summaryrefslogtreecommitdiff
path: root/openbsd-compat
AgeCommit message (Collapse)Author
2019-06-14Update utimensat test.Darren Tucker
POSIX specifies that when given a symlink, AT_SYMLINK_NOFOLLOW should update the symlink and not the destination. The compat code doesn't have a way to do this, so where possible it fails instead of following a symlink when explicitly asked not to. Instead of checking for an explicit failure, check that it does not update the destination, which both the real and compat implementations should honour. Inspired by github pull req #125 from chutzpah at gentoo.org. Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=182898192d4b720e4faeafd5b39c2cfb3b92aa21 Last-Update: 2019-06-09 Patch-Name: fix-utimensat-test.patch
2019-06-05Don't check the status field of the OpenSSL versionKurt Roeckx
There is no reason to check the version of OpenSSL (in Debian). If it's not compatible the soname will change. OpenSSH seems to want to do a check for the soname based on the version number, but wants to keep the status of the release the same. Remove that check on the status since it doesn't tell you anything about how compatible that version is. Author: Colin Watson <cjwatson@debian.org> Bug-Debian: https://bugs.debian.org/93581 Bug-Debian: https://bugs.debian.org/664383 Bug-Debian: https://bugs.debian.org/732940 Forwarded: not-needed Last-Update: 2014-10-07 Patch-Name: no-openssl-version-status.patch
2019-06-05Force use of DNSSEC even if "options edns0" isn't in resolv.confColin Watson
This allows SSHFP DNS records to be verified if glibc 2.11 is installed. Origin: vendor, https://cvs.fedoraproject.org/viewvc/F-12/openssh/openssh-5.2p1-edns.patch?revision=1.1&view=markup Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572049 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572049 Last-Update: 2010-04-06 Patch-Name: dnssec-sshfp.patch
2019-06-05Handle SELinux authorisation rolesManoj Srivastava
Rejected upstream due to discomfort with magic usernames; a better approach will need an SSH protocol change. In the meantime, this came from Debian's SELinux maintainer, so we'll keep it until we have something better. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641 Bug-Debian: http://bugs.debian.org/394795 Last-Update: 2019-06-05 Patch-Name: selinux-role.patch
2019-04-03Remove "struct ssh" from sys_auth_record_login.Darren Tucker
It's not needed, and is not available from the call site in loginrec.c Should only affect AIX, spotted by Kevin Brott.
2019-04-02Adapt custom_failed_login to new prototype.Darren Tucker
Spotted by Kevin Brott.
2019-03-31Only use O_NOFOLLOW in fchownat and fchmodat if definedTim Rice
2019-03-28Only use O_NOFOLLOW in utimensat if defined.Darren Tucker
Fixes build on systems that don't have it (Solaris <=9) Found by Tom G. Christensen.
2019-03-13Replace alloca with xcalloc.Darren Tucker
The latter checks for memory exhaustion and integer overflow and may be at a less predictable place. Sanity check by vinschen at redhat.com, ok djm@
2019-03-12Use Cygwin-specific matching only for users+groups.Darren Tucker
Patch from vinschen at redhat.com, updated a little by me.
2019-02-22Cygwin: implement case-insensitive Unicode user and group name matchingCorinna Vinschen
The previous revert enabled case-insensitive user names again. This patch implements the case-insensitive user and group name matching. To allow Unicode chars, implement the matcher using wchar_t chars in Cygwin-specific code. Keep the generic code changes as small as possible. Cygwin: implement case-insensitive Unicode user and group name matching Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
2019-02-22Revert unintended parts of previous commit.Darren Tucker
2019-02-22Revert "[auth.c] On Cygwin, refuse usernames that have differences in case"Corinna Vinschen
This reverts commit acc9b29486dfd649dfda474e5c1a03b317449f1c. Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
2019-01-24Also undef SIMPLEQ_FOREACH_SAFE.Darren Tucker
Prevents macro redefinition warning on at least NetBSD 6.1.
2019-01-20remove vestiges of old packet API from loginrec.cDamien Miller
2019-01-18Add minimal fchownat and fchmodat implementations.Darren Tucker
Fixes builds on at least OS X Lion, NetBSD 6 and Solaris 10.
2019-01-18Add a minimal implementation of utimensat().Darren Tucker
Some systems (eg older OS X) do not have utimensat, so provide minimal implementation in compat layer. Fixes build on at least El Capitan.
2018-11-25Include stdio.h for FILE if needed.Darren Tucker
2018-11-25Reverse order of OpenSSL init functions.Darren Tucker
Try the new init function (OPENSSL_init_crypto) before falling back to the old one (OpenSSL_add_all_algorithms).
2018-11-23refactor libcrypto initialisationDamien Miller
Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually supports it. Move all libcrypto initialisation to a single function, and call that from seed_rng() that is called early in each tool's main(). Prompted by patch from Rosen Penev
2018-11-16Test for OPENSSL_init_crypto before using.Darren Tucker
Check for the presence of OPENSSL_init_crypto and all the flags we want before trying to use it (bz#2931).
