Darwin's poll(2) implementation is broken. For character-special
devices like /dev/null, it returns POLLNVAL when polled with
POLLIN.
Apparently this is Apple bug 3710161, which is AFAIK not public,
but a websearch will find other OSS projects rediscovering it
periodically since it was first identified in 2005 (!!)
Since we changed from select() to ppoll() tests have been failing.
This seems to be because FreeBSD 10 (and presumably 9) do not allow
ppoll() in the privsep process and sshd will fail with "Not permitted in
capability mode". Setting CAP_EVENT on the FDs doesn't help, but weirdly,
poll() works without that. Those versions are EOL so this situation is
unlikely to change.
glibc's closefrom implementation does not work in a chroot when the kernel
does not have close_range. It tries to read from /proc/self/fd and when
that fails dies with an assertion of sorts. Instead, call close_range
ourselves from our compat code and fall back if that fails. bz#3349,
with william.wilson at canonical.com and fweimer at redhat.com.
HP-UX 10.x has a getline() implementation in libc that does not behave
as we expect so don't use it. With correction from Thorsten Glaser and
typo fix from Larkin Nickle.
Users of MD5-hashed password should arrange for ./configure to link
against libxcrypt or similar. Though it would be better to avoid use
of MD5 password hashing entirely, it's arguably worse than DEScrypt.
feedback and ok dtucker@
Add -fzero-call-used-regs and -ftrivial-auto-var-init to the list of
compiler hardening flags that configure checks for. These are supported
by clang and gcc, and make ROP gadgets less useful and mitigate
stack-based infoleaks respectively. ok djm@
Placed at the start of platform_disable_tracing() to prevent declaration
after code errors from strict C89 compilers (in the unlikely event that
more than one method is enabled).
Should fix printing cert times exceeding INT_MAX (bz#3329) on platforms
were time_t is a long long. The limit used is for the signed type, so if
some system has a 32bit unsigned time_t then the lower limit will still
be imposed and we would need to add some way to detect this. Anyone using
an unsigned 64bit can let us know when it starts being a problem.
This is basically the existing notify_pipe kludge from serverloop.c
moved behind a pselect interface. It works by installing a signal
handler that writes to a pipe that the select is watching, then calls
the original handler.
The select call in serverloop will become pselect soon, at which point the
kludge will be removed from thereand will only exist in the compat layer.
Original code by markus, help from djm.
Some Linux distributions are shipping the BSD-style hashing functions
(e.g. SHA256Update) in libbsd and/or libmd. Detect this situation to
avoid header/replacement clashes later. ok dtucker@
FreeBSD has login_getpwclass() that does some special magic for
UID=0. Prefer this to login_getclass() as its easier to emulate
the former with the latter.
Based on FreeBSD PR 37416 via Ed Maste; ok dtucker@
The sntrup761 code sourced from supercop uses variable length
arrays. Although widely supported, they are not part of the ANSI
C89 spec so if the compiler does not support VLAs, disable the
sntrup761x25519-sha512@openssh.com KEX method by replacing the kex
functions with no-op ones similar to what we do in kexecdh.c.
This should allow OpenSSH to build with a plain C89 compiler again.
Spotted by tim@, ok djm@.
It was only set by the recently removed AC_HEADER_TIME macro, replace
with simple inclusions of both sys/time.h and time.h. Should prevent
mis-detection of struct timespec.
We needed a mkdtemp() that accepted template paths that did not
end in XXXXXX a long time ago for KRB4, but that code is long
deprecated. We no longer need to replace mkdtemp() for strictly
following POSIX. ok dtucker@
when testing, make sure to include the relevant header files that
declare the types of the functions used by the test:
- stdio.h for printf();
- stdlib.h for exit();
- string.h for strcmp();
- unistd.h for unlink(), _exit(), fork(), getppid(), sleep().
The `aclocal' step is skipped during `autoreconf' because aclocal.m4 is
present.
Move the current aclocal.m4 which contains local macros into the m4/
folder. With this change the aclocal.m4 will be re-created during
changes to the m4/ macro.
This is needed so the `aclocal' can fetch m4 macros from the system if
they are references in the configure script. This is a prerequisite to
use PKG_CHECK_MODULES.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
configure.ac is not detecting -Wextra in compilers that implement the
option. The problem is that -Wextra implies -Wunused-parameter, and the
C excerpt used by aclocal.m4 does not use argv. Patch from pedro at
ambientworks.net, ok djm@
This is a frankenstein monster of AMD64 instructions/calling conventions
but with a 4GB address space. Allegedly deprecated but people still run
into it causing weird sandbox failures, e.g. bz#3085
Damien Miller
Darren Tucker
David Carlier
John Ericson
pedro martelletto
Sebastian Andrzej Siewior
djm@openbsd.org
Andreas Schwab