408f4c2ad4
Look for '${host}-ar' before 'ar'.
...
This changes configure.ac to look for '${host}-ar' as set by
AC_CANONICAL_HOST before looking for the unprefixed 'ar'.
Useful when cross-compiling when all your binutils are prefixed.
Patch from moben at exherbo org via astrand at lysator liu se and
bz#2352.
2015-04-17 09:39:58 +10:00
2aa9da1a3b
upstream commit
...
Compile-time disable SSH protocol 1. You can turn it
back on using the Makefile.inc knob if you need it to talk to ancient
devices.
2015-03-27 12:00:37 +11:00
00797e86b2
check for crypt and DES_crypt in openssl block
...
fixes builds on systems that use DES_crypt; based on patch
from Roumen Petrov
2015-03-04 05:02:45 +11:00
e50e8c97a9
Add null declaration of AI_NUMERICINFO.
...
Some platforms (older FreeBSD and DragonFly versions) do have
getaddrinfo() but do not have AI_NUMERICINFO. so define it to zero
in those cases.
2015-02-21 15:10:33 +11:00
72ef7c148c
support --without-openssl at configure time
...
Disables and removes dependency on OpenSSL. Many features don't
work and the set of crypto options is greatly restricted. This
will only work on system with native arc4random or /dev/urandom.
Considered highly experimental for now.
2015-01-15 02:28:36 +11:00
76c0480a85
add --without-ssh1 option to configure
...
Allows disabling support for SSH protocol 1.
2015-01-13 19:38:18 +11:00
642652d280
Add reallocarray to compat library
2014-12-10 01:32:23 +11:00
7d0ba53366
include version number in OpenSSL-too-old error
2014-10-30 10:45:41 +11:00
3d673d103b
- (djm) [openbsd-compat/explicit_bzero.c] implement explicit_bzero()
...
using memset_s() where possible; improve fallback to indirect bzero
via a volatile pointer to give it more of a chance to avoid being
optimised away.
2014-08-27 06:32:01 +10:00
d244a5816f
- (djm) [configure.ac] We now require a working vsnprintf everywhere (not
...
just for systems that lack asprintf); check for it always and extend
test to catch more brokenness. Fixes builds on Solaris <= 9
2014-08-23 17:06:49 +10:00
394a60f259
- (djm) [configure.ac] double braces to appease autoconf
2014-08-22 18:06:20 +10:00
6d62784b89
- (djm) [configure.ac] include leading zero characters in OpenSSL version
...
number; fixes test for unsupported versions
2014-08-22 17:36:19 +10:00
2195847e50
- (djm) [configure.ac] Check OpenSSL version is supported at configure time;
...
suggested by Kevin Brott
2014-08-20 11:05:03 +10:00
00f9cd2307
- (djm) [configure.ac] Delay checks for arc4random* until after libcrypto
...
has been located; fixes builds agains libressl-portable
2014-07-15 10:41:38 +10:00
8da0fa2493
- (djm) [digest-openssl.c configure.ac] Disable RIPEMD160 if libcrypto
...
doesn't support it.
2014-07-03 11:54:19 +10:00
f9696566fb
- (dtucker) [configure.ac] Remove tcpwrappers support, support has already
...
been removed from sshd.c.
2014-06-13 11:06:04 +10:00
6482d90a65
- (djm) [configure.ac openbsd-compat/bsd-cygwin_util.c]
...
[openbsd-compat/bsd-cygwin_util.h] On Cygwin, determine privilege
separation user at runtime, since it may need to be a domain account.
Patch from Corinna Vinschen.
2014-05-27 14:34:42 +10:00
18912775cb
- (djm) [commit configure.ac defines.h sshpty.c] don't attempt to use
...
vhangup on Linux. It doens't work for non-root users, and for them
it just messes up the tty settings.
2014-05-21 17:06:46 +10:00
e5b9f0f2ee
- (djm) [Makefile.in configure.ac sshbuf-getput-basic.c]
...
[sshbuf-getput-crypto.c sshbuf.c] compilation and portability fixes
2014-05-15 14:58:07 +10:00
b9c566788a
- (djm) [configure.ac] Unconditionally define WITH_OPENSSL until we write
...
portability glue to support building without libcrypto
2014-05-15 14:43:37 +10:00
03ae081aea
20140221
...
- (tim) [configure.ac] Fix cut-and-paste error. Patch from Bryan Drewery.
2014-02-21 09:09:34 -08:00
4a20959d2e
- (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add compat
...
code for older OpenSSL versions that don't have EVP_MD_CTX_copy_ex.
