ae9c0d4d5c
Update vis.h and vis.c from OpenBSD.
...
This will be needed for the upcoming utf8 changes.
2016-06-03 16:03:44 +10:00
604a037d84
whitespace at EOL
2016-05-31 16:45:28 +10:00
332ff3d770
initialise salen in binresvport_sa
...
avoids failures with UsePrivilegedPort=yes
patch from Juan Gallego
2016-05-10 09:51:06 +10:00
627824480c
Include priv.h for priv_set_t.
...
From alex at cooperi.net.
2016-03-11 14:47:41 +11:00
907091acb1
Make Solaris privs code build on older systems.
...
Not all systems with Solaris privs have priv_basicset so factor that
out and provide backward compatibility code. Similarly, not all have
PRIV_NET_ACCESS so wrap that in #ifdef. Based on code from
alex at cooperi.net and djm@ with help from carson at taltos.org and
wieland at purdue.edu.
2016-02-19 09:05:39 +11:00
60d860e54b
Rollback addition of va_start.
...
va_start was added in 0f754e29dd
2016-02-17 13:37:09 +11:00
4626cbaf78
Support Illumos/Solaris fine-grained privileges
...
Includes a pre-auth privsep sandbox and several pledge()
emulations. bz#2511, patch by Alex Wilson.
ok dtucker@
2016-01-08 14:29:12 +11:00
f0191d7c8e
Revert "stub for pledge(2) for systems that lack it"
...
This reverts commit 14c887c839
2015-11-30 10:53:25 +11:00
14c887c839
stub for pledge(2) for systems that lack it
2015-11-30 09:45:54 +11:00
3ddd15e1b6
Add a null implementation of pledge.
...
Fixes builds on almost everything.
2015-11-30 07:23:53 +11:00
8db134e7f4
Prevent name collisions with system glob (bz#2463)
...
Move glob.h from includes.h to the only caller (sftp) and override the
names for the symbols. This prevents name collisions with the system glob
in the case where something other than ssh uses it (eg kerberos). With
jjelen at redhat.com, ok djm@
2015-10-29 10:48:23 +11:00
0f754e29dd
need va_copy before va_start
...
reported by Nicholas Lemonias
2015-10-16 10:53:38 +11:00
eb6c50d82a
fix compilation on systems without SYMLOOP_MAX
2015-10-15 15:48:28 -07:00
8f22911027
upstream commit
...
revision 1.20
date: 2015/10/13 20:55:37; author: millert; state: Exp; lines: +2 -2; commitid: X39sl5ay1czgFIgp;
In rev 1.15 the sizeof argument was fixed in a strlcat() call but
the truncation check immediately following it was not updated to
match. Not an issue in practice since the buffers are the same
size. OK deraadt@
2015-10-14 08:28:19 +11:00
23fa695bb7
upstream commit
...
revision 1.19
date: 2015/01/16 16:48:51; author: deraadt; state: Exp; lines: +3 -3; commitid: 0DYulI8hhujBHMcR;
Move to the <limits.h> universe.
review by millert, binary checking process with doug, concept with guenther
2015-10-14 08:27:51 +11:00
c71be375a6
upstream commit
...
revision 1.18
date: 2014/10/19 03:56:28; author: doug; state: Exp; lines: +9 -9; commitid: U6QxmtbXrGoc02S5;
Revert last commit due to changed semantics found by make release.
2015-10-14 08:27:08 +11:00
c39ad23b06
upstream commit
...
revision 1.17
date: 2014/10/18 20:43:52; author: doug; state: Exp; lines: +10 -10; commitid: I74hI1tVZtsspKEt;
Better POSIX compliance in realpath(3).
millert@ made changes to realpath.c based on FreeBSD's version. I merged
Todd's changes into dl_realpath.c.
ok millert@, guenther@
2015-10-14 08:26:24 +11:00
e929a43f95
upstream commit
...
revision 1.16
date: 2013/04/05 12:59:54; author: kurt; state: Exp; lines: +3 -1;
- Add comments regarding copies of these files also in libexec/ld.so
okay guenther@
2015-10-14 08:25:55 +11:00
5225db68e5
upstream commit
...
revision 1.15
date: 2012/09/13 15:39:05; author: deraadt; state: Exp; lines: +2 -2;
specify the bounds of the dst to strlcat (both values were static and
equal, but it is more correct)
from Michal Mazurek
2015-10-14 08:25:32 +11:00
7365fe5b48
upstream commit
...
revision 1.14
date: 2011/07/24 21:03:00; author: miod; state: Exp; lines: +35 -13;
Recent Single Unix will malloc memory if the second argument of realpath()
is NULL, and third-party software is starting to rely upon this.
