From 6849957945754e6551e515f41e8cf3937cda222d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 1 Jul 2024 14:36:28 +1000 Subject: [PATCH] autogenerated files for release --- .gitignore | 6 - ChangeLog | 8666 +++++++++++++ aclocal.m4 | 15 + config.h.in | 2051 ++++ configure | 27691 ++++++++++++++++++++++++++++++++++++++++++ moduli.0 | 74 + scp.0 | 232 + sftp-server.0 | 98 + sftp.0 | 438 + ssh-add.0 | 209 + ssh-agent.0 | 140 + ssh-keygen.0 | 907 ++ ssh-keyscan.0 | 123 + ssh-keysign.0 | 50 + ssh-pkcs11-helper.0 | 35 + ssh-sk-helper.0 | 34 + ssh.0 | 1019 ++ ssh_config.0 | 1431 +++ sshd.0 | 685 ++ sshd_config.0 | 1393 +++ 20 files changed, 45291 insertions(+), 6 deletions(-) create mode 100644 ChangeLog create mode 100644 aclocal.m4 create mode 100644 config.h.in create mode 100755 configure create mode 100644 moduli.0 create mode 100644 scp.0 create mode 100644 sftp-server.0 create mode 100644 sftp.0 create mode 100644 ssh-add.0 create mode 100644 ssh-agent.0 create mode 100644 ssh-keygen.0 create mode 100644 ssh-keyscan.0 create mode 100644 ssh-keysign.0 create mode 100644 ssh-pkcs11-helper.0 create mode 100644 ssh-sk-helper.0 create mode 100644 ssh.0 create mode 100644 ssh_config.0 create mode 100644 sshd.0 create mode 100644 sshd_config.0 diff --git a/.gitignore b/.gitignore index 213041656..41d505c46 100644 --- a/.gitignore +++ b/.gitignore @@ -33,9 +33,3 @@ sshd !regress/unittests/sshsig/Makefile tags -# Ignored on main branch -config.h.in -configure -aclocal.m4 -ChangeLog -**/*.0 diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 000000000..a1a526517 --- /dev/null +++ b/ChangeLog @@ -0,0 +1,8666 @@ +commit fa41f6592ff1b6ead4a652ac75af31eabb05b912 +Author: Damien Miller +Date: Mon Jul 1 14:33:26 2024 +1000 + + version numbers + +commit bfebb8a5130a792c5356bd06e1ddef72a0a0449f +Author: djm@openbsd.org +Date: Mon Jul 1 04:31:59 2024 +0000 + + upstream: openssh-9.8 + + OpenBSD-Commit-ID: 5f8b89e38a4c5f7c6d52ffa19f796d49f36fab19 + +commit 146c420d29d055cc75c8606327a1cf8439fe3a08 +Author: djm@openbsd.org +Date: Mon Jul 1 04:31:17 2024 +0000 + + upstream: when sending ObscureKeystrokeTiming chaff packets, we + + can't rely on channel_did_enqueue to tell that there is data to send. This + flag indicates that the channels code enqueued a packet on _this_ ppoll() + iteration, not that data was enqueued in _any_ ppoll() iteration in the + timeslice. ok markus@ + + OpenBSD-Commit-ID: 009b74fd2769b36b5284a0188ade182f00564136 + +commit 637e4dfea4ed81264e264b6200172ce319c64ead +Author: djm@openbsd.org +Date: Mon Jul 1 03:10:19 2024 +0000 + + upstream: use "lcd" to change directory before "lls" rather then "cd", + + since the directory we're trying to list is local. Spotted by Corinna + Vinschen + + OpenBSD-Regress-ID: 821feca4a4bebe491944e624c8f7f2990b891415 + +commit c8cfe258cee0b8466ea84597bf15e1fcff3bc328 +Author: djm@openbsd.org +Date: Thu Jun 27 23:01:15 2024 +0000 + + upstream: delete obsolete comment + + OpenBSD-Commit-ID: 5fb04f298ed155053f3fbfdf0c6fe7cdf84bbfa2 + +commit 94b9d37100f6fa536aaa1d1a0e4926fe44fbf04d +Author: djm@openbsd.org +Date: Thu Jun 27 22:36:44 2024 +0000 + + upstream: retire unused API + + OpenBSD-Commit-ID: 3e30d7b0615e2707f6bbe70f61b1c2f72f78161b + +commit 268c3a7f5783e731ed60f4e28da66ee3743581d3 +Author: jmc@openbsd.org +Date: Thu Jun 27 21:02:16 2024 +0000 + + upstream: ssl(8) no longer contains a HISTORY section; + + OpenBSD-Commit-ID: 83b7ff34433d79595e9c2a5d2a561a6660251245 + +commit 12b6cc09ce6c430681f03af2a8069e37a664690b +Author: djm@openbsd.org +Date: Wed Jun 26 23:47:46 2024 +0000 + + upstream: move child process waitpid() loop out of SIGCHLD handler; + + ok deraadt + + OpenBSD-Commit-ID: 65815a39564e431414aed7c5ace8076f4e9ca741 + +commit d6bcd13297c2ab8b528df5a6898f994734849031 +Author: deraadt@openbsd.org +Date: Wed Jun 26 23:16:52 2024 +0000 + + upstream: Instead of using possibly complex ssh_signal(), write all + + the parts of the grace_alarm_handler() using the exact things allowed by the + signal-safe rules. This is a good rule of thumb: Handlers should be written + to either set a global volatile sig_atomic_t inspected from outside, and/or + directly perform only safe operations listed in our sigaction(2) manual page. + ok djm markus + + OpenBSD-Commit-ID: 14168ae8368aab76e4ed79e17a667cb46f404ecd + +commit b8793e2b0851f7d71b97554fa5260b23796d6277 +Author: deraadt@openbsd.org +Date: Wed Jun 26 23:14:14 2024 +0000 + + upstream: save_errno wrappers inside two small signal handlers that + + perform system calls, for systems with libc that do perform libc sigtramps. + ok djm markus + + OpenBSD-Commit-ID: 7749b56419a7c9dcfe4c6c04811e429813346c62 + +commit f23e9332c4c8df37465c4a4f38275ea98980ed7e +Author: jmc@openbsd.org +Date: Mon Jun 24 06:59:39 2024 +0000 + + upstream: - uppercase start of sentence - correct sentence grammar + + ok djm + + OpenBSD-Commit-ID: 1ec4b0fdb633a43667f2c8fff1d600bd647dde25 + +commit 1839e3eb71a759aa795602c1e4196300f4ac2615 +Author: djm@openbsd.org +Date: Mon Jun 24 04:05:11 2024 +0000 + + upstream: mention SshdSessionPath option + + OpenBSD-Commit-ID: c29734d36c21003973b15c1c9965c35f36cef30c + +commit 603193e32aef5db7d60c58066d5de89806e79312 +Author: Darren Tucker +Date: Thu Jun 20 18:45:14 2024 +1000 + + Rerun upstream tests on .sh file changes too. + +commit dbbf9337c19381786a8e5a8a49152fe6b80c780d +Author: dtucker@openbsd.org +Date: Thu Jun 20 08:23:18 2024 +0000 + + upstream: Work around dbclient cipher/mac query bug. + + Unlike earlier versions, recent Dropbear (at least v2024.85) requires + a host arg when querying supported ciphers and macs via "-c/-m + help". Earlier versions accept but do not require it, so always + provide it. If these queries fail, skip the test with a warning. + + OpenBSD-Regress-ID: 98eb863a3f0363416922efb273885e6b3c7f68d4 + +commit 8de2c8cebc46bbdb94b7a2c120fcadfb66a3cccc +Author: dtucker@openbsd.org +Date: Thu Jun 20 08:18:34 2024 +0000 + + upstream: Remove dropbear key types not supported + + by current OpenSSH. Allows subsequent test runs to work if OpenSSH is + rebuilt w/out OpenSSL. + + OpenBSD-Regress-ID: e0129eb2b1d31771105903a8055216fbba20a770 + +commit e9b6471c59b21e5d9ef1b3832d4bf727338add85 +Author: djm@openbsd.org +Date: Thu Jun 20 00:18:05 2024 +0000 + + upstream: stricter check for overfull tables in penalty record path + + OpenBSD-Commit-ID: 7df01e648a0723418c554e64a9f2b6d38db060a6 + +commit d9336d344eb2a1e898c5e66147b3f108c7214694 +Author: djm@openbsd.org +Date: Wed Jun 19 23:24:47 2024 +0000 + + upstream: put back reaping of preauth child process when writes + + from the monitor fail. Not sure how this got lost in the avalanche of + patches. + + OpenBSD-Commit-ID: eb7eb36371e1ac01050b32b70fb2b3e5d98e72f5 + +commit 579d9adb70ec0206a788eb5c63804c31a67e9310 +Author: naddy@openbsd.org +Date: Mon Jun 17 13:50:18 2024 +0000 + + upstream: remove one more mention of DSA + + OpenBSD-Commit-ID: 8515f55a15f02836ba657df341415f63c60526ca + +commit 7089b5f8436ef0b8d3d3ad9ce01045fb9e7aab15 +Author: Darren Tucker +Date: Wed Jun 19 23:09:05 2024 +1000 + + Move -f to the place needed to restart sshd. + +commit d5f83cfd852b14a25f347f082ab539a9454702ad +Author: Darren Tucker +Date: Wed Jun 19 21:04:01 2024 +1000 + + Need to supply "-f" to restart sshd. + +commit fad34b4ca25c0ef31e5aa841d461b6f21da5b8c1 +Author: dtucker@openbsd.org +Date: Wed Jun 19 10:15:51 2024 +0000 + + upstream: Provide defaults for ciphers and macs + + if querying for them fails since on some versions of Dropbear (at least + v2024.85) "-m help" doesn't seem to work. Enable all supported pubkey + algorithms in the server. + + OpenBSD-Regress-ID: 4f95556a49ee9f621789f25217c367a33d2745ca + +commit 5521060e35ada9f957cecdddc06d0524e75409ef +Author: dtucker@openbsd.org +Date: Wed Jun 19 10:10:46 2024 +0000 + + upstream: Use ed25519 keys for kex tests + + since that's supported by OpenSSH even when built without OpenSSL. + Only test diffie-hellman kex if OpenSSH is compiled with support for it. + + OpenBSD-Regress-ID: a5d09ef9bbd171f9e4ec73ed0d9eeb49a8878e97 + +commit dbd3b833f6e3815e58f2dc6e14f61a51bcd4d6bd +Author: dtucker@openbsd.org +Date: Wed Jun 19 10:08:34 2024 +0000 + + upstream: Rework dropbear key setup + + to always generate ed25519 keys, other types only if OpenSSH has support + for the corresponding key type. + + OpenBSD-Regress-ID: 8f91f12604cddb9f8d93aa34f3f93a3f6074395d + +commit d6218504e11ae9148adf410fc69b0710a052be36 +Author: Darren Tucker +Date: Wed Jun 19 20:20:24 2024 +1000 + + Restart sshd after installing it for testing. + + When installing an sshd built without OpenSSL the mismatch between + the running sshd and newly installed sshd-session will cause the + remainder of the test to fail. + +commit 786a4465b6bb702daf4fb17b7c3bcb42b52f0b46 +Author: Darren Tucker +Date: Tue Jun 18 19:59:59 2024 +1000 + + Remove macos-11 runner. + + Github is retiring them soon. + +commit df1c72a55edbebac14363b57de66ac6a147ecc67 +Author: Damien Miller +Date: Wed Jun 19 09:34:34 2024 +1000 + + PAMServiceName may appear in a Match block + +commit de1c2e70e5a5dc3c8d2fe04b24cc93d8ef6930e7 +Author: dtucker@openbsd.org +Date: Tue Jun 18 08:11:48 2024 +0000 + + upstream: Re-enable ssh-dss tests + + ... if ssh is compiled with DSA support + + OpenBSD-Regress-ID: bbfaf8c17f2b50a2d46ac35cb97af99b990c990d + +commit dabc2c7cf3c141e8e5d5a1a60d6c1d2d2422cf43 +Author: anton@openbsd.org +Date: Tue Jun 18 06:14:27 2024 +0000 + + upstream: Stop using DSA in dropbear interop tests. + + OpenBSD-Regress-ID: abfd4457d99d8cc1417fd22ca2c570270f74c1cf + +commit 761438012710169445acc179e3870c53c862bda0 +Author: Damien Miller +Date: Tue Jun 18 12:29:45 2024 +1000 + + missed a bit of DSA in the fuzzer + +commit 3f9cc47da588e8de520720e59f98438043fdaf93 +Author: Damien Miller +Date: Tue Jun 18 09:35:53 2024 +1000 + + DSA support is disabled, so remove from fuzzers + +commit 00eb95957dea5484b2c7c043f7d2bbc87301bef2 +Author: djm@openbsd.org +Date: Mon Jun 17 08:30:29 2024 +0000 + + upstream: disable the DSA signature algorithm by default; ok + + markus@ + + (yes, I know this expands to "the Digitial Signature Algorithm + signature algorithm) + + OpenBSD-Commit-ID: 961ef594e46dd2dcade8dd5721fa565cee79ffed + +commit 5603befe11c9464ea26fe77cbacc95a7cc0b1ea7 +Author: djm@openbsd.org +Date: Mon Jun 17 08:28:31 2024 +0000 + + upstream: promote connection-closed messages from verbose to info + + log level; they could be the only record of the connection terminating if the + client doesn't send a SSH2_MSG_DISCONNECT message. ok dtucker@ + + OpenBSD-Commit-ID: 0c8bfaf5e9fdff945cee09ac21e641f6c5d65d3c + +commit b00331402fe5c60d577f3ffcc35e49286cdc6b47 +Author: Damien Miller +Date: Mon Jun 17 17:02:18 2024 +1000 + + propagate PAM crashes to PerSourcePenalties + + If the PAM subprocess crashes, exit with a crash status that will be + picked up by the sshd(8) listener process where it can be used by + PerSourcePenalties to block the client. This is similar handling to + the privsep preauth process. + +commit 1c207f456ace38987deda047758d13fbf857f948 +Author: Damien Miller +Date: Mon Jun 17 15:06:01 2024 +1000 + + minix doesn't have loopback, so skip penalty tests + + pointed out by dtucker@ + +commit 48443d202eaec52d4d39defdd709a4499a7140c6 +Author: djm@openbsd.org +Date: Sun Jun 16 11:54:49 2024 +0000 + + upstream: same treatment for this test + + OpenBSD-Regress-ID: d0cc9efca7833e673ea7b0cb3a679a3acee8d4c7 + +commit 45562a95ea11d328c22d97bf39401cd29684fb1f +Author: djm@openbsd.org +Date: Sun Jun 16 08:18:06 2024 +0000 + + upstream: penalty test is still a bit racy + + OpenBSD-Regress-ID: 90c9ac224db454637baf1ebee5857e007321e824 + +commit 8d0f7eb147ef72d18acb16c0b18672d44941a8ca +Author: djm@openbsd.org +Date: Sat Jun 15 03:59:10 2024 +0000 + + upstream: crank up penalty timeouts so this should work on even the + + slowest of test builders + + OpenBSD-Regress-ID: 70bda39c83e3fc9d0f3c1fad4542ed33e173d468 + +commit 93c75471a1202ab3e29db6938648d4e2602c0475 +Author: jmc@openbsd.org +Date: Fri Jun 14 05:20:34 2024 +0000 + + upstream: sort -q in the options list; + + OpenBSD-Commit-ID: 6839b38378f38f754de638a5e988c13b4164cc7c + +commit dd7807bbe80a93ffb4616f2bd5cf83ad5a5595fb +Author: djm@openbsd.org +Date: Fri Jun 14 05:01:22 2024 +0000 + + upstream: clarify KEXAlgorithms supported vs available. Inspired by + + bz3701 from Colin Watson. + + OpenBSD-Commit-ID: e698e69bea19bd52971d253f2b1094490c4701f7 + +commit d172ad56df85b68316dbadbedad16761a1265874 +Author: djm@openbsd.org +Date: Fri Jun 14 05:00:42 2024 +0000 + + upstream: ssh-keyscan -q man bits + + OpenBSD-Commit-ID: ba28d0e1ac609a4c99c453e57e86560c79079db1 + +commit 092e4ff9ccaacbe035f286feb1b56ed499604743 +Author: Damien Miller +Date: Fri Jun 14 14:46:35 2024 +1000 + + skip penalty-expire test in valgrind test env + +commit 2866ad08a9c50d7b67ce9424ca990532b806a21a +Author: djm@openbsd.org +Date: Fri Jun 14 04:43:11 2024 +0000 + + upstream: split the PerSourcePenalties test in two: one tests penalty + + enforcement but not penalty expiry, the other tests penalty expiry. + + This lets us disable the expiry testing in certain CI test environments. + + OpenBSD-Regress-ID: f56811064f3e3cb52ee73a206b8c2a06af1c8791 + +commit b2c64bc170d75823622a37cab3ca1804ca87ad16 +Author: Damien Miller +Date: Fri Jun 14 14:19:23 2024 +1000 + + add a sshd_config PamServiceName option + + Allows selecting which PAM service name to use when UsePAM is + enabled. Defaults to "sshd" unless overridden at compile time + by defining SSHD_PAM_SERVICE. + + bz2102, ok dtucker@ + +commit 9f032a4dd17bf0ae6066223d82aa5e784285d987 +Author: djm@openbsd.org +Date: Fri Jun 14 00:26:12 2024 +0000 + + upstream: don't redirect stderr for ssh-keyscan we expect to succeed + + OpenBSD-Regress-ID: 8878b8eb4e070ed2e343166d3eb86db4a08a216c + +commit 1e84d0cf40e94ae3a77d6a7ca8c036d8e3d55a40 +Author: djm@openbsd.org +Date: Fri Jun 14 00:25:25 2024 +0000 + + upstream: make host/banner comments go to stderr instead of stdout, + + so they are useful as comments without extra shell redirection and so they + don't clutter actual errors on stderr. + + Add a -q flag to shut them up. + + ok dtucker@ + + OpenBSD-Commit-ID: bec813de56a71adb5c1a76adcf49621130d24264 + +commit 3e806d011855d6bd648ec95b9df630ebbd11c3bf +Author: naddy@openbsd.org +Date: Thu Jun 13 15:06:33 2024 +0000 + + upstream: separate keywords with comma + + OpenBSD-Commit-ID: d65a99666202a8188c4991c18d14374a229f7be5 + +commit abfd1f7a3cbd0a92581a0febba254b2f6649c0d9 +Author: djm@openbsd.org +Date: Fri Jun 14 00:23:55 2024 +0000 + + upstream: specify an algorithm for ssh-keyscan, otherwise it will make + + multiple attempts simultaneously and confuse the test + + OpenBSD-Regress-ID: 6e910f3315c4345053db1bf5cbf61826b194d0b9 + +commit a8fbe2f7d0d96d299ee8e69769e3b51067978748 +Author: Damien Miller +Date: Thu Jun 13 16:41:29 2024 +1000 + + sshd: don't use argv[0] as PAM service name + + sshd would implicitly use argv[0] as the PAM service name to + allow people to select different PAM service names by making + differently-named copies/links to the sshd binary. + + Splitting sshd into sshd/sshd-session broke this, as the process + that starts PAM is always sshd-session and the user has no control + over this. + + Hardcode "sshd" as the default PAM service name unless/until we + figure out a better way. Should unbreak OSX integration tests. + +commit bf204bd05c3ae650f87e2b96527688579f59774c +Author: Damien Miller +Date: Thu Jun 13 15:00:28 2024 +1000 + + prepare for checking in autogenerated files + + We plan to check in automatically generated files (config.h.in, etc) on + release branches. These files are normally ignored by .gitignore, but + this shuffles the contents of this file to make it easy to un-ignore + them. + +commit 425f79a837489904c343b349ef00e09aeaa4e752 +Author: Damien Miller +Date: Thu Jun 13 14:41:33 2024 +1000 + + typo in comment + +commit afe10313c1fa8d478af399ee7d54c8f85503013b +Author: Damien Miller +Date: Thu Jun 13 14:35:25 2024 +1000 + + fix PTY allocation on Cygwin, broken by sshd split + + Cygwin doesn't support FD passing and so used to disable post-auth + privilege separation entirely because privsep requires PTY allocation + to happen in the privileged monitor process with the PTY file + descriptors being passed back to the unprivileged process. + + This brings back a minimal version of the previous special treatment + for Cygwin (and any other platform that sets DISABLE_FD_PASSING): + privilege separation remains enabled, but PTY allocation happens in + the post-auth user process rather than the monitor. + + This either requires PTY allocation to not need privilege to begin + with (this appears to be the case on Cygwin), or the post-auth + privsep process retain privilege (other platforms that set the + DISABLE_FD_PASSING option). + + Keeping privileges here is bad, but the non-Cygwin systems that set + DISABLE_FD_PASSING are so deeply legacy that this is likely to be the + least of their problems. + +commit f66d4df5749551380a8c4ae642347675a0b6a2e9 +Author: Damien Miller +Date: Thu Jun 13 11:33:09 2024 +1000 + + delay lookup of privsep user until config loaded + + sshd-session attempting to use options.kerberos_authentication to + decide whether it needed to lookup the privsep user before the + configuration was loaded. This caused it to get a placeholder value + that caused it always to try to lookup the privsep user, breaking at + least one test environment. + +commit f1c42858b94f5d9b58867b34dce3afb39c6b56a8 +Author: Damien Miller +Date: Thu Jun 13 11:16:57 2024 +1000 + + missing file for PerSourcePenalties regress test + +commit 4de80ff4e6fab5a6bb0028e7d57c6c23d1485adb +Author: djm@openbsd.org +Date: Wed Jun 12 22:36:00 2024 +0000 + + upstream: split PerSourcePenalties address tracking. Previously it + + used one shared table and overflow policy for IPv4 and IPv6 addresses, now it + will use separate tables and optionally different overflow policies. + + This prevents misbehaviour from IPv6 addresses (which are vastly easier + to obtain many of) from affecting IPv4 connections and may allow for + stricter overflow policies. + + ok deraadt@ + + OpenBSD-Commit-ID: 12637ed0aa4d5f1f3e702da42ea967cbd8bfdfd9 + +commit 06ab4c6931b0aaa4334db2faaa7e1069e76d0df6 +Author: jmc@openbsd.org +Date: Tue Jun 11 05:24:39 2024 +0000 + + upstream: do not mark up "(default: 20ms)"; + + OpenBSD-Commit-ID: 54151ecdecfa1b67dcdda4fd24826ef6e2148ad4 + +commit cfe243cd9fde148ed060637876e27bb55ac78be9 +Author: djm@openbsd.org +Date: Tue Jun 11 02:54:51 2024 +0000 + + upstream: reap preauth net child if it hangs up during privsep message + + send, not just message receive + + OpenBSD-Commit-ID: 02a093f4ab4f8f83f0cd1ea2bb35b9ca420448f0 + +commit b0a711c00b9c64afd1c9d6fb538275c6604a2676 +Author: djm@openbsd.org +Date: Tue Jun 11 01:58:27 2024 +0000 + + upstream: fix PIDFILE handling, broken for SUDO=doas in last commit + + here + + OpenBSD-Regress-ID: 96fec579af228f87a036e94801eb294af9074625 + +commit 90fb801e2d9241be50a2a7ff79428386442a041f +Author: djm@openbsd.org +Date: Tue Jun 11 02:00:30 2024 +0000 + + upstream: reap the pre-auth [net] child if it hangs up during privsep + + message sending, not just receiving + + OpenBSD-Commit-ID: f7341605bf08c4c15830910446e6775323f2f8cb + +commit ef878d58798f6688c7f4d4e417dc0c29023ea831 +Author: djm@openbsd.org +Date: Tue Jun 11 01:23:25 2024 +0000 + + upstream: a little more RB_TREE paranoia + + OpenBSD-Commit-ID: 8dc2fd21eebd8830c4a4d25461ac4fe228e11156 + +commit fc4e96b2174d6a894d2033421699d091679baced +Author: djm@openbsd.org +Date: Tue Jun 11 01:22:25 2024 +0000 + + upstream: fix off-by-one comparison for PerSourcePenalty + + OpenBSD-Commit-ID: af4f5d01c41ef870b23e55655bfbf73474a6c02b + +commit 82c836df4ff41145553cd7adb11c5b985aeaa06f +Author: djm@openbsd.org +Date: Tue Jun 11 01:21:41 2024 +0000 + + upstream: move tree init before possible early return + + OpenBSD-Commit-ID: 72e2c5b69f151c08a7c5bf5ad929b97a92c273df + +commit a2300f015cc4939c4d9c564b58b74e71202dc978 +Author: djm@openbsd.org +Date: Tue Jun 11 01:07:35 2024 +0000 + + upstream: update to mention that PerSourcePenalties default to + + being enabled and document the default values for each parameter. + + OpenBSD-Commit-ID: b981288bddfb097aad269f62df4081c688ce0034 + +commit 41987efd356d3fc30139aeab4b09374acf8f91a0 +Author: djm@openbsd.org +Date: Tue Jun 11 00:44:52 2024 +0000 + + upstream: reap the [net] child if it hangs up while writing privsep + + message payloads, not just the message header + + OpenBSD-Commit-ID: 24dbd400aa381ac96be7ed2dd49018487dfef6ce + +commit 6211aa085fa91155a24922e5329576ac9a8f3175 +Author: djm@openbsd.org +Date: Tue Jun 11 00:40:21 2024 +0000 + + upstream: log waitpid() status for abnormal exits + + OpenBSD-Commit-ID: b317930e06b51819c1a2bc6a4359764fecfb1c2d + +commit a59634c7adb9ae988748d99963dfafb3070d8d41 +Author: djm@openbsd.org +Date: Tue Jun 11 00:36:20 2024 +0000 + + upstream: correct error message + + OpenBSD-Commit-ID: 581f60f73099083392887206860229ab104620ed + +commit fa7d7a667f2ee031e72873e36de2d2a36bca973b +Author: deraadt@openbsd.org +Date: Fri Jun 7 13:23:30 2024 +0000 + + upstream: avoid shadowing issues which some compilers won't accept + + ok djm + + OpenBSD-Commit-ID: 1e89572397dda83433d58c4fa6333a08f51170d4 + +commit 3ad4cd9eeca5c9bc6706db44b6de88e2e4513fd6 +Author: jmc@openbsd.org +Date: Thu Jun 6 21:14:49 2024 +0000 + + upstream: escape the final dot at eol in "e.g." to avoid double + + spacing; + + OpenBSD-Commit-ID: 0a9fb10bc9f7d577afe2da3f498a08bc431115b9 + +commit 0e0c69761a4c33ccd4a256560f522784a753d1a8 +Author: djm@openbsd.org +Date: Thu Jun 6 20:25:48 2024 +0000 + + upstream: enable PerSourcePenalties by default. + + ok markus + + NB. if you run a sshd that accepts connections from behind large NAT + blocks, proxies or anything else that aggregates many possible users + behind few IP addresses, then this change may cause legitimate traffic + to be denied. + + Please read the PerSourcePenalties, PerSourcePenaltyExemptList and + PerSourceNetBlockSize options in sshd_config(5) for how to tune your + sshd(8) for your specific circumstances. + + OpenBSD-Commit-ID: 24a0e5c23d37e5a63e16d2c6da3920a51078f6ce + +commit bd1f74741daabeaf20939a85cd8cec08c76d0bec +Author: djm@openbsd.org +Date: Thu Jun 6 20:20:42 2024 +0000 + + upstream: mention that PerSourcePenalties don't affect concurrent + + in-progress connections. + + OpenBSD-Commit-ID: 20389da6264f2c97ac3463edfaa1182c212d420c + +commit 9774b938578327d88a651f4c63c504809717590a +Author: djm@openbsd.org +Date: Thu Jun 6 19:49:25 2024 +0000 + + upstream: regress test for PerSourcePenalties + + OpenBSD-Regress-ID: a1af13d411b25a727742644459d26480b9a1b0f1 + +commit b8ebd86cefe9812204a10c028dc90de29918667d +Author: djm@openbsd.org +Date: Thu Jun 6 19:48:40 2024 +0000 + + upstream: make sure logs are saved from sshd run via start_sshd + + OpenBSD-Regress-ID: de4ef0e32e3ab85ff3a6c36eb08d1909c0dd1b4a + +commit d7b2070bdaa4ebbfafb9975c1d5a62b73289d31f +Author: djm@openbsd.org +Date: Thu Jun 6 19:47:48 2024 +0000 + + upstream: simplify + + OpenBSD-Regress-ID: 50316e0d1ae0c0a057a45af042253e54ce23d11c + +commit e6ea3d224513b6bfb93818809d4c7397f5995ba2 +Author: djm@openbsd.org +Date: Thu Jun 6 18:48:13 2024 +0000 + + upstream: prepare for PerSourcePenalties being enabled by default + + in future + + OpenBSD-Regress-ID: 5236c6d1c823997aac5a35e2915da30f1903bec7 + +commit c0cb3b8c837761816a60a3cdb54062668df09652 +Author: djm@openbsd.org +Date: Thu Jun 6 19:50:01 2024 +0000 + + upstream: disable stderr redirection before closing fds + + OpenBSD-Commit-ID: d42cb895ee4542098050367fc35321c9303f003a + +commit 81c1099d22b81ebfd20a334ce986c4f753b0db29 +Author: djm@openbsd.org +Date: Thu Jun 6 17:15:25 2024 +0000 + + upstream: Add a facility to sshd(8) to penalise particular + + problematic client behaviours, controlled by two new sshd_config(5) options: + PerSourcePenalties and PerSourcePenaltyExemptList. + + When PerSourcePenalties are enabled, sshd(8) will monitor the exit + status of its child pre-auth session processes. Through the exit + status, it can observe situations where the session did not + authenticate as expected. These conditions include when the client + repeatedly attempted authentication unsucessfully (possibly indicating + an attack against one or more accounts, e.g. password guessing), or + when client behaviour caused sshd to crash (possibly indicating + attempts to exploit sshd). + + When such a condition is observed, sshd will record a penalty of some + duration (e.g. 30 seconds) against the client's address. If this time + is above a minimum threshold specified by the PerSourcePenalties, then + connections from the client address will be refused (along with any + others in the same PerSourceNetBlockSize CIDR range). + + Repeated offenses by the same client address will accrue greater + penalties, up to a configurable maximum. A PerSourcePenaltyExemptList + option allows certain address ranges to be exempt from all penalties. + + We hope these options will make it significantly more difficult for + attackers to find accounts with weak/guessable passwords or exploit + bugs in sshd(8) itself. + + PerSourcePenalties is off by default, but we expect to enable it + automatically in the near future. + + much feedback markus@ and others, ok markus@ + + OpenBSD-Commit-ID: 89ded70eccb2b4926ef0366a4d58a693de366cca + +commit 916b0b6174e203cf2c5ec9bcf409472eb7ffbf43 +Author: Damien Miller +Date: Fri Jun 7 03:31:02 2024 +1000 + + whitespace + +commit 49b55e44182b8294419aa580cbf043d5b9e3d953 +Author: deraadt@openbsd.org +Date: Tue Jun 4 15:14:45 2024 +0000 + + upstream: enable -fret-clean on amd64, for libc libcrypto ld.so + + kernel, and all the ssh tools. The dynamic objects are entirely ret-clean, + static binaries will contain a blend of cleaning and non-cleaning callers. + + OpenBSD-Commit-ID: 112aacedd3b61cc5c34b1fa6d9fb759214179172 + +commit cc80d51d034bcb24fd0f2564a4bdf1612000a2a2 +Author: Damien Miller +Date: Wed Jun 5 02:21:30 2024 +1000 + + remove PRIVSEP macros for osx + +commit 8785491123d4d722b310c20f383570be758f8263 +Author: djm@openbsd.org +Date: Sat Jun 1 07:03:37 2024 +0000 + + upstream: be really strict with fds reserved for communication with the + + separate sshd-session process - reserve them early and fatal if we can't + dup2(2) them later. The pre-split fallback to re-reading the configuration + files is not possible, so sshd-session absolutely requires the fd the + configuration is passed over to be in order. + + ok deraadt@ + + OpenBSD-Commit-ID: 308a98ef3c8a6665ebf92c7c9a0fc9600ccd7065 + +commit f1c8918cb98459910fb159373baea053ba4108c0 +Author: Damien Miller +Date: Fri May 31 19:12:26 2024 +1000 + + depend + +commit 94b4866cb1f4b0ed29a9f367047b30f81002316f +Author: Damien Miller +Date: Fri May 31 19:11:14 2024 +1000 + + rename need_privsep to need_chroot + + privsep is mandatory, chroot is optional (disabled when running + sshd as non-root) + +commit e68a95142e5024b144f8eeccd5ffdee42c34f44c +Author: Damien Miller +Date: Fri May 31 19:05:34 2024 +1000 + + remove remaining use_privsep mention + +commit b21d271f651d2536dca819cc6d74032fe98634db +Author: djm@openbsd.org +Date: Fri May 31 09:01:08 2024 +0000 + + upstream: warn when -r (deprecated option to disable re-exec) is + + passed + + OpenBSD-Commit-ID: 73145ef5150edbe3ce7889f0844ed8fa6155f551 + +commit a4b5bc246cbca476deeeb4462aa31746a56e3021 +Author: djm@openbsd.org +Date: Fri May 31 08:49:35 2024 +0000 + + upstream: typos + + OpenBSD-Commit-ID: edfa72eb06bfa65da30fabf7d2fe76d2d33f77bf + +commit 8054b906983ceaed01fabd8188d3dac24c05ba39 +Author: djm@openbsd.org +Date: Mon May 27 01:52:26 2024 +0000 + + upstream: don't need sys/queue.h here + + OpenBSD-Commit-ID: dd137396828171eb19e4911581812ca58de6c578 + +commit 210d4239733da6180ce853538aeb9413d5c62ad5 +Author: naddy@openbsd.org +Date: Sun May 26 20:35:12 2024 +0000 + + upstream: remove references to SSH1 and DSA server keys + + OpenBSD-Commit-ID: 57cc1c98d4f998981473734f144b904af7d178a2 + +commit f0b9261d7fdd0ef86806b49fe76344bd16770cd0 +Author: jsg@openbsd.org +Date: Thu May 23 23:47:16 2024 +0000 + + upstream: remove unused struct fwd_perm_list, no decl with complete + + type ok djm@ + + OpenBSD-Commit-ID: 416fb3970b7e73c76d2963c4f00cf96f2b2ee2fb + +commit 2477a98c3ef78e63b11a1393656e00288f52ae97 +Author: naddy@openbsd.org +Date: Wed May 22 15:24:55 2024 +0000 + + upstream: Do not pass -Werror twice when building with clang. + + OpenBSD-Commit-ID: 5f378c38ad8976d507786dc4db9283a879ec8cd0 + +commit 435844f5675245b4271f8581f15e6d1f34fde3bc +Author: miod@openbsd.org +Date: Wed May 22 11:49:36 2024 +0000 + + upstream: Do not pass -Werror if building with gcc 3, for asn1.h + + and bio.h cause (admittedly bogus) warnings with gcc 3. + + OpenBSD-Commit-ID: fb39324748824cb0387e9d67c41d1bef945c54ea + +commit fc5dc092830de23767c6ef67baa18310a64ee533 +Author: djm@openbsd.org +Date: Wed May 22 04:20:00 2024 +0000 + + upstream: this test has been broken since 2014, and has been + + testing the same key exchange algorithm repeatedly instead of testing all of + them. Spotted by nreilly AT blackberry.com in bz3692 + + Who broke the test? me. + + OpenBSD-Regress-ID: 48f4f5946276f975667141957d25441b3c9a50e2 + +commit fd4816791beaed2fdae7eea3e1494d1972b2a39d +Author: anton@openbsd.org +Date: Sun May 19 19:10:01 2024 +0000 + + upstream: Add missing kex-names.c source file required since the + + ssh split. + + OpenBSD-Regress-ID: ca666223f828fc4b069cb9016bff1eb50faf9fbb + +commit beccb7319c5449f6454889013403c336446d622e +Author: naddy@openbsd.org +Date: Fri May 17 14:42:00 2024 +0000 + + upstream: remove duplicate copy of relink kit for sshd-session + + OpenBSD-Commit-ID: 6d2ded4cd91d4d727c2b26e099b91ea935bed504 + +commit dcd79fa141311c287e0595ede684b7116122fae0 +Author: jsg@openbsd.org +Date: Fri May 17 06:42:04 2024 +0000 + + upstream: remove prototypes with no matching function; ok djm@ + + OpenBSD-Commit-ID: 6d9065dadea5f14a01bece0dbfe2fba1be31c693 + +commit 6454a05e7c6574d70adf17efe505a8581a86ca4f +Author: jsg@openbsd.org +Date: Fri May 17 06:38:00 2024 +0000 + + upstream: remove externs for removed vars; ok djm@ + + OpenBSD-Commit-ID: f51ea791d45c15d4927eb4ae7d877ccc1e5a2aab + +commit f3e4db4601ef7d2feb1d6f7447e432aaf353a616 +Author: deraadt@openbsd.org +Date: Fri May 17 06:11:17 2024 +0000 + + upstream: -Werror was turned on (probably just for development), + + and this is a simple way to satisfy older gcc. + + OpenBSD-Commit-ID: 7f698df54384b437ce33ab7405f0b86c87019e86 + +commit 24a1f3e5ad6f4a49377d4c74c36637e9a239efd0 +Author: Damien Miller +Date: Fri May 17 14:50:43 2024 +1000 + + attempt at updating RPM specs for sshd-session + +commit 17b566eeb7a0c6acc9c48b35c08885901186f861 +Author: djm@openbsd.org +Date: Fri May 17 04:42:13 2024 +0000 + + upstream: g/c unused variable + + OpenBSD-Commit-ID: aa6ef0778a1f1bde0d73efba72a777c48d2bd010 + +commit 01fb82eb2aa0a4eaf5c394ea8bb37ea4c26f8a3f +Author: jsg@openbsd.org +Date: Fri May 17 02:39:11 2024 +0000 + + upstream: spelling; ok djm@ + + OpenBSD-Commit-ID: bdea29bb3ed2a5a7782999c4c663b219d2270483 + +commit b88b690e99145a021fc1a1a116a11e0bce0594e7 +Author: djm@openbsd.org +Date: Fri May 17 01:45:22 2024 +0000 + + upstream: allow overriding the sshd-session binary path + + OpenBSD-Regress-ID: 5058cd1c4b6ca1a15474e33546142931d9f964da + +commit a68f80f2511f0e0c5cef737a8284cc2dfabad818 +Author: anton@openbsd.org +Date: Wed Apr 3 06:01:11 2024 +0000 + + upstream: Since ssh-agent(1) is only readable by root by now, use + + ssh(1) while generating data in tests. + + OpenBSD-Regress-ID: 24eb40de2e6b0ace185caaba35e2d470331ffe68 + +commit 92e55890314ce2b0be21a43ebcbc043b4abc232f +Author: djm@openbsd.org +Date: Fri May 17 01:17:40 2024 +0000 + + upstream: fix incorrect debug option name introduce in previous + + commit + + OpenBSD-Commit-ID: 66d69e22b1c072c694a7267c847f212284614ed3 + +commit 4ad72878af7b6ec28da6e230e36a91650ebe84c1 +Author: deraadt@openbsd.org +Date: Fri May 17 00:33:25 2024 +0000 + + upstream: construct and install a relink-kit for sshd-session ok + + djm + + OpenBSD-Commit-ID: 8b3820adb4da4e139c4b3cffbcc0bde9f08bf0c6 + +commit 02e679a2cb3f6df8e9dbb1519ed578226485157f +Author: Damien Miller +Date: Fri May 17 12:21:27 2024 +1000 + + Makefile support for sshd-session + +commit c0416035c5eaf70a8450d11c8833c5f7068ee7ad +Author: djm@openbsd.org +Date: Fri May 17 00:32:32 2024 +0000 + + upstream: missing files from previous + + OpenBSD-Commit-ID: 4b7be4434d8799f02365552b641a7a70a7ebeb2f + +commit 03e3de416ed7c34faeb692967737be4a7bbe2eb5 +Author: djm@openbsd.org +Date: Fri May 17 00:30:23 2024 +0000 + + upstream: Start the process of splitting sshd into separate + + binaries. This step splits sshd into a listener and a session binary. More + splits are planned. + + After this changes, the listener binary will validate the configuration, + load the hostkeys, listen on port 22 and manage MaxStartups only. All + session handling will be performed by a new sshd-session binary that the + listener fork+execs. + + This reduces the listener process to the minimum necessary and sets us + up for future work on the sshd-session binary. + + feedback/ok markus@ deraadt@ + + NB. if you're updating via source, please restart sshd after installing, + otherwise you run the risk of locking yourself out. + + OpenBSD-Commit-ID: 43c04a1ab96cdbdeb53d2df0125a6d42c5f19934 + +commit 1c0d81357921f8d3bab06841df649edac515ae5b +Author: djm@openbsd.org +Date: Thu May 9 09:46:47 2024 +0000 + + upstream: simplify exit message handling, which was more complicated + + than it needed to be because of unexpunged ssh1 remnants. ok markus@ + + OpenBSD-Commit-ID: 8b0cd2c0dee75fb053718f442aa89510b684610b + +commit cbbbf76aa6cd54fce32eacce1300e7abcf9461d4 +Author: tobias@openbsd.org +Date: Mon May 6 19:26:17 2024 +0000 + + upstream: remove SSH1 leftovers + + Authored with Space Meyer + + ok djm + + OpenBSD-Commit-ID: 81db602e4cb407baae472689db1c222ed7b2afa3 + +commit bc5dcb8ab9a4e8af54a724883732af378f42ea78 +Author: tobias@openbsd.org +Date: Tue Apr 30 15:40:43 2024 +0000 + + upstream: never close stdin + + The sanitise_stdfd call makes sure that standard file descriptors are + open (if they were closed, they are connected with /dev/null). + + Do not close stdin in any case to prevent error messages when stdin is + read multiple times and to prevent later usage of fd 0 for connections, + e.g. + + echo localhost | ssh-keyscan -f - -f - + + While at it, make stdin-related error messages nicer. + + Authored with Max Kunzelmann + + ok djm + + OpenBSD-Commit-ID: 48e9b7938e2fa2f9bd47e6de6df66a31e0b375d3 + +commit 6a42b70e56bef1aacdcdf06352396e837883e84f +Author: Damien Miller +Date: Wed May 8 09:43:59 2024 +1000 + + sync getrrsetbyname.c with recent upstream changes + +commit 385ecb31e147dfea59c1c488a1d2011d3867e60e +Author: djm@openbsd.org +Date: Tue Apr 30 06:23:51 2024 +0000 + + upstream: fix home-directory extension implementation, it always + + returned the current user's home directory contrary to the spec. + + Patch from Jakub Jelen via GHPR477 + + OpenBSD-Commit-ID: 5afd775eab7f9cbe222d7fbae4c793de6c3b3d28 + +commit 14e2b16bc67ffcc188906f65008667e22f73d103 +Author: djm@openbsd.org +Date: Tue Apr 30 06:16:55 2024 +0000 + + upstream: flush stdout after writing "sftp>" prompt when not using + + editline. + + From Alpine Linux via GHPR480 + + OpenBSD-Commit-ID: 80bdc7ffe0358dc090eb9b93e6dedb2b087b24cd + +commit 2e69a724051488e3fb3cd11531c4b5bc1764945b +Author: djm@openbsd.org +Date: Tue Apr 30 05:53:03 2024 +0000 + + upstream: stricter validation of messaging socket fd number; disallow + + usage of stderr. Based on GHPR492 by RealHurrison + + OpenBSD-Commit-ID: 73dbbe82ea16f73ce1d044d3232bc869ae2f2ce8 + +commit da757b022bf18c6f7d04e685a10cd96ed00f83da +Author: djm@openbsd.org +Date: Tue Apr 30 05:45:56 2024 +0000 + + upstream: add missing reserved fields to key constraint protocol + + documentation. + + from Wiktor Kwapisiewicz via GHPR487 + + OpenBSD-Commit-ID: 0dfb69998cfdb3fa00cbb0e7809e7d2f6126e3df + +commit 16d0b82fa08038f35f1b3630c70116979f49784f +Author: Damien Miller +Date: Tue Apr 30 12:39:34 2024 +1000 + + depend + +commit 66aaa678dbe59aa21d0d9d89a3596ecedde0254b +Author: djm@openbsd.org +Date: Tue Apr 30 02:14:10 2024 +0000 + + upstream: correctly restore sigprocmask around ppoll() reported + + by Tõivo Leedjärv; ok deraadt@ + + OpenBSD-Commit-ID: c0c0f89de5294a166578f071eade2501929c4686 + +commit 80fb0eb21551aed3aebb009ab20aeffeb01e44e0 +Author: djm@openbsd.org +Date: Tue Apr 30 02:10:49 2024 +0000 + + upstream: add explict check for server hostkey type against + + HostkeyAlgorithms. Allows HostkeyAlgorithms to disable implicit fallback from + certificate keys to plain keys. ok markus@ + + OpenBSD-Commit-ID: 364087e4a395ff9b2f42bf3aefdb2090bb23643a + +commit 5b28096d31ff7d80748fc845553a4aef5bb05d86 +Author: jsg@openbsd.org +Date: Tue Apr 23 13:34:50 2024 +0000 + + upstream: correct indentation; no functional change ok tb@ + + OpenBSD-Commit-ID: dd9702fd43de546bc6a3f4f025c74d6f3692a0d4 + +commit fd3cb8a82784e05f621dea5b56ac6f89bc53c067 +Author: semarie@openbsd.org +Date: Thu Apr 4 16:00:51 2024 +0000 + + upstream: set right mode on ssh-agent at boot-time + + which sthen@ + ok deraadt@ + + OpenBSD-Commit-ID: 662b5056a2c6171563e1626f9c69f27862b5e7af + +commit 54343a260e3aa4bceca1852dde31cd08e2abd82b +Author: deraadt@openbsd.org +Date: Tue Apr 2 12:22:38 2024 +0000 + + upstream: Oops, incorrect hex conversion spotted by claudio. + + While here try to improve how it reads a bit better. Surprising the + regression tests didn't spot this error, maybe it fails to roundtrip the + values. + + OpenBSD-Commit-ID: 866cfcc1955aef8f3fc32da0b70c353a1b859f2e + +commit ec78c31409590ad74efc194f886273ed080a545a +Author: deraadt@openbsd.org +Date: Tue Apr 2 10:02:08 2024 +0000 + + upstream: for parse_ipqos(), use strtonum() instead of mostly + + idiomatic strtoul(), but wow it's so gross. ok djm + + OpenBSD-Commit-ID: cec14a76af2eb7b225300c80fc0e21052be67b05 + +commit 8176e1a6c2e6da9361a7abb6fbf6c23c299f495b +Author: deraadt@openbsd.org +Date: Tue Apr 2 09:56:58 2024 +0000 + + upstream: can shortcut by returning strtonum() value directly; ok + + djm + + OpenBSD-Commit-ID: 7bb2dd3d6d1f288dac14247d1de446e3d7ba8b8e + +commit 9f543d7022a781f80bb696f9d73f1d1c6f9e31d6 +Author: deraadt@openbsd.org +Date: Tue Apr 2 09:52:14 2024 +0000 + + upstream: rewrite convtime() to use a isdigit-scanner and + + strtonum() instead of strange strtoul can might be fooled by garage + characters. passes regress/usr.bin/ssh/unittests/misc ok djm + + OpenBSD-Commit-ID: 4b1ef826bb16047aea3f3bdcb385b72ffd450abc + +commit 8673137f780d8d9e4cda3c4605cb5d88d5cea271 +Author: claudio@openbsd.org +Date: Tue Apr 2 09:48:24 2024 +0000 + + upstream: Remove unused ptr[3] char array in pkcs11_decode_hex. + + OK deraadt@ + + OpenBSD-Commit-ID: 3d14433e39fd558f662d3b0431c4c555ef920481 + +commit c7fec708f331f108343d69e4d74c9a5d86d6cfe7 +Author: deraadt@openbsd.org +Date: Tue Apr 2 09:32:28 2024 +0000 + + upstream: Replace non-idiomatic strtoul(, 16) to parse a region + + of 2-character hex sequences with a low-level replacement designed just for + the task. ok djm + + OpenBSD-Commit-ID: 67bab8b8a4329a19a0add5085eacd6f4cc215e85 + +commit 019a5f483b0f588da6270ec401d0b4bb35032f3f +Author: deraadt@openbsd.org +Date: Tue Apr 2 09:29:31 2024 +0000 + + upstream: Use strtonum() instead of severely non-idomatic + + strtoul() In particular this will now reject trailing garbage, ie. + '12garbage'. ok djm + + OpenBSD-Commit-ID: c82d95e3ccbfedfc91a8041c2f8bf0cf987d1501 + +commit 8231ca046fa39ea4eb99b79e0a6e09dec50ac952 +Author: deraadt@openbsd.org +Date: Mon Apr 1 15:50:17 2024 +0000 + + upstream: also create a relink kit for ssh-agent, since it is a + + long-running setgid program carrying keys with some (not very powerful) + communication channels. solution for testing the binary from dtucker. + agreement from djm. Will add it into /etc/rc in a few days. + + OpenBSD-Commit-ID: 2fe8d707ae35ba23c7916adcb818bb5b66837ba0 + +commit bf7bf50bd6a14e49c9c243cb8f4de31e555a5a2e +Author: deraadt@openbsd.org +Date: Mon Apr 1 15:48:16 2024 +0000 + + upstream: new-style relink kit for sshd. The old scheme created + + a Makefile by concatenating two Makefiles and was incredibly fragile. In the + new way a narrow-purposed install.sh script is created and shipped with the + objects. A recently commited /etc/rc script understands these files. + + OpenBSD-Commit-ID: ef9341d5a50f0d33e3a6fbe995e92964bc7ef2d3 + +commit 00e63688920905e326d8667cb47f17a156b6dc8f +Author: renmingshuai +Date: Fri Apr 12 10:20:49 2024 +0800 + + Shell syntax fix (leftover from a sync). + + Signed-off-by: renmingshuai + +commit 2eded551ba96e66bc3afbbcc883812c2eac02bd7 +Author: Darren Tucker +Date: Thu Apr 25 13:20:19 2024 +1000 + + Merge flags for OpenSSL 3.x versions. + + OpenSSL has moved to 3.4 which we don't currently accept. Based on + the OpenSSL versioning policy[0] it looks like all of the 3.x versions + should work with OpenSSH, so remove the distinction in configure and + accept all of them. + + [0] https://openssl.org/policies/general/versioning-policy.html + +commit 8673245918081c6d1dc7fb3733c8eb2c5a902c5e +Author: Darren Tucker +Date: Thu Apr 25 13:19:03 2024 +1000 + + Remove 9.6 branch from status page. + +commit 70d43049747fa3c66cf876d52271859407cec2fa +Author: Darren Tucker +Date: Thu Apr 25 13:16:58 2024 +1000 + + Update LibreSSL and OpenSSL versions tested. + + Update LibreSSL versions to current releases (3.8.4 & 3.9.1). + Add newly-released OpenSSL 3.3.0, and add tests against the 3.1 and + 3.3 branches. + +commit 88351eca17dcc55189991ba60e50819b6d4193c1 +Author: 90 +Date: Fri Apr 5 19:36:06 2024 +0100 + + Fix missing header for systemd notification + +commit 08f579231cd38a1c657aaa6ddeb8ab57a1fd4f5c +Author: Damien Miller +Date: Wed Apr 3 14:40:32 2024 +1100 + + notify systemd on listen and reload + + Standalone implementation that does not depend on libsystemd. + With assistance from Luca Boccassi, and feedback/testing from Colin + Watson. bz2641 + +commit 43e7c1c07cf6aae7f4394ca8ae91a3efc46514e2 +Author: Darren Tucker +Date: Sun Mar 31 21:51:57 2024 +1100 + + Port changes from selfhosted to upstream tests. + + Should get them working again. + +commit 281ea25a44bff53eefb4af7bab7aa670b1f8b6b2 +Author: Darren Tucker +Date: Sat Mar 30 18:20:16 2024 +1100 + + Check if OpenSSL implementation supports DSA. + + If --enable/disable-dsa-keys is not specified, set based on what OpenSSL + supports. If specified as enabled, but not supported by OpenSSL error + out. ok djm@ + +commit 2d2c068de8d696fe3246f390b146197f51ea1e83 +Author: djm@openbsd.org +Date: Sat Mar 30 05:56:22 2024 +0000 + + upstream: in OpenSSH private key format, correct type for subsequent + + private keys in blob. From Jakub Jelen via GHPR430 + + OpenBSD-Commit-ID: d17dbf47554de2d752061592f95b5d772baab50b + +commit c2c0bdd3e96b3ef66d77fccb85ff4962dc76caf0 +Author: Eero Häkkinen +Date: Sat Sep 16 00:55:08 2023 +0300 + + Expose SSH_AUTH_INFO_0 always to PAM auth modules. + + This changes SSH_AUTH_INFO_0 to be exposed to PAM auth modules also + when a password authentication method is in use and not only + when a keyboard-interactive authentication method is in use. + +commit 02c5ad23124ae801cf248d99ea5068fc4331ca01 +Author: Darren Tucker +Date: Wed Mar 27 17:42:58 2024 +1100 + + Rearrange selfhosted VM scheduling. + + Instead of trying to infer the type of the self hosted tests in each of + the driver scripts (inconsistently...), set one of the following + variables to "true" in the workflow: + + VM: tests run in a virtual machine. + EPHEMERAL: tests run on an ephemeral virtual machine. + PERSISTENT: tests run on a persistent virtual machine + REMOTE: tests run on a physical remote host. + + EPHEMERAL VMs can have multiple instances of any given VM can exist + simultaneously and are run by a runner pool. The other types have a + dedicated runner instance and can only run a single test at a time. + + Other settings: + SSHFS: We need to sshfs mount over the repo so the workflow can collect + build artifacts. This also implies the tests must be run over ssh. + DEBUG_ACTIONS: enable "set -x" in scripts for debugging. + +commit cd8a72707c02615365d0851ac51063ab6bfe258f +Author: Damien Miller +Date: Sat Mar 30 16:05:59 2024 +1100 + + add new token-based signing key for dtucker@ + + Verified in person and via signature with old key. + Will remove old key in a bit. + +commit 8d0e46c1ddb5b7f0992591b0dc5d8aaa77cc9dba +Author: Alkaid +Date: Tue Mar 12 03:59:12 2024 -0700 + + Fix OpenSSL ED25519 support detection + + Wrong function signature in configure.ac prevents openssh from enabling + the recently new support for ED25519 priv keys in PEM PKCS8 format. + +commit 697359be9c23ee43618243cdbcc9c7981e766752 +Author: djm@openbsd.org +Date: Sat Mar 30 04:27:44 2024 +0000 + + upstream: allow WAYLAND_DISPLAY to enable SSH_ASKPASS + + From dkg via GHPR479; ok dtucker@ + + OpenBSD-Commit-ID: 1ac1f9c45da44eabbae89375393c662349239257 + +commit 7844705b0364574cc70b941be72036c2c2966363 +Author: dtucker@openbsd.org +Date: Fri Mar 29 10:40:07 2024 +0000 + + upstream: Use egrep instead of grep -E. + + Some plaforms don't have the latter so this makes things easier + in -portable. + + OpenBSD-Regress-ID: ff82260eb0db1f11130200b25d820cf73753bbe3 + +commit 22b2b6c555334bffdf357a2e4aa74308b03b83c3 +Author: dtucker@openbsd.org +Date: Tue Mar 26 08:09:16 2024 +0000 + + upstream: test -h is the POSIXly way of testing for a symlink. Reduces + + diff vs Portable. + + OpenBSD-Regress-ID: 6f31cd6e231e3b8c5c2ca0307573ccb7484bff7d + +commit edcff77f82c2bb2b5653b36f1e47274c5ef3e8be +Author: Darren Tucker +Date: Tue Mar 26 18:58:58 2024 +1100 + + Fix name of OpenBSD upstream CI jobs. + +commit 861b084429940e024f1b6e9c2779eac95d7a45db +Author: Darren Tucker +Date: Tue Mar 26 18:55:33 2024 +1100 + + Resync with upstream: ${} around DATAFILE. + +commit 63f248c7693e7f0a3b9a13d2980ac9a7e37f2aea +Author: djm@openbsd.org +Date: Mon Mar 25 19:28:09 2024 +0000 + + upstream: optional debugging + + OpenBSD-Regress-ID: b4852bf97ac8fb2e3530f2d5f999edd66058d7bc + +commit 16e2ebe06a62f09d4877b769876d92d6008a896f +Author: dtucker@openbsd.org +Date: Mon Mar 25 06:05:42 2024 +0000 + + upstream: Verify string returned from local shell command. + + OpenBSD-Regress-ID: 5039bde24d33d809aebfa8d3ad7fe9053224e6f8 + +commit b326f7a1f39ff31324cc3fe2735178fb474c04a4 +Author: dtucker@openbsd.org +Date: Mon Mar 25 03:30:31 2024 +0000 + + upstream: Improve shell portability: grep -q is not portable so + + redirect stdout, and use printf instead of relying on echo to do \n + substitution. Reduces diff vs Portable. + + Also resync somewhat with upstream. + + OpenBSD-Regress-ID: 9ae876a8ec4c4725f1e9820a0667360ee2398337 + +commit dbf2e319f0c582613fa45a735ea3c242ce56946b +Author: dtucker@openbsd.org +Date: Mon Mar 25 02:07:08 2024 +0000 + + upstream: Save error code from SSH for use inside case statement, + + from portable. In some shells, "case" will reset the value of $?, so save it + first. + + OpenBSD-Regress-ID: da32e5be19299cb4f0f7de7f29c11257a62d6949 + +commit d2c8c4fa7def4fb057ed05b3db57b62c810a26f6 +Author: dtucker@openbsd.org +Date: Mon Mar 25 01:40:47 2024 +0000 + + upstream: Increase timeout. Resyncs with portable where some of + + the test VMs are slow enough for this to matter. + + OpenBSD-Regress-ID: 6a83a693602eb0312f06a4ad2cd6f40d99d24b26 + +commit 83621b63514a84791623db3efb59d38bc4bf9563 +Author: dtucker@openbsd.org +Date: Mon Mar 25 01:28:29 2024 +0000 + + upstream: In PuTTY interop test, don't assume the PuTTY major + + version is 0. Patch from cjwatson at debian.org via bz#3671. + + OpenBSD-Regress-ID: 835ed03c1b04ad46be82e674495521f11b840191 + +commit 8a421b927700f3834b4d985778e252b8e3299f83 +Author: Darren Tucker +Date: Tue Mar 26 18:38:14 2024 +1100 + + Really mkdir /usr/local/etc in CI tests. + +commit 2946ed522c47ce045314533d426b4e379f745e59 +Author: Darren Tucker +Date: Tue Mar 26 17:19:09 2024 +1100 + + Better short name for OpenBSD upstream CI jobs too. + +commit 18dbe8eff647aacb82d7e86b4ce63d5beee11f25 +Author: Darren Tucker +Date: Tue Mar 26 17:13:52 2024 +1100 + + Ensure /usr/local/etc exists before using in tests. + +commit 5fc1085128e3348bb1b5ee4d955cc767b019b3ad +Author: Darren Tucker +Date: Tue Mar 26 16:50:46 2024 +1100 + + Be more specific about when to rerun workflows. + +commit 5516923e8ae3da0823fea0d7d28aa813627142c0 +Author: Darren Tucker +Date: Tue Mar 26 16:35:27 2024 +1100 + + Add short names for test jobs on github CI. + +commit dc37d2d2470b4a9cedcee9ac926b7362214e3305 +Author: Darren Tucker +Date: Tue Mar 26 16:26:14 2024 +1100 + + If we're using xpg4's id, remember to pass args. + +commit fe169487937780392b23d3ff3c00e5898c10f784 +Author: dtucker@openbsd.org +Date: Tue Mar 26 01:23:11 2024 +0000 + + upstream: Import regenerated moduli. + + OpenBSD-Commit-ID: ad3d1486d105b008c93e952d158e5af4d9d4c531 + +commit 151146f03b490d19145cd421763aa7d42f5c50e2 +Author: job@openbsd.org +Date: Thu Mar 14 06:23:14 2024 +0000 + + upstream: Clarify how literal IPv6 addresses can be used in -J mode + + OK djm@ + + OpenBSD-Commit-ID: 524ddae97746b3563ad4a887dfd0a6e6ba114c50 + +commit 0d5bdc87a675271862b67eb6a9fb13a202fb4894 +Author: Darren Tucker +Date: Mon Mar 25 16:14:21 2024 +1100 + + Add Mac OS X 14 test targets. + +commit 2d7964a03e1f50a48040ec6912c0a956df909d21 +Author: Darren Tucker +Date: Mon Mar 25 14:05:40 2024 +1100 + + Move xpg4 'id' handling into test-exec.sh. + + Handle replacement of 'id' the same way as we do other Portable specific + replacements in test-exec.sh. This brings percent.sh back into sync + with upstream. + +commit 75d1d49ed10d978171cdafad28bdbffdbd48f41e +Author: Darren Tucker +Date: Mon Mar 25 10:38:03 2024 +1100 + + Update branches shown on ci-status to 9.7 and 9.6. + +commit f9193f03db0029fc9c31fbdb5c66a2737446bd8f +Author: Darren Tucker +Date: Mon Mar 25 09:28:02 2024 +1100 + + Improve detection of -fzero-call-used-regs=used. + + Should better detect problems with gcc 13 on m68k. bz#3673 from Colin + Watson via bz#3673 and https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110934 + + Signed-off-by: Darren Tucker + +commit 86bdd3853f4d32c85e295e6216a2fe0953ad93f0 +Author: Damien Miller +Date: Mon Mar 11 16:20:49 2024 +1100 + + version number in README + +commit 282721418e6465bc39ccfd39bb0133e670ee4423 +Author: Damien Miller +Date: Mon Mar 11 16:20:08 2024 +1100 + + crank RPM spec versions + +commit 3876a3bbd2ca84d23ba20f8b69ba83270c04ce3a +Author: djm@openbsd.org +Date: Mon Mar 11 04:59:47 2024 +0000 + + upstream: openssh-9.7 + + OpenBSD-Commit-ID: 618ececf58b8cdae016b149787af06240f7b0cbc + +commit 8fc109cc614954a8eb2738c48c0db36a62af9a06 +Author: Darren Tucker +Date: Mon Mar 11 12:59:26 2024 +1100 + + Test against current OpenSSL and LibreSSL releases. + + Add LibreSSL 3.9.0, bump older branches to their respective current + releases. + +commit 26b09b45fec7b88ba09042c09be4157e58e231e2 +Author: Damien Miller +Date: Sun Mar 10 16:24:57 2024 +1100 + + quote regexes used to test for algorithm support + + Fixes test failures on Solaris 8 reported by Tom G. Christensen + +commit a6a740a4948d10a622b505135bb485c10f21db5e +Author: djm@openbsd.org +Date: Sat Mar 9 05:12:13 2024 +0000 + + upstream: avoid logging in signal handler by converting mainloop to + + ppoll() bz3670, reported by Ben Hamilton; ok dtucker@ + + OpenBSD-Commit-ID: e58f18042b86425405ca09e6e9d7dfa1df9f5f7f + +commit cd82f7526e0481720567ae41db7849ab1c27e27b +Author: djm@openbsd.org +Date: Fri Mar 8 22:16:32 2024 +0000 + + upstream: skip more whitespace, fixes find-principals on + + allowed_signers files with blank lines; reported by Wiktor Kwapisiewicz + + OpenBSD-Commit-ID: b3a22a2afd753d70766f34bc7f309c03706b5298 + +commit 2f9d2af5cb19905d87f37d1e11c9f035ac5daf3b +Author: dtucker@openbsd.org +Date: Fri Mar 8 11:34:10 2024 +0000 + + upstream: Invoke ProxyCommand that uses stderr redirection via + + $TEST_SHELL. Fixes test when run by a user whose login shell is tcsh. + Found by vinschen at redhat.com. + + OpenBSD-Regress-ID: f68d79e7f00caa8d216ebe00ee5f0adbb944062a + +commit 9b3f0beb4007a7e01dfedabb429097fb593deae6 +Author: Darren Tucker +Date: Thu Mar 7 17:18:14 2024 +1100 + + Prefer openssl binary from --with-ssl-dir directory. + + Use openssl in the directory specified by --with-ssl-dir as long + as it's functional. Reported by The Doctor. + +commit c47e1c9c7911f38b2fc2fb01b1f6ae3a3121a838 +Author: djm@openbsd.org +Date: Wed Mar 6 02:59:59 2024 +0000 + + upstream: fix memory leak in mux proxy mode when requesting forwarding. + + found by RASU JSC, reported by Maks Mishin in GHPR#467 + + OpenBSD-Commit-ID: 97d96a166b1ad4b8d229864a553e3e56d3116860 + +commit 242742827fea4508e68097c128e802edc79addb5 +Author: djm@openbsd.org +Date: Wed Mar 6 00:31:04 2024 +0000 + + upstream: wrap a few PKCS#11-specific bits in ENABLE_PKCS11 + + OpenBSD-Commit-ID: 463e4a69eef3426a43a2b922c4e7b2011885d923 + +commit d52b6509210e2043f33e5a1de58dd4a0d5d48c2a +Author: Damien Miller +Date: Wed Mar 6 11:31:36 2024 +1100 + + disable RSA tests when algorithm is not supported + + Unbreaks "make test" when compiled --without-openssl. + + Similar treatment to how we do DSA and ECDSA. + +commit 668d270a6c77e8b5a1da26ecad2e6de9f62c8fe4 +Author: Damien Miller +Date: Wed Mar 6 10:33:20 2024 +1100 + + add a --without-retpoline configure option + + discussed with deraadt and dtucker a while ago + +commit 3deb501f86fc47e175ef6a3eaba9b9846a80d444 +Author: djm@openbsd.org +Date: Mon Mar 4 04:13:18 2024 +0000 + + upstream: fix leak of CanonicalizePermittedCNAMEs on error path; + + spotted by Coverity (CID 438039) + + OpenBSD-Commit-ID: 208839699939721f452a4418afc028a9f9d3d8af + +commit 65a44a8a4f7d902a64d4e60eda84384b2e2a24a2 +Author: djm@openbsd.org +Date: Mon Mar 4 02:16:11 2024 +0000 + + upstream: Separate parsing of string array options from applying them + + to the active configuration. This fixes the config parser from erroneously + rejecting cases like: + + AuthenticationMethods password + Match User ivy + AuthenticationMethods any + + bz3657 ok markus@ + + OpenBSD-Commit-ID: 7f196cba634c2a3dba115f3fac3c4635a2199491 + +commit 6886e1b1f55c90942e4e6deed930f8ac32e0f938 +Author: Darren Tucker +Date: Thu Feb 22 17:59:35 2024 +1100 + + Add nbsd10 test target. + +commit d86bf8a3f6ea4fa7887406c2aa9959db71fa41be +Author: Damien Miller +Date: Thu Feb 22 12:06:10 2024 +1100 + + more descriptive configure test name + +commit 9ee335aacc9f5bdc4cc2c19fafb45e27be7d234e +Author: djm@openbsd.org +Date: Wed Feb 21 06:17:29 2024 +0000 + + upstream: explain arguments of internal-sftp GHPR#454 from Niklas + + Hambüchen + MIME-Version: 1.0 + Content-Type: text/plain; charset=UTF-8 + Content-Transfer-Encoding: 8bit + + OpenBSD-Commit-ID: 0335d641ae6b5b6201b9ffd5dd06345ebbd0a3f3 + +commit d1164cb1001dd208fee88aaa9b43d5e6fd917274 +Author: djm@openbsd.org +Date: Wed Feb 21 06:06:43 2024 +0000 + + upstream: clarify permissions requirements for ChrootDirectory Part + + of GHPR#454 from Niklas Hambüchen + MIME-Version: 1.0 + Content-Type: text/plain; charset=UTF-8 + Content-Transfer-Encoding: 8bit + + OpenBSD-Commit-ID: d37bc8786317a11649c62ff5e2936441186ef7a0 + +commit d410e17d186552d0717f18217d0d049486754365 +Author: djm@openbsd.org +Date: Wed Feb 21 06:05:06 2024 +0000 + + upstream: .Cm for a keyword. Part of GHPR#454 from Niklas Hambüchen + + OpenBSD-Commit-ID: d59c52559f926fa82859035d79749fbb4a3ce18a + +commit ab73f9678ebf06b32d6361b88b50b42775e0565b +Author: djm@openbsd.org +Date: Wed Feb 21 06:01:13 2024 +0000 + + upstream: fix typo in match directive predicate (s/tagged/tag) GHPR#462 + + from Tobias Manske + + OpenBSD-Commit-ID: 05b23b772677d48aa82eefd7ebebd369ae758908 + +commit 9844aa2521ccfb1a2d73745680327b79e0574445 +Author: djm@openbsd.org +Date: Wed Feb 21 05:57:34 2024 +0000 + + upstream: fix proxy multiplexing mode, broken when keystroke timing + + obfuscation was added. GHPR#463 from montag451 + + OpenBSD-Commit-ID: 4e412d59b3f557d431f1d81c715a3bc0491cc677 + +commit ee6d932acb532f80b11bb7cf161668c70ec8a117 +Author: djm@openbsd.org +Date: Tue Feb 20 04:10:03 2024 +0000 + + upstream: don't append a gratuitous space to the end of subsystem + + arguments; bz3667 + + OpenBSD-Commit-ID: e11023aeb3f30b77a674e37b8292c862926d5dc6 + +commit e27f032aa8fcbae9b2e7c451baaf4b8ac6fa3d45 +Author: dtucker@openbsd.org +Date: Mon Feb 19 09:25:52 2024 +0000 + + upstream: Always define puttysetup function. + + OpenBSD-Regress-ID: b4c0ccfa4006a1bc5dfd99ccf21c854d3ce2aee0 + +commit 84046f9991abef5f46b040b10cf3d494f933a17b +Author: dtucker@openbsd.org +Date: Fri Feb 9 08:56:59 2024 +0000 + + upstream: Exapnd PuTTY test coverage. + + Expand the set of ciphers, MACs and KEX methods in the PuTTY interop + tests. + + OpenBSD-Regress-ID: dd28d97d48efe7329a396d0d505ee2907bf7fc57 + +commit bbf541ee2afe07b08a8b56fa0dc6f38fcfceef2a +Author: dtucker@openbsd.org +Date: Fri Feb 9 08:47:42 2024 +0000 + + upstream: Factor out PuTTY setup. + + Factor out PuTTY and call only when needed. + + This allows us to avoid PuTTY key setup when it's not needed, which + speeds up the overall test run by a couple of percent. + + OpenBSD-Regress-ID: c25eaccc3c91bc874400f7c85ce40e9032358c1c + +commit d31c21c57fb4245271680a1e5043cf6470a96766 +Author: naddy@openbsd.org +Date: Sat Feb 10 11:28:52 2024 +0000 + + upstream: clean sshd random relinking kit; ok miod@ + + OpenBSD-Commit-ID: 509bb19bb9762a4b3b589af98bac2e730541b6d4 + +commit 4dbc5a363ff53a2fcecf6bc3bcc038badc12f118 +Author: djm@openbsd.org +Date: Fri Feb 2 00:13:34 2024 +0000 + + upstream: whitespace + + OpenBSD-Commit-ID: b24680bc755b621ea801ff8edf6f0f02b68edae1 + +commit efde85dda2130272af24cc346f6c3cd326182ff1 +Author: Darren Tucker +Date: Mon Feb 19 17:29:31 2024 +1100 + + Improve error message for OpenSSL header check. + + bz#3668, ok djm@ + +commit cbbdf868bce431a59e2fa36ca244d5739429408d +Author: Darren Tucker +Date: Wed Feb 7 13:45:02 2024 +1100 + + Interop test against PuTTY snapshot and releases. + +commit 91898bf786b0f149f962c4c96c08a46f29888c10 +Author: Darren Tucker +Date: Tue Feb 6 16:21:05 2024 +1100 + + Put privsep dir on OS X on /usr/local. + + On some runners we can't create /var/empty, so put it some place we can + write. Should fix test breakage on Max OS X 11. + +commit be5ed8ebed8388c5056bfde4688308cc873c18b9 +Author: Darren Tucker +Date: Tue Feb 6 11:19:42 2024 +1100 + + Add --disable-fd-passing option. + + .. and enable for the minix3 test VM. This will cause it to more reliably + skip tests that need FD passing and should fix the current test breakage. + +commit 0f6a8a0d0a518fd78c4cbebfdac990a57a1c4e41 +Author: Darren Tucker +Date: Tue Feb 6 11:18:44 2024 +1100 + + Use "skip" function instead doing it ourselves. + +commit 3ad669f81aabbd2ba9fbd472903f680f598e1e99 +Author: Damien Miller +Date: Thu Feb 1 14:01:18 2024 +1100 + + ignore some vim droppings + +commit c283f29d23611a06bbee06bcf458f2fffad721d9 +Author: djm@openbsd.org +Date: Thu Feb 1 02:37:33 2024 +0000 + + upstream: whitespace + + OpenBSD-Commit-ID: bf9e4a1049562ee4322684fbdce07142f04fdbb7 + +commit 0d96b1506b2f4757fefa5d1f884d49e96a6fd4c3 +Author: Damien Miller +Date: Tue Jan 16 14:40:18 2024 +1100 + + skip tests that use multiplexing on Windows + + Some tests here use multiplexing, skip these if DISABLE_FD_PASSING + is set. Should unbreak tests on Windows. + +commit 50080fa42f5f744b798ee29400c0710f1b59f50e +Author: djm@openbsd.org +Date: Thu Jan 11 04:50:28 2024 +0000 + + upstream: don't disable RSA test when DSA is disabled; bug introduced + + in last commit + + OpenBSD-Regress-ID: 8780a7250bf742b33010e9336359a1c516f2d7b5 + +commit 415c94ce17288e0cdcb9e58cc91fba78d33c8457 +Author: djm@openbsd.org +Date: Thu Jan 11 01:45:58 2024 +0000 + + upstream: make DSA testing optional, defaulting to on + + ok markus + + OpenBSD-Regress-ID: dfc27b5574e3f19dc4043395594cea5f90b8572a + +commit f9311e8921d92c5efca767227a497ab63280ac39 +Author: djm@openbsd.org +Date: Thu Jan 11 01:51:16 2024 +0000 + + upstream: ensure key_fd is filled when DSA is disabled; spotted by + + tb@ + + OpenBSD-Commit-ID: 9dd417b6eec3cf67e870f147464a8d93f076dce7 + +commit 4e838120a759d187b036036610402cbda33f3203 +Author: djm@openbsd.org +Date: Thu Jan 11 01:45:36 2024 +0000 + + upstream: make DSA key support compile-time optional, defaulting to + + on + + ok markus@ + + OpenBSD-Commit-ID: 4f8e98fc1fd6de399d0921d5b31b3127a03f581d + +commit afcc9028bfc411bc26d20bba803b83f90cb84e26 +Author: jmc@openbsd.org +Date: Wed Jan 10 06:33:13 2024 +0000 + + upstream: fix incorrect capitalisation; + + OpenBSD-Commit-ID: cb07eb06e15fa2334660ac73e98f29b6a1931984 + +commit 9707c8170c0c1baeb1e06e5a53f604498193885f +Author: djm@openbsd.org +Date: Tue Jan 9 22:19:36 2024 +0000 + + upstream: extend ChannelTimeout regression test to exercise multiplexed + + connections and the new "global" timeout type. ok dtucker@ + + OpenBSD-Regress-ID: f10d19f697024e9941acad7c2057f73d6eacb8a2 + +commit b31b12d28de96e1d43581d32f34da8db27e11c03 +Author: djm@openbsd.org +Date: Tue Jan 9 22:19:00 2024 +0000 + + upstream: add a "global" ChannelTimeout type to ssh(1) and sshd(8) + + that watches all open channels and will close all open channels if there is + no traffic on any of them for the specified interval. This is in addition to + the existing per-channel timeouts added a few releases ago. + + This supports use-cases like having a session + x11 forwarding channel + open where one may be idle for an extended period but the other is + actively used. The global timeout would allow closing both channels when + both have been idle for too long. + + ok dtucker@ + + OpenBSD-Commit-ID: 0054157d24d2eaa5dc1a9a9859afefc13d1d7eb3 + +commit 602f4beeeda5bb0eca181f8753d923a2997d0a51 +Author: djm@openbsd.org +Date: Tue Jan 9 21:39:14 2024 +0000 + + upstream: adapt ssh_api.c code for kex-strict + + from markus@ ok me + + OpenBSD-Commit-ID: 4d9f256852af2a5b882b12cae9447f8f00f933ac + +commit 42ba34aba8708cf96583ff52975d95a8b47d990d +Author: Damien Miller +Date: Mon Jan 8 16:26:37 2024 +1100 + + nite that recent OSX tun/tap is unsupported + +commit 690bc125f9a3b20e47745fa8f5b5e1fd5820247f +Author: Sevan Janiyan +Date: Wed Dec 27 04:57:49 2023 +0000 + + README.platform: update tuntap url + +commit 6b8be2ccd7dd091808f86af52066b0c2ec30483a +Author: Rose <83477269+AtariDreams@users.noreply.github.com> +Date: Tue Dec 19 11:48:20 2023 -0500 + + Fix compilation error in ssh-pcks11-client.c + + Compilation fails becaus of an undefined reference to helper_by_ec, + because we forgot the preprocessor conditional that excludes that function + from being called in unsupported configurations. + +commit 219c8134157744886ee6ac5b8c1650abcd981f4c +Author: djm@openbsd.org +Date: Mon Jan 8 05:11:18 2024 +0000 + + upstream: Remove outdated note from PROTOCOL.mux + + Port forward close by control master is already implemented + by `mux_master_process_close_fwd` in `mux.c` + + GHPR442 from bigb4ng + + OpenBSD-Commit-ID: ad0734fe5916d2dc7dd02b588906cea4df0482fb + +commit 4c3cf362631ccc4ffd422e572f075d5d594feace +Author: djm@openbsd.org +Date: Mon Jan 8 05:05:15 2024 +0000 + + upstream: fix missing field in users-groups-by-id@openssh.com reply + + documentation + + GHPR441 from TJ Saunders + + OpenBSD-Commit-ID: ff5733ff6ef4cd24e0758ebeed557aa91184c674 + +commit f64cede2a3c298b50a2659a8b53eb3ab2c0b8d23 +Author: djm@openbsd.org +Date: Mon Jan 8 04:10:03 2024 +0000 + + upstream: make kex-strict section more explicit about its intent: + + banning all messages not strictly required in KEX + + OpenBSD-Commit-ID: fc33a2d7f3b7013a7fb7500bdbaa8254ebc88116 + +commit 698fe6fd61cbcb8e3e0e874a561d4335a49fbde5 +Author: Damien Miller +Date: Mon Jan 8 14:46:19 2024 +1100 + + update fuzzer example makefile to clang16 + +commit fc332cb2d602c60983a8ec9f89412754ace06425 +Author: Damien Miller +Date: Mon Jan 8 14:45:49 2024 +1100 + + unbreak fuzzers - missing pkcs11_make_cert() + + provide stub for use in fuzzer harness + +commit 9ea0a4524ae3276546248a926b6641b2fbc8421b +Author: Damien Miller +Date: Mon Jan 8 14:45:14 2024 +1100 + + unbreak fuzzers for clang16 + + getopt() needs a throw() attribute to compile, so supply one when compiling + things with C++ + +commit a72833d00788ef91100c643536ac08ada46440e1 +Author: djm@openbsd.org +Date: Mon Jan 8 00:34:33 2024 +0000 + + upstream: remove ext-info-* in the kex.c code, not in callers; + + with/ok markus@ + + OpenBSD-Commit-ID: c06fe2d3a0605c517ff7d65e38ec7b2d1b0b2799 + +commit 86f9e96d9bcfd1f5cd4bf8fb57a9b4c242df67df +Author: djm@openbsd.org +Date: Mon Jan 8 00:30:39 2024 +0000 + + upstream: fix typo; spotted by Albert Chin + + OpenBSD-Commit-ID: 77140b520a43375b886e535eb8bd842a268f9368 + +commit f0cbd26ec91bd49719fb3eea7ca44d2380318b9a +Author: dtucker@openbsd.org +Date: Thu Jan 4 09:51:49 2024 +0000 + + upstream: Import regenerated moduli. + + OpenBSD-Commit-ID: 5a636f6ca7f25bfe775df4952f7aac90a7fcbbee + +commit 64ddf776531ca4933832beecc8b7ebe1b937e081 +Author: jsg@openbsd.org +Date: Wed Dec 20 00:06:25 2023 +0000 + + upstream: spelling; ok markus@ + + OpenBSD-Commit-ID: 9d01f2e9d59a999d5d42fc3b3efcf8dfb892e31b + +commit 503fbe9ea238a4637e8778208bde8c09bcf78475 +Author: jmc@openbsd.org +Date: Tue Dec 19 06:57:34 2023 +0000 + + upstream: sort -C, and add to usage(); ok djm + + OpenBSD-Commit-ID: 80141b2a5d60c8593e3c65ca3c53c431262c812f + +commit 5413b1c7ff5a19c6a7d44bd98c5a83eb47819ba6 +Author: djm@openbsd.org +Date: Tue Dec 19 06:41:14 2023 +0000 + + upstream: correct section numbers; from Ed Maste + + OpenBSD-Commit-ID: e289576ee5651528404cb2fb68945556052cf83f + +commit 430ef864645cff83a4022f5b050174c840e275da +Author: djm@openbsd.org +Date: Mon Dec 18 15:58:56 2023 +0000 + + upstream: match flag type (s/int/u_int) + + OpenBSD-Commit-ID: 9422289747c35ccb7b31d0e1888ccd5e74ad566a + +commit 1036d77b34a5fa15e56f516b81b9928006848cbd +Author: Damien Miller +Date: Fri Dec 22 17:56:26 2023 +1100 + + better detection of broken -fzero-call-used-regs + + gcc 13.2.0 on ppc64le refuses to compile some function, including + cipher.c:compression_alg_list() with an error: + + > sorry, unimplemented: argument ‘used’ is not supportedcw + > for ‘-fzero-call-used-regs’ on this target + + This extends the autoconf will-it-work test with a similarly- + structured function that seems to catch this. + + Spotted/tested by Colin Watson; bz3645 + +commit 8241b9c0529228b4b86d88b1a6076fb9f97e4a99 +Author: Damien Miller +Date: Tue Dec 19 01:59:50 2023 +1100 + + crank versions + +commit 2f2c65cb5f1518a9c556d3e8efa27ea0ca305c6b +Author: Damien Miller +Date: Tue Dec 19 01:59:06 2023 +1100 + + depend + +commit e48cdee8e19059203b1aeeabec2350b8375fa61f +Author: djm@openbsd.org +Date: Mon Dec 18 14:50:08 2023 +0000 + + upstream: regress test for agent PKCS#11-backed certificates + + OpenBSD-Regress-ID: 38f681777cb944a8cc3bf9d0ad62959a16764df9 + +commit 2f512f862df1d5f456f82a0334c9e8cc7208a2a1 +Author: djm@openbsd.org +Date: Mon Dec 18 14:49:39 2023 +0000 + + upstream: regress test for constrained PKCS#11 keys + + OpenBSD-Regress-ID: b2f26ae95d609d12257b43aef7cd7714c82618ff + +commit cdddd66412ca5920ed4d3ebbfa6ace12dbd9b82f +Author: djm@openbsd.org +Date: Mon Dec 18 14:48:44 2023 +0000 + + upstream: openssh-9.6 + + OpenBSD-Commit-ID: 21759837cf0e0092d9a2079f8fb562071c11016b + +commit 6d51feab157cedf1e7ef5b3f8781ca8ff9c4ab1b +Author: djm@openbsd.org +Date: Mon Dec 18 14:48:08 2023 +0000 + + upstream: ssh-agent: record failed session-bind attempts + + Record failed attempts to session-bind a connection and refuse signing + operations on that connection henceforth. + + Prevents a future situation where we add a new hostkey type that is not + recognised by an older ssh-agent, that consequently causes session-bind + to fail (this situation is only likely to arise when people mix ssh(1) + and ssh-agent(1) of different versions on the same host). Previously, + after such a failure the agent socket would be considered unbound and + not subject to restriction. + + Spotted by Jann Horn + + OpenBSD-Commit-ID: b0fdd023e920aa4831413f640de4c5307b53552e + +commit 7ef3787c84b6b524501211b11a26c742f829af1a +Author: djm@openbsd.org +Date: Mon Dec 18 14:47:44 2023 +0000 + + upstream: ban user/hostnames with most shell metacharacters + + This makes ssh(1) refuse user or host names provided on the + commandline that contain most shell metacharacters. + + Some programs that invoke ssh(1) using untrusted data do not filter + metacharacters in arguments they supply. This could create + interactions with user-specified ProxyCommand and other directives + that allow shell injection attacks to occur. + + It's a mistake to invoke ssh(1) with arbitrary untrusted arguments, + but getting this stuff right can be tricky, so this should prevent + most obvious ways of creating risky situations. It however is not + and cannot be perfect: ssh(1) has no practical way of interpreting + what shell quoting rules are in use and how they interact with the + user's specified ProxyCommand. + + To allow configurations that use strange user or hostnames to + continue to work, this strictness is applied only to names coming + from the commandline. Names specified using User or Hostname + directives in ssh_config(5) are not affected. + + feedback/ok millert@ markus@ dtucker@ deraadt@ + + OpenBSD-Commit-ID: 3b487348b5964f3e77b6b4d3da4c3b439e94b2d9 + +commit 0cb50eefdd29f0fec31d0e71cc4b004a5f704e67 +Author: djm@openbsd.org +Date: Mon Dec 18 14:47:20 2023 +0000 + + upstream: stricter handling of channel window limits + + This makes ssh/sshd more strict in handling non-compliant peers that + send more data than the advertised channel window allows. Previously + the additional data would be silently discarded. This change will + cause ssh/sshd to terminate the connection if the channel window is + exceeded by more than a small grace allowance. + + ok markus@ + + OpenBSD-Commit-ID: 811e21b41831eba3dd7f67b3d409a438f20d3037 + +commit 4448a2938abc76e6bd33ba09b2ec17a216dfb491 +Author: djm@openbsd.org +Date: Mon Dec 18 14:46:56 2023 +0000 + + upstream: Make it possible to load certs from PKCS#11 tokens + + Adds a protocol extension to allow grafting certificates supplied by + ssh-add to keys loaded from PKCS#11 tokens in the agent. + + feedback/ok markus@ + + OpenBSD-Commit-ID: bb5433cd28ede2bc910996eb3c0b53e20f86037f + +commit 881d9c6af9da4257c69c327c4e2f1508b2fa754b +Author: djm@openbsd.org +Date: Mon Dec 18 14:46:12 2023 +0000 + + upstream: apply destination constraints to all p11 keys + + Previously applied only to the first key returned from each token. + + ok markus@ + + OpenBSD-Commit-ID: 36df3afb8eb94eec6b2541f063d0d164ef8b488d + +commit a7ed931caeb68947d30af8a795f4108b6efad761 +Author: djm@openbsd.org +Date: Mon Dec 18 14:45:49 2023 +0000 + + upstream: add "ext-info-in-auth@openssh.com" extension + + This adds another transport protocol extension to allow a sshd to send + SSH2_MSG_EXT_INFO during user authentication, after the server has + learned the username that is being logged in to. + + This lets sshd to update the acceptable signature algoritms for public + key authentication, and allows these to be varied via sshd_config(5) + "Match" directives, which are evaluated after the server learns the + username being authenticated. + + Full details in the PROTOCOL file + + OpenBSD-Commit-ID: 1de7da7f2b6c32a46043d75fcd49b0cbb7db7779 + +commit 1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5 +Author: djm@openbsd.org +Date: Mon Dec 18 14:45:17 2023 +0000 + + upstream: implement "strict key exchange" in ssh and sshd + + This adds a protocol extension to improve the integrity of the SSH + transport protocol, particular in and around the initial key exchange + (KEX) phase. + + Full details of the extension are in the PROTOCOL file. + + with markus@ + + OpenBSD-Commit-ID: 2a66ac962f0a630d7945fee54004ed9e9c439f14 + +commit 59d691b886c79e70b1d1c4ab744e81fd176222fd +Author: Damien Miller +Date: Mon Dec 18 14:49:11 2023 +1100 + + better detection of broken -fzero-call-used-regs + + Use OSSH_CHECK_CFLAG_LINK() for detection of these flags and extend + test program to exercise varargs, which seems to catch more stuff. + + ok dtucker@ + +commit aa7b21708511a6d4aed3839fc9f6e82e849dd4a1 +Author: djm@openbsd.org +Date: Wed Dec 13 03:28:19 2023 +0000 + + upstream: when invoking KnownHostsCommand to determine the order of + + host key algorithms to request, ensure that the hostname passed to the + command is decorated with the port number for ports other than 22. + + This matches the behaviour of KnownHostsCommand when invoked to look + up the actual host key. + + bz3643, ok dtucker@ + + OpenBSD-Commit-ID: 5cfabc0b7c6c7ab473666df314f377b1f15420b1 + +commit 4086bd6652c0badccc020218a62190a7798fb72c +Author: markus@openbsd.org +Date: Fri Dec 8 09:18:39 2023 +0000 + + upstream: prevent leak in sshsig_match_principals; ok djm@ + + OpenBSD-Commit-ID: 594f61ad4819ff5c72dfe99ba666a17f0e1030ae + +commit 19d3ee2f3adf7d9a606ff015c1e153744702c4c9 +Author: djm@openbsd.org +Date: Wed Dec 6 21:06:48 2023 +0000 + + upstream: short circuit debug log processing early if we're not going + + to log anything. From Kobe Housen + + OpenBSD-Commit-ID: 2bcddd695872a1bef137cfff7823044dcded90ea + +commit 947affad4831df015c498c00c6351ea6f13895d5 +Author: Darren Tucker +Date: Mon Nov 27 09:37:28 2023 +1100 + + Add tests for OpenSSL 3.2.0 and 3.2 stable branch. + +commit 747dce36206675ca6b885010a835733df469351b +Author: Darren Tucker +Date: Sat Nov 25 09:03:38 2023 +1100 + + Use non-zero arg in compiler test program. + + Now that we're running the test program, passing zero to the test function + can cause divide-by-zero exceptions which might show up in logs. + +commit 3d44a5c56585d1c351dbc006240a591b6da502b1 +Author: dtucker@openbsd.org +Date: Fri Nov 24 00:31:30 2023 +0000 + + upstream: Plug mem leak of msg when processing a quit message. + + Coverity CID#427852, ok djm@ + + OpenBSD-Commit-ID: bf85362addbe2134c3d8c4b80f16601fbff823b7 + +commit 1d7f9b6e297877bd00973e6dc5c0642dbefc3b5f +Author: dtucker@openbsd.org +Date: Thu Nov 23 03:37:05 2023 +0000 + + upstream: Include existing mux path in debug message. + + OpenBSD-Commit-ID: 1c3641be10c2f4fbad2a1b088a441d072e18bf16 + +commit f29934066bd0e561a2e516b7e584fb92d2eedee0 +Author: Darren Tucker +Date: Thu Nov 23 19:41:27 2023 +1100 + + Add an Ubuntu 22.04 test VM. + + This is the same version as Github's runners so most of the testing on + it is over there, but having a local VM makes debugging much easier. + +commit a93284a780cd3972afe5f89086b75d564ba157f3 +Author: Darren Tucker +Date: Thu Nov 23 19:36:22 2023 +1100 + + Add gcc-12 -Werror test on Ubuntu 22.04. + + Explictly specify gcc-11 on Ubuntu 22.04 (it's the system compiler). + +commit 670f5a647e98b6fd95ad64f789f87ee3274b481b +Author: Darren Tucker +Date: Thu Nov 23 19:34:57 2023 +1100 + + Check return value from write to prevent warning. + + ... and since we're testing for flags with -Werror, this caused + configure to mis-detect compiler flags. + +commit cea007d691cfedfa07a5b8599f97ce0511f53fc9 +Author: Darren Tucker +Date: Wed Nov 22 21:18:55 2023 +1100 + + Run compiler test program when compiling natively. + + ok djm@ + +commit ee0d305828f13536c0a416bbf9c3e81039d9ea55 +Author: Darren Tucker +Date: Wed Nov 22 21:18:07 2023 +1100 + + Factor out compiler test program into a macro. + + ok djm@ + +commit de304c76316b029df460673725a9104224b9959b +Author: Darren Tucker +Date: Wed Nov 22 08:55:36 2023 +1100 + + Add fbsd14 VM to test pool. + +commit 99a2df5e1994cdcb44ba2187b5f34d0e9190be91 +Author: Darren Tucker +Date: Tue Nov 21 16:19:29 2023 +1100 + + Expand -fzero-call-used-regs test to cover gcc 11. + + It turns out that gcc also has some problems with -fzero-call-used-regs, + at least v11 on mips. Previously the test in OSSH_CHECK_CFLAG_COMPILE + was sufficient to catch it with "=all", but not sufficient for "=used". + Expand the testcase and include it in the other tests for good measure. + See bz#3629. ok djm@. + +commit ff220d4010717f7bfbbc02a2400666fb9d24f250 +Author: Darren Tucker +Date: Tue Nov 21 14:04:34 2023 +1100 + + Stop using -fzero-call-used-regs=all + + ... since it seems to be problematic with several different versions of + clang. Only use -fzero-call-used-regs=used which is less + problematic, except with Apple's clang where we don't use it at all. + bz#3629, ok djm@ + +commit 2a19e02f36b16f0f6cc915f7d1e60ead5e36303b +Author: Darren Tucker +Date: Tue Nov 21 14:02:18 2023 +1100 + + Allow for vendor prefix on clang version numbers. + + Correctly detects the version of OpenBSD's native clang, as well as + Apple's. Spotted tb@, ok djm@. + +commit c52db0114826d73eff6cdbf205e9c1fa4f7ca6c6 +Author: djm@openbsd.org +Date: Mon Nov 20 02:50:00 2023 +0000 + + upstream: set errno=EAFNOSUPPORT when filtering addresses that don't + + match AddressFamily; yields slightly better error message if no address + matches. bz#3526 + + OpenBSD-Commit-ID: 29cea900ddd8b04a4d1968da5c4a893be2ebd9e6 + +commit 26f3f3bbc69196d908cad6558c8c7dc5beb8d74a +Author: djm@openbsd.org +Date: Wed Nov 15 23:03:38 2023 +0000 + + upstream: when connecting via socket (the default case), filter + + addresses by AddressFamily if one was specified. Fixes the case where, if + CanonicalizeHostname is enabled, ssh may ignore AddressFamily. bz5326; ok + dtucker + + OpenBSD-Commit-ID: 6c7d7751f6cd055126b2b268a7b64dcafa447439 + +commit 050c335c8da43741ed0df2570ebfbd5d1dfd0a31 +Author: djm@openbsd.org +Date: Wed Nov 15 22:51:49 2023 +0000 + + upstream: when deciding whether to enable keystroke timing + + obfuscation, only consider enabling it when a channel with a tty is open. + + Avoids turning on the obfucation when X11 forwarding only is in use, + which slows it right down. Reported by Roger Marsh + + OpenBSD-Commit-ID: c292f738db410f729190f92de100c39ec931a4f1 + +commit 676377ce67807a24e08a54cd60ec832946cc6cae +Author: tobhe@openbsd.org +Date: Mon Nov 13 09:18:19 2023 +0000 + + upstream: Make sure sftp_get_limits() only returns 0 if 'limits' + + was initialized. This fixes a potential uninitialized use of 'limits' in + sftp_init() if sftp_get_limits() returned early because of an unexpected + message type. + + ok djm@ + + OpenBSD-Commit-ID: 1c177d7c3becc1d71bc8763eecf61873a1d3884c + +commit 64e0600f23c6dec36c3875392ac95b8a9100c2d6 +Author: Darren Tucker +Date: Mon Nov 13 20:03:31 2023 +1100 + + Test current releases of LibreSSL and OpenSSL. + + Retire some of the older releases. + +commit c8ed7cc545879ac15f6ce428be4b29c35598bb2a +Author: dtucker@openbsd.org +Date: Wed Nov 1 02:08:38 2023 +0000 + + upstream: Specify ssh binary to use + + ... instead of relying on installed one. Fixes test failures in -portable + when running tests prior to installation. + + OpenBSD-Regress-ID: b6d6ba71c23209c616efc805a60d9a445d53a685 + +commit e9fc2c48121cada1b4dcc5dadea5d447fe0093c3 +Author: Darren Tucker +Date: Wed Nov 1 13:11:31 2023 +1100 + + Put long-running test targets on hipri runners. + + Some of the selfhosted test targets take a long time to run for various + reasons, so label them for "libvirt-hipri" runners so that they can + start immediately. This should reduce the time to complete all tests. + +commit 7ddf27668f0e21233f08c0ab2fe9ee3fdd6ab1e2 +Author: djm@openbsd.org +Date: Wed Nov 1 00:29:46 2023 +0000 + + upstream: add some tests of forced commands overriding Subsystem + + directives + + OpenBSD-Regress-ID: eb48610282f6371672bdf2a8b5d2aa33cfbd322b + +commit fb06f9b5a065dfbbef5916fc4accc03c0bf026dd +Author: dtucker@openbsd.org +Date: Tue Oct 31 04:15:40 2023 +0000 + + upstream: Don't try to use sudo inside sshd log wrapper. + + We still need to check if we're using sudo since we don't want to chown + unecessarily, as on some platforms this causes an error which pollutes + stderr. We also don't want to unnecessarily invoke sudo, since it's + running in the context of the proxycommand, on *other* platforms it + may not be able to authenticate, and if we're using SUDO then it should + already be privileged. + + OpenBSD-Regress-ID: 70d58df7503db699de579a9479300e5f3735f4ee + +commit fc3cc33e88c242c704781c6c48087838f1dcfa2a +Author: dtucker@openbsd.org +Date: Tue Oct 31 02:58:45 2023 +0000 + + upstream: Only try to chmod logfile if we have sudo. If we don't have + + sudo then we won't need to chmod. + + OpenBSD-Regress-ID: dbad2f5ece839658ef8af3376cb1fb1cabe2e324 + +commit 3a506598fddd3f18f9095af3fe917f24cbdd32e0 +Author: djm@openbsd.org +Date: Mon Oct 30 23:00:25 2023 +0000 + + upstream: move PKCS#11 setup code to test-exec.sh so it can be reused + + elsewhere + + OpenBSD-Regress-ID: 1d29e6be40f994419795d9e660a8d07f538f0acb + +commit f82fa227a52661c37404a6d33bbabf14fed05db0 +Author: djm@openbsd.org +Date: Mon Oct 30 17:32:00 2023 +0000 + + upstream: tidy and refactor PKCS#11 setup code + + Replace the use of a perl script to delete the controlling TTY with a + SSH_ASKPASS script to directly load the PIN. + + Move PKCS#11 setup code to functions in anticipation of it being used + elsewhere in additional tests. + + Reduce stdout spam + + OpenBSD-Regress-ID: 07705c31de30bab9601a95daf1ee6bef821dd262 + +commit 3cf698c6d4ffa9be1da55672a3519e2135a6366a +Author: Darren Tucker +Date: Mon Oct 30 21:35:03 2023 +1100 + + Add obsd74 test VM and retire obsd69 and obsd70. + +commit 3e21d58a09894acb38dc69ed615d101131f473d0 +Author: Darren Tucker +Date: Mon Oct 30 18:34:12 2023 +1100 + + Add OpenSSL 3.3.0 as a known dev version. + +commit 917ba181c2cbdb250a443589ec732aa36fd51ffa +Author: Darren Tucker +Date: Mon Oct 30 13:32:03 2023 +1100 + + Restore nopasswd sudo rule on Mac OS X. + + This seems to be missing from some (but not all) github runners, so + restore it if it seems to be missing. + +commit c5698abad6d4ec98ca20bcaaabaeacd5e1ec3f4f +Author: Darren Tucker +Date: Mon Oct 30 13:26:52 2023 +1100 + + Don't exit early when setting up on Mac OS X. + + We probably need some of the other bits in there (specifically, setting + the perms on the home directory) so make it less of a special snowflake. + +commit 1d6a878ceba60b9dc14037dddc8f036070c0065f +Author: dtucker@openbsd.org +Date: Sun Oct 29 06:22:07 2023 +0000 + + upstream: Only try to chown logfiles that exist to prevent spurious + + errors. + + OpenBSD-Regress-ID: f1b20a476734e885078c481f1324c9ea03af991e + +commit e612376427a66f835e284f6b426d16d7c85301bc +Author: anton@openbsd.org +Date: Thu Oct 26 18:52:45 2023 +0000 + + upstream: make use of bsd.regress.mk in extra and interop targets; ok + + dtucker@ + + OpenBSD-Regress-ID: 7ea21b5f6fc4506165093b2123d88d20ff13a4f0 + +commit ea0039173957d0edcd6469b9614dcedb44dcb4f9 +Author: dtucker@openbsd.org +Date: Thu Oct 26 12:44:07 2023 +0000 + + upstream: Skip conch interop tests when not enabled instead of fatal. + + OpenBSD-Regress-ID: b0abf81c24ac6c21f367233663228ba16fa96a46 + +commit d220b9ed5494252b26b95f05be118472bc3ab5c0 +Author: dtucker@openbsd.org +Date: Wed Oct 25 05:38:08 2023 +0000 + + upstream: Import regenerated moduli. + + OpenBSD-Commit-ID: 95f5dd6107e8902b87dc5b005ef2b53f1ff378b8 + +commit a611e4db4009447a0151f31a44e235ca32ed4429 +Author: anton@openbsd.org +Date: Wed Oct 25 08:01:59 2023 +0000 + + upstream: ssh conch interop tests requires a controlling terminal; + + ok dtucker@ + + OpenBSD-Regress-ID: cbf2701bc347c2f19d907f113779c666f1ecae4a + +commit da951b5e08c167acb5d6e2eec6f146502f5d6ed8 +Author: anton@openbsd.org +Date: Mon Oct 23 11:30:49 2023 +0000 + + upstream: Use private key that is allowed by sshd defaults in conch + + interop tests. + + ok dtucker@ + + OpenBSD-Regress-ID: 3b7f65c8f409c328bcd4b704f60cb3d31746f045 + +commit 1ca166dbb3c0ce632b98869cd955f69320aa6fe8 +Author: Darren Tucker +Date: Fri Oct 20 20:43:00 2023 +1100 + + Install Dropbear for interop testing. + +commit f993bb58351c5cb71e61aede63805a34a6d4daea +Author: Darren Tucker +Date: Fri Oct 20 20:39:03 2023 +1100 + + Resync PuTTY and Conch path handling with upstream. + + Now that configure finds these for us we can remove these -portable + specific changes. + +commit ff85becd5f5f06a76efa45d30fb204a3c5e5215c +Author: Darren Tucker +Date: Fri Oct 20 20:35:46 2023 +1100 + + Have configure find PuTTY and Conch binaries. + + This will let us remove some -portable specific changes from + test-exec.sh. + +commit c54a50359b9cecddbf3ffcdc26efcb3cd6071ec1 +Author: dtucker@openbsd.org +Date: Fri Oct 20 07:37:07 2023 +0000 + + upstream: Allow overriding the locations of the Dropbear binaries + + similar to what we do for the PuTTY ones. + + OpenBSD-Regress-ID: 7de0e00518fb0c8fdc5f243b7f82f523c936049c + +commit fbaa707d455a61d0aef8ae65e02a25bac5351e5c +Author: dtucker@openbsd.org +Date: Fri Oct 20 06:56:45 2023 +0000 + + upstream: Add interop test with Dropbear. + + Right now this is only dbclient not the Dropbear server since it won't + currently run as a ProxyCommand. + + OpenBSD-Regress-ID: 8cb898c414fcdb252ca6328896b0687acdaee496 + +commit c2003d0dbdcdb61ca336c3f90c5c2b4a09c8e73f +Author: Fabio Pedretti +Date: Mon Oct 16 11:59:53 2023 +0200 + + Update openssl-devel dependency in RPM spec. + + Since openssh 9.4p1, openssl >= 1.1.1 is required, so + build with --without-openssl elsewhere. + According to https://repology.org/project/openssl/versions + openssl 1.1.1 is available on fedora >= 29 and rhel >= 8. + Successfully build tested, installed and run on rhel 6 + +commit 064e09cd632721c7e6889904e07767443ee23821 +Author: Fabio Pedretti +Date: Mon Oct 16 10:13:06 2023 +0200 + + Remove reference of dropped sshd.pam.old file + + The file was removed in openssh 8.8 + +commit 62db354b696b378a164b6e478cb6b0171dcb0c3d +Author: dtucker@openbsd.org +Date: Mon Oct 16 08:40:00 2023 +0000 + + upstream: Move declaration of "len" into the block where it's used. + + This lets us compile Portable with -Werror with when OpenSSL doesn't have + Ed25519 support. + + OpenBSD-Commit-ID: e02e4b4af351946562a7caee905da60eff16ba29 + +commit 6eee8c972d5901d10e80634a006b4e346b2c8c19 +Author: Damien Miller +Date: Fri Oct 13 15:15:05 2023 +1100 + + run t-extra regress tests + + This exposes the t-extra regress tests (including agent-pkcs11.sh) as + a new extra-tests target in the top level Makefile and runs them by + default. ok dtucker@ + +commit 637624dbbac13f2bc3c8ec5b15c9d627d07f2935 +Author: Darren Tucker +Date: Thu Oct 12 22:01:23 2023 +1100 + + Don't use make -j2. + + While we have 2 cores available on github runners, not using it means + that the most recent log message is the actual failure, rather than + having to search back through the log for it. + +commit 971e0cfcfd52ef1d73cf5244074c306a60006e89 +Author: Darren Tucker +Date: Thu Oct 12 16:23:05 2023 +1100 + + Correct arg order for ED255519 AC_LINK_IFELSE test. + +commit c616e64688b2a0c1b4daad69b056099be998d121 +Author: djm@openbsd.org +Date: Thu Oct 12 03:51:08 2023 +0000 + + upstream: typos and extra debug trace calls + + OpenBSD-Regress-ID: 98a2a6b9333743274359e3c0f0e65cf919a591d1 + +commit c49a3fbf10162128c67c59562348de2041188974 +Author: djm@openbsd.org +Date: Thu Oct 12 03:48:53 2023 +0000 + + upstream: ensure logs are owned by correct user; feedback/ok + + dtucker@ + + OpenBSD-Regress-ID: c3297af8f07717f1d400a5d34529962f1a76b5a3 + +commit 5ec0ed79ac074c3437b25f6cba8b8cf21c8d4587 +Author: djm@openbsd.org +Date: Thu Oct 12 03:36:32 2023 +0000 + + upstream: 64 %-expansion keys ought to be enough for anybody; ok + + dtucker (we just hit the previous limit in some cases) + + OpenBSD-Commit-ID: 84070f8001ec22ff5d669f836b62f206e08c5787 + +commit f59a94e22e46db2c23eddeb871aa9e8d93ab0016 +Author: djm@openbsd.org +Date: Thu Oct 12 02:48:43 2023 +0000 + + upstream: don't dereference NULL pointer when hashing jumphost + + OpenBSD-Commit-ID: 251c0263e1759a921341c7efe7f1d4c73e1c70f4 + +commit 281c79168edcc303abfd5bca983616eaa24c5f32 +Author: Damien Miller +Date: Thu Oct 12 13:20:01 2023 +1100 + + Solaris: prefer PRIV_XPOLICY to PRIV_LIMIT + + If the system support PRIV_XPOLICY and one is set, then don't + modify PRIV_LIMIT. bz2833, patch from Ron Jordan, ok dtucker@ + +commit 98fc34df837f3a3b79d2a111b96fe8a39adcab55 +Author: djm@openbsd.org +Date: Thu Oct 12 02:18:18 2023 +0000 + + upstream: add %j token that expands to the configured ProxyJump + + hostname (or the empty string if this option is not being used). bz3610, ok + dtucker + + OpenBSD-Commit-ID: ce9983f7efe6a178db90dc5c1698df025df5e339 + +commit 7f3180be8a85320b5d3221714b40c16e66881249 +Author: djm@openbsd.org +Date: Thu Oct 12 02:15:53 2023 +0000 + + upstream: release GSS OIDs only at end of authentication; bz2982, + + ok dtucker@ + + OpenBSD-Commit-ID: 0daa41e0525ae63cae4483519ecaa37ac485d94c + +commit a612b93de5d86e955bfb6e24278f621118eea500 +Author: djm@openbsd.org +Date: Thu Oct 12 02:12:53 2023 +0000 + + upstream: mask SIGINT/TERM/QUIT/HUP before checking quit_pending + + and use ppoll() to unmask them in the mainloop. Avoids race condition between + signaling ssh to exit and polling. bz3531; ok dtucker + + OpenBSD-Commit-ID: 5c14e1aabcddedb95cdf972283d9c0d5083229e7 + +commit 531b27a006116fe7aff325510aaa576f24844452 +Author: djm@openbsd.org +Date: Wed Oct 11 23:23:58 2023 +0000 + + upstream: sync usage() with ssh.1; spotted by kn@ + + OpenBSD-Commit-ID: 191a85639477dcb5fa1616d270d93b7c8d5c1dfd + +commit 64f7ca881b19be754425dca60d1590d306c9d1d0 +Author: djm@openbsd.org +Date: Wed Oct 11 23:14:33 2023 +0000 + + upstream: ssh -Q does not make sense with other command-line options, + + so give it its own line in the manpage + + OpenBSD-Commit-ID: 00a747f0655c12122bbb77c2796be0013c105361 + +commit a752a6c0e1001f93696d7025f0c867f0376e2ecf +Author: djm@openbsd.org +Date: Wed Oct 11 22:42:26 2023 +0000 + + upstream: add ChannelTimeout support to the client, mirroring the + + same option in the server. ok markus@ + + OpenBSD-Commit-ID: 55630b26f390ac063980cfe7ad8c54b03284ef02 + +commit 76e91e7238cdc5662bc818e2a48d466283840d23 +Author: djm@openbsd.org +Date: Wed Oct 11 22:41:05 2023 +0000 + + upstream: add support for reading ED25519 private keys in PEM PKCS8 + + format; ok markus@ tb@ + + OpenBSD-Commit-ID: 01b85c91757e6b057e9b23b8a23f96415c3c7174 + +commit fc77c8e352c0f44125425c05265e3a00c183d78a +Author: djm@openbsd.org +Date: Wed Oct 11 06:40:54 2023 +0000 + + upstream: mention "none" is a valid argument to IdentityFile; bz3080 + + OpenBSD-Commit-ID: 1b4fb590ef731099349a7d468b77f02b240ac926 + +commit c97520d23d1fe53d30725a2af25d2dddd6f2faff +Author: djm@openbsd.org +Date: Wed Oct 11 05:42:08 2023 +0000 + + upstream: in olde rcp/scp protocol mode, when rejecting a path from the + + server as not matching the glob that the client sent, log (at debug level) + the received pathname as well as the list of possible expected paths expanded + from the glob. bz2966 + + OpenBSD-Commit-ID: 0bd8db8a595334ca86bca8f36e23fc0395315765 + +commit 208c2b719879805983398160791d6a1ef9c2c3fc +Author: djm@openbsd.org +Date: Wed Oct 11 04:46:29 2023 +0000 + + upstream: s/%.100s/%s/ in SSH- banner construction as there's no + + reason to limit its size: the version string bring included is a compile time + constant going into an allocated banner string. + + OpenBSD-Commit-ID: 0ef73304b9bf3e534c60900cd84ab699f859ebcd + +commit 0354790826b97c41bbd171a965574e159b58d83e +Author: tb@openbsd.org +Date: Tue Oct 10 06:49:54 2023 +0000 + + upstream: Garbage collect cipher_get_keyiv_len() + + This is a compat20 leftover, unused since 2017. + + ok djm + + OpenBSD-Commit-ID: 91fa5497c9dc6883064624ac27813a567883fdce + +commit 8d29ee4115001a02641386ae394992c65ed279e0 +Author: djm@openbsd.org +Date: Tue Oct 10 03:57:45 2023 +0000 + + upstream: Reserve a range of "local extension" message numbers that + + OpenSSH promises not to use (comment change only) + + OpenBSD-Commit-ID: e61795b453d4892d2c99ce1039112c4a00250e03 + +commit 90b0d73d63a706e85f6431f05a62d2ce1b476472 +Author: djm@openbsd.org +Date: Fri Oct 6 03:32:15 2023 +0000 + + upstream: typo in error message + + OpenBSD-Regress-ID: 6a8edf0dc39941298e3780b147b10c0a600b4fee + +commit e84517f51532ec913d8fb01a8aab7307134774bb +Author: djm@openbsd.org +Date: Fri Oct 6 03:25:14 2023 +0000 + + upstream: Perform the softhsm2 setup as discrete steps rather than + + as a long shell pipeline. Makes it easier to figure out what has happened + when it breaks. + + OpenBSD-Regress-ID: b3f1292115fed65765d0a95414df16e27772d81c + +commit cb54becff4d776238e0e9072943ba0872260535d +Author: claudio@openbsd.org +Date: Sun Sep 24 08:14:13 2023 +0000 + + upstream: REGRESS_FAIL_EARLY defaults to yes now. So no need to + + overload the value here anymore. OK tb@ bluhm@ + + OpenBSD-Regress-ID: f063330f1bebbcd373100afccebc91a965b14496 + +commit f01f5137ceba65baf34ceac5a298c12ac01b1fef +Author: jmc@openbsd.org +Date: Wed Oct 4 05:42:10 2023 +0000 + + upstream: spelling fix; + + OpenBSD-Commit-ID: 493f95121567e5ab0d9dd1150f873b5535ca0195 + +commit 80a2f64b8c1d27383cc83d182b73920d1e6a91f1 +Author: Damien Miller +Date: Wed Oct 4 15:34:10 2023 +1100 + + crank version numbers + +commit f65f187b105d9b5c12fd750a211397d08c17c6d4 +Author: djm@openbsd.org +Date: Wed Oct 4 04:04:09 2023 +0000 + + upstream: openssh-9.5 + + OpenBSD-Commit-ID: 5e0af680480bd3b6f5560cf840ad032d48fd6b16 + +commit ffe27e54a4bb18d5d3bbd3f4cc93a41b8d94dfd2 +Author: djm@openbsd.org +Date: Wed Oct 4 04:03:50 2023 +0000 + + upstream: add some cautionary text about % token expansion and + + shell metacharacters; based on report from vinci AT protonmail.ch + + OpenBSD-Commit-ID: aa1450a54fcee2f153ef70368d90edb1e7019113 + +commit 60ec3d54fd1ebfe2dda75893fa1e870b8dffbb0d +Author: djm@openbsd.org +Date: Tue Oct 3 23:56:10 2023 +0000 + + upstream: fix link to agent draft; spotted by Jann Horn + + OpenBSD-Commit-ID: ff5bda21a83ec013db683e282256a85201d2dc4b + +commit 12e2d4b13f6f63ce2de13cbfcc9e4d0d4b4ab231 +Author: Damien Miller +Date: Wed Oct 4 10:54:04 2023 +1100 + + use portable provider allowlist path in manpage + + spotted by Jann Horn + +commit 6c2c6ffde75df95fd838039850d3dd3d84956d87 +Author: deraadt@openbsd.org +Date: Tue Sep 19 20:37:07 2023 +0000 + + upstream: typo; from Jim Spath + + OpenBSD-Commit-ID: 2f5fba917b5d4fcf93d9e0b0756c7f63189e228e + +commit b6b49130a0089b297245ee39e769231d7c763014 +Author: djm@openbsd.org +Date: Sun Sep 10 23:12:32 2023 +0000 + + upstream: rename remote_glob() -> sftp_glob() to match other API + + OpenBSD-Commit-ID: d9dfb3708d824ec02970a84d96cf5937e0887229 + +commit 21b79af6c8d2357c822c84cef3fbdb8001ed263b +Author: djm@openbsd.org +Date: Sun Sep 10 03:51:55 2023 +0000 + + upstream: typo in comment + + OpenBSD-Commit-ID: 69285e0ce962a7c6b0ab5f17a293c60a0a360a18 + +commit 41232d25532b4d2ef6c5db62efc0cf50a79d26ca +Author: Darren Tucker +Date: Sun Sep 10 15:45:38 2023 +1000 + + Use zero-call-used-regs=used with Apple compilers. + + Apple's versions of clang have version numbers that do not match the + corresponding upstream clang versions. Unfortunately, they do still + have the clang-15 zero-call-used-regs=all bug, so for now use the value + that doesn't result in segfaults. We could allowlist future versions + that are known to work. bz#3584 (and probably also our github CI + failures). + +commit 90ccc5918ea505bf156c31148b6b59a1bf5d6dc6 +Author: djm@openbsd.org +Date: Sun Sep 10 03:25:53 2023 +0000 + + upstream: randomise keystroke obfuscation intervals and average + + interval rate. ok dtucker@ + + OpenBSD-Commit-ID: 05f61d051ab418fcfc4857ff306e420037502382 + +commit bd1b9e52f5fa94d87223c90905c5fdc1a7c32aa6 +Author: djm@openbsd.org +Date: Fri Sep 8 06:34:24 2023 +0000 + + upstream: fix sizeof(*ptr) instead sizeof(ptr) in realloc (pointer here + + is char**, so harmless); spotted in CID 416964 + + OpenBSD-Commit-ID: c61caa4a5a667ee20bb1042098861e6c72c69002 + +commit c4f966482983e18601eec70a1563115de836616f +Author: djm@openbsd.org +Date: Fri Sep 8 06:10:57 2023 +0000 + + upstream: regress test recursive remote-remote directories copies where + + the directory contains a symlink to another directory. + + also remove errant `set -x` that snuck in at some point + + OpenBSD-Regress-ID: 1c94a48bdbd633ef2285954ee257725cd7bc456f + +commit 5e1dfe5014ebc194641678303e22ab3bba15f4e5 +Author: djm@openbsd.org +Date: Fri Sep 8 06:10:02 2023 +0000 + + upstream: fix recursive remote-remote copies of directories that + + contain symlinks to other directories (similar to bz3611) + + OpenBSD-Commit-ID: 7e19d2ae09b4f941bf8eecc3955c9120171da37f + +commit 7c0ce2bf98b303b6ad91493ee3247d96c18ba1f6 +Author: djm@openbsd.org +Date: Fri Sep 8 05:50:57 2023 +0000 + + upstream: regress test for recursive copies of directories containing + + symlinks to other directories. bz3611, ok dtucker@ + + OpenBSD-Regress-ID: eaa4c29cc5cddff4e72a16bcce14aeb1ecfc94b9 + +commit 2de990142a83bf60ef694378b8598706bc654b08 +Author: djm@openbsd.org +Date: Fri Sep 8 05:56:13 2023 +0000 + + upstream: the sftp code was one of my first contributions to + + OpenSSH and it shows - the function names are terrible. + + Rename do_blah() to sftp_blah() to make them less so. + + Completely mechanical except for sftp_stat() and sftp_lstat() which + change from returning a pointer to a static variable (error-prone) to + taking a pointer to a caller-provided receiver. + + OpenBSD-Commit-ID: eb54d6a72d0bbba4d623e2175cf5cc4c75dc2ba4 + +commit 249d8bd0472b53e3a2a0e138b4c030a31e83346a +Author: djm@openbsd.org +Date: Fri Sep 8 05:50:12 2023 +0000 + + upstream: fix scp in SFTP mode recursive upload and download of + + directories that contain symlinks to other directories. In scp mode, the + links would be followed, but in SFTP mode they were not. bz3611, ok dtucker@ + + OpenBSD-Commit-ID: 9760fda668eaa94a992250d7670dfbc62a45197c + +commit 0e1f4401c466fa4fdaea81b6dadc8dd1fc4cf0af +Author: djm@openbsd.org +Date: Wed Sep 6 23:36:09 2023 +0000 + + upstream: regression test for override of subsystem in match blocks + + OpenBSD-Regress-ID: 5f8135da3bfda71067084c048d717b0e8793e87c + +commit 8a1450c62035e834d8a79a5d0d1c904236f9dcfe +Author: djm@openbsd.org +Date: Wed Sep 6 23:35:35 2023 +0000 + + upstream: allow override of Sybsystem directives in sshd Match + + blocks + + OpenBSD-Commit-ID: 3911d18a826a2d2fe7e4519075cf3e57af439722 + +commit 6e52826e2a74d077147a82ead8d4fbd5b54f4e3b +Author: djm@openbsd.org +Date: Wed Sep 6 23:26:37 2023 +0000 + + upstream: allocate the subsystems array as necessary and remove the + + fixed limit of subsystems. Saves a few kb of memory in the server and makes + it more like the other options. + + OpenBSD-Commit-ID: e683dfca6bdcbc3cc339bb6c6517c0c4736a547f + +commit e19069c9fac4c111d6496b19c7f7db43b4f07b4f +Author: djm@openbsd.org +Date: Wed Sep 6 23:23:53 2023 +0000 + + upstream: preserve quoting of Subsystem commands and arguments. + + This may change behaviour of exotic configurations, but the most common + subsystem configuration (sftp-server) is unlikely to be affected. + + OpenBSD-Commit-ID: 8ffa296aeca981de5b0945242ce75aa6dee479bf + +commit 52dfe3c72d98503d8b7c6f64fc7e19d685636c0b +Author: djm@openbsd.org +Date: Wed Sep 6 23:21:36 2023 +0000 + + upstream: downgrade duplicate Subsystem directives from being a + + fatal error to being a debug message to match behaviour with just about all + other directives. + + OpenBSD-Commit-ID: fc90ed2cc0c18d4eb8e33d2c5e98d25f282588ce + +commit 1ee0a16e07b6f0847ff463d7b5221c4bf1876e25 +Author: djm@openbsd.org +Date: Wed Sep 6 23:18:15 2023 +0000 + + upstream: handle cr+lf (instead of just cr) in sshsig signature + + files + + OpenBSD-Commit-ID: 647460a212b916540016d066568816507375fd7f + +commit e1c284d60a928bcdd60bc575c6f9604663502770 +Author: job@openbsd.org +Date: Mon Sep 4 10:29:58 2023 +0000 + + upstream: Generate Ed25519 keys when invoked without arguments + + Ed25519 public keys are very convenient due to their small size. + OpenSSH has supported Ed25519 since version 6.5 (January 2014). + + OK djm@ markus@ sthen@ deraadt@ + + OpenBSD-Commit-ID: f498beaad19c8cdcc357381a60df4a9c69858b3f + +commit 694150ad92765574ff82a18f4e86322bd3231e68 +Author: djm@openbsd.org +Date: Mon Sep 4 00:08:14 2023 +0000 + + upstream: trigger keystroke timing obfucation only if the channels + + layer enqueud some data in the last poll() cycle; this avoids triggering the + obfuscatior for non-channels data like ClientAlive probes and also fixes a + related problem were the obfucations would be triggered on fully quiescent + connections. + + Based on / tested by naddy@ + + OpenBSD-Commit-ID: d98f32dc62d7663ff4660e4556e184032a0db123 + +commit b5fd97896b59a3a46245cf438cc8b16c795d9f74 +Author: djm@openbsd.org +Date: Mon Sep 4 00:04:02 2023 +0000 + + upstream: avoid bogus "obfuscate_keystroke_timing: stopping ..." + + debug messages when keystroke timing obfuscation was never started; spotted + by naddy@ + + OpenBSD-Commit-ID: 5c270d35f7d2974db5c1646e9c64188f9393be31 + +commit ccf7d913db34e49b7a6db1b8331bd402004c840d +Author: djm@openbsd.org +Date: Mon Sep 4 00:01:46 2023 +0000 + + upstream: make channel_output_poll() return a flag indicating + + whether channel data was enqueued. Will be used to improve keystroke timing + obfuscation. Problem spotted by / tested by naddy@ + + OpenBSD-Commit-ID: f9776c7b0065ba7c3bbe50431fd3b629f44314d0 + +commit 43254b326ac6e2131dbd750f9464dc62c14bd5a7 +Author: djm@openbsd.org +Date: Sun Sep 3 23:59:32 2023 +0000 + + upstream: set interactive mode for ControlPersist sessions if they + + originally requested a tty; enables keystroke timing obfuscation for most + ControlPersist sessions. Spotted by naddy@ + + OpenBSD-Commit-ID: 72783a26254202e2f3f41a2818a19956fe49a772 + +commit ff3eda68ceb2e2bb8f48e3faceb96076c3e85c20 +Author: Darren Tucker +Date: Thu Aug 31 23:02:35 2023 +1000 + + Set LLONG_MAX for C89 test. + + If we don't have LLONG_MAX, configure will figure out that it can get it + by setting -std=gnu99, at which point we won't be testing C89 any more. + To avoid this, feed it in via CFLAGS. + +commit f98031773db361424d59e3301aa92aacf423d920 +Author: djm@openbsd.org +Date: Tue Aug 29 02:50:10 2023 +0000 + + upstream: make PerSourceMaxStartups first-match-wins; ok dtucker@ + + OpenBSD-Commit-ID: dac0c24cb709e3c595b8b4f422a0355dc5a3b4e7 + +commit cfa66857db90cd908de131e0041a50ffc17c7df8 +Author: djm@openbsd.org +Date: Mon Aug 28 09:52:09 2023 +0000 + + upstream: descriptive text shouldn't be under .Cm + + OpenBSD-Commit-ID: b1afaeb456a52bc8a58f4f9f8b2f9fa8f6bf651b + +commit 01dbf3d46651b7d6ddf5e45d233839bbfffaeaec +Author: djm@openbsd.org +Date: Mon Aug 28 09:48:11 2023 +0000 + + upstream: limit artificial login delay to a reasonable maximum (5s) + + and don't delay at all for the "none" authentication mechanism. Patch by + Dmitry Belyavskiy in bz3602 with polish/ok dtucker@ + + OpenBSD-Commit-ID: 85b364676dd84cf1de0e98fc2fbdcb1a844ce515 + +commit 528da5b9d7c5da01ed7a73ff21c722e1b5326006 +Author: jmc@openbsd.org +Date: Mon Aug 28 05:32:28 2023 +0000 + + upstream: add spacing for punctuation when macro args; + + OpenBSD-Commit-ID: e80343c16ce0420b2aec98701527cf90371bd0db + +commit 3867361ca691d0956ef7d5fb8181cf554a91d84a +Author: djm@openbsd.org +Date: Mon Aug 28 04:06:52 2023 +0000 + + upstream: explicit long long type in timing calculations (doesn't + + matter, since the range is pre-clamped) + + OpenBSD-Commit-ID: f786ed902d04a5b8ecc581d068fea1a79aa772de + +commit 7603ba71264e7fa938325c37eca993e2fa61272f +Author: djm@openbsd.org +Date: Mon Aug 28 03:31:16 2023 +0000 + + upstream: Add keystroke timing obfuscation to the client. + + This attempts to hide inter-keystroke timings by sending interactive + traffic at fixed intervals (default: every 20ms) when there is only a + small amount of data being sent. It also sends fake "chaff" keystrokes + for a random interval after the last real keystroke. These are + controlled by a new ssh_config ObscureKeystrokeTiming keyword/ + + feedback/ok markus@ + + OpenBSD-Commit-ID: 02231ddd4f442212820976068c34a36e3c1b15be + +commit dce6d80d2ed3cad2c516082682d5f6ca877ef714 +Author: djm@openbsd.org +Date: Mon Aug 28 03:28:43 2023 +0000 + + upstream: Introduce a transport-level ping facility + + This adds a pair of SSH transport protocol messages SSH2_MSG_PING/PONG + to implement a ping capability. These messages use numbers in the "local + extensions" number space and are advertised using a "ping@openssh.com" + ext-info message with a string version number of "0". + + ok markus@ + + OpenBSD-Commit-ID: b6b3c4cb2084c62f85a8dc67cf74954015eb547f + +commit d2d247938b38b928f8a6e1a47a330c5584d3a358 +Author: tobhe@openbsd.org +Date: Mon Aug 21 21:16:18 2023 +0000 + + upstream: Log errors in kex_exchange_identification() with level + + verbose instead of error to reduce preauth log spam. All of those get logged + with a more generic error message by sshpkt_fatal(). + + feedback from sthen@ + ok djm@ + + OpenBSD-Commit-ID: bd47dab4695b134a44c379f0e9a39eed33047809 + +commit 9d7193a8359639801193ad661a59d1ae4dc3d302 +Author: djm@openbsd.org +Date: Mon Aug 21 04:59:54 2023 +0000 + + upstream: correct math for ClientAliveInterval that caused the + + probes to be sent less frequently than configured; from Dawid Majchrzak + + OpenBSD-Commit-ID: 641153e7c05117436ddfc58267aa267ca8b80038 + +commit 3c6ab63b383b0b7630da175941e01de9db32a256 +Author: Darren Tucker +Date: Fri Aug 25 14:48:02 2023 +1000 + + Include Portable version in sshd version string. + + bz#3608, ok djm@ + +commit 17fa6cd10a26e193bb6f65d21264d2fe553bcd87 +Author: Darren Tucker +Date: Mon Aug 21 19:47:58 2023 +1000 + + obsd-arm64 host is real hardware... + + so put in the correct config location. + +commit 598ca75c85acaaacee5ef954251e489cc20d7be9 +Author: Darren Tucker +Date: Mon Aug 21 18:38:36 2023 +1000 + + Add OpenBSD ARM64 test host. + +commit 1acac79bfbe207e8db639e8043524962037c8feb +Author: Darren Tucker +Date: Mon Aug 21 18:05:26 2023 +1000 + + Add test for zlib development branch. + +commit 84efebf352fc700e9040c8065707c63caedd36a3 +Author: djm@openbsd.org +Date: Mon Aug 21 04:36:46 2023 +0000 + + upstream: want stdlib.h for free(3) + + OpenBSD-Commit-ID: 743af3c6e3ce5e6cecd051668f0327a01f44af29 + +commit cb4ed12ffc332d1f72d054ed92655b5f1c38f621 +Author: Darren Tucker +Date: Sat Aug 19 07:39:08 2023 +1000 + + Fix zlib version check for 1.3 and future version. + + bz#3604. + +commit 25b75e21f16bccdaa472ea1889b293c9bd51a87b +Author: Darren Tucker +Date: Mon Aug 14 11:10:08 2023 +1000 + + Add 9.4 branch to CI status page. + +commit 803e22eabd3ba75485eedd8b7b44d6ace79f2052 +Author: djm@openbsd.org +Date: Fri Aug 18 01:37:41 2023 +0000 + + upstream: fix regression in OpenSSH 9.4 (mux.c r1.99) that caused + + multiplexed sessions to ignore SIGINT under some circumstances. Reported by / + feedback naddy@, ok dtucker@ + + OpenBSD-Commit-ID: 4d5c6c894664f50149153fd4764f21f43e7d7e5a + +commit e706bca324a70f68dadfd0ec69edfdd486eed23a +Author: djm@openbsd.org +Date: Wed Aug 16 16:14:11 2023 +0000 + + upstream: defence-in-depth MaxAuthTries check in monitor; ok markus + + OpenBSD-Commit-ID: 65a4225dc708e2dae71315adf93677edace46c21 + +commit d1ab7eb90474df656d5e9935bae6df0bd000d343 +Author: djm@openbsd.org +Date: Mon Aug 14 03:37:00 2023 +0000 + + upstream: add message number of SSH2_MSG_NEWCOMPRESS defined in RFC8308 + + OpenBSD-Commit-ID: 6c984171c96ed67effd7b5092f3d3975d55d6028 + +commit fa8da52934cb7dff6f660a143276bdb28bb9bbe1 +Author: Darren Tucker +Date: Sun Aug 13 15:01:27 2023 +1000 + + Add obsd72 and obsd73 test targets. + +commit f9f18006678d2eac8b0c5a5dddf17ab7c50d1e9f +Author: djm@openbsd.org +Date: Thu Aug 10 23:05:48 2023 +0000 + + upstream: better debug logging of sessions' exit status + + OpenBSD-Commit-ID: 82237567fcd4098797cbdd17efa6ade08e1a36b0 + +commit a8c57bcb077f0cfdffcf9f23866bf73bb93e185c +Author: naddy@openbsd.org +Date: Thu Aug 10 14:37:32 2023 +0000 + + upstream: drop a wayward comma, ok jmc@ + + OpenBSD-Commit-ID: 5c11fbb9592a29b37bbf36f66df50db9d38182c6 + +commit e962f9b318a238db1becc53c2bf79dd3a49095b4 +Author: Damien Miller +Date: Thu Aug 10 11:10:22 2023 +1000 + + depend + +commit 0fcb60bf83130dfa428bc4422b3a3ac20fb528af +Author: Damien Miller +Date: Thu Aug 10 11:05:42 2023 +1000 + + update versions in RPM specs + +commit d0cee4298491314f09afa1c4383a66d913150b26 +Author: Damien Miller +Date: Thu Aug 10 11:05:14 2023 +1000 + + update version in README + +commit 78b4dc6684f4d35943b46b24ee645edfdb9974f5 +Author: djm@openbsd.org +Date: Thu Aug 10 01:01:07 2023 +0000 + + upstream: openssh-9.4 + + OpenBSD-Commit-ID: 71fc1e01a4c4ea061b252bd399cda7be757e6e35 + +commit 58ca4f0aa8c4306ac0a629c9a85fb1efaf4ff092 +Author: Darren Tucker +Date: Thu Aug 10 11:30:24 2023 +1000 + + Only include unistd.h once. + +commit 3961ed02dc578517a9d2535128cff5c3a5460d28 +Author: Damien Miller +Date: Thu Aug 10 09:08:49 2023 +1000 + + wrap poll.h include in HAVE_POLL_H + +commit e535fbe2af893046c28adfcd787c1fdbae36a24a +Author: dtucker@openbsd.org +Date: Fri Aug 4 06:32:40 2023 +0000 + + upstream: Apply ConnectTimeout to multiplexing local socket + + connections. If the multiplex socket exists but the connection times out, + ssh will fall back to a direct connection the same way it would if the socket + did not exist at all. ok djm@ + + OpenBSD-Commit-ID: 2fbe1a36d4a24b98531b2d298a6557c8285dc1b4 + +commit 9d92e7b24848fcc605945f7c2e3460c7c31832ce +Author: Darren Tucker +Date: Thu Aug 3 19:35:33 2023 +1000 + + Fix RNG seeding for OpenSSL w/out self seeding. + + When sshd is built with an OpenSSL that does not self-seed, it would + fail in the preauth privsep process while handling a new connection. + Sanity checked by djm@ + +commit f70010d9b0b3e7e95de8aa0b961e1d74362cfb5d +Author: djm@openbsd.org +Date: Wed Aug 2 23:04:38 2023 +0000 + + upstream: CheckHostIP has defaulted to 'no' for a while; make the + + commented- out config option match. From Ed Maste + + OpenBSD-Commit-ID: e66e934c45a9077cb1d51fc4f8d3df4505db58d9 + +commit c88a8788f9865d02b986d00405b9f0be65ad0b5a +Author: dtucker@openbsd.org +Date: Tue Aug 1 08:15:04 2023 +0000 + + upstream: remove unnecessary if statement. + + github PR#422 from eyalasulin999, ok djm@ + + OpenBSD-Commit-ID: 2b6b0dde4407e039f58f86c8d2ff584a8205ea55 + +commit 77b8b865cd5a8c79a47605c0c5b2bacf4692c4d5 +Author: jmc@openbsd.org +Date: Fri Jul 28 05:42:36 2023 +0000 + + upstream: %C is a callable macro in mdoc(7) + + so, as we do for %D, escape it; + + OpenBSD-Commit-ID: 538cfcddbbb59dc3a8739604319491dcb8e0c0c9 + +commit e0f91aa9c2fbfc951e9ced7e1305455fc614d3f2 +Author: djm@openbsd.org +Date: Fri Jul 28 05:33:15 2023 +0000 + + upstream: don't need to start a command here; use ssh -N instead. + + Fixes failure on cygwin spotted by Darren + + OpenBSD-Regress-ID: ff678a8cc69160a3b862733d935ec4a383f93cfb + +commit f446a44f30bc680e0d026a4204844b02646c1c2d +Author: djm@openbsd.org +Date: Wed May 17 05:52:01 2023 +0000 + + upstream: add LTESTS_FROM variable to allow skipping of tests up to + + a specific point. e.g. "make LTESTS_FROM=t-sftp" will only run the sftp.sh + test and subsequent ones. ok dtucker@ + + OpenBSD-Regress-ID: 07f653de731def074b29293db946042706fcead3 + +commit 8eb8899d612440a9b608bee7f916081d3d0b7812 +Author: djm@openbsd.org +Date: Fri May 12 06:37:42 2023 +0000 + + upstream: test ChrootDirectory in Match block + + OpenBSD-Regress-ID: a6150262f39065939f025e546af2a346ffe674c1 + +commit e43f43d3f19516222e9a143468ea0dc1b3ab67b6 +Author: djm@openbsd.org +Date: Fri May 12 06:36:27 2023 +0000 + + upstream: better error messages + + OpenBSD-Regress-ID: 55e4186604e80259496d841e690ea2090981bc7a + +commit 6958f00acf3b9e0b3730f7287e69996bcf3ceda4 +Author: djm@openbsd.org +Date: Thu Jul 27 22:26:49 2023 +0000 + + upstream: don't incorrectly truncate logged strings retrieved from + + PKCS#11 modules; based on GHPR406 by Jakub Jelen; ok markus + + OpenBSD-Commit-ID: 7ed1082f23a13b38c373008f856fd301d50012f9 + +commit d1ffde6b55170cd4b9a72bfd9a3f17508e6cf714 +Author: djm@openbsd.org +Date: Thu Jul 27 22:25:17 2023 +0000 + + upstream: make sshd_config AuthorizedPrincipalsCommand and + + AuthorizedKeysCommand accept the %D (routing domain) and a new %C (connection + address/port 4-tuple) as expansion sequences; ok markus + + OpenBSD-Commit-ID: ee9a48bf1a74c4ace71b69de69cfdaa2a7388565 + +commit 999a2886ca1844a7a74b905e5f2c8c701f9838cd +Author: djm@openbsd.org +Date: Thu Jul 27 22:23:05 2023 +0000 + + upstream: increase default KDF work-factor for OpenSSH format + + private keys from 16 to 24; { feedback ok } x { deraadt markus } + + OpenBSD-Commit-ID: a3afb1383f8ff0a49613d449f02395d9e8d4a9ec + +commit 0fa803a1dd1c7b546c166000e23a869cf6c4ec10 +Author: Darren Tucker +Date: Thu Jul 27 02:25:09 2023 +1000 + + Prefer OpenSSL's SHA256 in sk-dummy.so + + Previously sk-dummy.so used libc's (or compat's) SHA256 since it may be + built without OpenSSL. In many cases, however, including both libc's + and OpenSSL's headers together caused conflicting definitions. + + We tried working around this (on OpenSSL <1.1 you could define + OPENSSL_NO_SHA, NetBSD had USE_LIBC_SHA2, various #define hacks) with + varying levels of success. Since OpenSSL >=1.1 removed OPENSSL_NO_SHA + and including most OpenSSL headers would bring sha.h in, even if it + wasn't used directly this was a constant hassle. + + Admit defeat and use OpenSSL's SHA256 unless we aren't using OpenSSL at + all. ok djm@ + +commit 36cdb5dbf55c99c0faad06066f56a7c341258c1f +Author: Darren Tucker +Date: Thu Jul 27 10:29:44 2023 +1000 + + Retire dfly58 test VM. Add dfly64. + +commit 2d34205dab08ede9b0676efa57647fc49e6decbe +Author: djm@openbsd.org +Date: Wed Jul 26 23:06:00 2023 +0000 + + upstream: make ssh -f (fork after authentication) work properly in + + multiplexed cases (inc. ControlPersist). bz3589 bz3589 Based on patches by + Peter Chubb; ok dtucker@ + + OpenBSD-Commit-ID: a7a2976a54b93e6767dc846b85647e6ec26969ac + +commit 076aeda86a7ee9be8fd2f0181ec7b9729a6ceb37 +Author: naddy@openbsd.org +Date: Sun Jul 23 20:04:45 2023 +0000 + + upstream: man page typos; ok jmc@ + + OpenBSD-Commit-ID: e6ddfef94b0eb867ad88abe07cedc8ed581c07f0 + +commit 135e7d5fe31f700e6dfc61ce914970c5ee7175ba +Author: jmc@openbsd.org +Date: Thu Jul 20 05:43:39 2023 +0000 + + upstream: tweak the allow-remote-pkcs11 text; + + OpenBSD-Commit-ID: bc965460a89edf76865b7279b45cf9cbdebd558a + +commit 5f83342b61d1f76c141de608ed2bd293990416bd +Author: Darren Tucker +Date: Tue Jul 25 13:00:22 2023 +1000 + + Handle a couple more OpenSSL no-ecc cases. + + ok djm@ + +commit edc2ef4e418e514c99701451fae4428ec04ce538 +Author: Damien Miller +Date: Thu Jul 20 12:53:44 2023 +1000 + + depend + +commit 51fda734e0d3c2df256fc03e8b060c4305be6e59 +Author: Damien Miller +Date: Thu Jul 20 12:53:21 2023 +1000 + + Bring back OPENSSL_HAS_ECC to ssh-pkcs11-client + +commit 099cdf59ce1e72f55d421c8445bf6321b3004755 +Author: djm@openbsd.org +Date: Wed Jul 19 14:03:45 2023 +0000 + + upstream: Separate ssh-pkcs11-helpers for each p11 module + + Make ssh-pkcs11-client start an independent helper for each provider, + providing better isolation between modules and reliability if a single + module misbehaves. + + This also implements reference counting of PKCS#11-hosted keys, + allowing ssh-pkcs11-helper subprocesses to be automatically reaped + when no remaining keys reference them. This fixes some bugs we have + that make PKCS11 keys unusable after they have been deleted, e.g. + https://bugzilla.mindrot.org/show_bug.cgi?id=3125 + + ok markus@ + + OpenBSD-Commit-ID: 0ce188b14fe271ab0568f4500070d96c5657244e + +commit 29ef8a04866ca14688d5b7fed7b8b9deab851f77 +Author: djm@openbsd.org +Date: Wed Jul 19 14:02:27 2023 +0000 + + upstream: Ensure FIDO/PKCS11 libraries contain expected symbols + + This checks via nlist(3) that candidate provider libraries contain one + of the symbols that we will require prior to dlopen(), which can cause + a number of side effects, including execution of constructors. + + Feedback deraadt; ok markus + + OpenBSD-Commit-ID: 1508a5fbd74e329e69a55b56c453c292029aefbe + +commit 1f2731f5d7a8f8a8385c6031667ed29072c0d92a +Author: djm@openbsd.org +Date: Wed Jul 19 13:56:33 2023 +0000 + + upstream: Disallow remote addition of FIDO/PKCS11 provider + + libraries to ssh-agent by default. + + The old behaviour of allowing remote clients from loading providers + can be restored using `ssh-agent -O allow-remote-pkcs11`. + + Detection of local/remote clients requires a ssh(1) that supports + the `session-bind@openssh.com` extension. Forwarding access to a + ssh-agent socket using non-OpenSSH tools may circumvent this control. + + ok markus@ + + OpenBSD-Commit-ID: 4c2bdf79b214ae7e60cc8c39a45501344fa7bd7c + +commit 892506b13654301f69f9545f48213fc210e5c5cc +Author: djm@openbsd.org +Date: Wed Jul 19 13:55:53 2023 +0000 + + upstream: terminate process if requested to load a PKCS#11 provider + + that isn't a PKCS#11 provider; from / ok markus@ + + OpenBSD-Commit-ID: 39532cf18b115881bb4cfaee32084497aadfa05c + +commit f3f56df8ec476b2de6cbdbdfdb77a2a61087829d +Author: Damien Miller +Date: Wed Jul 19 12:07:18 2023 +1000 + + agent_fuzz doesn't want stdint.h conditionalised + +commit 750911fd31d307a767cc86e3bfa90bbbb77b1a25 +Author: Damien Miller +Date: Tue Jul 18 15:41:12 2023 +1000 + + conditionalise stdint.h inclusion on HAVE_STDINT_H + + fixes build on AIX5 at least + +commit ff047504fa6e008c4092f8929881816b8993bea0 +Author: Damien Miller +Date: Tue Jul 18 15:30:45 2023 +1000 + + conditionalise match localnetwork on ifaddrs.h + + Fixes build breakage on platforms that lack getifaddrs() + +commit b87b03282e466ca2927954ce93f5dbf0bfdc68f6 +Author: djm@openbsd.org +Date: Mon Jul 17 06:16:33 2023 +0000 + + upstream: missing match localnetwork negation check + + OpenBSD-Commit-ID: 9a08ed8dae27d3f38cf280f1b28d4e0ff41a737a + +commit 6d6e185ba29ef4274164b77eab4dc763907f8821 +Author: jmc@openbsd.org +Date: Mon Jul 17 05:41:53 2023 +0000 + + upstream: - add -P to usage() - sync the arg name to -J in usage() + + with that in ssh.1 - reformat usage() to match what "man ssh" does on 80width + + OpenBSD-Commit-ID: 5235dd7aa42e5bf90ae54579d519f92fc107036e + +commit f1a9898283a0638667b587ee4a950afd61ab51b0 +Author: jmc@openbsd.org +Date: Mon Jul 17 05:38:10 2023 +0000 + + upstream: -P before -p in SYNOPSIS; + + OpenBSD-Commit-ID: 535f5257c779e26c6a662a038d241b017f8cab7c + +commit eef4d7e873568e1c84c36bb4034e2c3378250a61 +Author: jsg@openbsd.org +Date: Mon Jul 17 05:36:14 2023 +0000 + + upstream: configuation -> configuration + + OpenBSD-Commit-ID: 4776ced33b780f1db0b2902faec99312f26a726b + +commit dc1dbe94cf6532bd546a3373ad436404f8850e5f +Author: djm@openbsd.org +Date: Mon Jul 17 05:26:38 2023 +0000 + + upstream: move other RCSIDs to before their respective license blocks + + too no code change + + OpenBSD-Commit-ID: ef5bf46b57726e4260a63b032b0b5ac3b4fe9cd4 + +commit ebe11044681caff78834ca6b78311ad19c1860b8 +Author: djm@openbsd.org +Date: Mon Jul 17 05:22:30 2023 +0000 + + upstream: Move RCSID to before license block and away from #includes, + + where it caused merge conflict in -portable for each commit :( + + OpenBSD-Commit-ID: 756ebac963df3245258b962e88150ebab9d5fc20 + +commit 05c08e5f628de3ecf6f7ea20947735bcfa3201e0 +Author: djm@openbsd.org +Date: Mon Jul 17 05:20:15 2023 +0000 + + upstream: return SSH_ERR_KRL_BAD_MAGIC when a KRL doesn't contain a + + valid magic number and not SSH_ERR_MESSAGE_INCOMPLETE; the former is needed + to fall back to text revocation lists in some cases; fixes t-cert-hostkey. + + OpenBSD-Commit-ID: 5c670a6c0f027e99b7774ef29f18ba088549c7e1 + +commit c6fad2c3d19b74f0bd0af1ef040fc74f3a1d9ebb +Author: Damien Miller +Date: Mon Jul 17 14:56:14 2023 +1000 + + avoid AF_LINK on platforms that don't define it + +commit 919bc3d3b712c920de1ae6be5ac6561c98886d7e +Author: djm@openbsd.org +Date: Mon Jul 17 04:08:31 2023 +0000 + + upstream: Add support for configuration tags to ssh(1). + + This adds a ssh_config(5) "Tag" directive and corresponding + "Match tag" predicate that may be used to select blocks of + configuration similar to the pf.conf(5) keywords of the same + name. + + ok markus + + OpenBSD-Commit-ID: dc08358e70e702b59ac3e591827e5a96141b06a3 + +commit 3071d85a47061c1bdaf11a0ac233b501ecba862c +Author: djm@openbsd.org +Date: Mon Jul 17 04:04:36 2023 +0000 + + upstream: add a "match localnetwork" predicate. + + This allows matching on the addresses of available network interfaces + and may be used to vary the effective client configuration based on + network location (e.g. to use a ProxyJump when not on a particular + network). + + ok markus@ + + OpenBSD-Commit-ID: cffb6ff9a3803abfc52b5cad0aa190c5e424c139 + +commit beec17bb311365b75a0a5941418d4b96df7d7888 +Author: djm@openbsd.org +Date: Mon Jul 17 04:01:10 2023 +0000 + + upstream: remove vestigal support for KRL signatures + + When the KRL format was originally defined, it included support for + signing of KRL objects. However, the code to sign KRLs and verify KRL + signatues was never completed in OpenSSH. + + Now, some years later, we have SSHSIG support in ssh-keygen that is + more general, well tested and actually works. So this removes the + semi-finished KRL signing/verification support from OpenSSH and + refactors the remaining code to realise the benefit - primarily, we + no longer need to perform multiple parsing passes over KRL objects. + + ok markus@ + + OpenBSD-Commit-ID: 517437bab3d8180f695c775410c052340e038804 + +commit 449566f64c21b4578d5c0c431badd0328adc53ed +Author: djm@openbsd.org +Date: Mon Jul 17 03:57:21 2023 +0000 + + upstream: Support for KRL extensions. + + This defines wire formats for optional KRL extensions and implements + parsing of the new submessages. No actual extensions are supported at + this point. + + ok markus + + OpenBSD-Commit-ID: ae2fcde9a22a9ba7f765bd4f36b3f5901d8c3fa7 + +commit 18ea857770e84825a3a6238bb37f54864487b59f +Author: dtucker@openbsd.org +Date: Fri Jul 14 07:44:21 2023 +0000 + + upstream: Include stdint.h for SIZE_MAX. Fixes OPENSSL=no build. + + OpenBSD-Commit-ID: e7c31034a5434f2ead3579b13a7892960651e6b0 + +commit 20b768fcd13effe0f2d3619661b6c8592c773553 +Author: Darren Tucker +Date: Fri Jul 14 17:07:32 2023 +1000 + + Fix typo in declaration of nmesg. + +commit 4b94d09542e36ebde2eb9ad89bc68431609932de +Author: Damien Miller +Date: Fri Jul 14 15:34:47 2023 +1000 + + portable-specific int overflow defence-in-depth + + These too are unreachable, but we want the code to be safe regardless of + context. Reported by Yair Mizrahi @ JFrog + +commit 2ee48adb9fc8692e8d6ac679dcc9f35e89ad68f0 +Author: djm@openbsd.org +Date: Fri Jul 14 05:31:44 2023 +0000 + + upstream: add defence-in-depth checks for some unreachable integer + + overflows reported by Yair Mizrahi @ JFrog; feedback/ok millert@ + + OpenBSD-Commit-ID: 52af085f4e7ef9f9d8423d8c1840a6a88bda90bd + +commit 4b43bc358ae6f6b19a973679246dc5172f6ac41b +Author: djm@openbsd.org +Date: Mon Jul 10 04:51:26 2023 +0000 + + upstream: misplaced debug message + + OpenBSD-Commit-ID: d0f12af0a5067a756aa707bc39a83fa6f58bf7e5 + +commit 8c7203bcee4c4f98a22487b4631fe068b992099b +Author: Damien Miller +Date: Wed Jul 12 11:41:19 2023 +1000 + + replace deprecate selinux matchpathcon function + + This function is apparently deprecated. Documentation on what is the + supposed replacement is is non-existent, so this follows the approach + glibc used https://sourceware.org/git/?p=glibc.git;a=patch;h=f278835f59 + + ok dtucker@ + +commit 7e8800f5d701efffa39ccb63ca1e095ea777c31a +Author: dtucker@openbsd.org +Date: Thu Jul 6 22:17:59 2023 +0000 + + upstream: minleft and maxsign are u_int so cast appropriately. Prompted + + by github PR#410, ok deraadt. + + OpenBSD-Commit-ID: 0514cd51db3ec60239966622a0d3495b15406ddd + +commit 94842bfe9b09fc93189c6ed0dc9bbebc1d44a426 +Author: dlg@openbsd.org +Date: Tue Jul 4 03:59:21 2023 +0000 + + upstream: add support for unix domain sockets to ssh -W + + ok djm@ dtucker@ + + OpenBSD-Commit-ID: 3e6d47567b895c7c28855c7bd614e106c987a6d8 + +commit a95fc5eed09a0238fb127b6c50e8498432b79dae +Author: David Seifert +Date: Fri May 12 14:06:01 2023 +0200 + + gss-serv.c: `MAXHOSTNAMELEN` -> `HOST_NAME_MAX` + + `MAXHOSTNAMELEN` is not defined in POSIX, which breaks on musl: + https://pubs.opengroup.org/onlinepubs/9699919799/functions/gethostname.html + + Bug: https://bugs.gentoo.org/834044 + +commit 8a6cd08850f576e7527c52a1b086cae82fab290e +Author: Darren Tucker +Date: Fri Jun 23 09:49:02 2023 +1000 + + Update runner OS version for hardenedmalloc test. + + Hardenedmalloc dropped support for "legacy glibc" versions in their + 64dad0a69 so use a newer Ubuntu version for the runner for that test. + +commit cfca6f17e64baed6822bb927ed9f372ce64d9c5b +Author: Damien Miller +Date: Thu Jun 22 15:04:03 2023 +1000 + + handle sysconf(SC_OPEN_MAX) returning > INT_MAX; + + bz3581; ok dtucker + +commit c1c2ca1365b3f7b626683690bd2c68265f6d8ffd +Author: djm@openbsd.org +Date: Wed Jun 21 05:10:26 2023 +0000 + + upstream: better validate CASignatureAlgorithms in ssh_config and + + sshd_config. + + Previously this directive would accept certificate algorithm names, but + these were unusable in practice as OpenSSH does not support CA chains. + + part of bz3577; ok dtucker@ + + OpenBSD-Commit-ID: a992d410c8a78ec982701bc3f91043dbdb359912 + +commit 4e73cd0f4ab3e5b576c56cac9732da62c8fc0565 +Author: djm@openbsd.org +Date: Wed Jun 21 05:08:32 2023 +0000 + + upstream: make `ssh -Q CASignatureAlgorithms` only list signature + + algorithms that are valid for CA signing. Previous behaviour was to list all + signing algorithms, including certificate algorithms (OpenSSH certificates do + not support CA chains). part of bz3577; ok dtucker@ + + OpenBSD-Commit-ID: 99c2b072dbac0f44fd1f2269e3ff6c1b5d7d3e59 + +commit a69062f1695ac9c3c3dea29d3044c72aaa6af0ea +Author: djm@openbsd.org +Date: Wed Jun 21 05:06:04 2023 +0000 + + upstream: handle rlimits > INT_MAX (rlim_t is u64); ok dtucker + + bz3581 + + OpenBSD-Commit-ID: 31cf59c041becc0e5ccb0a77106f812c4cd1cd74 + +commit 8d33f2aa6bb895a7f85a47189913639086347b75 +Author: djm@openbsd.org +Date: Tue Jun 20 23:59:33 2023 +0000 + + upstream: prepare for support for connecting to unix domain sockets + + using ssh -W by explicitly decoding PORT_STREAMLOCAL (a negative number) from + the u32 that's passed over the multiplexing socket; previously code would + just cast, which is UB. + + OpenBSD-Commit-ID: e5ac5f40d354096c51e8c118a5c1b2d2b7a31384 + +commit b4ac435b4e67f8eb5932d8f59eb5b3cf7dc38df0 +Author: djm@openbsd.org +Date: Tue Jun 20 00:05:09 2023 +0000 + + upstream: reset comment=NULL for each key in do_fingerprint(); + + fixes "no comment" not showing on when running `ssh-keygen -l` on multiple + keys where one has a comment and other following keys do not. Patch from + Markus Kuhn via GHPR407, bz3580 + + OpenBSD-Commit-ID: 3cce84456fdcd67dc6b84e369f92c6686d111d9b + +commit b53a809a549dcd4fbde554c6aa283e597b15ea33 +Author: millert@openbsd.org +Date: Mon Jun 5 13:24:36 2023 +0000 + + upstream: Store timeouts as int, not u_int as they are limited to + + INT_MAX. Fixes sign compare warnings systems with 32-bit time_t due to type + promotion. OK djm@ + + OpenBSD-Commit-ID: 48081e9ad35705c5f1705711704a4c2ff94e87b7 + +commit 2709809fd616a0991dc18e3a58dea10fb383c3f0 +Author: Philip Hands +Date: Wed May 24 19:41:14 2023 +0200 + + fixup! if -s & -p specified, mention 'sftp -P' on + + success + + SSH-Copy-ID-Upstream: 32686e7c65b4fa2846e474d3315102dfa0f043b0 + +commit 204e0bf05161b7641500d7ab266c21217412379f +Author: Darren Tucker +Date: Tue Aug 3 21:25:48 2021 +1000 + + Make ssh-copy-id(1) consistent with OpenSSH. + + This makes the ssh-copy-id man page more consistent with the rest of the + OpenSSH man pages: + - new sentence, new line + - no sentences >80 + - N.B. -> NB + - zap unused .Pp + - zap trailing whitespace + + Report from Debian via mindrot bz#3331, diff from jmc at openbsd.org. + + SSH-Copy-ID-Upstream: d8974cfb6242316460ed22a1ccc662800a50c5d3 + +commit 9de79df66d1430d290fab670bb4b18612875e518 +Author: Philip Hands +Date: Wed May 24 11:45:43 2023 +0200 + + if -s & -p specified, mention 'sftp -P' on success + + This was inspired by this: + https://github.com/openssh/openssh-portable/pull/321 + but I thought that it was better to not do the sed patching. + + BTW the reason one can get away with using $SSH_OPTS throughout, despite + the lowercase -p in there, even if sftp is in use, is that the sftp call + is using the already-established ssh master connection, so the port was + passed to the earlier ssh. + + SSH-Copy-ID-Upstream: 1c124d9bfafdbe28a00b683367ebf5750ce12eb2 + +commit 801cda54c00e0f4e7d89345a90874c8d05dc233a +Author: Philip Hands +Date: Tue May 23 23:07:11 2023 +0200 + + drop whitespace + + SSH-Copy-ID-Upstream: e604fae1cdee35c18055d35dcec530cf12ef00ad + +commit 288482f53613f3e74544eb92deeb24f7c7f1f371 +Author: Philip Hands +Date: Tue May 23 20:52:13 2023 +0200 + + make -x also apply to the target script + + SSH-Copy-ID-Upstream: 3c4214704f427bd0654adf9b0fc079253db21cf4 + +commit b79e7b88ed44f0e4339f0ff35c96c78a92175a8d +Author: Philip Hands +Date: Tue May 23 16:46:42 2023 +0200 + + add -t option to specify the target path + + Allow the default target path (.ssh/authorized_files) to be over-riden + + This was inspired by this MR from Panagiotis Cheilaris + + https://gitlab.com/phil_hands/ssh-copy-id/-/merge_requests/8 + + SSH-Copy-ID-Upstream: a942a0e076874adb6d8b2f0fb76d6c7918190fcd + +commit 914f4ad138714c471ba72fb6d5496b6235320edd +Author: Carlos Rodríguez Gili +Date: Tue Apr 20 19:23:57 2021 +0200 + + Fix test error for /bin/sh on Solaris 10 and older + + On Solaris 10 and older targets /bin/sh is not POSIX-compliant. + Test -z `...` fails with error 'sh: test: argument expected'. + Using quotes around backticks fixes this and doesn't break + POSIX compatibility. + + SSH-Copy-ID-Upstream: 98394072a3f985b2650c1e8eab2fef84e38cc065 + +commit bd382dca316c721aed1e45edcf4c4e0f6374afb0 +Author: Jakub Jelen +Date: Tue Mar 2 21:34:05 2021 +0000 + + Remove outdated comment + + The commit b068122 removed the code dropping the trailing colon, but the comment stayed leaving the code confusing for future readers + + SSH-Copy-ID-Upstream: 930d39f238117cd53810240ec989d0356aa1c1f6 + +commit bdcaf7939029433635d63aade8f9ac762aca2bbe +Author: Darren Tucker +Date: Wed May 10 18:50:46 2023 +1000 + + Special case OpenWrt instead of Dropbear. + + OpenWrt overrides the location of authorized_keys for root. Currently we + assume that all Dropbear installations behave this way, which is not the + case. Check for OpenWrt and root user before using that location instead + of assuming that for all Dropbear servers. Prompted by Github PR#250. + + SSH-Copy-ID-Upstream: 0e1f5d443a9967483c33945793107ae3f3e4af2d + +commit cf84498f67abe93f813a296167b406a0db7b288e +Author: Philip Hands +Date: Thu May 18 18:20:55 2023 +0200 + + ssh-copy-id: add -x option (for debugging) + + This option causes the ssh-copy-id to run with set -x + + SSH-Copy-ID-Upstream: a0ee367ea8c0a29c8b4515245e408d2d349e7844 + +commit b4a1efdcb88f03394c08e7f68ed4e11676830002 +Author: Philip Hands +Date: Thu May 18 17:14:41 2023 +0200 + + update copyright notices + + SSH-Copy-ID-Upstream: c284ed33b361814ea48ff68cbd01ca525b2bf117 + +commit fcd78e31cdd45a7e69ccfe6d8a3b1037dc1de290 +Author: djm@openbsd.org +Date: Wed May 24 23:01:06 2023 +0000 + + upstream: fix AuthorizedPrincipalsCommand when AuthorizedKeysCommand + + appears previously in configuration. Reported by John Meyers in bz3574 ok + dtucker@ + + OpenBSD-Commit-ID: 1c92e4517284386703936e1d3abaa36cfacf1951 + +commit 5ec5504f1d328d5bfa64280cd617c3efec4f78f3 +Author: dtucker@openbsd.org +Date: Wed May 10 10:04:20 2023 +0000 + + upstream: Remove unused prototypes for ssh1 RSA functions. + + From lengyijun via github PR#396. + + OpenBSD-Commit-ID: 379a5afa8b7a0f3cba0c8a9bcceb4e5e33a5c1ef + +commit fbf362b3891ae4b36052d1b39f37fc618b41c476 +Author: Darren Tucker +Date: Tue May 9 19:26:56 2023 +1000 + + main(void) to prevent unused variable warning. + +commit baf854c8bb0a6d0af5c696c801e631a48dabbaba +Author: Darren Tucker +Date: Tue May 9 19:25:45 2023 +1000 + + Remove warning pragma since clang doesn't like it. + +commit 5fbb7a1349fbbb48ccb1b8cafff2c1854370d87d +Author: Darren Tucker +Date: Tue May 9 17:13:33 2023 +1000 + + Suppress warning for snprintf truncation test. + +commit 47742c513e4e045ecc985c6483fc5c8b050acda2 +Author: Darren Tucker +Date: Tue May 9 17:12:50 2023 +1000 + + Update OpenSSL compat test for 3.x. + +commit 86ad25d455a2313126125540e61e0f9314283f88 +Author: Darren Tucker +Date: Mon May 8 20:23:08 2023 +1000 + + Add macos13 PAM test target. + +commit 77cca2c4b13bc6e5f389565583b6202b0d1bccc2 +Author: Darren Tucker +Date: Mon May 8 20:14:46 2023 +1000 + + Skip agent-peereid test on macos13. + + sudo -S nobody doesn't work on the github runners (probably a + permission issue) so skip that test. + +commit b356b8e91678ea295bcf44df5248c3fbf499fdcf +Author: Darren Tucker +Date: Mon May 8 20:14:28 2023 +1000 + + Include config.guess in debug output. + +commit b7afd8a4ecaca8afd3179b55e9db79c0ff210237 +Author: Darren Tucker +Date: Mon May 8 20:12:59 2023 +1000 + + Handle OpenSSL >=3 ABI compatibility. + + Beyond OpenSSL 3.0, the ABI compatibility guarantees are wider (only + major must match instead of major and minor in earlier versions). + bz#3548, ok djm@ + +commit 0e9e2663eb2c6e9c3e10d15d70418312ae67e542 +Author: dtucker@openbsd.org +Date: Mon May 1 08:57:29 2023 +0000 + + upstream: Import regenerated moduli. + + OpenBSD-Commit-ID: 3d5f811cfcaed8cc4a97e1db49ac61bdf118113c + +commit d9687f49682e1e93383fc15ab2018850b2ef38c3 +Author: Darren Tucker +Date: Mon May 1 11:45:14 2023 +1000 + + Add macos-13 test target. + + Also flatten OS list for clarity. + +commit aacfd6767497b8fa6d41ecdd3f8e265d1e9ef1f6 +Author: djm@openbsd.org +Date: Sun Apr 30 22:54:22 2023 +0000 + + upstream: adjust ftruncate() logic to handle servers that reorder + + requests. + + sftp/scp will ftruncate the destination file after a transfer completes, + to deal with the case where a longer destination file already existed. + We tracked the highest contiguous block transferred to deal with this + case, but our naive tracking doesn't deal with servers that reorder + requests - a misfeature strictly permitted by the protocol but seldom + implemented. + + Adjust the logic to ftruncate() at the highest absolute block received + when the transfer is successful. feedback deraadt@ ok markus@ + + prompted by https://github.com/openssh/openssh-portable/commit/9b733#commitcomment-110679778 + + OpenBSD-Commit-ID: 4af7fac75958ad8507b4fea58706f3ff0cfddb1b + +commit c8eb3941758615c8284a48fff47872db926da63c +Author: djm@openbsd.org +Date: Wed Apr 26 01:36:03 2023 +0000 + + upstream: Check for ProxyJump=none in CanonicalizeHostname logic. + + Previously ssh would incorrectly refuse to canonicalise the hostname + if ProxyJump was explicitly set to "none" when CanonicalizeHostname=yes + + bz3567; ok dtucker + + OpenBSD-Commit-ID: 80a58e43c3a32f97361282f756ec8d3f37989efd + +commit ac383f3a5c6f529a2e8a5bc44af79a08c7da294e +Author: jsg@openbsd.org +Date: Wed Apr 12 14:22:04 2023 +0000 + + upstream: remove duplicate signal.h include + + OpenBSD-Commit-ID: 30c0a34d74d91ddd0e6992525da70d3293392f70 + +commit 740dafa20f3f3d325f6f5d44e990b8c8a6d3d816 +Author: jsg@openbsd.org +Date: Wed Apr 12 08:53:54 2023 +0000 + + upstream: fix double words ok dtucker@ + + OpenBSD-Commit-ID: 44d3223902fbce5276422bdc8063ab72a4078489 + +commit 6452f89577ec4f22440c31b8e19b061d1a7c4b2a +Author: Darren Tucker +Date: Tue Apr 11 16:49:19 2023 +1000 + + Test against LibreSSL 3.7.2. + +commit 2138f6be595ca106fe4805a1e3ab9c4d8acc697b +Author: Damien Miller +Date: Thu Apr 6 14:33:10 2023 +1000 + + remove unused upper-case const strings in fmtfp + + no float format that uses upper-case is supported nor are hex floats. + ok dtucker + +commit 484c5e6168fdb22cbcd73c4ff987cf9ca47989ca +Author: djm@openbsd.org +Date: Thu Apr 6 03:56:02 2023 +0000 + + upstream: simplify sshsig_find_principals() similar to what happened to + + sshsig_check_allowed_keys() in r1.31, removing some dead code + + OpenBSD-Commit-ID: a493e628d4d6c08f878c276d998f4313ba61702d + +commit 3a7b110fbc7e096423f8f7b459deffe4c65d70f4 +Author: djm@openbsd.org +Date: Thu Apr 6 03:21:31 2023 +0000 + + upstream: remove redundant ssh!