2014-02-13 16:38:32 +11:00
1d2c456426
- tedu@cvs.openbsd.org 2014/01/31 16:39:19
...
[auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c]
[channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c]
[kexc25519.c krl.c monitor.c sandbox-systrace.c session.c]
[sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c]
[openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h]
replace most bzero with explicit_bzero, except a few that cna be memset
ok djm dtucker
2014-02-04 11:18:20 +11:00
f5bbd3b657
- (djm) [configure.ac atomicio.c] Kludge around NetBSD offering
...
different symbols for 'read' when various compiler flags are
in use, causing atomicio.c comparisons against it to break and
read/write operations to hang; ok dtucker
2014-01-30 11:26:46 +11:00
c2868192dd
- (djm) [configure.ac] Only check for width-specified integer types
...
in headers that actually exist. patch from Tom G. Christensen;
ok dtucker@
2014-01-30 10:21:19 +11:00
c161fc90fc
- (djm) [configure.ac] Fix broken shell test '==' vs '='; patch from
...
Tom G. Christensen
2014-01-29 21:01:33 +11:00
ab03949058
- (djm) [configure.ac] Search for inet_ntop in libnsl and libresovl;
...
ok dtucker
2014-01-28 15:07:10 +11:00
5b447c0aac
- (djm) [configure.ac] correct AC_DEFINE for previous.
2014-01-26 09:46:53 +11:00
2035b2236d
- (djm) [configure.ac sandbox-capsicum.c sandbox-rlimit.c] Disable
...
RLIMIT_NOFILE pseudo-sandbox on FreeBSD. In some configurations,
libc will attempt to open additional file descriptors for crypto
offload and crash if they cannot be opened.
2014-01-26 09:39:53 +11:00
603b8f47f1
- (djm) [configure.ac] autoconf sets finds to 'yes' not '1', so test
...
against the correct thing.
2014-01-25 13:16:59 +11:00
c96d85376d
- (djm) [configure.ac] Do not attempt to use capsicum sandbox unless
...
sys/capability.h exists and cap_rights_limit is in libc. Fixes
build on FreeBSD9x which provides the header but not the libc
support.
2014-01-25 13:12:28 +11:00
f62ecef993
- (djm) [configure.ac] Fix detection of capsicum sandbox on FreeBSD
2014-01-25 12:34:38 +11:00
42a0925301
- (dtucker) [configure.ac] NetBSD's (and FreeBSD's) strnvis is gratuitously
...
incompatible with OpenBSD's despite post-dating it by more than a decade.
Declare it as broken, and document FreeBSD's as the same. ok djm@
2014-01-23 23:14:39 +11:00
5c2ff5e31f
- (djm) [configure.ac aclocal.m4] More tests to detect fallout from
...
platform hardening options: include some long long int arithmatic
to detect missing support functions for -ftrapv in libgcc and
equivalents, actually test linking when -ftrapv is supplied and
set either both -pie/-fPIE or neither. feedback and ok dtucker@
2014-01-22 21:30:12 +11:00
852472a54b
- (djm) [configure.ac] Unless specifically requested, only attempt
...
to build Position Independent Executables on gcc >= 4.x; ok dtucker
2014-01-22 16:31:18 +11:00
096118dc73
- (dtucker) [configure.ac] Make PIE a configure-time option which defaults
...
to on platforms where it's known to be reliably detected and off elsewhere.
Works around platforms such as FreeBSD 9.1 where it does not interop with
-ftrapv (it seems to work but fails when trying to link ssh). ok djm@
2014-01-21 12:48:51 +11:00
fdce373166
- (dtucker) [configure.ac] On Cygwin the getopt variables (like optargs,
...
optind) are defined in getopt.h already. Unfortunately they are defined as
"declspec(dllimport)" for historical reasons, because the GNU linker didn't
allow auto-import on PE/COFF targets way back when. The problem is the
dllexport attributes collide with the definitions in the various source
files in OpenSSH, which obviousy define the variables without
declspec(dllimport). The least intrusive way to get rid of these warnings
is to disable warnings for GCC compiler attributes when building on Cygwin.
Patch from vinschen at redhat.com.
2014-01-18 21:12:42 +11:00
9edcbff46f
- (dtucker) [configure.ac] Have --without-toolchain-hardening not turn off
...
stack-protector since that has a separate flag that's been around a while.
2014-01-17 21:54:32 +11:00
6d725687c4
- (dtucker) [configure.ac] Also look in inttypes.h for uintXX_t types.
