| Age | Commit message (Collapse) | Author |
|---|
|
Avoid relying on implementation-specific behavior when
detecting whether the timestamp or file size overflowed. If time_t and off_t
are not either 32-bit or 64-bit scp will exit with an error. OK djm@
Upstream-ID: f31caae73ddab6df496b7bbbf7da431e267ad135
|
|
Add SyslogFacility option to ssh(1) matching the
equivalent option in sshd(8). bz#2705, patch from erahn at arista.com, ok
djm@
Upstream-ID: d5115c2c0193ceb056ed857813b2a7222abda9ed
|
|
remove a static array unused since rev 1.306 spotted by
clang ok djm@
Upstream-ID: 249b3eed2446f6074ba2219ccc46919dd235a7b8
|
|
Avoid potential signed int overflow when parsing the file
size. Use strtoul() instead of parsing manually. OK djm@
Upstream-ID: 1f82640861c7d905bbb05e7d935d46b0419ced02
|
|
Pointed out by jjelen at redhat.com.
|
|
OpenSSL is using socket() calls (in FIPS mode) when handling ECDSA keys
in privsep child. The socket() syscall is already denied in the seccomp
filter, but in ppc64le kernel, it is implemented using socketcall()
syscall, which is not denied yet (only SYS_SHUTDOWN is allowed) and
therefore fails hard.
Patch from jjelen at redhat.com.
|
|
Recognize nl_langinfo(CODESET) return values "646" and ""
as aliases for "US-ASCII", useful for different versions of NetBSD and
Solaris. Found by dtucker@ and by Tom G. Christensen <tgc at jupiterrise dot
com>. OK dtucker@ deraadt@
Upstream-ID: 38c2133817cbcae75c88c63599ac54228f0fa384
|
|
Change COMPILER_VERSION tests which limited additional
warnings to gcc4 to instead skip them on gcc3 as clang can handle
-Wpointer-sign and -Wold-style-definition.
Upstream-ID: 5cbe348aa76dc1adf55be6c0e388fafaa945439a
|
|
disallow creation (of empty files) in read-only mode;
reported by Michal Zalewski, feedback & ok deraadt@
Upstream-ID: 5d9c8f2fa8511d4ecf95322994ffe73e9283899b
|
|
incorrect renditions of this quote bother me
Upstream-ID: 1662be3ebb7a71d543da088119c31d4d463a9e49
|
|
Speeds up configure and build by a couple of percent. ok djm@
|
|
Fix overly-conservative overflow checks on mulitplications and add checks
on additions. This allows scan_scaled to work up to +/-LLONG_MAX (LLONG_MIN
will still be flagged as a range error). ok millert@
|
|
Collapse underflow and overflow checks into a single block.
ok djm@ millert@
|
|
Catch integer underflow in scan_scaled reported by Nicolas Iooss.
ok deraadt@ djm@
|
|
If running with privsep (mandatory now) as a non-privileged user, we
don't chroot or change to an unprivileged user however we still checked
the existence of the user and directory. Don't do those checks if we're
not going to use them. Based in part on a patch from Lionel Fourquaux
via Corinna Vinschen, ok djm@
|
|
All supported versions of OpenSSL should now have SHA256 so remove our
EVP wrapper implementaion. ok djm@
|
|
We no longer support OpenSSL < 1.0.1 so remove check for unreliable ECC
in OpenSSL < 0.9.8g.
|
|
Resyncs that code with OpenBSD upstream.
|
|
Server-side support for Protocol 1 has been removed so remove !compat20
PAM code path.
|
|
Actually enable ldns when attempting to use ldns-config. bz#2697, patch
from fredrik at fornwall.net.
|
|
Patch from Jakub Jelen
|
|
remove /usr/bin/time calls around tests, makes diffing test
runs harder. Based on patch from Mike Frysinger
Upstream-Regress-ID: 81c1083b14dcf473b23d2817882f40b346ebc95c
|
|
Patch from Mike Frysinger
|
|
|
|
|
|
openssh-7.5
Upstream-ID: b8b9a4a949427c393cd868215e1724ceb3467ee5
|
|
Unbreak obvious syntax error.
|
|
Pointed out by Jann Horn of Google Project Zero
|
|
Used by NetBSD; this unbreaks mprintf() and friends there for the C
locale (caught by dtucker@ and his menagerie of test systems).
|
|
Creating the socket in $OBJ could blow past the (quite limited)
path limit for Unix domain sockets. As a bandaid for bz#2660,
reported by Colin Watson; ok dtucker@
|
|
disallow KEXINIT before NEWKEYS; ok djm; report by
vegard.nossum at oracle.com
Upstream-ID: 3668852d1f145050e62f1da08917de34cb0c5234
|
|
|
|
|
|
Patch from Corinna Vinschen.
|
|
accidents happen to the best of us; ok djm
Upstream-ID: b7a9dbd71011ffde95e06f6945fe7197dedd1604
|
|
fix regression in 7.4: deletion of PKCS#11-hosted keys
would fail unless they were specified by full physical pathname. Report and
fix from Jakub Jelen via bz#2682; ok dtucker@
Upstream-ID: 5b5bc20ca11cacb5d5eb29c3f93fd18425552268
|
|
Fix segfault when sshd attempts to load RSA1 keys (can
only happen when protocol v.1 support is enabled for the client). Reported by
Jakub Jelen in bz#2686; ok dtucker
Upstream-ID: 8fdaec2ba4b5f65db1d094f6714ce64b25d871d7
|
|
Mark the sshd_config UsePrivilegeSeparation option as
deprecated, effectively making privsep mandatory in sandboxing mode. ok
markus@ deraadt@
(note: this doesn't remove the !privsep code paths, though that will
happen eventually).
Upstream-ID: b4c52666256c4dd865f8ce9431af5d6ce2d74a0a
|
|
Allow clock_gettime syscall with X32 bit masked off. Apparently
this is required for at least some kernel versions. bz#2142
Patch mostly by Colin Watson. ok dtucker@
|
|
|
|
This stops the SC_ALLOW(), SC_ALLOW_ARG() and SC_DENY() macros
prepending __NR_ to the syscall number parameter and just makes
them explicit in the macro invocations.
No binary change in stripped object file before/after.
|
|
Based on patch from Eduardo Barretto; ok dtucker@
|
|
|
|
Add unit test for convtime().
Upstream-Regress-ID: 8717bc0ca4c21120f6dd3a1d3b7a363f707c31e1
|
|
Add ASSERT_LONG_* helpers.
Upstream-Regress-ID: fe15beaea8f5063c7f21b0660c722648e3d76431
|
|
Fix convtime() overflow test on boundary condition,
spotted by & ok djm.
Upstream-ID: 51f14c507ea87a3022e63f574100613ab2ba5708
|
|
Check for integer overflow when parsing times in
convtime(). Reported by nicolas.iooss at m4x.org, ok djm@
Upstream-ID: 35e6a4e98f6fa24df50bfb8ba1307cf70e966f13
|
|
|
|
Syscall arguments are passed via an array of 64-bit values in struct
seccomp_data, but we were only inspecting the bottom 32 bits and not
even those correctly for BE systems.
Fortunately, the only case argument inspection was used was in the
socketcall filtering so using this for sandbox escape seems
impossible.
ok dtucker
|
|
regress tests for loading certificates without public keys;
bz#2617 based on patch from Adam Eijdenberg; ok markus@ dtucker@
Upstream-Regress-ID: 0145d19328ed995b73fe2d9da33596b17429d0d0
|
