Age | Commit message (Collapse) | Author |
|
- (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled
before attempting setfscreatecon(). Check whether matchpathcon()
succeeded before using its result. Patch from cjwatson AT debian.org;
bz#1851
|
|
20110125
- (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c
openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
port-linux.c to avoid compilation errors. Add -lselinux to ssh when
building with SELinux support to avoid linking failure; report from
amk AT spamfence.net; ok dtucker
|
|
before attempting setfscreatecon(). Check whether matchpathcon()
succeeded before using its result. Patch from cjwatson AT debian.org;
bz#1851
|
|
openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
port-linux.c to avoid compilation errors. Add -lselinux to ssh when
building with SELinux support to avoid linking failure; report from
amk AT spamfence.net; ok dtucker
|
|
RSA_get_default_method() for the benefit of openssl versions that don't
have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott,
ok djm@.
|
|
the tinderbox.
|
|
Linux OOM-killer magic values that changed in 2.6.36 kernels, with fallback
to the old values. Feedback from vapier at gentoo org and djm, ok djm.
|
|
avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS
and sanity check arguments (these will be unnecessary when we switch
struct glob members from being type into to size_t in the future);
"looks ok" tedu@ feedback guenther@
|
|
[openbsd-compat/glob.c]
Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit
from ARG_MAX to 64K.
Fixes glob-using programs (notably ftp) able to be triggered to hit
resource limits.
Idea from a similar NetBSD change, original problem reported by jasper@.
ok millert tedu jasper
|
|
debugging. Spotted by djm.
|
|
shims for the new, non-deprecated OpenSSL key generation functions for
platforms that don't have the new interfaces.
|
|
instead of (arc4random() % range)
|
|
from vapier at gentoo org.
|
|
support for platforms missing isblank(). ok djm@
|
|
openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support.
Patch from cory.erickson at csu mnscu edu with a bit of rework from me.
ok djm@
|
|
1.12 to unbreak Solaris build.
ok djm@
|
|
|
|
|
|
[cipher-3des1.c cipher-bf1.c cipher-ctr.c openbsd-compat/openssl-compat.h]
adapt to API changes in openssl-1.0.0a
NB. contains compat code to select correct API for older OpenSSL
|
|
|
|
|
|
[sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h]
make use of new glob(3) GLOB_KEEPSTAT extension to save extra server
rountrips to fetch per-file stat(2) information.
NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to
match.
|
|
[misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h]
[openbsd-compat/timingsafe_bcmp.c]
Add timingsafe_bcmp(3) to libc, mention that it's already in the
kernel in kern(9), and remove it from OpenSSH.
ok deraadt@, djm@
NB. re-added under openbsd-compat/ for portable OpenSSH
|
|
return code since it can apparently return -1 under some conditions. From
openssh bugs werbittewas de, ok djm@
|
|
openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to
the compat library which helps on platforms like old IRIX. Based on work
by djm, tested by Tom Christensen.
|
|
already set. Makes FreeBSD user openable tunnels useful; patch from
richard.burakowski+ossh AT mrburak.net, ok dtucker@
|
|
key.h.
|
|
libcrypto by defining OPENSSL_[DR]SA_MAX_MODULUS_BITS if they aren't
already. ok dtucker@
|
|
for arc4random_buf() and arc4random_uniform(); from Josh Gilkerson
|
|
adjust log at verbose only, since according to cjwatson in bug #1470
some virtualization platforms don't allow writes.
|
|
variables copied into sshd child processes. From vinschen AT redhat.com
|
|
after registering the hardware engines, which causes the openssl.cnf file to
be processed. See OpenSSL's man page for OPENSSL_config(3) for details.
Patch from Solomon Peachy, ok djm@.
|
|
|
|
variable warnings.
|
|
Tim.
|
|
and group_from_gid.
|
|
so we correctly detect whether or not we have a native user_from_uid.
|
|
for pwcache. Also, added caching of negative hits.
|
|
changes yet but there will be some to come).
|
|
Fixes bz #1590, where sometimes you could not interrupt a connection while
ssh was prompting for a passphrase or password.
|
|
|
|
r1.18: missing restore of SIGTTOU and some whitespace.
|
|
Bug #1583: Use system's kerberos principal name on AIX if it's available.
Based on a patch from and tested by Miguel Sanders.
|
|
based on a patch from Vaclav Ovsik and Colin Watson. ok djm.
|
|
is enabled set the security context to "sftpd_t" before running the
internal sftp server Based on a patch from jchadima at redhat.
|
|
the setpcred call on AIX to immediately before the permanently_set_uid().
Ensures that we still have privileges when we call chroot and
pam_open_sesson. Based on a patch from David Leonard.
|
|
PrintLastLog work on AIX. Based in part on a patch from Miguel Sanders.
|
|
fits into 16 bits to work around a bug in glibc's resolver where it masks
off the buffer size at 16 bits. Patch from Hauke Lampe, ok djm jakob.
|
|
auth2-pubkey.c session.c openbsd-compat/bsd-cygwin_util.{c,h}
openbsd-compat/daemon.c] Remove support for Windows 95/98/ME and very old
version of Cygwin. Patch from vinschen at redhat com.
|
|
EVP_DigestUpdate does not exactly match the other OLD_EVP functions (eg
in openssl 0.9.6) so add an explicit test for it.
|