2014-01-17 19:17:34 +11:00
a5cf1e220d
- (dtucker) [configure.ac openbsd-compat/bsd-statvfs.c
...
openbsd-compat/bsd-statvfs.h] Implement enough of statvfs on top of statfs
to be useful (and for the regression tests to pass) on platforms that
have statfs and fstatfs. ok djm@
2014-01-17 18:10:58 +11:00
d23a91ffb2
- (dtucker) [configure.ac digest.c openbsd-compat/openssl-compat.c
...
openbsd-compat/openssl-compat.h] Add compatibility layer for older
openssl versions. ok djm@
2014-01-17 17:32:30 +11:00
868ea1ea1c
- (djm) [Makefile.in configure.ac sandbox-capsicum.c sandbox-darwin.c]
...
[sandbox-null.c sandbox-rlimit.c sandbox-seccomp-filter.c]
[sandbox-systrace.c ssh-sandbox.h sshd.c] Support preauth sandboxing
using the Capsicum API introduced in FreeBSD 10. Patch by Dag-Erling
Smorgrav, updated by Loganaden Velvindron @ AfriNIC; ok dtucker@
2014-01-17 16:47:04 +11:00
c548722361
- (dtucker) [configure.ac] Split AC_CHECK_FUNCS for OpenSSL functions into
...
separate lines and alphabetize for easier diffing of changes.
2014-01-17 15:12:16 +11:00
fd994379dd
- (dtucker) [aclocal.m4 configure.ac] Add some additional compiler/toolchain
...
hardening flags including -fstack-protector-strong. These default to on
if the toolchain supports them, but there is a configure-time knob
(--without-hardening) to disable them if necessary. ok djm@
2014-01-17 09:53:24 +11:00
1fcec9d4f2
- (dtucker) [configure.ac] bz#2178: Don't try to use BSM on Solaris versions
...
greater than 11 either rather than just 11. Patch from Tomas Kuthan.
2013-12-19 11:00:12 +11:00
1ff130dac9
- [configure.ac openbsd-compat/Makefile.in openbsd-compat/bcrypt_pbkdf.c]
...
[openbsd-compat/blf.h openbsd-compat/blowfish.c]
[openbsd-compat/openbsd-compat.h] Start at supporting bcrypt_pbkdf in
portable.
2013-12-07 11:51:51 +11:00
a913442bac
- [Makefile.in] Add ed25519 sources
2013-12-07 11:35:36 +11:00
8369c8e61a
- (dtucker) [configure.ac] bz#2173: use pkg-config --libs to include correct
...
-L location for libedit. Patch from Serge van den Boom.
2013-12-05 11:00:16 +11:00
dd5264db5f
- (dtucker) [configure.ac] Add missing "test".
2013-11-09 22:32:51 +11:00
95cb2d4eb0
- (dtucker) [configure.ac] Fix brackets in NID_secp521r1 test.
2013-11-09 22:02:31 +11:00
37bcef51b3
- (dtucker) [configure.ac kex.c key.c myproposal.h] Test for the presence of
...
NID_X9_62_prime256v1, NID_secp384r1 and NID_secp521r1 and test that the
latter actually works before using it. Fedora (at least) has NID_secp521r1
that doesn't work (see https://bugzilla.redhat.com/show_bug.cgi?id=1021897 ).
2013-11-09 18:39:25 +11:00
882abfd3fb
- (dtucker) [Makefile.in configure.ac] Set MALLOC_OPTIONS per platform
...
and pass in TEST_ENV. Unknown options cause stderr to get polluted
and the stderr-data test to fail.
2013-11-09 00:17:41 +11:00
4bf7e50e53
- (dtucker) [Makefile.in configure.ac] Remove TEST_SSH_SHA256 environment
...
variable. It's no longer used now that we get the supported MACs from
ssh -Q.
2013-11-07 22:33:48 +11:00
df8b030b15
- (djm) [configure.ac defines.h] Skip arc4random_stir() calls on platforms
...
that lack it but have arc4random_uniform()
2013-11-07 13:28:16 +11:00
007e3b357e
- (dtucker) [configure.ac defines.h] Add typedefs for intmax_t and uintmax_t
...
for platforms that don't have them.
2013-11-03 18:43:55 +11:00
f3ab2c5f9c
- (dtucker) [auth-krb5.c configure.ac openbsd-compat/bsd-misc.h] Add support
...
for building with older Heimdal versions. ok djm.
