summaryrefslogtreecommitdiffstats
path: root/openbsd-compat (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Simplify pselect shim and remove side effects.Darren Tucker2024-10-251-55/+51
| | | | | | | | | Instead of maintaing state (pipe descriptors, signal handlers) across pselect-on-select invocations, set up and restore them each call. This prevents outside factors (eg a closefrom or signal handler installation) from potentially causing problems. This does result in a drop in throughput of a couple of percent on geriatric platforms without a native pselect due to the extra overhead. Tweaks & ok djm@
* conditionally include mman.h in arc4random codeDamien Miller2024-09-181-0/+2
|
* Add compat functions for EVP_Digest{Sign,Verify}.Darren Tucker2024-08-172-0/+36
| | | | | This should make LibreSSL 3.1.x through 3.3.x work again. Code from tb@, ok djm@. Restore the test configs covering those.
* Cast to sockaddr * in systemd interface.Darren Tucker2024-07-071-1/+1
| | | | Fixes build with musl libx. bz#3707.
* sync getrrsetbyname.c with recent upstream changesDamien Miller2024-05-081-11/+13
|
* Fix missing header for systemd notification902024-04-051-0/+1
|
* notify systemd on listen and reloadDamien Miller2024-04-032-2/+100
| | | | | | Standalone implementation that does not depend on libsystemd. With assistance from Luca Boccassi, and feedback/testing from Colin Watson. bz2641
* unbreak fuzzers for clang16Damien Miller2024-01-082-3/+19
| | | | | getopt() needs a throw() attribute to compile, so supply one when compiling things with C++
* Solaris: prefer PRIV_XPOLICY to PRIV_LIMITDamien Miller2023-10-121-1/+23
| | | | | If the system support PRIV_XPOLICY and one is set, then don't modify PRIV_LIMIT. bz2833, patch from Ron Jordan, ok dtucker@
* Only include unistd.h once.Darren Tucker2023-08-101-1/+0
|
* Fix RNG seeding for OpenSSL w/out self seeding.Darren Tucker2023-08-031-1/+5
| | | | | | When sshd is built with an OpenSSL that does not self-seed, it would fail in the preauth privsep process while handling a new connection. Sanity checked by djm@
* portable-specific int overflow defence-in-depthDamien Miller2023-07-141-17/+13
| | | | | These too are unreachable, but we want the code to be safe regardless of context. Reported by Yair Mizrahi @ JFrog
* replace deprecate selinux matchpathcon functionDamien Miller2023-07-121-1/+8
| | | | | | | | This function is apparently deprecated. Documentation on what is the supposed replacement is is non-existent, so this follows the approach glibc used https://sourceware.org/git/?p=glibc.git;a=patch;h=f278835f59 ok dtucker@
* main(void) to prevent unused variable warning.Darren Tucker2023-05-091-1/+1
|
* Remove warning pragma since clang doesn't like it.Darren Tucker2023-05-091-3/+0
|
* Suppress warning for snprintf truncation test.Darren Tucker2023-05-091-2/+7
|
* Update OpenSSL compat test for 3.x.Darren Tucker2023-05-091-9/+20
|
* Handle OpenSSL >=3 ABI compatibility.Darren Tucker2023-05-081-9/+11
| | | | | | Beyond OpenSSL 3.0, the ABI compatibility guarantees are wider (only major must match instead of major and minor in earlier versions). bz#3548, ok djm@
* remove unused upper-case const strings in fmtfpDamien Miller2023-04-061-4/+4
| | | | | no float format that uses upper-case is supported nor are hex floats. ok dtucker
* need va_end() after va_copy(); ok dtuckerDamien Miller2023-04-031-10/+13
| | | | spotted by Coverity
* Allow building with BoringSSLDamien Miller2023-03-241-0/+9
|
* remove support for old libcryptoDamien Miller2023-03-242-700/+7
| | | | | | | OpenSSH now requires LibreSSL 3.1.0 or greater or OpenSSL 1.1.1 or greater with/ok dtucker@
* bounds checking for getrrsetbyname() replacement;Damien Miller2023-03-101-8/+39
| | | | Spotted by Coverity in CID 405033; ok millert@
* Add prototypes for mkstemp replacements.Darren Tucker2023-03-102-0/+2
| | | | Should prevent warnings due to our wrapper function.