=NULL check; we'd already + + dereferenced it + + OpenBSD-Commit-ID: 852bf12591ec5a9fb12dcbde9b1fd3945ad0df3c + +commit 2519110659a1efac6c976895a86659d1b341c91b +Author: djm@openbsd.org +Date: Thu Apr 6 03:19:32 2023 +0000 + + upstream: match_user() shouldn't be called with user==NULL unless + + host and ipaddr are also NULL + + OpenBSD-Commit-ID: fa3518346c21483e9e01a2e4b9436ae501daf8ea + +commit 3b9ceaad7ad63c1c03c2a89e148340ad3a62a482 +Author: djm@openbsd.org +Date: Thu Apr 6 03:12:32 2023 +0000 + + upstream: don't care about glob() return value here. + + OpenBSD-Commit-ID: 85bb82fea90478a482e9f65a1bec0aa24227fd66 + +commit 09d8da0849e2791b2500267cda333cd238f38754 +Author: dtucker@openbsd.org +Date: Mon Apr 3 08:10:54 2023 +0000 + + upstream: Move up null check and simplify process_escapes. + + Based on Coverity CID 291863 which points out we check the channel + pointer for NULLness after dereferencing it. Move this to the start + of the function, and while there simplify initialization of efc a bit. + ok djm@ + + OpenBSD-Commit-ID: de36e5ad6fde0fe263ca134e986b9095dc59380a + +commit b36b162be5e6206f12b734222b7bc517c13a6bc8 +Author: Damien Miller +Date: Fri Mar 31 14:51:20 2023 +1100 + + need va_end() after va_copy(); ok dtucker + + spotted by Coverity + +commit f703757234a5c585553e72bba279b255a272750a +Author: dtucker@openbsd.org +Date: Fri Mar 31 05:56:36 2023 +0000 + + upstream: Explicitly ignore return from waitpid here too. + + OpenBSD-Commit-ID: eef2403df083c61028969fc679ee370373eacacb + +commit 6b73aa29035991d1448a1a76f63ac152a6bf931c +Author: dtucker@openbsd.org +Date: Fri Mar 31 04:45:08 2023 +0000 + + upstream: Explictly ignore return codes + + where we don't check them. + + OpenBSD-Commit-ID: 1ffb03038ba1b6b72667be50cf5e5e396b5f2740 + +commit 6f0308a3e717ebe68eeb3f95253612fab5dbf20e +Author: dtucker@openbsd.org +Date: Fri Mar 31 04:42:29 2023 +0000 + + upstream: Return immediately from get_sock_port + + if sock <0 so we don't call getsockname on a negative FD. From Coverity + CID 291840, ok djm@ + + OpenBSD-Commit-ID: de1c1130646230c2eda559831fc6bfd1b61d9618 + +commit 1c1124dc901fca1ea2cb762044b8f1a5793a2bed +Author: djm@openbsd.org +Date: Fri Mar 31 04:23:02 2023 +0000 + + upstream: don't leak arg2 on parse_pubkey_algos error path; ok + + dtucker@ + + OpenBSD-Commit-ID: 7d0270ad3dd102412ca76add2b3760518abdef75 + +commit 8ba2d4764bb6a4701cd447d8b52604622ffe65f4 +Author: djm@openbsd.org +Date: Fri Mar 31 04:22:27 2023 +0000 + + upstream: clamp max number of GSSAPI mechanisms to 2048; ok dtucker + + OpenBSD-Commit-ID: ce66db603a913d3dd57063e330cb5494d70722c4 + +commit 1883841fc13d0eada8743cac5d3abe142ee2efa7 +Author: djm@openbsd.org +Date: Fri Mar 31 04:21:56 2023 +0000 + + upstream: don't print key if printing hostname failed; with/ok + + dtucker@ + + OpenBSD-Commit-ID: ad42971a6ee5a46feab2d79f7f656f8cf4b119f3 + +commit c6011129cafe4c411f6ef670a4cf271314708eb8 +Author: djm@openbsd.org +Date: Fri Mar 31 04:04:15 2023 +0000 + + upstream: remove redundant test + + OpenBSD-Commit-ID: 6a0b719f9b1ae9d42ad8c5b144c7962c93792f7c + +commit 4fb29eeafb40a2076c0dbe54e46b687c318f87aa +Author: djm@openbsd.org +Date: Fri Mar 31 04:00:37 2023 +0000 + + upstream: don't attempt to decode a ridiculous number of + + attributes; harmless because of bounds elsewhere, but better to be explicit + + OpenBSD-Commit-ID: 1a34f4b6896155b80327d15dc7ccf294b538a9f2 + +commit fc437c154ef724621a4af236de9bc7e51a8381ae +Author: djm@openbsd.org +Date: Fri Mar 31 03:22:49 2023 +0000 + + upstream: remove unused variable; prompted by Coverity CID 291879 + + OpenBSD-Commit-ID: 4c7d20ef776887b0ba1aabcfc1b14690e4ad0a40 + +commit 0eb8131e4a53b33a8fc9b9ab694e6b6778b87ade +Author: dtucker@openbsd.org +Date: Fri Mar 31 00:44:29 2023 +0000 + + upstream: Check fd against >=0 instead of >0 in error path. The + + dup could in theory return fd 0 although currently it doesn't in practice. + From Dmitry Belyavskiy vi github PR#238. + + OpenBSD-Commit-ID: 4a95f3f7330394dffee5c749d52713cbf3b54846 + +commit 7174ba6f8a431ca4257767a260fc50e204068242 +Author: dtucker@openbsd.org +Date: Thu Mar 30 07:19:50 2023 +0000 + + upstream: Ignore return value from muxclient(). It normally loops + + without returning, but it if returns on failure we immediately exit. + Coverity CID 405050. + + OpenBSD-Commit-ID: ab3fde6da384ea588226037c38635a6b2e015295 + +commit a4c1c2513e36f111eeaa1322c510067930e5e51e +Author: Damien Miller +Date: Fri Mar 31 14:17:22 2023 +1100 + + don't call connect() on negative socket + + Coverity CID 405037 + +commit 34ee842cdd981a759fe8f0d4a37521f9a1c63170 +Author: djm@openbsd.org +Date: Thu Mar 30 03:05:01 2023 +0000 + + upstream: return SSH_ERR_KEY_NOT_FOUND if the allowed_signers file + + is empty, not SSH_ERR_INTERNAL_ERROR. Also remove some dead code spotted + by Coverity; with/ok dtucker@ + + OpenBSD-Commit-ID: 898a1e817cda9869554b1f586a434f67bcc3b650 + +commit f108e77a9dc9852e72215af1bf27731c48434557 +Author: dtucker@openbsd.org +Date: Thu Mar 30 00:49:37 2023 +0000 + + upstream: Remove dead code from inside if block. + + The only way the if statement can be true is if both dup()s fail, and + in that case the tmp2 can never be set. Coverity CID 291805, ok djm@ + + OpenBSD-Commit-ID: c0d6089b3fb725015462040cd94e23237449f0c8 + +commit 05b8e88ebe23db690abbfb1a91111abea09cde08 +Author: Darren Tucker +Date: Thu Mar 30 13:53:29 2023 +1100 + + child_set_eng: verify both env pointer and count. + + If child_set env was called with a NULL env pointer and a non-zero count + it would end up in a null deref, although we don't currently do this. + Prompted by Coverity CID 291850, tweak & ok djm@ + +commit 28f1b8ef9b84b8cd2f6c9889a0c60aa4a90dadfa +Author: dtucker@openbsd.org +Date: Wed Mar 29 01:07:48 2023 +0000 + + upstream: Ignore return from sshpkt_disconnect + + since we set our own return value for the function. Coverity CID 291797, + ok djm@ + + OpenBSD-Commit-ID: 710b57ba954c139240895e23feea41f203201f04 + +commit c3da05d95922f5550bcc7815e799474d6a160175 +Author: dtucker@openbsd.org +Date: Wed Mar 29 00:59:08 2023 +0000 + + upstream: Plug potential mem leak in process_put. + + It allocates abs_dst inside a loop but only frees it on exit, so free + inside the loop if necessary. Coverity CID 291837, ok djm@ + + OpenBSD-Commit-ID: a01616503a185519b16f00dde25d34ceaf4ae1a3 + +commit 13ae327eae598b1043e5ec30e4b170edb3c898a5 +Author: djm@openbsd.org +Date: Wed Mar 29 00:18:35 2023 +0000 + + upstream: fix memory leak; Coverity CID 291848 + + with/ok dtucker@ + + OpenBSD-Commit-ID: 37f80cb5d075ead5a00ad1b74175684ab1156ff8 + +commit 9ffa76e1284c85bf459c3dcb8e995733a8967e1b +Author: dtucker@openbsd.org +Date: Tue Mar 28 07:44:32 2023 +0000 + + upstream: Plug more mem leaks in sftp by making + + make_absolute_pwd_glob work in the same way as make_absolute: you + pass it a dynamically allocated string and it either returns it, or + frees it and allocates a new one. Patch from emaste at freebsd.org and + https://reviews.freebsd.org/D37253 ok djm@ + + OpenBSD-Commit-ID: 85f7404e9d47fd28b222fbc412678f3361d2dffc + +commit 82b2b8326962b1a98af279bc5bbbbbcab15b3e45 +Author: dtucker@openbsd.org +Date: Tue Mar 28 06:12:38 2023 +0000 + + upstream: Remove compat code for OpenSSL < 1.1.* + + since -portable no longer supports them. + + OpenBSD-Commit-ID: ea2893783331947cd29a67612b4e56f818f185ff + +commit b500afcf00ae1b6b73b2ccf171111dfbfeaef74d +Author: dtucker@openbsd.org +Date: Mon Mar 27 23:56:54 2023 +0000 + + upstream: Remove compat code for OpenSSL 1.0.* + + versions now that -portable has dropped support for those versions. + + OpenBSD-Regress-ID: 82a8eacd87aec28e4aa19f17246ddde9d5ce7fe7 + +commit 727560e6011efcb36d2f3ac6910444bc775abaa1 +Author: Darren Tucker +Date: Tue Mar 28 18:06:42 2023 +1100 + + Prevent conflicts between Solaris SHA2 and OpenSSL. + + We used to prevent conflicts between native SHA2 headers and OpenSSL's + by setting OPENSSL_NO_SHA but that was removed prior to OpenSSL 1.1.0 + +commit 46db8e14b7f186d32173dcdecd5b785334429b8b +Author: Darren Tucker +Date: Tue Mar 28 12:44:03 2023 +1100 + + Remove HEADER_SHA_H from previous... + + since it causes more problems than it solves. + +commit 72bd68d37387aa5f81da928f6e82f1c88ed8f674 +Author: Darren Tucker +Date: Tue Mar 28 10:35:18 2023 +1100 + + Replace OPENSSL_NO_SHA with HEADER_SHA_H. + + Since this test doesn't use OpenSSL's SHA2 and may cause conflicts we + don't want to include it, but OPENSSL_NO_SHA was removed beginning in + OpenSSL's 1.1 series. + +commit 99668f2e6e0deb833e46cfab56db59ff0fc28c7e +Author: Darren Tucker +Date: Tue Mar 28 09:50:06 2023 +1100 + + Configure with --target instead of deprecated form. + +commit f751d9306c62cd1061f966e6a7483d9bab9c379b +Author: Darren Tucker +Date: Mon Mar 27 22:05:29 2023 +1100 + + Pass rpath when building 64bit Solaris. + +commit a64b935cd450ee8d04c26c9cd728629cf9ca5c91 +Author: Darren Tucker +Date: Mon Mar 27 19:21:19 2023 +1100 + + Explicitly disable OpenSSL on AIX test VM. + +commit 7ebc6f060fc2f70495a56e16d210baae6424cd96 +Author: dtucker@openbsd.org +Date: Mon Mar 27 03:56:50 2023 +0000 + + upstream: Add RevokedHostKeys to percent expansion test. + + OpenBSD-Regress-ID: c077fd12a38005dd53d878c5b944154dec88d2ff + +commit f1a17de150f8d309d0c52f9abfaebf11c51a8537 +Author: dtucker@openbsd.org +Date: Mon Mar 27 03:56:11 2023 +0000 + + upstream: Add tilde and environment variable expansion to + + RevokedHostKeys. bz#3552, ok djm@ + + OpenBSD-Commit-ID: ce5d8e0219b63cded594c17d4c2958c06918ec0d + +commit 009eb4cb48a9708ab9174684dcbcc0f942907abe +Author: djm@openbsd.org +Date: Mon Mar 27 03:31:05 2023 +0000 + + upstream: fix test: getnameinfo returns a non-zero value on error, not + + (neccessarily) -1. From GHPR#384 + + OpenBSD-Commit-ID: d35e2b71268f66f5543a7ea68751972b3ae22b25 + +commit 4f0a676486700f10a4788f7e9426e94e39c1c89e +Author: djm@openbsd.org +Date: Mon Mar 27 03:25:08 2023 +0000 + + upstream: scp: when copying local->remote, check that source file + + exists before opening SFTP connection to the server. Based on GHPR#370 ok + dtucker, markus + + OpenBSD-Commit-ID: b4dd68e15bfe22ce4fac9960a1066a2b721e54fb + +commit 154d8baf631327163571760c2c524bc93c37567c +Author: Darren Tucker +Date: Mon Mar 27 12:22:30 2023 +1100 + + Also look for gdb error message from OpenIndiana. + +commit fbd3811ddb2b6ce2e6dba91fde7352c8978e5412 +Author: Darren Tucker +Date: Mon Mar 27 11:08:00 2023 +1100 + + Explicitly disable security key test on aix51 VM. + + We don't know how to build the shared objects required for the security + key tests so skip them. + +commit 4922ac3be8a996780ef3dc220411da2e27c29d9c +Author: Darren Tucker +Date: Sun Mar 26 14:49:43 2023 +1100 + + Split libcrypto and other config flags. + + This should allow the automatic OpenSSL version selection in the tests + to work better. + +commit 4a948b1469f185e871160a2d70e2a0fce2858f9e +Author: Darren Tucker +Date: Sun Mar 26 14:39:45 2023 +1100 + + Specify test target if we build without OpenSSL. + + When we decide we can't use the versions of OpenSSL available, also + restrict the tests we run to avoid the ones that need OpenSSL. + +commit b308c636f5b5d89eecb98be00b3d56306a005a09 +Author: Darren Tucker +Date: Sun Mar 26 14:22:53 2023 +1100 + + Find suitable OpenSSL version. + + Check the installed OpenSSL versions for a suitable one, and if there + isn't (and we don't have a specific version configured) then build + without OpenSSL. + +commit 021ea5c2860f133f44790970968e0e73208b3a87 +Author: Damien Miller +Date: Fri Mar 24 15:02:52 2023 +1100 + + Github testing support for BoringSSL + +commit 9a97cd106466a2a9bda2bfaa4c48c4f1b2cc9c1b +Author: Damien Miller +Date: Fri Mar 24 15:34:29 2023 +1100 + + BoringSSL doesn't support EC_POINT_point2bn() + + so don't invoke it in unittest + +commit cc5969c033a032d126ff78e5d95cf20abbede4c7 +Author: Damien Miller +Date: Fri Mar 24 15:34:05 2023 +1100 + + another ERR_load_CRYPTO_strings() vestige + +commit 4974293899a068133e976f81d6693670d2b576ca +Author: Damien Miller +Date: Fri Mar 24 15:24:05 2023 +1100 + + don't use obsolete ERR_load_CRYPTO_strings() + + OpenSSL (and elsewhere in OpenSSH) uses ERR_load_crypto_strings() + +commit 3c527d55f906e6970d17c4cab6db90ae9e013235 +Author: Damien Miller +Date: Fri Mar 24 15:23:05 2023 +1100 + + Allow building with BoringSSL + +commit b7e27cfd7f163fc16b4c5d041cc28ee488a5eeec +Author: Damien Miller +Date: Fri Mar 24 15:21:18 2023 +1100 + + put back SSLeay_version compat in configure test + + Needed to detect old versions and give good "your version is bad" + messages at configure time; spotted by dtucker@ + +commit 7280401bdd77ca54be6867a154cc01e0d72612e0 +Author: Damien Miller +Date: Fri Mar 24 13:56:25 2023 +1100 + + remove support for old libcrypto + + OpenSSH now requires LibreSSL 3.1.0 or greater or + OpenSSL 1.1.1 or greater + + with/ok dtucker@ + +commit abda22fb48302f2142233f71d27c74040288c518 +Author: Darren Tucker +Date: Sun Mar 19 15:36:13 2023 +1100 + + Test latest OpenSSL 1.1, 3.0 and LibreSSL 3.7. + +commit 610ac1cb077cd5a1ebfc21612154bfa13d2ec825 +Author: Darren Tucker +Date: Thu Mar 16 21:38:04 2023 +1100 + + Show 9.3 branch instead of 9.2. + +commit cb30fbdbee869f1ce11f06aa97e1cb8717a0b645 +Author: Damien Miller +Date: Thu Mar 16 08:28:19 2023 +1100 + + depend + +commit 1dba63eb10c40b6fda9f5012ed6ae87e2d3d028e +Author: Damien Miller +Date: Thu Mar 16 08:27:54 2023 +1100 + + crank version + +commit ba7532d0dac9aaf0ad7270664c43837fc9f64a5f +Author: djm@openbsd.org +Date: Wed Mar 15 21:19:57 2023 +0000 + + upstream: openssh-9.3 + + OpenBSD-Commit-ID: 8011495f2449c1029bb316bd015eab2e00509848 + +commit 6fd4daafb949b66bf555f3100f715a9ec64c3390 +Author: dtucker@openbsd.org +Date: Tue Mar 14 07:28:47 2023 +0000 + + upstream: Free KRL ptr in addition to its contents. + + From Coverity CID 291841, ok djm@ + + OpenBSD-Commit-ID: f146ba08b1b43af4e0d7ad8c4dae3748b4fa31b6 + +commit 1d270bd303afaf6d94e9098cbbf18e5e539e2088 +Author: dtucker@openbsd.org +Date: Tue Mar 14 07:26:25 2023 +0000 + + upstream: Check pointer for NULL before deref. + + None of the existing callers seem to do that, but it's worth checking. + From Coverity CID 291834, ok djm@ + + OpenBSD-Commit-ID: a0a97113f192a7cb1a2c97b932f677f573cda7a4 + +commit d95af508e78c0cd3dce56b83853baaa59ae295cf +Author: dtucker@openbsd.org +Date: Sun Mar 12 10:40:39 2023 +0000 + + upstream: Limit number of entries in SSH2_MSG_EXT_INFO + + request. This is already constrained by the maximum SSH packet size but this + makes it explicit. Prompted by Coverity CID 291868, ok djm@ markus@ + + OpenBSD-Commit-ID: aea023819aa44a2dcb9dd0fbec10561896fc3a09 + +commit 8f287ba60d342b3e2f750e7332d2131e3ec7ecd0 +Author: dtucker@openbsd.org +Date: Sun Mar 12 09:41:18 2023 +0000 + + upstream: calloc can return NULL but xcalloc can't. + + From Coverity CID 291881, ok djm@ + + OpenBSD-Commit-ID: 50204b755f66b2ec7ac3cfe379d07d85ca161d2b + +commit 83a56a49fd50f4acf900f934279482e4ef329715 +Author: dtucker@openbsd.org +Date: Fri Mar 10 07:17:08 2023 +0000 + + upstream: Explicitly ignore return from fcntl + + (... FD_CLOEXEC) here too. Coverity CID 291853. + + OpenBSD-Commit-ID: 99d8b3da9d0be1d07ca8dd8e98800a890349e9b5 + +commit 0fda9d704d3bbf54a5e64ce02a6fecb11fe7f047 +Author: Damien Miller +Date: Fri Mar 10 15:59:46 2023 +1100 + + bounds checking for getrrsetbyname() replacement; + + Spotted by Coverity in CID 405033; ok millert@ + +commit 89b8df518f21677045599df0ad3e5dd0f39909b5 +Author: dtucker@openbsd.org +Date: Fri Mar 10 04:06:21 2023 +0000 + + upstream: Plug mem leak on error path. Coverity CID 405026, ok djm@. + + OpenBSD-Commit-ID: 8212ca05d01966fb5e72205c592b2257708a2aac + +commit bf4dae0ad192c3e2f03f7223834b00d88ace3d3e +Author: Darren Tucker +Date: Fri Mar 10 14:46:57 2023 +1100 + + Add prototypes for mkstemp replacements. + + Should prevent warnings due to our wrapper function. + +commit 4e04d68d6a33cdc73b831fd4b5e6124175555d3d +Author: dtucker@openbsd.org +Date: Fri Mar 10 03:01:51 2023 +0000 + + upstream: Expliticly ignore return code from fcntl(.. FD_CLOEXEC) since + + there's not much we can do anyway. From Coverity CID 291857, ok djm@ + + OpenBSD-Commit-ID: 051429dd07af8db3fec10d82cdc78d90bb051729 + +commit d6d38fd77cbe091c59e1bb720c3a494df4990640 +Author: djm@openbsd.org +Date: Fri Mar 10 02:32:04 2023 +0000 + + upstream: Like sshd_config, some ssh_config options are not + + first-match-wins. sshd_config.5 was fixed in r1.348, this is the same for + this file + + OpenBSD-Commit-ID: 7be55b9351cde449b136afcc52d07aa4113b215e + +commit 7187d3f86bf8f2066cc9941f217d23b0cacae25e +Author: dtucker@openbsd.org +Date: Fri Mar 10 02:24:56 2023 +0000 + + upstream: Remove no-op (int) > INT_MAX checks + + since they can never be true. From Coverity CID 405031, ok djm@ + + OpenBSD-Commit-ID: 9df3783b181e056595e2bb9edf7ed41d61cf8e84 + +commit 77adde4305542ebe3005dd456122624fe2347b01 +Author: Darren Tucker +Date: Fri Mar 10 13:27:29 2023 +1100 + + Wrap mkstemp calls with umask set/restore. + + glibc versions 2.06 and earlier did not set a umask on files created by + mkstemp created the world-writable. Wrap mkstemp to set and restore + the umask. From Coverity (CIDs 291826 291886 291891), ok djm@ + +commit 633d3dc2a1e9e2a013d019a0576a0771c8423713 +Author: jcs@openbsd.org +Date: Thu Mar 9 21:06:24 2023 +0000 + + upstream: modify parentheses in conditionals to make it clearer what is + + being assigned and what is being checked + + ok djm dtucker + + OpenBSD-Commit-ID: 19c10baa46ae559474409f75a5cb3d0eade7a9b8 + +commit 733030840c4772f858de95d5940ec0c37663e8b0 +Author: dtucker@openbsd.org +Date: Thu Mar 9 07:11:05 2023 +0000 + + upstream: Re-split the merge of the reorder-hostkeys test. + + In the kex_proposal_populate_entries change I merged the the check for + reordering hostkeys with the actual reordering, but kex_assemble_names + mutates options.hostkeyalgorithms which renders the check ineffective. + Put the check back where it was. Spotted and tested by jsg@, ok djm@ + + OpenBSD-Commit-ID: a7469f25a738db5567395d1881e32479a7ffc9de + +commit 54ac4ab2b53ce9fcb66b8250dee91c070e4167ed +Author: djm@openbsd.org +Date: Thu Mar 9 06:58:26 2023 +0000 + + upstream: include destination constraints for smartcard keys too. + + Spotted by Luci Stanescu; ok deraadt@ markus@ + + OpenBSD-Commit-ID: add879fac6903a1cb1d1e42c4309e5359c3d870f + +commit bfd1ad01d974a316b60622759ad17537fa2d92b4 +Author: Darren Tucker +Date: Thu Mar 9 18:24:54 2023 +1100 + + Limit the number of PAM environment variables. + + xcalloc has its own limits, but these are specific to PAM. From + Coverity CID 405198, ok djm@ + +commit a231414970e01a35f45a295d5f93698fa1249b28 +Author: Darren Tucker +Date: Thu Mar 9 18:19:44 2023 +1100 + + Limit the number of PAM environment variables. + + From Coverity CID 405194, tweaks and ok djm@ + +commit 36c6c3eff5e4a669ff414b9daf85f919666e8e03 +Author: dtucker@openbsd.org +Date: Wed Mar 8 06:21:32 2023 +0000 + + upstream: Plug mem leak. Coverity CID 405196, ok djm@ + + OpenBSD-Commit-ID: 175f09349387c292f626da68f65f334faaa085f2 + +commit dfb9b736e1ccf9e6b03eea21cd961f4fd0634c98 +Author: tb@openbsd.org +Date: Wed Mar 8 05:33:53 2023 +0000 + + upstream: ssh-pkcs11: synchronize error messages with errors + + A handful of error messages contained incorrect function names or + otherwise inaccurate descriptions. Fix them to match reality. + + input/ok djm + + OpenBSD-Commit-ID: 165a15db52f75b31e1804b043480c36af09f3411 + +commit 51875897b81b5c21b80c256a29597916edbde454 +Author: guenther@openbsd.org +Date: Wed Mar 8 04:43:12 2023 +0000 + + upstream: Delete obsolete /* ARGSUSED */ lint comments. + + ok miod@ millert@ + + OpenBSD-Commit-ID: 7be168a570264d59e96a7d2d22e927d45fee0e4c + +commit a76085bda883c2104afb33ab0334eca190927362 +Author: Darren Tucker +Date: Wed Mar 8 17:25:37 2023 +1100 + + Extra brackets to prevent warning. + +commit 147ae57d4dfa0508109f93b78a7d8b92819e1f83 +Author: djm@openbsd.org +Date: Wed Mar 8 00:05:58 2023 +0000 + + upstream: use RSA/SHA256 when testing usability of private key in + + agent; with/ok dtucker + + OpenBSD-Commit-ID: fe1382e2fdf23fcae631308e72342bad56066a56 + +commit 27fd251bc906a763e70ce0f27c8abdf8bbd1e416 +Author: djm@openbsd.org +Date: Wed Mar 8 00:05:37 2023 +0000 + + upstream: use RSA/SHA256 when testing usability of private key; + + based on fix in bz3546 by Dmitry Belyavskiy; with/ok dtucker + + OpenBSD-Commit-ID: 0ef414cc363a832f9fab92a5da0234448bce2eba + +commit eee9f3fc3d52ae7d2106929bb06b7f291fb0b81a +Author: djm@openbsd.org +Date: Tue Mar 7 21:47:42 2023 +0000 + + upstream: refactor to be more readable top to bottom. Prompted by + + Coverity CID 405048 which was a false-positive fd leak; ok dtucker@ + + OpenBSD-Commit-ID: fc55ec2af622a017defb9b768bf26faefc792c00 + +commit 42a06b29a4c99272bf690f9b3be520b08b448dc5 +Author: Darren Tucker +Date: Tue Mar 7 18:34:41 2023 +1100 + + Add header changes missed in previous. + +commit 4710077096edff2e6926dd5b15bf586491d317db +Author: dtucker@openbsd.org +Date: Tue Mar 7 06:09:14 2023 +0000 + + upstream: Fix mem leak in environment setup. + + From jjelen at redhat.com via bz#2687, ok djm@ + + OpenBSD-Commit-ID: 9f9e4ba3cac003e6f81da3bcebd1b9ec43e7f353 + +commit 03acc50d0ccb78fc91d1570de1cd0fdfea646028 +Author: dtucker@openbsd.org +Date: Mon Mar 6 12:15:47 2023 +0000 + + upstream: Unit test for kex_proposal_populate_entries. + + OpenBSD-Regress-ID: bdb211d80d572a08bf14b49fe2a58b9ff265c006 + +commit 3f9231c2e1f374ebb08016ba00ea97b47c0ed20b +Author: djm@openbsd.org +Date: Tue Mar 7 05:37:26 2023 +0000 + + upstream: fix memory leak in process_read() path; Spotted by James + + Robinson in GHPR363; ok markus@ + + OpenBSD-Commit-ID: cdc2d98e6478b7e7f3a36976845adae3820429d8 + +commit c5e6e890839ec520ab9301a92cba56303749dea2 +Author: djm@openbsd.org +Date: Tue Mar 7 01:30:52 2023 +0000 + + upstream: correct size for array argument when changing + + UMAC_OUTPUT_LEN Coverity CID 291845; ok dtucker@ + + OpenBSD-Commit-ID: 2eb017d10705bb623d4418691f961c930eafaec0 + +commit 9641753e0fd146204d57b2a4165f552a81afade4 +Author: dtucker@openbsd.org +Date: Mon Mar 6 12:14:48 2023 +0000 + + upstream: Refactor creation of KEX proposal. + + This adds kex_proposal_populate_entries (and corresponding free) which + populates the KEX proposal array with dynamically allocated strings. + This replaces the previous mix of static and dynamic that has been the + source of previous leaks and bugs. Remove unused compat functions. + With & ok djm@. + + OpenBSD-Commit-ID: f2f99da4aae2233cb18bf9c749320c5e040a9c7b + +commit aa59d6a489fb20973fa461d0fdb1110db412947b +Author: dtucker@openbsd.org +Date: Sun Mar 5 09:24:35 2023 +0000 + + upstream: Fix mem and FILE leaks in moduli screening. + + If multiple -Ocheckpoint= options are passed, the earlier ones would + be overwritten and leaked. If we use an input file that wasn't stdin, + close that. From Coverity CIDs 291884 and 291894. + + OpenBSD-Commit-ID: a4d9d15f572926f841788912e2b282485ad09e8b + +commit 23b8cb41767af99a1aac24589d1882d9c8c2c205 +Author: dtucker@openbsd.org +Date: Sun Mar 5 08:18:58 2023 +0000 + + upstream: Plug mem leak in moduli checkpoint option parsing. + + From Coverity CID 291894. + + OpenBSD-Commit-ID: 9b1aba2d049741ae21c8dc4560a7e29ab17310f4 + +commit fc7f8f2188d4a4fc8ba77eddbe863c7665666db5 +Author: dtucker@openbsd.org +Date: Sun Mar 5 05:34:09 2023 +0000 + + upstream: Remove unused compat.h includes. + + We've previously removed a lot of the really old compatibility code, + and with it went the need to include compat.h in most of the files that + have it. + + OpenBSD-Commit-ID: 5af8baa194be00a3092d17598e88a5b29f7ea2b4 + +commit 6c165c36246d8004c20e1df5cec4961a5ac422d6 +Author: dtucker@openbsd.org +Date: Sat Mar 4 03:22:59 2023 +0000 + + upstream: Use time_t for x11 timeout. + + Use time_t instead of u_int for remaining x11 timeout checks for 64bit + time_t safety. From Coverity CIDs 405197 and 405028, ok djm@ + + OpenBSD-Commit-ID: 356685bfa1fc3d81bd95722d3fc47101cc1a4972 + +commit 4a3918f51bd2d968387e7aa87e33b32c78077fb4 +Author: dtucker@openbsd.org +Date: Fri Mar 3 10:23:42 2023 +0000 + + upstream: Ensure ms_remain is always initialized + + similar to what we do in ssh_packet_write_wait. bz#2687, from jjelen + at redhat.com. + + OpenBSD-Commit-ID: a50e0541cf823f8d1c72f71ccde925d3dbe6dfac + +commit e44846a4487d2885ac7f2610be09b1e2bf52249b +Author: dtucker@openbsd.org +Date: Fri Mar 3 09:48:51 2023 +0000 + + upstream: Check for non-NULL before string + + comparison. From jjelen at redhat.com via bz#2687. + + OpenBSD-Commit-ID: 0d9b2e0cac88a311b5766b1aef737082583c285f + +commit 1842d523fae63b862ce8e60725c9b606cddb86a6 +Author: djm@openbsd.org +Date: Fri Mar 3 05:00:34 2023 +0000 + + upstream: guard against getsockname(-1, ...) from Coverity CID + + 291832 + + OpenBSD-Commit-ID: e58d5227327917d189229b7f0b37d2780f360d5f + +commit 78571a5fe9847d40d7f220c92b707574ae9ec4ce +Author: djm@openbsd.org +Date: Fri Mar 3 04:36:20 2023 +0000 + + upstream: some options are not first-match-wins. Mention that there + + are exceptions at the start of the manpage and label some of them in the + option description. + + OpenBSD-Commit-ID: 3b74728446fa6fc8742769eeb8c3674e233e84c4 + +commit d1c1b3272e8895a96c4f5889bd6e07a8525bd9f1 +Author: djm@openbsd.org +Date: Fri Mar 3 04:34:49 2023 +0000 + + upstream: actually print "channeltimeout none" in config dump mode; + + spotted via Coverity CID 405022 + + OpenBSD-Commit-ID: b074b52bf138b75f08264e8da15880b29c7a630f + +commit 8bf61e95610b48192d4e1720cc15d9004617301d +Author: Darren Tucker +Date: Fri Mar 3 14:50:03 2023 +1100 + + Add Coverity badges. + +commit 93291bd723959adf462b1df958106cf07a7734dd +Author: dtucker@openbsd.org +Date: Fri Mar 3 03:12:24 2023 +0000 + + upstream: Check return values of dup2. Spotted by Coverity, ok djm@ + + OpenBSD-Commit-ID: 19fb1b53072826d00c67df677731d2f6c1dd602b + +commit e37261dff33af23f37202cfce0848d36f5c1055c +Author: dtucker@openbsd.org +Date: Fri Mar 3 02:37:58 2023 +0000 + + upstream: Use time_t for x11_refuse_time timeout. We need + + SSH_TIME_T_MAX for this, so move from misc.c to misc.h so it's available. + Fixes a Coverity warning for 64bit time_t safety, ok djm@ + + OpenBSD-Commit-ID: c69c4c3152cdaab953706db4ccf4d5fd682f7d8d + +commit 32755a98c29114b13f4c9d47454bbb265b932ad7 +Author: dtucker@openbsd.org +Date: Fri Mar 3 02:34:29 2023 +0000 + + upstream: Check return value from fctnl and warn on failure. + + Spotted by Coverity, ok djm@ + + OpenBSD-Commit-ID: 2097c7db3cf657f1e3a6c5077041bacc63143cab + +commit 5fc60e8246c36b8255f72a937ebe9787b39648c6 +Author: dtucker@openbsd.org +Date: Thu Mar 2 11:10:27 2023 +0000 + + upstream: Remove SUDO in proxy command wrapper. Anything that needs + + sudo is already run by it, and it breaks if root isn't in sudoers. + + OpenBSD-Regress-ID: 6cf22fda32a89c16915f31a6ed9bbdbef2a3bac9 + +commit 0d514659b23a257247491179cfbb53a6dd64e164 +Author: dtucker@openbsd.org +Date: Thu Mar 2 08:24:41 2023 +0000 + + upstream: Fix breakage on dhgex test. + + This was due to the sshd logs being written to the wrong log file. + While there, make save_debug_logs less verbose, write the name of the + tarball to regress.log and use $SUDO to remove the old symlinks (which + shouldn't be needed, but won't hurt). Initial problem spotted by anton@. + + OpenBSD-Regress-ID: 9c44fb9cd418e6ff31165e7a6c1f9f11a6d19f5b + +commit 860201201d4ae655702807966901682cff30a171 +Author: dtucker@openbsd.org +Date: Thu Mar 2 08:14:52 2023 +0000 + + upstream: Quote grep and log message better. + + OpenBSD-Regress-ID: 3823d9063127169736aa274b1784cb28e15b64d4 + +commit 03a03c6002525f5ad9c8fc874a5d5826a35d9858 +Author: dtucker@openbsd.org +Date: Thu Mar 2 06:41:56 2023 +0000 + + upstream: Always call fclose on checkpoints. + + In the case of an fprintf failure we would not call fclose which would + leak the FILE pointer. While we're there, try to clean up the temp file + on failure. Spotted by Coverity, ok djm@ + + OpenBSD-Commit-ID: 73c7ccc5d4fcc235f54c6b20767a2815408525ef + +commit 13fe8f9785e6d90400ce548939a0b0ddc11fcb3c +Author: dtucker@openbsd.org +Date: Wed Mar 1 21:54:50 2023 +0000 + + upstream: Remove old log symlinks + + before creating new ones. In -portable some platforms don't like + overwriting existing symlinks. + + OpenBSD-Regress-ID: 7e7ddc0beb73e945e1c4c58d51c8a125b518120f + +commit 131fcbcaffd1e3bcf5ab766ec497b5d768955310 +Author: Darren Tucker +Date: Wed Mar 1 23:23:02 2023 +1100 + + Adjust test jobs for new log directory. + +commit a6f4ac8a2baf77e5361cfa017d0dc250d1409bec +Author: dtucker@openbsd.org +Date: Wed Mar 1 09:29:32 2023 +0000 + + upstream: Rework logging for the regression tests. + + Previously we would log to ssh.log and sshd.log, but that is insufficient + for tests that have more than one concurent ssh/sshd. + + Instead, we'll log to separate datestamped files in a $OBJ/log/ and + leave a symlink at the previous location pointing at the most recent + instance with an entry in regress.log showing which files were created + at each point. This should be sufficient to reconstruct what happened + even for tests that use multiple instances of each program. If the test + fails, tar up all of the logs for later analysis. + + This will let us also capture the output from some of the other tools + which was previously sent to /dev/null although most of those will be + in future commits. + + OpenBSD-Regress-ID: f802aa9e7fa51d1a01225c05fb0412d015c33e24 + +commit 8ead62ed5e86c7df597d8604f332f49cd1527b85 +Author: dtucker@openbsd.org +Date: Tue Feb 28 21:31:50 2023 +0000 + + upstream: fatal out if allocating banner string fails to avoid + + potential null deref later in sscanf. Spotted by Coverity, ok deraadt@ + + OpenBSD-Commit-ID: 74e8d228ac00552e96e9e968dfcccf8dd1f46ad5 + +commit 44ca56ba0b3f531f1d85730cc701097cd49e6868 +Author: dtucker@openbsd.org +Date: Tue Feb 28 08:45:24 2023 +0000 + + upstream: Explicitly ignore return from fchmod + + similar to other calls to prevent warning. + + OpenBSD-Commit-ID: fdc5287dcee0860b5a493186414226c655b0eb0a + +commit 803392933a3a6f09f834aa5f0c2aab06a3b382f4 +Author: dtucker@openbsd.org +Date: Mon Feb 27 22:12:40 2023 +0000 + + upstream: Plug mem leak on globbed ls error path. + + Spotted by Coverity, ok deraadt@ + + OpenBSD-Commit-ID: de28476025db29820a9a2e56e98b964d8a02861c + +commit aa33b4d396abf47a2a45f982f28d054fb1dcb5c3 +Author: Darren Tucker +Date: Mon Feb 27 21:04:22 2023 +1100 + + Cast time_t's in debug output to long long. + + Should fix Coverity warning about truncation of 64bit time_t. + +commit b0fd60a9de62a03189ad57d0c07f0ac51dc00e95 +Author: Darren Tucker +Date: Mon Feb 27 17:28:59 2023 +1100 + + Do shadow expiry calcs using "long long". + + Coverity flags these as potentially not 64bit time_t safe so use + long long for the calculations and debug output. ok djm@ + +commit 01dbeb3084d714bbd001ff9d03b9de542e8cdf58 +Author: Damien Miller +Date: Mon Feb 27 17:07:52 2023 +1100 + + avoid clash between for getopt's struct option + + Since we don't use getopt_long() nothing outside the getopt() + implementation itself uses this structure, so move it into the + source to remove it from visibility and clashes with libc's + + ok dtucker@ + +commit eb88d07c43afe407094e7d609248d85a15e148ef +Author: Darren Tucker +Date: Sat Feb 25 14:45:41 2023 +1100 + + Revert explicit chmods on private keys. + + This should no longer be needed on Cygwin test runners due to previous + commit. + +commit 52b75db61030a6c8baf66b73644380cf3f58e26a +Author: Darren Tucker +Date: Sat Feb 25 14:43:28 2023 +1100 + + Remove extended ACLs from working dirs. + + This should allow umask to work as expected and prevent tests from + failing due to excessive permissions on private keys. + +commit 0c5d4c843df5605b043a758d69f9a611ef63c479 +Author: Darren Tucker +Date: Fri Feb 24 13:44:13 2023 +1100 + + Explicitly set permissions on user and host keys. + + On cygwin, the umask might not be sufficient. Should fix tests on + Github runners. + +commit 6c9fc9d7a9f7abf82c3294d74e6d4a25735862ce +Author: djm@openbsd.org +Date: Wed Feb 22 03:56:43 2023 +0000 + + upstream: fix progressmeter corruption on wide displays; bz3534 + + feedback/ok dtucker@ + + OpenBSD-Commit-ID: f4affee067cec7c182f3e0b307d758e0472762a3 + +commit fe0bd3cde9665d364e5eedd2c2c2e60d4cdc3786 +Author: dtucker@openbsd.org +Date: Tue Feb 21 06:48:18 2023 +0000 + + upstream: fseek to end of known_hosts before writing to it. + + POSIX and ANSI C require that applications call fseek or similar between + read and writing to a RW file. OpenBSD doesn't enforce this, but some + (System V derived) platforms need this to prevent it from writing a + spurious extra byte (in this case, a newline). ok djm@ deraadt@ + + OpenBSD-Commit-ID: 33e680dcd8110582a93a40a8491024e961f45137 + +commit 357fb8ae14c07cd025eeed66e73de91bab569849 +Author: Darren Tucker +Date: Tue Feb 21 17:51:09 2023 +1100 + + Also run unit tests on AIX VMs. + + In the past these tests took too long, but these days it only adds + about 5 min to the run. + +commit 17781aaa5188ee1477f7779b280d105512e3dbed +Author: Darren Tucker +Date: Tue Feb 21 17:38:55 2023 +1100 + + Wrap stdint.h inside ifdef. + +commit ef798bad38505f7bf1b5fa5c0843dfc5a2b192b9 +Author: Mayank Sharma +Date: Mon Feb 20 17:37:15 2023 +0530 + + Add includes to ptimeout test. + + Fixes test failures on AIX due to type mismatches. + +commit ab69dda05d5268454209f529fa80f477e60d846a +Author: Darren Tucker +Date: Mon Feb 20 18:24:39 2023 +1100 + + Always use the openssl binary configure tells us. + + This fixes tests on platforms that do not have the openssl tool + installed at all. + +commit 2a7e3449908571af601a4c2d12ab140096442e47 +Author: dtucker@openbsd.org +Date: Fri Feb 17 04:22:50 2023 +0000 + + upstream: Remove now-unused compat bit SSH_BUG_RSASIGMD5. The code + + to set this was removed in OpenSSH 7.7 when support for SSH implementations + dating back to before RFC standardization were removed. "burn it all" djm@ + + OpenBSD-Commit-ID: 6330935fbe23dd00be79891505e06d1ffdac7cda + +commit 0833ccf2c8b7ae08b296c06f17bd53e3ab94b0b0 +Author: dtucker@openbsd.org +Date: Fri Feb 17 03:06:18 2023 +0000 + + upstream: Remove now-unused compat bit SSH_BUG_BIGENDIANAES. This + + was previously set for OpenSSH 2.3 (released in 2000) but this check was + removed in OpenSSH 7.7 (2018). ok djm@ deraadt@ + + OpenBSD-Commit-ID: 326426ea328707fc9e83305291ab135c87f678af + +commit c81c2bea6e828d52b62b448b4ffdd3c163177975 +Author: Damien Miller +Date: Fri Feb 17 10:12:40 2023 +1100 + + whitespace fixes + +commit 500f90b39db5f0014e6b0c49ff1f45c994b69293 +Author: Damien Miller +Date: Fri Feb 17 10:02:08 2023 +1100 + + whitespace at EOL + +commit 68350152406339170721c15e97afdf827a5e4001 +Author: dtucker@openbsd.org +Date: Thu Feb 16 10:10:00 2023 +0000 + + upstream: Remove SSH_BUG_PASSWORDPAD compat bit + + since it's no longer used. ok markus@ + + OpenBSD-Commit-ID: b92c21f56fe4b7f9a54790d6a9650725c226820b + +commit 537cccd804eaf65f32bdce037cc31db4e0ab0f44 +Author: dtucker@openbsd.org +Date: Thu Feb 16 07:55:15 2023 +0000 + + upstream: Remove SSH_BUG_IGNOREMSG compat flag + + since it's only applicable to SSH1 and thus no longer used. ok markus@ + "kill it with fire" djm@ + + OpenBSD-Commit-ID: ea13318b1937795d9db4790d3ce0a6ed01584dab + +commit 285cf6cd4b91a0a0ce33193c358c99085af33e43 +Author: jmc@openbsd.org +Date: Fri Feb 10 06:41:53 2023 +0000 + + upstream: space between macro and punctuation; sort usage(); + + OpenBSD-Commit-ID: 6141610cfca037700730e41f868d1d9124958f8c + +commit d39a96f70f81878c77336ed35f5c648c1804b71a +Author: jmc@openbsd.org +Date: Fri Feb 10 06:40:48 2023 +0000 + + upstream: space between macro and punctuation; + + OpenBSD-Commit-ID: abc95e550be9e6d9a7ff64b65c104c7be21ab19e + +commit 16e82bf53fc34e43e3b948d43b68d5b27a7335e6 +Author: jmc@openbsd.org +Date: Fri Feb 10 06:39:27 2023 +0000 + + upstream: sort SYNOPSIS; + + OpenBSD-Commit-ID: dacd9da33277d5669a51213d880632599c890c1e + +commit d9685121ff6d57b8797411f3cb123884a4b96e30 +Author: Darren Tucker +Date: Sat Feb 11 12:32:19 2023 +1100 + + Improve seccomp compat on older systems. + + Check if flags to mmap and madvise are defined before using them. + Should fix problems building on older Linux systems that don't have + these. bz#3537, with & ok djm@. + +commit 6180b0fa4f7996687678702806257e661fd5931e +Author: djm@openbsd.org +Date: Fri Feb 10 05:06:03 2023 +0000 + + upstream: test -Ohashalg=... and that the default output contains both + + specified hash algorithms; prompted by dtucker@ + + OpenBSD-Regress-ID: 26f309208c8d8b8fa9c5f419767b85f1e9b22f51 + +commit d651f5c9fe37e61491eee46c49ba9fa03dbc0e6a +Author: djm@openbsd.org +Date: Fri Feb 10 04:56:30 2023 +0000 + + upstream: let ssh-keygen and ssh-keyscan accept + + -Ohashalg=sha1|sha256 when outputting SSHFP fingerprints to allow algorithm + selection. bz3493 ok dtucker@ + + OpenBSD-Commit-ID: e6e07fe21318a873bd877f333e189eb963a11b3d + +commit 18938d11a90b74d63c20b2d3c965d5bd64786ab1 +Author: djm@openbsd.org +Date: Fri Feb 10 04:47:19 2023 +0000 + + upstream: add a `sshd -G` option that parses and prints the + + effective configuration without attempting to load private keys and perform + other checks. This allows usage of the option before keys have been + generated. + + bz3460 feedback/ok dtucker@ + + OpenBSD-Commit-ID: 774504f629023fc25a559ab1d95401adb3a7fb29 + +commit df7d3dbf7194db8e97730ee0425d4d9d7bdb8b10 +Author: djm@openbsd.org +Date: Fri Feb 10 04:40:28 2023 +0000 + + upstream: make `ssh -Q CASignatureAlgorithms` work as the manpage says + + it should bz3532 + + OpenBSD-Commit-ID: 0ddb17b3fcbd99bfb5baea4ac5e449620cbd3adc + +commit d3b8d4198b6595f23b5859d43dc8fc701f97429b +Author: Darren Tucker +Date: Fri Feb 10 14:26:44 2023 +1100 + + Add CentOS 7 test targets. + +commit 22efb01e355bba4755b730ed417f91c081445bfc +Author: dtucker@openbsd.org +Date: Thu Feb 9 09:55:33 2023 +0000 + + upstream: Test adding terminating newline to known_hosts. + + OpenBSD-Regress-ID: 5fc3010ac450195b3fbdeb68e875564968800365 + +commit caec6da1a583ed8c32c6ad3b81bbcaab46ac8b61 +Author: dtucker@openbsd.org +Date: Wed Feb 8 08:06:03 2023 +0000 + + upstream: ssh-agent doesn't actually take -v, + + so the recently-added ones will result in the test not cleaning up + after itself. Patch from cjwatson at debian.org vi bz#3536. + + OpenBSD-Regress-ID: 1fc8283568f5bf2f918517c2c1e778072cf61b1a + +commit 3c379c9a849a635cc7f05cbe49fe473ccf469ef9 +Author: dtucker@openbsd.org +Date: Thu Feb 9 09:54:11 2023 +0000 + + upstream: Ensure that there is a terminating newline when adding a new + + entry to known_hosts. bz#3529, with git+openssh at limpsquid.nl, ok deraadt@ + markus@ + + OpenBSD-Commit-ID: fa8d90698da1886570512b96f051e266eac105e0 + +commit 95b6bbd2553547260b324b39d602061c88b774bc +Author: Darren Tucker +Date: Tue Feb 7 08:43:47 2023 +1100 + + Replace 9.1 with 9.2 on CI status page. + +commit 195313dfe10a23c82e9d56d5fdd2f59beee1bdcf +Author: Damien Miller +Date: Fri Feb 3 16:33:09 2023 +1100 + + harden Linux seccomp sandbox + + Linux mmap(2) and madvise(2) syscalls support quite a number of funky + flags that we don't expect that sshd/libc will ever need. We can + exclude this kernel attack surface by filtering the mmap(2) flags + and the madvise(2) advice arguments. + + Similarly, the sandboxed process in sshd is a single-threaded program + that does not use shared memory for synchronisation or communication. + Therefore, there should be no reason for the advanced priority + inheritance futex(2) operations to be necessary. These can also be + excluded. + + Motivated by Jann Horn pointing out that there have been kernel bugs + in nearby Linux kernel code, e.g. CVE-2020-29368, CVE-2020-29374 and + CVE-2022-42703. + + Feedback Jann Horn, ok dtucker@ + +commit 6dfb65de949cdd0a5d198edee9a118f265924f33 +Author: Damien Miller +Date: Thu Feb 2 23:21:54 2023 +1100 + + crank versions in RPM specs + +commit d07cfb11a0ca574eb68a3931d8c46fbe862a2021 +Author: Damien Miller +Date: Thu Feb 2 23:21:45 2023 +1100 + + update version in README + +commit 9fe207565b4ab0fe5d1ac5bb85e39188d96fb214 +Author: Damien Miller +Date: Thu Feb 2 23:17:49 2023 +1100 + + adapt compat_kex_proposal() test to portable + +commit 903c556b938fff2d7bff8da2cc460254430963c5 +Author: djm@openbsd.org +Date: Thu Feb 2 12:12:52 2023 +0000 + + upstream: test compat_kex_proposal(); by dtucker@ + + OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2 + +commit 405fba71962dec8409c0c962408e09049e5624b5 +Author: dtucker@openbsd.org +Date: Thu Jan 19 07:53:45 2023 +0000 + + upstream: Check if we can copy sshd or need to use sudo to do so + + during reexec test. Skip test if neither can work. Patch from anton@, tweaks + from me. + + OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d + +commit b2a2a8f69fd7737ea17dc044353c514f2f962f35 +Author: djm@openbsd.org +Date: Thu Feb 2 12:10:22 2023 +0000 + + upstream: openssh-9.2 + + OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923 + +commit 12da7823336434a403f25c7cc0c2c6aed0737a35 +Author: djm@openbsd.org +Date: Thu Feb 2 12:10:05 2023 +0000 + + upstream: fix double-free caused by compat_kex_proposal(); bz3522 + + by dtucker@, ok me + + OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80 + +commit 79efd95ab5ff99f4cb3a955e2d713b3f54fb807e +Author: Darren Tucker +Date: Wed Feb 1 17:17:26 2023 +1100 + + Skip connection-timeout test on minix3. + + Minix 3's Unix domain sockets don't seem to work the way we expect, so + skip connection-timeout test on that platform. While there, group + together all similarly skipped tests and explicitly comment. + +commit 6b508c4e039619842bcf5a16f8a6b08dd6bec44a +Author: Damien Miller +Date: Wed Feb 1 12:12:05 2023 +1100 + + fix libfido2 detection without pkg-config + + Place libfido2 before additional libraries (that it may depend upon) + and not after. bz3530 from James Zhang; ok dtucker@ + +commit 358e300fed5e6def233a2c06326e51e20ebed621 +Author: deraadt@openbsd.org +Date: Wed Jan 18 20:56:36 2023 +0000 + + upstream: delete useless dependency + + OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad + +commit a4cb9be1b021b511e281ee55c356f964487d9e82 +Author: deraadt@openbsd.org +Date: Wed Jan 18 20:43:15 2023 +0000 + + upstream: Create and install sshd random relink kit. + + ../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't + be too fragile, we'll see if we need a different approach. The resulting sshd + binary is tested with the new sshd -V option before installation. As the + binary layout is now semi-unknown (meaning relative, fixed, and gadget + offsets are not precisely known), change the filesystem permissions to 511 to + prevent what I call "logged in BROP". I have ideas for improving this further + but this is a first step ok djm + + OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8 + +commit bc7de6f91a9a0ae2f148a9d31a4027d441a51999 +Author: jmc@openbsd.org +Date: Wed Jan 18 06:55:32 2023 +0000 + + upstream: tweak previous; ok djm + + OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3 + +commit a20b7e999773e6333c8aa9b0a7fa41966e63b037 +Author: Darren Tucker +Date: Tue Jan 31 19:35:44 2023 +1100 + + Skip connection-timeout test under Valgrind. + + Valgrind slows things down so much that the timeout test fails. Skip + this test until we figure out if we can make it work. + +commit c3ffb54b4fc5e608206037921db6ccbc2f5ab25f +Author: Darren Tucker +Date: Wed Jan 25 21:58:40 2023 +1100 + + Skip connection-timeout when missing FD passing. + + This tests uses multiplexing which uses file descriptor passing, so + skip it if we don't have that. Fixes test failures on Cygwin. + +commit 35253af01d8c0ab444c8377402121816e71c71f5 +Author: djm@openbsd.org +Date: Wed Jan 18 02:00:10 2023 +0000 + + upstream: when restoring non-blocking mode to stdio fds, restore + + exactly the flags that ssh started with and don't just clobber them with + zero, as this could also remove the append flag from the set; + + bz3523; ok dtucker@ + + OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0 + +commit 7d17ea151c0b2519f023bd9cc7f141128833ac47 +Author: millert@openbsd.org +Date: Wed Jan 18 01:50:21 2023 +0000 + + upstream: Add a -V (version) option to sshd like the ssh client + + has. OK markus@ deraadt@ + + OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e + +commit 62360feb7f08f2a4c6fc36f3b3449309203c42c9 +Author: millert@openbsd.org +Date: Tue Jan 17 18:52:44 2023 +0000 + + upstream: For "ssh -V" always exit 0, there is no need to check opt + + again. This was missed when the fallthrough in the switch case above it was + removed. OK deraadt@ + + OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120 + +commit 12492c0abf1eb415d08a897cc1d8b9e789888230 +Author: djm@openbsd.org +Date: Tue Jan 17 10:15:10 2023 +0000 + + upstream: also check that an active session inhibits + + UnusedConnectionTimeout idea markus@ + + OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003 + +commit cef2593c33ac46a58238ff998818754eabdf64ff +Author: djm@openbsd.org +Date: Tue Jan 17 10:02:34 2023 +0000 + + upstream: regression test for UnusedConnectionTimeout + + OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084 + +commit aff9493a89c71d6a080419b49ac64eead9730491 +Author: djm@openbsd.org +Date: Mon Jan 16 04:11:29 2023 +0000 + + upstream: unbreak test: cannot access shell positional parameters + + past $9 without wrapping the position in braces (i.e. need ${10}, etc.) + + OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac + +commit 0293c19807f83141cdf33b443154459f9ee471f6 +Author: djm@openbsd.org +Date: Tue Jan 17 09:44:48 2023 +0000 + + upstream: Add a sshd_config UnusedConnectionTimeout option to terminate + + client connections that have no open channels for some length of time. This + complements the recently-added ChannelTimeout option that terminates inactive + channels after a timeout. + + ok markus@ + + OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9 + +commit 8ec2e3123802d2beeca06c1644b0b647f6d36dab +Author: djm@openbsd.org +Date: Sun Jan 15 23:35:10 2023 +0000 + + upstream: adapt to ed25519 changes in src/usr.bin/ssh + + OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5 + +commit 9fbbfeca1ce4c7ec0001c827bbf4189a3ba0964b +Author: djm@openbsd.org +Date: Sun Jan 15 23:05:32 2023 +0000 + + upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP + + (20221122) and change the import approach to the same one we use for + Streamlined NTRUPrime: use a shell script to extract the bits we need from + SUPERCOP, make some minor adjustments and squish them all into a single file. + + ok tb@ tobhe@ + + OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b + +commit 6283f4bd83eee714d0f5fc55802eff836b06fea8 +Author: Darren Tucker +Date: Sat Jan 14 22:02:44 2023 +1100 + + Allow writev is seccomp sandbox. + + This seems to be used by recent glibcs at least in some configurations. + From bz#3512, ok djm@ + +commit 923c3f437f439cfca238fba37e97a7041782f615 +Author: dtucker@openbsd.org +Date: Sat Jan 14 10:05:54 2023 +0000 + + upstream: Shell syntax fix. From ren mingshuai vi github PR#369. + + OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9 + +commit 4d87a00f704e0365e11c3c38b170c1275ec461fc +Author: dtucker@openbsd.org +Date: Sat Jan 14 09:57:08 2023 +0000 + + upstream: Instead of skipping the all-tokens test if we don't have + + OpenSSL (since we use it to compute the hash), put the hash at the end and + just omit it if we don't have it. Prompted by bz#3521. + + OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea + +commit b05406d6f93b8c8ec11ec8b27e7c76cc7a5a55fb +Author: jmc@openbsd.org +Date: Fri Jan 13 07:13:40 2023 +0000 + + upstream: fix double phrase in previous; + + OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2 + +commit 40564812b659c530eb1f4b62d09e85612aef3107 +Author: dtucker@openbsd.org +Date: Fri Jan 13 03:16:29 2023 +0000 + + upstream: Document "UserKnownHostsFile none". ok djm@ + + OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5 + +commit d03e245e034019a37388f6f5f893ce848ab6d2e2 +Author: Darren Tucker +Date: Fri Jan 13 23:02:34 2023 +1100 + + Retry package installation 3 times. + + When setting up the CI environment, retry package installation 3 times + before going up. Should help prevent spurious failures during + infrastructure issues. + +commit 625f6bc39840167dafb3bf5b6a3e18503ac986e8 +Author: dtucker@openbsd.org +Date: Fri Jan 13 04:47:34 2023 +0000 + + upstream: Move scp path setting to a helper function. The previous + + commit to add scp to the test sshd's path causes the t-envpass test to fail + when the test scp is given using a fully qualified path. Put this in a + helper function and only call it from the scp tests. + + OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4 + +commit 6e6f88647042b3cde54a628545c2f5fb656a9327 +Author: dtucker@openbsd.org +Date: Fri Jan 13 04:23:00 2023 +0000 + + upstream: Add scp's path to test sshd's PATH. + + If the scp we're testing is fully qualified (eg it's not in the system + PATH) then add its path to the under-test sshd's PATH so we can find + it. Prompted by bz#3518. + + OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0 + +commit 8a5e99a70fcf9b022a8aa175ebf6a71f58511da3 +Author: Darren Tucker +Date: Fri Jan 13 15:49:48 2023 +1100 + + Remove skipping test when scp not in path. + + An upcoming change renders this obsolete by adding scp's path to the + test sshd's PATH, and removing this first will make the subsequent sync + easier. + +commit 41f36dd896c8fb8337d403fcf476762986976e9d +Author: dtucker@openbsd.org +Date: Fri Jan 13 02:58:20 2023 +0000 + + upstream: Add a "Host" line to the output of ssh -G showing the + + original host arg. Inspired by patch from vincent at bernat.ch via bz#3343, + ok djm@ + + OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883 + +commit f673b49f3be3eb51074fbb8a405beb6cd0f7d93e +Author: djm@openbsd.org +Date: Fri Jan 13 02:44:02 2023 +0000 + + upstream: avoid printf("%s", NULL) if using ssh + + -oUserKnownHostsFile=none and a hostkey in one of the system known hosts file + changes; ok dtucker@ + + OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614 + +commit 93fc7c576563e3d88a1dc019dd213f65607784cc +Author: djm@openbsd.org +Date: Wed Jan 11 05:39:38 2023 +0000 + + upstream: clamp the minimum buffer lengths and number of inflight + + requests too + + OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56 + +commit 48bf234322e639d279c5a28435eae50155e9b514 +Author: djm@openbsd.org +Date: Wed Jan 11 05:36:50 2023 +0000 + + upstream: ignore bogus upload/download buffer lengths in the limits + + extension + + OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8 + +commit 36b00d31833ca74cb0f7c7d8eda1bde55700f929 +Author: djm@openbsd.org +Date: Wed Jan 11 02:13:52 2023 +0000 + + upstream: remove whitespace at EOL from code extracted from SUPERCOP + + OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4 + +commit d888de06c5e4d7dbf2f2b85f2b5bf028c570cf78 +Author: djm@openbsd.org +Date: Wed Jan 11 00:51:27 2023 +0000 + + upstream: rewrite this test to use a multiplexed ssh session so we can + + control its lifecycle without risk of race conditions; fixes some of the + Github integration tests for openssh-portable + + OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969 + +commit 4bcc737a35fdd9cc4af7423d6c23dfd0c7ef4786 +Author: Damien Miller +Date: Wed Jan 11 11:45:17 2023 +1100 + + remove buffer len workaround for NetBSD 4.x + + Switching to from pipes to a socketpair for communicating with the + ssh process avoids the (kernel bug?) problem. + +commit f5154d2aac3e6a32a1b13dec23a701a087850cdc +Author: Damien Miller +Date: Wed Jan 11 11:44:19 2023 +1100 + + add back use of pipes in scp.c under USE_PIPES + + This matches sftp.c which prefers socketpair but uses pipes on + some older platforms. + +commit eec737b59cf13841de46134967a206607000acd4 +Author: millert@openbsd.org +Date: Tue Jan 10 23:22:15 2023 +0000 + + upstream: Switch scp from using pipes to a socketpair for + + communication with it's ssh sub-processes. We no longer need to reserve two + descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is + handled by sanitise_stdfd() in main(). Based on an original diff from djm@. + OK deraadt@ djm@ + + OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d + +commit d213d126a4a343abd3a1eb13687d39c1891fe5c8 +Author: jmc@openbsd.org +Date: Fri Jan 6 08:44:11 2023 +0000 + + upstream: tweak previous; ok djm + + OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858 + +commit 4a5590a5ee47b7dfd49773e9fdba48ad3089fe64 +Author: Damien Miller +Date: Mon Jan 9 16:33:56 2023 +1100 + + try to improve logging for dynamic-forward test + + previously the logs from the ssh used to exercise the forwarding + channel would clobber the logs from the ssh actually doing the + forwarding + +commit 715bc25dcfccf9fb2bee820155fe071d01a618db +Author: Darren Tucker +Date: Sat Jan 7 23:24:50 2023 +1100 + + Skip dynamic-forward test on minix3. + + This test relies on loopback addresses which minix does not have. + Previously the test would not run at all since it also doesn't have + netcat, but now we use our own netcat it tries and fails. + +commit dd1249bd5c45128a908395c61b26996a70f82205 +Author: Damien Miller +Date: Sun Jan 8 12:08:59 2023 +1100 + + don't test IPv6 addresses if platform lacks support + +commit d77fc611a62f2dfee0b654c31a50a814b13310dd +Author: dtucker@openbsd.org +Date: Fri Jan 6 12:33:33 2023 +0000 + + upstream: When OpenSSL is not available, skip parts of percent test + + that require it. Based on github pr#368 from ren mingshuai. + + OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2 + +commit 1cd2aac312af9172f1b5cb06c2e1cd090abb83cf +Author: Darren Tucker +Date: Sat Jan 7 23:01:11 2023 +1100 + + Use our own netcat for dynamic-forward test. + + That way we can be surer about its behaviour rather than trying to + second-guess the behaviour of various netcat implementations. + +commit 26cab41c05d7b0859d2a1ea5b6ed253d91848a80 +Author: Darren Tucker +Date: Sat Jan 7 14:30:43 2023 +1100 + + Use autoconf to find openssl binary. + + It's possible to install an OpenSSL in a path not in the system's + default library search path. OpenSSH can still use this (eg if you + specify an rpath) but the openssl binary there may not work. If one is + available on the system path just use that. + +commit 5532e010a0eeb6aa264396514f9aed7948471538 +Author: Darren Tucker +Date: Sat Jan 7 10:34:18 2023 +1100 + + Check openssl_bin path is executable before using. + +commit 5d7b16cff48598d5908db970bfdc9ff9326142c8 +Author: Darren Tucker +Date: Fri Jan 6 23:19:07 2023 +1100 + + Set OPENSSL_BIN from OpenSSL directory. + +commit 344a0e8240eaf08da5d46a5e3a9ecad6e4f64c35 +Author: dtucker@openbsd.org +Date: Fri Jan 6 08:50:33 2023 +0000 + + upstream: Save debug logs from ssh for debugging purposes. + + OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0 + +commit e1ef172646f7f49c80807eea90225ef5e0be55a8 +Author: djm@openbsd.org +Date: Fri Jan 6 08:07:39 2023 +0000 + + upstream: regression test for ChannelTimeout + + OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685 + +commit 2393ea8daf25853459eb07a528d7577688847777 +Author: djm@openbsd.org +Date: Fri Jan 6 07:18:18 2023 +0000 + + upstream: fix typo in verbose logging + + OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9 + +commit 161a5378a3cc2e7aa3f9674cb7f4686ae6ce9586 +Author: djm@openbsd.org +Date: Fri Jan 6 02:59:50 2023 +0000 + + upstream: unit tests for misc.c:ptimeout_* API + + OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94 + +commit 018d671d78145f03d6f07ae9d64d51321da70325 +Author: tb@openbsd.org +Date: Wed Jan 4 22:48:57 2023 +0000 + + upstream: Copy bytes from the_banana[] rather than banana() + + Fixes test failure due to segfault seen on arm64 with xonly snap. + + ok djm + + OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046 + +commit ab6bb69e251faa8b24f81b25c72ec0120f20cad4 +Author: Damien Miller +Date: Fri Jan 6 19:13:36 2023 +1100 + + unbreak scp on NetBSD 4.x + + e555d5cad5 effectively increased the default copy buffer size for SFTP + transfers. This caused NetBSD 4.x to hang during the "copy local file to + remote file in place" scp.sh regression test. + + This puts back the original 32KB copy buffer size until we can properly + figure out why. + + lots of debugging assistance from dtucker@ + +commit 2d1ff2b9431393ad99ef496d5e3b9dd0d4f5ac8c +Author: djm@openbsd.org +Date: Fri Jan 6 02:47:18 2023 +0000 + + upstream: Implement channel inactivity timeouts + + This adds a sshd_config ChannelTimeouts directive that allows channels that + have not seen traffic in a configurable interval to be automatically closed. + Different timeouts may be applied to session, X11, agent and TCP forwarding + channels. + + Note: this only affects channels over an opened SSH connection and not + the connection itself. Most clients close the connection when their channels + go away, with a notable exception being ssh(1) in multiplexing mode. + + ok markus dtucker + + OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8 + +commit 0e34348d0bc0b1522f75d6212a53d6d1d1367980 +Author: djm@openbsd.org +Date: Fri Jan 6 02:42:34 2023 +0000 + + upstream: Add channel_set_xtype() + + This sets an "extended" channel type after channel creation (e.g. + "session:subsystem:sftp") that will be used for setting channel inactivity + timeouts. + + ok markus dtucker + + OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca + +commit ceedf09b2977f3a756c759a6e7eb8f8e9db86a18 +Author: djm@openbsd.org +Date: Fri Jan 6 02:41:49 2023 +0000 + + upstream: tweak channel ctype names + + These are now used by sshd_config:ChannelTimeouts to specify timeouts by + channel type, so force them all to use a similar format without whitespace. + + ok dtucker markus + + OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65 + +commit c60438158ad4b2f83d8504257aba1be7d0b0bb4b +Author: djm@openbsd.org +Date: Fri Jan 6 02:39:59 2023 +0000 + + upstream: Add channel_force_close() + + This will forcibly close an open channel by simulating read/write errors, + draining the IO buffers and calling the detach function. + + Previously the detach function was only ever called during channel garbage + collection, but there was no way to signal the user of a channel (e.g. + session.c) that its channel was being closed deliberately (vs. by the + usual state-machine logic). So this adds an extra "force" argument to the + channel cleanup callback to indicate this condition. + + ok markus dtucker + + OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b + +commit d478cdc7ad6edd4b1bcd1e86fb2f23194ff33d5a +Author: djm@openbsd.org +Date: Fri Jan 6 02:38:23 2023 +0000 + + upstream: replace manual poll/ppoll timeout math with ptimeout API + + feedback markus / ok markus dtucker + + OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2 + +commit 4adf3817a24efe99b06e62630577d683c7cd8065 +Author: djm@openbsd.org +Date: Fri Jan 6 02:37:04 2023 +0000 + + upstream: add ptimeout API for keeping track of poll/ppoll + + timeouts; ok dtucker markus + + OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead + +commit 8c7c69d32375d2f3ce9da0109c9bffc560842316 +Author: djm@openbsd.org +Date: Thu Jan 5 05:49:13 2023 +0000 + + upstream: suppress "Connection closed" message when in quiet mode + + OpenBSD-Commit-ID: 8a3ab7176764da55f60bfacfeae9b82d84e3908f + +commit 845ceecea2ac311b0c267f9ecbd34862e1876fc6 +Author: djm@openbsd.org +Date: Mon Jan 2 07:03:57 2023 +0000 + + upstream: regression test for PermitRemoteOpen + + OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c + +commit b3daa8dc582348d6ab8150bc1e571b7aa08c5388 +Author: djm@openbsd.org +Date: Mon Jan 2 07:03:30 2023 +0000 + + upstream: fix bug in PermitRemoteOpen which caused it to ignore its + + first argument unless it was one of the special keywords "any" or "none". + + Reported by Georges Chaudy in bz3515; ok dtucker@ + + OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5 + +commit 0872663a7be0301bcc3d49acdbc9b740a3d972d4 +Author: jmc@openbsd.org +Date: Mon Dec 26 19:16:03 2022 +0000 + + upstream: spelling fixes; from paul tagliamonte amendments to his + + diff are noted on tech + + OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a + +commit 797da2812a71785b34890bb6eb44767a7d09cd34 +Author: djm@openbsd.org +Date: Fri Dec 16 07:13:22 2022 +0000 + + upstream: Mention that scp uses the SFTP protocol and remove + + reference to legacy flag. Spotted by, feedback and ok jmc@ + + OpenBSD-Commit-ID: 9dfe04966f52e941966b46c7a2972147f95281b3 + +commit 93f2ce8c050a7a2a628646c00b40b9b53fef93ef +Author: djm@openbsd.org +Date: Fri Dec 16 06:56:47 2022 +0000 + + upstream: Clear signal mask early in main(); sshd may have been + + started with one or more signals masked (sigprocmask(2) is not cleared + on fork/exec) and this could interfere with various things, e.g. the + login grace timer. + + Execution environments that fail to clear the signal mask before running + sshd are clearly broken, but apparently they do exist. + + Reported by Sreedhar Balasubramanian; ok dtucker@ + + OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae + +commit 4acfaabfae41badb9d334a2ee88c5c6ad041c0d5 +Author: jmc@openbsd.org +Date: Fri Dec 16 06:52:48 2022 +0000 + + upstream: add -X to usage(); + + OpenBSD-Commit-ID: 1bdc3df7de11d766587b0428318336dbffe4a9d0 + +commit e555d5cad5afae7d5ef2bbc02ca591178fe16fed +Author: djm@openbsd.org +Date: Fri Dec 16 03:40:03 2022 +0000 + + upstream: add a -X option to both scp(1) and sftp(1) to allow + + control over some SFTP protocol knobs: the copy buffer length and + the number of inflight requests, both of which are used during + upload/download. + + Previously these could be controlled in sftp(1) using the -b/-R options. + This makes them available in both SFTP protocol clients using the same + option character sequence. + + ok dtucker@ + + OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c + +commit 5a7a7acab2f466dc1d7467b5d05d35268c3137aa +Author: deraadt@openbsd.org +Date: Thu Dec 15 18:20:39 2022 +0000 + + upstream: The idiomatic way of coping with signed char vs unsigned + + char (which did not come from stdio read functions) in the presence of + ctype macros, is to always cast to (unsigned char). casting to (int) + for a "macro" which is documented to take int, is weird. And sadly wrong, + because of the sing extension risk.. same diff from florian + + OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea + +commit b0b58222c7cc62efd8212c4fb65a545f58ebb22d +Author: Darren Tucker +Date: Mon Dec 19 18:49:51 2022 +1100 + + Simply handling of SSH_CONNECTION PAM env var. + + Prompted by bz#3508: there's no need to cache the value of + sshpam_conninfo so remove the global. While there, add check of + return value from pam_putenv. ok djm@ + +commit ed8444572ae684fdb892f97bae342c6cb6456f04 +Author: Darren Tucker +Date: Mon Dec 19 18:42:34 2022 +1100 + + Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s. + +commit abb9a8aaddfcacbd12641f6e4f203da0fa85a287 +Author: Darren Tucker +Date: Sun Dec 18 21:36:25 2022 +1100 + + Use sudo when resetting perms on directories. + +commit 2f5664c5908d84697cbe91302d5d5c4d83cb2121 +Author: Darren Tucker +Date: Sun Dec 18 21:19:33 2022 +1100 + + Set group perms on regress dir. + + This ensures that the tests don't fail due to StrictMode checks. + +commit 137196300fc1540affadde880210f02ba6cb4abf +Author: Darren Tucker +Date: Sun Dec 18 21:13:42 2022 +1100 + + Fetch regress logs from obj dir. + +commit 5f93c4836527d9fda05de8944a1c7b4a205080c7 +Author: Darren Tucker +Date: Tue Dec 13 20:59:54 2022 +1100 + + obsdsnap test VMs runs-on libvirt too. + +commit 8386886fb1ab7fda73069fb0db1dbe0e5a52f758 +Author: Darren Tucker +Date: Tue Dec 13 20:55:37 2022 +1100 + + Run upstream obsdsnap tests on ephemeral runners. + +commit b6e01459b55ece85d7f296b2bc719d1841e1009e +Author: Darren Tucker +Date: Tue Dec 13 20:48:56 2022 +1100 + + Move obsdsnap test VMs to ephemeral runners. + +commit ea6fdf9a1aa71a411f7db218a986392c4fb55693 +Author: Damien Miller +Date: Fri Dec 9 18:00:21 2022 +1100 + + use calloc for allocating arc4random structs + + ok dtucker + +commit 4403b62f5548e91389cb3339d26a9d0c4bb07b34 +Author: dtucker@openbsd.org +Date: Fri Dec 9 00:22:29 2022 +0000 + + upstream: Warn if no host keys for hostbased auth can be loaded. + + OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977 + +commit a6183e25e3f1842e21999fe88bc40bb99b121dc3 +Author: dtucker@openbsd.org +Date: Fri Dec 9 00:17:40 2022 +0000 + + upstream: Add server debugging for hostbased auth. + + auth_debug_add queues messages about the auth process which is sent to + the client after successful authentication. This also sends those to + the server debug log to aid in debugging. From bz#3507, ok djm@ + + OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a + +commit b85c3581c16aaf6e83b9a797c80705a56b1f312e +Author: cheloha@openbsd.org +Date: Sun Dec 4 23:50:49 2022 +0000 + + upstream: remove '?' from getopt(3) loops + + userspace: remove vestigial '?' cases from top-level getopt(3) loops + + getopt(3) returns '?' when it encounters a flag not present in the in + the optstring or if a flag is missing its option argument. We can + handle this case with the "default" failure case with no loss of + legibility. Hence, remove all the redundant "case '?':" lines. + + Prompted by dlg@. With help from dlg@ and millert@. + + Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2 + + ok naddy@ millert@ dlg@ + + OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e + +commit 9a067e8d28a2249fd73f004961e30c113ee85e5d +Author: dtucker@openbsd.org +Date: Wed Dec 7 11:45:43 2022 +0000 + + upstream: Fix comment typo. + + OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03 + +commit ce3c3e78ce45d68a82c7c8dc89895f297a67f225 +Author: Darren Tucker +Date: Wed Dec 7 18:58:25 2022 +1100 + + Add SANDBOX_DEBUG to the kitchensink test build. + +commit bc234605fa3eb10f56bf0d74c8ecb0d91ada9d05 +Author: Damien Miller +Date: Wed Dec 7 18:38:25 2022 +1100 + + disable SANDBOX_SECCOMP_FILTER_DEBUG + + It was mistakenly enabled in 2580916e4872 + + Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net + +commit b087c5cfa011b27992e01589314fec830266f99d +Author: Rose <83477269+AtariDreams@users.noreply.github.com> +Date: Tue Nov 29 15:12:54 2022 -0500 + + Update autotools + + Regenerate config files using latest autotools + +commit d63f5494978a185c7421d492b9c2f6f05bb54138 +Author: Darren Tucker +Date: Tue Dec 6 12:22:36 2022 +1100 + + Fix typo in comment. Spotted by tim@ + +commit 73dcca12115aa12ed0d123b914d473c384e52651 +Author: dtucker@openbsd.org +Date: Sun Dec 4 11:03:11 2022 +0000 + + upstream: Remove duplicate includes. + + Patch from AtariDreams via github PR#364. + + OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea + +commit 3cec15543010bc8d6997d896b1717a650afb7e92 +Author: djm@openbsd.org +Date: Fri Dec 2 04:40:27 2022 +0000 + + upstream: make struct sshbuf private + + and remove an unused field; ok dtucker + + OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3 + +commit 5796bf8ca9535f9fa7d01829a540d2550e05c860 +Author: Darren Tucker +Date: Fri Dec 2 11:43:36 2022 +1100 + + Restore ssh-agent permissions on exit. + + ...enough that subsequent builds can overwrite ssh-agent if necessary. + +commit ccf5a13868cbb4659107458cac1e017c98abcbda +Author: dtucker@openbsd.org +Date: Thu Dec 1 02:22:13 2022 +0000 + + upstream: Clean up ssh-add and ssh-agent logs. + + OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c + +commit 7a8b40cf6a5eda80173140cc6750a6db8412fa87 +Author: dtucker@openbsd.org +Date: Thu Dec 1 02:19:29 2022 +0000 + + upstream: Log output of ssh-agent and ssh-add + + This should make debugging easier. + + OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8 + +commit 4a1805d532616233dd6072e5cd273b96dd3062e6 +Author: dtucker@openbsd.org +Date: Tue Nov 29 22:41:14 2022 +0000 + + upstream: Add void to client_repledge args to fix compiler warning. ok djm@ + + OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866 + +commit 815c4704930aa449edf6e812e99d69e9ffd31f01 +Author: djm@openbsd.org +Date: Mon Nov 28 01:38:22 2022 +0000 + + upstream: tighten pledge(2) after session establishment + + feedback, ok & testing in snaps deraadt@ + + OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58 + +commit f7cebbbf407d772ed71403d314343766782fe540 +Author: djm@openbsd.org +Date: Mon Nov 28 01:37:36 2022 +0000 + + upstream: New EnableEscapeCommandline ssh_config(5) option + + This option (default "no") controls whether the ~C escape is available. + Turning it off by default means we will soon be able to use a stricter + default pledge(2) in the client. + + feedback deraadt@ dtucker@; tested in snaps for a while + + OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a + +commit d323f7ecf52e3d4ec1f4939bf31693e02f891dca +Author: mbuhl@openbsd.org +Date: Fri Nov 18 19:47:40 2022 +0000 + + upstream: In channel_request_remote_forwarding the parameters for + + permission_set_add are leaked as they are also duplicated in the call. Found + by CodeChecker. ok djm + + OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e + +commit 62cc33e6eed847aafdc29e34aa69e9bd82a0ee16 +Author: Darren Tucker +Date: Wed Nov 30 11:23:11 2022 +1100 + + Use -fzero-call-used-regs=used on clang 15. + + clang 15 seems to have a problem with -fzero-call-used-reg=all which + causes spurious "incorrect signature" failures with ED25519. On those + versions, use -fzero-call-used-regs=used instead. (We may add exceptions + later if specific versions prove to be OK). Also move the GCC version + check to match. + + Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround + suggested by Bill Wendling (morbo at google com). bz#3475, ok djm@ + +commit f84b9cffd52c9c5c359a54a1929f9948e803ab1d +Author: Darren Tucker +Date: Mon Nov 28 21:09:28 2022 +1100 + + Skip unit tests on slow riscv64 hardware. + +commit 9f2747e0bed3faca92679eae69aef10c95dc82f5 +Author: Darren Tucker +Date: Sun Nov 27 15:26:22 2022 +1100 + + Rework how selfhosted tests interact with runners. + + Previously there was one runner per test target (mostly VMs). This had + a few limitations: + - multiple tests that ran on the same target (eg multiple build + configs) were serialized on availability or that runner. + - it needed manual balancing of VMs over host machines. + + To address this, make VMs that use ephemeral disks (ie most of them) + all use a pool of runners with the "libvirt" label. This requires that + we distinguish between "host" and "target" for those. Native runners + and VMs with persistent disks (eg the constantly-updated snapshot ones) + specify the same host and target. + + This should improve test throughput. + +commit d664ddaec87bdc7385be8ef7f1337793e1679d48 +Author: Darren Tucker +Date: Sun Nov 27 12:19:37 2022 +1100 + + Run vmstartup from temp dir. + + This will allow us to create ephemeral disk images per-runner. + +commit 0fa16e952b1fc1c4cf65e3dd138b0e87003e2e45 +Author: Darren Tucker +Date: Sun Nov 27 12:14:00 2022 +1100 + + Make "config" in matrix singular and pass in env. + + This will allow the startup scripts to adapt their behaviour based on + the type and config. + +commit e8857043af54809187be1e8b06749db61112899f +Author: Darren Tucker +Date: Sun Nov 27 11:42:22 2022 +1100 + + Add "libvirt" label to dfly30. + +commit 9775473d84902dc37753686cd10ae71fbe67efda +Author: Darren Tucker +Date: Sun Nov 27 09:28:20 2022 +1100 + + Rename "os" in matrix to "target". + + This is in preparation to distinguish this from the host that the runner + runs on in case where they are separate (eg VMs). + +commit 04fd00ceff39f4544ced6f5342060abe584835d0 +Author: Darren Tucker +Date: Sun Nov 27 09:23:04 2022 +1100 + + Remove unused self-hosted test targets. + +commit c9d9fcad2a11c1cd1550a541f44091d65f0b5584 +Author: Darren Tucker +Date: Sun Nov 27 09:16:15 2022 +1100 + + Remove explicit "default" test config argument. + + Not specifying the test config implicitly selects default args. + +commit 15a01cf15f396f87c6d221c5a6af98331c818962 +Author: Darren Tucker +Date: Wed Nov 23 13:18:54 2022 +1100 + + Add fallback for old platforms w/out MAP_ANON. + +commit 6b9bbbfe8b26db6e9a30a7e08c223e85421aed98 +Author: Darren Tucker +Date: Wed Nov 23 13:09:11 2022 +1100 + + If we haven't found it yet, recheck for sys/stat.h. + + On some very old platforms, sys/stat.h needs sys/types.h, however + autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the + opposite order, which in combination with modern autoconf's + "present but cannot be compiled" behaviour causes it to not be + detected. + +commit 8926956f22639132a9f2433fcd25224e01b900f5 +Author: Darren Tucker +Date: Fri Nov 11 11:25:37 2022 +1100 + + Add dfly62 test target. + +commit 650de7ecd3567b5a5dbf16dd1eb598bd8c20bca8 +Author: dtucker@openbsd.org +Date: Thu Nov 10 23:03:10 2022 +0000 + + upstream: Handle dynamic remote port forwarding in escape commandline's + + -R processing. bz#3499, ok djm@ + + OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208 + +commit 5372db7e7985ba2c00f20fdff8942145ca99e033 +Author: Darren Tucker +Date: Thu Nov 10 12:44:51 2022 +1100 + + Remove seed passing over reexec. + + This was added for the benefit of platforms using ssh-rand-helper to + prevent a delay on each connection as sshd reseeded itself. + + ssh-random-helper is long gone, and since the re-exec happens before the + chroot the re-execed sshd can reseed itself normally. ok djm@ + +commit ca98d3f8c64cfc51af81e1b01c36a919d5947ec2 +Author: Darren Tucker +Date: Wed Nov 9 20:59:20 2022 +1100 + + Skip reexec test on OpenSSL 1.1.1 specifically. + + OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip + that test. See bz#3483 for details. + +commit 5ec4ebc2548e5f7f1b55b2a5cef5b67bdca8146f +Author: dtucker@openbsd.org +Date: Wed Nov 9 09:04:12 2022 +0000 + + upstream: Fix typo in fatal error message. + + Patch from vapier at chromium.org. + + OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf + +commit e6abafe9a6d809422d3432b95b3f9747b0acaa71 +Author: dtucker@openbsd.org +Date: Wed Nov 9 09:01:52 2022 +0000 + + upstream: Remove errant colon and simplify format + + string in error messages. Patch from vapier at chromium.org. + + OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3 + +commit db2027a687516f87c3fb141e87154bb3d8a7807c +Author: djm@openbsd.org +Date: Wed Nov 9 01:37:44 2022 +0000 + + upstream: rename client_global_hostkeys_private_confirm() to + + client_global_hostkeys_prove_confirm(), as it handles the + "hostkeys-prove00@openssh.com" message; no functional change + + OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d + +commit 1c2be7c2004cf1abcd172fee9fe3eab57cd4c426 +Author: djm@openbsd.org +Date: Wed Nov 9 00:15:59 2022 +0000 + + upstream: typo in comment + + OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a + +commit cf1a9852d7fc93e4abc4168aed09529a57427cdc +Author: Darren Tucker +Date: Wed Nov 9 09:23:47 2022 +1100 + + Defer seed_rng until after closefrom call. + + seed_rng will initialize OpenSSL, and some engine providers (eg Intel's + QAT) will open descriptors for their own use. bz#3483, patch from + joel.d.schuetze at intel.com, ok djm@ + +commit dffa64480163fbf76af7e4fb62c26bb0dd6642aa +Author: Darren Tucker +Date: Wed Nov 9 08:27:47 2022 +1100 + + Fix comment text. From emaste at freebsd.org. + +commit d9df5689c29823ab830ec4f54c83c6cc3c0077ad +Author: Pierre Ossman +Date: Wed Jul 6 13:52:10 2022 +0200 + + Avoid assuming layout of fd_set + + POSIX doesn't specify the internal layout of the fd_set object, so let's + not assume it is just a bit mask. This increases compatibility with + systems that have a different layout. + + The assumption is also worthless as we already refuse to use file + descriptors over FD_SETSIZE anyway. Meaning that the default size of + fd_set is quite sufficient. + +commit 419aa8a312e8d8f491933ca3d5933e602cb05aae +Author: Darren Tucker +Date: Tue Nov 8 12:42:52 2022 +1100 + + Shutdown any VM before trying to check out repo. + + In the case where the previous run did not clean up, the checkout will + fail as it'll leave a stale mount. + +commit a32c07cbb78f65d8527642b96474a83b413f8108 +Author: Darren Tucker +Date: Tue Nov 8 11:33:25 2022 +1100 + + Run vm startup and shutdown from runner temp dir. + + Should work even if the github workspace dir is on a stale sshfs mount. + +commit 2b40a7dfcdb8e616155b9504145aa52b271455aa +Author: Darren Tucker +Date: Tue Nov 8 11:03:31 2022 +1100 + + Add valrind-5 test here too. + +commit 2ea03d1f6d0a05ee2b63ed2dc0f2d54f1e4655a1 +Author: Darren Tucker +Date: Tue Nov 8 09:21:10 2022 +1100 + + Update checkout and upload actions. + + Update actions/checkout and actions/upload-artifact to main branch for + compatibility with node.js v16. + +commit 4e316ff0f18a118232bb9ac6512ee62773a9e8ea +Author: Darren Tucker +Date: Tue Nov 8 09:17:04 2022 +1100 + + Split out rekey test since it runs the longest. + +commit 21625a6424258a92a96a3bb73ae6aabc5ed8a6b4 +Author: dtucker@openbsd.org +Date: Mon Nov 7 10:09:28 2022 +0000 + + upstream: The IdentityFile option in ssh_config can also be used to + + specify a public key file, as documented in ssh.1 for the -i option. Document + this also for IdentityFile in ssh_config.5, for documentation completeness. + From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@ + + OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b + +commit 747691604d3325ed2b62bad85b6fd8563ad32f6c +Author: dtucker@openbsd.org +Date: Mon Nov 7 10:05:38 2022 +0000 + + upstream: Remove some set but otherwise unused variables, spotted + + in -portable by clang 16's -Wunused-but-set-variable. ok djm@ + + OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982 + +commit 1d78d25653805aefc7a8dd9d86cd7359ada3823c +Author: dtucker@openbsd.org +Date: Mon Nov 7 10:02:59 2022 +0000 + + upstream: Check for and disallow MaxStartups values less than or + + equal to zero during config parsing, rather than faling later at runtime. + bz#3489, ok djm@ + + OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b + +commit a00f59a645072e5f5a8d207af15916a7b23e2642 +Author: djm@openbsd.org +Date: Mon Nov 7 04:04:40 2022 +0000 + + upstream: fix parsing of hex cert expiry time; was checking whether the + + start time began with "0x", not the expiry time. + + from Ed Maste + + OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739 + +commit f58acaf8c7315483f4ac87d46a1aa2142a713cd8 +Author: Darren Tucker +Date: Mon Nov 7 15:10:59 2022 +1100 + + Fix merge conflict. + +commit 162e5741020a8d996c0c12b988b118e71ed728e6 +Author: Darren Tucker +Date: Mon Nov 7 15:04:33 2022 +1100 + + Branch-specific links for master status badges. + +commit e4b7c12ab24579312aa3ed38ce7041a439ec2d56 +Author: Darren Tucker +Date: Mon Nov 7 14:46:38 2022 +1100 + + Add CIFuzz status badge. + +commit b496b9f831acd1e5bcd875e26e797488beef494a +Author: Darren Tucker +Date: Mon Nov 7 14:45:16 2022 +1100 + + Do not run CIFuzz on selfhosted tree. + + We already run it on the regular tree, no need to double up. + +commit 2138b1c4ddb300129a41a5104627b0d561184c7b +Author: Darren Tucker +Date: Mon Nov 7 14:41:58 2022 +1100 + + Whitespace change to trigger CIFuzz workflow. + +commit 4670b97ef87c7b0f21283c9b07c7191be88dda05 +Author: Darren Tucker +Date: Mon Nov 7 14:34:04 2022 +1100 + + Run cifuzz workflow on the actions as regular CI. + +commit 79391e66ce851ace1baf3c6a35e83a23f08ec2ba +Author: David Korczynski +Date: Tue Nov 30 11:45:20 2021 +0000 + + Add CIFuzz integration + +commit c1893364a0be243270014d7d34362a8101d55112 +Author: dtucker@openbsd.org +Date: Mon Nov 7 02:21:22 2022 +0000 + + upstream: Import regenerated moduli. + + OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f + +commit 5c3f18fb994ef27e685b205ee2351851b80fdbd1 +Author: dtucker@openbsd.org +Date: Mon Nov 7 01:53:01 2022 +0000 + + upstream: Fix typo. From pablomh via -portable github PR#344. + + OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827 + +commit e1c6fcc142066417c9832e634463faa3dd5d116c +Author: Darren Tucker +Date: Mon Nov 7 12:46:58 2022 +1100 + + Link to branch-specific queries for V_9_1 status. + +commit 4f4a5fad6d8892c3f8ee9cd81ec7de6458210c9f +Author: Darren Tucker +Date: Sun Nov 6 10:55:59 2022 +1100 + + Use "prohibit-password" in -portable comments. + + "without-password" is the deprecated alias for "prohibit-password", + so we should reference the latter. From emaste at freebsd.org. + +commit 0f7e1eba55259ec037f515000b4c4afbf446230a +Author: Darren Tucker +Date: Sun Nov 6 10:50:01 2022 +1100 + + Fix tracing disable on FreeBSD. + + Some versions of FreeBSD do not support using id 0 to refer to the + current pid for procctl, so pass getpid() explicitly. From + emaste at freebsd.org. + +commit 32fddb982fd61b11a2f218a115975a87ab126d43 +Author: Darren Tucker +Date: Mon Nov 7 10:39:01 2022 +1100 + + Fix setres*id checks to work with clang-16. + + glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE, + and clang 16 will error out on implicit function definitions, so add + _GNU_SOURCE and the required headers to the configure checks. From + sam at @gentoo.org via bz#3497. + +commit 12af712d116f42164bcfa56db901d06e4fa27199 +Author: Sam James +Date: Sun Nov 6 04:52:38 2022 +0000 + + configure.ac: Fix -Wstrict-prototypes + + Clang 16 now warns on this and it'll be removed in C23, so let's + just be future proof. It also reduces noise when doing general + Clang 16 porting work (which is a big job as it is). github PR#355. + + Signed-off-by: Sam James + +commit 40b0a5eb6e3edfa2886b60c09c7803353b0cc7f5 +Author: Sam James +Date: Sun Nov 6 04:47:35 2022 +0000 + + configure.ac: Add include for openpty + + Another Clang 16ish fix (which makes -Wimplicit-function-declaration + an error by default). github PR#355. + + See: 2efd71da49b9cfeab7987058cf5919e473ff466b + See: be197635329feb839865fdc738e34e24afd1fca8 + +commit 6b17e128879ec6cc32ca2c28b5d894b4aa72e32d +Author: Rochdi Nassah +Date: Fri Oct 28 01:26:31 2022 +0100 + + Fix broken zlib link. + +commit 99500df246ccb736ddbdd04160dcc82165d81a77 +Author: Darren Tucker +Date: Fri Nov 4 16:59:26 2022 +1100 + + Don't run openbsd-compat tests on Cygwin. + + Add "compat-tests" to the default TEST_TARGET so we can override as + necessary. Override TEST_TARGET for Cygwin as the tests don't currently + compile there. + +commit 3cae9f92a31897409666aa1e6f696f779759332b +Author: djm@openbsd.org +Date: Thu Nov 3 21:59:20 2022 +0000 + + upstream: replace recently-added valid_domain() check for hostnames + + going to known_hosts with a more relaxed check for bad characters; previous + commit broke address literals. Reported by/feedback from florian@ + + OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0 + +commit 9655217231c9056200bea7ae2dffcc9c0c3eb265 +Author: Darren Tucker +Date: Thu Nov 3 23:07:50 2022 +1100 + + Rerun tests on changes to Makefile.in in any dir. + +commit 3500f0405a3ab16b59a26f3508c4257a3fc3bce6 +Author: Darren Tucker +Date: Thu Nov 3 23:04:08 2022 +1100 + + Link libssh into compat tests. + + The cygwin compat code uses xmalloc, so add libssh.a so pick up that. + +commit ec59effcf65b8a4c85d47ff5a271123259dd0ab8 +Author: Darren Tucker +Date: Thu Nov 3 21:44:23 2022 +1100 + + Fix compat regress to work with non-GNU make. + +commit 73550a218e7dfbbd599534cbf856309bc924f6fd +Author: Darren Tucker +Date: Thu Nov 3 13:41:16 2022 +1100 + + Increase selfhosted job timeout. + + The default job timeout of 360 (6h) is not enough to complete the + regress tests for some of the slow VMs depending on the load on the host. + Increase to 600 (10h). + +commit db97d8d0b90c6ce52b94b153d6f8f5f7d3b11777 +Author: Darren Tucker +Date: Thu Nov 3 10:00:43 2022 +1100 + + Only run opensslver tests if built with OpenSSL. + +commit ba053709638dff2f6603df0c1f340352261d63ea +Author: Darren Tucker +Date: Wed Nov 2 14:16:04 2022 +1100 + + Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1. + +commit edd24101c7e17d1a8f6576e1aaf62233b47ad6f5 +Author: Darren Tucker +Date: Thu Nov 3 08:17:39 2022 +1100 + + Run compat regress tests too. + +commit fe88d67e7599b0bc73f6e4524add28d743e7f977 +Author: Darren Tucker +Date: Thu Nov 3 08:14:05 2022 +1100 + + Compat tests need libcrypto. + + This was moved to CHANNELLIBS during the libs refactor. Spotted by + rapier at psc.edu. + +commit 96b519726b7944eee3c23a54eee3d5c031ba1533 +Author: Darren Tucker +Date: Thu Nov 3 04:24:39 2022 +1100 + + Include time.h when defining timegm. + + Fixes build on some platforms eg recent AIX. + +commit da6038bd5cd55eb212eb2aec1fc8ae79bbf76156 +Author: Darren Tucker +Date: Tue Nov 1 19:10:30 2022 +1100 + + Always use compat getentropy. + + Have it call native getentropy and fall back as required. Should fix + issues of platforms where libc has getentropy but it is not implemented + in the kernel. Based on github PR#354 from simsergey. + +commit 5ebe18cab6be3247b44c807ac145164010465b82 +Author: Darren Tucker +Date: Wed Nov 2 10:51:48 2022 +1100 + + Check for sockaddr_in.sin_len. + + If found, set SOCK_HAS_LEN which is used in addr.c. Should fix keyscan + tests on platforms with this (eg old NetBSD). + +commit a1febadf426536612c2734168d409147c392e7cf +Author: dtucker@openbsd.org +Date: Sun Oct 30 18:42:07 2022 +0000 + + upstream: Use variable for diff options + + instead of unconditionally specifying "-rN". This will make life easier + in -portable where not all diff's understand -N. + + OpenBSD-Regress-ID: 8b8a407115546be1c6d72d350b1e4f1f960d3cd3 + +commit f6d3ed9a8a9280cbb68d6a499850cfe810e92bd0 +Author: Darren Tucker +Date: Mon Oct 31 05:13:02 2022 +1100 + + OpenSSL dev branch is 302 not 320. + + While there, also accept 301 which it shat it was previously. + +commit 25c8a2bbcc10c493d27faea57c42a6bf13fa51f2 +Author: djm@openbsd.org +Date: Fri Oct 28 02:47:04 2022 +0000 + + upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak + + OPENSSL=no builds + + OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e + +commit 1192588546c29ceec10775125f396555ea71850f +Author: djm@openbsd.org +Date: Fri Oct 28 02:29:34 2022 +0000 + + upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g. + + ssh-keyscan 192.168.0.0/24 + + If a CIDR range is passed, then it will be expanded to all possible + addresses in the range including the all-0s and all-1s addresses. + + bz#976 feedback/ok markus@ + + OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b + +commit 64af4209309461c79c39eda2d13f9d77816c6398 +Author: Damien Miller +Date: Fri Oct 28 12:54:35 2022 +1100 + + fix merge botch + +commit 27267642699342412964aa785b98afd69d952c88 +Author: djm@openbsd.org +Date: Fri Oct 28 00:44:44 2022 +0000 + + upstream: refactor sshkey_private_deserialize + + feedback/ok markus@ + + OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f + +commit 2519a7077a9332f70935e5242ba91ee670ed6b87 +Author: djm@openbsd.org +Date: Fri Oct 28 00:44:17 2022 +0000 + + upstream: refactor sshkey_private_serialize_opt() + + feedback/ok markus@ + + OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd + +commit 11a768adf98371fe4e43f3b06014024c033385d5 +Author: djm@openbsd.org +Date: Fri Oct 28 00:43:30 2022 +0000 + + upstream: refactor certify + + feedback/ok markus@ + + OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6 + +commit 3fbc58bb249d967cc43ebdc554f6781bb73d4a58 +Author: djm@openbsd.org +Date: Fri Oct 28 00:43:08 2022 +0000 + + upstream: refactor sshkey_sign() and sshkey_verify() + + feedback/ok markus@ + + OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc + +commit a1deb6cdbbe6afaab74ecb08fcb62db5739267be +Author: djm@openbsd.org +Date: Fri Oct 28 00:41:52 2022 +0000 + + upstream: refactor sshkey_from_blob_internal() + + feedback/ok markus@ + + OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283 + +commit 7d00799c935271ce89300494c5677190779f6453 +Author: djm@openbsd.org +Date: Fri Oct 28 00:41:17 2022 +0000 + + upstream: refactor sshkey_from_private() + + feedback/ok markus@ + + OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53 + +commit 262647c2e920492ca57f1b9320d74f4a0f6e482b +Author: djm@openbsd.org +Date: Fri Oct 28 00:39:29 2022 +0000 + + upstream: factor out key generation + + feedback/ok markus@ + + OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb + +commit 401c74e7dc15eab60540653d2f94d9306a927bab +Author: djm@openbsd.org +Date: Fri Oct 28 00:38:58 2022 +0000 + + upstream: refactor and simplify sshkey_read() + + feedback/ok markus@ + + OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971 + +commit 591fed94e66a016acf87f4b7cd416ce812f2abe8 +Author: djm@openbsd.org +Date: Fri Oct 28 00:37:24 2022 +0000 + + upstream: factor out public key serialization + + feedback/ok markus@ + + OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033 + +commit 1e78844ae2b2dc01ba735d5ae740904c57e13685 +Author: djm@openbsd.org +Date: Fri Oct 28 00:36:31 2022 +0000 + + upstream: factor out sshkey_equal_public() + + feedback/ok markus@ + + OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94 + +commit 25de1c01a8b9a2c8ab9b1da22444a03e89c982de +Author: djm@openbsd.org +Date: Fri Oct 28 00:35:40 2022 +0000 + + upstream: begin big refactor of sshkey + + Move keytype data and some of the type-specific code (allocation, + cleanup, etc) out into each key type's implementation. Subsequent + commits will move more, with the goal of having each key-*.c file + owning as much of its keytype's implementation as possible. + + lots of feedback + ok markus@ + + OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec + +commit 445363433ba20b8a3e655b113858c836da46a1cb +Author: djm@openbsd.org +Date: Mon Oct 24 22:43:36 2022 +0000 + + upstream: Be more paranoid with host/domain names coming from the + + never write a name with bad characters to a known_hosts file. + + reported by David Leadbeater, ok deraadt@ + + OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad + +commit 7190154de2c9fe135f0cc1ad349cb2fa45152b89 +Author: djm@openbsd.org +Date: Mon Oct 24 21:52:50 2022 +0000 + + upstream: regress test for unmatched glob characters; fails before + + previous commit but passes now. bz3488; prodded by dtucker@ + + OpenBSD-Regress-ID: 0cc5cc9ea4a6fd170dc61b9212f15badaafb3bbd + +commit a4821a592456c3add3cd325db433110cdaaa3e5c +Author: djm@openbsd.org +Date: Mon Oct 24 21:51:55 2022 +0000 + + upstream: when scp(1) is using the SFTP protocol for transport (the + + default), better match scp/rcp's handling of globs that don't match the + globbed characters but do match literally (e.g. trying to transfer + "foo.[1]"). + + Previously scp(1) in SFTP mode would not match these pathnames but + legacy scp/rcp mode would. + + Reported by Michael Yagliyan in bz3488; ok dtucker@ + + OpenBSD-Commit-ID: d8a3773f53015ba811fddba7473769a2fd343e11 + +commit 18376847b8043ba967eabbe23692ef74c9a3fddc +Author: jsg@openbsd.org +Date: Thu Oct 13 09:09:28 2022 +0000 + + upstream: use correct type with sizeof ok djm@ + + OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143 + +commit 4a4883664d6b4e9e4e459a8cdc16bd8d4b735de9 +Author: jmc@openbsd.org +Date: Fri Oct 7 06:00:58 2022 +0000 + + upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here, + + wrap a long line + + ssh-agent.c: + - add -O to usage() + + OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389 + +commit 9fd2441113fce2a83fc7470968c3b27809cc7f10 +Author: djm@openbsd.org +Date: Fri Oct 7 04:06:26 2022 +0000 + + upstream: document "-O no-restrict-websafe"; spotted by Ross L + + Richardson + + OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b + +commit 614252b05d70f798a0929b1cd3d213030ad4d007 +Author: Darren Tucker +Date: Tue Oct 18 06:29:16 2022 +1100 + + OpenSSL dev branch now identifies as 3.2.0. + +commit 195e5a65fd793a738ea8451ebfdd1919db5aff3e +Author: Damien Miller +Date: Mon Oct 17 09:41:47 2022 +1100 + + revert c64b62338b4 and guard POLL* defines instead + + c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2) + Spotted by dtucker + +commit bc2e480d99613bd59720edae244d1764636544c4 +Author: Damien Miller +Date: Fri Oct 14 14:52:22 2022 +1100 + + undef _get{short,long} before redefining + +commit 5eb796a369c64f18d55a6ae9b1fa9b35eea237fb +Author: Harmen Stoppels +Date: Thu Oct 13 16:08:46 2022 +0200 + + Fix snprintf configure test for clang 15 + + Clang 15 -Wimplicit-int defaults to an error in C99 mode and above. + A handful of tests have "main(..." and not "int main(..." which caused + the tests to produce incorrect results. + +commit c64b62338b46ffa08839f05f21ad69fa6234dc17 +Author: Damien Miller +Date: Mon Oct 10 12:32:43 2022 +1100 + + skip bsd-poll.h if poll.h found; ok dtucker + +commit 5ee2b8ccfcf4b606f450eb0ff2305e311f68b0be +Author: djm@openbsd.org +Date: Thu Oct 6 22:42:37 2022 +0000 + + upstream: honour user's umask if it is more restrictive then the ssh + + default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@ + + OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d + +commit a75cffc2700cebd3e2dd9093f7f7388d2be95cb7 +Author: Darren Tucker +Date: Fri Oct 7 03:54:56 2022 +1100 + + Add LibreSSL 3.6.0 to test suite. + + While there, bump OpenSSL to latest 1.1.1q release. + +commit fcc0f0c0e96a30076683fea9a7c9eedc72931742 +Author: Darren Tucker +Date: Thu Oct 6 21:18:16 2022 +1100 + + Add 9.1 branch to CI status page. + +commit ef211eee63821d894a8bf81f22bfba9f6899d0fe +Author: Darren Tucker +Date: Tue Oct 4 23:20:23 2022 +1100 + + Test commits to all branches of portable. + + Only test OpenBSD upstream on commits to master since that's what it + tracks. + +commit fe646de03cafb6593ff4e4954bca9ec4b4b753a8 +Author: Damien Miller +Date: Wed Oct 5 03:47:26 2022 +1100 + + whitespace at EOL + +commit a6e1852d10c63a830196e82168dadd957aaf28ec +Author: Damien Miller +Date: Wed Oct 5 03:40:01 2022 +1100 + + mention libfido2 autodetection + +commit 7360c2c206f33d309edbaf64036c96fadf74d640 +Author: Damien Miller +Date: Wed Oct 5 03:37:36 2022 +1100 + + remove mention of --with-security-key-builtin + + it is enabled by default when libfido2 is installed + +commit 0ffb46f2ee2ffcc4daf45ee679e484da8fcf338c +Author: Damien Miller +Date: Tue Oct 4 01:51:42 2022 +1100 + + update .depend + +commit 657e676ff696c7bb787bffb0e249ea1be3b474e1 +Author: Damien Miller +Date: Tue Oct 4 01:45:52 2022 +1100 + + update release notes URL + +commit f059da2b29840c0f048448809c317ce2ae014da7 +Author: Damien Miller +Date: Tue Oct 4 01:45:41 2022 +1100 + + crank versions in RPM spec files + +commit b51f3f172d87cbdb80ca4eb7b2149e56a7647557 +Author: djm@openbsd.org +Date: Mon Sep 26 22:18:40 2022 +0000 + + upstream: openssh-9.1 + + OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56 + +commit 4cf8d0c0f3030f594a238bab21a0695735515487 +Author: dtucker@openbsd.org +Date: Wed Sep 21 22:26:50 2022 +0000 + + upstream: Fix typo. From AlexanderStohr via github PR#343. + + OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497 + +commit 8179fed3264d5919899900ed8881d5f9bb57ca33 +Author: djm@openbsd.org +Date: Mon Sep 19 21:39:16 2022 +0000 + + upstream: add RequiredRSASize to the list of keywords accepted by + + -o; spotted by jmc@ + + OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e + +commit 5f954929e9f173dd1e279e07d0e8b14fa845814d +Author: Damien Miller +Date: Mon Sep 19 20:59:34 2022 +1000 + + no need for glob.h here + + it also causes portability problems + +commit 03d94a47207d58b3db37eba4f87eb6ae5a63168a +Author: Damien Miller +Date: Mon Sep 19 20:59:04 2022 +1000 + + avoid Wuninitialized false positive in gcc-12ish + +commit 9d952529113831fb3071ab6e408d2726fd72e771 +Author: djm@openbsd.org +Date: Mon Sep 19 10:46:00 2022 +0000 + + upstream: use users-groups-by-id@openssh.com sftp-server extension + + (when available) to fill in user/group names for directory listings. + Implement a client-side cache of see uid/gid=>user/group names. ok markus@ + + OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e + +commit 8ff680368b0bccf88ae85d4c99de69387fbad7a6 +Author: djm@openbsd.org +Date: Mon Sep 19 10:43:12 2022 +0000 + + upstream: sftp client library support for + + users-groups-by-id@openssh.com; ok markus@ + + OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de + +commit 488f6e1c582212c2374a4bf8cd1b703d2e70fb8b +Author: djm@openbsd.org +Date: Mon Sep 19 10:41:58 2022 +0000 + + upstream: extend sftp-common.c:extend ls_file() to support supplied + + user/group names; ok markus@ + + OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0 + +commit 74b77f7497dba3a58315c8f308883de448078057 +Author: djm@openbsd.org +Date: Mon Sep 19 10:40:52 2022 +0000 + + upstream: sftp-server(8): add a "users-groups-by-id@openssh.com" + + extension request that allows the client to obtain user/group names that + correspond to a set of uids/gids. + + Will be used to make directory listings more useful and consistent + in sftp(1). + + ok markus@ + + OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3 + +commit 231a346c0c67cc7ca098360f9a554fa7d4f1eddb +Author: djm@openbsd.org +Date: Mon Sep 19 08:49:50 2022 +0000 + + upstream: better debugging for connect_next() + + OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640 + +commit 1875042c52a3b950ae5963c9ca3774a4cc7f0380 +Author: djm@openbsd.org +Date: Sat Sep 17 10:34:29 2022 +0000 + + upstream: Add RequiredRSASize for sshd(8); RSA keys that fall + + beneath this limit will be ignored for user and host-based authentication. + + Feedback deraadt@ ok markus@ + + OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1 + +commit 54b333d12e55e6560b328c737d514ff3511f1afd +Author: djm@openbsd.org +Date: Sat Sep 17 10:33:18 2022 +0000 + + upstream: add a RequiredRSASize for checking RSA key length in + + ssh(1). User authentication keys that fall beneath this limit will be + ignored. If a host presents a host key beneath this limit then the connection + will be terminated (unfortunately there are no fallbacks in the protocol for + host authentication). + + feedback deraadt, Dmitry Belyavskiy; ok markus@ + + OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a + +commit 07d8771bacfefbcfb37fa8a6dc6103bcc097e0ab +Author: djm@openbsd.org +Date: Sat Sep 17 10:30:45 2022 +0000 + + upstream: Add a sshkey_check_rsa_length() call for checking the + + length of an RSA key; ok markus@ + + OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134 + +commit 3991a0cf947cf3ae0f0373bcec5a90e86a7152f5 +Author: djm@openbsd.org +Date: Sat Sep 17 10:11:29 2022 +0000 + + upstream: actually hook up restrict_websafe; the command-line flag + + was never actually used. Spotted by Matthew Garrett + + OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1 + +commit 30b2a7e4291fb9e357f80a237931ff008d686d3b +Author: djm@openbsd.org +Date: Fri Sep 16 06:55:37 2022 +0000 + + upstream: correct error value + + OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4 + +commit ac1ec9545947d9f9657259f55d04cb49d3a94c8a +Author: djm@openbsd.org +Date: Fri Sep 16 03:33:14 2022 +0000 + + upstream: sftp: Be a bit more clever about completions + + There are commands (e.g. "get" or "put") that accept two + arguments, a local path and a remote path. However, the way + current completion is written doesn't take this distinction into + account and always completes remote or local paths. + + By expanding CMD struct and "cmds" array this distinction can be + reflected and with small adjustment to completer code the correct + path can be completed. + + By Michal Privoznik, ok dtucker@ + + OpenBSD-Commit-ID: 1396d921c4eb1befd531f5c4a8ab47e7a74b610b + +commit 590db83384f9d99fc51c84505792d26d1ef60df9 +Author: djm@openbsd.org +Date: Fri Sep 16 03:13:34 2022 +0000 + + upstream: sftp: Don't attempt to complete arguments for + + non-existent commands + + If user entered a non-existent command (e.g. because they made a + typo) there is no point in trying to complete its arguments. Skip + calling complete_match() if that's the case. + + From Michal Privoznik + + OpenBSD-Commit-ID: cf39c811a68cde2aeb98fc85addea4000ef6b07a + +commit ff9809fdfd1d9a91067bb14a77d176002edb153c +Author: djm@openbsd.org +Date: Wed Sep 14 00:14:37 2022 +0000 + + upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag + + from response + + Now that all FIDO signing calls attempt first without PIN and then + fall back to trying PIN only if that attempt fails, we can remove the + hack^wtrick that removed the UV flag from the keys returned during + enroll. + + By Corinna Vinschen + + OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f + +commit 940dc10729cb5a95b7ee82c10184e2b9621c8a1d +Author: djm@openbsd.org +Date: Wed Sep 14 00:13:13 2022 +0000 + + upstream: a little extra debugging + + OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a + +commit 4b5f91cb959358141181b934156513fcb8a6c1e3 +Author: djm@openbsd.org +Date: Wed Sep 14 00:02:03 2022 +0000 + + upstream: ssh-agent: attempt FIDO key signing without PIN and use + + the error to determine whether a PIN is required and prompt only if + necessary. from Corinna Vinschen + + OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd + +commit 113523bf0bc33600b07ebb083572c8c346b6fdf4 +Author: jmc@openbsd.org +Date: Sun Sep 11 06:38:11 2022 +0000 + + upstream: .Li -> .Vt where appropriate; from josiah frentsos, + + tweaked by schwarze + + ok schwarze + + OpenBSD-Commit-ID: 565046e3ce68b46c2f440a93d67c2a92726de8ed + +commit 86af013b56cecb5ee58ae0bd9d495cd586fc5918 +Author: jsg@openbsd.org +Date: Sat Sep 10 08:50:53 2022 +0000 + + upstream: fix repeated words ok miod@ jmc@ + + OpenBSD-Commit-ID: 6765daefe26a6b648cc15cadbbe337596af709b7 + +commit 0ba39b93b326a7d5dfab776cc9b9d326161a9b16 +Author: djm@openbsd.org +Date: Fri Sep 9 03:31:42 2022 +0000 + + upstream: notifier_complete(NULL, ...) is a noop, so no need to test + + that ctx!=NULL; from Corinna Vinschen + + OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a + +commit be197635329feb839865fdc738e34e24afd1fca8 +Author: Sam James +Date: Thu Sep 8 02:49:29 2022 +0100 + + openbsd-compat/bsd-asprintf: add include for vsnprintf + + Fixes the following build failure with Clang 15 on musl: + ``` + bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o + do not support + implicit function declarations [-Wimplicit-function-declaration] + ret = vsnprintf(string, INIT_SZ, fmt, ap2); + ^ + bsd-asprintf.c:51:8: note: include the header or explicitly provide a declaration for 'vsnprintf' + 1 error generated. + ``` + +commit 6cb6f660bb35f77a0456dd2581ddf39c29398a5e +Author: Darren Tucker +Date: Fri Sep 2 16:43:27 2022 +1000 + + Remove DEF_WEAK, it's already in defines.h. + +commit ce39e7d8b70c4726defde5d3bc4cb7d40d131153 +Author: Darren Tucker +Date: Fri Sep 2 14:28:14 2022 +1000 + + Resync arc4random with OpenBSD. + + This brings us up to current, including djm's random-reseeding change, + as prompted by logan at cyberstorm.mu in bz#3467. It brings the + platform-specific hooks from LibreSSL Portable, simplified to match our + use case. ok djm@. + +commit beaddde26f30e2195b8aa4f3193970e140e17305 +Author: Darren Tucker +Date: Fri Sep 2 14:20:04 2022 +1000 + + Move OPENBSD ORIGINAL marker. + + Putting this after the copyright statement (which doesn't change) + instead of before the version identifier (which does) prevents merge + conflicts when resyncing changes. + +commit c83e467ead67a8cb48ef4bec8085d6fb880a2ff4 +Author: Darren Tucker +Date: Fri Sep 2 14:17:28 2022 +1000 + + Remove arc4random_uniform from arc4random.c + + This was previously moved into its own file (matching OpenBSD) which + prematurely committed in commit 73541f2. + +commit 5f45c2395c60865e59fa44152ff1d003a128c5bc +Author: djm@openbsd.org +Date: Fri Sep 2 04:20:02 2022 +0000 + + upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV + + explicitly test whether the token performs built-in UV (e.g. biometric + tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388 + + OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd + +commit 03277a4aa49b80af541a3e691f264c0c0d8f9cec +Author: Darren Tucker +Date: Wed Aug 31 20:26:30 2022 +1000 + + Move sftp from valgrind-2 to 3 to rebalance. + +commit fcf5365da69c516817321ba89c3a91df98d098df +Author: djm@openbsd.org +Date: Wed Aug 31 02:56:40 2022 +0000 + + upstream: whitespace + + OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232 + +commit e60136a3d7a223dd8e84ba8a6895bc3142360993 +Author: Damien Miller +Date: Mon Aug 29 13:27:45 2022 +1000 + + additional keys + +commit 2b02dcb505288c462d1b5dd1ac04e603d01340eb +Author: Damien Miller +Date: Mon Aug 29 13:23:43 2022 +1000 + + cross-sign allowed_signers with PGP key + + Provides continuity of trust from legacy PGP release key to + the SSHSIG signing keys that we will use henceforth for git + signing. + +commit 51b345f177ae981b8755f6bdf8358b1cc5e83d67 +Author: Darren Tucker +Date: Sat Aug 27 21:49:27 2022 +1000 + + Add libcrypt-devel to cygwin-release deps. + + Based on feedback from vinschen at redhat.com. + +commit 9f81736cf16dd8dda1c8942f1973a5f80b8cd78c +Author: Darren Tucker +Date: Sat Aug 27 09:37:40 2022 +1000 + + Add Windows 2022 test targets. + +commit 85e1a69243f12be8520438ad6a3cfdc0b7fcbb2d +Author: Darren Tucker +Date: Fri Aug 26 16:26:06 2022 +1000 + + Add cygwin-release test target. + + This also moves the cygwin package install from the workflow file to + setup_ci.sh so that we can install different sets of Cygwin packages + for different test configs. + +commit 92382dbe8bf9ea1225b16858f9b9b208c15c7e8d +Author: djm@openbsd.org +Date: Fri Aug 26 08:16:27 2022 +0000 + + upstream: whitespace + + OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8 + +commit 70a5de0a50e84d7250eb4e4537f765599f64c4af +Author: djm@openbsd.org +Date: Fri Aug 26 08:12:56 2022 +0000 + + upstream: whitespace + + OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538 + +commit 3a683a19fd116ea15ebf8aa13d02646cceb302a9 +Author: Damien Miller +Date: Fri Aug 26 14:23:55 2022 +1000 + + initial list of allowed signers + +commit 6851f4b8c3fc1b3e1114c56106e4dc31369c8513 +Author: Darren Tucker +Date: Fri Aug 19 17:22:18 2022 +1000 + + Install Cygwin packages based on OS not config. + +commit f96480906893ed93665df8cdf9065865c51c1475 +Author: djm@openbsd.org +Date: Fri Aug 19 06:07:47 2022 +0000 + + upstream: attemp FIDO key signing without PIN and use the error + + code returned to fall back only if necessary. Avoids PIN prompts for FIDO + tokens that don't require them; part of GHPR#302 + + OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e + +commit 5453333b5d28e313284cb9aae82899704103f98d +Author: djm@openbsd.org +Date: Fri Aug 19 05:53:28 2022 +0000 + + upstream: remove incorrect check that can break enrolling a + + resident key (introduced in r1.40) + + OpenBSD-Commit-ID: 4cab364d518470e29e624af3d3f9ffa9c92b6f01 + +commit ff89b1bed80721295555bd083b173247a9c0484e +Author: dtucker@openbsd.org +Date: Fri Aug 19 04:02:46 2022 +0000 + + upstream: Strictly enforce the maximum allowed SSH2 banner size in + + ssh-keyscan and prevent a one-byte buffer overflow. Patch from Qualys, ok + djm@ + + OpenBSD-Commit-ID: 6ae664f9f4db6e8a0589425f74cd0bbf3aeef4e4 + +commit 1b470b9036639cef4f32fb303bb35ea0b711178d +Author: Darren Tucker +Date: Fri Aug 19 15:18:09 2022 +1000 + + Fix cygwin conditional steps. + +commit fd6ee741ab16714b7035d60aca924123ba28135a +Author: Darren Tucker +Date: Fri Aug 19 15:12:57 2022 +1000 + + Add a bit more debug output. + +commit a9305c4c739f4d91a3d3a92c0b6d4949404a36c5 +Author: Darren Tucker +Date: Fri Aug 12 15:08:47 2022 +1000 + + Add Cygwin (on windows-2019) test target. + + In addition to installing the requisite Cygwin packages, we also need to + explicitly invoke "sh" for steps that run other scripts since the runner + environment doesn't understand #! paths. + +commit 5062ad48814b06162511c4f5924a33d97b6b2566 +Author: djm@openbsd.org +Date: Fri Aug 19 03:06:30 2022 +0000 + + upstream: double free() in error path; from Eusgor via GHPR333 + + OpenBSD-Commit-ID: 39f35e16ba878c8d02b4d01d8826d9b321be26d4 + +commit 5a5c580b48fc6006bdfa731fc2f6d4945c2c0e4e +Author: Darren Tucker +Date: Thu Aug 18 21:36:39 2022 +1000 + + Check for perms to run agent-getpeereid test. + + Ubuntu 22.04 defaults to private home dirs which prevents "nobody" + running ssh-add during the agent-getpeereid test. Check for this and + add the necessary permissions. + +commit cd06a76b7ccc706e2bb4f1cc4aa9e9796a28a812 +Author: Damien Miller +Date: Wed Aug 17 16:04:16 2022 +1000 + + on Cygwin, prefer WinHello FIDO device + + If no FIDO device was explictly specified, then prefer the + windows://hello FIDO device. An exception to this is when + probing resident FIDO keys, in which case hardware FIDO + devices are preferred. + +commit 47f72f534ac5cc2cd3027675a3df7b00a8f77575 +Author: djm@openbsd.org +Date: Wed Aug 17 06:01:57 2022 +0000 + + upstream: add an extra flag to sk_probe() to indicate whether we're + + probing for a FIDO resident key or not. Unused here, but will make like + easier for portable + + OpenBSD-Commit-ID: 432c8ff70e270378df9dbceb9bdeaa5b43b5a832 + +commit edb0bcb3c79b16031dc87a8e57aecc3c4a3414f0 +Author: jmc@openbsd.org +Date: Tue Aug 16 20:24:08 2022 +0000 + + upstream: use .Cm for "sign"; from josiah frentsos + + OpenBSD-Commit-ID: 7f80a53d54857ac6ae49ea6ad93c5bd12231d1e4 + +commit cccb011e130cbbac538b1689d10e4a067298df8b +Author: Corinna Vinschen +Date: Thu Aug 11 20:19:35 2022 +0200 + + Revert "check_sk_options: add temporary WinHello workaround" + + Cygwin now comes with libfido2 1.11.0, so this workaround + isn't required anymore. + + This reverts commit 242c044ab111a37aad3b0775727c36a4c5f0102c. + + Signed-off-by: Corinna Vinschen + +commit 9468cd7cf9d989dfa2ac20e2a0268ba6e93bfa5a +Author: Corinna Vinschen +Date: Thu Aug 11 20:18:17 2022 +0200 + + fido_dev_is_winhello: return 0, not "false" + + "false" is not used anywhere in OpenSSH, so return 0 like + everywhere else. + + Signed-off-by: Corinna Vinschen + +commit 730a80609472ee0451c99482d75c9c41f3ebc42d +Author: djm@openbsd.org +Date: Fri Aug 12 05:20:28 2022 +0000 + + upstream: sftp-server: support home-directory request + + Add support to the sftp-server for the home-directory extension defined + in draft-ietf-secsh-filexfer-extensions-00. This overlaps a bit with the + existing expand-path@openssh.com, but uses a more official protocol name, + and so is a bit more likely to be implemented by non-OpenSSH clients. + + From Mike Frysinger, ok dtucker@ + + OpenBSD-Commit-ID: bfc580d05cc0c817831ae7ecbac4a481c23566ab + +commit 5e820bf79ce3ce99ef7e98b0ab642b0a0a4f396c +Author: Darren Tucker +Date: Fri Aug 12 14:56:55 2022 +1000 + + Replace deprecated ubuntu-18.04 runners with 22.04 + +commit 87b0d9c1b789d3ff958ec45df2ac912e24461bae +Author: Darren Tucker +Date: Thu Aug 11 22:48:23 2022 +1000 + + Add a timegm implementation from Heimdal via Samba. + + Fixes build on (at least Solaris 10). + +commit d0c4fa58594577994921b593f10037c5282597ca +Author: Darren Tucker +Date: Thu Aug 11 14:23:58 2022 +1000 + + Rerun tests if any .github config file changes. + +commit 113fe6c77ab43769fc61e953d07cb619fd7ea54b +Author: Darren Tucker +Date: Thu Aug 11 13:33:51 2022 +1000 + + Skip hostbased during Valgrind tests. + + Valgrind doesn't let ssh exec ssh-keysign (because it's setuid) so skip + it during the Valgrind based tests. + + See https://bugs.kde.org/show_bug.cgi?id=119404 for a discussion of this + (ironically there the problematic binary was ssh(1) back when it could + still be setuid). + +commit b98a42afb69d60891eb0488935990df6ee571c4d +Author: djm@openbsd.org +Date: Thu Aug 11 01:57:50 2022 +0000 + + upstream: add some tests for parse_absolute_time(), including cases + + where it is forced to the UTC timezone. bz3468 ok dtucker + + OpenBSD-Regress-ID: ea07ca31c2f3847a38df028ca632763ae44e8759 + +commit ec1ddb72a146fd66d18df9cd423517453a5d8044 +Author: djm@openbsd.org +Date: Thu Aug 11 01:56:51 2022 +0000 + + upstream: allow certificate validity intervals, sshsig verification + + times and authorized_keys expiry-time options to accept dates in the UTC time + zone in addition to the default of interpreting them in the system time zone. + YYYYMMDD and YYMMDDHHMM[SS] dates/times will be interpreted as UTC if + suffixed with a 'Z' character. + + Also allow certificate validity intervals to be specified in raw + seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This + is intended for use by regress tests and other tools that call + ssh-keygen as part of a CA workflow. + + bz3468 ok dtucker + + OpenBSD-Commit-ID: 454db1cdffa9fa346aea5211223a2ce0588dfe13 + +commit 4df246ec75751da7eb925e1880498300d8bda187 +Author: Darren Tucker +Date: Thu Aug 11 10:23:55 2022 +1000 + + Fix conditional for running hostbased tests. + +commit 2580916e48721802220c61ce9e0df1297c00bc07 +Author: Damien Miller +Date: Thu Aug 11 08:58:28 2022 +1000 + + fix SANDBOX_SECCOMP_FILTER_DEBUG + +commit fdbd5bf507fc271ff813714fab8a72ff2c6cb5ca +Author: Darren Tucker +Date: Wed Aug 10 17:35:52 2022 +1000 + + Test hostbased auth on github runners. + +commit 7e2f51940ba48a1c0fae1107801ea643fa83c971 +Author: Darren Tucker +Date: Wed Aug 10 17:25:24 2022 +1000 + + Rename our getentropy to prevent possible loops. + + Since arc4random seeds from getentropy, and we use OpenSSL for that + if enabled, there's the possibility that if we build on a system that + does not have getentropy then run on a system that does have it, then + OpenSSL could end up calling our getentropy and getting stuck in a loop. + Pointed out by deraadt@, ok djm@ + +commit 7a01f61be8d0aca0e975e7417f26371495fe7674 +Author: Darren Tucker +Date: Mon Aug 8 12:17:04 2022 +1000 + + Actually put HAVE_STDINT_H around the stdint.h. + +commit 73541f29f0b50480da6c20dceb7a7191bd8ea7d3 +Author: Darren Tucker +Date: Mon Aug 8 10:30:34 2022 +1000 + + Give unused param a name. + + Fixes builds on platforms that do have fido2 but don't have + fido_dev_is_winhello. + +commit 2a108c0ea960381bd9b14ee0d84e818a23df4482 +Author: djm@openbsd.org +Date: Fri Aug 5 05:01:40 2022 +0000 + + upstream: don't prompt for FIDO passphrase before attempting to enroll + + the credential, just let the enroll operating fail and we'll attempt to get a + PIN anyway. Might avoid some unneccessary PIN prompts. + + Part of GHPR#302 from Corinna Vinschen; ok dtucker@ + + OpenBSD-Commit-ID: bd5342ffc353ee37d39617906867c305564d1ce2 + +commit 2886975c0ad9244e60dc5e4be34fde3aa573a4b5 +Author: Corinna Vinschen +Date: Fri Feb 11 14:33:41 2022 +0100 + + sk_sign: set FIDO2 uv attribute explicitely for WinHello + + WinHello via libfido2 performs user verification by default. + However, if we stick to that, there's no way to differentiate + between keys created with or without "-O verify-required". + Set FIDO2 uv attribute explicitely to FIDO_OPT_FALSE, then check + if user verification has been requested. + + Signed-off-by: Corinna Vinschen + +commit 242c044ab111a37aad3b0775727c36a4c5f0102c +Author: Corinna Vinschen +Date: Tue Feb 15 11:28:08 2022 +0100 + + check_sk_options: add temporary WinHello workaround + + Up to libfido 1.10.0, WinHello advertises "clientPin" rather + than "uv" capability. This is fixed in 1.11.0. For the time + being, workaround it here. + + Signed-off-by: Corinna Vinschen + +commit 78774c08cc4b4997382975b0f414a86e06b6780c +Author: Corinna Vinschen +Date: Thu Feb 10 18:19:29 2022 +0100 + + compat code for fido_dev_is_winhello() + + Signed-off-by: Corinna Vinschen + +commit 3d3a932a019aedfb891e0779bb4990cd5008a390 +Author: Darren Tucker +Date: Fri Aug 5 13:12:27 2022 +1000 + + Factor out getrnd() and rename to getentropy(). + + Factor out the arc4random seeding into its own file and change the + interface to match getentropy. Use native getentropy if available. + This will make it easier to resync OpenBSD changes to arc4random. + Prompted by bz#3467, ok djm@. + +commit 9385d277b787403be9dfcb229cf372202496d2f3 +Author: Darren Tucker +Date: Thu Aug 4 18:55:48 2022 +1000 + + Include CHANNEL and FIDO2 libs in configure output + +commit 141535b904b6fba01724444f38193a8599201f82 +Author: djm@openbsd.org +Date: Mon Aug 1 11:09:26 2022 +0000 + + upstream: avoid double-free in error path introduced in r1.70; report + + and fix based on GHPR#332 by v-rzh ok dtucker@ + + OpenBSD-Commit-ID: 3d21aa127b1f37cfc5bdc21461db369a663a951f + +commit dba7099ffcba3ca07b3946f017ba6a4c3158d9b1 +Author: Darren Tucker +Date: Wed Jul 27 18:40:12 2022 +1000 + + Remove deprecated MacOS 10.15 runners. + +commit 722a56439aa5972c830e4a9a724cf52aff4a950a +Author: Darren Tucker +Date: Wed Jul 27 18:31:14 2022 +1000 + + Move stale-configure check as early as possible. + + We added a check in Makefile to catch the case where configure needs to + be rebuilt, however this did not happen until a build was attempted in + which case all of the work done by configure was wasted. Move this check + to the start of configure to catch it as early as possible. ok djm@ + +commit 099d6b56288b421ba38531d26dc1bd6bb685e311 +Author: Darren Tucker +Date: Fri Jul 22 10:47:19 2022 +1000 + + Move libcrypto into CHANNELLIBS. + + This will result in sftp, sftp-server and scp no longer being linked + against libcrypto. ok djm@ + +commit 1bdf86725b77733bb5f17c54888b88a10b2f6538 +Author: Darren Tucker +Date: Fri Jul 22 10:45:47 2022 +1000 + + Remove seed_rng calls from scp, sftp, sftp-server. + + These binaries don't use OpenSSL's random functions. The next step + will be to stop linking them against libcrypto. ok djm@ + +commit d73f77b8cb9b422f1ac4facee7890aa10ff2bc21 +Author: Darren Tucker +Date: Fri Jul 22 09:51:51 2022 +1000 + + Group libcrypto and PRNGD checks together. + + They're related more than the libcrypt or libiaf checks which are + currently between them. ok djm@ + +commit f117e372b3f42f2fbdb0a578d063b2609ab58e1f +Author: Darren Tucker +Date: Fri Jul 22 09:24:45 2022 +1000 + + Do not link scp, sftp and sftp-server w/ zlib. + + Some of our binaries (eg sftp, sftp-server, scp) do not interact with + the channels code and thus do use libraries such as zlib and libcrypto + although they are linked with them. This adds a CHANNELLIBS and starts + by moving zlib into it, which means the aformentioned binaries are no + longer linked against zlib. ok djm@ + +commit 800c2483e68db38bd1566ff69677124be974aceb +Author: Darren Tucker +Date: Mon Jul 25 21:49:04 2022 +1000 + + Remove workarounds for OpenSSL missing AES-CTR. + + We have some compatibility hacks that were added to support OpenSSL + versions that do not support AES CTR mode. Since that time, however, + the minimum OpenSSL version that we support has moved to 1.0.1 which + *does* have CTR, so this is no longer needed. ok djm@ + +commit b7c56b65c12f51fe0dbae798d19c8f58224a5d95 +Author: Darren Tucker +Date: Mon Jul 25 21:43:00 2022 +1000 + + Remove workarounds for OpenSSL missing AES-GCM. + + We have some compatibility hacks that were added to support OpenSSL + versions that do not support AES GCM mode. Since that time, however, + the minimum OpenSSL version that we support has moved to 1.0.1 which + *does* have GCM, so this is no longer needed. ok djm@ + +commit 5a4a9f7a968fbf92cc1eac519c65638e79ae9f1f +Author: dtucker@openbsd.org +Date: Mon Jul 25 07:12:45 2022 +0000 + + upstream: Restore missing "!" in TEST_SSH_ELAPSED_TIMES test. + + OpenBSD-Regress-ID: 38783f9676ec348c5a792caecee9a16e354b37b0 + +commit 0ff886be132299386cc29d87c2aa16ff68a1aa08 +Author: dtucker@openbsd.org +Date: Sun Jul 24 23:29:10 2022 +0000 + + upstream: Test TEST_SSH_ELAPSED_TIMES for empty string not + + executable. No-op on most platforms but should prevent warnings in -portable + on systems that don't have 'date %s'. + + OpenBSD-Regress-ID: e39d79867b8065e33d0c5926fa1a31f85659d2a4 + +commit f69319ad8ad1dd50f90bbcf5912e11cc8ed3e037 +Author: Darren Tucker +Date: Sat Jul 23 14:38:22 2022 +1000 + + Convert "have_prog" function into "which". + + "which" and its behaviour is not standardized, so convert the existing + have_prog function into "which" so we can rely on it being available + and what its semantics are. Add a have_prog wrapper that maintains the + existing behaviour. + +commit ea7ecc2c3ae39fdf5c6ad97b7bc0b47a98847f43 +Author: Darren Tucker +Date: Sat Jul 23 14:36:38 2022 +1000 + + Skip scp3 test if there's no scp on remote path. + + scp -3 ends up using the scp that's in the remote path and will fail if + one is not available. Based on a patch from rapier at psc.edu. + +commit c46f6fed419167c1671e4227459e108036c760f8 +Author: Damien Miller +Date: Wed Jul 20 13:39:14 2022 +1000 + + crank SSH_SK_VERSION_MAJOR in sk-dummy.so + +commit f208e3b9ffb5ee76cf9c95df7ff967adc7f51c7d +Author: djm@openbsd.org +Date: Wed Jul 20 03:33:22 2022 +0000 + + upstream: ssh-keygen: fix touch prompt, pin retries; + + part of GHPR329 from Pedro Martelletto + + OpenBSD-Commit-ID: 75d1005bd2ef8f29fa834c90d2684e73556fffe8 + +commit 8638a2ce7e90c8a51d9af3143404282126c524f8 +Author: djm@openbsd.org +Date: Wed Jul 20 03:31:42 2022 +0000 + + upstream: sk-usbhid: preserve error code returned by key_lookup() + + it conveys useful information, such as the supplied pin being wrong. + + Part of GHPR329 from Pedro Martelletto + + OpenBSD-Commit-ID: c0647eb9290f793add363d81378439b273756c1b + +commit 9ab929ca2d820520327b41929372bcb9e261534c +Author: djm@openbsd.org +Date: Wed Jul 20 03:29:14 2022 +0000 + + upstream: when enrolling a resident key on a security token, check + + if a credential with matching application and user ID strings already exists. + if so, prompt the user for confirmation before overwriting the credential. + + patch from Pedro Martelletto via GHPR329 + + NB. cranks SSH_SK_VERSION_MAJOR, so any third-party FIDO middleware + implementations will need to adjust + + OpenBSD-Commit-ID: e45e9f1bf2b2f32d9850669e7a8dbd64acc5fca4 + +commit 5bcfc788b38d5b64e4c347bdc04bd9a01bbc36da +Author: djm@openbsd.org +Date: Wed Jul 20 03:13:04 2022 +0000 + + upstream: pull passphrase reading and confirmation into a separate + + function so it can be used for FIDO2 PINs; no functional change + + OpenBSD-Commit-ID: bf34f76b8283cc1d3f54633e0d4f13613d87bb2f + +commit eb679e2959bdb15454eb94751930eb4c9110da94 +Author: Darren Tucker +Date: Fri Jul 15 21:31:48 2022 +1000 + + Move vmshutdown to first step. + + If a previous run on a physical runner has failed to clean up, the next + run will fail because it'll try to check out the code to a broken + directory mount. Make cleanup the first step. + +commit 46b91b70ff3cb9c147e2875ef5dc609fd64c0c96 +Author: Darren Tucker +Date: Fri Jul 15 20:25:27 2022 +1000 + + Rename bbone test target to ARM. + +commit 751d22cdeffed9fe921db78eedc32a29f9e80510 +Author: Darren Tucker +Date: Fri Jul 15 13:37:29 2022 +1000 + + Add AUDIT_ARCH_PPC to supported seccomp arches. + + Patch from dries.deschout at dodeco.eu. + +commit a061792a6e8d235fc40a9b5d4c22a1762bb75a7b +Author: Darren Tucker +Date: Thu Jul 14 19:20:24 2022 +1000 + + Remove unintended changes. + + I inadvertently included a couple of local changes with the OpenSSL + 3.0.4 change. Revert, anything that should be there will be committed + separately. + +commit 527cb43fa1b4e55df661feabbac51b8e608b6519 +Author: Darren Tucker +Date: Thu Jul 14 11:22:08 2022 +1000 + + Return ERANGE from getcwd() if buffer size is 1. + + If getcwd() is supplied a buffer size of exactly 1 and a path of "/", it + could result in a nul byte being written out of array bounds. POSIX says + it should return ERANGE if the path will not fit in the available buffer + (with terminating nul). 