Age | Commit message (Collapse) | Author | |
---|---|---|---|
2013-05-30 | - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] bz#2087: Add a null | Darren Tucker | |
implementation of endgrent for platforms that don't have it (eg Android). Loosely based on a patch from Nathan Osman, ok djm | |||
2013-05-16 | - (dtucker) [configure.ac readconf.c servconf.c | Darren Tucker | |
openbsd-compat/openbsd-compat.h] Add compat bits for scan_scaled. | |||
2013-05-10 | - (dtucker) [configure.ac] Add -Werror to the -Qunused-arguments test so | Darren Tucker | |
we don't get a warning on compilers that *don't* support it. Add -Wno-unknown-warning-option. Move both to the start of the list for maximum noise suppression. Tested with gcc 4.6.3, gcc 2.95.4 and clang 2.9. | |||
2013-05-10 | - (dtucker) [configure.ac] Enable -Wsizeof-pointer-memaccess if the compiler | Darren Tucker | |
supports it. Mentioned by Colin Watson in bz#2100, ok djm. | |||
2013-04-23 | - (djm) [auth.c configure.ac misc.c monitor.c monitor_wrap.c] Support | Damien Miller | |
platforms, such as Android, that lack struct passwd.pw_gecos. Report and initial patch from Nathan Osman bz#2086; feedback tim@ ok dtucker@ | |||
2013-04-18 | - (dtucker) [configure.ac] Use -Qunused-arguments to suppress warnings from | Darren Tucker | |
unused argument warnings (in particular, -fno-builtin-memset) from clang. | |||
2013-03-22 | - (dtucker) [configure.ac] Add stdlib.h to zlib check for exit() prototype. | Darren Tucker | |
2013-03-20 | - (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c] | Damien Miller | |
[openbsd-compat/vis.h] FreeBSD's strnvis isn't compatible with OpenBSD's so mark it as broken. Patch from des AT des.no | |||
2013-03-16 | - (tim) [configure.ac] OpenServer 5 wants lastlog even though it has none | Tim Rice | |
of the bits the configure test looks for. | |||
2013-03-15 | - (djm) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] | Damien Miller | |
Add a usleep replacement for platforms that lack it; ok dtucker | |||
2013-03-15 | - (djm) [configure.ac] Disable utmp, wtmp and/or lastlog if the platform | Damien Miller | |
is unable to successfully compile them. Based on patch from des AT des.no | |||
2013-03-12 | - (dtucker) [auth.c configure.ac platform.c platform.h] Accept uid 2 ("bin") | Darren Tucker | |
in addition to root as an owner of system directories on AIX and HP-UX. ok djm@ | |||
2013-03-08 | - (djm) [configure.ac] Add a timeout to the select/rlimit test to give it a | Damien Miller | |
chance to complete on broken systems; ok dtucker@ | |||
2013-03-06 | - (dtucker) [configure.ac] test that we can set number of file descriptors | Darren Tucker | |
to zero with setrlimit before enabling the rlimit sandbox. This affects (at least) HPUX 11.11. | |||
2013-03-05 | - (dtucker) [configure.ac] use "=" for shell test and not "==". Spotted by | Darren Tucker | |
Kevin Brott. | |||
2013-02-25 | - (dtucker) [configure.ac ssh-gss.h] bz#2073: additional #includes needed | Darren Tucker | |
to use Solaris native GSS libs. Patch from Pierre Ossman. | |||
2013-02-23 | - (djm) [configure.ac includes.h loginrec.c mux.c sftp.c] Prefer | Damien Miller | |
bsd/libutil.h to libutil.h to avoid deprecation warnings on Ubuntu. ok tim | |||
2013-02-22 | - (djm) [configure.ac sandbox-seccomp-filter.c] Support for Linux | Damien Miller | |
seccomp-bpf sandbox on ARM. Patch from shawnlandden AT gmail.com; ok dtucker | |||
2013-02-22 | - (dtucker) [configure.ac] bz#2073: look for Solaris' differently-named | Darren Tucker | |
libgss too. Patch from Pierre Ossman, ok djm. | |||
2013-02-22 | - (dtucker) [Makefile.in configure.ac] bz#2072: don't link krb5 libs to | Darren Tucker | |
ssh(1) since they're not needed. Patch from Pierre Ossman. | |||
2013-02-15 | - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoull.c | Darren Tucker | |
openbsd-compat/openbsd-compat.h] Add strtoull to compat library for platforms that don't have it. | |||
2013-02-15 | - (dtucker) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] | Darren Tucker | |
Use getpgrp() if we don't have getpgid() (old BSDs, maybe others). | |||
2013-02-11 | - (djm) [configure.ac openbsd-compat/openssl-compat.h] Repair build on old | Damien Miller | |
libcrypto that lacks EVP_CIPHER_CTX_ctrl | |||
2013-02-08 | - (dtucker) [configure.ac openbsd-compat/sys-tree.h] Test if compiler allows | Darren Tucker | |
__attribute__ on return values and work around if necessary. ok djm@ | |||
2013-02-07 | - (djm) [configure.ac] Don't probe seccomp capability of running kernel | Damien Miller | |
at configure time; the seccomp sandbox will fall back to rlimit at runtime anyway. Patch from plautrba AT redhat.com in bz#2011 | |||
2013-01-09 | - (djm) [cipher.c configure.ac openbsd-compat/openssl-compat.h] | Damien Miller | |