2013-08-04 21:48:41 +10:00
6d8bd57448
- (dtucker) [Makefile.in configure.ac fixalgorithms] Remove unsupported
...
algorithms (Ciphers, MACs and HostKeyAlgorithms) from man pages.
2013-06-11 11:26:10 +10:00
ae133d4b31
- (dtucker) [configure.ac sftp.c openbsd-compat/openbsd-compat.h] Cater for
...
platforms that don't have multibyte character support (specifically,
mblen).
2013-06-06 08:30:20 +10:00
16cac190eb
- (dtucker) [configure.ac] Some other platforms need sys/types.h before
...
sys/socket.h.
2013-06-04 12:55:24 +10:00
0b43ffe143
- (dtucker) [configure.ac] Some platforms need sys/types.h before sys/un.h.
2013-06-03 09:30:44 +10:00
5ab9b63468
- (tim) [configure.ac regress/Makefile] With rev 1.47 of test-exec.sh we
...
need a shell that can handle "[ file1 -nt file2 ]". Rather than keep
dealing with shell portability issues in regression tests, we let
configure find us a capable shell on those platforms with an old /bin/sh.
2013-06-02 14:05:48 -07:00
898ac935e5
- (dtucker) [configure.ac] bz#2111: don't try to use lastlog on Android.
...
Patch from Nathan Osman.
2013-06-03 02:03:25 +10:00
ef4901c3eb
- (dtucker) [configure.ac] sys/un.h needs sys/socket.h on some platforms
...
to prevent noise from configure. Patch from Nathan Osman.
2013-06-03 01:59:13 +10:00
a710891659
- (dtucker) [configure.ac misc.c] Look for clock_gettime in librt and fall
...
back to time(NULL) if we can't find it anywhere.
2013-06-02 08:18:31 +10:00
c7aad0058c
- (dtucker) [configure.ac defines.h] Test for fd_mask, howmany and NFDBITS
...
rather than trying to enumerate the plaforms that don't have them.
Based on a patch from Nathan Osman, with help from tim@.
2013-06-02 07:18:47 +10:00
c0c3373216
- (dtucker) [configure.ac openbsd-compat/xcrypt.c] bz#2112: fall back to
...
using openssl's DES_crpyt function on platorms that don't have a native
one, eg Android. Based on a patch from Nathan Osman.
2013-06-02 06:28:03 +10:00
efdf534214
- (dtucker) [configure.ac openbsd-compat/bsd-misc.h] bz#2087: Add a null
...
implementation of endgrent for platforms that don't have it (eg Android).
Loosely based on a patch from Nathan Osman, ok djm
2013-05-30 08:29:08 +10:00
e194ba4111
- (dtucker) [configure.ac readconf.c servconf.c
...
openbsd-compat/openbsd-compat.h] Add compat bits for scan_scaled.
2013-05-16 20:47:31 +10:00
c54e3e0741
- (dtucker) [configure.ac] Add -Werror to the -Qunused-arguments test so
...
we don't get a warning on compilers that *don't* support it. Add
-Wno-unknown-warning-option. Move both to the start of the list for
maximum noise suppression. Tested with gcc 4.6.3, gcc 2.95.4 and clang 2.9.
2013-05-10 18:53:14 +10:00
abbc7a7c02
- (dtucker) [configure.ac] Enable -Wsizeof-pointer-memaccess if the compiler
...
supports it. Mentioned by Colin Watson in bz#2100, ok djm.
2013-05-10 13:54:23 +10:00
6332da2ae8
- (djm) [auth.c configure.ac misc.c monitor.c monitor_wrap.c] Support
...
platforms, such as Android, that lack struct passwd.pw_gecos. Report
and initial patch from Nathan Osman bz#2086; feedback tim@ ok dtucker@
2013-04-23 14:25:52 +10:00
ce1c9574fc
- (dtucker) [configure.ac] Use -Qunused-arguments to suppress warnings from
...
unused argument warnings (in particular, -fno-builtin-memset) from clang.
2013-04-18 21:36:19 +10:00
c8a0f27c6d
- (dtucker) [configure.ac] Add stdlib.h to zlib check for exit() prototype.
2013-03-22 12:49:14 +11:00
63b4bcd04e
- (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c]
...
[openbsd-compat/vis.h] FreeBSD's strnvis isn't compatible with OpenBSD's
so mark it as broken. Patch from des AT des.no
2013-03-20 12:55:14 +11:00
aa86c3970f
- (tim) [configure.ac] OpenServer 5 wants lastlog even though it has none
...
of the bits the configure test looks for.
2013-03-16 20:55:46 -07:00
f4db77d766
- (djm) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
...
