Darren Tucker
3b9617ecbd
- (dtucker) [openbsd-compat/port-linux.c] Bug #1851 : fix syntax error in
...
selinux code. Patch from Leonardo Chiquitto.
2011-02-06 13:24:35 +11:00
Damien Miller
d4a5504cb1
- (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled
...
before attempting setfscreatecon(). Check whether matchpathcon()
succeeded before using its result. Patch from cjwatson AT debian.org;
bz#1851
2011-01-28 10:30:18 +11:00
Damien Miller
71adf127e8
- (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c
...
openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
port-linux.c to avoid compilation errors. Add -lselinux to ssh when
building with SELinux support to avoid linking failure; report from
amk AT spamfence.net; ok dtucker
2011-01-25 12:16:15 +11:00
Darren Tucker
79241377df
- (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add
...
RSA_get_default_method() for the benefit of openssl versions that don't
have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott,
ok djm@.
2011-01-22 09:37:01 +11:00
Darren Tucker
263d43d2a5
- (dtucker) [openbsd-compat/port-linux.c] Fix minor bug caught by -Werror on
...
the tinderbox.
2011-01-17 18:50:22 +11:00
Darren Tucker
0c93adc7c1
- (dtucker) [openbsd-compat/port-linux.c] Bug #1838 : Add support for the new
...
Linux OOM-killer magic values that changed in 2.6.36 kernels, with fallback
to the old values. Feedback from vapier at gentoo org and djm, ok djm.
2011-01-17 11:55:59 +11:00
Damien Miller
4927aaf446
- djm@cvs.openbsd.org 2011/01/12 01:53:14
...
avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS
and sanity check arguments (these will be unnecessary when we switch
struct glob members from being type into to size_t in the future);
"looks ok" tedu@ feedback guenther@
2011-01-12 13:32:03 +11:00
Damien Miller
b66e917831
- nicm@cvs.openbsd.org 2010/10/08 21:48:42
...
[openbsd-compat/glob.c]
Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit
from ARG_MAX to 64K.
Fixes glob-using programs (notably ftp) able to be triggered to hit
resource limits.
Idea from a similar NetBSD change, original problem reported by jasper@.
ok millert tedu jasper
2011-01-12 13:30:18 +11:00
Darren Tucker
37bb7568ab
- (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from
...
debugging. Spotted by djm.
2010-12-05 08:46:05 +11:00
Darren Tucker
ebdef76b5d
- (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add
...
shims for the new, non-deprecated OpenSSL key generation functions for
platforms that don't have the new interfaces.
2010-12-04 23:20:50 +11:00
Damien Miller
d89745b9e7
- (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range)
...
instead of (arc4random() % range)
2010-12-03 10:50:26 +11:00
Darren Tucker
9e0ff7afc8
- (dtucker) Bug #1840 : fix warning when configuring --with-ssl-engine, patch
...
from vapier at gentoo org.
2010-11-22 17:59:00 +11:00
Tim Rice
c7a8af03a0
- (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] Add
...
support for platforms missing isblank(). ok djm@
2010-11-08 14:26:23 -08:00
Darren Tucker
97528353c2
- (dtucker) [configure.ac platform.{c,h} session.c
...
openbsd-compat/port-solaris.{c,h}] Bug #1824 : Add Solaris Project support.
Patch from cory.erickson at csu mnscu edu with a bit of rework from me.
ok djm@
2010-11-05 12:03:05 +11:00
Tim Rice
bdd3e67c19
- (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with
...
1.12 to unbreak Solaris build.
ok djm@
2010-10-24 18:35:55 -07:00
Damien Miller
88b844f19b
- (djm) [openbsd-compat/Makefile.in] Actually link timingsafe_bcmp
2010-10-07 22:19:23 +11:00
Damien Miller
37f4f1892f
- (djm) [openbsd-compat/glob.c] restore ARG_MAX compat code.
2010-10-07 22:10:38 +11:00
Damien Miller
9a3d0dc062
- djm@cvs.openbsd.org 2010/10/01 23:05:32
...
