| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
| |
This should make LibreSSL 3.1.x through 3.3.x work again. Code from
tb@, ok djm@. Restore the test configs covering those.
|
| |
|
|
| |
Fixes build with musl libx. bz#3707.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Standalone implementation that does not depend on libsystemd.
With assistance from Luca Boccassi, and feedback/testing from Colin
Watson. bz2641
|
| |
|
|
|
| |
getopt() needs a throw() attribute to compile, so supply one when compiling
things with C++
|
| |
|
|
|
| |
If the system support PRIV_XPOLICY and one is set, then don't
modify PRIV_LIMIT. bz2833, patch from Ron Jordan, ok dtucker@
|
| | |
|
| |
|
|
|
|
| |
When sshd is built with an OpenSSL that does not self-seed, it would
fail in the preauth privsep process while handling a new connection.
Sanity checked by djm@
|
| |
|
|
|
| |
These too are unreachable, but we want the code to be safe regardless of
context. Reported by Yair Mizrahi @ JFrog
|
| |
|
|
|
|
|
|
| |
This function is apparently deprecated. Documentation on what is the
supposed replacement is is non-existent, so this follows the approach
glibc used https://sourceware.org/git/?p=glibc.git;a=patch;h=f278835f59
ok dtucker@
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Beyond OpenSSL 3.0, the ABI compatibility guarantees are wider (only
major must match instead of major and minor in earlier versions).
bz#3548, ok djm@
|
| |
|
|
|
| |
no float format that uses upper-case is supported nor are hex floats.
ok dtucker
|
| |
|
|
| |
spotted by Coverity
|
| | |
|
| |
|
|
|
|
|
| |
OpenSSH now requires LibreSSL 3.1.0 or greater or
OpenSSL 1.1.1 or greater
with/ok dtucker@
|
| |
|
|
| |
Spotted by Coverity in CID 405033; ok millert@
|
| |
|
|
| |
Should prevent warnings due to our wrapper function.
|
| |
|
|
|
|
| |
glibc versions 2.06 and earlier did not set a umask on files created by
mkstemp created the world-writable. Wrap mkstemp to set and restore
the umask. From Coverity (CIDs 291826 291886 291891), ok djm@
|
| | |
|
| |
|
|
|
|
|
|
| |
Since we don't use getopt_long() nothing outside the getopt()
implementation itself uses this structure, so move it into the
source to remove it from visibility and clashes with libc's
ok dtucker@
|
| | |
|
| | |
|
| |
|
|
| |
ok dtucker
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
POSIX doesn't specify the internal layout of the fd_set object, so let's
not assume it is just a bit mask. This increases compatibility with
systems that have a different layout.
The assumption is also worthless as we already refuse to use file
descriptors over FD_SETSIZE anyway. Meaning that the default size of
fd_set is quite sufficient.
|
| |
|
|
| |
The cygwin compat code uses xmalloc, so add libssh.a so pick up that.
|
| | |
|
| | |
|
| |
|
|
|
| |
This was moved to CHANNELLIBS during the libs refactor. Spotted by
rapier at psc.edu.
|
| |
|
|
| |
Fixes build on some platforms eg recent AIX.
|
| |
|
|
|
|
| |
Have it call native getentropy and fall back as required. Should fix
issues of platforms where libc has getentropy but it is not implemented
in the kernel. Based on github PR#354 from simsergey.
|
| |
|
|
|
| |
c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2)
Spotted by dtucker
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes the following build failure with Clang 15 on musl:
```
bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o
do not support
implicit function declarations [-Wimplicit-function-declaration]
ret = vsnprintf(string, INIT_SZ, fmt, ap2);
^
bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf'
1 error generated.
```
|
| | |
|
| |
|
|
|
|
|
| |
This brings us up to current, including djm's random-reseeding change,
as prompted by logan at cyberstorm.mu in bz#3467. It brings the
platform-specific hooks from LibreSSL Portable, simplified to match our
use case. ok djm@.
|
| |
|
|
|
|
| |
Putting this after the copyright statement (which doesn't change)
instead of before the version identifier (which does) prevents merge
conflicts when resyncing changes.
|
| |
|
|
|
| |
This was previously moved into its own file (matching OpenBSD) which
prematurely committed in commit 73541f2.
|
| |
|
|
| |
Fixes build on (at least Solaris 10).
|
| |
|
|
|
|
|
|
| |
Since arc4random seeds from getentropy, and we use OpenSSL for that
if enabled, there's the possibility that if we build on a system that
does not have getentropy then run on a system that does have it, then
OpenSSL could end up calling our getentropy and getting stuck in a loop.
Pointed out by deraadt@, ok djm@
|
| | |
|
| |
|
|
|
| |
Fixes builds on platforms that do have fido2 but don't have
fido_dev_is_winhello.
|