Add a usleep replacement for platforms that lack it; ok dtucker
2013-03-15 10:34:25 +11:00
a2438bbd28
- (djm) [configure.ac] Disable utmp, wtmp and/or lastlog if the platform
...
is unable to successfully compile them. Based on patch from des AT
des.no
2013-03-15 10:23:07 +11:00
aa97d13fa2
- (dtucker) [auth.c configure.ac platform.c platform.h] Accept uid 2 ("bin")
...
in addition to root as an owner of system directories on AIX and HP-UX.
ok djm@
2013-03-12 11:31:05 +11:00
e4f4347822
- (djm) [configure.ac] Add a timeout to the select/rlimit test to give it a
...
chance to complete on broken systems; ok dtucker@
2013-03-08 12:14:22 +11:00
ff008ded7f
- (dtucker) [configure.ac] test that we can set number of file descriptors
...
to zero with setrlimit before enabling the rlimit sandbox. This affects
(at least) HPUX 11.11.
2013-03-06 17:48:48 +11:00
5f0e54c892
- (dtucker) [configure.ac] use "=" for shell test and not "==". Spotted by
...
Kevin Brott.
2013-03-05 19:57:39 +11:00
03978c61f3
- (dtucker) [configure.ac ssh-gss.h] bz#2073: additional #includes needed
...
to use Solaris native GSS libs. Patch from Pierre Ossman.
2013-02-25 11:24:44 +11:00
b87f6b70f8
- (djm) [configure.ac includes.h loginrec.c mux.c sftp.c] Prefer
...
bsd/libutil.h to libutil.h to avoid deprecation warnings on Ubuntu.
ok tim
2013-02-23 09:12:23 +11:00
91f40d8592
- (djm) [configure.ac sandbox-seccomp-filter.c] Support for Linux
...
seccomp-bpf sandbox on ARM. Patch from shawnlandden AT gmail.com;
ok dtucker
2013-02-22 11:37:00 +11:00
a2b5a4c746
- (dtucker) [configure.ac] bz#2073: look for Solaris' differently-named
...
libgss too. Patch from Pierre Ossman, ok djm.
2013-02-22 10:43:15 +11:00
964de184a8
- (dtucker) [Makefile.in configure.ac] bz#2072: don't link krb5 libs to
...
ssh(1) since they're not needed. Patch from Pierre Ossman.
2013-02-22 10:39:59 +11:00
8e6fb780e5
- (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoull.c
...
openbsd-compat/openbsd-compat.h] Add strtoull to compat library for
platforms that don't have it.
2013-02-15 12:13:01 +11:00
3c4a24c3e3
- (dtucker) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
...
Use getpgrp() if we don't have getpgid() (old BSDs, maybe others).
2013-02-15 11:41:35 +11:00
b6f73b3af6
- (djm) [configure.ac openbsd-compat/openssl-compat.h] Repair build on old
...
libcrypto that lacks EVP_CIPHER_CTX_ctrl
2013-02-11 10:39:12 +11:00
951b53b1be
- (dtucker) [configure.ac openbsd-compat/sys-tree.h] Test if compiler allows
...
__attribute__ on return values and work around if necessary. ok djm@
2013-02-08 11:50:09 +11:00
5c3bbd76aa
- (djm) [configure.ac] Don't probe seccomp capability of running kernel
...
at configure time; the seccomp sandbox will fall back to rlimit at
runtime anyway. Patch from plautrba AT redhat.com in bz#2011
2013-02-07 10:11:05 +11:00
d522c68872
- (djm) [cipher.c configure.ac openbsd-compat/openssl-compat.h]
...
Fix merge botch, automatically detect AES-GCM in OpenSSL, move a little
cipher compat code to openssl-compat.h
2013-01-09 16:42:47 +11:00
25a02b0c95
- (djm) [configure.ac cipher-ctr.c] Adapt EVP AES CTR change to retain our
...
compat code for older OpenSSL
2012-12-13 08:18:56 +11:00
8b48982a56
- (djm) [configure.ac] Revert previous. configure.ac already does this
...
for us.