1 byte cannot fit any possible path with its nul, + so immediately return ERANGE in that case. + + OpenSSH never uses getcwd() with this buffer size, and all current + (and even quite old) platforms that we are currently known to work + on have a native getcwd() so this code is not used on those anyway. + Reported by Qualys, ok djm@ + +commit 36857fefd8849c4b0e877cfd9d1eb22f79b76650 +Author: Darren Tucker +Date: Thu Jul 14 10:02:35 2022 +1000 + + Split README.platform into its own line. + + README.platform has general platform-specific information, having it + following text about FIDO2 on the same line could imply that it only + has information about FIDO2. + +commit 00a496c6c14f2d41f2a9365714d494dd5f3aac9f +Author: Darren Tucker +Date: Thu Jul 14 09:56:01 2022 +1000 + + Clarify README.md text. + + Clarify the text about the implications of building without OpenSSL, and + prefix the "configure --help" example command with a "./" so it's likely + to work as-is in more shells. From bz#3461. + +commit f40b52f21fbc52eb513279168a49d3285c65256c +Author: Darren Tucker +Date: Tue Jul 12 19:48:44 2022 +1000 + + Remove special casing of crypt(). + + Configure goes to some lengths to pick crypt() from either libcrypt + or OpenSSL's libcrypto because they can more or less featureful (eg + supporting md5-style passwords). + + OpenSSL removed its crypt() interface in 2002: + https://github.com/openssl/openssl/commit/69deec58 so these hijinks + should no longer be necessary. This also only links sshd with libcrypt + which is the only thing that needs it. ok djm@ + +commit 76f4e48631d7b09fb243b47d7b393d100d3741b7 +Author: Darren Tucker +Date: Wed Jul 13 13:17:47 2022 +1000 + + Only refuse to use OpenSSL 3.0.4 on x86_64. + + The potential RCE only impacts x86_64, so only refuse to use it if we're + targetting a potentially impacted architecture. ok djm@ + +commit e75bbc1d88491fa85e61b2cc8783d4bbd00cd131 +Author: Darren Tucker +Date: Tue Jul 12 14:37:15 2022 +1000 + + Capture stderr output from configure. + +commit d9eaea4bea6271bcee6a2b9428f1271faf2d033b +Author: Darren Tucker +Date: Tue Jul 12 12:54:49 2022 +1000 + + Refuse to use OpenSSL 3.0.4 due to potential RCE. + + OpenSSL has a potential RCE in its RSA implementation (CVE-2022-2274) + so refuse to use that specific version. + +commit fb2f3a61bf3d28fff285524535f7ffcd177c9235 +Author: Darren Tucker +Date: Tue Jul 12 12:54:24 2022 +1000 + + Move unset to before we set anything. + +commit c483a5c0fb8e8b8915fad85c5f6113386a4341ca +Author: Darren Tucker +Date: Wed Jul 6 11:52:54 2022 +1000 + + Test against openssl-3.0.5. + +commit 669a56bcfe73f8b985f2bba476ba834d55253acf +Author: Darren Tucker +Date: Tue Jul 5 18:35:53 2022 +1000 + + Update sanitizer test targets: + + - remove clang-sanitize-memory for now. It takes so long that the test + times out. + - add gcc sanitize-address and sanitize-undefined test targets. + +commit 48cc68b69118b3ce8d07fd4f82e00d58667d5379 +Author: Darren Tucker +Date: Tue Jul 5 16:23:28 2022 +1000 + + Add GCC address sanitizer build/test. + +commit 55c60bdd39b82457e92efa77da8d16cfa6a49391 +Author: Darren Tucker +Date: Tue Jul 5 12:02:33 2022 +1000 + + Move sanitizer logs into regress for collection. + +commit 35ef2b3b6ef198f8574904a45780487ec2f17858 +Author: dtucker@openbsd.org +Date: Mon Jul 4 09:10:31 2022 +0000 + + upstream: Add TEST_REGRESS_CACHE_DIR. + + If set, it is used to cache regress test names that have succeeded and + skip those on a re-run. + + OpenBSD-Regress-ID: a7570dd29a58df59f2cca647c3c2ec989b49f247 + +commit 7394ed80c4de8b228a43c8956cf2fa1b9c6b2622 +Author: Darren Tucker +Date: Sun Jul 3 21:46:44 2022 +1000 + + Add clang sanitizer tests. + +commit bfce0e66b6017a9bfab450b9dc7d4b16f90de817 +Author: Darren Tucker +Date: Sun Jul 3 18:14:09 2022 +1000 + + Skip all rlimit tests when sandboxing disabled. + + The rlimit tests can hang when being run with some compiler sanitizers + so skip all of them if sandbox=no. + +commit 6208d611520f9ea94d5369f9da404b709930029d +Author: Darren Tucker +Date: Sun Jul 3 17:54:49 2022 +1000 + + Move checks for pollfd.fd and nfds_t. + + Move the checks for struct pollfd.fd and nfds_t to before the sandboxing + checks. This groups all the sandbox checks together so we can skip them + all when sandboxing is disabled. + +commit 322964f8f2e9c321e77ebae1e4d2cd0ccc5c5a0b +Author: dtucker@openbsd.org +Date: Fri Jul 1 05:08:23 2022 +0000 + + upstream: Remove leftover line. + + Remove extra line leftover from merge conflict. ok djm@ + + OpenBSD-Commit-ID: 460e2290875d7ae64971a7e669c244b1d1c0ae2e + +commit 7ec81daad0e03a64e8d91c5590960c48c1a899a3 +Author: djm@openbsd.org +Date: Fri Jul 1 04:45:50 2022 +0000 + + upstream: use consistent field names (s/char/byte) + + in format description + + OpenBSD-Commit-ID: 3de33572733ee7fcfd7db33d37db23d2280254f0 diff --git a/aclocal.m4 b/aclocal.m4 new file mode 100644 index 000000000..5a19d2784 --- /dev/null +++ b/aclocal.m4 @@ -0,0 +1,15 @@ +# generated automatically by aclocal 1.16.5 -*- Autoconf -*- + +# Copyright (C) 1996-2021 Free Software Foundation, Inc. + +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])]) +m4_include([m4/openssh.m4]) diff --git a/config.h.in b/config.h.in new file mode 100644 index 000000000..ca9f7d8c9 --- /dev/null +++ b/config.h.in @@ -0,0 +1,2051 @@ +/* config.h.in. Generated from configure.ac by autoheader. */ + +/* Define if building universal (internal helper macro) */ +#undef AC_APPLE_UNIVERSAL_BUILD + +/* Define if you have a getaddrinfo that fails for the all-zeros IPv6 address + */ +#undef AIX_GETNAMEINFO_HACK + +/* Define if your AIX loginfailed() function takes 4 arguments (AIX >= 5.2) */ +#undef AIX_LOGINFAILED_4ARG + +/* System only supports IPv4 audit records */ +#undef AU_IPv4 + +/* Define if your resolver libs need this for getrrsetbyname */ +#undef BIND_8_COMPAT + +/* The system has incomplete BSM API */ +#undef BROKEN_BSM_API + +/* broken in chroots on older kernels */ +#undef BROKEN_CLOSEFROM + +/* Define if cmsg_type is not passed correctly */ +#undef BROKEN_CMSG_TYPE + +/* getaddrinfo is broken (if present) */ +#undef BROKEN_GETADDRINFO + +/* getgroups(0,NULL) will return -1 */ +#undef BROKEN_GETGROUPS + +/* getline is not what we expect */ +#undef BROKEN_GETLINE + +/* FreeBSD glob does not do what we need */ +#undef BROKEN_GLOB + +/* Define if you system's inet_ntoa is busted (e.g. Irix gcc issue) */ +#undef BROKEN_INET_NTOA + +/* Define if your struct dirent expects you to allocate extra space for d_name + */ +#undef BROKEN_ONE_BYTE_DIRENT_D_NAME + +/* System poll(2) implementation is broken */ +#undef BROKEN_POLL + +/* Can't do comparisons on readv */ +#undef BROKEN_READV_COMPARISON + +/* NetBSD read function is sometimes redirected, breaking atomicio comparisons + against it */ +#undef BROKEN_READ_COMPARISON + +/* Needed for NeXT */ +#undef BROKEN_SAVED_UIDS + +/* Define if your setregid() is broken */ +#undef BROKEN_SETREGID + +/* Define if your setresgid() is broken */ +#undef BROKEN_SETRESGID + +/* Define if your setresuid() is broken */ +#undef BROKEN_SETRESUID + +/* Define if your setreuid() is broken */ +#undef BROKEN_SETREUID + +/* LynxOS has broken setvbuf() implementation */ +#undef BROKEN_SETVBUF + +/* QNX shadow support is broken */ +#undef BROKEN_SHADOW_EXPIRE + +/* Define if your snprintf is busted */ +#undef BROKEN_SNPRINTF + +/* strndup broken, see APAR IY61211 */ +#undef BROKEN_STRNDUP + +/* strnlen broken, see APAR IY62551 */ +#undef BROKEN_STRNLEN + +/* strnvis detected broken */ +#undef BROKEN_STRNVIS + +/* tcgetattr with ICANON may hang */ +#undef BROKEN_TCGETATTR_ICANON + +/* updwtmpx is broken (if present) */ +#undef BROKEN_UPDWTMPX + +/* Define if you have BSD auth support */ +#undef BSD_AUTH + +/* Define if you want to specify the path to your lastlog file */ +#undef CONF_LASTLOG_FILE + +/* Define if you want to specify the path to your utmp file */ +#undef CONF_UTMP_FILE + +/* Define if you want to specify the path to your wtmpx file */ +#undef CONF_WTMPX_FILE + +/* Define if you want to specify the path to your wtmp file */ +#undef CONF_WTMP_FILE + +/* Need to call setpgrp as root */ +#undef DISABLE_FD_PASSING + +/* Define if you don't want to use lastlog */ +#undef DISABLE_LASTLOG + +/* Define if you don't want to use your system's login() call */ +#undef DISABLE_LOGIN + +/* Define if you don't want to use pututline() etc. to write [uw]tmp */ +#undef DISABLE_PUTUTLINE + +/* Define if you don't want to use pututxline() etc. to write [uw]tmpx */ +#undef DISABLE_PUTUTXLINE + +/* Define if you want to disable shadow passwords */ +#undef DISABLE_SHADOW + +/* Define if you don't want to use utmp */ +#undef DISABLE_UTMP + +/* Define if you don't want to use utmpx */ +#undef DISABLE_UTMPX + +/* Define if you don't want to use wtmp */ +#undef DISABLE_WTMP + +/* Define if you don't want to use wtmpx */ +#undef DISABLE_WTMPX + +/* Enable for PKCS#11 support */ +#undef ENABLE_PKCS11 + +/* Enable for U2F/FIDO support */ +#undef ENABLE_SK + +/* Enable for built-in U2F/FIDO support */ +#undef ENABLE_SK_INTERNAL + +/* define if fflush(NULL) does not work */ +#undef FFLUSH_NULL_BUG + +/* File names may not contain backslash characters */ +#undef FILESYSTEM_NO_BACKSLASH + +/* fsid_t has member val */ +#undef FSID_HAS_VAL + +/* fsid_t has member __val */ +#undef FSID_HAS___VAL + +/* getpgrp takes one arg */ +#undef GETPGRP_VOID + +/* Conflicting defs for getspnam */ +#undef GETSPNAM_CONFLICTING_DEFS + +/* Define if your system glob() function has the GLOB_ALTDIRFUNC extension */ +#undef GLOB_HAS_ALTDIRFUNC + +/* Define if your system glob() function has gl_matchc options in glob_t */ +#undef GLOB_HAS_GL_MATCHC + +/* Define if your system glob() function has gl_statv options in glob_t */ +#undef GLOB_HAS_GL_STATV + +/* Define this if you want GSSAPI support in the version 2 protocol */ +#undef GSSAPI + +/* Define if you want to use shadow password expire field */ +#undef HAS_SHADOW_EXPIRE + +/* Define if your system uses access rights style file descriptor passing */ +#undef HAVE_ACCRIGHTS_IN_MSGHDR + +/* Define if you have ut_addr in utmp.h */ +#undef HAVE_ADDR_IN_UTMP + +/* Define if you have ut_addr in utmpx.h */ +#undef HAVE_ADDR_IN_UTMPX + +/* Define if you have ut_addr_v6 in utmp.h */ +#undef HAVE_ADDR_V6_IN_UTMP + +/* Define if you have ut_addr_v6 in utmpx.h */ +#undef HAVE_ADDR_V6_IN_UTMPX + +/* Define to 1 if you have the `arc4random' function. */ +#undef HAVE_ARC4RANDOM + +/* Define to 1 if you have the `arc4random_buf' function. */ +#undef HAVE_ARC4RANDOM_BUF + +/* Define to 1 if you have the `arc4random_stir' function. */ +#undef HAVE_ARC4RANDOM_STIR + +/* Define to 1 if you have the `arc4random_uniform' function. */ +#undef HAVE_ARC4RANDOM_UNIFORM + +/* Define to 1 if you have the `asprintf' function. */ +#undef HAVE_ASPRINTF + +/* OpenBSD's gcc has bounded */ +#undef HAVE_ATTRIBUTE__BOUNDED__ + +/* Have attribute nonnull */ +#undef HAVE_ATTRIBUTE__NONNULL__ + +/* OpenBSD's gcc has sentinel */ +#undef HAVE_ATTRIBUTE__SENTINEL__ + +/* Define to 1 if you have the `aug_get_machine' function. */ +#undef HAVE_AUG_GET_MACHINE + +/* Define to 1 if you have the `b64_ntop' function. */ +#undef HAVE_B64_NTOP + +/* Define to 1 if you have the `b64_pton' function. */ +#undef HAVE_B64_PTON + +/* Define if you have the basename function. */ +#undef HAVE_BASENAME + +/* Define to 1 if you have the `bcopy' function. */ +#undef HAVE_BCOPY + +/* Define to 1 if you have the `bcrypt_pbkdf' function. */ +#undef HAVE_BCRYPT_PBKDF + +/* Define to 1 if you have the `bindresvport_sa' function. */ +#undef HAVE_BINDRESVPORT_SA + +/* Define to 1 if you have the `blf_enc' function. */ +#undef HAVE_BLF_ENC + +/* Define to 1 if you have the header file. */ +#undef HAVE_BLF_H + +/* Define to 1 if you have the `Blowfish_expand0state' function. */ +#undef HAVE_BLOWFISH_EXPAND0STATE + +/* Define to 1 if you have the `Blowfish_expandstate' function. */ +#undef HAVE_BLOWFISH_EXPANDSTATE + +/* Define to 1 if you have the `Blowfish_initstate' function. */ +#undef HAVE_BLOWFISH_INITSTATE + +/* Define to 1 if you have the `Blowfish_stream2word' function. */ +#undef HAVE_BLOWFISH_STREAM2WORD + +/* Define to 1 if you have the `BN_is_prime_ex' function. */ +#undef HAVE_BN_IS_PRIME_EX + +/* Define to 1 if you have the header file. */ +#undef HAVE_BSD_LIBUTIL_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_BSM_AUDIT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_BSTRING_H + +/* Define to 1 if you have the `bzero' function. */ +#undef HAVE_BZERO + +/* calloc(0, x) returns NULL */ +#undef HAVE_CALLOC + +/* Define if you have caph_cache_tzdata */ +#undef HAVE_CAPH_CACHE_TZDATA + +/* Define to 1 if you have the header file. */ +#undef HAVE_CAPSICUM_HELPERS_H + +/* Define to 1 if you have the `cap_rights_limit' function. */ +#undef HAVE_CAP_RIGHTS_LIMIT + +/* Define to 1 if you have the `clock' function. */ +#undef HAVE_CLOCK + +/* Have clock_gettime */ +#undef HAVE_CLOCK_GETTIME + +/* define if you have clock_t data type */ +#undef HAVE_CLOCK_T + +/* Define to 1 if you have the `closefrom' function. */ +#undef HAVE_CLOSEFROM + +/* Define to 1 if you have the `close_range' function. */ +#undef HAVE_CLOSE_RANGE + +/* Define if gai_strerror() returns const char * */ +#undef HAVE_CONST_GAI_STRERROR_PROTO + +/* Define if your system uses ancillary data style file descriptor passing */ +#undef HAVE_CONTROL_IN_MSGHDR + +/* Define to 1 if you have the `crypt' function. */ +#undef HAVE_CRYPT + +/* Define to 1 if you have the header file. */ +#undef HAVE_CRYPTO_SHA2_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_CRYPT_H + +/* Define if you are on Cygwin */ +#undef HAVE_CYGWIN + +/* Define if your libraries define daemon() */ +#undef HAVE_DAEMON + +/* Define to 1 if you have the declaration of `AI_NUMERICSERV', and to 0 if + you don't. */ +#undef HAVE_DECL_AI_NUMERICSERV + +/* Define to 1 if you have the declaration of `authenticate', and to 0 if you + don't. */ +#undef HAVE_DECL_AUTHENTICATE + +/* Define to 1 if you have the declaration of `bzero', and to 0 if you don't. + */ +#undef HAVE_DECL_BZERO + +/* Define to 1 if you have the declaration of `ftruncate', and to 0 if you + don't. */ +#undef HAVE_DECL_FTRUNCATE + +/* Define to 1 if you have the declaration of `getentropy', and to 0 if you + don't. */ +#undef HAVE_DECL_GETENTROPY + +/* Define to 1 if you have the declaration of `getpeereid', and to 0 if you + don't. */ +#undef HAVE_DECL_GETPEEREID + +/* Define to 1 if you have the declaration of `GLOB_NOMATCH', and to 0 if you + don't. */ +#undef HAVE_DECL_GLOB_NOMATCH + +/* Define to 1 if you have the declaration of `GSS_C_NT_HOSTBASED_SERVICE', + and to 0 if you don't. */ +#undef HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE + +/* Define to 1 if you have the declaration of `howmany', and to 0 if you + don't. */ +#undef HAVE_DECL_HOWMANY + +/* Define to 1 if you have the declaration of `h_errno', and to 0 if you + don't. */ +#undef HAVE_DECL_H_ERRNO + +/* Define to 1 if you have the declaration of `loginfailed', and to 0 if you + don't. */ +#undef HAVE_DECL_LOGINFAILED + +/* Define to 1 if you have the declaration of `loginrestrictions', and to 0 if + you don't. */ +#undef HAVE_DECL_LOGINRESTRICTIONS + +/* Define to 1 if you have the declaration of `loginsuccess', and to 0 if you + don't. */ +#undef HAVE_DECL_LOGINSUCCESS + +/* Define to 1 if you have the declaration of `MAXSYMLINKS', and to 0 if you + don't. */ +#undef HAVE_DECL_MAXSYMLINKS + +/* Define to 1 if you have the declaration of `memmem', and to 0 if you don't. + */ +#undef HAVE_DECL_MEMMEM + +/* Define to 1 if you have the declaration of `NFDBITS', and to 0 if you + don't. */ +#undef HAVE_DECL_NFDBITS + +/* Define to 1 if you have the declaration of `offsetof', and to 0 if you + don't. */ +#undef HAVE_DECL_OFFSETOF + +/* Define to 1 if you have the declaration of `OPENSSL_IS_BORINGSSL', and to 0 + if you don't. */ +#undef HAVE_DECL_OPENSSL_IS_BORINGSSL + +/* Define to 1 if you have the declaration of `OPENSSL_NO_DSA', and to 0 if + you don't. */ +#undef HAVE_DECL_OPENSSL_NO_DSA + +/* Define to 1 if you have the declaration of `O_NONBLOCK', and to 0 if you + don't. */ +#undef HAVE_DECL_O_NONBLOCK + +/* Define to 1 if you have the declaration of `passwdexpired', and to 0 if you + don't. */ +#undef HAVE_DECL_PASSWDEXPIRED + +/* Define to 1 if you have the declaration of `readv', and to 0 if you don't. + */ +#undef HAVE_DECL_READV + +/* Define to 1 if you have the declaration of `setauthdb', and to 0 if you + don't. */ +#undef HAVE_DECL_SETAUTHDB + +/* Define to 1 if you have the declaration of `SHUT_RD', and to 0 if you + don't. */ +#undef HAVE_DECL_SHUT_RD + +/* Define to 1 if you have the declaration of `UINT32_MAX', and to 0 if you + don't. */ +#undef HAVE_DECL_UINT32_MAX + +/* Define to 1 if you have the declaration of `writev', and to 0 if you don't. + */ +#undef HAVE_DECL_WRITEV + +/* Define to 1 if you have the declaration of `_getlong', and to 0 if you + don't. */ +#undef HAVE_DECL__GETLONG + +/* Define to 1 if you have the declaration of `_getshort', and to 0 if you + don't. */ +#undef HAVE_DECL__GETSHORT + +/* Define to 1 if you have the `DES_crypt' function. */ +#undef HAVE_DES_CRYPT + +/* Define if you have /dev/ptmx */ +#undef HAVE_DEV_PTMX + +/* Define if you have /dev/ptc */ +#undef HAVE_DEV_PTS_AND_PTC + +/* Define to 1 if you have the header file. */ +#undef HAVE_DIRENT_H + +/* Define to 1 if you have the `dirfd' function. */ +#undef HAVE_DIRFD + +/* Define to 1 if you have the `dirname' function. */ +#undef HAVE_DIRNAME + +/* Define to 1 if you have the `dlopen' function. */ +#undef HAVE_DLOPEN + +/* Define to 1 if you have the `DSA_generate_parameters_ex' function. */ +#undef HAVE_DSA_GENERATE_PARAMETERS_EX + +/* Define to 1 if you have the `EC_KEY_METHOD_new' function. */ +#undef HAVE_EC_KEY_METHOD_NEW + +/* Define to 1 if you have the header file. */ +#undef HAVE_ELF_H + +/* Define to 1 if you have the `endgrent' function. */ +#undef HAVE_ENDGRENT + +/* Define to 1 if you have the header file. */ +#undef HAVE_ENDIAN_H + +/* Define to 1 if you have the `endutent' function. */ +#undef HAVE_ENDUTENT + +/* Define to 1 if you have the `endutxent' function. */ +#undef HAVE_ENDUTXENT + +/* Define to 1 if you have the `err' function. */ +#undef HAVE_ERR + +/* Define to 1 if you have the `errx' function. */ +#undef HAVE_ERRX + +/* Define to 1 if you have the header file. */ +#undef HAVE_ERR_H + +/* Define if your system has /etc/default/login */ +#undef HAVE_ETC_DEFAULT_LOGIN + +/* Define to 1 if you have the `EVP_chacha20' function. */ +#undef HAVE_EVP_CHACHA20 + +/* Define to 1 if you have the `EVP_CIPHER_CTX_get_iv' function. */ +#undef HAVE_EVP_CIPHER_CTX_GET_IV + +/* Define to 1 if you have the `EVP_CIPHER_CTX_get_updated_iv' function. */ +#undef HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV + +/* Define to 1 if you have the `EVP_CIPHER_CTX_iv' function. */ +#undef HAVE_EVP_CIPHER_CTX_IV + +/* Define to 1 if you have the `EVP_CIPHER_CTX_iv_noconst' function. */ +#undef HAVE_EVP_CIPHER_CTX_IV_NOCONST + +/* Define to 1 if you have the `EVP_CIPHER_CTX_set_iv' function. */ +#undef HAVE_EVP_CIPHER_CTX_SET_IV + +/* Define to 1 if you have the `EVP_DigestFinal_ex' function. */ +#undef HAVE_EVP_DIGESTFINAL_EX + +/* Define to 1 if you have the `EVP_DigestInit_ex' function. */ +#undef HAVE_EVP_DIGESTINIT_EX + +/* Define to 1 if you have the `EVP_MD_CTX_cleanup' function. */ +#undef HAVE_EVP_MD_CTX_CLEANUP + +/* Define to 1 if you have the `EVP_MD_CTX_copy_ex' function. */ +#undef HAVE_EVP_MD_CTX_COPY_EX + +/* Define to 1 if you have the `EVP_MD_CTX_init' function. */ +#undef HAVE_EVP_MD_CTX_INIT + +/* Define to 1 if you have the `EVP_PKEY_get_raw_private_key' function. */ +#undef HAVE_EVP_PKEY_GET_RAW_PRIVATE_KEY + +/* Define to 1 if you have the `EVP_PKEY_get_raw_public_key' function. */ +#undef HAVE_EVP_PKEY_GET_RAW_PUBLIC_KEY + +/* Define to 1 if you have the `EVP_sha256' function. */ +#undef HAVE_EVP_SHA256 + +/* Define to 1 if you have the `EVP_sha384' function. */ +#undef HAVE_EVP_SHA384 + +/* Define to 1 if you have the `EVP_sha512' function. */ +#undef HAVE_EVP_SHA512 + +/* Define if you have ut_exit in utmp.h */ +#undef HAVE_EXIT_IN_UTMP + +/* Define to 1 if you have the `explicit_bzero' function. */ +#undef HAVE_EXPLICIT_BZERO + +/* Define to 1 if you have the `explicit_memset' function. */ +#undef HAVE_EXPLICIT_MEMSET + +/* Define to 1 if you have the `fchmod' function. */ +#undef HAVE_FCHMOD + +/* Define to 1 if you have the `fchmodat' function. */ +#undef HAVE_FCHMODAT + +/* Define to 1 if you have the `fchown' function. */ +#undef HAVE_FCHOWN + +/* Define to 1 if you have the `fchownat' function. */ +#undef HAVE_FCHOWNAT + +/* Use F_CLOSEM fcntl for closefrom */ +#undef HAVE_FCNTL_CLOSEM + +/* Define to 1 if you have the header file. */ +#undef HAVE_FCNTL_H + +/* Define to 1 if the system has the type `fd_mask'. */ +#undef HAVE_FD_MASK + +/* Define to 1 if you have the header file. */ +#undef HAVE_FEATURES_H + +/* Define to 1 if you have the `fido_assert_set_clientdata' function. */ +#undef HAVE_FIDO_ASSERT_SET_CLIENTDATA + +/* Define to 1 if you have the `fido_cred_prot' function. */ +#undef HAVE_FIDO_CRED_PROT + +/* Define to 1 if you have the `fido_cred_set_clientdata' function. */ +#undef HAVE_FIDO_CRED_SET_CLIENTDATA + +/* Define to 1 if you have the `fido_cred_set_prot' function. */ +#undef HAVE_FIDO_CRED_SET_PROT + +/* Define to 1 if you have the `fido_dev_get_touch_begin' function. */ +#undef HAVE_FIDO_DEV_GET_TOUCH_BEGIN + +/* Define to 1 if you have the `fido_dev_get_touch_status' function. */ +#undef HAVE_FIDO_DEV_GET_TOUCH_STATUS + +/* Define to 1 if you have the `fido_dev_is_winhello' function. */ +#undef HAVE_FIDO_DEV_IS_WINHELLO + +/* Define to 1 if you have the `fido_dev_supports_cred_prot' function. */ +#undef HAVE_FIDO_DEV_SUPPORTS_CRED_PROT + +/* Define to 1 if you have the header file. */ +#undef HAVE_FLOATINGPOINT_H + +/* Define to 1 if you have the `flock' function. */ +#undef HAVE_FLOCK + +/* Define to 1 if you have the `fmt_scaled' function. */ +#undef HAVE_FMT_SCALED + +/* Define to 1 if you have the `fnmatch' function. */ +#undef HAVE_FNMATCH + +/* Define to 1 if you have the header file. */ +#undef HAVE_FNMATCH_H + +/* Define to 1 if you have the `freeaddrinfo' function. */ +#undef HAVE_FREEADDRINFO + +/* Define to 1 if you have the `freezero' function. */ +#undef HAVE_FREEZERO + +/* Define to 1 if the system has the type `fsblkcnt_t'. */ +#undef HAVE_FSBLKCNT_T + +/* Define to 1 if the system has the type `fsfilcnt_t'. */ +#undef HAVE_FSFILCNT_T + +/* Define to 1 if you have the `fstatfs' function. */ +#undef HAVE_FSTATFS + +/* Define to 1 if you have the `fstatvfs' function. */ +#undef HAVE_FSTATVFS + +/* Define to 1 if you have the `futimes' function. */ +#undef HAVE_FUTIMES + +/* Define to 1 if you have the `gai_strerror' function. */ +#undef HAVE_GAI_STRERROR + +/* Define to 1 if you have the `getaddrinfo' function. */ +#undef HAVE_GETADDRINFO + +/* Define to 1 if you have the `getaudit' function. */ +#undef HAVE_GETAUDIT + +/* Define to 1 if you have the `getaudit_addr' function. */ +#undef HAVE_GETAUDIT_ADDR + +/* Define to 1 if you have the `getcwd' function. */ +#undef HAVE_GETCWD + +/* Define to 1 if you have the `getentropy' function. */ +#undef HAVE_GETENTROPY + +/* Define to 1 if you have the `getgrouplist' function. */ +#undef HAVE_GETGROUPLIST + +/* Define to 1 if you have the `getgrset' function. */ +#undef HAVE_GETGRSET + +/* Define to 1 if you have the `getlastlogxbyname' function. */ +#undef HAVE_GETLASTLOGXBYNAME + +/* Define to 1 if you have the `getline' function. */ +#undef HAVE_GETLINE + +/* Define to 1 if you have the `getluid' function. */ +#undef HAVE_GETLUID + +/* Define to 1 if you have the `getnameinfo' function. */ +#undef HAVE_GETNAMEINFO + +/* Define to 1 if you have the `getopt' function. */ +#undef HAVE_GETOPT + +/* Define to 1 if you have the header file. */ +#undef HAVE_GETOPT_H + +/* Define if your getopt(3) defines and uses optreset */ +#undef HAVE_GETOPT_OPTRESET + +/* Define if your libraries define getpagesize() */ +#undef HAVE_GETPAGESIZE + +/* Define to 1 if you have the `getpeereid' function. */ +#undef HAVE_GETPEEREID + +/* Define to 1 if you have the `getpeerucred' function. */ +#undef HAVE_GETPEERUCRED + +/* Define to 1 if you have the `getpgid' function. */ +#undef HAVE_GETPGID + +/* Define to 1 if you have the `getpgrp' function. */ +#undef HAVE_GETPGRP + +/* Define to 1 if you have the `getpwanam' function. */ +#undef HAVE_GETPWANAM + +/* Define to 1 if you have the `getrandom' function. */ +#undef HAVE_GETRANDOM + +/* Define to 1 if you have the `getrlimit' function. */ +#undef HAVE_GETRLIMIT + +/* Define if getrrsetbyname() exists */ +#undef HAVE_GETRRSETBYNAME + +/* Define to 1 if you have the `getseuserbyname' function. */ +#undef HAVE_GETSEUSERBYNAME + +/* Define to 1 if you have the `getsid' function. */ +#undef HAVE_GETSID + +/* Define to 1 if you have the `gettimeofday' function. */ +#undef HAVE_GETTIMEOFDAY + +/* Define to 1 if you have the `getttyent' function. */ +#undef HAVE_GETTTYENT + +/* Define to 1 if you have the `getutent' function. */ +#undef HAVE_GETUTENT + +/* Define to 1 if you have the `getutid' function. */ +#undef HAVE_GETUTID + +/* Define to 1 if you have the `getutline' function. */ +#undef HAVE_GETUTLINE + +/* Define to 1 if you have the `getutxent' function. */ +#undef HAVE_GETUTXENT + +/* Define to 1 if you have the `getutxid' function. */ +#undef HAVE_GETUTXID + +/* Define to 1 if you have the `getutxline' function. */ +#undef HAVE_GETUTXLINE + +/* Define to 1 if you have the `getutxuser' function. */ +#undef HAVE_GETUTXUSER + +/* Define to 1 if you have the `get_default_context_with_level' function. */ +#undef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL + +/* Define to 1 if you have the `glob' function. */ +#undef HAVE_GLOB + +/* Define to 1 if you have the header file. */ +#undef HAVE_GLOB_H + +/* Define to 1 if you have the `group_from_gid' function. */ +#undef HAVE_GROUP_FROM_GID + +/* Define to 1 if you have the header file. */ +#undef HAVE_GSSAPI_GENERIC_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_GSSAPI_GSSAPI_GENERIC_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_GSSAPI_GSSAPI_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_GSSAPI_GSSAPI_KRB5_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_GSSAPI_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_GSSAPI_KRB5_H + +/* Define if HEADER.ad exists in arpa/nameser.h */ +#undef HAVE_HEADER_AD + +/* Define to 1 if you have the `HMAC_CTX_init' function. */ +#undef HAVE_HMAC_CTX_INIT + +/* Define if you have ut_host in utmp.h */ +#undef HAVE_HOST_IN_UTMP + +/* Define if you have ut_host in utmpx.h */ +#undef HAVE_HOST_IN_UTMPX + +/* Define to 1 if you have the header file. */ +#undef HAVE_IAF_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_IA_H + +/* Define if you have ut_id in utmp.h */ +#undef HAVE_ID_IN_UTMP + +/* Define if you have ut_id in utmpx.h */ +#undef HAVE_ID_IN_UTMPX + +/* Define to 1 if you have the header file. */ +#undef HAVE_IFADDRS_H + +/* Define to 1 if you have the `inet_aton' function. */ +#undef HAVE_INET_ATON + +/* Define to 1 if you have the `inet_ntoa' function. */ +#undef HAVE_INET_NTOA + +/* Define to 1 if you have the `inet_ntop' function. */ +#undef HAVE_INET_NTOP + +/* Define to 1 if you have the `innetgr' function. */ +#undef HAVE_INNETGR + +/* define if you have int64_t data type */ +#undef HAVE_INT64_T + +/* Define to 1 if the system has the type `intmax_t'. */ +#undef HAVE_INTMAX_T + +/* Define to 1 if you have the header file. */ +#undef HAVE_INTTYPES_H + +/* define if you have intxx_t data type */ +#undef HAVE_INTXX_T + +/* Define to 1 if the system has the type `in_addr_t'. */ +#undef HAVE_IN_ADDR_T + +/* Define to 1 if the system has the type `in_port_t'. */ +#undef HAVE_IN_PORT_T + +/* Define if you have isblank(3C). */ +#undef HAVE_ISBLANK + +/* Define to 1 if you have the `killpg' function. */ +#undef HAVE_KILLPG + +/* Define to 1 if you have the `krb5_cc_new_unique' function. */ +#undef HAVE_KRB5_CC_NEW_UNIQUE + +/* Define to 1 if you have the `krb5_free_error_message' function. */ +#undef HAVE_KRB5_FREE_ERROR_MESSAGE + +/* Define to 1 if you have the `krb5_get_error_message' function. */ +#undef HAVE_KRB5_GET_ERROR_MESSAGE + +/* Define to 1 if you have the header file. */ +#undef HAVE_LANGINFO_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_LASTLOG_H + +/* Define if you want ldns support */ +#undef HAVE_LDNS + +/* Define to 1 if you have the header file. */ +#undef HAVE_LIBAUDIT_H + +/* Define to 1 if you have the `bsm' library (-lbsm). */ +#undef HAVE_LIBBSM + +/* Define to 1 if you have the `dl' library (-ldl). */ +#undef HAVE_LIBDL + +/* Define to 1 if you have the header file. */ +#undef HAVE_LIBGEN_H + +/* Define if system has libiaf that supports set_id */ +#undef HAVE_LIBIAF + +/* Define to 1 if you have the `network' library (-lnetwork). */ +#undef HAVE_LIBNETWORK + +/* Define to 1 if you have the `pam' library (-lpam). */ +#undef HAVE_LIBPAM + +/* Define to 1 if you have the header file. */ +#undef HAVE_LIBPROC_H + +/* Define to 1 if you have the `socket' library (-lsocket). */ +#undef HAVE_LIBSOCKET + +/* Define to 1 if you have the header file. */ +#undef HAVE_LIBUTIL_H + +/* Define to 1 if you have the `xnet' library (-lxnet). */ +#undef HAVE_LIBXNET + +/* Define to 1 if you have the `z' library (-lz). */ +#undef HAVE_LIBZ + +/* Define to 1 if you have the header file. */ +#undef HAVE_LIMITS_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_LINUX_AUDIT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_LINUX_FILTER_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_LINUX_IF_TUN_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_LINUX_SECCOMP_H + +/* Define to 1 if you have the `llabs' function. */ +#undef HAVE_LLABS + +/* Define to 1 if you have the header file. */ +#undef HAVE_LOCALE_H + +/* Define to 1 if you have the `localtime_r' function. */ +#undef HAVE_LOCALTIME_R + +/* Define to 1 if you have the `login' function. */ +#undef HAVE_LOGIN + +/* Define to 1 if you have the header file. */ +#undef HAVE_LOGIN_CAP_H + +/* Define to 1 if you have the `login_getcapbool' function. */ +#undef HAVE_LOGIN_GETCAPBOOL + +/* Define to 1 if you have the `login_getpwclass' function. */ +#undef HAVE_LOGIN_GETPWCLASS + +/* Define to 1 if you have the header file. */ +#undef HAVE_LOGIN_H + +/* Define to 1 if you have the `logout' function. */ +#undef HAVE_LOGOUT + +/* Define to 1 if you have the `logwtmp' function. */ +#undef HAVE_LOGWTMP + +/* Define to 1 if the system has the type `long double'. */ +#undef HAVE_LONG_DOUBLE + +/* Define to 1 if the system has the type `long long'. */ +#undef HAVE_LONG_LONG + +/* Define to 1 if you have the header file. */ +#undef HAVE_MAILLOCK_H + +/* Define to 1 if your system has a GNU libc compatible `malloc' function, and + to 0 otherwise. */ +#undef HAVE_MALLOC + +/* Define to 1 if you have the `mblen' function. */ +#undef HAVE_MBLEN + +/* Define to 1 if you have the `mbtowc' function. */ +#undef HAVE_MBTOWC + +/* Define to 1 if you have the `memmem' function. */ +#undef HAVE_MEMMEM + +/* Define to 1 if you have the `memmove' function. */ +#undef HAVE_MEMMOVE + +/* Define to 1 if you have the `memset_s' function. */ +#undef HAVE_MEMSET_S + +/* Define to 1 if you have the `mkdtemp' function. */ +#undef HAVE_MKDTEMP + +/* define if you have mode_t data type */ +#undef HAVE_MODE_T + +/* Some systems put nanosleep outside of libc */ +#undef HAVE_NANOSLEEP + +/* Define to 1 if you have the header file. */ +#undef HAVE_NDIR_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_NETDB_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_NETGROUP_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_NET_IF_TUN_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_NET_ROUTE_H + +/* Define if you are on NeXT */ +#undef HAVE_NEXT + +/* Define to 1 if the system has the type `nfds_t'. */ +#undef HAVE_NFDS_T + +/* Define to 1 if you have the `ngetaddrinfo' function. */ +#undef HAVE_NGETADDRINFO + +/* Define to 1 if you have the `nl_langinfo' function. */ +#undef HAVE_NL_LANGINFO + +/* Define to 1 if you have the `nsleep' function. */ +#undef HAVE_NSLEEP + +/* Define to 1 if you have the `ogetaddrinfo' function. */ +#undef HAVE_OGETADDRINFO + +/* Define if you have an old version of PAM which takes only one argument to + pam_strerror */ +#undef HAVE_OLD_PAM + +/* Define to 1 if you have the `openlog_r' function. */ +#undef HAVE_OPENLOG_R + +/* Define to 1 if you have the `openpty' function. */ +#undef HAVE_OPENPTY + +/* as a macro */ +#undef HAVE_OPENSSL_ADD_ALL_ALGORITHMS + +/* Define to 1 if you have the `OpenSSL_version' function. */ +#undef HAVE_OPENSSL_VERSION + +/* Define to 1 if you have the `OpenSSL_version_num' function. */ +#undef HAVE_OPENSSL_VERSION_NUM + +/* Define if you have Digital Unix Security Integration Architecture */ +#undef HAVE_OSF_SIA + +/* Define to 1 if you have the `pam_getenvlist' function. */ +#undef HAVE_PAM_GETENVLIST + +/* Define to 1 if you have the header file. */ +#undef HAVE_PAM_PAM_APPL_H + +/* Define to 1 if you have the `pam_putenv' function. */ +#undef HAVE_PAM_PUTENV + +/* Define to 1 if you have the header file. */ +#undef HAVE_PATHS_H + +/* Define if you have ut_pid in utmp.h */ +#undef HAVE_PID_IN_UTMP + +/* define if you have pid_t data type */ +#undef HAVE_PID_T + +/* Define to 1 if you have the `pledge' function. */ +#undef HAVE_PLEDGE + +/* Define to 1 if you have the `poll' function. */ +#undef HAVE_POLL + +/* Define to 1 if you have the header file. */ +#undef HAVE_POLL_H + +/* Define to 1 if you have the `ppoll' function. */ +#undef HAVE_PPOLL + +/* Define to 1 if you have the `prctl' function. */ +#undef HAVE_PRCTL + +/* Define to 1 if you have the `priv_basicset' function. */ +#undef HAVE_PRIV_BASICSET + +/* Define to 1 if you have the header file. */ +#undef HAVE_PRIV_H + +/* Define to 1 if you have the `procctl' function. */ +#undef HAVE_PROCCTL + +/* Define if you have /proc/$pid/fd */ +#undef HAVE_PROC_PID + +/* Define to 1 if you have the `proc_pidinfo' function. */ +#undef HAVE_PROC_PIDINFO + +/* Define to 1 if you have the `pselect' function. */ +#undef HAVE_PSELECT + +/* Define to 1 if you have the `pstat' function. */ +#undef HAVE_PSTAT + +/* Define to 1 if you have the header file. */ +#undef HAVE_PTY_H + +/* Define to 1 if you have the `pututline' function. */ +#undef HAVE_PUTUTLINE + +/* Define to 1 if you have the `pututxline' function. */ +#undef HAVE_PUTUTXLINE + +/* Define to 1 if you have the `raise' function. */ +#undef HAVE_RAISE + +/* Define to 1 if you have the `readpassphrase' function. */ +#undef HAVE_READPASSPHRASE + +/* Define to 1 if you have the header file. */ +#undef HAVE_READPASSPHRASE_H + +/* Define to 1 if your system has a GNU libc compatible `realloc' function, + and to 0 otherwise. */ +#undef HAVE_REALLOC + +/* Define to 1 if you have the `reallocarray' function. */ +#undef HAVE_REALLOCARRAY + +/* Define to 1 if you have the `realpath' function. */ +#undef HAVE_REALPATH + +/* Define to 1 if you have the `recallocarray' function. */ +#undef HAVE_RECALLOCARRAY + +/* Define to 1 if you have the `recvmsg' function. */ +#undef HAVE_RECVMSG + +/* sys/resource.h has RLIMIT_NPROC */ +#undef HAVE_RLIMIT_NPROC + +/* Define to 1 if you have the header file. */ +#undef HAVE_RPC_TYPES_H + +/* Define to 1 if you have the `rresvport_af' function. */ +#undef HAVE_RRESVPORT_AF + +/* Define to 1 if you have the `RSA_generate_key_ex' function. */ +#undef HAVE_RSA_GENERATE_KEY_EX + +/* Define to 1 if you have the `RSA_get_default_method' function. */ +#undef HAVE_RSA_GET_DEFAULT_METHOD + +/* Define to 1 if you have the header file. */ +#undef HAVE_SANDBOX_H + +/* Define to 1 if you have the `sandbox_init' function. */ +#undef HAVE_SANDBOX_INIT + +/* define if you have sa_family_t data type */ +#undef HAVE_SA_FAMILY_T + +/* Define to 1 if you have the `scan_scaled' function. */ +#undef HAVE_SCAN_SCALED + +/* Define if you have SecureWare-based protected password database */ +#undef HAVE_SECUREWARE + +/* Define to 1 if you have the header file. */ +#undef HAVE_SECURITY_PAM_APPL_H + +/* Define to 1 if you have the `sendmsg' function. */ +#undef HAVE_SENDMSG + +/* Define to 1 if you have the `setauthdb' function. */ +#undef HAVE_SETAUTHDB + +/* Define to 1 if you have the `setdtablesize' function. */ +#undef HAVE_SETDTABLESIZE + +/* Define to 1 if you have the `setegid' function. */ +#undef HAVE_SETEGID + +/* Define to 1 if you have the `setenv' function. */ +#undef HAVE_SETENV + +/* Define to 1 if you have the `seteuid' function. */ +#undef HAVE_SETEUID + +/* Define to 1 if you have the `setgroupent' function. */ +#undef HAVE_SETGROUPENT + +/* Define to 1 if you have the `setgroups' function. */ +#undef HAVE_SETGROUPS + +/* Define to 1 if you have the `setlinebuf' function. */ +#undef HAVE_SETLINEBUF + +/* Define to 1 if you have the `setlogin' function. */ +#undef HAVE_SETLOGIN + +/* Define to 1 if you have the `setluid' function. */ +#undef HAVE_SETLUID + +/* Define to 1 if you have the `setpassent' function. */ +#undef HAVE_SETPASSENT + +/* Define to 1 if you have the `setpcred' function. */ +#undef HAVE_SETPCRED + +/* Define to 1 if you have the `setpflags' function. */ +#undef HAVE_SETPFLAGS + +/* Define to 1 if you have the `setppriv' function. */ +#undef HAVE_SETPPRIV + +/* Define to 1 if you have the `setproctitle' function. */ +#undef HAVE_SETPROCTITLE + +/* Define to 1 if you have the `setregid' function. */ +#undef HAVE_SETREGID + +/* Define to 1 if you have the `setresgid' function. */ +#undef HAVE_SETRESGID + +/* Define to 1 if you have the `setresuid' function. */ +#undef HAVE_SETRESUID + +/* Define to 1 if you have the `setreuid' function. */ +#undef HAVE_SETREUID + +/* Define to 1 if you have the `setrlimit' function. */ +#undef HAVE_SETRLIMIT + +/* Define to 1 if you have the `setsid' function. */ +#undef HAVE_SETSID + +/* Define to 1 if you have the `setutent' function. */ +#undef HAVE_SETUTENT + +/* Define to 1 if you have the `setutxdb' function. */ +#undef HAVE_SETUTXDB + +/* Define to 1 if you have the `setutxent' function. */ +#undef HAVE_SETUTXENT + +/* Define to 1 if you have the `setvbuf' function. */ +#undef HAVE_SETVBUF + +/* Define to 1 if you have the `set_id' function. */ +#undef HAVE_SET_ID + +/* Define to 1 if you have the `SHA256Update' function. */ +#undef HAVE_SHA256UPDATE + +/* Define to 1 if you have the header file. */ +#undef HAVE_SHA2_H + +/* Define to 1 if you have the `SHA384Update' function. */ +#undef HAVE_SHA384UPDATE + +/* Define to 1 if you have the `SHA512Update' function. */ +#undef HAVE_SHA512UPDATE + +/* Define to 1 if you have the header file. */ +#undef HAVE_SHADOW_H + +/* Define to 1 if you have the `sigaction' function. */ +#undef HAVE_SIGACTION + +/* Define to 1 if the system has the type `sighandler_t'. */ +#undef HAVE_SIGHANDLER_T + +/* Define to 1 if you have the `sigvec' function. */ +#undef HAVE_SIGVEC + +/* Define to 1 if the system has the type `sig_atomic_t'. */ +#undef HAVE_SIG_ATOMIC_T + +/* define if you have size_t data type */ +#undef HAVE_SIZE_T + +/* Define to 1 if you have the `snprintf' function. */ +#undef HAVE_SNPRINTF + +/* Define to 1 if you have the `socketpair' function. */ +#undef HAVE_SOCKETPAIR + +/* Have PEERCRED socket option */ +#undef HAVE_SO_PEERCRED + +/* define if you have ssize_t data type */ +#undef HAVE_SSIZE_T + +/* Fields in struct sockaddr_storage */ +#undef HAVE_SS_FAMILY_IN_SS + +/* Define if you have ut_ss in utmpx.h */ +#undef HAVE_SS_IN_UTMPX + +/* Define to 1 if you have the `statfs' function. */ +#undef HAVE_STATFS + +/* Define to 1 if you have the `statvfs' function. */ +#undef HAVE_STATVFS + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDDEF_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDINT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDIO_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDLIB_H + +/* Define to 1 if you have the `strcasestr' function. */ +#undef HAVE_STRCASESTR + +/* Define to 1 if you have the `strdup' function. */ +#undef HAVE_STRDUP + +/* Define to 1 if you have the `strerror' function. */ +#undef HAVE_STRERROR + +/* Define to 1 if you have the `strftime' function. */ +#undef HAVE_STRFTIME + +/* Define to 1 if you have the header file. */ +#undef HAVE_STRINGS_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STRING_H + +/* Define to 1 if you have the `strlcat' function. */ +#undef HAVE_STRLCAT + +/* Define to 1 if you have the `strlcpy' function. */ +#undef HAVE_STRLCPY + +/* Define to 1 if you have the `strmode' function. */ +#undef HAVE_STRMODE + +/* Define to 1 if you have the `strndup' function. */ +#undef HAVE_STRNDUP + +/* Define to 1 if you have the `strnlen' function. */ +#undef HAVE_STRNLEN + +/* Define to 1 if you have the `strnvis' function. */ +#undef HAVE_STRNVIS + +/* Define to 1 if you have the `strptime' function. */ +#undef HAVE_STRPTIME + +/* Define to 1 if you have the `strsep' function. */ +#undef HAVE_STRSEP + +/* Define to 1 if you have the `strsignal' function. */ +#undef HAVE_STRSIGNAL + +/* Define to 1 if you have the `strtoll' function. */ +#undef HAVE_STRTOLL + +/* Define to 1 if you have the `strtonum' function. */ +#undef HAVE_STRTONUM + +/* Define to 1 if you have the `strtoul' function. */ +#undef HAVE_STRTOUL + +/* Define to 1 if you have the `strtoull' function. */ +#undef HAVE_STRTOULL + +/* define if you have struct addrinfo data type */ +#undef HAVE_STRUCT_ADDRINFO + +/* define if you have struct in6_addr data type */ +#undef HAVE_STRUCT_IN6_ADDR + +/* Define to 1 if `pw_change' is a member of `struct passwd'. */ +#undef HAVE_STRUCT_PASSWD_PW_CHANGE + +/* Define to 1 if `pw_class' is a member of `struct passwd'. */ +#undef HAVE_STRUCT_PASSWD_PW_CLASS + +/* Define to 1 if `pw_expire' is a member of `struct passwd'. */ +#undef HAVE_STRUCT_PASSWD_PW_EXPIRE + +/* Define to 1 if `pw_gecos' is a member of `struct passwd'. */ +#undef HAVE_STRUCT_PASSWD_PW_GECOS + +/* Define to 1 if `fd' is a member of `struct pollfd'. */ +#undef HAVE_STRUCT_POLLFD_FD + +/* define if you have struct sockaddr_in6 data type */ +#undef HAVE_STRUCT_SOCKADDR_IN6 + +/* Define to 1 if `sin6_scope_id' is a member of `struct sockaddr_in6'. */ +#undef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID + +/* define if you have struct sockaddr_storage data type */ +#undef HAVE_STRUCT_SOCKADDR_STORAGE + +/* Define to 1 if `f_files' is a member of `struct statfs'. */ +#undef HAVE_STRUCT_STATFS_F_FILES + +/* Define to 1 if `f_flags' is a member of `struct statfs'. */ +#undef HAVE_STRUCT_STATFS_F_FLAGS + +/* Define to 1 if `st_blksize' is a member of `struct stat'. */ +#undef HAVE_STRUCT_STAT_ST_BLKSIZE + +/* Define to 1 if `st_mtim' is a member of `struct stat'. */ +#undef HAVE_STRUCT_STAT_ST_MTIM + +/* Define to 1 if `st_mtime' is a member of `struct stat'. */ +#undef HAVE_STRUCT_STAT_ST_MTIME + +/* define if you have struct timespec */ +#undef HAVE_STRUCT_TIMESPEC + +/* define if you have struct timeval */ +#undef HAVE_STRUCT_TIMEVAL + +/* Define to 1 if you have the `swap32' function. */ +#undef HAVE_SWAP32 + +/* Define to 1 if you have the `sysconf' function. */ +#undef HAVE_SYSCONF + +/* Define if you have syslen in utmpx.h */ +#undef HAVE_SYSLEN_IN_UTMPX + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_AUDIT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_BITYPES_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_BSDTTY_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_BYTEORDER_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_CAPSICUM_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_CDEFS_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_DIR_H + +/* Define if your system defines sys_errlist[] */ +#undef HAVE_SYS_ERRLIST + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_FILE_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_LABEL_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_MMAN_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_MOUNT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_NDIR_H + +/* Define if your system defines sys_nerr */ +#undef HAVE_SYS_NERR + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_PARAM_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_POLL_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_PRCTL_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_PROCCTL_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_PSTAT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_PTMS_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_PTRACE_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_RANDOM_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_SELECT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_STATVFS_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_STAT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_STREAM_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_STROPTS_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_STRTIO_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_SYSCTL_H + +/* Force use of sys/syslog.h on Ultrix */ +#undef HAVE_SYS_SYSLOG_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_SYSMACROS_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_TIMERS_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_TIME_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_TYPES_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_UN_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_VFS_H + +/* Define to 1 if you have the `tcgetpgrp' function. */ +#undef HAVE_TCGETPGRP + +/* Define to 1 if you have the `tcsendbreak' function. */ +#undef HAVE_TCSENDBREAK + +/* Define to 1 if you have the `time' function. */ +#undef HAVE_TIME + +/* Define to 1 if you have the `timegm' function. */ +#undef HAVE_TIMEGM + +/* Define to 1 if you have the header file. */ +#undef HAVE_TIME_H + +/* Define if you have ut_time in utmp.h */ +#undef HAVE_TIME_IN_UTMP + +/* Define if you have ut_time in utmpx.h */ +#undef HAVE_TIME_IN_UTMPX + +/* Define to 1 if you have the `timingsafe_bcmp' function. */ +#undef HAVE_TIMINGSAFE_BCMP + +/* Define to 1 if you have the header file. */ +#undef HAVE_TMPDIR_H + +/* Define to 1 if you have the `truncate' function. */ +#undef HAVE_TRUNCATE + +/* Define to 1 if you have the header file. */ +#undef HAVE_TTYENT_H + +/* Define if you have ut_tv in utmp.h */ +#undef HAVE_TV_IN_UTMP + +/* Define if you have ut_tv in utmpx.h */ +#undef HAVE_TV_IN_UTMPX + +/* Define if you have ut_type in utmp.h */ +#undef HAVE_TYPE_IN_UTMP + +/* Define if you have ut_type in utmpx.h */ +#undef HAVE_TYPE_IN_UTMPX + +/* Define to 1 if you have the header file. */ +#undef HAVE_UCRED_H + +/* Define to 1 if the system has the type `uintmax_t'. */ +#undef HAVE_UINTMAX_T + +/* define if you have uintxx_t data type */ +#undef HAVE_UINTXX_T + +/* Define to 1 if you have the header file. */ +#undef HAVE_UNISTD_H + +/* Define to 1 if you have the `unsetenv' function. */ +#undef HAVE_UNSETENV + +/* Define to 1 if the system has the type `unsigned long long'. */ +#undef HAVE_UNSIGNED_LONG_LONG + +/* Define to 1 if you have the `updwtmp' function. */ +#undef HAVE_UPDWTMP + +/* Define to 1 if you have the `updwtmpx' function. */ +#undef HAVE_UPDWTMPX + +/* Define to 1 if you have the header file. */ +#undef HAVE_USERSEC_H + +/* Define to 1 if you have the `user_from_uid' function. */ +#undef HAVE_USER_FROM_UID + +/* Define to 1 if you have the `usleep' function. */ +#undef HAVE_USLEEP + +/* Define to 1 if you have the header file. */ +#undef HAVE_UTIL_H + +/* Define to 1 if you have the `utimensat' function. */ +#undef HAVE_UTIMENSAT + +/* Define to 1 if you have the `utimes' function. */ +#undef HAVE_UTIMES + +/* Define to 1 if you have the header file. */ +#undef HAVE_UTIME_H + +/* Define to 1 if you have the `utmpname' function. */ +#undef HAVE_UTMPNAME + +/* Define to 1 if you have the `utmpxname' function. */ +#undef HAVE_UTMPXNAME + +/* Define to 1 if you have the header file. */ +#undef HAVE_UTMPX_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_UTMP_H + +/* define if you have u_char data type */ +#undef HAVE_U_CHAR + +/* define if you have u_int data type */ +#undef HAVE_U_INT + +/* define if you have u_int64_t data type */ +#undef HAVE_U_INT64_T + +/* define if you have u_intxx_t data type */ +#undef HAVE_U_INTXX_T + +/* Define to 1 if you have the `vasprintf' function. */ +#undef HAVE_VASPRINTF + +/* Define if va_copy exists */ +#undef HAVE_VA_COPY + +/* Define to 1 if you have the header file. */ +#undef HAVE_VIS_H + +/* Define to 1 if you have the `vsnprintf' function. */ +#undef HAVE_VSNPRINTF + +/* Define to 1 if you have the `waitpid' function. */ +#undef HAVE_WAITPID + +/* Define to 1 if you have the `warn' function. */ +#undef HAVE_WARN + +/* Define to 1 if you have the header file. */ +#undef HAVE_WCHAR_H + +/* Define to 1 if you have the `wcwidth' function. */ +#undef HAVE_WCWIDTH + +/* Define to 1 if you have the `_getlong' function. */ +#undef HAVE__GETLONG + +/* Define to 1 if you have the `_getpty' function. */ +#undef HAVE__GETPTY + +/* Define to 1 if you have the `_getshort' function. */ +#undef HAVE__GETSHORT + +/* Define if you have struct __res_state _res as an extern */ +#undef HAVE__RES_EXTERN + +/* Define to 1 if you have the `__b64_ntop' function. */ +#undef HAVE___B64_NTOP + +/* Define to 1 if you have the `__b64_pton' function. */ +#undef HAVE___B64_PTON + +/* Define if compiler implements __FUNCTION__ */ +#undef HAVE___FUNCTION__ + +/* Define if libc defines __progname */ +#undef HAVE___PROGNAME + +/* Fields in struct sockaddr_storage */ +#undef HAVE___SS_FAMILY_IN_SS + +/* Define if __va_copy exists */ +#undef HAVE___VA_COPY + +/* Define if compiler implements __func__ */ +#undef HAVE___func__ + +/* Define this if you are using the Heimdal version of Kerberos V5 */ +#undef HEIMDAL + +/* Define if you need to use IP address instead of hostname in $DISPLAY */ +#undef IPADDR_IN_DISPLAY + +/* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */ +#undef IPV4_IN_IPV6 + +/* Define if your system choked on IP TOS setting */ +#undef IP_TOS_IS_BROKEN + +/* Define if you want Kerberos 5 support */ +#undef KRB5 + +/* Define if pututxline updates lastlog too */ +#undef LASTLOG_WRITE_PUTUTXLINE + +/* Define to whatever link() returns for "not supported" if it doesn't return + EOPNOTSUPP. */ +#undef LINK_OPNOTSUPP_ERRNO + +/* Adjust Linux out-of-memory killer */ +#undef LINUX_OOM_ADJUST + +/* max value of long long calculated by configure */ +#undef LLONG_MAX + +/* min value of long long calculated by configure */ +#undef LLONG_MIN + +/* Account locked with pw(1) */ +#undef LOCKED_PASSWD_PREFIX + +/* String used in /etc/passwd to denote locked account */ +#undef LOCKED_PASSWD_STRING + +/* String used in /etc/passwd to denote locked account */ +#undef LOCKED_PASSWD_SUBSTR + +/* Some systems need a utmpx entry for /bin/login to work */ +#undef LOGIN_NEEDS_UTMPX + +/* Set this to your mail directory if you do not have _PATH_MAILDIR */ +#undef MAIL_DIRECTORY + +/* Need setpgrp to for controlling tty */ +#undef NEED_SETPGRP + +/* compiler does not accept __attribute__ on prototype args */ +#undef NO_ATTRIBUTE_ON_PROTOTYPE_ARGS + +/* compiler does not accept __attribute__ on return types */ +#undef NO_ATTRIBUTE_ON_RETURN_TYPE + +/* SA_RESTARTed signals do no interrupt select */ +#undef NO_SA_RESTART + +/* Define to disable UID restoration test */ +#undef NO_UID_RESTORATION_TEST + +/* Define if X11 doesn't support AF_UNIX sockets on that system */ +#undef NO_X11_UNIX_SOCKETS + +/* Define if EVP_DigestUpdate returns void */ +#undef OPENSSL_EVP_DIGESTUPDATE_VOID + +/* OpenSSL has ECC */ +#undef OPENSSL_HAS_ECC + +/* libcrypto has ed25519 support */ +#undef OPENSSL_HAS_ED25519 + +/* libcrypto has NID_X9_62_prime256v1 */ +#undef OPENSSL_HAS_NISTP256 + +/* libcrypto has NID_secp384r1 */ +#undef OPENSSL_HAS_NISTP384 + +/* libcrypto has NID_secp521r1 */ +#undef OPENSSL_HAS_NISTP521 + +/* libcrypto is missing AES 192 and 256 bit functions */ +#undef OPENSSL_LOBOTOMISED_AES + +/* Define if you want the OpenSSL internally seeded PRNG only */ +#undef OPENSSL_PRNG_ONLY + +/* Define to the address where bug reports for this package should be sent. */ +#undef PACKAGE_BUGREPORT + +/* Define to the full name of this package. */ +#undef PACKAGE_NAME + +/* Define to the full name and version of this package. */ +#undef PACKAGE_STRING + +/* Define to the one symbol short name of this package. */ +#undef PACKAGE_TARNAME + +/* Define to the home page for this package. */ +#undef PACKAGE_URL + +/* Define to the version of this package. */ +#undef PACKAGE_VERSION + +/* Define if you are using Solaris-derived PAM which passes pam_messages to + the conversation function with an extra level of indirection */ +#undef PAM_SUN_CODEBASE + +/* Work around problematic Linux PAM modules handling of PAM_TTY */ +#undef PAM_TTY_KLUDGE + +/* must supply username to passwd */ +#undef PASSWD_NEEDS_USERNAME + +/* System dirs owned by bin (uid 2) */ +#undef PLATFORM_SYS_DIR_UID + +/* Port number of PRNGD/EGD random number socket */ +#undef PRNGD_PORT + +/* Location of PRNGD/EGD random number socket */ +#undef PRNGD_SOCKET + +/* read(1) can return 0 for a non-closed fd */ +#undef PTY_ZEROREAD + +/* Sandbox using capsicum */ +#undef SANDBOX_CAPSICUM + +/* Sandbox using Darwin sandbox_init(3) */ +#undef SANDBOX_DARWIN + +/* no privsep sandboxing */ +#undef SANDBOX_NULL + +/* Sandbox using pledge(2) */ +#undef SANDBOX_PLEDGE + +/* Sandbox using setrlimit(2) */ +#undef SANDBOX_RLIMIT + +/* Sandbox using seccomp filter */ +#undef SANDBOX_SECCOMP_FILTER + +/* setrlimit RLIMIT_FSIZE works */ +#undef SANDBOX_SKIP_RLIMIT_FSIZE + +/* define if setrlimit RLIMIT_NOFILE breaks things */ +#undef SANDBOX_SKIP_RLIMIT_NOFILE + +/* Sandbox using Solaris/Illumos privileges */ +#undef SANDBOX_SOLARIS + +/* Sandbox using systrace(4) */ +#undef SANDBOX_SYSTRACE + +/* Specify the system call convention in use */ +#undef SECCOMP_AUDIT_ARCH + +/* Define if your platform breaks doing a seteuid before a setuid */ +#undef SETEUID_BREAKS_SETUID + +/* The size of `int', as computed by sizeof. */ +#undef SIZEOF_INT + +/* The size of `long int', as computed by sizeof. */ +#undef SIZEOF_LONG_INT + +/* The size of `long long int', as computed by sizeof. */ +#undef SIZEOF_LONG_LONG_INT + +/* The size of `short int', as computed by sizeof. */ +#undef SIZEOF_SHORT_INT + +/* The size of `time_t', as computed by sizeof. */ +#undef SIZEOF_TIME_T + +/* Define as const if snprintf() can declare const char *fmt */ +#undef SNPRINTF_CONST + +/* sockaddr_in has sin_len */ +#undef SOCK_HAS_LEN + +/* Define to a Set Process Title type if your system is supported by + bsd-setproctitle.c */ +#undef SPT_TYPE + +/* Define if sshd somehow reacquires a controlling TTY after setsid() */ +#undef SSHD_ACQUIRES_CTTY + +/* sshd PAM service name */ +#undef SSHD_PAM_SERVICE + +/* Define if pam_chauthtok wants real uid set to the unpriv'ed user */ +#undef SSHPAM_CHAUTHTOK_NEEDS_RUID + +/* Use audit debugging module */ +#undef SSH_AUDIT_EVENTS + +/* Windows is sensitive to read buffer size */ +#undef SSH_IOBUFSZ + +/* non-privileged user for privilege separation */ +#undef SSH_PRIVSEP_USER + +/* Use tunnel device compatibility to OpenBSD */ +#undef SSH_TUN_COMPAT_AF + +/* Open tunnel devices the FreeBSD way */ +#undef SSH_TUN_FREEBSD + +/* Open tunnel devices the Linux tun/tap way */ +#undef SSH_TUN_LINUX + +/* No layer 2 tunnel support */ +#undef SSH_TUN_NO_L2 + +/* Open tunnel devices the OpenBSD way */ +#undef SSH_TUN_OPENBSD + +/* Prepend the address family to IP tunnel traffic */ +#undef SSH_TUN_PREPEND_AF + +/* Define to 1 if all of the C90 standard headers exist (not just the ones + required in a freestanding environment). This macro is provided for + backward compatibility; new code need not use it. */ +#undef STDC_HEADERS + +/* Define if you want a different $PATH for the superuser */ +#undef SUPERUSER_PATH + +/* syslog_r function is safe to use in in a signal handler */ +#undef SYSLOG_R_SAFE_IN_SIGHAND + +/* Have sshd notify systemd on start/reload */ +#undef SYSTEMD_NOTIFY + +/* Support routing domains using Linux VRF */ +#undef SYS_RDOMAIN_LINUX + +/* Support passwords > 8 chars */ +#undef UNIXWARE_LONG_PASSWORDS + +/* Specify default $PATH */ +#undef USER_PATH + +/* Define this if you want to use libkafs' AFS support */ +#undef USE_AFS + +/* Use BSM audit module */ +#undef USE_BSM_AUDIT + +/* Use btmp to log bad logins */ +#undef USE_BTMP + +/* Use libedit for sftp */ +#undef USE_LIBEDIT + +/* Use Linux audit module */ +#undef USE_LINUX_AUDIT + +/* Enable OpenSSL engine support */ +#undef USE_OPENSSL_ENGINE + +/* Define if you want to enable PAM support */ +#undef USE_PAM + +/* Use PIPES instead of a socketpair() */ +#undef USE_PIPES + +/* Define if you have Solaris privileges */ +#undef USE_SOLARIS_PRIVS + +/* Define if you have Solaris process contracts */ +#undef USE_SOLARIS_PROCESS_CONTRACTS + +/* Define if you have Solaris projects */ +#undef USE_SOLARIS_PROJECTS + +/* compiler variable declarations after code */ +#undef VARIABLE_DECLARATION_AFTER_CODE + +/* compiler supports variable length arrays */ +#undef VARIABLE_LENGTH_ARRAYS + +/* Define if you shouldn't strip 'tty' from your ttyname in [uw]tmp */ +#undef WITH_ABBREV_NO_TTY + +/* Define if you want to enable AIX4's authenticate function */ +#undef WITH_AIXAUTHENTICATE + +/* DSA keys explicitly enabled */ +#undef WITH_DSA + +/* Define if you have/want arrays (cluster-wide session management, not C + arrays) */ +#undef WITH_IRIX_ARRAY + +/* Define if you want IRIX audit trails */ +#undef WITH_IRIX_AUDIT + +/* Define if you want IRIX kernel jobs */ +#undef WITH_IRIX_JOBS + +/* Define if you want IRIX project management */ +#undef WITH_IRIX_PROJECT + +/* use libcrypto for cryptography */ +#undef WITH_OPENSSL + +/* Define if you want SELinux support. */ +#undef WITH_SELINUX + +/* Enable zlib */ +#undef WITH_ZLIB + +/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most + significant byte first (like Motorola and SPARC, unlike Intel). */ +#if defined AC_APPLE_UNIVERSAL_BUILD +# if defined __BIG_ENDIAN__ +# define WORDS_BIGENDIAN 1 +# endif +#else +# ifndef WORDS_BIGENDIAN +# undef WORDS_BIGENDIAN +# endif +#endif + +/* Define if xauth is found in your path */ +#undef XAUTH_PATH + +/* Number of bits in a file offset, on hosts where this is settable. */ +#undef _FILE_OFFSET_BITS + +/* Define for large files, on AIX-style hosts. */ +#undef _LARGE_FILES + +/* log for bad login attempts */ +#undef _PATH_BTMP + +/* Full path of your "passwd" program */ +#undef _PATH_PASSWD_PROG + +/* Specify location of ssh.pid */ +#undef _PATH_SSH_PIDDIR + +/* Define if we don't have struct __res_state in resolv.h */ +#undef __res_state + +/* Define to rpl_calloc if the replacement function should be used. */ +#undef calloc + +/* Define to `__inline__' or `__inline' if that's what the C compiler + calls it, or to nothing if 'inline' is not supported under any name. */ +#ifndef __cplusplus +#undef inline +#endif + +/* Define to rpl_malloc if the replacement function should be used. */ +#undef malloc + +/* Define to rpl_realloc if the replacement function should be used. */ +#undef realloc + +/* type to use in place of socklen_t if not defined */ +#undef socklen_t diff --git a/configure b/configure new file mode 100755 index 000000000..07d19fd30 --- /dev/null +++ b/configure @@ -0,0 +1,27691 @@ +#! /bin/sh +# Guess values for system-dependent variables and create Makefiles. +# Generated by GNU Autoconf 2.71 for OpenSSH Portable. +# +# Report bugs to . +# +# +# Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation, +# Inc. +# +# +# This configure script is free software; the Free Software Foundation +# gives unlimited permission to copy, distribute and modify it. +## -------------------- ## +## M4sh Initialization. ## +## -------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +as_nop=: +if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 +then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else $as_nop + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi + + + +# Reset variables that may have inherited troublesome values from +# the environment. + +# IFS needs to be set, to space, tab, and newline, in precisely that order. +# (If _AS_PATH_WALK were called with IFS unset, it would have the +# side effect of setting IFS to empty, thus disabling word splitting.) +# Quoting is to prevent editors from complaining about space-tab. +as_nl=' +' +export as_nl +IFS=" "" $as_nl" + +PS1='$ ' +PS2='> ' +PS4='+ ' + +# Ensure predictable behavior from utilities with locale-dependent output. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# We cannot yet rely on "unset" to work, but we need these variables +# to be unset--not just set to an empty or harmless value--now, to +# avoid bugs in old shells (e.g. pre-3.0 UWIN ksh). This construct +# also avoids known problems related to "unset" and subshell syntax +# in other old shells (e.g. bash 2.01 and pdksh 5.2.14). +for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH +do eval test \${$as_var+y} \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done + +# Ensure that fds 0, 1, and 2 are open. +if (exec 3>&0) 2>/dev/null; then :; else exec 0&1) 2>/dev/null; then :; else exec 1>/dev/null; fi +if (exec 3>&2) ; then :; else exec 2>/dev/null; fi + +# The user is always right. +if ${PATH_SEPARATOR+false} :; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + + +# Find who we are. Look in the path if we contain no directory separator. +as_myself= +case $0 in #(( + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + test -r "$as_dir$0" && as_myself=$as_dir$0 && break + done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + printf "%s\n" "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + exit 1 +fi + + +# Use a proper internal environment variable to ensure we don't fall + # into an infinite loop, continuously re-executing ourselves. + if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then + _as_can_reexec=no; export _as_can_reexec; + # We cannot yet assume a decent shell, so we have to provide a +# neutralization value for shells without unset; and this also +# works around shells that cannot unset nonexistent variables. +# Preserve -v and -x to the replacement shell. +BASH_ENV=/dev/null +ENV=/dev/null +(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV +case $- in # (((( + *v*x* | *x*v* ) as_opts=-vx ;; + *v* ) as_opts=-v ;; + *x* ) as_opts=-x ;; + * ) as_opts= ;; +esac +exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} +# Admittedly, this is quite paranoid, since all the known shells bail +# out after a failed `exec'. +printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2 +exit 255 + fi + # We don't want this to propagate to other subprocesses. + { _as_can_reexec=; unset _as_can_reexec;} +if test "x$CONFIG_SHELL" = x; then + as_bourne_compatible="as_nop=: +if test \${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 +then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which + # is contrary to our usage. Disable this feature. + alias -g '\${1+\"\$@\"}'='\"\$@\"' + setopt NO_GLOB_SUBST +else \$as_nop + case \`(set -o) 2>/dev/null\` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi +" + as_required="as_fn_return () { (exit \$1); } +as_fn_success () { as_fn_return 0; } +as_fn_failure () { as_fn_return 1; } +as_fn_ret_success () { return 0; } +as_fn_ret_failure () { return 1; } + +exitcode=0 +as_fn_success || { exitcode=1; echo as_fn_success failed.; } +as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } +as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } +as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } +if ( set x; as_fn_ret_success y && test x = \"\$1\" ) +then : + +else \$as_nop + exitcode=1; echo positional parameters were not saved. +fi +test x\$exitcode = x0 || exit 1 +blah=\$(echo \$(echo blah)) +test x\"\$blah\" = xblah || exit 1 +test -x / || exit 1" + as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO + as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO + eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && + test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 +test \$(( 1 + 1 )) = 2 || exit 1" + if (eval "$as_required") 2>/dev/null +then : + as_have_required=yes +else $as_nop + as_have_required=no +fi + if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null +then : + +else $as_nop + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_found=false +for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + as_found=: + case $as_dir in #( + /*) + for as_base in sh bash ksh sh5; do + # Try only shells that exist, to save several forks. + as_shell=$as_dir$as_base + if { test -f "$as_shell" || test -f "$as_shell.exe"; } && + as_run=a "$as_shell" -c "$as_bourne_compatible""$as_required" 2>/dev/null +then : + CONFIG_SHELL=$as_shell as_have_required=yes + if as_run=a "$as_shell" -c "$as_bourne_compatible""$as_suggested" 2>/dev/null +then : + break 2 +fi +fi + done;; + esac + as_found=false +done +IFS=$as_save_IFS +if $as_found +then : + +else $as_nop + if { test -f "$SHELL" || test -f "$SHELL.exe"; } && + as_run=a "$SHELL" -c "$as_bourne_compatible""$as_required" 2>/dev/null +then : + CONFIG_SHELL=$SHELL as_have_required=yes +fi +fi + + + if test "x$CONFIG_SHELL" != x +then : + export CONFIG_SHELL + # We cannot yet assume a decent shell, so we have to provide a +# neutralization value for shells without unset; and this also +# works around shells that cannot unset nonexistent variables. +# Preserve -v and -x to the replacement shell. +BASH_ENV=/dev/null +ENV=/dev/null +(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV +case $- in # (((( + *v*x* | *x*v* ) as_opts=-vx ;; + *v* ) as_opts=-v ;; + *x* ) as_opts=-x ;; + * ) as_opts= ;; +esac +exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} +# Admittedly, this is quite paranoid, since all the known shells bail +# out after a failed `exec'. +printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2 +exit 255 +fi + + if test x$as_have_required = xno +then : + printf "%s\n" "$0: This script requires a shell more modern than all" + printf "%s\n" "$0: the shells that I found on your system." + if test ${ZSH_VERSION+y} ; then + printf "%s\n" "$0: In particular, zsh $ZSH_VERSION has bugs and should" + printf "%s\n" "$0: be upgraded to zsh 4.3.4 or later." + else + printf "%s\n" "$0: Please tell bug-autoconf@gnu.org and +$0: openssh-unix-dev@mindrot.org about your system, +$0: including any error possibly output before this +$0: message. Then install a modern shell, or manually run +$0: the script under such a shell if you do have one." + fi + exit 1 +fi +fi +fi +SHELL=${CONFIG_SHELL-/bin/sh} +export SHELL +# Unset more variables known to interfere with behavior of common tools. +CLICOLOR_FORCE= GREP_OPTIONS= +unset CLICOLOR_FORCE GREP_OPTIONS + +## --------------------- ## +## M4sh Shell Functions. ## +## --------------------- ## +# as_fn_unset VAR +# --------------- +# Portably unset VAR. +as_fn_unset () +{ + { eval $1=; unset $1;} +} +as_unset=as_fn_unset + + +# as_fn_set_status STATUS +# ----------------------- +# Set $? to STATUS, without forking. +as_fn_set_status () +{ + return $1 +} # as_fn_set_status + +# as_fn_exit STATUS +# ----------------- +# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. +as_fn_exit () +{ + set +e + as_fn_set_status $1 + exit $1 +} # as_fn_exit +# as_fn_nop +# --------- +# Do nothing but, unlike ":", preserve the value of $?. +as_fn_nop () +{ + return $? +} +as_nop=as_fn_nop + +# as_fn_mkdir_p +# ------------- +# Create "$as_dir" as a directory, including parents if necessary. +as_fn_mkdir_p () +{ + + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || eval $as_mkdir_p || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`printf "%s\n" "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +printf "%s\n" X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" + + +} # as_fn_mkdir_p + +# as_fn_executable_p FILE +# ----------------------- +# Test if FILE is an executable regular file. +as_fn_executable_p () +{ + test -f "$1" && test -x "$1" +} # as_fn_executable_p +# as_fn_append VAR VALUE +# ---------------------- +# Append the text in VALUE to the end of the definition contained in VAR. Take +# advantage of any shell optimizations that allow amortized linear growth over +# repeated appends, instead of the typical quadratic growth present in naive +# implementations. +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null +then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +else $as_nop + as_fn_append () + { + eval $1=\$$1\$2 + } +fi # as_fn_append + +# as_fn_arith ARG... +# ------------------ +# Perform arithmetic evaluation on the ARGs, and store the result in the +# global $as_val. Take advantage of shells that can avoid forks. The arguments +# must be portable across $(()) and expr. +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null +then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +else $as_nop + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` + } +fi # as_fn_arith + +# as_fn_nop +# --------- +# Do nothing but, unlike ":", preserve the value of $?. +as_fn_nop () +{ + return $? +} +as_nop=as_fn_nop + +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- +# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are +# provided, also output the error to LOG_FD, referencing LINENO. Then exit the +# script with STATUS, using 1 if that was 0. +as_fn_error () +{ + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + fi + printf "%s\n" "$as_me: error: $2" >&2 + as_fn_exit $as_status +} # as_fn_error + +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +printf "%s\n" X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + + + as_lineno_1=$LINENO as_lineno_1a=$LINENO + as_lineno_2=$LINENO as_lineno_2a=$LINENO + eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && + test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { + # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) + sed -n ' + p + /[$]LINENO/= + ' <$as_myself | + sed ' + s/[$]LINENO.*/&-/ + t lineno + b + :lineno + N + :loop + s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ + t loop + s/-\n.*// + ' >$as_me.lineno && + chmod +x "$as_me.lineno" || + { printf "%s\n" "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } + + # If we had to re-execute with $CONFIG_SHELL, we're ensured to have + # already done that, so ensure we don't try to do so again and fall + # in an infinite loop. This has already happened in practice. + _as_can_reexec=no; export _as_can_reexec + # Don't try to exec as it changes $[0], causing all sort of problems + # (the dirname of $[0] is not the place where we might find the + # original and so on. Autoconf is especially sensitive to this). + . "./$as_me.lineno" + # Exit status is that of the last command. + exit +} + + +# Determine whether it's possible to make 'echo' print without a newline. +# These variables are no longer used directly by Autoconf, but are AC_SUBSTed +# for compatibility with existing Makefiles. +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in #((((( +-n*) + case `echo 'xy\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + xy) ECHO_C='\c';; + *) echo `echo ksh88 bug on AIX 6.1` > /dev/null + ECHO_T=' ';; + esac;; +*) + ECHO_N='-n';; +esac + +# For backward compatibility with old third-party macros, we provide +# the shell variables $as_echo and $as_echo_n. New code should use +# AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively. +as_echo='printf %s\n' +as_echo_n='printf %s' + + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir 2>/dev/null +fi +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -pR'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -pR' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -pR' + fi +else + as_ln_s='cp -pR' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + +if mkdir -p . 2>/dev/null; then + as_mkdir_p='mkdir -p "$as_dir"' +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +as_test_x='test -x' +as_executable_p=as_fn_executable_p + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +test -n "$DJDIR" || exec 7<&0 &1 + +# Name of the host. +# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, +# so uname gets run too. +ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` + +# +# Initializations. +# +ac_default_prefix=/usr/local +ac_clean_files= +ac_config_libobj_dir=. +LIBOBJS= +cross_compiling=no +subdirs= +MFLAGS= +MAKEFLAGS= + +# Identity of this package. +PACKAGE_NAME='OpenSSH' +PACKAGE_TARNAME='openssh' +PACKAGE_VERSION='Portable' +PACKAGE_STRING='OpenSSH Portable' +PACKAGE_BUGREPORT='openssh-unix-dev@mindrot.org' +PACKAGE_URL='' + +ac_unique_file="ssh.c" +# Factoring default headers for most tests. +ac_includes_default="\ +#include +#ifdef HAVE_STDIO_H +# include +#endif +#ifdef HAVE_STDLIB_H +# include +#endif +#ifdef HAVE_STRING_H +# include +#endif +#ifdef HAVE_INTTYPES_H +# include +#endif +#ifdef HAVE_STDINT_H +# include +#endif +#ifdef HAVE_STRINGS_H +# include +#endif +#ifdef HAVE_SYS_TYPES_H +# include +#endif +#ifdef HAVE_SYS_STAT_H +# include +#endif +#ifdef HAVE_UNISTD_H +# include +#endif" + +ac_header_c_list= +ac_subst_vars='LTLIBOBJS +CFLAGS_NOPIE +LDFLAGS_NOPIE +DROPBEARCONVERT +DROPBEARKEY +DBCLIENT +DROPBEAR +CONCH +PUTTYGEN +PLINK +DEPEND +UNSUPPORTED_ALGORITHMS +TEST_MALLOC_OPTIONS +TEST_SSH_UTF8 +TEST_SSH_IPV6 +piddir +user_path +mansubdir +MANTYPE +XAUTH_PATH +STRIP_OPT +xauth_path +PRIVSEP_PATH +CHANNELLIBS +K5LIBS +GSSLIBS +KRB5CONF +SSHDLIBS +SSH_PRIVSEP_USER +LIBFIDO2 +SK_DUMMY_LIBRARY +OPENSSL_BIN +openssl_bin +PICFLAG +LIBEDIT +LDNSCONFIG +LIBOBJS +LD +PATH_PASSWD_PROG +STARTUP_SCRIPT_SHELL +MAKE_PACKAGE_SUPPORTED +PATH_USERADD_PROG +PATH_GROUPADD_PROG +MANFMT +TEST_SHELL +PKGCONFIG +MANDOC +NROFF +GROFF +SH +TEST_MINUS_S_SH +SED +KILL +CAT +ac_ct_AR +AR +MKDIR_P +EGREP +GREP +INSTALL_DATA +INSTALL_SCRIPT +INSTALL_PROGRAM +RANLIB +CPP +AWK +host_os +host_vendor +host_cpu +host +build_os +build_vendor +build_cpu +build +OBJEXT +EXEEXT +ac_ct_CC +CPPFLAGS +LDFLAGS +CFLAGS +CC +target_alias +host_alias +build_alias +LIBS +ECHO_T +ECHO_N +ECHO_C +DEFS +mandir +localedir +libdir +psdir +pdfdir +dvidir +htmldir +infodir +docdir +oldincludedir +includedir +runstatedir +localstatedir +sharedstatedir +sysconfdir +datadir +datarootdir +libexecdir +sbindir +bindir +program_transform_name +prefix +exec_prefix +PACKAGE_URL +PACKAGE_BUGREPORT +PACKAGE_STRING +PACKAGE_VERSION +PACKAGE_TARNAME +PACKAGE_NAME +PATH_SEPARATOR +SHELL' +ac_subst_files='' +ac_user_opts=' +enable_option_checking +enable_largefile +with_openssl +with_stackprotect +with_hardening +with_retpoline +with_rpath +with_cflags +with_cflags_after +with_cppflags +with_ldflags +with_ldflags_after +with_libs +with_Werror +with_solaris_contracts +with_solaris_projects +with_solaris_privs +with_osfsia +with_zlib +with_zlib_version_check +with_ldns +with_libedit +with_audit +with_pie +enable_pkcs11 +enable_security_key +with_security_key_builtin +enable_dsa_keys +with_ssl_dir +with_openssl_header_check +with_ssl_engine +with_prngd_port +with_prngd_socket +with_pam +with_pam_service +with_privsep_user +with_sandbox +with_selinux +with_kerberos5 +with_privsep_path +with_xauth +enable_strip +with_maildir +with_mantype +with_shadow +with_ipaddr_display +enable_etc_default_login +with_default_path +with_superuser_path +with_4in6 +with_bsd_auth +with_pid_dir +enable_fd_passing +enable_lastlog +enable_utmp +enable_utmpx +enable_wtmp +enable_wtmpx +enable_libutil +enable_pututline +enable_pututxline +with_lastlog +' + ac_precious_vars='build_alias +host_alias +target_alias +CC +CFLAGS +LDFLAGS +LIBS +CPPFLAGS +CPP' + + +# Initialize some variables set by options. +ac_init_help= +ac_init_version=false +ac_unrecognized_opts= +ac_unrecognized_sep= +# The variables have the same names as the options, with +# dashes changed to underlines. +cache_file=/dev/null +exec_prefix=NONE +no_create= +no_recursion= +prefix=NONE +program_prefix=NONE +program_suffix=NONE +program_transform_name=s,x,x, +silent= +site= +srcdir= +verbose= +x_includes=NONE +x_libraries=NONE + +# Installation directory options. +# These are left unexpanded so users can "make install exec_prefix=/foo" +# and all the variables that are supposed to be based on exec_prefix +# by default will actually change. +# Use braces instead of parens because sh, perl, etc. also accept them. +# (The list follows the same order as the GNU Coding Standards.) +bindir='${exec_prefix}/bin' +sbindir='${exec_prefix}/sbin' +libexecdir='${exec_prefix}/libexec' +datarootdir='${prefix}/share' +datadir='${datarootdir}' +sysconfdir='${prefix}/etc' +sharedstatedir='${prefix}/com' +localstatedir='${prefix}/var' +runstatedir='${localstatedir}/run' +includedir='${prefix}/include' +oldincludedir='/usr/include' +docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' +infodir='${datarootdir}/info' +htmldir='${docdir}' +dvidir='${docdir}' +pdfdir='${docdir}' +psdir='${docdir}' +libdir='${exec_prefix}/lib' +localedir='${datarootdir}/locale' +mandir='${datarootdir}/man' + +ac_prev= +ac_dashdash= +for ac_option +do + # If the previous option needs an argument, assign it. + if test -n "$ac_prev"; then + eval $ac_prev=\$ac_option + ac_prev= + continue + fi + + case $ac_option in + *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; + *=) ac_optarg= ;; + *) ac_optarg=yes ;; + esac + + case $ac_dashdash$ac_option in + --) + ac_dashdash=yes ;; + + -bindir | --bindir | --bindi | --bind | --bin | --bi) + ac_prev=bindir ;; + -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) + bindir=$ac_optarg ;; + + -build | --build | --buil | --bui | --bu) + ac_prev=build_alias ;; + -build=* | --build=* | --buil=* | --bui=* | --bu=*) + build_alias=$ac_optarg ;; + + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) + cache_file=$ac_optarg ;; + + --config-cache | -C) + cache_file=config.cache ;; + + -datadir | --datadir | --datadi | --datad) + ac_prev=datadir ;; + -datadir=* | --datadir=* | --datadi=* | --datad=*) + datadir=$ac_optarg ;; + + -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ + | --dataroo | --dataro | --datar) + ac_prev=datarootdir ;; + -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ + | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) + datarootdir=$ac_optarg ;; + + -disable-* | --disable-*) + ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid feature name: \`$ac_useropt'" + ac_useropt_orig=$ac_useropt + ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"enable_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval enable_$ac_useropt=no ;; + + -docdir | --docdir | --docdi | --doc | --do) + ac_prev=docdir ;; + -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) + docdir=$ac_optarg ;; + + -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) + ac_prev=dvidir ;; + -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) + dvidir=$ac_optarg ;; + + -enable-* | --enable-*) + ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid feature name: \`$ac_useropt'" + ac_useropt_orig=$ac_useropt + ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"enable_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval enable_$ac_useropt=\$ac_optarg ;; + + -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ + | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ + | --exec | --exe | --ex) + ac_prev=exec_prefix ;; + -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ + | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ + | --exec=* | --exe=* | --ex=*) + exec_prefix=$ac_optarg ;; + + -gas | --gas | --ga | --g) + # Obsolete; use --with-gas. + with_gas=yes ;; + + -help | --help | --hel | --he | -h) + ac_init_help=long ;; + -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) + ac_init_help=recursive ;; + -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) + ac_init_help=short ;; + + -host | --host | --hos | --ho) + ac_prev=host_alias ;; + -host=* | --host=* | --hos=* | --ho=*) + host_alias=$ac_optarg ;; + + -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) + ac_prev=htmldir ;; + -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ + | --ht=*) + htmldir=$ac_optarg ;; + + -includedir | --includedir | --includedi | --included | --include \ + | --includ | --inclu | --incl | --inc) + ac_prev=includedir ;; + -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ + | --includ=* | --inclu=* | --incl=* | --inc=*) + includedir=$ac_optarg ;; + + -infodir | --infodir | --infodi | --infod | --info | --inf) + ac_prev=infodir ;; + -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) + infodir=$ac_optarg ;; + + -libdir | --libdir | --libdi | --libd) + ac_prev=libdir ;; + -libdir=* | --libdir=* | --libdi=* | --libd=*) + libdir=$ac_optarg ;; + + -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ + | --libexe | --libex | --libe) + ac_prev=libexecdir ;; + -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ + | --libexe=* | --libex=* | --libe=*) + libexecdir=$ac_optarg ;; + + -localedir | --localedir | --localedi | --localed | --locale) + ac_prev=localedir ;; + -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) + localedir=$ac_optarg ;; + + -localstatedir | --localstatedir | --localstatedi | --localstated \ + | --localstate | --localstat | --localsta | --localst | --locals) + ac_prev=localstatedir ;; + -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ + | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) + localstatedir=$ac_optarg ;; + + -mandir | --mandir | --mandi | --mand | --man | --ma | --m) + ac_prev=mandir ;; + -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) + mandir=$ac_optarg ;; + + -nfp | --nfp | --nf) + # Obsolete; use --without-fp. + with_fp=no ;; + + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c | -n) + no_create=yes ;; + + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) + no_recursion=yes ;; + + -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ + | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ + | --oldin | --oldi | --old | --ol | --o) + ac_prev=oldincludedir ;; + -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ + | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ + | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) + oldincludedir=$ac_optarg ;; + + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + prefix=$ac_optarg ;; + + -program-prefix | --program-prefix | --program-prefi | --program-pref \ + | --program-pre | --program-pr | --program-p) + ac_prev=program_prefix ;; + -program-prefix=* | --program-prefix=* | --program-prefi=* \ + | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) + program_prefix=$ac_optarg ;; + + -program-suffix | --program-suffix | --program-suffi | --program-suff \ + | --program-suf | --program-su | --program-s) + ac_prev=program_suffix ;; + -program-suffix=* | --program-suffix=* | --program-suffi=* \ + | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) + program_suffix=$ac_optarg ;; + + -program-transform-name | --program-transform-name \ + | --program-transform-nam | --program-transform-na \ + | --program-transform-n | --program-transform- \ + | --program-transform | --program-transfor \ + | --program-transfo | --program-transf \ + | --program-trans | --program-tran \ + | --progr-tra | --program-tr | --program-t) + ac_prev=program_transform_name ;; + -program-transform-name=* | --program-transform-name=* \ + | --program-transform-nam=* | --program-transform-na=* \ + | --program-transform-n=* | --program-transform-=* \ + | --program-transform=* | --program-transfor=* \ + | --program-transfo=* | --program-transf=* \ + | --program-trans=* | --program-tran=* \ + | --progr-tra=* | --program-tr=* | --program-t=*) + program_transform_name=$ac_optarg ;; + + -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) + ac_prev=pdfdir ;; + -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) + pdfdir=$ac_optarg ;; + + -psdir | --psdir | --psdi | --psd | --ps) + ac_prev=psdir ;; + -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) + psdir=$ac_optarg ;; + + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + + -runstatedir | --runstatedir | --runstatedi | --runstated \ + | --runstate | --runstat | --runsta | --runst | --runs \ + | --run | --ru | --r) + ac_prev=runstatedir ;; + -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ + | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ + | --run=* | --ru=* | --r=*) + runstatedir=$ac_optarg ;; + + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ + | --sbi=* | --sb=*) + sbindir=$ac_optarg ;; + + -sharedstatedir | --sharedstatedir | --sharedstatedi \ + | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ + | --sharedst | --shareds | --shared | --share | --shar \ + | --sha | --sh) + ac_prev=sharedstatedir ;; + -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ + | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ + | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ + | --sha=* | --sh=*) + sharedstatedir=$ac_optarg ;; + + -site | --site | --sit) + ac_prev=site ;; + -site=* | --site=* | --sit=*) + site=$ac_optarg ;; + + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + srcdir=$ac_optarg ;; + + -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ + | --syscon | --sysco | --sysc | --sys | --sy) + ac_prev=sysconfdir ;; + -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ + | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) + sysconfdir=$ac_optarg ;; + + -target | --target | --targe | --targ | --tar | --ta | --t) + ac_prev=target_alias ;; + -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) + target_alias=$ac_optarg ;; + + -v | -verbose | --verbose | --verbos | --verbo | --verb) + verbose=yes ;; + + -version | --version | --versio | --versi | --vers | -V) + ac_init_version=: ;; + + -with-* | --with-*) + ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid package name: \`$ac_useropt'" + ac_useropt_orig=$ac_useropt + ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"with_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval with_$ac_useropt=\$ac_optarg ;; + + -without-* | --without-*) + ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid package name: \`$ac_useropt'" + ac_useropt_orig=$ac_useropt + ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"with_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval with_$ac_useropt=no ;; + + --x) + # Obsolete; use --with-x. + with_x=yes ;; + + -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ + | --x-incl | --x-inc | --x-in | --x-i) + ac_prev=x_includes ;; + -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ + | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) + x_includes=$ac_optarg ;; + + -x-libraries | --x-libraries | --x-librarie | --x-librari \ + | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) + ac_prev=x_libraries ;; + -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ + | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) + x_libraries=$ac_optarg ;; + + -*) as_fn_error $? "unrecognized option: \`$ac_option' +Try \`$0 --help' for more information" + ;; + + *=*) + ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` + # Reject names that are not valid shell variable names. + case $ac_envvar in #( + '' | [0-9]* | *[!_$as_cr_alnum]* ) + as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; + esac + eval $ac_envvar=\$ac_optarg + export $ac_envvar ;; + + *) + # FIXME: should be removed in autoconf 3.0. + printf "%s\n" "$as_me: WARNING: you should use --build, --host, --target" >&2 + expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && + printf "%s\n" "$as_me: WARNING: invalid host type: $ac_option" >&2 + : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}" + ;; + + esac +done + +if test -n "$ac_prev"; then + ac_option=--`echo $ac_prev | sed 's/_/-/g'` + as_fn_error $? "missing argument to $ac_option" +fi + +if test -n "$ac_unrecognized_opts"; then + case $enable_option_checking in + no) ;; + fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; + *) printf "%s\n" "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; + esac +fi + +# Check all directory arguments for consistency. +for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ + datadir sysconfdir sharedstatedir localstatedir includedir \ + oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ + libdir localedir mandir runstatedir +do + eval ac_val=\$$ac_var + # Remove trailing slashes. + case $ac_val in + */ ) + ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` + eval $ac_var=\$ac_val;; + esac + # Be sure to have absolute directory names. + case $ac_val in + [\\/$]* | ?:[\\/]* ) continue;; + NONE | '' ) case $ac_var in *prefix ) continue;; esac;; + esac + as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" +done + +# There might be people who depend on the old broken behavior: `$host' +# used to hold the argument of --host etc. +# FIXME: To remove some day. +build=$build_alias +host=$host_alias +target=$target_alias + +# FIXME: To remove some day. +if test "x$host_alias" != x; then + if test "x$build_alias" = x; then + cross_compiling=maybe + elif test "x$build_alias" != "x$host_alias"; then + cross_compiling=yes + fi +fi + +ac_tool_prefix= +test -n "$host_alias" && ac_tool_prefix=$host_alias- + +test "$silent" = yes && exec 6>/dev/null + + +ac_pwd=`pwd` && test -n "$ac_pwd" && +ac_ls_di=`ls -di .` && +ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || + as_fn_error $? "working directory cannot be determined" +test "X$ac_ls_di" = "X$ac_pwd_ls_di" || + as_fn_error $? "pwd does not report name of working directory" + + +# Find the source files, if location was not specified. +if test -z "$srcdir"; then + ac_srcdir_defaulted=yes + # Try the directory containing this script, then the parent directory. + ac_confdir=`$as_dirname -- "$as_myself" || +$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_myself" : 'X\(//\)[^/]' \| \ + X"$as_myself" : 'X\(//\)$' \| \ + X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || +printf "%s\n" X"$as_myself" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + srcdir=$ac_confdir + if test ! -r "$srcdir/$ac_unique_file"; then + srcdir=.. + fi +else + ac_srcdir_defaulted=no +fi +if test ! -r "$srcdir/$ac_unique_file"; then + test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." + as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" +fi +ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" +ac_abs_confdir=`( + cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" + pwd)` +# When building in place, set srcdir=. +if test "$ac_abs_confdir" = "$ac_pwd"; then + srcdir=. +fi +# Remove unnecessary trailing slashes from srcdir. +# Double slashes in file names in object file debugging info +# mess up M-x gdb in Emacs. +case $srcdir in +*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; +esac +for ac_var in $ac_precious_vars; do + eval ac_env_${ac_var}_set=\${${ac_var}+set} + eval ac_env_${ac_var}_value=\$${ac_var} + eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} + eval ac_cv_env_${ac_var}_value=\$${ac_var} +done + +# +# Report the --help message. +# +if test "$ac_init_help" = "long"; then + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat <<_ACEOF +\`configure' configures OpenSSH Portable to adapt to many kinds of systems. + +Usage: $0 [OPTION]... [VAR=VALUE]... + +To assign environment variables (e.g., CC, CFLAGS...), specify them as +VAR=VALUE. See below for descriptions of some of the useful variables. + +Defaults for the options are specified in brackets. + +Configuration: + -h, --help display this help and exit + --help=short display options specific to this package + --help=recursive display the short help of all the included packages + -V, --version display version information and exit + -q, --quiet, --silent do not print \`checking ...' messages + --cache-file=FILE cache test results in FILE [disabled] + -C, --config-cache alias for \`--cache-file=config.cache' + -n, --no-create do not create output files + --srcdir=DIR find the sources in DIR [configure dir or \`..'] + +Installation directories: + --prefix=PREFIX install architecture-independent files in PREFIX + [$ac_default_prefix] + --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX + [PREFIX] + +By default, \`make install' will install all the files in +\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify +an installation prefix other than \`$ac_default_prefix' using \`--prefix', +for instance \`--prefix=\$HOME'. + +For better control, use the options below. + +Fine tuning of the installation directories: + --bindir=DIR user executables [EPREFIX/bin] + --sbindir=DIR system admin executables [EPREFIX/sbin] + --libexecdir=DIR program executables [EPREFIX/libexec] + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] + --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] + --libdir=DIR object code libraries [EPREFIX/lib] + --includedir=DIR C header files [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc [/usr/include] + --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] + --datadir=DIR read-only architecture-independent data [DATAROOTDIR] + --infodir=DIR info documentation [DATAROOTDIR/info] + --localedir=DIR locale-dependent data [DATAROOTDIR/locale] + --mandir=DIR man documentation [DATAROOTDIR/man] + --docdir=DIR documentation root [DATAROOTDIR/doc/openssh] + --htmldir=DIR html documentation [DOCDIR] + --dvidir=DIR dvi documentation [DOCDIR] + --pdfdir=DIR pdf documentation [DOCDIR] + --psdir=DIR ps documentation [DOCDIR] +_ACEOF + + cat <<\_ACEOF + +System types: + --build=BUILD configure for building on BUILD [guessed] + --host=HOST cross-compile to build programs to run on HOST [BUILD] +_ACEOF +fi + +if test -n "$ac_init_help"; then + case $ac_init_help in + short | recursive ) echo "Configuration of OpenSSH Portable:";; + esac + cat <<\_ACEOF + +Optional Features: + --disable-option-checking ignore unrecognized --enable/--with options + --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) + --enable-FEATURE[=ARG] include FEATURE [ARG=yes] + --disable-largefile omit support for large files + --disable-pkcs11 disable PKCS#11 support code [no] + --disable-security-key disable U2F/FIDO support code no + --enable-dsa-keys enable DSA key support no + --disable-strip Disable calling strip(1) on install + --disable-etc-default-login Disable using PATH from /etc/default/login no + --disable-fd-passing disable file descriptor passsing no + --disable-lastlog disable use of lastlog even if detected no + --disable-utmp disable use of utmp even if detected no + --disable-utmpx disable use of utmpx even if detected no + --disable-wtmp disable use of wtmp even if detected no + --disable-wtmpx disable use of wtmpx even if detected no + --disable-libutil disable use of libutil (login() etc.) no + --disable-pututline disable use of pututline() etc. (uwtmp) no + --disable-pututxline disable use of pututxline() etc. (uwtmpx) no + +Optional Packages: + --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] + --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) + --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** + --without-stackprotect Don't use compiler's stack protection + --without-hardening Don't use toolchain hardening flags + --without-retpoline Enable retpoline spectre mitigation + --without-rpath Disable auto-added -R linker paths + --with-cflags Specify additional flags to pass to compiler + --with-cflags-after Specify additional flags to pass to compiler after configure + --with-cppflags Specify additional flags to pass to preprocessor + --with-ldflags Specify additional flags to pass to linker + --with-ldflags-after Specify additional flags to pass to linker after configure + --with-libs Specify additional libraries to link with + --with-Werror Build main code with -Werror + --with-solaris-contracts Enable Solaris process contracts (experimental) + --with-solaris-projects Enable Solaris projects (experimental) + --with-solaris-privs Enable Solaris/Illumos privileges (experimental) + --with-osfsia Enable Digital Unix SIA + --with-zlib=PATH Use zlib in PATH + --without-zlib-version-check Disable zlib version check + --with-ldns[=PATH] Use ldns for DNSSEC support (optionally in PATH) + --with-libedit[=PATH] Enable libedit support for sftp + --with-audit=module Enable audit support (modules=debug,bsm,linux) + --with-pie Build Position Independent Executables if possible + --with-security-key-builtin include builtin U2F/FIDO support + --with-ssl-dir=PATH Specify path to OpenSSL installation + --without-openssl-header-check Disable OpenSSL version consistency check + --with-ssl-engine Enable OpenSSL (hardware) ENGINE support + --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT + --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool) + --with-pam Enable PAM support + --with-pam-service=name Specify PAM service name + --with-privsep-user=user Specify non-privileged user for privilege separation + --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge) + --with-selinux Enable SELinux support + --with-kerberos5=PATH Enable Kerberos 5 support + --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty) + --with-xauth=PATH Specify path to xauth program + --with-maildir=/path/to/mail Specify your system mail directory + --with-mantype=man|cat|doc Set man page type + --without-shadow Disable shadow password support + --with-ipaddr-display Use ip address instead of hostname in $DISPLAY + --with-default-path= Specify default $PATH environment for server + --with-superuser-path= Specify different path for super-user + --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses + --with-bsd-auth Enable BSD auth support + --with-pid-dir=PATH Specify location of sshd.pid file + --with-lastlog=FILE|DIR specify lastlog location common locations + +Some influential environment variables: + CC C compiler command + CFLAGS C compiler flags + LDFLAGS linker flags, e.g. -L if you have libraries in a + nonstandard directory + LIBS libraries to pass to the linker, e.g. -l + CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I if + you have headers in a nonstandard directory + CPP C preprocessor + +Use these variables to override the choices made by `configure' or to help +it to find libraries and programs with nonstandard names/locations. + +Report bugs to . +_ACEOF +ac_status=$? +fi + +if test "$ac_init_help" = "recursive"; then + # If there are subdirs, report their specific --help. + for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue + test -d "$ac_dir" || + { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || + continue + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`printf "%s\n" "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`printf "%s\n" "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + cd "$ac_dir" || { ac_status=$?; continue; } + # Check for configure.gnu first; this name is used for a wrapper for + # Metaconfig's "Configure" on case-insensitive file systems. + if test -f "$ac_srcdir/configure.gnu"; then + echo && + $SHELL "$ac_srcdir/configure.gnu" --help=recursive + elif test -f "$ac_srcdir/configure"; then + echo && + $SHELL "$ac_srcdir/configure" --help=recursive + else + printf "%s\n" "$as_me: WARNING: no configuration information is in $ac_dir" >&2 + fi || ac_status=$? + cd "$ac_pwd" || { ac_status=$?; break; } + done +fi + +test -n "$ac_init_help" && exit $ac_status +if $ac_init_version; then + cat <<\_ACEOF +OpenSSH configure Portable +generated by GNU Autoconf 2.71 + +Copyright (C) 2021 Free Software Foundation, Inc. +This configure script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it. +_ACEOF + exit +fi + +## ------------------------ ## +## Autoconf initialization. ## +## ------------------------ ## + +# ac_fn_c_try_compile LINENO +# -------------------------- +# Try to compile conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_compile () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + rm -f conftest.$ac_objext conftest.beam + if { { ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_compile") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext +then : + ac_retval=0 +else $as_nop + printf "%s\n" "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_compile + +# ac_fn_c_try_run LINENO +# ---------------------- +# Try to run conftest.$ac_ext, and return whether this succeeded. Assumes that +# executables *can* be run. +ac_fn_c_try_run () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; } +then : + ac_retval=0 +else $as_nop + printf "%s\n" "$as_me: program exited with status $ac_status" >&5 + printf "%s\n" "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=$ac_status +fi + rm -rf conftest.dSYM conftest_ipa8_conftest.oo + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_run + +# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES +# ------------------------------------------------------- +# Tests whether HEADER exists and can be compiled using the include files in +# INCLUDES, setting the cache variable VAR accordingly. +ac_fn_c_check_header_compile () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +printf %s "checking for $2... " >&6; } +if eval test \${$3+y} +then : + printf %s "(cached) " >&6 +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +#include <$2> +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + eval "$3=yes" +else $as_nop + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +fi +eval ac_res=\$$3 + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_header_compile + +# ac_fn_c_try_cpp LINENO +# ---------------------- +# Try to preprocess conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_cpp () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } > conftest.i && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + } +then : + ac_retval=0 +else $as_nop + printf "%s\n" "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_cpp + +# ac_fn_check_decl LINENO SYMBOL VAR INCLUDES EXTRA-OPTIONS FLAG-VAR +# ------------------------------------------------------------------ +# Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR +# accordingly. Pass EXTRA-OPTIONS to the compiler, using FLAG-VAR. +ac_fn_check_decl () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + as_decl_name=`echo $2|sed 's/ *(.*//'` + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5 +printf %s "checking whether $as_decl_name is declared... " >&6; } +if eval test \${$3+y} +then : + printf %s "(cached) " >&6 +else $as_nop + as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'` + eval ac_save_FLAGS=\$$6 + as_fn_append $6 " $5" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main (void) +{ +#ifndef $as_decl_name +#ifdef __cplusplus + (void) $as_decl_use; +#else + (void) $as_decl_name; +#endif +#endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + eval "$3=yes" +else $as_nop + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + eval $6=\$ac_save_FLAGS + +fi +eval ac_res=\$$3 + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_check_decl + +# ac_fn_c_try_link LINENO +# ----------------------- +# Try to link conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_link () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + rm -f conftest.$ac_objext conftest.beam conftest$ac_exeext + if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && { + test "$cross_compiling" = yes || + test -x conftest$ac_exeext + } +then : + ac_retval=0 +else $as_nop + printf "%s\n" "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information + # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would + # interfere with the next link command; also delete a directory that is + # left behind by Apple's compiler. We do this before executing the actions. + rm -rf conftest.dSYM conftest_ipa8_conftest.oo + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_link + +# ac_fn_c_check_func LINENO FUNC VAR +# ---------------------------------- +# Tests whether FUNC exists, setting the cache variable VAR accordingly +ac_fn_c_check_func () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +printf %s "checking for $2... " >&6; } +if eval test \${$3+y} +then : + printf %s "(cached) " >&6 +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +/* Define $2 to an innocuous variant, in case declares $2. + For example, HP-UX 11i declares gettimeofday. */ +#define $2 innocuous_$2 + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $2 (); below. */ + +#include +#undef $2 + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char $2 (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined __stub_$2 || defined __stub___$2 +choke me +#endif + +int +main (void) +{ +return $2 (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + eval "$3=yes" +else $as_nop + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +fi +eval ac_res=\$$3 + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_func + +# ac_fn_c_check_type LINENO TYPE VAR INCLUDES +# ------------------------------------------- +# Tests whether TYPE exists after having included INCLUDES, setting cache +# variable VAR accordingly. +ac_fn_c_check_type () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +printf %s "checking for $2... " >&6; } +if eval test \${$3+y} +then : + printf %s "(cached) " >&6 +else $as_nop + eval "$3=no" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main (void) +{ +if (sizeof ($2)) + return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main (void) +{ +if (sizeof (($2))) + return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + +else $as_nop + eval "$3=yes" +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +fi +eval ac_res=\$$3 + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_type + +# ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES +# ---------------------------------------------------- +# Tries to find if the field MEMBER exists in type AGGR, after including +# INCLUDES, setting cache variable VAR accordingly. +ac_fn_c_check_member () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5 +printf %s "checking for $2.$3... " >&6; } +if eval test \${$4+y} +then : + printf %s "(cached) " >&6 +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$5 +int +main (void) +{ +static $2 ac_aggr; +if (ac_aggr.$3) +return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + eval "$4=yes" +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$5 +int +main (void) +{ +static $2 ac_aggr; +if (sizeof ac_aggr.$3) +return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + eval "$4=yes" +else $as_nop + eval "$4=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +fi +eval ac_res=\$$4 + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_member + +# ac_fn_c_compute_int LINENO EXPR VAR INCLUDES +# -------------------------------------------- +# Tries to find the compile-time value of EXPR in a program that includes +# INCLUDES, setting VAR accordingly. Returns whether the value could be +# computed +ac_fn_c_compute_int () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if test "$cross_compiling" = yes; then + # Depending upon the size, compute the lo and hi bounds. +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main (void) +{ +static int test_array [1 - 2 * !(($2) >= 0)]; +test_array [0] = 0; +return test_array [0]; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_lo=0 ac_mid=0 + while :; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main (void) +{ +static int test_array [1 - 2 * !(($2) <= $ac_mid)]; +test_array [0] = 0; +return test_array [0]; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_hi=$ac_mid; break +else $as_nop + as_fn_arith $ac_mid + 1 && ac_lo=$as_val + if test $ac_lo -le $ac_mid; then + ac_lo= ac_hi= + break + fi + as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + done +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main (void) +{ +static int test_array [1 - 2 * !(($2) < 0)]; +test_array [0] = 0; +return test_array [0]; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_hi=-1 ac_mid=-1 + while :; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main (void) +{ +static int test_array [1 - 2 * !(($2) >= $ac_mid)]; +test_array [0] = 0; +return test_array [0]; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_lo=$ac_mid; break +else $as_nop + as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val + if test $ac_mid -le $ac_hi; then + ac_lo= ac_hi= + break + fi + as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + done +else $as_nop + ac_lo= ac_hi= +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +# Binary search between lo and hi bounds. +while test "x$ac_lo" != "x$ac_hi"; do + as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main (void) +{ +static int test_array [1 - 2 * !(($2) <= $ac_mid)]; +test_array [0] = 0; +return test_array [0]; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_hi=$ac_mid +else $as_nop + as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +done +case $ac_lo in #(( +?*) eval "$3=\$ac_lo"; ac_retval=0 ;; +'') ac_retval=1 ;; +esac + else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +static long int longval (void) { return $2; } +static unsigned long int ulongval (void) { return $2; } +#include +#include +int +main (void) +{ + + FILE *f = fopen ("conftest.val", "w"); + if (! f) + return 1; + if (($2) < 0) + { + long int i = longval (); + if (i != ($2)) + return 1; + fprintf (f, "%ld", i); + } + else + { + unsigned long int i = ulongval (); + if (i != ($2)) + return 1; + fprintf (f, "%lu", i); + } + /* Do not output a trailing newline, as this causes \r\n confusion + on some platforms. */ + return ferror (f) || fclose (f) != 0; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + echo >>conftest.val; read $3 config.log <<_ACEOF +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. + +It was created by OpenSSH $as_me Portable, which was +generated by GNU Autoconf 2.71. Invocation command line was + + $ $0$ac_configure_args_raw + +_ACEOF +exec 5>>config.log +{ +cat <<_ASUNAME +## --------- ## +## Platform. ## +## --------- ## + +hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` + +/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` +/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` +/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` +/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` + +_ASUNAME + +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + printf "%s\n" "PATH: $as_dir" + done +IFS=$as_save_IFS + +} >&5 + +cat >&5 <<_ACEOF + + +## ----------- ## +## Core tests. ## +## ----------- ## + +_ACEOF + + +# Keep a trace of the command line. +# Strip out --no-create and --no-recursion so they do not pile up. +# Strip out --silent because we don't want to record it for future runs. +# Also quote any args containing shell meta-characters. +# Make two passes to allow for proper duplicate-argument suppression. +ac_configure_args= +ac_configure_args0= +ac_configure_args1= +ac_must_keep_next=false +for ac_pass in 1 2 +do + for ac_arg + do + case $ac_arg in + -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + continue ;; + *\'*) + ac_arg=`printf "%s\n" "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + case $ac_pass in + 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; + 2) + as_fn_append ac_configure_args1 " '$ac_arg'" + if test $ac_must_keep_next = true; then + ac_must_keep_next=false # Got value, back to normal. + else + case $ac_arg in + *=* | --config-cache | -C | -disable-* | --disable-* \ + | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ + | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ + | -with-* | --with-* | -without-* | --without-* | --x) + case "$ac_configure_args0 " in + "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; + esac + ;; + -* ) ac_must_keep_next=true ;; + esac + fi + as_fn_append ac_configure_args " '$ac_arg'" + ;; + esac + done +done +{ ac_configure_args0=; unset ac_configure_args0;} +{ ac_configure_args1=; unset ac_configure_args1;} + +# When interrupted or exit'd, cleanup temporary files, and complete +# config.log. We remove comments because anyway the quotes in there +# would cause problems or look ugly. +# WARNING: Use '\'' to represent an apostrophe within the trap. +# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. +trap 'exit_status=$? + # Sanitize IFS. + IFS=" "" $as_nl" + # Save into config.log some information that might help in debugging. + { + echo + + printf "%s\n" "## ---------------- ## +## Cache variables. ## +## ---------------- ##" + echo + # The following way of writing the cache mishandles newlines in values, +( + for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do + eval ac_val=\$$ac_var + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( + *_cv_*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( + BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( + *) { eval $ac_var=; unset $ac_var;} ;; + esac ;; + esac + done + (set) 2>&1 | + case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( + *${as_nl}ac_space=\ *) + sed -n \ + "s/'\''/'\''\\\\'\'''\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" + ;; #( + *) + sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" + ;; + esac | + sort +) + echo + + printf "%s\n" "## ----------------- ## +## Output variables. ## +## ----------------- ##" + echo + for ac_var in $ac_subst_vars + do + eval ac_val=\$$ac_var + case $ac_val in + *\'\''*) ac_val=`printf "%s\n" "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac + printf "%s\n" "$ac_var='\''$ac_val'\''" + done | sort + echo + + if test -n "$ac_subst_files"; then + printf "%s\n" "## ------------------- ## +## File substitutions. ## +## ------------------- ##" + echo + for ac_var in $ac_subst_files + do + eval ac_val=\$$ac_var + case $ac_val in + *\'\''*) ac_val=`printf "%s\n" "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac + printf "%s\n" "$ac_var='\''$ac_val'\''" + done | sort + echo + fi + + if test -s confdefs.h; then + printf "%s\n" "## ----------- ## +## confdefs.h. ## +## ----------- ##" + echo + cat confdefs.h + echo + fi + test "$ac_signal" != 0 && + printf "%s\n" "$as_me: caught signal $ac_signal" + printf "%s\n" "$as_me: exit $exit_status" + } >&5 + rm -f core *.core core.conftest.* && + rm -f -r conftest* confdefs* conf$$* $ac_clean_files && + exit $exit_status +' 0 +for ac_signal in 1 2 13 15; do + trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal +done +ac_signal=0 + +# confdefs.h avoids OS command line length limits that DEFS can exceed. +rm -f -r conftest* confdefs.h + +printf "%s\n" "/* confdefs.h */" > confdefs.h + +# Predefined preprocessor variables. + +printf "%s\n" "#define PACKAGE_NAME \"$PACKAGE_NAME\"" >>confdefs.h + +printf "%s\n" "#define PACKAGE_TARNAME \"$PACKAGE_TARNAME\"" >>confdefs.h + +printf "%s\n" "#define PACKAGE_VERSION \"$PACKAGE_VERSION\"" >>confdefs.h + +printf "%s\n" "#define PACKAGE_STRING \"$PACKAGE_STRING\"" >>confdefs.h + +printf "%s\n" "#define PACKAGE_BUGREPORT \"$PACKAGE_BUGREPORT\"" >>confdefs.h + +printf "%s\n" "#define PACKAGE_URL \"$PACKAGE_URL\"" >>confdefs.h + + +# Let the site file select an alternate cache file if it wants to. +# Prefer an explicitly selected file to automatically selected ones. +if test -n "$CONFIG_SITE"; then + ac_site_files="$CONFIG_SITE" +elif test "x$prefix" != xNONE; then + ac_site_files="$prefix/share/config.site $prefix/etc/config.site" +else + ac_site_files="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site" +fi + +for ac_site_file in $ac_site_files +do + case $ac_site_file in #( + */*) : + ;; #( + *) : + ac_site_file=./$ac_site_file ;; +esac + if test -f "$ac_site_file" && test -r "$ac_site_file"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 +printf "%s\n" "$as_me: loading site script $ac_site_file" >&6;} + sed 's/^/| /' "$ac_site_file" >&5 + . "$ac_site_file" \ + || { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "failed to load site script $ac_site_file +See \`config.log' for more details" "$LINENO" 5; } + fi +done + +if test -r "$cache_file"; then + # Some versions of bash will fail to source /dev/null (special files + # actually), so we avoid doing that. DJGPP emulates it as a regular file. + if test /dev/null != "$cache_file" && test -f "$cache_file"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 +printf "%s\n" "$as_me: loading cache $cache_file" >&6;} + case $cache_file in + [\\/]* | ?:[\\/]* ) . "$cache_file";; + *) . "./$cache_file";; + esac + fi +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 +printf "%s\n" "$as_me: creating cache $cache_file" >&6;} + >$cache_file +fi + +# Test code for whether the C compiler supports C89 (global declarations) +ac_c_conftest_c89_globals=' +/* Does the compiler advertise C89 conformance? + Do not test the value of __STDC__, because some compilers set it to 0 + while being otherwise adequately conformant. */ +#if !defined __STDC__ +# error "Compiler does not advertise C89 conformance" +#endif + +#include +#include +struct stat; +/* Most of the following tests are stolen from RCS 5.7 src/conf.sh. */ +struct buf { int x; }; +struct buf * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} + +/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has + function prototypes and stuff, but not \xHH hex character constants. + These do not provoke an error unfortunately, instead are silently treated + as an "x". The following induces an error, until -std is added to get + proper ANSI mode. Curiously \x00 != x always comes out true, for an + array size at least. It is necessary to write \x00 == 0 to get something + that is true only with -std. */ +int osf4_cc_array ['\''\x00'\'' == 0 ? 1 : -1]; + +/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters + inside strings and character constants. */ +#define FOO(x) '\''x'\'' +int xlc6_cc_array[FOO(a) == '\''x'\'' ? 1 : -1]; + +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, int *(*)(struct buf *, struct stat *, int), + int, int);' + +# Test code for whether the C compiler supports C89 (body of main). +ac_c_conftest_c89_main=' +ok |= (argc == 0 || f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]); +' + +# Test code for whether the C compiler supports C99 (global declarations) +ac_c_conftest_c99_globals=' +// Does the compiler advertise C99 conformance? +#if !defined __STDC_VERSION__ || __STDC_VERSION__ < 199901L +# error "Compiler does not advertise C99 conformance" +#endif + +#include +extern int puts (const char *); +extern int printf (const char *, ...); +extern int dprintf (int, const char *, ...); +extern void *malloc (size_t); + +// Check varargs macros. These examples are taken from C99 6.10.3.5. +// dprintf is used instead of fprintf to avoid needing to declare +// FILE and stderr. +#define debug(...) dprintf (2, __VA_ARGS__) +#define showlist(...) puts (#__VA_ARGS__) +#define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__)) +static void +test_varargs_macros (void) +{ + int x = 1234; + int y = 5678; + debug ("Flag"); + debug ("X = %d\n", x); + showlist (The first, second, and third items.); + report (x>y, "x is %d but y is %d", x, y); +} + +// Check long long types. +#define BIG64 18446744073709551615ull +#define BIG32 4294967295ul +#define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0) +#if !BIG_OK + #error "your preprocessor is broken" +#endif +#if BIG_OK +#else + #error "your preprocessor is broken" +#endif +static long long int bignum = -9223372036854775807LL; +static unsigned long long int ubignum = BIG64; + +struct incomplete_array +{ + int datasize; + double data[]; +}; + +struct named_init { + int number; + const wchar_t *name; + double average; +}; + +typedef const char *ccp; + +static inline int +test_restrict (ccp restrict text) +{ + // See if C++-style comments work. + // Iterate through items via the restricted pointer. + // Also check for declarations in for loops. + for (unsigned int i = 0; *(text+i) != '\''\0'\''; ++i) + continue; + return 0; +} + +// Check varargs and va_copy. +static bool +test_varargs (const char *format, ...) +{ + va_list args; + va_start (args, format); + va_list args_copy; + va_copy (args_copy, args); + + const char *str = ""; + int number = 0; + float fnumber = 0; + + while (*format) + { + switch (*format++) + { + case '\''s'\'': // string + str = va_arg (args_copy, const char *); + break; + case '\''d'\'': // int + number = va_arg (args_copy, int); + break; + case '\''f'\'': // float + fnumber = va_arg (args_copy, double); + break; + default: + break; + } + } + va_end (args_copy); + va_end (args); + + return *str && number && fnumber; +} +' + +# Test code for whether the C compiler supports C99 (body of main). +ac_c_conftest_c99_main=' + // Check bool. + _Bool success = false; + success |= (argc != 0); + + // Check restrict. + if (test_restrict ("String literal") == 0) + success = true; + char *restrict newvar = "Another string"; + + // Check varargs. + success &= test_varargs ("s, d'\'' f .", "string", 65, 34.234); + test_varargs_macros (); + + // Check flexible array members. + struct incomplete_array *ia = + malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10)); + ia->datasize = 10; + for (int i = 0; i < ia->datasize; ++i) + ia->data[i] = i * 1.234; + + // Check named initializers. + struct named_init ni = { + .number = 34, + .name = L"Test wide string", + .average = 543.34343, + }; + + ni.number = 58; + + int dynamic_array[ni.number]; + dynamic_array[0] = argv[0][0]; + dynamic_array[ni.number - 1] = 543; + + // work around unused variable warnings + ok |= (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == '\''x'\'' + || dynamic_array[ni.number - 1] != 543); +' + +# Test code for whether the C compiler supports C11 (global declarations) +ac_c_conftest_c11_globals=' +// Does the compiler advertise C11 conformance? +#if !defined __STDC_VERSION__ || __STDC_VERSION__ < 201112L +# error "Compiler does not advertise C11 conformance" +#endif + +// Check _Alignas. +char _Alignas (double) aligned_as_double; +char _Alignas (0) no_special_alignment; +extern char aligned_as_int; +char _Alignas (0) _Alignas (int) aligned_as_int; + +// Check _Alignof. +enum +{ + int_alignment = _Alignof (int), + int_array_alignment = _Alignof (int[100]), + char_alignment = _Alignof (char) +}; +_Static_assert (0 < -_Alignof (int), "_Alignof is signed"); + +// Check _Noreturn. +int _Noreturn does_not_return (void) { for (;;) continue; } + +// Check _Static_assert. +struct test_static_assert +{ + int x; + _Static_assert (sizeof (int) <= sizeof (long int), + "_Static_assert does not work in struct"); + long int y; +}; + +// Check UTF-8 literals. +#define u8 syntax error! +char const utf8_literal[] = u8"happens to be ASCII" "another string"; + +// Check duplicate typedefs. +typedef long *long_ptr; +typedef long int *long_ptr; +typedef long_ptr long_ptr; + +// Anonymous structures and unions -- taken from C11 6.7.2.1 Example 1. +struct anonymous +{ + union { + struct { int i; int j; }; + struct { int k; long int l; } w; + }; + int m; +} v1; +' + +# Test code for whether the C compiler supports C11 (body of main). +ac_c_conftest_c11_main=' + _Static_assert ((offsetof (struct anonymous, i) + == offsetof (struct anonymous, w.k)), + "Anonymous union alignment botch"); + v1.i = 2; + v1.w.k = 5; + ok |= v1.i != 5; +' + +# Test code for whether the C compiler supports C11 (complete). +ac_c_conftest_c11_program="${ac_c_conftest_c89_globals} +${ac_c_conftest_c99_globals} +${ac_c_conftest_c11_globals} + +int +main (int argc, char **argv) +{ + int ok = 0; + ${ac_c_conftest_c89_main} + ${ac_c_conftest_c99_main} + ${ac_c_conftest_c11_main} + return ok; +} +" + +# Test code for whether the C compiler supports C99 (complete). +ac_c_conftest_c99_program="${ac_c_conftest_c89_globals} +${ac_c_conftest_c99_globals} + +int +main (int argc, char **argv) +{ + int ok = 0; + ${ac_c_conftest_c89_main} + ${ac_c_conftest_c99_main} + return ok; +} +" + +# Test code for whether the C compiler supports C89 (complete). +ac_c_conftest_c89_program="${ac_c_conftest_c89_globals} + +int +main (int argc, char **argv) +{ + int ok = 0; + ${ac_c_conftest_c89_main} + return ok; +} +" + +as_fn_append ac_header_c_list " stdio.h stdio_h HAVE_STDIO_H" +as_fn_append ac_header_c_list " stdlib.h stdlib_h HAVE_STDLIB_H" +as_fn_append ac_header_c_list " string.h string_h HAVE_STRING_H" +as_fn_append ac_header_c_list " inttypes.h inttypes_h HAVE_INTTYPES_H" +as_fn_append ac_header_c_list " stdint.h stdint_h HAVE_STDINT_H" +as_fn_append ac_header_c_list " strings.h strings_h HAVE_STRINGS_H" +as_fn_append ac_header_c_list " sys/stat.h sys_stat_h HAVE_SYS_STAT_H" +as_fn_append ac_header_c_list " sys/types.h sys_types_h HAVE_SYS_TYPES_H" +as_fn_append ac_header_c_list " unistd.h unistd_h HAVE_UNISTD_H" + +# Auxiliary files required by this configure script. +ac_aux_files="install-sh config.guess config.sub" + +# Locations in which to look for auxiliary files. +ac_aux_dir_candidates="${srcdir}${PATH_SEPARATOR}${srcdir}/..${PATH_SEPARATOR}${srcdir}/../.." + +# Search for a directory containing all of the required auxiliary files, +# $ac_aux_files, from the $PATH-style list $ac_aux_dir_candidates. +# If we don't find one directory that contains all the files we need, +# we report the set of missing files from the *first* directory in +# $ac_aux_dir_candidates and give up. +ac_missing_aux_files="" +ac_first_candidate=: +printf "%s\n" "$as_me:${as_lineno-$LINENO}: looking for aux files: $ac_aux_files" >&5 +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_found=false +for as_dir in $ac_aux_dir_candidates +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + as_found=: + + printf "%s\n" "$as_me:${as_lineno-$LINENO}: trying $as_dir" >&5 + ac_aux_dir_found=yes + ac_install_sh= + for ac_aux in $ac_aux_files + do + # As a special case, if "install-sh" is required, that requirement + # can be satisfied by any of "install-sh", "install.sh", or "shtool", + # and $ac_install_sh is set appropriately for whichever one is found. + if test x"$ac_aux" = x"install-sh" + then + if test -f "${as_dir}install-sh"; then + printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}install-sh found" >&5 + ac_install_sh="${as_dir}install-sh -c" + elif test -f "${as_dir}install.sh"; then + printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}install.sh found" >&5 + ac_install_sh="${as_dir}install.sh -c" + elif test -f "${as_dir}shtool"; then + printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}shtool found" >&5 + ac_install_sh="${as_dir}shtool install -c" + else + ac_aux_dir_found=no + if $ac_first_candidate; then + ac_missing_aux_files="${ac_missing_aux_files} install-sh" + else + break + fi + fi + else + if test -f "${as_dir}${ac_aux}"; then + printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}${ac_aux} found" >&5 + else + ac_aux_dir_found=no + if $ac_first_candidate; then + ac_missing_aux_files="${ac_missing_aux_files} ${ac_aux}" + else + break + fi + fi + fi + done + if test "$ac_aux_dir_found" = yes; then + ac_aux_dir="$as_dir" + break + fi + ac_first_candidate=false + + as_found=false +done +IFS=$as_save_IFS +if $as_found +then : + +else $as_nop + as_fn_error $? "cannot find required auxiliary files:$ac_missing_aux_files" "$LINENO" 5 +fi + + +# These three variables are undocumented and unsupported, +# and are intended to be withdrawn in a future Autoconf release. +# They can cause serious problems if a builder's source tree is in a directory +# whose full name contains unusual characters. +if test -f "${ac_aux_dir}config.guess"; then + ac_config_guess="$SHELL ${ac_aux_dir}config.guess" +fi +if test -f "${ac_aux_dir}config.sub"; then + ac_config_sub="$SHELL ${ac_aux_dir}config.sub" +fi +if test -f "$ac_aux_dir/configure"; then + ac_configure="$SHELL ${ac_aux_dir}configure" +fi + +# Check that the precious variables saved in the cache have kept the same +# value. +ac_cache_corrupted=false +for ac_var in $ac_precious_vars; do + eval ac_old_set=\$ac_cv_env_${ac_var}_set + eval ac_new_set=\$ac_env_${ac_var}_set + eval ac_old_val=\$ac_cv_env_${ac_var}_value + eval ac_new_val=\$ac_env_${ac_var}_value + case $ac_old_set,$ac_new_set in + set,) + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 +printf "%s\n" "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,set) + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 +printf "%s\n" "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,);; + *) + if test "x$ac_old_val" != "x$ac_new_val"; then + # differences in whitespace do not lead to failure. + ac_old_val_w=`echo x $ac_old_val` + ac_new_val_w=`echo x $ac_new_val` + if test "$ac_old_val_w" != "$ac_new_val_w"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 +printf "%s\n" "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} + ac_cache_corrupted=: + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 +printf "%s\n" "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} + eval $ac_var=\$ac_old_val + fi + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 +printf "%s\n" "$as_me: former value: \`$ac_old_val'" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 +printf "%s\n" "$as_me: current value: \`$ac_new_val'" >&2;} + fi;; + esac + # Pass precious variables to config.status. + if test "$ac_new_set" = set; then + case $ac_new_val in + *\'*) ac_arg=$ac_var=`printf "%s\n" "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; + *) ac_arg=$ac_var=$ac_new_val ;; + esac + case " $ac_configure_args " in + *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. + *) as_fn_append ac_configure_args " '$ac_arg'" ;; + esac + fi +done +if $ac_cache_corrupted; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 +printf "%s\n" "$as_me: error: changes in the environment can compromise the build" >&2;} + as_fn_error $? "run \`${MAKE-make} distclean' and/or \`rm $cache_file' + and start over" "$LINENO" 5 +fi +## -------------------- ## +## Main body of script. ## +## -------------------- ## + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + + + + +# Check for stale configure as early as possible. +for i in $srcdir/configure.ac $srcdir/m4/*.m4; do + if test "$i" -nt "$srcdir/configure"; then + as_fn_error $? "$i newer than configure, run autoreconf" "$LINENO" 5 + fi +done + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +ac_config_headers="$ac_config_headers config.h" + + + + + + + + + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +if test -n "$ac_tool_prefix"; then + for ac_prog in cc gcc clang + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_CC+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="$ac_tool_prefix$ac_prog" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +printf "%s\n" "$CC" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + + test -n "$CC" && break + done +fi +if test -z "$CC"; then + ac_ct_CC=$CC + for ac_prog in cc gcc clang +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_CC+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="$ac_prog" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +printf "%s\n" "$ac_ct_CC" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + + test -n "$ac_ct_CC" && break +done + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +fi + + +test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "no acceptable C compiler found in \$PATH +See \`config.log' for more details" "$LINENO" 5; } + +# Provide some information about the compiler. +printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 +set X $ac_compile +ac_compiler=$2 +for ac_option in --version -v -V -qversion -version; do + { { ac_try="$ac_compiler $ac_option >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_compiler $ac_option >&5") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + sed '10a\ +... rest of stderr output deleted ... + 10q' conftest.err >conftest.er1 + cat conftest.er1 >&5 + fi + rm -f conftest.er1 conftest.err + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +done + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main (void) +{ + + ; + return 0; +} +_ACEOF +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" +# Try to create an executable without -o first, disregard a.out. +# It will help us diagnose broken compilers, and finding out an intuition +# of exeext. +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 +printf %s "checking whether the C compiler works... " >&6; } +ac_link_default=`printf "%s\n" "$ac_link" | sed 's/ -o *conftest[^ ]*//'` + +# The possible output files: +ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" + +ac_rmfiles= +for ac_file in $ac_files +do + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; + * ) ac_rmfiles="$ac_rmfiles $ac_file";; + esac +done +rm -f $ac_rmfiles + +if { { ac_try="$ac_link_default" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_link_default") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +then : + # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. +# So ignore a value of `no', otherwise this would lead to `EXEEXT = no' +# in a Makefile. We should not override ac_cv_exeext if it was cached, +# so that the user can short-circuit this test for compilers unknown to +# Autoconf. +for ac_file in $ac_files '' +do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) + ;; + [ab].out ) + # We found the default executable, but exeext='' is most + # certainly right. + break;; + *.* ) + if test ${ac_cv_exeext+y} && test "$ac_cv_exeext" != no; + then :; else + ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + fi + # We set ac_cv_exeext here because the later test for it is not + # safe: cross compilers may not add the suffix if given an `-o' + # argument, so we may need to know it at that point already. + # Even if this section looks crufty: it has the advantage of + # actually working. + break;; + * ) + break;; + esac +done +test "$ac_cv_exeext" = no && ac_cv_exeext= + +else $as_nop + ac_file='' +fi +if test -z "$ac_file" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +printf "%s\n" "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "C compiler cannot create executables +See \`config.log' for more details" "$LINENO" 5; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 +printf %s "checking for C compiler default output file name... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 +printf "%s\n" "$ac_file" >&6; } +ac_exeext=$ac_cv_exeext + +rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out +ac_clean_files=$ac_clean_files_save +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 +printf %s "checking for suffix of executables... " >&6; } +if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +then : + # If both `conftest.exe' and `conftest' are `present' (well, observable) +# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will +# work properly (i.e., refer to `conftest.exe'), while it won't with +# `rm'. +for ac_file in conftest.exe conftest conftest.*; do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; + *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + break;; + * ) break;; + esac +done +else $as_nop + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details" "$LINENO" 5; } +fi +rm -f conftest conftest$ac_cv_exeext +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 +printf "%s\n" "$ac_cv_exeext" >&6; } + +rm -f conftest.$ac_ext +EXEEXT=$ac_cv_exeext +ac_exeext=$EXEEXT +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main (void) +{ +FILE *f = fopen ("conftest.out", "w"); + return ferror (f) || fclose (f) != 0; + + ; + return 0; +} +_ACEOF +ac_clean_files="$ac_clean_files conftest.out" +# Check that the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 +printf %s "checking whether we are cross compiling... " >&6; } +if test "$cross_compiling" != yes; then + { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if { ac_try='./conftest$ac_cv_exeext' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then + cross_compiling=no + else + if test "$cross_compiling" = maybe; then + cross_compiling=yes + else + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot run C compiled programs. +If you meant to cross compile, use \`--host'. +See \`config.log' for more details" "$LINENO" 5; } + fi + fi +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 +printf "%s\n" "$cross_compiling" >&6; } + +rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out +ac_clean_files=$ac_clean_files_save +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 +printf %s "checking for suffix of object files... " >&6; } +if test ${ac_cv_objext+y} +then : + printf %s "(cached) " >&6 +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main (void) +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.o conftest.obj +if { { ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_compile") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +then : + for ac_file in conftest.o conftest.obj conftest.*; do + test -f "$ac_file" || continue; + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; + *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` + break;; + esac +done +else $as_nop + printf "%s\n" "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot compute suffix of object files: cannot compile +See \`config.log' for more details" "$LINENO" 5; } +fi +rm -f conftest.$ac_cv_objext conftest.$ac_ext +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 +printf "%s\n" "$ac_cv_objext" >&6; } +OBJEXT=$ac_cv_objext +ac_objext=$OBJEXT +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the compiler supports GNU C" >&5 +printf %s "checking whether the compiler supports GNU C... " >&6; } +if test ${ac_cv_c_compiler_gnu+y} +then : + printf %s "(cached) " >&6 +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main (void) +{ +#ifndef __GNUC__ + choke me +#endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_compiler_gnu=yes +else $as_nop + ac_compiler_gnu=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +ac_cv_c_compiler_gnu=$ac_compiler_gnu + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 +printf "%s\n" "$ac_cv_c_compiler_gnu" >&6; } +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +if test $ac_compiler_gnu = yes; then + GCC=yes +else + GCC= +fi +ac_test_CFLAGS=${CFLAGS+y} +ac_save_CFLAGS=$CFLAGS +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 +printf %s "checking whether $CC accepts -g... " >&6; } +if test ${ac_cv_prog_cc_g+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_save_c_werror_flag=$ac_c_werror_flag + ac_c_werror_flag=yes + ac_cv_prog_cc_g=no + CFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_prog_cc_g=yes +else $as_nop + CFLAGS="" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + +else $as_nop + ac_c_werror_flag=$ac_save_c_werror_flag + CFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_prog_cc_g=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + ac_c_werror_flag=$ac_save_c_werror_flag +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 +printf "%s\n" "$ac_cv_prog_cc_g" >&6; } +if test $ac_test_CFLAGS; then + CFLAGS=$ac_save_CFLAGS +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi +fi +ac_prog_cc_stdc=no +if test x$ac_prog_cc_stdc = xno +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C11 features" >&5 +printf %s "checking for $CC option to enable C11 features... " >&6; } +if test ${ac_cv_prog_cc_c11+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_cv_prog_cc_c11=no +ac_save_CC=$CC +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_c_conftest_c11_program +_ACEOF +for ac_arg in '' -std=gnu11 +do + CC="$ac_save_CC $ac_arg" + if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_prog_cc_c11=$ac_arg +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam + test "x$ac_cv_prog_cc_c11" != "xno" && break +done +rm -f conftest.$ac_ext +CC=$ac_save_CC +fi + +if test "x$ac_cv_prog_cc_c11" = xno +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +printf "%s\n" "unsupported" >&6; } +else $as_nop + if test "x$ac_cv_prog_cc_c11" = x +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +printf "%s\n" "none needed" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5 +printf "%s\n" "$ac_cv_prog_cc_c11" >&6; } + CC="$CC $ac_cv_prog_cc_c11" +fi + ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c11 + ac_prog_cc_stdc=c11 +fi +fi +if test x$ac_prog_cc_stdc = xno +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C99 features" >&5 +printf %s "checking for $CC option to enable C99 features... " >&6; } +if test ${ac_cv_prog_cc_c99+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_cv_prog_cc_c99=no +ac_save_CC=$CC +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_c_conftest_c99_program +_ACEOF +for ac_arg in '' -std=gnu99 -std=c99 -c99 -qlanglvl=extc1x -qlanglvl=extc99 -AC99 -D_STDC_C99= +do + CC="$ac_save_CC $ac_arg" + if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_prog_cc_c99=$ac_arg +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam + test "x$ac_cv_prog_cc_c99" != "xno" && break +done +rm -f conftest.$ac_ext +CC=$ac_save_CC +fi + +if test "x$ac_cv_prog_cc_c99" = xno +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +printf "%s\n" "unsupported" >&6; } +else $as_nop + if test "x$ac_cv_prog_cc_c99" = x +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +printf "%s\n" "none needed" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5 +printf "%s\n" "$ac_cv_prog_cc_c99" >&6; } + CC="$CC $ac_cv_prog_cc_c99" +fi + ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c99 + ac_prog_cc_stdc=c99 +fi +fi +if test x$ac_prog_cc_stdc = xno +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C89 features" >&5 +printf %s "checking for $CC option to enable C89 features... " >&6; } +if test ${ac_cv_prog_cc_c89+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_cv_prog_cc_c89=no +ac_save_CC=$CC +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_c_conftest_c89_program +_ACEOF +for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_prog_cc_c89=$ac_arg +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam + test "x$ac_cv_prog_cc_c89" != "xno" && break +done +rm -f conftest.$ac_ext +CC=$ac_save_CC +fi + +if test "x$ac_cv_prog_cc_c89" = xno +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +printf "%s\n" "unsupported" >&6; } +else $as_nop + if test "x$ac_cv_prog_cc_c89" = x +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +printf "%s\n" "none needed" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 +printf "%s\n" "$ac_cv_prog_cc_c89" >&6; } + CC="$CC $ac_cv_prog_cc_c89" +fi + ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c89 + ac_prog_cc_stdc=c89 +fi +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +# XXX relax this after reimplementing logit() etc. +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports C99-style variadic macros" >&5 +printf %s "checking if $CC supports C99-style variadic macros... " >&6; } + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int f(int a, int b, int c) { return a + b + c; } +#define F(a, ...) f(a, __VA_ARGS__) + +int +main (void) +{ +return F(1, 2, -3); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +else $as_nop + as_fn_error $? "*** OpenSSH requires support for C99-style variadic macros" "$LINENO" 5 + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + + + + + # Make sure we can run config.sub. +$SHELL "${ac_aux_dir}config.sub" sun4 >/dev/null 2>&1 || + as_fn_error $? "cannot run $SHELL ${ac_aux_dir}config.sub" "$LINENO" 5 + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 +printf %s "checking build system type... " >&6; } +if test ${ac_cv_build+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_build_alias=$build_alias +test "x$ac_build_alias" = x && + ac_build_alias=`$SHELL "${ac_aux_dir}config.guess"` +test "x$ac_build_alias" = x && + as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5 +ac_cv_build=`$SHELL "${ac_aux_dir}config.sub" $ac_build_alias` || + as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $ac_build_alias failed" "$LINENO" 5 + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 +printf "%s\n" "$ac_cv_build" >&6; } +case $ac_cv_build in +*-*-*) ;; +*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;; +esac +build=$ac_cv_build +ac_save_IFS=$IFS; IFS='-' +set x $ac_cv_build +shift +build_cpu=$1 +build_vendor=$2 +shift; shift +# Remember, the first character of IFS is used to create $*, +# except with old shells: +build_os=$* +IFS=$ac_save_IFS +case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac + + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 +printf %s "checking host system type... " >&6; } +if test ${ac_cv_host+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test "x$host_alias" = x; then + ac_cv_host=$ac_cv_build +else + ac_cv_host=`$SHELL "${ac_aux_dir}config.sub" $host_alias` || + as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $host_alias failed" "$LINENO" 5 +fi + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 +printf "%s\n" "$ac_cv_host" >&6; } +case $ac_cv_host in +*-*-*) ;; +*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;; +esac +host=$ac_cv_host +ac_save_IFS=$IFS; IFS='-' +set x $ac_cv_host +shift +host_cpu=$1 +host_vendor=$2 +shift; shift +# Remember, the first character of IFS is used to create $*, +# except with old shells: +host_os=$* +IFS=$ac_save_IFS +case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac + + +ac_header= ac_cache= +for ac_item in $ac_header_c_list +do + if test $ac_cache; then + ac_fn_c_check_header_compile "$LINENO" $ac_header ac_cv_header_$ac_cache "$ac_includes_default" + if eval test \"x\$ac_cv_header_$ac_cache\" = xyes; then + printf "%s\n" "#define $ac_item 1" >> confdefs.h + fi + ac_header= ac_cache= + elif test $ac_header; then + ac_cache=$ac_item + else + ac_header=$ac_item + fi +done + + + + + + + + +if test $ac_cv_header_stdlib_h = yes && test $ac_cv_header_string_h = yes +then : + +printf "%s\n" "#define STDC_HEADERS 1" >>confdefs.h + +fi + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether byte ordering is bigendian" >&5 +printf %s "checking whether byte ordering is bigendian... " >&6; } +if test ${ac_cv_c_bigendian+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_cv_c_bigendian=unknown + # See if we're dealing with a universal compiler. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifndef __APPLE_CC__ + not a universal capable compiler + #endif + typedef int dummy; + +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + + # Check for potential -arch flags. It is not universal unless + # there are at least two -arch flags with different values. + ac_arch= + ac_prev= + for ac_word in $CC $CFLAGS $CPPFLAGS $LDFLAGS; do + if test -n "$ac_prev"; then + case $ac_word in + i?86 | x86_64 | ppc | ppc64) + if test -z "$ac_arch" || test "$ac_arch" = "$ac_word"; then + ac_arch=$ac_word + else + ac_cv_c_bigendian=universal + break + fi + ;; + esac + ac_prev= + elif test "x$ac_word" = "x-arch"; then + ac_prev=arch + fi + done +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + if test $ac_cv_c_bigendian = unknown; then + # See if sys/param.h defines the BYTE_ORDER macro. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + +int +main (void) +{ +#if ! (defined BYTE_ORDER && defined BIG_ENDIAN \ + && defined LITTLE_ENDIAN && BYTE_ORDER && BIG_ENDIAN \ + && LITTLE_ENDIAN) + bogus endian macros + #endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + # It does; now see whether it defined to BIG_ENDIAN or not. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + +int +main (void) +{ +#if BYTE_ORDER != BIG_ENDIAN + not big endian + #endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_c_bigendian=yes +else $as_nop + ac_cv_c_bigendian=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + fi + if test $ac_cv_c_bigendian = unknown; then + # See if defines _LITTLE_ENDIAN or _BIG_ENDIAN (e.g., Solaris). + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +int +main (void) +{ +#if ! (defined _LITTLE_ENDIAN || defined _BIG_ENDIAN) + bogus endian macros + #endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + # It does; now see whether it defined to _BIG_ENDIAN or not. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +int +main (void) +{ +#ifndef _BIG_ENDIAN + not big endian + #endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_c_bigendian=yes +else $as_nop + ac_cv_c_bigendian=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + fi + if test $ac_cv_c_bigendian = unknown; then + # Compile a test program. + if test "$cross_compiling" = yes +then : + # Try to guess by grepping values from an object file. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +unsigned short int ascii_mm[] = + { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 }; + unsigned short int ascii_ii[] = + { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 }; + int use_ascii (int i) { + return ascii_mm[i] + ascii_ii[i]; + } + unsigned short int ebcdic_ii[] = + { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 }; + unsigned short int ebcdic_mm[] = + { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 }; + int use_ebcdic (int i) { + return ebcdic_mm[i] + ebcdic_ii[i]; + } + extern int foo; + +int +main (void) +{ +return use_ascii (foo) == use_ebcdic (foo); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + if grep BIGenDianSyS conftest.