Adapted from FreeBSD via Jona Joachim (jaj ; hcl-club , .lu), with minor
tweaks from nicm@ and yours truly.
2015-10-14 08:25:09 +11:00
189de02d9a
expose POLLHUP and POLLNVAL for netcat.c
2015-08-21 15:45:02 +10:00
0c30ba91f8
downgrade OOM adjustment logging: verbose -> debug
2015-07-30 12:32:42 +10:00
d56fd18280
make realpath.c compile -Wsign-compare clean
2015-07-20 11:19:51 +10:00
d3e2aee414
Check if realpath works on nonexistent files.
...
On some platforms the native realpath doesn't work with non-existent
files (this is actually specified in some versions of POSIX), however
the sftp spec says its realpath with "canonicalize any given path name".
On those platforms, use realpath from the compat library.
In addition, when compiling with -DFORTIFY_SOURCE, glibc redefines
the realpath symbol to the checked version, so redefine ours to
something else so we pick up the compat version we want.
bz#2428, ok djm@
2015-07-17 12:58:02 +10:00
d7a58bbac6
Replace strcpy with strlcpy.
...
ok djm, sanity check by Corinna Vinschen.
2015-06-02 20:15:26 +10:00
d028d5d3a6
upstream commit
...
- tedu@cvs.openbsd.org 2015/01/12 03:20:04
[bcrypt_pbkdf.c]
rename blocks to words. bcrypt "blocks" are unrelated to blowfish blocks,
nor are they the same size.
2015-05-10 11:57:31 +10:00
f6391d4e59
upstream commit
...
- deraadt@cvs.openbsd.org 2015/01/08 00:30:07
[bcrypt_pbkdf.c]
declare a local version of MIN(), call it MINIMUM()
2015-05-10 11:57:27 +10:00
8ac6b13cc9
upstream commit
...
- djm@cvs.openbsd.org 2014/12/30 01:41:43
[bcrypt_pbkdf.c]
typo in comment: ouput => output
2015-05-10 11:57:23 +10:00
a647b9b8e6
Put brackets around mblen() compat constant.
...
This might help with the reported problem cross compiling for Android
("error: expected identifier or '(' before numeric constant") but
shouldn't hurt in any case.
2015-05-08 11:07:27 +10:00
ee15d9c9f0
Wrap endian.h include inside ifdef (bz#2370).
2015-04-17 10:40:23 +10:00
e7bf3a5eda
Use do{}while(0) for no-op functions.
...
From FreeBSD.
2015-04-07 10:48:04 +10:00
bb99844aba
Wrap blf.h include in ifdef. From FreeBSD.
2015-04-07 10:47:15 +10:00
678e473e2a
Remove dependency on xmalloc.
...
Remove ssh_get_progname's dependency on xmalloc, which should reduce
link order problems. ok djm@
2015-02-26 04:12:58 +11:00
1734e276d9
Move definition of _NSIG.
...
_NSIG is only unsed in one file, so move it there prevent redefinition
warnings reported by Kevin Brott.
2015-02-25 13:40:45 +11:00
c9c88355c6
Add AI_NUMERICSERV to fake-rfc2553.
...
Our getaddrinfo implementation always returns numeric values already.
2015-02-24 13:43:57 +11:00
37f9220db8
Wrap stdint.h includes in ifdefs.
2015-02-23 03:07:24 +11:00
bc42cc6fe7
kludge around tun API mismatch betterer
2015-01-15 03:08:29 +11:00
0cdc5a3eb6
unbreak across API change
2015-01-15 02:35:33 +11:00
72ef7c148c
support --without-openssl at configure time
...
Disables and removes dependency on OpenSSL. Many features don't
work and the set of crypto options is greatly restricted. This
will only work on system with native arc4random or /dev/urandom.
Considered highly experimental for now.
2015-01-15 02:28:36 +11:00
81bfbd0bd3
support --without-openssl at configure time
...
Disables and removes dependency on OpenSSL. Many features don't
work and the set of crypto options is greatly restricted. This
will only work on system with native arc4random or /dev/urandom.
Considered highly experimental for now.
2015-01-14 21:48:18 +11:00
462082eacb
avoid uninitialised free of ldns_res
...
If an invalid rdclass was passed to getrrsetbyname() then
this would execute a free on an uninitialised pointer.
OpenSSH only ever calls this with a fixed and valid rdclass.
