make realpath.c compile -Wsign-compare clean

Check if realpath works on nonexistent files.

On some platforms the native realpath doesn't work with non-existent
files (this is actually specified in some versions of POSIX), however

Check if realpath works on nonexistent files.

On some platforms the native realpath doesn't work with non-existent
files (this is actually specified in some versions of POSIX), however
the sftp spec says its realpath with "canonicalize any given path name".
On those platforms, use realpath from the compat library.

In addition, when compiling with -DFORTIFY_SOURCE, glibc redefines
the realpath symbol to the checked version, so redefine ours to
something else so we pick up the compat version we want.

bz#2428, ok djm@

show more ...

Replace strcpy with strlcpy.

ok djm, sanity check by Corinna Vinschen.

upstream commit

- tedu@cvs.openbsd.org 2015/01/12 03:20:04
[bcrypt_pbkdf.c]
rename blocks to words. bcrypt "blocks" are unrelated to blowfish blocks,
nor are th

upstream commit

- tedu@cvs.openbsd.org 2015/01/12 03:20:04
[bcrypt_pbkdf.c]
rename blocks to words. bcrypt "blocks" are unrelated to blowfish blocks,
nor are they the same size.

show more ...

upstream commit

- deraadt@cvs.openbsd.org 2015/01/08 00:30:07
[bcrypt_pbkdf.c]
declare a local version of MIN(), call it MINIMUM()

upstream commit

- djm@cvs.openbsd.org 2014/12/30 01:41:43
[bcrypt_pbkdf.c]
typo in comment: ouput => output

Put brackets around mblen() compat constant.

This might help with the reported problem cross compiling for Android
("error: expected identifier or '(' before numeric constant") but
s

Put brackets around mblen() compat constant.

This might help with the reported problem cross compiling for Android
("error: expected identifier or '(' before numeric constant") but
shouldn't hurt in any case.

show more ...

Wrap endian.h include inside ifdef (bz#2370).

Use do{}while(0) for no-op functions.

From FreeBSD.

Wrap blf.h include in ifdef. From FreeBSD.

Remove dependency on xmalloc.

Remove ssh_get_progname's dependency on xmalloc, which should reduce
link order problems. ok djm@

Move definition of _NSIG.

_NSIG is only unsed in one file, so move it there prevent redefinition
warnings reported by Kevin Brott.

Add AI_NUMERICSERV to fake-rfc2553.

Our getaddrinfo implementation always returns numeric values already.

Wrap stdint.h includes in ifdefs.

kludge around tun API mismatch betterer

unbreak across API change

support --without-openssl at configure time

Disables and removes dependency on OpenSSL. Many features don't
work and the set of crypto options is greatly restricted. This
will only w

support --without-openssl at configure time

Disables and removes dependency on OpenSSL. Many features don't
work and the set of crypto options is greatly restricted. This
will only work on system with native arc4random or /dev/urandom.

Considered highly experimental for now.

show more ...

support --without-openssl at configure time

Disables and removes dependency on OpenSSL. Many features don't
work and the set of crypto options is greatly restricted. This
will only w

support --without-openssl at configure time

Disables and removes dependency on OpenSSL. Many features don't
work and the set of crypto options is greatly restricted. This
will only work on system with native arc4random or /dev/urandom.

Considered highly experimental for now.

show more ...

avoid uninitialised free of ldns_res

If an invalid rdclass was passed to getrrsetbyname() then
this would execute a free on an uninitialised pointer.
OpenSSH only ever calls this wit

avoid uninitialised free of ldns_res

If an invalid rdclass was passed to getrrsetbyname() then
this would execute a free on an uninitialised pointer.
OpenSSH only ever calls this with a fixed and valid rdclass.

Reported by Joshua Rogers

show more ...

pull updated OpenBSD BCrypt PBKDF implementation

Includes fix for 1 byte output overflow for large key length
requests (not reachable in OpenSSH).

Pointed out by Joshua Rogers

upstream libc change

revision 1.2
date: 2014/12/08 03:45:00; author: bcook; state: Exp; lines: +2 -2; commitid: 7zWEBgJJOCZ2hvTV;
avoid left shift overflow in reallocarray.

upstream libc change

revision 1.2
date: 2014/12/08 03:45:00; author: bcook; state: Exp; lines: +2 -2; commitid: 7zWEBgJJOCZ2hvTV;
avoid left shift overflow in reallocarray.

Some 64-bit platforms (e.g. Windows 64) have a 32-bit long. So, shifting
1UL 32-bits to the left causes an overflow. This replaces the constant 1UL with
(size_t)1 so that we get the correct constant size for the platform.

discussed with tedu@ & deraadt@

show more ...

Add reallocarray to compat library

- (djm) [openbsd-compat/Makefile.in openbsd-compat/kludge-fd_set.c]
[openbsd-compat/openbsd-compat.h] Kludge around bad glibc
_FORTIFY_SOURCE check that doesn't grok heap-allocated fd_s

- (djm) [openbsd-compat/Makefile.in openbsd-compat/kludge-fd_set.c]
[openbsd-compat/openbsd-compat.h] Kludge around bad glibc
_FORTIFY_SOURCE check that doesn't grok heap-allocated fd_sets;
ok dtucker@

show more ...

- (djm) [openbsd-compat/arc4random.c] Zero seed after keying PRNG

- (djm) [openbsd-compat/openssl-compat.h] add include guard