RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2024-12-26 11:52:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
9,839 Commits 69 Branches 157 Tags 27 MiB
28744182cf
Commit Graph

783 Commits

Author SHA1 Message Date
Damien Miller
28744182cf proc_pidinfo()-based closefrom() for OS X 
Refactor closefrom() to use a single brute-force close() loop fallback.

Based on patch from likan_999.student@sina.com in bz#3049. ok dtucker@
 2019-08-30 13:23:04 +10:00
Darren Tucker
d0e51810f3 Fix pasto in fallback code. 
There is no parameter called "pathname", it should simply be "path".
bz#3059, patch from samuel at cendio.se.
 2019-08-24 15:12:11 +10:00
Darren Tucker
d46075b923 Fix mem leak in unit test. 
Patch from jitendra.sharma at intel.com.
 2019-08-05 21:36:48 +10:00
Darren Tucker
4317b2a048 upstream rev 1.28: fix comment typo. 2019-07-23 23:24:47 +10:00
Darren Tucker
fd0684b319 Remove sys/cdefs.h include. 
It's not needed on -portable (that's handled by includes.h) and not all
platforms have it.
 2019-07-23 22:36:39 +10:00
Darren Tucker
11cba2a452 Re-apply portability changes to current sha2.{c,h}. 
Rather than attempt to apply 14 years' worth of changes to OpenBSD's sha2
I imported the current versions directly then re-applied the portability
changes.  This also allowed re-syncing digest-libc.c against upstream.
 2019-07-23 22:06:24 +10:00
Darren Tucker
09159594a3 Import current sha2.c and sha2.h from OpenBSD. 
These are not changed from their original state, the next commit will
re-apply the portable changes.
 2019-07-23 22:06:24 +10:00
Damien Miller
01dddb231f fix SIGWINCH delivery of Solaris for mux sessions 
Remove PRIV_PROC_SESSION which was limiting ability to send SIGWINCH
signals to other sessions.  bz#3030; report and fix from Darren Moffat
 2019-07-19 13:22:16 +10:00
Darren Tucker
22b9b3e944 Fix format string integer type in error message. 2019-07-19 07:23:26 +10:00
Darren Tucker
45478898f9 Hook memmem compat code into build. 
This fixes builds on platforms that don't have it (at least old DragonFly,
probably others).
 2019-07-16 09:21:20 +10:00
Darren Tucker
c7bd461729 Import memmem.c from OpenBSD. 2019-07-16 09:07:18 +10:00
Darren Tucker
eb0b51dac4 Move log.h include inside ifdefs. 
Fixes build on some other platforms that don't have va_list immediately
available (eg NetBSD).
 2019-07-08 17:27:26 +10:00
Darren Tucker
43702f8e6f Include log.h for debug() and friends. 
Should fix some compiler warnings on IRIX (bz#3032).
 2019-07-08 14:27:37 +10:00
Damien Miller
4efe1adf05 remove realpath() compat replacement 
We shipped a BSD implementation of realpath() because sftp-server
depended on its behaviour.

OpenBSD is now moving to a more strictly POSIX-compliant realpath(2),
so sftp-server now unconditionally requires its own BSD-style realpath
implementation. As such, there is no need to carry another independant
implementation in openbsd-compat.

ok dtucker@
 2019-07-08 13:38:39 +10:00
Darren Tucker
b8e2b79736 Add prototype for strnlen to prevent warnings. 2019-07-06 13:13:57 +10:00
Darren Tucker
4c3e00b1ed Cast *ID types to unsigned long when printing. 
UID and GID types vary by platform so cast to u_long and use %lu when
printing them to prevent warnings.
 2019-07-06 13:02:34 +10:00
Darren Tucker
2753521e89 Add prototype for compat strndup.(bz#3032). 2019-07-06 12:54:43 +10:00
Darren Tucker
73eb6cef41 Include stdio.h for vsnprintf. 
Patch from mforney at mforney.org.
 2019-06-16 12:55:27 +10:00
Darren Tucker
adcaf40fd0 upstream rev 1.27: fix integer overflow. 
Cast bitcount to u_in64_t before bit shifting to prevent integer overflow
on 32bit platforms which cause incorrect results when adding a block
>=512M in size.  sha1 patch from ante84 at gmail.com via openssh github,
sha2 with djm@, ok tedu@
 2019-06-14 14:22:39 +10:00
Darren Tucker
7689048e61 upstream rev 1.25: add DEF_WEAK. 
Wrap blowfish, sha*, md5, and rmd160 so that internal calls go direct
ok deraadt@
 2019-06-14 14:22:39 +10:00
Darren Tucker
55f3153393 upstream rev 1.25: add sys/types.h 2019-06-14 14:22:39 +10:00
Darren Tucker
10974f986f upstream: Use explicit_bzero instead of memset 
in hash Final and End functions.  OK deraadt@ djm@
 2019-06-14 14:22:39 +10:00
Darren Tucker
2b3402dc9f Always clean up before and after utimensat test. 2019-06-08 00:03:07 +10:00
Darren Tucker
182898192d Update utimensat test. 
POSIX specifies that when given a symlink, AT_SYMLINK_NOFOLLOW should
update the symlink and not the destination.  The compat code doesn't
have a way to do this, so where possible it fails instead of following a
symlink when explicitly asked not to. Instead of checking for an explicit
failure, check that it does not update the destination, which both the
real and compat implmentations should honour.

