summaryrefslogtreecommitdiff
path: root/openbsd-compat
AgeCommit message (Collapse)Author
2015-11-29Force use of DNSSEC even if "options edns0" isn't in resolv.confColin Watson
This allows SSHFP DNS records to be verified if glibc 2.11 is installed. Origin: vendor, https://cvs.fedoraproject.org/viewvc/F-12/openssh/openssh-5.2p1-edns.patch?revision=1.1&view=markup Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572049 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572049 Last-Update: 2010-04-06 Patch-Name: dnssec-sshfp.patch
2015-11-29Handle SELinux authorisation rolesManoj Srivastava
Rejected upstream due to discomfort with magic usernames; a better approach will need an SSH protocol change. In the meantime, this came from Debian's SELinux maintainer, so we'll keep it until we have something better. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641 Bug-Debian: http://bugs.debian.org/394795 Last-Update: 2015-08-19 Patch-Name: selinux-role.patch
2015-07-30downgrade OOM adjustment logging: verbose -> debugDamien Miller
2015-07-20make realpath.c compile -Wsign-compare cleanDamien Miller
2015-07-17Check if realpath works on nonexistent files.Darren Tucker
On some platforms the native realpath doesn't work with non-existent files (this is actually specified in some versions of POSIX), however the sftp spec says its realpath with "canonicalize any given path name". On those platforms, use realpath from the compat library. In addition, when compiling with -DFORTIFY_SOURCE, glibc redefines the realpath symbol to the checked version, so redefine ours to something else so we pick up the compat version we want. bz#2428, ok djm@
2015-06-02Replace strcpy with strlcpy.Darren Tucker
ok djm, sanity check by Corinna Vinschen.
2015-05-10upstream commitDamien Miller
- tedu@cvs.openbsd.org 2015/01/12 03:20:04 [bcrypt_pbkdf.c] rename blocks to words. bcrypt "blocks" are unrelated to blowfish blocks, nor are they the same size.
2015-05-10upstream commitDamien Miller
- deraadt@cvs.openbsd.org 2015/01/08 00:30:07 [bcrypt_pbkdf.c] declare a local version of MIN(), call it MINIMUM()
2015-05-10upstream commitDamien Miller
- djm@cvs.openbsd.org 2014/12/30 01:41:43 [bcrypt_pbkdf.c] typo in comment: ouput => output
2015-05-08Put brackets around mblen() compat constant.Darren Tucker
This might help with the reported problem cross compiling for Android ("error: expected identifier or '(' before numeric constant") but shouldn't hurt in any case.
2015-04-17Wrap endian.h include inside ifdef (bz#2370).Darren Tucker
2015-04-07Use do{}while(0) for no-op functions.Darren Tucker
From FreeBSD.
2015-04-07Wrap blf.h include in ifdef. From FreeBSD.Darren Tucker
2015-02-26Remove dependency on xmalloc.Darren Tucker
Remove ssh_get_progname's dependency on xmalloc, which should reduce link order problems. ok djm@
2015-02-25Move definition of _NSIG.Darren Tucker
_NSIG is only unsed in one file, so move it there prevent redefinition warnings reported by Kevin Brott.
2015-02-24Add AI_NUMERICSERV to fake-rfc2553.Darren Tucker
Our getaddrinfo implementation always returns numeric values already.
2015-02-23Wrap stdint.h includes in ifdefs.Darren Tucker
2015-01-15kludge around tun API mismatch bettererDamien Miller
2015-01-15unbreak across API changeDamien Miller
2015-01-15support --without-openssl at configure timeDamien Miller
Disables and removes dependency on OpenSSL. Many features don't work and the set of crypto options is greatly restricted. This will only work on system with native arc4random or /dev/urandom. Considered highly experimental for now.
2015-01-14support --without-openssl at configure timeDamien Miller
Disables and removes dependency on OpenSSL. Many features don't work and the set of crypto options is greatly restricted. This will only work on system with native arc4random or /dev/urandom. Considered highly experimental for now.
2014-12-30avoid uninitialised free of ldns_resDamien Miller
If an invalid rdclass was passed to getrrsetbyname() then this would execute a free on an uninitialised pointer. OpenSSH only ever calls this with a fixed and valid rdclass. Reported by Joshua Rogers
2014-12-29pull updated OpenBSD BCrypt PBKDF implementationDamien Miller
Includes fix for 1 byte output overflow for large key length requests (not reachable in OpenSSH). Pointed out by Joshua Rogers
2014-12-18upstream libc changeDamien Miller
revision 1.2 date: 2014/12/08 03:45:00; author: bcook; state: Exp; lines: +2 -2; commitid: 7zWEBgJJOCZ2hvTV; avoid left shift overflow in reallocarray. Some 64-bit platforms (e.g. Windows 64) have a 32-bit long. So, shifting 1UL 32-bits to the left causes an overflow. This replaces the constant 1UL with (size_t)1 so that we get the correct constant size for the platform. discussed with tedu@ & deraadt@
2014-12-10Add reallocarray to compat libraryDarren Tucker
2014-10-01 - (djm) [openbsd-compat/Makefile.in openbsd-compat/kludge-fd_set.c]Damien Miller
[openbsd-compat/openbsd-compat.h] Kludge around bad glibc _FORTIFY_SOURCE check that doesn't grok heap-allocated fd_sets; ok dtucker@
2014-09-04 - (djm) [openbsd-compat/arc4random.c] Zero seed after keying PRNGDamien Miller
2014-08-30 - (djm) [openbsd-compat/openssl-compat.h] add include guardDamien Miller
2014-08-30 - (djm) [openbsd-compat/openssl-compat.h] addDamien Miller
OPENSSL_[RD]SA_MAX_MODULUS_BITS defines for OpenSSL that lacks them
2014-08-27 - (djm) [openbsd-compat/explicit_bzero.c] implement explicit_bzero()Damien Miller
using memset_s() where possible; improve fallback to indirect bzero via a volatile pointer to give it more of a chance to avoid being optimised away.