Reported by Joshua Rogers
2014-12-30 08:16:11 +11:00
01b6349880
pull updated OpenBSD BCrypt PBKDF implementation
...
Includes fix for 1 byte output overflow for large key length
requests (not reachable in OpenSSH).
Pointed out by Joshua Rogers
2014-12-29 18:10:18 +11:00
7de5991aa3
upstream libc change
...
revision 1.2
date: 2014/12/08 03:45:00; author: bcook; state: Exp; lines: +2 -2; commitid: 7zWEBgJJOCZ2hvTV;
avoid left shift overflow in reallocarray.
Some 64-bit platforms (e.g. Windows 64) have a 32-bit long. So, shifting
1UL 32-bits to the left causes an overflow. This replaces the constant 1UL with
(size_t)1 so that we get the correct constant size for the platform.
discussed with tedu@ & deraadt@
2014-12-18 11:44:06 +11:00
642652d280
Add reallocarray to compat library
2014-12-10 01:32:23 +11:00
703b98a267
- (djm) [openbsd-compat/Makefile.in openbsd-compat/kludge-fd_set.c]
...
[openbsd-compat/openbsd-compat.h] Kludge around bad glibc
_FORTIFY_SOURCE check that doesn't grok heap-allocated fd_sets;
ok dtucker@
2014-10-01 09:43:07 +10:00
2a8699f37c
- (djm) [openbsd-compat/arc4random.c] Zero seed after keying PRNG
2014-09-04 03:46:05 +10:00
d7c81e216a
- (djm) [openbsd-compat/openssl-compat.h] add include guard
2014-08-30 04:18:28 +10:00
51c77e2922
- (djm) [openbsd-compat/openssl-compat.h] add
...
OPENSSL_[RD]SA_MAX_MODULUS_BITS defines for OpenSSL that lacks them
2014-08-30 02:30:30 +10:00
3d673d103b
- (djm) [openbsd-compat/explicit_bzero.c] implement explicit_bzero()
...
using memset_s() where possible; improve fallback to indirect bzero
via a volatile pointer to give it more of a chance to avoid being
optimised away.
2014-08-27 06:32:01 +10:00
4d69aeabd6
- (djm) [openbsd-compat/bsd-snprintf.c] Fix compilation failure (prototype/
...
definition mismatch) and warning for broken/missing snprintf case.
2014-08-22 17:48:27 +10:00
5573171352
- (dtucker) [cipher.c openbsd-compat/openssl-compat.h] Restore the bits
...
needed to build AES CTR mode against OpenSSL 0.9.8f and above. ok djm
2014-07-21 02:24:59 +10:00
74e2868271
- (tim) [openbsd-compat/port-uw.c] Include misc.h for fwd_opts, used
...
in servconf.h.
2014-07-18 20:00:11 -07:00
8668706d0f
- djm@cvs.openbsd.org 2014/06/24 01:13:21
...
[Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c
[auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c
[cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h
[digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h
[hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h
[ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c
[ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c
[ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c
[sshconnect2.c sshd.c sshkey.c sshkey.h
[openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h]
New key API: refactor key-related functions to be more library-like,
existing API is offered as a set of wrappers.
with and ok markus@
Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
Dempsky and Ron Bowes for a detailed review a few months ago.
NB. This commit also removes portable OpenSSH support for OpenSSL
<0.9.8e.
2014-07-02 15:28:02 +10:00
316fac6f18
- (dtucker) [entropy.c openbsd-compat/openssl-compat.{c,h}
...
openbsd-compat/regress/{.cvsignore,Makefile.in,opensslvertest.c}]
Move the OpenSSL header/library version test into its own function and add
tests for it. Fix it to allow fix version upgrades (but not downgrades).
Prompted by chl@ via OpenSMTPD (issue #462 ) and Debian (bug #748150 ).
ok djm@ chl@
2014-06-17 23:06:07 +10:00
eb012ac581
- (dtucker) [openbsd-compat/arc4random.c] Use explicit_bzero instead of an
...
assigment that might get optimized out. ok djm@
2014-06-11 13:10:00 +10:00
6482d90a65
- (djm) [configure.ac openbsd-compat/bsd-cygwin_util.c]
...
[openbsd-compat/bsd-cygwin_util.h] On Cygwin, determine privilege
separation user at runtime, since it may need to be a domain account.
Patch from Corinna Vinschen.
2014-05-27 14:34:42 +10:00
4a20959d2e
- (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add compat
...
code for older OpenSSL versions that don't have EVP_MD_CTX_copy_ex.
