similar to: [Bug 2581] New: Coverity patches from Fedora

Displaying 20 results from an estimated 2000 matches similar to: "[Bug 2581] New: Coverity patches from Fedora"

2014 Jun 06
1
Patch: Ciphers, MACs and KexAlgorithms on Match
Hi all, this is a patch to make Ciphers, MACs and KexAlgorithms available in Match blocks. Now I can reach a -current machine with some Android terminal app without changing the default ciphers for all clients: Match Address 192.168.1.2 Ciphers aes128-cbc MACs hmac-sha1 KexAlgorithms diffie-hellman-group-exchange-sha1 Index: servconf.c
2002 Nov 24
1
[PATCH] PamServiceNameAppend
Hello, Here's the situation I'm facing : I'm running OpenSSH on a server. On a gateway, I forward TCP:22 to the server TCP:22. So far, so good. I can log in from inside the lan by connecting using standard SSH port, or from the other network through the gateway. Now, I'd like a different configuration for connections from the outside. I start another SSHd on the
2002 Dec 05
1
patch to add a PAMServiceName config option
I append a patch against openssh-3.5p1.tar.gz which adds a config option PAMServiceName. The option allows one to specify the PAM service at runtime in the config file rather than using __progname or having it hardwired to SSHD_PAM_SERVICE at compile time. I expect this to be useful if one wants to run multiple instances of sshd using different PAM configurations. With this patch
2011 Jun 22
3
sandbox pre-auth privsep child
Hi, This patch (relative to -HEAD) defines an API to allow sandboxing of the pre-auth privsep child and a couple of sandbox implementations. The idea here is to heavily restrict what the network-face pre-auth process can do. This was the original intent behind dropping to a dedicated uid and chrooting to an empty directory, but even this still allows a compromised slave process to make new
2020 Jan 21
2
Instrumentation for metrics
On 21/01/20 8:44 pm, Damien Miller wrote: > On Tue, 21 Jan 2020, Philipp Marek wrote: > >>> This makes me think that the syslog approach is probably the way to go >> >> Yeah, right. >> Another idea is to mirror the current preauth load via setproctitle()... >> That makes that data accessible even without a syscall (at least the >> writing of the
2014 Sep 08
1
possible deadcodes in sources
Hello, we've run a coverity scan on the openssh sources and it found several issues. Although the scan was run on patched rhel sources, some results are applicable to vanilla sources too. * servconf.c:1458:dead_error_line ? Execution cannot reach this statement "*intptr = *intptr + 1;" --- a/servconf.c +++ b/servconf.c @@ -1451,12 +1451,8 @@
2014 Feb 10
0
[PATCH] Basic SCTP support for OpenSSH client and server
This patch allows the OpenSSH client to make connections over SCTP, and allows the OpenSSH server to listen for connections over SCTP. SCTP is a robust transport-layer protocol which supports, amongst other things, the changing of endpoint IPs without breaking the connection. To connect via SCTP, pass -H or set "ConnectViaSCTP yes". To listen via SCTP as well as TCP, set
2017 Mar 02
64
[Bug 2687] New: Coverity scan fixes
https://bugzilla.mindrot.org/show_bug.cgi?id=2687 Bug ID: 2687 Summary: Coverity scan fixes Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at mindrot.org
2017 Mar 08
2
FreeBSD Coverity scan issues in OpenSSH -> how to contribute back patches?
