similar to: [Bug 1050] getrrsetbyname compat broken

http://bugzilla.mindrot.org/show_bug.cgi?id=1111 Summary: memory leak in openbsd-compat/getrrsetbyname.c, function: getrrsetbyname Product: Portable OpenSSH Version: 4.2p1 Platform: Other OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo:

http://bugzilla.mindrot.org/show_bug.cgi?id=1299 Summary: Remove redefinition of _res in getrrsetbyname.c Product: Portable OpenSSH Version: 4.5p1 Platform: All OS/Version: NetBSD Status: NEW Keywords: patch Severity: major Priority: P2 Component: ssh AssignedTo: bitbucket at mindrot.org

Hello. I have an issue with SSHFP lookups using "VerifyHostKeyDNS=yes" and "options edns0" in /etc/resolv.conf (glib >= 2.6). getrrsetbyname() calls res_query() with a maximum buffer size of 65536. The glibc resolver truncates this value to 16 bits, reducing the query's advertised buffer size to 0. BIND appears to ignore it while Unbound returns a server failure.

I've been trying to figure out why I can't seem to use SSHFP fingerprints delivered via DNSSEC, which led me to try to figure out why OpenSSH won't use DNSSEC on my NetBSD-4-branch platform. It turns out that around line 70 in openbsd-compat/getrrsetbyname.c, we have the following: /* to avoid conflicts where a platform already has _res */ #ifdef _res # undef _res

http://bugzilla.mindrot.org/show_bug.cgi?id=1108 Summary: strdup from openbsd-compat/bsd-misc.c is broken Product: Portable OpenSSH Version: 4.2p1 Platform: All URL: http://www.freebsd.org/cgi/query-pr.cgi?pr=87067 OS/Version: other Status: NEW Severity: normal Priority: P2 Component:

http://bugzilla.mindrot.org/show_bug.cgi?id=1062 Summary: error: parse error before "volatile" Product: Portable OpenSSH Version: 4.1p1 Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: bitbucket at mindrot.org

Hi, as discussed before, we're trying to make use of SSHFP records (RFC 4255) to publish host key fingerprints in the DNS. However, some non-OpenBSD platforms don't support DNSSEC in the native resolver (e.g. glibc), which renders the whole thing quite useless, since openssh correctly requires the RRs to be signed and validated. The following patch adds support for ldns, an external

https://bugzilla.mindrot.org/show_bug.cgi?id=1455 Summary: ssh client ignoring ad bit in dns response - OSX 10.5 Classification: Unclassified Product: Portable OpenSSH Version: 4.9p1 Platform: ix86

Hi All. Haven't looked at this yet but it looks like the resolver changes broke AIX and HP-UX. -Daz. AIX 4.3.3.11: gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I.. -I../../openbsd-compat -I../../openbsd-compat/.. -I/usr/local/ssl/include -I/usr/local/include -DHAVE_CONFIG_H -c ../../openbsd-compat/getrrsetbyname.c ../../openbsd-compat/getrrsetbyname.c:133: warning: static

Hello I am attempting to build on a LynxOS platform and am using a old version of zlib and OpenSSL-0.9.6a. I get past the configure stage by ignoring the zlib version check. However, at make stage I run into the following undefineds. Any idea what may be causing this. I am using version 3.8p1 of OpenSSH. Thank you in advance for your response Amba (cd openbsd-compat && make)

http://bugzilla.mindrot.org/show_bug.cgi?id=1096 Summary: ssh-keygen broken on HPUX Product: Portable OpenSSH Version: 4.2p1 Platform: HPPA OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ssh-keygen AssignedTo: bitbucket at mindrot.org ReportedBy: o.flebbe at

https://bugzilla.mindrot.org/show_bug.cgi?id=2022 Bug #: 2022 Summary: ssh segfaults when using ldns, SSHFP, a DNSSEC-enabled resolver and a CNAME Classification: Unclassified Product: Portable OpenSSH Version: 6.0p1 Platform: All OS/Version: All Status: NEW Severity: normal

https://bugzilla.mindrot.org/show_bug.cgi?id=2603 Bug ID: 2603 Summary: Build with ldns and without kerberos support fails if ldns compiled with kerberos support Product: Portable OpenSSH Version: 7.3p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5

Dear developers, as reported earlier, recent versions of OpenSSH (4.3p1, 4.3p2 as well as the current CVS) on IRIX 5.3 exhibit a DNS resolution failure. Even for perfectly valid hostnames they return "no address associated with name". After some digging through the code I found what is causing this strange behaviour. Basically it was introduced with the following change:

Could someone with HEADER.ad in arpa/nameser.h please test the attached patch (against current) to see it it's detected. None of my platforms have the ad member. config.h will end up with "#define HAVE_HEADER_AD". -- Tim Rice Multitalents (707) 887-1469 tim at multitalents.net -------------- next part -------------- --- openssh/configure.ac.old 2003-09-08 06:33:33.000000000

hi, the following patch adds ssh tun support for Darwin/MacOS X (layer 2+3). I tested it with Darwin 8.0.1 x86 and MacOS X 10.4 Tiger PPC, I would like to see any tests from MacOS X users. It requires an external tun/tap driver, see below. reyk --- README.platform.orig 2006-02-13 20:22:04.000000000 -0800 +++ README.platform 2006-02-13 20:21:45.000000000 -0800 @@ -30,6 +30,18 @@ gcc,

Dear OpenSSH Developers, I'm a member of the Debian System Administration (DSA) team. [1] We manage the Debian Projects computing infrastructure. Recently, DSA had the opportunity to address a member's request that we begin using certificates to authenticate Debian Project machines to ssh clients. We provided a lengthy reply, the summary of which is "we publish SSHFP records; use

http://bugzilla.mindrot.org/show_bug.cgi?id=1048 Summary: scp.c xstrdup() memory leak? Product: Portable OpenSSH Version: 4.1p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: scp AssignedTo: bitbucket at mindrot.org ReportedBy: flatline at greyhat.nl

Hi, When building OpenSSH 5.2p1 on MacOSX 10.6.0, I get the following ld error gcc -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o sshconnect1.o sshconnect2.o mux.o -L. -Lopenbsd-compat/ -fstack-protector-all -lssh -lopenbsd-compat -lcrypto -lz Undefined symbols: "_res_9_query", referenced from: _getrrsetbyname in libopenbsd-compat.a(getrrsetbyname.o)

http://bugzilla.mindrot.org/show_bug.cgi?id=1347 Summary: LLONG_MAX v LONGLONG_MAX Product: Portable OpenSSH Version: 4.6p1 Platform: PPC OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: bitbucket at mindrot.org ReportedBy: David.Leonard at