Inspired by github pull req #125 from chutzpah at gentoo.org.
 2019-06-07 23:47:37 +10:00
Darren Tucker
b7b8334914 Don't install duplicate STREAMS modules on Solaris 
Check if STREAMS modules are already installed on pty before installing
since when compiling with XPG>=4 they will likely be installed already.
Prevents hangs and duplicate lines on the terminal.  bz#2945 and bz#2998,
patch from djm@
 2019-04-26 18:06:34 +10:00
Darren Tucker
79a87d3278 Remove "struct ssh" from sys_auth_record_login. 
It's not needed, and is not available from the call site in loginrec.c
Should only affect AIX, spotted by Kevin Brott.
 2019-04-03 06:27:45 +11:00
Darren Tucker
138c0d52cd Adapt custom_failed_login to new prototype. 
Spotted by Kevin Brott.
 2019-04-02 18:21:35 +11:00
Tim Rice
43f47ebbdd Only use O_NOFOLLOW in fchownat and fchmodat if defined 2019-03-31 19:22:19 -07:00
Darren Tucker
f5abb05f8c Only use O_NOFOLLOW in utimensat if defined. 
Fixes build on systems that don't have it (Solaris <=9)  Found by
Tom G. Christensen.
 2019-03-28 09:26:14 +11:00
Darren Tucker
a212107bfd Replace alloca with xcalloc. 
The latter checks for memory exhaustion and integer overflow and may be
at a less predictable place.  Sanity check by vinschen at redhat.com, ok
djm@
 2019-03-13 10:49:16 +11:00
Darren Tucker
daa7505aad Use Cygwin-specific matching only for users+groups. 
Patch from vinschen at redhat.com, updated a little by me.
 2019-03-12 09:19:19 +11:00
Corinna Vinschen
37638c7520 Cygwin: implement case-insensitive Unicode user and group name matching 
The previous revert enabled case-insensitive user names again.  This
patch implements the case-insensitive user and group name matching.
To allow Unicode chars, implement the matcher using wchar_t chars in
Cygwin-specific code.  Keep the generic code changes as small as possible.
Cygwin: implement case-insensitive Unicode user and group name matching

Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
 2019-02-22 15:22:53 +11:00
Darren Tucker
bed1d43698 Revert unintended parts of previous commit. 2019-02-22 15:21:21 +11:00
Corinna Vinschen
f02afa350a Revert "[auth.c] On Cygwin, refuse usernames that have differences in case" 
This reverts commit acc9b29486.

Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
 2019-02-22 15:04:16 +11:00
Darren Tucker
f236ca2741 Also undef SIMPLEQ_FOREACH_SAFE. 
Prevents macro redefinition warning on at least NetBSD 6.1.
 2019-01-24 10:07:03 +11:00
Damien Miller
08f66d9f17 remove vestiges of old packet API from loginrec.c 2019-01-20 09:58:45 +11:00
Darren Tucker
a6258e5dc3 Add minimal fchownat and fchmodat implementations. 
Fixes builds on at least OS X Lion, NetBSD 6 and Solaris 10.
 2019-01-18 11:09:01 +11:00
Darren Tucker
091093d258 Add a minimal implementation of utimensat(). 
Some systems (eg older OS X) do not have utimensat, so provide minimal
implementation in compat layer.  Fixes build on at least El Capitan.
 2019-01-18 10:16:11 +11:00
Darren Tucker
8a85f5458d Include stdio.h for FILE if needed. 2018-11-25 21:44:05 +11:00
Darren Tucker
16fb23f254 Reverse order of OpenSSL init functions. 
Try the new init function (OPENSSL_init_crypto) before falling back to
the old one (OpenSSL_add_all_algorithms).
 2018-11-25 14:05:57 +11:00
Damien Miller
42c5ec4b97 refactor libcrypto initialisation 
Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually
supports it.

Move all libcrypto initialisation to a single function, and call that
from seed_rng() that is called early in each tool's main().

Prompted by patch from Rosen Penev
 2018-11-23 10:42:05 +11:00
Darren Tucker
d0d1dfa55b Test for OPENSSL_init_crypto before using. 
Check for the presence of OPENSSL_init_crypto and all the flags we want
before trying to use it (bz#2931).
 2018-11-16 14:11:44 +11:00
Darren Tucker
ce93472134 Fix check for OpenSSL 1.0.1 exactly. 
Both INSTALL and configure.ac claim OpenSSL >= 1.0.1 is supported; fix
compile-time check for 1.0.1 to match.
 2018-11-16 12:44:01 +11:00
Eneas U de Queiroz
624d19ac2d fix compilation with openssl built without ECC 
ECDSA code in openssh-compat.h and libressl-api-compat.c needs to be
guarded by OPENSSL_HAS_ECC

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
 2018-11-09 14:19:24 +11:00
Darren Tucker
595605d4ab Update check for minimum OpenSSL version. 2018-10-28 15:18:13 +11:00
Darren Tucker
c801b0e38e Use detected version functions in openssl compat. 
Use detected functions in compat layer instead of guessing based on
versions.  Really fixes builds with LibreSSL, not just configure.
 2018-10-28 14:34:12 +11:00
Damien Miller
406a24b25d fix builds on OpenSSL <= 1.0.x 
I thought OpenSSL 1.0.x offered the new-style OpenSSL_version_num() API
to obtain version number, but they don't.
 2018-10-26 13:43:28 +11:00
Damien Miller
c0a3526590 fix compile for openssl 1.0.x w/ --with-ssl-engine 
bz#2921, patch from cotequeiroz
 2018-10-23 16:19:56 +11:00
Damien Miller
08300c2114 unbreak compilation with --with-ssl-engine 
Missing last argument to OPENSSL_init_crypto()
 2018-10-17 08:12:02 +11:00
Damien Miller
4e23deefd7 Avoid deprecated OPENSSL_config when using 1.1.x 
OpenSSL 1.1.x soft-deprecated OPENSSL_config in favour of
OPENSSL_init_crypto; pointed out by Jakub Jelen
 2018-10-16 10:54:37 +11:00