Hi, FreeBSD runs a Coverity static analysis scan on a weekly basis to determine whether or not there are issues within the software that we ship with FreeBSD. After the latest upgrade (to 7.4p1) I noticed that there are some new issues in SSH. We (FreeBSD) have some local modifications to OpenSSH that are maintained for features or behavior (I believe), so I?ll need to go through our patchset
2015 Jan 30
5
[Bug 2346] New: sshd -T doesn't write all configuration options in valid format
https://bugzilla.mindrot.org/show_bug.cgi?id=2346 Bug ID: 2346 Summary: sshd -T doesn't write all configuration options in valid format Product: Portable OpenSSH Version: 6.7p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component:
2013 Jan 10
1
how to generate a matrix by an my data.frame
Dear All It is a little hard to give a good small example of my question,so I will show the full data on the bottom and the attachment.Maybe some one could tell me an appropriate way to show it.I'm sorry for the inconvenience. Q:How to generate a 53*53 diagonal matrix by my data Some problems confused me are that: 1.Since it is a diagonal matrix,I have tried to transform col1 and col2 to
2012 Jul 02
1
rlimit sandbox on cygwin
Hi all. I have an old windows VM with an oldish cygwin that I use for the regression tests. Investigating one of the test failures, I see that it's for UsePrivilegeSeparation=sandbox, and it seems to be because setrlimit(RLIMIT_FSIZE, ...) is not supported. IMO, this isn't a big loss, since the most useful thing in the rlimit "sandbox" is the descriptor limits. Can anyone see
2002 Apr 26
0
PAM keyboard-interactive
The following patch (relative to -current) makes PAM a proper kbd-interactive citizen. There are a few limitations (grep for todo), but the code seems to work OK for protocols 1 & 2 with and without privsep. Please have a play! auth2-pam.c is based on code from FreeBSD. Index: auth2-chall.c =================================================================== RCS file:
2002 Jul 02
3
New PAM kbd-int diff
Below is a new PAM kbd-int diff based on FreeBSD's code. This code makes PAM kbd-int work with privilege separation. Contrary to what I have previously stated - it *does* handle multiple prompts. What it does not handle is multiple passes through the PAM conversation function, which would be required for expired password changing. I would really appreciate some additional eyes over the
2022 Dec 20
37
[Bug 3512] New: net-misc/openssh-9.1_p1: stopped accepting connections after upgrade to sys-libs/glibc-2.36 (fatal: ssh_sandbox_violation: unexpected system call)
https://bugzilla.mindrot.org/show_bug.cgi?id=3512 Bug ID: 3512 Summary: net-misc/openssh-9.1_p1: stopped accepting connections after upgrade to sys-libs/glibc-2.36 (fatal: ssh_sandbox_violation: unexpected system call) Product: Portable OpenSSH Version: 9.1p1 Hardware: amd64 OS: Linux
2007 May 19
1
Coverity and libvorbis
Hi all, I'm not sure if you are aware, but libvorbis has been scanned by the Coverity static analysis team : http://scan.coverity.com/ For libvorbis, it found 8 possible bugs. To fix these bugs Coverity need a repesentative from the project to contact them for access to the coverity reporting facilities. The reason I am keen to see Xiph take up this challenge is that when all
2006 May 10
0
Coverity Open Source Defect Scan of Icecast
Hello Icecast Developers, I'm the CTO of Coverity, Inc., a company that does static source code analysis to look for defects in code. You may have heard of us or of our technology from its days at Stanford (the "Stanford Checker"). The reason I'm writing is because we have set up a framework internally to continually scan open source projects and provide the results of
2012 Jan 10
1
[nut-commits] svn commit r3383 - branches/coverity
Hi Michal 2012/1/10 Michal Hlavinka <mihl-guest at alioth.debian.org> > Author: mihl-guest > Date: Tue Jan 10 09:10:04 2012 > New Revision: 3383 > URL: http://trac.networkupstools.org/projects/nut/changeset/3383 > > Log: > Creating a branch for Coverity reported problems > I'm very interested there! Have you been able to get NUT part of the Coverity Scan
2013 Oct 20
0
[LLVMdev] Some news about apt, QA, Coverity, etc
Hello, Some news about the various QA and packaging tools. * Ubuntu Saucy nightly packages are now also available on http://llvm.org/apt * All distributions have new packages: - lldb-3.4-dev - contains the LLDB headers to build software on top of this - python-clang-3.4 - provides the python / clang bindings * polly is built again but, for now, only for Debian unstable (I have to backport
2018 Jun 14
4
[PATCH nbdkit 0/2] Fix a couple of problems found by Coverity.
There are a few other issues that Coverity found, but I believe all can be ignored ... except one: We don't set umask anywhere inside nbdkit. Coverity complains that this is a problem where we create temporary files, since the result of mkstemp depends implicitly on the umask value. I think we might consider setting umask anyway (eg. to 022) just to make plugin behaviour more predictable.