* Wrap mkstemp calls with umask set/restore.Darren Tucker2023-03-102-0/+24
| | | | | | glibc versions 2.06 and earlier did not set a umask on files created by mkstemp created the world-writable. Wrap mkstemp to set and restore the umask. From Coverity (CIDs 291826 291886 291891), ok djm@
* Extra brackets to prevent warning.Darren Tucker2023-03-081-1/+1
|
* avoid clash between for getopt's struct optionDamien Miller2023-02-272-0/+17
| | | | | | | | Since we don't use getopt_long() nothing outside the getopt() implementation itself uses this structure, so move it into the source to remove it from visibility and clashes with libc's ok dtucker@
* whitespace fixesDamien Miller2023-02-171-45/+45
|
* whitespace at EOLDamien Miller2023-02-171-7/+7
|
* use calloc for allocating arc4random structsDamien Miller2022-12-091-2/+2
| | | | ok dtucker
* Add fallback for old platforms w/out MAP_ANON.Darren Tucker2022-11-231-0/+10
|
* Avoid assuming layout of fd_setPierre Ossman2022-11-081-26/+12
| | | | | | | | | | POSIX doesn't specify the internal layout of the fd_set object, so let's not assume it is just a bit mask. This increases compatibility with systems that have a different layout. The assumption is also worthless as we already refuse to use file descriptors over FD_SETSIZE anyway. Meaning that the default size of fd_set is quite sufficient.
* Link libssh into compat tests.Darren Tucker2022-11-031-2/+3
| | | | The cygwin compat code uses xmalloc, so add libssh.a so pick up that.
* Fix compat regress to work with non-GNU make.Darren Tucker2022-11-031-1/+1
|
* Only run opensslver tests if built with OpenSSL.Darren Tucker2022-11-031-0/+2
|
* Compat tests need libcrypto.Darren Tucker2022-11-021-1/+1
| | | | | This was moved to CHANNELLIBS during the libs refactor. Spotted by rapier at psc.edu.
* Include time.h when defining timegm.Darren Tucker2022-11-021-0/+1
| | | | Fixes build on some platforms eg recent AIX.
* Always use compat getentropy.Darren Tucker2022-11-023-12/+11
| | | | | | Have it call native getentropy and fall back as required. Should fix issues of platforms where libc has getentropy but it is not implemented in the kernel. Based on github PR#354 from simsergey.
* revert c64b62338b4 and guard POLL* defines insteadDamien Miller2022-10-171-8/+21
| | | | | c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2) Spotted by dtucker
* undef _get{short,long} before redefiningDamien Miller2022-10-141-3/+9
|
* skip bsd-poll.h if poll.h found; ok dtuckerDamien Miller2022-10-101-2/+2
|
* whitespace at EOLDamien Miller2022-10-041-26/+26
|
* openbsd-compat/bsd-asprintf: add <stdio.h> include for vsnprintfSam James2022-09-081-0/+1
| | | | | | | | | | | | | Fixes the following build failure with Clang 15 on musl: ``` bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o do not support implicit function declarations [-Wimplicit-function-declaration] ret = vsnprintf(string, INIT_SZ, fmt, ap2); ^ bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf' 1 error generated. ```
* Remove DEF_WEAK, it's already in defines.h.Darren Tucker2022-09-021-2/+0
|
* Resync arc4random with OpenBSD.Darren Tucker2022-09-023-108/+175
| | | | | | | This brings us up to current, including djm's random-reseeding change, as prompted by logan at cyberstorm.mu in bz#3467. It brings the platform-specific hooks from LibreSSL Portable, simplified to match our use case. ok djm@.
* Move OPENBSD ORIGINAL marker.Darren Tucker2022-09-021-2/+2
| | | | | | Putting this after the copyright statement (which doesn't change) instead of before the version identifier (which does) prevents merge conflicts when resyncing changes.
* Remove arc4random_uniform from arc4random.cDarren Tucker2022-09-021-38/+0
| | | | | This was previously moved into its own file (matching OpenBSD) which prematurely committed in commit 73541f2.
* Add a timegm implementation from Heimdal via Samba.Darren Tucker2022-08-113-0/+87
| | | | Fixes build on (at least Solaris 10).
* Rename our getentropy to prevent possible loops.Darren Tucker2022-08-103-2/+11
| | | | | | | | Since arc4random seeds from getentropy, and we use OpenSSL for that if enabled, there's the possibility that if we build on a system that does not have getentropy then run on a system that does have it, then OpenSSL could end up calling our getentropy and getting stuck in a loop. Pointed out by deraadt@, ok djm@
* Actually put HAVE_STDINT_H around the stdint.h.Darren Tucker2022-08-081-2/+2
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-01 20:54:41 +0100