$ac_objext >/dev/null; then + ac_cv_c_bigendian=yes + fi + if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then + if test "$ac_cv_c_bigendian" = unknown; then + ac_cv_c_bigendian=no + else + # finding both strings is unlikely to happen, but who knows? + ac_cv_c_bigendian=unknown + fi + fi +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_includes_default +int +main (void) +{ + + /* Are we little or big endian? From Harbison&Steele. */ + union + { + long int l; + char c[sizeof (long int)]; + } u; + u.l = 1; + return u.c[sizeof (long int) - 1] == 1; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + ac_cv_c_bigendian=no +else $as_nop + ac_cv_c_bigendian=yes +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + fi +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_bigendian" >&5 +printf "%s\n" "$ac_cv_c_bigendian" >&6; } + case $ac_cv_c_bigendian in #( + yes) + printf "%s\n" "#define WORDS_BIGENDIAN 1" >>confdefs.h +;; #( + no) + ;; #( + universal) + +printf "%s\n" "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h + + ;; #( + *) + as_fn_error $? "unknown endianness + presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;; + esac + + +# Checks for programs. +for ac_prog in gawk mawk nawk awk +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_AWK+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test -n "$AWK"; then + ac_cv_prog_AWK="$AWK" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_AWK="$ac_prog" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +AWK=$ac_cv_prog_AWK +if test -n "$AWK"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 +printf "%s\n" "$AWK" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + + test -n "$AWK" && break +done + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 +printf %s "checking how to run the C preprocessor... " >&6; } +# On Suns, sometimes $CPP names a directory. +if test -n "$CPP" && test -d "$CPP"; then + CPP= +fi +if test -z "$CPP"; then + if test ${ac_cv_prog_CPP+y} +then : + printf %s "(cached) " >&6 +else $as_nop + # Double quotes because $CC needs to be expanded + for CPP in "$CC -E" "$CC -E -traditional-cpp" cpp /lib/cpp + do + ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + Syntax error +_ACEOF +if ac_fn_c_try_cpp "$LINENO" +then : + +else $as_nop + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_c_try_cpp "$LINENO" +then : + # Broken: success on invalid input. +continue +else $as_nop + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok +then : + break +fi + + done + ac_cv_prog_CPP=$CPP + +fi + CPP=$ac_cv_prog_CPP +else + ac_cv_prog_CPP=$CPP +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 +printf "%s\n" "$CPP" >&6; } +ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + Syntax error +_ACEOF +if ac_fn_c_try_cpp "$LINENO" +then : + +else $as_nop + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_c_try_cpp "$LINENO" +then : + # Broken: success on invalid input. +continue +else $as_nop + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok +then : + +else $as_nop + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details" "$LINENO" 5; } +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. +set dummy ${ac_tool_prefix}ranlib; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_RANLIB+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test -n "$RANLIB"; then + ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +RANLIB=$ac_cv_prog_RANLIB +if test -n "$RANLIB"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 +printf "%s\n" "$RANLIB" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_RANLIB"; then + ac_ct_RANLIB=$RANLIB + # Extract the first word of "ranlib", so it can be a program name with args. +set dummy ranlib; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_RANLIB+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test -n "$ac_ct_RANLIB"; then + ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_RANLIB="ranlib" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB +if test -n "$ac_ct_RANLIB"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 +printf "%s\n" "$ac_ct_RANLIB" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + if test "x$ac_ct_RANLIB" = x; then + RANLIB=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + RANLIB=$ac_ct_RANLIB + fi +else + RANLIB="$ac_cv_prog_RANLIB" +fi + + + # Find a good install program. We prefer a C program (faster), +# so one script is as good as another. But avoid the broken or +# incompatible versions: +# SysV /etc/install, /usr/sbin/install +# SunOS /usr/etc/install +# IRIX /sbin/install +# AIX /bin/install +# AmigaOS /C/install, which installs bootblocks on floppy discs +# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag +# AFS /usr/afsws/bin/install, which mishandles nonexistent args +# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" +# OS/2's system install, which has a completely different semantic +# ./install, which can be erroneously created by make from ./install.sh. +# Reject install programs that cannot install multiple files. +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5 +printf %s "checking for a BSD-compatible install... " >&6; } +if test -z "$INSTALL"; then +if test ${ac_cv_path_install+y} +then : + printf %s "(cached) " >&6 +else $as_nop + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + # Account for fact that we put trailing slashes in our PATH walk. +case $as_dir in #(( + ./ | /[cC]/* | \ + /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ + ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \ + /usr/ucb/* ) ;; + *) + # OSF1 and SCO ODT 3.0 have their own names for install. + # Don't use installbsd from OSF since it installs stuff as root + # by default. + for ac_prog in ginstall scoinst install; do + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_prog$ac_exec_ext"; then + if test $ac_prog = install && + grep dspmsg "$as_dir$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # AIX install. It has an incompatible calling convention. + : + elif test $ac_prog = install && + grep pwplus "$as_dir$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # program-specific install script used by HP pwplus--don't use. + : + else + rm -rf conftest.one conftest.two conftest.dir + echo one > conftest.one + echo two > conftest.two + mkdir conftest.dir + if "$as_dir$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir/" && + test -s conftest.one && test -s conftest.two && + test -s conftest.dir/conftest.one && + test -s conftest.dir/conftest.two + then + ac_cv_path_install="$as_dir$ac_prog$ac_exec_ext -c" + break 3 + fi + fi + fi + done + done + ;; +esac + + done +IFS=$as_save_IFS + +rm -rf conftest.one conftest.two conftest.dir + +fi + if test ${ac_cv_path_install+y}; then + INSTALL=$ac_cv_path_install + else + # As a last resort, use the slow shell script. Don't cache a + # value for INSTALL within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the value is a relative name. + INSTALL=$ac_install_sh + fi +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5 +printf "%s\n" "$INSTALL" >&6; } + +# Use test -z because SunOS4 sh mishandles braces in ${var-val}. +# It thinks the first close brace ends the variable substitution. +test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' + +test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' + +test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 +printf %s "checking for grep that handles long lines and -e... " >&6; } +if test ${ac_cv_path_GREP+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test -z "$GREP"; then + ac_path_GREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_prog in grep ggrep + do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_GREP="$as_dir$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_GREP" || continue +# Check for GNU ac_path_GREP and select it if it is found. + # Check for GNU $ac_path_GREP +case `"$ac_path_GREP" --version 2>&1` in +*GNU*) + ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; +*) + ac_count=0 + printf %s 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + printf "%s\n" 'GREP' >> "conftest.nl" + "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_GREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_GREP="$ac_path_GREP" + ac_path_GREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_GREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_GREP"; then + as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_GREP=$GREP +fi + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 +printf "%s\n" "$ac_cv_path_GREP" >&6; } + GREP="$ac_cv_path_GREP" + + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 +printf %s "checking for egrep... " >&6; } +if test ${ac_cv_path_EGREP+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 + then ac_cv_path_EGREP="$GREP -E" + else + if test -z "$EGREP"; then + ac_path_EGREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_prog in egrep + do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_EGREP="$as_dir$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_EGREP" || continue +# Check for GNU ac_path_EGREP and select it if it is found. + # Check for GNU $ac_path_EGREP +case `"$ac_path_EGREP" --version 2>&1` in +*GNU*) + ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; +*) + ac_count=0 + printf %s 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + printf "%s\n" 'EGREP' >> "conftest.nl" + "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_EGREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_EGREP="$ac_path_EGREP" + ac_path_EGREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_EGREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_EGREP"; then + as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_EGREP=$EGREP +fi + + fi +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 +printf "%s\n" "$ac_cv_path_EGREP" >&6; } + EGREP="$ac_cv_path_EGREP" + + + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a race-free mkdir -p" >&5 +printf %s "checking for a race-free mkdir -p... " >&6; } +if test -z "$MKDIR_P"; then + if test ${ac_cv_path_mkdir+y} +then : + printf %s "(cached) " >&6 +else $as_nop + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_prog in mkdir gmkdir; do + for ac_exec_ext in '' $ac_executable_extensions; do + as_fn_executable_p "$as_dir$ac_prog$ac_exec_ext" || continue + case `"$as_dir$ac_prog$ac_exec_ext" --version 2>&1` in #( + 'mkdir ('*'coreutils) '* | \ + 'BusyBox '* | \ + 'mkdir (fileutils) '4.1*) + ac_cv_path_mkdir=$as_dir$ac_prog$ac_exec_ext + break 3;; + esac + done + done + done +IFS=$as_save_IFS + +fi + + test -d ./--version && rmdir ./--version + if test ${ac_cv_path_mkdir+y}; then + MKDIR_P="$ac_cv_path_mkdir -p" + else + # As a last resort, use the slow shell script. Don't cache a + # value for MKDIR_P within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the value is a relative name. + MKDIR_P="$ac_install_sh -d" + fi +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5 +printf "%s\n" "$MKDIR_P" >&6; } + +if test -n "$ac_tool_prefix"; then + for ac_prog in ar + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_AR+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test -n "$AR"; then + ac_cv_prog_AR="$AR" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_AR="$ac_tool_prefix$ac_prog" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +AR=$ac_cv_prog_AR +if test -n "$AR"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 +printf "%s\n" "$AR" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + + test -n "$AR" && break + done +fi +if test -z "$AR"; then + ac_ct_AR=$AR + for ac_prog in ar +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_AR+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test -n "$ac_ct_AR"; then + ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_AR="$ac_prog" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_AR=$ac_cv_prog_ac_ct_AR +if test -n "$ac_ct_AR"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 +printf "%s\n" "$ac_ct_AR" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + + test -n "$ac_ct_AR" && break +done + + if test "x$ac_ct_AR" = x; then + AR="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + AR=$ac_ct_AR + fi +fi + +# Extract the first word of "cat", so it can be a program name with args. +set dummy cat; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_CAT+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $CAT in + [\\/]* | ?:[\\/]*) + ac_cv_path_CAT="$CAT" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_CAT="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +CAT=$ac_cv_path_CAT +if test -n "$CAT"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CAT" >&5 +printf "%s\n" "$CAT" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +# Extract the first word of "kill", so it can be a program name with args. +set dummy kill; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_KILL+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $KILL in + [\\/]* | ?:[\\/]*) + ac_cv_path_KILL="$KILL" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_KILL="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +KILL=$ac_cv_path_KILL +if test -n "$KILL"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $KILL" >&5 +printf "%s\n" "$KILL" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +# Extract the first word of "sed", so it can be a program name with args. +set dummy sed; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_SED+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $SED in + [\\/]* | ?:[\\/]*) + ac_cv_path_SED="$SED" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_SED="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +SED=$ac_cv_path_SED +if test -n "$SED"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $SED" >&5 +printf "%s\n" "$SED" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +# Extract the first word of "bash", so it can be a program name with args. +set dummy bash; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_TEST_MINUS_S_SH+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $TEST_MINUS_S_SH in + [\\/]* | ?:[\\/]*) + ac_cv_path_TEST_MINUS_S_SH="$TEST_MINUS_S_SH" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_TEST_MINUS_S_SH="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH +if test -n "$TEST_MINUS_S_SH"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $TEST_MINUS_S_SH" >&5 +printf "%s\n" "$TEST_MINUS_S_SH" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +# Extract the first word of "ksh", so it can be a program name with args. +set dummy ksh; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_TEST_MINUS_S_SH+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $TEST_MINUS_S_SH in + [\\/]* | ?:[\\/]*) + ac_cv_path_TEST_MINUS_S_SH="$TEST_MINUS_S_SH" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_TEST_MINUS_S_SH="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH +if test -n "$TEST_MINUS_S_SH"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $TEST_MINUS_S_SH" >&5 +printf "%s\n" "$TEST_MINUS_S_SH" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +# Extract the first word of "sh", so it can be a program name with args. +set dummy sh; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_TEST_MINUS_S_SH+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $TEST_MINUS_S_SH in + [\\/]* | ?:[\\/]*) + ac_cv_path_TEST_MINUS_S_SH="$TEST_MINUS_S_SH" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_TEST_MINUS_S_SH="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH +if test -n "$TEST_MINUS_S_SH"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $TEST_MINUS_S_SH" >&5 +printf "%s\n" "$TEST_MINUS_S_SH" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +# Extract the first word of "bash", so it can be a program name with args. +set dummy bash; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_SH+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $SH in + [\\/]* | ?:[\\/]*) + ac_cv_path_SH="$SH" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_SH="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +SH=$ac_cv_path_SH +if test -n "$SH"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $SH" >&5 +printf "%s\n" "$SH" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +# Extract the first word of "ksh", so it can be a program name with args. +set dummy ksh; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_SH+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $SH in + [\\/]* | ?:[\\/]*) + ac_cv_path_SH="$SH" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_SH="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +SH=$ac_cv_path_SH +if test -n "$SH"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $SH" >&5 +printf "%s\n" "$SH" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +# Extract the first word of "sh", so it can be a program name with args. +set dummy sh; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_SH+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $SH in + [\\/]* | ?:[\\/]*) + ac_cv_path_SH="$SH" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_SH="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +SH=$ac_cv_path_SH +if test -n "$SH"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $SH" >&5 +printf "%s\n" "$SH" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +# Extract the first word of "groff", so it can be a program name with args. +set dummy groff; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_GROFF+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $GROFF in + [\\/]* | ?:[\\/]*) + ac_cv_path_GROFF="$GROFF" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_GROFF="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +GROFF=$ac_cv_path_GROFF +if test -n "$GROFF"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $GROFF" >&5 +printf "%s\n" "$GROFF" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +# Extract the first word of "nroff awf", so it can be a program name with args. +set dummy nroff awf; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_NROFF+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $NROFF in + [\\/]* | ?:[\\/]*) + ac_cv_path_NROFF="$NROFF" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_NROFF="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +NROFF=$ac_cv_path_NROFF +if test -n "$NROFF"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $NROFF" >&5 +printf "%s\n" "$NROFF" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +# Extract the first word of "mandoc", so it can be a program name with args. +set dummy mandoc; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_MANDOC+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $MANDOC in + [\\/]* | ?:[\\/]*) + ac_cv_path_MANDOC="$MANDOC" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_MANDOC="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +MANDOC=$ac_cv_path_MANDOC +if test -n "$MANDOC"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MANDOC" >&5 +printf "%s\n" "$MANDOC" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. +set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_PKGCONFIG+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $PKGCONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PKGCONFIG="$PKGCONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_PKGCONFIG="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +PKGCONFIG=$ac_cv_path_PKGCONFIG +if test -n "$PKGCONFIG"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PKGCONFIG" >&5 +printf "%s\n" "$PKGCONFIG" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +fi +if test -z "$ac_cv_path_PKGCONFIG"; then + ac_pt_PKGCONFIG=$PKGCONFIG + # Extract the first word of "pkg-config", so it can be a program name with args. +set dummy pkg-config; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_ac_pt_PKGCONFIG+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $ac_pt_PKGCONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_ac_pt_PKGCONFIG="$ac_pt_PKGCONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_ac_pt_PKGCONFIG="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +ac_pt_PKGCONFIG=$ac_cv_path_ac_pt_PKGCONFIG +if test -n "$ac_pt_PKGCONFIG"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKGCONFIG" >&5 +printf "%s\n" "$ac_pt_PKGCONFIG" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + if test "x$ac_pt_PKGCONFIG" = x; then + PKGCONFIG="no" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + PKGCONFIG=$ac_pt_PKGCONFIG + fi +else + PKGCONFIG="$ac_cv_path_PKGCONFIG" +fi + +TEST_SHELL=sh + + +if test "x$MANDOC" != "x" ; then + MANFMT="$MANDOC" +elif test "x$NROFF" != "x" ; then + MANFMT="$NROFF -mandoc" +elif test "x$GROFF" != "x" ; then + MANFMT="$GROFF -mandoc -Tascii" +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: no manpage formatter found" >&5 +printf "%s\n" "$as_me: WARNING: no manpage formatter found" >&2;} + MANFMT="false" +fi + + +# Extract the first word of "groupadd", so it can be a program name with args. +set dummy groupadd; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_PATH_GROUPADD_PROG+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $PATH_GROUPADD_PROG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PATH_GROUPADD_PROG="$PATH_GROUPADD_PROG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in /usr/sbin${PATH_SEPARATOR}/etc +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_PATH_GROUPADD_PROG="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + test -z "$ac_cv_path_PATH_GROUPADD_PROG" && ac_cv_path_PATH_GROUPADD_PROG="groupadd" + ;; +esac +fi +PATH_GROUPADD_PROG=$ac_cv_path_PATH_GROUPADD_PROG +if test -n "$PATH_GROUPADD_PROG"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PATH_GROUPADD_PROG" >&5 +printf "%s\n" "$PATH_GROUPADD_PROG" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +# Extract the first word of "useradd", so it can be a program name with args. +set dummy useradd; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_PATH_USERADD_PROG+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $PATH_USERADD_PROG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PATH_USERADD_PROG="$PATH_USERADD_PROG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in /usr/sbin${PATH_SEPARATOR}/etc +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_PATH_USERADD_PROG="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + test -z "$ac_cv_path_PATH_USERADD_PROG" && ac_cv_path_PATH_USERADD_PROG="useradd" + ;; +esac +fi +PATH_USERADD_PROG=$ac_cv_path_PATH_USERADD_PROG +if test -n "$PATH_USERADD_PROG"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PATH_USERADD_PROG" >&5 +printf "%s\n" "$PATH_USERADD_PROG" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +# Extract the first word of "pkgmk", so it can be a program name with args. +set dummy pkgmk; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_MAKE_PACKAGE_SUPPORTED+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test -n "$MAKE_PACKAGE_SUPPORTED"; then + ac_cv_prog_MAKE_PACKAGE_SUPPORTED="$MAKE_PACKAGE_SUPPORTED" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_MAKE_PACKAGE_SUPPORTED="yes" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + test -z "$ac_cv_prog_MAKE_PACKAGE_SUPPORTED" && ac_cv_prog_MAKE_PACKAGE_SUPPORTED="no" +fi +fi +MAKE_PACKAGE_SUPPORTED=$ac_cv_prog_MAKE_PACKAGE_SUPPORTED +if test -n "$MAKE_PACKAGE_SUPPORTED"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MAKE_PACKAGE_SUPPORTED" >&5 +printf "%s\n" "$MAKE_PACKAGE_SUPPORTED" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +if test -x /sbin/sh; then + STARTUP_SCRIPT_SHELL=/sbin/sh + +else + STARTUP_SCRIPT_SHELL=/bin/sh + +fi + +# System features +# Check whether --enable-largefile was given. +if test ${enable_largefile+y} +then : + enableval=$enable_largefile; +fi + +if test "$enable_largefile" != no; then + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for special C compiler options needed for large files" >&5 +printf %s "checking for special C compiler options needed for large files... " >&6; } +if test ${ac_cv_sys_largefile_CC+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_cv_sys_largefile_CC=no + if test "$GCC" != yes; then + ac_save_CC=$CC + while :; do + # IRIX 6.2 and later do not support large files by default, + # so use the C compiler's -n32 option if that helps. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main (void) +{ + + ; + return 0; +} +_ACEOF + if ac_fn_c_try_compile "$LINENO" +then : + break +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam + CC="$CC -n32" + if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_sys_largefile_CC=' -n32'; break +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam + break + done + CC=$ac_save_CC + rm -f conftest.$ac_ext + fi +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_CC" >&5 +printf "%s\n" "$ac_cv_sys_largefile_CC" >&6; } + if test "$ac_cv_sys_largefile_CC" != no; then + CC=$CC$ac_cv_sys_largefile_CC + fi + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for _FILE_OFFSET_BITS value needed for large files" >&5 +printf %s "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; } +if test ${ac_cv_sys_file_offset_bits+y} +then : + printf %s "(cached) " >&6 +else $as_nop + while :; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_sys_file_offset_bits=no; break +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#define _FILE_OFFSET_BITS 64 +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_sys_file_offset_bits=64; break +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + ac_cv_sys_file_offset_bits=unknown + break +done +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_file_offset_bits" >&5 +printf "%s\n" "$ac_cv_sys_file_offset_bits" >&6; } +case $ac_cv_sys_file_offset_bits in #( + no | unknown) ;; + *) +printf "%s\n" "#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits" >>confdefs.h +;; +esac +rm -rf conftest* + if test $ac_cv_sys_file_offset_bits = unknown; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for _LARGE_FILES value needed for large files" >&5 +printf %s "checking for _LARGE_FILES value needed for large files... " >&6; } +if test ${ac_cv_sys_large_files+y} +then : + printf %s "(cached) " >&6 +else $as_nop + while :; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_sys_large_files=no; break +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#define _LARGE_FILES 1 +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_sys_large_files=1; break +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + ac_cv_sys_large_files=unknown + break +done +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_large_files" >&5 +printf "%s\n" "$ac_cv_sys_large_files" >&6; } +case $ac_cv_sys_large_files in #( + no | unknown) ;; + *) +printf "%s\n" "#define _LARGE_FILES $ac_cv_sys_large_files" >>confdefs.h +;; +esac +rm -rf conftest* + fi +fi + + +if test -z "$AR" ; then + as_fn_error $? "*** 'ar' missing, please install or fix your \$PATH ***" "$LINENO" 5 +fi + +# Extract the first word of "passwd", so it can be a program name with args. +set dummy passwd; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_PATH_PASSWD_PROG+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $PATH_PASSWD_PROG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PATH_PASSWD_PROG="$PATH_PASSWD_PROG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_PATH_PASSWD_PROG="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +PATH_PASSWD_PROG=$ac_cv_path_PATH_PASSWD_PROG +if test -n "$PATH_PASSWD_PROG"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PATH_PASSWD_PROG" >&5 +printf "%s\n" "$PATH_PASSWD_PROG" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +if test ! -z "$PATH_PASSWD_PROG" ; then + +printf "%s\n" "#define _PATH_PASSWD_PROG \"$PATH_PASSWD_PROG\"" >>confdefs.h + +fi + +LD="$CC" + + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for inline" >&5 +printf %s "checking for inline... " >&6; } +if test ${ac_cv_c_inline+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_cv_c_inline=no +for ac_kw in inline __inline__ __inline; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifndef __cplusplus +typedef int foo_t; +static $ac_kw foo_t static_foo (void) {return 0; } +$ac_kw foo_t foo (void) {return 0; } +#endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_c_inline=$ac_kw +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + test "$ac_cv_c_inline" != no && break +done + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5 +printf "%s\n" "$ac_cv_c_inline" >&6; } + +case $ac_cv_c_inline in + inline | yes) ;; + *) + case $ac_cv_c_inline in + no) ac_val=;; + *) ac_val=$ac_cv_c_inline;; + esac + cat >>confdefs.h <<_ACEOF +#ifndef __cplusplus +#define inline $ac_val +#endif +_ACEOF + ;; +esac + + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC options needed to detect all undeclared functions" >&5 +printf %s "checking for $CC options needed to detect all undeclared functions... " >&6; } +if test ${ac_cv_c_undeclared_builtin_options+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_save_CFLAGS=$CFLAGS + ac_cv_c_undeclared_builtin_options='cannot detect' + for ac_arg in '' -fno-builtin; do + CFLAGS="$ac_save_CFLAGS $ac_arg" + # This test program should *not* compile successfully. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main (void) +{ +(void) strchr; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + +else $as_nop + # This test program should compile successfully. + # No library function is consistently available on + # freestanding implementations, so test against a dummy + # declaration. Include always-available headers on the + # off chance that they somehow elicit warnings. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#include +#include +extern void ac_decl (int, char *); + +int +main (void) +{ +(void) ac_decl (0, (char *) 0); + (void) ac_decl; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + if test x"$ac_arg" = x +then : + ac_cv_c_undeclared_builtin_options='none needed' +else $as_nop + ac_cv_c_undeclared_builtin_options=$ac_arg +fi + break +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + done + CFLAGS=$ac_save_CFLAGS + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_undeclared_builtin_options" >&5 +printf "%s\n" "$ac_cv_c_undeclared_builtin_options" >&6; } + case $ac_cv_c_undeclared_builtin_options in #( + 'cannot detect') : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot make $CC report undeclared builtins +See \`config.log' for more details" "$LINENO" 5; } ;; #( + 'none needed') : + ac_c_undeclared_builtin_options='' ;; #( + *) : + ac_c_undeclared_builtin_options=$ac_cv_c_undeclared_builtin_options ;; +esac + +ac_fn_check_decl "$LINENO" "LLONG_MAX" "ac_cv_have_decl_LLONG_MAX" "#include +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_LLONG_MAX" = xyes +then : + have_llong_max=1 +fi +ac_fn_check_decl "$LINENO" "LONG_LONG_MAX" "ac_cv_have_decl_LONG_LONG_MAX" "#include +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_LONG_LONG_MAX" = xyes +then : + have_long_long_max=1 +fi +ac_fn_check_decl "$LINENO" "SYSTR_POLICY_KILL" "ac_cv_have_decl_SYSTR_POLICY_KILL" " + #include + #include + #include + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_SYSTR_POLICY_KILL" = xyes +then : + have_systr_policy_kill=1 +fi +ac_fn_check_decl "$LINENO" "RLIMIT_NPROC" "ac_cv_have_decl_RLIMIT_NPROC" " + #include + #include + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_RLIMIT_NPROC" = xyes +then : + +printf "%s\n" "#define HAVE_RLIMIT_NPROC /**/" >>confdefs.h + +fi +ac_fn_check_decl "$LINENO" "PR_SET_NO_NEW_PRIVS" "ac_cv_have_decl_PR_SET_NO_NEW_PRIVS" " + #include + #include + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_PR_SET_NO_NEW_PRIVS" = xyes +then : + have_linux_no_new_privs=1 +fi + +openssl=yes +openssl_bin=openssl + +# Check whether --with-openssl was given. +if test ${with_openssl+y} +then : + withval=$with_openssl; if test "x$withval" = "xno" ; then + openssl=no + openssl_bin="" + fi + + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL will be used for cryptography" >&5 +printf %s "checking whether OpenSSL will be used for cryptography... " >&6; } +if test "x$openssl" = "xyes" ; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +printf "%s\n" "#define WITH_OPENSSL 1" >>confdefs.h + +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + +use_stack_protector=1 +use_toolchain_hardening=1 +use_retpoline=1 + +# Check whether --with-stackprotect was given. +if test ${with_stackprotect+y} +then : + withval=$with_stackprotect; + if test "x$withval" = "xno"; then + use_stack_protector=0 + fi +fi + + +# Check whether --with-hardening was given. +if test ${with_hardening+y} +then : + withval=$with_hardening; + if test "x$withval" = "xno"; then + use_toolchain_hardening=0 + fi +fi + + +# Check whether --with-retpoline was given. +if test ${with_retpoline+y} +then : + withval=$with_retpoline; + if test "x$withval" = "xno"; then + use_retpoline=0 + fi +fi + + +# We use -Werror for the tests only so that we catch warnings like "this is +# on by default" for things like -fPIE. +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Werror" >&5 +printf %s "checking if $CC supports -Werror... " >&6; } +saved_CFLAGS="$CFLAGS" +CFLAGS="$CFLAGS -Werror" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +int main(void) { return 0; } +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + WERROR="-Werror" +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + WERROR="" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +CFLAGS="$saved_CFLAGS" + +if test "$GCC" = "yes" || test "$GCC" = "egcs"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking gcc version" >&5 +printf %s "checking gcc version... " >&6; } + GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` + case "$GCC_VER" in + 1.*) no_attrib_nonnull=1 ;; + 2.8* | 2.9*) + no_attrib_nonnull=1 + ;; + 2.*) no_attrib_nonnull=1 ;; + *) ;; + esac + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $GCC_VER" >&5 +printf "%s\n" "$GCC_VER" >&6; } + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking clang version" >&5 +printf %s "checking clang version... " >&6; } + ver="`$CC -v 2>&1`" + if echo "$ver" | grep "Apple" >/dev/null; then + CLANG_VER=apple-`echo "$ver" | grep 'clang version' | \ + $SED 's/.*clang version //g' | $AWK '{print $1}'` + else + CLANG_VER=`echo "$ver" | grep 'clang version' | \ + $SED 's/.*clang version //g' | $AWK '{print $1}'` + fi + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CLANG_VER" >&5 +printf "%s\n" "$CLANG_VER" >&6; } + + { + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -pipe" >&5 +printf %s "checking if $CC supports compile flag -pipe... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -pipe" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-pipe" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, fails at run time" >&5 +printf "%s\n" "no, fails at run time" >&6; } + CFLAGS="$saved_CFLAGS" +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +} + { + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wunknown-warning-option" >&5 +printf %s "checking if $CC supports compile flag -Wunknown-warning-option... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -Wunknown-warning-option" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-Wunknown-warning-option" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, fails at run time" >&5 +printf "%s\n" "no, fails at run time" >&6; } + CFLAGS="$saved_CFLAGS" +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +} + { + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wno-error=format-truncation" >&5 +printf %s "checking if $CC supports compile flag -Wno-error=format-truncation... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -Wno-error=format-truncation" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-Wno-error=format-truncation" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, fails at run time" >&5 +printf "%s\n" "no, fails at run time" >&6; } + CFLAGS="$saved_CFLAGS" +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +} + { + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Qunused-arguments" >&5 +printf %s "checking if $CC supports compile flag -Qunused-arguments... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -Qunused-arguments" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-Qunused-arguments" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, fails at run time" >&5 +printf "%s\n" "no, fails at run time" >&6; } + CFLAGS="$saved_CFLAGS" +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +} + { + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wall" >&5 +printf %s "checking if $CC supports compile flag -Wall... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -Wall" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-Wall" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, fails at run time" >&5 +printf "%s\n" "no, fails at run time" >&6; } + CFLAGS="$saved_CFLAGS" +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +} + { + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wextra" >&5 +printf %s "checking if $CC supports compile flag -Wextra... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -Wextra" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-Wextra" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, fails at run time" >&5 +printf "%s\n" "no, fails at run time" >&6; } + CFLAGS="$saved_CFLAGS" +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +} + { + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wpointer-arith" >&5 +printf %s "checking if $CC supports compile flag -Wpointer-arith... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -Wpointer-arith" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-Wpointer-arith" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, fails at run time" >&5 +printf "%s\n" "no, fails at run time" >&6; } + CFLAGS="$saved_CFLAGS" +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +} + { + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wuninitialized" >&5 +printf %s "checking if $CC supports compile flag -Wuninitialized... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -Wuninitialized" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-Wuninitialized" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, fails at run time" >&5 +printf "%s\n" "no, fails at run time" >&6; } + CFLAGS="$saved_CFLAGS" +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +} + { + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wsign-compare" >&5 +printf %s "checking if $CC supports compile flag -Wsign-compare... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -Wsign-compare" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-Wsign-compare" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, fails at run time" >&5 +printf "%s\n" "no, fails at run time" >&6; } + CFLAGS="$saved_CFLAGS" +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +} + { + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wformat-security" >&5 +printf %s "checking if $CC supports compile flag -Wformat-security... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -Wformat-security" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-Wformat-security" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, fails at run time" >&5 +printf "%s\n" "no, fails at run time" >&6; } + CFLAGS="$saved_CFLAGS" +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +} + { + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wsizeof-pointer-memaccess" >&5 +printf %s "checking if $CC supports compile flag -Wsizeof-pointer-memaccess... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -Wsizeof-pointer-memaccess" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-Wsizeof-pointer-memaccess" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, fails at run time" >&5 +printf "%s\n" "no, fails at run time" >&6; } + CFLAGS="$saved_CFLAGS" +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +} + { + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wpointer-sign" >&5 +printf %s "checking if $CC supports compile flag -Wpointer-sign... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -Wpointer-sign" + _define_flag="-Wno-pointer-sign" + test "x$_define_flag" = "x" && _define_flag="-Wpointer-sign" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, fails at run time" >&5 +printf "%s\n" "no, fails at run time" >&6; } + CFLAGS="$saved_CFLAGS" +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +} + { + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wunused-parameter" >&5 +printf %s "checking if $CC supports compile flag -Wunused-parameter... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -Wunused-parameter" + _define_flag="-Wno-unused-parameter" + test "x$_define_flag" = "x" && _define_flag="-Wunused-parameter" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, fails at run time" >&5 +printf "%s\n" "no, fails at run time" >&6; } + CFLAGS="$saved_CFLAGS" +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +} + { + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wunused-result" >&5 +printf %s "checking if $CC supports compile flag -Wunused-result... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -Wunused-result" + _define_flag="-Wno-unused-result" + test "x$_define_flag" = "x" && _define_flag="-Wunused-result" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, fails at run time" >&5 +printf "%s\n" "no, fails at run time" >&6; } + CFLAGS="$saved_CFLAGS" +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +} + { + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wimplicit-fallthrough" >&5 +printf %s "checking if $CC supports compile flag -Wimplicit-fallthrough... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -Wimplicit-fallthrough" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-Wimplicit-fallthrough" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, fails at run time" >&5 +printf "%s\n" "no, fails at run time" >&6; } + CFLAGS="$saved_CFLAGS" +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +} + { + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wmisleading-indentation" >&5 +printf %s "checking if $CC supports compile flag -Wmisleading-indentation... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -Wmisleading-indentation" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-Wmisleading-indentation" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, fails at run time" >&5 +printf "%s\n" "no, fails at run time" >&6; } + CFLAGS="$saved_CFLAGS" +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +} + { + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wbitwise-instead-of-logical" >&5 +printf %s "checking if $CC supports compile flag -Wbitwise-instead-of-logical... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -Wbitwise-instead-of-logical" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-Wbitwise-instead-of-logical" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, fails at run time" >&5 +printf "%s\n" "no, fails at run time" >&6; } + CFLAGS="$saved_CFLAGS" +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +} + { + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -fno-strict-aliasing" >&5 +printf %s "checking if $CC supports compile flag -fno-strict-aliasing... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -fno-strict-aliasing" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-fno-strict-aliasing" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, fails at run time" >&5 +printf "%s\n" "no, fails at run time" >&6; } + CFLAGS="$saved_CFLAGS" +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +} + if test "x$use_toolchain_hardening" = "x1"; then + { + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -D_FORTIFY_SOURCE=2" >&5 +printf %s "checking if $CC supports compile flag -D_FORTIFY_SOURCE=2... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -D_FORTIFY_SOURCE=2" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-D_FORTIFY_SOURCE=2" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, fails at run time" >&5 +printf "%s\n" "no, fails at run time" >&6; } + CFLAGS="$saved_CFLAGS" +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +} + { + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -Wl,-z,relro" >&5 +printf %s "checking if $LD supports link flag -Wl,-z,relro... " >&6; } + saved_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS $WERROR -Wl,-z,relro" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-Wl,-z,relro" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + LDFLAGS="$saved_LDFLAGS" +else + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + LDFLAGS="$saved_LDFLAGS $_define_flag" + +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + LDFLAGS="$saved_LDFLAGS $_define_flag" +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, fails at run time" >&5 +printf "%s\n" "no, fails at run time" >&6; } + LDFLAGS="$saved_LDFLAGS" +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + LDFLAGS="$saved_LDFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +} + { + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -Wl,-z,now" >&5 +printf %s "checking if $LD supports link flag -Wl,-z,now... " >&6; } + saved_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS $WERROR -Wl,-z,now" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-Wl,-z,now" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + LDFLAGS="$saved_LDFLAGS" +else + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + LDFLAGS="$saved_LDFLAGS $_define_flag" + +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + LDFLAGS="$saved_LDFLAGS $_define_flag" +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, fails at run time" >&5 +printf "%s\n" "no, fails at run time" >&6; } + LDFLAGS="$saved_LDFLAGS" +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + LDFLAGS="$saved_LDFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +} + { + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -Wl,-z,noexecstack" >&5 +printf %s "checking if $LD supports link flag -Wl,-z,noexecstack... " >&6; } + saved_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS $WERROR -Wl,-z,noexecstack" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-Wl,-z,noexecstack" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + LDFLAGS="$saved_LDFLAGS" +else + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + LDFLAGS="$saved_LDFLAGS $_define_flag" + +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + LDFLAGS="$saved_LDFLAGS $_define_flag" +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, fails at run time" >&5 +printf "%s\n" "no, fails at run time" >&6; } + LDFLAGS="$saved_LDFLAGS" +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + LDFLAGS="$saved_LDFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +} + # NB. -ftrapv expects certain support functions to be present in + # the compiler library (libgcc or similar) to detect integer operations + # that can overflow. We must check that the result of enabling it + # actually links. The test program compiled/linked includes a number + # of integer operations that should exercise this. + { + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -ftrapv and linking succeeds" >&5 +printf %s "checking if $CC supports compile flag -ftrapv and linking succeeds... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -ftrapv" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-ftrapv" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, fails at run time" >&5 +printf "%s\n" "no, fails at run time" >&6; } + CFLAGS="$saved_CFLAGS" +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +} + # clang 15 seems to have a bug in -fzero-call-used-regs=all. See + # https://bugzilla.mindrot.org/show_bug.cgi?id=3475 and + # https://github.com/llvm/llvm-project/issues/59242 + # clang 17 has a different bug that causes an ICE when using this + # flag at all (https://bugzilla.mindrot.org/show_bug.cgi?id=3629) + case "$CLANG_VER" in + apple-15*) { + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -fzero-call-used-regs=used and linking succeeds" >&5 +printf %s "checking if $CC supports compile flag -fzero-call-used-regs=used and linking succeeds... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -fzero-call-used-regs=used" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-fzero-call-used-regs=used" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, fails at run time" >&5 +printf "%s\n" "no, fails at run time" >&6; } + CFLAGS="$saved_CFLAGS" +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +} ;; + 17*) ;; + *) { + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -fzero-call-used-regs=used and linking succeeds" >&5 +printf %s "checking if $CC supports compile flag -fzero-call-used-regs=used and linking succeeds... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -fzero-call-used-regs=used" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-fzero-call-used-regs=used" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, fails at run time" >&5 +printf "%s\n" "no, fails at run time" >&6; } + CFLAGS="$saved_CFLAGS" +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +} ;; + esac + { + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -ftrivial-auto-var-init=zero" >&5 +printf %s "checking if $CC supports compile flag -ftrivial-auto-var-init=zero... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -ftrivial-auto-var-init=zero" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-ftrivial-auto-var-init=zero" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, fails at run time" >&5 +printf "%s\n" "no, fails at run time" >&6; } + CFLAGS="$saved_CFLAGS" +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +} + fi + if test "x$use_retpoline" = "x1"; then + { + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -mretpoline" >&5 +printf %s "checking if $CC supports compile flag -mretpoline... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -mretpoline" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-mretpoline" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, fails at run time" >&5 +printf "%s\n" "no, fails at run time" >&6; } + CFLAGS="$saved_CFLAGS" +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +} # clang + { + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -Wl,-z,retpolineplt" >&5 +printf %s "checking if $LD supports link flag -Wl,-z,retpolineplt... " >&6; } + saved_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS $WERROR -Wl,-z,retpolineplt" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-Wl,-z,retpolineplt" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + LDFLAGS="$saved_LDFLAGS" +else + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + LDFLAGS="$saved_LDFLAGS $_define_flag" + +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + LDFLAGS="$saved_LDFLAGS $_define_flag" +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, fails at run time" >&5 +printf "%s\n" "no, fails at run time" >&6; } + LDFLAGS="$saved_LDFLAGS" +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + LDFLAGS="$saved_LDFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +} + fi + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC accepts -fno-builtin-memset" >&5 +printf %s "checking if $CC accepts -fno-builtin-memset... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -fno-builtin-memset" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main (void) +{ + char b[10]; memset(b, 0, sizeof(b)); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + + # -fstack-protector-all doesn't always work for some GCC versions + # and/or platforms, so we test if we can. If it's not supported + # on a given platform gcc will emit a warning so we use -Werror. + if test "x$use_stack_protector" = "x1"; then + for t in -fstack-protector-strong -fstack-protector-all \ + -fstack-protector; do + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports $t" >&5 +printf %s "checking if $CC supports $t... " >&6; } + saved_CFLAGS="$CFLAGS" + saved_LDFLAGS="$LDFLAGS" + CFLAGS="$CFLAGS $t -Werror" + LDFLAGS="$LDFLAGS $t -Werror" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} + +int +main (void) +{ + + char x[256]; + snprintf(x, sizeof(x), "XXX%d", func(1)); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $t" + LDFLAGS="$saved_LDFLAGS $t" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $t works" >&5 +printf %s "checking if $t works... " >&6; } + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: cannot test" >&5 +printf "%s\n" "$as_me: WARNING: cross compiling: cannot test" >&2;} + break + +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} + +int +main (void) +{ + + char x[256]; + snprintf(x, sizeof(x), "XXX%d", func(1)); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + break +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + CFLAGS="$saved_CFLAGS" + LDFLAGS="$saved_LDFLAGS" + done + fi + + if test -z "$have_llong_max"; then + # retry LLONG_MAX with -std=gnu99, needed on some Linuxes + unset ac_cv_have_decl_LLONG_MAX + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -std=gnu99" + ac_fn_check_decl "$LINENO" "LLONG_MAX" "ac_cv_have_decl_LLONG_MAX" "#include + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_LLONG_MAX" = xyes +then : + have_llong_max=1 +else $as_nop + CFLAGS="$saved_CFLAGS" +fi + fi +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if compiler allows __attribute__ on return types" >&5 +printf %s "checking if compiler allows __attribute__ on return types... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +__attribute__((__unused__)) static void foo(void){return;} +int +main (void) +{ + exit(0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +printf "%s\n" "#define NO_ATTRIBUTE_ON_RETURN_TYPE 1" >>confdefs.h + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if compiler allows __attribute__ prototype args" >&5 +printf %s "checking if compiler allows __attribute__ prototype args... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2))); +int +main (void) +{ + exit(0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +printf "%s\n" "#define NO_ATTRIBUTE_ON_PROTOTYPE_ARGS 1" >>confdefs.h + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if compiler supports variable length arrays" >&5 +printf %s "checking if compiler supports variable length arrays... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main (void) +{ + int i; for (i=0; i<3; i++){int a[i]; a[i-1]=0;} exit(0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +printf "%s\n" "#define VARIABLE_LENGTH_ARRAYS 1" >>confdefs.h + +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if compiler accepts variable declarations after code" >&5 +printf %s "checking if compiler accepts variable declarations after code... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main (void) +{ + int a; a = 1; int b = 1; exit(a-b); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +printf "%s\n" "#define VARIABLE_DECLARATION_AFTER_CODE 1" >>confdefs.h + +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +if test "x$no_attrib_nonnull" != "x1" ; then + +printf "%s\n" "#define HAVE_ATTRIBUTE__NONNULL__ 1" >>confdefs.h + +fi + + +# Check whether --with-rpath was given. +if test ${with_rpath+y} +then : + withval=$with_rpath; + if test "x$withval" = "xno" ; then + rpath_opt="" + elif test "x$withval" = "xyes" ; then + rpath_opt="-R" + else + rpath_opt="$withval" + fi + + +fi + + +# Allow user to specify flags + +# Check whether --with-cflags was given. +if test ${with_cflags+y} +then : + withval=$with_cflags; + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + CFLAGS="$CFLAGS $withval" + fi + + +fi + + + +# Check whether --with-cflags-after was given. +if test ${with_cflags_after+y} +then : + withval=$with_cflags_after; + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + CFLAGS_AFTER="$withval" + fi + + +fi + + +# Check whether --with-cppflags was given. +if test ${with_cppflags+y} +then : + withval=$with_cppflags; + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + CPPFLAGS="$CPPFLAGS $withval" + fi + + +fi + + +# Check whether --with-ldflags was given. +if test ${with_ldflags+y} +then : + withval=$with_ldflags; + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + LDFLAGS="$LDFLAGS $withval" + fi + + +fi + + +# Check whether --with-ldflags-after was given. +if test ${with_ldflags_after+y} +then : + withval=$with_ldflags_after; + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + LDFLAGS_AFTER="$withval" + fi + + +fi + + +# Check whether --with-libs was given. +if test ${with_libs+y} +then : + withval=$with_libs; + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + LIBS="$LIBS $withval" + fi + + +fi + + +# Check whether --with-Werror was given. +if test ${with_Werror+y} +then : + withval=$with_Werror; + if test -n "$withval" && test "x$withval" != "xno"; then + werror_flags="-Werror" + if test "x${withval}" != "xyes"; then + werror_flags="$withval" + fi + fi + + +fi + + +if test "x$ac_cv_header_sys_stat_h" != "xyes"; then + unset ac_cv_header_sys_stat_h + ac_fn_c_check_header_compile "$LINENO" "sys/stat.h" "ac_cv_header_sys_stat_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_stat_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_STAT_H 1" >>confdefs.h + +fi + +fi + +ac_fn_c_check_header_compile "$LINENO" "blf.h" "ac_cv_header_blf_h" "$ac_includes_default" +if test "x$ac_cv_header_blf_h" = xyes +then : + printf "%s\n" "#define HAVE_BLF_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "bstring.h" "ac_cv_header_bstring_h" "$ac_includes_default" +if test "x$ac_cv_header_bstring_h" = xyes +then : + printf "%s\n" "#define HAVE_BSTRING_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "crypt.h" "ac_cv_header_crypt_h" "$ac_includes_default" +if test "x$ac_cv_header_crypt_h" = xyes +then : + printf "%s\n" "#define HAVE_CRYPT_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "crypto/sha2.h" "ac_cv_header_crypto_sha2_h" "$ac_includes_default" +if test "x$ac_cv_header_crypto_sha2_h" = xyes +then : + printf "%s\n" "#define HAVE_CRYPTO_SHA2_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "dirent.h" "ac_cv_header_dirent_h" "$ac_includes_default" +if test "x$ac_cv_header_dirent_h" = xyes +then : + printf "%s\n" "#define HAVE_DIRENT_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "endian.h" "ac_cv_header_endian_h" "$ac_includes_default" +if test "x$ac_cv_header_endian_h" = xyes +then : + printf "%s\n" "#define HAVE_ENDIAN_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "elf.h" "ac_cv_header_elf_h" "$ac_includes_default" +if test "x$ac_cv_header_elf_h" = xyes +then : + printf "%s\n" "#define HAVE_ELF_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "err.h" "ac_cv_header_err_h" "$ac_includes_default" +if test "x$ac_cv_header_err_h" = xyes +then : + printf "%s\n" "#define HAVE_ERR_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "features.h" "ac_cv_header_features_h" "$ac_includes_default" +if test "x$ac_cv_header_features_h" = xyes +then : + printf "%s\n" "#define HAVE_FEATURES_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "fcntl.h" "ac_cv_header_fcntl_h" "$ac_includes_default" +if test "x$ac_cv_header_fcntl_h" = xyes +then : + printf "%s\n" "#define HAVE_FCNTL_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "floatingpoint.h" "ac_cv_header_floatingpoint_h" "$ac_includes_default" +if test "x$ac_cv_header_floatingpoint_h" = xyes +then : + printf "%s\n" "#define HAVE_FLOATINGPOINT_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "fnmatch.h" "ac_cv_header_fnmatch_h" "$ac_includes_default" +if test "x$ac_cv_header_fnmatch_h" = xyes +then : + printf "%s\n" "#define HAVE_FNMATCH_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "getopt.h" "ac_cv_header_getopt_h" "$ac_includes_default" +if test "x$ac_cv_header_getopt_h" = xyes +then : + printf "%s\n" "#define HAVE_GETOPT_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "glob.h" "ac_cv_header_glob_h" "$ac_includes_default" +if test "x$ac_cv_header_glob_h" = xyes +then : + printf "%s\n" "#define HAVE_GLOB_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "ia.h" "ac_cv_header_ia_h" "$ac_includes_default" +if test "x$ac_cv_header_ia_h" = xyes +then : + printf "%s\n" "#define HAVE_IA_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "iaf.h" "ac_cv_header_iaf_h" "$ac_includes_default" +if test "x$ac_cv_header_iaf_h" = xyes +then : + printf "%s\n" "#define HAVE_IAF_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "ifaddrs.h" "ac_cv_header_ifaddrs_h" "$ac_includes_default" +if test "x$ac_cv_header_ifaddrs_h" = xyes +then : + printf "%s\n" "#define HAVE_IFADDRS_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "inttypes.h" "ac_cv_header_inttypes_h" "$ac_includes_default" +if test "x$ac_cv_header_inttypes_h" = xyes +then : + printf "%s\n" "#define HAVE_INTTYPES_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "langinfo.h" "ac_cv_header_langinfo_h" "$ac_includes_default" +if test "x$ac_cv_header_langinfo_h" = xyes +then : + printf "%s\n" "#define HAVE_LANGINFO_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "limits.h" "ac_cv_header_limits_h" "$ac_includes_default" +if test "x$ac_cv_header_limits_h" = xyes +then : + printf "%s\n" "#define HAVE_LIMITS_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "locale.h" "ac_cv_header_locale_h" "$ac_includes_default" +if test "x$ac_cv_header_locale_h" = xyes +then : + printf "%s\n" "#define HAVE_LOCALE_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "login.h" "ac_cv_header_login_h" "$ac_includes_default" +if test "x$ac_cv_header_login_h" = xyes +then : + printf "%s\n" "#define HAVE_LOGIN_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "maillock.h" "ac_cv_header_maillock_h" "$ac_includes_default" +if test "x$ac_cv_header_maillock_h" = xyes +then : + printf "%s\n" "#define HAVE_MAILLOCK_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "ndir.h" "ac_cv_header_ndir_h" "$ac_includes_default" +if test "x$ac_cv_header_ndir_h" = xyes +then : + printf "%s\n" "#define HAVE_NDIR_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "net/if_tun.h" "ac_cv_header_net_if_tun_h" "$ac_includes_default" +if test "x$ac_cv_header_net_if_tun_h" = xyes +then : + printf "%s\n" "#define HAVE_NET_IF_TUN_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "netdb.h" "ac_cv_header_netdb_h" "$ac_includes_default" +if test "x$ac_cv_header_netdb_h" = xyes +then : + printf "%s\n" "#define HAVE_NETDB_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "netgroup.h" "ac_cv_header_netgroup_h" "$ac_includes_default" +if test "x$ac_cv_header_netgroup_h" = xyes +then : + printf "%s\n" "#define HAVE_NETGROUP_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "pam/pam_appl.h" "ac_cv_header_pam_pam_appl_h" "$ac_includes_default" +if test "x$ac_cv_header_pam_pam_appl_h" = xyes +then : + printf "%s\n" "#define HAVE_PAM_PAM_APPL_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "paths.h" "ac_cv_header_paths_h" "$ac_includes_default" +if test "x$ac_cv_header_paths_h" = xyes +then : + printf "%s\n" "#define HAVE_PATHS_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "poll.h" "ac_cv_header_poll_h" "$ac_includes_default" +if test "x$ac_cv_header_poll_h" = xyes +then : + printf "%s\n" "#define HAVE_POLL_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "pty.h" "ac_cv_header_pty_h" "$ac_includes_default" +if test "x$ac_cv_header_pty_h" = xyes +then : + printf "%s\n" "#define HAVE_PTY_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "readpassphrase.h" "ac_cv_header_readpassphrase_h" "$ac_includes_default" +if test "x$ac_cv_header_readpassphrase_h" = xyes +then : + printf "%s\n" "#define HAVE_READPASSPHRASE_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "rpc/types.h" "ac_cv_header_rpc_types_h" "$ac_includes_default" +if test "x$ac_cv_header_rpc_types_h" = xyes +then : + printf "%s\n" "#define HAVE_RPC_TYPES_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "security/pam_appl.h" "ac_cv_header_security_pam_appl_h" "$ac_includes_default" +if test "x$ac_cv_header_security_pam_appl_h" = xyes +then : + printf "%s\n" "#define HAVE_SECURITY_PAM_APPL_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sha2.h" "ac_cv_header_sha2_h" "$ac_includes_default" +if test "x$ac_cv_header_sha2_h" = xyes +then : + printf "%s\n" "#define HAVE_SHA2_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "shadow.h" "ac_cv_header_shadow_h" "$ac_includes_default" +if test "x$ac_cv_header_shadow_h" = xyes +then : + printf "%s\n" "#define HAVE_SHADOW_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "stddef.h" "ac_cv_header_stddef_h" "$ac_includes_default" +if test "x$ac_cv_header_stddef_h" = xyes +then : + printf "%s\n" "#define HAVE_STDDEF_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "stdint.h" "ac_cv_header_stdint_h" "$ac_includes_default" +if test "x$ac_cv_header_stdint_h" = xyes +then : + printf "%s\n" "#define HAVE_STDINT_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "string.h" "ac_cv_header_string_h" "$ac_includes_default" +if test "x$ac_cv_header_string_h" = xyes +then : + printf "%s\n" "#define HAVE_STRING_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "strings.h" "ac_cv_header_strings_h" "$ac_includes_default" +if test "x$ac_cv_header_strings_h" = xyes +then : + printf "%s\n" "#define HAVE_STRINGS_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/bitypes.h" "ac_cv_header_sys_bitypes_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_bitypes_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_BITYPES_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/byteorder.h" "ac_cv_header_sys_byteorder_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_byteorder_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_BYTEORDER_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/bsdtty.h" "ac_cv_header_sys_bsdtty_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_bsdtty_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_BSDTTY_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/cdefs.h" "ac_cv_header_sys_cdefs_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_cdefs_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_CDEFS_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/dir.h" "ac_cv_header_sys_dir_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_dir_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_DIR_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/file.h" "ac_cv_header_sys_file_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_file_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_FILE_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/mman.h" "ac_cv_header_sys_mman_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_mman_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_MMAN_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/label.h" "ac_cv_header_sys_label_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_label_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_LABEL_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/ndir.h" "ac_cv_header_sys_ndir_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_ndir_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_NDIR_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/param.h" "ac_cv_header_sys_param_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_param_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_PARAM_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/poll.h" "ac_cv_header_sys_poll_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_poll_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_POLL_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/prctl.h" "ac_cv_header_sys_prctl_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_prctl_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_PRCTL_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/procctl.h" "ac_cv_header_sys_procctl_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_procctl_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_PROCCTL_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/pstat.h" "ac_cv_header_sys_pstat_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_pstat_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_PSTAT_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/ptrace.h" "ac_cv_header_sys_ptrace_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_ptrace_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_PTRACE_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/random.h" "ac_cv_header_sys_random_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_random_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_RANDOM_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/select.h" "ac_cv_header_sys_select_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_select_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_SELECT_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/stream.h" "ac_cv_header_sys_stream_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_stream_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_STREAM_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/stropts.h" "ac_cv_header_sys_stropts_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_stropts_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_STROPTS_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/strtio.h" "ac_cv_header_sys_strtio_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_strtio_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_STRTIO_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/statvfs.h" "ac_cv_header_sys_statvfs_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_statvfs_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_STATVFS_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/sysmacros.h" "ac_cv_header_sys_sysmacros_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_sysmacros_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_SYSMACROS_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/time.h" "ac_cv_header_sys_time_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_time_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_TIME_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/timers.h" "ac_cv_header_sys_timers_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_timers_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_TIMERS_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/vfs.h" "ac_cv_header_sys_vfs_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_vfs_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_VFS_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "time.h" "ac_cv_header_time_h" "$ac_includes_default" +if test "x$ac_cv_header_time_h" = xyes +then : + printf "%s\n" "#define HAVE_TIME_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "tmpdir.h" "ac_cv_header_tmpdir_h" "$ac_includes_default" +if test "x$ac_cv_header_tmpdir_h" = xyes +then : + printf "%s\n" "#define HAVE_TMPDIR_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "ttyent.h" "ac_cv_header_ttyent_h" "$ac_includes_default" +if test "x$ac_cv_header_ttyent_h" = xyes +then : + printf "%s\n" "#define HAVE_TTYENT_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "ucred.h" "ac_cv_header_ucred_h" "$ac_includes_default" +if test "x$ac_cv_header_ucred_h" = xyes +then : + printf "%s\n" "#define HAVE_UCRED_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "unistd.h" "ac_cv_header_unistd_h" "$ac_includes_default" +if test "x$ac_cv_header_unistd_h" = xyes +then : + printf "%s\n" "#define HAVE_UNISTD_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "usersec.h" "ac_cv_header_usersec_h" "$ac_includes_default" +if test "x$ac_cv_header_usersec_h" = xyes +then : + printf "%s\n" "#define HAVE_USERSEC_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "util.h" "ac_cv_header_util_h" "$ac_includes_default" +if test "x$ac_cv_header_util_h" = xyes +then : + printf "%s\n" "#define HAVE_UTIL_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "utime.h" "ac_cv_header_utime_h" "$ac_includes_default" +if test "x$ac_cv_header_utime_h" = xyes +then : + printf "%s\n" "#define HAVE_UTIME_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "utmp.h" "ac_cv_header_utmp_h" "$ac_includes_default" +if test "x$ac_cv_header_utmp_h" = xyes +then : + printf "%s\n" "#define HAVE_UTMP_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "utmpx.h" "ac_cv_header_utmpx_h" "$ac_includes_default" +if test "x$ac_cv_header_utmpx_h" = xyes +then : + printf "%s\n" "#define HAVE_UTMPX_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "vis.h" "ac_cv_header_vis_h" "$ac_includes_default" +if test "x$ac_cv_header_vis_h" = xyes +then : + printf "%s\n" "#define HAVE_VIS_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "wchar.h" "ac_cv_header_wchar_h" "$ac_includes_default" +if test "x$ac_cv_header_wchar_h" = xyes +then : + printf "%s\n" "#define HAVE_WCHAR_H 1" >>confdefs.h + +fi + + +# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] +# to be included first. +ac_fn_c_check_header_compile "$LINENO" "sys/audit.h" "ac_cv_header_sys_audit_h" " +#ifdef HAVE_SYS_TIME_H +# include +#endif +#ifdef HAVE_SYS_TYPES_H +# include +#endif +#ifdef HAVE_SYS_LABEL_H +# include +#endif + +" +if test "x$ac_cv_header_sys_audit_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_AUDIT_H 1" >>confdefs.h + +fi + + +# sys/capsicum.h requires sys/types.h +ac_fn_c_check_header_compile "$LINENO" "sys/capsicum.h" "ac_cv_header_sys_capsicum_h" " +#ifdef HAVE_SYS_TYPES_H +# include +#endif + +" +if test "x$ac_cv_header_sys_capsicum_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_CAPSICUM_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "capsicum_helpers.h" "ac_cv_header_capsicum_helpers_h" " +#ifdef HAVE_SYS_TYPES_H +# include +#endif + +" +if test "x$ac_cv_header_capsicum_helpers_h" = xyes +then : + printf "%s\n" "#define HAVE_CAPSICUM_HELPERS_H 1" >>confdefs.h + +fi + + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for caph_cache_tzdata" >&5 +printf %s "checking for caph_cache_tzdata... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main (void) +{ +caph_cache_tzdata(); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +printf "%s\n" "#define HAVE_CAPH_CACHE_TZDATA 1" >>confdefs.h + + +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + +# net/route.h requires sys/socket.h and sys/types.h. +# sys/sysctl.h also requires sys/param.h +ac_fn_c_check_header_compile "$LINENO" "net/route.h" "ac_cv_header_net_route_h" " +#ifdef HAVE_SYS_TYPES_H +# include +#endif +#include +#include + +" +if test "x$ac_cv_header_net_route_h" = xyes +then : + printf "%s\n" "#define HAVE_NET_ROUTE_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/sysctl.h" "ac_cv_header_sys_sysctl_h" " +#ifdef HAVE_SYS_TYPES_H +# include +#endif +#include +#include + +" +if test "x$ac_cv_header_sys_sysctl_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_SYSCTL_H 1" >>confdefs.h + +fi + + +# lastlog.h requires sys/time.h to be included first on Solaris +ac_fn_c_check_header_compile "$LINENO" "lastlog.h" "ac_cv_header_lastlog_h" " +#ifdef HAVE_SYS_TIME_H +# include +#endif + +" +if test "x$ac_cv_header_lastlog_h" = xyes +then : + printf "%s\n" "#define HAVE_LASTLOG_H 1" >>confdefs.h + +fi + + +# sys/ptms.h requires sys/stream.h to be included first on Solaris +ac_fn_c_check_header_compile "$LINENO" "sys/ptms.h" "ac_cv_header_sys_ptms_h" " +#ifdef HAVE_SYS_STREAM_H +# include +#endif + +" +if test "x$ac_cv_header_sys_ptms_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_PTMS_H 1" >>confdefs.h + +fi + + +# login_cap.h requires sys/types.h on NetBSD +ac_fn_c_check_header_compile "$LINENO" "login_cap.h" "ac_cv_header_login_cap_h" " +#include + +" +if test "x$ac_cv_header_login_cap_h" = xyes +then : + printf "%s\n" "#define HAVE_LOGIN_CAP_H 1" >>confdefs.h + +fi + + +# older BSDs need sys/param.h before sys/mount.h +ac_fn_c_check_header_compile "$LINENO" "sys/mount.h" "ac_cv_header_sys_mount_h" " +#include + +" +if test "x$ac_cv_header_sys_mount_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_MOUNT_H 1" >>confdefs.h + +fi + + +# Android requires sys/socket.h to be included before sys/un.h +ac_fn_c_check_header_compile "$LINENO" "sys/un.h" "ac_cv_header_sys_un_h" " +#include +#include + +" +if test "x$ac_cv_header_sys_un_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_UN_H 1" >>confdefs.h + +fi + + +# Messages for features tested for in target-specific section +SIA_MSG="no" +SPC_MSG="no" +SP_MSG="no" +SPP_MSG="no" + +# Support for Solaris/Illumos privileges (this test is used by both +# the --with-solaris-privs option and --with-sandbox=solaris). +SOLARIS_PRIVS="no" + +# Check for some target-specific stuff +case "$host" in +*-*-aix*) + # Some versions of VAC won't allow macro redefinitions at + # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that + # particularly with older versions of vac or xlc. + # It also throws errors about null macro arguments, but these are + # not fatal. + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if compiler allows macro redefinitions" >&5 +printf %s "checking if compiler allows macro redefinitions... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#define testmacro foo +#define testmacro bar +int +main (void) +{ + exit(0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" + CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" + CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to specify blibpath for linker ($LD)" >&5 +printf %s "checking how to specify blibpath for linker ($LD)... " >&6; } + if (test -z "$blibpath"); then + blibpath="/usr/lib:/lib" + fi + saved_LDFLAGS="$LDFLAGS" + if test "$GCC" = "yes"; then + flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" + else + flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," + fi + for tryflags in $flags ;do + if (test -z "$blibflags"); then + LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + blibflags=$tryflags +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + fi + done + if (test -z "$blibflags"); then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: not found" >&5 +printf "%s\n" "not found" >&6; } + as_fn_error $? "*** must be able to specify blibpath on AIX - check config.log" "$LINENO" 5 + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $blibflags" >&5 +printf "%s\n" "$blibflags" >&6; } + fi + LDFLAGS="$saved_LDFLAGS" + ac_fn_c_check_func "$LINENO" "authenticate" "ac_cv_func_authenticate" +if test "x$ac_cv_func_authenticate" = xyes +then : + +printf "%s\n" "#define WITH_AIXAUTHENTICATE 1" >>confdefs.h + +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for authenticate in -ls" >&5 +printf %s "checking for authenticate in -ls... " >&6; } +if test ${ac_cv_lib_s_authenticate+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-ls $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char authenticate (); +int +main (void) +{ +return authenticate (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_s_authenticate=yes +else $as_nop + ac_cv_lib_s_authenticate=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_s_authenticate" >&5 +printf "%s\n" "$ac_cv_lib_s_authenticate" >&6; } +if test "x$ac_cv_lib_s_authenticate" = xyes +then : + printf "%s\n" "#define WITH_AIXAUTHENTICATE 1" >>confdefs.h + + LIBS="$LIBS -ls" + +fi + + +fi + + ac_fn_check_decl "$LINENO" "authenticate" "ac_cv_have_decl_authenticate" "#include +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_authenticate" = xyes +then : + ac_have_decl=1 +else $as_nop + ac_have_decl=0 +fi +printf "%s\n" "#define HAVE_DECL_AUTHENTICATE $ac_have_decl" >>confdefs.h +ac_fn_check_decl "$LINENO" "loginrestrictions" "ac_cv_have_decl_loginrestrictions" "#include +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_loginrestrictions" = xyes +then : + ac_have_decl=1 +else $as_nop + ac_have_decl=0 +fi +printf "%s\n" "#define HAVE_DECL_LOGINRESTRICTIONS $ac_have_decl" >>confdefs.h +ac_fn_check_decl "$LINENO" "loginsuccess" "ac_cv_have_decl_loginsuccess" "#include +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_loginsuccess" = xyes +then : + ac_have_decl=1 +else $as_nop + ac_have_decl=0 +fi +printf "%s\n" "#define HAVE_DECL_LOGINSUCCESS $ac_have_decl" >>confdefs.h +ac_fn_check_decl "$LINENO" "passwdexpired" "ac_cv_have_decl_passwdexpired" "#include +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_passwdexpired" = xyes +then : + ac_have_decl=1 +else $as_nop + ac_have_decl=0 +fi +printf "%s\n" "#define HAVE_DECL_PASSWDEXPIRED $ac_have_decl" >>confdefs.h +ac_fn_check_decl "$LINENO" "setauthdb" "ac_cv_have_decl_setauthdb" "#include +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_setauthdb" = xyes +then : + ac_have_decl=1 +else $as_nop + ac_have_decl=0 +fi +printf "%s\n" "#define HAVE_DECL_SETAUTHDB $ac_have_decl" >>confdefs.h + + ac_fn_check_decl "$LINENO" "loginfailed" "ac_cv_have_decl_loginfailed" "#include + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_loginfailed" = xyes +then : + ac_have_decl=1 +else $as_nop + ac_have_decl=0 +fi +printf "%s\n" "#define HAVE_DECL_LOGINFAILED $ac_have_decl" >>confdefs.h +if test $ac_have_decl = 1 +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if loginfailed takes 4 arguments" >&5 +printf %s "checking if loginfailed takes 4 arguments... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main (void) +{ + (void)loginfailed("user","host","tty",0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +printf "%s\n" "#define AIX_LOGINFAILED_4ARG 1" >>confdefs.h + +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + ac_fn_c_check_func "$LINENO" "getgrset" "ac_cv_func_getgrset" +if test "x$ac_cv_func_getgrset" = xyes +then : + printf "%s\n" "#define HAVE_GETGRSET 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "setauthdb" "ac_cv_func_setauthdb" +if test "x$ac_cv_func_setauthdb" = xyes +then : + printf "%s\n" "#define HAVE_SETAUTHDB 1" >>confdefs.h + +fi + + ac_fn_check_decl "$LINENO" "F_CLOSEM" "ac_cv_have_decl_F_CLOSEM" " #include + #include + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_F_CLOSEM" = xyes +then : + +printf "%s\n" "#define HAVE_FCNTL_CLOSEM 1" >>confdefs.h + +fi + check_for_aix_broken_getaddrinfo=1 + +printf "%s\n" "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h + + +printf "%s\n" "#define BROKEN_SETREUID 1" >>confdefs.h + + +printf "%s\n" "#define BROKEN_SETREGID 1" >>confdefs.h + + +printf "%s\n" "#define DISABLE_LASTLOG 1" >>confdefs.h + + +printf "%s\n" "#define LOGIN_NEEDS_UTMPX 1" >>confdefs.h + + +printf "%s\n" "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h + + +printf "%s\n" "#define SSHPAM_CHAUTHTOK_NEEDS_RUID 1" >>confdefs.h + + +printf "%s\n" "#define PTY_ZEROREAD 1" >>confdefs.h + + +printf "%s\n" "#define PLATFORM_SYS_DIR_UID 2" >>confdefs.h + + +printf "%s\n" "#define BROKEN_STRNDUP 1" >>confdefs.h + + +printf "%s\n" "#define BROKEN_STRNLEN 1" >>confdefs.h + + ;; +*-*-android*) + +printf "%s\n" "#define DISABLE_UTMP 1" >>confdefs.h + + +printf "%s\n" "#define DISABLE_WTMP 1" >>confdefs.h + + ;; +*-*-cygwin*) + LIBS="$LIBS /usr/lib/textreadmode.o" + +printf "%s\n" "#define HAVE_CYGWIN 1" >>confdefs.h + + +printf "%s\n" "#define USE_PIPES 1" >>confdefs.h + + +printf "%s\n" "#define NO_UID_RESTORATION_TEST 1" >>confdefs.h + + +printf "%s\n" "#define DISABLE_SHADOW 1" >>confdefs.h + + +printf "%s\n" "#define NO_X11_UNIX_SOCKETS 1" >>confdefs.h + + +printf "%s\n" "#define DISABLE_FD_PASSING 1" >>confdefs.h + + +printf "%s\n" "#define SSH_IOBUFSZ 65535" >>confdefs.h + + +printf "%s\n" "#define FILESYSTEM_NO_BACKSLASH 1" >>confdefs.h + + # Cygwin defines optargs, optargs as declspec(dllimport) for historical + # reasons which cause compile warnings, so we disable those warnings. + { + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wno-attributes" >&5 +printf %s "checking if $CC supports compile flag -Wno-attributes... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -Wno-attributes" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-Wno-attributes" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, fails at run time" >&5 +printf "%s\n" "no, fails at run time" >&6; } + CFLAGS="$saved_CFLAGS" +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +} + ;; +*-*-dgux*) + +printf "%s\n" "#define IP_TOS_IS_BROKEN 1" >>confdefs.h + + printf "%s\n" "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h + + printf "%s\n" "#define BROKEN_SETREUID 1" >>confdefs.h + + printf "%s\n" "#define BROKEN_SETREGID 1" >>confdefs.h + + ;; +*-*-darwin*) + use_pie=auto + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if we have working getaddrinfo" >&5 +printf %s "checking if we have working getaddrinfo... " >&6; } + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: assume it is working" >&5 +printf "%s\n" "assume it is working" >&6; } +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) + exit(0); + else + exit(1); +} + +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: working" >&5 +printf "%s\n" "working" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: buggy" >&5 +printf "%s\n" "buggy" >&6; } + +printf "%s\n" "#define BROKEN_GETADDRINFO 1" >>confdefs.h + + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + printf "%s\n" "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h + + printf "%s\n" "#define BROKEN_SETREUID 1" >>confdefs.h + + printf "%s\n" "#define BROKEN_SETREGID 1" >>confdefs.h + + +printf "%s\n" "#define BROKEN_GLOB 1" >>confdefs.h + + +printf "%s\n" "#define BIND_8_COMPAT 1" >>confdefs.h + + +printf "%s\n" "#define SSH_TUN_FREEBSD 1" >>confdefs.h + + +printf "%s\n" "#define SSH_TUN_COMPAT_AF 1" >>confdefs.h + + +printf "%s\n" "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h + + + ac_fn_check_decl "$LINENO" "AU_IPv4" "ac_cv_have_decl_AU_IPv4" "$ac_includes_default" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_AU_IPv4" = xyes +then : + +else $as_nop + +printf "%s\n" "#define AU_IPv4 0" >>confdefs.h + + #include + +printf "%s\n" "#define LASTLOG_WRITE_PUTUTXLINE 1" >>confdefs.h + + +fi + +printf "%s\n" "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h + + ac_fn_c_check_func "$LINENO" "sandbox_init" "ac_cv_func_sandbox_init" +if test "x$ac_cv_func_sandbox_init" = xyes +then : + printf "%s\n" "#define HAVE_SANDBOX_INIT 1" >>confdefs.h + +fi + + ac_fn_c_check_header_compile "$LINENO" "sandbox.h" "ac_cv_header_sandbox_h" "$ac_includes_default" +if test "x$ac_cv_header_sandbox_h" = xyes +then : + printf "%s\n" "#define HAVE_SANDBOX_H 1" >>confdefs.h + +fi + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for sandbox_apply in -lsandbox" >&5 +printf %s "checking for sandbox_apply in -lsandbox... " >&6; } +if test ${ac_cv_lib_sandbox_sandbox_apply+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-lsandbox $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char sandbox_apply (); +int +main (void) +{ +return sandbox_apply (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_sandbox_sandbox_apply=yes +else $as_nop + ac_cv_lib_sandbox_sandbox_apply=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_sandbox_sandbox_apply" >&5 +printf "%s\n" "$ac_cv_lib_sandbox_sandbox_apply" >&6; } +if test "x$ac_cv_lib_sandbox_sandbox_apply" = xyes +then : + + SSHDLIBS="$SSHDLIBS -lsandbox" + +fi + + # proc_pidinfo()-based closefrom() replacement. + ac_fn_c_check_header_compile "$LINENO" "libproc.h" "ac_cv_header_libproc_h" "$ac_includes_default" +if test "x$ac_cv_header_libproc_h" = xyes +then : + printf "%s\n" "#define HAVE_LIBPROC_H 1" >>confdefs.h + +fi + + ac_fn_c_check_func "$LINENO" "proc_pidinfo" "ac_cv_func_proc_pidinfo" +if test "x$ac_cv_func_proc_pidinfo" = xyes +then : + printf "%s\n" "#define HAVE_PROC_PIDINFO 1" >>confdefs.h + +fi + + # poll(2) is broken for character-special devices (at least). + # cf. Apple bug 3710161 (not public, but searchable) + +printf "%s\n" "#define BROKEN_POLL 1" >>confdefs.h + + ;; +*-*-dragonfly*) + SSHDLIBS="$SSHDLIBS" + TEST_MALLOC_OPTIONS="AFGJPRX" + ;; +*-*-haiku*) + LIBS="$LIBS -lbsd " + CFLAGS="$CFLAGS -D_BSD_SOURCE" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for socket in -lnetwork" >&5 +printf %s "checking for socket in -lnetwork... " >&6; } +if test ${ac_cv_lib_network_socket+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-lnetwork $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char socket (); +int +main (void) +{ +return socket (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_network_socket=yes +else $as_nop + ac_cv_lib_network_socket=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_network_socket" >&5 +printf "%s\n" "$ac_cv_lib_network_socket" >&6; } +if test "x$ac_cv_lib_network_socket" = xyes +then : + printf "%s\n" "#define HAVE_LIBNETWORK 1" >>confdefs.h + + LIBS="-lnetwork $LIBS" + +fi + + printf "%s\n" "#define HAVE_U_INT64_T 1" >>confdefs.h + + +printf "%s\n" "#define DISABLE_UTMPX 1" >>confdefs.h + + MANTYPE=man + ;; +*-*-hpux*) + # first we define all of the options common to all HP-UX releases + CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" + IPADDR_IN_DISPLAY=yes + printf "%s\n" "#define USE_PIPES 1" >>confdefs.h + + printf "%s\n" "#define LOGIN_NEEDS_UTMPX 1" >>confdefs.h + + +printf "%s\n" "#define LOCKED_PASSWD_STRING \"*\"" >>confdefs.h + + printf "%s\n" "#define SPT_TYPE SPT_PSTAT" >>confdefs.h + + +printf "%s\n" "#define PLATFORM_SYS_DIR_UID 2" >>confdefs.h + + maildir="/var/mail" + LIBS="$LIBS -lsec" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for t_error in -lxnet" >&5 +printf %s "checking for t_error in -lxnet... " >&6; } +if test ${ac_cv_lib_xnet_t_error+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-lxnet $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char t_error (); +int +main (void) +{ +return t_error (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_xnet_t_error=yes +else $as_nop + ac_cv_lib_xnet_t_error=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_xnet_t_error" >&5 +printf "%s\n" "$ac_cv_lib_xnet_t_error" >&6; } +if test "x$ac_cv_lib_xnet_t_error" = xyes +then : + printf "%s\n" "#define HAVE_LIBXNET 1" >>confdefs.h + + LIBS="-lxnet $LIBS" + +else $as_nop + as_fn_error $? "*** -lxnet needed on HP-UX - check config.log ***" "$LINENO" 5 +fi + + + # next, we define all of the options specific to major releases + case "$host" in + *-*-hpux10*) + if test -z "$GCC"; then + CFLAGS="$CFLAGS -Ae" + fi + +printf "%s\n" "#define BROKEN_GETLINE 1" >>confdefs.h + + ;; + *-*-hpux11*) + +printf "%s\n" "#define PAM_SUN_CODEBASE 1" >>confdefs.h + + +printf "%s\n" "#define DISABLE_UTMP 1" >>confdefs.h + + +printf "%s\n" "#define USE_BTMP 1" >>confdefs.h + + check_for_hpux_broken_getaddrinfo=1 + check_for_conflicting_getspnam=1 + ;; + esac + + # lastly, we define options specific to minor releases + case "$host" in + *-*-hpux10.26) + +printf "%s\n" "#define HAVE_SECUREWARE 1" >>confdefs.h + + disable_ptmx_check=yes + LIBS="$LIBS -lsecpw" + ;; + esac + ;; +*-*-irix5*) + PATH="$PATH:/usr/etc" + +printf "%s\n" "#define BROKEN_INET_NTOA 1" >>confdefs.h + + printf "%s\n" "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h + + printf "%s\n" "#define BROKEN_SETREUID 1" >>confdefs.h + + printf "%s\n" "#define BROKEN_SETREGID 1" >>confdefs.h + + +printf "%s\n" "#define WITH_ABBREV_NO_TTY 1" >>confdefs.h + + printf "%s\n" "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h + + ;; +*-*-irix6*) + PATH="$PATH:/usr/etc" + +printf "%s\n" "#define WITH_IRIX_ARRAY 1" >>confdefs.h + + +printf "%s\n" "#define WITH_IRIX_PROJECT 1" >>confdefs.h + + +printf "%s\n" "#define WITH_IRIX_AUDIT 1" >>confdefs.h + + ac_fn_c_check_func "$LINENO" "jlimit_startjob" "ac_cv_func_jlimit_startjob" +if test "x$ac_cv_func_jlimit_startjob" = xyes +then : + +printf "%s\n" "#define WITH_IRIX_JOBS 1" >>confdefs.h + +fi + + printf "%s\n" "#define BROKEN_INET_NTOA 1" >>confdefs.h + + printf "%s\n" "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h + + printf "%s\n" "#define BROKEN_SETREUID 1" >>confdefs.h + + printf "%s\n" "#define BROKEN_SETREGID 1" >>confdefs.h + + +printf "%s\n" "#define BROKEN_UPDWTMPX 1" >>confdefs.h + + printf "%s\n" "#define WITH_ABBREV_NO_TTY 1" >>confdefs.h + + printf "%s\n" "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h + + ;; +*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) + printf "%s\n" "#define PAM_TTY_KLUDGE 1" >>confdefs.h + + printf "%s\n" "#define LOCKED_PASSWD_PREFIX \"!\"" >>confdefs.h + + printf "%s\n" "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h + + +printf "%s\n" "#define _PATH_BTMP \"/var/log/btmp\"" >>confdefs.h + + +printf "%s\n" "#define USE_BTMP 1" >>confdefs.h + + ;; +*-*-linux*) + no_dev_ptmx=1 + use_pie=auto + check_for_openpty_ctty_bug=1 + CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE" + +printf "%s\n" "#define BROKEN_CLOSEFROM 1" >>confdefs.h + + +printf "%s\n" "#define PAM_TTY_KLUDGE 1" >>confdefs.h + + +printf "%s\n" "#define LOCKED_PASSWD_PREFIX \"!\"" >>confdefs.h + + printf "%s\n" "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h + + +printf "%s\n" "#define LINK_OPNOTSUPP_ERRNO EPERM" >>confdefs.h + + +printf "%s\n" "#define _PATH_BTMP \"/var/log/btmp\"" >>confdefs.h + + printf "%s\n" "#define USE_BTMP 1" >>confdefs.h + + +printf "%s\n" "#define LINUX_OOM_ADJUST 1" >>confdefs.h + + +printf "%s\n" "#define SYSTEMD_NOTIFY 1" >>confdefs.h + + inet6_default_4in6=yes + case `uname -r` in + 1.*|2.0.*) + +printf "%s\n" "#define BROKEN_CMSG_TYPE 1" >>confdefs.h + + ;; + esac + # tun(4) forwarding compat code + ac_fn_c_check_header_compile "$LINENO" "linux/if_tun.h" "ac_cv_header_linux_if_tun_h" "$ac_includes_default" +if test "x$ac_cv_header_linux_if_tun_h" = xyes +then : + printf "%s\n" "#define HAVE_LINUX_IF_TUN_H 1" >>confdefs.h + +fi + + if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then + +printf "%s\n" "#define SSH_TUN_LINUX 1" >>confdefs.h + + +printf "%s\n" "#define SSH_TUN_COMPAT_AF 1" >>confdefs.h + + +printf "%s\n" "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h + + fi + ac_fn_c_check_header_compile "$LINENO" "linux/if.h" "ac_cv_header_linux_if_h" " +#ifdef HAVE_SYS_TYPES_H +# include +#endif + +" +if test "x$ac_cv_header_linux_if_h" = xyes +then : + +printf "%s\n" "#define SYS_RDOMAIN_LINUX 1" >>confdefs.h + +fi + + ac_fn_c_check_header_compile "$LINENO" "linux/seccomp.h" "ac_cv_header_linux_seccomp_h" "#include +" +if test "x$ac_cv_header_linux_seccomp_h" = xyes +then : + printf "%s\n" "#define HAVE_LINUX_SECCOMP_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "linux/filter.h" "ac_cv_header_linux_filter_h" "#include +" +if test "x$ac_cv_header_linux_filter_h" = xyes +then : + printf "%s\n" "#define HAVE_LINUX_FILTER_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "linux/audit.h" "ac_cv_header_linux_audit_h" "#include +" +if test "x$ac_cv_header_linux_audit_h" = xyes +then : + printf "%s\n" "#define HAVE_LINUX_AUDIT_H 1" >>confdefs.h + +fi + + # Obtain MIPS ABI + case "$host" in + mips*) + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#if _MIPS_SIM != _ABIO32 +#error +#endif + +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + mips_abi="o32" +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#if _MIPS_SIM != _ABIN32 +#error +#endif + +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + mips_abi="n32" +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#if _MIPS_SIM != _ABI64 +#error +#endif + +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + mips_abi="n64" +else $as_nop + as_fn_error $? "unknown MIPS ABI" "$LINENO" 5 + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + ;; + esac + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for seccomp architecture" >&5 +printf %s "checking for seccomp architecture... " >&6; } + seccomp_audit_arch= + case "$host" in + x86_64-*) + seccomp_audit_arch=AUDIT_ARCH_X86_64 + ;; + i*86-*) + seccomp_audit_arch=AUDIT_ARCH_I386 + ;; + arm*-*) + seccomp_audit_arch=AUDIT_ARCH_ARM + ;; + aarch64*-*) + seccomp_audit_arch=AUDIT_ARCH_AARCH64 + ;; + s390x-*) + seccomp_audit_arch=AUDIT_ARCH_S390X + ;; + s390-*) + seccomp_audit_arch=AUDIT_ARCH_S390 + ;; + powerpc-*) + seccomp_audit_arch=AUDIT_ARCH_PPC + ;; + powerpc64-*) + seccomp_audit_arch=AUDIT_ARCH_PPC64 + ;; + powerpc64le-*) + seccomp_audit_arch=AUDIT_ARCH_PPC64LE + ;; + mips-*) + seccomp_audit_arch=AUDIT_ARCH_MIPS + ;; + mipsel-*) + seccomp_audit_arch=AUDIT_ARCH_MIPSEL + ;; + mips64-*) + case "$mips_abi" in + "n32") + seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 + ;; + "n64") + seccomp_audit_arch=AUDIT_ARCH_MIPS64 + ;; + esac + ;; + mips64el-*) + case "$mips_abi" in + "n32") + seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 + ;; + "n64") + seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 + ;; + esac + ;; + riscv64-*) + seccomp_audit_arch=AUDIT_ARCH_RISCV64 + ;; + esac + if test "x$seccomp_audit_arch" != "x" ; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: \"$seccomp_audit_arch\"" >&5 +printf "%s\n" "\"$seccomp_audit_arch\"" >&6; } + +printf "%s\n" "#define SECCOMP_AUDIT_ARCH $seccomp_audit_arch" >>confdefs.h + + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: architecture not supported" >&5 +printf "%s\n" "architecture not supported" >&6; } + fi + ;; +*-*-minix) + printf "%s\n" "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h + + # poll(2) seems to choke on /dev/null; "Bad file descriptor" + +printf "%s\n" "#define BROKEN_POLL 1" >>confdefs.h + + ;; +mips-sony-bsd|mips-sony-newsos4) + +printf "%s\n" "#define NEED_SETPGRP 1" >>confdefs.h + + SONY=1 + ;; +*-*-netbsd*) + if test "x$withval" != "xno" ; then + rpath_opt="-R" + fi + CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" + +printf "%s\n" "#define SSH_TUN_FREEBSD 1" >>confdefs.h + + ac_fn_c_check_header_compile "$LINENO" "net/if_tap.h" "ac_cv_header_net_if_tap_h" "$ac_includes_default" +if test "x$ac_cv_header_net_if_tap_h" = xyes +then : + +else $as_nop + +printf "%s\n" "#define SSH_TUN_NO_L2 1" >>confdefs.h + +fi + + +printf "%s\n" "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h + + TEST_MALLOC_OPTIONS="AJRX" + +printf "%s\n" "#define BROKEN_READ_COMPARISON 1" >>confdefs.h + + ;; +*-*-freebsd*) + +printf "%s\n" "#define LOCKED_PASSWD_PREFIX \"*LOCKED*\"" >>confdefs.h + + +printf "%s\n" "#define SSH_TUN_FREEBSD 1" >>confdefs.h + + ac_fn_c_check_header_compile "$LINENO" "net/if_tap.h" "ac_cv_header_net_if_tap_h" "$ac_includes_default" +if test "x$ac_cv_header_net_if_tap_h" = xyes +then : + +else $as_nop + +printf "%s\n" "#define SSH_TUN_NO_L2 1" >>confdefs.h + +fi + + +printf "%s\n" "#define BROKEN_GLOB 1" >>confdefs.h + + TEST_MALLOC_OPTIONS="AJRX" + # Preauth crypto occasionally uses file descriptors for crypto offload + # and will crash if they cannot be opened. + +printf "%s\n" "#define SANDBOX_SKIP_RLIMIT_NOFILE 1" >>confdefs.h + + case "$host" in + *-*-freebsd9.*|*-*-freebsd10.*) + # Capsicum on 9 and 10 do not allow ppoll() so don't auto-enable. + disable_capsicum=yes + esac + ;; +*-*-bsdi*) + printf "%s\n" "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h + + printf "%s\n" "#define BROKEN_SETREUID 1" >>confdefs.h + + printf "%s\n" "#define BROKEN_SETREGID 1" >>confdefs.h + + ;; +*-next-*) + conf_lastlog_location="/usr/adm/lastlog" + conf_utmp_location=/etc/utmp + conf_wtmp_location=/usr/adm/wtmp + maildir=/usr/spool/mail + +printf "%s\n" "#define HAVE_NEXT 1" >>confdefs.h + + printf "%s\n" "#define USE_PIPES 1" >>confdefs.h + + +printf "%s\n" "#define BROKEN_SAVED_UIDS 1" >>confdefs.h + + ;; +*-*-openbsd*) + use_pie=auto + +printf "%s\n" "#define HAVE_ATTRIBUTE__SENTINEL__ 1" >>confdefs.h + + +printf "%s\n" "#define HAVE_ATTRIBUTE__BOUNDED__ 1" >>confdefs.h + + +printf "%s\n" "#define SSH_TUN_OPENBSD 1" >>confdefs.h + + +printf "%s\n" "#define SYSLOG_R_SAFE_IN_SIGHAND 1" >>confdefs.h + + TEST_MALLOC_OPTIONS="AFGJPRX" + ;; +*-*-solaris*) + if test "x$withval" != "xno" ; then + rpath_opt="-R" + fi + printf "%s\n" "#define PAM_SUN_CODEBASE 1" >>confdefs.h + + printf "%s\n" "#define LOGIN_NEEDS_UTMPX 1" >>confdefs.h + + printf "%s\n" "#define PAM_TTY_KLUDGE 1" >>confdefs.h + + +printf "%s\n" "#define SSHPAM_CHAUTHTOK_NEEDS_RUID 1" >>confdefs.h + + printf "%s\n" "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h + + # Pushing STREAMS modules will cause sshd to acquire a controlling tty. + +printf "%s\n" "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h + + +printf "%s\n" "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h + + +printf "%s\n" "#define BROKEN_TCGETATTR_ICANON 1" >>confdefs.h + + external_path_file=/etc/default/login + # hardwire lastlog location (can't detect it on some versions) + conf_lastlog_location="/var/adm/lastlog" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for obsolete utmp and wtmp in solaris2.x" >&5 +printf %s "checking for obsolete utmp and wtmp in solaris2.x... " >&6; } + sol2ver=`echo "$host"| sed -e 's/.*[0-9]\.//'` + if test "$sol2ver" -ge 8; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + printf "%s\n" "#define DISABLE_UTMP 1" >>confdefs.h + + +printf "%s\n" "#define DISABLE_WTMP 1" >>confdefs.h + + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + fi + ac_fn_c_check_func "$LINENO" "setpflags" "ac_cv_func_setpflags" +if test "x$ac_cv_func_setpflags" = xyes +then : + printf "%s\n" "#define HAVE_SETPFLAGS 1" >>confdefs.h + +fi + + ac_fn_c_check_func "$LINENO" "setppriv" "ac_cv_func_setppriv" +if test "x$ac_cv_func_setppriv" = xyes +then : + printf "%s\n" "#define HAVE_SETPPRIV 1" >>confdefs.h + +fi + + ac_fn_c_check_func "$LINENO" "priv_basicset" "ac_cv_func_priv_basicset" +if test "x$ac_cv_func_priv_basicset" = xyes +then : + printf "%s\n" "#define HAVE_PRIV_BASICSET 1" >>confdefs.h + +fi + + ac_fn_c_check_header_compile "$LINENO" "priv.h" "ac_cv_header_priv_h" "$ac_includes_default" +if test "x$ac_cv_header_priv_h" = xyes +then : + printf "%s\n" "#define HAVE_PRIV_H 1" >>confdefs.h + +fi + + +# Check whether --with-solaris-contracts was given. +if test ${with_solaris_contracts+y} +then : + withval=$with_solaris_contracts; + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ct_tmpl_activate in -lcontract" >&5 +printf %s "checking for ct_tmpl_activate in -lcontract... " >&6; } +if test ${ac_cv_lib_contract_ct_tmpl_activate+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-lcontract $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char ct_tmpl_activate (); +int +main (void) +{ +return ct_tmpl_activate (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_contract_ct_tmpl_activate=yes +else $as_nop + ac_cv_lib_contract_ct_tmpl_activate=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_contract_ct_tmpl_activate" >&5 +printf "%s\n" "$ac_cv_lib_contract_ct_tmpl_activate" >&6; } +if test "x$ac_cv_lib_contract_ct_tmpl_activate" = xyes +then : + +printf "%s\n" "#define USE_SOLARIS_PROCESS_CONTRACTS 1" >>confdefs.h + + LIBS="$LIBS -lcontract" + SPC_MSG="yes" +fi + + +fi + + +# Check whether --with-solaris-projects was given. +if test ${with_solaris_projects+y} +then : + withval=$with_solaris_projects; + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for setproject in -lproject" >&5 +printf %s "checking for setproject in -lproject... " >&6; } +if test ${ac_cv_lib_project_setproject+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-lproject $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char setproject (); +int +main (void) +{ +return setproject (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_project_setproject=yes +else $as_nop + ac_cv_lib_project_setproject=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_project_setproject" >&5 +printf "%s\n" "$ac_cv_lib_project_setproject" >&6; } +if test "x$ac_cv_lib_project_setproject" = xyes +then : + +printf "%s\n" "#define USE_SOLARIS_PROJECTS 1" >>confdefs.h + + LIBS="$LIBS -lproject" + SP_MSG="yes" +fi + + +fi + + +# Check whether --with-solaris-privs was given. +if test ${with_solaris_privs+y} +then : + withval=$with_solaris_privs; + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for Solaris/Illumos privilege support" >&5 +printf %s "checking for Solaris/Illumos privilege support... " >&6; } + if test "x$ac_cv_func_setppriv" = "xyes" -a \ + "x$ac_cv_header_priv_h" = "xyes" ; then + SOLARIS_PRIVS=yes + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: found" >&5 +printf "%s\n" "found" >&6; } + +printf "%s\n" "#define NO_UID_RESTORATION_TEST 1" >>confdefs.h + + +printf "%s\n" "#define USE_SOLARIS_PRIVS 1" >>confdefs.h + + SPP_MSG="yes" + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: not found" >&5 +printf "%s\n" "not found" >&6; } + as_fn_error $? "*** must have support for Solaris privileges to use --with-solaris-privs" "$LINENO" 5 + fi + +fi + + TEST_SHELL=$SHELL # let configure find us a capable shell + ;; +*-*-sunos4*) + CPPFLAGS="$CPPFLAGS -DSUNOS4" + ac_fn_c_check_func "$LINENO" "getpwanam" "ac_cv_func_getpwanam" +if test "x$ac_cv_func_getpwanam" = xyes +then : + printf "%s\n" "#define HAVE_GETPWANAM 1" >>confdefs.h + +fi + + printf "%s\n" "#define PAM_SUN_CODEBASE 1" >>confdefs.h + + conf_utmp_location=/etc/utmp + conf_wtmp_location=/var/adm/wtmp + conf_lastlog_location=/var/adm/lastlog + printf "%s\n" "#define USE_PIPES 1" >>confdefs.h + + +printf "%s\n" "#define DISABLE_UTMPX 1" >>confdefs.h + + ;; +*-ncr-sysv*) + LIBS="$LIBS -lc89" + printf "%s\n" "#define USE_PIPES 1" >>confdefs.h + + printf "%s\n" "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h + + printf "%s\n" "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h + + printf "%s\n" "#define BROKEN_SETREUID 1" >>confdefs.h + + printf "%s\n" "#define BROKEN_SETREGID 1" >>confdefs.h + + ;; +*-sni-sysv*) + # /usr/ucblib MUST NOT be searched on ReliantUNIX + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlsym in -ldl" >&5 +printf %s "checking for dlsym in -ldl... " >&6; } +if test ${ac_cv_lib_dl_dlsym+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldl $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char dlsym (); +int +main (void) +{ +return dlsym (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_dl_dlsym=yes +else $as_nop + ac_cv_lib_dl_dlsym=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlsym" >&5 +printf "%s\n" "$ac_cv_lib_dl_dlsym" >&6; } +if test "x$ac_cv_lib_dl_dlsym" = xyes +then : + printf "%s\n" "#define HAVE_LIBDL 1" >>confdefs.h + + LIBS="-ldl $LIBS" + +fi + + # -lresolv needs to be at the end of LIBS or DNS lookups break + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for res_query in -lresolv" >&5 +printf %s "checking for res_query in -lresolv... " >&6; } +if test ${ac_cv_lib_resolv_res_query+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-lresolv $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char res_query (); +int +main (void) +{ +return res_query (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_resolv_res_query=yes +else $as_nop + ac_cv_lib_resolv_res_query=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_res_query" >&5 +printf "%s\n" "$ac_cv_lib_resolv_res_query" >&6; } +if test "x$ac_cv_lib_resolv_res_query" = xyes +then : + LIBS="$LIBS -lresolv" +fi + + IPADDR_IN_DISPLAY=yes + printf "%s\n" "#define USE_PIPES 1" >>confdefs.h + + printf "%s\n" "#define IP_TOS_IS_BROKEN 1" >>confdefs.h + + printf "%s\n" "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h + + printf "%s\n" "#define BROKEN_SETREUID 1" >>confdefs.h + + printf "%s\n" "#define BROKEN_SETREGID 1" >>confdefs.h + + printf "%s\n" "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h + + external_path_file=/etc/default/login + # /usr/ucblib/libucb.a no longer needed on ReliantUNIX + # Attention: always take care to bind libsocket and libnsl before libc, + # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog + ;; +# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. +*-*-sysv4.2*) + printf "%s\n" "#define USE_PIPES 1" >>confdefs.h + + printf "%s\n" "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h + + printf "%s\n" "#define BROKEN_SETREUID 1" >>confdefs.h + + printf "%s\n" "#define BROKEN_SETREGID 1" >>confdefs.h + + +printf "%s\n" "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h + + printf "%s\n" "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h + + TEST_SHELL=$SHELL # let configure find us a capable shell + ;; +# UnixWare 7.x, OpenUNIX 8 +*-*-sysv5*) + CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" + +printf "%s\n" "#define UNIXWARE_LONG_PASSWORDS 1" >>confdefs.h + + printf "%s\n" "#define USE_PIPES 1" >>confdefs.h + + printf "%s\n" "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h + + printf "%s\n" "#define BROKEN_GETADDRINFO 1" >>confdefs.h + + printf "%s\n" "#define BROKEN_SETREUID 1" >>confdefs.h + + printf "%s\n" "#define BROKEN_SETREGID 1" >>confdefs.h + + printf "%s\n" "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h + + printf "%s\n" "#define BROKEN_TCGETATTR_ICANON 1" >>confdefs.h + + TEST_SHELL=$SHELL # let configure find us a capable shell + case "$host" in + *-*-sysv5SCO_SV*) # SCO OpenServer 6.x + maildir=/var/spool/mail + printf "%s\n" "#define BROKEN_UPDWTMPX 1" >>confdefs.h + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for getluid in -lprot" >&5 +printf %s "checking for getluid in -lprot... " >&6; } +if test ${ac_cv_lib_prot_getluid+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-lprot $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char getluid (); +int +main (void) +{ +return getluid (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_prot_getluid=yes +else $as_nop + ac_cv_lib_prot_getluid=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_prot_getluid" >&5 +printf "%s\n" "$ac_cv_lib_prot_getluid" >&6; } +if test "x$ac_cv_lib_prot_getluid" = xyes +then : + LIBS="$LIBS -lprot" + ac_fn_c_check_func "$LINENO" "getluid" "ac_cv_func_getluid" +if test "x$ac_cv_func_getluid" = xyes +then : + printf "%s\n" "#define HAVE_GETLUID 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "setluid" "ac_cv_func_setluid" +if test "x$ac_cv_func_setluid" = xyes +then : + printf "%s\n" "#define HAVE_SETLUID 1" >>confdefs.h + +fi + + +fi + + ;; + *) printf "%s\n" "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h + + ;; + esac + ;; +*-*-sysv*) + ;; +# SCO UNIX and OEM versions of SCO UNIX +*-*-sco3.2v4*) + as_fn_error $? "\"This Platform is no longer supported.\"" "$LINENO" 5 + ;; +# SCO OpenServer 5.x +*-*-sco3.2v5*) + if test -z "$GCC"; then + CFLAGS="$CFLAGS -belf" + fi + LIBS="$LIBS -lprot -lx -ltinfo -lm" + no_dev_ptmx=1 + printf "%s\n" "#define USE_PIPES 1" >>confdefs.h + + printf "%s\n" "#define HAVE_SECUREWARE 1" >>confdefs.h + + printf "%s\n" "#define DISABLE_SHADOW 1" >>confdefs.h + + printf "%s\n" "#define DISABLE_FD_PASSING 1" >>confdefs.h + + printf "%s\n" "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h + + printf "%s\n" "#define BROKEN_GETADDRINFO 1" >>confdefs.h + + printf "%s\n" "#define BROKEN_SETREUID 1" >>confdefs.h + + printf "%s\n" "#define BROKEN_SETREGID 1" >>confdefs.h + + printf "%s\n" "#define WITH_ABBREV_NO_TTY 1" >>confdefs.h + + printf "%s\n" "#define BROKEN_UPDWTMPX 1" >>confdefs.h + + printf "%s\n" "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h + + ac_fn_c_check_func "$LINENO" "getluid" "ac_cv_func_getluid" +if test "x$ac_cv_func_getluid" = xyes +then : + printf "%s\n" "#define HAVE_GETLUID 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "setluid" "ac_cv_func_setluid" +if test "x$ac_cv_func_setluid" = xyes +then : + printf "%s\n" "#define HAVE_SETLUID 1" >>confdefs.h + +fi + + MANTYPE=man + TEST_SHELL=$SHELL # let configure find us a capable shell + SKIP_DISABLE_LASTLOG_DEFINE=yes + ;; +*-dec-osf*) + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for Digital Unix SIA" >&5 +printf %s "checking for Digital Unix SIA... " >&6; } + no_osfsia="" + +# Check whether --with-osfsia was given. +if test ${with_osfsia+y} +then : + withval=$with_osfsia; + if test "x$withval" = "xno" ; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: disabled" >&5 +printf "%s\n" "disabled" >&6; } + no_osfsia=1 + fi + +fi + + if test -z "$no_osfsia" ; then + if test -f /etc/sia/matrix.conf; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +printf "%s\n" "#define HAVE_OSF_SIA 1" >>confdefs.h + + +printf "%s\n" "#define DISABLE_LOGIN 1" >>confdefs.h + + printf "%s\n" "#define DISABLE_FD_PASSING 1" >>confdefs.h + + LIBS="$LIBS -lsecurity -ldb -lm -laud" + SIA_MSG="yes" + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +printf "%s\n" "#define LOCKED_PASSWD_SUBSTR \"Nologin\"" >>confdefs.h + + fi + fi + printf "%s\n" "#define BROKEN_GETADDRINFO 1" >>confdefs.h + + printf "%s\n" "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h + + printf "%s\n" "#define BROKEN_SETREUID 1" >>confdefs.h + + printf "%s\n" "#define BROKEN_SETREGID 1" >>confdefs.h + + +printf "%s\n" "#define BROKEN_READV_COMPARISON 1" >>confdefs.h + + ;; + +*-*-nto-qnx*) + printf "%s\n" "#define USE_PIPES 1" >>confdefs.h + + printf "%s\n" "#define NO_X11_UNIX_SOCKETS 1" >>confdefs.h + + printf "%s\n" "#define DISABLE_LASTLOG 1" >>confdefs.h + + printf "%s\n" "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h + + +printf "%s\n" "#define BROKEN_SHADOW_EXPIRE 1" >>confdefs.h + + enable_etc_default_login=no # has incompatible /etc/default/login + case "$host" in + *-*-nto-qnx6*) + printf "%s\n" "#define DISABLE_FD_PASSING 1" >>confdefs.h + + ;; + esac + ;; + +*-*-ultrix*) + +printf "%s\n" "#define BROKEN_GETGROUPS 1" >>confdefs.h + + +printf "%s\n" "#define NEED_SETPGRP 1" >>confdefs.h + + +printf "%s\n" "#define HAVE_SYS_SYSLOG_H 1" >>confdefs.h + + +printf "%s\n" "#define DISABLE_UTMPX 1" >>confdefs.h + + # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we + # don't get a controlling tty. + +printf "%s\n" "#define DISABLE_FD_PASSING 1" >>confdefs.h + + # On Ultrix some headers are not protected against multiple includes, + # so we create wrappers and put it where the compiler will find it. + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: creating compat wrappers for headers" >&5 +printf "%s\n" "$as_me: WARNING: creating compat wrappers for headers" >&2;} + mkdir -p netinet + for header in netinet/ip.h netdb.h resolv.h; do + name=`echo $header | tr 'a-z/.' 'A-Z__'` + cat >$header <>confdefs.h + + ;; +esac + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking compiler and flags for sanity" >&5 +printf %s "checking compiler and flags for sanity... " >&6; } +if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking compiler sanity" >&5 +printf "%s\n" "$as_me: WARNING: cross compiling: not checking compiler sanity" >&2;} + +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main (void) +{ + exit(0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +else $as_nop + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + as_fn_error $? "*** compiler cannot create working executables, check config.log ***" "$LINENO" 5 + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +# Checks for libraries. +ac_fn_c_check_func "$LINENO" "setsockopt" "ac_cv_func_setsockopt" +if test "x$ac_cv_func_setsockopt" = xyes +then : + +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for setsockopt in -lsocket" >&5 +printf %s "checking for setsockopt in -lsocket... " >&6; } +if test ${ac_cv_lib_socket_setsockopt+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-lsocket $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char setsockopt (); +int +main (void) +{ +return setsockopt (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_socket_setsockopt=yes +else $as_nop + ac_cv_lib_socket_setsockopt=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_setsockopt" >&5 +printf "%s\n" "$ac_cv_lib_socket_setsockopt" >&6; } +if test "x$ac_cv_lib_socket_setsockopt" = xyes +then : + printf "%s\n" "#define HAVE_LIBSOCKET 1" >>confdefs.h + + LIBS="-lsocket $LIBS" + +fi + +fi + + + + for ac_func in dirname +do : + ac_fn_c_check_func "$LINENO" "dirname" "ac_cv_func_dirname" +if test "x$ac_cv_func_dirname" = xyes +then : + printf "%s\n" "#define HAVE_DIRNAME 1" >>confdefs.h + ac_fn_c_check_header_compile "$LINENO" "libgen.h" "ac_cv_header_libgen_h" "$ac_includes_default" +if test "x$ac_cv_header_libgen_h" = xyes +then : + printf "%s\n" "#define HAVE_LIBGEN_H 1" >>confdefs.h + +fi + +else $as_nop + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dirname in -lgen" >&5 +printf %s "checking for dirname in -lgen... " >&6; } +if test ${ac_cv_lib_gen_dirname+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-lgen $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char dirname (); +int +main (void) +{ +return dirname (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_gen_dirname=yes +else $as_nop + ac_cv_lib_gen_dirname=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gen_dirname" >&5 +printf "%s\n" "$ac_cv_lib_gen_dirname" >&6; } +if test "x$ac_cv_lib_gen_dirname" = xyes +then : + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for broken dirname" >&5 +printf %s "checking for broken dirname... " >&6; } +if test ${ac_cv_have_broken_dirname+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + save_LIBS="$LIBS" + LIBS="$LIBS -lgen" + if test "$cross_compiling" = yes +then : + ac_cv_have_broken_dirname="no" +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include + +int main(int argc, char **argv) { + char *s, buf[32]; + + strncpy(buf,"/etc", 32); + s = dirname(buf); + if (!s || strncmp(s, "/", 32) != 0) { + exit(1); + } else { + exit(0); + } +} + +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + ac_cv_have_broken_dirname="no" +else $as_nop + ac_cv_have_broken_dirname="yes" +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + LIBS="$save_LIBS" + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_broken_dirname" >&5 +printf "%s\n" "$ac_cv_have_broken_dirname" >&6; } + if test "x$ac_cv_have_broken_dirname" = "xno" ; then + LIBS="$LIBS -lgen" + printf "%s\n" "#define HAVE_DIRNAME 1" >>confdefs.h + + ac_fn_c_check_header_compile "$LINENO" "libgen.h" "ac_cv_header_libgen_h" "$ac_includes_default" +if test "x$ac_cv_header_libgen_h" = xyes +then : + printf "%s\n" "#define HAVE_LIBGEN_H 1" >>confdefs.h + +fi + + fi + +fi + + +fi + +done + +ac_fn_c_check_func "$LINENO" "getspnam" "ac_cv_func_getspnam" +if test "x$ac_cv_func_getspnam" = xyes +then : + +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for getspnam in -lgen" >&5 +printf %s "checking for getspnam in -lgen... " >&6; } +if test ${ac_cv_lib_gen_getspnam+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-lgen $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char getspnam (); +int +main (void) +{ +return getspnam (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_gen_getspnam=yes +else $as_nop + ac_cv_lib_gen_getspnam=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gen_getspnam" >&5 +printf "%s\n" "$ac_cv_lib_gen_getspnam" >&6; } +if test "x$ac_cv_lib_gen_getspnam" = xyes +then : + LIBS="$LIBS -lgen" +fi + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing basename" >&5 +printf %s "checking for library containing basename... " >&6; } +if test ${ac_cv_search_basename+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char basename (); +int +main (void) +{ +return basename (); + ; + return 0; +} +_ACEOF +for ac_lib in '' gen +do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO" +then : + ac_cv_search_basename=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext + if test ${ac_cv_search_basename+y} +then : + break +fi +done +if test ${ac_cv_search_basename+y} +then : + +else $as_nop + ac_cv_search_basename=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_basename" >&5 +printf "%s\n" "$ac_cv_search_basename" >&6; } +ac_res=$ac_cv_search_basename +if test "$ac_res" != no +then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +printf "%s\n" "#define HAVE_BASENAME 1" >>confdefs.h + +fi + + +zlib=yes + +# Check whether --with-zlib was given. +if test ${with_zlib+y} +then : + withval=$with_zlib; if test "x$withval" = "xno" ; then + zlib=no + elif test "x$withval" != "xyes"; then + if test -d "$withval/lib"; then + if test -n "${rpath_opt}"; then + LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" + else + LDFLAGS="-L${withval}/lib ${LDFLAGS}" + fi + else + if test -n "${rpath_opt}"; then + LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" + else + LDFLAGS="-L${withval} ${LDFLAGS}" + fi + fi + if test -d "$withval/include"; then + CPPFLAGS="-I${withval}/include ${CPPFLAGS}" + else + CPPFLAGS="-I${withval} ${CPPFLAGS}" + fi + fi + +fi + + +# These libraries are needed for anything that links in the channel code. +CHANNELLIBS="" +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for zlib" >&5 +printf %s "checking for zlib... " >&6; } +if test "x${zlib}" = "xno"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +else + saved_LIBS="$LIBS" + CHANNELLIBS="$CHANNELLIBS -lz" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +printf "%s\n" "#define WITH_ZLIB 1" >>confdefs.h + + ac_fn_c_check_header_compile "$LINENO" "zlib.h" "ac_cv_header_zlib_h" "$ac_includes_default" +if test "x$ac_cv_header_zlib_h" = xyes +then : + +else $as_nop + as_fn_error $? "*** zlib.h missing - please install first or check config.log ***" "$LINENO" 5 +fi + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for deflate in -lz" >&5 +printf %s "checking for deflate in -lz... " >&6; } +if test ${ac_cv_lib_z_deflate+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-lz $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char deflate (); +int +main (void) +{ +return deflate (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_z_deflate=yes +else $as_nop + ac_cv_lib_z_deflate=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_deflate" >&5 +printf "%s\n" "$ac_cv_lib_z_deflate" >&6; } +if test "x$ac_cv_lib_z_deflate" = xyes +then : + printf "%s\n" "#define HAVE_LIBZ 1" >>confdefs.h + + LIBS="-lz $LIBS" + +else $as_nop + + saved_CPPFLAGS="$CPPFLAGS" + saved_LDFLAGS="$LDFLAGS" + if test -n "${rpath_opt}"; then + LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}" + else + LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" + fi + CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char deflate (); +int +main (void) +{ +return deflate (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + printf "%s\n" "#define HAVE_LIBZ 1" >>confdefs.h + +else $as_nop + + as_fn_error $? "*** zlib missing - please install first or check config.log ***" "$LINENO" 5 + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + + +fi + + + +# Check whether --with-zlib-version-check was given. +if test ${with_zlib_version_check+y} +then : + withval=$with_zlib_version_check; if test "x$withval" = "xno" ; then + zlib_check_nonfatal=1 + fi + + +fi + + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for possibly buggy zlib" >&5 +printf %s "checking for possibly buggy zlib... " >&6; } + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking zlib version" >&5 +printf "%s\n" "$as_me: WARNING: cross compiling: not checking zlib version" >&2;} + +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include + +int +main (void) +{ + + int a=0, b=0, c=0, d=0, n, v; + n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); + if (n < 1) + exit(1); + v = a*1000000 + b*10000 + c*100 + d; + fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); + + /* 1.1.4 is OK */ + if (a == 1 && b == 1 && c >= 4) + exit(0); + + /* 1.2.3 and up are OK */ + if (v >= 1020300) + exit(0); + + exit(2); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + if test -z "$zlib_check_nonfatal" ; then + as_fn_error $? "*** zlib too old - check config.log *** +Your reported zlib version has known security problems. It's possible your +vendor has fixed these problems without changing the version number. If you +are sure this is the case, you can disable the check by running +\"./configure --without-zlib-version-check\". +If you are in doubt, upgrade zlib to version 1.2.3 or greater. +See http://www.gzip.org/zlib/ for details." "$LINENO" 5 + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: zlib version may have security problems" >&5 +printf "%s\n" "$as_me: WARNING: zlib version may have security problems" >&2;} + fi + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + LIBS="$saved_LIBS" +fi + +ac_fn_c_check_func "$LINENO" "strcasecmp" "ac_cv_func_strcasecmp" +if test "x$ac_cv_func_strcasecmp" = xyes +then : + +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for strcasecmp in -lresolv" >&5 +printf %s "checking for strcasecmp in -lresolv... " >&6; } +if test ${ac_cv_lib_resolv_strcasecmp+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-lresolv $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char strcasecmp (); +int +main (void) +{ +return strcasecmp (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_resolv_strcasecmp=yes +else $as_nop + ac_cv_lib_resolv_strcasecmp=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_strcasecmp" >&5 +printf "%s\n" "$ac_cv_lib_resolv_strcasecmp" >&6; } +if test "x$ac_cv_lib_resolv_strcasecmp" = xyes +then : + LIBS="$LIBS -lresolv" +fi + + +fi + + + for ac_func in utimes +do : + ac_fn_c_check_func "$LINENO" "utimes" "ac_cv_func_utimes" +if test "x$ac_cv_func_utimes" = xyes +then : + printf "%s\n" "#define HAVE_UTIMES 1" >>confdefs.h + +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for utimes in -lc89" >&5 +printf %s "checking for utimes in -lc89... " >&6; } +if test ${ac_cv_lib_c89_utimes+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-lc89 $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char utimes (); +int +main (void) +{ +return utimes (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_c89_utimes=yes +else $as_nop + ac_cv_lib_c89_utimes=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_c89_utimes" >&5 +printf "%s\n" "$ac_cv_lib_c89_utimes" >&6; } +if test "x$ac_cv_lib_c89_utimes" = xyes +then : + printf "%s\n" "#define HAVE_UTIMES 1" >>confdefs.h + + LIBS="$LIBS -lc89" +fi + + +fi + +done + +ac_fn_c_check_header_compile "$LINENO" "bsd/libutil.h" "ac_cv_header_bsd_libutil_h" "$ac_includes_default" +if test "x$ac_cv_header_bsd_libutil_h" = xyes +then : + printf "%s\n" "#define HAVE_BSD_LIBUTIL_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "libutil.h" "ac_cv_header_libutil_h" "$ac_includes_default" +if test "x$ac_cv_header_libutil_h" = xyes +then : + printf "%s\n" "#define HAVE_LIBUTIL_H 1" >>confdefs.h + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing fmt_scaled" >&5 +printf %s "checking for library containing fmt_scaled... " >&6; } +if test ${ac_cv_search_fmt_scaled+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char fmt_scaled (); +int +main (void) +{ +return fmt_scaled (); + ; + return 0; +} +_ACEOF +for ac_lib in '' util bsd +do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO" +then : + ac_cv_search_fmt_scaled=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext + if test ${ac_cv_search_fmt_scaled+y} +then : + break +fi +done +if test ${ac_cv_search_fmt_scaled+y} +then : + +else $as_nop + ac_cv_search_fmt_scaled=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_fmt_scaled" >&5 +printf "%s\n" "$ac_cv_search_fmt_scaled" >&6; } +ac_res=$ac_cv_search_fmt_scaled +if test "$ac_res" != no +then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing scan_scaled" >&5 +printf %s "checking for library containing scan_scaled... " >&6; } +if test ${ac_cv_search_scan_scaled+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char scan_scaled (); +int +main (void) +{ +return scan_scaled (); + ; + return 0; +} +_ACEOF +for ac_lib in '' util bsd +do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO" +then : + ac_cv_search_scan_scaled=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext + if test ${ac_cv_search_scan_scaled+y} +then : + break +fi +done +if test ${ac_cv_search_scan_scaled+y} +then : + +else $as_nop + ac_cv_search_scan_scaled=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_scan_scaled" >&5 +printf "%s\n" "$ac_cv_search_scan_scaled" >&6; } +ac_res=$ac_cv_search_scan_scaled +if test "$ac_res" != no +then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing login" >&5 +printf %s "checking for library containing login... " >&6; } +if test ${ac_cv_search_login+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char login (); +int +main (void) +{ +return login (); + ; + return 0; +} +_ACEOF +for ac_lib in '' util bsd +do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO" +then : + ac_cv_search_login=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext + if test ${ac_cv_search_login+y} +then : + break +fi +done +if test ${ac_cv_search_login+y} +then : + +else $as_nop + ac_cv_search_login=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_login" >&5 +printf "%s\n" "$ac_cv_search_login" >&6; } +ac_res=$ac_cv_search_login +if test "$ac_res" != no +then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing logout" >&5 +printf %s "checking for library containing logout... " >&6; } +if test ${ac_cv_search_logout+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char logout (); +int +main (void) +{ +return logout (); + ; + return 0; +} +_ACEOF +for ac_lib in '' util bsd +do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO" +then : + ac_cv_search_logout=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext + if test ${ac_cv_search_logout+y} +then : + break +fi +done +if test ${ac_cv_search_logout+y} +then : + +else $as_nop + ac_cv_search_logout=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_logout" >&5 +printf "%s\n" "$ac_cv_search_logout" >&6; } +ac_res=$ac_cv_search_logout +if test "$ac_res" != no +then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing logwtmp" >&5 +printf %s "checking for library containing logwtmp... " >&6; } +if test ${ac_cv_search_logwtmp+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char logwtmp (); +int +main (void) +{ +return logwtmp (); + ; + return 0; +} +_ACEOF +for ac_lib in '' util bsd +do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO" +then : + ac_cv_search_logwtmp=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext + if test ${ac_cv_search_logwtmp+y} +then : + break +fi +done +if test ${ac_cv_search_logwtmp+y} +then : + +else $as_nop + ac_cv_search_logwtmp=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_logwtmp" >&5 +printf "%s\n" "$ac_cv_search_logwtmp" >&6; } +ac_res=$ac_cv_search_logwtmp +if test "$ac_res" != no +then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing openpty" >&5 +printf %s "checking for library containing openpty... " >&6; } +if test ${ac_cv_search_openpty+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char openpty (); +int +main (void) +{ +return openpty (); + ; + return 0; +} +_ACEOF +for ac_lib in '' util bsd +do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO" +then : + ac_cv_search_openpty=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext + if test ${ac_cv_search_openpty+y} +then : + break +fi +done +if test ${ac_cv_search_openpty+y} +then : + +else $as_nop + ac_cv_search_openpty=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_openpty" >&5 +printf "%s\n" "$ac_cv_search_openpty" >&6; } +ac_res=$ac_cv_search_openpty +if test "$ac_res" != no +then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing updwtmp" >&5 +printf %s "checking for library containing updwtmp... " >&6; } +if test ${ac_cv_search_updwtmp+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char updwtmp (); +int +main (void) +{ +return updwtmp (); + ; + return 0; +} +_ACEOF +for ac_lib in '' util bsd +do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO" +then : + ac_cv_search_updwtmp=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext + if test ${ac_cv_search_updwtmp+y} +then : + break +fi +done +if test ${ac_cv_search_updwtmp+y} +then : + +else $as_nop + ac_cv_search_updwtmp=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_updwtmp" >&5 +printf "%s\n" "$ac_cv_search_updwtmp" >&6; } +ac_res=$ac_cv_search_updwtmp +if test "$ac_res" != no +then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + +ac_fn_c_check_func "$LINENO" "fmt_scaled" "ac_cv_func_fmt_scaled" +if test "x$ac_cv_func_fmt_scaled" = xyes +then : + printf "%s\n" "#define HAVE_FMT_SCALED 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "scan_scaled" "ac_cv_func_scan_scaled" +if test "x$ac_cv_func_scan_scaled" = xyes +then : + printf "%s\n" "#define HAVE_SCAN_SCALED 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "login" "ac_cv_func_login" +if test "x$ac_cv_func_login" = xyes +then : + printf "%s\n" "#define HAVE_LOGIN 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "logout" "ac_cv_func_logout" +if test "x$ac_cv_func_logout" = xyes +then : + printf "%s\n" "#define HAVE_LOGOUT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "openpty" "ac_cv_func_openpty" +if test "x$ac_cv_func_openpty" = xyes +then : + printf "%s\n" "#define HAVE_OPENPTY 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "updwtmp" "ac_cv_func_updwtmp" +if test "x$ac_cv_func_updwtmp" = xyes +then : + printf "%s\n" "#define HAVE_UPDWTMP 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "logwtmp" "ac_cv_func_logwtmp" +if test "x$ac_cv_func_logwtmp" = xyes +then : + printf "%s\n" "#define HAVE_LOGWTMP 1" >>confdefs.h + +fi + + +# On some platforms, inet_ntop and gethostbyname may be found in libresolv +# or libnsl. +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing inet_ntop" >&5 +printf %s "checking for library containing inet_ntop... " >&6; } +if test ${ac_cv_search_inet_ntop+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char inet_ntop (); +int +main (void) +{ +return inet_ntop (); + ; + return 0; +} +_ACEOF +for ac_lib in '' resolv nsl +do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO" +then : + ac_cv_search_inet_ntop=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext + if test ${ac_cv_search_inet_ntop+y} +then : + break +fi +done +if test ${ac_cv_search_inet_ntop+y} +then : + +else $as_nop + ac_cv_search_inet_ntop=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_inet_ntop" >&5 +printf "%s\n" "$ac_cv_search_inet_ntop" >&6; } +ac_res=$ac_cv_search_inet_ntop +if test "$ac_res" != no +then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing gethostbyname" >&5 +printf %s "checking for library containing gethostbyname... " >&6; } +if test ${ac_cv_search_gethostbyname+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char gethostbyname (); +int +main (void) +{ +return gethostbyname (); + ; + return 0; +} +_ACEOF +for ac_lib in '' resolv nsl +do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO" +then : + ac_cv_search_gethostbyname=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext + if test ${ac_cv_search_gethostbyname+y} +then : + break +fi +done +if test ${ac_cv_search_gethostbyname+y} +then : + +else $as_nop + ac_cv_search_gethostbyname=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_gethostbyname" >&5 +printf "%s\n" "$ac_cv_search_gethostbyname" >&6; } +ac_res=$ac_cv_search_gethostbyname +if test "$ac_res" != no +then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + + +# Some Linux distribtions ship the BSD libc hashing functions in +# separate libraries. +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing SHA256Update" >&5 +printf %s "checking for library containing SHA256Update... " >&6; } +if test ${ac_cv_search_SHA256Update+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char SHA256Update (); +int +main (void) +{ +return SHA256Update (); + ; + return 0; +} +_ACEOF +for ac_lib in '' md bsd +do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO" +then : + ac_cv_search_SHA256Update=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext + if test ${ac_cv_search_SHA256Update+y} +then : + break +fi +done +if test ${ac_cv_search_SHA256Update+y} +then : + +else $as_nop + ac_cv_search_SHA256Update=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_SHA256Update" >&5 +printf "%s\n" "$ac_cv_search_SHA256Update" >&6; } +ac_res=$ac_cv_search_SHA256Update +if test "$ac_res" != no +then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + + +# "Particular Function Checks" +# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html + + for ac_func in strftime +do : + ac_fn_c_check_func "$LINENO" "strftime" "ac_cv_func_strftime" +if test "x$ac_cv_func_strftime" = xyes +then : + printf "%s\n" "#define HAVE_STRFTIME 1" >>confdefs.h + +else $as_nop + # strftime is in -lintl on SCO UNIX. +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for strftime in -lintl" >&5 +printf %s "checking for strftime in -lintl... " >&6; } +if test ${ac_cv_lib_intl_strftime+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-lintl $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char strftime (); +int +main (void) +{ +return strftime (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_intl_strftime=yes +else $as_nop + ac_cv_lib_intl_strftime=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_intl_strftime" >&5 +printf "%s\n" "$ac_cv_lib_intl_strftime" >&6; } +if test "x$ac_cv_lib_intl_strftime" = xyes +then : + printf "%s\n" "#define HAVE_STRFTIME 1" >>confdefs.h + +LIBS="-lintl $LIBS" +fi + +fi + +done +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU libc compatible malloc" >&5 +printf %s "checking for GNU libc compatible malloc... " >&6; } +if test ${ac_cv_func_malloc_0_nonnull+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test "$cross_compiling" = yes +then : + case "$host_os" in # (( + # Guess yes on platforms where we know the result. + *-gnu* | freebsd* | netbsd* | openbsd* | bitrig* \ + | hpux* | solaris* | cygwin* | mingw* | msys* ) + ac_cv_func_malloc_0_nonnull=yes ;; + # If we don't know, assume the worst. + *) ac_cv_func_malloc_0_nonnull=no ;; + esac +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +int +main (void) +{ +void *p = malloc (0); + int result = !p; + free (p); + return result; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + ac_cv_func_malloc_0_nonnull=yes +else $as_nop + ac_cv_func_malloc_0_nonnull=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_malloc_0_nonnull" >&5 +printf "%s\n" "$ac_cv_func_malloc_0_nonnull" >&6; } +if test $ac_cv_func_malloc_0_nonnull = yes +then : + +printf "%s\n" "#define HAVE_MALLOC 1" >>confdefs.h + +else $as_nop + printf "%s\n" "#define HAVE_MALLOC 0" >>confdefs.h + + case " $LIBOBJS " in + *" malloc.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS malloc.$ac_objext" + ;; +esac + + +printf "%s\n" "#define malloc rpl_malloc" >>confdefs.h + +fi + + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU libc compatible realloc" >&5 +printf %s "checking for GNU libc compatible realloc... " >&6; } +if test ${ac_cv_func_realloc_0_nonnull+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test "$cross_compiling" = yes +then : + case "$host_os" in # (( + # Guess yes on platforms where we know the result. + *-gnu* | freebsd* | netbsd* | openbsd* | bitrig* \ + | hpux* | solaris* | cygwin* | mingw* | msys* ) + ac_cv_func_realloc_0_nonnull=yes ;; + # If we don't know, assume the worst. + *) ac_cv_func_realloc_0_nonnull=no ;; + esac +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +int +main (void) +{ +void *p = realloc (0, 0); + int result = !p; + free (p); + return result; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + ac_cv_func_realloc_0_nonnull=yes +else $as_nop + ac_cv_func_realloc_0_nonnull=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_realloc_0_nonnull" >&5 +printf "%s\n" "$ac_cv_func_realloc_0_nonnull" >&6; } +if test $ac_cv_func_realloc_0_nonnull = yes +then : + +printf "%s\n" "#define HAVE_REALLOC 1" >>confdefs.h + +else $as_nop + printf "%s\n" "#define HAVE_REALLOC 0" >>confdefs.h + + case " $LIBOBJS " in + *" realloc.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS realloc.$ac_objext" + ;; +esac + + +printf "%s\n" "#define realloc rpl_realloc" >>confdefs.h + +fi + + +# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if calloc(0, N) returns non-null" >&5 +printf %s "checking if calloc(0, N) returns non-null... " >&6; } +if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming same as malloc" >&5 +printf "%s\n" "$as_me: WARNING: cross compiling: assuming same as malloc" >&2;} + func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull" + +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main (void) +{ + void *p = calloc(0, 1); exit(p == NULL); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + func_calloc_0_nonnull=yes +else $as_nop + func_calloc_0_nonnull=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $func_calloc_0_nonnull" >&5 +printf "%s\n" "$func_calloc_0_nonnull" >&6; } + +if test "x$func_calloc_0_nonnull" = "xyes"; then + +printf "%s\n" "#define HAVE_CALLOC 1" >>confdefs.h + +else + +printf "%s\n" "#define HAVE_CALLOC 0" >>confdefs.h + + +printf "%s\n" "#define calloc rpl_calloc" >>confdefs.h + +fi + +# Check for ALTDIRFUNC glob() extension +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GLOB_ALTDIRFUNC support" >&5 +printf %s "checking for GLOB_ALTDIRFUNC support... " >&6; } + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #ifdef GLOB_ALTDIRFUNC + FOUNDIT + #endif + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "FOUNDIT" >/dev/null 2>&1 +then : + + +printf "%s\n" "#define GLOB_HAS_ALTDIRFUNC 1" >>confdefs.h + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +else $as_nop + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + + +fi +rm -rf conftest* + + +# Check for g.gl_matchc glob() extension +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for gl_matchc field in glob_t" >&5 +printf %s "checking for gl_matchc field in glob_t... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main (void) +{ + glob_t g; g.gl_matchc = 1; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + + +printf "%s\n" "#define GLOB_HAS_GL_MATCHC 1" >>confdefs.h + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +else $as_nop + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +# Check for g.gl_statv glob() extension +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for gl_statv and GLOB_KEEPSTAT extensions for glob" >&5 +printf %s "checking for gl_statv and GLOB_KEEPSTAT extensions for glob... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main (void) +{ + +#ifndef GLOB_KEEPSTAT +#error "glob does not support GLOB_KEEPSTAT extension" +#endif +glob_t g; +g.gl_statv = NULL; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + + +printf "%s\n" "#define GLOB_HAS_GL_STATV 1" >>confdefs.h + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +else $as_nop + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +ac_fn_check_decl "$LINENO" "GLOB_NOMATCH" "ac_cv_have_decl_GLOB_NOMATCH" "#include +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_GLOB_NOMATCH" = xyes +then : + ac_have_decl=1 +else $as_nop + ac_have_decl=0 +fi +printf "%s\n" "#define HAVE_DECL_GLOB_NOMATCH $ac_have_decl" >>confdefs.h + + +ac_fn_check_decl "$LINENO" "VIS_ALL" "ac_cv_have_decl_VIS_ALL" "#include +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_VIS_ALL" = xyes +then : + +else $as_nop + +printf "%s\n" "#define BROKEN_STRNVIS 1" >>confdefs.h + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether struct dirent allocates space for d_name" >&5 +printf %s "checking whether struct dirent allocates space for d_name... " >&6; } +if test "$cross_compiling" = yes +then : + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME" >&5 +printf "%s\n" "$as_me: WARNING: cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME" >&2;} + printf "%s\n" "#define BROKEN_ONE_BYTE_DIRENT_D_NAME 1" >>confdefs.h + + + +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include + +int +main (void) +{ + + struct dirent d; + exit(sizeof(d.d_name)<=sizeof(char)); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +else $as_nop + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +printf "%s\n" "#define BROKEN_ONE_BYTE_DIRENT_D_NAME 1" >>confdefs.h + + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for /proc/pid/fd directory" >&5 +printf %s "checking for /proc/pid/fd directory... " >&6; } +if test -d "/proc/$$/fd" ; then + +printf "%s\n" "#define HAVE_PROC_PID 1" >>confdefs.h + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + +# Check whether user wants to use ldns +LDNS_MSG="no" + +# Check whether --with-ldns was given. +if test ${with_ldns+y} +then : + withval=$with_ldns; + ldns="" + if test "x$withval" = "xyes" ; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}ldns-config", so it can be a program name with args. +set dummy ${ac_tool_prefix}ldns-config; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_LDNSCONFIG+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $LDNSCONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_LDNSCONFIG="$LDNSCONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_LDNSCONFIG="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +LDNSCONFIG=$ac_cv_path_LDNSCONFIG +if test -n "$LDNSCONFIG"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LDNSCONFIG" >&5 +printf "%s\n" "$LDNSCONFIG" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +fi +if test -z "$ac_cv_path_LDNSCONFIG"; then + ac_pt_LDNSCONFIG=$LDNSCONFIG + # Extract the first word of "ldns-config", so it can be a program name with args. +set dummy ldns-config; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_ac_pt_LDNSCONFIG+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $ac_pt_LDNSCONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_ac_pt_LDNSCONFIG="$ac_pt_LDNSCONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_ac_pt_LDNSCONFIG="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +ac_pt_LDNSCONFIG=$ac_cv_path_ac_pt_LDNSCONFIG +if test -n "$ac_pt_LDNSCONFIG"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_pt_LDNSCONFIG" >&5 +printf "%s\n" "$ac_pt_LDNSCONFIG" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + if test "x$ac_pt_LDNSCONFIG" = x; then + LDNSCONFIG="no" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + LDNSCONFIG=$ac_pt_LDNSCONFIG + fi +else + LDNSCONFIG="$ac_cv_path_LDNSCONFIG" +fi + + if test "x$LDNSCONFIG" = "xno"; then + LIBS="-lldns $LIBS" + ldns=yes + else + LIBS="$LIBS `$LDNSCONFIG --libs`" + CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" + ldns=yes + fi + elif test "x$withval" != "xno" ; then + CPPFLAGS="$CPPFLAGS -I${withval}/include" + LDFLAGS="$LDFLAGS -L${withval}/lib" + LIBS="-lldns $LIBS" + ldns=yes + fi + + # Verify that it works. + if test "x$ldns" = "xyes" ; then + +printf "%s\n" "#define HAVE_LDNS 1" >>confdefs.h + + LDNS_MSG="yes" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ldns support" >&5 +printf %s "checking for ldns support... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#ifdef HAVE_STDINT_H +# include +#endif +#include +int main(void) { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } + + +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +else $as_nop + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + as_fn_error $? "** Incomplete or missing ldns libraries." "$LINENO" 5 + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + fi + +fi + + +# Check whether user wants libedit support +LIBEDIT_MSG="no" + +# Check whether --with-libedit was given. +if test ${with_libedit+y} +then : + withval=$with_libedit; if test "x$withval" != "xno" ; then + if test "x$withval" = "xyes" ; then + if test "x$PKGCONFIG" != "xno"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $PKGCONFIG knows about libedit" >&5 +printf %s "checking if $PKGCONFIG knows about libedit... " >&6; } + if "$PKGCONFIG" libedit; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + use_pkgconfig_for_libedit=yes + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + fi + fi + else + CPPFLAGS="$CPPFLAGS -I${withval}/include" + if test -n "${rpath_opt}"; then + LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" + else + LDFLAGS="-L${withval}/lib ${LDFLAGS}" + fi + fi + if test "x$use_pkgconfig_for_libedit" = "xyes"; then + LIBEDIT=`$PKGCONFIG --libs libedit` + CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" + else + LIBEDIT="-ledit -lcurses" + fi + OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for el_init in -ledit" >&5 +printf %s "checking for el_init in -ledit... " >&6; } +if test ${ac_cv_lib_edit_el_init+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-ledit $OTHERLIBS + $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char el_init (); +int +main (void) +{ +return el_init (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_edit_el_init=yes +else $as_nop + ac_cv_lib_edit_el_init=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_edit_el_init" >&5 +printf "%s\n" "$ac_cv_lib_edit_el_init" >&6; } +if test "x$ac_cv_lib_edit_el_init" = xyes +then : + +printf "%s\n" "#define USE_LIBEDIT 1" >>confdefs.h + + LIBEDIT_MSG="yes" + + +else $as_nop + as_fn_error $? "libedit not found" "$LINENO" 5 +fi + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if libedit version is compatible" >&5 +printf %s "checking if libedit version is compatible... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +int +main (void) +{ + + int i = H_SETSIZE; + el_init("", NULL, NULL, NULL); + exit(0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + as_fn_error $? "libedit version is not compatible" "$LINENO" 5 + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + fi + +fi + + +AUDIT_MODULE=none + +# Check whether --with-audit was given. +if test ${with_audit+y} +then : + withval=$with_audit; + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for supported audit module" >&5 +printf %s "checking for supported audit module... " >&6; } + case "$withval" in + bsm) + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: bsm" >&5 +printf "%s\n" "bsm" >&6; } + AUDIT_MODULE=bsm + for ac_header in bsm/audit.h +do : + ac_fn_c_check_header_compile "$LINENO" "bsm/audit.h" "ac_cv_header_bsm_audit_h" " +#ifdef HAVE_TIME_H +# include +#endif + + +" +if test "x$ac_cv_header_bsm_audit_h" = xyes +then : + printf "%s\n" "#define HAVE_BSM_AUDIT_H 1" >>confdefs.h + +else $as_nop + as_fn_error $? "BSM enabled and bsm/audit.h not found" "$LINENO" 5 +fi + +done + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for getaudit in -lbsm" >&5 +printf %s "checking for getaudit in -lbsm... " >&6; } +if test ${ac_cv_lib_bsm_getaudit+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-lbsm $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char getaudit (); +int +main (void) +{ +return getaudit (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_bsm_getaudit=yes +else $as_nop + ac_cv_lib_bsm_getaudit=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_bsm_getaudit" >&5 +printf "%s\n" "$ac_cv_lib_bsm_getaudit" >&6; } +if test "x$ac_cv_lib_bsm_getaudit" = xyes +then : + printf "%s\n" "#define HAVE_LIBBSM 1" >>confdefs.h + + LIBS="-lbsm $LIBS" + +else $as_nop + as_fn_error $? "BSM enabled and required library not found" "$LINENO" 5 +fi + + + for ac_func in getaudit +do : + ac_fn_c_check_func "$LINENO" "getaudit" "ac_cv_func_getaudit" +if test "x$ac_cv_func_getaudit" = xyes +then : + printf "%s\n" "#define HAVE_GETAUDIT 1" >>confdefs.h + +else $as_nop + as_fn_error $? "BSM enabled and required function not found" "$LINENO" 5 +fi + +done + # These are optional + ac_fn_c_check_func "$LINENO" "getaudit_addr" "ac_cv_func_getaudit_addr" +if test "x$ac_cv_func_getaudit_addr" = xyes +then : + printf "%s\n" "#define HAVE_GETAUDIT_ADDR 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "aug_get_machine" "ac_cv_func_aug_get_machine" +if test "x$ac_cv_func_aug_get_machine" = xyes +then : + printf "%s\n" "#define HAVE_AUG_GET_MACHINE 1" >>confdefs.h + +fi + + +printf "%s\n" "#define USE_BSM_AUDIT 1" >>confdefs.h + + if test "$sol2ver" -ge 11; then + SSHDLIBS="$SSHDLIBS -lscf" + +printf "%s\n" "#define BROKEN_BSM_API 1" >>confdefs.h + + fi + ;; + linux) + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: linux" >&5 +printf "%s\n" "linux" >&6; } + AUDIT_MODULE=linux + ac_fn_c_check_header_compile "$LINENO" "libaudit.h" "ac_cv_header_libaudit_h" "$ac_includes_default" +if test "x$ac_cv_header_libaudit_h" = xyes +then : + printf "%s\n" "#define HAVE_LIBAUDIT_H 1" >>confdefs.h + +fi + + SSHDLIBS="$SSHDLIBS -laudit" + +printf "%s\n" "#define USE_LINUX_AUDIT 1" >>confdefs.h + + ;; + debug) + AUDIT_MODULE=debug + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: debug" >&5 +printf "%s\n" "debug" >&6; } + +printf "%s\n" "#define SSH_AUDIT_EVENTS 1" >>confdefs.h + + ;; + no) + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + ;; + *) + as_fn_error $? "Unknown audit module $withval" "$LINENO" 5 + ;; + esac + +fi + + + +# Check whether --with-pie was given. +if test ${with_pie+y} +then : + withval=$with_pie; + if test "x$withval" = "xno"; then + use_pie=no + fi + if test "x$withval" = "xyes"; then + use_pie=yes + fi + + +fi + +if test "x$use_pie" = "x"; then + use_pie=no +fi +if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then + # Turn off automatic PIE when toolchain hardening is off. + use_pie=no +fi +if test "x$use_pie" = "xauto"; then + # Automatic PIE requires gcc >= 4.x + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for gcc >= 4.x" >&5 +printf %s "checking for gcc >= 4.x... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#if !defined(__GNUC__) || __GNUC__ < 4 +#error gcc is too old +#endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + use_pie=no + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +fi +if test "x$use_pie" != "xno"; then + SAVED_CFLAGS="$CFLAGS" + SAVED_LDFLAGS="$LDFLAGS" + { + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -fPIE" >&5 +printf %s "checking if $CC supports compile flag -fPIE... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -fPIE" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-fPIE" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, fails at run time" >&5 +printf "%s\n" "no, fails at run time" >&6; } + CFLAGS="$saved_CFLAGS" +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +} + { + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -pie" >&5 +printf %s "checking if $LD supports link flag -pie... " >&6; } + saved_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS $WERROR -pie" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-pie" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + LDFLAGS="$saved_LDFLAGS" +else + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + LDFLAGS="$saved_LDFLAGS $_define_flag" + +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +/* Trivial function to help test for -fzero-call-used-regs */ +int f(int n) {return rand() % n;} +char *f2(char *s, ...) { + char ret[64]; + va_list args; + va_start(args, s); + vsnprintf(ret, sizeof(ret), s, args); + va_end(args); + return strdup(ret); +} +int i; +double d; +const char *f3(int s) { + i = (int)d; + return s ? "good" : "gooder"; +} +int main(int argc, char **argv) { + char b[256], *cp; + const char *s; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; + f(1); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, b, 0) == -1) exit(0); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); + free(cp); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + + +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + LDFLAGS="$saved_LDFLAGS $_define_flag" +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, fails at run time" >&5 +printf "%s\n" "no, fails at run time" >&6; } + LDFLAGS="$saved_LDFLAGS" +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + LDFLAGS="$saved_LDFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +} + # We use both -fPIE and -pie or neither. + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether both -fPIE and -pie are supported" >&5 +printf %s "checking whether both -fPIE and -pie are supported... " >&6; } + if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ + echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$SAVED_CFLAGS" + LDFLAGS="$SAVED_LDFLAGS" + fi +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether -fPIC is accepted" >&5 +printf %s "checking whether -fPIC is accepted... " >&6; } +SAVED_CFLAGS="$CFLAGS" +CFLAGS="$CFLAGS -fPIC" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main (void) +{ + exit(0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + PICFLAG="-fPIC"; +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + PICFLAG=""; +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +CFLAGS="$SAVED_CFLAGS" + + +ac_fn_c_check_func "$LINENO" "Blowfish_initstate" "ac_cv_func_Blowfish_initstate" +if test "x$ac_cv_func_Blowfish_initstate" = xyes +then : + printf "%s\n" "#define HAVE_BLOWFISH_INITSTATE 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "Blowfish_expandstate" "ac_cv_func_Blowfish_expandstate" +if test "x$ac_cv_func_Blowfish_expandstate" = xyes +then : + printf "%s\n" "#define HAVE_BLOWFISH_EXPANDSTATE 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "Blowfish_expand0state" "ac_cv_func_Blowfish_expand0state" +if test "x$ac_cv_func_Blowfish_expand0state" = xyes +then : + printf "%s\n" "#define HAVE_BLOWFISH_EXPAND0STATE 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "Blowfish_stream2word" "ac_cv_func_Blowfish_stream2word" +if test "x$ac_cv_func_Blowfish_stream2word" = xyes +then : + printf "%s\n" "#define HAVE_BLOWFISH_STREAM2WORD 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "SHA256Update" "ac_cv_func_SHA256Update" +if test "x$ac_cv_func_SHA256Update" = xyes +then : + printf "%s\n" "#define HAVE_SHA256UPDATE 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "SHA384Update" "ac_cv_func_SHA384Update" +if test "x$ac_cv_func_SHA384Update" = xyes +then : + printf "%s\n" "#define HAVE_SHA384UPDATE 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "SHA512Update" "ac_cv_func_SHA512Update" +if test "x$ac_cv_func_SHA512Update" = xyes +then : + printf "%s\n" "#define HAVE_SHA512UPDATE 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "asprintf" "ac_cv_func_asprintf" +if test "x$ac_cv_func_asprintf" = xyes +then : + printf "%s\n" "#define HAVE_ASPRINTF 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "b64_ntop" "ac_cv_func_b64_ntop" +if test "x$ac_cv_func_b64_ntop" = xyes +then : + printf "%s\n" "#define HAVE_B64_NTOP 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "__b64_ntop" "ac_cv_func___b64_ntop" +if test "x$ac_cv_func___b64_ntop" = xyes +then : + printf "%s\n" "#define HAVE___B64_NTOP 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "b64_pton" "ac_cv_func_b64_pton" +if test "x$ac_cv_func_b64_pton" = xyes +then : + printf "%s\n" "#define HAVE_B64_PTON 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "__b64_pton" "ac_cv_func___b64_pton" +if test "x$ac_cv_func___b64_pton" = xyes +then : + printf "%s\n" "#define HAVE___B64_PTON 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "bcopy" "ac_cv_func_bcopy" +if test "x$ac_cv_func_bcopy" = xyes +then : + printf "%s\n" "#define HAVE_BCOPY 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "bcrypt_pbkdf" "ac_cv_func_bcrypt_pbkdf" +if test "x$ac_cv_func_bcrypt_pbkdf" = xyes +then : + printf "%s\n" "#define HAVE_BCRYPT_PBKDF 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "bindresvport_sa" "ac_cv_func_bindresvport_sa" +if test "x$ac_cv_func_bindresvport_sa" = xyes +then : + printf "%s\n" "#define HAVE_BINDRESVPORT_SA 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "blf_enc" "ac_cv_func_blf_enc" +if test "x$ac_cv_func_blf_enc" = xyes +then : + printf "%s\n" "#define HAVE_BLF_ENC 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "bzero" "ac_cv_func_bzero" +if test "x$ac_cv_func_bzero" = xyes +then : + printf "%s\n" "#define HAVE_BZERO 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "cap_rights_limit" "ac_cv_func_cap_rights_limit" +if test "x$ac_cv_func_cap_rights_limit" = xyes +then : + printf "%s\n" "#define HAVE_CAP_RIGHTS_LIMIT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "clock" "ac_cv_func_clock" +if test "x$ac_cv_func_clock" = xyes +then : + printf "%s\n" "#define HAVE_CLOCK 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "closefrom" "ac_cv_func_closefrom" +if test "x$ac_cv_func_closefrom" = xyes +then : + printf "%s\n" "#define HAVE_CLOSEFROM 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "close_range" "ac_cv_func_close_range" +if test "x$ac_cv_func_close_range" = xyes +then : + printf "%s\n" "#define HAVE_CLOSE_RANGE 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "dirfd" "ac_cv_func_dirfd" +if test "x$ac_cv_func_dirfd" = xyes +then : + printf "%s\n" "#define HAVE_DIRFD 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "endgrent" "ac_cv_func_endgrent" +if test "x$ac_cv_func_endgrent" = xyes +then : + printf "%s\n" "#define HAVE_ENDGRENT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "err" "ac_cv_func_err" +if test "x$ac_cv_func_err" = xyes +then : + printf "%s\n" "#define HAVE_ERR 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "errx" "ac_cv_func_errx" +if test "x$ac_cv_func_errx" = xyes +then : + printf "%s\n" "#define HAVE_ERRX 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "explicit_bzero" "ac_cv_func_explicit_bzero" +if test "x$ac_cv_func_explicit_bzero" = xyes +then : + printf "%s\n" "#define HAVE_EXPLICIT_BZERO 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "explicit_memset" "ac_cv_func_explicit_memset" +if test "x$ac_cv_func_explicit_memset" = xyes +then : + printf "%s\n" "#define HAVE_EXPLICIT_MEMSET 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "fchmod" "ac_cv_func_fchmod" +if test "x$ac_cv_func_fchmod" = xyes +then : + printf "%s\n" "#define HAVE_FCHMOD 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "fchmodat" "ac_cv_func_fchmodat" +if test "x$ac_cv_func_fchmodat" = xyes +then : + printf "%s\n" "#define HAVE_FCHMODAT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "fchown" "ac_cv_func_fchown" +if test "x$ac_cv_func_fchown" = xyes +then : + printf "%s\n" "#define HAVE_FCHOWN 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "fchownat" "ac_cv_func_fchownat" +if test "x$ac_cv_func_fchownat" = xyes +then : + printf "%s\n" "#define HAVE_FCHOWNAT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "flock" "ac_cv_func_flock" +if test "x$ac_cv_func_flock" = xyes +then : + printf "%s\n" "#define HAVE_FLOCK 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "fnmatch" "ac_cv_func_fnmatch" +if test "x$ac_cv_func_fnmatch" = xyes +then : + printf "%s\n" "#define HAVE_FNMATCH 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "freeaddrinfo" "ac_cv_func_freeaddrinfo" +if test "x$ac_cv_func_freeaddrinfo" = xyes +then : + printf "%s\n" "#define HAVE_FREEADDRINFO 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "freezero" "ac_cv_func_freezero" +if test "x$ac_cv_func_freezero" = xyes +then : + printf "%s\n" "#define HAVE_FREEZERO 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "fstatfs" "ac_cv_func_fstatfs" +if test "x$ac_cv_func_fstatfs" = xyes +then : + printf "%s\n" "#define HAVE_FSTATFS 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "fstatvfs" "ac_cv_func_fstatvfs" +if test "x$ac_cv_func_fstatvfs" = xyes +then : + printf "%s\n" "#define HAVE_FSTATVFS 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "futimes" "ac_cv_func_futimes" +if test "x$ac_cv_func_futimes" = xyes +then : + printf "%s\n" "#define HAVE_FUTIMES 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getaddrinfo" "ac_cv_func_getaddrinfo" +if test "x$ac_cv_func_getaddrinfo" = xyes +then : + printf "%s\n" "#define HAVE_GETADDRINFO 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getcwd" "ac_cv_func_getcwd" +if test "x$ac_cv_func_getcwd" = xyes +then : + printf "%s\n" "#define HAVE_GETCWD 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getentropy" "ac_cv_func_getentropy" +if test "x$ac_cv_func_getentropy" = xyes +then : + printf "%s\n" "#define HAVE_GETENTROPY 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getgrouplist" "ac_cv_func_getgrouplist" +if test "x$ac_cv_func_getgrouplist" = xyes +then : + printf "%s\n" "#define HAVE_GETGROUPLIST 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getline" "ac_cv_func_getline" +if test "x$ac_cv_func_getline" = xyes +then : + printf "%s\n" "#define HAVE_GETLINE 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getnameinfo" "ac_cv_func_getnameinfo" +if test "x$ac_cv_func_getnameinfo" = xyes +then : + printf "%s\n" "#define HAVE_GETNAMEINFO 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getopt" "ac_cv_func_getopt" +if test "x$ac_cv_func_getopt" = xyes +then : + printf "%s\n" "#define HAVE_GETOPT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getpagesize" "ac_cv_func_getpagesize" +if test "x$ac_cv_func_getpagesize" = xyes +then : + printf "%s\n" "#define HAVE_GETPAGESIZE 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getpeereid" "ac_cv_func_getpeereid" +if test "x$ac_cv_func_getpeereid" = xyes +then : + printf "%s\n" "#define HAVE_GETPEEREID 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getpeerucred" "ac_cv_func_getpeerucred" +if test "x$ac_cv_func_getpeerucred" = xyes +then : + printf "%s\n" "#define HAVE_GETPEERUCRED 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getpgid" "ac_cv_func_getpgid" +if test "x$ac_cv_func_getpgid" = xyes +then : + printf "%s\n" "#define HAVE_GETPGID 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "_getpty" "ac_cv_func__getpty" +if test "x$ac_cv_func__getpty" = xyes +then : + printf "%s\n" "#define HAVE__GETPTY 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getrlimit" "ac_cv_func_getrlimit" +if test "x$ac_cv_func_getrlimit" = xyes +then : + printf "%s\n" "#define HAVE_GETRLIMIT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getrandom" "ac_cv_func_getrandom" +if test "x$ac_cv_func_getrandom" = xyes +then : + printf "%s\n" "#define HAVE_GETRANDOM 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getsid" "ac_cv_func_getsid" +if test "x$ac_cv_func_getsid" = xyes +then : + printf "%s\n" "#define HAVE_GETSID 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getttyent" "ac_cv_func_getttyent" +if test "x$ac_cv_func_getttyent" = xyes +then : + printf "%s\n" "#define HAVE_GETTTYENT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "glob" "ac_cv_func_glob" +if test "x$ac_cv_func_glob" = xyes +then : + printf "%s\n" "#define HAVE_GLOB 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "group_from_gid" "ac_cv_func_group_from_gid" +if test "x$ac_cv_func_group_from_gid" = xyes +then : + printf "%s\n" "#define HAVE_GROUP_FROM_GID 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "inet_aton" "ac_cv_func_inet_aton" +if test "x$ac_cv_func_inet_aton" = xyes +then : + printf "%s\n" "#define HAVE_INET_ATON 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "inet_ntoa" "ac_cv_func_inet_ntoa" +if test "x$ac_cv_func_inet_ntoa" = xyes +then : + printf "%s\n" "#define HAVE_INET_NTOA 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "inet_ntop" "ac_cv_func_inet_ntop" +if test "x$ac_cv_func_inet_ntop" = xyes +then : + printf "%s\n" "#define HAVE_INET_NTOP 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "innetgr" "ac_cv_func_innetgr" +if test "x$ac_cv_func_innetgr" = xyes +then : + printf "%s\n" "#define HAVE_INNETGR 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "killpg" "ac_cv_func_killpg" +if test "x$ac_cv_func_killpg" = xyes +then : + printf "%s\n" "#define HAVE_KILLPG 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "llabs" "ac_cv_func_llabs" +if test "x$ac_cv_func_llabs" = xyes +then : + printf "%s\n" "#define HAVE_LLABS 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "localtime_r" "ac_cv_func_localtime_r" +if test "x$ac_cv_func_localtime_r" = xyes +then : + printf "%s\n" "#define HAVE_LOCALTIME_R 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "login_getcapbool" "ac_cv_func_login_getcapbool" +if test "x$ac_cv_func_login_getcapbool" = xyes +then : + printf "%s\n" "#define HAVE_LOGIN_GETCAPBOOL 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "login_getpwclass" "ac_cv_func_login_getpwclass" +if test "x$ac_cv_func_login_getpwclass" = xyes +then : + printf "%s\n" "#define HAVE_LOGIN_GETPWCLASS 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "memmem" "ac_cv_func_memmem" +if test "x$ac_cv_func_memmem" = xyes +then : + printf "%s\n" "#define HAVE_MEMMEM 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "memmove" "ac_cv_func_memmove" +if test "x$ac_cv_func_memmove" = xyes +then : + printf "%s\n" "#define HAVE_MEMMOVE 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "memset_s" "ac_cv_func_memset_s" +if test "x$ac_cv_func_memset_s" = xyes +then : + printf "%s\n" "#define HAVE_MEMSET_S 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "mkdtemp" "ac_cv_func_mkdtemp" +if test "x$ac_cv_func_mkdtemp" = xyes +then : + printf "%s\n" "#define HAVE_MKDTEMP 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "ngetaddrinfo" "ac_cv_func_ngetaddrinfo" +if test "x$ac_cv_func_ngetaddrinfo" = xyes +then : + printf "%s\n" "#define HAVE_NGETADDRINFO 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "nsleep" "ac_cv_func_nsleep" +if test "x$ac_cv_func_nsleep" = xyes +then : + printf "%s\n" "#define HAVE_NSLEEP 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "ogetaddrinfo" "ac_cv_func_ogetaddrinfo" +if test "x$ac_cv_func_ogetaddrinfo" = xyes +then : + printf "%s\n" "#define HAVE_OGETADDRINFO 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "openlog_r" "ac_cv_func_openlog_r" +if test "x$ac_cv_func_openlog_r" = xyes +then : + printf "%s\n" "#define HAVE_OPENLOG_R 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "pledge" "ac_cv_func_pledge" +if test "x$ac_cv_func_pledge" = xyes +then : + printf "%s\n" "#define HAVE_PLEDGE 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "poll" "ac_cv_func_poll" +if test "x$ac_cv_func_poll" = xyes +then : + printf "%s\n" "#define HAVE_POLL 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "ppoll" "ac_cv_func_ppoll" +if test "x$ac_cv_func_ppoll" = xyes +then : + printf "%s\n" "#define HAVE_PPOLL 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "prctl" "ac_cv_func_prctl" +if test "x$ac_cv_func_prctl" = xyes +then : + printf "%s\n" "#define HAVE_PRCTL 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "procctl" "ac_cv_func_procctl" +if test "x$ac_cv_func_procctl" = xyes +then : + printf "%s\n" "#define HAVE_PROCCTL 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "pselect" "ac_cv_func_pselect" +if test "x$ac_cv_func_pselect" = xyes +then : + printf "%s\n" "#define HAVE_PSELECT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "pstat" "ac_cv_func_pstat" +if test "x$ac_cv_func_pstat" = xyes +then : + printf "%s\n" "#define HAVE_PSTAT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "raise" "ac_cv_func_raise" +if test "x$ac_cv_func_raise" = xyes +then : + printf "%s\n" "#define HAVE_RAISE 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "readpassphrase" "ac_cv_func_readpassphrase" +if test "x$ac_cv_func_readpassphrase" = xyes +then : + printf "%s\n" "#define HAVE_READPASSPHRASE 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "reallocarray" "ac_cv_func_reallocarray" +if test "x$ac_cv_func_reallocarray" = xyes +then : + printf "%s\n" "#define HAVE_REALLOCARRAY 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "realpath" "ac_cv_func_realpath" +if test "x$ac_cv_func_realpath" = xyes +then : + printf "%s\n" "#define HAVE_REALPATH 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "recvmsg" "ac_cv_func_recvmsg" +if test "x$ac_cv_func_recvmsg" = xyes +then : + printf "%s\n" "#define HAVE_RECVMSG 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "recallocarray" "ac_cv_func_recallocarray" +if test "x$ac_cv_func_recallocarray" = xyes +then : + printf "%s\n" "#define HAVE_RECALLOCARRAY 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "rresvport_af" "ac_cv_func_rresvport_af" +if test "x$ac_cv_func_rresvport_af" = xyes +then : + printf "%s\n" "#define HAVE_RRESVPORT_AF 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "sendmsg" "ac_cv_func_sendmsg" +if test "x$ac_cv_func_sendmsg" = xyes +then : + printf "%s\n" "#define HAVE_SENDMSG 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "setdtablesize" "ac_cv_func_setdtablesize" +if test "x$ac_cv_func_setdtablesize" = xyes +then : + printf "%s\n" "#define HAVE_SETDTABLESIZE 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "setegid" "ac_cv_func_setegid" +if test "x$ac_cv_func_setegid" = xyes +then : + printf "%s\n" "#define HAVE_SETEGID 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "setenv" "ac_cv_func_setenv" +if test "x$ac_cv_func_setenv" = xyes +then : + printf "%s\n" "#define HAVE_SETENV 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "seteuid" "ac_cv_func_seteuid" +if test "x$ac_cv_func_seteuid" = xyes +then : + printf "%s\n" "#define HAVE_SETEUID 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "setgroupent" "ac_cv_func_setgroupent" +if test "x$ac_cv_func_setgroupent" = xyes +then : + printf "%s\n" "#define HAVE_SETGROUPENT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "setgroups" "ac_cv_func_setgroups" +if test "x$ac_cv_func_setgroups" = xyes +then : + printf "%s\n" "#define HAVE_SETGROUPS 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "setlinebuf" "ac_cv_func_setlinebuf" +if test "x$ac_cv_func_setlinebuf" = xyes +then : + printf "%s\n" "#define HAVE_SETLINEBUF 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "setlogin" "ac_cv_func_setlogin" +if test "x$ac_cv_func_setlogin" = xyes +then : + printf "%s\n" "#define HAVE_SETLOGIN 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "setpassent" "ac_cv_func_setpassent" +if test "x$ac_cv_func_setpassent" = xyes +then : + printf "%s\n" "#define HAVE_SETPASSENT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "setpcred" "ac_cv_func_setpcred" +if test "x$ac_cv_func_setpcred" = xyes +then : + printf "%s\n" "#define HAVE_SETPCRED 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "setproctitle" "ac_cv_func_setproctitle" +if test "x$ac_cv_func_setproctitle" = xyes +then : + printf "%s\n" "#define HAVE_SETPROCTITLE 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "setregid" "ac_cv_func_setregid" +if test "x$ac_cv_func_setregid" = xyes +then : + printf "%s\n" "#define HAVE_SETREGID 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "setreuid" "ac_cv_func_setreuid" +if test "x$ac_cv_func_setreuid" = xyes +then : + printf "%s\n" "#define HAVE_SETREUID 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "setrlimit" "ac_cv_func_setrlimit" +if test "x$ac_cv_func_setrlimit" = xyes +then : + printf "%s\n" "#define HAVE_SETRLIMIT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "setsid" "ac_cv_func_setsid" +if test "x$ac_cv_func_setsid" = xyes +then : + printf "%s\n" "#define HAVE_SETSID 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "setvbuf" "ac_cv_func_setvbuf" +if test "x$ac_cv_func_setvbuf" = xyes +then : + printf "%s\n" "#define HAVE_SETVBUF 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "sigaction" "ac_cv_func_sigaction" +if test "x$ac_cv_func_sigaction" = xyes +then : + printf "%s\n" "#define HAVE_SIGACTION 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "sigvec" "ac_cv_func_sigvec" +if test "x$ac_cv_func_sigvec" = xyes +then : + printf "%s\n" "#define HAVE_SIGVEC 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "snprintf" "ac_cv_func_snprintf" +if test "x$ac_cv_func_snprintf" = xyes +then : + printf "%s\n" "#define HAVE_SNPRINTF 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "socketpair" "ac_cv_func_socketpair" +if test "x$ac_cv_func_socketpair" = xyes +then : + printf "%s\n" "#define HAVE_SOCKETPAIR 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "statfs" "ac_cv_func_statfs" +if test "x$ac_cv_func_statfs" = xyes +then : + printf "%s\n" "#define HAVE_STATFS 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "statvfs" "ac_cv_func_statvfs" +if test "x$ac_cv_func_statvfs" = xyes +then : + printf "%s\n" "#define HAVE_STATVFS 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "strcasestr" "ac_cv_func_strcasestr" +if test "x$ac_cv_func_strcasestr" = xyes +then : + printf "%s\n" "#define HAVE_STRCASESTR 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "strdup" "ac_cv_func_strdup" +if test "x$ac_cv_func_strdup" = xyes +then : + printf "%s\n" "#define HAVE_STRDUP 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "strerror" "ac_cv_func_strerror" +if test "x$ac_cv_func_strerror" = xyes +then : + printf "%s\n" "#define HAVE_STRERROR 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "strlcat" "ac_cv_func_strlcat" +if test "x$ac_cv_func_strlcat" = xyes +then : + printf "%s\n" "#define HAVE_STRLCAT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "strlcpy" "ac_cv_func_strlcpy" +if test "x$ac_cv_func_strlcpy" = xyes +then : + printf "%s\n" "#define HAVE_STRLCPY 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "strmode" "ac_cv_func_strmode" +if test "x$ac_cv_func_strmode" = xyes +then : + printf "%s\n" "#define HAVE_STRMODE 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "strndup" "ac_cv_func_strndup" +if test "x$ac_cv_func_strndup" = xyes +then : + printf "%s\n" "#define HAVE_STRNDUP 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "strnlen" "ac_cv_func_strnlen" +if test "x$ac_cv_func_strnlen" = xyes +then : + printf "%s\n" "#define HAVE_STRNLEN 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "strnvis" "ac_cv_func_strnvis" +if test "x$ac_cv_func_strnvis" = xyes +then : + printf "%s\n" "#define HAVE_STRNVIS 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "strptime" "ac_cv_func_strptime" +if test "x$ac_cv_func_strptime" = xyes +then : + printf "%s\n" "#define HAVE_STRPTIME 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "strsignal" "ac_cv_func_strsignal" +if test "x$ac_cv_func_strsignal" = xyes +then : + printf "%s\n" "#define HAVE_STRSIGNAL 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "strtonum" "ac_cv_func_strtonum" +if test "x$ac_cv_func_strtonum" = xyes +then : + printf "%s\n" "#define HAVE_STRTONUM 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "strtoll" "ac_cv_func_strtoll" +if test "x$ac_cv_func_strtoll" = xyes +then : + printf "%s\n" "#define HAVE_STRTOLL 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "strtoul" "ac_cv_func_strtoul" +if test "x$ac_cv_func_strtoul" = xyes +then : + printf "%s\n" "#define HAVE_STRTOUL 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "strtoull" "ac_cv_func_strtoull" +if test "x$ac_cv_func_strtoull" = xyes +then : + printf "%s\n" "#define HAVE_STRTOULL 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "swap32" "ac_cv_func_swap32" +if test "x$ac_cv_func_swap32" = xyes +then : + printf "%s\n" "#define HAVE_SWAP32 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "sysconf" "ac_cv_func_sysconf" +if test "x$ac_cv_func_sysconf" = xyes +then : + printf "%s\n" "#define HAVE_SYSCONF 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "tcgetpgrp" "ac_cv_func_tcgetpgrp" +if test "x$ac_cv_func_tcgetpgrp" = xyes +then : + printf "%s\n" "#define HAVE_TCGETPGRP 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "timegm" "ac_cv_func_timegm" +if test "x$ac_cv_func_timegm" = xyes +then : + printf "%s\n" "#define HAVE_TIMEGM 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "timingsafe_bcmp" "ac_cv_func_timingsafe_bcmp" +if test "x$ac_cv_func_timingsafe_bcmp" = xyes +then : + printf "%s\n" "#define HAVE_TIMINGSAFE_BCMP 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "truncate" "ac_cv_func_truncate" +if test "x$ac_cv_func_truncate" = xyes +then : + printf "%s\n" "#define HAVE_TRUNCATE 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "unsetenv" "ac_cv_func_unsetenv" +if test "x$ac_cv_func_unsetenv" = xyes +then : + printf "%s\n" "#define HAVE_UNSETENV 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "updwtmpx" "ac_cv_func_updwtmpx" +if test "x$ac_cv_func_updwtmpx" = xyes +then : + printf "%s\n" "#define HAVE_UPDWTMPX 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "utimensat" "ac_cv_func_utimensat" +if test "x$ac_cv_func_utimensat" = xyes +then : + printf "%s\n" "#define HAVE_UTIMENSAT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "user_from_uid" "ac_cv_func_user_from_uid" +if test "x$ac_cv_func_user_from_uid" = xyes +then : + printf "%s\n" "#define HAVE_USER_FROM_UID 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "usleep" "ac_cv_func_usleep" +if test "x$ac_cv_func_usleep" = xyes +then : + printf "%s\n" "#define HAVE_USLEEP 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "vasprintf" "ac_cv_func_vasprintf" +if test "x$ac_cv_func_vasprintf" = xyes +then : + printf "%s\n" "#define HAVE_VASPRINTF 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "vsnprintf" "ac_cv_func_vsnprintf" +if test "x$ac_cv_func_vsnprintf" = xyes +then : + printf "%s\n" "#define HAVE_VSNPRINTF 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "waitpid" "ac_cv_func_waitpid" +if test "x$ac_cv_func_waitpid" = xyes +then : + printf "%s\n" "#define HAVE_WAITPID 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "warn" "ac_cv_func_warn" +if test "x$ac_cv_func_warn" = xyes +then : + printf "%s\n" "#define HAVE_WARN 1" >>confdefs.h + +fi + + +ac_fn_check_decl "$LINENO" "bzero" "ac_cv_have_decl_bzero" "$ac_includes_default" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_bzero" = xyes +then : + ac_have_decl=1 +else $as_nop + ac_have_decl=0 +fi +printf "%s\n" "#define HAVE_DECL_BZERO $ac_have_decl" >>confdefs.h +ac_fn_check_decl "$LINENO" "memmem" "ac_cv_have_decl_memmem" "$ac_includes_default" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_memmem" = xyes +then : + ac_have_decl=1 +else $as_nop + ac_have_decl=0 +fi +printf "%s\n" "#define HAVE_DECL_MEMMEM $ac_have_decl" >>confdefs.h + + +ac_fn_c_check_func "$LINENO" "mblen" "ac_cv_func_mblen" +if test "x$ac_cv_func_mblen" = xyes +then : + printf "%s\n" "#define HAVE_MBLEN 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "mbtowc" "ac_cv_func_mbtowc" +if test "x$ac_cv_func_mbtowc" = xyes +then : + printf "%s\n" "#define HAVE_MBTOWC 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "nl_langinfo" "ac_cv_func_nl_langinfo" +if test "x$ac_cv_func_nl_langinfo" = xyes +then : + printf "%s\n" "#define HAVE_NL_LANGINFO 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "wcwidth" "ac_cv_func_wcwidth" +if test "x$ac_cv_func_wcwidth" = xyes +then : + printf "%s\n" "#define HAVE_WCWIDTH 1" >>confdefs.h + +fi + + +TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for utf8 locale support" >&5 +printf %s "checking for utf8 locale support... " >&6; } +if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5 +printf "%s\n" "$as_me: WARNING: cross compiling: assuming yes" >&2;} + +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +int +main (void) +{ + + char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); + if (loc != NULL) + exit(0); + exit(1); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + TEST_SSH_UTF8=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main (void) +{ + return (isblank('a')); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + +printf "%s\n" "#define HAVE_ISBLANK 1" >>confdefs.h + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + +disable_pkcs11= +# Check whether --enable-pkcs11 was given. +if test ${enable_pkcs11+y} +then : + enableval=$enable_pkcs11; + if test "x$enableval" = "xno" ; then + disable_pkcs11=1 + fi + + +fi + + +disable_sk= +# Check whether --enable-security-key was given. +if test ${enable_security_key+y} +then : + enableval=$enable_security_key; + if test "x$enableval" = "xno" ; then + disable_sk=1 + fi + + +fi + +enable_sk_internal= + +# Check whether --with-security-key-builtin was given. +if test ${with_security_key_builtin+y} +then : + withval=$with_security_key_builtin; enable_sk_internal=$withval + +fi + + +enable_dsa= +# Check whether --enable-dsa-keys was given. +if test ${enable_dsa_keys+y} +then : + enableval=$enable_dsa_keys; + if test "x$enableval" != "xno" ; then + enable_dsa=1 + fi + + +fi + + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing dlopen" >&5 +printf %s "checking for library containing dlopen... " >&6; } +if test ${ac_cv_search_dlopen+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char dlopen (); +int +main (void) +{ +return dlopen (); + ; + return 0; +} +_ACEOF +for ac_lib in '' dl +do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO" +then : + ac_cv_search_dlopen=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext + if test ${ac_cv_search_dlopen+y} +then : + break +fi +done +if test ${ac_cv_search_dlopen+y} +then : + +else $as_nop + ac_cv_search_dlopen=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dlopen" >&5 +printf "%s\n" "$ac_cv_search_dlopen" >&6; } +ac_res=$ac_cv_search_dlopen +if test "$ac_res" != no +then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + +ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen" +if test "x$ac_cv_func_dlopen" = xyes +then : + printf "%s\n" "#define HAVE_DLOPEN 1" >>confdefs.h + +fi + +ac_fn_check_decl "$LINENO" "RTLD_NOW" "ac_cv_have_decl_RTLD_NOW" "#include +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_RTLD_NOW" = xyes +then : + +fi + +# IRIX has a const char return value for gai_strerror() + + for ac_func in gai_strerror +do : + ac_fn_c_check_func "$LINENO" "gai_strerror" "ac_cv_func_gai_strerror" +if test "x$ac_cv_func_gai_strerror" = xyes +then : + printf "%s\n" "#define HAVE_GAI_STRERROR 1" >>confdefs.h + + printf "%s\n" "#define HAVE_GAI_STRERROR 1" >>confdefs.h + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include + +const char *gai_strerror(int); + +int +main (void) +{ + + char *str; + str = gai_strerror(0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + + +printf "%s\n" "#define HAVE_CONST_GAI_STRERROR_PROTO 1" >>confdefs.h + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +done + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing nanosleep" >&5 +printf %s "checking for library containing nanosleep... " >&6; } +if test ${ac_cv_search_nanosleep+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char nanosleep (); +int +main (void) +{ +return nanosleep (); + ; + return 0; +} +_ACEOF +for ac_lib in '' rt posix4 +do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO" +then : + ac_cv_search_nanosleep=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext + if test ${ac_cv_search_nanosleep+y} +then : + break +fi +done +if test ${ac_cv_search_nanosleep+y} +then : + +else $as_nop + ac_cv_search_nanosleep=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_nanosleep" >&5 +printf "%s\n" "$ac_cv_search_nanosleep" >&6; } +ac_res=$ac_cv_search_nanosleep +if test "$ac_res" != no +then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +printf "%s\n" "#define HAVE_NANOSLEEP 1" >>confdefs.h + +fi + + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing clock_gettime" >&5 +printf %s "checking for library containing clock_gettime... " >&6; } +if test ${ac_cv_search_clock_gettime+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char clock_gettime (); +int +main (void) +{ +return clock_gettime (); + ; + return 0; +} +_ACEOF +for ac_lib in '' rt +do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO" +then : + ac_cv_search_clock_gettime=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext + if test ${ac_cv_search_clock_gettime+y} +then : + break +fi +done +if test ${ac_cv_search_clock_gettime+y} +then : + +else $as_nop + ac_cv_search_clock_gettime=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_clock_gettime" >&5 +printf "%s\n" "$ac_cv_search_clock_gettime" >&6; } +ac_res=$ac_cv_search_clock_gettime +if test "$ac_res" != no +then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +printf "%s\n" "#define HAVE_CLOCK_GETTIME 1" >>confdefs.h + +fi + + +ac_fn_check_decl "$LINENO" "localtime_r" "ac_cv_have_decl_localtime_r" " #include + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_localtime_r" = xyes +then : + +else $as_nop + saved_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS -D_REENTRANT" + unset ac_cv_have_decl_localtime_r + ac_fn_check_decl "$LINENO" "localtime_r" "ac_cv_have_decl_localtime_r" " #include + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_localtime_r" = xyes +then : + +else $as_nop + CPPFLAGS="$saved_CPPFLAGS" +fi + +fi + +ac_fn_check_decl "$LINENO" "strsep" "ac_cv_have_decl_strsep" " +#ifdef HAVE_STRING_H +# include +#endif + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_strsep" = xyes +then : + ac_fn_c_check_func "$LINENO" "strsep" "ac_cv_func_strsep" +if test "x$ac_cv_func_strsep" = xyes +then : + printf "%s\n" "#define HAVE_STRSEP 1" >>confdefs.h + +fi + +fi + +ac_fn_check_decl "$LINENO" "tcsendbreak" "ac_cv_have_decl_tcsendbreak" "#include + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_tcsendbreak" = xyes +then : + printf "%s\n" "#define HAVE_TCSENDBREAK 1" >>confdefs.h + +else $as_nop + ac_fn_c_check_func "$LINENO" "tcsendbreak" "ac_cv_func_tcsendbreak" +if test "x$ac_cv_func_tcsendbreak" = xyes +then : + printf "%s\n" "#define HAVE_TCSENDBREAK 1" >>confdefs.h + +fi + +fi + +ac_fn_check_decl "$LINENO" "h_errno" "ac_cv_have_decl_h_errno" "#include +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_h_errno" = xyes +then : + ac_have_decl=1 +else $as_nop + ac_have_decl=0 +fi +printf "%s\n" "#define HAVE_DECL_H_ERRNO $ac_have_decl" >>confdefs.h + + +ac_fn_check_decl "$LINENO" "SHUT_RD" "ac_cv_have_decl_SHUT_RD" " +#include +#include +#include + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_SHUT_RD" = xyes +then : + ac_have_decl=1 +else $as_nop + ac_have_decl=0 +fi +printf "%s\n" "#define HAVE_DECL_SHUT_RD $ac_have_decl" >>confdefs.h +ac_fn_check_decl "$LINENO" "getpeereid" "ac_cv_have_decl_getpeereid" " +#include +#include +#include + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_getpeereid" = xyes +then : + ac_have_decl=1 +else $as_nop + ac_have_decl=0 +fi +printf "%s\n" "#define HAVE_DECL_GETPEEREID $ac_have_decl" >>confdefs.h + + +ac_fn_check_decl "$LINENO" "O_NONBLOCK" "ac_cv_have_decl_O_NONBLOCK" " +#include +#ifdef HAVE_SYS_STAT_H +# include +#endif +#ifdef HAVE_FCNTL_H +# include +#endif + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_O_NONBLOCK" = xyes +then : + ac_have_decl=1 +else $as_nop + ac_have_decl=0 +fi +printf "%s\n" "#define HAVE_DECL_O_NONBLOCK $ac_have_decl" >>confdefs.h + + +ac_fn_check_decl "$LINENO" "ftruncate" "ac_cv_have_decl_ftruncate" " +#include +#include + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_ftruncate" = xyes +then : + ac_have_decl=1 +else $as_nop + ac_have_decl=0 +fi +printf "%s\n" "#define HAVE_DECL_FTRUNCATE $ac_have_decl" >>confdefs.h +ac_fn_check_decl "$LINENO" "getentropy" "ac_cv_have_decl_getentropy" " +#include +#include + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_getentropy" = xyes +then : + ac_have_decl=1 +else $as_nop + ac_have_decl=0 +fi +printf "%s\n" "#define HAVE_DECL_GETENTROPY $ac_have_decl" >>confdefs.h + + +ac_fn_check_decl "$LINENO" "readv" "ac_cv_have_decl_readv" " +#include +#include +#include + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_readv" = xyes +then : + ac_have_decl=1 +else $as_nop + ac_have_decl=0 +fi +printf "%s\n" "#define HAVE_DECL_READV $ac_have_decl" >>confdefs.h +ac_fn_check_decl "$LINENO" "writev" "ac_cv_have_decl_writev" " +#include +#include +#include + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_writev" = xyes +then : + ac_have_decl=1 +else $as_nop + ac_have_decl=0 +fi +printf "%s\n" "#define HAVE_DECL_WRITEV $ac_have_decl" >>confdefs.h + + +ac_fn_check_decl "$LINENO" "MAXSYMLINKS" "ac_cv_have_decl_MAXSYMLINKS" " +#include + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_MAXSYMLINKS" = xyes +then : + ac_have_decl=1 +else $as_nop + ac_have_decl=0 +fi +printf "%s\n" "#define HAVE_DECL_MAXSYMLINKS $ac_have_decl" >>confdefs.h + + +ac_fn_check_decl "$LINENO" "offsetof" "ac_cv_have_decl_offsetof" " +#include + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_offsetof" = xyes +then : + ac_have_decl=1 +else $as_nop + ac_have_decl=0 +fi +printf "%s\n" "#define HAVE_DECL_OFFSETOF $ac_have_decl" >>confdefs.h + + +# extra bits for select(2) +ac_fn_check_decl "$LINENO" "howmany" "ac_cv_have_decl_howmany" " +#include +#include +#ifdef HAVE_SYS_SYSMACROS_H +#include +#endif +#ifdef HAVE_SYS_SELECT_H +#include +#endif +#ifdef HAVE_SYS_TIME_H +#include +#endif +#ifdef HAVE_UNISTD_H +#include +#endif + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_howmany" = xyes +then : + ac_have_decl=1 +else $as_nop + ac_have_decl=0 +fi +printf "%s\n" "#define HAVE_DECL_HOWMANY $ac_have_decl" >>confdefs.h +ac_fn_check_decl "$LINENO" "NFDBITS" "ac_cv_have_decl_NFDBITS" " +#include +#include +#ifdef HAVE_SYS_SYSMACROS_H +#include +#endif +#ifdef HAVE_SYS_SELECT_H +#include +#endif +#ifdef HAVE_SYS_TIME_H +#include +#endif +#ifdef HAVE_UNISTD_H +#include +#endif + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_NFDBITS" = xyes +then : + ac_have_decl=1 +else $as_nop + ac_have_decl=0 +fi +printf "%s\n" "#define HAVE_DECL_NFDBITS $ac_have_decl" >>confdefs.h + +ac_fn_c_check_type "$LINENO" "fd_mask" "ac_cv_type_fd_mask" " +#include +#include +#ifdef HAVE_SYS_SELECT_H +#include +#endif +#ifdef HAVE_SYS_TIME_H +#include +#endif +#ifdef HAVE_UNISTD_H +#include +#endif + +" +if test "x$ac_cv_type_fd_mask" = xyes +then : + +printf "%s\n" "#define HAVE_FD_MASK 1" >>confdefs.h + + +fi + + + + for ac_func in setresuid +do : + ac_fn_c_check_func "$LINENO" "setresuid" "ac_cv_func_setresuid" +if test "x$ac_cv_func_setresuid" = xyes +then : + printf "%s\n" "#define HAVE_SETRESUID 1" >>confdefs.h + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if setresuid seems to work" >&5 +printf %s "checking if setresuid seems to work... " >&6; } + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking setresuid" >&5 +printf "%s\n" "$as_me: WARNING: cross compiling: not checking setresuid" >&2;} + +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include + +int +main (void) +{ + + errno=0; + setresuid(0,0,0); + if (errno==ENOSYS) + exit(1); + else + exit(0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +else $as_nop + +printf "%s\n" "#define BROKEN_SETRESUID 1" >>confdefs.h + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: not implemented" >&5 +printf "%s\n" "not implemented" >&6; } +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi + +done + + + for ac_func in setresgid +do : + ac_fn_c_check_func "$LINENO" "setresgid" "ac_cv_func_setresgid" +if test "x$ac_cv_func_setresgid" = xyes +then : + printf "%s\n" "#define HAVE_SETRESGID 1" >>confdefs.h + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if setresgid seems to work" >&5 +printf %s "checking if setresgid seems to work... " >&6; } + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking setresuid" >&5 +printf "%s\n" "$as_me: WARNING: cross compiling: not checking setresuid" >&2;} + +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include + +int +main (void) +{ + + errno=0; + setresgid(0,0,0); + if (errno==ENOSYS) + exit(1); + else + exit(0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +else $as_nop + +printf "%s\n" "#define BROKEN_SETRESGID 1" >>confdefs.h + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: not implemented" >&5 +printf "%s\n" "not implemented" >&6; } +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi + +done + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for working fflush(NULL)" >&5 +printf %s "checking for working fflush(NULL)... " >&6; } +if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming working" >&5 +printf "%s\n" "$as_me: WARNING: cross compiling: assuming working" >&2;} + +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +int +main (void) +{ +fflush(NULL); exit(0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +printf "%s\n" "#define FFLUSH_NULL_BUG 1" >>confdefs.h + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +ac_fn_c_check_func "$LINENO" "gettimeofday" "ac_cv_func_gettimeofday" +if test "x$ac_cv_func_gettimeofday" = xyes +then : + printf "%s\n" "#define HAVE_GETTIMEOFDAY 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "time" "ac_cv_func_time" +if test "x$ac_cv_func_time" = xyes +then : + printf "%s\n" "#define HAVE_TIME 1" >>confdefs.h + +fi + +ac_fn_c_check_func "$LINENO" "endutent" "ac_cv_func_endutent" +if test "x$ac_cv_func_endutent" = xyes +then : + printf "%s\n" "#define HAVE_ENDUTENT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getutent" "ac_cv_func_getutent" +if test "x$ac_cv_func_getutent" = xyes +then : + printf "%s\n" "#define HAVE_GETUTENT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getutid" "ac_cv_func_getutid" +if test "x$ac_cv_func_getutid" = xyes +then : + printf "%s\n" "#define HAVE_GETUTID 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getutline" "ac_cv_func_getutline" +if test "x$ac_cv_func_getutline" = xyes +then : + printf "%s\n" "#define HAVE_GETUTLINE 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "pututline" "ac_cv_func_pututline" +if test "x$ac_cv_func_pututline" = xyes +then : + printf "%s\n" "#define HAVE_PUTUTLINE 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "setutent" "ac_cv_func_setutent" +if test "x$ac_cv_func_setutent" = xyes +then : + printf "%s\n" "#define HAVE_SETUTENT 1" >>confdefs.h + +fi + +ac_fn_c_check_func "$LINENO" "utmpname" "ac_cv_func_utmpname" +if test "x$ac_cv_func_utmpname" = xyes +then : + printf "%s\n" "#define HAVE_UTMPNAME 1" >>confdefs.h + +fi + +ac_fn_c_check_func "$LINENO" "endutxent" "ac_cv_func_endutxent" +if test "x$ac_cv_func_endutxent" = xyes +then : + printf "%s\n" "#define HAVE_ENDUTXENT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getutxent" "ac_cv_func_getutxent" +if test "x$ac_cv_func_getutxent" = xyes +then : + printf "%s\n" "#define HAVE_GETUTXENT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getutxid" "ac_cv_func_getutxid" +if test "x$ac_cv_func_getutxid" = xyes +then : + printf "%s\n" "#define HAVE_GETUTXID 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getutxline" "ac_cv_func_getutxline" +if test "x$ac_cv_func_getutxline" = xyes +then : + printf "%s\n" "#define HAVE_GETUTXLINE 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getutxuser" "ac_cv_func_getutxuser" +if test "x$ac_cv_func_getutxuser" = xyes +then : + printf "%s\n" "#define HAVE_GETUTXUSER 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "pututxline" "ac_cv_func_pututxline" +if test "x$ac_cv_func_pututxline" = xyes +then : + printf "%s\n" "#define HAVE_PUTUTXLINE 1" >>confdefs.h + +fi + +ac_fn_c_check_func "$LINENO" "setutxdb" "ac_cv_func_setutxdb" +if test "x$ac_cv_func_setutxdb" = xyes +then : + printf "%s\n" "#define HAVE_SETUTXDB 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "setutxent" "ac_cv_func_setutxent" +if test "x$ac_cv_func_setutxent" = xyes +then : + printf "%s\n" "#define HAVE_SETUTXENT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "utmpxname" "ac_cv_func_utmpxname" +if test "x$ac_cv_func_utmpxname" = xyes +then : + printf "%s\n" "#define HAVE_UTMPXNAME 1" >>confdefs.h + +fi + +ac_fn_c_check_func "$LINENO" "getlastlogxbyname" "ac_cv_func_getlastlogxbyname" +if test "x$ac_cv_func_getlastlogxbyname" = xyes +then : + printf "%s\n" "#define HAVE_GETLASTLOGXBYNAME 1" >>confdefs.h + +fi + + +ac_fn_c_check_func "$LINENO" "daemon" "ac_cv_func_daemon" +if test "x$ac_cv_func_daemon" = xyes +then : + +printf "%s\n" "#define HAVE_DAEMON 1" >>confdefs.h + +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for daemon in -lbsd" >&5 +printf %s "checking for daemon in -lbsd... " >&6; } +if test ${ac_cv_lib_bsd_daemon+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-lbsd $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char daemon (); +int +main (void) +{ +return daemon (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_bsd_daemon=yes +else $as_nop + ac_cv_lib_bsd_daemon=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_bsd_daemon" >&5 +printf "%s\n" "$ac_cv_lib_bsd_daemon" >&6; } +if test "x$ac_cv_lib_bsd_daemon" = xyes +then : + LIBS="$LIBS -lbsd"; printf "%s\n" "#define HAVE_DAEMON 1" >>confdefs.h + +fi + + +fi + + +ac_fn_c_check_func "$LINENO" "getpagesize" "ac_cv_func_getpagesize" +if test "x$ac_cv_func_getpagesize" = xyes +then : + +printf "%s\n" "#define HAVE_GETPAGESIZE 1" >>confdefs.h + +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for getpagesize in -lucb" >&5 +printf %s "checking for getpagesize in -lucb... " >&6; } +if test ${ac_cv_lib_ucb_getpagesize+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-lucb $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char getpagesize (); +int +main (void) +{ +return getpagesize (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_ucb_getpagesize=yes +else $as_nop + ac_cv_lib_ucb_getpagesize=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ucb_getpagesize" >&5 +printf "%s\n" "$ac_cv_lib_ucb_getpagesize" >&6; } +if test "x$ac_cv_lib_ucb_getpagesize" = xyes +then : + LIBS="$LIBS -lucb"; printf "%s\n" "#define HAVE_GETPAGESIZE 1" >>confdefs.h + +fi + + +fi + + +# Check for broken snprintf +if test "x$ac_cv_func_snprintf" = "xyes" ; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether snprintf correctly terminates long strings" >&5 +printf %s "checking whether snprintf correctly terminates long strings... " >&6; } + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Assuming working snprintf()" >&5 +printf "%s\n" "$as_me: WARNING: cross compiling: Assuming working snprintf()" >&2;} + +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +int +main (void) +{ + + char b[5]; + snprintf(b,5,"123456789"); + exit(b[4]!='\0'); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +else $as_nop + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +printf "%s\n" "#define BROKEN_SNPRINTF 1" >>confdefs.h + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: ****** Your snprintf() function is broken, complain to your vendor" >&5 +printf "%s\n" "$as_me: WARNING: ****** Your snprintf() function is broken, complain to your vendor" >&2;} + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi + +if test "x$ac_cv_func_snprintf" = "xyes" ; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether snprintf understands %zu" >&5 +printf %s "checking whether snprintf understands %zu... " >&6; } + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Assuming working snprintf()" >&5 +printf "%s\n" "$as_me: WARNING: cross compiling: Assuming working snprintf()" >&2;} + +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include + +int +main (void) +{ + + size_t a = 1, b = 2; + char z[128]; + snprintf(z, sizeof z, "%zu%zu", a, b); + exit(strcmp(z, "12")); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +else $as_nop + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +printf "%s\n" "#define BROKEN_SNPRINTF 1" >>confdefs.h + + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi + +# We depend on vsnprintf returning the right thing on overflow: the +# number of characters it tried to create (as per SUSv3) +if test "x$ac_cv_func_vsnprintf" = "xyes" ; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether vsnprintf returns correct values on overflow" >&5 +printf %s "checking whether vsnprintf returns correct values on overflow... " >&6; } + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Assuming working vsnprintf()" >&5 +printf "%s\n" "$as_me: WARNING: cross compiling: Assuming working vsnprintf()" >&2;} + +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include + +int x_snprintf(char *str, size_t count, const char *fmt, ...) +{ + size_t ret; + va_list ap; + + va_start(ap, fmt); + ret = vsnprintf(str, count, fmt, ap); + va_end(ap); + return ret; +} + +int +main (void) +{ + +char x[1]; +if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) + return 1; +if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) + return 1; +return 0; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +else $as_nop + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +printf "%s\n" "#define BROKEN_SNPRINTF 1" >>confdefs.h + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: ****** Your vsnprintf() function is broken, complain to your vendor" >&5 +printf "%s\n" "$as_me: WARNING: ****** Your vsnprintf() function is broken, complain to your vendor" >&2;} + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi + +# On systems where [v]snprintf is broken, but is declared in stdio, +# check that the fmt argument is const char * or just char *. +# This is only useful for when BROKEN_SNPRINTF +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether snprintf can declare const char *fmt" >&5 +printf %s "checking whether snprintf can declare const char *fmt... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +int snprintf(char *a, size_t b, const char *c, ...) { return 0; } + +int +main (void) +{ + + snprintf(0, 0, 0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +printf "%s\n" "#define SNPRINTF_CONST const" >>confdefs.h + +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + printf "%s\n" "#define SNPRINTF_CONST /* not const */" >>confdefs.h + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +# Check for missing getpeereid (or equiv) support +NO_PEERCHECK="" +if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether system supports SO_PEERCRED getsockopt" >&5 +printf %s "checking whether system supports SO_PEERCRED getsockopt... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +int +main (void) +{ +int i = SO_PEERCRED; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +printf "%s\n" "#define HAVE_SO_PEERCRED 1" >>confdefs.h + + +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + NO_PEERCHECK=1 + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +if test ! -z "$check_for_openpty_ctty_bug"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if openpty correctly handles controlling tty" >&5 +printf %s "checking if openpty correctly handles controlling tty... " >&6; } + if test "$cross_compiling" = yes +then : + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: cross-compiling, assuming yes" >&5 +printf "%s\n" "cross-compiling, assuming yes" >&6; } + + +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#ifdef HAVE_PTY_H +# include +#endif +#include +#include +#include + +int +main (void) +{ + + pid_t pid; + int fd, ptyfd, ttyfd, status; + + pid = fork(); + if (pid < 0) { /* failed */ + exit(1); + } else if (pid > 0) { /* parent */ + waitpid(pid, &status, 0); + if (WIFEXITED(status)) + exit(WEXITSTATUS(status)); + else + exit(2); + } else { /* child */ + close(0); close(1); close(2); + setsid(); + openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); + fd = open("/dev/tty", O_RDWR | O_NOCTTY); + if (fd >= 0) + exit(3); /* Acquired ctty: broken */ + else + exit(0); /* Did not acquire ctty: OK */ + } + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +else $as_nop + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + printf "%s\n" "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h + + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi + +if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ + test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if getaddrinfo seems to work" >&5 +printf %s "checking if getaddrinfo seems to work... " >&6; } + if test "$cross_compiling" = yes +then : + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: cross-compiling, assuming yes" >&5 +printf "%s\n" "cross-compiling, assuming yes" >&6; } + + +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +#include + +#define TEST_PORT "2222" + +int +main (void) +{ + + int err, sock; + struct addrinfo *gai_ai, *ai, hints; + char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = PF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + hints.ai_flags = AI_PASSIVE; + + err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); + if (err != 0) { + fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); + exit(1); + } + + for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { + if (ai->ai_family != AF_INET6) + continue; + + err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, + sizeof(ntop), strport, sizeof(strport), + NI_NUMERICHOST|NI_NUMERICSERV); + + if (err != 0) { + if (err == EAI_SYSTEM) + perror("getnameinfo EAI_SYSTEM"); + else + fprintf(stderr, "getnameinfo failed: %s\n", + gai_strerror(err)); + exit(2); + } + + sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); + if (sock < 0) + perror("socket"); + if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { + if (errno == EBADF) + exit(3); + } + } + exit(0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +else $as_nop + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + printf "%s\n" "#define BROKEN_GETADDRINFO 1" >>confdefs.h + + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi + +if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ + test "x$check_for_aix_broken_getaddrinfo" = "x1"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if getaddrinfo seems to work" >&5 +printf %s "checking if getaddrinfo seems to work... " >&6; } + if test "$cross_compiling" = yes +then : + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: cross-compiling, assuming no" >&5 +printf "%s\n" "cross-compiling, assuming no" >&6; } + + +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +#include + +#define TEST_PORT "2222" + +int +main (void) +{ + + int err, sock; + struct addrinfo *gai_ai, *ai, hints; + char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = PF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + hints.ai_flags = AI_PASSIVE; + + err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); + if (err != 0) { + fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); + exit(1); + } + + for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { + if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) + continue; + + err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, + sizeof(ntop), strport, sizeof(strport), + NI_NUMERICHOST|NI_NUMERICSERV); + + if (ai->ai_family == AF_INET && err != 0) { + perror("getnameinfo"); + exit(2); + } + } + exit(0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +printf "%s\n" "#define AIX_GETNAMEINFO_HACK 1" >>confdefs.h + + +else $as_nop + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + printf "%s\n" "#define BROKEN_GETADDRINFO 1" >>confdefs.h + + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi + +if test "x$ac_cv_func_getaddrinfo" = "xyes"; then + ac_fn_check_decl "$LINENO" "AI_NUMERICSERV" "ac_cv_have_decl_AI_NUMERICSERV" "#include + #include + #include +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_AI_NUMERICSERV" = xyes +then : + ac_have_decl=1 +else $as_nop + ac_have_decl=0 +fi +printf "%s\n" "#define HAVE_DECL_AI_NUMERICSERV $ac_have_decl" >>confdefs.h + +fi + +if test "x$check_for_conflicting_getspnam" = "x1"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for conflicting getspnam in shadow.h" >&5 +printf %s "checking for conflicting getspnam in shadow.h... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +int +main (void) +{ + exit(0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +else $as_nop + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +printf "%s\n" "#define GETSPNAM_CONFLICTING_DEFS 1" >>confdefs.h + + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +if test "x$ac_cv_func_strnvis" = "xyes"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for working strnvis" >&5 +printf %s "checking for working strnvis... " >&6; } + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming broken" >&5 +printf "%s\n" "$as_me: WARNING: cross compiling: assuming broken" >&2;} + +printf "%s\n" "#define BROKEN_STRNVIS 1" >>confdefs.h + + +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include +static void sighandler(int sig) { _exit(1); } + +int +main (void) +{ + + char dst[16]; + + signal(SIGSEGV, sighandler); + if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) + exit(0); + exit(1) + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +printf "%s\n" "#define BROKEN_STRNVIS 1" >>confdefs.h + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if SA_RESTARTed signals interrupt select()" >&5 +printf %s "checking if SA_RESTARTed signals interrupt select()... " >&6; } +if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5 +printf "%s\n" "$as_me: WARNING: cross compiling: assuming yes" >&2;} + +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#ifdef HAVE_SYS_SELECT +# include +#endif +#include +#include +#include +#include +#include +static void sighandler(int sig) { } + +int +main (void) +{ + + int r; + pid_t pid; + struct sigaction sa; + + sa.sa_handler = sighandler; + sa.sa_flags = SA_RESTART; + (void)sigaction(SIGTERM, &sa, NULL); + if ((pid = fork()) == 0) { /* child */ + pid = getppid(); + sleep(1); + kill(pid, SIGTERM); + sleep(1); + if (getppid() == pid) /* if parent did not exit, shoot it */ + kill(pid, SIGKILL); + exit(0); + } else { /* parent */ + r = select(0, NULL, NULL, NULL, NULL); + } + exit(r == -1 ? 0 : 1); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +printf "%s\n" "#define NO_SA_RESTART 1" >>confdefs.h + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + + + for ac_func in getpgrp +do : + ac_fn_c_check_func "$LINENO" "getpgrp" "ac_cv_func_getpgrp" +if test "x$ac_cv_func_getpgrp" = xyes +then : + printf "%s\n" "#define HAVE_GETPGRP 1" >>confdefs.h + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if getpgrp accepts zero args" >&5 +printf %s "checking if getpgrp accepts zero args... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_includes_default +int +main (void) +{ + getpgrp(); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +printf "%s\n" "#define GETPGRP_VOID 1" >>confdefs.h + +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +printf "%s\n" "#define GETPGRP_VOID 0" >>confdefs.h + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi + +done + +# Search for OpenSSL +saved_CPPFLAGS="$CPPFLAGS" +saved_LDFLAGS="$LDFLAGS" +openssl_bin_PATH="$PATH" + +# Check whether --with-ssl-dir was given. +if test ${with_ssl_dir+y} +then : + withval=$with_ssl_dir; + if test "x$openssl" = "xno" ; then + as_fn_error $? "cannot use --with-ssl-dir when OpenSSL disabled" "$LINENO" 5 + fi + if test "x$withval" != "xno" ; then + case "$withval" in + # Relative paths + ./*|../*) withval="`pwd`/$withval" + esac + if test -d "$withval/lib"; then + libcrypto_path="${withval}/lib" + elif test -d "$withval/lib64"; then + libcrypto_path="$withval/lib64" + else + # Built but not installed + libcrypto_path="${withval}" + fi + if test -n "${rpath_opt}"; then + LDFLAGS="-L${libcrypto_path} ${rpath_opt}${libcrypto_path} ${LDFLAGS}" + else + LDFLAGS="-L${libcrypto_path} ${LDFLAGS}" + fi + if test -d "$withval/include"; then + CPPFLAGS="-I${withval}/include ${CPPFLAGS}" + else + CPPFLAGS="-I${withval} ${CPPFLAGS}" + fi + if test -x "${withval}/bin/openssl" && \ + "${withval}/bin/openssl" version >/dev/null 2>&1; then + openssl_bin_PATH="${withval}/bin${PATH_SEPARATOR}${PATH}" + elif test -x "${withval}/apps/openssl" && \ + "${withval}/apps/openssl" version >/dev/null 2>&1; then + openssl_bin_PATH="${withval}/apps${PATH_SEPARATOR}${PATH}" + fi + fi + + +fi + +for ac_prog in openssl +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_openssl_bin+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $openssl_bin in + [\\/]* | ?:[\\/]*) + ac_cv_path_openssl_bin="$openssl_bin" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $openssl_bin_PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_openssl_bin="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +openssl_bin=$ac_cv_path_openssl_bin +if test -n "$openssl_bin"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $openssl_bin" >&5 +printf "%s\n" "$openssl_bin" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + + test -n "$openssl_bin" && break +done + +OPENSSL_BIN=${openssl_bin} + + + +# Check whether --with-openssl-header-check was given. +if test ${with_openssl_header_check+y} +then : + withval=$with_openssl_header_check; + if test "x$withval" = "xno" ; then + openssl_check_nonfatal=1 + fi + + +fi + + +openssl_engine=no + +# Check whether --with-ssl-engine was given. +if test ${with_ssl_engine+y} +then : + withval=$with_ssl_engine; + if test "x$withval" != "xno" ; then + if test "x$openssl" = "xno" ; then + as_fn_error $? "cannot use --with-ssl-engine when OpenSSL disabled" "$LINENO" 5 + fi + openssl_engine=yes + fi + + +fi + + +nocrypto_saved_LIBS="$LIBS" +if test "x$openssl" = "xyes" ; then + LIBS="-lcrypto $LIBS" + CHANNELLIBS="-lcrypto $CHANNELLIBS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char RAND_add (); +int +main (void) +{ +return RAND_add (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + +else $as_nop + as_fn_error $? "*** working libcrypto not found, check config.log" "$LINENO" 5 +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + ac_fn_c_check_header_compile "$LINENO" "openssl/opensslv.h" "ac_cv_header_openssl_opensslv_h" "$ac_includes_default" +if test "x$ac_cv_header_openssl_opensslv_h" = xyes +then : + +else $as_nop + as_fn_error $? "*** OpenSSL headers missing - please install first or check config.log ***" "$LINENO" 5 +fi + + + # Determine OpenSSL header version + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking OpenSSL header version" >&5 +printf %s "checking OpenSSL header version... " >&6; } + if test "$cross_compiling" = yes +then : + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5 +printf "%s\n" "$as_me: WARNING: cross compiling: not checking" >&2;} + + +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + #include + #include + #define DATA "conftest.sslincver" + +int +main (void) +{ + + FILE *fd; + int rc; + + fd = fopen(DATA,"w"); + if(fd == NULL) + exit(1); + + if ((rc = fprintf(fd, "%08lx (%s)\n", + (unsigned long)OPENSSL_VERSION_NUMBER, + OPENSSL_VERSION_TEXT)) < 0) + exit(1); + + exit(0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + + ssl_header_ver=`cat conftest.sslincver` + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ssl_header_ver" >&5 +printf "%s\n" "$ssl_header_ver" >&6; } + +else $as_nop + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: failed" >&5 +printf "%s\n" "failed" >&6; } + as_fn_error $? "OpenSSL version test program failed." "$LINENO" 5 + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + + # Determining OpenSSL library version is version dependent. + ac_fn_c_check_func "$LINENO" "OpenSSL_version" "ac_cv_func_OpenSSL_version" +if test "x$ac_cv_func_OpenSSL_version" = xyes +then : + printf "%s\n" "#define HAVE_OPENSSL_VERSION 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "OpenSSL_version_num" "ac_cv_func_OpenSSL_version_num" +if test "x$ac_cv_func_OpenSSL_version_num" = xyes +then : + printf "%s\n" "#define HAVE_OPENSSL_VERSION_NUM 1" >>confdefs.h + +fi + + + # Determine OpenSSL library version + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking OpenSSL library version" >&5 +printf %s "checking OpenSSL library version... " >&6; } + if test "$cross_compiling" = yes +then : + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5 +printf "%s\n" "$as_me: WARNING: cross compiling: not checking" >&2;} + + +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + #include + #include + #include + #define DATA "conftest.ssllibver" + +int +main (void) +{ + + FILE *f; + /* We need these legacy bits to warn for old libcrypto */ + #ifndef OPENSSL_VERSION + # define OPENSSL_VERSION SSLEAY_VERSION + #endif + #ifndef HAVE_OPENSSL_VERSION + # define OpenSSL_version SSLeay_version + #endif + #ifndef HAVE_OPENSSL_VERSION_NUM + # define OpenSSL_version_num SSLeay + #endif + if ((f = fopen(DATA, "w")) == NULL) + exit(1); + if (fprintf(f, "%08lx (%s)", + (unsigned long)OpenSSL_version_num(), + OpenSSL_version(OPENSSL_VERSION)) < 0) + exit(1); +#ifdef LIBRESSL_VERSION_NUMBER + if (fprintf(f, " libressl-%08lx", LIBRESSL_VERSION_NUMBER) < 0) + exit(1); +#endif + if (fputc('\n', f) == EOF || fclose(f) == EOF) + exit(1); + exit(0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + + sslver=`cat conftest.ssllibver` + ssl_showver=`echo "$sslver" | sed 's/ libressl-.*//'` + # Check version is supported. + case "$sslver" in + 100*|10100*) # 1.0.x, 1.1.0x + as_fn_error $? "OpenSSL >= 1.1.1 required (have \"$ssl_showver\")" "$LINENO" 5 + ;; + 101*) ;; # 1.1.x + 200*) # LibreSSL + lver=`echo "$sslver" | sed 's/.*libressl-//'` + case "$lver" in + 2*|300*) # 2.x, 3.0.0 + as_fn_error $? "LibreSSL >= 3.1.0 required (have \"$ssl_showver\")" "$LINENO" 5 + ;; + *) ;; # Assume all other versions are good. + esac + ;; + 30*) + # OpenSSL 3; we use the 1.1x API + # https://openssl.org/policies/general/versioning-policy.html + CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L" + ;; + *) + as_fn_error $? "Unknown/unsupported OpenSSL version (\"$ssl_showver\")" "$LINENO" 5 + ;; + esac + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ssl_showver" >&5 +printf "%s\n" "$ssl_showver" >&6; } + +else $as_nop + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: not found" >&5 +printf "%s\n" "not found" >&6; } + as_fn_error $? "OpenSSL library not found." "$LINENO" 5 + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + + case "$host" in + x86_64-*) + case "$sslver" in + 3000004*) + as_fn_error $? "OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)" "$LINENO" 5 + ;; + esac + esac + + # Sanity check OpenSSL headers + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL's headers match the library" >&5 +printf %s "checking whether OpenSSL's headers match the library... " >&6; } + if test "$cross_compiling" = yes +then : + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5 +printf "%s\n" "$as_me: WARNING: cross compiling: not checking" >&2;} + + +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + #include + #include + +int +main (void) +{ + + exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +else $as_nop + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + if test "x$openssl_check_nonfatal" = "x"; then + as_fn_error $? "Your OpenSSL headers do not match your + library. Check config.log for details. + If you are sure your installation is consistent, you can disable the check + by running \"./configure --without-openssl-header-check\". + Also see contrib/findssl.sh for help identifying header/library mismatches. + " "$LINENO" 5 + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Your OpenSSL headers do not match your + library. Check config.log for details. + Also see contrib/findssl.sh for help identifying header/library mismatches." >&5 +printf "%s\n" "$as_me: WARNING: Your OpenSSL headers do not match your + library. Check config.log for details. + Also see contrib/findssl.sh for help identifying header/library mismatches." >&2;} + fi + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if programs using OpenSSL functions will link" >&5 +printf %s "checking if programs using OpenSSL functions will link... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main (void) +{ + ERR_load_crypto_strings(); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +else $as_nop + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + LIBS="$LIBS -ldl" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if programs using OpenSSL need -ldl" >&5 +printf %s "checking if programs using OpenSSL need -ldl... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main (void) +{ + ERR_load_crypto_strings(); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CHANNELLIBS="$CHANNELLIBS -ldl" + +else $as_nop + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + + ac_fn_c_check_func "$LINENO" "BN_is_prime_ex" "ac_cv_func_BN_is_prime_ex" +if test "x$ac_cv_func_BN_is_prime_ex" = xyes +then : + printf "%s\n" "#define HAVE_BN_IS_PRIME_EX 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "DES_crypt" "ac_cv_func_DES_crypt" +if test "x$ac_cv_func_DES_crypt" = xyes +then : + printf "%s\n" "#define HAVE_DES_CRYPT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "DSA_generate_parameters_ex" "ac_cv_func_DSA_generate_parameters_ex" +if test "x$ac_cv_func_DSA_generate_parameters_ex" = xyes +then : + printf "%s\n" "#define HAVE_DSA_GENERATE_PARAMETERS_EX 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "EVP_DigestFinal_ex" "ac_cv_func_EVP_DigestFinal_ex" +if test "x$ac_cv_func_EVP_DigestFinal_ex" = xyes +then : + printf "%s\n" "#define HAVE_EVP_DIGESTFINAL_EX 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "EVP_DigestInit_ex" "ac_cv_func_EVP_DigestInit_ex" +if test "x$ac_cv_func_EVP_DigestInit_ex" = xyes +then : + printf "%s\n" "#define HAVE_EVP_DIGESTINIT_EX 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "EVP_MD_CTX_cleanup" "ac_cv_func_EVP_MD_CTX_cleanup" +if test "x$ac_cv_func_EVP_MD_CTX_cleanup" = xyes +then : + printf "%s\n" "#define HAVE_EVP_MD_CTX_CLEANUP 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "EVP_MD_CTX_copy_ex" "ac_cv_func_EVP_MD_CTX_copy_ex" +if test "x$ac_cv_func_EVP_MD_CTX_copy_ex" = xyes +then : + printf "%s\n" "#define HAVE_EVP_MD_CTX_COPY_EX 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "EVP_MD_CTX_init" "ac_cv_func_EVP_MD_CTX_init" +if test "x$ac_cv_func_EVP_MD_CTX_init" = xyes +then : + printf "%s\n" "#define HAVE_EVP_MD_CTX_INIT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "HMAC_CTX_init" "ac_cv_func_HMAC_CTX_init" +if test "x$ac_cv_func_HMAC_CTX_init" = xyes +then : + printf "%s\n" "#define HAVE_HMAC_CTX_INIT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "RSA_generate_key_ex" "ac_cv_func_RSA_generate_key_ex" +if test "x$ac_cv_func_RSA_generate_key_ex" = xyes +then : + printf "%s\n" "#define HAVE_RSA_GENERATE_KEY_EX 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "RSA_get_default_method" "ac_cv_func_RSA_get_default_method" +if test "x$ac_cv_func_RSA_get_default_method" = xyes +then : + printf "%s\n" "#define HAVE_RSA_GET_DEFAULT_METHOD 1" >>confdefs.h + +fi + + + # OpenSSL_add_all_algorithms may be a macro. + ac_fn_c_check_func "$LINENO" "OpenSSL_add_all_algorithms" "ac_cv_func_OpenSSL_add_all_algorithms" +if test "x$ac_cv_func_OpenSSL_add_all_algorithms" = xyes +then : + +printf "%s\n" "#define HAVE_OPENSSL_ADD_ALL_ALGORITHMS 1" >>confdefs.h + +else $as_nop + ac_fn_check_decl "$LINENO" "OpenSSL_add_all_algorithms" "ac_cv_have_decl_OpenSSL_add_all_algorithms" "#include + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_OpenSSL_add_all_algorithms" = xyes +then : + +printf "%s\n" "#define HAVE_OPENSSL_ADD_ALL_ALGORITHMS 1" >>confdefs.h + +fi + +fi + + + # LibreSSL/OpenSSL API differences + ac_fn_c_check_func "$LINENO" "EVP_CIPHER_CTX_iv" "ac_cv_func_EVP_CIPHER_CTX_iv" +if test "x$ac_cv_func_EVP_CIPHER_CTX_iv" = xyes +then : + printf "%s\n" "#define HAVE_EVP_CIPHER_CTX_IV 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "EVP_CIPHER_CTX_iv_noconst" "ac_cv_func_EVP_CIPHER_CTX_iv_noconst" +if test "x$ac_cv_func_EVP_CIPHER_CTX_iv_noconst" = xyes +then : + printf "%s\n" "#define HAVE_EVP_CIPHER_CTX_IV_NOCONST 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "EVP_CIPHER_CTX_get_iv" "ac_cv_func_EVP_CIPHER_CTX_get_iv" +if test "x$ac_cv_func_EVP_CIPHER_CTX_get_iv" = xyes +then : + printf "%s\n" "#define HAVE_EVP_CIPHER_CTX_GET_IV 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "EVP_CIPHER_CTX_get_updated_iv" "ac_cv_func_EVP_CIPHER_CTX_get_updated_iv" +if test "x$ac_cv_func_EVP_CIPHER_CTX_get_updated_iv" = xyes +then : + printf "%s\n" "#define HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "EVP_CIPHER_CTX_set_iv" "ac_cv_func_EVP_CIPHER_CTX_set_iv" +if test "x$ac_cv_func_EVP_CIPHER_CTX_set_iv" = xyes +then : + printf "%s\n" "#define HAVE_EVP_CIPHER_CTX_SET_IV 1" >>confdefs.h + +fi + + + if test "x$openssl_engine" = "xyes" ; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for OpenSSL ENGINE support" >&5 +printf %s "checking for OpenSSL ENGINE support... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + +int +main (void) +{ + + ENGINE_load_builtin_engines(); + ENGINE_register_all_complete(); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +printf "%s\n" "#define USE_OPENSSL_ENGINE 1" >>confdefs.h + + +else $as_nop + as_fn_error $? "OpenSSL ENGINE support not found" "$LINENO" 5 + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + fi + + # Check for OpenSSL without EVP_aes_{192,256}_cbc + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL lacks support for AES 192/256" >&5 +printf %s "checking whether OpenSSL lacks support for AES 192/256... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + #include + +int +main (void) +{ + + exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +else $as_nop + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +printf "%s\n" "#define OPENSSL_LOBOTOMISED_AES 1" >>confdefs.h + + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if EVP_DigestUpdate returns an int" >&5 +printf %s "checking if EVP_DigestUpdate returns an int... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + #include + +int +main (void) +{ + + if(EVP_DigestUpdate(NULL, NULL,0)) + exit(0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +else $as_nop + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +printf "%s\n" "#define OPENSSL_EVP_DIGESTUPDATE_VOID 1" >>confdefs.h + + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + + # Check for various EVP support in OpenSSL + ac_fn_c_check_func "$LINENO" "EVP_sha256" "ac_cv_func_EVP_sha256" +if test "x$ac_cv_func_EVP_sha256" = xyes +then : + printf "%s\n" "#define HAVE_EVP_SHA256 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "EVP_sha384" "ac_cv_func_EVP_sha384" +if test "x$ac_cv_func_EVP_sha384" = xyes +then : + printf "%s\n" "#define HAVE_EVP_SHA384 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "EVP_sha512" "ac_cv_func_EVP_sha512" +if test "x$ac_cv_func_EVP_sha512" = xyes +then : + printf "%s\n" "#define HAVE_EVP_SHA512 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "EVP_chacha20" "ac_cv_func_EVP_chacha20" +if test "x$ac_cv_func_EVP_chacha20" = xyes +then : + printf "%s\n" "#define HAVE_EVP_CHACHA20 1" >>confdefs.h + +fi + + + # Check complete ECC support in OpenSSL + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has NID_X9_62_prime256v1" >&5 +printf %s "checking whether OpenSSL has NID_X9_62_prime256v1... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + #include + #include + #include + #include + +int +main (void) +{ + + EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); + const EVP_MD *m = EVP_sha256(); /* We need this too */ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + enable_nistp256=1 +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has NID_secp384r1" >&5 +printf %s "checking whether OpenSSL has NID_secp384r1... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + #include + #include + #include + #include + +int +main (void) +{ + + EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); + const EVP_MD *m = EVP_sha384(); /* We need this too */ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + enable_nistp384=1 +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has NID_secp521r1" >&5 +printf %s "checking whether OpenSSL has NID_secp521r1... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + #include + #include + #include + #include + +int +main (void) +{ + + EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); + const EVP_MD *m = EVP_sha512(); /* We need this too */ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if OpenSSL's NID_secp521r1 is functional" >&5 +printf %s "checking if OpenSSL's NID_secp521r1 is functional... " >&6; } + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cross-compiling: assuming yes" >&5 +printf "%s\n" "$as_me: WARNING: cross-compiling: assuming yes" >&2;} + enable_nistp521=1 + +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + #include + #include + #include + #include + #include + +int +main (void) +{ + + EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); + const EVP_MD *m = EVP_sha512(); /* We need this too */ + exit(e == NULL || m == NULL); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + enable_nistp521=1 +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + + if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ + test x$enable_nistp521 = x1; then + +printf "%s\n" "#define OPENSSL_HAS_ECC 1" >>confdefs.h + + ac_fn_c_check_func "$LINENO" "EC_KEY_METHOD_new" "ac_cv_func_EC_KEY_METHOD_new" +if test "x$ac_cv_func_EC_KEY_METHOD_new" = xyes +then : + printf "%s\n" "#define HAVE_EC_KEY_METHOD_NEW 1" >>confdefs.h + +fi + + openssl_ecc=yes + else + openssl_ecc=no + fi + if test x$enable_nistp256 = x1; then + +printf "%s\n" "#define OPENSSL_HAS_NISTP256 1" >>confdefs.h + + else + unsupported_algorithms="$unsupported_algorithms \ + ecdsa-sha2-nistp256 \ + ecdh-sha2-nistp256 \ + ecdsa-sha2-nistp256-cert-v01@openssh.com" + fi + if test x$enable_nistp384 = x1; then + +printf "%s\n" "#define OPENSSL_HAS_NISTP384 1" >>confdefs.h + + else + unsupported_algorithms="$unsupported_algorithms \ + ecdsa-sha2-nistp384 \ + ecdh-sha2-nistp384 \ + ecdsa-sha2-nistp384-cert-v01@openssh.com" + fi + if test x$enable_nistp521 = x1; then + +printf "%s\n" "#define OPENSSL_HAS_NISTP521 1" >>confdefs.h + + else + unsupported_algorithms="$unsupported_algorithms \ + ecdh-sha2-nistp521 \ + ecdsa-sha2-nistp521 \ + ecdsa-sha2-nistp521-cert-v01@openssh.com" + fi + + # Check libcrypto ED25519 support + ac_fn_c_check_func "$LINENO" "EVP_PKEY_get_raw_public_key" "ac_cv_func_EVP_PKEY_get_raw_public_key" +if test "x$ac_cv_func_EVP_PKEY_get_raw_public_key" = xyes +then : + printf "%s\n" "#define HAVE_EVP_PKEY_GET_RAW_PUBLIC_KEY 1" >>confdefs.h + +fi + + ac_fn_c_check_func "$LINENO" "EVP_PKEY_get_raw_private_key" "ac_cv_func_EVP_PKEY_get_raw_private_key" +if test "x$ac_cv_func_EVP_PKEY_get_raw_private_key" = xyes +then : + printf "%s\n" "#define HAVE_EVP_PKEY_GET_RAW_PRIVATE_KEY 1" >>confdefs.h + +fi + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has ED25519 support" >&5 +printf %s "checking whether OpenSSL has ED25519 support... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + +int +main (void) +{ + + unsigned char buf[64]; + memset(buf, 0, sizeof(buf)); + exit(EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, NULL, + buf, sizeof(buf)) == NULL); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +printf "%s\n" "#define OPENSSL_HAS_ED25519 1" >>confdefs.h + + +else $as_nop + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + + openssl_dsa=no + if test ! -z "$enable_dsa" ; then + ac_fn_check_decl "$LINENO" "OPENSSL_NO_DSA" "ac_cv_have_decl_OPENSSL_NO_DSA" " #include + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_OPENSSL_NO_DSA" = xyes +then : + ac_have_decl=1 +else $as_nop + ac_have_decl=0 +fi +printf "%s\n" "#define HAVE_DECL_OPENSSL_NO_DSA $ac_have_decl" >>confdefs.h +if test $ac_have_decl = 1 +then : + +else $as_nop + + ac_fn_check_decl "$LINENO" "OPENSSL_IS_BORINGSSL" "ac_cv_have_decl_OPENSSL_IS_BORINGSSL" " #include + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_OPENSSL_IS_BORINGSSL" = xyes +then : + ac_have_decl=1 +else $as_nop + ac_have_decl=0 +fi +printf "%s\n" "#define HAVE_DECL_OPENSSL_IS_BORINGSSL $ac_have_decl" >>confdefs.h +if test $ac_have_decl = 1 +then : + +else $as_nop + openssl_dsa=yes +fi + + +fi + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to enable DSA key support" >&5 +printf %s "checking whether to enable DSA key support... " >&6; } + if test "x$openssl_dsa" = "xno"; then + as_fn_error $? "DSA requested but not supported by OpenSSL" "$LINENO" 5 + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +printf "%s\n" "#define WITH_DSA 1" >>confdefs.h + + fi + fi +fi + +# PKCS11/U2F depend on OpenSSL and dlopen(). +enable_pkcs11=yes +enable_sk=yes +if test "x$openssl" != "xyes" ; then + enable_pkcs11="disabled; missing libcrypto" +fi +if test "x$ac_cv_func_dlopen" != "xyes" ; then + enable_pkcs11="disabled; missing dlopen(3)" + enable_sk="disabled; missing dlopen(3)" +fi +if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then + enable_pkcs11="disabled; missing RTLD_NOW" + enable_sk="disabled; missing RTLD_NOW" +fi +if test ! -z "$disable_pkcs11" ; then + enable_pkcs11="disabled by user" +fi +if test ! -z "$disable_sk" ; then + enable_sk="disabled by user" +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to enable PKCS11" >&5 +printf %s "checking whether to enable PKCS11... " >&6; } +if test "x$enable_pkcs11" = "xyes" ; then + +printf "%s\n" "#define ENABLE_PKCS11 /**/" >>confdefs.h + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_pkcs11" >&5 +printf "%s\n" "$enable_pkcs11" >&6; } + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to enable U2F" >&5 +printf %s "checking whether to enable U2F... " >&6; } +if test "x$enable_sk" = "xyes" ; then + +printf "%s\n" "#define ENABLE_SK /**/" >>confdefs.h + + SK_DUMMY_LIBRARY=regress/misc/sk-dummy/sk-dummy.so + +else + # Do not try to build sk-dummy library. + SK_DUMMY_LIBRARY="" + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_sk" >&5 +printf "%s\n" "$enable_sk" >&6; } + +# Now check for built-in security key support. +if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" != "xno" ; then + use_pkgconfig_for_libfido2= + if test "x$PKGCONFIG" != "xno"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $PKGCONFIG knows about libfido2" >&5 +printf %s "checking if $PKGCONFIG knows about libfido2... " >&6; } + if "$PKGCONFIG" libfido2; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + use_pkgconfig_for_libfido2=yes + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + fi + fi + if test "x$use_pkgconfig_for_libfido2" = "xyes"; then + LIBFIDO2=`$PKGCONFIG --libs libfido2` + CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`" + else + LIBFIDO2="-lfido2 -lcbor" + fi + OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` + fido2_error= + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for fido_init in -lfido2" >&5 +printf %s "checking for fido_init in -lfido2... " >&6; } +if test ${ac_cv_lib_fido2_fido_init+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-lfido2 $OTHERLIBS + $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char fido_init (); +int +main (void) +{ +return fido_init (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_fido2_fido_init=yes +else $as_nop + ac_cv_lib_fido2_fido_init=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_fido2_fido_init" >&5 +printf "%s\n" "$ac_cv_lib_fido2_fido_init" >&6; } +if test "x$ac_cv_lib_fido2_fido_init" = xyes +then : + +else $as_nop + fido2_error="missing/unusable libfido2" +fi + + ac_fn_c_check_header_compile "$LINENO" "fido.h" "ac_cv_header_fido_h" "$ac_includes_default" +if test "x$ac_cv_header_fido_h" = xyes +then : + +else $as_nop + fido2_error="missing fido.h from libfido2" +fi + + ac_fn_c_check_header_compile "$LINENO" "fido/credman.h" "ac_cv_header_fido_credman_h" " #include + +" +if test "x$ac_cv_header_fido_credman_h" = xyes +then : + +else $as_nop + fido2_error="missing fido/credman.h from libfido2" +fi + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for usable libfido2 installation" >&5 +printf %s "checking for usable libfido2 installation... " >&6; } + if test ! -z "$fido2_error" ; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $fido2_error" >&5 +printf "%s\n" "$fido2_error" >&6; } + if test "x$enable_sk_internal" = "xyes" ; then + as_fn_error $? "No usable libfido2 library/headers found" "$LINENO" 5 + fi + LIBFIDO2="" + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + + +printf "%s\n" "#define ENABLE_SK_INTERNAL /**/" >>confdefs.h + + enable_sk="built-in" + saved_LIBS="$LIBS" + LIBS="$LIBFIDO2 $LIBS" + ac_fn_c_check_func "$LINENO" "fido_assert_set_clientdata" "ac_cv_func_fido_assert_set_clientdata" +if test "x$ac_cv_func_fido_assert_set_clientdata" = xyes +then : + printf "%s\n" "#define HAVE_FIDO_ASSERT_SET_CLIENTDATA 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "fido_cred_prot" "ac_cv_func_fido_cred_prot" +if test "x$ac_cv_func_fido_cred_prot" = xyes +then : + printf "%s\n" "#define HAVE_FIDO_CRED_PROT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "fido_cred_set_prot" "ac_cv_func_fido_cred_set_prot" +if test "x$ac_cv_func_fido_cred_set_prot" = xyes +then : + printf "%s\n" "#define HAVE_FIDO_CRED_SET_PROT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "fido_cred_set_clientdata" "ac_cv_func_fido_cred_set_clientdata" +if test "x$ac_cv_func_fido_cred_set_clientdata" = xyes +then : + printf "%s\n" "#define HAVE_FIDO_CRED_SET_CLIENTDATA 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "fido_dev_get_touch_begin" "ac_cv_func_fido_dev_get_touch_begin" +if test "x$ac_cv_func_fido_dev_get_touch_begin" = xyes +then : + printf "%s\n" "#define HAVE_FIDO_DEV_GET_TOUCH_BEGIN 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "fido_dev_get_touch_status" "ac_cv_func_fido_dev_get_touch_status" +if test "x$ac_cv_func_fido_dev_get_touch_status" = xyes +then : + printf "%s\n" "#define HAVE_FIDO_DEV_GET_TOUCH_STATUS 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "fido_dev_supports_cred_prot" "ac_cv_func_fido_dev_supports_cred_prot" +if test "x$ac_cv_func_fido_dev_supports_cred_prot" = xyes +then : + printf "%s\n" "#define HAVE_FIDO_DEV_SUPPORTS_CRED_PROT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "fido_dev_is_winhello" "ac_cv_func_fido_dev_is_winhello" +if test "x$ac_cv_func_fido_dev_is_winhello" = xyes +then : + printf "%s\n" "#define HAVE_FIDO_DEV_IS_WINHELLO 1" >>confdefs.h + +fi + + LIBS="$saved_LIBS" + fi +fi + +ac_fn_c_check_func "$LINENO" "arc4random" "ac_cv_func_arc4random" +if test "x$ac_cv_func_arc4random" = xyes +then : + printf "%s\n" "#define HAVE_ARC4RANDOM 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "arc4random_buf" "ac_cv_func_arc4random_buf" +if test "x$ac_cv_func_arc4random_buf" = xyes +then : + printf "%s\n" "#define HAVE_ARC4RANDOM_BUF 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "arc4random_stir" "ac_cv_func_arc4random_stir" +if test "x$ac_cv_func_arc4random_stir" = xyes +then : + printf "%s\n" "#define HAVE_ARC4RANDOM_STIR 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "arc4random_uniform" "ac_cv_func_arc4random_uniform" +if test "x$ac_cv_func_arc4random_uniform" = xyes +then : + printf "%s\n" "#define HAVE_ARC4RANDOM_UNIFORM 1" >>confdefs.h + +fi + +### Configure cryptographic random number support + +# Check whether OpenSSL seeds itself +if test "x$openssl" = "xyes" ; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL's PRNG is internally seeded" >&5 +printf %s "checking whether OpenSSL's PRNG is internally seeded... " >&6; } + if test "$cross_compiling" = yes +then : + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5 +printf "%s\n" "$as_me: WARNING: cross compiling: assuming yes" >&2;} + # This is safe, since we will fatal() at runtime if + # OpenSSL is not seeded correctly. + OPENSSL_SEEDS_ITSELF=yes + + +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + #include + +int +main (void) +{ + + exit(RAND_status() == 1 ? 0 : 1); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + + OPENSSL_SEEDS_ITSELF=yes + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +else $as_nop + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi + +# PRNGD TCP socket + +# Check whether --with-prngd-port was given. +if test ${with_prngd_port+y} +then : + withval=$with_prngd_port; + case "$withval" in + no) + withval="" + ;; + [0-9]*) + ;; + *) + as_fn_error $? "You must specify a numeric port number for --with-prngd-port" "$LINENO" 5 + ;; + esac + if test ! -z "$withval" ; then + PRNGD_PORT="$withval" + +printf "%s\n" "#define PRNGD_PORT $PRNGD_PORT" >>confdefs.h + + fi + + +fi + + +# PRNGD Unix domain socket + +# Check whether --with-prngd-socket was given. +if test ${with_prngd_socket+y} +then : + withval=$with_prngd_socket; + case "$withval" in + yes) + withval="/var/run/egd-pool" + ;; + no) + withval="" + ;; + /*) + ;; + *) + as_fn_error $? "You must specify an absolute path to the entropy socket" "$LINENO" 5 + ;; + esac + + if test ! -z "$withval" ; then + if test ! -z "$PRNGD_PORT" ; then + as_fn_error $? "You may not specify both a PRNGD/EGD port and socket" "$LINENO" 5 + fi + if test ! -r "$withval" ; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Entropy socket is not readable" >&5 +printf "%s\n" "$as_me: WARNING: Entropy socket is not readable" >&2;} + fi + PRNGD_SOCKET="$withval" + +printf "%s\n" "#define PRNGD_SOCKET \"$PRNGD_SOCKET\"" >>confdefs.h + + fi + +else $as_nop + + # Check for existing socket only if we don't have a random device already + if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for PRNGD/EGD socket" >&5 +printf %s "checking for PRNGD/EGD socket... " >&6; } + # Insert other locations here + for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do + if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then + PRNGD_SOCKET="$sock" + printf "%s\n" "#define PRNGD_SOCKET \"$PRNGD_SOCKET\"" >>confdefs.h + + break; + fi + done + if test ! -z "$PRNGD_SOCKET" ; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PRNGD_SOCKET" >&5 +printf "%s\n" "$PRNGD_SOCKET" >&6; } + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: not found" >&5 +printf "%s\n" "not found" >&6; } + fi + fi + + +fi + + +# Which randomness source do we use? +if test ! -z "$PRNGD_PORT" ; then + RAND_MSG="PRNGd port $PRNGD_PORT" +elif test ! -z "$PRNGD_SOCKET" ; then + RAND_MSG="PRNGd socket $PRNGD_SOCKET" +elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then + +printf "%s\n" "#define OPENSSL_PRNG_ONLY 1" >>confdefs.h + + RAND_MSG="OpenSSL internal ONLY" +elif test "x$openssl" = "xno" ; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible" >&5 +printf "%s\n" "$as_me: WARNING: OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible" >&2;} +else + as_fn_error $? "OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options" "$LINENO" 5 +fi +LIBS="$nocrypto_saved_LIBS" + +saved_LIBS="$LIBS" +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ia_openinfo in -liaf" >&5 +printf %s "checking for ia_openinfo in -liaf... " >&6; } +if test ${ac_cv_lib_iaf_ia_openinfo+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-liaf $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char ia_openinfo (); +int +main (void) +{ +return ia_openinfo (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_iaf_ia_openinfo=yes +else $as_nop + ac_cv_lib_iaf_ia_openinfo=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_iaf_ia_openinfo" >&5 +printf "%s\n" "$ac_cv_lib_iaf_ia_openinfo" >&6; } +if test "x$ac_cv_lib_iaf_ia_openinfo" = xyes +then : + + LIBS="$LIBS -liaf" + + for ac_func in set_id +do : + ac_fn_c_check_func "$LINENO" "set_id" "ac_cv_func_set_id" +if test "x$ac_cv_func_set_id" = xyes +then : + printf "%s\n" "#define HAVE_SET_ID 1" >>confdefs.h + SSHDLIBS="$SSHDLIBS -liaf" + +printf "%s\n" "#define HAVE_LIBIAF 1" >>confdefs.h + + +fi + +done + +fi + +LIBS="$saved_LIBS" + +# Check for crypt() in libcrypt. If we have it, we only need it for sshd. +saved_LIBS="$LIBS" +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for crypt in -lcrypt" >&5 +printf %s "checking for crypt in -lcrypt... " >&6; } +if test ${ac_cv_lib_crypt_crypt+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-lcrypt $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char crypt (); +int +main (void) +{ +return crypt (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_crypt_crypt=yes +else $as_nop + ac_cv_lib_crypt_crypt=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypt_crypt" >&5 +printf "%s\n" "$ac_cv_lib_crypt_crypt" >&6; } +if test "x$ac_cv_lib_crypt_crypt" = xyes +then : + + LIBS="-lcrypt $LIBS" + SSHDLIBS="-lcrypt $SSHDLIBS" + +fi + +ac_fn_c_check_func "$LINENO" "crypt" "ac_cv_func_crypt" +if test "x$ac_cv_func_crypt" = xyes +then : + printf "%s\n" "#define HAVE_CRYPT 1" >>confdefs.h + +fi + +LIBS="$saved_LIBS" + +# Check for PAM libs +PAM_MSG="no" + +# Check whether --with-pam was given. +if test ${with_pam+y} +then : + withval=$with_pam; + if test "x$withval" != "xno" ; then + if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ + test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then + as_fn_error $? "PAM headers not found" "$LINENO" 5 + fi + + saved_LIBS="$LIBS" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 +printf %s "checking for dlopen in -ldl... " >&6; } +if test ${ac_cv_lib_dl_dlopen+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldl $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char dlopen (); +int +main (void) +{ +return dlopen (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_dl_dlopen=yes +else $as_nop + ac_cv_lib_dl_dlopen=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 +printf "%s\n" "$ac_cv_lib_dl_dlopen" >&6; } +if test "x$ac_cv_lib_dl_dlopen" = xyes +then : + printf "%s\n" "#define HAVE_LIBDL 1" >>confdefs.h + + LIBS="-ldl $LIBS" + +fi + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for pam_set_item in -lpam" >&5 +printf %s "checking for pam_set_item in -lpam... " >&6; } +if test ${ac_cv_lib_pam_pam_set_item+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-lpam $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char pam_set_item (); +int +main (void) +{ +return pam_set_item (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_pam_pam_set_item=yes +else $as_nop + ac_cv_lib_pam_pam_set_item=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pam_pam_set_item" >&5 +printf "%s\n" "$ac_cv_lib_pam_pam_set_item" >&6; } +if test "x$ac_cv_lib_pam_pam_set_item" = xyes +then : + printf "%s\n" "#define HAVE_LIBPAM 1" >>confdefs.h + + LIBS="-lpam $LIBS" + +else $as_nop + as_fn_error $? "*** libpam missing" "$LINENO" 5 +fi + + ac_fn_c_check_func "$LINENO" "pam_getenvlist" "ac_cv_func_pam_getenvlist" +if test "x$ac_cv_func_pam_getenvlist" = xyes +then : + printf "%s\n" "#define HAVE_PAM_GETENVLIST 1" >>confdefs.h + +fi + + ac_fn_c_check_func "$LINENO" "pam_putenv" "ac_cv_func_pam_putenv" +if test "x$ac_cv_func_pam_putenv" = xyes +then : + printf "%s\n" "#define HAVE_PAM_PUTENV 1" >>confdefs.h + +fi + + LIBS="$saved_LIBS" + + PAM_MSG="yes" + + SSHDLIBS="$SSHDLIBS -lpam" + +printf "%s\n" "#define USE_PAM 1" >>confdefs.h + + + if test $ac_cv_lib_dl_dlopen = yes; then + case "$LIBS" in + *-ldl*) + # libdl already in LIBS + ;; + *) + SSHDLIBS="$SSHDLIBS -ldl" + ;; + esac + fi + fi + + +fi + + + +# Check whether --with-pam-service was given. +if test ${with_pam_service+y} +then : + withval=$with_pam_service; + if test "x$withval" != "xno" && \ + test "x$withval" != "xyes" ; then + +printf "%s\n" "#define SSHD_PAM_SERVICE \"$withval\"" >>confdefs.h + + fi + + +fi + + +# Check for older PAM +if test "x$PAM_MSG" = "xyes" ; then + # Check PAM strerror arguments (old PAM) + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether pam_strerror takes only one argument" >&5 +printf %s "checking whether pam_strerror takes only one argument... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#if defined(HAVE_SECURITY_PAM_APPL_H) +#include +#elif defined (HAVE_PAM_PAM_APPL_H) +#include +#endif + +int +main (void) +{ + +(void)pam_strerror((pam_handle_t *)NULL, -1); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +else $as_nop + + +printf "%s\n" "#define HAVE_OLD_PAM 1" >>confdefs.h + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + PAM_MSG="yes (old library)" + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +case "$host" in +*-*-cygwin*) + SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER + ;; +*) + SSH_PRIVSEP_USER=sshd + ;; +esac + +# Check whether --with-privsep-user was given. +if test ${with_privsep_user+y} +then : + withval=$with_privsep_user; + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + SSH_PRIVSEP_USER=$withval + fi + + +fi + +if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then + +printf "%s\n" "#define SSH_PRIVSEP_USER CYGWIN_SSH_PRIVSEP_USER" >>confdefs.h + +else + +printf "%s\n" "#define SSH_PRIVSEP_USER \"$SSH_PRIVSEP_USER\"" >>confdefs.h + +fi + + +if test "x$have_linux_no_new_privs" = "x1" ; then +ac_fn_check_decl "$LINENO" "SECCOMP_MODE_FILTER" "ac_cv_have_decl_SECCOMP_MODE_FILTER" " + #include + #include + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_SECCOMP_MODE_FILTER" = xyes +then : + have_seccomp_filter=1 +fi +fi +if test "x$have_seccomp_filter" = "x1" ; then +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking kernel for seccomp_filter support" >&5 +printf %s "checking kernel for seccomp_filter support... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + #include + #include + #include + #include + +int +main (void) +{ + int i = $seccomp_audit_arch; + errno = 0; + prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); + exit(errno == EFAULT ? 0 : 1); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +else $as_nop + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + # Disable seccomp filter as a target + have_seccomp_filter=0 + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +fi + +ac_fn_c_check_member "$LINENO" "struct pollfd" "fd" "ac_cv_member_struct_pollfd_fd" " +#include +#ifdef HAVE_POLL_H +#include +#endif +#ifdef HAVE_SYS_POLL_H +#include +#endif + +" +if test "x$ac_cv_member_struct_pollfd_fd" = xyes +then : + +printf "%s\n" "#define HAVE_STRUCT_POLLFD_FD 1" >>confdefs.h + + +fi + + +ac_fn_c_check_type "$LINENO" "nfds_t" "ac_cv_type_nfds_t" " +#include +#ifdef HAVE_POLL_H +#include +#endif +#ifdef HAVE_SYS_POLL_H +#include +#endif + +" +if test "x$ac_cv_type_nfds_t" = xyes +then : + +printf "%s\n" "#define HAVE_NFDS_T 1" >>confdefs.h + + +fi + + +# Decide which sandbox style to use +sandbox_arg="" + +# Check whether --with-sandbox was given. +if test ${with_sandbox+y} +then : + withval=$with_sandbox; + if test "x$withval" = "xyes" ; then + sandbox_arg="" + else + sandbox_arg="$withval" + fi + + +fi + + +if test "x$sandbox_arg" != "xno"; then +# POSIX specifies that poll() "shall fail with EINVAL if the nfds argument +# is greater than OPEN_MAX". On some platforms that includes implementions +# of select in userspace on top of poll() so check both work with rlimit +# NOFILES so check that both work before enabling the rlimit sandbox. + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if select and/or poll works with descriptor rlimit" >&5 +printf %s "checking if select and/or poll works with descriptor rlimit... " >&6; } + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming no" >&5 +printf "%s\n" "$as_me: WARNING: cross compiling: assuming no" >&2;} + select_works_with_rlimit=no + +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#ifdef HAVE_SYS_TIME_H +# include +#endif +#include +#ifdef HAVE_SYS_SELECT_H +# include +#endif +#ifdef HAVE_POLL_H +# include +#elif HAVE_SYS_POLL_H +# include +#endif +#include +#include +#include + +int +main (void) +{ + + struct rlimit rl_zero; + int fd, r; + fd_set fds; + struct timeval tv; +#ifdef HAVE_POLL + struct pollfd pfd; +#endif + + fd = open("/dev/null", O_RDONLY); + FD_ZERO(&fds); + FD_SET(fd, &fds); + rl_zero.rlim_cur = rl_zero.rlim_max = 0; + setrlimit(RLIMIT_FSIZE, &rl_zero); + setrlimit(RLIMIT_NOFILE, &rl_zero); + tv.tv_sec = 1; + tv.tv_usec = 0; + r = select(fd+1, &fds, NULL, NULL, &tv); + if (r == -1) + exit(1); +#ifdef HAVE_POLL + pfd.fd = fd; + pfd.events = POLLIN; + r = poll(&pfd, 1, 1); + if (r == -1) + exit(2); +#endif + exit(0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + select_works_with_rlimit=yes +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + select_works_with_rlimit=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if setrlimit(RLIMIT_NOFILE,{0,0}) works" >&5 +printf %s "checking if setrlimit(RLIMIT_NOFILE,{0,0}) works... " >&6; } + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5 +printf "%s\n" "$as_me: WARNING: cross compiling: assuming yes" >&2;} + rlimit_nofile_zero_works=yes + +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#ifdef HAVE_SYS_TIME_H +# include +#endif +#include +#include +#include + +int +main (void) +{ + + struct rlimit rl_zero; + int r; + + rl_zero.rlim_cur = rl_zero.rlim_max = 0; + r = setrlimit(RLIMIT_NOFILE, &rl_zero); + exit (r == -1 ? 1 : 0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + rlimit_nofile_zero_works=yes +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + rlimit_nofile_zero_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if setrlimit RLIMIT_FSIZE works" >&5 +printf %s "checking if setrlimit RLIMIT_FSIZE works... " >&6; } + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5 +printf "%s\n" "$as_me: WARNING: cross compiling: assuming yes" >&2;} + +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include + +int +main (void) +{ + + struct rlimit rl_zero; + + rl_zero.rlim_cur = rl_zero.rlim_max = 0; + exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +printf "%s\n" "#define SANDBOX_SKIP_RLIMIT_FSIZE 1" >>confdefs.h + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi + +if test "x$sandbox_arg" = "xpledge" || \ + ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then + test "x$ac_cv_func_pledge" != "xyes" && \ + as_fn_error $? "pledge sandbox requires pledge(2) support" "$LINENO" 5 + SANDBOX_STYLE="pledge" + +printf "%s\n" "#define SANDBOX_PLEDGE 1" >>confdefs.h + +elif test "x$sandbox_arg" = "xsystrace" || \ + ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then + test "x$have_systr_policy_kill" != "x1" && \ + as_fn_error $? "systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support" "$LINENO" 5 + SANDBOX_STYLE="systrace" + +printf "%s\n" "#define SANDBOX_SYSTRACE 1" >>confdefs.h + +elif test "x$sandbox_arg" = "xdarwin" || \ + ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ + test "x$ac_cv_header_sandbox_h" = "xyes") ; then + test "x$ac_cv_func_sandbox_init" != "xyes" -o \ + "x$ac_cv_header_sandbox_h" != "xyes" && \ + as_fn_error $? "Darwin seatbelt sandbox requires sandbox.h and sandbox_init function" "$LINENO" 5 + SANDBOX_STYLE="darwin" + +printf "%s\n" "#define SANDBOX_DARWIN 1" >>confdefs.h + +elif test "x$sandbox_arg" = "xseccomp_filter" || \ + ( test -z "$sandbox_arg" && \ + test "x$have_seccomp_filter" = "x1" && \ + test "x$ac_cv_header_elf_h" = "xyes" && \ + test "x$ac_cv_header_linux_audit_h" = "xyes" && \ + test "x$ac_cv_header_linux_filter_h" = "xyes" && \ + test "x$seccomp_audit_arch" != "x" && \ + test "x$have_linux_no_new_privs" = "x1" && \ + test "x$ac_cv_func_prctl" = "xyes" ) ; then + test "x$seccomp_audit_arch" = "x" && \ + as_fn_error $? "seccomp_filter sandbox not supported on $host" "$LINENO" 5 + test "x$have_linux_no_new_privs" != "x1" && \ + as_fn_error $? "seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS" "$LINENO" 5 + test "x$have_seccomp_filter" != "x1" && \ + as_fn_error $? "seccomp_filter sandbox requires seccomp headers" "$LINENO" 5 + test "x$ac_cv_func_prctl" != "xyes" && \ + as_fn_error $? "seccomp_filter sandbox requires prctl function" "$LINENO" 5 + SANDBOX_STYLE="seccomp_filter" + +printf "%s\n" "#define SANDBOX_SECCOMP_FILTER 1" >>confdefs.h + +elif test "x$sandbox_arg" = "xcapsicum" || \ + ( test -z "$sandbox_arg" && \ + test "x$disable_capsicum" != "xyes" && \ + test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ + test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then + test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ + as_fn_error $? "capsicum sandbox requires sys/capsicum.h header" "$LINENO" 5 + test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ + as_fn_error $? "capsicum sandbox requires cap_rights_limit function" "$LINENO" 5 + SANDBOX_STYLE="capsicum" + +printf "%s\n" "#define SANDBOX_CAPSICUM 1" >>confdefs.h + +elif test "x$sandbox_arg" = "xrlimit" || \ + ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ + test "x$select_works_with_rlimit" = "xyes" && \ + test "x$rlimit_nofile_zero_works" = "xyes" ) ; then + test "x$ac_cv_func_setrlimit" != "xyes" && \ + as_fn_error $? "rlimit sandbox requires setrlimit function" "$LINENO" 5 + test "x$select_works_with_rlimit" != "xyes" && \ + as_fn_error $? "rlimit sandbox requires select to work with rlimit" "$LINENO" 5 + SANDBOX_STYLE="rlimit" + +printf "%s\n" "#define SANDBOX_RLIMIT 1" >>confdefs.h + +elif test "x$sandbox_arg" = "xsolaris" || \ + ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then + SANDBOX_STYLE="solaris" + +printf "%s\n" "#define SANDBOX_SOLARIS 1" >>confdefs.h + +elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ + test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then + SANDBOX_STYLE="none" + +printf "%s\n" "#define SANDBOX_NULL 1" >>confdefs.h + +else + as_fn_error $? "unsupported --with-sandbox" "$LINENO" 5 +fi + +# Cheap hack to ensure NEWS-OS libraries are arranged right. +if test ! -z "$SONY" ; then + LIBS="$LIBS -liberty"; +fi + +# Check for long long datatypes +ac_fn_c_check_type "$LINENO" "long long" "ac_cv_type_long_long" "$ac_includes_default" +if test "x$ac_cv_type_long_long" = xyes +then : + +printf "%s\n" "#define HAVE_LONG_LONG 1" >>confdefs.h + + +fi +ac_fn_c_check_type "$LINENO" "unsigned long long" "ac_cv_type_unsigned_long_long" "$ac_includes_default" +if test "x$ac_cv_type_unsigned_long_long" = xyes +then : + +printf "%s\n" "#define HAVE_UNSIGNED_LONG_LONG 1" >>confdefs.h + + +fi +ac_fn_c_check_type "$LINENO" "long double" "ac_cv_type_long_double" "$ac_includes_default" +if test "x$ac_cv_type_long_double" = xyes +then : + +printf "%s\n" "#define HAVE_LONG_DOUBLE 1" >>confdefs.h + + +fi + + +# Check datatype sizes +# The cast to long int works around a bug in the HP C Compiler +# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects +# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. +# This bug is HP SR number 8606223364. +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of short int" >&5 +printf %s "checking size of short int... " >&6; } +if test ${ac_cv_sizeof_short_int+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (short int))" "ac_cv_sizeof_short_int" "$ac_includes_default" +then : + +else $as_nop + if test "$ac_cv_type_short_int" = yes; then + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot compute sizeof (short int) +See \`config.log' for more details" "$LINENO" 5; } + else + ac_cv_sizeof_short_int=0 + fi +fi + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_short_int" >&5 +printf "%s\n" "$ac_cv_sizeof_short_int" >&6; } + + + +printf "%s\n" "#define SIZEOF_SHORT_INT $ac_cv_sizeof_short_int" >>confdefs.h + + +# The cast to long int works around a bug in the HP C Compiler +# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects +# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. +# This bug is HP SR number 8606223364. +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of int" >&5 +printf %s "checking size of int... " >&6; } +if test ${ac_cv_sizeof_int+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (int))" "ac_cv_sizeof_int" "$ac_includes_default" +then : + +else $as_nop + if test "$ac_cv_type_int" = yes; then + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot compute sizeof (int) +See \`config.log' for more details" "$LINENO" 5; } + else + ac_cv_sizeof_int=0 + fi +fi + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_int" >&5 +printf "%s\n" "$ac_cv_sizeof_int" >&6; } + + + +printf "%s\n" "#define SIZEOF_INT $ac_cv_sizeof_int" >>confdefs.h + + +# The cast to long int works around a bug in the HP C Compiler +# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects +# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. +# This bug is HP SR number 8606223364. +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of long int" >&5 +printf %s "checking size of long int... " >&6; } +if test ${ac_cv_sizeof_long_int+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long int))" "ac_cv_sizeof_long_int" "$ac_includes_default" +then : + +else $as_nop + if test "$ac_cv_type_long_int" = yes; then + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot compute sizeof (long int) +See \`config.log' for more details" "$LINENO" 5; } + else + ac_cv_sizeof_long_int=0 + fi +fi + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long_int" >&5 +printf "%s\n" "$ac_cv_sizeof_long_int" >&6; } + + + +printf "%s\n" "#define SIZEOF_LONG_INT $ac_cv_sizeof_long_int" >>confdefs.h + + +# The cast to long int works around a bug in the HP C Compiler +# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects +# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. +# This bug is HP SR number 8606223364. +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of long long int" >&5 +printf %s "checking size of long long int... " >&6; } +if test ${ac_cv_sizeof_long_long_int+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long long int))" "ac_cv_sizeof_long_long_int" "$ac_includes_default" +then : + +else $as_nop + if test "$ac_cv_type_long_long_int" = yes; then + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot compute sizeof (long long int) +See \`config.log' for more details" "$LINENO" 5; } + else + ac_cv_sizeof_long_long_int=0 + fi +fi + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long_long_int" >&5 +printf "%s\n" "$ac_cv_sizeof_long_long_int" >&6; } + + + +printf "%s\n" "#define SIZEOF_LONG_LONG_INT $ac_cv_sizeof_long_long_int" >>confdefs.h + + +# The cast to long int works around a bug in the HP C Compiler +# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects +# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. +# This bug is HP SR number 8606223364. +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of time_t" >&5 +printf %s "checking size of time_t... " >&6; } +if test ${ac_cv_sizeof_time_t+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (time_t))" "ac_cv_sizeof_time_t" " + #include + #ifdef HAVE_SYS_TIME_H + # include + #endif + #ifdef HAVE_TIME_H + # include + #endif + + +" +then : + +else $as_nop + if test "$ac_cv_type_time_t" = yes; then + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot compute sizeof (time_t) +See \`config.log' for more details" "$LINENO" 5; } + else + ac_cv_sizeof_time_t=0 + fi +fi + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_time_t" >&5 +printf "%s\n" "$ac_cv_sizeof_time_t" >&6; } + + + +printf "%s\n" "#define SIZEOF_TIME_T $ac_cv_sizeof_time_t" >>confdefs.h + + + +# Sanity check long long for some platforms (AIX) +if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then + ac_cv_sizeof_long_long_int=0 +fi + +# compute LLONG_MIN and LLONG_MAX if we don't know them. +if test -z "$have_llong_max" && test -z "$have_long_long_max"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for max value of long long" >&5 +printf %s "checking for max value of long long... " >&6; } + if test "$cross_compiling" = yes +then : + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5 +printf "%s\n" "$as_me: WARNING: cross compiling: not checking" >&2;} + + +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +/* Why is this so damn hard? */ +#ifdef __GNUC__ +# undef __GNUC__ +#endif +#define __USE_ISOC99 +#include +#define DATA "conftest.llminmax" +#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) + +/* + * printf in libc on some platforms (eg old Tru64) does not understand %lld so + * we do this the hard way. + */ +static int +fprint_ll(FILE *f, long long n) +{ + unsigned int i; + int l[sizeof(long long) * 8]; + + if (n < 0) + if (fprintf(f, "-") < 0) + return -1; + for (i = 0; n != 0; i++) { + l[i] = my_abs(n % 10); + n /= 10; + } + do { + if (fprintf(f, "%d", l[--i]) < 0) + return -1; + } while (i != 0); + if (fprintf(f, " ") < 0) + return -1; + return 0; +} + +int +main (void) +{ + + FILE *f; + long long i, llmin, llmax = 0; + + if((f = fopen(DATA,"w")) == NULL) + exit(1); + +#if defined(LLONG_MIN) && defined(LLONG_MAX) + fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); + llmin = LLONG_MIN; + llmax = LLONG_MAX; +#else + fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); + /* This will work on one's complement and two's complement */ + for (i = 1; i > llmax; i <<= 1, i++) + llmax = i; + llmin = llmax + 1LL; /* wrap */ +#endif + + /* Sanity check */ + if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax + || llmax - 1 > llmax || llmin == llmax || llmin == 0 + || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { + fprintf(f, "unknown unknown\n"); + exit(2); + } + + if (fprint_ll(f, llmin) < 0) + exit(3); + if (fprint_ll(f, llmax) < 0) + exit(4); + if (fclose(f) < 0) + exit(5); + exit(0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + + llong_min=`$AWK '{print $1}' conftest.llminmax` + llong_max=`$AWK '{print $2}' conftest.llminmax` + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $llong_max" >&5 +printf "%s\n" "$llong_max" >&6; } + +printf "%s\n" "#define LLONG_MAX ${llong_max}LL" >>confdefs.h + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for min value of long long" >&5 +printf %s "checking for min value of long long... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $llong_min" >&5 +printf "%s\n" "$llong_min" >&6; } + +printf "%s\n" "#define LLONG_MIN ${llong_min}LL" >>confdefs.h + + +else $as_nop + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: not found" >&5 +printf "%s\n" "not found" >&6; } + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi + +ac_fn_check_decl "$LINENO" "UINT32_MAX" "ac_cv_have_decl_UINT32_MAX" " +#ifdef HAVE_SYS_LIMITS_H +# include +#endif +#ifdef HAVE_LIMITS_H +# include +#endif +#ifdef HAVE_STDINT_H +# include +#endif + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_UINT32_MAX" = xyes +then : + ac_have_decl=1 +else $as_nop + ac_have_decl=0 +fi +printf "%s\n" "#define HAVE_DECL_UINT32_MAX $ac_have_decl" >>confdefs.h + + +# More checks for data types +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for u_int type" >&5 +printf %s "checking for u_int type... " >&6; } +if test ${ac_cv_have_u_int+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main (void) +{ + u_int a; a = 1; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_have_u_int="yes" +else $as_nop + ac_cv_have_u_int="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_u_int" >&5 +printf "%s\n" "$ac_cv_have_u_int" >&6; } +if test "x$ac_cv_have_u_int" = "xyes" ; then + +printf "%s\n" "#define HAVE_U_INT 1" >>confdefs.h + + have_u_int=1 +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for intXX_t types" >&5 +printf %s "checking for intXX_t types... " >&6; } +if test ${ac_cv_have_intxx_t+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main (void) +{ + int8_t a; int16_t b; int32_t c; a = b = c = 1; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_have_intxx_t="yes" +else $as_nop + ac_cv_have_intxx_t="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_intxx_t" >&5 +printf "%s\n" "$ac_cv_have_intxx_t" >&6; } +if test "x$ac_cv_have_intxx_t" = "xyes" ; then + +printf "%s\n" "#define HAVE_INTXX_T 1" >>confdefs.h + + have_intxx_t=1 +fi + +if (test -z "$have_intxx_t" && \ + test "x$ac_cv_header_stdint_h" = "xyes") +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for intXX_t types in stdint.h" >&5 +printf %s "checking for intXX_t types in stdint.h... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main (void) +{ + int8_t a; int16_t b; int32_t c; a = b = c = 1; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + + printf "%s\n" "#define HAVE_INTXX_T 1" >>confdefs.h + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for int64_t type" >&5 +printf %s "checking for int64_t type... " >&6; } +if test ${ac_cv_have_int64_t+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#ifdef HAVE_STDINT_H +# include +#endif +#include +#ifdef HAVE_SYS_BITYPES_H +# include +#endif + +int +main (void) +{ + +int64_t a; a = 1; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_have_int64_t="yes" +else $as_nop + ac_cv_have_int64_t="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_int64_t" >&5 +printf "%s\n" "$ac_cv_have_int64_t" >&6; } +if test "x$ac_cv_have_int64_t" = "xyes" ; then + +printf "%s\n" "#define HAVE_INT64_T 1" >>confdefs.h + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for u_intXX_t types" >&5 +printf %s "checking for u_intXX_t types... " >&6; } +if test ${ac_cv_have_u_intxx_t+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main (void) +{ + u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_have_u_intxx_t="yes" +else $as_nop + ac_cv_have_u_intxx_t="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_u_intxx_t" >&5 +printf "%s\n" "$ac_cv_have_u_intxx_t" >&6; } +if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then + +printf "%s\n" "#define HAVE_U_INTXX_T 1" >>confdefs.h + + have_u_intxx_t=1 +fi + +if test -z "$have_u_intxx_t" ; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for u_intXX_t types in sys/socket.h" >&5 +printf %s "checking for u_intXX_t types in sys/socket.h... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main (void) +{ + u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + + printf "%s\n" "#define HAVE_U_INTXX_T 1" >>confdefs.h + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for u_int64_t types" >&5 +printf %s "checking for u_int64_t types... " >&6; } +if test ${ac_cv_have_u_int64_t+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main (void) +{ + u_int64_t a; a = 1; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_have_u_int64_t="yes" +else $as_nop + ac_cv_have_u_int64_t="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_u_int64_t" >&5 +printf "%s\n" "$ac_cv_have_u_int64_t" >&6; } +if test "x$ac_cv_have_u_int64_t" = "xyes" ; then + +printf "%s\n" "#define HAVE_U_INT64_T 1" >>confdefs.h + + have_u_int64_t=1 +fi + +if (test -z "$have_u_int64_t" && \ + test "x$ac_cv_header_sys_bitypes_h" = "xyes") +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for u_int64_t type in sys/bitypes.h" >&5 +printf %s "checking for u_int64_t type in sys/bitypes.h... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main (void) +{ + u_int64_t a; a = 1 + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + + printf "%s\n" "#define HAVE_U_INT64_T 1" >>confdefs.h + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +if test -z "$have_u_intxx_t" ; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for uintXX_t types" >&5 +printf %s "checking for uintXX_t types... " >&6; } +if test ${ac_cv_have_uintxx_t+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include + +int +main (void) +{ + + uint8_t a; + uint16_t b; + uint32_t c; + a = b = c = 1; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_have_uintxx_t="yes" +else $as_nop + ac_cv_have_uintxx_t="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_uintxx_t" >&5 +printf "%s\n" "$ac_cv_have_uintxx_t" >&6; } + if test "x$ac_cv_have_uintxx_t" = "xyes" ; then + +printf "%s\n" "#define HAVE_UINTXX_T 1" >>confdefs.h + + fi +fi + +if (test -z "$have_uintxx_t" && \ + test "x$ac_cv_header_stdint_h" = "xyes") +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for uintXX_t types in stdint.h" >&5 +printf %s "checking for uintXX_t types in stdint.h... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main (void) +{ + uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + + printf "%s\n" "#define HAVE_UINTXX_T 1" >>confdefs.h + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +if (test -z "$have_uintxx_t" && \ + test "x$ac_cv_header_inttypes_h" = "xyes") +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for uintXX_t types in inttypes.h" >&5 +printf %s "checking for uintXX_t types in inttypes.h... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main (void) +{ + uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + + printf "%s\n" "#define HAVE_UINTXX_T 1" >>confdefs.h + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ + test "x$ac_cv_header_sys_bitypes_h" = "xyes") +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for intXX_t and u_intXX_t types in sys/bitypes.h" >&5 +printf %s "checking for intXX_t and u_intXX_t types in sys/bitypes.h... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include + +int +main (void) +{ + + int8_t a; int16_t b; int32_t c; + u_int8_t e; u_int16_t f; u_int32_t g; + a = b = c = e = f = g = 1; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + + printf "%s\n" "#define HAVE_U_INTXX_T 1" >>confdefs.h + + printf "%s\n" "#define HAVE_INTXX_T 1" >>confdefs.h + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for u_char" >&5 +printf %s "checking for u_char... " >&6; } +if test ${ac_cv_have_u_char+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main (void) +{ + u_char foo; foo = 125; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_have_u_char="yes" +else $as_nop + ac_cv_have_u_char="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_u_char" >&5 +printf "%s\n" "$ac_cv_have_u_char" >&6; } +if test "x$ac_cv_have_u_char" = "xyes" ; then + +printf "%s\n" "#define HAVE_U_CHAR 1" >>confdefs.h + +fi + +ac_fn_c_check_type "$LINENO" "intmax_t" "ac_cv_type_intmax_t" " +#include +#ifdef HAVE_STDINT_H +# include +#endif + +" +if test "x$ac_cv_type_intmax_t" = xyes +then : + +printf "%s\n" "#define HAVE_INTMAX_T 1" >>confdefs.h + + +fi +ac_fn_c_check_type "$LINENO" "uintmax_t" "ac_cv_type_uintmax_t" " +#include +#ifdef HAVE_STDINT_H +# include +#endif + +" +if test "x$ac_cv_type_uintmax_t" = xyes +then : + +printf "%s\n" "#define HAVE_UINTMAX_T 1" >>confdefs.h + + +fi + + + + ac_fn_c_check_type "$LINENO" "socklen_t" "ac_cv_type_socklen_t" "#include +#include +" +if test "x$ac_cv_type_socklen_t" = xyes +then : + +else $as_nop + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for socklen_t equivalent" >&5 +printf %s "checking for socklen_t equivalent... " >&6; } + if test ${curl_cv_socklen_t_equiv+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + # Systems have either "struct sockaddr *" or + # "void *" as the second argument to getpeername + curl_cv_socklen_t_equiv= + for arg2 in "struct sockaddr" void; do + for t in int size_t unsigned long "unsigned long"; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + + #include + #include + int getpeername (int, $arg2 *, $t *); + +int +main (void) +{ + + $t len; + getpeername(0,0,&len); + + ; + return 0; +} + +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + + curl_cv_socklen_t_equiv="$t" + break + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + done + done + + if test "x$curl_cv_socklen_t_equiv" = x; then + as_fn_error $? "Cannot find a type to use in place of socklen_t" "$LINENO" 5 + fi + +fi + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $curl_cv_socklen_t_equiv" >&5 +printf "%s\n" "$curl_cv_socklen_t_equiv" >&6; } + +printf "%s\n" "#define socklen_t $curl_cv_socklen_t_equiv" >>confdefs.h + +fi + + + +ac_fn_c_check_type "$LINENO" "sig_atomic_t" "ac_cv_type_sig_atomic_t" "#include +" +if test "x$ac_cv_type_sig_atomic_t" = xyes +then : + +printf "%s\n" "#define HAVE_SIG_ATOMIC_T 1" >>confdefs.h + + +fi +ac_fn_c_check_type "$LINENO" "sighandler_t" "ac_cv_type_sighandler_t" "#include +" +if test "x$ac_cv_type_sighandler_t" = xyes +then : + +printf "%s\n" "#define HAVE_SIGHANDLER_T 1" >>confdefs.h + + +fi + +ac_fn_c_check_type "$LINENO" "fsblkcnt_t" "ac_cv_type_fsblkcnt_t" " +#include +#ifdef HAVE_SYS_BITYPES_H +#include +#endif +#ifdef HAVE_SYS_STATFS_H +#include +#endif +#ifdef HAVE_SYS_STATVFS_H +#include +#endif + +" +if test "x$ac_cv_type_fsblkcnt_t" = xyes +then : + +printf "%s\n" "#define HAVE_FSBLKCNT_T 1" >>confdefs.h + + +fi +ac_fn_c_check_type "$LINENO" "fsfilcnt_t" "ac_cv_type_fsfilcnt_t" " +#include +#ifdef HAVE_SYS_BITYPES_H +#include +#endif +#ifdef HAVE_SYS_STATFS_H +#include +#endif +#ifdef HAVE_SYS_STATVFS_H +#include +#endif + +" +if test "x$ac_cv_type_fsfilcnt_t" = xyes +then : + +printf "%s\n" "#define HAVE_FSFILCNT_T 1" >>confdefs.h + + +fi + + +ac_fn_c_check_member "$LINENO" "struct statfs" "f_files" "ac_cv_member_struct_statfs_f_files" " +#include +#include +#ifdef HAVE_SYS_BITYPES_H +#include +#endif +#ifdef HAVE_SYS_STATFS_H +#include +#endif +#ifdef HAVE_SYS_STATVFS_H +#include +#endif +#ifdef HAVE_SYS_VFS_H +#include +#endif +#ifdef HAVE_SYS_MOUNT_H +#include +#endif + +" +if test "x$ac_cv_member_struct_statfs_f_files" = xyes +then : + +printf "%s\n" "#define HAVE_STRUCT_STATFS_F_FILES 1" >>confdefs.h + + +fi +ac_fn_c_check_member "$LINENO" "struct statfs" "f_flags" "ac_cv_member_struct_statfs_f_flags" " +#include +#include +#ifdef HAVE_SYS_BITYPES_H +#include +#endif +#ifdef HAVE_SYS_STATFS_H +#include +#endif +#ifdef HAVE_SYS_STATVFS_H +#include +#endif +#ifdef HAVE_SYS_VFS_H +#include +#endif +#ifdef HAVE_SYS_MOUNT_H +#include +#endif + +" +if test "x$ac_cv_member_struct_statfs_f_flags" = xyes +then : + +printf "%s\n" "#define HAVE_STRUCT_STATFS_F_FLAGS 1" >>confdefs.h + + +fi + + + +ac_fn_c_check_type "$LINENO" "in_addr_t" "ac_cv_type_in_addr_t" "#include +#include +" +if test "x$ac_cv_type_in_addr_t" = xyes +then : + +printf "%s\n" "#define HAVE_IN_ADDR_T 1" >>confdefs.h + + +fi +ac_fn_c_check_type "$LINENO" "in_port_t" "ac_cv_type_in_port_t" "#include +#include +" +if test "x$ac_cv_type_in_port_t" = xyes +then : + +printf "%s\n" "#define HAVE_IN_PORT_T 1" >>confdefs.h + + +fi + + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for size_t" >&5 +printf %s "checking for size_t... " >&6; } +if test ${ac_cv_have_size_t+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main (void) +{ + size_t foo; foo = 1235; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_have_size_t="yes" +else $as_nop + ac_cv_have_size_t="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_size_t" >&5 +printf "%s\n" "$ac_cv_have_size_t" >&6; } +if test "x$ac_cv_have_size_t" = "xyes" ; then + +printf "%s\n" "#define HAVE_SIZE_T 1" >>confdefs.h + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ssize_t" >&5 +printf %s "checking for ssize_t... " >&6; } +if test ${ac_cv_have_ssize_t+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main (void) +{ + ssize_t foo; foo = 1235; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_have_ssize_t="yes" +else $as_nop + ac_cv_have_ssize_t="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_ssize_t" >&5 +printf "%s\n" "$ac_cv_have_ssize_t" >&6; } +if test "x$ac_cv_have_ssize_t" = "xyes" ; then + +printf "%s\n" "#define HAVE_SSIZE_T 1" >>confdefs.h + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for clock_t" >&5 +printf %s "checking for clock_t... " >&6; } +if test ${ac_cv_have_clock_t+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main (void) +{ + clock_t foo; foo = 1235; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_have_clock_t="yes" +else $as_nop + ac_cv_have_clock_t="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_clock_t" >&5 +printf "%s\n" "$ac_cv_have_clock_t" >&6; } +if test "x$ac_cv_have_clock_t" = "xyes" ; then + +printf "%s\n" "#define HAVE_CLOCK_T 1" >>confdefs.h + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for sa_family_t" >&5 +printf %s "checking for sa_family_t... " >&6; } +if test ${ac_cv_have_sa_family_t+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +int +main (void) +{ + sa_family_t foo; foo = 1235; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_have_sa_family_t="yes" +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include + +int +main (void) +{ + sa_family_t foo; foo = 1235; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_have_sa_family_t="yes" +else $as_nop + ac_cv_have_sa_family_t="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_sa_family_t" >&5 +printf "%s\n" "$ac_cv_have_sa_family_t" >&6; } +if test "x$ac_cv_have_sa_family_t" = "xyes" ; then + +printf "%s\n" "#define HAVE_SA_FAMILY_T 1" >>confdefs.h + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for pid_t" >&5 +printf %s "checking for pid_t... " >&6; } +if test ${ac_cv_have_pid_t+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main (void) +{ + pid_t foo; foo = 1235; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_have_pid_t="yes" +else $as_nop + ac_cv_have_pid_t="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_pid_t" >&5 +printf "%s\n" "$ac_cv_have_pid_t" >&6; } +if test "x$ac_cv_have_pid_t" = "xyes" ; then + +printf "%s\n" "#define HAVE_PID_T 1" >>confdefs.h + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for mode_t" >&5 +printf %s "checking for mode_t... " >&6; } +if test ${ac_cv_have_mode_t+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main (void) +{ + mode_t foo; foo = 1235; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_have_mode_t="yes" +else $as_nop + ac_cv_have_mode_t="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_mode_t" >&5 +printf "%s\n" "$ac_cv_have_mode_t" >&6; } +if test "x$ac_cv_have_mode_t" = "xyes" ; then + +printf "%s\n" "#define HAVE_MODE_T 1" >>confdefs.h + +fi + + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for struct sockaddr_storage" >&5 +printf %s "checking for struct sockaddr_storage... " >&6; } +if test ${ac_cv_have_struct_sockaddr_storage+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +int +main (void) +{ + struct sockaddr_storage s; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_have_struct_sockaddr_storage="yes" +else $as_nop + ac_cv_have_struct_sockaddr_storage="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_sockaddr_storage" >&5 +printf "%s\n" "$ac_cv_have_struct_sockaddr_storage" >&6; } +if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then + +printf "%s\n" "#define HAVE_STRUCT_SOCKADDR_STORAGE 1" >>confdefs.h + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for struct sockaddr_in6" >&5 +printf %s "checking for struct sockaddr_in6... " >&6; } +if test ${ac_cv_have_struct_sockaddr_in6+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +int +main (void) +{ + struct sockaddr_in6 s; s.sin6_family = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_have_struct_sockaddr_in6="yes" +else $as_nop + ac_cv_have_struct_sockaddr_in6="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_sockaddr_in6" >&5 +printf "%s\n" "$ac_cv_have_struct_sockaddr_in6" >&6; } +if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then + +printf "%s\n" "#define HAVE_STRUCT_SOCKADDR_IN6 1" >>confdefs.h + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for struct in6_addr" >&5 +printf %s "checking for struct in6_addr... " >&6; } +if test ${ac_cv_have_struct_in6_addr+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +int +main (void) +{ + struct in6_addr s; s.s6_addr[0] = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_have_struct_in6_addr="yes" +else $as_nop + ac_cv_have_struct_in6_addr="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_in6_addr" >&5 +printf "%s\n" "$ac_cv_have_struct_in6_addr" >&6; } +if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then + +printf "%s\n" "#define HAVE_STRUCT_IN6_ADDR 1" >>confdefs.h + + + ac_fn_c_check_member "$LINENO" "struct sockaddr_in6" "sin6_scope_id" "ac_cv_member_struct_sockaddr_in6_sin6_scope_id" " +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#include + +" +if test "x$ac_cv_member_struct_sockaddr_in6_sin6_scope_id" = xyes +then : + +printf "%s\n" "#define HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID 1" >>confdefs.h + + +fi + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for struct addrinfo" >&5 +printf %s "checking for struct addrinfo... " >&6; } +if test ${ac_cv_have_struct_addrinfo+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include + +int +main (void) +{ + struct addrinfo s; s.ai_flags = AI_PASSIVE; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_have_struct_addrinfo="yes" +else $as_nop + ac_cv_have_struct_addrinfo="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_addrinfo" >&5 +printf "%s\n" "$ac_cv_have_struct_addrinfo" >&6; } +if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then + +printf "%s\n" "#define HAVE_STRUCT_ADDRINFO 1" >>confdefs.h + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for struct timeval" >&5 +printf %s "checking for struct timeval... " >&6; } +if test ${ac_cv_have_struct_timeval+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main (void) +{ + struct timeval tv; tv.tv_sec = 1; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_have_struct_timeval="yes" +else $as_nop + ac_cv_have_struct_timeval="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_timeval" >&5 +printf "%s\n" "$ac_cv_have_struct_timeval" >&6; } +if test "x$ac_cv_have_struct_timeval" = "xyes" ; then + +printf "%s\n" "#define HAVE_STRUCT_TIMEVAL 1" >>confdefs.h + + have_struct_timeval=1 +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for struct timespec" >&5 +printf %s "checking for struct timespec... " >&6; } +if test ${ac_cv_have_struct_timespec+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #ifdef HAVE_SYS_TIME_H + # include + #endif + #ifdef HAVE_TIME_H + # include + #endif + +int +main (void) +{ + struct timespec ts; ts.tv_sec = 1; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_have_struct_timespec="yes" +else $as_nop + ac_cv_have_struct_timespec="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_timespec" >&5 +printf "%s\n" "$ac_cv_have_struct_timespec" >&6; } +if test "x$ac_cv_have_struct_timespec" = "xyes" ; then + +printf "%s\n" "#define HAVE_STRUCT_TIMESPEC 1" >>confdefs.h + + have_struct_timespec=1 +fi + +# We need int64_t or else certain parts of the compile will fail. +if test "x$ac_cv_have_int64_t" = "xno" && \ + test "x$ac_cv_sizeof_long_int" != "x8" && \ + test "x$ac_cv_sizeof_long_long_int" = "x0" ; then + echo "OpenSSH requires int64_t support. Contact your vendor or install" + echo "an alternative compiler (I.E., GCC) before continuing." + echo "" + exit 1; +else + if test "$cross_compiling" = yes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Assuming working snprintf()" >&5 +printf "%s\n" "$as_me: WARNING: cross compiling: Assuming working snprintf()" >&2;} + +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#ifdef HAVE_SNPRINTF +int main(void) +{ + char buf[50]; + char expected_out[50]; + int mazsize = 50 ; +#if (SIZEOF_LONG_INT == 8) + long int num = 0x7fffffffffffffff; +#else + long long num = 0x7fffffffffffffffll; +#endif + strcpy(expected_out, "9223372036854775807"); + snprintf(buf, mazsize, "%lld", num); + if(strcmp(buf, expected_out) != 0) + exit(1); + exit(0); +} +#else +int main(void) { exit(0); } +#endif + +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + true +else $as_nop + printf "%s\n" "#define BROKEN_SNPRINTF 1" >>confdefs.h + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi + + +# look for field 'ut_host' in header 'utmp.h' + ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` + ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ut_host field in utmp.h" >&5 +printf %s "checking for ut_host field in utmp.h... " >&6; } + if eval test \${$ossh_varname+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "ut_host" >/dev/null 2>&1 +then : + eval "$ossh_varname=yes" +else $as_nop + eval "$ossh_varname=no" +fi +rm -rf conftest* + +fi + + ossh_result=`eval 'echo $'"$ossh_varname"` + if test -n "`echo $ossh_varname`"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 +printf "%s\n" "$ossh_result" >&6; } + if test "x$ossh_result" = "xyes"; then + +printf "%s\n" "#define HAVE_HOST_IN_UTMP 1" >>confdefs.h + + fi + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + fi + + +# look for field 'ut_host' in header 'utmpx.h' + ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` + ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ut_host field in utmpx.h" >&5 +printf %s "checking for ut_host field in utmpx.h... " >&6; } + if eval test \${$ossh_varname+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "ut_host" >/dev/null 2>&1 +then : + eval "$ossh_varname=yes" +else $as_nop + eval "$ossh_varname=no" +fi +rm -rf conftest* + +fi + + ossh_result=`eval 'echo $'"$ossh_varname"` + if test -n "`echo $ossh_varname`"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 +printf "%s\n" "$ossh_result" >&6; } + if test "x$ossh_result" = "xyes"; then + +printf "%s\n" "#define HAVE_HOST_IN_UTMPX 1" >>confdefs.h + + fi + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + fi + + +# look for field 'syslen' in header 'utmpx.h' + ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` + ossh_varname="ossh_cv_$ossh_safe""_has_"syslen + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for syslen field in utmpx.h" >&5 +printf %s "checking for syslen field in utmpx.h... " >&6; } + if eval test \${$ossh_varname+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "syslen" >/dev/null 2>&1 +then : + eval "$ossh_varname=yes" +else $as_nop + eval "$ossh_varname=no" +fi +rm -rf conftest* + +fi + + ossh_result=`eval 'echo $'"$ossh_varname"` + if test -n "`echo $ossh_varname`"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 +printf "%s\n" "$ossh_result" >&6; } + if test "x$ossh_result" = "xyes"; then + +printf "%s\n" "#define HAVE_SYSLEN_IN_UTMPX 1" >>confdefs.h + + fi + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + fi + + +# look for field 'ut_pid' in header 'utmp.h' + ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` + ossh_varname="ossh_cv_$ossh_safe""_has_"ut_pid + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ut_pid field in utmp.h" >&5 +printf %s "checking for ut_pid field in utmp.h... " >&6; } + if eval test \${$ossh_varname+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "ut_pid" >/dev/null 2>&1 +then : + eval "$ossh_varname=yes" +else $as_nop + eval "$ossh_varname=no" +fi +rm -rf conftest* + +fi + + ossh_result=`eval 'echo $'"$ossh_varname"` + if test -n "`echo $ossh_varname`"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 +printf "%s\n" "$ossh_result" >&6; } + if test "x$ossh_result" = "xyes"; then + +printf "%s\n" "#define HAVE_PID_IN_UTMP 1" >>confdefs.h + + fi + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + fi + + +# look for field 'ut_type' in header 'utmp.h' + ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` + ossh_varname="ossh_cv_$ossh_safe""_has_"ut_type + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ut_type field in utmp.h" >&5 +printf %s "checking for ut_type field in utmp.h... " >&6; } + if eval test \${$ossh_varname+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "ut_type" >/dev/null 2>&1 +then : + eval "$ossh_varname=yes" +else $as_nop + eval "$ossh_varname=no" +fi +rm -rf conftest* + +fi + + ossh_result=`eval 'echo $'"$ossh_varname"` + if test -n "`echo $ossh_varname`"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 +printf "%s\n" "$ossh_result" >&6; } + if test "x$ossh_result" = "xyes"; then + +printf "%s\n" "#define HAVE_TYPE_IN_UTMP 1" >>confdefs.h + + fi + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + fi + + +# look for field 'ut_type' in header 'utmpx.h' + ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` + ossh_varname="ossh_cv_$ossh_safe""_has_"ut_type + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ut_type field in utmpx.h" >&5 +printf %s "checking for ut_type field in utmpx.h... " >&6; } + if eval test \${$ossh_varname+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "ut_type" >/dev/null 2>&1 +then : + eval "$ossh_varname=yes" +else $as_nop + eval "$ossh_varname=no" +fi +rm -rf conftest* + +fi + + ossh_result=`eval 'echo $'"$ossh_varname"` + if test -n "`echo $ossh_varname`"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 +printf "%s\n" "$ossh_result" >&6; } + if test "x$ossh_result" = "xyes"; then + +printf "%s\n" "#define HAVE_TYPE_IN_UTMPX 1" >>confdefs.h + + fi + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + fi + + +# look for field 'ut_tv' in header 'utmp.h' + ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` + ossh_varname="ossh_cv_$ossh_safe""_has_"ut_tv + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ut_tv field in utmp.h" >&5 +printf %s "checking for ut_tv field in utmp.h... " >&6; } + if eval test \${$ossh_varname+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "ut_tv" >/dev/null 2>&1 +then : + eval "$ossh_varname=yes" +else $as_nop + eval "$ossh_varname=no" +fi +rm -rf conftest* + +fi + + ossh_result=`eval 'echo $'"$ossh_varname"` + if test -n "`echo $ossh_varname`"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 +printf "%s\n" "$ossh_result" >&6; } + if test "x$ossh_result" = "xyes"; then + +printf "%s\n" "#define HAVE_TV_IN_UTMP 1" >>confdefs.h + + fi + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + fi + + +# look for field 'ut_id' in header 'utmp.h' + ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` + ossh_varname="ossh_cv_$ossh_safe""_has_"ut_id + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ut_id field in utmp.h" >&5 +printf %s "checking for ut_id field in utmp.h... " >&6; } + if eval test \${$ossh_varname+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "ut_id" >/dev/null 2>&1 +then : + eval "$ossh_varname=yes" +else $as_nop + eval "$ossh_varname=no" +fi +rm -rf conftest* + +fi + + ossh_result=`eval 'echo $'"$ossh_varname"` + if test -n "`echo $ossh_varname`"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 +printf "%s\n" "$ossh_result" >&6; } + if test "x$ossh_result" = "xyes"; then + +printf "%s\n" "#define HAVE_ID_IN_UTMP 1" >>confdefs.h + + fi + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + fi + + +# look for field 'ut_id' in header 'utmpx.h' + ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` + ossh_varname="ossh_cv_$ossh_safe""_has_"ut_id + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ut_id field in utmpx.h" >&5 +printf %s "checking for ut_id field in utmpx.h... " >&6; } + if eval test \${$ossh_varname+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "ut_id" >/dev/null 2>&1 +then : + eval "$ossh_varname=yes" +else $as_nop + eval "$ossh_varname=no" +fi +rm -rf conftest* + +fi + + ossh_result=`eval 'echo $'"$ossh_varname"` + if test -n "`echo $ossh_varname`"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 +printf "%s\n" "$ossh_result" >&6; } + if test "x$ossh_result" = "xyes"; then + +printf "%s\n" "#define HAVE_ID_IN_UTMPX 1" >>confdefs.h + + fi + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + fi + + +# look for field 'ut_addr' in header 'utmp.h' + ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` + ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ut_addr field in utmp.h" >&5 +printf %s "checking for ut_addr field in utmp.h... " >&6; } + if eval test \${$ossh_varname+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "ut_addr" >/dev/null 2>&1 +then : + eval "$ossh_varname=yes" +else $as_nop + eval "$ossh_varname=no" +fi +rm -rf conftest* + +fi + + ossh_result=`eval 'echo $'"$ossh_varname"` + if test -n "`echo $ossh_varname`"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 +printf "%s\n" "$ossh_result" >&6; } + if test "x$ossh_result" = "xyes"; then + +printf "%s\n" "#define HAVE_ADDR_IN_UTMP 1" >>confdefs.h + + fi + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + fi + + +# look for field 'ut_addr' in header 'utmpx.h' + ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` + ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ut_addr field in utmpx.h" >&5 +printf %s "checking for ut_addr field in utmpx.h... " >&6; } + if eval test \${$ossh_varname+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "ut_addr" >/dev/null 2>&1 +then : + eval "$ossh_varname=yes" +else $as_nop + eval "$ossh_varname=no" +fi +rm -rf conftest* + +fi + + ossh_result=`eval 'echo $'"$ossh_varname"` + if test -n "`echo $ossh_varname`"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 +printf "%s\n" "$ossh_result" >&6; } + if test "x$ossh_result" = "xyes"; then + +printf "%s\n" "#define HAVE_ADDR_IN_UTMPX 1" >>confdefs.h + + fi + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + fi + + +# look for field 'ut_addr_v6' in header 'utmp.h' + ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` + ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr_v6 + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ut_addr_v6 field in utmp.h" >&5 +printf %s "checking for ut_addr_v6 field in utmp.h... " >&6; } + if eval test \${$ossh_varname+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "ut_addr_v6" >/dev/null 2>&1 +then : + eval "$ossh_varname=yes" +else $as_nop + eval "$ossh_varname=no" +fi +rm -rf conftest* + +fi + + ossh_result=`eval 'echo $'"$ossh_varname"` + if test -n "`echo $ossh_varname`"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 +printf "%s\n" "$ossh_result" >&6; } + if test "x$ossh_result" = "xyes"; then + +printf "%s\n" "#define HAVE_ADDR_V6_IN_UTMP 1" >>confdefs.h + + fi + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + fi + + +# look for field 'ut_addr_v6' in header 'utmpx.h' + ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` + ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr_v6 + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ut_addr_v6 field in utmpx.h" >&5 +printf %s "checking for ut_addr_v6 field in utmpx.h... " >&6; } + if eval test \${$ossh_varname+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "ut_addr_v6" >/dev/null 2>&1 +then : + eval "$ossh_varname=yes" +else $as_nop + eval "$ossh_varname=no" +fi +rm -rf conftest* + +fi + + ossh_result=`eval 'echo $'"$ossh_varname"` + if test -n "`echo $ossh_varname`"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 +printf "%s\n" "$ossh_result" >&6; } + if test "x$ossh_result" = "xyes"; then + +printf "%s\n" "#define HAVE_ADDR_V6_IN_UTMPX 1" >>confdefs.h + + fi + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + fi + + +# look for field 'ut_exit' in header 'utmp.h' + ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` + ossh_varname="ossh_cv_$ossh_safe""_has_"ut_exit + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ut_exit field in utmp.h" >&5 +printf %s "checking for ut_exit field in utmp.h... " >&6; } + if eval test \${$ossh_varname+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "ut_exit" >/dev/null 2>&1 +then : + eval "$ossh_varname=yes" +else $as_nop + eval "$ossh_varname=no" +fi +rm -rf conftest* + +fi + + ossh_result=`eval 'echo $'"$ossh_varname"` + if test -n "`echo $ossh_varname`"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 +printf "%s\n" "$ossh_result" >&6; } + if test "x$ossh_result" = "xyes"; then + +printf "%s\n" "#define HAVE_EXIT_IN_UTMP 1" >>confdefs.h + + fi + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + fi + + +# look for field 'ut_time' in header 'utmp.h' + ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` + ossh_varname="ossh_cv_$ossh_safe""_has_"ut_time + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ut_time field in utmp.h" >&5 +printf %s "checking for ut_time field in utmp.h... " >&6; } + if eval test \${$ossh_varname+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "ut_time" >/dev/null 2>&1 +then : + eval "$ossh_varname=yes" +else $as_nop + eval "$ossh_varname=no" +fi +rm -rf conftest* + +fi + + ossh_result=`eval 'echo $'"$ossh_varname"` + if test -n "`echo $ossh_varname`"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 +printf "%s\n" "$ossh_result" >&6; } + if test "x$ossh_result" = "xyes"; then + +printf "%s\n" "#define HAVE_TIME_IN_UTMP 1" >>confdefs.h + + fi + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + fi + + +# look for field 'ut_time' in header 'utmpx.h' + ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` + ossh_varname="ossh_cv_$ossh_safe""_has_"ut_time + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ut_time field in utmpx.h" >&5 +printf %s "checking for ut_time field in utmpx.h... " >&6; } + if eval test \${$ossh_varname+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "ut_time" >/dev/null 2>&1 +then : + eval "$ossh_varname=yes" +else $as_nop + eval "$ossh_varname=no" +fi +rm -rf conftest* + +fi + + ossh_result=`eval 'echo $'"$ossh_varname"` + if test -n "`echo $ossh_varname`"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 +printf "%s\n" "$ossh_result" >&6; } + if test "x$ossh_result" = "xyes"; then + +printf "%s\n" "#define HAVE_TIME_IN_UTMPX 1" >>confdefs.h + + fi + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + fi + + +# look for field 'ut_tv' in header 'utmpx.h' + ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` + ossh_varname="ossh_cv_$ossh_safe""_has_"ut_tv + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ut_tv field in utmpx.h" >&5 +printf %s "checking for ut_tv field in utmpx.h... " >&6; } + if eval test \${$ossh_varname+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "ut_tv" >/dev/null 2>&1 +then : + eval "$ossh_varname=yes" +else $as_nop + eval "$ossh_varname=no" +fi +rm -rf conftest* + +fi + + ossh_result=`eval 'echo $'"$ossh_varname"` + if test -n "`echo $ossh_varname`"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 +printf "%s\n" "$ossh_result" >&6; } + if test "x$ossh_result" = "xyes"; then + +printf "%s\n" "#define HAVE_TV_IN_UTMPX 1" >>confdefs.h + + fi + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + fi + + +# look for field 'ut_ss' in header 'utmpx.h' + ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` + ossh_varname="ossh_cv_$ossh_safe""_has_"ut_ss + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ut_ss field in utmpx.h" >&5 +printf %s "checking for ut_ss field in utmpx.h... " >&6; } + if eval test \${$ossh_varname+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "ut_ss" >/dev/null 2>&1 +then : + eval "$ossh_varname=yes" +else $as_nop + eval "$ossh_varname=no" +fi +rm -rf conftest* + +fi + + ossh_result=`eval 'echo $'"$ossh_varname"` + if test -n "`echo $ossh_varname`"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 +printf "%s\n" "$ossh_result" >&6; } + if test "x$ossh_result" = "xyes"; then + +printf "%s\n" "#define HAVE_SS_IN_UTMPX 1" >>confdefs.h + + fi + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + fi + + +ac_fn_c_check_member "$LINENO" "struct stat" "st_blksize" "ac_cv_member_struct_stat_st_blksize" "$ac_includes_default" +if test "x$ac_cv_member_struct_stat_st_blksize" = xyes +then : + +printf "%s\n" "#define HAVE_STRUCT_STAT_ST_BLKSIZE 1" >>confdefs.h + + +fi + +ac_fn_c_check_member "$LINENO" "struct stat" "st_mtim" "ac_cv_member_struct_stat_st_mtim" "$ac_includes_default" +if test "x$ac_cv_member_struct_stat_st_mtim" = xyes +then : + +printf "%s\n" "#define HAVE_STRUCT_STAT_ST_MTIM 1" >>confdefs.h + + +fi + +ac_fn_c_check_member "$LINENO" "struct stat" "st_mtime" "ac_cv_member_struct_stat_st_mtime" "$ac_includes_default" +if test "x$ac_cv_member_struct_stat_st_mtime" = xyes +then : + +printf "%s\n" "#define HAVE_STRUCT_STAT_ST_MTIME 1" >>confdefs.h + + +fi + +ac_fn_c_check_member "$LINENO" "struct passwd" "pw_gecos" "ac_cv_member_struct_passwd_pw_gecos" " +#include +#include + +" +if test "x$ac_cv_member_struct_passwd_pw_gecos" = xyes +then : + +printf "%s\n" "#define HAVE_STRUCT_PASSWD_PW_GECOS 1" >>confdefs.h + + +fi +ac_fn_c_check_member "$LINENO" "struct passwd" "pw_class" "ac_cv_member_struct_passwd_pw_class" " +#include +#include + +" +if test "x$ac_cv_member_struct_passwd_pw_class" = xyes +then : + +printf "%s\n" "#define HAVE_STRUCT_PASSWD_PW_CLASS 1" >>confdefs.h + + +fi +ac_fn_c_check_member "$LINENO" "struct passwd" "pw_change" "ac_cv_member_struct_passwd_pw_change" " +#include +#include + +" +if test "x$ac_cv_member_struct_passwd_pw_change" = xyes +then : + +printf "%s\n" "#define HAVE_STRUCT_PASSWD_PW_CHANGE 1" >>confdefs.h + + +fi +ac_fn_c_check_member "$LINENO" "struct passwd" "pw_expire" "ac_cv_member_struct_passwd_pw_expire" " +#include +#include + +" +if test "x$ac_cv_member_struct_passwd_pw_expire" = xyes +then : + +printf "%s\n" "#define HAVE_STRUCT_PASSWD_PW_EXPIRE 1" >>confdefs.h + + +fi + + +ac_fn_c_check_member "$LINENO" "struct __res_state" "retrans" "ac_cv_member_struct___res_state_retrans" " +#include +#if HAVE_SYS_TYPES_H +# include +#endif +#include +#include +#include + +" +if test "x$ac_cv_member_struct___res_state_retrans" = xyes +then : + +else $as_nop + +printf "%s\n" "#define __res_state state" >>confdefs.h + +fi + + +ac_fn_c_check_member "$LINENO" "struct sockaddr_in" "sin_len" "ac_cv_member_struct_sockaddr_in_sin_len" " +#include +#include +#include + + +" +if test "x$ac_cv_member_struct_sockaddr_in_sin_len" = xyes +then : + +printf "%s\n" "#define SOCK_HAS_LEN 1" >>confdefs.h + +fi + + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ss_family field in struct sockaddr_storage" >&5 +printf %s "checking for ss_family field in struct sockaddr_storage... " >&6; } +if test ${ac_cv_have_ss_family_in_struct_ss+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +int +main (void) +{ + struct sockaddr_storage s; s.ss_family = 1; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_have_ss_family_in_struct_ss="yes" +else $as_nop + ac_cv_have_ss_family_in_struct_ss="no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_ss_family_in_struct_ss" >&5 +printf "%s\n" "$ac_cv_have_ss_family_in_struct_ss" >&6; } +if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then + +printf "%s\n" "#define HAVE_SS_FAMILY_IN_SS 1" >>confdefs.h + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for __ss_family field in struct sockaddr_storage" >&5 +printf %s "checking for __ss_family field in struct sockaddr_storage... " >&6; } +if test ${ac_cv_have___ss_family_in_struct_ss+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +int +main (void) +{ + struct sockaddr_storage s; s.__ss_family = 1; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_have___ss_family_in_struct_ss="yes" +else $as_nop + ac_cv_have___ss_family_in_struct_ss="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have___ss_family_in_struct_ss" >&5 +printf "%s\n" "$ac_cv_have___ss_family_in_struct_ss" >&6; } +if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then + +printf "%s\n" "#define HAVE___SS_FAMILY_IN_SS 1" >>confdefs.h + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for msg_accrights field in struct msghdr" >&5 +printf %s "checking for msg_accrights field in struct msghdr... " >&6; } +if test ${ac_cv_have_accrights_in_msghdr+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include + +int +main (void) +{ + +#ifdef msg_accrights +#error "msg_accrights is a macro" +exit(1); +#endif +struct msghdr m; +m.msg_accrights = 0; +exit(0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_have_accrights_in_msghdr="yes" +else $as_nop + ac_cv_have_accrights_in_msghdr="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_accrights_in_msghdr" >&5 +printf "%s\n" "$ac_cv_have_accrights_in_msghdr" >&6; } +if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then + +printf "%s\n" "#define HAVE_ACCRIGHTS_IN_MSGHDR 1" >>confdefs.h + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if struct statvfs.f_fsid is integral type" >&5 +printf %s "checking if struct statvfs.f_fsid is integral type... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#ifdef HAVE_SYS_TIME_H +# include +#endif +#ifdef HAVE_SYS_MOUNT_H +#include +#endif +#ifdef HAVE_SYS_STATVFS_H +#include +#endif + +int +main (void) +{ + struct statvfs s; s.f_fsid = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if fsid_t has member val" >&5 +printf %s "checking if fsid_t has member val... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +int +main (void) +{ + fsid_t t; t.val[0] = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +printf "%s\n" "#define FSID_HAS_VAL 1" >>confdefs.h + +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if f_fsid has member __val" >&5 +printf %s "checking if f_fsid has member __val... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +int +main (void) +{ + fsid_t t; t.__val[0] = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +printf "%s\n" "#define FSID_HAS___VAL 1" >>confdefs.h + +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for msg_control field in struct msghdr" >&5 +printf %s "checking for msg_control field in struct msghdr... " >&6; } +if test ${ac_cv_have_control_in_msghdr+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include + +int +main (void) +{ + +#ifdef msg_control +#error "msg_control is a macro" +exit(1); +#endif +struct msghdr m; +m.msg_control = 0; +exit(0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_have_control_in_msghdr="yes" +else $as_nop + ac_cv_have_control_in_msghdr="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_control_in_msghdr" >&5 +printf "%s\n" "$ac_cv_have_control_in_msghdr" >&6; } +if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then + +printf "%s\n" "#define HAVE_CONTROL_IN_MSGHDR 1" >>confdefs.h + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if libc defines __progname" >&5 +printf %s "checking if libc defines __progname... " >&6; } +if test ${ac_cv_libc_defines___progname+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main (void) +{ + extern char *__progname; printf("%s", __progname); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_libc_defines___progname="yes" +else $as_nop + ac_cv_libc_defines___progname="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libc_defines___progname" >&5 +printf "%s\n" "$ac_cv_libc_defines___progname" >&6; } +if test "x$ac_cv_libc_defines___progname" = "xyes" ; then + +printf "%s\n" "#define HAVE___PROGNAME 1" >>confdefs.h + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC implements __FUNCTION__" >&5 +printf %s "checking whether $CC implements __FUNCTION__... " >&6; } +if test ${ac_cv_cc_implements___FUNCTION__+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main (void) +{ + printf("%s", __FUNCTION__); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_cc_implements___FUNCTION__="yes" +else $as_nop + ac_cv_cc_implements___FUNCTION__="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cc_implements___FUNCTION__" >&5 +printf "%s\n" "$ac_cv_cc_implements___FUNCTION__" >&6; } +if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then + +printf "%s\n" "#define HAVE___FUNCTION__ 1" >>confdefs.h + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC implements __func__" >&5 +printf %s "checking whether $CC implements __func__... " >&6; } +if test ${ac_cv_cc_implements___func__+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main (void) +{ + printf("%s", __func__); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_cc_implements___func__="yes" +else $as_nop + ac_cv_cc_implements___func__="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cc_implements___func__" >&5 +printf "%s\n" "$ac_cv_cc_implements___func__" >&6; } +if test "x$ac_cv_cc_implements___func__" = "xyes" ; then + +printf "%s\n" "#define HAVE___func__ 1" >>confdefs.h + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether va_copy exists" >&5 +printf %s "checking whether va_copy exists... " >&6; } +if test ${ac_cv_have_va_copy+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +va_list x,y; + +int +main (void) +{ + va_copy(x,y); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_have_va_copy="yes" +else $as_nop + ac_cv_have_va_copy="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_va_copy" >&5 +printf "%s\n" "$ac_cv_have_va_copy" >&6; } +if test "x$ac_cv_have_va_copy" = "xyes" ; then + +printf "%s\n" "#define HAVE_VA_COPY 1" >>confdefs.h + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether __va_copy exists" >&5 +printf %s "checking whether __va_copy exists... " >&6; } +if test ${ac_cv_have___va_copy+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +va_list x,y; + +int +main (void) +{ + __va_copy(x,y); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_have___va_copy="yes" +else $as_nop + ac_cv_have___va_copy="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have___va_copy" >&5 +printf "%s\n" "$ac_cv_have___va_copy" >&6; } +if test "x$ac_cv_have___va_copy" = "xyes" ; then + +printf "%s\n" "#define HAVE___VA_COPY 1" >>confdefs.h + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether getopt has optreset support" >&5 +printf %s "checking whether getopt has optreset support... " >&6; } +if test ${ac_cv_have_getopt_optreset+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main (void) +{ + extern int optreset; optreset = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_have_getopt_optreset="yes" +else $as_nop + ac_cv_have_getopt_optreset="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_getopt_optreset" >&5 +printf "%s\n" "$ac_cv_have_getopt_optreset" >&6; } +if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then + +printf "%s\n" "#define HAVE_GETOPT_OPTRESET 1" >>confdefs.h + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if libc defines sys_errlist" >&5 +printf %s "checking if libc defines sys_errlist... " >&6; } +if test ${ac_cv_libc_defines_sys_errlist+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main (void) +{ + extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_libc_defines_sys_errlist="yes" +else $as_nop + ac_cv_libc_defines_sys_errlist="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libc_defines_sys_errlist" >&5 +printf "%s\n" "$ac_cv_libc_defines_sys_errlist" >&6; } +if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then + +printf "%s\n" "#define HAVE_SYS_ERRLIST 1" >>confdefs.h + +fi + + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if libc defines sys_nerr" >&5 +printf %s "checking if libc defines sys_nerr... " >&6; } +if test ${ac_cv_libc_defines_sys_nerr+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main (void) +{ + extern int sys_nerr; printf("%i", sys_nerr); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_libc_defines_sys_nerr="yes" +else $as_nop + ac_cv_libc_defines_sys_nerr="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libc_defines_sys_nerr" >&5 +printf "%s\n" "$ac_cv_libc_defines_sys_nerr" >&6; } +if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then + +printf "%s\n" "#define HAVE_SYS_NERR 1" >>confdefs.h + +fi + +# Check libraries needed by DNS fingerprint support +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing getrrsetbyname" >&5 +printf %s "checking for library containing getrrsetbyname... " >&6; } +if test ${ac_cv_search_getrrsetbyname+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char getrrsetbyname (); +int +main (void) +{ +return getrrsetbyname (); + ; + return 0; +} +_ACEOF +for ac_lib in '' resolv +do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO" +then : + ac_cv_search_getrrsetbyname=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext + if test ${ac_cv_search_getrrsetbyname+y} +then : + break +fi +done +if test ${ac_cv_search_getrrsetbyname+y} +then : + +else $as_nop + ac_cv_search_getrrsetbyname=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_getrrsetbyname" >&5 +printf "%s\n" "$ac_cv_search_getrrsetbyname" >&6; } +ac_res=$ac_cv_search_getrrsetbyname +if test "$ac_res" != no +then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +printf "%s\n" "#define HAVE_GETRRSETBYNAME 1" >>confdefs.h + +else $as_nop + + # Needed by our getrrsetbyname() + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing res_query" >&5 +printf %s "checking for library containing res_query... " >&6; } +if test ${ac_cv_search_res_query+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char res_query (); +int +main (void) +{ +return res_query (); + ; + return 0; +} +_ACEOF +for ac_lib in '' resolv +do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO" +then : + ac_cv_search_res_query=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext + if test ${ac_cv_search_res_query+y} +then : + break +fi +done +if test ${ac_cv_search_res_query+y} +then : + +else $as_nop + ac_cv_search_res_query=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_res_query" >&5 +printf "%s\n" "$ac_cv_search_res_query" >&6; } +ac_res=$ac_cv_search_res_query +if test "$ac_res" != no +then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing dn_expand" >&5 +printf %s "checking for library containing dn_expand... " >&6; } +if test ${ac_cv_search_dn_expand+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char dn_expand (); +int +main (void) +{ +return dn_expand (); + ; + return 0; +} +_ACEOF +for ac_lib in '' resolv +do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO" +then : + ac_cv_search_dn_expand=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext + if test ${ac_cv_search_dn_expand+y} +then : + break +fi +done +if test ${ac_cv_search_dn_expand+y} +then : + +else $as_nop + ac_cv_search_dn_expand=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dn_expand" >&5 +printf "%s\n" "$ac_cv_search_dn_expand" >&6; } +ac_res=$ac_cv_search_dn_expand +if test "$ac_res" != no +then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if res_query will link" >&5 +printf %s "checking if res_query will link... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include + +int +main (void) +{ + + res_query (0, 0, 0, 0, 0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + saved_LIBS="$LIBS" + LIBS="$LIBS -lresolv" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for res_query in -lresolv" >&5 +printf %s "checking for res_query in -lresolv... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#include + +int +main (void) +{ + + res_query (0, 0, 0, 0, 0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +else $as_nop + LIBS="$saved_LIBS" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + ac_fn_c_check_func "$LINENO" "_getshort" "ac_cv_func__getshort" +if test "x$ac_cv_func__getshort" = xyes +then : + printf "%s\n" "#define HAVE__GETSHORT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "_getlong" "ac_cv_func__getlong" +if test "x$ac_cv_func__getlong" = xyes +then : + printf "%s\n" "#define HAVE__GETLONG 1" >>confdefs.h + +fi + + ac_fn_check_decl "$LINENO" "_getshort" "ac_cv_have_decl__getshort" "#include + #include +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl__getshort" = xyes +then : + ac_have_decl=1 +else $as_nop + ac_have_decl=0 +fi +printf "%s\n" "#define HAVE_DECL__GETSHORT $ac_have_decl" >>confdefs.h +ac_fn_check_decl "$LINENO" "_getlong" "ac_cv_have_decl__getlong" "#include + #include +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl__getlong" = xyes +then : + ac_have_decl=1 +else $as_nop + ac_have_decl=0 +fi +printf "%s\n" "#define HAVE_DECL__GETLONG $ac_have_decl" >>confdefs.h + + ac_fn_c_check_member "$LINENO" "HEADER" "ad" "ac_cv_member_HEADER_ad" "#include +" +if test "x$ac_cv_member_HEADER_ad" = xyes +then : + +printf "%s\n" "#define HAVE_HEADER_AD 1" >>confdefs.h + +fi + + +fi + + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if struct __res_state _res is an extern" >&5 +printf %s "checking if struct __res_state _res is an extern... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#if HAVE_SYS_TYPES_H +# include +#endif +#include +#include +#include +extern struct __res_state _res; + +int +main (void) +{ + +struct __res_state *volatile p = &_res; /* force resolution of _res */ +return 0; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +printf "%s\n" "#define HAVE__RES_EXTERN 1" >>confdefs.h + + +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + +# Check whether user wants SELinux support +SELINUX_MSG="no" +LIBSELINUX="" + +# Check whether --with-selinux was given. +if test ${with_selinux+y} +then : + withval=$with_selinux; if test "x$withval" != "xno" ; then + save_LIBS="$LIBS" + +printf "%s\n" "#define WITH_SELINUX 1" >>confdefs.h + + SELINUX_MSG="yes" + ac_fn_c_check_header_compile "$LINENO" "selinux/selinux.h" "ac_cv_header_selinux_selinux_h" "$ac_includes_default" +if test "x$ac_cv_header_selinux_selinux_h" = xyes +then : + +else $as_nop + as_fn_error $? "SELinux support requires selinux.h header" "$LINENO" 5 +fi + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for setexeccon in -lselinux" >&5 +printf %s "checking for setexeccon in -lselinux... " >&6; } +if test ${ac_cv_lib_selinux_setexeccon+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-lselinux $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char setexeccon (); +int +main (void) +{ +return setexeccon (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_selinux_setexeccon=yes +else $as_nop + ac_cv_lib_selinux_setexeccon=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_selinux_setexeccon" >&5 +printf "%s\n" "$ac_cv_lib_selinux_setexeccon" >&6; } +if test "x$ac_cv_lib_selinux_setexeccon" = xyes +then : + LIBSELINUX="-lselinux" + LIBS="$LIBS -lselinux" + +else $as_nop + as_fn_error $? "SELinux support requires libselinux library" "$LINENO" 5 +fi + + ac_fn_c_check_func "$LINENO" "getseuserbyname" "ac_cv_func_getseuserbyname" +if test "x$ac_cv_func_getseuserbyname" = xyes +then : + printf "%s\n" "#define HAVE_GETSEUSERBYNAME 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "get_default_context_with_level" "ac_cv_func_get_default_context_with_level" +if test "x$ac_cv_func_get_default_context_with_level" = xyes +then : + printf "%s\n" "#define HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL 1" >>confdefs.h + +fi + + LIBS="$save_LIBS $LIBSELINUX" + fi + +fi + + + +# Check whether user wants Kerberos 5 support +KRB5_MSG="no" + +# Check whether --with-kerberos5 was given. +if test ${with_kerberos5+y} +then : + withval=$with_kerberos5; if test "x$withval" != "xno" ; then + if test "x$withval" = "xyes" ; then + KRB5ROOT="/usr/local" + else + KRB5ROOT=${withval} + fi + + +printf "%s\n" "#define KRB5 1" >>confdefs.h + + KRB5_MSG="yes" + + use_pkgconfig_for_krb5= + if test "x$PKGCONFIG" != "xno"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $PKGCONFIG knows about kerberos5" >&5 +printf %s "checking if $PKGCONFIG knows about kerberos5... " >&6; } + if "$PKGCONFIG" krb5; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + use_pkgconfig_for_krb5=yes + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + fi + fi + if test "x$use_pkgconfig_for_krb5" = "xyes"; then + K5CFLAGS=`$PKGCONFIG --cflags krb5` + K5LIBS=`$PKGCONFIG --libs krb5` + CPPFLAGS="$CPPFLAGS $K5CFLAGS" + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for gssapi support" >&5 +printf %s "checking for gssapi support... " >&6; } + if "$PKGCONFIG" krb5-gssapi; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +printf "%s\n" "#define GSSAPI 1" >>confdefs.h + + GSSCFLAGS="`$PKGCONFIG --cflags krb5-gssapi`" + GSSLIBS="`$PKGCONFIG --libs krb5-gssapi`" + CPPFLAGS="$CPPFLAGS $GSSCFLAGS" + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + fi + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether we are using Heimdal" >&5 +printf %s "checking whether we are using Heimdal... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include + +int +main (void) +{ + char *tmp = heimdal_version; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +printf "%s\n" "#define HEIMDAL 1" >>confdefs.h + +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + else + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}krb5-config", so it can be a program name with args. +set dummy ${ac_tool_prefix}krb5-config; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_KRB5CONF+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $KRB5CONF in + [\\/]* | ?:[\\/]*) + ac_cv_path_KRB5CONF="$KRB5CONF" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_dummy="$KRB5ROOT/bin:$PATH" +for as_dir in $as_dummy +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_KRB5CONF="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +KRB5CONF=$ac_cv_path_KRB5CONF +if test -n "$KRB5CONF"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $KRB5CONF" >&5 +printf "%s\n" "$KRB5CONF" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +fi +if test -z "$ac_cv_path_KRB5CONF"; then + ac_pt_KRB5CONF=$KRB5CONF + # Extract the first word of "krb5-config", so it can be a program name with args. +set dummy krb5-config; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_ac_pt_KRB5CONF+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $ac_pt_KRB5CONF in + [\\/]* | ?:[\\/]*) + ac_cv_path_ac_pt_KRB5CONF="$ac_pt_KRB5CONF" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_dummy="$KRB5ROOT/bin:$PATH" +for as_dir in $as_dummy +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_ac_pt_KRB5CONF="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +ac_pt_KRB5CONF=$ac_cv_path_ac_pt_KRB5CONF +if test -n "$ac_pt_KRB5CONF"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_pt_KRB5CONF" >&5 +printf "%s\n" "$ac_pt_KRB5CONF" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + if test "x$ac_pt_KRB5CONF" = x; then + KRB5CONF="$KRB5ROOT/bin/krb5-config" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + KRB5CONF=$ac_pt_KRB5CONF + fi +else + KRB5CONF="$ac_cv_path_KRB5CONF" +fi + + if test -x $KRB5CONF ; then + K5CFLAGS="`$KRB5CONF --cflags`" + K5LIBS="`$KRB5CONF --libs`" + CPPFLAGS="$CPPFLAGS $K5CFLAGS" + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for gssapi support" >&5 +printf %s "checking for gssapi support... " >&6; } + if $KRB5CONF | grep gssapi >/dev/null ; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +printf "%s\n" "#define GSSAPI 1" >>confdefs.h + + GSSCFLAGS="`$KRB5CONF --cflags gssapi`" + GSSLIBS="`$KRB5CONF --libs gssapi`" + CPPFLAGS="$CPPFLAGS $GSSCFLAGS" + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + fi + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether we are using Heimdal" >&5 +printf %s "checking whether we are using Heimdal... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include + +int +main (void) +{ + char *tmp = heimdal_version; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +printf "%s\n" "#define HEIMDAL 1" >>confdefs.h + +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + else + CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" + LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether we are using Heimdal" >&5 +printf %s "checking whether we are using Heimdal... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include + +int +main (void) +{ + char *tmp = heimdal_version; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + printf "%s\n" "#define HEIMDAL 1" >>confdefs.h + + K5LIBS="-lkrb5" + K5LIBS="$K5LIBS -lcom_err -lasn1" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for net_write in -lroken" >&5 +printf %s "checking for net_write in -lroken... " >&6; } +if test ${ac_cv_lib_roken_net_write+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-lroken $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char net_write (); +int +main (void) +{ +return net_write (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_roken_net_write=yes +else $as_nop + ac_cv_lib_roken_net_write=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_roken_net_write" >&5 +printf "%s\n" "$ac_cv_lib_roken_net_write" >&6; } +if test "x$ac_cv_lib_roken_net_write" = xyes +then : + K5LIBS="$K5LIBS -lroken" +fi + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for des_cbc_encrypt in -ldes" >&5 +printf %s "checking for des_cbc_encrypt in -ldes... " >&6; } +if test ${ac_cv_lib_des_des_cbc_encrypt+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldes $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char des_cbc_encrypt (); +int +main (void) +{ +return des_cbc_encrypt (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_des_des_cbc_encrypt=yes +else $as_nop + ac_cv_lib_des_des_cbc_encrypt=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_des_des_cbc_encrypt" >&5 +printf "%s\n" "$ac_cv_lib_des_des_cbc_encrypt" >&6; } +if test "x$ac_cv_lib_des_des_cbc_encrypt" = xyes +then : + K5LIBS="$K5LIBS -ldes" +fi + + +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + K5LIBS="-lkrb5 -lk5crypto -lcom_err" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing dn_expand" >&5 +printf %s "checking for library containing dn_expand... " >&6; } +if test ${ac_cv_search_dn_expand+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char dn_expand (); +int +main (void) +{ +return dn_expand (); + ; + return 0; +} +_ACEOF +for ac_lib in '' resolv +do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO" +then : + ac_cv_search_dn_expand=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext + if test ${ac_cv_search_dn_expand+y} +then : + break +fi +done +if test ${ac_cv_search_dn_expand+y} +then : + +else $as_nop + ac_cv_search_dn_expand=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dn_expand" >&5 +printf "%s\n" "$ac_cv_search_dn_expand" >&6; } +ac_res=$ac_cv_search_dn_expand +if test "$ac_res" != no +then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for gss_init_sec_context in -lgssapi_krb5" >&5 +printf %s "checking for gss_init_sec_context in -lgssapi_krb5... " >&6; } +if test ${ac_cv_lib_gssapi_krb5_gss_init_sec_context+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-lgssapi_krb5 $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char gss_init_sec_context (); +int +main (void) +{ +return gss_init_sec_context (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_gssapi_krb5_gss_init_sec_context=yes +else $as_nop + ac_cv_lib_gssapi_krb5_gss_init_sec_context=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gssapi_krb5_gss_init_sec_context" >&5 +printf "%s\n" "$ac_cv_lib_gssapi_krb5_gss_init_sec_context" >&6; } +if test "x$ac_cv_lib_gssapi_krb5_gss_init_sec_context" = xyes +then : + printf "%s\n" "#define GSSAPI 1" >>confdefs.h + + GSSLIBS="-lgssapi_krb5" +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for gss_init_sec_context in -lgssapi" >&5 +printf %s "checking for gss_init_sec_context in -lgssapi... " >&6; } +if test ${ac_cv_lib_gssapi_gss_init_sec_context+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-lgssapi $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char gss_init_sec_context (); +int +main (void) +{ +return gss_init_sec_context (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_gssapi_gss_init_sec_context=yes +else $as_nop + ac_cv_lib_gssapi_gss_init_sec_context=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gssapi_gss_init_sec_context" >&5 +printf "%s\n" "$ac_cv_lib_gssapi_gss_init_sec_context" >&6; } +if test "x$ac_cv_lib_gssapi_gss_init_sec_context" = xyes +then : + printf "%s\n" "#define GSSAPI 1" >>confdefs.h + + GSSLIBS="-lgssapi" +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for gss_init_sec_context in -lgss" >&5 +printf %s "checking for gss_init_sec_context in -lgss... " >&6; } +if test ${ac_cv_lib_gss_gss_init_sec_context+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-lgss $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char gss_init_sec_context (); +int +main (void) +{ +return gss_init_sec_context (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_gss_gss_init_sec_context=yes +else $as_nop + ac_cv_lib_gss_gss_init_sec_context=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gss_gss_init_sec_context" >&5 +printf "%s\n" "$ac_cv_lib_gss_gss_init_sec_context" >&6; } +if test "x$ac_cv_lib_gss_gss_init_sec_context" = xyes +then : + printf "%s\n" "#define GSSAPI 1" >>confdefs.h + + GSSLIBS="-lgss" +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Cannot find any suitable gss-api library - build may fail" >&5 +printf "%s\n" "$as_me: WARNING: Cannot find any suitable gss-api library - build may fail" >&2;} +fi + + +fi + + +fi + + + ac_fn_c_check_header_compile "$LINENO" "gssapi.h" "ac_cv_header_gssapi_h" "$ac_includes_default" +if test "x$ac_cv_header_gssapi_h" = xyes +then : + +else $as_nop + unset ac_cv_header_gssapi_h + CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" + for ac_header in gssapi.h +do : + ac_fn_c_check_header_compile "$LINENO" "gssapi.h" "ac_cv_header_gssapi_h" "$ac_includes_default" +if test "x$ac_cv_header_gssapi_h" = xyes +then : + printf "%s\n" "#define HAVE_GSSAPI_H 1" >>confdefs.h + +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Cannot find any suitable gss-api header - build may fail" >&5 +printf "%s\n" "$as_me: WARNING: Cannot find any suitable gss-api header - build may fail" >&2;} + +fi + +done + + +fi + + + oldCPP="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" + ac_fn_c_check_header_compile "$LINENO" "gssapi_krb5.h" "ac_cv_header_gssapi_krb5_h" "$ac_includes_default" +if test "x$ac_cv_header_gssapi_krb5_h" = xyes +then : + +else $as_nop + CPPFLAGS="$oldCPP" +fi + + + fi + fi + if test -n "${rpath_opt}" ; then + LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib" + fi + if test ! -z "$blibpath" ; then + blibpath="$blibpath:${KRB5ROOT}/lib" + fi + + ac_fn_c_check_header_compile "$LINENO" "gssapi.h" "ac_cv_header_gssapi_h" "$ac_includes_default" +if test "x$ac_cv_header_gssapi_h" = xyes +then : + printf "%s\n" "#define HAVE_GSSAPI_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "gssapi/gssapi.h" "ac_cv_header_gssapi_gssapi_h" "$ac_includes_default" +if test "x$ac_cv_header_gssapi_gssapi_h" = xyes +then : + printf "%s\n" "#define HAVE_GSSAPI_GSSAPI_H 1" >>confdefs.h + +fi + + ac_fn_c_check_header_compile "$LINENO" "gssapi_krb5.h" "ac_cv_header_gssapi_krb5_h" "$ac_includes_default" +if test "x$ac_cv_header_gssapi_krb5_h" = xyes +then : + printf "%s\n" "#define HAVE_GSSAPI_KRB5_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "gssapi/gssapi_krb5.h" "ac_cv_header_gssapi_gssapi_krb5_h" "$ac_includes_default" +if test "x$ac_cv_header_gssapi_gssapi_krb5_h" = xyes +then : + printf "%s\n" "#define HAVE_GSSAPI_GSSAPI_KRB5_H 1" >>confdefs.h + +fi + + ac_fn_c_check_header_compile "$LINENO" "gssapi_generic.h" "ac_cv_header_gssapi_generic_h" "$ac_includes_default" +if test "x$ac_cv_header_gssapi_generic_h" = xyes +then : + printf "%s\n" "#define HAVE_GSSAPI_GENERIC_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "gssapi/gssapi_generic.h" "ac_cv_header_gssapi_gssapi_generic_h" "$ac_includes_default" +if test "x$ac_cv_header_gssapi_gssapi_generic_h" = xyes +then : + printf "%s\n" "#define HAVE_GSSAPI_GSSAPI_GENERIC_H 1" >>confdefs.h + +fi + + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing k_hasafs" >&5 +printf %s "checking for library containing k_hasafs... " >&6; } +if test ${ac_cv_search_k_hasafs+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char k_hasafs (); +int +main (void) +{ +return k_hasafs (); + ; + return 0; +} +_ACEOF +for ac_lib in '' kafs +do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO" +then : + ac_cv_search_k_hasafs=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext + if test ${ac_cv_search_k_hasafs+y} +then : + break +fi +done +if test ${ac_cv_search_k_hasafs+y} +then : + +else $as_nop + ac_cv_search_k_hasafs=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_k_hasafs" >&5 +printf "%s\n" "$ac_cv_search_k_hasafs" >&6; } +ac_res=$ac_cv_search_k_hasafs +if test "$ac_res" != no +then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +printf "%s\n" "#define USE_AFS 1" >>confdefs.h + +fi + + + ac_fn_check_decl "$LINENO" "GSS_C_NT_HOSTBASED_SERVICE" "ac_cv_have_decl_GSS_C_NT_HOSTBASED_SERVICE" " +#ifdef HAVE_GSSAPI_H +# include +#elif defined(HAVE_GSSAPI_GSSAPI_H) +# include +#endif + +#ifdef HAVE_GSSAPI_GENERIC_H +# include +#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) +# include +#endif + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_GSS_C_NT_HOSTBASED_SERVICE" = xyes +then : + ac_have_decl=1 +else $as_nop + ac_have_decl=0 +fi +printf "%s\n" "#define HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE $ac_have_decl" >>confdefs.h + + saved_LIBS="$LIBS" + LIBS="$LIBS $K5LIBS" + ac_fn_c_check_func "$LINENO" "krb5_cc_new_unique" "ac_cv_func_krb5_cc_new_unique" +if test "x$ac_cv_func_krb5_cc_new_unique" = xyes +then : + printf "%s\n" "#define HAVE_KRB5_CC_NEW_UNIQUE 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "krb5_get_error_message" "ac_cv_func_krb5_get_error_message" +if test "x$ac_cv_func_krb5_get_error_message" = xyes +then : + printf "%s\n" "#define HAVE_KRB5_GET_ERROR_MESSAGE 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "krb5_free_error_message" "ac_cv_func_krb5_free_error_message" +if test "x$ac_cv_func_krb5_free_error_message" = xyes +then : + printf "%s\n" "#define HAVE_KRB5_FREE_ERROR_MESSAGE 1" >>confdefs.h + +fi + + LIBS="$saved_LIBS" + + fi + + +fi + + + + + +# Looking for programs, paths and files + +PRIVSEP_PATH=/var/empty + +# Check whether --with-privsep-path was given. +if test ${with_privsep_path+y} +then : + withval=$with_privsep_path; + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + PRIVSEP_PATH=$withval + fi + + +fi + + + + +# Check whether --with-xauth was given. +if test ${with_xauth+y} +then : + withval=$with_xauth; + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + xauth_path=$withval + fi + +else $as_nop + + TestPath="$PATH" + TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" + TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" + TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" + TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" + # Extract the first word of "xauth", so it can be a program name with args. +set dummy xauth; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_xauth_path+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $xauth_path in + [\\/]* | ?:[\\/]*) + ac_cv_path_xauth_path="$xauth_path" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $TestPath +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_xauth_path="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +xauth_path=$ac_cv_path_xauth_path +if test -n "$xauth_path"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $xauth_path" >&5 +printf "%s\n" "$xauth_path" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + + if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then + xauth_path="/usr/openwin/bin/xauth" + fi + + +fi + + +STRIP_OPT=-s +# Check whether --enable-strip was given. +if test ${enable_strip+y} +then : + enableval=$enable_strip; + if test "x$enableval" = "xno" ; then + STRIP_OPT= + fi + + +fi + + + +if test -z "$xauth_path" ; then + XAUTH_PATH="undefined" + +else + +printf "%s\n" "#define XAUTH_PATH \"$xauth_path\"" >>confdefs.h + + XAUTH_PATH=$xauth_path + +fi + +# Check for mail directory + +# Check whether --with-maildir was given. +if test ${with_maildir+y} +then : + withval=$with_maildir; + if test "X$withval" != X && test "x$withval" != xno && \ + test "x${withval}" != xyes; then + +printf "%s\n" "#define MAIL_DIRECTORY \"$withval\"" >>confdefs.h + + fi + +else $as_nop + + if test "X$maildir" != "X"; then + printf "%s\n" "#define MAIL_DIRECTORY \"$maildir\"" >>confdefs.h + + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking Discovering system mail directory" >&5 +printf %s "checking Discovering system mail directory... " >&6; } + if test "$cross_compiling" = yes +then : + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: use --with-maildir=/path/to/mail" >&5 +printf "%s\n" "$as_me: WARNING: cross compiling: use --with-maildir=/path/to/mail" >&2;} + + +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#ifdef HAVE_PATHS_H +#include +#endif +#ifdef HAVE_MAILLOCK_H +#include +#endif +#define DATA "conftest.maildir" + +int +main (void) +{ + + FILE *fd; + int rc; + + fd = fopen(DATA,"w"); + if(fd == NULL) + exit(1); + +#if defined (_PATH_MAILDIR) + if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) + exit(1); +#elif defined (MAILDIR) + if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) + exit(1); +#elif defined (_PATH_MAIL) + if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) + exit(1); +#else + exit (2); +#endif + + exit(0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + + maildir_what=`awk -F: '{print $1}' conftest.maildir` + maildir=`awk -F: '{print $2}' conftest.maildir \ + | sed 's|/$||'` + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: Using: $maildir from $maildir_what" >&5 +printf "%s\n" "Using: $maildir from $maildir_what" >&6; } + if test "x$maildir_what" != "x_PATH_MAILDIR"; then + printf "%s\n" "#define MAIL_DIRECTORY \"$maildir\"" >>confdefs.h + + fi + +else $as_nop + + if test "X$ac_status" = "X2";then +# our test program didn't find it. Default to /var/spool/mail + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: Using: default value of /var/spool/mail" >&5 +printf "%s\n" "Using: default value of /var/spool/mail" >&6; } + printf "%s\n" "#define MAIL_DIRECTORY \"/var/spool/mail\"" >>confdefs.h + + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: *** not found ***" >&5 +printf "%s\n" "*** not found ***" >&6; } + fi + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + fi + + +fi + # maildir + +if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Disabling /dev/ptmx test" >&5 +printf "%s\n" "$as_me: WARNING: cross compiling: Disabling /dev/ptmx test" >&2;} + disable_ptmx_check=yes +fi +if test -z "$no_dev_ptmx" ; then + if test "x$disable_ptmx_check" != "xyes" ; then + as_ac_File=`printf "%s\n" "ac_cv_file_"/dev/ptmx"" | $as_tr_sh` +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for \"/dev/ptmx\"" >&5 +printf %s "checking for \"/dev/ptmx\"... " >&6; } +if eval test \${$as_ac_File+y} +then : + printf %s "(cached) " >&6 +else $as_nop + test "$cross_compiling" = yes && + as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 +if test -r ""/dev/ptmx""; then + eval "$as_ac_File=yes" +else + eval "$as_ac_File=no" +fi +fi +eval ac_res=\$$as_ac_File + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } +if eval test \"x\$"$as_ac_File"\" = x"yes" +then : + + +printf "%s\n" "#define HAVE_DEV_PTMX 1" >>confdefs.h + + have_dev_ptmx=1 + + +fi + + fi +fi + +if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then + as_ac_File=`printf "%s\n" "ac_cv_file_"/dev/ptc"" | $as_tr_sh` +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for \"/dev/ptc\"" >&5 +printf %s "checking for \"/dev/ptc\"... " >&6; } +if eval test \${$as_ac_File+y} +then : + printf %s "(cached) " >&6 +else $as_nop + test "$cross_compiling" = yes && + as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 +if test -r ""/dev/ptc""; then + eval "$as_ac_File=yes" +else + eval "$as_ac_File=no" +fi +fi +eval ac_res=\$$as_ac_File + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } +if eval test \"x\$"$as_ac_File"\" = x"yes" +then : + + +printf "%s\n" "#define HAVE_DEV_PTS_AND_PTC 1" >>confdefs.h + + have_dev_ptc=1 + + +fi + +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Disabling /dev/ptc test" >&5 +printf "%s\n" "$as_me: WARNING: cross compiling: Disabling /dev/ptc test" >&2;} +fi + +# Options from here on. Some of these are preset by platform above + +# Check whether --with-mantype was given. +if test ${with_mantype+y} +then : + withval=$with_mantype; + case "$withval" in + man|cat|doc) + MANTYPE=$withval + ;; + *) + as_fn_error $? "invalid man type: $withval" "$LINENO" 5 + ;; + esac + + +fi + +if test -z "$MANTYPE"; then + if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then + MANTYPE=doc + elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then + MANTYPE=doc + elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then + MANTYPE=man + else + MANTYPE=cat + fi +fi + +if test "$MANTYPE" = "doc"; then + mansubdir=man; +else + mansubdir=$MANTYPE; +fi + + +# Whether to disable shadow password support + +# Check whether --with-shadow was given. +if test ${with_shadow+y} +then : + withval=$with_shadow; + if test "x$withval" = "xno" ; then + printf "%s\n" "#define DISABLE_SHADOW 1" >>confdefs.h + + disable_shadow=yes + fi + + +fi + + +if test -z "$disable_shadow" ; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if the systems has expire shadow information" >&5 +printf %s "checking if the systems has expire shadow information... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +struct spwd sp; + +int +main (void) +{ + sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + sp_expire_available=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + + if test "x$sp_expire_available" = "xyes" ; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +printf "%s\n" "#define HAS_SHADOW_EXPIRE 1" >>confdefs.h + + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + fi +fi + +# Use ip address instead of hostname in $DISPLAY +if test ! -z "$IPADDR_IN_DISPLAY" ; then + DISPLAY_HACK_MSG="yes" + +printf "%s\n" "#define IPADDR_IN_DISPLAY 1" >>confdefs.h + +else + DISPLAY_HACK_MSG="no" + +# Check whether --with-ipaddr-display was given. +if test ${with_ipaddr_display+y} +then : + withval=$with_ipaddr_display; + if test "x$withval" != "xno" ; then + printf "%s\n" "#define IPADDR_IN_DISPLAY 1" >>confdefs.h + + DISPLAY_HACK_MSG="yes" + fi + + +fi + +fi + +# check for /etc/default/login and use it if present. +# Check whether --enable-etc-default-login was given. +if test ${enable_etc_default_login+y} +then : + enableval=$enable_etc_default_login; if test "x$enableval" = "xno"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: /etc/default/login handling disabled" >&5 +printf "%s\n" "$as_me: /etc/default/login handling disabled" >&6;} + etc_default_login=no + else + etc_default_login=yes + fi +else $as_nop + if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; + then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking /etc/default/login" >&5 +printf "%s\n" "$as_me: WARNING: cross compiling: not checking /etc/default/login" >&2;} + etc_default_login=no + else + etc_default_login=yes + fi + +fi + + +if test "x$etc_default_login" != "xno"; then + as_ac_File=`printf "%s\n" "ac_cv_file_"/etc/default/login"" | $as_tr_sh` +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for \"/etc/default/login\"" >&5 +printf %s "checking for \"/etc/default/login\"... " >&6; } +if eval test \${$as_ac_File+y} +then : + printf %s "(cached) " >&6 +else $as_nop + test "$cross_compiling" = yes && + as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 +if test -r ""/etc/default/login""; then + eval "$as_ac_File=yes" +else + eval "$as_ac_File=no" +fi +fi +eval ac_res=\$$as_ac_File + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } +if eval test \"x\$"$as_ac_File"\" = x"yes" +then : + external_path_file=/etc/default/login +fi + + if test "x$external_path_file" = "x/etc/default/login"; then + +printf "%s\n" "#define HAVE_ETC_DEFAULT_LOGIN 1" >>confdefs.h + + fi +fi + +if test $ac_cv_func_login_getcapbool = "yes" && \ + test $ac_cv_header_login_cap_h = "yes" ; then + external_path_file=/etc/login.conf +fi + +# Whether to mess with the default path +SERVER_PATH_MSG="(default)" + +# Check whether --with-default-path was given. +if test ${with_default_path+y} +then : + withval=$with_default_path; + if test "x$external_path_file" = "x/etc/login.conf" ; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: +--with-default-path=PATH has no effect on this system. +Edit /etc/login.conf instead." >&5 +printf "%s\n" "$as_me: WARNING: +--with-default-path=PATH has no effect on this system. +Edit /etc/login.conf instead." >&2;} + elif test "x$withval" != "xno" ; then + if test ! -z "$external_path_file" ; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: +--with-default-path=PATH will only be used if PATH is not defined in +$external_path_file ." >&5 +printf "%s\n" "$as_me: WARNING: +--with-default-path=PATH will only be used if PATH is not defined in +$external_path_file ." >&2;} + fi + user_path="$withval" + SERVER_PATH_MSG="$withval" + fi + +else $as_nop + if test "x$external_path_file" = "x/etc/login.conf" ; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Make sure the path to scp is in /etc/login.conf" >&5 +printf "%s\n" "$as_me: WARNING: Make sure the path to scp is in /etc/login.conf" >&2;} + else + if test ! -z "$external_path_file" ; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: +If PATH is defined in $external_path_file, ensure the path to scp is included, +otherwise scp will not work." >&5 +printf "%s\n" "$as_me: WARNING: +If PATH is defined in $external_path_file, ensure the path to scp is included, +otherwise scp will not work." >&2;} + fi + if test "$cross_compiling" = yes +then : + user_path="/usr/bin:/bin:/usr/sbin:/sbin" + +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* find out what STDPATH is */ +#include +#include +#ifdef HAVE_PATHS_H +# include +#endif +#ifndef _PATH_STDPATH +# ifdef _PATH_USERPATH /* Irix */ +# define _PATH_STDPATH _PATH_USERPATH +# else +# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" +# endif +#endif +#include +#include +#include +#define DATA "conftest.stdpath" + +int +main (void) +{ + + FILE *fd; + int rc; + + fd = fopen(DATA,"w"); + if(fd == NULL) + exit(1); + + if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) + exit(1); + + exit(0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + user_path=`cat conftest.stdpath` +else $as_nop + user_path="/usr/bin:/bin:/usr/sbin:/sbin" +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +# make sure $bindir is in USER_PATH so scp will work + t_bindir="${bindir}" + while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do + t_bindir=`eval echo ${t_bindir}` + case $t_bindir in + NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; + esac + case $t_bindir in + NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; + esac + done + echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 + if test $? -ne 0 ; then + echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 + if test $? -ne 0 ; then + user_path=$user_path:$t_bindir + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: Adding $t_bindir to USER_PATH so scp will work" >&5 +printf "%s\n" "Adding $t_bindir to USER_PATH so scp will work" >&6; } + fi + fi + fi + +fi + +if test "x$external_path_file" != "x/etc/login.conf" ; then + +printf "%s\n" "#define USER_PATH \"$user_path\"" >>confdefs.h + + +fi + +# Set superuser path separately to user path + +# Check whether --with-superuser-path was given. +if test ${with_superuser_path+y} +then : + withval=$with_superuser_path; + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + +printf "%s\n" "#define SUPERUSER_PATH \"$withval\"" >>confdefs.h + + superuser_path=$withval + fi + + +fi + + + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if we need to convert IPv4 in IPv6-mapped addresses" >&5 +printf %s "checking if we need to convert IPv4 in IPv6-mapped addresses... " >&6; } +IPV4_IN6_HACK_MSG="no" + +# Check whether --with-4in6 was given. +if test ${with_4in6+y} +then : + withval=$with_4in6; + if test "x$withval" != "xno" ; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +printf "%s\n" "#define IPV4_IN_IPV6 1" >>confdefs.h + + IPV4_IN6_HACK_MSG="yes" + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + fi + +else $as_nop + + if test "x$inet6_default_4in6" = "xyes"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes (default)" >&5 +printf "%s\n" "yes (default)" >&6; } + printf "%s\n" "#define IPV4_IN_IPV6 1" >>confdefs.h + + IPV4_IN6_HACK_MSG="yes" + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no (default)" >&5 +printf "%s\n" "no (default)" >&6; } + fi + + +fi + + +# Whether to enable BSD auth support +BSD_AUTH_MSG=no + +# Check whether --with-bsd-auth was given. +if test ${with_bsd_auth+y} +then : + withval=$with_bsd_auth; + if test "x$withval" != "xno" ; then + +printf "%s\n" "#define BSD_AUTH 1" >>confdefs.h + + BSD_AUTH_MSG=yes + fi + + +fi + + +# Where to place sshd.pid +piddir=/var/run +# make sure the directory exists +if test ! -d $piddir ; then + piddir=`eval echo ${sysconfdir}` + case $piddir in + NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; + esac +fi + + +# Check whether --with-pid-dir was given. +if test ${with_pid_dir+y} +then : + withval=$with_pid_dir; + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + piddir=$withval + if test ! -d $piddir ; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: ** no $piddir directory on this system **" >&5 +printf "%s\n" "$as_me: WARNING: ** no $piddir directory on this system **" >&2;} + fi + fi + + +fi + + + +printf "%s\n" "#define _PATH_SSH_PIDDIR \"$piddir\"" >>confdefs.h + + + + +# Check whether --enable-fd-passing was given. +if test ${enable_fd_passing+y} +then : + enableval=$enable_fd_passing; + if test "x$enableval" = "xno" ; then + printf "%s\n" "#define DISABLE_FD_PASSING 1" >>confdefs.h + + fi + + +fi + + +# Check whether --enable-lastlog was given. +if test ${enable_lastlog+y} +then : + enableval=$enable_lastlog; + if test "x$enableval" = "xno" ; then + printf "%s\n" "#define DISABLE_LASTLOG 1" >>confdefs.h + + fi + + +fi + +# Check whether --enable-utmp was given. +if test ${enable_utmp+y} +then : + enableval=$enable_utmp; + if test "x$enableval" = "xno" ; then + printf "%s\n" "#define DISABLE_UTMP 1" >>confdefs.h + + fi + + +fi + +# Check whether --enable-utmpx was given. +if test ${enable_utmpx+y} +then : + enableval=$enable_utmpx; + if test "x$enableval" = "xno" ; then + +printf "%s\n" "#define DISABLE_UTMPX 1" >>confdefs.h + + fi + + +fi + +# Check whether --enable-wtmp was given. +if test ${enable_wtmp+y} +then : + enableval=$enable_wtmp; + if test "x$enableval" = "xno" ; then + printf "%s\n" "#define DISABLE_WTMP 1" >>confdefs.h + + fi + + +fi + +# Check whether --enable-wtmpx was given. +if test ${enable_wtmpx+y} +then : + enableval=$enable_wtmpx; + if test "x$enableval" = "xno" ; then + +printf "%s\n" "#define DISABLE_WTMPX 1" >>confdefs.h + + fi + + +fi + +# Check whether --enable-libutil was given. +if test ${enable_libutil+y} +then : + enableval=$enable_libutil; + if test "x$enableval" = "xno" ; then + printf "%s\n" "#define DISABLE_LOGIN 1" >>confdefs.h + + fi + + +fi + +# Check whether --enable-pututline was given. +if test ${enable_pututline+y} +then : + enableval=$enable_pututline; + if test "x$enableval" = "xno" ; then + +printf "%s\n" "#define DISABLE_PUTUTLINE 1" >>confdefs.h + + fi + + +fi + +# Check whether --enable-pututxline was given. +if test ${enable_pututxline+y} +then : + enableval=$enable_pututxline; + if test "x$enableval" = "xno" ; then + +printf "%s\n" "#define DISABLE_PUTUTXLINE 1" >>confdefs.h + + fi + + +fi + + +# Check whether --with-lastlog was given. +if test ${with_lastlog+y} +then : + withval=$with_lastlog; + if test "x$withval" = "xno" ; then + printf "%s\n" "#define DISABLE_LASTLOG 1" >>confdefs.h + + elif test -n "$withval" && test "x${withval}" != "xyes"; then + conf_lastlog_location=$withval + fi + + +fi + + + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if your system defines LASTLOG_FILE" >&5 +printf %s "checking if your system defines LASTLOG_FILE... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#ifdef HAVE_LASTLOG_H +# include +#endif +#ifdef HAVE_PATHS_H +# include +#endif +#ifdef HAVE_LOGIN_H +# include +#endif + +int +main (void) +{ + char *lastlog = LASTLOG_FILE; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +else $as_nop + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if your system defines _PATH_LASTLOG" >&5 +printf %s "checking if your system defines _PATH_LASTLOG... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#ifdef HAVE_LASTLOG_H +# include +#endif +#ifdef HAVE_PATHS_H +# include +#endif + +int +main (void) +{ + char *lastlog = _PATH_LASTLOG; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +else $as_nop + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + system_lastlog_path=no + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +if test -z "$conf_lastlog_location"; then + if test x"$system_lastlog_path" = x"no" ; then + for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do + if (test -d "$f" || test -f "$f") ; then + conf_lastlog_location=$f + fi + done + if test -z "$conf_lastlog_location"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: ** Cannot find lastlog **" >&5 +printf "%s\n" "$as_me: WARNING: ** Cannot find lastlog **" >&2;} + fi + fi +fi + +if test -n "$conf_lastlog_location"; then + +printf "%s\n" "#define CONF_LASTLOG_FILE \"$conf_lastlog_location\"" >>confdefs.h + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if your system defines UTMP_FILE" >&5 +printf %s "checking if your system defines UTMP_FILE... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#ifdef HAVE_PATHS_H +# include +#endif + +int +main (void) +{ + char *utmp = UTMP_FILE; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + system_utmp_path=no + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +if test -z "$conf_utmp_location"; then + if test x"$system_utmp_path" = x"no" ; then + for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do + if test -f $f ; then + conf_utmp_location=$f + fi + done + if test -z "$conf_utmp_location"; then + printf "%s\n" "#define DISABLE_UTMP 1" >>confdefs.h + + fi + fi +fi +if test -n "$conf_utmp_location"; then + +printf "%s\n" "#define CONF_UTMP_FILE \"$conf_utmp_location\"" >>confdefs.h + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if your system defines WTMP_FILE" >&5 +printf %s "checking if your system defines WTMP_FILE... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#ifdef HAVE_PATHS_H +# include +#endif + +int +main (void) +{ + char *wtmp = WTMP_FILE; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + system_wtmp_path=no + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +if test -z "$conf_wtmp_location"; then + if test x"$system_wtmp_path" = x"no" ; then + for f in /usr/adm/wtmp /var/log/wtmp; do + if test -f $f ; then + conf_wtmp_location=$f + fi + done + if test -z "$conf_wtmp_location"; then + printf "%s\n" "#define DISABLE_WTMP 1" >>confdefs.h + + fi + fi +fi +if test -n "$conf_wtmp_location"; then + +printf "%s\n" "#define CONF_WTMP_FILE \"$conf_wtmp_location\"" >>confdefs.h + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if your system defines WTMPX_FILE" >&5 +printf %s "checking if your system defines WTMPX_FILE... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#ifdef HAVE_UTMPX_H +#include +#endif +#ifdef HAVE_PATHS_H +# include +#endif + +int +main (void) +{ + char *wtmpx = WTMPX_FILE; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + system_wtmpx_path=no + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +if test -z "$conf_wtmpx_location"; then + if test x"$system_wtmpx_path" = x"no" ; then + printf "%s\n" "#define DISABLE_WTMPX 1" >>confdefs.h + + fi +else + +printf "%s\n" "#define CONF_WTMPX_FILE \"$conf_wtmpx_location\"" >>confdefs.h + +fi + + +if test ! -z "$blibpath" ; then + LDFLAGS="$LDFLAGS $blibflags$blibpath" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&5 +printf "%s\n" "$as_me: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&2;} +fi + +ac_fn_c_check_member "$LINENO" "struct lastlog" "ll_line" "ac_cv_member_struct_lastlog_ll_line" " +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_UTMP_H +#include +#endif +#ifdef HAVE_UTMPX_H +#include +#endif +#ifdef HAVE_LASTLOG_H +#include +#endif + +" +if test "x$ac_cv_member_struct_lastlog_ll_line" = xyes +then : + +else $as_nop + + if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then + printf "%s\n" "#define DISABLE_LASTLOG 1" >>confdefs.h + + fi + +fi + + +ac_fn_c_check_member "$LINENO" "struct utmp" "ut_line" "ac_cv_member_struct_utmp_ut_line" " +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_UTMP_H +#include +#endif +#ifdef HAVE_UTMPX_H +#include +#endif +#ifdef HAVE_LASTLOG_H +#include +#endif + +" +if test "x$ac_cv_member_struct_utmp_ut_line" = xyes +then : + +else $as_nop + + printf "%s\n" "#define DISABLE_UTMP 1" >>confdefs.h + + printf "%s\n" "#define DISABLE_WTMP 1" >>confdefs.h + + +fi + + +CFLAGS="$CFLAGS $werror_flags" + +if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then + TEST_SSH_IPV6=no +else + TEST_SSH_IPV6=yes +fi +ac_fn_check_decl "$LINENO" "BROKEN_GETADDRINFO" "ac_cv_have_decl_BROKEN_GETADDRINFO" "$ac_includes_default" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_BROKEN_GETADDRINFO" = xyes +then : + TEST_SSH_IPV6=no +fi +TEST_SSH_IPV6=$TEST_SSH_IPV6 + +TEST_SSH_UTF8=$TEST_SSH_UTF8 + +TEST_MALLOC_OPTIONS=$TEST_MALLOC_OPTIONS + +UNSUPPORTED_ALGORITHMS=$unsupported_algorithms + +DEPEND=$(cat $srcdir/.depend) + + +# Binaries for interop tests. +# Extract the first word of "plink", so it can be a program name with args. +set dummy plink; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_PLINK+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $PLINK in + [\\/]* | ?:[\\/]*) + ac_cv_path_PLINK="$PLINK" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_PLINK="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +PLINK=$ac_cv_path_PLINK +if test -n "$PLINK"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PLINK" >&5 +printf "%s\n" "$PLINK" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +# Extract the first word of "puttygen", so it can be a program name with args. +set dummy puttygen; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_PUTTYGEN+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $PUTTYGEN in + [\\/]* | ?:[\\/]*) + ac_cv_path_PUTTYGEN="$PUTTYGEN" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_PUTTYGEN="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +PUTTYGEN=$ac_cv_path_PUTTYGEN +if test -n "$PUTTYGEN"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PUTTYGEN" >&5 +printf "%s\n" "$PUTTYGEN" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +# Extract the first word of "conch", so it can be a program name with args. +set dummy conch; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_CONCH+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $CONCH in + [\\/]* | ?:[\\/]*) + ac_cv_path_CONCH="$CONCH" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_CONCH="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +CONCH=$ac_cv_path_CONCH +if test -n "$CONCH"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CONCH" >&5 +printf "%s\n" "$CONCH" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +# Extract the first word of "dropbear", so it can be a program name with args. +set dummy dropbear; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_DROPBEAR+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $DROPBEAR in + [\\/]* | ?:[\\/]*) + ac_cv_path_DROPBEAR="$DROPBEAR" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_DROPBEAR="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +DROPBEAR=$ac_cv_path_DROPBEAR +if test -n "$DROPBEAR"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DROPBEAR" >&5 +printf "%s\n" "$DROPBEAR" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +# Extract the first word of "dbclient", so it can be a program name with args. +set dummy dbclient; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_DBCLIENT+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $DBCLIENT in + [\\/]* | ?:[\\/]*) + ac_cv_path_DBCLIENT="$DBCLIENT" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_DBCLIENT="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +DBCLIENT=$ac_cv_path_DBCLIENT +if test -n "$DBCLIENT"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DBCLIENT" >&5 +printf "%s\n" "$DBCLIENT" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +# Extract the first word of "dropbearkey", so it can be a program name with args. +set dummy dropbearkey; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_DROPBEARKEY+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $DROPBEARKEY in + [\\/]* | ?:[\\/]*) + ac_cv_path_DROPBEARKEY="$DROPBEARKEY" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_DROPBEARKEY="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +DROPBEARKEY=$ac_cv_path_DROPBEARKEY +if test -n "$DROPBEARKEY"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DROPBEARKEY" >&5 +printf "%s\n" "$DROPBEARKEY" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +# Extract the first word of "dropbearconvert", so it can be a program name with args. +set dummy dropbearconvert; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_DROPBEARCONVERT+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $DROPBEARCONVERT in + [\\/]* | ?:[\\/]*) + ac_cv_path_DROPBEARCONVERT="$DROPBEARCONVERT" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_DROPBEARCONVERT="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +DROPBEARCONVERT=$ac_cv_path_DROPBEARCONVERT +if test -n "$DROPBEARCONVERT"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DROPBEARCONVERT" >&5 +printf "%s\n" "$DROPBEARCONVERT" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + + +CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" +LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" + +# Make a copy of CFLAGS/LDFLAGS without PIE options. +LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'` +CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'` + + + + +ac_config_files="$ac_config_files Makefile buildpkg.sh opensshd.init openssh.xml openbsd-compat/Makefile openbsd-compat/regress/Makefile survey.sh" + +cat >confcache <<\_ACEOF +# This file is a shell script that caches the results of configure +# tests run on this system so they can be shared between configure +# scripts and configure runs, see configure's option --config-cache. +# It is not useful on other systems. If it contains results you don't +# want to keep, you may remove or edit it. +# +# config.status only pays attention to the cache file if you give it +# the --recheck option to rerun configure. +# +# `ac_cv_env_foo' variables (set or unset) will be overridden when +# loading this file, other *unset* `ac_cv_foo' will be assigned the +# following values. + +_ACEOF + +# The following way of writing the cache mishandles newlines in values, +# but we know of no workaround that is simple, portable, and efficient. +# So, we kill variables containing newlines. +# Ultrix sh set writes to stderr and can't be redirected directly, +# and sets the high bit in the cache file unless we assign to the vars. +( + for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do + eval ac_val=\$$ac_var + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( + *_cv_*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( + BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( + *) { eval $ac_var=; unset $ac_var;} ;; + esac ;; + esac + done + + (set) 2>&1 | + case $as_nl`(ac_space=' '; set) 2>&1` in #( + *${as_nl}ac_space=\ *) + # `set' does not quote correctly, so add quotes: double-quote + # substitution turns \\\\ into \\, and sed turns \\ into \. + sed -n \ + "s/'/'\\\\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" + ;; #( + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" + ;; + esac | + sort +) | + sed ' + /^ac_cv_env_/b end + t clear + :clear + s/^\([^=]*\)=\(.*[{}].*\)$/test ${\1+y} || &/ + t end + s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ + :end' >>confcache +if diff "$cache_file" confcache >/dev/null 2>&1; then :; else + if test -w "$cache_file"; then + if test "x$cache_file" != "x/dev/null"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 +printf "%s\n" "$as_me: updating cache $cache_file" >&6;} + if test ! -f "$cache_file" || test -h "$cache_file"; then + cat confcache >"$cache_file" + else + case $cache_file in #( + */* | ?:*) + mv -f confcache "$cache_file"$$ && + mv -f "$cache_file"$$ "$cache_file" ;; #( + *) + mv -f confcache "$cache_file" ;; + esac + fi + fi + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 +printf "%s\n" "$as_me: not updating unwritable cache $cache_file" >&6;} + fi +fi +rm -f confcache + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +# Let make expand exec_prefix. +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +DEFS=-DHAVE_CONFIG_H + +ac_libobjs= +ac_ltlibobjs= +U= +for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue + # 1. Remove the extension, and $U if already installed. + ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' + ac_i=`printf "%s\n" "$ac_i" | sed "$ac_script"` + # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR + # will be set to the directory where LIBOBJS objects are built. + as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" + as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' +done +LIBOBJS=$ac_libobjs + +LTLIBOBJS=$ac_ltlibobjs + + + + +: "${CONFIG_STATUS=./config.status}" +ac_write_fail=0 +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files $CONFIG_STATUS" +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 +printf "%s\n" "$as_me: creating $CONFIG_STATUS" >&6;} +as_write_fail=0 +cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 +#! $SHELL +# Generated by $as_me. +# Run this file to recreate the current configuration. +# Compiler output produced by configure, useful for debugging +# configure, is in config.log if it exists. + +debug=false +ac_cs_recheck=false +ac_cs_silent=false + +SHELL=\${CONFIG_SHELL-$SHELL} +export SHELL +_ASEOF +cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 +## -------------------- ## +## M4sh Initialization. ## +## -------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +as_nop=: +if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 +then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else $as_nop + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi + + + +# Reset variables that may have inherited troublesome values from +# the environment. + +# IFS needs to be set, to space, tab, and newline, in precisely that order. +# (If _AS_PATH_WALK were called with IFS unset, it would have the +# side effect of setting IFS to empty, thus disabling word splitting.) +# Quoting is to prevent editors from complaining about space-tab. +as_nl=' +' +export as_nl +IFS=" "" $as_nl" + +PS1='$ ' +PS2='> ' +PS4='+ ' + +# Ensure predictable behavior from utilities with locale-dependent output. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# We cannot yet rely on "unset" to work, but we need these variables +# to be unset--not just set to an empty or harmless value--now, to +# avoid bugs in old shells (e.g. pre-3.0 UWIN ksh). This construct +# also avoids known problems related to "unset" and subshell syntax +# in other old shells (e.g. bash 2.01 and pdksh 5.2.14). +for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH +do eval test \${$as_var+y} \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done + +# Ensure that fds 0, 1, and 2 are open. +if (exec 3>&0) 2>/dev/null; then :; else exec 0&1) 2>/dev/null; then :; else exec 1>/dev/null; fi +if (exec 3>&2) ; then :; else exec 2>/dev/null; fi + +# The user is always right. +if ${PATH_SEPARATOR+false} :; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + + +# Find who we are. Look in the path if we contain no directory separator. +as_myself= +case $0 in #(( + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + test -r "$as_dir$0" && as_myself=$as_dir$0 && break + done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + printf "%s\n" "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + exit 1 +fi + + + +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- +# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are +# provided, also output the error to LOG_FD, referencing LINENO. Then exit the +# script with STATUS, using 1 if that was 0. +as_fn_error () +{ + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + fi + printf "%s\n" "$as_me: error: $2" >&2 + as_fn_exit $as_status +} # as_fn_error + + + +# as_fn_set_status STATUS +# ----------------------- +# Set $? to STATUS, without forking. +as_fn_set_status () +{ + return $1 +} # as_fn_set_status + +# as_fn_exit STATUS +# ----------------- +# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. +as_fn_exit () +{ + set +e + as_fn_set_status $1 + exit $1 +} # as_fn_exit + +# as_fn_unset VAR +# --------------- +# Portably unset VAR. +as_fn_unset () +{ + { eval $1=; unset $1;} +} +as_unset=as_fn_unset + +# as_fn_append VAR VALUE +# ---------------------- +# Append the text in VALUE to the end of the definition contained in VAR. Take +# advantage of any shell optimizations that allow amortized linear growth over +# repeated appends, instead of the typical quadratic growth present in naive +# implementations. +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null +then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +else $as_nop + as_fn_append () + { + eval $1=\$$1\$2 + } +fi # as_fn_append + +# as_fn_arith ARG... +# ------------------ +# Perform arithmetic evaluation on the ARGs, and store the result in the +# global $as_val. Take advantage of shells that can avoid forks. The arguments +# must be portable across $(()) and expr. +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null +then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +else $as_nop + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` + } +fi # as_fn_arith + + +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +printf "%s\n" X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + + +# Determine whether it's possible to make 'echo' print without a newline. +# These variables are no longer used directly by Autoconf, but are AC_SUBSTed +# for compatibility with existing Makefiles. +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in #((((( +-n*) + case `echo 'xy\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + xy) ECHO_C='\c';; + *) echo `echo ksh88 bug on AIX 6.1` > /dev/null + ECHO_T=' ';; + esac;; +*) + ECHO_N='-n';; +esac + +# For backward compatibility with old third-party macros, we provide +# the shell variables $as_echo and $as_echo_n. New code should use +# AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively. +as_echo='printf %s\n' +as_echo_n='printf %s' + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir 2>/dev/null +fi +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -pR'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -pR' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -pR' + fi +else + as_ln_s='cp -pR' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + + +# as_fn_mkdir_p +# ------------- +# Create "$as_dir" as a directory, including parents if necessary. +as_fn_mkdir_p () +{ + + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || eval $as_mkdir_p || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`printf "%s\n" "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +printf "%s\n" X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" + + +} # as_fn_mkdir_p +if mkdir -p . 2>/dev/null; then + as_mkdir_p='mkdir -p "$as_dir"' +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + + +# as_fn_executable_p FILE +# ----------------------- +# Test if FILE is an executable regular file. +as_fn_executable_p () +{ + test -f "$1" && test -x "$1" +} # as_fn_executable_p +as_test_x='test -x' +as_executable_p=as_fn_executable_p + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +exec 6>&1 +## ----------------------------------- ## +## Main body of $CONFIG_STATUS script. ## +## ----------------------------------- ## +_ASEOF +test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# Save the log message, to keep $0 and so on meaningful, and to +# report actual input values of CONFIG_FILES etc. instead of their +# values after options handling. +ac_log=" +This file was extended by OpenSSH $as_me Portable, which was +generated by GNU Autoconf 2.71. Invocation command line was + + CONFIG_FILES = $CONFIG_FILES + CONFIG_HEADERS = $CONFIG_HEADERS + CONFIG_LINKS = $CONFIG_LINKS + CONFIG_COMMANDS = $CONFIG_COMMANDS + $ $0 $@ + +on `(hostname || uname -n) 2>/dev/null | sed 1q` +" + +_ACEOF + +case $ac_config_files in *" +"*) set x $ac_config_files; shift; ac_config_files=$*;; +esac + +case $ac_config_headers in *" +"*) set x $ac_config_headers; shift; ac_config_headers=$*;; +esac + + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +# Files that config.status was made for. +config_files="$ac_config_files" +config_headers="$ac_config_headers" + +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +ac_cs_usage="\ +\`$as_me' instantiates files and other configuration actions +from templates according to the current configuration. Unless the files +and actions are specified as TAGs, all are instantiated by default. + +Usage: $0 [OPTION]... [TAG]... + + -h, --help print this help, then exit + -V, --version print version number and configuration settings, then exit + --config print configuration, then exit + -q, --quiet, --silent + do not print progress messages + -d, --debug don't remove temporary files + --recheck update $as_me by reconfiguring in the same conditions + --file=FILE[:TEMPLATE] + instantiate the configuration file FILE + --header=FILE[:TEMPLATE] + instantiate the configuration header FILE + +Configuration files: +$config_files + +Configuration headers: +$config_headers + +Report bugs to ." + +_ACEOF +ac_cs_config=`printf "%s\n" "$ac_configure_args" | sed "$ac_safe_unquote"` +ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\''/g"` +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_cs_config='$ac_cs_config_escaped' +ac_cs_version="\\ +OpenSSH config.status Portable +configured by $0, generated by GNU Autoconf 2.71, + with options \\"\$ac_cs_config\\" + +Copyright (C) 2021 Free Software Foundation, Inc. +This config.status script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it." + +ac_pwd='$ac_pwd' +srcdir='$srcdir' +INSTALL='$INSTALL' +MKDIR_P='$MKDIR_P' +AWK='$AWK' +test -n "\$AWK" || AWK=awk +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# The default lists apply if the user does not specify any file. +ac_need_defaults=: +while test $# != 0 +do + case $1 in + --*=?*) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` + ac_shift=: + ;; + --*=) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg= + ac_shift=: + ;; + *) + ac_option=$1 + ac_optarg=$2 + ac_shift=shift + ;; + esac + + case $ac_option in + # Handling of the options. + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + ac_cs_recheck=: ;; + --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) + printf "%s\n" "$ac_cs_version"; exit ;; + --config | --confi | --conf | --con | --co | --c ) + printf "%s\n" "$ac_cs_config"; exit ;; + --debug | --debu | --deb | --de | --d | -d ) + debug=: ;; + --file | --fil | --fi | --f ) + $ac_shift + case $ac_optarg in + *\'*) ac_optarg=`printf "%s\n" "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + '') as_fn_error $? "missing file argument" ;; + esac + as_fn_append CONFIG_FILES " '$ac_optarg'" + ac_need_defaults=false;; + --header | --heade | --head | --hea ) + $ac_shift + case $ac_optarg in + *\'*) ac_optarg=`printf "%s\n" "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + as_fn_append CONFIG_HEADERS " '$ac_optarg'" + ac_need_defaults=false;; + --he | --h) + # Conflict between --help and --header + as_fn_error $? "ambiguous option: \`$1' +Try \`$0 --help' for more information.";; + --help | --hel | -h ) + printf "%s\n" "$ac_cs_usage"; exit ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil | --si | --s) + ac_cs_silent=: ;; + + # This is an error. + -*) as_fn_error $? "unrecognized option: \`$1' +Try \`$0 --help' for more information." ;; + + *) as_fn_append ac_config_targets " $1" + ac_need_defaults=false ;; + + esac + shift +done + +ac_configure_extra_args= + +if $ac_cs_silent; then + exec 6>/dev/null + ac_configure_extra_args="$ac_configure_extra_args --silent" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +if \$ac_cs_recheck; then + set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion + shift + \printf "%s\n" "running CONFIG_SHELL=$SHELL \$*" >&6 + CONFIG_SHELL='$SHELL' + export CONFIG_SHELL + exec "\$@" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +exec 5>>config.log +{ + echo + sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX +## Running $as_me. ## +_ASBOX + printf "%s\n" "$ac_log" +} >&5 + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 + +# Handling of arguments. +for ac_config_target in $ac_config_targets +do + case $ac_config_target in + "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; + "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; + "buildpkg.sh") CONFIG_FILES="$CONFIG_FILES buildpkg.sh" ;; + "opensshd.init") CONFIG_FILES="$CONFIG_FILES opensshd.init" ;; + "openssh.xml") CONFIG_FILES="$CONFIG_FILES openssh.xml" ;; + "openbsd-compat/Makefile") CONFIG_FILES="$CONFIG_FILES openbsd-compat/Makefile" ;; + "openbsd-compat/regress/Makefile") CONFIG_FILES="$CONFIG_FILES openbsd-compat/regress/Makefile" ;; + "survey.sh") CONFIG_FILES="$CONFIG_FILES survey.sh" ;; + + *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; + esac +done + + +# If the user did not use the arguments to specify the items to instantiate, +# then the envvar interface is used. Set only those that are not. +# We use the long form for the default assignment because of an extremely +# bizarre bug on SunOS 4.1.3. +if $ac_need_defaults; then + test ${CONFIG_FILES+y} || CONFIG_FILES=$config_files + test ${CONFIG_HEADERS+y} || CONFIG_HEADERS=$config_headers +fi + +# Have a temporary directory for convenience. Make it in the build tree +# simply because there is no reason against having it here, and in addition, +# creating and moving files from /tmp can sometimes cause problems. +# Hook for its removal unless debugging. +# Note that there is a small window in which the directory will not be cleaned: +# after its creation but before its name has been assigned to `$tmp'. +$debug || +{ + tmp= ac_tmp= + trap 'exit_status=$? + : "${ac_tmp:=$tmp}" + { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status +' 0 + trap 'as_fn_exit 1' 1 2 13 15 +} +# Create a (secure) tmp directory for tmp files. + +{ + tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && + test -d "$tmp" +} || +{ + tmp=./conf$$-$RANDOM + (umask 077 && mkdir "$tmp") +} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 +ac_tmp=$tmp + +# Set up the scripts for CONFIG_FILES section. +# No need to generate them if there are no CONFIG_FILES. +# This happens for instance with `./config.status config.h'. +if test -n "$CONFIG_FILES"; then + + +ac_cr=`echo X | tr X '\015'` +# On cygwin, bash can eat \r inside `` if the user requested igncr. +# But we know of no other shell where ac_cr would be empty at this +# point, so we can use a bashism as a fallback. +if test "x$ac_cr" = x; then + eval ac_cr=\$\'\\r\' +fi +ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` +if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then + ac_cs_awk_cr='\\r' +else + ac_cs_awk_cr=$ac_cr +fi + +echo 'BEGIN {' >"$ac_tmp/subs1.awk" && +_ACEOF + + +{ + echo "cat >conf$$subs.awk <<_ACEOF" && + echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && + echo "_ACEOF" +} >conf$$subs.sh || + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 +ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` +ac_delim='%!_!# ' +for ac_last_try in false false false false false :; do + . ./conf$$subs.sh || + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 + + ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` + if test $ac_delim_n = $ac_delim_num; then + break + elif $ac_last_try; then + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 + else + ac_delim="$ac_delim!$ac_delim _$ac_delim!! " + fi +done +rm -f conf$$subs.sh + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK && +_ACEOF +sed -n ' +h +s/^/S["/; s/!.*/"]=/ +p +g +s/^[^!]*!// +:repl +t repl +s/'"$ac_delim"'$// +t delim +:nl +h +s/\(.\{148\}\)..*/\1/ +t more1 +s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ +p +n +b repl +:more1 +s/["\\]/\\&/g; s/^/"/; s/$/"\\/ +p +g +s/.\{148\}// +t nl +:delim +h +s/\(.\{148\}\)..*/\1/ +t more2 +s/["\\]/\\&/g; s/^/"/; s/$/"/ +p +b +:more2 +s/["\\]/\\&/g; s/^/"/; s/$/"\\/ +p +g +s/.\{148\}// +t delim +' >$CONFIG_STATUS || ac_write_fail=1 +rm -f conf$$subs.awk +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +_ACAWK +cat >>"\$ac_tmp/subs1.awk" <<_ACAWK && + for (key in S) S_is_set[key] = 1 + FS = "" + +} +{ + line = $ 0 + nfields = split(line, field, "@") + substed = 0 + len = length(field[1]) + for (i = 2; i < nfields; i++) { + key = field[i] + keylen = length(key) + if (S_is_set[key]) { + value = S[key] + line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) + len += length(value) + length(field[++i]) + substed = 1 + } else + len += 1 + keylen + } + + print line +} + +_ACAWK +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then + sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" +else + cat +fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \ + || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 +_ACEOF + +# VPATH may cause trouble with some makes, so we remove sole $(srcdir), +# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and +# trailing colons and then remove the whole line if VPATH becomes empty +# (actually we leave an empty line to preserve line numbers). +if test "x$srcdir" = x.; then + ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ +h +s/// +s/^/:/ +s/[ ]*$/:/ +s/:\$(srcdir):/:/g +s/:\${srcdir}:/:/g +s/:@srcdir@:/:/g +s/^:*// +s/:*$// +x +s/\(=[ ]*\).*/\1/ +G +s/\n// +s/^[^=]*=[ ]*$// +}' +fi + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +fi # test -n "$CONFIG_FILES" + +# Set up the scripts for CONFIG_HEADERS section. +# No need to generate them if there are no CONFIG_HEADERS. +# This happens for instance with `./config.status Makefile'. +if test -n "$CONFIG_HEADERS"; then +cat >"$ac_tmp/defines.awk" <<\_ACAWK || +BEGIN { +_ACEOF + +# Transform confdefs.h into an awk script `defines.awk', embedded as +# here-document in config.status, that substitutes the proper values into +# config.h.in to produce config.h. + +# Create a delimiter string that does not exist in confdefs.h, to ease +# handling of long lines. +ac_delim='%!_!# ' +for ac_last_try in false false :; do + ac_tt=`sed -n "/$ac_delim/p" confdefs.h` + if test -z "$ac_tt"; then + break + elif $ac_last_try; then + as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5 + else + ac_delim="$ac_delim!$ac_delim _$ac_delim!! " + fi +done + +# For the awk script, D is an array of macro values keyed by name, +# likewise P contains macro parameters if any. Preserve backslash +# newline sequences. + +ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]* +sed -n ' +s/.\{148\}/&'"$ac_delim"'/g +t rset +:rset +s/^[ ]*#[ ]*define[ ][ ]*/ / +t def +d +:def +s/\\$// +t bsnl +s/["\\]/\\&/g +s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ +D["\1"]=" \3"/p +s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p +d +:bsnl +s/["\\]/\\&/g +s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ +D["\1"]=" \3\\\\\\n"\\/p +t cont +s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p +t cont +d +:cont +n +s/.\{148\}/&'"$ac_delim"'/g +t clear +:clear +s/\\$// +t bsnlc +s/["\\]/\\&/g; s/^/"/; s/$/"/p +d +:bsnlc +s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p +b cont +' >$CONFIG_STATUS || ac_write_fail=1 + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + for (key in D) D_is_set[key] = 1 + FS = "" +} +/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ { + line = \$ 0 + split(line, arg, " ") + if (arg[1] == "#") { + defundef = arg[2] + mac1 = arg[3] + } else { + defundef = substr(arg[1], 2) + mac1 = arg[2] + } + split(mac1, mac2, "(") #) + macro = mac2[1] + prefix = substr(line, 1, index(line, defundef) - 1) + if (D_is_set[macro]) { + # Preserve the white space surrounding the "#". + print prefix "define", macro P[macro] D[macro] + next + } else { + # Replace #undef with comments. This is necessary, for example, + # in the case of _POSIX_SOURCE, which is predefined and required + # on some systems where configure will not decide to define it. + if (defundef == "undef") { + print "/*", prefix defundef, macro, "*/" + next + } + } +} +{ print } +_ACAWK +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 + as_fn_error $? "could not setup config headers machinery" "$LINENO" 5 +fi # test -n "$CONFIG_HEADERS" + + +eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS " +shift +for ac_tag +do + case $ac_tag in + :[FHLC]) ac_mode=$ac_tag; continue;; + esac + case $ac_mode$ac_tag in + :[FHL]*:*);; + :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; + :[FH]-) ac_tag=-:-;; + :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; + esac + ac_save_IFS=$IFS + IFS=: + set x $ac_tag + IFS=$ac_save_IFS + shift + ac_file=$1 + shift + + case $ac_mode in + :L) ac_source=$1;; + :[FH]) + ac_file_inputs= + for ac_f + do + case $ac_f in + -) ac_f="$ac_tmp/stdin";; + *) # Look for the file first in the build tree, then in the source tree + # (if the path is not absolute). The absolute path cannot be DOS-style, + # because $ac_f cannot contain `:'. + test -f "$ac_f" || + case $ac_f in + [\\/$]*) false;; + *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; + esac || + as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; + esac + case $ac_f in *\'*) ac_f=`printf "%s\n" "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac + as_fn_append ac_file_inputs " '$ac_f'" + done + + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ + configure_input='Generated from '` + printf "%s\n" "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' + `' by configure.' + if test x"$ac_file" != x-; then + configure_input="$ac_file. $configure_input" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 +printf "%s\n" "$as_me: creating $ac_file" >&6;} + fi + # Neutralize special characters interpreted by sed in replacement strings. + case $configure_input in #( + *\&* | *\|* | *\\* ) + ac_sed_conf_input=`printf "%s\n" "$configure_input" | + sed 's/[\\\\&|]/\\\\&/g'`;; #( + *) ac_sed_conf_input=$configure_input;; + esac + + case $ac_tag in + *:-:* | *:-) cat >"$ac_tmp/stdin" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; + esac + ;; + esac + + ac_dir=`$as_dirname -- "$ac_file" || +$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || +printf "%s\n" X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + as_dir="$ac_dir"; as_fn_mkdir_p + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`printf "%s\n" "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`printf "%s\n" "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + + case $ac_mode in + :F) + # + # CONFIG_FILE + # + + case $INSTALL in + [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; + *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;; + esac + ac_MKDIR_P=$MKDIR_P + case $MKDIR_P in + [\\/$]* | ?:[\\/]* ) ;; + */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;; + esac +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# If the template does not know about datarootdir, expand it. +# FIXME: This hack should be removed a few years after 2.60. +ac_datarootdir_hack=; ac_datarootdir_seen= +ac_sed_dataroot=' +/datarootdir/ { + p + q +} +/@datadir@/p +/@docdir@/p +/@infodir@/p +/@localedir@/p +/@mandir@/p' +case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in +*datarootdir*) ac_datarootdir_seen=yes;; +*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 +printf "%s\n" "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + ac_datarootdir_hack=' + s&@datadir@&$datadir&g + s&@docdir@&$docdir&g + s&@infodir@&$infodir&g + s&@localedir@&$localedir&g + s&@mandir@&$mandir&g + s&\\\${datarootdir}&$datarootdir&g' ;; +esac +_ACEOF + +# Neutralize VPATH when `$srcdir' = `.'. +# Shell code in configure.ac might set extrasub. +# FIXME: do we really want to maintain this feature? +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_sed_extra="$ac_vpsub +$extrasub +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +:t +/@[a-zA-Z_][a-zA-Z_0-9]*@/!b +s|@configure_input@|$ac_sed_conf_input|;t t +s&@top_builddir@&$ac_top_builddir_sub&;t t +s&@top_build_prefix@&$ac_top_build_prefix&;t t +s&@srcdir@&$ac_srcdir&;t t +s&@abs_srcdir@&$ac_abs_srcdir&;t t +s&@top_srcdir@&$ac_top_srcdir&;t t +s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t +s&@builddir@&$ac_builddir&;t t +s&@abs_builddir@&$ac_abs_builddir&;t t +s&@abs_top_builddir@&$ac_abs_top_builddir&;t t +s&@INSTALL@&$ac_INSTALL&;t t +s&@MKDIR_P@&$ac_MKDIR_P&;t t +$ac_datarootdir_hack +" +eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ + >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + +test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && + { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && + { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ + "$ac_tmp/out"`; test -z "$ac_out"; } && + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined" >&5 +printf "%s\n" "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined" >&2;} + + rm -f "$ac_tmp/stdin" + case $ac_file in + -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; + *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";; + esac \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + ;; + :H) + # + # CONFIG_HEADER + # + if test x"$ac_file" != x-; then + { + printf "%s\n" "/* $configure_input */" >&1 \ + && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" + } >"$ac_tmp/config.h" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 +printf "%s\n" "$as_me: $ac_file is unchanged" >&6;} + else + rm -f "$ac_file" + mv "$ac_tmp/config.h" "$ac_file" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + fi + else + printf "%s\n" "/* $configure_input */" >&1 \ + && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \ + || as_fn_error $? "could not create -" "$LINENO" 5 + fi + ;; + + + esac + +done # for ac_tag + + +as_fn_exit 0 +_ACEOF +ac_clean_files=$ac_clean_files_save + +test $ac_write_fail = 0 || + as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 + + +# configure is writing to config.log, and then calls config.status. +# config.status does its own redirection, appending to config.log. +# Unfortunately, on DOS this fails, as config.log is still kept open +# by configure, so config.status won't be able to write to it; its +# output is simply discarded. So we exec the FD to /dev/null, +# effectively closing config.log, so it can be properly (re)opened and +# appended to by config.status. When coming back to configure, we +# need to make the FD available again. +if test "$no_create" != yes; then + ac_cs_success=: + ac_config_status_args= + test "$silent" = yes && + ac_config_status_args="$ac_config_status_args --quiet" + exec 5>/dev/null + $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false + exec 5>>config.log + # Use ||, not &&, to avoid exiting from the if with $? = 1, which + # would make configure fail if this is the last instruction. + $ac_cs_success || as_fn_exit 1 +fi +if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 +printf "%s\n" "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} +fi + + +# Print summary of options + +# Someone please show me a better way :) +A=`eval echo ${prefix}` ; A=`eval echo ${A}` +B=`eval echo ${bindir}` ; B=`eval echo ${B}` +C=`eval echo ${sbindir}` ; C=`eval echo ${C}` +D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` +E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` +F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` +G=`eval echo ${piddir}` ; G=`eval echo ${G}` +H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` +I=`eval echo ${user_path}` ; I=`eval echo ${I}` +J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` + +echo "" +echo "OpenSSH has been configured with the following options:" +echo " User binaries: $B" +echo " System binaries: $C" +echo " Configuration files: $D" +echo " Askpass program: $E" +echo " Manual pages: $F" +echo " PID file: $G" +echo " Privilege separation chroot path: $H" +if test "x$external_path_file" = "x/etc/login.conf" ; then +echo " At runtime, sshd will use the path defined in $external_path_file" +echo " Make sure the path to scp is present, otherwise scp will not work" +else +echo " sshd default user PATH: $I" + if test ! -z "$external_path_file"; then +echo " (If PATH is set in $external_path_file it will be used instead. If" +echo " used, ensure the path to scp is present, otherwise scp will not work.)" + fi +fi +if test ! -z "$superuser_path" ; then +echo " sshd superuser user PATH: $J" +fi +echo " Manpage format: $MANTYPE" +echo " PAM support: $PAM_MSG" +echo " OSF SIA support: $SIA_MSG" +echo " KerberosV support: $KRB5_MSG" +echo " SELinux support: $SELINUX_MSG" +echo " libedit support: $LIBEDIT_MSG" +echo " libldns support: $LDNS_MSG" +echo " Solaris process contract support: $SPC_MSG" +echo " Solaris project support: $SP_MSG" +echo " Solaris privilege support: $SPP_MSG" +echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" +echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" +echo " BSD Auth support: $BSD_AUTH_MSG" +echo " Random number source: $RAND_MSG" +echo " Privsep sandbox style: $SANDBOX_STYLE" +echo " PKCS#11 support: $enable_pkcs11" +echo " U2F/FIDO support: $enable_sk" + +echo "" + +echo " Host: ${host}" +echo " Compiler: ${CC}" +echo " Compiler flags: ${CFLAGS}" +echo "Preprocessor flags: ${CPPFLAGS}" +echo " Linker flags: ${LDFLAGS}" +echo " Libraries: ${LIBS}" +if test ! -z "${CHANNELLIBS}"; then +echo " +for channels: ${CHANNELLIBS}" +fi +if test ! -z "${LIBFIDO2}"; then +echo " +for FIDO2: ${LIBFIDO2}" +fi +if test ! -z "${SSHDLIBS}"; then +echo " +for sshd: ${SSHDLIBS}" +fi + +echo "" + +if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then + echo "SVR4 style packages are supported with \"make package\"" + echo "" +fi + +if test "x$PAM_MSG" = "xyes" ; then + echo "PAM is enabled. You may need to install a PAM control file " + echo "for sshd, otherwise password authentication may fail. " + echo "Example PAM control files can be found in the contrib/ " + echo "subdirectory" + echo "" +fi + +if test ! -z "$NO_PEERCHECK" ; then + echo "WARNING: the operating system that you are using does not" + echo "appear to support getpeereid(), getpeerucred() or the" + echo "SO_PEERCRED getsockopt() option. These facilities are used to" + echo "enforce security checks to prevent unauthorised connections to" + echo "ssh-agent. Their absence increases the risk that a malicious" + echo "user can connect to your agent." + echo "" +fi + +if test "$AUDIT_MODULE" = "bsm" ; then + echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." + echo "See the Solaris section in README.platform for details." +fi diff --git a/moduli.0 b/moduli.0 new file mode 100644 index 000000000..057a018ef --- /dev/null +++ b/moduli.0 @@ -0,0 +1,74 @@ +MODULI(5) File Formats Manual MODULI(5) + +NAME + moduli M-bM-^@M-^S Diffie-Hellman moduli + +DESCRIPTION + The /etc/moduli file contains prime numbers and generators for use by + sshd(8) in the Diffie-Hellman Group Exchange key exchange method. + + New moduli may be generated with ssh-keygen(1) using a two-step process. + An initial candidate generation pass, using ssh-keygen -M generate, + calculates numbers that are likely to be useful. A second primality + testing pass, using ssh-keygen -M screen, provides a high degree of + assurance that the numbers are prime and are safe for use in Diffie- + Hellman operations by sshd(8). This moduli format is used as the output + from each pass. + + The file consists of newline-separated records, one per modulus, + containing seven space-separated fields. These fields are as follows: + + timestamp The time that the modulus was last processed as + YYYYMMDDHHMMSS. + + type Decimal number specifying the internal structure of + the prime modulus. Supported types are: + + 0 Unknown, not tested. + 2 "Safe" prime; (p-1)/2 is also prime. + 4 Sophie Germain; 2p+1 is also prime. + + Moduli candidates initially produced by ssh-keygen(1) + are Sophie Germain primes (type 4). Further primality + testing with ssh-keygen(1) produces safe prime moduli + (type 2) that are ready for use in sshd(8). Other + types are not used by OpenSSH. + + tests Decimal number indicating the type of primality tests + that the number has been subjected to represented as a + bitmask of the following values: + + 0x00 Not tested. + 0x01 Composite number M-bM-^@M-^S not prime. + 0x02 Sieve of Eratosthenes. + 0x04 Probabilistic Miller-Rabin primality tests. + + The ssh-keygen(1) moduli candidate generation uses the + Sieve of Eratosthenes (flag 0x02). Subsequent + ssh-keygen(1) primality tests are Miller-Rabin tests + (flag 0x04). + + trials Decimal number indicating the number of primality + trials that have been performed on the modulus. + + size Decimal number indicating the size of the prime in + bits. + + generator The recommended generator for use with this modulus + (hexadecimal). + + modulus The modulus itself in hexadecimal. + + When performing Diffie-Hellman Group Exchange, sshd(8) first estimates + the size of the modulus required to produce enough Diffie-Hellman output + to sufficiently key the selected symmetric cipher. sshd(8) then randomly + selects a modulus from /etc/moduli that best meets the size requirement. + +SEE ALSO + ssh-keygen(1), sshd(8) + +STANDARDS + M. Friedl, N. Provos, and W. Simpson, Diffie-Hellman Group Exchange for + the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006. + +OpenBSD 7.5 April 16, 2022 OpenBSD 7.5 diff --git a/scp.0 b/scp.0 new file mode 100644 index 000000000..e098ddf55 --- /dev/null +++ b/scp.0 @@ -0,0 +1,232 @@ +SCP(1) General Commands Manual SCP(1) + +NAME + scp M-bM-^@M-^S OpenSSH secure file copy + +SYNOPSIS + scp [-346ABCOpqRrsTv] [-c cipher] [-D sftp_server_path] [-F ssh_config] + [-i identity_file] [-J destination] [-l limit] [-o ssh_option] + [-P port] [-S program] [-X sftp_option] source ... target + +DESCRIPTION + scp copies files between hosts on a network. + + scp uses the SFTP protocol over a ssh(1) connection for data transfer, + and uses the same authentication and provides the same security as a + login session. + + scp will ask for passwords or passphrases if they are needed for + authentication. + + The source and target may be specified as a local pathname, a remote host + with optional path in the form [user@]host:[path], or a URI in the form + scp://[user@]host[:port][/path]. Local file names can be made explicit + using absolute or relative pathnames to avoid scp treating file names + containing M-bM-^@M-^X:M-bM-^@M-^Y as host specifiers. + + When copying between two remote hosts, if the URI format is used, a port + cannot be specified on the target if the -R option is used. + + The options are as follows: + + -3 Copies between two remote hosts are transferred through the local + host. Without this option the data is copied directly between + the two remote hosts. Note that, when using the legacy SCP + protocol (via the -O flag), this option selects batch mode for + the second host as scp cannot ask for passwords or passphrases + for both hosts. This mode is the default. + + -4 Forces scp to use IPv4 addresses only. + + -6 Forces scp to use IPv6 addresses only. + + -A Allows forwarding of ssh-agent(1) to the remote system. The + default is not to forward an authentication agent. + + -B Selects batch mode (prevents asking for passwords or + passphrases). + + -C Compression enable. Passes the -C flag to ssh(1) to enable + compression. + + -c cipher + Selects the cipher to use for encrypting the data transfer. This + option is directly passed to ssh(1). + + -D sftp_server_path + Connect directly to a local SFTP server program rather than a + remote one via ssh(1). This option may be useful in debugging + the client and server. + + -F ssh_config + Specifies an alternative per-user configuration file for ssh. + This option is directly passed to ssh(1). + + -i identity_file + Selects the file from which the identity (private key) for public + key authentication is read. This option is directly passed to + ssh(1). + + -J destination + Connect to the target host by first making an scp connection to + the jump host described by destination and then establishing a + TCP forwarding to the ultimate destination from there. Multiple + jump hops may be specified separated by comma characters. This + is a shortcut to specify a ProxyJump configuration directive. + This option is directly passed to ssh(1). + + -l limit + Limits the used bandwidth, specified in Kbit/s. + + -O Use the legacy SCP protocol for file transfers instead of the + SFTP protocol. Forcing the use of the SCP protocol may be + necessary for servers that do not implement SFTP, for backwards- + compatibility for particular filename wildcard patterns and for + expanding paths with a M-bM-^@M-^X~M-bM-^@M-^Y prefix for older SFTP servers. + + -o ssh_option + Can be used to pass options to ssh in the format used in + ssh_config(5). This is useful for specifying options for which + there is no separate scp command-line flag. For full details of + the options listed below, and their possible values, see + ssh_config(5). + + AddressFamily + BatchMode + BindAddress + BindInterface + CanonicalDomains + CanonicalizeFallbackLocal + CanonicalizeHostname + CanonicalizeMaxDots + CanonicalizePermittedCNAMEs + CASignatureAlgorithms + CertificateFile + CheckHostIP + Ciphers + Compression + ConnectionAttempts + ConnectTimeout + ControlMaster + ControlPath + ControlPersist + GlobalKnownHostsFile + GSSAPIAuthentication + GSSAPIDelegateCredentials + HashKnownHosts + Host + HostbasedAcceptedAlgorithms + HostbasedAuthentication + HostKeyAlgorithms + HostKeyAlias + Hostname + IdentitiesOnly + IdentityAgent + IdentityFile + IPQoS + KbdInteractiveAuthentication + KbdInteractiveDevices + KexAlgorithms + KnownHostsCommand + LogLevel + MACs + NoHostAuthenticationForLocalhost + NumberOfPasswordPrompts + PasswordAuthentication + PKCS11Provider + Port + PreferredAuthentications + ProxyCommand + ProxyJump + PubkeyAcceptedAlgorithms + PubkeyAuthentication + RekeyLimit + RequiredRSASize + SendEnv + ServerAliveInterval + ServerAliveCountMax + SetEnv + StrictHostKeyChecking + TCPKeepAlive + UpdateHostKeys + User + UserKnownHostsFile + VerifyHostKeyDNS + + -P port + Specifies the port to connect to on the remote host. Note that + this option is written with a capital M-bM-^@M-^XPM-bM-^@M-^Y, because -p is already + reserved for preserving the times and mode bits of the file. + + -p Preserves modification times, access times, and file mode bits + from the source file. + + -q Quiet mode: disables the progress meter as well as warning and + diagnostic messages from ssh(1). + + -R Copies between two remote hosts are performed by connecting to + the origin host and executing scp there. This requires that scp + running on the origin host can authenticate to the destination + host without requiring a password. + + -r Recursively copy entire directories. Note that scp follows + symbolic links encountered in the tree traversal. + + -S program + Name of program to use for the encrypted connection. The program + must understand ssh(1) options. + + -T Disable strict filename checking. By default when copying files + from a remote host to a local directory scp checks that the + received filenames match those requested on the command-line to + prevent the remote end from sending unexpected or unwanted files. + Because of differences in how various operating systems and + shells interpret filename wildcards, these checks may cause + wanted files to be rejected. This option disables these checks + at the expense of fully trusting that the server will not send + unexpected filenames. + + -v Verbose mode. Causes scp and ssh(1) to print debugging messages + about their progress. This is helpful in debugging connection, + authentication, and configuration problems. + + -X sftp_option + Specify an option that controls aspects of SFTP protocol + behaviour. The valid options are: + + nrequests=value + Controls how many concurrent SFTP read or write requests + may be in progress at any point in time during a download + or upload. By default 64 requests may be active + concurrently. + + buffer=value + Controls the maximum buffer size for a single SFTP + read/write operation used during download or upload. By + default a 32KB buffer is used. + +EXIT STATUS + The scp utility exitsM-BM- 0 on success, andM-BM- >0 if an error occurs. + +SEE ALSO + sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), ssh_config(5), + sftp-server(8), sshd(8) + +HISTORY + scp is based on the rcp program in BSD source code from the Regents of + the University of California. + + Since OpenSSH 9.0, scp has used the SFTP protocol for transfers by + default. + +AUTHORS + Timo Rinne + Tatu Ylonen + +CAVEATS + The legacy SCP protocol (selected by the -O flag) requires execution of + the remote user's shell to perform glob(3) pattern matching. This + requires careful quoting of any characters that have special meaning to + the remote shell, such as quote characters. + +OpenBSD 7.5 December 16, 2022 OpenBSD 7.5 diff --git a/sftp-server.0 b/sftp-server.0 new file mode 100644 index 000000000..23fdda399 --- /dev/null +++ b/sftp-server.0 @@ -0,0 +1,98 @@ +SFTP-SERVER(8) System Manager's Manual SFTP-SERVER(8) + +NAME + sftp-server M-bM-^@M-^S OpenSSH SFTP server subsystem + +SYNOPSIS + sftp-server [-ehR] [-d start_directory] [-f log_facility] [-l log_level] + [-P denied_requests] [-p allowed_requests] [-u umask] + sftp-server -Q protocol_feature + +DESCRIPTION + sftp-server is a program that speaks the server side of SFTP protocol to + stdout and expects client requests from stdin. sftp-server is not + intended to be called directly, but from sshd(8) using the Subsystem + option. + + Command-line flags to sftp-server should be specified in the Subsystem + declaration. See sshd_config(5) for more information. + + Valid options are: + + -d start_directory + Specifies an alternate starting directory for users. The + pathname may contain the following tokens that are expanded at + runtime: %% is replaced by a literal '%', %d is replaced by the + home directory of the user being authenticated, and %u is + replaced by the username of that user. The default is to use the + user's home directory. This option is useful in conjunction with + the sshd_config(5) ChrootDirectory option. + + -e Causes sftp-server to print logging information to stderr instead + of syslog for debugging. + + -f log_facility + Specifies the facility code that is used when logging messages + from sftp-server. The possible values are: DAEMON, USER, AUTH, + LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. + The default is AUTH. + + -h Displays sftp-server usage information. + + -l log_level + Specifies which messages will be logged by sftp-server. The + possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, + DEBUG1, DEBUG2, and DEBUG3. INFO and VERBOSE log transactions + that sftp-server performs on behalf of the client. DEBUG and + DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher + levels of debugging output. The default is ERROR. + + -P denied_requests + Specifies a comma-separated list of SFTP protocol requests that + are banned by the server. sftp-server will reply to any denied + request with a failure. The -Q flag can be used to determine the + supported request types. If both denied and allowed lists are + specified, then the denied list is applied before the allowed + list. + + -p allowed_requests + Specifies a comma-separated list of SFTP protocol requests that + are permitted by the server. All request types that are not on + the allowed list will be logged and replied to with a failure + message. + + Care must be taken when using this feature to ensure that + requests made implicitly by SFTP clients are permitted. + + -Q protocol_feature + Queries protocol features supported by sftp-server. At present + the only feature that may be queried is M-bM-^@M-^\requestsM-bM-^@M-^], which may be + used to deny or allow specific requests (flags -P and -p + respectively). + + -R Places this instance of sftp-server into a read-only mode. + Attempts to open files for writing, as well as other operations + that change the state of the filesystem, will be denied. + + -u umask + Sets an explicit umask(2) to be applied to newly-created files + and directories, instead of the user's default mask. + + On some systems, sftp-server must be able to access /dev/log for logging + to work, and use of sftp-server in a chroot configuration therefore + requires that syslogd(8) establish a logging socket inside the chroot + directory. + +SEE ALSO + sftp(1), ssh(1), sshd_config(5), sshd(8) + + T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- + filexfer-02.txt, October 2001, work in progress material. + +HISTORY + sftp-server first appeared in OpenBSD 2.8. + +AUTHORS + Markus Friedl + +OpenBSD 7.5 July 27, 2021 OpenBSD 7.5 diff --git a/sftp.0 b/sftp.0 new file mode 100644 index 000000000..c6a9e60c4 --- /dev/null +++ b/sftp.0 @@ -0,0 +1,438 @@ +SFTP(1) General Commands Manual SFTP(1) + +NAME + sftp M-bM-^@M-^S OpenSSH secure file transfer + +SYNOPSIS + sftp [-46AaCfNpqrv] [-B buffer_size] [-b batchfile] [-c cipher] + [-D sftp_server_command] [-F ssh_config] [-i identity_file] + [-J destination] [-l limit] [-o ssh_option] [-P port] + [-R num_requests] [-S program] [-s subsystem | sftp_server] + [-X sftp_option] destination + +DESCRIPTION + sftp is a file transfer program, similar to ftp(1), which performs all + operations over an encrypted ssh(1) transport. It may also use many + features of ssh, such as public key authentication and compression. + + The destination may be specified either as [user@]host[:path] or as a URI + in the form sftp://[user@]host[:port][/path]. + + If the destination includes a path and it is not a directory, sftp will + retrieve files automatically if a non-interactive authentication method + is used; otherwise it will do so after successful interactive + authentication. + + If no path is specified, or if the path is a directory, sftp will log in + to the specified host and enter interactive command mode, changing to the + remote directory if one was specified. An optional trailing slash can be + used to force the path to be interpreted as a directory. + + Since the destination formats use colon characters to delimit host names + from path names or port numbers, IPv6 addresses must be enclosed in + square brackets to avoid ambiguity. + + The options are as follows: + + -4 Forces sftp to use IPv4 addresses only. + + -6 Forces sftp to use IPv6 addresses only. + + -A Allows forwarding of ssh-agent(1) to the remote system. The + default is not to forward an authentication agent. + + -a Attempt to continue interrupted transfers rather than overwriting + existing partial or complete copies of files. If the partial + contents differ from those being transferred, then the resultant + file is likely to be corrupt. + + -B buffer_size + Specify the size of the buffer that sftp uses when transferring + files. Larger buffers require fewer round trips at the cost of + higher memory consumption. The default is 32768 bytes. + + -b batchfile + Batch mode reads a series of commands from an input batchfile + instead of stdin. Since it lacks user interaction, it should be + used in conjunction with non-interactive authentication to + obviate the need to enter a password at connection time (see + sshd(8) and ssh-keygen(1) for details). + + A batchfile of M-bM-^@M-^X-M-bM-^@M-^Y may be used to indicate standard input. sftp + will abort if any of the following commands fail: get, put, + reget, reput, rename, ln, rm, mkdir, chdir, ls, lchdir, copy, cp, + chmod, chown, chgrp, lpwd, df, symlink, and lmkdir. + + Termination on error can be suppressed on a command by command + basis by prefixing the command with a M-bM-^@M-^X-M-bM-^@M-^Y character (for example, + -rm /tmp/blah*). Echo of the command may be suppressed by + prefixing the command with a M-bM-^@M-^X@M-bM-^@M-^Y character. These two prefixes + may be combined in any order, for example -@ls /bsd. + + -C Enables compression (via ssh's -C flag). + + -c cipher + Selects the cipher to use for encrypting the data transfers. + This option is directly passed to ssh(1). + + -D sftp_server_command + Connect directly to a local sftp server (rather than via ssh(1)). + A command and arguments may be specified, for example + "/path/sftp-server -el debug3". This option may be useful in + debugging the client and server. + + -F ssh_config + Specifies an alternative per-user configuration file for ssh(1). + This option is directly passed to ssh(1). + + -f Requests that files be flushed to disk immediately after + transfer. When uploading files, this feature is only enabled if + the server implements the "fsync@openssh.com" extension. + + -i identity_file + Selects the file from which the identity (private key) for public + key authentication is read. This option is directly passed to + ssh(1). + + -J destination + Connect to the target host by first making an sftp connection to + the jump host described by destination and then establishing a + TCP forwarding to the ultimate destination from there. Multiple + jump hops may be specified separated by comma characters. This + is a shortcut to specify a ProxyJump configuration directive. + This option is directly passed to ssh(1). + + -l limit + Limits the used bandwidth, specified in Kbit/s. + + -N Disables quiet mode, e.g. to override the implicit quiet mode set + by the -b flag. + + -o ssh_option + Can be used to pass options to ssh in the format used in + ssh_config(5). This is useful for specifying options for which + there is no separate sftp command-line flag. For example, to + specify an alternate port use: sftp -oPort=24. For full details + of the options listed below, and their possible values, see + ssh_config(5). + + AddressFamily + BatchMode + BindAddress + BindInterface + CanonicalDomains + CanonicalizeFallbackLocal + CanonicalizeHostname + CanonicalizeMaxDots + CanonicalizePermittedCNAMEs + CASignatureAlgorithms + CertificateFile + CheckHostIP + Ciphers + Compression + ConnectionAttempts + ConnectTimeout + ControlMaster + ControlPath + ControlPersist + GlobalKnownHostsFile + GSSAPIAuthentication + GSSAPIDelegateCredentials + HashKnownHosts + Host + HostbasedAcceptedAlgorithms + HostbasedAuthentication + HostKeyAlgorithms + HostKeyAlias + Hostname + IdentitiesOnly + IdentityAgent + IdentityFile + IPQoS + KbdInteractiveAuthentication + KbdInteractiveDevices + KexAlgorithms + KnownHostsCommand + LogLevel + MACs + NoHostAuthenticationForLocalhost + NumberOfPasswordPrompts + PasswordAuthentication + PKCS11Provider + Port + PreferredAuthentications + ProxyCommand + ProxyJump + PubkeyAcceptedAlgorithms + PubkeyAuthentication + RekeyLimit + RequiredRSASize + SendEnv + ServerAliveInterval + ServerAliveCountMax + SetEnv + StrictHostKeyChecking + TCPKeepAlive + UpdateHostKeys + User + UserKnownHostsFile + VerifyHostKeyDNS + + -P port + Specifies the port to connect to on the remote host. + + -p Preserves modification times, access times, and modes from the + original files transferred. + + -q Quiet mode: disables the progress meter as well as warning and + diagnostic messages from ssh(1). + + -R num_requests + Specify how many requests may be outstanding at any one time. + Increasing this may slightly improve file transfer speed but will + increase memory usage. The default is 64 outstanding requests. + + -r Recursively copy entire directories when uploading and + downloading. Note that sftp does not follow symbolic links + encountered in the tree traversal. + + -S program + Name of the program to use for the encrypted connection. The + program must understand ssh(1) options. + + -s subsystem | sftp_server + Specifies the SSH2 subsystem or the path for an sftp server on + the remote host. A path is useful when the remote sshd(8) does + not have an sftp subsystem configured. + + -v Raise logging level. This option is also passed to ssh. + + -X sftp_option + Specify an option that controls aspects of SFTP protocol + behaviour. The valid options are: + + nrequests=value + Controls how many concurrent SFTP read or write requests + may be in progress at any point in time during a download + or upload. By default 64 requests may be active + concurrently. + + buffer=value + Controls the maximum buffer size for a single SFTP + read/write operation used during download or upload. By + default a 32KB buffer is used. + +INTERACTIVE COMMANDS + Once in interactive mode, sftp understands a set of commands similar to + those of ftp(1). Commands are case insensitive. Pathnames that contain + spaces must be enclosed in quotes. Any special characters contained + within pathnames that are recognized by glob(3) must be escaped with + backslashes (M-bM-^@M-^X\M-bM-^@M-^Y). + + bye Quit sftp. + + cd [path] + Change remote directory to path. If path is not specified, then + change directory to the one the session started in. + + chgrp [-h] grp path + Change group of file path to grp. path may contain glob(7) + characters and may match multiple files. grp must be a numeric + GID. + + If the -h flag is specified, then symlinks will not be followed. + Note that this is only supported by servers that implement the + "lsetstat@openssh.com" extension. + + chmod [-h] mode path + Change permissions of file path to mode. path may contain + glob(7) characters and may match multiple files. + + If the -h flag is specified, then symlinks will not be followed. + Note that this is only supported by servers that implement the + "lsetstat@openssh.com" extension. + + chown [-h] own path + Change owner of file path to own. path may contain glob(7) + characters and may match multiple files. own must be a numeric + UID. + + If the -h flag is specified, then symlinks will not be followed. + Note that this is only supported by servers that implement the + "lsetstat@openssh.com" extension. + + copy oldpath newpath + Copy remote file from oldpath to newpath. + + Note that this is only supported by servers that implement the + "copy-data" extension. + + cp oldpath newpath + Alias to copy command. + + df [-hi] [path] + Display usage information for the filesystem holding the current + directory (or path if specified). If the -h flag is specified, + the capacity information will be displayed using "human-readable" + suffixes. The -i flag requests display of inode information in + addition to capacity information. This command is only supported + on servers that implement the M-bM-^@M-^\statvfs@openssh.comM-bM-^@M-^] extension. + + exit Quit sftp. + + get [-afpR] remote-path [local-path] + Retrieve the remote-path and store it on the local machine. If + the local path name is not specified, it is given the same name + it has on the remote machine. remote-path may contain glob(7) + characters and may match multiple files. If it does and + local-path is specified, then local-path must specify a + directory. + + If the -a flag is specified, then attempt to resume partial + transfers of existing files. Note that resumption assumes that + any partial copy of the local file matches the remote copy. If + the remote file contents differ from the partial local copy then + the resultant file is likely to be corrupt. + + If the -f flag is specified, then fsync(2) will be called after + the file transfer has completed to flush the file to disk. + + If the -p flag is specified, then full file permissions and + access times are copied too. + + If the -R flag is specified then directories will be copied + recursively. Note that sftp does not follow symbolic links when + performing recursive transfers. + + help Display help text. + + lcd [path] + Change local directory to path. If path is not specified, then + change directory to the local user's home directory. + + lls [ls-options [path]] + Display local directory listing of either path or current + directory if path is not specified. ls-options may contain any + flags supported by the local system's ls(1) command. path may + contain glob(7) characters and may match multiple files. + + lmkdir path + Create local directory specified by path. + + ln [-s] oldpath newpath + Create a link from oldpath to newpath. If the -s flag is + specified the created link is a symbolic link, otherwise it is a + hard link. + + lpwd Print local working directory. + + ls [-1afhlnrSt] [path] + Display a remote directory listing of either path or the current + directory if path is not specified. path may contain glob(7) + characters and may match multiple files. + + The following flags are recognized and alter the behaviour of ls + accordingly: + + -1 Produce single columnar output. + + -a List files beginning with a dot (M-bM-^@M-^X.M-bM-^@M-^Y). + + -f Do not sort the listing. The default sort order is + lexicographical. + + -h When used with a long format option, use unit suffixes: + Byte, Kilobyte, Megabyte, Gigabyte, Terabyte, Petabyte, + and Exabyte in order to reduce the number of digits to + four or fewer using powers of 2 for sizes (K=1024, + M=1048576, etc.). + + -l Display additional details including permissions and + ownership information. + + -n Produce a long listing with user and group information + presented numerically. + + -r Reverse the sort order of the listing. + + -S Sort the listing by file size. + + -t Sort the listing by last modification time. + + lumask umask + Set local umask to umask. + + mkdir path + Create remote directory specified by path. + + progress + Toggle display of progress meter. + + put [-afpR] local-path [remote-path] + Upload local-path and store it on the remote machine. If the + remote path name is not specified, it is given the same name it + has on the local machine. local-path may contain glob(7) + characters and may match multiple files. If it does and + remote-path is specified, then remote-path must specify a + directory. + + If the -a flag is specified, then attempt to resume partial + transfers of existing files. Note that resumption assumes that + any partial copy of the remote file matches the local copy. If + the local file contents differ from the remote local copy then + the resultant file is likely to be corrupt. + + If the -f flag is specified, then a request will be sent to the + server to call fsync(2) after the file has been transferred. + Note that this is only supported by servers that implement the + "fsync@openssh.com" extension. + + If the -p flag is specified, then full file permissions and + access times are copied too. + + If the -R flag is specified then directories will be copied + recursively. Note that sftp does not follow symbolic links when + performing recursive transfers. + + pwd Display remote working directory. + + quit Quit sftp. + + reget [-fpR] remote-path [local-path] + Resume download of remote-path. Equivalent to get with the -a + flag set. + + reput [-fpR] local-path [remote-path] + Resume upload of local-path. Equivalent to put with the -a flag + set. + + rename oldpath newpath + Rename remote file from oldpath to newpath. + + rm path + Delete remote file specified by path. + + rmdir path + Remove remote directory specified by path. + + symlink oldpath newpath + Create a symbolic link from oldpath to newpath. + + version + Display the sftp protocol version. + + !command + Execute command in local shell. + + ! Escape to local shell. + + ? Synonym for help. + +SEE ALSO + ftp(1), ls(1), scp(1), ssh(1), ssh-add(1), ssh-keygen(1), ssh_config(5), + glob(7), sftp-server(8), sshd(8) + + T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- + filexfer-00.txt, January 2001, work in progress material. + +OpenBSD 7.5 December 16, 2022 OpenBSD 7.5 diff --git a/ssh-add.0 b/ssh-add.0 new file mode 100644 index 000000000..30eed6672 --- /dev/null +++ b/ssh-add.0 @@ -0,0 +1,209 @@ +SSH-ADD(1) General Commands Manual SSH-ADD(1) + +NAME + ssh-add M-bM-^@M-^S adds private key identities to the OpenSSH authentication agent + +SYNOPSIS + ssh-add [-CcDdKkLlqvXx] [-E fingerprint_hash] [-H hostkey_file] + [-h destination_constraint] [-S provider] [-t life] [file ...] + ssh-add -s pkcs11 [-Cv] [certificate ...] + ssh-add -e pkcs11 + ssh-add -T pubkey ... + +DESCRIPTION + ssh-add adds private key identities to the authentication agent, + ssh-agent(1). When run without arguments, it adds the files + ~/.ssh/id_rsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ecdsa_sk, ~/.ssh/id_ed25519 and + ~/.ssh/id_ed25519_sk. After loading a private key, ssh-add will try to + load corresponding certificate information from the filename obtained by + appending -cert.pub to the name of the private key file. Alternative + file names can be given on the command line. + + If any file requires a passphrase, ssh-add asks for the passphrase from + the user. The passphrase is read from the user's tty. ssh-add retries + the last passphrase if multiple identity files are given. + + The authentication agent must be running and the SSH_AUTH_SOCK + environment variable must contain the name of its socket for ssh-add to + work. + + The options are as follows: + + -C When loading keys into or deleting keys from the agent, process + certificates only and skip plain keys. + + -c Indicates that added identities should be subject to confirmation + before being used for authentication. Confirmation is performed + by ssh-askpass(1). Successful confirmation is signaled by a zero + exit status from ssh-askpass(1), rather than text entered into + the requester. + + -D Deletes all identities from the agent. + + -d Instead of adding identities, removes identities from the agent. + If ssh-add has been run without arguments, the keys for the + default identities and their corresponding certificates will be + removed. Otherwise, the argument list will be interpreted as a + list of paths to public key files to specify keys and + certificates to be removed from the agent. If no public key is + found at a given path, ssh-add will append .pub and retry. If + the argument list consists of M-bM-^@M-^\-M-bM-^@M-^] then ssh-add will read public + keys to be removed from standard input. + + -E fingerprint_hash + Specifies the hash algorithm used when displaying key + fingerprints. Valid options are: M-bM-^@M-^\md5M-bM-^@M-^] and M-bM-^@M-^\sha256M-bM-^@M-^]. The + default is M-bM-^@M-^\sha256M-bM-^@M-^]. + + -e pkcs11 + Remove keys provided by the PKCS#11 shared library pkcs11. + + -H hostkey_file + Specifies a known hosts file to look up hostkeys when using + destination-constrained keys via the -h flag. This option may be + specified multiple times to allow multiple files to be searched. + If no files are specified, ssh-add will use the default + ssh_config(5) known hosts files: ~/.ssh/known_hosts, + ~/.ssh/known_hosts2, /etc/ssh/ssh_known_hosts, and + /etc/ssh/ssh_known_hosts2. + + -h destination_constraint + When adding keys, constrain them to be usable only through + specific hosts or to specific destinations. + + Destination constraints of the form M-bM-^@M-^X[user@]dest-hostnameM-bM-^@M-^Y permit + use of the key only from the origin host (the one running + ssh-agent(1)) to the listed destination host, with optional user + name. + + Constraints of the form M-bM-^@M-^Xsrc-hostname>[user@]dst-hostnameM-bM-^@M-^Y allow + a key available on a forwarded ssh-agent(1) to be used through a + particular host (as specified by M-bM-^@M-^Xsrc-hostnameM-bM-^@M-^Y) to authenticate + to a further host, specified by M-bM-^@M-^Xdst-hostnameM-bM-^@M-^Y. + + Multiple destination constraints may be added when loading keys. + When attempting authentication with a key that has destination + constraints, the whole connection path, including ssh-agent(1) + forwarding, is tested against those constraints and each hop must + be permitted for the attempt to succeed. For example, if key is + forwarded to a remote host, M-bM-^@M-^Xhost-bM-bM-^@M-^Y, and is attempting + authentication to another host, M-bM-^@M-^Xhost-cM-bM-^@M-^Y, then the operation will + be successful only if M-bM-^@M-^Xhost-bM-bM-^@M-^Y was permitted from the origin host + and the subsequent M-bM-^@M-^Xhost-b>host-cM-bM-^@M-^Y hop is also permitted by + destination constraints. + + Hosts are identified by their host keys, and are looked up from + known hosts files by ssh-add. Wildcards patterns may be used for + hostnames and certificate host keys are supported. By default, + keys added by ssh-add are not destination constrained. + + Destination constraints were added in OpenSSH release 8.9. + Support in both the remote SSH client and server is required when + using destination-constrained keys over a forwarded ssh-agent(1) + channel. + + It is also important to note that destination constraints can + only be enforced by ssh-agent(1) when a key is used, or when it + is forwarded by a cooperating ssh(1). Specifically, it does not + prevent an attacker with access to a remote SSH_AUTH_SOCK from + forwarding it again and using it on a different host (but only to + a permitted destination). + + -K Load resident keys from a FIDO authenticator. + + -k When loading keys into or deleting keys from the agent, process + plain private keys only and skip certificates. + + -L Lists public key parameters of all identities currently + represented by the agent. + + -l Lists fingerprints of all identities currently represented by the + agent. + + -q Be quiet after a successful operation. + + -S provider + Specifies a path to a library that will be used when adding FIDO + authenticator-hosted keys, overriding the default of using the + internal USB HID support. + + -s pkcs11 + Add keys provided by the PKCS#11 shared library pkcs11. + Certificate files may optionally be listed as command-line + arguments. If these are present, then they will be loaded into + the agent using any corresponding private keys loaded from the + PKCS#11 token. + + -T pubkey ... + Tests whether the private keys that correspond to the specified + pubkey files are usable by performing sign and verify operations + on each. + + -t life + Set a maximum lifetime when adding identities to an agent. The + lifetime may be specified in seconds or in a time format + specified in sshd_config(5). + + -v Verbose mode. Causes ssh-add to print debugging messages about + its progress. This is helpful in debugging problems. Multiple + -v options increase the verbosity. The maximum is 3. + + -X Unlock the agent. + + -x Lock the agent with a password. + +ENVIRONMENT + DISPLAY, SSH_ASKPASS and SSH_ASKPASS_REQUIRE + If ssh-add needs a passphrase, it will read the passphrase from + the current terminal if it was run from a terminal. If ssh-add + does not have a terminal associated with it but DISPLAY and + SSH_ASKPASS are set, it will execute the program specified by + SSH_ASKPASS (by default M-bM-^@M-^\ssh-askpassM-bM-^@M-^]) and open an X11 window to + read the passphrase. This is particularly useful when calling + ssh-add from a .xsession or related script. + + SSH_ASKPASS_REQUIRE allows further control over the use of an + askpass program. If this variable is set to M-bM-^@M-^\neverM-bM-^@M-^] then ssh-add + will never attempt to use one. If it is set to M-bM-^@M-^\preferM-bM-^@M-^], then + ssh-add will prefer to use the askpass program instead of the TTY + when requesting passwords. Finally, if the variable is set to + M-bM-^@M-^\forceM-bM-^@M-^], then the askpass program will be used for all passphrase + input regardless of whether DISPLAY is set. + + SSH_AUTH_SOCK + Identifies the path of a UNIX-domain socket used to communicate + with the agent. + + SSH_SK_PROVIDER + Specifies a path to a library that will be used when loading any + FIDO authenticator-hosted keys, overriding the default of using + the built-in USB HID support. + +FILES + ~/.ssh/id_ecdsa + ~/.ssh/id_ecdsa_sk + ~/.ssh/id_ed25519 + ~/.ssh/id_ed25519_sk + ~/.ssh/id_rsa + Contains the ECDSA, authenticator-hosted ECDSA, Ed25519, + authenticator-hosted Ed25519 or RSA authentication identity of + the user. + + Identity files should not be readable by anyone but the user. Note that + ssh-add ignores identity files if they are accessible by others. + +EXIT STATUS + Exit status is 0 on success, 1 if the specified command fails, and 2 if + ssh-add is unable to contact the authentication agent. + +SEE ALSO + ssh(1), ssh-agent(1), ssh-askpass(1), ssh-keygen(1), sshd(8) + +AUTHORS + OpenSSH is a derivative of the original and free ssh 1.2.12 release by + Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo + de Raadt and Dug Song removed many bugs, re-added newer features and + created OpenSSH. Markus Friedl contributed the support for SSH protocol + versions 1.5 and 2.0. + +OpenBSD 7.5 June 17, 2024 OpenBSD 7.5 diff --git a/ssh-agent.0 b/ssh-agent.0 new file mode 100644 index 000000000..2e4ef7b6e --- /dev/null +++ b/ssh-agent.0 @@ -0,0 +1,140 @@ +SSH-AGENT(1) General Commands Manual SSH-AGENT(1) + +NAME + ssh-agent M-bM-^@M-^S OpenSSH authentication agent + +SYNOPSIS + ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash] + [-O option] [-P allowed_providers] [-t life] + ssh-agent [-a bind_address] [-E fingerprint_hash] [-O option] + [-P allowed_providers] [-t life] command [arg ...] + ssh-agent [-c | -s] -k + +DESCRIPTION + ssh-agent is a program to hold private keys used for public key + authentication. Through use of environment variables the agent can be + located and automatically used for authentication when logging in to + other machines using ssh(1). + + The options are as follows: + + -a bind_address + Bind the agent to the UNIX-domain socket bind_address. The + default is $TMPDIR/ssh-XXXXXXXXXX/agent.. + + -c Generate C-shell commands on stdout. This is the default if + SHELL looks like it's a csh style of shell. + + -D Foreground mode. When this option is specified, ssh-agent will + not fork. + + -d Debug mode. When this option is specified, ssh-agent will not + fork and will write debug information to standard error. + + -E fingerprint_hash + Specifies the hash algorithm used when displaying key + fingerprints. Valid options are: M-bM-^@M-^\md5M-bM-^@M-^] and M-bM-^@M-^\sha256M-bM-^@M-^]. The + default is M-bM-^@M-^\sha256M-bM-^@M-^]. + + -k Kill the current agent (given by the SSH_AGENT_PID environment + variable). + + -O option + Specify an option when starting ssh-agent. Currently two options + are supported: allow-remote-pkcs11 and no-restrict-websafe. + + The allow-remote-pkcs11 option allows clients of a forwarded + ssh-agent to load PKCS#11 or FIDO provider libraries. By default + only local clients may perform this operation. Note that + signalling that an ssh-agent client is remote is performed by + ssh(1), and use of other tools to forward access to the agent + socket may circumvent this restriction. + + The no-restrict-websafe option instructs ssh-agent to permit + signatures using FIDO keys that might be web authentication + requests. By default, ssh-agent refuses signature requests for + FIDO keys where the key application string does not start with + M-bM-^@M-^\ssh:M-bM-^@M-^] and when the data to be signed does not appear to be a + ssh(1) user authentication request or a ssh-keygen(1) signature. + The default behaviour prevents forwarded access to a FIDO key + from also implicitly forwarding the ability to authenticate to + websites. + + -P allowed_providers + Specify a pattern-list of acceptable paths for PKCS#11 provider + and FIDO authenticator middleware shared libraries that may be + used with the -S or -s options to ssh-add(1). Libraries that do + not match the pattern list will be refused. See PATTERNS in + ssh_config(5) for a description of pattern-list syntax. The + default list is M-bM-^@M-^\usr/lib*/*,/usr/local/lib*/*M-bM-^@M-^]. + + -s Generate Bourne shell commands on stdout. This is the default if + SHELL does not look like it's a csh style of shell. + + -t life + Set a default value for the maximum lifetime of identities added + to the agent. The lifetime may be specified in seconds or in a + time format specified in sshd_config(5). A lifetime specified + for an identity with ssh-add(1) overrides this value. Without + this option the default maximum lifetime is forever. + + command [arg ...] + If a command (and optional arguments) is given, this is executed + as a subprocess of the agent. The agent exits automatically when + the command given on the command line terminates. + + There are two main ways to get an agent set up. The first is at the + start of an X session, where all other windows or programs are started as + children of the ssh-agent program. The agent starts a command under + which its environment variables are exported, for example ssh-agent xterm + &. When the command terminates, so does the agent. + + The second method is used for a login session. When ssh-agent is + started, it prints the shell commands required to set its environment + variables, which in turn can be evaluated in the calling shell, for + example eval `ssh-agent -s`. + + In both cases, ssh(1) looks at these environment variables and uses them + to establish a connection to the agent. + + The agent initially does not have any private keys. Keys are added using + ssh-add(1) or by ssh(1) when AddKeysToAgent is set in ssh_config(5). + Multiple identities may be stored in ssh-agent concurrently and ssh(1) + will automatically use them if present. ssh-add(1) is also used to + remove keys from ssh-agent and to query the keys that are held in one. + + Connections to ssh-agent may be forwarded from further remote hosts using + the -A option to ssh(1) (but see the caveats documented therein), + avoiding the need for authentication data to be stored on other machines. + Authentication passphrases and private keys never go over the network: + the connection to the agent is forwarded over SSH remote connections and + the result is returned to the requester, allowing the user access to + their identities anywhere in the network in a secure fashion. + +ENVIRONMENT + SSH_AGENT_PID When ssh-agent starts, it stores the name of the agent's + process ID (PID) in this variable. + + SSH_AUTH_SOCK When ssh-agent starts, it creates a UNIX-domain socket and + stores its pathname in this variable. It is accessible + only to the current user, but is easily abused by root or + another instance of the same user. + +FILES + $TMPDIR/ssh-XXXXXXXXXX/agent. + UNIX-domain sockets used to contain the connection to the + authentication agent. These sockets should only be readable by + the owner. The sockets should get automatically removed when the + agent exits. + +SEE ALSO + ssh(1), ssh-add(1), ssh-keygen(1), ssh_config(5), sshd(8) + +AUTHORS + OpenSSH is a derivative of the original and free ssh 1.2.12 release by + Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo + de Raadt and Dug Song removed many bugs, re-added newer features and + created OpenSSH. Markus Friedl contributed the support for SSH protocol + versions 1.5 and 2.0. + +OpenBSD 7.5 August 10, 2023 OpenBSD 7.5 diff --git a/ssh-keygen.0 b/ssh-keygen.0 new file mode 100644 index 000000000..a731a7fa8 --- /dev/null +++ b/ssh-keygen.0 @@ -0,0 +1,907 @@ +SSH-KEYGEN(1) General Commands Manual SSH-KEYGEN(1) + +NAME + ssh-keygen M-bM-^@M-^S OpenSSH authentication key utility + +SYNOPSIS + ssh-keygen [-q] [-a rounds] [-b bits] [-C comment] [-f output_keyfile] + [-m format] [-N new_passphrase] [-O option] + [-t ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa] + [-w provider] [-Z cipher] + ssh-keygen -p [-a rounds] [-f keyfile] [-m format] [-N new_passphrase] + [-P old_passphrase] [-Z cipher] + ssh-keygen -i [-f input_keyfile] [-m key_format] + ssh-keygen -e [-f input_keyfile] [-m key_format] + ssh-keygen -y [-f input_keyfile] + ssh-keygen -c [-a rounds] [-C comment] [-f keyfile] [-P passphrase] + ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile] + ssh-keygen -B [-f input_keyfile] + ssh-keygen -D pkcs11 + ssh-keygen -F hostname [-lv] [-f known_hosts_file] + ssh-keygen -H [-f known_hosts_file] + ssh-keygen -K [-a rounds] [-w provider] + ssh-keygen -R hostname [-f known_hosts_file] + ssh-keygen -r hostname [-g] [-f input_keyfile] + ssh-keygen -M generate [-O option] output_file + ssh-keygen -M screen [-f input_file] [-O option] output_file + ssh-keygen -I certificate_identity -s ca_key [-hU] [-D pkcs11_provider] + [-n principals] [-O option] [-V validity_interval] + [-z serial_number] file ... + ssh-keygen -L [-f input_keyfile] + ssh-keygen -A [-a rounds] [-f prefix_path] + ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number] + file ... + ssh-keygen -Q [-l] -f krl_file file ... + ssh-keygen -Y find-principals [-O option] -s signature_file + -f allowed_signers_file + ssh-keygen -Y match-principals -I signer_identity -f allowed_signers_file + ssh-keygen -Y check-novalidate [-O option] -n namespace -s signature_file + ssh-keygen -Y sign [-O option] -f key_file -n namespace file ... + ssh-keygen -Y verify [-O option] -f allowed_signers_file + -I signer_identity -n namespace -s signature_file + [-r revocation_file] + +DESCRIPTION + ssh-keygen generates, manages and converts authentication keys for + ssh(1). ssh-keygen can create keys for use by SSH protocol version 2. + + The type of key to be generated is specified with the -t option. If + invoked without any arguments, ssh-keygen will generate an Ed25519 key. + + ssh-keygen is also used to generate groups for use in Diffie-Hellman + group exchange (DH-GEX). See the MODULI GENERATION section for details. + + Finally, ssh-keygen can be used to generate and update Key Revocation + Lists, and to test whether given keys have been revoked by one. See the + KEY REVOCATION LISTS section for details. + + Normally each user wishing to use SSH with public key authentication runs + this once to create the authentication key in ~/.ssh/id_ecdsa, + ~/.ssh/id_ecdsa_sk, ~/.ssh/id_ed25519, ~/.ssh/id_ed25519_sk or + ~/.ssh/id_rsa. Additionally, the system administrator may use this to + generate host keys, as seen in /etc/rc. + + Normally this program generates the key and asks for a file in which to + store the private key. The public key is stored in a file with the same + name but M-bM-^@M-^\.pubM-bM-^@M-^] appended. The program also asks for a passphrase. The + passphrase may be empty to indicate no passphrase (host keys must have an + empty passphrase), or it may be a string of arbitrary length. A + passphrase is similar to a password, except it can be a phrase with a + series of words, punctuation, numbers, whitespace, or any string of + characters you want. Good passphrases are 10-30 characters long, are not + simple sentences or otherwise easily guessable (English prose has only + 1-2 bits of entropy per character, and provides very bad passphrases), + and contain a mix of upper and lowercase letters, numbers, and non- + alphanumeric characters. The passphrase can be changed later by using + the -p option. + + There is no way to recover a lost passphrase. If the passphrase is lost + or forgotten, a new key must be generated and the corresponding public + key copied to other machines. + + ssh-keygen will by default write keys in an OpenSSH-specific format. + This format is preferred as it offers better protection for keys at rest + as well as allowing storage of key comments within the private key file + itself. The key comment may be useful to help identify the key. The + comment is initialized to M-bM-^@M-^\user@hostM-bM-^@M-^] when the key is created, but can be + changed using the -c option. + + It is still possible for ssh-keygen to write the previously-used PEM + format private keys using the -m flag. This may be used when generating + new keys, and existing new-format keys may be converted using this option + in conjunction with the -p (change passphrase) flag. + + After a key is generated, ssh-keygen will ask where the keys should be + placed to be activated. + + The options are as follows: + + -A Generate host keys of all default key types (rsa, ecdsa, and + ed25519) if they do not already exist. The host keys are + generated with the default key file path, an empty passphrase, + default bits for the key type, and default comment. If -f has + also been specified, its argument is used as a prefix to the + default path for the resulting host key files. This is used by + /etc/rc to generate new host keys. + + -a rounds + When saving a private key, this option specifies the number of + KDF (key derivation function, currently bcrypt_pbkdf(3)) rounds + used. Higher numbers result in slower passphrase verification + and increased resistance to brute-force password cracking (should + the keys be stolen). The default is 16 rounds. + + -B Show the bubblebabble digest of specified private or public key + file. + + -b bits + Specifies the number of bits in the key to create. For RSA keys, + the minimum size is 1024 bits and the default is 3072 bits. + Generally, 3072 bits is considered sufficient. For ECDSA keys, + the -b flag determines the key length by selecting from one of + three elliptic curve sizes: 256, 384 or 521 bits. Attempting to + use bit lengths other than these three values for ECDSA keys will + fail. ECDSA-SK, Ed25519 and Ed25519-SK keys have a fixed length + and the -b flag will be ignored. + + -C comment + Provides a new comment. + + -c Requests changing the comment in the private and public key + files. The program will prompt for the file containing the + private keys, for the passphrase if the key has one, and for the + new comment. + + -D pkcs11 + Download the public keys provided by the PKCS#11 shared library + pkcs11. When used in combination with -s, this option indicates + that a CA key resides in a PKCS#11 token (see the CERTIFICATES + section for details). + + -E fingerprint_hash + Specifies the hash algorithm used when displaying key + fingerprints. Valid options are: M-bM-^@M-^\md5M-bM-^@M-^] and M-bM-^@M-^\sha256M-bM-^@M-^]. The + default is M-bM-^@M-^\sha256M-bM-^@M-^]. + + -e This option will read a private or public OpenSSH key file and + print to stdout a public key in one of the formats specified by + the -m option. The default export format is M-bM-^@M-^\RFC4716M-bM-^@M-^]. This + option allows exporting OpenSSH keys for use by other programs, + including several commercial SSH implementations. + + -F hostname | [hostname]:port + Search for the specified hostname (with optional port number) in + a known_hosts file, listing any occurrences found. This option + is useful to find hashed host names or addresses and may also be + used in conjunction with the -H option to print found keys in a + hashed format. + + -f filename + Specifies the filename of the key file. + + -g Use generic DNS format when printing fingerprint resource records + using the -r command. + + -H Hash a known_hosts file. This replaces all hostnames and + addresses with hashed representations within the specified file; + the original content is moved to a file with a .old suffix. + These hashes may be used normally by ssh and sshd, but they do + not reveal identifying information should the file's contents be + disclosed. This option will not modify existing hashed hostnames + and is therefore safe to use on files that mix hashed and non- + hashed names. + + -h When signing a key, create a host certificate instead of a user + certificate. See the CERTIFICATES section for details. + + -I certificate_identity + Specify the key identity when signing a public key. See the + CERTIFICATES section for details. + + -i This option will read an unencrypted private (or public) key file + in the format specified by the -m option and print an OpenSSH + compatible private (or public) key to stdout. This option allows + importing keys from other software, including several commercial + SSH implementations. The default import format is M-bM-^@M-^\RFC4716M-bM-^@M-^]. + + -K Download resident keys from a FIDO authenticator. Public and + private key files will be written to the current directory for + each downloaded key. If multiple FIDO authenticators are + attached, keys will be downloaded from the first touched + authenticator. See the FIDO AUTHENTICATOR section for more + information. + + -k Generate a KRL file. In this mode, ssh-keygen will generate a + KRL file at the location specified via the -f flag that revokes + every key or certificate presented on the command line. + Keys/certificates to be revoked may be specified by public key + file or using the format described in the KEY REVOCATION LISTS + section. + + -L Prints the contents of one or more certificates. + + -l Show fingerprint of specified public key file. ssh-keygen will + try to find the matching public key file and prints its + fingerprint. If combined with -v, a visual ASCII art + representation of the key is supplied with the fingerprint. + + -M generate + Generate candidate Diffie-Hellman Group Exchange (DH-GEX) + parameters for eventual use by the + M-bM-^@M-^Xdiffie-hellman-group-exchange-*M-bM-^@M-^Y key exchange methods. The + numbers generated by this operation must be further screened + before use. See the MODULI GENERATION section for more + information. + + -M screen + Screen candidate parameters for Diffie-Hellman Group Exchange. + This will accept a list of candidate numbers and test that they + are safe (Sophie Germain) primes with acceptable group + generators. The results of this operation may be added to the + /etc/moduli file. See the MODULI GENERATION section for more + information. + + -m key_format + Specify a key format for key generation, the -i (import), -e + (export) conversion options, and the -p change passphrase + operation. The latter may be used to convert between OpenSSH + private key and PEM private key formats. The supported key + formats are: M-bM-^@M-^\RFC4716M-bM-^@M-^] (RFC 4716/SSH2 public or private key), + M-bM-^@M-^\PKCS8M-bM-^@M-^] (PKCS8 public or private key) or M-bM-^@M-^\PEMM-bM-^@M-^] (PEM public key). + By default OpenSSH will write newly-generated private keys in its + own format, but when converting public keys for export the + default format is M-bM-^@M-^\RFC4716M-bM-^@M-^]. Setting a format of M-bM-^@M-^\PEMM-bM-^@M-^] when + generating or updating a supported private key type will cause + the key to be stored in the legacy PEM private key format. + + -N new_passphrase + Provides the new passphrase. + + -n principals + Specify one or more principals (user or host names) to be + included in a certificate when signing a key. Multiple + principals may be specified, separated by commas. See the + CERTIFICATES section for details. + + -O option + Specify a key/value option. These are specific to the operation + that ssh-keygen has been requested to perform. + + When signing certificates, one of the options listed in the + CERTIFICATES section may be specified here. + + When performing moduli generation or screening, one of the + options listed in the MODULI GENERATION section may be specified. + + When generating FIDO authenticator-backed keys, the options + listed in the FIDO AUTHENTICATOR section may be specified. + + When performing signature-related options using the -Y flag, the + following options are accepted: + + hashalg=algorithm + Selects the hash algorithm to use for hashing the message + to be signed. Valid algorithms are M-bM-^@M-^\sha256M-bM-^@M-^] and + M-bM-^@M-^\sha512.M-bM-^@M-^] The default is M-bM-^@M-^\sha512.M-bM-^@M-^] + + print-pubkey + Print the full public key to standard output after + signature verification. + + verify-time=timestamp + Specifies a time to use when validating signatures + instead of the current time. The time may be specified + as a date or time in the YYYYMMDD[Z] or in + YYYYMMDDHHMM[SS][Z] formats. Dates and times will be + interpreted in the current system time zone unless + suffixed with a Z character, which causes them to be + interpreted in the UTC time zone. + + When generating SSHFP DNS records from public keys using the -r + flag, the following options are accepted: + + hashalg=algorithm + Selects a hash algorithm to use when printing SSHFP + records using the -D flag. Valid algorithms are M-bM-^@M-^\sha1M-bM-^@M-^] + and M-bM-^@M-^\sha256M-bM-^@M-^]. The default is to print both. + + The -O option may be specified multiple times. + + -P passphrase + Provides the (old) passphrase. + + -p Requests changing the passphrase of a private key file instead of + creating a new private key. The program will prompt for the file + containing the private key, for the old passphrase, and twice for + the new passphrase. + + -Q Test whether keys have been revoked in a KRL. If the -l option + is also specified then the contents of the KRL will be printed. + + -q Silence ssh-keygen. + + -R hostname | [hostname]:port + Removes all keys belonging to the specified hostname (with + optional port number) from a known_hosts file. This option is + useful to delete hashed hosts (see the -H option above). + + -r hostname + Print the SSHFP fingerprint resource record named hostname for + the specified public key file. + + -s ca_key + Certify (sign) a public key using the specified CA key. See the + CERTIFICATES section for details. + + When generating a KRL, -s specifies a path to a CA public key + file used to revoke certificates directly by key ID or serial + number. See the KEY REVOCATION LISTS section for details. + + -t ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa + Specifies the type of key to create. The possible values are + M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ecdsa-skM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^], M-bM-^@M-^\ed25519-skM-bM-^@M-^], or M-bM-^@M-^\rsaM-bM-^@M-^]. + + This flag may also be used to specify the desired signature type + when signing certificates using an RSA CA key. The available RSA + signature variants are M-bM-^@M-^\ssh-rsaM-bM-^@M-^] (SHA1 signatures, not + recommended), M-bM-^@M-^\rsa-sha2-256M-bM-^@M-^], and M-bM-^@M-^\rsa-sha2-512M-bM-^@M-^] (the default). + + -U When used in combination with -s or -Y sign, this option + indicates that a CA key resides in a ssh-agent(1). See the + CERTIFICATES section for more information. + + -u Update a KRL. When specified with -k, keys listed via the + command line are added to the existing KRL rather than a new KRL + being created. + + -V validity_interval + Specify a validity interval when signing a certificate. A + validity interval may consist of a single time, indicating that + the certificate is valid beginning now and expiring at that time, + or may consist of two times separated by a colon to indicate an + explicit time interval. + + The start time may be specified as: + M-bM-^@M-M-bM-^@M-" The string M-bM-^@M-^\alwaysM-bM-^@M-^] to indicate the certificate has no + specified start time. + M-bM-^@M-M-bM-^@M-" A date or time in the system time zone formatted as YYYYMMDD + or YYYYMMDDHHMM[SS]. + M-bM-^@M-M-bM-^@M-" A date or time in the UTC time zone as YYYYMMDDZ or + YYYYMMDDHHMM[SS]Z. + M-bM-^@M-M-bM-^@M-" A relative time before the current system time consisting of + a minus sign followed by an interval in the format described + in the TIME FORMATS section of sshd_config(5). + M-bM-^@M-M-bM-^@M-" A raw seconds since epoch (Jan 1 1970 00:00:00 UTC) as a + hexadecimal number beginning with M-bM-^@M-^\0xM-bM-^@M-^]. + + The end time may be specified similarly to the start time: + M-bM-^@M-M-bM-^@M-" The string M-bM-^@M-^\foreverM-bM-^@M-^] to indicate the certificate has no + specified end time. + M-bM-^@M-M-bM-^@M-" A date or time in the system time zone formatted as YYYYMMDD + or YYYYMMDDHHMM[SS]. + M-bM-^@M-M-bM-^@M-" A date or time in the UTC time zone as YYYYMMDDZ or + YYYYMMDDHHMM[SS]Z. + M-bM-^@M-M-bM-^@M-" A relative time after the current system time consisting of a + plus sign followed by an interval in the format described in + the TIME FORMATS section of sshd_config(5). + M-bM-^@M-M-bM-^@M-" A raw seconds since epoch (Jan 1 1970 00:00:00 UTC) as a + hexadecimal number beginning with M-bM-^@M-^\0xM-bM-^@M-^]. + + For example: + + +52w1d Valid from now to 52 weeks and one day from now. + + -4w:+4w + Valid from four weeks ago to four weeks from now. + + 20100101123000:20110101123000 + Valid from 12:30 PM, January 1st, 2010 to 12:30 PM, + January 1st, 2011. + + 20100101123000Z:20110101123000Z + Similar, but interpreted in the UTC time zone rather than + the system time zone. + + -1d:20110101 + Valid from yesterday to midnight, January 1st, 2011. + + 0x1:0x2000000000 + Valid from roughly early 1970 to May 2033. + + -1m:forever + Valid from one minute ago and never expiring. + + -v Verbose mode. Causes ssh-keygen to print debugging messages + about its progress. This is helpful for debugging moduli + generation. Multiple -v options increase the verbosity. The + maximum is 3. + + -w provider + Specifies a path to a library that will be used when creating + FIDO authenticator-hosted keys, overriding the default of using + the internal USB HID support. + + -Y find-principals + Find the principal(s) associated with the public key of a + signature, provided using the -s flag in an authorized signers + file provided using the -f flag. The format of the allowed + signers file is documented in the ALLOWED SIGNERS section below. + If one or more matching principals are found, they are returned + on standard output. + + -Y match-principals + Find principal matching the principal name provided using the -I + flag in the authorized signers file specified using the -f flag. + If one or more matching principals are found, they are returned + on standard output. + + -Y check-novalidate + Checks that a signature generated using ssh-keygen -Y sign has a + valid structure. This does not validate if a signature comes + from an authorized signer. When testing a signature, ssh-keygen + accepts a message on standard input and a signature namespace + using -n. A file containing the corresponding signature must + also be supplied using the -s flag. Successful testing of the + signature is signalled by ssh-keygen returning a zero exit + status. + + -Y sign + Cryptographically sign a file or some data using an SSH key. + When signing, ssh-keygen accepts zero or more files to sign on + the command-line - if no files are specified then ssh-keygen will + sign data presented on standard input. Signatures are written to + the path of the input file with M-bM-^@M-^\.sigM-bM-^@M-^] appended, or to standard + output if the message to be signed was read from standard input. + + The key used for signing is specified using the -f option and may + refer to either a private key, or a public key with the private + half available via ssh-agent(1). An additional signature + namespace, used to prevent signature confusion across different + domains of use (e.g. file signing vs email signing) must be + provided via the -n flag. Namespaces are arbitrary strings, and + may include: M-bM-^@M-^\fileM-bM-^@M-^] for file signing, M-bM-^@M-^\emailM-bM-^@M-^] for email signing. + For custom uses, it is recommended to use names following a + NAMESPACE@YOUR.DOMAIN pattern to generate unambiguous namespaces. + + -Y verify + Request to verify a signature generated using ssh-keygen -Y sign + as described above. When verifying a signature, ssh-keygen + accepts a message on standard input and a signature namespace + using -n. A file containing the corresponding signature must + also be supplied using the -s flag, along with the identity of + the signer using -I and a list of allowed signers via the -f + flag. The format of the allowed signers file is documented in + the ALLOWED SIGNERS section below. A file containing revoked + keys can be passed using the -r flag. The revocation file may be + a KRL or a one-per-line list of public keys. Successful + verification by an authorized signer is signalled by ssh-keygen + returning a zero exit status. + + -y This option will read a private OpenSSH format file and print an + OpenSSH public key to stdout. + + -Z cipher + Specifies the cipher to use for encryption when writing an + OpenSSH-format private key file. The list of available ciphers + may be obtained using "ssh -Q cipher". The default is + M-bM-^@M-^\aes256-ctrM-bM-^@M-^]. + + -z serial_number + Specifies a serial number to be embedded in the certificate to + distinguish this certificate from others from the same CA. If + the serial_number is prefixed with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the + serial number will be incremented for each certificate signed on + a single command-line. The default serial number is zero. + + When generating a KRL, the -z flag is used to specify a KRL + version number. + +MODULI GENERATION + ssh-keygen may be used to generate groups for the Diffie-Hellman Group + Exchange (DH-GEX) protocol. Generating these groups is a two-step + process: first, candidate primes are generated using a fast, but memory + intensive process. These candidate primes are then tested for + suitability (a CPU-intensive process). + + Generation of primes is performed using the -M generate option. The + desired length of the primes may be specified by the -O bits option. For + example: + + # ssh-keygen -M generate -O bits=2048 moduli-2048.candidates + + By default, the search for primes begins at a random point in the desired + length range. This may be overridden using the -O start option, which + specifies a different start point (in hex). + + Once a set of candidates have been generated, they must be screened for + suitability. This may be performed using the -M screen option. In this + mode ssh-keygen will read candidates from standard input (or a file + specified using the -f option). For example: + + # ssh-keygen -M screen -f moduli-2048.candidates moduli-2048 + + By default, each candidate will be subjected to 100 primality tests. + This may be overridden using the -O prime-tests option. The DH generator + value will be chosen automatically for the prime under consideration. If + a specific generator is desired, it may be requested using the -O + generator option. Valid generator values are 2, 3, and 5. + + Screened DH groups may be installed in /etc/moduli. It is important that + this file contains moduli of a range of bit lengths. + + A number of options are available for moduli generation and screening via + the -O flag: + + lines=number + Exit after screening the specified number of lines while + performing DH candidate screening. + + start-line=line-number + Start screening at the specified line number while performing DH + candidate screening. + + checkpoint=filename + Write the last line processed to the specified file while + performing DH candidate screening. This will be used to skip + lines in the input file that have already been processed if the + job is restarted. + + memory=mbytes + Specify the amount of memory to use (in megabytes) when + generating candidate moduli for DH-GEX. + + start=hex-value + Specify start point (in hex) when generating candidate moduli for + DH-GEX. + + generator=value + Specify desired generator (in decimal) when testing candidate + moduli for DH-GEX. + +CERTIFICATES + ssh-keygen supports signing of keys to produce certificates that may be + used for user or host authentication. Certificates consist of a public + key, some identity information, zero or more principal (user or host) + names and a set of options that are signed by a Certification Authority + (CA) key. Clients or servers may then trust only the CA key and verify + its signature on a certificate rather than trusting many user/host keys. + Note that OpenSSH certificates are a different, and much simpler, format + to the X.509 certificates used in ssl(8). + + ssh-keygen supports two types of certificates: user and host. User + certificates authenticate users to servers, whereas host certificates + authenticate server hosts to users. To generate a user certificate: + + $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub + + The resultant certificate will be placed in /path/to/user_key-cert.pub. + A host certificate requires the -h option: + + $ ssh-keygen -s /path/to/ca_key -I key_id -h /path/to/host_key.pub + + The host certificate will be output to /path/to/host_key-cert.pub. + + It is possible to sign using a CA key stored in a PKCS#11 token by + providing the token library using -D and identifying the CA key by + providing its public half as an argument to -s: + + $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id user_key.pub + + Similarly, it is possible for the CA key to be hosted in a ssh-agent(1). + This is indicated by the -U flag and, again, the CA key must be + identified by its public half. + + $ ssh-keygen -Us ca_key.pub -I key_id user_key.pub + + In all cases, key_id is a "key identifier" that is logged by the server + when the certificate is used for authentication. + + Certificates may be limited to be valid for a set of principal + (user/host) names. By default, generated certificates are valid for all + users or hosts. To generate a certificate for a specified set of + principals: + + $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub + $ ssh-keygen -s ca_key -I key_id -h -n host.domain host_key.pub + + Additional limitations on the validity and use of user certificates may + be specified through certificate options. A certificate option may + disable features of the SSH session, may be valid only when presented + from particular source addresses or may force the use of a specific + command. + + The options that are valid for user certificates are: + + clear Clear all enabled permissions. This is useful for clearing the + default set of permissions so permissions may be added + individually. + + critical:name[=contents] + extension:name[=contents] + Includes an arbitrary certificate critical option or extension. + The specified name should include a domain suffix, e.g. + M-bM-^@M-^\name@example.comM-bM-^@M-^]. If contents is specified then it is included + as the contents of the extension/option encoded as a string, + otherwise the extension/option is created with no contents + (usually indicating a flag). Extensions may be ignored by a + client or server that does not recognise them, whereas unknown + critical options will cause the certificate to be refused. + + force-command=command + Forces the execution of command instead of any shell or command + specified by the user when the certificate is used for + authentication. + + no-agent-forwarding + Disable ssh-agent(1) forwarding (permitted by default). + + no-port-forwarding + Disable port forwarding (permitted by default). + + no-pty Disable PTY allocation (permitted by default). + + no-user-rc + Disable execution of ~/.ssh/rc by sshd(8) (permitted by default). + + no-x11-forwarding + Disable X11 forwarding (permitted by default). + + permit-agent-forwarding + Allows ssh-agent(1) forwarding. + + permit-port-forwarding + Allows port forwarding. + + permit-pty + Allows PTY allocation. + + permit-user-rc + Allows execution of ~/.ssh/rc by sshd(8). + + permit-X11-forwarding + Allows X11 forwarding. + + no-touch-required + Do not require signatures made using this key include + demonstration of user presence (e.g. by having the user touch the + authenticator). This option only makes sense for the FIDO + authenticator algorithms ecdsa-sk and ed25519-sk. + + source-address=address_list + Restrict the source addresses from which the certificate is + considered valid. The address_list is a comma-separated list of + one or more address/netmask pairs in CIDR format. + + verify-required + Require signatures made using this key indicate that the user was + first verified. This option only makes sense for the FIDO + authenticator algorithms ecdsa-sk and ed25519-sk. Currently PIN + authentication is the only supported verification method, but + other methods may be supported in the future. + + At present, no standard options are valid for host keys. + + Finally, certificates may be defined with a validity lifetime. The -V + option allows specification of certificate start and end times. A + certificate that is presented at a time outside this range will not be + considered valid. By default, certificates are valid from the UNIX Epoch + to the distant future. + + For certificates to be used for user or host authentication, the CA + public key must be trusted by sshd(8) or ssh(1). Refer to those manual + pages for details. + +FIDO AUTHENTICATOR + ssh-keygen is able to generate FIDO authenticator-backed keys, after + which they may be used much like any other key type supported by OpenSSH, + so long as the hardware authenticator is attached when the keys are used. + FIDO authenticators generally require the user to explicitly authorise + operations by touching or tapping them. FIDO keys consist of two parts: + a key handle part stored in the private key file on disk, and a per- + device private key that is unique to each FIDO authenticator and that + cannot be exported from the authenticator hardware. These are combined + by the hardware at authentication time to derive the real key that is + used to sign authentication challenges. Supported key types are ecdsa-sk + and ed25519-sk. + + The options that are valid for FIDO keys are: + + application + Override the default FIDO application/origin string of M-bM-^@M-^\ssh:M-bM-^@M-^]. + This may be useful when generating host or domain-specific + resident keys. The specified application string must begin with + M-bM-^@M-^\ssh:M-bM-^@M-^]. + + challenge=path + Specifies a path to a challenge string that will be passed to the + FIDO authenticator during key generation. The challenge string + may be used as part of an out-of-band protocol for key enrollment + (a random challenge is used by default). + + device Explicitly specify a fido(4) device to use, rather than letting + the authenticator middleware select one. + + no-touch-required + Indicate that the generated private key should not require touch + events (user presence) when making signatures. Note that sshd(8) + will refuse such signatures by default, unless overridden via an + authorized_keys option. + + resident + Indicate that the key handle should be stored on the FIDO + authenticator itself. This makes it easier to use the + authenticator on multiple computers. Resident keys may be + supported on FIDO2 authenticators and typically require that a + PIN be set on the authenticator prior to generation. Resident + keys may be loaded off the authenticator using ssh-add(1). + Storing both parts of a key on a FIDO authenticator increases the + likelihood of an attacker being able to use a stolen + authenticator device. + + user A username to be associated with a resident key, overriding the + empty default username. Specifying a username may be useful when + generating multiple resident keys for the same application name. + + verify-required + Indicate that this private key should require user verification + for each signature. Not all FIDO authenticators support this + option. Currently PIN authentication is the only supported + verification method, but other methods may be supported in the + future. + + write-attestation=path + May be used at key generation time to record the attestation data + returned from FIDO authenticators during key generation. This + information is potentially sensitive. By default, this + information is discarded. + +KEY REVOCATION LISTS + ssh-keygen is able to manage OpenSSH format Key Revocation Lists (KRLs). + These binary files specify keys or certificates to be revoked using a + compact format, taking as little as one bit per certificate if they are + being revoked by serial number. + + KRLs may be generated using the -k flag. This option reads one or more + files from the command line and generates a new KRL. The files may + either contain a KRL specification (see below) or public keys, listed one + per line. Plain public keys are revoked by listing their hash or + contents in the KRL and certificates revoked by serial number or key ID + (if the serial is zero or not available). + + Revoking keys using a KRL specification offers explicit control over the + types of record used to revoke keys and may be used to directly revoke + certificates by serial number or key ID without having the complete + original certificate on hand. A KRL specification consists of lines + containing one of the following directives followed by a colon and some + directive-specific information. + + serial: serial_number[-serial_number] + Revokes a certificate with the specified serial number. Serial + numbers are 64-bit values, not including zero and may be + expressed in decimal, hex or octal. If two serial numbers are + specified separated by a hyphen, then the range of serial numbers + including and between each is revoked. The CA key must have been + specified on the ssh-keygen command line using the -s option. + + id: key_id + Revokes a certificate with the specified key ID string. The CA + key must have been specified on the ssh-keygen command line using + the -s option. + + key: public_key + Revokes the specified key. If a certificate is listed, then it + is revoked as a plain public key. + + sha1: public_key + Revokes the specified key by including its SHA1 hash in the KRL. + + sha256: public_key + Revokes the specified key by including its SHA256 hash in the + KRL. KRLs that revoke keys by SHA256 hash are not supported by + OpenSSH versions prior to 7.9. + + hash: fingerprint + Revokes a key using a fingerprint hash, as obtained from a + sshd(8) authentication log message or the ssh-keygen -l flag. + Only SHA256 fingerprints are supported here and resultant KRLs + are not supported by OpenSSH versions prior to 7.9. + + KRLs may be updated using the -u flag in addition to -k. When this + option is specified, keys listed via the command line are merged into the + KRL, adding to those already there. + + It is also possible, given a KRL, to test whether it revokes a particular + key (or keys). The -Q flag will query an existing KRL, testing each key + specified on the command line. If any key listed on the command line has + been revoked (or an error encountered) then ssh-keygen will exit with a + non-zero exit status. A zero exit status will only be returned if no key + was revoked. + +ALLOWED SIGNERS + When verifying signatures, ssh-keygen uses a simple list of identities + and keys to determine whether a signature comes from an authorized + source. This "allowed signers" file uses a format patterned after the + AUTHORIZED_KEYS FILE FORMAT described in sshd(8). Each line of the file + contains the following space-separated fields: principals, options, + keytype, base64-encoded key. Empty lines and lines starting with a M-bM-^@M-^X#M-bM-^@M-^Y + are ignored as comments. + + The principals field is a pattern-list (see PATTERNS in ssh_config(5)) + consisting of one or more comma-separated USER@DOMAIN identity patterns + that are accepted for signing. When verifying, the identity presented + via the -I option must match a principals pattern in order for the + corresponding key to be considered acceptable for verification. + + The options (if present) consist of comma-separated option + specifications. No spaces are permitted, except within double quotes. + The following option specifications are supported (note that option + keywords are case-insensitive): + + cert-authority + Indicates that this key is accepted as a certificate authority + (CA) and that certificates signed by this CA may be accepted for + verification. + + namespaces=namespace-list + Specifies a pattern-list of namespaces that are accepted for this + key. If this option is present, the signature namespace embedded + in the signature object and presented on the verification + command-line must match the specified list before the key will be + considered acceptable. + + valid-after=timestamp + Indicates that the key is valid for use at or after the specified + timestamp, which may be a date or time in the YYYYMMDD[Z] or + YYYYMMDDHHMM[SS][Z] formats. Dates and times will be interpreted + in the current system time zone unless suffixed with a Z + character, which causes them to be interpreted in the UTC time + zone. + + valid-before=timestamp + Indicates that the key is valid for use at or before the + specified timestamp. + + When verifying signatures made by certificates, the expected principal + name must match both the principals pattern in the allowed signers file + and the principals embedded in the certificate itself. + + An example allowed signers file: + + # Comments allowed at start of line + user1@example.com,user2@example.com ssh-rsa AAAAX1... + # A certificate authority, trusted for all principals in a domain. + *@example.com cert-authority ssh-ed25519 AAAB4... + # A key that is accepted only for file signing. + user2@example.com namespaces="file" ssh-ed25519 AAA41... + +ENVIRONMENT + SSH_SK_PROVIDER + Specifies a path to a library that will be used when loading any + FIDO authenticator-hosted keys, overriding the default of using + the built-in USB HID support. + +FILES + ~/.ssh/id_ecdsa + ~/.ssh/id_ecdsa_sk + ~/.ssh/id_ed25519 + ~/.ssh/id_ed25519_sk + ~/.ssh/id_rsa + Contains the ECDSA, authenticator-hosted ECDSA, Ed25519, + authenticator-hosted Ed25519 or RSA authentication identity of + the user. This file should not be readable by anyone but the + user. It is possible to specify a passphrase when generating the + key; that passphrase will be used to encrypt the private part of + this file using 128-bit AES. This file is not automatically + accessed by ssh-keygen but it is offered as the default file for + the private key. ssh(1) will read this file when a login attempt + is made. + + ~/.ssh/id_ecdsa.pub + ~/.ssh/id_ecdsa_sk.pub + ~/.ssh/id_ed25519.pub + ~/.ssh/id_ed25519_sk.pub + ~/.ssh/id_rsa.pub + Contains the ECDSA, authenticator-hosted ECDSA, Ed25519, + authenticator-hosted Ed25519 or RSA public key for + authentication. The contents of this file should be added to + ~/.ssh/authorized_keys on all machines where the user wishes to + log in using public key authentication. There is no need to keep + the contents of this file secret. + + /etc/moduli + Contains Diffie-Hellman groups used for DH-GEX. The file format + is described in moduli(5). + +SEE ALSO + ssh(1), ssh-add(1), ssh-agent(1), moduli(5), sshd(8) + + The Secure Shell (SSH) Public Key File Format, RFC 4716, 2006. + +AUTHORS + OpenSSH is a derivative of the original and free ssh 1.2.12 release by + Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo + de Raadt and Dug Song removed many bugs, re-added newer features and + created OpenSSH. Markus Friedl contributed the support for SSH protocol + versions 1.5 and 2.0. + +OpenBSD 7.5 June 17, 2024 OpenBSD 7.5 diff --git a/ssh-keyscan.0 b/ssh-keyscan.0 new file mode 100644 index 000000000..110399094 --- /dev/null +++ b/ssh-keyscan.0 @@ -0,0 +1,123 @@ +SSH-KEYSCAN(1) General Commands Manual SSH-KEYSCAN(1) + +NAME + ssh-keyscan M-bM-^@M-^S gather SSH public keys from servers + +SYNOPSIS + ssh-keyscan [-46cDHqv] [-f file] [-O option] [-p port] [-T timeout] + [-t type] [host | addrlist namelist] + +DESCRIPTION + ssh-keyscan is a utility for gathering the public SSH host keys of a + number of hosts. It was designed to aid in building and verifying + ssh_known_hosts files, the format of which is documented in sshd(8). + ssh-keyscan provides a minimal interface suitable for use by shell and + perl scripts. + + ssh-keyscan uses non-blocking socket I/O to contact as many hosts as + possible in parallel, so it is very efficient. The keys from a domain of + 1,000 hosts can be collected in tens of seconds, even when some of those + hosts are down or do not run sshd(8). For scanning, one does not need + login access to the machines that are being scanned, nor does the + scanning process involve any encryption. + + Hosts to be scanned may be specified by hostname, address or by CIDR + network range (e.g. 192.168.16/28). If a network range is specified, + then all addresses in that range will be scanned. + + The options are as follows: + + -4 Force ssh-keyscan to use IPv4 addresses only. + + -6 Force ssh-keyscan to use IPv6 addresses only. + + -c Request certificates from target hosts instead of plain keys. + + -D Print keys found as SSHFP DNS records. The default is to print + keys in a format usable as a ssh(1) known_hosts file. + + -f file + Read hosts or M-bM-^@M-^\addrlist namelistM-bM-^@M-^] pairs from file, one per line. + If M-bM-^@M-^X-M-bM-^@M-^Y is supplied instead of a filename, ssh-keyscan will read + from the standard input. Names read from a file must start with + an address, hostname or CIDR network range to be scanned. + Addresses and hostnames may optionally be followed by comma- + separated name or address aliases that will be copied to the + output. For example: + + 192.168.11.0/24 + 10.20.1.1 + happy.example.org + 10.0.0.1,sad.example.org + + -H Hash all hostnames and addresses in the output. Hashed names may + be used normally by ssh(1) and sshd(8), but they do not reveal + identifying information should the file's contents be disclosed. + + -O option + Specify a key/value option. At present, only a single option is + supported: + + hashalg=algorithm + Selects a hash algorithm to use when printing SSHFP + records using the -D flag. Valid algorithms are M-bM-^@M-^\sha1M-bM-^@M-^] + and M-bM-^@M-^\sha256M-bM-^@M-^]. The default is to print both. + + -p port + Connect to port on the remote host. + + -q Quiet mode: do not print server host name and banners in + comments. + + -T timeout + Set the timeout for connection attempts. If timeout seconds have + elapsed since a connection was initiated to a host or since the + last time anything was read from that host, the connection is + closed and the host in question considered unavailable. The + default is 5 seconds. + + -t type + Specify the type of the key to fetch from the scanned hosts. The + possible values are M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^], M-bM-^@M-^\ecdsa-skM-bM-^@M-^], M-bM-^@M-^\ed25519-skM-bM-^@M-^], + or M-bM-^@M-^\rsaM-bM-^@M-^]. Multiple values may be specified by separating them + with commas. The default is to fetch all the above key types. + + -v Verbose mode: print debugging messages about progress. + + If an ssh_known_hosts file is constructed using ssh-keyscan without + verifying the keys, users will be vulnerable to man in the middle + attacks. On the other hand, if the security model allows such a risk, + ssh-keyscan can help in the detection of tampered keyfiles or man in the + middle attacks which have begun after the ssh_known_hosts file was + created. + +FILES + /etc/ssh/ssh_known_hosts + +EXAMPLES + Print the RSA host key for machine hostname: + + $ ssh-keyscan -t rsa hostname + + Search a network range, printing all supported key types: + + $ ssh-keyscan 192.168.0.64/25 + + Find all hosts from the file ssh_hosts which have new or different keys + from those in the sorted file ssh_known_hosts: + + $ ssh-keyscan -t rsa,ecdsa,ed25519 -f ssh_hosts | \ + sort -u - ssh_known_hosts | diff ssh_known_hosts - + +SEE ALSO + ssh(1), sshd(8) + + Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints, RFC + 4255, 2006. + +AUTHORS + David Mazieres wrote the initial version, and Wayne + Davison added support for protocol version + 2. + +OpenBSD 7.5 June 17, 2024 OpenBSD 7.5 diff --git a/ssh-keysign.0 b/ssh-keysign.0 new file mode 100644 index 000000000..577955d1b --- /dev/null +++ b/ssh-keysign.0 @@ -0,0 +1,50 @@ +SSH-KEYSIGN(8) System Manager's Manual SSH-KEYSIGN(8) + +NAME + ssh-keysign M-bM-^@M-^S OpenSSH helper for host-based authentication + +SYNOPSIS + ssh-keysign + +DESCRIPTION + ssh-keysign is used by ssh(1) to access the local host keys and generate + the digital signature required during host-based authentication. + + ssh-keysign is disabled by default and can only be enabled in the global + client configuration file /etc/ssh/ssh_config by setting EnableSSHKeysign + to M-bM-^@M-^\yesM-bM-^@M-^]. + + ssh-keysign is not intended to be invoked by the user, but from ssh(1). + See ssh(1) and sshd(8) for more information about host-based + authentication. + +FILES + /etc/ssh/ssh_config + Controls whether ssh-keysign is enabled. + + /etc/ssh/ssh_host_ecdsa_key + /etc/ssh/ssh_host_ed25519_key + /etc/ssh/ssh_host_rsa_key + These files contain the private parts of the host keys used to + generate the digital signature. They should be owned by root, + readable only by root, and not accessible to others. Since they + are readable only by root, ssh-keysign must be set-uid root if + host-based authentication is used. + + /etc/ssh/ssh_host_ecdsa_key-cert.pub + /etc/ssh/ssh_host_ed25519_key-cert.pub + /etc/ssh/ssh_host_rsa_key-cert.pub + If these files exist, they are assumed to contain public + certificate information corresponding with the private keys + above. + +SEE ALSO + ssh(1), ssh-keygen(1), ssh_config(5), sshd(8) + +HISTORY + ssh-keysign first appeared in OpenBSD 3.2. + +AUTHORS + Markus Friedl + +OpenBSD 7.5 June 17, 2024 OpenBSD 7.5 diff --git a/ssh-pkcs11-helper.0 b/ssh-pkcs11-helper.0 new file mode 100644 index 000000000..564587259 --- /dev/null +++ b/ssh-pkcs11-helper.0 @@ -0,0 +1,35 @@ +SSH-PKCS11-HELPER(8) System Manager's Manual SSH-PKCS11-HELPER(8) + +NAME + ssh-pkcs11-helper M-bM-^@M-^S OpenSSH helper for PKCS#11 support + +SYNOPSIS + ssh-pkcs11-helper [-v] + +DESCRIPTION + ssh-pkcs11-helper is used by ssh(1), ssh-agent(1), and ssh-keygen(1) to + access keys provided by a PKCS#11 token. + + ssh-pkcs11-helper is not intended to be invoked directly by the user. + + A single option is supported: + + -v Verbose mode. Causes ssh-pkcs11-helper to print debugging + messages about its progress. This is helpful in debugging + problems. Multiple -v options increase the verbosity. The + maximum is 3. + + Note that ssh(1), ssh-agent(1), and ssh-keygen(1) will + automatically pass the -v flag to ssh-pkcs11-helper when they + have themselves been placed in debug mode. + +SEE ALSO + ssh(1), ssh-agent(1), ssh-keygen(1) + +HISTORY + ssh-pkcs11-helper first appeared in OpenBSD 4.7. + +AUTHORS + Markus Friedl + +OpenBSD 7.5 April 29, 2022 OpenBSD 7.5 diff --git a/ssh-sk-helper.0 b/ssh-sk-helper.0 new file mode 100644 index 000000000..ea2117abd --- /dev/null +++ b/ssh-sk-helper.0 @@ -0,0 +1,34 @@ +SSH-SK-HELPER(8) System Manager's Manual SSH-SK-HELPER(8) + +NAME + ssh-sk-helper M-bM-^@M-^S OpenSSH helper for FIDO authenticator support + +SYNOPSIS + ssh-sk-helper [-v] + +DESCRIPTION + ssh-sk-helper is used by ssh(1), ssh-agent(1), and ssh-keygen(1) to + access keys provided by a FIDO authenticator. + + ssh-sk-helper is not intended to be invoked directly by the user. + + A single option is supported: + + -v Verbose mode. Causes ssh-sk-helper to print debugging messages + about its progress. This is helpful in debugging problems. + Multiple -v options increase the verbosity. The maximum is 3. + + Note that ssh(1), ssh-agent(1), and ssh-keygen(1) will + automatically pass the -v flag to ssh-sk-helper when they have + themselves been placed in debug mode. + +SEE ALSO + ssh(1), ssh-agent(1), ssh-keygen(1) + +HISTORY + ssh-sk-helper first appeared in OpenBSD 6.7. + +AUTHORS + Damien Miller + +OpenBSD 7.5 April 29, 2022 OpenBSD 7.5 diff --git a/ssh.0 b/ssh.0 new file mode 100644 index 000000000..78863b1b0 --- /dev/null +++ b/ssh.0 @@ -0,0 +1,1019 @@ +SSH(1) General Commands Manual SSH(1) + +NAME + ssh M-bM-^@M-^S OpenSSH remote login client + +SYNOPSIS + ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] [-b bind_address] + [-c cipher_spec] [-D [bind_address:]port] [-E log_file] + [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] + [-J destination] [-L address] [-l login_name] [-m mac_spec] + [-O ctl_cmd] [-o option] [-P tag] [-p port] [-R address] + [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] destination + [command [argument ...]] + ssh [-Q query_option] + +DESCRIPTION + ssh (SSH client) is a program for logging into a remote machine and for + executing commands on a remote machine. It is intended to provide secure + encrypted communications between two untrusted hosts over an insecure + network. X11 connections, arbitrary TCP ports and UNIX-domain sockets + can also be forwarded over the secure channel. + + ssh connects and logs into the specified destination, which may be + specified as either [user@]hostname or a URI of the form + ssh://[user@]hostname[:port]. The user must prove their identity to the + remote machine using one of several methods (see below). + + If a command is specified, it will be executed on the remote host instead + of a login shell. A complete command line may be specified as command, + or it may have additional arguments. If supplied, the arguments will be + appended to the command, separated by spaces, before it is sent to the + server to be executed. + + The options are as follows: + + -4 Forces ssh to use IPv4 addresses only. + + -6 Forces ssh to use IPv6 addresses only. + + -A Enables forwarding of connections from an authentication agent + such as ssh-agent(1). This can also be specified on a per-host + basis in a configuration file. + + Agent forwarding should be enabled with caution. Users with the + ability to bypass file permissions on the remote host (for the + agent's UNIX-domain socket) can access the local agent through + the forwarded connection. An attacker cannot obtain key material + from the agent, however they can perform operations on the keys + that enable them to authenticate using the identities loaded into + the agent. A safer alternative may be to use a jump host (see + -J). + + -a Disables forwarding of the authentication agent connection. + + -B bind_interface + Bind to the address of bind_interface before attempting to + connect to the destination host. This is only useful on systems + with more than one address. + + -b bind_address + Use bind_address on the local machine as the source address of + the connection. Only useful on systems with more than one + address. + + -C Requests compression of all data (including stdin, stdout, + stderr, and data for forwarded X11, TCP and UNIX-domain + connections). The compression algorithm is the same used by + gzip(1). Compression is desirable on modem lines and other slow + connections, but will only slow down things on fast networks. + The default value can be set on a host-by-host basis in the + configuration files; see the Compression option in ssh_config(5). + + -c cipher_spec + Selects the cipher specification for encrypting the session. + cipher_spec is a comma-separated list of ciphers listed in order + of preference. See the Ciphers keyword in ssh_config(5) for more + information. + + -D [bind_address:]port + Specifies a local M-bM-^@M-^\dynamicM-bM-^@M-^] application-level port forwarding. + This works by allocating a socket to listen to port on the local + side, optionally bound to the specified bind_address. Whenever a + connection is made to this port, the connection is forwarded over + the secure channel, and the application protocol is then used to + determine where to connect to from the remote machine. Currently + the SOCKS4 and SOCKS5 protocols are supported, and ssh will act + as a SOCKS server. Only root can forward privileged ports. + Dynamic port forwardings can also be specified in the + configuration file. + + IPv6 addresses can be specified by enclosing the address in + square brackets. Only the superuser can forward privileged + ports. By default, the local port is bound in accordance with + the GatewayPorts setting. However, an explicit bind_address may + be used to bind the connection to a specific address. The + bind_address of M-bM-^@M-^\localhostM-bM-^@M-^] indicates that the listening port be + bound for local use only, while an empty address or M-bM-^@M-^X*M-bM-^@M-^Y indicates + that the port should be available from all interfaces. + + -E log_file + Append debug logs to log_file instead of standard error. + + -e escape_char + Sets the escape character for sessions with a pty (default: M-bM-^@M-^X~M-bM-^@M-^Y). + The escape character is only recognized at the beginning of a + line. The escape character followed by a dot (M-bM-^@M-^X.M-bM-^@M-^Y) closes the + connection; followed by control-Z suspends the connection; and + followed by itself sends the escape character once. Setting the + character to M-bM-^@M-^\noneM-bM-^@M-^] disables any escapes and makes the session + fully transparent. + + -F configfile + Specifies an alternative per-user configuration file. If a + configuration file is given on the command line, the system-wide + configuration file (/etc/ssh/ssh_config) will be ignored. The + default for the per-user configuration file is ~/.ssh/config. If + set to M-bM-^@M-^\noneM-bM-^@M-^], no configuration files will be read. + + -f Requests ssh to go to background just before command execution. + This is useful if ssh is going to ask for passwords or + passphrases, but the user wants it in the background. This + implies -n. The recommended way to start X11 programs at a + remote site is with something like ssh -f host xterm. + + If the ExitOnForwardFailure configuration option is set to M-bM-^@M-^\yesM-bM-^@M-^], + then a client started with -f will wait for all remote port + forwards to be successfully established before placing itself in + the background. Refer to the description of + ForkAfterAuthentication in ssh_config(5) for details. + + -G Causes ssh to print its configuration after evaluating Host and + Match blocks and exit. + + -g Allows remote hosts to connect to local forwarded ports. If used + on a multiplexed connection, then this option must be specified + on the master process. + + -I pkcs11 + Specify the PKCS#11 shared library ssh should use to communicate + with a PKCS#11 token providing keys for user authentication. + + -i identity_file + Selects a file from which the identity (private key) for public + key authentication is read. You can also specify a public key + file to use the corresponding private key that is loaded in + ssh-agent(1) when the private key file is not present locally. + The default is ~/.ssh/id_rsa, ~/.ssh/id_ecdsa, + ~/.ssh/id_ecdsa_sk, ~/.ssh/id_ed25519 and ~/.ssh/id_ed25519_sk. + Identity files may also be specified on a per-host basis in the + configuration file. It is possible to have multiple -i options + (and multiple identities specified in configuration files). If + no certificates have been explicitly specified by the + CertificateFile directive, ssh will also try to load certificate + information from the filename obtained by appending -cert.pub to + identity filenames. + + -J destination + Connect to the target host by first making an ssh connection to + the jump host described by destination and then establishing a + TCP forwarding to the ultimate destination from there. Multiple + jump hops may be specified separated by comma characters. IPv6 + addresses can be specified by enclosing the address in square + brackets. This is a shortcut to specify a ProxyJump + configuration directive. Note that configuration directives + supplied on the command-line generally apply to the destination + host and not any specified jump hosts. Use ~/.ssh/config to + specify configuration for jump hosts. + + -K Enables GSSAPI-based authentication and forwarding (delegation) + of GSSAPI credentials to the server. + + -k Disables forwarding (delegation) of GSSAPI credentials to the + server. + + -L [bind_address:]port:host:hostport + -L [bind_address:]port:remote_socket + -L local_socket:host:hostport + -L local_socket:remote_socket + Specifies that connections to the given TCP port or Unix socket + on the local (client) host are to be forwarded to the given host + and port, or Unix socket, on the remote side. This works by + allocating a socket to listen to either a TCP port on the local + side, optionally bound to the specified bind_address, or to a + Unix socket. Whenever a connection is made to the local port or + socket, the connection is forwarded over the secure channel, and + a connection is made to either host port hostport, or the Unix + socket remote_socket, from the remote machine. + + Port forwardings can also be specified in the configuration file. + Only the superuser can forward privileged ports. IPv6 addresses + can be specified by enclosing the address in square brackets. + + By default, the local port is bound in accordance with the + GatewayPorts setting. However, an explicit bind_address may be + used to bind the connection to a specific address. The + bind_address of M-bM-^@M-^\localhostM-bM-^@M-^] indicates that the listening port be + bound for local use only, while an empty address or M-bM-^@M-^X*M-bM-^@M-^Y indicates + that the port should be available from all interfaces. + + -l login_name + Specifies the user to log in as on the remote machine. This also + may be specified on a per-host basis in the configuration file. + + -M Places the ssh client into M-bM-^@M-^\masterM-bM-^@M-^] mode for connection sharing. + Multiple -M options places ssh into M-bM-^@M-^\masterM-bM-^@M-^] mode but with + confirmation required using ssh-askpass(1) before each operation + that changes the multiplexing state (e.g. opening a new session). + Refer to the description of ControlMaster in ssh_config(5) for + details. + + -m mac_spec + A comma-separated list of MAC (message authentication code) + algorithms, specified in order of preference. See the MACs + keyword in ssh_config(5) for more information. + + -N Do not execute a remote command. This is useful for just + forwarding ports. Refer to the description of SessionType in + ssh_config(5) for details. + + -n Redirects stdin from /dev/null (actually, prevents reading from + stdin). This must be used when ssh is run in the background. A + common trick is to use this to run X11 programs on a remote + machine. For example, ssh -n shadows.cs.hut.fi emacs & will + start an emacs on shadows.cs.hut.fi, and the X11 connection will + be automatically forwarded over an encrypted channel. The ssh + program will be put in the background. (This does not work if + ssh needs to ask for a password or passphrase; see also the -f + option.) Refer to the description of StdinNull in ssh_config(5) + for details. + + -O ctl_cmd + Control an active connection multiplexing master process. When + the -O option is specified, the ctl_cmd argument is interpreted + and passed to the master process. Valid commands are: M-bM-^@M-^\checkM-bM-^@M-^] + (check that the master process is running), M-bM-^@M-^\forwardM-bM-^@M-^] (request + forwardings without command execution), M-bM-^@M-^\cancelM-bM-^@M-^] (cancel + forwardings), M-bM-^@M-^\exitM-bM-^@M-^] (request the master to exit), and M-bM-^@M-^\stopM-bM-^@M-^] + (request the master to stop accepting further multiplexing + requests). + + -o option + Can be used to give options in the format used in the + configuration file. This is useful for specifying options for + which there is no separate command-line flag. For full details + of the options listed below, and their possible values, see + ssh_config(5). + + AddKeysToAgent + AddressFamily + BatchMode + BindAddress + CanonicalDomains + CanonicalizeFallbackLocal + CanonicalizeHostname + CanonicalizeMaxDots + CanonicalizePermittedCNAMEs + CASignatureAlgorithms + CertificateFile + CheckHostIP + Ciphers + ClearAllForwardings + Compression + ConnectionAttempts + ConnectTimeout + ControlMaster + ControlPath + ControlPersist + DynamicForward + EnableEscapeCommandline + EscapeChar + ExitOnForwardFailure + FingerprintHash + ForkAfterAuthentication + ForwardAgent + ForwardX11 + ForwardX11Timeout + ForwardX11Trusted + GatewayPorts + GlobalKnownHostsFile + GSSAPIAuthentication + GSSAPIDelegateCredentials + HashKnownHosts + Host + HostbasedAcceptedAlgorithms + HostbasedAuthentication + HostKeyAlgorithms + HostKeyAlias + Hostname + IdentitiesOnly + IdentityAgent + IdentityFile + IPQoS + KbdInteractiveAuthentication + KbdInteractiveDevices + KexAlgorithms + KnownHostsCommand + LocalCommand + LocalForward + LogLevel + MACs + Match + NoHostAuthenticationForLocalhost + NumberOfPasswordPrompts + PasswordAuthentication + PermitLocalCommand + PermitRemoteOpen + PKCS11Provider + Port + PreferredAuthentications + ProxyCommand + ProxyJump + ProxyUseFdpass + PubkeyAcceptedAlgorithms + PubkeyAuthentication + RekeyLimit + RemoteCommand + RemoteForward + RequestTTY + RequiredRSASize + SendEnv + ServerAliveInterval + ServerAliveCountMax + SessionType + SetEnv + StdinNull + StreamLocalBindMask + StreamLocalBindUnlink + StrictHostKeyChecking + TCPKeepAlive + Tunnel + TunnelDevice + UpdateHostKeys + User + UserKnownHostsFile + VerifyHostKeyDNS + VisualHostKey + XAuthLocation + + -P tag Specify a tag name that may be used to select configuration in + ssh_config(5). Refer to the Tag and Match keywords in + ssh_config(5) for more information. + -p port + Port to connect to on the remote host. This can be specified on + a per-host basis in the configuration file. + + -Q query_option + Queries for the algorithms supported by one of the following + features: cipher (supported symmetric ciphers), cipher-auth + (supported symmetric ciphers that support authenticated + encryption), help (supported query terms for use with the -Q + flag), mac (supported message integrity codes), kex (key exchange + algorithms), key (key types), key-ca-sign (valid CA signature + algorithms for certificates), key-cert (certificate key types), + key-plain (non-certificate key types), key-sig (all key types and + signature algorithms), protocol-version (supported SSH protocol + versions), and sig (supported signature algorithms). + Alternatively, any keyword from ssh_config(5) or sshd_config(5) + that takes an algorithm list may be used as an alias for the + corresponding query_option. + + -q Quiet mode. Causes most warning and diagnostic messages to be + suppressed. + + -R [bind_address:]port:host:hostport + -R [bind_address:]port:local_socket + -R remote_socket:host:hostport + -R remote_socket:local_socket + -R [bind_address:]port + Specifies that connections to the given TCP port or Unix socket + on the remote (server) host are to be forwarded to the local + side. + + This works by allocating a socket to listen to either a TCP port + or to a Unix socket on the remote side. Whenever a connection is + made to this port or Unix socket, the connection is forwarded + over the secure channel, and a connection is made from the local + machine to either an explicit destination specified by host port + hostport, or local_socket, or, if no explicit destination was + specified, ssh will act as a SOCKS 4/5 proxy and forward + connections to the destinations requested by the remote SOCKS + client. + + Port forwardings can also be specified in the configuration file. + Privileged ports can be forwarded only when logging in as root on + the remote machine. IPv6 addresses can be specified by enclosing + the address in square brackets. + + By default, TCP listening sockets on the server will be bound to + the loopback interface only. This may be overridden by + specifying a bind_address. An empty bind_address, or the address + M-bM-^@M-^X*M-bM-^@M-^Y, indicates that the remote socket should listen on all + interfaces. Specifying a remote bind_address will only succeed + if the server's GatewayPorts option is enabled (see + sshd_config(5)). + + If the port argument is M-bM-^@M-^X0M-bM-^@M-^Y, the listen port will be dynamically + allocated on the server and reported to the client at run time. + When used together with -O forward, the allocated port will be + printed to the standard output. + + -S ctl_path + Specifies the location of a control socket for connection + sharing, or the string M-bM-^@M-^\noneM-bM-^@M-^] to disable connection sharing. + Refer to the description of ControlPath and ControlMaster in + ssh_config(5) for details. + + -s May be used to request invocation of a subsystem on the remote + system. Subsystems facilitate the use of SSH as a secure + transport for other applications (e.g. sftp(1)). The subsystem + is specified as the remote command. Refer to the description of + SessionType in ssh_config(5) for details. + + -T Disable pseudo-terminal allocation. + + -t Force pseudo-terminal allocation. This can be used to execute + arbitrary screen-based programs on a remote machine, which can be + very useful, e.g. when implementing menu services. Multiple -t + options force tty allocation, even if ssh has no local tty. + + -V Display the version number and exit. + + -v Verbose mode. Causes ssh to print debugging messages about its + progress. This is helpful in debugging connection, + authentication, and configuration problems. Multiple -v options + increase the verbosity. The maximum is 3. + + -W host:port + Requests that standard input and output on the client be + forwarded to host on port over the secure channel. Implies -N, + -T, ExitOnForwardFailure and ClearAllForwardings, though these + can be overridden in the configuration file or using -o command + line options. + + -w local_tun[:remote_tun] + Requests tunnel device forwarding with the specified tun(4) + devices between the client (local_tun) and the server + (remote_tun). + + The devices may be specified by numerical ID or the keyword + M-bM-^@M-^\anyM-bM-^@M-^], which uses the next available tunnel device. If + remote_tun is not specified, it defaults to M-bM-^@M-^\anyM-bM-^@M-^]. See also the + Tunnel and TunnelDevice directives in ssh_config(5). + + If the Tunnel directive is unset, it will be set to the default + tunnel mode, which is M-bM-^@M-^\point-to-pointM-bM-^@M-^]. If a different Tunnel + forwarding mode it desired, then it should be specified before + -w. + + -X Enables X11 forwarding. This can also be specified on a per-host + basis in a configuration file. + + X11 forwarding should be enabled with caution. Users with the + ability to bypass file permissions on the remote host (for the + user's X authorization database) can access the local X11 display + through the forwarded connection. An attacker may then be able + to perform activities such as keystroke monitoring. + + For this reason, X11 forwarding is subjected to X11 SECURITY + extension restrictions by default. Refer to the ssh -Y option + and the ForwardX11Trusted directive in ssh_config(5) for more + information. + + -x Disables X11 forwarding. + + -Y Enables trusted X11 forwarding. Trusted X11 forwardings are not + subjected to the X11 SECURITY extension controls. + + -y Send log information using the syslog(3) system module. By + default this information is sent to stderr. + + ssh may additionally obtain configuration data from a per-user + configuration file and a system-wide configuration file. The file format + and configuration options are described in ssh_config(5). + +AUTHENTICATION + The OpenSSH SSH client supports SSH protocol 2. + + The methods available for authentication are: GSSAPI-based + authentication, host-based authentication, public key authentication, + keyboard-interactive authentication, and password authentication. + Authentication methods are tried in the order specified above, though + PreferredAuthentications can be used to change the default order. + + Host-based authentication works as follows: If the machine the user logs + in from is listed in /etc/hosts.equiv or /etc/shosts.equiv on the remote + machine, the user is non-root and the user names are the same on both + sides, or if the files ~/.rhosts or ~/.shosts exist in the user's home + directory on the remote machine and contain a line containing the name of + the client machine and the name of the user on that machine, the user is + considered for login. Additionally, the server must be able to verify + the client's host key (see the description of /etc/ssh/ssh_known_hosts + and ~/.ssh/known_hosts, below) for login to be permitted. This + authentication method closes security holes due to IP spoofing, DNS + spoofing, and routing spoofing. [Note to the administrator: + /etc/hosts.equiv, ~/.rhosts, and the rlogin/rsh protocol in general, are + inherently insecure and should be disabled if security is desired.] + + Public key authentication works as follows: The scheme is based on + public-key cryptography, using cryptosystems where encryption and + decryption are done using separate keys, and it is unfeasible to derive + the decryption key from the encryption key. The idea is that each user + creates a public/private key pair for authentication purposes. The + server knows the public key, and only the user knows the private key. + ssh implements public key authentication protocol automatically, using + one of the ECDSA, Ed25519 or RSA algorithms. + + The file ~/.ssh/authorized_keys lists the public keys that are permitted + for logging in. When the user logs in, the ssh program tells the server + which key pair it would like to use for authentication. The client + proves that it has access to the private key and the server checks that + the corresponding public key is authorized to accept the account. + + The server may inform the client of errors that prevented public key + authentication from succeeding after authentication completes using a + different method. These may be viewed by increasing the LogLevel to + DEBUG or higher (e.g. by using the -v flag). + + The user creates their key pair by running ssh-keygen(1). This stores + the private key in ~/.ssh/id_ecdsa (ECDSA), ~/.ssh/id_ecdsa_sk + (authenticator-hosted ECDSA), ~/.ssh/id_ed25519 (Ed25519), + ~/.ssh/id_ed25519_sk (authenticator-hosted Ed25519), or ~/.ssh/id_rsa + (RSA) and stores the public key in ~/.ssh/id_ecdsa.pub (ECDSA), + ~/.ssh/id_ecdsa_sk.pub (authenticator-hosted ECDSA), + ~/.ssh/id_ed25519.pub (Ed25519), ~/.ssh/id_ed25519_sk.pub (authenticator- + hosted Ed25519), or ~/.ssh/id_rsa.pub (RSA) in the user's home directory. + The user should then copy the public key to ~/.ssh/authorized_keys in + their home directory on the remote machine. The authorized_keys file + corresponds to the conventional ~/.rhosts file, and has one key per line, + though the lines can be very long. After this, the user can log in + without giving the password. + + A variation on public key authentication is available in the form of + certificate authentication: instead of a set of public/private keys, + signed certificates are used. This has the advantage that a single + trusted certification authority can be used in place of many + public/private keys. See the CERTIFICATES section of ssh-keygen(1) for + more information. + + The most convenient way to use public key or certificate authentication + may be with an authentication agent. See ssh-agent(1) and (optionally) + the AddKeysToAgent directive in ssh_config(5) for more information. + + Keyboard-interactive authentication works as follows: The server sends an + arbitrary "challenge" text and prompts for a response, possibly multiple + times. Examples of keyboard-interactive authentication include BSD + Authentication (see login.conf(5)) and PAM (some non-OpenBSD systems). + + Finally, if other authentication methods fail, ssh prompts the user for a + password. The password is sent to the remote host for checking; however, + since all communications are encrypted, the password cannot be seen by + someone listening on the network. + + ssh automatically maintains and checks a database containing + identification for all hosts it has ever been used with. Host keys are + stored in ~/.ssh/known_hosts in the user's home directory. Additionally, + the file /etc/ssh/ssh_known_hosts is automatically checked for known + hosts. Any new hosts are automatically added to the user's file. If a + host's identification ever changes, ssh warns about this and disables + password authentication to prevent server spoofing or man-in-the-middle + attacks, which could otherwise be used to circumvent the encryption. The + StrictHostKeyChecking option can be used to control logins to machines + whose host key is not known or has changed. + + When the user's identity has been accepted by the server, the server + either executes the given command in a non-interactive session or, if no + command has been specified, logs into the machine and gives the user a + normal shell as an interactive session. All communication with the + remote command or shell will be automatically encrypted. + + If an interactive session is requested, ssh by default will only request + a pseudo-terminal (pty) for interactive sessions when the client has one. + The flags -T and -t can be used to override this behaviour. + + If a pseudo-terminal has been allocated, the user may use the escape + characters noted below. + + If no pseudo-terminal has been allocated, the session is transparent and + can be used to reliably transfer binary data. On most systems, setting + the escape character to M-bM-^@M-^\noneM-bM-^@M-^] will also make the session transparent + even if a tty is used. + + The session terminates when the command or shell on the remote machine + exits and all X11 and TCP connections have been closed. + +ESCAPE CHARACTERS + When a pseudo-terminal has been requested, ssh supports a number of + functions through the use of an escape character. + + A single tilde character can be sent as ~~ or by following the tilde by a + character other than those described below. The escape character must + always follow a newline to be interpreted as special. The escape + character can be changed in configuration files using the EscapeChar + configuration directive or on the command line by the -e option. + + The supported escapes (assuming the default M-bM-^@M-^X~M-bM-^@M-^Y) are: + + ~. Disconnect. + + ~^Z Background ssh. + + ~# List forwarded connections. + + ~& Background ssh at logout when waiting for forwarded connection / + X11 sessions to terminate. + + ~? Display a list of escape characters. + + ~B Send a BREAK to the remote system (only useful if the peer + supports it). + + ~C Open command line. Currently this allows the addition of port + forwardings using the -L, -R and -D options (see above). It also + allows the cancellation of existing port-forwardings with + -KL[bind_address:]port for local, -KR[bind_address:]port for + remote and -KD[bind_address:]port for dynamic port-forwardings. + !command allows the user to execute a local command if the + PermitLocalCommand option is enabled in ssh_config(5). Basic + help is available, using the -h option. + + ~R Request rekeying of the connection (only useful if the peer + supports it). + + ~V Decrease the verbosity (LogLevel) when errors are being written + to stderr. + + ~v Increase the verbosity (LogLevel) when errors are being written + to stderr. + +TCP FORWARDING + Forwarding of arbitrary TCP connections over a secure channel can be + specified either on the command line or in a configuration file. One + possible application of TCP forwarding is a secure connection to a mail + server; another is going through firewalls. + + In the example below, we look at encrypting communication for an IRC + client, even though the IRC server it connects to does not directly + support encrypted communication. This works as follows: the user + connects to the remote host using ssh, specifying the ports to be used to + forward the connection. After that it is possible to start the program + locally, and ssh will encrypt and forward the connection to the remote + server. + + The following example tunnels an IRC session from the client to an IRC + server at M-bM-^@M-^\server.example.comM-bM-^@M-^], joining channel M-bM-^@M-^\#usersM-bM-^@M-^], nickname + M-bM-^@M-^\pinkyM-bM-^@M-^], using the standard IRC port, 6667: + + $ ssh -f -L 6667:localhost:6667 server.example.com sleep 10 + $ irc -c '#users' pinky IRC/127.0.0.1 + + The -f option backgrounds ssh and the remote command M-bM-^@M-^\sleep 10M-bM-^@M-^] is + specified to allow an amount of time (10 seconds, in the example) to + start the program which is going to use the tunnel. If no connections + are made within the time specified, ssh will exit. + +X11 FORWARDING + If the ForwardX11 variable is set to M-bM-^@M-^\yesM-bM-^@M-^] (or see the description of the + -X, -x, and -Y options above) and the user is using X11 (the DISPLAY + environment variable is set), the connection to the X11 display is + automatically forwarded to the remote side in such a way that any X11 + programs started from the shell (or command) will go through the + encrypted channel, and the connection to the real X server will be made + from the local machine. The user should not manually set DISPLAY. + Forwarding of X11 connections can be configured on the command line or in + configuration files. + + The DISPLAY value set by ssh will point to the server machine, but with a + display number greater than zero. This is normal, and happens because + ssh creates a M-bM-^@M-^\proxyM-bM-^@M-^] X server on the server machine for forwarding the + connections over the encrypted channel. + + ssh will also automatically set up Xauthority data on the server machine. + For this purpose, it will generate a random authorization cookie, store + it in Xauthority on the server, and verify that any forwarded connections + carry this cookie and replace it by the real cookie when the connection + is opened. The real authentication cookie is never sent to the server + machine (and no cookies are sent in the plain). + + If the ForwardAgent variable is set to M-bM-^@M-^\yesM-bM-^@M-^] (or see the description of + the -A and -a options above) and the user is using an authentication + agent, the connection to the agent is automatically forwarded to the + remote side. + +VERIFYING HOST KEYS + When connecting to a server for the first time, a fingerprint of the + server's public key is presented to the user (unless the option + StrictHostKeyChecking has been disabled). Fingerprints can be determined + using ssh-keygen(1): + + $ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key + + If the fingerprint is already known, it can be matched and the key can be + accepted or rejected. If only legacy (MD5) fingerprints for the server + are available, the ssh-keygen(1) -E option may be used to downgrade the + fingerprint algorithm to match. + + Because of the difficulty of comparing host keys just by looking at + fingerprint strings, there is also support to compare host keys visually, + using random art. By setting the VisualHostKey option to M-bM-^@M-^\yesM-bM-^@M-^], a small + ASCII graphic gets displayed on every login to a server, no matter if the + session itself is interactive or not. By learning the pattern a known + server produces, a user can easily find out that the host key has changed + when a completely different pattern is displayed. Because these patterns + are not unambiguous however, a pattern that looks similar to the pattern + remembered only gives a good probability that the host key is the same, + not guaranteed proof. + + To get a listing of the fingerprints along with their random art for all + known hosts, the following command line can be used: + + $ ssh-keygen -lv -f ~/.ssh/known_hosts + + If the fingerprint is unknown, an alternative method of verification is + available: SSH fingerprints verified by DNS. An additional resource + record (RR), SSHFP, is added to a zonefile and the connecting client is + able to match the fingerprint with that of the key presented. + + In this example, we are connecting a client to a server, + M-bM-^@M-^\host.example.comM-bM-^@M-^]. The SSHFP resource records should first be added to + the zonefile for host.example.com: + + $ ssh-keygen -r host.example.com. + + The output lines will have to be added to the zonefile. To check that + the zone is answering fingerprint queries: + + $ dig -t SSHFP host.example.com + + Finally the client connects: + + $ ssh -o "VerifyHostKeyDNS ask" host.example.com + [...] + Matching host key fingerprint found in DNS. + Are you sure you want to continue connecting (yes/no)? + + See the VerifyHostKeyDNS option in ssh_config(5) for more information. + +SSH-BASED VIRTUAL PRIVATE NETWORKS + ssh contains support for Virtual Private Network (VPN) tunnelling using + the tun(4) network pseudo-device, allowing two networks to be joined + securely. The sshd_config(5) configuration option PermitTunnel controls + whether the server supports this, and at what level (layer 2 or 3 + traffic). + + The following example would connect client network 10.0.50.0/24 with + remote network 10.0.99.0/24 using a point-to-point connection from + 10.1.1.1 to 10.1.1.2, provided that the SSH server running on the gateway + to the remote network, at 192.168.1.15, allows it. + + On the client: + + # ssh -f -w 0:1 192.168.1.15 true + # ifconfig tun0 10.1.1.1 10.1.1.2 netmask 255.255.255.252 + # route add 10.0.99.0/24 10.1.1.2 + + On the server: + + # ifconfig tun1 10.1.1.2 10.1.1.1 netmask 255.255.255.252 + # route add 10.0.50.0/24 10.1.1.1 + + Client access may be more finely tuned via the /root/.ssh/authorized_keys + file (see below) and the PermitRootLogin server option. The following + entry would permit connections on tun(4) device 1 from user M-bM-^@M-^\janeM-bM-^@M-^] and on + tun device 2 from user M-bM-^@M-^\johnM-bM-^@M-^], if PermitRootLogin is set to + M-bM-^@M-^\forced-commands-onlyM-bM-^@M-^]: + + tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane + tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john + + Since an SSH-based setup entails a fair amount of overhead, it may be + more suited to temporary setups, such as for wireless VPNs. More + permanent VPNs are better provided by tools such as ipsecctl(8) and + isakmpd(8). + +ENVIRONMENT + ssh will normally set the following environment variables: + + DISPLAY The DISPLAY variable indicates the location of the + X11 server. It is automatically set by ssh to + point to a value of the form M-bM-^@M-^\hostname:nM-bM-^@M-^], where + M-bM-^@M-^\hostnameM-bM-^@M-^] indicates the host where the shell runs, + and M-bM-^@M-^XnM-bM-^@M-^Y is an integer M-bM-^IM-% 1. ssh uses this special + value to forward X11 connections over the secure + channel. The user should normally not set DISPLAY + explicitly, as that will render the X11 connection + insecure (and will require the user to manually + copy any required authorization cookies). + + HOME Set to the path of the user's home directory. + + LOGNAME Synonym for USER; set for compatibility with + systems that use this variable. + + MAIL Set to the path of the user's mailbox. + + PATH Set to the default PATH, as specified when + compiling ssh. + + SSH_ASKPASS If ssh needs a passphrase, it will read the + passphrase from the current terminal if it was run + from a terminal. If ssh does not have a terminal + associated with it but DISPLAY and SSH_ASKPASS are + set, it will execute the program specified by + SSH_ASKPASS and open an X11 window to read the + passphrase. This is particularly useful when + calling ssh from a .xsession or related script. + (Note that on some machines it may be necessary to + redirect the input from /dev/null to make this + work.) + + SSH_ASKPASS_REQUIRE Allows further control over the use of an askpass + program. If this variable is set to M-bM-^@M-^\neverM-bM-^@M-^] then + ssh will never attempt to use one. If it is set to + M-bM-^@M-^\preferM-bM-^@M-^], then ssh will prefer to use the askpass + program instead of the TTY when requesting + passwords. Finally, if the variable is set to + M-bM-^@M-^\forceM-bM-^@M-^], then the askpass program will be used for + all passphrase input regardless of whether DISPLAY + is set. + + SSH_AUTH_SOCK Identifies the path of a UNIX-domain socket used to + communicate with the agent. + + SSH_CONNECTION Identifies the client and server ends of the + connection. The variable contains four space- + separated values: client IP address, client port + number, server IP address, and server port number. + + SSH_ORIGINAL_COMMAND This variable contains the original command line if + a forced command is executed. It can be used to + extract the original arguments. + + SSH_TTY This is set to the name of the tty (path to the + device) associated with the current shell or + command. If the current session has no tty, this + variable is not set. + + SSH_TUNNEL Optionally set by sshd(8) to contain the interface + names assigned if tunnel forwarding was requested + by the client. + + SSH_USER_AUTH Optionally set by sshd(8), this variable may + contain a pathname to a file that lists the + authentication methods successfully used when the + session was established, including any public keys + that were used. + + TZ This variable is set to indicate the present time + zone if it was set when the daemon was started + (i.e. the daemon passes the value on to new + connections). + + USER Set to the name of the user logging in. + + Additionally, ssh reads ~/.ssh/environment, and adds lines of the format + M-bM-^@M-^\VARNAME=valueM-bM-^@M-^] to the environment if the file exists and users are + allowed to change their environment. For more information, see the + PermitUserEnvironment option in sshd_config(5). + +FILES + ~/.rhosts + This file is used for host-based authentication (see above). On + some machines this file may need to be world-readable if the + user's home directory is on an NFS partition, because sshd(8) + reads it as root. Additionally, this file must be owned by the + user, and must not have write permissions for anyone else. The + recommended permission for most machines is read/write for the + user, and not accessible by others. + + ~/.shosts + This file is used in exactly the same way as .rhosts, but allows + host-based authentication without permitting login with + rlogin/rsh. + + ~/.ssh/ + This directory is the default location for all user-specific + configuration and authentication information. There is no + general requirement to keep the entire contents of this directory + secret, but the recommended permissions are read/write/execute + for the user, and not accessible by others. + + ~/.ssh/authorized_keys + Lists the public keys (ECDSA, Ed25519, RSA) that can be used for + logging in as this user. The format of this file is described in + the sshd(8) manual page. This file is not highly sensitive, but + the recommended permissions are read/write for the user, and not + accessible by others. + + ~/.ssh/config + This is the per-user configuration file. The file format and + configuration options are described in ssh_config(5). Because of + the potential for abuse, this file must have strict permissions: + read/write for the user, and not writable by others. + + ~/.ssh/environment + Contains additional definitions for environment variables; see + ENVIRONMENT, above. + + ~/.ssh/id_ecdsa + ~/.ssh/id_ecdsa_sk + ~/.ssh/id_ed25519 + ~/.ssh/id_ed25519_sk + ~/.ssh/id_rsa + Contains the private key for authentication. These files contain + sensitive data and should be readable by the user but not + accessible by others (read/write/execute). ssh will simply + ignore a private key file if it is accessible by others. It is + possible to specify a passphrase when generating the key which + will be used to encrypt the sensitive part of this file using + AES-128. + + ~/.ssh/id_ecdsa.pub + ~/.ssh/id_ecdsa_sk.pub + ~/.ssh/id_ed25519.pub + ~/.ssh/id_ed25519_sk.pub + ~/.ssh/id_rsa.pub + Contains the public key for authentication. These files are not + sensitive and can (but need not) be readable by anyone. + + ~/.ssh/known_hosts + Contains a list of host keys for all hosts the user has logged + into that are not already in the systemwide list of known host + keys. See sshd(8) for further details of the format of this + file. + + ~/.ssh/rc + Commands in this file are executed by ssh when the user logs in, + just before the user's shell (or command) is started. See the + sshd(8) manual page for more information. + + /etc/hosts.equiv + This file is for host-based authentication (see above). It + should only be writable by root. + + /etc/shosts.equiv + This file is used in exactly the same way as hosts.equiv, but + allows host-based authentication without permitting login with + rlogin/rsh. + + /etc/ssh/ssh_config + Systemwide configuration file. The file format and configuration + options are described in ssh_config(5). + + /etc/ssh/ssh_host_ecdsa_key + /etc/ssh/ssh_host_ed25519_key + /etc/ssh/ssh_host_rsa_key + These files contain the private parts of the host keys and are + used for host-based authentication. + + /etc/ssh/ssh_known_hosts + Systemwide list of known host keys. This file should be prepared + by the system administrator to contain the public host keys of + all machines in the organization. It should be world-readable. + See sshd(8) for further details of the format of this file. + + /etc/ssh/sshrc + Commands in this file are executed by ssh when the user logs in, + just before the user's shell (or command) is started. See the + sshd(8) manual page for more information. + +EXIT STATUS + ssh exits with the exit status of the remote command or with 255 if an + error occurred. + +SEE ALSO + scp(1), sftp(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), ssh-keyscan(1), + tun(4), ssh_config(5), ssh-keysign(8), sshd(8) + +STANDARDS + S. Lehtinen and C. Lonvick, The Secure Shell (SSH) Protocol Assigned + Numbers, RFC 4250, January 2006. + + T. Ylonen and C. Lonvick, The Secure Shell (SSH) Protocol Architecture, + RFC 4251, January 2006. + + T. Ylonen and C. Lonvick, The Secure Shell (SSH) Authentication Protocol, + RFC 4252, January 2006. + + T. Ylonen and C. Lonvick, The Secure Shell (SSH) Transport Layer + Protocol, RFC 4253, January 2006. + + T. Ylonen and C. Lonvick, The Secure Shell (SSH) Connection Protocol, RFC + 4254, January 2006. + + J. Schlyter and W. Griffin, Using DNS to Securely Publish Secure Shell + (SSH) Key Fingerprints, RFC 4255, January 2006. + + F. Cusack and M. Forssen, Generic Message Exchange Authentication for the + Secure Shell Protocol (SSH), RFC 4256, January 2006. + + J. Galbraith and P. Remaker, The Secure Shell (SSH) Session Channel Break + Extension, RFC 4335, January 2006. + + M. Bellare, T. Kohno, and C. Namprempre, The Secure Shell (SSH) Transport + Layer Encryption Modes, RFC 4344, January 2006. + + B. Harris, Improved Arcfour Modes for the Secure Shell (SSH) Transport + Layer Protocol, RFC 4345, January 2006. + + M. Friedl, N. Provos, and W. Simpson, Diffie-Hellman Group Exchange for + the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006. + + J. Galbraith and R. Thayer, The Secure Shell (SSH) Public Key File + Format, RFC 4716, November 2006. + + D. Stebila and J. Green, Elliptic Curve Algorithm Integration in the + Secure Shell Transport Layer, RFC 5656, December 2009. + + A. Perrig and D. Song, Hash Visualization: a New Technique to improve + Real-World Security, 1999, International Workshop on Cryptographic + Techniques and E-Commerce (CrypTEC '99). + +AUTHORS + OpenSSH is a derivative of the original and free ssh 1.2.12 release by + Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo + de Raadt and Dug Song removed many bugs, re-added newer features and + created OpenSSH. Markus Friedl contributed the support for SSH protocol + versions 1.5 and 2.0. + +OpenBSD 7.5 June 27, 2024 OpenBSD 7.5 diff --git a/ssh_config.0 b/ssh_config.0 new file mode 100644 index 000000000..ef6c0936a --- /dev/null +++ b/ssh_config.0 @@ -0,0 +1,1431 @@ +SSH_CONFIG(5) File Formats Manual SSH_CONFIG(5) + +NAME + ssh_config M-bM-^@M-^S OpenSSH client configuration file + +DESCRIPTION + ssh(1) obtains configuration data from the following sources in the + following order: + + 1. command-line options + 2. user's configuration file (~/.ssh/config) + 3. system-wide configuration file (/etc/ssh/ssh_config) + + Unless noted otherwise, for each parameter, the first obtained value will + be used. The configuration files contain sections separated by Host + specifications, and that section is only applied for hosts that match one + of the patterns given in the specification. The matched host name is + usually the one given on the command line (see the CanonicalizeHostname + option for exceptions). + + Since the first obtained value for each parameter is used, more host- + specific declarations should be given near the beginning of the file, and + general defaults at the end. + + The file contains keyword-argument pairs, one per line. Lines starting + with M-bM-^@M-^X#M-bM-^@M-^Y and empty lines are interpreted as comments. Arguments may + optionally be enclosed in double quotes (") in order to represent + arguments containing spaces. Configuration options may be separated by + whitespace or optional whitespace and exactly one M-bM-^@M-^X=M-bM-^@M-^Y; the latter format + is useful to avoid the need to quote whitespace when specifying + configuration options using the ssh, scp, and sftp -o option. + + The possible keywords and their meanings are as follows (note that + keywords are case-insensitive and arguments are case-sensitive): + + Host Restricts the following declarations (up to the next Host or + Match keyword) to be only for those hosts that match one of the + patterns given after the keyword. If more than one pattern is + provided, they should be separated by whitespace. A single M-bM-^@M-^X*M-bM-^@M-^Y + as a pattern can be used to provide global defaults for all + hosts. The host is usually the hostname argument given on the + command line (see the CanonicalizeHostname keyword for + exceptions). + + A pattern entry may be negated by prefixing it with an + exclamation mark (M-bM-^@M-^X!M-bM-^@M-^Y). If a negated entry is matched, then the + Host entry is ignored, regardless of whether any other patterns + on the line match. Negated matches are therefore useful to + provide exceptions for wildcard matches. + + See PATTERNS for more information on patterns. + + Match Restricts the following declarations (up to the next Host or + Match keyword) to be used only when the conditions following the + Match keyword are satisfied. Match conditions are specified + using one or more criteria or the single token all which always + matches. The available criteria keywords are: canonical, final, + exec, localnetwork, host, originalhost, tagged, user, and + localuser. The all criteria must appear alone or immediately + after canonical or final. Other criteria may be combined + arbitrarily. All criteria but all, canonical, and final require + an argument. Criteria may be negated by prepending an + exclamation mark (M-bM-^@M-^X!M-bM-^@M-^Y). + + The canonical keyword matches only when the configuration file is + being re-parsed after hostname canonicalization (see the + CanonicalizeHostname option). This may be useful to specify + conditions that work with canonical host names only. + + The final keyword requests that the configuration be re-parsed + (regardless of whether CanonicalizeHostname is enabled), and + matches only during this final pass. If CanonicalizeHostname is + enabled, then canonical and final match during the same pass. + + The exec keyword executes the specified command under the user's + shell. If the command returns a zero exit status then the + condition is considered true. Commands containing whitespace + characters must be quoted. Arguments to exec accept the tokens + described in the TOKENS section. + + The localnetwork keyword matches the addresses of active local + network interfaces against the supplied list of networks in CIDR + format. This may be convenient for varying the effective + configuration on devices that roam between networks. Note that + network address is not a trustworthy criteria in many situations + (e.g. when the network is automatically configured using DHCP) + and so caution should be applied if using it to control security- + sensitive configuration. + + The other keywords' criteria must be single entries or comma- + separated lists and may use the wildcard and negation operators + described in the PATTERNS section. The criteria for the host + keyword are matched against the target hostname, after any + substitution by the Hostname or CanonicalizeHostname options. + The originalhost keyword matches against the hostname as it was + specified on the command-line. The tagged keyword matches a tag + name specified by a prior Tag directive or on the ssh(1) command- + line using the -P flag. The user keyword matches against the + target username on the remote host. The localuser keyword + matches against the name of the local user running ssh(1) (this + keyword may be useful in system-wide ssh_config files). + + AddKeysToAgent + Specifies whether keys should be automatically added to a running + ssh-agent(1). If this option is set to yes and a key is loaded + from a file, the key and its passphrase are added to the agent + with the default lifetime, as if by ssh-add(1). If this option + is set to ask, ssh(1) will require confirmation using the + SSH_ASKPASS program before adding a key (see ssh-add(1) for + details). If this option is set to confirm, each use of the key + must be confirmed, as if the -c option was specified to + ssh-add(1). If this option is set to no, no keys are added to + the agent. Alternately, this option may be specified as a time + interval using the format described in the TIME FORMATS section + of sshd_config(5) to specify the key's lifetime in ssh-agent(1), + after which it will automatically be removed. The argument must + be no (the default), yes, confirm (optionally followed by a time + interval), ask or a time interval. + + AddressFamily + Specifies which address family to use when connecting. Valid + arguments are any (the default), inet (use IPv4 only), or inet6 + (use IPv6 only). + + BatchMode + If set to yes, user interaction such as password prompts and host + key confirmation requests will be disabled. This option is + useful in scripts and other batch jobs where no user is present + to interact with ssh(1). The argument must be yes or no (the + default). + + BindAddress + Use the specified address on the local machine as the source + address of the connection. Only useful on systems with more than + one address. + + BindInterface + Use the address of the specified interface on the local machine + as the source address of the connection. + + CanonicalDomains + When CanonicalizeHostname is enabled, this option specifies the + list of domain suffixes in which to search for the specified + destination host. + + CanonicalizeFallbackLocal + Specifies whether to fail with an error when hostname + canonicalization fails. The default, yes, will attempt to look + up the unqualified hostname using the system resolver's search + rules. A value of no will cause ssh(1) to fail instantly if + CanonicalizeHostname is enabled and the target hostname cannot be + found in any of the domains specified by CanonicalDomains. + + CanonicalizeHostname + Controls whether explicit hostname canonicalization is performed. + The default, no, is not to perform any name rewriting and let the + system resolver handle all hostname lookups. If set to yes then, + for connections that do not use a ProxyCommand or ProxyJump, + ssh(1) will attempt to canonicalize the hostname specified on the + command line using the CanonicalDomains suffixes and + CanonicalizePermittedCNAMEs rules. If CanonicalizeHostname is + set to always, then canonicalization is applied to proxied + connections too. + + If this option is enabled, then the configuration files are + processed again using the new target name to pick up any new + configuration in matching Host and Match stanzas. A value of + none disables the use of a ProxyJump host. + + CanonicalizeMaxDots + Specifies the maximum number of dot characters in a hostname + before canonicalization is disabled. The default, 1, allows a + single dot (i.e. hostname.subdomain). + + CanonicalizePermittedCNAMEs + Specifies rules to determine whether CNAMEs should be followed + when canonicalizing hostnames. The rules consist of one or more + arguments of source_domain_list:target_domain_list, where + source_domain_list is a pattern-list of domains that may follow + CNAMEs in canonicalization, and target_domain_list is a pattern- + list of domains that they may resolve to. + + For example, "*.a.example.com:*.b.example.com,*.c.example.com" + will allow hostnames matching "*.a.example.com" to be + canonicalized to names in the "*.b.example.com" or + "*.c.example.com" domains. + + A single argument of "none" causes no CNAMEs to be considered for + canonicalization. This is the default behaviour. + + CASignatureAlgorithms + Specifies which algorithms are allowed for signing of + certificates by certificate authorities (CAs). The default is: + + ssh-ed25519,ecdsa-sha2-nistp256, + ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, + sk-ssh-ed25519@openssh.com, + sk-ecdsa-sha2-nistp256@openssh.com, + rsa-sha2-512,rsa-sha2-256 + + If the specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the + specified algorithms will be appended to the default set instead + of replacing them. If the specified list begins with a M-bM-^@M-^X-M-bM-^@M-^Y + character, then the specified algorithms (including wildcards) + will be removed from the default set instead of replacing them. + + ssh(1) will not accept host certificates signed using algorithms + other than those specified. + + CertificateFile + Specifies a file from which the user's certificate is read. A + corresponding private key must be provided separately in order to + use this certificate either from an IdentityFile directive or -i + flag to ssh(1), via ssh-agent(1), or via a PKCS11Provider or + SecurityKeyProvider. + + Arguments to CertificateFile may use the tilde syntax to refer to + a user's home directory, the tokens described in the TOKENS + section and environment variables as described in the ENVIRONMENT + VARIABLES section. + + It is possible to have multiple certificate files specified in + configuration files; these certificates will be tried in + sequence. Multiple CertificateFile directives will add to the + list of certificates used for authentication. + + ChannelTimeout + Specifies whether and how quickly ssh(1) should close inactive + channels. Timeouts are specified as one or more M-bM-^@M-^\type=intervalM-bM-^@M-^] + pairs separated by whitespace, where the M-bM-^@M-^\typeM-bM-^@M-^] must be the + special keyword M-bM-^@M-^\globalM-bM-^@M-^] or a channel type name from the list + below, optionally containing wildcard characters. + + The timeout value M-bM-^@M-^\intervalM-bM-^@M-^] is specified in seconds or may use + any of the units documented in the TIME FORMATS section. For + example, M-bM-^@M-^\session=5mM-bM-^@M-^] would cause interactive sessions to + terminate after five minutes of inactivity. Specifying a zero + value disables the inactivity timeout. + + The special timeout M-bM-^@M-^\globalM-bM-^@M-^] applies to all active channels, + taken together. Traffic on any active channel will reset the + timeout, but when the timeout expires then all open channels will + be closed. Note that this global timeout is not matched by + wildcards and must be specified explicitly. + + The available channel type names include: + + agent-connection + Open connections to ssh-agent(1). + + direct-tcpip, direct-streamlocal@openssh.com + Open TCP or Unix socket (respectively) connections that + have been established from a ssh(1) local forwarding, + i.e. LocalForward or DynamicForward. + + forwarded-tcpip, forwarded-streamlocal@openssh.com + Open TCP or Unix socket (respectively) connections that + have been established to a sshd(8) listening on behalf of + a ssh(1) remote forwarding, i.e. RemoteForward. + + session + The interactive main session, including shell session, + command execution, scp(1), sftp(1), etc. + + tun-connection + Open TunnelForward connections. + + x11-connection + Open X11 forwarding sessions. + + Note that in all the above cases, terminating an inactive session + does not guarantee to remove all resources associated with the + session, e.g. shell processes or X11 clients relating to the + session may continue to execute. + + Moreover, terminating an inactive channel or session does not + necessarily close the SSH connection, nor does it prevent a + client from requesting another channel of the same type. In + particular, expiring an inactive forwarding session does not + prevent another identical forwarding from being subsequently + created. + + The default is not to expire channels of any type for inactivity. + + CheckHostIP + If set to yes, ssh(1) will additionally check the host IP address + in the known_hosts file. This allows it to detect if a host key + changed due to DNS spoofing and will add addresses of destination + hosts to ~/.ssh/known_hosts in the process, regardless of the + setting of StrictHostKeyChecking. If the option is set to no + (the default), the check will not be executed. + + Ciphers + Specifies the ciphers allowed and their order of preference. + Multiple ciphers must be comma-separated. If the specified list + begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified ciphers will be + appended to the default set instead of replacing them. If the + specified list begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified + ciphers (including wildcards) will be removed from the default + set instead of replacing them. If the specified list begins with + a M-bM-^@M-^X^M-bM-^@M-^Y character, then the specified ciphers will be placed at the + head of the default set. + + The supported ciphers are: + + 3des-cbc + aes128-cbc + aes192-cbc + aes256-cbc + aes128-ctr + aes192-ctr + aes256-ctr + aes128-gcm@openssh.com + aes256-gcm@openssh.com + chacha20-poly1305@openssh.com + + The default is: + + chacha20-poly1305@openssh.com, + aes128-ctr,aes192-ctr,aes256-ctr, + aes128-gcm@openssh.com,aes256-gcm@openssh.com + + The list of available ciphers may also be obtained using "ssh -Q + cipher". + + ClearAllForwardings + Specifies that all local, remote, and dynamic port forwardings + specified in the configuration files or on the command line be + cleared. This option is primarily useful when used from the + ssh(1) command line to clear port forwardings set in + configuration files, and is automatically set by scp(1) and + sftp(1). The argument must be yes or no (the default). + + Compression + Specifies whether to use compression. The argument must be yes + or no (the default). + + ConnectionAttempts + Specifies the number of tries (one per second) to make before + exiting. The argument must be an integer. This may be useful in + scripts if the connection sometimes fails. The default is 1. + + ConnectTimeout + Specifies the timeout (in seconds) used when connecting to the + SSH server, instead of using the default system TCP timeout. + This timeout is applied both to establishing the connection and + to performing the initial SSH protocol handshake and key + exchange. + + ControlMaster + Enables the sharing of multiple sessions over a single network + connection. When set to yes, ssh(1) will listen for connections + on a control socket specified using the ControlPath argument. + Additional sessions can connect to this socket using the same + ControlPath with ControlMaster set to no (the default). These + sessions will try to reuse the master instance's network + connection rather than initiating new ones, but will fall back to + connecting normally if the control socket does not exist, or is + not listening. + + Setting this to ask will cause ssh(1) to listen for control + connections, but require confirmation using ssh-askpass(1). If + the ControlPath cannot be opened, ssh(1) will continue without + connecting to a master instance. + + X11 and ssh-agent(1) forwarding is supported over these + multiplexed connections, however the display and agent forwarded + will be the one belonging to the master connection i.e. it is not + possible to forward multiple displays or agents. + + Two additional options allow for opportunistic multiplexing: try + to use a master connection but fall back to creating a new one if + one does not already exist. These options are: auto and autoask. + The latter requires confirmation like the ask option. + + ControlPath + Specify the path to the control socket used for connection + sharing as described in the ControlMaster section above or the + string none to disable connection sharing. Arguments to + ControlPath may use the tilde syntax to refer to a user's home + directory, the tokens described in the TOKENS section and + environment variables as described in the ENVIRONMENT VARIABLES + section. It is recommended that any ControlPath used for + opportunistic connection sharing include at least %h, %p, and %r + (or alternatively %C) and be placed in a directory that is not + writable by other users. This ensures that shared connections + are uniquely identified. + + ControlPersist + When used in conjunction with ControlMaster, specifies that the + master connection should remain open in the background (waiting + for future client connections) after the initial client + connection has been closed. If set to no (the default), then the + master connection will not be placed into the background, and + will close as soon as the initial client connection is closed. + If set to yes or 0, then the master connection will remain in the + background indefinitely (until killed or closed via a mechanism + such as the "ssh -O exit"). If set to a time in seconds, or a + time in any of the formats documented in sshd_config(5), then the + backgrounded master connection will automatically terminate after + it has remained idle (with no client connections) for the + specified time. + + DynamicForward + Specifies that a TCP port on the local machine be forwarded over + the secure channel, and the application protocol is then used to + determine where to connect to from the remote machine. + + The argument must be [bind_address:]port. IPv6 addresses can be + specified by enclosing addresses in square brackets. By default, + the local port is bound in accordance with the GatewayPorts + setting. However, an explicit bind_address may be used to bind + the connection to a specific address. The bind_address of + localhost indicates that the listening port be bound for local + use only, while an empty address or M-bM-^@M-^X*M-bM-^@M-^Y indicates that the port + should be available from all interfaces. + + Currently the SOCKS4 and SOCKS5 protocols are supported, and + ssh(1) will act as a SOCKS server. Multiple forwardings may be + specified, and additional forwardings can be given on the command + line. Only the superuser can forward privileged