2014-02-13 16:38:32 +11:00
8d36f9ac71
- (dtucker) [openbsd-compat/bsd-poll.c] Don't bother checking for non-NULL
...
before freeing since free(NULL) is a no-op. ok djm.
2014-02-06 10:44:13 +11:00
bf7e0f03be
- (djm) [openbsd-compat/Makefile.in] Add missing explicit_bzero.o
2014-02-04 11:37:50 +11:00
1d2c456426
- tedu@cvs.openbsd.org 2014/01/31 16:39:19
...
[auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c]
[channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c]
[kexc25519.c krl.c monitor.c sandbox-systrace.c session.c]
[sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c]
[openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h]
replace most bzero with explicit_bzero, except a few that cna be memset
ok djm dtucker
2014-02-04 11:18:20 +11:00
ee87838786
- (djm) [openbsd-compat/setproctitle.c] Don't fail to compile if a
...
platform that is expected to use the reuse-argv style setproctitle
hack surprises us by providing a setproctitle in libc; ok dtucker
2014-01-22 16:30:15 +11:00
1411c9263f
- (dtucker) [openbsd-compat/bsd-cygwin_util.h] Add missing function
...
declarations that stopped being included when we stopped including
<windows.h> from openbsd-compat/bsd-cygwin_util.h. Patch from vinschen at
redhat.com.
2014-01-18 21:03:59 +11:00
5055699c7f
- (dtucker) [openbsd-compat/bsd-statvfs.h] Only start including headers if we
...
need them to cut down on the name collisions.
2014-01-17 18:48:22 +11:00
a5cf1e220d
- (dtucker) [configure.ac openbsd-compat/bsd-statvfs.c
...
openbsd-compat/bsd-statvfs.h] Implement enough of statvfs on top of statfs
to be useful (and for the regression tests to pass) on platforms that
have statfs and fstatfs. ok djm@
2014-01-17 18:10:58 +11:00
1357d71d7b
- (dtucker) Fix typo in #ifndef.
2014-01-17 18:00:40 +11:00
d23a91ffb2
- (dtucker) [configure.ac digest.c openbsd-compat/openssl-compat.c
...
openbsd-compat/openssl-compat.h] Add compatibility layer for older
openssl versions. ok djm@
2014-01-17 17:32:30 +11:00
c3ed065ce8
- (dtucker) [openbsd-compat/bcrypt_pbkdf.c] Wrap stdlib.h include inside
...
#ifdef HAVE_STDINT_H.
2014-01-17 14:18:45 +11:00
7e6e42fb53
- (djm) [openbsd-compat/bsd-setres_id.c] Missing header; from Corinna
...
Vinschen
2013-12-08 08:23:08 +11:00
f104da263d
- (djm) [ed25519.c ssh-ed25519.c openbsd-compat/Makefile.in]
...
[openbsd-compat/bcrypt_pbkdf.c] Make ed25519/new key format compile on
Linux
2013-12-07 12:37:53 +11:00
1ff130dac9
- [configure.ac openbsd-compat/Makefile.in openbsd-compat/bcrypt_pbkdf.c]
...
[openbsd-compat/blf.h openbsd-compat/blowfish.c]
[openbsd-compat/openbsd-compat.h] Start at supporting bcrypt_pbkdf in
portable.
2013-12-07 11:51:51 +11:00
8c333ec23b
- (dtucker) [openbsd-compat/bsd-poll.c] Add headers to prevent compile
...
warnings.
2013-11-08 21:12:58 +11:00
ccdb9bec46
- (dtucker) [openbsd-compat/openbsd-compat.h] Add null implementation of
...
arc4random_stir for platforms that have arc4random but don't have
arc4random_stir (right now this is only OpenBSD -current).
2013-11-08 18:54:38 +11:00
710f374735
- (dtucker) [openbsd-compat/setproctitle.c] Handle error case form the 2nd
...
vsnprintf. From eric at openbsd via chl@.
2013-11-03 17:20:34 +11:00
d527704523
- (dtucker) [openbsd-compat/bsd-misc.c] Include time.h for nanosleep.
...
From OpenSMTPD where it prevents "implicit declaration" warnings (it's
a no-op in OpenSSH). From chl at openbsd.
2013-11-03 16:30:46 +11:00
720711960b
- (djm) [openbsd-compat/Makefile.in openbsd-compat/arc4random.c]
...