Fix merge botch, automatically detect AES-GCM in OpenSSL, move a little cipher compat code to openssl-compat.h | |||
2012-12-13 | - (djm) [configure.ac cipher-ctr.c] Adapt EVP AES CTR change to retain our | Damien Miller | |
compat code for older OpenSSL | |||
2012-12-03 | - (djm) [configure.ac] Revert previous. configure.ac already does this | Damien Miller | |
for us. | |||
2012-12-03 | - (djm) [configure.ac] Turn on -g for gcc compilers. Helps pre-installation | Damien Miller | |
debugging. ok dtucker@ | |||
2012-07-06 | - (djm) [configure.ac] Recursively expand $(bindir) to ensure it has no | Damien Miller | |
unexpanded $(prefix) embedded. bz#2007 patch from nix-corp AT esperi.org.uk; ok dtucker@ | |||
2012-07-04 | - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for | Darren Tucker | |
platforms that don't have it. "looks good" tim@ | |||
2012-07-03 | - (dtucker) [configure.ac sandbox-rlimit.c] Test whether or not | Darren Tucker | |
setrlimit(RLIMIT_FSIZE, rl_zero) and skip it if it's not supported. Its benefit is minor, so it's not worth disabling the sandbox if it doesn't work. | |||
2012-07-03 | - (dtucker) [configure.ac] Detect platforms that can't use select(2) with | Darren Tucker | |
setrlimit(RLIMIT_NOFILE, rl_zero) and disable the rlimit sandbox on those. | |||
2012-05-19 | - (dtucker) [configure.ac contrib/Makefile] bz#1996: use AC_PATH_TOOL to find | Darren Tucker | |
pkg-config so it does the right thing when cross-compiling. Patch from cjwatson at debian org. | |||
2012-05-19 | - (dtucker) [configure.ac] bz#2010: fix non-portable shell construct. Patch | Darren Tucker | |
from cjwatson at debian org. | |||
2012-05-04 | - (dtucker) [configure.ac] Include <sys/param.h> rather than <sys/types.h> | Darren Tucker | |
to fix building on some plaforms. Fom bowman at math utah edu and des at des no. | |||
2012-04-19 | - (djm) [configure.ac] Fix compilation error on FreeBSD, whose libutil | Damien Miller | |
contains openpty() but not login() | |||
2012-04-04 | - (djm) [Makefile.in configure.ac sandbox-seccomp-filter.c] Add sandbox | Damien Miller | |
mode for Linux's new seccomp filter; patch from Will Drewry; feedback and ok dtucker@ | |||
2012-02-24 | - (dtucker) [audit-bsm.c configure.ac] bug #1968: enable workarounds for BSM | Darren Tucker | |
audit breakage in Solaris 11. Patch from Magnus Johansson. | |||
2012-01-17 | - (dtucker) [configure.ac mac.c openbsd-compat/openssl-compat.h] Add | Darren Tucker | |
null implementation of HMAC_CTX_init for the benefit of old versions of OpenSSL that don't have it. | |||
2011-11-21 | - (dtucker) [configure.ac] Set _FORTIFY_SOURCE. ok djm@ | Darren Tucker | |
2011-11-04 | - (dtucker) [INSTALL LICENCE configure.ac openbsd-compat/Makefile.in | Darren Tucker | |
openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/getrrsetbyname.c] bz 1320: Add optional support for LDNS, a BSD licensed DNS resolver library which supports DNSSEC. Patch from Simon Vallet (svallet at genoscope cns fr) with some rework from myself and djm. ok djm. | |||
2011-10-02 | remove SELECT_REQUIRED_FDS added erroneously with strnlen. spotted by tim | Darren Tucker | |
2011-09-29 | - (dtucker) [configure.ac openbsd-compat/Makefile.in | Darren Tucker | |
openbsd-compat/strnlen.c] Add strnlen to the compat library. | |||
2011-09-29 | - (djm) [configure.ac defines.h] No need to detect sizeof(char); patch | Damien Miller | |
from des AT des.no | |||
2011-08-17 | - (tim) [configure.ac] Typo in error message spotted by Andy Tsouladze | Tim Rice | |
2011-08-17 | - (djm) [configure.ac] error out if the host lacks the necessary bits for | Damien Miller | |
an explicitly requested sandbox type | |||
2011-06-27 | - (djm) [configure.ac Makefile.in sandbox-darwin.c] Add a sandbox for | Damien Miller | |
Darwin/OS X using sandbox_init() + setrlimit(); feedback and testing markus@ | |||
2011-06-23 | - djm@cvs.openbsd.org 2011/06/22 21:57:01 | Damien Miller | |
[servconf.c servconf.h sshd.c sshd_config.5 sandbox-rlimit.c] [sandbox-systrace.c sandbox.h configure.ac Makefile.in] introduce sandboxing of the pre-auth privsep child using systrace(4). This introduces a new "UsePrivilegeSeparation=sandbox" option for sshd_config that applies mandatory restrictions on the syscalls the privsep child can perform. This prevents a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface. The sandbox is implemented using systrace(4) in unsupervised "fast-path" mode, where a list of permitted syscalls is supplied. Any syscall not on the list results in SIGKILL being sent to the privsep child. Note that this requires a kernel with the new SYSTR_POLICY_KILL option. UsePrivilegeSeparation=sandbox will become the default in the future so please start testing it now. feedback dtucker@; ok markus@ | |||
2011-06-03 | - (djm) [configure.ac] enable setproctitle emulation for OS X | Damien Miller | |