Displaying 20 results from an estimated 2000 matches similar to: "[Bug 2581] New: Coverity patches from Fedora"
2014 Jun 06
1
Patch: Ciphers, MACs and KexAlgorithms on Match
Hi all,
this is a patch to make Ciphers, MACs and KexAlgorithms available in
Match blocks. Now I can reach a -current machine with some Android
terminal app without changing the default ciphers for all clients:
Match Address 192.168.1.2
Ciphers aes128-cbc
MACs hmac-sha1
KexAlgorithms diffie-hellman-group-exchange-sha1
Index: servconf.c
2002 Nov 24
1
[PATCH] PamServiceNameAppend
Hello,
Here's the situation I'm facing : I'm running OpenSSH on a server. On
a gateway, I forward TCP:22 to the server TCP:22. So far, so good. I can
log in from inside the lan by connecting using standard SSH port, or
from the other network through the gateway.
Now, I'd like a different configuration for connections from the
outside. I start another SSHd on the
2002 Dec 05
1
patch to add a PAMServiceName config option
I append a patch against openssh-3.5p1.tar.gz which adds a config option
PAMServiceName. The option allows one to specify the PAM service at
runtime in the config file rather than using __progname or having it
hardwired to SSHD_PAM_SERVICE at compile time. I expect this to be useful
if one wants to run multiple instances of sshd using different PAM
configurations.
With this patch
2011 Jun 22
3
sandbox pre-auth privsep child
Hi,
This patch (relative to -HEAD) defines an API to allow sandboxing of the
pre-auth privsep child and a couple of sandbox implementations.
The idea here is to heavily restrict what the network-face pre-auth
process can do. This was the original intent behind dropping to a
dedicated uid and chrooting to an empty directory, but even this still
allows a compromised slave process to make new
2020 Jan 21
2
Instrumentation for metrics
On 21/01/20 8:44 pm, Damien Miller wrote:
> On Tue, 21 Jan 2020, Philipp Marek wrote:
>
>>> This makes me think that the syslog approach is probably the way to go
>>
>> Yeah, right.
>> Another idea is to mirror the current preauth load via setproctitle()...
>> That makes that data accessible even without a syscall (at least the
>> writing of the
2014 Sep 08
1
possible deadcodes in sources
Hello,
we've run a coverity scan on the openssh sources and it found several
issues. Although the scan was run on patched rhel sources, some results are applicable to vanilla sources
too.
* servconf.c:1458:dead_error_line ? Execution cannot reach this statement "*intptr = *intptr + 1;"
--- a/servconf.c
+++ b/servconf.c
@@ -1451,12 +1451,8 @@
2014 Feb 10
0
[PATCH] Basic SCTP support for OpenSSH client and server
This patch allows the OpenSSH client to make connections over SCTP,
and allows the OpenSSH server to listen for connections over SCTP.
SCTP is a robust transport-layer protocol which supports, amongst other things,
the changing of endpoint IPs without breaking the connection.
To connect via SCTP, pass -H or set "ConnectViaSCTP yes".
To listen via SCTP as well as TCP, set
2017 Mar 02
64
[Bug 2687] New: Coverity scan fixes
https://bugzilla.mindrot.org/show_bug.cgi?id=2687
Bug ID: 2687
Summary: Coverity scan fixes
Product: Portable OpenSSH
Version: 7.4p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: Miscellaneous
Assignee: unassigned-bugs at mindrot.org
2017 Mar 08
2
FreeBSD Coverity scan issues in OpenSSH -> how to contribute back patches?
Hi,
FreeBSD runs a Coverity static analysis scan on a weekly basis to determine whether or not there are issues within the software that we ship with FreeBSD. After the latest upgrade (to 7.4p1) I noticed that there are some new issues in SSH.
We (FreeBSD) have some local modifications to OpenSSH that are maintained for features or behavior (I believe), so I?ll need to go through our patchset
2015 Jan 30
5
[Bug 2346] New: sshd -T doesn't write all configuration options in valid format
https://bugzilla.mindrot.org/show_bug.cgi?id=2346
Bug ID: 2346
Summary: sshd -T doesn't write all configuration options in
valid format
Product: Portable OpenSSH
Version: 6.7p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component:
2013 Jan 10
1
how to generate a matrix by an my data.frame
Dear All
It is a little hard to give a good small example of my question,so I
will show the full data on the bottom and the attachment.Maybe some
one could tell me an appropriate way
to show it.I'm sorry for the inconvenience.
