RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2024-12-27 20:42:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,215 Commits 69 Branches 157 Tags 27 MiB
ab16ef4152
Commit Graph

7215 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Damien Miller
ab16ef4152 - (djm) [sshd.c] Use kill(0, ...) instead of killpg(0, ...); the 
latter being specified to have undefined behaviour in SUSv3;
   ok dtucker
 2014-01-28 15:08:12 +11:00
Damien Miller
ab03949058 - (djm) [configure.ac] Search for inet_ntop in libnsl and libresovl; 
ok dtucker
 2014-01-28 15:07:10 +11:00
Darren Tucker
4ab20a82d4 - (dtucker) [Makefile.in] Remove trailing backslash which some make 
implementations (eg older Solaris) do not cope with.
 2014-01-27 17:35:04 +11:00
Darren Tucker
e7e8b3cfe9 Welcome to 2014 2014-01-27 17:32:50 +11:00
Damien Miller
5b447c0aac - (djm) [configure.ac] correct AC_DEFINE for previous. 2014-01-26 09:46:53 +11:00
Damien Miller
2035b2236d - (djm) [configure.ac sandbox-capsicum.c sandbox-rlimit.c] Disable 
RLIMIT_NOFILE pseudo-sandbox on FreeBSD. In some configurations,
    libc will attempt to open additional file descriptors for crypto
    offload and crash if they cannot be opened.
 2014-01-26 09:39:53 +11:00
Damien Miller
a92ac74104 - markus@cvs.openbsd.org 2014/01/25 20:35:37 
[kex.c]
     dh_need needs to be set to max(seclen, blocksize, ivlen, mac_len)
     ok dtucker@, noted by mancha
 2014-01-26 09:38:03 +11:00
Damien Miller
76eea4ab4e - dtucker@cvs.openbsd.org 2014/01/25 10:12:50 
[cipher.c cipher.h kex.c kex.h kexgexc.c]
     Add a special case for the DH group size for 3des-cbc, which has an
     effective strength much lower than the key size.  This causes problems
     with some cryptlib implementations, which don't support group sizes larger
     than 4k but also don't use the largest group size it does support as
     specified in the RFC.  Based on a patch from Petr Lautrbach at Redhat,
     reduced by me with input from Markus.  ok djm@ markus@
 2014-01-26 09:37:25 +11:00
Damien Miller
603b8f47f1 - (djm) [configure.ac] autoconf sets finds to 'yes' not '1', so test 
against the correct thing.
 2014-01-25 13:16:59 +11:00
Damien Miller
c96d85376d - (djm) [configure.ac] Do not attempt to use capsicum sandbox unless 
sys/capability.h exists and cap_rights_limit is in libc. Fixes
   build on FreeBSD9x which provides the header but not the libc
   support.
 2014-01-25 13:12:28 +11:00
Damien Miller
f62ecef993 - (djm) [configure.ac] Fix detection of capsicum sandbox on FreeBSD 2014-01-25 12:34:38 +11:00
Damien Miller
b0e0f760b8 - (djm) [Makefile.in regress/scp-ssh-wrapper.sh regress/scp.sh] Make 
the scp regress test actually test the built scp rather than the one
   in $PATH. ok dtucker@
 2014-01-24 14:27:04 +11:00
Darren Tucker
42a0925301 - (dtucker) [configure.ac] NetBSD's (and FreeBSD's) strnvis is gratuitously 
incompatible with OpenBSD's despite post-dating it by more than a decade.
   Declare it as broken, and document FreeBSD's as the same.  ok djm@
 2014-01-23 23:14:39 +11:00
Tim Rice
617da33c20 - (tim) [session.c] Improve error reporting on set_id(). 2014-01-22 19:16:10 -08:00
Damien Miller
5c2ff5e31f - (djm) [configure.ac aclocal.m4] More tests to detect fallout from 
platform hardening options: include some long long int arithmatic
   to detect missing support functions for -ftrapv in libgcc and
   equivalents, actually test linking when -ftrapv is supplied and
   set either both -pie/-fPIE or neither. feedback and ok dtucker@
 2014-01-22 21:30:12 +11:00
Damien Miller
852472a54b - (djm) [configure.ac] Unless specifically requested, only attempt 
to build Position Independent Executables on gcc >= 4.x; ok dtucker
 2014-01-22 16:31:18 +11:00
Damien Miller
ee87838786 - (djm) [openbsd-compat/setproctitle.c] Don't fail to compile if a 
platform that is expected to use the reuse-argv style setproctitle
   hack surprises us by providing a setproctitle in libc; ok dtucker
 2014-01-22 16:30:15 +11:00
Damien Miller
5c96a154c7 - (djm) [aclocal.m4] Flesh out the code run in the OSSH_CHECK_CFLAG_COMPILE 
and OSSH_CHECK_LDFLAG_LINK tests to give them a better chance of
   detecting toolchain-related problems; ok dtucker
 2014-01-21 13:10:26 +11:00
Tim Rice
9464ba6fb3 - (tim) [platform.c session.c] Fix bug affecting SVR5 platforms introduced 
with sftp chroot support. Move set_id call after chroot.