[openbsd-compat/bsd-arc4random.c] Replace old RC4-based arc4random
implementation with recent OpenBSD's ChaCha-based PRNG. ok dtucker@,
tested tim@
2013-10-09 10:44:47 +11:00
9159310087
- (djm) [openbsd-compat/arc4random.c openbsd-compat/chacha_private.h] Pull
...
in OpenBSD implementation of arc4random, shortly to replace the existing
bsd-arc4random.c
2013-10-09 10:42:32 +11:00
43968a8e66
- (djm) [openbsd-compat/bsd-snprintf.c] #ifdef noytet for intmax_t bits
...
until we have configure support.
2013-08-28 14:00:54 +10:00
04be8b9e53
- (djm) [openbsd-compat/bsd-snprintf.c] teach our local snprintf code the
...
'j' (intmax_t/uintmax_t) and 'z' (size_t/ssize_t) conversions in case we
start to use them in the future.
2013-08-28 12:49:43 +10:00
f3ab2c5f9c
- (dtucker) [auth-krb5.c configure.ac openbsd-compat/bsd-misc.h] Add support
...
for building with older Heimdal versions. ok djm.
2013-08-04 21:48:41 +10:00
ae133d4b31
- (dtucker) [configure.ac sftp.c openbsd-compat/openbsd-compat.h] Cater for
...
platforms that don't have multibyte character support (specifically,
mblen).
2013-06-06 08:30:20 +10:00
f60845fde2
- (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c cipher-ctr.c
...
groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c
sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c
openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c
openbsd-compat/port-linux.c] Replace portable-specific instances of xfree
with the equivalent calls to free.
2013-06-02 08:07:31 +10:00
c0c3373216
- (dtucker) [configure.ac openbsd-compat/xcrypt.c] bz#2112: fall back to
...
using openssl's DES_crpyt function on platorms that don't have a native
one, eg Android. Based on a patch from Nathan Osman.
2013-06-02 06:28:03 +10:00
efdf534214
- (dtucker) [configure.ac openbsd-compat/bsd-misc.h] bz#2087: Add a null
...
implementation of endgrent for platforms that don't have it (eg Android).
Loosely based on a patch from Nathan Osman, ok djm
2013-05-30 08:29:08 +10:00
8654dd2d73
- (dtucker) [openbsd-compat/getopt.h] Remove unneeded bits.
2013-05-17 16:03:48 +10:00
e194ba4111
- (dtucker) [configure.ac readconf.c servconf.c
...
openbsd-compat/openbsd-compat.h] Add compat bits for scan_scaled.
2013-05-16 20:47:31 +10:00
0abfb559e3
- (dtucker) [openbsd-compat/getopt.h openbsd-compat/getopt_long.c
...
openbsd-compat/openbsd-compat.h] pull in getopt.h from openbsd and plumb
in to use it when we're using our own getopt.
2013-05-10 18:08:49 +10:00
ccfdfceacb
- (dtucker) [openbsd-compat/Makefile.in openbsd-compat/getopt.c
...
openbsd-compat/getopt_long.c regress/modpipe.c] Remove getopt.c, add
portability code to getopt_long.c and switch over Makefile and the ugly
hack in modpipe.c. Fixes bz#1448.
2013-05-10 16:28:55 +10:00
3933202007
- (dtucker) [openbsd-compat/getopt_long.c] Import from OpenBSD. No
...
portability changes yet.
2013-05-10 15:38:11 +10:00
35b2fe99be
- (dtucker) [openbsd-compat/getopt.c] Factor out portibility changes to
...
getopt.c. Preprocessed source is identical other than line numbers.
2013-05-10 15:35:26 +10:00
c9627cdbc6
- (dtucker) [openbsd-compat/bsd-cygwin_util.{c,h}] Don't include windows.h
...
to avoid conflicting definitions of __int64, adding the required bits.
Patch from Corinna Vinschen.
2013-04-01 12:40:48 +11:00
63b4bcd04e
- (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c]
...
[openbsd-compat/vis.h] FreeBSD's strnvis isn't compatible with OpenBSD's
so mark it as broken. Patch from des AT des.no
2013-03-20 12:55:14 +11:00
f4db77d766
- (djm) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
...
Add a usleep replacement for platforms that lack it; ok dtucker
2013-03-15 10:34:25 +11:00
2991d288db
- (dtucker) [openbsd-compat/bsd-misc.c] Handle the case where setpgrp() takes
...
an argument. Pointed out by djm.
2013-02-15 14:55:38 +11:00
f32db83f41
- (dtucker) [openbsd-compat/openbsd-compat.h] Add prototype for strtoul,
...
group strto* function prototypes together.