2012-12-03 12:35:55 +11:00
03af12e930
- (djm) [configure.ac] Turn on -g for gcc compilers. Helps pre-installation
...
debugging. ok dtucker@
2012-12-03 11:55:53 +11:00
77eab7b024
- (djm) [configure.ac] Recursively expand $(bindir) to ensure it has no
...
unexpanded $(prefix) embedded. bz#2007 patch from nix-corp AT
esperi.org.uk; ok dtucker@
2012-07-06 11:49:28 +10:00
34f702ae64
- (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for
...
platforms that don't have it. "looks good" tim@
2012-07-04 08:50:09 +10:00
d545a4b974
- (dtucker) [configure.ac sandbox-rlimit.c] Test whether or not
...
setrlimit(RLIMIT_FSIZE, rl_zero) and skip it if it's not supported. Its
benefit is minor, so it's not worth disabling the sandbox if it doesn't
work.
2012-07-03 22:48:31 +10:00
60395f91c6
- (dtucker) [configure.ac] Detect platforms that can't use select(2) with
...
setrlimit(RLIMIT_NOFILE, rl_zero) and disable the rlimit sandbox on those.
2012-07-03 14:31:18 +10:00
593538911a
- (dtucker) [configure.ac contrib/Makefile] bz#1996: use AC_PATH_TOOL to find
...
pkg-config so it does the right thing when cross-compiling. Patch from
cjwatson at debian org.
2012-05-19 15:24:37 +10:00
d0494fdb29
- (dtucker) [configure.ac] bz#2010: fix non-portable shell construct. Patch
...
from cjwatson at debian org.
2012-05-19 14:25:39 +10:00
e1a3ddf992
- (dtucker) [configure.ac] Include <sys/param.h> rather than <sys/types.h>
...
to fix building on some plaforms. Fom bowman at math utah edu and
des at des no.
2012-05-04 11:05:45 +10:00
398c0ffe0e
- (djm) [configure.ac] Fix compilation error on FreeBSD, whose libutil
...
contains openpty() but not login()
2012-04-19 21:46:35 +10:00
e0956e3834
- (djm) [Makefile.in configure.ac sandbox-seccomp-filter.c] Add sandbox
...
mode for Linux's new seccomp filter; patch from Will Drewry; feedback
and ok dtucker@
2012-04-04 11:27:54 +10:00
93a2d41505
- (dtucker) [audit-bsm.c configure.ac] bug #1968 : enable workarounds for BSM
...
audit breakage in Solaris 11. Patch from Magnus Johansson.
2012-02-24 10:40:41 +11:00
e9b3ad73ba
- (dtucker) [configure.ac mac.c openbsd-compat/openssl-compat.h] Add
...
null implementation of HMAC_CTX_init for the benefit of old versions
of OpenSSL that don't have it.
2012-01-17 14:03:34 +11:00
4a725ef6a5
- (dtucker) [configure.ac] Set _FORTIFY_SOURCE. ok djm@
2011-11-21 16:38:48 +11:00
aa3cbd1b5b
- (dtucker) [INSTALL LICENCE configure.ac openbsd-compat/Makefile.in
...
openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/getrrsetbyname.c]
bz 1320: Add optional support for LDNS, a BSD licensed DNS resolver library
which supports DNSSEC. Patch from Simon Vallet (svallet at genoscope cns fr)
with some rework from myself and djm. ok djm.
2011-11-04 11:25:24 +11:00
b0b29cc0c5
remove SELECT_REQUIRED_FDS added erroneously with strnlen. spotted by tim
2011-10-02 18:49:24 +11:00
b54f50e5d0
- (dtucker) [configure.ac openbsd-compat/Makefile.in
...
openbsd-compat/strnlen.c] Add strnlen to the compat library.
2011-09-29 23:17:18 +10:00
5ffe1c4b43
- (djm) [configure.ac defines.h] No need to detect sizeof(char); patch
...
from des AT des.no
2011-09-29 11:11:51 +10:00
a6e60616be
- (tim) [configure.ac] Typo in error message spotted by Andy Tsouladze
2011-08-17 21:48:22 -07:00
1a91c0f163
- (djm) [configure.ac] error out if the host lacks the necessary bits for
...
an explicitly requested sandbox type
2011-08-17 11:59:25 +10:00
cd5e52ee78
- (djm) [configure.ac Makefile.in sandbox-darwin.c] Add a sandbox for
...
Darwin/OS X using sandbox_init() + setrlimit(); feedback and testing
markus@
2011-06-27 07:18:18 +10:00
69ff1df952
- djm@cvs.openbsd.org 2011/06/22 21:57:01
...
[servconf.c servconf.h sshd.c sshd_config.5 sandbox-rlimit.c]
[sandbox-systrace.c sandbox.h configure.ac Makefile.in]
introduce sandboxing of the pre-auth privsep child using systrace(4).
