summaryrefslogtreecommitdiff
path: root/openbsd-compat
AgeCommit message (Collapse)Author
2019-10-09Don't check the status field of the OpenSSL versionKurt Roeckx
There is no reason to check the version of OpenSSL (in Debian). If it's not compatible the soname will change. OpenSSH seems to want to do a check for the soname based on the version number, but wants to keep the status of the release the same. Remove that check on the status since it doesn't tell you anything about how compatible that version is. Author: Colin Watson <cjwatson@debian.org> Bug-Debian: https://bugs.debian.org/93581 Bug-Debian: https://bugs.debian.org/664383 Bug-Debian: https://bugs.debian.org/732940 Forwarded: not-needed Last-Update: 2014-10-07 Patch-Name: no-openssl-version-status.patch
2019-10-09Force use of DNSSEC even if "options edns0" isn't in resolv.confColin Watson
This allows SSHFP DNS records to be verified if glibc 2.11 is installed. Origin: vendor, https://cvs.fedoraproject.org/viewvc/F-12/openssh/openssh-5.2p1-edns.patch?revision=1.1&view=markup Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572049 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572049 Last-Update: 2010-04-06 Patch-Name: dnssec-sshfp.patch
2019-10-09Handle SELinux authorisation rolesManoj Srivastava
Rejected upstream due to discomfort with magic usernames; a better approach will need an SSH protocol change. In the meantime, this came from Debian's SELinux maintainer, so we'll keep it until we have something better. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641 Bug-Debian: http://bugs.debian.org/394795 Last-Update: 2019-06-05 Patch-Name: selinux-role.patch
2019-10-09Make MAKE_CLONE no-op macro more correct.Darren Tucker
Similar to the previous change to DEF_WEAK, some compilers don't like the empty statement, so convert into a no-op function prototype.
2019-10-08avoid "return (value)" in void-declared functionDamien Miller
spotted by Tim Rice; ok dtucker
2019-09-30Include stdio.h for snprintf.Darren Tucker
Patch from vapier@gentoo.org.
2019-09-02fixed test in OSX closefrom() replacementDamien Miller
from likan_999.student AT sina.com
2019-09-02retain Solaris PRIV_FILE_LINK_ANY in sftp-serverDamien Miller
Dropping this privilege removes the ability to create hard links to files owned by other users. This is required for the legacy sftp rename operation. bz#3036; approach ok Alex Wilson (the original author of the Solaris sandbox/pledge replacement code)
2019-08-30proc_pidinfo()-based closefrom() for OS XDamien Miller
Refactor closefrom() to use a single brute-force close() loop fallback. Based on patch from likan_999.student@sina.com in bz#3049. ok dtucker@
2019-08-24Fix pasto in fallback code.Darren Tucker
There is no parameter called "pathname", it should simply be "path". bz#3059, patch from samuel at cendio.se.
2019-08-05Fix mem leak in unit test.Darren Tucker
Patch from jitendra.sharma at intel.com.
2019-07-23upstream rev 1.28: fix comment typo.Darren Tucker
2019-07-23Remove sys/cdefs.h include.Darren Tucker
It's not needed on -portable (that's handled by includes.h) and not all platforms have it.
2019-07-23Re-apply portability changes to current sha2.{c,h}.Darren Tucker
Rather than attempt to apply 14 years' worth of changes to OpenBSD's sha2 I imported the current versions directly then re-applied the portability changes. This also allowed re-syncing digest-libc.c against upstream.
2019-07-23Import current sha2.c and sha2.h from OpenBSD.Darren Tucker
These are not changed from their original state, the next commit will re-apply the portable changes.
2019-07-19fix SIGWINCH delivery of Solaris for mux sessionsDamien Miller
Remove PRIV_PROC_SESSION which was limiting ability to send SIGWINCH signals to other sessions. bz#3030; report and fix from Darren Moffat
2019-07-19Fix format string integer type in error message.Darren Tucker
2019-07-16Hook memmem compat code into build.Darren Tucker
This fixes builds on platforms that don't have it (at least old DragonFly, probably others).
2019-07-16Import memmem.c from OpenBSD.Darren Tucker
2019-07-08Move log.h include inside ifdefs.Darren Tucker
Fixes build on some other platforms that don't have va_list immediately available (eg NetBSD).
2019-07-08Include log.h for debug() and friends.Darren Tucker
Should fix some compiler warnings on IRIX (bz#3032).
2019-07-08remove realpath() compat replacementDamien Miller
We shipped a BSD implementation of realpath() because sftp-server depended on its behaviour. OpenBSD is now moving to a more strictly POSIX-compliant realpath(2), so sftp-server now unconditionally requires its own BSD-style realpath implementation. As such, there is no need to carry another independant implementation in openbsd-compat. ok dtucker@
2019-07-06Add prototype for strnlen to prevent warnings.Darren Tucker
2019-07-06Cast *ID types to unsigned long when printing.Darren Tucker
UID and GID types vary by platform so cast to u_long and use %lu when printing them to prevent warnings.