[cipher-3des1.c cipher-bf1.c cipher-ctr.c openbsd-compat/openssl-compat.h]
adapt to API changes in openssl-1.0.0a
NB. contains compat code to select correct API for older OpenSSL
2010-10-07 22:06:42 +11:00
Damien Miller
2738361878
sadly, two typos on one line is not my best record
2010-10-07 22:00:24 +11:00
Damien Miller
faca8ccd4d
unbreak previous
2010-10-07 21:59:40 +11:00
Damien Miller
a6e121aaa0
- djm@cvs.openbsd.org 2010/09/25 09:30:16
...
[sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h]
make use of new glob(3) GLOB_KEEPSTAT extension to save extra server
rountrips to fetch per-file stat(2) information.
NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to
match.
2010-10-07 21:39:17 +11:00
Damien Miller
aa18063baf
- matthew@cvs.openbsd.org 2010/09/24 13:33:00
...
[misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h]
[openbsd-compat/timingsafe_bcmp.c]
Add timingsafe_bcmp(3) to libc, mention that it's already in the
kernel in kern(9), and remove it from OpenSSH.
ok deraadt@, djm@
NB. re-added under openbsd-compat/ for portable OpenSSH
2010-10-07 21:25:27 +11:00
Darren Tucker
50e3bab242
- (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact
...
return code since it can apparently return -1 under some conditions. From
openssh bugs werbittewas de, ok djm@
2010-09-10 10:30:25 +10:00
Darren Tucker
aa74f6754a
- (dtucker) [configure.ac openbsd-compat/Makefile.in
...
openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to
the compat library which helps on platforms like old IRIX. Based on work
by djm, tested by Tom Christensen.
2010-08-16 13:15:23 +10:00
Damien Miller
2c4b13aa32
- (djm) bz#1561: don't bother setting IFF_UP on tun(4) device if it is
...
already set. Makes FreeBSD user openable tunnels useful; patch from
richard.burakowski+ossh AT mrburak.net, ok dtucker@
2010-08-10 12:47:40 +10:00
Tim Rice
3fd307df5b
- (tim) [openbsd-compat/port-uw.c] Reorder includes. auth-options.h now needs
...
key.h.
2010-06-26 16:45:15 -07:00
Damien Miller
4b1ec8381b
- (djm) [openbsd-compat/openssl-compat.h] Fix build breakage on older
...
libcrypto by defining OPENSSL_[DR]SA_MAX_MODULUS_BITS if they aren't
already. ok dtucker@
2010-05-12 17:49:59 +10:00
Damien Miller
7d09b8f8d9
- (djm) [openbsd-compat/bsd-arc4random.c] Fix preprocessor detection
...
for arc4random_buf() and arc4random_uniform(); from Josh Gilkerson
2010-03-26 08:52:02 +11:00
Darren Tucker
9af0cb9acc
- (dtucker) [openbsd-compat/port-linux.c] Make failure to write to the OOM
...
adjust log at verbose only, since according to cjwatson in bug #1470
some virtualization platforms don't allow writes.
2010-03-01 15:52:49 +11:00
Damien Miller
d05951fcee
- (djm) [openbsd-compat/bsd-cygwin_util.c] Reduce the set of environment
...
variables copied into sshd child processes. From vinschen AT redhat.com
2010-02-28 03:29:33 +11:00
Darren Tucker
19d32cb934
- (dtucker) [openbsd-compat/openssl-compat.c] Bug #1707 : Call OPENSSL_config()
...
after registering the hardware engines, which causes the openssl.cnf file to
be processed. See OpenSSL's man page for OPENSSL_config(3) for details.
Patch from Solomon Peachy, ok djm@.
2010-01-29 10:54:11 +11:00
Darren Tucker
4e21855422
- (dtucker) [openbsd-compat/openbsd-compat.h] Typo.
2010-01-16 23:58:37 +11:00
Darren Tucker
612e400c68
- (dtucker) [openbsd-compat/pwcache.c] Shrink ifdef area to prevent unused
...
variable warnings.
2010-01-16 13:53:52 +11:00
Darren Tucker
69371b511b
- (dtucker) [openbsd-compat/openbsd-compat.h] Fix prototypes, spotted by
...
Tim.
2010-01-16 13:30:30 +11:00
Darren Tucker
2563e3f272
- (dtucker) [openbsd-compat/openbsd-compat.h] Prototypes for user_from_uid
...
and group_from_gid.
2010-01-16 11:53:07 +11:00
Darren Tucker
ca94485a48
- (dtucker) [openbsd-compat/pwcache.c] Pull in includes.h and thus defines.h
...
so we correctly detect whether or not we have a native user_from_uid.