2013-02-15 12:20:41 +11:00
8e6fb780e5
- (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoull.c
...
openbsd-compat/openbsd-compat.h] Add strtoull to compat library for
platforms that don't have it.
2013-02-15 12:13:01 +11:00
62e4edc797
spacing
2013-02-15 11:50:03 +11:00
3c4a24c3e3
- (dtucker) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
...
Use getpgrp() if we don't have getpgid() (old BSDs, maybe others).
2013-02-15 11:41:35 +11:00
f0a8ded824
- djm@cvs.openbsd.org 2013/01/26 06:11:05
...
[Makefile.in acss.c acss.h cipher-acss.c cipher.c]
[openbsd-compat/openssl-compat.h]
remove ACSS, now that it is gone from libcrypto too
2013-02-12 11:00:34 +11:00
b6f73b3af6
- (djm) [configure.ac openbsd-compat/openssl-compat.h] Repair build on old
...
libcrypto that lacks EVP_CIPHER_CTX_ctrl
2013-02-11 10:39:12 +11:00
951b53b1be
- (dtucker) [configure.ac openbsd-compat/sys-tree.h] Test if compiler allows
...
__attribute__ on return values and work around if necessary. ok djm@
2013-02-08 11:50:09 +11:00
d60b210830
- (djm) [openbsd-compat/sys-tree.h] Sync with OpenBSD. krl.c needs newer
...
version.
2013-01-20 22:49:58 +11:00
da5cc5d09a
- (djm) [cipher-aes.c cipher-ctr.c openbsd-compat/openssl-compat.h]
...
Move prototypes for replacement ciphers to openssl-compat.h; fix EVP
prototypes for openssl-1.0.0-fips.
2013-01-20 22:31:29 +11:00
d522c68872
- (djm) [cipher.c configure.ac openbsd-compat/openssl-compat.h]
...
Fix merge botch, automatically detect AES-GCM in OpenSSL, move a little
cipher compat code to openssl-compat.h
2013-01-09 16:42:47 +11:00
cf6ef137b5
- (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD to get
...
TAILQ_FOREACH_SAFE needed for upcoming changes.
2012-12-03 09:37:56 +11:00
f96ff18a92
- (dtucker) [uidswap.c openbsd-compat/Makefile.in
...
openbsd-compat/bsd-setres_id.c openbsd-compat/bsd-setres_id.h
openbsd-compat/openbsd-compat.h] Move the fallback code for setting uids
and gids from uidswap.c to the compat library, which allows it to work with
the new setresuid calls in auth2-pubkey. with tim@, ok djm@
2012-11-05 17:04:37 +11:00
318541854f
- (dtucker) [openbsd-compat/bsd-cygwin_util.h] define WIN32_LEAN_AND_MEAN
...
for compatibility with future mingw-w64 headers. Patch from vinschen at
redhat com.
2012-08-28 19:57:19 +10:00
34f702ae64
- (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for
...
platforms that don't have it. "looks good" tim@
2012-07-04 08:50:09 +10:00
8908da7dce
- (dtucker) [openbsd-compat/getrrsetbyname-ldns.c] bz #2022 : prevent null
...
pointer deref in the client when built with LDNS and using DNSSEC with a
CNAME. Patch from gregdlg+mr at hochet info.
2012-06-28 15:21:32 +10:00
ce1ec9d4e2
- (djm) [openbsd-compat/bsd-cygwin_util.h] #undef _WIN32 to avoid incorrect
...
assumptions when building on Cygwin; patch from Corinna Vinschen
2012-03-30 14:07:05 +11:00
7bf7b889b3
- (djm) [openbsd-compat/port-linux.c] bz#1960: fix crash on SELinux
...
systems where sshd is run in te wrong context. Patch from Sven
Vermeulen; ok dtucker@
2012-03-09 10:25:16 +11:00
e3609c935c
- (tim) [openbsd-compat/bsd-misc.h sshd.c] Fix conflicting return type for
...
unsetenv due to rev 1.14 change to setenv.c. Cast unsetenv to void in sshd.c
ok dtucker@
2012-02-14 10:03:30 -08:00
7b7901c330
- (djm) [openbsd-compat/bsd-cygwin_util.c] Add PROGRAMFILES to list of
...
preserved Cygwin environment variables; from Corinna Vinschen
2012-02-14 06:38:36 +11:00
e9b3ad73ba
- (dtucker) [configure.ac mac.c openbsd-compat/openssl-compat.h] Add
...
null implementation of HMAC_CTX_init for the benefit of old versions
of OpenSSL that don't have it.
