mirrors/openssh
0
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2024-12-02 18:26:21 +08:00
Code Issues Packages Projects Releases Wiki Activity
12,686 Commits 69 Branches 157 Tags 29 MiB
15ace435ea
Commit Graph

949 Commits

Author SHA1 Message Date
Darren Tucker
2a50a8f1fa
Add compat functions for EVP_Digest{Sign,Verify}. 
This should make LibreSSL 3.1.x through 3.3.x work again.  Code from
tb@, ok djm@.  Restore the test configs covering those.
 2024-08-17 11:25:36 +10:00
Darren Tucker
8b664df759
Cast to sockaddr * in systemd interface. 
Fixes build with musl libx.  bz#3707.
 2024-07-07 18:46:19 +10:00
Damien Miller
6a42b70e56
sync getrrsetbyname.c with recent upstream changes 2024-05-08 09:43:59 +10:00
90
88351eca17
Fix missing header for systemd notification 2024-04-06 08:16:25 +11:00
Damien Miller
08f579231c
notify systemd on listen and reload 
Standalone implementation that does not depend on libsystemd.
With assistance from Luca Boccassi, and feedback/testing from Colin
Watson. bz2641
 2024-04-03 14:40:32 +11:00
Damien Miller
9ea0a4524a
unbreak fuzzers for clang16 
getopt() needs a throw() attribute to compile, so supply one when compiling
things with C++
 2024-01-08 14:45:14 +11:00
Damien Miller
281c79168e
Solaris: prefer PRIV_XPOLICY to PRIV_LIMIT 
If the system support PRIV_XPOLICY and one is set, then don't
modify PRIV_LIMIT. bz2833, patch from Ron Jordan, ok dtucker@
 2023-10-12 13:20:01 +11:00
Darren Tucker
58ca4f0aa8
Only include unistd.h once. 2023-08-10 11:30:24 +10:00
Darren Tucker
9d92e7b248
Fix RNG seeding for OpenSSL w/out self seeding. 
When sshd is built with an OpenSSL that does not self-seed, it would
fail in the preauth privsep process while handling a new connection.
Sanity checked by djm@
 2023-08-03 20:29:08 +10:00
Damien Miller
4b94d09542
portable-specific int overflow defence-in-depth 
These too are unreachable, but we want the code to be safe regardless of
context. Reported by Yair Mizrahi @ JFrog
 2023-07-14 15:34:47 +10:00
Damien Miller
8c7203bcee
replace deprecate selinux matchpathcon function 
This function is apparently deprecated. Documentation on what is the
supposed replacement is is non-existent, so this follows the approach
glibc used https://sourceware.org/git/?p=glibc.git;a=patch;h=f278835f59

ok dtucker@
 2023-07-12 11:41:19 +10:00
Darren Tucker
fbf362b389
main(void) to prevent unused variable warning. 2023-05-09 19:26:56 +10:00
Darren Tucker
baf854c8bb
Remove warning pragma since clang doesn't like it. 2023-05-09 19:25:45 +10:00
Darren Tucker
5fbb7a1349
Suppress warning for snprintf truncation test. 2023-05-09 17:13:33 +10:00
Darren Tucker
47742c513e
Update OpenSSL compat test for 3.x. 2023-05-09 17:12:50 +10:00
Darren Tucker
b7afd8a4ec
Handle OpenSSL >=3 ABI compatibility. 
Beyond OpenSSL 3.0, the ABI compatibility guarantees are wider (only
major must match instead of major and minor in earlier versions).
bz#3548, ok djm@
 2023-05-08 20:12:59 +10:00
Damien Miller
2138f6be59
remove unused upper-case const strings in fmtfp 
no float format that uses upper-case is supported nor are hex floats.
ok dtucker
 2023-04-06 14:33:10 +10:00
Damien Miller
b36b162be5
need va_end() after va_copy(); ok dtucker 
spotted by Coverity
 2023-04-03 10:01:01 +10:00
Damien Miller
3c527d55f9
Allow building with BoringSSL 2023-03-24 15:26:26 +11:00
Damien Miller
7280401bdd
remove support for old libcrypto 
OpenSSH now requires LibreSSL 3.1.0 or greater or
OpenSSL 1.1.1 or greater

with/ok dtucker@
 2023-03-24 13:56:25 +11:00
Damien Miller
0fda9d704d
bounds checking for getrrsetbyname() replacement; 
Spotted by Coverity in CID 405033; ok millert@
 2023-03-10 15:59:46 +11:00
Darren Tucker
bf4dae0ad1
Add prototypes for mkstemp replacements. 
Should prevent warnings due to our wrapper function.
 2023-03-10 14:46:57 +11:00
Darren Tucker
77adde4305
Wrap mkstemp calls with umask set/restore. 
glibc versions 2.06 and earlier did not set a umask on files created by
mkstemp created the world-writable.  Wrap mkstemp to set and restore
the umask.  From Coverity (CIDs 291826 291886 291891), ok djm@
 2023-03-10 13:27:29 +11:00
Darren Tucker
a76085bda8
Extra brackets to prevent warning. 2023-03-08 17:26:51 +11:00
Damien Miller
01dbeb3084
avoid clash between for getopt's struct option 
Since we don't use getopt_long() nothing outside the getopt()
implementation itself uses this structure, so move it into the
source to remove it from visibility and clashes with libc's

ok dtucker@
 2023-02-27 17:10:12 +11:00
Damien Miller
c81c2bea6e
whitespace fixes 2023-02-17 10:12:40 +11:00
Damien Miller
500f90b39d
whitespace at EOL 2023-02-17 10:02:08 +11:00
Damien Miller
ea6fdf9a1a
use calloc for allocating arc4random structs 
ok dtucker
 2022-12-09 18:00:50 +11:00
Darren Tucker
15a01cf15f
Add fallback for old platforms w/out MAP_ANON. 2022-11-23 13:24:53 +11:00
Pierre Ossman
d9df5689c2
Avoid assuming layout of fd_set 
POSIX doesn't specify the internal layout of the fd_set object, so let's
not assume it is just a bit mask. This increases compatibility with
systems that have a different layout.