2010-01-16 11:48:27 +11:00
Darren Tucker
909a390bb8
- (dtucker) [configure.ac openbsd-compat/{Makefile.in,pwcache.c} Portability
...
for pwcache. Also, added caching of negative hits.
2010-01-15 12:38:30 +11:00
Darren Tucker
9d1fd5bc10
- (dtucker) [openbsd-compat.c/pwcache.c] Pull in pwcache.c from OpenBSD (no
...
changes yet but there will be some to come).
2010-01-15 12:14:45 +11:00
Darren Tucker
d59487a33b
- (dtucker) [openbsd-compat/readpassphrase.c] Update to OpenBSD's r1.22.
...
Fixes bz #1590 , where sometimes you could not interrupt a connection while
ssh was prompting for a passphrase or password.
2010-01-13 21:32:44 +11:00
Darren Tucker
1035cb4729
- (dtucker) [openbsd-compat/readpassphrase.c] Update to OpenBSD's r1.21.
2010-01-13 18:32:59 +11:00
Darren Tucker
ab3c2cab18
- (dtucker) [openbsd-compat/readpassphrase.c] Resync against OpenBSD's r1.18: missing restore of SIGTTOU and some whitespace.
2010-01-13 18:27:32 +11:00
Darren Tucker
1bf3503c9d
- (dtucker) [auth-krb5.c platform.{c,h} openbsd-compat/port-aix.{c,h}]
...
Bug #1583 : Use system's kerberos principal name on AIX if it's available.
Based on a patch from and tested by Miguel Sanders.
2009-12-21 10:49:21 +11:00
Darren Tucker
c8802aac28
- (dtucker) Bug #1470 : Disable OOM-killing of the listening sshd on Linux,
...
based on a patch from Vaclav Ovsik and Colin Watson. ok djm.
2009-12-08 13:39:48 +11:00
Darren Tucker
4d6656b103
- (dtucker) [session.c openbsd-compat/port-linux.{c,h}] Bug #1637 : if selinux
...
is enabled set the security context to "sftpd_t" before running the
internal sftp server Based on a patch from jchadima at redhat.
2009-10-24 15:04:12 +11:00
Darren Tucker
82edf23fff
- (dtucker) [session.c openbsd-compat/port-aix.h] Bugs #1249 and #1567 : move
...
the setpcred call on AIX to immediately before the permanently_set_uid().
Ensures that we still have privileges when we call chroot and
pam_open_sesson. Based on a patch from David Leonard.
2009-08-20 16:20:50 +10:00
Darren Tucker
b5d5ee1ab0
- (dtucker) [sshlogin.c openbsd-compat/port-aix.{c,h}] Bug #1595 : make
...
PrintLastLog work on AIX. Based in part on a patch from Miguel Sanders.
2009-08-17 09:40:00 +10:00
Darren Tucker
440089afe0
- (dtucker) [openbsd-compat/getrrsetbyname.c] Reduce answer buffer size so it
...
fits into 16 bits to work around a bug in glibc's resolver where it masks
off the buffer size at 16 bits. Patch from Hauke Lampe, ok djm jakob.
2009-07-13 11:38:23 +10:00
Darren Tucker
9d86e5d570
- (dtucker) [auth-passwd.c auth1.c auth2-kbdint.c auth2-none.c auth2-passwd.c
...
auth2-pubkey.c session.c openbsd-compat/bsd-cygwin_util.{c,h}
openbsd-compat/daemon.c] Remove support for Windows 95/98/ME and very old
version of Cygwin. Patch from vinschen at redhat com.
2009-03-08 11:40:27 +11:00
Darren Tucker
3e7e15f1bd
- (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}]
...
EVP_DigestUpdate does not exactly match the other OLD_EVP functions (eg
in openssl 0.9.6) so add an explicit test for it.
2009-03-07 22:22:35 +11:00
Darren Tucker
8aae6ff0d9
- (dtucker) [schnorr.c openbsd-compat/openssl-compat.{c,h}] Add
...
EVP_DigestUpdate to the OLD_EVP compatibility functions and tell schnorr.c
to use them. Allows building with older OpenSSL versions.
2009-03-07 12:01:47 +11:00