Q:How to generate a 53*53 diagonal matrix by my data
Some problems confused me are that:
1.Since it is a diagonal matrix,I have tried to transform col1 and
col2 to
2012 Jul 02
1
rlimit sandbox on cygwin
Hi all.
I have an old windows VM with an oldish cygwin that I use for the
regression tests. Investigating one of the test failures, I see that
it's for UsePrivilegeSeparation=sandbox, and it seems to be because
setrlimit(RLIMIT_FSIZE, ...) is not supported.
IMO, this isn't a big loss, since the most useful thing in the rlimit
"sandbox" is the descriptor limits. Can anyone see
2002 Apr 26
0
PAM keyboard-interactive
The following patch (relative to -current) makes PAM a proper
kbd-interactive citizen. There are a few limitations (grep for todo), but
the code seems to work OK for protocols 1 & 2 with and without privsep.
Please have a play!
auth2-pam.c is based on code from FreeBSD.
Index: auth2-chall.c
===================================================================
RCS file:
2002 Jul 02
3
New PAM kbd-int diff
Below is a new PAM kbd-int diff based on FreeBSD's code. This code makes
PAM kbd-int work with privilege separation.
Contrary to what I have previously stated - it *does* handle multiple
prompts. What it does not handle is multiple passes through the PAM
conversation function, which would be required for expired password
changing.
I would really appreciate some additional eyes over the
2022 Dec 20
37
[Bug 3512] New: net-misc/openssh-9.1_p1: stopped accepting connections after upgrade to sys-libs/glibc-2.36 (fatal: ssh_sandbox_violation: unexpected system call)
https://bugzilla.mindrot.org/show_bug.cgi?id=3512
Bug ID: 3512
Summary: net-misc/openssh-9.1_p1: stopped accepting connections
after upgrade to sys-libs/glibc-2.36 (fatal:
ssh_sandbox_violation: unexpected system call)
Product: Portable OpenSSH
Version: 9.1p1
Hardware: amd64
OS: Linux
2007 May 19
1
Coverity and libvorbis
Hi all,
I'm not sure if you are aware, but libvorbis has been scanned by the
Coverity static analysis team :
http://scan.coverity.com/
For libvorbis, it found 8 possible bugs.
To fix these bugs Coverity need a repesentative from the project to
contact them for access to the coverity reporting facilities.
The reason I am keen to see Xiph take up this challenge is that when
all
2006 May 10
0
Coverity Open Source Defect Scan of Icecast
Hello Icecast Developers,
I'm the CTO of Coverity, Inc., a company that does static source code
analysis to look for defects in code. You may have heard of us or of our
technology from its days at Stanford (the "Stanford Checker"). The
reason I'm writing is because we have set up a framework internally to
continually scan open source projects and provide the results of
2012 Jan 10
1
[nut-commits] svn commit r3383 - branches/coverity
Hi Michal
2012/1/10 Michal Hlavinka <mihl-guest at alioth.debian.org>
> Author: mihl-guest
> Date: Tue Jan 10 09:10:04 2012
> New Revision: 3383
> URL: http://trac.networkupstools.org/projects/nut/changeset/3383
>
> Log:
> Creating a branch for Coverity reported problems
>
I'm very interested there!
Have you been able to get NUT part of the Coverity Scan
2013 Oct 20
0
[LLVMdev] Some news about apt, QA, Coverity, etc
Hello,
Some news about the various QA and packaging tools.
* Ubuntu Saucy nightly packages are now also available on
http://llvm.org/apt
* All distributions have new packages:
- lldb-3.4-dev - contains the LLDB headers to build software on top of this
- python-clang-3.4 - provides the python / clang bindings
* polly is built again but, for now, only for Debian unstable (I have to
backport
2018 Jun 14
4
[PATCH nbdkit 0/2] Fix a couple of problems found by Coverity.
There are a few other issues that Coverity found, but I believe
all can be ignored ... except one:
We don't set umask anywhere inside nbdkit. Coverity complains that
this is a problem where we create temporary files, since the result of
mkstemp depends implicitly on the umask value. I think we might
consider setting umask anyway (eg. to 022) just to make plugin
behaviour more predictable.