Age | Commit message (Collapse) | Author |
|
libcrypto that lacks EVP_CIPHER_CTX_ctrl
|
|
__attribute__ on return values and work around if necessary. ok djm@
|
|
version.
|
|
Move prototypes for replacement ciphers to openssl-compat.h; fix EVP
prototypes for openssl-1.0.0-fips.
|
|
Fix merge botch, automatically detect AES-GCM in OpenSSL, move a little
cipher compat code to openssl-compat.h
|
|
TAILQ_FOREACH_SAFE needed for upcoming changes.
|
|
openbsd-compat/bsd-setres_id.c openbsd-compat/bsd-setres_id.h
openbsd-compat/openbsd-compat.h] Move the fallback code for setting uids
and gids from uidswap.c to the compat library, which allows it to work with
the new setresuid calls in auth2-pubkey. with tim@, ok djm@
|
|
for compatibility with future mingw-w64 headers. Patch from vinschen at
redhat com.
|
|
platforms that don't have it. "looks good" tim@
|
|
pointer deref in the client when built with LDNS and using DNSSEC with a
CNAME. Patch from gregdlg+mr at hochet info.
|
|
assumptions when building on Cygwin; patch from Corinna Vinschen
|
|
systems where sshd is run in te wrong context. Patch from Sven
Vermeulen; ok dtucker@
|
|
unsetenv due to rev 1.14 change to setenv.c. Cast unsetenv to void in sshd.c
ok dtucker@
|
|
preserved Cygwin environment variables; from Corinna Vinschen
|
|
null implementation of HMAC_CTX_init for the benefit of old versions
of OpenSSL that don't have it.
|
|
openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/getrrsetbyname.c]
bz 1320: Add optional support for LDNS, a BSD licensed DNS resolver library
which supports DNSSEC. Patch from Simon Vallet (svallet at genoscope cns fr)
with some rework from myself and djm. ok djm.
|
|
|
|
openbsd-compat/strnlen.c] Add strnlen to the compat library.
|
|
of static __findenv() function from upstream setenv.c
|
|
[openbsd-compat/inet_ntop.c]
fix inet_ntop(3) prototype; ok millert@ libc to be bumbed very soon
|
|
marker. The upstream API has changed (function and structure names)
enough to put it out of sync with other providers of this interface.
|
|
The file was totally rewritten between what we had in tree and -current.
|
|
[mktemp.c]
Remove useless code, the kernel will set errno appropriately if an
element in the path does not exist. OK deraadt@ pvalchev@
|
|
[mktemp.c]
use arc4random_uniform(); ok djm millert
|
|
upstream version is YPified and we don't want this
|
|
[mktemp.c]
Comment fix about time consumption of _gettemp.
FreeBSD did this in revision 1.20.
OK deraadt@, krw@
|
|
longer want to sync this file (OpenBSD uses a __getcwd syscall now, we
want this longhand version)
|
|
[openbsd-compat/strlcpy.c]
Convert do {} while loop -> while {} for clarity. No binary change
on most architectures. From Oliver Smith. OK deraadt@ and henning@
|
|
[glob.c]
fix GLOB_KEEPSTAT without GLOB_NOSORT; the implicit sort was being
applied only to the gl_pathv vector and not the corresponding gl_statv
array. reported in OpenSSH bz#1935; feedback and okay matthew@
|
|
[glob.c]
In glob(3), limit recursion during matching attempts. Similar to
fnmatch fix. Also collapse consecutive '*' (from NetBSD).
ok miod deraadt
|
|
[openbsd-compat/glob.c]
When the max number of items for a directory has reached GLOB_LIMIT_READDIR
an error is returned but closedir() is not called.
spotted and fix provided by Frank Denis obsd-tech@pureftpd.org
ok otto@, millert@
|
|
to switch SELinux context away from unconfined_t, based on patch from
Jan Chadima; bz#1919 ok dtucker@
|
|
binary_pipe is no longer required on Cygwin; patch from Corinna Vinschen
|
|
change error by reporting old and new context names Patch from
jchadima at redhat.
|
|
--with-ssl-engine which was broken with the change from deprecated
SSLeay_add_all_algorithms(). ok djm
|
|
for closefrom() in test code. Report from Dan Wallis via Gentoo.
|
|
selinux code. Patch from Leonardo Chiquitto.
|
|
before attempting setfscreatecon(). Check whether matchpathcon()
succeeded before using its result. Patch from cjwatson AT debian.org;
bz#1851
|
|
openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
port-linux.c to avoid compilation errors. Add -lselinux to ssh when
building with SELinux support to avoid linking failure; report from
amk AT spamfence.net; ok dtucker
|
|
RSA_get_default_method() for the benefit of openssl versions that don't
have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott,
ok djm@.
|
|
the tinderbox.
|
|
Linux OOM-killer magic values that changed in 2.6.36 kernels, with fallback
to the old values. Feedback from vapier at gentoo org and djm, ok djm.
|
|
avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS
and sanity check arguments (these will be unnecessary when we switch
struct glob members from being type into to size_t in the future);
"looks ok" tedu@ feedback guenther@
|
|
[openbsd-compat/glob.c]
Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit
from ARG_MAX to 64K.
Fixes glob-using programs (notably ftp) able to be triggered to hit
resource limits.
Idea from a similar NetBSD change, original problem reported by jasper@.
ok millert tedu jasper
|
|
debugging. Spotted by djm.
|
|
shims for the new, non-deprecated OpenSSL key generation functions for
platforms that don't have the new interfaces.
|
|
instead of (arc4random() % range)
|
|
from vapier at gentoo org.
|
|
support for platforms missing isblank(). ok djm@
|
|
openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support.
Patch from cory.erickson at csu mnscu edu with a bit of rework from me.
ok djm@
|