2012-01-17 14:03:34 +11:00
aa3cbd1b5b
- (dtucker) [INSTALL LICENCE configure.ac openbsd-compat/Makefile.in
...
openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/getrrsetbyname.c]
bz 1320: Add optional support for LDNS, a BSD licensed DNS resolver library
which supports DNSSEC. Patch from Simon Vallet (svallet at genoscope cns fr)
with some rework from myself and djm. ok djm.
2011-11-04 11:25:24 +11:00
036876cd7d
- (dtucker) [openbsd-compat/mktemp.c] Fix compiler warning. ok djm
2011-10-01 18:46:12 +10:00
b54f50e5d0
- (dtucker) [configure.ac openbsd-compat/Makefile.in
...
openbsd-compat/strnlen.c] Add strnlen to the compat library.
2011-09-29 23:17:18 +10:00
d1a74580f8
- (djm) [openbsd-compat/setenv.c] Forklift upgrade, including inclusion
...
of static __findenv() function from upstream setenv.c
2011-09-23 11:26:34 +10:00
3e6fe87ef9
- otto@cvs.openbsd.org 2008/12/09 19:38:38
...
[openbsd-compat/inet_ntop.c]
fix inet_ntop(3) prototype; ok millert@ libc to be bumbed very soon
2011-09-23 11:16:09 +10:00
64efe9671d
- (djm) [openbsd-compat/sha2.c openbsd-compat/sha2.h] Remove OpenBSD rcsid
...
marker. The upstream API has changed (function and structure names)
enough to put it out of sync with other providers of this interface.
2011-09-23 11:13:00 +10:00
4888671343
- (djm) [openbsd-compat/mktemp.c] forklift upgrade to -current version.
...
The file was totally rewritten between what we had in tree and -current.
2011-09-23 10:56:29 +10:00
3a359b3228
- millert@cvs.openbsd.org 2008/08/21 16:54:44
...
[mktemp.c]
Remove useless code, the kernel will set errno appropriately if an
element in the path does not exist. OK deraadt@ pvalchev@
2011-09-23 10:47:29 +10:00
dc0e09b41c
- deraadt@cvs.openbsd.org 2008/07/22 21:47:45
...
[mktemp.c]
use arc4random_uniform(); ok djm millert
2011-09-23 10:46:48 +10:00
cd92790fcb
- (djm) [openbsd-compat/getgrouplist.c] Remove OpenBSD rcsid marker: the
...
upstream version is YPified and we don't want this
2011-09-23 10:44:03 +10:00
834e820317
- tobias@cvs.openbsd.org 2007/10/21 11:09:30
...
[mktemp.c]
Comment fix about time consumption of _gettemp.
FreeBSD did this in revision 1.20.
OK deraadt@, krw@
2011-09-23 10:42:02 +10:00
acdf3fbdba
- (djm) [openbsd-compat/getcwd.c] Remove OpenBSD rcsid marker since we no
...
longer want to sync this file (OpenBSD uses a __getcwd syscall now, we
want this longhand version)
2011-09-23 10:40:50 +10:00
b9cd0491f7
- millert@cvs.openbsd.org 2006/05/05 15:27:38
...
[openbsd-compat/strlcpy.c]
Convert do {} while loop -> while {} for clarity. No binary change
on most architectures. From Oliver Smith. OK deraadt@ and henning@
2011-09-23 10:38:11 +10:00
e128a50e35
- djm@cvs.openbsd.org 2011/09/22 06:27:29
...
[glob.c]
fix GLOB_KEEPSTAT without GLOB_NOSORT; the implicit sort was being
applied only to the gl_pathv vector and not the corresponding gl_statv
array. reported in OpenSSH bz#1935; feedback and okay matthew@
2011-09-22 21:22:21 +10:00
c4bf7dde92
- stsp@cvs.openbsd.org 2011/09/20 10:18:46
...
[glob.c]
In glob(3), limit recursion during matching attempts. Similar to
fnmatch fix. Also collapse consecutive '*' (from NetBSD).
ok miod deraadt
2011-09-22 21:21:48 +10:00
e01a627047
- pyr@cvs.openbsd.org 2011/05/12 07:15:10
...