This introduces a new "UsePrivilegeSeparation=sandbox" option for
sshd_config that applies mandatory restrictions on the syscalls the
privsep child can perform. This prevents a compromised privsep child
from being used to attack other hosts (by opening sockets and proxying)
or probing local kernel attack surface.
The sandbox is implemented using systrace(4) in unsupervised "fast-path"
mode, where a list of permitted syscalls is supplied. Any syscall not
on the list results in SIGKILL being sent to the privsep child. Note
that this requires a kernel with the new SYSTR_POLICY_KILL option.
UsePrivilegeSeparation=sandbox will become the default in the future
so please start testing it now.
feedback dtucker@; ok markus@
2011-06-23 08:30:03 +10:00
c09182f613
- (djm) [configure.ac] enable setproctitle emulation for OS X
2011-06-03 12:11:38 +10:00
90f42b0705
- (tim) [configure.ac defines.h] Run test program to detect system mail
...
directory. Add --with-maildir option to override. Fixed OpenServer 6
getting it wrong. Fixed many systems having MAIL=/var/mail//username
ok dtucker
2011-06-02 18:17:49 -07:00
b176362d26
- (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-options
...
options, we should corresponding -W-option when trying to determine
whether it is accepted. Also includes a warning fix on the program
fragment uses (bad main() return type).
bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@
2011-05-20 11:45:25 +10:00
19d8181b86
- (tim) [configure.ac] Add AC_LANG_SOURCE to OPENSSH_CHECK_CFLAG_COMPILE
...
so autoreconf 2.68 is happy.
2011-05-04 21:44:25 -07:00
f22019bdbf
- (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac]
...
[entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c]
[ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c]
[ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh]
[regress/README.regress] Remove ssh-rand-helper and all its
tentacles. PRNGd seeding has been rolled into entropy.c directly.
Thanks to tim@ for testing on affected platforms.
2011-05-05 13:48:37 +10:00
648f876566
20110127
...
- (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete
AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with
AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white
space changes for consistency/readability. Makes autoconf 2.68 happy.
"Nice work" djm
2011-01-26 12:38:57 -08:00
71adf127e8
- (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c
...
openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
port-linux.c to avoid compilation errors. Add -lselinux to ssh when
building with SELinux support to avoid linking failure; report from
amk AT spamfence.net; ok dtucker
2011-01-25 12:16:15 +11:00
79241377df
- (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add
...
RSA_get_default_method() for the benefit of openssl versions that don't
have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott,
ok djm@.
2011-01-22 09:37:01 +11:00
e323ebc250
- (djm) [configure.ac] Disable ECC on OpenSSL <0.9.8g. Releases prior to
...
0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre-
release testing (random crashes and failure to load ECC keys).
ok dtucker@
2011-01-19 23:12:27 +11:00
ea52a82969
- (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c audit.h
...
configure.ac defines.h loginrec.c] Bug #1402 : add linux audit subsystem
support, based on patches from Tomas Mraz and jchadima at redhat.
2011-01-17 21:15:27 +11:00
58497780ab
- (djm) [configure.ac regress/agent-getpeereid.sh regress/multiplex.sh]
...
[regress/sftp-glob.sh regress/test-exec.sh] Rework how feature tests are
disabled on platforms that do not support them; add a "config_defined()"
shell function that greps for defines in config.h and use them to decide
on feature tests.
Convert a couple of existing grep's over config.h to use the new function
Add a define "FILESYSTEM_NO_BACKSLASH" for filesystem that can't represent
backslash characters in filenames, enable it for Cygwin and use it to turn
of tests for quotes backslashes in sftp-glob.sh.
based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@
2011-01-17 16:17:09 +11:00
50c61f88ab
- (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based
...
on configurations that don't have it.
2011-01-16 18:28:09 +11:00
9b87a5ce3c
- (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating
...
ecdsa keys. ok djm.
2011-01-12 22:35:43 -08:00
134d02a494
- (djm) [configure.ac] Fix broken test for gcc >= 4.4 with per-compiler
...
flag tests that don't depend on gcc version at all; suggested by and
ok dtucker@
2011-01-12 16:00:37 +11:00
945aa0c744
- (djm) [configure.ac] Turn on -Wno-unused-result for gcc >= 4.4 to avoid
...
silly warnings on write() calls we don't care succeed or not.
2011-01-12 13:34:02 +11:00
30a69e7bba
- (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage
...
formatter if it is present, followed by nroff and groff respectively.
Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports
in favour of mandoc). feedback and ok tim
2011-01-04 08:16:27 +11:00
41bccf75af
- (djm) [configure.ac] Check whether libdes is needed when building
...
with Heimdal krb5 support. On OpenBSD this library no longer exists,
so linking it unconditionally causes a build failure; ok dtucker
2011-01-02 21:53:07 +11:00
ebdef76b5d
- (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add
...
shims for the new, non-deprecated OpenSSL key generation functions for
platforms that don't have the new interfaces.
2010-12-04 23:20:50 +11:00
c7a8af03a0
- (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] Add
...
support for platforms missing isblank(). ok djm@
2010-11-08 14:26:23 -08:00
eab5f0df90
- (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh]
...
Import recent changes to regress/Makefile, pass a flag to enable ECC tests
from configure through to regress/Makefile and use it in the tests.
2010-11-05 18:23:38 +11:00
97528353c2
- (dtucker) [configure.ac platform.{c,h} session.c
...
openbsd-compat/port-solaris.{c,h}] Bug #1824 : Add Solaris Project support.
Patch from cory.erickson at csu mnscu edu with a bit of rework from me.
ok djm@
2010-11-05 12:03:05 +11:00
1f78980099
- (djm) [configure.ac] Use = instead of == in shell tests. Patch from
...
dr AT vasco.com
2010-10-11 22:35:22 +11:00
a6e121aaa0
- djm@cvs.openbsd.org 2010/09/25 09:30:16
...
[sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h]
make use of new glob(3) GLOB_KEEPSTAT extension to save extra server
rountrips to fetch per-file stat(2) information.
NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to
match.
2010-10-07 21:39:17 +11:00
aa18063baf
- matthew@cvs.openbsd.org 2010/09/24 13:33:00
...
[misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h]
[openbsd-compat/timingsafe_bcmp.c]
Add timingsafe_bcmp(3) to libc, mention that it's already in the
kernel in kern(9), and remove it from OpenSSH.
ok deraadt@, djm@
NB. re-added under openbsd-compat/ for portable OpenSSH
2010-10-07 21:25:27 +11:00
6af914a15c
- (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c]
...
[kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c]
[ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on
platforms that don't have the requisite OpenSSL support. ok dtucker@
2010-09-10 11:39:26 +10:00
aa74f6754a
- (dtucker) [configure.ac openbsd-compat/Makefile.in
...
openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to
the compat library which helps on platforms like old IRIX. Based on work
by djm, tested by Tom Christensen.
2010-08-16 13:15:23 +10:00
9f8703b573
- (dtucker) [configure.ac] Bug #1756 : Check for the existence of a lib64 dir
...
in the openssl install directory (some newer openssl versions do this on at
least some amd64 platforms).
2010-04-23 11:12:06 +10:00
627337d95b
- (dtucker) [configure.ac] Put the check for the existence of getaddrinfo
...
back so we disable the IPv6 tests if we don't have it.
2010-04-10 22:58:01 +10:00
261d93a5cf
- (dtucker) [configure.ac defines.h loginrec.c logintest.c] Bug #1732 : enable
...
utmpx support on FreeBSD where possible. Patch from Ed Schouten, ok djm@
2010-04-09 18:13:27 +10:00
c4ccb12ee4
- (dtucker) [configure.ac] Bug #1744 : use pkg-config for libedit flags if we
...
have it and the path is not provided to --with-libedit. Based on a patch
from Iain Morgan.
2010-04-09 14:04:35 +10:00
a83d90fbab
- (dtucker) [configure.ac] Bug #1741 : Add section for Haiku, patch originally
...
by Ingo Weinhold via Scott McCreary, ok djm@
2010-03-26 10:27:33 +11:00
c9fe39b1a4
- (dtucker) [configure.ac] Use a proper AC_CHECK_DECL for BROKEN_GETADDRINFO
...
so setting it in CFLAGS correctly skips IPv6 tests.
2010-03-09 20:42:30 +11:00
9527f228ae
- (djm) [configure.ac] set -fno-strict-aliasing for gcc4; ok dtucker@
2010-03-05 15:04:35 +11:00
b3c9f78711
- (djm) [configure.ac] Enable PKCS#11 support only when we find a working
...
dlopen()
2010-02-12 10:11:34 +11:00
d8f6002272
- (djm) [INSTALL Makefile.in README.smartcard configure.ac scard-opensc.c]
...
[scard.c scard.h pkcs11.h scard/Makefile.in scard/Ssh.bin.uu scard/Ssh.java]
Remove obsolete smartcard support
2010-02-12 09:34:22 +11:00
Darren Tucker
djm@openbsd.org
Damien Miller
Tim Rice