@openbsd.org 564d63e1b4 upstream commit 
Compile-time disable SSH v.1 again

Upstream-ID: 1d4b513a3a06232f02650b73bad25100d1b800af
 2015-07-15 15:24:40 +10:00
Damien Miller 37035c07d4 s/--with-ssh1/--without-ssh1/ 2015-07-01 10:49:37 +10:00
Damien Miller 5c15e22c69 fix syntax error 2015-06-18 15:07:56 +10:00
Damien Miller 99f33d7304 aarch64 support for seccomp-bpf sandbox 
Also resort and tidy syscall list. Based on patches by Jakub Jelen
bz#2361; ok dtucker@
 2015-06-17 10:50:51 +10:00
Tim Rice 6397eedf95 Remove unneeded backslashes. Patch from Ángel González 2015-06-03 21:41:11 -07:00
Damien Miller 0c2a81dfc2 re-enable SSH protocol 1 at compile time 2015-05-29 17:08:28 +10:00
Darren Tucker 408f4c2ad4 Look for '${host}-ar' before 'ar'. 
This changes configure.ac to look for '${host}-ar' as set by
AC_CANONICAL_HOST before looking for the unprefixed 'ar'.
Useful when cross-compiling when all your binutils are prefixed.

Patch from moben at exherbo org via astrand at lysator liu se and
bz#2352.
 2015-04-17 09:39:58 +10:00
djm@openbsd.org 2aa9da1a3b upstream commit 
Compile-time disable SSH protocol 1. You can turn it
 back on using the Makefile.inc knob if you need it to talk to ancient
 devices.
 2015-03-27 12:00:37 +11:00
Damien Miller 00797e86b2 check for crypt and DES_crypt in openssl block 
fixes builds on systems that use DES_crypt; based on patch
from Roumen Petrov
 2015-03-04 05:02:45 +11:00
Darren Tucker e50e8c97a9 Add null declaration of AI_NUMERICINFO. 
Some platforms (older FreeBSD and DragonFly versions) do have
getaddrinfo() but do not have AI_NUMERICINFO. so define it to zero
in those cases.
 2015-02-21 15:10:33 +11:00
Damien Miller 72ef7c148c support --without-openssl at configure time 
Disables and removes dependency on OpenSSL. Many features don't
work and the set of crypto options is greatly restricted. This
will only work on system with native arc4random or /dev/urandom.

Considered highly experimental for now.
 2015-01-15 02:28:36 +11:00
Damien Miller 76c0480a85 add --without-ssh1 option to configure 
Allows disabling support for SSH protocol 1.
 2015-01-13 19:38:18 +11:00
Darren Tucker 642652d280 Add reallocarray to compat library 2014-12-10 01:32:23 +11:00
Damien Miller 7d0ba53366 include version number in OpenSSL-too-old error 2014-10-30 10:45:41 +11:00
Damien Miller 3d673d103b - (djm) [openbsd-compat/explicit_bzero.c] implement explicit_bzero() 
using memset_s() where possible; improve fallback to indirect bzero
   via a volatile pointer to give it more of a chance to avoid being
   optimised away.
 2014-08-27 06:32:01 +10:00
Damien Miller d244a5816f - (djm) [configure.ac] We now require a working vsnprintf everywhere (not 
just for systems that lack asprintf); check for it always and extend
   test to catch more brokenness. Fixes builds on Solaris <= 9
 2014-08-23 17:06:49 +10:00
Damien Miller 394a60f259 - (djm) [configure.ac] double braces to appease autoconf 2014-08-22 18:06:20 +10:00
Damien Miller 6d62784b89 - (djm) [configure.ac] include leading zero characters in OpenSSL version 
number; fixes test for unsupported versions
 2014-08-22 17:36:19 +10:00
Damien Miller 2195847e50 - (djm) [configure.ac] Check OpenSSL version is supported at configure time; 
suggested by Kevin Brott
 2014-08-20 11:05:03 +10:00
Damien Miller 00f9cd2307 - (djm) [configure.ac] Delay checks for arc4random* until after libcrypto 
has been located; fixes builds agains libressl-portable
 2014-07-15 10:41:38 +10:00
Damien Miller 8da0fa2493 - (djm) [digest-openssl.c configure.ac] Disable RIPEMD160 if libcrypto 
doesn't support it.
 2014-07-03 11:54:19 +10:00
Darren Tucker f9696566fb - (dtucker) [configure.ac] Remove tcpwrappers support, support has already 
been removed from sshd.c.
 2014-06-13 11:06:04 +10:00
Damien Miller 6482d90a65 - (djm) [configure.ac openbsd-compat/bsd-cygwin_util.c] 
[openbsd-compat/bsd-cygwin_util.h] On Cygwin, determine privilege
         separation user at runtime, since it may need to be a domain account.
            Patch from Corinna Vinschen.
 2014-05-27 14:34:42 +10:00
Damien Miller 18912775cb - (djm) [commit configure.ac defines.h sshpty.c] don't attempt to use 
vhangup on Linux. It doens't work for non-root users, and for them
   it just messes up the tty settings.
 2014-05-21 17:06:46 +10:00
Damien Miller e5b9f0f2ee - (djm) [Makefile.in configure.ac sshbuf-getput-basic.c] 
[sshbuf-getput-crypto.c sshbuf.c] compilation and portability fixes
 2014-05-15 14:58:07 +10:00
Damien Miller b9c566788a - (djm) [configure.ac] Unconditionally define WITH_OPENSSL until we write 
portability glue to support building without libcrypto
 2014-05-15 14:43:37 +10:00
Tim Rice 03ae081aea 20140221 
- (tim) [configure.ac]  Fix cut-and-paste error. Patch from Bryan Drewery.
 2014-02-21 09:09:34 -08:00
Darren Tucker 4a20959d2e - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add compat 
code for older OpenSSL versions that don't have EVP_MD_CTX_copy_ex.
 2014-02-13 16:38:32 +11:00
Damien Miller 1d2c456426 - tedu@cvs.openbsd.org 2014/01/31 16:39:19 
[auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c]
     [channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c]
     [kexc25519.c krl.c monitor.c sandbox-systrace.c session.c]
     [sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c]
     [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h]
     replace most bzero with explicit_bzero, except a few that cna be memset
     ok djm dtucker
 2014-02-04 11:18:20 +11:00
Damien Miller f5bbd3b657 - (djm) [configure.ac atomicio.c] Kludge around NetBSD offering 
different symbols for 'read' when various compiler flags are
   in use, causing atomicio.c comparisons against it to break and
   read/write operations to hang; ok dtucker
 2014-01-30 11:26:46 +11:00
Damien Miller c2868192dd - (djm) [configure.ac] Only check for width-specified integer types 
in headers that actually exist. patch from Tom G. Christensen;
   ok dtucker@
 2014-01-30 10:21:19 +11:00
Damien Miller c161fc90fc - (djm) [configure.ac] Fix broken shell test '==' vs '='; patch from 
Tom G. Christensen
 2014-01-29 21:01:33 +11:00