 2014-01-20 17:59:28 -08:00
Darren Tucker
a6d573caa1 - (dtucker) [aclocal.m4] Differentiate between compile-time and link-time 
tests in the configure output.  ok djm.
 2014-01-21 12:50:46 +11:00
Darren Tucker
096118dc73 - (dtucker) [configure.ac] Make PIE a configure-time option which defaults 
to on platforms where it's known to be reliably detected and off elsewhere.
   Works around platforms such as FreeBSD 9.1 where it does not interop with
   -ftrapv (it seems to work but fails when trying to link ssh).  ok djm@
 2014-01-21 12:48:51 +11:00
Damien Miller
f9df7f6f47 - (djm) [regress/cert-hostkey.sh] Fix regress failure on platforms that 
skip one or more key types (e.g. RHEL/CentOS 6.5); ok dtucker@
 2014-01-20 20:07:15 +11:00
Darren Tucker
c74e70eb52 - (dtucker) [gss-serv-krb5.c] Fall back to krb5_cc_gen_new if the Kerberos 
implementation does not have krb5_cc_new_unique, similar to what we do
   in auth-krb5.c.
 2014-01-20 13:18:09 +11:00
Damien Miller
3510979e83 - djm@cvs.openbsd.org 2014/01/20 00:08:48 
[digest.c]
     memleak; found by Loganaden Velvindron @ AfriNIC; ok markus@
 2014-01-20 12:41:53 +11:00
Darren Tucker
7eee358d7a - dtucker@cvs.openbsd.org 2014/01/19 11:21:51 
[addrmatch.c]
     Cast the sizeof to socklen_t so it'll work even if the supplied len is
     negative.  Suggested by and ok djm, ok deraadt.
 2014-01-19 22:37:02 +11:00
Darren Tucker
b7e01c09b5 - djm@cvs.openbsd.org 2014/01/19 04:48:08 
[ssh_config.5]
     fix inverted meaning of 'no' and 'yes' for CanonicalizeFallbackLocal
 2014-01-19 22:36:13 +11:00
Darren Tucker
7b1ded04ad - dtucker@cvs.openbsd.org 2014/01/19 04:17:29 
[canohost.c addrmatch.c]
     Cast socklen_t when comparing to size_t and use socklen_t to iterate over
     the ip options, both to prevent signed/unsigned comparison warnings.
     Patch from vinschen at redhat via portable openssh, begrudging ok deraadt.
 2014-01-19 15:30:02 +11:00
Darren Tucker
293ee3c9f0 - dtucker@cvs.openbsd.org 2014/01/18 09:36:26 
[session.c]
     explicitly define USE_PIPES to 1 to prevent redefinition warnings in
     portable on platforms that use pipes for everything.  From redhat @
     redhat.
 2014-01-19 15:28:01 +11:00
Darren Tucker
2aca159d05 - dtucker@cvs.openbsd.org 2014/01/17 06:23:24 
[sftp-server.c]
     fix log message statvfs.  ok djm
 2014-01-19 15:25:34 +11:00
Darren Tucker
841f7da89a - (dtucker) [sandbox-capsicum.c] Correct some error messages and make the 
return value check for cap_enter() consistent with the other uses in
   FreeBSD.  From by Loganaden Velvindron @ AfriNIC via bz#2140.
 2014-01-18 22:12:15 +11:00
Darren Tucker
fdce373166 - (dtucker) [configure.ac] On Cygwin the getopt variables (like optargs, 
optind) are defined in getopt.h already.  Unfortunately they are defined as
   "declspec(dllimport)" for historical reasons, because the GNU linker didn't
   allow auto-import on PE/COFF targets way back when.  The problem is the
   dllexport attributes collide with the definitions in the various source
   files in OpenSSH, which obviousy define the variables without
   declspec(dllimport).  The least intrusive way to get rid of these warnings
   is to disable warnings for GCC compiler attributes when building on Cygwin.
   Patch from vinschen at redhat.com.