The assumption is also worthless as we already refuse to use file
descriptors over FD_SETSIZE anyway. Meaning that the default size of
fd_set is quite sufficient.
 2022-11-08 19:33:47 +11:00
Darren Tucker
3500f0405a
Link libssh into compat tests. 
The cygwin compat code uses xmalloc, so add libssh.a so pick up that.
 2022-11-03 23:04:08 +11:00
Darren Tucker
ec59effcf6
Fix compat regress to work with non-GNU make. 2022-11-03 21:44:23 +11:00
Darren Tucker
db97d8d0b9
Only run opensslver tests if built with OpenSSL. 2022-11-03 10:00:43 +11:00
Darren Tucker
fe88d67e75
Compat tests need libcrypto. 
This was moved to CHANNELLIBS during the libs refactor.  Spotted by
rapier at psc.edu.
 2022-11-03 08:14:05 +11:00
Darren Tucker
96b519726b
Include time.h when defining timegm. 
Fixes build on some platforms eg recent AIX.
 2022-11-03 04:25:34 +11:00
Darren Tucker
da6038bd5c
Always use compat getentropy. 
Have it call native getentropy and fall back as required.  Should fix
issues of platforms where libc has getentropy but it is not implemented
in the kernel.  Based on github PR#354 from simsergey.
 2022-11-02 12:20:50 +11:00
Damien Miller
195e5a65fd
revert c64b62338b and guard POLL* defines instead 
c64b62338b broke OSX builds, which do have poll.h but lack ppoll(2)
Spotted by dtucker
 2022-10-17 09:41:47 +11:00
Damien Miller
bc2e480d99
undef _get{short,long} before redefining 2022-10-14 14:52:22 +11:00
Damien Miller
c64b62338b
skip bsd-poll.h if poll.h found; ok dtucker 2022-10-10 12:32:43 +11:00
Damien Miller
fe646de03c
whitespace at EOL 2022-10-05 03:47:26 +11:00
Sam James
be19763532
openbsd-compat/bsd-asprintf: add <stdio.h> include for vsnprintf 
Fixes the following build failure with Clang 15 on musl:
```
bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline  -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE   -I. -I.  -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o
 do not support
      implicit function declarations [-Wimplicit-function-declaration]
        ret = vsnprintf(string, INIT_SZ, fmt, ap2);
              ^
bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf'
1 error generated.
```
 2022-09-08 12:04:00 +10:00
Darren Tucker
6cb6f660bb
Remove DEF_WEAK, it's already in defines.h. 2022-09-02 16:43:27 +10:00
Darren Tucker
ce39e7d8b7
Resync arc4random with OpenBSD. 
This brings us up to current, including djm's random-reseeding change,
as prompted by logan at cyberstorm.mu in bz#3467.  It brings the
platform-specific hooks from LibreSSL Portable, simplified to match our
use case.  ok djm@.
 2022-09-02 14:30:38 +10:00
Darren Tucker
beaddde26f
Move OPENBSD ORIGINAL marker. 
Putting this after the copyright statement (which doesn't change)
instead of before the version identifier (which does) prevents merge
conflicts when resyncing changes.
 2022-09-02 14:30:38 +10:00
Darren Tucker
c83e467ead
Remove arc4random_uniform from arc4random.c 
This was previously moved into its own file (matching OpenBSD) which
prematurely committed in commit 73541f2.
 2022-09-02 14:30:38 +10:00
Darren Tucker
87b0d9c1b7 Add a timegm implementation from Heimdal via Samba. 
Fixes build on (at least Solaris 10).
 2022-08-11 22:51:10 +10:00
Darren Tucker
7e2f51940b Rename our getentropy to prevent possible loops. 
Since arc4random seeds from getentropy, and we use OpenSSL for that
if enabled, there's the possibility that if we build on a system that
does not have getentropy then run on a system that does have it, then
OpenSSL could end up calling our getentropy and getting stuck in a loop.
Pointed out by deraadt@, ok djm@
 2022-08-10 17:36:44 +10:00
Darren Tucker
7a01f61be8 Actually put HAVE_STDINT_H around the stdint.h. 2022-08-08 12:17:04 +10:00
Darren Tucker
73541f29f0 Give unused param a name. 
Fixes builds on platforms that do have fido2 but don't have
fido_dev_is_winhello.
 2022-08-08 10:32:27 +10:00
Darren Tucker
3d3a932a01 Factor out getrnd() and rename to getentropy(). 
Factor out the arc4random seeding into its own file and change the
interface to match getentropy.  Use native getentropy if available.
This will make it easier to resync OpenBSD changes to arc4random.
Prompted by bz#3467, ok djm@.
 2022-08-05 13:12:27 +10:00