2014-08-22 - (djm) [openbsd-compat/bsd-snprintf.c] Fix compilation failure (prototype/Damien Miller
definition mismatch) and warning for broken/missing snprintf case.
2014-07-21- (dtucker) [cipher.c openbsd-compat/openssl-compat.h] Restore the bitsDarren Tucker
needed to build AES CTR mode against OpenSSL 0.9.8f and above. ok djm
2014-07-18 - (tim) [openbsd-compat/port-uw.c] Include misc.h for fwd_opts, usedTim Rice
in servconf.h.
2014-07-02 - djm@cvs.openbsd.org 2014/06/24 01:13:21Damien Miller
[Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c [sshconnect2.c sshd.c sshkey.c sshkey.h [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h] New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago. NB. This commit also removes portable OpenSSH support for OpenSSL <0.9.8e.
2014-06-17 - (dtucker) [entropy.c openbsd-compat/openssl-compat.{c,h}Darren Tucker
openbsd-compat/regress/{.cvsignore,Makefile.in,opensslvertest.c}] Move the OpenSSL header/library version test into its own function and add tests for it. Fix it to allow fix version upgrades (but not downgrades). Prompted by chl@ via OpenSMTPD (issue #462) and Debian (bug #748150). ok djm@ chl@
2014-06-11 - (dtucker) [openbsd-compat/arc4random.c] Use explicit_bzero instead of anDarren Tucker
assigment that might get optimized out. ok djm@
2014-05-27 - (djm) [configure.ac openbsd-compat/bsd-cygwin_util.c]Damien Miller
[openbsd-compat/bsd-cygwin_util.h] On Cygwin, determine privilege separation user at runtime, since it may need to be a domain account. Patch from Corinna Vinschen.
2014-02-13 - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add compatDarren Tucker
code for older OpenSSL versions that don't have EVP_MD_CTX_copy_ex.
2014-02-06 - (dtucker) [openbsd-compat/bsd-poll.c] Don't bother checking for non-NULLDarren Tucker
before freeing since free(NULL) is a no-op. ok djm.
2014-02-04 - (djm) [openbsd-compat/Makefile.in] Add missing explicit_bzero.oDamien Miller
2014-02-04 - tedu@cvs.openbsd.org 2014/01/31 16:39:19Damien Miller
[auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c] [channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c] [kexc25519.c krl.c monitor.c sandbox-systrace.c session.c] [sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c] [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h] replace most bzero with explicit_bzero, except a few that cna be memset ok djm dtucker
2014-01-22 - (djm) [openbsd-compat/setproctitle.c] Don't fail to compile if aDamien Miller
platform that is expected to use the reuse-argv style setproctitle hack surprises us by providing a setproctitle in libc; ok dtucker
2014-01-18 - (dtucker) [openbsd-compat/bsd-cygwin_util.h] Add missing functionDarren Tucker
declarations that stopped being included when we stopped including <windows.h> from openbsd-compat/bsd-cygwin_util.h. Patch from vinschen at redhat.com.
2014-01-17 - (dtucker) [openbsd-compat/bsd-statvfs.h] Only start including headers if weDarren Tucker
need them to cut down on the name collisions.
2014-01-17 - (dtucker) [configure.ac openbsd-compat/bsd-statvfs.cDarren Tucker
openbsd-compat/bsd-statvfs.h] Implement enough of statvfs on top of statfs to be useful (and for the regression tests to pass) on platforms that have statfs and fstatfs. ok djm@
2014-01-17 - (dtucker) Fix typo in #ifndef.Darren Tucker
2014-01-17 - (dtucker) [configure.ac digest.c openbsd-compat/openssl-compat.cDarren Tucker
openbsd-compat/openssl-compat.h] Add compatibility layer for older openssl versions. ok djm@
2014-01-17 - (dtucker) [openbsd-compat/bcrypt_pbkdf.c] Wrap stdlib.h include insideDarren Tucker
#ifdef HAVE_STDINT_H.
2013-12-08 - (djm) [openbsd-compat/bsd-setres_id.c] Missing header; from CorinnaDamien Miller
Vinschen
2013-12-07 - (djm) [ed25519.c ssh-ed25519.c openbsd-compat/Makefile.in]Damien Miller
[openbsd-compat/bcrypt_pbkdf.c] Make ed25519/new key format compile on Linux