 2014-01-18 21:12:42 +11:00
Darren Tucker
1411c9263f - (dtucker) [openbsd-compat/bsd-cygwin_util.h] Add missing function 
declarations that stopped being included when we stopped including
   <windows.h> from openbsd-compat/bsd-cygwin_util.h.  Patch from vinschen at
   redhat.com.
 2014-01-18 21:03:59 +11:00
Darren Tucker
89c532d843 - (dtucker) [uidswap.c] Prevent unused variable warnings on Cygwin. Patch 
from vinschen at redhat.com
 2014-01-18 20:43:49 +11:00
Darren Tucker
355f861022 - (dtucker) [defines.h] Move our definitions of uintXX_t types down to after 
they're defined if we have to define them ourselves.  Fixes builds on old
   AIX.
 2014-01-18 00:12:38 +11:00
Darren Tucker
a3357661ee - (dtucker) [readconf.c] Wrap paths.h inside an ifdef. Allows building on 
Solaris.
 2014-01-18 00:03:57 +11:00
Darren Tucker
9edcbff46f - (dtucker) [configure.ac] Have --without-toolchain-hardening not turn off 
stack-protector since that has a separate flag that's been around a while.
 2014-01-17 21:54:32 +11:00
Darren Tucker
6d725687c4 - (dtucker) [configure.ac] Also look in inttypes.h for uintXX_t types. 2014-01-17 19:17:34 +11:00
Darren Tucker
5055699c7f - (dtucker) [openbsd-compat/bsd-statvfs.h] Only start including headers if we 
need them to cut down on the name collisions.
 2014-01-17 18:48:22 +11:00
Darren Tucker
a5cf1e220d - (dtucker) [configure.ac openbsd-compat/bsd-statvfs.c 
openbsd-compat/bsd-statvfs.h] Implement enough of statvfs on top of statfs
   to be useful (and for the regression tests to pass) on platforms that
   have statfs and fstatfs.  ok djm@
 2014-01-17 18:10:58 +11:00
Darren Tucker
1357d71d7b - (dtucker) Fix typo in #ifndef. 2014-01-17 18:00:40 +11:00
Darren Tucker
d23a91ffb2 - (dtucker) [configure.ac digest.c openbsd-compat/openssl-compat.c 
openbsd-compat/openssl-compat.h]  Add compatibility layer for older
   openssl versions.  ok djm@
 2014-01-17 17:32:30 +11:00
Damien Miller
868ea1ea1c - (djm) [Makefile.in configure.ac sandbox-capsicum.c sandbox-darwin.c] 
[sandbox-null.c sandbox-rlimit.c sandbox-seccomp-filter.c]
   [sandbox-systrace.c ssh-sandbox.h sshd.c] Support preauth sandboxing
   using the Capsicum API introduced in FreeBSD 10. Patch by Dag-Erling
   Smorgrav, updated by Loganaden Velvindron @ AfriNIC; ok dtucker@
 2014-01-17 16:47:04 +11:00
Darren Tucker
a9d186a8b5 - dtucker@cvs.openbsd.org 2014/01/17 05:26:41 
[digest.c]
     remove unused includes.  ok djm@
 2014-01-17 16:30:49 +11:00
Darren Tucker
5f1c57a7a7 - djm@cvs.openbsd.org 2014/01/17 00:21:06 
[sftp-client.c]
     signed/unsigned comparison warning fix; from portable (Id sync only)
 2014-01-17 16:29:45 +11:00
Darren Tucker
c548722361 - (dtucker) [configure.ac] Split AC_CHECK_FUNCS for OpenSSL functions into 
separate lines and alphabetize for easier diffing of changes.
 2014-01-17 15:12:16 +11:00
Darren Tucker
acad351a5b - (dtucker) [defines.h] Add typedefs for uintXX_t types for platforms that 
don't have them.
 2014-01-17 14:20:05 +11:00
Darren Tucker
c3ed065ce8 - (dtucker) [openbsd-compat/bcrypt_pbkdf.c] Wrap stdlib.h include inside 
#ifdef HAVE_STDINT_H.
 2014-01-17 14:18:45 +11:00
Darren Tucker
f45f78ae43 - (dtucker) [blocks.c fe25519.c ge25519.c hash.c sc25519.c verify.c] Include 
includes.h to pull in all of the compatibility stuff.
 2014-01-17 12:43:43 +11:00
Darren Tucker
99df369d03 - (dtucker) [poly1305.c] Wrap stdlib.h include inside #ifdef HAVE_STDINT_H. 2014-01-17 12:42:17 +11:00
Darren Tucker
ac413b62ea - (dtucker) [crypto_api.h] Wrap stdlib.h include inside #ifdef HAVE_STDINT_H. 2014-01-17 12:31:33 +11:00