2018-11-16Fix check for OpenSSL 1.0.1 exactly.Darren Tucker
Both INSTALL and configure.ac claim OpenSSL >= 1.0.1 is supported; fix compile-time check for 1.0.1 to match.
2018-11-09fix compilation with openssl built without ECCEneas U de Queiroz
ECDSA code in openssh-compat.h and libressl-api-compat.c needs to be guarded by OPENSSL_HAS_ECC Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2018-10-28Update check for minimum OpenSSL version.Darren Tucker
2018-10-28Use detected version functions in openssl compat.Darren Tucker
Use detected functions in compat layer instead of guessing based on versions. Really fixes builds with LibreSSL, not just configure.
2018-10-26fix builds on OpenSSL <= 1.0.xDamien Miller
I thought OpenSSL 1.0.x offered the new-style OpenSSL_version_num() API to obtain version number, but they don't.
2018-10-23fix compile for openssl 1.0.x w/ --with-ssl-engineDamien Miller
bz#2921, patch from cotequeiroz
2018-10-17unbreak compilation with --with-ssl-engineDamien Miller
Missing last argument to OPENSSL_init_crypto()
2018-10-16Avoid deprecated OPENSSL_config when using 1.1.xDamien Miller
OpenSSL 1.1.x soft-deprecated OPENSSL_config in favour of OPENSSL_init_crypto; pointed out by Jakub Jelen
2018-10-12Don't avoid our *sprintf replacements.Darren Tucker
Don't let systems with broken printf(3) avoid our replacements via asprintf(3)/vasprintf(3) calling libc internally. From djm@
2018-10-11check for NULL return from shadow_pw()Damien Miller
probably unreachable on this platform; pointed out by coolbugcheckers AT gmail.com
2018-10-10in pick_salt() avoid dereference of NULL passwordsDamien Miller
Apparently some NIS implementations can leave pw->pw_passwd (or the shadow equivalent) NULL. bz#2909; based on patch from Todd Eigenschink
2018-09-22Remove unused variable in _ssh_compat_fflush.Darren Tucker
2018-09-13adapt -portable to OpenSSL 1.1x APIDamien Miller
Polyfill missing API with replacement functions extracted from LibreSSL
2018-09-07Initial len for the fmt=NULL case.Darren Tucker
Patch from jjelen at redhat via bz#2687. (OpenSSH never calls setproctitle with a null format so len is always initialized).
2018-09-07Include stdlib.h.Darren Tucker
Patch from jjelen at redhat via bz#2687.
2018-08-21 modified: openbsd-compat/port-uw.cTim Rice
remove obsolete and un-needed include
2018-08-13cygwin: add missing stdarg.h includeCorinna Vinschen
Further header file standarization in Cygwin uncovered a lazy indirect include in bsd-cygwin_util.c Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
2018-08-11Some AIX fixes; report from Michael FeltDamien Miller
2018-07-27correct snprintf truncation check in closefrom()Damien Miller
Truncation cannot happen unless the system has set PATH_MAX to some nonsensically low value. bz#2862, patch from Daniel Le
2018-07-14Undef a few new macros in sys-queue.h.Darren Tucker
Prevents macro redefinition warnings on OSX.
2018-07-12upstream: remove legacy key emulation layer; ok djm@markus@openbsd.org
OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
2018-07-11Include stdlib.h for declaration of free.Darren Tucker
Fixes build with -Werror on at least Fedora and probably others.
2018-07-10Adapt portable to legacy buffer API removalDamien Miller
2018-07-06Defer setting bufsiz in getdelim.Darren Tucker
Do not write to bufsiz until we are sure the malloc has succeeded, in case any callers rely on it (which they shouldn't). ok djm@
2018-07-02Add implementation of getline.Darren Tucker
Add getline for the benefit of platforms that don't have it. Sourced from NetBSD (OpenBSD's implementation is a little too chummy with the internals of FILE).
2018-05-14sync fmt_scaled.cDamien Miller
revision 1.17 date: 2018/05/14 04:39:04; author: djm; state: Exp; lines: +5 -2; commitid: 53zY8GjViUBnWo8Z; constrain fractional part to [0-9] (less confusing to static analysis); ok ian@
2018-04-29Use includes.h instead of config.h.Darren Tucker
This ensures it picks up the definition of DEF_WEAK, the lack of which can cause compile errors in some cases (eg modern AIX). From michael at felt.demon.nl.
2018-04-13Fix tunnel forwarding broken in 7.7p1Damien Miller
bz2855, ok dtucker@
2018-04-13prefer to use getrandom() for PRNG seedingDamien Miller
Only applies when built --without-openssl. Thanks Jann Horn for reminder.