[openbsd-compat/glob.c]
When the max number of items for a directory has reached GLOB_LIMIT_READDIR
an error is returned but closedir() is not called.
spotted and fix provided by Frank Denis obsd-tech@pureftpd.org
ok otto@, millert@
2011-09-22 21:20:21 +10:00
58ac11a2bd
- (djm) [openbsd-compat/port-linux.c] Suppress logging when attempting
...
to switch SELinux context away from unconfined_t, based on patch from
Jan Chadima; bz#1919 ok dtucker@
2011-08-29 16:09:52 +10:00
9c08312968
- (djm) [ openbsd-compat/bsd-cygwin_util.c openbsd-compat/bsd-cygwin_util.h]
...
binary_pipe is no longer required on Cygwin; patch from Corinna Vinschen
2011-08-17 11:31:07 +10:00
4d47ec9c89
- (dtucker) [openbsd-compat/port-linux.c] Bug 1924: Improve selinux context
...
change error by reporting old and new context names Patch from
jchadima at redhat.
2011-08-12 10:12:53 +10:00
d6548fe4cf
- (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882 : fix
...
--with-ssl-engine which was broken with the change from deprecated
SSLeay_add_all_algorithms(). ok djm
2011-05-10 11:13:36 +10:00
343f75fa19
- (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1875 : add prototype
...
for closefrom() in test code. Report from Dan Wallis via Gentoo.
2011-05-06 10:43:50 +10:00
3b9617ecbd
- (dtucker) [openbsd-compat/port-linux.c] Bug #1851 : fix syntax error in
...
selinux code. Patch from Leonardo Chiquitto.
2011-02-06 13:24:35 +11:00
d4a5504cb1
- (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled
...
before attempting setfscreatecon(). Check whether matchpathcon()
succeeded before using its result. Patch from cjwatson AT debian.org;
bz#1851
2011-01-28 10:30:18 +11:00
71adf127e8
- (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c
...
openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
port-linux.c to avoid compilation errors. Add -lselinux to ssh when
building with SELinux support to avoid linking failure; report from
amk AT spamfence.net; ok dtucker
2011-01-25 12:16:15 +11:00
79241377df
- (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add
...
RSA_get_default_method() for the benefit of openssl versions that don't
have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott,
ok djm@.
2011-01-22 09:37:01 +11:00
263d43d2a5
- (dtucker) [openbsd-compat/port-linux.c] Fix minor bug caught by -Werror on
...
the tinderbox.
2011-01-17 18:50:22 +11:00
0c93adc7c1
- (dtucker) [openbsd-compat/port-linux.c] Bug #1838 : Add support for the new
...
Linux OOM-killer magic values that changed in 2.6.36 kernels, with fallback
to the old values. Feedback from vapier at gentoo org and djm, ok djm.
2011-01-17 11:55:59 +11:00
4927aaf446
- djm@cvs.openbsd.org 2011/01/12 01:53:14
...
avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS
and sanity check arguments (these will be unnecessary when we switch
struct glob members from being type into to size_t in the future);
"looks ok" tedu@ feedback guenther@
2011-01-12 13:32:03 +11:00
b66e917831
- nicm@cvs.openbsd.org 2010/10/08 21:48:42
...
[openbsd-compat/glob.c]
Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit
from ARG_MAX to 64K.
Fixes glob-using programs (notably ftp) able to be triggered to hit
resource limits.
Idea from a similar NetBSD change, original problem reported by jasper@.
ok millert tedu jasper
2011-01-12 13:30:18 +11:00
37bb7568ab
- (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from
...
debugging. Spotted by djm.
2010-12-05 08:46:05 +11:00
ebdef76b5d
- (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add
...
shims for the new, non-deprecated OpenSSL key generation functions for
platforms that don't have the new interfaces.
2010-12-04 23:20:50 +11:00
d89745b9e7
- (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range)
...
instead of (arc4random() % range)
2010-12-03 10:50:26 +11:00
9e0ff7afc8
- (dtucker) Bug #1840 : fix warning when configuring --with-ssl-engine, patch
...
from vapier at gentoo org.
2010-11-22 17:59:00 +11:00
c7a8af03a0
- (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] Add
...
support for platforms missing isblank(). ok djm@
2010-11-08 14:26:23 -08:00
97528353c2
- (dtucker) [configure.ac platform.{c,h} session.c
...
openbsd-compat/port-solaris.{c,h}] Bug #1824 : Add Solaris Project support.
Patch from cory.erickson at csu mnscu edu with a bit of rework from me.
ok djm@
2010-11-05 12:03:05 +11:00
bdd3e67c19
- (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with
...
1.12 to unbreak Solaris build.
ok djm@
2010-10-24 18:35:55 -07:00
88b844f19b
- (djm) [openbsd-compat/Makefile.in] Actually link timingsafe_bcmp
2010-10-07 22:19:23 +11:00
Darren Tucker
Damien Miller
Damien Miller
Tim Rice