2019-07-06Add prototype for compat strndup.(bz#3032).Darren Tucker
2019-06-16Include stdio.h for vsnprintf.Darren Tucker
Patch from mforney at mforney.org.
2019-06-14upstream rev 1.27: fix integer overflow.Darren Tucker
Cast bitcount to u_in64_t before bit shifting to prevent integer overflow on 32bit platforms which cause incorrect results when adding a block >=512M in size. sha1 patch from ante84 at gmail.com via openssh github, sha2 with djm@, ok tedu@
2019-06-14upstream rev 1.25: add DEF_WEAK.Darren Tucker
Wrap blowfish, sha*, md5, and rmd160 so that internal calls go direct ok deraadt@
2019-06-14upstream rev 1.25: add sys/types.hDarren Tucker
2019-06-14upstream: Use explicit_bzero instead of memsetDarren Tucker
in hash Final and End functions. OK deraadt@ djm@
2019-06-08Always clean up before and after utimensat test.Darren Tucker
2019-06-07Update utimensat test.Darren Tucker
POSIX specifies that when given a symlink, AT_SYMLINK_NOFOLLOW should update the symlink and not the destination. The compat code doesn't have a way to do this, so where possible it fails instead of following a symlink when explicitly asked not to. Instead of checking for an explicit failure, check that it does not update the destination, which both the real and compat implmentations should honour. Inspired by github pull req #125 from chutzpah at gentoo.org.
2019-04-26Don't install duplicate STREAMS modules on SolarisDarren Tucker
Check if STREAMS modules are already installed on pty before installing since when compiling with XPG>=4 they will likely be installed already. Prevents hangs and duplicate lines on the terminal. bz#2945 and bz#2998, patch from djm@
2019-04-03Remove "struct ssh" from sys_auth_record_login.Darren Tucker
It's not needed, and is not available from the call site in loginrec.c Should only affect AIX, spotted by Kevin Brott.
2019-04-02Adapt custom_failed_login to new prototype.Darren Tucker
Spotted by Kevin Brott.
2019-03-31Only use O_NOFOLLOW in fchownat and fchmodat if definedTim Rice
2019-03-28Only use O_NOFOLLOW in utimensat if defined.Darren Tucker
Fixes build on systems that don't have it (Solaris <=9) Found by Tom G. Christensen.
2019-03-13Replace alloca with xcalloc.Darren Tucker
The latter checks for memory exhaustion and integer overflow and may be at a less predictable place. Sanity check by vinschen at redhat.com, ok djm@
2019-03-12Use Cygwin-specific matching only for users+groups.Darren Tucker
Patch from vinschen at redhat.com, updated a little by me.
2019-02-22Cygwin: implement case-insensitive Unicode user and group name matchingCorinna Vinschen
The previous revert enabled case-insensitive user names again. This patch implements the case-insensitive user and group name matching. To allow Unicode chars, implement the matcher using wchar_t chars in Cygwin-specific code. Keep the generic code changes as small as possible. Cygwin: implement case-insensitive Unicode user and group name matching Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
2019-02-22Revert unintended parts of previous commit.Darren Tucker
2019-02-22Revert "[auth.c] On Cygwin, refuse usernames that have differences in case"Corinna Vinschen
This reverts commit acc9b29486dfd649dfda474e5c1a03b317449f1c. Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
2019-01-24Also undef SIMPLEQ_FOREACH_SAFE.Darren Tucker
Prevents macro redefinition warning on at least NetBSD 6.1.
2019-01-20remove vestiges of old packet API from loginrec.cDamien Miller
2019-01-18Add minimal fchownat and fchmodat implementations.Darren Tucker
Fixes builds on at least OS X Lion, NetBSD 6 and Solaris 10.
2019-01-18Add a minimal implementation of utimensat().Darren Tucker
Some systems (eg older OS X) do not have utimensat, so provide minimal implementation in compat layer. Fixes build on at least El Capitan.
2018-11-25Include stdio.h for FILE if needed.Darren Tucker
2018-11-25Reverse order of OpenSSL init functions.Darren Tucker
Try the new init function (OPENSSL_init_crypto) before falling back to the old one (OpenSSL_add_all_algorithms).
2018-11-23refactor libcrypto initialisationDamien Miller
Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually supports it. Move all libcrypto initialisation to a single function, and call that from seed_rng() that is called early in each tool's main(). Prompted by patch from Rosen Penev
2018-11-16Test for OPENSSL_init_crypto before using.Darren Tucker
Check for the presence of OPENSSL_init_crypto and all the flags we want before trying to use it (bz#2931).