ports. + + EnableEscapeCommandline + Enables the command line option in the EscapeChar menu for + interactive sessions (default M-bM-^@M-^X~CM-bM-^@M-^Y). By default, the command + line is disabled. + + EnableSSHKeysign + Setting this option to yes in the global client configuration + file /etc/ssh/ssh_config enables the use of the helper program + ssh-keysign(8) during HostbasedAuthentication. The argument must + be yes or no (the default). This option should be placed in the + non-hostspecific section. See ssh-keysign(8) for more + information. + + EscapeChar + Sets the escape character (default: M-bM-^@M-^X~M-bM-^@M-^Y). The escape character + can also be set on the command line. The argument should be a + single character, M-bM-^@M-^X^M-bM-^@M-^Y followed by a letter, or none to disable + the escape character entirely (making the connection transparent + for binary data). + + ExitOnForwardFailure + Specifies whether ssh(1) should terminate the connection if it + cannot set up all requested dynamic, tunnel, local, and remote + port forwardings, (e.g. if either end is unable to bind and + listen on a specified port). Note that ExitOnForwardFailure does + not apply to connections made over port forwardings and will not, + for example, cause ssh(1) to exit if TCP connections to the + ultimate forwarding destination fail. The argument must be yes + or no (the default). + + FingerprintHash + Specifies the hash algorithm used when displaying key + fingerprints. Valid options are: md5 and sha256 (the default). + + ForkAfterAuthentication + Requests ssh to go to background just before command execution. + This is useful if ssh is going to ask for passwords or + passphrases, but the user wants it in the background. This + implies the StdinNull configuration option being set to M-bM-^@M-^\yesM-bM-^@M-^]. + The recommended way to start X11 programs at a remote site is + with something like ssh -f host xterm, which is the same as ssh + host xterm if the ForkAfterAuthentication configuration option is + set to M-bM-^@M-^\yesM-bM-^@M-^]. + + If the ExitOnForwardFailure configuration option is set to M-bM-^@M-^\yesM-bM-^@M-^], + then a client started with the ForkAfterAuthentication + configuration option being set to M-bM-^@M-^\yesM-bM-^@M-^] will wait for all remote + port forwards to be successfully established before placing + itself in the background. The argument to this keyword must be + yes (same as the -f option) or no (the default). + + ForwardAgent + Specifies whether the connection to the authentication agent (if + any) will be forwarded to the remote machine. The argument may + be yes, no (the default), an explicit path to an agent socket or + the name of an environment variable (beginning with M-bM-^@M-^X$M-bM-^@M-^Y) in which + to find the path. + + Agent forwarding should be enabled with caution. Users with the + ability to bypass file permissions on the remote host (for the + agent's Unix-domain socket) can access the local agent through + the forwarded connection. An attacker cannot obtain key material + from the agent, however they can perform operations on the keys + that enable them to authenticate using the identities loaded into + the agent. + + ForwardX11 + Specifies whether X11 connections will be automatically + redirected over the secure channel and DISPLAY set. The argument + must be yes or no (the default). + + X11 forwarding should be enabled with caution. Users with the + ability to bypass file permissions on the remote host (for the + user's X11 authorization database) can access the local X11 + display through the forwarded connection. An attacker may then + be able to perform activities such as keystroke monitoring if the + ForwardX11Trusted option is also enabled. + + ForwardX11Timeout + Specify a timeout for untrusted X11 forwarding using the format + described in the TIME FORMATS section of sshd_config(5). X11 + connections received by ssh(1) after this time will be refused. + Setting ForwardX11Timeout to zero will disable the timeout and + permit X11 forwarding for the life of the connection. The + default is to disable untrusted X11 forwarding after twenty + minutes has elapsed. + + ForwardX11Trusted + If this option is set to yes, remote X11 clients will have full + access to the original X11 display. + + If this option is set to no (the default), remote X11 clients + will be considered untrusted and prevented from stealing or + tampering with data belonging to trusted X11 clients. + Furthermore, the xauth(1) token used for the session will be set + to expire after 20 minutes. Remote clients will be refused + access after this time. + + See the X11 SECURITY extension specification for full details on + the restrictions imposed on untrusted clients. + + GatewayPorts + Specifies whether remote hosts are allowed to connect to local + forwarded ports. By default, ssh(1) binds local port forwardings + to the loopback address. This prevents other remote hosts from + connecting to forwarded ports. GatewayPorts can be used to + specify that ssh should bind local port forwardings to the + wildcard address, thus allowing remote hosts to connect to + forwarded ports. The argument must be yes or no (the default). + + GlobalKnownHostsFile + Specifies one or more files to use for the global host key + database, separated by whitespace. The default is + /etc/ssh/ssh_known_hosts, /etc/ssh/ssh_known_hosts2. + + GSSAPIAuthentication + Specifies whether user authentication based on GSSAPI is allowed. + The default is no. + + GSSAPIDelegateCredentials + Forward (delegate) credentials to the server. The default is no. + + HashKnownHosts + Indicates that ssh(1) should hash host names and addresses when + they are added to ~/.ssh/known_hosts. These hashed names may be + used normally by ssh(1) and sshd(8), but they do not visually + reveal identifying information if the file's contents are + disclosed. The default is no. Note that existing names and + addresses in known hosts files will not be converted + automatically, but may be manually hashed using ssh-keygen(1). + + HostbasedAcceptedAlgorithms + Specifies the signature algorithms that will be used for + hostbased authentication as a comma-separated list of patterns. + Alternately if the specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, + then the specified signature algorithms will be appended to the + default set instead of replacing them. If the specified list + begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified signature + algorithms (including wildcards) will be removed from the default + set instead of replacing them. If the specified list begins with + a M-bM-^@M-^X^M-bM-^@M-^Y character, then the specified signature algorithms will be + placed at the head of the default set. The default for this + option is: + + ssh-ed25519-cert-v01@openssh.com, + ecdsa-sha2-nistp256-cert-v01@openssh.com, + ecdsa-sha2-nistp384-cert-v01@openssh.com, + ecdsa-sha2-nistp521-cert-v01@openssh.com, + sk-ssh-ed25519-cert-v01@openssh.com, + sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, + rsa-sha2-512-cert-v01@openssh.com, + rsa-sha2-256-cert-v01@openssh.com, + ssh-ed25519, + ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, + sk-ssh-ed25519@openssh.com, + sk-ecdsa-sha2-nistp256@openssh.com, + rsa-sha2-512,rsa-sha2-256 + + The -Q option of ssh(1) may be used to list supported signature + algorithms. This was formerly named HostbasedKeyTypes. + + HostbasedAuthentication + Specifies whether to try rhosts based authentication with public + key authentication. The argument must be yes or no (the + default). + + HostKeyAlgorithms + Specifies the host key signature algorithms that the client wants + to use in order of preference. Alternately if the specified list + begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified signature + algorithms will be appended to the default set instead of + replacing them. If the specified list begins with a M-bM-^@M-^X-M-bM-^@M-^Y + character, then the specified signature algorithms (including + wildcards) will be removed from the default set instead of + replacing them. If the specified list begins with a M-bM-^@M-^X^M-bM-^@M-^Y + character, then the specified signature algorithms will be placed + at the head of the default set. The default for this option is: + + ssh-ed25519-cert-v01@openssh.com, + ecdsa-sha2-nistp256-cert-v01@openssh.com, + ecdsa-sha2-nistp384-cert-v01@openssh.com, + ecdsa-sha2-nistp521-cert-v01@openssh.com, + sk-ssh-ed25519-cert-v01@openssh.com, + sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, + rsa-sha2-512-cert-v01@openssh.com, + rsa-sha2-256-cert-v01@openssh.com, + ssh-ed25519, + ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, + sk-ecdsa-sha2-nistp256@openssh.com, + sk-ssh-ed25519@openssh.com, + rsa-sha2-512,rsa-sha2-256 + + If hostkeys are known for the destination host then this default + is modified to prefer their algorithms. + + The list of available signature algorithms may also be obtained + using "ssh -Q HostKeyAlgorithms". + + HostKeyAlias + Specifies an alias that should be used instead of the real host + name when looking up or saving the host key in the host key + database files and when validating host certificates. This + option is useful for tunneling SSH connections or for multiple + servers running on a single host. + + Hostname + Specifies the real host name to log into. This can be used to + specify nicknames or abbreviations for hosts. Arguments to + Hostname accept the tokens described in the TOKENS section. + Numeric IP addresses are also permitted (both on the command line + and in Hostname specifications). The default is the name given + on the command line. + + IdentitiesOnly + Specifies that ssh(1) should only use the configured + authentication identity and certificate files (either the default + files, or those explicitly configured in the ssh_config files or + passed on the ssh(1) command-line), even if ssh-agent(1) or a + PKCS11Provider or SecurityKeyProvider offers more identities. + The argument to this keyword must be yes or no (the default). + This option is intended for situations where ssh-agent offers + many different identities. + + IdentityAgent + Specifies the UNIX-domain socket used to communicate with the + authentication agent. + + This option overrides the SSH_AUTH_SOCK environment variable and + can be used to select a specific agent. Setting the socket name + to none disables the use of an authentication agent. If the + string "SSH_AUTH_SOCK" is specified, the location of the socket + will be read from the SSH_AUTH_SOCK environment variable. + Otherwise if the specified value begins with a M-bM-^@M-^X$M-bM-^@M-^Y character, + then it will be treated as an environment variable containing the + location of the socket. + + Arguments to IdentityAgent may use the tilde syntax to refer to a + user's home directory, the tokens described in the TOKENS section + and environment variables as described in the ENVIRONMENT + VARIABLES section. + + IdentityFile + Specifies a file from which the user's ECDSA, authenticator- + hosted ECDSA, Ed25519, authenticator-hosted Ed25519 or RSA + authentication identity is read. You can also specify a public + key file to use the corresponding private key that is loaded in + ssh-agent(1) when the private key file is not present locally. + The default is ~/.ssh/id_rsa, ~/.ssh/id_ecdsa, + ~/.ssh/id_ecdsa_sk, ~/.ssh/id_ed25519 and ~/.ssh/id_ed25519_sk. + Additionally, any identities represented by the authentication + agent will be used for authentication unless IdentitiesOnly is + set. If no certificates have been explicitly specified by + CertificateFile, ssh(1) will try to load certificate information + from the filename obtained by appending -cert.pub to the path of + a specified IdentityFile. + + Arguments to IdentityFile may use the tilde syntax to refer to a + user's home directory or the tokens described in the TOKENS + section. Alternately an argument of none may be used to indicate + no identity files should be loaded. + + It is possible to have multiple identity files specified in + configuration files; all these identities will be tried in + sequence. Multiple IdentityFile directives will add to the list + of identities tried (this behaviour differs from that of other + configuration directives). + + IdentityFile may be used in conjunction with IdentitiesOnly to + select which identities in an agent are offered during + authentication. IdentityFile may also be used in conjunction + with CertificateFile in order to provide any certificate also + needed for authentication with the identity. + + IgnoreUnknown + Specifies a pattern-list of unknown options to be ignored if they + are encountered in configuration parsing. This may be used to + suppress errors if ssh_config contains options that are + unrecognised by ssh(1). It is recommended that IgnoreUnknown be + listed early in the configuration file as it will not be applied + to unknown options that appear before it. + + Include + Include the specified configuration file(s). Multiple pathnames + may be specified and each pathname may contain glob(7) wildcards + and, for user configurations, shell-like M-bM-^@M-^X~M-bM-^@M-^Y references to user + home directories. Wildcards will be expanded and processed in + lexical order. Files without absolute paths are assumed to be in + ~/.ssh if included in a user configuration file or /etc/ssh if + included from the system configuration file. Include directive + may appear inside a Match or Host block to perform conditional + inclusion. + + IPQoS Specifies the IPv4 type-of-service or DSCP class for connections. + Accepted values are af11, af12, af13, af21, af22, af23, af31, + af32, af33, af41, af42, af43, cs0, cs1, cs2, cs3, cs4, cs5, cs6, + cs7, ef, le, lowdelay, throughput, reliability, a numeric value, + or none to use the operating system default. This option may + take one or two arguments, separated by whitespace. If one + argument is specified, it is used as the packet class + unconditionally. If two values are specified, the first is + automatically selected for interactive sessions and the second + for non-interactive sessions. The default is af21 (Low-Latency + Data) for interactive sessions and cs1 (Lower Effort) for non- + interactive sessions. + + KbdInteractiveAuthentication + Specifies whether to use keyboard-interactive authentication. + The argument to this keyword must be yes (the default) or no. + ChallengeResponseAuthentication is a deprecated alias for this. + + KbdInteractiveDevices + Specifies the list of methods to use in keyboard-interactive + authentication. Multiple method names must be comma-separated. + The default is to use the server specified list. The methods + available vary depending on what the server supports. For an + OpenSSH server, it may be zero or more of: bsdauth and pam. + + KexAlgorithms + Specifies the permitted KEX (Key Exchange) algorithms that will + be used and their preference order. The selected algorithm will + the the first algorithm in this list that the server also + supports. Multiple algorithms must be comma-separated. + + If the specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the + specified algorithms will be appended to the default set instead + of replacing them. If the specified list begins with a M-bM-^@M-^X-M-bM-^@M-^Y + character, then the specified algorithms (including wildcards) + will be removed from the default set instead of replacing them. + If the specified list begins with a M-bM-^@M-^X^M-bM-^@M-^Y character, then the + specified algorithms will be placed at the head of the default + set. + + The default is: + + sntrup761x25519-sha512@openssh.com, + curve25519-sha256,curve25519-sha256@libssh.org, + ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, + diffie-hellman-group-exchange-sha256, + diffie-hellman-group16-sha512, + diffie-hellman-group18-sha512, + diffie-hellman-group14-sha256 + + The list of supported key exchange algorithms may also be + obtained using "ssh -Q kex". + + KnownHostsCommand + Specifies a command to use to obtain a list of host keys, in + addition to those listed in UserKnownHostsFile and + GlobalKnownHostsFile. This command is executed after the files + have been read. It may write host key lines to standard output + in identical format to the usual files (described in the + VERIFYING HOST KEYS section in ssh(1)). Arguments to + KnownHostsCommand accept the tokens described in the TOKENS + section. The command may be invoked multiple times per + connection: once when preparing the preference list of host key + algorithms to use, again to obtain the host key for the requested + host name and, if CheckHostIP is enabled, one more time to obtain + the host key matching the server's address. If the command exits + abnormally or returns a non-zero exit status then the connection + is terminated. + + LocalCommand + Specifies a command to execute on the local machine after + successfully connecting to the server. The command string + extends to the end of the line, and is executed with the user's + shell. Arguments to LocalCommand accept the tokens described in + the TOKENS section. + + The command is run synchronously and does not have access to the + session of the ssh(1) that spawned it. It should not be used for + interactive commands. + + This directive is ignored unless PermitLocalCommand has been + enabled. + + LocalForward + Specifies that a TCP port on the local machine be forwarded over + the secure channel to the specified host and port from the remote + machine. The first argument specifies the listener and may be + [bind_address:]port or a Unix domain socket path. The second + argument is the destination and may be host:hostport or a Unix + domain socket path if the remote host supports it. + + IPv6 addresses can be specified by enclosing addresses in square + brackets. Multiple forwardings may be specified, and additional + forwardings can be given on the command line. Only the superuser + can forward privileged ports. By default, the local port is + bound in accordance with the GatewayPorts setting. However, an + explicit bind_address may be used to bind the connection to a + specific address. The bind_address of localhost indicates that + the listening port be bound for local use only, while an empty + address or M-bM-^@M-^X*M-bM-^@M-^Y indicates that the port should be available from + all interfaces. Unix domain socket paths may use the tokens + described in the TOKENS section and environment variables as + described in the ENVIRONMENT VARIABLES section. + + LogLevel + Gives the verbosity level that is used when logging messages from + ssh(1). The possible values are: QUIET, FATAL, ERROR, INFO, + VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is INFO. + DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify + higher levels of verbose output. + + LogVerbose + Specify one or more overrides to LogLevel. An override consists + of a pattern lists that matches the source file, function and + line number to force detailed logging for. For example, an + override pattern of: + + kex.c:*:1000,*:kex_exchange_identification():*,packet.c:* + + would enable detailed logging for line 1000 of kex.c, everything + in the kex_exchange_identification() function, and all code in + the packet.c file. This option is intended for debugging and no + overrides are enabled by default. + + MACs Specifies the MAC (message authentication code) algorithms in + order of preference. The MAC algorithm is used for data + integrity protection. Multiple algorithms must be comma- + separated. If the specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, + then the specified algorithms will be appended to the default set + instead of replacing them. If the specified list begins with a + M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified algorithms (including + wildcards) will be removed from the default set instead of + replacing them. If the specified list begins with a M-bM-^@M-^X^M-bM-^@M-^Y + character, then the specified algorithms will be placed at the + head of the default set. + + The algorithms that contain "-etm" calculate the MAC after + encryption (encrypt-then-mac). These are considered safer and + their use recommended. + + The default is: + + umac-64-etm@openssh.com,umac-128-etm@openssh.com, + hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, + hmac-sha1-etm@openssh.com, + umac-64@openssh.com,umac-128@openssh.com, + hmac-sha2-256,hmac-sha2-512,hmac-sha1 + + The list of available MAC algorithms may also be obtained using + "ssh -Q mac". + + NoHostAuthenticationForLocalhost + Disable host authentication for localhost (loopback addresses). + The argument to this keyword must be yes or no (the default). + + NumberOfPasswordPrompts + Specifies the number of password prompts before giving up. The + argument to this keyword must be an integer. The default is 3. + + ObscureKeystrokeTiming + Specifies whether ssh(1) should try to obscure inter-keystroke + timings from passive observers of network traffic. If enabled, + then for interactive sessions, ssh(1) will send keystrokes at + fixed intervals of a few tens of milliseconds and will send fake + keystroke packets for some time after typing ceases. The + argument to this keyword must be yes, no or an interval specifier + of the form interval:milliseconds (e.g. interval:80 for 80 + milliseconds). The default is to obscure keystrokes using a 20ms + packet interval. Note that smaller intervals will result in + higher fake keystroke packet rates. + + PasswordAuthentication + Specifies whether to use password authentication. The argument + to this keyword must be yes (the default) or no. + + PermitLocalCommand + Allow local command execution via the LocalCommand option or + using the !command escape sequence in ssh(1). The argument must + be yes or no (the default). + + PermitRemoteOpen + Specifies the destinations to which remote TCP port forwarding is + permitted when RemoteForward is used as a SOCKS proxy. The + forwarding specification must be one of the following forms: + + PermitRemoteOpen host:port + PermitRemoteOpen IPv4_addr:port + PermitRemoteOpen [IPv6_addr]:port + + Multiple forwards may be specified by separating them with + whitespace. An argument of any can be used to remove all + restrictions and permit any forwarding requests. An argument of + none can be used to prohibit all forwarding requests. The + wildcard M-bM-^@M-^X*M-bM-^@M-^Y can be used for host or port to allow all hosts or + ports respectively. Otherwise, no pattern matching or address + lookups are performed on supplied names. + + PKCS11Provider + Specifies which PKCS#11 provider to use or none to indicate that + no provider should be used (the default). The argument to this + keyword is a path to the PKCS#11 shared library ssh(1) should use + to communicate with a PKCS#11 token providing keys for user + authentication. + + Port Specifies the port number to connect on the remote host. The + default is 22. + + PreferredAuthentications + Specifies the order in which the client should try authentication + methods. This allows a client to prefer one method (e.g. + keyboard-interactive) over another method (e.g. password). The + default is: + + gssapi-with-mic,hostbased,publickey, + keyboard-interactive,password + + ProxyCommand + Specifies the command to use to connect to the server. The + command string extends to the end of the line, and is executed + using the user's shell M-bM-^@M-^XexecM-bM-^@M-^Y directive to avoid a lingering + shell process. + + Arguments to ProxyCommand accept the tokens described in the + TOKENS section. The command can be basically anything, and + should read from its standard input and write to its standard + output. It should eventually connect an sshd(8) server running + on some machine, or execute sshd -i somewhere. Host key + management will be done using the Hostname of the host being + connected (defaulting to the name typed by the user). Setting + the command to none disables this option entirely. Note that + CheckHostIP is not available for connects with a proxy command. + + This directive is useful in conjunction with nc(1) and its proxy + support. For example, the following directive would connect via + an HTTP proxy at 192.0.2.0: + + ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p + + ProxyJump + Specifies one or more jump proxies as either [user@]host[:port] + or an ssh URI. Multiple proxies may be separated by comma + characters and will be visited sequentially. Setting this option + will cause ssh(1) to connect to the target host by first making a + ssh(1) connection to the specified ProxyJump host and then + establishing a TCP forwarding to the ultimate target from there. + Setting the host to none disables this option entirely. + + Note that this option will compete with the ProxyCommand option - + whichever is specified first will prevent later instances of the + other from taking effect. + + Note also that the configuration for the destination host (either + supplied via the command-line or the configuration file) is not + generally applied to jump hosts. ~/.ssh/config should be used if + specific configuration is required for jump hosts. + + ProxyUseFdpass + Specifies that ProxyCommand will pass a connected file descriptor + back to ssh(1) instead of continuing to execute and pass data. + The default is no. + + PubkeyAcceptedAlgorithms + Specifies the signature algorithms that will be used for public + key authentication as a comma-separated list of patterns. If the + specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the algorithms + after it will be appended to the default instead of replacing it. + If the specified list begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the + specified algorithms (including wildcards) will be removed from + the default set instead of replacing them. If the specified list + begins with a M-bM-^@M-^X^M-bM-^@M-^Y character, then the specified algorithms will + be placed at the head of the default set. The default for this + option is: + + ssh-ed25519-cert-v01@openssh.com, + ecdsa-sha2-nistp256-cert-v01@openssh.com, + ecdsa-sha2-nistp384-cert-v01@openssh.com, + ecdsa-sha2-nistp521-cert-v01@openssh.com, + sk-ssh-ed25519-cert-v01@openssh.com, + sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, + rsa-sha2-512-cert-v01@openssh.com, + rsa-sha2-256-cert-v01@openssh.com, + ssh-ed25519, + ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, + sk-ssh-ed25519@openssh.com, + sk-ecdsa-sha2-nistp256@openssh.com, + rsa-sha2-512,rsa-sha2-256 + + The list of available signature algorithms may also be obtained + using "ssh -Q PubkeyAcceptedAlgorithms". + + PubkeyAuthentication + Specifies whether to try public key authentication. The argument + to this keyword must be yes (the default), no, unbound or + host-bound. The final two options enable public key + authentication while respectively disabling or enabling the + OpenSSH host-bound authentication protocol extension required for + restricted ssh-agent(1) forwarding. + + RekeyLimit + Specifies the maximum amount of data that may be transmitted or + received before the session key is renegotiated, optionally + followed by a maximum amount of time that may pass before the + session key is renegotiated. The first argument is specified in + bytes and may have a suffix of M-bM-^@M-^XKM-bM-^@M-^Y, M-bM-^@M-^XMM-bM-^@M-^Y, or M-bM-^@M-^XGM-bM-^@M-^Y to indicate + Kilobytes, Megabytes, or Gigabytes, respectively. The default is + between M-bM-^@M-^X1GM-bM-^@M-^Y and M-bM-^@M-^X4GM-bM-^@M-^Y, depending on the cipher. The optional + second value is specified in seconds and may use any of the units + documented in the TIME FORMATS section of sshd_config(5). The + default value for RekeyLimit is default none, which means that + rekeying is performed after the cipher's default amount of data + has been sent or received and no time based rekeying is done. + + RemoteCommand + Specifies a command to execute on the remote machine after + successfully connecting to the server. The command string + extends to the end of the line, and is executed with the user's + shell. Arguments to RemoteCommand accept the tokens described in + the TOKENS section. + + RemoteForward + Specifies that a TCP port on the remote machine be forwarded over + the secure channel. The remote port may either be forwarded to a + specified host and port from the local machine, or may act as a + SOCKS 4/5 proxy that allows a remote client to connect to + arbitrary destinations from the local machine. The first + argument is the listening specification and may be + [bind_address:]port or, if the remote host supports it, a Unix + domain socket path. If forwarding to a specific destination then + the second argument must be host:hostport or a Unix domain socket + path, otherwise if no destination argument is specified then the + remote forwarding will be established as a SOCKS proxy. When + acting as a SOCKS proxy, the destination of the connection can be + restricted by PermitRemoteOpen. + + IPv6 addresses can be specified by enclosing addresses in square + brackets. Multiple forwardings may be specified, and additional + forwardings can be given on the command line. Privileged ports + can be forwarded only when logging in as root on the remote + machine. Unix domain socket paths may use the tokens described + in the TOKENS section and environment variables as described in + the ENVIRONMENT VARIABLES section. + + If the port argument is 0, the listen port will be dynamically + allocated on the server and reported to the client at run time. + + If the bind_address is not specified, the default is to only bind + to loopback addresses. If the bind_address is M-bM-^@M-^X*M-bM-^@M-^Y or an empty + string, then the forwarding is requested to listen on all + interfaces. Specifying a remote bind_address will only succeed + if the server's GatewayPorts option is enabled (see + sshd_config(5)). + + RequestTTY + Specifies whether to request a pseudo-tty for the session. The + argument may be one of: no (never request a TTY), yes (always + request a TTY when standard input is a TTY), force (always + request a TTY) or auto (request a TTY when opening a login + session). This option mirrors the -t and -T flags for ssh(1). + + RequiredRSASize + Specifies the minimum RSA key size (in bits) that ssh(1) will + accept. User authentication keys smaller than this limit will be + ignored. Servers that present host keys smaller than this limit + will cause the connection to be terminated. The default is 1024 + bits. Note that this limit may only be raised from the default. + + RevokedHostKeys + Specifies revoked host public keys. Keys listed in this file + will be refused for host authentication. Note that if this file + does not exist or is not readable, then host authentication will + be refused for all hosts. Keys may be specified as a text file, + listing one public key per line, or as an OpenSSH Key Revocation + List (KRL) as generated by ssh-keygen(1). For more information + on KRLs, see the KEY REVOCATION LISTS section in ssh-keygen(1). + Arguments to RevokedHostKeys may use the tilde syntax to refer to + a user's home directory, the tokens described in the TOKENS + section and environment variables as described in the ENVIRONMENT + VARIABLES section. + + SecurityKeyProvider + Specifies a path to a library that will be used when loading any + FIDO authenticator-hosted keys, overriding the default of using + the built-in USB HID support. + + If the specified value begins with a M-bM-^@M-^X$M-bM-^@M-^Y character, then it will + be treated as an environment variable containing the path to the + library. + + SendEnv + Specifies what variables from the local environ(7) should be sent + to the server. The server must also support it, and the server + must be configured to accept these environment variables. Note + that the TERM environment variable is always sent whenever a + pseudo-terminal is requested as it is required by the protocol. + Refer to AcceptEnv in sshd_config(5) for how to configure the + server. Variables are specified by name, which may contain + wildcard characters. Multiple environment variables may be + separated by whitespace or spread across multiple SendEnv + directives. + + See PATTERNS for more information on patterns. + + It is possible to clear previously set SendEnv variable names by + prefixing patterns with -. The default is not to send any + environment variables. + + ServerAliveCountMax + Sets the number of server alive messages (see below) which may be + sent without ssh(1) receiving any messages back from the server. + If this threshold is reached while server alive messages are + being sent, ssh will disconnect from the server, terminating the + session. It is important to note that the use of server alive + messages is very different from TCPKeepAlive (below). The server + alive messages are sent through the encrypted channel and + therefore will not be spoofable. The TCP keepalive option + enabled by TCPKeepAlive is spoofable. The server alive mechanism + is valuable when the client or server depend on knowing when a + connection has become unresponsive. + + The default value is 3. If, for example, ServerAliveInterval + (see below) is set to 15 and ServerAliveCountMax is left at the + default, if the server becomes unresponsive, ssh will disconnect + after approximately 45 seconds. + + ServerAliveInterval + Sets a timeout interval in seconds after which if no data has + been received from the server, ssh(1) will send a message through + the encrypted channel to request a response from the server. The + default is 0, indicating that these messages will not be sent to + the server. + + SessionType + May be used to either request invocation of a subsystem on the + remote system, or to prevent the execution of a remote command at + all. The latter is useful for just forwarding ports. The + argument to this keyword must be none (same as the -N option), + subsystem (same as the -s option) or default (shell or command + execution). + + SetEnv Directly specify one or more environment variables and their + contents to be sent to the server. Similarly to SendEnv, with + the exception of the TERM variable, the server must be prepared + to accept the environment variable. + + StdinNull + Redirects stdin from /dev/null (actually, prevents reading from + stdin). Either this or the equivalent -n option must be used + when ssh is run in the background. The argument to this keyword + must be yes (same as the -n option) or no (the default). + + StreamLocalBindMask + Sets the octal file creation mode mask (umask) used when creating + a Unix-domain socket file for local or remote port forwarding. + This option is only used for port forwarding to a Unix-domain + socket file. + + The default value is 0177, which creates a Unix-domain socket + file that is readable and writable only by the owner. Note that + not all operating systems honor the file mode on Unix-domain + socket files. + + StreamLocalBindUnlink + Specifies whether to remove an existing Unix-domain socket file + for local or remote port forwarding before creating a new one. + If the socket file already exists and StreamLocalBindUnlink is + not enabled, ssh will be unable to forward the port to the Unix- + domain socket file. This option is only used for port forwarding + to a Unix-domain socket file. + + The argument must be yes or no (the default). + + StrictHostKeyChecking + If this flag is set to yes, ssh(1) will never automatically add + host keys to the ~/.ssh/known_hosts file, and refuses to connect + to hosts whose host key has changed. This provides maximum + protection against man-in-the-middle (MITM) attacks, though it + can be annoying when the /etc/ssh/ssh_known_hosts file is poorly + maintained or when connections to new hosts are frequently made. + This option forces the user to manually add all new hosts. + + If this flag is set to accept-new then ssh will automatically add + new host keys to the user's known_hosts file, but will not permit + connections to hosts with changed host keys. If this flag is set + to no or off, ssh will automatically add new host keys to the + user known hosts files and allow connections to hosts with + changed hostkeys to proceed, subject to some restrictions. If + this flag is set to ask (the default), new host keys will be + added to the user known host files only after the user has + confirmed that is what they really want to do, and ssh will + refuse to connect to hosts whose host key has changed. The host + keys of known hosts will be verified automatically in all cases. + + SyslogFacility + Gives the facility code that is used when logging messages from + ssh(1). The possible values are: DAEMON, USER, AUTH, LOCAL0, + LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The + default is USER. + + TCPKeepAlive + Specifies whether the system should send TCP keepalive messages + to the other side. If they are sent, death of the connection or + crash of one of the machines will be properly noticed. However, + this means that connections will die if the route is down + temporarily, and some people find it annoying. + + The default is yes (to send TCP keepalive messages), and the + client will notice if the network goes down or the remote host + dies. This is important in scripts, and many users want it too. + + To disable TCP keepalive messages, the value should be set to no. + See also ServerAliveInterval for protocol-level keepalives. + + Tag Specify a configuration tag name that may be later used by a + Match directive to select a block of configuration. + + Tunnel Request tun(4) device forwarding between the client and the + server. The argument must be yes, point-to-point (layer 3), + ethernet (layer 2), or no (the default). Specifying yes requests + the default tunnel mode, which is point-to-point. + + TunnelDevice + Specifies the tun(4) devices to open on the client (local_tun) + and the server (remote_tun). + + The argument must be local_tun[:remote_tun]. The devices may be + specified by numerical ID or the keyword any, which uses the next + available tunnel device. If remote_tun is not specified, it + defaults to any. The default is any:any. + + UpdateHostKeys + Specifies whether ssh(1) should accept notifications of + additional hostkeys from the server sent after authentication has + completed and add them to UserKnownHostsFile. The argument must + be yes, no or ask. This option allows learning alternate + hostkeys for a server and supports graceful key rotation by + allowing a server to send replacement public keys before old ones + are removed. + + Additional hostkeys are only accepted if the key used to + authenticate the host was already trusted or explicitly accepted + by the user, the host was authenticated via UserKnownHostsFile + (i.e. not GlobalKnownHostsFile) and the host was authenticated + using a plain key and not a certificate. + + UpdateHostKeys is enabled by default if the user has not + overridden the default UserKnownHostsFile setting and has not + enabled VerifyHostKeyDNS, otherwise UpdateHostKeys will be set to + no. + + If UpdateHostKeys is set to ask, then the user is asked to + confirm the modifications to the known_hosts file. Confirmation + is currently incompatible with ControlPersist, and will be + disabled if it is enabled. + + Presently, only sshd(8) from OpenSSH 6.8 and greater support the + "hostkeys@openssh.com" protocol extension used to inform the + client of all the server's hostkeys. + + User Specifies the user to log in as. This can be useful when a + different user name is used on different machines. This saves + the trouble of having to remember to give the user name on the + command line. + + UserKnownHostsFile + Specifies one or more files to use for the user host key + database, separated by whitespace. Each filename may use tilde + notation to refer to the user's home directory, the tokens + described in the TOKENS section and environment variables as + described in the ENVIRONMENT VARIABLES section. A value of none + causes ssh(1) to ignore any user-specific known hosts files. The + default is ~/.ssh/known_hosts, ~/.ssh/known_hosts2. + + VerifyHostKeyDNS + Specifies whether to verify the remote key using DNS and SSHFP + resource records. If this option is set to yes, the client will + implicitly trust keys that match a secure fingerprint from DNS. + Insecure fingerprints will be handled as if this option was set + to ask. If this option is set to ask, information on fingerprint + match will be displayed, but the user will still need to confirm + new host keys according to the StrictHostKeyChecking option. The + default is no. + + See also VERIFYING HOST KEYS in ssh(1). + + VisualHostKey + If this flag is set to yes, an ASCII art representation of the + remote host key fingerprint is printed in addition to the + fingerprint string at login and for unknown host keys. If this + flag is set to no (the default), no fingerprint strings are + printed at login and only the fingerprint string will be printed + for unknown host keys. + + XAuthLocation + Specifies the full pathname of the xauth(1) program. The default + is /usr/X11R6/bin/xauth. + +PATTERNS + A pattern consists of zero or more non-whitespace characters, M-bM-^@M-^X*M-bM-^@M-^Y (a + wildcard that matches zero or more characters), or M-bM-^@M-^X?M-bM-^@M-^Y (a wildcard that + matches exactly one character). For example, to specify a set of + declarations for any host in the ".co.uk" set of domains, the following + pattern could be used: + + Host *.co.uk + + The following pattern would match any host in the 192.168.0.[0-9] network + range: + + Host 192.168.0.? + + A pattern-list is a comma-separated list of patterns. Patterns within + pattern-lists may be negated by preceding them with an exclamation mark + (M-bM-^@M-^X!M-bM-^@M-^Y). For example, to allow a key to be used from anywhere within an + organization except from the "dialup" pool, the following entry (in + authorized_keys) could be used: + + from="!*.dialup.example.com,*.example.com" + + Note that a negated match will never produce a positive result by itself. + For example, attempting to match "host3" against the following pattern- + list will fail: + + from="!host1,!host2" + + The solution here is to include a term that will yield a positive match, + such as a wildcard: + + from="!host1,!host2,*" + +TOKENS + Arguments to some keywords can make use of tokens, which are expanded at + runtime: + + %% A literal M-bM-^@M-^X%M-bM-^@M-^Y. + %C Hash of %l%h%p%r%j. + %d Local user's home directory. + %f The fingerprint of the server's host key. + %H The known_hosts hostname or address that is being searched + for. + %h The remote hostname. + %I A string describing the reason for a KnownHostsCommand + execution: either ADDRESS when looking up a host by address + (only when CheckHostIP is enabled), HOSTNAME when searching + by hostname, or ORDER when preparing the host key algorithm + preference list to use for the destination host. + %i The local user ID. + %j The contents of the ProxyJump option, or the empty string if + this option is unset. + %K The base64 encoded host key. + %k The host key alias if specified, otherwise the original + remote hostname given on the command line. + %L The local hostname. + %l The local hostname, including the domain name. + %n The original remote hostname, as given on the command line. + %p The remote port. + %r The remote username. + %T The local tun(4) or tap(4) network interface assigned if + tunnel forwarding was requested, or "NONE" otherwise. + %t The type of the server host key, e.g. ssh-ed25519. + %u The local username. + + CertificateFile, ControlPath, IdentityAgent, IdentityFile, + KnownHostsCommand, LocalForward, Match exec, RemoteCommand, + RemoteForward, RevokedHostKeys, and UserKnownHostsFile accept the tokens + %%, %C, %d, %h, %i, %j, %k, %L, %l, %n, %p, %r, and %u. + + KnownHostsCommand additionally accepts the tokens %f, %H, %I, %K and %t. + + Hostname accepts the tokens %% and %h. + + LocalCommand accepts all tokens. + + ProxyCommand and ProxyJump accept the tokens %%, %h, %n, %p, and %r. + + Note that some of these directives build commands for execution via the + shell. Because ssh(1) performs no filtering or escaping of characters + that have special meaning in shell commands (e.g. quotes), it is the + user's responsibility to ensure that the arguments passed to ssh(1) do + not contain such characters and that tokens are appropriately quoted when + used. + +ENVIRONMENT VARIABLES + Arguments to some keywords can be expanded at runtime from environment + variables on the client by enclosing them in ${}, for example + ${HOME}/.ssh would refer to the user's .ssh directory. If a specified + environment variable does not exist then an error will be returned and + the setting for that keyword will be ignored. + + The keywords CertificateFile, ControlPath, IdentityAgent, IdentityFile, + KnownHostsCommand, and UserKnownHostsFile support environment variables. + The keywords LocalForward and RemoteForward support environment variables + only for Unix domain socket paths. + +FILES + ~/.ssh/config + This is the per-user configuration file. The format of this file + is described above. This file is used by the SSH client. + Because of the potential for abuse, this file must have strict + permissions: read/write for the user, and not writable by others. + + /etc/ssh/ssh_config + Systemwide configuration file. This file provides defaults for + those values that are not specified in the user's configuration + file, and for those users who do not have a configuration file. + This file must be world-readable. + +SEE ALSO + ssh(1) + +AUTHORS + OpenSSH is a derivative of the original and free ssh 1.2.12 release by + Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo + de Raadt and Dug Song removed many bugs, re-added newer features and + created OpenSSH. Markus Friedl contributed the support for SSH protocol + versions 1.5 and 2.0. + +OpenBSD 7.5 June 17, 2024 OpenBSD 7.5 diff --git a/sshd.0 b/sshd.0 new file mode 100644 index 000000000..c7de2d311 --- /dev/null +++ b/sshd.0 @@ -0,0 +1,685 @@ +SSHD(8) System Manager's Manual SSHD(8) + +NAME + sshd M-bM-^@M-^S OpenSSH daemon + +SYNOPSIS + sshd [-46DdeGiqTtV] [-C connection_spec] [-c host_certificate_file] + [-E log_file] [-f config_file] [-g login_grace_time] + [-h host_key_file] [-o option] [-p port] [-u len] + +DESCRIPTION + sshd (OpenSSH Daemon) is the daemon program for ssh(1). It provides + secure encrypted communications between two untrusted hosts over an + insecure network. + + sshd listens for connections from clients. It is normally started at + boot from /etc/rc. It forks a new daemon for each incoming connection. + The forked daemons handle key exchange, encryption, authentication, + command execution, and data exchange. + + sshd can be configured using command-line options or a configuration file + (by default sshd_config(5)); command-line options override values + specified in the configuration file. sshd rereads its configuration file + when it receives a hangup signal, SIGHUP, by executing itself with the + name and options it was started with, e.g. /usr/sbin/sshd. + + The options are as follows: + + -4 Forces sshd to use IPv4 addresses only. + + -6 Forces sshd to use IPv6 addresses only. + + -C connection_spec + Specify the connection parameters to use for the -T extended test + mode. If provided, any Match directives in the configuration + file that would apply are applied before the configuration is + written to standard output. The connection parameters are + supplied as keyword=value pairs and may be supplied in any order, + either with multiple -C options or as a comma-separated list. + The keywords are M-bM-^@M-^\addrM-bM-^@M-^], M-bM-^@M-^\userM-bM-^@M-^], M-bM-^@M-^\hostM-bM-^@M-^], M-bM-^@M-^\laddrM-bM-^@M-^], M-bM-^@M-^\lportM-bM-^@M-^], and + M-bM-^@M-^\rdomainM-bM-^@M-^] and correspond to source address, user, resolved source + host name, local address, local port number and routing domain + respectively. + + -c host_certificate_file + Specifies a path to a certificate file to identify sshd during + key exchange. The certificate file must match a host key file + specified using the -h option or the HostKey configuration + directive. + + -D When this option is specified, sshd will not detach and does not + become a daemon. This allows easy monitoring of sshd. + + -d Debug mode. The server sends verbose debug output to standard + error, and does not put itself in the background. The server + also will not fork(2) and will only process one connection. This + option is only intended for debugging for the server. Multiple + -d options increase the debugging level. Maximum is 3. + + -E log_file + Append debug logs to log_file instead of the system log. + + -e Write debug logs to standard error instead of the system log. + + -f config_file + Specifies the name of the configuration file. The default is + /etc/ssh/sshd_config. sshd refuses to start if there is no + configuration file. + + -G Parse and print configuration file. Check the validity of the + configuration file, output the effective configuration to stdout + and then exit. Optionally, Match rules may be applied by + specifying the connection parameters using one or more -C + options. + + -g login_grace_time + Gives the grace time for clients to authenticate themselves + (default 120 seconds). If the client fails to authenticate the + user within this many seconds, the server disconnects and exits. + A value of zero indicates no limit. + + -h host_key_file + Specifies a file from which a host key is read. This option must + be given if sshd is not run as root (as the normal host key files + are normally not readable by anyone but root). The default is + /etc/ssh/ssh_host_ecdsa_key, /etc/ssh/ssh_host_ed25519_key and + /etc/ssh/ssh_host_rsa_key. It is possible to have multiple host + key files for the different host key algorithms. + + -i Specifies that sshd is being run from inetd(8). + + -o option + Can be used to give options in the format used in the + configuration file. This is useful for specifying options for + which there is no separate command-line flag. For full details + of the options, and their values, see sshd_config(5). + + -p port + Specifies the port on which the server listens for connections + (default 22). Multiple port options are permitted. Ports + specified in the configuration file with the Port option are + ignored when a command-line port is specified. Ports specified + using the ListenAddress option override command-line ports. + + -q Quiet mode. Nothing is sent to the system log. Normally the + beginning, authentication, and termination of each connection is + logged. + + -T Extended test mode. Check the validity of the configuration + file, output the effective configuration to stdout and then exit. + Optionally, Match rules may be applied by specifying the + connection parameters using one or more -C options. This is + similar to the -G flag, but it includes the additional testing + performed by the -t flag. + + -t Test mode. Only check the validity of the configuration file and + sanity of the keys. This is useful for updating sshd reliably as + configuration options may change. + + -u len This option is used to specify the size of the field in the utmp + structure that holds the remote host name. If the resolved host + name is longer than len, the dotted decimal value will be used + instead. This allows hosts with very long host names that + overflow this field to still be uniquely identified. Specifying + -u0 indicates that only dotted decimal addresses should be put + into the utmp file. -u0 may also be used to prevent sshd from + making DNS requests unless the authentication mechanism or + configuration requires it. Authentication mechanisms that may + require DNS include HostbasedAuthentication and using a + from="pattern-list" option in a key file. Configuration options + that require DNS include using a USER@HOST pattern in AllowUsers + or DenyUsers. + + -V Display the version number and exit. + +AUTHENTICATION + The OpenSSH SSH daemon supports SSH protocol 2 only. Each host has a + host-specific key, used to identify the host. Whenever a client + connects, the daemon responds with its public host key. The client + compares the host key against its own database to verify that it has not + changed. Forward secrecy is provided through a Diffie-Hellman key + agreement. This key agreement results in a shared session key. The rest + of the session is encrypted using a symmetric cipher. The client selects + the encryption algorithm to use from those offered by the server. + Additionally, session integrity is provided through a cryptographic + message authentication code (MAC). + + Finally, the server and the client enter an authentication dialog. The + client tries to authenticate itself using host-based authentication, + public key authentication, challenge-response authentication, or password + authentication. + + Regardless of the authentication type, the account is checked to ensure + that it is accessible. An account is not accessible if it is locked, + listed in DenyUsers or its group is listed in DenyGroups . The + definition of a locked account is system dependent. Some platforms have + their own account database (eg AIX) and some modify the passwd field ( + M-bM-^@M-^X*LK*M-bM-^@M-^Y on Solaris and UnixWare, M-bM-^@M-^X*M-bM-^@M-^Y on HP-UX, containing M-bM-^@M-^XNologinM-bM-^@M-^Y on + Tru64, a leading M-bM-^@M-^X*LOCKED*M-bM-^@M-^Y on FreeBSD and a leading M-bM-^@M-^X!M-bM-^@M-^Y on most + Linuxes). If there is a requirement to disable password authentication + for the account while allowing still public-key, then the passwd field + should be set to something other than these values (eg M-bM-^@M-^XNPM-bM-^@M-^Y or M-bM-^@M-^X*NP*M-bM-^@M-^Y ). + + If the client successfully authenticates itself, a dialog for preparing + the session is entered. At this time the client may request things like + allocating a pseudo-tty, forwarding X11 connections, forwarding TCP + connections, or forwarding the authentication agent connection over the + secure channel. + + After this, the client either requests an interactive shell or execution + of a non-interactive command, which sshd will execute via the user's + shell using its -c option. The sides then enter session mode. In this + mode, either side may send data at any time, and such data is forwarded + to/from the shell or command on the server side, and the user terminal in + the client side. + + When the user program terminates and all forwarded X11 and other + connections have been closed, the server sends command exit status to the + client, and both sides exit. + +LOGIN PROCESS + When a user successfully logs in, sshd does the following: + + 1. If the login is on a tty, and no command has been specified, + prints last login time and /etc/motd (unless prevented in the + configuration file or by ~/.hushlogin; see the FILES section). + + 2. If the login is on a tty, records login time. + + 3. Checks /etc/nologin; if it exists, prints contents and quits + (unless root). + + 4. Changes to run with normal user privileges. + + 5. Sets up basic environment. + + 6. Reads the file ~/.ssh/environment, if it exists, and users are + allowed to change their environment. See the + PermitUserEnvironment option in sshd_config(5). + + 7. Changes to user's home directory. + + 8. If ~/.ssh/rc exists and the sshd_config(5) PermitUserRC option + is set, runs it; else if /etc/ssh/sshrc exists, runs it; + otherwise runs xauth(1). The M-bM-^@M-^\rcM-bM-^@M-^] files are given the X11 + authentication protocol and cookie in standard input. See + SSHRC, below. + + 9. Runs user's shell or command. All commands are run under the + user's login shell as specified in the system password + database. + +SSHRC + If the file ~/.ssh/rc exists, sh(1) runs it after reading the environment + files but before starting the user's shell or command. It must not + produce any output on stdout; stderr must be used instead. If X11 + forwarding is in use, it will receive the "proto cookie" pair in its + standard input (and DISPLAY in its environment). The script must call + xauth(1) because sshd will not run xauth automatically to add X11 + cookies. + + The primary purpose of this file is to run any initialization routines + which may be needed before the user's home directory becomes accessible; + AFS is a particular example of such an environment. + + This file will probably contain some initialization code followed by + something similar to: + + if read proto cookie && [ -n "$DISPLAY" ]; then + if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then + # X11UseLocalhost=yes + echo add unix:`echo $DISPLAY | + cut -c11-` $proto $cookie + else + # X11UseLocalhost=no + echo add $DISPLAY $proto $cookie + fi | xauth -q - + fi + + If this file does not exist, /etc/ssh/sshrc is run, and if that does not + exist either, xauth is used to add the cookie. + +AUTHORIZED_KEYS FILE FORMAT + AuthorizedKeysFile specifies the files containing public keys for public + key authentication; if this option is not specified, the default is + ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2. Each line of the + file contains one key (empty lines and lines starting with a M-bM-^@M-^X#M-bM-^@M-^Y are + ignored as comments). Public keys consist of the following space- + separated fields: options, keytype, base64-encoded key, comment. The + options field is optional. The supported key types are: + + sk-ecdsa-sha2-nistp256@openssh.com + ecdsa-sha2-nistp256 + ecdsa-sha2-nistp384 + ecdsa-sha2-nistp521 + sk-ssh-ed25519@openssh.com + ssh-ed25519 + ssh-rsa + + The comment field is not used for anything (but may be convenient for the + user to identify the key). + + Note that lines in this file can be several hundred bytes long (because + of the size of the public key encoding) up to a limit of 8 kilobytes, + which permits RSA keys up to 16 kilobits. You don't want to type them + in; instead, copy the id_ecdsa.pub, id_ecdsa_sk.pub, id_ed25519.pub, + id_ed25519_sk.pub, or the id_rsa.pub file and edit it. + + sshd enforces a minimum RSA key modulus size of 1024 bits. + + The options (if present) consist of comma-separated option + specifications. No spaces are permitted, except within double quotes. + The following option specifications are supported (note that option + keywords are case-insensitive): + + agent-forwarding + Enable authentication agent forwarding previously disabled by the + restrict option. + + cert-authority + Specifies that the listed key is a certification authority (CA) + that is trusted to validate signed certificates for user + authentication. + + Certificates may encode access restrictions similar to these key + options. If both certificate restrictions and key options are + present, the most restrictive union of the two is applied. + + command="command" + Specifies that the command is executed whenever this key is used + for authentication. The command supplied by the user (if any) is + ignored. The command is run on a pty if the client requests a + pty; otherwise it is run without a tty. If an 8-bit clean + channel is required, one must not request a pty or should specify + no-pty. A quote may be included in the command by quoting it + with a backslash. + + This option might be useful to restrict certain public keys to + perform just a specific operation. An example might be a key + that permits remote backups but nothing else. Note that the + client may specify TCP and/or X11 forwarding unless they are + explicitly prohibited, e.g. using the restrict key option. + + The command originally supplied by the client is available in the + SSH_ORIGINAL_COMMAND environment variable. Note that this option + applies to shell, command or subsystem execution. Also note that + this command may be superseded by a sshd_config(5) ForceCommand + directive. + + If a command is specified and a forced-command is embedded in a + certificate used for authentication, then the certificate will be + accepted only if the two commands are identical. + + environment="NAME=value" + Specifies that the string is to be added to the environment when + logging in using this key. Environment variables set this way + override other default environment values. Multiple options of + this type are permitted. Environment processing is disabled by + default and is controlled via the PermitUserEnvironment option. + + expiry-time="timespec" + Specifies a time after which the key will not be accepted. The + time may be specified as a YYYYMMDD[Z] date or a + YYYYMMDDHHMM[SS][Z] time. Dates and times will be interpreted in + the system time zone unless suffixed by a Z character, in which + case they will be interpreted in the UTC time zone. + + from="pattern-list" + Specifies that in addition to public key authentication, either + the canonical name of the remote host or its IP address must be + present in the comma-separated list of patterns. See PATTERNS in + ssh_config(5) for more information on patterns. + + In addition to the wildcard matching that may be applied to + hostnames or addresses, a from stanza may match IP addresses + using CIDR address/masklen notation. + + The purpose of this option is to optionally increase security: + public key authentication by itself does not trust the network or + name servers or anything (but the key); however, if somebody + somehow steals the key, the key permits an intruder to log in + from anywhere in the world. This additional option makes using a + stolen key more difficult (name servers and/or routers would have + to be compromised in addition to just the key). + + no-agent-forwarding + Forbids authentication agent forwarding when this key is used for + authentication. + + no-port-forwarding + Forbids TCP forwarding when this key is used for authentication. + Any port forward requests by the client will return an error. + This might be used, e.g. in connection with the command option. + + no-pty Prevents tty allocation (a request to allocate a pty will fail). + + no-user-rc + Disables execution of ~/.ssh/rc. + + no-X11-forwarding + Forbids X11 forwarding when this key is used for authentication. + Any X11 forward requests by the client will return an error. + + permitlisten="[host:]port" + Limit remote port forwarding with the ssh(1) -R option such that + it may only listen on the specified host (optional) and port. + IPv6 addresses can be specified by enclosing the address in + square brackets. Multiple permitlisten options may be applied + separated by commas. Hostnames may include wildcards as + described in the PATTERNS section in ssh_config(5). A port + specification of * matches any port. Note that the setting of + GatewayPorts may further restrict listen addresses. Note that + ssh(1) will send a hostname of M-bM-^@M-^\localhostM-bM-^@M-^] if a listen host was + not specified when the forwarding was requested, and that this + name is treated differently to the explicit localhost addresses + M-bM-^@M-^\127.0.0.1M-bM-^@M-^] and M-bM-^@M-^\::1M-bM-^@M-^]. + + permitopen="host:port" + Limit local port forwarding with the ssh(1) -L option such that + it may only connect to the specified host and port. IPv6 + addresses can be specified by enclosing the address in square + brackets. Multiple permitopen options may be applied separated + by commas. No pattern matching or name lookup is performed on + the specified hostnames, they must be literal host names and/or + addresses. A port specification of * matches any port. + + port-forwarding + Enable port forwarding previously disabled by the restrict + option. + + principals="principals" + On a cert-authority line, specifies allowed principals for + certificate authentication as a comma-separated list. At least + one name from the list must appear in the certificate's list of + principals for the certificate to be accepted. This option is + ignored for keys that are not marked as trusted certificate + signers using the cert-authority option. + + pty Permits tty allocation previously disabled by the restrict + option. + + no-touch-required + Do not require demonstration of user presence for signatures made + using this key. This option only makes sense for the FIDO + authenticator algorithms ecdsa-sk and ed25519-sk. + + verify-required + Require that signatures made using this key attest that they + verified the user, e.g. via a PIN. This option only makes sense + for the FIDO authenticator algorithms ecdsa-sk and ed25519-sk. + + restrict + Enable all restrictions, i.e. disable port, agent and X11 + forwarding, as well as disabling PTY allocation and execution of + ~/.ssh/rc. If any future restriction capabilities are added to + authorized_keys files, they will be included in this set. + + tunnel="n" + Force a tun(4) device on the server. Without this option, the + next available device will be used if the client requests a + tunnel. + + user-rc + Enables execution of ~/.ssh/rc previously disabled by the + restrict option. + + X11-forwarding + Permits X11 forwarding previously disabled by the restrict + option. + + An example authorized_keys file: + + # Comments are allowed at start of line. Blank lines are allowed. + # Plain key, no restrictions + ssh-rsa ... + # Forced command, disable PTY and all forwarding + restrict,command="dump /home" ssh-rsa ... + # Restriction of ssh -L forwarding destinations + permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-rsa ... + # Restriction of ssh -R forwarding listeners + permitlisten="localhost:8080",permitlisten="[::1]:22000" ssh-rsa ... + # Configuration for tunnel forwarding + tunnel="0",command="sh /etc/netstart tun0" ssh-rsa ... + # Override of restriction to allow PTY allocation + restrict,pty,command="nethack" ssh-rsa ... + # Allow FIDO key without requiring touch + no-touch-required sk-ecdsa-sha2-nistp256@openssh.com ... + # Require user-verification (e.g. PIN or biometric) for FIDO key + verify-required sk-ecdsa-sha2-nistp256@openssh.com ... + # Trust CA key, allow touch-less FIDO if requested in certificate + cert-authority,no-touch-required,principals="user_a" ssh-rsa ... + +SSH_KNOWN_HOSTS FILE FORMAT + The /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts files contain host + public keys for all known hosts. The global file should be prepared by + the administrator (optional), and the per-user file is maintained + automatically: whenever the user connects to an unknown host, its key is + added to the per-user file. + + Each line in these files contains the following fields: marker + (optional), hostnames, keytype, base64-encoded key, comment. The fields + are separated by spaces. + + The marker is optional, but if it is present then it must be one of + M-bM-^@M-^\@cert-authorityM-bM-^@M-^], to indicate that the line contains a certification + authority (CA) key, or M-bM-^@M-^\@revokedM-bM-^@M-^], to indicate that the key contained on + the line is revoked and must not ever be accepted. Only one marker + should be used on a key line. + + Hostnames is a comma-separated list of patterns (M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^X?M-bM-^@M-^Y act as + wildcards); each pattern in turn is matched against the host name. When + sshd is authenticating a client, such as when using + HostbasedAuthentication, this will be the canonical client host name. + When ssh(1) is authenticating a server, this will be the host name given + by the user, the value of the ssh(1) HostkeyAlias if it was specified, or + the canonical server hostname if the ssh(1) CanonicalizeHostname option + was used. + + A pattern may also be preceded by M-bM-^@M-^X!M-bM-^@M-^Y to indicate negation: if the host + name matches a negated pattern, it is not accepted (by that line) even if + it matched another pattern on the line. A hostname or address may + optionally be enclosed within M-bM-^@M-^X[M-bM-^@M-^Y and M-bM-^@M-^X]M-bM-^@M-^Y brackets then followed by M-bM-^@M-^X:M-bM-^@M-^Y + and a non-standard port number. + + Alternately, hostnames may be stored in a hashed form which hides host + names and addresses should the file's contents be disclosed. Hashed + hostnames start with a M-bM-^@M-^X|M-bM-^@M-^Y character. Only one hashed hostname may + appear on a single line and none of the above negation or wildcard + operators may be applied. + + The keytype and base64-encoded key are taken directly from the host key; + they can be obtained, for example, from /etc/ssh/ssh_host_rsa_key.pub. + The optional comment field continues to the end of the line, and is not + used. + + Lines starting with M-bM-^@M-^X#M-bM-^@M-^Y and empty lines are ignored as comments. + + When performing host authentication, authentication is accepted if any + matching line has the proper key; either one that matches exactly or, if + the server has presented a certificate for authentication, the key of the + certification authority that signed the certificate. For a key to be + trusted as a certification authority, it must use the M-bM-^@M-^\@cert-authorityM-bM-^@M-^] + marker described above. + + The known hosts file also provides a facility to mark keys as revoked, + for example when it is known that the associated private key has been + stolen. Revoked keys are specified by including the M-bM-^@M-^\@revokedM-bM-^@M-^] marker at + the beginning of the key line, and are never accepted for authentication + or as certification authorities, but instead will produce a warning from + ssh(1) when they are encountered. + + It is permissible (but not recommended) to have several lines or + different host keys for the same names. This will inevitably happen when + short forms of host names from different domains are put in the file. It + is possible that the files contain conflicting information; + authentication is accepted if valid information can be found from either + file. + + Note that the lines in these files are typically hundreds of characters + long, and you definitely don't want to type in the host keys by hand. + Rather, generate them by a script, ssh-keyscan(1) or by taking, for + example, /etc/ssh/ssh_host_rsa_key.pub and adding the host names at the + front. ssh-keygen(1) also offers some basic automated editing for + ~/.ssh/known_hosts including removing hosts matching a host name and + converting all host names to their hashed representations. + + An example ssh_known_hosts file: + + # Comments allowed at start of line + cvs.example.net,192.0.2.10 ssh-rsa AAAA1234.....= + # A hashed hostname + |1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa + AAAA1234.....= + # A revoked key + @revoked * ssh-rsa AAAAB5W... + # A CA key, accepted for any host in *.mydomain.com or *.mydomain.org + @cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W... + +FILES + ~/.hushlogin + This file is used to suppress printing the last login time and + /etc/motd, if PrintLastLog and PrintMotd, respectively, are + enabled. It does not suppress printing of the banner specified + by Banner. + + ~/.rhosts + This file is used for host-based authentication (see ssh(1) for + more information). On some machines this file may need to be + world-readable if the user's home directory is on an NFS + partition, because sshd reads it as root. Additionally, this + file must be owned by the user, and must not have write + permissions for anyone else. The recommended permission for most + machines is read/write for the user, and not accessible by + others. + + ~/.shosts + This file is used in exactly the same way as .rhosts, but allows + host-based authentication without permitting login with + rlogin/rsh. + + ~/.ssh/ + This directory is the default location for all user-specific + configuration and authentication information. There is no + general requirement to keep the entire contents of this directory + secret, but the recommended permissions are read/write/execute + for the user, and not accessible by others. + + ~/.ssh/authorized_keys + Lists the public keys (ECDSA, Ed25519, RSA) that can be used for + logging in as this user. The format of this file is described + above. The content of the file is not highly sensitive, but the + recommended permissions are read/write for the user, and not + accessible by others. + + If this file, the ~/.ssh directory, or the user's home directory + are writable by other users, then the file could be modified or + replaced by unauthorized users. In this case, sshd will not + allow it to be used unless the StrictModes option has been set to + M-bM-^@M-^\noM-bM-^@M-^]. + + ~/.ssh/environment + This file is read into the environment at login (if it exists). + It can only contain empty lines, comment lines (that start with + M-bM-^@M-^X#M-bM-^@M-^Y), and assignment lines of the form name=value. The file + should be writable only by the user; it need not be readable by + anyone else. Environment processing is disabled by default and + is controlled via the PermitUserEnvironment option. + + ~/.ssh/known_hosts + Contains a list of host keys for all hosts the user has logged + into that are not already in the systemwide list of known host + keys. The format of this file is described above. This file + should be writable only by root/the owner and can, but need not + be, world-readable. + + ~/.ssh/rc + Contains initialization routines to be run before the user's home + directory becomes accessible. This file should be writable only + by the user, and need not be readable by anyone else. + + /etc/hosts.equiv + This file is for host-based authentication (see ssh(1)). It + should only be writable by root. + + /etc/moduli + Contains Diffie-Hellman groups used for the "Diffie-Hellman Group + Exchange" key exchange method. The file format is described in + moduli(5). If no usable groups are found in this file then fixed + internal groups will be used. + + /etc/motd + See motd(5). + + /etc/nologin + If this file exists, sshd refuses to let anyone except root log + in. The contents of the file are displayed to anyone trying to + log in, and non-root connections are refused. The file should be + world-readable. + + /etc/shosts.equiv + This file is used in exactly the same way as hosts.equiv, but + allows host-based authentication without permitting login with + rlogin/rsh. + + /etc/ssh/ssh_host_ecdsa_key + /etc/ssh/ssh_host_ed25519_key + /etc/ssh/ssh_host_rsa_key + These files contain the private parts of the host keys. These + files should only be owned by root, readable only by root, and + not accessible to others. Note that sshd does not start if these + files are group/world-accessible. + + /etc/ssh/ssh_host_ecdsa_key.pub + /etc/ssh/ssh_host_ed25519_key.pub + /etc/ssh/ssh_host_rsa_key.pub + These files contain the public parts of the host keys. These + files should be world-readable but writable only by root. Their + contents should match the respective private parts. These files + are not really used for anything; they are provided for the + convenience of the user so their contents can be copied to known + hosts files. These files are created using ssh-keygen(1). + + /etc/ssh/ssh_known_hosts + Systemwide list of known host keys. This file should be prepared + by the system administrator to contain the public host keys of + all machines in the organization. The format of this file is + described above. This file should be writable only by root/the + owner and should be world-readable. + + /etc/ssh/sshd_config + Contains configuration data for sshd. The file format and + configuration options are described in sshd_config(5). + + /etc/ssh/sshrc + Similar to ~/.ssh/rc, it can be used to specify machine-specific + login-time initializations globally. This file should be + writable only by root, and should be world-readable. + + /var/empty + chroot(2) directory used by sshd during privilege separation in + the pre-authentication phase. The directory should not contain + any files and must be owned by root and not group or world- + writable. + + /var/run/sshd.pid + Contains the process ID of the sshd listening for connections (if + there are several daemons running concurrently for different + ports, this contains the process ID of the one started last). + The content of this file is not sensitive; it can be world- + readable. + +SEE ALSO + scp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), + ssh-keyscan(1), chroot(2), login.conf(5), moduli(5), sshd_config(5), + inetd(8), sftp-server(8) + +AUTHORS + OpenSSH is a derivative of the original and free ssh 1.2.12 release by + Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo + de Raadt and Dug Song removed many bugs, re-added newer features and + created OpenSSH. Markus Friedl contributed the support for SSH protocol + versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support + for privilege separation. + +OpenBSD 7.5 June 17, 2024 OpenBSD 7.5 diff --git a/sshd_config.0 b/sshd_config.0 new file mode 100644 index 000000000..6883dda4b --- /dev/null +++ b/sshd_config.0 @@ -0,0 +1,1393 @@ +SSHD_CONFIG(5) File Formats Manual SSHD_CONFIG(5) + +NAME + sshd_config M-bM-^@M-^S OpenSSH daemon configuration file + +DESCRIPTION + sshd(8) reads configuration data from /etc/ssh/sshd_config (or the file + specified with -f on the command line). The file contains keyword- + argument pairs, one per line. Unless noted otherwise, for each keyword, + the first obtained value will be used. Lines starting with M-bM-^@M-^X#M-bM-^@M-^Y and empty + lines are interpreted as comments. Arguments may optionally be enclosed + in double quotes (") in order to represent arguments containing spaces. + + The possible keywords and their meanings are as follows (note that + keywords are case-insensitive and arguments are case-sensitive): + + AcceptEnv + Specifies what environment variables sent by the client will be + copied into the session's environ(7). See SendEnv and SetEnv in + ssh_config(5) for how to configure the client. The TERM + environment variable is always accepted whenever the client + requests a pseudo-terminal as it is required by the protocol. + Variables are specified by name, which may contain the wildcard + characters M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^X?M-bM-^@M-^Y. Multiple environment variables may be + separated by whitespace or spread across multiple AcceptEnv + directives. Be warned that some environment variables could be + used to bypass restricted user environments. For this reason, + care should be taken in the use of this directive. The default + is not to accept any environment variables. + + AddressFamily + Specifies which address family should be used by sshd(8). Valid + arguments are any (the default), inet (use IPv4 only), or inet6 + (use IPv6 only). + + AllowAgentForwarding + Specifies whether ssh-agent(1) forwarding is permitted. The + default is yes. Note that disabling agent forwarding does not + improve security unless users are also denied shell access, as + they can always install their own forwarders. + + AllowGroups + This keyword can be followed by a list of group name patterns, + separated by spaces. If specified, login is allowed only for + users whose primary group or supplementary group list matches one + of the patterns. Only group names are valid; a numerical group + ID is not recognized. By default, login is allowed for all + groups. The allow/deny groups directives are processed in the + following order: DenyGroups, AllowGroups. + + See PATTERNS in ssh_config(5) for more information on patterns. + This keyword may appear multiple times in sshd_config with each + instance appending to the list. + + AllowStreamLocalForwarding + Specifies whether StreamLocal (Unix-domain socket) forwarding is + permitted. The available options are yes (the default) or all to + allow StreamLocal forwarding, no to prevent all StreamLocal + forwarding, local to allow local (from the perspective of ssh(1)) + forwarding only or remote to allow remote forwarding only. Note + that disabling StreamLocal forwarding does not improve security + unless users are also denied shell access, as they can always + install their own forwarders. + + AllowTcpForwarding + Specifies whether TCP forwarding is permitted. The available + options are yes (the default) or all to allow TCP forwarding, no + to prevent all TCP forwarding, local to allow local (from the + perspective of ssh(1)) forwarding only or remote to allow remote + forwarding only. Note that disabling TCP forwarding does not + improve security unless users are also denied shell access, as + they can always install their own forwarders. + + AllowUsers + This keyword can be followed by a list of user name patterns, + separated by spaces. If specified, login is allowed only for + user names that match one of the patterns. Only user names are + valid; a numerical user ID is not recognized. By default, login + is allowed for all users. If the pattern takes the form + USER@HOST then USER and HOST are separately checked, restricting + logins to particular users from particular hosts. HOST criteria + may additionally contain addresses to match in CIDR + address/masklen format. The allow/deny users directives are + processed in the following order: DenyUsers, AllowUsers. + + See PATTERNS in ssh_config(5) for more information on patterns. + This keyword may appear multiple times in sshd_config with each + instance appending to the list. + + AuthenticationMethods + Specifies the authentication methods that must be successfully + completed for a user to be granted access. This option must be + followed by one or more lists of comma-separated authentication + method names, or by the single string any to indicate the default + behaviour of accepting any single authentication method. If the + default is overridden, then successful authentication requires + completion of every method in at least one of these lists. + + For example, "publickey,password publickey,keyboard-interactive" + would require the user to complete public key authentication, + followed by either password or keyboard interactive + authentication. Only methods that are next in one or more lists + are offered at each stage, so for this example it would not be + possible to attempt password or keyboard-interactive + authentication before public key. + + For keyboard interactive authentication it is also possible to + restrict authentication to a specific device by appending a colon + followed by the device identifier bsdauth or pam. depending on + the server configuration. For example, + "keyboard-interactive:bsdauth" would restrict keyboard + interactive authentication to the bsdauth device. + + If the publickey method is listed more than once, sshd(8) + verifies that keys that have been used successfully are not + reused for subsequent authentications. For example, + "publickey,publickey" requires successful authentication using + two different public keys. + + Note that each authentication method listed should also be + explicitly enabled in the configuration. + + The available authentication methods are: "gssapi-with-mic", + "hostbased", "keyboard-interactive", "none" (used for access to + password-less accounts when PermitEmptyPasswords is enabled), + "password" and "publickey". + + AuthorizedKeysCommand + Specifies a program to be used to look up the user's public keys. + The program must be owned by root, not writable by group or + others and specified by an absolute path. Arguments to + AuthorizedKeysCommand accept the tokens described in the TOKENS + section. If no arguments are specified then the username of the + target user is used. + + The program should produce on standard output zero or more lines + of authorized_keys output (see AUTHORIZED_KEYS in sshd(8)). + AuthorizedKeysCommand is tried after the usual AuthorizedKeysFile + files and will not be executed if a matching key is found there. + By default, no AuthorizedKeysCommand is run. + + AuthorizedKeysCommandUser + Specifies the user under whose account the AuthorizedKeysCommand + is run. It is recommended to use a dedicated user that has no + other role on the host than running authorized keys commands. If + AuthorizedKeysCommand is specified but AuthorizedKeysCommandUser + is not, then sshd(8) will refuse to start. + + AuthorizedKeysFile + Specifies the file that contains the public keys used for user + authentication. The format is described in the AUTHORIZED_KEYS + FILE FORMAT section of sshd(8). Arguments to AuthorizedKeysFile + accept the tokens described in the TOKENS section. After + expansion, AuthorizedKeysFile is taken to be an absolute path or + one relative to the user's home directory. Multiple files may be + listed, separated by whitespace. Alternately this option may be + set to none to skip checking for user keys in files. The default + is ".ssh/authorized_keys .ssh/authorized_keys2". + + AuthorizedPrincipalsCommand + Specifies a program to be used to generate the list of allowed + certificate principals as per AuthorizedPrincipalsFile. The + program must be owned by root, not writable by group or others + and specified by an absolute path. Arguments to + AuthorizedPrincipalsCommand accept the tokens described in the + TOKENS section. If no arguments are specified then the username + of the target user is used. + + The program should produce on standard output zero or more lines + of AuthorizedPrincipalsFile output. If either + AuthorizedPrincipalsCommand or AuthorizedPrincipalsFile is + specified, then certificates offered by the client for + authentication must contain a principal that is listed. By + default, no AuthorizedPrincipalsCommand is run. + + AuthorizedPrincipalsCommandUser + Specifies the user under whose account the + AuthorizedPrincipalsCommand is run. It is recommended to use a + dedicated user that has no other role on the host than running + authorized principals commands. If AuthorizedPrincipalsCommand + is specified but AuthorizedPrincipalsCommandUser is not, then + sshd(8) will refuse to start. + + AuthorizedPrincipalsFile + Specifies a file that lists principal names that are accepted for + certificate authentication. When using certificates signed by a + key listed in TrustedUserCAKeys, this file lists names, one of + which must appear in the certificate for it to be accepted for + authentication. Names are listed one per line preceded by key + options (as described in AUTHORIZED_KEYS FILE FORMAT in sshd(8)). + Empty lines and comments starting with M-bM-^@M-^X#M-bM-^@M-^Y are ignored. + + Arguments to AuthorizedPrincipalsFile accept the tokens described + in the TOKENS section. After expansion, AuthorizedPrincipalsFile + is taken to be an absolute path or one relative to the user's + home directory. The default is none, i.e. not to use a + principals file M-bM-^@M-^S in this case, the username of the user must + appear in a certificate's principals list for it to be accepted. + + Note that AuthorizedPrincipalsFile is only used when + authentication proceeds using a CA listed in TrustedUserCAKeys + and is not consulted for certification authorities trusted via + ~/.ssh/authorized_keys, though the principals= key option offers + a similar facility (see sshd(8) for details). + + Banner The contents of the specified file are sent to the remote user + before authentication is allowed. If the argument is none then + no banner is displayed. By default, no banner is displayed. + + CASignatureAlgorithms + Specifies which algorithms are allowed for signing of + certificates by certificate authorities (CAs). The default is: + + ssh-ed25519,ecdsa-sha2-nistp256, + ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, + sk-ssh-ed25519@openssh.com, + sk-ecdsa-sha2-nistp256@openssh.com, + rsa-sha2-512,rsa-sha2-256 + + If the specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the + specified algorithms will be appended to the default set instead + of replacing them. If the specified list begins with a M-bM-^@M-^X-M-bM-^@M-^Y + character, then the specified algorithms (including wildcards) + will be removed from the default set instead of replacing them. + + Certificates signed using other algorithms will not be accepted + for public key or host-based authentication. + + ChannelTimeout + Specifies whether and how quickly sshd(8) should close inactive + channels. Timeouts are specified as one or more M-bM-^@M-^\type=intervalM-bM-^@M-^] + pairs separated by whitespace, where the M-bM-^@M-^\typeM-bM-^@M-^] must be the + special keyword M-bM-^@M-^\globalM-bM-^@M-^] or a channel type name from the list + below, optionally containing wildcard characters. + + The timeout value M-bM-^@M-^\intervalM-bM-^@M-^] is specified in seconds or may use + any of the units documented in the TIME FORMATS section. For + example, M-bM-^@M-^\session=5mM-bM-^@M-^] would cause interactive sessions to + terminate after five minutes of inactivity. Specifying a zero + value disables the inactivity timeout. + + The special timeout M-bM-^@M-^\globalM-bM-^@M-^] applies to all active channels, + taken together. Traffic on any active channel will reset the + timeout, but when the timeout expires then all open channels will + be closed. Note that this global timeout is not matched by + wildcards and must be specified explicitly. + + The available channel type names include: + + agent-connection + Open connections to ssh-agent(1). + + direct-tcpip, direct-streamlocal@openssh.com + Open TCP or Unix socket (respectively) connections that + have been established from a ssh(1) local forwarding, + i.e. LocalForward or DynamicForward. + + forwarded-tcpip, forwarded-streamlocal@openssh.com + Open TCP or Unix socket (respectively) connections that + have been established to a sshd(8) listening on behalf of + a ssh(1) remote forwarding, i.e. RemoteForward. + + session + The interactive main session, including shell session, + command execution, scp(1), sftp(1), etc. + + tun-connection + Open TunnelForward connections. + + x11-connection + Open X11 forwarding sessions. + + Note that in all the above cases, terminating an inactive session + does not guarantee to remove all resources associated with the + session, e.g. shell processes or X11 clients relating to the + session may continue to execute. + + Moreover, terminating an inactive channel or session does not + necessarily close the SSH connection, nor does it prevent a + client from requesting another channel of the same type. In + particular, expiring an inactive forwarding session does not + prevent another identical forwarding from being subsequently + created. + + The default is not to expire channels of any type for inactivity. + + ChrootDirectory + Specifies the pathname of a directory to chroot(2) to after + authentication. At session startup sshd(8) checks that all + components of the pathname are root-owned directories which are + not writable by group or others. After the chroot, sshd(8) + changes the working directory to the user's home directory. + Arguments to ChrootDirectory accept the tokens described in the + TOKENS section. + + The ChrootDirectory must contain the necessary files and + directories to support the user's session. For an interactive + session this requires at least a shell, typically sh(1), and + basic /dev nodes such as null(4), zero(4), stdin(4), stdout(4), + stderr(4), and tty(4) devices. For file transfer sessions using + SFTP no additional configuration of the environment is necessary + if the in-process sftp-server is used, though sessions which use + logging may require /dev/log inside the chroot directory on some + operating systems (see sftp-server(8) for details). + + For safety, it is very important that the directory hierarchy be + prevented from modification by other processes on the system + (especially those outside the jail). Misconfiguration can lead + to unsafe environments which sshd(8) cannot detect. + + The default is none, indicating not to chroot(2). + + Ciphers + Specifies the ciphers allowed. Multiple ciphers must be comma- + separated. If the specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, + then the specified ciphers will be appended to the default set + instead of replacing them. If the specified list begins with a + M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified ciphers (including wildcards) + will be removed from the default set instead of replacing them. + If the specified list begins with a M-bM-^@M-^X^M-bM-^@M-^Y character, then the + specified ciphers will be placed at the head of the default set. + + The supported ciphers are: + + 3des-cbc + aes128-cbc + aes192-cbc + aes256-cbc + aes128-ctr + aes192-ctr + aes256-ctr + aes128-gcm@openssh.com + aes256-gcm@openssh.com + chacha20-poly1305@openssh.com + + The default is: + + chacha20-poly1305@openssh.com, + aes128-ctr,aes192-ctr,aes256-ctr, + aes128-gcm@openssh.com,aes256-gcm@openssh.com + + The list of available ciphers may also be obtained using "ssh -Q + cipher". + + ClientAliveCountMax + Sets the number of client alive messages which may be sent + without sshd(8) receiving any messages back from the client. If + this threshold is reached while client alive messages are being + sent, sshd will disconnect the client, terminating the session. + It is important to note that the use of client alive messages is + very different from TCPKeepAlive. The client alive messages are + sent through the encrypted channel and therefore will not be + spoofable. The TCP keepalive option enabled by TCPKeepAlive is + spoofable. The client alive mechanism is valuable when the + client or server depend on knowing when a connection has become + unresponsive. + + The default value is 3. If ClientAliveInterval is set to 15, and + ClientAliveCountMax is left at the default, unresponsive SSH + clients will be disconnected after approximately 45 seconds. + Setting a zero ClientAliveCountMax disables connection + termination. + + ClientAliveInterval + Sets a timeout interval in seconds after which if no data has + been received from the client, sshd(8) will send a message + through the encrypted channel to request a response from the + client. The default is 0, indicating that these messages will + not be sent to the client. + + Compression + Specifies whether compression is enabled after the user has + authenticated successfully. The argument must be yes, delayed (a + legacy synonym for yes) or no. The default is yes. + + DenyGroups + This keyword can be followed by a list of group name patterns, + separated by spaces. Login is disallowed for users whose primary + group or supplementary group list matches one of the patterns. + Only group names are valid; a numerical group ID is not + recognized. By default, login is allowed for all groups. The + allow/deny groups directives are processed in the following + order: DenyGroups, AllowGroups. + + See PATTERNS in ssh_config(5) for more information on patterns. + This keyword may appear multiple times in sshd_config with each + instance appending to the list. + + DenyUsers + This keyword can be followed by a list of user name patterns, + separated by spaces. Login is disallowed for user names that + match one of the patterns. Only user names are valid; a + numerical user ID is not recognized. By default, login is + allowed for all users. If the pattern takes the form USER@HOST + then USER and HOST are separately checked, restricting logins to + particular users from particular hosts. HOST criteria may + additionally contain addresses to match in CIDR address/masklen + format. The allow/deny users directives are processed in the + following order: DenyUsers, AllowUsers. + + See PATTERNS in ssh_config(5) for more information on patterns. + This keyword may appear multiple times in sshd_config with each + instance appending to the list. + + DisableForwarding + Disables all forwarding features, including X11, ssh-agent(1), + TCP and StreamLocal. This option overrides all other forwarding- + related options and may simplify restricted configurations. + + ExposeAuthInfo + Writes a temporary file containing a list of authentication + methods and public credentials (e.g. keys) used to authenticate + the user. The location of the file is exposed to the user + session through the SSH_USER_AUTH environment variable. The + default is no. + + FingerprintHash + Specifies the hash algorithm used when logging key fingerprints. + Valid options are: md5 and sha256. The default is sha256. + + ForceCommand + Forces the execution of the command specified by ForceCommand, + ignoring any command supplied by the client and ~/.ssh/rc if + present. The command is invoked by using the user's login shell + with the -c option. This applies to shell, command, or subsystem + execution. It is most useful inside a Match block. The command + originally supplied by the client is available in the + SSH_ORIGINAL_COMMAND environment variable. Specifying a command + of internal-sftp will force the use of an in-process SFTP server + that requires no support files when used with ChrootDirectory. + The default is none. + + GatewayPorts + Specifies whether remote hosts are allowed to connect to ports + forwarded for the client. By default, sshd(8) binds remote port + forwardings to the loopback address. This prevents other remote + hosts from connecting to forwarded ports. GatewayPorts can be + used to specify that sshd should allow remote port forwardings to + bind to non-loopback addresses, thus allowing other hosts to + connect. The argument may be no to force remote port forwardings + to be available to the local host only, yes to force remote port + forwardings to bind to the wildcard address, or clientspecified + to allow the client to select the address to which the forwarding + is bound. The default is no. + + GSSAPIAuthentication + Specifies whether user authentication based on GSSAPI is allowed. + The default is no. + + GSSAPICleanupCredentials + Specifies whether to automatically destroy the user's credentials + cache on logout. The default is yes. + + GSSAPIStrictAcceptorCheck + Determines whether to be strict about the identity of the GSSAPI + acceptor a client authenticates against. If set to yes then the + client must authenticate against the host service on the current + hostname. If set to no then the client may authenticate against + any service key stored in the machine's default store. This + facility is provided to assist with operation on multi homed + machines. The default is yes. + + HostbasedAcceptedAlgorithms + Specifies the signature algorithms that will be accepted for + hostbased authentication as a list of comma-separated patterns. + Alternately if the specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, + then the specified signature algorithms will be appended to the + default set instead of replacing them. If the specified list + begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified signature + algorithms (including wildcards) will be removed from the default + set instead of replacing them. If the specified list begins with + a M-bM-^@M-^X^M-bM-^@M-^Y character, then the specified signature algorithms will be + placed at the head of the default set. The default for this + option is: + + ssh-ed25519-cert-v01@openssh.com, + ecdsa-sha2-nistp256-cert-v01@openssh.com, + ecdsa-sha2-nistp384-cert-v01@openssh.com, + ecdsa-sha2-nistp521-cert-v01@openssh.com, + sk-ssh-ed25519-cert-v01@openssh.com, + sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, + rsa-sha2-512-cert-v01@openssh.com, + rsa-sha2-256-cert-v01@openssh.com, + ssh-ed25519, + ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, + sk-ssh-ed25519@openssh.com, + sk-ecdsa-sha2-nistp256@openssh.com, + rsa-sha2-512,rsa-sha2-256 + + The list of available signature algorithms may also be obtained + using "ssh -Q HostbasedAcceptedAlgorithms". This was formerly + named HostbasedAcceptedKeyTypes. + + HostbasedAuthentication + Specifies whether rhosts or /etc/hosts.equiv authentication + together with successful public key client host authentication is + allowed (host-based authentication). The default is no. + + HostbasedUsesNameFromPacketOnly + Specifies whether or not the server will attempt to perform a + reverse name lookup when matching the name in the ~/.shosts, + ~/.rhosts, and /etc/hosts.equiv files during + HostbasedAuthentication. A setting of yes means that sshd(8) + uses the name supplied by the client rather than attempting to + resolve the name from the TCP connection itself. The default is + no. + + HostCertificate + Specifies a file containing a public host certificate. The + certificate's public key must match a private host key already + specified by HostKey. The default behaviour of sshd(8) is not to + load any certificates. + + HostKey + Specifies a file containing a private host key used by SSH. The + defaults are /etc/ssh/ssh_host_ecdsa_key, + /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key. + + Note that sshd(8) will refuse to use a file if it is group/world- + accessible and that the HostKeyAlgorithms option restricts which + of the keys are actually used by sshd(8). + + It is possible to have multiple host key files. It is also + possible to specify public host key files instead. In this case + operations on the private key will be delegated to an + ssh-agent(1). + + HostKeyAgent + Identifies the UNIX-domain socket used to communicate with an + agent that has access to the private host keys. If the string + "SSH_AUTH_SOCK" is specified, the location of the socket will be + read from the SSH_AUTH_SOCK environment variable. + + HostKeyAlgorithms + Specifies the host key signature algorithms that the server + offers. The default for this option is: + + ssh-ed25519-cert-v01@openssh.com, + ecdsa-sha2-nistp256-cert-v01@openssh.com, + ecdsa-sha2-nistp384-cert-v01@openssh.com, + ecdsa-sha2-nistp521-cert-v01@openssh.com, + sk-ssh-ed25519-cert-v01@openssh.com, + sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, + rsa-sha2-512-cert-v01@openssh.com, + rsa-sha2-256-cert-v01@openssh.com, + ssh-ed25519, + ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, + sk-ssh-ed25519@openssh.com, + sk-ecdsa-sha2-nistp256@openssh.com, + rsa-sha2-512,rsa-sha2-256 + + The list of available signature algorithms may also be obtained + using "ssh -Q HostKeyAlgorithms". + + IgnoreRhosts + Specifies whether to ignore per-user .rhosts and .shosts files + during HostbasedAuthentication. The system-wide /etc/hosts.equiv + and /etc/shosts.equiv are still used regardless of this setting. + + Accepted values are yes (the default) to ignore all per-user + files, shosts-only to allow the use of .shosts but to ignore + .rhosts or no to allow both .shosts and rhosts. + + IgnoreUserKnownHosts + Specifies whether sshd(8) should ignore the user's + ~/.ssh/known_hosts during HostbasedAuthentication and use only + the system-wide known hosts file /etc/ssh/ssh_known_hosts. The + default is M-bM-^@M-^\noM-bM-^@M-^]. + + Include + Include the specified configuration file(s). Multiple pathnames + may be specified and each pathname may contain glob(7) wildcards + that will be expanded and processed in lexical order. Files + without absolute paths are assumed to be in /etc/ssh. An Include + directive may appear inside a Match block to perform conditional + inclusion. + + IPQoS Specifies the IPv4 type-of-service or DSCP class for the + connection. Accepted values are af11, af12, af13, af21, af22, + af23, af31, af32, af33, af41, af42, af43, cs0, cs1, cs2, cs3, + cs4, cs5, cs6, cs7, ef, le, lowdelay, throughput, reliability, a + numeric value, or none to use the operating system default. This + option may take one or two arguments, separated by whitespace. + If one argument is specified, it is used as the packet class + unconditionally. If two values are specified, the first is + automatically selected for interactive sessions and the second + for non-interactive sessions. The default is af21 (Low-Latency + Data) for interactive sessions and cs1 (Lower Effort) for non- + interactive sessions. + + KbdInteractiveAuthentication + Specifies whether to allow keyboard-interactive authentication. + All authentication styles from login.conf(5) are supported. The + default is yes. The argument to this keyword must be yes or no. + ChallengeResponseAuthentication is a deprecated alias for this. + + KerberosAuthentication + Specifies whether the password provided by the user for + PasswordAuthentication will be validated through the Kerberos + KDC. To use this option, the server needs a Kerberos servtab + which allows the verification of the KDC's identity. The default + is no. + + KerberosGetAFSToken + If AFS is active and the user has a Kerberos 5 TGT, attempt to + acquire an AFS token before accessing the user's home directory. + The default is no. + + KerberosOrLocalPasswd + If password authentication through Kerberos fails then the + password will be validated via any additional local mechanism + such as /etc/passwd. The default is yes. + + KerberosTicketCleanup + Specifies whether to automatically destroy the user's ticket + cache file on logout. The default is yes. + + KexAlgorithms + Specifies the permitted KEX (Key Exchange) algorithms that the + server will offer to clients. The ordering of this list is not + important, as the client specifies the preference order. + Multiple algorithms must be comma-separated. + + If the specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the + specified algorithms will be appended to the default set instead + of replacing them. If the specified list begins with a M-bM-^@M-^X-M-bM-^@M-^Y + character, then the specified algorithms (including wildcards) + will be removed from the default set instead of replacing them. + If the specified list begins with a M-bM-^@M-^X^M-bM-^@M-^Y character, then the + specified algorithms will be placed at the head of the default + set. + + The supported algorithms are: + + curve25519-sha256 + curve25519-sha256@libssh.org + diffie-hellman-group1-sha1 + diffie-hellman-group14-sha1 + diffie-hellman-group14-sha256 + diffie-hellman-group16-sha512 + diffie-hellman-group18-sha512 + diffie-hellman-group-exchange-sha1 + diffie-hellman-group-exchange-sha256 + ecdh-sha2-nistp256 + ecdh-sha2-nistp384 + ecdh-sha2-nistp521 + sntrup761x25519-sha512@openssh.com + + The default is: + + sntrup761x25519-sha512@openssh.com, + curve25519-sha256,curve25519-sha256@libssh.org, + ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, + diffie-hellman-group-exchange-sha256, + diffie-hellman-group16-sha512,diffie-hellman-group18-sha512, + diffie-hellman-group14-sha256 + + The list of supported key exchange algorithms may also be + obtained using "ssh -Q KexAlgorithms". + + ListenAddress + Specifies the local addresses sshd(8) should listen on. The + following forms may be used: + + ListenAddress hostname|address [rdomain domain] + ListenAddress hostname:port [rdomain domain] + ListenAddress IPv4_address:port [rdomain domain] + ListenAddress [hostname|address]:port [rdomain domain] + + The optional rdomain qualifier requests sshd(8) listen in an + explicit routing domain. If port is not specified, sshd will + listen on the address and all Port options specified. The + default is to listen on all local addresses on the current + default routing domain. Multiple ListenAddress options are + permitted. For more information on routing domains, see + rdomain(4). + + LoginGraceTime + The server disconnects after this time if the user has not + successfully logged in. If the value is 0, there is no time + limit. The default is 120 seconds. + + LogLevel + Gives the verbosity level that is used when logging messages from + sshd(8). The possible values are: QUIET, FATAL, ERROR, INFO, + VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is INFO. + DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify + higher levels of debugging output. Logging with a DEBUG level + violates the privacy of users and is not recommended. + + LogVerbose + Specify one or more overrides to LogLevel. An override consists + of a pattern lists that matches the source file, function and + line number to force detailed logging for. For example, an + override pattern of: + + kex.c:*:1000,*:kex_exchange_identification():*,packet.c:* + + would enable detailed logging for line 1000 of kex.c, everything + in the kex_exchange_identification() function, and all code in + the packet.c file. This option is intended for debugging and no + overrides are enabled by default. + + MACs Specifies the available MAC (message authentication code) + algorithms. The MAC algorithm is used for data integrity + protection. Multiple algorithms must be comma-separated. If the + specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified + algorithms will be appended to the default set instead of + replacing them. If the specified list begins with a M-bM-^@M-^X-M-bM-^@M-^Y + character, then the specified algorithms (including wildcards) + will be removed from the default set instead of replacing them. + If the specified list begins with a M-bM-^@M-^X^M-bM-^@M-^Y character, then the + specified algorithms will be placed at the head of the default + set. + + The algorithms that contain "-etm" calculate the MAC after + encryption (encrypt-then-mac). These are considered safer and + their use recommended. The supported MACs are: + + hmac-md5 + hmac-md5-96 + hmac-sha1 + hmac-sha1-96 + hmac-sha2-256 + hmac-sha2-512 + umac-64@openssh.com + umac-128@openssh.com + hmac-md5-etm@openssh.com + hmac-md5-96-etm@openssh.com + hmac-sha1-etm@openssh.com + hmac-sha1-96-etm@openssh.com + hmac-sha2-256-etm@openssh.com + hmac-sha2-512-etm@openssh.com + umac-64-etm@openssh.com + umac-128-etm@openssh.com + + The default is: + + umac-64-etm@openssh.com,umac-128-etm@openssh.com, + hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, + hmac-sha1-etm@openssh.com, + umac-64@openssh.com,umac-128@openssh.com, + hmac-sha2-256,hmac-sha2-512,hmac-sha1 + + The list of available MAC algorithms may also be obtained using + "ssh -Q mac". + + Match Introduces a conditional block. If all of the criteria on the + Match line are satisfied, the keywords on the following lines + override those set in the global section of the config file, + until either another Match line or the end of the file. If a + keyword appears in multiple Match blocks that are satisfied, only + the first instance of the keyword is applied. + + The arguments to Match are one or more criteria-pattern pairs or + the single token All which matches all criteria. The available + criteria are User, Group, Host, LocalAddress, LocalPort, RDomain, + and Address (with RDomain representing the rdomain(4) on which + the connection was received). + + The match patterns may consist of single entries or comma- + separated lists and may use the wildcard and negation operators + described in the PATTERNS section of ssh_config(5). + + The patterns in an Address criteria may additionally contain + addresses to match in CIDR address/masklen format, such as + 192.0.2.0/24 or 2001:db8::/32. Note that the mask length + provided must be consistent with the address - it is an error to + specify a mask length that is too long for the address or one + with bits set in this host portion of the address. For example, + 192.0.2.0/33 and 192.0.2.0/8, respectively. + + Only a subset of keywords may be used on the lines following a + Match keyword. Available keywords are AcceptEnv, + AllowAgentForwarding, AllowGroups, AllowStreamLocalForwarding, + AllowTcpForwarding, AllowUsers, AuthenticationMethods, + AuthorizedKeysCommand, AuthorizedKeysCommandUser, + AuthorizedKeysFile, AuthorizedPrincipalsCommand, + AuthorizedPrincipalsCommandUser, AuthorizedPrincipalsFile, + Banner, CASignatureAlgorithms, ChannelTimeout, ChrootDirectory, + ClientAliveCountMax, ClientAliveInterval, DenyGroups, DenyUsers, + DisableForwarding, ExposeAuthInfo, ForceCommand, GatewayPorts, + GSSAPIAuthentication, HostbasedAcceptedAlgorithms, + HostbasedAuthentication, HostbasedUsesNameFromPacketOnly, + IgnoreRhosts, Include, IPQoS, KbdInteractiveAuthentication, + KerberosAuthentication, LogLevel, MaxAuthTries, MaxSessions, + PAMServiceName, PasswordAuthentication, PermitEmptyPasswords, + PermitListen, PermitOpen, PermitRootLogin, PermitTTY, + PermitTunnel, PermitUserRC, PubkeyAcceptedAlgorithms, + PubkeyAuthentication, PubkeyAuthOptions, RekeyLimit, RevokedKeys, + RDomain, SetEnv, StreamLocalBindMask, StreamLocalBindUnlink, + TrustedUserCAKeys, UnusedConnectionTimeout, X11DisplayOffset, + X11Forwarding and X11UseLocalhost. + + MaxAuthTries + Specifies the maximum number of authentication attempts permitted + per connection. Once the number of failures reaches half this + value, additional failures are logged. The default is 6. + + MaxSessions + Specifies the maximum number of open shell, login or subsystem + (e.g. sftp) sessions permitted per network connection. Multiple + sessions may be established by clients that support connection + multiplexing. Setting MaxSessions to 1 will effectively disable + session multiplexing, whereas setting it to 0 will prevent all + shell, login and subsystem sessions while still permitting + forwarding. The default is 10. + + MaxStartups + Specifies the maximum number of concurrent unauthenticated + connections to the SSH daemon. Additional connections will be + dropped until authentication succeeds or the LoginGraceTime + expires for a connection. The default is 10:30:100. + + Alternatively, random early drop can be enabled by specifying the + three colon separated values start:rate:full (e.g. "10:30:60"). + sshd(8) will refuse connection attempts with a probability of + rate/100 (30%) if there are currently start (10) unauthenticated + connections. The probability increases linearly and all + connection attempts are refused if the number of unauthenticated + connections reaches full (60). + + ModuliFile + Specifies the moduli(5) file that contains the Diffie-Hellman + groups used for the M-bM-^@M-^\diffie-hellman-group-exchange-sha1M-bM-^@M-^] and + M-bM-^@M-^\diffie-hellman-group-exchange-sha256M-bM-^@M-^] key exchange methods. The + default is /etc/moduli. + + PAMServiceName + Specifies the service name used for Pluggable Authentication + Modules (PAM) authentication, authorisation and session controls + when UsePAM is enabled. The default is sshd. + + PasswordAuthentication + Specifies whether password authentication is allowed. The + default is sshd. + + PermitEmptyPasswords + When password authentication is allowed, it specifies whether the + server allows login to accounts with empty password strings. The + default is no. + + PermitListen + Specifies the addresses/ports on which a remote TCP port + forwarding may listen. The listen specification must be one of + the following forms: + + PermitListen port + PermitListen host:port + + Multiple permissions may be specified by separating them with + whitespace. An argument of any can be used to remove all + restrictions and permit any listen requests. An argument of none + can be used to prohibit all listen requests. The host name may + contain wildcards as described in the PATTERNS section in + ssh_config(5). The wildcard M-bM-^@M-^X*M-bM-^@M-^Y can also be used in place of a + port number to allow all ports. By default all port forwarding + listen requests are permitted. Note that the GatewayPorts option + may further restrict which addresses may be listened on. Note + also that ssh(1) will request a listen host of M-bM-^@M-^\localhostM-bM-^@M-^] if no + listen host was specifically requested, and this name is treated + differently to explicit localhost addresses of M-bM-^@M-^\127.0.0.1M-bM-^@M-^] and + M-bM-^@M-^\::1M-bM-^@M-^]. + + PermitOpen + Specifies the destinations to which TCP port forwarding is + permitted. The forwarding specification must be one of the + following forms: + + PermitOpen host:port + PermitOpen IPv4_addr:port + PermitOpen [IPv6_addr]:port + + Multiple forwards may be specified by separating them with + whitespace. An argument of any can be used to remove all + restrictions and permit any forwarding requests. An argument of + none can be used to prohibit all forwarding requests. The + wildcard M-bM-^@M-^X*M-bM-^@M-^Y can be used for host or port to allow all hosts or + ports respectively. Otherwise, no pattern matching or address + lookups are performed on supplied names. By default all port + forwarding requests are permitted. + + PermitRootLogin + Specifies whether root can log in using ssh(1). The argument + must be yes, prohibit-password, forced-commands-only, or no. The + default is prohibit-password. + + If this option is set to prohibit-password (or its deprecated + alias, without-password), password and keyboard-interactive + authentication are disabled for root. + + If this option is set to forced-commands-only, root login with + public key authentication will be allowed, but only if the + command option has been specified (which may be useful for taking + remote backups even if root login is normally not allowed). All + other authentication methods are disabled for root. + + If this option is set to no, root is not allowed to log in. + + PermitTTY + Specifies whether pty(4) allocation is permitted. The default is + yes. + + PermitTunnel + Specifies whether tun(4) device forwarding is allowed. The + argument must be yes, point-to-point (layer 3), ethernet (layer + 2), or no. Specifying yes permits both point-to-point and + ethernet. The default is no. + + Independent of this setting, the permissions of the selected + tun(4) device must allow access to the user. + + PermitUserEnvironment + Specifies whether ~/.ssh/environment and environment= options in + ~/.ssh/authorized_keys are processed by sshd(8). Valid options + are yes, no or a pattern-list specifying which environment + variable names to accept (for example "LANG,LC_*"). The default + is no. Enabling environment processing may enable users to + bypass access restrictions in some configurations using + mechanisms such as LD_PRELOAD. + + PermitUserRC + Specifies whether any ~/.ssh/rc file is executed. The default is + yes. + + PerSourceMaxStartups + Specifies the number of unauthenticated connections allowed from + a given source address, or M-bM-^@M-^\noneM-bM-^@M-^] if there is no limit. This + limit is applied in addition to MaxStartups, whichever is lower. + The default is none. + + PerSourceNetBlockSize + Specifies the number of bits of source address that are grouped + together for the purposes of applying PerSourceMaxStartups + limits. Values for IPv4 and optionally IPv6 may be specified, + separated by a colon. The default is 32:128, which means each + address is considered individually. + + PerSourcePenalties + Controls penalties for various conditions that may represent + attacks on sshd(8). If a penalty is enforced against a client + then its source address and any others in the same network, as + defined by PerSourceNetBlockSize, will be refused connection for + a period. + + A penalty doesn't affect concurrent connections in progress, but + multiple penalties from the same source from concurrent + connections will accumulate up to a maximum. Conversely, + penalties are not applied until a minimum threshold time has been + accumulated. + + Penalties are enabled by default with the default settings listed + below but may disabled using the off keyword. The defaults may + be overridden by specifying one or more of the keywords below, + separated by whitespace. All keywords accept arguments, e.g. + "crash:2m". + + crash:duration + Specifies how long to refuse clients that cause a crash + of sshd(8) (default: 90s). + + authfail:duration + Specifies how long to refuse clients that disconnect + after making one or more unsuccessful authentication + attempts (default: 5s). + + noauth:duration + Specifies how long to refuse clients that disconnect + without attempting authentication (default: 1s). This + timeout should be used cautiously otherwise it may + penalise legitimate scanning tools such as + ssh-keyscan(1). + + grace-exceeded:duration + Specifies how long to refuse clients that fail to + authenticate after LoginGraceTime (default: 20s). + + max:duration + Specifies the maximum time a particular source address + range will be refused access for (default: 10m). + Repeated penalties will accumulate up to this maximum. + + min:duration + Specifies the minimum penalty that must accrue before + enforcement begins (default: 15s). + + max-sources4:number, max-sources6:number + Specifies the maximum number of client IPv4 and IPv6 + address ranges to track for penalties (default: 65536 for + both). + + overflow:mode + Controls how the server behaves when max-sources4 or + max-sources6 is exceeded. There are two operating modes: + deny-all, which denies all incoming connections other + than those exempted via PerSourcePenaltyExemptList until + a penalty expires, and permissive, which allows new + connections by removing existing penalties early + (default: permissive). Note that client penalties below + the min threshold count against the total number of + tracked penalties. IPv4 and IPv6 addresses are tracked + separately, so an overflow in one will not affect the + other. + + overflow6:mode + Allows specifying a different overflow mode for IPv6 + addresses. The default it to use the same overflow mode + as was specified for IPv4. + + PerSourcePenaltyExemptList + Specifies a comma-separated list of addresses to exempt from + penalties. This list may contain wildcards and CIDR + address/masklen ranges. Note that the mask length provided must + be consistent with the address - it is an error to specify a mask + length that is too long for the address or one with bits set in + this host portion of the address. For example, 192.0.2.0/33 and + 192.0.2.0/8, respectively. The default is not to exempt any + addresses. + + PidFile + Specifies the file that contains the process ID of the SSH + daemon, or none to not write one. The default is + /var/run/sshd.pid. + + Port Specifies the port number that sshd(8) listens on. The default + is 22. Multiple options of this type are permitted. See also + ListenAddress. + + PrintLastLog + Specifies whether sshd(8) should print the date and time of the + last user login when a user logs in interactively. The default + is yes. + + PrintMotd + Specifies whether sshd(8) should print /etc/motd when a user logs + in interactively. (On some systems it is also printed by the + shell, /etc/profile, or equivalent.) The default is yes. + + PubkeyAcceptedAlgorithms + Specifies the signature algorithms that will be accepted for + public key authentication as a list of comma-separated patterns. + Alternately if the specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, + then the specified algorithms will be appended to the default set + instead of replacing them. If the specified list begins with a + M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified algorithms (including + wildcards) will be removed from the default set instead of + replacing them. If the specified list begins with a M-bM-^@M-^X^M-bM-^@M-^Y + character, then the specified algorithms will be placed at the + head of the default set. The default for this option is: + + ssh-ed25519-cert-v01@openssh.com, + ecdsa-sha2-nistp256-cert-v01@openssh.com, + ecdsa-sha2-nistp384-cert-v01@openssh.com, + ecdsa-sha2-nistp521-cert-v01@openssh.com, + sk-ssh-ed25519-cert-v01@openssh.com, + sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, + rsa-sha2-512-cert-v01@openssh.com, + rsa-sha2-256-cert-v01@openssh.com, + ssh-ed25519, + ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, + sk-ssh-ed25519@openssh.com, + sk-ecdsa-sha2-nistp256@openssh.com, + rsa-sha2-512,rsa-sha2-256 + + The list of available signature algorithms may also be obtained + using "ssh -Q PubkeyAcceptedAlgorithms". + + PubkeyAuthOptions + Sets one or more public key authentication options. The + supported keywords are: none (the default; indicating no + additional options are enabled), touch-required and + verify-required. + + The touch-required option causes public key authentication using + a FIDO authenticator algorithm (i.e. ecdsa-sk or ed25519-sk) to + always require the signature to attest that a physically present + user explicitly confirmed the authentication (usually by touching + the authenticator). By default, sshd(8) requires user presence + unless overridden with an authorized_keys option. The + touch-required flag disables this override. + + The verify-required option requires a FIDO key signature attest + that the user was verified, e.g. via a PIN. + + Neither the touch-required or verify-required options have any + effect for other, non-FIDO, public key types. + + PubkeyAuthentication + Specifies whether public key authentication is allowed. The + default is yes. + + RekeyLimit + Specifies the maximum amount of data that may be transmitted or + received before the session key is renegotiated, optionally + followed by a maximum amount of time that may pass before the + session key is renegotiated. The first argument is specified in + bytes and may have a suffix of M-bM-^@M-^XKM-bM-^@M-^Y, M-bM-^@M-^XMM-bM-^@M-^Y, or M-bM-^@M-^XGM-bM-^@M-^Y to indicate + Kilobytes, Megabytes, or Gigabytes, respectively. The default is + between M-bM-^@M-^X1GM-bM-^@M-^Y and M-bM-^@M-^X4GM-bM-^@M-^Y, depending on the cipher. The optional + second value is specified in seconds and may use any of the units + documented in the TIME FORMATS section. The default value for + RekeyLimit is default none, which means that rekeying is + performed after the cipher's default amount of data has been sent + or received and no time based rekeying is done. + + RequiredRSASize + Specifies the minimum RSA key size (in bits) that sshd(8) will + accept. User and host-based authentication keys smaller than + this limit will be refused. The default is 1024 bits. Note that + this limit may only be raised from the default. + + RevokedKeys + Specifies revoked public keys file, or none to not use one. Keys + listed in this file will be refused for public key + authentication. Note that if this file is not readable, then + public key authentication will be refused for all users. Keys + may be specified as a text file, listing one public key per line, + or as an OpenSSH Key Revocation List (KRL) as generated by + ssh-keygen(1). For more information on KRLs, see the KEY + REVOCATION LISTS section in ssh-keygen(1). + + RDomain + Specifies an explicit routing domain that is applied after + authentication has completed. The user session, as well as any + forwarded or listening IP sockets, will be bound to this + rdomain(4). If the routing domain is set to %D, then the domain + in which the incoming connection was received will be applied. + + SecurityKeyProvider + Specifies a path to a library that will be used when loading FIDO + authenticator-hosted keys, overriding the default of using the + built-in USB HID support. + + SetEnv Specifies one or more environment variables to set in child + sessions started by sshd(8) as M-bM-^@M-^\NAME=VALUEM-bM-^@M-^]. The environment + value may be quoted (e.g. if it contains whitespace characters). + Environment variables set by SetEnv override the default + environment and any variables specified by the user via AcceptEnv + or PermitUserEnvironment. + + SshdSessionPath + Overrides the default path to the sshd-session binary that is + invoked to handle each connection. The default is + /usr/libexec/sshd-session. This option is intended for use by + tests. + + StreamLocalBindMask + Sets the octal file creation mode mask (umask) used when creating + a Unix-domain socket file for local or remote port forwarding. + This option is only used for port forwarding to a Unix-domain + socket file. + + The default value is 0177, which creates a Unix-domain socket + file that is readable and writable only by the owner. Note that + not all operating systems honor the file mode on Unix-domain + socket files. + + StreamLocalBindUnlink + Specifies whether to remove an existing Unix-domain socket file + for local or remote port forwarding before creating a new one. + If the socket file already exists and StreamLocalBindUnlink is + not enabled, sshd will be unable to forward the port to the Unix- + domain socket file. This option is only used for port forwarding + to a Unix-domain socket file. + + The argument must be yes or no. The default is no. + + StrictModes + Specifies whether sshd(8) should check file modes and ownership + of the user's files and home directory before accepting login. + This is normally desirable because novices sometimes accidentally + leave their directory or files world-writable. The default is + yes. Note that this does not apply to ChrootDirectory, whose + permissions and ownership are checked unconditionally. + + Subsystem + Configures an external subsystem (e.g. file transfer daemon). + Arguments should be a subsystem name and a command (with optional + arguments) to execute upon subsystem request. + + The command sftp-server implements the SFTP file transfer + subsystem. + + Alternately the name internal-sftp implements an in-process SFTP + server. This may simplify configurations using ChrootDirectory + to force a different filesystem root on clients. It accepts the + same command line arguments as sftp-server and even though it is + in-process, settings such as LogLevel or SyslogFacility do not + apply to it and must be set explicitly via command line + arguments. + + By default no subsystems are defined. + + SyslogFacility + Gives the facility code that is used when logging messages from + sshd(8). The possible values are: DAEMON, USER, AUTH, LOCAL0, + LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The + default is AUTH. + + TCPKeepAlive + Specifies whether the system should send TCP keepalive messages + to the other side. If they are sent, death of the connection or + crash of one of the machines will be properly noticed. However, + this means that connections will die if the route is down + temporarily, and some people find it annoying. On the other + hand, if TCP keepalives are not sent, sessions may hang + indefinitely on the server, leaving "ghost" users and consuming + server resources. + + The default is yes (to send TCP keepalive messages), and the + server will notice if the network goes down or the client host + crashes. This avoids infinitely hanging sessions. + + To disable TCP keepalive messages, the value should be set to no. + + TrustedUserCAKeys + Specifies a file containing public keys of certificate + authorities that are trusted to sign user certificates for + authentication, or none to not use one. Keys are listed one per + line; empty lines and comments starting with M-bM-^@M-^X#M-bM-^@M-^Y are allowed. If + a certificate is presented for authentication and has its signing + CA key listed in this file, then it may be used for + authentication for any user listed in the certificate's + principals list. Note that certificates that lack a list of + principals will not be permitted for authentication using + TrustedUserCAKeys. For more details on certificates, see the + CERTIFICATES section in ssh-keygen(1). + + UnusedConnectionTimeout + Specifies whether and how quickly sshd(8) should close client + connections with no open channels. Open channels include active + shell, command execution or subsystem sessions, connected + network, socket, agent or X11 forwardings. Forwarding listeners, + such as those from the ssh(1) -R flag, are not considered as open + channels and do not prevent the timeout. The timeout value is + specified in seconds or may use any of the units documented in + the TIME FORMATS section. + + Note that this timeout starts when the client connection + completes user authentication but before the client has an + opportunity to open any channels. Caution should be used when + using short timeout values, as they may not provide sufficient + time for the client to request and open its channels before + terminating the connection. + + The default none is to never expire connections for having no + open channels. This option may be useful in conjunction with + ChannelTimeout. + + UseDNS Specifies whether sshd(8) should look up the remote host name, + and to check that the resolved host name for the remote IP + address maps back to the very same IP address. + + If this option is set to no (the default) then only addresses and + not host names may be used in ~/.ssh/authorized_keys from and + sshd_config Match Host directives. + + UsePAM Enables the Pluggable Authentication Module interface. If set to + yes this will enable PAM authentication using + KbdInteractiveAuthentication and PasswordAuthentication in + addition to PAM account and session module processing for all + authentication types. + + Because PAM keyboard-interactive authentication usually serves an + equivalent role to password authentication, you should disable + either PasswordAuthentication or KbdInteractiveAuthentication. + + If UsePAM is enabled, you will not be able to run sshd(8) as a + non-root user. The default is no. + + VersionAddendum + Optionally specifies additional text to append to the SSH + protocol banner sent by the server upon connection. The default + is none. + + X11DisplayOffset + Specifies the first display number available for sshd(8)'s X11 + forwarding. This prevents sshd from interfering with real X11 + servers. The default is 10. + + X11Forwarding + Specifies whether X11 forwarding is permitted. The argument must + be yes or no. The default is no. + + When X11 forwarding is enabled, there may be additional exposure + to the server and to client displays if the sshd(8) proxy display + is configured to listen on the wildcard address (see + X11UseLocalhost), though this is not the default. Additionally, + the authentication spoofing and authentication data verification + and substitution occur on the client side. The security risk of + using X11 forwarding is that the client's X11 display server may + be exposed to attack when the SSH client requests forwarding (see + the warnings for ForwardX11 in ssh_config(5)). A system + administrator may have a stance in which they want to protect + clients that may expose themselves to attack by unwittingly + requesting X11 forwarding, which can warrant a no setting. + + Note that disabling X11 forwarding does not prevent users from + forwarding X11 traffic, as users can always install their own + forwarders. + + X11UseLocalhost + Specifies whether sshd(8) should bind the X11 forwarding server + to the loopback address or to the wildcard address. By default, + sshd binds the forwarding server to the loopback address and sets + the hostname part of the DISPLAY environment variable to + localhost. This prevents remote hosts from connecting to the + proxy display. However, some older X11 clients may not function + with this configuration. X11UseLocalhost may be set to no to + specify that the forwarding server should be bound to the + wildcard address. The argument must be yes or no. The default + is yes. + + XAuthLocation + Specifies the full pathname of the xauth(1) program, or none to + not use one. The default is /usr/X11R6/bin/xauth. + +TIME FORMATS + sshd(8) command-line arguments and configuration file options that + specify time may be expressed using a sequence of the form: + time[qualifier], where time is a positive integer value and qualifier is + one of the following: + + M-bM-^_M-(noneM-bM-^_M-) seconds + s | S seconds + m | M minutes + h | H hours + d | D days + w | W weeks + + Each member of the sequence is added together to calculate the total time + value. + + Time format examples: + + 600 600 seconds (10 minutes) + 10m 10 minutes + 1h30m 1 hour 30 minutes (90 minutes) + +TOKENS + Arguments to some keywords can make use of tokens, which are expanded at + runtime: + + %% A literal M-bM-^@M-^X%M-bM-^@M-^Y. + %C Identifies the connection endpoints, containing four space- + separated values: client address, client port number, server + address, and server port number. + %D The routing domain in which the incoming connection was + received. + %F The fingerprint of the CA key. + %f The fingerprint of the key or certificate. + %h The home directory of the user. + %i The key ID in the certificate. + %K The base64-encoded CA key. + %k The base64-encoded key or certificate for authentication. + %s The serial number of the certificate. + %T The type of the CA key. + %t The key or certificate type. + %U The numeric user ID of the target user. + %u The username. + + AuthorizedKeysCommand accepts the tokens %%, %C, %D, %f, %h, %k, %t, %U, + and %u. + + AuthorizedKeysFile accepts the tokens %%, %h, %U, and %u. + + AuthorizedPrincipalsCommand accepts the tokens %%, %C, %D, %F, %f, %h, + %i, %K, %k, %s, %T, %t, %U, and %u. + + AuthorizedPrincipalsFile accepts the tokens %%, %h, %U, and %u. + + ChrootDirectory accepts the tokens %%, %h, %U, and %u. + + RoutingDomain accepts the token %D. + +FILES + /etc/ssh/sshd_config + Contains configuration data for sshd(8). This file should be + writable by root only, but it is recommended (though not + necessary) that it be world-readable. + +SEE ALSO + sftp-server(8), sshd(8) + +AUTHORS + OpenSSH is a derivative of the original and free ssh 1.2.12 release by + Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo + de Raadt and Dug Song removed many bugs, re-added newer features and + created OpenSSH. Markus Friedl contributed the support for SSH protocol + versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support + for privilege separation. + +OpenBSD 7.5 June 24, 2024 OpenBSD 7.5